Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies;
false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and
the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties,
implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided
is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever
arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
Scan Information (
show all ):
dependency-check version : 7.1.2Report Generated On : Sat, 18 May 2024 11:29:25 GMTDependencies Scanned : 211 (173 unique)Vulnerable Dependencies : 51 Vulnerabilities Found : 75Vulnerabilities Suppressed : 0... NVD CVE Checked : 2024-05-18T11:26:44NVD CVE Modified : 2024-05-18T10:00:03VersionCheckOn : 2024-05-03T11:28:22Summary Display:
Showing Vulnerable Dependencies (click to show all) Dependencies Description:
Open Source implementation of the Fast Infoset Standard for Binary XML (http://www.itu.int/ITU-T/asn1/). License:
http://www.opensource.org/licenses/apache2.0.php File Path: /home/grprdist/.m2/repository/com/sun/xml/fastinfoset/FastInfoset/1.2.15/FastInfoset-1.2.15.jar
MD5: 57f3894ad7e069ae740b277d92d10fa0
SHA1: bb7b7ec0379982b97c62cd17465cb6d9155f68e8
SHA256: 785861db11ca1bd0d1956682b974ad73eb19cd3e01a4b3fa82d62eca97210aec
Referenced In Projects/Scopes: Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name FastInfoset High Vendor jar package name fastinfoset Highest Vendor jar package name sun Highest Vendor jar package name xml Highest Vendor jar (hint) package name oracle Highest Vendor Manifest bundle-docurl http://www.oracle.com Low Vendor Manifest bundle-symbolicname com.sun.xml.fastinfoset.FastInfoset Medium Vendor Manifest extension-name com.sun.xml.fastinfoset Medium Vendor Manifest implementation-build-id ${scmBranch}-${buildNumber}, ${timestamp} Low Vendor Manifest implementation-url http://fi.java.net Low Vendor Manifest Implementation-Vendor Oracle High Vendor Manifest Implementation-Vendor-Id com.oracle Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=9.0))" Low Vendor Manifest url http://fi.java.net Low Vendor Manifest (hint) Implementation-Vendor sun High Vendor pom artifactid FastInfoset Highest Vendor pom artifactid FastInfoset Low Vendor pom groupid com.sun.xml.fastinfoset Highest Vendor pom name fastinfoset High Vendor pom parent-artifactid fastinfoset-project Low Vendor pom url http://fi.java.net Highest Product file name FastInfoset High Product jar package name fastinfoset Highest Product jar package name sun Highest Product jar package name xml Highest Product Manifest bundle-docurl http://www.oracle.com Low Product Manifest Bundle-Name fastinfoset Medium Product Manifest bundle-symbolicname com.sun.xml.fastinfoset.FastInfoset Medium Product Manifest extension-name com.sun.xml.fastinfoset Medium Product Manifest implementation-build-id ${scmBranch}-${buildNumber}, ${timestamp} Low Product Manifest Implementation-Title Fast Infoset Implementation High Product Manifest implementation-url http://fi.java.net Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=9.0))" Low Product Manifest specification-title ITU-T Rec. X.891 | ISO/IEC 24824-1 (Fast Infoset) Medium Product Manifest url http://fi.java.net Low Product pom artifactid FastInfoset Highest Product pom groupid com.sun.xml.fastinfoset Highest Product pom name fastinfoset High Product pom parent-artifactid fastinfoset-project Medium Product pom url http://fi.java.net Medium Version file version 1.2.15 High Version Manifest Bundle-Version 1.2.15 High Version Manifest Implementation-Version 1.2.15 High Version pom version 1.2.15 Highest
Description:
Java reflect give poor performance on getter setter an constructor calls, accessors-smart use ASM to speed up those calls. License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/net/minidev/accessors-smart/2.4.11/accessors-smart-2.4.11.jar
MD5: 80590f80d4ddf575548ff83c7235297c
SHA1: 245ceca7bdf3190fbb977045c852d5f3c8efece1
SHA256: 2ea7ac03b1b7796d9ec59fcfa271b66ff50cd8019b8c1c997f5883bc30f5a492
Referenced In Projects/Scopes: Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name accessors-smart High Vendor jar package name asm Highest Vendor jar package name minidev Highest Vendor jar package name net Highest Vendor Manifest bundle-docurl https://urielch.github.io/ Low Vendor Manifest bundle-symbolicname net.minidev.accessors-smart Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor pom artifactid accessors-smart Highest Vendor pom artifactid accessors-smart Low Vendor pom developer email shoothzj@gmail.com Low Vendor pom developer email uchemouni@gmail.com Low Vendor pom developer id Shoothzj Medium Vendor pom developer id uriel Medium Vendor pom developer name Uriel Chemouni Medium Vendor pom developer name ZhangJian He Medium Vendor pom groupid net.minidev Highest Vendor pom name ASM based accessors helper used by json-smart High Vendor pom organization name Chemouni Uriel High Vendor pom organization url https://urielch.github.io/ Medium Vendor pom url https://urielch.github.io/ Highest Product file name accessors-smart High Product jar package name asm Highest Product jar package name minidev Highest Product jar package name net Highest Product Manifest bundle-docurl https://urielch.github.io/ Low Product Manifest Bundle-Name accessors-smart Medium Product Manifest bundle-symbolicname net.minidev.accessors-smart Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product pom artifactid accessors-smart Highest Product pom developer email shoothzj@gmail.com Low Product pom developer email uchemouni@gmail.com Low Product pom developer id Shoothzj Low Product pom developer id uriel Low Product pom developer name Uriel Chemouni Low Product pom developer name ZhangJian He Low Product pom groupid net.minidev Highest Product pom name ASM based accessors helper used by json-smart High Product pom organization name Chemouni Uriel Low Product pom organization url https://urielch.github.io/ Low Product pom url https://urielch.github.io/ Medium Version file version 2.4.11 High Version Manifest Bundle-Version 2.4.11 High Version pom version 2.4.11 Highest
pkg:maven/net.minidev/accessors-smart@2.4.11 (Confidence :High)cpe:2.3:a:json-smart_project:json-smart:2.4.11:*:*:*:*:*:*:* (Confidence :Low) suppress cpe:2.3:a:json-smart_project:json-smart-v2:2.4.11:*:*:*:*:*:*:* (Confidence :Low) suppress Description:
The JavaBeans(TM) Activation Framework is used by the JavaMail(TM) API to manage MIME data License:
COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0: https://glassfish.dev.java.net/public/CDDLv1.0.html File Path: /home/grprdist/.m2/repository/javax/activation/activation/1.1.1/activation-1.1.1.jar
MD5: 46a37512971d8eca81c3fcf245bf07d2
SHA1: 485de3a253e23f645037828c07f1d7f1af40763a
SHA256: ae475120e9fcd99b4b00b38329bd61cdc5eb754eee03fe66c01f50e137724f99
Referenced In Projects/Scopes: Grouper SCIM:compile Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name activation High Vendor jar package name activation Highest Vendor jar package name javax Highest Vendor jar package name sun Highest Vendor jar (hint) package name oracle Highest Vendor Manifest extension-name javax.activation Medium Vendor Manifest Implementation-Vendor Sun Microsystems, Inc. High Vendor Manifest Implementation-Vendor-Id com.sun Medium Vendor Manifest specification-vendor Sun Microsystems, Inc. Low Vendor pom artifactid activation Highest Vendor pom artifactid activation Low Vendor pom groupid javax.activation Highest Vendor pom name JavaBeans(TM) Activation Framework High Vendor pom url http://java.sun.com/javase/technologies/desktop/javabeans/jaf/index.jsp Highest Product file name activation High Product jar package name activation Highest Product jar package name javax Highest Product Manifest extension-name javax.activation Medium Product Manifest specification-title JavaBeans(TM) Activation Framework Specification Medium Product pom artifactid activation Highest Product pom groupid javax.activation Highest Product pom name JavaBeans(TM) Activation Framework High Product pom url http://java.sun.com/javase/technologies/desktop/javabeans/jaf/index.jsp Medium Version file version 1.1.1 High Version Manifest Implementation-Version 1.1.1 High Version pom version 1.1.1 Highest
Description:
The RabbitMQ Java client library allows Java applications to interface with RabbitMQ. License:
AL 2.0: https://www.apache.org/licenses/LICENSE-2.0.html
GPL v2: https://www.gnu.org/licenses/gpl-2.0.txt
MPL 2.0: https://www.mozilla.org/en-US/MPL/2.0/ File Path: /home/grprdist/.m2/repository/com/rabbitmq/amqp-client/5.20.0/amqp-client-5.20.0.jar
MD5: c03b89b9df5ce7c5a43090ce6146a04c
SHA1: e8b2cbfe10d9cdcdc29961943b1c6c40f42e2f32
SHA256: 420e085cad65b0b4889def4a5704ae7dfe467b1bedb9fee709b17c154207843b
Referenced In Projects/Scopes: Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name amqp-client High Vendor jar package name amqp Highest Vendor jar package name client Highest Vendor jar package name rabbitmq Highest Vendor Manifest automatic-module-name com.rabbitmq.client Medium Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://www.rabbitmq.com Low Vendor Manifest bundle-symbolicname com.rabbitmq.client Medium Vendor Manifest implementation-url https://www.rabbitmq.com Low Vendor Manifest Implementation-Vendor VMware, Inc. or its affiliates. High Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor Manifest specification-vendor AMQP Working Group (www.amqp.org) Low Vendor pom artifactid amqp-client Highest Vendor pom artifactid amqp-client Low Vendor pom developer email info@rabbitmq.com Low Vendor pom developer name Team RabbitMQ Medium Vendor pom developer org VMware, Inc. or its affiliates. Medium Vendor pom developer org URL https://rabbitmq.com Medium Vendor pom groupid com.rabbitmq Highest Vendor pom name RabbitMQ Java Client High Vendor pom organization name VMware, Inc. or its affiliates. High Vendor pom organization url https://www.rabbitmq.com Medium Vendor pom url https://www.rabbitmq.com Highest Product file name amqp-client High Product jar package name amqp Highest Product jar package name client Highest Product jar package name rabbitmq Highest Product jar package name version Highest Product Manifest automatic-module-name com.rabbitmq.client Medium Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://www.rabbitmq.com Low Product Manifest Bundle-Name RabbitMQ Java Client Medium Product Manifest bundle-symbolicname com.rabbitmq.client Medium Product Manifest Implementation-Title RabbitMQ Java Client High Product Manifest implementation-url https://www.rabbitmq.com Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product Manifest specification-title AMQP Medium Product pom artifactid amqp-client Highest Product pom developer email info@rabbitmq.com Low Product pom developer name Team RabbitMQ Low Product pom developer org VMware, Inc. or its affiliates. Low Product pom developer org URL https://rabbitmq.com Low Product pom groupid com.rabbitmq Highest Product pom name RabbitMQ Java Client High Product pom organization name VMware, Inc. or its affiliates. Low Product pom organization url https://www.rabbitmq.com Low Product pom url https://www.rabbitmq.com Medium Version file version 5.20.0 High Version Manifest Bundle-Version 5.20.0 High Version Manifest Implementation-Version 5.20.0 High Version pom version 5.20.0 Highest
File Path: /home/grprdist/.m2/repository/org/codehaus/mojo/animal-sniffer-annotations/1.9/animal-sniffer-annotations-1.9.jarMD5: 41f47a4c81b5a9f76bc7f12af69e4fbeSHA1: c29299253a087898aaff7f4eac57effa46b1910aSHA256: cd96feeb47f34b2559704715db7b179a03a3721f9dc4092c345c718e29b42de4Referenced In Projects/Scopes:
Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name animal-sniffer-annotations High Vendor jar package name animal_sniffer Low Vendor jar package name codehaus Highest Vendor jar package name codehaus Low Vendor jar package name mojo Highest Vendor jar package name mojo Low Vendor pom artifactid animal-sniffer-annotations Highest Vendor pom artifactid animal-sniffer-annotations Low Vendor pom groupid org.codehaus.mojo Highest Vendor pom name Animal Sniffer Annotations High Vendor pom parent-artifactid animal-sniffer-parent Low Product file name animal-sniffer-annotations High Product jar package name animal_sniffer Low Product jar package name codehaus Highest Product jar package name ignorejrerequirement Low Product jar package name mojo Highest Product jar package name mojo Low Product pom artifactid animal-sniffer-annotations Highest Product pom groupid org.codehaus.mojo Highest Product pom name Animal Sniffer Annotations High Product pom parent-artifactid animal-sniffer-parent Medium Version file version 1.9 High Version pom version 1.9 Highest
File Path: /home/grprdist/.m2/repository/org/apache/ant/ant/1.10.12/ant-1.10.12.jarMD5: f5b97fb267862b35d1eb398defe1831aSHA1: be08c4f63e92e03bac761404cf77bc270928b6c5SHA256: 5c6a438c3ebe7a306eba452b09fa307b0e60314926177920bca896c4a504eaf6Referenced In Projects/Scopes:
Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name ant High Vendor jar package name ant Highest Vendor jar package name apache Highest Vendor manifest: org/apache/tools/ant/ Implementation-Vendor Apache Software Foundation Medium Vendor pom artifactid ant Highest Vendor pom artifactid ant Low Vendor pom groupid org.apache.ant Highest Vendor pom name Apache Ant Core High Vendor pom parent-artifactid ant-parent Low Vendor pom url https://ant.apache.org/ Highest Product file name ant High Product jar package name ant Highest Product jar package name apache Highest Product jar package name tools Highest Product manifest: org/apache/tools/ant/ Implementation-Title org.apache.tools.ant Medium Product manifest: org/apache/tools/ant/ Specification-Title Apache Ant Medium Product pom artifactid ant Highest Product pom groupid org.apache.ant Highest Product pom name Apache Ant Core High Product pom parent-artifactid ant-parent Medium Product pom url https://ant.apache.org/ Medium Version file version 1.10.12 High Version manifest: org/apache/tools/ant/ Implementation-Version 1.10.12 Medium Version pom version 1.10.12 Highest
Related Dependencies ant-launcher-1.10.12.jarFile Path: /home/grprdist/.m2/repository/org/apache/ant/ant-launcher/1.10.12/ant-launcher-1.10.12.jar MD5: 709ed15ea16a95903e7b3e8be130fa1e SHA1: e090b4f9d3ecf45491cc16e759f1e843a1a224c0 SHA256: 42a7ca7e7bb777fe7ee75a5ed4cc529c766bc43486367fdaad0ab4a32ee9c249 pkg:maven/org.apache.ant/ant-launcher@1.10.12 Description:
A framework for constructing recognizers, compilers,
and translators from grammatical descriptions containing
Java, C#, C++, or Python actions.
License:
BSD License: http://www.antlr.org/license.html File Path: /home/grprdist/.m2/repository/antlr/antlr/2.7.7/antlr-2.7.7.jar
MD5: f8f1352c52a4c6a500b597596501fc64
SHA1: 83cd2cd674a217ade95a4bb83a8a14f351f48bd0
SHA256: 88fbda4b912596b9f56e8e12e580cc954bacfb51776ecfddd3e18fc1cf56dc4c
Referenced In Projects/Scopes: Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name antlr High Vendor jar package name actions Highest Vendor jar package name antlr Highest Vendor jar package name antlr Low Vendor jar package name java Highest Vendor jar package name parser Highest Vendor jar package name python Highest Vendor pom artifactid antlr Highest Vendor pom artifactid antlr Low Vendor pom groupid antlr Highest Vendor pom name AntLR Parser Generator High Vendor pom url http://www.antlr.org/ Highest Product file name antlr High Product jar package name actions Highest Product jar package name antlr Highest Product jar package name java Highest Product jar package name parser Highest Product jar package name python Highest Product pom artifactid antlr Highest Product pom groupid antlr Highest Product pom name AntLR Parser Generator High Product pom url http://www.antlr.org/ Medium Version file version 2.7.7 High Version pom version 2.7.7 Highest
Description:
Dependency Injection Kernel License:
http://www.eclipse.org/legal/epl-2.0, https://www.gnu.org/software/classpath/license.html File Path: /home/grprdist/.m2/repository/org/glassfish/hk2/external/aopalliance-repackaged/2.6.1/aopalliance-repackaged-2.6.1.jar
MD5: 0237846ebdaa7db36b356044a373ffba
SHA1: b2eb0a83bcbb44cc5d25f8b18f23be116313a638
SHA256: bad77f9278d753406360af9e4747bd9b3161554ea9cd3d62411a0ae1f2c141fd
Referenced In Projects/Scopes: Grouper WS Test:compile Grouper WS:compile Evidence Type Source Name Value Confidence Vendor file name aopalliance-repackaged High Vendor jar package name aopalliance Highest Vendor Manifest bundle-docurl http://www.oracle.com Low Vendor Manifest bundle-symbolicname org.glassfish.hk2.external.aopalliance-repackaged Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor pom artifactid aopalliance-repackaged Highest Vendor pom artifactid aopalliance-repackaged Low Vendor pom groupid org.glassfish.hk2.external Highest Vendor pom name aopalliance version ${aopalliance.version} repackaged as a module High Vendor pom parent-artifactid external Low Vendor pom parent-groupid org.glassfish.hk2 Medium Product file name aopalliance-repackaged High Product jar package name aopalliance Highest Product Manifest bundle-docurl http://www.oracle.com Low Product Manifest Bundle-Name aopalliance version 1.0 repackaged as a module Medium Product Manifest bundle-symbolicname org.glassfish.hk2.external.aopalliance-repackaged Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product pom artifactid aopalliance-repackaged Highest Product pom groupid org.glassfish.hk2.external Highest Product pom name aopalliance version ${aopalliance.version} repackaged as a module High Product pom parent-artifactid external Medium Product pom parent-groupid org.glassfish.hk2 Medium Version file version 2.6.1 High Version Manifest Bundle-Version 2.6.1 High Version pom version 2.6.1 Highest
Description:
ASM, a very small and fast Java bytecode manipulation framework License:
BSD: http://asm.ow2.org/license.html File Path: /home/grprdist/.m2/repository/org/ow2/asm/asm/7.1/asm-7.1.jar
MD5: 04fc92647ce25b41121683674a50dfdf
SHA1: fa29aa438674ff19d5e1386d2c3527a0267f291e
SHA256: 4ab2fa2b6d2cc9ccb1eaa05ea329c407b47b13ed2915f62f8c4b8cc96258d4de
Referenced In Projects/Scopes: Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name asm High Vendor jar package name asm Highest Vendor jar package name objectweb Highest Vendor Manifest bundle-docurl http://asm.ow2.org Low Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor Manifest bundle-symbolicname org.objectweb.asm Medium Vendor pom artifactid asm Highest Vendor pom artifactid asm Low Vendor pom developer email ebruneton@free.fr Low Vendor pom developer email eu@javatx.org Low Vendor pom developer email forax@univ-mlv.fr Low Vendor pom developer id ebruneton Medium Vendor pom developer id eu Medium Vendor pom developer id forax Medium Vendor pom developer name Eric Bruneton Medium Vendor pom developer name Eugene Kuleshov Medium Vendor pom developer name Remi Forax Medium Vendor pom groupid org.ow2.asm Highest Vendor pom name asm High Vendor pom organization name OW2 High Vendor pom organization url http://www.ow2.org/ Medium Vendor pom parent-artifactid ow2 Low Vendor pom parent-groupid org.ow2 Medium Vendor pom url http://asm.ow2.org/ Highest Product file name asm High Product jar package name asm Highest Product jar package name objectweb Highest Product Manifest bundle-docurl http://asm.ow2.org Low Product Manifest Bundle-Name org.objectweb.asm Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product Manifest bundle-symbolicname org.objectweb.asm Medium Product Manifest Implementation-Title ASM, a very small and fast Java bytecode manipulation framework High Product pom artifactid asm Highest Product pom developer email ebruneton@free.fr Low Product pom developer email eu@javatx.org Low Product pom developer email forax@univ-mlv.fr Low Product pom developer id ebruneton Low Product pom developer id eu Low Product pom developer id forax Low Product pom developer name Eric Bruneton Low Product pom developer name Eugene Kuleshov Low Product pom developer name Remi Forax Low Product pom groupid org.ow2.asm Highest Product pom name asm High Product pom organization name OW2 Low Product pom organization url http://www.ow2.org/ Low Product pom parent-artifactid ow2 Medium Product pom parent-groupid org.ow2 Medium Product pom url http://asm.ow2.org/ Medium Version file version 7.1 High Version Manifest Implementation-Version 7.1 High Version pom parent-version 7.1 Low Version pom version 7.1 Highest
Description:
The AWS SDK for Java - Core module holds the classes that are used by the individual service clients to interact with Amazon Web Services. Users need to depend on aws-java-sdk artifact for accessing individual client classes. File Path: /home/grprdist/.m2/repository/com/amazonaws/aws-java-sdk-core/1.12.267/aws-java-sdk-core-1.12.267.jarMD5: e6f847980566ec95e838933ab1609c69SHA1: 2562b87f3af418751c2d0bcbe4209dbefa263484SHA256: 0f06b44909ff2d30b2a61229839e3619fe2ac7bc4c5f52536299a8cc8a1ffd51Referenced In Projects/Scopes:
Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name aws-java-sdk-core High Vendor jar package name amazonaws Highest Vendor jar package name amazonaws Low Vendor jar package name classes Highest Vendor jar package name service Highest Vendor pom artifactid aws-java-sdk-core Highest Vendor pom artifactid aws-java-sdk-core Low Vendor pom groupid com.amazonaws Highest Vendor pom name AWS SDK for Java - Core High Vendor pom parent-artifactid aws-java-sdk-pom Low Vendor pom url https://aws.amazon.com/sdkforjava Highest Product file name aws-java-sdk-core High Product jar package name amazonaws Highest Product jar package name classes Highest Product jar package name service Highest Product pom artifactid aws-java-sdk-core Highest Product pom groupid com.amazonaws Highest Product pom name AWS SDK for Java - Core High Product pom parent-artifactid aws-java-sdk-pom Medium Product pom url https://aws.amazon.com/sdkforjava Medium Version file version 1.12.267 High Version pom version 1.12.267 Highest
Related Dependencies aws-java-sdk-kms-1.12.267.jarFile Path: /home/grprdist/.m2/repository/com/amazonaws/aws-java-sdk-kms/1.12.267/aws-java-sdk-kms-1.12.267.jar MD5: 3bf011570a41c049b8d4a44a8e5acd7e SHA1: 9a455e0b78a09ead7bcdc5f78d5d1cf7a46033cb SHA256: c940996cc7c59ce4de9a7b2512f5d02d60b1f0534dd44a1473efa97560d43c3c pkg:maven/com.amazonaws/aws-java-sdk-kms@1.12.267 aws-java-sdk-s3-1.12.267.jarFile Path: /home/grprdist/.m2/repository/com/amazonaws/aws-java-sdk-s3/1.12.267/aws-java-sdk-s3-1.12.267.jar MD5: 749c01430f199169fdbcc55452ac1cd3 SHA1: 50da19ab860e1c674d1ac0dacbfbd36028c4c5f2 SHA256: bc93d6a5b6d118ddccdd7e81417a334ded1ccd8b293d986b15e6ce55ebeb9f2a pkg:maven/com.amazonaws/aws-java-sdk-s3@1.12.267 aws-java-sdk-sns-1.12.267.jarFile Path: /home/grprdist/.m2/repository/com/amazonaws/aws-java-sdk-sns/1.12.267/aws-java-sdk-sns-1.12.267.jar MD5: 5796d324fc5cd6557733951151f544c8 SHA1: 7a821b706ec981b27f593c69a11595f50f63e3a8 SHA256: 50524010b41b9dba6390a94b5293f740ed021a5f687f460d9f76201f7e14120e pkg:maven/com.amazonaws/aws-java-sdk-sns@1.12.267 aws-java-sdk-sqs-1.12.267.jarFile Path: /home/grprdist/.m2/repository/com/amazonaws/aws-java-sdk-sqs/1.12.267/aws-java-sdk-sqs-1.12.267.jar MD5: 8eadeaf9be30a520e95aaf6fb50fbc93 SHA1: 2467b659958c99f6823780ad8bc50501db14afe6 SHA256: 7e2f34911635da698b27b95e353a6b40127aa3892e80a7e4a5beb671354de61a pkg:maven/com.amazonaws/aws-java-sdk-sqs@1.12.267 Description:
The Axiom API License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/org/apache/ws/commons/axiom/axiom-api/1.2.11/axiom-api-1.2.11.jar
MD5: d94103a1ad757d694e01cdbe93e579b6
SHA1: b24f205af38900582b397e3a808d5e249c828e87
SHA256: 5b43bb2e100961229730c69217aac08f772e53eef8275e71c9d77976285d621d
Referenced In Project/Scope: Grouper SCIM:compile
Evidence Type Source Name Value Confidence Vendor file name axiom-api High Vendor hint analyzer vendor web services Medium Vendor jar package name apache Highest Vendor jar package name axiom Highest Vendor Manifest bundle-docurl http://www.apache.org/ Low Vendor Manifest bundle-symbolicname org.apache.ws.commons.axiom.axiom-api Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache.ws.commons.axiom Medium Vendor Manifest service-component OSGI-INF/serviceComponents.xml Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid axiom-api Highest Vendor pom artifactid axiom-api Low Vendor pom groupid org.apache.ws.commons.axiom Highest Vendor pom name Axiom API High Vendor pom parent-artifactid axiom-parent Low Vendor pom url http://ws.apache.org/axiom/ Highest Product file name axiom-api High Product hint analyzer product web services Medium Product jar package name apache Highest Product jar package name axiom Highest Product jar package name osgi Highest Product Manifest bundle-docurl http://www.apache.org/ Low Product Manifest Bundle-Name Axiom API Medium Product Manifest bundle-symbolicname org.apache.ws.commons.axiom.axiom-api Medium Product Manifest Implementation-Title Axiom API High Product Manifest service-component OSGI-INF/serviceComponents.xml Low Product Manifest specification-title Axiom API Medium Product pom artifactid axiom-api Highest Product pom groupid org.apache.ws.commons.axiom Highest Product pom name Axiom API High Product pom parent-artifactid axiom-parent Medium Product pom url http://ws.apache.org/axiom/ Medium Version file version 1.2.11 High Version Manifest Bundle-Version 1.2.11 High Version Manifest Implementation-Version 1.2.11 High Version pom version 1.2.11 Highest
Related Dependencies axiom-impl-1.2.11.jarFile Path: /home/grprdist/.m2/repository/org/apache/ws/commons/axiom/axiom-impl/1.2.11/axiom-impl-1.2.11.jar MD5: 2e7347710238627c9fa3a7a3455c132b SHA1: cc7172e28bf4fb4381459e492cc49f71a3d987ae SHA256: d4c2a52a28d189682d7882d9b809a0ee59fdabe04d36624152ae834c877e3b69 pkg:maven/org.apache.ws.commons.axiom/axiom-impl@1.2.11 CVE-2021-37533 suppress
Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711. CWE-20 Improper Input Validation
CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions:
Description:
Dawid Kurzyniec's backport of JSR 166 License:
Public Domain: http://creativecommons.org/licenses/publicdomain File Path: /home/grprdist/.m2/repository/backport-util-concurrent/backport-util-concurrent/3.1/backport-util-concurrent-3.1.jar
MD5: 748bb0cbf4780b2e3121dc9c12e10cd9
SHA1: 682f7ac17fed79e92f8e87d8455192b63376347b
SHA256: f5759b7fcdfc83a525a036deedcbd32e5b536b625ebc282426f16ca137eb5902
Referenced In Projects/Scopes: Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name backport-util-concurrent High Vendor jar package name backport Highest Vendor jar package name edu Low Vendor jar package name emory Low Vendor jar package name mathcs Low Vendor pom artifactid backport-util-concurrent Highest Vendor pom artifactid backport-util-concurrent Low Vendor pom groupid backport-util-concurrent Highest Vendor pom name Backport of JSR 166 High Vendor pom organization name Dawid Kurzyniec High Vendor pom organization url http://www.mathcs.emory.edu/~dawidk/ Medium Vendor pom url http://backport-jsr166.sourceforge.net/ Highest Product file name backport-util-concurrent High Product jar package name backport Highest Product jar package name backport Low Product jar package name emory Low Product jar package name mathcs Low Product pom artifactid backport-util-concurrent Highest Product pom groupid backport-util-concurrent Highest Product pom name Backport of JSR 166 High Product pom organization name Dawid Kurzyniec Low Product pom organization url http://www.mathcs.emory.edu/~dawidk/ Low Product pom url http://backport-jsr166.sourceforge.net/ Medium Version file version 3.1 High Version pom version 3.1 Highest
Description:
The Bouncy Castle Java APIs for CMS, PKCS, EAC, TSP, CMP, CRMF, OCSP, and certificate generation. This jar contains APIs for JDK 1.8 and up. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs. License:
Bouncy Castle Licence: https://www.bouncycastle.org/licence.html File Path: /home/grprdist/.m2/repository/org/bouncycastle/bcpkix-jdk18on/1.75/bcpkix-jdk18on-1.75.jar
MD5: d60df588d1be9e5b5bb82cff0ee92690
SHA1: 5adfef8a71a0933454739264b56283cc73dd2383
SHA256: 9e2c1db5a6ed29fbc36b438d39ca9feb901bb69bad0ce8d7bc735264bea79bd3
Referenced In Projects/Scopes: Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name bcpkix-jdk18on High Vendor jar package name bouncycastle Highest Vendor jar package name cmp Highest Vendor jar package name cms Highest Vendor jar package name crmf Highest Vendor jar package name eac Highest Vendor jar package name ocsp Highest Vendor jar package name pkcs Highest Vendor jar package name pkix Highest Vendor jar package name tsp Highest Vendor Manifest application-library-allowable-codebase * Low Vendor Manifest application-name Bouncy Castle PKIX API Medium Vendor Manifest automatic-module-name org.bouncycastle.pkix Medium Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor Manifest bundle-symbolicname bcpkix Medium Vendor Manifest caller-allowable-codebase * Low Vendor Manifest codebase * Low Vendor Manifest extension-name org.bouncycastle.bcpkix Medium Vendor Manifest Implementation-Vendor BouncyCastle.org High Vendor Manifest Implementation-Vendor-Id org.bouncycastle Medium Vendor Manifest multi-release true Low Vendor Manifest originally-created-by 25.362-b09 (Private Build) Low Vendor Manifest permissions all-permissions Low Vendor Manifest specification-vendor BouncyCastle.org Low Vendor Manifest trusted-library true Low Vendor pom artifactid bcpkix-jdk18on Highest Vendor pom artifactid bcpkix-jdk18on Low Vendor pom developer email feedback-crypto@bouncycastle.org Low Vendor pom developer id feedback-crypto Medium Vendor pom developer name The Legion of the Bouncy Castle Inc. Medium Vendor pom groupid org.bouncycastle Highest Vendor pom name Bouncy Castle PKIX, CMS, EAC, TSP, PKCS, OCSP, CMP, and CRMF APIs High Vendor pom url https://www.bouncycastle.org/java.html Highest Product file name bcpkix-jdk18on High Product jar package name bouncycastle Highest Product jar package name cmp Highest Product jar package name cms Highest Product jar package name crmf Highest Product jar package name eac Highest Product jar package name ocsp Highest Product jar package name pkcs Highest Product jar package name pkix Highest Product jar package name tsp Highest Product Manifest application-library-allowable-codebase * Low Product Manifest application-name Bouncy Castle PKIX API Medium Product Manifest automatic-module-name org.bouncycastle.pkix Medium Product Manifest Bundle-Name bcpkix Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product Manifest bundle-symbolicname bcpkix Medium Product Manifest caller-allowable-codebase * Low Product Manifest codebase * Low Product Manifest extension-name org.bouncycastle.bcpkix Medium Product Manifest multi-release true Low Product Manifest originally-created-by 25.362-b09 (Private Build) Low Product Manifest permissions all-permissions Low Product Manifest trusted-library true Low Product pom artifactid bcpkix-jdk18on Highest Product pom developer email feedback-crypto@bouncycastle.org Low Product pom developer id feedback-crypto Low Product pom developer name The Legion of the Bouncy Castle Inc. Low Product pom groupid org.bouncycastle Highest Product pom name Bouncy Castle PKIX, CMS, EAC, TSP, PKCS, OCSP, CMP, and CRMF APIs High Product pom url https://www.bouncycastle.org/java.html Medium Version file version 1.75 High Version Manifest Bundle-Version 1.75 High Version pom version 1.75 Highest
pkg:maven/org.bouncycastle/bcpkix-jdk18on@1.75 (Confidence :High)cpe:2.3:a:bouncycastle:bouncy_castle_for_java:1.75:*:*:*:*:*:*:* (Confidence :Low) suppress cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle:1.75:*:*:*:*:*:*:* (Confidence :Low) suppress Description:
The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.5 and up. License:
Bouncy Castle Licence: https://www.bouncycastle.org/licence.html File Path: /home/grprdist/.m2/repository/org/bouncycastle/bcprov-jdk15on/1.70/bcprov-jdk15on-1.70.jar
MD5: 1809d0449a6374279c01fdd3be26cd92
SHA1: 4636a0d01f74acaf28082fb62b317f1080118371
SHA256: 8f3c20e3e2d565d26f33e8d4857a37d0d7f8ac39b62a7026496fcab1bdac30d4
Referenced In Projects/Scopes: Grouper WS Test:compile Grouper WS:compile Evidence Type Source Name Value Confidence Vendor file name bcprov-jdk15on High Vendor jar package name bouncycastle Highest Vendor jar package name crypto Highest Vendor jar package name jce Highest Vendor jar package name org Highest Vendor jar package name provider Highest Vendor Manifest application-library-allowable-codebase * Low Vendor Manifest application-name Bouncy Castle Provider Medium Vendor Manifest automatic-module-name org.bouncycastle.provider Medium Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor Manifest bundle-symbolicname bcprov Medium Vendor Manifest caller-allowable-codebase * Low Vendor Manifest codebase * Low Vendor Manifest extension-name org.bouncycastle.bcprovider Medium Vendor Manifest Implementation-Vendor BouncyCastle.org High Vendor Manifest Implementation-Vendor-Id org.bouncycastle Medium Vendor Manifest multi-release true Low Vendor Manifest originally-created-by 25.292-b10 (Private Build) Low Vendor Manifest permissions all-permissions Low Vendor Manifest specification-vendor BouncyCastle.org Low Vendor Manifest trusted-library true Low Vendor pom artifactid bcprov-jdk15on Highest Vendor pom artifactid bcprov-jdk15on Low Vendor pom developer email feedback-crypto@bouncycastle.org Low Vendor pom developer id feedback-crypto Medium Vendor pom developer name The Legion of the Bouncy Castle Inc. Medium Vendor pom groupid org.bouncycastle Highest Vendor pom name Bouncy Castle Provider High Vendor pom url https://www.bouncycastle.org/java.html Highest Product file name bcprov-jdk15on High Product hint analyzer product legion-of-the-bouncy-castle-java-crytography-api High Product hint analyzer product the_bouncy_castle_crypto_package_for_java High Product jar package name bouncycastle Highest Product jar package name crypto Highest Product jar package name jce Highest Product jar package name org Highest Product jar package name provider Highest Product Manifest application-library-allowable-codebase * Low Product Manifest application-name Bouncy Castle Provider Medium Product Manifest automatic-module-name org.bouncycastle.provider Medium Product Manifest Bundle-Name bcprov Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product Manifest bundle-symbolicname bcprov Medium Product Manifest caller-allowable-codebase * Low Product Manifest codebase * Low Product Manifest extension-name org.bouncycastle.bcprovider Medium Product Manifest multi-release true Low Product Manifest originally-created-by 25.292-b10 (Private Build) Low Product Manifest permissions all-permissions Low Product Manifest trusted-library true Low Product pom artifactid bcprov-jdk15on Highest Product pom developer email feedback-crypto@bouncycastle.org Low Product pom developer id feedback-crypto Low Product pom developer name The Legion of the Bouncy Castle Inc. Low Product pom groupid org.bouncycastle Highest Product pom name Bouncy Castle Provider High Product pom url https://www.bouncycastle.org/java.html Medium Version file version 1.70 High Version Manifest Bundle-Version 1.70 High Version pom version 1.70 Highest
pkg:maven/org.bouncycastle/bcprov-jdk15on@1.70 (Confidence :High)cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.70:*:*:*:*:*:*:* (Confidence :Low) suppress cpe:2.3:a:bouncycastle:bouncy_castle_crypto_package:1.70:*:*:*:*:*:*:* (Confidence :Low) suppress cpe:2.3:a:bouncycastle:bouncy_castle_for_java:1.70:*:*:*:*:*:*:* (Confidence :Low) suppress cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle:1.70:*:*:*:*:*:*:* (Confidence :Low) suppress cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.70:*:*:*:*:*:*:* (Confidence :Low) suppress cpe:2.3:a:bouncycastle:the_bouncy_castle_crypto_package_for_java:1.70:*:*:*:*:*:*:* (Confidence :Low) suppress CVE-2024-34447 (OSSINDEX)suppress
bouncycastle - Improper Validation of Certificate with Host Mismatch
The software communicates with a host that provides a certificate, but the software does not properly ensure that the certificate is actually associated with that host. CWE-297 Improper Validation of Certificate with Host Mismatch
CVSSv2:
Base Score: HIGH (7.7) Vector: /AV:N/AC:H/Au:/C:H/I:H/A:L References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.bouncycastle:bcprov-jdk15on:1.70:*:*:*:*:*:*:* CVE-2024-29857 (OSSINDEX)suppress
An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java (BC Java) before 1.78, BC Java LTS before 2.73.6, BC-FJA before 1.0.2.5, and BC C# .Net before 2.3.1. Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during the evaluation of the curve parameters. CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:/C:N/I:N/A:H References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.bouncycastle:bcprov-jdk15on:1.70:*:*:*:*:*:*:* CVE-2024-30171 (OSSINDEX)suppress
An issue was discovered in Bouncy Castle Java TLS API and JSSE Provider before 1.78. Timing-based leakage may occur in RSA based handshakes because of exception processing. CWE-208 Information Exposure Through Timing Discrepancy
CVSSv2:
Base Score: MEDIUM (5.9) Vector: /AV:N/AC:H/Au:/C:H/I:N/A:N References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.bouncycastle:bcprov-jdk15on:1.70:*:*:*:*:*:*:* CVE-2023-33202 suppress
Bouncy Castle for Java before 1.73 contains a potential Denial of Service (DoS) issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams containing X.509 certificates, PKCS8 encoded keys, and PKCS7 objects. Parsing a file that has crafted ASN.1 data through the PEMParser causes an OutOfMemoryError, which can enable a denial of service attack. (For users of the FIPS Java API: BC-FJA 1.0.2.3 and earlier are affected; BC-FJA 1.0.2.4 is fixed.) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
CVSSv3:
Base Score: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions:
CVE-2023-33201 (OSSINDEX)suppress
Bouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability. The vulnerability only affects applications that use an LDAP CertStore from Bouncy Castle to validate X.509 certificates. During the certificate validation process, Bouncy Castle inserts the certificate's Subject Name into an LDAP search filter without any escaping, which leads to an LDAP injection vulnerability. CWE-295 Improper Certificate Validation
CVSSv2:
Base Score: MEDIUM (5.3) Vector: /AV:N/AC:L/Au:/C:L/I:N/A:N References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.bouncycastle:bcprov-jdk15on:1.70:*:*:*:*:*:*:* Description:
The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.8 and up. License:
Bouncy Castle Licence: https://www.bouncycastle.org/licence.html File Path: /home/grprdist/.m2/repository/org/bouncycastle/bcprov-jdk18on/1.75/bcprov-jdk18on-1.75.jar
MD5: 89c97c894111a42e3c4438f9d411a2b1
SHA1: fd9638f6468e934991c56242d0da2ae38890c2a4
SHA256: 7f24018e9212dbda61c69212f8d7b1524c28efb978f10df590df3b4ccac47bd5
Referenced In Projects/Scopes: Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name bcprov-jdk18on High Vendor jar package name bouncycastle Highest Vendor jar package name crypto Highest Vendor jar package name jce Highest Vendor jar package name org Highest Vendor jar package name provider Highest Vendor Manifest application-library-allowable-codebase * Low Vendor Manifest application-name Bouncy Castle Provider Medium Vendor Manifest automatic-module-name org.bouncycastle.provider Medium Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor Manifest bundle-symbolicname bcprov Medium Vendor Manifest caller-allowable-codebase * Low Vendor Manifest codebase * Low Vendor Manifest extension-name org.bouncycastle.bcprovider Medium Vendor Manifest Implementation-Vendor BouncyCastle.org High Vendor Manifest Implementation-Vendor-Id org.bouncycastle Medium Vendor Manifest multi-release true Low Vendor Manifest originally-created-by 25.362-b09 (Private Build) Low Vendor Manifest permissions all-permissions Low Vendor Manifest specification-vendor BouncyCastle.org Low Vendor Manifest trusted-library true Low Vendor pom artifactid bcprov-jdk18on Highest Vendor pom artifactid bcprov-jdk18on Low Vendor pom developer email feedback-crypto@bouncycastle.org Low Vendor pom developer id feedback-crypto Medium Vendor pom developer name The Legion of the Bouncy Castle Inc. Medium Vendor pom groupid org.bouncycastle Highest Vendor pom name Bouncy Castle Provider High Vendor pom url https://www.bouncycastle.org/java.html Highest Product file name bcprov-jdk18on High Product hint analyzer product legion-of-the-bouncy-castle-java-crytography-api High Product hint analyzer product the_bouncy_castle_crypto_package_for_java High Product jar package name bouncycastle Highest Product jar package name crypto Highest Product jar package name jce Highest Product jar package name org Highest Product jar package name provider Highest Product Manifest application-library-allowable-codebase * Low Product Manifest application-name Bouncy Castle Provider Medium Product Manifest automatic-module-name org.bouncycastle.provider Medium Product Manifest Bundle-Name bcprov Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product Manifest bundle-symbolicname bcprov Medium Product Manifest caller-allowable-codebase * Low Product Manifest codebase * Low Product Manifest extension-name org.bouncycastle.bcprovider Medium Product Manifest multi-release true Low Product Manifest originally-created-by 25.362-b09 (Private Build) Low Product Manifest permissions all-permissions Low Product Manifest trusted-library true Low Product pom artifactid bcprov-jdk18on Highest Product pom developer email feedback-crypto@bouncycastle.org Low Product pom developer id feedback-crypto Low Product pom developer name The Legion of the Bouncy Castle Inc. Low Product pom groupid org.bouncycastle Highest Product pom name Bouncy Castle Provider High Product pom url https://www.bouncycastle.org/java.html Medium Version file version 1.75 High Version Manifest Bundle-Version 1.75 High Version pom version 1.75 Highest
pkg:maven/org.bouncycastle/bcprov-jdk18on@1.75 (Confidence :High)cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.75:*:*:*:*:*:*:* (Confidence :Low) suppress cpe:2.3:a:bouncycastle:bouncy_castle_crypto_package:1.75:*:*:*:*:*:*:* (Confidence :Low) suppress cpe:2.3:a:bouncycastle:bouncy_castle_for_java:1.75:*:*:*:*:*:*:* (Confidence :Low) suppress cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle:1.75:*:*:*:*:*:*:* (Confidence :Low) suppress cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.75:*:*:*:*:*:*:* (Confidence :Low) suppress cpe:2.3:a:bouncycastle:the_bouncy_castle_crypto_package_for_java:1.75:*:*:*:*:*:*:* (Confidence :Low) suppress CVE-2024-34447 (OSSINDEX)suppress
bouncycastle - Improper Validation of Certificate with Host Mismatch
The software communicates with a host that provides a certificate, but the software does not properly ensure that the certificate is actually associated with that host. CWE-297 Improper Validation of Certificate with Host Mismatch
CVSSv2:
Base Score: HIGH (7.7) Vector: /AV:N/AC:H/Au:/C:H/I:H/A:L References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.bouncycastle:bcprov-jdk18on:1.75:*:*:*:*:*:*:* CVE-2024-29857 (OSSINDEX)suppress
An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java (BC Java) before 1.78, BC Java LTS before 2.73.6, BC-FJA before 1.0.2.5, and BC C# .Net before 2.3.1. Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during the evaluation of the curve parameters. CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:/C:N/I:N/A:H References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.bouncycastle:bcprov-jdk18on:1.75:*:*:*:*:*:*:* CVE-2024-30171 (OSSINDEX)suppress
An issue was discovered in Bouncy Castle Java TLS API and JSSE Provider before 1.78. Timing-based leakage may occur in RSA based handshakes because of exception processing. CWE-208 Information Exposure Through Timing Discrepancy
CVSSv2:
Base Score: MEDIUM (5.9) Vector: /AV:N/AC:H/Au:/C:H/I:N/A:N References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.bouncycastle:bcprov-jdk18on:1.75:*:*:*:*:*:*:* CVE-2024-30172 (OSSINDEX)suppress
An issue was discovered in Bouncy Castle Java Cryptography APIs before 1.78. An Ed25519 verification code infinite loop can occur via a crafted signature and public key. CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')
CVSSv2:
Base Score: MEDIUM (5.9) Vector: /AV:N/AC:H/Au:/C:N/I:N/A:H References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.bouncycastle:bcprov-jdk18on:1.75:*:*:*:*:*:*:* Description:
The Bouncy Castle Java APIs for ASN.1 extension and utility APIs used to support bcpkix and bctls. This jar contains APIs for JDK 1.8 and up. License:
Bouncy Castle Licence: https://www.bouncycastle.org/licence.html File Path: /home/grprdist/.m2/repository/org/bouncycastle/bcutil-jdk18on/1.75/bcutil-jdk18on-1.75.jar
MD5: eeb7a078454606e40c65583b878cb7a4
SHA1: 0f58f4bbec8a40137bbb04f6174cd164fae0776b
SHA256: 027f36578c1ffdf08878c1cc2aa1e191f4b9da119c1e8f113299c53f298fa664
Referenced In Projects/Scopes: Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name bcutil-jdk18on High Vendor jar package name bouncycastle Highest Vendor Manifest application-library-allowable-codebase * Low Vendor Manifest application-name Bouncy Castle Utility APIs Medium Vendor Manifest automatic-module-name org.bouncycastle.util Medium Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor Manifest bundle-symbolicname bcutil Medium Vendor Manifest caller-allowable-codebase * Low Vendor Manifest codebase * Low Vendor Manifest extension-name org.bouncycastle.bcutil Medium Vendor Manifest Implementation-Vendor BouncyCastle.org High Vendor Manifest Implementation-Vendor-Id org.bouncycastle Medium Vendor Manifest multi-release true Low Vendor Manifest originally-created-by 25.362-b09 (Private Build) Low Vendor Manifest permissions all-permissions Low Vendor Manifest specification-vendor BouncyCastle.org Low Vendor Manifest trusted-library true Low Vendor pom artifactid bcutil-jdk18on Highest Vendor pom artifactid bcutil-jdk18on Low Vendor pom developer email feedback-crypto@bouncycastle.org Low Vendor pom developer id feedback-crypto Medium Vendor pom developer name The Legion of the Bouncy Castle Inc. Medium Vendor pom groupid org.bouncycastle Highest Vendor pom name Bouncy Castle ASN.1 Extension and Utility APIs High Vendor pom url https://www.bouncycastle.org/java.html Highest Product file name bcutil-jdk18on High Product jar package name bouncycastle Highest Product Manifest application-library-allowable-codebase * Low Product Manifest application-name Bouncy Castle Utility APIs Medium Product Manifest automatic-module-name org.bouncycastle.util Medium Product Manifest Bundle-Name bcutil Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product Manifest bundle-symbolicname bcutil Medium Product Manifest caller-allowable-codebase * Low Product Manifest codebase * Low Product Manifest extension-name org.bouncycastle.bcutil Medium Product Manifest multi-release true Low Product Manifest originally-created-by 25.362-b09 (Private Build) Low Product Manifest permissions all-permissions Low Product Manifest trusted-library true Low Product pom artifactid bcutil-jdk18on Highest Product pom developer email feedback-crypto@bouncycastle.org Low Product pom developer id feedback-crypto Low Product pom developer name The Legion of the Bouncy Castle Inc. Low Product pom groupid org.bouncycastle Highest Product pom name Bouncy Castle ASN.1 Extension and Utility APIs High Product pom url https://www.bouncycastle.org/java.html Medium Version file version 1.75 High Version Manifest Bundle-Version 1.75 High Version pom version 1.75 Highest
pkg:maven/org.bouncycastle/bcutil-jdk18on@1.75 (Confidence :High)cpe:2.3:a:bouncycastle:bouncy_castle_for_java:1.75:*:*:*:*:*:*:* (Confidence :Low) suppress cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle:1.75:*:*:*:*:*:*:* (Confidence :Low) suppress Description:
BeanShell is a small, free, embeddable Java source interpreter with object scripting language features,
written in Java. BeanShell dynamically executes standard Java syntax and extends it with common scripting
conveniences such as loose types, commands, and method closures like those in Perl and JavaScript.
License:
GNU LESSER GENERAL PUBLIC LICENSE: http://www.gnu.org/copyleft/lesser.html File Path: /home/grprdist/.m2/repository/org/beanshell/bsh/2.0b5/bsh-2.0b5.jar
MD5: 02f72336919d06a8491e82346e10b4d5
SHA1: fdc2ab6ae8b53e0d4761b296c116df747cd85199
SHA256: 6232199563807354b3bcb5aceb3dc136502f022c6b0ef743987a83f66fee5a5c
Referenced In Projects/Scopes: Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name bsh High Vendor hint analyzer vendor beanshell_project Highest Vendor jar package name bsh Highest Vendor jar package name interpreter Highest Vendor jar package name org Highest Vendor Manifest Implementation-Vendor Pat Niemeyer (pat@pat.net) High Vendor Manifest specification-vendor http://www.beanshell.org/ Low Vendor pom artifactid bsh Highest Vendor pom artifactid bsh Low Vendor pom developer id pat Medium Vendor pom developer name Pat Niemeyer Medium Vendor pom groupid org.beanshell Highest Vendor pom name BeanShell High Vendor pom url http://www.beanshell.org/ Highest Product file name bsh High Product hint analyzer product beanshell Highest Product jar package name bsh Highest Product jar package name interpreter Highest Product jar package name org Highest Product Manifest specification-title BeanShell Medium Product pom artifactid bsh Highest Product pom developer id pat Low Product pom developer name Pat Niemeyer Low Product pom groupid org.beanshell Highest Product pom name BeanShell High Product pom url http://www.beanshell.org/ Medium Version pom version 2.0b5 Highest
CVE-2016-2510 suppress
BeanShell (bsh) before 2.0b6, when included on the classpath by an application that uses Java serialization or XStream, allows remote attackers to execute arbitrary code via crafted serialized data, related to XThis.Handler. CWE-19 Data Processing Errors
CVSSv2:
Base Score: MEDIUM (6.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (8.1) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
Description:
Byte Buddy is a Java library for creating Java classes at run time.
This artifact is a build of Byte Buddy with a remaining dependency onto ASM.
You should never depend on this module without repackaging Byte Buddy and ASM into your own namespace.
File Path: /home/grprdist/.m2/repository/net/bytebuddy/byte-buddy/1.12.9/byte-buddy-1.12.9.jar/META-INF/maven/net.bytebuddy/byte-buddy-dep/pom.xmlMD5: f252b6a3ad73a2fe8b82d4e5e252b6e7SHA1: bd386dc86918b6f7769ad855aa2636b40b639c76SHA256: 71c523053fd9cd841080a5bc89a4740b49f5dedd648e8de0ab064456e3113c14Referenced In Projects/Scopes:
Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor pom artifactid byte-buddy-dep Low Vendor pom groupid net.bytebuddy Highest Vendor pom name Byte Buddy (with dependencies) High Vendor pom parent-artifactid byte-buddy-parent Low Product pom artifactid byte-buddy-dep Highest Product pom groupid net.bytebuddy Highest Product pom name Byte Buddy (with dependencies) High Product pom parent-artifactid byte-buddy-parent Medium Version pom version 1.12.9 Highest
Description:
Byte Buddy is a Java library for creating Java classes at run time.
This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/net/bytebuddy/byte-buddy/1.12.9/byte-buddy-1.12.9.jar
MD5: a120a37aba17a10766b9bc869f90fd2b
SHA1: 424ded9ef3496b0d997ce066f2166a4f7ec7b07a
SHA256: e305b6b5bdf8602bc5012efaa50c96b0fb922a3c60308ee1af85605b74d82710
Referenced In Projects/Scopes: Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name byte-buddy High Vendor jar package name asm Highest Vendor jar package name build Highest Vendor jar package name bytebuddy Highest Vendor jar package name net Highest Vendor Manifest bundle-symbolicname net.bytebuddy.byte-buddy Medium Vendor Manifest multi-release true Low Vendor pom artifactid byte-buddy Highest Vendor pom artifactid byte-buddy Low Vendor pom groupid net.bytebuddy Highest Vendor pom name Byte Buddy (without dependencies) High Vendor pom parent-artifactid byte-buddy-parent Low Product file name byte-buddy High Product jar package name asm Highest Product jar package name build Highest Product jar package name bytebuddy Highest Product jar package name net Highest Product Manifest Bundle-Name Byte Buddy (without dependencies) Medium Product Manifest bundle-symbolicname net.bytebuddy.byte-buddy Medium Product Manifest multi-release true Low Product pom artifactid byte-buddy Highest Product pom groupid net.bytebuddy Highest Product pom name Byte Buddy (without dependencies) High Product pom parent-artifactid byte-buddy-parent Medium Version file version 1.12.9 High Version Manifest Bundle-Version 1.12.9 High Version pom version 1.12.9 Highest
Description:
a JDBC Connection pooling / Statement caching library License:
GNU Lesser General Public License, Version 2.1: http://www.gnu.org/licenses/lgpl-2.1.html
Eclipse Public License, Version 1.0: http://www.eclipse.org/org/documents/epl-v10.php File Path: /home/grprdist/.m2/repository/com/mchange/c3p0/0.9.5.4/c3p0-0.9.5.4.jar
MD5: 45fd4a89c9fd671a0d1dc97c0ec77abe
SHA1: a21a1d37ae0b59efce99671544f51c34ed1e8def
SHA256: 60cf2906cd6ad6771f514a3e848b74b3e3da99c1806f2a63c38e2dd8da5ef11f
Referenced In Projects/Scopes: Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name c3p0 High Vendor jar package name c3p0 Highest Vendor jar package name mchange Highest Vendor jar package name v2 Highest Vendor Manifest extension-name com.mchange.v2.c3p0 Medium Vendor Manifest Implementation-Vendor Machinery For Change, Inc. High Vendor Manifest Implementation-Vendor-Id com.mchange Medium Vendor Manifest specification-vendor Machinery For Change, Inc. Low Vendor pom artifactid c3p0 Highest Vendor pom artifactid c3p0 Low Vendor pom developer email swaldman@mchange.com Low Vendor pom developer id swaldman Medium Vendor pom developer name Steve Waldman Medium Vendor pom groupid com.mchange Highest Vendor pom name c3p0 High Vendor pom url swaldman/c3p0 Highest Product file name c3p0 High Product jar package name c3p0 Highest Product jar package name mchange Highest Product jar package name v2 Highest Product Manifest extension-name com.mchange.v2.c3p0 Medium Product pom artifactid c3p0 Highest Product pom developer email swaldman@mchange.com Low Product pom developer id swaldman Low Product pom developer name Steve Waldman Low Product pom groupid com.mchange Highest Product pom name c3p0 High Product pom url swaldman/c3p0 High Version file version 0.9.5.4 High Version Manifest Implementation-Version 0.9.5.4 High Version pom version 0.9.5.4 Highest
Description:
a JDBC Connection pooling / Statement caching library License:
GNU Lesser General Public License, Version 2.1: http://www.gnu.org/licenses/lgpl-2.1.html
Eclipse Public License, Version 1.0: http://www.eclipse.org/org/documents/epl-v10.php File Path: /home/grprdist/.m2/repository/com/google/code/maven-play-plugin/com/mchange/c3p0-oracle-thin-extras/0.9.5/c3p0-oracle-thin-extras-0.9.5.jar
MD5: 06b6bb3df31e56a391a5815d0f132715
SHA1: ae706b22bae360f5d360b2a5d207f804a3729ec2
SHA256: d185e4fb6a0165a39a2b85650efa18722ca9b4badef52a7701f081d9ae5ac321
Referenced In Projects/Scopes: Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name c3p0-oracle-thin-extras High Vendor jar package name c3p0 Highest Vendor jar package name c3p0 Low Vendor jar package name mchange Highest Vendor jar package name mchange Low Vendor jar package name v2 Low Vendor pom artifactid c3p0-oracle-thin-extras Highest Vendor pom artifactid c3p0-oracle-thin-extras Low Vendor pom developer email swaldman@mchange.com Low Vendor pom developer id swaldman Medium Vendor pom developer name Steve Waldman Medium Vendor pom groupid com.google.code.maven-play-plugin.com.mchange Highest Vendor pom name c3p0-oracle-thin-extras High Vendor pom url swaldman/c3p0 Highest Product file name c3p0-oracle-thin-extras High Product jar package name c3p0 Highest Product jar package name c3p0 Low Product jar package name dbms Low Product jar package name mchange Highest Product jar package name v2 Low Product pom artifactid c3p0-oracle-thin-extras Highest Product pom developer email swaldman@mchange.com Low Product pom developer id swaldman Low Product pom developer name Steve Waldman Low Product pom groupid com.google.code.maven-play-plugin.com.mchange Highest Product pom name c3p0-oracle-thin-extras High Product pom url swaldman/c3p0 High Version file version 0.9.5 High Version pom version 0.9.5 Highest
CVE-2019-5427 suppress
c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration. CWE-776 Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions: (show all )
File Path: /home/grprdist/.m2/repository/cglib/cglib/3.3.0/cglib-3.3.0.jarMD5: 6ff304cc2874dd20277a8206fee5fd9aSHA1: c956b9f9708af5901e9cf05701e9b2b1c25027ccSHA256: 9fe0c26d7464140ccdfe019ac687be1fb906122b508ab54beb810db0f09a9212Referenced In Projects/Scopes:
Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name cglib High Vendor jar package name cglib Highest Vendor jar package name cglib Low Vendor jar package name net Low Vendor jar package name sf Low Vendor pom artifactid cglib Highest Vendor pom artifactid cglib Low Vendor pom groupid cglib Highest Vendor pom parent-artifactid cglib-parent Low Product file name cglib High Product jar package name cglib Highest Product jar package name cglib Low Product jar package name sf Low Product pom artifactid cglib Highest Product pom groupid cglib Highest Product pom parent-artifactid cglib-parent Medium Version file version 3.3.0 High Version pom version 3.3.0 Highest
Description:
checker-qual contains annotations (type qualifiers) that a programmer
writes to specify Java code for type-checking by the Checker Framework.
License:
The MIT License: http://opensource.org/licenses/MIT File Path: /home/grprdist/.m2/repository/org/checkerframework/checker-qual/3.42.0/checker-qual-3.42.0.jar
MD5: 4c55448dcbfe9c3702f7758fc8fe0086
SHA1: 638ec33f363a94d41a4f03c3e7d3dcfba64e402d
SHA256: ccaedd33af0b7894d9f2f3b644f4d19e43928e32902e61ac4d10777830f5aac7
Referenced In Projects/Scopes: Grouper API:runtime Grouper WS Test:runtime Grouper WS:runtime Grouper SCIM:runtime Grouper UI:runtime Evidence Type Source Name Value Confidence Vendor file name checker-qual High Vendor jar package name checker Highest Vendor jar package name checkerframework Highest Vendor jar package name framework Highest Vendor jar package name qual Highest Vendor Manifest automatic-module-name org.checkerframework.checker.qual Medium Vendor Manifest bundle-symbolicname checker-qual Medium Vendor Manifest implementation-url https://checkerframework.org Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor pom artifactid checker-qual Highest Vendor pom artifactid checker-qual Low Vendor pom developer email mernst@cs.washington.edu Low Vendor pom developer email smillst@cs.washington.edu Low Vendor pom developer id mernst Medium Vendor pom developer id smillst Medium Vendor pom developer name Michael Ernst Medium Vendor pom developer name Suzanne Millstein Medium Vendor pom developer org University of Washington Medium Vendor pom developer org URL https://www.cs.washington.edu/ Medium Vendor pom groupid org.checkerframework Highest Vendor pom name Checker Qual High Vendor pom url https://checkerframework.org/ Highest Product file name checker-qual High Product jar package name checker Highest Product jar package name checkerframework Highest Product jar package name framework Highest Product jar package name qual Highest Product Manifest automatic-module-name org.checkerframework.checker.qual Medium Product Manifest Bundle-Name checker-qual Medium Product Manifest bundle-symbolicname checker-qual Medium Product Manifest implementation-url https://checkerframework.org Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product pom artifactid checker-qual Highest Product pom developer email mernst@cs.washington.edu Low Product pom developer email smillst@cs.washington.edu Low Product pom developer id mernst Low Product pom developer id smillst Low Product pom developer name Michael Ernst Low Product pom developer name Suzanne Millstein Low Product pom developer org University of Washington Low Product pom developer org URL https://www.cs.washington.edu/ Low Product pom groupid org.checkerframework Highest Product pom name Checker Qual High Product pom url https://checkerframework.org/ Medium Version file version 3.42.0 High Version Manifest Bundle-Version 3.42.0 High Version Manifest Implementation-Version 3.42.0 High Version pom version 3.42.0 Highest
Description:
Library for introspecting types with full generic information
including resolving of field and method types.
License:
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/com/fasterxml/classmate/1.5.1/classmate-1.5.1.jar
MD5: e91fcd30ba329fd1b0b6dc5321fd067c
SHA1: 3fe0bed568c62df5e89f4f174c101eab25345b6c
SHA256: aab4de3006808c09d25dd4ff4a3611cfb63c95463cfd99e73d2e1680d229a33b
Referenced In Projects/Scopes: Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name classmate High Vendor jar package name classmate Highest Vendor jar package name fasterxml Highest Vendor jar package name types Highest Vendor Manifest automatic-module-name com.fasterxml.classmate Medium Vendor Manifest bundle-docurl https://github.com/FasterXML/java-classmate Low Vendor Manifest bundle-symbolicname com.fasterxml.classmate Medium Vendor Manifest implementation-build-date 2019-10-19 22:46:35+0000 Low Vendor Manifest Implementation-Vendor fasterxml.com High Vendor Manifest Implementation-Vendor-Id com.fasterxml Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor Manifest specification-vendor fasterxml.com Low Vendor pom artifactid classmate Highest Vendor pom artifactid classmate Low Vendor pom developer email blangel@ocheyedan.net Low Vendor pom developer email tatu@fasterxml.com Low Vendor pom developer id blangel Medium Vendor pom developer id tatu Medium Vendor pom developer name Brian Langel Medium Vendor pom developer name Tatu Saloranta Medium Vendor pom groupid com.fasterxml Highest Vendor pom name ClassMate High Vendor pom organization name fasterxml.com High Vendor pom organization url https://fasterxml.com Medium Vendor pom parent-artifactid oss-parent Low Vendor pom url FasterXML/java-classmate Highest Product file name classmate High Product jar package name classmate Highest Product jar package name fasterxml Highest Product jar package name filter Highest Product jar package name types Highest Product Manifest automatic-module-name com.fasterxml.classmate Medium Product Manifest bundle-docurl https://github.com/FasterXML/java-classmate Low Product Manifest Bundle-Name ClassMate Medium Product Manifest bundle-symbolicname com.fasterxml.classmate Medium Product Manifest implementation-build-date 2019-10-19 22:46:35+0000 Low Product Manifest Implementation-Title ClassMate High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product Manifest specification-title ClassMate Medium Product pom artifactid classmate Highest Product pom developer email blangel@ocheyedan.net Low Product pom developer email tatu@fasterxml.com Low Product pom developer id blangel Low Product pom developer id tatu Low Product pom developer name Brian Langel Low Product pom developer name Tatu Saloranta Low Product pom groupid com.fasterxml Highest Product pom name ClassMate High Product pom organization name fasterxml.com Low Product pom organization url https://fasterxml.com Low Product pom parent-artifactid oss-parent Medium Product pom url FasterXML/java-classmate High Version file version 1.5.1 High Version Manifest Bundle-Version 1.5.1 High Version Manifest Implementation-Version 1.5.1 High Version pom parent-version 1.5.1 Low Version pom version 1.5.1 Highest
Description:
Apache Commons BeanUtils provides an easy-to-use but flexible wrapper around reflection and introspection. License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/commons-beanutils/commons-beanutils/1.9.4/commons-beanutils-1.9.4.jar
MD5: 07dc532ee316fe1f2f0323e9bd2f8df4
SHA1: d52b9abcd97f38c81342bb7e7ae1eee9b73cba51
SHA256: 7d938c81789028045c08c065e94be75fc280527620d5bd62b519d5838532368a
Referenced In Projects/Scopes: Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name commons-beanutils High Vendor jar package name apache Highest Vendor jar package name beanutils Highest Vendor jar package name commons Highest Vendor Manifest bundle-docurl https://commons.apache.org/proper/commons-beanutils/ Low Vendor Manifest bundle-symbolicname org.apache.commons.commons-beanutils Medium Vendor Manifest implementation-build UNKNOWN_BRANCH@r??????; 2019-07-28 22:14:44+0000 Low Vendor Manifest implementation-url https://commons.apache.org/proper/commons-beanutils/ Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-beanutils Highest Vendor pom artifactid commons-beanutils Low Vendor pom developer email britter@apache.org Low Vendor pom developer email chtompki@apache.org Low Vendor pom developer email craigmcc@apache.org Low Vendor pom developer email dion@apache.org Low Vendor pom developer email epugh@apache.org Low Vendor pom developer email geirm@apache.org Low Vendor pom developer email ggregory@apache.org Low Vendor pom developer email jcarman@apache.org Low Vendor pom developer email jconlon@apache.org Low Vendor pom developer email jstrachan@apache.org Low Vendor pom developer email morgand@apache.org Low Vendor pom developer email mvdb@apache.org Low Vendor pom developer email niallp@apache.org Low Vendor pom developer email rdonkin@apache.org Low Vendor pom developer email rwaldhoff@apache.org Low Vendor pom developer email sanders@apache.org Low Vendor pom developer email scolebourne@apache.org Low Vendor pom developer email skitching@apache.org Low Vendor pom developer email stain@apache.org Low Vendor pom developer email tobrien@apache.org Low Vendor pom developer email yoavs@apache.org Low Vendor pom developer id britter Medium Vendor pom developer id chtompki Medium Vendor pom developer id craigmcc Medium Vendor pom developer id dion Medium Vendor pom developer id epugh Medium Vendor pom developer id geirm Medium Vendor pom developer id ggregory Medium Vendor pom developer id jcarman Medium Vendor pom developer id jconlon Medium Vendor pom developer id jstrachan Medium Vendor pom developer id morgand Medium Vendor pom developer id mvdb Medium Vendor pom developer id niallp Medium Vendor pom developer id rdonkin Medium Vendor pom developer id rwaldhoff Medium Vendor pom developer id sanders Medium Vendor pom developer id scolebourne Medium Vendor pom developer id skitching Medium Vendor pom developer id stain Medium Vendor pom developer id tobrien Medium Vendor pom developer id yoavs Medium Vendor pom developer name Benedikt Ritter Medium Vendor pom developer name Craig McClanahan Medium Vendor pom developer name David Eric Pugh Medium Vendor pom developer name Dion Gillard Medium Vendor pom developer name Gary Gregory Medium Vendor pom developer name Geir Magnusson Jr. Medium Vendor pom developer name James Carman Medium Vendor pom developer name James Strachan Medium Vendor pom developer name John E. Conlon Medium Vendor pom developer name Martin van den Bemt Medium Vendor pom developer name Morgan James Delagrange Medium Vendor pom developer name Niall Pemberton Medium Vendor pom developer name Rob Tompkins Medium Vendor pom developer name Robert Burrell Donkin Medium Vendor pom developer name Rodney Waldhoff Medium Vendor pom developer name Scott Sanders Medium Vendor pom developer name Simon Kitching Medium Vendor pom developer name Stephen Colebourne Medium Vendor pom developer name Stian Soiland-Reyes Medium Vendor pom developer name Tim O'Brien Medium Vendor pom developer name Yoav Shapira Medium Vendor pom developer org The Apache Software Foundation Medium Vendor pom groupid commons-beanutils Highest Vendor pom name Apache Commons BeanUtils High Vendor pom parent-artifactid commons-parent Low Vendor pom parent-groupid org.apache.commons Medium Vendor pom url https://commons.apache.org/proper/commons-beanutils/ Highest Product file name commons-beanutils High Product jar package name apache Highest Product jar package name beanutils Highest Product jar package name commons Highest Product Manifest bundle-docurl https://commons.apache.org/proper/commons-beanutils/ Low Product Manifest Bundle-Name Apache Commons BeanUtils Medium Product Manifest bundle-symbolicname org.apache.commons.commons-beanutils Medium Product Manifest implementation-build UNKNOWN_BRANCH@r??????; 2019-07-28 22:14:44+0000 Low Product Manifest Implementation-Title Apache Commons BeanUtils High Product Manifest implementation-url https://commons.apache.org/proper/commons-beanutils/ Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product Manifest specification-title Apache Commons BeanUtils Medium Product pom artifactid commons-beanutils Highest Product pom developer email britter@apache.org Low Product pom developer email chtompki@apache.org Low Product pom developer email craigmcc@apache.org Low Product pom developer email dion@apache.org Low Product pom developer email epugh@apache.org Low Product pom developer email geirm@apache.org Low Product pom developer email ggregory@apache.org Low Product pom developer email jcarman@apache.org Low Product pom developer email jconlon@apache.org Low Product pom developer email jstrachan@apache.org Low Product pom developer email morgand@apache.org Low Product pom developer email mvdb@apache.org Low Product pom developer email niallp@apache.org Low Product pom developer email rdonkin@apache.org Low Product pom developer email rwaldhoff@apache.org Low Product pom developer email sanders@apache.org Low Product pom developer email scolebourne@apache.org Low Product pom developer email skitching@apache.org Low Product pom developer email stain@apache.org Low Product pom developer email tobrien@apache.org Low Product pom developer email yoavs@apache.org Low Product pom developer id britter Low Product pom developer id chtompki Low Product pom developer id craigmcc Low Product pom developer id dion Low Product pom developer id epugh Low Product pom developer id geirm Low Product pom developer id ggregory Low Product pom developer id jcarman Low Product pom developer id jconlon Low Product pom developer id jstrachan Low Product pom developer id morgand Low Product pom developer id mvdb Low Product pom developer id niallp Low Product pom developer id rdonkin Low Product pom developer id rwaldhoff Low Product pom developer id sanders Low Product pom developer id scolebourne Low Product pom developer id skitching Low Product pom developer id stain Low Product pom developer id tobrien Low Product pom developer id yoavs Low Product pom developer name Benedikt Ritter Low Product pom developer name Craig McClanahan Low Product pom developer name David Eric Pugh Low Product pom developer name Dion Gillard Low Product pom developer name Gary Gregory Low Product pom developer name Geir Magnusson Jr. Low Product pom developer name James Carman Low Product pom developer name James Strachan Low Product pom developer name John E. Conlon Low Product pom developer name Martin van den Bemt Low Product pom developer name Morgan James Delagrange Low Product pom developer name Niall Pemberton Low Product pom developer name Rob Tompkins Low Product pom developer name Robert Burrell Donkin Low Product pom developer name Rodney Waldhoff Low Product pom developer name Scott Sanders Low Product pom developer name Simon Kitching Low Product pom developer name Stephen Colebourne Low Product pom developer name Stian Soiland-Reyes Low Product pom developer name Tim O'Brien Low Product pom developer name Yoav Shapira Low Product pom developer org The Apache Software Foundation Low Product pom groupid commons-beanutils Highest Product pom name Apache Commons BeanUtils High Product pom parent-artifactid commons-parent Medium Product pom parent-groupid org.apache.commons Medium Product pom url https://commons.apache.org/proper/commons-beanutils/ Medium Version file version 1.9.4 High Version Manifest Bundle-Version 1.9.4 High Version Manifest Implementation-Version 1.9.4 High Version pom parent-version 1.9.4 Low Version pom version 1.9.4 Highest
CVE-2021-37533 suppress
Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711. CWE-20 Improper Input Validation
CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions:
Description:
Apache Commons CLI provides a simple API for presenting, processing and validating a command line interface.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/commons-cli/commons-cli/1.4/commons-cli-1.4.jar
MD5: c966d7e03507c834d5b09b848560174e
SHA1: c51c00206bb913cd8612b24abd9fa98ae89719b1
SHA256: fd3c7c9545a9cdb2051d1f9155c4f76b1e4ac5a57304404a6eedb578ffba7328
Referenced In Projects/Scopes: Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name commons-cli High Vendor jar package name apache Highest Vendor jar package name cli Highest Vendor jar package name commons Highest Vendor Manifest bundle-docurl http://commons.apache.org/proper/commons-cli/ Low Vendor Manifest bundle-symbolicname org.apache.commons.cli Medium Vendor Manifest implementation-build tags/cli-1.4-RC1@r1786159; 2017-03-09 13:01:35+0000 Low Vendor Manifest implementation-url http://commons.apache.org/proper/commons-cli/ Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-cli Highest Vendor pom artifactid commons-cli Low Vendor pom developer email bob@werken.com Low Vendor pom developer email ebourg@apache.org Low Vendor pom developer email jbjk@mac.com Low Vendor pom developer email jstrachan@apache.org Low Vendor pom developer email roxspring@imapmail.org Low Vendor pom developer email tn@apache.org Low Vendor pom developer id bob Medium Vendor pom developer id ebourg Medium Vendor pom developer id jkeyes Medium Vendor pom developer id jstrachan Medium Vendor pom developer id roxspring Medium Vendor pom developer id tn Medium Vendor pom developer name Bob McWhirter Medium Vendor pom developer name Emmanuel Bourg Medium Vendor pom developer name James Strachan Medium Vendor pom developer name John Keyes Medium Vendor pom developer name Rob Oxspring Medium Vendor pom developer name Thomas Neidhart Medium Vendor pom developer org Ariane Software Medium Vendor pom developer org Indigo Stone Medium Vendor pom developer org integral Source Medium Vendor pom developer org SpiritSoft, Inc. Medium Vendor pom developer org Werken Medium Vendor pom groupid commons-cli Highest Vendor pom name Apache Commons CLI High Vendor pom parent-artifactid commons-parent Low Vendor pom parent-groupid org.apache.commons Medium Vendor pom url http://commons.apache.org/proper/commons-cli/ Highest Product file name commons-cli High Product jar package name apache Highest Product jar package name cli Highest Product jar package name commons Highest Product Manifest bundle-docurl http://commons.apache.org/proper/commons-cli/ Low Product Manifest Bundle-Name Apache Commons CLI Medium Product Manifest bundle-symbolicname org.apache.commons.cli Medium Product Manifest implementation-build tags/cli-1.4-RC1@r1786159; 2017-03-09 13:01:35+0000 Low Product Manifest Implementation-Title Apache Commons CLI High Product Manifest implementation-url http://commons.apache.org/proper/commons-cli/ Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low Product Manifest specification-title Apache Commons CLI Medium Product pom artifactid commons-cli Highest Product pom developer email bob@werken.com Low Product pom developer email ebourg@apache.org Low Product pom developer email jbjk@mac.com Low Product pom developer email jstrachan@apache.org Low Product pom developer email roxspring@imapmail.org Low Product pom developer email tn@apache.org Low Product pom developer id bob Low Product pom developer id ebourg Low Product pom developer id jkeyes Low Product pom developer id jstrachan Low Product pom developer id roxspring Low Product pom developer id tn Low Product pom developer name Bob McWhirter Low Product pom developer name Emmanuel Bourg Low Product pom developer name James Strachan Low Product pom developer name John Keyes Low Product pom developer name Rob Oxspring Low Product pom developer name Thomas Neidhart Low Product pom developer org Ariane Software Low Product pom developer org Indigo Stone Low Product pom developer org integral Source Low Product pom developer org SpiritSoft, Inc. Low Product pom developer org Werken Low Product pom groupid commons-cli Highest Product pom name Apache Commons CLI High Product pom parent-artifactid commons-parent Medium Product pom parent-groupid org.apache.commons Medium Product pom url http://commons.apache.org/proper/commons-cli/ Medium Version file version 1.4 High Version Manifest Implementation-Version 1.4 High Version pom parent-version 1.4 Low Version pom version 1.4 Highest
CVE-2021-37533 suppress
Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711. CWE-20 Improper Input Validation
CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions:
Description:
The Apache Commons Codec package contains simple encoder and decoders for
various formats such as Base64 and Hexadecimal. In addition to these
widely used encoders and decoders, the codec package also maintains a
collection of phonetic encoding utilities.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/commons-codec/commons-codec/1.15/commons-codec-1.15.jar
MD5: 303baf002ce6d382198090aedd9d79a2
SHA1: 49d94806b6e3dc933dacbd8acb0fdbab8ebd1e5d
SHA256: b3e9f6d63a790109bf0d056611fbed1cf69055826defeb9894a71369d246ed63
Referenced In Projects/Scopes: Grouper SCIM:compile Grouper Client:compile Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper Installer:compile Grouper WS Manual Client:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name commons-codec High Vendor jar package name apache Highest Vendor jar package name codec Highest Vendor jar package name commons Highest Vendor jar package name encoder Highest Vendor Manifest automatic-module-name org.apache.commons.codec Medium Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://commons.apache.org/proper/commons-codec/ Low Vendor Manifest bundle-symbolicname org.apache.commons.commons-codec Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-codec Highest Vendor pom artifactid commons-codec Low Vendor pom developer email bayard@apache.org Low Vendor pom developer email chtompki@apache.org Low Vendor pom developer email dgraham@apache.org Low Vendor pom developer email dlr@finemaltcoding.com Low Vendor pom developer email ggregory@apache.org Low Vendor pom developer email jon@collab.net Low Vendor pom developer email julius@apache.org Low Vendor pom developer email rwaldhoff@apache.org Low Vendor pom developer email sanders@totalsync.com Low Vendor pom developer email tn@apache.org Low Vendor pom developer email tobrien@apache.org Low Vendor pom developer id bayard Medium Vendor pom developer id chtompki Medium Vendor pom developer id dgraham Medium Vendor pom developer id dlr Medium Vendor pom developer id ggregory Medium Vendor pom developer id jon Medium Vendor pom developer id julius Medium Vendor pom developer id rwaldhoff Medium Vendor pom developer id sanders Medium Vendor pom developer id tn Medium Vendor pom developer id tobrien Medium Vendor pom developer name Daniel Rall Medium Vendor pom developer name David Graham Medium Vendor pom developer name Gary Gregory Medium Vendor pom developer name Henri Yandell Medium Vendor pom developer name Jon S. Stevens Medium Vendor pom developer name Julius Davies Medium Vendor pom developer name Rob Tompkins Medium Vendor pom developer name Rodney Waldhoff Medium Vendor pom developer name Scott Sanders Medium Vendor pom developer name Thomas Neidhart Medium Vendor pom developer name Tim OBrien Medium Vendor pom developer org URL http://juliusdavies.ca/ Medium Vendor pom groupid commons-codec Highest Vendor pom name Apache Commons Codec High Vendor pom parent-artifactid commons-parent Low Vendor pom parent-groupid org.apache.commons Medium Vendor pom url https://commons.apache.org/proper/commons-codec/ Highest Product file name commons-codec High Product jar package name apache Highest Product jar package name codec Highest Product jar package name commons Highest Product jar package name encoder Highest Product Manifest automatic-module-name org.apache.commons.codec Medium Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://commons.apache.org/proper/commons-codec/ Low Product Manifest Bundle-Name Apache Commons Codec Medium Product Manifest bundle-symbolicname org.apache.commons.commons-codec Medium Product Manifest Implementation-Title Apache Commons Codec High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Product Manifest specification-title Apache Commons Codec Medium Product pom artifactid commons-codec Highest Product pom developer email bayard@apache.org Low Product pom developer email chtompki@apache.org Low Product pom developer email dgraham@apache.org Low Product pom developer email dlr@finemaltcoding.com Low Product pom developer email ggregory@apache.org Low Product pom developer email jon@collab.net Low Product pom developer email julius@apache.org Low Product pom developer email rwaldhoff@apache.org Low Product pom developer email sanders@totalsync.com Low Product pom developer email tn@apache.org Low Product pom developer email tobrien@apache.org Low Product pom developer id bayard Low Product pom developer id chtompki Low Product pom developer id dgraham Low Product pom developer id dlr Low Product pom developer id ggregory Low Product pom developer id jon Low Product pom developer id julius Low Product pom developer id rwaldhoff Low Product pom developer id sanders Low Product pom developer id tn Low Product pom developer id tobrien Low Product pom developer name Daniel Rall Low Product pom developer name David Graham Low Product pom developer name Gary Gregory Low Product pom developer name Henri Yandell Low Product pom developer name Jon S. Stevens Low Product pom developer name Julius Davies Low Product pom developer name Rob Tompkins Low Product pom developer name Rodney Waldhoff Low Product pom developer name Scott Sanders Low Product pom developer name Thomas Neidhart Low Product pom developer name Tim OBrien Low Product pom developer org URL http://juliusdavies.ca/ Low Product pom groupid commons-codec Highest Product pom name Apache Commons Codec High Product pom parent-artifactid commons-parent Medium Product pom parent-groupid org.apache.commons Medium Product pom url https://commons.apache.org/proper/commons-codec/ Medium Version file version 1.15 High Version Manifest Implementation-Version 1.15 High Version pom parent-version 1.15 Low Version pom version 1.15 Highest
CVE-2021-37533 suppress
Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711. CWE-20 Improper Input Validation
CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions:
Description:
Types that extend and augment the Java Collections Framework. License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/commons-collections/commons-collections/3.2.2/commons-collections-3.2.2.jar
MD5: f54a8510f834a1a57166970bfc982e94
SHA1: 8ad72fe39fa8c91eaaf12aadb21e0c3661fe26d5
SHA256: eeeae917917144a68a741d4c0dff66aa5c5c5fd85593ff217bced3fc8ca783b8
Referenced In Projects/Scopes: Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name commons-collections High Vendor jar package name apache Highest Vendor jar package name collections Highest Vendor jar package name commons Highest Vendor Manifest bundle-docurl http://commons.apache.org/collections/ Low Vendor Manifest bundle-symbolicname org.apache.commons.collections Medium Vendor Manifest implementation-build tags/COLLECTIONS_3_2_2_RC3@r1714131; 2015-11-13 00:09:45+0100 Low Vendor Manifest implementation-url http://commons.apache.org/collections/ Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.3))" Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-collections Highest Vendor pom artifactid commons-collections Low Vendor pom developer id amamment Medium Vendor pom developer id bayard Medium Vendor pom developer id craigmcc Medium Vendor pom developer id geirm Medium Vendor pom developer id jcarman Medium Vendor pom developer id matth Medium Vendor pom developer id morgand Medium Vendor pom developer id psteitz Medium Vendor pom developer id rdonkin Medium Vendor pom developer id rwaldhoff Medium Vendor pom developer id scolebourne Medium Vendor pom developer name Arun M. Thomas Medium Vendor pom developer name Craig McClanahan Medium Vendor pom developer name Geir Magnusson Medium Vendor pom developer name Henri Yandell Medium Vendor pom developer name James Carman Medium Vendor pom developer name Matthew Hawthorne Medium Vendor pom developer name Morgan Delagrange Medium Vendor pom developer name Phil Steitz Medium Vendor pom developer name Robert Burrell Donkin Medium Vendor pom developer name Rodney Waldhoff Medium Vendor pom developer name Stephen Colebourne Medium Vendor pom groupid commons-collections Highest Vendor pom name Apache Commons Collections High Vendor pom parent-artifactid commons-parent Low Vendor pom parent-groupid org.apache.commons Medium Vendor pom url http://commons.apache.org/collections/ Highest Product file name commons-collections High Product jar package name apache Highest Product jar package name collections Highest Product jar package name commons Highest Product Manifest bundle-docurl http://commons.apache.org/collections/ Low Product Manifest Bundle-Name Apache Commons Collections Medium Product Manifest bundle-symbolicname org.apache.commons.collections Medium Product Manifest implementation-build tags/COLLECTIONS_3_2_2_RC3@r1714131; 2015-11-13 00:09:45+0100 Low Product Manifest Implementation-Title Apache Commons Collections High Product Manifest implementation-url http://commons.apache.org/collections/ Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.3))" Low Product Manifest specification-title Apache Commons Collections Medium Product pom artifactid commons-collections Highest Product pom developer id amamment Low Product pom developer id bayard Low Product pom developer id craigmcc Low Product pom developer id geirm Low Product pom developer id jcarman Low Product pom developer id matth Low Product pom developer id morgand Low Product pom developer id psteitz Low Product pom developer id rdonkin Low Product pom developer id rwaldhoff Low Product pom developer id scolebourne Low Product pom developer name Arun M. Thomas Low Product pom developer name Craig McClanahan Low Product pom developer name Geir Magnusson Low Product pom developer name Henri Yandell Low Product pom developer name James Carman Low Product pom developer name Matthew Hawthorne Low Product pom developer name Morgan Delagrange Low Product pom developer name Phil Steitz Low Product pom developer name Robert Burrell Donkin Low Product pom developer name Rodney Waldhoff Low Product pom developer name Stephen Colebourne Low Product pom groupid commons-collections Highest Product pom name Apache Commons Collections High Product pom parent-artifactid commons-parent Medium Product pom parent-groupid org.apache.commons Medium Product pom url http://commons.apache.org/collections/ Medium Version file version 3.2.2 High Version Manifest Bundle-Version 3.2.2 High Version Manifest Implementation-Version 3.2.2 High Version pom parent-version 3.2.2 Low Version pom version 3.2.2 Highest
CVE-2021-37533 suppress
Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711. CWE-20 Improper Input Validation
CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions:
Description:
Apache Commons Compress defines an API for working with
compression and archive formats. These include: bzip2, gzip, pack200,
LZMA, XZ, Snappy, traditional Unix Compress, DEFLATE, DEFLATE64, LZ4,
Brotli, Zstandard and ar, cpio, jar, tar, zip, dump, 7z, arj.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/org/apache/commons/commons-compress/1.25.0/commons-compress-1.25.0.jar
MD5: 45f94488e95ceeaf2f401c4f5542b35c
SHA1: 9d35aec423da6c8a7f93d7e9e1c6b1d9fe14bb5e
SHA256: d0ec8014ebbb0749f471803122b21796afddf2e98e194e4374622e5fbaf69f49
Referenced In Project/Scope: Grouper Installer:compile
Evidence Type Source Name Value Confidence Vendor file name commons-compress High Vendor jar package name apache Highest Vendor jar package name commons Highest Vendor jar package name compress Highest Vendor Manifest automatic-module-name org.apache.commons.compress Medium Vendor Manifest build-jdk-spec 21 Low Vendor Manifest bundle-docurl https://commons.apache.org/proper/commons-compress/ Low Vendor Manifest bundle-symbolicname org.apache.commons.commons-compress Medium Vendor Manifest extension-name org.apache.commons.compress Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest multi-release true Low Vendor Manifest originally-created-by Apache Maven Bundle Plugin 5.1.9 Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-compress Highest Vendor pom artifactid commons-compress Low Vendor pom developer email bodewig at apache.org Low Vendor pom developer email chtompki at apache.org Low Vendor pom developer email damjan at apache.org Low Vendor pom developer email ebourg at apache.org Low Vendor pom developer email ggregory at apache.org Low Vendor pom developer email grobmeier at apache.org Low Vendor pom developer email julius at apache.org Low Vendor pom developer email peterlee at apache.org Low Vendor pom developer email sebb at apache.org Low Vendor pom developer email tcurdt at apache.org Low Vendor pom developer id bodewig Medium Vendor pom developer id chtompki Medium Vendor pom developer id damjan Medium Vendor pom developer id ebourg Medium Vendor pom developer id ggregory Medium Vendor pom developer id grobmeier Medium Vendor pom developer id julius Medium Vendor pom developer id peterlee Medium Vendor pom developer id sebb Medium Vendor pom developer id tcurdt Medium Vendor pom developer name Christian Grobmeier Medium Vendor pom developer name Damjan Jovanovic Medium Vendor pom developer name Emmanuel Bourg Medium Vendor pom developer name Gary Gregory Medium Vendor pom developer name Julius Davies Medium Vendor pom developer name Peter Alfred Lee Medium Vendor pom developer name Rob Tompkins Medium Vendor pom developer name Sebastian Bazley Medium Vendor pom developer name Stefan Bodewig Medium Vendor pom developer name Torsten Curdt Medium Vendor pom developer org The Apache Software Foundation Medium Vendor pom developer org URL https://www.apache.org/ Medium Vendor pom groupid org.apache.commons Highest Vendor pom name Apache Commons Compress High Vendor pom parent-artifactid commons-parent Low Vendor pom url https://commons.apache.org/proper/commons-compress/ Highest Product file name commons-compress High Product jar package name 9 Highest Product jar package name apache Highest Product jar package name commons Highest Product jar package name compress Highest Product Manifest automatic-module-name org.apache.commons.compress Medium Product Manifest build-jdk-spec 21 Low Product Manifest bundle-docurl https://commons.apache.org/proper/commons-compress/ Low Product Manifest Bundle-Name Apache Commons Compress Medium Product Manifest bundle-symbolicname org.apache.commons.commons-compress Medium Product Manifest extension-name org.apache.commons.compress Medium Product Manifest Implementation-Title Apache Commons Compress High Product Manifest multi-release true Low Product Manifest originally-created-by Apache Maven Bundle Plugin 5.1.9 Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product Manifest specification-title Apache Commons Compress Medium Product pom artifactid commons-compress Highest Product pom developer email bodewig at apache.org Low Product pom developer email chtompki at apache.org Low Product pom developer email damjan at apache.org Low Product pom developer email ebourg at apache.org Low Product pom developer email ggregory at apache.org Low Product pom developer email grobmeier at apache.org Low Product pom developer email julius at apache.org Low Product pom developer email peterlee at apache.org Low Product pom developer email sebb at apache.org Low Product pom developer email tcurdt at apache.org Low Product pom developer id bodewig Low Product pom developer id chtompki Low Product pom developer id damjan Low Product pom developer id ebourg Low Product pom developer id ggregory Low Product pom developer id grobmeier Low Product pom developer id julius Low Product pom developer id peterlee Low Product pom developer id sebb Low Product pom developer id tcurdt Low Product pom developer name Christian Grobmeier Low Product pom developer name Damjan Jovanovic Low Product pom developer name Emmanuel Bourg Low Product pom developer name Gary Gregory Low Product pom developer name Julius Davies Low Product pom developer name Peter Alfred Lee Low Product pom developer name Rob Tompkins Low Product pom developer name Sebastian Bazley Low Product pom developer name Stefan Bodewig Low Product pom developer name Torsten Curdt Low Product pom developer org The Apache Software Foundation Low Product pom developer org URL https://www.apache.org/ Low Product pom groupid org.apache.commons Highest Product pom name Apache Commons Compress High Product pom parent-artifactid commons-parent Medium Product pom url https://commons.apache.org/proper/commons-compress/ Medium Version file version 1.25.0 High Version Manifest Bundle-Version 1.25.0 High Version Manifest Implementation-Version 1.25.0 High Version pom parent-version 1.25.0 Low Version pom version 1.25.0 Highest
CVE-2021-37533 suppress
Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711. CWE-20 Improper Input Validation
CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions:
CVE-2024-25710 suppress
Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.3 through 1.25.0.
Users are recommended to upgrade to version 1.26.0 which fixes the issue.
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')
CVSSv3:
Base Score: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions:
CVE-2024-26308 suppress
Allocation of Resources Without Limits or Throttling vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.21 before 1.26.
Users are recommended to upgrade to version 1.26, which fixes the issue.
CWE-770 Allocation of Resources Without Limits or Throttling
CVSSv3:
Base Score: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions:
Description:
The Apache Commons CSV library provides a simple interface for reading and writing
CSV files of various types.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/org/apache/commons/commons-csv/1.6/commons-csv-1.6.jar
MD5: 6a0c53855ceb8fb376635e9a05fb8cb6
SHA1: 22b3c2f901af973a8ec4f24e80c8c0c77a600b79
SHA256: 7d1560fe2c3564128f2ff3f7c0fc9f0666738aa0e704f3d78b8954f9e0ec3adf
Referenced In Projects/Scopes: Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name commons-csv High Vendor jar package name apache Highest Vendor jar package name commons Highest Vendor jar package name csv Highest Vendor Manifest bundle-docurl http://commons.apache.org/proper/commons-csv/ Low Vendor Manifest bundle-symbolicname org.apache.commons.csv Medium Vendor Manifest implementation-build release@r2596fdeebcab53fe459c481990bf1dec838128a5; 2018-09-19 11:49:19+0000 Low Vendor Manifest implementation-url http://commons.apache.org/proper/commons-csv/ Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-csv Highest Vendor pom artifactid commons-csv Low Vendor pom developer email bayard@apache.org Low Vendor pom developer email britter@apache.org Low Vendor pom developer email chtompki@apache.org Low Vendor pom developer email ebourg@apache.org Low Vendor pom developer email ggregory@apache.org Low Vendor pom developer email mvdb@apache.org Low Vendor pom developer email yonik@apache.org Low Vendor pom developer id bayard Medium Vendor pom developer id britter Medium Vendor pom developer id chtompki Medium Vendor pom developer id ebourg Medium Vendor pom developer id ggregory Medium Vendor pom developer id mvdb Medium Vendor pom developer id yonik Medium Vendor pom developer name Benedikt Ritter Medium Vendor pom developer name Emmanuel Bourg Medium Vendor pom developer name Gary Gregory Medium Vendor pom developer name Henri Yandell Medium Vendor pom developer name Martin van den Bemt Medium Vendor pom developer name Rob Tompkins Medium Vendor pom developer name Yonik Seeley Medium Vendor pom developer org Apache Medium Vendor pom developer org The Apache Software Foundation Medium Vendor pom groupid org.apache.commons Highest Vendor pom name Apache Commons CSV High Vendor pom parent-artifactid commons-parent Low Vendor pom url http://commons.apache.org/proper/commons-csv/ Highest Product file name commons-csv High Product jar package name apache Highest Product jar package name commons Highest Product jar package name csv Highest Product Manifest bundle-docurl http://commons.apache.org/proper/commons-csv/ Low Product Manifest Bundle-Name Apache Commons CSV Medium Product Manifest bundle-symbolicname org.apache.commons.csv Medium Product Manifest implementation-build release@r2596fdeebcab53fe459c481990bf1dec838128a5; 2018-09-19 11:49:19+0000 Low Product Manifest Implementation-Title Apache Commons CSV High Product Manifest implementation-url http://commons.apache.org/proper/commons-csv/ Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Product Manifest specification-title Apache Commons CSV Medium Product pom artifactid commons-csv Highest Product pom developer email bayard@apache.org Low Product pom developer email britter@apache.org Low Product pom developer email chtompki@apache.org Low Product pom developer email ebourg@apache.org Low Product pom developer email ggregory@apache.org Low Product pom developer email mvdb@apache.org Low Product pom developer email yonik@apache.org Low Product pom developer id bayard Low Product pom developer id britter Low Product pom developer id chtompki Low Product pom developer id ebourg Low Product pom developer id ggregory Low Product pom developer id mvdb Low Product pom developer id yonik Low Product pom developer name Benedikt Ritter Low Product pom developer name Emmanuel Bourg Low Product pom developer name Gary Gregory Low Product pom developer name Henri Yandell Low Product pom developer name Martin van den Bemt Low Product pom developer name Rob Tompkins Low Product pom developer name Yonik Seeley Low Product pom developer org Apache Low Product pom developer org The Apache Software Foundation Low Product pom groupid org.apache.commons Highest Product pom name Apache Commons CSV High Product pom parent-artifactid commons-parent Medium Product pom url http://commons.apache.org/proper/commons-csv/ Medium Version file version 1.6 High Version Manifest Implementation-Version 1.6 High Version pom parent-version 1.6 Low Version pom version 1.6 Highest
CVE-2021-37533 suppress
Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711. CWE-20 Improper Input Validation
CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions:
Description:
Commons Database Connection Pooling License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/commons-dbcp/commons-dbcp/1.4/commons-dbcp-1.4.jar
MD5: b004158fab904f37f5831860898b3cd9
SHA1: 30be73c965cc990b153a100aaaaafcf239f82d39
SHA256: a6e2d83551d0e5b59aa942359f3010d35e79365e6552ad3dbaa6776e4851e4f6
Referenced In Projects/Scopes: Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name commons-dbcp High Vendor jar package name apache Highest Vendor jar package name commons Highest Vendor jar package name dbcp Highest Vendor Manifest bundle-docurl http://commons.apache.org/dbcp/ Low Vendor Manifest bundle-symbolicname org.apache.commons.dbcp Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-dbcp Highest Vendor pom artifactid commons-dbcp Low Vendor pom developer email joerg.schaible@gmx.de Low Vendor pom developer email markt@apache.org Low Vendor pom developer email mpoeschl@marmot.at Low Vendor pom developer email yoavs@apache.org Low Vendor pom developer id craigmcc Medium Vendor pom developer id dirkv Medium Vendor pom developer id dweinr1 Medium Vendor pom developer id geirm Medium Vendor pom developer id jmcnally Medium Vendor pom developer id joehni Medium Vendor pom developer id markt Medium Vendor pom developer id morgand Medium Vendor pom developer id mpoeschl Medium Vendor pom developer id psteitz Medium Vendor pom developer id rwaldhoff Medium Vendor pom developer id yoavs Medium Vendor pom developer name Craig McClanahan Medium Vendor pom developer name David Weinrich Medium Vendor pom developer name Dirk Verbeeck Medium Vendor pom developer name Geir Magnusson Medium Vendor pom developer name Jörg Schaible Medium Vendor pom developer name John McNally Medium Vendor pom developer name Mark Thomas Medium Vendor pom developer name Martin Poeschl Medium Vendor pom developer name Morgan Delagrange Medium Vendor pom developer name Phil Steitz Medium Vendor pom developer name Rodney Waldhoff Medium Vendor pom developer name Yoav Shapira Medium Vendor pom developer org Apache Software Foundation Medium Vendor pom developer org tucana.at Medium Vendor pom groupid commons-dbcp Highest Vendor pom name Commons DBCP High Vendor pom parent-artifactid commons-parent Low Vendor pom parent-groupid org.apache.commons Medium Vendor pom url http://commons.apache.org/dbcp/ Highest Product file name commons-dbcp High Product jar package name apache Highest Product jar package name commons Highest Product jar package name dbcp Highest Product Manifest bundle-docurl http://commons.apache.org/dbcp/ Low Product Manifest Bundle-Name Commons DBCP Medium Product Manifest bundle-symbolicname org.apache.commons.dbcp Medium Product Manifest Implementation-Title Commons DBCP High Product Manifest specification-title Commons DBCP Medium Product pom artifactid commons-dbcp Highest Product pom developer email joerg.schaible@gmx.de Low Product pom developer email markt@apache.org Low Product pom developer email mpoeschl@marmot.at Low Product pom developer email yoavs@apache.org Low Product pom developer id craigmcc Low Product pom developer id dirkv Low Product pom developer id dweinr1 Low Product pom developer id geirm Low Product pom developer id jmcnally Low Product pom developer id joehni Low Product pom developer id markt Low Product pom developer id morgand Low Product pom developer id mpoeschl Low Product pom developer id psteitz Low Product pom developer id rwaldhoff Low Product pom developer id yoavs Low Product pom developer name Craig McClanahan Low Product pom developer name David Weinrich Low Product pom developer name Dirk Verbeeck Low Product pom developer name Geir Magnusson Low Product pom developer name Jörg Schaible Low Product pom developer name John McNally Low Product pom developer name Mark Thomas Low Product pom developer name Martin Poeschl Low Product pom developer name Morgan Delagrange Low Product pom developer name Phil Steitz Low Product pom developer name Rodney Waldhoff Low Product pom developer name Yoav Shapira Low Product pom developer org Apache Software Foundation Low Product pom developer org tucana.at Low Product pom groupid commons-dbcp Highest Product pom name Commons DBCP High Product pom parent-artifactid commons-parent Medium Product pom parent-groupid org.apache.commons Medium Product pom url http://commons.apache.org/dbcp/ Medium Version file version 1.4 High Version Manifest Bundle-Version 1.4 High Version Manifest Implementation-Version 1.4 High Version pom parent-version 1.4 Low Version pom version 1.4 Highest
CVE-2021-37533 suppress
Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711. CWE-20 Improper Input Validation
CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions:
Description:
The Digester package lets you configure an XML to Java object mapping module
which triggers certain actions called rules whenever a particular
pattern of nested XML elements is recognized.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/commons-digester/commons-digester/2.1/commons-digester-2.1.jar
MD5: 528445033f22da28f5047b6abcd1c7c9
SHA1: 73a8001e7a54a255eef0f03521ec1805dc738ca0
SHA256: e0b2b980a84fc6533c5ce291f1917b32c507f62bcad64198fff44368c2196a3d
Referenced In Projects/Scopes: Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name commons-digester High Vendor jar package name apache Highest Vendor jar package name commons Highest Vendor jar package name digester Highest Vendor jar package name rules Highest Vendor Manifest bundle-docurl http://commons.apache.org/digester/ Low Vendor Manifest bundle-symbolicname org.apache.commons.digester Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-digester Highest Vendor pom artifactid commons-digester Low Vendor pom developer email craigmcc@apache.org Low Vendor pom developer email jfarcand@apache.org Low Vendor pom developer email jstrachan@apache.org Low Vendor pom developer email jvanzyl@apache.org Low Vendor pom developer email rahul AT apache DOT org Low Vendor pom developer email rdonkin@apache.org Low Vendor pom developer email sanders@totalsync.com Low Vendor pom developer email simonetripodi AT apache DOT org Low Vendor pom developer email skitching@apache.org Low Vendor pom developer email tobrien@apache.org Low Vendor pom developer id craigmcc Medium Vendor pom developer id jfarcand Medium Vendor pom developer id jstrachan Medium Vendor pom developer id jvanzyl Medium Vendor pom developer id rahul Medium Vendor pom developer id rdonkin Medium Vendor pom developer id sanders Medium Vendor pom developer id simonetripodi Medium Vendor pom developer id skitching Medium Vendor pom developer id tobrien Medium Vendor pom developer name Craig McClanahan Medium Vendor pom developer name James Strachan Medium Vendor pom developer name Jason van Zyl Medium Vendor pom developer name Jean-Francois Arcand Medium Vendor pom developer name Rahul Akolkar Medium Vendor pom developer name Robert Burrell Donkin Medium Vendor pom developer name Scott Sanders Medium Vendor pom developer name Simon Kitching Medium Vendor pom developer name Simone Tripodi Medium Vendor pom developer name Tim OBrien Medium Vendor pom groupid commons-digester Highest Vendor pom name Commons Digester High Vendor pom parent-artifactid commons-parent Low Vendor pom parent-groupid org.apache.commons Medium Vendor pom url http://commons.apache.org/digester/ Highest Product file name commons-digester High Product jar package name apache Highest Product jar package name commons Highest Product jar package name digester Highest Product jar package name rules Highest Product Manifest bundle-docurl http://commons.apache.org/digester/ Low Product Manifest Bundle-Name Commons Digester Medium Product Manifest bundle-symbolicname org.apache.commons.digester Medium Product Manifest Implementation-Title Commons Digester High Product Manifest specification-title Commons Digester Medium Product pom artifactid commons-digester Highest Product pom developer email craigmcc@apache.org Low Product pom developer email jfarcand@apache.org Low Product pom developer email jstrachan@apache.org Low Product pom developer email jvanzyl@apache.org Low Product pom developer email rahul AT apache DOT org Low Product pom developer email rdonkin@apache.org Low Product pom developer email sanders@totalsync.com Low Product pom developer email simonetripodi AT apache DOT org Low Product pom developer email skitching@apache.org Low Product pom developer email tobrien@apache.org Low Product pom developer id craigmcc Low Product pom developer id jfarcand Low Product pom developer id jstrachan Low Product pom developer id jvanzyl Low Product pom developer id rahul Low Product pom developer id rdonkin Low Product pom developer id sanders Low Product pom developer id simonetripodi Low Product pom developer id skitching Low Product pom developer id tobrien Low Product pom developer name Craig McClanahan Low Product pom developer name James Strachan Low Product pom developer name Jason van Zyl Low Product pom developer name Jean-Francois Arcand Low Product pom developer name Rahul Akolkar Low Product pom developer name Robert Burrell Donkin Low Product pom developer name Scott Sanders Low Product pom developer name Simon Kitching Low Product pom developer name Simone Tripodi Low Product pom developer name Tim OBrien Low Product pom groupid commons-digester Highest Product pom name Commons Digester High Product pom parent-artifactid commons-parent Medium Product pom parent-groupid org.apache.commons Medium Product pom url http://commons.apache.org/digester/ Medium Version file version 2.1 High Version Manifest Bundle-Version 2.1 High Version Manifest Implementation-Version 2.1 High Version pom parent-version 2.1 Low Version pom version 2.1 Highest
CVE-2021-37533 suppress
Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711. CWE-20 Improper Input Validation
CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions:
Description:
The Apache Commons Digester package lets you configure an XML to Java
object mapping module which triggers certain actions called rules whenever
a particular pattern of nested XML elements is recognized.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/org/apache/commons/commons-digester3/3.2/commons-digester3-3.2.jar
MD5: 41d2c62c7aedafa7a3627794abc83f71
SHA1: c3f68c5ff25ec5204470fd8fdf4cb8feff5e8a79
SHA256: 1c150e3d2df4b4237b47e28fea2079fb0da324578d5cca6a5fed2e37a62082ec
Referenced In Projects/Scopes: Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name commons-digester3 High Vendor jar package name apache Highest Vendor jar package name commons Highest Vendor jar package name digester Highest Vendor jar package name digester3 Highest Vendor jar package name rules Highest Vendor Manifest bundle-docurl http://commons.apache.org/digester/ Low Vendor Manifest bundle-symbolicname org.apache.commons.digester Medium Vendor Manifest implementation-build tags/DIGESTER3_3_2_RC2@r1212807; 2011-12-10 15:57:06+0100 Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-digester3 Highest Vendor pom artifactid commons-digester3 Low Vendor pom developer email craigmcc@apache.org Low Vendor pom developer email jfarcand@apache.org Low Vendor pom developer email jstrachan@apache.org Low Vendor pom developer email jvanzyl@apache.org Low Vendor pom developer email mbenson AT apache DOT org Low Vendor pom developer email rahul AT apache DOT org Low Vendor pom developer email rdonkin@apache.org Low Vendor pom developer email sanders@totalsync.com Low Vendor pom developer email simonetripodi AT apache DOT org Low Vendor pom developer email skitching@apache.org Low Vendor pom developer email tobrien@apache.org Low Vendor pom developer id craigmcc Medium Vendor pom developer id jfarcand Medium Vendor pom developer id jstrachan Medium Vendor pom developer id jvanzyl Medium Vendor pom developer id mbenson Medium Vendor pom developer id rahul Medium Vendor pom developer id rdonkin Medium Vendor pom developer id sanders Medium Vendor pom developer id simonetripodi Medium Vendor pom developer id skitching Medium Vendor pom developer id tobrien Medium Vendor pom developer name Craig McClanahan Medium Vendor pom developer name James Strachan Medium Vendor pom developer name Jason van Zyl Medium Vendor pom developer name Jean-Francois Arcand Medium Vendor pom developer name Matt Benson Medium Vendor pom developer name Rahul Akolkar Medium Vendor pom developer name Robert Burrell Donkin Medium Vendor pom developer name Scott Sanders Medium Vendor pom developer name Simon Kitching Medium Vendor pom developer name Simone Tripodi Medium Vendor pom developer name Tim OBrien Medium Vendor pom groupid org.apache.commons Highest Vendor pom name Apache Commons Digester High Vendor pom parent-artifactid commons-parent Low Vendor pom url http://commons.apache.org/digester/ Highest Product file name commons-digester3 High Product jar package name apache Highest Product jar package name commons Highest Product jar package name digester Highest Product jar package name digester3 Highest Product jar package name rules Highest Product Manifest bundle-docurl http://commons.apache.org/digester/ Low Product Manifest Bundle-Name Apache Commons Digester Medium Product Manifest bundle-symbolicname org.apache.commons.digester Medium Product Manifest implementation-build tags/DIGESTER3_3_2_RC2@r1212807; 2011-12-10 15:57:06+0100 Low Product Manifest Implementation-Title Apache Commons Digester High Product Manifest specification-title Apache Commons Digester Medium Product pom artifactid commons-digester3 Highest Product pom developer email craigmcc@apache.org Low Product pom developer email jfarcand@apache.org Low Product pom developer email jstrachan@apache.org Low Product pom developer email jvanzyl@apache.org Low Product pom developer email mbenson AT apache DOT org Low Product pom developer email rahul AT apache DOT org Low Product pom developer email rdonkin@apache.org Low Product pom developer email sanders@totalsync.com Low Product pom developer email simonetripodi AT apache DOT org Low Product pom developer email skitching@apache.org Low Product pom developer email tobrien@apache.org Low Product pom developer id craigmcc Low Product pom developer id jfarcand Low Product pom developer id jstrachan Low Product pom developer id jvanzyl Low Product pom developer id mbenson Low Product pom developer id rahul Low Product pom developer id rdonkin Low Product pom developer id sanders Low Product pom developer id simonetripodi Low Product pom developer id skitching Low Product pom developer id tobrien Low Product pom developer name Craig McClanahan Low Product pom developer name James Strachan Low Product pom developer name Jason van Zyl Low Product pom developer name Jean-Francois Arcand Low Product pom developer name Matt Benson Low Product pom developer name Rahul Akolkar Low Product pom developer name Robert Burrell Donkin Low Product pom developer name Scott Sanders Low Product pom developer name Simon Kitching Low Product pom developer name Simone Tripodi Low Product pom developer name Tim OBrien Low Product pom groupid org.apache.commons Highest Product pom name Apache Commons Digester High Product pom parent-artifactid commons-parent Medium Product pom url http://commons.apache.org/digester/ Medium Version file version 3.2 High Version Manifest Implementation-Version 3.2 High Version pom parent-version 3.2 Low Version pom version 3.2 Highest
CVE-2021-37533 suppress
Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711. CWE-20 Improper Input Validation
CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions:
Description:
Apache Commons Exec is a library to reliably execute external processes from within the JVM. License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/org/apache/commons/commons-exec/1.3/commons-exec-1.3.jar
MD5: 8bb8fa2edfd60d5c7ed6bf9923d14aa8
SHA1: 8dfb9facd0830a27b1b5f29f84593f0aeee7773b
SHA256: cb49812dc1bfb0ea4f20f398bcae1a88c6406e213e67f7524fb10d4f8ad9347b
Referenced In Projects/Scopes: Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name commons-exec High Vendor jar package name apache Highest Vendor jar package name commons Highest Vendor jar package name exec Highest Vendor Manifest bundle-docurl http://commons.apache.org/proper/commons-exec/ Low Vendor Manifest bundle-symbolicname org.apache.commons.exec Medium Vendor Manifest implementation-build trunk@r1636211; 2014-11-02 23:51:55+0000 Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-exec Highest Vendor pom artifactid commons-exec Low Vendor pom developer email ggregory@apache.org Low Vendor pom developer id brett Medium Vendor pom developer id ggregory Medium Vendor pom developer id sebb Medium Vendor pom developer id sgoeschl Medium Vendor pom developer id trygvis Medium Vendor pom developer name Brett Porter Medium Vendor pom developer name Gary Gregory Medium Vendor pom developer name Sebastian Bazley Medium Vendor pom developer name Siegfried Goeschl Medium Vendor pom developer name Trygve Laugstøl Medium Vendor pom developer org Apache Medium Vendor pom groupid org.apache.commons Highest Vendor pom name Apache Commons Exec High Vendor pom parent-artifactid commons-parent Low Vendor pom url http://commons.apache.org/proper/commons-exec/ Highest Product file name commons-exec High Product jar package name apache Highest Product jar package name commons Highest Product jar package name exec Highest Product Manifest bundle-docurl http://commons.apache.org/proper/commons-exec/ Low Product Manifest Bundle-Name Apache Commons Exec Medium Product Manifest bundle-symbolicname org.apache.commons.exec Medium Product Manifest implementation-build trunk@r1636211; 2014-11-02 23:51:55+0000 Low Product Manifest Implementation-Title Apache Commons Exec High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low Product Manifest specification-title Apache Commons Exec Medium Product pom artifactid commons-exec Highest Product pom developer email ggregory@apache.org Low Product pom developer id brett Low Product pom developer id ggregory Low Product pom developer id sebb Low Product pom developer id sgoeschl Low Product pom developer id trygvis Low Product pom developer name Brett Porter Low Product pom developer name Gary Gregory Low Product pom developer name Sebastian Bazley Low Product pom developer name Siegfried Goeschl Low Product pom developer name Trygve Laugstøl Low Product pom developer org Apache Low Product pom groupid org.apache.commons Highest Product pom name Apache Commons Exec High Product pom parent-artifactid commons-parent Medium Product pom url http://commons.apache.org/proper/commons-exec/ Medium Version file version 1.3 High Version Manifest Implementation-Version 1.3 High Version pom parent-version 1.3 Low Version pom version 1.3 Highest
CVE-2021-37533 suppress
Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711. CWE-20 Improper Input Validation
CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions:
Description:
The Apache Commons FileUpload component provides a simple yet flexible means of adding support for multipart
file upload functionality to servlets and web applications.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/commons-fileupload/commons-fileupload/1.5/commons-fileupload-1.5.jar
MD5: e57ac8a1a6412886a133a2fa08b89735
SHA1: ad4ad2ab2961b4e1891472bd1a33fabefb0385f3
SHA256: 51f7b3dcb4e50c7662994da2f47231519ff99707a5c7fb7b05f4c4d3a1728c14
Referenced In Projects/Scopes: Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name commons-fileupload High Vendor jar package name apache Highest Vendor jar package name commons Highest Vendor jar package name fileupload Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://commons.apache.org/proper/commons-fileupload/ Low Vendor Manifest bundle-symbolicname org.apache.commons.commons-fileupload Medium Vendor Manifest implementation-build UNKNOWN@r${buildNumber}; 2023-02-01 12:39:33+0000 Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-fileupload Highest Vendor pom artifactid commons-fileupload Low Vendor pom developer email chtompki@apache.org Low Vendor pom developer email dion@apache.org Low Vendor pom developer email dlr@finemaltcoding.com Low Vendor pom developer email ggregory@apache.org Low Vendor pom developer email jason@zenplex.com Low Vendor pom developer email jmcnally@collab.net Low Vendor pom developer email jochen.wiedmann@gmail.com Low Vendor pom developer email martinc@apache.org Low Vendor pom developer email rdonkin@apache.org Low Vendor pom developer email sean |at| seansullivan |dot| com Low Vendor pom developer email simonetripodi@apache.org Low Vendor pom developer id chtompki Medium Vendor pom developer id dion Medium Vendor pom developer id dlr Medium Vendor pom developer id ggregory Medium Vendor pom developer id jmcnally Medium Vendor pom developer id jochen Medium Vendor pom developer id jvanzyl Medium Vendor pom developer id martinc Medium Vendor pom developer id rdonkin Medium Vendor pom developer id simonetripodi Medium Vendor pom developer id sullis Medium Vendor pom developer name Daniel Rall Medium Vendor pom developer name dIon Gillard Medium Vendor pom developer name Gary Gregory Medium Vendor pom developer name Jason van Zyl Medium Vendor pom developer name Jochen Wiedmann Medium Vendor pom developer name John McNally Medium Vendor pom developer name Martin Cooper Medium Vendor pom developer name Rob Tompkins Medium Vendor pom developer name Robert Burrell Donkin Medium Vendor pom developer name Sean C. Sullivan Medium Vendor pom developer name Simone Tripodi Medium Vendor pom developer org Adobe Medium Vendor pom developer org CollabNet Medium Vendor pom developer org Multitask Consulting Medium Vendor pom developer org Yahoo! Medium Vendor pom developer org Zenplex Medium Vendor pom groupid commons-fileupload Highest Vendor pom name Apache Commons FileUpload High Vendor pom parent-artifactid commons-parent Low Vendor pom parent-groupid org.apache.commons Medium Vendor pom url https://commons.apache.org/proper/commons-fileupload/ Highest Product file name commons-fileupload High Product jar package name apache Highest Product jar package name commons Highest Product jar package name fileupload Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://commons.apache.org/proper/commons-fileupload/ Low Product Manifest Bundle-Name Apache Commons FileUpload Medium Product Manifest bundle-symbolicname org.apache.commons.commons-fileupload Medium Product Manifest implementation-build UNKNOWN@r${buildNumber}; 2023-02-01 12:39:33+0000 Low Product Manifest Implementation-Title Apache Commons FileUpload High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product Manifest specification-title Apache Commons FileUpload Medium Product pom artifactid commons-fileupload Highest Product pom developer email chtompki@apache.org Low Product pom developer email dion@apache.org Low Product pom developer email dlr@finemaltcoding.com Low Product pom developer email ggregory@apache.org Low Product pom developer email jason@zenplex.com Low Product pom developer email jmcnally@collab.net Low Product pom developer email jochen.wiedmann@gmail.com Low Product pom developer email martinc@apache.org Low Product pom developer email rdonkin@apache.org Low Product pom developer email sean |at| seansullivan |dot| com Low Product pom developer email simonetripodi@apache.org Low Product pom developer id chtompki Low Product pom developer id dion Low Product pom developer id dlr Low Product pom developer id ggregory Low Product pom developer id jmcnally Low Product pom developer id jochen Low Product pom developer id jvanzyl Low Product pom developer id martinc Low Product pom developer id rdonkin Low Product pom developer id simonetripodi Low Product pom developer id sullis Low Product pom developer name Daniel Rall Low Product pom developer name dIon Gillard Low Product pom developer name Gary Gregory Low Product pom developer name Jason van Zyl Low Product pom developer name Jochen Wiedmann Low Product pom developer name John McNally Low Product pom developer name Martin Cooper Low Product pom developer name Rob Tompkins Low Product pom developer name Robert Burrell Donkin Low Product pom developer name Sean C. Sullivan Low Product pom developer name Simone Tripodi Low Product pom developer org Adobe Low Product pom developer org CollabNet Low Product pom developer org Multitask Consulting Low Product pom developer org Yahoo! Low Product pom developer org Zenplex Low Product pom groupid commons-fileupload Highest Product pom name Apache Commons FileUpload High Product pom parent-artifactid commons-parent Medium Product pom parent-groupid org.apache.commons Medium Product pom url https://commons.apache.org/proper/commons-fileupload/ Medium Version file version 1.5 High Version Manifest Implementation-Version 1.5 High Version pom parent-version 1.5 Low Version pom version 1.5 Highest
CVE-2021-37533 suppress
Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711. CWE-20 Improper Input Validation
CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions:
Description:
The HttpClient component supports the client-side of RFC 1945 (HTTP/1.0) and RFC 2616 (HTTP/1.1) , several related specifications (RFC 2109 (Cookies) , RFC 2617 (HTTP Authentication) , etc.), and provides a framework by which new request types (methods) or HTTP extensions can be created easily. License:
Apache License: http://www.apache.org/licenses/LICENSE-2.0 File Path: /home/grprdist/.m2/repository/commons-httpclient/commons-httpclient/3.1/commons-httpclient-3.1.jar
MD5: 8ad8c9229ef2d59ab9f59f7050e846a5
SHA1: 964cd74171f427720480efdec40a7c7f6e58426a
SHA256: dbd4953d013e10e7c1cc3701a3e6ccd8c950c892f08d804fabfac21705930443
Referenced In Projects/Scopes: Grouper SCIM:compile Grouper Client:compile Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper Installer:compile Grouper WS Manual Client:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name commons-httpclient High Vendor jar package name apache Highest Vendor jar package name commons Highest Vendor jar package name httpclient Highest Vendor jar package name methods Highest Vendor manifest: org/apache/commons/httpclient Implementation-Vendor Apache Software Foundation Medium Vendor pom artifactid commons-httpclient Highest Vendor pom artifactid commons-httpclient Low Vendor pom developer email adrian.sutton -at- ephox.com Low Vendor pom developer email dion -at- apache.org Low Vendor pom developer email jericho -at- apache.org Low Vendor pom developer email jsdever -at- apache.org Low Vendor pom developer email mbecke -at- apache.org Low Vendor pom developer email oglueck -at- apache.org Low Vendor pom developer email olegk -at- apache.org Low Vendor pom developer email rwaldhoff -at- apache Low Vendor pom developer email sullis -at- apache.org Low Vendor pom developer id adrian Medium Vendor pom developer id dion Medium Vendor pom developer id jericho Medium Vendor pom developer id jsdever Medium Vendor pom developer id mbecke Medium Vendor pom developer id oglueck Medium Vendor pom developer id olegk Medium Vendor pom developer id rwaldhoff Medium Vendor pom developer id sullis Medium Vendor pom developer name Adrian Sutton Medium Vendor pom developer name dIon Gillard Medium Vendor pom developer name Jeff Dever Medium Vendor pom developer name Michael Becke Medium Vendor pom developer name Oleg Kalnichevski Medium Vendor pom developer name Ortwin Glueck Medium Vendor pom developer name Rodney Waldhoff Medium Vendor pom developer name Sean C. Sullivan Medium Vendor pom developer name Sung-Gu Medium Vendor pom developer org Britannica Medium Vendor pom developer org Independent consultant Medium Vendor pom developer org Intencha Medium Vendor pom developer org Multitask Consulting Medium Vendor pom groupid commons-httpclient Highest Vendor pom name HttpClient High Vendor pom organization name Apache Software Foundation High Vendor pom organization url http://jakarta.apache.org/ Medium Vendor pom url http://jakarta.apache.org/httpcomponents/httpclient-3.x/ Highest Product file name commons-httpclient High Product jar package name apache Highest Product jar package name commons Highest Product jar package name httpclient Highest Product jar package name methods Highest Product manifest: org/apache/commons/httpclient Implementation-Title org.apache.commons.httpclient Medium Product manifest: org/apache/commons/httpclient Specification-Title Jakarta Commons HttpClient Medium Product pom artifactid commons-httpclient Highest Product pom developer email adrian.sutton -at- ephox.com Low Product pom developer email dion -at- apache.org Low Product pom developer email jericho -at- apache.org Low Product pom developer email jsdever -at- apache.org Low Product pom developer email mbecke -at- apache.org Low Product pom developer email oglueck -at- apache.org Low Product pom developer email olegk -at- apache.org Low Product pom developer email rwaldhoff -at- apache Low Product pom developer email sullis -at- apache.org Low Product pom developer id adrian Low Product pom developer id dion Low Product pom developer id jericho Low Product pom developer id jsdever Low Product pom developer id mbecke Low Product pom developer id oglueck Low Product pom developer id olegk Low Product pom developer id rwaldhoff Low Product pom developer id sullis Low Product pom developer name Adrian Sutton Low Product pom developer name dIon Gillard Low Product pom developer name Jeff Dever Low Product pom developer name Michael Becke Low Product pom developer name Oleg Kalnichevski Low Product pom developer name Ortwin Glueck Low Product pom developer name Rodney Waldhoff Low Product pom developer name Sean C. Sullivan Low Product pom developer name Sung-Gu Low Product pom developer org Britannica Low Product pom developer org Independent consultant Low Product pom developer org Intencha Low Product pom developer org Multitask Consulting Low Product pom groupid commons-httpclient Highest Product pom name HttpClient High Product pom organization name Apache Software Foundation Low Product pom organization url http://jakarta.apache.org/ Low Product pom url http://jakarta.apache.org/httpcomponents/httpclient-3.x/ Medium Version file version 3.1 High Version manifest: org/apache/commons/httpclient Implementation-Version 3.1 Medium Version pom version 3.1 Highest
CVE-2021-37533 suppress
Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711. CWE-20 Improper Input Validation
CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions:
CVE-2012-5783 suppress
Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. CWE-295 Improper Certificate Validation
CVSSv2:
Base Score: MEDIUM (5.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N References:
Vulnerable Software & Versions:
CVE-2020-13956 suppress
Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution. NVD-CWE-noinfo
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N References:
Vulnerable Software & Versions: (show all )
Description:
The Apache Commons IO library contains utility classes, stream implementations, file filters,
file comparators, endian transformation classes, and much more.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/commons-io/commons-io/2.11.0/commons-io-2.11.0.jar
MD5: 3b4b7ccfaeceeac240b804839ee1a1ca
SHA1: a2503f302b11ebde7ebc3df41daebe0e4eea3689
SHA256: 961b2f6d87dbacc5d54abf45ab7a6e2495f89b75598962d8c723cea9bc210908
Referenced In Projects/Scopes: Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name commons-io High Vendor jar package name apache Highest Vendor jar package name commons Highest Vendor jar package name file Highest Vendor jar package name io Highest Vendor Manifest automatic-module-name org.apache.commons.io Medium Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://commons.apache.org/proper/commons-io/ Low Vendor Manifest bundle-symbolicname org.apache.commons.commons-io Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-io Highest Vendor pom artifactid commons-io Low Vendor pom developer email bayard@apache.org Low Vendor pom developer email dion@apache.org Low Vendor pom developer email ggregory at apache.org Low Vendor pom developer email jeremias@apache.org Low Vendor pom developer email jochen.wiedmann@gmail.com Low Vendor pom developer email krosenvold@apache.org Low Vendor pom developer email martinc@apache.org Low Vendor pom developer email matth@apache.org Low Vendor pom developer email nicolaken@apache.org Low Vendor pom developer email roxspring@apache.org Low Vendor pom developer email sanders@apache.org Low Vendor pom developer id bayard Medium Vendor pom developer id dion Medium Vendor pom developer id ggregory Medium Vendor pom developer id jeremias Medium Vendor pom developer id jochen Medium Vendor pom developer id jukka Medium Vendor pom developer id krosenvold Medium Vendor pom developer id martinc Medium Vendor pom developer id matth Medium Vendor pom developer id niallp Medium Vendor pom developer id nicolaken Medium Vendor pom developer id roxspring Medium Vendor pom developer id sanders Medium Vendor pom developer id scolebourne Medium Vendor pom developer name dIon Gillard Medium Vendor pom developer name Gary Gregory Medium Vendor pom developer name Henri Yandell Medium Vendor pom developer name Jeremias Maerki Medium Vendor pom developer name Jochen Wiedmann Medium Vendor pom developer name Jukka Zitting Medium Vendor pom developer name Kristian Rosenvold Medium Vendor pom developer name Martin Cooper Medium Vendor pom developer name Matthew Hawthorne Medium Vendor pom developer name Niall Pemberton Medium Vendor pom developer name Nicola Ken Barozzi Medium Vendor pom developer name Rob Oxspring Medium Vendor pom developer name Scott Sanders Medium Vendor pom developer name Stephen Colebourne Medium Vendor pom developer org The Apache Software Foundation Medium Vendor pom developer org URL https://www.apache.org/ Medium Vendor pom groupid commons-io Highest Vendor pom name Apache Commons IO High Vendor pom parent-artifactid commons-parent Low Vendor pom parent-groupid org.apache.commons Medium Vendor pom url https://commons.apache.org/proper/commons-io/ Highest Product file name commons-io High Product jar package name apache Highest Product jar package name commons Highest Product jar package name file Highest Product jar package name io Highest Product Manifest automatic-module-name org.apache.commons.io Medium Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://commons.apache.org/proper/commons-io/ Low Product Manifest Bundle-Name Apache Commons IO Medium Product Manifest bundle-symbolicname org.apache.commons.commons-io Medium Product Manifest Implementation-Title Apache Commons IO High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product Manifest specification-title Apache Commons IO Medium Product pom artifactid commons-io Highest Product pom developer email bayard@apache.org Low Product pom developer email dion@apache.org Low Product pom developer email ggregory at apache.org Low Product pom developer email jeremias@apache.org Low Product pom developer email jochen.wiedmann@gmail.com Low Product pom developer email krosenvold@apache.org Low Product pom developer email martinc@apache.org Low Product pom developer email matth@apache.org Low Product pom developer email nicolaken@apache.org Low Product pom developer email roxspring@apache.org Low Product pom developer email sanders@apache.org Low Product pom developer id bayard Low Product pom developer id dion Low Product pom developer id ggregory Low Product pom developer id jeremias Low Product pom developer id jochen Low Product pom developer id jukka Low Product pom developer id krosenvold Low Product pom developer id martinc Low Product pom developer id matth Low Product pom developer id niallp Low Product pom developer id nicolaken Low Product pom developer id roxspring Low Product pom developer id sanders Low Product pom developer id scolebourne Low Product pom developer name dIon Gillard Low Product pom developer name Gary Gregory Low Product pom developer name Henri Yandell Low Product pom developer name Jeremias Maerki Low Product pom developer name Jochen Wiedmann Low Product pom developer name Jukka Zitting Low Product pom developer name Kristian Rosenvold Low Product pom developer name Martin Cooper Low Product pom developer name Matthew Hawthorne Low Product pom developer name Niall Pemberton Low Product pom developer name Nicola Ken Barozzi Low Product pom developer name Rob Oxspring Low Product pom developer name Scott Sanders Low Product pom developer name Stephen Colebourne Low Product pom developer org The Apache Software Foundation Low Product pom developer org URL https://www.apache.org/ Low Product pom groupid commons-io Highest Product pom name Apache Commons IO High Product pom parent-artifactid commons-parent Medium Product pom parent-groupid org.apache.commons Medium Product pom url https://commons.apache.org/proper/commons-io/ Medium Version file version 2.11.0 High Version Manifest Bundle-Version 2.11.0 High Version Manifest Implementation-Version 2.11.0 High Version pom parent-version 2.11.0 Low Version pom version 2.11.0 Highest
CVE-2021-37533 suppress
Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711. CWE-20 Improper Input Validation
CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions:
Description:
The Commons Jexl library is an implementation of the JSTL Expression Language with extensions. License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/org/apache/commons/commons-jexl/2.1.1/commons-jexl-2.1.1.jar
MD5: 4ad8f5c161dd3a50e190334555675db9
SHA1: 6ecc181debade00230aa1e17666c4ea0371beaaa
SHA256: 03c9a9fae5da78ce52c0bf24467cc37355b7e23196dff4839e2c0ff018a01306
Referenced In Projects/Scopes: Grouper Client:compile Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name commons-jexl High Vendor jar package name apache Highest Vendor jar package name commons Highest Vendor jar package name expression Highest Vendor Manifest bundle-docurl http://commons.apache.org/jexl/ Low Vendor Manifest bundle-symbolicname org.apache.commons.jexl Medium Vendor Manifest implementation-build COMMONS_JEXL_2_1_1-RC1@r1220732; 2011-12-19 14:53:11+0000 Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-jexl Highest Vendor pom artifactid commons-jexl Low Vendor pom developer email dion AT apache DOT org Low Vendor pom developer email geirm AT apache DOT org Low Vendor pom developer email henrib AT apache DOT org Low Vendor pom developer email jstrachan AT apache DOT org Low Vendor pom developer email proyal AT apache DOT org Low Vendor pom developer email rahul AT apache DOT org Low Vendor pom developer email sebb AT apache DOT org Low Vendor pom developer email tobrien AT apache DOT org Low Vendor pom developer id dion Medium Vendor pom developer id geirm Medium Vendor pom developer id henrib Medium Vendor pom developer id jstrachan Medium Vendor pom developer id proyal Medium Vendor pom developer id rahul Medium Vendor pom developer id sebb Medium Vendor pom developer id tobrien Medium Vendor pom developer name dIon Gillard Medium Vendor pom developer name Geir Magnusson Jr. Medium Vendor pom developer name Henri Biestro Medium Vendor pom developer name James Strachan Medium Vendor pom developer name Peter Royal Medium Vendor pom developer name Rahul Akolkar Medium Vendor pom developer name Sebastian Bazley Medium Vendor pom developer name Tim O'Brien Medium Vendor pom developer org Apache Software Foundation Medium Vendor pom developer org independent Medium Vendor pom developer org SpiritSoft, Inc. Medium Vendor pom groupid org.apache.commons Highest Vendor pom name Commons JEXL High Vendor pom parent-artifactid commons-parent Low Vendor pom url http://commons.apache.org/jexl/ Highest Product file name commons-jexl High Product jar package name apache Highest Product jar package name commons Highest Product jar package name expression Highest Product Manifest bundle-docurl http://commons.apache.org/jexl/ Low Product Manifest Bundle-Name Commons JEXL Medium Product Manifest bundle-symbolicname org.apache.commons.jexl Medium Product Manifest implementation-build COMMONS_JEXL_2_1_1-RC1@r1220732; 2011-12-19 14:53:11+0000 Low Product Manifest Implementation-Title Commons JEXL High Product Manifest specification-title Commons JEXL Medium Product pom artifactid commons-jexl Highest Product pom developer email dion AT apache DOT org Low Product pom developer email geirm AT apache DOT org Low Product pom developer email henrib AT apache DOT org Low Product pom developer email jstrachan AT apache DOT org Low Product pom developer email proyal AT apache DOT org Low Product pom developer email rahul AT apache DOT org Low Product pom developer email sebb AT apache DOT org Low Product pom developer email tobrien AT apache DOT org Low Product pom developer id dion Low Product pom developer id geirm Low Product pom developer id henrib Low Product pom developer id jstrachan Low Product pom developer id proyal Low Product pom developer id rahul Low Product pom developer id sebb Low Product pom developer id tobrien Low Product pom developer name dIon Gillard Low Product pom developer name Geir Magnusson Jr. Low Product pom developer name Henri Biestro Low Product pom developer name James Strachan Low Product pom developer name Peter Royal Low Product pom developer name Rahul Akolkar Low Product pom developer name Sebastian Bazley Low Product pom developer name Tim O'Brien Low Product pom developer org Apache Software Foundation Low Product pom developer org independent Low Product pom developer org SpiritSoft, Inc. Low Product pom groupid org.apache.commons Highest Product pom name Commons JEXL High Product pom parent-artifactid commons-parent Medium Product pom url http://commons.apache.org/jexl/ Medium Version file version 2.1.1 High Version Manifest Bundle-Version 2.1.1 High Version Manifest Implementation-Version 2.1.1 High Version pom parent-version 2.1.1 Low Version pom version 2.1.1 Highest
CVE-2021-37533 suppress
Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711. CWE-20 Improper Input Validation
CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions:
Description:
The Apache Commons JEXL library is an implementation of the JSTL Expression Language with extensions. License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/org/apache/commons/commons-jexl3/3.0/commons-jexl3-3.0.jar
MD5: 81041b5b058a2ccff0046386bc7e23f8
SHA1: 75aba6fe6659500bc7fcd420adca9c04ec9a379a
SHA256: 79b0aecbe5d851ccf919ba3f5ec3ee333e011f46a24713cb2099e3968a5b9884
Referenced In Projects/Scopes: Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name commons-jexl3 High Vendor jar package name apache Highest Vendor jar package name commons Highest Vendor jar package name jexl3 Highest Vendor Manifest bundle-docurl http://commons.apache.org/jexl/ Low Vendor Manifest bundle-symbolicname org.apache.commons.jexl Medium Vendor Manifest implementation-build tags/COMMONS_JEXL_3_0-RC2@r1720787; 2015-12-18 14:09:43+0000 Low Vendor Manifest implementation-url http://commons.apache.org/jexl/ Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-jexl3 Highest Vendor pom artifactid commons-jexl3 Low Vendor pom developer email dion AT apache DOT org Low Vendor pom developer email geirm AT apache DOT org Low Vendor pom developer email henrib AT apache DOT org Low Vendor pom developer email jstrachan AT apache DOT org Low Vendor pom developer email proyal AT apache DOT org Low Vendor pom developer email rahul AT apache DOT org Low Vendor pom developer email sebb AT apache DOT org Low Vendor pom developer email tobrien AT apache DOT org Low Vendor pom developer id dion Medium Vendor pom developer id geirm Medium Vendor pom developer id henrib Medium Vendor pom developer id jstrachan Medium Vendor pom developer id proyal Medium Vendor pom developer id rahul Medium Vendor pom developer id sebb Medium Vendor pom developer id tobrien Medium Vendor pom developer name dIon Gillard Medium Vendor pom developer name Geir Magnusson Jr. Medium Vendor pom developer name Henri Biestro Medium Vendor pom developer name James Strachan Medium Vendor pom developer name Peter Royal Medium Vendor pom developer name Rahul Akolkar Medium Vendor pom developer name Sebastian Bazley Medium Vendor pom developer name Tim O'Brien Medium Vendor pom developer org independent Medium Vendor pom developer org SpiritSoft, Inc. Medium Vendor pom developer org The Apache Software Foundation Medium Vendor pom groupid org.apache.commons Highest Vendor pom name Apache Commons JEXL High Vendor pom parent-artifactid commons-parent Low Vendor pom url http://commons.apache.org/jexl/ Highest Product file name commons-jexl3 High Product jar package name apache Highest Product jar package name commons Highest Product jar package name jexl3 Highest Product Manifest bundle-docurl http://commons.apache.org/jexl/ Low Product Manifest Bundle-Name Apache Commons JEXL Medium Product Manifest bundle-symbolicname org.apache.commons.jexl Medium Product Manifest implementation-build tags/COMMONS_JEXL_3_0-RC2@r1720787; 2015-12-18 14:09:43+0000 Low Product Manifest Implementation-Title Apache Commons JEXL High Product Manifest implementation-url http://commons.apache.org/jexl/ Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product Manifest specification-title Apache Commons JEXL Medium Product pom artifactid commons-jexl3 Highest Product pom developer email dion AT apache DOT org Low Product pom developer email geirm AT apache DOT org Low Product pom developer email henrib AT apache DOT org Low Product pom developer email jstrachan AT apache DOT org Low Product pom developer email proyal AT apache DOT org Low Product pom developer email rahul AT apache DOT org Low Product pom developer email sebb AT apache DOT org Low Product pom developer email tobrien AT apache DOT org Low Product pom developer id dion Low Product pom developer id geirm Low Product pom developer id henrib Low Product pom developer id jstrachan Low Product pom developer id proyal Low Product pom developer id rahul Low Product pom developer id sebb Low Product pom developer id tobrien Low Product pom developer name dIon Gillard Low Product pom developer name Geir Magnusson Jr. Low Product pom developer name Henri Biestro Low Product pom developer name James Strachan Low Product pom developer name Peter Royal Low Product pom developer name Rahul Akolkar Low Product pom developer name Sebastian Bazley Low Product pom developer name Tim O'Brien Low Product pom developer org independent Low Product pom developer org SpiritSoft, Inc. Low Product pom developer org The Apache Software Foundation Low Product pom groupid org.apache.commons Highest Product pom name Apache Commons JEXL High Product pom parent-artifactid commons-parent Medium Product pom url http://commons.apache.org/jexl/ Medium Version file version 3.0 High Version Manifest Implementation-Version 3.0 High Version pom parent-version 3.0 Low Version pom version 3.0 Highest
CVE-2021-37533 suppress
Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711. CWE-20 Improper Input Validation
CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions:
Description:
Commons Lang, a package of Java utility classes for the
classes that are in java.lang's hierarchy, or are considered to be so
standard as to justify existence in java.lang.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/commons-lang/commons-lang/2.6/commons-lang-2.6.jar
MD5: 4d5c1693079575b362edf41500630bbd
SHA1: 0ce1edb914c94ebc388f086c6827e8bdeec71ac2
SHA256: 50f11b09f877c294d56f24463f47d28f929cf5044f648661c0f0cfbae9a2f49c
Referenced In Projects/Scopes: Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name commons-lang High Vendor jar package name apache Highest Vendor jar package name commons Highest Vendor jar package name lang Highest Vendor Manifest bundle-docurl http://commons.apache.org/lang/ Low Vendor Manifest bundle-symbolicname org.apache.commons.lang Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-lang Highest Vendor pom artifactid commons-lang Low Vendor pom developer email bayard@apache.org Low Vendor pom developer email dlr@finemaltcoding.com Low Vendor pom developer email ggregory@seagullsw.com Low Vendor pom developer email jcarman@apache.org Low Vendor pom developer email joerg.schaible@gmx.de Low Vendor pom developer email oheger@apache.org Low Vendor pom developer email pbenedict@apache.org Low Vendor pom developer email phil@steitz.com Low Vendor pom developer email rdonkin@apache.org Low Vendor pom developer email scolebourne@joda.org Low Vendor pom developer email stevencaswell@apache.org Low Vendor pom developer id bayard Medium Vendor pom developer id dlr Medium Vendor pom developer id fredrik Medium Vendor pom developer id ggregory Medium Vendor pom developer id jcarman Medium Vendor pom developer id joehni Medium Vendor pom developer id mbenson Medium Vendor pom developer id niallp Medium Vendor pom developer id oheger Medium Vendor pom developer id pbenedict Medium Vendor pom developer id psteitz Medium Vendor pom developer id rdonkin Medium Vendor pom developer id scaswell Medium Vendor pom developer id scolebourne Medium Vendor pom developer name Daniel Rall Medium Vendor pom developer name Fredrik Westermarck Medium Vendor pom developer name Gary D. Gregory Medium Vendor pom developer name Henri Yandell Medium Vendor pom developer name James Carman Medium Vendor pom developer name Joerg Schaible Medium Vendor pom developer name Matt Benson Medium Vendor pom developer name Niall Pemberton Medium Vendor pom developer name Oliver Heger Medium Vendor pom developer name Paul Benedict Medium Vendor pom developer name Phil Steitz Medium Vendor pom developer name Robert Burrell Donkin Medium Vendor pom developer name Stephen Colebourne Medium Vendor pom developer name Steven Caswell Medium Vendor pom developer org Carman Consulting, Inc. Medium Vendor pom developer org CollabNet, Inc. Medium Vendor pom developer org Seagull Software Medium Vendor pom developer org SITA ATS Ltd Medium Vendor pom groupid commons-lang Highest Vendor pom name Commons Lang High Vendor pom parent-artifactid commons-parent Low Vendor pom parent-groupid org.apache.commons Medium Vendor pom url http://commons.apache.org/lang/ Highest Product file name commons-lang High Product jar package name apache Highest Product jar package name commons Highest Product jar package name lang Highest Product Manifest bundle-docurl http://commons.apache.org/lang/ Low Product Manifest Bundle-Name Commons Lang Medium Product Manifest bundle-symbolicname org.apache.commons.lang Medium Product Manifest Implementation-Title Commons Lang High Product Manifest specification-title Commons Lang Medium Product pom artifactid commons-lang Highest Product pom developer email bayard@apache.org Low Product pom developer email dlr@finemaltcoding.com Low Product pom developer email ggregory@seagullsw.com Low Product pom developer email jcarman@apache.org Low Product pom developer email joerg.schaible@gmx.de Low Product pom developer email oheger@apache.org Low Product pom developer email pbenedict@apache.org Low Product pom developer email phil@steitz.com Low Product pom developer email rdonkin@apache.org Low Product pom developer email scolebourne@joda.org Low Product pom developer email stevencaswell@apache.org Low Product pom developer id bayard Low Product pom developer id dlr Low Product pom developer id fredrik Low Product pom developer id ggregory Low Product pom developer id jcarman Low Product pom developer id joehni Low Product pom developer id mbenson Low Product pom developer id niallp Low Product pom developer id oheger Low Product pom developer id pbenedict Low Product pom developer id psteitz Low Product pom developer id rdonkin Low Product pom developer id scaswell Low Product pom developer id scolebourne Low Product pom developer name Daniel Rall Low Product pom developer name Fredrik Westermarck Low Product pom developer name Gary D. Gregory Low Product pom developer name Henri Yandell Low Product pom developer name James Carman Low Product pom developer name Joerg Schaible Low Product pom developer name Matt Benson Low Product pom developer name Niall Pemberton Low Product pom developer name Oliver Heger Low Product pom developer name Paul Benedict Low Product pom developer name Phil Steitz Low Product pom developer name Robert Burrell Donkin Low Product pom developer name Stephen Colebourne Low Product pom developer name Steven Caswell Low Product pom developer org Carman Consulting, Inc. Low Product pom developer org CollabNet, Inc. Low Product pom developer org Seagull Software Low Product pom developer org SITA ATS Ltd Low Product pom groupid commons-lang Highest Product pom name Commons Lang High Product pom parent-artifactid commons-parent Medium Product pom parent-groupid org.apache.commons Medium Product pom url http://commons.apache.org/lang/ Medium Version file version 2.6 High Version Manifest Bundle-Version 2.6 High Version Manifest Implementation-Version 2.6 High Version pom parent-version 2.6 Low Version pom version 2.6 Highest
CVE-2021-37533 suppress
Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711. CWE-20 Improper Input Validation
CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions:
Description:
Apache Commons Lang, a package of Java utility classes for the
classes that are in java.lang's hierarchy, or are considered to be so
standard as to justify existence in java.lang.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/org/apache/commons/commons-lang3/3.12.0/commons-lang3-3.12.0.jar
MD5: 19fe50567358922bdad277959ea69545
SHA1: c6842c86792ff03b9f1d1fe2aab8dc23aa6c6f0e
SHA256: d919d904486c037f8d193412da0c92e22a9fa24230b9d67a57855c5c31c7e94e
Referenced In Projects/Scopes: Grouper Client:compile Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name commons-lang3 High Vendor jar package name apache Highest Vendor jar package name commons Highest Vendor jar package name lang3 Highest Vendor Manifest automatic-module-name org.apache.commons.lang3 Medium Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://commons.apache.org/proper/commons-lang/ Low Vendor Manifest bundle-symbolicname org.apache.commons.lang3 Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-lang3 Highest Vendor pom artifactid commons-lang3 Low Vendor pom developer email bayard@apache.org Low Vendor pom developer email britter@apache.org Low Vendor pom developer email chtompki@apache.org Low Vendor pom developer email djones@apache.org Low Vendor pom developer email dlr@finemaltcoding.com Low Vendor pom developer email ggregory@apache.org Low Vendor pom developer email jcarman@apache.org Low Vendor pom developer email joerg.schaible@gmx.de Low Vendor pom developer email lguibert@apache.org Low Vendor pom developer email oheger@apache.org Low Vendor pom developer email pbenedict@apache.org Low Vendor pom developer email rdonkin@apache.org Low Vendor pom developer email scolebourne@joda.org Low Vendor pom developer email stevencaswell@apache.org Low Vendor pom developer id bayard Medium Vendor pom developer id britter Medium Vendor pom developer id chtompki Medium Vendor pom developer id djones Medium Vendor pom developer id dlr Medium Vendor pom developer id fredrik Medium Vendor pom developer id ggregory Medium Vendor pom developer id jcarman Medium Vendor pom developer id joehni Medium Vendor pom developer id lguibert Medium Vendor pom developer id mbenson Medium Vendor pom developer id niallp Medium Vendor pom developer id oheger Medium Vendor pom developer id pbenedict Medium Vendor pom developer id rdonkin Medium Vendor pom developer id scaswell Medium Vendor pom developer id scolebourne Medium Vendor pom developer name Benedikt Ritter Medium Vendor pom developer name Daniel Rall Medium Vendor pom developer name Duncan Jones Medium Vendor pom developer name Fredrik Westermarck Medium Vendor pom developer name Gary D. Gregory Medium Vendor pom developer name Henri Yandell Medium Vendor pom developer name James Carman Medium Vendor pom developer name Joerg Schaible Medium Vendor pom developer name Loic Guibert Medium Vendor pom developer name Matt Benson Medium Vendor pom developer name Niall Pemberton Medium Vendor pom developer name Oliver Heger Medium Vendor pom developer name Paul Benedict Medium Vendor pom developer name Rob Tompkins Medium Vendor pom developer name Robert Burrell Donkin Medium Vendor pom developer name Stephen Colebourne Medium Vendor pom developer name Steven Caswell Medium Vendor pom developer org Carman Consulting, Inc. Medium Vendor pom developer org CollabNet, Inc. Medium Vendor pom developer org SITA ATS Ltd Medium Vendor pom groupid org.apache.commons Highest Vendor pom name Apache Commons Lang High Vendor pom parent-artifactid commons-parent Low Vendor pom url https://commons.apache.org/proper/commons-lang/ Highest Product file name commons-lang3 High Product jar package name apache Highest Product jar package name commons Highest Product jar package name lang3 Highest Product Manifest automatic-module-name org.apache.commons.lang3 Medium Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://commons.apache.org/proper/commons-lang/ Low Product Manifest Bundle-Name Apache Commons Lang Medium Product Manifest bundle-symbolicname org.apache.commons.lang3 Medium Product Manifest Implementation-Title Apache Commons Lang High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product Manifest specification-title Apache Commons Lang Medium Product pom artifactid commons-lang3 Highest Product pom developer email bayard@apache.org Low Product pom developer email britter@apache.org Low Product pom developer email chtompki@apache.org Low Product pom developer email djones@apache.org Low Product pom developer email dlr@finemaltcoding.com Low Product pom developer email ggregory@apache.org Low Product pom developer email jcarman@apache.org Low Product pom developer email joerg.schaible@gmx.de Low Product pom developer email lguibert@apache.org Low Product pom developer email oheger@apache.org Low Product pom developer email pbenedict@apache.org Low Product pom developer email rdonkin@apache.org Low Product pom developer email scolebourne@joda.org Low Product pom developer email stevencaswell@apache.org Low Product pom developer id bayard Low Product pom developer id britter Low Product pom developer id chtompki Low Product pom developer id djones Low Product pom developer id dlr Low Product pom developer id fredrik Low Product pom developer id ggregory Low Product pom developer id jcarman Low Product pom developer id joehni Low Product pom developer id lguibert Low Product pom developer id mbenson Low Product pom developer id niallp Low Product pom developer id oheger Low Product pom developer id pbenedict Low Product pom developer id rdonkin Low Product pom developer id scaswell Low Product pom developer id scolebourne Low Product pom developer name Benedikt Ritter Low Product pom developer name Daniel Rall Low Product pom developer name Duncan Jones Low Product pom developer name Fredrik Westermarck Low Product pom developer name Gary D. Gregory Low Product pom developer name Henri Yandell Low Product pom developer name James Carman Low Product pom developer name Joerg Schaible Low Product pom developer name Loic Guibert Low Product pom developer name Matt Benson Low Product pom developer name Niall Pemberton Low Product pom developer name Oliver Heger Low Product pom developer name Paul Benedict Low Product pom developer name Rob Tompkins Low Product pom developer name Robert Burrell Donkin Low Product pom developer name Stephen Colebourne Low Product pom developer name Steven Caswell Low Product pom developer org Carman Consulting, Inc. Low Product pom developer org CollabNet, Inc. Low Product pom developer org SITA ATS Ltd Low Product pom groupid org.apache.commons Highest Product pom name Apache Commons Lang High Product pom parent-artifactid commons-parent Medium Product pom url https://commons.apache.org/proper/commons-lang/ Medium Version file version 3.12.0 High Version Manifest Bundle-Version 3.12.0 High Version Manifest Implementation-Version 3.12.0 High Version pom parent-version 3.12.0 Low Version pom version 3.12.0 Highest
Description:
Apache Commons Logging is a thin adapter allowing configurable bridging to other,
well known logging systems. License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/commons-logging/commons-logging/1.2/commons-logging-1.2.jar
MD5: 040b4b4d8eac886f6b4a2a3bd2f31b00
SHA1: 4bfc12adfe4842bf07b657f0369c4cb522955686
SHA256: daddea1ea0be0f56978ab3006b8ac92834afeefbd9b7e4e6316fca57df0fa636
Referenced In Projects/Scopes: Grouper SCIM:compile Grouper Client:compile Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper Installer:compile Grouper WS Manual Client:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name commons-logging High Vendor jar package name apache Highest Vendor jar package name commons Highest Vendor jar package name logging Highest Vendor Manifest bundle-docurl http://commons.apache.org/proper/commons-logging/ Low Vendor Manifest bundle-symbolicname org.apache.commons.logging Medium Vendor Manifest implementation-build tags/LOGGING_1_2_RC2@r1608092; 2014-07-05 20:11:44+0200 Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-logging Highest Vendor pom artifactid commons-logging Low Vendor pom developer email baliuka@apache.org Low Vendor pom developer email costin@apache.org Low Vendor pom developer email craigmcc@apache.org Low Vendor pom developer email dennisl@apache.org Low Vendor pom developer email donaldp@apache.org Low Vendor pom developer email morgand@apache.org Low Vendor pom developer email rdonkin@apache.org Low Vendor pom developer email rsitze@apache.org Low Vendor pom developer email rwaldhoff@apache.org Low Vendor pom developer email sanders@apache.org Low Vendor pom developer email skitching@apache.org Low Vendor pom developer email tn@apache.org Low Vendor pom developer id baliuka Medium Vendor pom developer id bstansberry Medium Vendor pom developer id costin Medium Vendor pom developer id craigmcc Medium Vendor pom developer id dennisl Medium Vendor pom developer id donaldp Medium Vendor pom developer id morgand Medium Vendor pom developer id rdonkin Medium Vendor pom developer id rsitze Medium Vendor pom developer id rwaldhoff Medium Vendor pom developer id sanders Medium Vendor pom developer id skitching Medium Vendor pom developer id tn Medium Vendor pom developer name Brian Stansberry Medium Vendor pom developer name Costin Manolache Medium Vendor pom developer name Craig McClanahan Medium Vendor pom developer name Dennis Lundberg Medium Vendor pom developer name Juozas Baliuka Medium Vendor pom developer name Morgan Delagrange Medium Vendor pom developer name Peter Donald Medium Vendor pom developer name Richard Sitze Medium Vendor pom developer name Robert Burrell Donkin Medium Vendor pom developer name Rodney Waldhoff Medium Vendor pom developer name Scott Sanders Medium Vendor pom developer name Simon Kitching Medium Vendor pom developer name Thomas Neidhart Medium Vendor pom developer org Apache Medium Vendor pom developer org The Apache Software Foundation Medium Vendor pom groupid commons-logging Highest Vendor pom name Apache Commons Logging High Vendor pom parent-artifactid commons-parent Low Vendor pom parent-groupid org.apache.commons Medium Vendor pom url http://commons.apache.org/proper/commons-logging/ Highest Product file name commons-logging High Product jar package name apache Highest Product jar package name commons Highest Product jar package name logging Highest Product Manifest bundle-docurl http://commons.apache.org/proper/commons-logging/ Low Product Manifest Bundle-Name Apache Commons Logging Medium Product Manifest bundle-symbolicname org.apache.commons.logging Medium Product Manifest implementation-build tags/LOGGING_1_2_RC2@r1608092; 2014-07-05 20:11:44+0200 Low Product Manifest Implementation-Title Apache Commons Logging High Product Manifest specification-title Apache Commons Logging Medium Product pom artifactid commons-logging Highest Product pom developer email baliuka@apache.org Low Product pom developer email costin@apache.org Low Product pom developer email craigmcc@apache.org Low Product pom developer email dennisl@apache.org Low Product pom developer email donaldp@apache.org Low Product pom developer email morgand@apache.org Low Product pom developer email rdonkin@apache.org Low Product pom developer email rsitze@apache.org Low Product pom developer email rwaldhoff@apache.org Low Product pom developer email sanders@apache.org Low Product pom developer email skitching@apache.org Low Product pom developer email tn@apache.org Low Product pom developer id baliuka Low Product pom developer id bstansberry Low Product pom developer id costin Low Product pom developer id craigmcc Low Product pom developer id dennisl Low Product pom developer id donaldp Low Product pom developer id morgand Low Product pom developer id rdonkin Low Product pom developer id rsitze Low Product pom developer id rwaldhoff Low Product pom developer id sanders Low Product pom developer id skitching Low Product pom developer id tn Low Product pom developer name Brian Stansberry Low Product pom developer name Costin Manolache Low Product pom developer name Craig McClanahan Low Product pom developer name Dennis Lundberg Low Product pom developer name Juozas Baliuka Low Product pom developer name Morgan Delagrange Low Product pom developer name Peter Donald Low Product pom developer name Richard Sitze Low Product pom developer name Robert Burrell Donkin Low Product pom developer name Rodney Waldhoff Low Product pom developer name Scott Sanders Low Product pom developer name Simon Kitching Low Product pom developer name Thomas Neidhart Low Product pom developer org Apache Low Product pom developer org The Apache Software Foundation Low Product pom groupid commons-logging Highest Product pom name Apache Commons Logging High Product pom parent-artifactid commons-parent Medium Product pom parent-groupid org.apache.commons Medium Product pom url http://commons.apache.org/proper/commons-logging/ Medium Version file version 1.2 High Version Manifest Implementation-Version 1.2 High Version pom parent-version 1.2 Low Version pom version 1.2 Highest
CVE-2021-37533 suppress
Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711. CWE-20 Improper Input Validation
CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions:
Description:
The Math project is a library of lightweight, self-contained mathematics and statistics components addressing the most common practical problems not immediately available in the Java programming language or commons-lang. License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/commons-math/commons-math/1.2/commons-math-1.2.jar
MD5: 5d3ce091a67e863549de4493e19df069
SHA1: 3955b41fe9f3c0469bd873331940674812d09bd2
SHA256: 429ad6e1a650bc924a3e26fafc8ef703147375d8dd6d02b710c655071cc82270
Referenced In Projects/Scopes: Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name commons-math High Vendor jar package name apache Highest Vendor jar package name commons Highest Vendor jar package name math Highest Vendor Manifest bundle-symbolicname org.apache.commons.math Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-math Highest Vendor pom artifactid commons-math Low Vendor pom developer email achou at apache dot org Low Vendor pom developer email brentworden at apache dot org Low Vendor pom developer email j3322ptm at yahoo dot de Low Vendor pom developer email luc at apache dot org Low Vendor pom developer email mdiggory at apache dot org Low Vendor pom developer email psteitz at apache dot org Low Vendor pom developer email rdonkin at apache dot org Low Vendor pom developer email tobrien at apache dot org Low Vendor pom developer id achou Medium Vendor pom developer id brentworden Medium Vendor pom developer id luc Medium Vendor pom developer id mdiggory Medium Vendor pom developer id pietsch Medium Vendor pom developer id psteitz Medium Vendor pom developer id rdonkin Medium Vendor pom developer id tobrien Medium Vendor pom developer name Albert Davidson Chou Medium Vendor pom developer name Brent Worden Medium Vendor pom developer name J. Pietschmann Medium Vendor pom developer name Luc Maisonobe Medium Vendor pom developer name Mark Diggory Medium Vendor pom developer name Phil Steitz Medium Vendor pom developer name Robert Burrell Donkin Medium Vendor pom developer name Tim O'Brien Medium Vendor pom groupid commons-math Highest Vendor pom name Commons Math High Vendor pom parent-artifactid commons-parent Low Vendor pom parent-groupid org.apache.commons Medium Vendor pom url http://commons.apache.org/math/ Highest Product file name commons-math High Product jar package name apache Highest Product jar package name commons Highest Product jar package name math Highest Product Manifest Bundle-Name Apache Commons Math Bundle Medium Product Manifest bundle-symbolicname org.apache.commons.math Medium Product Manifest Implementation-Title Commons Math High Product Manifest specification-title Commons Math Medium Product pom artifactid commons-math Highest Product pom developer email achou at apache dot org Low Product pom developer email brentworden at apache dot org Low Product pom developer email j3322ptm at yahoo dot de Low Product pom developer email luc at apache dot org Low Product pom developer email mdiggory at apache dot org Low Product pom developer email psteitz at apache dot org Low Product pom developer email rdonkin at apache dot org Low Product pom developer email tobrien at apache dot org Low Product pom developer id achou Low Product pom developer id brentworden Low Product pom developer id luc Low Product pom developer id mdiggory Low Product pom developer id pietsch Low Product pom developer id psteitz Low Product pom developer id rdonkin Low Product pom developer id tobrien Low Product pom developer name Albert Davidson Chou Low Product pom developer name Brent Worden Low Product pom developer name J. Pietschmann Low Product pom developer name Luc Maisonobe Low Product pom developer name Mark Diggory Low Product pom developer name Phil Steitz Low Product pom developer name Robert Burrell Donkin Low Product pom developer name Tim O'Brien Low Product pom groupid commons-math Highest Product pom name Commons Math High Product pom parent-artifactid commons-parent Medium Product pom parent-groupid org.apache.commons Medium Product pom url http://commons.apache.org/math/ Medium Version file version 1.2 High Version Manifest Bundle-Version 1.2 High Version Manifest Implementation-Version 1.2 High Version pom parent-version 1.2 Low Version pom version 1.2 Highest
CVE-2021-37533 suppress
Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711. CWE-20 Improper Input Validation
CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions:
Description:
Apache Commons Net library contains a collection of network utilities and protocol implementations.
Supported protocols include: Echo, Finger, FTP, NNTP, NTP, POP3(S), SMTP(S), Telnet, Whois
License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/commons-net/commons-net/3.9.0/commons-net-3.9.0.jar
MD5: 5254d7c277c30a378518e99b9d1d3522
SHA1: 5a4e26802e0a5a42938f987976b55dae4a6cc636
SHA256: e3c1566f821b84489308cd933f57e8c00dd8714dc96b898bef844386510d3461
Referenced In Projects/Scopes: Grouper WS Test:compile Grouper WS:compile Evidence Type Source Name Value Confidence Vendor file name commons-net High Vendor jar package name apache Highest Vendor jar package name commons Highest Vendor jar package name echo Highest Vendor jar package name finger Highest Vendor jar package name ftp Highest Vendor jar package name net Highest Vendor jar package name nntp Highest Vendor jar package name pop3 Highest Vendor jar package name smtp Highest Vendor jar package name telnet Highest Vendor jar package name whois Highest Vendor Manifest automatic-module-name org.apache.commons.net Medium Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://commons.apache.org/proper/commons-net/ Low Vendor Manifest bundle-symbolicname org.apache.commons.commons-net Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-net Highest Vendor pom artifactid commons-net Low Vendor pom developer email bruno.davanzo@hp.com Low Vendor pom developer email dfs@apache.org Low Vendor pom developer email ggregory at apache.org Low Vendor pom developer email Jeff.Brekke@qg.com Low Vendor pom developer email rwinston@apache.org Low Vendor pom developer email rwinston@checkfree.com Low Vendor pom developer email scohen@apache.org Low Vendor pom developer id brekke Medium Vendor pom developer id brudav Medium Vendor pom developer id dfs Medium Vendor pom developer id ggregory Medium Vendor pom developer id rwinston Medium Vendor pom developer id scohen Medium Vendor pom developer name Bruno D'Avanzo Medium Vendor pom developer name Daniel F. Savarese Medium Vendor pom developer name Gary Gregory Medium Vendor pom developer name Jeffrey D. Brekke Medium Vendor pom developer name Rory Winston Medium Vendor pom developer name Steve Cohen Medium Vendor pom developer org
<a href="http://www.savarese.com/">Savarese Software Research</a> Medium Vendor pom developer org Hewlett-Packard Medium Vendor pom developer org javactivity.org Medium Vendor pom developer org Quad/Graphics, Inc. Medium Vendor pom developer org The Apache Software Foundation Medium Vendor pom developer org URL https://www.apache.org/ Medium Vendor pom groupid commons-net Highest Vendor pom name Apache Commons Net High Vendor pom parent-artifactid commons-parent Low Vendor pom parent-groupid org.apache.commons Medium Vendor pom url https://commons.apache.org/proper/commons-net/ Highest Product file name commons-net High Product jar package name apache Highest Product jar package name commons Highest Product jar package name echo Highest Product jar package name finger Highest Product jar package name ftp Highest Product jar package name net Highest Product jar package name nntp Highest Product jar package name pop3 Highest Product jar package name smtp Highest Product jar package name telnet Highest Product jar package name whois Highest Product Manifest automatic-module-name org.apache.commons.net Medium Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://commons.apache.org/proper/commons-net/ Low Product Manifest Bundle-Name Apache Commons Net Medium Product Manifest bundle-symbolicname org.apache.commons.commons-net Medium Product Manifest Implementation-Title Apache Commons Net High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product Manifest specification-title Apache Commons Net Medium Product pom artifactid commons-net Highest Product pom developer email bruno.davanzo@hp.com Low Product pom developer email dfs@apache.org Low Product pom developer email ggregory at apache.org Low Product pom developer email Jeff.Brekke@qg.com Low Product pom developer email rwinston@apache.org Low Product pom developer email rwinston@checkfree.com Low Product pom developer email scohen@apache.org Low Product pom developer id brekke Low Product pom developer id brudav Low Product pom developer id dfs Low Product pom developer id ggregory Low Product pom developer id rwinston Low Product pom developer id scohen Low Product pom developer name Bruno D'Avanzo Low Product pom developer name Daniel F. Savarese Low Product pom developer name Gary Gregory Low Product pom developer name Jeffrey D. Brekke Low Product pom developer name Rory Winston Low Product pom developer name Steve Cohen Low Product pom developer org
<a href="http://www.savarese.com/">Savarese Software Research</a> Low Product pom developer org Hewlett-Packard Low Product pom developer org javactivity.org Low Product pom developer org Quad/Graphics, Inc. Low Product pom developer org The Apache Software Foundation Low Product pom developer org URL https://www.apache.org/ Low Product pom groupid commons-net Highest Product pom name Apache Commons Net High Product pom parent-artifactid commons-parent Medium Product pom parent-groupid org.apache.commons Medium Product pom url https://commons.apache.org/proper/commons-net/ Medium Version file version 3.9.0 High Version Manifest Bundle-Version 3.9.0 High Version Manifest Implementation-Version 3.9.0 High Version pom parent-version 3.9.0 Low Version pom version 3.9.0 Highest
Description:
Commons Object Pooling Library License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/commons-pool/commons-pool/1.6/commons-pool-1.6.jar
MD5: 5ca02245c829422176d23fa530e919cc
SHA1: 4572d589699f09d866a226a14b7f4323c6d8f040
SHA256: 46c42b4a38dc6b2db53a9ee5c92c63db103665d56694e2cfce2c95d51a6860cc
Referenced In Projects/Scopes: Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name commons-pool High Vendor jar package name apache Highest Vendor jar package name commons Highest Vendor jar package name pool Highest Vendor Manifest bundle-docurl http://commons.apache.org/pool/ Low Vendor Manifest bundle-symbolicname org.apache.commons.pool Medium Vendor Manifest implementation-build UNKNOWN_BRANCH@r??????; 2012-01-04 10:31:47-0500 Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-pool Highest Vendor pom artifactid commons-pool Low Vendor pom developer id craigmcc Medium Vendor pom developer id dirkv Medium Vendor pom developer id dweinr1 Medium Vendor pom developer id geirm Medium Vendor pom developer id ggregory Medium Vendor pom developer id morgand Medium Vendor pom developer id rdonkin Medium Vendor pom developer id rwaldhoff Medium Vendor pom developer id sandymac Medium Vendor pom developer name Craig McClanahan Medium Vendor pom developer name David Weinrich Medium Vendor pom developer name Dirk Verbeeck Medium Vendor pom developer name Gary Gregory Medium Vendor pom developer name Geir Magnusson Medium Vendor pom developer name Morgan Delagrange Medium Vendor pom developer name Robert Burrell Donkin Medium Vendor pom developer name Rodney Waldhoff Medium Vendor pom developer name Sandy McArthur Medium Vendor pom developer org Apache Software Foundation Medium Vendor pom groupid commons-pool Highest Vendor pom name Commons Pool High Vendor pom parent-artifactid commons-parent Low Vendor pom parent-groupid org.apache.commons Medium Vendor pom url http://commons.apache.org/pool/ Highest Product file name commons-pool High Product jar package name apache Highest Product jar package name commons Highest Product jar package name pool Highest Product Manifest bundle-docurl http://commons.apache.org/pool/ Low Product Manifest Bundle-Name Commons Pool Medium Product Manifest bundle-symbolicname org.apache.commons.pool Medium Product Manifest implementation-build UNKNOWN_BRANCH@r??????; 2012-01-04 10:31:47-0500 Low Product Manifest Implementation-Title Commons Pool High Product Manifest specification-title Commons Pool Medium Product pom artifactid commons-pool Highest Product pom developer id craigmcc Low Product pom developer id dirkv Low Product pom developer id dweinr1 Low Product pom developer id geirm Low Product pom developer id ggregory Low Product pom developer id morgand Low Product pom developer id rdonkin Low Product pom developer id rwaldhoff Low Product pom developer id sandymac Low Product pom developer name Craig McClanahan Low Product pom developer name David Weinrich Low Product pom developer name Dirk Verbeeck Low Product pom developer name Gary Gregory Low Product pom developer name Geir Magnusson Low Product pom developer name Morgan Delagrange Low Product pom developer name Robert Burrell Donkin Low Product pom developer name Rodney Waldhoff Low Product pom developer name Sandy McArthur Low Product pom developer org Apache Software Foundation Low Product pom groupid commons-pool Highest Product pom name Commons Pool High Product pom parent-artifactid commons-parent Medium Product pom parent-groupid org.apache.commons Medium Product pom url http://commons.apache.org/pool/ Medium Version file version 1.6 High Version Manifest Implementation-Version 1.6 High Version pom parent-version 1.6 Low Version pom version 1.6 Highest
CVE-2021-37533 suppress
Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711. CWE-20 Improper Input Validation
CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions:
Description:
Apache Commons Text is a library focused on algorithms working on strings. License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/org/apache/commons/commons-text/1.10.0/commons-text-1.10.0.jar
MD5: 4afc9bfa2d31dbf7330c98fcc954b892
SHA1: 3363381aef8cef2dbc1023b3e3a9433b08b64e01
SHA256: 770cd903fa7b604d1f7ef7ba17f84108667294b2b478be8ed1af3bffb4ae0018
Referenced In Projects/Scopes: Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name commons-text High Vendor jar package name apache Highest Vendor jar package name commons Highest Vendor jar package name text Highest Vendor Manifest automatic-module-name org.apache.commons.text Medium Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://commons.apache.org/proper/commons-text Low Vendor Manifest bundle-symbolicname org.apache.commons.commons-text Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-text Highest Vendor pom artifactid commons-text Low Vendor pom developer email britter@apache.org Low Vendor pom developer email chtompki@apache.org Low Vendor pom developer email djones@apache.org Low Vendor pom developer email ggregory at apache.org Low Vendor pom developer email kinow@apache.org Low Vendor pom developer id britter Medium Vendor pom developer id chtompki Medium Vendor pom developer id djones Medium Vendor pom developer id ggregory Medium Vendor pom developer id kinow Medium Vendor pom developer name Benedikt Ritter Medium Vendor pom developer name Bruno P. Kinoshita Medium Vendor pom developer name Duncan Jones Medium Vendor pom developer name Gary Gregory Medium Vendor pom developer name Rob Tompkins Medium Vendor pom developer org The Apache Software Foundation Medium Vendor pom developer org URL https://www.apache.org/ Medium Vendor pom groupid org.apache.commons Highest Vendor pom name Apache Commons Text High Vendor pom parent-artifactid commons-parent Low Vendor pom url https://commons.apache.org/proper/commons-text Highest Product file name commons-text High Product jar package name apache Highest Product jar package name commons Highest Product jar package name text Highest Product Manifest automatic-module-name org.apache.commons.text Medium Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://commons.apache.org/proper/commons-text Low Product Manifest Bundle-Name Apache Commons Text Medium Product Manifest bundle-symbolicname org.apache.commons.commons-text Medium Product Manifest Implementation-Title Apache Commons Text High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product Manifest specification-title Apache Commons Text Medium Product pom artifactid commons-text Highest Product pom developer email britter@apache.org Low Product pom developer email chtompki@apache.org Low Product pom developer email djones@apache.org Low Product pom developer email ggregory at apache.org Low Product pom developer email kinow@apache.org Low Product pom developer id britter Low Product pom developer id chtompki Low Product pom developer id djones Low Product pom developer id ggregory Low Product pom developer id kinow Low Product pom developer name Benedikt Ritter Low Product pom developer name Bruno P. Kinoshita Low Product pom developer name Duncan Jones Low Product pom developer name Gary Gregory Low Product pom developer name Rob Tompkins Low Product pom developer org The Apache Software Foundation Low Product pom developer org URL https://www.apache.org/ Low Product pom groupid org.apache.commons Highest Product pom name Apache Commons Text High Product pom parent-artifactid commons-parent Medium Product pom url https://commons.apache.org/proper/commons-text Medium Version file version 1.10.0 High Version Manifest Bundle-Version 1.10.0 High Version Manifest Implementation-Version 1.10.0 High Version pom parent-version 1.10.0 Low Version pom version 1.10.0 Highest
CVE-2021-37533 suppress
Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711. CWE-20 Improper Input Validation
CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions:
Description:
Apache Commons Validator provides the building blocks for both client side validation and server side data validation.
It may be used standalone or with a framework like Struts.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/commons-validator/commons-validator/1.6/commons-validator-1.6.jar
MD5: 3fd5efd8dcdd601035c123638a897833
SHA1: e989d1e87cdd60575df0765ed5bac65c905d7908
SHA256: bd62795d7068a69cbea333f6dbf9c9c1a6ad7521443fb57202a44874f240ba25
Referenced In Projects/Scopes: Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name commons-validator High Vendor jar package name apache Highest Vendor jar package name commons Highest Vendor jar package name validator Highest Vendor Manifest bundle-docurl http://commons.apache.org/proper/commons-validator/ Low Vendor Manifest bundle-symbolicname org.apache.commons.validator Medium Vendor Manifest implementation-build tags/VALIDATOR_1_6_RC1@r1783233; 2017-02-16 15:10:22+0000 Low Vendor Manifest implementation-url http://commons.apache.org/proper/commons-validator/ Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-validator Highest Vendor pom artifactid commons-validator Low Vendor pom developer email craigmcc@apache.org Low Vendor pom developer email dgraham@apache.org Low Vendor pom developer email dwinterfeldt@apache.org Low Vendor pom developer email ggregory@apache.org Low Vendor pom developer email husted@apache.org Low Vendor pom developer email jmitchell NOSPAM apache.org Low Vendor pom developer email martinc@apache.org Low Vendor pom developer email mrdon@apache.org Low Vendor pom developer email rleland at apache.org Low Vendor pom developer email turner@apache.org Low Vendor pom developer id bayard Medium Vendor pom developer id britter Medium Vendor pom developer id bspeakmon Medium Vendor pom developer id craigmcc Medium Vendor pom developer id dgraham Medium Vendor pom developer id dwinterfeldt Medium Vendor pom developer id ggregory Medium Vendor pom developer id husted Medium Vendor pom developer id jmitchell Medium Vendor pom developer id martinc Medium Vendor pom developer id mrdon Medium Vendor pom developer id niallp Medium Vendor pom developer id nick Medium Vendor pom developer id rleland Medium Vendor pom developer id simonetripodi Medium Vendor pom developer id turner Medium Vendor pom developer name Ben Speakmon Medium Vendor pom developer name Benedikt Ritter Medium Vendor pom developer name Craig McClanahan Medium Vendor pom developer name David Graham Medium Vendor pom developer name David Winterfeldt Medium Vendor pom developer name Don Brown Medium Vendor pom developer name Gary Gregory Medium Vendor pom developer name Henri Yandell Medium Vendor pom developer name James Mitchell Medium Vendor pom developer name James Turner Medium Vendor pom developer name Martin Cooper Medium Vendor pom developer name Niall Pemberton Medium Vendor pom developer name Nick Burch Medium Vendor pom developer name Rob Leland Medium Vendor pom developer name SimoneTripodi Medium Vendor pom developer name Ted Husted Medium Vendor pom developer org EdgeTech, Inc Medium Vendor pom groupid commons-validator Highest Vendor pom name Apache Commons Validator High Vendor pom parent-artifactid commons-parent Low Vendor pom parent-groupid org.apache.commons Medium Vendor pom url http://commons.apache.org/proper/commons-validator/ Highest Product file name commons-validator High Product jar package name apache Highest Product jar package name commons Highest Product jar package name validator Highest Product Manifest bundle-docurl http://commons.apache.org/proper/commons-validator/ Low Product Manifest Bundle-Name Apache Commons Validator Medium Product Manifest bundle-symbolicname org.apache.commons.validator Medium Product Manifest implementation-build tags/VALIDATOR_1_6_RC1@r1783233; 2017-02-16 15:10:22+0000 Low Product Manifest Implementation-Title Apache Commons Validator High Product Manifest implementation-url http://commons.apache.org/proper/commons-validator/ Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product Manifest specification-title Apache Commons Validator Medium Product pom artifactid commons-validator Highest Product pom developer email craigmcc@apache.org Low Product pom developer email dgraham@apache.org Low Product pom developer email dwinterfeldt@apache.org Low Product pom developer email ggregory@apache.org Low Product pom developer email husted@apache.org Low Product pom developer email jmitchell NOSPAM apache.org Low Product pom developer email martinc@apache.org Low Product pom developer email mrdon@apache.org Low Product pom developer email rleland at apache.org Low Product pom developer email turner@apache.org Low Product pom developer id bayard Low Product pom developer id britter Low Product pom developer id bspeakmon Low Product pom developer id craigmcc Low Product pom developer id dgraham Low Product pom developer id dwinterfeldt Low Product pom developer id ggregory Low Product pom developer id husted Low Product pom developer id jmitchell Low Product pom developer id martinc Low Product pom developer id mrdon Low Product pom developer id niallp Low Product pom developer id nick Low Product pom developer id rleland Low Product pom developer id simonetripodi Low Product pom developer id turner Low Product pom developer name Ben Speakmon Low Product pom developer name Benedikt Ritter Low Product pom developer name Craig McClanahan Low Product pom developer name David Graham Low Product pom developer name David Winterfeldt Low Product pom developer name Don Brown Low Product pom developer name Gary Gregory Low Product pom developer name Henri Yandell Low Product pom developer name James Mitchell Low Product pom developer name James Turner Low Product pom developer name Martin Cooper Low Product pom developer name Niall Pemberton Low Product pom developer name Nick Burch Low Product pom developer name Rob Leland Low Product pom developer name SimoneTripodi Low Product pom developer name Ted Husted Low Product pom developer org EdgeTech, Inc Low Product pom groupid commons-validator Highest Product pom name Apache Commons Validator High Product pom parent-artifactid commons-parent Medium Product pom parent-groupid org.apache.commons Medium Product pom url http://commons.apache.org/proper/commons-validator/ Medium Version file version 1.6 High Version Manifest Implementation-Version 1.6 High Version pom parent-version 1.6 Low Version pom version 1.6 Highest
CVE-2021-37533 suppress
Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711. CWE-20 Improper Input Validation
CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions:
Description:
Apache Commons VFS is a Virtual File System library. License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/org/apache/commons/commons-vfs2/2.4.1/commons-vfs2-2.4.1.jar
MD5: 3689ad3e33c2455c033c7062f583c49f
SHA1: 2b041628c3cb436d8eee25f78603f04eb5e817a5
SHA256: 1d518e883bb4e9a791c2bb48c76ed7b8879708b312ed955854e50b831e23ed35
Referenced In Projects/Scopes: Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name commons-vfs2 High Vendor jar package name apache Highest Vendor jar package name commons Highest Vendor jar package name vfs Highest Vendor jar package name vfs2 Highest Vendor Manifest bundle-docurl http://commons.apache.org/proper/commons-vfs/ Low Vendor Manifest bundle-symbolicname org.apache.commons.vfs2 Medium Vendor Manifest implementation-build release@reabdee306d5b0a73859a0aa841a5c0ccfe8b337a; 2019-08-11 00:23:00+0000 Low Vendor Manifest implementation-url http://commons.apache.org/proper/commons-vfs/ Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-vfs2 Highest Vendor pom artifactid commons-vfs2 Low Vendor pom groupid org.apache.commons Highest Vendor pom name Apache Commons VFS High Vendor pom parent-artifactid commons-vfs2-project Low Vendor pom url http://commons.apache.org/proper/commons-vfs/ Highest Product file name commons-vfs2 High Product jar package name apache Highest Product jar package name commons Highest Product jar package name filter Highest Product jar package name vfs Highest Product jar package name vfs2 Highest Product Manifest bundle-docurl http://commons.apache.org/proper/commons-vfs/ Low Product Manifest Bundle-Name Apache Commons VFS Medium Product Manifest bundle-symbolicname org.apache.commons.vfs2 Medium Product Manifest implementation-build release@reabdee306d5b0a73859a0aa841a5c0ccfe8b337a; 2019-08-11 00:23:00+0000 Low Product Manifest Implementation-Title Apache Commons VFS High Product Manifest implementation-url http://commons.apache.org/proper/commons-vfs/ Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product Manifest specification-title Apache Commons VFS Medium Product pom artifactid commons-vfs2 Highest Product pom groupid org.apache.commons Highest Product pom name Apache Commons VFS High Product pom parent-artifactid commons-vfs2-project Medium Product pom url http://commons.apache.org/proper/commons-vfs/ Medium Version file version 2.4.1 High Version Manifest Bundle-Version 2.4.1 High Version Manifest Implementation-Version 2.4.1 High Version pom version 2.4.1 Highest
CVE-2021-37533 suppress
Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711. CWE-20 Improper Input Validation
CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions:
Description:
Java library for Content (Media) Type representation License:
The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/com/nimbusds/content-type/2.3/content-type-2.3.jar
MD5: f0fc0d6be73e838863e2197c03a27c3f
SHA1: e3aa0be212d7a42839a8f3f506f5b990bcce0222
SHA256: 60349793e006fba96b532cb0c21e10e969fe0db8d87f91c3b9eaf82ba2998895
Referenced In Projects/Scopes: Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name content-type High Vendor jar package name nimbusds Highest Vendor Manifest build-date ${timestamp} Low Vendor Manifest build-jdk-spec 11 Low Vendor Manifest build-number ${buildNumber} Low Vendor Manifest build-tag 2.3 Low Vendor Manifest bundle-docurl https://connect2id.com Low Vendor Manifest bundle-symbolicname com.nimbusds.content-type Medium Vendor Manifest implementation-url https://bitbucket.org/connect2id/nimbus-content-type Low Vendor Manifest Implementation-Vendor Connect2id Ltd. High Vendor Manifest Implementation-Vendor-Id com.nimbusds Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Vendor Manifest specification-vendor Connect2id Ltd. Low Vendor pom artifactid content-type Highest Vendor pom artifactid content-type Low Vendor pom developer email vladimir@dzhuvinov.com Low Vendor pom developer id vdzhuvinov Medium Vendor pom developer name Vladimir Dzhuvinov Medium Vendor pom groupid com.nimbusds Highest Vendor pom name Nimbus Content Type High Vendor pom organization name Connect2id Ltd. High Vendor pom organization url https://connect2id.com Medium Vendor pom url https://bitbucket.org/connect2id/nimbus-content-type Highest Product file name content-type High Product jar package name nimbusds Highest Product Manifest build-date ${timestamp} Low Product Manifest build-jdk-spec 11 Low Product Manifest build-number ${buildNumber} Low Product Manifest build-tag 2.3 Low Product Manifest bundle-docurl https://connect2id.com Low Product Manifest Bundle-Name Nimbus Content Type Medium Product Manifest bundle-symbolicname com.nimbusds.content-type Medium Product Manifest Implementation-Title Nimbus Content Type High Product Manifest implementation-url https://bitbucket.org/connect2id/nimbus-content-type Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Product Manifest specification-title Nimbus Content Type Medium Product pom artifactid content-type Highest Product pom developer email vladimir@dzhuvinov.com Low Product pom developer id vdzhuvinov Low Product pom developer name Vladimir Dzhuvinov Low Product pom groupid com.nimbusds Highest Product pom name Nimbus Content Type High Product pom organization name Connect2id Ltd. Low Product pom organization url https://connect2id.com Low Product pom url https://bitbucket.org/connect2id/nimbus-content-type Medium Version file version 2.3 High Version Manifest build-tag 2.3 Low Version Manifest Implementation-Version 2.3 High Version pom version 2.3 Highest
File Path: /home/grprdist/.m2/repository/net/redhogs/cronparser/cron-parser-core/3.4/cron-parser-core-3.4.jarMD5: 984e308161cecec9ca9ca7ab34257c1eSHA1: f4b72519661bd9879803b82ac19eab1269bbcdf9SHA256: caece60f6f9305eb0ff54b9558ef014a7c076bb9ecec609006983794c0ced2eeReferenced In Projects/Scopes:
Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name cron-parser-core High Vendor jar package name cronparser Highest Vendor jar package name cronparser Low Vendor jar package name net Highest Vendor jar package name net Low Vendor jar package name redhogs Highest Vendor jar package name redhogs Low Vendor pom artifactid cron-parser-core Highest Vendor pom artifactid cron-parser-core Low Vendor pom groupid net.redhogs.cronparser Highest Vendor pom name cron-parser-core High Vendor pom parent-artifactid cron-parser Low Product file name cron-parser-core High Product jar package name cronparser Highest Product jar package name cronparser Low Product jar package name net Highest Product jar package name redhogs Highest Product jar package name redhogs Low Product pom artifactid cron-parser-core Highest Product pom groupid net.redhogs.cronparser Highest Product pom name cron-parser-core High Product pom parent-artifactid cron-parser Medium Version file version 3.4 High Version pom version 3.4 Highest
Description:
OWASP CSRFGuard is a library that implements a variant of the synchronizer token pattern to mitigate the risk of Cross-Site Request Forgery (CSRF) attacks. File Path: /home/grprdist/.m2/repository/org/owasp/csrfguard/4.1.4/csrfguard-4.1.4.jarMD5: 7a8913a0d0cb554bb84ef0871716db3dSHA1: 8590d9f54d2179ff2af16f718e9f22abdeb6f317SHA256: 5de5e1df57b5c54a84b2c59adde4b51bf8b1735165feb5bec3cfb84f8b37b366Referenced In Project/Scope: Grouper UI:compile
Evidence Type Source Name Value Confidence Vendor file name csrfguard High Vendor jar package name csrfguard Highest Vendor jar package name owasp Highest Vendor jar package name token Highest Vendor Manifest build-jdk-spec 18 Low Vendor Manifest Implementation-Vendor OWASP High Vendor Manifest url https://owasp.org/www-project-csrfguard/csrfguard/ Low Vendor pom artifactid csrfguard Highest Vendor pom artifactid csrfguard Low Vendor pom groupid org.owasp Highest Vendor pom name OWASP CSRFGuard High Vendor pom parent-artifactid csrfguard-parent Low Product file name csrfguard High Product jar package name csrfguard Highest Product jar package name owasp Highest Product jar package name token Highest Product Manifest build-jdk-spec 18 Low Product Manifest Implementation-Title OWASP CSRFGuard High Product Manifest url https://owasp.org/www-project-csrfguard/csrfguard/ Low Product pom artifactid csrfguard Highest Product pom groupid org.owasp Highest Product pom name OWASP CSRFGuard High Product pom parent-artifactid csrfguard-parent Medium Version file version 4.1.4 High Version Manifest Implementation-Version 4.1.4 High Version pom version 4.1.4 Highest
CVE-2021-28490 (OSSINDEX)suppress
In OWASP CSRFGuard through 3.1.0, CSRF can occur because the CSRF cookie may be retrieved by using only a session token.
Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2021-28490 for details CWE-352 Cross-Site Request Forgery (CSRF)
CVSSv2:
Base Score: HIGH (8.8) Vector: /AV:N/AC:L/Au:/C:H/I:H/A:H References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.owasp:csrfguard:4.1.4:*:*:*:*:*:*:* File Path: /home/grprdist/.m2/repository/org/owasp/csrfguard/4.1.4/csrfguard-4.1.4.jar/META-INF/csrfguard.jsMD5: 0e05e024b3f928ae41163059e9280a15SHA1: b542548435de656da7eb06a730e44dcd4049b983SHA256: 258e9c1e8b113bb34f0494c2aab8fc5a0c7bd33de82cc63a8fb40ee10523893bReferenced In Project/Scope: Grouper UI:compile
Evidence Type Source Name Value Confidence
Description:
JSP Tag support File Path: /home/grprdist/.m2/repository/org/owasp/csrfguard-jsp-tags/4.1.4/csrfguard-jsp-tags-4.1.4.jarMD5: 74cf22e7e48742a8f238a665129be835SHA1: 7111cf78de80dcce8357b8db9cc908870c2873b7SHA256: 75d6a3c1d77ababd448b9ef9fc17e0d765315847bdf68c741e485232d3c65b1cReferenced In Project/Scope: Grouper UI:compile
Evidence Type Source Name Value Confidence Vendor file name csrfguard-jsp-tags High Vendor jar package name csrfguard Highest Vendor jar package name owasp Highest Vendor jar package name tag Highest Vendor Manifest build-jdk-spec 18 Low Vendor Manifest Implementation-Vendor OWASP High Vendor Manifest url https://owasp.org/www-project-csrfguard/csrfguard-extensions/csrfguard-jsp-tags/ Low Vendor pom artifactid csrfguard-jsp-tags Highest Vendor pom artifactid csrfguard-jsp-tags Low Vendor pom groupid org.owasp Highest Vendor pom name OWASP CSRFGuard JSP Tags extension High Vendor pom parent-artifactid csrfguard-extensions Low Product file name csrfguard-jsp-tags High Product jar package name csrfguard Highest Product jar package name owasp Highest Product jar package name tag Highest Product Manifest build-jdk-spec 18 Low Product Manifest Implementation-Title OWASP CSRFGuard JSP Tags extension High Product Manifest url https://owasp.org/www-project-csrfguard/csrfguard-extensions/csrfguard-jsp-tags/ Low Product pom artifactid csrfguard-jsp-tags Highest Product pom groupid org.owasp Highest Product pom name OWASP CSRFGuard JSP Tags extension High Product pom parent-artifactid csrfguard-extensions Medium Version file version 4.1.4 High Version Manifest Implementation-Version 4.1.4 High Version pom version 4.1.4 Highest
Related Dependencies csrfguard-extension-session-4.1.4.jarFile Path: /home/grprdist/.m2/repository/org/owasp/csrfguard-extension-session/4.1.4/csrfguard-extension-session-4.1.4.jar MD5: 9d50c25332c317272ec01ee4162fcffc SHA1: 7a8d9cdd27f68e31a642065e0746343018ee8fbd SHA256: b3ba19e22808a66ae8045337600e5d93049995a8f689f780cb8c88f7641a6a30 pkg:maven/org.owasp/csrfguard-extension-session@4.1.4 Description:
flexible XML framework for Java License:
Plexus: https://github.com/dom4j/dom4j/blob/master/LICENSE File Path: /home/grprdist/.m2/repository/org/dom4j/dom4j/2.1.4/dom4j-2.1.4.jar
MD5: 8246840e53db2781ca941e4d3f9ad715
SHA1: 35c16721b88cf17b8279fcb134c0abb161cc0e9b
SHA256: 235a9167a8a199be04b5326d92927ca0adeb90d11f69fe2e821b34ce8433b591
Referenced In Projects/Scopes: Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name dom4j High Vendor jar package name dom4j Highest Vendor Manifest automatic-module-name org.dom4j Medium Vendor pom artifactid dom4j Highest Vendor pom artifactid dom4j Low Vendor pom developer email filip@jirsak.org Low Vendor pom developer name Filip Jirsák Medium Vendor pom groupid org.dom4j Highest Vendor pom name dom4j High Vendor pom url http://dom4j.github.io/ Highest Product file name dom4j High Product jar package name dom4j Highest Product Manifest automatic-module-name org.dom4j Medium Product pom artifactid dom4j Highest Product pom developer email filip@jirsak.org Low Product pom developer name Filip Jirsák Low Product pom groupid org.dom4j Highest Product pom name dom4j High Product pom url http://dom4j.github.io/ Medium Version file version 2.1.4 High Version pom version 2.1.4 Highest
CVE-2023-45960 suppress
An issue in dom4.j org.dom4.io.SAXReader v.2.1.4 and before allows a remote attacker to obtain sensitive information via the setFeature function. NOTE: the vendor and original reporter indicate that this is not a vulnerability because setFeature only sets features, which "can be safe in one case and unsafe in another." CWE-91 XML Injection (aka Blind XPath Injection)
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions:
Description:
Internet2 Groups Management WS Core License:
Apache 2 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /var/grouper-docs/git/grouper/grouper-ws/grouper-ws/pom.xml
Referenced In Project/Scope: Grouper WS Test
Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid grouper-ws Low Vendor project groupid edu.internet2.middleware.grouper Highest Product file name pom High Product project artifactid grouper-ws Highest Product project groupid edu.internet2.middleware.grouper Low
Description:
Internet2 Groups Management Toolkit License:
Apache 2 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /var/grouper-docs/git/grouper/grouper/pom.xml
Referenced In Projects/Scopes: Grouper WS Test Grouper WS Grouper UI Grouper SCIM Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid grouper Low Vendor project groupid edu.internet2.middleware.grouper Highest Product file name pom High Product project artifactid grouper Highest Product project groupid edu.internet2.middleware.grouper Low
Description:
Client for Grouper LDAP and Web Services License:
Apache 2 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /var/grouper-docs/git/grouper/grouper-misc/grouperClient/pom.xml
Referenced In Projects/Scopes: Grouper WS Test Grouper WS Grouper API Grouper UI Grouper SCIM Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid grouperClient Low Vendor project groupid edu.internet2.middleware.grouper Highest Product file name pom High Product project artifactid grouperClient Highest Product project groupid edu.internet2.middleware.grouper Low
Description:
This is the ehcache core module. Pair it with other modules for added functionality. License:
The Apache Software License, Version 2.0: src/assemble/EHCACHE-CORE-LICENSE.txt File Path: /home/grprdist/.m2/repository/net/sf/ehcache/ehcache-core/2.6.10/ehcache-core-2.6.10.jar
MD5: 206e69dbe0f3454dceee5acf71b64823
SHA1: 8e567a024e27e11b961ca068c5c367f845e21a9b
SHA256: 53733a580faad03c8433a6a9f0067040f7ace569f4adeaf71f8aa46e1037e3c9
Referenced In Projects/Scopes: Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name ehcache-core High Vendor jar package name ehcache Highest Vendor jar package name net Highest Vendor jar package name sf Highest Vendor pom artifactid ehcache-core Highest Vendor pom artifactid ehcache-core Low Vendor pom groupid net.sf.ehcache Highest Vendor pom name Ehcache Core High Vendor pom parent-artifactid ehcache-parent Low Vendor pom url http://ehcache.org Highest Product file name ehcache-core High Product jar package name ehcache Highest Product jar package name net Highest Product jar package name sf Highest Product pom artifactid ehcache-core Highest Product pom groupid net.sf.ehcache Highest Product pom name Ehcache Core High Product pom parent-artifactid ehcache-parent Medium Product pom url http://ehcache.org Medium Version file version 2.6.10 High Version pom parent-version 2.6.10 Low Version pom version 2.6.10 Highest
File Path: /home/grprdist/.m2/repository/net/sf/ehcache/ehcache-core/2.6.10/ehcache-core-2.6.10.jar/net/sf/ehcache/pool/sizeof/sizeof-agent.jarMD5: 5ad919b3ac0516897bdca079c9a222a8SHA1: e86399a80ae6a6c7a563717eaa0ce9ba4708571cSHA256: 3bcd560ca5f05248db9b689244b043e9c7549e3791281631a64e5dfff15870d2Referenced In Projects/Scopes:
Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name sizeof-agent High Vendor jar package name ehcache Highest Vendor jar package name net Highest Vendor jar package name sf Highest Vendor Manifest hudson-build-number 6 Low Vendor Manifest hudson-project sizeof-agent_sizeof-agent-1.0.1_publisher Low Vendor Manifest jenkins-build-number 6 Low Vendor Manifest jenkins-project sizeof-agent_sizeof-agent-1.0.1_publisher Low Vendor pom artifactid sizeof-agent Low Vendor pom groupid net.sf.ehcache Highest Vendor pom name Ehcache Size-Of Agent High Vendor pom parent-artifactid ehcache-parent Low Vendor pom url http://www.ehcache.org Highest Product file name sizeof-agent High Product jar package name ehcache Highest Product jar package name net Highest Product jar package name sf Highest Product Manifest hudson-build-number 6 Low Product Manifest hudson-project sizeof-agent_sizeof-agent-1.0.1_publisher Low Product Manifest jenkins-build-number 6 Low Product Manifest jenkins-project sizeof-agent_sizeof-agent-1.0.1_publisher Low Product pom artifactid sizeof-agent Highest Product pom groupid net.sf.ehcache Highest Product pom name Ehcache Size-Of Agent High Product pom parent-artifactid ehcache-parent Medium Product pom url http://www.ehcache.org Medium Version pom parent-version 1.0.1 Low Version pom version 1.0.1 Highest
Description:
Simple java library for transforming an Object to another Object.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/net/sf/ezmorph/ezmorph/1.0.6/ezmorph-1.0.6.jar
MD5: 1fa113c6aacf3a01af1449df77acd474
SHA1: 01e55d2a0253ea37745d33062852fd2c90027432
SHA256: 2be06a2380f8656426b5c610db694bbd75314caf3e9191affcd7942721398ed7
Referenced In Projects/Scopes: Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name ezmorph High Vendor jar package name ezmorph Highest Vendor jar package name ezmorph Low Vendor jar package name net Highest Vendor jar package name net Low Vendor jar package name object Highest Vendor jar package name sf Highest Vendor jar package name sf Low Vendor pom artifactid ezmorph Highest Vendor pom artifactid ezmorph Low Vendor pom developer email aalmiray@users.sourceforge.net Low Vendor pom developer id aalmiray Medium Vendor pom developer name Andres Almiray Medium Vendor pom groupid net.sf.ezmorph Highest Vendor pom name ezmorph High Vendor pom url http://ezmorph.sourceforge.net Highest Product file name ezmorph High Product jar package name ezmorph Highest Product jar package name ezmorph Low Product jar package name net Highest Product jar package name object Highest Product jar package name sf Highest Product jar package name sf Low Product pom artifactid ezmorph Highest Product pom developer email aalmiray@users.sourceforge.net Low Product pom developer id aalmiray Low Product pom developer name Andres Almiray Low Product pom groupid net.sf.ezmorph Highest Product pom name ezmorph High Product pom url http://ezmorph.sourceforge.net Medium Version file version 1.0.6 High Version pom version 1.0.6 Highest
Description:
Provides open-source implementations of Sun specifications. License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/org/apache/geronimo/specs/geronimo-activation_1.1_spec/1.0.2/geronimo-activation_1.1_spec-1.0.2.jar
MD5: 9759ed85c6e767bf3dc00c4cf635c4e2
SHA1: 3efc3aadfaf8878060167e492c03fdafb905ae01
SHA256: eead654df3a0e1405314eb0578e32c53267872dfbb1250b2fd6f3a9629c57fa4
Referenced In Project/Scope: Grouper SCIM:compile
Evidence Type Source Name Value Confidence Vendor file name geronimo-activation_1.1_spec-1.0.2 High Vendor jar package name activation Highest Vendor Manifest bundle-docurl http://www.apache.org Low Vendor Manifest bundle-symbolicname org.apache.geronimo.specs.geronimo-activation_1.1_spec Medium Vendor pom artifactid geronimo-activation_1.1_spec Highest Vendor pom artifactid geronimo-activation_1.1_spec Low Vendor pom groupid org.apache.geronimo.specs Highest Vendor pom name Activation 1.1 High Vendor pom parent-artifactid specs Low Product file name geronimo-activation_1.1_spec-1.0.2 High Product jar package name activation Highest Product Manifest bundle-docurl http://www.apache.org Low Product Manifest Bundle-Name geronimo-activation_1.1_spec Medium Product Manifest bundle-symbolicname org.apache.geronimo.specs.geronimo-activation_1.1_spec Medium Product Manifest Implementation-Title Apache Geronimo High Product pom artifactid geronimo-activation_1.1_spec Highest Product pom groupid org.apache.geronimo.specs Highest Product pom name Activation 1.1 High Product pom parent-artifactid specs Medium Version Manifest Bundle-Version 1.0.2 High Version Manifest Implementation-Version 1.0.2 High Version pom parent-version 1.0.2 Low Version pom version 1.0.2 Highest
Description:
Annotation spec 1.1 API License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/org/apache/geronimo/specs/geronimo-annotation_1.1_spec/1.0/geronimo-annotation_1.1_spec-1.0.jar
MD5: 49744ebcc93e58a1dec259997b8bf686
SHA1: 145b78b5d1dc9021594cccbd9482b51fe412a8a4
SHA256: 6d2d296d01540201bca6e7175bf900f6df0be605e29bdaf822df516f40235ff9
Referenced In Project/Scope: Grouper SCIM:compile
Evidence Type Source Name Value Confidence Vendor file name geronimo-annotation_1.1_spec-1.0 High Vendor jar package name annotation Highest Vendor Manifest bundle-docurl http://geronimo.apache.org/maven/specs/geronimo-annotation_1.1_spec/1.0 Low Vendor Manifest bundle-symbolicname org.apache.geronimo.specs.geronimo-annotation_1.1_spec;singleton=true Medium Vendor Manifest specification-vendor Sun Microsystems, Inc. Low Vendor pom artifactid geronimo-annotation_1.1_spec Highest Vendor pom artifactid geronimo-annotation_1.1_spec Low Vendor pom groupid org.apache.geronimo.specs Highest Vendor pom name Annotation 1.1 High Vendor pom parent-artifactid genesis-java5-flava Low Vendor pom parent-groupid org.apache.geronimo.genesis Medium Vendor pom url http://geronimo.apache.org/maven/${siteId}/${version} Highest Vendor pom url http://geronimo.apache.org/maven/${siteId}/1.0 Highest Product file name geronimo-annotation_1.1_spec-1.0 High Product jar package name annotation Highest Product Manifest bundle-docurl http://geronimo.apache.org/maven/specs/geronimo-annotation_1.1_spec/1.0 Low Product Manifest Bundle-Name Annotation 1.1 Medium Product Manifest bundle-symbolicname org.apache.geronimo.specs.geronimo-annotation_1.1_spec;singleton=true Medium Product Manifest Implementation-Title Annotation 1.1 High Product Manifest specification-title JSR-250 Common Annotations 1.1 Medium Product pom artifactid geronimo-annotation_1.1_spec Highest Product pom groupid org.apache.geronimo.specs Highest Product pom name Annotation 1.1 High Product pom parent-artifactid genesis-java5-flava Medium Product pom parent-groupid org.apache.geronimo.genesis Medium Product pom url http://geronimo.apache.org/maven/${siteId}/${version} Medium Product pom url http://geronimo.apache.org/maven/${siteId}/1.0 Medium Version Manifest Bundle-Version 1.0 High Version Manifest Implementation-Version 1.0 High Version pom parent-version 1.0 Low Version pom version 1.0 Highest
Description:
Javamail 1.4 Specification License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/org/apache/geronimo/specs/geronimo-javamail_1.4_spec/1.6/geronimo-javamail_1.4_spec-1.6.jar
MD5: 2bcb3208c8e0c8e9713d8222abb33788
SHA1: 815bcb854f72622fa00d5d119175ed252127af4f
SHA256: b30feea0591af150709d4c57c2885ccf382bff100891f6b35605d50a851a2238
Referenced In Project/Scope: Grouper SCIM:compile
Evidence Type Source Name Value Confidence Vendor file name geronimo-javamail_1.4_spec-1.6 High Vendor jar package name apache Highest Vendor jar package name geronimo Highest Vendor Manifest bundle-docurl http://www.apache.org Low Vendor Manifest bundle-symbolicname org.apache.geronimo.specs.geronimo-javamail_1.4_spec Medium Vendor pom artifactid geronimo-javamail_1.4_spec Highest Vendor pom artifactid geronimo-javamail_1.4_spec Low Vendor pom groupid org.apache.geronimo.specs Highest Vendor pom name JavaMail 1.4 High Vendor pom parent-artifactid specs-parent Low Vendor pom url http://geronimo.apache.org/maven/${siteId}/${version} Highest Vendor pom url http://geronimo.apache.org/maven/${siteId}/1.6 Highest Product file name geronimo-javamail_1.4_spec-1.6 High Product jar package name apache Highest Product jar package name geronimo Highest Product Manifest bundle-docurl http://www.apache.org Low Product Manifest Bundle-Name geronimo-javamail_1.4_spec Medium Product Manifest bundle-symbolicname org.apache.geronimo.specs.geronimo-javamail_1.4_spec Medium Product Manifest Implementation-Title Apache Geronimo High Product pom artifactid geronimo-javamail_1.4_spec Highest Product pom groupid org.apache.geronimo.specs Highest Product pom name JavaMail 1.4 High Product pom parent-artifactid specs-parent Medium Product pom url http://geronimo.apache.org/maven/${siteId}/${version} Medium Product pom url http://geronimo.apache.org/maven/${siteId}/1.6 Medium Version Manifest Bundle-Version 1.6 High Version Manifest Implementation-Version 1.6 High Version pom version 1.6 Highest
Description:
Java API for RESTful Web Services 1.1 License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/org/apache/geronimo/specs/geronimo-jaxrs_1.1_spec/1.0/geronimo-jaxrs_1.1_spec-1.0.jar
MD5: 33ad0e4d15950960c57a50e01f68d382
SHA1: 6f4c71cbff6a7725e393a74b9e3680d2685ddac7
SHA256: 21051161452bff4b076e2fc148add1bb398c3f2e44649c440d80025ef4d861a9
Referenced In Project/Scope: Grouper SCIM:compile
Evidence Type Source Name Value Confidence Vendor file name geronimo-jaxrs_1.1_spec-1.0 High Vendor jar package name apache Highest Vendor jar package name geronimo Highest Vendor jar package name rs Highest Vendor Manifest bundle-docurl http://geronimo.apache.org/maven/specs/geronimo-jaxrs_1.1_spec/1.0 Low Vendor Manifest bundle-symbolicname org.apache.geronimo.specs.geronimo-jaxrs_1.1_spec;singleton=true Medium Vendor Manifest specification-vendor Sun Microsystems, Inc. Low Vendor pom artifactid geronimo-jaxrs_1.1_spec Highest Vendor pom artifactid geronimo-jaxrs_1.1_spec Low Vendor pom groupid org.apache.geronimo.specs Highest Vendor pom name Apache Geronimo JAX-RS 1.1 API High Vendor pom parent-artifactid genesis-java5-flava Low Vendor pom parent-groupid org.apache.geronimo.genesis Medium Vendor pom url http://geronimo.apache.org/maven/${siteId}/${version} Highest Vendor pom url http://geronimo.apache.org/maven/${siteId}/1.0 Highest Product file name geronimo-jaxrs_1.1_spec-1.0 High Product jar package name apache Highest Product jar package name geronimo Highest Product jar package name rs Highest Product Manifest bundle-docurl http://geronimo.apache.org/maven/specs/geronimo-jaxrs_1.1_spec/1.0 Low Product Manifest Bundle-Name Apache Geronimo JAX-RS 1.1 API Medium Product Manifest bundle-symbolicname org.apache.geronimo.specs.geronimo-jaxrs_1.1_spec;singleton=true Medium Product Manifest Implementation-Title Apache Geronimo JAX-RS 1.1 API High Product Manifest specification-title JSR-311 Java RESTful Web Services 1.1 Medium Product pom artifactid geronimo-jaxrs_1.1_spec Highest Product pom groupid org.apache.geronimo.specs Highest Product pom name Apache Geronimo JAX-RS 1.1 API High Product pom parent-artifactid genesis-java5-flava Medium Product pom parent-groupid org.apache.geronimo.genesis Medium Product pom url http://geronimo.apache.org/maven/${siteId}/${version} Medium Product pom url http://geronimo.apache.org/maven/${siteId}/1.0 Medium Version Manifest Bundle-Version 1.0 High Version Manifest Implementation-Version 1.0 High Version pom parent-version 1.0 Low Version pom version 1.0 Highest
File Path: /home/grprdist/.m2/repository/org/apache/geronimo/specs/geronimo-jms_1.1_spec/1.1/geronimo-jms_1.1_spec-1.1.jarMD5: 10e163bdd905d1c16d7e1c48427b5853SHA1: bbd68f90d445de37050b1e9fb9d7114e83757e73SHA256: 0fe8cfc0154855316054162a9b355f66a43d7e65fc71886e6d12c37d3aa5a5fcReferenced In Projects/Scopes:
Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name geronimo-jms_1.1_spec-1.1 High Vendor jar package name javax Low Vendor jar package name jms Highest Vendor jar package name jms Low Vendor pom artifactid geronimo-jms_1.1_spec Highest Vendor pom artifactid geronimo-jms_1.1_spec Low Vendor pom groupid org.apache.geronimo.specs Highest Vendor pom name JMS 1.1 High Vendor pom parent-artifactid specs Low Product file name geronimo-jms_1.1_spec-1.1 High Product jar package name jms Highest Product jar package name jms Low Product pom artifactid geronimo-jms_1.1_spec Highest Product pom groupid org.apache.geronimo.specs Highest Product pom name JMS 1.1 High Product pom parent-artifactid specs Medium Version pom parent-version 1.1 Low Version pom version 1.1 Highest
Description:
Java Message Service 2.0 API License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/org/apache/geronimo/specs/geronimo-jms_2.0_spec/1.0-alpha-2/geronimo-jms_2.0_spec-1.0-alpha-2.jar
MD5: bd94cfcc9f711642d280681330b14844
SHA1: 8d8a4d5a80138ba4ebc7b5509989e3d7013c7e74
SHA256: 62a109edef3de718b0cb600bf040b4be5e32c683a57ee16f9f8a89537bf5da51
Referenced In Projects/Scopes: Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name geronimo-jms_2.0_spec-1.0-alpha-2 High Vendor jar package name jms Highest Vendor jar package name message Highest Vendor Manifest bundle-docurl http://geronimo.apache.org/maven/specs/geronimo-jms_2.0_spec/1.0-alpha-2 Low Vendor Manifest bundle-symbolicname org.apache.geronimo.specs.geronimo-jms_2.0_spec Medium Vendor pom artifactid geronimo-jms_2.0_spec Highest Vendor pom artifactid geronimo-jms_2.0_spec Low Vendor pom groupid org.apache.geronimo.specs Highest Vendor pom name Apache Geronimo JMS Spec 2.0 High Vendor pom parent-artifactid genesis-java6-flava Low Vendor pom parent-groupid org.apache.geronimo.genesis Medium Vendor pom url http://geronimo.apache.org/maven/${siteId}/${version} Highest Vendor pom url http://geronimo.apache.org/maven/${siteId}/1.0-alpha-2 Highest Product file name geronimo-jms_2.0_spec-1.0-alpha-2 High Product jar package name jms Highest Product jar package name message Highest Product Manifest bundle-docurl http://geronimo.apache.org/maven/specs/geronimo-jms_2.0_spec/1.0-alpha-2 Low Product Manifest Bundle-Name Apache Geronimo JMS Spec 2.0 Medium Product Manifest bundle-symbolicname org.apache.geronimo.specs.geronimo-jms_2.0_spec Medium Product Manifest Implementation-Title Apache Geronimo JMS Spec 2.0 High Product pom artifactid geronimo-jms_2.0_spec Highest Product pom groupid org.apache.geronimo.specs Highest Product pom name Apache Geronimo JMS Spec 2.0 High Product pom parent-artifactid genesis-java6-flava Medium Product pom parent-groupid org.apache.geronimo.genesis Medium Product pom url http://geronimo.apache.org/maven/${siteId}/${version} Medium Product pom url http://geronimo.apache.org/maven/${siteId}/1.0-alpha-2 Medium Version Manifest Implementation-Version 1.0-alpha-2 High Version pom parent-version 1.0-alpha-2 Low Version pom version 1.0-alpha-2 Highest
Description:
Provides open-source implementations of Sun specifications. License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/org/apache/geronimo/specs/geronimo-stax-api_1.0_spec/1.0.1/geronimo-stax-api_1.0_spec-1.0.1.jar
MD5: b7c2a715cd3d1c43dc4ccfae426e8e2e
SHA1: 1c171093a8b43aa550c6050ac441abe713ebb4f2
SHA256: 124235815fba376b0c20ed37f79d691fa26b4e00297a4ab27b6ca05ceb591348
Referenced In Project/Scope: Grouper SCIM:compile
Evidence Type Source Name Value Confidence Vendor file name geronimo-stax-api_1.0_spec-1.0.1 High Vendor jar package name xml Highest Vendor Manifest bundle-docurl http://www.apache.org Low Vendor Manifest bundle-symbolicname org.apache.geronimo.specs.geronimo-stax-api_1.0_spec Medium Vendor pom artifactid geronimo-stax-api_1.0_spec Highest Vendor pom artifactid geronimo-stax-api_1.0_spec Low Vendor pom groupid org.apache.geronimo.specs Highest Vendor pom name Streaming API for XML (STAX API 1.0) High Vendor pom parent-artifactid specs Low Product file name geronimo-stax-api_1.0_spec-1.0.1 High Product jar package name xml Highest Product Manifest bundle-docurl http://www.apache.org Low Product Manifest Bundle-Name geronimo-stax-api_1.0_spec Medium Product Manifest bundle-symbolicname org.apache.geronimo.specs.geronimo-stax-api_1.0_spec Medium Product Manifest Implementation-Title Apache Geronimo High Product pom artifactid geronimo-stax-api_1.0_spec Highest Product pom groupid org.apache.geronimo.specs Highest Product pom name Streaming API for XML (STAX API 1.0) High Product pom parent-artifactid specs Medium Version Manifest Bundle-Version 1.0.1 High Version Manifest Implementation-Version 1.0.1 High Version pom parent-version 1.0.1 Low Version pom version 1.0.1 Highest
Description:
Groovy: A powerful, dynamic language for the JVM License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/org/codehaus/groovy/groovy/2.5.18/groovy-2.5.18.jar
MD5: f3de969ce974116e3e262c591dfc8ef2
SHA1: 798c6b66235338deeab9ecffa8942c67a0357abe
SHA256: ce352918c7fc06c700bc7f13cbd00226042bc146a899eb52ff5b522a092a309c
Referenced In Projects/Scopes: Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name groovy High Vendor jar package name apache Highest Vendor jar package name codehaus Highest Vendor jar package name groovy Highest Vendor Manifest automatic-module-name org.codehaus.groovy Medium Vendor Manifest bundle-symbolicname groovy Medium Vendor Manifest eclipse-buddypolicy dependent Low Vendor Manifest eclipse-extensibleapi true Low Vendor Manifest extension-name groovy Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid groovy Highest Vendor pom artifactid groovy Low Vendor pom developer email aalmiray@users.sourceforge.net Low Vendor pom developer email b55r@sina.com Low Vendor pom developer email blackdrag@gmx.org Low Vendor pom developer email bob@werken.com Low Vendor pom developer email cedric.champeau@gmail.com Low Vendor pom developer email ckl@dacelo.nl Low Vendor pom developer email cpoirier@dreaming.org Low Vendor pom developer email goetze@dovetail.com Low Vendor pom developer email guillaume.alleon@gmail.com Low Vendor pom developer email hamletdrc@gmail.com Low Vendor pom developer email james@coredevelopers.com Low Vendor pom developer email jason@planet57.com Low Vendor pom developer email jeremy.rayner@gmail.com Low Vendor pom developer email jim@pagesmiths.com Low Vendor pom developer email johnstump2@yahoo.com Low Vendor pom developer email mguillemot@yahoo.fr Low Vendor pom developer email paulk@asert.com.au Low Vendor pom developer email phkim@cluecom.co.kr Low Vendor pom developer email pniederw@gmail.com Low Vendor pom developer email russel@winder.org.uk Low Vendor pom developer email sam@sampullara.com Low Vendor pom developer email sormuras@gmx.de Low Vendor pom developer email tug@wilson.co.uk Low Vendor pom developer id aalmiray Medium Vendor pom developer id alextkachman Medium Vendor pom developer id andresteingress Medium Vendor pom developer id blackdrag Medium Vendor pom developer id bob Medium Vendor pom developer id bran Medium Vendor pom developer id ckl Medium Vendor pom developer id cpoirier Medium Vendor pom developer id cstein Medium Vendor pom developer id emilles Medium Vendor pom developer id galleon Medium Vendor pom developer id glaforge Medium Vendor pom developer id goetze Medium Vendor pom developer id grocher Medium Vendor pom developer id hamletdrc Medium Vendor pom developer id jamiemc Medium Vendor pom developer id jez Medium Vendor pom developer id jimwhite Medium Vendor pom developer id joe Medium Vendor pom developer id jstrachan Medium Vendor pom developer id jstump Medium Vendor pom developer id jwill Medium Vendor pom developer id jwilson Medium Vendor pom developer id kasper Medium Vendor pom developer id mattf Medium Vendor pom developer id melix Medium Vendor pom developer id mguillem Medium Vendor pom developer id mittie Medium Vendor pom developer id pascalschumacher Medium Vendor pom developer id paulk Medium Vendor pom developer id phk Medium Vendor pom developer id pniederw Medium Vendor pom developer id roshandawrani Medium Vendor pom developer id rpopma Medium Vendor pom developer id russel Medium Vendor pom developer id shemnon Medium Vendor pom developer id skizz Medium Vendor pom developer id spullara Medium Vendor pom developer id sunlan Medium Vendor pom developer id timyates Medium Vendor pom developer id travis Medium Vendor pom developer id user57 Medium Vendor pom developer id zohar Medium Vendor pom developer name Alex Tkachman Medium Vendor pom developer name Andre Steingress Medium Vendor pom developer name Andres Almiray Medium Vendor pom developer name Bing Ran Medium Vendor pom developer name bob mcwhirter Medium Vendor pom developer name Cedric Champeau Medium Vendor pom developer name Chris Poirier Medium Vendor pom developer name Chris Stevenson Medium Vendor pom developer name Christiaan ten Klooster Medium Vendor pom developer name Christian Stein Medium Vendor pom developer name Daniel Sun Medium Vendor pom developer name Danno Ferrin Medium Vendor pom developer name Dierk Koenig Medium Vendor pom developer name Eric Milles Medium Vendor pom developer name Graeme Rocher Medium Vendor pom developer name Guillaume Alleon Medium Vendor pom developer name Guillaume Laforge Medium Vendor pom developer name Hamlet D'Arcy Medium Vendor pom developer name James Strachan Medium Vendor pom developer name James Williams Medium Vendor pom developer name Jamie McCrindle Medium Vendor pom developer name Jason Dillon Medium Vendor pom developer name Jeremy Rayner Medium Vendor pom developer name Jim White Medium Vendor pom developer name Jochen Theodorou Medium Vendor pom developer name Joe Walnes Medium Vendor pom developer name John Stump Medium Vendor pom developer name John Wilson Medium Vendor pom developer name Kasper Nielsen Medium Vendor pom developer name Marc Guillemot Medium Vendor pom developer name Matt Foemmel Medium Vendor pom developer name Pascal Schumacher Medium Vendor pom developer name Paul King Medium Vendor pom developer name Peter Niederwieser Medium Vendor pom developer name Pilho Kim Medium Vendor pom developer name Remko Popma Medium Vendor pom developer name Roshan Dawrani Medium Vendor pom developer name Russel Winder Medium Vendor pom developer name Sam Pullara Medium Vendor pom developer name Steve Goetze Medium Vendor pom developer name Tim Yates Medium Vendor pom developer name Travis Kay Medium Vendor pom developer name Zohar Melamed Medium Vendor pom developer org Concertant LLP & It'z Interactive Ltd Medium Vendor pom developer org Core Developers Network Medium Vendor pom developer org CTSR.de Medium Vendor pom developer org Dacelo WebDevelopment Medium Vendor pom developer org Dovetailed Technologies, LLC Medium Vendor pom developer org Google Medium Vendor pom developer org IFCX.org Medium Vendor pom developer org javanicus Medium Vendor pom developer org Karakun AG Medium Vendor pom developer org Leadingcare Medium Vendor pom developer org OCI, Australia Medium Vendor pom developer org The Werken Company Medium Vendor pom developer org The Wilson Partnership Medium Vendor pom developer org Thomson Reuters Medium Vendor pom developer org ThoughtWorks Medium Vendor pom developer org Three Medium Vendor pom groupid org.codehaus.groovy Highest Vendor pom name Apache Groovy High Vendor pom organization name Apache Software Foundation High Vendor pom organization url https://apache.org Medium Vendor pom url https://groovy-lang.org Highest Product file name groovy High Product jar package name apache Highest Product jar package name codehaus Highest Product jar package name groovy Highest Product jar package name runtime Highest Product jar package name version Highest Product Manifest automatic-module-name org.codehaus.groovy Medium Product Manifest Bundle-Name Groovy Runtime Medium Product Manifest bundle-symbolicname groovy Medium Product Manifest eclipse-buddypolicy dependent Low Product Manifest eclipse-extensibleapi true Low Product Manifest extension-name groovy Medium Product Manifest Implementation-Title Groovy: a powerful, dynamic language for the JVM High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Product Manifest specification-title Groovy: a powerful, dynamic language for the JVM Medium Product pom artifactid groovy Highest Product pom developer email aalmiray@users.sourceforge.net Low Product pom developer email b55r@sina.com Low Product pom developer email blackdrag@gmx.org Low Product pom developer email bob@werken.com Low Product pom developer email cedric.champeau@gmail.com Low Product pom developer email ckl@dacelo.nl Low Product pom developer email cpoirier@dreaming.org Low Product pom developer email goetze@dovetail.com Low Product pom developer email guillaume.alleon@gmail.com Low Product pom developer email hamletdrc@gmail.com Low Product pom developer email james@coredevelopers.com Low Product pom developer email jason@planet57.com Low Product pom developer email jeremy.rayner@gmail.com Low Product pom developer email jim@pagesmiths.com Low Product pom developer email johnstump2@yahoo.com Low Product pom developer email mguillemot@yahoo.fr Low Product pom developer email paulk@asert.com.au Low Product pom developer email phkim@cluecom.co.kr Low Product pom developer email pniederw@gmail.com Low Product pom developer email russel@winder.org.uk Low Product pom developer email sam@sampullara.com Low Product pom developer email sormuras@gmx.de Low Product pom developer email tug@wilson.co.uk Low Product pom developer id aalmiray Low Product pom developer id alextkachman Low Product pom developer id andresteingress Low Product pom developer id blackdrag Low Product pom developer id bob Low Product pom developer id bran Low Product pom developer id ckl Low Product pom developer id cpoirier Low Product pom developer id cstein Low Product pom developer id emilles Low Product pom developer id galleon Low Product pom developer id glaforge Low Product pom developer id goetze Low Product pom developer id grocher Low Product pom developer id hamletdrc Low Product pom developer id jamiemc Low Product pom developer id jez Low Product pom developer id jimwhite Low Product pom developer id joe Low Product pom developer id jstrachan Low Product pom developer id jstump Low Product pom developer id jwill Low Product pom developer id jwilson Low Product pom developer id kasper Low Product pom developer id mattf Low Product pom developer id melix Low Product pom developer id mguillem Low Product pom developer id mittie Low Product pom developer id pascalschumacher Low Product pom developer id paulk Low Product pom developer id phk Low Product pom developer id pniederw Low Product pom developer id roshandawrani Low Product pom developer id rpopma Low Product pom developer id russel Low Product pom developer id shemnon Low Product pom developer id skizz Low Product pom developer id spullara Low Product pom developer id sunlan Low Product pom developer id timyates Low Product pom developer id travis Low Product pom developer id user57 Low Product pom developer id zohar Low Product pom developer name Alex Tkachman Low Product pom developer name Andre Steingress Low Product pom developer name Andres Almiray Low Product pom developer name Bing Ran Low Product pom developer name bob mcwhirter Low Product pom developer name Cedric Champeau Low Product pom developer name Chris Poirier Low Product pom developer name Chris Stevenson Low Product pom developer name Christiaan ten Klooster Low Product pom developer name Christian Stein Low Product pom developer name Daniel Sun Low Product pom developer name Danno Ferrin Low Product pom developer name Dierk Koenig Low Product pom developer name Eric Milles Low Product pom developer name Graeme Rocher Low Product pom developer name Guillaume Alleon Low Product pom developer name Guillaume Laforge Low Product pom developer name Hamlet D'Arcy Low Product pom developer name James Strachan Low Product pom developer name James Williams Low Product pom developer name Jamie McCrindle Low Product pom developer name Jason Dillon Low Product pom developer name Jeremy Rayner Low Product pom developer name Jim White Low Product pom developer name Jochen Theodorou Low Product pom developer name Joe Walnes Low Product pom developer name John Stump Low Product pom developer name John Wilson Low Product pom developer name Kasper Nielsen Low Product pom developer name Marc Guillemot Low Product pom developer name Matt Foemmel Low Product pom developer name Pascal Schumacher Low Product pom developer name Paul King Low Product pom developer name Peter Niederwieser Low Product pom developer name Pilho Kim Low Product pom developer name Remko Popma Low Product pom developer name Roshan Dawrani Low Product pom developer name Russel Winder Low Product pom developer name Sam Pullara Low Product pom developer name Steve Goetze Low Product pom developer name Tim Yates Low Product pom developer name Travis Kay Low Product pom developer name Zohar Melamed Low Product pom developer org Concertant LLP & It'z Interactive Ltd Low Product pom developer org Core Developers Network Low Product pom developer org CTSR.de Low Product pom developer org Dacelo WebDevelopment Low Product pom developer org Dovetailed Technologies, LLC Low Product pom developer org Google Low Product pom developer org IFCX.org Low Product pom developer org javanicus Low Product pom developer org Karakun AG Low Product pom developer org Leadingcare Low Product pom developer org OCI, Australia Low Product pom developer org The Werken Company Low Product pom developer org The Wilson Partnership Low Product pom developer org Thomson Reuters Low Product pom developer org ThoughtWorks Low Product pom developer org Three Low Product pom groupid org.codehaus.groovy Highest Product pom name Apache Groovy High Product pom organization name Apache Software Foundation Low Product pom organization url https://apache.org Low Product pom url https://groovy-lang.org Medium Version file version 2.5.18 High Version Manifest Bundle-Version 2.5.18 High Version Manifest Implementation-Version 2.5.18 High Version pom version 2.5.18 Highest
Description:
Groovy: A powerful, dynamic language for the JVM License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/org/codehaus/groovy/groovy-xml/2.5.18/groovy-xml-2.5.18.jar
MD5: f6c37df32d9c4837944d07f775f5d51e
SHA1: 42e42df001f431da9ca965495d56cdaad93a2f0b
SHA256: a474f0f15088281be9e94639be4c1aa873d40fdb8e540220f17c071ae1490673
Referenced In Projects/Scopes: Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name groovy-xml High Vendor jar package name codehaus Highest Vendor jar package name groovy Highest Vendor jar package name xml Highest Vendor Manifest automatic-module-name org.codehaus.groovy.xml Medium Vendor Manifest bundle-symbolicname groovy-xml Medium Vendor Manifest eclipse-buddypolicy dependent Low Vendor Manifest fragment-host groovy Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid groovy-xml Highest Vendor pom artifactid groovy-xml Low Vendor pom developer email aalmiray@users.sourceforge.net Low Vendor pom developer email b55r@sina.com Low Vendor pom developer email blackdrag@gmx.org Low Vendor pom developer email bob@werken.com Low Vendor pom developer email cedric.champeau@gmail.com Low Vendor pom developer email ckl@dacelo.nl Low Vendor pom developer email cpoirier@dreaming.org Low Vendor pom developer email goetze@dovetail.com Low Vendor pom developer email guillaume.alleon@gmail.com Low Vendor pom developer email hamletdrc@gmail.com Low Vendor pom developer email james@coredevelopers.com Low Vendor pom developer email jason@planet57.com Low Vendor pom developer email jeremy.rayner@gmail.com Low Vendor pom developer email jim@pagesmiths.com Low Vendor pom developer email johnstump2@yahoo.com Low Vendor pom developer email mguillemot@yahoo.fr Low Vendor pom developer email paulk@asert.com.au Low Vendor pom developer email phkim@cluecom.co.kr Low Vendor pom developer email pniederw@gmail.com Low Vendor pom developer email russel@winder.org.uk Low Vendor pom developer email sam@sampullara.com Low Vendor pom developer email sormuras@gmx.de Low Vendor pom developer email tug@wilson.co.uk Low Vendor pom developer id aalmiray Medium Vendor pom developer id alextkachman Medium Vendor pom developer id andresteingress Medium Vendor pom developer id blackdrag Medium Vendor pom developer id bob Medium Vendor pom developer id bran Medium Vendor pom developer id ckl Medium Vendor pom developer id cpoirier Medium Vendor pom developer id cstein Medium Vendor pom developer id emilles Medium Vendor pom developer id galleon Medium Vendor pom developer id glaforge Medium Vendor pom developer id goetze Medium Vendor pom developer id grocher Medium Vendor pom developer id hamletdrc Medium Vendor pom developer id jamiemc Medium Vendor pom developer id jez Medium Vendor pom developer id jimwhite Medium Vendor pom developer id joe Medium Vendor pom developer id jstrachan Medium Vendor pom developer id jstump Medium Vendor pom developer id jwill Medium Vendor pom developer id jwilson Medium Vendor pom developer id kasper Medium Vendor pom developer id mattf Medium Vendor pom developer id melix Medium Vendor pom developer id mguillem Medium Vendor pom developer id mittie Medium Vendor pom developer id pascalschumacher Medium Vendor pom developer id paulk Medium Vendor pom developer id phk Medium Vendor pom developer id pniederw Medium Vendor pom developer id roshandawrani Medium Vendor pom developer id rpopma Medium Vendor pom developer id russel Medium Vendor pom developer id shemnon Medium Vendor pom developer id skizz Medium Vendor pom developer id spullara Medium Vendor pom developer id sunlan Medium Vendor pom developer id timyates Medium Vendor pom developer id travis Medium Vendor pom developer id user57 Medium Vendor pom developer id zohar Medium Vendor pom developer name Alex Tkachman Medium Vendor pom developer name Andre Steingress Medium Vendor pom developer name Andres Almiray Medium Vendor pom developer name Bing Ran Medium Vendor pom developer name bob mcwhirter Medium Vendor pom developer name Cedric Champeau Medium Vendor pom developer name Chris Poirier Medium Vendor pom developer name Chris Stevenson Medium Vendor pom developer name Christiaan ten Klooster Medium Vendor pom developer name Christian Stein Medium Vendor pom developer name Daniel Sun Medium Vendor pom developer name Danno Ferrin Medium Vendor pom developer name Dierk Koenig Medium Vendor pom developer name Eric Milles Medium Vendor pom developer name Graeme Rocher Medium Vendor pom developer name Guillaume Alleon Medium Vendor pom developer name Guillaume Laforge Medium Vendor pom developer name Hamlet D'Arcy Medium Vendor pom developer name James Strachan Medium Vendor pom developer name James Williams Medium Vendor pom developer name Jamie McCrindle Medium Vendor pom developer name Jason Dillon Medium Vendor pom developer name Jeremy Rayner Medium Vendor pom developer name Jim White Medium Vendor pom developer name Jochen Theodorou Medium Vendor pom developer name Joe Walnes Medium Vendor pom developer name John Stump Medium Vendor pom developer name John Wilson Medium Vendor pom developer name Kasper Nielsen Medium Vendor pom developer name Marc Guillemot Medium Vendor pom developer name Matt Foemmel Medium Vendor pom developer name Pascal Schumacher Medium Vendor pom developer name Paul King Medium Vendor pom developer name Peter Niederwieser Medium Vendor pom developer name Pilho Kim Medium Vendor pom developer name Remko Popma Medium Vendor pom developer name Roshan Dawrani Medium Vendor pom developer name Russel Winder Medium Vendor pom developer name Sam Pullara Medium Vendor pom developer name Steve Goetze Medium Vendor pom developer name Tim Yates Medium Vendor pom developer name Travis Kay Medium Vendor pom developer name Zohar Melamed Medium Vendor pom developer org Concertant LLP & It'z Interactive Ltd Medium Vendor pom developer org Core Developers Network Medium Vendor pom developer org CTSR.de Medium Vendor pom developer org Dacelo WebDevelopment Medium Vendor pom developer org Dovetailed Technologies, LLC Medium Vendor pom developer org Google Medium Vendor pom developer org IFCX.org Medium Vendor pom developer org javanicus Medium Vendor pom developer org Karakun AG Medium Vendor pom developer org Leadingcare Medium Vendor pom developer org OCI, Australia Medium Vendor pom developer org The Werken Company Medium Vendor pom developer org The Wilson Partnership Medium Vendor pom developer org Thomson Reuters Medium Vendor pom developer org ThoughtWorks Medium Vendor pom developer org Three Medium Vendor pom groupid org.codehaus.groovy Highest Vendor pom name Apache Groovy High Vendor pom organization name Apache Software Foundation High Vendor pom organization url https://apache.org Medium Vendor pom url https://groovy-lang.org Highest Product file name groovy-xml High Product jar package name codehaus Highest Product jar package name groovy Highest Product jar package name xml Highest Product Manifest automatic-module-name org.codehaus.groovy.xml Medium Product Manifest bundle-symbolicname groovy-xml Medium Product Manifest eclipse-buddypolicy dependent Low Product Manifest fragment-host groovy Low Product Manifest Implementation-Title Groovy: a powerful, dynamic language for the JVM High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Product Manifest specification-title Groovy: a powerful, dynamic language for the JVM Medium Product pom artifactid groovy-xml Highest Product pom developer email aalmiray@users.sourceforge.net Low Product pom developer email b55r@sina.com Low Product pom developer email blackdrag@gmx.org Low Product pom developer email bob@werken.com Low Product pom developer email cedric.champeau@gmail.com Low Product pom developer email ckl@dacelo.nl Low Product pom developer email cpoirier@dreaming.org Low Product pom developer email goetze@dovetail.com Low Product pom developer email guillaume.alleon@gmail.com Low Product pom developer email hamletdrc@gmail.com Low Product pom developer email james@coredevelopers.com Low Product pom developer email jason@planet57.com Low Product pom developer email jeremy.rayner@gmail.com Low Product pom developer email jim@pagesmiths.com Low Product pom developer email johnstump2@yahoo.com Low Product pom developer email mguillemot@yahoo.fr Low Product pom developer email paulk@asert.com.au Low Product pom developer email phkim@cluecom.co.kr Low Product pom developer email pniederw@gmail.com Low Product pom developer email russel@winder.org.uk Low Product pom developer email sam@sampullara.com Low Product pom developer email sormuras@gmx.de Low Product pom developer email tug@wilson.co.uk Low Product pom developer id aalmiray Low Product pom developer id alextkachman Low Product pom developer id andresteingress Low Product pom developer id blackdrag Low Product pom developer id bob Low Product pom developer id bran Low Product pom developer id ckl Low Product pom developer id cpoirier Low Product pom developer id cstein Low Product pom developer id emilles Low Product pom developer id galleon Low Product pom developer id glaforge Low Product pom developer id goetze Low Product pom developer id grocher Low Product pom developer id hamletdrc Low Product pom developer id jamiemc Low Product pom developer id jez Low Product pom developer id jimwhite Low Product pom developer id joe Low Product pom developer id jstrachan Low Product pom developer id jstump Low Product pom developer id jwill Low Product pom developer id jwilson Low Product pom developer id kasper Low Product pom developer id mattf Low Product pom developer id melix Low Product pom developer id mguillem Low Product pom developer id mittie Low Product pom developer id pascalschumacher Low Product pom developer id paulk Low Product pom developer id phk Low Product pom developer id pniederw Low Product pom developer id roshandawrani Low Product pom developer id rpopma Low Product pom developer id russel Low Product pom developer id shemnon Low Product pom developer id skizz Low Product pom developer id spullara Low Product pom developer id sunlan Low Product pom developer id timyates Low Product pom developer id travis Low Product pom developer id user57 Low Product pom developer id zohar Low Product pom developer name Alex Tkachman Low Product pom developer name Andre Steingress Low Product pom developer name Andres Almiray Low Product pom developer name Bing Ran Low Product pom developer name bob mcwhirter Low Product pom developer name Cedric Champeau Low Product pom developer name Chris Poirier Low Product pom developer name Chris Stevenson Low Product pom developer name Christiaan ten Klooster Low Product pom developer name Christian Stein Low Product pom developer name Daniel Sun Low Product pom developer name Danno Ferrin Low Product pom developer name Dierk Koenig Low Product pom developer name Eric Milles Low Product pom developer name Graeme Rocher Low Product pom developer name Guillaume Alleon Low Product pom developer name Guillaume Laforge Low Product pom developer name Hamlet D'Arcy Low Product pom developer name James Strachan Low Product pom developer name James Williams Low Product pom developer name Jamie McCrindle Low Product pom developer name Jason Dillon Low Product pom developer name Jeremy Rayner Low Product pom developer name Jim White Low Product pom developer name Jochen Theodorou Low Product pom developer name Joe Walnes Low Product pom developer name John Stump Low Product pom developer name John Wilson Low Product pom developer name Kasper Nielsen Low Product pom developer name Marc Guillemot Low Product pom developer name Matt Foemmel Low Product pom developer name Pascal Schumacher Low Product pom developer name Paul King Low Product pom developer name Peter Niederwieser Low Product pom developer name Pilho Kim Low Product pom developer name Remko Popma Low Product pom developer name Roshan Dawrani Low Product pom developer name Russel Winder Low Product pom developer name Sam Pullara Low Product pom developer name Steve Goetze Low Product pom developer name Tim Yates Low Product pom developer name Travis Kay Low Product pom developer name Zohar Melamed Low Product pom developer org Concertant LLP & It'z Interactive Ltd Low Product pom developer org Core Developers Network Low Product pom developer org CTSR.de Low Product pom developer org Dacelo WebDevelopment Low Product pom developer org Dovetailed Technologies, LLC Low Product pom developer org Google Low Product pom developer org IFCX.org Low Product pom developer org javanicus Low Product pom developer org Karakun AG Low Product pom developer org Leadingcare Low Product pom developer org OCI, Australia Low Product pom developer org The Werken Company Low Product pom developer org The Wilson Partnership Low Product pom developer org Thomson Reuters Low Product pom developer org ThoughtWorks Low Product pom developer org Three Low Product pom groupid org.codehaus.groovy Highest Product pom name Apache Groovy High Product pom organization name Apache Software Foundation Low Product pom organization url https://apache.org Low Product pom url https://groovy-lang.org Medium Version file version 2.5.18 High Version Manifest Bundle-Version 2.5.18 High Version Manifest Implementation-Version 2.5.18 High Version pom version 2.5.18 Highest
Related Dependencies groovy-cli-picocli-2.5.18.jarFile Path: /home/grprdist/.m2/repository/org/codehaus/groovy/groovy-cli-picocli/2.5.18/groovy-cli-picocli-2.5.18.jar MD5: 9e2881fd02755e2dca877af20be272af SHA1: b630c15141f09a034d80e2b419e77f93a58febed SHA256: ce99225534b8ebfd8ceba00ff18ce84a40144da38a92b3e6f36c96602302d090 pkg:maven/org.codehaus.groovy/groovy-cli-picocli@2.5.18 groovy-console-2.5.18.jarFile Path: /home/grprdist/.m2/repository/org/codehaus/groovy/groovy-console/2.5.18/groovy-console-2.5.18.jar MD5: adeefc339808d50a5c6d5500421549fc SHA1: 724e91113829e73a87c3931279705e54fa896796 SHA256: c81c73a5b3b6906122072d8478de8795d07f4df6b47290e59bdccf9bf05bbff4 pkg:maven/org.codehaus.groovy/groovy-console@2.5.18 groovy-groovysh-2.5.18.jarFile Path: /home/grprdist/.m2/repository/org/codehaus/groovy/groovy-groovysh/2.5.18/groovy-groovysh-2.5.18.jar MD5: 887c33764a5479be42e0114b27ecd488 SHA1: 22aaf5e1849bf2ac6a1f36b5528040bff3e5fee8 SHA256: 02328ed516035a31eb8061e50e8ebfb883b557d5a2baed3deb45abc174e54333 pkg:maven/org.codehaus.groovy/groovy-groovysh@2.5.18 groovy-jsr223-2.5.18.jarFile Path: /home/grprdist/.m2/repository/org/codehaus/groovy/groovy-jsr223/2.5.18/groovy-jsr223-2.5.18.jar MD5: 9181a6a9b721051d840be820a001de0e SHA1: e65d3c2c32352583939adb7a16e8802626f8899a SHA256: 2a5d25d90b89a22cbeeb83495c4d6b7cd76ac75f4078beb841a6732258a92a26 pkg:maven/org.codehaus.groovy/groovy-jsr223@2.5.18 groovy-swing-2.5.18.jarFile Path: /home/grprdist/.m2/repository/org/codehaus/groovy/groovy-swing/2.5.18/groovy-swing-2.5.18.jar MD5: 9dd23e929a171e2fa656224ab5d64367 SHA1: 4a98d780762efe1fbc777d353a3406b1cbe884ec SHA256: 41f51592241acb04d97ef3c62827b8eff8a747cec34fd7419adca62816aec862 pkg:maven/org.codehaus.groovy/groovy-swing@2.5.18 groovy-templates-2.5.18.jarFile Path: /home/grprdist/.m2/repository/org/codehaus/groovy/groovy-templates/2.5.18/groovy-templates-2.5.18.jar MD5: ec20cce24dc773f21594406c8257f6d7 SHA1: fc465a955137ff128fa41ec2d9d371c799b2c041 SHA256: 769644776fe2be28dfc2e21d34ad3af41667b7f7e18db00e28bcb7b76b46e25f pkg:maven/org.codehaus.groovy/groovy-templates@2.5.18 Description:
Gson JSON library License:
Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/com/google/code/gson/gson/2.9.0/gson-2.9.0.jar
MD5: 53fa3e6753e90d931d62cb89580fde2f
SHA1: 8a1167e089096758b49f9b34066ef98b2f4b37aa
SHA256: c96d60551331a196dac54b745aa642cd078ef89b6f267146b705f2c2cbef052d
Referenced In Project/Scope: Grouper UI:compile
Evidence Type Source Name Value Confidence Vendor file name gson High Vendor jar package name google Highest Vendor jar package name gson Highest Vendor Manifest build-jdk-spec 11 Low Vendor Manifest bundle-contactaddress https://github.com/google/gson Low Vendor Manifest bundle-docurl https://github.com/google/gson/gson Low Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.7, JavaSE-1.8 Low Vendor Manifest bundle-symbolicname com.google.gson Medium Vendor Manifest multi-release true Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Vendor pom artifactid gson Highest Vendor pom artifactid gson Low Vendor pom groupid com.google.code.gson Highest Vendor pom name Gson High Vendor pom parent-artifactid gson-parent Low Product file name gson High Product jar package name google Highest Product jar package name gson Highest Product Manifest build-jdk-spec 11 Low Product Manifest bundle-contactaddress https://github.com/google/gson Low Product Manifest bundle-docurl https://github.com/google/gson/gson Low Product Manifest Bundle-Name Gson Medium Product Manifest bundle-requiredexecutionenvironment JavaSE-1.7, JavaSE-1.8 Low Product Manifest bundle-symbolicname com.google.gson Medium Product Manifest multi-release true Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Product pom artifactid gson Highest Product pom groupid com.google.code.gson Highest Product pom name Gson High Product pom parent-artifactid gson-parent Medium Version file version 2.9.0 High Version Manifest Bundle-Version 2.9.0 High Version pom version 2.9.0 Highest
Description:
This is the core API of hamcrest matcher framework to be used by third-party framework providers. This includes the a foundation set of matcher implementations for common operations.
File Path: /home/grprdist/.m2/repository/org/hamcrest/hamcrest-core/1.3/hamcrest-core-1.3.jarMD5: 6393363b47ddcbba82321110c3e07519SHA1: 42a25dc3219429f0e5d060061f71acb49bf010a0SHA256: 66fdef91e9739348df7a096aa384a5685f4e875584cce89386a7a47251c4d8e9Referenced In Project/Scope: Grouper API:compile
Evidence Type Source Name Value Confidence Vendor file name hamcrest-core High Vendor jar package name core Highest Vendor jar package name hamcrest Highest Vendor jar package name matcher Highest Vendor Manifest built-date 2012-07-09 19:49:34 Low Vendor Manifest Implementation-Vendor hamcrest.org High Vendor pom artifactid hamcrest-core Highest Vendor pom artifactid hamcrest-core Low Vendor pom groupid org.hamcrest Highest Vendor pom name Hamcrest Core High Vendor pom parent-artifactid hamcrest-parent Low Product file name hamcrest-core High Product jar package name core Highest Product jar package name hamcrest Highest Product jar package name matcher Highest Product Manifest built-date 2012-07-09 19:49:34 Low Product Manifest Implementation-Title hamcrest-core High Product pom artifactid hamcrest-core Highest Product pom groupid org.hamcrest Highest Product pom name Hamcrest Core High Product pom parent-artifactid hamcrest-parent Medium Version file version 1.3 High Version Manifest Implementation-Version 1.3 High Version pom version 1.3 Highest
Description:
Common reflection code used in support of annotation processing License:
GNU Library General Public License v2.1 or later: http://www.opensource.org/licenses/LGPL-2.1 File Path: /home/grprdist/.m2/repository/org/hibernate/common/hibernate-commons-annotations/5.1.2.Final/hibernate-commons-annotations-5.1.2.Final.jar
MD5: 2a2490b3eb8e7585a6a899d27d7ed43f
SHA1: e59ffdbc6ad09eeb33507b39ffcf287679a498c8
SHA256: 1c7ce712b2679fea0a5441eb02a04144297125b768944819be0765befb996275
Referenced In Projects/Scopes: Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name hibernate-commons-annotations High Vendor hint analyzer vendor redhat Highest Vendor jar package name annotations Highest Vendor jar package name common Highest Vendor jar package name hibernate Highest Vendor jar package name reflection Highest Vendor Manifest automatic-module-name org.hibernate.commons.annotations Medium Vendor Manifest bundle-symbolicname org.hibernate.common.hibernate-commons-annotations Medium Vendor Manifest implementation-url http://hibernate.org Low Vendor Manifest Implementation-Vendor Hibernate.org High Vendor Manifest Implementation-Vendor-Id org.hibernate Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor pom artifactid hibernate-commons-annotations Highest Vendor pom artifactid hibernate-commons-annotations Low Vendor pom developer id hibernate-team Medium Vendor pom developer name The Hibernate Development Team Medium Vendor pom developer org Hibernate.org Medium Vendor pom developer org URL http://hibernate.org Medium Vendor pom groupid org.hibernate.common Highest Vendor pom name Hibernate Commons Annotations High Vendor pom organization name Hibernate.org High Vendor pom organization url http://hibernate.org Medium Vendor pom url http://hibernate.org Highest Product file name hibernate-commons-annotations High Product jar package name annotations Highest Product jar package name common Highest Product jar package name hibernate Highest Product jar package name reflection Highest Product jar package name version Highest Product Manifest automatic-module-name org.hibernate.commons.annotations Medium Product Manifest Bundle-Name hibernate-commons-annotations Medium Product Manifest bundle-symbolicname org.hibernate.common.hibernate-commons-annotations Medium Product Manifest implementation-url http://hibernate.org Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product pom artifactid hibernate-commons-annotations Highest Product pom developer id hibernate-team Low Product pom developer name The Hibernate Development Team Low Product pom developer org Hibernate.org Low Product pom developer org URL http://hibernate.org Low Product pom groupid org.hibernate.common Highest Product pom name Hibernate Commons Annotations High Product pom organization name Hibernate.org Low Product pom organization url http://hibernate.org Low Product pom url http://hibernate.org Medium Version Manifest Bundle-Version 5.1.2.Final High Version Manifest Implementation-Version 5.1.2.Final High Version pom version 5.1.2.Final Highest
Description:
Hibernate's core ORM functionality License:
GNU Library General Public License v2.1 or later: https://www.opensource.org/licenses/LGPL-2.1 File Path: /home/grprdist/.m2/repository/org/hibernate/hibernate-core/5.6.10.Final/hibernate-core-5.6.10.Final.jar
MD5: 9c4f43fc5936b6d6555ff6ece7865220
SHA1: 408fd5802391d8e6f619db9d7c6c0e27d49118c2
SHA256: ed3693a0ae288dafff6155b03b7d743fdb9c9f432de37d7b894f44d92e3a85c4
Referenced In Projects/Scopes: Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name hibernate-core High Vendor hint analyzer vendor redhat Highest Vendor jar package name hibernate Highest Vendor Manifest automatic-module-name org.hibernate.orm.core Medium Vendor Manifest bundle-docurl https://hibernate.org/orm/5.6 Low Vendor Manifest bundle-symbolicname org.hibernate.orm.core Medium Vendor Manifest implementation-url https://hibernate.org/orm Low Vendor Manifest Implementation-Vendor Hibernate.org High Vendor Manifest Implementation-Vendor-Id org.hibernate Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor Manifest specification-vendor Hibernate.org Low Vendor pom artifactid hibernate-core Highest Vendor pom artifactid hibernate-core Low Vendor pom developer id hibernate-team Medium Vendor pom developer name The Hibernate Development Team Medium Vendor pom developer org Hibernate.org Medium Vendor pom developer org URL https://hibernate.org Medium Vendor pom groupid org.hibernate Highest Vendor pom name Hibernate ORM - hibernate-core High Vendor pom organization name Hibernate.org High Vendor pom organization url https://hibernate.org Medium Vendor pom url https://hibernate.org/orm Highest Product file name hibernate-core High Product hint analyzer product orm Highest Product jar package name filter Highest Product jar package name hibernate Highest Product jar package name version Highest Product Manifest automatic-module-name org.hibernate.orm.core Medium Product Manifest bundle-docurl https://hibernate.org/orm/5.6 Low Product Manifest Bundle-Name hibernate-core Medium Product Manifest bundle-symbolicname org.hibernate.orm.core Medium Product Manifest Implementation-Title hibernate-core High Product Manifest implementation-url https://hibernate.org/orm Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product Manifest specification-title hibernate-core Medium Product pom artifactid hibernate-core Highest Product pom developer id hibernate-team Low Product pom developer name The Hibernate Development Team Low Product pom developer org Hibernate.org Low Product pom developer org URL https://hibernate.org Low Product pom groupid org.hibernate Highest Product pom name Hibernate ORM - hibernate-core High Product pom organization name Hibernate.org Low Product pom organization url https://hibernate.org Low Product pom url https://hibernate.org/orm Medium Version Manifest Bundle-Version 5.6.10.Final High Version Manifest Implementation-Version 5.6.10.Final High Version pom version 5.6.10.Final Highest
Related Dependencies hibernate-c3p0-5.6.10.Final.jarFile Path: /home/grprdist/.m2/repository/org/hibernate/hibernate-c3p0/5.6.10.Final/hibernate-c3p0-5.6.10.Final.jar MD5: acf28b651917e761001529a68c666c90 SHA1: 4d1e4a538e52da00775b677dcd60c8229f82bd7a SHA256: ab35d00196eb60e79c53f58b43f16bc0016269eee2d7df21c0797cf04014d10f pkg:maven/org.hibernate/hibernate-c3p0@5.6.10.Final hibernate-ehcache-5.6.10.Final.jarFile Path: /home/grprdist/.m2/repository/org/hibernate/hibernate-ehcache/5.6.10.Final/hibernate-ehcache-5.6.10.Final.jar MD5: 7ef9cf74d544524c2c0ed6c644806241 SHA1: c779f59ec928a761a17e742dc9e0d3116b1054e8 SHA256: f97158aeba95235531b23a7f750ed233dc201ee6fce469d1eb14cda1e5decce7 pkg:maven/org.hibernate/hibernate-ehcache@5.6.10.Final Description:
${project.name} License:
http://www.eclipse.org/legal/epl-2.0, https://www.gnu.org/software/classpath/license.html File Path: /home/grprdist/.m2/repository/org/glassfish/hk2/hk2-api/2.6.1/hk2-api-2.6.1.jar
MD5: 23e8c18dae0c7b776bed756763d5153f
SHA1: 114bd7afb4a1bd9993527f52a08a252b5d2acac5
SHA256: c2cb80a01e58440ae57d5ee59af4d4d94e5180e04aff112b0cb611c07d61e773
Referenced In Projects/Scopes: Grouper WS Test:compile Grouper WS:compile Evidence Type Source Name Value Confidence Vendor file name hk2-api High Vendor jar package name api Highest Vendor jar package name glassfish Highest Vendor jar package name hk2 Highest Vendor Manifest bundle-docurl http://www.oracle.com Low Vendor Manifest bundle-symbolicname org.glassfish.hk2.api Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor pom artifactid hk2-api Highest Vendor pom artifactid hk2-api Low Vendor pom groupid org.glassfish.hk2 Highest Vendor pom name HK2 API module High Vendor pom parent-artifactid hk2-parent Low Product file name hk2-api High Product jar package name api Highest Product jar package name filter Highest Product jar package name glassfish Highest Product jar package name hk2 Highest Product Manifest bundle-docurl http://www.oracle.com Low Product Manifest Bundle-Name HK2 API module Medium Product Manifest bundle-symbolicname org.glassfish.hk2.api Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product pom artifactid hk2-api Highest Product pom groupid org.glassfish.hk2 Highest Product pom name HK2 API module High Product pom parent-artifactid hk2-parent Medium Version file version 2.6.1 High Version Manifest Bundle-Version 2.6.1 High Version pom version 2.6.1 Highest
Description:
${project.name} License:
http://www.eclipse.org/legal/epl-2.0, https://www.gnu.org/software/classpath/license.html File Path: /home/grprdist/.m2/repository/org/glassfish/hk2/hk2-locator/2.6.1/hk2-locator-2.6.1.jar
MD5: dfd358720393d83b01747928db6e3912
SHA1: 9dedf9d2022e38ec0743ed44c1ac94ad6149acdd
SHA256: febc668deb9f2000c76bd4918d8086c0a4c74d07bd0c60486b72c6bd38b62874
Referenced In Projects/Scopes: Grouper WS Test:compile Grouper WS:compile Evidence Type Source Name Value Confidence Vendor file name hk2-locator High Vendor jar package name hk2 Highest Vendor Manifest bundle-docurl http://www.oracle.com Low Vendor Manifest bundle-symbolicname org.glassfish.hk2.locator Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor pom artifactid hk2-locator Highest Vendor pom artifactid hk2-locator Low Vendor pom groupid org.glassfish.hk2 Highest Vendor pom name ServiceLocator Default Implementation High Vendor pom parent-artifactid hk2-parent Low Product file name hk2-locator High Product jar package name hk2 Highest Product Manifest bundle-docurl http://www.oracle.com Low Product Manifest Bundle-Name ServiceLocator Default Implementation Medium Product Manifest bundle-symbolicname org.glassfish.hk2.locator Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product pom artifactid hk2-locator Highest Product pom groupid org.glassfish.hk2 Highest Product pom name ServiceLocator Default Implementation High Product pom parent-artifactid hk2-parent Medium Version file version 2.6.1 High Version Manifest Bundle-Version 2.6.1 High Version pom version 2.6.1 Highest
Description:
${project.name} License:
http://www.eclipse.org/legal/epl-2.0, https://www.gnu.org/software/classpath/license.html File Path: /home/grprdist/.m2/repository/org/glassfish/hk2/hk2-utils/2.6.1/hk2-utils-2.6.1.jar
MD5: 75ccb55538a77bf878996497ffeb86f3
SHA1: 396513aa96c1d5a10aa4f75c4dcbf259a698d62d
SHA256: 30727f79086452fdefdab08451d982c2082aa239d9f75cdeb1ba271e3c887036
Referenced In Projects/Scopes: Grouper WS Test:compile Grouper WS:compile Evidence Type Source Name Value Confidence Vendor file name hk2-utils High Vendor jar package name glassfish Highest Vendor jar package name hk2 Highest Vendor jar package name utilities Highest Vendor Manifest bundle-docurl http://www.oracle.com Low Vendor Manifest bundle-symbolicname org.glassfish.hk2.utils Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor Manifest service foo Low Vendor pom artifactid hk2-utils Highest Vendor pom artifactid hk2-utils Low Vendor pom groupid org.glassfish.hk2 Highest Vendor pom name HK2 Implementation Utilities High Vendor pom parent-artifactid hk2-parent Low Product file name hk2-utils High Product jar package name glassfish Highest Product jar package name hk2 Highest Product jar package name utilities Highest Product Manifest bundle-docurl http://www.oracle.com Low Product Manifest Bundle-Name HK2 Implementation Utilities Medium Product Manifest bundle-symbolicname org.glassfish.hk2.utils Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product Manifest service foo Low Product pom artifactid hk2-utils Highest Product pom groupid org.glassfish.hk2 Highest Product pom name HK2 Implementation Utilities High Product pom parent-artifactid hk2-parent Medium Version file version 2.6.1 High Version Manifest Bundle-Version 2.6.1 High Version pom version 2.6.1 Highest
CVE-2021-4277 suppress
A vulnerability, which was classified as problematic, has been found in fredsmith utils. This issue affects some unknown processing of the file screenshot_sync of the component Filename Handler. The manipulation leads to predictable from observable state. The name of the patch is dbab1b66955eeb3d76b34612b358307f5c4e3944. It is recommended to apply a patch to fix this issue. The identifier VDB-216749 was assigned to this vulnerability. CWE-330 Use of Insufficiently Random Values
CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N References:
Vulnerable Software & Versions:
Description:
Apache HttpComponents Client
File Path: /home/grprdist/.m2/repository/org/apache/httpcomponents/httpclient/4.5.13/httpclient-4.5.13.jarMD5: 40d6b9075fbd28fa10292a45a0db9457SHA1: e5f6cae5ca7ecaac1ec2827a9e2d65ae2869cadaSHA256: 6fe9026a566c6a5001608cf3fc32196641f6c1e5e1986d1037ccdbd5f31ef743Referenced In Projects/Scopes:
Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name httpclient High Vendor jar package name apache Highest Vendor jar package name client Highest Vendor jar package name httpclient Highest Vendor Manifest automatic-module-name org.apache.httpcomponents.httpclient Medium Vendor Manifest implementation-url http://hc.apache.org/httpcomponents-client Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache.httpcomponents Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid httpclient Highest Vendor pom artifactid httpclient Low Vendor pom groupid org.apache.httpcomponents Highest Vendor pom name Apache HttpClient High Vendor pom parent-artifactid httpcomponents-client Low Vendor pom url http://hc.apache.org/httpcomponents-client Highest Product file name httpclient High Product jar package name apache Highest Product jar package name client Highest Product jar package name http Highest Product jar package name httpclient Highest Product Manifest automatic-module-name org.apache.httpcomponents.httpclient Medium Product Manifest Implementation-Title Apache HttpClient High Product Manifest implementation-url http://hc.apache.org/httpcomponents-client Low Product Manifest specification-title Apache HttpClient Medium Product pom artifactid httpclient Highest Product pom groupid org.apache.httpcomponents Highest Product pom name Apache HttpClient High Product pom parent-artifactid httpcomponents-client Medium Product pom url http://hc.apache.org/httpcomponents-client Medium Version file version 4.5.13 High Version Manifest Implementation-Version 4.5.13 High Version pom version 4.5.13 Highest
Description:
Apache HttpComponents Core (blocking I/O)
File Path: /home/grprdist/.m2/repository/org/apache/httpcomponents/httpcore/4.4.14/httpcore-4.4.14.jarMD5: 2b3991eda121042765a5ee299556c200SHA1: 9dd1a631c082d92ecd4bd8fd4cf55026c720a8c1SHA256: f956209e450cb1d0c51776dfbd23e53e9dd8db9a1298ed62b70bf0944ba63b28Referenced In Projects/Scopes:
Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name httpcore High Vendor jar package name apache Highest Vendor Manifest automatic-module-name org.apache.httpcomponents.httpcore Medium Vendor Manifest implementation-build ${scmBranch}@r${buildNumber}; 2020-11-26 19:07:01+0000 Low Vendor Manifest implementation-url http://hc.apache.org/httpcomponents-core-ga Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor Manifest url http://hc.apache.org/httpcomponents-core-ga Low Vendor pom artifactid httpcore Highest Vendor pom artifactid httpcore Low Vendor pom groupid org.apache.httpcomponents Highest Vendor pom name Apache HttpCore High Vendor pom parent-artifactid httpcomponents-core Low Vendor pom url http://hc.apache.org/httpcomponents-core-ga Highest Product file name httpcore High Product jar package name apache Highest Product jar package name http Highest Product Manifest automatic-module-name org.apache.httpcomponents.httpcore Medium Product Manifest implementation-build ${scmBranch}@r${buildNumber}; 2020-11-26 19:07:01+0000 Low Product Manifest Implementation-Title HttpComponents Apache HttpCore High Product Manifest implementation-url http://hc.apache.org/httpcomponents-core-ga Low Product Manifest specification-title HttpComponents Apache HttpCore Medium Product Manifest url http://hc.apache.org/httpcomponents-core-ga Low Product pom artifactid httpcore Highest Product pom groupid org.apache.httpcomponents Highest Product pom name Apache HttpCore High Product pom parent-artifactid httpcomponents-core Medium Product pom url http://hc.apache.org/httpcomponents-core-ga Medium Version file version 4.4.14 High Version Manifest Implementation-Version 4.4.14 High Version pom version 4.4.14 Highest
Description:
Apache HttpComponents HttpClient - MIME coded entities
File Path: /home/grprdist/.m2/repository/org/apache/httpcomponents/httpmime/4.5.13/httpmime-4.5.13.jarMD5: 3f0c1ef2c9dc47b62b780192f54b0c18SHA1: efc110bad4a0d45cda7858e6beee1d8a8313da5aSHA256: 06e754d99245b98dcc2860dcb43d20e737d650da2bf2077a105f68accbd5c5ccReferenced In Projects/Scopes:
Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name httpmime High Vendor jar package name apache Highest Vendor jar package name mime Highest Vendor Manifest automatic-module-name org.apache.httpcomponents.httpmime Medium Vendor Manifest implementation-url http://hc.apache.org/httpcomponents-client Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache.httpcomponents Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid httpmime Highest Vendor pom artifactid httpmime Low Vendor pom groupid org.apache.httpcomponents Highest Vendor pom name Apache HttpClient Mime High Vendor pom parent-artifactid httpcomponents-client Low Vendor pom url http://hc.apache.org/httpcomponents-client Highest Product file name httpmime High Product jar package name apache Highest Product jar package name http Highest Product jar package name mime Highest Product Manifest automatic-module-name org.apache.httpcomponents.httpmime Medium Product Manifest Implementation-Title Apache HttpClient Mime High Product Manifest implementation-url http://hc.apache.org/httpcomponents-client Low Product Manifest specification-title Apache HttpClient Mime Medium Product pom artifactid httpmime Highest Product pom groupid org.apache.httpcomponents Highest Product pom name Apache HttpClient Mime High Product pom parent-artifactid httpcomponents-client Medium Product pom url http://hc.apache.org/httpcomponents-client Medium Version file version 4.5.13 High Version Manifest Implementation-Version 4.5.13 High Version pom version 4.5.13 Highest
Description:
A Java implementation of the Amazon Ion data notation.
License:
The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/software/amazon/ion/ion-java/1.0.2/ion-java-1.0.2.jar
MD5: 3f07f5df418af9ea2ebe80c3d6eccac4
SHA1: ee9dacea7726e495f8352b81c12c23834ffbc564
SHA256: 0d127b205a1fce0abc2a3757a041748651bc66c15cf4c059bac5833b27d471a5
Referenced In Projects/Scopes: Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name ion-java High Vendor jar package name amazon Highest Vendor jar package name ion Highest Vendor jar package name software Highest Vendor Manifest bundle-symbolicname software.amazon.ion.java Medium Vendor Manifest ion-java-build-time 2017-02-07T23:59:25Z Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low Vendor pom artifactid ion-java Highest Vendor pom artifactid ion-java Low Vendor pom developer email ion-team@amazon.com Low Vendor pom developer name Amazon Ion Team Medium Vendor pom developer org Amazon Labs Medium Vendor pom developer org URL https://github.com/amznlabs Medium Vendor pom groupid software.amazon.ion Highest Vendor pom url amznlabs/ion-java/ Highest Product file name ion-java High Product jar package name amazon Highest Product jar package name ion Highest Product jar package name software Highest Product Manifest Bundle-Name software.amazon.ion:ion-java Medium Product Manifest bundle-symbolicname software.amazon.ion.java Medium Product Manifest ion-java-build-time 2017-02-07T23:59:25Z Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low Product pom artifactid ion-java Highest Product pom developer email ion-team@amazon.com Low Product pom developer name Amazon Ion Team Low Product pom developer org Amazon Labs Low Product pom developer org URL https://github.com/amznlabs Low Product pom groupid software.amazon.ion Highest Product pom url amznlabs/ion-java/ High Version file version 1.0.2 High Version Manifest Bundle-Version 1.0.2 High Version Manifest ion-java-project-version 1.0.2 Medium Version pom version 1.0.2 Highest
CVE-2024-21634 suppress
Amazon Ion is a Java implementation of the Ion data notation. Prior to version 1.10.5, a potential denial-of-service issue exists in `ion-java` for applications that use `ion-java` to deserialize Ion text encoded data, or deserialize Ion text or binary encoded data into the `IonValue` model and then invoke certain `IonValue` methods on that in-memory representation. An actor could craft Ion data that, when loaded by the affected application and/or processed using the `IonValue` model, results in a `StackOverflowError` originating from the `ion-java` library. The patch is included in `ion-java` 1.10.5. As a workaround, do not load data which originated from an untrusted source or that could have been tampered with. CWE-770 Allocation of Resources Without Limits or Throttling
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions:
Description:
istack common utility code License:
https://glassfish.java.net/public/CDDL+GPL_1_1.html, https://glassfish.java.net/public/CDDL+GPL_1_1.html File Path: /home/grprdist/.m2/repository/com/sun/istack/istack-commons-runtime/3.0.7/istack-commons-runtime-3.0.7.jar
MD5: 83e9617b86023b91bd54f65c09838f4b
SHA1: c197c86ceec7318b1284bffb49b54226ca774003
SHA256: 6443e10ba2e259fb821d9b6becf10db5316285fc30c53cec9d7b19a3877e7fdf
Referenced In Projects/Scopes: Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name istack-commons-runtime High Vendor jar package name istack Highest Vendor jar package name sun Highest Vendor jar (hint) package name oracle Highest Vendor Manifest bundle-docurl http://www.oracle.com/ Low Vendor Manifest bundle-symbolicname com.sun.istack.commons-runtime Medium Vendor Manifest implementation-build-id 3.0.7-c8b5e20894f565780625d6f9b018ef7c458cd688, 2018-08-29T05:23:37-0700 Low Vendor Manifest Implementation-Vendor Oracle Corporation High Vendor Manifest Implementation-Vendor-Id com.sun.istack Medium Vendor Manifest originally-created-by Apache Maven Bundle Plugin Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Vendor pom artifactid istack-commons-runtime Highest Vendor pom artifactid istack-commons-runtime Low Vendor pom groupid com.sun.istack Highest Vendor pom name istack common utility code runtime High Vendor pom parent-artifactid istack-commons Low Product file name istack-commons-runtime High Product jar package name istack Highest Product jar package name sun Highest Product Manifest bundle-docurl http://www.oracle.com/ Low Product Manifest Bundle-Name istack common utility code runtime Medium Product Manifest bundle-symbolicname com.sun.istack.commons-runtime Medium Product Manifest implementation-build-id 3.0.7-c8b5e20894f565780625d6f9b018ef7c458cd688, 2018-08-29T05:23:37-0700 Low Product Manifest Implementation-Title istack common utility code runtime High Product Manifest originally-created-by Apache Maven Bundle Plugin Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Product pom artifactid istack-commons-runtime Highest Product pom groupid com.sun.istack Highest Product pom name istack common utility code runtime High Product pom parent-artifactid istack-commons Medium Version file version 3.0.7 High Version Manifest Bundle-Version 3.0.7 High Version Manifest Implementation-Version 3.0.7 High Version pom version 3.0.7 Highest
CVE-2021-37533 suppress
Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711. CWE-20 Improper Input Validation
CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions:
Description:
Core annotations used for value types, used by Jackson data binding package.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/com/fasterxml/jackson/core/jackson-annotations/2.13.3/jackson-annotations-2.13.3.jar
MD5: 3fb8ee542a62a113fa7474fe88bb97e8
SHA1: 7198b3aac15285a49e218e08441c5f70af00fc51
SHA256: 5326a6fbcde7cf8817f36c254101cd45f6acea4258518cd3c80ee5b89f4e4b9b
Referenced In Projects/Scopes: Grouper WS Test:compile Grouper WS:compile Evidence Type Source Name Value Confidence Vendor file name jackson-annotations High Vendor jar package name fasterxml Highest Vendor jar package name jackson Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl http://github.com/FasterXML/jackson Low Vendor Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-annotations Medium Vendor Manifest implementation-build-date 2022-05-14 14:27:37+0000 Low Vendor Manifest Implementation-Vendor FasterXML High Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.core Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor Manifest specification-vendor FasterXML Low Vendor pom artifactid jackson-annotations Highest Vendor pom artifactid jackson-annotations Low Vendor pom groupid com.fasterxml.jackson.core Highest Vendor pom name Jackson-annotations High Vendor pom parent-artifactid jackson-parent Low Vendor pom parent-groupid com.fasterxml.jackson Medium Vendor pom url http://github.com/FasterXML/jackson Highest Product file name jackson-annotations High Product hint analyzer product java8 Highest Product hint analyzer product modules Highest Product jar package name fasterxml Highest Product jar package name jackson Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl http://github.com/FasterXML/jackson Low Product Manifest Bundle-Name Jackson-annotations Medium Product Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-annotations Medium Product Manifest implementation-build-date 2022-05-14 14:27:37+0000 Low Product Manifest Implementation-Title Jackson-annotations High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product Manifest specification-title Jackson-annotations Medium Product pom artifactid jackson-annotations Highest Product pom groupid com.fasterxml.jackson.core Highest Product pom name Jackson-annotations High Product pom parent-artifactid jackson-parent Medium Product pom parent-groupid com.fasterxml.jackson Medium Product pom url http://github.com/FasterXML/jackson Medium Version file version 2.13.3 High Version Manifest Bundle-Version 2.13.3 High Version Manifest Implementation-Version 2.13.3 High Version pom parent-version 2.13.3 Low Version pom version 2.13.3 Highest
Description:
Core annotations used for value types, used by Jackson data binding package.
License:
The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/com/fasterxml/jackson/core/jackson-annotations/2.14.0/jackson-annotations-2.14.0.jar
MD5: 9dd0a11ebc38409f2e6ae5bc4c7b6aa4
SHA1: fb7afb3c9c8ea363a9c88ea9c0a7177cf2fbd369
SHA256: efaff8693acbae673468d251b5e5ea8fc7ce1b852327bccf1cce72244c2e5f1c
Referenced In Projects/Scopes: Grouper SCIM:provided Grouper API:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name jackson-annotations High Vendor jar package name fasterxml Highest Vendor jar package name jackson Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://github.com/FasterXML/jackson Low Vendor Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-annotations Medium Vendor Manifest Implementation-Vendor FasterXML High Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.core Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor Manifest specification-vendor FasterXML Low Vendor pom artifactid jackson-annotations Highest Vendor pom artifactid jackson-annotations Low Vendor pom groupid com.fasterxml.jackson.core Highest Vendor pom name Jackson-annotations High Vendor pom parent-artifactid jackson-parent Low Vendor pom parent-groupid com.fasterxml.jackson Medium Vendor pom url FasterXML/jackson Highest Product file name jackson-annotations High Product hint analyzer product java8 Highest Product hint analyzer product modules Highest Product jar package name fasterxml Highest Product jar package name jackson Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://github.com/FasterXML/jackson Low Product Manifest Bundle-Name Jackson-annotations Medium Product Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-annotations Medium Product Manifest Implementation-Title Jackson-annotations High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product Manifest specification-title Jackson-annotations Medium Product pom artifactid jackson-annotations Highest Product pom groupid com.fasterxml.jackson.core Highest Product pom name Jackson-annotations High Product pom parent-artifactid jackson-parent Medium Product pom parent-groupid com.fasterxml.jackson Medium Product pom url FasterXML/jackson High Version file version 2.14.0 High Version Manifest Bundle-Version 2.14.0 High Version Manifest Implementation-Version 2.14.0 High Version pom parent-version 2.14.0 Low Version pom version 2.14.0 Highest
Related Dependencies jackson-datatype-jsr310-2.14.0.jarFile Path: /home/grprdist/.m2/repository/com/fasterxml/jackson/datatype/jackson-datatype-jsr310/2.14.0/jackson-datatype-jsr310-2.14.0.jar MD5: b82b78a35ac17003e9a71fa84c47c8ec SHA1: 171c5831341883b1cebbbf5aafba62c0fca33b95 SHA256: 1e2ed10509b17e3c67d1724540f7a446d5bea6c4c7596c396dc76413309e4ed2 pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-jsr310@2.14.0 Description:
Core annotations used for value types, used by Jackson data binding package.
License:
The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/com/fasterxml/jackson/core/jackson-annotations/2.14.2/jackson-annotations-2.14.2.jar
MD5: 10d19982a8890f6eb37557af2f58e272
SHA1: a7aae9525864930723e3453ab799521fdfd9d873
SHA256: 2c6869d505cf60dc066734b7d50339f975bd3adc635e26a78abb71acb4473c0d
Referenced In Project/Scope: Grouper Client:compile
Evidence Type Source Name Value Confidence Vendor file name jackson-annotations High Vendor jar package name fasterxml Highest Vendor jar package name jackson Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://github.com/FasterXML/jackson Low Vendor Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-annotations Medium Vendor Manifest Implementation-Vendor FasterXML High Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.core Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor Manifest specification-vendor FasterXML Low Vendor pom artifactid jackson-annotations Highest Vendor pom artifactid jackson-annotations Low Vendor pom groupid com.fasterxml.jackson.core Highest Vendor pom name Jackson-annotations High Vendor pom parent-artifactid jackson-parent Low Vendor pom parent-groupid com.fasterxml.jackson Medium Vendor pom url FasterXML/jackson Highest Product file name jackson-annotations High Product hint analyzer product java8 Highest Product hint analyzer product modules Highest Product jar package name fasterxml Highest Product jar package name jackson Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://github.com/FasterXML/jackson Low Product Manifest Bundle-Name Jackson-annotations Medium Product Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-annotations Medium Product Manifest Implementation-Title Jackson-annotations High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product Manifest specification-title Jackson-annotations Medium Product pom artifactid jackson-annotations Highest Product pom groupid com.fasterxml.jackson.core Highest Product pom name Jackson-annotations High Product pom parent-artifactid jackson-parent Medium Product pom parent-groupid com.fasterxml.jackson Medium Product pom url FasterXML/jackson High Version file version 2.14.2 High Version Manifest Bundle-Version 2.14.2 High Version Manifest Implementation-Version 2.14.2 High Version pom parent-version 2.14.2 Low Version pom version 2.14.2 Highest
Description:
Core Jackson processing abstractions (aka Streaming API), implementation for JSON License:
The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.14.0/jackson-core-2.14.0.jar
MD5: 88988c4b941b1f4c6637af5218b26f87
SHA1: 49d219171d6af643e061e9e1baaaf6a6a067918d
SHA256: ab4793e5df4fbfae445ca55e9e1439311c80fa8b34fc13162c1260902b4dbea0
Referenced In Projects/Scopes: Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name jackson-core High Vendor jar package name base Highest Vendor jar package name core Highest Vendor jar package name fasterxml Highest Vendor jar package name jackson Highest Vendor jar package name json Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://github.com/FasterXML/jackson-core Low Vendor Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-core Medium Vendor Manifest Implementation-Vendor FasterXML High Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.core Medium Vendor Manifest multi-release true Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor Manifest specification-vendor FasterXML Low Vendor pom artifactid jackson-core Highest Vendor pom artifactid jackson-core Low Vendor pom groupid com.fasterxml.jackson.core Highest Vendor pom name Jackson-core High Vendor pom parent-artifactid jackson-base Low Vendor pom parent-groupid com.fasterxml.jackson Medium Vendor pom url FasterXML/jackson-core Highest Product file name jackson-core High Product hint analyzer product java8 Highest Product hint analyzer product modules Highest Product jar package name base Highest Product jar package name core Highest Product jar package name fasterxml Highest Product jar package name filter Highest Product jar package name jackson Highest Product jar package name json Highest Product jar package name version Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://github.com/FasterXML/jackson-core Low Product Manifest Bundle-Name Jackson-core Medium Product Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-core Medium Product Manifest Implementation-Title Jackson-core High Product Manifest multi-release true Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product Manifest specification-title Jackson-core Medium Product pom artifactid jackson-core Highest Product pom groupid com.fasterxml.jackson.core Highest Product pom name Jackson-core High Product pom parent-artifactid jackson-base Medium Product pom parent-groupid com.fasterxml.jackson Medium Product pom url FasterXML/jackson-core High Version file version 2.14.0 High Version Manifest Bundle-Version 2.14.0 High Version Manifest Implementation-Version 2.14.0 High Version pom version 2.14.0 Highest
CVE-2022-45688 suppress
A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data. CWE-787 Out-of-bounds Write
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2023-5072 suppress
Denial of Service in JSON-Java versions up to and including 20230618. A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.
CWE-770 Allocation of Resources Without Limits or Throttling
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions:
Description:
Core Jackson processing abstractions (aka Streaming API), implementation for JSON License:
The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.14.2/jackson-core-2.14.2.jar
MD5: 6ee422ee4c481b2d5aacb2b5e36a7dc0
SHA1: f804090e6399ce0cf78242db086017512dd71fcc
SHA256: b5d37a77c88277b97e3593c8740925216c06df8e4172bbde058528df04ad3e7a
Referenced In Project/Scope: Grouper Client:compile
Evidence Type Source Name Value Confidence Vendor file name jackson-core High Vendor jar package name base Highest Vendor jar package name core Highest Vendor jar package name fasterxml Highest Vendor jar package name jackson Highest Vendor jar package name json Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://github.com/FasterXML/jackson-core Low Vendor Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-core Medium Vendor Manifest Implementation-Vendor FasterXML High Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.core Medium Vendor Manifest multi-release true Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor Manifest specification-vendor FasterXML Low Vendor pom artifactid jackson-core Highest Vendor pom artifactid jackson-core Low Vendor pom groupid com.fasterxml.jackson.core Highest Vendor pom name Jackson-core High Vendor pom parent-artifactid jackson-base Low Vendor pom parent-groupid com.fasterxml.jackson Medium Vendor pom url FasterXML/jackson-core Highest Product file name jackson-core High Product hint analyzer product java8 Highest Product hint analyzer product modules Highest Product jar package name base Highest Product jar package name core Highest Product jar package name fasterxml Highest Product jar package name filter Highest Product jar package name jackson Highest Product jar package name json Highest Product jar package name version Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://github.com/FasterXML/jackson-core Low Product Manifest Bundle-Name Jackson-core Medium Product Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-core Medium Product Manifest Implementation-Title Jackson-core High Product Manifest multi-release true Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product Manifest specification-title Jackson-core Medium Product pom artifactid jackson-core Highest Product pom groupid com.fasterxml.jackson.core Highest Product pom name Jackson-core High Product pom parent-artifactid jackson-base Medium Product pom parent-groupid com.fasterxml.jackson Medium Product pom url FasterXML/jackson-core High Version file version 2.14.2 High Version Manifest Bundle-Version 2.14.2 High Version Manifest Implementation-Version 2.14.2 High Version pom version 2.14.2 Highest
CVE-2022-45688 suppress
A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data. CWE-787 Out-of-bounds Write
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2023-5072 suppress
Denial of Service in JSON-Java versions up to and including 20230618. A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.
CWE-770 Allocation of Resources Without Limits or Throttling
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions:
Description:
General data-binding functionality for Jackson: works on core streaming API License:
The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.14.0/jackson-databind-2.14.0.jar
MD5: f94ffc53b4062cae1f383a4482593020
SHA1: 513b8ca3fea0352ceebe4d0bbeea527ab343dc1a
SHA256: 54377fa855f52ed87e8f689b35249971840b16870dee76806d5d200cbcd66f27
Referenced In Projects/Scopes: Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name jackson-databind High Vendor jar package name databind Highest Vendor jar package name fasterxml Highest Vendor jar package name jackson Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://github.com/FasterXML/jackson Low Vendor Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-databind Medium Vendor Manifest Implementation-Vendor FasterXML High Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.core Medium Vendor Manifest multi-release true Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor Manifest specification-vendor FasterXML Low Vendor pom artifactid jackson-databind Highest Vendor pom artifactid jackson-databind Low Vendor pom groupid com.fasterxml.jackson.core Highest Vendor pom name jackson-databind High Vendor pom parent-artifactid jackson-base Low Vendor pom parent-groupid com.fasterxml.jackson Medium Vendor pom url FasterXML/jackson Highest Product file name jackson-databind High Product hint analyzer product java8 Highest Product hint analyzer product modules Highest Product jar package name databind Highest Product jar package name fasterxml Highest Product jar package name jackson Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://github.com/FasterXML/jackson Low Product Manifest Bundle-Name jackson-databind Medium Product Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-databind Medium Product Manifest Implementation-Title jackson-databind High Product Manifest multi-release true Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product Manifest specification-title jackson-databind Medium Product pom artifactid jackson-databind Highest Product pom groupid com.fasterxml.jackson.core Highest Product pom name jackson-databind High Product pom parent-artifactid jackson-base Medium Product pom parent-groupid com.fasterxml.jackson Medium Product pom url FasterXML/jackson High Version file version 2.14.0 High Version Manifest Bundle-Version 2.14.0 High Version Manifest Implementation-Version 2.14.0 High Version pom version 2.14.0 Highest
CVE-2023-35116 suppress
jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor's perspective is that this is not a valid vulnerability report, because the steps of constructing a cyclic data structure and trying to serialize it cannot be achieved by an external attacker. CWE-770 Allocation of Resources Without Limits or Throttling
CVSSv3:
Base Score: MEDIUM (4.7) Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions:
Description:
General data-binding functionality for Jackson: works on core streaming API License:
The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.14.2/jackson-databind-2.14.2.jar
MD5: c1b12dd14734cd1986132bf55042dd7e
SHA1: 01e71fddbc80bb86f71a6345ac1e8ab8a00e7134
SHA256: 501d3abce4d18dcc381058ec593c5b94477906bba6efbac14dae40a642f77424
Referenced In Project/Scope: Grouper Client:compile
Evidence Type Source Name Value Confidence Vendor file name jackson-databind High Vendor jar package name databind Highest Vendor jar package name fasterxml Highest Vendor jar package name jackson Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://github.com/FasterXML/jackson Low Vendor Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-databind Medium Vendor Manifest Implementation-Vendor FasterXML High Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.core Medium Vendor Manifest multi-release true Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor Manifest specification-vendor FasterXML Low Vendor pom artifactid jackson-databind Highest Vendor pom artifactid jackson-databind Low Vendor pom groupid com.fasterxml.jackson.core Highest Vendor pom name jackson-databind High Vendor pom parent-artifactid jackson-base Low Vendor pom parent-groupid com.fasterxml.jackson Medium Vendor pom url FasterXML/jackson Highest Product file name jackson-databind High Product hint analyzer product java8 Highest Product hint analyzer product modules Highest Product jar package name databind Highest Product jar package name fasterxml Highest Product jar package name jackson Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://github.com/FasterXML/jackson Low Product Manifest Bundle-Name jackson-databind Medium Product Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-databind Medium Product Manifest Implementation-Title jackson-databind High Product Manifest multi-release true Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product Manifest specification-title jackson-databind Medium Product pom artifactid jackson-databind Highest Product pom groupid com.fasterxml.jackson.core Highest Product pom name jackson-databind High Product pom parent-artifactid jackson-base Medium Product pom parent-groupid com.fasterxml.jackson Medium Product pom url FasterXML/jackson High Version file version 2.14.2 High Version Manifest Bundle-Version 2.14.2 High Version Manifest Implementation-Version 2.14.2 High Version pom version 2.14.2 Highest
CVE-2023-35116 suppress
jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor's perspective is that this is not a valid vulnerability report, because the steps of constructing a cyclic data structure and trying to serialize it cannot be achieved by an external attacker. CWE-770 Allocation of Resources Without Limits or Throttling
CVSSv3:
Base Score: MEDIUM (4.7) Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions:
Description:
Support for reading and writing Concise Binary Object Representation
([CBOR](https://www.rfc-editor.org/info/rfc7049)
encoded data using Jackson abstractions (streaming API, data binding, tree model)
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/com/fasterxml/jackson/dataformat/jackson-dataformat-cbor/2.12.6/jackson-dataformat-cbor-2.12.6.jar
MD5: 2bef08f2597473f39e4d9c9de01d3dde
SHA1: 3cd2e6a538f73483c6c59c354ce2276bcdc5ba7b
SHA256: cfa008d15f052e69221e8c3193056ff95c3c594271321ccac8d72dc1a770619c
Referenced In Projects/Scopes: Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name jackson-dataformat-cbor High Vendor jar package name cbor Highest Vendor jar package name dataformat Highest Vendor jar package name fasterxml Highest Vendor jar package name jackson Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl http://github.com/FasterXML/jackson-dataformats-binary Low Vendor Manifest bundle-symbolicname com.fasterxml.jackson.dataformat.jackson-dataformat-cbor Medium Vendor Manifest implementation-build-date 2021-12-15 04:37:17+0000 Low Vendor Manifest Implementation-Vendor FasterXML High Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.dataformat Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Vendor Manifest specification-vendor FasterXML Low Vendor pom artifactid jackson-dataformat-cbor Highest Vendor pom artifactid jackson-dataformat-cbor Low Vendor pom groupid com.fasterxml.jackson.dataformat Highest Vendor pom name Jackson dataformat: CBOR High Vendor pom parent-artifactid jackson-dataformats-binary Low Vendor pom url http://github.com/FasterXML/jackson-dataformats-binary Highest Product file name jackson-dataformat-cbor High Product jar package name cbor Highest Product jar package name dataformat Highest Product jar package name fasterxml Highest Product jar package name jackson Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl http://github.com/FasterXML/jackson-dataformats-binary Low Product Manifest Bundle-Name Jackson dataformat: CBOR Medium Product Manifest bundle-symbolicname com.fasterxml.jackson.dataformat.jackson-dataformat-cbor Medium Product Manifest implementation-build-date 2021-12-15 04:37:17+0000 Low Product Manifest Implementation-Title Jackson dataformat: CBOR High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Product Manifest specification-title Jackson dataformat: CBOR Medium Product pom artifactid jackson-dataformat-cbor Highest Product pom groupid com.fasterxml.jackson.dataformat Highest Product pom name Jackson dataformat: CBOR High Product pom parent-artifactid jackson-dataformats-binary Medium Product pom url http://github.com/FasterXML/jackson-dataformats-binary Medium Version file version 2.12.6 High Version Manifest Bundle-Version 2.12.6 High Version Manifest Implementation-Version 2.12.6 High Version pom version 2.12.6 Highest
Description:
Pile of code that is shared by all Jackson-based JAX-RS
providers.
License:
The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/com/fasterxml/jackson/jaxrs/jackson-jaxrs-base/2.14.0/jackson-jaxrs-base-2.14.0.jar
MD5: 95b3a4295287c202cf3556828bf4faf6
SHA1: f013209a02e9ed57d23e3d9bb1e05da6b0e4afba
SHA256: b2ba9f27eba41c580cb8958c6494e71efc7871bd68682f6363b2759945920451
Referenced In Projects/Scopes: Grouper WS Test:compile Grouper WS:compile Evidence Type Source Name Value Confidence Vendor file name jackson-jaxrs-base High Vendor jar package name base Highest Vendor jar package name fasterxml Highest Vendor jar package name jackson Highest Vendor jar package name jaxrs Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://github.com/FasterXML/jackson-jaxrs-providers/jackson-jaxrs-base Low Vendor Manifest bundle-symbolicname com.fasterxml.jackson.jaxrs.jackson-jaxrs-base Medium Vendor Manifest Implementation-Vendor FasterXML High Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.jaxrs Medium Vendor Manifest multi-release true Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor Manifest specification-vendor FasterXML Low Vendor pom artifactid jackson-jaxrs-base Highest Vendor pom artifactid jackson-jaxrs-base Low Vendor pom groupid com.fasterxml.jackson.jaxrs Highest Vendor pom name Jackson-JAXRS: base High Vendor pom parent-artifactid jackson-jaxrs-providers Low Product file name jackson-jaxrs-base High Product jar package name base Highest Product jar package name fasterxml Highest Product jar package name jackson Highest Product jar package name jaxrs Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://github.com/FasterXML/jackson-jaxrs-providers/jackson-jaxrs-base Low Product Manifest Bundle-Name Jackson-JAXRS: base Medium Product Manifest bundle-symbolicname com.fasterxml.jackson.jaxrs.jackson-jaxrs-base Medium Product Manifest Implementation-Title Jackson-JAXRS: base High Product Manifest multi-release true Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product Manifest specification-title Jackson-JAXRS: base Medium Product pom artifactid jackson-jaxrs-base Highest Product pom groupid com.fasterxml.jackson.jaxrs Highest Product pom name Jackson-JAXRS: base High Product pom parent-artifactid jackson-jaxrs-providers Medium Version file version 2.14.0 High Version Manifest Bundle-Version 2.14.0 High Version Manifest Implementation-Version 2.14.0 High Version pom version 2.14.0 Highest
Description:
Functionality to handle JSON input/output for JAX-RS implementations (like Jersey and RESTeasy) using standard Jackson data binding.
License:
The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/com/fasterxml/jackson/jaxrs/jackson-jaxrs-json-provider/2.14.0/jackson-jaxrs-json-provider-2.14.0.jar
MD5: c283b55e9b2ce98e0d8ad33429e2cd95
SHA1: 96f7f0f834f765aefeeb73e313001060f88fcd12
SHA256: 87465585a13d27491b774e077003d76ce859bffea574ac79bc10903527bd435e
Referenced In Projects/Scopes: Grouper WS Test:compile Grouper WS:compile Evidence Type Source Name Value Confidence Vendor file name jackson-jaxrs-json-provider High Vendor jar package name fasterxml Highest Vendor jar package name jackson Highest Vendor jar package name jaxrs Highest Vendor jar package name json Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://github.com/FasterXML/jackson-jaxrs-providers/jackson-jaxrs-json-provider Low Vendor Manifest bundle-symbolicname com.fasterxml.jackson.jaxrs.jackson-jaxrs-json-provider Medium Vendor Manifest Implementation-Vendor FasterXML High Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.jaxrs Medium Vendor Manifest multi-release true Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor Manifest specification-vendor FasterXML Low Vendor pom artifactid jackson-jaxrs-json-provider Highest Vendor pom artifactid jackson-jaxrs-json-provider Low Vendor pom groupid com.fasterxml.jackson.jaxrs Highest Vendor pom name Jackson-JAXRS: JSON High Vendor pom parent-artifactid jackson-jaxrs-providers Low Product file name jackson-jaxrs-json-provider High Product jar package name fasterxml Highest Product jar package name jackson Highest Product jar package name jaxrs Highest Product jar package name json Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://github.com/FasterXML/jackson-jaxrs-providers/jackson-jaxrs-json-provider Low Product Manifest Bundle-Name Jackson-JAXRS: JSON Medium Product Manifest bundle-symbolicname com.fasterxml.jackson.jaxrs.jackson-jaxrs-json-provider Medium Product Manifest Implementation-Title Jackson-JAXRS: JSON High Product Manifest multi-release true Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product Manifest specification-title Jackson-JAXRS: JSON Medium Product pom artifactid jackson-jaxrs-json-provider Highest Product pom groupid com.fasterxml.jackson.jaxrs Highest Product pom name Jackson-JAXRS: JSON High Product pom parent-artifactid jackson-jaxrs-providers Medium Version file version 2.14.0 High Version Manifest Bundle-Version 2.14.0 High Version Manifest Implementation-Version 2.14.0 High Version pom version 2.14.0 Highest
CVE-2022-45688 suppress
A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data. CWE-787 Out-of-bounds Write
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2023-5072 suppress
Denial of Service in JSON-Java versions up to and including 20230618. A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.
CWE-770 Allocation of Resources Without Limits or Throttling
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions:
Description:
Support for using JAXB annotations as an alternative to "native" Jackson annotations,
for configuring data-binding.
License:
The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/com/fasterxml/jackson/module/jackson-module-jaxb-annotations/2.14.0/jackson-module-jaxb-annotations-2.14.0.jar
MD5: 7181cedd13c14dcbf8b4f55c347e0e6e
SHA1: d224162d974acebab7bb6fb7826a5fd319cebbf7
SHA256: 5ac9a0f78af0fdac22f5a4e25494bee2ed54bf1c760af63aa78a0147eb7f41d0
Referenced In Projects/Scopes: Grouper WS Test:compile Grouper WS:compile Evidence Type Source Name Value Confidence Vendor file name jackson-module-jaxb-annotations High Vendor jar package name fasterxml Highest Vendor jar package name jackson Highest Vendor jar package name jaxb Highest Vendor jar package name module Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://github.com/FasterXML/jackson-modules-base Low Vendor Manifest bundle-symbolicname com.fasterxml.jackson.module.jackson-module-jaxb-annotations Medium Vendor Manifest Implementation-Vendor FasterXML High Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.module Medium Vendor Manifest multi-release true Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor Manifest specification-vendor FasterXML Low Vendor pom artifactid jackson-module-jaxb-annotations Highest Vendor pom artifactid jackson-module-jaxb-annotations Low Vendor pom groupid com.fasterxml.jackson.module Highest Vendor pom name Jackson module: Old JAXB Annotations (javax.xml.bind) High Vendor pom parent-artifactid jackson-modules-base Low Vendor pom url FasterXML/jackson-modules-base Highest Product file name jackson-module-jaxb-annotations High Product jar package name fasterxml Highest Product jar package name jackson Highest Product jar package name jaxb Highest Product jar package name module Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://github.com/FasterXML/jackson-modules-base Low Product Manifest Bundle-Name Jackson module: Old JAXB Annotations (javax.xml.bind) Medium Product Manifest bundle-symbolicname com.fasterxml.jackson.module.jackson-module-jaxb-annotations Medium Product Manifest Implementation-Title Jackson module: Old JAXB Annotations (javax.xml.bind) High Product Manifest multi-release true Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product Manifest specification-title Jackson module: Old JAXB Annotations (javax.xml.bind) Medium Product pom artifactid jackson-module-jaxb-annotations Highest Product pom groupid com.fasterxml.jackson.module Highest Product pom name Jackson module: Old JAXB Annotations (javax.xml.bind) High Product pom parent-artifactid jackson-modules-base Medium Product pom url FasterXML/jackson-modules-base High Version file version 2.14.0 High Version Manifest Bundle-Version 2.14.0 High Version Manifest Implementation-Version 2.14.0 High Version pom version 2.14.0 Highest
Description:
Jakarta Activation API jar License:
http://www.eclipse.org/org/documents/edl-v10.php File Path: /home/grprdist/.m2/repository/jakarta/activation/jakarta.activation-api/1.2.2/jakarta.activation-api-1.2.2.jar
MD5: 1cbb480310fa1987f9db7a3ed7118af7
SHA1: 99f53adba383cb1bf7c3862844488574b559621f
SHA256: a187a939103aef5849a7af84bd7e27be2d120c410af291437375ffe061f4f09d
Referenced In Projects/Scopes: Grouper WS Test:compile Grouper WS:compile Evidence Type Source Name Value Confidence Vendor file name jakarta.activation-api High Vendor jar package name activation Highest Vendor Manifest bundle-docurl https://www.eclipse.org Low Vendor Manifest bundle-symbolicname jakarta.activation-api Medium Vendor Manifest extension-name jakarta.activation Medium Vendor Manifest Implementation-Vendor Eclipse Foundation High Vendor Manifest Implementation-Vendor-Id com.sun Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=9.0))" Low Vendor Manifest specification-vendor Eclipse Foundation Low Vendor pom artifactid jakarta.activation-api Highest Vendor pom artifactid jakarta.activation-api Low Vendor pom groupid jakarta.activation Highest Vendor pom name Jakarta Activation API jar High Vendor pom parent-artifactid all Low Vendor pom parent-groupid com.sun.activation Medium Product file name jakarta.activation-api High Product jar package name activation Highest Product Manifest bundle-docurl https://www.eclipse.org Low Product Manifest Bundle-Name Jakarta Activation API jar Medium Product Manifest bundle-symbolicname jakarta.activation-api Medium Product Manifest extension-name jakarta.activation Medium Product Manifest Implementation-Title jakarta.activation.jakarta.activation-api High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=9.0))" Low Product Manifest specification-title jakarta.activation.jakarta.activation-api Medium Product pom artifactid jakarta.activation-api Highest Product pom groupid jakarta.activation Highest Product pom name Jakarta Activation API jar High Product pom parent-artifactid all Medium Product pom parent-groupid com.sun.activation Medium Version file version 1.2.2 High Version Manifest Bundle-Version 1.2.2 High Version Manifest Implementation-Version 1.2.2 High Version pom version 1.2.2 Highest
Description:
Jakarta Annotations API License:
EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html File Path: /home/grprdist/.m2/repository/jakarta/annotation/jakarta.annotation-api/1.3.5/jakarta.annotation-api-1.3.5.jar
MD5: 8b165cf58df5f8c2a222f637c0a07c97
SHA1: 59eb84ee0d616332ff44aba065f3888cf002cd2d
SHA256: 85fb03fc054cdf4efca8efd9b6712bbb418e1ab98241c4539c8585bbc23e1b8a
Referenced In Projects/Scopes: Grouper WS Test:compile Grouper WS:compile Evidence Type Source Name Value Confidence Vendor file name jakarta.annotation-api High Vendor jar package name annotation Highest Vendor Manifest automatic-module-name java.annotation Medium Vendor Manifest bundle-docurl https://www.eclipse.org Low Vendor Manifest bundle-symbolicname jakarta.annotation-api Medium Vendor Manifest extension-name jakarta.annotation Medium Vendor Manifest Implementation-Vendor Eclipse Foundation High Vendor Manifest Implementation-Vendor-Id org.glassfish Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor Manifest specification-vendor Eclipse Foundation Low Vendor pom artifactid jakarta.annotation-api Highest Vendor pom artifactid jakarta.annotation-api Low Vendor pom developer name Linda De Michiel Medium Vendor pom developer org Oracle Corp. Medium Vendor pom groupid jakarta.annotation Highest Vendor pom name Jakarta Annotations API High Vendor pom parent-artifactid ca-parent Low Vendor pom url https://projects.eclipse.org/projects/ee4j.ca Highest Product file name jakarta.annotation-api High Product jar package name annotation Highest Product Manifest automatic-module-name java.annotation Medium Product Manifest bundle-docurl https://www.eclipse.org Low Product Manifest Bundle-Name Jakarta Annotations API Medium Product Manifest bundle-symbolicname jakarta.annotation-api Medium Product Manifest extension-name jakarta.annotation Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product pom artifactid jakarta.annotation-api Highest Product pom developer name Linda De Michiel Low Product pom developer org Oracle Corp. Low Product pom groupid jakarta.annotation Highest Product pom name Jakarta Annotations API High Product pom parent-artifactid ca-parent Medium Product pom url https://projects.eclipse.org/projects/ee4j.ca Medium Version file version 1.3.5 High Version Manifest Bundle-Version 1.3.5 High Version Manifest Implementation-Version 1.3.5 High Version pom version 1.3.5 Highest
Description:
Injection API (JSR 330) version ${javax.inject.version} repackaged as OSGi bundle License:
http://www.eclipse.org/legal/epl-2.0, https://www.gnu.org/software/classpath/license.html File Path: /home/grprdist/.m2/repository/org/glassfish/hk2/external/jakarta.inject/2.6.1/jakarta.inject-2.6.1.jar
MD5: 4d7c80a1e3cd54531af03bef4537f7af
SHA1: 8096ebf722902e75fbd4f532a751e514f02e1eb7
SHA256: 5e88c123b3e41bca788b2683118867d9b6dec714247ea91c588aed46a36ee24f
Referenced In Projects/Scopes: Grouper WS Test:compile Grouper WS:compile Evidence Type Source Name Value Confidence Vendor file name jakarta.inject High Vendor jar package name inject Highest Vendor jar package name javax Highest Vendor Manifest bundle-docurl http://www.oracle.com Low Vendor Manifest bundle-symbolicname org.glassfish.hk2.external.jakarta.inject Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor pom artifactid jakarta.inject Highest Vendor pom artifactid jakarta.inject Low Vendor pom groupid org.glassfish.hk2.external Highest Vendor pom name javax.inject:${javax-inject.version} as OSGi bundle High Vendor pom parent-artifactid external Low Vendor pom parent-groupid org.glassfish.hk2 Medium Product file name jakarta.inject High Product jar package name inject Highest Product jar package name javax Highest Product Manifest bundle-docurl http://www.oracle.com Low Product Manifest Bundle-Name javax.inject:1 as OSGi bundle Medium Product Manifest bundle-symbolicname org.glassfish.hk2.external.jakarta.inject Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product pom artifactid jakarta.inject Highest Product pom groupid org.glassfish.hk2.external Highest Product pom name javax.inject:${javax-inject.version} as OSGi bundle High Product pom parent-artifactid external Medium Product pom parent-groupid org.glassfish.hk2 Medium Version file version 2.6.1 High Version Manifest Bundle-Version 2.6.1 High Version pom version 2.6.1 Highest
Description:
Jakarta Bean Validation API
License:
Apache License 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/jakarta/validation/jakarta.validation-api/2.0.2/jakarta.validation-api-2.0.2.jar
MD5: 77501d529c1928c9bac2500cc9f93fb0
SHA1: 5eacc6522521f7eacb081f95cee1e231648461e7
SHA256: b42d42428f3d922c892a909fa043287d577c0c5b165ad9b7d568cebf87fc9ea4
Referenced In Projects/Scopes: Grouper WS Test:compile Grouper WS:compile Evidence Type Source Name Value Confidence Vendor file name jakarta.validation-api High Vendor jar package name validation Highest Vendor Manifest automatic-module-name java.validation Medium Vendor Manifest bundle-docurl https://www.eclipse.org Low Vendor Manifest bundle-symbolicname jakarta.validation.jakarta.validation-api Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor pom artifactid jakarta.validation-api Highest Vendor pom artifactid jakarta.validation-api Low Vendor pom developer email emmanuel@hibernate.org Low Vendor pom developer email guillaume.smet@hibernate.org Low Vendor pom developer email gunnar@hibernate.org Low Vendor pom developer email hferents@redhat.com Low Vendor pom developer id emmanuelbernard Medium Vendor pom developer id epbernard Medium Vendor pom developer id guillaume.smet Medium Vendor pom developer id gunnar.morling Medium Vendor pom developer id hardy.ferentschik Medium Vendor pom developer name Emmanuel Bernard Medium Vendor pom developer name Guillaume Smet Medium Vendor pom developer name Gunnar Morling Medium Vendor pom developer name Hardy Ferentschik Medium Vendor pom developer org Red Hat, Inc. Medium Vendor pom groupid jakarta.validation Highest Vendor pom name Jakarta Bean Validation API High Vendor pom parent-artifactid project Low Vendor pom parent-groupid org.eclipse.ee4j Medium Vendor pom url https://beanvalidation.org Highest Product file name jakarta.validation-api High Product jar package name validation Highest Product Manifest automatic-module-name java.validation Medium Product Manifest bundle-docurl https://www.eclipse.org Low Product Manifest Bundle-Name Jakarta Bean Validation API Medium Product Manifest bundle-symbolicname jakarta.validation.jakarta.validation-api Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product pom artifactid jakarta.validation-api Highest Product pom developer email emmanuel@hibernate.org Low Product pom developer email guillaume.smet@hibernate.org Low Product pom developer email gunnar@hibernate.org Low Product pom developer email hferents@redhat.com Low Product pom developer id emmanuelbernard Low Product pom developer id epbernard Low Product pom developer id guillaume.smet Low Product pom developer id gunnar.morling Low Product pom developer id hardy.ferentschik Low Product pom developer name Emmanuel Bernard Low Product pom developer name Guillaume Smet Low Product pom developer name Gunnar Morling Low Product pom developer name Hardy Ferentschik Low Product pom developer org Red Hat, Inc. Low Product pom groupid jakarta.validation Highest Product pom name Jakarta Bean Validation API High Product pom parent-artifactid project Medium Product pom parent-groupid org.eclipse.ee4j Medium Product pom url https://beanvalidation.org Medium Version file version 2.0.2 High Version Manifest Bundle-Version 2.0.2 High Version pom parent-version 2.0.2 Low Version pom version 2.0.2 Highest
Description:
Jakarta RESTful Web Services API License:
EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html File Path: /home/grprdist/.m2/repository/jakarta/ws/rs/jakarta.ws.rs-api/2.1.6/jakarta.ws.rs-api-2.1.6.jar
MD5: c3892382aeb5c54085b22b1890511d29
SHA1: 1dcb770bce80a490dff49729b99c7a60e9ecb122
SHA256: 4cea299c846c8a6e6470cbfc2f7c391bc29b9caa2f9264ac1064ba91691f4adf
Referenced In Projects/Scopes: Grouper WS Test:compile Grouper WS:compile Evidence Type Source Name Value Confidence Vendor file name jakarta.ws.rs-api High Vendor hint analyzer vendor web services Medium Vendor jar package name javax Highest Vendor jar package name rs Highest Vendor jar package name ws Highest Vendor Manifest automatic-module-name java.ws.rs Medium Vendor Manifest bundle-docurl https://www.eclipse.org/org/foundation/ Low Vendor Manifest bundle-symbolicname jakarta.ws.rs-api Medium Vendor Manifest extension-name javax.ws.rs Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor Manifest specification-vendor Oracle Corporation Low Vendor pom artifactid jakarta.ws.rs-api Highest Vendor pom artifactid jakarta.ws.rs-api Low Vendor pom developer email jaxrs-dev@eclipse.org Low Vendor pom developer id developers Medium Vendor pom developer name API Developers Medium Vendor pom groupid jakarta.ws.rs Highest Vendor pom name jakarta.ws.rs-api High Vendor pom organization name Eclipse Foundation High Vendor pom organization url https://www.eclipse.org/org/foundation/ Medium Vendor pom url eclipse-ee4j/jaxrs-api Highest Product file name jakarta.ws.rs-api High Product hint analyzer product web services Medium Product jar package name javax Highest Product jar package name rs Highest Product jar package name ws Highest Product Manifest automatic-module-name java.ws.rs Medium Product Manifest bundle-docurl https://www.eclipse.org/org/foundation/ Low Product Manifest Bundle-Name jakarta.ws.rs-api Medium Product Manifest bundle-symbolicname jakarta.ws.rs-api Medium Product Manifest extension-name javax.ws.rs Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product pom artifactid jakarta.ws.rs-api Highest Product pom developer email jaxrs-dev@eclipse.org Low Product pom developer id developers Low Product pom developer name API Developers Low Product pom groupid jakarta.ws.rs Highest Product pom name jakarta.ws.rs-api High Product pom organization name Eclipse Foundation Low Product pom organization url https://www.eclipse.org/org/foundation/ Low Product pom url eclipse-ee4j/jaxrs-api High Version file version 2.1.6 High Version Manifest Bundle-Version 2.1.6 High Version Manifest Implementation-Version 2.1.6 High Version pom version 2.1.6 Highest
Description:
Jakarta XML Binding API 2.3 Design Specification License:
http://www.eclipse.org/org/documents/edl-v10.php File Path: /home/grprdist/.m2/repository/jakarta/xml/bind/jakarta.xml.bind-api/2.3.3/jakarta.xml.bind-api-2.3.3.jar
MD5: 61286918ca0192e9f87d1358aef718dd
SHA1: 48e3b9cfc10752fba3521d6511f4165bea951801
SHA256: c04539f472e9a6dd0c7685ea82d677282269ab8e7baca2e14500e381e0c6cec5
Referenced In Projects/Scopes: Grouper WS Test:compile Grouper WS:compile Evidence Type Source Name Value Confidence Vendor file name jakarta.xml.bind-api High Vendor jar package name bind Highest Vendor jar package name xml Highest Vendor Manifest build-jdk-spec 11 Low Vendor Manifest bundle-docurl https://www.eclipse.org Low Vendor Manifest bundle-symbolicname jakarta.xml.bind-api Medium Vendor Manifest extension-name jakarta.xml.bind Medium Vendor Manifest implementation-build-id 2.3.3-RELEASE-fd06b2b Low Vendor Manifest multi-release true Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor Manifest specification-vendor Eclipse Foundation Low Vendor pom artifactid jakarta.xml.bind-api Highest Vendor pom artifactid jakarta.xml.bind-api Low Vendor pom groupid jakarta.xml.bind Highest Vendor pom name Jakarta XML Binding API High Vendor pom parent-artifactid jakarta.xml.bind-api-parent Low Product file name jakarta.xml.bind-api High Product jar package name bind Highest Product jar package name xml Highest Product Manifest build-jdk-spec 11 Low Product Manifest bundle-docurl https://www.eclipse.org Low Product Manifest Bundle-Name Jakarta XML Binding API Medium Product Manifest bundle-symbolicname jakarta.xml.bind-api Medium Product Manifest extension-name jakarta.xml.bind Medium Product Manifest implementation-build-id 2.3.3-RELEASE-fd06b2b Low Product Manifest multi-release true Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product pom artifactid jakarta.xml.bind-api Highest Product pom groupid jakarta.xml.bind Highest Product pom name Jakarta XML Binding API High Product pom parent-artifactid jakarta.xml.bind-api-parent Medium Version file version 2.3.3 High Version Manifest Bundle-Version 2.3.3 High Version Manifest Implementation-Version 2.3.3 High Version pom version 2.3.3 Highest
Description:
Parent POM for JBoss projects. Provides default project build configuration. License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/org/jboss/jandex/2.0.4.Final/jandex-2.0.4.Final.jar
MD5: 2938e9457bf0c1fba50d8b03a05218de
SHA1: 1796bb21a7a19a10caa7c555f81da66f4bf490cb
SHA256: f75da95aa66d841c5341480247a39a5c3c615aa6966058306d49a5d3db9b3b61
Referenced In Projects/Scopes: Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name jandex High Vendor hint analyzer vendor redhat Highest Vendor jar package name indexer Highest Vendor jar package name jandex Highest Vendor jar package name jboss Highest Vendor Manifest build-timestamp Mon, 23 Oct 2017 13:00:50 -0500 Low Vendor Manifest bundle-docurl http://www.jboss.org Low Vendor Manifest bundle-symbolicname org.jboss.jandex Medium Vendor Manifest implementation-url http://www.jboss.org/jandex Low Vendor Manifest Implementation-Vendor JBoss by Red Hat High Vendor Manifest Implementation-Vendor-Id org.jboss Medium Vendor Manifest os-arch amd64 Low Vendor Manifest os-name Linux Medium Vendor Manifest specification-vendor JBoss by Red Hat Low Vendor pom artifactid jandex Highest Vendor pom artifactid jandex Low Vendor pom groupid org.jboss Highest Vendor pom name Java Annotation Indexer High Vendor pom parent-artifactid jboss-parent Low Product file name jandex High Product jar package name indexer Highest Product jar package name jandex Highest Product jar package name jboss Highest Product Manifest build-timestamp Mon, 23 Oct 2017 13:00:50 -0500 Low Product Manifest bundle-docurl http://www.jboss.org Low Product Manifest Bundle-Name Java Annotation Indexer Medium Product Manifest bundle-symbolicname org.jboss.jandex Medium Product Manifest Implementation-Title Java Annotation Indexer High Product Manifest implementation-url http://www.jboss.org/jandex Low Product Manifest os-arch amd64 Low Product Manifest os-name Linux Medium Product Manifest specification-title Java Annotation Indexer Medium Product pom artifactid jandex Highest Product pom groupid org.jboss Highest Product pom name Java Annotation Indexer High Product pom parent-artifactid jboss-parent Medium Version Manifest Bundle-Version 2.0.4.Final High Version Manifest Implementation-Version 2.0.4.Final High Version pom parent-version 2.0.4.Final Low Version pom version 2.0.4.Final Highest
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/com/googlecode/java-ipv6/java-ipv6/0.17/java-ipv6-0.17.jar
MD5: 7eab662f5ec5c0f1d964e1c551a5ac02
SHA1: 243426a162fa169ad40f5f59cb957321f00cba3f
SHA256: 37cf71baf707041cb494834c559ad12b631f5c7747c804ec19598bc0e0f01162
Referenced In Projects/Scopes: Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name java-ipv6 High Vendor jar package name googlecode Highest Vendor jar package name googlecode Low Vendor jar package name ipv6 Highest Vendor jar package name ipv6 Low Vendor pom artifactid java-ipv6 Highest Vendor pom artifactid java-ipv6 Low Vendor pom groupid com.googlecode.java-ipv6 Highest Vendor pom name Java IPv6 Library High Vendor pom url janvanbesien/java-ipv6/ Highest Product file name java-ipv6 High Product jar package name googlecode Highest Product jar package name ipv6 Highest Product jar package name ipv6 Low Product pom artifactid java-ipv6 Highest Product pom groupid com.googlecode.java-ipv6 Highest Product pom name Java IPv6 Library High Product pom url janvanbesien/java-ipv6/ High Version file version 0.17 High Version pom version 0.17 Highest
Description:
Java implementation of JSON Web Token (JWT) License:
The MIT License (MIT): https://raw.githubusercontent.com/auth0/java-jwt/master/LICENSE File Path: /home/grprdist/.m2/repository/com/auth0/java-jwt/3.10.3/java-jwt-3.10.3.jar
MD5: 69ca7c81203e238a71437325580b3663
SHA1: 138b7ea9ca2c8c8e66acf5a70e809490bcf08955
SHA256: c5901a5dadf420867cd6cb598f7ae09b0cde7f7e46b7e1a70b56be8d5a5c64a6
Referenced In Projects/Scopes: Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name java-jwt High Vendor jar package name auth0 Highest Vendor jar package name jwt Highest Vendor pom artifactid java-jwt Highest Vendor pom artifactid java-jwt Low Vendor pom developer email hernan@auth0.com Low Vendor pom developer email luciano.balmaceda@auth0.com Low Vendor pom developer email oss@auth0.com Low Vendor pom developer id auth0 Medium Vendor pom developer id hzalaz Medium Vendor pom developer id lbalmaceda Medium Vendor pom developer name Auth0 Medium Vendor pom developer name Hernan Zalazar Medium Vendor pom developer name Luciano Balmaceda Medium Vendor pom groupid com.auth0 Highest Vendor pom name java jwt High Vendor pom url auth0/java-jwt Highest Product file name java-jwt High Product jar package name auth0 Highest Product jar package name jwt Highest Product Manifest Implementation-Title java-jwt High Product pom artifactid java-jwt Highest Product pom developer email hernan@auth0.com Low Product pom developer email luciano.balmaceda@auth0.com Low Product pom developer email oss@auth0.com Low Product pom developer id auth0 Low Product pom developer id hzalaz Low Product pom developer id lbalmaceda Low Product pom developer name Auth0 Low Product pom developer name Hernan Zalazar Low Product pom developer name Luciano Balmaceda Low Product pom groupid com.auth0 Highest Product pom name java jwt High Product pom url auth0/java-jwt High Version file version 3.10.3 High Version Manifest Implementation-Version 3.10.3 High Version pom version 3.10.3 Highest
Description:
Java(TM) EE 7 Specification APIs License:
CDDL + GPLv2 with classpath exception: http://glassfish.java.net/nonav/public/CDDL+GPL.html File Path: /home/grprdist/.m2/repository/javax/javaee-api/7.0/javaee-api-7.0.jar
MD5: 4574e0b1f14590cb3280d37a6cedc27d
SHA1: 51399f902cc27a808122edcbebfaa1ad989954ba
SHA256: 16e51bfb2a6ed95d600e7a541e53a42b8d39c87d23b5f0e6460dd0dffe84903e
Referenced In Project/Scope: Grouper WS:provided
Evidence Type Source Name Value Confidence Vendor file name javaee-api High Vendor jar package name api Highest Vendor jar package name javax Highest Vendor jar package name javax Low Vendor pom artifactid javaee-api Highest Vendor pom artifactid javaee-api Low Vendor pom developer id ldemichiel Medium Vendor pom developer id shannon Medium Vendor pom developer name Bill Shannon Medium Vendor pom developer name Linda De Michiel Medium Vendor pom developer org Oracle Corp. Medium Vendor pom groupid javax Highest Vendor pom groupid org.glassfish.main Highest Vendor pom name Java(TM) EE 7 Specification APIs High Vendor pom parent-artifactid javaee-api-parent Low Vendor pom parent-artifactid jvnet-parent Low Vendor pom parent-groupid net.java Medium Product file name javaee-api High Product jar package name api Highest Product jar package name javax Highest Product pom artifactid javaee-api Highest Product pom developer id ldemichiel Low Product pom developer id shannon Low Product pom developer name Bill Shannon Low Product pom developer name Linda De Michiel Low Product pom developer org Oracle Corp. Low Product pom groupid javax Highest Product pom groupid org.glassfish.main Highest Product pom name Java(TM) EE 7 Specification APIs High Product pom parent-artifactid javaee-api-parent Medium Product pom parent-artifactid jvnet-parent Medium Product pom parent-groupid net.java Medium Version file version 7.0 High Version pom parent-version 7.0 Low Version pom version 7.0 Highest
Description:
Javassist (JAVA programming ASSISTant) makes Java bytecode manipulation
simple. It is a class library for editing bytecodes in Java.
License:
MPL 1.1: http://www.mozilla.org/MPL/MPL-1.1.html
LGPL 2.1: http://www.gnu.org/licenses/lgpl-2.1.html
Apache License 2.0: http://www.apache.org/licenses/ File Path: /home/grprdist/.m2/repository/org/javassist/javassist/3.22.0-GA/javassist-3.22.0-GA.jar
MD5: 69f277ed4c6631e45ec4cacd0e6e46c6
SHA1: 3e83394258ae2089be7219b971ec21a8288528ad
SHA256: 59531c00f3e3aa1ff48b3a8cf4ead47d203ab0e2fd9e0ad401f764e05947e252
Referenced In Projects/Scopes: Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name javassist High Vendor jar package name bytecode Highest Vendor jar package name javassist Highest Vendor Manifest bundle-symbolicname javassist Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor Manifest specification-vendor Shigeru Chiba, www.javassist.org Low Vendor pom artifactid javassist Highest Vendor pom artifactid javassist Low Vendor pom developer email adinn@redhat.com Low Vendor pom developer email chiba@javassist.org Low Vendor pom developer email kabir.khan@jboss.com Low Vendor pom developer email smarlow@redhat.com Low Vendor pom developer id adinn Medium Vendor pom developer id chiba Medium Vendor pom developer id kabir.khan@jboss.com Medium Vendor pom developer id scottmarlow Medium Vendor pom developer name Andrew Dinn Medium Vendor pom developer name Kabir Khan Medium Vendor pom developer name Scott Marlow Medium Vendor pom developer name Shigeru Chiba Medium Vendor pom developer org JBoss Medium Vendor pom developer org The Javassist Project Medium Vendor pom developer org URL http://www.javassist.org/ Medium Vendor pom developer org URL http://www.jboss.org/ Medium Vendor pom groupid org.javassist Highest Vendor pom name Javassist High Vendor pom organization name Shigeru Chiba, www.javassist.org High Vendor pom url http://www.javassist.org/ Highest Product file name javassist High Product jar package name bytecode Highest Product jar package name javassist Highest Product Manifest Bundle-Name Javassist Medium Product Manifest bundle-symbolicname javassist Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product Manifest specification-title Javassist Medium Product pom artifactid javassist Highest Product pom developer email adinn@redhat.com Low Product pom developer email chiba@javassist.org Low Product pom developer email kabir.khan@jboss.com Low Product pom developer email smarlow@redhat.com Low Product pom developer id adinn Low Product pom developer id chiba Low Product pom developer id kabir.khan@jboss.com Low Product pom developer id scottmarlow Low Product pom developer name Andrew Dinn Low Product pom developer name Kabir Khan Low Product pom developer name Scott Marlow Low Product pom developer name Shigeru Chiba Low Product pom developer org JBoss Low Product pom developer org The Javassist Project Low Product pom developer org URL http://www.javassist.org/ Low Product pom developer org URL http://www.jboss.org/ Low Product pom groupid org.javassist Highest Product pom name Javassist High Product pom organization name Shigeru Chiba, www.javassist.org Low Product pom url http://www.javassist.org/ Medium Version Manifest specification-version 3.22.0-GA High Version pom version 3.22.0-GA Highest
Description:
JavaBeans Activation Framework API jar License:
https://github.com/javaee/activation/blob/master/LICENSE.txt File Path: /home/grprdist/.m2/repository/javax/activation/javax.activation-api/1.2.0/javax.activation-api-1.2.0.jar
MD5: 5e50e56bcf4a3ef3bc758f69f7643c3b
SHA1: 85262acf3ca9816f9537ca47d5adeabaead7cb16
SHA256: 43fdef0b5b6ceb31b0424b208b930c74ab58fac2ceeb7b3f6fd3aeb8b5ca4393
Referenced In Projects/Scopes: Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name javax.activation-api High Vendor jar package name activation Highest Vendor jar package name javax Highest Vendor Manifest automatic-module-name java.activation Medium Vendor Manifest bundle-docurl http://www.oracle.com Low Vendor Manifest bundle-symbolicname javax.activation-api Medium Vendor Manifest extension-name javax.activation Medium Vendor Manifest Implementation-Vendor Oracle High Vendor Manifest Implementation-Vendor-Id com.sun Medium Vendor Manifest originally-created-by 1.8.0_141 (Oracle Corporation) Low Vendor Manifest specification-vendor Oracle Low Vendor Manifest (hint) Implementation-Vendor sun High Vendor Manifest (hint) specification-vendor sun Low Vendor pom artifactid javax.activation-api Highest Vendor pom artifactid javax.activation-api Low Vendor pom groupid javax.activation Highest Vendor pom name JavaBeans Activation Framework API jar High Vendor pom parent-artifactid all Low Vendor pom parent-groupid com.sun.activation Medium Product file name javax.activation-api High Product jar package name activation Highest Product jar package name javax Highest Product Manifest automatic-module-name java.activation Medium Product Manifest bundle-docurl http://www.oracle.com Low Product Manifest Bundle-Name JavaBeans Activation Framework API jar Medium Product Manifest bundle-symbolicname javax.activation-api Medium Product Manifest extension-name javax.activation Medium Product Manifest Implementation-Title javax.activation.javax.activation-api High Product Manifest originally-created-by 1.8.0_141 (Oracle Corporation) Low Product Manifest specification-title javax.activation.javax.activation-api Medium Product pom artifactid javax.activation-api Highest Product pom groupid javax.activation Highest Product pom name JavaBeans Activation Framework API jar High Product pom parent-artifactid all Medium Product pom parent-groupid com.sun.activation Medium Version file version 1.2.0 High Version Manifest Bundle-Version 1.2.0 High Version Manifest Implementation-Version 1.2.0 High Version pom version 1.2.0 Highest
Description:
JavaMail API License:
https://glassfish.java.net/public/CDDL+GPL_1_1.html File Path: /home/grprdist/.m2/repository/com/sun/mail/javax.mail/1.5.0/javax.mail-1.5.0.jar
MD5: dabf8c0f32c7f6eb5c87aebd53e07fce
SHA1: ec2410fdf7e0a3022e7c2a2e6241039d1abc1e98
SHA256: 9568765e086609fc4d511b27cb89b3351a40ebda0552852a7daf65b769a01511
Referenced In Project/Scope: Grouper WS:provided
Evidence Type Source Name Value Confidence Vendor file name javax.mail High Vendor jar package name javax Highest Vendor jar package name mail Highest Vendor jar package name provider Highest Vendor jar package name sun Highest Vendor jar (hint) package name oracle Highest Vendor Manifest bundle-docurl http://www.oracle.com Low Vendor Manifest bundle-symbolicname com.sun.mail.javax.mail Medium Vendor Manifest extension-name javax.mail Medium Vendor Manifest Implementation-Vendor Oracle High Vendor Manifest Implementation-Vendor-Id com.sun Medium Vendor Manifest probe-provider-xml-file-names META-INF/gfprobe-provider.xml Medium Vendor Manifest specification-vendor Oracle Low Vendor Manifest (hint) Implementation-Vendor sun High Vendor Manifest (hint) specification-vendor sun Low Vendor pom artifactid javax.mail Highest Vendor pom artifactid javax.mail Low Vendor pom groupid com.sun.mail Highest Vendor pom name JavaMail API High Vendor pom parent-artifactid all Low Product file name javax.mail High Product jar package name javax Highest Product jar package name mail Highest Product jar package name provider Highest Product jar package name sun Highest Product Manifest bundle-docurl http://www.oracle.com Low Product Manifest Bundle-Name JavaMail API Medium Product Manifest bundle-symbolicname com.sun.mail.javax.mail Medium Product Manifest extension-name javax.mail Medium Product Manifest Implementation-Title javax.mail High Product Manifest probe-provider-xml-file-names META-INF/gfprobe-provider.xml Medium Product Manifest specification-title JavaMail(TM) API Design Specification Medium Product pom artifactid javax.mail Highest Product pom groupid com.sun.mail Highest Product pom name JavaMail API High Product pom parent-artifactid all Medium Version file version 1.5.0 High Version Manifest Bundle-Version 1.5.0 High Version Manifest Implementation-Version 1.5.0 High Version pom version 1.5.0 Highest
Description:
Java(TM) Persistence API License:
Eclipse Public License v1.0: http://www.eclipse.org/legal/epl-v10.html
Eclipse Distribution License v. 1.0: http://www.eclipse.org/org/documents/edl-v10.php File Path: /home/grprdist/.m2/repository/javax/persistence/javax.persistence-api/2.2/javax.persistence-api-2.2.jar
MD5: e6520b3435f5b6d58eee415b5542abf8
SHA1: 25665ac8c0b62f50e6488173233239120fc52c96
SHA256: 5578b71b37999a5eaed3fea0d14aa61c60c6ec6328256f2b63472f336318baf4
Referenced In Projects/Scopes: Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name javax.persistence-api High Vendor jar package name javax Highest Vendor jar package name persistence Highest Vendor Manifest automatic-module-name java.persistence Medium Vendor Manifest bundle-symbolicname javax.persistence-api Medium Vendor Manifest extension-name javax.persistence Medium Vendor Manifest Implementation-Vendor-Id com.oracle Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor Manifest specification-vendor Oracle Corporation Low Vendor pom artifactid javax.persistence-api Highest Vendor pom artifactid javax.persistence-api Low Vendor pom groupid javax.persistence Highest Vendor pom parent-artifactid jvnet-parent Low Vendor pom parent-groupid net.java Medium Vendor pom url javaee/jpa-spec Highest Product file name javax.persistence-api High Product jar package name javax Highest Product jar package name persistence Highest Product jar package name version Highest Product Manifest automatic-module-name java.persistence Medium Product Manifest Bundle-Name Java(TM) Persistence API jar Medium Product Manifest bundle-symbolicname javax.persistence-api Medium Product Manifest extension-name javax.persistence Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product pom artifactid javax.persistence-api Highest Product pom groupid javax.persistence Highest Product pom parent-artifactid jvnet-parent Medium Product pom parent-groupid net.java Medium Product pom url javaee/jpa-spec High Version file version 2.2 High Version Manifest Bundle-Version 2.2 High Version Manifest Implementation-Version 2.2 High Version pom parent-version 2.2 Low Version pom version 2.2 Highest
Description:
Java(TM) Servlet 3.1 API Design Specification License:
CDDL + GPLv2 with classpath exception: https://glassfish.dev.java.net/nonav/public/CDDL+GPL.html File Path: /home/grprdist/.m2/repository/javax/servlet/javax.servlet-api/3.1.0/javax.servlet-api-3.1.0.jar
MD5: 79de69e9f5ed8c7fcb8342585732bbf7
SHA1: 3cd63d075497751784b2fa84be59432f4905bf7c
SHA256: af456b2dd41c4e82cf54f3e743bc678973d9fe35bd4d3071fa05c7e5333b8482
Referenced In Projects/Scopes: Grouper API:provided Grouper WS:provided Grouper UI:provided Evidence Type Source Name Value Confidence Vendor file name javax.servlet-api High Vendor jar package name javax Highest Vendor jar package name servlet Highest Vendor Manifest bundle-docurl https://glassfish.dev.java.net Low Vendor Manifest bundle-symbolicname javax.servlet-api Medium Vendor Manifest extension-name javax.servlet Medium Vendor Manifest Implementation-Vendor GlassFish Community High Vendor Manifest Implementation-Vendor-Id org.glassfish Medium Vendor Manifest specification-vendor Oracle Corporation Low Vendor pom artifactid javax.servlet-api Highest Vendor pom artifactid javax.servlet-api Low Vendor pom developer id mode Medium Vendor pom developer id swchan2 Medium Vendor pom developer name Rajiv Mordani Medium Vendor pom developer name Shing Wai Chan Medium Vendor pom developer org Oracle Medium Vendor pom groupid javax.servlet Highest Vendor pom name Java Servlet API High Vendor pom organization name GlassFish Community High Vendor pom organization url https://glassfish.dev.java.net Medium Vendor pom parent-artifactid jvnet-parent Low Vendor pom parent-groupid net.java Medium Vendor pom url http://servlet-spec.java.net Highest Vendor pom (hint) developer org sun Medium Product file name javax.servlet-api High Product jar package name javax Highest Product jar package name servlet Highest Product Manifest bundle-docurl https://glassfish.dev.java.net Low Product Manifest Bundle-Name Java Servlet API Medium Product Manifest bundle-symbolicname javax.servlet-api Medium Product Manifest extension-name javax.servlet Medium Product pom artifactid javax.servlet-api Highest Product pom developer id mode Low Product pom developer id swchan2 Low Product pom developer name Rajiv Mordani Low Product pom developer name Shing Wai Chan Low Product pom developer org Oracle Low Product pom groupid javax.servlet Highest Product pom name Java Servlet API High Product pom organization name GlassFish Community Low Product pom organization url https://glassfish.dev.java.net Low Product pom parent-artifactid jvnet-parent Medium Product pom parent-groupid net.java Medium Product pom url http://servlet-spec.java.net Medium Version file version 3.1.0 High Version Manifest Bundle-Version 3.1.0 High Version Manifest Implementation-Version 3.1.0 High Version pom parent-version 3.1.0 Low Version pom version 3.1.0 Highest
Description:
Java.net - The Source for Java Technology Collaboration License:
CDDL + GPLv2 with classpath exception: http://glassfish.dev.java.net/nonav/public/CDDL+GPL.html File Path: /home/grprdist/.m2/repository/javax/servlet/jsp/javax.servlet.jsp-api/2.3.2-b02/javax.servlet.jsp-api-2.3.2-b02.jar
MD5: 5a0f2ffd45ce2722ab1c096571dbefc4
SHA1: 0287387015b38bb4fc5d5f085c938ab51bf82b00
SHA256: baf462a8b451bb2e00aebab92adc8005fa42f11b82b8e7335165842d80413d16
Referenced In Project/Scope: Grouper UI:provided
Evidence Type Source Name Value Confidence Vendor file name javax.servlet.jsp-api High Vendor jar package name javax Highest Vendor jar package name jsp Highest Vendor jar package name servlet Highest Vendor Manifest bundle-docurl http://glassfish.org Low Vendor Manifest bundle-symbolicname javax.servlet.jsp-api Medium Vendor Manifest extension-name javax.servlet.jsp Medium Vendor Manifest Implementation-Vendor Oracle Corporation High Vendor Manifest specification-vendor Oracle Corporation Low Vendor pom artifactid javax.servlet.jsp-api Highest Vendor pom artifactid javax.servlet.jsp-api Low Vendor pom developer id kchung Medium Vendor pom developer name Kin-man Chung Medium Vendor pom developer org Oracle Corporation Medium Vendor pom groupid javax.servlet.jsp Highest Vendor pom name JavaServer Pages(TM) API High Vendor pom organization name GlassFish Community High Vendor pom organization url http://glassfish.org Medium Vendor pom parent-artifactid jvnet-parent Low Vendor pom parent-groupid net.java Medium Vendor pom url http://jsp.java.net Highest Product file name javax.servlet.jsp-api High Product jar package name javax Highest Product jar package name jsp Highest Product jar package name servlet Highest Product Manifest bundle-docurl http://glassfish.org Low Product Manifest Bundle-Name JavaServer Pages(TM) API Medium Product Manifest bundle-symbolicname javax.servlet.jsp-api Medium Product Manifest extension-name javax.servlet.jsp Medium Product pom artifactid javax.servlet.jsp-api Highest Product pom developer id kchung Low Product pom developer name Kin-man Chung Low Product pom developer org Oracle Corporation Low Product pom groupid javax.servlet.jsp Highest Product pom name JavaServer Pages(TM) API High Product pom organization name GlassFish Community Low Product pom organization url http://glassfish.org Low Product pom parent-artifactid jvnet-parent Medium Product pom parent-groupid net.java Medium Product pom url http://jsp.java.net Medium Version Manifest Implementation-Version 2.3.2-b02 High Version pom parent-version 2.3.2-b02 Low Version pom version 2.3.2-b02 Highest
Description:
Java.net - The Source for Java Technology Collaboration License:
CDDL + GPLv2 with classpath exception: http://glassfish.dev.java.net/nonav/public/CDDL+GPL.html File Path: /home/grprdist/.m2/repository/javax/servlet/jsp/jstl/javax.servlet.jsp.jstl-api/1.2.1/javax.servlet.jsp.jstl-api-1.2.1.jar
MD5: e81f03bad3a397e1a07561e4b00be00b
SHA1: f072f63ab1689e885ac40c221df3e6bb3e64a84a
SHA256: f8fe158caa6c220bbc2d94da08773af101909da02ff61725392b7c603dd693e0
Referenced In Project/Scope: Grouper UI:compile
Evidence Type Source Name Value Confidence Vendor file name javax.servlet.jsp.jstl-api High Vendor jar package name javax Highest Vendor jar package name jsp Highest Vendor jar package name jstl Highest Vendor jar package name servlet Highest Vendor Manifest bundle-docurl http://glassfish.org Low Vendor Manifest bundle-symbolicname javax.servlet.jsp.jstl-api Medium Vendor Manifest extension-name javax.servlet.jsp.jstl Medium Vendor Manifest Implementation-Vendor Oracle Corporation High Vendor Manifest specification-vendor Oracle Corporation Low Vendor pom artifactid javax.servlet.jsp.jstl-api Highest Vendor pom artifactid javax.servlet.jsp.jstl-api Low Vendor pom developer id kchung Medium Vendor pom developer name Kin Man Chung Medium Vendor pom developer org Oracle Corporation Medium Vendor pom groupid javax.servlet.jsp.jstl Highest Vendor pom name JavaServer Pages(TM) Standard Tag Library API High Vendor pom organization name GlassFish Community High Vendor pom organization url http://glassfish.org Medium Vendor pom parent-artifactid jvnet-parent Low Vendor pom parent-groupid net.java Medium Vendor pom url http://jcp.org/en/jsr/detail?id=52 Highest Product file name javax.servlet.jsp.jstl-api High Product jar package name javax Highest Product jar package name jsp Highest Product jar package name jstl Highest Product jar package name servlet Highest Product Manifest bundle-docurl http://glassfish.org Low Product Manifest Bundle-Name JavaServer Pages(TM) Standard Tag Library API Medium Product Manifest bundle-symbolicname javax.servlet.jsp.jstl-api Medium Product Manifest extension-name javax.servlet.jsp.jstl Medium Product pom artifactid javax.servlet.jsp.jstl-api Highest Product pom developer id kchung Low Product pom developer name Kin Man Chung Low Product pom developer org Oracle Corporation Low Product pom groupid javax.servlet.jsp.jstl Highest Product pom name JavaServer Pages(TM) Standard Tag Library API High Product pom organization name GlassFish Community Low Product pom organization url http://glassfish.org Low Product pom parent-artifactid jvnet-parent Medium Product pom parent-groupid net.java Medium Product pom url http://jcp.org/en/jsr/detail?id=52 Medium Version file version 1.2.1 High Version Manifest Bundle-Version 1.2.1 High Version Manifest Implementation-Version 1.2.1 High Version pom parent-version 1.2.1 Low Version pom version 1.2.1 Highest
File Path: /home/grprdist/.m2/repository/javax/xml/bind/jaxb-api/2.2/jaxb-api-2.2.jarMD5: cc9e4d0fb397b4ab294a4bdde36177ebSHA1: bcf23b1d858c6f69d67c851d497984d25345d0b1SHA256: 34c022696b577e984d42641428e6e49a8afa0257c4ec96feff36e4b67c093390Referenced In Project/Scope: Grouper SCIM:compile
Evidence Type Source Name Value Confidence Vendor file name jaxb-api High Vendor jar package name bind Highest Vendor jar package name javax Highest Vendor jar package name jaxb Highest Vendor jar package name xml Highest Vendor Manifest extension-name javax.xml.bind Medium Vendor Manifest specification-vendor Sun Microsystems, Inc. Low Vendor pom artifactid jaxb-api Highest Vendor pom artifactid jaxb-api Low Vendor pom groupid javax.xml.bind Highest Product file name jaxb-api High Product jar package name bind Highest Product jar package name javax Highest Product jar package name jaxb Highest Product jar package name xml Highest Product Manifest extension-name javax.xml.bind Medium Product Manifest specification-title Java Architecture for XML Binding Medium Product pom artifactid jaxb-api Highest Product pom groupid javax.xml.bind Highest Version file version 2.2 High Version Manifest specification-version 2.2 High Version pom version 2.2 Highest
Description:
JAXB (JSR 222) API License:
https://oss.oracle.com/licenses/CDDL+GPL-1.1, https://oss.oracle.com/licenses/CDDL+GPL-1.1 File Path: /home/grprdist/.m2/repository/javax/xml/bind/jaxb-api/2.3.1/jaxb-api-2.3.1.jar
MD5: bcf270d320f645ad19f5edb60091e87f
SHA1: 8531ad5ac454cc2deb9d4d32c40c4d7451939b5d
SHA256: 88b955a0df57880a26a74708bc34f74dcaf8ebf4e78843a28b50eae945732b06
Referenced In Projects/Scopes: Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name jaxb-api High Vendor jar package name bind Highest Vendor jar package name javax Highest Vendor jar package name jaxb Highest Vendor jar package name xml Highest Vendor Manifest bundle-docurl http://www.oracle.com/ Low Vendor Manifest bundle-symbolicname jaxb-api Medium Vendor Manifest extension-name javax.xml.bind Medium Vendor Manifest implementation-build-id UNKNOWN-7de2ca118a0cfc4a373872915aef59148dff5f93, 2018-09-12T06:28:43-0700 Low Vendor Manifest Implementation-Vendor Oracle Corporation High Vendor Manifest Implementation-Vendor-Id org.glassfish Medium Vendor Manifest multi-release true Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version>=1.8))" Low Vendor Manifest specification-vendor Oracle Corporation Low Vendor pom artifactid jaxb-api Highest Vendor pom artifactid jaxb-api Low Vendor pom groupid javax.xml.bind Highest Vendor pom parent-artifactid jaxb-api-parent Low Product file name jaxb-api High Product jar package name bind Highest Product jar package name javax Highest Product jar package name jaxb Highest Product jar package name xml Highest Product Manifest bundle-docurl http://www.oracle.com/ Low Product Manifest Bundle-Name jaxb-api Medium Product Manifest bundle-symbolicname jaxb-api Medium Product Manifest extension-name javax.xml.bind Medium Product Manifest implementation-build-id UNKNOWN-7de2ca118a0cfc4a373872915aef59148dff5f93, 2018-09-12T06:28:43-0700 Low Product Manifest multi-release true Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version>=1.8))" Low Product Manifest specification-title jaxb-api Medium Product pom artifactid jaxb-api Highest Product pom groupid javax.xml.bind Highest Product pom parent-artifactid jaxb-api-parent Medium Version file version 2.3.1 High Version Manifest Bundle-Version 2.3.1 High Version pom version 2.3.1 Highest
Description:
JAXB (JSR 222) reference implementation License:
CDDL 1.0: https://glassfish.dev.java.net/public/CDDL+GPL.html
GPL2 w/ CPE: https://glassfish.dev.java.net/public/CDDL+GPL.html File Path: /home/grprdist/.m2/repository/com/sun/xml/bind/jaxb-impl/2.2.1.1/jaxb-impl-2.2.1.1.jar
MD5: dac518925b66b9e6c1a510179e5bd690
SHA1: 12b12db16f9f63f9e6b842a676d09a5c195d1dde
SHA256: f1a30f934a2dce2a68c30fbdfa2657cf24be774415df66f54fce5547015a781c
Referenced In Project/Scope: Grouper SCIM:compile
Evidence Type Source Name Value Confidence Vendor file name jaxb-impl High Vendor jar package name bind Highest Vendor jar package name sun Highest Vendor jar package name xml Highest Vendor jar (hint) package name oracle Highest Vendor Manifest extension-name com.sun.xml.bind Medium Vendor Manifest Implementation-Vendor Sun Microsystems, Inc. High Vendor Manifest Implementation-Vendor-Id com.sun Medium Vendor Manifest specification-vendor Sun Microsystems, Inc. Low Vendor pom artifactid jaxb-impl Highest Vendor pom artifactid jaxb-impl Low Vendor pom groupid com.sun.xml.bind Highest Vendor pom name JAXB RI High Vendor pom url https://jaxb.dev.java.net/ Highest Product file name jaxb-impl High Product jar package name bind Highest Product jar package name sun Highest Product jar package name xml Highest Product Manifest extension-name com.sun.xml.bind Medium Product Manifest Implementation-Title JAXB Reference Implementation High Product Manifest specification-title Java Architecture for XML Binding Medium Product pom artifactid jaxb-impl Highest Product pom groupid com.sun.xml.bind Highest Product pom name JAXB RI High Product pom url https://jaxb.dev.java.net/ Medium Version file version 2.2.1.1 High Version pom version 2.2.1.1 Highest
Description:
JAXB (JSR 222) Reference Implementation File Path: /home/grprdist/.m2/repository/org/glassfish/jaxb/jaxb-runtime/2.3.1/jaxb-runtime-2.3.1.jarMD5: 848098e3eda0d37738d51a7acacd8e95SHA1: dd6dda9da676a54c5b36ca2806ff95ee017d8738SHA256: 45fecfa5c8217ce1f3652ab95179790ec8cc0dec0384bca51cbeb94a293d9f2fReferenced In Projects/Scopes:
Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name jaxb-runtime High Vendor jar package name bind Highest Vendor jar package name sun Highest Vendor jar package name xml Highest Vendor jar (hint) package name oracle Highest Vendor Manifest git-revision ad5fa4c697632694cbcfa80177707db908cd98b2 Low Vendor Manifest Implementation-Vendor Oracle High Vendor Manifest Implementation-Vendor-Id com.oracle Medium Vendor Manifest (hint) Implementation-Vendor sun High Vendor pom artifactid jaxb-runtime Highest Vendor pom artifactid jaxb-runtime Low Vendor pom groupid org.glassfish.jaxb Highest Vendor pom name JAXB Runtime High Vendor pom parent-artifactid jaxb-runtime-parent Low Vendor pom parent-groupid com.sun.xml.bind.mvn Medium Product file name jaxb-runtime High Product jar package name bind Highest Product jar package name sun Highest Product jar package name xml Highest Product Manifest git-revision ad5fa4c697632694cbcfa80177707db908cd98b2 Low Product Manifest Implementation-Title JAXB Implementation High Product Manifest specification-title Java Architecture for XML Binding Medium Product pom artifactid jaxb-runtime Highest Product pom groupid org.glassfish.jaxb Highest Product pom name JAXB Runtime High Product pom parent-artifactid jaxb-runtime-parent Medium Product pom parent-groupid com.sun.xml.bind.mvn Medium Version file version 2.3.1 High Version Manifest build-id 2.3.1 Medium Version Manifest Implementation-Version 2.3.1 High Version Manifest major-version 2.3.1 Medium Version pom version 2.3.1 Highest
Description:
Jaxen is a universal Java XPath engine. File Path: /home/grprdist/.m2/repository/jaxen/jaxen/1.1.1/jaxen-1.1.1.jarMD5: 261d1aa59865842ecc32b3848b0c6538SHA1: 9f5d3c5974dbe5cf69c2c2ec7d8a4eb6e0fce7f9SHA256: 160958f42f60fff817d6c0b1b02fd9284b3f0fcb46e61d38866f65b7af4d329dReferenced In Project/Scope: Grouper SCIM:compile
Evidence Type Source Name Value Confidence Vendor file name jaxen High Vendor jar package name jaxen Highest Vendor jar package name xpath Highest Vendor Manifest extension-name jaxen Medium Vendor Manifest Implementation-Vendor Codehaus High Vendor Manifest specification-vendor Codehaus Low Vendor pom artifactid jaxen Highest Vendor pom artifactid jaxen Low Vendor pom developer email bob@eng.werken.com Low Vendor pom developer email brian.ewins@gmail.com Low Vendor pom developer email contact@megginson.com Low Vendor pom developer email elharo@metalab.unc.edu Low Vendor pom developer email erwin@klomp.org Low Vendor pom developer email james_strachan@yahoo.co.uk Low Vendor pom developer email jdvorak@users.sourceforge.net Low Vendor pom developer email mbelonga@users.sourceforge.net Low Vendor pom developer email peter.royal@pobox.com Low Vendor pom developer email purpletech@users.sourceforge.net Low Vendor pom developer email scott@dotnot.org Low Vendor pom developer email szegedia@users.sourceforge.net Low Vendor pom developer email xcut@users.sourceforge.net Low Vendor pom developer id bewins Medium Vendor pom developer id bob Medium Vendor pom developer id cnentwich Medium Vendor pom developer id dmegginson Medium Vendor pom developer id eboldwidt Medium Vendor pom developer id elharo Medium Vendor pom developer id jdvorak Medium Vendor pom developer id jstrachan Medium Vendor pom developer id mbelonga Medium Vendor pom developer id proyal Medium Vendor pom developer id purpletech Medium Vendor pom developer id ssanders Medium Vendor pom developer id szegedia Medium Vendor pom developer name Alexander Day Chaffee Medium Vendor pom developer name Attila Szegedi Medium Vendor pom developer name Bob McWhirter Medium Vendor pom developer name Brian Ewins Medium Vendor pom developer name Christian Nentwich Medium Vendor pom developer name David Megginson Medium Vendor pom developer name Elliotte Rusty Harold Medium Vendor pom developer name Erwin Bolwidt Medium Vendor pom developer name James Strachan Medium Vendor pom developer name Jan Dvorak Medium Vendor pom developer name Mark A. Belonga Medium Vendor pom developer name Peter Royal Medium Vendor pom developer name Scott Sanders Medium Vendor pom developer org Cafe au Lait Medium Vendor pom developer org dotnot Medium Vendor pom developer org Megginson Technologies Medium Vendor pom developer org Purple Technologies Medium Vendor pom developer org Spiritsoft Medium Vendor pom developer org The Werken Company Medium Vendor pom groupid jaxen Highest Vendor pom name jaxen High Vendor pom organization name Codehaus High Vendor pom organization url http://codehaus.org Medium Vendor pom url http://jaxen.codehaus.org/ Highest Product file name jaxen High Product jar package name jaxen Highest Product jar package name xpath Highest Product Manifest extension-name jaxen Medium Product Manifest Implementation-Title org.jaxen High Product Manifest specification-title Universal Java XPath Engine Medium Product pom artifactid jaxen Highest Product pom developer email bob@eng.werken.com Low Product pom developer email brian.ewins@gmail.com Low Product pom developer email contact@megginson.com Low Product pom developer email elharo@metalab.unc.edu Low Product pom developer email erwin@klomp.org Low Product pom developer email james_strachan@yahoo.co.uk Low Product pom developer email jdvorak@users.sourceforge.net Low Product pom developer email mbelonga@users.sourceforge.net Low Product pom developer email peter.royal@pobox.com Low Product pom developer email purpletech@users.sourceforge.net Low Product pom developer email scott@dotnot.org Low Product pom developer email szegedia@users.sourceforge.net Low Product pom developer email xcut@users.sourceforge.net Low Product pom developer id bewins Low Product pom developer id bob Low Product pom developer id cnentwich Low Product pom developer id dmegginson Low Product pom developer id eboldwidt Low Product pom developer id elharo Low Product pom developer id jdvorak Low Product pom developer id jstrachan Low Product pom developer id mbelonga Low Product pom developer id proyal Low Product pom developer id purpletech Low Product pom developer id ssanders Low Product pom developer id szegedia Low Product pom developer name Alexander Day Chaffee Low Product pom developer name Attila Szegedi Low Product pom developer name Bob McWhirter Low Product pom developer name Brian Ewins Low Product pom developer name Christian Nentwich Low Product pom developer name David Megginson Low Product pom developer name Elliotte Rusty Harold Low Product pom developer name Erwin Bolwidt Low Product pom developer name James Strachan Low Product pom developer name Jan Dvorak Low Product pom developer name Mark A. Belonga Low Product pom developer name Peter Royal Low Product pom developer name Scott Sanders Low Product pom developer org Cafe au Lait Low Product pom developer org dotnot Low Product pom developer org Megginson Technologies Low Product pom developer org Purple Technologies Low Product pom developer org Spiritsoft Low Product pom developer org The Werken Company Low Product pom groupid jaxen Highest Product pom name jaxen High Product pom organization name Codehaus Low Product pom organization url http://codehaus.org Low Product pom url http://jaxen.codehaus.org/ Medium Version file version 1.1.1 High Version Manifest Implementation-Version 1.1.1 High Version pom version 1.1.1 Highest
Description:
The JBoss Logging Framework License:
Apache License, version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/org/jboss/logging/jboss-logging/3.3.1.Final/jboss-logging-3.3.1.Final.jar
MD5: 93cf8945ff84aaf9f0ed9a76991338fb
SHA1: c46217ab74b532568c0ed31dc599db3048bd1b67
SHA256: 9f7d8b884370763b131bf48a0fc91edec89ad80e0e40c47658098a686a905bb2
Referenced In Projects/Scopes: Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name jboss-logging High Vendor hint analyzer vendor redhat Highest Vendor jar package name jboss Highest Vendor jar package name logging Highest Vendor Manifest build-timestamp Wed, 15 Mar 2017 13:22:07 -0700 Low Vendor Manifest bundle-docurl http://www.jboss.org Low Vendor Manifest bundle-symbolicname org.jboss.logging.jboss-logging Medium Vendor Manifest implementation-url http://www.jboss.org Low Vendor Manifest Implementation-Vendor JBoss by Red Hat High Vendor Manifest Implementation-Vendor-Id org.jboss.logging Medium Vendor Manifest os-arch amd64 Low Vendor Manifest os-name Linux Medium Vendor Manifest specification-vendor JBoss by Red Hat Low Vendor pom artifactid jboss-logging Highest Vendor pom artifactid jboss-logging Low Vendor pom groupid org.jboss.logging Highest Vendor pom name JBoss Logging 3 High Vendor pom parent-artifactid jboss-parent Low Vendor pom parent-groupid org.jboss Medium Vendor pom url http://www.jboss.org Highest Product file name jboss-logging High Product jar package name jboss Highest Product jar package name logging Highest Product Manifest build-timestamp Wed, 15 Mar 2017 13:22:07 -0700 Low Product Manifest bundle-docurl http://www.jboss.org Low Product Manifest Bundle-Name JBoss Logging 3 Medium Product Manifest bundle-symbolicname org.jboss.logging.jboss-logging Medium Product Manifest Implementation-Title JBoss Logging 3 High Product Manifest implementation-url http://www.jboss.org Low Product Manifest os-arch amd64 Low Product Manifest os-name Linux Medium Product Manifest specification-title JBoss Logging 3 Medium Product pom artifactid jboss-logging Highest Product pom groupid org.jboss.logging Highest Product pom name JBoss Logging 3 High Product pom parent-artifactid jboss-parent Medium Product pom parent-groupid org.jboss Medium Product pom url http://www.jboss.org Medium Version Manifest Bundle-Version 3.3.1.Final High Version Manifest Implementation-Version 3.3.1.Final High Version pom parent-version 3.3.1.Final Low Version pom version 3.3.1.Final Highest
Description:
The Java Transaction 1.2 API classes License:
Common Development and Distribution License: http://repository.jboss.org/licenses/cddl.txt
GNU General Public License, Version 2 with the Classpath Exception: http://repository.jboss.org/licenses/gpl-2.0-ce.txt File Path: /home/grprdist/.m2/repository/org/jboss/spec/javax/transaction/jboss-transaction-api_1.2_spec/1.1.1.Final/jboss-transaction-api_1.2_spec-1.1.1.Final.jar
MD5: 1e633c47138aba999d39692a31a1a124
SHA1: a8485cab9484dda36e9a8c319e76b5cc18797b58
SHA256: a310a50b9bdc44aaf36362dc9bb212235a147ffa8ef72dc9544a39c329eabbc3
Referenced In Projects/Scopes: Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name jboss-transaction-api_1.2_spec-1.1.1.Final High Vendor hint analyzer vendor redhat Highest Vendor jar package name javax Highest Vendor jar package name transaction Highest Vendor Manifest automatic-module-name java.transaction Medium Vendor Manifest bundle-docurl http://www.jboss.org Low Vendor Manifest bundle-symbolicname org.jboss.spec.javax.transaction.jboss-transaction-api_1.2_spec Medium Vendor Manifest implementation-url http://www.jboss.org/jboss-transaction-api_1.2_spec Low Vendor Manifest Implementation-Vendor JBoss by Red Hat High Vendor Manifest Implementation-Vendor-Id org.jboss.spec.javax.transaction Medium Vendor Manifest os-arch x86 Low Vendor Manifest os-name Windows 10 Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Vendor pom artifactid jboss-transaction-api_1.2_spec Highest Vendor pom artifactid jboss-transaction-api_1.2_spec Low Vendor pom groupid org.jboss.spec.javax.transaction Highest Vendor pom name Java Transaction API High Vendor pom parent-artifactid jboss-parent Low Vendor pom parent-groupid org.jboss Medium Product file name jboss-transaction-api_1.2_spec-1.1.1.Final High Product jar package name javax Highest Product jar package name transaction Highest Product Manifest automatic-module-name java.transaction Medium Product Manifest bundle-docurl http://www.jboss.org Low Product Manifest Bundle-Name Java Transaction API Medium Product Manifest bundle-symbolicname org.jboss.spec.javax.transaction.jboss-transaction-api_1.2_spec Medium Product Manifest Implementation-Title Java Transaction API High Product Manifest implementation-url http://www.jboss.org/jboss-transaction-api_1.2_spec Low Product Manifest os-arch x86 Low Product Manifest os-name Windows 10 Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Product Manifest specification-title JSR 907: Java Transaction API (JTA) Medium Product pom artifactid jboss-transaction-api_1.2_spec Highest Product pom groupid org.jboss.spec.javax.transaction Highest Product pom name Java Transaction API High Product pom parent-artifactid jboss-parent Medium Product pom parent-groupid org.jboss Medium Version Manifest Bundle-Version 1.1.1.Final High Version Manifest Implementation-Version 1.1.1.Final High Version pom parent-version 1.1.1.Final Low Version pom version 1.1.1.Final Highest
Description:
A clean room implementation of the JCIP Annotations based entirely on the specification provided by the javadocs.
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/com/github/stephenc/jcip/jcip-annotations/1.0-1/jcip-annotations-1.0-1.jar
MD5: d62dbfa8789378457ada685e2f614846
SHA1: ef31541dd28ae2cefdd17c7ebf352d93e9058c63
SHA256: 4fccff8382aafc589962c4edb262f6aa595e34f1e11e61057d1c6a96e8fc7323
Referenced In Projects/Scopes: Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name jcip-annotations High Vendor jar package name annotations Highest Vendor jar package name annotations Low Vendor jar package name jcip Highest Vendor jar package name jcip Low Vendor jar package name net Low Vendor pom artifactid jcip-annotations Highest Vendor pom artifactid jcip-annotations Low Vendor pom developer id stephenc Medium Vendor pom developer name Stephen Connolly Medium Vendor pom groupid com.github.stephenc.jcip Highest Vendor pom name JCIP Annotations under Apache License High Vendor pom url http://stephenc.github.com/jcip-annotations Highest Product file name jcip-annotations High Product jar package name annotations Highest Product jar package name annotations Low Product jar package name jcip Highest Product jar package name jcip Low Product pom artifactid jcip-annotations Highest Product pom developer id stephenc Low Product pom developer name Stephen Connolly Low Product pom groupid com.github.stephenc.jcip Highest Product pom name JCIP Annotations under Apache License High Product pom url http://stephenc.github.com/jcip-annotations Medium Version pom version 1.0-1 Highest
Description:
Jersey core server implementation License:
EPL 2.0: http://www.eclipse.org/legal/epl-2.0
The GNU General Public License (GPL), Version 2, With Classpath Exception: https://www.gnu.org/software/classpath/license.html
Apache License, 2.0: http://www.apache.org/licenses/LICENSE-2.0.html
Modified BSD: https://asm.ow2.io/license.html File Path: /home/grprdist/.m2/repository/org/glassfish/jersey/core/jersey-server/2.36/jersey-server-2.36.jar
MD5: 8dd2bd5634c82b57eebb0fe35aaccee2
SHA1: 73cf67d0d761b60860b7721529503a121cfa9df4
SHA256: 2699758d1c33a9137363fd022d8c9c00423c800c4fde2b49d53530987e8da72d
Referenced In Projects/Scopes: Grouper WS Test:compile Grouper WS:compile Evidence Type Source Name Value Confidence Vendor file name jersey-server High Vendor jar package name glassfish Highest Vendor jar package name jersey Highest Vendor jar package name org Highest Vendor jar package name server Highest Vendor Manifest bundle-docurl https://www.eclipse.org/org/foundation/ Low Vendor Manifest bundle-symbolicname org.glassfish.jersey.core.jersey-server Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor pom artifactid jersey-server Highest Vendor pom artifactid jersey-server Low Vendor pom groupid org.glassfish.jersey.core Highest Vendor pom name jersey-core-server High Vendor pom parent-artifactid project Low Vendor pom parent-groupid org.glassfish.jersey Medium Product file name jersey-server High Product jar package name filter Highest Product jar package name glassfish Highest Product jar package name jersey Highest Product jar package name org Highest Product jar package name server Highest Product Manifest bundle-docurl https://www.eclipse.org/org/foundation/ Low Product Manifest Bundle-Name jersey-core-server Medium Product Manifest bundle-symbolicname org.glassfish.jersey.core.jersey-server Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product pom artifactid jersey-server Highest Product pom groupid org.glassfish.jersey.core Highest Product pom name jersey-core-server High Product pom parent-artifactid project Medium Product pom parent-groupid org.glassfish.jersey Medium Version file version 2.36 High Version pom version 2.36 Highest
Related Dependencies jersey-client-2.36.jarFile Path: /home/grprdist/.m2/repository/org/glassfish/jersey/core/jersey-client/2.36/jersey-client-2.36.jar MD5: ee13f5ef0926cdbcb447415e0c5e2812 SHA1: 0755709fb31407d36c114afbe345b47cebf0fe60 SHA256: 027b7061001f186bd7a48bbe5f070e2774b108969776935fc9b55591a93f689d pkg:maven/org.glassfish.jersey.core/jersey-client@2.36 jersey-common-2.36.jarFile Path: /home/grprdist/.m2/repository/org/glassfish/jersey/core/jersey-common/2.36/jersey-common-2.36.jar MD5: 4b155e7fd084ad25b5e836af5efbe4c8 SHA1: 5d259ea71ca3c1f4566ec5bfee7320e63d79673b SHA256: 543b8df0bfa07e54fe65e45b351088010a2a7079ac2564023761f8dfe8eb7b33 pkg:maven/org.glassfish.jersey.core/jersey-common@2.36 jersey-container-servlet-2.36.jarFile Path: /home/grprdist/.m2/repository/org/glassfish/jersey/containers/jersey-container-servlet/2.36/jersey-container-servlet-2.36.jar MD5: 4571ad55cb3afc068f90ecc1d7c41a25 SHA1: fa6b0f7d47d5c3e054c71eea613a6bbe62b1b733 SHA256: 64f06051710734565486ab18910a4d3e2dbc1292a410146b66045dc1aea7cf1a pkg:maven/org.glassfish.jersey.containers/jersey-container-servlet@2.36 jersey-container-servlet-core-2.36.jar jersey-entity-filtering-2.36.jarFile Path: /home/grprdist/.m2/repository/org/glassfish/jersey/ext/jersey-entity-filtering/2.36/jersey-entity-filtering-2.36.jar MD5: 92de2dfb2b8a82be5644df79a67e7ca9 SHA1: ae4e2601c0ece31d03a148391a201a2569524472 SHA256: e186ac37c5042e36cc96f7cdd394a792f3313de81bca746fc4906e0743acda0e pkg:maven/org.glassfish.jersey.ext/jersey-entity-filtering@2.36 jersey-hk2-2.36.jarFile Path: /home/grprdist/.m2/repository/org/glassfish/jersey/inject/jersey-hk2/2.36/jersey-hk2-2.36.jar MD5: 11f928a24e0cb52fd8999cca0268b3b3 SHA1: 69a57963b35428a261ac4313cfa89f6b3dc255c6 SHA256: bdc4a8250be82943f7af1ccea4f58a92a8a73c15307ec4226fd60b8a455672f6 pkg:maven/org.glassfish.jersey.inject/jersey-hk2@2.36 jersey-media-json-jackson-2.36.jarFile Path: /home/grprdist/.m2/repository/org/glassfish/jersey/media/jersey-media-json-jackson/2.36/jersey-media-json-jackson-2.36.jar MD5: dfea909ce709536a7fe319086e6124a6 SHA1: e83a57e43c4bd7b21d7921aa45a164555a5d1bea SHA256: ec49d0acae6cc9e82e8426afada26b4178929d47c66b108ae827f88f4c60609d pkg:maven/org.glassfish.jersey.media/jersey-media-json-jackson@2.36 Description:
Jetty server core License:
http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php File Path: /home/grprdist/.m2/repository/org/mortbay/jetty/jetty/6.1.26/jetty-6.1.26.jar
MD5: 12b65438bbaf225102d0396c21236052
SHA1: 2f546e289fddd5b1fab1d4199fbb6e9ef43ee4b0
SHA256: 21091d3a9c1349f640fdc421504a604c040ed89087ecc12afbe32353326ed4e5
Referenced In Projects/Scopes: Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name jetty High Vendor jar package name jetty Highest Vendor jar package name mortbay Highest Vendor jar package name server Highest Vendor Manifest bundle-docurl http://jetty.mortbay.org Low Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.4 Low Vendor Manifest bundle-symbolicname org.mortbay.jetty.server Medium Vendor Manifest mode development Low Vendor Manifest originally-created-by 1.6.0_22 (Sun Microsystems Inc.) Low Vendor Manifest url http://www.eclipse.org/jetty/jetty-parent/project/modules/jetty Low Vendor pom artifactid jetty Highest Vendor pom artifactid jetty Low Vendor pom groupid org.mortbay.jetty Highest Vendor pom name Jetty Server High Vendor pom parent-artifactid project Low Product file name jetty High Product jar package name jetty Highest Product jar package name mortbay Highest Product jar package name server Highest Product Manifest bundle-docurl http://jetty.mortbay.org Low Product Manifest Bundle-Name Jetty Server Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.4 Low Product Manifest bundle-symbolicname org.mortbay.jetty.server Medium Product Manifest mode development Low Product Manifest originally-created-by 1.6.0_22 (Sun Microsystems Inc.) Low Product Manifest url http://www.eclipse.org/jetty/jetty-parent/project/modules/jetty Low Product pom artifactid jetty Highest Product pom groupid org.mortbay.jetty Highest Product pom name Jetty Server High Product pom parent-artifactid project Medium Version file version 6.1.26 High Version Manifest Bundle-Version 6.1.26 High Version Manifest implementation-version 6.1.26 High Version pom version 6.1.26 Highest
Related Dependencies jetty-util-6.1.26.jarFile Path: /home/grprdist/.m2/repository/org/mortbay/jetty/jetty-util/6.1.26/jetty-util-6.1.26.jar MD5: 450fedce4f7f8ad3761577b10a664200 SHA1: e5642fe0399814e1687d55a3862aa5a3417226a9 SHA256: 9b974ce2b99f48254b76126337dc45b21226f383aaed616f59780adaf167c047 pkg:maven/org.mortbay.jetty/jetty-util@6.1.26 CVE-2011-4461 suppress
Jetty 8.1.0.RC2 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. CWE-310 Cryptographic Issues
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L References:
Vulnerable Software & Versions: (show all )
CVE-2009-1523 suppress
Directory traversal vulnerability in the HTTP server in Mort Bay Jetty 5.1.14, 6.x before 6.1.17, and 7.x through 7.0.0.M2 allows remote attackers to access arbitrary files via directory traversal sequences in the URI. CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N References:
Vulnerable Software & Versions: (show all )
License:
The BSD License: http://www.opensource.org/licenses/bsd-license.php File Path: /home/grprdist/.m2/repository/jline/jline/2.14.5/jline-2.14.5.jar
MD5: 54de3b3c5a84e395d8066c143802985e
SHA1: fdedd5f2522122102f0b3db85fe7aa563a009926
SHA256: 4f347bc90d6f5ce61c0f8928d44a7b993275ceaa7d7f237714518a9bdd5003ce
Referenced In Projects/Scopes: Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name jline High Vendor jar package name jline Highest Vendor Manifest bundle-symbolicname jline Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low Vendor pom artifactid jline Highest Vendor pom artifactid jline Low Vendor pom developer email gnodet@gmail.com Low Vendor pom developer email jason@planet57.com Low Vendor pom developer email mprudhom@gmail.com Low Vendor pom developer id gnodet Medium Vendor pom developer id jdillon Medium Vendor pom developer id mprudhom Medium Vendor pom developer name Guillaume Nodet Medium Vendor pom developer name Jason Dillon Medium Vendor pom developer name Marc Prud'hommeaux Medium Vendor pom groupid jline Highest Vendor pom name JLine High Product file name jline High Product jar package name jline Highest Product Manifest Bundle-Name JLine Medium Product Manifest bundle-symbolicname jline Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low Product pom artifactid jline Highest Product pom developer email gnodet@gmail.com Low Product pom developer email jason@planet57.com Low Product pom developer email mprudhom@gmail.com Low Product pom developer id gnodet Low Product pom developer id jdillon Low Product pom developer id mprudhom Low Product pom developer name Guillaume Nodet Low Product pom developer name Jason Dillon Low Product pom developer name Marc Prud'hommeaux Low Product pom groupid jline Highest Product pom name JLine High Version file version 2.14.5 High Version Manifest Bundle-Version 2.14.5 High Version pom version 2.14.5 Highest
Description:
Implementation of the JMES Path JSON Query langauge for Java. License:
Apache License, Version 2.0: https://aws.amazon.com/apache2.0 File Path: /home/grprdist/.m2/repository/com/amazonaws/jmespath-java/1.12.267/jmespath-java-1.12.267.jar
MD5: e2a19172a5599b97ba09a270eac7acda
SHA1: 27260189acb9fbfc3a72c8f67dbdf4ce7d11276b
SHA256: dfa93938d0c40fd07e8e97fc0db2d9b062eb69d295e524c5dd614956bf13844e
Referenced In Projects/Scopes: Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name jmespath-java High Vendor jar package name amazonaws Highest Vendor jar package name amazonaws Low Vendor jar package name jmespath Highest Vendor jar package name jmespath Low Vendor pom artifactid jmespath-java Highest Vendor pom artifactid jmespath-java Low Vendor pom developer id amazonwebservices Medium Vendor pom developer org Amazon Web Services Medium Vendor pom developer org URL https://aws.amazon.com Medium Vendor pom groupid com.amazonaws Highest Vendor pom name JMES Path Query library High Vendor pom parent-artifactid aws-java-sdk-pom Low Vendor pom url https://aws.amazon.com/sdkforjava Highest Product file name jmespath-java High Product jar package name amazonaws Highest Product jar package name jmespath Highest Product jar package name jmespath Low Product pom artifactid jmespath-java Highest Product pom developer id amazonwebservices Low Product pom developer org Amazon Web Services Low Product pom developer org URL https://aws.amazon.com Low Product pom groupid com.amazonaws Highest Product pom name JMES Path Query library High Product pom parent-artifactid aws-java-sdk-pom Medium Product pom url https://aws.amazon.com/sdkforjava Medium Version file version 1.12.267 High Version pom version 1.12.267 Highest
Description:
Date and time library to replace JDK date handling License:
Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/joda-time/joda-time/2.9.9/joda-time-2.9.9.jar
MD5: eca438c8cc2b1de38e28d884b7f15dbc
SHA1: f7b520c458572890807d143670c9b24f4de90897
SHA256: b049a43c1057942e6acfbece008e4949b2e35d1658d0c8e06f4485397e2fa4e7
Referenced In Projects/Scopes: Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name joda-time High Vendor jar package name joda Highest Vendor jar package name time Highest Vendor Manifest bundle-docurl http://www.joda.org/joda-time/ Low Vendor Manifest bundle-symbolicname joda-time Medium Vendor Manifest extension-name joda-time Medium Vendor Manifest implementation-url http://www.joda.org/joda-time/ Low Vendor Manifest Implementation-Vendor Joda.org High Vendor Manifest Implementation-Vendor-Id org.joda Medium Vendor Manifest specification-vendor Joda.org Low Vendor pom artifactid joda-time Highest Vendor pom artifactid joda-time Low Vendor pom developer id broneill Medium Vendor pom developer id jodastephen Medium Vendor pom developer name Brian S O'Neill Medium Vendor pom developer name Stephen Colebourne Medium Vendor pom groupid joda-time Highest Vendor pom name Joda-Time High Vendor pom organization name Joda.org High Vendor pom organization url http://www.joda.org Medium Vendor pom url http://www.joda.org/joda-time/ Highest Product file name joda-time High Product jar package name joda Highest Product jar package name time Highest Product Manifest bundle-docurl http://www.joda.org/joda-time/ Low Product Manifest Bundle-Name Joda-Time Medium Product Manifest bundle-symbolicname joda-time Medium Product Manifest extension-name joda-time Medium Product Manifest Implementation-Title org.joda.time High Product Manifest implementation-url http://www.joda.org/joda-time/ Low Product Manifest specification-title Joda-Time Medium Product pom artifactid joda-time Highest Product pom developer id broneill Low Product pom developer id jodastephen Low Product pom developer name Brian S O'Neill Low Product pom developer name Stephen Colebourne Low Product pom groupid joda-time Highest Product pom name Joda-Time High Product pom organization name Joda.org Low Product pom organization url http://www.joda.org Low Product pom url http://www.joda.org/joda-time/ Medium Version file version 2.9.9 High Version Manifest Bundle-Version 2.9.9 High Version Manifest Implementation-Version 2.9.9 High Version pom version 2.9.9 Highest
Description:
JSch is a pure Java implementation of SSH2 License:
Revised BSD: http://www.jcraft.com/jsch/LICENSE.txt File Path: /home/grprdist/.m2/repository/com/jcraft/jsch/0.1.55/jsch-0.1.55.jar
MD5: c395ada0fc012d66f11bd30246f6c84d
SHA1: bbd40e5aa7aa3cfad5db34965456cee738a42a50
SHA256: d492b15a6d2ea3f1cc39c422c953c40c12289073dbe8360d98c0f6f9ec74fc44
Referenced In Projects/Scopes: Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name jsch High Vendor jar package name jcraft Highest Vendor jar package name jcraft Low Vendor jar package name jsch Highest Vendor jar package name jsch Low Vendor pom artifactid jsch Highest Vendor pom artifactid jsch Low Vendor pom developer email ymnk at jcraft D0t com Low Vendor pom developer id ymnk Medium Vendor pom developer name Atsuhiko Yamanaka Medium Vendor pom developer org JCraft,Inc. Medium Vendor pom developer org URL http://www.jcraft.com/ Medium Vendor pom groupid com.jcraft Highest Vendor pom name JSch High Vendor pom organization name JCraft,Inc. High Vendor pom organization url http://www.jcraft.com/ Medium Vendor pom url http://www.jcraft.com/jsch/ Highest Product file name jsch High Product jar package name jcraft Highest Product jar package name jsch Highest Product jar package name jsch Low Product pom artifactid jsch Highest Product pom developer email ymnk at jcraft D0t com Low Product pom developer id ymnk Low Product pom developer name Atsuhiko Yamanaka Low Product pom developer org JCraft,Inc. Low Product pom developer org URL http://www.jcraft.com/ Low Product pom groupid com.jcraft Highest Product pom name JSch High Product pom organization name JCraft,Inc. Low Product pom organization url http://www.jcraft.com/ Low Product pom url http://www.jcraft.com/jsch/ Medium Version file version 0.1.55 High Version pom version 0.1.55 Highest
Description:
JSON is a light-weight, language independent, data interchange format.
See http://www.JSON.org/
The files in this package implement JSON encoders/decoders in Java.
It also includes the capability to convert between JSON and XML, HTTP
headers, Cookies, and CDL.
This is a reference implementation. There are a large number of JSON packages
in Java. Perhaps someday the Java community will standardize on one. Until
then, choose carefully.
License:
Public Domain: https://github.com/stleary/JSON-java/blob/master/LICENSE File Path: /home/grprdist/.m2/repository/org/json/json/20231013/json-20231013.jar
MD5: 1a0702c57783ce9e948252c34644f328
SHA1: e22e0c040fe16f04ffdb85d851d77b07fc05ea52
SHA256: 0f18192df289114e17aa1a0d0a7f8372cc9f5c7e4f7e39adcf8906fe714fa7d3
Referenced In Project/Scope: Grouper SCIM:compile
Evidence Type Source Name Value Confidence Vendor file name json-20231013 High Vendor jar package name cdl Highest Vendor jar package name http Highest Vendor jar package name json Highest Vendor jar package name xml Highest Vendor Manifest automatic-module-name org.json Medium Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-symbolicname json Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor pom artifactid json Highest Vendor pom artifactid json Low Vendor pom developer email douglas@crockford.com Low Vendor pom developer name Douglas Crockford Medium Vendor pom groupid org.json Highest Vendor pom name JSON in Java High Vendor pom url douglascrockford/JSON-java Highest Product file name json-20231013 High Product jar package name cdl Highest Product jar package name http Highest Product jar package name json Highest Product jar package name xml Highest Product Manifest automatic-module-name org.json Medium Product Manifest build-jdk-spec 1.8 Low Product Manifest Bundle-Name JSON in Java Medium Product Manifest bundle-symbolicname json Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product pom artifactid json Highest Product pom developer email douglas@crockford.com Low Product pom developer name Douglas Crockford Low Product pom groupid org.json Highest Product pom name JSON in Java High Product pom url douglascrockford/JSON-java High Version file version 20231013 Medium Version pom version 20231013 Highest
CVE-2022-45688 suppress
A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data. CWE-787 Out-of-bounds Write
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2023-5072 suppress
Denial of Service in JSON-Java versions up to and including 20230618. A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.
CWE-770 Allocation of Resources Without Limits or Throttling
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions:
File Path: /home/grprdist/.m2/repository/net/sf/json-lib/json-lib/2.4/json-lib-2.4-jdk15.jarMD5: f5db294d05b3d5a5bfb873455b0a8626SHA1: 136743e0d12df4e785e62b48618cee169b2ae546SHA256: 8290f8871ebd3db52e36c6fa844fe172895b2c714ea589cfed3d78ad9c01a924Referenced In Projects/Scopes:
Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name json-lib High Vendor jar package name json Low Vendor jar package name net Low Vendor jar package name sf Low Vendor pom artifactid json-lib Highest Vendor pom groupid net.sf.json-lib Highest Product file name json-lib High Product jar package name json Low Product jar package name sf Low Product pom artifactid json-lib Highest Version file name json-lib Medium Version file version 2.4.jdk15 High Version pom version 2.4 Highest
Description:
JSON (JavaScript Object Notation) is a lightweight data-interchange format. It is easy for humans to read and write. It is easy for machines to parse and generate. It is based on a subset of the JavaScript Programming Language, Standard ECMA-262 3rd Edition - December 1999. JSON is a text format that is completely language independent but uses conventions that are familiar to programmers of the C-family of languages, including C, C++, C#, Java, JavaScript, Perl, Python, and many others. These properties make JSON an ideal data-interchange language. License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/net/minidev/json-smart/2.4.11/json-smart-2.4.11.jar
MD5: 323dbbcafd96353661c283118e74bd99
SHA1: cc5888f14a5768f254b97bafe8b9fd29b31e872e
SHA256: f2ffb40160d85a246b4a4337edcaf812db2811af075f2de9e285f0be998a2ee0
Referenced In Projects/Scopes: Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name json-smart High Vendor jar package name json Highest Vendor jar package name minidev Highest Vendor jar package name net Highest Vendor jar package name parser Highest Vendor Manifest build-jdk-spec 11 Low Vendor Manifest bundle-docurl https://urielch.github.io/ Low Vendor Manifest bundle-symbolicname net.minidev.json-smart Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor pom artifactid json-smart Highest Vendor pom artifactid json-smart Low Vendor pom developer email adoneitan@gmail.com Low Vendor pom developer email shoothzj@gmail.com Low Vendor pom developer email uchemouni@gmail.com Low Vendor pom developer id erav Medium Vendor pom developer id Shoothzj Medium Vendor pom developer id uriel Medium Vendor pom developer name Eitan Raviv Medium Vendor pom developer name Uriel Chemouni Medium Vendor pom developer name ZhangJian He Medium Vendor pom groupid net.minidev Highest Vendor pom name JSON Small and Fast Parser High Vendor pom organization name Chemouni Uriel High Vendor pom organization url https://urielch.github.io/ Medium Vendor pom url https://urielch.github.io/ Highest Product file name json-smart High Product jar package name json Highest Product jar package name minidev Highest Product jar package name net Highest Product jar package name parser Highest Product Manifest build-jdk-spec 11 Low Product Manifest bundle-docurl https://urielch.github.io/ Low Product Manifest Bundle-Name json-smart Medium Product Manifest bundle-symbolicname net.minidev.json-smart Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product pom artifactid json-smart Highest Product pom developer email adoneitan@gmail.com Low Product pom developer email shoothzj@gmail.com Low Product pom developer email uchemouni@gmail.com Low Product pom developer id erav Low Product pom developer id Shoothzj Low Product pom developer id uriel Low Product pom developer name Eitan Raviv Low Product pom developer name Uriel Chemouni Low Product pom developer name ZhangJian He Low Product pom groupid net.minidev Highest Product pom name JSON Small and Fast Parser High Product pom organization name Chemouni Uriel Low Product pom organization url https://urielch.github.io/ Low Product pom url https://urielch.github.io/ Medium Version file version 2.4.11 High Version Manifest Bundle-Version 2.4.11 High Version pom version 2.4.11 Highest
Description:
jsoup is a Java library for working with real-world HTML. It provides a very convenient API for fetching URLs and extracting and manipulating data, using the best of HTML5 DOM methods and CSS selectors. jsoup implements the WHATWG HTML5 specification, and parses HTML to the same DOM as modern browsers do. License:
The MIT License: https://jsoup.org/license File Path: /home/grprdist/.m2/repository/org/jsoup/jsoup/1.15.3/jsoup-1.15.3.jar
MD5: 4f16c3b17b8c1b0173b1ed9f99f2c27c
SHA1: f6e1d8a8819f854b681c8eaa57fd59a42329e10c
SHA256: e20a5e78b1372f2a4e620832db4442d5077e5cbde280b24c666a3770844999bc
Referenced In Projects/Scopes: Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name jsoup High Vendor jar package name jsoup Highest Vendor jar package name parser Highest Vendor Manifest automatic-module-name org.jsoup Medium Vendor Manifest build-jdk-spec 18 Low Vendor Manifest bundle-docurl https://jsoup.org/ Low Vendor Manifest bundle-symbolicname org.jsoup Medium Vendor Manifest Implementation-Vendor Jonathan Hedley High Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor pom artifactid jsoup Highest Vendor pom artifactid jsoup Low Vendor pom developer email jonathan@hedley.net Low Vendor pom developer id jhy Medium Vendor pom developer name Jonathan Hedley Medium Vendor pom groupid org.jsoup Highest Vendor pom name jsoup Java HTML Parser High Vendor pom organization name Jonathan Hedley High Vendor pom organization url https://jhy.io/ Medium Vendor pom url https://jsoup.org/ Highest Product file name jsoup High Product jar package name jsoup Highest Product jar package name parser Highest Product Manifest automatic-module-name org.jsoup Medium Product Manifest build-jdk-spec 18 Low Product Manifest bundle-docurl https://jsoup.org/ Low Product Manifest Bundle-Name jsoup Java HTML Parser Medium Product Manifest bundle-symbolicname org.jsoup Medium Product Manifest Implementation-Title jsoup Java HTML Parser High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product pom artifactid jsoup Highest Product pom developer email jonathan@hedley.net Low Product pom developer id jhy Low Product pom developer name Jonathan Hedley Low Product pom groupid org.jsoup Highest Product pom name jsoup Java HTML Parser High Product pom organization name Jonathan Hedley Low Product pom organization url https://jhy.io/ Low Product pom url https://jsoup.org/ Medium Version file version 1.15.3 High Version Manifest Bundle-Version 1.15.3 High Version Manifest Implementation-Version 1.15.3 High Version pom version 1.15.3 Highest
License:
CDDL License
: http://www.opensource.org/licenses/cddl1.php File Path: /home/grprdist/.m2/repository/javax/ws/rs/jsr311-api/1.1.1/jsr311-api-1.1.1.jar
MD5: c9803468299ec255c047a280ddec510f
SHA1: 59033da2a1afd56af1ac576750a8d0b1830d59e6
SHA256: ab1534b73b5fa055808e6598a5e73b599ccda28c3159c3c0908977809422ee4a
Referenced In Project/Scope: Grouper SCIM:compile
Evidence Type Source Name Value Confidence Vendor file name jsr311-api High Vendor hint analyzer vendor web services Medium Vendor jar package name javax Highest Vendor jar package name rs Highest Vendor jar package name ws Highest Vendor Manifest bundle-docurl http://www.sun.com/ Low Vendor Manifest bundle-symbolicname javax.ws.rs.jsr311-api Medium Vendor Manifest extension-name javax.ws.rs Medium Vendor Manifest specification-vendor Sun Microsystems, Inc. Low Vendor pom artifactid jsr311-api Highest Vendor pom artifactid jsr311-api Low Vendor pom groupid javax.ws.rs Highest Vendor pom name jsr311-api High Vendor pom organization name Sun Microsystems, Inc High Vendor pom organization url http://www.sun.com/ Medium Vendor pom url https://jsr311.dev.java.net Highest Product file name jsr311-api High Product hint analyzer product web services Medium Product jar package name javax Highest Product jar package name rs Highest Product jar package name ws Highest Product Manifest bundle-docurl http://www.sun.com/ Low Product Manifest Bundle-Name jsr311-api Medium Product Manifest bundle-symbolicname javax.ws.rs.jsr311-api Medium Product Manifest extension-name javax.ws.rs Medium Product Manifest specification-title JAX-RS: Java API for RESTful Web Services Medium Product pom artifactid jsr311-api Highest Product pom groupid javax.ws.rs Highest Product pom name jsr311-api High Product pom organization name Sun Microsystems, Inc Low Product pom organization url http://www.sun.com/ Low Product pom url https://jsr311.dev.java.net Medium Version file version 1.1.1 High Version Manifest Bundle-Version 1.1.1 High Version Manifest specification-version 1.1.1 High Version pom version 1.1.1 Highest
Description:
The javax.transaction package. It is appropriate for inclusion in a classpath, and may be added to a Java 2 installation.
File Path: /home/grprdist/.m2/repository/javax/transaction/jta/1.1/jta-1.1.jarMD5: 82a10ce714f411b28f13850059de09eeSHA1: 2ca09f0b36ca7d71b762e14ea2ff09d5eac57558SHA256: b8ec163b4a47bad16f9a0b7d03c3210c6b0a29216d768031073ac20817c0ba50Referenced In Projects/Scopes:
Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name jta High Vendor jar package name javax Highest Vendor jar package name transaction Highest Vendor Manifest extension-name javax.transaction Medium Vendor Manifest specification-vendor Sun Microsystems, Inc. Low Vendor pom artifactid jta Highest Vendor pom artifactid jta Low Vendor pom groupid javax.transaction Highest Vendor pom name Java Transaction API High Vendor pom url http://java.sun.com/products/jta Highest Product file name jta High Product jar package name javax Highest Product jar package name transaction Highest Product Manifest extension-name javax.transaction Medium Product Manifest specification-title Java Transaction API Specification Medium Product pom artifactid jta Highest Product pom groupid javax.transaction Highest Product pom name Java Transaction API High Product pom url http://java.sun.com/products/jta Medium Version file version 1.1 High Version Manifest specification-version 1.1 High Version pom version 1.1 Highest
Description:
JUnit is a unit testing framework for Java, created by Erich Gamma and Kent Beck. License:
Eclipse Public License 1.0: http://www.eclipse.org/legal/epl-v10.html File Path: /home/grprdist/.m2/repository/junit/junit/4.13.2/junit-4.13.2.jar
MD5: d98a9a02a99a9acd22d7653cbcc1f31f
SHA1: 8ac9e16d933b6fb43bc7f576336b8f4d7eb5ba12
SHA256: 8e495b634469d64fb8acfa3495a065cbacc8a0fff55ce1e31007be4c16dc57d3
Referenced In Project/Scope: Grouper API:compile
Evidence Type Source Name Value Confidence Vendor file name junit High Vendor jar package name framework Highest Vendor jar package name junit Highest Vendor Manifest automatic-module-name junit Medium Vendor Manifest implementation-url http://junit.org Low Vendor Manifest Implementation-Vendor JUnit High Vendor Manifest Implementation-Vendor-Id junit Medium Vendor pom artifactid junit Highest Vendor pom artifactid junit Low Vendor pom developer email david@saff.net Low Vendor pom developer email kcooney@google.com Low Vendor pom developer email mail@marcphilipp.de Low Vendor pom developer email mail@stefan-birkner.de Low Vendor pom developer id dsaff Medium Vendor pom developer id kcooney Medium Vendor pom developer id marcphilipp Medium Vendor pom developer id stefanbirkner Medium Vendor pom developer name David Saff Medium Vendor pom developer name Kevin Cooney Medium Vendor pom developer name Marc Philipp Medium Vendor pom developer name Stefan Birkner Medium Vendor pom groupid junit Highest Vendor pom name JUnit High Vendor pom organization name JUnit High Vendor pom organization url http://www.junit.org Medium Vendor pom url http://junit.org Highest Product file name junit High Product jar package name framework Highest Product jar package name junit Highest Product Manifest automatic-module-name junit Medium Product Manifest Implementation-Title JUnit High Product Manifest implementation-url http://junit.org Low Product pom artifactid junit Highest Product pom developer email david@saff.net Low Product pom developer email kcooney@google.com Low Product pom developer email mail@marcphilipp.de Low Product pom developer email mail@stefan-birkner.de Low Product pom developer id dsaff Low Product pom developer id kcooney Low Product pom developer id marcphilipp Low Product pom developer id stefanbirkner Low Product pom developer name David Saff Low Product pom developer name Kevin Cooney Low Product pom developer name Marc Philipp Low Product pom developer name Stefan Birkner Low Product pom groupid junit Highest Product pom name JUnit High Product pom organization name JUnit Low Product pom organization url http://www.junit.org Low Product pom url http://junit.org Medium Version file version 4.13.2 High Version Manifest Implementation-Version 4.13.2 High Version pom version 4.13.2 Highest
Description:
Java implementation of "Tags for Identifying Languages" (RFC 5646) License:
The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/com/nimbusds/lang-tag/1.7/lang-tag-1.7.jar
MD5: 31b8a4f76fdbf21f1d667f9d6618e0b2
SHA1: 97c73ecd70bc7e8eefb26c5eea84f251a63f1031
SHA256: e8c1c594e2425bdbea2d860de55c69b69fc5d59454452449a0f0913c2a5b8a31
Referenced In Projects/Scopes: Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name lang-tag High Vendor jar package name langtag Highest Vendor jar package name nimbusds Highest Vendor Manifest build-date ${timestamp} Low Vendor Manifest build-jdk-spec 11 Low Vendor Manifest build-number ${buildNumber} Low Vendor Manifest build-tag 1.7 Low Vendor Manifest bundle-docurl https://connect2id.com/ Low Vendor Manifest bundle-symbolicname lang-tag Medium Vendor Manifest Implementation-Vendor Connect2id Ltd. High Vendor Manifest Implementation-Vendor-Id com.nimbusds Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor Manifest specification-vendor Connect2id Ltd. Low Vendor pom artifactid lang-tag Highest Vendor pom artifactid lang-tag Low Vendor pom developer email vladimir@dzhuvinov.com Low Vendor pom developer id vdzhuvinov Medium Vendor pom developer name Vladimir Dzhuvinov Medium Vendor pom groupid com.nimbusds Highest Vendor pom name Nimbus LangTag High Vendor pom organization name Connect2id Ltd. High Vendor pom organization url https://connect2id.com/ Medium Vendor pom url https://bitbucket.org/connect2id/nimbus-language-tags Highest Product file name lang-tag High Product jar package name langtag Highest Product jar package name nimbusds Highest Product Manifest build-date ${timestamp} Low Product Manifest build-jdk-spec 11 Low Product Manifest build-number ${buildNumber} Low Product Manifest build-tag 1.7 Low Product Manifest bundle-docurl https://connect2id.com/ Low Product Manifest Bundle-Name Nimbus LangTag Medium Product Manifest bundle-symbolicname lang-tag Medium Product Manifest Implementation-Title Nimbus LangTag High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product Manifest specification-title Nimbus LangTag Medium Product pom artifactid lang-tag Highest Product pom developer email vladimir@dzhuvinov.com Low Product pom developer id vdzhuvinov Low Product pom developer name Vladimir Dzhuvinov Low Product pom groupid com.nimbusds Highest Product pom name Nimbus LangTag High Product pom organization name Connect2id Ltd. Low Product pom organization url https://connect2id.com/ Low Product pom url https://bitbucket.org/connect2id/nimbus-language-tags Medium Version file version 1.7 High Version Manifest build-tag 1.7 Low Version Manifest Implementation-Version 1.7 High Version pom version 1.7 Highest
Description:
Ldaptive API License:
http://www.apache.org/licenses/LICENSE-2.0.txt, http://www.gnu.org/licenses/lgpl-3.0.txt File Path: /home/grprdist/.m2/repository/org/ldaptive/ldaptive/2.3.1/ldaptive-2.3.1.jar
MD5: 5e7dbb63f2979ed36af74c2f90610830
SHA1: 72e165295206caa249a12ef00392603bc91af077
SHA256: e2ab8a05ed6d11aa31daee5bacfe5a17bcb964c6c1411034d37a588220b19e83
Referenced In Projects/Scopes: Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name ldaptive High Vendor jar package name ldaptive Highest Vendor Manifest automatic-module-name org.ldaptive Medium Vendor Manifest build-jdk-spec 11 Low Vendor Manifest bundle-symbolicname org.ldaptive Medium Vendor Manifest originally-created-by Apache Maven Bundle Plugin 5.1.9 Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=11))" Low Vendor pom artifactid ldaptive Highest Vendor pom artifactid ldaptive Low Vendor pom groupid org.ldaptive Highest Vendor pom name LDAPTIVE CORE High Vendor pom parent-artifactid ldaptive-parent Low Product file name ldaptive High Product jar package name filter Highest Product jar package name ldaptive Highest Product Manifest automatic-module-name org.ldaptive Medium Product Manifest build-jdk-spec 11 Low Product Manifest Bundle-Name LDAPTIVE CORE Medium Product Manifest bundle-symbolicname org.ldaptive Medium Product Manifest originally-created-by Apache Maven Bundle Plugin 5.1.9 Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=11))" Low Product pom artifactid ldaptive Highest Product pom groupid org.ldaptive Highest Product pom name LDAPTIVE CORE High Product pom parent-artifactid ldaptive-parent Medium Version file version 2.3.1 High Version Manifest Bundle-Version 2.3.1 High Version pom version 2.3.1 Highest
Description:
The Apache Log4j Implementation License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/org/apache/logging/log4j/log4j-core/2.17.1/log4j-core-2.17.1.jar
MD5: 8d2f5c52700336dae846b2c3ecde7a6e
SHA1: 779f60f3844dadc3ef597976fcb1e5127b1f343d
SHA256: c967f223487980b9364e94a7c7f9a8a01fd3ee7c19bdbf0b0f9f8cb8511f3d41
Referenced In Projects/Scopes: Grouper SCIM:compile Grouper WS Parent:compile Grouper Client:compile Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper Installer:compile Grouper:compile Grouper WS Manual Client:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name log4j-core High Vendor jar package name apache Highest Vendor jar package name core Highest Vendor jar package name log4j Highest Vendor jar package name logging Highest Vendor jar package name org Highest Vendor Manifest automatic-module-name org.apache.logging.log4j.core Medium Vendor Manifest bundle-docurl https://www.apache.org/ Low Vendor Manifest bundle-symbolicname org.apache.logging.log4j.core Medium Vendor Manifest implementation-url https://logging.apache.org/log4j/2.x/log4j-core/ Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache.logging.log4j Medium Vendor Manifest log4jreleasekey D7C92B70FA1C814D Low Vendor Manifest log4jreleasemanager Matt Sicker Low Vendor Manifest log4jsigningusername mattsicker@apache.org Medium Vendor Manifest multi-release true Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid log4j-core Highest Vendor pom artifactid log4j-core Low Vendor pom groupid org.apache.logging.log4j Highest Vendor pom name Apache Log4j Core High Vendor pom parent-artifactid log4j Low Product file name log4j-core High Product jar package name apache Highest Product jar package name core Highest Product jar package name log4j Highest Product jar package name logging Highest Product jar package name org Highest Product Manifest automatic-module-name org.apache.logging.log4j.core Medium Product Manifest bundle-docurl https://www.apache.org/ Low Product Manifest Bundle-Name Apache Log4j Core Medium Product Manifest bundle-symbolicname org.apache.logging.log4j.core Medium Product Manifest Implementation-Title Apache Log4j Core High Product Manifest implementation-url https://logging.apache.org/log4j/2.x/log4j-core/ Low Product Manifest log4jreleasekey D7C92B70FA1C814D Low Product Manifest log4jreleasemanager Matt Sicker Low Product Manifest log4jsigningusername mattsicker@apache.org Medium Product Manifest multi-release true Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product Manifest specification-title Apache Log4j Core Medium Product pom artifactid log4j-core Highest Product pom groupid org.apache.logging.log4j Highest Product pom name Apache Log4j Core High Product pom parent-artifactid log4j Medium Version file version 2.17.1 High Version Manifest Bundle-Version 2.17.1 High Version Manifest Implementation-Version 2.17.1 High Version Manifest log4jreleaseversion 2.17.1 Medium Version pom version 2.17.1 Highest
Related Dependencies log4j-1.2-api-2.17.1.jarFile Path: /home/grprdist/.m2/repository/org/apache/logging/log4j/log4j-1.2-api/2.17.1/log4j-1.2-api-2.17.1.jar MD5: a54a1f9fc3ce8352fb29cf66fbe07219 SHA1: db3a7e7f07e878b92ac4a8f1100bee8325d5713a SHA256: ca3e9150f95c31d15b9680a609b8817f8549bd395591c5ca55957d1ef0f464d6 pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.17.1 log4j-api-2.17.1.jarFile Path: /home/grprdist/.m2/repository/org/apache/logging/log4j/log4j-api/2.17.1/log4j-api-2.17.1.jar MD5: dfd5f2d81aba31583ee87fe16c7b78f8 SHA1: d771af8e336e372fb5399c99edabe0919aeaf5b2 SHA256: b0d8a4c8ab4fb8b1888d0095822703b0e6d4793c419550203da9e69196161de4 pkg:maven/org.apache.logging.log4j/log4j-api@2.17.1 Description:
The Apache Log4j SLF4J API binding to Log4j 2 Core License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/org/apache/logging/log4j/log4j-slf4j-impl/2.17.1/log4j-slf4j-impl-2.17.1.jar
MD5: 8d0e5934a9c341dbc3493d4039afd985
SHA1: 84692d456bcce689355d33d68167875e486954dd
SHA256: e9a03720e5d5076009c2530635da9d08485e28a0b0ec20708dadc51afb78e41e
Referenced In Projects/Scopes: Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name log4j-slf4j-impl High Vendor jar package name apache Highest Vendor jar package name impl Highest Vendor jar package name logging Highest Vendor jar package name slf4j Highest Vendor Manifest automatic-module-name org.apache.logging.log4j.slf4j Medium Vendor Manifest bundle-docurl https://www.apache.org/ Low Vendor Manifest bundle-symbolicname org.apache.logging.log4j.slf4j-impl Medium Vendor Manifest implementation-url https://logging.apache.org/log4j/2.x/log4j-slf4j-impl/ Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache.logging.log4j Medium Vendor Manifest log4jreleasekey D7C92B70FA1C814D Low Vendor Manifest log4jreleasemanager Matt Sicker Low Vendor Manifest log4jsigningusername mattsicker@apache.org Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid log4j-slf4j-impl Highest Vendor pom artifactid log4j-slf4j-impl Low Vendor pom groupid org.apache.logging.log4j Highest Vendor pom name Apache Log4j SLF4J Binding High Vendor pom parent-artifactid log4j Low Product file name log4j-slf4j-impl High Product jar package name apache Highest Product jar package name impl Highest Product jar package name logging Highest Product jar package name slf4j Highest Product Manifest automatic-module-name org.apache.logging.log4j.slf4j Medium Product Manifest bundle-docurl https://www.apache.org/ Low Product Manifest Bundle-Name Apache Log4j SLF4J Binding Medium Product Manifest bundle-symbolicname org.apache.logging.log4j.slf4j-impl Medium Product Manifest Implementation-Title Apache Log4j SLF4J Binding High Product Manifest implementation-url https://logging.apache.org/log4j/2.x/log4j-slf4j-impl/ Low Product Manifest log4jreleasekey D7C92B70FA1C814D Low Product Manifest log4jreleasemanager Matt Sicker Low Product Manifest log4jsigningusername mattsicker@apache.org Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product Manifest specification-title Apache Log4j SLF4J Binding Medium Product pom artifactid log4j-slf4j-impl Highest Product pom groupid org.apache.logging.log4j Highest Product pom name Apache Log4j SLF4J Binding High Product pom parent-artifactid log4j Medium Version file version 2.17.1 High Version Manifest Bundle-Version 2.17.1 High Version Manifest Implementation-Version 2.17.1 High Version Manifest log4jreleaseversion 2.17.1 Medium Version pom version 2.17.1 Highest
Description:
JavaMail API (compat) License:
http://www.sun.com/cddl, https://glassfish.java.net/public/CDDL+GPL_1_1.html File Path: /home/grprdist/.m2/repository/javax/mail/mail/1.4.7/mail-1.4.7.jar
MD5: 77f53ff0c78ba43c4812ecc9f53e20f8
SHA1: 9add058589d5d85adeb625859bf2c5eeaaedf12d
SHA256: 78c33b4f7c7b60f4b680f2d2405b1f063d71929cf1a4fbc328888379f365fcfb
Referenced In Projects/Scopes: Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name mail High Vendor jar package name javax Highest Vendor jar package name mail Highest Vendor jar package name provider Highest Vendor jar package name sun Highest Vendor jar (hint) package name oracle Highest Vendor Manifest bundle-docurl http://www.oracle.com Low Vendor Manifest bundle-symbolicname javax.mail Medium Vendor Manifest extension-name javax.mail Medium Vendor Manifest Implementation-Vendor Oracle High Vendor Manifest Implementation-Vendor-Id com.sun Medium Vendor Manifest originally-created-by 1.7.0_15 (Oracle Corporation) Low Vendor Manifest probe-provider-xml-file-names META-INF/gfprobe-provider.xml Medium Vendor Manifest specification-vendor Oracle Low Vendor Manifest (hint) Implementation-Vendor sun High Vendor Manifest (hint) specification-vendor sun Low Vendor pom artifactid mail Highest Vendor pom artifactid mail Low Vendor pom groupid javax.mail Highest Vendor pom name JavaMail API (compat) High Vendor pom parent-artifactid all Low Vendor pom parent-groupid com.sun.mail Medium Product file name mail High Product jar package name javax Highest Product jar package name mail Highest Product jar package name provider Highest Product jar package name sun Highest Product Manifest bundle-docurl http://www.oracle.com Low Product Manifest Bundle-Name JavaMail API (compat) Medium Product Manifest bundle-symbolicname javax.mail Medium Product Manifest extension-name javax.mail Medium Product Manifest Implementation-Title javax.mail High Product Manifest originally-created-by 1.7.0_15 (Oracle Corporation) Low Product Manifest probe-provider-xml-file-names META-INF/gfprobe-provider.xml Medium Product Manifest specification-title JavaMail(TM) API Design Specification Medium Product pom artifactid mail Highest Product pom groupid javax.mail Highest Product pom name JavaMail API (compat) High Product pom parent-artifactid all Medium Product pom parent-groupid com.sun.mail Medium Version file version 1.4.7 High Version Manifest Bundle-Version 1.4.7 High Version Manifest Implementation-Version 1.4.7 High Version pom version 1.4.7 Highest
Description:
mchange-commons-java License:
GNU Lesser General Public License, Version 2.1: http://www.gnu.org/licenses/lgpl-2.1.html
Eclipse Public License, Version 1.0: http://www.eclipse.org/org/documents/epl-v10.html File Path: /home/grprdist/.m2/repository/com/mchange/mchange-commons-java/0.2.15/mchange-commons-java-0.2.15.jar
MD5: 97c4575d9d49d9afb71492e6bb4417da
SHA1: 6ef5abe5f1b94ac45b7b5bad42d871da4fda6bbc
SHA256: 2b8fce65e95a3e968d5ab3507e2833f43df3daee0635ee51c7ce33343bb3a21c
Referenced In Projects/Scopes: Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name mchange-commons-java High Vendor jar package name mchange Highest Vendor Manifest Implementation-Vendor com.mchange High Vendor Manifest Implementation-Vendor-Id com.mchange Medium Vendor Manifest specification-vendor com.mchange Low Vendor pom artifactid mchange-commons-java Highest Vendor pom artifactid mchange-commons-java Low Vendor pom developer email swaldman@mchange.com Low Vendor pom developer id swaldman Medium Vendor pom developer name Steve Waldman Medium Vendor pom groupid com.mchange Highest Vendor pom name mchange-commons-java High Vendor pom organization name com.mchange High Vendor pom url swaldman/mchange-commons-java Highest Product file name mchange-commons-java High Product jar package name mchange Highest Product Manifest Implementation-Title mchange-commons-java High Product Manifest specification-title mchange-commons-java Medium Product pom artifactid mchange-commons-java Highest Product pom developer email swaldman@mchange.com Low Product pom developer id swaldman Low Product pom developer name Steve Waldman Low Product pom groupid com.mchange Highest Product pom name mchange-commons-java High Product pom organization name com.mchange Low Product pom url swaldman/mchange-commons-java High Version file version 0.2.15 High Version Manifest Implementation-Version 0.2.15 High Version pom version 0.2.15 Highest
Description:
MXParser is a fork of xpp3_min 1.1.7 containing only the parser with merged changes of the Plexus fork.
License:
Indiana University Extreme! Lab Software License: https://raw.githubusercontent.com/x-stream/mxparser/master/LICENSE.txt File Path: /home/grprdist/.m2/repository/io/github/x-stream/mxparser/1.2.2/mxparser-1.2.2.jar
MD5: 9d7e42409dfdcee9bd17903015bdeae2
SHA1: 476fb3b3bb3716cad797cd054ce45f89445794e9
SHA256: aeeee23a3303d811bca8790ea7f25b534314861c03cff36dafdcc2180969eb97
Referenced In Projects/Scopes: Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name mxparser High Vendor jar package name github Highest Vendor jar package name io Highest Vendor jar package name mxparser Highest Vendor jar package name xstream Highest Vendor Manifest automatic-module-name io.github.xstream.mxparser Medium Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-symbolicname mxparser Medium Vendor Manifest java_1_4_home /opt/blackdown-jdk-1.4.2.03 Low Vendor Manifest java_1_5_home /opt/sun-jdk-1.5.0.22 Low Vendor Manifest java_1_6_home /opt/sun-jdk-1.6.0.45 Low Vendor Manifest java_1_7_home /opt/oracle-jdk-bin-1.7.0.80 Low Vendor Manifest java_1_8_home /opt/oracle-jdk-bin-1.8.0.202 Low Vendor Manifest java_9_home /opt/oracle-jdk-bin-9.0.4 Low Vendor Manifest x-build-os Linux Low Vendor Manifest x-build-time 2021-08-18T22:35:34Z Low Vendor Manifest x-builder Maven 3.8.1 Low Vendor Manifest x-compile-source 1.4 Low Vendor Manifest x-compile-target 1.4 Low Vendor pom artifactid mxparser Highest Vendor pom artifactid mxparser Low Vendor pom developer id mxparser Medium Vendor pom developer name XStream Committers Medium Vendor pom groupid io.github.x-stream Highest Vendor pom name MXParser High Vendor pom url http://x-stream.github.io/mxparser Highest Product file name mxparser High Product jar package name github Highest Product jar package name io Highest Product jar package name mxparser Highest Product jar package name xstream Highest Product Manifest automatic-module-name io.github.xstream.mxparser Medium Product Manifest build-jdk-spec 1.8 Low Product Manifest Bundle-Name MXParser Medium Product Manifest bundle-symbolicname mxparser Medium Product Manifest Implementation-Title MXParser High Product Manifest java_1_4_home /opt/blackdown-jdk-1.4.2.03 Low Product Manifest java_1_5_home /opt/sun-jdk-1.5.0.22 Low Product Manifest java_1_6_home /opt/sun-jdk-1.6.0.45 Low Product Manifest java_1_7_home /opt/oracle-jdk-bin-1.7.0.80 Low Product Manifest java_1_8_home /opt/oracle-jdk-bin-1.8.0.202 Low Product Manifest java_9_home /opt/oracle-jdk-bin-9.0.4 Low Product Manifest specification-title MXParser Medium Product Manifest x-build-os Linux Low Product Manifest x-build-time 2021-08-18T22:35:34Z Low Product Manifest x-builder Maven 3.8.1 Low Product Manifest x-compile-source 1.4 Low Product Manifest x-compile-target 1.4 Low Product pom artifactid mxparser Highest Product pom developer id mxparser Low Product pom developer name XStream Committers Low Product pom groupid io.github.x-stream Highest Product pom name MXParser High Product pom url http://x-stream.github.io/mxparser Medium Version file version 1.2.2 High Version Manifest Bundle-Version 1.2.2 High Version Manifest Implementation-Version 1.2.2 High Version pom version 1.2.2 Highest
Description:
JDBC Type 4 driver for MySQL. License:
The GNU General Public License, v2 with Universal FOSS Exception, v1.0 File Path: /home/grprdist/.m2/repository/com/mysql/mysql-connector-j/8.0.33/mysql-connector-j-8.0.33.jar
MD5: 801b67e18f23e4e9ec392812a1c108d4
SHA1: 9e64d997873abc4318620264703d3fdb6b02dd5a
SHA256: e2a3b2fc726a1ac64e998585db86b30fa8bf3f706195b78bb77c5f99bf877bd9
Referenced In Projects/Scopes: Grouper API:runtime Grouper SCIM:provided Grouper WS Test:runtime Grouper WS:runtime Grouper UI:runtime Evidence Type Source Name Value Confidence Vendor file name mysql-connector-j High Vendor hint analyzer vendor oracle Highest Vendor hint analyzer (hint) vendor sun Highest Vendor jar package name cj Highest Vendor jar package name driver Highest Vendor jar package name jdbc Highest Vendor jar package name mysql Highest Vendor jar package name type Highest Vendor Manifest bundle-symbolicname com.mysql.cj Medium Vendor Manifest Implementation-Vendor Oracle High Vendor Manifest Implementation-Vendor-Id com.mysql Medium Vendor Manifest specification-vendor Oracle Corporation Low Vendor Manifest (hint) Implementation-Vendor sun High Vendor pom artifactid mysql-connector-j Highest Vendor pom artifactid mysql-connector-j Low Vendor pom developer email filipe.silva@oracle.com Low Vendor pom developer name Filipe Silva Medium Vendor pom developer org Oracle Corporation Medium Vendor pom developer org URL https://www.oracle.com/ Medium Vendor pom groupid com.mysql Highest Vendor pom name MySQL Connector/J High Vendor pom organization name Oracle Corporation High Vendor pom organization url https://www.oracle.com/ Medium Vendor pom url http://dev.mysql.com/doc/connector-j/en/ Highest Product file name mysql-connector-j High Product hint analyzer product mysql_connector/j Highest Product hint analyzer product mysql_connector_j Highest Product hint analyzer product mysql_connectors Highest Product jar package name cj Highest Product jar package name driver Highest Product jar package name jdbc Highest Product jar package name mysql Highest Product jar package name type Highest Product jar package name xdevapi Highest Product Manifest Bundle-Name Oracle Corporation's JDBC and XDevAPI Driver for MySQL Medium Product Manifest bundle-symbolicname com.mysql.cj Medium Product Manifest Implementation-Title MySQL Connector/J High Product Manifest specification-title JDBC Medium Product pom artifactid mysql-connector-j Highest Product pom developer email filipe.silva@oracle.com Low Product pom developer name Filipe Silva Low Product pom developer org Oracle Corporation Low Product pom developer org URL https://www.oracle.com/ Low Product pom groupid com.mysql Highest Product pom name MySQL Connector/J High Product pom organization name Oracle Corporation Low Product pom organization url https://www.oracle.com/ Low Product pom url http://dev.mysql.com/doc/connector-j/en/ Medium Version file version 8.0.33 High Version Manifest Bundle-Version 8.0.33 High Version Manifest Implementation-Version 8.0.33 High Version pom version 8.0.33 Highest
CVE-2023-22102 suppress
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.1.0 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Connectors, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). NVD-CWE-noinfo
CVSSv3:
Base Score: HIGH (8.3) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
Description:
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers and clients. License:
https://www.apache.org/licenses/LICENSE-2.0 File Path: /home/grprdist/.m2/repository/io/netty/netty-codec-http/4.1.72.Final/netty-codec-http-4.1.72.Final.jar
MD5: 299f0a5309cdd6b88c370a0c3d52ee4d
SHA1: a8f062d67303a5e4b2bc2ad48fb4fd8c99108e45
SHA256: fa6fec88010bfaf6a7415b5364671b6b18ffb6b35a986ab97b423fd8c3a0174b
Referenced In Projects/Scopes: Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name netty-codec-http High Vendor jar package name codec Highest Vendor jar package name io Highest Vendor jar package name netty Highest Vendor Manifest automatic-module-name io.netty.codec.http Medium Vendor Manifest bundle-docurl https://netty.io/ Low Vendor Manifest bundle-symbolicname io.netty.codec-http Medium Vendor Manifest implementation-url https://netty.io/netty-codec-http/ Low Vendor Manifest Implementation-Vendor The Netty Project High Vendor Manifest Implementation-Vendor-Id io.netty Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor pom artifactid netty-codec-http Highest Vendor pom artifactid netty-codec-http Low Vendor pom groupid io.netty Highest Vendor pom name Netty/Codec/HTTP High Vendor pom parent-artifactid netty-parent Low Product file name netty-codec-http High Product jar package name codec Highest Product jar package name io Highest Product jar package name netty Highest Product Manifest automatic-module-name io.netty.codec.http Medium Product Manifest bundle-docurl https://netty.io/ Low Product Manifest Bundle-Name Netty/Codec/HTTP Medium Product Manifest bundle-symbolicname io.netty.codec-http Medium Product Manifest Implementation-Title Netty/Codec/HTTP High Product Manifest implementation-url https://netty.io/netty-codec-http/ Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product pom artifactid netty-codec-http Highest Product pom groupid io.netty Highest Product pom name Netty/Codec/HTTP High Product pom parent-artifactid netty-parent Medium Version Manifest Bundle-Version 4.1.72.Final High Version Manifest Implementation-Version 4.1.72.Final High Version pom version 4.1.72.Final Highest
CVE-2022-41881 suppress
Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version 4.1.86.Final. There is no workaround, except using a custom HaProxyMessageDecoder. CWE-674 Uncontrolled Recursion
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions:
CVE-2023-44487 suppress
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2023-34462 suppress
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `SniHandler` can allocate up to 16MB of heap for each channel during the TLS handshake. When the handler or the channel does not have an idle timeout, it can be used to make a TCP server using the `SniHandler` to allocate 16MB of heap. The `SniHandler` class is a handler that waits for the TLS handshake to configure a `SslHandler` according to the indicated server name by the `ClientHello` record. For this matter it allocates a `ByteBuf` using the value defined in the `ClientHello` record. Normally the value of the packet should be smaller than the handshake packet but there are not checks done here and the way the code is written, it is possible to craft a packet that makes the `SslClientHelloHandler`. This vulnerability has been fixed in version 4.1.94.Final. CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions:
CVE-2022-24823 suppress
Netty is an open-source, asynchronous event-driven network application framework. The package `io.netty:netty-codec-http` prior to version 4.1.77.Final contains an insufficient fix for CVE-2021-21290. When Netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. This only impacts applications running on Java version 6 and lower. Additionally, this vulnerability impacts code running on Unix-like systems, and very old versions of Mac OSX and Windows as they all share the system temporary directory between all users. Version 4.1.77.Final contains a patch for this vulnerability. As a workaround, specify one's own `java.io.tmpdir` when starting the JVM or use DefaultHttpDataFactory.setBaseDir(...) to set the directory to something that is only readable by the current user. CWE-378 Creation of Temporary File With Insecure Permissions, CWE-379 Creation of Temporary File in Directory with Incorrect Permissions, CWE-668 Exposure of Resource to Wrong Sphere
CVSSv2:
Base Score: LOW (1.9) Vector: /AV:L/AC:M/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions: (show all )
CVE-2024-29025 (OSSINDEX)suppress
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `HttpPostRequestDecoder` can be tricked to accumulate data. While the decoder can store items on the disk if configured so, there are no limits to the number of fields the form can have, an attacher can send a chunked post consisting of many small fields that will be accumulated in the `bodyListHttpData` list. The decoder cumulates bytes in the `undecodedChunk` buffer until it can decode a field, this field can cumulate data without limits. This vulnerability is fixed in 4.1.108.Final.
Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2024-29025 for details CWE-770 Allocation of Resources Without Limits or Throttling
CVSSv2:
Base Score: MEDIUM (5.3) Vector: /AV:N/AC:L/Au:/C:N/I:N/A:L References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:io.netty:netty-codec-http:4.1.72.Final:*:*:*:*:*:*:* Description:
Java Concurrency Tools Core Library License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/io/netty/netty-common/4.1.72.Final/netty-common-4.1.72.Final.jar/META-INF/maven/org.jctools/jctools-core/pom.xml
MD5: 08e7326c64d7fd6ae4ea32e7eb4e5b79
SHA1: 9deceaba814dea198202b04fe0eec0d2dbf69ea9
SHA256: acaf1b4c366f6794a734288a2c003f16af90a9c479cf4d7daade689764e4fb47
Referenced In Projects/Scopes: Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor pom artifactid jctools-core Low Vendor pom groupid org.jctools Highest Vendor pom name Java Concurrency Tools Core Library High Vendor pom url JCTools Highest Product pom artifactid jctools-core Highest Product pom groupid org.jctools Highest Product pom name Java Concurrency Tools Core Library High Product pom url JCTools High Version pom version 3.1.0 Highest
Description:
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers and clients. License:
https://www.apache.org/licenses/LICENSE-2.0 File Path: /home/grprdist/.m2/repository/io/netty/netty-transport/4.1.72.Final/netty-transport-4.1.72.Final.jar
MD5: 6f4128413f9200c948bcceb2299bb7e5
SHA1: 99138b436a584879355aca8fe3c64b46227d5d79
SHA256: c5fb68e9a65b6e8a516adfcb9fa323479ee7b4d9449d8a529d2ecab3d3711d5a
Referenced In Projects/Scopes: Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name netty-transport High Vendor jar package name io Highest Vendor jar package name netty Highest Vendor Manifest automatic-module-name io.netty.transport Medium Vendor Manifest bundle-docurl https://netty.io/ Low Vendor Manifest bundle-symbolicname io.netty.transport Medium Vendor Manifest implementation-url https://netty.io/netty-transport/ Low Vendor Manifest Implementation-Vendor The Netty Project High Vendor Manifest Implementation-Vendor-Id io.netty Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor pom artifactid netty-transport Highest Vendor pom artifactid netty-transport Low Vendor pom groupid io.netty Highest Vendor pom name Netty/Transport High Vendor pom parent-artifactid netty-parent Low Product file name netty-transport High Product jar package name io Highest Product jar package name netty Highest Product Manifest automatic-module-name io.netty.transport Medium Product Manifest bundle-docurl https://netty.io/ Low Product Manifest Bundle-Name Netty/Transport Medium Product Manifest bundle-symbolicname io.netty.transport Medium Product Manifest Implementation-Title Netty/Transport High Product Manifest implementation-url https://netty.io/netty-transport/ Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product pom artifactid netty-transport Highest Product pom groupid io.netty Highest Product pom name Netty/Transport High Product pom parent-artifactid netty-parent Medium Version Manifest Bundle-Version 4.1.72.Final High Version Manifest Implementation-Version 4.1.72.Final High Version pom version 4.1.72.Final Highest
Related Dependencies netty-buffer-4.1.72.Final.jarFile Path: /home/grprdist/.m2/repository/io/netty/netty-buffer/4.1.72.Final/netty-buffer-4.1.72.Final.jar MD5: c634cd6c023be6687141249ea6520349 SHA1: f306eec3f79541f9b8af9c471a0d5b63b7996272 SHA256: 568ff7cd9d8e2284ec980730c88924f686642929f8f219a74518b4e64755f3a1 pkg:maven/io.netty/netty-buffer@4.1.72.Final netty-common-4.1.72.Final.jarFile Path: /home/grprdist/.m2/repository/io/netty/netty-common/4.1.72.Final/netty-common-4.1.72.Final.jar MD5: 97eac92e43b01012ccfe4cf877279b90 SHA1: a55bac9c3af5f59828207b551a96ac19bbfc341e SHA256: 8adb4c291260ceb2859a68c49f0adeed36bf49587608e2b81ecff6aaf06025e9 pkg:maven/io.netty/netty-common@4.1.72.Final CVE-2022-41881 suppress
Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version 4.1.86.Final. There is no workaround, except using a custom HaProxyMessageDecoder. CWE-674 Uncontrolled Recursion
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions:
CVE-2023-44487 suppress
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions: (show all )
CVE-2023-34462 suppress
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `SniHandler` can allocate up to 16MB of heap for each channel during the TLS handshake. When the handler or the channel does not have an idle timeout, it can be used to make a TCP server using the `SniHandler` to allocate 16MB of heap. The `SniHandler` class is a handler that waits for the TLS handshake to configure a `SslHandler` according to the indicated server name by the `ClientHello` record. For this matter it allocates a `ByteBuf` using the value defined in the `ClientHello` record. Normally the value of the packet should be smaller than the handshake packet but there are not checks done here and the way the code is written, it is possible to craft a packet that makes the `SslClientHelloHandler`. This vulnerability has been fixed in version 4.1.94.Final. CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions:
CVE-2022-24823 suppress
Netty is an open-source, asynchronous event-driven network application framework. The package `io.netty:netty-codec-http` prior to version 4.1.77.Final contains an insufficient fix for CVE-2021-21290. When Netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. This only impacts applications running on Java version 6 and lower. Additionally, this vulnerability impacts code running on Unix-like systems, and very old versions of Mac OSX and Windows as they all share the system temporary directory between all users. Version 4.1.77.Final contains a patch for this vulnerability. As a workaround, specify one's own `java.io.tmpdir` when starting the JVM or use DefaultHttpDataFactory.setBaseDir(...) to set the directory to something that is only readable by the current user. CWE-378 Creation of Temporary File With Insecure Permissions, CWE-379 Creation of Temporary File in Directory with Incorrect Permissions, CWE-668 Exposure of Resource to Wrong Sphere
CVSSv2:
Base Score: LOW (1.9) Vector: /AV:L/AC:M/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions: (show all )
Description:
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers and clients. License:
https://www.apache.org/licenses/LICENSE-2.0 File Path: /home/grprdist/.m2/repository/io/netty/netty-transport-classes-epoll/4.1.106.Final/netty-transport-classes-epoll-4.1.106.Final.jar
MD5: f015b2176b3ba5ad2328db67fdc133a3
SHA1: c058d5c712e00e8560e519970b3d27747778b8f2
SHA256: ebbea0f678a2f3947eb200be033ed7fe553067e39cb5df4b769d1b9fc6a29872
Referenced In Projects/Scopes: Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name netty-transport-classes-epoll High Vendor jar package name epoll Highest Vendor jar package name io Highest Vendor jar package name netty Highest Vendor Manifest automatic-module-name io.netty.transport.classes.epoll Medium Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://netty.io/ Low Vendor Manifest bundle-symbolicname io.netty.transport-classes-epoll Medium Vendor Manifest implementation-url https://netty.io/netty-transport-classes-epoll/ Low Vendor Manifest Implementation-Vendor The Netty Project High Vendor Manifest Implementation-Vendor-Id io.netty Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor Manifest specification-vendor The Netty Project Low Vendor pom artifactid netty-transport-classes-epoll Highest Vendor pom artifactid netty-transport-classes-epoll Low Vendor pom groupid io.netty Highest Vendor pom name Netty/Transport/Classes/Epoll High Vendor pom parent-artifactid netty-parent Low Product file name netty-transport-classes-epoll High Product jar package name epoll Highest Product jar package name io Highest Product jar package name netty Highest Product Manifest automatic-module-name io.netty.transport.classes.epoll Medium Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://netty.io/ Low Product Manifest Bundle-Name Netty/Transport/Classes/Epoll Medium Product Manifest bundle-symbolicname io.netty.transport-classes-epoll Medium Product Manifest Implementation-Title Netty/Transport/Classes/Epoll High Product Manifest implementation-url https://netty.io/netty-transport-classes-epoll/ Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product Manifest specification-title Netty/Transport/Classes/Epoll Medium Product pom artifactid netty-transport-classes-epoll Highest Product pom groupid io.netty Highest Product pom name Netty/Transport/Classes/Epoll High Product pom parent-artifactid netty-parent Medium Version Manifest Bundle-Version 4.1.106.Final High Version Manifest Implementation-Version 4.1.106.Final High Version pom version 4.1.106.Final Highest
Related Dependencies netty-codec-4.1.106.Final.jarFile Path: /home/grprdist/.m2/repository/io/netty/netty-codec/4.1.106.Final/netty-codec-4.1.106.Final.jar MD5: d7867a17c4841fc3d354e835f0f6f334 SHA1: 025171b63aa1e7a5fd8a7e4e660d6d3110241ea7 SHA256: 93863dfd690f7ace7c26e4c808fdc24780adad465b3cdcb7ce3fc73c422df76f pkg:maven/io.netty/netty-codec@4.1.106.Final netty-handler-4.1.106.Final.jarFile Path: /home/grprdist/.m2/repository/io/netty/netty-handler/4.1.106.Final/netty-handler-4.1.106.Final.jar MD5: bea2a6a477a240f875a7844cc3e03f79 SHA1: 874c970c4ff958b1140dde52bc17e6a9e7cde662 SHA256: 5a919ad88b6d9e9f08c3069980bc656a62926a00e6ba2da5859aa0ee4e202e44 pkg:maven/io.netty/netty-handler@4.1.106.Final netty-resolver-4.1.106.Final.jarFile Path: /home/grprdist/.m2/repository/io/netty/netty-resolver/4.1.106.Final/netty-resolver-4.1.106.Final.jar MD5: 2def73e9e3270eb85dfe3ba8a4275860 SHA1: e185ae573db04939215f94d6ba869758dcecbde9 SHA256: 404958b8f0590ee526013d011cd2354dab78adbaad743d7d444db33a3f9eabac pkg:maven/io.netty/netty-resolver@4.1.106.Final netty-transport-classes-kqueue-4.1.106.Final.jarFile Path: /home/grprdist/.m2/repository/io/netty/netty-transport-classes-kqueue/4.1.106.Final/netty-transport-classes-kqueue-4.1.106.Final.jar MD5: 9d867699350ce89cd1adc4d137e6fa0c SHA1: c09ce8927dbf58e7b0fc6291a9df1675dc98a29a SHA256: f68ed442500165c6a3873e0731e1b62084b42f842d0f4766747480ef1fc9763e pkg:maven/io.netty/netty-transport-classes-kqueue@4.1.106.Final netty-transport-native-epoll-4.1.106.Final-linux-aarch_64.jarFile Path: /home/grprdist/.m2/repository/io/netty/netty-transport-native-epoll/4.1.106.Final/netty-transport-native-epoll-4.1.106.Final-linux-aarch_64.jar MD5: 4bd878715fe655024251d92e9fa2bc69 SHA1: 8a26047ae8e73fdc2465bf0dde1ea48f3c3d8710 SHA256: 00b80b9d12bbd70cdac6fbc5ad5a552faaabf5bf5b5482c8078a7332f141d4ab pkg:maven/io.netty/netty-transport-native-epoll@4.1.106.Final netty-transport-native-epoll-4.1.106.Final-linux-x86_64.jarFile Path: /home/grprdist/.m2/repository/io/netty/netty-transport-native-epoll/4.1.106.Final/netty-transport-native-epoll-4.1.106.Final-linux-x86_64.jar MD5: 9c3b23c50b359da7da9f6675453282ce SHA1: dd717a7c6558bc977209f5c10666e5d165f5a045 SHA256: 6e64e63d3b8dbeb42bc388ebf3e30339e89cc1d57e25238738a736b67ce453d8 pkg:maven/io.netty/netty-transport-native-epoll@4.1.106.Final netty-transport-native-kqueue-4.1.106.Final-osx-aarch_64.jarFile Path: /home/grprdist/.m2/repository/io/netty/netty-transport-native-kqueue/4.1.106.Final/netty-transport-native-kqueue-4.1.106.Final-osx-aarch_64.jar MD5: 53061d2b2bf09661220e4f7d1f02fee8 SHA1: 1fb9cb0a6785196b3f44e27e26b72d04f4ac6c4d SHA256: 4c7365e533ba43b4b5322181cdca0e6f59ec8fef5efc81d8e932fc69160950b8 pkg:maven/io.netty/netty-transport-native-kqueue@4.1.106.Final netty-transport-native-kqueue-4.1.106.Final-osx-x86_64.jarFile Path: /home/grprdist/.m2/repository/io/netty/netty-transport-native-kqueue/4.1.106.Final/netty-transport-native-kqueue-4.1.106.Final-osx-x86_64.jar MD5: ffc89d4ea05105339b444035796c0af6 SHA1: 3a2aefbcb4f7ef63a78574cb7a7c7cb42e7b455c SHA256: 95ead0483800f043976b27c52e308fc3f88066a1c63cc1abb9ca5e771eff9451 pkg:maven/io.netty/netty-transport-native-kqueue@4.1.106.Final netty-transport-native-unix-common-4.1.106.Final.jarFile Path: /home/grprdist/.m2/repository/io/netty/netty-transport-native-unix-common/4.1.106.Final/netty-transport-native-unix-common-4.1.106.Final.jar MD5: f4133e623e13bfebb99051ae40e46d3b SHA1: 2da179bd95903f0fa73218b8f0d02690c0cfbc94 SHA256: f52d4b38c571066bfaae964a7867fa937f0e54fb5ff467c576cb650a20a854e8 pkg:maven/io.netty/netty-transport-native-unix-common@4.1.106.Final License:
Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/com/nimbusds/nimbus-jose-jwt/9.37/nimbus-jose-jwt-9.37.jar/META-INF/maven/com.google.code.gson/gson/pom.xml
MD5: c13f373086992bab8989b514941891a6
SHA1: ce159faf33c1e665e1f3a785a5d678a2b20151bc
SHA256: d2b115634f5c085db4b9c9ffc2658e89e231fdbfbe2242121a1cd95d4d948dd7
Referenced In Projects/Scopes: Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor pom artifactid gson Low Vendor pom groupid com.google.code.gson Highest Vendor pom name Gson High Vendor pom parent-artifactid gson-parent Low Product pom artifactid gson Highest Product pom groupid com.google.code.gson Highest Product pom name Gson High Product pom parent-artifactid gson-parent Medium Version pom version 2.10.1 Highest
Description:
Java library for Javascript Object Signing and Encryption (JOSE) and
JSON Web Tokens (JWT)
License:
The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/com/nimbusds/nimbus-jose-jwt/9.37/nimbus-jose-jwt-9.37.jar
MD5: c593b0342cf07446341c1d967bcb96b5
SHA1: 58580e151df90c5438aa8a3b03174e8e6831ff68
SHA256: 3c579abbf00697f37b5ffbe91eb62ff016d4ef812ba09ce074e84bdc50ff93a3
Referenced In Projects/Scopes: Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name nimbus-jose-jwt High Vendor jar package name jose Highest Vendor jar package name jwt Highest Vendor jar package name nimbusds Highest Vendor Manifest automatic-module-name com.nimbusds.jose.jwt Medium Vendor Manifest build-date ${timestamp} Low Vendor Manifest build-number ${buildNumber} Low Vendor Manifest build-tag 9.37 Low Vendor Manifest bundle-docurl https://connect2id.com Low Vendor Manifest bundle-symbolicname com.nimbusds.nimbus-jose-jwt Medium Vendor Manifest implementation-url https://bitbucket.org/connect2id/nimbus-jose-jwt Low Vendor Manifest Implementation-Vendor Connect2id Ltd. High Vendor Manifest Implementation-Vendor-Id com.nimbusds Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Vendor Manifest specification-vendor Connect2id Ltd. Low Vendor pom artifactid nimbus-jose-jwt Highest Vendor pom artifactid nimbus-jose-jwt Low Vendor pom developer email vladimir@dzhuvinov.com Low Vendor pom developer id vdzhuvinov Medium Vendor pom developer name Vladimir Dzhuvinov Medium Vendor pom groupid com.nimbusds Highest Vendor pom name Nimbus JOSE+JWT High Vendor pom organization name Connect2id Ltd. High Vendor pom organization url https://connect2id.com Medium Vendor pom url https://bitbucket.org/connect2id/nimbus-jose-jwt Highest Product file name nimbus-jose-jwt High Product jar package name 9 Highest Product jar package name jose Highest Product jar package name jwt Highest Product jar package name nimbusds Highest Product Manifest automatic-module-name com.nimbusds.jose.jwt Medium Product Manifest build-date ${timestamp} Low Product Manifest build-number ${buildNumber} Low Product Manifest build-tag 9.37 Low Product Manifest bundle-docurl https://connect2id.com Low Product Manifest Bundle-Name Nimbus JOSE+JWT Medium Product Manifest bundle-symbolicname com.nimbusds.nimbus-jose-jwt Medium Product Manifest Implementation-Title Nimbus JOSE+JWT High Product Manifest implementation-url https://bitbucket.org/connect2id/nimbus-jose-jwt Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Product Manifest specification-title Nimbus JOSE+JWT Medium Product pom artifactid nimbus-jose-jwt Highest Product pom developer email vladimir@dzhuvinov.com Low Product pom developer id vdzhuvinov Low Product pom developer name Vladimir Dzhuvinov Low Product pom groupid com.nimbusds Highest Product pom name Nimbus JOSE+JWT High Product pom organization name Connect2id Ltd. Low Product pom organization url https://connect2id.com Low Product pom url https://bitbucket.org/connect2id/nimbus-jose-jwt Medium Version file version 9.37 High Version Manifest build-tag 9.37 Low Version Manifest Implementation-Version 9.37 High Version pom version 9.37 Highest
CVE-2023-52428 (OSSINDEX)suppress
In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service (resource consumption) via a large JWE p2c header value (aka iteration count) for the PasswordBasedDecrypter (PBKDF2) component. CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:/C:N/I:N/A:H References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:com.nimbusds:nimbus-jose-jwt:9.37:*:*:*:*:*:*:* Description:
OAuth 2.0 SDK with OpenID Connection extensions for developing client
and server applications.
License:
Apache License, version 2.0: https://www.apache.org/licenses/LICENSE-2.0.html File Path: /home/grprdist/.m2/repository/com/nimbusds/oauth2-oidc-sdk/11.6/oauth2-oidc-sdk-11.6.jar
MD5: 12058cd10638be7a80992f858cb58df6
SHA1: 5c95362da185de3675f57f5a9f83ad7d623c9ccb
SHA256: 9b4edafcfdd664ad46d30bf16b727f1c87de5fe02b55e7388ff7bc66e1192c02
Referenced In Projects/Scopes: Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name oauth2-oidc-sdk High Vendor jar package name client Highest Vendor jar package name connect Highest Vendor jar package name nimbusds Highest Vendor jar package name oauth2 Highest Vendor jar package name openid Highest Vendor jar package name sdk Highest Vendor Manifest build-date 20231105.174249.773 Low Vendor Manifest build-jdk-spec 11 Low Vendor Manifest build-number 59af848f4f0a9645539dd84e85e0d91947cb7f5b Low Vendor Manifest build-tag 11.6 Low Vendor Manifest bundle-developers vdzhuvinov;email="vd@connect2id.com";name="Vladimir Dzhuvinov" Low Vendor Manifest bundle-docurl https://bitbucket.org/connect2id/oauth-2.0-sdk-with-openid-connect-extensions Low Vendor Manifest bundle-symbolicname oauth2-oidc-sdk Medium Vendor Manifest Implementation-Vendor Connect2id Ltd. High Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Vendor Manifest specification-vendor Connect2id Ltd. Low Vendor pom artifactid oauth2-oidc-sdk Highest Vendor pom artifactid oauth2-oidc-sdk Low Vendor pom developer email vd@connect2id.com Low Vendor pom developer id vdzhuvinov Medium Vendor pom developer name Vladimir Dzhuvinov Medium Vendor pom groupid com.nimbusds Highest Vendor pom name OAuth 2.0 SDK with OpenID Connect extensions High Vendor pom organization name Connect2id Ltd. High Vendor pom organization url https://connect2id.com Medium Vendor pom url https://bitbucket.org/connect2id/oauth-2.0-sdk-with-openid-connect-extensions Highest Product file name oauth2-oidc-sdk High Product jar package name client Highest Product jar package name connect Highest Product jar package name nimbusds Highest Product jar package name oauth2 Highest Product jar package name openid Highest Product jar package name sdk Highest Product Manifest build-date 20231105.174249.773 Low Product Manifest build-jdk-spec 11 Low Product Manifest build-number 59af848f4f0a9645539dd84e85e0d91947cb7f5b Low Product Manifest build-tag 11.6 Low Product Manifest bundle-developers vdzhuvinov;email="vd@connect2id.com";name="Vladimir Dzhuvinov" Low Product Manifest bundle-docurl https://bitbucket.org/connect2id/oauth-2.0-sdk-with-openid-connect-extensions Low Product Manifest Bundle-Name OAuth 2.0 SDK with OpenID Connect extensions Medium Product Manifest bundle-symbolicname oauth2-oidc-sdk Medium Product Manifest Implementation-Title OAuth 2.0 SDK with OpenID Connect extensions High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Product Manifest specification-title OAuth 2.0 SDK with OpenID Connect extensions Medium Product pom artifactid oauth2-oidc-sdk Highest Product pom developer email vd@connect2id.com Low Product pom developer id vdzhuvinov Low Product pom developer name Vladimir Dzhuvinov Low Product pom groupid com.nimbusds Highest Product pom name OAuth 2.0 SDK with OpenID Connect extensions High Product pom organization name Connect2id Ltd. Low Product pom organization url https://connect2id.com Low Product pom url https://bitbucket.org/connect2id/oauth-2.0-sdk-with-openid-connect-extensions Medium Version file version 11.6 High Version Manifest build-tag 11.6 Low Version Manifest Implementation-Version 11.6 High Version pom version 11.6 Highest
Description:
OSGi R8 framework implementation. License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/org/apache/felix/org.apache.felix.framework/7.0.3/org.apache.felix.framework-7.0.3.jar
MD5: ea392d1ab3f5f416f8aa1ac14c1c14ff
SHA1: c60632913c11ae47e8a6dcd5b617f48ee17693f5
SHA256: afd53fb601da924552129a965e3c2fbe1a17a3824b77c7f74b318606ef9a174d
Referenced In Projects/Scopes: Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name org.apache.felix.framework High Vendor jar package name apache Highest Vendor jar package name felix Highest Vendor jar package name framework Highest Vendor Manifest add-opens java.base/java.net java.base/sun.net.www.protocol.file java.base/sun.net.www.protocol.ftp java.base/sun.net.www.protocol.http java.base/sun.net.www.protocol.https java.base/sun.net.www.protocol.jar java.base/sun.net.www.protocol.jmod java.base/sun.net.www.protocol.mailto java.base/sun.net.www.protocol.jrt java.base/jdk.internal.loader java.base/java.security Low Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://www.apache.org/ Low Vendor Manifest bundle-symbolicname org.apache.felix.framework Medium Vendor Manifest provide-capability osgi.service;objectClass="org.osgi.service.packageadmin.PackageAdmin",osgi.service;objectClass="org.osgi.service.startlevel.StartLevel" Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor pom artifactid apache.felix.framework Low Vendor pom artifactid org.apache.felix.framework Highest Vendor pom groupid org.apache.felix Highest Vendor pom name Apache Felix Framework High Vendor pom parent-artifactid felix-parent Low Product file name org.apache.felix.framework High Product jar package name apache Highest Product jar package name felix Highest Product jar package name filter Highest Product jar package name framework Highest Product jar package name osgi Highest Product jar package name packageadmin Highest Product jar package name service Highest Product jar package name startlevel Highest Product jar package name version Highest Product Manifest add-opens java.base/java.net java.base/sun.net.www.protocol.file java.base/sun.net.www.protocol.ftp java.base/sun.net.www.protocol.http java.base/sun.net.www.protocol.https java.base/sun.net.www.protocol.jar java.base/sun.net.www.protocol.jmod java.base/sun.net.www.protocol.mailto java.base/sun.net.www.protocol.jrt java.base/jdk.internal.loader java.base/java.security Low Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://www.apache.org/ Low Product Manifest Bundle-Name Apache Felix Framework Medium Product Manifest bundle-symbolicname org.apache.felix.framework Medium Product Manifest provide-capability osgi.service;objectClass="org.osgi.service.packageadmin.PackageAdmin",osgi.service;objectClass="org.osgi.service.startlevel.StartLevel" Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product pom artifactid apache.felix.framework Highest Product pom artifactid org.apache.felix.framework Highest Product pom groupid org.apache.felix Highest Product pom name Apache Felix Framework High Product pom parent-artifactid felix-parent Medium Version file version 7.0.3 High Version Manifest Bundle-Version 7.0.3 High Version pom parent-version 7.0.3 Low Version pom version 7.0.3 Highest
Description:
WSO2 Charon - SCIM Implementation License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/org/wso2/charon/org.wso2.charon.core/2.1.3/org.wso2.charon.core-2.1.3.jar
MD5: b9c7fdad7ba33088ae18eb87f62850c9
SHA1: a59aac1d9b10638093a2b34c7e85b8197fd7b116
SHA256: 9faad93994ffc2226a1252b224101a7f95f576d6af4231ff2ac150042586c757
Referenced In Project/Scope: Grouper SCIM:compile
Evidence Type Source Name Value Confidence Vendor file name org.wso2.charon.core High Vendor jar package name charon Highest Vendor jar package name core Highest Vendor jar package name wso2 Highest Vendor Manifest bundle-docurl http://www.wso2.org/ Low Vendor Manifest bundle-symbolicname org.wso2.charon.core Medium Vendor pom artifactid org.wso2.charon.core Highest Vendor pom artifactid wso2.charon.core Low Vendor pom groupid org.wso2.charon Highest Vendor pom name WSO2 Charon - Core High Vendor pom parent-artifactid charon-parent Low Vendor pom url http://wso2.com Highest Product file name org.wso2.charon.core High Product jar package name charon Highest Product jar package name core Highest Product jar package name wso2 Highest Product Manifest bundle-docurl http://www.wso2.org/ Low Product Manifest Bundle-Name org.wso2.charon.core Medium Product Manifest bundle-symbolicname org.wso2.charon.core Medium Product pom artifactid org.wso2.charon.core Highest Product pom artifactid wso2.charon.core Highest Product pom groupid org.wso2.charon Highest Product pom name WSO2 Charon - Core High Product pom parent-artifactid charon-parent Medium Product pom url http://wso2.com Medium Version file version 2.1.3 High Version Manifest Bundle-Version 2.1.3 High Version pom version 2.1.3 Highest
Description:
WSO2 Charon - SCIM Implementation File Path: /home/grprdist/.m2/repository/org/wso2/charon/org.wso2.charon.samples/2.1.3/org.wso2.charon.samples-2.1.3.jarMD5: 174188250207f852a6d4a40c07214659SHA1: 86648e72e7c865855deca7655eabeac741e3b918SHA256: c2c9c64c2420f5b6c354d560c003d06bbffa3c61c23eafc42ff76a1913fcdd64Referenced In Project/Scope: Grouper SCIM:compile
Evidence Type Source Name Value Confidence Vendor file name org.wso2.charon.samples High Vendor jar package name charon Highest Vendor jar package name samples Highest Vendor jar package name wso2 Highest Vendor Manifest Implementation-Vendor WSO2 High Vendor Manifest Implementation-Vendor-Id org.wso2.charon Medium Vendor Manifest specification-vendor WSO2 Low Vendor pom artifactid org.wso2.charon.samples Highest Vendor pom artifactid wso2.charon.samples Low Vendor pom groupid org.wso2.charon Highest Vendor pom name WSO2 Charon - Samples High Vendor pom parent-artifactid charon-parent Low Vendor pom url http://wso2.com Highest Product file name org.wso2.charon.samples High Product jar package name charon Highest Product jar package name samples Highest Product jar package name wso2 Highest Product Manifest Implementation-Title WSO2 Charon - Samples High Product Manifest specification-title WSO2 Charon - Samples Medium Product pom artifactid org.wso2.charon.samples Highest Product pom artifactid wso2.charon.samples Highest Product pom groupid org.wso2.charon Highest Product pom name WSO2 Charon - Samples High Product pom parent-artifactid charon-parent Medium Product pom url http://wso2.com Medium Version file version 2.1.3 High Version Manifest Implementation-Version 2.1.3 High Version pom version 2.1.3 Highest
Description:
WSO2 Charon - SCIM Implementation File Path: /home/grprdist/.m2/repository/org/wso2/charon/org.wso2.charon.utils/2.1.3/org.wso2.charon.utils-2.1.3.jarMD5: c917fc503ca82dde2b06436b86381316SHA1: 3b8f16bcad7686008de6c4932155003322beb04fSHA256: 346183f82796efc1acb1b41c6925ef9264735569c4804447102f7652e935b2b4Referenced In Project/Scope: Grouper SCIM:compile
Evidence Type Source Name Value Confidence Vendor file name org.wso2.charon.utils High Vendor jar package name charon Highest Vendor jar package name utils Highest Vendor jar package name wso2 Highest Vendor Manifest Implementation-Vendor WSO2 High Vendor Manifest Implementation-Vendor-Id org.wso2.charon Medium Vendor Manifest specification-vendor WSO2 Low Vendor pom artifactid org.wso2.charon.utils Highest Vendor pom artifactid wso2.charon.utils Low Vendor pom groupid org.wso2.charon Highest Vendor pom name WSO2 Charon - Utils High Vendor pom parent-artifactid charon-parent Low Vendor pom url http://wso2.com Highest Product file name org.wso2.charon.utils High Product jar package name charon Highest Product jar package name utils Highest Product jar package name wso2 Highest Product Manifest Implementation-Title WSO2 Charon - Utils High Product Manifest specification-title WSO2 Charon - Utils Medium Product pom artifactid org.wso2.charon.utils Highest Product pom artifactid wso2.charon.utils Highest Product pom groupid org.wso2.charon Highest Product pom name WSO2 Charon - Utils High Product pom parent-artifactid charon-parent Medium Product pom url http://wso2.com Medium Version file version 2.1.3 High Version Manifest Implementation-Version 2.1.3 High Version pom version 2.1.3 Highest
CVE-2021-4277 suppress
A vulnerability, which was classified as problematic, has been found in fredsmith utils. This issue affects some unknown processing of the file screenshot_sync of the component Filename Handler. The manipulation leads to predictable from observable state. The name of the patch is dbab1b66955eeb3d76b34612b358307f5c4e3944. It is recommended to apply a patch to fix this issue. The identifier VDB-216749 was assigned to this vulnerability. CWE-330 Use of Insufficiently Random Values
CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N References:
Vulnerable Software & Versions:
File Path: /home/grprdist/.m2/repository/oro/oro/2.0.8/oro-2.0.8.jarMD5: 42e940d5d2d822f4dc04c65053e630abSHA1: 5592374f834645c4ae250f4c9fbb314c9369d698SHA256: e00ccdad5df7eb43fdee44232ef64602bf63807c2d133a7be83ba09fd49af26eReferenced In Projects/Scopes:
Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name oro High Vendor jar package name apache Highest Vendor jar package name oro Highest Vendor manifest: org/apache/oro Implementation-Vendor Apache Software Foundation Medium Vendor pom artifactid oro Highest Vendor pom artifactid oro Low Vendor pom groupid oro Highest Product file name oro High Product jar package name apache Highest Product jar package name oro Highest Product manifest: org/apache/oro Implementation-Title org.apache.oro Medium Product manifest: org/apache/oro Specification-Title Jakarta ORO Medium Product pom artifactid oro Highest Product pom groupid oro Highest Version file version 2.0.8 High Version pom version 2.0.8 Highest
Description:
Used by various API providers that rely on META-INF/services mechanism to locate providers. License:
EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html File Path: /home/grprdist/.m2/repository/org/glassfish/hk2/osgi-resource-locator/1.0.3/osgi-resource-locator-1.0.3.jar
MD5: e7e82b82118c5387ae45f7bf3892909b
SHA1: de3b21279df7e755e38275137539be5e2c80dd58
SHA256: aab5d7849f7cfcda2cc7c541ba1bd365151d42276f151c825387245dfde3dd74
Referenced In Projects/Scopes: Grouper WS Test:compile Grouper WS:compile Evidence Type Source Name Value Confidence Vendor file name osgi-resource-locator High Vendor jar package name glassfish Highest Vendor jar package name hk2 Highest Vendor Manifest bundle-activationpolicy lazy Low Vendor Manifest bundle-docurl https://www.eclipse.org Low Vendor Manifest bundle-symbolicname org.glassfish.hk2.osgi-resource-locator Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor pom artifactid osgi-resource-locator Highest Vendor pom artifactid osgi-resource-locator Low Vendor pom developer id ss141213 Medium Vendor pom developer name Sahoo Medium Vendor pom developer org Oracle Corporation Medium Vendor pom groupid org.glassfish.hk2 Highest Vendor pom name OSGi resource locator High Vendor pom parent-artifactid project Low Vendor pom parent-groupid org.eclipse.ee4j Medium Product file name osgi-resource-locator High Product jar package name glassfish Highest Product jar package name hk2 Highest Product Manifest bundle-activationpolicy lazy Low Product Manifest bundle-docurl https://www.eclipse.org Low Product Manifest Bundle-Name OSGi resource locator Medium Product Manifest bundle-symbolicname org.glassfish.hk2.osgi-resource-locator Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product pom artifactid osgi-resource-locator Highest Product pom developer id ss141213 Low Product pom developer name Sahoo Low Product pom developer org Oracle Corporation Low Product pom groupid org.glassfish.hk2 Highest Product pom name OSGi resource locator High Product pom parent-artifactid project Medium Product pom parent-groupid org.eclipse.ee4j Medium Version file version 1.0.3 High Version Manifest Bundle-Version 1.0.3 High Version pom parent-version 1.0.3 Low Version pom version 1.0.3 Highest
Description:
Java command line parser with both an annotations API and a programmatic API. Usage help with ANSI styles and colors. Autocomplete. Nested subcommands. Easily included as source to avoid adding a dependency. License:
The Apache Software License, version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/info/picocli/picocli/4.3.2/picocli-4.3.2.jar
MD5: f20bf12b29c0ffea894d557336171f39
SHA1: 37a9ed41f7a028611775b6e8ad831e3e5fcd6280
SHA256: 43c9cf516012aad1ac5ce6b54642e9cb1271e66d827b06a879fd314144d57550
Referenced In Projects/Scopes: Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name picocli High Vendor jar package name autocomplete Highest Vendor jar package name picocli Highest Vendor Manifest bundle-symbolicname picocli Medium Vendor Manifest Implementation-Vendor Remko Popma High Vendor Manifest multi-release true Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low Vendor Manifest specification-vendor Remko Popma Low Vendor pom artifactid picocli Highest Vendor pom artifactid picocli Low Vendor pom developer email rpopma@apache.org Low Vendor pom developer id rpopma Medium Vendor pom developer name Remko Popma Medium Vendor pom groupid info.picocli Highest Vendor pom name picocli - a mighty tiny Command Line Interface High Vendor pom url http://picocli.info Highest Product file name picocli High Product jar package name autocomplete Highest Product jar package name picocli Highest Product Manifest Bundle-Name picocli Medium Product Manifest bundle-symbolicname picocli Medium Product Manifest Implementation-Title picocli High Product Manifest multi-release true Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low Product Manifest specification-title picocli Medium Product pom artifactid picocli Highest Product pom developer email rpopma@apache.org Low Product pom developer id rpopma Low Product pom developer name Remko Popma Low Product pom groupid info.picocli Highest Product pom name picocli - a mighty tiny Command Line Interface High Product pom url http://picocli.info Medium Version file version 4.3.2 High Version Manifest Bundle-Version 4.3.2 High Version Manifest Implementation-Version 4.3.2 High Version pom version 4.3.2 Highest
CVE-2015-0897 suppress
LINE for Android version 5.0.2 and earlier and LINE for iOS version 5.0.0 and earlier are vulnerable to MITM (man-in-the-middle) attack since the application allows non-SSL/TLS communications. As a result, any API may be invoked from a script injected by a MITM (man-in-the-middle) attacker. CWE-924 Improper Enforcement of Message Integrity During Transmission in a Communication Channel
CVSSv3:
Base Score: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N References:
Vulnerable Software & Versions: (show all )
Description:
PostgreSQL JDBC Driver Postgresql License:
BSD-2-Clause: https://jdbc.postgresql.org/about/license.html File Path: /home/grprdist/.m2/repository/org/postgresql/postgresql/42.7.2/postgresql-42.7.2.jar
MD5: bb897217989c97a463d8f571069d158a
SHA1: 86ed42574cd68662b05d3b00432a34e9a34cb12c
SHA256: 0c244ac7d02cf89d8e29852eace6595d75bc4d78581b85b2768460081646a57b
Referenced In Projects/Scopes: Grouper API:runtime Grouper WS Test:runtime Grouper WS:runtime Grouper SCIM:runtime Grouper UI:runtime Evidence Type Source Name Value Confidence Vendor file name postgresql High Vendor jar package name driver Highest Vendor jar package name jdbc Highest Vendor jar package name postgresql Highest Vendor Manifest automatic-module-name org.postgresql.jdbc Medium Vendor Manifest bundle-copyright Copyright (c) 2003-2020, PostgreSQL Global Development Group Low Vendor Manifest bundle-docurl https://jdbc.postgresql.org/ Low Vendor Manifest bundle-symbolicname org.postgresql.jdbc Medium Vendor Manifest Implementation-Vendor PostgreSQL Global Development Group High Vendor Manifest Implementation-Vendor-Id org.postgresql Medium Vendor Manifest provide-capability osgi.service;effective:=active;objectClass="org.osgi.service.jdbc.DataSourceFactory";osgi.jdbc.driver.class="org.postgresql.Driver";osgi.jdbc.driver.name="PostgreSQL JDBC Driver" Low Vendor Manifest require-capability osgi.ee;filter:="(&(|(osgi.ee=J2SE)(osgi.ee=JavaSE))(version>=1.8))" Low Vendor Manifest specification-vendor Oracle Corporation Low Vendor pom artifactid postgresql Highest Vendor pom artifactid postgresql Low Vendor pom developer id bokken Medium Vendor pom developer id davecramer Medium Vendor pom developer id jurka Medium Vendor pom developer id oliver Medium Vendor pom developer id ringerc Medium Vendor pom developer id vlsi Medium Vendor pom developer name Brett Okken Medium Vendor pom developer name Craig Ringer Medium Vendor pom developer name Dave Cramer Medium Vendor pom developer name Kris Jurka Medium Vendor pom developer name Oliver Jowett Medium Vendor pom developer name Vladimir Sitnikov Medium Vendor pom groupid org.postgresql Highest Vendor pom name PostgreSQL JDBC Driver High Vendor pom organization name PostgreSQL Global Development Group High Vendor pom organization url https://jdbc.postgresql.org/ Medium Vendor pom url https://jdbc.postgresql.org Highest Product file name postgresql High Product hint analyzer product pgjdbc Highest Product hint analyzer product postgresql_jdbc_driver Highest Product jar package name driver Highest Product jar package name jdbc Highest Product jar package name osgi Highest Product jar package name postgresql Highest Product jar package name version Highest Product Manifest automatic-module-name org.postgresql.jdbc Medium Product Manifest bundle-copyright Copyright (c) 2003-2020, PostgreSQL Global Development Group Low Product Manifest bundle-docurl https://jdbc.postgresql.org/ Low Product Manifest Bundle-Name PostgreSQL JDBC Driver Medium Product Manifest bundle-symbolicname org.postgresql.jdbc Medium Product Manifest Implementation-Title PostgreSQL JDBC Driver High Product Manifest provide-capability osgi.service;effective:=active;objectClass="org.osgi.service.jdbc.DataSourceFactory";osgi.jdbc.driver.class="org.postgresql.Driver";osgi.jdbc.driver.name="PostgreSQL JDBC Driver" Low Product Manifest require-capability osgi.ee;filter:="(&(|(osgi.ee=J2SE)(osgi.ee=JavaSE))(version>=1.8))" Low Product Manifest specification-title JDBC Medium Product pom artifactid postgresql Highest Product pom developer id bokken Low Product pom developer id davecramer Low Product pom developer id jurka Low Product pom developer id oliver Low Product pom developer id ringerc Low Product pom developer id vlsi Low Product pom developer name Brett Okken Low Product pom developer name Craig Ringer Low Product pom developer name Dave Cramer Low Product pom developer name Kris Jurka Low Product pom developer name Oliver Jowett Low Product pom developer name Vladimir Sitnikov Low Product pom groupid org.postgresql Highest Product pom name PostgreSQL JDBC Driver High Product pom organization name PostgreSQL Global Development Group Low Product pom organization url https://jdbc.postgresql.org/ Low Product pom url https://jdbc.postgresql.org Medium Version file version 42.7.2 High Version Manifest Bundle-Version 42.7.2 High Version Manifest Implementation-Version 42.7.2 High Version pom version 42.7.2 Highest
Description:
Core Protocol Buffers library. Protocol Buffers are a way of encoding structured data in an
efficient yet extensible format.
License:
https://opensource.org/licenses/BSD-3-Clause File Path: /home/grprdist/.m2/repository/com/google/protobuf/protobuf-java/3.21.9/protobuf-java-3.21.9.jar
MD5: 3b4b9fcc1feaaa49edf970fd4915a0dc
SHA1: ed1240d9231044ce6ccf1978512f6e44416bb7e7
SHA256: 1b78b4a76a71512debfdff8f8fc5aef6bfd459f65758fecf7aff245e6e6301e4
Referenced In Projects/Scopes: Grouper API:runtime Grouper SCIM:provided Grouper WS Test:runtime Grouper WS:runtime Grouper UI:runtime Evidence Type Source Name Value Confidence Vendor file name protobuf-java High Vendor jar package name google Highest Vendor jar package name protobuf Highest Vendor Manifest automatic-module-name com.google.protobuf Medium Vendor Manifest bundle-docurl https://developers.google.com/protocol-buffers/ Low Vendor Manifest bundle-symbolicname com.google.protobuf Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Vendor pom artifactid protobuf-java Highest Vendor pom artifactid protobuf-java Low Vendor pom groupid com.google.protobuf Highest Vendor pom name Protocol Buffers [Core] High Vendor pom parent-artifactid protobuf-parent Low Product file name protobuf-java High Product jar package name google Highest Product jar package name protobuf Highest Product Manifest automatic-module-name com.google.protobuf Medium Product Manifest bundle-docurl https://developers.google.com/protocol-buffers/ Low Product Manifest Bundle-Name Protocol Buffers [Core] Medium Product Manifest bundle-symbolicname com.google.protobuf Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Product pom artifactid protobuf-java Highest Product pom groupid com.google.protobuf Highest Product pom name Protocol Buffers [Core] High Product pom parent-artifactid protobuf-parent Medium Version file version 3.21.9 High Version Manifest Bundle-Version 3.21.9 High Version pom version 3.21.9 Highest
Description:
Proton is a library for speaking AMQP. License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/org/apache/qpid/proton-j/0.33.10/proton-j-0.33.10.jar
MD5: 55d0529cb097f647e53cff7a4189b128
SHA1: fb31048dec7642e31982a46500acb211f52f6314
SHA256: 1fcddf5c76e70eff331900443c51e1a2c8d313b5ffc70611995fadfb6c36d96a
Referenced In Projects/Scopes: Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name proton-j High Vendor jar package name apache Highest Vendor jar package name proton Highest Vendor jar package name qpid Highest Vendor Manifest automatic-module-name org.apache.qpid.proton.j Medium Vendor Manifest bundle-docurl https://www.apache.org/ Low Vendor Manifest bundle-symbolicname org.apache.qpid.proton-j Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor pom artifactid proton-j Highest Vendor pom artifactid proton-j Low Vendor pom groupid org.apache.qpid Highest Vendor pom name Proton-J High Vendor pom parent-artifactid proton-j-parent Low Product file name proton-j High Product jar package name amqp Highest Product jar package name apache Highest Product jar package name proton Highest Product jar package name qpid Highest Product Manifest automatic-module-name org.apache.qpid.proton.j Medium Product Manifest bundle-docurl https://www.apache.org/ Low Product Manifest Bundle-Name Proton-J Medium Product Manifest bundle-symbolicname org.apache.qpid.proton-j Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product pom artifactid proton-j Highest Product pom groupid org.apache.qpid Highest Product pom name Proton-J High Product pom parent-artifactid proton-j-parent Medium Version file version 0.33.10 High Version Manifest Bundle-Version 0.33.10 High Version pom version 0.33.10 Highest
Description:
The core JMS Client implementation License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/org/apache/qpid/qpid-jms-client/0.61.0/qpid-jms-client-0.61.0.jar
MD5: e8bd7c8a71cdcebbd6701084d4caae11
SHA1: f53f49713a144de8e46cffb4af24a1775dea1e0c
SHA256: 7aea6f78c010c34cce82de3f837ccf17362c4d05588bd2d0af6e938de575ca0b
Referenced In Projects/Scopes: Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name qpid-jms-client High Vendor jar package name apache Highest Vendor jar package name jms Highest Vendor jar package name qpid Highest Vendor Manifest bundle-docurl https://www.apache.org/ Low Vendor Manifest bundle-symbolicname org.apache.qpid.jms.client Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor pom artifactid qpid-jms-client Highest Vendor pom artifactid qpid-jms-client Low Vendor pom groupid org.apache.qpid Highest Vendor pom name QpidJMS Client High Vendor pom parent-artifactid qpid-jms-parent Low Product file name qpid-jms-client High Product jar package name apache Highest Product jar package name jms Highest Product jar package name qpid Highest Product Manifest bundle-docurl https://www.apache.org/ Low Product Manifest Bundle-Name QpidJMS Client Medium Product Manifest bundle-symbolicname org.apache.qpid.jms.client Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product pom artifactid qpid-jms-client Highest Product pom groupid org.apache.qpid Highest Product pom name QpidJMS Client High Product pom parent-artifactid qpid-jms-parent Medium Version file version 0.61.0 High Version Manifest Bundle-Version 0.61.0 High Version pom version 0.61.0 Highest
Description:
Enterprise Job Scheduler License:
http://www.apache.org/licenses/LICENSE-2.0.txt
Apache Software License, Version 2.0 File Path: /home/grprdist/.m2/repository/org/quartz-scheduler/quartz/2.3.2/quartz-2.3.2.jar
MD5: d7299dbaec0e0ed7af281b07cc40c8c1
SHA1: 18a6d6b5a40b77bd060b34cb9f2acadc4bae7c8a
SHA256: 639c6a675bc472e1568df9d8c954ff702da6f83ed27da0ff9a7bd12ed73b8bf0
Referenced In Projects/Scopes: Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name quartz High Vendor hint analyzer vendor softwareag Highest Vendor jar package name job Highest Vendor jar package name quartz Highest Vendor jar package name scheduler Highest Vendor Manifest bundle-docurl http://www.terracotta.org Low Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.6 Low Vendor Manifest bundle-symbolicname org.quartz-scheduler.quartz Medium Vendor Manifest terracotta-name quartz Medium Vendor Manifest terracotta-projectstatus Supported Low Vendor pom artifactid quartz Highest Vendor pom artifactid quartz Low Vendor pom groupid org.quartz-scheduler Highest Vendor pom name quartz High Vendor pom parent-artifactid quartz-parent Low Product file name quartz High Product jar package name job Highest Product jar package name quartz Highest Product jar package name scheduler Highest Product jar package name terracotta Highest Product Manifest bundle-docurl http://www.terracotta.org Low Product Manifest Bundle-Name quartz Medium Product Manifest bundle-requiredexecutionenvironment JavaSE-1.6 Low Product Manifest bundle-symbolicname org.quartz-scheduler.quartz Medium Product Manifest terracotta-name quartz Medium Product Manifest terracotta-projectstatus Supported Low Product pom artifactid quartz Highest Product pom groupid org.quartz-scheduler Highest Product pom name quartz High Product pom parent-artifactid quartz-parent Medium Version file version 2.3.2 High Version Manifest Bundle-Version 2.3.2 High Version pom version 2.3.2 Highest
CVE-2023-39017 suppress
quartz-jobs 2.3.2 and below was discovered to contain a code injection vulnerability in the component org.quartz.jobs.ee.jms.SendQueueMessageJob.execute. This vulnerability is exploited via passing an unchecked argument. NOTE: this is disputed by multiple parties because it is not plausible that untrusted user input would reach the code location where injection must occur. CWE-94 Improper Control of Generation of Code ('Code Injection')
CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions:
Description:
The UnboundID SCIM2 SDK is a library that may be used to interact with various
types of SCIM-enabled endpoints (such as the UnboundID server products) to
perform lightweight, cloud-based identity management via the SCIM Protocol.
See http://simplecloud.info for more information.
License:
GNU General Public License version 2 (GPLv2): http://www.gnu.org/licenses/gpl-2.0.html
GNU Lesser General Public License version 2.1 (LGPLv2.1): http://www.gnu.org/licenses/lgpl-2.1.html
UnboundID SCIM2 SDK Free Use License: https://github.com/pingidentity/scim2 File Path: /home/grprdist/.m2/repository/com/unboundid/product/scim2/scim2-sdk-client/2.3.7/scim2-sdk-client-2.3.7.jar
MD5: e3e918223fb7cd140fbcd306b6135fc5
SHA1: 3d08d77a96d2fa5551183e9a9d226800053e233e
SHA256: 6798a3c586dff309bf8913db9aeef755c8d651d3b64b7546378c8f46a683f550
Referenced In Projects/Scopes: Grouper WS Test:compile Grouper WS:compile Evidence Type Source Name Value Confidence Vendor file name scim2-sdk-client High Vendor jar package name client Highest Vendor jar package name client Low Vendor jar package name scim2 Highest Vendor jar package name scim2 Low Vendor jar package name unboundid Highest Vendor jar package name unboundid Low Vendor pom artifactid scim2-sdk-client Highest Vendor pom artifactid scim2-sdk-client Low Vendor pom developer email support@unboundid.com Low Vendor pom developer id unboundid Medium Vendor pom developer name UnboundID Corp. Medium Vendor pom groupid com.unboundid.product.scim2 Highest Vendor pom name UnboundID SCIM2 SDK Client High Vendor pom organization name Ping Identity Corporation High Vendor pom organization url https://www.pingidentity.com Medium Vendor pom parent-artifactid scim2-parent Low Vendor pom url pingidentity/scim2 Highest Product file name scim2-sdk-client High Product jar package name client Highest Product jar package name client Low Product jar package name requests Low Product jar package name scim2 Highest Product jar package name scim2 Low Product jar package name unboundid Highest Product pom artifactid scim2-sdk-client Highest Product pom developer email support@unboundid.com Low Product pom developer id unboundid Low Product pom developer name UnboundID Corp. Low Product pom groupid com.unboundid.product.scim2 Highest Product pom name UnboundID SCIM2 SDK Client High Product pom organization name Ping Identity Corporation Low Product pom organization url https://www.pingidentity.com Low Product pom parent-artifactid scim2-parent Medium Product pom url pingidentity/scim2 High Version file version 2.3.7 High Version pom version 2.3.7 Highest
Description:
The UnboundID SCIM2 SDK is a library that may be used to interact with various
types of SCIM-enabled endpoints (such as the UnboundID server products) to
perform lightweight, cloud-based identity management via the SCIM Protocol.
See http://simplecloud.info for more information.
License:
GNU General Public License version 2 (GPLv2): http://www.gnu.org/licenses/gpl-2.0.html
GNU Lesser General Public License version 2.1 (LGPLv2.1): http://www.gnu.org/licenses/lgpl-2.1.html
UnboundID SCIM2 SDK Free Use License: https://github.com/pingidentity/scim2 File Path: /home/grprdist/.m2/repository/com/unboundid/product/scim2/scim2-sdk-common/2.3.7/scim2-sdk-common-2.3.7.jar
MD5: 31431671351615ee26879cb2c0bf61ae
SHA1: facf6780a0804e0262e395da0eb7fe3dd9eaf5ad
SHA256: 59f19cfcd48ba49ee2f62f53777d55bba2a3b0b290285f836235d8e2d878cdad
Referenced In Projects/Scopes: Grouper WS Test:compile Grouper WS:compile Evidence Type Source Name Value Confidence Vendor file name scim2-sdk-common High Vendor jar package name common Highest Vendor jar package name common Low Vendor jar package name scim2 Highest Vendor jar package name scim2 Low Vendor jar package name types Highest Vendor jar package name unboundid Highest Vendor jar package name unboundid Low Vendor pom artifactid scim2-sdk-common Highest Vendor pom artifactid scim2-sdk-common Low Vendor pom developer email support@unboundid.com Low Vendor pom developer id unboundid Medium Vendor pom developer name UnboundID Corp. Medium Vendor pom groupid com.unboundid.product.scim2 Highest Vendor pom name UnboundID SCIM2 SDK Common High Vendor pom organization name Ping Identity Corporation High Vendor pom organization url https://www.pingidentity.com Medium Vendor pom parent-artifactid scim2-parent Low Vendor pom url pingidentity/scim2 Highest Product file name scim2-sdk-common High Product jar package name common Highest Product jar package name common Low Product jar package name scim2 Highest Product jar package name scim2 Low Product jar package name types Highest Product jar package name unboundid Highest Product pom artifactid scim2-sdk-common Highest Product pom developer email support@unboundid.com Low Product pom developer id unboundid Low Product pom developer name UnboundID Corp. Low Product pom groupid com.unboundid.product.scim2 Highest Product pom name UnboundID SCIM2 SDK Common High Product pom organization name Ping Identity Corporation Low Product pom organization url https://www.pingidentity.com Low Product pom parent-artifactid scim2-parent Medium Product pom url pingidentity/scim2 High Version file version 2.3.7 High Version pom version 2.3.7 Highest
Description:
The UnboundID SCIM2 SDK is a library that may be used to interact with various
types of SCIM-enabled endpoints (such as the UnboundID server products) to
perform lightweight, cloud-based identity management via the SCIM Protocol.
See http://simplecloud.info for more information.
License:
GNU General Public License version 2 (GPLv2): http://www.gnu.org/licenses/gpl-2.0.html
GNU Lesser General Public License version 2.1 (LGPLv2.1): http://www.gnu.org/licenses/lgpl-2.1.html
UnboundID SCIM2 SDK Free Use License: https://github.com/pingidentity/scim2 File Path: /home/grprdist/.m2/repository/com/unboundid/product/scim2/scim2-sdk-server/2.3.7/scim2-sdk-server-2.3.7.jar
MD5: e2d8a00f5cd272affd32637fa660ed1a
SHA1: 228a2ff37cc5163a9fbaaa8319a0dfeb50c9bf60
SHA256: ea54049f80d77233fddbb96e94e53205119de2db4626583227757ac19f7e6ea3
Referenced In Projects/Scopes: Grouper WS Test:compile Grouper WS:compile Evidence Type Source Name Value Confidence Vendor file name scim2-sdk-server High Vendor jar package name scim2 Highest Vendor jar package name scim2 Low Vendor jar package name server Highest Vendor jar package name server Low Vendor jar package name unboundid Highest Vendor jar package name unboundid Low Vendor pom artifactid scim2-sdk-server Highest Vendor pom artifactid scim2-sdk-server Low Vendor pom developer email support@unboundid.com Low Vendor pom developer id unboundid Medium Vendor pom developer name UnboundID Corp. Medium Vendor pom groupid com.unboundid.product.scim2 Highest Vendor pom name UnboundID SCIM2 SDK Server High Vendor pom organization name Ping Identity Corporation High Vendor pom organization url https://www.pingidentity.com Medium Vendor pom parent-artifactid scim2-parent Low Vendor pom url pingidentity/scim2 Highest Product file name scim2-sdk-server High Product jar package name scim2 Highest Product jar package name scim2 Low Product jar package name server Highest Product jar package name server Low Product jar package name unboundid Highest Product jar package name utils Low Product pom artifactid scim2-sdk-server Highest Product pom developer email support@unboundid.com Low Product pom developer id unboundid Low Product pom developer name UnboundID Corp. Low Product pom groupid com.unboundid.product.scim2 Highest Product pom name UnboundID SCIM2 SDK Server High Product pom organization name Ping Identity Corporation Low Product pom organization url https://www.pingidentity.com Low Product pom parent-artifactid scim2-parent Medium Product pom url pingidentity/scim2 High Version file version 2.3.7 High Version pom version 2.3.7 Highest
Description:
The slf4j API File Path: /home/grprdist/.m2/repository/org/slf4j/slf4j-api/1.7.32/slf4j-api-1.7.32.jarMD5: fbcf58513bc25b80f075d812aad3e3cfSHA1: cdcff33940d9f2de763bc41ea05a0be5941176c3SHA256: 3624f8474c1af46d75f98bc097d7864a323c81b3808aa43689a6e1c601c027beReferenced In Projects/Scopes:
Grouper SCIM:compile Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name slf4j-api High Vendor jar package name slf4j Highest Vendor Manifest automatic-module-name org.slf4j Medium Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor Manifest bundle-symbolicname slf4j.api Medium Vendor pom artifactid slf4j-api Highest Vendor pom artifactid slf4j-api Low Vendor pom groupid org.slf4j Highest Vendor pom name SLF4J API Module High Vendor pom parent-artifactid slf4j-parent Low Vendor pom url http://www.slf4j.org Highest Product file name slf4j-api High Product jar package name slf4j Highest Product Manifest automatic-module-name org.slf4j Medium Product Manifest Bundle-Name slf4j-api Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product Manifest bundle-symbolicname slf4j.api Medium Product Manifest Implementation-Title slf4j-api High Product pom artifactid slf4j-api Highest Product pom groupid org.slf4j Highest Product pom name SLF4J API Module High Product pom parent-artifactid slf4j-parent Medium Product pom url http://www.slf4j.org Medium Version file version 1.7.32 High Version Manifest Bundle-Version 1.7.32 High Version Manifest Implementation-Version 1.7.32 High Version pom version 1.7.32 Highest
Description:
Smack is an Open Source XMPP (Jabber) client library for instant messaging and presence. A pure Java library, it can be embedded into your applications to create anything from a full XMPP client to simple XMPP integrations such as sending notification messages.
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0 File Path: /home/grprdist/.m2/repository/jivesoftware/smack/3.1.0/smack-3.1.0.jar
MD5: 362dd4c2fc9b23a33d47272456dd0c39
SHA1: 916a0fe08d840a08c950f49fb59b961e14d673b8
SHA256: c9a25e014608d3402b795d125c88a18a6e22e6c61c65b5e5d224e0f72f4aec8b
Referenced In Projects/Scopes: Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name smack High Vendor jar package name jivesoftware Highest Vendor jar package name jivesoftware Low Vendor jar package name presence Highest Vendor jar package name smack Highest Vendor jar package name smack Low Vendor pom artifactid smack Highest Vendor pom artifactid smack Low Vendor pom groupid jivesoftware Highest Vendor pom name Smack High Vendor pom url http://www.jivesoftware.org/smack/ Highest Product file name smack High Product jar package name jivesoftware Highest Product jar package name presence Highest Product jar package name smack Highest Product jar package name smack Low Product pom artifactid smack Highest Product pom groupid jivesoftware Highest Product pom name Smack High Product pom url http://www.jivesoftware.org/smack/ Medium Version file version 3.1.0 High Version pom version 3.1.0 Highest
CVE-2014-5075 (OSSINDEX)suppress
The Ignite Realtime Smack XMPP API 4.x before 4.0.2, and 3.x and 2.x when a custom SSLContext is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. CWE-310 Cryptographic Issues
CVSSv2:
Base Score: MEDIUM (6.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:jivesoftware:smack:3.1.0:*:*:*:*:*:*:* CVE-2014-0363 (OSSINDEX)suppress
The ServerTrustManager component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify basicConstraints and nameConstraints in X.509 certificate chains from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate chain. CWE-295 Improper Certificate Validation
CVSSv2:
Base Score: MEDIUM (5.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:jivesoftware:smack:3.1.0:*:*:*:*:*:*:* File Path: /home/grprdist/.m2/repository/taglibs/standard/1.1.2/standard-1.1.2.jarMD5: 65351d0487ad57edda9171bb3b46b98cSHA1: a17e8a4d9a1f7fcc5eed606721c9ed6b7f18acf7SHA256: 2c0048ab3ce75a202f692b159d6aa0a68edce3e4e4c5123a3359a38b29faa6b1Referenced In Project/Scope: Grouper UI:compile
Evidence Type Source Name Value Confidence Vendor file name standard High Vendor jar package name apache Highest Vendor jar package name standard Highest Vendor jar package name taglibs Highest Vendor Manifest extension-name org.apache.taglibs.standard Medium Vendor Manifest Implementation-Vendor Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor pom artifactid standard Highest Vendor pom artifactid standard Low Vendor pom groupid taglibs Highest Product file name standard High Product jar package name apache Highest Product jar package name standard Highest Product jar package name tag Highest Product jar package name taglibs Highest Product Manifest extension-name org.apache.taglibs.standard Medium Product Manifest Implementation-Title jakarta-taglibs 'standard': an implementation of JSTL High Product Manifest specification-title JavaServer Pages Standard Tag Library (JSTL) Medium Product pom artifactid standard Highest Product pom groupid taglibs Highest Version file version 1.1.2 High Version Manifest Implementation-Version 1.1.2 High Version pom version 1.1.2 Highest
CVE-2015-0254 suppress
Apache Standard Taglibs before 1.2.3 allows remote attackers to execute arbitrary code or conduct external XML entity (XXE) attacks via a crafted XSLT extension in a (1) <x:parse> or (2) <x:transform> JSTL XML tag. NVD-CWE-Other
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P References:
Vulnerable Software & Versions:
Description:
StAX is a standard XML processing API that allows you to stream XML data from and to your application.
License:
GNU General Public Library: http://www.gnu.org/licenses/gpl.txt
COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0: http://www.sun.com/cddl/cddl.html File Path: /home/grprdist/.m2/repository/javax/xml/stream/stax-api/1.0-2/stax-api-1.0-2.jar
MD5: 7d18b63063580284c3f5734081fdc99f
SHA1: d6337b0de8b25e53e81b922352fbea9f9f57ba0b
SHA256: e8c70ebd76f982c9582a82ef82cf6ce14a7d58a4a4dca5cb7b7fc988c80089b7
Referenced In Project/Scope: Grouper SCIM:compile
Evidence Type Source Name Value Confidence Vendor file name stax-api High Vendor jar package name javax Highest Vendor jar package name javax Low Vendor jar package name stream Highest Vendor jar package name stream Low Vendor jar package name xml Highest Vendor jar package name xml Low Vendor pom artifactid stax-api Highest Vendor pom artifactid stax-api Low Vendor pom groupid javax.xml.stream Highest Vendor pom name Streaming API for XML High Product file name stax-api High Product jar package name javax Highest Product jar package name stream Highest Product jar package name stream Low Product jar package name xml Highest Product jar package name xml Low Product pom artifactid stax-api Highest Product pom groupid javax.xml.stream Highest Product pom name Streaming API for XML High Version pom version 1.0-2 Highest
Description:
Extensions to JSR-173 StAX API. License:
Dual license consisting of the CDDL v1.1 and GPL v2
: https://glassfish.dev.java.net/public/CDDL+GPL_1_1.html File Path: /home/grprdist/.m2/repository/org/jvnet/staxex/stax-ex/1.8/stax-ex-1.8.jar
MD5: a0ebfdbc6b5a34b174a1d1f732d1bdda
SHA1: 8cc35f73da321c29973191f2cf143d29d26a1df7
SHA256: 95b05d9590af4154c6513b9c5dc1fb2e55b539972ba0a9ef28e9a0c01d83ad77
Referenced In Projects/Scopes: Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name stax-ex High Vendor jar package name jvnet Highest Vendor jar package name staxex Highest Vendor Manifest bundle-symbolicname org.jvnet.staxex.stax-ex Medium Vendor Manifest implementation-build-id ${scmBranch}-${buildNumber}, ${timestamp} Low Vendor Manifest implementation-url http://stax-ex.java.net/ Low Vendor Manifest Implementation-Vendor-Id org.jvnet.staxex Medium Vendor Manifest originally-created-by Apache Maven Bundle Plugin Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=9.0))" Low Vendor pom artifactid stax-ex Highest Vendor pom artifactid stax-ex Low Vendor pom developer email Roman.Grigoriadi@oracle.com Low Vendor pom developer email Zheng.Jun.Li@oracle.com Low Vendor pom developer id bravehorsie Medium Vendor pom developer id zhengjl Medium Vendor pom developer name Roman Grigoriadi Medium Vendor pom developer name Zheng Jun Li Medium Vendor pom groupid org.jvnet.staxex Highest Vendor pom name Extended StAX API High Vendor pom parent-artifactid jvnet-parent Low Vendor pom parent-groupid net.java Medium Vendor pom url http://stax-ex.java.net/ Highest Product file name stax-ex High Product jar package name jvnet Highest Product jar package name staxex Highest Product Manifest Bundle-Name Extended StAX API Medium Product Manifest bundle-symbolicname org.jvnet.staxex.stax-ex Medium Product Manifest implementation-build-id ${scmBranch}-${buildNumber}, ${timestamp} Low Product Manifest Implementation-Title Extended StAX API High Product Manifest implementation-url http://stax-ex.java.net/ Low Product Manifest originally-created-by Apache Maven Bundle Plugin Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=9.0))" Low Product pom artifactid stax-ex Highest Product pom developer email Roman.Grigoriadi@oracle.com Low Product pom developer email Zheng.Jun.Li@oracle.com Low Product pom developer id bravehorsie Low Product pom developer id zhengjl Low Product pom developer name Roman Grigoriadi Low Product pom developer name Zheng Jun Li Low Product pom groupid org.jvnet.staxex Highest Product pom name Extended StAX API High Product pom parent-artifactid jvnet-parent Medium Product pom parent-groupid net.java Medium Product pom url http://stax-ex.java.net/ Medium Version file version 1.8 High Version Manifest Implementation-Version 1.8 High Version pom parent-version 1.8 Low Version pom version 1.8 Highest
License:
http://www.apache.org/licenses/LICENSE-2.0.html File Path: /home/grprdist/.m2/repository/io/swagger/swagger-annotations/1.6.3/swagger-annotations-1.6.3.jar
MD5: 942481616f73ad3273893e9c390985aa
SHA1: 7cd78274cad53849ab809a73cec06c7dbb5f374a
SHA256: ceb72bfad2be626cc0eeb53c7e89b727e5e270c25a533cc62a65d3f044bcae4d
Referenced In Projects/Scopes: Grouper WS Test:compile Grouper WS:compile Evidence Type Source Name Value Confidence Vendor file name swagger-annotations High Vendor jar package name annotations Highest Vendor jar package name io Highest Vendor jar package name swagger Highest Vendor Manifest bundle-symbolicname io.swagger.annotations Medium Vendor Manifest mode development Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Vendor Manifest url https://github.com/swagger-api/swagger-core/modules/swagger-annotations Low Vendor pom artifactid swagger-annotations Highest Vendor pom artifactid swagger-annotations Low Vendor pom groupid io.swagger Highest Vendor pom name swagger-annotations High Vendor pom parent-artifactid swagger-project Low Product file name swagger-annotations High Product jar package name annotations Highest Product jar package name api Highest Product jar package name io Highest Product jar package name swagger Highest Product Manifest Bundle-Name swagger-annotations Medium Product Manifest bundle-symbolicname io.swagger.annotations Medium Product Manifest mode development Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Product Manifest url https://github.com/swagger-api/swagger-core/modules/swagger-annotations Low Product pom artifactid swagger-annotations Highest Product pom groupid io.swagger Highest Product pom name swagger-annotations High Product pom parent-artifactid swagger-project Medium Version file version 1.6.3 High Version Manifest Bundle-Version 1.6.3 High Version Manifest implementation-version 1.6.3 High Version pom version 1.6.3 Highest
Description:
TXW is a library that allows you to write XML documents.
File Path: /home/grprdist/.m2/repository/org/glassfish/jaxb/txw2/2.3.1/txw2-2.3.1.jarMD5: 0fed730907ba86376ef392ee7eb42d5fSHA1: a09d2c48d3285f206fafbffe0e50619284e92126SHA256: 34975dde1c6920f1a39791142235689bc3cd357e24d05edd8ff93b885bd68d60Referenced In Projects/Scopes:
Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name txw2 High Vendor jar package name sun Highest Vendor jar package name txw Highest Vendor jar package name txw2 Highest Vendor jar package name xml Highest Vendor jar (hint) package name oracle Highest Vendor Manifest git-revision ad5fa4c697632694cbcfa80177707db908cd98b2 Low Vendor Manifest Implementation-Vendor Oracle High Vendor Manifest Implementation-Vendor-Id com.oracle Medium Vendor Manifest (hint) Implementation-Vendor sun High Vendor pom artifactid txw2 Highest Vendor pom artifactid txw2 Low Vendor pom groupid org.glassfish.jaxb Highest Vendor pom name TXW2 Runtime High Vendor pom parent-artifactid jaxb-txw-parent Low Vendor pom parent-groupid com.sun.xml.bind.mvn Medium Product file name txw2 High Product jar package name sun Highest Product jar package name txw Highest Product jar package name txw2 Highest Product jar package name xml Highest Product Manifest git-revision ad5fa4c697632694cbcfa80177707db908cd98b2 Low Product Manifest Implementation-Title TXW Runtime High Product Manifest specification-title Java Architecture for XML Binding Medium Product pom artifactid txw2 Highest Product pom groupid org.glassfish.jaxb Highest Product pom name TXW2 Runtime High Product pom parent-artifactid jaxb-txw-parent Medium Product pom parent-groupid com.sun.xml.bind.mvn Medium Version file version 2.3.1 High Version Manifest build-id 2.3.1 Medium Version Manifest Implementation-Version 2.3.1 High Version Manifest major-version 2.3.1 Medium Version pom version 2.3.1 Highest
Description:
The Apache Software Foundation provides support for the Apache community of open-source software projects. The Apache projects are characterized by a collaborative, consensus based development process, an open and pragmatic software license, and a desire to create high quality software that leads the way in its field. We consider ourselves not simply a group of projects sharing a server, but rather a community of developers and users. License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/org/apache/wink/wink-client/1.4/wink-client-1.4.jar
MD5: 68f861b4a7b83e6b2967c873b1a46e56
SHA1: 236afba302284da7988a971157a91a1875dcad60
SHA256: 92a5373479ddea707e912da02585059cea7ccbee4ac19d7f5bc4c6aacb72d3ec
Referenced In Project/Scope: Grouper SCIM:compile
Evidence Type Source Name Value Confidence Vendor file name wink-client High Vendor jar package name apache Highest Vendor jar package name client Highest Vendor jar package name wink Highest Vendor Manifest bundle-docurl http://www.apache.org/ Low Vendor Manifest bundle-symbolicname org.apache.wink.client Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache.wink Medium Vendor Manifest originally-created-by Apache Maven Bundle Plugin Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid wink-client Highest Vendor pom artifactid wink-client Low Vendor pom groupid org.apache.wink Highest Vendor pom name Apache Wink Client High Vendor pom parent-artifactid wink Low Product file name wink-client High Product jar package name apache Highest Product jar package name client Highest Product jar package name wink Highest Product Manifest bundle-docurl http://www.apache.org/ Low Product Manifest Bundle-Name Apache Wink Client Medium Product Manifest bundle-symbolicname org.apache.wink.client Medium Product Manifest Implementation-Title Apache Wink Client High Product Manifest originally-created-by Apache Maven Bundle Plugin Low Product Manifest specification-title Apache Wink Client Medium Product pom artifactid wink-client Highest Product pom groupid org.apache.wink Highest Product pom name Apache Wink Client High Product pom parent-artifactid wink Medium Version file version 1.4 High Version Manifest Implementation-Version 1.4 High Version pom version 1.4 Highest
Related Dependencies wink-common-1.4.jarFile Path: /home/grprdist/.m2/repository/org/apache/wink/wink-common/1.4/wink-common-1.4.jar MD5: 985d162fe28849de89a1a74751b4e2e9 SHA1: 30e49800bbf56cad6e1a36c70a26f1405f496d7b SHA256: d533f0750459b01fd63e2c4d2b9dc8c2b1afe6d71406c0d829697b32b4018f37 pkg:maven/org.apache.wink/wink-common@1.4 CVE-2017-5249 suppress
In version 6.1.0.19 and prior of Wink Labs's Wink - Smart Home Android app, the OAuth token used by the app to authorize user access is not stored in an encrypted and secure manner. CWE-312 Cleartext Storage of Sensitive Information, CWE-922 Insecure Storage of Sensitive Information
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions:
Description:
Woodstox is a high-performance XML processor that implements Stax (JSR-173) API License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/org/codehaus/woodstox/wstx-asl/3.2.9/wstx-asl-3.2.9.jar
MD5: 8cb7d88faca2da5a3f9a3c50eee1fc3b
SHA1: c82b6e8f225bb799540e558b10ee24d268035597
SHA256: fcfe0265682f49b40a81073959c7fc6d57efda8c86ccf3bc6700d884411b1271
Referenced In Project/Scope: Grouper SCIM:compile
Evidence Type Source Name Value Confidence Vendor file name wstx-asl High Vendor jar package name api Highest Vendor jar package name codehaus Highest Vendor jar package name stax Highest Vendor jar package name wstx Highest Vendor Manifest Implementation-Vendor woodstox.codehaus.org High Vendor Manifest specification-vendor http://jcp.org/en/jsr/detail?id=173 Low Vendor pom artifactid wstx-asl Highest Vendor pom artifactid wstx-asl Low Vendor pom groupid org.codehaus.woodstox Highest Vendor pom name Woodstox High Vendor pom organization name Codehaus High Vendor pom organization url http://www.codehaus.org/ Medium Vendor pom url http://woodstox.codehaus.org Highest Product file name wstx-asl High Product jar package name api Highest Product jar package name codehaus Highest Product jar package name stax Highest Product jar package name wstx Highest Product Manifest Implementation-Title WoodSToX XML-processor High Product Manifest specification-title StAX 1.0 API Medium Product pom artifactid wstx-asl Highest Product pom groupid org.codehaus.woodstox Highest Product pom name Woodstox High Product pom organization name Codehaus Low Product pom organization url http://www.codehaus.org/ Low Product pom url http://woodstox.codehaus.org Medium Version file version 3.2.9 High Version Manifest Implementation-Version 3.2.9 High Version pom version 3.2.9 Highest
CVE-2019-12401 (OSSINDEX)suppress
Solr versions 1.3.0 to 1.4.1, 3.1.0 to 3.6.2 and 4.0.0 to 4.10.4 are vulnerable to an XML resource consumption attack (a.k.a. Lol Bomb) via it’s update handler.?By leveraging XML DOCTYPE and ENTITY type elements, the attacker can create a pattern that will expand when the server parses the XML causing OOMs. CWE-776 Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:/C:N/I:N/A:H References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.codehaus.woodstox:wstx-asl:3.2.9:*:*:*:*:*:*:* Description:
Xerces2 provides high performance, fully compliant XML parsers in the Apache Xerces family. This new version of Xerces continues to build upon the Xerces Native Interface (XNI), a complete framework for building parser components and configurations that is extremely modular and easy to program.
The Apache Xerces2 parser is the reference implementation of XNI but other parser components, configurations, and parsers can be written using the Xerces Native Interface. For complete design and implementation documents, refer to the XNI Manual.
Xerces2 provides fully conforming XML Schema 1.0 and 1.1 processors. An experimental implementation of the "XML Schema Definition Language (XSD): Component Designators (SCD) Candidate Recommendation (January 2010)" is also provided for evaluation. For more information, refer to the XML Schema page.
Xerces2 also provides a complete implementation of the Document Object Model Level 3 Core and Load/Save W3C Recommendations and provides a complete implementation of the XML Inclusions (XInclude) W3C Recommendation. It also provides support for OASIS XML Catalogs v1.1.
Xerces2 is able to parse documents written according to the XML 1.1 Recommendation, except that it does not yet provide an option to enable normalization checking as described in section 2.13 of this specification. It also handles namespaces according to the XML Namespaces 1.1 Recommendation, and will correctly serialize XML 1.1 documents if the DOM level 3 load/save APIs are in use.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/grprdist/.m2/repository/xerces/xercesImpl/2.12.2/xercesImpl-2.12.2.jar
MD5: 40e4f2d5aacfbf51a9a1572d77a0e5e9
SHA1: f051f988aa2c9b4d25d05f95742ab0cc3ed789e2
SHA256: 6fc991829af1708d15aea50c66f0beadcd2cfeb6968e0b2f55c1b0909883fe16
Referenced In Projects/Scopes: Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name xercesImpl High Vendor jar package name apache Highest Vendor jar package name dom Highest Vendor jar package name parsers Highest Vendor jar package name serialize Highest Vendor jar package name version Highest Vendor jar package name w3c Highest Vendor jar package name xerces Highest Vendor jar package name xinclude Highest Vendor jar package name xml Highest Vendor jar package name xni Highest Vendor manifest: javax/xml/datatype/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: javax/xml/namespace/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: javax/xml/parsers/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: javax/xml/stream/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: javax/xml/transform/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: javax/xml/validation/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: javax/xml/xpath/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: org/apache/xerces/impl/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: org/apache/xerces/xni/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: org/w3c/dom/ Implementation-Vendor World Wide Web Consortium Medium Vendor manifest: org/w3c/dom/ls/ Implementation-Vendor World Wide Web Consortium Medium Vendor manifest: org/xml/sax/ Implementation-Vendor David Megginson Medium Vendor pom artifactid xercesImpl Highest Vendor pom artifactid xercesImpl Low Vendor pom developer email j-dev@xerces.apache.org Low Vendor pom developer id xerces Medium Vendor pom developer name Apache Software Foundation Medium Vendor pom developer org Apache Software Foundation Medium Vendor pom developer org URL http://www.apache.org Medium Vendor pom groupid xerces Highest Vendor pom name Xerces2-j High Vendor pom url https://xerces.apache.org/xerces2-j/ Highest Product file name xercesImpl High Product hint analyzer product xerces-j Highest Product jar package name apache Highest Product jar package name datatype Highest Product jar package name dom Highest Product jar package name impl Highest Product jar package name parsers Highest Product jar package name serialize Highest Product jar package name validation Highest Product jar package name version Highest Product jar package name w3c Highest Product jar package name xerces Highest Product jar package name xinclude Highest Product jar package name xml Highest Product jar package name xni Highest Product jar package name xpath Highest Product manifest: javax/xml/datatype/ Implementation-Title javax.xml.datatype Medium Product manifest: javax/xml/datatype/ Specification-Title Java API for XML Processing Medium Product manifest: javax/xml/namespace/ Implementation-Title javax.xml.namespace Medium Product manifest: javax/xml/namespace/ Specification-Title Java API for XML Processing Medium Product manifest: javax/xml/parsers/ Implementation-Title javax.xml.parsers Medium Product manifest: javax/xml/parsers/ Specification-Title Java API for XML Processing Medium Product manifest: javax/xml/stream/ Implementation-Title javax.xml.stream Medium Product manifest: javax/xml/stream/ Specification-Title Streaming API for XML Medium Product manifest: javax/xml/transform/ Implementation-Title javax.xml.transform Medium Product manifest: javax/xml/transform/ Specification-Title Java API for XML Processing Medium Product manifest: javax/xml/validation/ Implementation-Title javax.xml.validation Medium Product manifest: javax/xml/validation/ Specification-Title Java API for XML Processing Medium Product manifest: javax/xml/xpath/ Implementation-Title javax.xml.xpath Medium Product manifest: javax/xml/xpath/ Specification-Title Java API for XML Processing Medium Product manifest: org/apache/xerces/impl/ Implementation-Title org.apache.xerces.impl.Version Medium Product manifest: org/apache/xerces/xni/ Implementation-Title org.apache.xerces.xni Medium Product manifest: org/apache/xerces/xni/ Specification-Title Xerces Native Interface Medium Product manifest: org/w3c/dom/ Implementation-Title org.w3c.dom Medium Product manifest: org/w3c/dom/ Specification-Title Document Object Model, Level 3 Core Medium Product manifest: org/w3c/dom/ls/ Implementation-Title org.w3c.dom.ls Medium Product manifest: org/w3c/dom/ls/ Specification-Title Document Object Model, Level 3 Load and Save Medium Product manifest: org/xml/sax/ Implementation-Title org.xml.sax Medium Product manifest: org/xml/sax/ Specification-Title Simple API for XML Medium Product pom artifactid xercesImpl Highest Product pom developer email j-dev@xerces.apache.org Low Product pom developer id xerces Low Product pom developer name Apache Software Foundation Low Product pom developer org Apache Software Foundation Low Product pom developer org URL http://www.apache.org Low Product pom groupid xerces Highest Product pom name Xerces2-j High Product pom url https://xerces.apache.org/xerces2-j/ Medium Version file version 2.12.2 High Version manifest: org/apache/xerces/impl/ Implementation-Version 2.12.2 Medium Version pom version 2.12.2 Highest
pkg:maven/xerces/xercesImpl@2.12.2 (Confidence :High)cpe:2.3:a:apache:xerces-j:2.12.2:*:*:*:*:*:*:* (Confidence :Low) suppress cpe:2.3:a:apache:xerces2_java:2.12.2:*:*:*:*:*:*:* (Confidence :Low) suppress CVE-2017-10355 (OSSINDEX)suppress
sonatype-2017-0348 - xerces:xercesImpl - Denial of Service (DoS)
The software contains multiple threads or executable segments that are waiting for each other to release a necessary lock, resulting in deadlock. CWE-833 Deadlock
CVSSv3:
Base Score: MEDIUM (5.9) Vector: CVSS:/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:xerces:xercesImpl:2.12.2:*:*:*:*:*:*:* License:
Public Domain: http://www.xmlpull.org/v1/download/unpacked/LICENSE.txt File Path: /home/grprdist/.m2/repository/xmlpull/xmlpull/1.1.3.1/xmlpull-1.1.3.1.jar
MD5: cc57dacc720eca721a50e78934b822d2
SHA1: 2b8e230d2ab644e4ecaa94db7cdedbc40c805dfa
SHA256: 34e08ee62116071cbb69c0ed70d15a7a5b208d62798c59f2120bb8929324cb63
Referenced In Projects/Scopes: Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name xmlpull High Vendor jar package name v1 Low Vendor jar package name xmlpull Highest Vendor jar package name xmlpull Low Vendor pom artifactid xmlpull Highest Vendor pom artifactid xmlpull Low Vendor pom groupid xmlpull Highest Vendor pom name XML Pull Parsing API High Vendor pom url http://www.xmlpull.org Highest Product file name xmlpull High Product jar package name v1 Low Product jar package name xmlpull Highest Product pom artifactid xmlpull Highest Product pom groupid xmlpull Highest Product pom name XML Pull Parsing API High Product pom url http://www.xmlpull.org Medium Version file version 1.1.3.1 High Version pom version 1.1.3.1 Highest
Description:
XStream is a serialization library from Java objects to XML and back. License:
BSD-3-Clause File Path: /home/grprdist/.m2/repository/com/thoughtworks/xstream/xstream/1.4.20/xstream-1.4.20.jar
MD5: 1e816f33b1eb780a309789478051faeb
SHA1: 0e2315b8b2e95e9f21697833c8e56cdd9c98a5ee
SHA256: 87df0f0be57c92037d0110fbb225a30b651702dc275653d285afcfef31bc2e81
Referenced In Projects/Scopes: Grouper SCIM:provided Grouper API:compile Grouper WS Test:compile Grouper WS:compile Grouper UI:compile Evidence Type Source Name Value Confidence Vendor file name xstream High Vendor jar package name core Highest Vendor jar package name thoughtworks Highest Vendor jar package name xstream Highest Vendor Manifest bundle-docurl http://x-stream.github.io Low Vendor Manifest bundle-symbolicname xstream Medium Vendor Manifest Implementation-Vendor XStream High Vendor Manifest Implementation-Vendor-Id com.thoughtworks.xstream Medium Vendor Manifest java_1_4_home /opt/blackdown-jdk-1.4.2.03 Low Vendor Manifest java_1_5_home /opt/sun-jdk-1.5.0.22 Low Vendor Manifest java_1_6_home /opt/sun-jdk-1.6.0.45 Low Vendor Manifest java_1_7_home /opt/oracle-jdk-bin-1.7.0.80 Low Vendor Manifest java_1_8_home /opt/oracle-jdk-bin-1.8.0.202 Low Vendor Manifest java_9_home /opt/oracle-jdk-bin-9.0.4 Low Vendor Manifest specification-vendor XStream Low Vendor Manifest x-build-os Linux Low Vendor Manifest x-build-time 2022-12-23T23:21:05Z Low Vendor Manifest x-builder Maven 3.8.6 Low Vendor Manifest x-compile-source 1.4 Low Vendor Manifest x-compile-target 1.4 Low Vendor pom artifactid xstream Highest Vendor pom artifactid xstream Low Vendor pom groupid com.thoughtworks.xstream Highest Vendor pom name XStream Core High Vendor pom parent-artifactid xstream-parent Low Product file name xstream High Product jar package name core Highest Product jar package name io Highest Product jar package name thoughtworks Highest Product jar package name xml Highest Product jar package name xstream Highest Product Manifest bundle-docurl http://x-stream.github.io Low Product Manifest Bundle-Name XStream Core Medium Product Manifest bundle-symbolicname xstream Medium Product Manifest Implementation-Title XStream Core High Product Manifest java_1_4_home /opt/blackdown-jdk-1.4.2.03 Low Product Manifest java_1_5_home /opt/sun-jdk-1.5.0.22 Low Product Manifest java_1_6_home /opt/sun-jdk-1.6.0.45 Low Product Manifest java_1_7_home /opt/oracle-jdk-bin-1.7.0.80 Low Product Manifest java_1_8_home /opt/oracle-jdk-bin-1.8.0.202 Low Product Manifest java_9_home /opt/oracle-jdk-bin-9.0.4 Low Product Manifest specification-title XStream Core Medium Product Manifest x-build-os Linux Low Product Manifest x-build-time 2022-12-23T23:21:05Z Low Product Manifest x-builder Maven 3.8.6 Low Product Manifest x-compile-source 1.4 Low Product Manifest x-compile-target 1.4 Low Product pom artifactid xstream Highest Product pom groupid com.thoughtworks.xstream Highest Product pom name XStream Core High Product pom parent-artifactid xstream-parent Medium Version file version 1.4.20 High Version Manifest Bundle-Version 1.4.20 High Version Manifest Implementation-Version 1.4.20 High Version pom version 1.4.20 Highest
Description:
XZ data compression License:
Public Domain File Path: /home/grprdist/.m2/repository/org/tukaani/xz/1.9/xz-1.9.jar
MD5: 57c2fbfeb55e307ccae52e5322082e02
SHA1: 1ea4bec1a921180164852c65006d928617bd2caf
SHA256: 211b306cfc44f8f96df3a0a3ddaf75ba8c5289eed77d60d72f889bb855f535e5
Referenced In Project/Scope: Grouper Installer:compile
Evidence Type Source Name Value Confidence Vendor file name xz High Vendor jar package name tukaani Highest Vendor jar package name xz Highest Vendor Manifest bundle-docurl https://tukaani.org/xz/java.html Low Vendor Manifest bundle-symbolicname org.tukaani.xz Medium Vendor Manifest implementation-url https://tukaani.org/xz/java.html Low Vendor Manifest multi-release true Low Vendor pom artifactid xz Highest Vendor pom artifactid xz Low Vendor pom developer email lasse.collin@tukaani.org Low Vendor pom developer name Lasse Collin Medium Vendor pom groupid org.tukaani Highest Vendor pom name XZ for Java High Vendor pom url https://tukaani.org/xz/java.html Highest Product file name xz High Product jar package name tukaani Highest Product jar package name xz Highest Product Manifest bundle-docurl https://tukaani.org/xz/java.html Low Product Manifest Bundle-Name XZ data compression Medium Product Manifest bundle-symbolicname org.tukaani.xz Medium Product Manifest Implementation-Title XZ data compression High Product Manifest implementation-url https://tukaani.org/xz/java.html Low Product Manifest multi-release true Low Product pom artifactid xz Highest Product pom developer email lasse.collin@tukaani.org Low Product pom developer name Lasse Collin Low Product pom groupid org.tukaani Highest Product pom name XZ for Java High Product pom url https://tukaani.org/xz/java.html Medium Version file version 1.9 High Version Manifest Bundle-Version 1.9 High Version Manifest Implementation-Version 1.9 High Version pom version 1.9 Highest