Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies;
false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and
the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties,
implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided
is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever
arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
Scan Information (
show all ):
dependency-check version : 11.1.0Report Generated On : Sat, 9 Nov 2024 13:04:14 GMTDependencies Scanned : 184 (175 unique)Vulnerable Dependencies : 21 Vulnerabilities Found : 82Vulnerabilities Suppressed : 0 ... NVD API Last Checked : 2024-11-09T13:03:55ZNVD API Last Modified : 2024-11-09T12:15:20ZSummary Display:
Showing Vulnerable Dependencies (click to show all) * indicates the dependency has a known exploited vulnerability
aopalliance-1.0.jarDescription:
AOP Alliance License:
Public Domain File Path: /home/runner/.m2/repository/aopalliance/aopalliance/1.0/aopalliance-1.0.jar
MD5: 04177054e180d09e3998808efa0401c7
SHA1: 0235ba8b489512805ac13a8f9ea77a1ca5ebe3e8
SHA256: 0addec670fedcd3f113c5c8091d783280d23f75e3acb841b61a9cdb079376a08
Referenced In Project/Scope: SchemaSpy Maven Plugin:provided
aopalliance-1.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven/maven-core@3.9.9
Evidence Type Source Name Value Confidence Vendor file name aopalliance High Vendor jar package name aop Highest Vendor jar package name aopalliance Highest Vendor jar package name aopalliance Low Vendor jar package name intercept Low Vendor pom artifactid aopalliance Highest Vendor pom artifactid aopalliance Low Vendor pom groupid aopalliance Highest Vendor pom name AOP alliance High Vendor pom url http://aopalliance.sourceforge.net Highest Product file name aopalliance High Product jar package name aop Highest Product jar package name aopalliance Highest Product jar package name intercept Low Product pom artifactid aopalliance Highest Product pom groupid aopalliance Highest Product pom name AOP alliance High Product pom url http://aopalliance.sourceforge.net Medium Version file version 1.0 High Version pom version 1.0 Highest
asm-7.3.1.jarDescription:
ASM, a very small and fast Java bytecode manipulation framework License:
BSD-3-Clause: https://asm.ow2.io/license.html File Path: /home/runner/.m2/repository/org/ow2/asm/asm/7.3.1/asm-7.3.1.jar
MD5: 542c066ed00a4fa9857e9343e2c595b9
SHA1: 7ec32f922315924e82bf58b36ee1b673b2a9b820
SHA256: 2f67e11ceec819ebd88ddee5300aba699b1cbab2e20c22e97cf027d3be93959b
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
asm-7.3.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4
Evidence Type Source Name Value Confidence Vendor file name asm High Vendor jar package name asm Highest Vendor jar package name objectweb Highest Vendor Manifest bundle-docurl http://asm.ow2.org Low Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor Manifest bundle-symbolicname org.objectweb.asm Medium Vendor pom artifactid asm Highest Vendor pom artifactid asm Low Vendor pom developer email ebruneton@free.fr Low Vendor pom developer email eu@javatx.org Low Vendor pom developer email forax@univ-mlv.fr Low Vendor pom developer id ebruneton Medium Vendor pom developer id eu Medium Vendor pom developer id forax Medium Vendor pom developer name Eric Bruneton Medium Vendor pom developer name Eugene Kuleshov Medium Vendor pom developer name Remi Forax Medium Vendor pom groupid org.ow2.asm Highest Vendor pom name asm High Vendor pom organization name OW2 High Vendor pom organization url http://www.ow2.org/ Medium Vendor pom parent-artifactid ow2 Low Vendor pom parent-groupid org.ow2 Medium Vendor pom url http://asm.ow2.io/ Highest Product file name asm High Product jar package name asm Highest Product jar package name objectweb Highest Product Manifest bundle-docurl http://asm.ow2.org Low Product Manifest Bundle-Name org.objectweb.asm Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product Manifest bundle-symbolicname org.objectweb.asm Medium Product Manifest Implementation-Title ASM, a very small and fast Java bytecode manipulation framework High Product pom artifactid asm Highest Product pom developer email ebruneton@free.fr Low Product pom developer email eu@javatx.org Low Product pom developer email forax@univ-mlv.fr Low Product pom developer id ebruneton Low Product pom developer id eu Low Product pom developer id forax Low Product pom developer name Eric Bruneton Low Product pom developer name Eugene Kuleshov Low Product pom developer name Remi Forax Low Product pom groupid org.ow2.asm Highest Product pom name asm High Product pom organization name OW2 Low Product pom organization url http://www.ow2.org/ Low Product pom parent-artifactid ow2 Medium Product pom parent-groupid org.ow2 Medium Product pom url http://asm.ow2.io/ Medium Version file version 7.3.1 High Version Manifest Bundle-Version 7.3.1 High Version Manifest Implementation-Version 7.3.1 High Version pom parent-version 7.3.1 Low Version pom version 7.3.1 Highest
asm-analysis-7.3.1.jarDescription:
Static code analysis API of ASM, a very small and fast Java bytecode manipulation framework License:
BSD-3-Clause: https://asm.ow2.io/license.html File Path: /home/runner/.m2/repository/org/ow2/asm/asm-analysis/7.3.1/asm-analysis-7.3.1.jar
MD5: b5b082ef17f6d6bb3d8ed9c129161bdb
SHA1: 045dfd299ea0c17d534499c4f06417ceccfa2d02
SHA256: 46b8a8efd4b94facb5ab4b35afe30ee0546ae7a43d2c64e6def56c2f168fefa5
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
asm-analysis-7.3.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4
Evidence Type Source Name Value Confidence Vendor file name asm-analysis High Vendor jar package name analysis Highest Vendor jar package name asm Highest Vendor jar package name objectweb Highest Vendor jar package name tree Highest Vendor Manifest bundle-docurl http://asm.ow2.org Low Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor Manifest bundle-symbolicname org.objectweb.asm.tree.analysis Medium Vendor Manifest module-requires org.objectweb.asm.tree;transitive=true Low Vendor pom artifactid asm-analysis Highest Vendor pom artifactid asm-analysis Low Vendor pom developer email ebruneton@free.fr Low Vendor pom developer email eu@javatx.org Low Vendor pom developer email forax@univ-mlv.fr Low Vendor pom developer id ebruneton Medium Vendor pom developer id eu Medium Vendor pom developer id forax Medium Vendor pom developer name Eric Bruneton Medium Vendor pom developer name Eugene Kuleshov Medium Vendor pom developer name Remi Forax Medium Vendor pom groupid org.ow2.asm Highest Vendor pom name asm-analysis High Vendor pom organization name OW2 High Vendor pom organization url http://www.ow2.org/ Medium Vendor pom parent-artifactid ow2 Low Vendor pom parent-groupid org.ow2 Medium Vendor pom url http://asm.ow2.io/ Highest Product file name asm-analysis High Product jar package name analysis Highest Product jar package name asm Highest Product jar package name objectweb Highest Product jar package name tree Highest Product Manifest bundle-docurl http://asm.ow2.org Low Product Manifest Bundle-Name org.objectweb.asm.tree.analysis Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product Manifest bundle-symbolicname org.objectweb.asm.tree.analysis Medium Product Manifest Implementation-Title Static code analysis API of ASM, a very small and fast Java bytecode manipulation framework High Product Manifest module-requires org.objectweb.asm.tree;transitive=true Low Product pom artifactid asm-analysis Highest Product pom developer email ebruneton@free.fr Low Product pom developer email eu@javatx.org Low Product pom developer email forax@univ-mlv.fr Low Product pom developer id ebruneton Low Product pom developer id eu Low Product pom developer id forax Low Product pom developer name Eric Bruneton Low Product pom developer name Eugene Kuleshov Low Product pom developer name Remi Forax Low Product pom groupid org.ow2.asm Highest Product pom name asm-analysis High Product pom organization name OW2 Low Product pom organization url http://www.ow2.org/ Low Product pom parent-artifactid ow2 Medium Product pom parent-groupid org.ow2 Medium Product pom url http://asm.ow2.io/ Medium Version file version 7.3.1 High Version Manifest Bundle-Version 7.3.1 High Version Manifest Implementation-Version 7.3.1 High Version pom parent-version 7.3.1 Low Version pom version 7.3.1 Highest
asm-commons-7.3.1.jarDescription:
Usefull class adapters based on ASM, a very small and fast Java bytecode manipulation framework License:
BSD-3-Clause: https://asm.ow2.io/license.html File Path: /home/runner/.m2/repository/org/ow2/asm/asm-commons/7.3.1/asm-commons-7.3.1.jar
MD5: be985ed0af52424f8f5d27ec71c249ab
SHA1: daaa79ef260eb67404b9a52bc319a024c7f49cfe
SHA256: 87cd8bb3c6bf6bcbb33fca48060c5065f66ebf6a3d7de9bf18bff51bcf156ebc
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
asm-commons-7.3.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4
Evidence Type Source Name Value Confidence Vendor file name asm-commons High Vendor jar package name asm Highest Vendor jar package name commons Highest Vendor jar package name objectweb Highest Vendor Manifest bundle-docurl http://asm.ow2.org Low Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor Manifest bundle-symbolicname org.objectweb.asm.commons Medium Vendor Manifest module-requires org.objectweb.asm;transitive=true,org.objectweb.asm.tree;transitive=true,org.objectweb.asm.tree.analysis;transitive=true Low Vendor pom artifactid asm-commons Highest Vendor pom artifactid asm-commons Low Vendor pom developer email ebruneton@free.fr Low Vendor pom developer email eu@javatx.org Low Vendor pom developer email forax@univ-mlv.fr Low Vendor pom developer id ebruneton Medium Vendor pom developer id eu Medium Vendor pom developer id forax Medium Vendor pom developer name Eric Bruneton Medium Vendor pom developer name Eugene Kuleshov Medium Vendor pom developer name Remi Forax Medium Vendor pom groupid org.ow2.asm Highest Vendor pom name asm-commons High Vendor pom organization name OW2 High Vendor pom organization url http://www.ow2.org/ Medium Vendor pom parent-artifactid ow2 Low Vendor pom parent-groupid org.ow2 Medium Vendor pom url http://asm.ow2.io/ Highest Product file name asm-commons High Product jar package name asm Highest Product jar package name commons Highest Product jar package name objectweb Highest Product Manifest bundle-docurl http://asm.ow2.org Low Product Manifest Bundle-Name org.objectweb.asm.commons Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product Manifest bundle-symbolicname org.objectweb.asm.commons Medium Product Manifest Implementation-Title Usefull class adapters based on ASM, a very small and fast Java bytecode manipulation framework High Product Manifest module-requires org.objectweb.asm;transitive=true,org.objectweb.asm.tree;transitive=true,org.objectweb.asm.tree.analysis;transitive=true Low Product pom artifactid asm-commons Highest Product pom developer email ebruneton@free.fr Low Product pom developer email eu@javatx.org Low Product pom developer email forax@univ-mlv.fr Low Product pom developer id ebruneton Low Product pom developer id eu Low Product pom developer id forax Low Product pom developer name Eric Bruneton Low Product pom developer name Eugene Kuleshov Low Product pom developer name Remi Forax Low Product pom groupid org.ow2.asm Highest Product pom name asm-commons High Product pom organization name OW2 Low Product pom organization url http://www.ow2.org/ Low Product pom parent-artifactid ow2 Medium Product pom parent-groupid org.ow2 Medium Product pom url http://asm.ow2.io/ Medium Version file version 7.3.1 High Version Manifest Bundle-Version 7.3.1 High Version Manifest Implementation-Version 7.3.1 High Version pom parent-version 7.3.1 Low Version pom version 7.3.1 Highest
asm-tree-7.3.1.jarDescription:
Tree API of ASM, a very small and fast Java bytecode manipulation framework License:
BSD-3-Clause: https://asm.ow2.io/license.html File Path: /home/runner/.m2/repository/org/ow2/asm/asm-tree/7.3.1/asm-tree-7.3.1.jar
MD5: 3ef0bd9837a905e0b2d443de9199a409
SHA1: 587ce54d243145b2e89598bfcea7823ded73be5d
SHA256: f91a4a8aa868c5c4665bb4fd134019a91f9f8b9216527fba295e3c8b5422b78b
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
asm-tree-7.3.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4
Evidence Type Source Name Value Confidence Vendor file name asm-tree High Vendor jar package name asm Highest Vendor jar package name objectweb Highest Vendor jar package name tree Highest Vendor Manifest bundle-docurl http://asm.ow2.org Low Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor Manifest bundle-symbolicname org.objectweb.asm.tree Medium Vendor Manifest module-requires org.objectweb.asm;transitive=true Low Vendor pom artifactid asm-tree Highest Vendor pom artifactid asm-tree Low Vendor pom developer email ebruneton@free.fr Low Vendor pom developer email eu@javatx.org Low Vendor pom developer email forax@univ-mlv.fr Low Vendor pom developer id ebruneton Medium Vendor pom developer id eu Medium Vendor pom developer id forax Medium Vendor pom developer name Eric Bruneton Medium Vendor pom developer name Eugene Kuleshov Medium Vendor pom developer name Remi Forax Medium Vendor pom groupid org.ow2.asm Highest Vendor pom name asm-tree High Vendor pom organization name OW2 High Vendor pom organization url http://www.ow2.org/ Medium Vendor pom parent-artifactid ow2 Low Vendor pom parent-groupid org.ow2 Medium Vendor pom url http://asm.ow2.io/ Highest Product file name asm-tree High Product jar package name asm Highest Product jar package name objectweb Highest Product jar package name tree Highest Product Manifest bundle-docurl http://asm.ow2.org Low Product Manifest Bundle-Name org.objectweb.asm.tree Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product Manifest bundle-symbolicname org.objectweb.asm.tree Medium Product Manifest Implementation-Title Tree API of ASM, a very small and fast Java bytecode manipulation framework High Product Manifest module-requires org.objectweb.asm;transitive=true Low Product pom artifactid asm-tree Highest Product pom developer email ebruneton@free.fr Low Product pom developer email eu@javatx.org Low Product pom developer email forax@univ-mlv.fr Low Product pom developer id ebruneton Low Product pom developer id eu Low Product pom developer id forax Low Product pom developer name Eric Bruneton Low Product pom developer name Eugene Kuleshov Low Product pom developer name Remi Forax Low Product pom groupid org.ow2.asm Highest Product pom name asm-tree High Product pom organization name OW2 Low Product pom organization url http://www.ow2.org/ Low Product pom parent-artifactid ow2 Medium Product pom parent-groupid org.ow2 Medium Product pom url http://asm.ow2.io/ Medium Version file version 7.3.1 High Version Manifest Bundle-Version 7.3.1 High Version Manifest Implementation-Version 7.3.1 High Version pom parent-version 7.3.1 Low Version pom version 7.3.1 Highest
asm-util-7.3.1.jarDescription:
Utilities for ASM, a very small and fast Java bytecode manipulation framework License:
BSD-3-Clause: https://asm.ow2.io/license.html File Path: /home/runner/.m2/repository/org/ow2/asm/asm-util/7.3.1/asm-util-7.3.1.jar
MD5: 181141e54fdd56474937d7ebfb325ba3
SHA1: cac1bf54c2fb86671c357d281d1060fe5d50a0de
SHA256: 182128592742ed4883ac82bf205f137b6bfbe1234c68e6feb13759e75a85b729
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
asm-util-7.3.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4
Evidence Type Source Name Value Confidence Vendor file name asm-util High Vendor jar package name asm Highest Vendor jar package name objectweb Highest Vendor jar package name util Highest Vendor Manifest bundle-docurl http://asm.ow2.org Low Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor Manifest bundle-symbolicname org.objectweb.asm.util Medium Vendor Manifest module-requires org.objectweb.asm;transitive=true,org.objectweb.asm.tree;transitive=true,org.objectweb.asm.tree.analysis;transitive=true Low Vendor pom artifactid asm-util Highest Vendor pom artifactid asm-util Low Vendor pom developer email ebruneton@free.fr Low Vendor pom developer email eu@javatx.org Low Vendor pom developer email forax@univ-mlv.fr Low Vendor pom developer id ebruneton Medium Vendor pom developer id eu Medium Vendor pom developer id forax Medium Vendor pom developer name Eric Bruneton Medium Vendor pom developer name Eugene Kuleshov Medium Vendor pom developer name Remi Forax Medium Vendor pom groupid org.ow2.asm Highest Vendor pom name asm-util High Vendor pom organization name OW2 High Vendor pom organization url http://www.ow2.org/ Medium Vendor pom parent-artifactid ow2 Low Vendor pom parent-groupid org.ow2 Medium Vendor pom url http://asm.ow2.io/ Highest Product file name asm-util High Product jar package name asm Highest Product jar package name objectweb Highest Product jar package name util Highest Product Manifest bundle-docurl http://asm.ow2.org Low Product Manifest Bundle-Name org.objectweb.asm.util Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product Manifest bundle-symbolicname org.objectweb.asm.util Medium Product Manifest Implementation-Title Utilities for ASM, a very small and fast Java bytecode manipulation framework High Product Manifest module-requires org.objectweb.asm;transitive=true,org.objectweb.asm.tree;transitive=true,org.objectweb.asm.tree.analysis;transitive=true Low Product pom artifactid asm-util Highest Product pom developer email ebruneton@free.fr Low Product pom developer email eu@javatx.org Low Product pom developer email forax@univ-mlv.fr Low Product pom developer id ebruneton Low Product pom developer id eu Low Product pom developer id forax Low Product pom developer name Eric Bruneton Low Product pom developer name Eugene Kuleshov Low Product pom developer name Remi Forax Low Product pom groupid org.ow2.asm Highest Product pom name asm-util High Product pom organization name OW2 Low Product pom organization url http://www.ow2.org/ Low Product pom parent-artifactid ow2 Medium Product pom parent-groupid org.ow2 Medium Product pom url http://asm.ow2.io/ Medium Version file version 7.3.1 High Version Manifest Bundle-Version 7.3.1 High Version Manifest Implementation-Version 7.3.1 High Version pom parent-version 7.3.1 Low Version pom version 7.3.1 Highest
autolink-0.6.0.jarDescription:
Java library to extract links (URLs, email addresses) from plain text;
fast, small and smart about recognizing where links end
License:
MIT License: http://www.opensource.org/licenses/mit-license.php File Path: /home/runner/.m2/repository/org/nibor/autolink/autolink/0.6.0/autolink-0.6.0.jar
MD5: f2633571471a5957ee12e61b184e6219
SHA1: 3986d016a14e8c81afeec752f19af29b20e8367b
SHA256: a80be030f6386f18111cad9161c0b6983157352a1b59a59e6002172f0d321c04
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
autolink-0.6.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4
Evidence Type Source Name Value Confidence Vendor file name autolink High Vendor jar package name autolink Highest Vendor jar package name autolink Low Vendor jar package name nibor Highest Vendor jar package name nibor Low Vendor pom artifactid autolink Highest Vendor pom artifactid autolink Low Vendor pom developer email robin@nibor.org Low Vendor pom developer name Robin Stocker Medium Vendor pom groupid org.nibor.autolink Highest Vendor pom name autolink-java High Vendor pom url robinst/autolink-java Highest Product file name autolink High Product jar package name autolink Highest Product jar package name autolink Low Product jar package name nibor Highest Product pom artifactid autolink Highest Product pom developer email robin@nibor.org Low Product pom developer name Robin Stocker Low Product pom groupid org.nibor.autolink Highest Product pom name autolink-java High Product pom url robinst/autolink-java High Version file version 0.6.0 High Version pom version 0.6.0 Highest
checker-qual-3.42.0.jarDescription:
checker-qual contains annotations (type qualifiers) that a programmer
writes to specify Java code for type-checking by the Checker Framework.
License:
The MIT License: http://opensource.org/licenses/MIT File Path: /home/runner/.m2/repository/org/checkerframework/checker-qual/3.42.0/checker-qual-3.42.0.jar
MD5: 4c55448dcbfe9c3702f7758fc8fe0086
SHA1: 638ec33f363a94d41a4f03c3e7d3dcfba64e402d
SHA256: ccaedd33af0b7894d9f2f3b644f4d19e43928e32902e61ac4d10777830f5aac7
Referenced In Project/Scope: SchemaSpy Maven Plugin:runtime
checker-qual-3.42.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.postgresql/postgresql@42.7.4
Evidence Type Source Name Value Confidence Vendor file name checker-qual High Vendor jar package name checker Highest Vendor jar package name checkerframework Highest Vendor jar package name framework Highest Vendor jar package name qual Highest Vendor Manifest automatic-module-name org.checkerframework.checker.qual Medium Vendor Manifest bundle-symbolicname checker-qual Medium Vendor Manifest implementation-url https://checkerframework.org Low Vendor pom artifactid checker-qual Highest Vendor pom artifactid checker-qual Low Vendor pom developer email mernst@cs.washington.edu Low Vendor pom developer email smillst@cs.washington.edu Low Vendor pom developer id mernst Medium Vendor pom developer id smillst Medium Vendor pom developer name Michael Ernst Medium Vendor pom developer name Suzanne Millstein Medium Vendor pom developer org University of Washington Medium Vendor pom developer org URL https://www.cs.washington.edu/ Medium Vendor pom groupid org.checkerframework Highest Vendor pom name Checker Qual High Vendor pom url https://checkerframework.org/ Highest Product file name checker-qual High Product jar package name checker Highest Product jar package name checkerframework Highest Product jar package name framework Highest Product jar package name qual Highest Product Manifest automatic-module-name org.checkerframework.checker.qual Medium Product Manifest Bundle-Name checker-qual Medium Product Manifest bundle-symbolicname checker-qual Medium Product Manifest implementation-url https://checkerframework.org Low Product pom artifactid checker-qual Highest Product pom developer email mernst@cs.washington.edu Low Product pom developer email smillst@cs.washington.edu Low Product pom developer id mernst Low Product pom developer id smillst Low Product pom developer name Michael Ernst Low Product pom developer name Suzanne Millstein Low Product pom developer org University of Washington Low Product pom developer org URL https://www.cs.washington.edu/ Low Product pom groupid org.checkerframework Highest Product pom name Checker Qual High Product pom url https://checkerframework.org/ Medium Version file version 3.42.0 High Version Manifest Bundle-Version 3.42.0 High Version Manifest Implementation-Version 3.42.0 High Version pom version 3.42.0 Highest
classworlds-1.1-alpha-2.jarFile Path: /home/runner/.m2/repository/classworlds/classworlds/1.1-alpha-2/classworlds-1.1-alpha-2.jarMD5: 82cacb7d9724c4a4e4d20f004884d4daSHA1: 05adf2e681c57d7f48038b602f3ca2254ee82d47SHA256: 2bf4e59f3acd106fea6145a9a88fe8956509f8b9c0fdd11eb96fee757269e3f3Referenced In Project/Scope: SchemaSpy Maven Plugin:compileclassworlds-1.1-alpha-2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven.plugin-testing/maven-plugin-testing-harness@3.3.0
Evidence Type Source Name Value Confidence Vendor file name classworlds High Vendor jar package name classworlds Highest Vendor jar package name codehaus Highest Vendor Manifest extension-name classworlds Medium Vendor Manifest Implementation-Vendor The Codehaus High Vendor Manifest specification-vendor The Codehaus Low Vendor pom artifactid classworlds Highest Vendor pom artifactid classworlds Low Vendor pom developer email ben@walding.com Low Vendor pom developer email bob@werken.com Low Vendor pom developer email jason@zenplex.com Low Vendor pom developer id bob Medium Vendor pom developer id bwalding Medium Vendor pom developer id jvanzyl Medium Vendor pom developer name Ben Walding Medium Vendor pom developer name bob mcwhirter Medium Vendor pom developer name Jason van Zyl Medium Vendor pom developer org The Werken Company Medium Vendor pom developer org Walding Consulting Services Medium Vendor pom developer org Zenplex Medium Vendor pom groupid classworlds Highest Vendor pom name classworlds High Vendor pom organization name The Codehaus High Vendor pom organization url http://codehaus.org/ Medium Vendor pom url http://classworlds.codehaus.org/ Highest Product file name classworlds High Product jar package name classworlds Highest Product jar package name codehaus Highest Product Manifest extension-name classworlds Medium Product Manifest Implementation-Title org.codehaus.classworlds High Product Manifest specification-title classworlds: Java(tm) ClassLoader Management Framework Medium Product pom artifactid classworlds Highest Product pom developer email ben@walding.com Low Product pom developer email bob@werken.com Low Product pom developer email jason@zenplex.com Low Product pom developer id bob Low Product pom developer id bwalding Low Product pom developer id jvanzyl Low Product pom developer name Ben Walding Low Product pom developer name bob mcwhirter Low Product pom developer name Jason van Zyl Low Product pom developer org The Werken Company Low Product pom developer org Walding Consulting Services Low Product pom developer org Zenplex Low Product pom groupid classworlds Highest Product pom name classworlds High Product pom organization name The Codehaus Low Product pom organization url http://codehaus.org/ Low Product pom url http://classworlds.codehaus.org/ Medium Version Manifest Implementation-Version 1.1-alpha-2 High Version pom version 1.1-alpha-2 Highest
commons-beanutils-1.9.4.jarDescription:
Apache Commons BeanUtils provides an easy-to-use but flexible wrapper around reflection and introspection. License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/commons-beanutils/commons-beanutils/1.9.4/commons-beanutils-1.9.4.jar
MD5: 07dc532ee316fe1f2f0323e9bd2f8df4
SHA1: d52b9abcd97f38c81342bb7e7ae1eee9b73cba51
SHA256: 7d938c81789028045c08c065e94be75fc280527620d5bd62b519d5838532368a
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
commons-beanutils-1.9.4.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/nl.geodienstencentrum.maven/schemaspy-maven-plugin@5.3.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name commons-beanutils High Vendor jar package name apache Highest Vendor jar package name beanutils Highest Vendor jar package name commons Highest Vendor Manifest bundle-docurl https://commons.apache.org/proper/commons-beanutils/ Low Vendor Manifest bundle-symbolicname org.apache.commons.commons-beanutils Medium Vendor Manifest implementation-build UNKNOWN_BRANCH@r??????; 2019-07-28 22:14:44+0000 Low Vendor Manifest implementation-url https://commons.apache.org/proper/commons-beanutils/ Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-beanutils Highest Vendor pom artifactid commons-beanutils Low Vendor pom developer email britter@apache.org Low Vendor pom developer email chtompki@apache.org Low Vendor pom developer email craigmcc@apache.org Low Vendor pom developer email dion@apache.org Low Vendor pom developer email epugh@apache.org Low Vendor pom developer email geirm@apache.org Low Vendor pom developer email ggregory@apache.org Low Vendor pom developer email jcarman@apache.org Low Vendor pom developer email jconlon@apache.org Low Vendor pom developer email jstrachan@apache.org Low Vendor pom developer email morgand@apache.org Low Vendor pom developer email mvdb@apache.org Low Vendor pom developer email niallp@apache.org Low Vendor pom developer email rdonkin@apache.org Low Vendor pom developer email rwaldhoff@apache.org Low Vendor pom developer email sanders@apache.org Low Vendor pom developer email scolebourne@apache.org Low Vendor pom developer email skitching@apache.org Low Vendor pom developer email stain@apache.org Low Vendor pom developer email tobrien@apache.org Low Vendor pom developer email yoavs@apache.org Low Vendor pom developer id britter Medium Vendor pom developer id chtompki Medium Vendor pom developer id craigmcc Medium Vendor pom developer id dion Medium Vendor pom developer id epugh Medium Vendor pom developer id geirm Medium Vendor pom developer id ggregory Medium Vendor pom developer id jcarman Medium Vendor pom developer id jconlon Medium Vendor pom developer id jstrachan Medium Vendor pom developer id morgand Medium Vendor pom developer id mvdb Medium Vendor pom developer id niallp Medium Vendor pom developer id rdonkin Medium Vendor pom developer id rwaldhoff Medium Vendor pom developer id sanders Medium Vendor pom developer id scolebourne Medium Vendor pom developer id skitching Medium Vendor pom developer id stain Medium Vendor pom developer id tobrien Medium Vendor pom developer id yoavs Medium Vendor pom developer name Benedikt Ritter Medium Vendor pom developer name Craig McClanahan Medium Vendor pom developer name David Eric Pugh Medium Vendor pom developer name Dion Gillard Medium Vendor pom developer name Gary Gregory Medium Vendor pom developer name Geir Magnusson Jr. Medium Vendor pom developer name James Carman Medium Vendor pom developer name James Strachan Medium Vendor pom developer name John E. Conlon Medium Vendor pom developer name Martin van den Bemt Medium Vendor pom developer name Morgan James Delagrange Medium Vendor pom developer name Niall Pemberton Medium Vendor pom developer name Rob Tompkins Medium Vendor pom developer name Robert Burrell Donkin Medium Vendor pom developer name Rodney Waldhoff Medium Vendor pom developer name Scott Sanders Medium Vendor pom developer name Simon Kitching Medium Vendor pom developer name Stephen Colebourne Medium Vendor pom developer name Stian Soiland-Reyes Medium Vendor pom developer name Tim O'Brien Medium Vendor pom developer name Yoav Shapira Medium Vendor pom developer org The Apache Software Foundation Medium Vendor pom groupid commons-beanutils Highest Vendor pom name Apache Commons BeanUtils High Vendor pom parent-artifactid commons-parent Low Vendor pom parent-groupid org.apache.commons Medium Vendor pom url https://commons.apache.org/proper/commons-beanutils/ Highest Product file name commons-beanutils High Product jar package name apache Highest Product jar package name beanutils Highest Product jar package name commons Highest Product Manifest bundle-docurl https://commons.apache.org/proper/commons-beanutils/ Low Product Manifest Bundle-Name Apache Commons BeanUtils Medium Product Manifest bundle-symbolicname org.apache.commons.commons-beanutils Medium Product Manifest implementation-build UNKNOWN_BRANCH@r??????; 2019-07-28 22:14:44+0000 Low Product Manifest Implementation-Title Apache Commons BeanUtils High Product Manifest implementation-url https://commons.apache.org/proper/commons-beanutils/ Low Product Manifest specification-title Apache Commons BeanUtils Medium Product pom artifactid commons-beanutils Highest Product pom developer email britter@apache.org Low Product pom developer email chtompki@apache.org Low Product pom developer email craigmcc@apache.org Low Product pom developer email dion@apache.org Low Product pom developer email epugh@apache.org Low Product pom developer email geirm@apache.org Low Product pom developer email ggregory@apache.org Low Product pom developer email jcarman@apache.org Low Product pom developer email jconlon@apache.org Low Product pom developer email jstrachan@apache.org Low Product pom developer email morgand@apache.org Low Product pom developer email mvdb@apache.org Low Product pom developer email niallp@apache.org Low Product pom developer email rdonkin@apache.org Low Product pom developer email rwaldhoff@apache.org Low Product pom developer email sanders@apache.org Low Product pom developer email scolebourne@apache.org Low Product pom developer email skitching@apache.org Low Product pom developer email stain@apache.org Low Product pom developer email tobrien@apache.org Low Product pom developer email yoavs@apache.org Low Product pom developer id britter Low Product pom developer id chtompki Low Product pom developer id craigmcc Low Product pom developer id dion Low Product pom developer id epugh Low Product pom developer id geirm Low Product pom developer id ggregory Low Product pom developer id jcarman Low Product pom developer id jconlon Low Product pom developer id jstrachan Low Product pom developer id morgand Low Product pom developer id mvdb Low Product pom developer id niallp Low Product pom developer id rdonkin Low Product pom developer id rwaldhoff Low Product pom developer id sanders Low Product pom developer id scolebourne Low Product pom developer id skitching Low Product pom developer id stain Low Product pom developer id tobrien Low Product pom developer id yoavs Low Product pom developer name Benedikt Ritter Low Product pom developer name Craig McClanahan Low Product pom developer name David Eric Pugh Low Product pom developer name Dion Gillard Low Product pom developer name Gary Gregory Low Product pom developer name Geir Magnusson Jr. Low Product pom developer name James Carman Low Product pom developer name James Strachan Low Product pom developer name John E. Conlon Low Product pom developer name Martin van den Bemt Low Product pom developer name Morgan James Delagrange Low Product pom developer name Niall Pemberton Low Product pom developer name Rob Tompkins Low Product pom developer name Robert Burrell Donkin Low Product pom developer name Rodney Waldhoff Low Product pom developer name Scott Sanders Low Product pom developer name Simon Kitching Low Product pom developer name Stephen Colebourne Low Product pom developer name Stian Soiland-Reyes Low Product pom developer name Tim O'Brien Low Product pom developer name Yoav Shapira Low Product pom developer org The Apache Software Foundation Low Product pom groupid commons-beanutils Highest Product pom name Apache Commons BeanUtils High Product pom parent-artifactid commons-parent Medium Product pom parent-groupid org.apache.commons Medium Product pom url https://commons.apache.org/proper/commons-beanutils/ Medium Version file version 1.9.4 High Version Manifest Bundle-Version 1.9.4 High Version Manifest Implementation-Version 1.9.4 High Version pom parent-version 1.9.4 Low Version pom version 1.9.4 Highest
commons-collections-3.2.2.jarDescription:
Types that extend and augment the Java Collections Framework. License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/commons-collections/commons-collections/3.2.2/commons-collections-3.2.2.jar
MD5: f54a8510f834a1a57166970bfc982e94
SHA1: 8ad72fe39fa8c91eaaf12aadb21e0c3661fe26d5
SHA256: eeeae917917144a68a741d4c0dff66aa5c5c5fd85593ff217bced3fc8ca783b8
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
commons-collections-3.2.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/commons-beanutils/commons-beanutils@1.9.4
Evidence Type Source Name Value Confidence Vendor file name commons-collections High Vendor jar package name apache Highest Vendor jar package name collections Highest Vendor jar package name commons Highest Vendor Manifest bundle-docurl http://commons.apache.org/collections/ Low Vendor Manifest bundle-symbolicname org.apache.commons.collections Medium Vendor Manifest implementation-build tags/COLLECTIONS_3_2_2_RC3@r1714131; 2015-11-13 00:09:45+0100 Low Vendor Manifest implementation-url http://commons.apache.org/collections/ Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-collections Highest Vendor pom artifactid commons-collections Low Vendor pom developer id amamment Medium Vendor pom developer id bayard Medium Vendor pom developer id craigmcc Medium Vendor pom developer id geirm Medium Vendor pom developer id jcarman Medium Vendor pom developer id matth Medium Vendor pom developer id morgand Medium Vendor pom developer id psteitz Medium Vendor pom developer id rdonkin Medium Vendor pom developer id rwaldhoff Medium Vendor pom developer id scolebourne Medium Vendor pom developer name Arun M. Thomas Medium Vendor pom developer name Craig McClanahan Medium Vendor pom developer name Geir Magnusson Medium Vendor pom developer name Henri Yandell Medium Vendor pom developer name James Carman Medium Vendor pom developer name Matthew Hawthorne Medium Vendor pom developer name Morgan Delagrange Medium Vendor pom developer name Phil Steitz Medium Vendor pom developer name Robert Burrell Donkin Medium Vendor pom developer name Rodney Waldhoff Medium Vendor pom developer name Stephen Colebourne Medium Vendor pom groupid commons-collections Highest Vendor pom name Apache Commons Collections High Vendor pom parent-artifactid commons-parent Low Vendor pom parent-groupid org.apache.commons Medium Vendor pom url http://commons.apache.org/collections/ Highest Product file name commons-collections High Product jar package name apache Highest Product jar package name collections Highest Product jar package name commons Highest Product Manifest bundle-docurl http://commons.apache.org/collections/ Low Product Manifest Bundle-Name Apache Commons Collections Medium Product Manifest bundle-symbolicname org.apache.commons.collections Medium Product Manifest implementation-build tags/COLLECTIONS_3_2_2_RC3@r1714131; 2015-11-13 00:09:45+0100 Low Product Manifest Implementation-Title Apache Commons Collections High Product Manifest implementation-url http://commons.apache.org/collections/ Low Product Manifest specification-title Apache Commons Collections Medium Product pom artifactid commons-collections Highest Product pom developer id amamment Low Product pom developer id bayard Low Product pom developer id craigmcc Low Product pom developer id geirm Low Product pom developer id jcarman Low Product pom developer id matth Low Product pom developer id morgand Low Product pom developer id psteitz Low Product pom developer id rdonkin Low Product pom developer id rwaldhoff Low Product pom developer id scolebourne Low Product pom developer name Arun M. Thomas Low Product pom developer name Craig McClanahan Low Product pom developer name Geir Magnusson Low Product pom developer name Henri Yandell Low Product pom developer name James Carman Low Product pom developer name Matthew Hawthorne Low Product pom developer name Morgan Delagrange Low Product pom developer name Phil Steitz Low Product pom developer name Robert Burrell Donkin Low Product pom developer name Rodney Waldhoff Low Product pom developer name Stephen Colebourne Low Product pom groupid commons-collections Highest Product pom name Apache Commons Collections High Product pom parent-artifactid commons-parent Medium Product pom parent-groupid org.apache.commons Medium Product pom url http://commons.apache.org/collections/ Medium Version file version 3.2.2 High Version Manifest Bundle-Version 3.2.2 High Version Manifest Implementation-Version 3.2.2 High Version pom parent-version 3.2.2 Low Version pom version 3.2.2 Highest
commons-digester3-3.2.jarDescription:
The Apache Commons Digester package lets you configure an XML to Java
object mapping module which triggers certain actions called rules whenever
a particular pattern of nested XML elements is recognized.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/apache/commons/commons-digester3/3.2/commons-digester3-3.2.jar
MD5: 41d2c62c7aedafa7a3627794abc83f71
SHA1: c3f68c5ff25ec5204470fd8fdf4cb8feff5e8a79
SHA256: 1c150e3d2df4b4237b47e28fea2079fb0da324578d5cca6a5fed2e37a62082ec
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
commons-digester3-3.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven.reporting/maven-reporting-impl@4.0.0
Evidence Type Source Name Value Confidence Vendor file name commons-digester3 High Vendor jar package name apache Highest Vendor jar package name commons Highest Vendor jar package name digester Highest Vendor jar package name digester3 Highest Vendor jar package name rules Highest Vendor Manifest bundle-docurl http://commons.apache.org/digester/ Low Vendor Manifest bundle-symbolicname org.apache.commons.digester Medium Vendor Manifest implementation-build tags/DIGESTER3_3_2_RC2@r1212807; 2011-12-10 15:57:06+0100 Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-digester3 Highest Vendor pom artifactid commons-digester3 Low Vendor pom developer email craigmcc@apache.org Low Vendor pom developer email jfarcand@apache.org Low Vendor pom developer email jstrachan@apache.org Low Vendor pom developer email jvanzyl@apache.org Low Vendor pom developer email mbenson AT apache DOT org Low Vendor pom developer email rahul AT apache DOT org Low Vendor pom developer email rdonkin@apache.org Low Vendor pom developer email sanders@totalsync.com Low Vendor pom developer email simonetripodi AT apache DOT org Low Vendor pom developer email skitching@apache.org Low Vendor pom developer email tobrien@apache.org Low Vendor pom developer id craigmcc Medium Vendor pom developer id jfarcand Medium Vendor pom developer id jstrachan Medium Vendor pom developer id jvanzyl Medium Vendor pom developer id mbenson Medium Vendor pom developer id rahul Medium Vendor pom developer id rdonkin Medium Vendor pom developer id sanders Medium Vendor pom developer id simonetripodi Medium Vendor pom developer id skitching Medium Vendor pom developer id tobrien Medium Vendor pom developer name Craig McClanahan Medium Vendor pom developer name James Strachan Medium Vendor pom developer name Jason van Zyl Medium Vendor pom developer name Jean-Francois Arcand Medium Vendor pom developer name Matt Benson Medium Vendor pom developer name Rahul Akolkar Medium Vendor pom developer name Robert Burrell Donkin Medium Vendor pom developer name Scott Sanders Medium Vendor pom developer name Simon Kitching Medium Vendor pom developer name Simone Tripodi Medium Vendor pom developer name Tim OBrien Medium Vendor pom groupid org.apache.commons Highest Vendor pom name Apache Commons Digester High Vendor pom parent-artifactid commons-parent Low Vendor pom url http://commons.apache.org/digester/ Highest Product file name commons-digester3 High Product jar package name apache Highest Product jar package name commons Highest Product jar package name digester Highest Product jar package name digester3 Highest Product jar package name rules Highest Product Manifest bundle-docurl http://commons.apache.org/digester/ Low Product Manifest Bundle-Name Apache Commons Digester Medium Product Manifest bundle-symbolicname org.apache.commons.digester Medium Product Manifest implementation-build tags/DIGESTER3_3_2_RC2@r1212807; 2011-12-10 15:57:06+0100 Low Product Manifest Implementation-Title Apache Commons Digester High Product Manifest specification-title Apache Commons Digester Medium Product pom artifactid commons-digester3 Highest Product pom developer email craigmcc@apache.org Low Product pom developer email jfarcand@apache.org Low Product pom developer email jstrachan@apache.org Low Product pom developer email jvanzyl@apache.org Low Product pom developer email mbenson AT apache DOT org Low Product pom developer email rahul AT apache DOT org Low Product pom developer email rdonkin@apache.org Low Product pom developer email sanders@totalsync.com Low Product pom developer email simonetripodi AT apache DOT org Low Product pom developer email skitching@apache.org Low Product pom developer email tobrien@apache.org Low Product pom developer id craigmcc Low Product pom developer id jfarcand Low Product pom developer id jstrachan Low Product pom developer id jvanzyl Low Product pom developer id mbenson Low Product pom developer id rahul Low Product pom developer id rdonkin Low Product pom developer id sanders Low Product pom developer id simonetripodi Low Product pom developer id skitching Low Product pom developer id tobrien Low Product pom developer name Craig McClanahan Low Product pom developer name James Strachan Low Product pom developer name Jason van Zyl Low Product pom developer name Jean-Francois Arcand Low Product pom developer name Matt Benson Low Product pom developer name Rahul Akolkar Low Product pom developer name Robert Burrell Donkin Low Product pom developer name Scott Sanders Low Product pom developer name Simon Kitching Low Product pom developer name Simone Tripodi Low Product pom developer name Tim OBrien Low Product pom groupid org.apache.commons Highest Product pom name Apache Commons Digester High Product pom parent-artifactid commons-parent Medium Product pom url http://commons.apache.org/digester/ Medium Version file version 3.2 High Version Manifest Implementation-Version 3.2 High Version pom parent-version 3.2 Low Version pom version 3.2 Highest
commons-lang3-3.17.0.jarDescription:
Apache Commons Lang, a package of Java utility classes for the
classes that are in java.lang's hierarchy, or are considered to be so
standard as to justify existence in java.lang.
The code is tested using the latest revision of the JDK for supported
LTS releases: 8, 11, 17 and 21 currently.
See https://github.com/apache/commons-lang/blob/master/.github/workflows/maven.yml
Please ensure your build environment is up-to-date and kindly report any build issues.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/apache/commons/commons-lang3/3.17.0/commons-lang3-3.17.0.jar
MD5: 7730df72b7fdff4a3a32d89a314f826a
SHA1: b17d2136f0460dcc0d2016ceefca8723bdf4ee70
SHA256: 6ee731df5c8e5a2976a1ca023b6bb320ea8d3539fbe64c8a1d5cb765127c33b4
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
commons-lang3-3.17.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven.reporting/maven-reporting-impl@4.0.0
Evidence Type Source Name Value Confidence Vendor file name commons-lang3 High Vendor jar package name apache Highest Vendor jar package name commons Highest Vendor jar package name lang3 Highest Vendor Manifest automatic-module-name org.apache.commons.lang3 Medium Vendor Manifest build-jdk-spec 17 Low Vendor Manifest bundle-docurl https://commons.apache.org/proper/commons-lang/ Low Vendor Manifest bundle-symbolicname org.apache.commons.lang3 Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest multi-release true Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-lang3 Highest Vendor pom artifactid commons-lang3 Low Vendor pom developer email bayard@apache.org Low Vendor pom developer email britter@apache.org Low Vendor pom developer email chtompki@apache.org Low Vendor pom developer email djones@apache.org Low Vendor pom developer email dlr@finemaltcoding.com Low Vendor pom developer email ggregory at apache.org Low Vendor pom developer email jcarman@apache.org Low Vendor pom developer email joerg.schaible@gmx.de Low Vendor pom developer email lguibert@apache.org Low Vendor pom developer email oheger@apache.org Low Vendor pom developer email pbenedict@apache.org Low Vendor pom developer email rdonkin@apache.org Low Vendor pom developer email scolebourne@joda.org Low Vendor pom developer email stevencaswell@apache.org Low Vendor pom developer id bayard Medium Vendor pom developer id britter Medium Vendor pom developer id chtompki Medium Vendor pom developer id djones Medium Vendor pom developer id dlr Medium Vendor pom developer id fredrik Medium Vendor pom developer id ggregory Medium Vendor pom developer id jcarman Medium Vendor pom developer id joehni Medium Vendor pom developer id lguibert Medium Vendor pom developer id mbenson Medium Vendor pom developer id niallp Medium Vendor pom developer id oheger Medium Vendor pom developer id pbenedict Medium Vendor pom developer id rdonkin Medium Vendor pom developer id scaswell Medium Vendor pom developer id scolebourne Medium Vendor pom developer name Benedikt Ritter Medium Vendor pom developer name Daniel Rall Medium Vendor pom developer name Duncan Jones Medium Vendor pom developer name Fredrik Westermarck Medium Vendor pom developer name Gary Gregory Medium Vendor pom developer name Henri Yandell Medium Vendor pom developer name James Carman Medium Vendor pom developer name Joerg Schaible Medium Vendor pom developer name Loic Guibert Medium Vendor pom developer name Matt Benson Medium Vendor pom developer name Niall Pemberton Medium Vendor pom developer name Oliver Heger Medium Vendor pom developer name Paul Benedict Medium Vendor pom developer name Rob Tompkins Medium Vendor pom developer name Robert Burrell Donkin Medium Vendor pom developer name Stephen Colebourne Medium Vendor pom developer name Steven Caswell Medium Vendor pom developer org Carman Consulting, Inc. Medium Vendor pom developer org CollabNet, Inc. Medium Vendor pom developer org SITA ATS Ltd Medium Vendor pom developer org The Apache Software Foundation Medium Vendor pom developer org URL https://www.apache.org/ Medium Vendor pom groupid org.apache.commons Highest Vendor pom name Apache Commons Lang High Vendor pom parent-artifactid commons-parent Low Vendor pom url https://commons.apache.org/proper/commons-lang/ Highest Product file name commons-lang3 High Product jar package name apache Highest Product jar package name commons Highest Product jar package name lang3 Highest Product Manifest automatic-module-name org.apache.commons.lang3 Medium Product Manifest build-jdk-spec 17 Low Product Manifest bundle-docurl https://commons.apache.org/proper/commons-lang/ Low Product Manifest Bundle-Name Apache Commons Lang Medium Product Manifest bundle-symbolicname org.apache.commons.lang3 Medium Product Manifest Implementation-Title Apache Commons Lang High Product Manifest multi-release true Low Product Manifest specification-title Apache Commons Lang Medium Product pom artifactid commons-lang3 Highest Product pom developer email bayard@apache.org Low Product pom developer email britter@apache.org Low Product pom developer email chtompki@apache.org Low Product pom developer email djones@apache.org Low Product pom developer email dlr@finemaltcoding.com Low Product pom developer email ggregory at apache.org Low Product pom developer email jcarman@apache.org Low Product pom developer email joerg.schaible@gmx.de Low Product pom developer email lguibert@apache.org Low Product pom developer email oheger@apache.org Low Product pom developer email pbenedict@apache.org Low Product pom developer email rdonkin@apache.org Low Product pom developer email scolebourne@joda.org Low Product pom developer email stevencaswell@apache.org Low Product pom developer id bayard Low Product pom developer id britter Low Product pom developer id chtompki Low Product pom developer id djones Low Product pom developer id dlr Low Product pom developer id fredrik Low Product pom developer id ggregory Low Product pom developer id jcarman Low Product pom developer id joehni Low Product pom developer id lguibert Low Product pom developer id mbenson Low Product pom developer id niallp Low Product pom developer id oheger Low Product pom developer id pbenedict Low Product pom developer id rdonkin Low Product pom developer id scaswell Low Product pom developer id scolebourne Low Product pom developer name Benedikt Ritter Low Product pom developer name Daniel Rall Low Product pom developer name Duncan Jones Low Product pom developer name Fredrik Westermarck Low Product pom developer name Gary Gregory Low Product pom developer name Henri Yandell Low Product pom developer name James Carman Low Product pom developer name Joerg Schaible Low Product pom developer name Loic Guibert Low Product pom developer name Matt Benson Low Product pom developer name Niall Pemberton Low Product pom developer name Oliver Heger Low Product pom developer name Paul Benedict Low Product pom developer name Rob Tompkins Low Product pom developer name Robert Burrell Donkin Low Product pom developer name Stephen Colebourne Low Product pom developer name Steven Caswell Low Product pom developer org Carman Consulting, Inc. Low Product pom developer org CollabNet, Inc. Low Product pom developer org SITA ATS Ltd Low Product pom developer org The Apache Software Foundation Low Product pom developer org URL https://www.apache.org/ Low Product pom groupid org.apache.commons Highest Product pom name Apache Commons Lang High Product pom parent-artifactid commons-parent Medium Product pom url https://commons.apache.org/proper/commons-lang/ Medium Version file version 3.17.0 High Version Manifest Bundle-Version 3.17.0 High Version Manifest Implementation-Version 3.17.0 High Version pom parent-version 3.17.0 Low Version pom version 3.17.0 Highest
commons-logging-1.2.jarDescription:
Apache Commons Logging is a thin adapter allowing configurable bridging to other,
well known logging systems. License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/commons-logging/commons-logging/1.2/commons-logging-1.2.jar
MD5: 040b4b4d8eac886f6b4a2a3bd2f31b00
SHA1: 4bfc12adfe4842bf07b657f0369c4cb522955686
SHA256: daddea1ea0be0f56978ab3006b8ac92834afeefbd9b7e4e6316fca57df0fa636
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
commons-logging-1.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/commons-beanutils/commons-beanutils@1.9.4
Evidence Type Source Name Value Confidence Vendor file name commons-logging High Vendor jar package name apache Highest Vendor jar package name commons Highest Vendor jar package name logging Highest Vendor Manifest bundle-docurl http://commons.apache.org/proper/commons-logging/ Low Vendor Manifest bundle-symbolicname org.apache.commons.logging Medium Vendor Manifest implementation-build tags/LOGGING_1_2_RC2@r1608092; 2014-07-05 20:11:44+0200 Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-logging Highest Vendor pom artifactid commons-logging Low Vendor pom developer email baliuka@apache.org Low Vendor pom developer email costin@apache.org Low Vendor pom developer email craigmcc@apache.org Low Vendor pom developer email dennisl@apache.org Low Vendor pom developer email donaldp@apache.org Low Vendor pom developer email morgand@apache.org Low Vendor pom developer email rdonkin@apache.org Low Vendor pom developer email rsitze@apache.org Low Vendor pom developer email rwaldhoff@apache.org Low Vendor pom developer email sanders@apache.org Low Vendor pom developer email skitching@apache.org Low Vendor pom developer email tn@apache.org Low Vendor pom developer id baliuka Medium Vendor pom developer id bstansberry Medium Vendor pom developer id costin Medium Vendor pom developer id craigmcc Medium Vendor pom developer id dennisl Medium Vendor pom developer id donaldp Medium Vendor pom developer id morgand Medium Vendor pom developer id rdonkin Medium Vendor pom developer id rsitze Medium Vendor pom developer id rwaldhoff Medium Vendor pom developer id sanders Medium Vendor pom developer id skitching Medium Vendor pom developer id tn Medium Vendor pom developer name Brian Stansberry Medium Vendor pom developer name Costin Manolache Medium Vendor pom developer name Craig McClanahan Medium Vendor pom developer name Dennis Lundberg Medium Vendor pom developer name Juozas Baliuka Medium Vendor pom developer name Morgan Delagrange Medium Vendor pom developer name Peter Donald Medium Vendor pom developer name Richard Sitze Medium Vendor pom developer name Robert Burrell Donkin Medium Vendor pom developer name Rodney Waldhoff Medium Vendor pom developer name Scott Sanders Medium Vendor pom developer name Simon Kitching Medium Vendor pom developer name Thomas Neidhart Medium Vendor pom developer org Apache Medium Vendor pom developer org The Apache Software Foundation Medium Vendor pom groupid commons-logging Highest Vendor pom name Apache Commons Logging High Vendor pom parent-artifactid commons-parent Low Vendor pom parent-groupid org.apache.commons Medium Vendor pom url http://commons.apache.org/proper/commons-logging/ Highest Product file name commons-logging High Product jar package name apache Highest Product jar package name commons Highest Product jar package name logging Highest Product Manifest bundle-docurl http://commons.apache.org/proper/commons-logging/ Low Product Manifest Bundle-Name Apache Commons Logging Medium Product Manifest bundle-symbolicname org.apache.commons.logging Medium Product Manifest implementation-build tags/LOGGING_1_2_RC2@r1608092; 2014-07-05 20:11:44+0200 Low Product Manifest Implementation-Title Apache Commons Logging High Product Manifest specification-title Apache Commons Logging Medium Product pom artifactid commons-logging Highest Product pom developer email baliuka@apache.org Low Product pom developer email costin@apache.org Low Product pom developer email craigmcc@apache.org Low Product pom developer email dennisl@apache.org Low Product pom developer email donaldp@apache.org Low Product pom developer email morgand@apache.org Low Product pom developer email rdonkin@apache.org Low Product pom developer email rsitze@apache.org Low Product pom developer email rwaldhoff@apache.org Low Product pom developer email sanders@apache.org Low Product pom developer email skitching@apache.org Low Product pom developer email tn@apache.org Low Product pom developer id baliuka Low Product pom developer id bstansberry Low Product pom developer id costin Low Product pom developer id craigmcc Low Product pom developer id dennisl Low Product pom developer id donaldp Low Product pom developer id morgand Low Product pom developer id rdonkin Low Product pom developer id rsitze Low Product pom developer id rwaldhoff Low Product pom developer id sanders Low Product pom developer id skitching Low Product pom developer id tn Low Product pom developer name Brian Stansberry Low Product pom developer name Costin Manolache Low Product pom developer name Craig McClanahan Low Product pom developer name Dennis Lundberg Low Product pom developer name Juozas Baliuka Low Product pom developer name Morgan Delagrange Low Product pom developer name Peter Donald Low Product pom developer name Richard Sitze Low Product pom developer name Robert Burrell Donkin Low Product pom developer name Rodney Waldhoff Low Product pom developer name Scott Sanders Low Product pom developer name Simon Kitching Low Product pom developer name Thomas Neidhart Low Product pom developer org Apache Low Product pom developer org The Apache Software Foundation Low Product pom groupid commons-logging Highest Product pom name Apache Commons Logging High Product pom parent-artifactid commons-parent Medium Product pom parent-groupid org.apache.commons Medium Product pom url http://commons.apache.org/proper/commons-logging/ Medium Version file version 1.2 High Version Manifest Implementation-Version 1.2 High Version pom parent-version 1.2 Low Version pom version 1.2 Highest
commons-text-1.12.0.jarDescription:
Apache Commons Text is a set of utility functions and reusable components for the purpose of processing
and manipulating text that should be of use in a Java environment.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/apache/commons/commons-text/1.12.0/commons-text-1.12.0.jar
MD5: 544add6fbc8d4b100b07c3692d08099e
SHA1: 66aa90dc099701c4d3b14bd256c328f592ccf0d6
SHA256: de023257ff166044a56bd1aa9124e843cd05dac5806cc705a9311f3556d5a15f
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
commons-text-1.12.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven.reporting/maven-reporting-impl@4.0.0
Evidence Type Source Name Value Confidence Vendor file name commons-text High Vendor jar package name apache Highest Vendor jar package name commons Highest Vendor jar package name text Highest Vendor Manifest automatic-module-name org.apache.commons.text Medium Vendor Manifest build-jdk-spec 17 Low Vendor Manifest bundle-docurl https://commons.apache.org/proper/commons-text Low Vendor Manifest bundle-symbolicname org.apache.commons.text Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest multi-release true Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-text Highest Vendor pom artifactid commons-text Low Vendor pom developer email britter@apache.org Low Vendor pom developer email chtompki@apache.org Low Vendor pom developer email djones@apache.org Low Vendor pom developer email ggregory at apache.org Low Vendor pom developer email kinow@apache.org Low Vendor pom developer id britter Medium Vendor pom developer id chtompki Medium Vendor pom developer id djones Medium Vendor pom developer id ggregory Medium Vendor pom developer id kinow Medium Vendor pom developer name Benedikt Ritter Medium Vendor pom developer name Bruno P. Kinoshita Medium Vendor pom developer name Duncan Jones Medium Vendor pom developer name Gary Gregory Medium Vendor pom developer name Rob Tompkins Medium Vendor pom developer org The Apache Software Foundation Medium Vendor pom developer org URL https://www.apache.org/ Medium Vendor pom groupid org.apache.commons Highest Vendor pom name Apache Commons Text High Vendor pom parent-artifactid commons-parent Low Vendor pom url https://commons.apache.org/proper/commons-text Highest Product file name commons-text High Product jar package name apache Highest Product jar package name commons Highest Product jar package name text Highest Product Manifest automatic-module-name org.apache.commons.text Medium Product Manifest build-jdk-spec 17 Low Product Manifest bundle-docurl https://commons.apache.org/proper/commons-text Low Product Manifest Bundle-Name Apache Commons Text Medium Product Manifest bundle-symbolicname org.apache.commons.text Medium Product Manifest Implementation-Title Apache Commons Text High Product Manifest multi-release true Low Product Manifest specification-title Apache Commons Text Medium Product pom artifactid commons-text Highest Product pom developer email britter@apache.org Low Product pom developer email chtompki@apache.org Low Product pom developer email djones@apache.org Low Product pom developer email ggregory at apache.org Low Product pom developer email kinow@apache.org Low Product pom developer id britter Low Product pom developer id chtompki Low Product pom developer id djones Low Product pom developer id ggregory Low Product pom developer id kinow Low Product pom developer name Benedikt Ritter Low Product pom developer name Bruno P. Kinoshita Low Product pom developer name Duncan Jones Low Product pom developer name Gary Gregory Low Product pom developer name Rob Tompkins Low Product pom developer org The Apache Software Foundation Low Product pom developer org URL https://www.apache.org/ Low Product pom groupid org.apache.commons Highest Product pom name Apache Commons Text High Product pom parent-artifactid commons-parent Medium Product pom url https://commons.apache.org/proper/commons-text Medium Version file version 1.12.0 High Version Manifest Bundle-Version 1.12.0 High Version Manifest Implementation-Version 1.12.0 High Version pom parent-version 1.12.0 Low Version pom version 1.12.0 Highest
compiler-0.9.10.jarDescription:
Implementation of mustache.js for Java License:
Apache License 2.0: http://www.apache.org/licenses/LICENSE-2.0 File Path: /home/runner/.m2/repository/com/github/spullara/mustache/java/compiler/0.9.10/compiler-0.9.10.jar
MD5: 5638fc78a17d5063cc4b0d00f6e87491
SHA1: 6111ae24e3be9ecbd75f5fe908583fc14b4f0174
SHA256: 2b5a9217811cb99846a473fa8e0d233eb33629347b7f44941f6c0fbd4cdf1038
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
compiler-0.9.10.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4
Evidence Type Source Name Value Confidence Vendor file name compiler High Vendor jar package name github Highest Vendor jar package name mustache Highest Vendor jar package name mustachejava Highest Vendor Manifest automatic-module-name com.github.mustachejava Medium Vendor pom artifactid compiler Highest Vendor pom artifactid compiler Low Vendor pom developer email sam@sampullara.com Low Vendor pom developer name Sam Pullara Medium Vendor pom groupid com.github.spullara.mustache.java Highest Vendor pom name compiler High Vendor pom parent-artifactid mustache.java Low Vendor pom url http://github.com/spullara/mustache.java Highest Product file name compiler High Product jar package name github Highest Product jar package name mustache Highest Product jar package name mustachejava Highest Product Manifest automatic-module-name com.github.mustachejava Medium Product pom artifactid compiler Highest Product pom developer email sam@sampullara.com Low Product pom developer name Sam Pullara Low Product pom groupid com.github.spullara.mustache.java Highest Product pom name compiler High Product pom parent-artifactid mustache.java Medium Product pom url http://github.com/spullara/mustache.java Medium Version file version 0.9.10 High Version pom version 0.9.10 Highest
derby-10.15.2.0.jarDescription:
Contains the core Apache Derby database engine, which also includes the embedded JDBC driver. File Path: /home/runner/.m2/repository/org/apache/derby/derby/10.15.2.0/derby-10.15.2.0.jarMD5: abff01351b19bc62a188bac08a8bb58bSHA1: b64da6681994f33ba5783ffae55cdb44885b9e70SHA256: 3afe424625f4caea05ff2f9022be2d98634be4d69dee3529697dab6d9fe1142fReferenced In Project/Scope: SchemaSpy Maven Plugin:compilederby-10.15.2.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/nl.geodienstencentrum.maven/schemaspy-maven-plugin@5.3.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name derby High Vendor jar package name apache Highest Vendor jar package name database Highest Vendor jar package name derby Highest Vendor jar package name engine Highest Vendor jar package name jdbc Highest Vendor Manifest bundle-symbolicname derby Medium Vendor pom artifactid derby Highest Vendor pom artifactid derby Low Vendor pom groupid org.apache.derby Highest Vendor pom name Apache Derby Database Engine and Embedded JDBC Driver High Vendor pom parent-artifactid derby-project Low Vendor pom url http://db.apache.org/derby/ Highest Product file name derby High Product jar package name apache Highest Product jar package name database Highest Product jar package name derby Highest Product jar package name engine Highest Product jar package name jdbc Highest Product Manifest Bundle-Name Apache Derby 10.15 Medium Product Manifest bundle-symbolicname derby Medium Product pom artifactid derby Highest Product pom groupid org.apache.derby Highest Product pom name Apache Derby Database Engine and Embedded JDBC Driver High Product pom parent-artifactid derby-project Medium Product pom url http://db.apache.org/derby/ Medium Version file version 10.15.2.0 High Version pom version 10.15.2.0 Highest
CVE-2022-46337 suppress
A cleverly devised username might bypass LDAP authentication checks. In
LDAP-authenticated Derby installations, this could let an attacker fill
up the disk by creating junk Derby databases. In LDAP-authenticated
Derby installations, this could also allow the attacker to execute
malware which was visible to and executable by the account which booted
the Derby server. In LDAP-protected databases which weren't also
protected by SQL GRANT/REVOKE authorization, this vulnerability could
also let an attacker view and corrupt sensitive data and run sensitive
database functions and procedures.
Mitigation:
Users should upgrade to Java 21 and Derby 10.17.1.0.
Alternatively, users who wish to remain on older Java versions should
build their own Derby distribution from one of the release families to
which the fix was backported: 10.16, 10.15, and 10.14. Those are the
releases which correspond, respectively, with Java LTS versions 17, 11,
and 8.
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
derbyshared-10.15.2.0.jarDescription:
The code which is shared across all Derby configurations. File Path: /home/runner/.m2/repository/org/apache/derby/derbyshared/10.15.2.0/derbyshared-10.15.2.0.jarMD5: 2cb9ab8b9cfb06c2da5a1d3825d04344SHA1: ff2dfb3e2a92d593cf111baad242d156947abbc1SHA256: 55365ab97e698080c6ccec65dbf7b8c63e4b4b77ad08f794d11458b1f2ea272cReferenced In Project/Scope: SchemaSpy Maven Plugin:compilederbyshared-10.15.2.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.derby/derby@10.15.2.0
Evidence Type Source Name Value Confidence Vendor file name derbyshared High Vendor jar package name apache Highest Vendor jar package name apache Low Vendor jar package name derby Highest Vendor jar package name derby Low Vendor jar package name shared Highest Vendor jar package name shared Low Vendor pom artifactid derbyshared Highest Vendor pom artifactid derbyshared Low Vendor pom groupid org.apache.derby Highest Vendor pom name Apache Derby Shared Code High Vendor pom parent-artifactid derby-project Low Vendor pom url http://db.apache.org/derby/ Highest Product file name derbyshared High Product jar package name apache Highest Product jar package name common Low Product jar package name derby Highest Product jar package name derby Low Product jar package name shared Highest Product jar package name shared Low Product pom artifactid derbyshared Highest Product pom groupid org.apache.derby Highest Product pom name Apache Derby Shared Code High Product pom parent-artifactid derby-project Medium Product pom url http://db.apache.org/derby/ Medium Version file version 10.15.2.0 High Version pom version 10.15.2.0 Highest
CVE-2022-46337 suppress
A cleverly devised username might bypass LDAP authentication checks. In
LDAP-authenticated Derby installations, this could let an attacker fill
up the disk by creating junk Derby databases. In LDAP-authenticated
Derby installations, this could also allow the attacker to execute
malware which was visible to and executable by the account which booted
the Derby server. In LDAP-protected databases which weren't also
protected by SQL GRANT/REVOKE authorization, this vulnerability could
also let an attacker view and corrupt sensitive data and run sensitive
database functions and procedures.
Mitigation:
Users should upgrade to Java 21 and Derby 10.17.1.0.
Alternatively, users who wish to remain on older Java versions should
build their own Derby distribution from one of the release families to
which the fix was backported: 10.16, 10.15, and 10.14. Those are the
releases which correspond, respectively, with Java LTS versions 17, 11,
and 8.
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
derbytools-10.15.2.0.jarDescription:
Contains Apache Derby tools like ij, sysinfo, and dblook. File Path: /home/runner/.m2/repository/org/apache/derby/derbytools/10.15.2.0/derbytools-10.15.2.0.jarMD5: d41578eeb336b0e479be8f30bfd9ab9bSHA1: d63722381e0e893d797e4d531e219e2917898364SHA256: 45d6dc34af9790f7f8fafb9b15d8525f3b429950fca4b4051e7e4f81f9170cd9Referenced In Project/Scope: SchemaSpy Maven Plugin:compilederbytools-10.15.2.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/nl.geodienstencentrum.maven/schemaspy-maven-plugin@5.3.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name derbytools High Vendor jar package name apache Highest Vendor jar package name apache Low Vendor jar package name dblook Highest Vendor jar package name derby Highest Vendor jar package name derby Low Vendor jar package name ij Highest Vendor jar package name impl Low Vendor jar package name sysinfo Highest Vendor jar package name tools Highest Vendor pom artifactid derbytools Highest Vendor pom artifactid derbytools Low Vendor pom groupid org.apache.derby Highest Vendor pom name Apache Derby Tools High Vendor pom parent-artifactid derby-project Low Vendor pom url http://db.apache.org/derby/ Highest Product file name derbytools High Product jar package name apache Highest Product jar package name dblook Highest Product jar package name derby Highest Product jar package name derby Low Product jar package name ij Highest Product jar package name impl Low Product jar package name sysinfo Highest Product jar package name tools Highest Product jar package name tools Low Product pom artifactid derbytools Highest Product pom groupid org.apache.derby Highest Product pom name Apache Derby Tools High Product pom parent-artifactid derby-project Medium Product pom url http://db.apache.org/derby/ Medium Version file version 10.15.2.0 High Version pom version 10.15.2.0 Highest
CVE-2022-46337 suppress
A cleverly devised username might bypass LDAP authentication checks. In
LDAP-authenticated Derby installations, this could let an attacker fill
up the disk by creating junk Derby databases. In LDAP-authenticated
Derby installations, this could also allow the attacker to execute
malware which was visible to and executable by the account which booted
the Derby server. In LDAP-protected databases which weren't also
protected by SQL GRANT/REVOKE authorization, this vulnerability could
also let an attacker view and corrupt sensitive data and run sensitive
database functions and procedures.
Mitigation:
Users should upgrade to Java 21 and Derby 10.17.1.0.
Alternatively, users who wish to remain on older Java versions should
build their own Derby distribution from one of the release families to
which the fix was backported: 10.16, 10.15, and 10.14. Those are the
releases which correspond, respectively, with Java LTS versions 17, 11,
and 8.
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
doxia-core-2.0.0.jarDescription:
Doxia core classes and interfaces. File Path: /home/runner/.m2/repository/org/apache/maven/doxia/doxia-core/2.0.0/doxia-core-2.0.0.jarMD5: c0fb5fa304380a070a896e79a62b6932SHA1: 6b8dd422ff321fdbf32a0196b85cce3d63cfe68cSHA256: 939183cf5ced6741745b2475a4adf78ca85885ee0dad6dae28dd3f25bd447ff3Referenced In Project/Scope: SchemaSpy Maven Plugin:compiledoxia-core-2.0.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven.reporting/maven-reporting-impl@4.0.0
Evidence Type Source Name Value Confidence Vendor file name doxia-core High Vendor jar package name apache Highest Vendor jar package name doxia Highest Vendor jar package name maven Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid doxia-core Highest Vendor pom artifactid doxia-core Low Vendor pom groupid org.apache.maven.doxia Highest Vendor pom name Doxia :: Core High Vendor pom parent-artifactid doxia Low Product file name doxia-core High Product jar package name apache Highest Product jar package name doxia Highest Product jar package name maven Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest Implementation-Title Doxia :: Core High Product Manifest specification-title Doxia :: Core Medium Product pom artifactid doxia-core Highest Product pom groupid org.apache.maven.doxia Highest Product pom name Doxia :: Core High Product pom parent-artifactid doxia Medium Version file version 2.0.0 High Version Manifest Implementation-Version 2.0.0 High Version pom version 2.0.0 Highest
doxia-integration-tools-2.0.0.jarDescription:
A collection of tools to help the integration of Doxia Sitetools in Maven plugins. File Path: /home/runner/.m2/repository/org/apache/maven/doxia/doxia-integration-tools/2.0.0/doxia-integration-tools-2.0.0.jarMD5: b8e18118b11a20e0ddc66b235989682eSHA1: ce08d289ed826416983860fb2adced6dd7ade550SHA256: 4aee72f9b30b507964c2f52b63f70e7b41fb9d957359cb5dc13c428abb4b6189Referenced In Project/Scope: SchemaSpy Maven Plugin:compiledoxia-integration-tools-2.0.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven.reporting/maven-reporting-impl@4.0.0
Evidence Type Source Name Value Confidence Vendor file name doxia-integration-tools High Vendor jar package name apache Highest Vendor jar package name doxia Highest Vendor jar package name maven Highest Vendor jar package name tools Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid doxia-integration-tools Highest Vendor pom artifactid doxia-integration-tools Low Vendor pom groupid org.apache.maven.doxia Highest Vendor pom name Doxia Sitetools :: Integration Tools High Vendor pom parent-artifactid doxia-sitetools Low Product file name doxia-integration-tools High Product jar package name apache Highest Product jar package name doxia Highest Product jar package name maven Highest Product jar package name tools Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest Implementation-Title Doxia Sitetools :: Integration Tools High Product Manifest specification-title Doxia Sitetools :: Integration Tools Medium Product pom artifactid doxia-integration-tools Highest Product pom groupid org.apache.maven.doxia Highest Product pom name Doxia Sitetools :: Integration Tools High Product pom parent-artifactid doxia-sitetools Medium Version file version 2.0.0 High Version Manifest Implementation-Version 2.0.0 High Version pom version 2.0.0 Highest
doxia-module-apt-2.0.0.jarDescription:
A Doxia module for Almost Plain Text source documents.
APT format is supported both as source and target formats. File Path: /home/runner/.m2/repository/org/apache/maven/doxia/doxia-module-apt/2.0.0/doxia-module-apt-2.0.0.jarMD5: f6613830c1f558b909b32d3e3e271911SHA1: 0505b4e8d57eb3f8c3d66adcca85ce09311742baSHA256: f4a846c448ca85358279184a310f6ee3f46fa39688f74a72961c1bfe222f28a6Referenced In Project/Scope: SchemaSpy Maven Plugin:runtimedoxia-module-apt-2.0.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven.reporting/maven-reporting-impl@4.0.0
Evidence Type Source Name Value Confidence Vendor file name doxia-module-apt High Vendor jar package name apache Highest Vendor jar package name doxia Highest Vendor jar package name maven Highest Vendor jar package name module Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid doxia-module-apt Highest Vendor pom artifactid doxia-module-apt Low Vendor pom groupid org.apache.maven.doxia Highest Vendor pom name Doxia :: APT Module High Vendor pom parent-artifactid doxia-modules Low Product file name doxia-module-apt High Product jar package name apache Highest Product jar package name doxia Highest Product jar package name maven Highest Product jar package name module Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest Implementation-Title Doxia :: APT Module High Product Manifest specification-title Doxia :: APT Module Medium Product pom artifactid doxia-module-apt Highest Product pom groupid org.apache.maven.doxia Highest Product pom name Doxia :: APT Module High Product pom parent-artifactid doxia-modules Medium Version file version 2.0.0 High Version Manifest Implementation-Version 2.0.0 High Version pom version 2.0.0 Highest
doxia-module-xdoc-2.0.0.jarDescription:
A Doxia module for Xdoc source documents.
Xdoc format is supported both as source and target formats. File Path: /home/runner/.m2/repository/org/apache/maven/doxia/doxia-module-xdoc/2.0.0/doxia-module-xdoc-2.0.0.jarMD5: dd12065dc641017da7006cb39f0490e5SHA1: fe3a51c0226cb7cdfdcc97b73681f6ee80fad72cSHA256: 7956aca14f8adbc48bac86b218701dd44cc990063a69edbfca363b105994a474Referenced In Project/Scope: SchemaSpy Maven Plugin:runtimedoxia-module-xdoc-2.0.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven.reporting/maven-reporting-impl@4.0.0
Evidence Type Source Name Value Confidence Vendor file name doxia-module-xdoc High Vendor jar package name apache Highest Vendor jar package name doxia Highest Vendor jar package name maven Highest Vendor jar package name module Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid doxia-module-xdoc Highest Vendor pom artifactid doxia-module-xdoc Low Vendor pom groupid org.apache.maven.doxia Highest Vendor pom name Doxia :: XDoc Module High Vendor pom parent-artifactid doxia-modules Low Product file name doxia-module-xdoc High Product jar package name apache Highest Product jar package name doxia Highest Product jar package name maven Highest Product jar package name module Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest Implementation-Title Doxia :: XDoc Module High Product Manifest specification-title Doxia :: XDoc Module Medium Product pom artifactid doxia-module-xdoc Highest Product pom groupid org.apache.maven.doxia Highest Product pom name Doxia :: XDoc Module High Product pom parent-artifactid doxia-modules Medium Version file version 2.0.0 High Version Manifest Implementation-Version 2.0.0 High Version pom version 2.0.0 Highest
doxia-module-xhtml5-2.0.0.jarDescription:
A Doxia module for Xhtml5 source documents.
Xhtml5 format is supported both as source and target formats. File Path: /home/runner/.m2/repository/org/apache/maven/doxia/doxia-module-xhtml5/2.0.0/doxia-module-xhtml5-2.0.0.jarMD5: 2369dd687d9b13d115157299d09ca7d4SHA1: 15fbcfe42e0a50eb33adbc061c9b4db84ec0470eSHA256: c91557679a0eb9fde3175055628ceb7b8fd5ab6d308340770d236fb06265dc26Referenced In Project/Scope: SchemaSpy Maven Plugin:compiledoxia-module-xhtml5-2.0.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven.reporting/maven-reporting-impl@4.0.0
Evidence Type Source Name Value Confidence Vendor file name doxia-module-xhtml5 High Vendor jar package name apache Highest Vendor jar package name doxia Highest Vendor jar package name maven Highest Vendor jar package name module Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid doxia-module-xhtml5 Highest Vendor pom artifactid doxia-module-xhtml5 Low Vendor pom groupid org.apache.maven.doxia Highest Vendor pom name Doxia :: XHTML5 Module High Vendor pom parent-artifactid doxia-modules Low Product file name doxia-module-xhtml5 High Product jar package name apache Highest Product jar package name doxia Highest Product jar package name maven Highest Product jar package name module Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest Implementation-Title Doxia :: XHTML5 Module High Product Manifest specification-title Doxia :: XHTML5 Module Medium Product pom artifactid doxia-module-xhtml5 Highest Product pom groupid org.apache.maven.doxia Highest Product pom name Doxia :: XHTML5 Module High Product pom parent-artifactid doxia-modules Medium Version file version 2.0.0 High Version Manifest Implementation-Version 2.0.0 High Version pom version 2.0.0 Highest
doxia-sink-api-2.0.0.jarDescription:
Doxia Sink API. File Path: /home/runner/.m2/repository/org/apache/maven/doxia/doxia-sink-api/2.0.0/doxia-sink-api-2.0.0.jarMD5: 0ac989158733a584c6b82e6ab1edc8ecSHA1: d767d78857c1fb3cbd21ae3a7870894476ecb0fcSHA256: fba33eaee3b01547bcd14b05ebc37f7dacef1819ad9ee7a5b27899afd3472cf4Referenced In Project/Scope: SchemaSpy Maven Plugin:compiledoxia-sink-api-2.0.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven.reporting/maven-reporting-impl@4.0.0
Evidence Type Source Name Value Confidence Vendor file name doxia-sink-api High Vendor jar package name apache Highest Vendor jar package name doxia Highest Vendor jar package name maven Highest Vendor jar package name sink Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid doxia-sink-api Highest Vendor pom artifactid doxia-sink-api Low Vendor pom groupid org.apache.maven.doxia Highest Vendor pom name Doxia :: Sink API High Vendor pom parent-artifactid doxia Low Product file name doxia-sink-api High Product jar package name apache Highest Product jar package name doxia Highest Product jar package name maven Highest Product jar package name sink Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest Implementation-Title Doxia :: Sink API High Product Manifest specification-title Doxia :: Sink API Medium Product pom artifactid doxia-sink-api Highest Product pom groupid org.apache.maven.doxia Highest Product pom name Doxia :: Sink API High Product pom parent-artifactid doxia Medium Version file version 2.0.0 High Version Manifest Implementation-Version 2.0.0 High Version pom version 2.0.0 Highest
doxia-site-model-2.0.0.jarDescription:
The Site Model handles the descriptor for sites, also known as site.xml. File Path: /home/runner/.m2/repository/org/apache/maven/doxia/doxia-site-model/2.0.0/doxia-site-model-2.0.0.jarMD5: 4da689094c6e4a2d6457d21ce959ac42SHA1: 6a43c5b58b9acbf789618efdda23d5cb9fb0981fSHA256: f6ec9ef75a41d1b826e5ecf02d92c5de90a6bc70ea93d5340988703223bf2205Referenced In Project/Scope: SchemaSpy Maven Plugin:compiledoxia-site-model-2.0.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven.reporting/maven-reporting-impl@4.0.0
Evidence Type Source Name Value Confidence Vendor file name doxia-site-model High Vendor jar package name apache Highest Vendor jar package name doxia Highest Vendor jar package name maven Highest Vendor jar package name site Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid doxia-site-model Highest Vendor pom artifactid doxia-site-model Low Vendor pom groupid org.apache.maven.doxia Highest Vendor pom name Doxia Sitetools :: Site Model High Vendor pom parent-artifactid doxia-sitetools Low Product file name doxia-site-model High Product jar package name apache Highest Product jar package name doxia Highest Product jar package name maven Highest Product jar package name site Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest Implementation-Title Doxia Sitetools :: Site Model High Product Manifest specification-title Doxia Sitetools :: Site Model Medium Product pom artifactid doxia-site-model Highest Product pom groupid org.apache.maven.doxia Highest Product pom name Doxia Sitetools :: Site Model High Product pom parent-artifactid doxia-sitetools Medium Version file version 2.0.0 High Version Manifest Implementation-Version 2.0.0 High Version pom version 2.0.0 Highest
doxia-site-renderer-2.0.0.jarDescription:
The Site Renderer handles the rendering of sites, merging site model with document content. File Path: /home/runner/.m2/repository/org/apache/maven/doxia/doxia-site-renderer/2.0.0/doxia-site-renderer-2.0.0.jarMD5: 0af057ade4d5bc3b41a06cf1100bbd93SHA1: b68214ec1d3250a4594f598f054977d961e66ac8SHA256: 6cdee370194f4b9f742d12ef46528042f480d9bdf3de832de2792e1ae9ffc68dReferenced In Project/Scope: SchemaSpy Maven Plugin:compiledoxia-site-renderer-2.0.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven.reporting/maven-reporting-impl@4.0.0
Evidence Type Source Name Value Confidence Vendor file name doxia-site-renderer High Vendor jar package name apache Highest Vendor jar package name doxia Highest Vendor jar package name maven Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid doxia-site-renderer Highest Vendor pom artifactid doxia-site-renderer Low Vendor pom groupid org.apache.maven.doxia Highest Vendor pom name Doxia Sitetools :: Site Renderer High Vendor pom parent-artifactid doxia-sitetools Low Product file name doxia-site-renderer High Product jar package name apache Highest Product jar package name doxia Highest Product jar package name maven Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest Implementation-Title Doxia Sitetools :: Site Renderer High Product Manifest specification-title Doxia Sitetools :: Site Renderer Medium Product pom artifactid doxia-site-renderer Highest Product pom groupid org.apache.maven.doxia Highest Product pom name Doxia Sitetools :: Site Renderer High Product pom parent-artifactid doxia-sitetools Medium Version file version 2.0.0 High Version Manifest Implementation-Version 2.0.0 High Version pom version 2.0.0 Highest
doxia-skin-model-2.0.0.jarDescription:
The Skin Model defines metadata for Doxia Sitetools skins. File Path: /home/runner/.m2/repository/org/apache/maven/doxia/doxia-skin-model/2.0.0/doxia-skin-model-2.0.0.jarMD5: 9daee5a484a8a9cb32b2fe6cfea42531SHA1: 86913a4d7f1acbf26d426c97adecb18e21938ebfSHA256: 3ced0d90353f49e8eb1458f54664b93ec117d79b9789a576da41e2f6f99723e0Referenced In Project/Scope: SchemaSpy Maven Plugin:compiledoxia-skin-model-2.0.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven.reporting/maven-reporting-impl@4.0.0
Evidence Type Source Name Value Confidence Vendor file name doxia-skin-model High Vendor jar package name apache Highest Vendor jar package name doxia Highest Vendor jar package name maven Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid doxia-skin-model Highest Vendor pom artifactid doxia-skin-model Low Vendor pom groupid org.apache.maven.doxia Highest Vendor pom name Doxia Sitetools :: Skin Model High Vendor pom parent-artifactid doxia-sitetools Low Product file name doxia-skin-model High Product jar package name apache Highest Product jar package name doxia Highest Product jar package name maven Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest Implementation-Title Doxia Sitetools :: Skin Model High Product Manifest specification-title Doxia Sitetools :: Skin Model Medium Product pom artifactid doxia-skin-model Highest Product pom groupid org.apache.maven.doxia Highest Product pom name Doxia Sitetools :: Skin Model High Product pom parent-artifactid doxia-sitetools Medium Version file version 2.0.0 High Version Manifest Implementation-Version 2.0.0 High Version pom version 2.0.0 Highest
failureaccess-1.0.2.jarDescription:
Contains
com.google.common.util.concurrent.internal.InternalFutureFailureAccess and
InternalFutures. Most users will never need to use this artifact. Its
classes are conceptually a part of Guava, but they're in this separate
artifact so that Android libraries can use them without pulling in all of
Guava (just as they can use ListenableFuture by depending on the
listenablefuture artifact).
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/com/google/guava/failureaccess/1.0.2/failureaccess-1.0.2.jar
MD5: 3f75955b49b6758fd6d1e1bd9bf777b3
SHA1: c4a06a64e650562f30b7bf9aaec1bfed43aca12b
SHA256: 8a8f81cf9b359e3f6dfa691a1e776985c061ef2f223c9b2c80753e1b458e8064
Referenced In Project/Scope: SchemaSpy Maven Plugin:provided
failureaccess-1.0.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven/maven-core@3.9.9
Evidence Type Source Name Value Confidence Vendor file name failureaccess High Vendor jar package name common Highest Vendor jar package name concurrent Highest Vendor jar package name google Highest Vendor jar package name util Highest Vendor Manifest automatic-module-name com.google.common.util.concurrent.internal Medium Vendor Manifest build-jdk-spec 11 Low Vendor Manifest bundle-docurl https://github.com/google/guava/ Low Vendor Manifest bundle-symbolicname com.google.guava.failureaccess Medium Vendor pom artifactid failureaccess Highest Vendor pom artifactid failureaccess Low Vendor pom groupid com.google.guava Highest Vendor pom name Guava InternalFutureFailureAccess and InternalFutures High Vendor pom parent-artifactid guava-parent Low Product file name failureaccess High Product jar package name common Highest Product jar package name concurrent Highest Product jar package name google Highest Product jar package name util Highest Product Manifest automatic-module-name com.google.common.util.concurrent.internal Medium Product Manifest build-jdk-spec 11 Low Product Manifest bundle-docurl https://github.com/google/guava/ Low Product Manifest Bundle-Name Guava InternalFutureFailureAccess and InternalFutures Medium Product Manifest bundle-symbolicname com.google.guava.failureaccess Medium Product pom artifactid failureaccess Highest Product pom groupid com.google.guava Highest Product pom name Guava InternalFutureFailureAccess and InternalFutures High Product pom parent-artifactid guava-parent Medium Version file version 1.0.2 High Version Manifest Bundle-Version 1.0.2 High Version pom parent-version 1.0.2 Low Version pom version 1.0.2 Highest
flexmark-0.34.32.jarDescription:
Core of flexmark-java (implementation of CommonMark for parsing markdown and rendering to HTML) File Path: /home/runner/.m2/repository/com/vladsch/flexmark/flexmark/0.34.32/flexmark-0.34.32.jarMD5: 382b5c90335fad2eb5d28fde5a55a0d4SHA1: c2c2bf0e9c67757eb5996afe0ade71195227253bSHA256: 60fff3390d6836ddcf45be0a0f0e6b4602ce2f26508762851286b3a082648b53Referenced In Project/Scope: SchemaSpy Maven Plugin:compileflexmark-0.34.32.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4
Evidence Type Source Name Value Confidence Vendor file name flexmark High Vendor jar package name flexmark Highest Vendor jar package name flexmark Low Vendor jar package name html Highest Vendor jar package name vladsch Highest Vendor jar package name vladsch Low Vendor pom artifactid flexmark Highest Vendor pom artifactid flexmark Low Vendor pom groupid com.vladsch.flexmark Highest Vendor pom name flexmark-java core High Vendor pom parent-artifactid flexmark-java Low Product file name flexmark High Product jar package name flexmark Highest Product jar package name flexmark Low Product jar package name html Highest Product jar package name vladsch Highest Product pom artifactid flexmark Highest Product pom groupid com.vladsch.flexmark Highest Product pom name flexmark-java core High Product pom parent-artifactid flexmark-java Medium Version file version 0.34.32 High Version pom version 0.34.32 Highest
flexmark-ext-abbreviation-0.34.32.jarDescription:
flexmark-java extension for defining abbreviations and turning appearance of these abbreviations in text into links with titles consisting of the expansion of the abbreviation File Path: /home/runner/.m2/repository/com/vladsch/flexmark/flexmark-ext-abbreviation/0.34.32/flexmark-ext-abbreviation-0.34.32.jarMD5: f663f0f2d098231cfd98a853a822e464SHA1: 785fe944a8f5b5b54b30a4c40735f0f82d53aa25SHA256: 714ed71edd9e5c56ccd6f210b0eb79cf7240923ddf37bfd9ad8d03635f758f5eReferenced In Project/Scope: SchemaSpy Maven Plugin:compileflexmark-ext-abbreviation-0.34.32.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4
Evidence Type Source Name Value Confidence Vendor file name flexmark-ext-abbreviation High Vendor jar package name abbreviation Highest Vendor jar package name ext Highest Vendor jar package name ext Low Vendor jar package name flexmark Highest Vendor jar package name flexmark Low Vendor jar package name vladsch Highest Vendor jar package name vladsch Low Vendor pom artifactid flexmark-ext-abbreviation Highest Vendor pom artifactid flexmark-ext-abbreviation Low Vendor pom groupid com.vladsch.flexmark Highest Vendor pom name flexmark-java extension for abbreviations in text High Vendor pom parent-artifactid flexmark-java Low Product file name flexmark-ext-abbreviation High Product jar package name abbreviation Highest Product jar package name abbreviation Low Product jar package name ext Highest Product jar package name ext Low Product jar package name flexmark Highest Product jar package name flexmark Low Product jar package name vladsch Highest Product pom artifactid flexmark-ext-abbreviation Highest Product pom groupid com.vladsch.flexmark Highest Product pom name flexmark-java extension for abbreviations in text High Product pom parent-artifactid flexmark-java Medium Version file version 0.34.32 High Version pom version 0.34.32 Highest
flexmark-ext-aside-0.34.32.jarDescription:
flexmark-java extension for converting | to aside tags File Path: /home/runner/.m2/repository/com/vladsch/flexmark/flexmark-ext-aside/0.34.32/flexmark-ext-aside-0.34.32.jarMD5: 2a54188164a2b5c0b22c280845a3160fSHA1: 017d27b92514cd5b5c2494e1d2fe2cb3b695058cSHA256: 9bd05330490936009172b2b7bd9395c388839e36ca8bbaefd470b875d46c7e28Referenced In Project/Scope: SchemaSpy Maven Plugin:compileflexmark-ext-aside-0.34.32.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4
Evidence Type Source Name Value Confidence Vendor file name flexmark-ext-aside High Vendor jar package name aside Highest Vendor jar package name ext Highest Vendor jar package name ext Low Vendor jar package name flexmark Highest Vendor jar package name flexmark Low Vendor jar package name vladsch Highest Vendor jar package name vladsch Low Vendor pom artifactid flexmark-ext-aside Highest Vendor pom artifactid flexmark-ext-aside Low Vendor pom groupid com.vladsch.flexmark Highest Vendor pom name flexmark-java extension for converting | to aside tags High Vendor pom parent-artifactid flexmark-java Low Product file name flexmark-ext-aside High Product jar package name aside Highest Product jar package name aside Low Product jar package name ext Highest Product jar package name ext Low Product jar package name flexmark Highest Product jar package name flexmark Low Product jar package name vladsch Highest Product pom artifactid flexmark-ext-aside Highest Product pom groupid com.vladsch.flexmark Highest Product pom name flexmark-java extension for converting | to aside tags High Product pom parent-artifactid flexmark-java Medium Version file version 0.34.32 High Version pom version 0.34.32 Highest
flexmark-ext-autolink-0.34.32.jarDescription:
flexmark-java extension for turning plain URLs and email addresses into links File Path: /home/runner/.m2/repository/com/vladsch/flexmark/flexmark-ext-autolink/0.34.32/flexmark-ext-autolink-0.34.32.jarMD5: 2be49f92ce3fc05f3a80b767a39bb72fSHA1: 6a499f9ebf555ce8545382818103aaaf991af123SHA256: 072e2d8ea66caea1b214becb697271a3337f22fd0a3e6cfff4c7812c98d0a37eReferenced In Project/Scope: SchemaSpy Maven Plugin:compileflexmark-ext-autolink-0.34.32.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4
Evidence Type Source Name Value Confidence Vendor file name flexmark-ext-autolink High Vendor jar package name autolink Highest Vendor jar package name ext Highest Vendor jar package name ext Low Vendor jar package name flexmark Highest Vendor jar package name flexmark Low Vendor jar package name vladsch Highest Vendor jar package name vladsch Low Vendor pom artifactid flexmark-ext-autolink Highest Vendor pom artifactid flexmark-ext-autolink Low Vendor pom groupid com.vladsch.flexmark Highest Vendor pom name flexmark-java extension for autolinking High Vendor pom parent-artifactid flexmark-java Low Product file name flexmark-ext-autolink High Product jar package name autolink Highest Product jar package name autolink Low Product jar package name ext Highest Product jar package name ext Low Product jar package name flexmark Highest Product jar package name flexmark Low Product jar package name vladsch Highest Product pom artifactid flexmark-ext-autolink Highest Product pom groupid com.vladsch.flexmark Highest Product pom name flexmark-java extension for autolinking High Product pom parent-artifactid flexmark-java Medium Version file version 0.34.32 High Version pom version 0.34.32 Highest
flexmark-ext-definition-0.34.32.jarDescription:
flexmark-java extension for definition File Path: /home/runner/.m2/repository/com/vladsch/flexmark/flexmark-ext-definition/0.34.32/flexmark-ext-definition-0.34.32.jarMD5: 06175b13310b36c4a42e9f41fb0a725fSHA1: 1af7506590f76e6a81f78395a7b3ffa41cec8ff5SHA256: 27c05f0736294540a6922cd2369eb5178bab8c427977ebb49c5593754a5e3a72Referenced In Project/Scope: SchemaSpy Maven Plugin:compileflexmark-ext-definition-0.34.32.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4
Evidence Type Source Name Value Confidence Vendor file name flexmark-ext-definition High Vendor jar package name definition Highest Vendor jar package name ext Highest Vendor jar package name ext Low Vendor jar package name flexmark Highest Vendor jar package name flexmark Low Vendor jar package name vladsch Highest Vendor jar package name vladsch Low Vendor pom artifactid flexmark-ext-definition Highest Vendor pom artifactid flexmark-ext-definition Low Vendor pom groupid com.vladsch.flexmark Highest Vendor pom name flexmark-java extension for definition High Vendor pom parent-artifactid flexmark-java Low Product file name flexmark-ext-definition High Product jar package name definition Highest Product jar package name definition Low Product jar package name ext Highest Product jar package name ext Low Product jar package name flexmark Highest Product jar package name flexmark Low Product jar package name vladsch Highest Product pom artifactid flexmark-ext-definition Highest Product pom groupid com.vladsch.flexmark Highest Product pom name flexmark-java extension for definition High Product pom parent-artifactid flexmark-java Medium Version file version 0.34.32 High Version pom version 0.34.32 Highest
flexmark-ext-emoji-0.34.32.jarDescription:
flexmark-java extension for emoji shortcuts using Emoji-Cheat-Sheet.com http://www.emoji-cheat-sheet.com/ File Path: /home/runner/.m2/repository/com/vladsch/flexmark/flexmark-ext-emoji/0.34.32/flexmark-ext-emoji-0.34.32.jarMD5: b76e06cc514d0d3fde84ef695c6fe29fSHA1: acbf86eabcaffeb0a5a90a9ab1933367f57ce2bbSHA256: a9dc9e21e1b96718cfb45efe00e816b06d52a02c9451097f9ba3c17072c21661Referenced In Project/Scope: SchemaSpy Maven Plugin:compileflexmark-ext-emoji-0.34.32.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4
Evidence Type Source Name Value Confidence Vendor file name flexmark-ext-emoji High Vendor jar package name emoji Highest Vendor jar package name ext Highest Vendor jar package name ext Low Vendor jar package name flexmark Highest Vendor jar package name flexmark Low Vendor jar package name vladsch Highest Vendor jar package name vladsch Low Vendor pom artifactid flexmark-ext-emoji Highest Vendor pom artifactid flexmark-ext-emoji Low Vendor pom groupid com.vladsch.flexmark Highest Vendor pom name flexmark-java extension for emoji shortcuts High Vendor pom parent-artifactid flexmark-java Low Product file name flexmark-ext-emoji High Product jar package name emoji Highest Product jar package name emoji Low Product jar package name ext Highest Product jar package name ext Low Product jar package name flexmark Highest Product jar package name flexmark Low Product jar package name vladsch Highest Product pom artifactid flexmark-ext-emoji Highest Product pom groupid com.vladsch.flexmark Highest Product pom name flexmark-java extension for emoji shortcuts High Product pom parent-artifactid flexmark-java Medium Version file version 0.34.32 High Version pom version 0.34.32 Highest
flexmark-ext-escaped-character-0.34.32.jarDescription:
flexmark-java extension for escaped_character File Path: /home/runner/.m2/repository/com/vladsch/flexmark/flexmark-ext-escaped-character/0.34.32/flexmark-ext-escaped-character-0.34.32.jarMD5: e3f75f4076188a21d4b0ccd43ba8425dSHA1: e6d8328b599e9af5c2ddff3a9559dfe3545f9008SHA256: 654fbb2f164aa6ba3ce35cd43ac6bc65801c9a7f36ddb160963a5fb2730d0064Referenced In Project/Scope: SchemaSpy Maven Plugin:compileflexmark-ext-escaped-character-0.34.32.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4
Evidence Type Source Name Value Confidence Vendor file name flexmark-ext-escaped-character High Vendor jar package name escaped Highest Vendor jar package name ext Highest Vendor jar package name ext Low Vendor jar package name flexmark Highest Vendor jar package name flexmark Low Vendor jar package name vladsch Highest Vendor jar package name vladsch Low Vendor pom artifactid flexmark-ext-escaped-character Highest Vendor pom artifactid flexmark-ext-escaped-character Low Vendor pom groupid com.vladsch.flexmark Highest Vendor pom name flexmark-java extension for escaped_character High Vendor pom parent-artifactid flexmark-java Low Product file name flexmark-ext-escaped-character High Product jar package name escaped Highest Product jar package name escaped Low Product jar package name ext Highest Product jar package name ext Low Product jar package name flexmark Highest Product jar package name flexmark Low Product jar package name vladsch Highest Product pom artifactid flexmark-ext-escaped-character Highest Product pom groupid com.vladsch.flexmark Highest Product pom name flexmark-java extension for escaped_character High Product pom parent-artifactid flexmark-java Medium Version file version 0.34.32 High Version pom version 0.34.32 Highest
flexmark-ext-footnotes-0.34.32.jarDescription:
flexmark-java extension for footnote inline elments and footnote definitions File Path: /home/runner/.m2/repository/com/vladsch/flexmark/flexmark-ext-footnotes/0.34.32/flexmark-ext-footnotes-0.34.32.jarMD5: 79bb8079973223f14f06231fd9623bf6SHA1: b4e1426e8658312dc2f61df1d64f8abc40fe385fSHA256: f4d92a042d3f64cb94deb7fe8dc52b5dab9a6efea01cf54b844cb0ea77a91992Referenced In Project/Scope: SchemaSpy Maven Plugin:compileflexmark-ext-footnotes-0.34.32.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4
Evidence Type Source Name Value Confidence Vendor file name flexmark-ext-footnotes High Vendor jar package name ext Highest Vendor jar package name ext Low Vendor jar package name flexmark Highest Vendor jar package name flexmark Low Vendor jar package name footnotes Highest Vendor jar package name vladsch Highest Vendor jar package name vladsch Low Vendor pom artifactid flexmark-ext-footnotes Highest Vendor pom artifactid flexmark-ext-footnotes Low Vendor pom groupid com.vladsch.flexmark Highest Vendor pom name flexmark-java extension for footnotes High Vendor pom parent-artifactid flexmark-java Low Product file name flexmark-ext-footnotes High Product jar package name ext Highest Product jar package name ext Low Product jar package name flexmark Highest Product jar package name flexmark Low Product jar package name footnotes Highest Product jar package name footnotes Low Product jar package name vladsch Highest Product pom artifactid flexmark-ext-footnotes Highest Product pom groupid com.vladsch.flexmark Highest Product pom name flexmark-java extension for footnotes High Product pom parent-artifactid flexmark-java Medium Version file version 0.34.32 High Version pom version 0.34.32 Highest
flexmark-ext-gfm-strikethrough-0.34.32.jarDescription:
flexmark-java extension for GFM strikethrough using ~~ (GitHub Flavored Markdown) File Path: /home/runner/.m2/repository/com/vladsch/flexmark/flexmark-ext-gfm-strikethrough/0.34.32/flexmark-ext-gfm-strikethrough-0.34.32.jarMD5: a5a9e5ebfb9a1f58873d9ecd27dd348dSHA1: acc88a9aabb0ac71d6d63c7bcccb2b082ba38b73SHA256: 2678273cae59d949007172fd439157f8c5f2b777f856587ad305c2bf3a55113dReferenced In Project/Scope: SchemaSpy Maven Plugin:compileflexmark-ext-gfm-strikethrough-0.34.32.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4
Evidence Type Source Name Value Confidence Vendor file name flexmark-ext-gfm-strikethrough High Vendor jar package name ext Highest Vendor jar package name ext Low Vendor jar package name flexmark Highest Vendor jar package name flexmark Low Vendor jar package name gfm Highest Vendor jar package name vladsch Highest Vendor jar package name vladsch Low Vendor pom artifactid flexmark-ext-gfm-strikethrough Highest Vendor pom artifactid flexmark-ext-gfm-strikethrough Low Vendor pom groupid com.vladsch.flexmark Highest Vendor pom name flexmark-java extension for strikethrough High Vendor pom parent-artifactid flexmark-java Low Product file name flexmark-ext-gfm-strikethrough High Product jar package name ext Highest Product jar package name ext Low Product jar package name flexmark Highest Product jar package name flexmark Low Product jar package name gfm Highest Product jar package name gfm Low Product jar package name vladsch Highest Product pom artifactid flexmark-ext-gfm-strikethrough Highest Product pom groupid com.vladsch.flexmark Highest Product pom name flexmark-java extension for strikethrough High Product pom parent-artifactid flexmark-java Medium Version file version 0.34.32 High Version pom version 0.34.32 Highest
flexmark-ext-gfm-tasklist-0.34.32.jarDescription:
flexmark-java extension to convert bullet list items that start with [ ] to a TaskListItem node File Path: /home/runner/.m2/repository/com/vladsch/flexmark/flexmark-ext-gfm-tasklist/0.34.32/flexmark-ext-gfm-tasklist-0.34.32.jarMD5: 6b0c5a675ca4154683a20da590e68188SHA1: ea598ab99f7c961370f7119897a0b8efc2275566SHA256: 0fb4e680ab4ed40d67ac3399dc0ad2d95cbe902036abee994995eda53ce08fdcReferenced In Project/Scope: SchemaSpy Maven Plugin:compileflexmark-ext-gfm-tasklist-0.34.32.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4
Evidence Type Source Name Value Confidence Vendor file name flexmark-ext-gfm-tasklist High Vendor jar package name ext Highest Vendor jar package name ext Low Vendor jar package name flexmark Highest Vendor jar package name flexmark Low Vendor jar package name gfm Highest Vendor jar package name vladsch Highest Vendor jar package name vladsch Low Vendor pom artifactid flexmark-ext-gfm-tasklist Highest Vendor pom artifactid flexmark-ext-gfm-tasklist Low Vendor pom groupid com.vladsch.flexmark Highest Vendor pom name flexmark-java extension for generating GitHub style task list items High Vendor pom parent-artifactid flexmark-java Low Product file name flexmark-ext-gfm-tasklist High Product jar package name ext Highest Product jar package name ext Low Product jar package name flexmark Highest Product jar package name flexmark Low Product jar package name gfm Highest Product jar package name gfm Low Product jar package name vladsch Highest Product pom artifactid flexmark-ext-gfm-tasklist Highest Product pom groupid com.vladsch.flexmark Highest Product pom name flexmark-java extension for generating GitHub style task list items High Product pom parent-artifactid flexmark-java Medium Version file version 0.34.32 High Version pom version 0.34.32 Highest
flexmark-ext-ins-0.34.32.jarDescription:
flexmark-java extension for ins File Path: /home/runner/.m2/repository/com/vladsch/flexmark/flexmark-ext-ins/0.34.32/flexmark-ext-ins-0.34.32.jarMD5: 6de13c82fedd06bde84a659a7f97d318SHA1: 198876100bb1561e2bebb67bdfb05053aac92252SHA256: 8db30a0569f722fd33671df895bd465d36aad56782f8fb132fe41bef138fc8acReferenced In Project/Scope: SchemaSpy Maven Plugin:compileflexmark-ext-ins-0.34.32.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4
Evidence Type Source Name Value Confidence Vendor file name flexmark-ext-ins High Vendor jar package name ext Highest Vendor jar package name ext Low Vendor jar package name flexmark Highest Vendor jar package name flexmark Low Vendor jar package name ins Highest Vendor jar package name vladsch Highest Vendor jar package name vladsch Low Vendor pom artifactid flexmark-ext-ins Highest Vendor pom artifactid flexmark-ext-ins Low Vendor pom groupid com.vladsch.flexmark Highest Vendor pom name flexmark-java extension for ins High Vendor pom parent-artifactid flexmark-java Low Product file name flexmark-ext-ins High Product jar package name ext Highest Product jar package name ext Low Product jar package name flexmark Highest Product jar package name flexmark Low Product jar package name ins Highest Product jar package name ins Low Product jar package name vladsch Highest Product pom artifactid flexmark-ext-ins Highest Product pom groupid com.vladsch.flexmark Highest Product pom name flexmark-java extension for ins High Product pom parent-artifactid flexmark-java Medium Version file version 0.34.32 High Version pom version 0.34.32 Highest
flexmark-ext-jekyll-front-matter-0.34.32.jarDescription:
flexmark-java extension for jekyll_front_matter File Path: /home/runner/.m2/repository/com/vladsch/flexmark/flexmark-ext-jekyll-front-matter/0.34.32/flexmark-ext-jekyll-front-matter-0.34.32.jarMD5: d75e222b62c266ebf19b1481cf0c6f08SHA1: 3ba2481406202ffb2a3dd1ef888a0be7e6050b8cSHA256: 4fc8404e83cf4d23ea3850dd607553db56141f4dc787dd5ecbcf7c8151e63e14Referenced In Project/Scope: SchemaSpy Maven Plugin:compileflexmark-ext-jekyll-front-matter-0.34.32.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4
Evidence Type Source Name Value Confidence Vendor file name flexmark-ext-jekyll-front-matter High Vendor jar package name ext Highest Vendor jar package name ext Low Vendor jar package name flexmark Highest Vendor jar package name flexmark Low Vendor jar package name jekyll Highest Vendor jar package name vladsch Highest Vendor jar package name vladsch Low Vendor pom artifactid flexmark-ext-jekyll-front-matter Highest Vendor pom artifactid flexmark-ext-jekyll-front-matter Low Vendor pom groupid com.vladsch.flexmark Highest Vendor pom name flexmark-java extension for jekyll_front_matter High Vendor pom parent-artifactid flexmark-java Low Product file name flexmark-ext-jekyll-front-matter High Product jar package name ext Highest Product jar package name ext Low Product jar package name flexmark Highest Product jar package name flexmark Low Product jar package name jekyll Highest Product jar package name jekyll Low Product jar package name vladsch Highest Product pom artifactid flexmark-ext-jekyll-front-matter Highest Product pom groupid com.vladsch.flexmark Highest Product pom name flexmark-java extension for jekyll_front_matter High Product pom parent-artifactid flexmark-java Medium Version file version 0.34.32 High Version pom version 0.34.32 Highest
flexmark-ext-superscript-0.34.32.jarDescription:
flexmark-java extension for superscript File Path: /home/runner/.m2/repository/com/vladsch/flexmark/flexmark-ext-superscript/0.34.32/flexmark-ext-superscript-0.34.32.jarMD5: 32e7f7e13440b5a9d087845fba2b9fcbSHA1: 2f9413cedcc339dd20328249cce6fcee63161a57SHA256: 538175c28416be2b150ce63986d5594df42d7f069592733fb94c81f08fe2f127Referenced In Project/Scope: SchemaSpy Maven Plugin:compileflexmark-ext-superscript-0.34.32.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4
Evidence Type Source Name Value Confidence Vendor file name flexmark-ext-superscript High Vendor jar package name flexmark Highest Vendor jar package name flexmark Low Vendor jar package name superscript Highest Vendor jar package name superscript Low Vendor jar package name vladsch Highest Vendor jar package name vladsch Low Vendor pom artifactid flexmark-ext-superscript Highest Vendor pom artifactid flexmark-ext-superscript Low Vendor pom groupid com.vladsch.flexmark Highest Vendor pom name flexmark-java extension for superscript High Vendor pom parent-artifactid flexmark-java Low Product file name flexmark-ext-superscript High Product jar package name flexmark Highest Product jar package name flexmark Low Product jar package name internal Low Product jar package name superscript Highest Product jar package name superscript Low Product jar package name vladsch Highest Product pom artifactid flexmark-ext-superscript Highest Product pom groupid com.vladsch.flexmark Highest Product pom name flexmark-java extension for superscript High Product pom parent-artifactid flexmark-java Medium Version file version 0.34.32 High Version pom version 0.34.32 Highest
flexmark-ext-tables-0.34.32.jarDescription:
flexmark-java extension for tables using "|" pipes with optional column spans and table caption File Path: /home/runner/.m2/repository/com/vladsch/flexmark/flexmark-ext-tables/0.34.32/flexmark-ext-tables-0.34.32.jarMD5: 0475a524aaca5cf09e242aa968034041SHA1: 550d1891263034068014daa137c38b6b5854aafbSHA256: 662e9e726abe00c7e68b1d7e9f65a5a2e7fa77f7a32ef7e109783a7cbb2304cdReferenced In Project/Scope: SchemaSpy Maven Plugin:compileflexmark-ext-tables-0.34.32.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4
Evidence Type Source Name Value Confidence Vendor file name flexmark-ext-tables High Vendor jar package name ext Highest Vendor jar package name ext Low Vendor jar package name flexmark Highest Vendor jar package name flexmark Low Vendor jar package name tables Highest Vendor jar package name vladsch Highest Vendor jar package name vladsch Low Vendor pom artifactid flexmark-ext-tables Highest Vendor pom artifactid flexmark-ext-tables Low Vendor pom groupid com.vladsch.flexmark Highest Vendor pom name flexmark-java extension for tables High Vendor pom parent-artifactid flexmark-java Low Product file name flexmark-ext-tables High Product jar package name ext Highest Product jar package name ext Low Product jar package name flexmark Highest Product jar package name flexmark Low Product jar package name tables Highest Product jar package name tables Low Product jar package name vladsch Highest Product pom artifactid flexmark-ext-tables Highest Product pom groupid com.vladsch.flexmark Highest Product pom name flexmark-java extension for tables High Product pom parent-artifactid flexmark-java Medium Version file version 0.34.32 High Version pom version 0.34.32 Highest
flexmark-ext-toc-0.34.32.jarDescription:
flexmark-java extension for toc File Path: /home/runner/.m2/repository/com/vladsch/flexmark/flexmark-ext-toc/0.34.32/flexmark-ext-toc-0.34.32.jarMD5: 5d5bed0edcf1c3c7d80520a47b1cf8acSHA1: f01a984c6c8c37015079c012e700417d182b0d5fSHA256: 6a3b44c952b76165196babc54a3ad85bc454d051b3331498348cf32810382772Referenced In Project/Scope: SchemaSpy Maven Plugin:compileflexmark-ext-toc-0.34.32.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4
Evidence Type Source Name Value Confidence Vendor file name flexmark-ext-toc High Vendor jar package name ext Highest Vendor jar package name ext Low Vendor jar package name flexmark Highest Vendor jar package name flexmark Low Vendor jar package name toc Highest Vendor jar package name vladsch Highest Vendor jar package name vladsch Low Vendor pom artifactid flexmark-ext-toc Highest Vendor pom artifactid flexmark-ext-toc Low Vendor pom groupid com.vladsch.flexmark Highest Vendor pom name flexmark-java extension for toc High Vendor pom parent-artifactid flexmark-java Low Product file name flexmark-ext-toc High Product jar package name ext Highest Product jar package name ext Low Product jar package name flexmark Highest Product jar package name flexmark Low Product jar package name toc Highest Product jar package name toc Low Product jar package name vladsch Highest Product pom artifactid flexmark-ext-toc Highest Product pom groupid com.vladsch.flexmark Highest Product pom name flexmark-java extension for toc High Product pom parent-artifactid flexmark-java Medium Version file version 0.34.32 High Version pom version 0.34.32 Highest
flexmark-ext-typographic-0.34.32.jarDescription:
flexmark-java extension for typographic File Path: /home/runner/.m2/repository/com/vladsch/flexmark/flexmark-ext-typographic/0.34.32/flexmark-ext-typographic-0.34.32.jarMD5: 493f416bb0399faa70c9ef4565425fbcSHA1: 0c8c5babe652bc1e87999ea07ef54818ae12c0d3SHA256: 6d5d09963cf211b9013ddf7cced1658edea3d6484e99af4dfd903ca239e2f2aaReferenced In Project/Scope: SchemaSpy Maven Plugin:compileflexmark-ext-typographic-0.34.32.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4
Evidence Type Source Name Value Confidence Vendor file name flexmark-ext-typographic High Vendor jar package name ext Highest Vendor jar package name ext Low Vendor jar package name flexmark Highest Vendor jar package name flexmark Low Vendor jar package name typographic Highest Vendor jar package name vladsch Highest Vendor jar package name vladsch Low Vendor pom artifactid flexmark-ext-typographic Highest Vendor pom artifactid flexmark-ext-typographic Low Vendor pom groupid com.vladsch.flexmark Highest Vendor pom name flexmark-java extension for typographic High Vendor pom parent-artifactid flexmark-java Low Product file name flexmark-ext-typographic High Product jar package name ext Highest Product jar package name ext Low Product jar package name flexmark Highest Product jar package name flexmark Low Product jar package name typographic Highest Product jar package name typographic Low Product jar package name vladsch Highest Product pom artifactid flexmark-ext-typographic Highest Product pom groupid com.vladsch.flexmark Highest Product pom name flexmark-java extension for typographic High Product pom parent-artifactid flexmark-java Medium Version file version 0.34.32 High Version pom version 0.34.32 Highest
flexmark-ext-wikilink-0.34.32.jarDescription:
flexmark-java extension parsing and rendering wiki links File Path: /home/runner/.m2/repository/com/vladsch/flexmark/flexmark-ext-wikilink/0.34.32/flexmark-ext-wikilink-0.34.32.jarMD5: 6ff6ff0e5c7dd48d4d35328428878538SHA1: 7e40b4e8bf1d409e593b8b69604a504835303df2SHA256: 865745f068c7ff1a5e363b893651330b1336282c6664a7b635634263a4ed7898Referenced In Project/Scope: SchemaSpy Maven Plugin:compileflexmark-ext-wikilink-0.34.32.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4
Evidence Type Source Name Value Confidence Vendor file name flexmark-ext-wikilink High Vendor jar package name ext Highest Vendor jar package name ext Low Vendor jar package name flexmark Highest Vendor jar package name flexmark Low Vendor jar package name vladsch Highest Vendor jar package name vladsch Low Vendor jar package name wikilink Highest Vendor pom artifactid flexmark-ext-wikilink Highest Vendor pom artifactid flexmark-ext-wikilink Low Vendor pom groupid com.vladsch.flexmark Highest Vendor pom name flexmark-java extension for wiki links High Vendor pom parent-artifactid flexmark-java Low Product file name flexmark-ext-wikilink High Product jar package name ext Highest Product jar package name ext Low Product jar package name flexmark Highest Product jar package name flexmark Low Product jar package name vladsch Highest Product jar package name wikilink Highest Product jar package name wikilink Low Product pom artifactid flexmark-ext-wikilink Highest Product pom groupid com.vladsch.flexmark Highest Product pom name flexmark-java extension for wiki links High Product pom parent-artifactid flexmark-java Medium Version file version 0.34.32 High Version pom version 0.34.32 Highest
Related Dependencies flexmark-ext-anchorlink-0.34.32.jarFile Path: /home/runner/.m2/repository/com/vladsch/flexmark/flexmark-ext-anchorlink/0.34.32/flexmark-ext-anchorlink-0.34.32.jar MD5: 8800d19e6aa03baa71a0819929eac083 SHA1: 5669524515300de0318b3b29eaff488a6f629515 SHA256: 72eb1a3992e452d25abf9b8b19998432c3f59c490ebc99042c6b084a821f1d24 pkg:maven/com.vladsch.flexmark/flexmark-ext-anchorlink@0.34.32 flexmark-ext-yaml-front-matter-0.34.32.jarDescription:
flexmark-java extension for YAML front matter File Path: /home/runner/.m2/repository/com/vladsch/flexmark/flexmark-ext-yaml-front-matter/0.34.32/flexmark-ext-yaml-front-matter-0.34.32.jarMD5: 3de9fc9e100d6f4e6b2644b79a8db5e4SHA1: 0509b24c760f37699d155e63443138977f519373SHA256: 7cdb249e1906b89d84399d6de54c7afe7f4715d6ad2c30ec60f5f756d7b9e475Referenced In Project/Scope: SchemaSpy Maven Plugin:compileflexmark-ext-yaml-front-matter-0.34.32.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4
Evidence Type Source Name Value Confidence Vendor file name flexmark-ext-yaml-front-matter High Vendor jar package name ext Highest Vendor jar package name ext Low Vendor jar package name flexmark Highest Vendor jar package name flexmark Low Vendor jar package name vladsch Highest Vendor jar package name vladsch Low Vendor jar package name yaml Highest Vendor pom artifactid flexmark-ext-yaml-front-matter Highest Vendor pom artifactid flexmark-ext-yaml-front-matter Low Vendor pom groupid com.vladsch.flexmark Highest Vendor pom name flexmark-java extension for YAML front matter High Vendor pom parent-artifactid flexmark-java Low Product file name flexmark-ext-yaml-front-matter High Product jar package name ext Highest Product jar package name ext Low Product jar package name flexmark Highest Product jar package name flexmark Low Product jar package name vladsch Highest Product jar package name yaml Highest Product jar package name yaml Low Product pom artifactid flexmark-ext-yaml-front-matter Highest Product pom groupid com.vladsch.flexmark Highest Product pom name flexmark-java extension for YAML front matter High Product pom parent-artifactid flexmark-java Medium Version file version 0.34.32 High Version pom version 0.34.32 Highest
flexmark-formatter-0.34.32.jarDescription:
flexmark-java extension for formatter File Path: /home/runner/.m2/repository/com/vladsch/flexmark/flexmark-formatter/0.34.32/flexmark-formatter-0.34.32.jarMD5: bae1cc2191f3bd80d09d5cfcb432a68dSHA1: 5d35d76873bce4f5707c2df5c6be47ca42f59901SHA256: 6d8e8b4bf0e34c993a4727873e5eab86015a3121dc7bf169d97d71d45c9dd78eReferenced In Project/Scope: SchemaSpy Maven Plugin:compileflexmark-formatter-0.34.32.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4
Evidence Type Source Name Value Confidence Vendor file name flexmark-formatter High Vendor jar package name flexmark Highest Vendor jar package name flexmark Low Vendor jar package name formatter Highest Vendor jar package name formatter Low Vendor jar package name vladsch Highest Vendor jar package name vladsch Low Vendor pom artifactid flexmark-formatter Highest Vendor pom artifactid flexmark-formatter Low Vendor pom groupid com.vladsch.flexmark Highest Vendor pom name flexmark-java extension for formatter High Vendor pom parent-artifactid flexmark-java Low Product file name flexmark-formatter High Product jar package name flexmark Highest Product jar package name flexmark Low Product jar package name formatter Highest Product jar package name formatter Low Product jar package name internal Low Product jar package name vladsch Highest Product pom artifactid flexmark-formatter Highest Product pom groupid com.vladsch.flexmark Highest Product pom name flexmark-java extension for formatter High Product pom parent-artifactid flexmark-java Medium Version file version 0.34.32 High Version pom version 0.34.32 Highest
flexmark-jira-converter-0.34.32.jarDescription:
flexmark-java extension for jira_converter File Path: /home/runner/.m2/repository/com/vladsch/flexmark/flexmark-jira-converter/0.34.32/flexmark-jira-converter-0.34.32.jarMD5: 676e66b37015c3a02a249dbdb3d6666aSHA1: 75ca8726c7a24efa1bfa74e5fe879cd929ec0cfeSHA256: a6a33938ff6dfe5be0f2c5ba630a84b47e9f36334c5e415bb9069366ad96e2e3Referenced In Project/Scope: SchemaSpy Maven Plugin:compileflexmark-jira-converter-0.34.32.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4
Evidence Type Source Name Value Confidence Vendor file name flexmark-jira-converter High Vendor jar package name converter Highest Vendor jar package name flexmark Highest Vendor jar package name flexmark Low Vendor jar package name jira Highest Vendor jar package name jira Low Vendor jar package name vladsch Highest Vendor jar package name vladsch Low Vendor pom artifactid flexmark-jira-converter Highest Vendor pom artifactid flexmark-jira-converter Low Vendor pom groupid com.vladsch.flexmark Highest Vendor pom name flexmark-java extension for jira_converter High Vendor pom parent-artifactid flexmark-java Low Product file name flexmark-jira-converter High Product jar package name converter Highest Product jar package name converter Low Product jar package name flexmark Highest Product jar package name flexmark Low Product jar package name jira Highest Product jar package name jira Low Product jar package name vladsch Highest Product pom artifactid flexmark-jira-converter Highest Product pom groupid com.vladsch.flexmark Highest Product pom name flexmark-java extension for jira_converter High Product pom parent-artifactid flexmark-java Medium Version file version 0.34.32 High Version pom version 0.34.32 Highest
flexmark-profile-pegdown-0.34.32.jarDescription:
flexmark-java extension for setting flexmark options by using pegdown extension flags File Path: /home/runner/.m2/repository/com/vladsch/flexmark/flexmark-profile-pegdown/0.34.32/flexmark-profile-pegdown-0.34.32.jarMD5: a7808bb410e1ae87e66b42c3825888abSHA1: 30226a940419942e37a88b0a4c79a676ca78f788SHA256: e62eaf00d9249aeb921eea709c492f5ffd085e75a15f2ca2a3944165351dd834Referenced In Project/Scope: SchemaSpy Maven Plugin:compileflexmark-profile-pegdown-0.34.32.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4
Evidence Type Source Name Value Confidence Vendor file name flexmark-profile-pegdown High Vendor jar package name flexmark Highest Vendor jar package name flexmark Low Vendor jar package name pegdown Highest Vendor jar package name profiles Low Vendor jar package name vladsch Highest Vendor jar package name vladsch Low Vendor pom artifactid flexmark-profile-pegdown Highest Vendor pom artifactid flexmark-profile-pegdown Low Vendor pom groupid com.vladsch.flexmark Highest Vendor pom name flexmark-java pegdown profile High Vendor pom parent-artifactid flexmark-java Low Product file name flexmark-profile-pegdown High Product jar package name flexmark Highest Product jar package name flexmark Low Product jar package name pegdown Highest Product jar package name pegdown Low Product jar package name profiles Low Product jar package name vladsch Highest Product pom artifactid flexmark-profile-pegdown Highest Product pom groupid com.vladsch.flexmark Highest Product pom name flexmark-java pegdown profile High Product pom parent-artifactid flexmark-java Medium Version file version 0.34.32 High Version pom version 0.34.32 Highest
flexmark-util-0.34.32.jarDescription:
flexmark-java utility classes File Path: /home/runner/.m2/repository/com/vladsch/flexmark/flexmark-util/0.34.32/flexmark-util-0.34.32.jarMD5: 240493638f5833ff8563a0b8b0ecd37fSHA1: a06050bd9933ac68bc1f266d47c16e772675fea9SHA256: 2ee09f5826e303f37b2b88e3ae5bb7dcc70935ed1736c3a986e8bb8786f8f89cReferenced In Project/Scope: SchemaSpy Maven Plugin:compileflexmark-util-0.34.32.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4
Evidence Type Source Name Value Confidence Vendor file name flexmark-util High Vendor jar package name flexmark Highest Vendor jar package name flexmark Low Vendor jar package name util Highest Vendor jar package name util Low Vendor jar package name vladsch Highest Vendor jar package name vladsch Low Vendor pom artifactid flexmark-util Highest Vendor pom artifactid flexmark-util Low Vendor pom groupid com.vladsch.flexmark Highest Vendor pom name flexmark-java utilities High Vendor pom parent-artifactid flexmark-java Low Product file name flexmark-util High Product jar package name flexmark Highest Product jar package name flexmark Low Product jar package name util Highest Product jar package name util Low Product jar package name vladsch Highest Product pom artifactid flexmark-util Highest Product pom groupid com.vladsch.flexmark Highest Product pom name flexmark-java utilities High Product pom parent-artifactid flexmark-java Medium Version file version 0.34.32 High Version pom version 0.34.32 Highest
guava-33.2.1-jre.jarDescription:
Guava is a suite of core and expanded libraries that include
utility classes, Google's collections, I/O classes, and
much more.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/com/google/guava/guava/33.2.1-jre/guava-33.2.1-jre.jar
MD5: 872309e5982530bdc7e68096c0d53cd2
SHA1: 818e780da2c66c63bbb6480fef1f3855eeafa3e4
SHA256: 452b2d9787b7d366fa8cf5ed9a1c40404542d05effa7a598da03bbbbb76d9f31
Referenced In Project/Scope: SchemaSpy Maven Plugin:provided
guava-33.2.1-jre.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven/maven-core@3.9.9
Evidence Type Source Name Value Confidence Vendor file name guava High Vendor jar package name common Highest Vendor jar package name google Highest Vendor Manifest automatic-module-name com.google.common Medium Vendor Manifest build-jdk-spec 11 Low Vendor Manifest bundle-docurl https://github.com/google/guava/ Low Vendor Manifest bundle-symbolicname com.google.guava Medium Vendor pom artifactid guava Highest Vendor pom artifactid guava Low Vendor pom groupid com.google.guava Highest Vendor pom name Guava: Google Core Libraries for Java High Vendor pom parent-artifactid guava-parent Low Vendor pom url google/guava Highest Product file name guava High Product jar package name common Highest Product jar package name google Highest Product Manifest automatic-module-name com.google.common Medium Product Manifest build-jdk-spec 11 Low Product Manifest bundle-docurl https://github.com/google/guava/ Low Product Manifest Bundle-Name Guava: Google Core Libraries for Java Medium Product Manifest bundle-symbolicname com.google.guava Medium Product pom artifactid guava Highest Product pom groupid com.google.guava Highest Product pom name Guava: Google Core Libraries for Java High Product pom parent-artifactid guava-parent Medium Product pom url google/guava High Version pom version 33.2.1-jre Highest
guice-5.1.0.jarDescription:
Guice is a lightweight dependency injection framework for Java 6 and above License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/com/google/inject/guice/5.1.0/guice-5.1.0.jar
MD5: 2560169296aa94492af34af2115e9511
SHA1: da25056c694c54ba16e78e4fc35f17fc60f0d1b4
SHA256: 4130e50bfac48099c860f0d903b91860c81a249c90f38245f8fed58fc817bc26
Referenced In Project/Scope: SchemaSpy Maven Plugin:provided
guice-5.1.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven/maven-core@3.9.9
Evidence Type Source Name Value Confidence Vendor file name guice High Vendor jar package name google Highest Vendor jar package name guice Highest Vendor jar package name inject Highest Vendor Manifest automatic-module-name com.google.guice Medium Vendor Manifest bundle-copyright Copyright (C) 2006 Google Inc. Low Vendor Manifest bundle-docurl https://github.com/google/guice Low Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.6 Low Vendor Manifest bundle-symbolicname com.google.inject Medium Vendor Manifest eclipse-extensibleapi true Low Vendor pom artifactid guice Highest Vendor pom artifactid guice Low Vendor pom groupid com.google.inject Highest Vendor pom name Google Guice - Core Library High Vendor pom parent-artifactid guice-parent Low Product file name guice High Product jar package name dependency Highest Product jar package name google Highest Product jar package name guice Highest Product jar package name inject Highest Product Manifest automatic-module-name com.google.guice Medium Product Manifest bundle-copyright Copyright (C) 2006 Google Inc. Low Product Manifest bundle-docurl https://github.com/google/guice Low Product Manifest Bundle-Name guice Medium Product Manifest bundle-requiredexecutionenvironment JavaSE-1.6 Low Product Manifest bundle-symbolicname com.google.inject Medium Product Manifest eclipse-extensibleapi true Low Product pom artifactid guice Highest Product pom groupid com.google.inject Highest Product pom name Google Guice - Core Library High Product pom parent-artifactid guice-parent Medium Version file version 5.1.0 High Version Manifest Bundle-Version 5.1.0 High Version pom version 5.1.0 Highest
hamcrest-core-1.3.jarDescription:
This is the core API of hamcrest matcher framework to be used by third-party framework providers. This includes the a foundation set of matcher implementations for common operations.
File Path: /home/runner/.m2/repository/org/hamcrest/hamcrest-core/1.3/hamcrest-core-1.3.jarMD5: 6393363b47ddcbba82321110c3e07519SHA1: 42a25dc3219429f0e5d060061f71acb49bf010a0SHA256: 66fdef91e9739348df7a096aa384a5685f4e875584cce89386a7a47251c4d8e9Referenced In Project/Scope: SchemaSpy Maven Plugin:compilehamcrest-core-1.3.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/junit/junit@4.13.2
Evidence Type Source Name Value Confidence Vendor file name hamcrest-core High Vendor jar package name core Highest Vendor jar package name hamcrest Highest Vendor jar package name matcher Highest Vendor Manifest built-date 2012-07-09 19:49:34 Low Vendor Manifest Implementation-Vendor hamcrest.org High Vendor pom artifactid hamcrest-core Highest Vendor pom artifactid hamcrest-core Low Vendor pom groupid org.hamcrest Highest Vendor pom name Hamcrest Core High Vendor pom parent-artifactid hamcrest-parent Low Product file name hamcrest-core High Product jar package name core Highest Product jar package name hamcrest Highest Product jar package name matcher Highest Product Manifest built-date 2012-07-09 19:49:34 Low Product Manifest Implementation-Title hamcrest-core High Product pom artifactid hamcrest-core Highest Product pom groupid org.hamcrest Highest Product pom name Hamcrest Core High Product pom parent-artifactid hamcrest-parent Medium Version file version 1.3 High Version Manifest Implementation-Version 1.3 High Version pom version 1.3 Highest
hsqldb-2.7.4.jarDescription:
HSQLDB - Lightweight 100% Java SQL Database Engine License:
HSQLDB License, a BSD open source license: http://hsqldb.org/web/hsqlLicense.html File Path: /home/runner/.m2/repository/org/hsqldb/hsqldb/2.7.4/hsqldb-2.7.4.jar
MD5: 9e6a620acc9d544aacbfa2f17e78f4eb
SHA1: 4aad3c109b5b04927d3bc663bf13535f830401ce
SHA256: 5fab2bb4384ac06b762638c8fa2740c944b8d080e4796c0c6c2af8b90dd4e5ad
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
hsqldb-2.7.4.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/nl.geodienstencentrum.maven/schemaspy-maven-plugin@5.3.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name hsqldb High Vendor jar package name database Highest Vendor jar package name hsqldb Highest Vendor jar package name java Highest Vendor Manifest bundle-symbolicname org.hsqldb.hsqldb Medium Vendor Manifest originally-created-by 11.0.21+9 (Eclipse Adoptium) Low Vendor Manifest specification-vendor The HSQL Development Group Low Vendor pom artifactid hsqldb Highest Vendor pom artifactid hsqldb Low Vendor pom developer email blaine.simpson@admc.com Low Vendor pom developer email ft@cluedup.com Low Vendor pom developer id fredt Medium Vendor pom developer id unsaved Medium Vendor pom developer name Blaine Simpson Medium Vendor pom developer name Fred Toussi Medium Vendor pom groupid org.hsqldb Highest Vendor pom name HyperSQL Database High Vendor pom organization name The HSQL Development Group High Vendor pom organization url http://hsqldb.org Medium Vendor pom url http://hsqldb.org Highest Product file name hsqldb High Product jar package name database Highest Product jar package name hsqldb Highest Product jar package name java Highest Product Manifest Bundle-Name HSQLDB Medium Product Manifest bundle-symbolicname org.hsqldb.hsqldb Medium Product Manifest Implementation-Title Standard runtime High Product Manifest originally-created-by 11.0.21+9 (Eclipse Adoptium) Low Product Manifest specification-title HSQLDB Medium Product pom artifactid hsqldb Highest Product pom developer email blaine.simpson@admc.com Low Product pom developer email ft@cluedup.com Low Product pom developer id fredt Low Product pom developer id unsaved Low Product pom developer name Blaine Simpson Low Product pom developer name Fred Toussi Low Product pom groupid org.hsqldb Highest Product pom name HyperSQL Database High Product pom organization name The HSQL Development Group Low Product pom organization url http://hsqldb.org Low Product pom url http://hsqldb.org Medium Version file version 2.7.4 High Version Manifest Bundle-Version 2.7.4 High Version Manifest Implementation-Version 2.7.4 High Version pom version 2.7.4 Highest
jakarta.annotation-api-1.3.5.jarDescription:
Jakarta Annotations API License:
EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html File Path: /home/runner/.m2/repository/jakarta/annotation/jakarta.annotation-api/1.3.5/jakarta.annotation-api-1.3.5.jar
MD5: 8b165cf58df5f8c2a222f637c0a07c97
SHA1: 59eb84ee0d616332ff44aba065f3888cf002cd2d
SHA256: 85fb03fc054cdf4efca8efd9b6712bbb418e1ab98241c4539c8585bbc23e1b8a
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
jakarta.annotation-api-1.3.5.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4
Evidence Type Source Name Value Confidence Vendor file name jakarta.annotation-api High Vendor jar package name annotation Highest Vendor Manifest automatic-module-name java.annotation Medium Vendor Manifest bundle-docurl https://www.eclipse.org Low Vendor Manifest bundle-symbolicname jakarta.annotation-api Medium Vendor Manifest extension-name jakarta.annotation Medium Vendor Manifest Implementation-Vendor Eclipse Foundation High Vendor Manifest Implementation-Vendor-Id org.glassfish Medium Vendor Manifest specification-vendor Eclipse Foundation Low Vendor pom artifactid jakarta.annotation-api Highest Vendor pom artifactid jakarta.annotation-api Low Vendor pom developer name Linda De Michiel Medium Vendor pom developer org Oracle Corp. Medium Vendor pom groupid jakarta.annotation Highest Vendor pom name Jakarta Annotations API High Vendor pom parent-artifactid ca-parent Low Vendor pom url https://projects.eclipse.org/projects/ee4j.ca Highest Product file name jakarta.annotation-api High Product jar package name annotation Highest Product Manifest automatic-module-name java.annotation Medium Product Manifest bundle-docurl https://www.eclipse.org Low Product Manifest Bundle-Name Jakarta Annotations API Medium Product Manifest bundle-symbolicname jakarta.annotation-api Medium Product Manifest extension-name jakarta.annotation Medium Product pom artifactid jakarta.annotation-api Highest Product pom developer name Linda De Michiel Low Product pom developer org Oracle Corp. Low Product pom groupid jakarta.annotation Highest Product pom name Jakarta Annotations API High Product pom parent-artifactid ca-parent Medium Product pom url https://projects.eclipse.org/projects/ee4j.ca Medium Version file version 1.3.5 High Version Manifest Bundle-Version 1.3.5 High Version Manifest Implementation-Version 1.3.5 High Version pom version 1.3.5 Highest
javax.inject-1.jarDescription:
The javax.inject API License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/javax/inject/javax.inject/1/javax.inject-1.jar
MD5: 289075e48b909e9e74e6c915b3631d2e
SHA1: 6975da39a7040257bd51d21a231b76c915872d38
SHA256: 91c77044a50c481636c32d916fd89c9118a72195390452c81065080f957de7ff
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
javax.inject-1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven/maven-core@3.9.9
Evidence Type Source Name Value Confidence Vendor file name javax.inject-1 High Vendor jar package name inject Highest Vendor jar package name inject Low Vendor jar package name javax Highest Vendor jar package name javax Low Vendor pom artifactid javax.inject Highest Vendor pom artifactid javax.inject Low Vendor pom groupid javax.inject Highest Vendor pom name javax.inject High Vendor pom url http://code.google.com/p/atinject/ Highest Product file name javax.inject-1 High Product jar package name inject Highest Product jar package name inject Low Product jar package name javax Highest Product pom artifactid javax.inject Highest Product pom groupid javax.inject Highest Product pom name javax.inject High Product pom url http://code.google.com/p/atinject/ Medium Version file version 1 Medium Version pom version 1 Highest
jcommander-1.69.jarDescription:
Command line parsing License:
Apache 2.0: http://www.apache.org/licenses/LICENSE-2.0 File Path: /home/runner/.m2/repository/com/beust/jcommander/1.69/jcommander-1.69.jar
MD5: 45bed2649f8429973c486579631c69c7
SHA1: bdf17915d565a7c88a2a0fe05afb5b99ecf24555
SHA256: c2534833996d60581127ddc5139bb94f27f46badc77e1356746d58d9a3dcd99e
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
jcommander-1.69.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4
Evidence Type Source Name Value Confidence Vendor file name jcommander High Vendor jar package name beust Highest Vendor jar package name beust Low Vendor jar package name jcommander Highest Vendor jar package name jcommander Low Vendor pom artifactid jcommander Highest Vendor pom artifactid jcommander Low Vendor pom developer email cedric@beust.com Low Vendor pom developer name Cedric Beust Medium Vendor pom groupid com.beust Highest Vendor pom name jcommander High Vendor pom url http://jcommander.org Highest Product file name jcommander High Product jar package name beust Highest Product jar package name jcommander Highest Product jar package name jcommander Low Product pom artifactid jcommander Highest Product pom developer email cedric@beust.com Low Product pom developer name Cedric Beust Low Product pom groupid com.beust Highest Product pom name jcommander High Product pom url http://jcommander.org Medium Version file version 1.69 High Version pom version 1.69 Highest
json-20230227.jarDescription:
JSON is a light-weight, language independent, data interchange format.
See http://www.JSON.org/
The files in this package implement JSON encoders/decoders in Java.
It also includes the capability to convert between JSON and XML, HTTP
headers, Cookies, and CDL.
This is a reference implementation. There is a large number of JSON packages
in Java. Perhaps someday the Java community will standardize on one. Until
then, choose carefully.
License:
Public Domain: https://github.com/stleary/JSON-java/blob/master/LICENSE File Path: /home/runner/.m2/repository/org/json/json/20230227/json-20230227.jar
MD5: 6b9a69b21979b0c3cb5733db19ea51b1
SHA1: 7a0d4aca76513d8ce81f9b044ce8126b84809ad8
SHA256: 9ed26791dc2d8629fdf8a207f1aebadcb50d641be637664310ef51c0f73e269b
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
json-20230227.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4
Evidence Type Source Name Value Confidence Vendor file name json-20230227 High Vendor jar package name cdl Highest Vendor jar package name http Highest Vendor jar package name json Highest Vendor jar package name xml Highest Vendor Manifest automatic-module-name org.json Medium Vendor Manifest bundle-symbolicname json Medium Vendor pom artifactid json Highest Vendor pom artifactid json Low Vendor pom developer email douglas@crockford.com Low Vendor pom developer name Douglas Crockford Medium Vendor pom groupid org.json Highest Vendor pom name JSON in Java High Vendor pom url douglascrockford/JSON-java Highest Product file name json-20230227 High Product jar package name cdl Highest Product jar package name http Highest Product jar package name json Highest Product jar package name xml Highest Product Manifest automatic-module-name org.json Medium Product Manifest Bundle-Name JSON in Java Medium Product Manifest bundle-symbolicname json Medium Product pom artifactid json Highest Product pom developer email douglas@crockford.com Low Product pom developer name Douglas Crockford Low Product pom groupid org.json Highest Product pom name JSON in Java High Product pom url douglascrockford/JSON-java High Version file version 20230227 Medium Version pom version 20230227 Highest
CVE-2023-5072 suppress
Denial of Service in JSON-Java versions up to and including 20230618. A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used. CWE-770 Allocation of Resources Without Limits or Throttling
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions:
json-simple-3.0.2.jarDescription:
Java 7+ toolkit to quickly develop RFC 4627 JSON compatible applications. License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/com/github/cliftonlabs/json-simple/3.0.2/json-simple-3.0.2.jar
MD5: 148c0d1bdc1bcb24394627d6930ee9ad
SHA1: 2337afdb06134a12fc0239299c3ceb2e9c209516
SHA256: fda65a9ad0e1ac0c88987106e89aa4d8b2a2495e7e042371efa83813f65b7295
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
json-simple-3.0.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven.reporting/maven-reporting-impl@4.0.0
Evidence Type Source Name Value Confidence Vendor file name json-simple High Vendor jar package name cliftonlabs Highest Vendor jar package name github Highest Vendor Manifest implementation-url https://cliftonlabs.github.io/json-simple/ Low Vendor Manifest Implementation-Vendor-Id com.github.cliftonlabs Medium Vendor pom artifactid json-simple Highest Vendor pom artifactid json-simple Low Vendor pom developer email davin.loegering@cliftonlabs.com Low Vendor pom developer name Davin Loegering Medium Vendor pom developer name Yidong Fang Medium Vendor pom developer org Clifton Labs Medium Vendor pom developer org URL https://cliftonlabs.com Medium Vendor pom groupid com.github.cliftonlabs Highest Vendor pom name JSON.simple High Vendor pom url https://cliftonlabs.github.io/json-simple/ Highest Product file name json-simple High Product jar package name cliftonlabs Highest Product jar package name github Highest Product Manifest Implementation-Title JSON.simple High Product Manifest implementation-url https://cliftonlabs.github.io/json-simple/ Low Product Manifest specification-title JSON.simple Medium Product pom artifactid json-simple Highest Product pom developer email davin.loegering@cliftonlabs.com Low Product pom developer name Davin Loegering Low Product pom developer name Yidong Fang Low Product pom developer org Clifton Labs Low Product pom developer org URL https://cliftonlabs.com Low Product pom groupid com.github.cliftonlabs Highest Product pom name JSON.simple High Product pom url https://cliftonlabs.github.io/json-simple/ Medium Version file version 3.0.2 High Version Manifest Implementation-Version 3.0.2 High Version pom version 3.0.2 Highest
jul-to-slf4j-1.7.30.jarDescription:
JUL to SLF4J bridge File Path: /home/runner/.m2/repository/org/slf4j/jul-to-slf4j/1.7.30/jul-to-slf4j-1.7.30.jarMD5: f2c78cb93d70dc5dea0c50f36ace09c1SHA1: d58bebff8cbf70ff52b59208586095f467656c30SHA256: bbcbfdaa72572255c4f85207a9bfdb24358dc993e41252331bd4d0913e4988b9Referenced In Project/Scope: SchemaSpy Maven Plugin:compilejul-to-slf4j-1.7.30.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4
Evidence Type Source Name Value Confidence Vendor file name jul-to-slf4j High Vendor jar package name bridge Highest Vendor jar package name slf4j Highest Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor Manifest bundle-symbolicname jul.to.slf4j Medium Vendor pom artifactid jul-to-slf4j Highest Vendor pom artifactid jul-to-slf4j Low Vendor pom groupid org.slf4j Highest Vendor pom name JUL to SLF4J bridge High Vendor pom parent-artifactid slf4j-parent Low Vendor pom url http://www.slf4j.org Highest Product file name jul-to-slf4j High Product jar package name bridge Highest Product jar package name slf4j Highest Product Manifest Bundle-Name jul-to-slf4j Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product Manifest bundle-symbolicname jul.to.slf4j Medium Product pom artifactid jul-to-slf4j Highest Product pom groupid org.slf4j Highest Product pom name JUL to SLF4J bridge High Product pom parent-artifactid slf4j-parent Medium Product pom url http://www.slf4j.org Medium Version file version 1.7.30 High Version Manifest Bundle-Version 1.7.30 High Version Manifest Implementation-Version 1.7.30 High Version pom version 1.7.30 Highest
log4j-api-2.12.1.jarDescription:
The Apache Log4j API License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/apache/logging/log4j/log4j-api/2.12.1/log4j-api-2.12.1.jar
MD5: 4a6f276d4fb426c8d489343c0325bb75
SHA1: a55e6d987f50a515c9260b0451b4fa217dc539cb
SHA256: 429534d03bdb728879ab551d469e26f6f7ff4c8a8627f59ac68ab6ef26063515
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
log4j-api-2.12.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4
Evidence Type Source Name Value Confidence Vendor file name log4j-api High Vendor jar package name apache Highest Vendor jar package name log4j Highest Vendor jar package name logging Highest Vendor jar package name org Highest Vendor Manifest bundle-docurl https://www.apache.org/ Low Vendor Manifest bundle-symbolicname org.apache.logging.log4j.api Medium Vendor Manifest implementation-url https://logging.apache.org/log4j/2.x/log4j-api/ Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache.logging.log4j Medium Vendor Manifest log4jreleasekey B3D8E1BA Low Vendor Manifest log4jreleasemanager Ralph Goers Low Vendor Manifest multi-release true Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid log4j-api Highest Vendor pom artifactid log4j-api Low Vendor pom groupid org.apache.logging.log4j Highest Vendor pom name Apache Log4j API High Vendor pom parent-artifactid log4j Low Product file name log4j-api High Product jar package name apache Highest Product jar package name log4j Highest Product jar package name logging Highest Product jar package name org Highest Product Manifest bundle-docurl https://www.apache.org/ Low Product Manifest Bundle-Name Apache Log4j API Medium Product Manifest bundle-symbolicname org.apache.logging.log4j.api Medium Product Manifest Implementation-Title Apache Log4j API High Product Manifest implementation-url https://logging.apache.org/log4j/2.x/log4j-api/ Low Product Manifest log4jreleasekey B3D8E1BA Low Product Manifest log4jreleasemanager Ralph Goers Low Product Manifest multi-release true Low Product Manifest specification-title Apache Log4j API Medium Product pom artifactid log4j-api Highest Product pom groupid org.apache.logging.log4j Highest Product pom name Apache Log4j API High Product pom parent-artifactid log4j Medium Version file version 2.12.1 High Version Manifest Bundle-Version 2.12.1 High Version Manifest Implementation-Version 2.12.1 High Version Manifest log4jreleaseversion 2.12.1 Medium Version pom version 2.12.1 Highest
CVE-2020-9488 suppress
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1 CWE-295 Improper Certificate Validation
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: LOW (3.7) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:2.2/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
log4j-to-slf4j-2.12.1.jarDescription:
The Apache Log4j binding between Log4j 2 API and SLF4J. License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/apache/logging/log4j/log4j-to-slf4j/2.12.1/log4j-to-slf4j-2.12.1.jar
MD5: a6fdf03c03b6f5fac5a978031a06777e
SHA1: dfb42ea8ce1a399bcf7218efe8115a0b7ab3788a
SHA256: 69d4aa504294033ea0d1236aabe81ed3f6393b6eb42e61899b197a51a3df73e9
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
log4j-to-slf4j-2.12.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4
Evidence Type Source Name Value Confidence Vendor file name log4j-to-slf4j High Vendor jar package name apache Highest Vendor jar package name logging Highest Vendor jar package name slf4j Highest Vendor Manifest automatic-module-name org.apache.logging.slf4j Medium Vendor Manifest bundle-docurl https://www.apache.org/ Low Vendor Manifest bundle-symbolicname org.apache.logging.log4j.to-slf4j Medium Vendor Manifest implementation-url https://logging.apache.org/log4j/2.x/log4j-to-slf4j/ Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache.logging.log4j Medium Vendor Manifest log4jreleasekey B3D8E1BA Low Vendor Manifest log4jreleasemanager Ralph Goers Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid log4j-to-slf4j Highest Vendor pom artifactid log4j-to-slf4j Low Vendor pom groupid org.apache.logging.log4j Highest Vendor pom name Apache Log4j to SLF4J Adapter High Vendor pom parent-artifactid log4j Low Product file name log4j-to-slf4j High Product jar package name apache Highest Product jar package name logging Highest Product jar package name slf4j Highest Product Manifest automatic-module-name org.apache.logging.slf4j Medium Product Manifest bundle-docurl https://www.apache.org/ Low Product Manifest Bundle-Name Apache Log4j to SLF4J Adapter Medium Product Manifest bundle-symbolicname org.apache.logging.log4j.to-slf4j Medium Product Manifest Implementation-Title Apache Log4j to SLF4J Adapter High Product Manifest implementation-url https://logging.apache.org/log4j/2.x/log4j-to-slf4j/ Low Product Manifest log4jreleasekey B3D8E1BA Low Product Manifest log4jreleasemanager Ralph Goers Low Product Manifest specification-title Apache Log4j to SLF4J Adapter Medium Product pom artifactid log4j-to-slf4j Highest Product pom groupid org.apache.logging.log4j Highest Product pom name Apache Log4j to SLF4J Adapter High Product pom parent-artifactid log4j Medium Version file version 2.12.1 High Version Manifest Bundle-Version 2.12.1 High Version Manifest Implementation-Version 2.12.1 High Version Manifest log4jreleaseversion 2.12.1 Medium Version pom version 2.12.1 Highest
logback-core-1.2.3.jarDescription:
logback-core module License:
http://www.eclipse.org/legal/epl-v10.html, http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html File Path: /home/runner/.m2/repository/ch/qos/logback/logback-core/1.2.3/logback-core-1.2.3.jar
MD5: 841fc80c6edff60d947a3872a2db4d45
SHA1: 864344400c3d4d92dfeb0a305dc87d953677c03c
SHA256: 5946d837fe6f960c02a53eda7a6926ecc3c758bbdd69aa453ee429f858217f22
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
logback-core-1.2.3.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4
Evidence Type Source Name Value Confidence Vendor file name logback-core High Vendor jar package name ch Highest Vendor jar package name core Highest Vendor jar package name logback Highest Vendor jar package name qos Highest Vendor Manifest bundle-docurl http://www.qos.ch Low Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.6 Low Vendor Manifest bundle-symbolicname ch.qos.logback.core Medium Vendor Manifest originally-created-by Apache Maven Bundle Plugin Low Vendor pom artifactid logback-core Highest Vendor pom artifactid logback-core Low Vendor pom groupid ch.qos.logback Highest Vendor pom name Logback Core Module High Vendor pom parent-artifactid logback-parent Low Product file name logback-core High Product jar package name ch Highest Product jar package name core Highest Product jar package name logback Highest Product jar package name qos Highest Product Manifest bundle-docurl http://www.qos.ch Low Product Manifest Bundle-Name Logback Core Module Medium Product Manifest bundle-requiredexecutionenvironment JavaSE-1.6 Low Product Manifest bundle-symbolicname ch.qos.logback.core Medium Product Manifest originally-created-by Apache Maven Bundle Plugin Low Product pom artifactid logback-core Highest Product pom groupid ch.qos.logback Highest Product pom name Logback Core Module High Product pom parent-artifactid logback-parent Medium Version file version 1.2.3 High Version Manifest Bundle-Version 1.2.3 High Version pom version 1.2.3 Highest
Related Dependencies logback-classic-1.2.3.jarFile Path: /home/runner/.m2/repository/ch/qos/logback/logback-classic/1.2.3/logback-classic-1.2.3.jar MD5: 64f7a68f931aed8e5ad8243470440f0b SHA1: 7c4f3c474fb2c041d8028740440937705ebb473a SHA256: fb53f8539e7fcb8f093a56e138112056ec1dc809ebb020b59d8a36a5ebac37e0 pkg:maven/ch.qos.logback/logback-classic@1.2.3 CVE-2023-6378 suppress
A serialization vulnerability in logback receiver component part of
logback version 1.4.11 allows an attacker to mount a Denial-Of-Service
attack by sending poisoned data.
CWE-502 Deserialization of Untrusted Data
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2021-42550 suppress
In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers. CWE-502 Deserialization of Untrusted Data
CVSSv2:
Base Score: HIGH (8.5) Vector: /AV:N/AC:M/Au:S/C:C/I:C/A:C CVSSv3:
Base Score: MEDIUM (6.6) Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:0.7/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
maven-archiver-3.6.2.jarDescription:
Provides utility methods for creating JARs and other archive files from a Maven project. File Path: /home/runner/.m2/repository/org/apache/maven/maven-archiver/3.6.2/maven-archiver-3.6.2.jarMD5: 742b3136d8ff1fcb66f5fd7f3c267c8dSHA1: a2d949d87fed6db197cc3cceec93012dd2317ca0SHA256: 1f895a587df4844d9b7565e8e9a6352afe1d55532458a0dbeb746bc1d02e9216Referenced In Project/Scope: SchemaSpy Maven Plugin:compilemaven-archiver-3.6.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven.reporting/maven-reporting-impl@4.0.0
Evidence Type Source Name Value Confidence Vendor file name maven-archiver High Vendor jar package name apache Highest Vendor jar package name archiver Highest Vendor jar package name maven Highest Vendor Manifest build-jdk-spec 21 Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid maven-archiver Highest Vendor pom artifactid maven-archiver Low Vendor pom groupid org.apache.maven Highest Vendor pom name Apache Maven Archiver High Vendor pom parent-artifactid maven-shared-components Low Vendor pom parent-groupid org.apache.maven.shared Medium Product file name maven-archiver High Product jar package name apache Highest Product jar package name archiver Highest Product jar package name maven Highest Product Manifest build-jdk-spec 21 Low Product Manifest Implementation-Title Apache Maven Archiver High Product Manifest specification-title Apache Maven Archiver Medium Product pom artifactid maven-archiver Highest Product pom groupid org.apache.maven Highest Product pom name Apache Maven Archiver High Product pom parent-artifactid maven-shared-components Medium Product pom parent-groupid org.apache.maven.shared Medium Version file version 3.6.2 High Version Manifest Implementation-Version 3.6.2 High Version pom parent-version 3.6.2 Low Version pom version 3.6.2 Highest
maven-artifact-3.9.9.jarFile Path: /home/runner/.m2/repository/org/apache/maven/maven-artifact/3.9.9/maven-artifact-3.9.9.jarMD5: fcb27c2b8225edec3f2356973fa39e98SHA1: a130ec431ef32e12a4424f9b074735bb58e15d2dSHA256: 30f015d1c1a393e19c18cd4f43532089c36d4ca328608ce3dda78b74d3d31515Referenced In Project/Scope: SchemaSpy Maven Plugin:providedmaven-artifact-3.9.9.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/nl.geodienstencentrum.maven/schemaspy-maven-plugin@5.3.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name maven-artifact High Vendor jar package name apache Highest Vendor jar package name artifact Highest Vendor jar package name maven Highest Vendor Manifest build-jdk-spec 21 Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid maven-artifact Highest Vendor pom artifactid maven-artifact Low Vendor pom groupid org.apache.maven Highest Vendor pom name Maven Artifact High Vendor pom parent-artifactid maven Low Product file name maven-artifact High Product jar package name apache Highest Product jar package name artifact Highest Product jar package name maven Highest Product Manifest build-jdk-spec 21 Low Product Manifest Implementation-Title Maven Artifact High Product Manifest specification-title Maven Artifact Medium Product pom artifactid maven-artifact Highest Product pom groupid org.apache.maven Highest Product pom name Maven Artifact High Product pom parent-artifactid maven Medium Version file version 3.9.9 High Version Manifest Implementation-Version 3.9.9 High Version pom version 3.9.9 Highest
maven-builder-support-3.9.9.jarDescription:
Support for descriptor builders (model, setting, toolchains) File Path: /home/runner/.m2/repository/org/apache/maven/maven-builder-support/3.9.9/maven-builder-support-3.9.9.jarMD5: 0266bb9314b63d9fde8aff0d190f48d6SHA1: 812c13c808e42c54d3f4abdaab603e5262bf8ab8SHA256: 2ca4a967bdd12a9e85d40e012374f86e63d4a1030c199da4832e3d0a1c6770d8Referenced In Project/Scope: SchemaSpy Maven Plugin:providedmaven-builder-support-3.9.9.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven/maven-core@3.9.9
Evidence Type Source Name Value Confidence Vendor file name maven-builder-support High Vendor jar package name apache Highest Vendor jar package name maven Highest Vendor Manifest build-jdk-spec 21 Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid maven-builder-support Highest Vendor pom artifactid maven-builder-support Low Vendor pom groupid org.apache.maven Highest Vendor pom name Maven Builder Support High Vendor pom parent-artifactid maven Low Product file name maven-builder-support High Product jar package name apache Highest Product jar package name maven Highest Product Manifest build-jdk-spec 21 Low Product Manifest Implementation-Title Maven Builder Support High Product Manifest specification-title Maven Builder Support Medium Product pom artifactid maven-builder-support Highest Product pom groupid org.apache.maven Highest Product pom name Maven Builder Support High Product pom parent-artifactid maven Medium Version file version 3.9.9 High Version Manifest Implementation-Version 3.9.9 High Version pom version 3.9.9 Highest
maven-core-3.9.9.jarDescription:
Maven Core classes. File Path: /home/runner/.m2/repository/org/apache/maven/maven-core/3.9.9/maven-core-3.9.9.jarMD5: eed2eb37f03ccdea7ef9dab069c0b5d8SHA1: b58645e3f14348024b05735c171425e19d30c02eSHA256: 7fab37fc6044f20ae004376ab8414373636cf51e26ad0b1efa6b3f1cd2bec503Referenced In Project/Scope: SchemaSpy Maven Plugin:providedmaven-core-3.9.9.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/nl.geodienstencentrum.maven/schemaspy-maven-plugin@5.3.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name maven-core High Vendor jar package name apache Highest Vendor jar package name maven Highest Vendor Manifest build-jdk-spec 21 Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid maven-core Highest Vendor pom artifactid maven-core Low Vendor pom groupid org.apache.maven Highest Vendor pom name Maven Core High Vendor pom parent-artifactid maven Low Product file name maven-core High Product jar package name apache Highest Product jar package name maven Highest Product Manifest build-jdk-spec 21 Low Product Manifest Implementation-Title Maven Core High Product Manifest specification-title Maven Core Medium Product pom artifactid maven-core Highest Product pom groupid org.apache.maven Highest Product pom name Maven Core High Product pom parent-artifactid maven Medium Version file version 3.9.9 High Version Manifest Implementation-Version 3.9.9 High Version pom version 3.9.9 Highest
maven-model-3.9.9.jarDescription:
Model for Maven POM (Project Object Model) File Path: /home/runner/.m2/repository/org/apache/maven/maven-model/3.9.9/maven-model-3.9.9.jarMD5: 813d4aceaaa8e16f8a83c95a96afa22cSHA1: 585bff8f220ddc1c08c5263b7dee26c49fc7df94SHA256: 8f59b0a16fe9c933be749a60ae0705a0cb337bb5abaf38801b40b740ff775727Referenced In Project/Scope: SchemaSpy Maven Plugin:providedmaven-model-3.9.9.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/nl.geodienstencentrum.maven/schemaspy-maven-plugin@5.3.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name maven-model High Vendor jar package name apache Highest Vendor jar package name maven Highest Vendor jar package name model Highest Vendor Manifest build-jdk-spec 21 Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid maven-model Highest Vendor pom artifactid maven-model Low Vendor pom groupid org.apache.maven Highest Vendor pom name Maven Model High Vendor pom parent-artifactid maven Low Product file name maven-model High Product jar package name apache Highest Product jar package name maven Highest Product jar package name model Highest Product Manifest build-jdk-spec 21 Low Product Manifest Implementation-Title Maven Model High Product Manifest specification-title Maven Model Medium Product pom artifactid maven-model Highest Product pom groupid org.apache.maven Highest Product pom name Maven Model High Product pom parent-artifactid maven Medium Version file version 3.9.9 High Version Manifest Implementation-Version 3.9.9 High Version pom version 3.9.9 Highest
maven-model-builder-3.9.9.jarDescription:
The effective model builder, with inheritance, profile activation, interpolation, ... File Path: /home/runner/.m2/repository/org/apache/maven/maven-model-builder/3.9.9/maven-model-builder-3.9.9.jarMD5: a48ea3e9ceec85a9bff88e88048148d9SHA1: 6dcd87768eb615301aef0c2221dd168a2d36bc7bSHA256: a4377182ac2e5adfe16be3b3c81981a5ecddab014184de72ae1e522f04a77602Referenced In Project/Scope: SchemaSpy Maven Plugin:providedmaven-model-builder-3.9.9.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven/maven-core@3.9.9
Evidence Type Source Name Value Confidence Vendor file name maven-model-builder High Vendor jar package name apache Highest Vendor jar package name inheritance Highest Vendor jar package name interpolation Highest Vendor jar package name maven Highest Vendor jar package name model Highest Vendor jar package name profile Highest Vendor Manifest build-jdk-spec 21 Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid maven-model-builder Highest Vendor pom artifactid maven-model-builder Low Vendor pom groupid org.apache.maven Highest Vendor pom name Maven Model Builder High Vendor pom parent-artifactid maven Low Product file name maven-model-builder High Product jar package name apache Highest Product jar package name inheritance Highest Product jar package name interpolation Highest Product jar package name maven Highest Product jar package name model Highest Product jar package name profile Highest Product Manifest build-jdk-spec 21 Low Product Manifest Implementation-Title Maven Model Builder High Product Manifest specification-title Maven Model Builder Medium Product pom artifactid maven-model-builder Highest Product pom groupid org.apache.maven Highest Product pom name Maven Model Builder High Product pom parent-artifactid maven Medium Version file version 3.9.9 High Version Manifest Implementation-Version 3.9.9 High Version pom version 3.9.9 Highest
maven-plugin-annotations-3.15.1.jarDescription:
Java annotations to use in Mojos File Path: /home/runner/.m2/repository/org/apache/maven/plugin-tools/maven-plugin-annotations/3.15.1/maven-plugin-annotations-3.15.1.jarMD5: 0723da1364961f527fbfce10c8b9c7ddSHA1: ca287d08819d5d87f3a06b8f065a79eb33c3ecc3SHA256: b58bcb3a1f362f6e1efa2772064026bb3d4ad92e6f43a1812d8d2886489912f5Referenced In Project/Scope: SchemaSpy Maven Plugin:providedmaven-plugin-annotations-3.15.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/nl.geodienstencentrum.maven/schemaspy-maven-plugin@5.3.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name maven-plugin-annotations High Vendor jar package name annotations Highest Vendor jar package name apache Highest Vendor jar package name maven Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid maven-plugin-annotations Highest Vendor pom artifactid maven-plugin-annotations Low Vendor pom groupid org.apache.maven.plugin-tools Highest Vendor pom name Maven Plugin Tools Java Annotations High Vendor pom parent-artifactid maven-plugin-tools Low Product file name maven-plugin-annotations High Product jar package name annotations Highest Product jar package name apache Highest Product jar package name maven Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest Implementation-Title Maven Plugin Tools Java Annotations High Product Manifest specification-title Maven Plugin Tools Java Annotations Medium Product pom artifactid maven-plugin-annotations Highest Product pom groupid org.apache.maven.plugin-tools Highest Product pom name Maven Plugin Tools Java Annotations High Product pom parent-artifactid maven-plugin-tools Medium Version file version 3.15.1 High Version Manifest Implementation-Version 3.15.1 High Version pom version 3.15.1 Highest
maven-plugin-api-3.9.9.jarDescription:
The API for plugins - Mojos - development. File Path: /home/runner/.m2/repository/org/apache/maven/maven-plugin-api/3.9.9/maven-plugin-api-3.9.9.jarMD5: 0bf1ae393ffac0c034ce8f3a4b7fc406SHA1: 7e06aef37b14f8452928e5efaa88bcf2ee8aed02SHA256: 2b491d38db45b0e8eef522e8f7889a3366e546e58b376b07fcb56e34c424e932Referenced In Project/Scope: SchemaSpy Maven Plugin:providedmaven-plugin-api-3.9.9.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/nl.geodienstencentrum.maven/schemaspy-maven-plugin@5.3.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name maven-plugin-api High Vendor jar package name apache Highest Vendor jar package name maven Highest Vendor jar package name plugin Highest Vendor Manifest build-jdk-spec 21 Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid maven-plugin-api Highest Vendor pom artifactid maven-plugin-api Low Vendor pom groupid org.apache.maven Highest Vendor pom name Maven Plugin API High Vendor pom parent-artifactid maven Low Product file name maven-plugin-api High Product jar package name apache Highest Product jar package name maven Highest Product jar package name plugin Highest Product Manifest build-jdk-spec 21 Low Product Manifest Implementation-Title Maven Plugin API High Product Manifest specification-title Maven Plugin API Medium Product pom artifactid maven-plugin-api Highest Product pom groupid org.apache.maven Highest Product pom name Maven Plugin API High Product pom parent-artifactid maven Medium Version file version 3.9.9 High Version Manifest Implementation-Version 3.9.9 High Version pom version 3.9.9 Highest
maven-reporting-api-4.0.0.jarDescription:
API to manage report generation. File Path: /home/runner/.m2/repository/org/apache/maven/reporting/maven-reporting-api/4.0.0/maven-reporting-api-4.0.0.jarMD5: 9c49fcb81d69bb5ec513d624c181fc05SHA1: d3ad7e3d03463b5bd77e7d3ce94539cc723c8dfbSHA256: cb2cbde3c9c7288f7398a250dcf3c90cf92714cff301f22b298e1091b5def33cReferenced In Project/Scope: SchemaSpy Maven Plugin:compilemaven-reporting-api-4.0.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven.reporting/maven-reporting-impl@4.0.0
Evidence Type Source Name Value Confidence Vendor file name maven-reporting-api High Vendor jar package name apache Highest Vendor jar package name maven Highest Vendor jar package name reporting Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid maven-reporting-api Highest Vendor pom artifactid maven-reporting-api Low Vendor pom groupid org.apache.maven.reporting Highest Vendor pom name Apache Maven Reporting API High Vendor pom parent-artifactid maven-shared-components Low Vendor pom parent-groupid org.apache.maven.shared Medium Product file name maven-reporting-api High Product jar package name apache Highest Product jar package name maven Highest Product jar package name reporting Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest Implementation-Title Apache Maven Reporting API High Product Manifest specification-title Apache Maven Reporting API Medium Product pom artifactid maven-reporting-api Highest Product pom groupid org.apache.maven.reporting Highest Product pom name Apache Maven Reporting API High Product pom parent-artifactid maven-shared-components Medium Product pom parent-groupid org.apache.maven.shared Medium Version file version 4.0.0 High Version Manifest Implementation-Version 4.0.0 High Version pom parent-version 4.0.0 Low Version pom version 4.0.0 Highest
maven-reporting-impl-4.0.0.jarDescription:
Abstract classes to manage report generation. File Path: /home/runner/.m2/repository/org/apache/maven/reporting/maven-reporting-impl/4.0.0/maven-reporting-impl-4.0.0.jarMD5: 302ed7d914dc813380d361d1acb83c2fSHA1: d3753b5c13a873a5ddb71f404c6fe1179a4688c2SHA256: e9e70fdb26ff8b1f15435e3a68866a25c85b1694007e0fbdfe84e48e946fe463Referenced In Project/Scope: SchemaSpy Maven Plugin:compilemaven-reporting-impl-4.0.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/nl.geodienstencentrum.maven/schemaspy-maven-plugin@5.3.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name maven-reporting-impl High Vendor jar package name apache Highest Vendor jar package name maven Highest Vendor jar package name reporting Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid maven-reporting-impl Highest Vendor pom artifactid maven-reporting-impl Low Vendor pom groupid org.apache.maven.reporting Highest Vendor pom name Apache Maven Reporting Implementation High Vendor pom parent-artifactid maven-shared-components Low Vendor pom parent-groupid org.apache.maven.shared Medium Product file name maven-reporting-impl High Product jar package name apache Highest Product jar package name maven Highest Product jar package name reporting Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest Implementation-Title Apache Maven Reporting Implementation High Product Manifest specification-title Apache Maven Reporting Implementation Medium Product pom artifactid maven-reporting-impl Highest Product pom groupid org.apache.maven.reporting Highest Product pom name Apache Maven Reporting Implementation High Product pom parent-artifactid maven-shared-components Medium Product pom parent-groupid org.apache.maven.shared Medium Version file version 4.0.0 High Version Manifest Implementation-Version 4.0.0 High Version pom parent-version 4.0.0 Low Version pom version 4.0.0 Highest
maven-repository-metadata-3.9.9.jarDescription:
Per-directory local and remote repository metadata. File Path: /home/runner/.m2/repository/org/apache/maven/maven-repository-metadata/3.9.9/maven-repository-metadata-3.9.9.jarMD5: d341cdcc9abac2d01546301a305f12b3SHA1: 33a43f0af3371225d1dcaaa20a824df59c692172SHA256: 137c297e6a52d489b76663c82324d54e40f5d498a8fc015c0203fd91df8623b0Referenced In Project/Scope: SchemaSpy Maven Plugin:providedmaven-repository-metadata-3.9.9.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven/maven-core@3.9.9
Evidence Type Source Name Value Confidence Vendor file name maven-repository-metadata High Vendor jar package name apache Highest Vendor jar package name maven Highest Vendor jar package name repository Highest Vendor Manifest build-jdk-spec 21 Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid maven-repository-metadata Highest Vendor pom artifactid maven-repository-metadata Low Vendor pom groupid org.apache.maven Highest Vendor pom name Maven Repository Metadata Model High Vendor pom parent-artifactid maven Low Product file name maven-repository-metadata High Product jar package name apache Highest Product jar package name maven Highest Product jar package name repository Highest Product Manifest build-jdk-spec 21 Low Product Manifest Implementation-Title Maven Repository Metadata Model High Product Manifest specification-title Maven Repository Metadata Model Medium Product pom artifactid maven-repository-metadata Highest Product pom groupid org.apache.maven Highest Product pom name Maven Repository Metadata Model High Product pom parent-artifactid maven Medium Version file version 3.9.9 High Version Manifest Implementation-Version 3.9.9 High Version pom version 3.9.9 Highest
maven-resolver-api-1.9.22.jarDescription:
The application programming interface for the repository system. License:
"Apache-2.0";link="https://www.apache.org/licenses/LICENSE-2.0.txt" File Path: /home/runner/.m2/repository/org/apache/maven/resolver/maven-resolver-api/1.9.22/maven-resolver-api-1.9.22.jar
MD5: c59d27b3750461be99f8d38e1f503f56
SHA1: 756660687ea077b85be02b019d593ef2758e7db6
SHA256: 63f5f665e44a09ef55463b3b91fda0b78ff07dd24b1060d56e79c10b6e32cbfb
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
maven-resolver-api-1.9.22.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven/maven-core@3.9.9
Evidence Type Source Name Value Confidence Vendor file name maven-resolver-api High Vendor jar package name artifact Highest Vendor jar package name repository Highest Vendor Manifest automatic-module-name org.apache.maven.resolver Medium Vendor Manifest build-jdk-spec 21 Low Vendor Manifest bundle-developers khmarbaise;email="khmarbaise@apache.org";name="Karl Heinz Marbaise";roles="PMC Chair";timezone="+1",aheritier;email="aheritier@apache.org";name="Arnaud Héritier";roles="PMC Member";timezone="+1",andham;email="andham@apache.org";name="Anders Hammar";roles="PMC Member";timezone="+1",baerrach;email="baerrach@apache.org";name="Barrie Treloar";roles="PMC Member";timezone="Australia/Adelaide",bimargulies;email="bimargulies@apache.org";name="Benson Margulies";roles="PMC Member";timezone="America/New_York",bmarwell;email="bmarwell@apache.org";name="Benjamin Marwell";organization=ASF;roles="PMC Member";timezone="Europe/Berlin",brianf;email="brianf@apache.org";name="Brian Fox";organization=Sonatype;roles="PMC Member";timezone=-5,cstamas;email="cstamas@apache.org";name="Tamas Cservenak";roles="PMC Member";timezone="+1",dennisl;email="dennisl@apache.org";name="Dennis Lundberg";organization=ASF;roles="PMC Member";timezone="+1",dkulp;email="dkulp@apache.org";name="Daniel Kulp";organization=ASF;roles="PMC Member";timezone=-5,evenisse;email="evenisse@apache.org";name="Emmanuel Venisse";organization=ASF;roles="PMC Member";timezone="+1",gboue;email="gboue@apache.org";name="Guillaume Boué";roles="PMC Member";timezone="Europe/Paris",gnodet;email="gnodet@apache.org";name="Guillaume Nodet";organization="Red Hat";roles="PMC Member";timezone="Europe/Paris",henning;email="henning@apache.org";name="Henning Schmiedehausen";organization=ASF;roles="PMC Member";timezone="America/Los_Angeles",hboutemy;email="hboutemy@apache.org";name="Hervé Boutemy";organization=ASF;roles="PMC Member";timezone="Europe/Paris",ifedorenko;email="igor@ifedorenko.com";name="Igor Fedorenko";organization=Sonatype;roles="PMC Member";timezone=-5,jvanzyl;email="jason@maven.org";name="Jason van Zyl";roles="PMC Member";timezone=-5,krosenvold;email="krosenvold@apache.org";name="Kristian Rosenvold";roles="PMC Member";timezone="+1",kwin;email="kwin@apache.org";name="Konrad Windszus";organization="Cognizant Netcentric";roles="PMC Member";timezone="Europe/Berlin",mkleint;name="Milos Kleint";roles="PMC Member",mthmulders;email="mthmulders@apache.org";name="Maarten Mulders";organization="Info Support";roles="PMC Member";timezone="Europe/Amsterdam",olamy;email="olamy@apache.org";name="Olivier Lamy";roles="PMC Member";timezone="Australia/Brisbane",michaelo;email="michaelo@apache.org";name="Michael Osipov";roles="PMC Member";timezone="Europe/Berlin",rfscholte;email="rfscholte@apache.org";name="Robert Scholte";roles="PMC Member";timezone="Europe/Amsterdam",rgoers;email="rgoers@apache.org";name="Ralph Goers";organization=Intuit;roles="PMC Member";timezone=-8,sjaranowski;email="sjaranowski@apache.org";name="Slawomir Jaranowski";roles="PMC Member";timezone="Europe/Warsaw",stephenc;email="stephenc@apache.org";name="Stephen Connolly";roles="PMC Member";timezone=0,slachiewicz;email="slachiewicz@apache.org";name="Sylwester Lachiewicz";roles="PMC Member";timezone="Europe/Warsaw",struberg;email="struberg@apache.org";name="Mark Struberg";roles="PMC Member",tibordigana;email="tibordigana@apache.org";name="Tibor Digaňa";roles="PMC Member";timezone="Europe/Bratislava",vsiveton;email="vsiveton@apache.org";name="Vincent Siveton";organization=ASF;roles="PMC Member";timezone=-5,wfay;email="wfay@apache.org";name="Wayne Fay";organization=ASF;roles="PMC Member";timezone=-6,adangel;email="adangel@apache.org";name="Andreas Dangel";roles=Committer;timezone="Europe/Berlin",bdemers;email="bdemers@apache.org";name="Brian Demers";organization=Sonatype;roles=Committer;timezone=-5,bellingard;name="Fabrice Bellingard";roles=Committer,bentmann;email="bentmann@apache.org";name="Benjamin Bentmann";organization=Sonatype;roles=Committer;timezone="+1",chrisgwarp;email="chrisgwarp@apache.org";name="Chris Graham";roles=Committer;timezone="Australia/Melbourne",dantran;email="dantran@apache.org";name="Dan Tran";roles=Committer;timezone=-8,dbradicich;email="dbradicich@apache.org";name="Damian Bradicich";organization=Sonatype;roles=Committer;timezone=-5,brett;email="brett@apache.org";name="Brett Porter";organization=ASF;roles=Committer;timezone="+10",dfabulich;email="dfabulich@apache.org";name="Daniel Fabulich";roles=Committer;timezone=-8,eolivelli;email="eolivelli@apache.org";name="Enrico Olivelli";organization=Diennea;roles=Committer;timezone="Europe/Rome",fgiust;email="fgiust@apache.org";name="Fabrizio Giustina";organization=openmind;roles=Committer;timezone="+1",godin;email="godin@apache.org";name="Evgeny Mandrikov";organization=SonarSource;roles=Committer;timezone="+3",handyande;email="handyande@apache.org";name="Andrew Williams";roles=Committer;timezone=0,imod;email="imod@apache.org";name="Dominik Bartholdi";roles=Committer;timezone="Europe/Zurich",jjensen;name="Jeff Jensen";roles=Committer,ltheussl;email="ltheussl@apache.org";name="Lukas Theussl";roles=Committer;timezone="+1",markh;email="markh@apache.org";name="Mark Hobson";roles=Committer;timezone=0,martinkanters;email="martinkanters@apache.org";name="Martin Kanters";organization=JPoint;roles=Committer;timezone="Europe/Amsterdam",mauro;name="Mauro Talevi";roles=Committer,mfriedenhagen;email="mfriedenhagen@apache.org";name="Mirko Friedenhagen";roles=Committer;timezone="+1",mmoser;email="mmoser@apache.org";name="Manfred Moser";roles=Committer;timezone=-8,nicolas;name="Nicolas de Loof";roles=Committer,oching;name="Maria Odea B. Ching";roles=Committer,pgier;email="pgier@apache.org";name="Paul Gier";organization="Red Hat";roles=Committer;timezone=-6,ptahchiev;email="ptahchiev@apache.org";name="Petar Tahchiev";roles=Committer;timezone="+2",rafale;email="rafale@apache.org";name="Raphaël Piéroni";organization=Dexem;roles=Committer;timezone="+1",schulte;email="schulte@apache.org";name="Christian Schulte";roles=Committer;timezone="Europe/Berlin",snicoll;email="snicoll@apache.org";name="Stephane Nicoll";roles=Committer;timezone="+1",simonetripodi;email="simonetripodi@apache.org";name="Simone Tripodi";roles=Committer;timezone="+1",sor;email="sor@apache.org";name="Christian Stein";roles=Committer;timezone="Europe/Berlin",tchemit;email="tchemit@apache.org";name="Tony Chemit";organization=CodeLutin;roles=Committer;timezone="Europe/Paris",vmassol;email="vmassol@apache.org";name="Vincent Massol";organization=ASF;roles=Committer;timezone="+1",elharo;email="elharo@apache.org";name="Elliotte Rusty Harold";roles=Committer;timezone="America/New_York",agudian;email="agudian@apache.org";name="Andreas Gudian";roles=Emeritus;timezone="Europe/Berlin",aramirez;name="Allan Q. Ramirez";roles=Emeritus,bayard;name="Henri Yandell";roles=Emeritus,carlos;email="carlos@apache.org";name="Carlos Sanchez";organization=ASF;roles=Emeritus;timezone="+1",chrisjs;name="Chris Stevenson";roles=Emeritus,dblevins;name="David Blevins";roles=Emeritus,dlr;name="Daniel Rall";roles=Emeritus,epunzalan;email="epunzalan@apache.org";name="Edwin Punzalan";roles=Emeritus;timezone=-8,felipeal;name="Felipe Leme";roles=Emeritus,jdcasey;email="jdcasey@apache.org";name="John Casey";organization=ASF;roles=Emeritus;timezone=-6,jmcconnell;email="jmcconnell@apache.org";name="Jesse McConnell";organization=ASF;roles=Emeritus;timezone=-6,joakime;email="joakime@apache.org";name="Joakim Erdfelt";organization=ASF;roles=Emeritus;timezone=-5,jruiz;email="jruiz@apache.org";name="Johnny Ruiz III";roles=Emeritus,jstrachan;name="James Strachan";roles=Emeritus,jtolentino;email="jtolentino@apache.org";name="Ernesto Tolentino Jr.";organization=ASF;roles=Emeritus;timezone="+8",kenney;email="kenney@apache.org";name="Kenney Westerhof";organization=Neonics;roles=Emeritus;timezone="+1",mperham;email="mperham@gmail.com";name="Mike Perham";organization=IBM;roles=Emeritus;timezone=-6,ogusakov;name="Oleg Gusakov";roles=Emeritus,pschneider;email="pschneider@gmail.com";name="Patrick Schneider";roles=Emeritus;timezone=-6,rinku;name="Rahul Thakur";roles=Emeritus,shinobu;name="Shinobu Kuwai";roles=Emeritus,smorgrav;name="Torbjorn Eikli Smorgrav";roles=Emeritus,trygvis;email="trygvis@apache.org";name="Trygve Laugstol";organization=ASF;roles=Emeritus;timezone="+1",wsmoak;email="wsmoak@apache.org";name="Wendy Smoak";roles=Emeritus;timezone=-7 Low Vendor Manifest bundle-docurl https://maven.apache.org/resolver/maven-resolver-api/ Low Vendor Manifest bundle-symbolicname org.apache.maven.resolver.api Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid maven-resolver-api Highest Vendor pom artifactid maven-resolver-api Low Vendor pom groupid org.apache.maven.resolver Highest Vendor pom name Maven Artifact Resolver API High Vendor pom parent-artifactid maven-resolver Low Product file name maven-resolver-api High Product jar package name artifact Highest Product jar package name repository Highest Product Manifest automatic-module-name org.apache.maven.resolver Medium Product Manifest build-jdk-spec 21 Low Product Manifest bundle-developers khmarbaise;email="khmarbaise@apache.org";name="Karl Heinz Marbaise";roles="PMC Chair";timezone="+1",aheritier;email="aheritier@apache.org";name="Arnaud Héritier";roles="PMC Member";timezone="+1",andham;email="andham@apache.org";name="Anders Hammar";roles="PMC Member";timezone="+1",baerrach;email="baerrach@apache.org";name="Barrie Treloar";roles="PMC Member";timezone="Australia/Adelaide",bimargulies;email="bimargulies@apache.org";name="Benson Margulies";roles="PMC Member";timezone="America/New_York",bmarwell;email="bmarwell@apache.org";name="Benjamin Marwell";organization=ASF;roles="PMC Member";timezone="Europe/Berlin",brianf;email="brianf@apache.org";name="Brian Fox";organization=Sonatype;roles="PMC Member";timezone=-5,cstamas;email="cstamas@apache.org";name="Tamas Cservenak";roles="PMC Member";timezone="+1",dennisl;email="dennisl@apache.org";name="Dennis Lundberg";organization=ASF;roles="PMC Member";timezone="+1",dkulp;email="dkulp@apache.org";name="Daniel Kulp";organization=ASF;roles="PMC Member";timezone=-5,evenisse;email="evenisse@apache.org";name="Emmanuel Venisse";organization=ASF;roles="PMC Member";timezone="+1",gboue;email="gboue@apache.org";name="Guillaume Boué";roles="PMC Member";timezone="Europe/Paris",gnodet;email="gnodet@apache.org";name="Guillaume Nodet";organization="Red Hat";roles="PMC Member";timezone="Europe/Paris",henning;email="henning@apache.org";name="Henning Schmiedehausen";organization=ASF;roles="PMC Member";timezone="America/Los_Angeles",hboutemy;email="hboutemy@apache.org";name="Hervé Boutemy";organization=ASF;roles="PMC Member";timezone="Europe/Paris",ifedorenko;email="igor@ifedorenko.com";name="Igor Fedorenko";organization=Sonatype;roles="PMC Member";timezone=-5,jvanzyl;email="jason@maven.org";name="Jason van Zyl";roles="PMC Member";timezone=-5,krosenvold;email="krosenvold@apache.org";name="Kristian Rosenvold";roles="PMC Member";timezone="+1",kwin;email="kwin@apache.org";name="Konrad Windszus";organization="Cognizant Netcentric";roles="PMC Member";timezone="Europe/Berlin",mkleint;name="Milos Kleint";roles="PMC Member",mthmulders;email="mthmulders@apache.org";name="Maarten Mulders";organization="Info Support";roles="PMC Member";timezone="Europe/Amsterdam",olamy;email="olamy@apache.org";name="Olivier Lamy";roles="PMC Member";timezone="Australia/Brisbane",michaelo;email="michaelo@apache.org";name="Michael Osipov";roles="PMC Member";timezone="Europe/Berlin",rfscholte;email="rfscholte@apache.org";name="Robert Scholte";roles="PMC Member";timezone="Europe/Amsterdam",rgoers;email="rgoers@apache.org";name="Ralph Goers";organization=Intuit;roles="PMC Member";timezone=-8,sjaranowski;email="sjaranowski@apache.org";name="Slawomir Jaranowski";roles="PMC Member";timezone="Europe/Warsaw",stephenc;email="stephenc@apache.org";name="Stephen Connolly";roles="PMC Member";timezone=0,slachiewicz;email="slachiewicz@apache.org";name="Sylwester Lachiewicz";roles="PMC Member";timezone="Europe/Warsaw",struberg;email="struberg@apache.org";name="Mark Struberg";roles="PMC Member",tibordigana;email="tibordigana@apache.org";name="Tibor Digaňa";roles="PMC Member";timezone="Europe/Bratislava",vsiveton;email="vsiveton@apache.org";name="Vincent Siveton";organization=ASF;roles="PMC Member";timezone=-5,wfay;email="wfay@apache.org";name="Wayne Fay";organization=ASF;roles="PMC Member";timezone=-6,adangel;email="adangel@apache.org";name="Andreas Dangel";roles=Committer;timezone="Europe/Berlin",bdemers;email="bdemers@apache.org";name="Brian Demers";organization=Sonatype;roles=Committer;timezone=-5,bellingard;name="Fabrice Bellingard";roles=Committer,bentmann;email="bentmann@apache.org";name="Benjamin Bentmann";organization=Sonatype;roles=Committer;timezone="+1",chrisgwarp;email="chrisgwarp@apache.org";name="Chris Graham";roles=Committer;timezone="Australia/Melbourne",dantran;email="dantran@apache.org";name="Dan Tran";roles=Committer;timezone=-8,dbradicich;email="dbradicich@apache.org";name="Damian Bradicich";organization=Sonatype;roles=Committer;timezone=-5,brett;email="brett@apache.org";name="Brett Porter";organization=ASF;roles=Committer;timezone="+10",dfabulich;email="dfabulich@apache.org";name="Daniel Fabulich";roles=Committer;timezone=-8,eolivelli;email="eolivelli@apache.org";name="Enrico Olivelli";organization=Diennea;roles=Committer;timezone="Europe/Rome",fgiust;email="fgiust@apache.org";name="Fabrizio Giustina";organization=openmind;roles=Committer;timezone="+1",godin;email="godin@apache.org";name="Evgeny Mandrikov";organization=SonarSource;roles=Committer;timezone="+3",handyande;email="handyande@apache.org";name="Andrew Williams";roles=Committer;timezone=0,imod;email="imod@apache.org";name="Dominik Bartholdi";roles=Committer;timezone="Europe/Zurich",jjensen;name="Jeff Jensen";roles=Committer,ltheussl;email="ltheussl@apache.org";name="Lukas Theussl";roles=Committer;timezone="+1",markh;email="markh@apache.org";name="Mark Hobson";roles=Committer;timezone=0,martinkanters;email="martinkanters@apache.org";name="Martin Kanters";organization=JPoint;roles=Committer;timezone="Europe/Amsterdam",mauro;name="Mauro Talevi";roles=Committer,mfriedenhagen;email="mfriedenhagen@apache.org";name="Mirko Friedenhagen";roles=Committer;timezone="+1",mmoser;email="mmoser@apache.org";name="Manfred Moser";roles=Committer;timezone=-8,nicolas;name="Nicolas de Loof";roles=Committer,oching;name="Maria Odea B. Ching";roles=Committer,pgier;email="pgier@apache.org";name="Paul Gier";organization="Red Hat";roles=Committer;timezone=-6,ptahchiev;email="ptahchiev@apache.org";name="Petar Tahchiev";roles=Committer;timezone="+2",rafale;email="rafale@apache.org";name="Raphaël Piéroni";organization=Dexem;roles=Committer;timezone="+1",schulte;email="schulte@apache.org";name="Christian Schulte";roles=Committer;timezone="Europe/Berlin",snicoll;email="snicoll@apache.org";name="Stephane Nicoll";roles=Committer;timezone="+1",simonetripodi;email="simonetripodi@apache.org";name="Simone Tripodi";roles=Committer;timezone="+1",sor;email="sor@apache.org";name="Christian Stein";roles=Committer;timezone="Europe/Berlin",tchemit;email="tchemit@apache.org";name="Tony Chemit";organization=CodeLutin;roles=Committer;timezone="Europe/Paris",vmassol;email="vmassol@apache.org";name="Vincent Massol";organization=ASF;roles=Committer;timezone="+1",elharo;email="elharo@apache.org";name="Elliotte Rusty Harold";roles=Committer;timezone="America/New_York",agudian;email="agudian@apache.org";name="Andreas Gudian";roles=Emeritus;timezone="Europe/Berlin",aramirez;name="Allan Q. Ramirez";roles=Emeritus,bayard;name="Henri Yandell";roles=Emeritus,carlos;email="carlos@apache.org";name="Carlos Sanchez";organization=ASF;roles=Emeritus;timezone="+1",chrisjs;name="Chris Stevenson";roles=Emeritus,dblevins;name="David Blevins";roles=Emeritus,dlr;name="Daniel Rall";roles=Emeritus,epunzalan;email="epunzalan@apache.org";name="Edwin Punzalan";roles=Emeritus;timezone=-8,felipeal;name="Felipe Leme";roles=Emeritus,jdcasey;email="jdcasey@apache.org";name="John Casey";organization=ASF;roles=Emeritus;timezone=-6,jmcconnell;email="jmcconnell@apache.org";name="Jesse McConnell";organization=ASF;roles=Emeritus;timezone=-6,joakime;email="joakime@apache.org";name="Joakim Erdfelt";organization=ASF;roles=Emeritus;timezone=-5,jruiz;email="jruiz@apache.org";name="Johnny Ruiz III";roles=Emeritus,jstrachan;name="James Strachan";roles=Emeritus,jtolentino;email="jtolentino@apache.org";name="Ernesto Tolentino Jr.";organization=ASF;roles=Emeritus;timezone="+8",kenney;email="kenney@apache.org";name="Kenney Westerhof";organization=Neonics;roles=Emeritus;timezone="+1",mperham;email="mperham@gmail.com";name="Mike Perham";organization=IBM;roles=Emeritus;timezone=-6,ogusakov;name="Oleg Gusakov";roles=Emeritus,pschneider;email="pschneider@gmail.com";name="Patrick Schneider";roles=Emeritus;timezone=-6,rinku;name="Rahul Thakur";roles=Emeritus,shinobu;name="Shinobu Kuwai";roles=Emeritus,smorgrav;name="Torbjorn Eikli Smorgrav";roles=Emeritus,trygvis;email="trygvis@apache.org";name="Trygve Laugstol";organization=ASF;roles=Emeritus;timezone="+1",wsmoak;email="wsmoak@apache.org";name="Wendy Smoak";roles=Emeritus;timezone=-7 Low Product Manifest bundle-docurl https://maven.apache.org/resolver/maven-resolver-api/ Low Product Manifest Bundle-Name Maven Artifact Resolver API Medium Product Manifest bundle-symbolicname org.apache.maven.resolver.api Medium Product Manifest Implementation-Title Maven Artifact Resolver API High Product Manifest specification-title Maven Artifact Resolver API Medium Product pom artifactid maven-resolver-api Highest Product pom groupid org.apache.maven.resolver Highest Product pom name Maven Artifact Resolver API High Product pom parent-artifactid maven-resolver Medium Version file version 1.9.22 High Version Manifest Bundle-Version 1.9.22 High Version Manifest Implementation-Version 1.9.22 High Version pom version 1.9.22 Highest
maven-resolver-impl-1.9.22.jarDescription:
An implementation of the repository system. License:
"Apache-2.0";link="https://www.apache.org/licenses/LICENSE-2.0.txt" File Path: /home/runner/.m2/repository/org/apache/maven/resolver/maven-resolver-impl/1.9.22/maven-resolver-impl-1.9.22.jar
MD5: 965f1348220f046c6cbde059c971685d
SHA1: 19b7a728c9000f8db615f64552d95fe74b413617
SHA256: e4dafb8acc13d736377c02d2170d869438dd74b98b860745909d238726babcbb
Referenced In Project/Scope: SchemaSpy Maven Plugin:provided
maven-resolver-impl-1.9.22.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven/maven-core@3.9.9
Evidence Type Source Name Value Confidence Vendor file name maven-resolver-impl High Vendor jar package name impl Highest Vendor Manifest automatic-module-name org.apache.maven.resolver.impl Medium Vendor Manifest build-jdk-spec 21 Low Vendor Manifest bundle-developers khmarbaise;email="khmarbaise@apache.org";name="Karl Heinz Marbaise";roles="PMC Chair";timezone="+1",aheritier;email="aheritier@apache.org";name="Arnaud Héritier";roles="PMC Member";timezone="+1",andham;email="andham@apache.org";name="Anders Hammar";roles="PMC Member";timezone="+1",baerrach;email="baerrach@apache.org";name="Barrie Treloar";roles="PMC Member";timezone="Australia/Adelaide",bimargulies;email="bimargulies@apache.org";name="Benson Margulies";roles="PMC Member";timezone="America/New_York",bmarwell;email="bmarwell@apache.org";name="Benjamin Marwell";organization=ASF;roles="PMC Member";timezone="Europe/Berlin",brianf;email="brianf@apache.org";name="Brian Fox";organization=Sonatype;roles="PMC Member";timezone=-5,cstamas;email="cstamas@apache.org";name="Tamas Cservenak";roles="PMC Member";timezone="+1",dennisl;email="dennisl@apache.org";name="Dennis Lundberg";organization=ASF;roles="PMC Member";timezone="+1",dkulp;email="dkulp@apache.org";name="Daniel Kulp";organization=ASF;roles="PMC Member";timezone=-5,evenisse;email="evenisse@apache.org";name="Emmanuel Venisse";organization=ASF;roles="PMC Member";timezone="+1",gboue;email="gboue@apache.org";name="Guillaume Boué";roles="PMC Member";timezone="Europe/Paris",gnodet;email="gnodet@apache.org";name="Guillaume Nodet";organization="Red Hat";roles="PMC Member";timezone="Europe/Paris",henning;email="henning@apache.org";name="Henning Schmiedehausen";organization=ASF;roles="PMC Member";timezone="America/Los_Angeles",hboutemy;email="hboutemy@apache.org";name="Hervé Boutemy";organization=ASF;roles="PMC Member";timezone="Europe/Paris",ifedorenko;email="igor@ifedorenko.com";name="Igor Fedorenko";organization=Sonatype;roles="PMC Member";timezone=-5,jvanzyl;email="jason@maven.org";name="Jason van Zyl";roles="PMC Member";timezone=-5,krosenvold;email="krosenvold@apache.org";name="Kristian Rosenvold";roles="PMC Member";timezone="+1",kwin;email="kwin@apache.org";name="Konrad Windszus";organization="Cognizant Netcentric";roles="PMC Member";timezone="Europe/Berlin",mkleint;name="Milos Kleint";roles="PMC Member",mthmulders;email="mthmulders@apache.org";name="Maarten Mulders";organization="Info Support";roles="PMC Member";timezone="Europe/Amsterdam",olamy;email="olamy@apache.org";name="Olivier Lamy";roles="PMC Member";timezone="Australia/Brisbane",michaelo;email="michaelo@apache.org";name="Michael Osipov";roles="PMC Member";timezone="Europe/Berlin",rfscholte;email="rfscholte@apache.org";name="Robert Scholte";roles="PMC Member";timezone="Europe/Amsterdam",rgoers;email="rgoers@apache.org";name="Ralph Goers";organization=Intuit;roles="PMC Member";timezone=-8,sjaranowski;email="sjaranowski@apache.org";name="Slawomir Jaranowski";roles="PMC Member";timezone="Europe/Warsaw",stephenc;email="stephenc@apache.org";name="Stephen Connolly";roles="PMC Member";timezone=0,slachiewicz;email="slachiewicz@apache.org";name="Sylwester Lachiewicz";roles="PMC Member";timezone="Europe/Warsaw",struberg;email="struberg@apache.org";name="Mark Struberg";roles="PMC Member",tibordigana;email="tibordigana@apache.org";name="Tibor Digaňa";roles="PMC Member";timezone="Europe/Bratislava",vsiveton;email="vsiveton@apache.org";name="Vincent Siveton";organization=ASF;roles="PMC Member";timezone=-5,wfay;email="wfay@apache.org";name="Wayne Fay";organization=ASF;roles="PMC Member";timezone=-6,adangel;email="adangel@apache.org";name="Andreas Dangel";roles=Committer;timezone="Europe/Berlin",bdemers;email="bdemers@apache.org";name="Brian Demers";organization=Sonatype;roles=Committer;timezone=-5,bellingard;name="Fabrice Bellingard";roles=Committer,bentmann;email="bentmann@apache.org";name="Benjamin Bentmann";organization=Sonatype;roles=Committer;timezone="+1",chrisgwarp;email="chrisgwarp@apache.org";name="Chris Graham";roles=Committer;timezone="Australia/Melbourne",dantran;email="dantran@apache.org";name="Dan Tran";roles=Committer;timezone=-8,dbradicich;email="dbradicich@apache.org";name="Damian Bradicich";organization=Sonatype;roles=Committer;timezone=-5,brett;email="brett@apache.org";name="Brett Porter";organization=ASF;roles=Committer;timezone="+10",dfabulich;email="dfabulich@apache.org";name="Daniel Fabulich";roles=Committer;timezone=-8,eolivelli;email="eolivelli@apache.org";name="Enrico Olivelli";organization=Diennea;roles=Committer;timezone="Europe/Rome",fgiust;email="fgiust@apache.org";name="Fabrizio Giustina";organization=openmind;roles=Committer;timezone="+1",godin;email="godin@apache.org";name="Evgeny Mandrikov";organization=SonarSource;roles=Committer;timezone="+3",handyande;email="handyande@apache.org";name="Andrew Williams";roles=Committer;timezone=0,imod;email="imod@apache.org";name="Dominik Bartholdi";roles=Committer;timezone="Europe/Zurich",jjensen;name="Jeff Jensen";roles=Committer,ltheussl;email="ltheussl@apache.org";name="Lukas Theussl";roles=Committer;timezone="+1",markh;email="markh@apache.org";name="Mark Hobson";roles=Committer;timezone=0,martinkanters;email="martinkanters@apache.org";name="Martin Kanters";organization=JPoint;roles=Committer;timezone="Europe/Amsterdam",mauro;name="Mauro Talevi";roles=Committer,mfriedenhagen;email="mfriedenhagen@apache.org";name="Mirko Friedenhagen";roles=Committer;timezone="+1",mmoser;email="mmoser@apache.org";name="Manfred Moser";roles=Committer;timezone=-8,nicolas;name="Nicolas de Loof";roles=Committer,oching;name="Maria Odea B. Ching";roles=Committer,pgier;email="pgier@apache.org";name="Paul Gier";organization="Red Hat";roles=Committer;timezone=-6,ptahchiev;email="ptahchiev@apache.org";name="Petar Tahchiev";roles=Committer;timezone="+2",rafale;email="rafale@apache.org";name="Raphaël Piéroni";organization=Dexem;roles=Committer;timezone="+1",schulte;email="schulte@apache.org";name="Christian Schulte";roles=Committer;timezone="Europe/Berlin",snicoll;email="snicoll@apache.org";name="Stephane Nicoll";roles=Committer;timezone="+1",simonetripodi;email="simonetripodi@apache.org";name="Simone Tripodi";roles=Committer;timezone="+1",sor;email="sor@apache.org";name="Christian Stein";roles=Committer;timezone="Europe/Berlin",tchemit;email="tchemit@apache.org";name="Tony Chemit";organization=CodeLutin;roles=Committer;timezone="Europe/Paris",vmassol;email="vmassol@apache.org";name="Vincent Massol";organization=ASF;roles=Committer;timezone="+1",elharo;email="elharo@apache.org";name="Elliotte Rusty Harold";roles=Committer;timezone="America/New_York",agudian;email="agudian@apache.org";name="Andreas Gudian";roles=Emeritus;timezone="Europe/Berlin",aramirez;name="Allan Q. Ramirez";roles=Emeritus,bayard;name="Henri Yandell";roles=Emeritus,carlos;email="carlos@apache.org";name="Carlos Sanchez";organization=ASF;roles=Emeritus;timezone="+1",chrisjs;name="Chris Stevenson";roles=Emeritus,dblevins;name="David Blevins";roles=Emeritus,dlr;name="Daniel Rall";roles=Emeritus,epunzalan;email="epunzalan@apache.org";name="Edwin Punzalan";roles=Emeritus;timezone=-8,felipeal;name="Felipe Leme";roles=Emeritus,jdcasey;email="jdcasey@apache.org";name="John Casey";organization=ASF;roles=Emeritus;timezone=-6,jmcconnell;email="jmcconnell@apache.org";name="Jesse McConnell";organization=ASF;roles=Emeritus;timezone=-6,joakime;email="joakime@apache.org";name="Joakim Erdfelt";organization=ASF;roles=Emeritus;timezone=-5,jruiz;email="jruiz@apache.org";name="Johnny Ruiz III";roles=Emeritus,jstrachan;name="James Strachan";roles=Emeritus,jtolentino;email="jtolentino@apache.org";name="Ernesto Tolentino Jr.";organization=ASF;roles=Emeritus;timezone="+8",kenney;email="kenney@apache.org";name="Kenney Westerhof";organization=Neonics;roles=Emeritus;timezone="+1",mperham;email="mperham@gmail.com";name="Mike Perham";organization=IBM;roles=Emeritus;timezone=-6,ogusakov;name="Oleg Gusakov";roles=Emeritus,pschneider;email="pschneider@gmail.com";name="Patrick Schneider";roles=Emeritus;timezone=-6,rinku;name="Rahul Thakur";roles=Emeritus,shinobu;name="Shinobu Kuwai";roles=Emeritus,smorgrav;name="Torbjorn Eikli Smorgrav";roles=Emeritus,trygvis;email="trygvis@apache.org";name="Trygve Laugstol";organization=ASF;roles=Emeritus;timezone="+1",wsmoak;email="wsmoak@apache.org";name="Wendy Smoak";roles=Emeritus;timezone=-7 Low Vendor Manifest bundle-docurl https://maven.apache.org/resolver/maven-resolver-impl/ Low Vendor Manifest bundle-symbolicname org.apache.maven.resolver.impl Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid maven-resolver-impl Highest Vendor pom artifactid maven-resolver-impl Low Vendor pom groupid org.apache.maven.resolver Highest Vendor pom name Maven Artifact Resolver Implementation High Vendor pom parent-artifactid maven-resolver Low Product file name maven-resolver-impl High Product jar package name impl Highest Product Manifest automatic-module-name org.apache.maven.resolver.impl Medium Product Manifest build-jdk-spec 21 Low Product Manifest bundle-developers khmarbaise;email="khmarbaise@apache.org";name="Karl Heinz Marbaise";roles="PMC Chair";timezone="+1",aheritier;email="aheritier@apache.org";name="Arnaud Héritier";roles="PMC Member";timezone="+1",andham;email="andham@apache.org";name="Anders Hammar";roles="PMC Member";timezone="+1",baerrach;email="baerrach@apache.org";name="Barrie Treloar";roles="PMC Member";timezone="Australia/Adelaide",bimargulies;email="bimargulies@apache.org";name="Benson Margulies";roles="PMC Member";timezone="America/New_York",bmarwell;email="bmarwell@apache.org";name="Benjamin Marwell";organization=ASF;roles="PMC Member";timezone="Europe/Berlin",brianf;email="brianf@apache.org";name="Brian Fox";organization=Sonatype;roles="PMC Member";timezone=-5,cstamas;email="cstamas@apache.org";name="Tamas Cservenak";roles="PMC Member";timezone="+1",dennisl;email="dennisl@apache.org";name="Dennis Lundberg";organization=ASF;roles="PMC Member";timezone="+1",dkulp;email="dkulp@apache.org";name="Daniel Kulp";organization=ASF;roles="PMC Member";timezone=-5,evenisse;email="evenisse@apache.org";name="Emmanuel Venisse";organization=ASF;roles="PMC Member";timezone="+1",gboue;email="gboue@apache.org";name="Guillaume Boué";roles="PMC Member";timezone="Europe/Paris",gnodet;email="gnodet@apache.org";name="Guillaume Nodet";organization="Red Hat";roles="PMC Member";timezone="Europe/Paris",henning;email="henning@apache.org";name="Henning Schmiedehausen";organization=ASF;roles="PMC Member";timezone="America/Los_Angeles",hboutemy;email="hboutemy@apache.org";name="Hervé Boutemy";organization=ASF;roles="PMC Member";timezone="Europe/Paris",ifedorenko;email="igor@ifedorenko.com";name="Igor Fedorenko";organization=Sonatype;roles="PMC Member";timezone=-5,jvanzyl;email="jason@maven.org";name="Jason van Zyl";roles="PMC Member";timezone=-5,krosenvold;email="krosenvold@apache.org";name="Kristian Rosenvold";roles="PMC Member";timezone="+1",kwin;email="kwin@apache.org";name="Konrad Windszus";organization="Cognizant Netcentric";roles="PMC Member";timezone="Europe/Berlin",mkleint;name="Milos Kleint";roles="PMC Member",mthmulders;email="mthmulders@apache.org";name="Maarten Mulders";organization="Info Support";roles="PMC Member";timezone="Europe/Amsterdam",olamy;email="olamy@apache.org";name="Olivier Lamy";roles="PMC Member";timezone="Australia/Brisbane",michaelo;email="michaelo@apache.org";name="Michael Osipov";roles="PMC Member";timezone="Europe/Berlin",rfscholte;email="rfscholte@apache.org";name="Robert Scholte";roles="PMC Member";timezone="Europe/Amsterdam",rgoers;email="rgoers@apache.org";name="Ralph Goers";organization=Intuit;roles="PMC Member";timezone=-8,sjaranowski;email="sjaranowski@apache.org";name="Slawomir Jaranowski";roles="PMC Member";timezone="Europe/Warsaw",stephenc;email="stephenc@apache.org";name="Stephen Connolly";roles="PMC Member";timezone=0,slachiewicz;email="slachiewicz@apache.org";name="Sylwester Lachiewicz";roles="PMC Member";timezone="Europe/Warsaw",struberg;email="struberg@apache.org";name="Mark Struberg";roles="PMC Member",tibordigana;email="tibordigana@apache.org";name="Tibor Digaňa";roles="PMC Member";timezone="Europe/Bratislava",vsiveton;email="vsiveton@apache.org";name="Vincent Siveton";organization=ASF;roles="PMC Member";timezone=-5,wfay;email="wfay@apache.org";name="Wayne Fay";organization=ASF;roles="PMC Member";timezone=-6,adangel;email="adangel@apache.org";name="Andreas Dangel";roles=Committer;timezone="Europe/Berlin",bdemers;email="bdemers@apache.org";name="Brian Demers";organization=Sonatype;roles=Committer;timezone=-5,bellingard;name="Fabrice Bellingard";roles=Committer,bentmann;email="bentmann@apache.org";name="Benjamin Bentmann";organization=Sonatype;roles=Committer;timezone="+1",chrisgwarp;email="chrisgwarp@apache.org";name="Chris Graham";roles=Committer;timezone="Australia/Melbourne",dantran;email="dantran@apache.org";name="Dan Tran";roles=Committer;timezone=-8,dbradicich;email="dbradicich@apache.org";name="Damian Bradicich";organization=Sonatype;roles=Committer;timezone=-5,brett;email="brett@apache.org";name="Brett Porter";organization=ASF;roles=Committer;timezone="+10",dfabulich;email="dfabulich@apache.org";name="Daniel Fabulich";roles=Committer;timezone=-8,eolivelli;email="eolivelli@apache.org";name="Enrico Olivelli";organization=Diennea;roles=Committer;timezone="Europe/Rome",fgiust;email="fgiust@apache.org";name="Fabrizio Giustina";organization=openmind;roles=Committer;timezone="+1",godin;email="godin@apache.org";name="Evgeny Mandrikov";organization=SonarSource;roles=Committer;timezone="+3",handyande;email="handyande@apache.org";name="Andrew Williams";roles=Committer;timezone=0,imod;email="imod@apache.org";name="Dominik Bartholdi";roles=Committer;timezone="Europe/Zurich",jjensen;name="Jeff Jensen";roles=Committer,ltheussl;email="ltheussl@apache.org";name="Lukas Theussl";roles=Committer;timezone="+1",markh;email="markh@apache.org";name="Mark Hobson";roles=Committer;timezone=0,martinkanters;email="martinkanters@apache.org";name="Martin Kanters";organization=JPoint;roles=Committer;timezone="Europe/Amsterdam",mauro;name="Mauro Talevi";roles=Committer,mfriedenhagen;email="mfriedenhagen@apache.org";name="Mirko Friedenhagen";roles=Committer;timezone="+1",mmoser;email="mmoser@apache.org";name="Manfred Moser";roles=Committer;timezone=-8,nicolas;name="Nicolas de Loof";roles=Committer,oching;name="Maria Odea B. Ching";roles=Committer,pgier;email="pgier@apache.org";name="Paul Gier";organization="Red Hat";roles=Committer;timezone=-6,ptahchiev;email="ptahchiev@apache.org";name="Petar Tahchiev";roles=Committer;timezone="+2",rafale;email="rafale@apache.org";name="Raphaël Piéroni";organization=Dexem;roles=Committer;timezone="+1",schulte;email="schulte@apache.org";name="Christian Schulte";roles=Committer;timezone="Europe/Berlin",snicoll;email="snicoll@apache.org";name="Stephane Nicoll";roles=Committer;timezone="+1",simonetripodi;email="simonetripodi@apache.org";name="Simone Tripodi";roles=Committer;timezone="+1",sor;email="sor@apache.org";name="Christian Stein";roles=Committer;timezone="Europe/Berlin",tchemit;email="tchemit@apache.org";name="Tony Chemit";organization=CodeLutin;roles=Committer;timezone="Europe/Paris",vmassol;email="vmassol@apache.org";name="Vincent Massol";organization=ASF;roles=Committer;timezone="+1",elharo;email="elharo@apache.org";name="Elliotte Rusty Harold";roles=Committer;timezone="America/New_York",agudian;email="agudian@apache.org";name="Andreas Gudian";roles=Emeritus;timezone="Europe/Berlin",aramirez;name="Allan Q. Ramirez";roles=Emeritus,bayard;name="Henri Yandell";roles=Emeritus,carlos;email="carlos@apache.org";name="Carlos Sanchez";organization=ASF;roles=Emeritus;timezone="+1",chrisjs;name="Chris Stevenson";roles=Emeritus,dblevins;name="David Blevins";roles=Emeritus,dlr;name="Daniel Rall";roles=Emeritus,epunzalan;email="epunzalan@apache.org";name="Edwin Punzalan";roles=Emeritus;timezone=-8,felipeal;name="Felipe Leme";roles=Emeritus,jdcasey;email="jdcasey@apache.org";name="John Casey";organization=ASF;roles=Emeritus;timezone=-6,jmcconnell;email="jmcconnell@apache.org";name="Jesse McConnell";organization=ASF;roles=Emeritus;timezone=-6,joakime;email="joakime@apache.org";name="Joakim Erdfelt";organization=ASF;roles=Emeritus;timezone=-5,jruiz;email="jruiz@apache.org";name="Johnny Ruiz III";roles=Emeritus,jstrachan;name="James Strachan";roles=Emeritus,jtolentino;email="jtolentino@apache.org";name="Ernesto Tolentino Jr.";organization=ASF;roles=Emeritus;timezone="+8",kenney;email="kenney@apache.org";name="Kenney Westerhof";organization=Neonics;roles=Emeritus;timezone="+1",mperham;email="mperham@gmail.com";name="Mike Perham";organization=IBM;roles=Emeritus;timezone=-6,ogusakov;name="Oleg Gusakov";roles=Emeritus,pschneider;email="pschneider@gmail.com";name="Patrick Schneider";roles=Emeritus;timezone=-6,rinku;name="Rahul Thakur";roles=Emeritus,shinobu;name="Shinobu Kuwai";roles=Emeritus,smorgrav;name="Torbjorn Eikli Smorgrav";roles=Emeritus,trygvis;email="trygvis@apache.org";name="Trygve Laugstol";organization=ASF;roles=Emeritus;timezone="+1",wsmoak;email="wsmoak@apache.org";name="Wendy Smoak";roles=Emeritus;timezone=-7 Low Product Manifest bundle-docurl https://maven.apache.org/resolver/maven-resolver-impl/ Low Product Manifest Bundle-Name Maven Artifact Resolver Implementation Medium Product Manifest bundle-symbolicname org.apache.maven.resolver.impl Medium Product Manifest Implementation-Title Maven Artifact Resolver Implementation High Product Manifest specification-title Maven Artifact Resolver Implementation Medium Product pom artifactid maven-resolver-impl Highest Product pom groupid org.apache.maven.resolver Highest Product pom name Maven Artifact Resolver Implementation High Product pom parent-artifactid maven-resolver Medium Version file version 1.9.22 High Version Manifest Bundle-Version 1.9.22 High Version Manifest Implementation-Version 1.9.22 High Version pom version 1.9.22 Highest
maven-resolver-named-locks-1.9.22.jarDescription:
A synchronization utility implementation using Named locks. License:
"Apache-2.0";link="https://www.apache.org/licenses/LICENSE-2.0.txt" File Path: /home/runner/.m2/repository/org/apache/maven/resolver/maven-resolver-named-locks/1.9.22/maven-resolver-named-locks-1.9.22.jar
MD5: 3d3855f4775bc27f9962f999ea88919b
SHA1: 121433b079aad9be7ed266b19f2122eeb0e2d111
SHA256: 0685f29ec3b548d9b6917c527f13c667685a3394b955aaa5b25d0559818b7fc5
Referenced In Project/Scope: SchemaSpy Maven Plugin:provided
maven-resolver-named-locks-1.9.22.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven/maven-core@3.9.9
Evidence Type Source Name Value Confidence Vendor file name maven-resolver-named-locks High Vendor jar package name named Highest Vendor Manifest automatic-module-name org.apache.maven.resolver.named.locks Medium Vendor Manifest build-jdk-spec 21 Low Vendor Manifest bundle-developers khmarbaise;email="khmarbaise@apache.org";name="Karl Heinz Marbaise";roles="PMC Chair";timezone="+1",aheritier;email="aheritier@apache.org";name="Arnaud Héritier";roles="PMC Member";timezone="+1",andham;email="andham@apache.org";name="Anders Hammar";roles="PMC Member";timezone="+1",baerrach;email="baerrach@apache.org";name="Barrie Treloar";roles="PMC Member";timezone="Australia/Adelaide",bimargulies;email="bimargulies@apache.org";name="Benson Margulies";roles="PMC Member";timezone="America/New_York",bmarwell;email="bmarwell@apache.org";name="Benjamin Marwell";organization=ASF;roles="PMC Member";timezone="Europe/Berlin",brianf;email="brianf@apache.org";name="Brian Fox";organization=Sonatype;roles="PMC Member";timezone=-5,cstamas;email="cstamas@apache.org";name="Tamas Cservenak";roles="PMC Member";timezone="+1",dennisl;email="dennisl@apache.org";name="Dennis Lundberg";organization=ASF;roles="PMC Member";timezone="+1",dkulp;email="dkulp@apache.org";name="Daniel Kulp";organization=ASF;roles="PMC Member";timezone=-5,evenisse;email="evenisse@apache.org";name="Emmanuel Venisse";organization=ASF;roles="PMC Member";timezone="+1",gboue;email="gboue@apache.org";name="Guillaume Boué";roles="PMC Member";timezone="Europe/Paris",gnodet;email="gnodet@apache.org";name="Guillaume Nodet";organization="Red Hat";roles="PMC Member";timezone="Europe/Paris",henning;email="henning@apache.org";name="Henning Schmiedehausen";organization=ASF;roles="PMC Member";timezone="America/Los_Angeles",hboutemy;email="hboutemy@apache.org";name="Hervé Boutemy";organization=ASF;roles="PMC Member";timezone="Europe/Paris",ifedorenko;email="igor@ifedorenko.com";name="Igor Fedorenko";organization=Sonatype;roles="PMC Member";timezone=-5,jvanzyl;email="jason@maven.org";name="Jason van Zyl";roles="PMC Member";timezone=-5,krosenvold;email="krosenvold@apache.org";name="Kristian Rosenvold";roles="PMC Member";timezone="+1",kwin;email="kwin@apache.org";name="Konrad Windszus";organization="Cognizant Netcentric";roles="PMC Member";timezone="Europe/Berlin",mkleint;name="Milos Kleint";roles="PMC Member",mthmulders;email="mthmulders@apache.org";name="Maarten Mulders";organization="Info Support";roles="PMC Member";timezone="Europe/Amsterdam",olamy;email="olamy@apache.org";name="Olivier Lamy";roles="PMC Member";timezone="Australia/Brisbane",michaelo;email="michaelo@apache.org";name="Michael Osipov";roles="PMC Member";timezone="Europe/Berlin",rfscholte;email="rfscholte@apache.org";name="Robert Scholte";roles="PMC Member";timezone="Europe/Amsterdam",rgoers;email="rgoers@apache.org";name="Ralph Goers";organization=Intuit;roles="PMC Member";timezone=-8,sjaranowski;email="sjaranowski@apache.org";name="Slawomir Jaranowski";roles="PMC Member";timezone="Europe/Warsaw",stephenc;email="stephenc@apache.org";name="Stephen Connolly";roles="PMC Member";timezone=0,slachiewicz;email="slachiewicz@apache.org";name="Sylwester Lachiewicz";roles="PMC Member";timezone="Europe/Warsaw",struberg;email="struberg@apache.org";name="Mark Struberg";roles="PMC Member",tibordigana;email="tibordigana@apache.org";name="Tibor Digaňa";roles="PMC Member";timezone="Europe/Bratislava",vsiveton;email="vsiveton@apache.org";name="Vincent Siveton";organization=ASF;roles="PMC Member";timezone=-5,wfay;email="wfay@apache.org";name="Wayne Fay";organization=ASF;roles="PMC Member";timezone=-6,adangel;email="adangel@apache.org";name="Andreas Dangel";roles=Committer;timezone="Europe/Berlin",bdemers;email="bdemers@apache.org";name="Brian Demers";organization=Sonatype;roles=Committer;timezone=-5,bellingard;name="Fabrice Bellingard";roles=Committer,bentmann;email="bentmann@apache.org";name="Benjamin Bentmann";organization=Sonatype;roles=Committer;timezone="+1",chrisgwarp;email="chrisgwarp@apache.org";name="Chris Graham";roles=Committer;timezone="Australia/Melbourne",dantran;email="dantran@apache.org";name="Dan Tran";roles=Committer;timezone=-8,dbradicich;email="dbradicich@apache.org";name="Damian Bradicich";organization=Sonatype;roles=Committer;timezone=-5,brett;email="brett@apache.org";name="Brett Porter";organization=ASF;roles=Committer;timezone="+10",dfabulich;email="dfabulich@apache.org";name="Daniel Fabulich";roles=Committer;timezone=-8,eolivelli;email="eolivelli@apache.org";name="Enrico Olivelli";organization=Diennea;roles=Committer;timezone="Europe/Rome",fgiust;email="fgiust@apache.org";name="Fabrizio Giustina";organization=openmind;roles=Committer;timezone="+1",godin;email="godin@apache.org";name="Evgeny Mandrikov";organization=SonarSource;roles=Committer;timezone="+3",handyande;email="handyande@apache.org";name="Andrew Williams";roles=Committer;timezone=0,imod;email="imod@apache.org";name="Dominik Bartholdi";roles=Committer;timezone="Europe/Zurich",jjensen;name="Jeff Jensen";roles=Committer,ltheussl;email="ltheussl@apache.org";name="Lukas Theussl";roles=Committer;timezone="+1",markh;email="markh@apache.org";name="Mark Hobson";roles=Committer;timezone=0,martinkanters;email="martinkanters@apache.org";name="Martin Kanters";organization=JPoint;roles=Committer;timezone="Europe/Amsterdam",mauro;name="Mauro Talevi";roles=Committer,mfriedenhagen;email="mfriedenhagen@apache.org";name="Mirko Friedenhagen";roles=Committer;timezone="+1",mmoser;email="mmoser@apache.org";name="Manfred Moser";roles=Committer;timezone=-8,nicolas;name="Nicolas de Loof";roles=Committer,oching;name="Maria Odea B. Ching";roles=Committer,pgier;email="pgier@apache.org";name="Paul Gier";organization="Red Hat";roles=Committer;timezone=-6,ptahchiev;email="ptahchiev@apache.org";name="Petar Tahchiev";roles=Committer;timezone="+2",rafale;email="rafale@apache.org";name="Raphaël Piéroni";organization=Dexem;roles=Committer;timezone="+1",schulte;email="schulte@apache.org";name="Christian Schulte";roles=Committer;timezone="Europe/Berlin",snicoll;email="snicoll@apache.org";name="Stephane Nicoll";roles=Committer;timezone="+1",simonetripodi;email="simonetripodi@apache.org";name="Simone Tripodi";roles=Committer;timezone="+1",sor;email="sor@apache.org";name="Christian Stein";roles=Committer;timezone="Europe/Berlin",tchemit;email="tchemit@apache.org";name="Tony Chemit";organization=CodeLutin;roles=Committer;timezone="Europe/Paris",vmassol;email="vmassol@apache.org";name="Vincent Massol";organization=ASF;roles=Committer;timezone="+1",elharo;email="elharo@apache.org";name="Elliotte Rusty Harold";roles=Committer;timezone="America/New_York",agudian;email="agudian@apache.org";name="Andreas Gudian";roles=Emeritus;timezone="Europe/Berlin",aramirez;name="Allan Q. Ramirez";roles=Emeritus,bayard;name="Henri Yandell";roles=Emeritus,carlos;email="carlos@apache.org";name="Carlos Sanchez";organization=ASF;roles=Emeritus;timezone="+1",chrisjs;name="Chris Stevenson";roles=Emeritus,dblevins;name="David Blevins";roles=Emeritus,dlr;name="Daniel Rall";roles=Emeritus,epunzalan;email="epunzalan@apache.org";name="Edwin Punzalan";roles=Emeritus;timezone=-8,felipeal;name="Felipe Leme";roles=Emeritus,jdcasey;email="jdcasey@apache.org";name="John Casey";organization=ASF;roles=Emeritus;timezone=-6,jmcconnell;email="jmcconnell@apache.org";name="Jesse McConnell";organization=ASF;roles=Emeritus;timezone=-6,joakime;email="joakime@apache.org";name="Joakim Erdfelt";organization=ASF;roles=Emeritus;timezone=-5,jruiz;email="jruiz@apache.org";name="Johnny Ruiz III";roles=Emeritus,jstrachan;name="James Strachan";roles=Emeritus,jtolentino;email="jtolentino@apache.org";name="Ernesto Tolentino Jr.";organization=ASF;roles=Emeritus;timezone="+8",kenney;email="kenney@apache.org";name="Kenney Westerhof";organization=Neonics;roles=Emeritus;timezone="+1",mperham;email="mperham@gmail.com";name="Mike Perham";organization=IBM;roles=Emeritus;timezone=-6,ogusakov;name="Oleg Gusakov";roles=Emeritus,pschneider;email="pschneider@gmail.com";name="Patrick Schneider";roles=Emeritus;timezone=-6,rinku;name="Rahul Thakur";roles=Emeritus,shinobu;name="Shinobu Kuwai";roles=Emeritus,smorgrav;name="Torbjorn Eikli Smorgrav";roles=Emeritus,trygvis;email="trygvis@apache.org";name="Trygve Laugstol";organization=ASF;roles=Emeritus;timezone="+1",wsmoak;email="wsmoak@apache.org";name="Wendy Smoak";roles=Emeritus;timezone=-7 Low Vendor Manifest bundle-docurl https://maven.apache.org/resolver/maven-resolver-named-locks/ Low Vendor Manifest bundle-symbolicname org.apache.maven.resolver.named.locks Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid maven-resolver-named-locks Highest Vendor pom artifactid maven-resolver-named-locks Low Vendor pom groupid org.apache.maven.resolver Highest Vendor pom name Maven Artifact Resolver Named Locks High Vendor pom parent-artifactid maven-resolver Low Product file name maven-resolver-named-locks High Product jar package name named Highest Product jar package name support Highest Product Manifest automatic-module-name org.apache.maven.resolver.named.locks Medium Product Manifest build-jdk-spec 21 Low Product Manifest bundle-developers khmarbaise;email="khmarbaise@apache.org";name="Karl Heinz Marbaise";roles="PMC Chair";timezone="+1",aheritier;email="aheritier@apache.org";name="Arnaud Héritier";roles="PMC Member";timezone="+1",andham;email="andham@apache.org";name="Anders Hammar";roles="PMC Member";timezone="+1",baerrach;email="baerrach@apache.org";name="Barrie Treloar";roles="PMC Member";timezone="Australia/Adelaide",bimargulies;email="bimargulies@apache.org";name="Benson Margulies";roles="PMC Member";timezone="America/New_York",bmarwell;email="bmarwell@apache.org";name="Benjamin Marwell";organization=ASF;roles="PMC Member";timezone="Europe/Berlin",brianf;email="brianf@apache.org";name="Brian Fox";organization=Sonatype;roles="PMC Member";timezone=-5,cstamas;email="cstamas@apache.org";name="Tamas Cservenak";roles="PMC Member";timezone="+1",dennisl;email="dennisl@apache.org";name="Dennis Lundberg";organization=ASF;roles="PMC Member";timezone="+1",dkulp;email="dkulp@apache.org";name="Daniel Kulp";organization=ASF;roles="PMC Member";timezone=-5,evenisse;email="evenisse@apache.org";name="Emmanuel Venisse";organization=ASF;roles="PMC Member";timezone="+1",gboue;email="gboue@apache.org";name="Guillaume Boué";roles="PMC Member";timezone="Europe/Paris",gnodet;email="gnodet@apache.org";name="Guillaume Nodet";organization="Red Hat";roles="PMC Member";timezone="Europe/Paris",henning;email="henning@apache.org";name="Henning Schmiedehausen";organization=ASF;roles="PMC Member";timezone="America/Los_Angeles",hboutemy;email="hboutemy@apache.org";name="Hervé Boutemy";organization=ASF;roles="PMC Member";timezone="Europe/Paris",ifedorenko;email="igor@ifedorenko.com";name="Igor Fedorenko";organization=Sonatype;roles="PMC Member";timezone=-5,jvanzyl;email="jason@maven.org";name="Jason van Zyl";roles="PMC Member";timezone=-5,krosenvold;email="krosenvold@apache.org";name="Kristian Rosenvold";roles="PMC Member";timezone="+1",kwin;email="kwin@apache.org";name="Konrad Windszus";organization="Cognizant Netcentric";roles="PMC Member";timezone="Europe/Berlin",mkleint;name="Milos Kleint";roles="PMC Member",mthmulders;email="mthmulders@apache.org";name="Maarten Mulders";organization="Info Support";roles="PMC Member";timezone="Europe/Amsterdam",olamy;email="olamy@apache.org";name="Olivier Lamy";roles="PMC Member";timezone="Australia/Brisbane",michaelo;email="michaelo@apache.org";name="Michael Osipov";roles="PMC Member";timezone="Europe/Berlin",rfscholte;email="rfscholte@apache.org";name="Robert Scholte";roles="PMC Member";timezone="Europe/Amsterdam",rgoers;email="rgoers@apache.org";name="Ralph Goers";organization=Intuit;roles="PMC Member";timezone=-8,sjaranowski;email="sjaranowski@apache.org";name="Slawomir Jaranowski";roles="PMC Member";timezone="Europe/Warsaw",stephenc;email="stephenc@apache.org";name="Stephen Connolly";roles="PMC Member";timezone=0,slachiewicz;email="slachiewicz@apache.org";name="Sylwester Lachiewicz";roles="PMC Member";timezone="Europe/Warsaw",struberg;email="struberg@apache.org";name="Mark Struberg";roles="PMC Member",tibordigana;email="tibordigana@apache.org";name="Tibor Digaňa";roles="PMC Member";timezone="Europe/Bratislava",vsiveton;email="vsiveton@apache.org";name="Vincent Siveton";organization=ASF;roles="PMC Member";timezone=-5,wfay;email="wfay@apache.org";name="Wayne Fay";organization=ASF;roles="PMC Member";timezone=-6,adangel;email="adangel@apache.org";name="Andreas Dangel";roles=Committer;timezone="Europe/Berlin",bdemers;email="bdemers@apache.org";name="Brian Demers";organization=Sonatype;roles=Committer;timezone=-5,bellingard;name="Fabrice Bellingard";roles=Committer,bentmann;email="bentmann@apache.org";name="Benjamin Bentmann";organization=Sonatype;roles=Committer;timezone="+1",chrisgwarp;email="chrisgwarp@apache.org";name="Chris Graham";roles=Committer;timezone="Australia/Melbourne",dantran;email="dantran@apache.org";name="Dan Tran";roles=Committer;timezone=-8,dbradicich;email="dbradicich@apache.org";name="Damian Bradicich";organization=Sonatype;roles=Committer;timezone=-5,brett;email="brett@apache.org";name="Brett Porter";organization=ASF;roles=Committer;timezone="+10",dfabulich;email="dfabulich@apache.org";name="Daniel Fabulich";roles=Committer;timezone=-8,eolivelli;email="eolivelli@apache.org";name="Enrico Olivelli";organization=Diennea;roles=Committer;timezone="Europe/Rome",fgiust;email="fgiust@apache.org";name="Fabrizio Giustina";organization=openmind;roles=Committer;timezone="+1",godin;email="godin@apache.org";name="Evgeny Mandrikov";organization=SonarSource;roles=Committer;timezone="+3",handyande;email="handyande@apache.org";name="Andrew Williams";roles=Committer;timezone=0,imod;email="imod@apache.org";name="Dominik Bartholdi";roles=Committer;timezone="Europe/Zurich",jjensen;name="Jeff Jensen";roles=Committer,ltheussl;email="ltheussl@apache.org";name="Lukas Theussl";roles=Committer;timezone="+1",markh;email="markh@apache.org";name="Mark Hobson";roles=Committer;timezone=0,martinkanters;email="martinkanters@apache.org";name="Martin Kanters";organization=JPoint;roles=Committer;timezone="Europe/Amsterdam",mauro;name="Mauro Talevi";roles=Committer,mfriedenhagen;email="mfriedenhagen@apache.org";name="Mirko Friedenhagen";roles=Committer;timezone="+1",mmoser;email="mmoser@apache.org";name="Manfred Moser";roles=Committer;timezone=-8,nicolas;name="Nicolas de Loof";roles=Committer,oching;name="Maria Odea B. Ching";roles=Committer,pgier;email="pgier@apache.org";name="Paul Gier";organization="Red Hat";roles=Committer;timezone=-6,ptahchiev;email="ptahchiev@apache.org";name="Petar Tahchiev";roles=Committer;timezone="+2",rafale;email="rafale@apache.org";name="Raphaël Piéroni";organization=Dexem;roles=Committer;timezone="+1",schulte;email="schulte@apache.org";name="Christian Schulte";roles=Committer;timezone="Europe/Berlin",snicoll;email="snicoll@apache.org";name="Stephane Nicoll";roles=Committer;timezone="+1",simonetripodi;email="simonetripodi@apache.org";name="Simone Tripodi";roles=Committer;timezone="+1",sor;email="sor@apache.org";name="Christian Stein";roles=Committer;timezone="Europe/Berlin",tchemit;email="tchemit@apache.org";name="Tony Chemit";organization=CodeLutin;roles=Committer;timezone="Europe/Paris",vmassol;email="vmassol@apache.org";name="Vincent Massol";organization=ASF;roles=Committer;timezone="+1",elharo;email="elharo@apache.org";name="Elliotte Rusty Harold";roles=Committer;timezone="America/New_York",agudian;email="agudian@apache.org";name="Andreas Gudian";roles=Emeritus;timezone="Europe/Berlin",aramirez;name="Allan Q. Ramirez";roles=Emeritus,bayard;name="Henri Yandell";roles=Emeritus,carlos;email="carlos@apache.org";name="Carlos Sanchez";organization=ASF;roles=Emeritus;timezone="+1",chrisjs;name="Chris Stevenson";roles=Emeritus,dblevins;name="David Blevins";roles=Emeritus,dlr;name="Daniel Rall";roles=Emeritus,epunzalan;email="epunzalan@apache.org";name="Edwin Punzalan";roles=Emeritus;timezone=-8,felipeal;name="Felipe Leme";roles=Emeritus,jdcasey;email="jdcasey@apache.org";name="John Casey";organization=ASF;roles=Emeritus;timezone=-6,jmcconnell;email="jmcconnell@apache.org";name="Jesse McConnell";organization=ASF;roles=Emeritus;timezone=-6,joakime;email="joakime@apache.org";name="Joakim Erdfelt";organization=ASF;roles=Emeritus;timezone=-5,jruiz;email="jruiz@apache.org";name="Johnny Ruiz III";roles=Emeritus,jstrachan;name="James Strachan";roles=Emeritus,jtolentino;email="jtolentino@apache.org";name="Ernesto Tolentino Jr.";organization=ASF;roles=Emeritus;timezone="+8",kenney;email="kenney@apache.org";name="Kenney Westerhof";organization=Neonics;roles=Emeritus;timezone="+1",mperham;email="mperham@gmail.com";name="Mike Perham";organization=IBM;roles=Emeritus;timezone=-6,ogusakov;name="Oleg Gusakov";roles=Emeritus,pschneider;email="pschneider@gmail.com";name="Patrick Schneider";roles=Emeritus;timezone=-6,rinku;name="Rahul Thakur";roles=Emeritus,shinobu;name="Shinobu Kuwai";roles=Emeritus,smorgrav;name="Torbjorn Eikli Smorgrav";roles=Emeritus,trygvis;email="trygvis@apache.org";name="Trygve Laugstol";organization=ASF;roles=Emeritus;timezone="+1",wsmoak;email="wsmoak@apache.org";name="Wendy Smoak";roles=Emeritus;timezone=-7 Low Product Manifest bundle-docurl https://maven.apache.org/resolver/maven-resolver-named-locks/ Low Product Manifest Bundle-Name Maven Artifact Resolver Named Locks Medium Product Manifest bundle-symbolicname org.apache.maven.resolver.named.locks Medium Product Manifest Implementation-Title Maven Artifact Resolver Named Locks High Product Manifest specification-title Maven Artifact Resolver Named Locks Medium Product pom artifactid maven-resolver-named-locks Highest Product pom groupid org.apache.maven.resolver Highest Product pom name Maven Artifact Resolver Named Locks High Product pom parent-artifactid maven-resolver Medium Version file version 1.9.22 High Version Manifest Bundle-Version 1.9.22 High Version Manifest Implementation-Version 1.9.22 High Version pom version 1.9.22 Highest
maven-resolver-provider-3.9.9.jarDescription:
Extensions to Maven Resolver for utilizing Maven POM and repository metadata. File Path: /home/runner/.m2/repository/org/apache/maven/maven-resolver-provider/3.9.9/maven-resolver-provider-3.9.9.jarMD5: ea2fccfc4c499dbaa570a26da14050d9SHA1: ea361822cd25ae6c9153c594aef805e853031224SHA256: 5dea05049c94f952f48ce2bfe0111afdf986acc591fcc11d23fe3b8dcb70291eReferenced In Project/Scope: SchemaSpy Maven Plugin:providedmaven-resolver-provider-3.9.9.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven/maven-core@3.9.9
Evidence Type Source Name Value Confidence Vendor file name maven-resolver-provider High Vendor jar package name apache Highest Vendor jar package name maven Highest Vendor jar package name repository Highest Vendor Manifest build-jdk-spec 21 Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid maven-resolver-provider Highest Vendor pom artifactid maven-resolver-provider Low Vendor pom groupid org.apache.maven Highest Vendor pom name Maven Artifact Resolver Provider High Vendor pom parent-artifactid maven Low Product file name maven-resolver-provider High Product jar package name apache Highest Product jar package name maven Highest Product jar package name repository Highest Product Manifest build-jdk-spec 21 Low Product Manifest Implementation-Title Maven Artifact Resolver Provider High Product Manifest specification-title Maven Artifact Resolver Provider Medium Product pom artifactid maven-resolver-provider Highest Product pom groupid org.apache.maven Highest Product pom name Maven Artifact Resolver Provider High Product pom parent-artifactid maven Medium Version file version 3.9.9 High Version Manifest Implementation-Version 3.9.9 High Version pom version 3.9.9 Highest
maven-resolver-spi-1.9.22.jarDescription:
The service provider interface for repository system implementations and repository connectors. License:
"Apache-2.0";link="https://www.apache.org/licenses/LICENSE-2.0.txt" File Path: /home/runner/.m2/repository/org/apache/maven/resolver/maven-resolver-spi/1.9.22/maven-resolver-spi-1.9.22.jar
MD5: 7ae784f1d4088fff396386ed6966cafc
SHA1: c3101acaa4ec053557028cf1917f1d22112b100d
SHA256: 99ad721e4631d9bd0c4f9e29c869672577c66f2a674a5723ce38eff13c75cbfd
Referenced In Project/Scope: SchemaSpy Maven Plugin:provided
maven-resolver-spi-1.9.22.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven/maven-core@3.9.9
Evidence Type Source Name Value Confidence Vendor file name maven-resolver-spi High Vendor jar package name spi Highest Vendor Manifest automatic-module-name org.apache.maven.resolver.spi Medium Vendor Manifest build-jdk-spec 21 Low Vendor Manifest bundle-developers khmarbaise;email="khmarbaise@apache.org";name="Karl Heinz Marbaise";roles="PMC Chair";timezone="+1",aheritier;email="aheritier@apache.org";name="Arnaud Héritier";roles="PMC Member";timezone="+1",andham;email="andham@apache.org";name="Anders Hammar";roles="PMC Member";timezone="+1",baerrach;email="baerrach@apache.org";name="Barrie Treloar";roles="PMC Member";timezone="Australia/Adelaide",bimargulies;email="bimargulies@apache.org";name="Benson Margulies";roles="PMC Member";timezone="America/New_York",bmarwell;email="bmarwell@apache.org";name="Benjamin Marwell";organization=ASF;roles="PMC Member";timezone="Europe/Berlin",brianf;email="brianf@apache.org";name="Brian Fox";organization=Sonatype;roles="PMC Member";timezone=-5,cstamas;email="cstamas@apache.org";name="Tamas Cservenak";roles="PMC Member";timezone="+1",dennisl;email="dennisl@apache.org";name="Dennis Lundberg";organization=ASF;roles="PMC Member";timezone="+1",dkulp;email="dkulp@apache.org";name="Daniel Kulp";organization=ASF;roles="PMC Member";timezone=-5,evenisse;email="evenisse@apache.org";name="Emmanuel Venisse";organization=ASF;roles="PMC Member";timezone="+1",gboue;email="gboue@apache.org";name="Guillaume Boué";roles="PMC Member";timezone="Europe/Paris",gnodet;email="gnodet@apache.org";name="Guillaume Nodet";organization="Red Hat";roles="PMC Member";timezone="Europe/Paris",henning;email="henning@apache.org";name="Henning Schmiedehausen";organization=ASF;roles="PMC Member";timezone="America/Los_Angeles",hboutemy;email="hboutemy@apache.org";name="Hervé Boutemy";organization=ASF;roles="PMC Member";timezone="Europe/Paris",ifedorenko;email="igor@ifedorenko.com";name="Igor Fedorenko";organization=Sonatype;roles="PMC Member";timezone=-5,jvanzyl;email="jason@maven.org";name="Jason van Zyl";roles="PMC Member";timezone=-5,krosenvold;email="krosenvold@apache.org";name="Kristian Rosenvold";roles="PMC Member";timezone="+1",kwin;email="kwin@apache.org";name="Konrad Windszus";organization="Cognizant Netcentric";roles="PMC Member";timezone="Europe/Berlin",mkleint;name="Milos Kleint";roles="PMC Member",mthmulders;email="mthmulders@apache.org";name="Maarten Mulders";organization="Info Support";roles="PMC Member";timezone="Europe/Amsterdam",olamy;email="olamy@apache.org";name="Olivier Lamy";roles="PMC Member";timezone="Australia/Brisbane",michaelo;email="michaelo@apache.org";name="Michael Osipov";roles="PMC Member";timezone="Europe/Berlin",rfscholte;email="rfscholte@apache.org";name="Robert Scholte";roles="PMC Member";timezone="Europe/Amsterdam",rgoers;email="rgoers@apache.org";name="Ralph Goers";organization=Intuit;roles="PMC Member";timezone=-8,sjaranowski;email="sjaranowski@apache.org";name="Slawomir Jaranowski";roles="PMC Member";timezone="Europe/Warsaw",stephenc;email="stephenc@apache.org";name="Stephen Connolly";roles="PMC Member";timezone=0,slachiewicz;email="slachiewicz@apache.org";name="Sylwester Lachiewicz";roles="PMC Member";timezone="Europe/Warsaw",struberg;email="struberg@apache.org";name="Mark Struberg";roles="PMC Member",tibordigana;email="tibordigana@apache.org";name="Tibor Digaňa";roles="PMC Member";timezone="Europe/Bratislava",vsiveton;email="vsiveton@apache.org";name="Vincent Siveton";organization=ASF;roles="PMC Member";timezone=-5,wfay;email="wfay@apache.org";name="Wayne Fay";organization=ASF;roles="PMC Member";timezone=-6,adangel;email="adangel@apache.org";name="Andreas Dangel";roles=Committer;timezone="Europe/Berlin",bdemers;email="bdemers@apache.org";name="Brian Demers";organization=Sonatype;roles=Committer;timezone=-5,bellingard;name="Fabrice Bellingard";roles=Committer,bentmann;email="bentmann@apache.org";name="Benjamin Bentmann";organization=Sonatype;roles=Committer;timezone="+1",chrisgwarp;email="chrisgwarp@apache.org";name="Chris Graham";roles=Committer;timezone="Australia/Melbourne",dantran;email="dantran@apache.org";name="Dan Tran";roles=Committer;timezone=-8,dbradicich;email="dbradicich@apache.org";name="Damian Bradicich";organization=Sonatype;roles=Committer;timezone=-5,brett;email="brett@apache.org";name="Brett Porter";organization=ASF;roles=Committer;timezone="+10",dfabulich;email="dfabulich@apache.org";name="Daniel Fabulich";roles=Committer;timezone=-8,eolivelli;email="eolivelli@apache.org";name="Enrico Olivelli";organization=Diennea;roles=Committer;timezone="Europe/Rome",fgiust;email="fgiust@apache.org";name="Fabrizio Giustina";organization=openmind;roles=Committer;timezone="+1",godin;email="godin@apache.org";name="Evgeny Mandrikov";organization=SonarSource;roles=Committer;timezone="+3",handyande;email="handyande@apache.org";name="Andrew Williams";roles=Committer;timezone=0,imod;email="imod@apache.org";name="Dominik Bartholdi";roles=Committer;timezone="Europe/Zurich",jjensen;name="Jeff Jensen";roles=Committer,ltheussl;email="ltheussl@apache.org";name="Lukas Theussl";roles=Committer;timezone="+1",markh;email="markh@apache.org";name="Mark Hobson";roles=Committer;timezone=0,martinkanters;email="martinkanters@apache.org";name="Martin Kanters";organization=JPoint;roles=Committer;timezone="Europe/Amsterdam",mauro;name="Mauro Talevi";roles=Committer,mfriedenhagen;email="mfriedenhagen@apache.org";name="Mirko Friedenhagen";roles=Committer;timezone="+1",mmoser;email="mmoser@apache.org";name="Manfred Moser";roles=Committer;timezone=-8,nicolas;name="Nicolas de Loof";roles=Committer,oching;name="Maria Odea B. Ching";roles=Committer,pgier;email="pgier@apache.org";name="Paul Gier";organization="Red Hat";roles=Committer;timezone=-6,ptahchiev;email="ptahchiev@apache.org";name="Petar Tahchiev";roles=Committer;timezone="+2",rafale;email="rafale@apache.org";name="Raphaël Piéroni";organization=Dexem;roles=Committer;timezone="+1",schulte;email="schulte@apache.org";name="Christian Schulte";roles=Committer;timezone="Europe/Berlin",snicoll;email="snicoll@apache.org";name="Stephane Nicoll";roles=Committer;timezone="+1",simonetripodi;email="simonetripodi@apache.org";name="Simone Tripodi";roles=Committer;timezone="+1",sor;email="sor@apache.org";name="Christian Stein";roles=Committer;timezone="Europe/Berlin",tchemit;email="tchemit@apache.org";name="Tony Chemit";organization=CodeLutin;roles=Committer;timezone="Europe/Paris",vmassol;email="vmassol@apache.org";name="Vincent Massol";organization=ASF;roles=Committer;timezone="+1",elharo;email="elharo@apache.org";name="Elliotte Rusty Harold";roles=Committer;timezone="America/New_York",agudian;email="agudian@apache.org";name="Andreas Gudian";roles=Emeritus;timezone="Europe/Berlin",aramirez;name="Allan Q. Ramirez";roles=Emeritus,bayard;name="Henri Yandell";roles=Emeritus,carlos;email="carlos@apache.org";name="Carlos Sanchez";organization=ASF;roles=Emeritus;timezone="+1",chrisjs;name="Chris Stevenson";roles=Emeritus,dblevins;name="David Blevins";roles=Emeritus,dlr;name="Daniel Rall";roles=Emeritus,epunzalan;email="epunzalan@apache.org";name="Edwin Punzalan";roles=Emeritus;timezone=-8,felipeal;name="Felipe Leme";roles=Emeritus,jdcasey;email="jdcasey@apache.org";name="John Casey";organization=ASF;roles=Emeritus;timezone=-6,jmcconnell;email="jmcconnell@apache.org";name="Jesse McConnell";organization=ASF;roles=Emeritus;timezone=-6,joakime;email="joakime@apache.org";name="Joakim Erdfelt";organization=ASF;roles=Emeritus;timezone=-5,jruiz;email="jruiz@apache.org";name="Johnny Ruiz III";roles=Emeritus,jstrachan;name="James Strachan";roles=Emeritus,jtolentino;email="jtolentino@apache.org";name="Ernesto Tolentino Jr.";organization=ASF;roles=Emeritus;timezone="+8",kenney;email="kenney@apache.org";name="Kenney Westerhof";organization=Neonics;roles=Emeritus;timezone="+1",mperham;email="mperham@gmail.com";name="Mike Perham";organization=IBM;roles=Emeritus;timezone=-6,ogusakov;name="Oleg Gusakov";roles=Emeritus,pschneider;email="pschneider@gmail.com";name="Patrick Schneider";roles=Emeritus;timezone=-6,rinku;name="Rahul Thakur";roles=Emeritus,shinobu;name="Shinobu Kuwai";roles=Emeritus,smorgrav;name="Torbjorn Eikli Smorgrav";roles=Emeritus,trygvis;email="trygvis@apache.org";name="Trygve Laugstol";organization=ASF;roles=Emeritus;timezone="+1",wsmoak;email="wsmoak@apache.org";name="Wendy Smoak";roles=Emeritus;timezone=-7 Low Vendor Manifest bundle-docurl https://maven.apache.org/resolver/maven-resolver-spi/ Low Vendor Manifest bundle-symbolicname org.apache.maven.resolver.spi Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid maven-resolver-spi Highest Vendor pom artifactid maven-resolver-spi Low Vendor pom groupid org.apache.maven.resolver Highest Vendor pom name Maven Artifact Resolver SPI High Vendor pom parent-artifactid maven-resolver Low Product file name maven-resolver-spi High Product jar package name spi Highest Product Manifest automatic-module-name org.apache.maven.resolver.spi Medium Product Manifest build-jdk-spec 21 Low Product Manifest bundle-developers khmarbaise;email="khmarbaise@apache.org";name="Karl Heinz Marbaise";roles="PMC Chair";timezone="+1",aheritier;email="aheritier@apache.org";name="Arnaud Héritier";roles="PMC Member";timezone="+1",andham;email="andham@apache.org";name="Anders Hammar";roles="PMC Member";timezone="+1",baerrach;email="baerrach@apache.org";name="Barrie Treloar";roles="PMC Member";timezone="Australia/Adelaide",bimargulies;email="bimargulies@apache.org";name="Benson Margulies";roles="PMC Member";timezone="America/New_York",bmarwell;email="bmarwell@apache.org";name="Benjamin Marwell";organization=ASF;roles="PMC Member";timezone="Europe/Berlin",brianf;email="brianf@apache.org";name="Brian Fox";organization=Sonatype;roles="PMC Member";timezone=-5,cstamas;email="cstamas@apache.org";name="Tamas Cservenak";roles="PMC Member";timezone="+1",dennisl;email="dennisl@apache.org";name="Dennis Lundberg";organization=ASF;roles="PMC Member";timezone="+1",dkulp;email="dkulp@apache.org";name="Daniel Kulp";organization=ASF;roles="PMC Member";timezone=-5,evenisse;email="evenisse@apache.org";name="Emmanuel Venisse";organization=ASF;roles="PMC Member";timezone="+1",gboue;email="gboue@apache.org";name="Guillaume Boué";roles="PMC Member";timezone="Europe/Paris",gnodet;email="gnodet@apache.org";name="Guillaume Nodet";organization="Red Hat";roles="PMC Member";timezone="Europe/Paris",henning;email="henning@apache.org";name="Henning Schmiedehausen";organization=ASF;roles="PMC Member";timezone="America/Los_Angeles",hboutemy;email="hboutemy@apache.org";name="Hervé Boutemy";organization=ASF;roles="PMC Member";timezone="Europe/Paris",ifedorenko;email="igor@ifedorenko.com";name="Igor Fedorenko";organization=Sonatype;roles="PMC Member";timezone=-5,jvanzyl;email="jason@maven.org";name="Jason van Zyl";roles="PMC Member";timezone=-5,krosenvold;email="krosenvold@apache.org";name="Kristian Rosenvold";roles="PMC Member";timezone="+1",kwin;email="kwin@apache.org";name="Konrad Windszus";organization="Cognizant Netcentric";roles="PMC Member";timezone="Europe/Berlin",mkleint;name="Milos Kleint";roles="PMC Member",mthmulders;email="mthmulders@apache.org";name="Maarten Mulders";organization="Info Support";roles="PMC Member";timezone="Europe/Amsterdam",olamy;email="olamy@apache.org";name="Olivier Lamy";roles="PMC Member";timezone="Australia/Brisbane",michaelo;email="michaelo@apache.org";name="Michael Osipov";roles="PMC Member";timezone="Europe/Berlin",rfscholte;email="rfscholte@apache.org";name="Robert Scholte";roles="PMC Member";timezone="Europe/Amsterdam",rgoers;email="rgoers@apache.org";name="Ralph Goers";organization=Intuit;roles="PMC Member";timezone=-8,sjaranowski;email="sjaranowski@apache.org";name="Slawomir Jaranowski";roles="PMC Member";timezone="Europe/Warsaw",stephenc;email="stephenc@apache.org";name="Stephen Connolly";roles="PMC Member";timezone=0,slachiewicz;email="slachiewicz@apache.org";name="Sylwester Lachiewicz";roles="PMC Member";timezone="Europe/Warsaw",struberg;email="struberg@apache.org";name="Mark Struberg";roles="PMC Member",tibordigana;email="tibordigana@apache.org";name="Tibor Digaňa";roles="PMC Member";timezone="Europe/Bratislava",vsiveton;email="vsiveton@apache.org";name="Vincent Siveton";organization=ASF;roles="PMC Member";timezone=-5,wfay;email="wfay@apache.org";name="Wayne Fay";organization=ASF;roles="PMC Member";timezone=-6,adangel;email="adangel@apache.org";name="Andreas Dangel";roles=Committer;timezone="Europe/Berlin",bdemers;email="bdemers@apache.org";name="Brian Demers";organization=Sonatype;roles=Committer;timezone=-5,bellingard;name="Fabrice Bellingard";roles=Committer,bentmann;email="bentmann@apache.org";name="Benjamin Bentmann";organization=Sonatype;roles=Committer;timezone="+1",chrisgwarp;email="chrisgwarp@apache.org";name="Chris Graham";roles=Committer;timezone="Australia/Melbourne",dantran;email="dantran@apache.org";name="Dan Tran";roles=Committer;timezone=-8,dbradicich;email="dbradicich@apache.org";name="Damian Bradicich";organization=Sonatype;roles=Committer;timezone=-5,brett;email="brett@apache.org";name="Brett Porter";organization=ASF;roles=Committer;timezone="+10",dfabulich;email="dfabulich@apache.org";name="Daniel Fabulich";roles=Committer;timezone=-8,eolivelli;email="eolivelli@apache.org";name="Enrico Olivelli";organization=Diennea;roles=Committer;timezone="Europe/Rome",fgiust;email="fgiust@apache.org";name="Fabrizio Giustina";organization=openmind;roles=Committer;timezone="+1",godin;email="godin@apache.org";name="Evgeny Mandrikov";organization=SonarSource;roles=Committer;timezone="+3",handyande;email="handyande@apache.org";name="Andrew Williams";roles=Committer;timezone=0,imod;email="imod@apache.org";name="Dominik Bartholdi";roles=Committer;timezone="Europe/Zurich",jjensen;name="Jeff Jensen";roles=Committer,ltheussl;email="ltheussl@apache.org";name="Lukas Theussl";roles=Committer;timezone="+1",markh;email="markh@apache.org";name="Mark Hobson";roles=Committer;timezone=0,martinkanters;email="martinkanters@apache.org";name="Martin Kanters";organization=JPoint;roles=Committer;timezone="Europe/Amsterdam",mauro;name="Mauro Talevi";roles=Committer,mfriedenhagen;email="mfriedenhagen@apache.org";name="Mirko Friedenhagen";roles=Committer;timezone="+1",mmoser;email="mmoser@apache.org";name="Manfred Moser";roles=Committer;timezone=-8,nicolas;name="Nicolas de Loof";roles=Committer,oching;name="Maria Odea B. Ching";roles=Committer,pgier;email="pgier@apache.org";name="Paul Gier";organization="Red Hat";roles=Committer;timezone=-6,ptahchiev;email="ptahchiev@apache.org";name="Petar Tahchiev";roles=Committer;timezone="+2",rafale;email="rafale@apache.org";name="Raphaël Piéroni";organization=Dexem;roles=Committer;timezone="+1",schulte;email="schulte@apache.org";name="Christian Schulte";roles=Committer;timezone="Europe/Berlin",snicoll;email="snicoll@apache.org";name="Stephane Nicoll";roles=Committer;timezone="+1",simonetripodi;email="simonetripodi@apache.org";name="Simone Tripodi";roles=Committer;timezone="+1",sor;email="sor@apache.org";name="Christian Stein";roles=Committer;timezone="Europe/Berlin",tchemit;email="tchemit@apache.org";name="Tony Chemit";organization=CodeLutin;roles=Committer;timezone="Europe/Paris",vmassol;email="vmassol@apache.org";name="Vincent Massol";organization=ASF;roles=Committer;timezone="+1",elharo;email="elharo@apache.org";name="Elliotte Rusty Harold";roles=Committer;timezone="America/New_York",agudian;email="agudian@apache.org";name="Andreas Gudian";roles=Emeritus;timezone="Europe/Berlin",aramirez;name="Allan Q. Ramirez";roles=Emeritus,bayard;name="Henri Yandell";roles=Emeritus,carlos;email="carlos@apache.org";name="Carlos Sanchez";organization=ASF;roles=Emeritus;timezone="+1",chrisjs;name="Chris Stevenson";roles=Emeritus,dblevins;name="David Blevins";roles=Emeritus,dlr;name="Daniel Rall";roles=Emeritus,epunzalan;email="epunzalan@apache.org";name="Edwin Punzalan";roles=Emeritus;timezone=-8,felipeal;name="Felipe Leme";roles=Emeritus,jdcasey;email="jdcasey@apache.org";name="John Casey";organization=ASF;roles=Emeritus;timezone=-6,jmcconnell;email="jmcconnell@apache.org";name="Jesse McConnell";organization=ASF;roles=Emeritus;timezone=-6,joakime;email="joakime@apache.org";name="Joakim Erdfelt";organization=ASF;roles=Emeritus;timezone=-5,jruiz;email="jruiz@apache.org";name="Johnny Ruiz III";roles=Emeritus,jstrachan;name="James Strachan";roles=Emeritus,jtolentino;email="jtolentino@apache.org";name="Ernesto Tolentino Jr.";organization=ASF;roles=Emeritus;timezone="+8",kenney;email="kenney@apache.org";name="Kenney Westerhof";organization=Neonics;roles=Emeritus;timezone="+1",mperham;email="mperham@gmail.com";name="Mike Perham";organization=IBM;roles=Emeritus;timezone=-6,ogusakov;name="Oleg Gusakov";roles=Emeritus,pschneider;email="pschneider@gmail.com";name="Patrick Schneider";roles=Emeritus;timezone=-6,rinku;name="Rahul Thakur";roles=Emeritus,shinobu;name="Shinobu Kuwai";roles=Emeritus,smorgrav;name="Torbjorn Eikli Smorgrav";roles=Emeritus,trygvis;email="trygvis@apache.org";name="Trygve Laugstol";organization=ASF;roles=Emeritus;timezone="+1",wsmoak;email="wsmoak@apache.org";name="Wendy Smoak";roles=Emeritus;timezone=-7 Low Product Manifest bundle-docurl https://maven.apache.org/resolver/maven-resolver-spi/ Low Product Manifest Bundle-Name Maven Artifact Resolver SPI Medium Product Manifest bundle-symbolicname org.apache.maven.resolver.spi Medium Product Manifest Implementation-Title Maven Artifact Resolver SPI High Product Manifest specification-title Maven Artifact Resolver SPI Medium Product pom artifactid maven-resolver-spi Highest Product pom groupid org.apache.maven.resolver Highest Product pom name Maven Artifact Resolver SPI High Product pom parent-artifactid maven-resolver Medium Version file version 1.9.22 High Version Manifest Bundle-Version 1.9.22 High Version Manifest Implementation-Version 1.9.22 High Version pom version 1.9.22 Highest
maven-resolver-util-1.9.22.jarDescription:
A collection of utility classes to ease usage of the repository system. License:
"Apache-2.0";link="https://www.apache.org/licenses/LICENSE-2.0.txt" File Path: /home/runner/.m2/repository/org/apache/maven/resolver/maven-resolver-util/1.9.22/maven-resolver-util-1.9.22.jar
MD5: 4e84c0379667d2436a99fced60a74b5d
SHA1: d5febed69ca2fe0dacffec95b6cb0760b0270fd1
SHA256: 4aaea1584c39294ca926fc474723d9684473609ef4490c4eb169d6ea7daca6b5
Referenced In Project/Scope: SchemaSpy Maven Plugin:provided
maven-resolver-util-1.9.22.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven/maven-core@3.9.9
Evidence Type Source Name Value Confidence Vendor file name maven-resolver-util High Vendor jar package name artifact Highest Vendor jar package name repository Highest Vendor jar package name util Highest Vendor Manifest automatic-module-name org.apache.maven.resolver.util Medium Vendor Manifest build-jdk-spec 21 Low Vendor Manifest bundle-developers khmarbaise;email="khmarbaise@apache.org";name="Karl Heinz Marbaise";roles="PMC Chair";timezone="+1",aheritier;email="aheritier@apache.org";name="Arnaud Héritier";roles="PMC Member";timezone="+1",andham;email="andham@apache.org";name="Anders Hammar";roles="PMC Member";timezone="+1",baerrach;email="baerrach@apache.org";name="Barrie Treloar";roles="PMC Member";timezone="Australia/Adelaide",bimargulies;email="bimargulies@apache.org";name="Benson Margulies";roles="PMC Member";timezone="America/New_York",bmarwell;email="bmarwell@apache.org";name="Benjamin Marwell";organization=ASF;roles="PMC Member";timezone="Europe/Berlin",brianf;email="brianf@apache.org";name="Brian Fox";organization=Sonatype;roles="PMC Member";timezone=-5,cstamas;email="cstamas@apache.org";name="Tamas Cservenak";roles="PMC Member";timezone="+1",dennisl;email="dennisl@apache.org";name="Dennis Lundberg";organization=ASF;roles="PMC Member";timezone="+1",dkulp;email="dkulp@apache.org";name="Daniel Kulp";organization=ASF;roles="PMC Member";timezone=-5,evenisse;email="evenisse@apache.org";name="Emmanuel Venisse";organization=ASF;roles="PMC Member";timezone="+1",gboue;email="gboue@apache.org";name="Guillaume Boué";roles="PMC Member";timezone="Europe/Paris",gnodet;email="gnodet@apache.org";name="Guillaume Nodet";organization="Red Hat";roles="PMC Member";timezone="Europe/Paris",henning;email="henning@apache.org";name="Henning Schmiedehausen";organization=ASF;roles="PMC Member";timezone="America/Los_Angeles",hboutemy;email="hboutemy@apache.org";name="Hervé Boutemy";organization=ASF;roles="PMC Member";timezone="Europe/Paris",ifedorenko;email="igor@ifedorenko.com";name="Igor Fedorenko";organization=Sonatype;roles="PMC Member";timezone=-5,jvanzyl;email="jason@maven.org";name="Jason van Zyl";roles="PMC Member";timezone=-5,krosenvold;email="krosenvold@apache.org";name="Kristian Rosenvold";roles="PMC Member";timezone="+1",kwin;email="kwin@apache.org";name="Konrad Windszus";organization="Cognizant Netcentric";roles="PMC Member";timezone="Europe/Berlin",mkleint;name="Milos Kleint";roles="PMC Member",mthmulders;email="mthmulders@apache.org";name="Maarten Mulders";organization="Info Support";roles="PMC Member";timezone="Europe/Amsterdam",olamy;email="olamy@apache.org";name="Olivier Lamy";roles="PMC Member";timezone="Australia/Brisbane",michaelo;email="michaelo@apache.org";name="Michael Osipov";roles="PMC Member";timezone="Europe/Berlin",rfscholte;email="rfscholte@apache.org";name="Robert Scholte";roles="PMC Member";timezone="Europe/Amsterdam",rgoers;email="rgoers@apache.org";name="Ralph Goers";organization=Intuit;roles="PMC Member";timezone=-8,sjaranowski;email="sjaranowski@apache.org";name="Slawomir Jaranowski";roles="PMC Member";timezone="Europe/Warsaw",stephenc;email="stephenc@apache.org";name="Stephen Connolly";roles="PMC Member";timezone=0,slachiewicz;email="slachiewicz@apache.org";name="Sylwester Lachiewicz";roles="PMC Member";timezone="Europe/Warsaw",struberg;email="struberg@apache.org";name="Mark Struberg";roles="PMC Member",tibordigana;email="tibordigana@apache.org";name="Tibor Digaňa";roles="PMC Member";timezone="Europe/Bratislava",vsiveton;email="vsiveton@apache.org";name="Vincent Siveton";organization=ASF;roles="PMC Member";timezone=-5,wfay;email="wfay@apache.org";name="Wayne Fay";organization=ASF;roles="PMC Member";timezone=-6,adangel;email="adangel@apache.org";name="Andreas Dangel";roles=Committer;timezone="Europe/Berlin",bdemers;email="bdemers@apache.org";name="Brian Demers";organization=Sonatype;roles=Committer;timezone=-5,bellingard;name="Fabrice Bellingard";roles=Committer,bentmann;email="bentmann@apache.org";name="Benjamin Bentmann";organization=Sonatype;roles=Committer;timezone="+1",chrisgwarp;email="chrisgwarp@apache.org";name="Chris Graham";roles=Committer;timezone="Australia/Melbourne",dantran;email="dantran@apache.org";name="Dan Tran";roles=Committer;timezone=-8,dbradicich;email="dbradicich@apache.org";name="Damian Bradicich";organization=Sonatype;roles=Committer;timezone=-5,brett;email="brett@apache.org";name="Brett Porter";organization=ASF;roles=Committer;timezone="+10",dfabulich;email="dfabulich@apache.org";name="Daniel Fabulich";roles=Committer;timezone=-8,eolivelli;email="eolivelli@apache.org";name="Enrico Olivelli";organization=Diennea;roles=Committer;timezone="Europe/Rome",fgiust;email="fgiust@apache.org";name="Fabrizio Giustina";organization=openmind;roles=Committer;timezone="+1",godin;email="godin@apache.org";name="Evgeny Mandrikov";organization=SonarSource;roles=Committer;timezone="+3",handyande;email="handyande@apache.org";name="Andrew Williams";roles=Committer;timezone=0,imod;email="imod@apache.org";name="Dominik Bartholdi";roles=Committer;timezone="Europe/Zurich",jjensen;name="Jeff Jensen";roles=Committer,ltheussl;email="ltheussl@apache.org";name="Lukas Theussl";roles=Committer;timezone="+1",markh;email="markh@apache.org";name="Mark Hobson";roles=Committer;timezone=0,martinkanters;email="martinkanters@apache.org";name="Martin Kanters";organization=JPoint;roles=Committer;timezone="Europe/Amsterdam",mauro;name="Mauro Talevi";roles=Committer,mfriedenhagen;email="mfriedenhagen@apache.org";name="Mirko Friedenhagen";roles=Committer;timezone="+1",mmoser;email="mmoser@apache.org";name="Manfred Moser";roles=Committer;timezone=-8,nicolas;name="Nicolas de Loof";roles=Committer,oching;name="Maria Odea B. Ching";roles=Committer,pgier;email="pgier@apache.org";name="Paul Gier";organization="Red Hat";roles=Committer;timezone=-6,ptahchiev;email="ptahchiev@apache.org";name="Petar Tahchiev";roles=Committer;timezone="+2",rafale;email="rafale@apache.org";name="Raphaël Piéroni";organization=Dexem;roles=Committer;timezone="+1",schulte;email="schulte@apache.org";name="Christian Schulte";roles=Committer;timezone="Europe/Berlin",snicoll;email="snicoll@apache.org";name="Stephane Nicoll";roles=Committer;timezone="+1",simonetripodi;email="simonetripodi@apache.org";name="Simone Tripodi";roles=Committer;timezone="+1",sor;email="sor@apache.org";name="Christian Stein";roles=Committer;timezone="Europe/Berlin",tchemit;email="tchemit@apache.org";name="Tony Chemit";organization=CodeLutin;roles=Committer;timezone="Europe/Paris",vmassol;email="vmassol@apache.org";name="Vincent Massol";organization=ASF;roles=Committer;timezone="+1",elharo;email="elharo@apache.org";name="Elliotte Rusty Harold";roles=Committer;timezone="America/New_York",agudian;email="agudian@apache.org";name="Andreas Gudian";roles=Emeritus;timezone="Europe/Berlin",aramirez;name="Allan Q. Ramirez";roles=Emeritus,bayard;name="Henri Yandell";roles=Emeritus,carlos;email="carlos@apache.org";name="Carlos Sanchez";organization=ASF;roles=Emeritus;timezone="+1",chrisjs;name="Chris Stevenson";roles=Emeritus,dblevins;name="David Blevins";roles=Emeritus,dlr;name="Daniel Rall";roles=Emeritus,epunzalan;email="epunzalan@apache.org";name="Edwin Punzalan";roles=Emeritus;timezone=-8,felipeal;name="Felipe Leme";roles=Emeritus,jdcasey;email="jdcasey@apache.org";name="John Casey";organization=ASF;roles=Emeritus;timezone=-6,jmcconnell;email="jmcconnell@apache.org";name="Jesse McConnell";organization=ASF;roles=Emeritus;timezone=-6,joakime;email="joakime@apache.org";name="Joakim Erdfelt";organization=ASF;roles=Emeritus;timezone=-5,jruiz;email="jruiz@apache.org";name="Johnny Ruiz III";roles=Emeritus,jstrachan;name="James Strachan";roles=Emeritus,jtolentino;email="jtolentino@apache.org";name="Ernesto Tolentino Jr.";organization=ASF;roles=Emeritus;timezone="+8",kenney;email="kenney@apache.org";name="Kenney Westerhof";organization=Neonics;roles=Emeritus;timezone="+1",mperham;email="mperham@gmail.com";name="Mike Perham";organization=IBM;roles=Emeritus;timezone=-6,ogusakov;name="Oleg Gusakov";roles=Emeritus,pschneider;email="pschneider@gmail.com";name="Patrick Schneider";roles=Emeritus;timezone=-6,rinku;name="Rahul Thakur";roles=Emeritus,shinobu;name="Shinobu Kuwai";roles=Emeritus,smorgrav;name="Torbjorn Eikli Smorgrav";roles=Emeritus,trygvis;email="trygvis@apache.org";name="Trygve Laugstol";organization=ASF;roles=Emeritus;timezone="+1",wsmoak;email="wsmoak@apache.org";name="Wendy Smoak";roles=Emeritus;timezone=-7 Low Vendor Manifest bundle-docurl https://maven.apache.org/resolver/maven-resolver-util/ Low Vendor Manifest bundle-symbolicname org.apache.maven.resolver.util Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid maven-resolver-util Highest Vendor pom artifactid maven-resolver-util Low Vendor pom groupid org.apache.maven.resolver Highest Vendor pom name Maven Artifact Resolver Utilities High Vendor pom parent-artifactid maven-resolver Low Product file name maven-resolver-util High Product jar package name artifact Highest Product jar package name repository Highest Product jar package name util Highest Product Manifest automatic-module-name org.apache.maven.resolver.util Medium Product Manifest build-jdk-spec 21 Low Product Manifest bundle-developers khmarbaise;email="khmarbaise@apache.org";name="Karl Heinz Marbaise";roles="PMC Chair";timezone="+1",aheritier;email="aheritier@apache.org";name="Arnaud Héritier";roles="PMC Member";timezone="+1",andham;email="andham@apache.org";name="Anders Hammar";roles="PMC Member";timezone="+1",baerrach;email="baerrach@apache.org";name="Barrie Treloar";roles="PMC Member";timezone="Australia/Adelaide",bimargulies;email="bimargulies@apache.org";name="Benson Margulies";roles="PMC Member";timezone="America/New_York",bmarwell;email="bmarwell@apache.org";name="Benjamin Marwell";organization=ASF;roles="PMC Member";timezone="Europe/Berlin",brianf;email="brianf@apache.org";name="Brian Fox";organization=Sonatype;roles="PMC Member";timezone=-5,cstamas;email="cstamas@apache.org";name="Tamas Cservenak";roles="PMC Member";timezone="+1",dennisl;email="dennisl@apache.org";name="Dennis Lundberg";organization=ASF;roles="PMC Member";timezone="+1",dkulp;email="dkulp@apache.org";name="Daniel Kulp";organization=ASF;roles="PMC Member";timezone=-5,evenisse;email="evenisse@apache.org";name="Emmanuel Venisse";organization=ASF;roles="PMC Member";timezone="+1",gboue;email="gboue@apache.org";name="Guillaume Boué";roles="PMC Member";timezone="Europe/Paris",gnodet;email="gnodet@apache.org";name="Guillaume Nodet";organization="Red Hat";roles="PMC Member";timezone="Europe/Paris",henning;email="henning@apache.org";name="Henning Schmiedehausen";organization=ASF;roles="PMC Member";timezone="America/Los_Angeles",hboutemy;email="hboutemy@apache.org";name="Hervé Boutemy";organization=ASF;roles="PMC Member";timezone="Europe/Paris",ifedorenko;email="igor@ifedorenko.com";name="Igor Fedorenko";organization=Sonatype;roles="PMC Member";timezone=-5,jvanzyl;email="jason@maven.org";name="Jason van Zyl";roles="PMC Member";timezone=-5,krosenvold;email="krosenvold@apache.org";name="Kristian Rosenvold";roles="PMC Member";timezone="+1",kwin;email="kwin@apache.org";name="Konrad Windszus";organization="Cognizant Netcentric";roles="PMC Member";timezone="Europe/Berlin",mkleint;name="Milos Kleint";roles="PMC Member",mthmulders;email="mthmulders@apache.org";name="Maarten Mulders";organization="Info Support";roles="PMC Member";timezone="Europe/Amsterdam",olamy;email="olamy@apache.org";name="Olivier Lamy";roles="PMC Member";timezone="Australia/Brisbane",michaelo;email="michaelo@apache.org";name="Michael Osipov";roles="PMC Member";timezone="Europe/Berlin",rfscholte;email="rfscholte@apache.org";name="Robert Scholte";roles="PMC Member";timezone="Europe/Amsterdam",rgoers;email="rgoers@apache.org";name="Ralph Goers";organization=Intuit;roles="PMC Member";timezone=-8,sjaranowski;email="sjaranowski@apache.org";name="Slawomir Jaranowski";roles="PMC Member";timezone="Europe/Warsaw",stephenc;email="stephenc@apache.org";name="Stephen Connolly";roles="PMC Member";timezone=0,slachiewicz;email="slachiewicz@apache.org";name="Sylwester Lachiewicz";roles="PMC Member";timezone="Europe/Warsaw",struberg;email="struberg@apache.org";name="Mark Struberg";roles="PMC Member",tibordigana;email="tibordigana@apache.org";name="Tibor Digaňa";roles="PMC Member";timezone="Europe/Bratislava",vsiveton;email="vsiveton@apache.org";name="Vincent Siveton";organization=ASF;roles="PMC Member";timezone=-5,wfay;email="wfay@apache.org";name="Wayne Fay";organization=ASF;roles="PMC Member";timezone=-6,adangel;email="adangel@apache.org";name="Andreas Dangel";roles=Committer;timezone="Europe/Berlin",bdemers;email="bdemers@apache.org";name="Brian Demers";organization=Sonatype;roles=Committer;timezone=-5,bellingard;name="Fabrice Bellingard";roles=Committer,bentmann;email="bentmann@apache.org";name="Benjamin Bentmann";organization=Sonatype;roles=Committer;timezone="+1",chrisgwarp;email="chrisgwarp@apache.org";name="Chris Graham";roles=Committer;timezone="Australia/Melbourne",dantran;email="dantran@apache.org";name="Dan Tran";roles=Committer;timezone=-8,dbradicich;email="dbradicich@apache.org";name="Damian Bradicich";organization=Sonatype;roles=Committer;timezone=-5,brett;email="brett@apache.org";name="Brett Porter";organization=ASF;roles=Committer;timezone="+10",dfabulich;email="dfabulich@apache.org";name="Daniel Fabulich";roles=Committer;timezone=-8,eolivelli;email="eolivelli@apache.org";name="Enrico Olivelli";organization=Diennea;roles=Committer;timezone="Europe/Rome",fgiust;email="fgiust@apache.org";name="Fabrizio Giustina";organization=openmind;roles=Committer;timezone="+1",godin;email="godin@apache.org";name="Evgeny Mandrikov";organization=SonarSource;roles=Committer;timezone="+3",handyande;email="handyande@apache.org";name="Andrew Williams";roles=Committer;timezone=0,imod;email="imod@apache.org";name="Dominik Bartholdi";roles=Committer;timezone="Europe/Zurich",jjensen;name="Jeff Jensen";roles=Committer,ltheussl;email="ltheussl@apache.org";name="Lukas Theussl";roles=Committer;timezone="+1",markh;email="markh@apache.org";name="Mark Hobson";roles=Committer;timezone=0,martinkanters;email="martinkanters@apache.org";name="Martin Kanters";organization=JPoint;roles=Committer;timezone="Europe/Amsterdam",mauro;name="Mauro Talevi";roles=Committer,mfriedenhagen;email="mfriedenhagen@apache.org";name="Mirko Friedenhagen";roles=Committer;timezone="+1",mmoser;email="mmoser@apache.org";name="Manfred Moser";roles=Committer;timezone=-8,nicolas;name="Nicolas de Loof";roles=Committer,oching;name="Maria Odea B. Ching";roles=Committer,pgier;email="pgier@apache.org";name="Paul Gier";organization="Red Hat";roles=Committer;timezone=-6,ptahchiev;email="ptahchiev@apache.org";name="Petar Tahchiev";roles=Committer;timezone="+2",rafale;email="rafale@apache.org";name="Raphaël Piéroni";organization=Dexem;roles=Committer;timezone="+1",schulte;email="schulte@apache.org";name="Christian Schulte";roles=Committer;timezone="Europe/Berlin",snicoll;email="snicoll@apache.org";name="Stephane Nicoll";roles=Committer;timezone="+1",simonetripodi;email="simonetripodi@apache.org";name="Simone Tripodi";roles=Committer;timezone="+1",sor;email="sor@apache.org";name="Christian Stein";roles=Committer;timezone="Europe/Berlin",tchemit;email="tchemit@apache.org";name="Tony Chemit";organization=CodeLutin;roles=Committer;timezone="Europe/Paris",vmassol;email="vmassol@apache.org";name="Vincent Massol";organization=ASF;roles=Committer;timezone="+1",elharo;email="elharo@apache.org";name="Elliotte Rusty Harold";roles=Committer;timezone="America/New_York",agudian;email="agudian@apache.org";name="Andreas Gudian";roles=Emeritus;timezone="Europe/Berlin",aramirez;name="Allan Q. Ramirez";roles=Emeritus,bayard;name="Henri Yandell";roles=Emeritus,carlos;email="carlos@apache.org";name="Carlos Sanchez";organization=ASF;roles=Emeritus;timezone="+1",chrisjs;name="Chris Stevenson";roles=Emeritus,dblevins;name="David Blevins";roles=Emeritus,dlr;name="Daniel Rall";roles=Emeritus,epunzalan;email="epunzalan@apache.org";name="Edwin Punzalan";roles=Emeritus;timezone=-8,felipeal;name="Felipe Leme";roles=Emeritus,jdcasey;email="jdcasey@apache.org";name="John Casey";organization=ASF;roles=Emeritus;timezone=-6,jmcconnell;email="jmcconnell@apache.org";name="Jesse McConnell";organization=ASF;roles=Emeritus;timezone=-6,joakime;email="joakime@apache.org";name="Joakim Erdfelt";organization=ASF;roles=Emeritus;timezone=-5,jruiz;email="jruiz@apache.org";name="Johnny Ruiz III";roles=Emeritus,jstrachan;name="James Strachan";roles=Emeritus,jtolentino;email="jtolentino@apache.org";name="Ernesto Tolentino Jr.";organization=ASF;roles=Emeritus;timezone="+8",kenney;email="kenney@apache.org";name="Kenney Westerhof";organization=Neonics;roles=Emeritus;timezone="+1",mperham;email="mperham@gmail.com";name="Mike Perham";organization=IBM;roles=Emeritus;timezone=-6,ogusakov;name="Oleg Gusakov";roles=Emeritus,pschneider;email="pschneider@gmail.com";name="Patrick Schneider";roles=Emeritus;timezone=-6,rinku;name="Rahul Thakur";roles=Emeritus,shinobu;name="Shinobu Kuwai";roles=Emeritus,smorgrav;name="Torbjorn Eikli Smorgrav";roles=Emeritus,trygvis;email="trygvis@apache.org";name="Trygve Laugstol";organization=ASF;roles=Emeritus;timezone="+1",wsmoak;email="wsmoak@apache.org";name="Wendy Smoak";roles=Emeritus;timezone=-7 Low Product Manifest bundle-docurl https://maven.apache.org/resolver/maven-resolver-util/ Low Product Manifest Bundle-Name Maven Artifact Resolver Utilities Medium Product Manifest bundle-symbolicname org.apache.maven.resolver.util Medium Product Manifest Implementation-Title Maven Artifact Resolver Utilities High Product Manifest specification-title Maven Artifact Resolver Utilities Medium Product pom artifactid maven-resolver-util Highest Product pom groupid org.apache.maven.resolver Highest Product pom name Maven Artifact Resolver Utilities High Product pom parent-artifactid maven-resolver Medium Version file version 1.9.22 High Version Manifest Bundle-Version 1.9.22 High Version Manifest Implementation-Version 1.9.22 High Version pom version 1.9.22 Highest
maven-settings-3.9.9.jarDescription:
Maven Settings model. File Path: /home/runner/.m2/repository/org/apache/maven/maven-settings/3.9.9/maven-settings-3.9.9.jarMD5: a5eede8fe9b01b7bb3c6dad06a738365SHA1: a82024d87a107965ae274d944c844c9186ff410dSHA256: 68edf1b510e0d759ec501271a5d05e3a6e425462fbb84126c16e8a6f89abdadaReferenced In Project/Scope: SchemaSpy Maven Plugin:providedmaven-settings-3.9.9.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven/maven-core@3.9.9
Evidence Type Source Name Value Confidence Vendor file name maven-settings High Vendor jar package name apache Highest Vendor jar package name maven Highest Vendor jar package name settings Highest Vendor Manifest build-jdk-spec 21 Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid maven-settings Highest Vendor pom artifactid maven-settings Low Vendor pom groupid org.apache.maven Highest Vendor pom name Maven Settings High Vendor pom parent-artifactid maven Low Product file name maven-settings High Product jar package name apache Highest Product jar package name maven Highest Product jar package name settings Highest Product Manifest build-jdk-spec 21 Low Product Manifest Implementation-Title Maven Settings High Product Manifest specification-title Maven Settings Medium Product pom artifactid maven-settings Highest Product pom groupid org.apache.maven Highest Product pom name Maven Settings High Product pom parent-artifactid maven Medium Version file version 3.9.9 High Version Manifest Implementation-Version 3.9.9 High Version pom version 3.9.9 Highest
maven-settings-builder-3.9.9.jarDescription:
The effective settings builder, with inheritance and password decryption. File Path: /home/runner/.m2/repository/org/apache/maven/maven-settings-builder/3.9.9/maven-settings-builder-3.9.9.jarMD5: 4fb4ae61642d42cba66821d8698a670aSHA1: 71a9bee9618839ffaf7c0de3b53ac1c408b57ae0SHA256: 094640f3fdce47250cb06968a143f40c4e2f1c22be979c73caac2f49f3c38373Referenced In Project/Scope: SchemaSpy Maven Plugin:providedmaven-settings-builder-3.9.9.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven/maven-core@3.9.9
Evidence Type Source Name Value Confidence Vendor file name maven-settings-builder High Vendor jar package name apache Highest Vendor jar package name maven Highest Vendor jar package name settings Highest Vendor Manifest build-jdk-spec 21 Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid maven-settings-builder Highest Vendor pom artifactid maven-settings-builder Low Vendor pom groupid org.apache.maven Highest Vendor pom name Maven Settings Builder High Vendor pom parent-artifactid maven Low Product file name maven-settings-builder High Product jar package name apache Highest Product jar package name maven Highest Product jar package name settings Highest Product Manifest build-jdk-spec 21 Low Product Manifest Implementation-Title Maven Settings Builder High Product Manifest specification-title Maven Settings Builder Medium Product pom artifactid maven-settings-builder Highest Product pom groupid org.apache.maven Highest Product pom name Maven Settings Builder High Product pom parent-artifactid maven Medium Version file version 3.9.9 High Version Manifest Implementation-Version 3.9.9 High Version pom version 3.9.9 Highest
maven-shared-utils-3.4.2.jarDescription:
Shared utilities for use by Maven core and plugins File Path: /home/runner/.m2/repository/org/apache/maven/shared/maven-shared-utils/3.4.2/maven-shared-utils-3.4.2.jarMD5: 53a038f77a81cb5816ad2b1c7daa8711SHA1: bfa28296272a5915b08de9f11f34a94b0a818fd0SHA256: b613357e1bad4dfc1dead801691c9460f9585fe7c6b466bc25186212d7d18487Referenced In Project/Scope: SchemaSpy Maven Plugin:compilemaven-shared-utils-3.4.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven/maven-core@3.9.9
Evidence Type Source Name Value Confidence Vendor file name maven-shared-utils High Vendor jar package name apache Highest Vendor jar package name maven Highest Vendor jar package name shared Highest Vendor jar package name utils Highest Vendor Manifest build-jdk-spec 17 Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid maven-shared-utils Highest Vendor pom artifactid maven-shared-utils Low Vendor pom groupid org.apache.maven.shared Highest Vendor pom name Apache Maven Shared Utils High Vendor pom parent-artifactid maven-shared-components Low Product file name maven-shared-utils High Product jar package name apache Highest Product jar package name maven Highest Product jar package name shared Highest Product jar package name utils Highest Product Manifest build-jdk-spec 17 Low Product Manifest Implementation-Title Apache Maven Shared Utils High Product Manifest specification-title Apache Maven Shared Utils Medium Product pom artifactid maven-shared-utils Highest Product pom groupid org.apache.maven.shared Highest Product pom name Apache Maven Shared Utils High Product pom parent-artifactid maven-shared-components Medium Version file version 3.4.2 High Version Manifest Implementation-Version 3.4.2 High Version pom parent-version 3.4.2 Low Version pom version 3.4.2 Highest
mssql-jdbc-12.8.1.jre11.jarDescription:
Microsoft JDBC Driver for SQL Server.
License:
MIT License: http://www.opensource.org/licenses/mit-license.php File Path: /home/runner/.m2/repository/com/microsoft/sqlserver/mssql-jdbc/12.8.1.jre11/mssql-jdbc-12.8.1.jre11.jar
MD5: 7708ca290ebb81546eda0b1c55477081
SHA1: 1f641274a8cc1ff71d05eb6d5c9f8e8a6d217c54
SHA256: e6933c0711e598a224060e52ed31392f720a4a7664e85d8ae37c52a85b67ebb0
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
mssql-jdbc-12.8.1.jre11.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/nl.geodienstencentrum.maven/schemaspy-maven-plugin@5.3.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name mssql-jdbc High Vendor jar package name jdbc Highest Vendor jar package name microsoft Highest Vendor jar package name mssql Highest Vendor jar package name sql Highest Vendor jar package name sqlserver Highest Vendor Manifest automatic-module-name com.microsoft.sqlserver.jdbc Medium Vendor Manifest build-jdk-spec 11 Low Vendor Manifest bundle-symbolicname com.microsoft.sqlserver.mssql-jdbc Medium Vendor pom artifactid mssql-jdbc Highest Vendor pom artifactid mssql-jdbc Low Vendor pom developer org Microsoft Medium Vendor pom developer org URL http://www.microsoft.com Medium Vendor pom groupid com.microsoft.sqlserver Highest Vendor pom name Microsoft JDBC Driver for SQL Server High Vendor pom organization name Microsoft Corporation High Vendor pom url Microsoft/mssql-jdbc Highest Product file name mssql-jdbc High Product jar package name jdbc Highest Product jar package name microsoft Highest Product jar package name mssql Highest Product jar package name sql Highest Product jar package name sqlserver Highest Product Manifest automatic-module-name com.microsoft.sqlserver.jdbc Medium Product Manifest build-jdk-spec 11 Low Product Manifest Bundle-Name Microsoft JDBC Driver for SQL Server Medium Product Manifest bundle-symbolicname com.microsoft.sqlserver.mssql-jdbc Medium Product pom artifactid mssql-jdbc Highest Product pom developer org Microsoft Low Product pom developer org URL http://www.microsoft.com Low Product pom groupid com.microsoft.sqlserver Highest Product pom name Microsoft JDBC Driver for SQL Server High Product pom organization name Microsoft Corporation Low Product pom url Microsoft/mssql-jdbc High Version file version 12.8.1.jre11 High Version pom version 12.8.1.jre11 Highest
mysql-connector-j-9.1.0.jarDescription:
JDBC Type 4 driver for MySQL. License:
The GNU General Public License, v2 with Universal FOSS Exception, v1.0 File Path: /home/runner/.m2/repository/com/mysql/mysql-connector-j/9.1.0/mysql-connector-j-9.1.0.jar
MD5: db2bdcfd7c2184780b5cda29d8af6997
SHA1: 005fb1d513278e1a9767dfa80ea9d8d7ee909f1a
SHA256: 8776e2ebc46072c9a47ea59d98298c4273bd9f16a7b26b5dfa4744535aa26c62
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
mysql-connector-j-9.1.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/nl.geodienstencentrum.maven/schemaspy-maven-plugin@5.3.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name mysql-connector-j High Vendor hint analyzer vendor oracle Highest Vendor hint analyzer (hint) vendor sun Highest Vendor jar package name cj Highest Vendor jar package name driver Highest Vendor jar package name jdbc Highest Vendor jar package name mysql Highest Vendor jar package name type Highest Vendor Manifest bundle-symbolicname com.mysql.cj Medium Vendor Manifest Implementation-Vendor Oracle High Vendor Manifest Implementation-Vendor-Id com.mysql Medium Vendor Manifest specification-vendor Oracle Corporation Low Vendor Manifest (hint) Implementation-Vendor sun High Vendor pom artifactid mysql-connector-j Highest Vendor pom artifactid mysql-connector-j Low Vendor pom developer email filipe.silva@oracle.com Low Vendor pom developer name Filipe Silva Medium Vendor pom developer org Oracle Corporation Medium Vendor pom developer org URL https://www.oracle.com/ Medium Vendor pom groupid com.mysql Highest Vendor pom name MySQL Connector/J High Vendor pom organization name Oracle Corporation High Vendor pom organization url https://www.oracle.com/ Medium Vendor pom url http://dev.mysql.com/doc/connector-j/en/ Highest Product file name mysql-connector-j High Product hint analyzer product mysql_connector/j Highest Product hint analyzer product mysql_connector_j Highest Product hint analyzer product mysql_connectors Highest Product jar package name cj Highest Product jar package name driver Highest Product jar package name jdbc Highest Product jar package name mysql Highest Product jar package name type Highest Product jar package name xdevapi Highest Product Manifest Bundle-Name Oracle Corporation's JDBC and XDevAPI Driver for MySQL Medium Product Manifest bundle-symbolicname com.mysql.cj Medium Product Manifest Implementation-Title MySQL Connector/J High Product Manifest specification-title JDBC Medium Product pom artifactid mysql-connector-j Highest Product pom developer email filipe.silva@oracle.com Low Product pom developer name Filipe Silva Low Product pom developer org Oracle Corporation Low Product pom developer org URL https://www.oracle.com/ Low Product pom groupid com.mysql Highest Product pom name MySQL Connector/J High Product pom organization name Oracle Corporation Low Product pom organization url https://www.oracle.com/ Low Product pom url http://dev.mysql.com/doc/connector-j/en/ Medium Version file version 9.1.0 High Version Manifest Bundle-Version 9.1.0 High Version Manifest Implementation-Version 9.1.0 High Version pom version 9.1.0 Highest
nashorn-core-15.4.jarDescription:
Nashorn is an Open Source JavaScript (ECMAScript 5.1 and some 6 features) engine for the JVM. License:
GPL v2 with the Classpath exception: https://github.com/openjdk/nashorn/blob/main/LICENSE File Path: /home/runner/.m2/repository/org/openjdk/nashorn/nashorn-core/15.4/nashorn-core-15.4.jar
MD5: a9b3360e6a486cf62c1952c7816b7d97
SHA1: f67f5ffaa5f5130cf6fb9b133da00c7df3b532a5
SHA256: 6f816e84dfd63a81d4eaa7829c08337bbaff3ec683ff3bf6bbd90d017a00dc6f
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
nashorn-core-15.4.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4
Evidence Type Source Name Value Confidence Vendor file name nashorn-core High Vendor jar package name nashorn Highest Vendor jar package name openjdk Highest Vendor pom artifactid nashorn-core Highest Vendor pom artifactid nashorn-core Low Vendor pom developer email szegedia@gmail.com Low Vendor pom developer name Attila Szegedi Medium Vendor pom groupid org.openjdk.nashorn Highest Vendor pom name OpenJDK Nashorn High Vendor pom url openjdk/nashorn Highest Product file name nashorn-core High Product jar package name nashorn Highest Product jar package name openjdk Highest Product manifest: org/openjdk/nashorn/ Implementation-Title OpenJDK Nashorn Medium Product pom artifactid nashorn-core Highest Product pom developer email szegedia@gmail.com Low Product pom developer name Attila Szegedi Low Product pom groupid org.openjdk.nashorn Highest Product pom name OpenJDK Nashorn High Product pom url openjdk/nashorn High Version file version 15.4 High Version manifest: org/openjdk/nashorn/ Implementation-Version 15.4 Medium Version pom version 15.4 Highest
nashorn-core-15.4.jar: base.jsFile Path: /home/runner/.m2/repository/org/openjdk/nashorn/nashorn-core/15.4/nashorn-core-15.4.jar/org/openjdk/nashorn/internal/runtime/resources/fx/base.jsMD5: 93c3e1b9f9491fb5b5df96a41441162cSHA1: 6f2cfb7815fd7028792731ee5cd13651036e60bdSHA256: 824c73ce701b9820cc1b799e9af043f3663a72114be2a560ce1933ae1e4e496aReferenced In Project/Scope: SchemaSpy Maven Plugin:compile
Evidence Type Source Name Value Confidence
nashorn-core-15.4.jar: bootstrap.jsFile Path: /home/runner/.m2/repository/org/openjdk/nashorn/nashorn-core/15.4/nashorn-core-15.4.jar/org/openjdk/nashorn/internal/runtime/resources/fx/bootstrap.jsMD5: 948cb0239b8abc93e84e813e2da8d6dcSHA1: 79559bab4c6ae8b0ab573e37b82b50013f647956SHA256: 9ec201c6fcff2c9a2a536f80f8ea14f604092768011b5c4f59ec7b313cf359c4Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
Evidence Type Source Name Value Confidence
nashorn-core-15.4.jar: controls.jsFile Path: /home/runner/.m2/repository/org/openjdk/nashorn/nashorn-core/15.4/nashorn-core-15.4.jar/org/openjdk/nashorn/internal/runtime/resources/fx/controls.jsMD5: 4f9093fd24e64162c92385e1def8747fSHA1: 016d3d27e7f9e8a6054d6248e1c2cfe72b062efdSHA256: a065a17b974ffc3ac4c98a5177c21d39ccd70fa50eb9a4d10ed96074904285c8Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
Evidence Type Source Name Value Confidence
nashorn-core-15.4.jar: fxml.jsFile Path: /home/runner/.m2/repository/org/openjdk/nashorn/nashorn-core/15.4/nashorn-core-15.4.jar/org/openjdk/nashorn/internal/runtime/resources/fx/fxml.jsMD5: 262095de4844ffde10c018ef296107eeSHA1: 5d41efdc93dac1dcecd4d6f3625f43a36af961bfSHA256: 0e411601888672288fdfa6c0018710c2156a2efef619cfd11719cdb0d63a2dfbReferenced In Project/Scope: SchemaSpy Maven Plugin:compile
Evidence Type Source Name Value Confidence
nashorn-core-15.4.jar: graphics.jsFile Path: /home/runner/.m2/repository/org/openjdk/nashorn/nashorn-core/15.4/nashorn-core-15.4.jar/org/openjdk/nashorn/internal/runtime/resources/fx/graphics.jsMD5: 471022fc763c3ec65292a7f1689c58ffSHA1: 014c1893d89dc76adbca7a30992b1c8db36c4db5SHA256: 8c12199afd230a5d936f7390a290bf899d536a731cc2b240478ecb077c3dd292Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
Evidence Type Source Name Value Confidence
nashorn-core-15.4.jar: media.jsFile Path: /home/runner/.m2/repository/org/openjdk/nashorn/nashorn-core/15.4/nashorn-core-15.4.jar/org/openjdk/nashorn/internal/runtime/resources/fx/media.jsMD5: 6eb77f5d138fab0f13d3601b0e68c2e1SHA1: 385eb91d9f5d96d0575facda44c9cf1064c70a21SHA256: e096e61fa52ef7109adae7011f5c7d004ca87aeeb43647af982e45dac77c2b0fReferenced In Project/Scope: SchemaSpy Maven Plugin:compile
Evidence Type Source Name Value Confidence
nashorn-core-15.4.jar: mozilla_compat.jsFile Path: /home/runner/.m2/repository/org/openjdk/nashorn/nashorn-core/15.4/nashorn-core-15.4.jar/org/openjdk/nashorn/internal/runtime/resources/mozilla_compat.jsMD5: dcd9c8927badf397f82274077a7a9b82SHA1: f953a1b5e422f41c66bbf32f314f8de4e8de1995SHA256: f52167e7cec0601b53af50e3e3d9359057c37356cb3fd6fbfe0ba451bd70ff04Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
Evidence Type Source Name Value Confidence
nashorn-core-15.4.jar: parser.jsFile Path: /home/runner/.m2/repository/org/openjdk/nashorn/nashorn-core/15.4/nashorn-core-15.4.jar/org/openjdk/nashorn/internal/runtime/resources/parser.jsMD5: b1c71079ce0792c735ce93bb05f77f04SHA1: 1436e8c38788e10b774eb97bddb186f417a2352fSHA256: bb1b0b23cd2f74fdaf9cb508cc0dfd9b37529c72086e4279cb27dad664e4a261Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
Evidence Type Source Name Value Confidence
nashorn-core-15.4.jar: swing.jsFile Path: /home/runner/.m2/repository/org/openjdk/nashorn/nashorn-core/15.4/nashorn-core-15.4.jar/org/openjdk/nashorn/internal/runtime/resources/fx/swing.jsMD5: d92f35751bc4d6f50e6817884e7bd10eSHA1: ebb47348ccaddb3f4dac31d91b839ce9bbc03d50SHA256: 7f1334e91b0d15bbcfcbd87b19ebf83f254065477f61e1a353ef1eaf9aaffe38Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
Evidence Type Source Name Value Confidence
nashorn-core-15.4.jar: web.jsFile Path: /home/runner/.m2/repository/org/openjdk/nashorn/nashorn-core/15.4/nashorn-core-15.4.jar/org/openjdk/nashorn/internal/runtime/resources/fx/web.jsMD5: c46659f1ba056770e2627807fc5f06d9SHA1: c733b0eed6f6a37639039a77c496f9e4c2323cd4SHA256: af7127f5a5af79f7c641a80b1dfa4de3bc6500c0a50258131379c7ec54b85484Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
Evidence Type Source Name Value Confidence
ojdbc11-23.6.0.24.10.jarDescription:
Oracle JDBC Driver compatible with JDK11, JDK17, JDK19, and JDK21 License:
Oracle Free Use Terms and Conditions (FUTC): https://www.oracle.com/downloads/licenses/oracle-free-license.html File Path: /home/runner/.m2/repository/com/oracle/database/jdbc/ojdbc11/23.6.0.24.10/ojdbc11-23.6.0.24.10.jar
MD5: bcdec91481b6c2d28b8c5bc675947621
SHA1: 2cc0896304c2a35013f044bd454c26f8e03ea112
SHA256: 8e6af2c3401c64270922e0dca66879fd07281de3347ad1d1a0e1153ed41423a6
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
ojdbc11-23.6.0.24.10.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/nl.geodienstencentrum.maven/schemaspy-maven-plugin@5.3.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name ojdbc11 High Vendor jar package name driver Highest Vendor jar package name jdbc Highest Vendor jar package name oracle Highest Vendor jar (hint) package name sun Highest Vendor Manifest automatic-module-name com.oracle.database.jdbc Medium Vendor Manifest Implementation-Vendor Oracle Corporation High Vendor Manifest repository-id JAVAVM_23.0.0.0.0_LINUX.X64_241003.23.6 Low Vendor Manifest specification-vendor Sun Microsystems Inc. Low Vendor pom artifactid ojdbc11 Highest Vendor pom artifactid ojdbc11 Low Vendor pom developer org Oracle America, Inc. Medium Vendor pom developer org URL http://www.oracle.com Medium Vendor pom groupid com.oracle.database.jdbc Highest Vendor pom name ojdbc11 High Vendor pom url https://www.oracle.com/database/technologies/maven-central-guide.html Highest Product file name ojdbc11 High Product jar package name driver Highest Product jar package name jdbc Highest Product jar package name oracle Highest Product Manifest automatic-module-name com.oracle.database.jdbc Medium Product Manifest Implementation-Title JDBC High Product Manifest repository-id JAVAVM_23.0.0.0.0_LINUX.X64_241003.23.6 Low Product Manifest specification-title JDBC Medium Product pom artifactid ojdbc11 Highest Product pom developer org Oracle America, Inc. Low Product pom developer org URL http://www.oracle.com Low Product pom groupid com.oracle.database.jdbc Highest Product pom name ojdbc11 High Product pom url https://www.oracle.com/database/technologies/maven-central-guide.html Medium Version file version 23.6.0.24.10 High Version Manifest Implementation-Version 23.6.0.24.10 High Version pom version 23.6.0.24.10 Highest
org.eclipse.sisu.inject-0.9.0.M3.jarDescription:
JSR330-based container; supports classpath scanning, auto-binding, and dynamic auto-wiring License:
"Eclipse Public License, Version 2.0";link="https://www.eclipse.org/legal/epl-v20.html" File Path: /home/runner/.m2/repository/org/eclipse/sisu/org.eclipse.sisu.inject/0.9.0.M3/org.eclipse.sisu.inject-0.9.0.M3.jar
MD5: 643a13084e0ac59cdda06319e1b348ea
SHA1: 3665002ba4d16dfa779ef658a63d0608c4bd898b
SHA256: 15335c4dcf082f599fb8eddcfb58d6a7e9a9c97de2883c257089a479b9b24522
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
org.eclipse.sisu.inject-0.9.0.M3.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven/maven-core@3.9.9
Evidence Type Source Name Value Confidence Vendor file name org.eclipse.sisu.inject High Vendor jar package name dynamic Highest Vendor jar package name eclipse Highest Vendor jar package name inject Highest Vendor jar package name sisu Highest Vendor jar package name wiring Highest Vendor Manifest build-jdk-spec 21 Low Vendor Manifest bundle-copyright Copyright (c) 2010-present Sonatype, Inc. and others Low Vendor Manifest bundle-developers mcculls;name="Stuart McCulloch",cstamas;name="Tamas Cservenak",kwin;name="Konrad Windszus" Low Vendor Manifest bundle-docurl http://www.eclipse.org/sisu/ Low Vendor Manifest bundle-symbolicname org.eclipse.sisu.inject;singleton:=true Medium Vendor pom artifactid eclipse.sisu.inject Low Vendor pom artifactid org.eclipse.sisu.inject Highest Vendor pom groupid org.eclipse.sisu Highest Vendor pom parent-artifactid sisu-inject Low Product file name org.eclipse.sisu.inject High Product jar package name dynamic Highest Product jar package name eclipse Highest Product jar package name inject Highest Product jar package name sisu Highest Product jar package name sonatype Highest Product jar package name wiring Highest Product Manifest build-jdk-spec 21 Low Product Manifest bundle-copyright Copyright (c) 2010-present Sonatype, Inc. and others Low Product Manifest bundle-developers mcculls;name="Stuart McCulloch",cstamas;name="Tamas Cservenak",kwin;name="Konrad Windszus" Low Product Manifest bundle-docurl http://www.eclipse.org/sisu/ Low Product Manifest Bundle-Name Sisu-Inject (Incubation) Medium Product Manifest bundle-symbolicname org.eclipse.sisu.inject;singleton:=true Medium Product pom artifactid eclipse.sisu.inject Highest Product pom artifactid org.eclipse.sisu.inject Highest Product pom groupid org.eclipse.sisu Highest Product pom parent-artifactid sisu-inject Medium Version Manifest Bundle-Version 0.9.0.M3 High Version pom version 0.9.0.M3 Highest
org.eclipse.sisu.plexus-0.9.0.M3.jarDescription:
Plexus-JSR330 adapter; adds Plexus support to the Sisu-Inject container License:
"Eclipse Public License, Version 2.0";link="https://www.eclipse.org/legal/epl-v20.html" File Path: /home/runner/.m2/repository/org/eclipse/sisu/org.eclipse.sisu.plexus/0.9.0.M3/org.eclipse.sisu.plexus-0.9.0.M3.jar
MD5: 964e7bc9837b270566f18b87af65f5d7
SHA1: b493c7abcc6e04fa0a6a20d489a3db0395c76f70
SHA256: c99674d3773e26154885661711f0b6d63aa5008f5cc99227a236756d4ad9de5e
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
org.eclipse.sisu.plexus-0.9.0.M3.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven/maven-core@3.9.9
Evidence Type Source Name Value Confidence Vendor file name org.eclipse.sisu.plexus High Vendor jar package name eclipse Highest Vendor jar package name plexus Highest Vendor jar package name sisu Highest Vendor Manifest build-jdk-spec 21 Low Vendor Manifest bundle-copyright Copyright (c) 2010-present Sonatype, Inc. and others Low Vendor Manifest bundle-developers mcculls;name="Stuart McCulloch",cstamas;name="Tamas Cservenak",kwin;name="Konrad Windszus" Low Vendor Manifest bundle-docurl http://www.eclipse.org/sisu/ Low Vendor Manifest bundle-symbolicname org.eclipse.sisu.plexus;singleton:=true Medium Vendor pom artifactid eclipse.sisu.plexus Low Vendor pom artifactid org.eclipse.sisu.plexus Highest Vendor pom groupid org.eclipse.sisu Highest Vendor pom parent-artifactid sisu-inject Low Product file name org.eclipse.sisu.plexus High Product jar package name eclipse Highest Product jar package name plexus Highest Product jar package name sisu Highest Product Manifest build-jdk-spec 21 Low Product Manifest bundle-copyright Copyright (c) 2010-present Sonatype, Inc. and others Low Product Manifest bundle-developers mcculls;name="Stuart McCulloch",cstamas;name="Tamas Cservenak",kwin;name="Konrad Windszus" Low Product Manifest bundle-docurl http://www.eclipse.org/sisu/ Low Product Manifest Bundle-Name Sisu-Plexus (Incubation) Medium Product Manifest bundle-symbolicname org.eclipse.sisu.plexus;singleton:=true Medium Product pom artifactid eclipse.sisu.plexus Highest Product pom artifactid org.eclipse.sisu.plexus Highest Product pom groupid org.eclipse.sisu Highest Product pom parent-artifactid sisu-inject Medium Version Manifest Bundle-Version 0.9.0.M3 High Version pom version 0.9.0.M3 Highest
plexus-archiver-2.2.jarFile Path: /home/runner/.m2/repository/org/codehaus/plexus/plexus-archiver/2.2/plexus-archiver-2.2.jarMD5: 61dd3bbc4682a29a286baa58f9c7f859SHA1: 13e55f4c2b7cdbf59a9bbd668d3c058d1a40664bSHA256: 9154a5e6e1f95a1c74d4254670fec8d7aacd5692115710fe7e1381636c6be38cReferenced In Project/Scope: SchemaSpy Maven Plugin:compileplexus-archiver-2.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven.plugin-testing/maven-plugin-testing-harness@3.3.0
Evidence Type Source Name Value Confidence Vendor file name plexus-archiver High Vendor jar package name archiver Highest Vendor jar package name archiver Low Vendor jar package name codehaus Highest Vendor jar package name codehaus Low Vendor jar package name plexus Highest Vendor jar package name plexus Low Vendor pom artifactid plexus-archiver Highest Vendor pom artifactid plexus-archiver Low Vendor pom groupid org.codehaus.plexus Highest Vendor pom name Plexus Archiver Component High Vendor pom parent-artifactid plexus-components Low Product file name plexus-archiver High Product jar package name archiver Highest Product jar package name archiver Low Product jar package name codehaus Highest Product jar package name plexus Highest Product jar package name plexus Low Product pom artifactid plexus-archiver Highest Product pom groupid org.codehaus.plexus Highest Product pom name Plexus Archiver Component High Product pom parent-artifactid plexus-components Medium Version file version 2.2 High Version pom parent-version 2.2 Low Version pom version 2.2 Highest
CVE-2023-37460 suppress
Plexis Archiver is a collection of Plexus components to create archives or extract archives to a directory with a unified `Archiver`/`UnArchiver` API. Prior to version 4.8.0, using AbstractUnArchiver for extracting an archive might lead to an arbitrary file creation and possibly remote code execution. When extracting an archive with an entry that already exists in the destination directory as a symbolic link whose target does not exist - the `resolveFile()` function will return the symlink's source instead of its target, which will pass the verification that ensures the file will not be extracted outside of the destination directory. Later `Files.newOutputStream()`, that follows symlinks by default, will actually write the entry's content to the symlink's target. Whoever uses plexus archiver to extract an untrusted archive is vulnerable to an arbitrary file creation and possibly remote code execution. Version 4.8.0 contains a patch for this issue. CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), CWE-61 UNIX Symbolic Link (Symlink) Following
CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions:
CVE-2018-1002200 suppress
plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'. CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:1.8/RC:R/MAV:A References:
Vulnerable Software & Versions:
CVE-2012-2098 (OSSINDEX) suppress
Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs. CWE-310 Cryptographic Issues
CVSSv2:
Base Score: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.codehaus.plexus:plexus-archiver:2.2:*:*:*:*:*:*:* plexus-cipher-2.0.jarFile Path: /home/runner/.m2/repository/org/codehaus/plexus/plexus-cipher/2.0/plexus-cipher-2.0.jarMD5: 55d612839faf248cbe3e273969c002c2SHA1: 425ea8e534716b4bff1ea90f39bd76be951d651bSHA256: 9a7f1b5c5a9effd61eadfd8731452a2f76a8e79111fac391ef75ea801bea203aReferenced In Project/Scope: SchemaSpy Maven Plugin:providedplexus-cipher-2.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven/maven-core@3.9.9
Evidence Type Source Name Value Confidence Vendor file name plexus-cipher High Vendor jar package name cipher Highest Vendor jar package name plexus Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor pom artifactid plexus-cipher Highest Vendor pom artifactid plexus-cipher Low Vendor pom groupid org.codehaus.plexus Highest Vendor pom name Plexus Cipher: encryption/decryption Component High Vendor pom parent-artifactid plexus Low Product file name plexus-cipher High Product jar package name cipher Highest Product jar package name plexus Highest Product Manifest build-jdk-spec 1.8 Low Product pom artifactid plexus-cipher Highest Product pom groupid org.codehaus.plexus Highest Product pom name Plexus Cipher: encryption/decryption Component High Product pom parent-artifactid plexus Medium Version file version 2.0 High Version pom parent-version 2.0 Low Version pom version 2.0 Highest
plexus-classworlds-2.8.0.jarDescription:
A class loader framework License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/codehaus/plexus/plexus-classworlds/2.8.0/plexus-classworlds-2.8.0.jar
MD5: 92089dee35db6423c2128559238430cb
SHA1: 5d0d8c71b61b38ce127a46702a453f9aa09a4ee2
SHA256: 081b40e0eab033cd5ac72d2501bfff4f5fd2a3eef827051111730ea152681c72
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
plexus-classworlds-2.8.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven/maven-core@3.9.9
Evidence Type Source Name Value Confidence Vendor file name plexus-classworlds High Vendor jar package name classworlds Highest Vendor jar package name codehaus Highest Vendor jar package name plexus Highest Vendor Manifest build-jdk-spec 21 Low Vendor Manifest bundle-docurl https://codehaus-plexus.github.io/ Low Vendor Manifest bundle-symbolicname org.codehaus.plexus.classworlds Medium Vendor pom artifactid plexus-classworlds Highest Vendor pom artifactid plexus-classworlds Low Vendor pom groupid org.codehaus.plexus Highest Vendor pom name Plexus Classworlds High Vendor pom parent-artifactid plexus Low Vendor pom url https://codehaus-plexus.github.io/plexus-classworlds/ Highest Product file name plexus-classworlds High Product jar package name classworlds Highest Product jar package name codehaus Highest Product jar package name plexus Highest Product Manifest build-jdk-spec 21 Low Product Manifest bundle-docurl https://codehaus-plexus.github.io/ Low Product Manifest Bundle-Name Plexus Classworlds Medium Product Manifest bundle-symbolicname org.codehaus.plexus.classworlds Medium Product pom artifactid plexus-classworlds Highest Product pom groupid org.codehaus.plexus Highest Product pom name Plexus Classworlds High Product pom parent-artifactid plexus Medium Product pom url https://codehaus-plexus.github.io/plexus-classworlds/ Medium Version file version 2.8.0 High Version Manifest Bundle-Version 2.8.0 High Version pom parent-version 2.8.0 Low Version pom version 2.8.0 Highest
plexus-component-annotations-2.1.0.jarDescription:
Plexus Component "Java 5" Annotations, to describe plexus components properties in java sources with
standard annotations instead of javadoc annotations.
File Path: /home/runner/.m2/repository/org/codehaus/plexus/plexus-component-annotations/2.1.0/plexus-component-annotations-2.1.0.jarMD5: 141fd7a2ae613cb17d25ecd54b43eb3fSHA1: 2f2147a6cc6a119a1b51a96f31d45c557f6244b9SHA256: bde3617ce9b5bcf9584126046080043af6a4b3baea40a3b153f02e7bbc32acacReferenced In Project/Scope: SchemaSpy Maven Plugin:compileplexus-component-annotations-2.1.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven/maven-core@3.9.9
Evidence Type Source Name Value Confidence Vendor file name plexus-component-annotations High Vendor jar package name annotations Highest Vendor jar package name codehaus Highest Vendor jar package name codehaus Low Vendor jar package name component Highest Vendor jar package name component Low Vendor jar package name plexus Highest Vendor jar package name plexus Low Vendor pom artifactid plexus-component-annotations Highest Vendor pom artifactid plexus-component-annotations Low Vendor pom groupid org.codehaus.plexus Highest Vendor pom name Plexus :: Component Annotations High Vendor pom parent-artifactid plexus-containers Low Product file name plexus-component-annotations High Product jar package name annotations Highest Product jar package name annotations Low Product jar package name codehaus Highest Product jar package name component Highest Product jar package name component Low Product jar package name plexus Highest Product jar package name plexus Low Product pom artifactid plexus-component-annotations Highest Product pom groupid org.codehaus.plexus Highest Product pom name Plexus :: Component Annotations High Product pom parent-artifactid plexus-containers Medium Version file version 2.1.0 High Version pom version 2.1.0 Highest
plexus-container-default-1.0-alpha-9-stable-1.jarFile Path: /home/runner/.m2/repository/org/codehaus/plexus/plexus-container-default/1.0-alpha-9-stable-1/plexus-container-default-1.0-alpha-9-stable-1.jarMD5: 99533a9d3e0fa3280cd0bd3426c5f99bSHA1: 94aea3010e250a334d9dab7f591114cd6c767458SHA256: 7c758612888782ccfe376823aee7cdcc7e0cdafb097f7ef50295a0b0c3a16edfReferenced In Project/Scope: SchemaSpy Maven Plugin:compileplexus-container-default-1.0-alpha-9-stable-1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven.plugin-testing/maven-plugin-testing-harness@3.3.0
Evidence Type Source Name Value Confidence Vendor file name plexus-container-default High Vendor jar package name codehaus Highest Vendor jar package name codehaus Low Vendor jar package name component Low Vendor jar package name plexus Highest Vendor jar package name plexus Low Vendor pom artifactid plexus-container-default Highest Vendor pom artifactid plexus-container-default Low Vendor pom groupid org.codehaus.plexus Highest Vendor pom name Default Plexus Container High Vendor pom parent-artifactid plexus-containers Low Product file name plexus-container-default High Product jar package name codehaus Highest Product jar package name component Low Product jar package name plexus Highest Product jar package name plexus Low Product pom artifactid plexus-container-default Highest Product pom groupid org.codehaus.plexus Highest Product pom name Default Plexus Container High Product pom parent-artifactid plexus-containers Medium Version pom parent-version 1.0-alpha-9-stable-1 Low Version pom version 1.0-alpha-9-stable-1 Highest
plexus-i18n-1.0-beta-10.jarFile Path: /home/runner/.m2/repository/org/codehaus/plexus/plexus-i18n/1.0-beta-10/plexus-i18n-1.0-beta-10.jarMD5: 7f36c0459c853750c627f682ec7bcf52SHA1: 27506f59e54cc80b8c28b977c2bcd0478094e0ccSHA256: b87f25b512ffafcafbf4a05ab943812e9c6915291370c6b46016eb3836886c41Referenced In Project/Scope: SchemaSpy Maven Plugin:compileplexus-i18n-1.0-beta-10.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven.reporting/maven-reporting-impl@4.0.0
Evidence Type Source Name Value Confidence Vendor file name plexus-i18n High Vendor jar package name codehaus Highest Vendor jar package name codehaus Low Vendor jar package name i18n Highest Vendor jar package name i18n Low Vendor jar package name plexus Highest Vendor jar package name plexus Low Vendor pom artifactid plexus-i18n Highest Vendor pom artifactid plexus-i18n Low Vendor pom groupid org.codehaus.plexus Highest Vendor pom name Plexus I18N Component High Vendor pom parent-artifactid plexus-components Low Product file name plexus-i18n High Product jar package name codehaus Highest Product jar package name i18n Highest Product jar package name i18n Low Product jar package name plexus Highest Product jar package name plexus Low Product pom artifactid plexus-i18n Highest Product pom groupid org.codehaus.plexus Highest Product pom name Plexus I18N Component High Product pom parent-artifactid plexus-components Medium Version pom parent-version 1.0-beta-10 Low Version pom version 1.0-beta-10 Highest
plexus-interpolation-1.27.jarDescription:
The Plexus project provides a full software stack for creating and executing software projects. License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/codehaus/plexus/plexus-interpolation/1.27/plexus-interpolation-1.27.jar
MD5: c2edbe0dbc934692794aaeac6006055a
SHA1: 8dc73f4ff5eafcbb7ec035ba54736e828b272533
SHA256: 3fb4fb6143fdf964024c3cb738551524b9ea84e5c211cd660c559ad0703e5230
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
plexus-interpolation-1.27.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven/maven-core@3.9.9
Evidence Type Source Name Value Confidence Vendor file name plexus-interpolation High Vendor jar package name codehaus Highest Vendor jar package name interpolation Highest Vendor jar package name plexus Highest Vendor Manifest build-jdk-spec 21 Low Vendor Manifest bundle-docurl https://codehaus-plexus.github.io/ Low Vendor Manifest bundle-symbolicname org.codehaus.plexus.interpolation Medium Vendor pom artifactid plexus-interpolation Highest Vendor pom artifactid plexus-interpolation Low Vendor pom groupid org.codehaus.plexus Highest Vendor pom name Plexus Interpolation API High Vendor pom parent-artifactid plexus Low Product file name plexus-interpolation High Product jar package name codehaus Highest Product jar package name interpolation Highest Product jar package name plexus Highest Product Manifest build-jdk-spec 21 Low Product Manifest bundle-docurl https://codehaus-plexus.github.io/ Low Product Manifest Bundle-Name Plexus Interpolation API Medium Product Manifest bundle-symbolicname org.codehaus.plexus.interpolation Medium Product pom artifactid plexus-interpolation Highest Product pom groupid org.codehaus.plexus Highest Product pom name Plexus Interpolation API High Product pom parent-artifactid plexus Medium Version file version 1.27 High Version pom parent-version 1.27 Low Version pom version 1.27 Highest
plexus-io-2.0.4.jarFile Path: /home/runner/.m2/repository/org/codehaus/plexus/plexus-io/2.0.4/plexus-io-2.0.4.jarMD5: bbaf4deaddcc590be52643888630f693SHA1: dc773899dfb3f857411ef49db46f17d7a465a634SHA256: 58f2898b70709f1216fa3afe69e0a7cdb41ad6a3927b2507a4a89941c9e4ab76Referenced In Project/Scope: SchemaSpy Maven Plugin:compileplexus-io-2.0.4.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven.plugin-testing/maven-plugin-testing-harness@3.3.0
Evidence Type Source Name Value Confidence Vendor file name plexus-io High Vendor jar package name codehaus Highest Vendor jar package name codehaus Low Vendor jar package name components Highest Vendor jar package name components Low Vendor jar package name io Highest Vendor jar package name plexus Highest Vendor jar package name plexus Low Vendor pom artifactid plexus-io Highest Vendor pom artifactid plexus-io Low Vendor pom groupid org.codehaus.plexus Highest Vendor pom name Plexus IO Components High Vendor pom parent-artifactid plexus-components Low Product file name plexus-io High Product jar package name codehaus Highest Product jar package name components Highest Product jar package name components Low Product jar package name io Highest Product jar package name io Low Product jar package name plexus Highest Product jar package name plexus Low Product pom artifactid plexus-io Highest Product pom groupid org.codehaus.plexus Highest Product pom name Plexus IO Components High Product pom parent-artifactid plexus-components Medium Version file version 2.0.4 High Version pom parent-version 2.0.4 Low Version pom version 2.0.4 Highest
plexus-sec-dispatcher-2.0.jarFile Path: /home/runner/.m2/repository/org/codehaus/plexus/plexus-sec-dispatcher/2.0/plexus-sec-dispatcher-2.0.jarMD5: e68635a721630177ac70173e441336b6SHA1: f89c5080614ffd0764e49861895dbedde1b47237SHA256: 873139960c4c780176dda580b003a2c4bf82188bdce5bb99234e224ef7acfcebReferenced In Project/Scope: SchemaSpy Maven Plugin:providedplexus-sec-dispatcher-2.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven/maven-core@3.9.9
Evidence Type Source Name Value Confidence Vendor file name plexus-sec-dispatcher High Vendor jar package name plexus Highest Vendor jar package name sec Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor pom artifactid plexus-sec-dispatcher Highest Vendor pom artifactid plexus-sec-dispatcher Low Vendor pom groupid org.codehaus.plexus Highest Vendor pom name Plexus Security Dispatcher Component High Vendor pom parent-artifactid plexus Low Product file name plexus-sec-dispatcher High Product jar package name plexus Highest Product jar package name sec Highest Product Manifest build-jdk-spec 1.8 Low Product pom artifactid plexus-sec-dispatcher Highest Product pom groupid org.codehaus.plexus Highest Product pom name Plexus Security Dispatcher Component High Product pom parent-artifactid plexus Medium Version file version 2.0 High Version pom parent-version 2.0 Low Version pom version 2.0 Highest
plexus-utils-3.5.1.jarDescription:
A collection of various utility classes to ease working with strings, files, command lines, XML and
more.
File Path: /home/runner/.m2/repository/org/codehaus/plexus/plexus-utils/3.5.1/plexus-utils-3.5.1.jarMD5: cdec471a77f52e687d0df4c43f392a71SHA1: c6bfb17c97ecc8863e88778ea301be742c62b06dSHA256: 86e0255d4c879c61b4833ed7f13124e8bb679df47debb127326e7db7dd49a07bReferenced In Project/Scope: SchemaSpy Maven Plugin:compileplexus-utils-3.5.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven/maven-core@3.9.9
Evidence Type Source Name Value Confidence Vendor file name plexus-utils High Vendor jar package name codehaus Highest Vendor jar package name org Highest Vendor jar package name plexus Highest Vendor jar package name xml Highest Vendor Manifest build-jdk-spec 11 Low Vendor Manifest multi-release true Low Vendor pom artifactid plexus-utils Highest Vendor pom artifactid plexus-utils Low Vendor pom groupid org.codehaus.plexus Highest Vendor pom name Plexus Common Utilities High Vendor pom parent-artifactid plexus Low Product file name plexus-utils High Product jar package name 11 Highest Product jar package name codehaus Highest Product jar package name org Highest Product jar package name plexus Highest Product jar package name xml Highest Product Manifest build-jdk-spec 11 Low Product Manifest multi-release true Low Product pom artifactid plexus-utils Highest Product pom groupid org.codehaus.plexus Highest Product pom name Plexus Common Utilities High Product pom parent-artifactid plexus Medium Version file version 3.5.1 High Version pom parent-version 3.5.1 Low Version pom version 3.5.1 Highest
plexus-velocity-2.2.0.jarFile Path: /home/runner/.m2/repository/org/codehaus/plexus/plexus-velocity/2.2.0/plexus-velocity-2.2.0.jarMD5: fd4bb44db19036ab360720360f09dcccSHA1: 75a983b74a4c0adcd0751528ff397ae308ef6d0cSHA256: 3e7e902f492c973cf210ddb8267843a3b65e83f5067467e2f4d9af0051f6b8b9Referenced In Project/Scope: SchemaSpy Maven Plugin:compileplexus-velocity-2.2.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven.reporting/maven-reporting-impl@4.0.0
Evidence Type Source Name Value Confidence Vendor file name plexus-velocity High Vendor jar package name codehaus Highest Vendor jar package name plexus Highest Vendor jar package name velocity Highest Vendor Manifest build-jdk-spec 23 Low Vendor Manifest Implementation-Vendor Codehaus Plexus High Vendor Manifest specification-vendor Codehaus Plexus Low Vendor pom artifactid plexus-velocity Highest Vendor pom artifactid plexus-velocity Low Vendor pom groupid org.codehaus.plexus Highest Vendor pom name Plexus Velocity Component High Vendor pom parent-artifactid plexus Low Product file name plexus-velocity High Product jar package name codehaus Highest Product jar package name plexus Highest Product jar package name velocity Highest Product Manifest build-jdk-spec 23 Low Product Manifest Implementation-Title Plexus Velocity Component High Product Manifest specification-title Plexus Velocity Component Medium Product pom artifactid plexus-velocity Highest Product pom groupid org.codehaus.plexus Highest Product pom name Plexus Velocity Component High Product pom parent-artifactid plexus Medium Version file version 2.2.0 High Version Manifest Implementation-Version 2.2.0 High Version pom parent-version 2.2.0 Low Version pom version 2.2.0 Highest
plexus-xml-3.0.0.jarDescription:
A collection of various utility classes to ease working with XML in Maven 3. File Path: /home/runner/.m2/repository/org/codehaus/plexus/plexus-xml/3.0.0/plexus-xml-3.0.0.jarMD5: cccca4a03a8367cd20e4efaead5fba0bSHA1: d16b91678bc3734276886132923d6919c935c9f7SHA256: d2622dc9339b16f5b8c9cad2add440e965831d0e16f19ae1de24e1202b0de536Referenced In Project/Scope: SchemaSpy Maven Plugin:compileplexus-xml-3.0.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven/maven-core@3.9.9
Evidence Type Source Name Value Confidence Vendor file name plexus-xml High Vendor jar package name codehaus Highest Vendor jar package name plexus Highest Vendor jar package name xml Highest Vendor Manifest build-jdk-spec 11 Low Vendor pom artifactid plexus-xml Highest Vendor pom artifactid plexus-xml Low Vendor pom groupid org.codehaus.plexus Highest Vendor pom name Plexus XML Utilities High Vendor pom parent-artifactid plexus Low Vendor pom url https://codehaus-plexus.github.io/plexus-xml/ Highest Product file name plexus-xml High Product jar package name codehaus Highest Product jar package name plexus Highest Product jar package name xml Highest Product Manifest build-jdk-spec 11 Low Product pom artifactid plexus-xml Highest Product pom groupid org.codehaus.plexus Highest Product pom name Plexus XML Utilities High Product pom parent-artifactid plexus Medium Product pom url https://codehaus-plexus.github.io/plexus-xml/ Medium Version file version 3.0.0 High Version pom parent-version 3.0.0 Low Version pom version 3.0.0 Highest
postgresql-42.7.4.jarDescription:
PostgreSQL JDBC Driver Postgresql License:
BSD-2-Clause: https://jdbc.postgresql.org/about/license.html File Path: /home/runner/.m2/repository/org/postgresql/postgresql/42.7.4/postgresql-42.7.4.jar
MD5: ef7e9be503b5c6243697d628fb196cad
SHA1: 264310fd7b2cd76738787dc0b9f7ea2e3b11adc1
SHA256: 188976721ead8e8627eb6d8389d500dccc0c9bebd885268a3047180274a6031e
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
postgresql-42.7.4.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/nl.geodienstencentrum.maven/schemaspy-maven-plugin@5.3.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name postgresql High Vendor jar package name driver Highest Vendor jar package name jdbc Highest Vendor jar package name postgresql Highest Vendor Manifest automatic-module-name org.postgresql.jdbc Medium Vendor Manifest bundle-copyright Copyright (c) 2003-2024, PostgreSQL Global Development Group Low Vendor Manifest bundle-docurl https://jdbc.postgresql.org/ Low Vendor Manifest bundle-symbolicname org.postgresql.jdbc Medium Vendor Manifest Implementation-Vendor PostgreSQL Global Development Group High Vendor Manifest Implementation-Vendor-Id org.postgresql Medium Vendor Manifest provide-capability osgi.service;effective:=active;objectClass="org.osgi.service.jdbc.DataSourceFactory";osgi.jdbc.driver.class="org.postgresql.Driver";osgi.jdbc.driver.name="PostgreSQL JDBC Driver" Low Vendor Manifest specification-vendor Oracle Corporation Low Vendor pom artifactid postgresql Highest Vendor pom artifactid postgresql Low Vendor pom developer id bokken Medium Vendor pom developer id davecramer Medium Vendor pom developer id jurka Medium Vendor pom developer id oliver Medium Vendor pom developer id ringerc Medium Vendor pom developer id vlsi Medium Vendor pom developer name Brett Okken Medium Vendor pom developer name Craig Ringer Medium Vendor pom developer name Dave Cramer Medium Vendor pom developer name Kris Jurka Medium Vendor pom developer name Oliver Jowett Medium Vendor pom developer name Vladimir Sitnikov Medium Vendor pom groupid org.postgresql Highest Vendor pom name PostgreSQL JDBC Driver High Vendor pom organization name PostgreSQL Global Development Group High Vendor pom organization url https://jdbc.postgresql.org/ Medium Vendor pom url https://jdbc.postgresql.org Highest Product file name postgresql High Product hint analyzer product pgjdbc Highest Product hint analyzer product postgresql_jdbc_driver Highest Product jar package name driver Highest Product jar package name jdbc Highest Product jar package name osgi Highest Product jar package name postgresql Highest Product Manifest automatic-module-name org.postgresql.jdbc Medium Product Manifest bundle-copyright Copyright (c) 2003-2024, PostgreSQL Global Development Group Low Product Manifest bundle-docurl https://jdbc.postgresql.org/ Low Product Manifest Bundle-Name PostgreSQL JDBC Driver Medium Product Manifest bundle-symbolicname org.postgresql.jdbc Medium Product Manifest Implementation-Title PostgreSQL JDBC Driver High Product Manifest provide-capability osgi.service;effective:=active;objectClass="org.osgi.service.jdbc.DataSourceFactory";osgi.jdbc.driver.class="org.postgresql.Driver";osgi.jdbc.driver.name="PostgreSQL JDBC Driver" Low Product Manifest specification-title JDBC Medium Product pom artifactid postgresql Highest Product pom developer id bokken Low Product pom developer id davecramer Low Product pom developer id jurka Low Product pom developer id oliver Low Product pom developer id ringerc Low Product pom developer id vlsi Low Product pom developer name Brett Okken Low Product pom developer name Craig Ringer Low Product pom developer name Dave Cramer Low Product pom developer name Kris Jurka Low Product pom developer name Oliver Jowett Low Product pom developer name Vladimir Sitnikov Low Product pom groupid org.postgresql Highest Product pom name PostgreSQL JDBC Driver High Product pom organization name PostgreSQL Global Development Group Low Product pom organization url https://jdbc.postgresql.org/ Low Product pom url https://jdbc.postgresql.org Medium Version file version 42.7.4 High Version Manifest Bundle-Version 42.7.4 High Version Manifest Implementation-Version 42.7.4 High Version pom version 42.7.4 Highest
protobuf-java-4.26.1.jarDescription:
Core Protocol Buffers library. Protocol Buffers are a way of encoding structured data in an
efficient yet extensible format.
License:
https://opensource.org/licenses/BSD-3-Clause File Path: /home/runner/.m2/repository/com/google/protobuf/protobuf-java/4.26.1/protobuf-java-4.26.1.jar
MD5: 8e6a4bc05eb8ded0f27c6ac805469abe
SHA1: 594fabdcbceb7edfb883fe621d3e97d9cc05fa73
SHA256: 091933e5870af810748326f7ace4a673aca721253177542842f044b546f14282
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
protobuf-java-4.26.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.mysql/mysql-connector-j@9.1.0
Evidence Type Source Name Value Confidence Vendor file name protobuf-java High Vendor jar package name google Highest Vendor jar package name protobuf Highest Vendor Manifest automatic-module-name com.google.protobuf Medium Vendor Manifest bundle-docurl https://developers.google.com/protocol-buffers/ Low Vendor Manifest bundle-symbolicname com.google.protobuf Medium Vendor Manifest target-label //java/core:lite_runtime_only Low Vendor pom artifactid protobuf-java Highest Vendor pom artifactid protobuf-java Low Vendor pom groupid com.google.protobuf Highest Vendor pom name Protocol Buffers [Core] High Vendor pom parent-artifactid protobuf-parent Low Product file name protobuf-java High Product jar package name google Highest Product jar package name protobuf Highest Product Manifest automatic-module-name com.google.protobuf Medium Product Manifest bundle-docurl https://developers.google.com/protocol-buffers/ Low Product Manifest Bundle-Name Protocol Buffers [Core] Medium Product Manifest bundle-symbolicname com.google.protobuf Medium Product Manifest target-label //java/core:lite_runtime_only Low Product pom artifactid protobuf-java Highest Product pom groupid com.google.protobuf Highest Product pom name Protocol Buffers [Core] High Product pom parent-artifactid protobuf-parent Medium Version file version 4.26.1 High Version Manifest Bundle-Version 4.26.1 High Version pom version 4.26.1 Highest
CVE-2024-7254 (OSSINDEX) suppress
Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing nested groups as unknown fields with DiscardUnknownFieldsParser or Java Protobuf Lite parser, or against Protobuf map fields, creates unbounded recursions that can be abused by an attacker.
Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2024-7254 for details CWE-20 Improper Input Validation
CVSSv2:
Base Score: HIGH (8.699999809265137) Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:com.google.protobuf:protobuf-java:4.26.1:*:*:*:*:*:*:* schemaspy-6.2.4.jarDescription:
SchemaSpy generates HTML and PNG-based entity relationship diagrams from JDBC-enabled databases.
License:
LGPL-3.0-or-later: https://www.gnu.org/licenses/lgpl-3.0.txt File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar
MD5: daeb9832cce7f142198a599c5e5be9f2
SHA1: 61689fe2bd4be56a3f6323895a245f8236d7995e
SHA256: f40bea88af06769d86e5efca2765fc50fd43b4720f6714d274b93f6158400e60
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
schemaspy-6.2.4.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/nl.geodienstencentrum.maven/schemaspy-maven-plugin@5.3.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name schemaspy High Vendor jar package name html Highest Vendor jar package name schemaspy Highest Vendor Manifest build-jdk-spec 11 Low Vendor Manifest implementation-build 6.2.4.41 2023-07-21 11:24:46 Low Vendor pom artifactid schemaspy Highest Vendor pom artifactid schemaspy Low Vendor pom developer email nils.petzall@gmail.com Low Vendor pom developer email rafalkasa@gmail.com Low Vendor pom developer id npetzall Medium Vendor pom developer id rafalkasa Medium Vendor pom developer name Nils Petzaell Medium Vendor pom developer name Rafal Kasa Medium Vendor pom developer org SchemaSpy Medium Vendor pom developer org URL https://schemaspy.org/ Medium Vendor pom groupid org.schemaspy Highest Vendor pom name SchemaSpy High Vendor pom url http://schemaspy.org Highest Product file name schemaspy High Product jar package name html Highest Product jar package name schemaspy Highest Product Manifest build-jdk-spec 11 Low Product Manifest implementation-build 6.2.4.41 2023-07-21 11:24:46 Low Product pom artifactid schemaspy Highest Product pom developer email nils.petzall@gmail.com Low Product pom developer email rafalkasa@gmail.com Low Product pom developer id npetzall Low Product pom developer id rafalkasa Low Product pom developer name Nils Petzaell Low Product pom developer name Rafal Kasa Low Product pom developer org SchemaSpy Low Product pom developer org URL https://schemaspy.org/ Low Product pom groupid org.schemaspy Highest Product pom name SchemaSpy High Product pom url http://schemaspy.org Medium Version file version 6.2.4 High Version Manifest Implementation-Version 6.2.4 High Version pom version 6.2.4 Highest
schemaspy-6.2.4.jar: anchor.min.jsFile Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/anchor-js/anchor.min.jsMD5: 59ccbcf40597fdbf5a3a5f88de29c39eSHA1: 8dacf80a941783e6fc12bf00d5ae6f867b2edc92SHA256: 20804ad516e2b883aea5f1eb25f41e6cb8f498119454d9b8d48e25f1658f3e3fReferenced In Project/Scope: SchemaSpy Maven Plugin:compile
Evidence Type Source Name Value Confidence
schemaspy-6.2.4.jar: anomalies.jsFile Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/anomalies.jsMD5: d41d8cd98f00b204e9800998ecf8427eSHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
Evidence Type Source Name Value Confidence
schemaspy-6.2.4.jar: app.jsFile Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/admin-lte/dist/js/app.jsMD5: 589220eddefd07d172948917bce32f46SHA1: 3c14bff558126838fa30abe9bdcf4decf27f47c3SHA256: e7107412589ffe7f372a5711948066ee763c4f68084475e3cb8aed2e431599f8Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
Evidence Type Source Name Value Confidence
schemaspy-6.2.4.jar: app.min.jsFile Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/admin-lte/dist/js/app.min.jsMD5: c97edde005d18d707bcf8f3185de7201SHA1: 99e43178d50c0386a3b222551766cb08e81da1ddSHA256: 7a67b6c4dba7eceb6504af73c37a21b1d92a86f7331c85d7024ba36fcaff6236Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
Evidence Type Source Name Value Confidence
schemaspy-6.2.4.jar: bootstrap.jsFile Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/admin-lte/bootstrap/js/bootstrap.jsMD5: fb81549ee2896513a1ed5714b1b1a0f0SHA1: 3b965a36a6b08854ad6eddedf85c5319fd392b4aSHA256: 0abe8deb334de1ba743b04d0399e99eba336afed9da72fc4c0a302c99f9238c8Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
Evidence Type Source Name Value Confidence Vendor file name bootstrap High Product file name bootstrap High Version file version 3.3.7 High
CVE-2016-10735 suppress
In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions from (including) 3.0.0; versions up to (excluding) 3.4.0 cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta:*:*:*:*:*:* CVE-2018-14041 suppress
In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions from (including) 4.0.0; versions up to (excluding) 4.1.2 cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha2:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha3:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha4:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha5:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha6:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta2:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta3:*:*:*:*:*:* CVE-2018-14042 suppress
In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0 cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions from (including) 4.0.0; versions up to (excluding) 4.1.2 cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha2:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha3:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha4:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha5:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha6:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta2:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta3:*:*:*:*:*:* CVE-2018-20676 suppress
In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0 CVE-2018-20677 suppress
In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0 CVE-2019-8331 suppress
In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A References:
cve@mitre.org - ISSUE_TRACKING,PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PRODUCT,THIRD_PARTY_ADVISORY cve@mitre.org - RELEASE_NOTES,THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY,VDB_ENTRY cve@mitre.org - THIRD_PARTY_ADVISORY,VDB_ENTRY cve@mitre.org - VENDOR_ADVISORY info - https://github.com/advisories/GHSA-9v3m-8fp8-mj99 info - https://github.com/twbs/bootstrap/issues/28236 Vulnerable Software & Versions (NVD):
cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1 cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4 cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5 cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0 cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1 cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4 cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5 cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0 cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1 cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4 cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5 cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0 cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1 cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4 cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5 cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0 cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1 cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4 cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5 cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0 cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1 cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4 cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5 cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0 cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1 cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4 cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5 cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0 cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1 cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4 cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5 cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0 cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1 cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4 cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5 cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0 cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1 cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4 cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5 cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0 cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1 cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4 cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5 cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0 cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1 cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4 cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5 cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0 cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1 cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4 cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5 cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0 cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.1 cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions from (including) 4.3.0; versions up to (excluding) 4.3.1 cpe:2.3:a:redhat:virtualization_manager:4.3:*:*:*:*:*:*:* cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:* versions up to (excluding) 5.19.0 CVE-2024-6484 (RETIREJS) suppress
Unscored:
References:
Bootstrap before 4.0.0 is end-of-life and no longer maintained. (RETIREJS) suppress
Bootstrap before 4.0.0 is end-of-life and no longer maintained. Unscored:
References:
schemaspy-6.2.4.jar: bootstrap.min.jsFile Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/admin-lte/bootstrap/js/bootstrap.min.jsMD5: 5869c96cc8f19086aee625d670d741f9SHA1: 430a443d74830fe9be26efca431f448c1b3740f9SHA256: 53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486efReferenced In Project/Scope: SchemaSpy Maven Plugin:compile
Evidence Type Source Name Value Confidence Vendor file name bootstrap High Product file name bootstrap High Version file version 3.3.7 High
CVE-2016-10735 suppress
In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions from (including) 3.0.0; versions up to (excluding) 3.4.0 cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta:*:*:*:*:*:* CVE-2018-14041 suppress
In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions from (including) 4.0.0; versions up to (excluding) 4.1.2 cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha2:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha3:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha4:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha5:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha6:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta2:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta3:*:*:*:*:*:* CVE-2018-14042 suppress
In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0 cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions from (including) 4.0.0; versions up to (excluding) 4.1.2 cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha2:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha3:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha4:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha5:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha6:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta2:*:*:*:*:*:* cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta3:*:*:*:*:*:* CVE-2018-20676 suppress
In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0 CVE-2018-20677 suppress
In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0 CVE-2019-8331 suppress
In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A References:
cve@mitre.org - ISSUE_TRACKING,PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PRODUCT,THIRD_PARTY_ADVISORY cve@mitre.org - RELEASE_NOTES,THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY,VDB_ENTRY cve@mitre.org - THIRD_PARTY_ADVISORY,VDB_ENTRY cve@mitre.org - VENDOR_ADVISORY info - https://github.com/advisories/GHSA-9v3m-8fp8-mj99 info - https://github.com/twbs/bootstrap/issues/28236 Vulnerable Software & Versions (NVD):
cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1 cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4 cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5 cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0 cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1 cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4 cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5 cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0 cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1 cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4 cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5 cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0 cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1 cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4 cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5 cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0 cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1 cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4 cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5 cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0 cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1 cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4 cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5 cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0 cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1 cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4 cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5 cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0 cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1 cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4 cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5 cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0 cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1 cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4 cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5 cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0 cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1 cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4 cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5 cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0 cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1 cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4 cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5 cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0 cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1 cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4 cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5 cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0 cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1 cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4 cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5 cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0 cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.1 cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions from (including) 4.3.0; versions up to (excluding) 4.3.1 cpe:2.3:a:redhat:virtualization_manager:4.3:*:*:*:*:*:*:* cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:* versions up to (excluding) 5.19.0 CVE-2024-6484 (RETIREJS) suppress
Unscored:
References:
Bootstrap before 4.0.0 is end-of-life and no longer maintained. (RETIREJS) suppress
Bootstrap before 4.0.0 is end-of-life and no longer maintained. Unscored:
References:
schemaspy-6.2.4.jar: buttons.bootstrap.jsFile Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/datatables.net-buttons-bs/js/buttons.bootstrap.jsMD5: d4f3fd56ffe8ee0dbdf57535e06e42e2SHA1: fdf18cd630d82a89d6618753984edaf15fa24114SHA256: 11188b23c556bf2ff4d5e144cdad67faa417eb3c36eec6cbcd7b21566d9cfac1Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
Evidence Type Source Name Value Confidence
schemaspy-6.2.4.jar: buttons.bootstrap.min.jsFile Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/datatables.net-buttons-bs/js/buttons.bootstrap.min.jsMD5: ac22ff642b7e893d1481c3746e3a727eSHA1: 31563ff1d6b172118d962a816259cbef55c9210dSHA256: 3c288a24e5ce97babfeb3f4ee1a222e97e26a1724709d7e0e238263e29197d9aReferenced In Project/Scope: SchemaSpy Maven Plugin:compile
Evidence Type Source Name Value Confidence
schemaspy-6.2.4.jar: buttons.colVis.jsFile Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/datatables.net-buttons/buttons.colVis.jsMD5: 301a3927b58c194da0c7a1a28431fd2aSHA1: 2c4dd397abee8d80eac8ebe5d79928ad508b48dbSHA256: f75eb463c4cdd2683c8cf79c3f7da9812d28f8891aacdea9253f8ae2c33100ecReferenced In Project/Scope: SchemaSpy Maven Plugin:compile
Evidence Type Source Name Value Confidence
schemaspy-6.2.4.jar: buttons.colVis.min.jsFile Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/datatables.net-buttons/buttons.colVis.min.jsMD5: f4b5cebb54c4c4a0064176d86997a8faSHA1: db37f14a84880332c9b2eea2f96c377054428fa6SHA256: 5fd6d20a56e70a8b57286ecdb5ac3c799352067b6289b91ceaafa9464aa698faReferenced In Project/Scope: SchemaSpy Maven Plugin:compile
Evidence Type Source Name Value Confidence
schemaspy-6.2.4.jar: buttons.flash.jsFile Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/datatables.net-buttons/buttons.flash.jsMD5: 70a2e86e64be743e07cc4d4729d69a6bSHA1: 968bc8c729cccf4b2052f55c57e6786a57059e3eSHA256: 7d7c21fff0f12cb4cff5eb443da61a5b91a6a917d8c4e9e01bb95aba69a41bd6Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
Evidence Type Source Name Value Confidence
schemaspy-6.2.4.jar: buttons.flash.min.jsFile Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/datatables.net-buttons/buttons.flash.min.jsMD5: 59fca0bf56ec890473eb362b1b6d1ae9SHA1: 1660dd65e991d7f9b01db8dfacca16b4d67e55c8SHA256: 19641b70e1838b0e77fbd359b3745bc795507789d12e4a4925640e7fb3654bf4Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
Evidence Type Source Name Value Confidence
schemaspy-6.2.4.jar: buttons.html5.jsFile Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/datatables.net-buttons/buttons.html5.jsMD5: 49ad4fd980e4865b8da5ce06be20bc39SHA1: a06f13b6d2c4cd35e0cd7d16de813e0ce8172712SHA256: 27396117755d4ac15886ac6b6e498b4c2b04104e5e41ef97c30fe6aef57a959bReferenced In Project/Scope: SchemaSpy Maven Plugin:compile
Evidence Type Source Name Value Confidence
schemaspy-6.2.4.jar: buttons.html5.min.jsFile Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/datatables.net-buttons/buttons.html5.min.jsMD5: 4420f301dafa70f660c63dc9785c7dfbSHA1: 48c16175a7ae240a54b65bba94eabce29045a0f9SHA256: 07a081c6a38ab09a0163aecaaf77713ffae6e09d06ba1a112efef22e01857ddcReferenced In Project/Scope: SchemaSpy Maven Plugin:compile
Evidence Type Source Name Value Confidence
schemaspy-6.2.4.jar: buttons.print.jsFile Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/datatables.net-buttons/buttons.print.jsMD5: 66836cce3f63306ac9097560296f3ef8SHA1: cf1ff4e63ad1b49cc47bc0e8b6c8a51423ca2235SHA256: ea4a437952a00c782bee6c2021c7ed01c97f72deccefff93701fb904f4e5cb11Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
Evidence Type Source Name Value Confidence
schemaspy-6.2.4.jar: buttons.print.min.jsFile Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/datatables.net-buttons/buttons.print.min.jsMD5: 584df2eac3d5cbe85d7693812711436eSHA1: 8f12ab29e1cfd6ac99897ed0dc4d5ab9d1372ae3SHA256: 5cf40aa1a69063798764e5019279283e180a23ee74b824c0e7dfb39e97640050Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
Evidence Type Source Name Value Confidence
schemaspy-6.2.4.jar: codemirror.jsFile Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/codemirror/codemirror.jsMD5: d1e82ecd62134c5d13d3318c8abd21ddSHA1: 316b339b6e8e77186b47d66c88d7a45472a1c2d3SHA256: 6083403b7e8ffcb397a0e94165e1940557b02a992956f8d721a508bd440bd3a7Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
Evidence Type Source Name Value Confidence
schemaspy-6.2.4.jar: column.jsFile Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/column.jsMD5: 145c40d96cac3466adc62510d25439f3SHA1: 4e0256c06650ae8b814a23637ac4bbf89a9a42c5SHA256: e4e34072caf3381222a857e8b1c4ba8dba7d53400920aeec6387dad2235a608bReferenced In Project/Scope: SchemaSpy Maven Plugin:compile
Evidence Type Source Name Value Confidence
schemaspy-6.2.4.jar: constraint.jsFile Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/constraint.jsMD5: e8627647698a908a405edd71a47866a0SHA1: f45ef50ddea32e703d12ecef0088e1bb6635045cSHA256: feaf4204e9e81a3845fa79e78220e7b48da5057bbfe9d478c4107b5db2727908Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
Evidence Type Source Name Value Confidence
schemaspy-6.2.4.jar: dashboard.jsFile Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/admin-lte/dist/js/pages/dashboard.jsMD5: e618d25f2ec4763ccf1a530140929169SHA1: 0a216f26eb187e9e85ca49946b4e88996de72153SHA256: 684d0390d93e86519852c8ca211da17d0f5c67929083ec3d28feac11cf78afb9Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
Evidence Type Source Name Value Confidence
schemaspy-6.2.4.jar: dashboard2.jsFile Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/admin-lte/dist/js/pages/dashboard2.jsMD5: f27ed9a5f9672cb99b8affac5f898e6bSHA1: ec365e09b46ad82c98a3af6b04d9485e37c96b9fSHA256: 83ac475ae8ec97d1c2ffc88b4acb90ecd9aa99c37fb9ba33bf7161a3deabeef3Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
Evidence Type Source Name Value Confidence
schemaspy-6.2.4.jar: dataTables.bootstrap.jsFile Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/datatables.net-bs/js/dataTables.bootstrap.jsMD5: 83b18e708e2df1204e52243778f64754SHA1: 20b1140a1f0735ed99c0af52e0653d76c7233c5eSHA256: b492281c0eb870d7bad0b4349aec7d20bc3ef5c2c3f91a1b33b6ab53bbcd9499Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
Evidence Type Source Name Value Confidence
schemaspy-6.2.4.jar: dataTables.bootstrap.min.jsFile Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/datatables.net-bs/js/dataTables.bootstrap.min.jsMD5: 19b11075f9b46a3cd26fb39a6f252b5dSHA1: 44074789abea496fc9402979617f7d815d5cc7a2SHA256: 5ffe7cb3959b946300c3d4a90edaa757c74b44d09ac2cc86c0daa7643d097bfbReferenced In Project/Scope: SchemaSpy Maven Plugin:compile
Evidence Type Source Name Value Confidence
schemaspy-6.2.4.jar: dataTables.buttons.jsFile Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/datatables.net-buttons/dataTables.buttons.jsMD5: 7016d72dae547c2994e996b3c6009541SHA1: 28a64a8e38a7a4ad323893c164dc225af941fa05SHA256: 1e4fea9dc18d40a0a636a99a14bbdff16e8ec635f5d1c61c7d52c29f0e419d5aReferenced In Project/Scope: SchemaSpy Maven Plugin:compile
Evidence Type Source Name Value Confidence
schemaspy-6.2.4.jar: dataTables.buttons.min.jsFile Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/datatables.net-buttons/dataTables.buttons.min.jsMD5: f13069a97e70168015f3d4bbf36f876fSHA1: 90f5439d64c59e0f1b9ec9c0fef9639b3bf9f4c9SHA256: 8aeaf60f6f34ced8ed9c83b249bdfc8544cc8f318294074898e6ced1d04e678cReferenced In Project/Scope: SchemaSpy Maven Plugin:compile
Evidence Type Source Name Value Confidence
schemaspy-6.2.4.jar: demo.jsFile Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/admin-lte/dist/js/demo.jsMD5: 4683fb3e338cff969296e416d26046b9SHA1: 61f01104b4b9b2f6eace6640b700857429676b13SHA256: 2353102eb576ea212082292278f5f48d5463edba544759072c0ba9e4fb6c8ee4Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
Evidence Type Source Name Value Confidence
schemaspy-6.2.4.jar: fastclick.jsFile Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/admin-lte/plugins/fastclick/fastclick.jsMD5: 6e9d3b0da74f2a4a7042b494cdaa7c2eSHA1: 06cef196733a710e77ad7e386ced6963f092dc55SHA256: 1aa08cb3c7aa70d268d24d59c374c14af7bd08e0af8c85f8e4f60a2651f4bab5Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
Evidence Type Source Name Value Confidence
schemaspy-6.2.4.jar: fastclick.min.jsFile Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/admin-lte/plugins/fastclick/fastclick.min.jsMD5: c5012b7a7be9ca08c1ea8056634b5b9dSHA1: 4f1721e190356cf41677d009afddff17a3fd1aecSHA256: 32c983a4b3b87d8f7eafa40840c8791351a593c869a3029d8b7356a8cf6d2a94Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
Evidence Type Source Name Value Confidence
schemaspy-6.2.4.jar: html5shiv.min.jsFile Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/html5shiv/html5shiv.min.jsMD5: 40bd440d29b3a9371b0c63fec41ee64fSHA1: e790c26449c57de298923c686cb3434d1d461a1dSHA256: dc9cbf19b48bae0d28f72e59e67d6ec34ab1644087ec2e8e42954180d1586b48Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
Evidence Type Source Name Value Confidence
schemaspy-6.2.4.jar: jquery-2.2.3.min.jsFile Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/admin-lte/plugins/jQuery/jquery-2.2.3.min.jsMD5: 33cabfa15c1060aaa3d207c653afb1eeSHA1: e3dbb65f2b541d842b50d37304b0102a2d5f2387SHA256: 6b6de0d4db7876d1183a3edb47ebd3bbbf93f153f5de1ba6645049348628109aReferenced In Project/Scope: SchemaSpy Maven Plugin:compile
Evidence Type Source Name Value Confidence Vendor file name jquery High Product file name jquery High Version file version 2.2.3.min High
CVE-2015-9251 suppress
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 3.0.0 cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:business_process_management_suite:11.1.1.9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:* versions up to (excluding) 7.0.0.1 cpe:2.3:a:oracle:communications_interactive_session_recorder:6.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_interactive_session_recorder:6.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_interactive_session_recorder:6.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:* versions up to (excluding) 6.1.0.4.0 cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:* versions up to (excluding) 7.2 cpe:2.3:a:oracle:endeca_information_discovery_studio:3.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_operations_monitor:3.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_operations_monitor:4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 7.3.3; versions up to (including) 7.3.5 cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.0; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:* versions from (including) 8.0.5; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_liquidity_risk_management:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.6 cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.6 cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_cruise_fleet_management:9.0.11:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_reporting_and_analytics:9.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:oss_support_tools:19.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.1; versions up to (including) 17.12 cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:real-time_scheduler:2.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_allocation:15.0.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_invoice_matching:15.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_sales_audit:15.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_workforce_management_software:1.60.9:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_workforce_management_software:1.64.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:siebel_ui_framework:18.10:*:*:*:*:*:*:* cpe:2.3:a:oracle:siebel_ui_framework:18.11:*:*:*:*:*:*:* cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:* versions from (including) 4.3.0.1; versions up to (including) 4.3.0.4 cpe:2.3:a:oracle:utilities_mobile_workforce_management:2.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:webcenter_sites:11.1.1.8.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.3:*:*:*:*:*:*:* CVE-2019-11358 suppress
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype. CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A References:
cve@mitre.org - BROKEN_LINK,THIRD_PARTY_ADVISORY,VDB_ENTRY cve@mitre.org - EXPLOIT,THIRD_PARTY_ADVISORY cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING,MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - RELEASE_NOTES,VENDOR_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY,VDB_ENTRY cve@mitre.org - THIRD_PARTY_ADVISORY,VDB_ENTRY cve@mitre.org - THIRD_PARTY_ADVISORY,VDB_ENTRY info - https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/ info - https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b info - https://nvd.nist.gov/vuln/detail/CVE-2019-11358 Vulnerable Software & Versions (NVD):
cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.11.0; versions up to (excluding) 1.11.9 cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.12.0; versions up to (excluding) 1.12.6 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.66 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.5.0; versions up to (excluding) 8.5.15 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.6.0; versions up to (excluding) 8.6.15 cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:* versions from (including) 3.0.0; versions up to (including) 3.9.4 cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0 cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:* versions from (including) 3.0; versions up to (including) 3.1.3 cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:* cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* versions up to (excluding) 19.1 cpe:2.3:a:oracle:application_service_level_management:13.2.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_service_level_management:13.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_testing_suite:13.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_testing_suite:13.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_enterprise_collections:*:*:*:*:*:*:*:* versions from (including) 2.7.0; versions up to (including) 2.8.0 cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:* versions from (including) 2.4.0; versions up to (including) 2.10.0 cpe:2.3:a:oracle:bi_publisher:5.5.0.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:bi_publisher:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:big_data_discovery:1.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_application_session_controller:3.8m0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:* versions from (including) 16.1.0; versions up to (including) 16.4.0 cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_interactive_session_recorder:*:*:*:*:*:*:*:* versions from (including) 6.0; versions up to (including) 6.4 cpe:2.3:a:oracle:communications_operations_monitor:*:*:*:*:*:*:*:* versions from (including) 4.1; versions up to (including) 4.3 cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_operations_monitor:4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_operations_monitor:4.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_unified_inventory_management:7.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:diagnostic_assistant:2.12.36:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 7.3.3; versions up to (including) 7.3.5 cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.1.0 cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_asset_liability_management:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_balance_sheet_planning:8.0.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.8 cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.9 cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:* versions from (including) 8.0.5; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_data_integration_hub:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_enterprise_financial_performance_analytics:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_enterprise_financial_performance_analytics:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.0.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.4.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.5.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_profitability_management:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_de_nederlandsche_bank:8.0.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_us_federal_reserve:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_retail_customer_analytics:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.6 cpe:2.3:a:oracle:financial_services_retail_performance_analytics:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_retail_performance_analytics:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.4.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.4.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.2.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.3.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.3.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_simphony:*:*:*:*:*:*:*:* versions from (including) 19.1.0; versions up to (including) 19.1.2 cpe:2.3:a:oracle:hospitality_simphony:18.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_simphony:18.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:identity_manager:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_accounting_analyzer:8.0.9:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.0.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:insurance_ifrs_17_analyzer:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_ifrs_17_analyzer:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:* versions from (including) 5.0.0.0; versions up to (including) 5.6.0.0 cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_performance_insight:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper_and_adf:11.1.1.9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper_and_adf:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper_and_adf:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:knowledge:*:*:*:*:*:*:*:* versions from (including) 8.6.0; versions up to (including) 8.6.3 cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:* cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.15 cpe:2.3:a:oracle:policy_automation:10.4.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:policy_automation:12.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:policy_automation:12.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.15 cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 16.2.0; versions up to (including) 16.2.11 cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 17.12.0; versions up to (including) 17.12.7 cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 18.8.0; versions up to (including) 18.8.9 cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 19.12.0; versions up to (including) 19.12.4 cpe:2.3:a:oracle:primavera_gateway:15.2.18:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.7; versions up to (including) 17.12 cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:real-time_scheduler:*:*:*:*:*:*:*:* versions from (including) 2.3.0.1; versions up to (including) 2.3.0.3 cpe:2.3:a:oracle:rest_data_services:18c:*:*:*:-:*:*:* cpe:2.3:a:oracle:rest_data_services:19c:*:*:*:-:*:*:* cpe:2.3:a:oracle:rest_data_services:11.2.0.4:*:*:*:-:*:*:* cpe:2.3:a:oracle:rest_data_services:12.1.0.2:*:*:*:-:*:*:* cpe:2.3:a:oracle:rest_data_services:12.2.0.1:*:*:*:-:*:*:* cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_central_office:14.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_point-of-service:14.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:service_bus:11.1.1.9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:siebel_mobile_applications:*:*:*:*:*:*:*:* versions up to (including) 19.8 cpe:2.3:a:oracle:siebel_ui_framework:20.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:system_utilities:19.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:tape_library_acsls:8.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:tape_library_acsls:8.5.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:transportation_management:1.4.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:utilities_mobile_workforce_management:*:*:*:*:*:*:*:* versions from (including) 2.3.0.1; versions up to (including) 2.3.0.3 cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:cloudforms:4.7:*:*:*:*:*:*:* cpe:2.3:a:redhat:virtualization_manager:4.3:*:*:*:*:*:*:* CVE-2020-11022 suppress
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A References:
info - https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ security-advisories@github.com - BROKEN_LINK security-advisories@github.com - BROKEN_LINK security-advisories@github.com - BROKEN_LINK security-advisories@github.com - EXPLOIT,THIRD_PARTY_ADVISORY,VDB_ENTRY security-advisories@github.com - MAILING_LIST,THIRD_PARTY_ADVISORY security-advisories@github.com - MITIGATION,THIRD_PARTY_ADVISORY security-advisories@github.com - MITIGATION,VENDOR_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - RELEASE_NOTES,VENDOR_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY Vulnerable Software & Versions (NVD):
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.70 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.7.0; versions up to (excluding) 8.7.14 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.8.0; versions up to (excluding) 8.8.6 cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions from (including) 1.2; versions up to (excluding) 3.5.0 cpe:2.3:a:netapp:max_data:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:* versions from (including) 3.0; versions up to (including) 3.1.3 cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_supplier_collaboration_for_process:6.2.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:* versions from (including) 18.1; versions up to (including) 20.1 cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:* versions up to (excluding) 21.1.2 cpe:2.3:a:oracle:communications_application_session_controller:3.8m0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_diameter_signaling_router_idih\::*:*:*:*:*:*:*:* versions from (including) 8.0.0; versions up to (including) 8.2.2 cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:* versions from (including) 16.1.0; versions up to (including) 16.4.0 cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0 cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.6.0.0; versions up to (including) 8.1.0.0.0 cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8 cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_asset_liability_management:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_balance_sheet_planning:8.0.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8 cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8 cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0 cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.9 cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_data_integration_hub:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8 cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8 cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_profitability_management:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_profitability_management:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_profitability_management:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0 cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_us_federal_reserve:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.9 cpe:2.3:a:oracle:healthcare_foundation:7.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_simphony:*:*:*:*:*:*:*:* versions from (including) 19.1.0; versions up to (including) 19.1.2 cpe:2.3:a:oracle:hospitality_simphony:18.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_simphony:18.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_simphony:19.1.0-19.1.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_accounting_analyzer:8.0.9:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.0.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0 cpe:2.3:a:oracle:insurance_data_foundation:8.0.6-8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:* versions from (including) 5.0.0.0; versions up to (including) 5.6.0.0 cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:* cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.20 cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.20 cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:siebel_ui_framework:20.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:storagetek_acsls:8.5.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:* cpe:2.3:a:tenable:log_correlation_engine:*:*:*:*:*:*:*:* versions up to (excluding) 6.0.9 CVE-2020-11023 suppress
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A References:
info - https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ security-advisories@github.com - BROKEN_LINK security-advisories@github.com - BROKEN_LINK security-advisories@github.com - BROKEN_LINK,MAILING_LIST,THIRD_PARTY_ADVISORY security-advisories@github.com - EXPLOIT,THIRD_PARTY_ADVISORY,VDB_ENTRY security-advisories@github.com - MAILING_LIST,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - RELEASE_NOTES,VENDOR_ADVISORY security-advisories@github.com - RELEASE_NOTES,VENDOR_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY Vulnerable Software & Versions (NVD):
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.70 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.7.0; versions up to (excluding) 8.7.14 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.8.0; versions up to (excluding) 8.8.6 cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions from (including) 1.0.3; versions up to (excluding) 3.5.0 cpe:2.3:a:netapp:max_data:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:* versions from (including) 3.0; versions up to (including) 3.1.3 cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:snapcenter_server:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* versions up to (excluding) 20.2 cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_enterprise_collections:*:*:*:*:*:*:*:* versions from (including) 2.7.0; versions up to (including) 2.8.0 cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:* versions from (including) 2.4.0; versions up to (including) 2.10.0 cpe:2.3:a:oracle:business_intelligence:5.9.0.0.0:*:*:*:enterprise:*:*:* cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:* versions from (including) 16.1.0; versions up to (including) 16.4.0 cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_interactive_session_recorder:*:*:*:*:*:*:*:* versions from (including) 6.1; versions up to (including) 6.4 cpe:2.3:a:oracle:communications_operations_monitor:*:*:*:*:*:*:*:* versions from (including) 4.1; versions up to (including) 4.3 cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_de_nederlandsche_bank:8.0.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:health_sciences_inform:6.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.3.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.3.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hyperion_financial_reporting:11.1.2.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:* versions up to (excluding) 9.2.5.0 cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:* versions up to (excluding) 9.2.5.0 cpe:2.3:a:oracle:oss_support_tools:*:*:*:*:*:*:*:* versions up to (excluding) 2.12.41 cpe:2.3:a:oracle:peoplesoft_enterprise_human_capital_management_resources:9.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 16.2; versions up to (including) 16.2.11 cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 17.12.0; versions up to (including) 17.12.7 cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 18.8.0; versions up to (including) 18.8.9 cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 19.12.0; versions up to (including) 19.12.4 cpe:2.3:a:oracle:rest_data_services:18c:*:*:*:-:*:*:* cpe:2.3:a:oracle:rest_data_services:19c:*:*:*:-:*:*:* cpe:2.3:a:oracle:rest_data_services:11.2.0.4:*:*:*:-:*:*:* cpe:2.3:a:oracle:rest_data_services:12.1.0.2:*:*:*:-:*:*:* cpe:2.3:a:oracle:rest_data_services:12.2.0.1:*:*:*:-:*:*:* cpe:2.3:a:oracle:siebel_mobile:*:*:*:*:*:*:*:* versions up to (including) 20.12 cpe:2.3:a:oracle:storagetek_acsls:8.5.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:* cpe:2.3:a:tenable:log_correlation_engine:*:*:*:*:*:*:*:* versions up to (excluding) 6.0.9 jquery issue: 162 (RETIREJS) suppress
jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates Unscored:
References:
schemaspy-6.2.4.jar: jquery-ui.jsFile Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/admin-lte/plugins/jQueryUI/jquery-ui.jsMD5: 04a4db2983450a2970c459ba87b4210aSHA1: 3efaf11e60ea8c541b6dc26f0ef09f195732587aSHA256: 0c8e8d7408611519ceda4e759ae9987834a17addc8f0028241ffed7fb0113612Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
Evidence Type Source Name Value Confidence Vendor file name jquery-ui High Vendor file name jquery-ui-dialog High Product file name jquery-ui High Product file name jquery-ui-dialog High Version file version 1.11.4 High
CVE-2016-7103 suppress
Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A References:
cve@mitre.org - BROKEN_LINK,THIRD_PARTY_ADVISORY,VDB_ENTRY cve@mitre.org - EXPLOIT,ISSUE_TRACKING,PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - RELEASE_NOTES,VENDOR_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY,VDB_ENTRY info - https://github.com/jquery/api.jqueryui.com/issues/281 info - https://nvd.nist.gov/vuln/detail/CVE-2016-7103 info - https://snyk.io/vuln/npm:jquery-ui:20160721 Vulnerable Software & Versions (NVD):
cpe:2.3:a:jqueryui:jquery_ui:*:*:*:*:*:*:*:* versions from (including) 1.10.0; versions up to (including) 1.11.4 cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* versions up to (excluding) 19.1 cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:* cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:* cpe:2.3:a:oracle:hospitality_cruise_fleet_management:9.0.11:*:*:*:*:*:*:* cpe:2.3:a:oracle:oss_support_tools:*:*:*:*:*:*:*:* versions up to (excluding) 2.12.42 cpe:2.3:a:oracle:oss_support_tools:2.12.42:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 16.0; versions up to (including) 16.2 cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.0; versions up to (including) 17.12.4 cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 18.0; versions up to (including) 18.8.4 cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:* versions up to (including) 21.2 cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:openstack:7.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:openstack:8:*:*:*:*:*:*:* cpe:2.3:a:redhat:openstack:9:*:*:*:*:*:*:* CVE-2021-41182 suppress
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A References:
info - https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc info - https://nvd.nist.gov/vuln/detail/CVE-2021-41182 security-advisories@github.com - EXPLOIT,MITIGATION,THIRD_PARTY_ADVISORY security-advisories@github.com - MAILING_LIST,THIRD_PARTY_ADVISORY security-advisories@github.com - MAILING_LIST,THIRD_PARTY_ADVISORY security-advisories@github.com - MAILING_LIST,THIRD_PARTY_ADVISORY security-advisories@github.com - MAILING_LIST,THIRD_PARTY_ADVISORY security-advisories@github.com - MAILING_LIST,THIRD_PARTY_ADVISORY security-advisories@github.com - MAILING_LIST,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - RELEASE_NOTES,VENDOR_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY Vulnerable Software & Versions (NVD):
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.86 cpe:2.3:a:jqueryui:jquery_ui:*:*:*:*:*:jquery:*:* versions up to (excluding) 1.13.0 cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* versions up to (excluding) 22.1.1 cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_platform:2.12.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:big_data_spatial_and_graph:*:*:*:*:*:*:*:* versions up to (excluding) 23.1 cpe:2.3:a:oracle:big_data_spatial_and_graph:23.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_inventory_management:9.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_suite8:*:*:*:*:*:*:*:* versions from (including) 8.11.0; versions up to (including) 8.14.0 cpe:2.3:a:oracle:hospitality_suite8:8.10.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:* versions up to (including) 9.2.6.3 cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:* versions up to (including) 8.0.29 cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:* cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.25 cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.7; versions up to (including) 17.12 cpe:2.3:a:oracle:primavera_unifier:17.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:17.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:17.9:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:17.10:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:17.11:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:17.12:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:* cpe:2.3:a:oracle:rest_data_services:*:*:*:*:-:*:*:* versions up to (excluding) 22.1.1 cpe:2.3:a:oracle:rest_data_services:22.1.1:*:*:*:-:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:* cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:* versions up to (excluding) 5.21.0 CVE-2021-41183 suppress
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now always treated as pure text, not HTML. A workaround is to not accept the value of the `*Text` options from untrusted sources. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A References:
info - https://bugs.jqueryui.com/ticket/15284 info - https://nvd.nist.gov/vuln/detail/CVE-2021-41183 security-advisories@github.com - EXPLOIT,MITIGATION,THIRD_PARTY_ADVISORY security-advisories@github.com - ISSUE_TRACKING,VENDOR_ADVISORY security-advisories@github.com - MAILING_LIST,THIRD_PARTY_ADVISORY security-advisories@github.com - MAILING_LIST,THIRD_PARTY_ADVISORY security-advisories@github.com - MAILING_LIST,THIRD_PARTY_ADVISORY security-advisories@github.com - MAILING_LIST,THIRD_PARTY_ADVISORY security-advisories@github.com - MAILING_LIST,THIRD_PARTY_ADVISORY security-advisories@github.com - MAILING_LIST,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,RELEASE_NOTES,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - RELEASE_NOTES,VENDOR_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY Vulnerable Software & Versions (NVD):
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.86 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 9.2.0; versions up to (excluding) 9.2.11 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 9.3.0; versions up to (excluding) 9.3.3 cpe:2.3:a:jqueryui:jquery_ui:*:*:*:*:*:jquery:*:* versions up to (excluding) 1.13.0 cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* versions up to (excluding) 22.1.1 cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_platform:2.12.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:big_data_spatial_and_graph:*:*:*:*:*:*:*:* versions up to (excluding) 23.1 cpe:2.3:a:oracle:big_data_spatial_and_graph:23.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_inventory_management:9.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_suite8:*:*:*:*:*:*:*:* versions from (including) 8.11.0; versions up to (including) 11.14.0 cpe:2.3:a:oracle:hospitality_suite8:8.10.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:* versions up to (including) 9.2.6.3 cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:* versions up to (including) 8.0.29 cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:* cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.5 cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 17.7; versions up to (including) 17.12 cpe:2.3:a:oracle:primavera_gateway:18.8.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_gateway:19.12.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_gateway:20.12.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_gateway:21.12.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:rest_data_services:*:*:*:*:-:*:*:* versions up to (excluding) 22.1.1 cpe:2.3:a:oracle:rest_data_services:22.1.1:*:*:*:-:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:* cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:* versions up to (excluding) 5.21.0 CVE-2021-41184 suppress
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A References:
info - https://github.com/jquery/jquery-ui/security/advisories/GHSA-gpqq-952q-5327 info - https://nvd.nist.gov/vuln/detail/CVE-2021-41184 security-advisories@github.com - MAILING_LIST,THIRD_PARTY_ADVISORY security-advisories@github.com - MAILING_LIST,THIRD_PARTY_ADVISORY security-advisories@github.com - MAILING_LIST,THIRD_PARTY_ADVISORY security-advisories@github.com - MAILING_LIST,THIRD_PARTY_ADVISORY security-advisories@github.com - MAILING_LIST,THIRD_PARTY_ADVISORY security-advisories@github.com - MITIGATION,PATCH,VENDOR_ADVISORY security-advisories@github.com - PATCH,RELEASE_NOTES,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,VENDOR_ADVISORY security-advisories@github.com - RELEASE_NOTES,VENDOR_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY Vulnerable Software & Versions (NVD):
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.86 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 9.2.0; versions up to (excluding) 9.2.11 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 9.3.0; versions up to (excluding) 9.3.3 cpe:2.3:a:jqueryui:jquery_ui:*:*:*:*:*:jquery:*:* versions up to (excluding) 1.13.0 cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* versions up to (excluding) 22.1.1 cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_platform:2.12.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:big_data_spatial_and_graph:*:*:*:*:*:*:*:* versions up to (excluding) 23.1 cpe:2.3:a:oracle:big_data_spatial_and_graph:23.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_inventory_management:9.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_suite8:*:*:*:*:*:*:*:* versions from (including) 8.11.0; versions up to (including) 8.14.0 cpe:2.3:a:oracle:hospitality_suite8:8.10.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:* versions up to (including) 9.2.6.3 cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:* cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.25 cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.7; versions up to (including) 17.12 cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:* cpe:2.3:a:oracle:rest_data_services:*:*:*:*:-:*:*:* versions up to (excluding) 22.1.1 cpe:2.3:a:oracle:rest_data_services:22.1.1:*:*:*:-:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:* cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:* versions up to (excluding) 5.21.0 CVE-2022-31160 suppress
jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. Versions prior to 1.13.2 are potentially vulnerable to cross-site scripting. Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents considered as the input label. Calling `.checkboxradio( "refresh" )` on such a widget and the initial HTML contained encoded HTML entities will make them erroneously get decoded. This can lead to potentially executing JavaScript code. The bug has been patched in jQuery UI 1.13.2. To remediate the issue, someone who can change the initial HTML can wrap all the non-input contents of the `label` in a `span`. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:drupal:jquery_ui_checkboxradio:8.x-1.0:*:*:*:*:drupal:*:* cpe:2.3:a:drupal:jquery_ui_checkboxradio:8.x-1.1:*:*:*:*:drupal:*:* cpe:2.3:a:drupal:jquery_ui_checkboxradio:8.x-1.2:*:*:*:*:drupal:*:* cpe:2.3:a:drupal:jquery_ui_checkboxradio:8.x-1.3:*:*:*:*:drupal:*:* cpe:2.3:a:jqueryui:jquery_ui:*:*:*:*:*:jquery:*:* versions up to (excluding) 1.13.2 cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:* schemaspy-6.2.4.jar: jquery-ui.min.jsFile Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/admin-lte/plugins/jQueryUI/jquery-ui.min.jsMD5: d935d506ae9c8dd9e0f96706fbb91f65SHA1: 7f650ee30c6a4d3eea04032039b20ff72997559bSHA256: c4d8dbe77feb63e5a61bee0bead4e5f66e8fa6a927599bd1b74aced52467273cReferenced In Project/Scope: SchemaSpy Maven Plugin:compile
Evidence Type Source Name Value Confidence Vendor file name jquery-ui High Vendor file name jquery-ui-dialog High Product file name jquery-ui High Product file name jquery-ui-dialog High Version file version 1.11.4 High
CVE-2016-7103 suppress
Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A References:
cve@mitre.org - BROKEN_LINK,THIRD_PARTY_ADVISORY,VDB_ENTRY cve@mitre.org - EXPLOIT,ISSUE_TRACKING,PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - RELEASE_NOTES,VENDOR_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY,VDB_ENTRY info - https://github.com/jquery/api.jqueryui.com/issues/281 info - https://nvd.nist.gov/vuln/detail/CVE-2016-7103 info - https://snyk.io/vuln/npm:jquery-ui:20160721 Vulnerable Software & Versions (NVD):
cpe:2.3:a:jqueryui:jquery_ui:*:*:*:*:*:*:*:* versions from (including) 1.10.0; versions up to (including) 1.11.4 cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* versions up to (excluding) 19.1 cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:* cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:* cpe:2.3:a:oracle:hospitality_cruise_fleet_management:9.0.11:*:*:*:*:*:*:* cpe:2.3:a:oracle:oss_support_tools:*:*:*:*:*:*:*:* versions up to (excluding) 2.12.42 cpe:2.3:a:oracle:oss_support_tools:2.12.42:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 16.0; versions up to (including) 16.2 cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.0; versions up to (including) 17.12.4 cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 18.0; versions up to (including) 18.8.4 cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:* versions up to (including) 21.2 cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:openstack:7.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:openstack:8:*:*:*:*:*:*:* cpe:2.3:a:redhat:openstack:9:*:*:*:*:*:*:* CVE-2021-41182 suppress
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A References:
info - https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc info - https://nvd.nist.gov/vuln/detail/CVE-2021-41182 security-advisories@github.com - EXPLOIT,MITIGATION,THIRD_PARTY_ADVISORY security-advisories@github.com - MAILING_LIST,THIRD_PARTY_ADVISORY security-advisories@github.com - MAILING_LIST,THIRD_PARTY_ADVISORY security-advisories@github.com - MAILING_LIST,THIRD_PARTY_ADVISORY security-advisories@github.com - MAILING_LIST,THIRD_PARTY_ADVISORY security-advisories@github.com - MAILING_LIST,THIRD_PARTY_ADVISORY security-advisories@github.com - MAILING_LIST,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - RELEASE_NOTES,VENDOR_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY Vulnerable Software & Versions (NVD):
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.86 cpe:2.3:a:jqueryui:jquery_ui:*:*:*:*:*:jquery:*:* versions up to (excluding) 1.13.0 cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* versions up to (excluding) 22.1.1 cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_platform:2.12.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:big_data_spatial_and_graph:*:*:*:*:*:*:*:* versions up to (excluding) 23.1 cpe:2.3:a:oracle:big_data_spatial_and_graph:23.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_inventory_management:9.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_suite8:*:*:*:*:*:*:*:* versions from (including) 8.11.0; versions up to (including) 8.14.0 cpe:2.3:a:oracle:hospitality_suite8:8.10.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:* versions up to (including) 9.2.6.3 cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:* versions up to (including) 8.0.29 cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:* cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.25 cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.7; versions up to (including) 17.12 cpe:2.3:a:oracle:primavera_unifier:17.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:17.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:17.9:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:17.10:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:17.11:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:17.12:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:* cpe:2.3:a:oracle:rest_data_services:*:*:*:*:-:*:*:* versions up to (excluding) 22.1.1 cpe:2.3:a:oracle:rest_data_services:22.1.1:*:*:*:-:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:* cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:* versions up to (excluding) 5.21.0 CVE-2021-41183 suppress
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now always treated as pure text, not HTML. A workaround is to not accept the value of the `*Text` options from untrusted sources. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A References:
info - https://bugs.jqueryui.com/ticket/15284 info - https://nvd.nist.gov/vuln/detail/CVE-2021-41183 security-advisories@github.com - EXPLOIT,MITIGATION,THIRD_PARTY_ADVISORY security-advisories@github.com - ISSUE_TRACKING,VENDOR_ADVISORY security-advisories@github.com - MAILING_LIST,THIRD_PARTY_ADVISORY security-advisories@github.com - MAILING_LIST,THIRD_PARTY_ADVISORY security-advisories@github.com - MAILING_LIST,THIRD_PARTY_ADVISORY security-advisories@github.com - MAILING_LIST,THIRD_PARTY_ADVISORY security-advisories@github.com - MAILING_LIST,THIRD_PARTY_ADVISORY security-advisories@github.com - MAILING_LIST,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,RELEASE_NOTES,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - RELEASE_NOTES,VENDOR_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY Vulnerable Software & Versions (NVD):
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.86 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 9.2.0; versions up to (excluding) 9.2.11 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 9.3.0; versions up to (excluding) 9.3.3 cpe:2.3:a:jqueryui:jquery_ui:*:*:*:*:*:jquery:*:* versions up to (excluding) 1.13.0 cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* versions up to (excluding) 22.1.1 cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_platform:2.12.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:big_data_spatial_and_graph:*:*:*:*:*:*:*:* versions up to (excluding) 23.1 cpe:2.3:a:oracle:big_data_spatial_and_graph:23.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_inventory_management:9.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_suite8:*:*:*:*:*:*:*:* versions from (including) 8.11.0; versions up to (including) 11.14.0 cpe:2.3:a:oracle:hospitality_suite8:8.10.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:* versions up to (including) 9.2.6.3 cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:* versions up to (including) 8.0.29 cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:* cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.5 cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 17.7; versions up to (including) 17.12 cpe:2.3:a:oracle:primavera_gateway:18.8.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_gateway:19.12.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_gateway:20.12.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_gateway:21.12.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:rest_data_services:*:*:*:*:-:*:*:* versions up to (excluding) 22.1.1 cpe:2.3:a:oracle:rest_data_services:22.1.1:*:*:*:-:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:* cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:* versions up to (excluding) 5.21.0 CVE-2021-41184 suppress
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A References:
info - https://github.com/jquery/jquery-ui/security/advisories/GHSA-gpqq-952q-5327 info - https://nvd.nist.gov/vuln/detail/CVE-2021-41184 security-advisories@github.com - MAILING_LIST,THIRD_PARTY_ADVISORY security-advisories@github.com - MAILING_LIST,THIRD_PARTY_ADVISORY security-advisories@github.com - MAILING_LIST,THIRD_PARTY_ADVISORY security-advisories@github.com - MAILING_LIST,THIRD_PARTY_ADVISORY security-advisories@github.com - MAILING_LIST,THIRD_PARTY_ADVISORY security-advisories@github.com - MITIGATION,PATCH,VENDOR_ADVISORY security-advisories@github.com - PATCH,RELEASE_NOTES,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,VENDOR_ADVISORY security-advisories@github.com - RELEASE_NOTES,VENDOR_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY Vulnerable Software & Versions (NVD):
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.86 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 9.2.0; versions up to (excluding) 9.2.11 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 9.3.0; versions up to (excluding) 9.3.3 cpe:2.3:a:jqueryui:jquery_ui:*:*:*:*:*:jquery:*:* versions up to (excluding) 1.13.0 cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* versions up to (excluding) 22.1.1 cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_platform:2.12.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:big_data_spatial_and_graph:*:*:*:*:*:*:*:* versions up to (excluding) 23.1 cpe:2.3:a:oracle:big_data_spatial_and_graph:23.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_inventory_management:9.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_suite8:*:*:*:*:*:*:*:* versions from (including) 8.11.0; versions up to (including) 8.14.0 cpe:2.3:a:oracle:hospitality_suite8:8.10.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:* versions up to (including) 9.2.6.3 cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:* cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.25 cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.7; versions up to (including) 17.12 cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:* cpe:2.3:a:oracle:rest_data_services:*:*:*:*:-:*:*:* versions up to (excluding) 22.1.1 cpe:2.3:a:oracle:rest_data_services:22.1.1:*:*:*:-:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:* cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:* versions up to (excluding) 5.21.0 CVE-2022-31160 suppress
jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. Versions prior to 1.13.2 are potentially vulnerable to cross-site scripting. Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents considered as the input label. Calling `.checkboxradio( "refresh" )` on such a widget and the initial HTML contained encoded HTML entities will make them erroneously get decoded. This can lead to potentially executing JavaScript code. The bug has been patched in jQuery UI 1.13.2. To remediate the issue, someone who can change the initial HTML can wrap all the non-input contents of the `label` in a `span`. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:drupal:jquery_ui_checkboxradio:8.x-1.0:*:*:*:*:drupal:*:* cpe:2.3:a:drupal:jquery_ui_checkboxradio:8.x-1.1:*:*:*:*:drupal:*:* cpe:2.3:a:drupal:jquery_ui_checkboxradio:8.x-1.2:*:*:*:*:drupal:*:* cpe:2.3:a:drupal:jquery_ui_checkboxradio:8.x-1.3:*:*:*:*:drupal:*:* cpe:2.3:a:jqueryui:jquery_ui:*:*:*:*:*:jquery:*:* versions up to (excluding) 1.13.2 cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:* schemaspy-6.2.4.jar: jquery.dataTables.min.jsFile Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/datatables.net/jquery.dataTables.min.jsMD5: bcf14f55a3878cef5e522906ce13235bSHA1: 588658fcd1f3acda0cd435dd583b1fe869d8f67bSHA256: 8f4d3b47b47a8a31163dad5d7fb15e27a0056d07b0c34c6089fd9225664e847cReferenced In Project/Scope: SchemaSpy Maven Plugin:compile
Evidence Type Source Name Value Confidence Vendor file name jquery.datatables High Product file name jquery.datatables High Version file version 1.10.15 High
CVE-2020-28458 suppress
All versions of package datatables.net are vulnerable to Prototype Pollution due to an incomplete fix for https://snyk.io/vuln/SNYK-JS-DATATABLESNET-598806. CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (7.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:datatables:datatables.net:*:*:*:*:*:node.js:*:* versions up to (excluding) 1.10.23 CVE-2021-23445 suppress
This affects the package datatables.net before 1.11.3. If an array is passed to the HTML escape entities function it would not have its contents escaped. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:datatables:datatables.net:*:*:*:*:*:node.js:*:* versions up to (excluding) 1.11.3 prototype pollution (RETIREJS) suppress
prototype pollution Unscored:
References:
possible XSS (RETIREJS) suppress
possible XSS Unscored:
References:
schemaspy-6.2.4.jar: jquery.jsFile Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/jquery/jquery.jsMD5: 09dd64a64ba840c31a812a3ca25eaeeeSHA1: fd81582bf1b15e6747472df880ca822c362a97d1SHA256: 0d9027289ffa5d9f6c8b4e0782bb31bbff2cef5ee3708ccbcb7a22df9128bb21Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
Evidence Type Source Name Value Confidence Vendor file name jquery High Product file name jquery High Version file version 3.2.1 High
CVE-2019-11358 suppress
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype. CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A References:
cve@mitre.org - BROKEN_LINK,THIRD_PARTY_ADVISORY,VDB_ENTRY cve@mitre.org - EXPLOIT,THIRD_PARTY_ADVISORY cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING,MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - RELEASE_NOTES,VENDOR_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY,VDB_ENTRY cve@mitre.org - THIRD_PARTY_ADVISORY,VDB_ENTRY cve@mitre.org - THIRD_PARTY_ADVISORY,VDB_ENTRY info - https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/ info - https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b info - https://nvd.nist.gov/vuln/detail/CVE-2019-11358 Vulnerable Software & Versions (NVD):
cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.11.0; versions up to (excluding) 1.11.9 cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.12.0; versions up to (excluding) 1.12.6 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.66 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.5.0; versions up to (excluding) 8.5.15 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.6.0; versions up to (excluding) 8.6.15 cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:* versions from (including) 3.0.0; versions up to (including) 3.9.4 cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0 cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:* versions from (including) 3.0; versions up to (including) 3.1.3 cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:* cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* versions up to (excluding) 19.1 cpe:2.3:a:oracle:application_service_level_management:13.2.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_service_level_management:13.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_testing_suite:13.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_testing_suite:13.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_enterprise_collections:*:*:*:*:*:*:*:* versions from (including) 2.7.0; versions up to (including) 2.8.0 cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:* versions from (including) 2.4.0; versions up to (including) 2.10.0 cpe:2.3:a:oracle:bi_publisher:5.5.0.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:bi_publisher:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:big_data_discovery:1.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_application_session_controller:3.8m0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:* versions from (including) 16.1.0; versions up to (including) 16.4.0 cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_interactive_session_recorder:*:*:*:*:*:*:*:* versions from (including) 6.0; versions up to (including) 6.4 cpe:2.3:a:oracle:communications_operations_monitor:*:*:*:*:*:*:*:* versions from (including) 4.1; versions up to (including) 4.3 cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_operations_monitor:4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_operations_monitor:4.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_unified_inventory_management:7.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:diagnostic_assistant:2.12.36:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 7.3.3; versions up to (including) 7.3.5 cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.1.0 cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_asset_liability_management:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_balance_sheet_planning:8.0.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.8 cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.9 cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:* versions from (including) 8.0.5; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_data_integration_hub:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_enterprise_financial_performance_analytics:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_enterprise_financial_performance_analytics:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.0.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.4.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.5.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_profitability_management:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_de_nederlandsche_bank:8.0.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_us_federal_reserve:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_retail_customer_analytics:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.6 cpe:2.3:a:oracle:financial_services_retail_performance_analytics:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_retail_performance_analytics:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.4.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.4.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.2.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.3.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.3.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_simphony:*:*:*:*:*:*:*:* versions from (including) 19.1.0; versions up to (including) 19.1.2 cpe:2.3:a:oracle:hospitality_simphony:18.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_simphony:18.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:identity_manager:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_accounting_analyzer:8.0.9:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.0.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:insurance_ifrs_17_analyzer:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_ifrs_17_analyzer:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:* versions from (including) 5.0.0.0; versions up to (including) 5.6.0.0 cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_performance_insight:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper_and_adf:11.1.1.9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper_and_adf:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper_and_adf:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:knowledge:*:*:*:*:*:*:*:* versions from (including) 8.6.0; versions up to (including) 8.6.3 cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:* cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.15 cpe:2.3:a:oracle:policy_automation:10.4.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:policy_automation:12.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:policy_automation:12.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.15 cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 16.2.0; versions up to (including) 16.2.11 cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 17.12.0; versions up to (including) 17.12.7 cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 18.8.0; versions up to (including) 18.8.9 cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 19.12.0; versions up to (including) 19.12.4 cpe:2.3:a:oracle:primavera_gateway:15.2.18:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.7; versions up to (including) 17.12 cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:real-time_scheduler:*:*:*:*:*:*:*:* versions from (including) 2.3.0.1; versions up to (including) 2.3.0.3 cpe:2.3:a:oracle:rest_data_services:18c:*:*:*:-:*:*:* cpe:2.3:a:oracle:rest_data_services:19c:*:*:*:-:*:*:* cpe:2.3:a:oracle:rest_data_services:11.2.0.4:*:*:*:-:*:*:* cpe:2.3:a:oracle:rest_data_services:12.1.0.2:*:*:*:-:*:*:* cpe:2.3:a:oracle:rest_data_services:12.2.0.1:*:*:*:-:*:*:* cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_central_office:14.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_point-of-service:14.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:service_bus:11.1.1.9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:siebel_mobile_applications:*:*:*:*:*:*:*:* versions up to (including) 19.8 cpe:2.3:a:oracle:siebel_ui_framework:20.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:system_utilities:19.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:tape_library_acsls:8.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:tape_library_acsls:8.5.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:transportation_management:1.4.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:utilities_mobile_workforce_management:*:*:*:*:*:*:*:* versions from (including) 2.3.0.1; versions up to (including) 2.3.0.3 cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:cloudforms:4.7:*:*:*:*:*:*:* cpe:2.3:a:redhat:virtualization_manager:4.3:*:*:*:*:*:*:* CVE-2020-11022 suppress
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A References:
info - https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ security-advisories@github.com - BROKEN_LINK security-advisories@github.com - BROKEN_LINK security-advisories@github.com - BROKEN_LINK security-advisories@github.com - EXPLOIT,THIRD_PARTY_ADVISORY,VDB_ENTRY security-advisories@github.com - MAILING_LIST,THIRD_PARTY_ADVISORY security-advisories@github.com - MITIGATION,THIRD_PARTY_ADVISORY security-advisories@github.com - MITIGATION,VENDOR_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - RELEASE_NOTES,VENDOR_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY Vulnerable Software & Versions (NVD):
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.70 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.7.0; versions up to (excluding) 8.7.14 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.8.0; versions up to (excluding) 8.8.6 cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions from (including) 1.2; versions up to (excluding) 3.5.0 cpe:2.3:a:netapp:max_data:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:* versions from (including) 3.0; versions up to (including) 3.1.3 cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_supplier_collaboration_for_process:6.2.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:* versions from (including) 18.1; versions up to (including) 20.1 cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:* versions up to (excluding) 21.1.2 cpe:2.3:a:oracle:communications_application_session_controller:3.8m0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_diameter_signaling_router_idih\::*:*:*:*:*:*:*:* versions from (including) 8.0.0; versions up to (including) 8.2.2 cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:* versions from (including) 16.1.0; versions up to (including) 16.4.0 cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0 cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.6.0.0; versions up to (including) 8.1.0.0.0 cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8 cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_asset_liability_management:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_balance_sheet_planning:8.0.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8 cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8 cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0 cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.9 cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_data_integration_hub:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8 cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8 cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_profitability_management:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_profitability_management:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_profitability_management:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0 cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_us_federal_reserve:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.9 cpe:2.3:a:oracle:healthcare_foundation:7.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_simphony:*:*:*:*:*:*:*:* versions from (including) 19.1.0; versions up to (including) 19.1.2 cpe:2.3:a:oracle:hospitality_simphony:18.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_simphony:18.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_simphony:19.1.0-19.1.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_accounting_analyzer:8.0.9:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.0.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0 cpe:2.3:a:oracle:insurance_data_foundation:8.0.6-8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:* versions from (including) 5.0.0.0; versions up to (including) 5.6.0.0 cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:* cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.20 cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.20 cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:siebel_ui_framework:20.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:storagetek_acsls:8.5.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:* cpe:2.3:a:tenable:log_correlation_engine:*:*:*:*:*:*:*:* versions up to (excluding) 6.0.9 CVE-2020-11023 suppress
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A References:
info - https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ security-advisories@github.com - BROKEN_LINK security-advisories@github.com - BROKEN_LINK security-advisories@github.com - BROKEN_LINK,MAILING_LIST,THIRD_PARTY_ADVISORY security-advisories@github.com - EXPLOIT,THIRD_PARTY_ADVISORY,VDB_ENTRY security-advisories@github.com - MAILING_LIST,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - RELEASE_NOTES,VENDOR_ADVISORY security-advisories@github.com - RELEASE_NOTES,VENDOR_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY Vulnerable Software & Versions (NVD):
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.70 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.7.0; versions up to (excluding) 8.7.14 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.8.0; versions up to (excluding) 8.8.6 cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions from (including) 1.0.3; versions up to (excluding) 3.5.0 cpe:2.3:a:netapp:max_data:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:* versions from (including) 3.0; versions up to (including) 3.1.3 cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:snapcenter_server:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* versions up to (excluding) 20.2 cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_enterprise_collections:*:*:*:*:*:*:*:* versions from (including) 2.7.0; versions up to (including) 2.8.0 cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:* versions from (including) 2.4.0; versions up to (including) 2.10.0 cpe:2.3:a:oracle:business_intelligence:5.9.0.0.0:*:*:*:enterprise:*:*:* cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:* versions from (including) 16.1.0; versions up to (including) 16.4.0 cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_interactive_session_recorder:*:*:*:*:*:*:*:* versions from (including) 6.1; versions up to (including) 6.4 cpe:2.3:a:oracle:communications_operations_monitor:*:*:*:*:*:*:*:* versions from (including) 4.1; versions up to (including) 4.3 cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_de_nederlandsche_bank:8.0.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:health_sciences_inform:6.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.3.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.3.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hyperion_financial_reporting:11.1.2.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:* versions up to (excluding) 9.2.5.0 cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:* versions up to (excluding) 9.2.5.0 cpe:2.3:a:oracle:oss_support_tools:*:*:*:*:*:*:*:* versions up to (excluding) 2.12.41 cpe:2.3:a:oracle:peoplesoft_enterprise_human_capital_management_resources:9.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 16.2; versions up to (including) 16.2.11 cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 17.12.0; versions up to (including) 17.12.7 cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 18.8.0; versions up to (including) 18.8.9 cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 19.12.0; versions up to (including) 19.12.4 cpe:2.3:a:oracle:rest_data_services:18c:*:*:*:-:*:*:* cpe:2.3:a:oracle:rest_data_services:19c:*:*:*:-:*:*:* cpe:2.3:a:oracle:rest_data_services:11.2.0.4:*:*:*:-:*:*:* cpe:2.3:a:oracle:rest_data_services:12.1.0.2:*:*:*:-:*:*:* cpe:2.3:a:oracle:rest_data_services:12.2.0.1:*:*:*:-:*:*:* cpe:2.3:a:oracle:siebel_mobile:*:*:*:*:*:*:*:* versions up to (including) 20.12 cpe:2.3:a:oracle:storagetek_acsls:8.5.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:* cpe:2.3:a:tenable:log_correlation_engine:*:*:*:*:*:*:*:* versions up to (excluding) 6.0.9 schemaspy-6.2.4.jar: jquery.slimscroll.jsFile Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/admin-lte/plugins/slimScroll/jquery.slimscroll.jsMD5: 6ee5ab5d89857be6eaf08b63eb3246b0SHA1: 1988633067079e50c05ac4bf42eb59c97aa96992SHA256: e0ae991f3c0c611e7f794d9278321a072bacfea922f48158f219b197953a0f56Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
Evidence Type Source Name Value Confidence
schemaspy-6.2.4.jar: jquery.slimscroll.min.jsFile Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/admin-lte/plugins/slimScroll/jquery.slimscroll.min.jsMD5: f1dbc7920f93bd2b1dcfede95b473e4eSHA1: 54dd07a613abfc09c6bf6aacdc2a5d089073e10bSHA256: a84ffabdd498cd0bbd960a2c2b1845a65113bd6bea00096602e47ec8f87fd122Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
Evidence Type Source Name Value Confidence
schemaspy-6.2.4.jar: main.jsFile Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/main.jsMD5: 1674dff558a26b59870c39f57b599680SHA1: 23ef321067a5ec8409458756c4ec2d004e8651ebSHA256: af72dcd47a6eed28231ce02c2225c3f04ccd74e61e7e65439664ece556b55a18Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
Evidence Type Source Name Value Confidence
schemaspy-6.2.4.jar: npm.jsFile Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/admin-lte/bootstrap/js/npm.jsMD5: ccb7f3909e30b1eb8f65a24393c6e12bSHA1: e2b7590d6ec1fdac66b01fdf66ae0879f53b1262SHA256: c7aa82a1aa7d45224a38d926d2adaff7fe4aef5bcdafa2a47bdac057f4422c2dReferenced In Project/Scope: SchemaSpy Maven Plugin:compile
Evidence Type Source Name Value Confidence
schemaspy-6.2.4.jar: pdfmake.min.jsFile Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/pdfmake/pdfmake.min.jsMD5: 130f523ea67129c5bb064a5db8c98829SHA1: 89a69ec428dca66a4131734b11db2810beeac622SHA256: e6cd72039171e4c5ef6e234a3ea806707d3252234d327ceb7cf69bdff3d9392dReferenced In Project/Scope: SchemaSpy Maven Plugin:compile
Evidence Type Source Name Value Confidence
schemaspy-6.2.4.jar: relationships.jsFile Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/relationships.jsMD5: 920f55f8a197bae3ecbe0d907d788819SHA1: 0a9e67abba65c0d55c85b79f3a2f51caf7eeeab8SHA256: 9be5e21c869973701cb19051bcf1a5eeca80fa04ae8d1a2840ddb3151251e17aReferenced In Project/Scope: SchemaSpy Maven Plugin:compile
Evidence Type Source Name Value Confidence
schemaspy-6.2.4.jar: respond.min.jsFile Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/respond/respond.min.jsMD5: afc1984a3d17110449dc90cf22de0c27SHA1: b5aba40d65b0d6f85859db47f757ea971a0efd30SHA256: 83a8807ef669fa70d0d9375347f5552897f76c6ae8e2e6f97ef592595462d8d1Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
Evidence Type Source Name Value Confidence
schemaspy-6.2.4.jar: routine.jsFile Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/routines/routine.jsMD5: 0d13031169769672c7a17ee127db82e8SHA1: 85955b0b760b2690a048b55717cad009c8a2aa39SHA256: 6be89a8fcc7bde886140d054be945aea98565961a8a1bf6a24c1371d43e30b2aReferenced In Project/Scope: SchemaSpy Maven Plugin:compile
Evidence Type Source Name Value Confidence
schemaspy-6.2.4.jar: routines.jsFile Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/routines.jsMD5: 7997db7fac75cdcff42ff5ab41af7eb3SHA1: 1f3221dc6387342948bbbfd241d72b6544a3d982SHA256: 7da7c157f007dde035982adfce4241b2d6f897632afed95ac7cea074e082805eReferenced In Project/Scope: SchemaSpy Maven Plugin:compile
Evidence Type Source Name Value Confidence
schemaspy-6.2.4.jar: salvattore.min.jsFile Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/salvattore/salvattore.min.jsMD5: e777a377c4b6629dd095ae07709f814bSHA1: 936d17d233eb43856dab36d8e3db1f16c13ffc95SHA256: ec3b330e880a042023f8af4b52db57de99d0d38819900c1b9ef8c6c7c3b62a30Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
Evidence Type Source Name Value Confidence
schemaspy-6.2.4.jar: schemaSpy.jsFile Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/schemaSpy.jsMD5: 4702bba66246aae9659e315ca2041a87SHA1: feb05dc22646161c9ab25bc179b0643e69d9aff6SHA256: 56e99aaf99b8443e57a9f2bd247db7017b90e97389f7a517df2057bd41532034Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
Evidence Type Source Name Value Confidence
schemaspy-6.2.4.jar: sql.jsFile Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/codemirror/sql.jsMD5: 407f4fc907254cc5678ee89214e2bfb5SHA1: 68bf7356c2d20f962c61c373d920d929bf4333a3SHA256: e2b95aaecc29e6a2544c7bc6827dfe16c5b96055de996a69a888b8f2042a6471Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
Evidence Type Source Name Value Confidence
schemaspy-6.2.4.jar: table.jsFile Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/tables/table.jsMD5: 2a19d7502bf0e2a89a35ae03ede1569dSHA1: b4cf4c72c3316f44080bed58a4af46a61cdbec48SHA256: c8ec184c4a47349841618017610e830347fae799a9f7446b3b111a16ab3ae3eaReferenced In Project/Scope: SchemaSpy Maven Plugin:compile
Evidence Type Source Name Value Confidence
schemaspy-6.2.4.jar: vfs_fonts.jsFile Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/pdfmake/vfs_fonts.jsMD5: 795e143b8f4eeb5089b2638cdeca7006SHA1: 914c1db78046ed67723702de671b32a0b591206fSHA256: 5cb81fa70754070475938e9859359a268122c9b62cac154ebb8e120e812662ccReferenced In Project/Scope: SchemaSpy Maven Plugin:compile
Evidence Type Source Name Value Confidence
schemaspy-6.2.4.jar: viz.jsFile Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/viz.jsMD5: 50c0fe0cec14d1030d023b260f8ee1b7SHA1: 8c15e61d28791e45824922e3e81cd8c5c5bba618SHA256: b6f33297afb84c5ef7c2f572d800390a4dd0c5186b5c5488a1762b49d1c9fe9fReferenced In Project/Scope: SchemaSpy Maven Plugin:compile
Evidence Type Source Name Value Confidence
schemaspy-6.2.4.jar: xlsx.full.min.jsFile Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/js-xlsx/xlsx.full.min.jsMD5: b234f9d123c694019d2721c90ff9f8dfSHA1: cfd5eeb3cc1f745b88c21f76450a6e560b53584bSHA256: 6dbcaacf07c01b3888e33ffe354eb848aab1177f303d5179e4f9d2ca0bdd484cReferenced In Project/Scope: SchemaSpy Maven Plugin:compile
Evidence Type Source Name Value Confidence
serializer-2.7.2.jarDescription:
Serializer to write out XML, HTML etc. as a stream of characters from an input DOM or from input
SAX events.
File Path: /home/runner/.m2/repository/xalan/serializer/2.7.2/serializer-2.7.2.jarMD5: e8325763fd4235f174ab7b72ed815db1SHA1: 24247f3bb052ee068971393bdb83e04512bb1c3cSHA256: e8f5b4340d3b12a0cfa44ac2db4be4e0639e479ae847df04c4ed8b521734bb4aReferenced In Project/Scope: SchemaSpy Maven Plugin:compileserializer-2.7.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4
Evidence Type Source Name Value Confidence Vendor file name serializer High Vendor jar package name apache Highest Vendor jar package name serializer Highest Vendor jar package name xml Highest Vendor manifest: org/apache/xml/serializer/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: org/apache/xml/serializer/utils/ Implementation-Vendor Apache Software Foundation Medium Vendor pom artifactid serializer Highest Vendor pom artifactid serializer Low Vendor pom groupid xalan Highest Vendor pom name Xalan Java Serializer High Vendor pom parent-artifactid apache Low Vendor pom parent-groupid org.apache Medium Vendor pom url http://xml.apache.org/xalan-j/ Highest Product file name serializer High Product jar package name apache Highest Product jar package name serializer Highest Product jar package name utils Highest Product jar package name xml Highest Product manifest: org/apache/xml/serializer/ Implementation-Title org.apache.xml.serializer Medium Product manifest: org/apache/xml/serializer/ Specification-Title XSL Transformations (XSLT), at http://www.w3.org/TR/xslt Medium Product manifest: org/apache/xml/serializer/utils/ Implementation-Title org.apache.xml.serializer.utils Medium Product pom artifactid serializer Highest Product pom groupid xalan Highest Product pom name Xalan Java Serializer High Product pom parent-artifactid apache Medium Product pom parent-groupid org.apache Medium Product pom url http://xml.apache.org/xalan-j/ Medium Version file version 2.7.2 High Version manifest: org/apache/xml/serializer/ Implementation-Version 2.7.2 Medium Version manifest: org/apache/xml/serializer/utils/ Implementation-Version 2.7.2 Medium Version pom parent-version 2.7.2 Low Version pom version 2.7.2 Highest
CVE-2022-34169 suppress
The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan. CWE-681 Incorrect Conversion between Numeric Types
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:3.9/RC:R/MAV:A References:
OSSINDEX - [CVE-2022-34169] CWE-681: Incorrect Conversion between Numeric Types OSSIndex - http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-34169 OSSIndex - https://blog.noah.360.net/xalan-j-integer-truncation-reproduce-cve-2022-34169/ OSSIndex - https://bugzilla.redhat.com/show_bug.cgi?id=2108554 OSSIndex - https://github.com/advisories/GHSA-9339-86wc-4qgf security@apache.org - ISSUE_TRACKING,MAILING_LIST,VENDOR_ADVISORY security@apache.org - ISSUE_TRACKING,MAILING_LIST,VENDOR_ADVISORY security@apache.org - MAILING_LIST,PATCH,THIRD_PARTY_ADVISORY security@apache.org - MAILING_LIST,PATCH,THIRD_PARTY_ADVISORY security@apache.org - MAILING_LIST,THIRD_PARTY_ADVISORY security@apache.org - MAILING_LIST,THIRD_PARTY_ADVISORY security@apache.org - MAILING_LIST,THIRD_PARTY_ADVISORY security@apache.org - MAILING_LIST,THIRD_PARTY_ADVISORY security@apache.org - MAILING_LIST,THIRD_PARTY_ADVISORY security@apache.org - MAILING_LIST,THIRD_PARTY_ADVISORY security@apache.org - PATCH,THIRD_PARTY_ADVISORY security@apache.org - THIRD_PARTY_ADVISORY security@apache.org - THIRD_PARTY_ADVISORY security@apache.org - THIRD_PARTY_ADVISORY security@apache.org - THIRD_PARTY_ADVISORY security@apache.org - THIRD_PARTY_ADVISORY,VDB_ENTRY Vulnerable Software & Versions: (show all )
slf4j-api-1.7.36.jarDescription:
The slf4j API File Path: /home/runner/.m2/repository/org/slf4j/slf4j-api/1.7.36/slf4j-api-1.7.36.jarMD5: 872da51f5de7f3923da4de871d57fd85SHA1: 6c62681a2f655b49963a5983b8b0950a6120ae14SHA256: d3ef575e3e4979678dc01bf1dcce51021493b4d11fb7f1be8ad982877c16a1c0Referenced In Project/Scope: SchemaSpy Maven Plugin:compileslf4j-api-1.7.36.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven/maven-core@3.9.9
Evidence Type Source Name Value Confidence Vendor file name slf4j-api High Vendor jar package name slf4j Highest Vendor Manifest automatic-module-name org.slf4j Medium Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor Manifest bundle-symbolicname slf4j.api Medium Vendor pom artifactid slf4j-api Highest Vendor pom artifactid slf4j-api Low Vendor pom groupid org.slf4j Highest Vendor pom name SLF4J API Module High Vendor pom parent-artifactid slf4j-parent Low Vendor pom url http://www.slf4j.org Highest Product file name slf4j-api High Product jar package name slf4j Highest Product Manifest automatic-module-name org.slf4j Medium Product Manifest build-jdk-spec 1.8 Low Product Manifest Bundle-Name slf4j-api Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product Manifest bundle-symbolicname slf4j.api Medium Product Manifest Implementation-Title slf4j-api High Product pom artifactid slf4j-api Highest Product pom groupid org.slf4j Highest Product pom name SLF4J API Module High Product pom parent-artifactid slf4j-parent Medium Product pom url http://www.slf4j.org Medium Version file version 1.7.36 High Version Manifest Bundle-Version 1.7.36 High Version Manifest Implementation-Version 1.7.36 High Version pom version 1.7.36 Highest
snakeyaml-1.25.jarDescription:
YAML 1.1 parser and emitter for Java License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/yaml/snakeyaml/1.25/snakeyaml-1.25.jar
MD5: 6f7d5b8f596047aae07a3bf6f23a0bf2
SHA1: 8b6e01ef661d8378ae6dd7b511a7f2a33fae1421
SHA256: b50ef33187e7dc922b26dbe4dd0fdb3a9cf349e75a08b95269901548eee546eb
Referenced In Project/Scope: SchemaSpy Maven Plugin:runtime
snakeyaml-1.25.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4
Evidence Type Source Name Value Confidence Vendor file name snakeyaml High Vendor jar package name emitter Highest Vendor jar package name parser Highest Vendor jar package name snakeyaml Highest Vendor jar package name yaml Highest Vendor Manifest automatic-module-name org.yaml.snakeyaml Medium Vendor Manifest bundle-symbolicname org.yaml.snakeyaml Medium Vendor pom artifactid snakeyaml Highest Vendor pom artifactid snakeyaml Low Vendor pom developer email alexander.maslov@gmail.com Low Vendor pom developer email jordanangold@gmail.com Low Vendor pom developer email public.somov@gmail.com Low Vendor pom developer id asomov Medium Vendor pom developer id Jordan Medium Vendor pom developer id maslovalex Medium Vendor pom developer name Alexander Maslov Medium Vendor pom developer name Andrey Somov Medium Vendor pom developer name Jordan Angold Medium Vendor pom groupid org.yaml Highest Vendor pom name SnakeYAML High Vendor pom url http://www.snakeyaml.org Highest Product file name snakeyaml High Product jar package name emitter Highest Product jar package name parser Highest Product jar package name snakeyaml Highest Product jar package name yaml Highest Product Manifest automatic-module-name org.yaml.snakeyaml Medium Product Manifest Bundle-Name SnakeYAML Medium Product Manifest bundle-symbolicname org.yaml.snakeyaml Medium Product pom artifactid snakeyaml Highest Product pom developer email alexander.maslov@gmail.com Low Product pom developer email jordanangold@gmail.com Low Product pom developer email public.somov@gmail.com Low Product pom developer id asomov Low Product pom developer id Jordan Low Product pom developer id maslovalex Low Product pom developer name Alexander Maslov Low Product pom developer name Andrey Somov Low Product pom developer name Jordan Angold Low Product pom groupid org.yaml Highest Product pom name SnakeYAML High Product pom url http://www.snakeyaml.org Medium Version file version 1.25 High Version pom version 1.25 Highest
CVE-2022-1471 suppress
SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization. We recommend upgrading to version 2.0 and beyond.
CWE-502 Deserialization of Untrusted Data, CWE-20 Improper Input Validation
CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions:
CVE-2017-18640 suppress
The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564. CWE-776 Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2022-25857 suppress
The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections. CWE-776 Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions:
CVE-2022-38749 suppress
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. CWE-787 Out-of-bounds Write, CWE-121 Stack-based Buffer Overflow
CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions:
CVE-2022-38751 suppress
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. CWE-787 Out-of-bounds Write, CWE-121 Stack-based Buffer Overflow
CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions:
CVE-2022-38752 suppress
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow. CWE-787 Out-of-bounds Write, CWE-121 Stack-based Buffer Overflow
CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions:
CVE-2022-41854 suppress
Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack. CWE-787 Out-of-bounds Write, CWE-121 Stack-based Buffer Overflow
CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions:
CVE-2022-38750 suppress
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. CWE-787 Out-of-bounds Write, CWE-121 Stack-based Buffer Overflow
CVSSv3:
Base Score: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A References:
Vulnerable Software & Versions:
spring-boot-2.2.11.RELEASE.jarDescription:
Spring Boot License:
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0 File Path: /home/runner/.m2/repository/org/springframework/boot/spring-boot/2.2.11.RELEASE/spring-boot-2.2.11.RELEASE.jar
MD5: 24e210dc99417bc95e13224d7b8fd99e
SHA1: d43c1477fbd25790b5592ba9de0576d018825be8
SHA256: caa2cf0d5f2b4c931032a1930d46b586b50092be64ec35ea38d5c811251e6a49
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
spring-boot-2.2.11.RELEASE.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4
Evidence Type Source Name Value Confidence Vendor file name spring-boot High Vendor hint analyzer vendor pivotal software Highest Vendor hint analyzer vendor SpringSource Highest Vendor hint analyzer vendor vmware Highest Vendor jar package name boot Highest Vendor jar package name springframework Highest Vendor Manifest automatic-module-name spring.boot Medium Vendor Manifest build-jdk-spec 1.8 Low Vendor pom artifactid spring-boot Highest Vendor pom artifactid spring-boot Low Vendor pom developer email info@pivotal.io Low Vendor pom developer name Pivotal Medium Vendor pom developer org Pivotal Software, Inc. Medium Vendor pom developer org URL https://www.spring.io Medium Vendor pom groupid org.springframework.boot Highest Vendor pom name Spring Boot High Vendor pom organization name Pivotal Software, Inc. High Vendor pom organization url https://spring.io Medium Vendor pom parent-artifactid spring-boot-parent Low Vendor pom url https://projects.spring.io/spring-boot/#/spring-boot-parent/spring-boot Highest Product file name spring-boot High Product jar package name boot Highest Product jar package name springframework Highest Product Manifest automatic-module-name spring.boot Medium Product Manifest build-jdk-spec 1.8 Low Product Manifest Implementation-Title Spring Boot High Product pom artifactid spring-boot Highest Product pom developer email info@pivotal.io Low Product pom developer name Pivotal Low Product pom developer org Pivotal Software, Inc. Low Product pom developer org URL https://www.spring.io Low Product pom groupid org.springframework.boot Highest Product pom name Spring Boot High Product pom organization name Pivotal Software, Inc. Low Product pom organization url https://spring.io Low Product pom parent-artifactid spring-boot-parent Medium Product pom url https://projects.spring.io/spring-boot/#/spring-boot-parent/spring-boot Medium Version Manifest Implementation-Version 2.2.11.RELEASE High Version pom version 2.2.11.RELEASE Highest
Related Dependencies spring-boot-autoconfigure-2.2.11.RELEASE.jarFile Path: /home/runner/.m2/repository/org/springframework/boot/spring-boot-autoconfigure/2.2.11.RELEASE/spring-boot-autoconfigure-2.2.11.RELEASE.jar MD5: 9cdfb70249e8d44e51fca99d78737418 SHA1: 8dc251da5af47fa3a2122480375dddd0f29a8837 SHA256: 5f9fbf10ab6a50da046174c7d9038ebe15a68929dd11d897a7909d6a583042b0 pkg:maven/org.springframework.boot/spring-boot-autoconfigure@2.2.11.RELEASE spring-boot-starter-2.2.11.RELEASE.jarFile Path: /home/runner/.m2/repository/org/springframework/boot/spring-boot-starter/2.2.11.RELEASE/spring-boot-starter-2.2.11.RELEASE.jar MD5: 4193f71c17534497480082d8bbba1fa2 SHA1: 3908a22eca75943064a9affff6390fe326896388 SHA256: 9f8652914b5e8c200c25288ef40d194af69941bb76a693bf36bdf272a6034aa0 pkg:maven/org.springframework.boot/spring-boot-starter@2.2.11.RELEASE spring-boot-starter-logging-2.2.11.RELEASE.jarFile Path: /home/runner/.m2/repository/org/springframework/boot/spring-boot-starter-logging/2.2.11.RELEASE/spring-boot-starter-logging-2.2.11.RELEASE.jar MD5: 5e5198c56429c6d26ca8cb604925a5dc SHA1: 227e5ee1e3b35865b4075cf7a83f7906b8820560 SHA256: b6350a9a84dac822f180c2e823a42c47a92c143154fb272b64272debb9e1f36e pkg:maven/org.springframework.boot/spring-boot-starter-logging@2.2.11.RELEASE CVE-2023-20873 suppress
In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions, an application that is deployed to Cloud Foundry could be susceptible to a security bypass. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.6+. 2.7.x users should upgrade to 2.7.11+. Users of older, unsupported versions should upgrade to 3.0.6+ or 2.7.11+. NVD-CWE-noinfo
CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2023-20883 suppress
In Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 - 2.6.14, 2.5.0 - 2.5.14 and older unsupported versions, there is potential for a denial-of-service (DoS) attack if Spring MVC is used together with a reverse proxy cache. CWE-400 Uncontrolled Resource Consumption
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
spring-core-5.2.10.RELEASE.jarDescription:
Spring Core License:
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0 File Path: /home/runner/.m2/repository/org/springframework/spring-core/5.2.10.RELEASE/spring-core-5.2.10.RELEASE.jar
MD5: 3d0d5f926f389f804716d8290e353604
SHA1: 29423e9f1d766eb4f4e3516211877f361fe3169f
SHA256: 21b31ee8b896f1f79c92bbe8e2e30a25f7020fd63957416d28b035d524c632dc
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
spring-core-5.2.10.RELEASE.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4
Evidence Type Source Name Value Confidence Vendor file name spring-core High Vendor hint analyzer vendor pivotal software Highest Vendor hint analyzer vendor SpringSource Highest Vendor hint analyzer vendor vmware Highest Vendor jar package name core Highest Vendor jar package name io Highest Vendor jar package name springframework Highest Vendor Manifest automatic-module-name spring.core Medium Vendor pom artifactid spring-core Highest Vendor pom artifactid spring-core Low Vendor pom developer email jhoeller@pivotal.io Low Vendor pom developer id jhoeller Medium Vendor pom developer name Juergen Hoeller Medium Vendor pom groupid org.springframework Highest Vendor pom name Spring Core High Vendor pom organization name Spring IO High Vendor pom organization url https://spring.io/projects/spring-framework Medium Vendor pom url spring-projects/spring-framework Highest Product file name spring-core High Product hint analyzer product springsource_spring_framework Highest Product jar package name core Highest Product jar package name io Highest Product jar package name springframework Highest Product Manifest automatic-module-name spring.core Medium Product Manifest Implementation-Title spring-core High Product pom artifactid spring-core Highest Product pom developer email jhoeller@pivotal.io Low Product pom developer id jhoeller Low Product pom developer name Juergen Hoeller Low Product pom groupid org.springframework Highest Product pom name Spring Core High Product pom organization name Spring IO Low Product pom organization url https://spring.io/projects/spring-framework Low Product pom url spring-projects/spring-framework High Version Manifest Implementation-Version 5.2.10.RELEASE High Version pom version 5.2.10.RELEASE Highest
Related Dependencies spring-aop-5.2.10.RELEASE.jarFile Path: /home/runner/.m2/repository/org/springframework/spring-aop/5.2.10.RELEASE/spring-aop-5.2.10.RELEASE.jar MD5: b7cd197b841e02325420c6fd7c69cafe SHA1: b875a6bce7b6b0040816f1fb945f5fd9557e1205 SHA256: 7f89b3b47f686162a0948cba75a7862c4ffe713c76d09e29d470365f5fffdf54 pkg:maven/org.springframework/spring-aop@5.2.10.RELEASE spring-beans-5.2.10.RELEASE.jarFile Path: /home/runner/.m2/repository/org/springframework/spring-beans/5.2.10.RELEASE/spring-beans-5.2.10.RELEASE.jar MD5: 231f3af76e892a88bdbc5dafb69f58ad SHA1: 88d4eb1380940163b7cbfe1f991158f4a4cd7058 SHA256: f26ed1a9b3de49467948a9b5ca4e7a973a064bc27430fd1b419f075683cc08be pkg:maven/org.springframework/spring-beans@5.2.10.RELEASE spring-context-5.2.10.RELEASE.jarFile Path: /home/runner/.m2/repository/org/springframework/spring-context/5.2.10.RELEASE/spring-context-5.2.10.RELEASE.jar MD5: 2d65d5180c20371f8b7039a668a6e693 SHA1: e43d1bb3b7387eebba96c00a63da8116f76e9426 SHA256: 00530d9627afb91647532df088cd90f00889a96172991316cc7593741d41202d pkg:maven/org.springframework/spring-context@5.2.10.RELEASE spring-jcl-5.2.10.RELEASE.jarFile Path: /home/runner/.m2/repository/org/springframework/spring-jcl/5.2.10.RELEASE/spring-jcl-5.2.10.RELEASE.jar MD5: 5d06c0fe1f8cbf19ac5f566811100bf7 SHA1: 1cd2f1347ce808fe3564b7600e5f89ae2f42024e SHA256: 148c22989b3f0a131b11065f044c4066bb92c898822f84b5cce1a24c8d2061ca pkg:maven/org.springframework/spring-jcl@5.2.10.RELEASE CVE-2022-22965 suppress
CISA Known Exploited Vulnerability: Product: VMware Spring Framework Name: Spring Framework JDK 9+ Remote Code Execution Vulnerability Date Added: 2022-04-04 Description: Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. Required Action: Apply updates per vendor instructions. Due Date: 2022-04-25 Notes: https://nvd.nist.gov/vuln/detail/CVE-2022-22965
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it. CWE-94 Improper Control of Generation of Code ('Code Injection')
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2021-22118 suppress
In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data. CWE-269 Improper Privilege Management, CWE-668 Exposure of Resource to Wrong Sphere
CVSSv2:
Base Score: MEDIUM (4.6) Vector: /AV:L/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:1.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2022-22950 suppress
n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition. CWE-770 Allocation of Resources Without Limits or Throttling
CVSSv2:
Base Score: MEDIUM (4.0) Vector: /AV:N/AC:L/Au:S/C:N/I:N/A:P CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2022-22971 suppress
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user. CWE-770 Allocation of Resources Without Limits or Throttling
CVSSv2:
Base Score: MEDIUM (4.0) Vector: /AV:N/AC:L/Au:S/C:N/I:N/A:P CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2023-20861 suppress
In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition. NVD-CWE-noinfo
CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2023-20863 suppress
In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition. CWE-400 Uncontrolled Resource Consumption, CWE-917 Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2022-22968 suppress
In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path. CWE-178 Improper Handling of Case Sensitivity
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2022-22970 suppress
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object. CWE-770 Allocation of Resources Without Limits or Throttling
CVSSv2:
Base Score: LOW (3.5) Vector: /AV:N/AC:M/Au:S/C:N/I:N/A:P CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:1.6/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2021-22060 suppress
In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more places of the Spring Framework codebase. NVD-CWE-noinfo
CVSSv2:
Base Score: MEDIUM (4.0) Vector: /AV:N/AC:L/Au:S/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2021-22096 suppress
In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. CWE-117 Improper Output Neutralization for Logs, NVD-CWE-Other
CVSSv2:
Base Score: MEDIUM (4.0) Vector: /AV:N/AC:L/Au:S/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
spring-expression-5.2.10.RELEASE.jarDescription:
Spring Expression Language (SpEL) License:
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0 File Path: /home/runner/.m2/repository/org/springframework/spring-expression/5.2.10.RELEASE/spring-expression-5.2.10.RELEASE.jar
MD5: b85609fa2ea8076be74131fb7eef33a7
SHA1: 4a863c13e8b263a1f867258b43443df7480702d1
SHA256: c0554d1f7ebfce287b0cd9e28b9698ada2fc89fdfe1a39957081c02b40f439f9
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
spring-expression-5.2.10.RELEASE.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4
Evidence Type Source Name Value Confidence Vendor file name spring-expression High Vendor hint analyzer vendor pivotal software Highest Vendor hint analyzer vendor SpringSource Highest Vendor hint analyzer vendor vmware Highest Vendor jar package name expression Highest Vendor jar package name spel Highest Vendor jar package name springframework Highest Vendor Manifest automatic-module-name spring.expression Medium Vendor pom artifactid spring-expression Highest Vendor pom artifactid spring-expression Low Vendor pom developer email jhoeller@pivotal.io Low Vendor pom developer id jhoeller Medium Vendor pom developer name Juergen Hoeller Medium Vendor pom groupid org.springframework Highest Vendor pom name Spring Expression Language (SpEL) High Vendor pom organization name Spring IO High Vendor pom organization url https://spring.io/projects/spring-framework Medium Vendor pom url spring-projects/spring-framework Highest Product file name spring-expression High Product hint analyzer product springsource_spring_framework Highest Product jar package name expression Highest Product jar package name spel Highest Product jar package name springframework Highest Product Manifest automatic-module-name spring.expression Medium Product Manifest Implementation-Title spring-expression High Product pom artifactid spring-expression Highest Product pom developer email jhoeller@pivotal.io Low Product pom developer id jhoeller Low Product pom developer name Juergen Hoeller Low Product pom groupid org.springframework Highest Product pom name Spring Expression Language (SpEL) High Product pom organization name Spring IO Low Product pom organization url https://spring.io/projects/spring-framework Low Product pom url spring-projects/spring-framework High Version Manifest Implementation-Version 5.2.10.RELEASE High Version pom version 5.2.10.RELEASE Highest
CVE-2022-22965 suppress
CISA Known Exploited Vulnerability: Product: VMware Spring Framework Name: Spring Framework JDK 9+ Remote Code Execution Vulnerability Date Added: 2022-04-04 Description: Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. Required Action: Apply updates per vendor instructions. Due Date: 2022-04-25 Notes: https://nvd.nist.gov/vuln/detail/CVE-2022-22965
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it. CWE-94 Improper Control of Generation of Code ('Code Injection')
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2021-22118 suppress
In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data. CWE-269 Improper Privilege Management, CWE-668 Exposure of Resource to Wrong Sphere
CVSSv2:
Base Score: MEDIUM (4.6) Vector: /AV:L/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:1.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2022-22950 suppress
n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition. CWE-770 Allocation of Resources Without Limits or Throttling
CVSSv2:
Base Score: MEDIUM (4.0) Vector: /AV:N/AC:L/Au:S/C:N/I:N/A:P CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2022-22971 suppress
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user. CWE-770 Allocation of Resources Without Limits or Throttling
CVSSv2:
Base Score: MEDIUM (4.0) Vector: /AV:N/AC:L/Au:S/C:N/I:N/A:P CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2023-20861 suppress
In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition. NVD-CWE-noinfo
CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2023-20863 suppress
In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition. CWE-400 Uncontrolled Resource Consumption, CWE-917 Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2024-38808 (OSSINDEX) suppress
In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language (SpEL) expression that may cause a denial of service (DoS) condition.
Specifically, an application is vulnerable when the following is true:
* The application evaluates user-supplied SpEL expressions.
Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2024-38808 for details CWE-770 Allocation of Resources Without Limits or Throttling
CVSSv2:
Base Score: MEDIUM (5.300000190734863) Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.springframework:spring-expression:5.2.10.RELEASE:*:*:*:*:*:*:* CVE-2022-22968 suppress
In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path. CWE-178 Improper Handling of Case Sensitivity
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2022-22970 suppress
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object. CWE-770 Allocation of Resources Without Limits or Throttling
CVSSv2:
Base Score: LOW (3.5) Vector: /AV:N/AC:M/Au:S/C:N/I:N/A:P CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:1.6/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2021-22060 suppress
In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more places of the Spring Framework codebase. NVD-CWE-noinfo
CVSSv2:
Base Score: MEDIUM (4.0) Vector: /AV:N/AC:L/Au:S/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2021-22096 suppress
In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. CWE-117 Improper Output Neutralization for Logs, NVD-CWE-Other
CVSSv2:
Base Score: MEDIUM (4.0) Vector: /AV:N/AC:L/Au:S/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
velocity-engine-core-2.4.jarDescription:
Apache Velocity is a general purpose template engine. License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/apache/velocity/velocity-engine-core/2.4/velocity-engine-core-2.4.jar
MD5: 8dc3c7a26823ee88253f7aa9250c094e
SHA1: 55dfc20bbc4968cf70c5ae5165b5b0324e0067d9
SHA256: 1bf78c2ade46f209bf93ebe72ed2af5b989ca7a1de0a015fc1b92a62f56b6549
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
velocity-engine-core-2.4.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven.reporting/maven-reporting-impl@4.0.0
Evidence Type Source Name Value Confidence Vendor file name velocity-engine-core High Vendor jar package name apache Highest Vendor jar package name velocity Highest Vendor Manifest build-jdk-spec 11 Low Vendor Manifest bundle-docurl https://www.apache.org/ Low Vendor Manifest bundle-symbolicname org.apache.velocity.engine-core Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid velocity-engine-core Highest Vendor pom artifactid velocity-engine-core Low Vendor pom groupid org.apache.velocity Highest Vendor pom name Apache Velocity - Engine High Vendor pom parent-artifactid velocity-engine-parent Low Product file name velocity-engine-core High Product jar package name apache Highest Product jar package name template Highest Product jar package name velocity Highest Product Manifest build-jdk-spec 11 Low Product Manifest bundle-docurl https://www.apache.org/ Low Product Manifest Bundle-Name Apache Velocity - Engine Medium Product Manifest bundle-symbolicname org.apache.velocity.engine-core Medium Product Manifest Implementation-Title Apache Velocity - Engine High Product Manifest specification-title Apache Velocity - Engine Medium Product pom artifactid velocity-engine-core Highest Product pom groupid org.apache.velocity Highest Product pom name Apache Velocity - Engine High Product pom parent-artifactid velocity-engine-parent Medium Version file version 2.4 High Version Manifest Implementation-Version 2.4 High Version pom version 2.4 Highest
velocity-tools-generic-3.1.jarDescription:
Generic tools that can be used in any context. File Path: /home/runner/.m2/repository/org/apache/velocity/tools/velocity-tools-generic/3.1/velocity-tools-generic-3.1.jarMD5: 76f13879ead8693fd4d5751a8a236089SHA1: 07aaa49086a64cd9dab967a8437cc03abbfad655SHA256: 8258cfdcaa16127f35ffe610a3fa4f76b7ebe51b88922c73c4ee39ce8f378ce5Referenced In Project/Scope: SchemaSpy Maven Plugin:compilevelocity-tools-generic-3.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.maven.reporting/maven-reporting-impl@4.0.0
Evidence Type Source Name Value Confidence Vendor file name velocity-tools-generic High Vendor jar package name apache Highest Vendor jar package name generic Highest Vendor jar package name tools Highest Vendor jar package name velocity Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid velocity-tools-generic Highest Vendor pom artifactid velocity-tools-generic Low Vendor pom groupid org.apache.velocity.tools Highest Vendor pom name Apache Velocity Tools - Generic tools High Vendor pom parent-artifactid velocity-tools-parent Low Product file name velocity-tools-generic High Product jar package name apache Highest Product jar package name generic Highest Product jar package name tools Highest Product jar package name velocity Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest Implementation-Title Apache Velocity Tools - Generic tools High Product Manifest specification-title Apache Velocity Tools - Generic tools Medium Product pom artifactid velocity-tools-generic Highest Product pom groupid org.apache.velocity.tools Highest Product pom name Apache Velocity Tools - Generic tools High Product pom parent-artifactid velocity-tools-parent Medium Version file version 3.1 High Version Manifest Implementation-Version 3.1 High Version pom version 3.1 Highest
xalan-2.7.2.jarDescription:
Xalan-Java is an XSLT processor for transforming XML documents into HTML,
text, or other XML document types. It implements XSL Transformations (XSLT)
Version 1.0 and XML Path Language (XPath) Version 1.0 and can be used from
the command line, in an applet or a servlet, or as a module in other program.
File Path: /home/runner/.m2/repository/xalan/xalan/2.7.2/xalan-2.7.2.jarMD5: 6aa6607802502c8016b676f25f8e4873SHA1: d55d3f02a56ec4c25695fe67e1334ff8c2ecea23SHA256: a44bd80e82cb0f4cfac0dac8575746223802514e3cec9dc75235bc0de646af14Referenced In Project/Scope: SchemaSpy Maven Plugin:compilexalan-2.7.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4
Evidence Type Source Name Value Confidence Vendor file name xalan High Vendor jar package name and Highest Vendor jar package name apache Highest Vendor jar package name processor Highest Vendor jar package name version Highest Vendor jar package name xalan Highest Vendor jar package name xml Highest Vendor jar package name xpath Highest Vendor jar package name xslt Highest Vendor manifest: java_cup/runtime/ Implementation-Vendor Princeton University Medium Vendor manifest: org/apache/bcel/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: org/apache/regexp/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: org/apache/xalan/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: org/apache/xalan/xsltc/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: org/apache/xml/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: org/apache/xpath/ Implementation-Vendor Apache Software Foundation Medium Vendor pom artifactid xalan Highest Vendor pom artifactid xalan Low Vendor pom groupid xalan Highest Vendor pom name Xalan Java High Vendor pom parent-artifactid apache Low Vendor pom parent-groupid org.apache Medium Vendor pom url http://xml.apache.org/xalan-j/ Highest Product file name xalan High Product jar package name and Highest Product jar package name apache Highest Product jar package name bcel Highest Product jar package name code Highest Product jar package name expression Highest Product jar package name processor Highest Product jar package name regexp Highest Product jar package name runtime Highest Product jar package name version Highest Product jar package name xalan Highest Product jar package name xml Highest Product jar package name xpath Highest Product jar package name xslt Highest Product jar package name xsltc Highest Product manifest: java_cup/runtime/ Implementation-Title runtime Medium Product manifest: java_cup/runtime/ Specification-Title Runtime component of JCup Medium Product manifest: org/apache/bcel/ Implementation-Title org.apache.bcel Medium Product manifest: org/apache/bcel/ Specification-Title Byte Code Engineering Library Medium Product manifest: org/apache/regexp/ Implementation-Title org.apache.regexp Medium Product manifest: org/apache/regexp/ Specification-Title Java Regular Expression package Medium Product manifest: org/apache/xalan/ Implementation-Title org.apache.xalan Medium Product manifest: org/apache/xalan/ Specification-Title Java API for XML Processing Medium Product manifest: org/apache/xalan/xsltc/ Implementation-Title org.apache.xalan.xsltc Medium Product manifest: org/apache/xalan/xsltc/ Specification-Title Java API for XML Processing Medium Product manifest: org/apache/xml/ Implementation-Title org.apache.xml Medium Product manifest: org/apache/xpath/ Implementation-Title org.apache.xpath Medium Product pom artifactid xalan Highest Product pom groupid xalan Highest Product pom name Xalan Java High Product pom parent-artifactid apache Medium Product pom parent-groupid org.apache Medium Product pom url http://xml.apache.org/xalan-j/ Medium Version file version 2.7.2 High Version manifest: java_cup/runtime/ Implementation-Version 2.7.2 Medium Version manifest: org/apache/bcel/ Implementation-Version 2.7.2 Medium Version manifest: org/apache/regexp/ Implementation-Version 2.7.2 Medium Version manifest: org/apache/xalan/ Implementation-Version 2.7.2 Medium Version manifest: org/apache/xalan/xsltc/ Implementation-Version 2.7.2 Medium Version manifest: org/apache/xml/ Implementation-Version 2.7.2 Medium Version manifest: org/apache/xpath/ Implementation-Version 2.7.2 Medium Version pom parent-version 2.7.2 Low Version pom version 2.7.2 Highest
CVE-2022-34169 suppress
The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan. CWE-681 Incorrect Conversion between Numeric Types
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:3.9/RC:R/MAV:A References:
OSSINDEX - [CVE-2022-34169] CWE-681: Incorrect Conversion between Numeric Types OSSIndex - http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-34169 OSSIndex - https://blog.noah.360.net/xalan-j-integer-truncation-reproduce-cve-2022-34169/ OSSIndex - https://bugzilla.redhat.com/show_bug.cgi?id=2108554 OSSIndex - https://github.com/advisories/GHSA-9339-86wc-4qgf security@apache.org - ISSUE_TRACKING,MAILING_LIST,VENDOR_ADVISORY security@apache.org - ISSUE_TRACKING,MAILING_LIST,VENDOR_ADVISORY security@apache.org - MAILING_LIST,PATCH,THIRD_PARTY_ADVISORY security@apache.org - MAILING_LIST,PATCH,THIRD_PARTY_ADVISORY security@apache.org - MAILING_LIST,THIRD_PARTY_ADVISORY security@apache.org - MAILING_LIST,THIRD_PARTY_ADVISORY security@apache.org - MAILING_LIST,THIRD_PARTY_ADVISORY security@apache.org - MAILING_LIST,THIRD_PARTY_ADVISORY security@apache.org - MAILING_LIST,THIRD_PARTY_ADVISORY security@apache.org - MAILING_LIST,THIRD_PARTY_ADVISORY security@apache.org - PATCH,THIRD_PARTY_ADVISORY security@apache.org - THIRD_PARTY_ADVISORY security@apache.org - THIRD_PARTY_ADVISORY security@apache.org - THIRD_PARTY_ADVISORY security@apache.org - THIRD_PARTY_ADVISORY security@apache.org - THIRD_PARTY_ADVISORY,VDB_ENTRY Vulnerable Software & Versions: (show all )
xml-apis-1.3.04.jarDescription:
xml-commons provides an Apache-hosted set of DOM, SAX, and
JAXP interfaces for use in other xml-based projects. Our hope is that we
can standardize on both a common version and packaging scheme for these
critical XML standards interfaces to make the lives of both our developers
and users easier. The External Components portion of xml-commons contains
interfaces that are defined by external standards organizations. For DOM,
that's the W3C; for SAX it's David Megginson and sax.sourceforge.net; for
JAXP it's Sun. File Path: /home/runner/.m2/repository/xml-apis/xml-apis/1.3.04/xml-apis-1.3.04.jarMD5: 9ae9c29e4497fc35a3eade1e6dd0bbebSHA1: 90b215f48fe42776c8c7f6e3509ec54e84fd65efSHA256: d404aa881eb9c5f7a4fb546e84ea11506cd417a72b5972e88eff17f43f9f8a64Referenced In Project/Scope: SchemaSpy Maven Plugin:compilexml-apis-1.3.04.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4
Evidence Type Source Name Value Confidence Vendor file name xml-apis High Vendor jar package name apache Highest Vendor jar package name dom Highest Vendor jar package name sax Highest Vendor jar package name version Highest Vendor jar package name w3c Highest Vendor jar package name xml Highest Vendor manifest: javax/xml/datatype/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: javax/xml/parsers/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: javax/xml/transform/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: javax/xml/validation/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: javax/xml/xpath/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: org/apache/xmlcommons/Version Implementation-Vendor Apache Software Foundation Medium Vendor manifest: org/w3c/dom/ Implementation-Vendor World Wide Web Consortium Medium Vendor manifest: org/w3c/dom/ls/ Implementation-Vendor World Wide Web Consortium Medium Vendor manifest: org/xml/sax/ Implementation-Vendor David Megginson Medium Vendor pom artifactid xml-apis Highest Vendor pom artifactid xml-apis Low Vendor pom groupid xml-apis Highest Vendor pom name XML Commons External Components XML APIs High Vendor pom parent-artifactid apache Low Vendor pom parent-groupid org.apache Medium Vendor pom url http://xml.apache.org/commons/components/external/ Highest Product file name xml-apis High Product jar package name apache Highest Product jar package name datatype Highest Product jar package name document Highest Product jar package name dom Highest Product jar package name javax Highest Product jar package name ls Highest Product jar package name parsers Highest Product jar package name sax Highest Product jar package name transform Highest Product jar package name validation Highest Product jar package name version Highest Product jar package name w3c Highest Product jar package name xml Highest Product jar package name xmlcommons Highest Product jar package name xpath Highest Product manifest: javax/xml/datatype/ Implementation-Title javax.xml.datatype Medium Product manifest: javax/xml/datatype/ Specification-Title JSR 206 Java API for XML Processing 1.3 Medium Product manifest: javax/xml/parsers/ Implementation-Title javax.xml.parsers Medium Product manifest: javax/xml/parsers/ Specification-Title JSR 206, Java API for XML Processing 1.3 Medium Product manifest: javax/xml/transform/ Implementation-Title javax.xml.transform Medium Product manifest: javax/xml/transform/ Specification-Title JSR 206 Java API for XML Processing 1.3 Medium Product manifest: javax/xml/validation/ Implementation-Title javax.xml.validation Medium Product manifest: javax/xml/validation/ Specification-Title JSR 206 Java API for XML Processing 1.3 Medium Product manifest: javax/xml/xpath/ Implementation-Title javax.xml.xpath Medium Product manifest: javax/xml/xpath/ Specification-Title JSR 206 Java API for XML Processing 1.3 Medium Product manifest: org/apache/xmlcommons/Version Implementation-Title org.apache.xmlcommons.Version Medium Product manifest: org/w3c/dom/ Implementation-Title org.w3c.dom Medium Product manifest: org/w3c/dom/ Specification-Title Document Object Model (DOM) Level 3 Core Medium Product manifest: org/w3c/dom/ls/ Implementation-Title org.w3c.dom.ls Medium Product manifest: org/w3c/dom/ls/ Specification-Title Document Object Model (DOM) Level 3 Load and Save Medium Product manifest: org/xml/sax/ Implementation-Title org.xml.sax Medium Product manifest: org/xml/sax/ Specification-Title Simple API for XML Medium Product pom artifactid xml-apis Highest Product pom groupid xml-apis Highest Product pom name XML Commons External Components XML APIs High Product pom parent-artifactid apache Medium Product pom parent-groupid org.apache Medium Product pom url http://xml.apache.org/commons/components/external/ Medium Version file version 1.3.04 High Version manifest: javax/xml/datatype/ Implementation-Version 1.3.04 Medium Version manifest: javax/xml/parsers/ Implementation-Version 1.3.04 Medium Version manifest: javax/xml/transform/ Implementation-Version 1.3.04 Medium Version manifest: javax/xml/validation/ Implementation-Version 1.3.04 Medium Version manifest: javax/xml/xpath/ Implementation-Version 1.3.04 Medium Version manifest: org/apache/xmlcommons/Version Implementation-Version 1.3.04 Medium Version pom parent-version 1.3.04 Low Version pom version 1.3.04 Highest