Press CTR-C to copy XML [help]


Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

How to read the report | Suppressing false positives | Getting Help: github issues

 Sponsor

Project: SchemaSpy Maven Plugin

nl.geodienstencentrum.maven:schemaspy-maven-plugin:5.4.0-SNAPSHOT

Scan Information (show all):

Summary

Display: Showing Vulnerable Dependencies (click to show all)

DependencyVulnerability IDsPackageHighest SeverityCVE CountConfidenceEvidence Count
aopalliance-1.0.jarpkg:maven/aopalliance/aopalliance@1.0 020
asciidoctorj-2.5.10.jarcpe:2.3:a:asciidoctor:asciidoctor:2.5.10:*:*:*:*:*:*:*
cpe:2.3:a:jruby:jruby:2.5.10:*:*:*:*:*:*:*		pkg:maven/org.asciidoctor/asciidoctorj@2.5.10 0Highest50
asciidoctorj-2.5.10.jar: concurrent_ruby.jar 07
asciidoctorj-2.5.10.jar: jruby_cache_backend.jar 08
asciidoctorj-api-2.5.10.jarcpe:2.3:a:asciidoctor:asciidoctor:2.5.10:*:*:*:*:*:*:*pkg:maven/org.asciidoctor/asciidoctorj-api@2.5.10 0Highest48
asm-7.3.1.jarpkg:maven/org.ow2.asm/asm@7.3.1 054
asm-analysis-7.3.1.jarpkg:maven/org.ow2.asm/asm-analysis@7.3.1 060
asm-commons-7.3.1.jarpkg:maven/org.ow2.asm/asm-commons@7.3.1 058
asm-tree-7.3.1.jarpkg:maven/org.ow2.asm/asm-tree@7.3.1 058
asm-util-7.3.1.jarpkg:maven/org.ow2.asm/asm-util@7.3.1 058
autolink-0.6.0.jarpkg:maven/org.nibor.autolink/autolink@0.6.0 024
backport9-1.12.jarpkg:maven/com.headius/backport9@1.12 022
checker-qual-3.48.3.jarpkg:maven/org.checkerframework/checker-qual@3.48.3 044
classworlds-1.1-alpha-2.jarpkg:maven/classworlds/classworlds@1.1-alpha-2 051
commons-beanutils-1.10.1.jarcpe:2.3:a:apache:commons_beanutils:1.10.1:*:*:*:*:*:*:*pkg:maven/commons-beanutils/commons-beanutils@1.10.1 0Highest170
commons-collections-3.2.2.jarcpe:2.3:a:apache:commons_collections:3.2.2:*:*:*:*:*:*:*pkg:maven/commons-collections/commons-collections@3.2.2 0Highest84
commons-digester3-3.2.jarpkg:maven/org.apache.commons/commons-digester3@3.2 0105
commons-lang3-3.17.0.jarpkg:maven/org.apache.commons/commons-lang3@3.17.0 0145
commons-logging-1.3.4.jarpkg:maven/commons-logging/commons-logging@1.3.4 0129
commons-text-1.12.0.jarcpe:2.3:a:apache:commons_text:1.12.0:*:*:*:*:*:*:*pkg:maven/org.apache.commons/commons-text@1.12.0 0Highest73
compiler-0.9.10.jarpkg:maven/com.github.spullara.mustache.java/compiler@0.9.10 027
derby-10.15.2.0.jarcpe:2.3:a:apache:derby:10.15.2.0:*:*:*:*:*:*:*pkg:maven/org.apache.derby/derby@10.15.2.0CRITICAL1Highest28
derbyshared-10.15.2.0.jarcpe:2.3:a:apache:derby:10.15.2.0:*:*:*:*:*:*:*pkg:maven/org.apache.derby/derbyshared@10.15.2.0CRITICAL1Highest27
derbytools-10.15.2.0.jarcpe:2.3:a:apache:derby:10.15.2.0:*:*:*:*:*:*:*pkg:maven/org.apache.derby/derbytools@10.15.2.0CRITICAL1Highest33
dirgra-0.3.jarpkg:maven/org.jruby/dirgra@0.3 024
doxia-core-2.0.0.jarpkg:maven/org.apache.maven.doxia/doxia-core@2.0.0 026
doxia-integration-tools-2.0.0.jarpkg:maven/org.apache.maven.doxia/doxia-integration-tools@2.0.0 028
doxia-module-apt-2.0.0.jarpkg:maven/org.apache.maven.doxia/doxia-module-apt@2.0.0 028
doxia-module-xdoc-2.0.0.jarpkg:maven/org.apache.maven.doxia/doxia-module-xdoc@2.0.0 028
doxia-module-xhtml5-2.0.0.jarpkg:maven/org.apache.maven.doxia/doxia-module-xhtml5@2.0.0 028
doxia-sink-api-2.0.0.jarpkg:maven/org.apache.maven.doxia/doxia-sink-api@2.0.0 028
doxia-site-model-2.0.0.jarpkg:maven/org.apache.maven.doxia/doxia-site-model@2.0.0 028
doxia-site-renderer-2.0.0.jarpkg:maven/org.apache.maven.doxia/doxia-site-renderer@2.0.0 026
doxia-skin-model-2.0.0.jarpkg:maven/org.apache.maven.doxia/doxia-skin-model@2.0.0 026
failureaccess-1.0.2.jarpkg:maven/com.google.guava/failureaccess@1.0.2 032
flexmark-0.34.32.jarpkg:maven/com.vladsch.flexmark/flexmark@0.34.32 022
flexmark-ext-abbreviation-0.34.32.jarpkg:maven/com.vladsch.flexmark/flexmark-ext-abbreviation@0.34.32 027
flexmark-ext-aside-0.34.32.jarpkg:maven/com.vladsch.flexmark/flexmark-ext-aside@0.34.32 027
flexmark-ext-autolink-0.34.32.jarpkg:maven/com.vladsch.flexmark/flexmark-ext-autolink@0.34.32 027
flexmark-ext-definition-0.34.32.jarpkg:maven/com.vladsch.flexmark/flexmark-ext-definition@0.34.32 027
flexmark-ext-emoji-0.34.32.jarpkg:maven/com.vladsch.flexmark/flexmark-ext-emoji@0.34.32 027
flexmark-ext-escaped-character-0.34.32.jarpkg:maven/com.vladsch.flexmark/flexmark-ext-escaped-character@0.34.32 027
flexmark-ext-footnotes-0.34.32.jarpkg:maven/com.vladsch.flexmark/flexmark-ext-footnotes@0.34.32 027
flexmark-ext-gfm-strikethrough-0.34.32.jarpkg:maven/com.vladsch.flexmark/flexmark-ext-gfm-strikethrough@0.34.32 027
flexmark-ext-gfm-tasklist-0.34.32.jarpkg:maven/com.vladsch.flexmark/flexmark-ext-gfm-tasklist@0.34.32 027
flexmark-ext-ins-0.34.32.jarpkg:maven/com.vladsch.flexmark/flexmark-ext-ins@0.34.32 027
flexmark-ext-jekyll-front-matter-0.34.32.jarpkg:maven/com.vladsch.flexmark/flexmark-ext-jekyll-front-matter@0.34.32 027
flexmark-ext-superscript-0.34.32.jarpkg:maven/com.vladsch.flexmark/flexmark-ext-superscript@0.34.32 025
flexmark-ext-tables-0.34.32.jarpkg:maven/com.vladsch.flexmark/flexmark-ext-tables@0.34.32 027
flexmark-ext-toc-0.34.32.jarpkg:maven/com.vladsch.flexmark/flexmark-ext-toc@0.34.32 027
flexmark-ext-typographic-0.34.32.jarpkg:maven/com.vladsch.flexmark/flexmark-ext-typographic@0.34.32 027
flexmark-ext-wikilink-0.34.32.jarcpe:2.3:a:links:links:0.34.32:*:*:*:*:*:*:*pkg:maven/com.vladsch.flexmark/flexmark-ext-wikilink@0.34.32 0Low27
flexmark-ext-yaml-front-matter-0.34.32.jarpkg:maven/com.vladsch.flexmark/flexmark-ext-yaml-front-matter@0.34.32 027
flexmark-formatter-0.34.32.jarpkg:maven/com.vladsch.flexmark/flexmark-formatter@0.34.32 025
flexmark-jira-converter-0.34.32.jarpkg:maven/com.vladsch.flexmark/flexmark-jira-converter@0.34.32 027
flexmark-profile-pegdown-0.34.32.jarpkg:maven/com.vladsch.flexmark/flexmark-profile-pegdown@0.34.32 025
flexmark-util-0.34.32.jarpkg:maven/com.vladsch.flexmark/flexmark-util@0.34.32 024
guava-33.2.1-jre.jarcpe:2.3:a:google:guava:33.2.1:*:*:*:*:*:*:*pkg:maven/com.google.guava/guava@33.2.1-jre 0Highest27
guice-5.1.0.jarpkg:maven/com.google.inject/guice@5.1.0 034
hamcrest-core-1.3.jarpkg:maven/org.hamcrest/hamcrest-core@1.3 024
hsqldb-2.7.4.jarcpe:2.3:a:hsqldb:hypersql_database:2.7.4:*:*:*:*:*:*:*pkg:maven/org.hsqldb/hsqldb@2.7.4 0Low45
invokebinder-1.12.jarpkg:maven/com.headius/invokebinder@1.12 028
jansi-2.4.0.jarpkg:maven/org.fusesource.jansi/jansi@2.4.0 048
jansi-2.4.0.jar: jansi.dll 02
jansi-2.4.0.jar: jansi.dll 02
javax.inject-1.jarpkg:maven/javax.inject/javax.inject@1 020
jcl-over-slf4j-2.0.7.jarpkg:maven/org.slf4j/jcl-over-slf4j@2.0.7 029
jcodings-1.0.58.jarpkg:maven/org.jruby.jcodings/jcodings@1.0.58 030
jcommander-1.69.jarpkg:maven/com.beust/jcommander@1.69 024
jffi-1.3.10-native.jarpkg:maven/com.github.jnr/jffi@1.3.10 012
jffi-1.3.10-native.jar: jffi-1.2.dll 04
jffi-1.3.10-native.jar: jffi-1.2.dll 04
jffi-1.3.10.jarpkg:maven/com.github.jnr/jffi@1.3.10 029
jitescript-0.4.1.jarpkg:maven/me.qmx.jitescript/jitescript@0.4.1 030
jnr-a64asm-1.0.0.jarpkg:maven/com.github.jnr/jnr-a64asm@1.0.0 024
jnr-constants-0.10.4.jarpkg:maven/com.github.jnr/jnr-constants@0.10.4 039
jnr-enxio-0.32.14.jarpkg:maven/com.github.jnr/jnr-enxio@0.32.14 031
jnr-ffi-2.2.13.jarpkg:maven/com.github.jnr/jnr-ffi@2.2.13 037
jnr-netdb-1.2.0.jarpkg:maven/com.github.jnr/jnr-netdb@1.2.0 025
jnr-posix-3.1.16.jarpkg:maven/com.github.jnr/jnr-posix@3.1.16 042
jnr-unixsocket-0.38.19.jarpkg:maven/com.github.jnr/jnr-unixsocket@0.38.19 035
jnr-x86asm-1.0.2.jarpkg:maven/com.github.jnr/jnr-x86asm@1.0.2 028
joda-time-2.10.10.jarpkg:maven/joda-time/joda-time@2.10.10 047
joni-2.1.48.jarpkg:maven/org.jruby.joni/joni@2.1.48 020
jruby-9.4.2.0.jarcpe:2.3:a:jruby:jruby:9.4.2.0:*:*:*:*:*:*:*pkg:maven/org.jruby/jruby@9.4.2.0 0Highest15
jruby-stdlib-9.4.2.0.jar: bcpkix-jdk18on-1.71.jar 039
jruby-stdlib-9.4.2.0.jar: bcprov-jdk18on-1.71.jarcpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.71:*:*:*:*:*:*:*
cpe:2.3:a:bouncycastle:bouncy_castle_crypto_package:1.71:*:*:*:*:*:*:*
cpe:2.3:a:bouncycastle:bouncy_castle_for_java:1.71:*:*:*:*:*:*:*
cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle:1.71:*:*:*:*:*:*:*
cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.71:*:*:*:*:*:*:*
cpe:2.3:a:bouncycastle:the_bouncy_castle_crypto_package_for_java:1.71:*:*:*:*:*:*:*		MEDIUM1Highest41
jruby-stdlib-9.4.2.0.jar: bctls-jdk18on-1.71.jar 043
jruby-stdlib-9.4.2.0.jar: bcutil-jdk18on-1.71.jar 039
jruby-stdlib-9.4.2.0.jar: cparse-jruby.jar 05
jruby-stdlib-9.4.2.0.jar: darkfish.js 00
jruby-stdlib-9.4.2.0.jar: digest.jar 07
jruby-stdlib-9.4.2.0.jar: escape.jar 08
jruby-stdlib-9.4.2.0.jar: generator.jar 05
jruby-stdlib-9.4.2.0.jar: jline-2.14.6.jarcpe:2.3:a:jline:jline:2.14.6:*:*:*:*:*:*:*pkg:maven/jline/jline@2.14.6 0Highest34
jruby-stdlib-9.4.2.0.jar: jline-2.14.6.jar: jansi.dll 02
jruby-stdlib-9.4.2.0.jar: jline-2.14.6.jar: jansi.dll 02
jruby-stdlib-9.4.2.0.jar: jopenssl.jar (shaded: rubygems:jruby-openssl:0.14.0)pkg:maven/rubygems/jruby-openssl@0.14.0 017
jruby-stdlib-9.4.2.0.jar: jopenssl.jar 07
jruby-stdlib-9.4.2.0.jar: jruby.dll 02
jruby-stdlib-9.4.2.0.jar: jruby.exe 02
jruby-stdlib-9.4.2.0.jar: jrubyw.exe 02
jruby-stdlib-9.4.2.0.jar: navigation.js 00
jruby-stdlib-9.4.2.0.jar: parser.jar 05
jruby-stdlib-9.4.2.0.jar: psych.jar 07
jruby-stdlib-9.4.2.0.jar: readline.jar (shaded: rubygems:jruby-readline:1.3.7)pkg:maven/rubygems/jruby-readline@1.3.7 013
jruby-stdlib-9.4.2.0.jar: readline.jar 07
jruby-stdlib-9.4.2.0.jar: search.js 00
jruby-stdlib-9.4.2.0.jar: searcher.js 00
jruby-stdlib-9.4.2.0.jar: snakeyaml-engine-2.6.jarcpe:2.3:a:snakeyaml_project:snakeyaml:2.6:*:*:*:*:*:*:*pkg:maven/org.snakeyaml/snakeyaml-engine@2.6 0Highest41
jruby-stdlib-9.4.2.0.jar: stringio.jar 07
jruby-stdlib-9.4.2.0.jar: strscan.jar 07
jruby-stdlib-9.4.2.0.jar: wait.jar 08
json-20231013.jarcpe:2.3:a:json-java_project:json-java:20231013:*:*:*:*:*:*:*pkg:maven/org.json/json@20231013 0Highest32
json-simple-3.0.2.jarpkg:maven/com.github.cliftonlabs/json-simple@3.0.2 033
jul-to-slf4j-2.0.7.jarpkg:maven/org.slf4j/jul-to-slf4j@2.0.7 035
jzlib-1.1.3.jarcpe:2.3:a:jcraft:jzlib:1.1.3:*:*:*:*:*:*:*pkg:maven/com.jcraft/jzlib@1.1.3 0Highest34
log4j-over-slf4j-2.0.7.jarpkg:maven/org.slf4j/log4j-over-slf4j@2.0.7 031
logback-classic-1.4.12.jarcpe:2.3:a:qos:logback:1.4.12:*:*:*:*:*:*:*pkg:maven/ch.qos.logback/logback-classic@1.4.12 0Highest38
logback-core-1.4.12.jarcpe:2.3:a:qos:logback:1.4.12:*:*:*:*:*:*:*pkg:maven/ch.qos.logback/logback-core@1.4.12HIGH3Highest36
maven-archiver-3.6.2.jarpkg:maven/org.apache.maven/maven-archiver@3.6.2 029
maven-artifact-3.9.9.jarpkg:maven/org.apache.maven/maven-artifact@3.9.9 026
maven-builder-support-3.9.9.jarpkg:maven/org.apache.maven/maven-builder-support@3.9.9 024
maven-core-3.9.9.jarcpe:2.3:a:apache:maven:3.9.9:*:*:*:*:*:*:*pkg:maven/org.apache.maven/maven-core@3.9.9 0Highest24
maven-model-3.9.9.jarpkg:maven/org.apache.maven/maven-model@3.9.9 026
maven-model-builder-3.9.9.jarpkg:maven/org.apache.maven/maven-model-builder@3.9.9 032
maven-plugin-annotations-3.15.1.jarpkg:maven/org.apache.maven.plugin-tools/maven-plugin-annotations@3.15.1 026
maven-plugin-api-3.9.9.jarpkg:maven/org.apache.maven/maven-plugin-api@3.9.9 026
maven-reporting-api-4.0.0.jarpkg:maven/org.apache.maven.reporting/maven-reporting-api@4.0.0 029
maven-reporting-impl-4.0.0.jarpkg:maven/org.apache.maven.reporting/maven-reporting-impl@4.0.0 029
maven-repository-metadata-3.9.9.jarpkg:maven/org.apache.maven/maven-repository-metadata@3.9.9 026
maven-resolver-api-1.9.22.jarpkg:maven/org.apache.maven.resolver/maven-resolver-api@1.9.22 034
maven-resolver-impl-1.9.22.jarpkg:maven/org.apache.maven.resolver/maven-resolver-impl@1.9.22 032
maven-resolver-named-locks-1.9.22.jarpkg:maven/org.apache.maven.resolver/maven-resolver-named-locks@1.9.22 033
maven-resolver-provider-3.9.9.jarpkg:maven/org.apache.maven/maven-resolver-provider@3.9.9 026
maven-resolver-spi-1.9.22.jarpkg:maven/org.apache.maven.resolver/maven-resolver-spi@1.9.22 032
maven-resolver-util-1.9.22.jarpkg:maven/org.apache.maven.resolver/maven-resolver-util@1.9.22 036
maven-settings-3.9.9.jarpkg:maven/org.apache.maven/maven-settings@3.9.9 026
maven-settings-builder-3.9.9.jarpkg:maven/org.apache.maven/maven-settings-builder@3.9.9 026
maven-shared-utils-3.4.2.jarcpe:2.3:a:apache:maven_shared_utils:3.4.2:*:*:*:*:*:*:*
cpe:2.3:a:utils_project:utils:3.4.2:*:*:*:*:*:*:*		pkg:maven/org.apache.maven.shared/maven-shared-utils@3.4.2 0Highest29
mssql-jdbc-12.10.0.jre11.jarcpe:2.3:a:www-sql_project:www-sql:12.10.0.jre11:*:*:*:*:*:*:*pkg:maven/com.microsoft.sqlserver/mssql-jdbc@12.10.0
pkg:maven/com.microsoft.sqlserver/mssql-jdbc@12.10.0.jre11		 0Highest36
mysql-connector-j-9.2.0.jarcpe:2.3:a:oracle:mysql_connector\/j:9.2.0:*:*:*:*:*:*:*pkg:maven/com.mysql/mysql-connector-j@9.2.0 0Highest52
nashorn-core-15.4.jarpkg:maven/org.openjdk.nashorn/nashorn-core@15.4 023
nashorn-core-15.4.jar: base.js 00
nashorn-core-15.4.jar: bootstrap.js 00
nashorn-core-15.4.jar: controls.js 00
nashorn-core-15.4.jar: fxml.js 00
nashorn-core-15.4.jar: graphics.js 00
nashorn-core-15.4.jar: media.js 00
nashorn-core-15.4.jar: mozilla_compat.js 00
nashorn-core-15.4.jar: parser.js 00
nashorn-core-15.4.jar: swing.js 00
nashorn-core-15.4.jar: web.js 00
ojdbc11-23.7.0.25.01.jarcpe:2.3:a:oracle:jdbc:23.7.0.25.01:*:*:*:*:*:*:*pkg:maven/com.oracle.database.jdbc/ojdbc11@23.7.0.25.01 0Highest33
options-1.6.jarpkg:maven/com.headius/options@1.6 026
org.eclipse.sisu.inject-0.9.0.M3.jarpkg:maven/org.eclipse.sisu/org.eclipse.sisu.inject@0.9.0.M3 034
org.eclipse.sisu.plexus-0.9.0.M3.jarpkg:maven/org.eclipse.sisu/org.eclipse.sisu.plexus@0.9.0.M3 029
plexus-archiver-2.2.jarcpe:2.3:a:codehaus-plexus:plexus-archiver:2.2:*:*:*:*:*:*:*pkg:maven/org.codehaus.plexus/plexus-archiver@2.2CRITICAL3Highest25
plexus-cipher-2.0.jarpkg:maven/org.codehaus.plexus/plexus-cipher@2.0 020
plexus-classworlds-2.8.0.jarpkg:maven/org.codehaus.plexus/plexus-classworlds@2.8.0 030
plexus-component-annotations-2.1.0.jarpkg:maven/org.codehaus.plexus/plexus-component-annotations@2.1.0 027
plexus-container-default-1.0-alpha-9-stable-1.jarpkg:maven/org.codehaus.plexus/plexus-container-default@1.0-alpha-9-stable-1 022
plexus-i18n-1.0-beta-10.jarpkg:maven/org.codehaus.plexus/plexus-i18n@1.0-beta-10 024
plexus-interpolation-1.27.jarpkg:maven/org.codehaus.plexus/plexus-interpolation@1.27 027
plexus-io-2.0.4.jarpkg:maven/org.codehaus.plexus/plexus-io@2.0.4 028
plexus-sec-dispatcher-2.0.jarcpe:2.3:a:sec_project:sec:2.0:*:*:*:*:*:*:*pkg:maven/org.codehaus.plexus/plexus-sec-dispatcher@2.0 0Highest20
plexus-utils-3.5.1.jarcpe:2.3:a:codehaus-plexus:plexus-utils:3.5.1:*:*:*:*:*:*:*
cpe:2.3:a:utils_project:utils:3.5.1:*:*:*:*:*:*:*		pkg:maven/org.codehaus.plexus/plexus-utils@3.5.1 0Highest27
plexus-velocity-2.2.0.jarpkg:maven/org.codehaus.plexus/plexus-velocity@2.2.0 027
plexus-xml-3.0.0.jarpkg:maven/org.codehaus.plexus/plexus-xml@3.0.0 024
postgresql-42.7.5.jarcpe:2.3:a:postgresql:postgresql_jdbc_driver:42.7.5:*:*:*:*:*:*:*pkg:maven/org.postgresql/postgresql@42.7.5 0Low68
protobuf-java-4.29.0.jarcpe:2.3:a:google:protobuf-java:4.29.0:*:*:*:*:*:*:*
cpe:2.3:a:protobuf:protobuf:4.29.0:*:*:*:*:*:*:*		pkg:maven/com.google.protobuf/protobuf-java@4.29.0 0Highest25
schemaspy-7.0.2.jarcpe:2.3:a:ada:ada:7.0.2:*:*:*:*:*:*:*pkg:maven/org.schemaspy/schemaspy@7.0.2MEDIUM1Low44
schemaspy-7.0.2.jar: anchor.min.js 00
schemaspy-7.0.2.jar: anomalies.js 00
schemaspy-7.0.2.jar: app.js 00
schemaspy-7.0.2.jar: app.min.js 00
schemaspy-7.0.2.jar: bootstrap.jspkg:javascript/bootstrap@3.3.7MEDIUM93
schemaspy-7.0.2.jar: bootstrap.min.jspkg:javascript/bootstrap@3.3.7MEDIUM93
schemaspy-7.0.2.jar: buttons.bootstrap.js 00
schemaspy-7.0.2.jar: buttons.bootstrap.min.js 00
schemaspy-7.0.2.jar: buttons.colVis.js 00
schemaspy-7.0.2.jar: buttons.colVis.min.js 00
schemaspy-7.0.2.jar: buttons.flash.js 00
schemaspy-7.0.2.jar: buttons.flash.min.js 00
schemaspy-7.0.2.jar: buttons.html5.js 00
schemaspy-7.0.2.jar: buttons.html5.min.js 00
schemaspy-7.0.2.jar: buttons.print.js 00
schemaspy-7.0.2.jar: buttons.print.min.js 00
schemaspy-7.0.2.jar: codemirror.js 00
schemaspy-7.0.2.jar: column.js 00
schemaspy-7.0.2.jar: constraint.js 00
schemaspy-7.0.2.jar: dashboard.js 00
schemaspy-7.0.2.jar: dashboard2.js 00
schemaspy-7.0.2.jar: dataTables.bootstrap.js 00
schemaspy-7.0.2.jar: dataTables.bootstrap.min.js 00
schemaspy-7.0.2.jar: dataTables.buttons.js 00
schemaspy-7.0.2.jar: dataTables.buttons.min.js 00
schemaspy-7.0.2.jar: demo.js 00
schemaspy-7.0.2.jar: fastclick.js 00
schemaspy-7.0.2.jar: fastclick.min.js 00
schemaspy-7.0.2.jar: html5shiv.min.js 00
schemaspy-7.0.2.jar: jquery-2.2.3.min.jspkg:javascript/jquery@2.2.3.minMEDIUM*53
schemaspy-7.0.2.jar: jquery-ui.jspkg:javascript/jquery-ui-dialog@1.11.4
pkg:javascript/jquery-ui@1.11.4		MEDIUM55
schemaspy-7.0.2.jar: jquery-ui.min.jspkg:javascript/jquery-ui-dialog@1.11.4
pkg:javascript/jquery-ui@1.11.4		MEDIUM55
schemaspy-7.0.2.jar: jquery.dataTables.min.jspkg:javascript/jquery.datatables@1.10.15HIGH43
schemaspy-7.0.2.jar: jquery.jspkg:javascript/jquery@3.2.1MEDIUM*33
schemaspy-7.0.2.jar: jquery.slimscroll.js 00
schemaspy-7.0.2.jar: jquery.slimscroll.min.js 00
schemaspy-7.0.2.jar: main.js 00
schemaspy-7.0.2.jar: npm.js 00
schemaspy-7.0.2.jar: pdfmake.min.js 00
schemaspy-7.0.2.jar: relationships.js 00
schemaspy-7.0.2.jar: respond.min.js 00
schemaspy-7.0.2.jar: routine.js 00
schemaspy-7.0.2.jar: routines.js 00
schemaspy-7.0.2.jar: salvattore.min.js 00
schemaspy-7.0.2.jar: schemaSpy.js 00
schemaspy-7.0.2.jar: sql.js 00
schemaspy-7.0.2.jar: table.js 00
schemaspy-7.0.2.jar: vfs_fonts.js 00
schemaspy-7.0.2.jar: viz.js 00
schemaspy-7.0.2.jar: xlsx.full.min.js 00
slf4j-api-1.7.36.jarpkg:maven/org.slf4j/slf4j-api@1.7.36 029
velocity-engine-core-2.4.jarcpe:2.3:a:apache:velocity_engine:2.4:*:*:*:*:*:*:*pkg:maven/org.apache.velocity/velocity-engine-core@2.4 0Highest30
velocity-tools-generic-3.1.jarcpe:2.3:a:apache:velocity_tools:3.1:*:*:*:*:*:*:*pkg:maven/org.apache.velocity.tools/velocity-tools-generic@3.1 0Highest28

* indicates the dependency has a known exploited vulnerability

Dependencies (vulnerable)

aopalliance-1.0.jar

Description:

AOP Alliance

License:

Public Domain
File Path: /home/runner/.m2/repository/aopalliance/aopalliance/1.0/aopalliance-1.0.jar
MD5: 04177054e180d09e3998808efa0401c7
SHA1: 0235ba8b489512805ac13a8f9ea77a1ca5ebe3e8
SHA256:0addec670fedcd3f113c5c8091d783280d23f75e3acb841b61a9cdb079376a08
Referenced In Project/Scope: SchemaSpy Maven Plugin:provided
aopalliance-1.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.9

Identifiers

asciidoctorj-2.5.10.jar

Description:

AsciidoctorJ provides Java bindings for the Asciidoctor RubyGem (asciidoctor) using JRuby.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/asciidoctor/asciidoctorj/2.5.10/asciidoctorj-2.5.10.jar
MD5: c3e92d689545a4acaf3fe55fe72c8435
SHA1: 4498251352f8643be0d226cd6347c3de2df56ed7
SHA256:d975de80afa7b7929d102b7f46b4ec7dad691366c87f83af236cc989078d0583
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
asciidoctorj-2.5.10.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@7.0.2

Identifiers

asciidoctorj-2.5.10.jar: concurrent_ruby.jar

File Path: /home/runner/.m2/repository/org/asciidoctor/asciidoctorj/2.5.10/asciidoctorj-2.5.10.jar/gems/concurrent-ruby-1.1.7/lib/concurrent-ruby/concurrent/concurrent_ruby.jar
MD5: 92015e73fc2e79f2dfc4994e6865d15b
SHA1: f7535d0a5efb585fd5f49c6d18952e191ed6e2c7
SHA256:7c35aee1609b885f760688733eaa5f4d53f2ef68558f7b19edd6a7179b5e381f
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

asciidoctorj-2.5.10.jar: jruby_cache_backend.jar

File Path: /home/runner/.m2/repository/org/asciidoctor/asciidoctorj/2.5.10/asciidoctorj-2.5.10.jar/gems/thread_safe-0.3.6-java/lib/thread_safe/jruby_cache_backend.jar
MD5: 7f40e133c093c0e7baddce14ea90114b
SHA1: 993f3706b397773d989d6a02fa4e91a9ea8b0a24
SHA256:fd26af853ae547cdc0ff51d5875fe8cadc61edd23dc207651012217c4ff4257a
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

asciidoctorj-api-2.5.10.jar

Description:

API for AsciidoctorJ

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/asciidoctor/asciidoctorj-api/2.5.10/asciidoctorj-api-2.5.10.jar
MD5: b92b78c9ee25265a1babb9fb11a59734
SHA1: 9ec17d03c402235f4a280522b4c2f383c55108ab
SHA256:c3093a5bcb613025fe5f1f44c03ee3994a15ed534e23190d6afa6bd526323707
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
asciidoctorj-api-2.5.10.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@7.0.2

Identifiers

asm-7.3.1.jar

Description:

ASM, a very small and fast Java bytecode manipulation framework

License:

BSD-3-Clause: https://asm.ow2.io/license.html
File Path: /home/runner/.m2/repository/org/ow2/asm/asm/7.3.1/asm-7.3.1.jar
MD5: 542c066ed00a4fa9857e9343e2c595b9
SHA1: 7ec32f922315924e82bf58b36ee1b673b2a9b820
SHA256:2f67e11ceec819ebd88ddee5300aba699b1cbab2e20c22e97cf027d3be93959b
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
asm-7.3.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@7.0.2

Identifiers

asm-analysis-7.3.1.jar

Description:

Static code analysis API of ASM, a very small and fast Java bytecode manipulation framework

License:

BSD-3-Clause: https://asm.ow2.io/license.html
File Path: /home/runner/.m2/repository/org/ow2/asm/asm-analysis/7.3.1/asm-analysis-7.3.1.jar
MD5: b5b082ef17f6d6bb3d8ed9c129161bdb
SHA1: 045dfd299ea0c17d534499c4f06417ceccfa2d02
SHA256:46b8a8efd4b94facb5ab4b35afe30ee0546ae7a43d2c64e6def56c2f168fefa5
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
asm-analysis-7.3.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@7.0.2

Identifiers

asm-commons-7.3.1.jar

Description:

Usefull class adapters based on ASM, a very small and fast Java bytecode manipulation framework

License:

BSD-3-Clause: https://asm.ow2.io/license.html
File Path: /home/runner/.m2/repository/org/ow2/asm/asm-commons/7.3.1/asm-commons-7.3.1.jar
MD5: be985ed0af52424f8f5d27ec71c249ab
SHA1: daaa79ef260eb67404b9a52bc319a024c7f49cfe
SHA256:87cd8bb3c6bf6bcbb33fca48060c5065f66ebf6a3d7de9bf18bff51bcf156ebc
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
asm-commons-7.3.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@7.0.2

Identifiers

asm-tree-7.3.1.jar

Description:

Tree API of ASM, a very small and fast Java bytecode manipulation framework

License:

BSD-3-Clause: https://asm.ow2.io/license.html
File Path: /home/runner/.m2/repository/org/ow2/asm/asm-tree/7.3.1/asm-tree-7.3.1.jar
MD5: 3ef0bd9837a905e0b2d443de9199a409
SHA1: 587ce54d243145b2e89598bfcea7823ded73be5d
SHA256:f91a4a8aa868c5c4665bb4fd134019a91f9f8b9216527fba295e3c8b5422b78b
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
asm-tree-7.3.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@7.0.2

Identifiers

asm-util-7.3.1.jar

Description:

Utilities for ASM, a very small and fast Java bytecode manipulation framework

License:

BSD-3-Clause: https://asm.ow2.io/license.html
File Path: /home/runner/.m2/repository/org/ow2/asm/asm-util/7.3.1/asm-util-7.3.1.jar
MD5: 181141e54fdd56474937d7ebfb325ba3
SHA1: cac1bf54c2fb86671c357d281d1060fe5d50a0de
SHA256:182128592742ed4883ac82bf205f137b6bfbe1234c68e6feb13759e75a85b729
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
asm-util-7.3.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@7.0.2

Identifiers

autolink-0.6.0.jar

Description:

        Java library to extract links (URLs, email addresses) from plain text;
        fast, small and smart about recognizing where links end

License:

MIT License: http://www.opensource.org/licenses/mit-license.php
File Path: /home/runner/.m2/repository/org/nibor/autolink/autolink/0.6.0/autolink-0.6.0.jar
MD5: f2633571471a5957ee12e61b184e6219
SHA1: 3986d016a14e8c81afeec752f19af29b20e8367b
SHA256:a80be030f6386f18111cad9161c0b6983157352a1b59a59e6002172f0d321c04
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
autolink-0.6.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@7.0.2

Identifiers

backport9-1.12.jar

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/headius/backport9/1.12/backport9-1.12.jar
MD5: cf013aeba341a294bd27fe8aceeb316a
SHA1: 48995f1910bb87a5b53d8720092879fce54e04b8
SHA256:c3e2e6a5981e7eb832854f6fe4884bf561bdc70b7e9dc98cab61420db2f55235
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
backport9-1.12.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@7.0.2

Identifiers

checker-qual-3.48.3.jar

Description:

checker-qual contains annotations (type qualifiers) that a programmerwrites to specify Java code for type-checking by the Checker Framework.

License:

The MIT License: http://opensource.org/licenses/MIT
File Path: /home/runner/.m2/repository/org/checkerframework/checker-qual/3.48.3/checker-qual-3.48.3.jar
MD5: 9fe3deae54d20bd78960459c952ac7d4
SHA1: c48effe7d78de3cf5e8a98c614281ec6a2466a77
SHA256:443685b1b232803baaf803c15d6f5a425473c6f7b81c5f276dfcf93288e389a5
Referenced In Project/Scope: SchemaSpy Maven Plugin:runtime
checker-qual-3.48.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.postgresql/postgresql@42.7.5

Identifiers

classworlds-1.1-alpha-2.jar

File Path: /home/runner/.m2/repository/classworlds/classworlds/1.1-alpha-2/classworlds-1.1-alpha-2.jar
MD5: 82cacb7d9724c4a4e4d20f004884d4da
SHA1: 05adf2e681c57d7f48038b602f3ca2254ee82d47
SHA256:2bf4e59f3acd106fea6145a9a88fe8956509f8b9c0fdd11eb96fee757269e3f3
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
classworlds-1.1-alpha-2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.plugin-testing/maven-plugin-testing-harness@3.3.0

Identifiers

commons-beanutils-1.10.1.jar

Description:

Apache Commons BeanUtils provides an easy-to-use but flexible wrapper around reflection and introspection.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/commons-beanutils/commons-beanutils/1.10.1/commons-beanutils-1.10.1.jar
MD5: 27ac839d60e2bff6b222827756fde6cb
SHA1: 22c392b43aa32e1364fb39647111edfa91df9070
SHA256:707a09e86ed1cf5516cdabdf1710d8fe201b6e26e7233870dce1d0ccf2a468d1
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
commons-beanutils-1.10.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/nl.geodienstencentrum.maven/schemaspy-maven-plugin@5.4.0-SNAPSHOT

Identifiers

commons-collections-3.2.2.jar

Description:

Types that extend and augment the Java Collections Framework.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/commons-collections/commons-collections/3.2.2/commons-collections-3.2.2.jar
MD5: f54a8510f834a1a57166970bfc982e94
SHA1: 8ad72fe39fa8c91eaaf12aadb21e0c3661fe26d5
SHA256:eeeae917917144a68a741d4c0dff66aa5c5c5fd85593ff217bced3fc8ca783b8
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
commons-collections-3.2.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/commons-beanutils/commons-beanutils@1.10.1

Identifiers

commons-digester3-3.2.jar

Description:

    The Apache Commons Digester package lets you configure an XML to Java
    object mapping module which triggers certain actions called rules whenever
    a particular pattern of nested XML elements is recognized.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/apache/commons/commons-digester3/3.2/commons-digester3-3.2.jar
MD5: 41d2c62c7aedafa7a3627794abc83f71
SHA1: c3f68c5ff25ec5204470fd8fdf4cb8feff5e8a79
SHA256:1c150e3d2df4b4237b47e28fea2079fb0da324578d5cca6a5fed2e37a62082ec
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
commons-digester3-3.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.reporting/maven-reporting-impl@4.0.0

Identifiers

commons-lang3-3.17.0.jar

Description:

  Apache Commons Lang, a package of Java utility classes for the
  classes that are in java.lang's hierarchy, or are considered to be so
  standard as to justify existence in java.lang.

  The code is tested using the latest revision of the JDK for supported
  LTS releases: 8, 11, 17 and 21 currently.
  See https://github.com/apache/commons-lang/blob/master/.github/workflows/maven.yml
  
  Please ensure your build environment is up-to-date and kindly report any build issues.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/apache/commons/commons-lang3/3.17.0/commons-lang3-3.17.0.jar
MD5: 7730df72b7fdff4a3a32d89a314f826a
SHA1: b17d2136f0460dcc0d2016ceefca8723bdf4ee70
SHA256:6ee731df5c8e5a2976a1ca023b6bb320ea8d3539fbe64c8a1d5cb765127c33b4
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
commons-lang3-3.17.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.reporting/maven-reporting-impl@4.0.0

Identifiers

commons-logging-1.3.4.jar

Description:

Apache Commons Logging is a thin adapter allowing configurable bridging to other,
    well-known logging systems.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/commons-logging/commons-logging/1.3.4/commons-logging-1.3.4.jar
MD5: e7a1e7cb6a89241ed9bfec4c25b6c645
SHA1: b9fc14968d63a8b8a8a2c1885fe3e90564239708
SHA256:bc2dfe32f1ef06509e6a065144c1adf7b420eabf11a87f30bd127f8faa332016
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
commons-logging-1.3.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/commons-beanutils/commons-beanutils@1.10.1

Identifiers

commons-text-1.12.0.jar

Description:

Apache Commons Text is a set of utility functions and reusable components for the purpose of processing
    and manipulating text that should be of use in a Java environment.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/apache/commons/commons-text/1.12.0/commons-text-1.12.0.jar
MD5: 544add6fbc8d4b100b07c3692d08099e
SHA1: 66aa90dc099701c4d3b14bd256c328f592ccf0d6
SHA256:de023257ff166044a56bd1aa9124e843cd05dac5806cc705a9311f3556d5a15f
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
commons-text-1.12.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.reporting/maven-reporting-impl@4.0.0

Identifiers

compiler-0.9.10.jar

Description:

Implementation of mustache.js for Java

License:

Apache License 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: /home/runner/.m2/repository/com/github/spullara/mustache/java/compiler/0.9.10/compiler-0.9.10.jar
MD5: 5638fc78a17d5063cc4b0d00f6e87491
SHA1: 6111ae24e3be9ecbd75f5fe908583fc14b4f0174
SHA256:2b5a9217811cb99846a473fa8e0d233eb33629347b7f44941f6c0fbd4cdf1038
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
compiler-0.9.10.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@7.0.2

Identifiers

derby-10.15.2.0.jar

Description:

Contains the core Apache Derby database engine, which also includes the embedded JDBC driver.

File Path: /home/runner/.m2/repository/org/apache/derby/derby/10.15.2.0/derby-10.15.2.0.jar
MD5: abff01351b19bc62a188bac08a8bb58b
SHA1: b64da6681994f33ba5783ffae55cdb44885b9e70
SHA256:3afe424625f4caea05ff2f9022be2d98634be4d69dee3529697dab6d9fe1142f
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
derby-10.15.2.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/nl.geodienstencentrum.maven/schemaspy-maven-plugin@5.4.0-SNAPSHOT

Identifiers

CVE-2022-46337  

A cleverly devised username might bypass LDAP authentication checks. In 
LDAP-authenticated Derby installations, this could let an attacker fill 
up the disk by creating junk Derby databases. In LDAP-authenticated 
Derby installations, this could also allow the attacker to execute 
malware which was visible to and executable by the account which booted 
the Derby server. In LDAP-protected databases which weren't also 
protected by SQL GRANT/REVOKE authorization, this vulnerability could 
also let an attacker view and corrupt sensitive data and run sensitive 
database functions and procedures.

Mitigation:

Users should upgrade to Java 21 and Derby 10.17.1.0.

Alternatively, users who wish to remain on older Java versions should 
build their own Derby distribution from one of the release families to 
which the fix was backported: 10.16, 10.15, and 10.14. Those are the 
releases which correspond, respectively, with Java LTS versions 17, 11, 
and 8.
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

derbyshared-10.15.2.0.jar

Description:

The code which is shared across all Derby configurations.

File Path: /home/runner/.m2/repository/org/apache/derby/derbyshared/10.15.2.0/derbyshared-10.15.2.0.jar
MD5: 2cb9ab8b9cfb06c2da5a1d3825d04344
SHA1: ff2dfb3e2a92d593cf111baad242d156947abbc1
SHA256:55365ab97e698080c6ccec65dbf7b8c63e4b4b77ad08f794d11458b1f2ea272c
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
derbyshared-10.15.2.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.derby/derby@10.15.2.0

Identifiers

CVE-2022-46337  

A cleverly devised username might bypass LDAP authentication checks. In 
LDAP-authenticated Derby installations, this could let an attacker fill 
up the disk by creating junk Derby databases. In LDAP-authenticated 
Derby installations, this could also allow the attacker to execute 
malware which was visible to and executable by the account which booted 
the Derby server. In LDAP-protected databases which weren't also 
protected by SQL GRANT/REVOKE authorization, this vulnerability could 
also let an attacker view and corrupt sensitive data and run sensitive 
database functions and procedures.

Mitigation:

Users should upgrade to Java 21 and Derby 10.17.1.0.

Alternatively, users who wish to remain on older Java versions should 
build their own Derby distribution from one of the release families to 
which the fix was backported: 10.16, 10.15, and 10.14. Those are the 
releases which correspond, respectively, with Java LTS versions 17, 11, 
and 8.
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

derbytools-10.15.2.0.jar

Description:

Contains Apache Derby tools like ij, sysinfo, and dblook.

File Path: /home/runner/.m2/repository/org/apache/derby/derbytools/10.15.2.0/derbytools-10.15.2.0.jar
MD5: d41578eeb336b0e479be8f30bfd9ab9b
SHA1: d63722381e0e893d797e4d531e219e2917898364
SHA256:45d6dc34af9790f7f8fafb9b15d8525f3b429950fca4b4051e7e4f81f9170cd9
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
derbytools-10.15.2.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/nl.geodienstencentrum.maven/schemaspy-maven-plugin@5.4.0-SNAPSHOT

Identifiers

CVE-2022-46337  

A cleverly devised username might bypass LDAP authentication checks. In 
LDAP-authenticated Derby installations, this could let an attacker fill 
up the disk by creating junk Derby databases. In LDAP-authenticated 
Derby installations, this could also allow the attacker to execute 
malware which was visible to and executable by the account which booted 
the Derby server. In LDAP-protected databases which weren't also 
protected by SQL GRANT/REVOKE authorization, this vulnerability could 
also let an attacker view and corrupt sensitive data and run sensitive 
database functions and procedures.

Mitigation:

Users should upgrade to Java 21 and Derby 10.17.1.0.

Alternatively, users who wish to remain on older Java versions should 
build their own Derby distribution from one of the release families to 
which the fix was backported: 10.16, 10.15, and 10.14. Those are the 
releases which correspond, respectively, with Java LTS versions 17, 11, 
and 8.
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

dirgra-0.3.jar

Description:

Simple Directed Graph

License:

EPL: http://www.eclipse.org/legal/epl-v10.html
File Path: /home/runner/.m2/repository/org/jruby/dirgra/0.3/dirgra-0.3.jar
MD5: 67c71ad64192513616e71c8fc75b5e2d
SHA1: fcdf20c966ff7bd3299c3d7fb3e7bfb14e38d4ee
SHA256:9ee2b48dcdfe0f6261200b81852a3f8c02af702269457c82f485d36d6e078360
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
dirgra-0.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@7.0.2

Identifiers

doxia-core-2.0.0.jar

Description:

Doxia core classes and interfaces.

File Path: /home/runner/.m2/repository/org/apache/maven/doxia/doxia-core/2.0.0/doxia-core-2.0.0.jar
MD5: c0fb5fa304380a070a896e79a62b6932
SHA1: 6b8dd422ff321fdbf32a0196b85cce3d63cfe68c
SHA256:939183cf5ced6741745b2475a4adf78ca85885ee0dad6dae28dd3f25bd447ff3
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
doxia-core-2.0.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.reporting/maven-reporting-impl@4.0.0

Identifiers

doxia-integration-tools-2.0.0.jar

Description:

A collection of tools to help the integration of Doxia Sitetools in Maven plugins.

File Path: /home/runner/.m2/repository/org/apache/maven/doxia/doxia-integration-tools/2.0.0/doxia-integration-tools-2.0.0.jar
MD5: b8e18118b11a20e0ddc66b235989682e
SHA1: ce08d289ed826416983860fb2adced6dd7ade550
SHA256:4aee72f9b30b507964c2f52b63f70e7b41fb9d957359cb5dc13c428abb4b6189
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
doxia-integration-tools-2.0.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.reporting/maven-reporting-impl@4.0.0

Identifiers

doxia-module-apt-2.0.0.jar

Description:

A Doxia module for Almost Plain Text source documents.
    APT format is supported both as source and target formats.

File Path: /home/runner/.m2/repository/org/apache/maven/doxia/doxia-module-apt/2.0.0/doxia-module-apt-2.0.0.jar
MD5: f6613830c1f558b909b32d3e3e271911
SHA1: 0505b4e8d57eb3f8c3d66adcca85ce09311742ba
SHA256:f4a846c448ca85358279184a310f6ee3f46fa39688f74a72961c1bfe222f28a6
Referenced In Project/Scope: SchemaSpy Maven Plugin:runtime
doxia-module-apt-2.0.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.reporting/maven-reporting-impl@4.0.0

Identifiers

doxia-module-xdoc-2.0.0.jar

Description:

A Doxia module for Xdoc source documents.
    Xdoc format is supported both as source and target formats.

File Path: /home/runner/.m2/repository/org/apache/maven/doxia/doxia-module-xdoc/2.0.0/doxia-module-xdoc-2.0.0.jar
MD5: dd12065dc641017da7006cb39f0490e5
SHA1: fe3a51c0226cb7cdfdcc97b73681f6ee80fad72c
SHA256:7956aca14f8adbc48bac86b218701dd44cc990063a69edbfca363b105994a474
Referenced In Project/Scope: SchemaSpy Maven Plugin:runtime
doxia-module-xdoc-2.0.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.reporting/maven-reporting-impl@4.0.0

Identifiers

doxia-module-xhtml5-2.0.0.jar

Description:

A Doxia module for Xhtml5 source documents.
    Xhtml5 format is supported both as source and target formats.

File Path: /home/runner/.m2/repository/org/apache/maven/doxia/doxia-module-xhtml5/2.0.0/doxia-module-xhtml5-2.0.0.jar
MD5: 2369dd687d9b13d115157299d09ca7d4
SHA1: 15fbcfe42e0a50eb33adbc061c9b4db84ec0470e
SHA256:c91557679a0eb9fde3175055628ceb7b8fd5ab6d308340770d236fb06265dc26
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
doxia-module-xhtml5-2.0.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.reporting/maven-reporting-impl@4.0.0

Identifiers

doxia-sink-api-2.0.0.jar

Description:

Doxia Sink API.

File Path: /home/runner/.m2/repository/org/apache/maven/doxia/doxia-sink-api/2.0.0/doxia-sink-api-2.0.0.jar
MD5: 0ac989158733a584c6b82e6ab1edc8ec
SHA1: d767d78857c1fb3cbd21ae3a7870894476ecb0fc
SHA256:fba33eaee3b01547bcd14b05ebc37f7dacef1819ad9ee7a5b27899afd3472cf4
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
doxia-sink-api-2.0.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.reporting/maven-reporting-impl@4.0.0

Identifiers

doxia-site-model-2.0.0.jar

Description:

The Site Model handles the descriptor for sites, also known as site.xml.

File Path: /home/runner/.m2/repository/org/apache/maven/doxia/doxia-site-model/2.0.0/doxia-site-model-2.0.0.jar
MD5: 4da689094c6e4a2d6457d21ce959ac42
SHA1: 6a43c5b58b9acbf789618efdda23d5cb9fb0981f
SHA256:f6ec9ef75a41d1b826e5ecf02d92c5de90a6bc70ea93d5340988703223bf2205
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
doxia-site-model-2.0.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.reporting/maven-reporting-impl@4.0.0

Identifiers

doxia-site-renderer-2.0.0.jar

Description:

The Site Renderer handles the rendering of sites, merging site model with document content.

File Path: /home/runner/.m2/repository/org/apache/maven/doxia/doxia-site-renderer/2.0.0/doxia-site-renderer-2.0.0.jar
MD5: 0af057ade4d5bc3b41a06cf1100bbd93
SHA1: b68214ec1d3250a4594f598f054977d961e66ac8
SHA256:6cdee370194f4b9f742d12ef46528042f480d9bdf3de832de2792e1ae9ffc68d
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
doxia-site-renderer-2.0.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.reporting/maven-reporting-impl@4.0.0

Identifiers

doxia-skin-model-2.0.0.jar

Description:

The Skin Model defines metadata for Doxia Sitetools skins.

File Path: /home/runner/.m2/repository/org/apache/maven/doxia/doxia-skin-model/2.0.0/doxia-skin-model-2.0.0.jar
MD5: 9daee5a484a8a9cb32b2fe6cfea42531
SHA1: 86913a4d7f1acbf26d426c97adecb18e21938ebf
SHA256:3ced0d90353f49e8eb1458f54664b93ec117d79b9789a576da41e2f6f99723e0
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
doxia-skin-model-2.0.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.reporting/maven-reporting-impl@4.0.0

Identifiers

failureaccess-1.0.2.jar

Description:

    Contains
    com.google.common.util.concurrent.internal.InternalFutureFailureAccess and
    InternalFutures. Most users will never need to use this artifact. Its
    classes are conceptually a part of Guava, but they're in this separate
    artifact so that Android libraries can use them without pulling in all of
    Guava (just as they can use ListenableFuture by depending on the
    listenablefuture artifact).

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/google/guava/failureaccess/1.0.2/failureaccess-1.0.2.jar
MD5: 3f75955b49b6758fd6d1e1bd9bf777b3
SHA1: c4a06a64e650562f30b7bf9aaec1bfed43aca12b
SHA256:8a8f81cf9b359e3f6dfa691a1e776985c061ef2f223c9b2c80753e1b458e8064
Referenced In Project/Scope: SchemaSpy Maven Plugin:provided
failureaccess-1.0.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.9

Identifiers

flexmark-0.34.32.jar

Description:

Core of flexmark-java (implementation of CommonMark for parsing markdown and rendering to HTML)

File Path: /home/runner/.m2/repository/com/vladsch/flexmark/flexmark/0.34.32/flexmark-0.34.32.jar
MD5: 382b5c90335fad2eb5d28fde5a55a0d4
SHA1: c2c2bf0e9c67757eb5996afe0ade71195227253b
SHA256:60fff3390d6836ddcf45be0a0f0e6b4602ce2f26508762851286b3a082648b53
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
flexmark-0.34.32.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@7.0.2

Identifiers

flexmark-ext-abbreviation-0.34.32.jar

Description:

flexmark-java extension for defining abbreviations and turning appearance of these abbreviations in text into links with titles consisting of the expansion of the abbreviation

File Path: /home/runner/.m2/repository/com/vladsch/flexmark/flexmark-ext-abbreviation/0.34.32/flexmark-ext-abbreviation-0.34.32.jar
MD5: f663f0f2d098231cfd98a853a822e464
SHA1: 785fe944a8f5b5b54b30a4c40735f0f82d53aa25
SHA256:714ed71edd9e5c56ccd6f210b0eb79cf7240923ddf37bfd9ad8d03635f758f5e
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
flexmark-ext-abbreviation-0.34.32.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@7.0.2

Identifiers

flexmark-ext-aside-0.34.32.jar

Description:

flexmark-java extension for converting | to aside tags

File Path: /home/runner/.m2/repository/com/vladsch/flexmark/flexmark-ext-aside/0.34.32/flexmark-ext-aside-0.34.32.jar
MD5: 2a54188164a2b5c0b22c280845a3160f
SHA1: 017d27b92514cd5b5c2494e1d2fe2cb3b695058c
SHA256:9bd05330490936009172b2b7bd9395c388839e36ca8bbaefd470b875d46c7e28
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
flexmark-ext-aside-0.34.32.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@7.0.2

Identifiers

flexmark-ext-autolink-0.34.32.jar

Description:

flexmark-java extension for turning plain URLs and email addresses into links

File Path: /home/runner/.m2/repository/com/vladsch/flexmark/flexmark-ext-autolink/0.34.32/flexmark-ext-autolink-0.34.32.jar
MD5: 2be49f92ce3fc05f3a80b767a39bb72f
SHA1: 6a499f9ebf555ce8545382818103aaaf991af123
SHA256:072e2d8ea66caea1b214becb697271a3337f22fd0a3e6cfff4c7812c98d0a37e
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
flexmark-ext-autolink-0.34.32.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@7.0.2

Identifiers

flexmark-ext-definition-0.34.32.jar

Description:

flexmark-java extension for definition

File Path: /home/runner/.m2/repository/com/vladsch/flexmark/flexmark-ext-definition/0.34.32/flexmark-ext-definition-0.34.32.jar
MD5: 06175b13310b36c4a42e9f41fb0a725f
SHA1: 1af7506590f76e6a81f78395a7b3ffa41cec8ff5
SHA256:27c05f0736294540a6922cd2369eb5178bab8c427977ebb49c5593754a5e3a72
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
flexmark-ext-definition-0.34.32.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@7.0.2

Identifiers

flexmark-ext-emoji-0.34.32.jar

Description:

flexmark-java extension for emoji shortcuts using Emoji-Cheat-Sheet.com http://www.emoji-cheat-sheet.com/

File Path: /home/runner/.m2/repository/com/vladsch/flexmark/flexmark-ext-emoji/0.34.32/flexmark-ext-emoji-0.34.32.jar
MD5: b76e06cc514d0d3fde84ef695c6fe29f
SHA1: acbf86eabcaffeb0a5a90a9ab1933367f57ce2bb
SHA256:a9dc9e21e1b96718cfb45efe00e816b06d52a02c9451097f9ba3c17072c21661
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
flexmark-ext-emoji-0.34.32.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@7.0.2

Identifiers

flexmark-ext-escaped-character-0.34.32.jar

Description:

flexmark-java extension for escaped_character

File Path: /home/runner/.m2/repository/com/vladsch/flexmark/flexmark-ext-escaped-character/0.34.32/flexmark-ext-escaped-character-0.34.32.jar
MD5: e3f75f4076188a21d4b0ccd43ba8425d
SHA1: e6d8328b599e9af5c2ddff3a9559dfe3545f9008
SHA256:654fbb2f164aa6ba3ce35cd43ac6bc65801c9a7f36ddb160963a5fb2730d0064
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
flexmark-ext-escaped-character-0.34.32.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@7.0.2

Identifiers

flexmark-ext-footnotes-0.34.32.jar

Description:

flexmark-java extension for footnote inline elments and footnote definitions

File Path: /home/runner/.m2/repository/com/vladsch/flexmark/flexmark-ext-footnotes/0.34.32/flexmark-ext-footnotes-0.34.32.jar
MD5: 79bb8079973223f14f06231fd9623bf6
SHA1: b4e1426e8658312dc2f61df1d64f8abc40fe385f
SHA256:f4d92a042d3f64cb94deb7fe8dc52b5dab9a6efea01cf54b844cb0ea77a91992
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
flexmark-ext-footnotes-0.34.32.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@7.0.2

Identifiers

flexmark-ext-gfm-strikethrough-0.34.32.jar

Description:

flexmark-java extension for GFM strikethrough using ~~ (GitHub Flavored Markdown)

File Path: /home/runner/.m2/repository/com/vladsch/flexmark/flexmark-ext-gfm-strikethrough/0.34.32/flexmark-ext-gfm-strikethrough-0.34.32.jar
MD5: a5a9e5ebfb9a1f58873d9ecd27dd348d
SHA1: acc88a9aabb0ac71d6d63c7bcccb2b082ba38b73
SHA256:2678273cae59d949007172fd439157f8c5f2b777f856587ad305c2bf3a55113d
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
flexmark-ext-gfm-strikethrough-0.34.32.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@7.0.2

Identifiers

flexmark-ext-gfm-tasklist-0.34.32.jar

Description:

flexmark-java extension to convert bullet list items that start with [ ] to a TaskListItem node

File Path: /home/runner/.m2/repository/com/vladsch/flexmark/flexmark-ext-gfm-tasklist/0.34.32/flexmark-ext-gfm-tasklist-0.34.32.jar
MD5: 6b0c5a675ca4154683a20da590e68188
SHA1: ea598ab99f7c961370f7119897a0b8efc2275566
SHA256:0fb4e680ab4ed40d67ac3399dc0ad2d95cbe902036abee994995eda53ce08fdc
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
flexmark-ext-gfm-tasklist-0.34.32.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@7.0.2

Identifiers

flexmark-ext-ins-0.34.32.jar

Description:

flexmark-java extension for ins

File Path: /home/runner/.m2/repository/com/vladsch/flexmark/flexmark-ext-ins/0.34.32/flexmark-ext-ins-0.34.32.jar
MD5: 6de13c82fedd06bde84a659a7f97d318
SHA1: 198876100bb1561e2bebb67bdfb05053aac92252
SHA256:8db30a0569f722fd33671df895bd465d36aad56782f8fb132fe41bef138fc8ac
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
flexmark-ext-ins-0.34.32.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@7.0.2

Identifiers

flexmark-ext-jekyll-front-matter-0.34.32.jar

Description:

flexmark-java extension for jekyll_front_matter

File Path: /home/runner/.m2/repository/com/vladsch/flexmark/flexmark-ext-jekyll-front-matter/0.34.32/flexmark-ext-jekyll-front-matter-0.34.32.jar
MD5: d75e222b62c266ebf19b1481cf0c6f08
SHA1: 3ba2481406202ffb2a3dd1ef888a0be7e6050b8c
SHA256:4fc8404e83cf4d23ea3850dd607553db56141f4dc787dd5ecbcf7c8151e63e14
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
flexmark-ext-jekyll-front-matter-0.34.32.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@7.0.2

Identifiers

flexmark-ext-superscript-0.34.32.jar

Description:

flexmark-java extension for superscript

File Path: /home/runner/.m2/repository/com/vladsch/flexmark/flexmark-ext-superscript/0.34.32/flexmark-ext-superscript-0.34.32.jar
MD5: 32e7f7e13440b5a9d087845fba2b9fcb
SHA1: 2f9413cedcc339dd20328249cce6fcee63161a57
SHA256:538175c28416be2b150ce63986d5594df42d7f069592733fb94c81f08fe2f127
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
flexmark-ext-superscript-0.34.32.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@7.0.2

Identifiers

flexmark-ext-tables-0.34.32.jar

Description:

flexmark-java extension for tables using "|" pipes with optional column spans and table caption

File Path: /home/runner/.m2/repository/com/vladsch/flexmark/flexmark-ext-tables/0.34.32/flexmark-ext-tables-0.34.32.jar
MD5: 0475a524aaca5cf09e242aa968034041
SHA1: 550d1891263034068014daa137c38b6b5854aafb
SHA256:662e9e726abe00c7e68b1d7e9f65a5a2e7fa77f7a32ef7e109783a7cbb2304cd
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
flexmark-ext-tables-0.34.32.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@7.0.2

Identifiers

flexmark-ext-toc-0.34.32.jar

Description:

flexmark-java extension for toc

File Path: /home/runner/.m2/repository/com/vladsch/flexmark/flexmark-ext-toc/0.34.32/flexmark-ext-toc-0.34.32.jar
MD5: 5d5bed0edcf1c3c7d80520a47b1cf8ac
SHA1: f01a984c6c8c37015079c012e700417d182b0d5f
SHA256:6a3b44c952b76165196babc54a3ad85bc454d051b3331498348cf32810382772
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
flexmark-ext-toc-0.34.32.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@7.0.2

Identifiers

flexmark-ext-typographic-0.34.32.jar

Description:

flexmark-java extension for typographic

File Path: /home/runner/.m2/repository/com/vladsch/flexmark/flexmark-ext-typographic/0.34.32/flexmark-ext-typographic-0.34.32.jar
MD5: 493f416bb0399faa70c9ef4565425fbc
SHA1: 0c8c5babe652bc1e87999ea07ef54818ae12c0d3
SHA256:6d5d09963cf211b9013ddf7cced1658edea3d6484e99af4dfd903ca239e2f2aa
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
flexmark-ext-typographic-0.34.32.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@7.0.2

Identifiers

flexmark-ext-wikilink-0.34.32.jar

Description:

flexmark-java extension parsing and rendering wiki links

File Path: /home/runner/.m2/repository/com/vladsch/flexmark/flexmark-ext-wikilink/0.34.32/flexmark-ext-wikilink-0.34.32.jar
MD5: 6ff6ff0e5c7dd48d4d35328428878538
SHA1: 7e40b4e8bf1d409e593b8b69604a504835303df2
SHA256:865745f068c7ff1a5e363b893651330b1336282c6664a7b635634263a4ed7898
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
flexmark-ext-wikilink-0.34.32.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@7.0.2

Identifiers

flexmark-ext-yaml-front-matter-0.34.32.jar

Description:

flexmark-java extension for YAML front matter

File Path: /home/runner/.m2/repository/com/vladsch/flexmark/flexmark-ext-yaml-front-matter/0.34.32/flexmark-ext-yaml-front-matter-0.34.32.jar
MD5: 3de9fc9e100d6f4e6b2644b79a8db5e4
SHA1: 0509b24c760f37699d155e63443138977f519373
SHA256:7cdb249e1906b89d84399d6de54c7afe7f4715d6ad2c30ec60f5f756d7b9e475
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
flexmark-ext-yaml-front-matter-0.34.32.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@7.0.2

Identifiers

flexmark-formatter-0.34.32.jar

Description:

flexmark-java extension for formatter

File Path: /home/runner/.m2/repository/com/vladsch/flexmark/flexmark-formatter/0.34.32/flexmark-formatter-0.34.32.jar
MD5: bae1cc2191f3bd80d09d5cfcb432a68d
SHA1: 5d35d76873bce4f5707c2df5c6be47ca42f59901
SHA256:6d8e8b4bf0e34c993a4727873e5eab86015a3121dc7bf169d97d71d45c9dd78e
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
flexmark-formatter-0.34.32.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@7.0.2

Identifiers

flexmark-jira-converter-0.34.32.jar

Description:

flexmark-java extension for jira_converter

File Path: /home/runner/.m2/repository/com/vladsch/flexmark/flexmark-jira-converter/0.34.32/flexmark-jira-converter-0.34.32.jar
MD5: 676e66b37015c3a02a249dbdb3d6666a
SHA1: 75ca8726c7a24efa1bfa74e5fe879cd929ec0cfe
SHA256:a6a33938ff6dfe5be0f2c5ba630a84b47e9f36334c5e415bb9069366ad96e2e3
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
flexmark-jira-converter-0.34.32.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@7.0.2

Identifiers

flexmark-profile-pegdown-0.34.32.jar

Description:

flexmark-java extension for setting flexmark options by using pegdown extension flags

File Path: /home/runner/.m2/repository/com/vladsch/flexmark/flexmark-profile-pegdown/0.34.32/flexmark-profile-pegdown-0.34.32.jar
MD5: a7808bb410e1ae87e66b42c3825888ab
SHA1: 30226a940419942e37a88b0a4c79a676ca78f788
SHA256:e62eaf00d9249aeb921eea709c492f5ffd085e75a15f2ca2a3944165351dd834
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
flexmark-profile-pegdown-0.34.32.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@7.0.2

Identifiers

flexmark-util-0.34.32.jar

Description:

flexmark-java utility classes

File Path: /home/runner/.m2/repository/com/vladsch/flexmark/flexmark-util/0.34.32/flexmark-util-0.34.32.jar
MD5: 240493638f5833ff8563a0b8b0ecd37f
SHA1: a06050bd9933ac68bc1f266d47c16e772675fea9
SHA256:2ee09f5826e303f37b2b88e3ae5bb7dcc70935ed1736c3a986e8bb8786f8f89c
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
flexmark-util-0.34.32.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@7.0.2

Identifiers

guava-33.2.1-jre.jar

Description:

    Guava is a suite of core and expanded libraries that include
    utility classes, Google's collections, I/O classes, and
    much more.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/google/guava/guava/33.2.1-jre/guava-33.2.1-jre.jar
MD5: 872309e5982530bdc7e68096c0d53cd2
SHA1: 818e780da2c66c63bbb6480fef1f3855eeafa3e4
SHA256:452b2d9787b7d366fa8cf5ed9a1c40404542d05effa7a598da03bbbbb76d9f31
Referenced In Project/Scope: SchemaSpy Maven Plugin:provided
guava-33.2.1-jre.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.9

Identifiers

guice-5.1.0.jar

Description:

Guice is a lightweight dependency injection framework for Java 6 and above

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/google/inject/guice/5.1.0/guice-5.1.0.jar
MD5: 2560169296aa94492af34af2115e9511
SHA1: da25056c694c54ba16e78e4fc35f17fc60f0d1b4
SHA256:4130e50bfac48099c860f0d903b91860c81a249c90f38245f8fed58fc817bc26
Referenced In Project/Scope: SchemaSpy Maven Plugin:provided
guice-5.1.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.9

Identifiers

hamcrest-core-1.3.jar

Description:

    This is the core API of hamcrest matcher framework to be used by third-party framework providers. This includes the a foundation set of matcher implementations for common operations.

File Path: /home/runner/.m2/repository/org/hamcrest/hamcrest-core/1.3/hamcrest-core-1.3.jar
MD5: 6393363b47ddcbba82321110c3e07519
SHA1: 42a25dc3219429f0e5d060061f71acb49bf010a0
SHA256:66fdef91e9739348df7a096aa384a5685f4e875584cce89386a7a47251c4d8e9
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
hamcrest-core-1.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/junit/junit@4.13.2

Identifiers

hsqldb-2.7.4.jar

Description:

HSQLDB - Lightweight 100% Java SQL Database Engine

License:

HSQLDB License, a BSD open source license: http://hsqldb.org/web/hsqlLicense.html
File Path: /home/runner/.m2/repository/org/hsqldb/hsqldb/2.7.4/hsqldb-2.7.4.jar
MD5: 9e6a620acc9d544aacbfa2f17e78f4eb
SHA1: 4aad3c109b5b04927d3bc663bf13535f830401ce
SHA256:5fab2bb4384ac06b762638c8fa2740c944b8d080e4796c0c6c2af8b90dd4e5ad
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
hsqldb-2.7.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/nl.geodienstencentrum.maven/schemaspy-maven-plugin@5.4.0-SNAPSHOT

Identifiers

invokebinder-1.12.jar

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/headius/invokebinder/1.12/invokebinder-1.12.jar
MD5: add09bd8a21f157f9d6dbcaeb33ca97d
SHA1: eeaaf9e753374c4c582bdb640742d680e22c9e5d
SHA256:44ccc90262d6e67ccb1807df662572637953ebf712b7d6503bfcb9f076c2df9b
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
invokebinder-1.12.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@7.0.2

Identifiers

jansi-2.4.0.jar

Description:

Jansi is a java library for generating and interpreting ANSI escape sequences.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/fusesource/jansi/jansi/2.4.0/jansi-2.4.0.jar
MD5: bb0f7e4e04a71518dfe5b4ec102aa61f
SHA1: 321c614f85f1dea6bb08c1817c60d53b7f3552fd
SHA256:6cd91991323dd7b2fb28ca93d7ac12af5a86a2f53279e2b35827b30313fd0b9f
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
jansi-2.4.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@7.0.2

Identifiers

jansi-2.4.0.jar: jansi.dll

File Path: /home/runner/.m2/repository/org/fusesource/jansi/jansi/2.4.0/jansi-2.4.0.jar/org/fusesource/jansi/internal/native/Windows/x86/jansi.dll
MD5: 0e396db1f1371448be55ad0b1542dc0b
SHA1: 492bd09333e536e51d17caffcf6b7b56c4afcdbf
SHA256:1d6314da4b3a7a5e9dded6b0cc1b83f15f8f603897ae00cfe98ef171285620f3
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

jansi-2.4.0.jar: jansi.dll

File Path: /home/runner/.m2/repository/org/fusesource/jansi/jansi/2.4.0/jansi-2.4.0.jar/org/fusesource/jansi/internal/native/Windows/x86_64/jansi.dll
MD5: a7a3efd305c910cd0850f24f17acec86
SHA1: 6303f154edeaa18a7aeb3997e9ef3634e5ee1171
SHA256:d23fc9293b68781d43314403048d6dc655fa4620b6b4db3dcd345c52c332a2f4
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

javax.inject-1.jar

Description:

The javax.inject API

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/javax/inject/javax.inject/1/javax.inject-1.jar
MD5: 289075e48b909e9e74e6c915b3631d2e
SHA1: 6975da39a7040257bd51d21a231b76c915872d38
SHA256:91c77044a50c481636c32d916fd89c9118a72195390452c81065080f957de7ff
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
javax.inject-1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.9

Identifiers

jcl-over-slf4j-2.0.7.jar

Description:

JCL 1.2 implemented over SLF4J

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/slf4j/jcl-over-slf4j/2.0.7/jcl-over-slf4j-2.0.7.jar
MD5: 4e8d6cd31f7e6277280c95157ac7845a
SHA1: f127fe5ee53404a8b3697cdd032dd1dd6a29dd77
SHA256:41806757e1d26dae5d6db2ca7d4a5176eed2d6e709cd86564d4a11dab0601742
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
jcl-over-slf4j-2.0.7.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@7.0.2

Identifiers

jcodings-1.0.58.jar

Description:

Byte based encoding support library for java

License:

MIT License: http://www.opensource.org/licenses/mit-license.php
File Path: /home/runner/.m2/repository/org/jruby/jcodings/jcodings/1.0.58/jcodings-1.0.58.jar
MD5: 10633c14bc5ab11a5237cf7ac15dce0d
SHA1: dce27159dc0382e5f7518d4f3e499fc8396357ed
SHA256:e2f85def67d6848a7a41c648248645689e3990d17ab8f253ab2fd7e69407df67
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
jcodings-1.0.58.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@7.0.2

Identifiers

jcommander-1.69.jar

Description:

Command line parsing

License:

Apache 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: /home/runner/.m2/repository/com/beust/jcommander/1.69/jcommander-1.69.jar
MD5: 45bed2649f8429973c486579631c69c7
SHA1: bdf17915d565a7c88a2a0fe05afb5b99ecf24555
SHA256:c2534833996d60581127ddc5139bb94f27f46badc77e1356746d58d9a3dcd99e
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
jcommander-1.69.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@7.0.2

Identifiers

jffi-1.3.10-native.jar

Description:

Java Foreign Function Interface - Native Libraries

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/github/jnr/jffi/1.3.10/jffi-1.3.10-native.jar
MD5: 96a34a92bd006c6b44cfbf95a9d51927
SHA1: 496c42f37f71721f4536cfa415b91bc3dcffe2ef
SHA256:df4682f7d48b23298b89f257d76b6233335047d7a3c6e49e7f0b7332365a7bac
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
jffi-1.3.10-native.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@7.0.2

Identifiers

jffi-1.3.10-native.jar: jffi-1.2.dll

File Path: /home/runner/.m2/repository/com/github/jnr/jffi/1.3.10/jffi-1.3.10-native.jar/jni/i386-Windows/jffi-1.2.dll
MD5: 841e60814ed6b2971a47b267aef1c58a
SHA1: 07d30c6407fefad8df4b6afc4d85f83e547975ca
SHA256:d63b0ec9a7cc75c26fa951928bf550c0e9a5e6c195a3de94a9c24995206bbfd2
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

jffi-1.3.10-native.jar: jffi-1.2.dll

File Path: /home/runner/.m2/repository/com/github/jnr/jffi/1.3.10/jffi-1.3.10-native.jar/jni/x86_64-Windows/jffi-1.2.dll
MD5: 5d80b61c1f9e31860c17b3a410948e7e
SHA1: 5ca292116336ee4ceed00d10e756afea580e62cf
SHA256:58398ba5cda1b7cb89ad4e03dd4a658006956f81acfef4efb4e7dd934e2733ef
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

jffi-1.3.10.jar

Description:

Java Foreign Function Interface

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/github/jnr/jffi/1.3.10/jffi-1.3.10.jar
MD5: f4a4d356e83be5b4feac54c9583c9830
SHA1: a1de4ce6cd1f949d9406952d6c0dae3898405632
SHA256:8f4e9fe793db1c79c12d8247a3785a30b949ecd126c346e04969b831ae48bcd3
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
jffi-1.3.10.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@7.0.2

Identifiers

jitescript-0.4.1.jar

Description:

Java API for Bytecode

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/me/qmx/jitescript/jitescript/0.4.1/jitescript-0.4.1.jar
MD5: 5fb5146d3bdc39e80c2641414521bc04
SHA1: f1efcb28cb13d26faf789264d54251faf58f0b63
SHA256:035d4afc5a27202c3e3f38c32506e3657697a4d6d97463eb25affe1cbf45efd5
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
jitescript-0.4.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@7.0.2

Identifiers

jnr-a64asm-1.0.0.jar

Description:

A pure-java A64 assembler

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/github/jnr/jnr-a64asm/1.0.0/jnr-a64asm-1.0.0.jar
MD5: 6cb469cbbcf9eca78d50f7da595a8337
SHA1: 0a1cb8dbe71b5a6a0288043c3ba3ca64545be165
SHA256:53ae5ea7fa5c284e8279aa348e7b9de4548b0cae10bfd058fa217c791875e4cf
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
jnr-a64asm-1.0.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@7.0.2

Identifiers

jnr-constants-0.10.4.jar

Description:

A set of platform constants (e.g. errno values)

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/github/jnr/jnr-constants/0.10.4/jnr-constants-0.10.4.jar
MD5: a5a4036fd334522540041b062b304abc
SHA1: 09f6f23763bf40ea7b56391791f574174914430a
SHA256:9a5b8cf9798d9d0331b8d8966c5235a22c4307676e35803a24659e6d76096f78
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
jnr-constants-0.10.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@7.0.2

Identifiers

jnr-enxio-0.32.14.jar

Description:

Native I/O access for java

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/github/jnr/jnr-enxio/0.32.14/jnr-enxio-0.32.14.jar
MD5: cc8882079f43cc9fb5bc7edcd89f09cb
SHA1: a5480211e07f29638ab7ad83746fc2214092ae03
SHA256:907706957ee2e731836ee953ec7cc646b2e8781324e53c54aa946dbae9fec74d
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
jnr-enxio-0.32.14.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@7.0.2

Identifiers

jnr-ffi-2.2.13.jar

Description:

A library for invoking native functions from java

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/github/jnr/jnr-ffi/2.2.13/jnr-ffi-2.2.13.jar
MD5: 6335a5ef1d8c70bfc35077293ea44098
SHA1: 3d2c01e80845af089c77c742922344388d9bdc75
SHA256:d309575e8d080785988dc51b6636ae67738561c3d1453e8b24f9501301e00296
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
jnr-ffi-2.2.13.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@7.0.2

Identifiers

jnr-netdb-1.2.0.jar

Description:

Lookup TCP and UDP services from java

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/github/jnr/jnr-netdb/1.2.0/jnr-netdb-1.2.0.jar
MD5: 25e6e5f7e6d05f200b9efac0b9599789
SHA1: 1bb5527cac7dadaea7c3bd1e3d86dd95ed0d3b87
SHA256:24f54abd859979b6caabf4918b022c57fc0d3247def4bfe68e5a30172409fc3c
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
jnr-netdb-1.2.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@7.0.2

Identifiers

jnr-posix-3.1.16.jar

Description:

    Common cross-project/cross-platform POSIX APIs

License:

Eclipse Public License - v 2.0: https://www.eclipse.org/legal/epl-2.0/
GNU General Public License Version 2: http://www.gnu.org/copyleft/gpl.html
GNU Lesser General Public License Version 2.1: http://www.gnu.org/licenses/lgpl.html
File Path: /home/runner/.m2/repository/com/github/jnr/jnr-posix/3.1.16/jnr-posix-3.1.16.jar
MD5: ea898122fd267d2ccd75d9eb431c0358
SHA1: 4e659c9a19e74b9f6e73153909c1b4db2752a9c2
SHA256:654e90b8369b5380f6ef0f3072fee96a15a0c3adb33fb07749fab09f34633e95
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
jnr-posix-3.1.16.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@7.0.2

Identifiers

jnr-unixsocket-0.38.19.jar

Description:

UNIX socket channels for java

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/github/jnr/jnr-unixsocket/0.38.19/jnr-unixsocket-0.38.19.jar
MD5: d7af8e0a77672497ac71bbae18aa57e8
SHA1: 9be702906e07a497b8bb992f236bcc29126cd4ce
SHA256:ac03f619af7fa1122b0c6293852b4e3b6f6a46b851f8c1a2b2f485efbbff8d4f
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
jnr-unixsocket-0.38.19.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@7.0.2

Identifiers

jnr-x86asm-1.0.2.jar

Description:

A pure-java X86 and X86_64 assembler

License:

MIT License: http://www.opensource.org/licenses/mit-license.php
File Path: /home/runner/.m2/repository/com/github/jnr/jnr-x86asm/1.0.2/jnr-x86asm-1.0.2.jar
MD5: 00670735acb2a9d1421b506dc7d338bc
SHA1: 006936bbd6c5b235665d87bd450f5e13b52d4b48
SHA256:39f3675b910e6e9b93825f8284bec9f4ad3044cd20a6f7c8ff9e2f8695ebf21e
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
jnr-x86asm-1.0.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@7.0.2

Identifiers

joda-time-2.10.10.jar

Description:

Date and time library to replace JDK date handling

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/joda-time/joda-time/2.10.10/joda-time-2.10.10.jar
MD5: c2a46de8a73ec7b60011429561ae72e3
SHA1: 29e8126e31f41e5c12b9fe3a7eb02e704c47d70b
SHA256:dd8e7c92185a678d1b7b933f31209b6203c8ffa91e9880475a1be0346b9617e3
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
joda-time-2.10.10.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@7.0.2

Identifiers

joni-2.1.48.jar

Description:

    Java port of Oniguruma: http://www.geocities.jp/kosako3/oniguruma
    that uses byte arrays directly instead of java Strings and chars

License:

MIT License: http://www.opensource.org/licenses/mit-license.php
File Path: /home/runner/.m2/repository/org/jruby/joni/joni/2.1.48/joni-2.1.48.jar
MD5: 0f9183c19ad775a3ca10f3ed8af00194
SHA1: 552f95e640553de15243c02bd97a6c0c3dd7a78f
SHA256:41cb16ce177877aae3d98aa2024486973702b66306024c683d89819ee978a529
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
joni-2.1.48.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@7.0.2

Identifiers

jruby-9.4.2.0.jar

File Path: /home/runner/.m2/repository/org/jruby/jruby/9.4.2.0/jruby-9.4.2.0.jar
MD5: a8e9239ce5a1ad55fc8f01cd883dd2e2
SHA1: 949c05a49fdb5f7fdd1044bb184adb5fdd878daa
SHA256:d1b98a34c953908f5d60ed4ea78c3308ed381dcd852b401d8e7baf8a0d183523
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
jruby-9.4.2.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@7.0.2

Identifiers

jruby-stdlib-9.4.2.0.jar: bcpkix-jdk18on-1.71.jar

File Path: /home/runner/.m2/repository/org/jruby/jruby-stdlib/9.4.2.0/jruby-stdlib-9.4.2.0.jar/META-INF/jruby.home/lib/ruby/stdlib/org/bouncycastle/bcpkix-jdk18on/1.71/bcpkix-jdk18on-1.71.jar
MD5: bf38adbe16ac8db811c86aacb81a561e
SHA1: 211bcae48a96c688ca215394d631eec2b874fff1
SHA256:4bd35767ba9228d63c2f293ba1cc71dae788370b5e036359c8e8174996854e3c
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

jruby-stdlib-9.4.2.0.jar: bcprov-jdk18on-1.71.jar

File Path: /home/runner/.m2/repository/org/jruby/jruby-stdlib/9.4.2.0/jruby-stdlib-9.4.2.0.jar/META-INF/jruby.home/lib/ruby/stdlib/org/bouncycastle/bcprov-jdk18on/1.71/bcprov-jdk18on-1.71.jar
MD5: bf1578f78f5db468a5f21ee8f8e42b0d
SHA1: 943e8d0c2bd592ad78759c39d6f749fafaf29cf4
SHA256:f3433a97d780fe9fa3dc3d562a41decd59b2e617ce884de9060349ac14750045
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

CVE-2023-33202  

Bouncy Castle for Java before 1.73 contains a potential Denial of Service (DoS) issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams containing X.509 certificates, PKCS8 encoded keys, and PKCS7 objects. Parsing a file that has crafted ASN.1 data through the PEMParser causes an OutOfMemoryError, which can enable a denial of service attack. (For users of the FIPS Java API: BC-FJA 1.0.2.3 and earlier are affected; BC-FJA 1.0.2.4 is fixed.)
CWE-400 Uncontrolled Resource Consumption

CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

jruby-stdlib-9.4.2.0.jar: bctls-jdk18on-1.71.jar

File Path: /home/runner/.m2/repository/org/jruby/jruby-stdlib/9.4.2.0/jruby-stdlib-9.4.2.0.jar/META-INF/jruby.home/lib/ruby/stdlib/org/bouncycastle/bctls-jdk18on/1.71/bctls-jdk18on-1.71.jar
MD5: 65f432d6f929d6d52672528b3290858b
SHA1: 6a2d887b25de4db3531ff77df39dcdd32787e585
SHA256:4881ba9e96a789c6f1d54124f89bbd508cbd53e9c80119dea023637cce4e3694
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

jruby-stdlib-9.4.2.0.jar: bcutil-jdk18on-1.71.jar

File Path: /home/runner/.m2/repository/org/jruby/jruby-stdlib/9.4.2.0/jruby-stdlib-9.4.2.0.jar/META-INF/jruby.home/lib/ruby/stdlib/org/bouncycastle/bcutil-jdk18on/1.71/bcutil-jdk18on-1.71.jar
MD5: 06dde1f2adc6f01803554c0162214202
SHA1: 57daa18bc93730eab46291d9b55a15480e013265
SHA256:ac75ae3fabf2cb81210b3648fbe36aaed8d8c453bbeaac40e3b5031c7677197a
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

jruby-stdlib-9.4.2.0.jar: cparse-jruby.jar

File Path: /home/runner/.m2/repository/org/jruby/jruby-stdlib/9.4.2.0/jruby-stdlib-9.4.2.0.jar/META-INF/jruby.home/lib/ruby/stdlib/racc/cparse-jruby.jar
MD5: 906f9b27b030e736e50cbfa4caafa8d6
SHA1: 3db40231f23513637dc2d89300866bab97b9019f
SHA256:e93de9f53cd7c65cd531349fcd9c9db02ed66497d9c5f4738aec8c33675e030a
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

jruby-stdlib-9.4.2.0.jar: darkfish.js

File Path: /home/runner/.m2/repository/org/jruby/jruby-stdlib/9.4.2.0/jruby-stdlib-9.4.2.0.jar/META-INF/jruby.home/lib/ruby/stdlib/rdoc/generator/template/darkfish/js/darkfish.js
MD5: 14a006c8a8c126d3a032db6a6778a2d6
SHA1: 5de3c13a83ac02d213bacc7c5642673b7692f1c9
SHA256:00cb86c2c4b1d8d18f1971ca0b2cd7eb5ecad12a68db6c78d575e053a853ce39
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

jruby-stdlib-9.4.2.0.jar: digest.jar

File Path: /home/runner/.m2/repository/org/jruby/jruby-stdlib/9.4.2.0/jruby-stdlib-9.4.2.0.jar/META-INF/jruby.home/lib/ruby/stdlib/digest.jar
MD5: 6b41cf703fa8e6eab59603d967ef62f8
SHA1: ec9fc8554da4b74cba72c8074d4dd42db3e3b734
SHA256:a764ee8dd12fd6fcb70da803ba7daa63a10290646c05b952aa0f8339536a77f3
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

jruby-stdlib-9.4.2.0.jar: escape.jar

File Path: /home/runner/.m2/repository/org/jruby/jruby-stdlib/9.4.2.0/jruby-stdlib-9.4.2.0.jar/META-INF/jruby.home/lib/ruby/stdlib/cgi/escape.jar
MD5: 246966a2ab62ba0ae05954864b8bed7e
SHA1: 81fb35684e928d55b705d12adf6ac98ba03d982c
SHA256:0b1b0f2769202fa1d37a65f824b78cdfabe5cd8ea1b9915ffdb1e9bc90c0e58a
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

jruby-stdlib-9.4.2.0.jar: generator.jar

File Path: /home/runner/.m2/repository/org/jruby/jruby-stdlib/9.4.2.0/jruby-stdlib-9.4.2.0.jar/META-INF/jruby.home/lib/ruby/stdlib/json/ext/generator.jar
MD5: 3283c0ddb83e531bc837f528f8a49b60
SHA1: 320251ec9ef0c596fdbfffb796f5cd103827b7ba
SHA256:dfc1f6d185878d54dd5baf20b017f6d7a26787bc4e687f384f5ee3053b3f7ff9
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

jruby-stdlib-9.4.2.0.jar: jline-2.14.6.jar

License:

The BSD License: http://www.opensource.org/licenses/bsd-license.php
File Path: /home/runner/.m2/repository/org/jruby/jruby-stdlib/9.4.2.0/jruby-stdlib-9.4.2.0.jar/META-INF/jruby.home/lib/ruby/stdlib/jline/jline/2.14.6/jline-2.14.6.jar
MD5: 480423551649bc6980b43f09e4717272
SHA1: c3aeac59c022bdc497c8c48ed86fa50450e4896a
SHA256:97d1acaac82409be42e622d7a54d3ae9d08517e8aefdea3d2ba9791150c2f02d
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

jruby-stdlib-9.4.2.0.jar: jline-2.14.6.jar: jansi.dll

File Path: /home/runner/.m2/repository/org/jruby/jruby-stdlib/9.4.2.0/jruby-stdlib-9.4.2.0.jar/META-INF/jruby.home/lib/ruby/stdlib/jline/jline/2.14.6/jline-2.14.6.jar/META-INF/native/windows32/jansi.dll
MD5: 83fdcbb296f9732176748e443c7637a5
SHA1: f91fda2c7f9f485db21a50c05ff3a65c1fa20090
SHA256:7db0fdba01b93f8d45c8fa9ba949f424efb0361d6f8af5561d769378d8b3a1ac
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

jruby-stdlib-9.4.2.0.jar: jline-2.14.6.jar: jansi.dll

File Path: /home/runner/.m2/repository/org/jruby/jruby-stdlib/9.4.2.0/jruby-stdlib-9.4.2.0.jar/META-INF/jruby.home/lib/ruby/stdlib/jline/jline/2.14.6/jline-2.14.6.jar/META-INF/native/windows64/jansi.dll
MD5: b009262ec2c7e84839af9729b752f14e
SHA1: 8d96f40da8970ddd48af4517512a0fdd077c33da
SHA256:daed7ea5b66bce3821742564af812b6f4e25939b3d273ed5a156ba7c92c452dc
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

jruby-stdlib-9.4.2.0.jar: jopenssl.jar (shaded: rubygems:jruby-openssl:0.14.0)

Description:

JRuby-OpenSSL is an add-on gem for JRuby that emulates the Ruby OpenSSL native library.

License:

EPL-1.0: http://opensource.org/licenses/EPL-1.0
GPL-2.0: http://opensource.org/licenses/GPL-2.0
LGPL-2.1: http://opensource.org/licenses/LGPL-2.1
File Path: /home/runner/.m2/repository/org/jruby/jruby-stdlib/9.4.2.0/jruby-stdlib-9.4.2.0.jar/META-INF/jruby.home/lib/ruby/stdlib/jopenssl.jar/META-INF/maven/rubygems/jruby-openssl/pom.xml
MD5: d28f9d9f772eb62076cdf56f28e43a66
SHA1: feebc56dc27535e5d94fe99b4c1d46fbac3a68e9
SHA256:017e9e90699f8cab1bc9d1b199507079d536d2f114a4a1395822ed228e3caeeb
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

jruby-stdlib-9.4.2.0.jar: jopenssl.jar

File Path: /home/runner/.m2/repository/org/jruby/jruby-stdlib/9.4.2.0/jruby-stdlib-9.4.2.0.jar/META-INF/jruby.home/lib/ruby/stdlib/jopenssl.jar
MD5: 2f91034db43754fc5c7a4eb981ed3493
SHA1: bcdf391001aba72dd10af7933442cedc758b6a08
SHA256:d081167410a238bb1c086b330d1abd177bd141fa4f974d804b39688471723552
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

jruby-stdlib-9.4.2.0.jar: jruby.dll

File Path: /home/runner/.m2/repository/org/jruby/jruby-stdlib/9.4.2.0/jruby-stdlib-9.4.2.0.jar/META-INF/jruby.home/bin/jruby.dll
MD5: f4984dc17ea2fe968af0429c058612bf
SHA1: d2055cf2721ccd0d84ce9776f6948f32693edb23
SHA256:00963fee62934b34753a2764f26a5fb082429ad7fca9bab68bde136897371587
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

jruby-stdlib-9.4.2.0.jar: jruby.exe

File Path: /home/runner/.m2/repository/org/jruby/jruby-stdlib/9.4.2.0/jruby-stdlib-9.4.2.0.jar/META-INF/jruby.home/bin/jruby.exe
MD5: 1839a3e41c81a5b1e439648d5ec793f7
SHA1: f77fcf2f1d1f68e89c2e1030f180c16247e483ce
SHA256:670a2786a5330c8dcd0d38221adddeeb36d6c10ff9298300f95bf4745ec36a5a
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

jruby-stdlib-9.4.2.0.jar: jrubyw.exe

File Path: /home/runner/.m2/repository/org/jruby/jruby-stdlib/9.4.2.0/jruby-stdlib-9.4.2.0.jar/META-INF/jruby.home/bin/jrubyw.exe
MD5: f25dee120cdac7b4980b532d12d7e9b1
SHA1: cd64083be92749aba74e568ddc619b905833d193
SHA256:4c13bfeb020a1f06ab339970c8b45f5d864dd76664de13e7aab7737e49a833e5
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

jruby-stdlib-9.4.2.0.jar: navigation.js

File Path: /home/runner/.m2/repository/org/jruby/jruby-stdlib/9.4.2.0/jruby-stdlib-9.4.2.0.jar/META-INF/jruby.home/lib/ruby/stdlib/rdoc/generator/template/json_index/js/navigation.js
MD5: 0f2526548577d42eed5939333c321065
SHA1: a99b9374c2e37d315a6279b9238615252becac49
SHA256:757a5fb0031eb9bc47912ec87bcf16ce5ae855bb072bdb318437ffd806d7ee56
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

jruby-stdlib-9.4.2.0.jar: parser.jar

File Path: /home/runner/.m2/repository/org/jruby/jruby-stdlib/9.4.2.0/jruby-stdlib-9.4.2.0.jar/META-INF/jruby.home/lib/ruby/stdlib/json/ext/parser.jar
MD5: 8e24715db36a58ac651db3ea42800b41
SHA1: 8f981206207df1d7d9971bd0d74dda5aa0ba7b2c
SHA256:8ac8daae07c95c22c7d29c056026cadf2404ff38d13832956b3e326805a3ee63
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

jruby-stdlib-9.4.2.0.jar: psych.jar

File Path: /home/runner/.m2/repository/org/jruby/jruby-stdlib/9.4.2.0/jruby-stdlib-9.4.2.0.jar/META-INF/jruby.home/lib/ruby/stdlib/psych.jar
MD5: e7232cab4526323ae931b2f788283796
SHA1: 4b10acede4324cf4d94f2c59b7e8d70977718140
SHA256:a516fb407c55c6601a78f036765d85484140ba90c84c614dc193f0ee179b6e00
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

jruby-stdlib-9.4.2.0.jar: readline.jar (shaded: rubygems:jruby-readline:1.3.7)

Description:

readline extension for JRuby

License:

EPL-1.0: http://opensource.org/licenses/EPL-1.0
GPL-2.0: http://opensource.org/licenses/GPL-2.0
LGPL-2.1: http://opensource.org/licenses/LGPL-2.1
File Path: /home/runner/.m2/repository/org/jruby/jruby-stdlib/9.4.2.0/jruby-stdlib-9.4.2.0.jar/META-INF/jruby.home/lib/ruby/stdlib/readline.jar/META-INF/maven/rubygems/jruby-readline/pom.xml
MD5: f675c86ab93d2adadaab3e9ec7445fe6
SHA1: 3cb722b663bcb103aafaed0789d9491684d21eb6
SHA256:b931e0b3f3ff77ee17bb63301f5caabd262e046db28f190c434f565249383408
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

jruby-stdlib-9.4.2.0.jar: readline.jar

File Path: /home/runner/.m2/repository/org/jruby/jruby-stdlib/9.4.2.0/jruby-stdlib-9.4.2.0.jar/META-INF/jruby.home/lib/ruby/stdlib/readline.jar
MD5: ee095d6e2062601784e821c0761b7a8d
SHA1: f94495275a3d40af13986495b60d7a2029d8eba5
SHA256:25f6e191a7cddf15c926d9c5fb598237517b201d041f35f5cd01ae446b17d9d4
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

jruby-stdlib-9.4.2.0.jar: search.js

File Path: /home/runner/.m2/repository/org/jruby/jruby-stdlib/9.4.2.0/jruby-stdlib-9.4.2.0.jar/META-INF/jruby.home/lib/ruby/stdlib/rdoc/generator/template/darkfish/js/search.js
MD5: 84b747a9f491cfb6740ab520d0c0602c
SHA1: 7227a18b55ac08a0f8cc03ea8ac063f6dba1a1e5
SHA256:972b0c1524a5789afa094459c524b4a7333b58536c9b2db6280468621a2c5439
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

jruby-stdlib-9.4.2.0.jar: searcher.js

File Path: /home/runner/.m2/repository/org/jruby/jruby-stdlib/9.4.2.0/jruby-stdlib-9.4.2.0.jar/META-INF/jruby.home/lib/ruby/stdlib/rdoc/generator/template/json_index/js/searcher.js
MD5: e6753e62548eadebce36524f6178fd0b
SHA1: ff8ca51fd50d759d6ad7b78a171c8646968f7520
SHA256:e1b5467dd44b05a13e7b798a9c149954e9861089575dcaf8b302489c44bc359a
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

jruby-stdlib-9.4.2.0.jar: snakeyaml-engine-2.6.jar

Description:

Core YAML 1.2 parser and emitter for Java

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/jruby/jruby-stdlib/9.4.2.0/jruby-stdlib-9.4.2.0.jar/META-INF/jruby.home/lib/ruby/stdlib/org/snakeyaml/snakeyaml-engine/2.6/snakeyaml-engine-2.6.jar
MD5: 719bcfb9f917992d0a99a6f7106d8466
SHA1: 235a7e571b33eda1a81e0f73a3173ef95dd020e5
SHA256:2652199af40c9aa2f1782400d2dfbbf4e5226208c4e05ddd4059c3d6d9cd1505
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

jruby-stdlib-9.4.2.0.jar: stringio.jar

File Path: /home/runner/.m2/repository/org/jruby/jruby-stdlib/9.4.2.0/jruby-stdlib-9.4.2.0.jar/META-INF/jruby.home/lib/ruby/stdlib/stringio.jar
MD5: 7ca1a46065731571f140db9ef93f8b31
SHA1: 5aa438038c02010f6d69eb6c3b05aa637b93aeed
SHA256:833be32b574f165a38c0a2ea33188810b29585626fcd9672f31ea734ca29ba92
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

jruby-stdlib-9.4.2.0.jar: strscan.jar

File Path: /home/runner/.m2/repository/org/jruby/jruby-stdlib/9.4.2.0/jruby-stdlib-9.4.2.0.jar/META-INF/jruby.home/lib/ruby/stdlib/strscan.jar
MD5: 53372d88223f70f737314a2f1a980ac7
SHA1: 1d973101aa0ed7bb223571f54056eaadb0fa2680
SHA256:f2cdf8305d5b0d7c740e5dca4f1eb8bb475291bd6014ab251a77f0fe34defc88
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

jruby-stdlib-9.4.2.0.jar: wait.jar

File Path: /home/runner/.m2/repository/org/jruby/jruby-stdlib/9.4.2.0/jruby-stdlib-9.4.2.0.jar/META-INF/jruby.home/lib/ruby/stdlib/io/wait.jar
MD5: b2829776cf4df5c6256846f0254c8718
SHA1: 2a75949036606215a94b765057a06c817e45baec
SHA256:6681c709f1564c20bb8288d63455e7063d604742eb21e9b6b6d3398e6a177dac
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

json-20231013.jar

Description:

        JSON is a light-weight, language independent, data interchange format.
        See http://www.JSON.org/

        The files in this package implement JSON encoders/decoders in Java.
        It also includes the capability to convert between JSON and XML, HTTP
        headers, Cookies, and CDL.

        This is a reference implementation. There are a large number of JSON packages
        in Java. Perhaps someday the Java community will standardize on one. Until
        then, choose carefully.

License:

Public Domain: https://github.com/stleary/JSON-java/blob/master/LICENSE
File Path: /home/runner/.m2/repository/org/json/json/20231013/json-20231013.jar
MD5: 1a0702c57783ce9e948252c34644f328
SHA1: e22e0c040fe16f04ffdb85d851d77b07fc05ea52
SHA256:0f18192df289114e17aa1a0d0a7f8372cc9f5c7e4f7e39adcf8906fe714fa7d3
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
json-20231013.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@7.0.2

Identifiers

json-simple-3.0.2.jar

Description:

Java 7+ toolkit to quickly develop RFC 4627 JSON compatible applications.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/github/cliftonlabs/json-simple/3.0.2/json-simple-3.0.2.jar
MD5: 148c0d1bdc1bcb24394627d6930ee9ad
SHA1: 2337afdb06134a12fc0239299c3ceb2e9c209516
SHA256:fda65a9ad0e1ac0c88987106e89aa4d8b2a2495e7e042371efa83813f65b7295
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
json-simple-3.0.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.reporting/maven-reporting-impl@4.0.0

Identifiers

jul-to-slf4j-2.0.7.jar

Description:

JUL to SLF4J bridge

License:

http://www.opensource.org/licenses/mit-license.php
File Path: /home/runner/.m2/repository/org/slf4j/jul-to-slf4j/2.0.7/jul-to-slf4j-2.0.7.jar
MD5: 965fd8c7c67bd57eb63b321d0bedf498
SHA1: a48f44aeaa8a5ddc347007298a28173ac1fbbd8b
SHA256:eaba65483bb38c93e68d557a19e5738962322de1946545dbf40e5e32f6293008
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
jul-to-slf4j-2.0.7.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@7.0.2

Identifiers

jzlib-1.1.3.jar

Description:

JZlib is a re-implementation of zlib in pure Java

License:

BSD: http://www.jcraft.com/jzlib/LICENSE.txt
File Path: /home/runner/.m2/repository/com/jcraft/jzlib/1.1.3/jzlib-1.1.3.jar
MD5: 386d3714fef534d21175d8885ae48bf7
SHA1: c01428efa717624f7aabf4df319939dda9646b2d
SHA256:89b1360f407381bf61fde411019d8cbd009ebb10cff715f3669017a031027560
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
jzlib-1.1.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@7.0.2

Identifiers

log4j-over-slf4j-2.0.7.jar

Description:

Log4j implemented over SLF4J

License:

Apache Software Licenses: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/slf4j/log4j-over-slf4j/2.0.7/log4j-over-slf4j-2.0.7.jar
MD5: db6e1607a18fce4878c6706c144c4484
SHA1: 0c7d822e808babcb3ca3f390e1992d483a26aa53
SHA256:fc57714ee8b1e4ab39b9488c157f0843de71ba6708252cbe06c994ad9d72d1ee
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
log4j-over-slf4j-2.0.7.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@7.0.2

Identifiers

logback-classic-1.4.12.jar

Description:

logback-classic module

License:

http://www.eclipse.org/legal/epl-v10.html, http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html
File Path: /home/runner/.m2/repository/ch/qos/logback/logback-classic/1.4.12/logback-classic-1.4.12.jar
MD5: b162949e0c1175b280df3f938453088a
SHA1: dc5e9d2b4f338034fd04c0e9f93dd5fff108544f
SHA256:4b4a99e1931bb0ea6c0b6c48d42bc48cde36a18e8dc9cc2f7b8c8a2364c2ec93
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
logback-classic-1.4.12.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@7.0.2

Identifiers

logback-core-1.4.12.jar

Description:

logback-core module

License:

http://www.eclipse.org/legal/epl-v10.html, http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html
File Path: /home/runner/.m2/repository/ch/qos/logback/logback-core/1.4.12/logback-core-1.4.12.jar
MD5: f4f32bd6fe5a6db6ab7aaccec5e4d036
SHA1: 670c77fc6e71cbb24dfabc9fc125f7536ed7a4ab
SHA256:132f1ae2e3be4e7ccbcaaec24cb7d16fc7e903d43cc69ad7ebc1a9ca54e9dcff
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
logback-core-1.4.12.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@7.0.2

Identifiers

CVE-2023-6481 (OSSINDEX)  

A serialization vulnerability in logback receiver component part of 
logback version 1.4.13, 1.3.13 and 1.2.12 allows an attacker to mount a Denial-Of-Service 
attack by sending poisoned data.
CWE-noinfo

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:ch.qos.logback:logback-core:1.4.12:*:*:*:*:*:*:*

CVE-2024-12798 (OSSINDEX)  

ACE vulnerability in JaninoEventEvaluator  by QOS.CH logback-core
      upto including version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 in Java applications allows
      attacker to execute arbitrary code by compromising an existing
      logback configuration file or by injecting an environment variable
      before program execution.





Malicious logback configuration files can allow the attacker to execute 
arbitrary code using the JaninoEventEvaluator extension.



A successful attack requires the user to have write access to a 
configuration file. Alternatively, the attacker could inject a malicious 
environment variable pointing to a malicious configuration file. In both 
cases, the attack requires existing privilege.
CWE-917 Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

CVSSv2:
  • Base Score: MEDIUM (5.900000095367432)
  • Vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:ch.qos.logback:logback-core:1.4.12:*:*:*:*:*:*:*

CVE-2024-12801 (OSSINDEX)  

Server-Side Request Forgery (SSRF) in SaxEventRecorder by QOS.CH logback version 0.1 to 1.3.14 and 1.4.0 to 1.5.12  on the Java platform, allows an attacker to 
forge requests by compromising logback configuration files in XML.



The attacks involves the modification of DOCTYPE declaration in  XML configuration files.

Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2024-12801 for details
CWE-918 Server-Side Request Forgery (SSRF)

CVSSv2:
  • Base Score: LOW (2.4000000953674316)
  • Vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:N/VA:L/SC:H/SI:H/SA:H

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:ch.qos.logback:logback-core:1.4.12:*:*:*:*:*:*:*

maven-archiver-3.6.2.jar

Description:

Provides utility methods for creating JARs and other archive files from a Maven project.

File Path: /home/runner/.m2/repository/org/apache/maven/maven-archiver/3.6.2/maven-archiver-3.6.2.jar
MD5: 742b3136d8ff1fcb66f5fd7f3c267c8d
SHA1: a2d949d87fed6db197cc3cceec93012dd2317ca0
SHA256:1f895a587df4844d9b7565e8e9a6352afe1d55532458a0dbeb746bc1d02e9216
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
maven-archiver-3.6.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.reporting/maven-reporting-impl@4.0.0

Identifiers

maven-artifact-3.9.9.jar

File Path: /home/runner/.m2/repository/org/apache/maven/maven-artifact/3.9.9/maven-artifact-3.9.9.jar
MD5: fcb27c2b8225edec3f2356973fa39e98
SHA1: a130ec431ef32e12a4424f9b074735bb58e15d2d
SHA256:30f015d1c1a393e19c18cd4f43532089c36d4ca328608ce3dda78b74d3d31515
Referenced In Project/Scope: SchemaSpy Maven Plugin:provided
maven-artifact-3.9.9.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/nl.geodienstencentrum.maven/schemaspy-maven-plugin@5.4.0-SNAPSHOT

Identifiers

maven-builder-support-3.9.9.jar

Description:

Support for descriptor builders (model, setting, toolchains)

File Path: /home/runner/.m2/repository/org/apache/maven/maven-builder-support/3.9.9/maven-builder-support-3.9.9.jar
MD5: 0266bb9314b63d9fde8aff0d190f48d6
SHA1: 812c13c808e42c54d3f4abdaab603e5262bf8ab8
SHA256:2ca4a967bdd12a9e85d40e012374f86e63d4a1030c199da4832e3d0a1c6770d8
Referenced In Project/Scope: SchemaSpy Maven Plugin:provided
maven-builder-support-3.9.9.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.9

Identifiers

maven-core-3.9.9.jar

Description:

Maven Core classes.

File Path: /home/runner/.m2/repository/org/apache/maven/maven-core/3.9.9/maven-core-3.9.9.jar
MD5: eed2eb37f03ccdea7ef9dab069c0b5d8
SHA1: b58645e3f14348024b05735c171425e19d30c02e
SHA256:7fab37fc6044f20ae004376ab8414373636cf51e26ad0b1efa6b3f1cd2bec503
Referenced In Project/Scope: SchemaSpy Maven Plugin:provided
maven-core-3.9.9.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/nl.geodienstencentrum.maven/schemaspy-maven-plugin@5.4.0-SNAPSHOT

Identifiers

maven-model-3.9.9.jar

Description:

Model for Maven POM (Project Object Model)

File Path: /home/runner/.m2/repository/org/apache/maven/maven-model/3.9.9/maven-model-3.9.9.jar
MD5: 813d4aceaaa8e16f8a83c95a96afa22c
SHA1: 585bff8f220ddc1c08c5263b7dee26c49fc7df94
SHA256:8f59b0a16fe9c933be749a60ae0705a0cb337bb5abaf38801b40b740ff775727
Referenced In Project/Scope: SchemaSpy Maven Plugin:provided
maven-model-3.9.9.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/nl.geodienstencentrum.maven/schemaspy-maven-plugin@5.4.0-SNAPSHOT

Identifiers

maven-model-builder-3.9.9.jar

Description:

The effective model builder, with inheritance, profile activation, interpolation, ...

File Path: /home/runner/.m2/repository/org/apache/maven/maven-model-builder/3.9.9/maven-model-builder-3.9.9.jar
MD5: a48ea3e9ceec85a9bff88e88048148d9
SHA1: 6dcd87768eb615301aef0c2221dd168a2d36bc7b
SHA256:a4377182ac2e5adfe16be3b3c81981a5ecddab014184de72ae1e522f04a77602
Referenced In Project/Scope: SchemaSpy Maven Plugin:provided
maven-model-builder-3.9.9.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.9

Identifiers

maven-plugin-annotations-3.15.1.jar

Description:

Java annotations to use in Mojos

File Path: /home/runner/.m2/repository/org/apache/maven/plugin-tools/maven-plugin-annotations/3.15.1/maven-plugin-annotations-3.15.1.jar
MD5: 0723da1364961f527fbfce10c8b9c7dd
SHA1: ca287d08819d5d87f3a06b8f065a79eb33c3ecc3
SHA256:b58bcb3a1f362f6e1efa2772064026bb3d4ad92e6f43a1812d8d2886489912f5
Referenced In Project/Scope: SchemaSpy Maven Plugin:provided
maven-plugin-annotations-3.15.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/nl.geodienstencentrum.maven/schemaspy-maven-plugin@5.4.0-SNAPSHOT

Identifiers

maven-plugin-api-3.9.9.jar

Description:

The API for plugins - Mojos - development.

File Path: /home/runner/.m2/repository/org/apache/maven/maven-plugin-api/3.9.9/maven-plugin-api-3.9.9.jar
MD5: 0bf1ae393ffac0c034ce8f3a4b7fc406
SHA1: 7e06aef37b14f8452928e5efaa88bcf2ee8aed02
SHA256:2b491d38db45b0e8eef522e8f7889a3366e546e58b376b07fcb56e34c424e932
Referenced In Project/Scope: SchemaSpy Maven Plugin:provided
maven-plugin-api-3.9.9.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/nl.geodienstencentrum.maven/schemaspy-maven-plugin@5.4.0-SNAPSHOT

Identifiers

maven-reporting-api-4.0.0.jar

Description:

API to manage report generation.

File Path: /home/runner/.m2/repository/org/apache/maven/reporting/maven-reporting-api/4.0.0/maven-reporting-api-4.0.0.jar
MD5: 9c49fcb81d69bb5ec513d624c181fc05
SHA1: d3ad7e3d03463b5bd77e7d3ce94539cc723c8dfb
SHA256:cb2cbde3c9c7288f7398a250dcf3c90cf92714cff301f22b298e1091b5def33c
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
maven-reporting-api-4.0.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.reporting/maven-reporting-impl@4.0.0

Identifiers

maven-reporting-impl-4.0.0.jar

Description:

Abstract classes to manage report generation.

File Path: /home/runner/.m2/repository/org/apache/maven/reporting/maven-reporting-impl/4.0.0/maven-reporting-impl-4.0.0.jar
MD5: 302ed7d914dc813380d361d1acb83c2f
SHA1: d3753b5c13a873a5ddb71f404c6fe1179a4688c2
SHA256:e9e70fdb26ff8b1f15435e3a68866a25c85b1694007e0fbdfe84e48e946fe463
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
maven-reporting-impl-4.0.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/nl.geodienstencentrum.maven/schemaspy-maven-plugin@5.4.0-SNAPSHOT

Identifiers

maven-repository-metadata-3.9.9.jar

Description:

Per-directory local and remote repository metadata.

File Path: /home/runner/.m2/repository/org/apache/maven/maven-repository-metadata/3.9.9/maven-repository-metadata-3.9.9.jar
MD5: d341cdcc9abac2d01546301a305f12b3
SHA1: 33a43f0af3371225d1dcaaa20a824df59c692172
SHA256:137c297e6a52d489b76663c82324d54e40f5d498a8fc015c0203fd91df8623b0
Referenced In Project/Scope: SchemaSpy Maven Plugin:provided
maven-repository-metadata-3.9.9.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.9

Identifiers

maven-resolver-api-1.9.22.jar

Description:

The application programming interface for the repository system.

License:

"Apache-2.0";link="https://www.apache.org/licenses/LICENSE-2.0.txt"
File Path: /home/runner/.m2/repository/org/apache/maven/resolver/maven-resolver-api/1.9.22/maven-resolver-api-1.9.22.jar
MD5: c59d27b3750461be99f8d38e1f503f56
SHA1: 756660687ea077b85be02b019d593ef2758e7db6
SHA256:63f5f665e44a09ef55463b3b91fda0b78ff07dd24b1060d56e79c10b6e32cbfb
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
maven-resolver-api-1.9.22.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.9

Identifiers

maven-resolver-impl-1.9.22.jar

Description:

An implementation of the repository system.

License:

"Apache-2.0";link="https://www.apache.org/licenses/LICENSE-2.0.txt"
File Path: /home/runner/.m2/repository/org/apache/maven/resolver/maven-resolver-impl/1.9.22/maven-resolver-impl-1.9.22.jar
MD5: 965f1348220f046c6cbde059c971685d
SHA1: 19b7a728c9000f8db615f64552d95fe74b413617
SHA256:e4dafb8acc13d736377c02d2170d869438dd74b98b860745909d238726babcbb
Referenced In Project/Scope: SchemaSpy Maven Plugin:provided
maven-resolver-impl-1.9.22.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.9

Identifiers

maven-resolver-named-locks-1.9.22.jar

Description:

A synchronization utility implementation using Named locks.

License:

"Apache-2.0";link="https://www.apache.org/licenses/LICENSE-2.0.txt"
File Path: /home/runner/.m2/repository/org/apache/maven/resolver/maven-resolver-named-locks/1.9.22/maven-resolver-named-locks-1.9.22.jar
MD5: 3d3855f4775bc27f9962f999ea88919b
SHA1: 121433b079aad9be7ed266b19f2122eeb0e2d111
SHA256:0685f29ec3b548d9b6917c527f13c667685a3394b955aaa5b25d0559818b7fc5
Referenced In Project/Scope: SchemaSpy Maven Plugin:provided
maven-resolver-named-locks-1.9.22.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.9

Identifiers

maven-resolver-provider-3.9.9.jar

Description:

Extensions to Maven Resolver for utilizing Maven POM and repository metadata.

File Path: /home/runner/.m2/repository/org/apache/maven/maven-resolver-provider/3.9.9/maven-resolver-provider-3.9.9.jar
MD5: ea2fccfc4c499dbaa570a26da14050d9
SHA1: ea361822cd25ae6c9153c594aef805e853031224
SHA256:5dea05049c94f952f48ce2bfe0111afdf986acc591fcc11d23fe3b8dcb70291e
Referenced In Project/Scope: SchemaSpy Maven Plugin:provided
maven-resolver-provider-3.9.9.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.9

Identifiers

maven-resolver-spi-1.9.22.jar

Description:

The service provider interface for repository system implementations and repository connectors.

License:

"Apache-2.0";link="https://www.apache.org/licenses/LICENSE-2.0.txt"
File Path: /home/runner/.m2/repository/org/apache/maven/resolver/maven-resolver-spi/1.9.22/maven-resolver-spi-1.9.22.jar
MD5: 7ae784f1d4088fff396386ed6966cafc
SHA1: c3101acaa4ec053557028cf1917f1d22112b100d
SHA256:99ad721e4631d9bd0c4f9e29c869672577c66f2a674a5723ce38eff13c75cbfd
Referenced In Project/Scope: SchemaSpy Maven Plugin:provided
maven-resolver-spi-1.9.22.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.9

Identifiers

maven-resolver-util-1.9.22.jar

Description:

A collection of utility classes to ease usage of the repository system.

License:

"Apache-2.0";link="https://www.apache.org/licenses/LICENSE-2.0.txt"
File Path: /home/runner/.m2/repository/org/apache/maven/resolver/maven-resolver-util/1.9.22/maven-resolver-util-1.9.22.jar
MD5: 4e84c0379667d2436a99fced60a74b5d
SHA1: d5febed69ca2fe0dacffec95b6cb0760b0270fd1
SHA256:4aaea1584c39294ca926fc474723d9684473609ef4490c4eb169d6ea7daca6b5
Referenced In Project/Scope: SchemaSpy Maven Plugin:provided
maven-resolver-util-1.9.22.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.9

Identifiers

maven-settings-3.9.9.jar

Description:

Maven Settings model.

File Path: /home/runner/.m2/repository/org/apache/maven/maven-settings/3.9.9/maven-settings-3.9.9.jar
MD5: a5eede8fe9b01b7bb3c6dad06a738365
SHA1: a82024d87a107965ae274d944c844c9186ff410d
SHA256:68edf1b510e0d759ec501271a5d05e3a6e425462fbb84126c16e8a6f89abdada
Referenced In Project/Scope: SchemaSpy Maven Plugin:provided
maven-settings-3.9.9.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.9

Identifiers

maven-settings-builder-3.9.9.jar

Description:

The effective settings builder, with inheritance and password decryption.

File Path: /home/runner/.m2/repository/org/apache/maven/maven-settings-builder/3.9.9/maven-settings-builder-3.9.9.jar
MD5: 4fb4ae61642d42cba66821d8698a670a
SHA1: 71a9bee9618839ffaf7c0de3b53ac1c408b57ae0
SHA256:094640f3fdce47250cb06968a143f40c4e2f1c22be979c73caac2f49f3c38373
Referenced In Project/Scope: SchemaSpy Maven Plugin:provided
maven-settings-builder-3.9.9.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.9

Identifiers

maven-shared-utils-3.4.2.jar

Description:

Shared utilities for use by Maven core and plugins

File Path: /home/runner/.m2/repository/org/apache/maven/shared/maven-shared-utils/3.4.2/maven-shared-utils-3.4.2.jar
MD5: 53a038f77a81cb5816ad2b1c7daa8711
SHA1: bfa28296272a5915b08de9f11f34a94b0a818fd0
SHA256:b613357e1bad4dfc1dead801691c9460f9585fe7c6b466bc25186212d7d18487
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
maven-shared-utils-3.4.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.9

Identifiers

mssql-jdbc-12.10.0.jre11.jar

Description:

		Microsoft JDBC Driver for SQL Server.

License:

MIT License: http://www.opensource.org/licenses/mit-license.php
File Path: /home/runner/.m2/repository/com/microsoft/sqlserver/mssql-jdbc/12.10.0.jre11/mssql-jdbc-12.10.0.jre11.jar
MD5: a45ca6099ee6f390bfdaf8814c900653
SHA1: 5f1b09d67cd03170d87d5e288638c851632488e1
SHA256:8b80e2a3d254c26f66d479bc51d2d235f054eeb6e8394260c129bbd7fc7394a7
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
mssql-jdbc-12.10.0.jre11.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/nl.geodienstencentrum.maven/schemaspy-maven-plugin@5.4.0-SNAPSHOT

Identifiers

mysql-connector-j-9.2.0.jar

Description:

JDBC Type 4 driver for MySQL.

License:

The GNU General Public License, v2 with Universal FOSS Exception, v1.0
File Path: /home/runner/.m2/repository/com/mysql/mysql-connector-j/9.2.0/mysql-connector-j-9.2.0.jar
MD5: 2bf62875936e966854b44a98b536655f
SHA1: cc7bed59ccee3c47554aeb89e37c24d95a74bec3
SHA256:7e9941bbdcca244d878ea95bfff788fd9ba6a65af757f24be6c632930d61c7ed
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
mysql-connector-j-9.2.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/nl.geodienstencentrum.maven/schemaspy-maven-plugin@5.4.0-SNAPSHOT

Identifiers

nashorn-core-15.4.jar

Description:

Nashorn is an Open Source JavaScript (ECMAScript 5.1 and some 6 features) engine for the JVM.

License:

GPL v2 with the Classpath exception: https://github.com/openjdk/nashorn/blob/main/LICENSE
File Path: /home/runner/.m2/repository/org/openjdk/nashorn/nashorn-core/15.4/nashorn-core-15.4.jar
MD5: a9b3360e6a486cf62c1952c7816b7d97
SHA1: f67f5ffaa5f5130cf6fb9b133da00c7df3b532a5
SHA256:6f816e84dfd63a81d4eaa7829c08337bbaff3ec683ff3bf6bbd90d017a00dc6f
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
nashorn-core-15.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@7.0.2

Identifiers

nashorn-core-15.4.jar: base.js

File Path: /home/runner/.m2/repository/org/openjdk/nashorn/nashorn-core/15.4/nashorn-core-15.4.jar/org/openjdk/nashorn/internal/runtime/resources/fx/base.js
MD5: 93c3e1b9f9491fb5b5df96a41441162c
SHA1: 6f2cfb7815fd7028792731ee5cd13651036e60bd
SHA256:824c73ce701b9820cc1b799e9af043f3663a72114be2a560ce1933ae1e4e496a
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

nashorn-core-15.4.jar: bootstrap.js

File Path: /home/runner/.m2/repository/org/openjdk/nashorn/nashorn-core/15.4/nashorn-core-15.4.jar/org/openjdk/nashorn/internal/runtime/resources/fx/bootstrap.js
MD5: 948cb0239b8abc93e84e813e2da8d6dc
SHA1: 79559bab4c6ae8b0ab573e37b82b50013f647956
SHA256:9ec201c6fcff2c9a2a536f80f8ea14f604092768011b5c4f59ec7b313cf359c4
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

nashorn-core-15.4.jar: controls.js

File Path: /home/runner/.m2/repository/org/openjdk/nashorn/nashorn-core/15.4/nashorn-core-15.4.jar/org/openjdk/nashorn/internal/runtime/resources/fx/controls.js
MD5: 4f9093fd24e64162c92385e1def8747f
SHA1: 016d3d27e7f9e8a6054d6248e1c2cfe72b062efd
SHA256:a065a17b974ffc3ac4c98a5177c21d39ccd70fa50eb9a4d10ed96074904285c8
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

nashorn-core-15.4.jar: fxml.js

File Path: /home/runner/.m2/repository/org/openjdk/nashorn/nashorn-core/15.4/nashorn-core-15.4.jar/org/openjdk/nashorn/internal/runtime/resources/fx/fxml.js
MD5: 262095de4844ffde10c018ef296107ee
SHA1: 5d41efdc93dac1dcecd4d6f3625f43a36af961bf
SHA256:0e411601888672288fdfa6c0018710c2156a2efef619cfd11719cdb0d63a2dfb
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

nashorn-core-15.4.jar: graphics.js

File Path: /home/runner/.m2/repository/org/openjdk/nashorn/nashorn-core/15.4/nashorn-core-15.4.jar/org/openjdk/nashorn/internal/runtime/resources/fx/graphics.js
MD5: 471022fc763c3ec65292a7f1689c58ff
SHA1: 014c1893d89dc76adbca7a30992b1c8db36c4db5
SHA256:8c12199afd230a5d936f7390a290bf899d536a731cc2b240478ecb077c3dd292
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

nashorn-core-15.4.jar: media.js

File Path: /home/runner/.m2/repository/org/openjdk/nashorn/nashorn-core/15.4/nashorn-core-15.4.jar/org/openjdk/nashorn/internal/runtime/resources/fx/media.js
MD5: 6eb77f5d138fab0f13d3601b0e68c2e1
SHA1: 385eb91d9f5d96d0575facda44c9cf1064c70a21
SHA256:e096e61fa52ef7109adae7011f5c7d004ca87aeeb43647af982e45dac77c2b0f
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

nashorn-core-15.4.jar: mozilla_compat.js

File Path: /home/runner/.m2/repository/org/openjdk/nashorn/nashorn-core/15.4/nashorn-core-15.4.jar/org/openjdk/nashorn/internal/runtime/resources/mozilla_compat.js
MD5: dcd9c8927badf397f82274077a7a9b82
SHA1: f953a1b5e422f41c66bbf32f314f8de4e8de1995
SHA256:f52167e7cec0601b53af50e3e3d9359057c37356cb3fd6fbfe0ba451bd70ff04
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

nashorn-core-15.4.jar: parser.js

File Path: /home/runner/.m2/repository/org/openjdk/nashorn/nashorn-core/15.4/nashorn-core-15.4.jar/org/openjdk/nashorn/internal/runtime/resources/parser.js
MD5: b1c71079ce0792c735ce93bb05f77f04
SHA1: 1436e8c38788e10b774eb97bddb186f417a2352f
SHA256:bb1b0b23cd2f74fdaf9cb508cc0dfd9b37529c72086e4279cb27dad664e4a261
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

nashorn-core-15.4.jar: swing.js

File Path: /home/runner/.m2/repository/org/openjdk/nashorn/nashorn-core/15.4/nashorn-core-15.4.jar/org/openjdk/nashorn/internal/runtime/resources/fx/swing.js
MD5: d92f35751bc4d6f50e6817884e7bd10e
SHA1: ebb47348ccaddb3f4dac31d91b839ce9bbc03d50
SHA256:7f1334e91b0d15bbcfcbd87b19ebf83f254065477f61e1a353ef1eaf9aaffe38
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

nashorn-core-15.4.jar: web.js

File Path: /home/runner/.m2/repository/org/openjdk/nashorn/nashorn-core/15.4/nashorn-core-15.4.jar/org/openjdk/nashorn/internal/runtime/resources/fx/web.js
MD5: c46659f1ba056770e2627807fc5f06d9
SHA1: c733b0eed6f6a37639039a77c496f9e4c2323cd4
SHA256:af7127f5a5af79f7c641a80b1dfa4de3bc6500c0a50258131379c7ec54b85484
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

ojdbc11-23.7.0.25.01.jar

Description:

 Oracle JDBC Driver compatible with JDK11, JDK17, JDK19, and JDK21

License:

Oracle Free Use Terms and Conditions (FUTC): https://www.oracle.com/downloads/licenses/oracle-free-license.html
File Path: /home/runner/.m2/repository/com/oracle/database/jdbc/ojdbc11/23.7.0.25.01/ojdbc11-23.7.0.25.01.jar
MD5: c1dbb455e175be72222d4c8ec654ae2d
SHA1: 665f52abef9122ce003b5cfc1d9d44f7302e2cfe
SHA256:ec8b7f2020b03b19f572e1bc34f94330610e86d3113ffe1e1f0474b8f5ce88ed
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
ojdbc11-23.7.0.25.01.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/nl.geodienstencentrum.maven/schemaspy-maven-plugin@5.4.0-SNAPSHOT

Identifiers

options-1.6.jar

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/headius/options/1.6/options-1.6.jar
MD5: 3e377fcbed4e25a91f24c814e0ad4c8d
SHA1: ad1647f0b713b8e05b437483573c772d4523a804
SHA256:c4c52c7931c945792d48c6010596195359a35a82d6ac36c645f14705b9a277db
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
options-1.6.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@7.0.2

Identifiers

org.eclipse.sisu.inject-0.9.0.M3.jar

Description:

JSR330-based container; supports classpath scanning, auto-binding, and dynamic auto-wiring

License:

"Eclipse Public License, Version 2.0";link="https://www.eclipse.org/legal/epl-v20.html"
File Path: /home/runner/.m2/repository/org/eclipse/sisu/org.eclipse.sisu.inject/0.9.0.M3/org.eclipse.sisu.inject-0.9.0.M3.jar
MD5: 643a13084e0ac59cdda06319e1b348ea
SHA1: 3665002ba4d16dfa779ef658a63d0608c4bd898b
SHA256:15335c4dcf082f599fb8eddcfb58d6a7e9a9c97de2883c257089a479b9b24522
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
org.eclipse.sisu.inject-0.9.0.M3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.9

Identifiers

org.eclipse.sisu.plexus-0.9.0.M3.jar

Description:

Plexus-JSR330 adapter; adds Plexus support to the Sisu-Inject container

License:

"Eclipse Public License, Version 2.0";link="https://www.eclipse.org/legal/epl-v20.html"
File Path: /home/runner/.m2/repository/org/eclipse/sisu/org.eclipse.sisu.plexus/0.9.0.M3/org.eclipse.sisu.plexus-0.9.0.M3.jar
MD5: 964e7bc9837b270566f18b87af65f5d7
SHA1: b493c7abcc6e04fa0a6a20d489a3db0395c76f70
SHA256:c99674d3773e26154885661711f0b6d63aa5008f5cc99227a236756d4ad9de5e
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
org.eclipse.sisu.plexus-0.9.0.M3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.9

Identifiers

plexus-archiver-2.2.jar

File Path: /home/runner/.m2/repository/org/codehaus/plexus/plexus-archiver/2.2/plexus-archiver-2.2.jar
MD5: 61dd3bbc4682a29a286baa58f9c7f859
SHA1: 13e55f4c2b7cdbf59a9bbd668d3c058d1a40664b
SHA256:9154a5e6e1f95a1c74d4254670fec8d7aacd5692115710fe7e1381636c6be38c
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
plexus-archiver-2.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.plugin-testing/maven-plugin-testing-harness@3.3.0

Identifiers

CVE-2023-37460  

Plexis Archiver is a collection of Plexus components to create archives or extract archives to a directory with a unified `Archiver`/`UnArchiver` API. Prior to version 4.8.0, using AbstractUnArchiver for extracting an archive might lead to an arbitrary file creation and possibly remote code execution. When extracting an archive with an entry that already exists in the destination directory as a symbolic link whose target does not exist - the `resolveFile()` function will return the symlink's source instead of its target, which will pass the verification that ensures the file will not be extracted outside of the destination directory. Later `Files.newOutputStream()`, that follows symlinks by default,  will actually write the entry's content to the symlink's target. Whoever uses plexus archiver to extract an untrusted archive is vulnerable to an arbitrary file creation and possibly remote code execution. Version 4.8.0 contains a patch for this issue.
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), CWE-61 UNIX Symbolic Link (Symlink) Following

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions:

CVE-2018-1002200  

plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:1.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions:

CVE-2012-2098 (OSSINDEX)  

Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
CWE-310 Cryptographic Issues

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.codehaus.plexus:plexus-archiver:2.2:*:*:*:*:*:*:*

plexus-cipher-2.0.jar

File Path: /home/runner/.m2/repository/org/codehaus/plexus/plexus-cipher/2.0/plexus-cipher-2.0.jar
MD5: 55d612839faf248cbe3e273969c002c2
SHA1: 425ea8e534716b4bff1ea90f39bd76be951d651b
SHA256:9a7f1b5c5a9effd61eadfd8731452a2f76a8e79111fac391ef75ea801bea203a
Referenced In Project/Scope: SchemaSpy Maven Plugin:provided
plexus-cipher-2.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.9

Identifiers

plexus-classworlds-2.8.0.jar

Description:

A class loader framework

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/codehaus/plexus/plexus-classworlds/2.8.0/plexus-classworlds-2.8.0.jar
MD5: 92089dee35db6423c2128559238430cb
SHA1: 5d0d8c71b61b38ce127a46702a453f9aa09a4ee2
SHA256:081b40e0eab033cd5ac72d2501bfff4f5fd2a3eef827051111730ea152681c72
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
plexus-classworlds-2.8.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.9

Identifiers

plexus-component-annotations-2.1.0.jar

Description:

    Plexus Component "Java 5" Annotations, to describe plexus components properties in java sources with
    standard annotations instead of javadoc annotations.

File Path: /home/runner/.m2/repository/org/codehaus/plexus/plexus-component-annotations/2.1.0/plexus-component-annotations-2.1.0.jar
MD5: 141fd7a2ae613cb17d25ecd54b43eb3f
SHA1: 2f2147a6cc6a119a1b51a96f31d45c557f6244b9
SHA256:bde3617ce9b5bcf9584126046080043af6a4b3baea40a3b153f02e7bbc32acac
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
plexus-component-annotations-2.1.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.9

Identifiers

plexus-container-default-1.0-alpha-9-stable-1.jar

File Path: /home/runner/.m2/repository/org/codehaus/plexus/plexus-container-default/1.0-alpha-9-stable-1/plexus-container-default-1.0-alpha-9-stable-1.jar
MD5: 99533a9d3e0fa3280cd0bd3426c5f99b
SHA1: 94aea3010e250a334d9dab7f591114cd6c767458
SHA256:7c758612888782ccfe376823aee7cdcc7e0cdafb097f7ef50295a0b0c3a16edf
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
plexus-container-default-1.0-alpha-9-stable-1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.plugin-testing/maven-plugin-testing-harness@3.3.0

Identifiers

plexus-i18n-1.0-beta-10.jar

File Path: /home/runner/.m2/repository/org/codehaus/plexus/plexus-i18n/1.0-beta-10/plexus-i18n-1.0-beta-10.jar
MD5: 7f36c0459c853750c627f682ec7bcf52
SHA1: 27506f59e54cc80b8c28b977c2bcd0478094e0cc
SHA256:b87f25b512ffafcafbf4a05ab943812e9c6915291370c6b46016eb3836886c41
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
plexus-i18n-1.0-beta-10.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.reporting/maven-reporting-impl@4.0.0

Identifiers

plexus-interpolation-1.27.jar

Description:

The Plexus project provides a full software stack for creating and executing software projects.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/codehaus/plexus/plexus-interpolation/1.27/plexus-interpolation-1.27.jar
MD5: c2edbe0dbc934692794aaeac6006055a
SHA1: 8dc73f4ff5eafcbb7ec035ba54736e828b272533
SHA256:3fb4fb6143fdf964024c3cb738551524b9ea84e5c211cd660c559ad0703e5230
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
plexus-interpolation-1.27.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.9

Identifiers

plexus-io-2.0.4.jar

File Path: /home/runner/.m2/repository/org/codehaus/plexus/plexus-io/2.0.4/plexus-io-2.0.4.jar
MD5: bbaf4deaddcc590be52643888630f693
SHA1: dc773899dfb3f857411ef49db46f17d7a465a634
SHA256:58f2898b70709f1216fa3afe69e0a7cdb41ad6a3927b2507a4a89941c9e4ab76
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
plexus-io-2.0.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.plugin-testing/maven-plugin-testing-harness@3.3.0

Identifiers

plexus-sec-dispatcher-2.0.jar

File Path: /home/runner/.m2/repository/org/codehaus/plexus/plexus-sec-dispatcher/2.0/plexus-sec-dispatcher-2.0.jar
MD5: e68635a721630177ac70173e441336b6
SHA1: f89c5080614ffd0764e49861895dbedde1b47237
SHA256:873139960c4c780176dda580b003a2c4bf82188bdce5bb99234e224ef7acfceb
Referenced In Project/Scope: SchemaSpy Maven Plugin:provided
plexus-sec-dispatcher-2.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.9

Identifiers

plexus-utils-3.5.1.jar

Description:

A collection of various utility classes to ease working with strings, files, command lines, XML and
    more.

File Path: /home/runner/.m2/repository/org/codehaus/plexus/plexus-utils/3.5.1/plexus-utils-3.5.1.jar
MD5: cdec471a77f52e687d0df4c43f392a71
SHA1: c6bfb17c97ecc8863e88778ea301be742c62b06d
SHA256:86e0255d4c879c61b4833ed7f13124e8bb679df47debb127326e7db7dd49a07b
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
plexus-utils-3.5.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.9

Identifiers

plexus-velocity-2.2.0.jar

File Path: /home/runner/.m2/repository/org/codehaus/plexus/plexus-velocity/2.2.0/plexus-velocity-2.2.0.jar
MD5: fd4bb44db19036ab360720360f09dccc
SHA1: 75a983b74a4c0adcd0751528ff397ae308ef6d0c
SHA256:3e7e902f492c973cf210ddb8267843a3b65e83f5067467e2f4d9af0051f6b8b9
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
plexus-velocity-2.2.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.reporting/maven-reporting-impl@4.0.0

Identifiers

plexus-xml-3.0.0.jar

Description:

A collection of various utility classes to ease working with XML in Maven 3.

File Path: /home/runner/.m2/repository/org/codehaus/plexus/plexus-xml/3.0.0/plexus-xml-3.0.0.jar
MD5: cccca4a03a8367cd20e4efaead5fba0b
SHA1: d16b91678bc3734276886132923d6919c935c9f7
SHA256:d2622dc9339b16f5b8c9cad2add440e965831d0e16f19ae1de24e1202b0de536
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
plexus-xml-3.0.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.9

Identifiers

postgresql-42.7.5.jar

Description:

PostgreSQL JDBC Driver Postgresql

License:

BSD-2-Clause: https://jdbc.postgresql.org/about/license.html
File Path: /home/runner/.m2/repository/org/postgresql/postgresql/42.7.5/postgresql-42.7.5.jar
MD5: 5cd7ba0dfa9ec82c4812b5bf387de185
SHA1: 747897987b86c741fb8b56f6b81929ae1e6e4b46
SHA256:69020b3bd20984543e817393f2e6c01a890ef2e37a77dd11d6d8508181d079ab
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
postgresql-42.7.5.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/nl.geodienstencentrum.maven/schemaspy-maven-plugin@5.4.0-SNAPSHOT

Identifiers

protobuf-java-4.29.0.jar

Description:

    Core Protocol Buffers library. Protocol Buffers are a way of encoding structured data in an
    efficient yet extensible format.

License:

https://opensource.org/licenses/BSD-3-Clause
File Path: /home/runner/.m2/repository/com/google/protobuf/protobuf-java/4.29.0/protobuf-java-4.29.0.jar
MD5: 5de9c1cc9a647278ab03d76ccfb8ff9d
SHA1: ffea90ab158435d68de76951857ef5f8b0f98365
SHA256:16901851ebe5e89fe88aaad3c26866373695bc2e30627bb8932847e2f5fc2e76
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
protobuf-java-4.29.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.mysql/mysql-connector-j@9.2.0

Identifiers

schemaspy-7.0.2.jar

Description:

SchemaSpy generates HTML and PNG-based entity relationship diagrams from JDBC-enabled databases.

License:

LGPL-3.0-or-later: https://www.gnu.org/licenses/lgpl-3.0.txt
File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/7.0.2/schemaspy-7.0.2.jar
MD5: 2fda1a8a4973917e1f5bded4b44c3c22
SHA1: ab0356201dabfafb8bdc4194a586dd515369f339
SHA256:bd85a266bdb03325b09d659fced8e0820393a51ce335e8468f4c3476021ab4ad
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
schemaspy-7.0.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/nl.geodienstencentrum.maven/schemaspy-maven-plugin@5.4.0-SNAPSHOT

Identifiers

CVE-2024-9410  

Ada.cx's Sentry configuration allowed for blind server-side request forgeries (SSRF) through the use of a data scraping endpoint.
CWE-918 Server-Side Request Forgery (SSRF)

CVSSv3:
  • Base Score: MEDIUM (5.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions:

schemaspy-7.0.2.jar: anchor.min.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/7.0.2/schemaspy-7.0.2.jar/layout/bower/anchor-js/anchor.min.js
MD5: 59ccbcf40597fdbf5a3a5f88de29c39e
SHA1: 8dacf80a941783e6fc12bf00d5ae6f867b2edc92
SHA256:20804ad516e2b883aea5f1eb25f41e6cb8f498119454d9b8d48e25f1658f3e3f
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-7.0.2.jar: anomalies.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/7.0.2/schemaspy-7.0.2.jar/layout/anomalies.js
MD5: d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-7.0.2.jar: app.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/7.0.2/schemaspy-7.0.2.jar/layout/bower/admin-lte/dist/js/app.js
MD5: 589220eddefd07d172948917bce32f46
SHA1: 3c14bff558126838fa30abe9bdcf4decf27f47c3
SHA256:e7107412589ffe7f372a5711948066ee763c4f68084475e3cb8aed2e431599f8
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-7.0.2.jar: app.min.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/7.0.2/schemaspy-7.0.2.jar/layout/bower/admin-lte/dist/js/app.min.js
MD5: c97edde005d18d707bcf8f3185de7201
SHA1: 99e43178d50c0386a3b222551766cb08e81da1dd
SHA256:7a67b6c4dba7eceb6504af73c37a21b1d92a86f7331c85d7024ba36fcaff6236
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-7.0.2.jar: bootstrap.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/7.0.2/schemaspy-7.0.2.jar/layout/bower/admin-lte/bootstrap/js/bootstrap.js
MD5: fb81549ee2896513a1ed5714b1b1a0f0
SHA1: 3b965a36a6b08854ad6eddedf85c5319fd392b4a
SHA256:0abe8deb334de1ba743b04d0399e99eba336afed9da72fc4c0a302c99f9238c8
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

CVE-2016-10735  

In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions from (including) 3.0.0; versions up to (excluding) 3.4.0
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta:*:*:*:*:*:*

CVE-2018-14041  

In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions from (including) 4.0.0; versions up to (excluding) 4.1.2
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha2:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha3:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha4:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha5:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha6:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta2:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta3:*:*:*:*:*:*

CVE-2018-14042  

In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0
  • cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions from (including) 4.0.0; versions up to (excluding) 4.1.2
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha2:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha3:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha4:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha5:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha6:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta2:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta3:*:*:*:*:*:*

CVE-2018-20676  

In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0

CVE-2018-20677  

In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0

CVE-2019-8331  

In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.1
  • cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions from (including) 4.3.0; versions up to (excluding) 4.3.1
  • cpe:2.3:a:redhat:virtualization_manager:4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:* versions up to (excluding) 5.19.0

CVE-2024-6484  

A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of an <a> tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions from (including) 3.2.0; versions up to (including) 3.4.1

CVE-2024-6485 (RETIREJS)  

Unscored:

  • Severity: medium

References:

Bootstrap before 4.0.0 is end-of-life and no longer maintained. (RETIREJS)  

Bootstrap before 4.0.0 is end-of-life and no longer maintained.
Unscored:
  • Severity: low

References:

schemaspy-7.0.2.jar: bootstrap.min.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/7.0.2/schemaspy-7.0.2.jar/layout/bower/admin-lte/bootstrap/js/bootstrap.min.js
MD5: 5869c96cc8f19086aee625d670d741f9
SHA1: 430a443d74830fe9be26efca431f448c1b3740f9
SHA256:53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

CVE-2016-10735  

In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions from (including) 3.0.0; versions up to (excluding) 3.4.0
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta:*:*:*:*:*:*

CVE-2018-14041  

In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions from (including) 4.0.0; versions up to (excluding) 4.1.2
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha2:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha3:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha4:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha5:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha6:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta2:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta3:*:*:*:*:*:*

CVE-2018-14042  

In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0
  • cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions from (including) 4.0.0; versions up to (excluding) 4.1.2
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha2:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha3:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha4:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha5:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha6:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta2:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta3:*:*:*:*:*:*

CVE-2018-20676  

In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0

CVE-2018-20677  

In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0

CVE-2019-8331  

In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.1
  • cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions from (including) 4.3.0; versions up to (excluding) 4.3.1
  • cpe:2.3:a:redhat:virtualization_manager:4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:* versions up to (excluding) 5.19.0

CVE-2024-6484  

A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of an <a> tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions from (including) 3.2.0; versions up to (including) 3.4.1

CVE-2024-6485 (RETIREJS)  

Unscored:

  • Severity: medium

References:

Bootstrap before 4.0.0 is end-of-life and no longer maintained. (RETIREJS)  

Bootstrap before 4.0.0 is end-of-life and no longer maintained.
Unscored:
  • Severity: low

References:

schemaspy-7.0.2.jar: buttons.bootstrap.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/7.0.2/schemaspy-7.0.2.jar/layout/bower/datatables.net-buttons-bs/js/buttons.bootstrap.js
MD5: d4f3fd56ffe8ee0dbdf57535e06e42e2
SHA1: fdf18cd630d82a89d6618753984edaf15fa24114
SHA256:11188b23c556bf2ff4d5e144cdad67faa417eb3c36eec6cbcd7b21566d9cfac1
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-7.0.2.jar: buttons.bootstrap.min.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/7.0.2/schemaspy-7.0.2.jar/layout/bower/datatables.net-buttons-bs/js/buttons.bootstrap.min.js
MD5: ac22ff642b7e893d1481c3746e3a727e
SHA1: 31563ff1d6b172118d962a816259cbef55c9210d
SHA256:3c288a24e5ce97babfeb3f4ee1a222e97e26a1724709d7e0e238263e29197d9a
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-7.0.2.jar: buttons.colVis.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/7.0.2/schemaspy-7.0.2.jar/layout/bower/datatables.net-buttons/buttons.colVis.js
MD5: 301a3927b58c194da0c7a1a28431fd2a
SHA1: 2c4dd397abee8d80eac8ebe5d79928ad508b48db
SHA256:f75eb463c4cdd2683c8cf79c3f7da9812d28f8891aacdea9253f8ae2c33100ec
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-7.0.2.jar: buttons.colVis.min.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/7.0.2/schemaspy-7.0.2.jar/layout/bower/datatables.net-buttons/buttons.colVis.min.js
MD5: f4b5cebb54c4c4a0064176d86997a8fa
SHA1: db37f14a84880332c9b2eea2f96c377054428fa6
SHA256:5fd6d20a56e70a8b57286ecdb5ac3c799352067b6289b91ceaafa9464aa698fa
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-7.0.2.jar: buttons.flash.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/7.0.2/schemaspy-7.0.2.jar/layout/bower/datatables.net-buttons/buttons.flash.js
MD5: 70a2e86e64be743e07cc4d4729d69a6b
SHA1: 968bc8c729cccf4b2052f55c57e6786a57059e3e
SHA256:7d7c21fff0f12cb4cff5eb443da61a5b91a6a917d8c4e9e01bb95aba69a41bd6
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-7.0.2.jar: buttons.flash.min.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/7.0.2/schemaspy-7.0.2.jar/layout/bower/datatables.net-buttons/buttons.flash.min.js
MD5: 59fca0bf56ec890473eb362b1b6d1ae9
SHA1: 1660dd65e991d7f9b01db8dfacca16b4d67e55c8
SHA256:19641b70e1838b0e77fbd359b3745bc795507789d12e4a4925640e7fb3654bf4
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-7.0.2.jar: buttons.html5.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/7.0.2/schemaspy-7.0.2.jar/layout/bower/datatables.net-buttons/buttons.html5.js
MD5: 49ad4fd980e4865b8da5ce06be20bc39
SHA1: a06f13b6d2c4cd35e0cd7d16de813e0ce8172712
SHA256:27396117755d4ac15886ac6b6e498b4c2b04104e5e41ef97c30fe6aef57a959b
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-7.0.2.jar: buttons.html5.min.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/7.0.2/schemaspy-7.0.2.jar/layout/bower/datatables.net-buttons/buttons.html5.min.js
MD5: 4420f301dafa70f660c63dc9785c7dfb
SHA1: 48c16175a7ae240a54b65bba94eabce29045a0f9
SHA256:07a081c6a38ab09a0163aecaaf77713ffae6e09d06ba1a112efef22e01857ddc
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-7.0.2.jar: buttons.print.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/7.0.2/schemaspy-7.0.2.jar/layout/bower/datatables.net-buttons/buttons.print.js
MD5: 66836cce3f63306ac9097560296f3ef8
SHA1: cf1ff4e63ad1b49cc47bc0e8b6c8a51423ca2235
SHA256:ea4a437952a00c782bee6c2021c7ed01c97f72deccefff93701fb904f4e5cb11
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-7.0.2.jar: buttons.print.min.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/7.0.2/schemaspy-7.0.2.jar/layout/bower/datatables.net-buttons/buttons.print.min.js
MD5: 584df2eac3d5cbe85d7693812711436e
SHA1: 8f12ab29e1cfd6ac99897ed0dc4d5ab9d1372ae3
SHA256:5cf40aa1a69063798764e5019279283e180a23ee74b824c0e7dfb39e97640050
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-7.0.2.jar: codemirror.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/7.0.2/schemaspy-7.0.2.jar/layout/bower/codemirror/codemirror.js
MD5: d1e82ecd62134c5d13d3318c8abd21dd
SHA1: 316b339b6e8e77186b47d66c88d7a45472a1c2d3
SHA256:6083403b7e8ffcb397a0e94165e1940557b02a992956f8d721a508bd440bd3a7
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-7.0.2.jar: column.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/7.0.2/schemaspy-7.0.2.jar/layout/column.js
MD5: f659142a0d2e951265d20ce72ac79d9f
SHA1: 668fb47bc6853cd1915c7851a3d4855dfaab5264
SHA256:a4fd822f195bb1aa9bf12669c1a8166efb223c1c5bee3636b90557bb8388e799
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-7.0.2.jar: constraint.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/7.0.2/schemaspy-7.0.2.jar/layout/constraint.js
MD5: fcdf35f00f5b51e252b016a78446be30
SHA1: 777d88b6b958c50896105a94298d574634ee320d
SHA256:7685a0571e152ab02dfba0b66a1c7057cb414eae721e8b09e37daa6318b99fb9
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-7.0.2.jar: dashboard.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/7.0.2/schemaspy-7.0.2.jar/layout/bower/admin-lte/dist/js/pages/dashboard.js
MD5: e618d25f2ec4763ccf1a530140929169
SHA1: 0a216f26eb187e9e85ca49946b4e88996de72153
SHA256:684d0390d93e86519852c8ca211da17d0f5c67929083ec3d28feac11cf78afb9
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-7.0.2.jar: dashboard2.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/7.0.2/schemaspy-7.0.2.jar/layout/bower/admin-lte/dist/js/pages/dashboard2.js
MD5: f27ed9a5f9672cb99b8affac5f898e6b
SHA1: ec365e09b46ad82c98a3af6b04d9485e37c96b9f
SHA256:83ac475ae8ec97d1c2ffc88b4acb90ecd9aa99c37fb9ba33bf7161a3deabeef3
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-7.0.2.jar: dataTables.bootstrap.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/7.0.2/schemaspy-7.0.2.jar/layout/bower/datatables.net-bs/js/dataTables.bootstrap.js
MD5: 83b18e708e2df1204e52243778f64754
SHA1: 20b1140a1f0735ed99c0af52e0653d76c7233c5e
SHA256:b492281c0eb870d7bad0b4349aec7d20bc3ef5c2c3f91a1b33b6ab53bbcd9499
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-7.0.2.jar: dataTables.bootstrap.min.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/7.0.2/schemaspy-7.0.2.jar/layout/bower/datatables.net-bs/js/dataTables.bootstrap.min.js
MD5: 19b11075f9b46a3cd26fb39a6f252b5d
SHA1: 44074789abea496fc9402979617f7d815d5cc7a2
SHA256:5ffe7cb3959b946300c3d4a90edaa757c74b44d09ac2cc86c0daa7643d097bfb
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-7.0.2.jar: dataTables.buttons.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/7.0.2/schemaspy-7.0.2.jar/layout/bower/datatables.net-buttons/dataTables.buttons.js
MD5: 7016d72dae547c2994e996b3c6009541
SHA1: 28a64a8e38a7a4ad323893c164dc225af941fa05
SHA256:1e4fea9dc18d40a0a636a99a14bbdff16e8ec635f5d1c61c7d52c29f0e419d5a
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-7.0.2.jar: dataTables.buttons.min.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/7.0.2/schemaspy-7.0.2.jar/layout/bower/datatables.net-buttons/dataTables.buttons.min.js
MD5: f13069a97e70168015f3d4bbf36f876f
SHA1: 90f5439d64c59e0f1b9ec9c0fef9639b3bf9f4c9
SHA256:8aeaf60f6f34ced8ed9c83b249bdfc8544cc8f318294074898e6ced1d04e678c
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-7.0.2.jar: demo.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/7.0.2/schemaspy-7.0.2.jar/layout/bower/admin-lte/dist/js/demo.js
MD5: 4683fb3e338cff969296e416d26046b9
SHA1: 61f01104b4b9b2f6eace6640b700857429676b13
SHA256:2353102eb576ea212082292278f5f48d5463edba544759072c0ba9e4fb6c8ee4
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-7.0.2.jar: fastclick.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/7.0.2/schemaspy-7.0.2.jar/layout/bower/admin-lte/plugins/fastclick/fastclick.js
MD5: 6e9d3b0da74f2a4a7042b494cdaa7c2e
SHA1: 06cef196733a710e77ad7e386ced6963f092dc55
SHA256:1aa08cb3c7aa70d268d24d59c374c14af7bd08e0af8c85f8e4f60a2651f4bab5
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-7.0.2.jar: fastclick.min.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/7.0.2/schemaspy-7.0.2.jar/layout/bower/admin-lte/plugins/fastclick/fastclick.min.js
MD5: c5012b7a7be9ca08c1ea8056634b5b9d
SHA1: 4f1721e190356cf41677d009afddff17a3fd1aec
SHA256:32c983a4b3b87d8f7eafa40840c8791351a593c869a3029d8b7356a8cf6d2a94
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-7.0.2.jar: html5shiv.min.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/7.0.2/schemaspy-7.0.2.jar/layout/bower/html5shiv/html5shiv.min.js
MD5: 40bd440d29b3a9371b0c63fec41ee64f
SHA1: e790c26449c57de298923c686cb3434d1d461a1d
SHA256:dc9cbf19b48bae0d28f72e59e67d6ec34ab1644087ec2e8e42954180d1586b48
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-7.0.2.jar: jquery-2.2.3.min.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/7.0.2/schemaspy-7.0.2.jar/layout/bower/admin-lte/plugins/jQuery/jquery-2.2.3.min.js
MD5: 33cabfa15c1060aaa3d207c653afb1ee
SHA1: e3dbb65f2b541d842b50d37304b0102a2d5f2387
SHA256:6b6de0d4db7876d1183a3edb47ebd3bbbf93f153f5de1ba6645049348628109a
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

CVE-2015-9251  

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 3.0.0
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:business_process_management_suite:11.1.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:* versions up to (excluding) 7.0.0.1
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:* versions up to (excluding) 6.1.0.4.0
  • cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:* versions up to (excluding) 7.2
  • cpe:2.3:a:oracle:endeca_information_discovery_studio:3.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_operations_monitor:3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_operations_monitor:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 7.3.3; versions up to (including) 7.3.5
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.0; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:* versions from (including) 8.0.5; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.6
  • cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.6
  • cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_cruise_fleet_management:9.0.11:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_reporting_and_analytics:9.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:oss_support_tools:19.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.1; versions up to (including) 17.12
  • cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:real-time_scheduler:2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_allocation:15.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_invoice_matching:15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_sales_audit:15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_workforce_management_software:1.60.9:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_workforce_management_software:1.64.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:siebel_ui_framework:18.10:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:siebel_ui_framework:18.11:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:* versions from (including) 4.3.0.1; versions up to (including) 4.3.0.4
  • cpe:2.3:a:oracle:utilities_mobile_workforce_management:2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:webcenter_sites:11.1.1.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.3:*:*:*:*:*:*:*

CVE-2019-11358  

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.11.0; versions up to (excluding) 1.11.9
  • cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.12.0; versions up to (excluding) 1.12.6
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.66
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.5.0; versions up to (excluding) 8.5.15
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.6.0; versions up to (excluding) 8.6.15
  • cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:* versions from (including) 3.0.0; versions up to (including) 3.9.4
  • cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0
  • cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:* versions from (including) 3.0; versions up to (including) 3.1.3
  • cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
  • cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* versions up to (excluding) 19.1
  • cpe:2.3:a:oracle:application_service_level_management:13.2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_service_level_management:13.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:13.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:13.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_enterprise_collections:*:*:*:*:*:*:*:* versions from (including) 2.7.0; versions up to (including) 2.8.0
  • cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:* versions from (including) 2.4.0; versions up to (including) 2.10.0
  • cpe:2.3:a:oracle:bi_publisher:5.5.0.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:bi_publisher:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:big_data_discovery:1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_application_session_controller:3.8m0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:* versions from (including) 16.1.0; versions up to (including) 16.4.0
  • cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:*:*:*:*:*:*:*:* versions from (including) 6.0; versions up to (including) 6.4
  • cpe:2.3:a:oracle:communications_operations_monitor:*:*:*:*:*:*:*:* versions from (including) 4.1; versions up to (including) 4.3
  • cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:4.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_unified_inventory_management:7.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:diagnostic_assistant:2.12.36:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 7.3.3; versions up to (including) 7.3.5
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.1.0
  • cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_asset_liability_management:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_balance_sheet_planning:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.8
  • cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.9
  • cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:* versions from (including) 8.0.5; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_data_integration_hub:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_enterprise_financial_performance_analytics:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_enterprise_financial_performance_analytics:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.0.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.4.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.5.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_profitability_management:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_de_nederlandsche_bank:8.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_us_federal_reserve:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_retail_customer_analytics:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.6
  • cpe:2.3:a:oracle:financial_services_retail_performance_analytics:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_retail_performance_analytics:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.4.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.4.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_simphony:*:*:*:*:*:*:*:* versions from (including) 19.1.0; versions up to (including) 19.1.2
  • cpe:2.3:a:oracle:hospitality_simphony:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_simphony:18.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:identity_manager:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_accounting_analyzer:8.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:insurance_ifrs_17_analyzer:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_ifrs_17_analyzer:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:* versions from (including) 5.0.0.0; versions up to (including) 5.6.0.0
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_performance_insight:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper_and_adf:11.1.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper_and_adf:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper_and_adf:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:knowledge:*:*:*:*:*:*:*:* versions from (including) 8.6.0; versions up to (including) 8.6.3
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.15
  • cpe:2.3:a:oracle:policy_automation:10.4.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation:12.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation:12.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.15
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 16.2.0; versions up to (including) 16.2.11
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 17.12.0; versions up to (including) 17.12.7
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 18.8.0; versions up to (including) 18.8.9
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 19.12.0; versions up to (including) 19.12.4
  • cpe:2.3:a:oracle:primavera_gateway:15.2.18:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.7; versions up to (including) 17.12
  • cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:real-time_scheduler:*:*:*:*:*:*:*:* versions from (including) 2.3.0.1; versions up to (including) 2.3.0.3
  • cpe:2.3:a:oracle:rest_data_services:11.2.0.4:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:12.1.0.2:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:12.2.0.1:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:18c:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:19c:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_central_office:14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_point-of-service:14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:service_bus:11.1.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:siebel_mobile_applications:*:*:*:*:*:*:*:* versions up to (including) 19.8
  • cpe:2.3:a:oracle:siebel_ui_framework:20.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:system_utilities:19.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:tape_library_acsls:8.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:tape_library_acsls:8.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:transportation_management:1.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:utilities_mobile_workforce_management:*:*:*:*:*:*:*:* versions from (including) 2.3.0.1; versions up to (including) 2.3.0.3
  • cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:cloudforms:4.7:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:virtualization_manager:4.3:*:*:*:*:*:*:*

CVE-2020-11022  

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.70
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.7.0; versions up to (excluding) 8.7.14
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.8.0; versions up to (excluding) 8.8.6
  • cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions from (including) 1.2; versions up to (excluding) 3.5.0
  • cpe:2.3:a:netapp:max_data:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:* versions from (including) 3.0; versions up to (including) 3.1.3
  • cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_supplier_collaboration_for_process:6.2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:* versions from (including) 18.1; versions up to (including) 20.1
  • cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:* versions up to (excluding) 21.1.2
  • cpe:2.3:a:oracle:communications_application_session_controller:3.8m0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_diameter_signaling_router_idih\::*:*:*:*:*:*:*:* versions from (including) 8.0.0; versions up to (including) 8.2.2
  • cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:* versions from (including) 16.1.0; versions up to (including) 16.4.0
  • cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.6.0.0; versions up to (including) 8.1.0.0.0
  • cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8
  • cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_asset_liability_management:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_balance_sheet_planning:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0
  • cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.9
  • cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_data_integration_hub:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8
  • cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8
  • cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_profitability_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_profitability_management:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_profitability_management:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0
  • cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_us_federal_reserve:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.9
  • cpe:2.3:a:oracle:healthcare_foundation:7.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_simphony:*:*:*:*:*:*:*:* versions from (including) 19.1.0; versions up to (including) 19.1.2
  • cpe:2.3:a:oracle:hospitality_simphony:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_simphony:18.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_simphony:19.1.0-19.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_accounting_analyzer:8.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0
  • cpe:2.3:a:oracle:insurance_data_foundation:8.0.6-8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:* versions from (including) 5.0.0.0; versions up to (including) 5.6.0.0
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.20
  • cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.20
  • cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:siebel_ui_framework:20.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:storagetek_acsls:8.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:log_correlation_engine:*:*:*:*:*:*:*:* versions up to (excluding) 6.0.9

CVE-2020-11023  

CISA Known Exploited Vulnerability:
  • Product: JQuery JQuery
  • Name: JQuery Cross-Site Scripting (XSS) Vulnerability
  • Date Added: 2025-01-23
  • Description: JQuery contains a persistent cross-site scripting (XSS) vulnerability. When passing maliciously formed, untrusted input enclosed in HTML tags, JQuery's DOM manipulators can execute untrusted code in the context of the user's browser.
  • Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Due Date: 2025-02-13
  • Notes: https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ ; https://nvd.nist.gov/vuln/detail/CVE-2020-11023

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.70
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.7.0; versions up to (excluding) 8.7.14
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.8.0; versions up to (excluding) 8.8.6
  • cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions from (including) 1.0.3; versions up to (excluding) 3.5.0
  • cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*
  • cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vsphere:*:*
  • cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*
  • cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:cloud_insights_storage_workload_security_agent:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:hci_baseboard_management_controller:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:max_data:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:* versions from (including) 3.0; versions up to (including) 3.1.3
  • cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:snapcenter_server:-:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* versions up to (excluding) 20.2
  • cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_enterprise_collections:*:*:*:*:*:*:*:* versions from (including) 2.7.0; versions up to (including) 2.8.0
  • cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:* versions from (including) 2.4.0; versions up to (including) 2.10.0
  • cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:* versions up to (excluding) 21.1.2
  • cpe:2.3:a:oracle:blockchain_platform:21.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:business_intelligence:5.9.0.0.0:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:* versions from (including) 16.1.0; versions up to (including) 16.4.0
  • cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:*:*:*:*:*:*:*:* versions from (including) 6.1; versions up to (including) 6.4
  • cpe:2.3:a:oracle:communications_operations_monitor:*:*:*:*:*:*:*:* versions from (including) 4.1; versions up to (including) 4.3
  • cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_de_nederlandsche_bank:8.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:health_sciences_inform:6.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hyperion_financial_reporting:11.1.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:* versions up to (excluding) 9.2.5.0
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:* versions up to (excluding) 9.2.5.0
  • cpe:2.3:a:oracle:oss_support_tools:*:*:*:*:*:*:*:* versions up to (excluding) 2.12.41
  • cpe:2.3:a:oracle:peoplesoft_enterprise_human_capital_management_resources:9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 16.2; versions up to (including) 16.2.11
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 17.12.0; versions up to (including) 17.12.7
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 18.8.0; versions up to (including) 18.8.9
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 19.12.0; versions up to (including) 19.12.4
  • cpe:2.3:a:oracle:rest_data_services:11.2.0.4:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:12.1.0.2:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:12.2.0.1:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:18c:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:19c:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:siebel_mobile:*:*:*:*:*:*:*:* versions up to (including) 20.12
  • cpe:2.3:a:oracle:storagetek_acsls:8.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:log_correlation_engine:*:*:*:*:*:*:*:* versions up to (excluding) 6.0.9

jquery issue: 162 (RETIREJS)  

jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates
Unscored:
  • Severity: low

References:

schemaspy-7.0.2.jar: jquery-ui.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/7.0.2/schemaspy-7.0.2.jar/layout/bower/admin-lte/plugins/jQueryUI/jquery-ui.js
MD5: 04a4db2983450a2970c459ba87b4210a
SHA1: 3efaf11e60ea8c541b6dc26f0ef09f195732587a
SHA256:0c8e8d7408611519ceda4e759ae9987834a17addc8f0028241ffed7fb0113612
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

CVE-2016-7103  

Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:jqueryui:jquery_ui:*:*:*:*:*:*:*:* versions from (including) 1.10.0; versions up to (including) 1.11.4
  • cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* versions up to (excluding) 19.1
  • cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:oracle:hospitality_cruise_fleet_management:9.0.11:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:oss_support_tools:*:*:*:*:*:*:*:* versions up to (excluding) 2.12.42
  • cpe:2.3:a:oracle:oss_support_tools:2.12.42:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 16.0; versions up to (including) 16.2
  • cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.0; versions up to (including) 17.12.4
  • cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 18.0; versions up to (including) 18.8.4
  • cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:* versions up to (including) 21.2
  • cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:openstack:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:openstack:8:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:openstack:9:*:*:*:*:*:*:*

CVE-2021-41182  

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.86
  • cpe:2.3:a:jqueryui:jquery_ui:*:*:*:*:*:jquery:*:* versions up to (excluding) 1.13.0
  • cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* versions up to (excluding) 22.1.1
  • cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_platform:2.12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:big_data_spatial_and_graph:*:*:*:*:*:*:*:* versions up to (excluding) 23.1
  • cpe:2.3:a:oracle:big_data_spatial_and_graph:23.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_inventory_management:9.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_suite8:*:*:*:*:*:*:*:* versions from (including) 8.11.0; versions up to (including) 8.14.0
  • cpe:2.3:a:oracle:hospitality_suite8:8.10.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:* versions up to (including) 9.2.6.3
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:* versions up to (including) 8.0.29
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.25
  • cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.7; versions up to (including) 17.12
  • cpe:2.3:a:oracle:primavera_unifier:17.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:17.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:17.9:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:17.10:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:17.11:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:17.12:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:*:*:*:*:-:*:*:* versions up to (excluding) 22.1.1
  • cpe:2.3:a:oracle:rest_data_services:22.1.1:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:* versions up to (excluding) 5.21.0

CVE-2021-41183  

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now always treated as pure text, not HTML. A workaround is to not accept the value of the `*Text` options from untrusted sources.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.86
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 9.2.0; versions up to (excluding) 9.2.11
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 9.3.0; versions up to (excluding) 9.3.3
  • cpe:2.3:a:jqueryui:jquery_ui:*:*:*:*:*:jquery:*:* versions up to (excluding) 1.13.0
  • cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* versions up to (excluding) 22.1.1
  • cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_platform:2.12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:big_data_spatial_and_graph:*:*:*:*:*:*:*:* versions up to (excluding) 23.1
  • cpe:2.3:a:oracle:big_data_spatial_and_graph:23.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_inventory_management:9.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_suite8:*:*:*:*:*:*:*:* versions from (including) 8.11.0; versions up to (including) 11.14.0
  • cpe:2.3:a:oracle:hospitality_suite8:8.10.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:* versions up to (including) 9.2.6.3
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:* versions up to (including) 8.0.29
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.5
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 17.7; versions up to (including) 17.12
  • cpe:2.3:a:oracle:primavera_gateway:18.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:19.12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:20.12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:21.12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:*:*:*:*:-:*:*:* versions up to (excluding) 22.1.1
  • cpe:2.3:a:oracle:rest_data_services:22.1.1:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:* versions up to (excluding) 5.21.0

CVE-2021-41184  

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.86
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 9.2.0; versions up to (excluding) 9.2.11
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 9.3.0; versions up to (excluding) 9.3.3
  • cpe:2.3:a:jqueryui:jquery_ui:*:*:*:*:*:jquery:*:* versions up to (excluding) 1.13.0
  • cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* versions up to (excluding) 22.1.1
  • cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_platform:2.12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:big_data_spatial_and_graph:*:*:*:*:*:*:*:* versions up to (excluding) 23.1
  • cpe:2.3:a:oracle:big_data_spatial_and_graph:23.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_inventory_management:9.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_suite8:*:*:*:*:*:*:*:* versions from (including) 8.11.0; versions up to (including) 8.14.0
  • cpe:2.3:a:oracle:hospitality_suite8:8.10.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:* versions up to (including) 9.2.6.3
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.25
  • cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.7; versions up to (including) 17.12
  • cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:*:*:*:*:-:*:*:* versions up to (excluding) 22.1.1
  • cpe:2.3:a:oracle:rest_data_services:22.1.1:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:* versions up to (excluding) 5.21.0

CVE-2022-31160  

jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. Versions prior to 1.13.2 are potentially vulnerable to cross-site scripting. Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents considered as the input label. Calling `.checkboxradio( "refresh" )` on such a widget and the initial HTML contained encoded HTML entities will make them erroneously get decoded. This can lead to potentially executing JavaScript code. The bug has been patched in jQuery UI 1.13.2. To remediate the issue, someone who can change the initial HTML can wrap all the non-input contents of the `label` in a `span`.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:drupal:jquery_ui_checkboxradio:8.x-1.0:*:*:*:*:drupal:*:*
  • cpe:2.3:a:drupal:jquery_ui_checkboxradio:8.x-1.1:*:*:*:*:drupal:*:*
  • cpe:2.3:a:drupal:jquery_ui_checkboxradio:8.x-1.2:*:*:*:*:drupal:*:*
  • cpe:2.3:a:drupal:jquery_ui_checkboxradio:8.x-1.3:*:*:*:*:drupal:*:*
  • cpe:2.3:a:jqueryui:jquery_ui:*:*:*:*:*:jquery:*:* versions up to (excluding) 1.13.2
  • cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*

schemaspy-7.0.2.jar: jquery-ui.min.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/7.0.2/schemaspy-7.0.2.jar/layout/bower/admin-lte/plugins/jQueryUI/jquery-ui.min.js
MD5: d935d506ae9c8dd9e0f96706fbb91f65
SHA1: 7f650ee30c6a4d3eea04032039b20ff72997559b
SHA256:c4d8dbe77feb63e5a61bee0bead4e5f66e8fa6a927599bd1b74aced52467273c
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

CVE-2016-7103  

Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:jqueryui:jquery_ui:*:*:*:*:*:*:*:* versions from (including) 1.10.0; versions up to (including) 1.11.4
  • cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* versions up to (excluding) 19.1
  • cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:oracle:hospitality_cruise_fleet_management:9.0.11:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:oss_support_tools:*:*:*:*:*:*:*:* versions up to (excluding) 2.12.42
  • cpe:2.3:a:oracle:oss_support_tools:2.12.42:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 16.0; versions up to (including) 16.2
  • cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.0; versions up to (including) 17.12.4
  • cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 18.0; versions up to (including) 18.8.4
  • cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:* versions up to (including) 21.2
  • cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:openstack:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:openstack:8:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:openstack:9:*:*:*:*:*:*:*

CVE-2021-41182  

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.86
  • cpe:2.3:a:jqueryui:jquery_ui:*:*:*:*:*:jquery:*:* versions up to (excluding) 1.13.0
  • cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* versions up to (excluding) 22.1.1
  • cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_platform:2.12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:big_data_spatial_and_graph:*:*:*:*:*:*:*:* versions up to (excluding) 23.1
  • cpe:2.3:a:oracle:big_data_spatial_and_graph:23.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_inventory_management:9.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_suite8:*:*:*:*:*:*:*:* versions from (including) 8.11.0; versions up to (including) 8.14.0
  • cpe:2.3:a:oracle:hospitality_suite8:8.10.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:* versions up to (including) 9.2.6.3
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:* versions up to (including) 8.0.29
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.25
  • cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.7; versions up to (including) 17.12
  • cpe:2.3:a:oracle:primavera_unifier:17.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:17.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:17.9:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:17.10:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:17.11:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:17.12:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:*:*:*:*:-:*:*:* versions up to (excluding) 22.1.1
  • cpe:2.3:a:oracle:rest_data_services:22.1.1:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:* versions up to (excluding) 5.21.0

CVE-2021-41183  

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now always treated as pure text, not HTML. A workaround is to not accept the value of the `*Text` options from untrusted sources.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.86
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 9.2.0; versions up to (excluding) 9.2.11
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 9.3.0; versions up to (excluding) 9.3.3
  • cpe:2.3:a:jqueryui:jquery_ui:*:*:*:*:*:jquery:*:* versions up to (excluding) 1.13.0
  • cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* versions up to (excluding) 22.1.1
  • cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_platform:2.12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:big_data_spatial_and_graph:*:*:*:*:*:*:*:* versions up to (excluding) 23.1
  • cpe:2.3:a:oracle:big_data_spatial_and_graph:23.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_inventory_management:9.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_suite8:*:*:*:*:*:*:*:* versions from (including) 8.11.0; versions up to (including) 11.14.0
  • cpe:2.3:a:oracle:hospitality_suite8:8.10.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:* versions up to (including) 9.2.6.3
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:* versions up to (including) 8.0.29
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.5
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 17.7; versions up to (including) 17.12
  • cpe:2.3:a:oracle:primavera_gateway:18.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:19.12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:20.12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:21.12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:*:*:*:*:-:*:*:* versions up to (excluding) 22.1.1
  • cpe:2.3:a:oracle:rest_data_services:22.1.1:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:* versions up to (excluding) 5.21.0

CVE-2021-41184  

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.86
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 9.2.0; versions up to (excluding) 9.2.11
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 9.3.0; versions up to (excluding) 9.3.3
  • cpe:2.3:a:jqueryui:jquery_ui:*:*:*:*:*:jquery:*:* versions up to (excluding) 1.13.0
  • cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* versions up to (excluding) 22.1.1
  • cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_platform:2.12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:big_data_spatial_and_graph:*:*:*:*:*:*:*:* versions up to (excluding) 23.1
  • cpe:2.3:a:oracle:big_data_spatial_and_graph:23.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_inventory_management:9.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_suite8:*:*:*:*:*:*:*:* versions from (including) 8.11.0; versions up to (including) 8.14.0
  • cpe:2.3:a:oracle:hospitality_suite8:8.10.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:* versions up to (including) 9.2.6.3
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.25
  • cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.7; versions up to (including) 17.12
  • cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:*:*:*:*:-:*:*:* versions up to (excluding) 22.1.1
  • cpe:2.3:a:oracle:rest_data_services:22.1.1:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:* versions up to (excluding) 5.21.0

CVE-2022-31160  

jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. Versions prior to 1.13.2 are potentially vulnerable to cross-site scripting. Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents considered as the input label. Calling `.checkboxradio( "refresh" )` on such a widget and the initial HTML contained encoded HTML entities will make them erroneously get decoded. This can lead to potentially executing JavaScript code. The bug has been patched in jQuery UI 1.13.2. To remediate the issue, someone who can change the initial HTML can wrap all the non-input contents of the `label` in a `span`.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:drupal:jquery_ui_checkboxradio:8.x-1.0:*:*:*:*:drupal:*:*
  • cpe:2.3:a:drupal:jquery_ui_checkboxradio:8.x-1.1:*:*:*:*:drupal:*:*
  • cpe:2.3:a:drupal:jquery_ui_checkboxradio:8.x-1.2:*:*:*:*:drupal:*:*
  • cpe:2.3:a:drupal:jquery_ui_checkboxradio:8.x-1.3:*:*:*:*:drupal:*:*
  • cpe:2.3:a:jqueryui:jquery_ui:*:*:*:*:*:jquery:*:* versions up to (excluding) 1.13.2
  • cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*

schemaspy-7.0.2.jar: jquery.dataTables.min.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/7.0.2/schemaspy-7.0.2.jar/layout/bower/datatables.net/jquery.dataTables.min.js
MD5: bcf14f55a3878cef5e522906ce13235b
SHA1: 588658fcd1f3acda0cd435dd583b1fe869d8f67b
SHA256:8f4d3b47b47a8a31163dad5d7fb15e27a0056d07b0c34c6089fd9225664e847c
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

CVE-2020-28458  

All versions of package datatables.net are vulnerable to Prototype Pollution due to an incomplete fix for https://snyk.io/vuln/SNYK-JS-DATATABLESNET-598806.
CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

CVSSv3:
  • Base Score: HIGH (7.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:datatables:datatables.net:*:*:*:*:*:node.js:*:* versions up to (excluding) 1.10.23

CVE-2021-23445  

This affects the package datatables.net before 1.11.3. If an array is passed to the HTML escape entities function it would not have its contents escaped.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:datatables:datatables.net:*:*:*:*:*:node.js:*:* versions up to (excluding) 1.11.3

prototype pollution (RETIREJS)  

prototype pollution
Unscored:
  • Severity: medium

References:

possible XSS (RETIREJS)  

possible XSS
Unscored:
  • Severity: low

References:

schemaspy-7.0.2.jar: jquery.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/7.0.2/schemaspy-7.0.2.jar/layout/bower/jquery/jquery.js
MD5: 09dd64a64ba840c31a812a3ca25eaeee
SHA1: fd81582bf1b15e6747472df880ca822c362a97d1
SHA256:0d9027289ffa5d9f6c8b4e0782bb31bbff2cef5ee3708ccbcb7a22df9128bb21
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

CVE-2019-11358  

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.11.0; versions up to (excluding) 1.11.9
  • cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.12.0; versions up to (excluding) 1.12.6
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.66
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.5.0; versions up to (excluding) 8.5.15
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.6.0; versions up to (excluding) 8.6.15
  • cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:* versions from (including) 3.0.0; versions up to (including) 3.9.4
  • cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0
  • cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:* versions from (including) 3.0; versions up to (including) 3.1.3
  • cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
  • cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* versions up to (excluding) 19.1
  • cpe:2.3:a:oracle:application_service_level_management:13.2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_service_level_management:13.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:13.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:13.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_enterprise_collections:*:*:*:*:*:*:*:* versions from (including) 2.7.0; versions up to (including) 2.8.0
  • cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:* versions from (including) 2.4.0; versions up to (including) 2.10.0
  • cpe:2.3:a:oracle:bi_publisher:5.5.0.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:bi_publisher:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:big_data_discovery:1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_application_session_controller:3.8m0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:* versions from (including) 16.1.0; versions up to (including) 16.4.0
  • cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:*:*:*:*:*:*:*:* versions from (including) 6.0; versions up to (including) 6.4
  • cpe:2.3:a:oracle:communications_operations_monitor:*:*:*:*:*:*:*:* versions from (including) 4.1; versions up to (including) 4.3
  • cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:4.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_unified_inventory_management:7.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:diagnostic_assistant:2.12.36:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 7.3.3; versions up to (including) 7.3.5
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.1.0
  • cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_asset_liability_management:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_balance_sheet_planning:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.8
  • cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.9
  • cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:* versions from (including) 8.0.5; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_data_integration_hub:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_enterprise_financial_performance_analytics:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_enterprise_financial_performance_analytics:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.0.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.4.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.5.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_profitability_management:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_de_nederlandsche_bank:8.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_us_federal_reserve:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_retail_customer_analytics:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.6
  • cpe:2.3:a:oracle:financial_services_retail_performance_analytics:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_retail_performance_analytics:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.4.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.4.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_simphony:*:*:*:*:*:*:*:* versions from (including) 19.1.0; versions up to (including) 19.1.2
  • cpe:2.3:a:oracle:hospitality_simphony:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_simphony:18.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:identity_manager:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_accounting_analyzer:8.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:insurance_ifrs_17_analyzer:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_ifrs_17_analyzer:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:* versions from (including) 5.0.0.0; versions up to (including) 5.6.0.0
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_performance_insight:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper_and_adf:11.1.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper_and_adf:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper_and_adf:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:knowledge:*:*:*:*:*:*:*:* versions from (including) 8.6.0; versions up to (including) 8.6.3
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.15
  • cpe:2.3:a:oracle:policy_automation:10.4.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation:12.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation:12.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.15
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 16.2.0; versions up to (including) 16.2.11
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 17.12.0; versions up to (including) 17.12.7
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 18.8.0; versions up to (including) 18.8.9
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 19.12.0; versions up to (including) 19.12.4
  • cpe:2.3:a:oracle:primavera_gateway:15.2.18:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.7; versions up to (including) 17.12
  • cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:real-time_scheduler:*:*:*:*:*:*:*:* versions from (including) 2.3.0.1; versions up to (including) 2.3.0.3
  • cpe:2.3:a:oracle:rest_data_services:11.2.0.4:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:12.1.0.2:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:12.2.0.1:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:18c:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:19c:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_central_office:14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_point-of-service:14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:service_bus:11.1.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:siebel_mobile_applications:*:*:*:*:*:*:*:* versions up to (including) 19.8
  • cpe:2.3:a:oracle:siebel_ui_framework:20.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:system_utilities:19.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:tape_library_acsls:8.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:tape_library_acsls:8.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:transportation_management:1.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:utilities_mobile_workforce_management:*:*:*:*:*:*:*:* versions from (including) 2.3.0.1; versions up to (including) 2.3.0.3
  • cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:cloudforms:4.7:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:virtualization_manager:4.3:*:*:*:*:*:*:*

CVE-2020-11022  

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.70
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.7.0; versions up to (excluding) 8.7.14
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.8.0; versions up to (excluding) 8.8.6
  • cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions from (including) 1.2; versions up to (excluding) 3.5.0
  • cpe:2.3:a:netapp:max_data:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:* versions from (including) 3.0; versions up to (including) 3.1.3
  • cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_supplier_collaboration_for_process:6.2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:* versions from (including) 18.1; versions up to (including) 20.1
  • cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:* versions up to (excluding) 21.1.2
  • cpe:2.3:a:oracle:communications_application_session_controller:3.8m0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_diameter_signaling_router_idih\::*:*:*:*:*:*:*:* versions from (including) 8.0.0; versions up to (including) 8.2.2
  • cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:* versions from (including) 16.1.0; versions up to (including) 16.4.0
  • cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.6.0.0; versions up to (including) 8.1.0.0.0
  • cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8
  • cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_asset_liability_management:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_balance_sheet_planning:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0
  • cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.9
  • cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_data_integration_hub:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8
  • cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8
  • cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_profitability_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_profitability_management:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_profitability_management:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0
  • cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_us_federal_reserve:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.9
  • cpe:2.3:a:oracle:healthcare_foundation:7.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_simphony:*:*:*:*:*:*:*:* versions from (including) 19.1.0; versions up to (including) 19.1.2
  • cpe:2.3:a:oracle:hospitality_simphony:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_simphony:18.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_simphony:19.1.0-19.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_accounting_analyzer:8.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0
  • cpe:2.3:a:oracle:insurance_data_foundation:8.0.6-8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:* versions from (including) 5.0.0.0; versions up to (including) 5.6.0.0
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.20
  • cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.20
  • cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:siebel_ui_framework:20.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:storagetek_acsls:8.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:log_correlation_engine:*:*:*:*:*:*:*:* versions up to (excluding) 6.0.9

CVE-2020-11023  

CISA Known Exploited Vulnerability:
  • Product: JQuery JQuery
  • Name: JQuery Cross-Site Scripting (XSS) Vulnerability
  • Date Added: 2025-01-23
  • Description: JQuery contains a persistent cross-site scripting (XSS) vulnerability. When passing maliciously formed, untrusted input enclosed in HTML tags, JQuery's DOM manipulators can execute untrusted code in the context of the user's browser.
  • Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Due Date: 2025-02-13
  • Notes: https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ ; https://nvd.nist.gov/vuln/detail/CVE-2020-11023

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.70
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.7.0; versions up to (excluding) 8.7.14
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.8.0; versions up to (excluding) 8.8.6
  • cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions from (including) 1.0.3; versions up to (excluding) 3.5.0
  • cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*
  • cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vsphere:*:*
  • cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*
  • cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:cloud_insights_storage_workload_security_agent:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:hci_baseboard_management_controller:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:max_data:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:* versions from (including) 3.0; versions up to (including) 3.1.3
  • cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:snapcenter_server:-:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* versions up to (excluding) 20.2
  • cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_enterprise_collections:*:*:*:*:*:*:*:* versions from (including) 2.7.0; versions up to (including) 2.8.0
  • cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:* versions from (including) 2.4.0; versions up to (including) 2.10.0
  • cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:* versions up to (excluding) 21.1.2
  • cpe:2.3:a:oracle:blockchain_platform:21.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:business_intelligence:5.9.0.0.0:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:* versions from (including) 16.1.0; versions up to (including) 16.4.0
  • cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:*:*:*:*:*:*:*:* versions from (including) 6.1; versions up to (including) 6.4
  • cpe:2.3:a:oracle:communications_operations_monitor:*:*:*:*:*:*:*:* versions from (including) 4.1; versions up to (including) 4.3
  • cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_de_nederlandsche_bank:8.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:health_sciences_inform:6.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hyperion_financial_reporting:11.1.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:* versions up to (excluding) 9.2.5.0
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:* versions up to (excluding) 9.2.5.0
  • cpe:2.3:a:oracle:oss_support_tools:*:*:*:*:*:*:*:* versions up to (excluding) 2.12.41
  • cpe:2.3:a:oracle:peoplesoft_enterprise_human_capital_management_resources:9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 16.2; versions up to (including) 16.2.11
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 17.12.0; versions up to (including) 17.12.7
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 18.8.0; versions up to (including) 18.8.9
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 19.12.0; versions up to (including) 19.12.4
  • cpe:2.3:a:oracle:rest_data_services:11.2.0.4:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:12.1.0.2:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:12.2.0.1:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:18c:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:19c:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:siebel_mobile:*:*:*:*:*:*:*:* versions up to (including) 20.12
  • cpe:2.3:a:oracle:storagetek_acsls:8.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:log_correlation_engine:*:*:*:*:*:*:*:* versions up to (excluding) 6.0.9

schemaspy-7.0.2.jar: jquery.slimscroll.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/7.0.2/schemaspy-7.0.2.jar/layout/bower/admin-lte/plugins/slimScroll/jquery.slimscroll.js
MD5: 6ee5ab5d89857be6eaf08b63eb3246b0
SHA1: 1988633067079e50c05ac4bf42eb59c97aa96992
SHA256:e0ae991f3c0c611e7f794d9278321a072bacfea922f48158f219b197953a0f56
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-7.0.2.jar: jquery.slimscroll.min.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/7.0.2/schemaspy-7.0.2.jar/layout/bower/admin-lte/plugins/slimScroll/jquery.slimscroll.min.js
MD5: f1dbc7920f93bd2b1dcfede95b473e4e
SHA1: 54dd07a613abfc09c6bf6aacdc2a5d089073e10b
SHA256:a84ffabdd498cd0bbd960a2c2b1845a65113bd6bea00096602e47ec8f87fd122
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-7.0.2.jar: main.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/7.0.2/schemaspy-7.0.2.jar/layout/main.js
MD5: c6d0b8e77bd0105442dda80bb00b01e9
SHA1: e1a573a52319237af8b5d4b6b6f2f7748fed4321
SHA256:d54e351e375835aaa105fab3cfb73fedb4206ee0dc8d228d8b4ed0a08fc8dcfe
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-7.0.2.jar: npm.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/7.0.2/schemaspy-7.0.2.jar/layout/bower/admin-lte/bootstrap/js/npm.js
MD5: ccb7f3909e30b1eb8f65a24393c6e12b
SHA1: e2b7590d6ec1fdac66b01fdf66ae0879f53b1262
SHA256:c7aa82a1aa7d45224a38d926d2adaff7fe4aef5bcdafa2a47bdac057f4422c2d
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-7.0.2.jar: pdfmake.min.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/7.0.2/schemaspy-7.0.2.jar/layout/bower/pdfmake/pdfmake.min.js
MD5: 130f523ea67129c5bb064a5db8c98829
SHA1: 89a69ec428dca66a4131734b11db2810beeac622
SHA256:e6cd72039171e4c5ef6e234a3ea806707d3252234d327ceb7cf69bdff3d9392d
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-7.0.2.jar: relationships.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/7.0.2/schemaspy-7.0.2.jar/layout/relationships.js
MD5: 920f55f8a197bae3ecbe0d907d788819
SHA1: 0a9e67abba65c0d55c85b79f3a2f51caf7eeeab8
SHA256:9be5e21c869973701cb19051bcf1a5eeca80fa04ae8d1a2840ddb3151251e17a
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-7.0.2.jar: respond.min.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/7.0.2/schemaspy-7.0.2.jar/layout/bower/respond/respond.min.js
MD5: afc1984a3d17110449dc90cf22de0c27
SHA1: b5aba40d65b0d6f85859db47f757ea971a0efd30
SHA256:83a8807ef669fa70d0d9375347f5552897f76c6ae8e2e6f97ef592595462d8d1
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-7.0.2.jar: routine.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/7.0.2/schemaspy-7.0.2.jar/layout/routines/routine.js
MD5: 994bf1fa88cf190d123b20295697f173
SHA1: faba18a0dd61a8875f05f65350847ab194c61dc7
SHA256:c7610ac41fcafd6566dd04117f93d31532423684fbc97dd1ab6e38ad910759ec
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-7.0.2.jar: routines.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/7.0.2/schemaspy-7.0.2.jar/layout/routines.js
MD5: b20cb8c84bc371bdba28e0e6ada01cf0
SHA1: 1c4312445f68a316ff3257a1bcb2ad92a69a9465
SHA256:d7fbad9d375979039e0a7f26a11211fd3bba4b8d000317f88149b493d6861f06
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-7.0.2.jar: salvattore.min.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/7.0.2/schemaspy-7.0.2.jar/layout/bower/salvattore/salvattore.min.js
MD5: e777a377c4b6629dd095ae07709f814b
SHA1: 936d17d233eb43856dab36d8e3db1f16c13ffc95
SHA256:ec3b330e880a042023f8af4b52db57de99d0d38819900c1b9ef8c6c7c3b62a30
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-7.0.2.jar: schemaSpy.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/7.0.2/schemaspy-7.0.2.jar/layout/schemaSpy.js
MD5: 4702bba66246aae9659e315ca2041a87
SHA1: feb05dc22646161c9ab25bc179b0643e69d9aff6
SHA256:56e99aaf99b8443e57a9f2bd247db7017b90e97389f7a517df2057bd41532034
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-7.0.2.jar: sql.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/7.0.2/schemaspy-7.0.2.jar/layout/bower/codemirror/sql.js
MD5: 407f4fc907254cc5678ee89214e2bfb5
SHA1: 68bf7356c2d20f962c61c373d920d929bf4333a3
SHA256:e2b95aaecc29e6a2544c7bc6827dfe16c5b96055de996a69a888b8f2042a6471
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-7.0.2.jar: table.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/7.0.2/schemaspy-7.0.2.jar/layout/tables/table.js
MD5: f0ccfcbabeab85d2d0e9a4bfc8e2fabd
SHA1: 62f7a223787e9a8ba4cdd997a9fc491568180721
SHA256:4db23338d36521d569e2793d8f393135f8df2391cd7de335c5889a9d181ef46d
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-7.0.2.jar: vfs_fonts.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/7.0.2/schemaspy-7.0.2.jar/layout/bower/pdfmake/vfs_fonts.js
MD5: 795e143b8f4eeb5089b2638cdeca7006
SHA1: 914c1db78046ed67723702de671b32a0b591206f
SHA256:5cb81fa70754070475938e9859359a268122c9b62cac154ebb8e120e812662cc
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-7.0.2.jar: viz.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/7.0.2/schemaspy-7.0.2.jar/viz.js
MD5: 50c0fe0cec14d1030d023b260f8ee1b7
SHA1: 8c15e61d28791e45824922e3e81cd8c5c5bba618
SHA256:b6f33297afb84c5ef7c2f572d800390a4dd0c5186b5c5488a1762b49d1c9fe9f
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-7.0.2.jar: xlsx.full.min.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/7.0.2/schemaspy-7.0.2.jar/layout/bower/js-xlsx/xlsx.full.min.js
MD5: b234f9d123c694019d2721c90ff9f8df
SHA1: cfd5eeb3cc1f745b88c21f76450a6e560b53584b
SHA256:6dbcaacf07c01b3888e33ffe354eb848aab1177f303d5179e4f9d2ca0bdd484c
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

slf4j-api-1.7.36.jar

Description:

The slf4j API

File Path: /home/runner/.m2/repository/org/slf4j/slf4j-api/1.7.36/slf4j-api-1.7.36.jar
MD5: 872da51f5de7f3923da4de871d57fd85
SHA1: 6c62681a2f655b49963a5983b8b0950a6120ae14
SHA256:d3ef575e3e4979678dc01bf1dcce51021493b4d11fb7f1be8ad982877c16a1c0
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
slf4j-api-1.7.36.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.9

Identifiers

velocity-engine-core-2.4.jar

Description:

Apache Velocity is a general purpose template engine.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/apache/velocity/velocity-engine-core/2.4/velocity-engine-core-2.4.jar
MD5: 8dc3c7a26823ee88253f7aa9250c094e
SHA1: 55dfc20bbc4968cf70c5ae5165b5b0324e0067d9
SHA256:1bf78c2ade46f209bf93ebe72ed2af5b989ca7a1de0a015fc1b92a62f56b6549
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
velocity-engine-core-2.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.reporting/maven-reporting-impl@4.0.0

Identifiers

velocity-tools-generic-3.1.jar

Description:

Generic tools that can be used in any context.

File Path: /home/runner/.m2/repository/org/apache/velocity/tools/velocity-tools-generic/3.1/velocity-tools-generic-3.1.jar
MD5: 76f13879ead8693fd4d5751a8a236089
SHA1: 07aaa49086a64cd9dab967a8437cc03abbfad655
SHA256:8258cfdcaa16127f35ffe610a3fa4f76b7ebe51b88922c73c4ee39ce8f378ce5
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
velocity-tools-generic-3.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.reporting/maven-reporting-impl@4.0.0

Identifiers



This report contains data retrieved from the National Vulnerability Database.
This report may contain data retrieved from the CISA Known Exploited Vulnerability Catalog.
This report may contain data retrieved from the Github Advisory Database (via NPM Audit API).
This report may contain data retrieved from RetireJS.
This report may contain data retrieved from the Sonatype OSS Index.