Press CTR-C to copy XML [help]


Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

How to read the report | Suppressing false positives | Getting Help: github issues

 Sponsor

Project: SchemaSpy Maven Plugin

nl.geodienstencentrum.maven:schemaspy-maven-plugin:5.3.0-SNAPSHOT

Scan Information (show all):

Summary

Display: Showing Vulnerable Dependencies (click to show all)

DependencyVulnerability IDsPackageHighest SeverityCVE CountConfidenceEvidence Count
aopalliance-1.0.jarpkg:maven/aopalliance/aopalliance@1.0 020
asm-7.3.1.jarpkg:maven/org.ow2.asm/asm@7.3.1 054
asm-analysis-7.3.1.jarpkg:maven/org.ow2.asm/asm-analysis@7.3.1 060
asm-commons-7.3.1.jarpkg:maven/org.ow2.asm/asm-commons@7.3.1 058
asm-tree-7.3.1.jarpkg:maven/org.ow2.asm/asm-tree@7.3.1 058
asm-util-7.3.1.jarpkg:maven/org.ow2.asm/asm-util@7.3.1 058
autolink-0.6.0.jarpkg:maven/org.nibor.autolink/autolink@0.6.0 024
checker-qual-3.42.0.jarpkg:maven/org.checkerframework/checker-qual@3.42.0 046
commons-beanutils-1.9.4.jarcpe:2.3:a:apache:commons_beanutils:1.9.4:*:*:*:*:*:*:*pkg:maven/commons-beanutils/commons-beanutils@1.9.4 0Highest168
commons-chain-1.1.jarpkg:maven/commons-chain/commons-chain@1.1 075
commons-codec-1.11.jarpkg:maven/commons-codec/commons-codec@1.11 0103
commons-collections-3.2.2.jarcpe:2.3:a:apache:commons_collections:3.2.2:*:*:*:*:*:*:*pkg:maven/commons-collections/commons-collections@3.2.2 0Highest84
commons-digester-1.8.jarpkg:maven/commons-digester/commons-digester@1.8 090
commons-lang-2.4.jarpkg:maven/commons-lang/commons-lang@2.4 0104
commons-lang3-3.8.1.jarpkg:maven/org.apache.commons/commons-lang3@3.8.1 0140
commons-logging-1.2.jarpkg:maven/commons-logging/commons-logging@1.2 0117
commons-text-1.3.jarcpe:2.3:a:apache:commons_text:1.3:*:*:*:*:*:*:*pkg:maven/org.apache.commons/commons-text@1.3 0Highest67
compiler-0.9.10.jarpkg:maven/com.github.spullara.mustache.java/compiler@0.9.10 027
derby-10.14.2.0.jarcpe:2.3:a:apache:derby:10.14.2.0:*:*:*:*:*:*:*pkg:maven/org.apache.derby/derby@10.14.2.0CRITICAL1Highest26
dom4j-1.1.jarcpe:2.3:a:dom4j_project:dom4j:1.1:*:*:*:*:*:*:*pkg:maven/dom4j/dom4j@1.1CRITICAL2Highest17
doxia-core-1.11.1.jarpkg:maven/org.apache.maven.doxia/doxia-core@1.11.1 026
doxia-decoration-model-1.11.1.jarpkg:maven/org.apache.maven.doxia/doxia-decoration-model@1.11.1 026
doxia-integration-tools-1.11.1.jarpkg:maven/org.apache.maven.doxia/doxia-integration-tools@1.11.1 028
doxia-logging-api-1.11.1.jarpkg:maven/org.apache.maven.doxia/doxia-logging-api@1.11.1 028
doxia-module-xhtml-1.11.1.jarpkg:maven/org.apache.maven.doxia/doxia-module-xhtml@1.11.1 028
doxia-module-xhtml5-1.11.1.jarpkg:maven/org.apache.maven.doxia/doxia-module-xhtml5@1.11.1 028
doxia-sink-api-1.11.1.jarpkg:maven/org.apache.maven.doxia/doxia-sink-api@1.11.1 028
doxia-site-renderer-1.11.1.jarpkg:maven/org.apache.maven.doxia/doxia-site-renderer@1.11.1 026
doxia-skin-model-1.11.1.jarpkg:maven/org.apache.maven.doxia/doxia-skin-model@1.11.1 026
failureaccess-1.0.2.jarpkg:maven/com.google.guava/failureaccess@1.0.2 032
flexmark-0.34.32.jarpkg:maven/com.vladsch.flexmark/flexmark@0.34.32 022
flexmark-ext-abbreviation-0.34.32.jarpkg:maven/com.vladsch.flexmark/flexmark-ext-abbreviation@0.34.32 027
flexmark-ext-aside-0.34.32.jarpkg:maven/com.vladsch.flexmark/flexmark-ext-aside@0.34.32 027
flexmark-ext-autolink-0.34.32.jarpkg:maven/com.vladsch.flexmark/flexmark-ext-autolink@0.34.32 027
flexmark-ext-definition-0.34.32.jarpkg:maven/com.vladsch.flexmark/flexmark-ext-definition@0.34.32 027
flexmark-ext-emoji-0.34.32.jarpkg:maven/com.vladsch.flexmark/flexmark-ext-emoji@0.34.32 027
flexmark-ext-escaped-character-0.34.32.jarpkg:maven/com.vladsch.flexmark/flexmark-ext-escaped-character@0.34.32 027
flexmark-ext-footnotes-0.34.32.jarpkg:maven/com.vladsch.flexmark/flexmark-ext-footnotes@0.34.32 027
flexmark-ext-gfm-strikethrough-0.34.32.jarpkg:maven/com.vladsch.flexmark/flexmark-ext-gfm-strikethrough@0.34.32 027
flexmark-ext-gfm-tasklist-0.34.32.jarpkg:maven/com.vladsch.flexmark/flexmark-ext-gfm-tasklist@0.34.32 027
flexmark-ext-ins-0.34.32.jarpkg:maven/com.vladsch.flexmark/flexmark-ext-ins@0.34.32 027
flexmark-ext-jekyll-front-matter-0.34.32.jarpkg:maven/com.vladsch.flexmark/flexmark-ext-jekyll-front-matter@0.34.32 027
flexmark-ext-superscript-0.34.32.jarpkg:maven/com.vladsch.flexmark/flexmark-ext-superscript@0.34.32 025
flexmark-ext-tables-0.34.32.jarpkg:maven/com.vladsch.flexmark/flexmark-ext-tables@0.34.32 027
flexmark-ext-toc-0.34.32.jarpkg:maven/com.vladsch.flexmark/flexmark-ext-toc@0.34.32 027
flexmark-ext-typographic-0.34.32.jarpkg:maven/com.vladsch.flexmark/flexmark-ext-typographic@0.34.32 027
flexmark-ext-wikilink-0.34.32.jarcpe:2.3:a:links:links:0.34.32:*:*:*:*:*:*:*pkg:maven/com.vladsch.flexmark/flexmark-ext-wikilink@0.34.32 0Low27
flexmark-ext-yaml-front-matter-0.34.32.jarpkg:maven/com.vladsch.flexmark/flexmark-ext-yaml-front-matter@0.34.32 027
flexmark-formatter-0.34.32.jarpkg:maven/com.vladsch.flexmark/flexmark-formatter@0.34.32 025
flexmark-jira-converter-0.34.32.jarpkg:maven/com.vladsch.flexmark/flexmark-jira-converter@0.34.32 027
flexmark-profile-pegdown-0.34.32.jarpkg:maven/com.vladsch.flexmark/flexmark-profile-pegdown@0.34.32 025
flexmark-util-0.34.32.jarpkg:maven/com.vladsch.flexmark/flexmark-util@0.34.32 024
google-collections-1.0.jarpkg:maven/com.google.collections/google-collections@1.0 029
guava-33.2.1-jre.jarcpe:2.3:a:google:guava:33.2.1:*:*:*:*:*:*:*pkg:maven/com.google.guava/guava@33.2.1-jre 0Highest27
guice-5.1.0.jarpkg:maven/com.google.inject/guice@5.1.0 034
hamcrest-core-1.3.jarpkg:maven/org.hamcrest/hamcrest-core@1.3 024
hsqldb-2.7.3.jarcpe:2.3:a:hsqldb:hypersql_database:2.7.3:*:*:*:*:*:*:*pkg:maven/org.hsqldb/hsqldb@2.7.3 0Low45
httpclient-4.5.13.jarcpe:2.3:a:apache:httpclient:4.5.13:*:*:*:*:*:*:*pkg:maven/org.apache.httpcomponents/httpclient@4.5.13 0Highest32
httpcore-4.4.14.jarpkg:maven/org.apache.httpcomponents/httpcore@4.4.14 032
jakarta.annotation-api-1.3.5.jarcpe:2.3:a:oracle:projects:1.3.5:*:*:*:*:*:*:*pkg:maven/jakarta.annotation/jakarta.annotation-api@1.3.5 0Low35
javax.inject-1.jarpkg:maven/javax.inject/javax.inject@1 020
jcommander-1.69.jarpkg:maven/com.beust/jcommander@1.69 024
json-20230227.jarcpe:2.3:a:json-java_project:json-java:20230227:*:*:*:*:*:*:*pkg:maven/org.json/json@20230227HIGH1Highest30
jul-to-slf4j-1.7.30.jarpkg:maven/org.slf4j/jul-to-slf4j@1.7.30 026
log4j-api-2.12.1.jarcpe:2.3:a:apache:log4j:2.12.1:*:*:*:*:*:*:*pkg:maven/org.apache.logging.log4j/log4j-api@2.12.1LOW1Highest42
log4j-to-slf4j-2.12.1.jarpkg:maven/org.apache.logging.log4j/log4j-to-slf4j@2.12.1 040
logback-core-1.2.3.jarcpe:2.3:a:qos:logback:1.2.3:*:*:*:*:*:*:*pkg:maven/ch.qos.logback/logback-core@1.2.3HIGH2Highest31
maven-artifact-3.9.8.jarpkg:maven/org.apache.maven/maven-artifact@3.9.8 026
maven-builder-support-3.9.8.jarpkg:maven/org.apache.maven/maven-builder-support@3.9.8 024
maven-core-3.9.8.jarcpe:2.3:a:apache:maven:3.9.8:*:*:*:*:*:*:*pkg:maven/org.apache.maven/maven-core@3.9.8 0Highest24
maven-model-3.9.8.jarpkg:maven/org.apache.maven/maven-model@3.9.8 026
maven-model-builder-3.9.8.jarpkg:maven/org.apache.maven/maven-model-builder@3.9.8 032
maven-plugin-annotations-3.13.1.jarpkg:maven/org.apache.maven.plugin-tools/maven-plugin-annotations@3.13.1 026
maven-plugin-api-3.9.8.jarpkg:maven/org.apache.maven/maven-plugin-api@3.9.8 026
maven-reporting-api-3.1.1.jarpkg:maven/org.apache.maven.reporting/maven-reporting-api@3.1.1 035
maven-reporting-impl-3.2.0.jarpkg:maven/org.apache.maven.reporting/maven-reporting-impl@3.2.0 035
maven-repository-metadata-3.9.8.jarpkg:maven/org.apache.maven/maven-repository-metadata@3.9.8 026
maven-resolver-api-1.9.20.jarpkg:maven/org.apache.maven.resolver/maven-resolver-api@1.9.20 034
maven-resolver-impl-1.9.20.jarpkg:maven/org.apache.maven.resolver/maven-resolver-impl@1.9.20 032
maven-resolver-named-locks-1.9.20.jarpkg:maven/org.apache.maven.resolver/maven-resolver-named-locks@1.9.20 033
maven-resolver-provider-3.9.8.jarpkg:maven/org.apache.maven/maven-resolver-provider@3.9.8 026
maven-resolver-spi-1.9.20.jarpkg:maven/org.apache.maven.resolver/maven-resolver-spi@1.9.20 032
maven-resolver-util-1.9.20.jarpkg:maven/org.apache.maven.resolver/maven-resolver-util@1.9.20 036
maven-settings-3.9.8.jarpkg:maven/org.apache.maven/maven-settings@3.9.8 026
maven-settings-builder-3.9.8.jarpkg:maven/org.apache.maven/maven-settings-builder@3.9.8 026
maven-shared-utils-3.4.2.jarcpe:2.3:a:apache:maven_shared_utils:3.4.2:*:*:*:*:*:*:*
cpe:2.3:a:utils_project:utils:3.4.2:*:*:*:*:*:*:*		pkg:maven/org.apache.maven.shared/maven-shared-utils@3.4.2 0Highest29
mssql-jdbc-12.6.3.jre11.jarcpe:2.3:a:www-sql_project:www-sql:12.6.3.jre11:*:*:*:*:*:*:*pkg:maven/com.microsoft.sqlserver/mssql-jdbc@12.6.3
pkg:maven/com.microsoft.sqlserver/mssql-jdbc@12.6.3.jre11		 0Highest36
mysql-connector-j-9.0.0.jarcpe:2.3:a:mysql:mysql:9.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_connector\/j:9.0.0:*:*:*:*:*:*:*		pkg:maven/com.mysql/mysql-connector-j@9.0.0 0Highest52
nashorn-core-15.4.jarpkg:maven/org.openjdk.nashorn/nashorn-core@15.4 023
nashorn-core-15.4.jar: base.js 00
nashorn-core-15.4.jar: bootstrap.js 00
nashorn-core-15.4.jar: controls.js 00
nashorn-core-15.4.jar: fxml.js 00
nashorn-core-15.4.jar: graphics.js 00
nashorn-core-15.4.jar: media.js 00
nashorn-core-15.4.jar: mozilla_compat.js 00
nashorn-core-15.4.jar: parser.js 00
nashorn-core-15.4.jar: swing.js 00
nashorn-core-15.4.jar: web.js 00
ojdbc11-23.4.0.24.05.jarcpe:2.3:a:oracle:jdbc:23.4.0.24.05:*:*:*:*:*:*:*pkg:maven/com.oracle.database.jdbc/ojdbc11@23.4.0.24.05 0Highest33
org.eclipse.sisu.inject-0.9.0.M3.jarpkg:maven/org.eclipse.sisu/org.eclipse.sisu.inject@0.9.0.M3 034
org.eclipse.sisu.plexus-0.9.0.M3.jarpkg:maven/org.eclipse.sisu/org.eclipse.sisu.plexus@0.9.0.M3 029
oro-2.0.8.jarpkg:maven/oro/oro@2.0.8 016
plexus-cipher-2.0.jarcpe:2.3:a:codehaus-plexus_project:codehaus-plexus:2.0:*:*:*:*:*:*:*pkg:maven/org.codehaus.plexus/plexus-cipher@2.0HIGH2Highest20
plexus-classworlds-2.8.0.jarcpe:2.3:a:codehaus-plexus_project:codehaus-plexus:2.8.0:*:*:*:*:*:*:*pkg:maven/org.codehaus.plexus/plexus-classworlds@2.8.0HIGH2Highest30
plexus-container-default-2.1.0.jarcpe:2.3:a:codehaus-plexus_project:codehaus-plexus:2.1.0:*:*:*:*:*:*:*pkg:maven/org.codehaus.plexus/plexus-container-default@2.1.0HIGH2Highest24
plexus-i18n-1.0-beta-10.jarcpe:2.3:a:codehaus-plexus_project:codehaus-plexus:1.0.eta-10:*:*:*:*:*:*:*pkg:maven/org.codehaus.plexus/plexus-i18n@1.0-beta-10HIGH2Highest24
plexus-interpolation-1.27.jarcpe:2.3:a:codehaus-plexus_project:codehaus-plexus:1.27:*:*:*:*:*:*:*pkg:maven/org.codehaus.plexus/plexus-interpolation@1.27HIGH2Highest27
plexus-sec-dispatcher-2.0.jarcpe:2.3:a:codehaus-plexus_project:codehaus-plexus:2.0:*:*:*:*:*:*:*
cpe:2.3:a:sec_project:sec:2.0:*:*:*:*:*:*:*		pkg:maven/org.codehaus.plexus/plexus-sec-dispatcher@2.0HIGH2Highest20
plexus-utils-3.5.1.jarcpe:2.3:a:codehaus-plexus_project:codehaus-plexus:3.5.1:*:*:*:*:*:*:*
cpe:2.3:a:plexus-utils_project:plexus-utils:3.5.1:*:*:*:*:*:*:*
cpe:2.3:a:utils_project:utils:3.5.1:*:*:*:*:*:*:*		pkg:maven/org.codehaus.plexus/plexus-utils@3.5.1 0Highest27
plexus-velocity-1.2.jarcpe:2.3:a:codehaus-plexus_project:codehaus-plexus:1.2:*:*:*:*:*:*:*pkg:maven/org.codehaus.plexus/plexus-velocity@1.2HIGH2Highest25
plexus-xml-3.0.0.jarcpe:2.3:a:codehaus-plexus_project:codehaus-plexus:3.0.0:*:*:*:*:*:*:*pkg:maven/org.codehaus.plexus/plexus-xml@3.0.0HIGH2Highest24
postgresql-42.7.3.jarcpe:2.3:a:postgresql:postgresql_jdbc_driver:42.7.3:*:*:*:*:*:*:*pkg:maven/org.postgresql/postgresql@42.7.3 0Low68
protobuf-java-4.26.1.jarcpe:2.3:a:google:protobuf-java:4.26.1:*:*:*:*:*:*:*
cpe:2.3:a:protobuf:protobuf:4.26.1:*:*:*:*:*:*:*		pkg:maven/com.google.protobuf/protobuf-java@4.26.1 0Highest27
schemaspy-6.2.4.jarpkg:maven/org.schemaspy/schemaspy@6.2.4 038
schemaspy-6.2.4.jar: anchor.min.js 00
schemaspy-6.2.4.jar: anomalies.js 00
schemaspy-6.2.4.jar: app.js 00
schemaspy-6.2.4.jar: app.min.js 00
schemaspy-6.2.4.jar: bootstrap.jspkg:javascript/bootstrap@3.3.7MEDIUM73
schemaspy-6.2.4.jar: bootstrap.min.jspkg:javascript/bootstrap@3.3.7MEDIUM73
schemaspy-6.2.4.jar: buttons.bootstrap.js 00
schemaspy-6.2.4.jar: buttons.bootstrap.min.js 00
schemaspy-6.2.4.jar: buttons.colVis.js 00
schemaspy-6.2.4.jar: buttons.colVis.min.js 00
schemaspy-6.2.4.jar: buttons.flash.js 00
schemaspy-6.2.4.jar: buttons.flash.min.js 00
schemaspy-6.2.4.jar: buttons.html5.js 00
schemaspy-6.2.4.jar: buttons.html5.min.js 00
schemaspy-6.2.4.jar: buttons.print.js 00
schemaspy-6.2.4.jar: buttons.print.min.js 00
schemaspy-6.2.4.jar: codemirror.js 00
schemaspy-6.2.4.jar: column.js 00
schemaspy-6.2.4.jar: constraint.js 00
schemaspy-6.2.4.jar: dashboard.js 00
schemaspy-6.2.4.jar: dashboard2.js 00
schemaspy-6.2.4.jar: dataTables.bootstrap.js 00
schemaspy-6.2.4.jar: dataTables.bootstrap.min.js 00
schemaspy-6.2.4.jar: dataTables.buttons.js 00
schemaspy-6.2.4.jar: dataTables.buttons.min.js 00
schemaspy-6.2.4.jar: demo.js 00
schemaspy-6.2.4.jar: fastclick.js 00
schemaspy-6.2.4.jar: fastclick.min.js 00
schemaspy-6.2.4.jar: html5shiv.min.js 00
schemaspy-6.2.4.jar: jquery-2.2.3.min.jspkg:javascript/jquery@2.2.3.minMEDIUM53
schemaspy-6.2.4.jar: jquery-ui.jspkg:javascript/jquery-ui-dialog@1.11.4
pkg:javascript/jquery-ui@1.11.4		MEDIUM55
schemaspy-6.2.4.jar: jquery-ui.min.jspkg:javascript/jquery-ui-dialog@1.11.4
pkg:javascript/jquery-ui@1.11.4		MEDIUM55
schemaspy-6.2.4.jar: jquery.dataTables.min.jspkg:javascript/jquery.datatables@1.10.15HIGH43
schemaspy-6.2.4.jar: jquery.jspkg:javascript/jquery@3.2.1MEDIUM33
schemaspy-6.2.4.jar: jquery.slimscroll.js 00
schemaspy-6.2.4.jar: jquery.slimscroll.min.js 00
schemaspy-6.2.4.jar: main.js 00
schemaspy-6.2.4.jar: npm.js 00
schemaspy-6.2.4.jar: pdfmake.min.js 00
schemaspy-6.2.4.jar: relationships.js 00
schemaspy-6.2.4.jar: respond.min.js 00
schemaspy-6.2.4.jar: routine.js 00
schemaspy-6.2.4.jar: routines.js 00
schemaspy-6.2.4.jar: salvattore.min.js 00
schemaspy-6.2.4.jar: schemaSpy.js 00
schemaspy-6.2.4.jar: sql.js 00
schemaspy-6.2.4.jar: table.js 00
schemaspy-6.2.4.jar: vfs_fonts.js 00
schemaspy-6.2.4.jar: viz.js 00
schemaspy-6.2.4.jar: xlsx.full.min.js 00
serializer-2.7.2.jarcpe:2.3:a:apache:xalan-java:2.7.2:*:*:*:*:*:*:*pkg:maven/xalan/serializer@2.7.2HIGH1Highest32
slf4j-api-1.7.36.jarpkg:maven/org.slf4j/slf4j-api@1.7.36 029
snakeyaml-1.25.jarcpe:2.3:a:snakeyaml_project:snakeyaml:1.25:*:*:*:*:*:*:*pkg:maven/org.yaml/snakeyaml@1.25CRITICAL8Highest44
spring-boot-2.2.11.RELEASE.jarcpe:2.3:a:vmware:spring_boot:2.2.11:release:*:*:*:*:*:*pkg:maven/org.springframework.boot/spring-boot@2.2.11.RELEASECRITICAL2Highest39
spring-core-5.2.10.RELEASE.jarcpe:2.3:a:pivotal_software:spring_framework:5.2.10:release:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:5.2.10:release:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:5.2.10:release:*:*:*:*:*:*		pkg:maven/org.springframework/spring-core@5.2.10.RELEASECRITICAL*10Highest36
velocity-1.7.jarcpe:2.3:a:apache:velocity_engine:1.7:*:*:*:*:*:*:*pkg:maven/org.apache.velocity/velocity@1.7HIGH1Low76
velocity-tools-2.0.jarcpe:2.3:a:apache:velocity_tools:2.0:*:*:*:*:*:*:*pkg:maven/org.apache.velocity/velocity-tools@2.0MEDIUM1Highest76
xalan-2.7.2.jarcpe:2.3:a:apache:xalan-java:2.7.2:*:*:*:*:*:*:*pkg:maven/xalan/xalan@2.7.2HIGH1Highest66
xbean-reflect-3.7.jarpkg:maven/org.apache.xbean/xbean-reflect@3.7 025
xml-apis-1.3.04.jarpkg:maven/xml-apis/xml-apis@1.3.04 071

* indicates the dependency has a known exploited vulnerability

Dependencies (vulnerable)

aopalliance-1.0.jar

Description:

AOP Alliance

License:

Public Domain
File Path: /home/mark/.m2/repository/aopalliance/aopalliance/1.0/aopalliance-1.0.jar
MD5: 04177054e180d09e3998808efa0401c7
SHA1: 0235ba8b489512805ac13a8f9ea77a1ca5ebe3e8
SHA256:0addec670fedcd3f113c5c8091d783280d23f75e3acb841b61a9cdb079376a08
Referenced In Project/Scope: SchemaSpy Maven Plugin:provided
aopalliance-1.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.8

Identifiers

asm-7.3.1.jar

Description:

ASM, a very small and fast Java bytecode manipulation framework

License:

BSD-3-Clause: https://asm.ow2.io/license.html
File Path: /home/mark/.m2/repository/org/ow2/asm/asm/7.3.1/asm-7.3.1.jar
MD5: 542c066ed00a4fa9857e9343e2c595b9
SHA1: 7ec32f922315924e82bf58b36ee1b673b2a9b820
SHA256:2f67e11ceec819ebd88ddee5300aba699b1cbab2e20c22e97cf027d3be93959b
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
asm-7.3.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4

Identifiers

asm-analysis-7.3.1.jar

Description:

Static code analysis API of ASM, a very small and fast Java bytecode manipulation framework

License:

BSD-3-Clause: https://asm.ow2.io/license.html
File Path: /home/mark/.m2/repository/org/ow2/asm/asm-analysis/7.3.1/asm-analysis-7.3.1.jar
MD5: b5b082ef17f6d6bb3d8ed9c129161bdb
SHA1: 045dfd299ea0c17d534499c4f06417ceccfa2d02
SHA256:46b8a8efd4b94facb5ab4b35afe30ee0546ae7a43d2c64e6def56c2f168fefa5
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
asm-analysis-7.3.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4

Identifiers

asm-commons-7.3.1.jar

Description:

Usefull class adapters based on ASM, a very small and fast Java bytecode manipulation framework

License:

BSD-3-Clause: https://asm.ow2.io/license.html
File Path: /home/mark/.m2/repository/org/ow2/asm/asm-commons/7.3.1/asm-commons-7.3.1.jar
MD5: be985ed0af52424f8f5d27ec71c249ab
SHA1: daaa79ef260eb67404b9a52bc319a024c7f49cfe
SHA256:87cd8bb3c6bf6bcbb33fca48060c5065f66ebf6a3d7de9bf18bff51bcf156ebc
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
asm-commons-7.3.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4

Identifiers

asm-tree-7.3.1.jar

Description:

Tree API of ASM, a very small and fast Java bytecode manipulation framework

License:

BSD-3-Clause: https://asm.ow2.io/license.html
File Path: /home/mark/.m2/repository/org/ow2/asm/asm-tree/7.3.1/asm-tree-7.3.1.jar
MD5: 3ef0bd9837a905e0b2d443de9199a409
SHA1: 587ce54d243145b2e89598bfcea7823ded73be5d
SHA256:f91a4a8aa868c5c4665bb4fd134019a91f9f8b9216527fba295e3c8b5422b78b
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
asm-tree-7.3.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4

Identifiers

asm-util-7.3.1.jar

Description:

Utilities for ASM, a very small and fast Java bytecode manipulation framework

License:

BSD-3-Clause: https://asm.ow2.io/license.html
File Path: /home/mark/.m2/repository/org/ow2/asm/asm-util/7.3.1/asm-util-7.3.1.jar
MD5: 181141e54fdd56474937d7ebfb325ba3
SHA1: cac1bf54c2fb86671c357d281d1060fe5d50a0de
SHA256:182128592742ed4883ac82bf205f137b6bfbe1234c68e6feb13759e75a85b729
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
asm-util-7.3.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4

Identifiers

autolink-0.6.0.jar

Description:

        Java library to extract links (URLs, email addresses) from plain text;
        fast, small and smart about recognizing where links end

License:

MIT License: http://www.opensource.org/licenses/mit-license.php
File Path: /home/mark/.m2/repository/org/nibor/autolink/autolink/0.6.0/autolink-0.6.0.jar
MD5: f2633571471a5957ee12e61b184e6219
SHA1: 3986d016a14e8c81afeec752f19af29b20e8367b
SHA256:a80be030f6386f18111cad9161c0b6983157352a1b59a59e6002172f0d321c04
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
autolink-0.6.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4

Identifiers

checker-qual-3.42.0.jar

Description:

checker-qual contains annotations (type qualifiers) that a programmer
writes to specify Java code for type-checking by the Checker Framework.

License:

The MIT License: http://opensource.org/licenses/MIT
File Path: /home/mark/.m2/repository/org/checkerframework/checker-qual/3.42.0/checker-qual-3.42.0.jar
MD5: 4c55448dcbfe9c3702f7758fc8fe0086
SHA1: 638ec33f363a94d41a4f03c3e7d3dcfba64e402d
SHA256:ccaedd33af0b7894d9f2f3b644f4d19e43928e32902e61ac4d10777830f5aac7
Referenced In Project/Scope: SchemaSpy Maven Plugin:runtime
checker-qual-3.42.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.postgresql/postgresql@42.7.3

Identifiers

commons-beanutils-1.9.4.jar

Description:

Apache Commons BeanUtils provides an easy-to-use but flexible wrapper around reflection and introspection.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/mark/.m2/repository/commons-beanutils/commons-beanutils/1.9.4/commons-beanutils-1.9.4.jar
MD5: 07dc532ee316fe1f2f0323e9bd2f8df4
SHA1: d52b9abcd97f38c81342bb7e7ae1eee9b73cba51
SHA256:7d938c81789028045c08c065e94be75fc280527620d5bd62b519d5838532368a
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
commons-beanutils-1.9.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/nl.geodienstencentrum.maven/schemaspy-maven-plugin@5.3.0-SNAPSHOT

Identifiers

commons-chain-1.1.jar

Description:

An implmentation of the GoF Chain of Responsibility pattern

License:

The Apache Software License, Version 2.0: /LICENSE.txt
File Path: /home/mark/.m2/repository/commons-chain/commons-chain/1.1/commons-chain-1.1.jar
MD5: d4ce482153073855e7c6453dc3c725cb
SHA1: 3038bd41dcdb2b63b8c6dcc8c15f0fdf3f389012
SHA256:e408f72da5ed4c5db6ae19e8c3b7ee36259c36c05f7a77f15509a014bfe7bcaa
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
commons-chain-1.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.reporting/maven-reporting-impl@3.2.0

Identifiers

commons-codec-1.11.jar

Description:

     The Apache Commons Codec package contains simple encoder and decoders for
     various formats such as Base64 and Hexadecimal.  In addition to these
     widely used encoders and decoders, the codec package also maintains a
     collection of phonetic encoding utilities.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/mark/.m2/repository/commons-codec/commons-codec/1.11/commons-codec-1.11.jar
MD5: 567159b1ae257a43e1391a8f59d24cfe
SHA1: 3acb4705652e16236558f0f4f2192cc33c3bd189
SHA256:e599d5318e97aa48f42136a2927e6dfa4e8881dff0e6c8e3109ddbbff51d7b7d
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
commons-codec-1.11.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.reporting/maven-reporting-impl@3.2.0

Identifiers

commons-collections-3.2.2.jar

Description:

Types that extend and augment the Java Collections Framework.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/mark/.m2/repository/commons-collections/commons-collections/3.2.2/commons-collections-3.2.2.jar
MD5: f54a8510f834a1a57166970bfc982e94
SHA1: 8ad72fe39fa8c91eaaf12aadb21e0c3661fe26d5
SHA256:eeeae917917144a68a741d4c0dff66aa5c5c5fd85593ff217bced3fc8ca783b8
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
commons-collections-3.2.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/commons-beanutils/commons-beanutils@1.9.4

Identifiers

commons-digester-1.8.jar

Description:

The Digester package lets you configure an XML->Java object mapping module
    which triggers certain actions called rules whenever a particular 
    pattern of nested XML elements is recognized.

License:

The Apache Software License, Version 2.0: /LICENSE.txt
File Path: /home/mark/.m2/repository/commons-digester/commons-digester/1.8/commons-digester-1.8.jar
MD5: cf89c593f0378e9509a06fce7030aeba
SHA1: dc6a73fdbd1fa3f0944e8497c6c872fa21dca37e
SHA256:05662373044f3dff112567b7bb5dfa1174e91e074c0c727b4412788013f49d56
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
commons-digester-1.8.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.reporting/maven-reporting-impl@3.2.0

Identifiers

commons-lang-2.4.jar

Description:

        Commons Lang, a package of Java utility classes for the
        classes that are in java.lang's hierarchy, or are considered to be so
        standard as to justify existence in java.lang.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/mark/.m2/repository/commons-lang/commons-lang/2.4/commons-lang-2.4.jar
MD5: 237a8e845441bad2e535c57d985c8204
SHA1: 16313e02a793435009f1e458fa4af5d879f6fb11
SHA256:2c73b940c91250bc98346926270f13a6a10bb6e29d2c9316a70d134e382c873e
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
commons-lang-2.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.reporting/maven-reporting-impl@3.2.0

Identifiers

commons-lang3-3.8.1.jar

Description:

  Apache Commons Lang, a package of Java utility classes for the
  classes that are in java.lang's hierarchy, or are considered to be so
  standard as to justify existence in java.lang.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/mark/.m2/repository/org/apache/commons/commons-lang3/3.8.1/commons-lang3-3.8.1.jar
MD5: 540b1256d887a6993ecbef23371a3302
SHA1: 6505a72a097d9270f7a9e7bf42c4238283247755
SHA256:dac807f65b07698ff39b1b07bfef3d87ae3fd46d91bbf8a2bc02b2a831616f68
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
commons-lang3-3.8.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.reporting/maven-reporting-impl@3.2.0

Identifiers

commons-logging-1.2.jar

Description:

Apache Commons Logging is a thin adapter allowing configurable bridging to other,
    well known logging systems.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/mark/.m2/repository/commons-logging/commons-logging/1.2/commons-logging-1.2.jar
MD5: 040b4b4d8eac886f6b4a2a3bd2f31b00
SHA1: 4bfc12adfe4842bf07b657f0369c4cb522955686
SHA256:daddea1ea0be0f56978ab3006b8ac92834afeefbd9b7e4e6316fca57df0fa636
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
commons-logging-1.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/commons-beanutils/commons-beanutils@1.9.4

Identifiers

commons-text-1.3.jar

Description:

Apache Commons Text is a library focused on algorithms working on strings.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/mark/.m2/repository/org/apache/commons/commons-text/1.3/commons-text-1.3.jar
MD5: e12b93c4a7fa6326e8afe557243c8651
SHA1: 9abf61708a66ab5e55f6169a200dbfc584b546d9
SHA256:8185b3a5311092d83ed1f184c2d093b3105d726bbd76867c32b3511542bb99a8
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
commons-text-1.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.reporting/maven-reporting-impl@3.2.0

Identifiers

compiler-0.9.10.jar

Description:

Implementation of mustache.js for Java

License:

Apache License 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: /home/mark/.m2/repository/com/github/spullara/mustache/java/compiler/0.9.10/compiler-0.9.10.jar
MD5: 5638fc78a17d5063cc4b0d00f6e87491
SHA1: 6111ae24e3be9ecbd75f5fe908583fc14b4f0174
SHA256:2b5a9217811cb99846a473fa8e0d233eb33629347b7f44941f6c0fbd4cdf1038
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
compiler-0.9.10.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4

Identifiers

derby-10.14.2.0.jar

Description:

Contains the core Apache Derby database engine, which also includes the embedded JDBC driver.

File Path: /home/mark/.m2/repository/org/apache/derby/derby/10.14.2.0/derby-10.14.2.0.jar
MD5: 3ddcc1d435344d39d0122dbc2f39a746
SHA1: 7efad40ef52fbb1f08142f07a83b42d29e47d8ce
SHA256:2c40eb581e5221ab33c7c796979b49ce404e7e393357c58f7bcdb30a09efca72
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
derby-10.14.2.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/nl.geodienstencentrum.maven/schemaspy-maven-plugin@5.3.0-SNAPSHOT

Identifiers

CVE-2022-46337  

A cleverly devised username might bypass LDAP authentication checks. In 
LDAP-authenticated Derby installations, this could let an attacker fill 
up the disk by creating junk Derby databases. In LDAP-authenticated 
Derby installations, this could also allow the attacker to execute 
malware which was visible to and executable by the account which booted 
the Derby server. In LDAP-protected databases which weren't also 
protected by SQL GRANT/REVOKE authorization, this vulnerability could 
also let an attacker view and corrupt sensitive data and run sensitive 
database functions and procedures.

Mitigation:

Users should upgrade to Java 21 and Derby 10.17.1.0.

Alternatively, users who wish to remain on older Java versions should 
build their own Derby distribution from one of the release families to 
which the fix was backported: 10.16, 10.15, and 10.14. Those are the 
releases which correspond, respectively, with Java LTS versions 17, 11, 
and 8.
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

dom4j-1.1.jar

File Path: /home/mark/.m2/repository/dom4j/dom4j/1.1/dom4j-1.1.jar
MD5: f1c39d0d2b2c6f5ffb0046841a34b5c9
SHA1: 0690b3108a502c8f033ea87e7278aec309ffa668
SHA256:50bd5c21b5fbd27b8bbb5f8050544b53f49a4480fd347ce9c46d55c706015156
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
dom4j-1.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.reporting/maven-reporting-impl@3.2.0

Identifiers

CVE-2020-10683  

dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.
CWE-611 Improper Restriction of XML External Entity Reference

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2018-1000632 (OSSINDEX)  

dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later.
CWE-91 XML Injection (aka Blind XPath Injection)

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:dom4j:dom4j:1.1:*:*:*:*:*:*:*

doxia-core-1.11.1.jar

Description:

Doxia core classes and interfaces.

File Path: /home/mark/.m2/repository/org/apache/maven/doxia/doxia-core/1.11.1/doxia-core-1.11.1.jar
MD5: a5f49cc5f7dadd2fa104974dfa3a6766
SHA1: 0b0438a61c2c1208b4d2e2b38241478383dd758b
SHA256:d79801594566bdd7168b1adf927c3cc40cf17a95dd4480b4151e45eb30128cd7
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
doxia-core-1.11.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.reporting/maven-reporting-impl@3.2.0

Identifiers

doxia-decoration-model-1.11.1.jar

Description:

The Decoration Model handles the decoration descriptor for sites, also known as site.xml.

File Path: /home/mark/.m2/repository/org/apache/maven/doxia/doxia-decoration-model/1.11.1/doxia-decoration-model-1.11.1.jar
MD5: 927ed3e7c39b6fed77875ed385b63447
SHA1: 1e10f4e9268b49edf40bca721eef07271bc91de5
SHA256:411fc167774f2e3573f280c57a278fbe7bae677ee596a8ad24bd6c6bb2c5bbce
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
doxia-decoration-model-1.11.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.reporting/maven-reporting-impl@3.2.0

Identifiers

doxia-integration-tools-1.11.1.jar

Description:

A collection of tools to help the integration of Doxia Sitetools in Maven plugins.

File Path: /home/mark/.m2/repository/org/apache/maven/doxia/doxia-integration-tools/1.11.1/doxia-integration-tools-1.11.1.jar
MD5: 1f3abb6a2c7c65b6f68f3ad45a76b3f5
SHA1: fdc4c4f29d10b0e2b5b9d7f9eea16812d496e478
SHA256:eee789dcb86f37f290c6c22198ea56bf529edf21590294e549a77a490ed21dbe
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
doxia-integration-tools-1.11.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.reporting/maven-reporting-impl@3.2.0

Identifiers

doxia-logging-api-1.11.1.jar

Description:

Doxia Logging API.

File Path: /home/mark/.m2/repository/org/apache/maven/doxia/doxia-logging-api/1.11.1/doxia-logging-api-1.11.1.jar
MD5: 6452e33a36b87939630e0b18f8ffcff0
SHA1: ee28757cce6ee0215bac550dead25074c97c532d
SHA256:243c66f842cd2b3ded7c6d2c36b177a65c3f5d94800cef988ba3e29ec8cf60c9
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
doxia-logging-api-1.11.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.reporting/maven-reporting-impl@3.2.0

Identifiers

doxia-module-xhtml-1.11.1.jar

Description:

    A Doxia module for Xhtml source documents.
    Xhtml format is supported both as source and target formats.

File Path: /home/mark/.m2/repository/org/apache/maven/doxia/doxia-module-xhtml/1.11.1/doxia-module-xhtml-1.11.1.jar
MD5: 82c4cfb79b666b922e1a8cf7b919df22
SHA1: f1b755a09934cd9c51d87b606c8e8ddf07719ebf
SHA256:3d298e2da1e11dba952cf4e5d750fafc41713470767b57c4f6969123c0892a23
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
doxia-module-xhtml-1.11.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.reporting/maven-reporting-impl@3.2.0

Identifiers

doxia-module-xhtml5-1.11.1.jar

Description:

    A Doxia module for Xhtml5 source documents.
    Xhtml5 format is supported both as source and target formats.

File Path: /home/mark/.m2/repository/org/apache/maven/doxia/doxia-module-xhtml5/1.11.1/doxia-module-xhtml5-1.11.1.jar
MD5: 37208526e7ed1051bc8c7f8dc076e5c9
SHA1: e4ee721555ff063d7ef9042d6b9237386c6b33e0
SHA256:3583ae17f9ae97db41da038dc67552a386e7a9f850f45fa6fdb0d2b9ef36a31c
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
doxia-module-xhtml5-1.11.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.reporting/maven-reporting-impl@3.2.0

Identifiers

doxia-sink-api-1.11.1.jar

Description:

Doxia Sink API.

File Path: /home/mark/.m2/repository/org/apache/maven/doxia/doxia-sink-api/1.11.1/doxia-sink-api-1.11.1.jar
MD5: b1bd5c9efde9f14969fa881b87fe709b
SHA1: 59c2255f58c78fbbcb7e638e82bd2914e78aec8b
SHA256:39ac38bb7d752ea003be17a0065522e4e1b076a4f7e374bea55259f3e133f28f
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
doxia-sink-api-1.11.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.reporting/maven-reporting-impl@3.2.0

Identifiers

doxia-site-renderer-1.11.1.jar

Description:

The Site Renderer handles the rendering of sites, merging site decoration with document content.

File Path: /home/mark/.m2/repository/org/apache/maven/doxia/doxia-site-renderer/1.11.1/doxia-site-renderer-1.11.1.jar
MD5: 871abead02f713fb9c02d5ba36f65bf7
SHA1: 414e3b2049aa6f6710ecca4fa905d9d2ce318773
SHA256:f279a087910d3e0728daad9114da8f3211cfb49b5e8457d05ee9ee5f04284527
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
doxia-site-renderer-1.11.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.reporting/maven-reporting-impl@3.2.0

Identifiers

doxia-skin-model-1.11.1.jar

Description:

The Skin Model defines metadata for Doxia Sitetools skins.

File Path: /home/mark/.m2/repository/org/apache/maven/doxia/doxia-skin-model/1.11.1/doxia-skin-model-1.11.1.jar
MD5: 6fa7b3005dad9f4b285a889b3b68d8aa
SHA1: b6994a60da09eb429c01362e9a6a510e0f83d24e
SHA256:5337efbe45413d24b71422d145062f84bde96271dab9f3a5caa3fab461974bf4
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
doxia-skin-model-1.11.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.reporting/maven-reporting-impl@3.2.0

Identifiers

failureaccess-1.0.2.jar

Description:

    Contains
    com.google.common.util.concurrent.internal.InternalFutureFailureAccess and
    InternalFutures. Most users will never need to use this artifact. Its
    classes are conceptually a part of Guava, but they're in this separate
    artifact so that Android libraries can use them without pulling in all of
    Guava (just as they can use ListenableFuture by depending on the
    listenablefuture artifact).

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/mark/.m2/repository/com/google/guava/failureaccess/1.0.2/failureaccess-1.0.2.jar
MD5: 3f75955b49b6758fd6d1e1bd9bf777b3
SHA1: c4a06a64e650562f30b7bf9aaec1bfed43aca12b
SHA256:8a8f81cf9b359e3f6dfa691a1e776985c061ef2f223c9b2c80753e1b458e8064
Referenced In Project/Scope: SchemaSpy Maven Plugin:provided
failureaccess-1.0.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.8

Identifiers

flexmark-0.34.32.jar

Description:

Core of flexmark-java (implementation of CommonMark for parsing markdown and rendering to HTML)

File Path: /home/mark/.m2/repository/com/vladsch/flexmark/flexmark/0.34.32/flexmark-0.34.32.jar
MD5: 382b5c90335fad2eb5d28fde5a55a0d4
SHA1: c2c2bf0e9c67757eb5996afe0ade71195227253b
SHA256:60fff3390d6836ddcf45be0a0f0e6b4602ce2f26508762851286b3a082648b53
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
flexmark-0.34.32.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4

Identifiers

flexmark-ext-abbreviation-0.34.32.jar

Description:

flexmark-java extension for defining abbreviations and turning appearance of these abbreviations in text into links with titles consisting of the expansion of the abbreviation

File Path: /home/mark/.m2/repository/com/vladsch/flexmark/flexmark-ext-abbreviation/0.34.32/flexmark-ext-abbreviation-0.34.32.jar
MD5: f663f0f2d098231cfd98a853a822e464
SHA1: 785fe944a8f5b5b54b30a4c40735f0f82d53aa25
SHA256:714ed71edd9e5c56ccd6f210b0eb79cf7240923ddf37bfd9ad8d03635f758f5e
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
flexmark-ext-abbreviation-0.34.32.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4

Identifiers

flexmark-ext-aside-0.34.32.jar

Description:

flexmark-java extension for converting | to aside tags

File Path: /home/mark/.m2/repository/com/vladsch/flexmark/flexmark-ext-aside/0.34.32/flexmark-ext-aside-0.34.32.jar
MD5: 2a54188164a2b5c0b22c280845a3160f
SHA1: 017d27b92514cd5b5c2494e1d2fe2cb3b695058c
SHA256:9bd05330490936009172b2b7bd9395c388839e36ca8bbaefd470b875d46c7e28
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
flexmark-ext-aside-0.34.32.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4

Identifiers

flexmark-ext-autolink-0.34.32.jar

Description:

flexmark-java extension for turning plain URLs and email addresses into links

File Path: /home/mark/.m2/repository/com/vladsch/flexmark/flexmark-ext-autolink/0.34.32/flexmark-ext-autolink-0.34.32.jar
MD5: 2be49f92ce3fc05f3a80b767a39bb72f
SHA1: 6a499f9ebf555ce8545382818103aaaf991af123
SHA256:072e2d8ea66caea1b214becb697271a3337f22fd0a3e6cfff4c7812c98d0a37e
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
flexmark-ext-autolink-0.34.32.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4

Identifiers

flexmark-ext-definition-0.34.32.jar

Description:

flexmark-java extension for definition

File Path: /home/mark/.m2/repository/com/vladsch/flexmark/flexmark-ext-definition/0.34.32/flexmark-ext-definition-0.34.32.jar
MD5: 06175b13310b36c4a42e9f41fb0a725f
SHA1: 1af7506590f76e6a81f78395a7b3ffa41cec8ff5
SHA256:27c05f0736294540a6922cd2369eb5178bab8c427977ebb49c5593754a5e3a72
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
flexmark-ext-definition-0.34.32.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4

Identifiers

flexmark-ext-emoji-0.34.32.jar

Description:

flexmark-java extension for emoji shortcuts using Emoji-Cheat-Sheet.com http://www.emoji-cheat-sheet.com/

File Path: /home/mark/.m2/repository/com/vladsch/flexmark/flexmark-ext-emoji/0.34.32/flexmark-ext-emoji-0.34.32.jar
MD5: b76e06cc514d0d3fde84ef695c6fe29f
SHA1: acbf86eabcaffeb0a5a90a9ab1933367f57ce2bb
SHA256:a9dc9e21e1b96718cfb45efe00e816b06d52a02c9451097f9ba3c17072c21661
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
flexmark-ext-emoji-0.34.32.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4

Identifiers

flexmark-ext-escaped-character-0.34.32.jar

Description:

flexmark-java extension for escaped_character

File Path: /home/mark/.m2/repository/com/vladsch/flexmark/flexmark-ext-escaped-character/0.34.32/flexmark-ext-escaped-character-0.34.32.jar
MD5: e3f75f4076188a21d4b0ccd43ba8425d
SHA1: e6d8328b599e9af5c2ddff3a9559dfe3545f9008
SHA256:654fbb2f164aa6ba3ce35cd43ac6bc65801c9a7f36ddb160963a5fb2730d0064
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
flexmark-ext-escaped-character-0.34.32.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4

Identifiers

flexmark-ext-footnotes-0.34.32.jar

Description:

flexmark-java extension for footnote inline elments and footnote definitions

File Path: /home/mark/.m2/repository/com/vladsch/flexmark/flexmark-ext-footnotes/0.34.32/flexmark-ext-footnotes-0.34.32.jar
MD5: 79bb8079973223f14f06231fd9623bf6
SHA1: b4e1426e8658312dc2f61df1d64f8abc40fe385f
SHA256:f4d92a042d3f64cb94deb7fe8dc52b5dab9a6efea01cf54b844cb0ea77a91992
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
flexmark-ext-footnotes-0.34.32.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4

Identifiers

flexmark-ext-gfm-strikethrough-0.34.32.jar

Description:

flexmark-java extension for GFM strikethrough using ~~ (GitHub Flavored Markdown)

File Path: /home/mark/.m2/repository/com/vladsch/flexmark/flexmark-ext-gfm-strikethrough/0.34.32/flexmark-ext-gfm-strikethrough-0.34.32.jar
MD5: a5a9e5ebfb9a1f58873d9ecd27dd348d
SHA1: acc88a9aabb0ac71d6d63c7bcccb2b082ba38b73
SHA256:2678273cae59d949007172fd439157f8c5f2b777f856587ad305c2bf3a55113d
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
flexmark-ext-gfm-strikethrough-0.34.32.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4

Identifiers

flexmark-ext-gfm-tasklist-0.34.32.jar

Description:

flexmark-java extension to convert bullet list items that start with [ ] to a TaskListItem node

File Path: /home/mark/.m2/repository/com/vladsch/flexmark/flexmark-ext-gfm-tasklist/0.34.32/flexmark-ext-gfm-tasklist-0.34.32.jar
MD5: 6b0c5a675ca4154683a20da590e68188
SHA1: ea598ab99f7c961370f7119897a0b8efc2275566
SHA256:0fb4e680ab4ed40d67ac3399dc0ad2d95cbe902036abee994995eda53ce08fdc
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
flexmark-ext-gfm-tasklist-0.34.32.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4

Identifiers

flexmark-ext-ins-0.34.32.jar

Description:

flexmark-java extension for ins

File Path: /home/mark/.m2/repository/com/vladsch/flexmark/flexmark-ext-ins/0.34.32/flexmark-ext-ins-0.34.32.jar
MD5: 6de13c82fedd06bde84a659a7f97d318
SHA1: 198876100bb1561e2bebb67bdfb05053aac92252
SHA256:8db30a0569f722fd33671df895bd465d36aad56782f8fb132fe41bef138fc8ac
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
flexmark-ext-ins-0.34.32.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4

Identifiers

flexmark-ext-jekyll-front-matter-0.34.32.jar

Description:

flexmark-java extension for jekyll_front_matter

File Path: /home/mark/.m2/repository/com/vladsch/flexmark/flexmark-ext-jekyll-front-matter/0.34.32/flexmark-ext-jekyll-front-matter-0.34.32.jar
MD5: d75e222b62c266ebf19b1481cf0c6f08
SHA1: 3ba2481406202ffb2a3dd1ef888a0be7e6050b8c
SHA256:4fc8404e83cf4d23ea3850dd607553db56141f4dc787dd5ecbcf7c8151e63e14
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
flexmark-ext-jekyll-front-matter-0.34.32.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4

Identifiers

flexmark-ext-superscript-0.34.32.jar

Description:

flexmark-java extension for superscript

File Path: /home/mark/.m2/repository/com/vladsch/flexmark/flexmark-ext-superscript/0.34.32/flexmark-ext-superscript-0.34.32.jar
MD5: 32e7f7e13440b5a9d087845fba2b9fcb
SHA1: 2f9413cedcc339dd20328249cce6fcee63161a57
SHA256:538175c28416be2b150ce63986d5594df42d7f069592733fb94c81f08fe2f127
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
flexmark-ext-superscript-0.34.32.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4

Identifiers

flexmark-ext-tables-0.34.32.jar

Description:

flexmark-java extension for tables using "|" pipes with optional column spans and table caption

File Path: /home/mark/.m2/repository/com/vladsch/flexmark/flexmark-ext-tables/0.34.32/flexmark-ext-tables-0.34.32.jar
MD5: 0475a524aaca5cf09e242aa968034041
SHA1: 550d1891263034068014daa137c38b6b5854aafb
SHA256:662e9e726abe00c7e68b1d7e9f65a5a2e7fa77f7a32ef7e109783a7cbb2304cd
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
flexmark-ext-tables-0.34.32.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4

Identifiers

flexmark-ext-toc-0.34.32.jar

Description:

flexmark-java extension for toc

File Path: /home/mark/.m2/repository/com/vladsch/flexmark/flexmark-ext-toc/0.34.32/flexmark-ext-toc-0.34.32.jar
MD5: 5d5bed0edcf1c3c7d80520a47b1cf8ac
SHA1: f01a984c6c8c37015079c012e700417d182b0d5f
SHA256:6a3b44c952b76165196babc54a3ad85bc454d051b3331498348cf32810382772
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
flexmark-ext-toc-0.34.32.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4

Identifiers

flexmark-ext-typographic-0.34.32.jar

Description:

flexmark-java extension for typographic

File Path: /home/mark/.m2/repository/com/vladsch/flexmark/flexmark-ext-typographic/0.34.32/flexmark-ext-typographic-0.34.32.jar
MD5: 493f416bb0399faa70c9ef4565425fbc
SHA1: 0c8c5babe652bc1e87999ea07ef54818ae12c0d3
SHA256:6d5d09963cf211b9013ddf7cced1658edea3d6484e99af4dfd903ca239e2f2aa
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
flexmark-ext-typographic-0.34.32.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4

Identifiers

flexmark-ext-wikilink-0.34.32.jar

Description:

flexmark-java extension parsing and rendering wiki links

File Path: /home/mark/.m2/repository/com/vladsch/flexmark/flexmark-ext-wikilink/0.34.32/flexmark-ext-wikilink-0.34.32.jar
MD5: 6ff6ff0e5c7dd48d4d35328428878538
SHA1: 7e40b4e8bf1d409e593b8b69604a504835303df2
SHA256:865745f068c7ff1a5e363b893651330b1336282c6664a7b635634263a4ed7898
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
flexmark-ext-wikilink-0.34.32.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4

Identifiers

flexmark-ext-yaml-front-matter-0.34.32.jar

Description:

flexmark-java extension for YAML front matter

File Path: /home/mark/.m2/repository/com/vladsch/flexmark/flexmark-ext-yaml-front-matter/0.34.32/flexmark-ext-yaml-front-matter-0.34.32.jar
MD5: 3de9fc9e100d6f4e6b2644b79a8db5e4
SHA1: 0509b24c760f37699d155e63443138977f519373
SHA256:7cdb249e1906b89d84399d6de54c7afe7f4715d6ad2c30ec60f5f756d7b9e475
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
flexmark-ext-yaml-front-matter-0.34.32.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4

Identifiers

flexmark-formatter-0.34.32.jar

Description:

flexmark-java extension for formatter

File Path: /home/mark/.m2/repository/com/vladsch/flexmark/flexmark-formatter/0.34.32/flexmark-formatter-0.34.32.jar
MD5: bae1cc2191f3bd80d09d5cfcb432a68d
SHA1: 5d35d76873bce4f5707c2df5c6be47ca42f59901
SHA256:6d8e8b4bf0e34c993a4727873e5eab86015a3121dc7bf169d97d71d45c9dd78e
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
flexmark-formatter-0.34.32.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4

Identifiers

flexmark-jira-converter-0.34.32.jar

Description:

flexmark-java extension for jira_converter

File Path: /home/mark/.m2/repository/com/vladsch/flexmark/flexmark-jira-converter/0.34.32/flexmark-jira-converter-0.34.32.jar
MD5: 676e66b37015c3a02a249dbdb3d6666a
SHA1: 75ca8726c7a24efa1bfa74e5fe879cd929ec0cfe
SHA256:a6a33938ff6dfe5be0f2c5ba630a84b47e9f36334c5e415bb9069366ad96e2e3
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
flexmark-jira-converter-0.34.32.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4

Identifiers

flexmark-profile-pegdown-0.34.32.jar

Description:

flexmark-java extension for setting flexmark options by using pegdown extension flags

File Path: /home/mark/.m2/repository/com/vladsch/flexmark/flexmark-profile-pegdown/0.34.32/flexmark-profile-pegdown-0.34.32.jar
MD5: a7808bb410e1ae87e66b42c3825888ab
SHA1: 30226a940419942e37a88b0a4c79a676ca78f788
SHA256:e62eaf00d9249aeb921eea709c492f5ffd085e75a15f2ca2a3944165351dd834
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
flexmark-profile-pegdown-0.34.32.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4

Identifiers

flexmark-util-0.34.32.jar

Description:

flexmark-java utility classes

File Path: /home/mark/.m2/repository/com/vladsch/flexmark/flexmark-util/0.34.32/flexmark-util-0.34.32.jar
MD5: 240493638f5833ff8563a0b8b0ecd37f
SHA1: a06050bd9933ac68bc1f266d47c16e772675fea9
SHA256:2ee09f5826e303f37b2b88e3ae5bb7dcc70935ed1736c3a986e8bb8786f8f89c
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
flexmark-util-0.34.32.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4

Identifiers

google-collections-1.0.jar

Description:

Google Collections Library is a suite of new collections and collection-related goodness for Java 5.0

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/mark/.m2/repository/com/google/collections/google-collections/1.0/google-collections-1.0.jar
MD5: 7c882c8d734e50112000e4a88e06c535
SHA1: 9ffe71ac6dcab6bc03ea13f5c2e7b2804e69b357
SHA256:81b8d638af0083c4b877099d56aa0fee714485cd2ace1b6a09cab867cadb375d
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
google-collections-1.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.reporting/maven-reporting-impl@3.2.0

Identifiers

guava-33.2.1-jre.jar

Description:

    Guava is a suite of core and expanded libraries that include
    utility classes, Google's collections, I/O classes, and
    much more.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/mark/.m2/repository/com/google/guava/guava/33.2.1-jre/guava-33.2.1-jre.jar
MD5: 872309e5982530bdc7e68096c0d53cd2
SHA1: 818e780da2c66c63bbb6480fef1f3855eeafa3e4
SHA256:452b2d9787b7d366fa8cf5ed9a1c40404542d05effa7a598da03bbbbb76d9f31
Referenced In Project/Scope: SchemaSpy Maven Plugin:provided
guava-33.2.1-jre.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.8

Identifiers

guice-5.1.0.jar

Description:

Guice is a lightweight dependency injection framework for Java 6 and above

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/mark/.m2/repository/com/google/inject/guice/5.1.0/guice-5.1.0.jar
MD5: 2560169296aa94492af34af2115e9511
SHA1: da25056c694c54ba16e78e4fc35f17fc60f0d1b4
SHA256:4130e50bfac48099c860f0d903b91860c81a249c90f38245f8fed58fc817bc26
Referenced In Project/Scope: SchemaSpy Maven Plugin:provided
guice-5.1.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.8

Identifiers

hamcrest-core-1.3.jar

Description:

    This is the core API of hamcrest matcher framework to be used by third-party framework providers. This includes the a foundation set of matcher implementations for common operations.

File Path: /home/mark/.m2/repository/org/hamcrest/hamcrest-core/1.3/hamcrest-core-1.3.jar
MD5: 6393363b47ddcbba82321110c3e07519
SHA1: 42a25dc3219429f0e5d060061f71acb49bf010a0
SHA256:66fdef91e9739348df7a096aa384a5685f4e875584cce89386a7a47251c4d8e9
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
hamcrest-core-1.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/junit/junit@4.13.2

Identifiers

hsqldb-2.7.3.jar

Description:

HSQLDB - Lightweight 100% Java SQL Database Engine

License:

HSQLDB License, a BSD open source license: http://hsqldb.org/web/hsqlLicense.html
File Path: /home/mark/.m2/repository/org/hsqldb/hsqldb/2.7.3/hsqldb-2.7.3.jar
MD5: 724301ab61ff54755deec86c7a724505
SHA1: 85b49338b36f3051d217295596cf92beb92e4bfb
SHA256:6f2f77eedbe75cfbe26bf30d73b13de0cc57fb7cdb27a92ed8c1a012f0e2363a
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
hsqldb-2.7.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/nl.geodienstencentrum.maven/schemaspy-maven-plugin@5.3.0-SNAPSHOT

Identifiers

httpclient-4.5.13.jar

Description:

   Apache HttpComponents Client

File Path: /home/mark/.m2/repository/org/apache/httpcomponents/httpclient/4.5.13/httpclient-4.5.13.jar
MD5: 40d6b9075fbd28fa10292a45a0db9457
SHA1: e5f6cae5ca7ecaac1ec2827a9e2d65ae2869cada
SHA256:6fe9026a566c6a5001608cf3fc32196641f6c1e5e1986d1037ccdbd5f31ef743
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
httpclient-4.5.13.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.reporting/maven-reporting-impl@3.2.0

Identifiers

httpcore-4.4.14.jar

Description:

   Apache HttpComponents Core (blocking I/O)

File Path: /home/mark/.m2/repository/org/apache/httpcomponents/httpcore/4.4.14/httpcore-4.4.14.jar
MD5: 2b3991eda121042765a5ee299556c200
SHA1: 9dd1a631c082d92ecd4bd8fd4cf55026c720a8c1
SHA256:f956209e450cb1d0c51776dfbd23e53e9dd8db9a1298ed62b70bf0944ba63b28
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
httpcore-4.4.14.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.reporting/maven-reporting-impl@3.2.0

Identifiers

jakarta.annotation-api-1.3.5.jar

Description:

Jakarta Annotations API

License:

EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html
File Path: /home/mark/.m2/repository/jakarta/annotation/jakarta.annotation-api/1.3.5/jakarta.annotation-api-1.3.5.jar
MD5: 8b165cf58df5f8c2a222f637c0a07c97
SHA1: 59eb84ee0d616332ff44aba065f3888cf002cd2d
SHA256:85fb03fc054cdf4efca8efd9b6712bbb418e1ab98241c4539c8585bbc23e1b8a
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
jakarta.annotation-api-1.3.5.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4

Identifiers

javax.inject-1.jar

Description:

The javax.inject API

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/mark/.m2/repository/javax/inject/javax.inject/1/javax.inject-1.jar
MD5: 289075e48b909e9e74e6c915b3631d2e
SHA1: 6975da39a7040257bd51d21a231b76c915872d38
SHA256:91c77044a50c481636c32d916fd89c9118a72195390452c81065080f957de7ff
Referenced In Project/Scope: SchemaSpy Maven Plugin:provided
javax.inject-1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.8

Identifiers

jcommander-1.69.jar

Description:

Command line parsing

License:

Apache 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: /home/mark/.m2/repository/com/beust/jcommander/1.69/jcommander-1.69.jar
MD5: 45bed2649f8429973c486579631c69c7
SHA1: bdf17915d565a7c88a2a0fe05afb5b99ecf24555
SHA256:c2534833996d60581127ddc5139bb94f27f46badc77e1356746d58d9a3dcd99e
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
jcommander-1.69.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4

Identifiers

json-20230227.jar

Description:

        JSON is a light-weight, language independent, data interchange format.
        See http://www.JSON.org/

        The files in this package implement JSON encoders/decoders in Java.
        It also includes the capability to convert between JSON and XML, HTTP
        headers, Cookies, and CDL.

        This is a reference implementation. There is a large number of JSON packages
        in Java. Perhaps someday the Java community will standardize on one. Until
        then, choose carefully.

License:

Public Domain: https://github.com/stleary/JSON-java/blob/master/LICENSE
File Path: /home/mark/.m2/repository/org/json/json/20230227/json-20230227.jar
MD5: 6b9a69b21979b0c3cb5733db19ea51b1
SHA1: 7a0d4aca76513d8ce81f9b044ce8126b84809ad8
SHA256:9ed26791dc2d8629fdf8a207f1aebadcb50d641be637664310ef51c0f73e269b
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
json-20230227.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4

Identifiers

CVE-2023-5072  

Denial of Service  in JSON-Java versions up to and including 20230618.  A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions:

jul-to-slf4j-1.7.30.jar

Description:

JUL to SLF4J bridge

File Path: /home/mark/.m2/repository/org/slf4j/jul-to-slf4j/1.7.30/jul-to-slf4j-1.7.30.jar
MD5: f2c78cb93d70dc5dea0c50f36ace09c1
SHA1: d58bebff8cbf70ff52b59208586095f467656c30
SHA256:bbcbfdaa72572255c4f85207a9bfdb24358dc993e41252331bd4d0913e4988b9
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
jul-to-slf4j-1.7.30.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4

Identifiers

log4j-api-2.12.1.jar

Description:

The Apache Log4j API

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/mark/.m2/repository/org/apache/logging/log4j/log4j-api/2.12.1/log4j-api-2.12.1.jar
MD5: 4a6f276d4fb426c8d489343c0325bb75
SHA1: a55e6d987f50a515c9260b0451b4fa217dc539cb
SHA256:429534d03bdb728879ab551d469e26f6f7ff4c8a8627f59ac68ab6ef26063515
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
log4j-api-2.12.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4

Identifiers

CVE-2020-9488  

Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1
CWE-295 Improper Certificate Validation

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSSv3:
  • Base Score: LOW (3.7)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:2.2/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

log4j-to-slf4j-2.12.1.jar

Description:

The Apache Log4j binding between Log4j 2 API and SLF4J.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/mark/.m2/repository/org/apache/logging/log4j/log4j-to-slf4j/2.12.1/log4j-to-slf4j-2.12.1.jar
MD5: a6fdf03c03b6f5fac5a978031a06777e
SHA1: dfb42ea8ce1a399bcf7218efe8115a0b7ab3788a
SHA256:69d4aa504294033ea0d1236aabe81ed3f6393b6eb42e61899b197a51a3df73e9
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
log4j-to-slf4j-2.12.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4

Identifiers

logback-core-1.2.3.jar

Description:

logback-core module

License:

http://www.eclipse.org/legal/epl-v10.html, http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html
File Path: /home/mark/.m2/repository/ch/qos/logback/logback-core/1.2.3/logback-core-1.2.3.jar
MD5: 841fc80c6edff60d947a3872a2db4d45
SHA1: 864344400c3d4d92dfeb0a305dc87d953677c03c
SHA256:5946d837fe6f960c02a53eda7a6926ecc3c758bbdd69aa453ee429f858217f22
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
logback-core-1.2.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4

Identifiers

CVE-2023-6378  

A serialization vulnerability in logback receiver component part of 
logback version 1.4.11 allows an attacker to mount a Denial-Of-Service 
attack by sending poisoned data.
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2021-42550  

In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.
CWE-502 Deserialization of Untrusted Data

CVSSv2:
  • Base Score: HIGH (8.5)
  • Vector: /AV:N/AC:M/Au:S/C:C/I:C/A:C
CVSSv3:
  • Base Score: MEDIUM (6.6)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:0.7/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

maven-artifact-3.9.8.jar

File Path: /home/mark/.m2/repository/org/apache/maven/maven-artifact/3.9.8/maven-artifact-3.9.8.jar
MD5: 17edb392c44a1cf3c17fc03de10e5a66
SHA1: a7f2d502a8bf72d17ea97eca6c46776314703a66
SHA256:5e2f3cda004182fc815d48b70bc0d144cb128230a841dc711357d57c76c95972
Referenced In Project/Scope: SchemaSpy Maven Plugin:provided
maven-artifact-3.9.8.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/nl.geodienstencentrum.maven/schemaspy-maven-plugin@5.3.0-SNAPSHOT

Identifiers

maven-builder-support-3.9.8.jar

Description:

Support for descriptor builders (model, setting, toolchains)

File Path: /home/mark/.m2/repository/org/apache/maven/maven-builder-support/3.9.8/maven-builder-support-3.9.8.jar
MD5: 2fbd3edbf7d0e6e223d7169214c27572
SHA1: b64ad95a741566ab289916d8073f45d6e03884ea
SHA256:70103cdd84a039a620fb37ffb6f8c689f490af5c5dc5f11cbc15adc515a62e74
Referenced In Project/Scope: SchemaSpy Maven Plugin:provided
maven-builder-support-3.9.8.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.8

Identifiers

maven-core-3.9.8.jar

Description:

Maven Core classes.

File Path: /home/mark/.m2/repository/org/apache/maven/maven-core/3.9.8/maven-core-3.9.8.jar
MD5: 16f8316d64b14e7848f8488f141a209f
SHA1: 986fe65310335f62a37d8da9cb90105e604f2642
SHA256:136d95ada12098f48222638bfdb68ace0e1b518d676cd43845d31eb0aed37736
Referenced In Project/Scope: SchemaSpy Maven Plugin:provided
maven-core-3.9.8.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/nl.geodienstencentrum.maven/schemaspy-maven-plugin@5.3.0-SNAPSHOT

Identifiers

maven-model-3.9.8.jar

Description:

Model for Maven POM (Project Object Model)

File Path: /home/mark/.m2/repository/org/apache/maven/maven-model/3.9.8/maven-model-3.9.8.jar
MD5: c9444eab1467f505fa169de504def7c4
SHA1: 4ba1512e002efe9f9efc09ac8899c613f344d518
SHA256:9b4be46c55f0720162664615d4fe8468f99866697a484e1652a19189656cb37d
Referenced In Project/Scope: SchemaSpy Maven Plugin:provided
maven-model-3.9.8.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/nl.geodienstencentrum.maven/schemaspy-maven-plugin@5.3.0-SNAPSHOT

Identifiers

maven-model-builder-3.9.8.jar

Description:

The effective model builder, with inheritance, profile activation, interpolation, ...

File Path: /home/mark/.m2/repository/org/apache/maven/maven-model-builder/3.9.8/maven-model-builder-3.9.8.jar
MD5: 7c00db0db68735f4f5e993ef958ac2b0
SHA1: cf62656255b038d5df460c95c3c2c75c98e2b350
SHA256:de166f6c06c217d9333de569f7661ef11d5122f74a78103ed5dd48e8a3bd3820
Referenced In Project/Scope: SchemaSpy Maven Plugin:provided
maven-model-builder-3.9.8.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.8

Identifiers

maven-plugin-annotations-3.13.1.jar

Description:

Java annotations to use in Mojos

File Path: /home/mark/.m2/repository/org/apache/maven/plugin-tools/maven-plugin-annotations/3.13.1/maven-plugin-annotations-3.13.1.jar
MD5: 28e0cd46a9e26fb2b222eb8509295a49
SHA1: ba70695f2f396589c49d5da5a99114ee71d03961
SHA256:8e22e4b806eb760990a0a9a79a8988d26af060b3342e00c62f7a0664f4d73575
Referenced In Project/Scope: SchemaSpy Maven Plugin:provided
maven-plugin-annotations-3.13.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/nl.geodienstencentrum.maven/schemaspy-maven-plugin@5.3.0-SNAPSHOT

Identifiers

maven-plugin-api-3.9.8.jar

Description:

The API for plugins - Mojos - development.

File Path: /home/mark/.m2/repository/org/apache/maven/maven-plugin-api/3.9.8/maven-plugin-api-3.9.8.jar
MD5: 377ff71179bafa180f347c25f6535c0d
SHA1: e7c822d321fcfe0aad7ce4cc5e4499e320718d61
SHA256:ec0d41b3c6de899b202523373fdf8571d354f09052c17bf4230baa1ca1cd7936
Referenced In Project/Scope: SchemaSpy Maven Plugin:provided
maven-plugin-api-3.9.8.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/nl.geodienstencentrum.maven/schemaspy-maven-plugin@5.3.0-SNAPSHOT

Identifiers

maven-reporting-api-3.1.1.jar

Description:

API to manage report generation.

File Path: /home/mark/.m2/repository/org/apache/maven/reporting/maven-reporting-api/3.1.1/maven-reporting-api-3.1.1.jar
MD5: 1e1e0b2f189c861995e33a2a746501bb
SHA1: 74ca00a13e46d065071cdf6376d7d231e0208916
SHA256:25be6603c97d28fa3dcd122073054271c8fcaf667d220dce7a26a61a6f3cffd1
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
maven-reporting-api-3.1.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.reporting/maven-reporting-impl@3.2.0

Identifiers

maven-reporting-impl-3.2.0.jar

Description:

Abstract classes to manage report generation.

File Path: /home/mark/.m2/repository/org/apache/maven/reporting/maven-reporting-impl/3.2.0/maven-reporting-impl-3.2.0.jar
MD5: 468bb08c4330fd7647405b33edf769be
SHA1: 97ffee6a6c3f81e341f42f641651a37f077759c6
SHA256:28f42c2f49f11dcba6d14ab3e365375442a9ed78ca2ec588e3e1f43455a4a14d
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
maven-reporting-impl-3.2.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/nl.geodienstencentrum.maven/schemaspy-maven-plugin@5.3.0-SNAPSHOT

Identifiers

maven-repository-metadata-3.9.8.jar

Description:

Per-directory local and remote repository metadata.

File Path: /home/mark/.m2/repository/org/apache/maven/maven-repository-metadata/3.9.8/maven-repository-metadata-3.9.8.jar
MD5: 30cdf526d0176a20067f436790d794d7
SHA1: aa8893d34ef8540b0e11adb452e9921074144e93
SHA256:1f3f29a6bd8a35c92a6e3cbb5992be74863868fd962e90457c33d28af25472f2
Referenced In Project/Scope: SchemaSpy Maven Plugin:provided
maven-repository-metadata-3.9.8.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.8

Identifiers

maven-resolver-api-1.9.20.jar

Description:

The application programming interface for the repository system.

License:

"Apache-2.0";link="https://www.apache.org/licenses/LICENSE-2.0.txt"
File Path: /home/mark/.m2/repository/org/apache/maven/resolver/maven-resolver-api/1.9.20/maven-resolver-api-1.9.20.jar
MD5: 424d206b1ab6cdedce55e575fe328ca8
SHA1: e9da4e71e96f5ca9418ebbf60d136fe37bfe4ee3
SHA256:dee92eda1cd293afbbbb0ee3d752f8c135e193e2232172e036a3f23e38c8c25d
Referenced In Project/Scope: SchemaSpy Maven Plugin:provided
maven-resolver-api-1.9.20.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.8

Identifiers

maven-resolver-impl-1.9.20.jar

Description:

An implementation of the repository system.

License:

"Apache-2.0";link="https://www.apache.org/licenses/LICENSE-2.0.txt"
File Path: /home/mark/.m2/repository/org/apache/maven/resolver/maven-resolver-impl/1.9.20/maven-resolver-impl-1.9.20.jar
MD5: 887341c5fba0ba48bc5d2d57d1f698d1
SHA1: 719030b9a577b2897983a23389a8e10dad393b36
SHA256:55672351fa78c1004188944ef874c21b924c32b1333a834ebebf65c3c499739b
Referenced In Project/Scope: SchemaSpy Maven Plugin:provided
maven-resolver-impl-1.9.20.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.8

Identifiers

maven-resolver-named-locks-1.9.20.jar

Description:

A synchronization utility implementation using Named locks.

License:

"Apache-2.0";link="https://www.apache.org/licenses/LICENSE-2.0.txt"
File Path: /home/mark/.m2/repository/org/apache/maven/resolver/maven-resolver-named-locks/1.9.20/maven-resolver-named-locks-1.9.20.jar
MD5: 956e10ad44281cedbf628fbbd141829a
SHA1: 0ff232fc989b53c8b0a6faf3b3160b19c7c7260e
SHA256:6d0725edfc618555bb70509865307287b80820438a327f778dbe8d6f8e26417d
Referenced In Project/Scope: SchemaSpy Maven Plugin:provided
maven-resolver-named-locks-1.9.20.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.8

Identifiers

maven-resolver-provider-3.9.8.jar

Description:

Extensions to Maven Resolver for utilizing Maven POM and repository metadata.

File Path: /home/mark/.m2/repository/org/apache/maven/maven-resolver-provider/3.9.8/maven-resolver-provider-3.9.8.jar
MD5: 724fba630d1325ac672cfbf43b83bf27
SHA1: 2b9b8dc45536107e9e514e038c36aeb6f7f9a33d
SHA256:20f3c83142e89cb40a7af50ff22df38268cd0ce8fafdca4244453207b8c39750
Referenced In Project/Scope: SchemaSpy Maven Plugin:provided
maven-resolver-provider-3.9.8.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.8

Identifiers

maven-resolver-spi-1.9.20.jar

Description:

The service provider interface for repository system implementations and repository connectors.

License:

"Apache-2.0";link="https://www.apache.org/licenses/LICENSE-2.0.txt"
File Path: /home/mark/.m2/repository/org/apache/maven/resolver/maven-resolver-spi/1.9.20/maven-resolver-spi-1.9.20.jar
MD5: 003ee5056c5f7ad9946922604a6677ac
SHA1: 5e0c56befb978b02c91c2684a2bb7906b18314a6
SHA256:04c3c41454298dff4f42ad2b69d5b18e74c3c9a329b4f501d717e157d56ebd11
Referenced In Project/Scope: SchemaSpy Maven Plugin:provided
maven-resolver-spi-1.9.20.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.8

Identifiers

maven-resolver-util-1.9.20.jar

Description:

A collection of utility classes to ease usage of the repository system.

License:

"Apache-2.0";link="https://www.apache.org/licenses/LICENSE-2.0.txt"
File Path: /home/mark/.m2/repository/org/apache/maven/resolver/maven-resolver-util/1.9.20/maven-resolver-util-1.9.20.jar
MD5: a4793187c72b39cc4d0b5c6b90de0578
SHA1: a1f2b661b14dec2f1644c501e0657ed46459bac0
SHA256:b869aca6c208d2b1fc92e846e1c13612a5ed2fda3bed9a7c1ae2ff5f14f8cf48
Referenced In Project/Scope: SchemaSpy Maven Plugin:provided
maven-resolver-util-1.9.20.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.8

Identifiers

maven-settings-3.9.8.jar

Description:

Maven Settings model.

File Path: /home/mark/.m2/repository/org/apache/maven/maven-settings/3.9.8/maven-settings-3.9.8.jar
MD5: 2778729df8446d53806c149826fbc874
SHA1: 2bcee8fce7cd50016148d4e667474867c6191d3e
SHA256:4087160614240b04cbb7e1d3af46ee27362e9d0d52e18356dd8bac7c183288ec
Referenced In Project/Scope: SchemaSpy Maven Plugin:provided
maven-settings-3.9.8.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.8

Identifiers

maven-settings-builder-3.9.8.jar

Description:

The effective settings builder, with inheritance and password decryption.

File Path: /home/mark/.m2/repository/org/apache/maven/maven-settings-builder/3.9.8/maven-settings-builder-3.9.8.jar
MD5: ea76db59df88fc388d45dad4fe4f410c
SHA1: ae79e5910986ae7e511bdb9e0eca12009ea83fd3
SHA256:46471aa98f27db5c8a90b383294d8ac3b529b7c30afe2bf02ac996cc2c175c99
Referenced In Project/Scope: SchemaSpy Maven Plugin:provided
maven-settings-builder-3.9.8.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.8

Identifiers

maven-shared-utils-3.4.2.jar

Description:

Shared utilities for use by Maven core and plugins

File Path: /home/mark/.m2/repository/org/apache/maven/shared/maven-shared-utils/3.4.2/maven-shared-utils-3.4.2.jar
MD5: 53a038f77a81cb5816ad2b1c7daa8711
SHA1: bfa28296272a5915b08de9f11f34a94b0a818fd0
SHA256:b613357e1bad4dfc1dead801691c9460f9585fe7c6b466bc25186212d7d18487
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
maven-shared-utils-3.4.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.8

Identifiers

mssql-jdbc-12.6.3.jre11.jar

Description:

		Microsoft JDBC Driver for SQL Server.

License:

MIT License: http://www.opensource.org/licenses/mit-license.php
File Path: /home/mark/.m2/repository/com/microsoft/sqlserver/mssql-jdbc/12.6.3.jre11/mssql-jdbc-12.6.3.jre11.jar
MD5: 82698b0c0f9c8b3aa4bdd6225fc5fe5e
SHA1: 88e2be5bc1ac4debaef4cd768a65c76808f3e532
SHA256:eaa86241ae64b454257cbc64dbd3afb1e5817da34a8c879389c7725e43d28dd4
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
mssql-jdbc-12.6.3.jre11.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/nl.geodienstencentrum.maven/schemaspy-maven-plugin@5.3.0-SNAPSHOT

Identifiers

mysql-connector-j-9.0.0.jar

Description:

JDBC Type 4 driver for MySQL.

License:

The GNU General Public License, v2 with Universal FOSS Exception, v1.0
File Path: /home/mark/.m2/repository/com/mysql/mysql-connector-j/9.0.0/mysql-connector-j-9.0.0.jar
MD5: 6499a1e1d41a037ad8e155c7960cb361
SHA1: 6fc50f53a8e364ad82886588a4b55d1f7460e6a5
SHA256:a221c4106b7fe68a45912cdbf8351f1b43ad3c53a43c3bc966181cc14f86fa30
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
mysql-connector-j-9.0.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/nl.geodienstencentrum.maven/schemaspy-maven-plugin@5.3.0-SNAPSHOT

Identifiers

nashorn-core-15.4.jar

Description:

Nashorn is an Open Source JavaScript (ECMAScript 5.1 and some 6 features) engine for the JVM.

License:

GPL v2 with the Classpath exception: https://github.com/openjdk/nashorn/blob/main/LICENSE
File Path: /home/mark/.m2/repository/org/openjdk/nashorn/nashorn-core/15.4/nashorn-core-15.4.jar
MD5: a9b3360e6a486cf62c1952c7816b7d97
SHA1: f67f5ffaa5f5130cf6fb9b133da00c7df3b532a5
SHA256:6f816e84dfd63a81d4eaa7829c08337bbaff3ec683ff3bf6bbd90d017a00dc6f
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
nashorn-core-15.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4

Identifiers

nashorn-core-15.4.jar: base.js

File Path: /home/mark/.m2/repository/org/openjdk/nashorn/nashorn-core/15.4/nashorn-core-15.4.jar/org/openjdk/nashorn/internal/runtime/resources/fx/base.js
MD5: 93c3e1b9f9491fb5b5df96a41441162c
SHA1: 6f2cfb7815fd7028792731ee5cd13651036e60bd
SHA256:824c73ce701b9820cc1b799e9af043f3663a72114be2a560ce1933ae1e4e496a
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

nashorn-core-15.4.jar: bootstrap.js

File Path: /home/mark/.m2/repository/org/openjdk/nashorn/nashorn-core/15.4/nashorn-core-15.4.jar/org/openjdk/nashorn/internal/runtime/resources/fx/bootstrap.js
MD5: 948cb0239b8abc93e84e813e2da8d6dc
SHA1: 79559bab4c6ae8b0ab573e37b82b50013f647956
SHA256:9ec201c6fcff2c9a2a536f80f8ea14f604092768011b5c4f59ec7b313cf359c4
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

nashorn-core-15.4.jar: controls.js

File Path: /home/mark/.m2/repository/org/openjdk/nashorn/nashorn-core/15.4/nashorn-core-15.4.jar/org/openjdk/nashorn/internal/runtime/resources/fx/controls.js
MD5: 4f9093fd24e64162c92385e1def8747f
SHA1: 016d3d27e7f9e8a6054d6248e1c2cfe72b062efd
SHA256:a065a17b974ffc3ac4c98a5177c21d39ccd70fa50eb9a4d10ed96074904285c8
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

nashorn-core-15.4.jar: fxml.js

File Path: /home/mark/.m2/repository/org/openjdk/nashorn/nashorn-core/15.4/nashorn-core-15.4.jar/org/openjdk/nashorn/internal/runtime/resources/fx/fxml.js
MD5: 262095de4844ffde10c018ef296107ee
SHA1: 5d41efdc93dac1dcecd4d6f3625f43a36af961bf
SHA256:0e411601888672288fdfa6c0018710c2156a2efef619cfd11719cdb0d63a2dfb
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

nashorn-core-15.4.jar: graphics.js

File Path: /home/mark/.m2/repository/org/openjdk/nashorn/nashorn-core/15.4/nashorn-core-15.4.jar/org/openjdk/nashorn/internal/runtime/resources/fx/graphics.js
MD5: 471022fc763c3ec65292a7f1689c58ff
SHA1: 014c1893d89dc76adbca7a30992b1c8db36c4db5
SHA256:8c12199afd230a5d936f7390a290bf899d536a731cc2b240478ecb077c3dd292
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

nashorn-core-15.4.jar: media.js

File Path: /home/mark/.m2/repository/org/openjdk/nashorn/nashorn-core/15.4/nashorn-core-15.4.jar/org/openjdk/nashorn/internal/runtime/resources/fx/media.js
MD5: 6eb77f5d138fab0f13d3601b0e68c2e1
SHA1: 385eb91d9f5d96d0575facda44c9cf1064c70a21
SHA256:e096e61fa52ef7109adae7011f5c7d004ca87aeeb43647af982e45dac77c2b0f
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

nashorn-core-15.4.jar: mozilla_compat.js

File Path: /home/mark/.m2/repository/org/openjdk/nashorn/nashorn-core/15.4/nashorn-core-15.4.jar/org/openjdk/nashorn/internal/runtime/resources/mozilla_compat.js
MD5: dcd9c8927badf397f82274077a7a9b82
SHA1: f953a1b5e422f41c66bbf32f314f8de4e8de1995
SHA256:f52167e7cec0601b53af50e3e3d9359057c37356cb3fd6fbfe0ba451bd70ff04
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

nashorn-core-15.4.jar: parser.js

File Path: /home/mark/.m2/repository/org/openjdk/nashorn/nashorn-core/15.4/nashorn-core-15.4.jar/org/openjdk/nashorn/internal/runtime/resources/parser.js
MD5: b1c71079ce0792c735ce93bb05f77f04
SHA1: 1436e8c38788e10b774eb97bddb186f417a2352f
SHA256:bb1b0b23cd2f74fdaf9cb508cc0dfd9b37529c72086e4279cb27dad664e4a261
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

nashorn-core-15.4.jar: swing.js

File Path: /home/mark/.m2/repository/org/openjdk/nashorn/nashorn-core/15.4/nashorn-core-15.4.jar/org/openjdk/nashorn/internal/runtime/resources/fx/swing.js
MD5: d92f35751bc4d6f50e6817884e7bd10e
SHA1: ebb47348ccaddb3f4dac31d91b839ce9bbc03d50
SHA256:7f1334e91b0d15bbcfcbd87b19ebf83f254065477f61e1a353ef1eaf9aaffe38
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

nashorn-core-15.4.jar: web.js

File Path: /home/mark/.m2/repository/org/openjdk/nashorn/nashorn-core/15.4/nashorn-core-15.4.jar/org/openjdk/nashorn/internal/runtime/resources/fx/web.js
MD5: c46659f1ba056770e2627807fc5f06d9
SHA1: c733b0eed6f6a37639039a77c496f9e4c2323cd4
SHA256:af7127f5a5af79f7c641a80b1dfa4de3bc6500c0a50258131379c7ec54b85484
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

ojdbc11-23.4.0.24.05.jar

Description:

 Oracle JDBC Driver compatible with JDK11, JDK17, JDK19, and JDK21

License:

Oracle Free Use Terms and Conditions (FUTC): https://www.oracle.com/downloads/licenses/oracle-free-license.html
File Path: /home/mark/.m2/repository/com/oracle/database/jdbc/ojdbc11/23.4.0.24.05/ojdbc11-23.4.0.24.05.jar
MD5: cdda9de4ae5241bba32739a31f2c795b
SHA1: 239c6f65f74ebdf08bf0da234815fc757a13224c
SHA256:87fb13d9cdbfee487bc38142d8ac531dc235ba3abe5d9c46369496883b2eb5b3
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
ojdbc11-23.4.0.24.05.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/nl.geodienstencentrum.maven/schemaspy-maven-plugin@5.3.0-SNAPSHOT

Identifiers

org.eclipse.sisu.inject-0.9.0.M3.jar

Description:

JSR330-based container; supports classpath scanning, auto-binding, and dynamic auto-wiring

License:

"Eclipse Public License, Version 2.0";link="https://www.eclipse.org/legal/epl-v20.html"
File Path: /home/mark/.m2/repository/org/eclipse/sisu/org.eclipse.sisu.inject/0.9.0.M3/org.eclipse.sisu.inject-0.9.0.M3.jar
MD5: 643a13084e0ac59cdda06319e1b348ea
SHA1: 3665002ba4d16dfa779ef658a63d0608c4bd898b
SHA256:15335c4dcf082f599fb8eddcfb58d6a7e9a9c97de2883c257089a479b9b24522
Referenced In Project/Scope: SchemaSpy Maven Plugin:provided
org.eclipse.sisu.inject-0.9.0.M3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.8

Identifiers

org.eclipse.sisu.plexus-0.9.0.M3.jar

Description:

Plexus-JSR330 adapter; adds Plexus support to the Sisu-Inject container

License:

"Eclipse Public License, Version 2.0";link="https://www.eclipse.org/legal/epl-v20.html"
File Path: /home/mark/.m2/repository/org/eclipse/sisu/org.eclipse.sisu.plexus/0.9.0.M3/org.eclipse.sisu.plexus-0.9.0.M3.jar
MD5: 964e7bc9837b270566f18b87af65f5d7
SHA1: b493c7abcc6e04fa0a6a20d489a3db0395c76f70
SHA256:c99674d3773e26154885661711f0b6d63aa5008f5cc99227a236756d4ad9de5e
Referenced In Project/Scope: SchemaSpy Maven Plugin:provided
org.eclipse.sisu.plexus-0.9.0.M3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.8

Identifiers

oro-2.0.8.jar

File Path: /home/mark/.m2/repository/oro/oro/2.0.8/oro-2.0.8.jar
MD5: 42e940d5d2d822f4dc04c65053e630ab
SHA1: 5592374f834645c4ae250f4c9fbb314c9369d698
SHA256:e00ccdad5df7eb43fdee44232ef64602bf63807c2d133a7be83ba09fd49af26e
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
oro-2.0.8.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.reporting/maven-reporting-impl@3.2.0

Identifiers

plexus-cipher-2.0.jar

File Path: /home/mark/.m2/repository/org/codehaus/plexus/plexus-cipher/2.0/plexus-cipher-2.0.jar
MD5: 55d612839faf248cbe3e273969c002c2
SHA1: 425ea8e534716b4bff1ea90f39bd76be951d651b
SHA256:9a7f1b5c5a9effd61eadfd8731452a2f76a8e79111fac391ef75ea801bea203a
Referenced In Project/Scope: SchemaSpy Maven Plugin:provided
plexus-cipher-2.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.8

Identifiers

CVE-2022-4244  

A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files.
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2022-4245  

A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection.
CWE-611 Improper Restriction of XML External Entity Reference, CWE-91 XML Injection (aka Blind XPath Injection)

CVSSv3:
  • Base Score: MEDIUM (4.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

plexus-classworlds-2.8.0.jar

Description:

A class loader framework

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/mark/.m2/repository/org/codehaus/plexus/plexus-classworlds/2.8.0/plexus-classworlds-2.8.0.jar
MD5: 92089dee35db6423c2128559238430cb
SHA1: 5d0d8c71b61b38ce127a46702a453f9aa09a4ee2
SHA256:081b40e0eab033cd5ac72d2501bfff4f5fd2a3eef827051111730ea152681c72
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
plexus-classworlds-2.8.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.8

Identifiers

CVE-2022-4244  

A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files.
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2022-4245  

A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection.
CWE-611 Improper Restriction of XML External Entity Reference, CWE-91 XML Injection (aka Blind XPath Injection)

CVSSv3:
  • Base Score: MEDIUM (4.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

plexus-container-default-2.1.0.jar

Description:

    The Plexus IoC container API and its default implementation.

File Path: /home/mark/.m2/repository/org/codehaus/plexus/plexus-container-default/2.1.0/plexus-container-default-2.1.0.jar
MD5: 38bb4378dcf8868a6ef203b0f4a2ddae
SHA1: c189df3d30aa7707c36aa2746fae55ebe11d711e
SHA256:6dceb1246b188153bdcb6f962d543d51ddb672cca07cad94a78fbabc9edf0a39
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
plexus-container-default-2.1.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.reporting/maven-reporting-impl@3.2.0

Identifiers

CVE-2022-4244  

A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files.
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2022-4245  

A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection.
CWE-611 Improper Restriction of XML External Entity Reference, CWE-91 XML Injection (aka Blind XPath Injection)

CVSSv3:
  • Base Score: MEDIUM (4.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

plexus-i18n-1.0-beta-10.jar

File Path: /home/mark/.m2/repository/org/codehaus/plexus/plexus-i18n/1.0-beta-10/plexus-i18n-1.0-beta-10.jar
MD5: 7f36c0459c853750c627f682ec7bcf52
SHA1: 27506f59e54cc80b8c28b977c2bcd0478094e0cc
SHA256:b87f25b512ffafcafbf4a05ab943812e9c6915291370c6b46016eb3836886c41
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
plexus-i18n-1.0-beta-10.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.reporting/maven-reporting-impl@3.2.0

Identifiers

CVE-2022-4244  

A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files.
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2022-4245  

A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection.
CWE-611 Improper Restriction of XML External Entity Reference, CWE-91 XML Injection (aka Blind XPath Injection)

CVSSv3:
  • Base Score: MEDIUM (4.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

plexus-interpolation-1.27.jar

Description:

The Plexus project provides a full software stack for creating and executing software projects.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/mark/.m2/repository/org/codehaus/plexus/plexus-interpolation/1.27/plexus-interpolation-1.27.jar
MD5: c2edbe0dbc934692794aaeac6006055a
SHA1: 8dc73f4ff5eafcbb7ec035ba54736e828b272533
SHA256:3fb4fb6143fdf964024c3cb738551524b9ea84e5c211cd660c559ad0703e5230
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
plexus-interpolation-1.27.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.8

Identifiers

CVE-2022-4244  

A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files.
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2022-4245  

A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection.
CWE-611 Improper Restriction of XML External Entity Reference, CWE-91 XML Injection (aka Blind XPath Injection)

CVSSv3:
  • Base Score: MEDIUM (4.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

plexus-sec-dispatcher-2.0.jar

File Path: /home/mark/.m2/repository/org/codehaus/plexus/plexus-sec-dispatcher/2.0/plexus-sec-dispatcher-2.0.jar
MD5: e68635a721630177ac70173e441336b6
SHA1: f89c5080614ffd0764e49861895dbedde1b47237
SHA256:873139960c4c780176dda580b003a2c4bf82188bdce5bb99234e224ef7acfceb
Referenced In Project/Scope: SchemaSpy Maven Plugin:provided
plexus-sec-dispatcher-2.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.8

Identifiers

CVE-2022-4244  

A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files.
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2022-4245  

A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection.
CWE-611 Improper Restriction of XML External Entity Reference, CWE-91 XML Injection (aka Blind XPath Injection)

CVSSv3:
  • Base Score: MEDIUM (4.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

plexus-utils-3.5.1.jar

Description:

A collection of various utility classes to ease working with strings, files, command lines, XML and
    more.

File Path: /home/mark/.m2/repository/org/codehaus/plexus/plexus-utils/3.5.1/plexus-utils-3.5.1.jar
MD5: cdec471a77f52e687d0df4c43f392a71
SHA1: c6bfb17c97ecc8863e88778ea301be742c62b06d
SHA256:86e0255d4c879c61b4833ed7f13124e8bb679df47debb127326e7db7dd49a07b
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
plexus-utils-3.5.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.8

Identifiers

plexus-velocity-1.2.jar

File Path: /home/mark/.m2/repository/org/codehaus/plexus/plexus-velocity/1.2/plexus-velocity-1.2.jar
MD5: 7d7805136e8165f53c944612a809f1a6
SHA1: 1331b9d6bbf99ead362c68c2f318ebe5fedda598
SHA256:b4c4a0dbeacad54306a1ae230eff5ab45d58e3ab88c86ab7245d3a0772be57ab
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
plexus-velocity-1.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.reporting/maven-reporting-impl@3.2.0

Identifiers

CVE-2022-4244  

A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files.
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2022-4245  

A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection.
CWE-611 Improper Restriction of XML External Entity Reference, CWE-91 XML Injection (aka Blind XPath Injection)

CVSSv3:
  • Base Score: MEDIUM (4.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

plexus-xml-3.0.0.jar

Description:

A collection of various utility classes to ease working with XML in Maven 3.

File Path: /home/mark/.m2/repository/org/codehaus/plexus/plexus-xml/3.0.0/plexus-xml-3.0.0.jar
MD5: cccca4a03a8367cd20e4efaead5fba0b
SHA1: d16b91678bc3734276886132923d6919c935c9f7
SHA256:d2622dc9339b16f5b8c9cad2add440e965831d0e16f19ae1de24e1202b0de536
Referenced In Project/Scope: SchemaSpy Maven Plugin:provided
plexus-xml-3.0.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.8

Identifiers

CVE-2022-4244  

A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files.
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2022-4245  

A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection.
CWE-611 Improper Restriction of XML External Entity Reference, CWE-91 XML Injection (aka Blind XPath Injection)

CVSSv3:
  • Base Score: MEDIUM (4.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

postgresql-42.7.3.jar

Description:

PostgreSQL JDBC Driver Postgresql

License:

BSD-2-Clause: https://jdbc.postgresql.org/about/license.html
File Path: /home/mark/.m2/repository/org/postgresql/postgresql/42.7.3/postgresql-42.7.3.jar
MD5: f52f459fe317bf7e22327b72b381fc8a
SHA1: 24f3e9f7231428cd20eb4dde00dd3fce44e05464
SHA256:a2644cbfba1baa145ff7e8c8ef582a6eed7a7ec4ca792f7f054122bdec756268
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
postgresql-42.7.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/nl.geodienstencentrum.maven/schemaspy-maven-plugin@5.3.0-SNAPSHOT

Identifiers

protobuf-java-4.26.1.jar

Description:

    Core Protocol Buffers library. Protocol Buffers are a way of encoding structured data in an
    efficient yet extensible format.

License:

https://opensource.org/licenses/BSD-3-Clause
File Path: /home/mark/.m2/repository/com/google/protobuf/protobuf-java/4.26.1/protobuf-java-4.26.1.jar
MD5: 8e6a4bc05eb8ded0f27c6ac805469abe
SHA1: 594fabdcbceb7edfb883fe621d3e97d9cc05fa73
SHA256:091933e5870af810748326f7ace4a673aca721253177542842f044b546f14282
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
protobuf-java-4.26.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.mysql/mysql-connector-j@9.0.0

Identifiers

schemaspy-6.2.4.jar

Description:

SchemaSpy generates HTML and PNG-based entity relationship diagrams from JDBC-enabled databases.

License:

LGPL-3.0-or-later: https://www.gnu.org/licenses/lgpl-3.0.txt
File Path: /home/mark/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar
MD5: daeb9832cce7f142198a599c5e5be9f2
SHA1: 61689fe2bd4be56a3f6323895a245f8236d7995e
SHA256:f40bea88af06769d86e5efca2765fc50fd43b4720f6714d274b93f6158400e60
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
schemaspy-6.2.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/nl.geodienstencentrum.maven/schemaspy-maven-plugin@5.3.0-SNAPSHOT

Identifiers

schemaspy-6.2.4.jar: anchor.min.js

File Path: /home/mark/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/anchor-js/anchor.min.js
MD5: 59ccbcf40597fdbf5a3a5f88de29c39e
SHA1: 8dacf80a941783e6fc12bf00d5ae6f867b2edc92
SHA256:20804ad516e2b883aea5f1eb25f41e6cb8f498119454d9b8d48e25f1658f3e3f
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-6.2.4.jar: anomalies.js

File Path: /home/mark/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/anomalies.js
MD5: d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-6.2.4.jar: app.js

File Path: /home/mark/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/admin-lte/dist/js/app.js
MD5: 589220eddefd07d172948917bce32f46
SHA1: 3c14bff558126838fa30abe9bdcf4decf27f47c3
SHA256:e7107412589ffe7f372a5711948066ee763c4f68084475e3cb8aed2e431599f8
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-6.2.4.jar: app.min.js

File Path: /home/mark/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/admin-lte/dist/js/app.min.js
MD5: c97edde005d18d707bcf8f3185de7201
SHA1: 99e43178d50c0386a3b222551766cb08e81da1dd
SHA256:7a67b6c4dba7eceb6504af73c37a21b1d92a86f7331c85d7024ba36fcaff6236
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-6.2.4.jar: bootstrap.js

File Path: /home/mark/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/admin-lte/bootstrap/js/bootstrap.js
MD5: fb81549ee2896513a1ed5714b1b1a0f0
SHA1: 3b965a36a6b08854ad6eddedf85c5319fd392b4a
SHA256:0abe8deb334de1ba743b04d0399e99eba336afed9da72fc4c0a302c99f9238c8
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

CVE-2016-10735  

In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions from (including) 3.0.0; versions up to (excluding) 3.4.0
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta:*:*:*:*:*:*

CVE-2018-14041  

In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions from (including) 4.0.0; versions up to (excluding) 4.1.2
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha2:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha3:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha4:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha5:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha6:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta2:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta3:*:*:*:*:*:*

CVE-2018-14042  

In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0
  • cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions from (including) 4.0.0; versions up to (excluding) 4.1.2
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha2:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha3:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha4:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha5:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha6:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta2:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta3:*:*:*:*:*:*

CVE-2018-20676  

In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0

CVE-2018-20677  

In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0

CVE-2019-8331  

In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.1
  • cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions from (including) 4.3.0; versions up to (excluding) 4.3.1
  • cpe:2.3:a:redhat:virtualization_manager:4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:* versions up to (excluding) 5.19.0

Bootstrap before 4.0.0 is end-of-life and no longer maintained. (RETIREJS)  

Bootstrap before 4.0.0 is end-of-life and no longer maintained.
Unscored:
  • Severity: low

References:

schemaspy-6.2.4.jar: bootstrap.min.js

File Path: /home/mark/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/admin-lte/bootstrap/js/bootstrap.min.js
MD5: 5869c96cc8f19086aee625d670d741f9
SHA1: 430a443d74830fe9be26efca431f448c1b3740f9
SHA256:53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

CVE-2016-10735  

In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions from (including) 3.0.0; versions up to (excluding) 3.4.0
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta:*:*:*:*:*:*

CVE-2018-14041  

In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions from (including) 4.0.0; versions up to (excluding) 4.1.2
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha2:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha3:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha4:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha5:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha6:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta2:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta3:*:*:*:*:*:*

CVE-2018-14042  

In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0
  • cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions from (including) 4.0.0; versions up to (excluding) 4.1.2
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha2:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha3:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha4:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha5:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha6:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta2:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta3:*:*:*:*:*:*

CVE-2018-20676  

In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0

CVE-2018-20677  

In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0

CVE-2019-8331  

In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.1
  • cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions from (including) 4.3.0; versions up to (excluding) 4.3.1
  • cpe:2.3:a:redhat:virtualization_manager:4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:* versions up to (excluding) 5.19.0

Bootstrap before 4.0.0 is end-of-life and no longer maintained. (RETIREJS)  

Bootstrap before 4.0.0 is end-of-life and no longer maintained.
Unscored:
  • Severity: low

References:

schemaspy-6.2.4.jar: buttons.bootstrap.js

File Path: /home/mark/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/datatables.net-buttons-bs/js/buttons.bootstrap.js
MD5: d4f3fd56ffe8ee0dbdf57535e06e42e2
SHA1: fdf18cd630d82a89d6618753984edaf15fa24114
SHA256:11188b23c556bf2ff4d5e144cdad67faa417eb3c36eec6cbcd7b21566d9cfac1
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-6.2.4.jar: buttons.bootstrap.min.js

File Path: /home/mark/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/datatables.net-buttons-bs/js/buttons.bootstrap.min.js
MD5: ac22ff642b7e893d1481c3746e3a727e
SHA1: 31563ff1d6b172118d962a816259cbef55c9210d
SHA256:3c288a24e5ce97babfeb3f4ee1a222e97e26a1724709d7e0e238263e29197d9a
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-6.2.4.jar: buttons.colVis.js

File Path: /home/mark/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/datatables.net-buttons/buttons.colVis.js
MD5: 301a3927b58c194da0c7a1a28431fd2a
SHA1: 2c4dd397abee8d80eac8ebe5d79928ad508b48db
SHA256:f75eb463c4cdd2683c8cf79c3f7da9812d28f8891aacdea9253f8ae2c33100ec
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-6.2.4.jar: buttons.colVis.min.js

File Path: /home/mark/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/datatables.net-buttons/buttons.colVis.min.js
MD5: f4b5cebb54c4c4a0064176d86997a8fa
SHA1: db37f14a84880332c9b2eea2f96c377054428fa6
SHA256:5fd6d20a56e70a8b57286ecdb5ac3c799352067b6289b91ceaafa9464aa698fa
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-6.2.4.jar: buttons.flash.js

File Path: /home/mark/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/datatables.net-buttons/buttons.flash.js
MD5: 70a2e86e64be743e07cc4d4729d69a6b
SHA1: 968bc8c729cccf4b2052f55c57e6786a57059e3e
SHA256:7d7c21fff0f12cb4cff5eb443da61a5b91a6a917d8c4e9e01bb95aba69a41bd6
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-6.2.4.jar: buttons.flash.min.js

File Path: /home/mark/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/datatables.net-buttons/buttons.flash.min.js
MD5: 59fca0bf56ec890473eb362b1b6d1ae9
SHA1: 1660dd65e991d7f9b01db8dfacca16b4d67e55c8
SHA256:19641b70e1838b0e77fbd359b3745bc795507789d12e4a4925640e7fb3654bf4
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-6.2.4.jar: buttons.html5.js

File Path: /home/mark/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/datatables.net-buttons/buttons.html5.js
MD5: 49ad4fd980e4865b8da5ce06be20bc39
SHA1: a06f13b6d2c4cd35e0cd7d16de813e0ce8172712
SHA256:27396117755d4ac15886ac6b6e498b4c2b04104e5e41ef97c30fe6aef57a959b
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-6.2.4.jar: buttons.html5.min.js

File Path: /home/mark/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/datatables.net-buttons/buttons.html5.min.js
MD5: 4420f301dafa70f660c63dc9785c7dfb
SHA1: 48c16175a7ae240a54b65bba94eabce29045a0f9
SHA256:07a081c6a38ab09a0163aecaaf77713ffae6e09d06ba1a112efef22e01857ddc
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-6.2.4.jar: buttons.print.js

File Path: /home/mark/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/datatables.net-buttons/buttons.print.js
MD5: 66836cce3f63306ac9097560296f3ef8
SHA1: cf1ff4e63ad1b49cc47bc0e8b6c8a51423ca2235
SHA256:ea4a437952a00c782bee6c2021c7ed01c97f72deccefff93701fb904f4e5cb11
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-6.2.4.jar: buttons.print.min.js

File Path: /home/mark/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/datatables.net-buttons/buttons.print.min.js
MD5: 584df2eac3d5cbe85d7693812711436e
SHA1: 8f12ab29e1cfd6ac99897ed0dc4d5ab9d1372ae3
SHA256:5cf40aa1a69063798764e5019279283e180a23ee74b824c0e7dfb39e97640050
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-6.2.4.jar: codemirror.js

File Path: /home/mark/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/codemirror/codemirror.js
MD5: d1e82ecd62134c5d13d3318c8abd21dd
SHA1: 316b339b6e8e77186b47d66c88d7a45472a1c2d3
SHA256:6083403b7e8ffcb397a0e94165e1940557b02a992956f8d721a508bd440bd3a7
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-6.2.4.jar: column.js

File Path: /home/mark/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/column.js
MD5: 145c40d96cac3466adc62510d25439f3
SHA1: 4e0256c06650ae8b814a23637ac4bbf89a9a42c5
SHA256:e4e34072caf3381222a857e8b1c4ba8dba7d53400920aeec6387dad2235a608b
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-6.2.4.jar: constraint.js

File Path: /home/mark/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/constraint.js
MD5: e8627647698a908a405edd71a47866a0
SHA1: f45ef50ddea32e703d12ecef0088e1bb6635045c
SHA256:feaf4204e9e81a3845fa79e78220e7b48da5057bbfe9d478c4107b5db2727908
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-6.2.4.jar: dashboard.js

File Path: /home/mark/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/admin-lte/dist/js/pages/dashboard.js
MD5: e618d25f2ec4763ccf1a530140929169
SHA1: 0a216f26eb187e9e85ca49946b4e88996de72153
SHA256:684d0390d93e86519852c8ca211da17d0f5c67929083ec3d28feac11cf78afb9
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-6.2.4.jar: dashboard2.js

File Path: /home/mark/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/admin-lte/dist/js/pages/dashboard2.js
MD5: f27ed9a5f9672cb99b8affac5f898e6b
SHA1: ec365e09b46ad82c98a3af6b04d9485e37c96b9f
SHA256:83ac475ae8ec97d1c2ffc88b4acb90ecd9aa99c37fb9ba33bf7161a3deabeef3
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-6.2.4.jar: dataTables.bootstrap.js

File Path: /home/mark/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/datatables.net-bs/js/dataTables.bootstrap.js
MD5: 83b18e708e2df1204e52243778f64754
SHA1: 20b1140a1f0735ed99c0af52e0653d76c7233c5e
SHA256:b492281c0eb870d7bad0b4349aec7d20bc3ef5c2c3f91a1b33b6ab53bbcd9499
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-6.2.4.jar: dataTables.bootstrap.min.js

File Path: /home/mark/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/datatables.net-bs/js/dataTables.bootstrap.min.js
MD5: 19b11075f9b46a3cd26fb39a6f252b5d
SHA1: 44074789abea496fc9402979617f7d815d5cc7a2
SHA256:5ffe7cb3959b946300c3d4a90edaa757c74b44d09ac2cc86c0daa7643d097bfb
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-6.2.4.jar: dataTables.buttons.js

File Path: /home/mark/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/datatables.net-buttons/dataTables.buttons.js
MD5: 7016d72dae547c2994e996b3c6009541
SHA1: 28a64a8e38a7a4ad323893c164dc225af941fa05
SHA256:1e4fea9dc18d40a0a636a99a14bbdff16e8ec635f5d1c61c7d52c29f0e419d5a
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-6.2.4.jar: dataTables.buttons.min.js

File Path: /home/mark/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/datatables.net-buttons/dataTables.buttons.min.js
MD5: f13069a97e70168015f3d4bbf36f876f
SHA1: 90f5439d64c59e0f1b9ec9c0fef9639b3bf9f4c9
SHA256:8aeaf60f6f34ced8ed9c83b249bdfc8544cc8f318294074898e6ced1d04e678c
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-6.2.4.jar: demo.js

File Path: /home/mark/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/admin-lte/dist/js/demo.js
MD5: 4683fb3e338cff969296e416d26046b9
SHA1: 61f01104b4b9b2f6eace6640b700857429676b13
SHA256:2353102eb576ea212082292278f5f48d5463edba544759072c0ba9e4fb6c8ee4
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-6.2.4.jar: fastclick.js

File Path: /home/mark/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/admin-lte/plugins/fastclick/fastclick.js
MD5: 6e9d3b0da74f2a4a7042b494cdaa7c2e
SHA1: 06cef196733a710e77ad7e386ced6963f092dc55
SHA256:1aa08cb3c7aa70d268d24d59c374c14af7bd08e0af8c85f8e4f60a2651f4bab5
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-6.2.4.jar: fastclick.min.js

File Path: /home/mark/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/admin-lte/plugins/fastclick/fastclick.min.js
MD5: c5012b7a7be9ca08c1ea8056634b5b9d
SHA1: 4f1721e190356cf41677d009afddff17a3fd1aec
SHA256:32c983a4b3b87d8f7eafa40840c8791351a593c869a3029d8b7356a8cf6d2a94
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-6.2.4.jar: html5shiv.min.js

File Path: /home/mark/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/html5shiv/html5shiv.min.js
MD5: 40bd440d29b3a9371b0c63fec41ee64f
SHA1: e790c26449c57de298923c686cb3434d1d461a1d
SHA256:dc9cbf19b48bae0d28f72e59e67d6ec34ab1644087ec2e8e42954180d1586b48
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-6.2.4.jar: jquery-2.2.3.min.js

File Path: /home/mark/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/admin-lte/plugins/jQuery/jquery-2.2.3.min.js
MD5: 33cabfa15c1060aaa3d207c653afb1ee
SHA1: e3dbb65f2b541d842b50d37304b0102a2d5f2387
SHA256:6b6de0d4db7876d1183a3edb47ebd3bbbf93f153f5de1ba6645049348628109a
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

CVE-2015-9251  

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 3.0.0
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:business_process_management_suite:11.1.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:* versions up to (excluding) 7.0.0.1
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:* versions up to (excluding) 6.1.0.4.0
  • cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:* versions up to (excluding) 7.2
  • cpe:2.3:a:oracle:endeca_information_discovery_studio:3.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_operations_monitor:3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_operations_monitor:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 7.3.3; versions up to (including) 7.3.5
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.0; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:* versions from (including) 8.0.5; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.6
  • cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.6
  • cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_cruise_fleet_management:9.0.11:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_reporting_and_analytics:9.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:oss_support_tools:19.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.1; versions up to (including) 17.12
  • cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:real-time_scheduler:2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_allocation:15.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_invoice_matching:15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_sales_audit:15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_workforce_management_software:1.60.9:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_workforce_management_software:1.64.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:siebel_ui_framework:18.10:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:siebel_ui_framework:18.11:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:* versions from (including) 4.3.0.1; versions up to (including) 4.3.0.4
  • cpe:2.3:a:oracle:utilities_mobile_workforce_management:2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:webcenter_sites:11.1.1.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.3:*:*:*:*:*:*:*

CVE-2019-11358  

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.11.0; versions up to (excluding) 1.11.9
  • cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.12.0; versions up to (excluding) 1.12.6
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.66
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.5.0; versions up to (excluding) 8.5.15
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.6.0; versions up to (excluding) 8.6.15
  • cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:* versions from (including) 3.0.0; versions up to (including) 3.9.4
  • cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0
  • cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:* versions from (including) 3.0; versions up to (including) 3.1.3
  • cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
  • cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* versions up to (excluding) 19.1
  • cpe:2.3:a:oracle:application_service_level_management:13.2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_service_level_management:13.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:13.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:13.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_enterprise_collections:*:*:*:*:*:*:*:* versions from (including) 2.7.0; versions up to (including) 2.8.0
  • cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:* versions from (including) 2.4.0; versions up to (including) 2.10.0
  • cpe:2.3:a:oracle:bi_publisher:5.5.0.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:bi_publisher:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:big_data_discovery:1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_application_session_controller:3.8m0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:* versions from (including) 16.1.0; versions up to (including) 16.4.0
  • cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:*:*:*:*:*:*:*:* versions from (including) 6.0; versions up to (including) 6.4
  • cpe:2.3:a:oracle:communications_operations_monitor:*:*:*:*:*:*:*:* versions from (including) 4.1; versions up to (including) 4.3
  • cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:4.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_unified_inventory_management:7.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:diagnostic_assistant:2.12.36:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 7.3.3; versions up to (including) 7.3.5
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.1.0
  • cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_asset_liability_management:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_balance_sheet_planning:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.8
  • cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.9
  • cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:* versions from (including) 8.0.5; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_data_integration_hub:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_enterprise_financial_performance_analytics:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_enterprise_financial_performance_analytics:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.0.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.4.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.5.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_profitability_management:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_de_nederlandsche_bank:8.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_us_federal_reserve:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_retail_customer_analytics:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.6
  • cpe:2.3:a:oracle:financial_services_retail_performance_analytics:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_retail_performance_analytics:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.4.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.4.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_simphony:*:*:*:*:*:*:*:* versions from (including) 19.1.0; versions up to (including) 19.1.2
  • cpe:2.3:a:oracle:hospitality_simphony:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_simphony:18.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:identity_manager:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_accounting_analyzer:8.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:insurance_ifrs_17_analyzer:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_ifrs_17_analyzer:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:* versions from (including) 5.0.0.0; versions up to (including) 5.6.0.0
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_performance_insight:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper_and_adf:11.1.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper_and_adf:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper_and_adf:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:knowledge:*:*:*:*:*:*:*:* versions from (including) 8.6.0; versions up to (including) 8.6.3
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.15
  • cpe:2.3:a:oracle:policy_automation:10.4.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation:12.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation:12.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.15
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 16.2.0; versions up to (including) 16.2.11
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 17.12.0; versions up to (including) 17.12.7
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 18.8.0; versions up to (including) 18.8.9
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 19.12.0; versions up to (including) 19.12.4
  • cpe:2.3:a:oracle:primavera_gateway:15.2.18:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.7; versions up to (including) 17.12
  • cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:real-time_scheduler:*:*:*:*:*:*:*:* versions from (including) 2.3.0.1; versions up to (including) 2.3.0.3
  • cpe:2.3:a:oracle:rest_data_services:18c:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:19c:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:11.2.0.4:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:12.1.0.2:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:12.2.0.1:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_central_office:14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_point-of-service:14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:service_bus:11.1.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:siebel_mobile_applications:*:*:*:*:*:*:*:* versions up to (including) 19.8
  • cpe:2.3:a:oracle:siebel_ui_framework:20.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:system_utilities:19.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:tape_library_acsls:8.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:tape_library_acsls:8.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:transportation_management:1.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:utilities_mobile_workforce_management:*:*:*:*:*:*:*:* versions from (including) 2.3.0.1; versions up to (including) 2.3.0.3
  • cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:cloudforms:4.7:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:virtualization_manager:4.3:*:*:*:*:*:*:*

CVE-2020-11022  

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.70
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.7.0; versions up to (excluding) 8.7.14
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.8.0; versions up to (excluding) 8.8.6
  • cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions from (including) 1.2; versions up to (excluding) 3.5.0
  • cpe:2.3:a:netapp:max_data:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:* versions from (including) 3.0; versions up to (including) 3.1.3
  • cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_supplier_collaboration_for_process:6.2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:* versions from (including) 18.1; versions up to (including) 20.1
  • cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:* versions up to (excluding) 21.1.2
  • cpe:2.3:a:oracle:communications_application_session_controller:3.8m0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_diameter_signaling_router_idih\::*:*:*:*:*:*:*:* versions from (including) 8.0.0; versions up to (including) 8.2.2
  • cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:* versions from (including) 16.1.0; versions up to (including) 16.4.0
  • cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.6.0.0; versions up to (including) 8.1.0.0.0
  • cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8
  • cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_asset_liability_management:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_balance_sheet_planning:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0
  • cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.9
  • cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_data_integration_hub:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8
  • cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8
  • cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_profitability_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_profitability_management:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_profitability_management:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0
  • cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_us_federal_reserve:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.9
  • cpe:2.3:a:oracle:healthcare_foundation:7.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_simphony:*:*:*:*:*:*:*:* versions from (including) 19.1.0; versions up to (including) 19.1.2
  • cpe:2.3:a:oracle:hospitality_simphony:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_simphony:18.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_simphony:19.1.0-19.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_accounting_analyzer:8.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0
  • cpe:2.3:a:oracle:insurance_data_foundation:8.0.6-8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:* versions from (including) 5.0.0.0; versions up to (including) 5.6.0.0
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.20
  • cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.20
  • cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:siebel_ui_framework:20.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:storagetek_acsls:8.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:log_correlation_engine:*:*:*:*:*:*:*:* versions up to (excluding) 6.0.9

CVE-2020-11023  

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.70
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.7.0; versions up to (excluding) 8.7.14
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.8.0; versions up to (excluding) 8.8.6
  • cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions from (including) 1.0.3; versions up to (excluding) 3.5.0
  • cpe:2.3:a:netapp:max_data:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:* versions from (including) 3.0; versions up to (including) 3.1.3
  • cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:snapcenter_server:-:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* versions up to (excluding) 20.2
  • cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_enterprise_collections:*:*:*:*:*:*:*:* versions from (including) 2.7.0; versions up to (including) 2.8.0
  • cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:* versions from (including) 2.4.0; versions up to (including) 2.10.0
  • cpe:2.3:a:oracle:business_intelligence:5.9.0.0.0:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:* versions from (including) 16.1.0; versions up to (including) 16.4.0
  • cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:*:*:*:*:*:*:*:* versions from (including) 6.1; versions up to (including) 6.4
  • cpe:2.3:a:oracle:communications_operations_monitor:*:*:*:*:*:*:*:* versions from (including) 4.1; versions up to (including) 4.3
  • cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_de_nederlandsche_bank:8.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:health_sciences_inform:6.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hyperion_financial_reporting:11.1.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:* versions up to (excluding) 9.2.5.0
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:* versions up to (excluding) 9.2.5.0
  • cpe:2.3:a:oracle:oss_support_tools:*:*:*:*:*:*:*:* versions up to (excluding) 2.12.41
  • cpe:2.3:a:oracle:peoplesoft_enterprise_human_capital_management_resources:9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 16.2; versions up to (including) 16.2.11
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 17.12.0; versions up to (including) 17.12.7
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 18.8.0; versions up to (including) 18.8.9
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 19.12.0; versions up to (including) 19.12.4
  • cpe:2.3:a:oracle:rest_data_services:18c:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:19c:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:11.2.0.4:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:12.1.0.2:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:12.2.0.1:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:siebel_mobile:*:*:*:*:*:*:*:* versions up to (including) 20.12
  • cpe:2.3:a:oracle:storagetek_acsls:8.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:log_correlation_engine:*:*:*:*:*:*:*:* versions up to (excluding) 6.0.9

jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates (RETIREJS)  

jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates
Unscored:
  • Severity: low

References:

schemaspy-6.2.4.jar: jquery-ui.js

File Path: /home/mark/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/admin-lte/plugins/jQueryUI/jquery-ui.js
MD5: 04a4db2983450a2970c459ba87b4210a
SHA1: 3efaf11e60ea8c541b6dc26f0ef09f195732587a
SHA256:0c8e8d7408611519ceda4e759ae9987834a17addc8f0028241ffed7fb0113612
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

CVE-2016-7103  

Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:jqueryui:jquery_ui:*:*:*:*:*:*:*:* versions from (including) 1.10.0; versions up to (including) 1.11.4
  • cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* versions up to (excluding) 19.1
  • cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:oracle:hospitality_cruise_fleet_management:9.0.11:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:oss_support_tools:*:*:*:*:*:*:*:* versions up to (excluding) 2.12.42
  • cpe:2.3:a:oracle:oss_support_tools:2.12.42:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 16.0; versions up to (including) 16.2
  • cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.0; versions up to (including) 17.12.4
  • cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 18.0; versions up to (including) 18.8.4
  • cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:* versions up to (including) 21.2
  • cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:openstack:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:openstack:8:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:openstack:9:*:*:*:*:*:*:*

CVE-2021-41182  

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.86
  • cpe:2.3:a:jqueryui:jquery_ui:*:*:*:*:*:jquery:*:* versions up to (excluding) 1.13.0
  • cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* versions up to (excluding) 22.1.1
  • cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_platform:2.12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:big_data_spatial_and_graph:*:*:*:*:*:*:*:* versions up to (excluding) 23.1
  • cpe:2.3:a:oracle:big_data_spatial_and_graph:23.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_inventory_management:9.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_suite8:*:*:*:*:*:*:*:* versions from (including) 8.11.0; versions up to (including) 8.14.0
  • cpe:2.3:a:oracle:hospitality_suite8:8.10.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:* versions up to (including) 9.2.6.3
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:* versions up to (including) 8.0.29
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.25
  • cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.7; versions up to (including) 17.12
  • cpe:2.3:a:oracle:primavera_unifier:17.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:17.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:17.9:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:17.10:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:17.11:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:17.12:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:*:*:*:*:-:*:*:* versions up to (excluding) 22.1.1
  • cpe:2.3:a:oracle:rest_data_services:22.1.1:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:* versions up to (excluding) 5.21.0

CVE-2021-41183  

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now always treated as pure text, not HTML. A workaround is to not accept the value of the `*Text` options from untrusted sources.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.86
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 9.2.0; versions up to (excluding) 9.2.11
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 9.3.0; versions up to (excluding) 9.3.3
  • cpe:2.3:a:jqueryui:jquery_ui:*:*:*:*:*:jquery:*:* versions up to (excluding) 1.13.0
  • cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* versions up to (excluding) 22.1.1
  • cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_platform:2.12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:big_data_spatial_and_graph:*:*:*:*:*:*:*:* versions up to (excluding) 23.1
  • cpe:2.3:a:oracle:big_data_spatial_and_graph:23.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_inventory_management:9.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_suite8:*:*:*:*:*:*:*:* versions from (including) 8.11.0; versions up to (including) 11.14.0
  • cpe:2.3:a:oracle:hospitality_suite8:8.10.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:* versions up to (including) 9.2.6.3
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:* versions up to (including) 8.0.29
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.5
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 17.7; versions up to (including) 17.12
  • cpe:2.3:a:oracle:primavera_gateway:18.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:19.12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:20.12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:21.12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:*:*:*:*:-:*:*:* versions up to (excluding) 22.1.1
  • cpe:2.3:a:oracle:rest_data_services:22.1.1:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:* versions up to (excluding) 5.21.0

CVE-2021-41184  

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.86
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 9.2.0; versions up to (excluding) 9.2.11
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 9.3.0; versions up to (excluding) 9.3.3
  • cpe:2.3:a:jqueryui:jquery_ui:*:*:*:*:*:jquery:*:* versions up to (excluding) 1.13.0
  • cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* versions up to (excluding) 22.1.1
  • cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_platform:2.12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:big_data_spatial_and_graph:*:*:*:*:*:*:*:* versions up to (excluding) 23.1
  • cpe:2.3:a:oracle:big_data_spatial_and_graph:23.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_inventory_management:9.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_suite8:*:*:*:*:*:*:*:* versions from (including) 8.11.0; versions up to (including) 8.14.0
  • cpe:2.3:a:oracle:hospitality_suite8:8.10.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:* versions up to (including) 9.2.6.3
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.25
  • cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.7; versions up to (including) 17.12
  • cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:*:*:*:*:-:*:*:* versions up to (excluding) 22.1.1
  • cpe:2.3:a:oracle:rest_data_services:22.1.1:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:* versions up to (excluding) 5.21.0

CVE-2022-31160  

jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. Versions prior to 1.13.2 are potentially vulnerable to cross-site scripting. Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents considered as the input label. Calling `.checkboxradio( "refresh" )` on such a widget and the initial HTML contained encoded HTML entities will make them erroneously get decoded. This can lead to potentially executing JavaScript code. The bug has been patched in jQuery UI 1.13.2. To remediate the issue, someone who can change the initial HTML can wrap all the non-input contents of the `label` in a `span`.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:drupal:jquery_ui_checkboxradio:8.x-1.0:*:*:*:*:drupal:*:*
  • cpe:2.3:a:drupal:jquery_ui_checkboxradio:8.x-1.1:*:*:*:*:drupal:*:*
  • cpe:2.3:a:drupal:jquery_ui_checkboxradio:8.x-1.2:*:*:*:*:drupal:*:*
  • cpe:2.3:a:drupal:jquery_ui_checkboxradio:8.x-1.3:*:*:*:*:drupal:*:*
  • cpe:2.3:a:jqueryui:jquery_ui:*:*:*:*:*:jquery:*:* versions up to (excluding) 1.13.2
  • cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*

schemaspy-6.2.4.jar: jquery-ui.min.js

File Path: /home/mark/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/admin-lte/plugins/jQueryUI/jquery-ui.min.js
MD5: d935d506ae9c8dd9e0f96706fbb91f65
SHA1: 7f650ee30c6a4d3eea04032039b20ff72997559b
SHA256:c4d8dbe77feb63e5a61bee0bead4e5f66e8fa6a927599bd1b74aced52467273c
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

CVE-2016-7103  

Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:jqueryui:jquery_ui:*:*:*:*:*:*:*:* versions from (including) 1.10.0; versions up to (including) 1.11.4
  • cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* versions up to (excluding) 19.1
  • cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:oracle:hospitality_cruise_fleet_management:9.0.11:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:oss_support_tools:*:*:*:*:*:*:*:* versions up to (excluding) 2.12.42
  • cpe:2.3:a:oracle:oss_support_tools:2.12.42:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 16.0; versions up to (including) 16.2
  • cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.0; versions up to (including) 17.12.4
  • cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 18.0; versions up to (including) 18.8.4
  • cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:* versions up to (including) 21.2
  • cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:openstack:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:openstack:8:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:openstack:9:*:*:*:*:*:*:*

CVE-2021-41182  

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.86
  • cpe:2.3:a:jqueryui:jquery_ui:*:*:*:*:*:jquery:*:* versions up to (excluding) 1.13.0
  • cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* versions up to (excluding) 22.1.1
  • cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_platform:2.12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:big_data_spatial_and_graph:*:*:*:*:*:*:*:* versions up to (excluding) 23.1
  • cpe:2.3:a:oracle:big_data_spatial_and_graph:23.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_inventory_management:9.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_suite8:*:*:*:*:*:*:*:* versions from (including) 8.11.0; versions up to (including) 8.14.0
  • cpe:2.3:a:oracle:hospitality_suite8:8.10.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:* versions up to (including) 9.2.6.3
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:* versions up to (including) 8.0.29
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.25
  • cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.7; versions up to (including) 17.12
  • cpe:2.3:a:oracle:primavera_unifier:17.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:17.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:17.9:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:17.10:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:17.11:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:17.12:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:*:*:*:*:-:*:*:* versions up to (excluding) 22.1.1
  • cpe:2.3:a:oracle:rest_data_services:22.1.1:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:* versions up to (excluding) 5.21.0

CVE-2021-41183  

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now always treated as pure text, not HTML. A workaround is to not accept the value of the `*Text` options from untrusted sources.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.86
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 9.2.0; versions up to (excluding) 9.2.11
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 9.3.0; versions up to (excluding) 9.3.3
  • cpe:2.3:a:jqueryui:jquery_ui:*:*:*:*:*:jquery:*:* versions up to (excluding) 1.13.0
  • cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* versions up to (excluding) 22.1.1
  • cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_platform:2.12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:big_data_spatial_and_graph:*:*:*:*:*:*:*:* versions up to (excluding) 23.1
  • cpe:2.3:a:oracle:big_data_spatial_and_graph:23.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_inventory_management:9.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_suite8:*:*:*:*:*:*:*:* versions from (including) 8.11.0; versions up to (including) 11.14.0
  • cpe:2.3:a:oracle:hospitality_suite8:8.10.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:* versions up to (including) 9.2.6.3
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:* versions up to (including) 8.0.29
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.5
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 17.7; versions up to (including) 17.12
  • cpe:2.3:a:oracle:primavera_gateway:18.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:19.12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:20.12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:21.12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:*:*:*:*:-:*:*:* versions up to (excluding) 22.1.1
  • cpe:2.3:a:oracle:rest_data_services:22.1.1:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:* versions up to (excluding) 5.21.0

CVE-2021-41184  

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.86
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 9.2.0; versions up to (excluding) 9.2.11
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 9.3.0; versions up to (excluding) 9.3.3
  • cpe:2.3:a:jqueryui:jquery_ui:*:*:*:*:*:jquery:*:* versions up to (excluding) 1.13.0
  • cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* versions up to (excluding) 22.1.1
  • cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_platform:2.12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:big_data_spatial_and_graph:*:*:*:*:*:*:*:* versions up to (excluding) 23.1
  • cpe:2.3:a:oracle:big_data_spatial_and_graph:23.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_inventory_management:9.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_suite8:*:*:*:*:*:*:*:* versions from (including) 8.11.0; versions up to (including) 8.14.0
  • cpe:2.3:a:oracle:hospitality_suite8:8.10.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:* versions up to (including) 9.2.6.3
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.25
  • cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.7; versions up to (including) 17.12
  • cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:*:*:*:*:-:*:*:* versions up to (excluding) 22.1.1
  • cpe:2.3:a:oracle:rest_data_services:22.1.1:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:* versions up to (excluding) 5.21.0

CVE-2022-31160  

jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. Versions prior to 1.13.2 are potentially vulnerable to cross-site scripting. Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents considered as the input label. Calling `.checkboxradio( "refresh" )` on such a widget and the initial HTML contained encoded HTML entities will make them erroneously get decoded. This can lead to potentially executing JavaScript code. The bug has been patched in jQuery UI 1.13.2. To remediate the issue, someone who can change the initial HTML can wrap all the non-input contents of the `label` in a `span`.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:drupal:jquery_ui_checkboxradio:8.x-1.0:*:*:*:*:drupal:*:*
  • cpe:2.3:a:drupal:jquery_ui_checkboxradio:8.x-1.1:*:*:*:*:drupal:*:*
  • cpe:2.3:a:drupal:jquery_ui_checkboxradio:8.x-1.2:*:*:*:*:drupal:*:*
  • cpe:2.3:a:drupal:jquery_ui_checkboxradio:8.x-1.3:*:*:*:*:drupal:*:*
  • cpe:2.3:a:jqueryui:jquery_ui:*:*:*:*:*:jquery:*:* versions up to (excluding) 1.13.2
  • cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*

schemaspy-6.2.4.jar: jquery.dataTables.min.js

File Path: /home/mark/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/datatables.net/jquery.dataTables.min.js
MD5: bcf14f55a3878cef5e522906ce13235b
SHA1: 588658fcd1f3acda0cd435dd583b1fe869d8f67b
SHA256:8f4d3b47b47a8a31163dad5d7fb15e27a0056d07b0c34c6089fd9225664e847c
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

CVE-2020-28458  

All versions of package datatables.net are vulnerable to Prototype Pollution due to an incomplete fix for https://snyk.io/vuln/SNYK-JS-DATATABLESNET-598806.
CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: HIGH (7.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:datatables:datatables.net:*:*:*:*:*:node.js:*:* versions up to (excluding) 1.10.23

CVE-2021-23445  

This affects the package datatables.net before 1.11.3. If an array is passed to the HTML escape entities function it would not have its contents escaped.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:datatables:datatables.net:*:*:*:*:*:node.js:*:* versions up to (excluding) 1.11.3

prototype pollution (RETIREJS)  

prototype pollution
Unscored:
  • Severity: medium

References:

possible XSS (RETIREJS)  

possible XSS
Unscored:
  • Severity: low

References:

schemaspy-6.2.4.jar: jquery.js

File Path: /home/mark/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/jquery/jquery.js
MD5: 09dd64a64ba840c31a812a3ca25eaeee
SHA1: fd81582bf1b15e6747472df880ca822c362a97d1
SHA256:0d9027289ffa5d9f6c8b4e0782bb31bbff2cef5ee3708ccbcb7a22df9128bb21
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

CVE-2019-11358  

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.11.0; versions up to (excluding) 1.11.9
  • cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.12.0; versions up to (excluding) 1.12.6
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.66
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.5.0; versions up to (excluding) 8.5.15
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.6.0; versions up to (excluding) 8.6.15
  • cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:* versions from (including) 3.0.0; versions up to (including) 3.9.4
  • cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0
  • cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:* versions from (including) 3.0; versions up to (including) 3.1.3
  • cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
  • cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* versions up to (excluding) 19.1
  • cpe:2.3:a:oracle:application_service_level_management:13.2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_service_level_management:13.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:13.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:13.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_enterprise_collections:*:*:*:*:*:*:*:* versions from (including) 2.7.0; versions up to (including) 2.8.0
  • cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:* versions from (including) 2.4.0; versions up to (including) 2.10.0
  • cpe:2.3:a:oracle:bi_publisher:5.5.0.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:bi_publisher:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:big_data_discovery:1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_application_session_controller:3.8m0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:* versions from (including) 16.1.0; versions up to (including) 16.4.0
  • cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:*:*:*:*:*:*:*:* versions from (including) 6.0; versions up to (including) 6.4
  • cpe:2.3:a:oracle:communications_operations_monitor:*:*:*:*:*:*:*:* versions from (including) 4.1; versions up to (including) 4.3
  • cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:4.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_unified_inventory_management:7.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:diagnostic_assistant:2.12.36:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 7.3.3; versions up to (including) 7.3.5
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.1.0
  • cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_asset_liability_management:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_balance_sheet_planning:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.8
  • cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.9
  • cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:* versions from (including) 8.0.5; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_data_integration_hub:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_enterprise_financial_performance_analytics:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_enterprise_financial_performance_analytics:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.0.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.4.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.5.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_profitability_management:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_de_nederlandsche_bank:8.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_us_federal_reserve:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_retail_customer_analytics:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.6
  • cpe:2.3:a:oracle:financial_services_retail_performance_analytics:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_retail_performance_analytics:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.4.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.4.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_simphony:*:*:*:*:*:*:*:* versions from (including) 19.1.0; versions up to (including) 19.1.2
  • cpe:2.3:a:oracle:hospitality_simphony:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_simphony:18.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:identity_manager:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_accounting_analyzer:8.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:insurance_ifrs_17_analyzer:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_ifrs_17_analyzer:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:* versions from (including) 5.0.0.0; versions up to (including) 5.6.0.0
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_performance_insight:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper_and_adf:11.1.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper_and_adf:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper_and_adf:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:knowledge:*:*:*:*:*:*:*:* versions from (including) 8.6.0; versions up to (including) 8.6.3
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.15
  • cpe:2.3:a:oracle:policy_automation:10.4.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation:12.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation:12.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.15
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 16.2.0; versions up to (including) 16.2.11
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 17.12.0; versions up to (including) 17.12.7
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 18.8.0; versions up to (including) 18.8.9
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 19.12.0; versions up to (including) 19.12.4
  • cpe:2.3:a:oracle:primavera_gateway:15.2.18:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.7; versions up to (including) 17.12
  • cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:real-time_scheduler:*:*:*:*:*:*:*:* versions from (including) 2.3.0.1; versions up to (including) 2.3.0.3
  • cpe:2.3:a:oracle:rest_data_services:18c:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:19c:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:11.2.0.4:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:12.1.0.2:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:12.2.0.1:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_central_office:14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_point-of-service:14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:service_bus:11.1.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:siebel_mobile_applications:*:*:*:*:*:*:*:* versions up to (including) 19.8
  • cpe:2.3:a:oracle:siebel_ui_framework:20.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:system_utilities:19.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:tape_library_acsls:8.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:tape_library_acsls:8.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:transportation_management:1.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:utilities_mobile_workforce_management:*:*:*:*:*:*:*:* versions from (including) 2.3.0.1; versions up to (including) 2.3.0.3
  • cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:cloudforms:4.7:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:virtualization_manager:4.3:*:*:*:*:*:*:*

CVE-2020-11022  

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.70
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.7.0; versions up to (excluding) 8.7.14
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.8.0; versions up to (excluding) 8.8.6
  • cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions from (including) 1.2; versions up to (excluding) 3.5.0
  • cpe:2.3:a:netapp:max_data:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:* versions from (including) 3.0; versions up to (including) 3.1.3
  • cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_supplier_collaboration_for_process:6.2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:* versions from (including) 18.1; versions up to (including) 20.1
  • cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:* versions up to (excluding) 21.1.2
  • cpe:2.3:a:oracle:communications_application_session_controller:3.8m0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_diameter_signaling_router_idih\::*:*:*:*:*:*:*:* versions from (including) 8.0.0; versions up to (including) 8.2.2
  • cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:* versions from (including) 16.1.0; versions up to (including) 16.4.0
  • cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.6.0.0; versions up to (including) 8.1.0.0.0
  • cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8
  • cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_asset_liability_management:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_balance_sheet_planning:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0
  • cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.9
  • cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_data_integration_hub:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8
  • cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8
  • cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_profitability_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_profitability_management:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_profitability_management:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0
  • cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_us_federal_reserve:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.9
  • cpe:2.3:a:oracle:healthcare_foundation:7.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_simphony:*:*:*:*:*:*:*:* versions from (including) 19.1.0; versions up to (including) 19.1.2
  • cpe:2.3:a:oracle:hospitality_simphony:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_simphony:18.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_simphony:19.1.0-19.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_accounting_analyzer:8.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0
  • cpe:2.3:a:oracle:insurance_data_foundation:8.0.6-8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:* versions from (including) 5.0.0.0; versions up to (including) 5.6.0.0
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.20
  • cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.20
  • cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:siebel_ui_framework:20.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:storagetek_acsls:8.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:log_correlation_engine:*:*:*:*:*:*:*:* versions up to (excluding) 6.0.9

CVE-2020-11023  

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.70
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.7.0; versions up to (excluding) 8.7.14
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.8.0; versions up to (excluding) 8.8.6
  • cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions from (including) 1.0.3; versions up to (excluding) 3.5.0
  • cpe:2.3:a:netapp:max_data:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:* versions from (including) 3.0; versions up to (including) 3.1.3
  • cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:snapcenter_server:-:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* versions up to (excluding) 20.2
  • cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_enterprise_collections:*:*:*:*:*:*:*:* versions from (including) 2.7.0; versions up to (including) 2.8.0
  • cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:* versions from (including) 2.4.0; versions up to (including) 2.10.0
  • cpe:2.3:a:oracle:business_intelligence:5.9.0.0.0:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:* versions from (including) 16.1.0; versions up to (including) 16.4.0
  • cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:*:*:*:*:*:*:*:* versions from (including) 6.1; versions up to (including) 6.4
  • cpe:2.3:a:oracle:communications_operations_monitor:*:*:*:*:*:*:*:* versions from (including) 4.1; versions up to (including) 4.3
  • cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_de_nederlandsche_bank:8.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:health_sciences_inform:6.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hyperion_financial_reporting:11.1.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:* versions up to (excluding) 9.2.5.0
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:* versions up to (excluding) 9.2.5.0
  • cpe:2.3:a:oracle:oss_support_tools:*:*:*:*:*:*:*:* versions up to (excluding) 2.12.41
  • cpe:2.3:a:oracle:peoplesoft_enterprise_human_capital_management_resources:9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 16.2; versions up to (including) 16.2.11
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 17.12.0; versions up to (including) 17.12.7
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 18.8.0; versions up to (including) 18.8.9
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 19.12.0; versions up to (including) 19.12.4
  • cpe:2.3:a:oracle:rest_data_services:18c:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:19c:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:11.2.0.4:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:12.1.0.2:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:12.2.0.1:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:siebel_mobile:*:*:*:*:*:*:*:* versions up to (including) 20.12
  • cpe:2.3:a:oracle:storagetek_acsls:8.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:log_correlation_engine:*:*:*:*:*:*:*:* versions up to (excluding) 6.0.9

schemaspy-6.2.4.jar: jquery.slimscroll.js

File Path: /home/mark/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/admin-lte/plugins/slimScroll/jquery.slimscroll.js
MD5: 6ee5ab5d89857be6eaf08b63eb3246b0
SHA1: 1988633067079e50c05ac4bf42eb59c97aa96992
SHA256:e0ae991f3c0c611e7f794d9278321a072bacfea922f48158f219b197953a0f56
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-6.2.4.jar: jquery.slimscroll.min.js

File Path: /home/mark/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/admin-lte/plugins/slimScroll/jquery.slimscroll.min.js
MD5: f1dbc7920f93bd2b1dcfede95b473e4e
SHA1: 54dd07a613abfc09c6bf6aacdc2a5d089073e10b
SHA256:a84ffabdd498cd0bbd960a2c2b1845a65113bd6bea00096602e47ec8f87fd122
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-6.2.4.jar: main.js

File Path: /home/mark/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/main.js
MD5: 1674dff558a26b59870c39f57b599680
SHA1: 23ef321067a5ec8409458756c4ec2d004e8651eb
SHA256:af72dcd47a6eed28231ce02c2225c3f04ccd74e61e7e65439664ece556b55a18
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-6.2.4.jar: npm.js

File Path: /home/mark/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/admin-lte/bootstrap/js/npm.js
MD5: ccb7f3909e30b1eb8f65a24393c6e12b
SHA1: e2b7590d6ec1fdac66b01fdf66ae0879f53b1262
SHA256:c7aa82a1aa7d45224a38d926d2adaff7fe4aef5bcdafa2a47bdac057f4422c2d
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-6.2.4.jar: pdfmake.min.js

File Path: /home/mark/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/pdfmake/pdfmake.min.js
MD5: 130f523ea67129c5bb064a5db8c98829
SHA1: 89a69ec428dca66a4131734b11db2810beeac622
SHA256:e6cd72039171e4c5ef6e234a3ea806707d3252234d327ceb7cf69bdff3d9392d
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-6.2.4.jar: relationships.js

File Path: /home/mark/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/relationships.js
MD5: 920f55f8a197bae3ecbe0d907d788819
SHA1: 0a9e67abba65c0d55c85b79f3a2f51caf7eeeab8
SHA256:9be5e21c869973701cb19051bcf1a5eeca80fa04ae8d1a2840ddb3151251e17a
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-6.2.4.jar: respond.min.js

File Path: /home/mark/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/respond/respond.min.js
MD5: afc1984a3d17110449dc90cf22de0c27
SHA1: b5aba40d65b0d6f85859db47f757ea971a0efd30
SHA256:83a8807ef669fa70d0d9375347f5552897f76c6ae8e2e6f97ef592595462d8d1
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-6.2.4.jar: routine.js

File Path: /home/mark/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/routines/routine.js
MD5: 0d13031169769672c7a17ee127db82e8
SHA1: 85955b0b760b2690a048b55717cad009c8a2aa39
SHA256:6be89a8fcc7bde886140d054be945aea98565961a8a1bf6a24c1371d43e30b2a
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-6.2.4.jar: routines.js

File Path: /home/mark/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/routines.js
MD5: 7997db7fac75cdcff42ff5ab41af7eb3
SHA1: 1f3221dc6387342948bbbfd241d72b6544a3d982
SHA256:7da7c157f007dde035982adfce4241b2d6f897632afed95ac7cea074e082805e
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-6.2.4.jar: salvattore.min.js

File Path: /home/mark/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/salvattore/salvattore.min.js
MD5: e777a377c4b6629dd095ae07709f814b
SHA1: 936d17d233eb43856dab36d8e3db1f16c13ffc95
SHA256:ec3b330e880a042023f8af4b52db57de99d0d38819900c1b9ef8c6c7c3b62a30
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-6.2.4.jar: schemaSpy.js

File Path: /home/mark/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/schemaSpy.js
MD5: 4702bba66246aae9659e315ca2041a87
SHA1: feb05dc22646161c9ab25bc179b0643e69d9aff6
SHA256:56e99aaf99b8443e57a9f2bd247db7017b90e97389f7a517df2057bd41532034
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-6.2.4.jar: sql.js

File Path: /home/mark/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/codemirror/sql.js
MD5: 407f4fc907254cc5678ee89214e2bfb5
SHA1: 68bf7356c2d20f962c61c373d920d929bf4333a3
SHA256:e2b95aaecc29e6a2544c7bc6827dfe16c5b96055de996a69a888b8f2042a6471
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-6.2.4.jar: table.js

File Path: /home/mark/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/tables/table.js
MD5: 2a19d7502bf0e2a89a35ae03ede1569d
SHA1: b4cf4c72c3316f44080bed58a4af46a61cdbec48
SHA256:c8ec184c4a47349841618017610e830347fae799a9f7446b3b111a16ab3ae3ea
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-6.2.4.jar: vfs_fonts.js

File Path: /home/mark/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/pdfmake/vfs_fonts.js
MD5: 795e143b8f4eeb5089b2638cdeca7006
SHA1: 914c1db78046ed67723702de671b32a0b591206f
SHA256:5cb81fa70754070475938e9859359a268122c9b62cac154ebb8e120e812662cc
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-6.2.4.jar: viz.js

File Path: /home/mark/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/viz.js
MD5: 50c0fe0cec14d1030d023b260f8ee1b7
SHA1: 8c15e61d28791e45824922e3e81cd8c5c5bba618
SHA256:b6f33297afb84c5ef7c2f572d800390a4dd0c5186b5c5488a1762b49d1c9fe9f
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-6.2.4.jar: xlsx.full.min.js

File Path: /home/mark/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/js-xlsx/xlsx.full.min.js
MD5: b234f9d123c694019d2721c90ff9f8df
SHA1: cfd5eeb3cc1f745b88c21f76450a6e560b53584b
SHA256:6dbcaacf07c01b3888e33ffe354eb848aab1177f303d5179e4f9d2ca0bdd484c
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

serializer-2.7.2.jar

Description:

    Serializer to write out XML, HTML etc. as a stream of characters from an input DOM or from input
    SAX events.

File Path: /home/mark/.m2/repository/xalan/serializer/2.7.2/serializer-2.7.2.jar
MD5: e8325763fd4235f174ab7b72ed815db1
SHA1: 24247f3bb052ee068971393bdb83e04512bb1c3c
SHA256:e8f5b4340d3b12a0cfa44ac2db4be4e0639e479ae847df04c4ed8b521734bb4a
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
serializer-2.7.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4

Identifiers

CVE-2022-34169  

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.
CWE-681 Incorrect Conversion between Numeric Types

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

slf4j-api-1.7.36.jar

Description:

The slf4j API

File Path: /home/mark/.m2/repository/org/slf4j/slf4j-api/1.7.36/slf4j-api-1.7.36.jar
MD5: 872da51f5de7f3923da4de871d57fd85
SHA1: 6c62681a2f655b49963a5983b8b0950a6120ae14
SHA256:d3ef575e3e4979678dc01bf1dcce51021493b4d11fb7f1be8ad982877c16a1c0
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
slf4j-api-1.7.36.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.8

Identifiers

snakeyaml-1.25.jar

Description:

YAML 1.1 parser and emitter for Java

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/mark/.m2/repository/org/yaml/snakeyaml/1.25/snakeyaml-1.25.jar
MD5: 6f7d5b8f596047aae07a3bf6f23a0bf2
SHA1: 8b6e01ef661d8378ae6dd7b511a7f2a33fae1421
SHA256:b50ef33187e7dc922b26dbe4dd0fdb3a9cf349e75a08b95269901548eee546eb
Referenced In Project/Scope: SchemaSpy Maven Plugin:runtime
snakeyaml-1.25.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4

Identifiers

CVE-2022-1471  

SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization. We recommend upgrading to version 2.0 and beyond.
CWE-502 Deserialization of Untrusted Data, CWE-20 Improper Input Validation

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions:

CVE-2017-18640  

The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564.
CWE-776 Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2022-25857  

The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.
CWE-776 Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions:

CVE-2022-38749  

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.
CWE-787 Out-of-bounds Write, CWE-121 Stack-based Buffer Overflow

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions:

CVE-2022-38751  

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.
CWE-787 Out-of-bounds Write, CWE-121 Stack-based Buffer Overflow

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions:

CVE-2022-38752  

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.
CWE-787 Out-of-bounds Write, CWE-121 Stack-based Buffer Overflow

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions:

CVE-2022-41854  

Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.
CWE-787 Out-of-bounds Write, CWE-121 Stack-based Buffer Overflow

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions:

CVE-2022-38750  

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.
CWE-787 Out-of-bounds Write, CWE-121 Stack-based Buffer Overflow

CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A

References:

Vulnerable Software & Versions:

spring-boot-2.2.11.RELEASE.jar

Description:

Spring Boot

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /home/mark/.m2/repository/org/springframework/boot/spring-boot/2.2.11.RELEASE/spring-boot-2.2.11.RELEASE.jar
MD5: 24e210dc99417bc95e13224d7b8fd99e
SHA1: d43c1477fbd25790b5592ba9de0576d018825be8
SHA256:caa2cf0d5f2b4c931032a1930d46b586b50092be64ec35ea38d5c811251e6a49
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
spring-boot-2.2.11.RELEASE.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4

Identifiers

CVE-2023-20873  

In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions, an application that is deployed to Cloud Foundry could be susceptible to a security bypass. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.6+. 2.7.x users should upgrade to 2.7.11+. Users of older, unsupported versions should upgrade to 3.0.6+ or 2.7.11+.
NVD-CWE-noinfo

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2023-20883  

In Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 - 2.6.14, 2.5.0 - 2.5.14 and older unsupported versions, there is potential for a denial-of-service (DoS) attack if Spring MVC is used together with a reverse proxy cache.
CWE-400 Uncontrolled Resource Consumption

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

spring-core-5.2.10.RELEASE.jar

Description:

Spring Core

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /home/mark/.m2/repository/org/springframework/spring-core/5.2.10.RELEASE/spring-core-5.2.10.RELEASE.jar
MD5: 3d0d5f926f389f804716d8290e353604
SHA1: 29423e9f1d766eb4f4e3516211877f361fe3169f
SHA256:21b31ee8b896f1f79c92bbe8e2e30a25f7020fd63957416d28b035d524c632dc
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
spring-core-5.2.10.RELEASE.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4

Identifiers

CVE-2022-22965  

CISA Known Exploited Vulnerability:
  • Product: VMware Spring Framework
  • Name: Spring Framework JDK 9+ Remote Code Execution Vulnerability
  • Date Added: 2022-04-04
  • Description: Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding.
  • Required Action: Apply updates per vendor instructions.
  • Due Date: 2022-04-25

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
CWE-94 Improper Control of Generation of Code ('Code Injection')

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2021-22118  

In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data.
CWE-269 Improper Privilege Management, CWE-668 Exposure of Resource to Wrong Sphere

CVSSv2:
  • Base Score: MEDIUM (4.6)
  • Vector: /AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: HIGH (7.8)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:1.8/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2022-22950  

n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv2:
  • Base Score: MEDIUM (4.0)
  • Vector: /AV:N/AC:L/Au:S/C:N/I:N/A:P
CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2022-22971  

In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user.
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv2:
  • Base Score: MEDIUM (4.0)
  • Vector: /AV:N/AC:L/Au:S/C:N/I:N/A:P
CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2023-20861  

In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.
NVD-CWE-noinfo

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2023-20863  

In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.
CWE-400 Uncontrolled Resource Consumption, CWE-917 Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2022-22968  

In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path.
CWE-178 Improper Handling of Case Sensitivity

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (5.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2022-22970  

In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object.
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv2:
  • Base Score: LOW (3.5)
  • Vector: /AV:N/AC:M/Au:S/C:N/I:N/A:P
CVSSv3:
  • Base Score: MEDIUM (5.3)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:1.6/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2021-22060  

In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more places of the Spring Framework codebase.
NVD-CWE-noinfo

CVSSv2:
  • Base Score: MEDIUM (4.0)
  • Vector: /AV:N/AC:L/Au:S/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (4.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2021-22096  

In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries.
CWE-117 Improper Output Neutralization for Logs, NVD-CWE-Other

CVSSv2:
  • Base Score: MEDIUM (4.0)
  • Vector: /AV:N/AC:L/Au:S/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (4.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

velocity-1.7.jar

Description:

Apache Velocity is a general purpose template engine.

File Path: /home/mark/.m2/repository/org/apache/velocity/velocity/1.7/velocity-1.7.jar
MD5: 3692dd72f8367cb35fb6280dc2916725
SHA1: 2ceb567b8f3f21118ecdec129fe1271dbc09aa7a
SHA256:ec92dae810034f4b46dbb16ef4364a4013b0efb24a8c5dd67435cae46a290d8e
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
velocity-1.7.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.reporting/maven-reporting-impl@3.2.0

Identifiers

CVE-2020-13936  

An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache Velocity Engine versions up to 2.2.
NVD-CWE-noinfo

CVSSv2:
  • Base Score: HIGH (9.0)
  • Vector: /AV:N/AC:L/Au:S/C:C/I:C/A:C
CVSSv3:
  • Base Score: HIGH (8.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

velocity-tools-2.0.jar

Description:

        VelocityTools is an integrated collection of Velocity subprojects
        with the common goal of creating tools and infrastructure to speed and ease
        development of both web and non-web applications using the Velocity template
        engine.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/mark/.m2/repository/org/apache/velocity/velocity-tools/2.0/velocity-tools-2.0.jar
MD5: 51ed2c6c0103cf3fdbeb9aa5170f5288
SHA1: 69936384de86857018b023a8c56ae0635c56b6a0
SHA256:b174eb36bc48c25dce10571c7d3d5dca4e4c1b3e2e31a92b9ed68fe9dea688d9
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
velocity-tools-2.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.reporting/maven-reporting-impl@3.2.0

Identifiers

CVE-2020-13959  

The default error page for VelocityView in Apache Velocity Tools prior to 3.1 reflects back the vm file that was entered as part of the URL. An attacker can set an XSS payload file as this vm file in the URL which results in this payload being executed. XSS vulnerabilities allow attackers to execute arbitrary JavaScript in the context of the attacked website and the attacked user. This can be abused to steal session cookies, perform requests in the name of the victim or for phishing attacks.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions:

xalan-2.7.2.jar

Description:

    Xalan-Java is an XSLT processor for transforming XML documents into HTML,
    text, or other XML document types. It implements XSL Transformations (XSLT)
    Version 1.0 and XML Path Language (XPath) Version 1.0 and can be used from
    the command line, in an applet or a servlet, or as a module in other program.

File Path: /home/mark/.m2/repository/xalan/xalan/2.7.2/xalan-2.7.2.jar
MD5: 6aa6607802502c8016b676f25f8e4873
SHA1: d55d3f02a56ec4c25695fe67e1334ff8c2ecea23
SHA256:a44bd80e82cb0f4cfac0dac8575746223802514e3cec9dc75235bc0de646af14
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
xalan-2.7.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4

Identifiers

CVE-2022-34169  

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.
CWE-681 Incorrect Conversion between Numeric Types

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

xbean-reflect-3.7.jar

Description:

xbean-reflect provides very flexible ways to creat objects and graphs of objects for DI frameworks

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/mark/.m2/repository/org/apache/xbean/xbean-reflect/3.7/xbean-reflect-3.7.jar
MD5: b77f0c9914e56547409e65137acba9eb
SHA1: 6072a967ec936b3bb25b421d8eca07dd750219fd
SHA256:104e5e9bb5a669f86722f32281960700f7ec8e3209ef51b23eb9b6d23d1629cb
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
xbean-reflect-3.7.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.reporting/maven-reporting-impl@3.2.0

Identifiers

xml-apis-1.3.04.jar

Description:

xml-commons provides an Apache-hosted set of DOM, SAX, and 
    JAXP interfaces for use in other xml-based projects. Our hope is that we 
    can standardize on both a common version and packaging scheme for these 
    critical XML standards interfaces to make the lives of both our developers 
    and users easier. The External Components portion of xml-commons contains 
    interfaces that are defined by external standards organizations. For DOM, 
    that's the W3C; for SAX it's David Megginson and sax.sourceforge.net; for 
    JAXP it's Sun.

File Path: /home/mark/.m2/repository/xml-apis/xml-apis/1.3.04/xml-apis-1.3.04.jar
MD5: 9ae9c29e4497fc35a3eade1e6dd0bbeb
SHA1: 90b215f48fe42776c8c7f6e3509ec54e84fd65ef
SHA256:d404aa881eb9c5f7a4fb546e84ea11506cd417a72b5972e88eff17f43f9f8a64
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
xml-apis-1.3.04.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4

Identifiers



This report contains data retrieved from the National Vulnerability Database.
This report may contain data retrieved from the CISA Known Exploited Vulnerability Catalog.
This report may contain data retrieved from the Github Advisory Database (via NPM Audit API).
This report may contain data retrieved from RetireJS.
This report may contain data retrieved from the Sonatype OSS Index.