Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

How to read the report | Suppressing false positives | Getting Help: github issues

 Sponsor

Project: SchemaSpy Maven Plugin

nl.geodienstencentrum.maven:schemaspy-maven-plugin:5.3.1-SNAPSHOT

Scan Information (show all):

Summary

Display: Showing Vulnerable Dependencies (click to show all)

DependencyVulnerability IDsPackageHighest SeverityCVE CountConfidenceEvidence Count
aopalliance-1.0.jarpkg:maven/aopalliance/aopalliance@1.0 020
asm-7.3.1.jarpkg:maven/org.ow2.asm/asm@7.3.1 054
asm-analysis-7.3.1.jarpkg:maven/org.ow2.asm/asm-analysis@7.3.1 060
asm-commons-7.3.1.jarpkg:maven/org.ow2.asm/asm-commons@7.3.1 058
asm-tree-7.3.1.jarpkg:maven/org.ow2.asm/asm-tree@7.3.1 058
asm-util-7.3.1.jarpkg:maven/org.ow2.asm/asm-util@7.3.1 058
autolink-0.6.0.jarpkg:maven/org.nibor.autolink/autolink@0.6.0 024
checker-qual-3.42.0.jarpkg:maven/org.checkerframework/checker-qual@3.42.0 046
classworlds-1.1-alpha-2.jarpkg:maven/classworlds/classworlds@1.1-alpha-2 051
commons-beanutils-1.9.4.jarcpe:2.3:a:apache:commons_beanutils:1.9.4:*:*:*:*:*:*:*pkg:maven/commons-beanutils/commons-beanutils@1.9.4 0Highest168
commons-collections-3.2.2.jarcpe:2.3:a:apache:commons_collections:3.2.2:*:*:*:*:*:*:*pkg:maven/commons-collections/commons-collections@3.2.2 0Highest84
commons-digester3-3.2.jarpkg:maven/org.apache.commons/commons-digester3@3.2 0105
commons-lang3-3.17.0.jarpkg:maven/org.apache.commons/commons-lang3@3.17.0 0145
commons-logging-1.2.jarpkg:maven/commons-logging/commons-logging@1.2 0117
commons-text-1.12.0.jarcpe:2.3:a:apache:commons_text:1.12.0:*:*:*:*:*:*:*pkg:maven/org.apache.commons/commons-text@1.12.0 0Highest73
compiler-0.9.10.jarpkg:maven/com.github.spullara.mustache.java/compiler@0.9.10 027
derby-10.15.2.0.jarcpe:2.3:a:apache:derby:10.15.2.0:*:*:*:*:*:*:*pkg:maven/org.apache.derby/derby@10.15.2.0CRITICAL1Highest28
derbyshared-10.15.2.0.jarcpe:2.3:a:apache:derby:10.15.2.0:*:*:*:*:*:*:*pkg:maven/org.apache.derby/derbyshared@10.15.2.0CRITICAL1Highest27
derbytools-10.15.2.0.jarcpe:2.3:a:apache:derby:10.15.2.0:*:*:*:*:*:*:*pkg:maven/org.apache.derby/derbytools@10.15.2.0CRITICAL1Highest33
doxia-core-2.0.0.jarpkg:maven/org.apache.maven.doxia/doxia-core@2.0.0 026
doxia-integration-tools-2.0.0.jarpkg:maven/org.apache.maven.doxia/doxia-integration-tools@2.0.0 028
doxia-module-apt-2.0.0.jarpkg:maven/org.apache.maven.doxia/doxia-module-apt@2.0.0 028
doxia-module-xdoc-2.0.0.jarpkg:maven/org.apache.maven.doxia/doxia-module-xdoc@2.0.0 028
doxia-module-xhtml5-2.0.0.jarpkg:maven/org.apache.maven.doxia/doxia-module-xhtml5@2.0.0 028
doxia-sink-api-2.0.0.jarpkg:maven/org.apache.maven.doxia/doxia-sink-api@2.0.0 028
doxia-site-model-2.0.0.jarpkg:maven/org.apache.maven.doxia/doxia-site-model@2.0.0 028
doxia-site-renderer-2.0.0.jarpkg:maven/org.apache.maven.doxia/doxia-site-renderer@2.0.0 026
doxia-skin-model-2.0.0.jarpkg:maven/org.apache.maven.doxia/doxia-skin-model@2.0.0 026
failureaccess-1.0.2.jarpkg:maven/com.google.guava/failureaccess@1.0.2 032
flexmark-0.34.32.jarpkg:maven/com.vladsch.flexmark/flexmark@0.34.32 022
flexmark-ext-abbreviation-0.34.32.jarpkg:maven/com.vladsch.flexmark/flexmark-ext-abbreviation@0.34.32 027
flexmark-ext-aside-0.34.32.jarpkg:maven/com.vladsch.flexmark/flexmark-ext-aside@0.34.32 027
flexmark-ext-autolink-0.34.32.jarpkg:maven/com.vladsch.flexmark/flexmark-ext-autolink@0.34.32 027
flexmark-ext-definition-0.34.32.jarpkg:maven/com.vladsch.flexmark/flexmark-ext-definition@0.34.32 027
flexmark-ext-emoji-0.34.32.jarpkg:maven/com.vladsch.flexmark/flexmark-ext-emoji@0.34.32 027
flexmark-ext-escaped-character-0.34.32.jarpkg:maven/com.vladsch.flexmark/flexmark-ext-escaped-character@0.34.32 027
flexmark-ext-footnotes-0.34.32.jarpkg:maven/com.vladsch.flexmark/flexmark-ext-footnotes@0.34.32 027
flexmark-ext-gfm-strikethrough-0.34.32.jarpkg:maven/com.vladsch.flexmark/flexmark-ext-gfm-strikethrough@0.34.32 027
flexmark-ext-gfm-tasklist-0.34.32.jarpkg:maven/com.vladsch.flexmark/flexmark-ext-gfm-tasklist@0.34.32 027
flexmark-ext-ins-0.34.32.jarpkg:maven/com.vladsch.flexmark/flexmark-ext-ins@0.34.32 027
flexmark-ext-jekyll-front-matter-0.34.32.jarpkg:maven/com.vladsch.flexmark/flexmark-ext-jekyll-front-matter@0.34.32 027
flexmark-ext-superscript-0.34.32.jarpkg:maven/com.vladsch.flexmark/flexmark-ext-superscript@0.34.32 025
flexmark-ext-tables-0.34.32.jarpkg:maven/com.vladsch.flexmark/flexmark-ext-tables@0.34.32 027
flexmark-ext-toc-0.34.32.jarpkg:maven/com.vladsch.flexmark/flexmark-ext-toc@0.34.32 027
flexmark-ext-typographic-0.34.32.jarpkg:maven/com.vladsch.flexmark/flexmark-ext-typographic@0.34.32 027
flexmark-ext-wikilink-0.34.32.jarcpe:2.3:a:links:links:0.34.32:*:*:*:*:*:*:*pkg:maven/com.vladsch.flexmark/flexmark-ext-wikilink@0.34.32 0Low27
flexmark-ext-yaml-front-matter-0.34.32.jarpkg:maven/com.vladsch.flexmark/flexmark-ext-yaml-front-matter@0.34.32 027
flexmark-formatter-0.34.32.jarpkg:maven/com.vladsch.flexmark/flexmark-formatter@0.34.32 025
flexmark-jira-converter-0.34.32.jarpkg:maven/com.vladsch.flexmark/flexmark-jira-converter@0.34.32 027
flexmark-profile-pegdown-0.34.32.jarpkg:maven/com.vladsch.flexmark/flexmark-profile-pegdown@0.34.32 025
flexmark-util-0.34.32.jarpkg:maven/com.vladsch.flexmark/flexmark-util@0.34.32 024
guava-33.2.1-jre.jarcpe:2.3:a:google:guava:33.2.1:*:*:*:*:*:*:*pkg:maven/com.google.guava/guava@33.2.1-jre 0Highest27
guice-5.1.0.jarpkg:maven/com.google.inject/guice@5.1.0 034
hamcrest-core-1.3.jarpkg:maven/org.hamcrest/hamcrest-core@1.3 024
hsqldb-2.7.4.jarcpe:2.3:a:hsqldb:hypersql_database:2.7.4:*:*:*:*:*:*:*pkg:maven/org.hsqldb/hsqldb@2.7.4 0Low45
jakarta.annotation-api-1.3.5.jarcpe:2.3:a:oracle:projects:1.3.5:*:*:*:*:*:*:*pkg:maven/jakarta.annotation/jakarta.annotation-api@1.3.5 0Low35
javax.inject-1.jarpkg:maven/javax.inject/javax.inject@1 020
jcommander-1.69.jarpkg:maven/com.beust/jcommander@1.69 024
json-20230227.jarcpe:2.3:a:json-java_project:json-java:20230227:*:*:*:*:*:*:*pkg:maven/org.json/json@20230227HIGH1Highest30
json-simple-3.0.2.jarpkg:maven/com.github.cliftonlabs/json-simple@3.0.2 033
jul-to-slf4j-1.7.30.jarpkg:maven/org.slf4j/jul-to-slf4j@1.7.30 026
log4j-api-2.12.1.jarcpe:2.3:a:apache:log4j:2.12.1:*:*:*:*:*:*:*pkg:maven/org.apache.logging.log4j/log4j-api@2.12.1LOW1Highest42
log4j-to-slf4j-2.12.1.jarpkg:maven/org.apache.logging.log4j/log4j-to-slf4j@2.12.1 040
logback-core-1.2.3.jarcpe:2.3:a:qos:logback:1.2.3:*:*:*:*:*:*:*pkg:maven/ch.qos.logback/logback-core@1.2.3HIGH2Highest31
maven-archiver-3.6.2.jarpkg:maven/org.apache.maven/maven-archiver@3.6.2 029
maven-artifact-3.9.9.jarpkg:maven/org.apache.maven/maven-artifact@3.9.9 026
maven-builder-support-3.9.9.jarpkg:maven/org.apache.maven/maven-builder-support@3.9.9 024
maven-core-3.9.9.jarcpe:2.3:a:apache:maven:3.9.9:*:*:*:*:*:*:*pkg:maven/org.apache.maven/maven-core@3.9.9 0Highest24
maven-model-3.9.9.jarpkg:maven/org.apache.maven/maven-model@3.9.9 026
maven-model-builder-3.9.9.jarpkg:maven/org.apache.maven/maven-model-builder@3.9.9 032
maven-plugin-annotations-3.15.1.jarpkg:maven/org.apache.maven.plugin-tools/maven-plugin-annotations@3.15.1 026
maven-plugin-api-3.9.9.jarpkg:maven/org.apache.maven/maven-plugin-api@3.9.9 026
maven-reporting-api-4.0.0.jarpkg:maven/org.apache.maven.reporting/maven-reporting-api@4.0.0 029
maven-reporting-impl-4.0.0.jarpkg:maven/org.apache.maven.reporting/maven-reporting-impl@4.0.0 029
maven-repository-metadata-3.9.9.jarpkg:maven/org.apache.maven/maven-repository-metadata@3.9.9 026
maven-resolver-api-1.9.22.jarpkg:maven/org.apache.maven.resolver/maven-resolver-api@1.9.22 034
maven-resolver-impl-1.9.22.jarpkg:maven/org.apache.maven.resolver/maven-resolver-impl@1.9.22 032
maven-resolver-named-locks-1.9.22.jarpkg:maven/org.apache.maven.resolver/maven-resolver-named-locks@1.9.22 033
maven-resolver-provider-3.9.9.jarpkg:maven/org.apache.maven/maven-resolver-provider@3.9.9 026
maven-resolver-spi-1.9.22.jarpkg:maven/org.apache.maven.resolver/maven-resolver-spi@1.9.22 032
maven-resolver-util-1.9.22.jarpkg:maven/org.apache.maven.resolver/maven-resolver-util@1.9.22 036
maven-settings-3.9.9.jarpkg:maven/org.apache.maven/maven-settings@3.9.9 026
maven-settings-builder-3.9.9.jarpkg:maven/org.apache.maven/maven-settings-builder@3.9.9 026
maven-shared-utils-3.4.2.jarcpe:2.3:a:apache:maven_shared_utils:3.4.2:*:*:*:*:*:*:*
cpe:2.3:a:utils_project:utils:3.4.2:*:*:*:*:*:*:*
pkg:maven/org.apache.maven.shared/maven-shared-utils@3.4.2 0Highest29
mssql-jdbc-12.8.1.jre11.jarcpe:2.3:a:www-sql_project:www-sql:12.8.1.jre11:*:*:*:*:*:*:*pkg:maven/com.microsoft.sqlserver/mssql-jdbc@12.8.1
pkg:maven/com.microsoft.sqlserver/mssql-jdbc@12.8.1.jre11
 0Highest36
mysql-connector-j-9.1.0.jarcpe:2.3:a:oracle:mysql_connector\/j:9.1.0:*:*:*:*:*:*:*pkg:maven/com.mysql/mysql-connector-j@9.1.0 0Highest52
nashorn-core-15.4.jarpkg:maven/org.openjdk.nashorn/nashorn-core@15.4 023
nashorn-core-15.4.jar: base.js 00
nashorn-core-15.4.jar: bootstrap.js 00
nashorn-core-15.4.jar: controls.js 00
nashorn-core-15.4.jar: fxml.js 00
nashorn-core-15.4.jar: graphics.js 00
nashorn-core-15.4.jar: media.js 00
nashorn-core-15.4.jar: mozilla_compat.js 00
nashorn-core-15.4.jar: parser.js 00
nashorn-core-15.4.jar: swing.js 00
nashorn-core-15.4.jar: web.js 00
ojdbc11-23.6.0.24.10.jarcpe:2.3:a:oracle:jdbc:23.6.0.24.10:*:*:*:*:*:*:*pkg:maven/com.oracle.database.jdbc/ojdbc11@23.6.0.24.10 0Highest33
org.eclipse.sisu.inject-0.9.0.M3.jarpkg:maven/org.eclipse.sisu/org.eclipse.sisu.inject@0.9.0.M3 034
org.eclipse.sisu.plexus-0.9.0.M3.jarpkg:maven/org.eclipse.sisu/org.eclipse.sisu.plexus@0.9.0.M3 029
plexus-archiver-2.2.jarcpe:2.3:a:codehaus-plexus:plexus-archiver:2.2:*:*:*:*:*:*:*pkg:maven/org.codehaus.plexus/plexus-archiver@2.2CRITICAL3Highest25
plexus-cipher-2.0.jarpkg:maven/org.codehaus.plexus/plexus-cipher@2.0 020
plexus-classworlds-2.8.0.jarpkg:maven/org.codehaus.plexus/plexus-classworlds@2.8.0 030
plexus-component-annotations-2.1.0.jarpkg:maven/org.codehaus.plexus/plexus-component-annotations@2.1.0 027
plexus-container-default-1.0-alpha-9-stable-1.jarpkg:maven/org.codehaus.plexus/plexus-container-default@1.0-alpha-9-stable-1 022
plexus-i18n-1.0-beta-10.jarpkg:maven/org.codehaus.plexus/plexus-i18n@1.0-beta-10 024
plexus-interpolation-1.27.jarpkg:maven/org.codehaus.plexus/plexus-interpolation@1.27 027
plexus-io-2.0.4.jarpkg:maven/org.codehaus.plexus/plexus-io@2.0.4 028
plexus-sec-dispatcher-2.0.jarcpe:2.3:a:sec_project:sec:2.0:*:*:*:*:*:*:*pkg:maven/org.codehaus.plexus/plexus-sec-dispatcher@2.0 0Highest20
plexus-utils-3.5.1.jarcpe:2.3:a:codehaus-plexus:plexus-utils:3.5.1:*:*:*:*:*:*:*
cpe:2.3:a:utils_project:utils:3.5.1:*:*:*:*:*:*:*
pkg:maven/org.codehaus.plexus/plexus-utils@3.5.1 0Highest27
plexus-velocity-2.2.0.jarpkg:maven/org.codehaus.plexus/plexus-velocity@2.2.0 027
plexus-xml-3.0.0.jarpkg:maven/org.codehaus.plexus/plexus-xml@3.0.0 024
postgresql-42.7.4.jarcpe:2.3:a:postgresql:postgresql_jdbc_driver:42.7.4:*:*:*:*:*:*:*pkg:maven/org.postgresql/postgresql@42.7.4 0Low68
protobuf-java-4.26.1.jarcpe:2.3:a:google:protobuf-java:4.26.1:*:*:*:*:*:*:*
cpe:2.3:a:protobuf:protobuf:4.26.1:*:*:*:*:*:*:*
pkg:maven/com.google.protobuf/protobuf-java@4.26.1HIGH1Highest27
schemaspy-6.2.4.jarpkg:maven/org.schemaspy/schemaspy@6.2.4 038
schemaspy-6.2.4.jar: anchor.min.js 00
schemaspy-6.2.4.jar: anomalies.js 00
schemaspy-6.2.4.jar: app.js 00
schemaspy-6.2.4.jar: app.min.js 00
schemaspy-6.2.4.jar: bootstrap.jspkg:javascript/bootstrap@3.3.7MEDIUM83
schemaspy-6.2.4.jar: bootstrap.min.jspkg:javascript/bootstrap@3.3.7MEDIUM83
schemaspy-6.2.4.jar: buttons.bootstrap.js 00
schemaspy-6.2.4.jar: buttons.bootstrap.min.js 00
schemaspy-6.2.4.jar: buttons.colVis.js 00
schemaspy-6.2.4.jar: buttons.colVis.min.js 00
schemaspy-6.2.4.jar: buttons.flash.js 00
schemaspy-6.2.4.jar: buttons.flash.min.js 00
schemaspy-6.2.4.jar: buttons.html5.js 00
schemaspy-6.2.4.jar: buttons.html5.min.js 00
schemaspy-6.2.4.jar: buttons.print.js 00
schemaspy-6.2.4.jar: buttons.print.min.js 00
schemaspy-6.2.4.jar: codemirror.js 00
schemaspy-6.2.4.jar: column.js 00
schemaspy-6.2.4.jar: constraint.js 00
schemaspy-6.2.4.jar: dashboard.js 00
schemaspy-6.2.4.jar: dashboard2.js 00
schemaspy-6.2.4.jar: dataTables.bootstrap.js 00
schemaspy-6.2.4.jar: dataTables.bootstrap.min.js 00
schemaspy-6.2.4.jar: dataTables.buttons.js 00
schemaspy-6.2.4.jar: dataTables.buttons.min.js 00
schemaspy-6.2.4.jar: demo.js 00
schemaspy-6.2.4.jar: fastclick.js 00
schemaspy-6.2.4.jar: fastclick.min.js 00
schemaspy-6.2.4.jar: html5shiv.min.js 00
schemaspy-6.2.4.jar: jquery-2.2.3.min.jspkg:javascript/jquery@2.2.3.minMEDIUM53
schemaspy-6.2.4.jar: jquery-ui.jspkg:javascript/jquery-ui-dialog@1.11.4
pkg:javascript/jquery-ui@1.11.4
MEDIUM55
schemaspy-6.2.4.jar: jquery-ui.min.jspkg:javascript/jquery-ui-dialog@1.11.4
pkg:javascript/jquery-ui@1.11.4
MEDIUM55
schemaspy-6.2.4.jar: jquery.dataTables.min.jspkg:javascript/jquery.datatables@1.10.15HIGH43
schemaspy-6.2.4.jar: jquery.jspkg:javascript/jquery@3.2.1MEDIUM33
schemaspy-6.2.4.jar: jquery.slimscroll.js 00
schemaspy-6.2.4.jar: jquery.slimscroll.min.js 00
schemaspy-6.2.4.jar: main.js 00
schemaspy-6.2.4.jar: npm.js 00
schemaspy-6.2.4.jar: pdfmake.min.js 00
schemaspy-6.2.4.jar: relationships.js 00
schemaspy-6.2.4.jar: respond.min.js 00
schemaspy-6.2.4.jar: routine.js 00
schemaspy-6.2.4.jar: routines.js 00
schemaspy-6.2.4.jar: salvattore.min.js 00
schemaspy-6.2.4.jar: schemaSpy.js 00
schemaspy-6.2.4.jar: sql.js 00
schemaspy-6.2.4.jar: table.js 00
schemaspy-6.2.4.jar: vfs_fonts.js 00
schemaspy-6.2.4.jar: viz.js 00
schemaspy-6.2.4.jar: xlsx.full.min.js 00
serializer-2.7.2.jarcpe:2.3:a:apache:xalan-java:2.7.2:*:*:*:*:*:*:*pkg:maven/xalan/serializer@2.7.2HIGH1Highest32
slf4j-api-1.7.36.jarpkg:maven/org.slf4j/slf4j-api@1.7.36 029
snakeyaml-1.25.jarcpe:2.3:a:snakeyaml_project:snakeyaml:1.25:*:*:*:*:*:*:*pkg:maven/org.yaml/snakeyaml@1.25CRITICAL8Highest44
spring-boot-2.2.11.RELEASE.jarcpe:2.3:a:vmware:spring_boot:2.2.11:release:*:*:*:*:*:*pkg:maven/org.springframework.boot/spring-boot@2.2.11.RELEASECRITICAL2Highest39
spring-core-5.2.10.RELEASE.jarcpe:2.3:a:pivotal_software:spring_framework:5.2.10:release:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:5.2.10:release:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:5.2.10:release:*:*:*:*:*:*
pkg:maven/org.springframework/spring-core@5.2.10.RELEASECRITICAL*10Highest36
spring-expression-5.2.10.RELEASE.jarcpe:2.3:a:pivotal_software:spring_framework:5.2.10:release:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:5.2.10:release:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:5.2.10:release:*:*:*:*:*:*
pkg:maven/org.springframework/spring-expression@5.2.10.RELEASECRITICAL*11Highest36
velocity-engine-core-2.4.jarcpe:2.3:a:apache:velocity_engine:2.4:*:*:*:*:*:*:*pkg:maven/org.apache.velocity/velocity-engine-core@2.4 0Highest30
velocity-tools-generic-3.1.jarcpe:2.3:a:apache:velocity_tools:3.1:*:*:*:*:*:*:*pkg:maven/org.apache.velocity.tools/velocity-tools-generic@3.1 0Highest28
xalan-2.7.2.jarcpe:2.3:a:apache:xalan-java:2.7.2:*:*:*:*:*:*:*pkg:maven/xalan/xalan@2.7.2HIGH1Highest66
xml-apis-1.3.04.jarpkg:maven/xml-apis/xml-apis@1.3.04 071

* indicates the dependency has a known exploited vulnerability

Dependencies (vulnerable)

aopalliance-1.0.jar

Description:

AOP Alliance

License:

Public Domain
File Path: /home/runner/.m2/repository/aopalliance/aopalliance/1.0/aopalliance-1.0.jar
MD5: 04177054e180d09e3998808efa0401c7
SHA1: 0235ba8b489512805ac13a8f9ea77a1ca5ebe3e8
SHA256:0addec670fedcd3f113c5c8091d783280d23f75e3acb841b61a9cdb079376a08
Referenced In Project/Scope: SchemaSpy Maven Plugin:provided
aopalliance-1.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.9

Identifiers

asm-7.3.1.jar

Description:

ASM, a very small and fast Java bytecode manipulation framework

License:

BSD-3-Clause: https://asm.ow2.io/license.html
File Path: /home/runner/.m2/repository/org/ow2/asm/asm/7.3.1/asm-7.3.1.jar
MD5: 542c066ed00a4fa9857e9343e2c595b9
SHA1: 7ec32f922315924e82bf58b36ee1b673b2a9b820
SHA256:2f67e11ceec819ebd88ddee5300aba699b1cbab2e20c22e97cf027d3be93959b
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
asm-7.3.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4

Identifiers

asm-analysis-7.3.1.jar

Description:

Static code analysis API of ASM, a very small and fast Java bytecode manipulation framework

License:

BSD-3-Clause: https://asm.ow2.io/license.html
File Path: /home/runner/.m2/repository/org/ow2/asm/asm-analysis/7.3.1/asm-analysis-7.3.1.jar
MD5: b5b082ef17f6d6bb3d8ed9c129161bdb
SHA1: 045dfd299ea0c17d534499c4f06417ceccfa2d02
SHA256:46b8a8efd4b94facb5ab4b35afe30ee0546ae7a43d2c64e6def56c2f168fefa5
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
asm-analysis-7.3.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4

Identifiers

asm-commons-7.3.1.jar

Description:

Usefull class adapters based on ASM, a very small and fast Java bytecode manipulation framework

License:

BSD-3-Clause: https://asm.ow2.io/license.html
File Path: /home/runner/.m2/repository/org/ow2/asm/asm-commons/7.3.1/asm-commons-7.3.1.jar
MD5: be985ed0af52424f8f5d27ec71c249ab
SHA1: daaa79ef260eb67404b9a52bc319a024c7f49cfe
SHA256:87cd8bb3c6bf6bcbb33fca48060c5065f66ebf6a3d7de9bf18bff51bcf156ebc
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
asm-commons-7.3.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4

Identifiers

asm-tree-7.3.1.jar

Description:

Tree API of ASM, a very small and fast Java bytecode manipulation framework

License:

BSD-3-Clause: https://asm.ow2.io/license.html
File Path: /home/runner/.m2/repository/org/ow2/asm/asm-tree/7.3.1/asm-tree-7.3.1.jar
MD5: 3ef0bd9837a905e0b2d443de9199a409
SHA1: 587ce54d243145b2e89598bfcea7823ded73be5d
SHA256:f91a4a8aa868c5c4665bb4fd134019a91f9f8b9216527fba295e3c8b5422b78b
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
asm-tree-7.3.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4

Identifiers

asm-util-7.3.1.jar

Description:

Utilities for ASM, a very small and fast Java bytecode manipulation framework

License:

BSD-3-Clause: https://asm.ow2.io/license.html
File Path: /home/runner/.m2/repository/org/ow2/asm/asm-util/7.3.1/asm-util-7.3.1.jar
MD5: 181141e54fdd56474937d7ebfb325ba3
SHA1: cac1bf54c2fb86671c357d281d1060fe5d50a0de
SHA256:182128592742ed4883ac82bf205f137b6bfbe1234c68e6feb13759e75a85b729
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
asm-util-7.3.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4

Identifiers

autolink-0.6.0.jar

Description:

        Java library to extract links (URLs, email addresses) from plain text;
        fast, small and smart about recognizing where links end
    

License:

MIT License: http://www.opensource.org/licenses/mit-license.php
File Path: /home/runner/.m2/repository/org/nibor/autolink/autolink/0.6.0/autolink-0.6.0.jar
MD5: f2633571471a5957ee12e61b184e6219
SHA1: 3986d016a14e8c81afeec752f19af29b20e8367b
SHA256:a80be030f6386f18111cad9161c0b6983157352a1b59a59e6002172f0d321c04
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
autolink-0.6.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4

Identifiers

checker-qual-3.42.0.jar

Description:

checker-qual contains annotations (type qualifiers) that a programmer
writes to specify Java code for type-checking by the Checker Framework.

License:

The MIT License: http://opensource.org/licenses/MIT
File Path: /home/runner/.m2/repository/org/checkerframework/checker-qual/3.42.0/checker-qual-3.42.0.jar
MD5: 4c55448dcbfe9c3702f7758fc8fe0086
SHA1: 638ec33f363a94d41a4f03c3e7d3dcfba64e402d
SHA256:ccaedd33af0b7894d9f2f3b644f4d19e43928e32902e61ac4d10777830f5aac7
Referenced In Project/Scope: SchemaSpy Maven Plugin:runtime
checker-qual-3.42.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.postgresql/postgresql@42.7.4

Identifiers

classworlds-1.1-alpha-2.jar

File Path: /home/runner/.m2/repository/classworlds/classworlds/1.1-alpha-2/classworlds-1.1-alpha-2.jar
MD5: 82cacb7d9724c4a4e4d20f004884d4da
SHA1: 05adf2e681c57d7f48038b602f3ca2254ee82d47
SHA256:2bf4e59f3acd106fea6145a9a88fe8956509f8b9c0fdd11eb96fee757269e3f3
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
classworlds-1.1-alpha-2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.plugin-testing/maven-plugin-testing-harness@3.3.0

Identifiers

commons-beanutils-1.9.4.jar

Description:

Apache Commons BeanUtils provides an easy-to-use but flexible wrapper around reflection and introspection.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/commons-beanutils/commons-beanutils/1.9.4/commons-beanutils-1.9.4.jar
MD5: 07dc532ee316fe1f2f0323e9bd2f8df4
SHA1: d52b9abcd97f38c81342bb7e7ae1eee9b73cba51
SHA256:7d938c81789028045c08c065e94be75fc280527620d5bd62b519d5838532368a
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
commons-beanutils-1.9.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/nl.geodienstencentrum.maven/schemaspy-maven-plugin@5.3.1-SNAPSHOT

Identifiers

commons-collections-3.2.2.jar

Description:

Types that extend and augment the Java Collections Framework.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/commons-collections/commons-collections/3.2.2/commons-collections-3.2.2.jar
MD5: f54a8510f834a1a57166970bfc982e94
SHA1: 8ad72fe39fa8c91eaaf12aadb21e0c3661fe26d5
SHA256:eeeae917917144a68a741d4c0dff66aa5c5c5fd85593ff217bced3fc8ca783b8
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
commons-collections-3.2.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/commons-beanutils/commons-beanutils@1.9.4

Identifiers

commons-digester3-3.2.jar

Description:

    The Apache Commons Digester package lets you configure an XML to Java
    object mapping module which triggers certain actions called rules whenever
    a particular pattern of nested XML elements is recognized.
  

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/apache/commons/commons-digester3/3.2/commons-digester3-3.2.jar
MD5: 41d2c62c7aedafa7a3627794abc83f71
SHA1: c3f68c5ff25ec5204470fd8fdf4cb8feff5e8a79
SHA256:1c150e3d2df4b4237b47e28fea2079fb0da324578d5cca6a5fed2e37a62082ec
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
commons-digester3-3.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.reporting/maven-reporting-impl@4.0.0

Identifiers

commons-lang3-3.17.0.jar

Description:

  Apache Commons Lang, a package of Java utility classes for the
  classes that are in java.lang's hierarchy, or are considered to be so
  standard as to justify existence in java.lang.

  The code is tested using the latest revision of the JDK for supported
  LTS releases: 8, 11, 17 and 21 currently.
  See https://github.com/apache/commons-lang/blob/master/.github/workflows/maven.yml
  
  Please ensure your build environment is up-to-date and kindly report any build issues.
  

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/apache/commons/commons-lang3/3.17.0/commons-lang3-3.17.0.jar
MD5: 7730df72b7fdff4a3a32d89a314f826a
SHA1: b17d2136f0460dcc0d2016ceefca8723bdf4ee70
SHA256:6ee731df5c8e5a2976a1ca023b6bb320ea8d3539fbe64c8a1d5cb765127c33b4
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
commons-lang3-3.17.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.reporting/maven-reporting-impl@4.0.0

Identifiers

commons-logging-1.2.jar

Description:

Apache Commons Logging is a thin adapter allowing configurable bridging to other,
    well known logging systems.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/commons-logging/commons-logging/1.2/commons-logging-1.2.jar
MD5: 040b4b4d8eac886f6b4a2a3bd2f31b00
SHA1: 4bfc12adfe4842bf07b657f0369c4cb522955686
SHA256:daddea1ea0be0f56978ab3006b8ac92834afeefbd9b7e4e6316fca57df0fa636
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
commons-logging-1.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/commons-beanutils/commons-beanutils@1.9.4

Identifiers

commons-text-1.12.0.jar

Description:

Apache Commons Text is a set of utility functions and reusable components for the purpose of processing
    and manipulating text that should be of use in a Java environment.
  

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/apache/commons/commons-text/1.12.0/commons-text-1.12.0.jar
MD5: 544add6fbc8d4b100b07c3692d08099e
SHA1: 66aa90dc099701c4d3b14bd256c328f592ccf0d6
SHA256:de023257ff166044a56bd1aa9124e843cd05dac5806cc705a9311f3556d5a15f
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
commons-text-1.12.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.reporting/maven-reporting-impl@4.0.0

Identifiers

compiler-0.9.10.jar

Description:

Implementation of mustache.js for Java

License:

Apache License 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: /home/runner/.m2/repository/com/github/spullara/mustache/java/compiler/0.9.10/compiler-0.9.10.jar
MD5: 5638fc78a17d5063cc4b0d00f6e87491
SHA1: 6111ae24e3be9ecbd75f5fe908583fc14b4f0174
SHA256:2b5a9217811cb99846a473fa8e0d233eb33629347b7f44941f6c0fbd4cdf1038
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
compiler-0.9.10.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4

Identifiers

derby-10.15.2.0.jar

Description:

Contains the core Apache Derby database engine, which also includes the embedded JDBC driver.

File Path: /home/runner/.m2/repository/org/apache/derby/derby/10.15.2.0/derby-10.15.2.0.jar
MD5: abff01351b19bc62a188bac08a8bb58b
SHA1: b64da6681994f33ba5783ffae55cdb44885b9e70
SHA256:3afe424625f4caea05ff2f9022be2d98634be4d69dee3529697dab6d9fe1142f
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
derby-10.15.2.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/nl.geodienstencentrum.maven/schemaspy-maven-plugin@5.3.1-SNAPSHOT

Identifiers

CVE-2022-46337  

A cleverly devised username might bypass LDAP authentication checks. In 
LDAP-authenticated Derby installations, this could let an attacker fill 
up the disk by creating junk Derby databases. In LDAP-authenticated 
Derby installations, this could also allow the attacker to execute 
malware which was visible to and executable by the account which booted 
the Derby server. In LDAP-protected databases which weren't also 
protected by SQL GRANT/REVOKE authorization, this vulnerability could 
also let an attacker view and corrupt sensitive data and run sensitive 
database functions and procedures.

Mitigation:

Users should upgrade to Java 21 and Derby 10.17.1.0.

Alternatively, users who wish to remain on older Java versions should 
build their own Derby distribution from one of the release families to 
which the fix was backported: 10.16, 10.15, and 10.14. Those are the 
releases which correspond, respectively, with Java LTS versions 17, 11, 
and 8.

CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

derbyshared-10.15.2.0.jar

Description:

The code which is shared across all Derby configurations.

File Path: /home/runner/.m2/repository/org/apache/derby/derbyshared/10.15.2.0/derbyshared-10.15.2.0.jar
MD5: 2cb9ab8b9cfb06c2da5a1d3825d04344
SHA1: ff2dfb3e2a92d593cf111baad242d156947abbc1
SHA256:55365ab97e698080c6ccec65dbf7b8c63e4b4b77ad08f794d11458b1f2ea272c
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
derbyshared-10.15.2.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.derby/derby@10.15.2.0

Identifiers

CVE-2022-46337  

A cleverly devised username might bypass LDAP authentication checks. In 
LDAP-authenticated Derby installations, this could let an attacker fill 
up the disk by creating junk Derby databases. In LDAP-authenticated 
Derby installations, this could also allow the attacker to execute 
malware which was visible to and executable by the account which booted 
the Derby server. In LDAP-protected databases which weren't also 
protected by SQL GRANT/REVOKE authorization, this vulnerability could 
also let an attacker view and corrupt sensitive data and run sensitive 
database functions and procedures.

Mitigation:

Users should upgrade to Java 21 and Derby 10.17.1.0.

Alternatively, users who wish to remain on older Java versions should 
build their own Derby distribution from one of the release families to 
which the fix was backported: 10.16, 10.15, and 10.14. Those are the 
releases which correspond, respectively, with Java LTS versions 17, 11, 
and 8.

CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

derbytools-10.15.2.0.jar

Description:

Contains Apache Derby tools like ij, sysinfo, and dblook.

File Path: /home/runner/.m2/repository/org/apache/derby/derbytools/10.15.2.0/derbytools-10.15.2.0.jar
MD5: d41578eeb336b0e479be8f30bfd9ab9b
SHA1: d63722381e0e893d797e4d531e219e2917898364
SHA256:45d6dc34af9790f7f8fafb9b15d8525f3b429950fca4b4051e7e4f81f9170cd9
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
derbytools-10.15.2.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/nl.geodienstencentrum.maven/schemaspy-maven-plugin@5.3.1-SNAPSHOT

Identifiers

CVE-2022-46337  

A cleverly devised username might bypass LDAP authentication checks. In 
LDAP-authenticated Derby installations, this could let an attacker fill 
up the disk by creating junk Derby databases. In LDAP-authenticated 
Derby installations, this could also allow the attacker to execute 
malware which was visible to and executable by the account which booted 
the Derby server. In LDAP-protected databases which weren't also 
protected by SQL GRANT/REVOKE authorization, this vulnerability could 
also let an attacker view and corrupt sensitive data and run sensitive 
database functions and procedures.

Mitigation:

Users should upgrade to Java 21 and Derby 10.17.1.0.

Alternatively, users who wish to remain on older Java versions should 
build their own Derby distribution from one of the release families to 
which the fix was backported: 10.16, 10.15, and 10.14. Those are the 
releases which correspond, respectively, with Java LTS versions 17, 11, 
and 8.

CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

doxia-core-2.0.0.jar

Description:

Doxia core classes and interfaces.

File Path: /home/runner/.m2/repository/org/apache/maven/doxia/doxia-core/2.0.0/doxia-core-2.0.0.jar
MD5: c0fb5fa304380a070a896e79a62b6932
SHA1: 6b8dd422ff321fdbf32a0196b85cce3d63cfe68c
SHA256:939183cf5ced6741745b2475a4adf78ca85885ee0dad6dae28dd3f25bd447ff3
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
doxia-core-2.0.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.reporting/maven-reporting-impl@4.0.0

Identifiers

doxia-integration-tools-2.0.0.jar

Description:

A collection of tools to help the integration of Doxia Sitetools in Maven plugins.

File Path: /home/runner/.m2/repository/org/apache/maven/doxia/doxia-integration-tools/2.0.0/doxia-integration-tools-2.0.0.jar
MD5: b8e18118b11a20e0ddc66b235989682e
SHA1: ce08d289ed826416983860fb2adced6dd7ade550
SHA256:4aee72f9b30b507964c2f52b63f70e7b41fb9d957359cb5dc13c428abb4b6189
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
doxia-integration-tools-2.0.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.reporting/maven-reporting-impl@4.0.0

Identifiers

doxia-module-apt-2.0.0.jar

Description:

A Doxia module for Almost Plain Text source documents.
    APT format is supported both as source and target formats.

File Path: /home/runner/.m2/repository/org/apache/maven/doxia/doxia-module-apt/2.0.0/doxia-module-apt-2.0.0.jar
MD5: f6613830c1f558b909b32d3e3e271911
SHA1: 0505b4e8d57eb3f8c3d66adcca85ce09311742ba
SHA256:f4a846c448ca85358279184a310f6ee3f46fa39688f74a72961c1bfe222f28a6
Referenced In Project/Scope: SchemaSpy Maven Plugin:runtime
doxia-module-apt-2.0.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.reporting/maven-reporting-impl@4.0.0

Identifiers

doxia-module-xdoc-2.0.0.jar

Description:

A Doxia module for Xdoc source documents.
    Xdoc format is supported both as source and target formats.

File Path: /home/runner/.m2/repository/org/apache/maven/doxia/doxia-module-xdoc/2.0.0/doxia-module-xdoc-2.0.0.jar
MD5: dd12065dc641017da7006cb39f0490e5
SHA1: fe3a51c0226cb7cdfdcc97b73681f6ee80fad72c
SHA256:7956aca14f8adbc48bac86b218701dd44cc990063a69edbfca363b105994a474
Referenced In Project/Scope: SchemaSpy Maven Plugin:runtime
doxia-module-xdoc-2.0.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.reporting/maven-reporting-impl@4.0.0

Identifiers

doxia-module-xhtml5-2.0.0.jar

Description:

A Doxia module for Xhtml5 source documents.
    Xhtml5 format is supported both as source and target formats.

File Path: /home/runner/.m2/repository/org/apache/maven/doxia/doxia-module-xhtml5/2.0.0/doxia-module-xhtml5-2.0.0.jar
MD5: 2369dd687d9b13d115157299d09ca7d4
SHA1: 15fbcfe42e0a50eb33adbc061c9b4db84ec0470e
SHA256:c91557679a0eb9fde3175055628ceb7b8fd5ab6d308340770d236fb06265dc26
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
doxia-module-xhtml5-2.0.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.reporting/maven-reporting-impl@4.0.0

Identifiers

doxia-sink-api-2.0.0.jar

Description:

Doxia Sink API.

File Path: /home/runner/.m2/repository/org/apache/maven/doxia/doxia-sink-api/2.0.0/doxia-sink-api-2.0.0.jar
MD5: 0ac989158733a584c6b82e6ab1edc8ec
SHA1: d767d78857c1fb3cbd21ae3a7870894476ecb0fc
SHA256:fba33eaee3b01547bcd14b05ebc37f7dacef1819ad9ee7a5b27899afd3472cf4
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
doxia-sink-api-2.0.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.reporting/maven-reporting-impl@4.0.0

Identifiers

doxia-site-model-2.0.0.jar

Description:

The Site Model handles the descriptor for sites, also known as site.xml.

File Path: /home/runner/.m2/repository/org/apache/maven/doxia/doxia-site-model/2.0.0/doxia-site-model-2.0.0.jar
MD5: 4da689094c6e4a2d6457d21ce959ac42
SHA1: 6a43c5b58b9acbf789618efdda23d5cb9fb0981f
SHA256:f6ec9ef75a41d1b826e5ecf02d92c5de90a6bc70ea93d5340988703223bf2205
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
doxia-site-model-2.0.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.reporting/maven-reporting-impl@4.0.0

Identifiers

doxia-site-renderer-2.0.0.jar

Description:

The Site Renderer handles the rendering of sites, merging site model with document content.

File Path: /home/runner/.m2/repository/org/apache/maven/doxia/doxia-site-renderer/2.0.0/doxia-site-renderer-2.0.0.jar
MD5: 0af057ade4d5bc3b41a06cf1100bbd93
SHA1: b68214ec1d3250a4594f598f054977d961e66ac8
SHA256:6cdee370194f4b9f742d12ef46528042f480d9bdf3de832de2792e1ae9ffc68d
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
doxia-site-renderer-2.0.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.reporting/maven-reporting-impl@4.0.0

Identifiers

doxia-skin-model-2.0.0.jar

Description:

The Skin Model defines metadata for Doxia Sitetools skins.

File Path: /home/runner/.m2/repository/org/apache/maven/doxia/doxia-skin-model/2.0.0/doxia-skin-model-2.0.0.jar
MD5: 9daee5a484a8a9cb32b2fe6cfea42531
SHA1: 86913a4d7f1acbf26d426c97adecb18e21938ebf
SHA256:3ced0d90353f49e8eb1458f54664b93ec117d79b9789a576da41e2f6f99723e0
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
doxia-skin-model-2.0.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.reporting/maven-reporting-impl@4.0.0

Identifiers

failureaccess-1.0.2.jar

Description:

    Contains
    com.google.common.util.concurrent.internal.InternalFutureFailureAccess and
    InternalFutures. Most users will never need to use this artifact. Its
    classes are conceptually a part of Guava, but they're in this separate
    artifact so that Android libraries can use them without pulling in all of
    Guava (just as they can use ListenableFuture by depending on the
    listenablefuture artifact).
  

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/google/guava/failureaccess/1.0.2/failureaccess-1.0.2.jar
MD5: 3f75955b49b6758fd6d1e1bd9bf777b3
SHA1: c4a06a64e650562f30b7bf9aaec1bfed43aca12b
SHA256:8a8f81cf9b359e3f6dfa691a1e776985c061ef2f223c9b2c80753e1b458e8064
Referenced In Project/Scope: SchemaSpy Maven Plugin:provided
failureaccess-1.0.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.9

Identifiers

flexmark-0.34.32.jar

Description:

Core of flexmark-java (implementation of CommonMark for parsing markdown and rendering to HTML)

File Path: /home/runner/.m2/repository/com/vladsch/flexmark/flexmark/0.34.32/flexmark-0.34.32.jar
MD5: 382b5c90335fad2eb5d28fde5a55a0d4
SHA1: c2c2bf0e9c67757eb5996afe0ade71195227253b
SHA256:60fff3390d6836ddcf45be0a0f0e6b4602ce2f26508762851286b3a082648b53
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
flexmark-0.34.32.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4

Identifiers

flexmark-ext-abbreviation-0.34.32.jar

Description:

flexmark-java extension for defining abbreviations and turning appearance of these abbreviations in text into links with titles consisting of the expansion of the abbreviation

File Path: /home/runner/.m2/repository/com/vladsch/flexmark/flexmark-ext-abbreviation/0.34.32/flexmark-ext-abbreviation-0.34.32.jar
MD5: f663f0f2d098231cfd98a853a822e464
SHA1: 785fe944a8f5b5b54b30a4c40735f0f82d53aa25
SHA256:714ed71edd9e5c56ccd6f210b0eb79cf7240923ddf37bfd9ad8d03635f758f5e
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
flexmark-ext-abbreviation-0.34.32.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4

Identifiers

flexmark-ext-aside-0.34.32.jar

Description:

flexmark-java extension for converting | to aside tags

File Path: /home/runner/.m2/repository/com/vladsch/flexmark/flexmark-ext-aside/0.34.32/flexmark-ext-aside-0.34.32.jar
MD5: 2a54188164a2b5c0b22c280845a3160f
SHA1: 017d27b92514cd5b5c2494e1d2fe2cb3b695058c
SHA256:9bd05330490936009172b2b7bd9395c388839e36ca8bbaefd470b875d46c7e28
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
flexmark-ext-aside-0.34.32.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4

Identifiers

flexmark-ext-autolink-0.34.32.jar

Description:

flexmark-java extension for turning plain URLs and email addresses into links

File Path: /home/runner/.m2/repository/com/vladsch/flexmark/flexmark-ext-autolink/0.34.32/flexmark-ext-autolink-0.34.32.jar
MD5: 2be49f92ce3fc05f3a80b767a39bb72f
SHA1: 6a499f9ebf555ce8545382818103aaaf991af123
SHA256:072e2d8ea66caea1b214becb697271a3337f22fd0a3e6cfff4c7812c98d0a37e
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
flexmark-ext-autolink-0.34.32.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4

Identifiers

flexmark-ext-definition-0.34.32.jar

Description:

flexmark-java extension for definition

File Path: /home/runner/.m2/repository/com/vladsch/flexmark/flexmark-ext-definition/0.34.32/flexmark-ext-definition-0.34.32.jar
MD5: 06175b13310b36c4a42e9f41fb0a725f
SHA1: 1af7506590f76e6a81f78395a7b3ffa41cec8ff5
SHA256:27c05f0736294540a6922cd2369eb5178bab8c427977ebb49c5593754a5e3a72
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
flexmark-ext-definition-0.34.32.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4

Identifiers

flexmark-ext-emoji-0.34.32.jar

Description:

flexmark-java extension for emoji shortcuts using Emoji-Cheat-Sheet.com http://www.emoji-cheat-sheet.com/

File Path: /home/runner/.m2/repository/com/vladsch/flexmark/flexmark-ext-emoji/0.34.32/flexmark-ext-emoji-0.34.32.jar
MD5: b76e06cc514d0d3fde84ef695c6fe29f
SHA1: acbf86eabcaffeb0a5a90a9ab1933367f57ce2bb
SHA256:a9dc9e21e1b96718cfb45efe00e816b06d52a02c9451097f9ba3c17072c21661
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
flexmark-ext-emoji-0.34.32.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4

Identifiers

flexmark-ext-escaped-character-0.34.32.jar

Description:

flexmark-java extension for escaped_character

File Path: /home/runner/.m2/repository/com/vladsch/flexmark/flexmark-ext-escaped-character/0.34.32/flexmark-ext-escaped-character-0.34.32.jar
MD5: e3f75f4076188a21d4b0ccd43ba8425d
SHA1: e6d8328b599e9af5c2ddff3a9559dfe3545f9008
SHA256:654fbb2f164aa6ba3ce35cd43ac6bc65801c9a7f36ddb160963a5fb2730d0064
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
flexmark-ext-escaped-character-0.34.32.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4

Identifiers

flexmark-ext-footnotes-0.34.32.jar

Description:

flexmark-java extension for footnote inline elments and footnote definitions

File Path: /home/runner/.m2/repository/com/vladsch/flexmark/flexmark-ext-footnotes/0.34.32/flexmark-ext-footnotes-0.34.32.jar
MD5: 79bb8079973223f14f06231fd9623bf6
SHA1: b4e1426e8658312dc2f61df1d64f8abc40fe385f
SHA256:f4d92a042d3f64cb94deb7fe8dc52b5dab9a6efea01cf54b844cb0ea77a91992
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
flexmark-ext-footnotes-0.34.32.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4

Identifiers

flexmark-ext-gfm-strikethrough-0.34.32.jar

Description:

flexmark-java extension for GFM strikethrough using ~~ (GitHub Flavored Markdown)

File Path: /home/runner/.m2/repository/com/vladsch/flexmark/flexmark-ext-gfm-strikethrough/0.34.32/flexmark-ext-gfm-strikethrough-0.34.32.jar
MD5: a5a9e5ebfb9a1f58873d9ecd27dd348d
SHA1: acc88a9aabb0ac71d6d63c7bcccb2b082ba38b73
SHA256:2678273cae59d949007172fd439157f8c5f2b777f856587ad305c2bf3a55113d
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
flexmark-ext-gfm-strikethrough-0.34.32.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4

Identifiers

flexmark-ext-gfm-tasklist-0.34.32.jar

Description:

flexmark-java extension to convert bullet list items that start with [ ] to a TaskListItem node

File Path: /home/runner/.m2/repository/com/vladsch/flexmark/flexmark-ext-gfm-tasklist/0.34.32/flexmark-ext-gfm-tasklist-0.34.32.jar
MD5: 6b0c5a675ca4154683a20da590e68188
SHA1: ea598ab99f7c961370f7119897a0b8efc2275566
SHA256:0fb4e680ab4ed40d67ac3399dc0ad2d95cbe902036abee994995eda53ce08fdc
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
flexmark-ext-gfm-tasklist-0.34.32.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4

Identifiers

flexmark-ext-ins-0.34.32.jar

Description:

flexmark-java extension for ins

File Path: /home/runner/.m2/repository/com/vladsch/flexmark/flexmark-ext-ins/0.34.32/flexmark-ext-ins-0.34.32.jar
MD5: 6de13c82fedd06bde84a659a7f97d318
SHA1: 198876100bb1561e2bebb67bdfb05053aac92252
SHA256:8db30a0569f722fd33671df895bd465d36aad56782f8fb132fe41bef138fc8ac
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
flexmark-ext-ins-0.34.32.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4

Identifiers

flexmark-ext-jekyll-front-matter-0.34.32.jar

Description:

flexmark-java extension for jekyll_front_matter

File Path: /home/runner/.m2/repository/com/vladsch/flexmark/flexmark-ext-jekyll-front-matter/0.34.32/flexmark-ext-jekyll-front-matter-0.34.32.jar
MD5: d75e222b62c266ebf19b1481cf0c6f08
SHA1: 3ba2481406202ffb2a3dd1ef888a0be7e6050b8c
SHA256:4fc8404e83cf4d23ea3850dd607553db56141f4dc787dd5ecbcf7c8151e63e14
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
flexmark-ext-jekyll-front-matter-0.34.32.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4

Identifiers

flexmark-ext-superscript-0.34.32.jar

Description:

flexmark-java extension for superscript

File Path: /home/runner/.m2/repository/com/vladsch/flexmark/flexmark-ext-superscript/0.34.32/flexmark-ext-superscript-0.34.32.jar
MD5: 32e7f7e13440b5a9d087845fba2b9fcb
SHA1: 2f9413cedcc339dd20328249cce6fcee63161a57
SHA256:538175c28416be2b150ce63986d5594df42d7f069592733fb94c81f08fe2f127
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
flexmark-ext-superscript-0.34.32.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4

Identifiers

flexmark-ext-tables-0.34.32.jar

Description:

flexmark-java extension for tables using "|" pipes with optional column spans and table caption

File Path: /home/runner/.m2/repository/com/vladsch/flexmark/flexmark-ext-tables/0.34.32/flexmark-ext-tables-0.34.32.jar
MD5: 0475a524aaca5cf09e242aa968034041
SHA1: 550d1891263034068014daa137c38b6b5854aafb
SHA256:662e9e726abe00c7e68b1d7e9f65a5a2e7fa77f7a32ef7e109783a7cbb2304cd
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
flexmark-ext-tables-0.34.32.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4

Identifiers

flexmark-ext-toc-0.34.32.jar

Description:

flexmark-java extension for toc

File Path: /home/runner/.m2/repository/com/vladsch/flexmark/flexmark-ext-toc/0.34.32/flexmark-ext-toc-0.34.32.jar
MD5: 5d5bed0edcf1c3c7d80520a47b1cf8ac
SHA1: f01a984c6c8c37015079c012e700417d182b0d5f
SHA256:6a3b44c952b76165196babc54a3ad85bc454d051b3331498348cf32810382772
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
flexmark-ext-toc-0.34.32.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4

Identifiers

flexmark-ext-typographic-0.34.32.jar

Description:

flexmark-java extension for typographic

File Path: /home/runner/.m2/repository/com/vladsch/flexmark/flexmark-ext-typographic/0.34.32/flexmark-ext-typographic-0.34.32.jar
MD5: 493f416bb0399faa70c9ef4565425fbc
SHA1: 0c8c5babe652bc1e87999ea07ef54818ae12c0d3
SHA256:6d5d09963cf211b9013ddf7cced1658edea3d6484e99af4dfd903ca239e2f2aa
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
flexmark-ext-typographic-0.34.32.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4

Identifiers

flexmark-ext-wikilink-0.34.32.jar

Description:

flexmark-java extension parsing and rendering wiki links

File Path: /home/runner/.m2/repository/com/vladsch/flexmark/flexmark-ext-wikilink/0.34.32/flexmark-ext-wikilink-0.34.32.jar
MD5: 6ff6ff0e5c7dd48d4d35328428878538
SHA1: 7e40b4e8bf1d409e593b8b69604a504835303df2
SHA256:865745f068c7ff1a5e363b893651330b1336282c6664a7b635634263a4ed7898
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
flexmark-ext-wikilink-0.34.32.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4

Identifiers

flexmark-ext-yaml-front-matter-0.34.32.jar

Description:

flexmark-java extension for YAML front matter

File Path: /home/runner/.m2/repository/com/vladsch/flexmark/flexmark-ext-yaml-front-matter/0.34.32/flexmark-ext-yaml-front-matter-0.34.32.jar
MD5: 3de9fc9e100d6f4e6b2644b79a8db5e4
SHA1: 0509b24c760f37699d155e63443138977f519373
SHA256:7cdb249e1906b89d84399d6de54c7afe7f4715d6ad2c30ec60f5f756d7b9e475
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
flexmark-ext-yaml-front-matter-0.34.32.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4

Identifiers

flexmark-formatter-0.34.32.jar

Description:

flexmark-java extension for formatter

File Path: /home/runner/.m2/repository/com/vladsch/flexmark/flexmark-formatter/0.34.32/flexmark-formatter-0.34.32.jar
MD5: bae1cc2191f3bd80d09d5cfcb432a68d
SHA1: 5d35d76873bce4f5707c2df5c6be47ca42f59901
SHA256:6d8e8b4bf0e34c993a4727873e5eab86015a3121dc7bf169d97d71d45c9dd78e
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
flexmark-formatter-0.34.32.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4

Identifiers

flexmark-jira-converter-0.34.32.jar

Description:

flexmark-java extension for jira_converter

File Path: /home/runner/.m2/repository/com/vladsch/flexmark/flexmark-jira-converter/0.34.32/flexmark-jira-converter-0.34.32.jar
MD5: 676e66b37015c3a02a249dbdb3d6666a
SHA1: 75ca8726c7a24efa1bfa74e5fe879cd929ec0cfe
SHA256:a6a33938ff6dfe5be0f2c5ba630a84b47e9f36334c5e415bb9069366ad96e2e3
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
flexmark-jira-converter-0.34.32.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4

Identifiers

flexmark-profile-pegdown-0.34.32.jar

Description:

flexmark-java extension for setting flexmark options by using pegdown extension flags

File Path: /home/runner/.m2/repository/com/vladsch/flexmark/flexmark-profile-pegdown/0.34.32/flexmark-profile-pegdown-0.34.32.jar
MD5: a7808bb410e1ae87e66b42c3825888ab
SHA1: 30226a940419942e37a88b0a4c79a676ca78f788
SHA256:e62eaf00d9249aeb921eea709c492f5ffd085e75a15f2ca2a3944165351dd834
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
flexmark-profile-pegdown-0.34.32.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4

Identifiers

flexmark-util-0.34.32.jar

Description:

flexmark-java utility classes

File Path: /home/runner/.m2/repository/com/vladsch/flexmark/flexmark-util/0.34.32/flexmark-util-0.34.32.jar
MD5: 240493638f5833ff8563a0b8b0ecd37f
SHA1: a06050bd9933ac68bc1f266d47c16e772675fea9
SHA256:2ee09f5826e303f37b2b88e3ae5bb7dcc70935ed1736c3a986e8bb8786f8f89c
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
flexmark-util-0.34.32.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4

Identifiers

guava-33.2.1-jre.jar

Description:

    Guava is a suite of core and expanded libraries that include
    utility classes, Google's collections, I/O classes, and
    much more.
  

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/google/guava/guava/33.2.1-jre/guava-33.2.1-jre.jar
MD5: 872309e5982530bdc7e68096c0d53cd2
SHA1: 818e780da2c66c63bbb6480fef1f3855eeafa3e4
SHA256:452b2d9787b7d366fa8cf5ed9a1c40404542d05effa7a598da03bbbbb76d9f31
Referenced In Project/Scope: SchemaSpy Maven Plugin:provided
guava-33.2.1-jre.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.9

Identifiers

guice-5.1.0.jar

Description:

Guice is a lightweight dependency injection framework for Java 6 and above

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/google/inject/guice/5.1.0/guice-5.1.0.jar
MD5: 2560169296aa94492af34af2115e9511
SHA1: da25056c694c54ba16e78e4fc35f17fc60f0d1b4
SHA256:4130e50bfac48099c860f0d903b91860c81a249c90f38245f8fed58fc817bc26
Referenced In Project/Scope: SchemaSpy Maven Plugin:provided
guice-5.1.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.9

Identifiers

hamcrest-core-1.3.jar

Description:

    This is the core API of hamcrest matcher framework to be used by third-party framework providers. This includes the a foundation set of matcher implementations for common operations.
  

File Path: /home/runner/.m2/repository/org/hamcrest/hamcrest-core/1.3/hamcrest-core-1.3.jar
MD5: 6393363b47ddcbba82321110c3e07519
SHA1: 42a25dc3219429f0e5d060061f71acb49bf010a0
SHA256:66fdef91e9739348df7a096aa384a5685f4e875584cce89386a7a47251c4d8e9
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
hamcrest-core-1.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/junit/junit@4.13.2

Identifiers

hsqldb-2.7.4.jar

Description:

HSQLDB - Lightweight 100% Java SQL Database Engine

License:

HSQLDB License, a BSD open source license: http://hsqldb.org/web/hsqlLicense.html
File Path: /home/runner/.m2/repository/org/hsqldb/hsqldb/2.7.4/hsqldb-2.7.4.jar
MD5: 9e6a620acc9d544aacbfa2f17e78f4eb
SHA1: 4aad3c109b5b04927d3bc663bf13535f830401ce
SHA256:5fab2bb4384ac06b762638c8fa2740c944b8d080e4796c0c6c2af8b90dd4e5ad
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
hsqldb-2.7.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/nl.geodienstencentrum.maven/schemaspy-maven-plugin@5.3.1-SNAPSHOT

Identifiers

jakarta.annotation-api-1.3.5.jar

Description:

Jakarta Annotations API

License:

EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html
File Path: /home/runner/.m2/repository/jakarta/annotation/jakarta.annotation-api/1.3.5/jakarta.annotation-api-1.3.5.jar
MD5: 8b165cf58df5f8c2a222f637c0a07c97
SHA1: 59eb84ee0d616332ff44aba065f3888cf002cd2d
SHA256:85fb03fc054cdf4efca8efd9b6712bbb418e1ab98241c4539c8585bbc23e1b8a
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
jakarta.annotation-api-1.3.5.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4

Identifiers

javax.inject-1.jar

Description:

The javax.inject API

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/javax/inject/javax.inject/1/javax.inject-1.jar
MD5: 289075e48b909e9e74e6c915b3631d2e
SHA1: 6975da39a7040257bd51d21a231b76c915872d38
SHA256:91c77044a50c481636c32d916fd89c9118a72195390452c81065080f957de7ff
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
javax.inject-1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.9

Identifiers

jcommander-1.69.jar

Description:

Command line parsing

License:

Apache 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: /home/runner/.m2/repository/com/beust/jcommander/1.69/jcommander-1.69.jar
MD5: 45bed2649f8429973c486579631c69c7
SHA1: bdf17915d565a7c88a2a0fe05afb5b99ecf24555
SHA256:c2534833996d60581127ddc5139bb94f27f46badc77e1356746d58d9a3dcd99e
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
jcommander-1.69.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4

Identifiers

json-20230227.jar

Description:

        JSON is a light-weight, language independent, data interchange format.
        See http://www.JSON.org/

        The files in this package implement JSON encoders/decoders in Java.
        It also includes the capability to convert between JSON and XML, HTTP
        headers, Cookies, and CDL.

        This is a reference implementation. There is a large number of JSON packages
        in Java. Perhaps someday the Java community will standardize on one. Until
        then, choose carefully.
    

License:

Public Domain: https://github.com/stleary/JSON-java/blob/master/LICENSE
File Path: /home/runner/.m2/repository/org/json/json/20230227/json-20230227.jar
MD5: 6b9a69b21979b0c3cb5733db19ea51b1
SHA1: 7a0d4aca76513d8ce81f9b044ce8126b84809ad8
SHA256:9ed26791dc2d8629fdf8a207f1aebadcb50d641be637664310ef51c0f73e269b
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
json-20230227.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4

Identifiers

CVE-2023-5072  

Denial of Service  in JSON-Java versions up to and including 20230618.  A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions:

json-simple-3.0.2.jar

Description:

Java 7+ toolkit to quickly develop RFC 4627 JSON compatible applications.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/github/cliftonlabs/json-simple/3.0.2/json-simple-3.0.2.jar
MD5: 148c0d1bdc1bcb24394627d6930ee9ad
SHA1: 2337afdb06134a12fc0239299c3ceb2e9c209516
SHA256:fda65a9ad0e1ac0c88987106e89aa4d8b2a2495e7e042371efa83813f65b7295
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
json-simple-3.0.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.reporting/maven-reporting-impl@4.0.0

Identifiers

jul-to-slf4j-1.7.30.jar

Description:

JUL to SLF4J bridge

File Path: /home/runner/.m2/repository/org/slf4j/jul-to-slf4j/1.7.30/jul-to-slf4j-1.7.30.jar
MD5: f2c78cb93d70dc5dea0c50f36ace09c1
SHA1: d58bebff8cbf70ff52b59208586095f467656c30
SHA256:bbcbfdaa72572255c4f85207a9bfdb24358dc993e41252331bd4d0913e4988b9
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
jul-to-slf4j-1.7.30.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4

Identifiers

log4j-api-2.12.1.jar

Description:

The Apache Log4j API

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/apache/logging/log4j/log4j-api/2.12.1/log4j-api-2.12.1.jar
MD5: 4a6f276d4fb426c8d489343c0325bb75
SHA1: a55e6d987f50a515c9260b0451b4fa217dc539cb
SHA256:429534d03bdb728879ab551d469e26f6f7ff4c8a8627f59ac68ab6ef26063515
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
log4j-api-2.12.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4

Identifiers

CVE-2020-9488  

Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1
CWE-295 Improper Certificate Validation

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSSv3:
  • Base Score: LOW (3.7)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:2.2/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

log4j-to-slf4j-2.12.1.jar

Description:

The Apache Log4j binding between Log4j 2 API and SLF4J.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/apache/logging/log4j/log4j-to-slf4j/2.12.1/log4j-to-slf4j-2.12.1.jar
MD5: a6fdf03c03b6f5fac5a978031a06777e
SHA1: dfb42ea8ce1a399bcf7218efe8115a0b7ab3788a
SHA256:69d4aa504294033ea0d1236aabe81ed3f6393b6eb42e61899b197a51a3df73e9
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
log4j-to-slf4j-2.12.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4

Identifiers

logback-core-1.2.3.jar

Description:

logback-core module

License:

http://www.eclipse.org/legal/epl-v10.html, http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html
File Path: /home/runner/.m2/repository/ch/qos/logback/logback-core/1.2.3/logback-core-1.2.3.jar
MD5: 841fc80c6edff60d947a3872a2db4d45
SHA1: 864344400c3d4d92dfeb0a305dc87d953677c03c
SHA256:5946d837fe6f960c02a53eda7a6926ecc3c758bbdd69aa453ee429f858217f22
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
logback-core-1.2.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4

Identifiers

CVE-2023-6378  

A serialization vulnerability in logback receiver component part of 
logback version 1.4.11 allows an attacker to mount a Denial-Of-Service 
attack by sending poisoned data.

CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2021-42550  

In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.
CWE-502 Deserialization of Untrusted Data

CVSSv2:
  • Base Score: HIGH (8.5)
  • Vector: /AV:N/AC:M/Au:S/C:C/I:C/A:C
CVSSv3:
  • Base Score: MEDIUM (6.6)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:0.7/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

maven-archiver-3.6.2.jar

Description:

Provides utility methods for creating JARs and other archive files from a Maven project.

File Path: /home/runner/.m2/repository/org/apache/maven/maven-archiver/3.6.2/maven-archiver-3.6.2.jar
MD5: 742b3136d8ff1fcb66f5fd7f3c267c8d
SHA1: a2d949d87fed6db197cc3cceec93012dd2317ca0
SHA256:1f895a587df4844d9b7565e8e9a6352afe1d55532458a0dbeb746bc1d02e9216
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
maven-archiver-3.6.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.reporting/maven-reporting-impl@4.0.0

Identifiers

maven-artifact-3.9.9.jar

File Path: /home/runner/.m2/repository/org/apache/maven/maven-artifact/3.9.9/maven-artifact-3.9.9.jar
MD5: fcb27c2b8225edec3f2356973fa39e98
SHA1: a130ec431ef32e12a4424f9b074735bb58e15d2d
SHA256:30f015d1c1a393e19c18cd4f43532089c36d4ca328608ce3dda78b74d3d31515
Referenced In Project/Scope: SchemaSpy Maven Plugin:provided
maven-artifact-3.9.9.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/nl.geodienstencentrum.maven/schemaspy-maven-plugin@5.3.1-SNAPSHOT

Identifiers

maven-builder-support-3.9.9.jar

Description:

Support for descriptor builders (model, setting, toolchains)

File Path: /home/runner/.m2/repository/org/apache/maven/maven-builder-support/3.9.9/maven-builder-support-3.9.9.jar
MD5: 0266bb9314b63d9fde8aff0d190f48d6
SHA1: 812c13c808e42c54d3f4abdaab603e5262bf8ab8
SHA256:2ca4a967bdd12a9e85d40e012374f86e63d4a1030c199da4832e3d0a1c6770d8
Referenced In Project/Scope: SchemaSpy Maven Plugin:provided
maven-builder-support-3.9.9.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.9

Identifiers

maven-core-3.9.9.jar

Description:

Maven Core classes.

File Path: /home/runner/.m2/repository/org/apache/maven/maven-core/3.9.9/maven-core-3.9.9.jar
MD5: eed2eb37f03ccdea7ef9dab069c0b5d8
SHA1: b58645e3f14348024b05735c171425e19d30c02e
SHA256:7fab37fc6044f20ae004376ab8414373636cf51e26ad0b1efa6b3f1cd2bec503
Referenced In Project/Scope: SchemaSpy Maven Plugin:provided
maven-core-3.9.9.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/nl.geodienstencentrum.maven/schemaspy-maven-plugin@5.3.1-SNAPSHOT

Identifiers

maven-model-3.9.9.jar

Description:

Model for Maven POM (Project Object Model)

File Path: /home/runner/.m2/repository/org/apache/maven/maven-model/3.9.9/maven-model-3.9.9.jar
MD5: 813d4aceaaa8e16f8a83c95a96afa22c
SHA1: 585bff8f220ddc1c08c5263b7dee26c49fc7df94
SHA256:8f59b0a16fe9c933be749a60ae0705a0cb337bb5abaf38801b40b740ff775727
Referenced In Project/Scope: SchemaSpy Maven Plugin:provided
maven-model-3.9.9.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/nl.geodienstencentrum.maven/schemaspy-maven-plugin@5.3.1-SNAPSHOT

Identifiers

maven-model-builder-3.9.9.jar

Description:

The effective model builder, with inheritance, profile activation, interpolation, ...

File Path: /home/runner/.m2/repository/org/apache/maven/maven-model-builder/3.9.9/maven-model-builder-3.9.9.jar
MD5: a48ea3e9ceec85a9bff88e88048148d9
SHA1: 6dcd87768eb615301aef0c2221dd168a2d36bc7b
SHA256:a4377182ac2e5adfe16be3b3c81981a5ecddab014184de72ae1e522f04a77602
Referenced In Project/Scope: SchemaSpy Maven Plugin:provided
maven-model-builder-3.9.9.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.9

Identifiers

maven-plugin-annotations-3.15.1.jar

Description:

Java annotations to use in Mojos

File Path: /home/runner/.m2/repository/org/apache/maven/plugin-tools/maven-plugin-annotations/3.15.1/maven-plugin-annotations-3.15.1.jar
MD5: 0723da1364961f527fbfce10c8b9c7dd
SHA1: ca287d08819d5d87f3a06b8f065a79eb33c3ecc3
SHA256:b58bcb3a1f362f6e1efa2772064026bb3d4ad92e6f43a1812d8d2886489912f5
Referenced In Project/Scope: SchemaSpy Maven Plugin:provided
maven-plugin-annotations-3.15.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/nl.geodienstencentrum.maven/schemaspy-maven-plugin@5.3.1-SNAPSHOT

Identifiers

maven-plugin-api-3.9.9.jar

Description:

The API for plugins - Mojos - development.

File Path: /home/runner/.m2/repository/org/apache/maven/maven-plugin-api/3.9.9/maven-plugin-api-3.9.9.jar
MD5: 0bf1ae393ffac0c034ce8f3a4b7fc406
SHA1: 7e06aef37b14f8452928e5efaa88bcf2ee8aed02
SHA256:2b491d38db45b0e8eef522e8f7889a3366e546e58b376b07fcb56e34c424e932
Referenced In Project/Scope: SchemaSpy Maven Plugin:provided
maven-plugin-api-3.9.9.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/nl.geodienstencentrum.maven/schemaspy-maven-plugin@5.3.1-SNAPSHOT

Identifiers

maven-reporting-api-4.0.0.jar

Description:

API to manage report generation.

File Path: /home/runner/.m2/repository/org/apache/maven/reporting/maven-reporting-api/4.0.0/maven-reporting-api-4.0.0.jar
MD5: 9c49fcb81d69bb5ec513d624c181fc05
SHA1: d3ad7e3d03463b5bd77e7d3ce94539cc723c8dfb
SHA256:cb2cbde3c9c7288f7398a250dcf3c90cf92714cff301f22b298e1091b5def33c
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
maven-reporting-api-4.0.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.reporting/maven-reporting-impl@4.0.0

Identifiers

maven-reporting-impl-4.0.0.jar

Description:

Abstract classes to manage report generation.

File Path: /home/runner/.m2/repository/org/apache/maven/reporting/maven-reporting-impl/4.0.0/maven-reporting-impl-4.0.0.jar
MD5: 302ed7d914dc813380d361d1acb83c2f
SHA1: d3753b5c13a873a5ddb71f404c6fe1179a4688c2
SHA256:e9e70fdb26ff8b1f15435e3a68866a25c85b1694007e0fbdfe84e48e946fe463
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
maven-reporting-impl-4.0.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/nl.geodienstencentrum.maven/schemaspy-maven-plugin@5.3.1-SNAPSHOT

Identifiers

maven-repository-metadata-3.9.9.jar

Description:

Per-directory local and remote repository metadata.

File Path: /home/runner/.m2/repository/org/apache/maven/maven-repository-metadata/3.9.9/maven-repository-metadata-3.9.9.jar
MD5: d341cdcc9abac2d01546301a305f12b3
SHA1: 33a43f0af3371225d1dcaaa20a824df59c692172
SHA256:137c297e6a52d489b76663c82324d54e40f5d498a8fc015c0203fd91df8623b0
Referenced In Project/Scope: SchemaSpy Maven Plugin:provided
maven-repository-metadata-3.9.9.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.9

Identifiers

maven-resolver-api-1.9.22.jar

Description:

The application programming interface for the repository system.

License:

"Apache-2.0";link="https://www.apache.org/licenses/LICENSE-2.0.txt"
File Path: /home/runner/.m2/repository/org/apache/maven/resolver/maven-resolver-api/1.9.22/maven-resolver-api-1.9.22.jar
MD5: c59d27b3750461be99f8d38e1f503f56
SHA1: 756660687ea077b85be02b019d593ef2758e7db6
SHA256:63f5f665e44a09ef55463b3b91fda0b78ff07dd24b1060d56e79c10b6e32cbfb
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
maven-resolver-api-1.9.22.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.9

Identifiers

maven-resolver-impl-1.9.22.jar

Description:

An implementation of the repository system.

License:

"Apache-2.0";link="https://www.apache.org/licenses/LICENSE-2.0.txt"
File Path: /home/runner/.m2/repository/org/apache/maven/resolver/maven-resolver-impl/1.9.22/maven-resolver-impl-1.9.22.jar
MD5: 965f1348220f046c6cbde059c971685d
SHA1: 19b7a728c9000f8db615f64552d95fe74b413617
SHA256:e4dafb8acc13d736377c02d2170d869438dd74b98b860745909d238726babcbb
Referenced In Project/Scope: SchemaSpy Maven Plugin:provided
maven-resolver-impl-1.9.22.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.9

Identifiers

maven-resolver-named-locks-1.9.22.jar

Description:

A synchronization utility implementation using Named locks.

License:

"Apache-2.0";link="https://www.apache.org/licenses/LICENSE-2.0.txt"
File Path: /home/runner/.m2/repository/org/apache/maven/resolver/maven-resolver-named-locks/1.9.22/maven-resolver-named-locks-1.9.22.jar
MD5: 3d3855f4775bc27f9962f999ea88919b
SHA1: 121433b079aad9be7ed266b19f2122eeb0e2d111
SHA256:0685f29ec3b548d9b6917c527f13c667685a3394b955aaa5b25d0559818b7fc5
Referenced In Project/Scope: SchemaSpy Maven Plugin:provided
maven-resolver-named-locks-1.9.22.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.9

Identifiers

maven-resolver-provider-3.9.9.jar

Description:

Extensions to Maven Resolver for utilizing Maven POM and repository metadata.

File Path: /home/runner/.m2/repository/org/apache/maven/maven-resolver-provider/3.9.9/maven-resolver-provider-3.9.9.jar
MD5: ea2fccfc4c499dbaa570a26da14050d9
SHA1: ea361822cd25ae6c9153c594aef805e853031224
SHA256:5dea05049c94f952f48ce2bfe0111afdf986acc591fcc11d23fe3b8dcb70291e
Referenced In Project/Scope: SchemaSpy Maven Plugin:provided
maven-resolver-provider-3.9.9.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.9

Identifiers

maven-resolver-spi-1.9.22.jar

Description:

The service provider interface for repository system implementations and repository connectors.

License:

"Apache-2.0";link="https://www.apache.org/licenses/LICENSE-2.0.txt"
File Path: /home/runner/.m2/repository/org/apache/maven/resolver/maven-resolver-spi/1.9.22/maven-resolver-spi-1.9.22.jar
MD5: 7ae784f1d4088fff396386ed6966cafc
SHA1: c3101acaa4ec053557028cf1917f1d22112b100d
SHA256:99ad721e4631d9bd0c4f9e29c869672577c66f2a674a5723ce38eff13c75cbfd
Referenced In Project/Scope: SchemaSpy Maven Plugin:provided
maven-resolver-spi-1.9.22.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.9

Identifiers

maven-resolver-util-1.9.22.jar

Description:

A collection of utility classes to ease usage of the repository system.

License:

"Apache-2.0";link="https://www.apache.org/licenses/LICENSE-2.0.txt"
File Path: /home/runner/.m2/repository/org/apache/maven/resolver/maven-resolver-util/1.9.22/maven-resolver-util-1.9.22.jar
MD5: 4e84c0379667d2436a99fced60a74b5d
SHA1: d5febed69ca2fe0dacffec95b6cb0760b0270fd1
SHA256:4aaea1584c39294ca926fc474723d9684473609ef4490c4eb169d6ea7daca6b5
Referenced In Project/Scope: SchemaSpy Maven Plugin:provided
maven-resolver-util-1.9.22.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.9

Identifiers

maven-settings-3.9.9.jar

Description:

Maven Settings model.

File Path: /home/runner/.m2/repository/org/apache/maven/maven-settings/3.9.9/maven-settings-3.9.9.jar
MD5: a5eede8fe9b01b7bb3c6dad06a738365
SHA1: a82024d87a107965ae274d944c844c9186ff410d
SHA256:68edf1b510e0d759ec501271a5d05e3a6e425462fbb84126c16e8a6f89abdada
Referenced In Project/Scope: SchemaSpy Maven Plugin:provided
maven-settings-3.9.9.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.9

Identifiers

maven-settings-builder-3.9.9.jar

Description:

The effective settings builder, with inheritance and password decryption.

File Path: /home/runner/.m2/repository/org/apache/maven/maven-settings-builder/3.9.9/maven-settings-builder-3.9.9.jar
MD5: 4fb4ae61642d42cba66821d8698a670a
SHA1: 71a9bee9618839ffaf7c0de3b53ac1c408b57ae0
SHA256:094640f3fdce47250cb06968a143f40c4e2f1c22be979c73caac2f49f3c38373
Referenced In Project/Scope: SchemaSpy Maven Plugin:provided
maven-settings-builder-3.9.9.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.9

Identifiers

maven-shared-utils-3.4.2.jar

Description:

Shared utilities for use by Maven core and plugins

File Path: /home/runner/.m2/repository/org/apache/maven/shared/maven-shared-utils/3.4.2/maven-shared-utils-3.4.2.jar
MD5: 53a038f77a81cb5816ad2b1c7daa8711
SHA1: bfa28296272a5915b08de9f11f34a94b0a818fd0
SHA256:b613357e1bad4dfc1dead801691c9460f9585fe7c6b466bc25186212d7d18487
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
maven-shared-utils-3.4.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.9

Identifiers

mssql-jdbc-12.8.1.jre11.jar

Description:

		Microsoft JDBC Driver for SQL Server.
	

License:

MIT License: http://www.opensource.org/licenses/mit-license.php
File Path: /home/runner/.m2/repository/com/microsoft/sqlserver/mssql-jdbc/12.8.1.jre11/mssql-jdbc-12.8.1.jre11.jar
MD5: 7708ca290ebb81546eda0b1c55477081
SHA1: 1f641274a8cc1ff71d05eb6d5c9f8e8a6d217c54
SHA256:e6933c0711e598a224060e52ed31392f720a4a7664e85d8ae37c52a85b67ebb0
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
mssql-jdbc-12.8.1.jre11.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/nl.geodienstencentrum.maven/schemaspy-maven-plugin@5.3.1-SNAPSHOT

Identifiers

mysql-connector-j-9.1.0.jar

Description:

JDBC Type 4 driver for MySQL.

License:

The GNU General Public License, v2 with Universal FOSS Exception, v1.0
File Path: /home/runner/.m2/repository/com/mysql/mysql-connector-j/9.1.0/mysql-connector-j-9.1.0.jar
MD5: db2bdcfd7c2184780b5cda29d8af6997
SHA1: 005fb1d513278e1a9767dfa80ea9d8d7ee909f1a
SHA256:8776e2ebc46072c9a47ea59d98298c4273bd9f16a7b26b5dfa4744535aa26c62
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
mysql-connector-j-9.1.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/nl.geodienstencentrum.maven/schemaspy-maven-plugin@5.3.1-SNAPSHOT

Identifiers

nashorn-core-15.4.jar

Description:

Nashorn is an Open Source JavaScript (ECMAScript 5.1 and some 6 features) engine for the JVM.

License:

GPL v2 with the Classpath exception: https://github.com/openjdk/nashorn/blob/main/LICENSE
File Path: /home/runner/.m2/repository/org/openjdk/nashorn/nashorn-core/15.4/nashorn-core-15.4.jar
MD5: a9b3360e6a486cf62c1952c7816b7d97
SHA1: f67f5ffaa5f5130cf6fb9b133da00c7df3b532a5
SHA256:6f816e84dfd63a81d4eaa7829c08337bbaff3ec683ff3bf6bbd90d017a00dc6f
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
nashorn-core-15.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4

Identifiers

nashorn-core-15.4.jar: base.js

File Path: /home/runner/.m2/repository/org/openjdk/nashorn/nashorn-core/15.4/nashorn-core-15.4.jar/org/openjdk/nashorn/internal/runtime/resources/fx/base.js
MD5: 93c3e1b9f9491fb5b5df96a41441162c
SHA1: 6f2cfb7815fd7028792731ee5cd13651036e60bd
SHA256:824c73ce701b9820cc1b799e9af043f3663a72114be2a560ce1933ae1e4e496a
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

nashorn-core-15.4.jar: bootstrap.js

File Path: /home/runner/.m2/repository/org/openjdk/nashorn/nashorn-core/15.4/nashorn-core-15.4.jar/org/openjdk/nashorn/internal/runtime/resources/fx/bootstrap.js
MD5: 948cb0239b8abc93e84e813e2da8d6dc
SHA1: 79559bab4c6ae8b0ab573e37b82b50013f647956
SHA256:9ec201c6fcff2c9a2a536f80f8ea14f604092768011b5c4f59ec7b313cf359c4
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

nashorn-core-15.4.jar: controls.js

File Path: /home/runner/.m2/repository/org/openjdk/nashorn/nashorn-core/15.4/nashorn-core-15.4.jar/org/openjdk/nashorn/internal/runtime/resources/fx/controls.js
MD5: 4f9093fd24e64162c92385e1def8747f
SHA1: 016d3d27e7f9e8a6054d6248e1c2cfe72b062efd
SHA256:a065a17b974ffc3ac4c98a5177c21d39ccd70fa50eb9a4d10ed96074904285c8
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

nashorn-core-15.4.jar: fxml.js

File Path: /home/runner/.m2/repository/org/openjdk/nashorn/nashorn-core/15.4/nashorn-core-15.4.jar/org/openjdk/nashorn/internal/runtime/resources/fx/fxml.js
MD5: 262095de4844ffde10c018ef296107ee
SHA1: 5d41efdc93dac1dcecd4d6f3625f43a36af961bf
SHA256:0e411601888672288fdfa6c0018710c2156a2efef619cfd11719cdb0d63a2dfb
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

nashorn-core-15.4.jar: graphics.js

File Path: /home/runner/.m2/repository/org/openjdk/nashorn/nashorn-core/15.4/nashorn-core-15.4.jar/org/openjdk/nashorn/internal/runtime/resources/fx/graphics.js
MD5: 471022fc763c3ec65292a7f1689c58ff
SHA1: 014c1893d89dc76adbca7a30992b1c8db36c4db5
SHA256:8c12199afd230a5d936f7390a290bf899d536a731cc2b240478ecb077c3dd292
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

nashorn-core-15.4.jar: media.js

File Path: /home/runner/.m2/repository/org/openjdk/nashorn/nashorn-core/15.4/nashorn-core-15.4.jar/org/openjdk/nashorn/internal/runtime/resources/fx/media.js
MD5: 6eb77f5d138fab0f13d3601b0e68c2e1
SHA1: 385eb91d9f5d96d0575facda44c9cf1064c70a21
SHA256:e096e61fa52ef7109adae7011f5c7d004ca87aeeb43647af982e45dac77c2b0f
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

nashorn-core-15.4.jar: mozilla_compat.js

File Path: /home/runner/.m2/repository/org/openjdk/nashorn/nashorn-core/15.4/nashorn-core-15.4.jar/org/openjdk/nashorn/internal/runtime/resources/mozilla_compat.js
MD5: dcd9c8927badf397f82274077a7a9b82
SHA1: f953a1b5e422f41c66bbf32f314f8de4e8de1995
SHA256:f52167e7cec0601b53af50e3e3d9359057c37356cb3fd6fbfe0ba451bd70ff04
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

nashorn-core-15.4.jar: parser.js

File Path: /home/runner/.m2/repository/org/openjdk/nashorn/nashorn-core/15.4/nashorn-core-15.4.jar/org/openjdk/nashorn/internal/runtime/resources/parser.js
MD5: b1c71079ce0792c735ce93bb05f77f04
SHA1: 1436e8c38788e10b774eb97bddb186f417a2352f
SHA256:bb1b0b23cd2f74fdaf9cb508cc0dfd9b37529c72086e4279cb27dad664e4a261
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

nashorn-core-15.4.jar: swing.js

File Path: /home/runner/.m2/repository/org/openjdk/nashorn/nashorn-core/15.4/nashorn-core-15.4.jar/org/openjdk/nashorn/internal/runtime/resources/fx/swing.js
MD5: d92f35751bc4d6f50e6817884e7bd10e
SHA1: ebb47348ccaddb3f4dac31d91b839ce9bbc03d50
SHA256:7f1334e91b0d15bbcfcbd87b19ebf83f254065477f61e1a353ef1eaf9aaffe38
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

nashorn-core-15.4.jar: web.js

File Path: /home/runner/.m2/repository/org/openjdk/nashorn/nashorn-core/15.4/nashorn-core-15.4.jar/org/openjdk/nashorn/internal/runtime/resources/fx/web.js
MD5: c46659f1ba056770e2627807fc5f06d9
SHA1: c733b0eed6f6a37639039a77c496f9e4c2323cd4
SHA256:af7127f5a5af79f7c641a80b1dfa4de3bc6500c0a50258131379c7ec54b85484
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

ojdbc11-23.6.0.24.10.jar

Description:

 Oracle JDBC Driver compatible with JDK11, JDK17, JDK19, and JDK21

License:

Oracle Free Use Terms and Conditions (FUTC): https://www.oracle.com/downloads/licenses/oracle-free-license.html
File Path: /home/runner/.m2/repository/com/oracle/database/jdbc/ojdbc11/23.6.0.24.10/ojdbc11-23.6.0.24.10.jar
MD5: bcdec91481b6c2d28b8c5bc675947621
SHA1: 2cc0896304c2a35013f044bd454c26f8e03ea112
SHA256:8e6af2c3401c64270922e0dca66879fd07281de3347ad1d1a0e1153ed41423a6
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
ojdbc11-23.6.0.24.10.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/nl.geodienstencentrum.maven/schemaspy-maven-plugin@5.3.1-SNAPSHOT

Identifiers

org.eclipse.sisu.inject-0.9.0.M3.jar

Description:

JSR330-based container; supports classpath scanning, auto-binding, and dynamic auto-wiring

License:

"Eclipse Public License, Version 2.0";link="https://www.eclipse.org/legal/epl-v20.html"
File Path: /home/runner/.m2/repository/org/eclipse/sisu/org.eclipse.sisu.inject/0.9.0.M3/org.eclipse.sisu.inject-0.9.0.M3.jar
MD5: 643a13084e0ac59cdda06319e1b348ea
SHA1: 3665002ba4d16dfa779ef658a63d0608c4bd898b
SHA256:15335c4dcf082f599fb8eddcfb58d6a7e9a9c97de2883c257089a479b9b24522
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
org.eclipse.sisu.inject-0.9.0.M3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.9

Identifiers

org.eclipse.sisu.plexus-0.9.0.M3.jar

Description:

Plexus-JSR330 adapter; adds Plexus support to the Sisu-Inject container

License:

"Eclipse Public License, Version 2.0";link="https://www.eclipse.org/legal/epl-v20.html"
File Path: /home/runner/.m2/repository/org/eclipse/sisu/org.eclipse.sisu.plexus/0.9.0.M3/org.eclipse.sisu.plexus-0.9.0.M3.jar
MD5: 964e7bc9837b270566f18b87af65f5d7
SHA1: b493c7abcc6e04fa0a6a20d489a3db0395c76f70
SHA256:c99674d3773e26154885661711f0b6d63aa5008f5cc99227a236756d4ad9de5e
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
org.eclipse.sisu.plexus-0.9.0.M3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.9

Identifiers

plexus-archiver-2.2.jar

File Path: /home/runner/.m2/repository/org/codehaus/plexus/plexus-archiver/2.2/plexus-archiver-2.2.jar
MD5: 61dd3bbc4682a29a286baa58f9c7f859
SHA1: 13e55f4c2b7cdbf59a9bbd668d3c058d1a40664b
SHA256:9154a5e6e1f95a1c74d4254670fec8d7aacd5692115710fe7e1381636c6be38c
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
plexus-archiver-2.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.plugin-testing/maven-plugin-testing-harness@3.3.0

Identifiers

CVE-2023-37460  

Plexis Archiver is a collection of Plexus components to create archives or extract archives to a directory with a unified `Archiver`/`UnArchiver` API. Prior to version 4.8.0, using AbstractUnArchiver for extracting an archive might lead to an arbitrary file creation and possibly remote code execution. When extracting an archive with an entry that already exists in the destination directory as a symbolic link whose target does not exist - the `resolveFile()` function will return the symlink's source instead of its target, which will pass the verification that ensures the file will not be extracted outside of the destination directory. Later `Files.newOutputStream()`, that follows symlinks by default,  will actually write the entry's content to the symlink's target. Whoever uses plexus archiver to extract an untrusted archive is vulnerable to an arbitrary file creation and possibly remote code execution. Version 4.8.0 contains a patch for this issue.
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), CWE-61 UNIX Symbolic Link (Symlink) Following

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions:

CVE-2018-1002200  

plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:1.8/RC:R/MAV:A

References:

Vulnerable Software & Versions:

CVE-2012-2098 (OSSINDEX)  

Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
CWE-310 Cryptographic Issues

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.codehaus.plexus:plexus-archiver:2.2:*:*:*:*:*:*:*

plexus-cipher-2.0.jar

File Path: /home/runner/.m2/repository/org/codehaus/plexus/plexus-cipher/2.0/plexus-cipher-2.0.jar
MD5: 55d612839faf248cbe3e273969c002c2
SHA1: 425ea8e534716b4bff1ea90f39bd76be951d651b
SHA256:9a7f1b5c5a9effd61eadfd8731452a2f76a8e79111fac391ef75ea801bea203a
Referenced In Project/Scope: SchemaSpy Maven Plugin:provided
plexus-cipher-2.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.9

Identifiers

plexus-classworlds-2.8.0.jar

Description:

A class loader framework

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/codehaus/plexus/plexus-classworlds/2.8.0/plexus-classworlds-2.8.0.jar
MD5: 92089dee35db6423c2128559238430cb
SHA1: 5d0d8c71b61b38ce127a46702a453f9aa09a4ee2
SHA256:081b40e0eab033cd5ac72d2501bfff4f5fd2a3eef827051111730ea152681c72
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
plexus-classworlds-2.8.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.9

Identifiers

plexus-component-annotations-2.1.0.jar

Description:

    Plexus Component "Java 5" Annotations, to describe plexus components properties in java sources with
    standard annotations instead of javadoc annotations.
  

File Path: /home/runner/.m2/repository/org/codehaus/plexus/plexus-component-annotations/2.1.0/plexus-component-annotations-2.1.0.jar
MD5: 141fd7a2ae613cb17d25ecd54b43eb3f
SHA1: 2f2147a6cc6a119a1b51a96f31d45c557f6244b9
SHA256:bde3617ce9b5bcf9584126046080043af6a4b3baea40a3b153f02e7bbc32acac
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
plexus-component-annotations-2.1.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.9

Identifiers

plexus-container-default-1.0-alpha-9-stable-1.jar

File Path: /home/runner/.m2/repository/org/codehaus/plexus/plexus-container-default/1.0-alpha-9-stable-1/plexus-container-default-1.0-alpha-9-stable-1.jar
MD5: 99533a9d3e0fa3280cd0bd3426c5f99b
SHA1: 94aea3010e250a334d9dab7f591114cd6c767458
SHA256:7c758612888782ccfe376823aee7cdcc7e0cdafb097f7ef50295a0b0c3a16edf
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
plexus-container-default-1.0-alpha-9-stable-1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.plugin-testing/maven-plugin-testing-harness@3.3.0

Identifiers

plexus-i18n-1.0-beta-10.jar

File Path: /home/runner/.m2/repository/org/codehaus/plexus/plexus-i18n/1.0-beta-10/plexus-i18n-1.0-beta-10.jar
MD5: 7f36c0459c853750c627f682ec7bcf52
SHA1: 27506f59e54cc80b8c28b977c2bcd0478094e0cc
SHA256:b87f25b512ffafcafbf4a05ab943812e9c6915291370c6b46016eb3836886c41
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
plexus-i18n-1.0-beta-10.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.reporting/maven-reporting-impl@4.0.0

Identifiers

plexus-interpolation-1.27.jar

Description:

The Plexus project provides a full software stack for creating and executing software projects.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/codehaus/plexus/plexus-interpolation/1.27/plexus-interpolation-1.27.jar
MD5: c2edbe0dbc934692794aaeac6006055a
SHA1: 8dc73f4ff5eafcbb7ec035ba54736e828b272533
SHA256:3fb4fb6143fdf964024c3cb738551524b9ea84e5c211cd660c559ad0703e5230
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
plexus-interpolation-1.27.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.9

Identifiers

plexus-io-2.0.4.jar

File Path: /home/runner/.m2/repository/org/codehaus/plexus/plexus-io/2.0.4/plexus-io-2.0.4.jar
MD5: bbaf4deaddcc590be52643888630f693
SHA1: dc773899dfb3f857411ef49db46f17d7a465a634
SHA256:58f2898b70709f1216fa3afe69e0a7cdb41ad6a3927b2507a4a89941c9e4ab76
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
plexus-io-2.0.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.plugin-testing/maven-plugin-testing-harness@3.3.0

Identifiers

plexus-sec-dispatcher-2.0.jar

File Path: /home/runner/.m2/repository/org/codehaus/plexus/plexus-sec-dispatcher/2.0/plexus-sec-dispatcher-2.0.jar
MD5: e68635a721630177ac70173e441336b6
SHA1: f89c5080614ffd0764e49861895dbedde1b47237
SHA256:873139960c4c780176dda580b003a2c4bf82188bdce5bb99234e224ef7acfceb
Referenced In Project/Scope: SchemaSpy Maven Plugin:provided
plexus-sec-dispatcher-2.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.9

Identifiers

plexus-utils-3.5.1.jar

Description:

A collection of various utility classes to ease working with strings, files, command lines, XML and
    more.
  

File Path: /home/runner/.m2/repository/org/codehaus/plexus/plexus-utils/3.5.1/plexus-utils-3.5.1.jar
MD5: cdec471a77f52e687d0df4c43f392a71
SHA1: c6bfb17c97ecc8863e88778ea301be742c62b06d
SHA256:86e0255d4c879c61b4833ed7f13124e8bb679df47debb127326e7db7dd49a07b
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
plexus-utils-3.5.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.9

Identifiers

plexus-velocity-2.2.0.jar

File Path: /home/runner/.m2/repository/org/codehaus/plexus/plexus-velocity/2.2.0/plexus-velocity-2.2.0.jar
MD5: fd4bb44db19036ab360720360f09dccc
SHA1: 75a983b74a4c0adcd0751528ff397ae308ef6d0c
SHA256:3e7e902f492c973cf210ddb8267843a3b65e83f5067467e2f4d9af0051f6b8b9
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
plexus-velocity-2.2.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.reporting/maven-reporting-impl@4.0.0

Identifiers

plexus-xml-3.0.0.jar

Description:

A collection of various utility classes to ease working with XML in Maven 3.

File Path: /home/runner/.m2/repository/org/codehaus/plexus/plexus-xml/3.0.0/plexus-xml-3.0.0.jar
MD5: cccca4a03a8367cd20e4efaead5fba0b
SHA1: d16b91678bc3734276886132923d6919c935c9f7
SHA256:d2622dc9339b16f5b8c9cad2add440e965831d0e16f19ae1de24e1202b0de536
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
plexus-xml-3.0.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.9

Identifiers

postgresql-42.7.4.jar

Description:

PostgreSQL JDBC Driver Postgresql

License:

BSD-2-Clause: https://jdbc.postgresql.org/about/license.html
File Path: /home/runner/.m2/repository/org/postgresql/postgresql/42.7.4/postgresql-42.7.4.jar
MD5: ef7e9be503b5c6243697d628fb196cad
SHA1: 264310fd7b2cd76738787dc0b9f7ea2e3b11adc1
SHA256:188976721ead8e8627eb6d8389d500dccc0c9bebd885268a3047180274a6031e
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
postgresql-42.7.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/nl.geodienstencentrum.maven/schemaspy-maven-plugin@5.3.1-SNAPSHOT

Identifiers

protobuf-java-4.26.1.jar

Description:

    Core Protocol Buffers library. Protocol Buffers are a way of encoding structured data in an
    efficient yet extensible format.
  

License:

https://opensource.org/licenses/BSD-3-Clause
File Path: /home/runner/.m2/repository/com/google/protobuf/protobuf-java/4.26.1/protobuf-java-4.26.1.jar
MD5: 8e6a4bc05eb8ded0f27c6ac805469abe
SHA1: 594fabdcbceb7edfb883fe621d3e97d9cc05fa73
SHA256:091933e5870af810748326f7ace4a673aca721253177542842f044b546f14282
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
protobuf-java-4.26.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.mysql/mysql-connector-j@9.1.0

Identifiers

CVE-2024-7254 (OSSINDEX)  

Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing nested groups as unknown fields with DiscardUnknownFieldsParser or Java Protobuf Lite parser, or against Protobuf map fields, creates unbounded recursions that can be abused by an attacker.

Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2024-7254 for details
CWE-20 Improper Input Validation

CVSSv2:
  • Base Score: HIGH (8.699999809265137)
  • Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:com.google.protobuf:protobuf-java:4.26.1:*:*:*:*:*:*:*

schemaspy-6.2.4.jar

Description:

SchemaSpy generates HTML and PNG-based entity relationship diagrams from JDBC-enabled databases.
    

License:

LGPL-3.0-or-later: https://www.gnu.org/licenses/lgpl-3.0.txt
File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar
MD5: daeb9832cce7f142198a599c5e5be9f2
SHA1: 61689fe2bd4be56a3f6323895a245f8236d7995e
SHA256:f40bea88af06769d86e5efca2765fc50fd43b4720f6714d274b93f6158400e60
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
schemaspy-6.2.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/nl.geodienstencentrum.maven/schemaspy-maven-plugin@5.3.1-SNAPSHOT

Identifiers

schemaspy-6.2.4.jar: anchor.min.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/anchor-js/anchor.min.js
MD5: 59ccbcf40597fdbf5a3a5f88de29c39e
SHA1: 8dacf80a941783e6fc12bf00d5ae6f867b2edc92
SHA256:20804ad516e2b883aea5f1eb25f41e6cb8f498119454d9b8d48e25f1658f3e3f
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-6.2.4.jar: anomalies.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/anomalies.js
MD5: d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-6.2.4.jar: app.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/admin-lte/dist/js/app.js
MD5: 589220eddefd07d172948917bce32f46
SHA1: 3c14bff558126838fa30abe9bdcf4decf27f47c3
SHA256:e7107412589ffe7f372a5711948066ee763c4f68084475e3cb8aed2e431599f8
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-6.2.4.jar: app.min.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/admin-lte/dist/js/app.min.js
MD5: c97edde005d18d707bcf8f3185de7201
SHA1: 99e43178d50c0386a3b222551766cb08e81da1dd
SHA256:7a67b6c4dba7eceb6504af73c37a21b1d92a86f7331c85d7024ba36fcaff6236
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-6.2.4.jar: bootstrap.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/admin-lte/bootstrap/js/bootstrap.js
MD5: fb81549ee2896513a1ed5714b1b1a0f0
SHA1: 3b965a36a6b08854ad6eddedf85c5319fd392b4a
SHA256:0abe8deb334de1ba743b04d0399e99eba336afed9da72fc4c0a302c99f9238c8
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

CVE-2016-10735  

In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions from (including) 3.0.0; versions up to (excluding) 3.4.0
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta:*:*:*:*:*:*

CVE-2018-14041  

In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions from (including) 4.0.0; versions up to (excluding) 4.1.2
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha2:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha3:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha4:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha5:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha6:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta2:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta3:*:*:*:*:*:*

CVE-2018-14042  

In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0
  • cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions from (including) 4.0.0; versions up to (excluding) 4.1.2
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha2:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha3:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha4:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha5:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha6:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta2:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta3:*:*:*:*:*:*

CVE-2018-20676  

In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0

CVE-2018-20677  

In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0

CVE-2019-8331  

In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.1
  • cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions from (including) 4.3.0; versions up to (excluding) 4.3.1
  • cpe:2.3:a:redhat:virtualization_manager:4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:* versions up to (excluding) 5.19.0

CVE-2024-6484 (RETIREJS)  

Unscored:

  • Severity: medium

References:

Bootstrap before 4.0.0 is end-of-life and no longer maintained. (RETIREJS)  

Bootstrap before 4.0.0 is end-of-life and no longer maintained.
Unscored:
  • Severity: low

References:

schemaspy-6.2.4.jar: bootstrap.min.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/admin-lte/bootstrap/js/bootstrap.min.js
MD5: 5869c96cc8f19086aee625d670d741f9
SHA1: 430a443d74830fe9be26efca431f448c1b3740f9
SHA256:53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

CVE-2016-10735  

In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions from (including) 3.0.0; versions up to (excluding) 3.4.0
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta:*:*:*:*:*:*

CVE-2018-14041  

In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions from (including) 4.0.0; versions up to (excluding) 4.1.2
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha2:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha3:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha4:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha5:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha6:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta2:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta3:*:*:*:*:*:*

CVE-2018-14042  

In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0
  • cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions from (including) 4.0.0; versions up to (excluding) 4.1.2
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha2:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha3:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha4:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha5:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha6:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta2:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta3:*:*:*:*:*:*

CVE-2018-20676  

In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0

CVE-2018-20677  

In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0

CVE-2019-8331  

In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (excluding) 12.1.5.1
  • cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (excluding) 13.1.3.4
  • cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (excluding) 14.1.2.5
  • cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* versions from (including) 15.0.0; versions up to (excluding) 15.1.0
  • cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.1
  • cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions from (including) 4.3.0; versions up to (excluding) 4.3.1
  • cpe:2.3:a:redhat:virtualization_manager:4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:* versions up to (excluding) 5.19.0

CVE-2024-6484 (RETIREJS)  

Unscored:

  • Severity: medium

References:

Bootstrap before 4.0.0 is end-of-life and no longer maintained. (RETIREJS)  

Bootstrap before 4.0.0 is end-of-life and no longer maintained.
Unscored:
  • Severity: low

References:

schemaspy-6.2.4.jar: buttons.bootstrap.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/datatables.net-buttons-bs/js/buttons.bootstrap.js
MD5: d4f3fd56ffe8ee0dbdf57535e06e42e2
SHA1: fdf18cd630d82a89d6618753984edaf15fa24114
SHA256:11188b23c556bf2ff4d5e144cdad67faa417eb3c36eec6cbcd7b21566d9cfac1
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-6.2.4.jar: buttons.bootstrap.min.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/datatables.net-buttons-bs/js/buttons.bootstrap.min.js
MD5: ac22ff642b7e893d1481c3746e3a727e
SHA1: 31563ff1d6b172118d962a816259cbef55c9210d
SHA256:3c288a24e5ce97babfeb3f4ee1a222e97e26a1724709d7e0e238263e29197d9a
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-6.2.4.jar: buttons.colVis.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/datatables.net-buttons/buttons.colVis.js
MD5: 301a3927b58c194da0c7a1a28431fd2a
SHA1: 2c4dd397abee8d80eac8ebe5d79928ad508b48db
SHA256:f75eb463c4cdd2683c8cf79c3f7da9812d28f8891aacdea9253f8ae2c33100ec
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-6.2.4.jar: buttons.colVis.min.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/datatables.net-buttons/buttons.colVis.min.js
MD5: f4b5cebb54c4c4a0064176d86997a8fa
SHA1: db37f14a84880332c9b2eea2f96c377054428fa6
SHA256:5fd6d20a56e70a8b57286ecdb5ac3c799352067b6289b91ceaafa9464aa698fa
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-6.2.4.jar: buttons.flash.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/datatables.net-buttons/buttons.flash.js
MD5: 70a2e86e64be743e07cc4d4729d69a6b
SHA1: 968bc8c729cccf4b2052f55c57e6786a57059e3e
SHA256:7d7c21fff0f12cb4cff5eb443da61a5b91a6a917d8c4e9e01bb95aba69a41bd6
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-6.2.4.jar: buttons.flash.min.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/datatables.net-buttons/buttons.flash.min.js
MD5: 59fca0bf56ec890473eb362b1b6d1ae9
SHA1: 1660dd65e991d7f9b01db8dfacca16b4d67e55c8
SHA256:19641b70e1838b0e77fbd359b3745bc795507789d12e4a4925640e7fb3654bf4
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-6.2.4.jar: buttons.html5.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/datatables.net-buttons/buttons.html5.js
MD5: 49ad4fd980e4865b8da5ce06be20bc39
SHA1: a06f13b6d2c4cd35e0cd7d16de813e0ce8172712
SHA256:27396117755d4ac15886ac6b6e498b4c2b04104e5e41ef97c30fe6aef57a959b
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-6.2.4.jar: buttons.html5.min.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/datatables.net-buttons/buttons.html5.min.js
MD5: 4420f301dafa70f660c63dc9785c7dfb
SHA1: 48c16175a7ae240a54b65bba94eabce29045a0f9
SHA256:07a081c6a38ab09a0163aecaaf77713ffae6e09d06ba1a112efef22e01857ddc
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-6.2.4.jar: buttons.print.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/datatables.net-buttons/buttons.print.js
MD5: 66836cce3f63306ac9097560296f3ef8
SHA1: cf1ff4e63ad1b49cc47bc0e8b6c8a51423ca2235
SHA256:ea4a437952a00c782bee6c2021c7ed01c97f72deccefff93701fb904f4e5cb11
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-6.2.4.jar: buttons.print.min.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/datatables.net-buttons/buttons.print.min.js
MD5: 584df2eac3d5cbe85d7693812711436e
SHA1: 8f12ab29e1cfd6ac99897ed0dc4d5ab9d1372ae3
SHA256:5cf40aa1a69063798764e5019279283e180a23ee74b824c0e7dfb39e97640050
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-6.2.4.jar: codemirror.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/codemirror/codemirror.js
MD5: d1e82ecd62134c5d13d3318c8abd21dd
SHA1: 316b339b6e8e77186b47d66c88d7a45472a1c2d3
SHA256:6083403b7e8ffcb397a0e94165e1940557b02a992956f8d721a508bd440bd3a7
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-6.2.4.jar: column.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/column.js
MD5: 145c40d96cac3466adc62510d25439f3
SHA1: 4e0256c06650ae8b814a23637ac4bbf89a9a42c5
SHA256:e4e34072caf3381222a857e8b1c4ba8dba7d53400920aeec6387dad2235a608b
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-6.2.4.jar: constraint.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/constraint.js
MD5: e8627647698a908a405edd71a47866a0
SHA1: f45ef50ddea32e703d12ecef0088e1bb6635045c
SHA256:feaf4204e9e81a3845fa79e78220e7b48da5057bbfe9d478c4107b5db2727908
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-6.2.4.jar: dashboard.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/admin-lte/dist/js/pages/dashboard.js
MD5: e618d25f2ec4763ccf1a530140929169
SHA1: 0a216f26eb187e9e85ca49946b4e88996de72153
SHA256:684d0390d93e86519852c8ca211da17d0f5c67929083ec3d28feac11cf78afb9
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-6.2.4.jar: dashboard2.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/admin-lte/dist/js/pages/dashboard2.js
MD5: f27ed9a5f9672cb99b8affac5f898e6b
SHA1: ec365e09b46ad82c98a3af6b04d9485e37c96b9f
SHA256:83ac475ae8ec97d1c2ffc88b4acb90ecd9aa99c37fb9ba33bf7161a3deabeef3
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-6.2.4.jar: dataTables.bootstrap.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/datatables.net-bs/js/dataTables.bootstrap.js
MD5: 83b18e708e2df1204e52243778f64754
SHA1: 20b1140a1f0735ed99c0af52e0653d76c7233c5e
SHA256:b492281c0eb870d7bad0b4349aec7d20bc3ef5c2c3f91a1b33b6ab53bbcd9499
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-6.2.4.jar: dataTables.bootstrap.min.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/datatables.net-bs/js/dataTables.bootstrap.min.js
MD5: 19b11075f9b46a3cd26fb39a6f252b5d
SHA1: 44074789abea496fc9402979617f7d815d5cc7a2
SHA256:5ffe7cb3959b946300c3d4a90edaa757c74b44d09ac2cc86c0daa7643d097bfb
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-6.2.4.jar: dataTables.buttons.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/datatables.net-buttons/dataTables.buttons.js
MD5: 7016d72dae547c2994e996b3c6009541
SHA1: 28a64a8e38a7a4ad323893c164dc225af941fa05
SHA256:1e4fea9dc18d40a0a636a99a14bbdff16e8ec635f5d1c61c7d52c29f0e419d5a
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-6.2.4.jar: dataTables.buttons.min.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/datatables.net-buttons/dataTables.buttons.min.js
MD5: f13069a97e70168015f3d4bbf36f876f
SHA1: 90f5439d64c59e0f1b9ec9c0fef9639b3bf9f4c9
SHA256:8aeaf60f6f34ced8ed9c83b249bdfc8544cc8f318294074898e6ced1d04e678c
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-6.2.4.jar: demo.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/admin-lte/dist/js/demo.js
MD5: 4683fb3e338cff969296e416d26046b9
SHA1: 61f01104b4b9b2f6eace6640b700857429676b13
SHA256:2353102eb576ea212082292278f5f48d5463edba544759072c0ba9e4fb6c8ee4
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-6.2.4.jar: fastclick.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/admin-lte/plugins/fastclick/fastclick.js
MD5: 6e9d3b0da74f2a4a7042b494cdaa7c2e
SHA1: 06cef196733a710e77ad7e386ced6963f092dc55
SHA256:1aa08cb3c7aa70d268d24d59c374c14af7bd08e0af8c85f8e4f60a2651f4bab5
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-6.2.4.jar: fastclick.min.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/admin-lte/plugins/fastclick/fastclick.min.js
MD5: c5012b7a7be9ca08c1ea8056634b5b9d
SHA1: 4f1721e190356cf41677d009afddff17a3fd1aec
SHA256:32c983a4b3b87d8f7eafa40840c8791351a593c869a3029d8b7356a8cf6d2a94
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-6.2.4.jar: html5shiv.min.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/html5shiv/html5shiv.min.js
MD5: 40bd440d29b3a9371b0c63fec41ee64f
SHA1: e790c26449c57de298923c686cb3434d1d461a1d
SHA256:dc9cbf19b48bae0d28f72e59e67d6ec34ab1644087ec2e8e42954180d1586b48
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-6.2.4.jar: jquery-2.2.3.min.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/admin-lte/plugins/jQuery/jquery-2.2.3.min.js
MD5: 33cabfa15c1060aaa3d207c653afb1ee
SHA1: e3dbb65f2b541d842b50d37304b0102a2d5f2387
SHA256:6b6de0d4db7876d1183a3edb47ebd3bbbf93f153f5de1ba6645049348628109a
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

CVE-2015-9251  

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 3.0.0
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:business_process_management_suite:11.1.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:* versions up to (excluding) 7.0.0.1
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:* versions up to (excluding) 6.1.0.4.0
  • cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:* versions up to (excluding) 7.2
  • cpe:2.3:a:oracle:endeca_information_discovery_studio:3.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_operations_monitor:3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_operations_monitor:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 7.3.3; versions up to (including) 7.3.5
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.0; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:* versions from (including) 8.0.5; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.6
  • cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.6
  • cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_cruise_fleet_management:9.0.11:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_reporting_and_analytics:9.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:oss_support_tools:19.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.1; versions up to (including) 17.12
  • cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:real-time_scheduler:2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_allocation:15.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_invoice_matching:15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_sales_audit:15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_workforce_management_software:1.60.9:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_workforce_management_software:1.64.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:siebel_ui_framework:18.10:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:siebel_ui_framework:18.11:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:* versions from (including) 4.3.0.1; versions up to (including) 4.3.0.4
  • cpe:2.3:a:oracle:utilities_mobile_workforce_management:2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:webcenter_sites:11.1.1.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.3:*:*:*:*:*:*:*

CVE-2019-11358  

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.11.0; versions up to (excluding) 1.11.9
  • cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.12.0; versions up to (excluding) 1.12.6
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.66
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.5.0; versions up to (excluding) 8.5.15
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.6.0; versions up to (excluding) 8.6.15
  • cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:* versions from (including) 3.0.0; versions up to (including) 3.9.4
  • cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0
  • cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:* versions from (including) 3.0; versions up to (including) 3.1.3
  • cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
  • cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* versions up to (excluding) 19.1
  • cpe:2.3:a:oracle:application_service_level_management:13.2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_service_level_management:13.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:13.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:13.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_enterprise_collections:*:*:*:*:*:*:*:* versions from (including) 2.7.0; versions up to (including) 2.8.0
  • cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:* versions from (including) 2.4.0; versions up to (including) 2.10.0
  • cpe:2.3:a:oracle:bi_publisher:5.5.0.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:bi_publisher:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:big_data_discovery:1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_application_session_controller:3.8m0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:* versions from (including) 16.1.0; versions up to (including) 16.4.0
  • cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:*:*:*:*:*:*:*:* versions from (including) 6.0; versions up to (including) 6.4
  • cpe:2.3:a:oracle:communications_operations_monitor:*:*:*:*:*:*:*:* versions from (including) 4.1; versions up to (including) 4.3
  • cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:4.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_unified_inventory_management:7.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:diagnostic_assistant:2.12.36:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 7.3.3; versions up to (including) 7.3.5
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.1.0
  • cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_asset_liability_management:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_balance_sheet_planning:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.8
  • cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.9
  • cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:* versions from (including) 8.0.5; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_data_integration_hub:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_enterprise_financial_performance_analytics:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_enterprise_financial_performance_analytics:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.0.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.4.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.5.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_profitability_management:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_de_nederlandsche_bank:8.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_us_federal_reserve:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_retail_customer_analytics:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.6
  • cpe:2.3:a:oracle:financial_services_retail_performance_analytics:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_retail_performance_analytics:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.4.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.4.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_simphony:*:*:*:*:*:*:*:* versions from (including) 19.1.0; versions up to (including) 19.1.2
  • cpe:2.3:a:oracle:hospitality_simphony:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_simphony:18.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:identity_manager:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_accounting_analyzer:8.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:insurance_ifrs_17_analyzer:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_ifrs_17_analyzer:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:* versions from (including) 5.0.0.0; versions up to (including) 5.6.0.0
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_performance_insight:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper_and_adf:11.1.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper_and_adf:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper_and_adf:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:knowledge:*:*:*:*:*:*:*:* versions from (including) 8.6.0; versions up to (including) 8.6.3
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.15
  • cpe:2.3:a:oracle:policy_automation:10.4.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation:12.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation:12.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.15
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 16.2.0; versions up to (including) 16.2.11
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 17.12.0; versions up to (including) 17.12.7
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 18.8.0; versions up to (including) 18.8.9
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 19.12.0; versions up to (including) 19.12.4
  • cpe:2.3:a:oracle:primavera_gateway:15.2.18:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.7; versions up to (including) 17.12
  • cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:real-time_scheduler:*:*:*:*:*:*:*:* versions from (including) 2.3.0.1; versions up to (including) 2.3.0.3
  • cpe:2.3:a:oracle:rest_data_services:18c:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:19c:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:11.2.0.4:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:12.1.0.2:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:12.2.0.1:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_central_office:14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_point-of-service:14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:service_bus:11.1.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:siebel_mobile_applications:*:*:*:*:*:*:*:* versions up to (including) 19.8
  • cpe:2.3:a:oracle:siebel_ui_framework:20.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:system_utilities:19.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:tape_library_acsls:8.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:tape_library_acsls:8.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:transportation_management:1.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:utilities_mobile_workforce_management:*:*:*:*:*:*:*:* versions from (including) 2.3.0.1; versions up to (including) 2.3.0.3
  • cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:cloudforms:4.7:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:virtualization_manager:4.3:*:*:*:*:*:*:*

CVE-2020-11022  

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.70
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.7.0; versions up to (excluding) 8.7.14
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.8.0; versions up to (excluding) 8.8.6
  • cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions from (including) 1.2; versions up to (excluding) 3.5.0
  • cpe:2.3:a:netapp:max_data:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:* versions from (including) 3.0; versions up to (including) 3.1.3
  • cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_supplier_collaboration_for_process:6.2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:* versions from (including) 18.1; versions up to (including) 20.1
  • cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:* versions up to (excluding) 21.1.2
  • cpe:2.3:a:oracle:communications_application_session_controller:3.8m0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_diameter_signaling_router_idih\::*:*:*:*:*:*:*:* versions from (including) 8.0.0; versions up to (including) 8.2.2
  • cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:* versions from (including) 16.1.0; versions up to (including) 16.4.0
  • cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.6.0.0; versions up to (including) 8.1.0.0.0
  • cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8
  • cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_asset_liability_management:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_balance_sheet_planning:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0
  • cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.9
  • cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_data_integration_hub:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8
  • cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8
  • cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_profitability_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_profitability_management:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_profitability_management:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0
  • cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_us_federal_reserve:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.9
  • cpe:2.3:a:oracle:healthcare_foundation:7.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_simphony:*:*:*:*:*:*:*:* versions from (including) 19.1.0; versions up to (including) 19.1.2
  • cpe:2.3:a:oracle:hospitality_simphony:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_simphony:18.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_simphony:19.1.0-19.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_accounting_analyzer:8.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0
  • cpe:2.3:a:oracle:insurance_data_foundation:8.0.6-8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:* versions from (including) 5.0.0.0; versions up to (including) 5.6.0.0
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.20
  • cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.20
  • cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:siebel_ui_framework:20.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:storagetek_acsls:8.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:log_correlation_engine:*:*:*:*:*:*:*:* versions up to (excluding) 6.0.9

CVE-2020-11023  

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.70
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.7.0; versions up to (excluding) 8.7.14
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.8.0; versions up to (excluding) 8.8.6
  • cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions from (including) 1.0.3; versions up to (excluding) 3.5.0
  • cpe:2.3:a:netapp:max_data:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:* versions from (including) 3.0; versions up to (including) 3.1.3
  • cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:snapcenter_server:-:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* versions up to (excluding) 20.2
  • cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_enterprise_collections:*:*:*:*:*:*:*:* versions from (including) 2.7.0; versions up to (including) 2.8.0
  • cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:* versions from (including) 2.4.0; versions up to (including) 2.10.0
  • cpe:2.3:a:oracle:business_intelligence:5.9.0.0.0:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:* versions from (including) 16.1.0; versions up to (including) 16.4.0
  • cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:*:*:*:*:*:*:*:* versions from (including) 6.1; versions up to (including) 6.4
  • cpe:2.3:a:oracle:communications_operations_monitor:*:*:*:*:*:*:*:* versions from (including) 4.1; versions up to (including) 4.3
  • cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_de_nederlandsche_bank:8.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:health_sciences_inform:6.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hyperion_financial_reporting:11.1.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:* versions up to (excluding) 9.2.5.0
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:* versions up to (excluding) 9.2.5.0
  • cpe:2.3:a:oracle:oss_support_tools:*:*:*:*:*:*:*:* versions up to (excluding) 2.12.41
  • cpe:2.3:a:oracle:peoplesoft_enterprise_human_capital_management_resources:9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 16.2; versions up to (including) 16.2.11
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 17.12.0; versions up to (including) 17.12.7
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 18.8.0; versions up to (including) 18.8.9
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 19.12.0; versions up to (including) 19.12.4
  • cpe:2.3:a:oracle:rest_data_services:18c:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:19c:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:11.2.0.4:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:12.1.0.2:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:12.2.0.1:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:siebel_mobile:*:*:*:*:*:*:*:* versions up to (including) 20.12
  • cpe:2.3:a:oracle:storagetek_acsls:8.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:log_correlation_engine:*:*:*:*:*:*:*:* versions up to (excluding) 6.0.9

jquery issue: 162 (RETIREJS)  

jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates
Unscored:
  • Severity: low

References:

schemaspy-6.2.4.jar: jquery-ui.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/admin-lte/plugins/jQueryUI/jquery-ui.js
MD5: 04a4db2983450a2970c459ba87b4210a
SHA1: 3efaf11e60ea8c541b6dc26f0ef09f195732587a
SHA256:0c8e8d7408611519ceda4e759ae9987834a17addc8f0028241ffed7fb0113612
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

CVE-2016-7103  

Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:jqueryui:jquery_ui:*:*:*:*:*:*:*:* versions from (including) 1.10.0; versions up to (including) 1.11.4
  • cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* versions up to (excluding) 19.1
  • cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:oracle:hospitality_cruise_fleet_management:9.0.11:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:oss_support_tools:*:*:*:*:*:*:*:* versions up to (excluding) 2.12.42
  • cpe:2.3:a:oracle:oss_support_tools:2.12.42:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 16.0; versions up to (including) 16.2
  • cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.0; versions up to (including) 17.12.4
  • cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 18.0; versions up to (including) 18.8.4
  • cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:* versions up to (including) 21.2
  • cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:openstack:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:openstack:8:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:openstack:9:*:*:*:*:*:*:*

CVE-2021-41182  

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.86
  • cpe:2.3:a:jqueryui:jquery_ui:*:*:*:*:*:jquery:*:* versions up to (excluding) 1.13.0
  • cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* versions up to (excluding) 22.1.1
  • cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_platform:2.12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:big_data_spatial_and_graph:*:*:*:*:*:*:*:* versions up to (excluding) 23.1
  • cpe:2.3:a:oracle:big_data_spatial_and_graph:23.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_inventory_management:9.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_suite8:*:*:*:*:*:*:*:* versions from (including) 8.11.0; versions up to (including) 8.14.0
  • cpe:2.3:a:oracle:hospitality_suite8:8.10.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:* versions up to (including) 9.2.6.3
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:* versions up to (including) 8.0.29
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.25
  • cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.7; versions up to (including) 17.12
  • cpe:2.3:a:oracle:primavera_unifier:17.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:17.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:17.9:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:17.10:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:17.11:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:17.12:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:*:*:*:*:-:*:*:* versions up to (excluding) 22.1.1
  • cpe:2.3:a:oracle:rest_data_services:22.1.1:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:* versions up to (excluding) 5.21.0

CVE-2021-41183  

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now always treated as pure text, not HTML. A workaround is to not accept the value of the `*Text` options from untrusted sources.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.86
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 9.2.0; versions up to (excluding) 9.2.11
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 9.3.0; versions up to (excluding) 9.3.3
  • cpe:2.3:a:jqueryui:jquery_ui:*:*:*:*:*:jquery:*:* versions up to (excluding) 1.13.0
  • cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* versions up to (excluding) 22.1.1
  • cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_platform:2.12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:big_data_spatial_and_graph:*:*:*:*:*:*:*:* versions up to (excluding) 23.1
  • cpe:2.3:a:oracle:big_data_spatial_and_graph:23.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_inventory_management:9.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_suite8:*:*:*:*:*:*:*:* versions from (including) 8.11.0; versions up to (including) 11.14.0
  • cpe:2.3:a:oracle:hospitality_suite8:8.10.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:* versions up to (including) 9.2.6.3
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:* versions up to (including) 8.0.29
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.5
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 17.7; versions up to (including) 17.12
  • cpe:2.3:a:oracle:primavera_gateway:18.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:19.12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:20.12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:21.12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:*:*:*:*:-:*:*:* versions up to (excluding) 22.1.1
  • cpe:2.3:a:oracle:rest_data_services:22.1.1:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:* versions up to (excluding) 5.21.0

CVE-2021-41184  

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.86
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 9.2.0; versions up to (excluding) 9.2.11
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 9.3.0; versions up to (excluding) 9.3.3
  • cpe:2.3:a:jqueryui:jquery_ui:*:*:*:*:*:jquery:*:* versions up to (excluding) 1.13.0
  • cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* versions up to (excluding) 22.1.1
  • cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_platform:2.12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:big_data_spatial_and_graph:*:*:*:*:*:*:*:* versions up to (excluding) 23.1
  • cpe:2.3:a:oracle:big_data_spatial_and_graph:23.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_inventory_management:9.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_suite8:*:*:*:*:*:*:*:* versions from (including) 8.11.0; versions up to (including) 8.14.0
  • cpe:2.3:a:oracle:hospitality_suite8:8.10.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:* versions up to (including) 9.2.6.3
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.25
  • cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.7; versions up to (including) 17.12
  • cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:*:*:*:*:-:*:*:* versions up to (excluding) 22.1.1
  • cpe:2.3:a:oracle:rest_data_services:22.1.1:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:* versions up to (excluding) 5.21.0

CVE-2022-31160  

jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. Versions prior to 1.13.2 are potentially vulnerable to cross-site scripting. Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents considered as the input label. Calling `.checkboxradio( "refresh" )` on such a widget and the initial HTML contained encoded HTML entities will make them erroneously get decoded. This can lead to potentially executing JavaScript code. The bug has been patched in jQuery UI 1.13.2. To remediate the issue, someone who can change the initial HTML can wrap all the non-input contents of the `label` in a `span`.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:drupal:jquery_ui_checkboxradio:8.x-1.0:*:*:*:*:drupal:*:*
  • cpe:2.3:a:drupal:jquery_ui_checkboxradio:8.x-1.1:*:*:*:*:drupal:*:*
  • cpe:2.3:a:drupal:jquery_ui_checkboxradio:8.x-1.2:*:*:*:*:drupal:*:*
  • cpe:2.3:a:drupal:jquery_ui_checkboxradio:8.x-1.3:*:*:*:*:drupal:*:*
  • cpe:2.3:a:jqueryui:jquery_ui:*:*:*:*:*:jquery:*:* versions up to (excluding) 1.13.2
  • cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*

schemaspy-6.2.4.jar: jquery-ui.min.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/admin-lte/plugins/jQueryUI/jquery-ui.min.js
MD5: d935d506ae9c8dd9e0f96706fbb91f65
SHA1: 7f650ee30c6a4d3eea04032039b20ff72997559b
SHA256:c4d8dbe77feb63e5a61bee0bead4e5f66e8fa6a927599bd1b74aced52467273c
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

CVE-2016-7103  

Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:jqueryui:jquery_ui:*:*:*:*:*:*:*:* versions from (including) 1.10.0; versions up to (including) 1.11.4
  • cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* versions up to (excluding) 19.1
  • cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:oracle:hospitality_cruise_fleet_management:9.0.11:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:oss_support_tools:*:*:*:*:*:*:*:* versions up to (excluding) 2.12.42
  • cpe:2.3:a:oracle:oss_support_tools:2.12.42:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 16.0; versions up to (including) 16.2
  • cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.0; versions up to (including) 17.12.4
  • cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 18.0; versions up to (including) 18.8.4
  • cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:* versions up to (including) 21.2
  • cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:openstack:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:openstack:8:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:openstack:9:*:*:*:*:*:*:*

CVE-2021-41182  

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.86
  • cpe:2.3:a:jqueryui:jquery_ui:*:*:*:*:*:jquery:*:* versions up to (excluding) 1.13.0
  • cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* versions up to (excluding) 22.1.1
  • cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_platform:2.12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:big_data_spatial_and_graph:*:*:*:*:*:*:*:* versions up to (excluding) 23.1
  • cpe:2.3:a:oracle:big_data_spatial_and_graph:23.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_inventory_management:9.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_suite8:*:*:*:*:*:*:*:* versions from (including) 8.11.0; versions up to (including) 8.14.0
  • cpe:2.3:a:oracle:hospitality_suite8:8.10.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:* versions up to (including) 9.2.6.3
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:* versions up to (including) 8.0.29
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.25
  • cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.7; versions up to (including) 17.12
  • cpe:2.3:a:oracle:primavera_unifier:17.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:17.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:17.9:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:17.10:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:17.11:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:17.12:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:*:*:*:*:-:*:*:* versions up to (excluding) 22.1.1
  • cpe:2.3:a:oracle:rest_data_services:22.1.1:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:* versions up to (excluding) 5.21.0

CVE-2021-41183  

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now always treated as pure text, not HTML. A workaround is to not accept the value of the `*Text` options from untrusted sources.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.86
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 9.2.0; versions up to (excluding) 9.2.11
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 9.3.0; versions up to (excluding) 9.3.3
  • cpe:2.3:a:jqueryui:jquery_ui:*:*:*:*:*:jquery:*:* versions up to (excluding) 1.13.0
  • cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* versions up to (excluding) 22.1.1
  • cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_platform:2.12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:big_data_spatial_and_graph:*:*:*:*:*:*:*:* versions up to (excluding) 23.1
  • cpe:2.3:a:oracle:big_data_spatial_and_graph:23.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_inventory_management:9.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_suite8:*:*:*:*:*:*:*:* versions from (including) 8.11.0; versions up to (including) 11.14.0
  • cpe:2.3:a:oracle:hospitality_suite8:8.10.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:* versions up to (including) 9.2.6.3
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:* versions up to (including) 8.0.29
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.5
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 17.7; versions up to (including) 17.12
  • cpe:2.3:a:oracle:primavera_gateway:18.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:19.12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:20.12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:21.12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:*:*:*:*:-:*:*:* versions up to (excluding) 22.1.1
  • cpe:2.3:a:oracle:rest_data_services:22.1.1:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:* versions up to (excluding) 5.21.0

CVE-2021-41184  

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.86
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 9.2.0; versions up to (excluding) 9.2.11
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 9.3.0; versions up to (excluding) 9.3.3
  • cpe:2.3:a:jqueryui:jquery_ui:*:*:*:*:*:jquery:*:* versions up to (excluding) 1.13.0
  • cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* versions up to (excluding) 22.1.1
  • cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_platform:2.12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:big_data_spatial_and_graph:*:*:*:*:*:*:*:* versions up to (excluding) 23.1
  • cpe:2.3:a:oracle:big_data_spatial_and_graph:23.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_inventory_management:9.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_suite8:*:*:*:*:*:*:*:* versions from (including) 8.11.0; versions up to (including) 8.14.0
  • cpe:2.3:a:oracle:hospitality_suite8:8.10.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:* versions up to (including) 9.2.6.3
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.25
  • cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.7; versions up to (including) 17.12
  • cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:*:*:*:*:-:*:*:* versions up to (excluding) 22.1.1
  • cpe:2.3:a:oracle:rest_data_services:22.1.1:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:* versions up to (excluding) 5.21.0

CVE-2022-31160  

jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. Versions prior to 1.13.2 are potentially vulnerable to cross-site scripting. Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents considered as the input label. Calling `.checkboxradio( "refresh" )` on such a widget and the initial HTML contained encoded HTML entities will make them erroneously get decoded. This can lead to potentially executing JavaScript code. The bug has been patched in jQuery UI 1.13.2. To remediate the issue, someone who can change the initial HTML can wrap all the non-input contents of the `label` in a `span`.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:drupal:jquery_ui_checkboxradio:8.x-1.0:*:*:*:*:drupal:*:*
  • cpe:2.3:a:drupal:jquery_ui_checkboxradio:8.x-1.1:*:*:*:*:drupal:*:*
  • cpe:2.3:a:drupal:jquery_ui_checkboxradio:8.x-1.2:*:*:*:*:drupal:*:*
  • cpe:2.3:a:drupal:jquery_ui_checkboxradio:8.x-1.3:*:*:*:*:drupal:*:*
  • cpe:2.3:a:jqueryui:jquery_ui:*:*:*:*:*:jquery:*:* versions up to (excluding) 1.13.2
  • cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*

schemaspy-6.2.4.jar: jquery.dataTables.min.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/datatables.net/jquery.dataTables.min.js
MD5: bcf14f55a3878cef5e522906ce13235b
SHA1: 588658fcd1f3acda0cd435dd583b1fe869d8f67b
SHA256:8f4d3b47b47a8a31163dad5d7fb15e27a0056d07b0c34c6089fd9225664e847c
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

CVE-2020-28458  

All versions of package datatables.net are vulnerable to Prototype Pollution due to an incomplete fix for https://snyk.io/vuln/SNYK-JS-DATATABLESNET-598806.
CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: HIGH (7.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:datatables:datatables.net:*:*:*:*:*:node.js:*:* versions up to (excluding) 1.10.23

CVE-2021-23445  

This affects the package datatables.net before 1.11.3. If an array is passed to the HTML escape entities function it would not have its contents escaped.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:datatables:datatables.net:*:*:*:*:*:node.js:*:* versions up to (excluding) 1.11.3

prototype pollution (RETIREJS)  

prototype pollution
Unscored:
  • Severity: medium

References:

possible XSS (RETIREJS)  

possible XSS
Unscored:
  • Severity: low

References:

schemaspy-6.2.4.jar: jquery.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/jquery/jquery.js
MD5: 09dd64a64ba840c31a812a3ca25eaeee
SHA1: fd81582bf1b15e6747472df880ca822c362a97d1
SHA256:0d9027289ffa5d9f6c8b4e0782bb31bbff2cef5ee3708ccbcb7a22df9128bb21
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

CVE-2019-11358  

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.11.0; versions up to (excluding) 1.11.9
  • cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.12.0; versions up to (excluding) 1.12.6
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.66
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.5.0; versions up to (excluding) 8.5.15
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.6.0; versions up to (excluding) 8.6.15
  • cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:* versions from (including) 3.0.0; versions up to (including) 3.9.4
  • cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0
  • cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:* versions from (including) 3.0; versions up to (including) 3.1.3
  • cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
  • cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* versions up to (excluding) 19.1
  • cpe:2.3:a:oracle:application_service_level_management:13.2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_service_level_management:13.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:13.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:13.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_enterprise_collections:*:*:*:*:*:*:*:* versions from (including) 2.7.0; versions up to (including) 2.8.0
  • cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:* versions from (including) 2.4.0; versions up to (including) 2.10.0
  • cpe:2.3:a:oracle:bi_publisher:5.5.0.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:bi_publisher:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:big_data_discovery:1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_application_session_controller:3.8m0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:* versions from (including) 16.1.0; versions up to (including) 16.4.0
  • cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:*:*:*:*:*:*:*:* versions from (including) 6.0; versions up to (including) 6.4
  • cpe:2.3:a:oracle:communications_operations_monitor:*:*:*:*:*:*:*:* versions from (including) 4.1; versions up to (including) 4.3
  • cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:4.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_unified_inventory_management:7.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:diagnostic_assistant:2.12.36:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 7.3.3; versions up to (including) 7.3.5
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.1.0
  • cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_asset_liability_management:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_balance_sheet_planning:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.8
  • cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.9
  • cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:* versions from (including) 8.0.5; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_data_integration_hub:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_enterprise_financial_performance_analytics:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_enterprise_financial_performance_analytics:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.0.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.4.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.5.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_profitability_management:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_de_nederlandsche_bank:8.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_us_federal_reserve:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_retail_customer_analytics:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.6
  • cpe:2.3:a:oracle:financial_services_retail_performance_analytics:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_retail_performance_analytics:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.4.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.4.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_simphony:*:*:*:*:*:*:*:* versions from (including) 19.1.0; versions up to (including) 19.1.2
  • cpe:2.3:a:oracle:hospitality_simphony:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_simphony:18.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:identity_manager:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_accounting_analyzer:8.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:insurance_ifrs_17_analyzer:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_ifrs_17_analyzer:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:* versions from (including) 5.0.0.0; versions up to (including) 5.6.0.0
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_performance_insight:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper_and_adf:11.1.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper_and_adf:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper_and_adf:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:knowledge:*:*:*:*:*:*:*:* versions from (including) 8.6.0; versions up to (including) 8.6.3
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.15
  • cpe:2.3:a:oracle:policy_automation:10.4.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation:12.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation:12.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.15
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 16.2.0; versions up to (including) 16.2.11
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 17.12.0; versions up to (including) 17.12.7
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 18.8.0; versions up to (including) 18.8.9
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 19.12.0; versions up to (including) 19.12.4
  • cpe:2.3:a:oracle:primavera_gateway:15.2.18:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.7; versions up to (including) 17.12
  • cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:real-time_scheduler:*:*:*:*:*:*:*:* versions from (including) 2.3.0.1; versions up to (including) 2.3.0.3
  • cpe:2.3:a:oracle:rest_data_services:18c:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:19c:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:11.2.0.4:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:12.1.0.2:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:12.2.0.1:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_central_office:14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_point-of-service:14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:service_bus:11.1.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:siebel_mobile_applications:*:*:*:*:*:*:*:* versions up to (including) 19.8
  • cpe:2.3:a:oracle:siebel_ui_framework:20.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:system_utilities:19.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:tape_library_acsls:8.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:tape_library_acsls:8.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:transportation_management:1.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:utilities_mobile_workforce_management:*:*:*:*:*:*:*:* versions from (including) 2.3.0.1; versions up to (including) 2.3.0.3
  • cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:cloudforms:4.7:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:virtualization_manager:4.3:*:*:*:*:*:*:*

CVE-2020-11022  

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.70
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.7.0; versions up to (excluding) 8.7.14
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.8.0; versions up to (excluding) 8.8.6
  • cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions from (including) 1.2; versions up to (excluding) 3.5.0
  • cpe:2.3:a:netapp:max_data:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:* versions from (including) 3.0; versions up to (including) 3.1.3
  • cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_supplier_collaboration_for_process:6.2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:* versions from (including) 18.1; versions up to (including) 20.1
  • cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:* versions up to (excluding) 21.1.2
  • cpe:2.3:a:oracle:communications_application_session_controller:3.8m0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_diameter_signaling_router_idih\::*:*:*:*:*:*:*:* versions from (including) 8.0.0; versions up to (including) 8.2.2
  • cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:* versions from (including) 16.1.0; versions up to (including) 16.4.0
  • cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.6.0.0; versions up to (including) 8.1.0.0.0
  • cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8
  • cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_asset_liability_management:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_balance_sheet_planning:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0
  • cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.9
  • cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_data_integration_hub:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8
  • cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8
  • cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_profitability_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_profitability_management:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_profitability_management:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0
  • cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_us_federal_reserve:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.9
  • cpe:2.3:a:oracle:healthcare_foundation:7.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_simphony:*:*:*:*:*:*:*:* versions from (including) 19.1.0; versions up to (including) 19.1.2
  • cpe:2.3:a:oracle:hospitality_simphony:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_simphony:18.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_simphony:19.1.0-19.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_accounting_analyzer:8.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0
  • cpe:2.3:a:oracle:insurance_data_foundation:8.0.6-8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:* versions from (including) 5.0.0.0; versions up to (including) 5.6.0.0
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.20
  • cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.20
  • cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:siebel_ui_framework:20.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:storagetek_acsls:8.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:log_correlation_engine:*:*:*:*:*:*:*:* versions up to (excluding) 6.0.9

CVE-2020-11023  

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.70
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.7.0; versions up to (excluding) 8.7.14
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.8.0; versions up to (excluding) 8.8.6
  • cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions from (including) 1.0.3; versions up to (excluding) 3.5.0
  • cpe:2.3:a:netapp:max_data:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:* versions from (including) 3.0; versions up to (including) 3.1.3
  • cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:snapcenter_server:-:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* versions up to (excluding) 20.2
  • cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_enterprise_collections:*:*:*:*:*:*:*:* versions from (including) 2.7.0; versions up to (including) 2.8.0
  • cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:* versions from (including) 2.4.0; versions up to (including) 2.10.0
  • cpe:2.3:a:oracle:business_intelligence:5.9.0.0.0:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:* versions from (including) 16.1.0; versions up to (including) 16.4.0
  • cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:*:*:*:*:*:*:*:* versions from (including) 6.1; versions up to (including) 6.4
  • cpe:2.3:a:oracle:communications_operations_monitor:*:*:*:*:*:*:*:* versions from (including) 4.1; versions up to (including) 4.3
  • cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_de_nederlandsche_bank:8.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:health_sciences_inform:6.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hyperion_financial_reporting:11.1.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:* versions up to (excluding) 9.2.5.0
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:* versions up to (excluding) 9.2.5.0
  • cpe:2.3:a:oracle:oss_support_tools:*:*:*:*:*:*:*:* versions up to (excluding) 2.12.41
  • cpe:2.3:a:oracle:peoplesoft_enterprise_human_capital_management_resources:9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 16.2; versions up to (including) 16.2.11
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 17.12.0; versions up to (including) 17.12.7
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 18.8.0; versions up to (including) 18.8.9
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 19.12.0; versions up to (including) 19.12.4
  • cpe:2.3:a:oracle:rest_data_services:18c:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:19c:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:11.2.0.4:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:12.1.0.2:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:12.2.0.1:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:siebel_mobile:*:*:*:*:*:*:*:* versions up to (including) 20.12
  • cpe:2.3:a:oracle:storagetek_acsls:8.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:log_correlation_engine:*:*:*:*:*:*:*:* versions up to (excluding) 6.0.9

schemaspy-6.2.4.jar: jquery.slimscroll.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/admin-lte/plugins/slimScroll/jquery.slimscroll.js
MD5: 6ee5ab5d89857be6eaf08b63eb3246b0
SHA1: 1988633067079e50c05ac4bf42eb59c97aa96992
SHA256:e0ae991f3c0c611e7f794d9278321a072bacfea922f48158f219b197953a0f56
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-6.2.4.jar: jquery.slimscroll.min.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/admin-lte/plugins/slimScroll/jquery.slimscroll.min.js
MD5: f1dbc7920f93bd2b1dcfede95b473e4e
SHA1: 54dd07a613abfc09c6bf6aacdc2a5d089073e10b
SHA256:a84ffabdd498cd0bbd960a2c2b1845a65113bd6bea00096602e47ec8f87fd122
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-6.2.4.jar: main.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/main.js
MD5: 1674dff558a26b59870c39f57b599680
SHA1: 23ef321067a5ec8409458756c4ec2d004e8651eb
SHA256:af72dcd47a6eed28231ce02c2225c3f04ccd74e61e7e65439664ece556b55a18
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-6.2.4.jar: npm.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/admin-lte/bootstrap/js/npm.js
MD5: ccb7f3909e30b1eb8f65a24393c6e12b
SHA1: e2b7590d6ec1fdac66b01fdf66ae0879f53b1262
SHA256:c7aa82a1aa7d45224a38d926d2adaff7fe4aef5bcdafa2a47bdac057f4422c2d
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-6.2.4.jar: pdfmake.min.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/pdfmake/pdfmake.min.js
MD5: 130f523ea67129c5bb064a5db8c98829
SHA1: 89a69ec428dca66a4131734b11db2810beeac622
SHA256:e6cd72039171e4c5ef6e234a3ea806707d3252234d327ceb7cf69bdff3d9392d
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-6.2.4.jar: relationships.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/relationships.js
MD5: 920f55f8a197bae3ecbe0d907d788819
SHA1: 0a9e67abba65c0d55c85b79f3a2f51caf7eeeab8
SHA256:9be5e21c869973701cb19051bcf1a5eeca80fa04ae8d1a2840ddb3151251e17a
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-6.2.4.jar: respond.min.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/respond/respond.min.js
MD5: afc1984a3d17110449dc90cf22de0c27
SHA1: b5aba40d65b0d6f85859db47f757ea971a0efd30
SHA256:83a8807ef669fa70d0d9375347f5552897f76c6ae8e2e6f97ef592595462d8d1
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-6.2.4.jar: routine.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/routines/routine.js
MD5: 0d13031169769672c7a17ee127db82e8
SHA1: 85955b0b760b2690a048b55717cad009c8a2aa39
SHA256:6be89a8fcc7bde886140d054be945aea98565961a8a1bf6a24c1371d43e30b2a
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-6.2.4.jar: routines.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/routines.js
MD5: 7997db7fac75cdcff42ff5ab41af7eb3
SHA1: 1f3221dc6387342948bbbfd241d72b6544a3d982
SHA256:7da7c157f007dde035982adfce4241b2d6f897632afed95ac7cea074e082805e
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-6.2.4.jar: salvattore.min.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/salvattore/salvattore.min.js
MD5: e777a377c4b6629dd095ae07709f814b
SHA1: 936d17d233eb43856dab36d8e3db1f16c13ffc95
SHA256:ec3b330e880a042023f8af4b52db57de99d0d38819900c1b9ef8c6c7c3b62a30
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-6.2.4.jar: schemaSpy.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/schemaSpy.js
MD5: 4702bba66246aae9659e315ca2041a87
SHA1: feb05dc22646161c9ab25bc179b0643e69d9aff6
SHA256:56e99aaf99b8443e57a9f2bd247db7017b90e97389f7a517df2057bd41532034
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-6.2.4.jar: sql.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/codemirror/sql.js
MD5: 407f4fc907254cc5678ee89214e2bfb5
SHA1: 68bf7356c2d20f962c61c373d920d929bf4333a3
SHA256:e2b95aaecc29e6a2544c7bc6827dfe16c5b96055de996a69a888b8f2042a6471
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-6.2.4.jar: table.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/tables/table.js
MD5: 2a19d7502bf0e2a89a35ae03ede1569d
SHA1: b4cf4c72c3316f44080bed58a4af46a61cdbec48
SHA256:c8ec184c4a47349841618017610e830347fae799a9f7446b3b111a16ab3ae3ea
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-6.2.4.jar: vfs_fonts.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/pdfmake/vfs_fonts.js
MD5: 795e143b8f4eeb5089b2638cdeca7006
SHA1: 914c1db78046ed67723702de671b32a0b591206f
SHA256:5cb81fa70754070475938e9859359a268122c9b62cac154ebb8e120e812662cc
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-6.2.4.jar: viz.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/viz.js
MD5: 50c0fe0cec14d1030d023b260f8ee1b7
SHA1: 8c15e61d28791e45824922e3e81cd8c5c5bba618
SHA256:b6f33297afb84c5ef7c2f572d800390a4dd0c5186b5c5488a1762b49d1c9fe9f
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

schemaspy-6.2.4.jar: xlsx.full.min.js

File Path: /home/runner/.m2/repository/org/schemaspy/schemaspy/6.2.4/schemaspy-6.2.4.jar/layout/bower/js-xlsx/xlsx.full.min.js
MD5: b234f9d123c694019d2721c90ff9f8df
SHA1: cfd5eeb3cc1f745b88c21f76450a6e560b53584b
SHA256:6dbcaacf07c01b3888e33ffe354eb848aab1177f303d5179e4f9d2ca0bdd484c
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile

Identifiers

  • None

serializer-2.7.2.jar

Description:

    Serializer to write out XML, HTML etc. as a stream of characters from an input DOM or from input
    SAX events.
  

File Path: /home/runner/.m2/repository/xalan/serializer/2.7.2/serializer-2.7.2.jar
MD5: e8325763fd4235f174ab7b72ed815db1
SHA1: 24247f3bb052ee068971393bdb83e04512bb1c3c
SHA256:e8f5b4340d3b12a0cfa44ac2db4be4e0639e479ae847df04c4ed8b521734bb4a
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
serializer-2.7.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4

Identifiers

CVE-2022-34169  

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.
CWE-681 Incorrect Conversion between Numeric Types

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

slf4j-api-1.7.36.jar

Description:

The slf4j API

File Path: /home/runner/.m2/repository/org/slf4j/slf4j-api/1.7.36/slf4j-api-1.7.36.jar
MD5: 872da51f5de7f3923da4de871d57fd85
SHA1: 6c62681a2f655b49963a5983b8b0950a6120ae14
SHA256:d3ef575e3e4979678dc01bf1dcce51021493b4d11fb7f1be8ad982877c16a1c0
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
slf4j-api-1.7.36.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.9

Identifiers

snakeyaml-1.25.jar

Description:

YAML 1.1 parser and emitter for Java

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/yaml/snakeyaml/1.25/snakeyaml-1.25.jar
MD5: 6f7d5b8f596047aae07a3bf6f23a0bf2
SHA1: 8b6e01ef661d8378ae6dd7b511a7f2a33fae1421
SHA256:b50ef33187e7dc922b26dbe4dd0fdb3a9cf349e75a08b95269901548eee546eb
Referenced In Project/Scope: SchemaSpy Maven Plugin:runtime
snakeyaml-1.25.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4

Identifiers

CVE-2022-1471  

SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization. We recommend upgrading to version 2.0 and beyond.
CWE-502 Deserialization of Untrusted Data, CWE-20 Improper Input Validation

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions:

CVE-2017-18640  

The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564.
CWE-776 Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2022-25857  

The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.
CWE-776 Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions:

CVE-2022-38749  

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.
CWE-787 Out-of-bounds Write, CWE-121 Stack-based Buffer Overflow

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions:

CVE-2022-38751  

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.
CWE-787 Out-of-bounds Write, CWE-121 Stack-based Buffer Overflow

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions:

CVE-2022-38752  

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.
CWE-787 Out-of-bounds Write, CWE-121 Stack-based Buffer Overflow

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions:

CVE-2022-41854  

Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.
CWE-787 Out-of-bounds Write, CWE-121 Stack-based Buffer Overflow

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions:

CVE-2022-38750  

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.
CWE-787 Out-of-bounds Write, CWE-121 Stack-based Buffer Overflow

CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A

References:

Vulnerable Software & Versions:

spring-boot-2.2.11.RELEASE.jar

Description:

Spring Boot

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /home/runner/.m2/repository/org/springframework/boot/spring-boot/2.2.11.RELEASE/spring-boot-2.2.11.RELEASE.jar
MD5: 24e210dc99417bc95e13224d7b8fd99e
SHA1: d43c1477fbd25790b5592ba9de0576d018825be8
SHA256:caa2cf0d5f2b4c931032a1930d46b586b50092be64ec35ea38d5c811251e6a49
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
spring-boot-2.2.11.RELEASE.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4

Identifiers

CVE-2023-20873  

In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions, an application that is deployed to Cloud Foundry could be susceptible to a security bypass. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.6+. 2.7.x users should upgrade to 2.7.11+. Users of older, unsupported versions should upgrade to 3.0.6+ or 2.7.11+.
NVD-CWE-noinfo

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2023-20883  

In Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 - 2.6.14, 2.5.0 - 2.5.14 and older unsupported versions, there is potential for a denial-of-service (DoS) attack if Spring MVC is used together with a reverse proxy cache.
CWE-400 Uncontrolled Resource Consumption

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

spring-core-5.2.10.RELEASE.jar

Description:

Spring Core

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /home/runner/.m2/repository/org/springframework/spring-core/5.2.10.RELEASE/spring-core-5.2.10.RELEASE.jar
MD5: 3d0d5f926f389f804716d8290e353604
SHA1: 29423e9f1d766eb4f4e3516211877f361fe3169f
SHA256:21b31ee8b896f1f79c92bbe8e2e30a25f7020fd63957416d28b035d524c632dc
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
spring-core-5.2.10.RELEASE.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4

Identifiers

CVE-2022-22965  

CISA Known Exploited Vulnerability:
  • Product: VMware Spring Framework
  • Name: Spring Framework JDK 9+ Remote Code Execution Vulnerability
  • Date Added: 2022-04-04
  • Description: Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding.
  • Required Action: Apply updates per vendor instructions.
  • Due Date: 2022-04-25
  • Notes: https://nvd.nist.gov/vuln/detail/CVE-2022-22965

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
CWE-94 Improper Control of Generation of Code ('Code Injection')

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2021-22118  

In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data.
CWE-269 Improper Privilege Management, CWE-668 Exposure of Resource to Wrong Sphere

CVSSv2:
  • Base Score: MEDIUM (4.6)
  • Vector: /AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: HIGH (7.8)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:1.8/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2022-22950  

n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv2:
  • Base Score: MEDIUM (4.0)
  • Vector: /AV:N/AC:L/Au:S/C:N/I:N/A:P
CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2022-22971  

In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user.
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv2:
  • Base Score: MEDIUM (4.0)
  • Vector: /AV:N/AC:L/Au:S/C:N/I:N/A:P
CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2023-20861  

In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.
NVD-CWE-noinfo

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2023-20863  

In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.
CWE-400 Uncontrolled Resource Consumption, CWE-917 Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2022-22968  

In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path.
CWE-178 Improper Handling of Case Sensitivity

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (5.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2022-22970  

In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object.
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv2:
  • Base Score: LOW (3.5)
  • Vector: /AV:N/AC:M/Au:S/C:N/I:N/A:P
CVSSv3:
  • Base Score: MEDIUM (5.3)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:1.6/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2021-22060  

In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more places of the Spring Framework codebase.
NVD-CWE-noinfo

CVSSv2:
  • Base Score: MEDIUM (4.0)
  • Vector: /AV:N/AC:L/Au:S/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (4.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2021-22096  

In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries.
CWE-117 Improper Output Neutralization for Logs, NVD-CWE-Other

CVSSv2:
  • Base Score: MEDIUM (4.0)
  • Vector: /AV:N/AC:L/Au:S/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (4.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

spring-expression-5.2.10.RELEASE.jar

Description:

Spring Expression Language (SpEL)

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /home/runner/.m2/repository/org/springframework/spring-expression/5.2.10.RELEASE/spring-expression-5.2.10.RELEASE.jar
MD5: b85609fa2ea8076be74131fb7eef33a7
SHA1: 4a863c13e8b263a1f867258b43443df7480702d1
SHA256:c0554d1f7ebfce287b0cd9e28b9698ada2fc89fdfe1a39957081c02b40f439f9
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
spring-expression-5.2.10.RELEASE.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4

Identifiers

CVE-2022-22965  

CISA Known Exploited Vulnerability:
  • Product: VMware Spring Framework
  • Name: Spring Framework JDK 9+ Remote Code Execution Vulnerability
  • Date Added: 2022-04-04
  • Description: Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding.
  • Required Action: Apply updates per vendor instructions.
  • Due Date: 2022-04-25
  • Notes: https://nvd.nist.gov/vuln/detail/CVE-2022-22965

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
CWE-94 Improper Control of Generation of Code ('Code Injection')

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2021-22118  

In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data.
CWE-269 Improper Privilege Management, CWE-668 Exposure of Resource to Wrong Sphere

CVSSv2:
  • Base Score: MEDIUM (4.6)
  • Vector: /AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: HIGH (7.8)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:1.8/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2022-22950  

n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv2:
  • Base Score: MEDIUM (4.0)
  • Vector: /AV:N/AC:L/Au:S/C:N/I:N/A:P
CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2022-22971  

In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user.
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv2:
  • Base Score: MEDIUM (4.0)
  • Vector: /AV:N/AC:L/Au:S/C:N/I:N/A:P
CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2023-20861  

In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.
NVD-CWE-noinfo

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2023-20863  

In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.
CWE-400 Uncontrolled Resource Consumption, CWE-917 Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2024-38808 (OSSINDEX)  

In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language (SpEL) expression that may cause a denial of service (DoS) condition.

Specifically, an application is vulnerable when the following is true:

  *  The application evaluates user-supplied SpEL expressions.

Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2024-38808 for details
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv2:
  • Base Score: MEDIUM (5.300000190734863)
  • Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.springframework:spring-expression:5.2.10.RELEASE:*:*:*:*:*:*:*

CVE-2022-22968  

In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path.
CWE-178 Improper Handling of Case Sensitivity

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (5.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2022-22970  

In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object.
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv2:
  • Base Score: LOW (3.5)
  • Vector: /AV:N/AC:M/Au:S/C:N/I:N/A:P
CVSSv3:
  • Base Score: MEDIUM (5.3)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:1.6/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2021-22060  

In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more places of the Spring Framework codebase.
NVD-CWE-noinfo

CVSSv2:
  • Base Score: MEDIUM (4.0)
  • Vector: /AV:N/AC:L/Au:S/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (4.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2021-22096  

In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries.
CWE-117 Improper Output Neutralization for Logs, NVD-CWE-Other

CVSSv2:
  • Base Score: MEDIUM (4.0)
  • Vector: /AV:N/AC:L/Au:S/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (4.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

velocity-engine-core-2.4.jar

Description:

Apache Velocity is a general purpose template engine.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/apache/velocity/velocity-engine-core/2.4/velocity-engine-core-2.4.jar
MD5: 8dc3c7a26823ee88253f7aa9250c094e
SHA1: 55dfc20bbc4968cf70c5ae5165b5b0324e0067d9
SHA256:1bf78c2ade46f209bf93ebe72ed2af5b989ca7a1de0a015fc1b92a62f56b6549
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
velocity-engine-core-2.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.reporting/maven-reporting-impl@4.0.0

Identifiers

velocity-tools-generic-3.1.jar

Description:

Generic tools that can be used in any context.

File Path: /home/runner/.m2/repository/org/apache/velocity/tools/velocity-tools-generic/3.1/velocity-tools-generic-3.1.jar
MD5: 76f13879ead8693fd4d5751a8a236089
SHA1: 07aaa49086a64cd9dab967a8437cc03abbfad655
SHA256:8258cfdcaa16127f35ffe610a3fa4f76b7ebe51b88922c73c4ee39ce8f378ce5
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
velocity-tools-generic-3.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.reporting/maven-reporting-impl@4.0.0

Identifiers

xalan-2.7.2.jar

Description:

    Xalan-Java is an XSLT processor for transforming XML documents into HTML,
    text, or other XML document types. It implements XSL Transformations (XSLT)
    Version 1.0 and XML Path Language (XPath) Version 1.0 and can be used from
    the command line, in an applet or a servlet, or as a module in other program.
  

File Path: /home/runner/.m2/repository/xalan/xalan/2.7.2/xalan-2.7.2.jar
MD5: 6aa6607802502c8016b676f25f8e4873
SHA1: d55d3f02a56ec4c25695fe67e1334ff8c2ecea23
SHA256:a44bd80e82cb0f4cfac0dac8575746223802514e3cec9dc75235bc0de646af14
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
xalan-2.7.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4

Identifiers

CVE-2022-34169  

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.
CWE-681 Incorrect Conversion between Numeric Types

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

xml-apis-1.3.04.jar

Description:

xml-commons provides an Apache-hosted set of DOM, SAX, and 
    JAXP interfaces for use in other xml-based projects. Our hope is that we 
    can standardize on both a common version and packaging scheme for these 
    critical XML standards interfaces to make the lives of both our developers 
    and users easier. The External Components portion of xml-commons contains 
    interfaces that are defined by external standards organizations. For DOM, 
    that's the W3C; for SAX it's David Megginson and sax.sourceforge.net; for 
    JAXP it's Sun.

File Path: /home/runner/.m2/repository/xml-apis/xml-apis/1.3.04/xml-apis-1.3.04.jar
MD5: 9ae9c29e4497fc35a3eade1e6dd0bbeb
SHA1: 90b215f48fe42776c8c7f6e3509ec54e84fd65ef
SHA256:d404aa881eb9c5f7a4fb546e84ea11506cd417a72b5972e88eff17f43f9f8a64
Referenced In Project/Scope: SchemaSpy Maven Plugin:compile
xml-apis-1.3.04.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.schemaspy/schemaspy@6.2.4

Identifiers



This report contains data retrieved from the National Vulnerability Database.
This report may contain data retrieved from the CISA Known Exploited Vulnerability Catalog.
This report may contain data retrieved from the Github Advisory Database (via NPM Audit API).
This report may contain data retrieved from RetireJS.
This report may contain data retrieved from the Sonatype OSS Index.