Press CTR-C to copy XML [help]


Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

How to read the report | Suppressing false positives | Getting Help: github issues

 Sponsor

Project: Export functionality

org.dynamoframework:dynamo-export:4.0.0-RC2

Scan Information (show all):

Summary

Display: Showing Vulnerable Dependencies (click to show all)

DependencyVulnerability IDsPackageHighest SeverityCVE CountConfidenceEvidence Count
HikariCP-5.1.0.jarpkg:maven/com.zaxxer/HikariCP@5.1.0 035
SparseBitSet-1.3.jarcpe:2.3:a:bit_project:bit:1.3:*:*:*:*:*:*:*pkg:maven/com.zaxxer/SparseBitSet@1.3 0Low28
angus-activation-2.0.2.jarpkg:maven/org.eclipse.angus/angus-activation@2.0.2 035
antlr4-runtime-4.13.0.jarpkg:maven/org.antlr/antlr4-runtime@4.13.0 030
aspectjweaver-1.9.22.1.jarpkg:maven/org.aspectj/aspectjweaver@1.9.22.1 049
byte-buddy-1.14.19.jarpkg:maven/net.bytebuddy/byte-buddy@1.14.19 029
classmate-1.7.0.jarpkg:maven/com.fasterxml/classmate@1.7.0 052
commons-beanutils-1.9.4.jarcpe:2.3:a:apache:commons_beanutils:1.9.4:*:*:*:*:*:*:*pkg:maven/commons-beanutils/commons-beanutils@1.9.4 0Highest168
commons-codec-1.16.1.jarpkg:maven/commons-codec/commons-codec@1.16.1 0123
commons-collections-3.2.2.jarcpe:2.3:a:apache:commons_collections:3.2.2:*:*:*:*:*:*:*pkg:maven/commons-collections/commons-collections@3.2.2 0Highest84
commons-collections4-4.4.jarcpe:2.3:a:apache:commons_collections:4.4:*:*:*:*:*:*:*pkg:maven/org.apache.commons/commons-collections4@4.4 0Highest105
commons-compress-1.26.2.jarcpe:2.3:a:apache:commons_compress:1.26.2:*:*:*:*:*:*:*pkg:maven/org.apache.commons/commons-compress@1.26.2 0Highest109
commons-io-2.17.0.jarcpe:2.3:a:apache:commons_io:2.17.0:*:*:*:*:*:*:*pkg:maven/commons-io/commons-io@2.17.0 0Highest125
commons-lang3-3.14.0.jarpkg:maven/org.apache.commons/commons-lang3@3.14.0 0145
commons-logging-1.2.jarpkg:maven/commons-logging/commons-logging@1.2 0117
commons-math3-3.6.1.jarpkg:maven/org.apache.commons/commons-math3@3.6.1 0134
commons-text-1.11.0.jarcpe:2.3:a:apache:commons_text:1.11.0:*:*:*:*:*:*:*pkg:maven/org.apache.commons/commons-text@1.11.0 0Highest73
curvesapi-1.08.jarpkg:maven/com.github.virtuald/curvesapi@1.08 023
dynamo-api-4.0.0-RC2.jarpkg:maven/org.dynamoframework/dynamo-api@4.0.0-RC2 016
dynamo-impl-4.0.0-RC2.jarpkg:maven/org.dynamoframework/dynamo-impl@4.0.0-RC2 018
dynamo-rest-4.0.0-RC2.jarpkg:maven/org.dynamoframework/dynamo-rest@4.0.0-RC2 018
h2-2.2.224.jarcpe:2.3:a:h2database:h2:2.2.224:*:*:*:*:*:*:*pkg:maven/com.h2database/h2@2.2.224MEDIUM1Highest44
h2-2.2.224.jar: data.zip: table.js 00
h2-2.2.224.jar: data.zip: tree.js 00
hibernate-commons-annotations-6.0.6.Final.jarpkg:maven/org.hibernate.common/hibernate-commons-annotations@6.0.6.Final 038
hibernate-core-6.5.3.Final.jarcpe:2.3:a:hibernate:hibernate_orm:6.5.3:*:*:*:*:*:*:*pkg:maven/org.hibernate.orm/hibernate-core@6.5.3.Final 0Highest43
hibernate-validator-8.0.1.Final.jarcpe:2.3:a:redhat:hibernate_validator:8.0.1:*:*:*:*:*:*:*pkg:maven/org.hibernate.validator/hibernate-validator@8.0.1.Final 0Highest34
istack-commons-runtime-4.1.2.jarpkg:maven/com.sun.istack/istack-commons-runtime@4.1.2 029
jackson-core-2.17.2.jarcpe:2.3:a:fasterxml:jackson-modules-java8:2.17.2:*:*:*:*:*:*:*pkg:maven/com.fasterxml.jackson.core/jackson-core@2.17.2 0Low47
jackson-databind-2.17.2.jarcpe:2.3:a:fasterxml:jackson-databind:2.17.2:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-modules-java8:2.17.2:*:*:*:*:*:*:*		pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.17.2 0Highest41
jackson-dataformat-yaml-2.17.2.jarcpe:2.3:a:fasterxml:jackson-dataformat-xml:2.17.2:*:*:*:*:*:*:*pkg:maven/com.fasterxml.jackson.dataformat/jackson-dataformat-yaml@2.17.2 0Highest39
jakarta.activation-api-2.1.3.jarpkg:maven/jakarta.activation/jakarta.activation-api@2.1.3 045
jakarta.annotation-api-2.1.1.jarcpe:2.3:a:oracle:projects:2.1.1:*:*:*:*:*:*:*pkg:maven/jakarta.annotation/jakarta.annotation-api@2.1.1 0Low42
jakarta.inject-api-2.0.1.jarpkg:maven/jakarta.inject/jakarta.inject-api@2.0.1 056
jakarta.persistence-api-3.1.0.jarpkg:maven/jakarta.persistence/jakarta.persistence-api@3.1.0 040
jakarta.transaction-api-2.0.1.jarcpe:2.3:a:oracle:projects:2.0.1:*:*:*:*:*:*:*pkg:maven/jakarta.transaction/jakarta.transaction-api@2.0.1 0Low50
jakarta.validation-api-3.0.2.jarpkg:maven/jakarta.validation/jakarta.validation-api@3.0.2 056
jakarta.xml.bind-api-4.0.2.jarpkg:maven/jakarta.xml.bind/jakarta.xml.bind-api@4.0.2 031
jandex-3.1.2.jarpkg:maven/io.smallrye/jandex@3.1.2 027
jaxb-core-4.0.5.jarcpe:2.3:a:eclipse:glassfish:4.0.5:*:*:*:*:*:*:*pkg:maven/org.glassfish.jaxb/jaxb-core@4.0.5MEDIUM1Highest40
jboss-logging-3.5.3.Final.jarpkg:maven/org.jboss.logging/jboss-logging@3.5.3.Final 041
jul-to-slf4j-2.0.16.jarpkg:maven/org.slf4j/jul-to-slf4j@2.0.16 031
log4j-api-2.23.1.jarcpe:2.3:a:apache:log4j:2.23.1:*:*:*:*:*:*:*pkg:maven/org.apache.logging.log4j/log4j-api@2.23.1 0Highest39
log4j-to-slf4j-2.23.1.jarpkg:maven/org.apache.logging.log4j/log4j-to-slf4j@2.23.1 037
logback-core-1.5.8.jarcpe:2.3:a:qos:logback:1.5.8:*:*:*:*:*:*:*pkg:maven/ch.qos.logback/logback-core@1.5.8 0Highest39
lombok-1.18.34.jarpkg:maven/org.projectlombok/lombok@1.18.34 036
lombok-1.18.34.jar: mavenEcjBootstrapAgent.jar 07
micrometer-commons-1.13.4.jarpkg:maven/io.micrometer/micrometer-commons@1.13.4 065
micrometer-observation-1.13.4.jarpkg:maven/io.micrometer/micrometer-observation@1.13.4 065
mysema-commons-lang-0.2.4.jarpkg:maven/com.mysema.commons/mysema-commons-lang@0.2.4 026
opencsv-5.9.jarpkg:maven/com.opencsv/opencsv@5.9 034
poi-5.3.0.jarcpe:2.3:a:apache:poi:5.3.0:*:*:*:*:*:*:*pkg:maven/org.apache.poi/poi@5.3.0 0Highest35
querydsl-core-5.1.0.jarcpe:2.3:a:homepage_project:homepage:5.1.0:*:*:*:*:*:*:*pkg:maven/com.querydsl/querydsl-core@5.1.0 0Low23
querydsl-jpa-5.1.0-jakarta.jarpkg:maven/com.querydsl/querydsl-jpa@5.1.0 023
slf4j-api-2.0.16.jarpkg:maven/org.slf4j/slf4j-api@2.0.16 029
snakeyaml-2.2.jarcpe:2.3:a:snakeyaml_project:snakeyaml:2.2:*:*:*:*:*:*:*pkg:maven/org.yaml/snakeyaml@2.2 0Highest42
spring-boot-3.3.4.jarcpe:2.3:a:vmware:spring_boot:3.3.4:*:*:*:*:*:*:*pkg:maven/org.springframework.boot/spring-boot@3.3.4 0Highest38
spring-boot-starter-web-3.3.4.jarcpe:2.3:a:vmware:spring_boot:3.3.4:*:*:*:*:*:*:*
cpe:2.3:a:web_project:web:3.3.4:*:*:*:*:*:*:*		pkg:maven/org.springframework.boot/spring-boot-starter-web@3.3.4 0Highest36
spring-core-6.1.13.jarcpe:2.3:a:pivotal_software:spring_framework:6.1.13:*:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:6.1.13:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:6.1.13:*:*:*:*:*:*:*		pkg:maven/org.springframework/spring-core@6.1.13MEDIUM1Highest41
spring-data-commons-3.3.4.jarcpe:2.3:a:pivotal_software:spring_data_commons:3.3.4:*:*:*:*:*:*:*pkg:maven/org.springframework.data/spring-data-commons@3.3.4 0Highest32
spring-data-jpa-3.3.4.jarcpe:2.3:a:pivotal_software:spring_data_jpa:3.3.4:*:*:*:*:*:*:*pkg:maven/org.springframework.data/spring-data-jpa@3.3.4 0Highest30
spring-web-6.1.13.jarcpe:2.3:a:pivotal_software:spring_framework:6.1.13:*:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:6.1.13:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:6.1.13:*:*:*:*:*:*:*
cpe:2.3:a:web_project:web:6.1.13:*:*:*:*:*:*:*		pkg:maven/org.springframework/spring-web@6.1.13MEDIUM1Highest35
spring-webmvc-6.1.13.jarcpe:2.3:a:pivotal_software:spring_framework:6.1.13:*:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:6.1.13:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:6.1.13:*:*:*:*:*:*:*
cpe:2.3:a:web_project:web:6.1.13:*:*:*:*:*:*:*		pkg:maven/org.springframework/spring-webmvc@6.1.13HIGH2Highest37
springdoc-openapi-starter-common-2.6.0.jarpkg:maven/org.springdoc/springdoc-openapi-starter-common@2.6.0 019
springdoc-openapi-starter-webmvc-api-2.6.0.jarpkg:maven/org.springdoc/springdoc-openapi-starter-webmvc-api@2.6.0 023
springdoc-openapi-starter-webmvc-ui-2.6.0.jarpkg:maven/org.springdoc/springdoc-openapi-starter-webmvc-ui@2.6.0 023
swagger-core-jakarta-2.2.22.jarcpe:2.3:a:http-swagger_project:http-swagger:2.2.22:*:*:*:*:*:*:*pkg:maven/io.swagger.core.v3/swagger-core-jakarta@2.2.22 0Low38
swagger-ui-5.17.14.jarcpe:2.3:a:http-swagger_project:http-swagger:5.17.14:*:*:*:*:*:*:*pkg:maven/org.webjars/swagger-ui@5.17.14 0Low21
swagger-ui-5.17.14.jar: swagger-initializer.js 00
swagger-ui-5.17.14.jar: swagger-ui-bundle.js 00
swagger-ui-5.17.14.jar: swagger-ui-es-bundle-core.js 00
swagger-ui-5.17.14.jar: swagger-ui-es-bundle.js 00
swagger-ui-5.17.14.jar: swagger-ui-standalone-preset.js 00
swagger-ui-5.17.14.jar: swagger-ui.js 00
tomcat-embed-core-10.1.30.jarcpe:2.3:a:apache:tomcat:10.1.30:*:*:*:*:*:*:*
cpe:2.3:a:apache_tomcat:apache_tomcat:10.1.30:*:*:*:*:*:*:*		pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.30 0Highest63
tomcat-embed-el-10.1.30.jarpkg:maven/org.apache.tomcat.embed/tomcat-embed-el@10.1.30 033
txw2-4.0.5.jarcpe:2.3:a:eclipse:glassfish:4.0.5:*:*:*:*:*:*:*pkg:maven/org.glassfish.jaxb/txw2@4.0.5MEDIUM1Highest34
xmlbeans-5.2.1.jarcpe:2.3:a:apache:xmlbeans:5.2.1:*:*:*:*:*:*:*pkg:maven/org.apache.xmlbeans/xmlbeans@5.2.1 0Highest37

Dependencies (vulnerable)

HikariCP-5.1.0.jar

Description:

Ultimate JDBC Connection Pool

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/tommym/.m2/repository/com/zaxxer/HikariCP/5.1.0/HikariCP-5.1.0.jar
MD5: 37404f82207a28141bd9b0fe6b1d0a16
SHA1: 8c96e36c14461fc436bb02b264b96ef3ca5dca8c
SHA256:a47a6ee62379694ee52c30036f0931b72f9aee2a801d590341ed82bd839e2134
Referenced In Project/Scope: Export functionality:compile
HikariCP-5.1.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-rest@4.0.0-RC2

Identifiers

SparseBitSet-1.3.jar

Description:

An efficient sparse bitset implementation for Java

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/tommym/.m2/repository/com/zaxxer/SparseBitSet/1.3/SparseBitSet-1.3.jar
MD5: fbe27bb4c05e8719b7fff5aa71a57364
SHA1: 533eac055afe3d5f614ea95e333afd6c2bde8f26
SHA256:f76b85adb0c00721ae267b7cfde4da7f71d3121cc2160c9fc00c0c89f8c53c8a
Referenced In Project/Scope: Export functionality:compile
SparseBitSet-1.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.poi/poi@5.3.0

Identifiers

angus-activation-2.0.2.jar

Description:

 Implementation

License:

http://www.eclipse.org/org/documents/edl-v10.php
File Path: /Users/tommym/.m2/repository/org/eclipse/angus/angus-activation/2.0.2/angus-activation-2.0.2.jar
MD5: 42bba74155dc773eca277ee7a16f74be
SHA1: 41f1e0ddd157c856926ed149ab837d110955a9fc
SHA256:6dd3bcffc22bce83b07376a0e2e094e4964a3195d4118fb43e380ef35436cc1e
Referenced In Project/Scope: Export functionality:runtime
angus-activation-2.0.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-rest@4.0.0-RC2

Identifiers

antlr4-runtime-4.13.0.jar

Description:

The ANTLR 4 Runtime

License:

https://www.antlr.org/license.html
File Path: /Users/tommym/.m2/repository/org/antlr/antlr4-runtime/4.13.0/antlr4-runtime-4.13.0.jar
MD5: bff95723c494b332b14575d713a65df4
SHA1: 5a02e48521624faaf5ff4d99afc88b01686af655
SHA256:bd7f7b5d07bc0b047f10915b32ca4bb1de9e57d8049098882e4453c88c076a5d
Referenced In Project/Scope: Export functionality:compile
antlr4-runtime-4.13.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-rest@4.0.0-RC2

Identifiers

aspectjweaver-1.9.22.1.jar

Description:

The AspectJ weaver applies aspects to Java classes. It can be used as a Java agent in order to apply load-time
		weaving (LTW) during class-loading and also contains the AspectJ runtime classes.

License:

Eclipse Public License - v 2.0: https://www.eclipse.org/org/documents/epl-2.0/EPL-2.0.txt
File Path: /Users/tommym/.m2/repository/org/aspectj/aspectjweaver/1.9.22.1/aspectjweaver-1.9.22.1.jar
MD5: f2edbc088126174a11b68279bd26c6eb
SHA1: bca243d0af0db4758fbae45c5f4995cb5dabb612
SHA256:cd2dd01ec2424c05669df4d557f6c6cd7ed87b05257ee3c866b4c5b116b18a78
Referenced In Project/Scope: Export functionality:compile
aspectjweaver-1.9.22.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-rest@4.0.0-RC2

Identifiers

byte-buddy-1.14.19.jar

Description:

        Byte Buddy is a Java library for creating Java classes at run time.
        This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/tommym/.m2/repository/net/bytebuddy/byte-buddy/1.14.19/byte-buddy-1.14.19.jar
MD5: 745f8db2db7678ff12cb654343cee830
SHA1: 4c0c637b8f47dc08f89240e6f59900011752c97b
SHA256:8415a44d841b2cdecdf5d73a05c29a8cf92dc2b60fca7ff7b3f21cd431b5a4ec
Referenced In Project/Scope: Export functionality:runtime
byte-buddy-1.14.19.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.mockito/mockito-core@5.11.0

Identifiers

classmate-1.7.0.jar

Description:

Library for introspecting types with full generic information
        including resolving of field and method types.

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/tommym/.m2/repository/com/fasterxml/classmate/1.7.0/classmate-1.7.0.jar
MD5: 3b8f14fe92feb865a8205aa63c5ed769
SHA1: 0e98374da1f2143ac8e6e0a95036994bb19137a3
SHA256:cb868f231c5cceb89d795ea00e6e1b7a93b8f4ac1ce1d8be76dde322dff4a046
Referenced In Project/Scope: Export functionality:compile
classmate-1.7.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-rest@4.0.0-RC2

Identifiers

commons-beanutils-1.9.4.jar

Description:

Apache Commons BeanUtils provides an easy-to-use but flexible wrapper around reflection and introspection.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/tommym/.m2/repository/commons-beanutils/commons-beanutils/1.9.4/commons-beanutils-1.9.4.jar
MD5: 07dc532ee316fe1f2f0323e9bd2f8df4
SHA1: d52b9abcd97f38c81342bb7e7ae1eee9b73cba51
SHA256:7d938c81789028045c08c065e94be75fc280527620d5bd62b519d5838532368a
Referenced In Project/Scope: Export functionality:compile
commons-beanutils-1.9.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.opencsv/opencsv@5.9

Identifiers

commons-codec-1.16.1.jar

Description:

     The Apache Commons Codec component contains encoder and decoders for
     various formats such as Base16, Base32, Base64, digest, and Hexadecimal. In addition to these
     widely used encoders and decoders, the codec package also maintains a
     collection of phonetic encoding utilities.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/tommym/.m2/repository/commons-codec/commons-codec/1.16.1/commons-codec-1.16.1.jar
MD5: 6c5be822d8d3fa61c3b54c4c8978dfdc
SHA1: 47bd4d333fba53406f6c6c51884ddbca435c8862
SHA256:ec87bfb55f22cbd1b21e2190eeda28b2b312ed2a431ee49fbdcc01812d04a5e4
Referenced In Project/Scope: Export functionality:compile
commons-codec-1.16.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.poi/poi@5.3.0

Identifiers

commons-collections-3.2.2.jar

Description:

Types that extend and augment the Java Collections Framework.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/tommym/.m2/repository/commons-collections/commons-collections/3.2.2/commons-collections-3.2.2.jar
MD5: f54a8510f834a1a57166970bfc982e94
SHA1: 8ad72fe39fa8c91eaaf12aadb21e0c3661fe26d5
SHA256:eeeae917917144a68a741d4c0dff66aa5c5c5fd85593ff217bced3fc8ca783b8
Referenced In Project/Scope: Export functionality:compile
commons-collections-3.2.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.opencsv/opencsv@5.9

Identifiers

commons-collections4-4.4.jar

Description:

The Apache Commons Collections package contains types that extend and augment the Java Collections Framework.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/tommym/.m2/repository/org/apache/commons/commons-collections4/4.4/commons-collections4-4.4.jar
MD5: 4a37023740719b391f10030362c86be6
SHA1: 62ebe7544cb7164d87e0637a2a6a2bdc981395e8
SHA256:1df8b9430b5c8ed143d7815e403e33ef5371b2400aadbe9bda0883762e0846d1
Referenced In Project/Scope: Export functionality:compile
commons-collections4-4.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.poi/poi@5.3.0

Identifiers

commons-compress-1.26.2.jar

Description:

Apache Commons Compress defines an API for working with
compression and archive formats. These include bzip2, gzip, pack200,
LZMA, XZ, Snappy, traditional Unix Compress, DEFLATE, DEFLATE64, LZ4,
Brotli, Zstandard and ar, cpio, jar, tar, zip, dump, 7z, arj.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/tommym/.m2/repository/org/apache/commons/commons-compress/1.26.2/commons-compress-1.26.2.jar
MD5: d2c5abbd0a822c0b79cf4f03ead483ee
SHA1: eb1f823447af685208e684fce84783b43517960c
SHA256:9168a03141d8fc7eda21a2360d83cc0412bcbb1d6204d992bd48c2573cb3c6b8
Referenced In Project/Scope: Export functionality:compile
commons-compress-1.26.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.poi/poi-ooxml@5.3.0

Identifiers

commons-io-2.17.0.jar

Description:

The Apache Commons IO library contains utility classes, stream implementations, file filters,
file comparators, endian transformation classes, and much more.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/tommym/.m2/repository/commons-io/commons-io/2.17.0/commons-io-2.17.0.jar
MD5: f6232d0e290d58bb93f74f67165bf91f
SHA1: ddcc8433eb019fb48fe25207c0278143f3e1d7e2
SHA256:4aa4ca48f3dfd30b78220b7881d8cb93eac4093ec94361b6befa9487998a550b
Referenced In Project/Scope: Export functionality:compile
commons-io-2.17.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-rest@4.0.0-RC2

Identifiers

commons-lang3-3.14.0.jar

Description:

  Apache Commons Lang, a package of Java utility classes for the
  classes that are in java.lang's hierarchy, or are considered to be so
  standard as to justify existence in java.lang.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/tommym/.m2/repository/org/apache/commons/commons-lang3/3.14.0/commons-lang3-3.14.0.jar
MD5: 4e5c3f5e6b0b965ef241d7d72ac8971f
SHA1: 1ed471194b02f2c6cb734a0cd6f6f107c673afae
SHA256:7b96bf3ee68949abb5bc465559ac270e0551596fa34523fddf890ec418dde13c
Referenced In Project/Scope: Export functionality:compile
commons-lang3-3.14.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-export@4.0.0-RC2

Identifiers

commons-logging-1.2.jar

Description:

Apache Commons Logging is a thin adapter allowing configurable bridging to other,
    well known logging systems.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/tommym/.m2/repository/commons-logging/commons-logging/1.2/commons-logging-1.2.jar
MD5: 040b4b4d8eac886f6b4a2a3bd2f31b00
SHA1: 4bfc12adfe4842bf07b657f0369c4cb522955686
SHA256:daddea1ea0be0f56978ab3006b8ac92834afeefbd9b7e4e6316fca57df0fa636
Referenced In Project/Scope: Export functionality:compile
commons-logging-1.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.opencsv/opencsv@5.9

Identifiers

commons-math3-3.6.1.jar

Description:

The Apache Commons Math project is a library of lightweight, self-contained mathematics and statistics components addressing the most common practical problems not immediately available in the Java programming language or commons-lang.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/tommym/.m2/repository/org/apache/commons/commons-math3/3.6.1/commons-math3-3.6.1.jar
MD5: 5b730d97e4e6368069de1983937c508e
SHA1: e4ba98f1d4b3c80ec46392f25e094a6a2e58fcbf
SHA256:1e56d7b058d28b65abd256b8458e3885b674c1d588fa43cd7d1cbb9c7ef2b308
Referenced In Project/Scope: Export functionality:compile
commons-math3-3.6.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.poi/poi@5.3.0

Identifiers

commons-text-1.11.0.jar

Description:

Apache Commons Text is a library focused on algorithms working on strings.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/tommym/.m2/repository/org/apache/commons/commons-text/1.11.0/commons-text-1.11.0.jar
MD5: ebfec4f77cc595c518d655f7e68346be
SHA1: 2bb044b7717ec2eccaf9ea7769c1509054b50e9a
SHA256:2acf30a070b19163d5a480eae411a281341e870020e3534c6d5d4c8472739e30
Referenced In Project/Scope: Export functionality:compile
commons-text-1.11.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.opencsv/opencsv@5.9

Identifiers

curvesapi-1.08.jar

Description:

Implementation of various mathematical curves that define themselves over a set of control points. The API is written in Java. The curves supported are: Bezier, B-Spline, Cardinal Spline, Catmull-Rom Spline, Lagrange, Natural Cubic Spline, and NURBS.

License:

BSD License: http://opensource.org/licenses/BSD-3-Clause
File Path: /Users/tommym/.m2/repository/com/github/virtuald/curvesapi/1.08/curvesapi-1.08.jar
MD5: fc3aed90346691e7c79da06bb6606beb
SHA1: 3d3d36568154059825089b289dcfca481fe44e2c
SHA256:ad95b08b8bbf9d7d17e5e00814898fa23324f32bc5b62f1a37801e6a56ce0079
Referenced In Project/Scope: Export functionality:compile
curvesapi-1.08.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.poi/poi-ooxml@5.3.0

Identifiers

dynamo-api-4.0.0-RC2.jar

Description:

Dynamo Framework API project.

File Path: /Users/tommym/Work/opencirclesolutions/dynamo/dynamo-api/target/dynamo-api-4.0.0-RC2.jar
MD5: c9f04fa11e97fea9bbef969ef5e567a7
SHA1: 0eeb7c8b42419068611cee3141dc37be05e00783
SHA256:bb2209146baf1c0a811a3819da0e65cdd9902bcfc6e02193999c8119c400754b
Referenced In Project/Scope: Export functionality:compile
dynamo-api-4.0.0-RC2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-export@4.0.0-RC2

Identifiers

dynamo-impl-4.0.0-RC2.jar

Description:

Dynamo Framework implementation project.

File Path: /Users/tommym/Work/opencirclesolutions/dynamo/dynamo-impl/target/dynamo-impl-4.0.0-RC2.jar
MD5: 143b8fc2dc4c5c766e4b4015840a2df5
SHA1: 9709cfb81182fd4cbbe3e5ee73fc9853421d1554
SHA256:f5075f96c46bb106d78dc5d566eb2184d5fee783fe7b4fda0cbf1956e483562a
Referenced In Project/Scope: Export functionality:compile
dynamo-impl-4.0.0-RC2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-rest@4.0.0-RC2

Identifiers

dynamo-rest-4.0.0-RC2.jar

Description:

Dynamo Framework REST services project.

File Path: /Users/tommym/Work/opencirclesolutions/dynamo/dynamo-rest/target/dynamo-rest-4.0.0-RC2.jar
MD5: c1b452e89336e2e0b1082077428ee699
SHA1: b398f92e3c04649a424428382d760710e1cd2443
SHA256:b3219de264252ffa6629c7c65f6a5d58486c72808c14cc1c8d6e6b95a664ef09
Referenced In Project/Scope: Export functionality:compile
dynamo-rest-4.0.0-RC2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-export@4.0.0-RC2

Identifiers

h2-2.2.224.jar

Description:

H2 Database Engine

License:

MPL 2.0: https://www.mozilla.org/en-US/MPL/2.0/
EPL 1.0: https://opensource.org/licenses/eclipse-1.0.php
File Path: /Users/tommym/.m2/repository/com/h2database/h2/2.2.224/h2-2.2.224.jar
MD5: 769d5a85d19ccc2b06620f8c81d6d8f8
SHA1: 7bdade27d8cd197d9b5ce9dc251f41d2edc5f7ad
SHA256:b9d8f19358ada82a4f6eb5b174c6cfe320a375b5a9cb5a4fe456d623e6e55497
Referenced In Project/Scope: Export functionality:compile
h2-2.2.224.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-export@4.0.0-RC2

Identifiers

CVE-2018-14335 (OSSINDEX)  

h2database - Improper Link Resolution Before File Access

The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
CWE-59 Improper Link Resolution Before File Access ('Link Following')

CVSSv3:
  • Base Score: MEDIUM (6.0)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:com.h2database:h2:2.2.224:*:*:*:*:*:*:*

h2-2.2.224.jar: data.zip: table.js

File Path: /Users/tommym/.m2/repository/com/h2database/h2/2.2.224/h2-2.2.224.jar/org/h2/util/data.zip/org/h2/server/web/res/table.js
MD5: f374e067dff4b106b77abab77b360d8b
SHA1: 67d0af73251e86e079f1db4b837920309a1a3993
SHA256:75e452b34b317d0a8c630b9ac469db3d82988e221d41adc17cf1bab3c0e88c78
Referenced In Project/Scope: Export functionality:compile

Identifiers

  • None

h2-2.2.224.jar: data.zip: tree.js

File Path: /Users/tommym/.m2/repository/com/h2database/h2/2.2.224/h2-2.2.224.jar/org/h2/util/data.zip/org/h2/server/web/res/tree.js
MD5: 760f137680a67ae829c2000c4156e050
SHA1: d947ebba0777d68aa9397fc7d8b04ce2a725c12b
SHA256:2bb3d968d50a5d96912f77552d772184d0213e2601895517ba53afa64dc433ed
Referenced In Project/Scope: Export functionality:compile

Identifiers

  • None

hibernate-commons-annotations-6.0.6.Final.jar

Description:

Common reflection code used in support of annotation processing

License:

GNU Library General Public License v2.1 or later: http://www.opensource.org/licenses/LGPL-2.1
File Path: /Users/tommym/.m2/repository/org/hibernate/common/hibernate-commons-annotations/6.0.6.Final/hibernate-commons-annotations-6.0.6.Final.jar
MD5: c155df7d9f04d15f3f6bbe79f4907074
SHA1: 77a5f94b56d49508e0ee334751db5b78e5ccd50c
SHA256:cd974e0a8481fafdbaf9b4a0f08bb5a6c969b0365482763eedf77e6fd7f493b7
Referenced In Project/Scope: Export functionality:runtime
hibernate-commons-annotations-6.0.6.Final.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-rest@4.0.0-RC2

Identifiers

hibernate-core-6.5.3.Final.jar

Description:

Hibernate's core ORM functionality

License:

GNU Library General Public License v2.1 or later: https://www.opensource.org/licenses/LGPL-2.1
File Path: /Users/tommym/.m2/repository/org/hibernate/orm/hibernate-core/6.5.3.Final/hibernate-core-6.5.3.Final.jar
MD5: 7cee9d560d7ca13dd0fc4e6d5f34f9b7
SHA1: 1e23c320a5d10f5eaecbd23095fca5c5c83c1fb5
SHA256:f79b5e5029a72e2f0ba7542591fba8305c9edbc0dbdc974541f2376ff1203422
Referenced In Project/Scope: Export functionality:compile
hibernate-core-6.5.3.Final.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-rest@4.0.0-RC2

Identifiers

hibernate-validator-8.0.1.Final.jar

Description:

Hibernate's Jakarta Bean Validation reference implementation.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/tommym/.m2/repository/org/hibernate/validator/hibernate-validator/8.0.1.Final/hibernate-validator-8.0.1.Final.jar
MD5: 66985b6bf8da17611031e2421c235241
SHA1: e49e116b3d3928060599b176b3538bb848718e95
SHA256:8c1244a498231091fe723d9666a93444ee9f93607245c6b29829dc5fe57a335c
Referenced In Project/Scope: Export functionality:compile
hibernate-validator-8.0.1.Final.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-rest@4.0.0-RC2

Identifiers

istack-commons-runtime-4.1.2.jar

Description:

istack common utility code

License:

http://www.eclipse.org/org/documents/edl-v10.php
File Path: /Users/tommym/.m2/repository/com/sun/istack/istack-commons-runtime/4.1.2/istack-commons-runtime-4.1.2.jar
MD5: 535154ef647af2a52478c4debec93659
SHA1: 18ec117c85f3ba0ac65409136afa8e42bc74e739
SHA256:7fd6792361f4dd00f8c56af4a20cecc0066deea4a8f3dec38348af23fc2296ee
Referenced In Project/Scope: Export functionality:runtime
istack-commons-runtime-4.1.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-rest@4.0.0-RC2

Identifiers

jackson-core-2.17.2.jar

Description:

Core Jackson processing abstractions (aka Streaming API), implementation for JSON

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/tommym/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.17.2/jackson-core-2.17.2.jar
MD5: 50c2dab1f29136714d5ef5c6c640336c
SHA1: 969a35cb35c86512acbadcdbbbfb044c877db814
SHA256:721a189241dab0525d9e858e5cb604d3ecc0ede081e2de77d6f34fa5779a5b46
Referenced In Project/Scope: Export functionality:compile
jackson-core-2.17.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-web@3.3.4

Identifiers

jackson-databind-2.17.2.jar

Description:

General data-binding functionality for Jackson: works on core streaming API

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/tommym/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.17.2/jackson-databind-2.17.2.jar
MD5: 3e1ff7c1f0fda885946619a47ef9d5de
SHA1: e6deb029e5901e027c129341fac39e515066b68c
SHA256:c04993f33c0f845342653784f14f38373d005280e6359db5f808701cfae73c0c
Referenced In Project/Scope: Export functionality:compile
jackson-databind-2.17.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-web@3.3.4

Identifiers

jackson-dataformat-yaml-2.17.2.jar

Description:

Support for reading and writing YAML-encoded data via Jackson abstractions.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/tommym/.m2/repository/com/fasterxml/jackson/dataformat/jackson-dataformat-yaml/2.17.2/jackson-dataformat-yaml-2.17.2.jar
MD5: 9dcb2f5d3b61bfb9af05b9b00bee13c3
SHA1: 78d2c73dbec62044d7cf3b544b2e0d24a1a093b0
SHA256:941bcd8b1381bb3b0d726fab41624fa8ece0ee7b6cf2860ad95e8157ce673376
Referenced In Project/Scope: Export functionality:compile
jackson-dataformat-yaml-2.17.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-rest@4.0.0-RC2

Identifiers

jakarta.activation-api-2.1.3.jar

Description:

  Specification

License:

EDL 1.0: http://www.eclipse.org/org/documents/edl-v10.php
File Path: /Users/tommym/.m2/repository/jakarta/activation/jakarta.activation-api/2.1.3/jakarta.activation-api-2.1.3.jar
MD5: 76e7b680375ea9f40f3ddbd702efcd25
SHA1: fa165bd70cda600368eee31555222776a46b881f
SHA256:01b176d718a169263e78290691fc479977186bcc6b333487325084d6586f4627
Referenced In Project/Scope: Export functionality:compile
jakarta.activation-api-2.1.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-test@4.0.0-RC2

Identifiers

jakarta.annotation-api-2.1.1.jar

Description:

Jakarta Annotations API

License:

EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html
File Path: /Users/tommym/.m2/repository/jakarta/annotation/jakarta.annotation-api/2.1.1/jakarta.annotation-api-2.1.1.jar
MD5: 5dac2f68e8288d0add4dc92cb161711d
SHA1: 48b9bda22b091b1f48b13af03fe36db3be6e1ae3
SHA256:5f65fdaf424eee2b55e1d882ba9bb376be93fb09b37b808be6e22e8851c909fe
Referenced In Project/Scope: Export functionality:compile
jakarta.annotation-api-2.1.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-web@3.3.4

Identifiers

jakarta.inject-api-2.0.1.jar

Description:

Jakarta Dependency Injection

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/tommym/.m2/repository/jakarta/inject/jakarta.inject-api/2.0.1/jakarta.inject-api-2.0.1.jar
MD5: 72003bf6efcc8455d414bbd7da86c11c
SHA1: 4c28afe1991a941d7702fe1362c365f0a8641d1e
SHA256:f7dc98062fccf14126abb751b64fab12c312566e8cbdc8483598bffcea93af7c
Referenced In Project/Scope: Export functionality:runtime
jakarta.inject-api-2.0.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-rest@4.0.0-RC2

Identifiers

jakarta.persistence-api-3.1.0.jar

Description:

Jakarta Persistence 3.1 API jar

License:

Eclipse Public License v. 2.0: http://www.eclipse.org/legal/epl-2.0
Eclipse Distribution License v. 1.0: http://www.eclipse.org/org/documents/edl-v10.php
File Path: /Users/tommym/.m2/repository/jakarta/persistence/jakarta.persistence-api/3.1.0/jakarta.persistence-api-3.1.0.jar
MD5: 35a1b7dfb38cf44ff795be607b0e6b5b
SHA1: 66901fa1c373c6aff65c13791cc11da72060a8d6
SHA256:475389446d35c6f46c565728b756dc508c284644ea2690644e0d8e7e339d42fd
Referenced In Project/Scope: Export functionality:compile
jakarta.persistence-api-3.1.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-rest@4.0.0-RC2

Identifiers

jakarta.transaction-api-2.0.1.jar

Description:

Jakarta Transactions

License:

EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html
File Path: /Users/tommym/.m2/repository/jakarta/transaction/jakarta.transaction-api/2.0.1/jakarta.transaction-api-2.0.1.jar
MD5: 5315974a3935e342b40849478e1c9966
SHA1: 51a520e3fae406abb84e2e1148e6746ce3f80a1a
SHA256:50c0a7c760c13ae6c042acf182b28f0047413db95b4636fb8879bcffab5ba875
Referenced In Project/Scope: Export functionality:compile
jakarta.transaction-api-2.0.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-rest@4.0.0-RC2

Identifiers

jakarta.validation-api-3.0.2.jar

Description:

        Jakarta Bean Validation API

License:

Apache License 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/tommym/.m2/repository/jakarta/validation/jakarta.validation-api/3.0.2/jakarta.validation-api-3.0.2.jar
MD5: 3a1ee6efca3e41e3320599790f54c5eb
SHA1: 92b6631659ba35ca09e44874d3eb936edfeee532
SHA256:291c25e6910cc6a7ebd96d4c6baebf6d7c37676c5482c2d96146e901b62c1fc9
Referenced In Project/Scope: Export functionality:compile
jakarta.validation-api-3.0.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-export@4.0.0-RC2

Identifiers

jakarta.xml.bind-api-4.0.2.jar

Description:

Jakarta XML Binding API 4.0 Design Specification

License:

http://www.eclipse.org/org/documents/edl-v10.php
File Path: /Users/tommym/.m2/repository/jakarta/xml/bind/jakarta.xml.bind-api/4.0.2/jakarta.xml.bind-api-4.0.2.jar
MD5: 0c8f9991081def819435c3ff36e4d93f
SHA1: 6cd5a999b834b63238005b7144136379dc36cad2
SHA256:0d6bcfe47763e85047acf7c398336dc84ff85ebcad0a7cb6f3b9d3e981245406
Referenced In Project/Scope: Export functionality:compile
jakarta.xml.bind-api-4.0.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-test@4.0.0-RC2

Identifiers

jandex-3.1.2.jar

Description:

SmallRye Build Parent POM

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/tommym/.m2/repository/io/smallrye/jandex/3.1.2/jandex-3.1.2.jar
MD5: 757ae579a3a52c03c3c60fbe393c086f
SHA1: a6c1c89925c7df06242b03dddb353116ceb9584c
SHA256:dee12fa1787d5523ed1a02d6c63b19e7aef6ac560f7c6d70595db01aa37e041e
Referenced In Project/Scope: Export functionality:runtime
jandex-3.1.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-rest@4.0.0-RC2

Identifiers

jaxb-core-4.0.5.jar

Description:

JAXB Core module. Contains sources required by XJC, JXC and Runtime modules.

License:

http://www.eclipse.org/org/documents/edl-v10.php
File Path: /Users/tommym/.m2/repository/org/glassfish/jaxb/jaxb-core/4.0.5/jaxb-core-4.0.5.jar
MD5: ab09aef6bebd4438b0a02707881801e4
SHA1: 007b4b11ea5542eea4ad55e1080b23be436795b3
SHA256:ad3fd9bf00de3eda9859f70b6cfb011e2fe9904804e16a2665092888ece0fdca
Referenced In Project/Scope: Export functionality:runtime
jaxb-core-4.0.5.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-rest@4.0.0-RC2

Identifiers

CVE-2024-9329  

In Eclipse Glassfish versions before 7.0.17, The Host HTTP parameter could cause the web application to redirect to the specified URL, when the requested endpoint is '/management/domain'. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.
CWE-601 URL Redirection to Untrusted Site ('Open Redirect'), CWE-233 Improper Handling of Parameters

CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions:

jboss-logging-3.5.3.Final.jar

Description:

The JBoss Logging Framework

License:

Apache License 2.0: https://repository.jboss.org/licenses/apache-2.0.txt
File Path: /Users/tommym/.m2/repository/org/jboss/logging/jboss-logging/3.5.3.Final/jboss-logging-3.5.3.Final.jar
MD5: ee7e24e94235c13f53392ecaa53f938c
SHA1: c88fc1d8a96d4c3491f55d4317458ccad53ca663
SHA256:7b119460de174195aca412dfed52ca0bbef0ece26c2d74301b6172cfadf4ff59
Referenced In Project/Scope: Export functionality:compile
jboss-logging-3.5.3.Final.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-rest@4.0.0-RC2

Identifiers

jul-to-slf4j-2.0.16.jar

Description:

JUL to SLF4J bridge

License:

http://www.opensource.org/licenses/mit-license.php
File Path: /Users/tommym/.m2/repository/org/slf4j/jul-to-slf4j/2.0.16/jul-to-slf4j-2.0.16.jar
MD5: 410ad2f2230e0150216d86e12a4af995
SHA1: 6d57da3e961daac65bcca0dd3def6cd11e48a24a
SHA256:0f2ec396ea29c9a440890d1f09fdb82fdd574b47b298435764235451c193861d
Referenced In Project/Scope: Export functionality:compile
jul-to-slf4j-2.0.16.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-web@3.3.4

Identifiers

log4j-api-2.23.1.jar

Description:

The Apache Log4j API

License:

Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/tommym/.m2/repository/org/apache/logging/log4j/log4j-api/2.23.1/log4j-api-2.23.1.jar
MD5: bee2e2dcbeeb983bdb6b71c9c3476b6a
SHA1: 9c15c29c526d9c6783049c0a77722693c66706e1
SHA256:92ec1fd36ab3bc09de6198d2d7c0914685c0f7127ea931acc32fd2ecdd82ea89
Referenced In Project/Scope: Export functionality:compile
log4j-api-2.23.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.poi/poi@5.3.0

Identifiers

log4j-to-slf4j-2.23.1.jar

Description:

The Apache Log4j binding between Log4j 2 API and SLF4J.

License:

Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/tommym/.m2/repository/org/apache/logging/log4j/log4j-to-slf4j/2.23.1/log4j-to-slf4j-2.23.1.jar
MD5: d60143628bb91f9dfa0148c213388b39
SHA1: 425ad1eb8a39904d2830e907a324e956fb456520
SHA256:7937a84055156910234e3b42868f55e68ff4b7becbb6ffd10146f72f5bf54dd5
Referenced In Project/Scope: Export functionality:compile
log4j-to-slf4j-2.23.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-web@3.3.4

Identifiers

logback-core-1.5.8.jar

Description:

logback-core module

License:

http://www.eclipse.org/legal/epl-v10.html, http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html
File Path: /Users/tommym/.m2/repository/ch/qos/logback/logback-core/1.5.8/logback-core-1.5.8.jar
MD5: 6048cf7daf6489ce151130cc993edccf
SHA1: 3fce599197de3b6f387cc9bee412ead2b4994a46
SHA256:a698e4cff3eac45eec9b2755df93bb7a9725d853f7938030654ce5430b37c41d
Referenced In Project/Scope: Export functionality:compile
logback-core-1.5.8.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-web@3.3.4

Identifiers

lombok-1.18.34.jar

Description:

Spice up your java: Automatic Resource Management, automatic generation of getters, setters, equals, hashCode and toString, and more!

License:

The MIT License: https://projectlombok.org/LICENSE
File Path: /Users/tommym/.m2/repository/org/projectlombok/lombok/1.18.34/lombok-1.18.34.jar
MD5: 91ce91dbfa7694bff4ddc1e51643f8b2
SHA1: ec547ef414ab1d2c040118fb9c1c265ada63af14
SHA256:c27d6b2aff56241d1b07fcbcc6b183709e6b432c80f7374eeb1d823e86d4b81a
Referenced In Project/Scope: Export functionality:compile
lombok-1.18.34.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-export@4.0.0-RC2

Identifiers

lombok-1.18.34.jar: mavenEcjBootstrapAgent.jar

File Path: /Users/tommym/.m2/repository/org/projectlombok/lombok/1.18.34/lombok-1.18.34.jar/lombok/launch/mavenEcjBootstrapAgent.jar
MD5: e5552f93605e20eb4039662ee38ee41a
SHA1: 257946794d3fbaff9023c991de99d6b7a7be8c8d
SHA256:7f93cde1d476e8d84f51213c52d70eb596fcde669fbd30fbd5a6745346fdde9d
Referenced In Project/Scope: Export functionality:compile

Identifiers

  • None

micrometer-commons-1.13.4.jar

Description:

Module containing common code

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/tommym/.m2/repository/io/micrometer/micrometer-commons/1.13.4/micrometer-commons-1.13.4.jar
MD5: 3058e9b29fff7d5f2d4bdabd3ba6b806
SHA1: edcf69518a4c382c48e19c7fb7d4aedfb115c0c3
SHA256:7407cc52817cfb66814292de841a4495c5af5309b15be367565d4bc700a433c2
Referenced In Project/Scope: Export functionality:compile
micrometer-commons-1.13.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-web@3.3.4

Identifiers

micrometer-observation-1.13.4.jar

Description:

Module containing Observation related code

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/tommym/.m2/repository/io/micrometer/micrometer-observation/1.13.4/micrometer-observation-1.13.4.jar
MD5: f2731d224c64773ce187592e6cbf3fc0
SHA1: 2673c9b181ab2512002b23b7ad0f1dd02212696c
SHA256:58642b0c0c965d1dc42bc49573657e948ea2a6c54d4902a6bc7e12a558d71f50
Referenced In Project/Scope: Export functionality:compile
micrometer-observation-1.13.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-web@3.3.4

Identifiers

mysema-commons-lang-0.2.4.jar

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/tommym/.m2/repository/com/mysema/commons/mysema-commons-lang/0.2.4/mysema-commons-lang-0.2.4.jar
MD5: c13bde1d0dae26b8ca3c56b5e4e40157
SHA1: d09c8489d54251a6c22fbce804bdd4a070557317
SHA256:dbbdd6816b33d3bead50f4d217825fcf568d50a43af881df5cdd01468c2b6efe
Referenced In Project/Scope: Export functionality:compile
mysema-commons-lang-0.2.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-api@4.0.0-RC2

Identifiers

opencsv-5.9.jar

Description:

A simple library for reading and writing CSV in Java

License:

Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/tommym/.m2/repository/com/opencsv/opencsv/5.9/opencsv-5.9.jar
MD5: 8cee3b4e9ebeba7bd2834831a969d97c
SHA1: 284ea0b60a24b71a530100783185e7d547ab5339
SHA256:2023969b86ce968ad8ae549648ac587d141c19ae684a9a5c67c9105f37ab0d1c
Referenced In Project/Scope: Export functionality:compile
opencsv-5.9.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-export@4.0.0-RC2

Identifiers

poi-5.3.0.jar

Description:

Apache POI - Java API To Access Microsoft Format Files

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/tommym/.m2/repository/org/apache/poi/poi/5.3.0/poi-5.3.0.jar
MD5: 03fe04731115d9a90fa3394eef25db26
SHA1: 0a26d24e85a2440d7b76d2ddd187abb0ee7c056e
SHA256:d514ebff22327762d38f551b6d1d78bb764770afd8d37546387ca41790323fef
Referenced In Project/Scope: Export functionality:compile
poi-5.3.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-export@4.0.0-RC2

Identifiers

querydsl-core-5.1.0.jar

Description:

core module for querydsl

File Path: /Users/tommym/.m2/repository/com/querydsl/querydsl-core/5.1.0/querydsl-core-5.1.0.jar
MD5: 2c9349a570cc9b090e44a22bff6be406
SHA1: be322c3fe98de8e7c204afb8860bfabd81a3bafd
SHA256:57a3033ddbb4d928552b33443be7195bc3caba6fa85cd9a492bc874a5ef98c8e
Referenced In Project/Scope: Export functionality:compile
querydsl-core-5.1.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-api@4.0.0-RC2

Identifiers

querydsl-jpa-5.1.0-jakarta.jar

Description:

JPA support for Querydsl

File Path: /Users/tommym/.m2/repository/com/querydsl/querydsl-jpa/5.1.0/querydsl-jpa-5.1.0-jakarta.jar
MD5: 54dae173af07a330f1a80cc48b0e02f3
SHA1: f44ee79a324cf92d6821eca736b2028e69542050
SHA256:01b064b511e093ceff2a8698829354b4fb1dc08f576e405dd6dfa8ab35736ca2
Referenced In Project/Scope: Export functionality:compile
querydsl-jpa-5.1.0-jakarta.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-api@4.0.0-RC2

Identifiers

slf4j-api-2.0.16.jar

Description:

The slf4j API

License:

http://www.opensource.org/licenses/mit-license.php
File Path: /Users/tommym/.m2/repository/org/slf4j/slf4j-api/2.0.16/slf4j-api-2.0.16.jar
MD5: c8de8f5d740584cb24b5652cfba8b3c4
SHA1: 0172931663a09a1fa515567af5fbef00897d3c04
SHA256:a12578dde1ba00bd9b816d388a0b879928d00bab3c83c240f7013bf4196c579a
Referenced In Project/Scope: Export functionality:compile
slf4j-api-2.0.16.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-export@4.0.0-RC2

Identifiers

snakeyaml-2.2.jar

Description:

YAML 1.1 parser and emitter for Java

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/tommym/.m2/repository/org/yaml/snakeyaml/2.2/snakeyaml-2.2.jar
MD5: d78aacf5f2de5b52f1a327470efd1ad7
SHA1: 3af797a25458550a16bf89acc8e4ab2b7f2bfce0
SHA256:1467931448a0817696ae2805b7b8b20bfb082652bf9c4efaed528930dc49389b
Referenced In Project/Scope: Export functionality:compile
snakeyaml-2.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-web@3.3.4

Identifiers

spring-boot-3.3.4.jar

Description:

Spring Boot

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /Users/tommym/.m2/repository/org/springframework/boot/spring-boot/3.3.4/spring-boot-3.3.4.jar
MD5: f0ef22445df4734fbd86ac1f976833c0
SHA1: f06c6950aa5766b63328e821641f5c7d71be819d
SHA256:2d3b43ade67d8b8ff23e80fa7f9f3d469a28413a826042808bcb3b718f13e01a
Referenced In Project/Scope: Export functionality:compile
spring-boot-3.3.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-rest@4.0.0-RC2

Identifiers

spring-boot-starter-web-3.3.4.jar

Description:

Starter for building web, including RESTful, applications using Spring MVC. Uses Tomcat as the default embedded container

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /Users/tommym/.m2/repository/org/springframework/boot/spring-boot-starter-web/3.3.4/spring-boot-starter-web-3.3.4.jar
MD5: 32d75ba466964fff5823a724bf28a888
SHA1: b43a9fd107611337777b47dc7518e2aca59e58eb
SHA256:066e91bfda3d47012fc21d66d59e09823fbc3f07fe5463324fb8cb19641bb373
Referenced In Project/Scope: Export functionality:compile
spring-boot-starter-web-3.3.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-export@4.0.0-RC2

Identifiers

spring-core-6.1.13.jar

Description:

Spring Core

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /Users/tommym/.m2/repository/org/springframework/spring-core/6.1.13/spring-core-6.1.13.jar
MD5: e1965e1d05b8ed52cee0593007d2e40f
SHA1: ddbd765408d2665f47017c8f05a7682012f91da3
SHA256:5f0059701b1c0bcdab78bb72dc252fce9eab16147819587238cacbdbf7b794cf
Referenced In Project/Scope: Export functionality:compile
spring-core-6.1.13.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-test@4.0.0-RC2

Identifiers

CVE-2024-38820  

The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected.
NVD-CWE-noinfo, CWE-178 Improper Handling of Case Sensitivity

CVSSv3:
  • Base Score: MEDIUM (5.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

spring-data-commons-3.3.4.jar

Description:

Core Spring concepts underpinning every Spring Data module.

File Path: /Users/tommym/.m2/repository/org/springframework/data/spring-data-commons/3.3.4/spring-data-commons-3.3.4.jar
MD5: cfc6e5fee5e1e6e8984739077de12819
SHA1: f0f6bca5b0cd7d318666e2d3f02726c615334678
SHA256:f44a2d79928fefe9879d76b3ae8141dbc5793cda7930543f295d9394f115a76d
Referenced In Project/Scope: Export functionality:compile
spring-data-commons-3.3.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-rest@4.0.0-RC2

Identifiers

spring-data-jpa-3.3.4.jar

Description:

Spring Data module for JPA repositories.

File Path: /Users/tommym/.m2/repository/org/springframework/data/spring-data-jpa/3.3.4/spring-data-jpa-3.3.4.jar
MD5: 4041bcb81e2078d07519fe237ab5aaf0
SHA1: f92296e4b6d18f5f79c5e6074da96bf0de2006d3
SHA256:99dade6857529c77afeb83703732c1a37e61c0e0d25ec3d064a0b88b6679b71b
Referenced In Project/Scope: Export functionality:compile
spring-data-jpa-3.3.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-rest@4.0.0-RC2

Identifiers

spring-web-6.1.13.jar

Description:

Spring Web

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /Users/tommym/.m2/repository/org/springframework/spring-web/6.1.13/spring-web-6.1.13.jar
MD5: 04c3636cb8b2f312a1343a601a5b2043
SHA1: e4028dbbc4ae1fb4bfd3257c53302956d7687b66
SHA256:8ebf053db3d81756d92797060b5c4edc80a9b39262266ce16cd084448fa13c90
Referenced In Project/Scope: Export functionality:compile
spring-web-6.1.13.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-web@3.3.4

Identifiers

CVE-2024-38820  

The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected.
NVD-CWE-noinfo, CWE-178 Improper Handling of Case Sensitivity

CVSSv3:
  • Base Score: MEDIUM (5.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

spring-webmvc-6.1.13.jar

Description:

Spring Web MVC

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /Users/tommym/.m2/repository/org/springframework/spring-webmvc/6.1.13/spring-webmvc-6.1.13.jar
MD5: 73575541f7d9bcab037c0c62207242ac
SHA1: ca5f025b133c69026bfe01daa6132d0ac2e4a59f
SHA256:ca2d637672d9b9eedeb743304a37182b4b6b89b2c224e8482b4827098119c05e
Referenced In Project/Scope: Export functionality:compile
spring-webmvc-6.1.13.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-web@3.3.4

Identifiers

CVE-2024-38819 (OSSINDEX)  

Spring Web - Path Traversal
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv2:
  • Base Score: HIGH (8.199999809265137)
  • Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.springframework:spring-webmvc:6.1.13:*:*:*:*:*:*:*

CVE-2024-38820  

The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected.
NVD-CWE-noinfo, CWE-178 Improper Handling of Case Sensitivity

CVSSv3:
  • Base Score: MEDIUM (5.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

springdoc-openapi-starter-common-2.6.0.jar

File Path: /Users/tommym/.m2/repository/org/springdoc/springdoc-openapi-starter-common/2.6.0/springdoc-openapi-starter-common-2.6.0.jar
MD5: 9d43f8e4081212a673114492cab8e304
SHA1: c8cf5fbd1f9e4c410d67f1de27dfc3529de13620
SHA256:5e072d2fe2d64d06ae87918340c808a3b9d67537b1645a91e6151438c714fb74
Referenced In Project/Scope: Export functionality:compile
springdoc-openapi-starter-common-2.6.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-rest@4.0.0-RC2

Identifiers

springdoc-openapi-starter-webmvc-api-2.6.0.jar

File Path: /Users/tommym/.m2/repository/org/springdoc/springdoc-openapi-starter-webmvc-api/2.6.0/springdoc-openapi-starter-webmvc-api-2.6.0.jar
MD5: 7f46407fedd5784e353b76ab67421340
SHA1: d235c2989247641e5dfe764d7add3a11e4d54a5f
SHA256:78a416e14baab214f600cfd04af4ecf92fb959df9bc92148b1a9b9c0dfa1ddc9
Referenced In Project/Scope: Export functionality:compile
springdoc-openapi-starter-webmvc-api-2.6.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-rest@4.0.0-RC2

Identifiers

springdoc-openapi-starter-webmvc-ui-2.6.0.jar

File Path: /Users/tommym/.m2/repository/org/springdoc/springdoc-openapi-starter-webmvc-ui/2.6.0/springdoc-openapi-starter-webmvc-ui-2.6.0.jar
MD5: 3e3adc56929b8918f086242c714f0193
SHA1: 2dddebb56441dbaa1009c4de434a83c65596f6ad
SHA256:160558319ef577c74515a253d07e3114ce714b8462878b84065530794acafc1e
Referenced In Project/Scope: Export functionality:compile
springdoc-openapi-starter-webmvc-ui-2.6.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-rest@4.0.0-RC2

Identifiers

swagger-core-jakarta-2.2.22.jar

Description:

swagger-core-jakarta

License:

"Apache License 2.0";link="http://www.apache.org/licenses/LICENSE-2.0.html"
File Path: /Users/tommym/.m2/repository/io/swagger/core/v3/swagger-core-jakarta/2.2.22/swagger-core-jakarta-2.2.22.jar
MD5: da25e751594c524d52262d665c85bb41
SHA1: 9ed5daaaa1c94c9a6b56c058c9d1b3190044a2e2
SHA256:92d51dfa23ec0990cd1f745b0fb0dc15e31ffd294167a19ea8913d3b187e6dc6
Referenced In Project/Scope: Export functionality:compile
swagger-core-jakarta-2.2.22.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-rest@4.0.0-RC2

Identifiers

swagger-ui-5.17.14.jar

Description:

WebJar for Swagger UI

License:

Apache-2.0
File Path: /Users/tommym/.m2/repository/org/webjars/swagger-ui/5.17.14/swagger-ui-5.17.14.jar
MD5: 0000f3977f67d7c1b7ac77a36bfabcca
SHA1: 7c746d197424eb721b4e08fcaa9e85231662d81f
SHA256:3d16fe99be7ef7fc6fd6b9a0b6d12e3a5444735d8a2c0c6246fbc804da5103bb
Referenced In Project/Scope: Export functionality:compile
swagger-ui-5.17.14.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-rest@4.0.0-RC2

Identifiers

swagger-ui-5.17.14.jar: swagger-initializer.js

File Path: /Users/tommym/.m2/repository/org/webjars/swagger-ui/5.17.14/swagger-ui-5.17.14.jar/META-INF/resources/webjars/swagger-ui/5.17.14/swagger-initializer.js
MD5: ff995915f51c051c59fed883f5d7be28
SHA1: c434dd8fbfa625a10351681d3037ee79d5682207
SHA256:a895034f24f12d7cd81ec47c98da4f15721d9d9a8d2405f22f21704821f81d02
Referenced In Project/Scope: Export functionality:compile

Identifiers

  • None

swagger-ui-5.17.14.jar: swagger-ui-bundle.js

File Path: /Users/tommym/.m2/repository/org/webjars/swagger-ui/5.17.14/swagger-ui-5.17.14.jar/META-INF/resources/webjars/swagger-ui/5.17.14/swagger-ui-bundle.js
MD5: bccc97f77bdb8edc590ae3abdf83b9a7
SHA1: 36af3f79010ac51754bbfa35e86f73b28521e559
SHA256:c2e4a9ef08144839ff47c14202063ecfe4e59e70a4e7154a26bd50d880c88ba1
Referenced In Project/Scope: Export functionality:compile

Identifiers

  • None

swagger-ui-5.17.14.jar: swagger-ui-es-bundle-core.js

File Path: /Users/tommym/.m2/repository/org/webjars/swagger-ui/5.17.14/swagger-ui-5.17.14.jar/META-INF/resources/webjars/swagger-ui/5.17.14/swagger-ui-es-bundle-core.js
MD5: 6d1d2b740c3afdcc8e06a3296077dae3
SHA1: b7592ebdff721dd9e4395b602fe5302aa8900355
SHA256:a27834fd6ba3947c10118dac3f87ab91dc000926d725036f7db6758b6c4fb61c
Referenced In Project/Scope: Export functionality:compile

Identifiers

  • None

swagger-ui-5.17.14.jar: swagger-ui-es-bundle.js

File Path: /Users/tommym/.m2/repository/org/webjars/swagger-ui/5.17.14/swagger-ui-5.17.14.jar/META-INF/resources/webjars/swagger-ui/5.17.14/swagger-ui-es-bundle.js
MD5: 8eb90030c9696e65fba69e5cca855278
SHA1: 47717c193b2c8be0538f7f63c4ddccc9da6e75ad
SHA256:eb5860a4aff8e9cdb7753056739ee1724cc89baaaab326e75d3936062e06b551
Referenced In Project/Scope: Export functionality:compile

Identifiers

  • None

swagger-ui-5.17.14.jar: swagger-ui-standalone-preset.js

File Path: /Users/tommym/.m2/repository/org/webjars/swagger-ui/5.17.14/swagger-ui-5.17.14.jar/META-INF/resources/webjars/swagger-ui/5.17.14/swagger-ui-standalone-preset.js
MD5: 861c3618a16aefc88e19a052836718e5
SHA1: c3073b573e55925510e2e6e6a1e2a564a2bc8558
SHA256:33b7a6f5afcac4902fdf93281be2d2e12db15f241d384606e6e6d17745b7f86f
Referenced In Project/Scope: Export functionality:compile

Identifiers

  • None

swagger-ui-5.17.14.jar: swagger-ui.js

File Path: /Users/tommym/.m2/repository/org/webjars/swagger-ui/5.17.14/swagger-ui-5.17.14.jar/META-INF/resources/webjars/swagger-ui/5.17.14/swagger-ui.js
MD5: f5967d03b75271cf7d23ab17931ae2f4
SHA1: 8b0335d5bade188456d36cefad9b22976b907d90
SHA256:cbd1a3687472d025b41a49836fc0e59679d7fd8eab38168d51b439e730b778a1
Referenced In Project/Scope: Export functionality:compile

Identifiers

  • None

tomcat-embed-core-10.1.30.jar

Description:

Core Tomcat implementation

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/tommym/.m2/repository/org/apache/tomcat/embed/tomcat-embed-core/10.1.30/tomcat-embed-core-10.1.30.jar
MD5: 16d8c001e54ed67aa8be83395f582265
SHA1: 0852ff3547f179175feaff39c443e9b980ec2cc2
SHA256:2eba5a20566f7ecb307508a6faef631652e59a865c0dba3c97c3bee1f4774bef
Referenced In Project/Scope: Export functionality:compile
tomcat-embed-core-10.1.30.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-web@3.3.4

Identifiers

tomcat-embed-el-10.1.30.jar

Description:

Core Tomcat implementation

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/tommym/.m2/repository/org/apache/tomcat/embed/tomcat-embed-el/10.1.30/tomcat-embed-el-10.1.30.jar
MD5: da24b9956c9ed9e5b10b6bedc2de2261
SHA1: 432b176aa50de87c3bbda99b0fe85523abfd1382
SHA256:ee94bb23409ac67cc6c79c0f7c3e61be0262adcf6e4d778bfe292944109f6697
Referenced In Project/Scope: Export functionality:compile
tomcat-embed-el-10.1.30.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-rest@4.0.0-RC2

Identifiers

txw2-4.0.5.jar

Description:

        TXW is a library that allows you to write XML documents.

File Path: /Users/tommym/.m2/repository/org/glassfish/jaxb/txw2/4.0.5/txw2-4.0.5.jar
MD5: 2f5aa7dbd5e326562cff6ce720a1485a
SHA1: f36a4ef12120a9bb06d766d6a0e54b144fd7ed98
SHA256:917355bc451481f30d043b24d123110517966af34383901773882810dca480e5
Referenced In Project/Scope: Export functionality:runtime
txw2-4.0.5.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-rest@4.0.0-RC2

Identifiers

CVE-2024-9329  

In Eclipse Glassfish versions before 7.0.17, The Host HTTP parameter could cause the web application to redirect to the specified URL, when the requested endpoint is '/management/domain'. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.
CWE-601 URL Redirection to Untrusted Site ('Open Redirect'), CWE-233 Improper Handling of Parameters

CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions:

xmlbeans-5.2.1.jar

Description:

XmlBeans main jar

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/tommym/.m2/repository/org/apache/xmlbeans/xmlbeans/5.2.1/xmlbeans-5.2.1.jar
MD5: 48f887315aeea29588550b86aada1068
SHA1: e16ddf17fe181c202b097e0dcc0ee2fed91cb7da
SHA256:eff1746a43780845d625a3ceb137976d4665d01a71209507dc383c6f43ab288a
Referenced In Project/Scope: Export functionality:compile
xmlbeans-5.2.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.poi/poi-ooxml@5.3.0

Identifiers



This report contains data retrieved from the National Vulnerability Database.
This report may contain data retrieved from the CISA Known Exploited Vulnerability Catalog.
This report may contain data retrieved from the Github Advisory Database (via NPM Audit API).
This report may contain data retrieved from RetireJS.
This report may contain data retrieved from the Sonatype OSS Index.