Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies;
false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and
the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties,
implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided
is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever
arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/tommym/.m2/repository/com/zaxxer/HikariCP/5.1.0/HikariCP-5.1.0.jar MD5: 37404f82207a28141bd9b0fe6b1d0a16 SHA1: 8c96e36c14461fc436bb02b264b96ef3ca5dca8c SHA256:a47a6ee62379694ee52c30036f0931b72f9aee2a801d590341ed82bd839e2134 Referenced In Project/Scope: Form Fill Functionality:compile HikariCP-5.1.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-rest@4.0.0-RC2
File Path: /Users/tommym/.m2/repository/org/eclipse/angus/angus-activation/2.0.2/angus-activation-2.0.2.jar MD5: 42bba74155dc773eca277ee7a16f74be SHA1: 41f1e0ddd157c856926ed149ab837d110955a9fc SHA256:6dd3bcffc22bce83b07376a0e2e094e4964a3195d4118fb43e380ef35436cc1e Referenced In Project/Scope: Form Fill Functionality:runtime angus-activation-2.0.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-rest@4.0.0-RC2
File Path: /Users/tommym/.m2/repository/org/codehaus/mojo/animal-sniffer-annotations/1.23/animal-sniffer-annotations-1.23.jar MD5: 13729ebd1fbdddc25d7feb7694d3028d SHA1: 3c0daebd5f0e1ce72cc50c818321ac957aeb5d70 SHA256:9ffe526bf43a6348e9d8b33b9cd6f580a7f5eed0cf055913007eda263de974d0 Referenced In Project/Scope: Form Fill Functionality:runtime animal-sniffer-annotations-1.23.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.ai/spring-ai-vertex-ai-gemini@0.8.1
File Path: /Users/tommym/.m2/repository/software/amazon/awssdk/annotations/2.24.8/annotations-2.24.8.jar MD5: c9555e294a8e188f3ab43a68a5d86f37 SHA1: c0e1fac7fa273e8c2f820a6324edae8c251f9f43 SHA256:21d193671368f8b8c0074f9747bc7f9588d7a22fa216e2471d7b88ea246b877b Referenced In Project/Scope: Form Fill Functionality:compile annotations-2.24.8.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.ai/spring-ai-bedrock@0.8.1
File Path: /Users/tommym/.m2/repository/com/google/android/annotations/4.1.1.4/annotations-4.1.1.4.jar MD5: c2cdd26a6ae577f24775e8ce75da1fdc SHA1: a1678ba907bf92691d879fef34e1a187038f9259 SHA256:ba734e1e84c09d615af6a09d33034b4f0442f8772dec120efb376d86a565ae15 Referenced In Project/Scope: Form Fill Functionality:runtime annotations-4.1.1.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.ai/spring-ai-vertex-ai-gemini@0.8.1
A framework for constructing recognizers, compilers, and translators from grammatical descriptions containing Java, C#, C++, or Python actions.
File Path: /Users/tommym/.m2/repository/org/antlr/antlr-runtime/3.3/antlr-runtime-3.3.jar MD5: d488c3b56f4a3ec48e71488636d38001 SHA1: ccd65b08cbc9b7e90b9facd4d125a133c6f87228 SHA256:36c03c8e08be041a0f112073b1d83cc3b3a1b7ca801b79249521cbf4ebae4591 Referenced In Project/Scope: Form Fill Functionality:compile antlr-runtime-3.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.ai/spring-ai-core@0.8.1
File Path: /Users/tommym/.m2/repository/org/antlr/antlr4-runtime/4.13.1/antlr4-runtime-4.13.1.jar MD5: dd465ddb2a8dbf69eb6c94e69a0d5f0f SHA1: 17125bae1d965624e265ef49552f6465a2bfa307 SHA256:54665d2838cc66458343468efc539e454fc95b46a8a04b13c6ac43fc9be63505 Referenced In Project/Scope: Form Fill Functionality:compile antlr4-runtime-4.13.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.ai/spring-ai-core@0.8.1
File Path: /Users/tommym/.m2/repository/software/amazon/awssdk/apache-client/2.24.8/apache-client-2.24.8.jar MD5: 30d97ca0e130f7859fa0dbdadfafccd6 SHA1: cdd6a3193a2bc90737f77a9432873d26bcb5c4af SHA256:207bab525d5e1c96a71c2a809218e7f7483577c50fbbae0a91646f0f09a47bd6 Referenced In Project/Scope: Form Fill Functionality:runtime apache-client-2.24.8.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.ai/spring-ai-bedrock@0.8.1
File Path: /Users/tommym/.m2/repository/com/google/api/api-common/2.28.0/api-common-2.28.0.jar MD5: 5516978371fb5b82f310c51e74b78744 SHA1: eec53ae90269554d0c435e553b7cf30c5e536a5f SHA256:2f4142c4b8dc015d27c57fb7e4844f111b48bad530233f817106340f5a2dcc70 Referenced In Project/Scope: Form Fill Functionality:compile api-common-2.28.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.ai/spring-ai-vertex-ai-gemini@0.8.1
The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/tommym/.m2/repository/org/apiguardian/apiguardian-api/1.1.2/apiguardian-api-1.1.2.jar MD5: 8c7de3f82037fa4a2e8be2a2f13092af SHA1: a231e0d844d2721b0fa1b238006d15c6ded6842a SHA256:b509448ac506d607319f182537f0b35d71007582ec741832a1f111e5b5b70b38 Referenced In Project/Scope: Form Fill Functionality:compile apiguardian-api-1.1.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.junit.jupiter/junit-jupiter-api@5.10.3
The AspectJ weaver applies aspects to Java classes. It can be used as a Java agent in order to apply load-time
weaving (LTW) during class-loading and also contains the AspectJ runtime classes.
License:
Eclipse Public License - v 2.0: https://www.eclipse.org/org/documents/epl-2.0/EPL-2.0.txt
File Path: /Users/tommym/.m2/repository/org/aspectj/aspectjweaver/1.9.22.1/aspectjweaver-1.9.22.1.jar MD5: f2edbc088126174a11b68279bd26c6eb SHA1: bca243d0af0db4758fbae45c5f4995cb5dabb612 SHA256:cd2dd01ec2424c05669df4d557f6c6cd7ed87b05257ee3c866b4c5b116b18a78 Referenced In Project/Scope: Form Fill Functionality:compile aspectjweaver-1.9.22.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-rest@4.0.0-RC2
The AWS SDK for Java - Auth module holds the classes that are used for authentication with services
File Path: /Users/tommym/.m2/repository/software/amazon/awssdk/auth/2.24.8/auth-2.24.8.jar MD5: a33416c72d5b92b853f078761b071fcd SHA1: ed214fae9d4b475afee6ebc6083745a4275a1752 SHA256:ff97d532d4a36a7ea4222d5141b993a268ea28dc7f5730b567117282132229ab Referenced In Project/Scope: Form Fill Functionality:compile auth-2.24.8.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.ai/spring-ai-bedrock@0.8.1
Immutable value-type code generation for Java 1.7+.
File Path: /Users/tommym/.m2/repository/com/google/auto/value/auto-value-annotations/1.10.4/auto-value-annotations-1.10.4.jar MD5: 8d1fd626bf1a426ee635ab11b7edb414 SHA1: 9679de8286eb0a151db6538ba297a8951c4a1224 SHA256:e1c45e6beadaef9797cb0d9afd5a45621ad061cd8632012f85582853a3887825 Referenced In Project/Scope: Form Fill Functionality:compile auto-value-annotations-1.10.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.ai/spring-ai-vertex-ai-gemini@0.8.1
The AWS SDK for Java - Core runtime module holds the classes that are used by the individual service
clients to interact with
Amazon Web Services. Users need to depend on aws-java-sdk artifact for accessing individual client classes.
File Path: /Users/tommym/.m2/repository/software/amazon/awssdk/aws-core/2.24.8/aws-core-2.24.8.jar MD5: dec2938e1122ac501c250316396a9239 SHA1: 4f71c794ecd223f767bed5b04bffbe6ce115005f SHA256:d5ddfef880bfe54465720e82a22be919ddb80478061e970674166f5f0bc42ce9 Referenced In Project/Scope: Form Fill Functionality:compile aws-core-2.24.8.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.ai/spring-ai-bedrock@0.8.1
The AWS Java SDK for Bedrock Runtime module holds the client classes that are used for
communicating with Bedrock Runtime.
File Path: /Users/tommym/.m2/repository/software/amazon/awssdk/bedrockruntime/2.24.8/bedrockruntime-2.24.8.jar MD5: fbaa17905968fd6e89e360358e146dd6 SHA1: 90c1d46f3a6b5f34cc112bbf9e19d77dd8fa7949 SHA256:dfeb03dca8e41d5864bccaf25c2e43cf22a736e97d5e45a8a3c547876cde48bb Referenced In Project/Scope: Form Fill Functionality:compile bedrockruntime-2.24.8.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.ai/spring-ai-bedrock@0.8.1
Byte Buddy is a Java library for creating Java classes at run time.
This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.
File Path: /Users/tommym/.m2/repository/net/bytebuddy/byte-buddy/1.14.19/byte-buddy-1.14.19.jar MD5: 745f8db2db7678ff12cb654343cee830 SHA1: 4c0c637b8f47dc08f89240e6f59900011752c97b SHA256:8415a44d841b2cdecdf5d73a05c29a8cf92dc2b60fca7ff7b3f21cd431b5a4ec Referenced In Project/Scope: Form Fill Functionality:runtime byte-buddy-1.14.19.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.mockito/mockito-core@5.11.0
checker-qual contains annotations (type qualifiers) that a programmer
writes to specify Java code for type-checking by the Checker Framework.
License:
The MIT License: http://opensource.org/licenses/MIT
File Path: /Users/tommym/.m2/repository/org/checkerframework/checker-qual/3.42.0/checker-qual-3.42.0.jar MD5: 4c55448dcbfe9c3702f7758fc8fe0086 SHA1: 638ec33f363a94d41a4f03c3e7d3dcfba64e402d SHA256:ccaedd33af0b7894d9f2f3b644f4d19e43928e32902e61ac4d10777830f5aac7 Referenced In Project/Scope: Form Fill Functionality:compile checker-qual-3.42.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.ai/spring-ai-vertex-ai-gemini@0.8.1
The AWS SDK for Java - Checksums module contains checksums and related items that are used by other modules in
the library.
File Path: /Users/tommym/.m2/repository/software/amazon/awssdk/checksums/2.24.8/checksums-2.24.8.jar MD5: 499326efbee4dfc677331a73549dbd55 SHA1: 9c89200f5d991fabc41bd9f9b712f7702631e04e SHA256:397c1a11114a488dcc690b235cfeb5be455434ea4c3fe7bda8ab2221ad8c22e9 Referenced In Project/Scope: Form Fill Functionality:compile checksums-2.24.8.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.ai/spring-ai-bedrock@0.8.1
Library for introspecting types with full generic information
including resolving of field and method types.
License:
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/tommym/.m2/repository/com/fasterxml/classmate/1.7.0/classmate-1.7.0.jar MD5: 3b8f14fe92feb865a8205aa63c5ed769 SHA1: 0e98374da1f2143ac8e6e0a95036994bb19137a3 SHA256:cb868f231c5cceb89d795ea00e6e1b7a93b8f4ac1ce1d8be76dde322dff4a046 Referenced In Project/Scope: Form Fill Functionality:compile classmate-1.7.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-validation@3.3.4
The Apache Commons Codec component contains encoder and decoders for
various formats such as Base16, Base32, Base64, digest, and Hexadecimal. In addition to these
widely used encoders and decoders, the codec package also maintains a
collection of phonetic encoding utilities.
File Path: /Users/tommym/.m2/repository/commons-codec/commons-codec/1.16.1/commons-codec-1.16.1.jar MD5: 6c5be822d8d3fa61c3b54c4c8978dfdc SHA1: 47bd4d333fba53406f6c6c51884ddbca435c8862 SHA256:ec87bfb55f22cbd1b21e2190eeda28b2b312ed2a431ee49fbdcc01812d04a5e4 Referenced In Project/Scope: Form Fill Functionality:compile commons-codec-1.16.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.ai/spring-ai-vertex-ai-gemini@0.8.1
The Apache Commons IO library contains utility classes, stream implementations, file filters,
file comparators, endian transformation classes, and much more.
File Path: /Users/tommym/.m2/repository/commons-io/commons-io/2.17.0/commons-io-2.17.0.jar MD5: f6232d0e290d58bb93f74f67165bf91f SHA1: ddcc8433eb019fb48fe25207c0278143f3e1d7e2 SHA256:4aa4ca48f3dfd30b78220b7881d8cb93eac4093ec94361b6befa9487998a550b Referenced In Project/Scope: Form Fill Functionality:compile commons-io-2.17.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-formfill@4.0.0-RC2
Apache Commons Lang, a package of Java utility classes for the
classes that are in java.lang's hierarchy, or are considered to be so
standard as to justify existence in java.lang.
File Path: /Users/tommym/.m2/repository/org/apache/commons/commons-lang3/3.14.0/commons-lang3-3.14.0.jar MD5: 4e5c3f5e6b0b965ef241d7d72ac8971f SHA1: 1ed471194b02f2c6cb734a0cd6f6f107c673afae SHA256:7b96bf3ee68949abb5bc465559ac270e0551596fa34523fddf890ec418dde13c Referenced In Project/Scope: Form Fill Functionality:compile commons-lang3-3.14.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-formfill@4.0.0-RC2
File Path: /Users/tommym/.m2/repository/org/conscrypt/conscrypt-openjdk-uber/2.5.2/conscrypt-openjdk-uber-2.5.2.jar MD5: 34c8ec40831d77372b2bea95139783b0 SHA1: d858f142ea189c62771c505a6548d8606ac098fe SHA256:eaf537d98e033d0f0451cd1b8cc74e02d7b55ec882da63c88060d806ba89c348 Referenced In Project/Scope: Form Fill Functionality:compile conscrypt-openjdk-uber-2.5.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.ai/spring-ai-vertex-ai-gemini@0.8.1
File Path: /Users/tommym/.m2/repository/org/conscrypt/conscrypt-openjdk-uber/2.5.2/conscrypt-openjdk-uber-2.5.2.jar/META-INF/native/conscrypt_openjdk_jni-windows-x86.dll MD5: 1c95af66b90409a88bbd9641c1d67adb SHA1: cf9c2e9cda771c1451411b00198c289f2ae84bcf SHA256:6d050d27ce99019efd6764e8b85b3a33845e85a67809a03343dd0304e83e8472 Referenced In Project/Scope: Form Fill Functionality:compile
File Path: /Users/tommym/.m2/repository/org/conscrypt/conscrypt-openjdk-uber/2.5.2/conscrypt-openjdk-uber-2.5.2.jar/META-INF/native/conscrypt_openjdk_jni-windows-x86_64.dll MD5: bd8a94b5e92cfeb8653cca1b9f54a2d2 SHA1: 53d42334c8c56bf9007df6898604c67b033171ab SHA256:a72c7d3d5f0f5afb8b048b3db9ba1a167120ff5094a0612bfa5ed96b27667910 Referenced In Project/Scope: Form Fill Functionality:compile
Evidence
Type
Source
Name
Value
Confidence
Vendor
file
name
conscrypt_openjdk_jni-windows-x86_64
High
Product
file
name
conscrypt_openjdk_jni-windows-x86_64
High
Identifiers
None
dynamo-api-4.0.0-RC2.jar
Description:
Dynamo Framework API project.
File Path: /Users/tommym/Work/opencirclesolutions/dynamo/dynamo-api/target/dynamo-api-4.0.0-RC2.jar MD5: c9f04fa11e97fea9bbef969ef5e567a7 SHA1: 0eeb7c8b42419068611cee3141dc37be05e00783 SHA256:bb2209146baf1c0a811a3819da0e65cdd9902bcfc6e02193999c8119c400754b Referenced In Project/Scope: Form Fill Functionality:compile dynamo-api-4.0.0-RC2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-formfill@4.0.0-RC2
File Path: /Users/tommym/Work/opencirclesolutions/dynamo/dynamo-impl/target/dynamo-impl-4.0.0-RC2.jar MD5: 143b8fc2dc4c5c766e4b4015840a2df5 SHA1: 9709cfb81182fd4cbbe3e5ee73fc9853421d1554 SHA256:f5075f96c46bb106d78dc5d566eb2184d5fee783fe7b4fda0cbf1956e483562a Referenced In Project/Scope: Form Fill Functionality:compile dynamo-impl-4.0.0-RC2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-rest@4.0.0-RC2
File Path: /Users/tommym/Work/opencirclesolutions/dynamo/dynamo-rest/target/dynamo-rest-4.0.0-RC2.jar MD5: c1b452e89336e2e0b1082077428ee699 SHA1: b398f92e3c04649a424428382d760710e1cd2443 SHA256:b3219de264252ffa6629c7c65f6a5d58486c72808c14cc1c8d6e6b95a664ef09 Referenced In Project/Scope: Form Fill Functionality:compile dynamo-rest-4.0.0-RC2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-formfill@4.0.0-RC2
File Path: /Users/tommym/.m2/repository/software/amazon/awssdk/endpoints-spi/2.24.8/endpoints-spi-2.24.8.jar MD5: 6ce5362ea7daef49531e8aeb515c8e9b SHA1: d516a5533af722f6da3b0c6a4052b59105a77703 SHA256:d9f6caac6ee05b1c49a5ba1133069059225c848de93e1a76a354c40ab75d14cd Referenced In Project/Scope: Form Fill Functionality:compile endpoints-spi-2.24.8.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.ai/spring-ai-bedrock@0.8.1
File Path: /Users/tommym/.m2/repository/com/google/errorprone/error_prone_annotations/2.24.1/error_prone_annotations-2.24.1.jar MD5: 345bbebec9b3c68d2638c0f6809436dc SHA1: 32b299e45105aa9b0df8279c74dc1edfcf313ff0 SHA256:19fe2f7155d20ea093168527999da98108103ee546d1e8b726bc4b27c31a3c30 Referenced In Project/Scope: Form Fill Functionality:compile error_prone_annotations-2.24.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.ai/spring-ai-vertex-ai-gemini@0.8.1
Apache License, Version 2.0: https://aws.amazon.com/apache2.0
File Path: /Users/tommym/.m2/repository/software/amazon/eventstream/eventstream/1.0.1/eventstream-1.0.1.jar MD5: 864488626f50477cfd786d1c80e3b39e SHA1: 6ff8649dffc5190366ada897ba8525a836297784 SHA256:0c37d8e696117f02c302191b8110b0d0eb20fa412fce34c3a269ec73c16ce822 Referenced In Project/Scope: Form Fill Functionality:compile eventstream-1.0.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.ai/spring-ai-bedrock@0.8.1
Contains
com.google.common.util.concurrent.internal.InternalFutureFailureAccess and
InternalFutures. Most users will never need to use this artifact. Its
classes is conceptually a part of Guava, but they're in this separate
artifact so that Android libraries can use them without pulling in all of
Guava (just as they can use ListenableFuture by depending on the
listenablefuture artifact).
File Path: /Users/tommym/.m2/repository/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.jar MD5: 091883993ef5bfa91da01dcc8fc52236 SHA1: 1dcf1de382a0bf95a3d8b0849546c88bac1292c9 SHA256:a171ee4c734dd2da837e4b16be9df4661afab72a41adaf31eb84dfdaf936ca26 Referenced In Project/Scope: Form Fill Functionality:compile failureaccess-1.0.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.ai/spring-ai-vertex-ai-gemini@0.8.1
Evidence
Type
Source
Name
Value
Confidence
Vendor
file
name
failureaccess
High
Vendor
jar
package name
common
Highest
Vendor
jar
package name
concurrent
Highest
Vendor
jar
package name
google
Highest
Vendor
jar
package name
util
Highest
Vendor
Manifest
bundle-docurl
https://github.com/google/guava/
Low
Vendor
Manifest
bundle-symbolicname
com.google.guava.failureaccess
Medium
Vendor
pom
artifactid
failureaccess
Highest
Vendor
pom
artifactid
failureaccess
Low
Vendor
pom
groupid
com.google.guava
Highest
Vendor
pom
name
Guava InternalFutureFailureAccess and InternalFutures
High
Vendor
pom
parent-artifactid
guava-parent
Low
Product
file
name
failureaccess
High
Product
jar
package name
common
Highest
Product
jar
package name
concurrent
Highest
Product
jar
package name
google
Highest
Product
jar
package name
util
Highest
Product
Manifest
bundle-docurl
https://github.com/google/guava/
Low
Product
Manifest
Bundle-Name
Guava InternalFutureFailureAccess and InternalFutures
Medium
Product
Manifest
bundle-symbolicname
com.google.guava.failureaccess
Medium
Product
pom
artifactid
failureaccess
Highest
Product
pom
groupid
com.google.guava
Highest
Product
pom
name
Guava InternalFutureFailureAccess and InternalFutures
File Path: /Users/tommym/.m2/repository/com/google/api/gax/2.45.0/gax-2.45.0.jar MD5: c0ff75b3c187f115fdbdad9f4c3cdca8 SHA1: 78ce52ef9330a8093c98579b70c93c5d9ee83e1b SHA256:7a523e3614dd7c275c6d6e710afee3d966318de4551c28d7bd3d6f47946154be Referenced In Project/Scope: Form Fill Functionality:compile gax-2.45.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.ai/spring-ai-vertex-ai-gemini@0.8.1
File Path: /Users/tommym/.m2/repository/com/google/api/gax-grpc/2.45.0/gax-grpc-2.45.0.jar MD5: 8304ba11b0a842fee203171cbcd96f04 SHA1: 1da8a9a0f78223cd2f18cd2d5229371c7a5f045d SHA256:fd391d59abaef24c134a45610c5f3a4ce5c95e7668c86daa0273fd18e4d26dec Referenced In Project/Scope: Form Fill Functionality:compile gax-grpc-2.45.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.ai/spring-ai-vertex-ai-gemini@0.8.1
File Path: /Users/tommym/.m2/repository/com/google/api/gax-httpjson/2.45.0/gax-httpjson-2.45.0.jar MD5: edaba7234bb4bc48c10721549569d2fc SHA1: 102eff7ec4235572a9e57440be29d6509038ad3c SHA256:d20b3eb153d3fea4d37c16e4cba328d0f8f76d66e1f091690e99c546ed6a8e63 Referenced In Project/Scope: Form Fill Functionality:compile gax-httpjson-2.45.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.ai/spring-ai-vertex-ai-gemini@0.8.1
File Path: /Users/tommym/.m2/repository/com/google/auth/google-auth-library-credentials/1.23.0/google-auth-library-credentials-1.23.0.jar MD5: d83b994e3e0e03d92f087a054df03ea6 SHA1: a50ee3611922a0eea9d421c6ddb1db031972a7dc SHA256:d982eda20835e301dcbeec4d083289a44fdd06e9a35ce18449054f4ffd3f099f Referenced In Project/Scope: Form Fill Functionality:compile google-auth-library-credentials-1.23.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.ai/spring-ai-vertex-ai-gemini@0.8.1
File Path: /Users/tommym/.m2/repository/com/google/auth/google-auth-library-oauth2-http/1.23.0/google-auth-library-oauth2-http-1.23.0.jar MD5: 35deb5dba280426cf64f73ee72699cf3 SHA1: f9ebd75a55b8e2cfa62e1f66d04a62b46a2f3b70 SHA256:f2bf739509b5f3697cb1bf33ff9dc27e8fc886cedb2f6376a458263f793ed133 Referenced In Project/Scope: Form Fill Functionality:compile google-auth-library-oauth2-http-1.23.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.ai/spring-ai-vertex-ai-gemini@0.8.1
VertexAI API Vertex AI is an integrated suite of machine learning tools and services for building and using ML models with AutoML or custom code. It offers both novices and experts the best workbench for the entire machine learning development lifecycle.
File Path: /Users/tommym/.m2/repository/com/google/cloud/google-cloud-vertexai/0.6.0/google-cloud-vertexai-0.6.0.jar MD5: 630df039afd7cc3fac9a0146ce842a5c SHA1: 28b183ff949a8b870cfb5677939b76f31ab7e95a SHA256:8790f09ebdcdd9b6064f92d5aba6f883892181307883230e07520b00f7735bfe Referenced In Project/Scope: Form Fill Functionality:compile google-cloud-vertexai-0.6.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.ai/spring-ai-vertex-ai-gemini@0.8.1
Google HTTP Client Library for Java. Functionality that works on all supported Java platforms,
including Java 7 (or higher) desktop (SE) and web (EE), Android, and Google App Engine.
File Path: /Users/tommym/.m2/repository/com/google/http-client/google-http-client/1.44.1/google-http-client-1.44.1.jar MD5: 42894e76ca386df2c02178a7b979316c SHA1: d8956bacb8a4011365fa15a690482c49a70c78c5 SHA256:f3fd3fc971425659d6f78a853381de590279f191fdae63bd31c5a21382441023 Referenced In Project/Scope: Form Fill Functionality:compile google-http-client-1.44.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.ai/spring-ai-vertex-ai-gemini@0.8.1
File Path: /Users/tommym/.m2/repository/com/google/http-client/google-http-client-gson/1.44.1/google-http-client-gson-1.44.1.jar MD5: 6f10455f530c873cc92663a3fa76171a SHA1: f3b8967c6f7078da6380687859d0873105f84d39 SHA256:b1133c57ac842e1d22d423a6c0efbfafde074d984dd82fda1f6eb69500e42dfd Referenced In Project/Scope: Form Fill Functionality:compile google-http-client-gson-1.44.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.ai/spring-ai-vertex-ai-gemini@0.8.1
Evidence
Type
Source
Name
Value
Confidence
Vendor
file
name
google-http-client-gson
High
Vendor
jar
package name
api
Highest
Vendor
jar
package name
client
Highest
Vendor
jar
package name
google
Highest
Vendor
jar
package name
json
Highest
Vendor
Manifest
automatic-module-name
com.google.api.client.json.gson
Medium
Vendor
Manifest
build-jdk-spec
1.8
Low
Vendor
pom
artifactid
google-http-client-gson
Highest
Vendor
pom
artifactid
google-http-client-gson
Low
Vendor
pom
groupid
com.google.http-client
Highest
Vendor
pom
name
GSON extensions to the Google HTTP Client Library for Java.
High
Vendor
pom
parent-artifactid
google-http-client-parent
Low
Product
file
name
google-http-client-gson
High
Product
jar
package name
api
Highest
Product
jar
package name
client
Highest
Product
jar
package name
google
Highest
Product
jar
package name
json
Highest
Product
Manifest
automatic-module-name
com.google.api.client.json.gson
Medium
Product
Manifest
build-jdk-spec
1.8
Low
Product
pom
artifactid
google-http-client-gson
Highest
Product
pom
groupid
com.google.http-client
Highest
Product
pom
name
GSON extensions to the Google HTTP Client Library for Java.
Groovy: A powerful multi-faceted language for the JVM
License:
The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/tommym/.m2/repository/org/apache/groovy/groovy/4.0.23/groovy-4.0.23.jar MD5: 772e54063c2b45476aed0746ac80bde7 SHA1: 26028921d6275bee098120f5cb56bea1693654fc SHA256:b26ee90507fecda8c6da6d3fdbeb8b2c99979ac8b8aa2459a4813e6bee7ae6e6 Referenced In Project/Scope: Form Fill Functionality:compile groovy-4.0.23.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.ai/spring-ai-openai@0.8.1
Evidence
Type
Source
Name
Value
Confidence
Vendor
file
name
groovy
High
Vendor
jar
package name
apache
Highest
Vendor
jar
package name
groovy
Highest
Vendor
Manifest
automatic-module-name
org.apache.groovy
Medium
Vendor
Manifest
bundle-symbolicname
groovy
Medium
Vendor
Manifest
eclipse-buddypolicy
dependent
Low
Vendor
Manifest
eclipse-extensibleapi
true
Low
Vendor
Manifest
extension-name
groovy
Medium
Vendor
Manifest
Implementation-Vendor
The Apache Software Foundation
High
Vendor
Manifest
specification-vendor
The Apache Software Foundation
Low
Vendor
pom
artifactid
groovy
Highest
Vendor
pom
artifactid
groovy
Low
Vendor
pom
developer email
aalmiray@users.sourceforge.net
Low
Vendor
pom
developer email
b55r@sina.com
Low
Vendor
pom
developer email
blackdrag@gmx.org
Low
Vendor
pom
developer email
bob@werken.com
Low
Vendor
pom
developer email
cedric.champeau@gmail.com
Low
Vendor
pom
developer email
ckl@dacelo.nl
Low
Vendor
pom
developer email
cpoirier@dreaming.org
Low
Vendor
pom
developer email
goetze@dovetail.com
Low
Vendor
pom
developer email
guillaume.alleon@gmail.com
Low
Vendor
pom
developer email
hamletdrc@gmail.com
Low
Vendor
pom
developer email
james@coredevelopers.com
Low
Vendor
pom
developer email
jason@planet57.com
Low
Vendor
pom
developer email
jeremy.rayner@gmail.com
Low
Vendor
pom
developer email
jim@pagesmiths.com
Low
Vendor
pom
developer email
johnstump2@yahoo.com
Low
Vendor
pom
developer email
mguillemot@yahoo.fr
Low
Vendor
pom
developer email
paulk@asert.com.au
Low
Vendor
pom
developer email
phkim@cluecom.co.kr
Low
Vendor
pom
developer email
pniederw@gmail.com
Low
Vendor
pom
developer email
russel@winder.org.uk
Low
Vendor
pom
developer email
sam@sampullara.com
Low
Vendor
pom
developer email
sormuras@gmx.de
Low
Vendor
pom
developer email
tug@wilson.co.uk
Low
Vendor
pom
developer id
aalmiray
Medium
Vendor
pom
developer id
alextkachman
Medium
Vendor
pom
developer id
andresteingress
Medium
Vendor
pom
developer id
blackdrag
Medium
Vendor
pom
developer id
bob
Medium
Vendor
pom
developer id
bran
Medium
Vendor
pom
developer id
ckl
Medium
Vendor
pom
developer id
cpoirier
Medium
Vendor
pom
developer id
cstein
Medium
Vendor
pom
developer id
emilles
Medium
Vendor
pom
developer id
galleon
Medium
Vendor
pom
developer id
glaforge
Medium
Vendor
pom
developer id
goetze
Medium
Vendor
pom
developer id
grocher
Medium
Vendor
pom
developer id
hamletdrc
Medium
Vendor
pom
developer id
jamiemc
Medium
Vendor
pom
developer id
jez
Medium
Vendor
pom
developer id
jimwhite
Medium
Vendor
pom
developer id
joe
Medium
Vendor
pom
developer id
jstrachan
Medium
Vendor
pom
developer id
jstump
Medium
Vendor
pom
developer id
jwill
Medium
Vendor
pom
developer id
jwilson
Medium
Vendor
pom
developer id
kasper
Medium
Vendor
pom
developer id
mattf
Medium
Vendor
pom
developer id
melix
Medium
Vendor
pom
developer id
mguillem
Medium
Vendor
pom
developer id
mittie
Medium
Vendor
pom
developer id
pascalschumacher
Medium
Vendor
pom
developer id
paulk
Medium
Vendor
pom
developer id
phk
Medium
Vendor
pom
developer id
pniederw
Medium
Vendor
pom
developer id
roshandawrani
Medium
Vendor
pom
developer id
rpopma
Medium
Vendor
pom
developer id
russel
Medium
Vendor
pom
developer id
shemnon
Medium
Vendor
pom
developer id
skizz
Medium
Vendor
pom
developer id
spullara
Medium
Vendor
pom
developer id
sunlan
Medium
Vendor
pom
developer id
timyates
Medium
Vendor
pom
developer id
travis
Medium
Vendor
pom
developer id
user57
Medium
Vendor
pom
developer id
zohar
Medium
Vendor
pom
developer name
Alex Tkachman
Medium
Vendor
pom
developer name
Andre Steingress
Medium
Vendor
pom
developer name
Andres Almiray
Medium
Vendor
pom
developer name
Bing Ran
Medium
Vendor
pom
developer name
bob mcwhirter
Medium
Vendor
pom
developer name
Cedric Champeau
Medium
Vendor
pom
developer name
Chris Poirier
Medium
Vendor
pom
developer name
Chris Stevenson
Medium
Vendor
pom
developer name
Christiaan ten Klooster
Medium
Vendor
pom
developer name
Christian Stein
Medium
Vendor
pom
developer name
Daniel Sun
Medium
Vendor
pom
developer name
Danno Ferrin
Medium
Vendor
pom
developer name
Dierk Koenig
Medium
Vendor
pom
developer name
Eric Milles
Medium
Vendor
pom
developer name
Graeme Rocher
Medium
Vendor
pom
developer name
Guillaume Alleon
Medium
Vendor
pom
developer name
Guillaume Laforge
Medium
Vendor
pom
developer name
Hamlet D'Arcy
Medium
Vendor
pom
developer name
James Strachan
Medium
Vendor
pom
developer name
James Williams
Medium
Vendor
pom
developer name
Jamie McCrindle
Medium
Vendor
pom
developer name
Jason Dillon
Medium
Vendor
pom
developer name
Jeremy Rayner
Medium
Vendor
pom
developer name
Jim White
Medium
Vendor
pom
developer name
Jochen Theodorou
Medium
Vendor
pom
developer name
Joe Walnes
Medium
Vendor
pom
developer name
John Stump
Medium
Vendor
pom
developer name
John Wilson
Medium
Vendor
pom
developer name
Kasper Nielsen
Medium
Vendor
pom
developer name
Marc Guillemot
Medium
Vendor
pom
developer name
Matt Foemmel
Medium
Vendor
pom
developer name
Pascal Schumacher
Medium
Vendor
pom
developer name
Paul King
Medium
Vendor
pom
developer name
Peter Niederwieser
Medium
Vendor
pom
developer name
Pilho Kim
Medium
Vendor
pom
developer name
Remko Popma
Medium
Vendor
pom
developer name
Roshan Dawrani
Medium
Vendor
pom
developer name
Russel Winder
Medium
Vendor
pom
developer name
Sam Pullara
Medium
Vendor
pom
developer name
Steve Goetze
Medium
Vendor
pom
developer name
Tim Yates
Medium
Vendor
pom
developer name
Travis Kay
Medium
Vendor
pom
developer name
Zohar Melamed
Medium
Vendor
pom
developer org
Concertant LLP & It'z Interactive Ltd
Medium
Vendor
pom
developer org
Core Developers Network
Medium
Vendor
pom
developer org
CTSR.de
Medium
Vendor
pom
developer org
Dacelo WebDevelopment
Medium
Vendor
pom
developer org
Dovetailed Technologies, LLC
Medium
Vendor
pom
developer org
Google
Medium
Vendor
pom
developer org
IFCX.org
Medium
Vendor
pom
developer org
javanicus
Medium
Vendor
pom
developer org
Karakun AG
Medium
Vendor
pom
developer org
Leadingcare
Medium
Vendor
pom
developer org
OCI, Australia
Medium
Vendor
pom
developer org
The Werken Company
Medium
Vendor
pom
developer org
The Wilson Partnership
Medium
Vendor
pom
developer org
Thomson Reuters
Medium
Vendor
pom
developer org
ThoughtWorks
Medium
Vendor
pom
developer org
Three
Medium
Vendor
pom
groupid
org.apache.groovy
Highest
Vendor
pom
name
Apache Groovy
High
Vendor
pom
organization name
Apache Software Foundation
High
Vendor
pom
organization url
https://apache.org
Medium
Vendor
pom
url
https://groovy-lang.org
Highest
Product
file
name
groovy
High
Product
jar
package name
apache
Highest
Product
jar
package name
groovy
Highest
Product
jar
package name
runtime
Highest
Product
Manifest
automatic-module-name
org.apache.groovy
Medium
Product
Manifest
Bundle-Name
Groovy module: groovy
Medium
Product
Manifest
bundle-symbolicname
groovy
Medium
Product
Manifest
eclipse-buddypolicy
dependent
Low
Product
Manifest
eclipse-extensibleapi
true
Low
Product
Manifest
extension-name
groovy
Medium
Product
Manifest
Implementation-Title
Groovy: a powerful, multi-faceted language for the JVM
High
Product
Manifest
specification-title
Groovy: a powerful, multi-faceted language for the JVM
File Path: /Users/tommym/.m2/repository/io/grpc/grpc-core/1.62.2/grpc-core-1.62.2.jar MD5: 95c2fa959d01c75c692c2c27ad5c635e SHA1: 5808049a5e33eba6f248a68d58e75399a68f2784 SHA256:18439902c473a2c1511e517d13b8ae796378850a8eda43787c6ba778fa90fcc5 Referenced In Project/Scope: Form Fill Functionality:compile grpc-core-1.62.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.ai/spring-ai-vertex-ai-gemini@0.8.1
File Path: /Users/tommym/.m2/repository/com/google/api/grpc/grpc-google-common-protos/2.36.0/grpc-google-common-protos-2.36.0.jar MD5: ff3330c305ac71e1a8fc6c39241ccc45 SHA1: 4072d485e703b3b707b28371e7d20100ee7d266b SHA256:192ffcc9f58c25a337e5b79e4fd68240c8922ad4a5f00933e0f0e6163223ef7a Referenced In Project/Scope: Form Fill Functionality:compile grpc-google-common-protos-2.36.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.ai/spring-ai-vertex-ai-gemini@0.8.1
File Path: /Users/tommym/.m2/repository/com/google/api/grpc/grpc-google-iam-v1/1.31.0/grpc-google-iam-v1-1.31.0.jar MD5: 7eabb1a2ce6d808e24eeae096d8a5f88 SHA1: f7a17a08fa6bb131ecffc55dedc68615f69ac441 SHA256:6783ba6a3b2af2fe330b11c8f38f00148e597a8f68043f5f45edaf0254bbac25 Referenced In Project/Scope: Form Fill Functionality:compile grpc-google-iam-v1-1.31.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.ai/spring-ai-vertex-ai-gemini@0.8.1
File Path: /Users/tommym/.m2/repository/io/grpc/grpc-netty-shaded/1.62.2/grpc-netty-shaded-1.62.2.jar/META-INF/native/io_grpc_netty_shaded_netty_tcnative_windows_x86_64.dll MD5: f40a93f73dfd0d34821cdf929cbda70d SHA1: 166aca74814793ed23db4d6284f570afb2f15e3e SHA256:ee3156fe6f4d6a27ca9370b0dfa9428d993bcd0dc03edc4d57bce594444c837f Referenced In Project/Scope: Form Fill Functionality:compile
File Path: /Users/tommym/.m2/repository/io/grpc/grpc-protobuf/1.62.2/grpc-protobuf-1.62.2.jar MD5: 559bdb4654000d17d0f743e7eb41d744 SHA1: 15aaf31c8d16c3c1c695223d3bd22b75c6405a83 SHA256:66a0b196318bdfd817d965d2d82b9c81dfced8eb08c0f7510fcb728d2994237a Referenced In Project/Scope: Form Fill Functionality:compile grpc-protobuf-1.62.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.ai/spring-ai-vertex-ai-gemini@0.8.1
File Path: /Users/tommym/.m2/repository/com/google/code/gson/gson/2.10.1/gson-2.10.1.jar MD5: df6097815738cb31fc56391553210843 SHA1: b3add478d4382b78ea20b1671390a858002feb6c SHA256:4241c14a7727c34feea6507ec801318a3d4a90f070e4525681079fb94ee4c593 Referenced In Project/Scope: Form Fill Functionality:compile gson-2.10.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.ai/spring-ai-vertex-ai-gemini@0.8.1
File Path: /Users/tommym/.m2/repository/com/google/guava/guava/32.1.3-jre/guava-32.1.3-jre.jar MD5: adc3cf557a48d15cb71be90948558923 SHA1: 0f306708742ce2bf0fb0901216183bc14073feae SHA256:6d4e2b5a118aab62e6e5e29d185a0224eed82c85c40ac3d33cf04a270c3b3744 Referenced In Project/Scope: Form Fill Functionality:compile guava-32.1.3-jre.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.ai/spring-ai-vertex-ai-gemini@0.8.1
File Path: /Users/tommym/.m2/repository/com/h2database/h2/2.2.224/h2-2.2.224.jar MD5: 769d5a85d19ccc2b06620f8c81d6d8f8 SHA1: 7bdade27d8cd197d9b5ce9dc251f41d2edc5f7ad SHA256:b9d8f19358ada82a4f6eb5b174c6cfe320a375b5a9cb5a4fe456d623e6e55497 Referenced In Project/Scope: Form Fill Functionality:compile h2-2.2.224.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-formfill@4.0.0-RC2
h2database - Improper Link Resolution Before File Access
The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
CWE-59 Improper Link Resolution Before File Access ('Link Following')
File Path: /Users/tommym/.m2/repository/com/h2database/h2/2.2.224/h2-2.2.224.jar/org/h2/util/data.zip/org/h2/server/web/res/table.js MD5: f374e067dff4b106b77abab77b360d8b SHA1: 67d0af73251e86e079f1db4b837920309a1a3993 SHA256:75e452b34b317d0a8c630b9ac469db3d82988e221d41adc17cf1bab3c0e88c78 Referenced In Project/Scope: Form Fill Functionality:compile
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
h2-2.2.224.jar: data.zip: tree.js
File Path: /Users/tommym/.m2/repository/com/h2database/h2/2.2.224/h2-2.2.224.jar/org/h2/util/data.zip/org/h2/server/web/res/tree.js MD5: 760f137680a67ae829c2000c4156e050 SHA1: d947ebba0777d68aa9397fc7d8b04ce2a725c12b SHA256:2bb3d968d50a5d96912f77552d772184d0213e2601895517ba53afa64dc433ed Referenced In Project/Scope: Form Fill Functionality:compile
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
hibernate-commons-annotations-6.0.6.Final.jar
Description:
Common reflection code used in support of annotation processing
License:
GNU Library General Public License v2.1 or later: http://www.opensource.org/licenses/LGPL-2.1
File Path: /Users/tommym/.m2/repository/org/hibernate/common/hibernate-commons-annotations/6.0.6.Final/hibernate-commons-annotations-6.0.6.Final.jar MD5: c155df7d9f04d15f3f6bbe79f4907074 SHA1: 77a5f94b56d49508e0ee334751db5b78e5ccd50c SHA256:cd974e0a8481fafdbaf9b4a0f08bb5a6c969b0365482763eedf77e6fd7f493b7 Referenced In Project/Scope: Form Fill Functionality:runtime hibernate-commons-annotations-6.0.6.Final.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-rest@4.0.0-RC2
GNU Library General Public License v2.1 or later: https://www.opensource.org/licenses/LGPL-2.1
File Path: /Users/tommym/.m2/repository/org/hibernate/orm/hibernate-core/6.5.3.Final/hibernate-core-6.5.3.Final.jar MD5: 7cee9d560d7ca13dd0fc4e6d5f34f9b7 SHA1: 1e23c320a5d10f5eaecbd23095fca5c5c83c1fb5 SHA256:f79b5e5029a72e2f0ba7542591fba8305c9edbc0dbdc974541f2376ff1203422 Referenced In Project/Scope: Form Fill Functionality:compile hibernate-core-6.5.3.Final.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-rest@4.0.0-RC2
File Path: /Users/tommym/.m2/repository/org/hibernate/validator/hibernate-validator/8.0.1.Final/hibernate-validator-8.0.1.Final.jar MD5: 66985b6bf8da17611031e2421c235241 SHA1: e49e116b3d3928060599b176b3538bb848718e95 SHA256:8c1244a498231091fe723d9666a93444ee9f93607245c6b29829dc5fe57a335c Referenced In Project/Scope: Form Fill Functionality:compile hibernate-validator-8.0.1.Final.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-validation@3.3.4
The AWS SDK for Java - HTTP Auth module contains interfaces and implementations
for generic HTTP authentication
File Path: /Users/tommym/.m2/repository/software/amazon/awssdk/http-auth/2.24.8/http-auth-2.24.8.jar MD5: c1fd2f7f29b0d5528ecf9ba8e52f019b SHA1: 8bba6c0e1c4c35d77e41fdf97dcc04c35732559d SHA256:37e1aeb76275bf6c733348b0501510632b1e27fbb186427c0d57a2602837a35a Referenced In Project/Scope: Form Fill Functionality:compile http-auth-2.24.8.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.ai/spring-ai-bedrock@0.8.1
File Path: /Users/tommym/.m2/repository/org/apache/httpcomponents/httpclient/4.5.14/httpclient-4.5.14.jar MD5: 2cb357c4b763f47e58af6cad47df6ba3 SHA1: 1194890e6f56ec29177673f2f12d0b8e627dec98 SHA256:c8bc7e1c51a6d4ce72f40d2ebbabf1c4b68bfe76e732104b04381b493478e9d6 Referenced In Project/Scope: Form Fill Functionality:compile httpclient-4.5.14.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.ai/spring-ai-vertex-ai-gemini@0.8.1
File Path: /Users/tommym/.m2/repository/org/apache/httpcomponents/httpcore/4.4.16/httpcore-4.4.16.jar MD5: 28d2cd9bf8789fd2ec774fb88436ebd1 SHA1: 51cf043c87253c9f58b539c9f7e44c8894223850 SHA256:6c9b3dd142a09dc468e23ad39aad6f75a0f2b85125104469f026e52a474e464f Referenced In Project/Scope: Form Fill Functionality:compile httpcore-4.4.16.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.ai/spring-ai-vertex-ai-gemini@0.8.1
The AWS SDK for Java - Identity SPI module contains the Identity interfaces that are used by other modules in
the library.
File Path: /Users/tommym/.m2/repository/software/amazon/awssdk/identity-spi/2.24.8/identity-spi-2.24.8.jar MD5: bdfad68c6213895fa29791633a5b9d03 SHA1: 176bf6132bdda91952049630db79cded485ed549 SHA256:43c5908349b49490231b224b0acac31c790409c55f8648f16a253901f6d2ed20 Referenced In Project/Scope: Form Fill Functionality:compile identity-spi-2.24.8.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.ai/spring-ai-bedrock@0.8.1
File Path: /Users/tommym/.m2/repository/com/sun/istack/istack-commons-runtime/4.1.2/istack-commons-runtime-4.1.2.jar MD5: 535154ef647af2a52478c4debec93659 SHA1: 18ec117c85f3ba0ac65409136afa8e42bc74e739 SHA256:7fd6792361f4dd00f8c56af4a20cecc0066deea4a8f3dec38348af23fc2296ee Referenced In Project/Scope: Form Fill Functionality:runtime istack-commons-runtime-4.1.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-rest@4.0.0-RC2
A set of annotations that provide additional information to the J2ObjC
translator to modify the result of translation.
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/tommym/.m2/repository/com/google/j2objc/j2objc-annotations/2.8/j2objc-annotations-2.8.jar MD5: c50af69b704dc91050efb98e0dff66d1 SHA1: c85270e307e7b822f1086b93689124b89768e273 SHA256:f02a95fa1a5e95edb3ed859fd0fb7df709d121a35290eff8b74dce2ab7f4d6ed Referenced In Project/Scope: Form Fill Functionality:compile j2objc-annotations-2.8.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.ai/spring-ai-vertex-ai-gemini@0.8.1
Core Jackson processing abstractions (aka Streaming API), implementation for JSON
License:
The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/tommym/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.17.2/jackson-core-2.17.2.jar MD5: 50c2dab1f29136714d5ef5c6c640336c SHA1: 969a35cb35c86512acbadcdbbbfb044c877db814 SHA256:721a189241dab0525d9e858e5cb604d3ecc0ede081e2de77d6f34fa5779a5b46 Referenced In Project/Scope: Form Fill Functionality:compile jackson-core-2.17.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.17.2
General data-binding functionality for Jackson: works on core streaming API
License:
The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/tommym/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.17.2/jackson-databind-2.17.2.jar MD5: 3e1ff7c1f0fda885946619a47ef9d5de SHA1: e6deb029e5901e027c129341fac39e515066b68c SHA256:c04993f33c0f845342653784f14f38373d005280e6359db5f808701cfae73c0c Referenced In Project/Scope: Form Fill Functionality:compile jackson-databind-2.17.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-formfill@4.0.0-RC2
File Path: /Users/tommym/.m2/repository/com/fasterxml/jackson/dataformat/jackson-dataformat-yaml/2.17.2/jackson-dataformat-yaml-2.17.2.jar MD5: 9dcb2f5d3b61bfb9af05b9b00bee13c3 SHA1: 78d2c73dbec62044d7cf3b544b2e0d24a1a093b0 SHA256:941bcd8b1381bb3b0d726fab41624fa8ece0ee7b6cf2860ad95e8157ce673376 Referenced In Project/Scope: Form Fill Functionality:compile jackson-dataformat-yaml-2.17.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-rest@4.0.0-RC2
File Path: /Users/tommym/.m2/repository/jakarta/activation/jakarta.activation-api/2.1.3/jakarta.activation-api-2.1.3.jar MD5: 76e7b680375ea9f40f3ddbd702efcd25 SHA1: fa165bd70cda600368eee31555222776a46b881f SHA256:01b176d718a169263e78290691fc479977186bcc6b333487325084d6586f4627 Referenced In Project/Scope: Form Fill Functionality:compile jakarta.activation-api-2.1.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-test@3.3.4
File Path: /Users/tommym/.m2/repository/jakarta/annotation/jakarta.annotation-api/2.1.1/jakarta.annotation-api-2.1.1.jar MD5: 5dac2f68e8288d0add4dc92cb161711d SHA1: 48b9bda22b091b1f48b13af03fe36db3be6e1ae3 SHA256:5f65fdaf424eee2b55e1d882ba9bb376be93fb09b37b808be6e22e8851c909fe Referenced In Project/Scope: Form Fill Functionality:compile jakarta.annotation-api-2.1.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-web@3.3.4
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/tommym/.m2/repository/jakarta/inject/jakarta.inject-api/2.0.1/jakarta.inject-api-2.0.1.jar MD5: 72003bf6efcc8455d414bbd7da86c11c SHA1: 4c28afe1991a941d7702fe1362c365f0a8641d1e SHA256:f7dc98062fccf14126abb751b64fab12c312566e8cbdc8483598bffcea93af7c Referenced In Project/Scope: Form Fill Functionality:runtime jakarta.inject-api-2.0.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-rest@4.0.0-RC2
Eclipse Public License v. 2.0: http://www.eclipse.org/legal/epl-2.0
Eclipse Distribution License v. 1.0: http://www.eclipse.org/org/documents/edl-v10.php
File Path: /Users/tommym/.m2/repository/jakarta/persistence/jakarta.persistence-api/3.1.0/jakarta.persistence-api-3.1.0.jar MD5: 35a1b7dfb38cf44ff795be607b0e6b5b SHA1: 66901fa1c373c6aff65c13791cc11da72060a8d6 SHA256:475389446d35c6f46c565728b756dc508c284644ea2690644e0d8e7e339d42fd Referenced In Project/Scope: Form Fill Functionality:compile jakarta.persistence-api-3.1.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-rest@4.0.0-RC2
File Path: /Users/tommym/.m2/repository/jakarta/transaction/jakarta.transaction-api/2.0.1/jakarta.transaction-api-2.0.1.jar MD5: 5315974a3935e342b40849478e1c9966 SHA1: 51a520e3fae406abb84e2e1148e6746ce3f80a1a SHA256:50c0a7c760c13ae6c042acf182b28f0047413db95b4636fb8879bcffab5ba875 Referenced In Project/Scope: Form Fill Functionality:compile jakarta.transaction-api-2.0.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-rest@4.0.0-RC2
File Path: /Users/tommym/.m2/repository/jakarta/validation/jakarta.validation-api/3.0.2/jakarta.validation-api-3.0.2.jar MD5: 3a1ee6efca3e41e3320599790f54c5eb SHA1: 92b6631659ba35ca09e44874d3eb936edfeee532 SHA256:291c25e6910cc6a7ebd96d4c6baebf6d7c37676c5482c2d96146e901b62c1fc9 Referenced In Project/Scope: Form Fill Functionality:compile jakarta.validation-api-3.0.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-formfill@4.0.0-RC2
File Path: /Users/tommym/.m2/repository/jakarta/xml/bind/jakarta.xml.bind-api/4.0.2/jakarta.xml.bind-api-4.0.2.jar MD5: 0c8f9991081def819435c3ff36e4d93f SHA1: 6cd5a999b834b63238005b7144136379dc36cad2 SHA256:0d6bcfe47763e85047acf7c398336dc84ff85ebcad0a7cb6f3b9d3e981245406 Referenced In Project/Scope: Form Fill Functionality:compile jakarta.xml.bind-api-4.0.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-test@3.3.4
File Path: /Users/tommym/.m2/repository/io/smallrye/jandex/3.1.2/jandex-3.1.2.jar MD5: 757ae579a3a52c03c3c60fbe393c086f SHA1: a6c1c89925c7df06242b03dddb353116ceb9584c SHA256:dee12fa1787d5523ed1a02d6c63b19e7aef6ac560f7c6d70595db01aa37e041e Referenced In Project/Scope: Form Fill Functionality:runtime jandex-3.1.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-rest@4.0.0-RC2
CDDL + GPLv2 with classpath exception: https://github.com/javaee/javax.annotation/blob/master/LICENSE
File Path: /Users/tommym/.m2/repository/javax/annotation/javax.annotation-api/1.3.2/javax.annotation-api-1.3.2.jar MD5: 2ab1973eefffaa2aeec47d50b9e40b9d SHA1: 934c04d3cfef185a8008e7bf34331b79730a9d43 SHA256:e04ba5195bcd555dc95650f7cc614d151e4bcd52d29a10b8aa2197f3ab89ab9b Referenced In Project/Scope: Form Fill Functionality:compile javax.annotation-api-1.3.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.ai/spring-ai-vertex-ai-gemini@0.8.1
File Path: /Users/tommym/.m2/repository/org/glassfish/jaxb/jaxb-core/4.0.5/jaxb-core-4.0.5.jar MD5: ab09aef6bebd4438b0a02707881801e4 SHA1: 007b4b11ea5542eea4ad55e1080b23be436795b3 SHA256:ad3fd9bf00de3eda9859f70b6cfb011e2fe9904804e16a2665092888ece0fdca Referenced In Project/Scope: Form Fill Functionality:runtime jaxb-core-4.0.5.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-rest@4.0.0-RC2
In Eclipse Glassfish versions before 7.0.17, The Host HTTP parameter could cause the web application to redirect to the specified URL, when the requested endpoint is '/management/domain'. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.
CWE-601 URL Redirection to Untrusted Site ('Open Redirect'), CWE-233 Improper Handling of Parameters
File Path: /Users/tommym/.m2/repository/org/jboss/logging/jboss-logging/3.5.3.Final/jboss-logging-3.5.3.Final.jar MD5: ee7e24e94235c13f53392ecaa53f938c SHA1: c88fc1d8a96d4c3491f55d4317458ccad53ca663 SHA256:7b119460de174195aca412dfed52ca0bbef0ece26c2d74301b6172cfadf4ff59 Referenced In Project/Scope: Form Fill Functionality:compile jboss-logging-3.5.3.Final.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-validation@3.3.4
File Path: /Users/tommym/.m2/repository/io/rest-assured/json-path/5.4.0/json-path-5.4.0.jar MD5: d6f6fc59c59472bf0a77392604fe1cd3 SHA1: 83ed73b55e45300209493294ddc09ca5f61c46b6 SHA256:3330da1a28244f8d905263061181c7c82309434ef52db83b014e743914e37824 Referenced In Project/Scope: Form Fill Functionality:compile json-path-5.4.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.ai/spring-ai-openai@0.8.1
File Path: /Users/tommym/.m2/repository/software/amazon/awssdk/json-utils/2.24.8/json-utils-2.24.8.jar MD5: 64b39b6d80a5aad6b35de27f1ba72cb9 SHA1: 196d5cf5ac0c262e778039777599ec391c7f257d SHA256:148f10c3ab8dd8be6514a3418e376bd85cda29c360f0894b721489c15e26c028 Referenced In Project/Scope: Form Fill Functionality:compile json-utils-2.24.8.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.ai/spring-ai-bedrock@0.8.1
Java JSON Schema Generator – creating a JSON Schema (Draft 6, Draft 7 or Draft 2019-09) from your Java classes
File Path: /Users/tommym/.m2/repository/com/github/victools/jsonschema-generator/4.31.1/jsonschema-generator-4.31.1.jar MD5: 6ebe0b467343ccd34d70e54709684d84 SHA1: cbdef05cd21e6c568ba73c64fab6eb4d97babc8c SHA256:c66f4c0d15a7d6d3f014316c445b39ae5388d4b79a05cd53889d5b24bb7d3d47 Referenced In Project/Scope: Form Fill Functionality:compile jsonschema-generator-4.31.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.ai/spring-ai-core@0.8.1
Module for the jsonschema-generator – Swagger (2.x)
File Path: /Users/tommym/.m2/repository/com/github/victools/jsonschema-module-swagger-2/4.33.1/jsonschema-module-swagger-2-4.33.1.jar MD5: 7689ceef07a681a5d1501ee6f7f04383 SHA1: 4a4f312b027c7ac39e3f8fd2a818da95d12fa495 SHA256:6dc17974ef57807030a7ca90ecff4cc8b4657453e9c852daf005551ff5c59c3c Referenced In Project/Scope: Form Fill Functionality:compile jsonschema-module-swagger-2-4.33.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.ai/spring-ai-core@0.8.1
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/tommym/.m2/repository/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar MD5: dd83accb899363c32b07d7a1b2e4ce40 SHA1: 25ea2e8b0c338a877313bd4672d3fe056ea78f0d SHA256:766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7 Referenced In Project/Scope: Form Fill Functionality:compile jsr305-3.0.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.ai/spring-ai-vertex-ai-gemini@0.8.1
JTokkit is a Java tokenizer library designed for use with OpenAI models.
License:
MIT License: https://opensource.org/licenses/MIT
File Path: /Users/tommym/.m2/repository/com/knuddels/jtokkit/1.0.0/jtokkit-1.0.0.jar MD5: 53b35729911b1320931c49a32bf770d1 SHA1: 1f6d2254f2cceb73620dc79fdecf4d4b5ddd3621 SHA256:0ed2df740749f4094539909dcef214afc45d0ed3fe207b0bf0d6a117b780eafa Referenced In Project/Scope: Form Fill Functionality:compile jtokkit-1.0.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.ai/spring-ai-core@0.8.1
File Path: /Users/tommym/.m2/repository/org/slf4j/jul-to-slf4j/2.0.16/jul-to-slf4j-2.0.16.jar MD5: 410ad2f2230e0150216d86e12a4af995 SHA1: 6d57da3e961daac65bcca0dd3def6cd11e48a24a SHA256:0f2ec396ea29c9a440890d1f09fdb82fdd574b47b298435764235451c193861d Referenced In Project/Scope: Form Fill Functionality:compile jul-to-slf4j-2.0.16.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.ai/spring-ai-openai@0.8.1
Eclipse Public License v2.0: https://www.eclipse.org/legal/epl-v20.html
File Path: /Users/tommym/.m2/repository/org/junit/jupiter/junit-jupiter/5.10.3/junit-jupiter-5.10.3.jar MD5: 8312d239f10b3aaa94c3dc69f84a250f SHA1: 6686d8fbf251f9bf8ecba413cab57b9e00f9134d SHA256:e6fc09f881eba8b8d8a7660a6c7f4d582fa7881f306136afe2d82964a2e7c22f Referenced In Project/Scope: Form Fill Functionality:compile junit-jupiter-5.10.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-formfill@4.0.0-RC2
Eclipse Public License v2.0: https://www.eclipse.org/legal/epl-v20.html
File Path: /Users/tommym/.m2/repository/org/junit/jupiter/junit-jupiter-engine/5.10.3/junit-jupiter-engine-5.10.3.jar MD5: c87ca6659d594120a6030a2760bcdf14 SHA1: 48c14e866bb1a87ca35d24ff068463bb202ada24 SHA256:bbd3ce8dc11e9925071ef9691d68af1ab6e712faa6851f7c5275bc8aafc88673 Referenced In Project/Scope: Form Fill Functionality:runtime junit-jupiter-engine-5.10.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.junit.jupiter/junit-jupiter@5.10.3
Eclipse Public License v2.0: https://www.eclipse.org/legal/epl-v20.html
File Path: /Users/tommym/.m2/repository/org/junit/jupiter/junit-jupiter-params/5.10.3/junit-jupiter-params-5.10.3.jar MD5: 8c0d875131fa73e688df785a3b2f338d SHA1: 4852f4e4af9074d9214213b199751f99efeab8b9 SHA256:7c3ed8cefb12496b76c53c3da986ea8f0bf3f426781869475551ae3a506c1ad8 Referenced In Project/Scope: Form Fill Functionality:compile junit-jupiter-params-5.10.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.junit.jupiter/junit-jupiter@5.10.3
Eclipse Public License v2.0: https://www.eclipse.org/legal/epl-v20.html
File Path: /Users/tommym/.m2/repository/org/junit/platform/junit-platform-engine/1.10.3/junit-platform-engine-1.10.3.jar MD5: 8fe56ec6a59c1e208e8ba0def9e47bf3 SHA1: 365a320c3cfd47f3346625e541e424e35dc75c42 SHA256:df7c32bf75cf47c4c8ddd1942091027947a7d765d30b731fe00830115fafa133 Referenced In Project/Scope: Form Fill Functionality:runtime junit-platform-engine-1.10.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.junit.jupiter/junit-jupiter@5.10.3
An empty artifact that Guava depends on to signal that it is providing
ListenableFuture -- but is also available in a second "version" that
contains com.google.common.util.concurrent.ListenableFuture class, without
any other Guava classes. The idea is:
- If users want only ListenableFuture, they depend on listenablefuture-1.0.
- If users want all of Guava, they depend on guava, which, as of Guava
27.0, depends on
listenablefuture-9999.0-empty-to-avoid-conflict-with-guava. The 9999.0-...
version number is enough for some build systems (notably, Gradle) to select
that empty artifact over the "real" listenablefuture-1.0 -- avoiding a
conflict with the copy of ListenableFuture in guava itself. If users are
using an older version of Guava or a build system other than Gradle, they
may see class conflicts. If so, they can solve them by manually excluding
the listenablefuture artifact or manually forcing their build systems to
use 9999.0-....
File Path: /Users/tommym/.m2/repository/com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar MD5: d094c22570d65e132c19cea5d352e381 SHA1: b421526c5f297295adef1c886e5246c39d4ac629 SHA256:b372a037d4230aa57fbeffdef30fd6123f9c0c2db85d0aced00c91b974f33f99 Referenced In Project/Scope: Form Fill Functionality:compile listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.ai/spring-ai-vertex-ai-gemini@0.8.1
File Path: /Users/tommym/.m2/repository/org/apache/logging/log4j/log4j-api/2.23.1/log4j-api-2.23.1.jar MD5: bee2e2dcbeeb983bdb6b71c9c3476b6a SHA1: 9c15c29c526d9c6783049c0a77722693c66706e1 SHA256:92ec1fd36ab3bc09de6198d2d7c0914685c0f7127ea931acc32fd2ecdd82ea89 Referenced In Project/Scope: Form Fill Functionality:compile log4j-api-2.23.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.ai/spring-ai-openai@0.8.1
File Path: /Users/tommym/.m2/repository/org/apache/logging/log4j/log4j-to-slf4j/2.23.1/log4j-to-slf4j-2.23.1.jar MD5: d60143628bb91f9dfa0148c213388b39 SHA1: 425ad1eb8a39904d2830e907a324e956fb456520 SHA256:7937a84055156910234e3b42868f55e68ff4b7becbb6ffd10146f72f5bf54dd5 Referenced In Project/Scope: Form Fill Functionality:compile log4j-to-slf4j-2.23.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.ai/spring-ai-openai@0.8.1
File Path: /Users/tommym/.m2/repository/ch/qos/logback/logback-core/1.5.8/logback-core-1.5.8.jar MD5: 6048cf7daf6489ce151130cc993edccf SHA1: 3fce599197de3b6f387cc9bee412ead2b4994a46 SHA256:a698e4cff3eac45eec9b2755df93bb7a9725d853f7938030654ce5430b37c41d Referenced In Project/Scope: Form Fill Functionality:compile logback-core-1.5.8.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.ai/spring-ai-openai@0.8.1
Spice up your java: Automatic Resource Management, automatic generation of getters, setters, equals, hashCode and toString, and more!
License:
The MIT License: https://projectlombok.org/LICENSE
File Path: /Users/tommym/.m2/repository/org/projectlombok/lombok/1.18.34/lombok-1.18.34.jar MD5: 91ce91dbfa7694bff4ddc1e51643f8b2 SHA1: ec547ef414ab1d2c040118fb9c1c265ada63af14 SHA256:c27d6b2aff56241d1b07fcbcc6b183709e6b432c80f7374eeb1d823e86d4b81a Referenced In Project/Scope: Form Fill Functionality:compile lombok-1.18.34.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-formfill@4.0.0-RC2
File Path: /Users/tommym/.m2/repository/org/projectlombok/lombok/1.18.34/lombok-1.18.34.jar/lombok/launch/mavenEcjBootstrapAgent.jar MD5: e5552f93605e20eb4039662ee38ee41a SHA1: 257946794d3fbaff9023c991de99d6b7a7be8c8d SHA256:7f93cde1d476e8d84f51213c52d70eb596fcde669fbd30fbd5a6745346fdde9d Referenced In Project/Scope: Form Fill Functionality:compile
Evidence
Type
Source
Name
Value
Confidence
Vendor
file
name
mavenEcjBootstrapAgent
High
Vendor
jar
package name
launch
Low
Vendor
jar
package name
lombok
Low
Vendor
Manifest
can-redefine-classes
true
Low
Product
file
name
mavenEcjBootstrapAgent
High
Product
jar
package name
launch
Low
Product
Manifest
can-redefine-classes
true
Low
Identifiers
None
metrics-spi-2.24.8.jar
Description:
This is the base module for SDK metrics feature. It contains the interfaces used for metrics feature
that are used by other modules in the library.
File Path: /Users/tommym/.m2/repository/software/amazon/awssdk/metrics-spi/2.24.8/metrics-spi-2.24.8.jar MD5: e9c2f9b25eb6324611f3a48305a888ce SHA1: 87755fe547b1b9cabd8aace32855ee8d45cff5ac SHA256:9a64627ca4af358cbc1f161f25cf1fcc47ef86e7686d05c930ee06418a8f519c Referenced In Project/Scope: Form Fill Functionality:compile metrics-spi-2.24.8.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.ai/spring-ai-bedrock@0.8.1
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/tommym/.m2/repository/io/micrometer/micrometer-commons/1.13.4/micrometer-commons-1.13.4.jar MD5: 3058e9b29fff7d5f2d4bdabd3ba6b806 SHA1: edcf69518a4c382c48e19c7fb7d4aedfb115c0c3 SHA256:7407cc52817cfb66814292de841a4495c5af5309b15be367565d4bc700a433c2 Referenced In Project/Scope: Form Fill Functionality:compile micrometer-commons-1.13.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-web@3.3.4
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/tommym/.m2/repository/io/micrometer/micrometer-observation/1.13.4/micrometer-observation-1.13.4.jar MD5: f2731d224c64773ce187592e6cbf3fc0 SHA1: 2673c9b181ab2512002b23b7ad0f1dd02212696c SHA256:58642b0c0c965d1dc42bc49573657e948ea2a6c54d4902a6bc7e12a558d71f50 Referenced In Project/Scope: Form Fill Functionality:compile micrometer-observation-1.13.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-web@3.3.4
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/tommym/.m2/repository/com/mysema/commons/mysema-commons-lang/0.2.4/mysema-commons-lang-0.2.4.jar MD5: c13bde1d0dae26b8ca3c56b5e4e40157 SHA1: d09c8489d54251a6c22fbce804bdd4a070557317 SHA256:dbbdd6816b33d3bead50f4d217825fcf568d50a43af881df5cdd01468c2b6efe Referenced In Project/Scope: Form Fill Functionality:compile mysema-commons-lang-0.2.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-api@4.0.0-RC2
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/tommym/.m2/repository/io/netty/netty-common/4.1.113.Final/netty-common-4.1.113.Final.jar/META-INF/maven/org.jctools/jctools-core/pom.xml MD5: 5d5135397b920a7dcbca5c1fb0576cf2 SHA1: eaa05d6ad937464312a2681a3236c0e06602bbb7 SHA256:a69897b8ff0c2198b4b8cd7d4f93fde6d42b8e9dbfc95553585e27587b24e211 Referenced In Project/Scope: Form Fill Functionality:runtime
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers and clients.
File Path: /Users/tommym/.m2/repository/io/netty/netty-common/4.1.113.Final/netty-common-4.1.113.Final.jar MD5: 539a6a287a762bd5fd846a85a69f8fa3 SHA1: 1a7fe68aa349746008e5cff490aa6077728aac5a SHA256:c0fb22d47111cb06aac2af67fe55e2e216a49fd00e767f4acb7488b280f8c327 Referenced In Project/Scope: Form Fill Functionality:runtime netty-common-4.1.113.Final.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.ai/spring-ai-bedrock@0.8.1
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application, Netty attempts to load a file that does not exist. If an attacker creates such a large file, the Netty application crashes. This vulnerability is fixed in 4.1.115.
File Path: /Users/tommym/.m2/repository/software/amazon/awssdk/netty-nio-client/2.24.8/netty-nio-client-2.24.8.jar MD5: 30e6dbd4217c3e0ed03c584041abe332 SHA1: 365b2b38043220207157da7216df942aa64518af SHA256:e2f10b978633964edde46efdb8aee5c2e26ee0678ede897109a3b3b4c187a5fd Referenced In Project/Scope: Form Fill Functionality:runtime netty-nio-client-2.24.8.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.ai/spring-ai-bedrock@0.8.1
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers and clients.
File Path: /Users/tommym/.m2/repository/io/netty/netty-transport/4.1.113.Final/netty-transport-4.1.113.Final.jar MD5: 207a1ba6a61a072f599a51d9b310cab5 SHA1: 8ba0a07b6ca61aefd607ca2a91ebd1cce28f5e3d SHA256:cb8b97ff77d7c5f1c591c84d2dee3389a0eaa63a3137b7b8c0c64e1dbada6688 Referenced In Project/Scope: Form Fill Functionality:runtime netty-transport-4.1.113.Final.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.ai/spring-ai-bedrock@0.8.1
The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/tommym/.m2/repository/io/opencensus/opencensus-api/0.31.1/opencensus-api-0.31.1.jar MD5: a5e7092bb89baaaee424f5a7b20d1bad SHA1: 66a60c7201c2b8b20ce495f0295b32bb0ccbbc57 SHA256:f1474d47f4b6b001558ad27b952e35eda5cc7146788877fc52938c6eba24b382 Referenced In Project/Scope: Form Fill Functionality:compile opencensus-api-0.31.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.ai/spring-ai-vertex-ai-gemini@0.8.1
The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/tommym/.m2/repository/io/opencensus/opencensus-contrib-http-util/0.31.1/opencensus-contrib-http-util-0.31.1.jar MD5: 9ecc9c428eb87dc734ae8d07b820ce26 SHA1: 3c13fc5715231fadb16a9b74a44d9d59c460cfa8 SHA256:3ea995b55a4068be22989b70cc29a4d788c2d328d1d50613a7a9afd13fdd2d0a Referenced In Project/Scope: Form Fill Functionality:compile opencensus-contrib-http-util-0.31.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.ai/spring-ai-vertex-ai-gemini@0.8.1
The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/tommym/.m2/repository/io/opencensus/opencensus-proto/0.2.0/opencensus-proto-0.2.0.jar MD5: be8bc8ae28e0809dbcd67b3320ced49a SHA1: c05b6b32b69d5d9144087ea0ebc6fab183fb9151 SHA256:0c192d451e9dd74e98721b27d02f0e2b6bca44b51563b5dabf2e211f7a3ebf13 Referenced In Project/Scope: Form Fill Functionality:runtime opencensus-proto-0.2.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.ai/spring-ai-vertex-ai-gemini@0.8.1
The Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/tommym/.m2/repository/org/opentest4j/opentest4j/1.3.0/opentest4j-1.3.0.jar MD5: 03c404f727531f3fd3b4c73997899327 SHA1: 152ea56b3a72f655d4fd677fc0ef2596c3dd5e6e SHA256:48e2df636cab6563ced64dcdff8abb2355627cb236ef0bf37598682ddf742f1b Referenced In Project/Scope: Form Fill Functionality:runtime opentest4j-1.3.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.junit.jupiter/junit-jupiter-api@5.10.3
File Path: /Users/tommym/.m2/repository/io/perfmark/perfmark-api/0.27.0/perfmark-api-0.27.0.jar MD5: 73bcc9c91e5b65c4f75b0567e7a5590f SHA1: f86f575a41b091786a4b027cd9c0c1d2e3fc1c01 SHA256:c7b478503ec524e55df19b424d46d27c8a68aeb801664fadd4f069b71f52d0f6 Referenced In Project/Scope: Form Fill Functionality:runtime perfmark-api-0.27.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.ai/spring-ai-vertex-ai-gemini@0.8.1
Evidence
Type
Source
Name
Value
Confidence
Vendor
file
name
perfmark-api
High
Vendor
jar
package name
io
Highest
Vendor
jar
package name
perfmark
Highest
Vendor
Manifest
automatic-module-name
io.perfmark
Medium
Vendor
Manifest
carl-is-awesome
true
Low
Vendor
Manifest
Implementation-Vendor
Carl Mastrangelo https://www.carlmastrangelo.com/ https://twitter.com/CarlMastrangelo
Profile module allows loading information from AWS configuration and credentials files.
File Path: /Users/tommym/.m2/repository/software/amazon/awssdk/profiles/2.24.8/profiles-2.24.8.jar MD5: fe86daf790fb0d8b2056b0b3e851cb86 SHA1: 75f2a443a48dd1f23dfbb0bc2ee09a1a9cb7618f SHA256:78acdba52d5896eb19e0c7f0578fdbc238b43661e42fdf6c32e6c90cda40e181 Referenced In Project/Scope: Form Fill Functionality:compile profiles-2.24.8.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.ai/spring-ai-bedrock@0.8.1
File Path: /Users/tommym/.m2/repository/com/google/api/grpc/proto-google-cloud-vertexai-v1/0.6.0/proto-google-cloud-vertexai-v1-0.6.0.jar MD5: b2676f1f0a290435569497f3b5802bb9 SHA1: bc861487b0919f744d4cc5bc6978a82b0d40655e SHA256:c890de2720cd1081c3ef6662a2e69a3fd3d2ef2986bc1168e46d30d8ac96bd4b Referenced In Project/Scope: Form Fill Functionality:compile proto-google-cloud-vertexai-v1-0.6.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.ai/spring-ai-vertex-ai-gemini@0.8.1
File Path: /Users/tommym/.m2/repository/com/google/api/grpc/proto-google-common-protos/2.36.0/proto-google-common-protos-2.36.0.jar MD5: f30005805024cb40094b8204f73e5d5f SHA1: 6e02be8358eb39f0ad4cd2a5529cbf93ef6fec4f SHA256:c7429259ee273ed84cd0dfc966e9cc370c5f6601364bb998f9e89d66ca5f8df6 Referenced In Project/Scope: Form Fill Functionality:compile proto-google-common-protos-2.36.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.ai/spring-ai-vertex-ai-gemini@0.8.1
File Path: /Users/tommym/.m2/repository/com/google/api/grpc/proto-google-iam-v1/1.31.0/proto-google-iam-v1-1.31.0.jar MD5: 62f1b30f2012ba9a995ba2a26702a5ec SHA1: f2b41cf16b9e24ab205819f08140de674672bc93 SHA256:4fd9304a416c5c213c8c0765b0c6dbde9921d1f2358c275b5923e1f3e90527ff Referenced In Project/Scope: Form Fill Functionality:compile proto-google-iam-v1-1.31.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.ai/spring-ai-vertex-ai-gemini@0.8.1
File Path: /Users/tommym/.m2/repository/com/google/protobuf/protobuf-java/3.25.2/protobuf-java-3.25.2.jar MD5: 25ac420efb83bf38b8c78b0b37097c2e SHA1: 70d676d0082fa7a6b00c6073ce9b572c0d335e97 SHA256:cabe49981b86f5913b7fd130b4628e6ee11586e28ca069815d9744f929271902 Referenced In Project/Scope: Form Fill Functionality:compile protobuf-java-3.25.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.ai/spring-ai-vertex-ai-gemini@0.8.1
Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing nested groups as unknown fields with DiscardUnknownFieldsParser or Java Protobuf Lite parser, or against Protobuf map fields, creates unbounded recursions that can be abused by an attacker.
Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2024-7254 for details
File Path: /Users/tommym/.m2/repository/com/google/protobuf/protobuf-java-util/3.25.2/protobuf-java-util-3.25.2.jar MD5: fce4a3a102424f3098aa9ec574273e08 SHA1: 315a3eaa6d476ef8bf916c4949b3a2b02f09f1e2 SHA256:31201154684b0981c2481e147dcd176d37c4d34e09c13e2939e58bc1a64655ce Referenced In Project/Scope: Form Fill Functionality:compile protobuf-java-util-3.25.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.ai/spring-ai-vertex-ai-gemini@0.8.1
The AWS SDK for Java - module holds the core protocol classes
File Path: /Users/tommym/.m2/repository/software/amazon/awssdk/protocol-core/2.24.8/protocol-core-2.24.8.jar MD5: 1e2dcd1d8f1198cc4b90d24d4e6900b7 SHA1: 935256d13cca38ca597fe7b15dbdfbe3d49968ba SHA256:e29bd09bb438ea2c77fb81fd4a04d150635ef0bbcb5cde5721b600768325fb14 Referenced In Project/Scope: Form Fill Functionality:compile protocol-core-2.24.8.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.ai/spring-ai-bedrock@0.8.1
File Path: /Users/tommym/.m2/repository/com/querydsl/querydsl-core/5.1.0/querydsl-core-5.1.0.jar MD5: 2c9349a570cc9b090e44a22bff6be406 SHA1: be322c3fe98de8e7c204afb8860bfabd81a3bafd SHA256:57a3033ddbb4d928552b33443be7195bc3caba6fa85cd9a492bc874a5ef98c8e Referenced In Project/Scope: Form Fill Functionality:compile querydsl-core-5.1.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-api@4.0.0-RC2
File Path: /Users/tommym/.m2/repository/com/querydsl/querydsl-jpa/5.1.0/querydsl-jpa-5.1.0-jakarta.jar MD5: 54dae173af07a330f1a80cc48b0e02f3 SHA1: f44ee79a324cf92d6821eca736b2028e69542050 SHA256:01b064b511e093ceff2a8698829354b4fb1dc08f576e405dd6dfa8ab35736ca2 Referenced In Project/Scope: Form Fill Functionality:compile querydsl-jpa-5.1.0-jakarta.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-api@4.0.0-RC2
File Path: /Users/tommym/.m2/repository/com/google/re2j/re2j/1.7/re2j-1.7.jar MD5: deb6ffa7ed6d2cc06e6ac1182755c735 SHA1: 2949632c1b4acce0d7784f28e3152e9cf3c2ec7a SHA256:4f657af51ab8bb0909bcc3eb40862d26125af8cbcf92aaaba595fed77f947bc0 Referenced In Project/Scope: Form Fill Functionality:runtime re2j-1.7.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.ai/spring-ai-vertex-ai-gemini@0.8.1
A Protocol for Asynchronous Non-Blocking Data Sequence
License:
MIT-0: https://spdx.org/licenses/MIT-0.html
File Path: /Users/tommym/.m2/repository/org/reactivestreams/reactive-streams/1.0.4/reactive-streams-1.0.4.jar MD5: eda7978509c32d99166745cc144c99cd SHA1: 3864a1320d97d7b045f729a326e1e077661f31b7 SHA256:f75ca597789b3dac58f61857b9ac2e1034a68fa672db35055a8fb4509e325f28 Referenced In Project/Scope: Form Fill Functionality:compile reactive-streams-1.0.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-formfill@4.0.0-RC2
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/tommym/.m2/repository/io/projectreactor/reactor-core/3.6.10/reactor-core-3.6.10.jar MD5: 794041510343075a1e8a4d907e5e70e5 SHA1: 6860a576ae0bd1957c5d4c87e861025248818c01 SHA256:b1b447164454508b0382def6921492247484c5dfc044094c1eb9735e97a1ba33 Referenced In Project/Scope: Form Fill Functionality:compile reactor-core-3.6.10.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.ai/spring-ai-core@0.8.1
File Path: /Users/tommym/.m2/repository/software/amazon/awssdk/regions/2.24.8/regions-2.24.8.jar MD5: 1aefc883379cfa7f8679e65c9930ecf3 SHA1: 36fd503f7c001eccec5b3f01fbedbf1c2ac471b6 SHA256:927e43ebbacdb89a351ad37db99aacb53750c916ee852c152efa37f902d0c6c3 Referenced In Project/Scope: Form Fill Functionality:compile regions-2.24.8.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.ai/spring-ai-bedrock@0.8.1
File Path: /Users/tommym/.m2/repository/io/rest-assured/rest-assured-common/5.4.0/rest-assured-common-5.4.0.jar MD5: f11120a1bc448709e0cd82a15ce7123d SHA1: bdb5a25ba37cade60641ce76f9dccbaa08e22ba3 SHA256:10d6d31bd6c7bc4a1eb19a4fbd7903689c0d7d07cfaaa740069f2549a1b5163d Referenced In Project/Scope: Form Fill Functionality:compile rest-assured-common-5.4.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.ai/spring-ai-openai@0.8.1
The AWS SDK for Java - SDK Core runtime module holds the classes that are used by the individual service
clients to interact with
Amazon Web Services. Users need to depend on aws-java-sdk artifact for accessing individual client classes.
File Path: /Users/tommym/.m2/repository/software/amazon/awssdk/sdk-core/2.24.8/sdk-core-2.24.8.jar MD5: 19486c04b70ae6a6d4f884613cd620ae SHA1: 16bddae532ace198894d0db16a0d93db3b97e224 SHA256:ad66b78b51758156a982fc87a855acb6f7af05257f3370519f8072eaaa728c71 Referenced In Project/Scope: Form Fill Functionality:compile sdk-core-2.24.8.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.ai/spring-ai-bedrock@0.8.1
File Path: /Users/tommym/.m2/repository/org/slf4j/slf4j-api/2.0.16/slf4j-api-2.0.16.jar MD5: c8de8f5d740584cb24b5652cfba8b3c4 SHA1: 0172931663a09a1fa515567af5fbef00897d3c04 SHA256:a12578dde1ba00bd9b816d388a0b879928d00bab3c83c240f7013bf4196c579a Referenced In Project/Scope: Form Fill Functionality:compile slf4j-api-2.0.16.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-formfill@4.0.0-RC2
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/tommym/.m2/repository/org/yaml/snakeyaml/2.2/snakeyaml-2.2.jar MD5: d78aacf5f2de5b52f1a327470efd1ad7 SHA1: 3af797a25458550a16bf89acc8e4ab2b7f2bfce0 SHA256:1467931448a0817696ae2805b7b8b20bfb082652bf9c4efaed528930dc49389b Referenced In Project/Scope: Form Fill Functionality:compile snakeyaml-2.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-web@3.3.4
File Path: /Users/tommym/.m2/repository/org/springframework/ai/spring-ai-bedrock/0.8.1/spring-ai-bedrock-0.8.1.jar MD5: 15a6970117d2cfd92bc316abd0f0bb89 SHA1: f6f9f4619f5ba7e84795deafb485b1fd9d75ef57 SHA256:a7862848c955e9ec5a4f256d6d44969f98f5b7ed250fc4f2b4e9db3bde279a36 Referenced In Project/Scope: Form Fill Functionality:compile spring-ai-bedrock-0.8.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-formfill@4.0.0-RC2
File Path: /Users/tommym/.m2/repository/org/springframework/ai/spring-ai-core/0.8.1/spring-ai-core-0.8.1.jar MD5: da90aa729a1b5627bcb4f6fad5cdb533 SHA1: ed5d49ff6dedb0e9862e5cb996277dce0c365496 SHA256:b49508f869a08b43357b7e5e55235973edc1d80a2b8a766d8837406970b4a952 Referenced In Project/Scope: Form Fill Functionality:compile spring-ai-core-0.8.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-formfill@4.0.0-RC2
File Path: /Users/tommym/.m2/repository/org/springframework/ai/spring-ai-ollama/0.8.1/spring-ai-ollama-0.8.1.jar MD5: 9bc37b66120b6d73002674a3a33329b4 SHA1: 4cabf0cdbe42de8327eec8c7a5ac0305b31a22f0 SHA256:26f7ab7a318b516f7a8438da25b4e8cbe513d47c347f00ba2cbf1424a361d1cc Referenced In Project/Scope: Form Fill Functionality:compile spring-ai-ollama-0.8.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-formfill@4.0.0-RC2
File Path: /Users/tommym/.m2/repository/org/springframework/ai/spring-ai-openai/0.8.1/spring-ai-openai-0.8.1.jar MD5: 3466aaa95825cf1df4435d468ae30a72 SHA1: bbe13f89d38c810b6d1b074d2ded590d7ba7a47e SHA256:5b821f7fc2a0df860bd71526e8529e03711d252c0541186385cdbd69055b2edf Referenced In Project/Scope: Form Fill Functionality:compile spring-ai-openai-0.8.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-formfill@4.0.0-RC2
File Path: /Users/tommym/.m2/repository/org/springframework/ai/spring-ai-retry/0.8.1/spring-ai-retry-0.8.1.jar MD5: bbef4f853319d3ed88ce958ab79809db SHA1: 2e5ed254fc9ed18a9107f0823f4c21862af7dd6c SHA256:efea441de412c308db44268c9dd0de0f9eed2736c41299055fd5fbd0bb35c530 Referenced In Project/Scope: Form Fill Functionality:compile spring-ai-retry-0.8.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.ai/spring-ai-openai@0.8.1
File Path: /Users/tommym/.m2/repository/org/springframework/ai/spring-ai-vertex-ai-gemini/0.8.1/spring-ai-vertex-ai-gemini-0.8.1.jar MD5: 1104b64c0ff941eaa9f8316057c909b1 SHA1: a14378f242e386f71452925e9b90d13b58c97511 SHA256:01a6caf62c18903dd29ccc7cf8ff0f50999019259cf7067ab51382c20fbbb077 Referenced In Project/Scope: Form Fill Functionality:compile spring-ai-vertex-ai-gemini-0.8.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-formfill@4.0.0-RC2
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /Users/tommym/.m2/repository/org/springframework/boot/spring-boot/3.3.4/spring-boot-3.3.4.jar MD5: f0ef22445df4734fbd86ac1f976833c0 SHA1: f06c6950aa5766b63328e821641f5c7d71be819d SHA256:2d3b43ade67d8b8ff23e80fa7f9f3d469a28413a826042808bcb3b718f13e01a Referenced In Project/Scope: Form Fill Functionality:compile spring-boot-3.3.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-autoconfigure@3.3.4
Starter for building web, including RESTful, applications using Spring MVC. Uses Tomcat as the default embedded container
License:
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /Users/tommym/.m2/repository/org/springframework/boot/spring-boot-starter-web/3.3.4/spring-boot-starter-web-3.3.4.jar MD5: 32d75ba466964fff5823a724bf28a888 SHA1: b43a9fd107611337777b47dc7518e2aca59e58eb SHA256:066e91bfda3d47012fc21d66d59e09823fbc3f07fe5463324fb8cb19641bb373 Referenced In Project/Scope: Form Fill Functionality:compile spring-boot-starter-web-3.3.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-formfill@4.0.0-RC2
Evidence
Type
Source
Name
Value
Confidence
Vendor
file
name
spring-boot-starter-web
High
Vendor
hint analyzer
vendor
pivotal software
Highest
Vendor
hint analyzer
vendor
SpringSource
Highest
Vendor
hint analyzer
vendor
vmware
Highest
Vendor
Manifest
automatic-module-name
spring.boot.starter.web
Medium
Vendor
Manifest
build-jdk-spec
17
Low
Vendor
Manifest
spring-boot-jar-type
dependencies-starter
Low
Vendor
pom
artifactid
spring-boot-starter-web
Highest
Vendor
pom
artifactid
spring-boot-starter-web
Low
Vendor
pom
developer email
ask@spring.io
Low
Vendor
pom
developer name
Spring
Medium
Vendor
pom
developer org
VMware, Inc.
Medium
Vendor
pom
developer org URL
https://www.spring.io
Medium
Vendor
pom
groupid
org.springframework.boot
Highest
Vendor
pom
name
spring-boot-starter-web
High
Vendor
pom
organization name
VMware, Inc.
High
Vendor
pom
organization url
https://spring.io
Medium
Vendor
pom
url
https://spring.io/projects/spring-boot
Highest
Product
file
name
spring-boot-starter-web
High
Product
Manifest
automatic-module-name
spring.boot.starter.web
Medium
Product
Manifest
build-jdk-spec
17
Low
Product
Manifest
Implementation-Title
Starter for building web, including RESTful, applications using Spring MVC. Uses Tomcat as the default embedded container
Implementation of core API for Spring Cloud Function
File Path: /Users/tommym/.m2/repository/org/springframework/cloud/spring-cloud-function-context/4.1.0/spring-cloud-function-context-4.1.0.jar MD5: ae8175ab101c60046f5f75c6ac987670 SHA1: dd0151b549e90b302a31feb1eb1870411eb3dd9e SHA256:eff4eb0ea6fb54b19bf3e0d04a57f7eb54e9ebd81b804c4f66c3089a825a28ef Referenced In Project/Scope: Form Fill Functionality:compile spring-cloud-function-context-4.1.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.ai/spring-ai-core@0.8.1
In Spring Cloud Function framework, versions 4.1.x prior to 4.1.2, 4.0.x prior to 4.0.8 an application is vulnerable to a DOS attack when attempting to compose functions with non-existing functions.
Specifically, an application is vulnerable when all of the following are true:
User is using Spring Cloud Function Web module
Affected Spring Products and Versions Spring Cloud Function Framework 4.1.0 to 4.1.2 4.0.0 to 4.0.8
References https://spring.io/security/cve-2022-22979 https://checkmarx.com/blog/spring-function-cloud-dos-cve-2022-22979-and-unintended-function-invocation/ History 2020-01-16: Initial vulnerability report published.
File Path: /Users/tommym/.m2/repository/org/springframework/cloud/spring-cloud-function-core/4.1.0/spring-cloud-function-core-4.1.0.jar MD5: a88871c28248a56b435b866207e78ab0 SHA1: 09605c654ca45fb5d5e8d7518ab6abfa945e62ce SHA256:ccee814fb983d7042e8731dd02d31633f32fc874d959d29866a6a2cc0241af54 Referenced In Project/Scope: Form Fill Functionality:compile spring-cloud-function-core-4.1.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.ai/spring-ai-core@0.8.1
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /Users/tommym/.m2/repository/org/springframework/spring-core/6.1.13/spring-core-6.1.13.jar MD5: e1965e1d05b8ed52cee0593007d2e40f SHA1: ddbd765408d2665f47017c8f05a7682012f91da3 SHA256:5f0059701b1c0bcdab78bb72dc252fce9eab16147819587238cacbdbf7b794cf Referenced In Project/Scope: Form Fill Functionality:compile spring-core-6.1.13.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-test@3.3.4
The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected.
NVD-CWE-noinfo, CWE-178 Improper Handling of Case Sensitivity
Core Spring concepts underpinning every Spring Data module.
File Path: /Users/tommym/.m2/repository/org/springframework/data/spring-data-commons/3.3.4/spring-data-commons-3.3.4.jar MD5: cfc6e5fee5e1e6e8984739077de12819 SHA1: f0f6bca5b0cd7d318666e2d3f02726c615334678 SHA256:f44a2d79928fefe9879d76b3ae8141dbc5793cda7930543f295d9394f115a76d Referenced In Project/Scope: Form Fill Functionality:compile spring-data-commons-3.3.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-rest@4.0.0-RC2
File Path: /Users/tommym/.m2/repository/org/springframework/data/spring-data-jpa/3.3.4/spring-data-jpa-3.3.4.jar MD5: 4041bcb81e2078d07519fe237ab5aaf0 SHA1: f92296e4b6d18f5f79c5e6074da96bf0de2006d3 SHA256:99dade6857529c77afeb83703732c1a37e61c0e0d25ec3d064a0b88b6679b71b Referenced In Project/Scope: Form Fill Functionality:compile spring-data-jpa-3.3.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-rest@4.0.0-RC2
Spring Retry provides an abstraction around retrying failed operations, with an
emphasis on declarative control of the process and policy-based behaviour that is
easy to extend and customize. For instance, you can configure a plain POJO
operation to retry if it fails, based on the type of exception, and with a fixed
or exponential backoff.
File Path: /Users/tommym/.m2/repository/org/springframework/retry/spring-retry/2.0.9/spring-retry-2.0.9.jar MD5: a9c52cba97e87a9e8693b90ba551d199 SHA1: fc605474a6002a501a6d0ea67c04df1db14d22af SHA256:edb01b84d679037e5dfb3c65f41f4820aec270254aae0a084fd1a9308155fca3 Referenced In Project/Scope: Form Fill Functionality:compile spring-retry-2.0.9.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.ai/spring-ai-openai@0.8.1
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /Users/tommym/.m2/repository/org/springframework/spring-web/6.1.13/spring-web-6.1.13.jar MD5: 04c3636cb8b2f312a1343a601a5b2043 SHA1: e4028dbbc4ae1fb4bfd3257c53302956d7687b66 SHA256:8ebf053db3d81756d92797060b5c4edc80a9b39262266ce16cd084448fa13c90 Referenced In Project/Scope: Form Fill Functionality:compile spring-web-6.1.13.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-web@3.3.4
The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected.
NVD-CWE-noinfo, CWE-178 Improper Handling of Case Sensitivity
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /Users/tommym/.m2/repository/org/springframework/spring-webflux/6.1.13/spring-webflux-6.1.13.jar MD5: 4781e873b71f37d956ec9be8e9868741 SHA1: 2f490a97e87da44fba826ade3dc003aa132caca7 SHA256:7a109fd17a89e4197af1b22d32af6f349ab0fb75c8abd17eaeab977c5a378533 Referenced In Project/Scope: Form Fill Functionality:compile spring-webflux-6.1.13.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.ai/spring-ai-bedrock@0.8.1
The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected.
NVD-CWE-noinfo, CWE-178 Improper Handling of Case Sensitivity
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /Users/tommym/.m2/repository/org/springframework/spring-webmvc/6.1.13/spring-webmvc-6.1.13.jar MD5: 73575541f7d9bcab037c0c62207242ac SHA1: ca5f025b133c69026bfe01daa6132d0ac2e4a59f SHA256:ca2d637672d9b9eedeb743304a37182b4b6b89b2c224e8482b4827098119c05e Referenced In Project/Scope: Form Fill Functionality:compile spring-webmvc-6.1.13.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-web@3.3.4
The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected.
NVD-CWE-noinfo, CWE-178 Improper Handling of Case Sensitivity
File Path: /Users/tommym/.m2/repository/org/springdoc/springdoc-openapi-starter-common/2.6.0/springdoc-openapi-starter-common-2.6.0.jar MD5: 9d43f8e4081212a673114492cab8e304 SHA1: c8cf5fbd1f9e4c410d67f1de27dfc3529de13620 SHA256:5e072d2fe2d64d06ae87918340c808a3b9d67537b1645a91e6151438c714fb74 Referenced In Project/Scope: Form Fill Functionality:compile springdoc-openapi-starter-common-2.6.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-rest@4.0.0-RC2
File Path: /Users/tommym/.m2/repository/org/springdoc/springdoc-openapi-starter-webmvc-api/2.6.0/springdoc-openapi-starter-webmvc-api-2.6.0.jar MD5: 7f46407fedd5784e353b76ab67421340 SHA1: d235c2989247641e5dfe764d7add3a11e4d54a5f SHA256:78a416e14baab214f600cfd04af4ecf92fb959df9bc92148b1a9b9c0dfa1ddc9 Referenced In Project/Scope: Form Fill Functionality:compile springdoc-openapi-starter-webmvc-api-2.6.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-rest@4.0.0-RC2
File Path: /Users/tommym/.m2/repository/org/springdoc/springdoc-openapi-starter-webmvc-ui/2.6.0/springdoc-openapi-starter-webmvc-ui-2.6.0.jar MD5: 3e3adc56929b8918f086242c714f0193 SHA1: 2dddebb56441dbaa1009c4de434a83c65596f6ad SHA256:160558319ef577c74515a253d07e3114ce714b8462878b84065530794acafc1e Referenced In Project/Scope: Form Fill Functionality:compile springdoc-openapi-starter-webmvc-ui-2.6.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-rest@4.0.0-RC2
StringTemplate is a java template engine for generating source code,
web pages, emails, or any other formatted text output.
StringTemplate is particularly good at multi-targeted code generators,
multiple site skins, and internationalization/localization.
It evolved over years of effort developing jGuru.com.
StringTemplate also generates the stringtemplate website: http://www.stringtemplate.org
and powers the ANTLR v3 code generator. Its distinguishing characteristic
is that unlike other engines, it strictly enforces model-view separation.
Strict separation makes websites and code generators more flexible
and maintainable; it also provides an excellent defense against malicious
template authors.
There are currently about 600 StringTemplate source downloads a month.
License:
BSD licence: http://antlr.org/license.html
File Path: /Users/tommym/.m2/repository/org/antlr/stringtemplate/4.0.2/stringtemplate-4.0.2.jar MD5: b270a7b34c953cbae921a4080d5cdc0f SHA1: e28e09e2d44d60506a7bcb004d6c23ff35c6ac08 SHA256:8056d5586e1b18d3def6347b5d020a85722d850bb9f4d7a9aafe4f842c651ef9 Referenced In Project/Scope: Form Fill Functionality:compile stringtemplate-4.0.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.ai/spring-ai-core@0.8.1
File Path: /Users/tommym/.m2/repository/io/swagger/core/v3/swagger-annotations/2.2.20/swagger-annotations-2.2.20.jar MD5: fd3f68ee109550dd9d5c1cf6dce14b1e SHA1: 532ae607f9014c3bd4beb9893a0b392553c64cef SHA256:7a6a38358b8239985b5dedc1ffbe3c842e2413b6c14688a1f2668cadbde36190 Referenced In Project/Scope: Form Fill Functionality:compile swagger-annotations-2.2.20.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.ai/spring-ai-core@0.8.1
File Path: /Users/tommym/.m2/repository/io/swagger/core/v3/swagger-core-jakarta/2.2.22/swagger-core-jakarta-2.2.22.jar MD5: da25e751594c524d52262d665c85bb41 SHA1: 9ed5daaaa1c94c9a6b56c058c9d1b3190044a2e2 SHA256:92d51dfa23ec0990cd1f745b0fb0dc15e31ffd294167a19ea8913d3b187e6dc6 Referenced In Project/Scope: Form Fill Functionality:compile swagger-core-jakarta-2.2.22.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-rest@4.0.0-RC2
File Path: /Users/tommym/.m2/repository/org/webjars/swagger-ui/5.17.14/swagger-ui-5.17.14.jar MD5: 0000f3977f67d7c1b7ac77a36bfabcca SHA1: 7c746d197424eb721b4e08fcaa9e85231662d81f SHA256:3d16fe99be7ef7fc6fd6b9a0b6d12e3a5444735d8a2c0c6246fbc804da5103bb Referenced In Project/Scope: Form Fill Functionality:compile swagger-ui-5.17.14.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-rest@4.0.0-RC2
File Path: /Users/tommym/.m2/repository/org/webjars/swagger-ui/5.17.14/swagger-ui-5.17.14.jar/META-INF/resources/webjars/swagger-ui/5.17.14/swagger-initializer.js MD5: ff995915f51c051c59fed883f5d7be28 SHA1: c434dd8fbfa625a10351681d3037ee79d5682207 SHA256:a895034f24f12d7cd81ec47c98da4f15721d9d9a8d2405f22f21704821f81d02 Referenced In Project/Scope: Form Fill Functionality:compile
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
swagger-ui-5.17.14.jar: swagger-ui-bundle.js
File Path: /Users/tommym/.m2/repository/org/webjars/swagger-ui/5.17.14/swagger-ui-5.17.14.jar/META-INF/resources/webjars/swagger-ui/5.17.14/swagger-ui-bundle.js MD5: bccc97f77bdb8edc590ae3abdf83b9a7 SHA1: 36af3f79010ac51754bbfa35e86f73b28521e559 SHA256:c2e4a9ef08144839ff47c14202063ecfe4e59e70a4e7154a26bd50d880c88ba1 Referenced In Project/Scope: Form Fill Functionality:compile
File Path: /Users/tommym/.m2/repository/org/webjars/swagger-ui/5.17.14/swagger-ui-5.17.14.jar/META-INF/resources/webjars/swagger-ui/5.17.14/swagger-ui-es-bundle-core.js MD5: 6d1d2b740c3afdcc8e06a3296077dae3 SHA1: b7592ebdff721dd9e4395b602fe5302aa8900355 SHA256:a27834fd6ba3947c10118dac3f87ab91dc000926d725036f7db6758b6c4fb61c Referenced In Project/Scope: Form Fill Functionality:compile
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
swagger-ui-5.17.14.jar: swagger-ui-es-bundle.js
File Path: /Users/tommym/.m2/repository/org/webjars/swagger-ui/5.17.14/swagger-ui-5.17.14.jar/META-INF/resources/webjars/swagger-ui/5.17.14/swagger-ui-es-bundle.js MD5: 8eb90030c9696e65fba69e5cca855278 SHA1: 47717c193b2c8be0538f7f63c4ddccc9da6e75ad SHA256:eb5860a4aff8e9cdb7753056739ee1724cc89baaaab326e75d3936062e06b551 Referenced In Project/Scope: Form Fill Functionality:compile
File Path: /Users/tommym/.m2/repository/org/webjars/swagger-ui/5.17.14/swagger-ui-5.17.14.jar/META-INF/resources/webjars/swagger-ui/5.17.14/swagger-ui-standalone-preset.js MD5: 861c3618a16aefc88e19a052836718e5 SHA1: c3073b573e55925510e2e6e6a1e2a564a2bc8558 SHA256:33b7a6f5afcac4902fdf93281be2d2e12db15f241d384606e6e6d17745b7f86f Referenced In Project/Scope: Form Fill Functionality:compile
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
swagger-ui-5.17.14.jar: swagger-ui.js
File Path: /Users/tommym/.m2/repository/org/webjars/swagger-ui/5.17.14/swagger-ui-5.17.14.jar/META-INF/resources/webjars/swagger-ui/5.17.14/swagger-ui.js MD5: f5967d03b75271cf7d23ab17931ae2f4 SHA1: 8b0335d5bade188456d36cefad9b22976b907d90 SHA256:cbd1a3687472d025b41a49836fc0e59679d7fd8eab38168d51b439e730b778a1 Referenced In Project/Scope: Form Fill Functionality:compile
Evidence
Type
Source
Name
Value
Confidence
Identifiers
None
third-party-jackson-core-2.24.8.jar
File Path: /Users/tommym/.m2/repository/software/amazon/awssdk/third-party-jackson-core/2.24.8/third-party-jackson-core-2.24.8.jar MD5: 3e8b648f2c3467221f2efbb9bf8570a1 SHA1: c1a07ad7ec6d46b4176cd5b9417cdaeae52bc3fa SHA256:24964bb218e9ee803657446544ef33871d155e4656bfb205d39bc9d0c7bbe7b4 Referenced In Project/Scope: Form Fill Functionality:compile third-party-jackson-core-2.24.8.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.ai/spring-ai-bedrock@0.8.1
File Path: /Users/tommym/.m2/repository/org/threeten/threetenbp/1.6.8/threetenbp-1.6.8.jar MD5: 4ade1f9a3c1d8e5b00021536fa34a48c SHA1: 4c65b7b43f3fe31350f74cb7d0b2461e111e8dd0 SHA256:e4b1eb3d90c38a54c7f3384fda957e0b5bf0b41b40672a44ae8b03cb6c87ce06 Referenced In Project/Scope: Form Fill Functionality:compile threetenbp-1.6.8.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.ai/spring-ai-vertex-ai-gemini@0.8.1
ThreeTen Backport v1.6.8 was discovered to contain an integer overflow via the component org.threeten.bp.format.DateTimeFormatter::parse(CharSequence, ParsePosition). NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification.
ThreeTen Backport v1.6.8 was discovered to contain a NullPointerException via the component org.threeten.bp.LocalDate::compareTo(ChronoLocalDate). NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification.
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/tommym/.m2/repository/org/apache/tomcat/embed/tomcat-embed-core/10.1.30/tomcat-embed-core-10.1.30.jar MD5: 16d8c001e54ed67aa8be83395f582265 SHA1: 0852ff3547f179175feaff39c443e9b980ec2cc2 SHA256:2eba5a20566f7ecb307508a6faef631652e59a865c0dba3c97c3bee1f4774bef Referenced In Project/Scope: Form Fill Functionality:compile tomcat-embed-core-10.1.30.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-web@3.3.4
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/tommym/.m2/repository/org/apache/tomcat/embed/tomcat-embed-el/10.1.30/tomcat-embed-el-10.1.30.jar MD5: da24b9956c9ed9e5b10b6bedc2de2261 SHA1: 432b176aa50de87c3bbda99b0fe85523abfd1382 SHA256:ee94bb23409ac67cc6c79c0f7c3e61be0262adcf6e4d778bfe292944109f6697 Referenced In Project/Scope: Form Fill Functionality:compile tomcat-embed-el-10.1.30.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-validation@3.3.4
TXW is a library that allows you to write XML documents.
File Path: /Users/tommym/.m2/repository/org/glassfish/jaxb/txw2/4.0.5/txw2-4.0.5.jar MD5: 2f5aa7dbd5e326562cff6ce720a1485a SHA1: f36a4ef12120a9bb06d766d6a0e54b144fd7ed98 SHA256:917355bc451481f30d043b24d123110517966af34383901773882810dca480e5 Referenced In Project/Scope: Form Fill Functionality:runtime txw2-4.0.5.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-rest@4.0.0-RC2
In Eclipse Glassfish versions before 7.0.17, The Host HTTP parameter could cause the web application to redirect to the specified URL, when the requested endpoint is '/management/domain'. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.
CWE-601 URL Redirection to Untrusted Site ('Open Redirect'), CWE-233 Improper Handling of Parameters
Apache License, Version 2.0: http://apache.org/licenses/LICENSE-2.0
File Path: /Users/tommym/.m2/repository/net/jodah/typetools/0.6.2/typetools-0.6.2.jar MD5: d53cf8c0bba8c67b45e7b181b227b820 SHA1: d1e38fe8e668f228b0761d80a6c80c151ab6044a SHA256:6458253a16d4dcef4749860e61ba2959014e39d5af9d3286bc9b8318d2ba4047 Referenced In Project/Scope: Form Fill Functionality:compile typetools-0.6.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.ai/spring-ai-core@0.8.1
Evidence
Type
Source
Name
Value
Confidence
Vendor
file
name
typetools
High
Vendor
jar
package name
jodah
Highest
Vendor
jar
package name
net
Highest
Vendor
jar
package name
typetools
Highest
Vendor
Manifest
automatic-module-name
net.jodah.typetools
Medium
Vendor
Manifest
bundle-symbolicname
net.jodah.typetools
Medium
Vendor
pom
artifactid
typetools
Highest
Vendor
pom
artifactid
typetools
Low
Vendor
pom
developer name
Jonathan Halterman
Medium
Vendor
pom
groupid
net.jodah
Highest
Vendor
pom
name
TypeTools
High
Vendor
pom
url
http://github.com/jhalterman/typetools/
Highest
Product
file
name
typetools
High
Product
jar
package name
jodah
Highest
Product
jar
package name
net
Highest
Product
jar
package name
typetools
Highest
Product
Manifest
automatic-module-name
net.jodah.typetools
Medium
Product
Manifest
Bundle-Name
Type Tools
Medium
Product
Manifest
bundle-symbolicname
net.jodah.typetools
Medium
Product
Manifest
Implementation-Title
Sonatype helps open source projects to set up Maven repositories on https://oss.sonatype.org/
File Path: /Users/tommym/.m2/repository/software/amazon/awssdk/utils/2.24.8/utils-2.24.8.jar MD5: 865118d64685abdefb7632a707321fc6 SHA1: 079dd7a31aa91cb61b516bb8393c5d704a9884cf SHA256:624150341f9912ffcc010bb6eddeec71b055ce918816374f21949b4129edc3d4 Referenced In Project/Scope: Form Fill Functionality:compile utils-2.24.8.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.ai/spring-ai-bedrock@0.8.1