Press CTR-C to copy XML [help]


Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

How to read the report | Suppressing false positives | Getting Help: github issues

 Sponsor

Project: Functional extension - Domain

org.dynamoframework:dynamo-functional-domain:4.0.0-RC2

Scan Information (show all):

Summary

Display: Showing Vulnerable Dependencies (click to show all)

DependencyVulnerability IDsPackageHighest SeverityCVE CountConfidenceEvidence Count
HikariCP-5.1.0.jarpkg:maven/com.zaxxer/HikariCP@5.1.0 035
angus-activation-2.0.2.jarpkg:maven/org.eclipse.angus/angus-activation@2.0.2 035
antlr4-runtime-4.13.0.jarpkg:maven/org.antlr/antlr4-runtime@4.13.0 030
aspectjweaver-1.9.22.1.jarpkg:maven/org.aspectj/aspectjweaver@1.9.22.1 049
byte-buddy-1.14.19.jarpkg:maven/net.bytebuddy/byte-buddy@1.14.19 029
classgraph-4.8.146.jarpkg:maven/io.github.classgraph/classgraph@4.8.146 042
classmate-1.7.0.jarpkg:maven/com.fasterxml/classmate@1.7.0 052
codegen-utils-5.1.0.jarcpe:2.3:a:utils_project:utils:5.1.0:*:*:*:*:*:*:*pkg:maven/com.querydsl/codegen-utils@5.1.0 0Highest37
commons-lang3-3.14.0.jarpkg:maven/org.apache.commons/commons-lang3@3.14.0 0145
dynamo-api-4.0.0-RC2.jarpkg:maven/org.dynamoframework/dynamo-api@4.0.0-RC2 016
dynamo-impl-4.0.0-RC2.jarpkg:maven/org.dynamoframework/dynamo-impl@4.0.0-RC2 018
ecj-3.26.0.jarpkg:maven/org.eclipse.jdt/ecj@3.26.0 030
hibernate-commons-annotations-6.0.6.Final.jarpkg:maven/org.hibernate.common/hibernate-commons-annotations@6.0.6.Final 038
hibernate-core-6.5.3.Final.jarcpe:2.3:a:hibernate:hibernate_orm:6.5.3:*:*:*:*:*:*:*pkg:maven/org.hibernate.orm/hibernate-core@6.5.3.Final 0Highest43
hibernate-validator-8.0.1.Final.jarcpe:2.3:a:redhat:hibernate_validator:8.0.1:*:*:*:*:*:*:*pkg:maven/org.hibernate.validator/hibernate-validator@8.0.1.Final 0Highest34
istack-commons-runtime-4.1.2.jarpkg:maven/com.sun.istack/istack-commons-runtime@4.1.2 029
jakarta.activation-api-2.1.3.jarpkg:maven/jakarta.activation/jakarta.activation-api@2.1.3 045
jakarta.annotation-api-2.1.1.jarcpe:2.3:a:oracle:projects:2.1.1:*:*:*:*:*:*:*pkg:maven/jakarta.annotation/jakarta.annotation-api@2.1.1 0Low42
jakarta.inject-api-2.0.1.jarpkg:maven/jakarta.inject/jakarta.inject-api@2.0.1 056
jakarta.persistence-api-3.1.0.jarpkg:maven/jakarta.persistence/jakarta.persistence-api@3.1.0 040
jakarta.transaction-api-2.0.1.jarcpe:2.3:a:oracle:projects:2.0.1:*:*:*:*:*:*:*pkg:maven/jakarta.transaction/jakarta.transaction-api@2.0.1 0Low50
jakarta.validation-api-3.0.2.jarpkg:maven/jakarta.validation/jakarta.validation-api@3.0.2 056
jakarta.xml.bind-api-4.0.2.jarpkg:maven/jakarta.xml.bind/jakarta.xml.bind-api@4.0.2 031
jandex-3.1.2.jarpkg:maven/io.smallrye/jandex@3.1.2 027
javax.inject-1.jarpkg:maven/javax.inject/javax.inject@1 020
jaxb-core-4.0.5.jarcpe:2.3:a:eclipse:glassfish:4.0.5:*:*:*:*:*:*:*pkg:maven/org.glassfish.jaxb/jaxb-core@4.0.5MEDIUM1Highest40
jboss-logging-3.5.3.Final.jarpkg:maven/org.jboss.logging/jboss-logging@3.5.3.Final 041
jul-to-slf4j-2.0.16.jarpkg:maven/org.slf4j/jul-to-slf4j@2.0.16 031
log4j-api-2.23.1.jarcpe:2.3:a:apache:log4j:2.23.1:*:*:*:*:*:*:*pkg:maven/org.apache.logging.log4j/log4j-api@2.23.1 0Highest39
log4j-to-slf4j-2.23.1.jarpkg:maven/org.apache.logging.log4j/log4j-to-slf4j@2.23.1 037
logback-core-1.5.8.jarcpe:2.3:a:qos:logback:1.5.8:*:*:*:*:*:*:*pkg:maven/ch.qos.logback/logback-core@1.5.8 0Highest39
lombok-1.18.34.jarpkg:maven/org.projectlombok/lombok@1.18.34 036
lombok-1.18.34.jar: mavenEcjBootstrapAgent.jar 07
micrometer-commons-1.13.4.jarpkg:maven/io.micrometer/micrometer-commons@1.13.4 065
micrometer-observation-1.13.4.jarpkg:maven/io.micrometer/micrometer-observation@1.13.4 065
mysema-commons-lang-0.2.4.jarpkg:maven/com.mysema.commons/mysema-commons-lang@0.2.4 026
querydsl-apt-5.1.0-jakarta.jarpkg:maven/com.querydsl/querydsl-apt@5.1.0 020
querydsl-core-5.1.0.jarcpe:2.3:a:homepage_project:homepage:5.1.0:*:*:*:*:*:*:*pkg:maven/com.querydsl/querydsl-core@5.1.0 0Low23
querydsl-jpa-5.1.0-jakarta.jarpkg:maven/com.querydsl/querydsl-jpa@5.1.0 023
slf4j-api-2.0.16.jarpkg:maven/org.slf4j/slf4j-api@2.0.16 029
snakeyaml-2.2.jarcpe:2.3:a:snakeyaml_project:snakeyaml:2.2:*:*:*:*:*:*:*pkg:maven/org.yaml/snakeyaml@2.2 0Highest42
spring-boot-3.3.4.jarcpe:2.3:a:vmware:spring_boot:3.3.4:*:*:*:*:*:*:*pkg:maven/org.springframework.boot/spring-boot@3.3.4 0Highest38
spring-core-6.1.13.jarcpe:2.3:a:pivotal_software:spring_framework:6.1.13:*:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:6.1.13:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:6.1.13:*:*:*:*:*:*:*		pkg:maven/org.springframework/spring-core@6.1.13MEDIUM1Highest41
spring-data-commons-3.3.4.jarcpe:2.3:a:pivotal_software:spring_data_commons:3.3.4:*:*:*:*:*:*:*pkg:maven/org.springframework.data/spring-data-commons@3.3.4 0Highest32
spring-data-jpa-3.3.4.jarcpe:2.3:a:pivotal_software:spring_data_jpa:3.3.4:*:*:*:*:*:*:*pkg:maven/org.springframework.data/spring-data-jpa@3.3.4 0Highest30
tomcat-embed-el-10.1.30.jarpkg:maven/org.apache.tomcat.embed/tomcat-embed-el@10.1.30 033
txw2-4.0.5.jarcpe:2.3:a:eclipse:glassfish:4.0.5:*:*:*:*:*:*:*pkg:maven/org.glassfish.jaxb/txw2@4.0.5MEDIUM1Highest34

Dependencies (vulnerable)

HikariCP-5.1.0.jar

Description:

Ultimate JDBC Connection Pool

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/tommym/.m2/repository/com/zaxxer/HikariCP/5.1.0/HikariCP-5.1.0.jar
MD5: 37404f82207a28141bd9b0fe6b1d0a16
SHA1: 8c96e36c14461fc436bb02b264b96ef3ca5dca8c
SHA256:a47a6ee62379694ee52c30036f0931b72f9aee2a801d590341ed82bd839e2134
Referenced In Project/Scope: Functional extension - Domain:compile
HikariCP-5.1.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@3.3.4

Identifiers

angus-activation-2.0.2.jar

Description:

 Implementation

License:

http://www.eclipse.org/org/documents/edl-v10.php
File Path: /Users/tommym/.m2/repository/org/eclipse/angus/angus-activation/2.0.2/angus-activation-2.0.2.jar
MD5: 42bba74155dc773eca277ee7a16f74be
SHA1: 41f1e0ddd157c856926ed149ab837d110955a9fc
SHA256:6dd3bcffc22bce83b07376a0e2e094e4964a3195d4118fb43e380ef35436cc1e
Referenced In Project/Scope: Functional extension - Domain:runtime
angus-activation-2.0.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@3.3.4

Identifiers

antlr4-runtime-4.13.0.jar

Description:

The ANTLR 4 Runtime

License:

https://www.antlr.org/license.html
File Path: /Users/tommym/.m2/repository/org/antlr/antlr4-runtime/4.13.0/antlr4-runtime-4.13.0.jar
MD5: bff95723c494b332b14575d713a65df4
SHA1: 5a02e48521624faaf5ff4d99afc88b01686af655
SHA256:bd7f7b5d07bc0b047f10915b32ca4bb1de9e57d8049098882e4453c88c076a5d
Referenced In Project/Scope: Functional extension - Domain:compile
antlr4-runtime-4.13.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@3.3.4

Identifiers

aspectjweaver-1.9.22.1.jar

Description:

The AspectJ weaver applies aspects to Java classes. It can be used as a Java agent in order to apply load-time
		weaving (LTW) during class-loading and also contains the AspectJ runtime classes.

License:

Eclipse Public License - v 2.0: https://www.eclipse.org/org/documents/epl-2.0/EPL-2.0.txt
File Path: /Users/tommym/.m2/repository/org/aspectj/aspectjweaver/1.9.22.1/aspectjweaver-1.9.22.1.jar
MD5: f2edbc088126174a11b68279bd26c6eb
SHA1: bca243d0af0db4758fbae45c5f4995cb5dabb612
SHA256:cd2dd01ec2424c05669df4d557f6c6cd7ed87b05257ee3c866b4c5b116b18a78
Referenced In Project/Scope: Functional extension - Domain:compile
aspectjweaver-1.9.22.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@3.3.4

Identifiers

byte-buddy-1.14.19.jar

Description:

        Byte Buddy is a Java library for creating Java classes at run time.
        This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/tommym/.m2/repository/net/bytebuddy/byte-buddy/1.14.19/byte-buddy-1.14.19.jar
MD5: 745f8db2db7678ff12cb654343cee830
SHA1: 4c0c637b8f47dc08f89240e6f59900011752c97b
SHA256:8415a44d841b2cdecdf5d73a05c29a8cf92dc2b60fca7ff7b3f21cd431b5a4ec
Referenced In Project/Scope: Functional extension - Domain:runtime
byte-buddy-1.14.19.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@3.3.4

Identifiers

classgraph-4.8.146.jar

Description:

The uber-fast, ultra-lightweight classpath and module scanner for JVM languages.

License:

The MIT License (MIT): http://opensource.org/licenses/MIT
File Path: /Users/tommym/.m2/repository/io/github/classgraph/classgraph/4.8.146/classgraph-4.8.146.jar
MD5: a4ed4fa2653c6540980aa06511ba3764
SHA1: 360448a09bfa5689d89cfa97fea53b3fdefa9c23
SHA256:184b8319c463656672e3480dead3bdb77d7b116d55f3a618f4f5564e8f6fa0a4
Referenced In Project/Scope: Functional extension - Domain:provided
classgraph-4.8.146.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.querydsl/querydsl-apt@5.1.0

Identifiers

classmate-1.7.0.jar

Description:

Library for introspecting types with full generic information
        including resolving of field and method types.

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/tommym/.m2/repository/com/fasterxml/classmate/1.7.0/classmate-1.7.0.jar
MD5: 3b8f14fe92feb865a8205aa63c5ed769
SHA1: 0e98374da1f2143ac8e6e0a95036994bb19137a3
SHA256:cb868f231c5cceb89d795ea00e6e1b7a93b8f4ac1ce1d8be76dde322dff4a046
Referenced In Project/Scope: Functional extension - Domain:compile
classmate-1.7.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@3.3.4

Identifiers

codegen-utils-5.1.0.jar

Description:

Code generation and compilation for Java

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/tommym/.m2/repository/com/querydsl/codegen-utils/5.1.0/codegen-utils-5.1.0.jar
MD5: 850fa8089ead3bb0a4254ad9aea16ced
SHA1: ba401554d613760617992eafb6cdba175c811e6f
SHA256:0633634e74fb716ea998d9d31c99c8dc6c24ea6e906046f2fc4707148ac58888
Referenced In Project/Scope: Functional extension - Domain:provided
codegen-utils-5.1.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.querydsl/querydsl-apt@5.1.0

Identifiers

commons-lang3-3.14.0.jar

Description:

  Apache Commons Lang, a package of Java utility classes for the
  classes that are in java.lang's hierarchy, or are considered to be so
  standard as to justify existence in java.lang.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/tommym/.m2/repository/org/apache/commons/commons-lang3/3.14.0/commons-lang3-3.14.0.jar
MD5: 4e5c3f5e6b0b965ef241d7d72ac8971f
SHA1: 1ed471194b02f2c6cb734a0cd6f6f107c673afae
SHA256:7b96bf3ee68949abb5bc465559ac270e0551596fa34523fddf890ec418dde13c
Referenced In Project/Scope: Functional extension - Domain:compile
commons-lang3-3.14.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-impl@4.0.0-RC2

Identifiers

dynamo-api-4.0.0-RC2.jar

Description:

Dynamo Framework API project.

File Path: /Users/tommym/Work/opencirclesolutions/dynamo/dynamo-api/target/dynamo-api-4.0.0-RC2.jar
MD5: c9f04fa11e97fea9bbef969ef5e567a7
SHA1: 0eeb7c8b42419068611cee3141dc37be05e00783
SHA256:bb2209146baf1c0a811a3819da0e65cdd9902bcfc6e02193999c8119c400754b
Referenced In Project/Scope: Functional extension - Domain:compile
dynamo-api-4.0.0-RC2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-functional-domain@4.0.0-RC2

Identifiers

dynamo-impl-4.0.0-RC2.jar

Description:

Dynamo Framework implementation project.

File Path: /Users/tommym/Work/opencirclesolutions/dynamo/dynamo-impl/target/dynamo-impl-4.0.0-RC2.jar
MD5: 143b8fc2dc4c5c766e4b4015840a2df5
SHA1: 9709cfb81182fd4cbbe3e5ee73fc9853421d1554
SHA256:f5075f96c46bb106d78dc5d566eb2184d5fee783fe7b4fda0cbf1956e483562a
Referenced In Project/Scope: Functional extension - Domain:compile
dynamo-impl-4.0.0-RC2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-functional-domain@4.0.0-RC2

Identifiers

ecj-3.26.0.jar

Description:

Eclipse Compiler for Java(TM)

License:

Eclipse Public License - v 2.0: https://www.eclipse.org/legal/epl-2.0/
File Path: /Users/tommym/.m2/repository/org/eclipse/jdt/ecj/3.26.0/ecj-3.26.0.jar
MD5: ee47966a67cd4019f1b8ccac74ba8dca
SHA1: 4837be609a3368a0f7e7cf0dc1bdbc7fe94993de
SHA256:ac0ba5876eaf7ebb47749a0d1be179c51f194b9dd0b875d1c09e1b530f5a2db5
Referenced In Project/Scope: Functional extension - Domain:provided
ecj-3.26.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.querydsl/querydsl-apt@5.1.0

Identifiers

hibernate-commons-annotations-6.0.6.Final.jar

Description:

Common reflection code used in support of annotation processing

License:

GNU Library General Public License v2.1 or later: http://www.opensource.org/licenses/LGPL-2.1
File Path: /Users/tommym/.m2/repository/org/hibernate/common/hibernate-commons-annotations/6.0.6.Final/hibernate-commons-annotations-6.0.6.Final.jar
MD5: c155df7d9f04d15f3f6bbe79f4907074
SHA1: 77a5f94b56d49508e0ee334751db5b78e5ccd50c
SHA256:cd974e0a8481fafdbaf9b4a0f08bb5a6c969b0365482763eedf77e6fd7f493b7
Referenced In Project/Scope: Functional extension - Domain:runtime
hibernate-commons-annotations-6.0.6.Final.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@3.3.4

Identifiers

hibernate-core-6.5.3.Final.jar

Description:

Hibernate's core ORM functionality

License:

GNU Library General Public License v2.1 or later: https://www.opensource.org/licenses/LGPL-2.1
File Path: /Users/tommym/.m2/repository/org/hibernate/orm/hibernate-core/6.5.3.Final/hibernate-core-6.5.3.Final.jar
MD5: 7cee9d560d7ca13dd0fc4e6d5f34f9b7
SHA1: 1e23c320a5d10f5eaecbd23095fca5c5c83c1fb5
SHA256:f79b5e5029a72e2f0ba7542591fba8305c9edbc0dbdc974541f2376ff1203422
Referenced In Project/Scope: Functional extension - Domain:compile
hibernate-core-6.5.3.Final.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@3.3.4

Identifiers

hibernate-validator-8.0.1.Final.jar

Description:

Hibernate's Jakarta Bean Validation reference implementation.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/tommym/.m2/repository/org/hibernate/validator/hibernate-validator/8.0.1.Final/hibernate-validator-8.0.1.Final.jar
MD5: 66985b6bf8da17611031e2421c235241
SHA1: e49e116b3d3928060599b176b3538bb848718e95
SHA256:8c1244a498231091fe723d9666a93444ee9f93607245c6b29829dc5fe57a335c
Referenced In Project/Scope: Functional extension - Domain:compile
hibernate-validator-8.0.1.Final.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-impl@4.0.0-RC2

Identifiers

istack-commons-runtime-4.1.2.jar

Description:

istack common utility code

License:

http://www.eclipse.org/org/documents/edl-v10.php
File Path: /Users/tommym/.m2/repository/com/sun/istack/istack-commons-runtime/4.1.2/istack-commons-runtime-4.1.2.jar
MD5: 535154ef647af2a52478c4debec93659
SHA1: 18ec117c85f3ba0ac65409136afa8e42bc74e739
SHA256:7fd6792361f4dd00f8c56af4a20cecc0066deea4a8f3dec38348af23fc2296ee
Referenced In Project/Scope: Functional extension - Domain:runtime
istack-commons-runtime-4.1.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@3.3.4

Identifiers

jakarta.activation-api-2.1.3.jar

Description:

  Specification

License:

EDL 1.0: http://www.eclipse.org/org/documents/edl-v10.php
File Path: /Users/tommym/.m2/repository/jakarta/activation/jakarta.activation-api/2.1.3/jakarta.activation-api-2.1.3.jar
MD5: 76e7b680375ea9f40f3ddbd702efcd25
SHA1: fa165bd70cda600368eee31555222776a46b881f
SHA256:01b176d718a169263e78290691fc479977186bcc6b333487325084d6586f4627
Referenced In Project/Scope: Functional extension - Domain:runtime
jakarta.activation-api-2.1.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-test@3.3.4

Identifiers

jakarta.annotation-api-2.1.1.jar

Description:

Jakarta Annotations API

License:

EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html
File Path: /Users/tommym/.m2/repository/jakarta/annotation/jakarta.annotation-api/2.1.1/jakarta.annotation-api-2.1.1.jar
MD5: 5dac2f68e8288d0add4dc92cb161711d
SHA1: 48b9bda22b091b1f48b13af03fe36db3be6e1ae3
SHA256:5f65fdaf424eee2b55e1d882ba9bb376be93fb09b37b808be6e22e8851c909fe
Referenced In Project/Scope: Functional extension - Domain:compile
jakarta.annotation-api-2.1.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@3.3.4

Identifiers

jakarta.inject-api-2.0.1.jar

Description:

Jakarta Dependency Injection

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/tommym/.m2/repository/jakarta/inject/jakarta.inject-api/2.0.1/jakarta.inject-api-2.0.1.jar
MD5: 72003bf6efcc8455d414bbd7da86c11c
SHA1: 4c28afe1991a941d7702fe1362c365f0a8641d1e
SHA256:f7dc98062fccf14126abb751b64fab12c312566e8cbdc8483598bffcea93af7c
Referenced In Project/Scope: Functional extension - Domain:runtime
jakarta.inject-api-2.0.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@3.3.4

Identifiers

jakarta.persistence-api-3.1.0.jar

Description:

Jakarta Persistence 3.1 API jar

License:

Eclipse Public License v. 2.0: http://www.eclipse.org/legal/epl-2.0
Eclipse Distribution License v. 1.0: http://www.eclipse.org/org/documents/edl-v10.php
File Path: /Users/tommym/.m2/repository/jakarta/persistence/jakarta.persistence-api/3.1.0/jakarta.persistence-api-3.1.0.jar
MD5: 35a1b7dfb38cf44ff795be607b0e6b5b
SHA1: 66901fa1c373c6aff65c13791cc11da72060a8d6
SHA256:475389446d35c6f46c565728b756dc508c284644ea2690644e0d8e7e339d42fd
Referenced In Project/Scope: Functional extension - Domain:compile
jakarta.persistence-api-3.1.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@3.3.4

Identifiers

jakarta.transaction-api-2.0.1.jar

Description:

Jakarta Transactions

License:

EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html
File Path: /Users/tommym/.m2/repository/jakarta/transaction/jakarta.transaction-api/2.0.1/jakarta.transaction-api-2.0.1.jar
MD5: 5315974a3935e342b40849478e1c9966
SHA1: 51a520e3fae406abb84e2e1148e6746ce3f80a1a
SHA256:50c0a7c760c13ae6c042acf182b28f0047413db95b4636fb8879bcffab5ba875
Referenced In Project/Scope: Functional extension - Domain:compile
jakarta.transaction-api-2.0.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@3.3.4

Identifiers

jakarta.validation-api-3.0.2.jar

Description:

        Jakarta Bean Validation API

License:

Apache License 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/tommym/.m2/repository/jakarta/validation/jakarta.validation-api/3.0.2/jakarta.validation-api-3.0.2.jar
MD5: 3a1ee6efca3e41e3320599790f54c5eb
SHA1: 92b6631659ba35ca09e44874d3eb936edfeee532
SHA256:291c25e6910cc6a7ebd96d4c6baebf6d7c37676c5482c2d96146e901b62c1fc9
Referenced In Project/Scope: Functional extension - Domain:compile
jakarta.validation-api-3.0.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-impl@4.0.0-RC2

Identifiers

jakarta.xml.bind-api-4.0.2.jar

Description:

Jakarta XML Binding API 4.0 Design Specification

License:

http://www.eclipse.org/org/documents/edl-v10.php
File Path: /Users/tommym/.m2/repository/jakarta/xml/bind/jakarta.xml.bind-api/4.0.2/jakarta.xml.bind-api-4.0.2.jar
MD5: 0c8f9991081def819435c3ff36e4d93f
SHA1: 6cd5a999b834b63238005b7144136379dc36cad2
SHA256:0d6bcfe47763e85047acf7c398336dc84ff85ebcad0a7cb6f3b9d3e981245406
Referenced In Project/Scope: Functional extension - Domain:runtime
jakarta.xml.bind-api-4.0.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-test@3.3.4

Identifiers

jandex-3.1.2.jar

Description:

SmallRye Build Parent POM

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/tommym/.m2/repository/io/smallrye/jandex/3.1.2/jandex-3.1.2.jar
MD5: 757ae579a3a52c03c3c60fbe393c086f
SHA1: a6c1c89925c7df06242b03dddb353116ceb9584c
SHA256:dee12fa1787d5523ed1a02d6c63b19e7aef6ac560f7c6d70595db01aa37e041e
Referenced In Project/Scope: Functional extension - Domain:runtime
jandex-3.1.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@3.3.4

Identifiers

javax.inject-1.jar

Description:

The javax.inject API

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/tommym/.m2/repository/javax/inject/javax.inject/1/javax.inject-1.jar
MD5: 289075e48b909e9e74e6c915b3631d2e
SHA1: 6975da39a7040257bd51d21a231b76c915872d38
SHA256:91c77044a50c481636c32d916fd89c9118a72195390452c81065080f957de7ff
Referenced In Project/Scope: Functional extension - Domain:provided
javax.inject-1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.querydsl/querydsl-apt@5.1.0

Identifiers

jaxb-core-4.0.5.jar

Description:

JAXB Core module. Contains sources required by XJC, JXC and Runtime modules.

License:

http://www.eclipse.org/org/documents/edl-v10.php
File Path: /Users/tommym/.m2/repository/org/glassfish/jaxb/jaxb-core/4.0.5/jaxb-core-4.0.5.jar
MD5: ab09aef6bebd4438b0a02707881801e4
SHA1: 007b4b11ea5542eea4ad55e1080b23be436795b3
SHA256:ad3fd9bf00de3eda9859f70b6cfb011e2fe9904804e16a2665092888ece0fdca
Referenced In Project/Scope: Functional extension - Domain:runtime
jaxb-core-4.0.5.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@3.3.4

Identifiers

CVE-2024-9329  

In Eclipse Glassfish versions before 7.0.17, The Host HTTP parameter could cause the web application to redirect to the specified URL, when the requested endpoint is '/management/domain'. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.
CWE-601 URL Redirection to Untrusted Site ('Open Redirect'), CWE-233 Improper Handling of Parameters

CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions:

jboss-logging-3.5.3.Final.jar

Description:

The JBoss Logging Framework

License:

Apache License 2.0: https://repository.jboss.org/licenses/apache-2.0.txt
File Path: /Users/tommym/.m2/repository/org/jboss/logging/jboss-logging/3.5.3.Final/jboss-logging-3.5.3.Final.jar
MD5: ee7e24e94235c13f53392ecaa53f938c
SHA1: c88fc1d8a96d4c3491f55d4317458ccad53ca663
SHA256:7b119460de174195aca412dfed52ca0bbef0ece26c2d74301b6172cfadf4ff59
Referenced In Project/Scope: Functional extension - Domain:compile
jboss-logging-3.5.3.Final.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@3.3.4

Identifiers

jul-to-slf4j-2.0.16.jar

Description:

JUL to SLF4J bridge

License:

http://www.opensource.org/licenses/mit-license.php
File Path: /Users/tommym/.m2/repository/org/slf4j/jul-to-slf4j/2.0.16/jul-to-slf4j-2.0.16.jar
MD5: 410ad2f2230e0150216d86e12a4af995
SHA1: 6d57da3e961daac65bcca0dd3def6cd11e48a24a
SHA256:0f2ec396ea29c9a440890d1f09fdb82fdd574b47b298435764235451c193861d
Referenced In Project/Scope: Functional extension - Domain:compile
jul-to-slf4j-2.0.16.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-test@3.3.4

Identifiers

log4j-api-2.23.1.jar

Description:

The Apache Log4j API

License:

Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/tommym/.m2/repository/org/apache/logging/log4j/log4j-api/2.23.1/log4j-api-2.23.1.jar
MD5: bee2e2dcbeeb983bdb6b71c9c3476b6a
SHA1: 9c15c29c526d9c6783049c0a77722693c66706e1
SHA256:92ec1fd36ab3bc09de6198d2d7c0914685c0f7127ea931acc32fd2ecdd82ea89
Referenced In Project/Scope: Functional extension - Domain:compile
log4j-api-2.23.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-test@3.3.4

Identifiers

log4j-to-slf4j-2.23.1.jar

Description:

The Apache Log4j binding between Log4j 2 API and SLF4J.

License:

Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/tommym/.m2/repository/org/apache/logging/log4j/log4j-to-slf4j/2.23.1/log4j-to-slf4j-2.23.1.jar
MD5: d60143628bb91f9dfa0148c213388b39
SHA1: 425ad1eb8a39904d2830e907a324e956fb456520
SHA256:7937a84055156910234e3b42868f55e68ff4b7becbb6ffd10146f72f5bf54dd5
Referenced In Project/Scope: Functional extension - Domain:compile
log4j-to-slf4j-2.23.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-test@3.3.4

Identifiers

logback-core-1.5.8.jar

Description:

logback-core module

License:

http://www.eclipse.org/legal/epl-v10.html, http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html
File Path: /Users/tommym/.m2/repository/ch/qos/logback/logback-core/1.5.8/logback-core-1.5.8.jar
MD5: 6048cf7daf6489ce151130cc993edccf
SHA1: 3fce599197de3b6f387cc9bee412ead2b4994a46
SHA256:a698e4cff3eac45eec9b2755df93bb7a9725d853f7938030654ce5430b37c41d
Referenced In Project/Scope: Functional extension - Domain:compile
logback-core-1.5.8.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-test@3.3.4

Identifiers

lombok-1.18.34.jar

Description:

Spice up your java: Automatic Resource Management, automatic generation of getters, setters, equals, hashCode and toString, and more!

License:

The MIT License: https://projectlombok.org/LICENSE
File Path: /Users/tommym/.m2/repository/org/projectlombok/lombok/1.18.34/lombok-1.18.34.jar
MD5: 91ce91dbfa7694bff4ddc1e51643f8b2
SHA1: ec547ef414ab1d2c040118fb9c1c265ada63af14
SHA256:c27d6b2aff56241d1b07fcbcc6b183709e6b432c80f7374eeb1d823e86d4b81a
Referenced In Project/Scope: Functional extension - Domain:compile
lombok-1.18.34.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-api@4.0.0-RC2

Identifiers

lombok-1.18.34.jar: mavenEcjBootstrapAgent.jar

File Path: /Users/tommym/.m2/repository/org/projectlombok/lombok/1.18.34/lombok-1.18.34.jar/lombok/launch/mavenEcjBootstrapAgent.jar
MD5: e5552f93605e20eb4039662ee38ee41a
SHA1: 257946794d3fbaff9023c991de99d6b7a7be8c8d
SHA256:7f93cde1d476e8d84f51213c52d70eb596fcde669fbd30fbd5a6745346fdde9d
Referenced In Project/Scope: Functional extension - Domain:compile

Identifiers

  • None

micrometer-commons-1.13.4.jar

Description:

Module containing common code

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/tommym/.m2/repository/io/micrometer/micrometer-commons/1.13.4/micrometer-commons-1.13.4.jar
MD5: 3058e9b29fff7d5f2d4bdabd3ba6b806
SHA1: edcf69518a4c382c48e19c7fb7d4aedfb115c0c3
SHA256:7407cc52817cfb66814292de841a4495c5af5309b15be367565d4bc700a433c2
Referenced In Project/Scope: Functional extension - Domain:compile
micrometer-commons-1.13.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-autoconfigure@3.3.4

Identifiers

micrometer-observation-1.13.4.jar

Description:

Module containing Observation related code

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/tommym/.m2/repository/io/micrometer/micrometer-observation/1.13.4/micrometer-observation-1.13.4.jar
MD5: f2731d224c64773ce187592e6cbf3fc0
SHA1: 2673c9b181ab2512002b23b7ad0f1dd02212696c
SHA256:58642b0c0c965d1dc42bc49573657e948ea2a6c54d4902a6bc7e12a558d71f50
Referenced In Project/Scope: Functional extension - Domain:compile
micrometer-observation-1.13.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-autoconfigure@3.3.4

Identifiers

mysema-commons-lang-0.2.4.jar

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/tommym/.m2/repository/com/mysema/commons/mysema-commons-lang/0.2.4/mysema-commons-lang-0.2.4.jar
MD5: c13bde1d0dae26b8ca3c56b5e4e40157
SHA1: d09c8489d54251a6c22fbce804bdd4a070557317
SHA256:dbbdd6816b33d3bead50f4d217825fcf568d50a43af881df5cdd01468c2b6efe
Referenced In Project/Scope: Functional extension - Domain:compile
mysema-commons-lang-0.2.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.querydsl/querydsl-jpa@5.1.0

Identifiers

querydsl-apt-5.1.0-jakarta.jar

Description:

APT based Source code generation for Querydsl

File Path: /Users/tommym/.m2/repository/com/querydsl/querydsl-apt/5.1.0/querydsl-apt-5.1.0-jakarta.jar
MD5: 75ada87133b15a7070113651dacc7499
SHA1: 3b1cbe05851840b5dc926833908747a193c097cc
SHA256:9b0e0f18205930ce1e21ab03758c46c069b92d4418956bf8468d85887cd2dfef
Referenced In Project/Scope: Functional extension - Domain:provided
querydsl-apt-5.1.0-jakarta.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-functional-domain@4.0.0-RC2

Identifiers

querydsl-core-5.1.0.jar

Description:

core module for querydsl

File Path: /Users/tommym/.m2/repository/com/querydsl/querydsl-core/5.1.0/querydsl-core-5.1.0.jar
MD5: 2c9349a570cc9b090e44a22bff6be406
SHA1: be322c3fe98de8e7c204afb8860bfabd81a3bafd
SHA256:57a3033ddbb4d928552b33443be7195bc3caba6fa85cd9a492bc874a5ef98c8e
Referenced In Project/Scope: Functional extension - Domain:compile
querydsl-core-5.1.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.querydsl/querydsl-jpa@5.1.0

Identifiers

querydsl-jpa-5.1.0-jakarta.jar

Description:

JPA support for Querydsl

File Path: /Users/tommym/.m2/repository/com/querydsl/querydsl-jpa/5.1.0/querydsl-jpa-5.1.0-jakarta.jar
MD5: 54dae173af07a330f1a80cc48b0e02f3
SHA1: f44ee79a324cf92d6821eca736b2028e69542050
SHA256:01b064b511e093ceff2a8698829354b4fb1dc08f576e405dd6dfa8ab35736ca2
Referenced In Project/Scope: Functional extension - Domain:compile
querydsl-jpa-5.1.0-jakarta.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-functional-domain@4.0.0-RC2

Identifiers

slf4j-api-2.0.16.jar

Description:

The slf4j API

License:

http://www.opensource.org/licenses/mit-license.php
File Path: /Users/tommym/.m2/repository/org/slf4j/slf4j-api/2.0.16/slf4j-api-2.0.16.jar
MD5: c8de8f5d740584cb24b5652cfba8b3c4
SHA1: 0172931663a09a1fa515567af5fbef00897d3c04
SHA256:a12578dde1ba00bd9b816d388a0b879928d00bab3c83c240f7013bf4196c579a
Referenced In Project/Scope: Functional extension - Domain:compile
slf4j-api-2.0.16.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-api@4.0.0-RC2

Identifiers

snakeyaml-2.2.jar

Description:

YAML 1.1 parser and emitter for Java

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/tommym/.m2/repository/org/yaml/snakeyaml/2.2/snakeyaml-2.2.jar
MD5: d78aacf5f2de5b52f1a327470efd1ad7
SHA1: 3af797a25458550a16bf89acc8e4ab2b7f2bfce0
SHA256:1467931448a0817696ae2805b7b8b20bfb082652bf9c4efaed528930dc49389b
Referenced In Project/Scope: Functional extension - Domain:compile
snakeyaml-2.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-test@3.3.4

Identifiers

spring-boot-3.3.4.jar

Description:

Spring Boot

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /Users/tommym/.m2/repository/org/springframework/boot/spring-boot/3.3.4/spring-boot-3.3.4.jar
MD5: f0ef22445df4734fbd86ac1f976833c0
SHA1: f06c6950aa5766b63328e821641f5c7d71be819d
SHA256:2d3b43ade67d8b8ff23e80fa7f9f3d469a28413a826042808bcb3b718f13e01a
Referenced In Project/Scope: Functional extension - Domain:compile
spring-boot-3.3.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-autoconfigure@3.3.4

Identifiers

spring-core-6.1.13.jar

Description:

Spring Core

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /Users/tommym/.m2/repository/org/springframework/spring-core/6.1.13/spring-core-6.1.13.jar
MD5: e1965e1d05b8ed52cee0593007d2e40f
SHA1: ddbd765408d2665f47017c8f05a7682012f91da3
SHA256:5f0059701b1c0bcdab78bb72dc252fce9eab16147819587238cacbdbf7b794cf
Referenced In Project/Scope: Functional extension - Domain:compile
spring-core-6.1.13.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-test@3.3.4

Identifiers

CVE-2024-38820  

The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected.
NVD-CWE-noinfo, CWE-178 Improper Handling of Case Sensitivity

CVSSv3:
  • Base Score: MEDIUM (5.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

spring-data-commons-3.3.4.jar

Description:

Core Spring concepts underpinning every Spring Data module.

File Path: /Users/tommym/.m2/repository/org/springframework/data/spring-data-commons/3.3.4/spring-data-commons-3.3.4.jar
MD5: cfc6e5fee5e1e6e8984739077de12819
SHA1: f0f6bca5b0cd7d318666e2d3f02726c615334678
SHA256:f44a2d79928fefe9879d76b3ae8141dbc5793cda7930543f295d9394f115a76d
Referenced In Project/Scope: Functional extension - Domain:compile
spring-data-commons-3.3.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@3.3.4

Identifiers

spring-data-jpa-3.3.4.jar

Description:

Spring Data module for JPA repositories.

File Path: /Users/tommym/.m2/repository/org/springframework/data/spring-data-jpa/3.3.4/spring-data-jpa-3.3.4.jar
MD5: 4041bcb81e2078d07519fe237ab5aaf0
SHA1: f92296e4b6d18f5f79c5e6074da96bf0de2006d3
SHA256:99dade6857529c77afeb83703732c1a37e61c0e0d25ec3d064a0b88b6679b71b
Referenced In Project/Scope: Functional extension - Domain:compile
spring-data-jpa-3.3.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@3.3.4

Identifiers

tomcat-embed-el-10.1.30.jar

Description:

Core Tomcat implementation

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/tommym/.m2/repository/org/apache/tomcat/embed/tomcat-embed-el/10.1.30/tomcat-embed-el-10.1.30.jar
MD5: da24b9956c9ed9e5b10b6bedc2de2261
SHA1: 432b176aa50de87c3bbda99b0fe85523abfd1382
SHA256:ee94bb23409ac67cc6c79c0f7c3e61be0262adcf6e4d778bfe292944109f6697
Referenced In Project/Scope: Functional extension - Domain:compile
tomcat-embed-el-10.1.30.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-impl@4.0.0-RC2

Identifiers

txw2-4.0.5.jar

Description:

        TXW is a library that allows you to write XML documents.

File Path: /Users/tommym/.m2/repository/org/glassfish/jaxb/txw2/4.0.5/txw2-4.0.5.jar
MD5: 2f5aa7dbd5e326562cff6ce720a1485a
SHA1: f36a4ef12120a9bb06d766d6a0e54b144fd7ed98
SHA256:917355bc451481f30d043b24d123110517966af34383901773882810dca480e5
Referenced In Project/Scope: Functional extension - Domain:runtime
txw2-4.0.5.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@3.3.4

Identifiers

CVE-2024-9329  

In Eclipse Glassfish versions before 7.0.17, The Host HTTP parameter could cause the web application to redirect to the specified URL, when the requested endpoint is '/management/domain'. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.
CWE-601 URL Redirection to Untrusted Site ('Open Redirect'), CWE-233 Improper Handling of Parameters

CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions:



This report contains data retrieved from the National Vulnerability Database.
This report may contain data retrieved from the CISA Known Exploited Vulnerability Catalog.
This report may contain data retrieved from the Github Advisory Database (via NPM Audit API).
This report may contain data retrieved from RetireJS.
This report may contain data retrieved from the Sonatype OSS Index.