Press CTR-C to copy XML [help]


Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

How to read the report | Suppressing false positives | Getting Help: github issues

 Sponsor

Project: Rest Services

org.dynamoframework:dynamo-rest:4.0.0-RC2

Scan Information (show all):

Summary

Display: Showing Vulnerable Dependencies (click to show all)

DependencyVulnerability IDsPackageHighest SeverityCVE CountConfidenceEvidence Count
HikariCP-5.1.0.jarpkg:maven/com.zaxxer/HikariCP@5.1.0 035
angus-activation-2.0.2.jarpkg:maven/org.eclipse.angus/angus-activation@2.0.2 035
antlr4-runtime-4.13.0.jarpkg:maven/org.antlr/antlr4-runtime@4.13.0 030
apiguardian-api-1.1.2.jarpkg:maven/org.apiguardian/apiguardian-api@1.1.2 040
aspectjweaver-1.9.22.1.jarpkg:maven/org.aspectj/aspectjweaver@1.9.22.1 049
byte-buddy-1.14.19.jarpkg:maven/net.bytebuddy/byte-buddy@1.14.19 029
classgraph-4.8.146.jarpkg:maven/io.github.classgraph/classgraph@4.8.146 042
classmate-1.7.0.jarpkg:maven/com.fasterxml/classmate@1.7.0 052
codegen-utils-5.1.0.jarcpe:2.3:a:utils_project:utils:5.1.0:*:*:*:*:*:*:*pkg:maven/com.querydsl/codegen-utils@5.1.0 0Highest37
commons-io-2.17.0.jarcpe:2.3:a:apache:commons_io:2.17.0:*:*:*:*:*:*:*pkg:maven/commons-io/commons-io@2.17.0 0Highest125
commons-lang3-3.14.0.jarpkg:maven/org.apache.commons/commons-lang3@3.14.0 0145
dynamo-api-4.0.0-RC2.jarpkg:maven/org.dynamoframework/dynamo-api@4.0.0-RC2 016
dynamo-impl-4.0.0-RC2.jarpkg:maven/org.dynamoframework/dynamo-impl@4.0.0-RC2 018
ecj-3.26.0.jarpkg:maven/org.eclipse.jdt/ecj@3.26.0 030
h2-2.2.224.jarcpe:2.3:a:h2database:h2:2.2.224:*:*:*:*:*:*:*pkg:maven/com.h2database/h2@2.2.224MEDIUM1Highest44
h2-2.2.224.jar: data.zip: table.js 00
h2-2.2.224.jar: data.zip: tree.js 00
hibernate-commons-annotations-6.0.6.Final.jarpkg:maven/org.hibernate.common/hibernate-commons-annotations@6.0.6.Final 038
hibernate-core-6.5.3.Final.jarcpe:2.3:a:hibernate:hibernate_orm:6.5.3:*:*:*:*:*:*:*pkg:maven/org.hibernate.orm/hibernate-core@6.5.3.Final 0Highest43
hibernate-validator-8.0.1.Final.jarcpe:2.3:a:redhat:hibernate_validator:8.0.1:*:*:*:*:*:*:*pkg:maven/org.hibernate.validator/hibernate-validator@8.0.1.Final 0Highest34
istack-commons-runtime-4.1.2.jarpkg:maven/com.sun.istack/istack-commons-runtime@4.1.2 029
jackson-core-2.17.2.jarcpe:2.3:a:fasterxml:jackson-modules-java8:2.17.2:*:*:*:*:*:*:*pkg:maven/com.fasterxml.jackson.core/jackson-core@2.17.2 0Low47
jackson-databind-2.17.2.jarcpe:2.3:a:fasterxml:jackson-databind:2.17.2:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-modules-java8:2.17.2:*:*:*:*:*:*:*		pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.17.2 0Highest41
jackson-dataformat-yaml-2.17.2.jarcpe:2.3:a:fasterxml:jackson-dataformat-xml:2.17.2:*:*:*:*:*:*:*pkg:maven/com.fasterxml.jackson.dataformat/jackson-dataformat-yaml@2.17.2 0Highest39
jakarta.activation-api-2.1.3.jarpkg:maven/jakarta.activation/jakarta.activation-api@2.1.3 045
jakarta.annotation-api-2.1.1.jarcpe:2.3:a:oracle:projects:2.1.1:*:*:*:*:*:*:*pkg:maven/jakarta.annotation/jakarta.annotation-api@2.1.1 0Low42
jakarta.inject-api-2.0.1.jarpkg:maven/jakarta.inject/jakarta.inject-api@2.0.1 056
jakarta.persistence-api-3.1.0.jarpkg:maven/jakarta.persistence/jakarta.persistence-api@3.1.0 040
jakarta.transaction-api-2.0.1.jarcpe:2.3:a:oracle:projects:2.0.1:*:*:*:*:*:*:*pkg:maven/jakarta.transaction/jakarta.transaction-api@2.0.1 0Low50
jakarta.validation-api-3.0.2.jarpkg:maven/jakarta.validation/jakarta.validation-api@3.0.2 056
jakarta.xml.bind-api-4.0.2.jarpkg:maven/jakarta.xml.bind/jakarta.xml.bind-api@4.0.2 031
jandex-3.1.2.jarpkg:maven/io.smallrye/jandex@3.1.2 027
javax.inject-1.jarpkg:maven/javax.inject/javax.inject@1 020
jaxb-core-4.0.5.jarcpe:2.3:a:eclipse:glassfish:4.0.5:*:*:*:*:*:*:*pkg:maven/org.glassfish.jaxb/jaxb-core@4.0.5MEDIUM1Highest40
jboss-logging-3.5.3.Final.jarpkg:maven/org.jboss.logging/jboss-logging@3.5.3.Final 041
jul-to-slf4j-2.0.16.jarpkg:maven/org.slf4j/jul-to-slf4j@2.0.16 031
junit-jupiter-5.10.3.jarpkg:maven/org.junit.jupiter/junit-jupiter@5.10.3 070
junit-jupiter-engine-5.10.3.jarpkg:maven/org.junit.jupiter/junit-jupiter-engine@5.10.3 078
junit-jupiter-params-5.10.3.jarpkg:maven/org.junit.jupiter/junit-jupiter-params@5.10.3 076
junit-platform-engine-1.10.3.jarcpe:2.3:a:fan_platform_project:fan_platform:1.10.3:*:*:*:*:*:*:*pkg:maven/org.junit.platform/junit-platform-engine@1.10.3 0Low76
log4j-api-2.23.1.jarcpe:2.3:a:apache:log4j:2.23.1:*:*:*:*:*:*:*pkg:maven/org.apache.logging.log4j/log4j-api@2.23.1 0Highest39
log4j-to-slf4j-2.23.1.jarpkg:maven/org.apache.logging.log4j/log4j-to-slf4j@2.23.1 037
logback-core-1.5.8.jarcpe:2.3:a:qos:logback:1.5.8:*:*:*:*:*:*:*pkg:maven/ch.qos.logback/logback-core@1.5.8 0Highest39
lombok-1.18.34.jarpkg:maven/org.projectlombok/lombok@1.18.34 036
lombok-1.18.34.jar: mavenEcjBootstrapAgent.jar 07
micrometer-commons-1.13.4.jarpkg:maven/io.micrometer/micrometer-commons@1.13.4 065
micrometer-observation-1.13.4.jarpkg:maven/io.micrometer/micrometer-observation@1.13.4 065
mysema-commons-lang-0.2.4.jarpkg:maven/com.mysema.commons/mysema-commons-lang@0.2.4 026
opentest4j-1.3.0.jarpkg:maven/org.opentest4j/opentest4j@1.3.0 060
querydsl-apt-5.1.0-jakarta.jarpkg:maven/com.querydsl/querydsl-apt@5.1.0 020
querydsl-core-5.1.0.jarcpe:2.3:a:homepage_project:homepage:5.1.0:*:*:*:*:*:*:*pkg:maven/com.querydsl/querydsl-core@5.1.0 0Low23
querydsl-jpa-5.1.0-jakarta.jarpkg:maven/com.querydsl/querydsl-jpa@5.1.0 023
slf4j-api-2.0.16.jarpkg:maven/org.slf4j/slf4j-api@2.0.16 029
snakeyaml-2.2.jarcpe:2.3:a:snakeyaml_project:snakeyaml:2.2:*:*:*:*:*:*:*pkg:maven/org.yaml/snakeyaml@2.2 0Highest42
spring-boot-3.3.4.jarcpe:2.3:a:vmware:spring_boot:3.3.4:*:*:*:*:*:*:*pkg:maven/org.springframework.boot/spring-boot@3.3.4 0Highest38
spring-boot-starter-web-3.3.4.jarcpe:2.3:a:vmware:spring_boot:3.3.4:*:*:*:*:*:*:*
cpe:2.3:a:web_project:web:3.3.4:*:*:*:*:*:*:*		pkg:maven/org.springframework.boot/spring-boot-starter-web@3.3.4 0Highest36
spring-core-6.1.13.jarcpe:2.3:a:pivotal_software:spring_framework:6.1.13:*:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:6.1.13:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:6.1.13:*:*:*:*:*:*:*		pkg:maven/org.springframework/spring-core@6.1.13MEDIUM1Highest41
spring-data-commons-3.3.4.jarcpe:2.3:a:pivotal_software:spring_data_commons:3.3.4:*:*:*:*:*:*:*pkg:maven/org.springframework.data/spring-data-commons@3.3.4 0Highest32
spring-data-jpa-3.3.4.jarcpe:2.3:a:pivotal_software:spring_data_jpa:3.3.4:*:*:*:*:*:*:*pkg:maven/org.springframework.data/spring-data-jpa@3.3.4 0Highest30
spring-web-6.1.13.jarcpe:2.3:a:pivotal_software:spring_framework:6.1.13:*:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:6.1.13:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:6.1.13:*:*:*:*:*:*:*
cpe:2.3:a:web_project:web:6.1.13:*:*:*:*:*:*:*		pkg:maven/org.springframework/spring-web@6.1.13MEDIUM1Highest35
spring-webmvc-6.1.13.jarcpe:2.3:a:pivotal_software:spring_framework:6.1.13:*:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:6.1.13:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:6.1.13:*:*:*:*:*:*:*
cpe:2.3:a:web_project:web:6.1.13:*:*:*:*:*:*:*		pkg:maven/org.springframework/spring-webmvc@6.1.13HIGH2Highest37
springdoc-openapi-starter-common-2.6.0.jarpkg:maven/org.springdoc/springdoc-openapi-starter-common@2.6.0 019
springdoc-openapi-starter-webmvc-api-2.6.0.jarpkg:maven/org.springdoc/springdoc-openapi-starter-webmvc-api@2.6.0 023
springdoc-openapi-starter-webmvc-ui-2.6.0.jarpkg:maven/org.springdoc/springdoc-openapi-starter-webmvc-ui@2.6.0 023
swagger-core-jakarta-2.2.22.jarcpe:2.3:a:http-swagger_project:http-swagger:2.2.22:*:*:*:*:*:*:*pkg:maven/io.swagger.core.v3/swagger-core-jakarta@2.2.22 0Low38
swagger-ui-5.17.14.jarcpe:2.3:a:http-swagger_project:http-swagger:5.17.14:*:*:*:*:*:*:*pkg:maven/org.webjars/swagger-ui@5.17.14 0Low21
swagger-ui-5.17.14.jar: swagger-initializer.js 00
swagger-ui-5.17.14.jar: swagger-ui-bundle.js 00
swagger-ui-5.17.14.jar: swagger-ui-es-bundle-core.js 00
swagger-ui-5.17.14.jar: swagger-ui-es-bundle.js 00
swagger-ui-5.17.14.jar: swagger-ui-standalone-preset.js 00
swagger-ui-5.17.14.jar: swagger-ui.js 00
tomcat-embed-core-10.1.30.jarcpe:2.3:a:apache:tomcat:10.1.30:*:*:*:*:*:*:*
cpe:2.3:a:apache_tomcat:apache_tomcat:10.1.30:*:*:*:*:*:*:*		pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.30 0Highest63
tomcat-embed-el-10.1.30.jarpkg:maven/org.apache.tomcat.embed/tomcat-embed-el@10.1.30 033
txw2-4.0.5.jarcpe:2.3:a:eclipse:glassfish:4.0.5:*:*:*:*:*:*:*pkg:maven/org.glassfish.jaxb/txw2@4.0.5MEDIUM1Highest34

Dependencies (vulnerable)

HikariCP-5.1.0.jar

Description:

Ultimate JDBC Connection Pool

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/tommym/.m2/repository/com/zaxxer/HikariCP/5.1.0/HikariCP-5.1.0.jar
MD5: 37404f82207a28141bd9b0fe6b1d0a16
SHA1: 8c96e36c14461fc436bb02b264b96ef3ca5dca8c
SHA256:a47a6ee62379694ee52c30036f0931b72f9aee2a801d590341ed82bd839e2134
Referenced In Project/Scope: Rest Services:compile
HikariCP-5.1.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@3.3.4

Identifiers

angus-activation-2.0.2.jar

Description:

 Implementation

License:

http://www.eclipse.org/org/documents/edl-v10.php
File Path: /Users/tommym/.m2/repository/org/eclipse/angus/angus-activation/2.0.2/angus-activation-2.0.2.jar
MD5: 42bba74155dc773eca277ee7a16f74be
SHA1: 41f1e0ddd157c856926ed149ab837d110955a9fc
SHA256:6dd3bcffc22bce83b07376a0e2e094e4964a3195d4118fb43e380ef35436cc1e
Referenced In Project/Scope: Rest Services:runtime
angus-activation-2.0.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@3.3.4

Identifiers

antlr4-runtime-4.13.0.jar

Description:

The ANTLR 4 Runtime

License:

https://www.antlr.org/license.html
File Path: /Users/tommym/.m2/repository/org/antlr/antlr4-runtime/4.13.0/antlr4-runtime-4.13.0.jar
MD5: bff95723c494b332b14575d713a65df4
SHA1: 5a02e48521624faaf5ff4d99afc88b01686af655
SHA256:bd7f7b5d07bc0b047f10915b32ca4bb1de9e57d8049098882e4453c88c076a5d
Referenced In Project/Scope: Rest Services:compile
antlr4-runtime-4.13.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@3.3.4

Identifiers

apiguardian-api-1.1.2.jar

Description:

@API Guardian

License:

The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/tommym/.m2/repository/org/apiguardian/apiguardian-api/1.1.2/apiguardian-api-1.1.2.jar
MD5: 8c7de3f82037fa4a2e8be2a2f13092af
SHA1: a231e0d844d2721b0fa1b238006d15c6ded6842a
SHA256:b509448ac506d607319f182537f0b35d71007582ec741832a1f111e5b5b70b38
Referenced In Project/Scope: Rest Services:compile
apiguardian-api-1.1.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.junit.jupiter/junit-jupiter-api@5.10.3

Identifiers

aspectjweaver-1.9.22.1.jar

Description:

The AspectJ weaver applies aspects to Java classes. It can be used as a Java agent in order to apply load-time
		weaving (LTW) during class-loading and also contains the AspectJ runtime classes.

License:

Eclipse Public License - v 2.0: https://www.eclipse.org/org/documents/epl-2.0/EPL-2.0.txt
File Path: /Users/tommym/.m2/repository/org/aspectj/aspectjweaver/1.9.22.1/aspectjweaver-1.9.22.1.jar
MD5: f2edbc088126174a11b68279bd26c6eb
SHA1: bca243d0af0db4758fbae45c5f4995cb5dabb612
SHA256:cd2dd01ec2424c05669df4d557f6c6cd7ed87b05257ee3c866b4c5b116b18a78
Referenced In Project/Scope: Rest Services:compile
aspectjweaver-1.9.22.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@3.3.4

Identifiers

byte-buddy-1.14.19.jar

Description:

        Byte Buddy is a Java library for creating Java classes at run time.
        This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/tommym/.m2/repository/net/bytebuddy/byte-buddy/1.14.19/byte-buddy-1.14.19.jar
MD5: 745f8db2db7678ff12cb654343cee830
SHA1: 4c0c637b8f47dc08f89240e6f59900011752c97b
SHA256:8415a44d841b2cdecdf5d73a05c29a8cf92dc2b60fca7ff7b3f21cd431b5a4ec
Referenced In Project/Scope: Rest Services:runtime
byte-buddy-1.14.19.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.mockito/mockito-core@5.11.0

Identifiers

classgraph-4.8.146.jar

Description:

The uber-fast, ultra-lightweight classpath and module scanner for JVM languages.

License:

The MIT License (MIT): http://opensource.org/licenses/MIT
File Path: /Users/tommym/.m2/repository/io/github/classgraph/classgraph/4.8.146/classgraph-4.8.146.jar
MD5: a4ed4fa2653c6540980aa06511ba3764
SHA1: 360448a09bfa5689d89cfa97fea53b3fdefa9c23
SHA256:184b8319c463656672e3480dead3bdb77d7b116d55f3a618f4f5564e8f6fa0a4
Referenced In Project/Scope: Rest Services:provided
classgraph-4.8.146.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.querydsl/querydsl-apt@5.1.0

Identifiers

classmate-1.7.0.jar

Description:

Library for introspecting types with full generic information
        including resolving of field and method types.

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/tommym/.m2/repository/com/fasterxml/classmate/1.7.0/classmate-1.7.0.jar
MD5: 3b8f14fe92feb865a8205aa63c5ed769
SHA1: 0e98374da1f2143ac8e6e0a95036994bb19137a3
SHA256:cb868f231c5cceb89d795ea00e6e1b7a93b8f4ac1ce1d8be76dde322dff4a046
Referenced In Project/Scope: Rest Services:compile
classmate-1.7.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@3.3.4

Identifiers

codegen-utils-5.1.0.jar

Description:

Code generation and compilation for Java

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/tommym/.m2/repository/com/querydsl/codegen-utils/5.1.0/codegen-utils-5.1.0.jar
MD5: 850fa8089ead3bb0a4254ad9aea16ced
SHA1: ba401554d613760617992eafb6cdba175c811e6f
SHA256:0633634e74fb716ea998d9d31c99c8dc6c24ea6e906046f2fc4707148ac58888
Referenced In Project/Scope: Rest Services:provided
codegen-utils-5.1.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.querydsl/querydsl-apt@5.1.0

Identifiers

commons-io-2.17.0.jar

Description:

The Apache Commons IO library contains utility classes, stream implementations, file filters,
file comparators, endian transformation classes, and much more.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/tommym/.m2/repository/commons-io/commons-io/2.17.0/commons-io-2.17.0.jar
MD5: f6232d0e290d58bb93f74f67165bf91f
SHA1: ddcc8433eb019fb48fe25207c0278143f3e1d7e2
SHA256:4aa4ca48f3dfd30b78220b7881d8cb93eac4093ec94361b6befa9487998a550b
Referenced In Project/Scope: Rest Services:compile
commons-io-2.17.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-rest@4.0.0-RC2

Identifiers

commons-lang3-3.14.0.jar

Description:

  Apache Commons Lang, a package of Java utility classes for the
  classes that are in java.lang's hierarchy, or are considered to be so
  standard as to justify existence in java.lang.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/tommym/.m2/repository/org/apache/commons/commons-lang3/3.14.0/commons-lang3-3.14.0.jar
MD5: 4e5c3f5e6b0b965ef241d7d72ac8971f
SHA1: 1ed471194b02f2c6cb734a0cd6f6f107c673afae
SHA256:7b96bf3ee68949abb5bc465559ac270e0551596fa34523fddf890ec418dde13c
Referenced In Project/Scope: Rest Services:compile
commons-lang3-3.14.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-rest@4.0.0-RC2

Identifiers

dynamo-api-4.0.0-RC2.jar

Description:

Dynamo Framework API project.

File Path: /Users/tommym/Work/opencirclesolutions/dynamo/dynamo-api/target/dynamo-api-4.0.0-RC2.jar
MD5: c9f04fa11e97fea9bbef969ef5e567a7
SHA1: 0eeb7c8b42419068611cee3141dc37be05e00783
SHA256:bb2209146baf1c0a811a3819da0e65cdd9902bcfc6e02193999c8119c400754b
Referenced In Project/Scope: Rest Services:compile
dynamo-api-4.0.0-RC2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-rest@4.0.0-RC2

Identifiers

dynamo-impl-4.0.0-RC2.jar

Description:

Dynamo Framework implementation project.

File Path: /Users/tommym/Work/opencirclesolutions/dynamo/dynamo-impl/target/dynamo-impl-4.0.0-RC2.jar
MD5: 143b8fc2dc4c5c766e4b4015840a2df5
SHA1: 9709cfb81182fd4cbbe3e5ee73fc9853421d1554
SHA256:f5075f96c46bb106d78dc5d566eb2184d5fee783fe7b4fda0cbf1956e483562a
Referenced In Project/Scope: Rest Services:compile
dynamo-impl-4.0.0-RC2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-rest@4.0.0-RC2

Identifiers

ecj-3.26.0.jar

Description:

Eclipse Compiler for Java(TM)

License:

Eclipse Public License - v 2.0: https://www.eclipse.org/legal/epl-2.0/
File Path: /Users/tommym/.m2/repository/org/eclipse/jdt/ecj/3.26.0/ecj-3.26.0.jar
MD5: ee47966a67cd4019f1b8ccac74ba8dca
SHA1: 4837be609a3368a0f7e7cf0dc1bdbc7fe94993de
SHA256:ac0ba5876eaf7ebb47749a0d1be179c51f194b9dd0b875d1c09e1b530f5a2db5
Referenced In Project/Scope: Rest Services:provided
ecj-3.26.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.querydsl/querydsl-apt@5.1.0

Identifiers

h2-2.2.224.jar

Description:

H2 Database Engine

License:

MPL 2.0: https://www.mozilla.org/en-US/MPL/2.0/
EPL 1.0: https://opensource.org/licenses/eclipse-1.0.php
File Path: /Users/tommym/.m2/repository/com/h2database/h2/2.2.224/h2-2.2.224.jar
MD5: 769d5a85d19ccc2b06620f8c81d6d8f8
SHA1: 7bdade27d8cd197d9b5ce9dc251f41d2edc5f7ad
SHA256:b9d8f19358ada82a4f6eb5b174c6cfe320a375b5a9cb5a4fe456d623e6e55497
Referenced In Project/Scope: Rest Services:compile
h2-2.2.224.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-rest@4.0.0-RC2

Identifiers

CVE-2018-14335 (OSSINDEX)  

h2database - Improper Link Resolution Before File Access

The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
CWE-59 Improper Link Resolution Before File Access ('Link Following')

CVSSv3:
  • Base Score: MEDIUM (6.0)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:com.h2database:h2:2.2.224:*:*:*:*:*:*:*

h2-2.2.224.jar: data.zip: table.js

File Path: /Users/tommym/.m2/repository/com/h2database/h2/2.2.224/h2-2.2.224.jar/org/h2/util/data.zip/org/h2/server/web/res/table.js
MD5: f374e067dff4b106b77abab77b360d8b
SHA1: 67d0af73251e86e079f1db4b837920309a1a3993
SHA256:75e452b34b317d0a8c630b9ac469db3d82988e221d41adc17cf1bab3c0e88c78
Referenced In Project/Scope: Rest Services:compile

Identifiers

  • None

h2-2.2.224.jar: data.zip: tree.js

File Path: /Users/tommym/.m2/repository/com/h2database/h2/2.2.224/h2-2.2.224.jar/org/h2/util/data.zip/org/h2/server/web/res/tree.js
MD5: 760f137680a67ae829c2000c4156e050
SHA1: d947ebba0777d68aa9397fc7d8b04ce2a725c12b
SHA256:2bb3d968d50a5d96912f77552d772184d0213e2601895517ba53afa64dc433ed
Referenced In Project/Scope: Rest Services:compile

Identifiers

  • None

hibernate-commons-annotations-6.0.6.Final.jar

Description:

Common reflection code used in support of annotation processing

License:

GNU Library General Public License v2.1 or later: http://www.opensource.org/licenses/LGPL-2.1
File Path: /Users/tommym/.m2/repository/org/hibernate/common/hibernate-commons-annotations/6.0.6.Final/hibernate-commons-annotations-6.0.6.Final.jar
MD5: c155df7d9f04d15f3f6bbe79f4907074
SHA1: 77a5f94b56d49508e0ee334751db5b78e5ccd50c
SHA256:cd974e0a8481fafdbaf9b4a0f08bb5a6c969b0365482763eedf77e6fd7f493b7
Referenced In Project/Scope: Rest Services:runtime
hibernate-commons-annotations-6.0.6.Final.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@3.3.4

Identifiers

hibernate-core-6.5.3.Final.jar

Description:

Hibernate's core ORM functionality

License:

GNU Library General Public License v2.1 or later: https://www.opensource.org/licenses/LGPL-2.1
File Path: /Users/tommym/.m2/repository/org/hibernate/orm/hibernate-core/6.5.3.Final/hibernate-core-6.5.3.Final.jar
MD5: 7cee9d560d7ca13dd0fc4e6d5f34f9b7
SHA1: 1e23c320a5d10f5eaecbd23095fca5c5c83c1fb5
SHA256:f79b5e5029a72e2f0ba7542591fba8305c9edbc0dbdc974541f2376ff1203422
Referenced In Project/Scope: Rest Services:compile
hibernate-core-6.5.3.Final.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@3.3.4

Identifiers

hibernate-validator-8.0.1.Final.jar

Description:

Hibernate's Jakarta Bean Validation reference implementation.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/tommym/.m2/repository/org/hibernate/validator/hibernate-validator/8.0.1.Final/hibernate-validator-8.0.1.Final.jar
MD5: 66985b6bf8da17611031e2421c235241
SHA1: e49e116b3d3928060599b176b3538bb848718e95
SHA256:8c1244a498231091fe723d9666a93444ee9f93607245c6b29829dc5fe57a335c
Referenced In Project/Scope: Rest Services:compile
hibernate-validator-8.0.1.Final.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-validation@3.3.4

Identifiers

istack-commons-runtime-4.1.2.jar

Description:

istack common utility code

License:

http://www.eclipse.org/org/documents/edl-v10.php
File Path: /Users/tommym/.m2/repository/com/sun/istack/istack-commons-runtime/4.1.2/istack-commons-runtime-4.1.2.jar
MD5: 535154ef647af2a52478c4debec93659
SHA1: 18ec117c85f3ba0ac65409136afa8e42bc74e739
SHA256:7fd6792361f4dd00f8c56af4a20cecc0066deea4a8f3dec38348af23fc2296ee
Referenced In Project/Scope: Rest Services:runtime
istack-commons-runtime-4.1.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@3.3.4

Identifiers

jackson-core-2.17.2.jar

Description:

Core Jackson processing abstractions (aka Streaming API), implementation for JSON

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/tommym/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.17.2/jackson-core-2.17.2.jar
MD5: 50c2dab1f29136714d5ef5c6c640336c
SHA1: 969a35cb35c86512acbadcdbbbfb044c877db814
SHA256:721a189241dab0525d9e858e5cb604d3ecc0ede081e2de77d6f34fa5779a5b46
Referenced In Project/Scope: Rest Services:compile
jackson-core-2.17.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-web@3.3.4

Identifiers

jackson-databind-2.17.2.jar

Description:

General data-binding functionality for Jackson: works on core streaming API

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/tommym/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.17.2/jackson-databind-2.17.2.jar
MD5: 3e1ff7c1f0fda885946619a47ef9d5de
SHA1: e6deb029e5901e027c129341fac39e515066b68c
SHA256:c04993f33c0f845342653784f14f38373d005280e6359db5f808701cfae73c0c
Referenced In Project/Scope: Rest Services:compile
jackson-databind-2.17.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-web@3.3.4

Identifiers

jackson-dataformat-yaml-2.17.2.jar

Description:

Support for reading and writing YAML-encoded data via Jackson abstractions.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/tommym/.m2/repository/com/fasterxml/jackson/dataformat/jackson-dataformat-yaml/2.17.2/jackson-dataformat-yaml-2.17.2.jar
MD5: 9dcb2f5d3b61bfb9af05b9b00bee13c3
SHA1: 78d2c73dbec62044d7cf3b544b2e0d24a1a093b0
SHA256:941bcd8b1381bb3b0d726fab41624fa8ece0ee7b6cf2860ad95e8157ce673376
Referenced In Project/Scope: Rest Services:compile
jackson-dataformat-yaml-2.17.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springdoc/springdoc-openapi-starter-webmvc-ui@2.6.0

Identifiers

jakarta.activation-api-2.1.3.jar

Description:

  Specification

License:

EDL 1.0: http://www.eclipse.org/org/documents/edl-v10.php
File Path: /Users/tommym/.m2/repository/jakarta/activation/jakarta.activation-api/2.1.3/jakarta.activation-api-2.1.3.jar
MD5: 76e7b680375ea9f40f3ddbd702efcd25
SHA1: fa165bd70cda600368eee31555222776a46b881f
SHA256:01b176d718a169263e78290691fc479977186bcc6b333487325084d6586f4627
Referenced In Project/Scope: Rest Services:compile
jakarta.activation-api-2.1.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-test@3.3.4

Identifiers

jakarta.annotation-api-2.1.1.jar

Description:

Jakarta Annotations API

License:

EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html
File Path: /Users/tommym/.m2/repository/jakarta/annotation/jakarta.annotation-api/2.1.1/jakarta.annotation-api-2.1.1.jar
MD5: 5dac2f68e8288d0add4dc92cb161711d
SHA1: 48b9bda22b091b1f48b13af03fe36db3be6e1ae3
SHA256:5f65fdaf424eee2b55e1d882ba9bb376be93fb09b37b808be6e22e8851c909fe
Referenced In Project/Scope: Rest Services:compile
jakarta.annotation-api-2.1.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@3.3.4

Identifiers

jakarta.inject-api-2.0.1.jar

Description:

Jakarta Dependency Injection

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/tommym/.m2/repository/jakarta/inject/jakarta.inject-api/2.0.1/jakarta.inject-api-2.0.1.jar
MD5: 72003bf6efcc8455d414bbd7da86c11c
SHA1: 4c28afe1991a941d7702fe1362c365f0a8641d1e
SHA256:f7dc98062fccf14126abb751b64fab12c312566e8cbdc8483598bffcea93af7c
Referenced In Project/Scope: Rest Services:runtime
jakarta.inject-api-2.0.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@3.3.4

Identifiers

jakarta.persistence-api-3.1.0.jar

Description:

Jakarta Persistence 3.1 API jar

License:

Eclipse Public License v. 2.0: http://www.eclipse.org/legal/epl-2.0
Eclipse Distribution License v. 1.0: http://www.eclipse.org/org/documents/edl-v10.php
File Path: /Users/tommym/.m2/repository/jakarta/persistence/jakarta.persistence-api/3.1.0/jakarta.persistence-api-3.1.0.jar
MD5: 35a1b7dfb38cf44ff795be607b0e6b5b
SHA1: 66901fa1c373c6aff65c13791cc11da72060a8d6
SHA256:475389446d35c6f46c565728b756dc508c284644ea2690644e0d8e7e339d42fd
Referenced In Project/Scope: Rest Services:compile
jakarta.persistence-api-3.1.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@3.3.4

Identifiers

jakarta.transaction-api-2.0.1.jar

Description:

Jakarta Transactions

License:

EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html
File Path: /Users/tommym/.m2/repository/jakarta/transaction/jakarta.transaction-api/2.0.1/jakarta.transaction-api-2.0.1.jar
MD5: 5315974a3935e342b40849478e1c9966
SHA1: 51a520e3fae406abb84e2e1148e6746ce3f80a1a
SHA256:50c0a7c760c13ae6c042acf182b28f0047413db95b4636fb8879bcffab5ba875
Referenced In Project/Scope: Rest Services:compile
jakarta.transaction-api-2.0.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@3.3.4

Identifiers

jakarta.validation-api-3.0.2.jar

Description:

        Jakarta Bean Validation API

License:

Apache License 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/tommym/.m2/repository/jakarta/validation/jakarta.validation-api/3.0.2/jakarta.validation-api-3.0.2.jar
MD5: 3a1ee6efca3e41e3320599790f54c5eb
SHA1: 92b6631659ba35ca09e44874d3eb936edfeee532
SHA256:291c25e6910cc6a7ebd96d4c6baebf6d7c37676c5482c2d96146e901b62c1fc9
Referenced In Project/Scope: Rest Services:compile
jakarta.validation-api-3.0.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-rest@4.0.0-RC2

Identifiers

jakarta.xml.bind-api-4.0.2.jar

Description:

Jakarta XML Binding API 4.0 Design Specification

License:

http://www.eclipse.org/org/documents/edl-v10.php
File Path: /Users/tommym/.m2/repository/jakarta/xml/bind/jakarta.xml.bind-api/4.0.2/jakarta.xml.bind-api-4.0.2.jar
MD5: 0c8f9991081def819435c3ff36e4d93f
SHA1: 6cd5a999b834b63238005b7144136379dc36cad2
SHA256:0d6bcfe47763e85047acf7c398336dc84ff85ebcad0a7cb6f3b9d3e981245406
Referenced In Project/Scope: Rest Services:compile
jakarta.xml.bind-api-4.0.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-test@3.3.4

Identifiers

jandex-3.1.2.jar

Description:

SmallRye Build Parent POM

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/tommym/.m2/repository/io/smallrye/jandex/3.1.2/jandex-3.1.2.jar
MD5: 757ae579a3a52c03c3c60fbe393c086f
SHA1: a6c1c89925c7df06242b03dddb353116ceb9584c
SHA256:dee12fa1787d5523ed1a02d6c63b19e7aef6ac560f7c6d70595db01aa37e041e
Referenced In Project/Scope: Rest Services:runtime
jandex-3.1.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@3.3.4

Identifiers

javax.inject-1.jar

Description:

The javax.inject API

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/tommym/.m2/repository/javax/inject/javax.inject/1/javax.inject-1.jar
MD5: 289075e48b909e9e74e6c915b3631d2e
SHA1: 6975da39a7040257bd51d21a231b76c915872d38
SHA256:91c77044a50c481636c32d916fd89c9118a72195390452c81065080f957de7ff
Referenced In Project/Scope: Rest Services:provided
javax.inject-1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.querydsl/querydsl-apt@5.1.0

Identifiers

jaxb-core-4.0.5.jar

Description:

JAXB Core module. Contains sources required by XJC, JXC and Runtime modules.

License:

http://www.eclipse.org/org/documents/edl-v10.php
File Path: /Users/tommym/.m2/repository/org/glassfish/jaxb/jaxb-core/4.0.5/jaxb-core-4.0.5.jar
MD5: ab09aef6bebd4438b0a02707881801e4
SHA1: 007b4b11ea5542eea4ad55e1080b23be436795b3
SHA256:ad3fd9bf00de3eda9859f70b6cfb011e2fe9904804e16a2665092888ece0fdca
Referenced In Project/Scope: Rest Services:runtime
jaxb-core-4.0.5.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@3.3.4

Identifiers

CVE-2024-9329  

In Eclipse Glassfish versions before 7.0.17, The Host HTTP parameter could cause the web application to redirect to the specified URL, when the requested endpoint is '/management/domain'. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.
CWE-601 URL Redirection to Untrusted Site ('Open Redirect'), CWE-233 Improper Handling of Parameters

CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions:

jboss-logging-3.5.3.Final.jar

Description:

The JBoss Logging Framework

License:

Apache License 2.0: https://repository.jboss.org/licenses/apache-2.0.txt
File Path: /Users/tommym/.m2/repository/org/jboss/logging/jboss-logging/3.5.3.Final/jboss-logging-3.5.3.Final.jar
MD5: ee7e24e94235c13f53392ecaa53f938c
SHA1: c88fc1d8a96d4c3491f55d4317458ccad53ca663
SHA256:7b119460de174195aca412dfed52ca0bbef0ece26c2d74301b6172cfadf4ff59
Referenced In Project/Scope: Rest Services:compile
jboss-logging-3.5.3.Final.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@3.3.4

Identifiers

jul-to-slf4j-2.0.16.jar

Description:

JUL to SLF4J bridge

License:

http://www.opensource.org/licenses/mit-license.php
File Path: /Users/tommym/.m2/repository/org/slf4j/jul-to-slf4j/2.0.16/jul-to-slf4j-2.0.16.jar
MD5: 410ad2f2230e0150216d86e12a4af995
SHA1: 6d57da3e961daac65bcca0dd3def6cd11e48a24a
SHA256:0f2ec396ea29c9a440890d1f09fdb82fdd574b47b298435764235451c193861d
Referenced In Project/Scope: Rest Services:compile
jul-to-slf4j-2.0.16.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-web@3.3.4

Identifiers

junit-jupiter-5.10.3.jar

Description:

Module "junit-jupiter" of JUnit 5.

License:

Eclipse Public License v2.0: https://www.eclipse.org/legal/epl-v20.html
File Path: /Users/tommym/.m2/repository/org/junit/jupiter/junit-jupiter/5.10.3/junit-jupiter-5.10.3.jar
MD5: 8312d239f10b3aaa94c3dc69f84a250f
SHA1: 6686d8fbf251f9bf8ecba413cab57b9e00f9134d
SHA256:e6fc09f881eba8b8d8a7660a6c7f4d582fa7881f306136afe2d82964a2e7c22f
Referenced In Project/Scope: Rest Services:compile
junit-jupiter-5.10.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-rest@4.0.0-RC2

Identifiers

junit-jupiter-engine-5.10.3.jar

Description:

Module "junit-jupiter-engine" of JUnit 5.

License:

Eclipse Public License v2.0: https://www.eclipse.org/legal/epl-v20.html
File Path: /Users/tommym/.m2/repository/org/junit/jupiter/junit-jupiter-engine/5.10.3/junit-jupiter-engine-5.10.3.jar
MD5: c87ca6659d594120a6030a2760bcdf14
SHA1: 48c14e866bb1a87ca35d24ff068463bb202ada24
SHA256:bbd3ce8dc11e9925071ef9691d68af1ab6e712faa6851f7c5275bc8aafc88673
Referenced In Project/Scope: Rest Services:runtime
junit-jupiter-engine-5.10.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.junit.jupiter/junit-jupiter@5.10.3

Identifiers

junit-jupiter-params-5.10.3.jar

Description:

Module "junit-jupiter-params" of JUnit 5.

License:

Eclipse Public License v2.0: https://www.eclipse.org/legal/epl-v20.html
File Path: /Users/tommym/.m2/repository/org/junit/jupiter/junit-jupiter-params/5.10.3/junit-jupiter-params-5.10.3.jar
MD5: 8c0d875131fa73e688df785a3b2f338d
SHA1: 4852f4e4af9074d9214213b199751f99efeab8b9
SHA256:7c3ed8cefb12496b76c53c3da986ea8f0bf3f426781869475551ae3a506c1ad8
Referenced In Project/Scope: Rest Services:compile
junit-jupiter-params-5.10.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.junit.jupiter/junit-jupiter@5.10.3

Identifiers

junit-platform-engine-1.10.3.jar

Description:

Module "junit-platform-engine" of JUnit 5.

License:

Eclipse Public License v2.0: https://www.eclipse.org/legal/epl-v20.html
File Path: /Users/tommym/.m2/repository/org/junit/platform/junit-platform-engine/1.10.3/junit-platform-engine-1.10.3.jar
MD5: 8fe56ec6a59c1e208e8ba0def9e47bf3
SHA1: 365a320c3cfd47f3346625e541e424e35dc75c42
SHA256:df7c32bf75cf47c4c8ddd1942091027947a7d765d30b731fe00830115fafa133
Referenced In Project/Scope: Rest Services:runtime
junit-platform-engine-1.10.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.junit.jupiter/junit-jupiter@5.10.3

Identifiers

log4j-api-2.23.1.jar

Description:

The Apache Log4j API

License:

Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/tommym/.m2/repository/org/apache/logging/log4j/log4j-api/2.23.1/log4j-api-2.23.1.jar
MD5: bee2e2dcbeeb983bdb6b71c9c3476b6a
SHA1: 9c15c29c526d9c6783049c0a77722693c66706e1
SHA256:92ec1fd36ab3bc09de6198d2d7c0914685c0f7127ea931acc32fd2ecdd82ea89
Referenced In Project/Scope: Rest Services:compile
log4j-api-2.23.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-web@3.3.4

Identifiers

log4j-to-slf4j-2.23.1.jar

Description:

The Apache Log4j binding between Log4j 2 API and SLF4J.

License:

Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/tommym/.m2/repository/org/apache/logging/log4j/log4j-to-slf4j/2.23.1/log4j-to-slf4j-2.23.1.jar
MD5: d60143628bb91f9dfa0148c213388b39
SHA1: 425ad1eb8a39904d2830e907a324e956fb456520
SHA256:7937a84055156910234e3b42868f55e68ff4b7becbb6ffd10146f72f5bf54dd5
Referenced In Project/Scope: Rest Services:compile
log4j-to-slf4j-2.23.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-web@3.3.4

Identifiers

logback-core-1.5.8.jar

Description:

logback-core module

License:

http://www.eclipse.org/legal/epl-v10.html, http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html
File Path: /Users/tommym/.m2/repository/ch/qos/logback/logback-core/1.5.8/logback-core-1.5.8.jar
MD5: 6048cf7daf6489ce151130cc993edccf
SHA1: 3fce599197de3b6f387cc9bee412ead2b4994a46
SHA256:a698e4cff3eac45eec9b2755df93bb7a9725d853f7938030654ce5430b37c41d
Referenced In Project/Scope: Rest Services:compile
logback-core-1.5.8.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-web@3.3.4

Identifiers

lombok-1.18.34.jar

Description:

Spice up your java: Automatic Resource Management, automatic generation of getters, setters, equals, hashCode and toString, and more!

License:

The MIT License: https://projectlombok.org/LICENSE
File Path: /Users/tommym/.m2/repository/org/projectlombok/lombok/1.18.34/lombok-1.18.34.jar
MD5: 91ce91dbfa7694bff4ddc1e51643f8b2
SHA1: ec547ef414ab1d2c040118fb9c1c265ada63af14
SHA256:c27d6b2aff56241d1b07fcbcc6b183709e6b432c80f7374eeb1d823e86d4b81a
Referenced In Project/Scope: Rest Services:compile
lombok-1.18.34.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-rest@4.0.0-RC2

Identifiers

lombok-1.18.34.jar: mavenEcjBootstrapAgent.jar

File Path: /Users/tommym/.m2/repository/org/projectlombok/lombok/1.18.34/lombok-1.18.34.jar/lombok/launch/mavenEcjBootstrapAgent.jar
MD5: e5552f93605e20eb4039662ee38ee41a
SHA1: 257946794d3fbaff9023c991de99d6b7a7be8c8d
SHA256:7f93cde1d476e8d84f51213c52d70eb596fcde669fbd30fbd5a6745346fdde9d
Referenced In Project/Scope: Rest Services:compile

Identifiers

  • None

micrometer-commons-1.13.4.jar

Description:

Module containing common code

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/tommym/.m2/repository/io/micrometer/micrometer-commons/1.13.4/micrometer-commons-1.13.4.jar
MD5: 3058e9b29fff7d5f2d4bdabd3ba6b806
SHA1: edcf69518a4c382c48e19c7fb7d4aedfb115c0c3
SHA256:7407cc52817cfb66814292de841a4495c5af5309b15be367565d4bc700a433c2
Referenced In Project/Scope: Rest Services:compile
micrometer-commons-1.13.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-web@3.3.4

Identifiers

micrometer-observation-1.13.4.jar

Description:

Module containing Observation related code

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/tommym/.m2/repository/io/micrometer/micrometer-observation/1.13.4/micrometer-observation-1.13.4.jar
MD5: f2731d224c64773ce187592e6cbf3fc0
SHA1: 2673c9b181ab2512002b23b7ad0f1dd02212696c
SHA256:58642b0c0c965d1dc42bc49573657e948ea2a6c54d4902a6bc7e12a558d71f50
Referenced In Project/Scope: Rest Services:compile
micrometer-observation-1.13.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-web@3.3.4

Identifiers

mysema-commons-lang-0.2.4.jar

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/tommym/.m2/repository/com/mysema/commons/mysema-commons-lang/0.2.4/mysema-commons-lang-0.2.4.jar
MD5: c13bde1d0dae26b8ca3c56b5e4e40157
SHA1: d09c8489d54251a6c22fbce804bdd4a070557317
SHA256:dbbdd6816b33d3bead50f4d217825fcf568d50a43af881df5cdd01468c2b6efe
Referenced In Project/Scope: Rest Services:compile
mysema-commons-lang-0.2.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.querydsl/querydsl-jpa@5.1.0

Identifiers

opentest4j-1.3.0.jar

Description:

Open Test Alliance for the JVM

License:

The Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/tommym/.m2/repository/org/opentest4j/opentest4j/1.3.0/opentest4j-1.3.0.jar
MD5: 03c404f727531f3fd3b4c73997899327
SHA1: 152ea56b3a72f655d4fd677fc0ef2596c3dd5e6e
SHA256:48e2df636cab6563ced64dcdff8abb2355627cb236ef0bf37598682ddf742f1b
Referenced In Project/Scope: Rest Services:runtime
opentest4j-1.3.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.junit.jupiter/junit-jupiter-api@5.10.3

Identifiers

querydsl-apt-5.1.0-jakarta.jar

Description:

APT based Source code generation for Querydsl

File Path: /Users/tommym/.m2/repository/com/querydsl/querydsl-apt/5.1.0/querydsl-apt-5.1.0-jakarta.jar
MD5: 75ada87133b15a7070113651dacc7499
SHA1: 3b1cbe05851840b5dc926833908747a193c097cc
SHA256:9b0e0f18205930ce1e21ab03758c46c069b92d4418956bf8468d85887cd2dfef
Referenced In Project/Scope: Rest Services:provided
querydsl-apt-5.1.0-jakarta.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-rest@4.0.0-RC2

Identifiers

querydsl-core-5.1.0.jar

Description:

core module for querydsl

File Path: /Users/tommym/.m2/repository/com/querydsl/querydsl-core/5.1.0/querydsl-core-5.1.0.jar
MD5: 2c9349a570cc9b090e44a22bff6be406
SHA1: be322c3fe98de8e7c204afb8860bfabd81a3bafd
SHA256:57a3033ddbb4d928552b33443be7195bc3caba6fa85cd9a492bc874a5ef98c8e
Referenced In Project/Scope: Rest Services:compile
querydsl-core-5.1.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.querydsl/querydsl-jpa@5.1.0

Identifiers

querydsl-jpa-5.1.0-jakarta.jar

Description:

JPA support for Querydsl

File Path: /Users/tommym/.m2/repository/com/querydsl/querydsl-jpa/5.1.0/querydsl-jpa-5.1.0-jakarta.jar
MD5: 54dae173af07a330f1a80cc48b0e02f3
SHA1: f44ee79a324cf92d6821eca736b2028e69542050
SHA256:01b064b511e093ceff2a8698829354b4fb1dc08f576e405dd6dfa8ab35736ca2
Referenced In Project/Scope: Rest Services:compile
querydsl-jpa-5.1.0-jakarta.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-rest@4.0.0-RC2

Identifiers

slf4j-api-2.0.16.jar

Description:

The slf4j API

License:

http://www.opensource.org/licenses/mit-license.php
File Path: /Users/tommym/.m2/repository/org/slf4j/slf4j-api/2.0.16/slf4j-api-2.0.16.jar
MD5: c8de8f5d740584cb24b5652cfba8b3c4
SHA1: 0172931663a09a1fa515567af5fbef00897d3c04
SHA256:a12578dde1ba00bd9b816d388a0b879928d00bab3c83c240f7013bf4196c579a
Referenced In Project/Scope: Rest Services:compile
slf4j-api-2.0.16.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-rest@4.0.0-RC2

Identifiers

snakeyaml-2.2.jar

Description:

YAML 1.1 parser and emitter for Java

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/tommym/.m2/repository/org/yaml/snakeyaml/2.2/snakeyaml-2.2.jar
MD5: d78aacf5f2de5b52f1a327470efd1ad7
SHA1: 3af797a25458550a16bf89acc8e4ab2b7f2bfce0
SHA256:1467931448a0817696ae2805b7b8b20bfb082652bf9c4efaed528930dc49389b
Referenced In Project/Scope: Rest Services:compile
snakeyaml-2.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-web@3.3.4

Identifiers

spring-boot-3.3.4.jar

Description:

Spring Boot

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /Users/tommym/.m2/repository/org/springframework/boot/spring-boot/3.3.4/spring-boot-3.3.4.jar
MD5: f0ef22445df4734fbd86ac1f976833c0
SHA1: f06c6950aa5766b63328e821641f5c7d71be819d
SHA256:2d3b43ade67d8b8ff23e80fa7f9f3d469a28413a826042808bcb3b718f13e01a
Referenced In Project/Scope: Rest Services:compile
spring-boot-3.3.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-autoconfigure@3.3.4

Identifiers

spring-boot-starter-web-3.3.4.jar

Description:

Starter for building web, including RESTful, applications using Spring MVC. Uses Tomcat as the default embedded container

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /Users/tommym/.m2/repository/org/springframework/boot/spring-boot-starter-web/3.3.4/spring-boot-starter-web-3.3.4.jar
MD5: 32d75ba466964fff5823a724bf28a888
SHA1: b43a9fd107611337777b47dc7518e2aca59e58eb
SHA256:066e91bfda3d47012fc21d66d59e09823fbc3f07fe5463324fb8cb19641bb373
Referenced In Project/Scope: Rest Services:compile
spring-boot-starter-web-3.3.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-rest@4.0.0-RC2

Identifiers

spring-core-6.1.13.jar

Description:

Spring Core

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /Users/tommym/.m2/repository/org/springframework/spring-core/6.1.13/spring-core-6.1.13.jar
MD5: e1965e1d05b8ed52cee0593007d2e40f
SHA1: ddbd765408d2665f47017c8f05a7682012f91da3
SHA256:5f0059701b1c0bcdab78bb72dc252fce9eab16147819587238cacbdbf7b794cf
Referenced In Project/Scope: Rest Services:compile
spring-core-6.1.13.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-test@3.3.4

Identifiers

CVE-2024-38820  

The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected.
NVD-CWE-noinfo, CWE-178 Improper Handling of Case Sensitivity

CVSSv3:
  • Base Score: MEDIUM (5.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

spring-data-commons-3.3.4.jar

Description:

Core Spring concepts underpinning every Spring Data module.

File Path: /Users/tommym/.m2/repository/org/springframework/data/spring-data-commons/3.3.4/spring-data-commons-3.3.4.jar
MD5: cfc6e5fee5e1e6e8984739077de12819
SHA1: f0f6bca5b0cd7d318666e2d3f02726c615334678
SHA256:f44a2d79928fefe9879d76b3ae8141dbc5793cda7930543f295d9394f115a76d
Referenced In Project/Scope: Rest Services:compile
spring-data-commons-3.3.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@3.3.4

Identifiers

spring-data-jpa-3.3.4.jar

Description:

Spring Data module for JPA repositories.

File Path: /Users/tommym/.m2/repository/org/springframework/data/spring-data-jpa/3.3.4/spring-data-jpa-3.3.4.jar
MD5: 4041bcb81e2078d07519fe237ab5aaf0
SHA1: f92296e4b6d18f5f79c5e6074da96bf0de2006d3
SHA256:99dade6857529c77afeb83703732c1a37e61c0e0d25ec3d064a0b88b6679b71b
Referenced In Project/Scope: Rest Services:compile
spring-data-jpa-3.3.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@3.3.4

Identifiers

spring-web-6.1.13.jar

Description:

Spring Web

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /Users/tommym/.m2/repository/org/springframework/spring-web/6.1.13/spring-web-6.1.13.jar
MD5: 04c3636cb8b2f312a1343a601a5b2043
SHA1: e4028dbbc4ae1fb4bfd3257c53302956d7687b66
SHA256:8ebf053db3d81756d92797060b5c4edc80a9b39262266ce16cd084448fa13c90
Referenced In Project/Scope: Rest Services:compile
spring-web-6.1.13.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-web@3.3.4

Identifiers

CVE-2024-38820  

The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected.
NVD-CWE-noinfo, CWE-178 Improper Handling of Case Sensitivity

CVSSv3:
  • Base Score: MEDIUM (5.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

spring-webmvc-6.1.13.jar

Description:

Spring Web MVC

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /Users/tommym/.m2/repository/org/springframework/spring-webmvc/6.1.13/spring-webmvc-6.1.13.jar
MD5: 73575541f7d9bcab037c0c62207242ac
SHA1: ca5f025b133c69026bfe01daa6132d0ac2e4a59f
SHA256:ca2d637672d9b9eedeb743304a37182b4b6b89b2c224e8482b4827098119c05e
Referenced In Project/Scope: Rest Services:compile
spring-webmvc-6.1.13.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-web@3.3.4

Identifiers

CVE-2024-38819 (OSSINDEX)  

Spring Web - Path Traversal
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv2:
  • Base Score: HIGH (8.199999809265137)
  • Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.springframework:spring-webmvc:6.1.13:*:*:*:*:*:*:*

CVE-2024-38820  

The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected.
NVD-CWE-noinfo, CWE-178 Improper Handling of Case Sensitivity

CVSSv3:
  • Base Score: MEDIUM (5.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

springdoc-openapi-starter-common-2.6.0.jar

File Path: /Users/tommym/.m2/repository/org/springdoc/springdoc-openapi-starter-common/2.6.0/springdoc-openapi-starter-common-2.6.0.jar
MD5: 9d43f8e4081212a673114492cab8e304
SHA1: c8cf5fbd1f9e4c410d67f1de27dfc3529de13620
SHA256:5e072d2fe2d64d06ae87918340c808a3b9d67537b1645a91e6151438c714fb74
Referenced In Project/Scope: Rest Services:compile
springdoc-openapi-starter-common-2.6.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springdoc/springdoc-openapi-starter-webmvc-ui@2.6.0

Identifiers

springdoc-openapi-starter-webmvc-api-2.6.0.jar

File Path: /Users/tommym/.m2/repository/org/springdoc/springdoc-openapi-starter-webmvc-api/2.6.0/springdoc-openapi-starter-webmvc-api-2.6.0.jar
MD5: 7f46407fedd5784e353b76ab67421340
SHA1: d235c2989247641e5dfe764d7add3a11e4d54a5f
SHA256:78a416e14baab214f600cfd04af4ecf92fb959df9bc92148b1a9b9c0dfa1ddc9
Referenced In Project/Scope: Rest Services:compile
springdoc-openapi-starter-webmvc-api-2.6.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springdoc/springdoc-openapi-starter-webmvc-ui@2.6.0

Identifiers

springdoc-openapi-starter-webmvc-ui-2.6.0.jar

File Path: /Users/tommym/.m2/repository/org/springdoc/springdoc-openapi-starter-webmvc-ui/2.6.0/springdoc-openapi-starter-webmvc-ui-2.6.0.jar
MD5: 3e3adc56929b8918f086242c714f0193
SHA1: 2dddebb56441dbaa1009c4de434a83c65596f6ad
SHA256:160558319ef577c74515a253d07e3114ce714b8462878b84065530794acafc1e
Referenced In Project/Scope: Rest Services:compile
springdoc-openapi-starter-webmvc-ui-2.6.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.dynamoframework/dynamo-rest@4.0.0-RC2

Identifiers

swagger-core-jakarta-2.2.22.jar

Description:

swagger-core-jakarta

License:

"Apache License 2.0";link="http://www.apache.org/licenses/LICENSE-2.0.html"
File Path: /Users/tommym/.m2/repository/io/swagger/core/v3/swagger-core-jakarta/2.2.22/swagger-core-jakarta-2.2.22.jar
MD5: da25e751594c524d52262d665c85bb41
SHA1: 9ed5daaaa1c94c9a6b56c058c9d1b3190044a2e2
SHA256:92d51dfa23ec0990cd1f745b0fb0dc15e31ffd294167a19ea8913d3b187e6dc6
Referenced In Project/Scope: Rest Services:compile
swagger-core-jakarta-2.2.22.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springdoc/springdoc-openapi-starter-webmvc-ui@2.6.0

Identifiers

swagger-ui-5.17.14.jar

Description:

WebJar for Swagger UI

License:

Apache-2.0
File Path: /Users/tommym/.m2/repository/org/webjars/swagger-ui/5.17.14/swagger-ui-5.17.14.jar
MD5: 0000f3977f67d7c1b7ac77a36bfabcca
SHA1: 7c746d197424eb721b4e08fcaa9e85231662d81f
SHA256:3d16fe99be7ef7fc6fd6b9a0b6d12e3a5444735d8a2c0c6246fbc804da5103bb
Referenced In Project/Scope: Rest Services:compile
swagger-ui-5.17.14.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springdoc/springdoc-openapi-starter-webmvc-ui@2.6.0

Identifiers

swagger-ui-5.17.14.jar: swagger-initializer.js

File Path: /Users/tommym/.m2/repository/org/webjars/swagger-ui/5.17.14/swagger-ui-5.17.14.jar/META-INF/resources/webjars/swagger-ui/5.17.14/swagger-initializer.js
MD5: ff995915f51c051c59fed883f5d7be28
SHA1: c434dd8fbfa625a10351681d3037ee79d5682207
SHA256:a895034f24f12d7cd81ec47c98da4f15721d9d9a8d2405f22f21704821f81d02
Referenced In Project/Scope: Rest Services:compile

Identifiers

  • None

swagger-ui-5.17.14.jar: swagger-ui-bundle.js

File Path: /Users/tommym/.m2/repository/org/webjars/swagger-ui/5.17.14/swagger-ui-5.17.14.jar/META-INF/resources/webjars/swagger-ui/5.17.14/swagger-ui-bundle.js
MD5: bccc97f77bdb8edc590ae3abdf83b9a7
SHA1: 36af3f79010ac51754bbfa35e86f73b28521e559
SHA256:c2e4a9ef08144839ff47c14202063ecfe4e59e70a4e7154a26bd50d880c88ba1
Referenced In Project/Scope: Rest Services:compile

Identifiers

  • None

swagger-ui-5.17.14.jar: swagger-ui-es-bundle-core.js

File Path: /Users/tommym/.m2/repository/org/webjars/swagger-ui/5.17.14/swagger-ui-5.17.14.jar/META-INF/resources/webjars/swagger-ui/5.17.14/swagger-ui-es-bundle-core.js
MD5: 6d1d2b740c3afdcc8e06a3296077dae3
SHA1: b7592ebdff721dd9e4395b602fe5302aa8900355
SHA256:a27834fd6ba3947c10118dac3f87ab91dc000926d725036f7db6758b6c4fb61c
Referenced In Project/Scope: Rest Services:compile

Identifiers

  • None

swagger-ui-5.17.14.jar: swagger-ui-es-bundle.js

File Path: /Users/tommym/.m2/repository/org/webjars/swagger-ui/5.17.14/swagger-ui-5.17.14.jar/META-INF/resources/webjars/swagger-ui/5.17.14/swagger-ui-es-bundle.js
MD5: 8eb90030c9696e65fba69e5cca855278
SHA1: 47717c193b2c8be0538f7f63c4ddccc9da6e75ad
SHA256:eb5860a4aff8e9cdb7753056739ee1724cc89baaaab326e75d3936062e06b551
Referenced In Project/Scope: Rest Services:compile

Identifiers

  • None

swagger-ui-5.17.14.jar: swagger-ui-standalone-preset.js

File Path: /Users/tommym/.m2/repository/org/webjars/swagger-ui/5.17.14/swagger-ui-5.17.14.jar/META-INF/resources/webjars/swagger-ui/5.17.14/swagger-ui-standalone-preset.js
MD5: 861c3618a16aefc88e19a052836718e5
SHA1: c3073b573e55925510e2e6e6a1e2a564a2bc8558
SHA256:33b7a6f5afcac4902fdf93281be2d2e12db15f241d384606e6e6d17745b7f86f
Referenced In Project/Scope: Rest Services:compile

Identifiers

  • None

swagger-ui-5.17.14.jar: swagger-ui.js

File Path: /Users/tommym/.m2/repository/org/webjars/swagger-ui/5.17.14/swagger-ui-5.17.14.jar/META-INF/resources/webjars/swagger-ui/5.17.14/swagger-ui.js
MD5: f5967d03b75271cf7d23ab17931ae2f4
SHA1: 8b0335d5bade188456d36cefad9b22976b907d90
SHA256:cbd1a3687472d025b41a49836fc0e59679d7fd8eab38168d51b439e730b778a1
Referenced In Project/Scope: Rest Services:compile

Identifiers

  • None

tomcat-embed-core-10.1.30.jar

Description:

Core Tomcat implementation

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/tommym/.m2/repository/org/apache/tomcat/embed/tomcat-embed-core/10.1.30/tomcat-embed-core-10.1.30.jar
MD5: 16d8c001e54ed67aa8be83395f582265
SHA1: 0852ff3547f179175feaff39c443e9b980ec2cc2
SHA256:2eba5a20566f7ecb307508a6faef631652e59a865c0dba3c97c3bee1f4774bef
Referenced In Project/Scope: Rest Services:compile
tomcat-embed-core-10.1.30.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-web@3.3.4

Identifiers

tomcat-embed-el-10.1.30.jar

Description:

Core Tomcat implementation

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/tommym/.m2/repository/org/apache/tomcat/embed/tomcat-embed-el/10.1.30/tomcat-embed-el-10.1.30.jar
MD5: da24b9956c9ed9e5b10b6bedc2de2261
SHA1: 432b176aa50de87c3bbda99b0fe85523abfd1382
SHA256:ee94bb23409ac67cc6c79c0f7c3e61be0262adcf6e4d778bfe292944109f6697
Referenced In Project/Scope: Rest Services:compile
tomcat-embed-el-10.1.30.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-validation@3.3.4

Identifiers

txw2-4.0.5.jar

Description:

        TXW is a library that allows you to write XML documents.

File Path: /Users/tommym/.m2/repository/org/glassfish/jaxb/txw2/4.0.5/txw2-4.0.5.jar
MD5: 2f5aa7dbd5e326562cff6ce720a1485a
SHA1: f36a4ef12120a9bb06d766d6a0e54b144fd7ed98
SHA256:917355bc451481f30d043b24d123110517966af34383901773882810dca480e5
Referenced In Project/Scope: Rest Services:runtime
txw2-4.0.5.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@3.3.4

Identifiers

CVE-2024-9329  

In Eclipse Glassfish versions before 7.0.17, The Host HTTP parameter could cause the web application to redirect to the specified URL, when the requested endpoint is '/management/domain'. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.
CWE-601 URL Redirection to Untrusted Site ('Open Redirect'), CWE-233 Improper Handling of Parameters

CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions:



This report contains data retrieved from the National Vulnerability Database.
This report may contain data retrieved from the CISA Known Exploited Vulnerability Catalog.
This report may contain data retrieved from the Github Advisory Database (via NPM Audit API).
This report may contain data retrieved from RetireJS.
This report may contain data retrieved from the Sonatype OSS Index.