Press CTR-C to copy XML [help]


Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

How to read the report | Suppressing false positives | Getting Help: github issues

 Sponsor

Project: Y'a foot

net.andresbustamante:y-a-foot:2.0.0-SNAPSHOT

Scan Information (show all):

Summary

Display: Showing Vulnerable Dependencies (click to show all)

DependencyVulnerability IDsPackageHighest SeverityCVE CountConfidenceEvidence Count
HikariCP-5.1.0.jarpkg:maven/com.zaxxer/HikariCP@5.1.0 037
accessors-smart-2.5.2.jarcpe:2.3:a:json-java_project:json-java:2.5.2:*:*:*:*:*:*:*pkg:maven/net.minidev/accessors-smart@2.5.2HIGH2Low45
amqp-client-5.19.0.jarcpe:2.3:a:vmware:rabbitmq:5.19.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:rabbitmq_java_client:5.19.0:*:*:*:*:*:*:*		pkg:maven/com.rabbitmq/amqp-client@5.19.0 0High51
angus-activation-2.0.1.jarpkg:maven/org.eclipse.angus/angus-activation@2.0.1 037
angus-mail-2.0.1.jar (shaded: org.eclipse.angus:angus-core:2.0.1)pkg:maven/org.eclipse.angus/angus-core@2.0.1 09
angus-mail-2.0.1.jar (shaded: org.eclipse.angus:imap:2.0.1)pkg:maven/org.eclipse.angus/imap@2.0.1 09
angus-mail-2.0.1.jar (shaded: org.eclipse.angus:logging-mailhandler:2.0.1)pkg:maven/org.eclipse.angus/logging-mailhandler@2.0.1 09
angus-mail-2.0.1.jar (shaded: org.eclipse.angus:pop3:2.0.1)pkg:maven/org.eclipse.angus/pop3@2.0.1 09
angus-mail-2.0.1.jar (shaded: org.eclipse.angus:smtp:2.0.1)pkg:maven/org.eclipse.angus/smtp@2.0.1 09
angus-mail-2.0.1.jarcpe:2.3:a:service_project:service:2.0.1:*:*:*:*:*:*:*pkg:maven/org.eclipse.angus/angus-mail@2.0.1 0Low33
apache-mime4j-core-0.8.11.jarcpe:2.3:a:apache:james_mime4j:0.8.11:*:*:*:*:*:*:*pkg:maven/org.apache.james/apache-mime4j-core@0.8.11 0Highest36
apache-mime4j-storage-0.8.11.jarpkg:maven/org.apache.james/apache-mime4j-storage@0.8.11 036
apiguardian-api-1.1.2.jarpkg:maven/org.apiguardian/apiguardian-api@1.1.2 042
asm-9.7.1.jarpkg:maven/org.ow2.asm/asm@9.7.1 054
aspectjweaver-1.9.24.jarpkg:maven/org.aspectj/aspectjweaver@1.9.24 049
asyncutil-0.1.0.jarpkg:maven/com.ibm.async/asyncutil@0.1.0 034
avro-1.11.4.jarpkg:maven/org.apache.avro/avro@1.11.4 036
btf-1.3.jarcpe:2.3:a:json-java_project:json-java:1.3:*:*:*:*:*:*:*pkg:maven/com.github.java-json-tools/btf@1.3HIGH2Highest29
byte-buddy-1.14.12.jarpkg:maven/net.bytebuddy/byte-buddy@1.14.12 029
byte-buddy-agent-1.14.12.jarpkg:maven/net.bytebuddy/byte-buddy-agent@1.14.12 035
checker-qual-3.48.3.jarpkg:maven/org.checkerframework/checker-qual@3.48.3 046
classmate-1.5.1.jarpkg:maven/com.fasterxml/classmate@1.5.1 057
codemodel-4.0.3.jarcpe:2.3:a:oracle:java_se:4.0.3:*:*:*:*:*:*:*pkg:maven/org.glassfish.jaxb/codemodel@4.0.3 0Low38
commons-codec-1.16.1.jarpkg:maven/commons-codec/commons-codec@1.16.1 0125
commons-collections4-4.4.jarcpe:2.3:a:apache:commons_collections:4.4:*:*:*:*:*:*:*pkg:maven/org.apache.commons/commons-collections4@4.4 0Highest107
commons-compress-1.26.2.jarcpe:2.3:a:apache:commons_compress:1.26.2:*:*:*:*:*:*:*pkg:maven/org.apache.commons/commons-compress@1.26.2 0Highest111
commons-dbcp2-2.11.0.jarpkg:maven/org.apache.commons/commons-dbcp2@2.11.0 0112
commons-io-2.15.0.jarcpe:2.3:a:apache:commons_io:2.15.0:*:*:*:*:*:*:*pkg:maven/commons-io/commons-io@2.15.0 0Highest127
commons-lang3-3.13.0.jarpkg:maven/org.apache.commons/commons-lang3@3.13.0 0145
commons-logging-1.2.jarpkg:maven/commons-logging/commons-logging@1.2 0117
commons-logging-jboss-logging-1.0.0.Final.jarpkg:maven/org.jboss.logging/commons-logging-jboss-logging@1.0.0.Final 036
commons-pool2-2.12.0.jarpkg:maven/org.apache.commons/commons-pool2@2.12.0 096
commons-text-1.11.0.jarcpe:2.3:a:apache:commons_text:1.11.0:*:*:*:*:*:*:*pkg:maven/org.apache.commons/commons-text@1.11.0 0Highest75
content-type-2.2.jarpkg:maven/com.nimbusds/content-type@2.2 047
dbunit-2.7.3.jarcpe:2.3:a:connections_project:connections:2.7.3:*:*:*:*:*:*:*
cpe:2.3:a:golden_project:golden:2.7.3:*:*:*:*:*:*:*		pkg:maven/org.dbunit/dbunit@2.7.3 0Low96
flyway-core-10.10.0.jarpkg:maven/org.flywaydb/flyway-core@10.10.0 021
freemarker-2.3.34.jarpkg:maven/org.freemarker/freemarker@2.3.34 044
gson-2.10.1.jarcpe:2.3:a:google:gson:2.10.1:*:*:*:*:*:*:*pkg:maven/com.google.code.gson/gson@2.10.1 0Highest35
hibernate-validator-8.0.2.Final.jarcpe:2.3:a:redhat:hibernate_validator:8.0.2:*:*:*:*:*:*:*pkg:maven/org.hibernate.validator/hibernate-validator@8.0.2.Final 0Highest36
httpclient-4.5.14.jarcpe:2.3:a:apache:httpclient:4.5.14:*:*:*:*:*:*:*pkg:maven/org.apache.httpcomponents/httpclient@4.5.14 0Highest32
httpcore-4.4.16.jarpkg:maven/org.apache.httpcomponents/httpcore@4.4.16 032
istack-commons-tools-4.1.2.jarcpe:2.3:a:oracle:java_se:4.1.2:*:*:*:*:*:*:*pkg:maven/com.sun.istack/istack-commons-tools@4.1.2 0Low33
jackson-annotations-2.17.3.jarcpe:2.3:a:fasterxml:jackson-modules-java8:2.17.3:*:*:*:*:*:*:*pkg:maven/com.fasterxml.jackson.core/jackson-annotations@2.17.3 0Low40
jackson-core-2.17.3.jarcpe:2.3:a:fasterxml:jackson-modules-java8:2.17.3:*:*:*:*:*:*:*
cpe:2.3:a:json-java_project:json-java:2.17.3:*:*:*:*:*:*:*		pkg:maven/com.fasterxml.jackson.core/jackson-core@2.17.3HIGH2Low51
jackson-coreutils-2.0.jarcpe:2.3:a:json-java_project:json-java:2.0:*:*:*:*:*:*:*pkg:maven/com.github.java-json-tools/jackson-coreutils@2.0HIGH2Highest28
jackson-databind-2.17.3.jarcpe:2.3:a:fasterxml:jackson-databind:2.17.3:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-modules-java8:2.17.3:*:*:*:*:*:*:*		pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.17.3 0Highest43
jackson-dataformat-toml-2.17.3.jarcpe:2.3:a:fasterxml:jackson-dataformat-xml:2.17.3:*:*:*:*:*:*:*pkg:maven/com.fasterxml.jackson.dataformat/jackson-dataformat-toml@2.17.3 0Highest41
jackson-jakarta-rs-base-2.17.3.jarpkg:maven/com.fasterxml.jackson.jakarta.rs/jackson-jakarta-rs-base@2.17.3 040
jackson-jakarta-rs-json-provider-2.17.3.jarcpe:2.3:a:json-java_project:json-java:2.17.3:*:*:*:*:*:*:*pkg:maven/com.fasterxml.jackson.jakarta.rs/jackson-jakarta-rs-json-provider@2.17.3HIGH2Low40
jackson-module-jakarta-xmlbind-annotations-2.17.3.jarpkg:maven/com.fasterxml.jackson.module/jackson-module-jakarta-xmlbind-annotations@2.17.3 041
jakarta.activation-api-2.1.3.jarcpe:2.3:a:eclipse:eclipse_ide:2.1.3:*:*:*:*:*:*:*pkg:maven/jakarta.activation/jakarta.activation-api@2.1.3MEDIUM3Highest50
jakarta.annotation-api-2.1.1.jarcpe:2.3:a:oracle:projects:2.1.1:*:*:*:*:*:*:*pkg:maven/jakarta.annotation/jakarta.annotation-api@2.1.1 0Low44
jakarta.mail-2.0.3.jar (shaded: org.eclipse.angus:angus-core:2.0.3)pkg:maven/org.eclipse.angus/angus-core@2.0.3 09
jakarta.mail-2.0.3.jar (shaded: org.eclipse.angus:angus-mail:2.0.3)pkg:maven/org.eclipse.angus/angus-mail@2.0.3 09
jakarta.mail-2.0.3.jar (shaded: org.eclipse.angus:imap:2.0.3)pkg:maven/org.eclipse.angus/imap@2.0.3 09
jakarta.mail-2.0.3.jar (shaded: org.eclipse.angus:logging-mailhandler:2.0.3)pkg:maven/org.eclipse.angus/logging-mailhandler@2.0.3 09
jakarta.mail-2.0.3.jar (shaded: org.eclipse.angus:pop3:2.0.3)pkg:maven/org.eclipse.angus/pop3@2.0.3 09
jakarta.mail-2.0.3.jar (shaded: org.eclipse.angus:smtp:2.0.3)pkg:maven/org.eclipse.angus/smtp@2.0.3 09
jakarta.mail-2.0.3.jarpkg:maven/org.eclipse.angus/jakarta.mail@2.0.3 036
jakarta.mail-api-2.1.3.jarcpe:2.3:a:eclipse:eclipse_ide:2.1.3:*:*:*:*:*:*:*pkg:maven/jakarta.mail/jakarta.mail-api@2.1.3MEDIUM3Highest41
jakarta.servlet-api-6.0.0.jarcpe:2.3:a:oracle:projects:6.0.0:*:*:*:*:*:*:*pkg:maven/jakarta.servlet/jakarta.servlet-api@6.0.0 0Low47
jakarta.validation-api-3.0.2.jarpkg:maven/jakarta.validation/jakarta.validation-api@3.0.2 058
jakarta.ws.rs-api-3.1.0.jarcpe:2.3:a:web_project:web:3.1.0:*:*:*:*:*:*:*pkg:maven/jakarta.ws.rs/jakarta.ws.rs-api@3.1.0 0Low45
jakarta.xml.bind-api-4.0.2.jarpkg:maven/jakarta.xml.bind/jakarta.xml.bind-api@4.0.2 034
jandex-2.4.5.Final.jarpkg:maven/org.jboss/jandex@2.4.5.Final 042
jaxb-core-4.0.3.jarpkg:maven/org.glassfish.jaxb/jaxb-core@4.0.3 042
jaxb-jxc-4.0.3.jarpkg:maven/org.glassfish.jaxb/jaxb-jxc@4.0.3 030
jaxb-runtime-4.0.3.jarpkg:maven/org.glassfish.jaxb/jaxb-runtime@4.0.3 042
jaxb-xjc-4.0.3.jarpkg:maven/org.glassfish.jaxb/jaxb-xjc@4.0.3 030
jboss-logging-3.5.3.Final.jarpkg:maven/org.jboss.logging/jboss-logging@3.5.3.Final 043
jcip-annotations-1.0-1.jarpkg:maven/com.github.stephenc.jcip/jcip-annotations@1.0-1 025
json-patch-1.13.jarcpe:2.3:a:json-java_project:json-java:1.13:*:*:*:*:*:*:*pkg:maven/com.github.java-json-tools/json-patch@1.13HIGH2Highest28
json-smart-2.5.2.jarcpe:2.3:a:json-smart_project:json-smart:2.5.2:*:*:*:*:*:*:*
cpe:2.3:a:json-smart_project:json-smart-v2:2.5.2:*:*:*:*:*:*:*		pkg:maven/net.minidev/json-smart@2.5.2 0Highest53
junit-jupiter-api-5.10.5.jarcpe:2.3:a:fan_platform_project:fan_platform:5.10.5:*:*:*:*:*:*:*pkg:maven/org.junit.jupiter/junit-jupiter-api@5.10.5 0Low78
junit-platform-commons-1.10.5.jarcpe:2.3:a:fan_platform_project:fan_platform:1.10.5:*:*:*:*:*:*:*pkg:maven/org.junit.platform/junit-platform-commons@1.10.5 0Low82
keycloak-admin-client-26.0.5.jarcpe:2.3:a:keycloak:keycloak:26.0.5:*:*:*:*:*:*:*
cpe:2.3:a:redhat:keycloak:26.0.5:*:*:*:*:*:*:*		pkg:maven/org.keycloak/keycloak-admin-client@26.0.5 0Highest33
keycloak-core-26.1.3.jarcpe:2.3:a:keycloak:keycloak:26.1.3:*:*:*:*:*:*:*
cpe:2.3:a:redhat:keycloak:26.1.3:*:*:*:*:*:*:*		pkg:maven/org.keycloak/keycloak-core@26.1.3 0Highest29
lang-tag-1.7.jarpkg:maven/com.nimbusds/lang-tag@1.7 049
logback-core-1.5.18.jarcpe:2.3:a:qos:logback:1.5.18:*:*:*:*:*:*:*pkg:maven/ch.qos.logback/logback-core@1.5.18 0Highest41
lombok-1.18.38.jarpkg:maven/org.projectlombok/lombok@1.18.38 036
lombok-1.18.38.jar: mavenEcjBootstrapAgent.jar 07
mapstruct-1.5.5.Final.jarpkg:maven/org.mapstruct/mapstruct@1.5.5.Final 038
micrometer-commons-1.13.13.jarpkg:maven/io.micrometer/micrometer-commons@1.13.13 067
micrometer-observation-1.13.13.jarpkg:maven/io.micrometer/micrometer-observation@1.13.13 067
microprofile-openapi-api-3.1.1.jarpkg:maven/org.eclipse.microprofile.openapi/microprofile-openapi-api@3.1.1 029
mockito-core-5.11.0.jarpkg:maven/org.mockito/mockito-core@5.11.0 043
mockito-junit-jupiter-5.11.0.jarpkg:maven/org.mockito/mockito-junit-jupiter@5.11.0 043
msg-simple-1.2.jarcpe:2.3:a:json-java_project:json-java:1.2:*:*:*:*:*:*:*pkg:maven/com.github.java-json-tools/msg-simple@1.2HIGH2Highest27
mybatis-3.5.19.jar (shaded: ognl:ognl:3.4.4)cpe:2.3:a:ognl_project:ognl:3.4.4:*:*:*:*:*:*:*pkg:maven/ognl/ognl@3.4.4 0Highest18
mybatis-3.5.19.jar (shaded: org.javassist:javassist:3.30.2-GA)pkg:maven/org.javassist/javassist@3.30.2-GA 043
mybatis-3.5.19.jarcpe:2.3:a:mybatis:mybatis:3.5.19:*:*:*:*:*:*:*pkg:maven/org.mybatis/mybatis@3.5.19 0Highest49
mybatis-spring-3.0.4.jarpkg:maven/org.mybatis/mybatis-spring@3.0.4 041
mybatis-spring-boot-autoconfigure-3.0.4.jarpkg:maven/org.mybatis.spring.boot/mybatis-spring-boot-autoconfigure@3.0.4 042
mybatis-spring-boot-starter-3.0.4.jarpkg:maven/org.mybatis.spring.boot/mybatis-spring-boot-starter@3.0.4 042
net.andresbustamante:y-a-foot-commons-api:2.0.0-SNAPSHOTpkg:maven/net.andresbustamante/y-a-foot-commons-api@2.0.0-SNAPSHOT 06
net.andresbustamante:y-a-foot-commons-services:2.0.0-SNAPSHOTpkg:maven/net.andresbustamante/y-a-foot-commons-services@2.0.0-SNAPSHOT 06
net.andresbustamante:y-a-foot-commons-web:2.0.0-SNAPSHOTcpe:2.3:a:web_project:web:2.0.0:snapshot:*:*:*:*:*:*pkg:maven/net.andresbustamante/y-a-foot-commons-web@2.0.0-SNAPSHOT 0Low6
net.andresbustamante:y-a-foot-core-api:2.0.0-SNAPSHOTpkg:maven/net.andresbustamante/y-a-foot-core-api@2.0.0-SNAPSHOT 06
net.andresbustamante:y-a-foot-core-db:2.0.0-SNAPSHOTpkg:maven/net.andresbustamante/y-a-foot-core-db@2.0.0-SNAPSHOT 06
net.andresbustamante:y-a-foot-core-events:2.0.0-SNAPSHOTpkg:maven/net.andresbustamante/y-a-foot-core-events@2.0.0-SNAPSHOT 06
net.andresbustamante:y-a-foot-core-services:2.0.0-SNAPSHOTpkg:maven/net.andresbustamante/y-a-foot-core-services@2.0.0-SNAPSHOT 06
net.andresbustamante:y-a-foot-messaging-api:2.0.0-SNAPSHOTpkg:maven/net.andresbustamante/y-a-foot-messaging-api@2.0.0-SNAPSHOT 06
net.andresbustamante:y-a-foot-messaging-services:2.0.0-SNAPSHOTpkg:maven/net.andresbustamante/y-a-foot-messaging-services@2.0.0-SNAPSHOT 06
net.andresbustamante:y-a-foot-users-api:2.0.0-SNAPSHOTpkg:maven/net.andresbustamante/y-a-foot-users-api@2.0.0-SNAPSHOT 06
net.andresbustamante:y-a-foot-users-services:2.0.0-SNAPSHOTpkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT 06
nimbus-jose-jwt-9.37.3.jarcpe:2.3:a:connect2id:nimbus_jose\+jwt:9.37.3:*:*:*:*:*:*:*pkg:maven/com.nimbusds/nimbus-jose-jwt@9.37.3 0Highest54
oauth2-oidc-sdk-9.43.6.jarpkg:maven/com.nimbusds/oauth2-oidc-sdk@9.43.6 059
objenesis-3.3.jarpkg:maven/org.objenesis/objenesis@3.3 029
opentest4j-1.3.0.jarpkg:maven/org.opentest4j/opentest4j@1.3.0 062
postgresql-42.7.5.jarcpe:2.3:a:postgresql:postgresql_jdbc_driver:42.7.5:*:*:*:*:*:*:*pkg:maven/org.postgresql/postgresql@42.7.5 0Low71
reactive-streams-1.0.4.jarpkg:maven/org.reactivestreams/reactive-streams@1.0.4 029
relaxng-datatype-4.0.3.jarcpe:2.3:a:oracle:java_se:4.0.3:*:*:*:*:*:*:*pkg:maven/com.sun.xml.bind.external/relaxng-datatype@4.0.3 0Low38
resteasy-core-6.2.9.Final.jarcpe:2.3:a:redhat:resteasy:6.2.9:*:*:*:*:*:*:*pkg:maven/org.jboss.resteasy/resteasy-core@6.2.9.Final 0Highest32
rngom-4.0.3.jarcpe:2.3:a:oracle:java_se:4.0.3:*:*:*:*:*:*:*pkg:maven/com.sun.xml.bind.external/rngom@4.0.3 0Low40
slf4j-api-2.0.17.jarpkg:maven/org.slf4j/slf4j-api@2.0.17 033
snakeyaml-2.2.jarcpe:2.3:a:snakeyaml_project:snakeyaml:2.2:*:*:*:*:*:*:*pkg:maven/org.yaml/snakeyaml@2.2 0Highest44
spring-amqp-3.1.11.jarcpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:3.1.11:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_advanced_message_queuing_protocol:3.1.11:*:*:*:*:*:*:*		pkg:maven/org.springframework.amqp/spring-amqp@3.1.11 0Low71
spring-boot-starter-jdbc-3.4.0.jarcpe:2.3:a:vmware:spring_boot:3.4.0:*:*:*:*:*:*:*pkg:maven/org.springframework.boot/spring-boot-starter-jdbc@3.4.0 0Highest36
spring-boot-starter-oauth2-resource-server-3.3.11.jarcpe:2.3:a:vmware:spring_boot:3.3.11:*:*:*:*:*:*:*pkg:maven/org.springframework.boot/spring-boot-starter-oauth2-resource-server@3.3.11 0Highest36
spring-boot-starter-web-3.3.11.jarcpe:2.3:a:vmware:spring_boot:3.3.11:*:*:*:*:*:*:*
cpe:2.3:a:web_project:web:3.3.11:*:*:*:*:*:*:*		pkg:maven/org.springframework.boot/spring-boot-starter-web@3.3.11 0Highest36
spring-core-6.1.19.jarcpe:2.3:a:pivotal_software:spring_framework:6.1.19:*:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:6.1.19:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:6.1.19:*:*:*:*:*:*:*		pkg:maven/org.springframework/spring-core@6.1.19 0Highest41
spring-retry-2.0.11.jarpkg:maven/org.springframework.retry/spring-retry@2.0.11 048
spring-security-core-6.3.9.jarcpe:2.3:a:pivotal_software:spring_security:6.3.9:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_security:6.3.9:*:*:*:*:*:*:*		pkg:maven/org.springframework.security/spring-security-core@6.3.9 0Highest38
spring-security-oauth2-resource-server-6.3.9.jarcpe:2.3:a:pivotal:spring_security_oauth:6.3.9:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_security:6.3.9:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_security_oauth:6.3.9:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_security:6.3.9:*:*:*:*:*:*:*		pkg:maven/org.springframework.security/spring-security-oauth2-resource-server@6.3.9 0Highest40
spring-security-web-6.3.9.jarcpe:2.3:a:pivotal_software:spring_security:6.3.9:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_security:6.3.9:*:*:*:*:*:*:*
cpe:2.3:a:web_project:web:6.3.9:*:*:*:*:*:*:*		pkg:maven/org.springframework.security/spring-security-web@6.3.9 0Highest38
spring-test-dbunit-1.3.0.jarpkg:maven/com.github.springtestdbunit/spring-test-dbunit@1.3.0 024
spring-web-6.1.19.jarcpe:2.3:a:pivotal_software:spring_framework:6.1.19:*:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:6.1.19:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:6.1.19:*:*:*:*:*:*:*
cpe:2.3:a:web_project:web:6.1.19:*:*:*:*:*:*:*		pkg:maven/org.springframework/spring-web@6.1.19 0Highest35
swagger-annotations-2.2.18.jarcpe:2.3:a:http-swagger_project:http-swagger:2.2.18:*:*:*:*:*:*:*pkg:maven/io.swagger.core.v3/swagger-annotations@2.2.18 0Low40
tomcat-embed-core-10.1.40.jarcpe:2.3:a:apache:tomcat:10.1.40:*:*:*:*:*:*:*
cpe:2.3:a:apache_tomcat:apache_tomcat:10.1.40:*:*:*:*:*:*:*		pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.40 0Highest69
tomcat-embed-el-10.1.40.jarpkg:maven/org.apache.tomcat.embed/tomcat-embed-el@10.1.40 035
txw2-4.0.3.jarpkg:maven/org.glassfish.jaxb/txw2@4.0.3 034
xsom-4.0.3.jarpkg:maven/org.glassfish.jaxb/xsom@4.0.3 038

Dependencies

HikariCP-5.1.0.jar

Description:

Ultimate JDBC Connection Pool

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/com/zaxxer/HikariCP/5.1.0/HikariCP-5.1.0.jar
MD5: 37404f82207a28141bd9b0fe6b1d0a16
SHA1: 8c96e36c14461fc436bb02b264b96ef3ca5dca8c
SHA256:a47a6ee62379694ee52c30036f0931b72f9aee2a801d590341ed82bd839e2134
Referenced In Project/Scope: Core Web:compile
HikariCP-5.1.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.mybatis.spring.boot/mybatis-spring-boot-starter@3.0.4

Identifiers

accessors-smart-2.5.2.jar

Description:

Java reflect give poor performance on getter setter an constructor calls, accessors-smart use ASM to speed up those calls.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/net/minidev/accessors-smart/2.5.2/accessors-smart-2.5.2.jar
MD5: 24191e0bb215c72902e89f46dde839e1
SHA1: ce16fd235cfee48e67eda33e684423bba09f7d07
SHA256:9b8a7bc43861d6156c021166d941fb7dddbe4463e2fa5ee88077e4b01452a836
Referenced In Project/Scope: Core Web:runtime
accessors-smart-2.5.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-oauth2-client@3.3.11

Identifiers

CVE-2022-45688  

A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data.
CWE-787 Out-of-bounds Write

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2023-5072  

Denial of Service  in JSON-Java versions up to and including 20230618.  A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

amqp-client-5.19.0.jar

Description:

The RabbitMQ Java client library allows Java applications to interface with RabbitMQ.

License:

AL 2.0: https://www.apache.org/licenses/LICENSE-2.0.html
GPL v2: https://www.gnu.org/licenses/gpl-2.0.txt
MPL 2.0: https://www.mozilla.org/en-US/MPL/2.0/
File Path: /opt/tomcat/.m2/repository/com/rabbitmq/amqp-client/5.19.0/amqp-client-5.19.0.jar
MD5: 66dd87e201ca617388a786db0edf6be2
SHA1: 6bd68c3cdf2662a9fbff8de5b9ef2b0fb1e6fe57
SHA256:d2c7a35031bf7f101b9cfcb5f58b201201b1f8232b6608171db7befe3a2b860d
Referenced In Projects/Scopes:
  • Core Web:compile
  • Users Admin Web:compile
  • Core Services:compile

amqp-client-5.19.0.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/org.springframework.boot/spring-boot-starter-amqp@3.3.11
  • pkg:maven/org.springframework.amqp/spring-rabbit@3.1.11
  • pkg:maven/org.springframework.amqp/spring-rabbit@3.1.11

Identifiers

angus-activation-2.0.1.jar

Description:

${project.name} Implementation

License:

http://www.eclipse.org/org/documents/edl-v10.php
File Path: /opt/tomcat/.m2/repository/org/eclipse/angus/angus-activation/2.0.1/angus-activation-2.0.1.jar
MD5: 9a66564224140488f83f645ac32d4169
SHA1: eaafaf4eb71b400e4136fc3a286f50e34a68ecb7
SHA256:b226761815868edf8964c1d71e6d2d54ab238c2788507061b4e0633933b4c131
Referenced In Projects/Scopes:
  • Core Web:runtime
  • Users Admin Web:compile
  • Users Services:compile

angus-activation-2.0.1.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/org.keycloak/keycloak-admin-client@26.0.5
  • pkg:maven/org.springframework.boot/spring-boot-starter-mail@3.3.11
  • pkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT

Identifiers

angus-mail-2.0.1.jar (shaded: org.eclipse.angus:angus-core:2.0.1)

File Path: /opt/tomcat/.m2/repository/org/eclipse/angus/angus-mail/2.0.1/angus-mail-2.0.1.jar/META-INF/maven/org.eclipse.angus/angus-core/pom.xml
MD5: f360e369882e5a0e72c9b8478bb3b89d
SHA1: 441ce7c16adde6d27b18f8483bed824de1345ce4
SHA256:d14626b21a4173d2cf26168a89f01cd4bb3b49e67077abc6c97a122fc68b061b
Referenced In Projects/Scopes:

  • Users Admin Web:compile
  • Users Services:compile

Identifiers

angus-mail-2.0.1.jar (shaded: org.eclipse.angus:imap:2.0.1)

File Path: /opt/tomcat/.m2/repository/org/eclipse/angus/angus-mail/2.0.1/angus-mail-2.0.1.jar/META-INF/maven/org.eclipse.angus/imap/pom.xml
MD5: 05102a237edc3b98999ac6d990ccd6bf
SHA1: a5b9f48971acc1e6469b3d3c6370f9557d517aa0
SHA256:b62ab94e0e77f341653b9546a8ff7e0e42b21bd6668f64762d9bdaf2bf257f48
Referenced In Projects/Scopes:

  • Users Admin Web:compile
  • Users Services:compile

Identifiers

angus-mail-2.0.1.jar (shaded: org.eclipse.angus:logging-mailhandler:2.0.1)

File Path: /opt/tomcat/.m2/repository/org/eclipse/angus/angus-mail/2.0.1/angus-mail-2.0.1.jar/META-INF/maven/org.eclipse.angus/logging-mailhandler/pom.xml
MD5: dbfd0bb62cf7c3787e593b49829a3188
SHA1: a3c463c283bff762d132f742266fb6daf9b01d55
SHA256:de393af2c75ed62b8d6975886623dbb880d59df5d587f90d309ce82ad16f82c9
Referenced In Projects/Scopes:

  • Users Admin Web:compile
  • Users Services:compile

Identifiers

angus-mail-2.0.1.jar (shaded: org.eclipse.angus:pop3:2.0.1)

File Path: /opt/tomcat/.m2/repository/org/eclipse/angus/angus-mail/2.0.1/angus-mail-2.0.1.jar/META-INF/maven/org.eclipse.angus/pop3/pom.xml
MD5: 0e0c10ef42056448a3c9d56722891b2d
SHA1: c414da9569662c1e964978805045429ea5f0ab51
SHA256:698d9c6b990f311a8bdea17624d307da6356227d95203a5d00a7513327c223d7
Referenced In Projects/Scopes:

  • Users Admin Web:compile
  • Users Services:compile

Identifiers

angus-mail-2.0.1.jar (shaded: org.eclipse.angus:smtp:2.0.1)

File Path: /opt/tomcat/.m2/repository/org/eclipse/angus/angus-mail/2.0.1/angus-mail-2.0.1.jar/META-INF/maven/org.eclipse.angus/smtp/pom.xml
MD5: 5c13f420e93a799e77a06a61c9c1dac3
SHA1: 45d00fe1ee33ac6dee9cabda854da88c99232bd2
SHA256:b88a786ecae5834454ffe1c0ffa067f636bc37ae602e13b221c9f01838d06fff
Referenced In Projects/Scopes:

  • Users Admin Web:compile
  • Users Services:compile

Identifiers

angus-mail-2.0.1.jar

Description:

Angus Mail Provider

License:

http://www.eclipse.org/legal/epl-2.0, https://www.gnu.org/software/classpath/license.html, http://www.eclipse.org/org/documents/edl-v10.php
File Path: /opt/tomcat/.m2/repository/org/eclipse/angus/angus-mail/2.0.1/angus-mail-2.0.1.jar
MD5: 8d14ee5ed48e5c25913dec56e9e76f23
SHA1: 7adb247e025999f7bc435415f99ddf3764463d51
SHA256:130c53932fb205bd3dc965619ae37a82922f3153c1418b2ce0e0ab71bf0c2721
Referenced In Projects/Scopes:
  • Users Admin Web:compile
  • Users Services:compile

angus-mail-2.0.1.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/org.keycloak/keycloak-admin-client@26.0.5
  • pkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT

Identifiers

apache-mime4j-core-0.8.11.jar

Description:

Java stream based MIME message parser

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/org/apache/james/apache-mime4j-core/0.8.11/apache-mime4j-core-0.8.11.jar
MD5: 83990269ea1fdba6f423c26963a0440a
SHA1: 6d1eb5f7b84eaa9d38fca13b761f01c693aef3da
SHA256:62a7853523dff0c382065df82fa280c1bf59bcd9b329180d707b0f6f15ceb903
Referenced In Projects/Scopes:
  • Users Admin Web:compile
  • Users Services:compile

apache-mime4j-core-0.8.11.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/org.keycloak/keycloak-admin-client@26.0.5
  • pkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT

Identifiers

apache-mime4j-storage-0.8.11.jar

Description:

Java MIME Document Object Model Storage

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/org/apache/james/apache-mime4j-storage/0.8.11/apache-mime4j-storage-0.8.11.jar
MD5: 5e9a9c4a751a54de790476f96bf3d152
SHA1: 874a7338051442158412a2734bbb84a8595e1428
SHA256:70802a28b4f71319da90bc8b5b981d61163aeed7d1ecec083a0e4c49375f8b4f
Referenced In Projects/Scopes:
  • Users Admin Web:compile
  • Users Services:compile

apache-mime4j-storage-0.8.11.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/org.keycloak/keycloak-admin-client@26.0.5
  • pkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT

Identifiers

apiguardian-api-1.1.2.jar

Description:

@API Guardian

License:

The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/org/apiguardian/apiguardian-api/1.1.2/apiguardian-api-1.1.2.jar
MD5: 8c7de3f82037fa4a2e8be2a2f13092af
SHA1: a231e0d844d2721b0fa1b238006d15c6ded6842a
SHA256:b509448ac506d607319f182537f0b35d71007582ec741832a1f111e5b5b70b38
Referenced In Project/Scope: Commons Test:compile
apiguardian-api-1.1.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.junit.jupiter/junit-jupiter-api@5.10.5

Identifiers

asm-9.7.1.jar

Description:

ASM, a very small and fast Java bytecode manipulation framework

License:

BSD-3-Clause: https://asm.ow2.io/license.html
File Path: /opt/tomcat/.m2/repository/org/ow2/asm/asm/9.7.1/asm-9.7.1.jar
MD5: e2cdd32d198ad31427d298eee9d39d8d
SHA1: f0ed132a49244b042cd0e15702ab9f2ce3cc8436
SHA256:8cadd43ac5eb6d09de05faecca38b917a040bb9139c7edeb4cc81c740b713281
Referenced In Project/Scope: Core Web:runtime
asm-9.7.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-oauth2-client@3.3.11

Identifiers

aspectjweaver-1.9.24.jar

Description:

The AspectJ weaver applies aspects to Java classes. It can be used as a Java agent in order to apply load-time
		weaving (LTW) during class-loading and also contains the AspectJ runtime classes.

License:

Eclipse Public License - v 2.0: https://www.eclipse.org/org/documents/epl-2.0/EPL-2.0.txt
File Path: /opt/tomcat/.m2/repository/org/aspectj/aspectjweaver/1.9.24/aspectjweaver-1.9.24.jar
MD5: d95bb9406a5351d45a02145777b9a241
SHA1: 9b5aeb0cea9f958b9c57fb80e62996e95a3e9379
SHA256:75e4227fb7dc5f97c3d4689cd1c2439f4db0bd18cea2fa242c4656cd93c599aa
Referenced In Projects/Scopes:
  • Core Web:compile
  • Users Admin Web:compile
  • Commons Services:compile
  • Messaging Services:compile
  • Core Services:compile
  • Users Services:compile

aspectjweaver-1.9.24.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/net.andresbustamante/y-a-foot-core-services@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-commons-services@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-core-services@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-commons-services@2.0.0-SNAPSHOT

Identifiers

asyncutil-0.1.0.jar

Description:

Utilities for working with CompletionStages

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/com/ibm/async/asyncutil/0.1.0/asyncutil-0.1.0.jar
MD5: cbf288497b12b8c6c4ca728c57db77fd
SHA1: 440941c382166029a299602e6c9ff5abde1b5143
SHA256:cb80a7a5cd1fef63c7ea4c9abbc5138e84136657c19d148879d22e28e144fe04
Referenced In Projects/Scopes:
  • Users Admin Web:compile
  • Users Services:compile

asyncutil-0.1.0.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT
  • pkg:maven/org.keycloak/keycloak-admin-client@26.0.5

Identifiers

avro-1.11.4.jar

Description:

Avro core components

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/org/apache/avro/avro/1.11.4/avro-1.11.4.jar
MD5: 915002011d651686f94b4e20d25234a6
SHA1: 25d54640c4a17aa342490c4c63c172759361bf56
SHA256:eeba11b77070b9aa6337d886fdf778f6695f6c4c3dcfd2a02389925c885079fa
Referenced In Projects/Scopes:
  • Core Web:compile
  • Core Services:compile
  • Core Events:compile

avro-1.11.4.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/net.andresbustamante/y-a-foot-core-events@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-core-services@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-core-events@2.0.0-SNAPSHOT

Identifiers

btf-1.3.jar

Description:

Generic interfaces to the classical builder pattern and the less classical "freeze/thaw" pattern

License:

Lesser General Public License, version 3 or greater: http://www.gnu.org/licenses/lgpl.html
Apache Software License, version 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: /opt/tomcat/.m2/repository/com/github/java-json-tools/btf/1.3/btf-1.3.jar
MD5: 884a930eed6ea9212ae61521fa655af3
SHA1: 6cf5405e214cbc83337a107cdef8401fb6aa6383
SHA256:67c3e462eb50807f4e0a5f4dee304bbf17cd986a42ee5eb0b2f4c9bf64d130d9
Referenced In Projects/Scopes:
  • Users Admin Web:compile
  • Users Services:compile

btf-1.3.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT
  • pkg:maven/org.keycloak/keycloak-admin-client@26.0.5

Identifiers

CVE-2022-45688  

A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data.
CWE-787 Out-of-bounds Write

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2023-5072  

Denial of Service  in JSON-Java versions up to and including 20230618.  A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

byte-buddy-1.14.12.jar

Description:

        Byte Buddy is a Java library for creating Java classes at run time.
        This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/net/bytebuddy/byte-buddy/1.14.12/byte-buddy-1.14.12.jar
MD5: bf32ed474b27dc431b48bfef82d3c17f
SHA1: 6e37f743dc15a8d7a4feb3eb0025cbc612d5b9e1
SHA256:970636134d61c183b19f8f58fa631e30d2f2abca344b37848a393cac7863dd70
Referenced In Project/Scope: Commons Test:compile
byte-buddy-1.14.12.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.mockito/mockito-core@5.11.0

Identifiers

byte-buddy-agent-1.14.12.jar

Description:

The Byte Buddy agent offers convenience for attaching an agent to the local or a remote VM.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/net/bytebuddy/byte-buddy-agent/1.14.12/byte-buddy-agent-1.14.12.jar
MD5: a3e9c8317ad7b6be32af53b6d30dbae5
SHA1: be4984cb6fd1ef1d11f218a648889dfda44b8a15
SHA256:2b309a9300092e0b696f7c471fd51d9969001df784c8ab9f07997437d757ad6d
Referenced In Project/Scope: Commons Test:compile
byte-buddy-agent-1.14.12.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.mockito/mockito-core@5.11.0

Identifiers

checker-qual-3.48.3.jar

Description:

checker-qual contains annotations (type qualifiers) that a programmerwrites to specify Java code for type-checking by the Checker Framework.

License:

The MIT License: http://opensource.org/licenses/MIT
File Path: /opt/tomcat/.m2/repository/org/checkerframework/checker-qual/3.48.3/checker-qual-3.48.3.jar
MD5: 9fe3deae54d20bd78960459c952ac7d4
SHA1: c48effe7d78de3cf5e8a98c614281ec6a2466a77
SHA256:443685b1b232803baaf803c15d6f5a425473c6f7b81c5f276dfcf93288e389a5
Referenced In Projects/Scopes:
  • Core Services:runtime
  • Core DB:runtime
  • Core Web:runtime

checker-qual-3.48.3.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/net.andresbustamante/y-a-foot-core-db@2.0.0-SNAPSHOT
  • pkg:maven/org.postgresql/postgresql@42.7.5
  • pkg:maven/net.andresbustamante/y-a-foot-core-db@2.0.0-SNAPSHOT

Identifiers

classmate-1.5.1.jar

Description:

Library for introspecting types with full generic information
        including resolving of field and method types.

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/com/fasterxml/classmate/1.5.1/classmate-1.5.1.jar
MD5: e91fcd30ba329fd1b0b6dc5321fd067c
SHA1: 3fe0bed568c62df5e89f4f174c101eab25345b6c
SHA256:aab4de3006808c09d25dd4ff4a3611cfb63c95463cfd99e73d2e1680d229a33b
Referenced In Projects/Scopes:
  • Core Web:compile
  • Users Admin Web:compile

classmate-1.5.1.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/org.springframework.boot/spring-boot-starter-validation@3.3.11
  • pkg:maven/org.springframework.boot/spring-boot-starter-validation@3.3.11

Identifiers

codemodel-4.0.3.jar

Description:

The core functionality of the CodeModel java source code generation library

License:

http://www.eclipse.org/org/documents/edl-v10.php
File Path: /opt/tomcat/.m2/repository/org/glassfish/jaxb/codemodel/4.0.3/codemodel-4.0.3.jar
MD5: 1e4f79edf55ab8c0f0e8e8803f511530
SHA1: 04ce3895b414420e7140cd51d52420aaddaccd45
SHA256:15acc9323d54b14527de229b76f2de13a258f3fe2470c290cd00014cc6641d40
Referenced In Projects/Scopes:
  • Users Admin Web:compile
  • Users Services:compile

codemodel-4.0.3.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT
  • pkg:maven/org.keycloak/keycloak-admin-client@26.0.5

Identifiers

commons-codec-1.16.1.jar

Description:

     The Apache Commons Codec component contains encoder and decoders for
     various formats such as Base16, Base32, Base64, digest, and Hexadecimal. In addition to these
     widely used encoders and decoders, the codec package also maintains a
     collection of phonetic encoding utilities.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/commons-codec/commons-codec/1.16.1/commons-codec-1.16.1.jar
MD5: 6c5be822d8d3fa61c3b54c4c8978dfdc
SHA1: 47bd4d333fba53406f6c6c51884ddbca435c8862
SHA256:ec87bfb55f22cbd1b21e2190eeda28b2b312ed2a431ee49fbdcc01812d04a5e4
Referenced In Projects/Scopes:
  • Core Web:compile
  • Users Admin Web:compile
  • Core Services:compile
  • Core Events:compile
  • Users Services:compile

commons-codec-1.16.1.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/org.keycloak/keycloak-admin-client@26.0.5
  • pkg:maven/net.andresbustamante/y-a-foot-core-services@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-core-events@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT
  • pkg:maven/org.apache.avro/avro@1.11.4

Identifiers

commons-collections4-4.4.jar

Description:

The Apache Commons Collections package contains types that extend and augment the Java Collections Framework.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/org/apache/commons/commons-collections4/4.4/commons-collections4-4.4.jar
MD5: 4a37023740719b391f10030362c86be6
SHA1: 62ebe7544cb7164d87e0637a2a6a2bdc981395e8
SHA256:1df8b9430b5c8ed143d7815e403e33ef5371b2400aadbe9bda0883762e0846d1
Referenced In Projects/Scopes:
  • Core Web:compile
  • Users Admin Web:compile
  • Core Services:compile
  • Users Services:compile

commons-collections4-4.4.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-core-services@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-core-web@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT

Identifiers

commons-compress-1.26.2.jar

Description:

Apache Commons Compress defines an API for working with
compression and archive formats. These include bzip2, gzip, pack200,
LZMA, XZ, Snappy, traditional Unix Compress, DEFLATE, DEFLATE64, LZ4,
Brotli, Zstandard and ar, cpio, jar, tar, zip, dump, 7z, arj.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/org/apache/commons/commons-compress/1.26.2/commons-compress-1.26.2.jar
MD5: d2c5abbd0a822c0b79cf4f03ead483ee
SHA1: eb1f823447af685208e684fce84783b43517960c
SHA256:9168a03141d8fc7eda21a2360d83cc0412bcbb1d6204d992bd48c2573cb3c6b8
Referenced In Projects/Scopes:
  • Core Web:compile
  • Core Services:compile
  • Core Events:compile

commons-compress-1.26.2.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/net.andresbustamante/y-a-foot-core-events@2.0.0-SNAPSHOT
  • pkg:maven/org.apache.avro/avro@1.11.4
  • pkg:maven/net.andresbustamante/y-a-foot-core-services@2.0.0-SNAPSHOT

Identifiers

commons-dbcp2-2.11.0.jar

Description:

Apache Commons DBCP software implements Database Connection Pooling

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/org/apache/commons/commons-dbcp2/2.11.0/commons-dbcp2-2.11.0.jar
MD5: f4b4862aa3f2fd796f4f0e822f41cf5c
SHA1: 5553126edbdc3d2dd24118f687d09d6d066fca1b
SHA256:58d144d6327b4a054ca0e71a4438456bd66c0ca8d0c1aa799f59dcfb0ec599cc
Referenced In Project/Scope: Commons Test:compile
commons-dbcp2-2.11.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-commons-test@2.0.0-SNAPSHOT

Identifiers

commons-io-2.15.0.jar

Description:

The Apache Commons IO library contains utility classes, stream implementations, file filters,
file comparators, endian transformation classes, and much more.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/commons-io/commons-io/2.15.0/commons-io-2.15.0.jar
MD5: 125a9d3dc2477b10cc6fa6e89c699e81
SHA1: 5c3c2db10f6f797430a7f9c696b4d1273768c924
SHA256:a328dad730921d197b6a9b195dffa00e41c974c2dac8fe37e84d31706bca7792
Referenced In Projects/Scopes:
  • Core Web:compile
  • Users Admin Web:compile
  • Core Services:compile
  • Core Events:compile
  • Users Services:compile

commons-io-2.15.0.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/org.keycloak/keycloak-admin-client@26.0.5
  • pkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-core-services@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-core-events@2.0.0-SNAPSHOT
  • pkg:maven/org.apache.avro/avro@1.11.4

Identifiers

commons-lang3-3.13.0.jar

Description:

  Apache Commons Lang, a package of Java utility classes for the
  classes that are in java.lang's hierarchy, or are considered to be so
  standard as to justify existence in java.lang.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/org/apache/commons/commons-lang3/3.13.0/commons-lang3-3.13.0.jar
MD5: 3435b913691a5c1b173485a49850b1a8
SHA1: b7263237aa89c1f99b327197c41d0669707a462e
SHA256:82f528cf718c7a3c2f30fc5bc784e3c6a0a10b17605dadb9e16c82ede11e6064
Referenced In Projects/Scopes:
  • Core Web:compile
  • Users Admin Web:compile
  • Core Services:compile
  • Core Events:compile
  • Users Services:compile

commons-lang3-3.13.0.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-core-services@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT
  • pkg:maven/org.apache.avro/avro@1.11.4
  • pkg:maven/net.andresbustamante/y-a-foot-core-services@2.0.0-SNAPSHOT

Identifiers

commons-logging-1.2.jar

Description:

Apache Commons Logging is a thin adapter allowing configurable bridging to other,
    well known logging systems.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/commons-logging/commons-logging/1.2/commons-logging-1.2.jar
MD5: 040b4b4d8eac886f6b4a2a3bd2f31b00
SHA1: 4bfc12adfe4842bf07b657f0369c4cb522955686
SHA256:daddea1ea0be0f56978ab3006b8ac92834afeefbd9b7e4e6316fca57df0fa636
Referenced In Projects/Scopes:
  • Commons Test:compile
  • Users Admin Web:compile
  • Users Services:compile

commons-logging-1.2.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/org.apache.commons/commons-dbcp2@2.11.0
  • pkg:maven/net.andresbustamante/y-a-foot-commons-test@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-commons-test@2.0.0-SNAPSHOT

Identifiers

commons-logging-jboss-logging-1.0.0.Final.jar

Description:

Apache Commons Logging to JBoss Logging implementation

License:

Apache License 2.0: http://repository.jboss.org/licenses/apache-2.0.txt
File Path: /opt/tomcat/.m2/repository/org/jboss/logging/commons-logging-jboss-logging/1.0.0.Final/commons-logging-jboss-logging-1.0.0.Final.jar
MD5: 46328c16f47be35563b73425d456445a
SHA1: 27a4e823d661bde67ec103bba2baf33cddde6e75
SHA256:f12176263ea25f4e78bb4fa4b36d335a29738dde6a8123e1b6da89a655d150ff
Referenced In Projects/Scopes:
  • Users Services:runtime
  • Users Admin Web:runtime

commons-logging-jboss-logging-1.0.0.Final.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/org.keycloak/keycloak-admin-client@26.0.5
  • pkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT

Identifiers

commons-pool2-2.12.0.jar

Description:

The Apache Commons Object Pooling Library.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/org/apache/commons/commons-pool2/2.12.0/commons-pool2-2.12.0.jar
MD5: 0516bf5ac1549e8ba78f6b7c49d09ed2
SHA1: 458563f69fbdaebf7daadfe10dc3a22e42a7de50
SHA256:6d3bd18df8410f3e31b031aca582cc109342358a62a2759ebd0c4cdf30d06f8b
Referenced In Project/Scope: Commons Test:compile
commons-pool2-2.12.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.commons/commons-dbcp2@2.11.0

Identifiers

commons-text-1.11.0.jar

Description:

Apache Commons Text is a library focused on algorithms working on strings.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/org/apache/commons/commons-text/1.11.0/commons-text-1.11.0.jar
MD5: ebfec4f77cc595c518d655f7e68346be
SHA1: 2bb044b7717ec2eccaf9ea7769c1509054b50e9a
SHA256:2acf30a070b19163d5a480eae411a281341e870020e3534c6d5d4c8472739e30
Referenced In Projects/Scopes:
  • Core Web:compile
  • Users Admin Web:compile
  • Core Services:compile
  • Users Services:compile

commons-text-1.11.0.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/net.andresbustamante/y-a-foot-core-services@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-core-services@2.0.0-SNAPSHOT

Identifiers

content-type-2.2.jar

Description:

Java library for Content (Media) Type representation

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/com/nimbusds/content-type/2.2/content-type-2.2.jar
MD5: 135aaa5ebcc12a45f4b3ff08cb6fa46a
SHA1: 9a894bce7646dd4086652d85b88013229f23724b
SHA256:730f1816196145e88275093c147f2e6da3c3e541207acd3503a1b06129b9bea9
Referenced In Project/Scope: Core Web:runtime
content-type-2.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-oauth2-client@3.3.11

Identifiers

dbunit-2.7.3.jar

Description:

    dbUnit is a JUnit extension (also usable from Ant and Maven) targeted for database-driven projects that, among other things, puts your database into a known state between test runs. This is an excellent way to avoid the myriad of problems that can occur when one test case corrupts the database and causes subsequent tests to fail or exacerbate the damage.

License:

GNU Lesser General Public License, Version 2.1: http://www.gnu.org/licenses/old-licenses/lgpl-2.1.txt
File Path: /opt/tomcat/.m2/repository/org/dbunit/dbunit/2.7.3/dbunit-2.7.3.jar
MD5: fd65279da6d9cf6602178a1ec117ae56
SHA1: 55af244b2264040b3b982f005c92ed3c3ca55535
SHA256:12ef35241b33e358beb7fbbd42166cd527ee00dca960b64bd294db0781d1a3d8
Referenced In Project/Scope: Commons Test:compile
dbunit-2.7.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-commons-test@2.0.0-SNAPSHOT

Identifiers

  • pkg:maven/org.dbunit/dbunit@2.7.3  (Confidence:High)
  • cpe:2.3:a:connections_project:connections:2.7.3:*:*:*:*:*:*:*  (Confidence:Low)  
  • cpe:2.3:a:golden_project:golden:2.7.3:*:*:*:*:*:*:*  (Confidence:Low)  

flyway-core-10.10.0.jar

File Path: /opt/tomcat/.m2/repository/org/flywaydb/flyway-core/10.10.0/flyway-core-10.10.0.jar
MD5: c31003dacfe66439c92a78f5019775d4
SHA1: 8761d308b9fc9697a95ae362bcbbb5abe8f6e08f
SHA256:9ca803176bf3c9450b58af79c07ffdc7922fa029b97e4f51675b6a9766d4e1d6
Referenced In Projects/Scopes:

  • Core DB:compile
  • Core Web:compile
  • Commons Test:compile
  • Core Services:compile

flyway-core-10.10.0.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/net.andresbustamante/y-a-foot-commons-test@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-core-db@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-core-db@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-commons-test@2.0.0-SNAPSHOT

Identifiers

freemarker-2.3.34.jar

Description:

    FreeMarker is a "template engine"; a generic tool to generate text output based on templates.

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/org/freemarker/freemarker/2.3.34/freemarker-2.3.34.jar
MD5: 1704fd3c579385ca5fd0ebcdf50df73c
SHA1: c2fa47a1c3b6dcdfca90e952e51211967a4baa54
SHA256:9a9fb91cd64199232eb1ca9766148a5d30ef8944be5fac051018f96c70c8f6a3
Referenced In Projects/Scopes:
  • Core Web:compile
  • Users Admin Web:compile
  • Commons Services:compile
  • Messaging Services:compile
  • Core Services:compile
  • Users Services:compile

freemarker-2.3.34.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/net.andresbustamante/y-a-foot-commons-services@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-commons-services@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-commons-services@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-messaging-services@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-commons-services@2.0.0-SNAPSHOT

Identifiers

gson-2.10.1.jar

Description:

Gson JSON library

License:

Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/com/google/code/gson/gson/2.10.1/gson-2.10.1.jar
MD5: df6097815738cb31fc56391553210843
SHA1: b3add478d4382b78ea20b1671390a858002feb6c
SHA256:4241c14a7727c34feea6507ec801318a3d4a90f070e4525681079fb94ee4c593
Referenced In Projects/Scopes:
  • Core DB:compile
  • Core Web:compile
  • Commons Test:compile
  • Core Services:compile

gson-2.10.1.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/org.flywaydb/flyway-core@10.10.0
  • pkg:maven/net.andresbustamante/y-a-foot-commons-test@2.0.0-SNAPSHOT
  • pkg:maven/org.flywaydb/flyway-core@10.10.0
  • pkg:maven/net.andresbustamante/y-a-foot-core-db@2.0.0-SNAPSHOT

Identifiers

hibernate-validator-8.0.2.Final.jar

Description:

Hibernate's Jakarta Bean Validation reference implementation.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/org/hibernate/validator/hibernate-validator/8.0.2.Final/hibernate-validator-8.0.2.Final.jar
MD5: 1adda123292ba2627d03a696d8c7e76a
SHA1: 220e64815dd87535525331de20570017f899eb13
SHA256:2f2224a5a19bdcfa73540e9ff5c971b6c425ad80415876f305259fe873a15b2f
Referenced In Projects/Scopes:
  • Core Web:compile
  • Users Admin Web:compile

hibernate-validator-8.0.2.Final.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/org.springframework.boot/spring-boot-starter-validation@3.3.11
  • pkg:maven/org.springframework.boot/spring-boot-starter-validation@3.3.11

Identifiers

httpclient-4.5.14.jar

Description:

   Apache HttpComponents Client

File Path: /opt/tomcat/.m2/repository/org/apache/httpcomponents/httpclient/4.5.14/httpclient-4.5.14.jar
MD5: 2cb357c4b763f47e58af6cad47df6ba3
SHA1: 1194890e6f56ec29177673f2f12d0b8e627dec98
SHA256:c8bc7e1c51a6d4ce72f40d2ebbabf1c4b68bfe76e732104b04381b493478e9d6
Referenced In Projects/Scopes:

  • Users Admin Web:compile
  • Users Services:compile

httpclient-4.5.14.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/org.keycloak/keycloak-admin-client@26.0.5
  • pkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT

Identifiers

httpcore-4.4.16.jar

Description:

   Apache HttpComponents Core (blocking I/O)

File Path: /opt/tomcat/.m2/repository/org/apache/httpcomponents/httpcore/4.4.16/httpcore-4.4.16.jar
MD5: 28d2cd9bf8789fd2ec774fb88436ebd1
SHA1: 51cf043c87253c9f58b539c9f7e44c8894223850
SHA256:6c9b3dd142a09dc468e23ad39aad6f75a0f2b85125104469f026e52a474e464f
Referenced In Projects/Scopes:

  • Users Admin Web:compile
  • Users Services:compile

httpcore-4.4.16.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT
  • pkg:maven/org.keycloak/keycloak-admin-client@26.0.5

Identifiers

istack-commons-tools-4.1.2.jar

Description:

istack common utility code

License:

http://www.eclipse.org/org/documents/edl-v10.php
File Path: /opt/tomcat/.m2/repository/com/sun/istack/istack-commons-tools/4.1.2/istack-commons-tools-4.1.2.jar
MD5: 53590bcdfeafccd31d1d1bc791af1555
SHA1: 585c1af261fbc0b0cccf72f4d6c5ff11c1e596b1
SHA256:85b4fe7ad6fdfc64a586133f039d3de7b51db2c8111a1aa98a267891e27f386f
Referenced In Projects/Scopes:
  • Users Admin Web:compile
  • Users Services:compile

istack-commons-tools-4.1.2.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT
  • pkg:maven/org.keycloak/keycloak-admin-client@26.0.5

Identifiers

jackson-annotations-2.17.3.jar

Description:

Core annotations used for value types, used by Jackson data binding package.

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/com/fasterxml/jackson/core/jackson-annotations/2.17.3/jackson-annotations-2.17.3.jar
MD5: cb80e34a9fa3c0b27560e1562dfdff43
SHA1: 4f30a05d2eee0ab700cdc27aa5967e934d3042b2
SHA256:2747f60343783a6ec8a68405c7c839fa0bbe30ee4e2459d21a1ac3b7365e1ed5
Referenced In Projects/Scopes:
  • Core DB:compile
  • Core Web:compile
  • Commons Test:compile
  • Users Admin Web:compile
  • Core Services:compile
  • Core Events:compile
  • Commons Web:compile
  • Users Services:compile

jackson-annotations-2.17.3.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/net.andresbustamante/y-a-foot-users-admin-web@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-core-events@2.0.0-SNAPSHOT
  • pkg:maven/org.flywaydb/flyway-core@10.10.0
  • pkg:maven/org.flywaydb/flyway-core@10.10.0
  • pkg:maven/org.keycloak/keycloak-admin-client@26.0.5
  • pkg:maven/net.andresbustamante/y-a-foot-commons-web@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-core-web@2.0.0-SNAPSHOT
  • pkg:maven/org.apache.avro/avro@1.11.4

Identifiers

jackson-core-2.17.3.jar

Description:

Core Jackson processing abstractions (aka Streaming API), implementation for JSON

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.17.3/jackson-core-2.17.3.jar
MD5: b38c1cd06ec2b87bd23494962c44da69
SHA1: 1d6eb3e959c737692b720d3492b2f1f34c4c8579
SHA256:19e03ee71f00a86255fa3c980560b231e1305486f6482c905601209014f5870c
Referenced In Projects/Scopes:
  • Core DB:compile
  • Core Web:compile
  • Commons Test:compile
  • Users Admin Web:compile
  • Core Services:compile
  • Core Events:compile
  • Commons Web:compile
  • Users Services:compile

jackson-core-2.17.3.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.17.3
  • pkg:maven/net.andresbustamante/y-a-foot-core-events@2.0.0-SNAPSHOT
  • pkg:maven/org.keycloak/keycloak-core@26.1.3
  • pkg:maven/org.apache.avro/avro@1.11.4
  • pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.17.3
  • pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.17.3
  • pkg:maven/org.flywaydb/flyway-core@10.10.0
  • pkg:maven/org.flywaydb/flyway-core@10.10.0

Identifiers

CVE-2022-45688  

A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data.
CWE-787 Out-of-bounds Write

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2023-5072  

Denial of Service  in JSON-Java versions up to and including 20230618.  A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

jackson-coreutils-2.0.jar

Description:

JSON Pointer (RFC 6901) and numeric equality for Jackson (2.2.x)

License:

Lesser General Public License, version 3 or greater: http://www.gnu.org/licenses/lgpl.html
Apache Software License, version 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: /opt/tomcat/.m2/repository/com/github/java-json-tools/jackson-coreutils/2.0/jackson-coreutils-2.0.jar
MD5: 7d2699a50f92f6ee224d1d75fbd884ef
SHA1: 6374371261b91b829d10f21256b2feefdf8f0a78
SHA256:16b3aabd3a9eb25655dda433e35f9bd9c7c1aa7991427702f5f11f000813dbb0
Referenced In Projects/Scopes:
  • Users Admin Web:compile
  • Users Services:compile

jackson-coreutils-2.0.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/org.keycloak/keycloak-admin-client@26.0.5
  • pkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT

Identifiers

CVE-2022-45688  

A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data.
CWE-787 Out-of-bounds Write

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2023-5072  

Denial of Service  in JSON-Java versions up to and including 20230618.  A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

jackson-databind-2.17.3.jar

Description:

General data-binding functionality for Jackson: works on core streaming API

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.17.3/jackson-databind-2.17.3.jar
MD5: 820811143157937e800b899a4feeb261
SHA1: 42c617beb411ee813bdc39a287424bfb19d99185
SHA256:93b13e709a0b620de42019180a75bc1fc4885c81fe5b6087a4aa248f91fb9a95
Referenced In Projects/Scopes:
  • Core DB:compile
  • Core Web:compile
  • Commons Test:compile
  • Users Admin Web:compile
  • Core Services:compile
  • Core Events:compile
  • Commons Web:compile
  • Users Services:compile

jackson-databind-2.17.3.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/net.andresbustamante/y-a-foot-commons-web@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-core-web@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-users-admin-web@2.0.0-SNAPSHOT
  • pkg:maven/org.flywaydb/flyway-core@10.10.0
  • pkg:maven/org.flywaydb/flyway-core@10.10.0
  • pkg:maven/org.keycloak/keycloak-core@26.1.3
  • pkg:maven/org.apache.avro/avro@1.11.4
  • pkg:maven/net.andresbustamante/y-a-foot-core-events@2.0.0-SNAPSHOT

Identifiers

jackson-dataformat-toml-2.17.3.jar

Description:

Support for reading and writing TOML-encoded data via Jackson abstractions.

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/com/fasterxml/jackson/dataformat/jackson-dataformat-toml/2.17.3/jackson-dataformat-toml-2.17.3.jar
MD5: d2ad35af9cbda38b7c342e5db2f42714
SHA1: 34c86ea69dac79a2a684d5d2261b62116e788e37
SHA256:c5785f6ab645e4cda167424359b32a6af466a06d46d6c2195c1f14058be7e212
Referenced In Projects/Scopes:
  • Core DB:compile
  • Core Web:compile
  • Commons Test:compile
  • Core Services:compile

jackson-dataformat-toml-2.17.3.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/net.andresbustamante/y-a-foot-commons-test@2.0.0-SNAPSHOT
  • pkg:maven/org.flywaydb/flyway-core@10.10.0
  • pkg:maven/org.flywaydb/flyway-core@10.10.0
  • pkg:maven/net.andresbustamante/y-a-foot-core-db@2.0.0-SNAPSHOT

Identifiers

jackson-jakarta-rs-base-2.17.3.jar

Description:

Pile of code that is shared by all Jackson-based Jakarta-RS
providers.

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/com/fasterxml/jackson/jakarta/rs/jackson-jakarta-rs-base/2.17.3/jackson-jakarta-rs-base-2.17.3.jar
MD5: e5e65ccf37efb69f3bddfcce87254c22
SHA1: 686bb983cf901d79d456fa7b12dbf492a250f624
SHA256:c01b46163ee2e639962be14d1e16d18c84e135beff572122f4bce12229ce2113
Referenced In Projects/Scopes:
  • Users Admin Web:compile
  • Users Services:compile

jackson-jakarta-rs-base-2.17.3.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT
  • pkg:maven/org.keycloak/keycloak-admin-client@26.0.5

Identifiers

jackson-jakarta-rs-json-provider-2.17.3.jar

Description:

Functionality to handle JSON input/output for Jakarta-RS implementations
(like Jersey and RESTeasy) using standard Jackson data binding.

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/com/fasterxml/jackson/jakarta/rs/jackson-jakarta-rs-json-provider/2.17.3/jackson-jakarta-rs-json-provider-2.17.3.jar
MD5: cfbb0b864f335bb3f7ba47a6c1c8eb56
SHA1: 7caa7f9b3b307cd9de31cc034d55802b224ab8fb
SHA256:2ecc4a35fad7eed375ef29861291138f6759f0a3af7868effa387af4d14d6c77
Referenced In Projects/Scopes:
  • Users Admin Web:compile
  • Users Services:compile

jackson-jakarta-rs-json-provider-2.17.3.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/org.keycloak/keycloak-admin-client@26.0.5
  • pkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT

Identifiers

CVE-2022-45688  

A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data.
CWE-787 Out-of-bounds Write

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2023-5072  

Denial of Service  in JSON-Java versions up to and including 20230618.  A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

jackson-module-jakarta-xmlbind-annotations-2.17.3.jar

Description:

Support for using Jakarta XML Bind (aka JAXB 3.0) annotations as an alternative
  to "native" Jackson annotations, for configuring data-binding.

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/com/fasterxml/jackson/module/jackson-module-jakarta-xmlbind-annotations/2.17.3/jackson-module-jakarta-xmlbind-annotations-2.17.3.jar
MD5: f999c40ff7777d2e3162ba3f4a5f63c3
SHA1: 93c4f8434820f7581c8905804be34dffc7f2a189
SHA256:167d7d48ddabe3a3c2941551992832232f61b19d77cafbf9f7080d1293aafcb4
Referenced In Projects/Scopes:
  • Users Admin Web:compile
  • Users Services:compile

jackson-module-jakarta-xmlbind-annotations-2.17.3.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/org.keycloak/keycloak-admin-client@26.0.5
  • pkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT

Identifiers

jakarta.activation-api-2.1.3.jar

Description:

${project.name} ${spec.version} Specification

License:

EDL 1.0: http://www.eclipse.org/org/documents/edl-v10.php
File Path: /opt/tomcat/.m2/repository/jakarta/activation/jakarta.activation-api/2.1.3/jakarta.activation-api-2.1.3.jar
MD5: 76e7b680375ea9f40f3ddbd702efcd25
SHA1: fa165bd70cda600368eee31555222776a46b881f
SHA256:01b176d718a169263e78290691fc479977186bcc6b333487325084d6586f4627
Referenced In Projects/Scopes:
  • Core Web:compile
  • Users Admin Web:compile
  • Messaging Services:compile
  • Users Services:compile

jakarta.activation-api-2.1.3.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/org.springframework.boot/spring-boot-starter-test@3.3.11
  • pkg:maven/org.keycloak/keycloak-core@26.1.3
  • pkg:maven/net.andresbustamante/y-a-foot-messaging-services@2.0.0-SNAPSHOT
  • pkg:maven/jakarta.mail/jakarta.mail-api@2.1.3

Identifiers

CVE-2023-4218  

In Eclipse IDE versions < 2023-09 (4.29) some files with xml content are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil project or update an open project with a vulnerable file (for example for review a foreign repository or patch).
CWE-611 Improper Restriction of XML External Entity Reference ('XXE')

CVSSv3:
  • Base Score: MEDIUM (5.0)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2008-7271  

Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE, possibly 3.3.2, allow remote attackers to inject arbitrary web script or HTML via (1) the searchWord parameter to help/advanced/searchView.jsp or (2) the workingSet parameter in an add action to help/advanced/workingSetManager.jsp, a different issue than CVE-2010-4647.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2010-4647  

Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE before 3.6.2 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) help/index.jsp or (2) help/advanced/content.jsp.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions: (show all)

jakarta.annotation-api-2.1.1.jar

Description:

Jakarta Annotations API

License:

EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html
File Path: /opt/tomcat/.m2/repository/jakarta/annotation/jakarta.annotation-api/2.1.1/jakarta.annotation-api-2.1.1.jar
MD5: 5dac2f68e8288d0add4dc92cb161711d
SHA1: 48b9bda22b091b1f48b13af03fe36db3be6e1ae3
SHA256:5f65fdaf424eee2b55e1d882ba9bb376be93fb09b37b808be6e22e8851c909fe
Referenced In Projects/Scopes:
  • Core Web:compile
  • Commons Test:compile
  • Users Admin Web:compile
  • Core Services:compile
  • Users Services:compile

jakarta.annotation-api-2.1.1.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/net.andresbustamante/y-a-foot-core-services@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-commons-test@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-core-web@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-commons-test@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-commons-test@2.0.0-SNAPSHOT

Identifiers

jakarta.mail-2.0.3.jar (shaded: org.eclipse.angus:angus-core:2.0.3)

File Path: /opt/tomcat/.m2/repository/org/eclipse/angus/jakarta.mail/2.0.3/jakarta.mail-2.0.3.jar/META-INF/maven/org.eclipse.angus/angus-core/pom.xml
MD5: 9907dbe21768f81f0436f492e8ceca57
SHA1: 108609abe9269199421273dfe2b5520c00ac800c
SHA256:a52a66e7dd0b6006ab29360dfe735a9d32243f70be56ea1af92bc7dca11fd1ed
Referenced In Project/Scope: Core Web:compile

Identifiers

jakarta.mail-2.0.3.jar (shaded: org.eclipse.angus:angus-mail:2.0.3)

File Path: /opt/tomcat/.m2/repository/org/eclipse/angus/jakarta.mail/2.0.3/jakarta.mail-2.0.3.jar/META-INF/maven/org.eclipse.angus/angus-mail/pom.xml
MD5: 8560eb9e79bba0fcd136126b210e4e55
SHA1: fd9a8039c371be9e5b61d88592f88cb7b7dc9a65
SHA256:dbf3a31ca61225a6a91b2832d5c131a187a037ec0761adb19e08362e36a7ad8b
Referenced In Project/Scope: Core Web:compile

Identifiers

jakarta.mail-2.0.3.jar (shaded: org.eclipse.angus:imap:2.0.3)

File Path: /opt/tomcat/.m2/repository/org/eclipse/angus/jakarta.mail/2.0.3/jakarta.mail-2.0.3.jar/META-INF/maven/org.eclipse.angus/imap/pom.xml
MD5: 55d43d94fda869a2551af9303a7ea370
SHA1: fed2fd168251a00aef8e0ebfc379a58a05aa6346
SHA256:2769e1c98f6d6ae4285eb0872ae1d20ce78bd503ed7a824d406e22e25e9d1b16
Referenced In Project/Scope: Core Web:compile

Identifiers

jakarta.mail-2.0.3.jar (shaded: org.eclipse.angus:logging-mailhandler:2.0.3)

File Path: /opt/tomcat/.m2/repository/org/eclipse/angus/jakarta.mail/2.0.3/jakarta.mail-2.0.3.jar/META-INF/maven/org.eclipse.angus/logging-mailhandler/pom.xml
MD5: eb9a0a396f32310dcaeddef53c4fecf2
SHA1: 9d10a9bd90cb079dcdb9b1ab25e1d1f6c253e78d
SHA256:e9546707cf60f5eace422c9f542ba2548fcef1639f1270e103720d54a4ea2a66
Referenced In Project/Scope: Core Web:compile

Identifiers

jakarta.mail-2.0.3.jar (shaded: org.eclipse.angus:pop3:2.0.3)

File Path: /opt/tomcat/.m2/repository/org/eclipse/angus/jakarta.mail/2.0.3/jakarta.mail-2.0.3.jar/META-INF/maven/org.eclipse.angus/pop3/pom.xml
MD5: f814ea6c49648addacecaad34e700890
SHA1: fad30d04e576332a8ce304438a8c60444a2a15fd
SHA256:1bf0ed0c897f7825319a0b4a8926a95a7a4430ddf4d9c11b6d1af7a34acf5261
Referenced In Project/Scope: Core Web:compile

Identifiers

jakarta.mail-2.0.3.jar (shaded: org.eclipse.angus:smtp:2.0.3)

File Path: /opt/tomcat/.m2/repository/org/eclipse/angus/jakarta.mail/2.0.3/jakarta.mail-2.0.3.jar/META-INF/maven/org.eclipse.angus/smtp/pom.xml
MD5: 88fdc95cc63d9167e76af8fd06ad205d
SHA1: 3d3b38a40ef48a4feb95a7e4d6d133df2b58c5b0
SHA256:f69db19b0c17d856e923ce29d4d6089e5dcafa30678fe549c11d316712ca3fae
Referenced In Project/Scope: Core Web:compile

Identifiers

jakarta.mail-2.0.3.jar

Description:

Angus Mail default provider

License:

http://www.eclipse.org/legal/epl-2.0, https://www.gnu.org/software/classpath/license.html, http://www.eclipse.org/org/documents/edl-v10.php
File Path: /opt/tomcat/.m2/repository/org/eclipse/angus/jakarta.mail/2.0.3/jakarta.mail-2.0.3.jar
MD5: 33043478b24ab3845a3bf702c18f9226
SHA1: 3dea6aeee9603f573687b0d4da5dc1316d921bb7
SHA256:efb946424933806bc6f8136752d22fdb3ba887ea0527ff849c474e51f7b3715e
Referenced In Project/Scope: Core Web:compile
jakarta.mail-2.0.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-mail@3.3.11

Identifiers

jakarta.mail-api-2.1.3.jar

Description:

${project.name} ${spec.version} Specification API

License:

EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html
EDL 1.0: http://www.eclipse.org/org/documents/edl-v10.php
File Path: /opt/tomcat/.m2/repository/jakarta/mail/jakarta.mail-api/2.1.3/jakarta.mail-api-2.1.3.jar
MD5: 288a687deb06b87602ce14cd03dddff4
SHA1: a327aa5f514ba86e80d54584417d7376ed2bde0e
SHA256:8051b58d75f982f9a5b963b3765426e824b2a64865ef0af17205e455b98db05c
Referenced In Projects/Scopes:
  • Core Web:compile
  • Users Admin Web:compile
  • Messaging Services:compile
  • Users Services:compile

jakarta.mail-api-2.1.3.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT
  • pkg:maven/org.keycloak/keycloak-admin-client@26.0.5
  • pkg:maven/net.andresbustamante/y-a-foot-messaging-services@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-messaging-services@2.0.0-SNAPSHOT

Identifiers

CVE-2023-4218  

In Eclipse IDE versions < 2023-09 (4.29) some files with xml content are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil project or update an open project with a vulnerable file (for example for review a foreign repository or patch).
CWE-611 Improper Restriction of XML External Entity Reference ('XXE')

CVSSv3:
  • Base Score: MEDIUM (5.0)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2008-7271  

Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE, possibly 3.3.2, allow remote attackers to inject arbitrary web script or HTML via (1) the searchWord parameter to help/advanced/searchView.jsp or (2) the workingSet parameter in an add action to help/advanced/workingSetManager.jsp, a different issue than CVE-2010-4647.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2010-4647  

Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE before 3.6.2 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) help/index.jsp or (2) help/advanced/content.jsp.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions: (show all)

jakarta.servlet-api-6.0.0.jar

Description:

Jakarta Servlet 6.0

License:

EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html
File Path: /opt/tomcat/.m2/repository/jakarta/servlet/jakarta.servlet-api/6.0.0/jakarta.servlet-api-6.0.0.jar
MD5: 4bcb3175ed9b7aa3f038d082879ec2a8
SHA1: abecc699286e65035ebba9844c03931357a6a963
SHA256:c034eb1afb158987dbb53a5fea0cadf611c8dae8daadd59c44d9d5ab70129cef
Referenced In Projects/Scopes:
  • Commons Web:provided
  • Users Admin Web:provided
  • Core Web:provided

jakarta.servlet-api-6.0.0.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/net.andresbustamante/y-a-foot-users-admin-web@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-commons-web@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-core-web@2.0.0-SNAPSHOT

Identifiers

jakarta.validation-api-3.0.2.jar

Description:

        Jakarta Bean Validation API

License:

Apache License 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/jakarta/validation/jakarta.validation-api/3.0.2/jakarta.validation-api-3.0.2.jar
MD5: 3a1ee6efca3e41e3320599790f54c5eb
SHA1: 92b6631659ba35ca09e44874d3eb936edfeee532
SHA256:291c25e6910cc6a7ebd96d4c6baebf6d7c37676c5482c2d96146e901b62c1fc9
Referenced In Projects/Scopes:
  • Core Web:compile
  • Users Admin Web:compile
  • Commons Web:compile
  • Users Services:compile

jakarta.validation-api-3.0.2.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/net.andresbustamante/y-a-foot-core-web@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-commons-web@2.0.0-SNAPSHOT
  • pkg:maven/org.keycloak/keycloak-admin-client@26.0.5
  • pkg:maven/net.andresbustamante/y-a-foot-users-admin-web@2.0.0-SNAPSHOT

Identifiers

jakarta.ws.rs-api-3.1.0.jar

Description:

Jakarta RESTful Web Services

License:

EPL-2.0: http://www.eclipse.org/legal/epl-2.0
GPL-2.0-with-classpath-exception: https://www.gnu.org/software/classpath/license.html
File Path: /opt/tomcat/.m2/repository/jakarta/ws/rs/jakarta.ws.rs-api/3.1.0/jakarta.ws.rs-api-3.1.0.jar
MD5: 6ce4c6749e048456b2c452c1091689ca
SHA1: 15ce10d249a38865b58fc39521f10f29ab0e3363
SHA256:6b3b3628b8b4aedda0d24c3354335e985497d8ef3c510b8f3028e920d5b8663d
Referenced In Projects/Scopes:
  • Users Admin Web:compile
  • Users Services:compile

jakarta.ws.rs-api-3.1.0.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT

Identifiers

jakarta.xml.bind-api-4.0.2.jar

Description:

Jakarta XML Binding API 4.0 Design Specification

License:

http://www.eclipse.org/org/documents/edl-v10.php
File Path: /opt/tomcat/.m2/repository/jakarta/xml/bind/jakarta.xml.bind-api/4.0.2/jakarta.xml.bind-api-4.0.2.jar
MD5: 0c8f9991081def819435c3ff36e4d93f
SHA1: 6cd5a999b834b63238005b7144136379dc36cad2
SHA256:0d6bcfe47763e85047acf7c398336dc84ff85ebcad0a7cb6f3b9d3e981245406
Referenced In Projects/Scopes:
  • Users Admin Web:compile
  • Users Services:compile

jakarta.xml.bind-api-4.0.2.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/org.springframework.boot/spring-boot-starter-test@3.3.11
  • pkg:maven/org.keycloak/keycloak-admin-client@26.0.5

Identifiers

jandex-2.4.5.Final.jar

Description:

Parent POM for JBoss projects. Provides default project build configuration.

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/org/jboss/jandex/2.4.5.Final/jandex-2.4.5.Final.jar
MD5: 81ce0b995162eedcd867f10b3914c517
SHA1: 9b4634d1fa28628549eb986b7c0c73f387090fba
SHA256:70a283bcf11a82b14c20d1a9be731d301aedfd98be1b4c0f5b35fe60b305caff
Referenced In Projects/Scopes:
  • Users Admin Web:compile
  • Users Services:compile

jandex-2.4.5.Final.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT
  • pkg:maven/org.keycloak/keycloak-admin-client@26.0.5

Identifiers

jaxb-core-4.0.3.jar

Description:

JAXB Core module. Contains sources required by XJC, JXC and Runtime modules.

License:

http://www.eclipse.org/org/documents/edl-v10.php
File Path: /opt/tomcat/.m2/repository/org/glassfish/jaxb/jaxb-core/4.0.3/jaxb-core-4.0.3.jar
MD5: 8c5d90e32ee3e76972b7d2acf7a49fdf
SHA1: e9093b4a82069a1d78ee9a3233ca387bca88861f
SHA256:d6d75c422752684fbf04dd74a21698feae0e4a406c2892b5af02d23dc97b2ac6
Referenced In Projects/Scopes:
  • Users Admin Web:compile
  • Users Services:compile

jaxb-core-4.0.3.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/org.keycloak/keycloak-admin-client@26.0.5
  • pkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT

Identifiers

jaxb-jxc-4.0.3.jar

Description:

        JAXB schema generator.The *tool* to generate XML schema based on java classes.

File Path: /opt/tomcat/.m2/repository/org/glassfish/jaxb/jaxb-jxc/4.0.3/jaxb-jxc-4.0.3.jar
MD5: 084bf03ab3beb840a96d480b51a1abb3
SHA1: ff97bfca3455817a3605bf21289abb4d12e27ff3
SHA256:1ab742bf26e939e87682c32973996cc067a3357ac3b0efb744c3f0d153063a30
Referenced In Projects/Scopes:

  • Users Admin Web:compile
  • Users Services:compile

jaxb-jxc-4.0.3.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT
  • pkg:maven/org.keycloak/keycloak-admin-client@26.0.5

Identifiers

jaxb-runtime-4.0.3.jar

Description:

JAXB (JSR 222) Reference Implementation

License:

http://www.eclipse.org/org/documents/edl-v10.php
File Path: /opt/tomcat/.m2/repository/org/glassfish/jaxb/jaxb-runtime/4.0.3/jaxb-runtime-4.0.3.jar
MD5: 1e3fe19cc19a1393c48b5116c0e0999f
SHA1: 93af25be25b2c92c83e0ce61cb8b3ed23568f316
SHA256:795e2dbdd3e64c8ba7e532e35f83136603931a8e9a3b5ffeb05f9f483adab6e0
Referenced In Projects/Scopes:
  • Users Admin Web:compile
  • Users Services:compile

jaxb-runtime-4.0.3.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT
  • pkg:maven/org.keycloak/keycloak-admin-client@26.0.5

Identifiers

jaxb-xjc-4.0.3.jar

Description:

        JAXB Binding Compiler. Contains source code needed for binding customization files into java sources.
        In other words: the *tool* to generate java classes for the given xml representation.

File Path: /opt/tomcat/.m2/repository/org/glassfish/jaxb/jaxb-xjc/4.0.3/jaxb-xjc-4.0.3.jar
MD5: 877234d80035820c4504868536d83124
SHA1: 7420f2fa71646abc584381bc7a6f4ce436d88d15
SHA256:53437669f695d263d7d3632251dca423f4cf87e1f2210a181d6696c7ca753990
Referenced In Projects/Scopes:

  • Users Admin Web:compile
  • Users Services:compile

jaxb-xjc-4.0.3.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT
  • pkg:maven/org.keycloak/keycloak-admin-client@26.0.5

Identifiers

jboss-logging-3.5.3.Final.jar

Description:

The JBoss Logging Framework

License:

Apache License 2.0: https://repository.jboss.org/licenses/apache-2.0.txt
File Path: /opt/tomcat/.m2/repository/org/jboss/logging/jboss-logging/3.5.3.Final/jboss-logging-3.5.3.Final.jar
MD5: ee7e24e94235c13f53392ecaa53f938c
SHA1: c88fc1d8a96d4c3491f55d4317458ccad53ca663
SHA256:7b119460de174195aca412dfed52ca0bbef0ece26c2d74301b6172cfadf4ff59
Referenced In Projects/Scopes:
  • Core Web:compile
  • Users Admin Web:compile
  • Users Services:compile

jboss-logging-3.5.3.Final.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/org.keycloak/keycloak-admin-client@26.0.5
  • pkg:maven/org.springframework.boot/spring-boot-starter-validation@3.3.11
  • pkg:maven/org.springframework.boot/spring-boot-starter-validation@3.3.11

Identifiers

jcip-annotations-1.0-1.jar

Description:

    A clean room implementation of the JCIP Annotations based entirely on the specification provided by the javadocs.

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/com/github/stephenc/jcip/jcip-annotations/1.0-1/jcip-annotations-1.0-1.jar
MD5: d62dbfa8789378457ada685e2f614846
SHA1: ef31541dd28ae2cefdd17c7ebf352d93e9058c63
SHA256:4fccff8382aafc589962c4edb262f6aa595e34f1e11e61057d1c6a96e8fc7323
Referenced In Projects/Scopes:
  • Core Web:compile
  • Users Admin Web:compile
  • Commons Web:compile

jcip-annotations-1.0-1.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/org.springframework.security/spring-security-oauth2-jose@6.3.9
  • pkg:maven/net.andresbustamante/y-a-foot-commons-web@2.0.0-SNAPSHOT
  • pkg:maven/org.springframework.security/spring-security-oauth2-jose@6.3.9

Identifiers

json-patch-1.13.jar

Description:

JSON Patch (RFC 6902) and JSON Merge Patch (RFC 7386) implementation in Java

License:

Lesser General Public License, version 3 or greater: http://www.gnu.org/licenses/lgpl.html
Apache Software License, version 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: /opt/tomcat/.m2/repository/com/github/java-json-tools/json-patch/1.13/json-patch-1.13.jar
MD5: 2cca1a560d862f9d0e74da8cf4d5fca3
SHA1: c8b72249e50fe778e7df223e5b1fed1931a4a688
SHA256:1f794d256965b53ef37e70b55505e2ed00ddc0184d44e2e8e1fdce5a3cacc7de
Referenced In Projects/Scopes:
  • Users Admin Web:compile
  • Users Services:compile

json-patch-1.13.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT
  • pkg:maven/org.keycloak/keycloak-admin-client@26.0.5

Identifiers

CVE-2022-45688  

A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data.
CWE-787 Out-of-bounds Write

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2023-5072  

Denial of Service  in JSON-Java versions up to and including 20230618.  A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

json-smart-2.5.2.jar

Description:

JSON (JavaScript Object Notation) is a lightweight data-interchange format. It is easy for humans to read and write. It is easy for machines to parse and generate. It is based on a subset of the JavaScript Programming Language, Standard ECMA-262 3rd Edition - December 1999. JSON is a text format that is completely language independent but uses conventions that are familiar to programmers of the C-family of languages, including C, C++, C#, Java, JavaScript, Perl, Python, and many others. These properties make JSON an ideal data-interchange language.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/net/minidev/json-smart/2.5.2/json-smart-2.5.2.jar
MD5: e3ad34c55c0d2627255f79f4411c6bdd
SHA1: 95d166b18f95907be0f46cdb9e1c0695eed03387
SHA256:4fbdedb0105cedc7f766b95c297d2e88fb6a560da48f3bbaa0cc538ea8b7bf71
Referenced In Project/Scope: Core Web:runtime
json-smart-2.5.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-oauth2-client@3.3.11

Identifiers

junit-jupiter-api-5.10.5.jar

Description:

Module "junit-jupiter-api" of JUnit 5.

License:

Eclipse Public License v2.0: https://www.eclipse.org/legal/epl-v20.html
File Path: /opt/tomcat/.m2/repository/org/junit/jupiter/junit-jupiter-api/5.10.5/junit-jupiter-api-5.10.5.jar
MD5: 122f47ba1582768d2e428304323cb098
SHA1: a5c09855b0087daaddaa5faa5100ab2555d5e111
SHA256:42251c2f1c29658c156ca0f3d9670588a051e9b6dd04f52a82de19ea32343e4c
Referenced In Project/Scope: Commons Test:compile
junit-jupiter-api-5.10.5.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-commons-test@2.0.0-SNAPSHOT

Identifiers

junit-platform-commons-1.10.5.jar

Description:

Module "junit-platform-commons" of JUnit 5.

License:

Eclipse Public License v2.0: https://www.eclipse.org/legal/epl-v20.html
File Path: /opt/tomcat/.m2/repository/org/junit/platform/junit-platform-commons/1.10.5/junit-platform-commons-1.10.5.jar
MD5: e7ceca1cd99f5b27236326785d03cb91
SHA1: 6d1985c5eece30fb9faafe9bf1f5e005ac3d0fcc
SHA256:abdaeaaf4cebd121ab9a7498ed7861693d2bb0ac5976b26c0060a308922ef49d
Referenced In Project/Scope: Commons Test:compile
junit-platform-commons-1.10.5.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.junit.jupiter/junit-jupiter-api@5.10.5

Identifiers

keycloak-admin-client-26.0.5.jar

File Path: /opt/tomcat/.m2/repository/org/keycloak/keycloak-admin-client/26.0.5/keycloak-admin-client-26.0.5.jar
MD5: a942027d2297bd2df35e2f79e80e05ee
SHA1: 5fed495319d1a8addd0f4b54deb1195beac4640f
SHA256:fe0f28032634b6b7373e2edd7e3d60d10078801727f8c8d6d530041f38154187
Referenced In Projects/Scopes:

  • Users Admin Web:compile
  • Users Services:compile

keycloak-admin-client-26.0.5.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT

Identifiers

keycloak-core-26.1.3.jar

File Path: /opt/tomcat/.m2/repository/org/keycloak/keycloak-core/26.1.3/keycloak-core-26.1.3.jar
MD5: 0e4e1fdbdded0470fe86cbb630ba0411
SHA1: baf69d73c38f4d6fc5ca469669af225329e877a3
SHA256:224877b24a6d4d634519a90d73d714c7739d0debac2b5d9ac9c9e0293cf6d024
Referenced In Projects/Scopes:

  • Users Admin Web:compile
  • Users Services:compile

keycloak-core-26.1.3.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT

Identifiers

lang-tag-1.7.jar

Description:

Java implementation of "Tags for Identifying Languages" (RFC 5646)

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/com/nimbusds/lang-tag/1.7/lang-tag-1.7.jar
MD5: 31b8a4f76fdbf21f1d667f9d6618e0b2
SHA1: 97c73ecd70bc7e8eefb26c5eea84f251a63f1031
SHA256:e8c1c594e2425bdbea2d860de55c69b69fc5d59454452449a0f0913c2a5b8a31
Referenced In Project/Scope: Core Web:runtime
lang-tag-1.7.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-oauth2-client@3.3.11

Identifiers

logback-core-1.5.18.jar

Description:

logback-core module

License:

http://www.eclipse.org/legal/epl-v10.html, http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html
File Path: /opt/tomcat/.m2/repository/ch/qos/logback/logback-core/1.5.18/logback-core-1.5.18.jar
MD5: 10bcea83842beead15f072799b9c923d
SHA1: 6c0375624f6f36b4e089e2488ba21334a11ef13f
SHA256:85139e7b57b464f8e5e36326dd81317648bed199ccc4f98cd42585f8d7571027
Referenced In Projects/Scopes:
  • Core Web:compile
  • Users Admin Web:compile
  • Commons Services:compile
  • Messaging Services:compile
  • Core Services:compile
  • Users Services:compile

logback-core-1.5.18.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/net.andresbustamante/y-a-foot-messaging-services@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-commons-services@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-commons-services@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-commons-services@2.0.0-SNAPSHOT
  • pkg:maven/ch.qos.logback/logback-classic@1.5.18

Identifiers

lombok-1.18.38.jar

Description:

Spice up your java: Automatic Resource Management, automatic generation of getters, setters, equals, hashCode and toString, and more!

License:

The MIT License: https://projectlombok.org/LICENSE
File Path: /opt/tomcat/.m2/repository/org/projectlombok/lombok/1.18.38/lombok-1.18.38.jar
MD5: 789cacd8d3969e9d23e6e6baec747f70
SHA1: 57f8f5e02e92a30fd21b80cbd426a4172b5f8e29
SHA256:1e1e427c36ff63c44fd30ef292d9e773ea3154460ab6265d3fed7e6f5bc50fb9
Referenced In Projects/Scopes:
  • Core API:provided
  • Commons Web:provided
  • Commons API:provided
  • Users API:provided

lombok-1.18.38.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/net.andresbustamante/y-a-foot-commons-api@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-users-api@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-commons-web@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-core-api@2.0.0-SNAPSHOT

Identifiers

lombok-1.18.38.jar: mavenEcjBootstrapAgent.jar

File Path: /opt/tomcat/.m2/repository/org/projectlombok/lombok/1.18.38/lombok-1.18.38.jar/lombok/launch/mavenEcjBootstrapAgent.jar
MD5: 885d5d6be90a5dcd4b82cdf741e3f31a
SHA1: e1f7f1779f40157fd0b984c1bc32a0cb45cae66e
SHA256:74a80a6ee84e5c6fe497dfcc46a46dbe30578525e747eb531e918ee0750c8da9
Referenced In Projects/Scopes:

  • Core API:provided
  • Commons Web:provided
  • Commons API:provided
  • Users API:provided

Identifiers

  • None

mapstruct-1.5.5.Final.jar

Description:

An annotation processor for generating type-safe bean mappers

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/org/mapstruct/mapstruct/1.5.5.Final/mapstruct-1.5.5.Final.jar
MD5: 9f2f737ffa2496ca5c40dcc323068803
SHA1: 2ca3cbe39b6e9ea8d5ea521965a89bef2a1e8eeb
SHA256:6391e07982855dd804d825b63a55ab9251003716547216e5f581123c841328d5
Referenced In Projects/Scopes:
  • Core Web:compile
  • Users Admin Web:compile
  • Commons Web:compile

mapstruct-1.5.5.Final.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/net.andresbustamante/y-a-foot-users-admin-web@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-core-web@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-commons-web@2.0.0-SNAPSHOT

Identifiers

micrometer-commons-1.13.13.jar

Description:

Module containing common code

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/io/micrometer/micrometer-commons/1.13.13/micrometer-commons-1.13.13.jar
MD5: 3a91c7465b7ee9c005e26c3481a636b2
SHA1: 9fa147a70b0fbc237bd0ce9ec2a2fa9b33bc7bd7
SHA256:8613395fb4914819610d0b24ccf7345b30ee40e7bc08699cfcfb746bb2cb881d
Referenced In Projects/Scopes:
  • Core Web:compile
  • Commons Test:compile
  • Users Admin Web:compile
  • Commons Services:compile
  • Messaging Services:compile
  • Core Services:compile
  • Commons Web:compile
  • Users Services:compile

micrometer-commons-1.13.13.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/org.springframework/spring-context@6.1.19
  • pkg:maven/org.springframework/spring-context@6.1.19
  • pkg:maven/org.springframework/spring-context@6.1.19
  • pkg:maven/org.springframework/spring-context@6.1.19
  • pkg:maven/org.springframework/spring-context@6.1.19
  • pkg:maven/org.springframework/spring-context@6.1.19
  • pkg:maven/org.springframework/spring-context@6.1.19
  • pkg:maven/org.springframework/spring-context@6.1.19

Identifiers

micrometer-observation-1.13.13.jar

Description:

Module containing Observation related code

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/io/micrometer/micrometer-observation/1.13.13/micrometer-observation-1.13.13.jar
MD5: 5511e8e9460c294024a0789dbb015948
SHA1: 8f5dcc8e44120ac65f53cf79581ca8894c560c5b
SHA256:35b40b485eb0514ff57fa15cbcd3c0cc850a1c72421cb7090e97e8e191167b99
Referenced In Projects/Scopes:
  • Core Web:compile
  • Commons Test:compile
  • Users Admin Web:compile
  • Commons Services:compile
  • Messaging Services:compile
  • Core Services:compile
  • Commons Web:compile
  • Users Services:compile

micrometer-observation-1.13.13.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/org.springframework/spring-context@6.1.19
  • pkg:maven/org.springframework/spring-context@6.1.19
  • pkg:maven/org.springframework/spring-context@6.1.19
  • pkg:maven/org.springframework/spring-context@6.1.19
  • pkg:maven/org.springframework/spring-context@6.1.19
  • pkg:maven/org.springframework/spring-context@6.1.19
  • pkg:maven/org.springframework/spring-context@6.1.19
  • pkg:maven/org.springframework/spring-context@6.1.19

Identifiers

microprofile-openapi-api-3.1.1.jar

Description:

MicroProfile OpenAPI API :: API

License:

Apache License, Version 2.0
File Path: /opt/tomcat/.m2/repository/org/eclipse/microprofile/openapi/microprofile-openapi-api/3.1.1/microprofile-openapi-api-3.1.1.jar
MD5: d49b4088a9b12341dd37b881fbf14d1d
SHA1: 24d319e0caeca078d2bc748d063ba4f7239d44dc
SHA256:b482278365efc155fe8de06aac2e715911df4abc01562391a958cae2ce941814
Referenced In Projects/Scopes:
  • Users Admin Web:compile
  • Users Services:compile

microprofile-openapi-api-3.1.1.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT
  • pkg:maven/org.keycloak/keycloak-core@26.1.3

Identifiers

mockito-core-5.11.0.jar

Description:

Mockito mock objects library core API and implementation

License:

MIT: https://opensource.org/licenses/MIT
File Path: /opt/tomcat/.m2/repository/org/mockito/mockito-core/5.11.0/mockito-core-5.11.0.jar
MD5: 73997150a1d85f77aa03fdb7750dc2d0
SHA1: e4069fa4f4ff2c94322cfec5f2e45341c6c70aff
SHA256:f076c96b1f49b8d9bc42e46b0969aaf5684c40c8b5b679d400e5d880073a0e00
Referenced In Project/Scope: Commons Test:compile
mockito-core-5.11.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-commons-test@2.0.0-SNAPSHOT

Identifiers

mockito-junit-jupiter-5.11.0.jar

Description:

Mockito JUnit 5 support

License:

MIT: https://opensource.org/licenses/MIT
File Path: /opt/tomcat/.m2/repository/org/mockito/mockito-junit-jupiter/5.11.0/mockito-junit-jupiter-5.11.0.jar
MD5: 42d14b53962b3641779a11271c26418f
SHA1: 8e658dd339f40305ed4293db25545b5df98b171b
SHA256:a30ea4fe0484e54f64cdc15269a6c6ff1bd89bc26a0d41e4c27cb91cb78dc548
Referenced In Project/Scope: Commons Test:compile
mockito-junit-jupiter-5.11.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-commons-test@2.0.0-SNAPSHOT

Identifiers

msg-simple-1.2.jar

Description:

A lightweight, UTF-8 capable, printf() capable alternative to Java's ResourceBundle

License:

Lesser General Public License, version 3 or greater: http://www.gnu.org/licenses/lgpl.html
Apache Software License, version 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: /opt/tomcat/.m2/repository/com/github/java-json-tools/msg-simple/1.2/msg-simple-1.2.jar
MD5: b0ad6fb398838287f1993c44bafb18e2
SHA1: a06afa2d5d75c98e54ab370107930978fc3f9937
SHA256:bef4111b993a5b3e6148d8f585621cceac2a1889cdbc34448b11632e0d8a9a8f
Referenced In Projects/Scopes:
  • Users Admin Web:compile
  • Users Services:compile

msg-simple-1.2.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT
  • pkg:maven/org.keycloak/keycloak-admin-client@26.0.5

Identifiers

CVE-2022-45688  

A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data.
CWE-787 Out-of-bounds Write

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2023-5072  

Denial of Service  in JSON-Java versions up to and including 20230618.  A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

mybatis-3.5.19.jar (shaded: ognl:ognl:3.4.4)

Description:

OGNL - Object Graph Navigation Library

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/org/mybatis/mybatis/3.5.19/mybatis-3.5.19.jar/META-INF/maven/ognl/ognl/pom.xml
MD5: 24a86428b8e57ffae0c6960674232532
SHA1: b3461ef165d68058c312e3728f855ded87efd9f9
SHA256:789b916ed18989c719c1e9abb024945e5ff24cda29d3cdc755a6db06573fbab7
Referenced In Projects/Scopes:
  • Core Web:compile
  • Core Services:compile

Identifiers

mybatis-3.5.19.jar (shaded: org.javassist:javassist:3.30.2-GA)

Description:

    Javassist (JAVA programming ASSISTant) makes Java bytecode manipulation
    simple. It is a class library for editing bytecodes in Java.

License:

MPL 1.1: https://www.mozilla.org/en-US/MPL/1.1/
LGPL 2.1: https://www.gnu.org/licenses/lgpl-2.1.html
Apache License 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /opt/tomcat/.m2/repository/org/mybatis/mybatis/3.5.19/mybatis-3.5.19.jar/META-INF/maven/org.javassist/javassist/pom.xml
MD5: adefe9ccbb66e8f75db5fa9a27df3668
SHA1: 005e8895e8598228aa2c1d3b426585a49e2c22fc
SHA256:4227851cb70e43f73aced8bffe692de3ae4412c4a62dcdff055e513ee3d801a3
Referenced In Projects/Scopes:
  • Core Web:compile
  • Core Services:compile

Identifiers

mybatis-3.5.19.jar

Description:

The MyBatis SQL mapper framework makes it easier to use a relational database with object-oriented
    applications. MyBatis couples objects with stored procedures or SQL statements using a XML descriptor or
    annotations. Simplicity is the biggest advantage of the MyBatis data mapper over object relational mapping
    tools.

License:

"The Apache Software License, Version 2.0";link="https://www.apache.org/licenses/LICENSE-2.0.txt"
File Path: /opt/tomcat/.m2/repository/org/mybatis/mybatis/3.5.19/mybatis-3.5.19.jar
MD5: c08c2e37b85829ca613dda4d5dbb6fcc
SHA1: 79b20d963e38e66f41431ea49bc22f7cce718142
SHA256:93eea616ae355751bd5fbabb57f0732713fbe79f3196f33c51a0aeeb4255862a
Referenced In Projects/Scopes:
  • Core Web:compile
  • Core Services:compile

mybatis-3.5.19.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/net.andresbustamante/y-a-foot-core-services@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-core-services@2.0.0-SNAPSHOT

Identifiers

mybatis-spring-3.0.4.jar

Description:

An easy-to-use Spring bridge for MyBatis sql mapping framework.

License:

"The Apache Software License, Version 2.0";link="https://www.apache.org/licenses/LICENSE-2.0.txt"
File Path: /opt/tomcat/.m2/repository/org/mybatis/mybatis-spring/3.0.4/mybatis-spring-3.0.4.jar
MD5: adb6d883f5c2eba7218b48d8d7e11691
SHA1: 8a1250161c6b5c15103c1f51d6a1ad8307af4418
SHA256:e21d766c8e505a3762b0220e36f81d6be53eddbed55bb2a8c06dbff4cbdc6f6e
Referenced In Projects/Scopes:
  • Core Web:compile
  • Core Services:compile

mybatis-spring-3.0.4.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/net.andresbustamante/y-a-foot-core-services@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-core-services@2.0.0-SNAPSHOT

Identifiers

mybatis-spring-boot-autoconfigure-3.0.4.jar

Description:

Spring Boot Support for MyBatis

License:

"The Apache Software License, Version 2.0";link="https://www.apache.org/licenses/LICENSE-2.0.txt"
File Path: /opt/tomcat/.m2/repository/org/mybatis/spring/boot/mybatis-spring-boot-autoconfigure/3.0.4/mybatis-spring-boot-autoconfigure-3.0.4.jar
MD5: 9987b40ef7acebed60290c30c801ea5e
SHA1: 027c887cbd92c780e7d8baaf30d9dc5b5d5f0c03
SHA256:b4aab3e93ac4f5082d8060198d2e4c35be25d76dbb2f3e556e35b8f1b6056924
Referenced In Project/Scope: Core Web:compile
mybatis-spring-boot-autoconfigure-3.0.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.mybatis.spring.boot/mybatis-spring-boot-starter@3.0.4

Identifiers

mybatis-spring-boot-starter-3.0.4.jar

Description:

Spring Boot Support for MyBatis

License:

"The Apache Software License, Version 2.0";link="https://www.apache.org/licenses/LICENSE-2.0.txt"
File Path: /opt/tomcat/.m2/repository/org/mybatis/spring/boot/mybatis-spring-boot-starter/3.0.4/mybatis-spring-boot-starter-3.0.4.jar
MD5: 759980a3e0d7a81c3697f7356d5ccb62
SHA1: 2a56c4aa1f81aaef9abb0105f72702a737517d9a
SHA256:c4ad5690dd58ad94bbb385dace45e7dafe7c4252f3849ffca8be0819cbfdc590
Referenced In Project/Scope: Core Web:compile
mybatis-spring-boot-starter-3.0.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-core-web@2.0.0-SNAPSHOT

Identifiers

net.andresbustamante:y-a-foot-commons-api:2.0.0-SNAPSHOT

Description:

Shared API classes and interfaces

File Path: /opt/tomcat/.jenkins/workspace/y-a-foot_y-a-foot_build_develop/y-a-foot-commons-api/pom.xml

Referenced In Projects/Scopes:

  • Users Admin Web
  • Core API
  • Messaging API
  • Core Services
  • Messaging Services
  • Users API
  • Core Web
  • Users Services
  • Commons Web

net.andresbustamante:y-a-foot-commons-api:2.0.0-SNAPSHOT is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/net.andresbustamante/y-a-foot-messaging-api@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-core-services@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-users-admin-web@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-users-api@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-messaging-services@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-core-web@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-commons-web@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-core-api@2.0.0-SNAPSHOT

Identifiers

net.andresbustamante:y-a-foot-commons-services:2.0.0-SNAPSHOT

Description:

Shared classes and interfaces for the services layer

File Path: /opt/tomcat/.jenkins/workspace/y-a-foot_y-a-foot_build_develop/y-a-foot-commons-services/pom.xml

Referenced In Projects/Scopes:

  • Users Admin Web
  • Core Services
  • Messaging Services
  • Core Web
  • Users Services

net.andresbustamante:y-a-foot-commons-services:2.0.0-SNAPSHOT is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-core-web@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-users-admin-web@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-messaging-services@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-core-services@2.0.0-SNAPSHOT

Identifiers

net.andresbustamante:y-a-foot-commons-web:2.0.0-SNAPSHOT

Description:

Shared classes, interfaces and configurations for the Web layer

File Path: /opt/tomcat/.jenkins/workspace/y-a-foot_y-a-foot_build_develop/y-a-foot-commons-web/pom.xml

Referenced In Projects/Scopes:

  • Users Admin Web
  • Core Web

net.andresbustamante:y-a-foot-commons-web:2.0.0-SNAPSHOT is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/net.andresbustamante/y-a-foot-core-web@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-users-admin-web@2.0.0-SNAPSHOT

Identifiers

net.andresbustamante:y-a-foot-core-api:2.0.0-SNAPSHOT

Description:

Core API classes and interfaces

File Path: /opt/tomcat/.jenkins/workspace/y-a-foot_y-a-foot_build_develop/y-a-foot-core-api/pom.xml

Referenced In Projects/Scopes:

  • Core Services
  • Core Web

net.andresbustamante:y-a-foot-core-api:2.0.0-SNAPSHOT is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/net.andresbustamante/y-a-foot-core-web@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-core-services@2.0.0-SNAPSHOT

Identifiers

net.andresbustamante:y-a-foot-core-db:2.0.0-SNAPSHOT

Description:

Core database migration resources

File Path: /opt/tomcat/.jenkins/workspace/y-a-foot_y-a-foot_build_develop/y-a-foot-core-db/pom.xml

Referenced In Projects/Scopes:

  • Core Services
  • Core Web

net.andresbustamante:y-a-foot-core-db:2.0.0-SNAPSHOT is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/net.andresbustamante/y-a-foot-core-services@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-core-web@2.0.0-SNAPSHOT

Identifiers

net.andresbustamante:y-a-foot-core-events:2.0.0-SNAPSHOT

Description:

Sport planning for amateurs

File Path: /opt/tomcat/.jenkins/workspace/y-a-foot_y-a-foot_build_develop/y-a-foot-core-events/pom.xml

Referenced In Projects/Scopes:

  • Core Services
  • Core Web

net.andresbustamante:y-a-foot-core-events:2.0.0-SNAPSHOT is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/net.andresbustamante/y-a-foot-core-services@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-core-web@2.0.0-SNAPSHOT

Identifiers

net.andresbustamante:y-a-foot-core-services:2.0.0-SNAPSHOT

Description:

Core services implementations

File Path: /opt/tomcat/.jenkins/workspace/y-a-foot_y-a-foot_build_develop/y-a-foot-core-services/pom.xml

Referenced In Project/Scope: Core Web
net.andresbustamante:y-a-foot-core-services:2.0.0-SNAPSHOT is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-core-web@2.0.0-SNAPSHOT

Identifiers

net.andresbustamante:y-a-foot-messaging-api:2.0.0-SNAPSHOT

Description:

Messaging API classes and interfaces

File Path: /opt/tomcat/.jenkins/workspace/y-a-foot_y-a-foot_build_develop/y-a-foot-messaging-api/pom.xml

Referenced In Projects/Scopes:

  • Core Services
  • Messaging Services
  • Core Web

net.andresbustamante:y-a-foot-messaging-api:2.0.0-SNAPSHOT is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/net.andresbustamante/y-a-foot-core-web@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-core-services@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-messaging-services@2.0.0-SNAPSHOT

Identifiers

net.andresbustamante:y-a-foot-messaging-services:2.0.0-SNAPSHOT

Description:

Messaging services implementation

File Path: /opt/tomcat/.jenkins/workspace/y-a-foot_y-a-foot_build_develop/y-a-foot-messaging-services/pom.xml

Referenced In Project/Scope: Core Web
net.andresbustamante:y-a-foot-messaging-services:2.0.0-SNAPSHOT is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-core-web@2.0.0-SNAPSHOT

Identifiers

net.andresbustamante:y-a-foot-users-api:2.0.0-SNAPSHOT

Description:

Users API classes and interfaces

File Path: /opt/tomcat/.jenkins/workspace/y-a-foot_y-a-foot_build_develop/y-a-foot-users-api/pom.xml

Referenced In Projects/Scopes:

  • Users Admin Web
  • Core API
  • Core Services
  • Messaging Services
  • Core Web
  • Users Services

net.andresbustamante:y-a-foot-users-api:2.0.0-SNAPSHOT is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/net.andresbustamante/y-a-foot-core-services@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-core-web@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-messaging-services@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-core-api@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-users-admin-web@2.0.0-SNAPSHOT

Identifiers

net.andresbustamante:y-a-foot-users-services:2.0.0-SNAPSHOT

Description:

Users services implementations

File Path: /opt/tomcat/.jenkins/workspace/y-a-foot_y-a-foot_build_develop/y-a-foot-users-services/pom.xml

Referenced In Project/Scope: Users Admin Web
net.andresbustamante:y-a-foot-users-services:2.0.0-SNAPSHOT is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-users-admin-web@2.0.0-SNAPSHOT

Identifiers

nimbus-jose-jwt-9.37.3.jar

Description:

        Java library for Javascript Object Signing and Encryption (JOSE) and
        JSON Web Tokens (JWT)

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/com/nimbusds/nimbus-jose-jwt/9.37.3/nimbus-jose-jwt-9.37.3.jar
MD5: a2ecba11e197522b7f963cbcf0b59715
SHA1: 700f71ffefd60c16bd8ce711a956967ea9071cec
SHA256:12ae4a3a260095d7aeba2adea7ae396e8b9570db8b7b409e09a824c219cc0444
Referenced In Projects/Scopes:
  • Core Web:compile
  • Users Admin Web:compile
  • Commons Web:compile

nimbus-jose-jwt-9.37.3.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/net.andresbustamante/y-a-foot-commons-web@2.0.0-SNAPSHOT
  • pkg:maven/org.springframework.security/spring-security-oauth2-jose@6.3.9
  • pkg:maven/org.springframework.security/spring-security-oauth2-jose@6.3.9

Identifiers

oauth2-oidc-sdk-9.43.6.jar

Description:

		OAuth 2.0 SDK with OpenID Connection extensions for developing
		client and server applications.

License:

Apache License, version 2.0: https://www.apache.org/licenses/LICENSE-2.0.html
File Path: /opt/tomcat/.m2/repository/com/nimbusds/oauth2-oidc-sdk/9.43.6/oauth2-oidc-sdk-9.43.6.jar
MD5: 7b90ae947014dca2dcba869735270a7f
SHA1: a1842456e236f53e30946b2cb0bdeb17a44cdfd3
SHA256:fee94eae5c4388e1de7fba84e3ada2b92d17bbbb28c630d4258a6f0615c1f303
Referenced In Project/Scope: Core Web:runtime
oauth2-oidc-sdk-9.43.6.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-oauth2-client@3.3.11

Identifiers

objenesis-3.3.jar

Description:

A library for instantiating Java objects

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/org/objenesis/objenesis/3.3/objenesis-3.3.jar
MD5: ab0e0b2ab81affdd7f38bcc60fd85571
SHA1: 1049c09f1de4331e8193e579448d0916d75b7631
SHA256:02dfd0b0439a5591e35b708ed2f5474eb0948f53abf74637e959b8e4ef69bfeb
Referenced In Project/Scope: Commons Test:runtime
objenesis-3.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.mockito/mockito-core@5.11.0

Identifiers

opentest4j-1.3.0.jar

Description:

Open Test Alliance for the JVM

License:

The Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/org/opentest4j/opentest4j/1.3.0/opentest4j-1.3.0.jar
MD5: 03c404f727531f3fd3b4c73997899327
SHA1: 152ea56b3a72f655d4fd677fc0ef2596c3dd5e6e
SHA256:48e2df636cab6563ced64dcdff8abb2355627cb236ef0bf37598682ddf742f1b
Referenced In Project/Scope: Commons Test:compile
opentest4j-1.3.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.junit.jupiter/junit-jupiter-api@5.10.5

Identifiers

postgresql-42.7.5.jar

Description:

PostgreSQL JDBC Driver Postgresql

License:

BSD-2-Clause: https://jdbc.postgresql.org/about/license.html
File Path: /opt/tomcat/.m2/repository/org/postgresql/postgresql/42.7.5/postgresql-42.7.5.jar
MD5: 5cd7ba0dfa9ec82c4812b5bf387de185
SHA1: 747897987b86c741fb8b56f6b81929ae1e6e4b46
SHA256:69020b3bd20984543e817393f2e6c01a890ef2e37a77dd11d6d8508181d079ab
Referenced In Projects/Scopes:
  • Core DB:compile
  • Core Web:compile
  • Core Services:compile

postgresql-42.7.5.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/net.andresbustamante/y-a-foot-core-db@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-core-db@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-core-db@2.0.0-SNAPSHOT

Identifiers

reactive-streams-1.0.4.jar

Description:

A Protocol for Asynchronous Non-Blocking Data Sequence

License:

MIT-0: https://spdx.org/licenses/MIT-0.html
File Path: /opt/tomcat/.m2/repository/org/reactivestreams/reactive-streams/1.0.4/reactive-streams-1.0.4.jar
MD5: eda7978509c32d99166745cc144c99cd
SHA1: 3864a1320d97d7b045f729a326e1e077661f31b7
SHA256:f75ca597789b3dac58f61857b9ac2e1034a68fa672db35055a8fb4509e325f28
Referenced In Projects/Scopes:
  • Users Admin Web:compile
  • Users Services:compile

reactive-streams-1.0.4.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/org.keycloak/keycloak-admin-client@26.0.5
  • pkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT

Identifiers

relaxng-datatype-4.0.3.jar

Description:

RelaxNG Datatype library.

License:

http://www.eclipse.org/org/documents/edl-v10.php
File Path: /opt/tomcat/.m2/repository/com/sun/xml/bind/external/relaxng-datatype/4.0.3/relaxng-datatype-4.0.3.jar
MD5: 809a7974433a9d3a56756ce4431630e7
SHA1: 4959f0b554ac5674c951205077a3adcdf0b03118
SHA256:4e62f0f16f933c27a80ced4e6b091cea7e3c853704116b40f324e792ce5a2c73
Referenced In Projects/Scopes:
  • Users Admin Web:compile
  • Users Services:compile

relaxng-datatype-4.0.3.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/org.keycloak/keycloak-admin-client@26.0.5
  • pkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT

Identifiers

resteasy-core-6.2.9.Final.jar

File Path: /opt/tomcat/.m2/repository/org/jboss/resteasy/resteasy-core/6.2.9.Final/resteasy-core-6.2.9.Final.jar
MD5: a2def701dea0ec5efbd51fa0da101c1f
SHA1: 7731f7881444f757743ced96d00bec7a36117352
SHA256:f7802bb92ee0e8d0bdf95cc9964ff02f6c5177232fd62476073c848bb6314c96
Referenced In Projects/Scopes:

  • Users Admin Web:compile
  • Users Services:compile

resteasy-core-6.2.9.Final.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/org.keycloak/keycloak-admin-client@26.0.5
  • pkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT

Identifiers

rngom-4.0.3.jar

Description:

        RNGOM is a RelaxNG Object model library (XSOM for RelaxNG).

License:

http://www.eclipse.org/org/documents/edl-v10.php
File Path: /opt/tomcat/.m2/repository/com/sun/xml/bind/external/rngom/4.0.3/rngom-4.0.3.jar
MD5: 460a0926da0591f50b09ec85d3c65774
SHA1: 4d240e2341114dcef812c8e572011df44648f4af
SHA256:e86474b30f9ef547d55bf5c035f4a1e3f2fddc28a393c9cfb1c315bb94dbd3fd
Referenced In Projects/Scopes:
  • Users Admin Web:compile
  • Users Services:compile

rngom-4.0.3.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/org.keycloak/keycloak-admin-client@26.0.5
  • pkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT

Identifiers

slf4j-api-2.0.17.jar

Description:

The slf4j API

License:

https://opensource.org/license/mit
File Path: /opt/tomcat/.m2/repository/org/slf4j/slf4j-api/2.0.17/slf4j-api-2.0.17.jar
MD5: b6480d114a23683498ac3f746f959d2f
SHA1: d9e58ac9c7779ba3bf8142aff6c830617a7fe60f
SHA256:7b751d952061954d5abfed7181c1f645d336091b679891591d63329c622eb832
Referenced In Projects/Scopes:
  • Core Web:compile
  • Commons Test:compile
  • Users Admin Web:compile
  • Commons Services:compile
  • Messaging Services:compile
  • Core Services:compile
  • Core Events:compile
  • Users Services:compile

slf4j-api-2.0.17.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT
  • pkg:maven/org.dbunit/dbunit@2.7.3
  • pkg:maven/net.andresbustamante/y-a-foot-core-services@2.0.0-SNAPSHOT
  • pkg:maven/org.apache.avro/avro@1.11.4
  • pkg:maven/net.andresbustamante/y-a-foot-commons-services@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-messaging-services@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-users-admin-web@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-core-web@2.0.0-SNAPSHOT

Identifiers

snakeyaml-2.2.jar

Description:

YAML 1.1 parser and emitter for Java

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/org/yaml/snakeyaml/2.2/snakeyaml-2.2.jar
MD5: d78aacf5f2de5b52f1a327470efd1ad7
SHA1: 3af797a25458550a16bf89acc8e4ab2b7f2bfce0
SHA256:1467931448a0817696ae2805b7b8b20bfb082652bf9c4efaed528930dc49389b
Referenced In Projects/Scopes:
  • Core Web:compile
  • Users Admin Web:compile

snakeyaml-2.2.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/org.springframework.boot/spring-boot-starter-web@3.3.11
  • pkg:maven/org.springframework.boot/spring-boot-starter-web@3.3.11

Identifiers

spring-amqp-3.1.11.jar

Description:

Spring AMQP Core

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/org/springframework/amqp/spring-amqp/3.1.11/spring-amqp-3.1.11.jar
MD5: a783fffa27f1fd15a7e6f94b6ee4555f
SHA1: 878a936dda58b32eb08913fe1d3543dd158e38aa
SHA256:c8f866734524bed1a486653f424daf586fec7a1559171534efaef515878cef3e
Referenced In Projects/Scopes:
  • Core Web:compile
  • Users Admin Web:compile
  • Core Services:compile

spring-amqp-3.1.11.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/org.springframework.amqp/spring-rabbit@3.1.11
  • pkg:maven/net.andresbustamante/y-a-foot-core-web@2.0.0-SNAPSHOT
  • pkg:maven/org.springframework.boot/spring-boot-starter-amqp@3.3.11

Identifiers

  • pkg:maven/org.springframework.amqp/spring-amqp@3.1.11  (Confidence:High)
  • cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:3.1.11:*:*:*:*:*:*:*  (Confidence:Low)  
  • cpe:2.3:a:vmware:spring_advanced_message_queuing_protocol:3.1.11:*:*:*:*:*:*:*  (Confidence:Low)  

spring-boot-starter-jdbc-3.4.0.jar

Description:

Starter for using JDBC with the HikariCP connection pool

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /opt/tomcat/.m2/repository/org/springframework/boot/spring-boot-starter-jdbc/3.4.0/spring-boot-starter-jdbc-3.4.0.jar
MD5: 2a8ab619db1fbca0dc235e3dc503834b
SHA1: 8e24eb3bee1a26a5b0ef58ad677ac3f6bf58a4ea
SHA256:c567a29527d1bea5d3454d234f7348732b5d7db7afc55fc79e487fc155fe7c67
Referenced In Project/Scope: Core Web:compile
spring-boot-starter-jdbc-3.4.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.mybatis.spring.boot/mybatis-spring-boot-starter@3.0.4

Identifiers

spring-boot-starter-oauth2-resource-server-3.3.11.jar

Description:

Starter for using Spring Security's OAuth2 resource server features

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /opt/tomcat/.m2/repository/org/springframework/boot/spring-boot-starter-oauth2-resource-server/3.3.11/spring-boot-starter-oauth2-resource-server-3.3.11.jar
MD5: 38cd4eacd464e3d917f115b5a9b73eb5
SHA1: d6dacb95f167cabbf822d24ff244cd839262a28e
SHA256:b4506f9df96932ff83ebbd4f2f632730d090e4608b10d283bc214a74b645819c
Referenced In Project/Scope: Core Web:compile
spring-boot-starter-oauth2-resource-server-3.3.11.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-core-web@2.0.0-SNAPSHOT

Identifiers

spring-boot-starter-web-3.3.11.jar

Description:

Starter for building web, including RESTful, applications using Spring MVC. Uses Tomcat as the default embedded container

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /opt/tomcat/.m2/repository/org/springframework/boot/spring-boot-starter-web/3.3.11/spring-boot-starter-web-3.3.11.jar
MD5: dce8a00363ffc8a242d86d0ba59e4a20
SHA1: a447c26f78b6023366143c13d8836082462fb5ed
SHA256:3343bbca057aa530b72e59788625c26fdec43c8cdaa42836cedae183db20b526
Referenced In Projects/Scopes:
  • Core Web:compile
  • Users Admin Web:compile

spring-boot-starter-web-3.3.11.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/net.andresbustamante/y-a-foot-core-web@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-users-admin-web@2.0.0-SNAPSHOT

Identifiers

spring-core-6.1.19.jar

Description:

Spring Core

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /opt/tomcat/.m2/repository/org/springframework/spring-core/6.1.19/spring-core-6.1.19.jar
MD5: c7b7de19a43581b1f22d87fbfa192cd5
SHA1: 85718bafdeda6c6b4b0782afda2002299c3f918a
SHA256:a46e9b693d6be2cce3bc3f2b6ed144c4a7198dcc5c355ca3c63b383d8e911800
Referenced In Projects/Scopes:
  • Core Web:compile
  • Commons Test:compile
  • Users Admin Web:compile
  • Commons Services:compile
  • Messaging Services:compile
  • Core Services:compile
  • Commons Web:compile
  • Users Services:compile

spring-core-6.1.19.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/net.andresbustamante/y-a-foot-core-services@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-core-services@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-commons-test@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-commons-test@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-commons-test@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT
  • pkg:maven/org.springframework/spring-context@6.1.19
  • pkg:maven/org.springframework/spring-context@6.1.19

Identifiers

spring-retry-2.0.11.jar

Description:

		Spring Retry provides an abstraction around retrying failed operations, with an
		emphasis on declarative control of the process and policy-based behaviour that is
		easy to extend and customize. For instance, you can configure a plain POJO
		operation to retry if it fails, based on the type of exception, and with a fixed
		or exponential backoff.

License:

Apache 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/org/springframework/retry/spring-retry/2.0.11/spring-retry-2.0.11.jar
MD5: 24fe2b3e01091f9fb1c6038a8f3e57d9
SHA1: 0bd4fae67445baf330b69b6b786748a308ab31f6
SHA256:1be1d42bb1ae33813f84557b0e419d3471e35850269c749dab8610e521a82567
Referenced In Projects/Scopes:
  • Core Web:compile
  • Users Admin Web:compile
  • Core Services:compile

spring-retry-2.0.11.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/org.springframework.amqp/spring-amqp@3.1.11
  • pkg:maven/org.springframework.boot/spring-boot-starter-amqp@3.3.11
  • pkg:maven/org.springframework.amqp/spring-rabbit@3.1.11

Identifiers

spring-security-core-6.3.9.jar

Description:

Spring Security

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /opt/tomcat/.m2/repository/org/springframework/security/spring-security-core/6.3.9/spring-security-core-6.3.9.jar
MD5: 119f8471a5db75c043d52e8539b735c6
SHA1: 70dd35fe2c70fe78c3f431647b2fc492f0912120
SHA256:c3b06c4c7e4cc437363785b94d5ac57af5a08ff54046bfecf4c387220660be06
Referenced In Projects/Scopes:
  • Core Web:compile
  • Users Admin Web:compile
  • Commons Web:compile
  • Users Services:compile

spring-security-core-6.3.9.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/net.andresbustamante/y-a-foot-commons-web@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-commons-web@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-core-web@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT

Identifiers

spring-security-oauth2-resource-server-6.3.9.jar

Description:

Spring Security

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /opt/tomcat/.m2/repository/org/springframework/security/spring-security-oauth2-resource-server/6.3.9/spring-security-oauth2-resource-server-6.3.9.jar
MD5: 2354be71eebe2c9ad68266579cd2b7e0
SHA1: 517b1e3c296869335a3abf6f775ceeba8184d3a8
SHA256:41037e11206a5e9453e9890c859ca5fed82d1cf79f2ece61d9fd23296390c123
Referenced In Projects/Scopes:
  • Core Web:compile
  • Users Admin Web:compile
  • Commons Web:compile

spring-security-oauth2-resource-server-6.3.9.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/net.andresbustamante/y-a-foot-commons-web@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-commons-web@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-core-web@2.0.0-SNAPSHOT

Identifiers

spring-security-web-6.3.9.jar

Description:

Spring Security

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /opt/tomcat/.m2/repository/org/springframework/security/spring-security-web/6.3.9/spring-security-web-6.3.9.jar
MD5: d2ffe936d52fc7c438007c14e59641a6
SHA1: 172d00cd128561a0acd2ca81fe7ee508ba489ada
SHA256:0d452463f5a860da963873842e72dbb96c0198513d19d186cd15fadb111344ab
Referenced In Projects/Scopes:
  • Core Web:compile
  • Users Admin Web:compile
  • Commons Web:compile
  • Users Services:compile

spring-security-web-6.3.9.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/net.andresbustamante/y-a-foot-users-admin-web@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-core-web@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT
  • pkg:maven/org.springframework.security/spring-security-oauth2-resource-server@6.3.9

Identifiers

spring-test-dbunit-1.3.0.jar

Description:

Integration between the Spring testing framework and DBUnit

License:

Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/com/github/springtestdbunit/spring-test-dbunit/1.3.0/spring-test-dbunit-1.3.0.jar
MD5: e40b368a1f9e537ec503d311e9319115
SHA1: 596cab1e9016443d9ea9ffbc0692f4106f54c37d
SHA256:ff5d305d5bf3a1ba0fae9a90c6c2feb1b507a97d7f2dd2d544b0adab4433e4af
Referenced In Project/Scope: Commons Test:compile
spring-test-dbunit-1.3.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-commons-test@2.0.0-SNAPSHOT

Identifiers

spring-web-6.1.19.jar

Description:

Spring Web

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /opt/tomcat/.m2/repository/org/springframework/spring-web/6.1.19/spring-web-6.1.19.jar
MD5: 0dc2be1ade9148172e2c76546eaa6418
SHA1: 86ee75c9042bff1c1e59e35ad15a8f9385b45f0f
SHA256:163d2155b9ac25eb56b26fd5bf667192c4290992bc0444f90033a81f5f6e887e
Referenced In Projects/Scopes:
  • Core Web:compile
  • Users Admin Web:compile
  • Core Services:compile
  • Commons Web:compile
  • Users Services:compile

spring-web-6.1.19.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-users-admin-web@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-commons-web@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-core-services@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-core-web@2.0.0-SNAPSHOT

Identifiers

swagger-annotations-2.2.18.jar

Description:

swagger-annotations

License:

"Apache License 2.0";link="http://www.apache.org/licenses/LICENSE-2.0.html"
File Path: /opt/tomcat/.m2/repository/io/swagger/core/v3/swagger-annotations/2.2.18/swagger-annotations-2.2.18.jar
MD5: 89fdf32376651c2a5f1d6ba6ee92c4e9
SHA1: 72ed83a368c13d8963e986bdc82f7105a1439c49
SHA256:436eb3cea261c770be1a37eb6b4752bb08b776228f8480890763df38390a227d
Referenced In Projects/Scopes:
  • Core Web:compile
  • Users Admin Web:compile

swagger-annotations-2.2.18.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/net.andresbustamante/y-a-foot-users-admin-web@2.0.0-SNAPSHOT
  • pkg:maven/net.andresbustamante/y-a-foot-core-web@2.0.0-SNAPSHOT

Identifiers

tomcat-embed-core-10.1.40.jar

Description:

Core Tomcat implementation

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/org/apache/tomcat/embed/tomcat-embed-core/10.1.40/tomcat-embed-core-10.1.40.jar
MD5: 469a77d350935dc68e88be91bc337ee1
SHA1: fc1c09b726336dc6f7dde0408cebb1a56a3a28d3
SHA256:a837da48929985b35a489265bc4d6250b7209a2eaf646de7597ed22a028c610c
Referenced In Projects/Scopes:
  • Core Web:compile
  • Users Admin Web:compile

tomcat-embed-core-10.1.40.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/org.springframework.boot/spring-boot-starter-web@3.3.11
  • pkg:maven/org.springframework.boot/spring-boot-starter-web@3.3.11

Identifiers

tomcat-embed-el-10.1.40.jar

Description:

Core Tomcat implementation

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/org/apache/tomcat/embed/tomcat-embed-el/10.1.40/tomcat-embed-el-10.1.40.jar
MD5: c80cb09246e057b85dfa5c25deb562ba
SHA1: 1b321790508c1d410689b4f496dae18a97fa6ae9
SHA256:138e1b8bcb06890b38408b0801d2f4c2a5a375947aa8d3fc12ac2f98573d5385
Referenced In Projects/Scopes:
  • Core Web:compile
  • Users Admin Web:compile

tomcat-embed-el-10.1.40.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/org.springframework.boot/spring-boot-starter-validation@3.3.11
  • pkg:maven/org.springframework.boot/spring-boot-starter-validation@3.3.11

Identifiers

txw2-4.0.3.jar

Description:

        TXW is a library that allows you to write XML documents.

File Path: /opt/tomcat/.m2/repository/org/glassfish/jaxb/txw2/4.0.3/txw2-4.0.3.jar
MD5: b95e92bbc4dd7183916a11ed210b6169
SHA1: 47b8fe31c6d1a3382203af919400527389e01e9c
SHA256:df07a51801b995e44aec9a95ef875d95fbb8de2874417de6066d84f731cb9e9c
Referenced In Projects/Scopes:

  • Users Admin Web:compile
  • Users Services:compile

txw2-4.0.3.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT
  • pkg:maven/org.keycloak/keycloak-admin-client@26.0.5

Identifiers

xsom-4.0.3.jar

Description:

XML Schema Object Model (XSOM) is a Java library that allows applications to easily parse XML Schema
        documents and inspect information in them. It is expected to be useful for applications that need to take XML
        Schema as an input.

License:

Eclipse Distribution License - v 1.0: http://www.eclipse.org/org/documents/edl-v10.php
File Path: /opt/tomcat/.m2/repository/org/glassfish/jaxb/xsom/4.0.3/xsom-4.0.3.jar
MD5: 050161218c72a27c4191e9e6e6f33122
SHA1: 4406ab2fd87b18abfa996870000ff88119de7c6d
SHA256:247a2348fcfd983ef38d9ada0827d0684630e9018b3839c91df3f56a10a9b01a
Referenced In Projects/Scopes:
  • Users Admin Web:compile
  • Users Services:compile

xsom-4.0.3.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT
  • pkg:maven/org.keycloak/keycloak-admin-client@26.0.5

Identifiers



This report contains data retrieved from the National Vulnerability Database.
This report may contain data retrieved from the CISA Known Exploited Vulnerability Catalog.
This report may contain data retrieved from the NPM Public Advisories.
This report may contain data retrieved from RetireJS.
This report may contain data retrieved from the Sonatype OSS Index.