Dependency-Check Report

Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

Scan Information (show all):

dependency-check version: 8.0.1
Report Generated On: Sat, 3 May 2025 18:03:46 GMT
Dependencies Scanned: 8 (8 unique)
Vulnerable Dependencies: 1
Vulnerabilities Found: 2
Vulnerabilities Suppressed: 0
...
CurrentEngineRelease: 12.1.0
NVD CVE Checked: 2025-05-03T17:09:51
NVD CVE Modified: 2025-05-03T16:00:01
VersionCheckOn: 2025-05-01T21:09:43
kev.checked: 1746292219

Summary

Display: Showing Vulnerable Dependencies (click to show all)

Dependency	Vulnerability IDs	Package	Highest Severity	CVE Count	Confidence	Evidence Count
checker-qual-3.48.3.jar		pkg:maven/org.checkerframework/checker-qual@3.48.3		0		46
flyway-core-10.10.0.jar		pkg:maven/org.flywaydb/flyway-core@10.10.0		0		21
gson-2.10.1.jar	cpe:2.3:a:google:gson:2.10.1:::::::*	pkg:maven/com.google.code.gson/gson@2.10.1		0	Highest	35
jackson-annotations-2.17.3.jar	cpe:2.3:a:fasterxml:jackson-modules-java8:2.17.3:::::::*	pkg:maven/com.fasterxml.jackson.core/jackson-annotations@2.17.3		0	Low	40
jackson-core-2.17.3.jar	cpe:2.3:a:fasterxml:jackson-modules-java8:2.17.3:::::::* cpe:2.3:a:json-java_project:json-java:2.17.3:::::::*	pkg:maven/com.fasterxml.jackson.core/jackson-core@2.17.3	HIGH	2	Low	51
jackson-databind-2.17.3.jar	cpe:2.3:a:fasterxml:jackson-databind:2.17.3:::::::* cpe:2.3:a:fasterxml:jackson-modules-java8:2.17.3:::::::*	pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.17.3		0	Highest	43
jackson-dataformat-toml-2.17.3.jar	cpe:2.3:a:fasterxml:jackson-dataformat-xml:2.17.3:::::::*	pkg:maven/com.fasterxml.jackson.dataformat/jackson-dataformat-toml@2.17.3		0	Highest	41
postgresql-42.7.5.jar	cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.7.5:::::::*	pkg:maven/org.postgresql/postgresql@42.7.5		0	Low	71

Dependencies

checker-qual-3.48.3.jar

Description:

checker-qual contains annotations (type qualifiers) that a programmerwrites to specify Java code for type-checking by the Checker Framework.

License:

The MIT License: http://opensource.org/licenses/MIT

File Path: /opt/tomcat/.m2/repository/org/checkerframework/checker-qual/3.48.3/checker-qual-3.48.3.jar
MD5: 9fe3deae54d20bd78960459c952ac7d4
SHA1: c48effe7d78de3cf5e8a98c614281ec6a2466a77
SHA256:443685b1b232803baaf803c15d6f5a425473c6f7b81c5f276dfcf93288e389a5
Referenced In Project/Scope: Core DB:runtime
pkg:maven/org.postgresql/postgresql@42.7.5

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	checker-qual	High
Vendor	jar	package name	checker	Highest
Vendor	jar	package name	checkerframework	Highest
Vendor	jar	package name	framework	Highest
Vendor	jar	package name	qual	Highest
Vendor	Manifest	bundle-symbolicname	checker-qual	Medium
Vendor	Manifest	implementation-url	https://checkerframework.org	Low
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	pom	artifactid	checker-qual	Highest
Vendor	pom	artifactid	checker-qual	Low
Vendor	pom	developer email	mernst@cs.washington.edu	Low
Vendor	pom	developer email	smillst@cs.washington.edu	Low
Vendor	pom	developer id	mernst	Medium
Vendor	pom	developer id	smillst	Medium
Vendor	pom	developer name	Michael Ernst	Medium
Vendor	pom	developer name	Suzanne Millstein	Medium
Vendor	pom	developer org	University of Washington	Medium
Vendor	pom	developer org URL	https://www.cs.washington.edu/	Medium
Vendor	pom	groupid	org.checkerframework	Highest
Vendor	pom	name	Checker Qual	High
Vendor	pom	url	https://checkerframework.org/	Highest
Product	file	name	checker-qual	High
Product	jar	package name	checker	Highest
Product	jar	package name	checkerframework	Highest
Product	jar	package name	framework	Highest
Product	jar	package name	qual	Highest
Product	Manifest	Bundle-Name	checker-qual	Medium
Product	Manifest	bundle-symbolicname	checker-qual	Medium
Product	Manifest	implementation-url	https://checkerframework.org	Low
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	pom	artifactid	checker-qual	Highest
Product	pom	developer email	mernst@cs.washington.edu	Low
Product	pom	developer email	smillst@cs.washington.edu	Low
Product	pom	developer id	mernst	Low
Product	pom	developer id	smillst	Low
Product	pom	developer name	Michael Ernst	Low
Product	pom	developer name	Suzanne Millstein	Low
Product	pom	developer org	University of Washington	Low
Product	pom	developer org URL	https://www.cs.washington.edu/	Low
Product	pom	groupid	org.checkerframework	Highest
Product	pom	name	Checker Qual	High
Product	pom	url	https://checkerframework.org/	Medium
Version	file	version	3.48.3	High
Version	Manifest	Bundle-Version	3.48.3	High
Version	Manifest	Implementation-Version	3.48.3	High
Version	pom	version	3.48.3	Highest

Identifiers

pkg:maven/org.checkerframework/checker-qual@3.48.3 (Confidence:High)

flyway-core-10.10.0.jar

File Path: /opt/tomcat/.m2/repository/org/flywaydb/flyway-core/10.10.0/flyway-core-10.10.0.jar
MD5: c31003dacfe66439c92a78f5019775d4
SHA1: 8761d308b9fc9697a95ae362bcbbb5abe8f6e08f
SHA256:9ca803176bf3c9450b58af79c07ffdc7922fa029b97e4f51675b6a9766d4e1d6
Referenced In Project/Scope: Core DB:compile
flyway-core-10.10.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-core-db@2.0.0-SNAPSHOT

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	flyway-core	High
Vendor	jar	package name	core	Highest
Vendor	jar	package name	flyway	Highest
Vendor	jar	package name	flywaydb	Highest
Vendor	Manifest	build-jdk-spec	17	Low
Vendor	pom	artifactid	flyway-core	Highest
Vendor	pom	artifactid	flyway-core	Low
Vendor	pom	groupid	org.flywaydb	Highest
Vendor	pom	name	${project.artifactId}	High
Vendor	pom	parent-artifactid	flyway-parent	Low
Product	file	name	flyway-core	High
Product	jar	package name	core	Highest
Product	jar	package name	flyway	Highest
Product	jar	package name	flywaydb	Highest
Product	Manifest	build-jdk-spec	17	Low
Product	pom	artifactid	flyway-core	Highest
Product	pom	groupid	org.flywaydb	Highest
Product	pom	name	${project.artifactId}	High
Product	pom	parent-artifactid	flyway-parent	Medium
Version	file	version	10.10.0	High
Version	pom	version	10.10.0	Highest

Identifiers

pkg:maven/org.flywaydb/flyway-core@10.10.0 (Confidence:High)

gson-2.10.1.jar

Description:

Gson JSON library

License:

Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /opt/tomcat/.m2/repository/com/google/code/gson/gson/2.10.1/gson-2.10.1.jar
MD5: df6097815738cb31fc56391553210843
SHA1: b3add478d4382b78ea20b1671390a858002feb6c
SHA256:4241c14a7727c34feea6507ec801318a3d4a90f070e4525681079fb94ee4c593
Referenced In Project/Scope: Core DB:compile
pkg:maven/org.flywaydb/flyway-core@10.10.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	gson	High
Vendor	jar	package name	google	Highest
Vendor	jar	package name	gson	Highest
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	Manifest	bundle-contactaddress	https://github.com/google/gson	Low
Vendor	Manifest	bundle-developers	google;organization=Google;organizationUrl="https://www.google.com"	Low
Vendor	Manifest	bundle-docurl	https://github.com/google/gson/gson	Low
Vendor	Manifest	bundle-requiredexecutionenvironment	JavaSE-1.7, JavaSE-1.8	Low
Vendor	Manifest	bundle-symbolicname	com.google.gson	Medium
Vendor	Manifest	multi-release	true	Low
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))"	Low
Vendor	pom	artifactid	gson	Highest
Vendor	pom	artifactid	gson	Low
Vendor	pom	groupid	com.google.code.gson	Highest
Vendor	pom	name	Gson	High
Vendor	pom	parent-artifactid	gson-parent	Low
Product	file	name	gson	High
Product	jar	package name	google	Highest
Product	jar	package name	gson	Highest
Product	Manifest	build-jdk-spec	11	Low
Product	Manifest	bundle-contactaddress	https://github.com/google/gson	Low
Product	Manifest	bundle-developers	google;organization=Google;organizationUrl="https://www.google.com"	Low
Product	Manifest	bundle-docurl	https://github.com/google/gson/gson	Low
Product	Manifest	Bundle-Name	Gson	Medium
Product	Manifest	bundle-requiredexecutionenvironment	JavaSE-1.7, JavaSE-1.8	Low
Product	Manifest	bundle-symbolicname	com.google.gson	Medium
Product	Manifest	multi-release	true	Low
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))"	Low
Product	pom	artifactid	gson	Highest
Product	pom	groupid	com.google.code.gson	Highest
Product	pom	name	Gson	High
Product	pom	parent-artifactid	gson-parent	Medium
Version	file	version	2.10.1	High
Version	Manifest	Bundle-Version	2.10.1	High
Version	pom	version	2.10.1	Highest

Identifiers

pkg:maven/com.google.code.gson/gson@2.10.1 (Confidence:High)
cpe:2.3:a:google:gson:2.10.1:*:*:*:*:*:*:* (Confidence:Highest)

jackson-annotations-2.17.3.jar

Description:

Core annotations used for value types, used by Jackson data binding package.

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /opt/tomcat/.m2/repository/com/fasterxml/jackson/core/jackson-annotations/2.17.3/jackson-annotations-2.17.3.jar
MD5: cb80e34a9fa3c0b27560e1562dfdff43
SHA1: 4f30a05d2eee0ab700cdc27aa5967e934d3042b2
SHA256:2747f60343783a6ec8a68405c7c839fa0bbe30ee4e2459d21a1ac3b7365e1ed5
Referenced In Project/Scope: Core DB:compile
pkg:maven/org.flywaydb/flyway-core@10.10.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	jackson-annotations	High
Vendor	jar	package name	fasterxml	Highest
Vendor	jar	package name	jackson	Highest
Vendor	Manifest	build-jdk-spec	1.8	Low
Vendor	Manifest	bundle-docurl	https://github.com/FasterXML/jackson	Low
Vendor	Manifest	bundle-symbolicname	com.fasterxml.jackson.core.jackson-annotations	Medium
Vendor	Manifest	Implementation-Vendor	FasterXML	High
Vendor	Manifest	Implementation-Vendor-Id	com.fasterxml.jackson.core	Medium
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))"	Low
Vendor	Manifest	specification-vendor	FasterXML	Low
Vendor	pom	artifactid	jackson-annotations	Highest
Vendor	pom	artifactid	jackson-annotations	Low
Vendor	pom	groupid	com.fasterxml.jackson.core	Highest
Vendor	pom	name	Jackson-annotations	High
Vendor	pom	parent-artifactid	jackson-parent	Low
Vendor	pom	parent-groupid	com.fasterxml.jackson	Medium
Vendor	pom	url	FasterXML/jackson	Highest
Product	file	name	jackson-annotations	High
Product	hint analyzer	product	java8	Highest
Product	hint analyzer	product	modules	Highest
Product	jar	package name	fasterxml	Highest
Product	jar	package name	jackson	Highest
Product	Manifest	build-jdk-spec	1.8	Low
Product	Manifest	bundle-docurl	https://github.com/FasterXML/jackson	Low
Product	Manifest	Bundle-Name	Jackson-annotations	Medium
Product	Manifest	bundle-symbolicname	com.fasterxml.jackson.core.jackson-annotations	Medium
Product	Manifest	Implementation-Title	Jackson-annotations	High
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))"	Low
Product	Manifest	specification-title	Jackson-annotations	Medium
Product	pom	artifactid	jackson-annotations	Highest
Product	pom	groupid	com.fasterxml.jackson.core	Highest
Product	pom	name	Jackson-annotations	High
Product	pom	parent-artifactid	jackson-parent	Medium
Product	pom	parent-groupid	com.fasterxml.jackson	Medium
Product	pom	url	FasterXML/jackson	High
Version	file	version	2.17.3	High
Version	Manifest	Bundle-Version	2.17.3	High
Version	Manifest	Implementation-Version	2.17.3	High
Version	pom	parent-version	2.17.3	Low
Version	pom	version	2.17.3	Highest

Identifiers

pkg:maven/com.fasterxml.jackson.core/jackson-annotations@2.17.3 (Confidence:High)
cpe:2.3:a:fasterxml:jackson-modules-java8:2.17.3:*:*:*:*:*:*:* (Confidence:Low)

jackson-core-2.17.3.jar

Description:

Core Jackson processing abstractions (aka Streaming API), implementation for JSON

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /opt/tomcat/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.17.3/jackson-core-2.17.3.jar
MD5: b38c1cd06ec2b87bd23494962c44da69
SHA1: 1d6eb3e959c737692b720d3492b2f1f34c4c8579
SHA256:19e03ee71f00a86255fa3c980560b231e1305486f6482c905601209014f5870c
Referenced In Project/Scope: Core DB:compile
pkg:maven/org.flywaydb/flyway-core@10.10.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	jackson-core	High
Vendor	jar	package name	base	Highest
Vendor	jar	package name	com	Highest
Vendor	jar	package name	core	Highest
Vendor	jar	package name	fasterxml	Highest
Vendor	jar	package name	jackson	Highest
Vendor	jar	package name	json	Highest
Vendor	Manifest	build-jdk-spec	1.8	Low
Vendor	Manifest	bundle-docurl	https://github.com/FasterXML/jackson-core	Low
Vendor	Manifest	bundle-symbolicname	com.fasterxml.jackson.core.jackson-core	Medium
Vendor	Manifest	Implementation-Vendor	FasterXML	High
Vendor	Manifest	Implementation-Vendor-Id	com.fasterxml.jackson.core	Medium
Vendor	Manifest	multi-release	true	Low
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	Manifest	specification-vendor	FasterXML	Low
Vendor	pom	artifactid	jackson-core	Highest
Vendor	pom	artifactid	jackson-core	Low
Vendor	pom	groupid	com.fasterxml.jackson.core	Highest
Vendor	pom	name	Jackson-core	High
Vendor	pom	parent-artifactid	jackson-base	Low
Vendor	pom	parent-groupid	com.fasterxml.jackson	Medium
Vendor	pom	url	FasterXML/jackson-core	Highest
Product	file	name	jackson-core	High
Product	hint analyzer	product	java8	Highest
Product	hint analyzer	product	modules	Highest
Product	jar	package name	base	Highest
Product	jar	package name	com	Highest
Product	jar	package name	core	Highest
Product	jar	package name	fasterxml	Highest
Product	jar	package name	filter	Highest
Product	jar	package name	jackson	Highest
Product	jar	package name	json	Highest
Product	jar	package name	version	Highest
Product	Manifest	build-jdk-spec	1.8	Low
Product	Manifest	bundle-docurl	https://github.com/FasterXML/jackson-core	Low
Product	Manifest	Bundle-Name	Jackson-core	Medium
Product	Manifest	bundle-symbolicname	com.fasterxml.jackson.core.jackson-core	Medium
Product	Manifest	Implementation-Title	Jackson-core	High
Product	Manifest	multi-release	true	Low
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	Manifest	specification-title	Jackson-core	Medium
Product	pom	artifactid	jackson-core	Highest
Product	pom	groupid	com.fasterxml.jackson.core	Highest
Product	pom	name	Jackson-core	High
Product	pom	parent-artifactid	jackson-base	Medium
Product	pom	parent-groupid	com.fasterxml.jackson	Medium
Product	pom	url	FasterXML/jackson-core	High
Version	file	version	2.17.3	High
Version	Manifest	Bundle-Version	2.17.3	High
Version	Manifest	Implementation-Version	2.17.3	High
Version	pom	version	2.17.3	Highest

Identifiers

pkg:maven/com.fasterxml.jackson.core/jackson-core@2.17.3 (Confidence:High)
cpe:2.3:a:fasterxml:jackson-modules-java8:2.17.3:*:*:*:*:*:*:* (Confidence:Low)
cpe:2.3:a:json-java_project:json-java:2.17.3:*:*:*:*:*:*:* (Confidence:Low)

Published Vulnerabilities

CVE-2022-45688

A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data.

CWE-787 Out-of-bounds Write

CVSSv3:

Base Score: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2023-5072

Denial of Service  in JSON-Java versions up to and including 20230618.  A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.

CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv3:

Base Score: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

cpe:2.3:a:json-java_project:json-java:*:*:*:*:*:*:*:* versions up to (including) 20230618

jackson-databind-2.17.3.jar

Description:

General data-binding functionality for Jackson: works on core streaming API

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /opt/tomcat/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.17.3/jackson-databind-2.17.3.jar
MD5: 820811143157937e800b899a4feeb261
SHA1: 42c617beb411ee813bdc39a287424bfb19d99185
SHA256:93b13e709a0b620de42019180a75bc1fc4885c81fe5b6087a4aa248f91fb9a95
Referenced In Project/Scope: Core DB:compile
pkg:maven/org.flywaydb/flyway-core@10.10.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	jackson-databind	High
Vendor	jar	package name	databind	Highest
Vendor	jar	package name	fasterxml	Highest
Vendor	jar	package name	jackson	Highest
Vendor	Manifest	build-jdk-spec	1.8	Low
Vendor	Manifest	bundle-docurl	https://github.com/FasterXML/jackson	Low
Vendor	Manifest	bundle-symbolicname	com.fasterxml.jackson.core.jackson-databind	Medium
Vendor	Manifest	Implementation-Vendor	FasterXML	High
Vendor	Manifest	Implementation-Vendor-Id	com.fasterxml.jackson.core	Medium
Vendor	Manifest	multi-release	true	Low
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	Manifest	specification-vendor	FasterXML	Low
Vendor	pom	artifactid	jackson-databind	Highest
Vendor	pom	artifactid	jackson-databind	Low
Vendor	pom	groupid	com.fasterxml.jackson.core	Highest
Vendor	pom	name	jackson-databind	High
Vendor	pom	parent-artifactid	jackson-base	Low
Vendor	pom	parent-groupid	com.fasterxml.jackson	Medium
Vendor	pom	url	FasterXML/jackson	Highest
Product	file	name	jackson-databind	High
Product	hint analyzer	product	java8	Highest
Product	hint analyzer	product	modules	Highest
Product	jar	package name	databind	Highest
Product	jar	package name	fasterxml	Highest
Product	jar	package name	jackson	Highest
Product	Manifest	build-jdk-spec	1.8	Low
Product	Manifest	bundle-docurl	https://github.com/FasterXML/jackson	Low
Product	Manifest	Bundle-Name	jackson-databind	Medium
Product	Manifest	bundle-symbolicname	com.fasterxml.jackson.core.jackson-databind	Medium
Product	Manifest	Implementation-Title	jackson-databind	High
Product	Manifest	multi-release	true	Low
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	Manifest	specification-title	jackson-databind	Medium
Product	pom	artifactid	jackson-databind	Highest
Product	pom	groupid	com.fasterxml.jackson.core	Highest
Product	pom	name	jackson-databind	High
Product	pom	parent-artifactid	jackson-base	Medium
Product	pom	parent-groupid	com.fasterxml.jackson	Medium
Product	pom	url	FasterXML/jackson	High
Version	file	version	2.17.3	High
Version	Manifest	Bundle-Version	2.17.3	High
Version	Manifest	Implementation-Version	2.17.3	High
Version	pom	version	2.17.3	Highest

Identifiers

pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.17.3 (Confidence:High)
cpe:2.3:a:fasterxml:jackson-databind:2.17.3:*:*:*:*:*:*:* (Confidence:Highest)
cpe:2.3:a:fasterxml:jackson-modules-java8:2.17.3:*:*:*:*:*:*:* (Confidence:Low)

jackson-dataformat-toml-2.17.3.jar

Description:

Support for reading and writing TOML-encoded data via Jackson abstractions.

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /opt/tomcat/.m2/repository/com/fasterxml/jackson/dataformat/jackson-dataformat-toml/2.17.3/jackson-dataformat-toml-2.17.3.jar
MD5: d2ad35af9cbda38b7c342e5db2f42714
SHA1: 34c86ea69dac79a2a684d5d2261b62116e788e37
SHA256:c5785f6ab645e4cda167424359b32a6af466a06d46d6c2195c1f14058be7e212
Referenced In Project/Scope: Core DB:compile
pkg:maven/org.flywaydb/flyway-core@10.10.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	jackson-dataformat-toml	High
Vendor	jar	package name	dataformat	Highest
Vendor	jar	package name	fasterxml	Highest
Vendor	jar	package name	jackson	Highest
Vendor	jar	package name	toml	Highest
Vendor	Manifest	build-jdk-spec	1.8	Low
Vendor	Manifest	bundle-docurl	https://github.com/FasterXML/jackson-dataformats-text	Low
Vendor	Manifest	bundle-symbolicname	com.fasterxml.jackson.dataformat.jackson-dataformat-toml	Medium
Vendor	Manifest	Implementation-Vendor	FasterXML	High
Vendor	Manifest	Implementation-Vendor-Id	com.fasterxml.jackson.dataformat	Medium
Vendor	Manifest	multi-release	true	Low
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	Manifest	specification-vendor	FasterXML	Low
Vendor	pom	artifactid	jackson-dataformat-toml	Highest
Vendor	pom	artifactid	jackson-dataformat-toml	Low
Vendor	pom	groupid	com.fasterxml.jackson.dataformat	Highest
Vendor	pom	name	Jackson-dataformat-TOML	High
Vendor	pom	parent-artifactid	jackson-dataformats-text	Low
Vendor	pom	url	FasterXML/jackson-dataformats-text	Highest
Product	file	name	jackson-dataformat-toml	High
Product	jar	package name	dataformat	Highest
Product	jar	package name	fasterxml	Highest
Product	jar	package name	jackson	Highest
Product	jar	package name	toml	Highest
Product	Manifest	build-jdk-spec	1.8	Low
Product	Manifest	bundle-docurl	https://github.com/FasterXML/jackson-dataformats-text	Low
Product	Manifest	Bundle-Name	Jackson-dataformat-TOML	Medium
Product	Manifest	bundle-symbolicname	com.fasterxml.jackson.dataformat.jackson-dataformat-toml	Medium
Product	Manifest	Implementation-Title	Jackson-dataformat-TOML	High
Product	Manifest	multi-release	true	Low
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	Manifest	specification-title	Jackson-dataformat-TOML	Medium
Product	pom	artifactid	jackson-dataformat-toml	Highest
Product	pom	groupid	com.fasterxml.jackson.dataformat	Highest
Product	pom	name	Jackson-dataformat-TOML	High
Product	pom	parent-artifactid	jackson-dataformats-text	Medium
Product	pom	url	FasterXML/jackson-dataformats-text	High
Version	file	version	2.17.3	High
Version	Manifest	Bundle-Version	2.17.3	High
Version	Manifest	Implementation-Version	2.17.3	High
Version	pom	version	2.17.3	Highest

Identifiers

pkg:maven/com.fasterxml.jackson.dataformat/jackson-dataformat-toml@2.17.3 (Confidence:High)
cpe:2.3:a:fasterxml:jackson-dataformat-xml:2.17.3:*:*:*:*:*:*:* (Confidence:Highest)

postgresql-42.7.5.jar

Description:

PostgreSQL JDBC Driver Postgresql

License:

BSD-2-Clause: https://jdbc.postgresql.org/about/license.html

File Path: /opt/tomcat/.m2/repository/org/postgresql/postgresql/42.7.5/postgresql-42.7.5.jar
MD5: 5cd7ba0dfa9ec82c4812b5bf387de185
SHA1: 747897987b86c741fb8b56f6b81929ae1e6e4b46
SHA256:69020b3bd20984543e817393f2e6c01a890ef2e37a77dd11d6d8508181d079ab
Referenced In Project/Scope: Core DB:compile
pkg:maven/net.andresbustamante/y-a-foot-core-db@2.0.0-SNAPSHOT

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	postgresql	High
Vendor	jar	package name	driver	Highest
Vendor	jar	package name	jdbc	Highest
Vendor	jar	package name	postgresql	Highest
Vendor	Manifest	automatic-module-name	org.postgresql.jdbc	Medium
Vendor	Manifest	bundle-copyright	Copyright (c) 2003-2024, PostgreSQL Global Development Group	Low
Vendor	Manifest	bundle-docurl	https://jdbc.postgresql.org/	Low
Vendor	Manifest	bundle-symbolicname	org.postgresql.jdbc	Medium
Vendor	Manifest	Implementation-Vendor	PostgreSQL Global Development Group	High
Vendor	Manifest	Implementation-Vendor-Id	org.postgresql	Medium
Vendor	Manifest	provide-capability	osgi.service;effective:=active;objectClass="org.osgi.service.jdbc.DataSourceFactory";osgi.jdbc.driver.class="org.postgresql.Driver";osgi.jdbc.driver.name="PostgreSQL JDBC Driver"	Low
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(\|(osgi.ee=J2SE)(osgi.ee=JavaSE))(version>=1.8))"	Low
Vendor	Manifest	specification-vendor	Oracle Corporation	Low
Vendor	pom	artifactid	postgresql	Highest
Vendor	pom	artifactid	postgresql	Low
Vendor	pom	developer id	bokken	Medium
Vendor	pom	developer id	davecramer	Medium
Vendor	pom	developer id	jurka	Medium
Vendor	pom	developer id	oliver	Medium
Vendor	pom	developer id	ringerc	Medium
Vendor	pom	developer id	vlsi	Medium
Vendor	pom	developer name	Brett Okken	Medium
Vendor	pom	developer name	Craig Ringer	Medium
Vendor	pom	developer name	Dave Cramer	Medium
Vendor	pom	developer name	Kris Jurka	Medium
Vendor	pom	developer name	Oliver Jowett	Medium
Vendor	pom	developer name	Vladimir Sitnikov	Medium
Vendor	pom	groupid	org.postgresql	Highest
Vendor	pom	name	PostgreSQL JDBC Driver	High
Vendor	pom	organization name	PostgreSQL Global Development Group	High
Vendor	pom	organization url	https://jdbc.postgresql.org/	Medium
Vendor	pom	url	https://jdbc.postgresql.org	Highest
Product	file	name	postgresql	High
Product	hint analyzer	product	pgjdbc	Highest
Product	hint analyzer	product	postgresql_jdbc_driver	Highest
Product	jar	package name	driver	Highest
Product	jar	package name	jdbc	Highest
Product	jar	package name	osgi	Highest
Product	jar	package name	postgresql	Highest
Product	jar	package name	version	Highest
Product	Manifest	automatic-module-name	org.postgresql.jdbc	Medium
Product	Manifest	bundle-copyright	Copyright (c) 2003-2024, PostgreSQL Global Development Group	Low
Product	Manifest	bundle-docurl	https://jdbc.postgresql.org/	Low
Product	Manifest	Bundle-Name	PostgreSQL JDBC Driver	Medium
Product	Manifest	bundle-symbolicname	org.postgresql.jdbc	Medium
Product	Manifest	Implementation-Title	PostgreSQL JDBC Driver	High
Product	Manifest	provide-capability	osgi.service;effective:=active;objectClass="org.osgi.service.jdbc.DataSourceFactory";osgi.jdbc.driver.class="org.postgresql.Driver";osgi.jdbc.driver.name="PostgreSQL JDBC Driver"	Low
Product	Manifest	require-capability	osgi.ee;filter:="(&(\|(osgi.ee=J2SE)(osgi.ee=JavaSE))(version>=1.8))"	Low
Product	Manifest	specification-title	JDBC	Medium
Product	pom	artifactid	postgresql	Highest
Product	pom	developer id	bokken	Low
Product	pom	developer id	davecramer	Low
Product	pom	developer id	jurka	Low
Product	pom	developer id	oliver	Low
Product	pom	developer id	ringerc	Low
Product	pom	developer id	vlsi	Low
Product	pom	developer name	Brett Okken	Low
Product	pom	developer name	Craig Ringer	Low
Product	pom	developer name	Dave Cramer	Low
Product	pom	developer name	Kris Jurka	Low
Product	pom	developer name	Oliver Jowett	Low
Product	pom	developer name	Vladimir Sitnikov	Low
Product	pom	groupid	org.postgresql	Highest
Product	pom	name	PostgreSQL JDBC Driver	High
Product	pom	organization name	PostgreSQL Global Development Group	Low
Product	pom	organization url	https://jdbc.postgresql.org/	Low
Product	pom	url	https://jdbc.postgresql.org	Medium
Version	file	version	42.7.5	High
Version	Manifest	Bundle-Version	42.7.5	High
Version	Manifest	Implementation-Version	42.7.5	High
Version	pom	version	42.7.5	Highest

Identifiers

pkg:maven/org.postgresql/postgresql@42.7.5 (Confidence:High)
cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.7.5:*:*:*:*:*:*:* (Confidence:Low)

How to read the report | Suppressing false positives | Getting Help: github issues

Sponsor

Project: Core DB

net.andresbustamante:y-a-foot-core-db:2.0.0-SNAPSHOT

Summary

Dependencies

checker-qual-3.48.3.jar

Evidence

Identifiers

flyway-core-10.10.0.jar

Evidence

Identifiers

gson-2.10.1.jar

Evidence

Identifiers

jackson-annotations-2.17.3.jar

Evidence

Identifiers

jackson-core-2.17.3.jar

Evidence

Identifiers

Published Vulnerabilities

jackson-databind-2.17.3.jar

Evidence

Identifiers

jackson-dataformat-toml-2.17.3.jar

Evidence

Identifiers

postgresql-42.7.5.jar

Evidence

Identifiers

How to read the report | Suppressing false positives | Getting Help: github issues Sponsor

Project: Core DB

net.andresbustamante:y-a-foot-core-db:2.0.0-SNAPSHOT

Summary

Dependencies

checker-qual-3.48.3.jar

Evidence

Identifiers

flyway-core-10.10.0.jar

Evidence

Identifiers

gson-2.10.1.jar

Evidence

Identifiers

jackson-annotations-2.17.3.jar

Evidence

Identifiers

jackson-core-2.17.3.jar

Evidence

Identifiers

Published Vulnerabilities

jackson-databind-2.17.3.jar

Evidence

Identifiers

jackson-dataformat-toml-2.17.3.jar

Evidence

Identifiers

postgresql-42.7.5.jar

Evidence

Identifiers

How to read the report | Suppressing false positives | Getting Help: github issues

Sponsor