Dependency-Check Report

Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

Scan Information (show all):

dependency-check version: 8.0.1
Report Generated On: Sat, 3 May 2025 18:04:00 GMT
Dependencies Scanned: 9 (9 unique)
Vulnerable Dependencies: 1
Vulnerabilities Found: 2
Vulnerabilities Suppressed: 0
...
CurrentEngineRelease: 12.1.0
NVD CVE Checked: 2025-05-03T17:09:51
NVD CVE Modified: 2025-05-03T16:00:01
VersionCheckOn: 2025-05-01T21:09:43
kev.checked: 1746292219

Summary

Display: Showing Vulnerable Dependencies (click to show all)

Dependency	Vulnerability IDs	Package	Highest Severity	CVE Count	Confidence	Evidence Count
avro-1.11.4.jar		pkg:maven/org.apache.avro/avro@1.11.4		0		36
commons-codec-1.16.1.jar		pkg:maven/commons-codec/commons-codec@1.16.1		0		125
commons-compress-1.26.2.jar	cpe:2.3:a:apache:commons_compress:1.26.2:::::::*	pkg:maven/org.apache.commons/commons-compress@1.26.2		0	Highest	111
commons-io-2.15.0.jar	cpe:2.3:a:apache:commons_io:2.15.0:::::::*	pkg:maven/commons-io/commons-io@2.15.0		0	Highest	127
commons-lang3-3.13.0.jar		pkg:maven/org.apache.commons/commons-lang3@3.13.0		0		145
jackson-annotations-2.17.3.jar	cpe:2.3:a:fasterxml:jackson-modules-java8:2.17.3:::::::*	pkg:maven/com.fasterxml.jackson.core/jackson-annotations@2.17.3		0	Low	40
jackson-core-2.17.3.jar	cpe:2.3:a:fasterxml:jackson-modules-java8:2.17.3:::::::* cpe:2.3:a:json-java_project:json-java:2.17.3:::::::*	pkg:maven/com.fasterxml.jackson.core/jackson-core@2.17.3	HIGH	2	Low	51
jackson-databind-2.17.3.jar	cpe:2.3:a:fasterxml:jackson-databind:2.17.3:::::::* cpe:2.3:a:fasterxml:jackson-modules-java8:2.17.3:::::::*	pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.17.3		0	Highest	43
slf4j-api-2.0.17.jar		pkg:maven/org.slf4j/slf4j-api@2.0.17		0		33

Dependencies

avro-1.11.4.jar

Description:

Avro core components

License:

https://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /opt/tomcat/.m2/repository/org/apache/avro/avro/1.11.4/avro-1.11.4.jar
MD5: 915002011d651686f94b4e20d25234a6
SHA1: 25d54640c4a17aa342490c4c63c172759361bf56
SHA256:eeba11b77070b9aa6337d886fdf778f6695f6c4c3dcfd2a02389925c885079fa
Referenced In Project/Scope: Core Events:compile
pkg:maven/net.andresbustamante/y-a-foot-core-events@2.0.0-SNAPSHOT

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	avro	High
Vendor	jar	package name	apache	Highest
Vendor	jar	package name	avro	Highest
Vendor	Manifest	automatic-module-name	org.apache.avro	Medium
Vendor	Manifest	build-jdk-spec	1.8	Low
Vendor	Manifest	bundle-docurl	https://www.apache.org/	Low
Vendor	Manifest	bundle-symbolicname	avro	Medium
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	pom	artifactid	avro	Highest
Vendor	pom	artifactid	avro	Low
Vendor	pom	groupid	org.apache.avro	Highest
Vendor	pom	name	Apache Avro	High
Vendor	pom	parent-artifactid	avro-parent	Low
Vendor	pom	url	https://avro.apache.org	Highest
Product	file	name	avro	High
Product	jar	package name	apache	Highest
Product	jar	package name	avro	Highest
Product	Manifest	automatic-module-name	org.apache.avro	Medium
Product	Manifest	build-jdk-spec	1.8	Low
Product	Manifest	bundle-docurl	https://www.apache.org/	Low
Product	Manifest	Bundle-Name	Apache Avro	Medium
Product	Manifest	bundle-symbolicname	avro	Medium
Product	Manifest	Implementation-Title	Apache Avro	High
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	Manifest	specification-title	Apache Avro	Medium
Product	pom	artifactid	avro	Highest
Product	pom	groupid	org.apache.avro	Highest
Product	pom	name	Apache Avro	High
Product	pom	parent-artifactid	avro-parent	Medium
Product	pom	url	https://avro.apache.org	Medium
Version	file	version	1.11.4	High
Version	Manifest	Bundle-Version	1.11.4	High
Version	Manifest	Implementation-Version	1.11.4	High
Version	pom	version	1.11.4	Highest

Identifiers

pkg:maven/org.apache.avro/avro@1.11.4 (Confidence:High)

commons-codec-1.16.1.jar

Description:

     The Apache Commons Codec component contains encoder and decoders for
     various formats such as Base16, Base32, Base64, digest, and Hexadecimal. In addition to these
     widely used encoders and decoders, the codec package also maintains a
     collection of phonetic encoding utilities.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /opt/tomcat/.m2/repository/commons-codec/commons-codec/1.16.1/commons-codec-1.16.1.jar
MD5: 6c5be822d8d3fa61c3b54c4c8978dfdc
SHA1: 47bd4d333fba53406f6c6c51884ddbca435c8862
SHA256:ec87bfb55f22cbd1b21e2190eeda28b2b312ed2a431ee49fbdcc01812d04a5e4
Referenced In Project/Scope: Core Events:compile
pkg:maven/org.apache.avro/avro@1.11.4

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	commons-codec	High
Vendor	jar	package name	apache	Highest
Vendor	jar	package name	codec	Highest
Vendor	jar	package name	commons	Highest
Vendor	jar	package name	digest	Highest
Vendor	jar	package name	encoder	Highest
Vendor	Manifest	automatic-module-name	org.apache.commons.codec	Medium
Vendor	Manifest	build-jdk-spec	21	Low
Vendor	Manifest	bundle-docurl	https://commons.apache.org/proper/commons-codec/	Low
Vendor	Manifest	bundle-symbolicname	org.apache.commons.commons-codec	Medium
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	Manifest	multi-release	true	Low
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	pom	artifactid	commons-codec	Highest
Vendor	pom	artifactid	commons-codec	Low
Vendor	pom	developer email	bayard@apache.org	Low
Vendor	pom	developer email	chtompki@apache.org	Low
Vendor	pom	developer email	dgraham@apache.org	Low
Vendor	pom	developer email	dlr@finemaltcoding.com	Low
Vendor	pom	developer email	ggregory at apache.org	Low
Vendor	pom	developer email	jon@collab.net	Low
Vendor	pom	developer email	julius@apache.org	Low
Vendor	pom	developer email	mattsicker@apache.org	Low
Vendor	pom	developer email	rwaldhoff@apache.org	Low
Vendor	pom	developer email	sanders@totalsync.com	Low
Vendor	pom	developer email	tn@apache.org	Low
Vendor	pom	developer email	tobrien@apache.org	Low
Vendor	pom	developer id	bayard	Medium
Vendor	pom	developer id	chtompki	Medium
Vendor	pom	developer id	dgraham	Medium
Vendor	pom	developer id	dlr	Medium
Vendor	pom	developer id	ggregory	Medium
Vendor	pom	developer id	jon	Medium
Vendor	pom	developer id	julius	Medium
Vendor	pom	developer id	mattsicker	Medium
Vendor	pom	developer id	rwaldhoff	Medium
Vendor	pom	developer id	sanders	Medium
Vendor	pom	developer id	tn	Medium
Vendor	pom	developer id	tobrien	Medium
Vendor	pom	developer name	Daniel Rall	Medium
Vendor	pom	developer name	David Graham	Medium
Vendor	pom	developer name	Gary Gregory	Medium
Vendor	pom	developer name	Henri Yandell	Medium
Vendor	pom	developer name	Jon S. Stevens	Medium
Vendor	pom	developer name	Julius Davies	Medium
Vendor	pom	developer name	Matt Sicker	Medium
Vendor	pom	developer name	Rob Tompkins	Medium
Vendor	pom	developer name	Rodney Waldhoff	Medium
Vendor	pom	developer name	Scott Sanders	Medium
Vendor	pom	developer name	Thomas Neidhart	Medium
Vendor	pom	developer name	Tim OBrien	Medium
Vendor	pom	developer org	The Apache Software Foundation	Medium
Vendor	pom	developer org URL	http://juliusdavies.ca/	Medium
Vendor	pom	developer org URL	https://www.apache.org/	Medium
Vendor	pom	groupid	commons-codec	Highest
Vendor	pom	name	Apache Commons Codec	High
Vendor	pom	parent-artifactid	commons-parent	Low
Vendor	pom	parent-groupid	org.apache.commons	Medium
Vendor	pom	url	https://commons.apache.org/proper/commons-codec/	Highest
Product	file	name	commons-codec	High
Product	jar	package name	apache	Highest
Product	jar	package name	codec	Highest
Product	jar	package name	commons	Highest
Product	jar	package name	digest	Highest
Product	jar	package name	encoder	Highest
Product	Manifest	automatic-module-name	org.apache.commons.codec	Medium
Product	Manifest	build-jdk-spec	21	Low
Product	Manifest	bundle-docurl	https://commons.apache.org/proper/commons-codec/	Low
Product	Manifest	Bundle-Name	Apache Commons Codec	Medium
Product	Manifest	bundle-symbolicname	org.apache.commons.commons-codec	Medium
Product	Manifest	Implementation-Title	Apache Commons Codec	High
Product	Manifest	multi-release	true	Low
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	Manifest	specification-title	Apache Commons Codec	Medium
Product	pom	artifactid	commons-codec	Highest
Product	pom	developer email	bayard@apache.org	Low
Product	pom	developer email	chtompki@apache.org	Low
Product	pom	developer email	dgraham@apache.org	Low
Product	pom	developer email	dlr@finemaltcoding.com	Low
Product	pom	developer email	ggregory at apache.org	Low
Product	pom	developer email	jon@collab.net	Low
Product	pom	developer email	julius@apache.org	Low
Product	pom	developer email	mattsicker@apache.org	Low
Product	pom	developer email	rwaldhoff@apache.org	Low
Product	pom	developer email	sanders@totalsync.com	Low
Product	pom	developer email	tn@apache.org	Low
Product	pom	developer email	tobrien@apache.org	Low
Product	pom	developer id	bayard	Low
Product	pom	developer id	chtompki	Low
Product	pom	developer id	dgraham	Low
Product	pom	developer id	dlr	Low
Product	pom	developer id	ggregory	Low
Product	pom	developer id	jon	Low
Product	pom	developer id	julius	Low
Product	pom	developer id	mattsicker	Low
Product	pom	developer id	rwaldhoff	Low
Product	pom	developer id	sanders	Low
Product	pom	developer id	tn	Low
Product	pom	developer id	tobrien	Low
Product	pom	developer name	Daniel Rall	Low
Product	pom	developer name	David Graham	Low
Product	pom	developer name	Gary Gregory	Low
Product	pom	developer name	Henri Yandell	Low
Product	pom	developer name	Jon S. Stevens	Low
Product	pom	developer name	Julius Davies	Low
Product	pom	developer name	Matt Sicker	Low
Product	pom	developer name	Rob Tompkins	Low
Product	pom	developer name	Rodney Waldhoff	Low
Product	pom	developer name	Scott Sanders	Low
Product	pom	developer name	Thomas Neidhart	Low
Product	pom	developer name	Tim OBrien	Low
Product	pom	developer org	The Apache Software Foundation	Low
Product	pom	developer org URL	http://juliusdavies.ca/	Low
Product	pom	developer org URL	https://www.apache.org/	Low
Product	pom	groupid	commons-codec	Highest
Product	pom	name	Apache Commons Codec	High
Product	pom	parent-artifactid	commons-parent	Medium
Product	pom	parent-groupid	org.apache.commons	Medium
Product	pom	url	https://commons.apache.org/proper/commons-codec/	Medium
Version	file	version	1.16.1	High
Version	Manifest	Bundle-Version	1.16.1	High
Version	Manifest	Implementation-Version	1.16.1	High
Version	pom	parent-version	1.16.1	Low
Version	pom	version	1.16.1	Highest

Identifiers

pkg:maven/commons-codec/commons-codec@1.16.1 (Confidence:High)

commons-compress-1.26.2.jar

Description:

Apache Commons Compress defines an API for working with
compression and archive formats. These include bzip2, gzip, pack200,
LZMA, XZ, Snappy, traditional Unix Compress, DEFLATE, DEFLATE64, LZ4,
Brotli, Zstandard and ar, cpio, jar, tar, zip, dump, 7z, arj.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /opt/tomcat/.m2/repository/org/apache/commons/commons-compress/1.26.2/commons-compress-1.26.2.jar
MD5: d2c5abbd0a822c0b79cf4f03ead483ee
SHA1: eb1f823447af685208e684fce84783b43517960c
SHA256:9168a03141d8fc7eda21a2360d83cc0412bcbb1d6204d992bd48c2573cb3c6b8
Referenced In Project/Scope: Core Events:compile
pkg:maven/org.apache.avro/avro@1.11.4

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	commons-compress	High
Vendor	jar	package name	apache	Highest
Vendor	jar	package name	commons	Highest
Vendor	jar	package name	compress	Highest
Vendor	Manifest	automatic-module-name	org.apache.commons.compress	Medium
Vendor	Manifest	build-jdk-spec	17	Low
Vendor	Manifest	bundle-docurl	https://commons.apache.org/proper/commons-compress/	Low
Vendor	Manifest	bundle-symbolicname	org.apache.commons.commons-compress	Medium
Vendor	Manifest	extension-name	org.apache.commons.compress	Medium
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	Manifest	Implementation-Vendor-Id	org.apache	Medium
Vendor	Manifest	multi-release	true	Low
Vendor	Manifest	originally-created-by	Apache Maven Bundle Plugin 5.1.9	Low
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	pom	artifactid	commons-compress	Highest
Vendor	pom	artifactid	commons-compress	Low
Vendor	pom	developer email	bodewig at apache.org	Low
Vendor	pom	developer email	chtompki at apache.org	Low
Vendor	pom	developer email	damjan at apache.org	Low
Vendor	pom	developer email	ebourg at apache.org	Low
Vendor	pom	developer email	ggregory at apache.org	Low
Vendor	pom	developer email	grobmeier at apache.org	Low
Vendor	pom	developer email	julius at apache.org	Low
Vendor	pom	developer email	peterlee at apache.org	Low
Vendor	pom	developer email	sebb at apache.org	Low
Vendor	pom	developer email	tcurdt at apache.org	Low
Vendor	pom	developer id	bodewig	Medium
Vendor	pom	developer id	chtompki	Medium
Vendor	pom	developer id	damjan	Medium
Vendor	pom	developer id	ebourg	Medium
Vendor	pom	developer id	ggregory	Medium
Vendor	pom	developer id	grobmeier	Medium
Vendor	pom	developer id	julius	Medium
Vendor	pom	developer id	peterlee	Medium
Vendor	pom	developer id	sebb	Medium
Vendor	pom	developer id	tcurdt	Medium
Vendor	pom	developer name	Christian Grobmeier	Medium
Vendor	pom	developer name	Damjan Jovanovic	Medium
Vendor	pom	developer name	Emmanuel Bourg	Medium
Vendor	pom	developer name	Gary Gregory	Medium
Vendor	pom	developer name	Julius Davies	Medium
Vendor	pom	developer name	Peter Alfred Lee	Medium
Vendor	pom	developer name	Rob Tompkins	Medium
Vendor	pom	developer name	Sebastian Bazley	Medium
Vendor	pom	developer name	Stefan Bodewig	Medium
Vendor	pom	developer name	Torsten Curdt	Medium
Vendor	pom	developer org	The Apache Software Foundation	Medium
Vendor	pom	developer org URL	https://www.apache.org/	Medium
Vendor	pom	groupid	org.apache.commons	Highest
Vendor	pom	name	Apache Commons Compress	High
Vendor	pom	parent-artifactid	commons-parent	Low
Vendor	pom	url	https://commons.apache.org/proper/commons-compress/	Highest
Product	file	name	commons-compress	High
Product	jar	package name	9	Highest
Product	jar	package name	apache	Highest
Product	jar	package name	commons	Highest
Product	jar	package name	compress	Highest
Product	Manifest	automatic-module-name	org.apache.commons.compress	Medium
Product	Manifest	build-jdk-spec	17	Low
Product	Manifest	bundle-docurl	https://commons.apache.org/proper/commons-compress/	Low
Product	Manifest	Bundle-Name	Apache Commons Compress	Medium
Product	Manifest	bundle-symbolicname	org.apache.commons.commons-compress	Medium
Product	Manifest	extension-name	org.apache.commons.compress	Medium
Product	Manifest	Implementation-Title	Apache Commons Compress	High
Product	Manifest	multi-release	true	Low
Product	Manifest	originally-created-by	Apache Maven Bundle Plugin 5.1.9	Low
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	Manifest	specification-title	Apache Commons Compress	Medium
Product	pom	artifactid	commons-compress	Highest
Product	pom	developer email	bodewig at apache.org	Low
Product	pom	developer email	chtompki at apache.org	Low
Product	pom	developer email	damjan at apache.org	Low
Product	pom	developer email	ebourg at apache.org	Low
Product	pom	developer email	ggregory at apache.org	Low
Product	pom	developer email	grobmeier at apache.org	Low
Product	pom	developer email	julius at apache.org	Low
Product	pom	developer email	peterlee at apache.org	Low
Product	pom	developer email	sebb at apache.org	Low
Product	pom	developer email	tcurdt at apache.org	Low
Product	pom	developer id	bodewig	Low
Product	pom	developer id	chtompki	Low
Product	pom	developer id	damjan	Low
Product	pom	developer id	ebourg	Low
Product	pom	developer id	ggregory	Low
Product	pom	developer id	grobmeier	Low
Product	pom	developer id	julius	Low
Product	pom	developer id	peterlee	Low
Product	pom	developer id	sebb	Low
Product	pom	developer id	tcurdt	Low
Product	pom	developer name	Christian Grobmeier	Low
Product	pom	developer name	Damjan Jovanovic	Low
Product	pom	developer name	Emmanuel Bourg	Low
Product	pom	developer name	Gary Gregory	Low
Product	pom	developer name	Julius Davies	Low
Product	pom	developer name	Peter Alfred Lee	Low
Product	pom	developer name	Rob Tompkins	Low
Product	pom	developer name	Sebastian Bazley	Low
Product	pom	developer name	Stefan Bodewig	Low
Product	pom	developer name	Torsten Curdt	Low
Product	pom	developer org	The Apache Software Foundation	Low
Product	pom	developer org URL	https://www.apache.org/	Low
Product	pom	groupid	org.apache.commons	Highest
Product	pom	name	Apache Commons Compress	High
Product	pom	parent-artifactid	commons-parent	Medium
Product	pom	url	https://commons.apache.org/proper/commons-compress/	Medium
Version	file	version	1.26.2	High
Version	Manifest	Bundle-Version	1.26.2	High
Version	Manifest	Implementation-Version	1.26.2	High
Version	pom	parent-version	1.26.2	Low
Version	pom	version	1.26.2	Highest

Identifiers

pkg:maven/org.apache.commons/commons-compress@1.26.2 (Confidence:High)
cpe:2.3:a:apache:commons_compress:1.26.2:*:*:*:*:*:*:* (Confidence:Highest)

commons-io-2.15.0.jar

Description:

The Apache Commons IO library contains utility classes, stream implementations, file filters,
file comparators, endian transformation classes, and much more.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /opt/tomcat/.m2/repository/commons-io/commons-io/2.15.0/commons-io-2.15.0.jar
MD5: 125a9d3dc2477b10cc6fa6e89c699e81
SHA1: 5c3c2db10f6f797430a7f9c696b4d1273768c924
SHA256:a328dad730921d197b6a9b195dffa00e41c974c2dac8fe37e84d31706bca7792
Referenced In Project/Scope: Core Events:compile
pkg:maven/org.apache.avro/avro@1.11.4

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	commons-io	High
Vendor	jar	package name	apache	Highest
Vendor	jar	package name	commons	Highest
Vendor	jar	package name	file	Highest
Vendor	jar	package name	io	Highest
Vendor	Manifest	automatic-module-name	org.apache.commons.io	Medium
Vendor	Manifest	build-jdk-spec	21	Low
Vendor	Manifest	bundle-docurl	https://commons.apache.org/proper/commons-io/	Low
Vendor	Manifest	bundle-symbolicname	org.apache.commons.commons-io	Medium
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	Manifest	multi-release	true	Low
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	pom	artifactid	commons-io	Highest
Vendor	pom	artifactid	commons-io	Low
Vendor	pom	developer email	bayard@apache.org	Low
Vendor	pom	developer email	dion@apache.org	Low
Vendor	pom	developer email	ggregory at apache.org	Low
Vendor	pom	developer email	jeremias@apache.org	Low
Vendor	pom	developer email	jochen.wiedmann@gmail.com	Low
Vendor	pom	developer email	krosenvold@apache.org	Low
Vendor	pom	developer email	martinc@apache.org	Low
Vendor	pom	developer email	matth@apache.org	Low
Vendor	pom	developer email	nicolaken@apache.org	Low
Vendor	pom	developer email	roxspring@apache.org	Low
Vendor	pom	developer email	sanders@apache.org	Low
Vendor	pom	developer id	bayard	Medium
Vendor	pom	developer id	dion	Medium
Vendor	pom	developer id	ggregory	Medium
Vendor	pom	developer id	jeremias	Medium
Vendor	pom	developer id	jochen	Medium
Vendor	pom	developer id	jukka	Medium
Vendor	pom	developer id	krosenvold	Medium
Vendor	pom	developer id	martinc	Medium
Vendor	pom	developer id	matth	Medium
Vendor	pom	developer id	niallp	Medium
Vendor	pom	developer id	nicolaken	Medium
Vendor	pom	developer id	roxspring	Medium
Vendor	pom	developer id	sanders	Medium
Vendor	pom	developer id	scolebourne	Medium
Vendor	pom	developer name	dIon Gillard	Medium
Vendor	pom	developer name	Gary Gregory	Medium
Vendor	pom	developer name	Henri Yandell	Medium
Vendor	pom	developer name	Jeremias Maerki	Medium
Vendor	pom	developer name	Jochen Wiedmann	Medium
Vendor	pom	developer name	Jukka Zitting	Medium
Vendor	pom	developer name	Kristian Rosenvold	Medium
Vendor	pom	developer name	Martin Cooper	Medium
Vendor	pom	developer name	Matthew Hawthorne	Medium
Vendor	pom	developer name	Niall Pemberton	Medium
Vendor	pom	developer name	Nicola Ken Barozzi	Medium
Vendor	pom	developer name	Rob Oxspring	Medium
Vendor	pom	developer name	Scott Sanders	Medium
Vendor	pom	developer name	Stephen Colebourne	Medium
Vendor	pom	developer org	The Apache Software Foundation	Medium
Vendor	pom	developer org URL	https://www.apache.org/	Medium
Vendor	pom	groupid	commons-io	Highest
Vendor	pom	name	Apache Commons IO	High
Vendor	pom	parent-artifactid	commons-parent	Low
Vendor	pom	parent-groupid	org.apache.commons	Medium
Vendor	pom	url	https://commons.apache.org/proper/commons-io/	Highest
Product	file	name	commons-io	High
Product	jar	package name	apache	Highest
Product	jar	package name	commons	Highest
Product	jar	package name	file	Highest
Product	jar	package name	io	Highest
Product	Manifest	automatic-module-name	org.apache.commons.io	Medium
Product	Manifest	build-jdk-spec	21	Low
Product	Manifest	bundle-docurl	https://commons.apache.org/proper/commons-io/	Low
Product	Manifest	Bundle-Name	Apache Commons IO	Medium
Product	Manifest	bundle-symbolicname	org.apache.commons.commons-io	Medium
Product	Manifest	Implementation-Title	Apache Commons IO	High
Product	Manifest	multi-release	true	Low
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	Manifest	specification-title	Apache Commons IO	Medium
Product	pom	artifactid	commons-io	Highest
Product	pom	developer email	bayard@apache.org	Low
Product	pom	developer email	dion@apache.org	Low
Product	pom	developer email	ggregory at apache.org	Low
Product	pom	developer email	jeremias@apache.org	Low
Product	pom	developer email	jochen.wiedmann@gmail.com	Low
Product	pom	developer email	krosenvold@apache.org	Low
Product	pom	developer email	martinc@apache.org	Low
Product	pom	developer email	matth@apache.org	Low
Product	pom	developer email	nicolaken@apache.org	Low
Product	pom	developer email	roxspring@apache.org	Low
Product	pom	developer email	sanders@apache.org	Low
Product	pom	developer id	bayard	Low
Product	pom	developer id	dion	Low
Product	pom	developer id	ggregory	Low
Product	pom	developer id	jeremias	Low
Product	pom	developer id	jochen	Low
Product	pom	developer id	jukka	Low
Product	pom	developer id	krosenvold	Low
Product	pom	developer id	martinc	Low
Product	pom	developer id	matth	Low
Product	pom	developer id	niallp	Low
Product	pom	developer id	nicolaken	Low
Product	pom	developer id	roxspring	Low
Product	pom	developer id	sanders	Low
Product	pom	developer id	scolebourne	Low
Product	pom	developer name	dIon Gillard	Low
Product	pom	developer name	Gary Gregory	Low
Product	pom	developer name	Henri Yandell	Low
Product	pom	developer name	Jeremias Maerki	Low
Product	pom	developer name	Jochen Wiedmann	Low
Product	pom	developer name	Jukka Zitting	Low
Product	pom	developer name	Kristian Rosenvold	Low
Product	pom	developer name	Martin Cooper	Low
Product	pom	developer name	Matthew Hawthorne	Low
Product	pom	developer name	Niall Pemberton	Low
Product	pom	developer name	Nicola Ken Barozzi	Low
Product	pom	developer name	Rob Oxspring	Low
Product	pom	developer name	Scott Sanders	Low
Product	pom	developer name	Stephen Colebourne	Low
Product	pom	developer org	The Apache Software Foundation	Low
Product	pom	developer org URL	https://www.apache.org/	Low
Product	pom	groupid	commons-io	Highest
Product	pom	name	Apache Commons IO	High
Product	pom	parent-artifactid	commons-parent	Medium
Product	pom	parent-groupid	org.apache.commons	Medium
Product	pom	url	https://commons.apache.org/proper/commons-io/	Medium
Version	file	version	2.15.0	High
Version	Manifest	Bundle-Version	2.15.0	High
Version	Manifest	Implementation-Version	2.15.0	High
Version	pom	parent-version	2.15.0	Low
Version	pom	version	2.15.0	Highest

Identifiers

pkg:maven/commons-io/commons-io@2.15.0 (Confidence:High)
cpe:2.3:a:apache:commons_io:2.15.0:*:*:*:*:*:*:* (Confidence:Highest)

commons-lang3-3.13.0.jar

Description:

  Apache Commons Lang, a package of Java utility classes for the
  classes that are in java.lang's hierarchy, or are considered to be so
  standard as to justify existence in java.lang.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /opt/tomcat/.m2/repository/org/apache/commons/commons-lang3/3.13.0/commons-lang3-3.13.0.jar
MD5: 3435b913691a5c1b173485a49850b1a8
SHA1: b7263237aa89c1f99b327197c41d0669707a462e
SHA256:82f528cf718c7a3c2f30fc5bc784e3c6a0a10b17605dadb9e16c82ede11e6064
Referenced In Project/Scope: Core Events:compile
pkg:maven/org.apache.avro/avro@1.11.4

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	commons-lang3	High
Vendor	jar	package name	apache	Highest
Vendor	jar	package name	commons	Highest
Vendor	jar	package name	lang3	Highest
Vendor	Manifest	automatic-module-name	org.apache.commons.lang3	Medium
Vendor	Manifest	build-jdk-spec	1.8	Low
Vendor	Manifest	bundle-docurl	https://commons.apache.org/proper/commons-lang/	Low
Vendor	Manifest	bundle-symbolicname	org.apache.commons.lang3	Medium
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	pom	artifactid	commons-lang3	Highest
Vendor	pom	artifactid	commons-lang3	Low
Vendor	pom	developer email	bayard@apache.org	Low
Vendor	pom	developer email	britter@apache.org	Low
Vendor	pom	developer email	chtompki@apache.org	Low
Vendor	pom	developer email	djones@apache.org	Low
Vendor	pom	developer email	dlr@finemaltcoding.com	Low
Vendor	pom	developer email	ggregory at apache.org	Low
Vendor	pom	developer email	jcarman@apache.org	Low
Vendor	pom	developer email	joerg.schaible@gmx.de	Low
Vendor	pom	developer email	lguibert@apache.org	Low
Vendor	pom	developer email	oheger@apache.org	Low
Vendor	pom	developer email	pbenedict@apache.org	Low
Vendor	pom	developer email	rdonkin@apache.org	Low
Vendor	pom	developer email	scolebourne@joda.org	Low
Vendor	pom	developer email	stevencaswell@apache.org	Low
Vendor	pom	developer id	bayard	Medium
Vendor	pom	developer id	britter	Medium
Vendor	pom	developer id	chtompki	Medium
Vendor	pom	developer id	djones	Medium
Vendor	pom	developer id	dlr	Medium
Vendor	pom	developer id	fredrik	Medium
Vendor	pom	developer id	ggregory	Medium
Vendor	pom	developer id	jcarman	Medium
Vendor	pom	developer id	joehni	Medium
Vendor	pom	developer id	lguibert	Medium
Vendor	pom	developer id	mbenson	Medium
Vendor	pom	developer id	niallp	Medium
Vendor	pom	developer id	oheger	Medium
Vendor	pom	developer id	pbenedict	Medium
Vendor	pom	developer id	rdonkin	Medium
Vendor	pom	developer id	scaswell	Medium
Vendor	pom	developer id	scolebourne	Medium
Vendor	pom	developer name	Benedikt Ritter	Medium
Vendor	pom	developer name	Daniel Rall	Medium
Vendor	pom	developer name	Duncan Jones	Medium
Vendor	pom	developer name	Fredrik Westermarck	Medium
Vendor	pom	developer name	Gary Gregory	Medium
Vendor	pom	developer name	Henri Yandell	Medium
Vendor	pom	developer name	James Carman	Medium
Vendor	pom	developer name	Joerg Schaible	Medium
Vendor	pom	developer name	Loic Guibert	Medium
Vendor	pom	developer name	Matt Benson	Medium
Vendor	pom	developer name	Niall Pemberton	Medium
Vendor	pom	developer name	Oliver Heger	Medium
Vendor	pom	developer name	Paul Benedict	Medium
Vendor	pom	developer name	Rob Tompkins	Medium
Vendor	pom	developer name	Robert Burrell Donkin	Medium
Vendor	pom	developer name	Stephen Colebourne	Medium
Vendor	pom	developer name	Steven Caswell	Medium
Vendor	pom	developer org	Carman Consulting, Inc.	Medium
Vendor	pom	developer org	CollabNet, Inc.	Medium
Vendor	pom	developer org	SITA ATS Ltd	Medium
Vendor	pom	developer org	The Apache Software Foundation	Medium
Vendor	pom	developer org URL	https://www.apache.org/	Medium
Vendor	pom	groupid	org.apache.commons	Highest
Vendor	pom	name	Apache Commons Lang	High
Vendor	pom	parent-artifactid	commons-parent	Low
Vendor	pom	url	https://commons.apache.org/proper/commons-lang/	Highest
Product	file	name	commons-lang3	High
Product	jar	package name	apache	Highest
Product	jar	package name	commons	Highest
Product	jar	package name	lang3	Highest
Product	Manifest	automatic-module-name	org.apache.commons.lang3	Medium
Product	Manifest	build-jdk-spec	1.8	Low
Product	Manifest	bundle-docurl	https://commons.apache.org/proper/commons-lang/	Low
Product	Manifest	Bundle-Name	Apache Commons Lang	Medium
Product	Manifest	bundle-symbolicname	org.apache.commons.lang3	Medium
Product	Manifest	Implementation-Title	Apache Commons Lang	High
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	Manifest	specification-title	Apache Commons Lang	Medium
Product	pom	artifactid	commons-lang3	Highest
Product	pom	developer email	bayard@apache.org	Low
Product	pom	developer email	britter@apache.org	Low
Product	pom	developer email	chtompki@apache.org	Low
Product	pom	developer email	djones@apache.org	Low
Product	pom	developer email	dlr@finemaltcoding.com	Low
Product	pom	developer email	ggregory at apache.org	Low
Product	pom	developer email	jcarman@apache.org	Low
Product	pom	developer email	joerg.schaible@gmx.de	Low
Product	pom	developer email	lguibert@apache.org	Low
Product	pom	developer email	oheger@apache.org	Low
Product	pom	developer email	pbenedict@apache.org	Low
Product	pom	developer email	rdonkin@apache.org	Low
Product	pom	developer email	scolebourne@joda.org	Low
Product	pom	developer email	stevencaswell@apache.org	Low
Product	pom	developer id	bayard	Low
Product	pom	developer id	britter	Low
Product	pom	developer id	chtompki	Low
Product	pom	developer id	djones	Low
Product	pom	developer id	dlr	Low
Product	pom	developer id	fredrik	Low
Product	pom	developer id	ggregory	Low
Product	pom	developer id	jcarman	Low
Product	pom	developer id	joehni	Low
Product	pom	developer id	lguibert	Low
Product	pom	developer id	mbenson	Low
Product	pom	developer id	niallp	Low
Product	pom	developer id	oheger	Low
Product	pom	developer id	pbenedict	Low
Product	pom	developer id	rdonkin	Low
Product	pom	developer id	scaswell	Low
Product	pom	developer id	scolebourne	Low
Product	pom	developer name	Benedikt Ritter	Low
Product	pom	developer name	Daniel Rall	Low
Product	pom	developer name	Duncan Jones	Low
Product	pom	developer name	Fredrik Westermarck	Low
Product	pom	developer name	Gary Gregory	Low
Product	pom	developer name	Henri Yandell	Low
Product	pom	developer name	James Carman	Low
Product	pom	developer name	Joerg Schaible	Low
Product	pom	developer name	Loic Guibert	Low
Product	pom	developer name	Matt Benson	Low
Product	pom	developer name	Niall Pemberton	Low
Product	pom	developer name	Oliver Heger	Low
Product	pom	developer name	Paul Benedict	Low
Product	pom	developer name	Rob Tompkins	Low
Product	pom	developer name	Robert Burrell Donkin	Low
Product	pom	developer name	Stephen Colebourne	Low
Product	pom	developer name	Steven Caswell	Low
Product	pom	developer org	Carman Consulting, Inc.	Low
Product	pom	developer org	CollabNet, Inc.	Low
Product	pom	developer org	SITA ATS Ltd	Low
Product	pom	developer org	The Apache Software Foundation	Low
Product	pom	developer org URL	https://www.apache.org/	Low
Product	pom	groupid	org.apache.commons	Highest
Product	pom	name	Apache Commons Lang	High
Product	pom	parent-artifactid	commons-parent	Medium
Product	pom	url	https://commons.apache.org/proper/commons-lang/	Medium
Version	file	version	3.13.0	High
Version	Manifest	Bundle-Version	3.13.0	High
Version	Manifest	Implementation-Version	3.13.0	High
Version	pom	parent-version	3.13.0	Low
Version	pom	version	3.13.0	Highest

Identifiers

pkg:maven/org.apache.commons/commons-lang3@3.13.0 (Confidence:High)

jackson-annotations-2.17.3.jar

Description:

Core annotations used for value types, used by Jackson data binding package.

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /opt/tomcat/.m2/repository/com/fasterxml/jackson/core/jackson-annotations/2.17.3/jackson-annotations-2.17.3.jar
MD5: cb80e34a9fa3c0b27560e1562dfdff43
SHA1: 4f30a05d2eee0ab700cdc27aa5967e934d3042b2
SHA256:2747f60343783a6ec8a68405c7c839fa0bbe30ee4e2459d21a1ac3b7365e1ed5
Referenced In Project/Scope: Core Events:compile
pkg:maven/org.apache.avro/avro@1.11.4

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	jackson-annotations	High
Vendor	jar	package name	fasterxml	Highest
Vendor	jar	package name	jackson	Highest
Vendor	Manifest	build-jdk-spec	1.8	Low
Vendor	Manifest	bundle-docurl	https://github.com/FasterXML/jackson	Low
Vendor	Manifest	bundle-symbolicname	com.fasterxml.jackson.core.jackson-annotations	Medium
Vendor	Manifest	Implementation-Vendor	FasterXML	High
Vendor	Manifest	Implementation-Vendor-Id	com.fasterxml.jackson.core	Medium
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))"	Low
Vendor	Manifest	specification-vendor	FasterXML	Low
Vendor	pom	artifactid	jackson-annotations	Highest
Vendor	pom	artifactid	jackson-annotations	Low
Vendor	pom	groupid	com.fasterxml.jackson.core	Highest
Vendor	pom	name	Jackson-annotations	High
Vendor	pom	parent-artifactid	jackson-parent	Low
Vendor	pom	parent-groupid	com.fasterxml.jackson	Medium
Vendor	pom	url	FasterXML/jackson	Highest
Product	file	name	jackson-annotations	High
Product	hint analyzer	product	java8	Highest
Product	hint analyzer	product	modules	Highest
Product	jar	package name	fasterxml	Highest
Product	jar	package name	jackson	Highest
Product	Manifest	build-jdk-spec	1.8	Low
Product	Manifest	bundle-docurl	https://github.com/FasterXML/jackson	Low
Product	Manifest	Bundle-Name	Jackson-annotations	Medium
Product	Manifest	bundle-symbolicname	com.fasterxml.jackson.core.jackson-annotations	Medium
Product	Manifest	Implementation-Title	Jackson-annotations	High
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))"	Low
Product	Manifest	specification-title	Jackson-annotations	Medium
Product	pom	artifactid	jackson-annotations	Highest
Product	pom	groupid	com.fasterxml.jackson.core	Highest
Product	pom	name	Jackson-annotations	High
Product	pom	parent-artifactid	jackson-parent	Medium
Product	pom	parent-groupid	com.fasterxml.jackson	Medium
Product	pom	url	FasterXML/jackson	High
Version	file	version	2.17.3	High
Version	Manifest	Bundle-Version	2.17.3	High
Version	Manifest	Implementation-Version	2.17.3	High
Version	pom	parent-version	2.17.3	Low
Version	pom	version	2.17.3	Highest

Identifiers

pkg:maven/com.fasterxml.jackson.core/jackson-annotations@2.17.3 (Confidence:High)
cpe:2.3:a:fasterxml:jackson-modules-java8:2.17.3:*:*:*:*:*:*:* (Confidence:Low)

jackson-core-2.17.3.jar

Description:

Core Jackson processing abstractions (aka Streaming API), implementation for JSON

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /opt/tomcat/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.17.3/jackson-core-2.17.3.jar
MD5: b38c1cd06ec2b87bd23494962c44da69
SHA1: 1d6eb3e959c737692b720d3492b2f1f34c4c8579
SHA256:19e03ee71f00a86255fa3c980560b231e1305486f6482c905601209014f5870c
Referenced In Project/Scope: Core Events:compile
pkg:maven/org.apache.avro/avro@1.11.4

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	jackson-core	High
Vendor	jar	package name	base	Highest
Vendor	jar	package name	com	Highest
Vendor	jar	package name	core	Highest
Vendor	jar	package name	fasterxml	Highest
Vendor	jar	package name	jackson	Highest
Vendor	jar	package name	json	Highest
Vendor	Manifest	build-jdk-spec	1.8	Low
Vendor	Manifest	bundle-docurl	https://github.com/FasterXML/jackson-core	Low
Vendor	Manifest	bundle-symbolicname	com.fasterxml.jackson.core.jackson-core	Medium
Vendor	Manifest	Implementation-Vendor	FasterXML	High
Vendor	Manifest	Implementation-Vendor-Id	com.fasterxml.jackson.core	Medium
Vendor	Manifest	multi-release	true	Low
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	Manifest	specification-vendor	FasterXML	Low
Vendor	pom	artifactid	jackson-core	Highest
Vendor	pom	artifactid	jackson-core	Low
Vendor	pom	groupid	com.fasterxml.jackson.core	Highest
Vendor	pom	name	Jackson-core	High
Vendor	pom	parent-artifactid	jackson-base	Low
Vendor	pom	parent-groupid	com.fasterxml.jackson	Medium
Vendor	pom	url	FasterXML/jackson-core	Highest
Product	file	name	jackson-core	High
Product	hint analyzer	product	java8	Highest
Product	hint analyzer	product	modules	Highest
Product	jar	package name	base	Highest
Product	jar	package name	com	Highest
Product	jar	package name	core	Highest
Product	jar	package name	fasterxml	Highest
Product	jar	package name	filter	Highest
Product	jar	package name	jackson	Highest
Product	jar	package name	json	Highest
Product	jar	package name	version	Highest
Product	Manifest	build-jdk-spec	1.8	Low
Product	Manifest	bundle-docurl	https://github.com/FasterXML/jackson-core	Low
Product	Manifest	Bundle-Name	Jackson-core	Medium
Product	Manifest	bundle-symbolicname	com.fasterxml.jackson.core.jackson-core	Medium
Product	Manifest	Implementation-Title	Jackson-core	High
Product	Manifest	multi-release	true	Low
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	Manifest	specification-title	Jackson-core	Medium
Product	pom	artifactid	jackson-core	Highest
Product	pom	groupid	com.fasterxml.jackson.core	Highest
Product	pom	name	Jackson-core	High
Product	pom	parent-artifactid	jackson-base	Medium
Product	pom	parent-groupid	com.fasterxml.jackson	Medium
Product	pom	url	FasterXML/jackson-core	High
Version	file	version	2.17.3	High
Version	Manifest	Bundle-Version	2.17.3	High
Version	Manifest	Implementation-Version	2.17.3	High
Version	pom	version	2.17.3	Highest

Identifiers

pkg:maven/com.fasterxml.jackson.core/jackson-core@2.17.3 (Confidence:High)
cpe:2.3:a:fasterxml:jackson-modules-java8:2.17.3:*:*:*:*:*:*:* (Confidence:Low)
cpe:2.3:a:json-java_project:json-java:2.17.3:*:*:*:*:*:*:* (Confidence:Low)

Published Vulnerabilities

CVE-2022-45688

A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data.

CWE-787 Out-of-bounds Write

CVSSv3:

Base Score: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2023-5072

Denial of Service  in JSON-Java versions up to and including 20230618.  A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.

CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv3:

Base Score: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

cpe:2.3:a:json-java_project:json-java:*:*:*:*:*:*:*:* versions up to (including) 20230618

jackson-databind-2.17.3.jar

Description:

General data-binding functionality for Jackson: works on core streaming API

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /opt/tomcat/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.17.3/jackson-databind-2.17.3.jar
MD5: 820811143157937e800b899a4feeb261
SHA1: 42c617beb411ee813bdc39a287424bfb19d99185
SHA256:93b13e709a0b620de42019180a75bc1fc4885c81fe5b6087a4aa248f91fb9a95
Referenced In Project/Scope: Core Events:compile
pkg:maven/org.apache.avro/avro@1.11.4

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	jackson-databind	High
Vendor	jar	package name	databind	Highest
Vendor	jar	package name	fasterxml	Highest
Vendor	jar	package name	jackson	Highest
Vendor	Manifest	build-jdk-spec	1.8	Low
Vendor	Manifest	bundle-docurl	https://github.com/FasterXML/jackson	Low
Vendor	Manifest	bundle-symbolicname	com.fasterxml.jackson.core.jackson-databind	Medium
Vendor	Manifest	Implementation-Vendor	FasterXML	High
Vendor	Manifest	Implementation-Vendor-Id	com.fasterxml.jackson.core	Medium
Vendor	Manifest	multi-release	true	Low
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	Manifest	specification-vendor	FasterXML	Low
Vendor	pom	artifactid	jackson-databind	Highest
Vendor	pom	artifactid	jackson-databind	Low
Vendor	pom	groupid	com.fasterxml.jackson.core	Highest
Vendor	pom	name	jackson-databind	High
Vendor	pom	parent-artifactid	jackson-base	Low
Vendor	pom	parent-groupid	com.fasterxml.jackson	Medium
Vendor	pom	url	FasterXML/jackson	Highest
Product	file	name	jackson-databind	High
Product	hint analyzer	product	java8	Highest
Product	hint analyzer	product	modules	Highest
Product	jar	package name	databind	Highest
Product	jar	package name	fasterxml	Highest
Product	jar	package name	jackson	Highest
Product	Manifest	build-jdk-spec	1.8	Low
Product	Manifest	bundle-docurl	https://github.com/FasterXML/jackson	Low
Product	Manifest	Bundle-Name	jackson-databind	Medium
Product	Manifest	bundle-symbolicname	com.fasterxml.jackson.core.jackson-databind	Medium
Product	Manifest	Implementation-Title	jackson-databind	High
Product	Manifest	multi-release	true	Low
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	Manifest	specification-title	jackson-databind	Medium
Product	pom	artifactid	jackson-databind	Highest
Product	pom	groupid	com.fasterxml.jackson.core	Highest
Product	pom	name	jackson-databind	High
Product	pom	parent-artifactid	jackson-base	Medium
Product	pom	parent-groupid	com.fasterxml.jackson	Medium
Product	pom	url	FasterXML/jackson	High
Version	file	version	2.17.3	High
Version	Manifest	Bundle-Version	2.17.3	High
Version	Manifest	Implementation-Version	2.17.3	High
Version	pom	version	2.17.3	Highest

Identifiers

pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.17.3 (Confidence:High)
cpe:2.3:a:fasterxml:jackson-databind:2.17.3:*:*:*:*:*:*:* (Confidence:Highest)
cpe:2.3:a:fasterxml:jackson-modules-java8:2.17.3:*:*:*:*:*:*:* (Confidence:Low)

slf4j-api-2.0.17.jar

Description:

The slf4j API

License:

https://opensource.org/license/mit

File Path: /opt/tomcat/.m2/repository/org/slf4j/slf4j-api/2.0.17/slf4j-api-2.0.17.jar
MD5: b6480d114a23683498ac3f746f959d2f
SHA1: d9e58ac9c7779ba3bf8142aff6c830617a7fe60f
SHA256:7b751d952061954d5abfed7181c1f645d336091b679891591d63329c622eb832
Referenced In Project/Scope: Core Events:compile
pkg:maven/org.apache.avro/avro@1.11.4

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	slf4j-api	High
Vendor	jar	package name	slf4j	Highest
Vendor	Manifest	build-jdk-spec	21	Low
Vendor	Manifest	bundle-docurl	http://www.slf4j.org	Low
Vendor	Manifest	bundle-symbolicname	slf4j.api	Medium
Vendor	Manifest	multi-release	true	Low
Vendor	Manifest	require-capability	osgi.extender;filter:="(&(osgi.extender=osgi.serviceloader.processor)(version>=1.0.0)(!(version>=2.0.0)))",osgi.serviceloader;filter:="(osgi.serviceloader=org.slf4j.spi.SLF4JServiceProvider)";osgi.serviceloader="org.slf4j.spi.SLF4JServiceProvider",osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	pom	artifactid	slf4j-api	Highest
Vendor	pom	artifactid	slf4j-api	Low
Vendor	pom	groupid	org.slf4j	Highest
Vendor	pom	name	SLF4J API Module	High
Vendor	pom	parent-artifactid	slf4j-parent	Low
Vendor	pom	url	http://www.slf4j.org	Highest
Product	file	name	slf4j-api	High
Product	jar	package name	slf4j	Highest
Product	jar	package name	slf4jserviceprovider	Highest
Product	jar	package name	spi	Highest
Product	Manifest	build-jdk-spec	21	Low
Product	Manifest	bundle-docurl	http://www.slf4j.org	Low
Product	Manifest	Bundle-Name	SLF4J API Module	Medium
Product	Manifest	bundle-symbolicname	slf4j.api	Medium
Product	Manifest	Implementation-Title	slf4j-api	High
Product	Manifest	multi-release	true	Low
Product	Manifest	require-capability	osgi.extender;filter:="(&(osgi.extender=osgi.serviceloader.processor)(version>=1.0.0)(!(version>=2.0.0)))",osgi.serviceloader;filter:="(osgi.serviceloader=org.slf4j.spi.SLF4JServiceProvider)";osgi.serviceloader="org.slf4j.spi.SLF4JServiceProvider",osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	pom	artifactid	slf4j-api	Highest
Product	pom	groupid	org.slf4j	Highest
Product	pom	name	SLF4J API Module	High
Product	pom	parent-artifactid	slf4j-parent	Medium
Product	pom	url	http://www.slf4j.org	Medium
Version	file	version	2.0.17	High
Version	Manifest	Bundle-Version	2.0.17	High
Version	Manifest	Implementation-Version	2.0.17	High
Version	pom	version	2.0.17	Highest

Identifiers

pkg:maven/org.slf4j/slf4j-api@2.0.17 (Confidence:High)

How to read the report | Suppressing false positives | Getting Help: github issues

Sponsor

Project: Core Events

net.andresbustamante:y-a-foot-core-events:2.0.0-SNAPSHOT

Summary

Dependencies

avro-1.11.4.jar

Evidence

Identifiers

commons-codec-1.16.1.jar

Evidence

Identifiers

commons-compress-1.26.2.jar

Evidence

Identifiers

commons-io-2.15.0.jar

Evidence

Identifiers

commons-lang3-3.13.0.jar

Evidence

Identifiers

jackson-annotations-2.17.3.jar

Evidence

Identifiers

jackson-core-2.17.3.jar

Evidence

Identifiers

Published Vulnerabilities

jackson-databind-2.17.3.jar

Evidence

Identifiers

slf4j-api-2.0.17.jar

Evidence

Identifiers

How to read the report | Suppressing false positives | Getting Help: github issues Sponsor

Project: Core Events

net.andresbustamante:y-a-foot-core-events:2.0.0-SNAPSHOT

Summary

Dependencies

avro-1.11.4.jar

Evidence

Identifiers

commons-codec-1.16.1.jar

Evidence

Identifiers

commons-compress-1.26.2.jar

Evidence

Identifiers

commons-io-2.15.0.jar

Evidence

Identifiers

commons-lang3-3.13.0.jar

Evidence

Identifiers

jackson-annotations-2.17.3.jar

Evidence

Identifiers

jackson-core-2.17.3.jar

Evidence

Identifiers

Published Vulnerabilities

jackson-databind-2.17.3.jar

Evidence

Identifiers

slf4j-api-2.0.17.jar

Evidence

Identifiers

How to read the report | Suppressing false positives | Getting Help: github issues

Sponsor