Press CTR-C to copy XML [help]


Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

How to read the report | Suppressing false positives | Getting Help: github issues

 Sponsor

Project: Core Web

net.andresbustamante:y-a-foot-core-web:2.0.0-SNAPSHOT

Scan Information (show all):

Summary

Display: Showing Vulnerable Dependencies (click to show all)

DependencyVulnerability IDsPackageHighest SeverityCVE CountConfidenceEvidence Count
HikariCP-5.1.0.jarpkg:maven/com.zaxxer/HikariCP@5.1.0 037
accessors-smart-2.5.2.jarcpe:2.3:a:json-java_project:json-java:2.5.2:*:*:*:*:*:*:*pkg:maven/net.minidev/accessors-smart@2.5.2HIGH2Low45
amqp-client-5.19.0.jarcpe:2.3:a:vmware:rabbitmq:5.19.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:rabbitmq_java_client:5.19.0:*:*:*:*:*:*:*		pkg:maven/com.rabbitmq/amqp-client@5.19.0 0High51
angus-activation-2.0.1.jarpkg:maven/org.eclipse.angus/angus-activation@2.0.1 037
asm-9.7.1.jarpkg:maven/org.ow2.asm/asm@9.7.1 054
aspectjweaver-1.9.24.jarpkg:maven/org.aspectj/aspectjweaver@1.9.24 049
avro-1.11.4.jarpkg:maven/org.apache.avro/avro@1.11.4 036
checker-qual-3.48.3.jarpkg:maven/org.checkerframework/checker-qual@3.48.3 046
classmate-1.5.1.jarpkg:maven/com.fasterxml/classmate@1.5.1 057
commons-codec-1.16.1.jarpkg:maven/commons-codec/commons-codec@1.16.1 0125
commons-collections4-4.4.jarcpe:2.3:a:apache:commons_collections:4.4:*:*:*:*:*:*:*pkg:maven/org.apache.commons/commons-collections4@4.4 0Highest107
commons-compress-1.26.2.jarcpe:2.3:a:apache:commons_compress:1.26.2:*:*:*:*:*:*:*pkg:maven/org.apache.commons/commons-compress@1.26.2 0Highest111
commons-io-2.15.0.jarcpe:2.3:a:apache:commons_io:2.15.0:*:*:*:*:*:*:*pkg:maven/commons-io/commons-io@2.15.0 0Highest127
commons-lang3-3.13.0.jarpkg:maven/org.apache.commons/commons-lang3@3.13.0 0145
commons-text-1.11.0.jarcpe:2.3:a:apache:commons_text:1.11.0:*:*:*:*:*:*:*pkg:maven/org.apache.commons/commons-text@1.11.0 0Highest75
content-type-2.2.jarpkg:maven/com.nimbusds/content-type@2.2 047
flyway-core-10.10.0.jarpkg:maven/org.flywaydb/flyway-core@10.10.0 021
freemarker-2.3.34.jarpkg:maven/org.freemarker/freemarker@2.3.34 044
gson-2.10.1.jarcpe:2.3:a:google:gson:2.10.1:*:*:*:*:*:*:*pkg:maven/com.google.code.gson/gson@2.10.1 0Highest35
hibernate-validator-8.0.2.Final.jarcpe:2.3:a:redhat:hibernate_validator:8.0.2:*:*:*:*:*:*:*pkg:maven/org.hibernate.validator/hibernate-validator@8.0.2.Final 0Highest36
jackson-annotations-2.17.3.jarcpe:2.3:a:fasterxml:jackson-modules-java8:2.17.3:*:*:*:*:*:*:*pkg:maven/com.fasterxml.jackson.core/jackson-annotations@2.17.3 0Low40
jackson-core-2.17.3.jarcpe:2.3:a:fasterxml:jackson-modules-java8:2.17.3:*:*:*:*:*:*:*
cpe:2.3:a:json-java_project:json-java:2.17.3:*:*:*:*:*:*:*		pkg:maven/com.fasterxml.jackson.core/jackson-core@2.17.3HIGH2Low51
jackson-databind-2.17.3.jarcpe:2.3:a:fasterxml:jackson-databind:2.17.3:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-modules-java8:2.17.3:*:*:*:*:*:*:*		pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.17.3 0Highest43
jackson-dataformat-toml-2.17.3.jarcpe:2.3:a:fasterxml:jackson-dataformat-xml:2.17.3:*:*:*:*:*:*:*pkg:maven/com.fasterxml.jackson.dataformat/jackson-dataformat-toml@2.17.3 0Highest41
jakarta.activation-api-2.1.3.jarcpe:2.3:a:eclipse:eclipse_ide:2.1.3:*:*:*:*:*:*:*pkg:maven/jakarta.activation/jakarta.activation-api@2.1.3MEDIUM3Highest50
jakarta.annotation-api-2.1.1.jarcpe:2.3:a:oracle:projects:2.1.1:*:*:*:*:*:*:*pkg:maven/jakarta.annotation/jakarta.annotation-api@2.1.1 0Low44
jakarta.mail-2.0.3.jar (shaded: org.eclipse.angus:angus-core:2.0.3)pkg:maven/org.eclipse.angus/angus-core@2.0.3 09
jakarta.mail-2.0.3.jar (shaded: org.eclipse.angus:angus-mail:2.0.3)pkg:maven/org.eclipse.angus/angus-mail@2.0.3 09
jakarta.mail-2.0.3.jar (shaded: org.eclipse.angus:imap:2.0.3)pkg:maven/org.eclipse.angus/imap@2.0.3 09
jakarta.mail-2.0.3.jar (shaded: org.eclipse.angus:logging-mailhandler:2.0.3)pkg:maven/org.eclipse.angus/logging-mailhandler@2.0.3 09
jakarta.mail-2.0.3.jar (shaded: org.eclipse.angus:pop3:2.0.3)pkg:maven/org.eclipse.angus/pop3@2.0.3 09
jakarta.mail-2.0.3.jar (shaded: org.eclipse.angus:smtp:2.0.3)pkg:maven/org.eclipse.angus/smtp@2.0.3 09
jakarta.mail-2.0.3.jarpkg:maven/org.eclipse.angus/jakarta.mail@2.0.3 036
jakarta.mail-api-2.1.3.jarcpe:2.3:a:eclipse:eclipse_ide:2.1.3:*:*:*:*:*:*:*pkg:maven/jakarta.mail/jakarta.mail-api@2.1.3MEDIUM3Highest41
jakarta.servlet-api-6.0.0.jarcpe:2.3:a:oracle:projects:6.0.0:*:*:*:*:*:*:*pkg:maven/jakarta.servlet/jakarta.servlet-api@6.0.0 0Low47
jakarta.validation-api-3.0.2.jarpkg:maven/jakarta.validation/jakarta.validation-api@3.0.2 058
jboss-logging-3.5.3.Final.jarpkg:maven/org.jboss.logging/jboss-logging@3.5.3.Final 043
jcip-annotations-1.0-1.jarpkg:maven/com.github.stephenc.jcip/jcip-annotations@1.0-1 025
json-smart-2.5.2.jarcpe:2.3:a:json-smart_project:json-smart:2.5.2:*:*:*:*:*:*:*
cpe:2.3:a:json-smart_project:json-smart-v2:2.5.2:*:*:*:*:*:*:*		pkg:maven/net.minidev/json-smart@2.5.2 0Highest53
lang-tag-1.7.jarpkg:maven/com.nimbusds/lang-tag@1.7 049
logback-core-1.5.18.jarcpe:2.3:a:qos:logback:1.5.18:*:*:*:*:*:*:*pkg:maven/ch.qos.logback/logback-core@1.5.18 0Highest41
mapstruct-1.5.5.Final.jarpkg:maven/org.mapstruct/mapstruct@1.5.5.Final 038
micrometer-commons-1.13.13.jarpkg:maven/io.micrometer/micrometer-commons@1.13.13 067
micrometer-observation-1.13.13.jarpkg:maven/io.micrometer/micrometer-observation@1.13.13 067
mybatis-3.5.19.jar (shaded: ognl:ognl:3.4.4)cpe:2.3:a:ognl_project:ognl:3.4.4:*:*:*:*:*:*:*pkg:maven/ognl/ognl@3.4.4 0Highest18
mybatis-3.5.19.jar (shaded: org.javassist:javassist:3.30.2-GA)pkg:maven/org.javassist/javassist@3.30.2-GA 043
mybatis-3.5.19.jarcpe:2.3:a:mybatis:mybatis:3.5.19:*:*:*:*:*:*:*pkg:maven/org.mybatis/mybatis@3.5.19 0Highest49
mybatis-spring-3.0.4.jarpkg:maven/org.mybatis/mybatis-spring@3.0.4 041
mybatis-spring-boot-autoconfigure-3.0.4.jarpkg:maven/org.mybatis.spring.boot/mybatis-spring-boot-autoconfigure@3.0.4 042
mybatis-spring-boot-starter-3.0.4.jarpkg:maven/org.mybatis.spring.boot/mybatis-spring-boot-starter@3.0.4 042
net.andresbustamante:y-a-foot-commons-api:2.0.0-SNAPSHOTpkg:maven/net.andresbustamante/y-a-foot-commons-api@2.0.0-SNAPSHOT 06
net.andresbustamante:y-a-foot-commons-services:2.0.0-SNAPSHOTpkg:maven/net.andresbustamante/y-a-foot-commons-services@2.0.0-SNAPSHOT 06
net.andresbustamante:y-a-foot-commons-web:2.0.0-SNAPSHOTcpe:2.3:a:web_project:web:2.0.0:snapshot:*:*:*:*:*:*pkg:maven/net.andresbustamante/y-a-foot-commons-web@2.0.0-SNAPSHOT 0Low6
net.andresbustamante:y-a-foot-core-api:2.0.0-SNAPSHOTpkg:maven/net.andresbustamante/y-a-foot-core-api@2.0.0-SNAPSHOT 06
net.andresbustamante:y-a-foot-core-db:2.0.0-SNAPSHOTpkg:maven/net.andresbustamante/y-a-foot-core-db@2.0.0-SNAPSHOT 06
net.andresbustamante:y-a-foot-core-events:2.0.0-SNAPSHOTpkg:maven/net.andresbustamante/y-a-foot-core-events@2.0.0-SNAPSHOT 06
net.andresbustamante:y-a-foot-core-services:2.0.0-SNAPSHOTpkg:maven/net.andresbustamante/y-a-foot-core-services@2.0.0-SNAPSHOT 06
net.andresbustamante:y-a-foot-messaging-api:2.0.0-SNAPSHOTpkg:maven/net.andresbustamante/y-a-foot-messaging-api@2.0.0-SNAPSHOT 06
net.andresbustamante:y-a-foot-messaging-services:2.0.0-SNAPSHOTpkg:maven/net.andresbustamante/y-a-foot-messaging-services@2.0.0-SNAPSHOT 06
net.andresbustamante:y-a-foot-users-api:2.0.0-SNAPSHOTpkg:maven/net.andresbustamante/y-a-foot-users-api@2.0.0-SNAPSHOT 06
nimbus-jose-jwt-9.37.3.jarcpe:2.3:a:connect2id:nimbus_jose\+jwt:9.37.3:*:*:*:*:*:*:*pkg:maven/com.nimbusds/nimbus-jose-jwt@9.37.3 0Highest54
oauth2-oidc-sdk-9.43.6.jarpkg:maven/com.nimbusds/oauth2-oidc-sdk@9.43.6 059
postgresql-42.7.5.jarcpe:2.3:a:postgresql:postgresql_jdbc_driver:42.7.5:*:*:*:*:*:*:*pkg:maven/org.postgresql/postgresql@42.7.5 0Low71
slf4j-api-2.0.17.jarpkg:maven/org.slf4j/slf4j-api@2.0.17 033
snakeyaml-2.2.jarcpe:2.3:a:snakeyaml_project:snakeyaml:2.2:*:*:*:*:*:*:*pkg:maven/org.yaml/snakeyaml@2.2 0Highest44
spring-amqp-3.1.11.jarcpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:3.1.11:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_advanced_message_queuing_protocol:3.1.11:*:*:*:*:*:*:*		pkg:maven/org.springframework.amqp/spring-amqp@3.1.11 0Low71
spring-boot-starter-jdbc-3.4.0.jarcpe:2.3:a:vmware:spring_boot:3.4.0:*:*:*:*:*:*:*pkg:maven/org.springframework.boot/spring-boot-starter-jdbc@3.4.0 0Highest36
spring-boot-starter-oauth2-resource-server-3.3.11.jarcpe:2.3:a:vmware:spring_boot:3.3.11:*:*:*:*:*:*:*pkg:maven/org.springframework.boot/spring-boot-starter-oauth2-resource-server@3.3.11 0Highest36
spring-boot-starter-web-3.3.11.jarcpe:2.3:a:vmware:spring_boot:3.3.11:*:*:*:*:*:*:*
cpe:2.3:a:web_project:web:3.3.11:*:*:*:*:*:*:*		pkg:maven/org.springframework.boot/spring-boot-starter-web@3.3.11 0Highest36
spring-core-6.1.19.jarcpe:2.3:a:pivotal_software:spring_framework:6.1.19:*:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:6.1.19:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:6.1.19:*:*:*:*:*:*:*		pkg:maven/org.springframework/spring-core@6.1.19 0Highest41
spring-retry-2.0.11.jarpkg:maven/org.springframework.retry/spring-retry@2.0.11 048
spring-security-core-6.3.9.jarcpe:2.3:a:pivotal_software:spring_security:6.3.9:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_security:6.3.9:*:*:*:*:*:*:*		pkg:maven/org.springframework.security/spring-security-core@6.3.9 0Highest38
spring-security-oauth2-resource-server-6.3.9.jarcpe:2.3:a:pivotal:spring_security_oauth:6.3.9:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_security:6.3.9:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_security_oauth:6.3.9:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_security:6.3.9:*:*:*:*:*:*:*		pkg:maven/org.springframework.security/spring-security-oauth2-resource-server@6.3.9 0Highest40
spring-security-web-6.3.9.jarcpe:2.3:a:pivotal_software:spring_security:6.3.9:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_security:6.3.9:*:*:*:*:*:*:*
cpe:2.3:a:web_project:web:6.3.9:*:*:*:*:*:*:*		pkg:maven/org.springframework.security/spring-security-web@6.3.9 0Highest38
spring-web-6.1.19.jarcpe:2.3:a:pivotal_software:spring_framework:6.1.19:*:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:6.1.19:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:6.1.19:*:*:*:*:*:*:*
cpe:2.3:a:web_project:web:6.1.19:*:*:*:*:*:*:*		pkg:maven/org.springframework/spring-web@6.1.19 0Highest35
swagger-annotations-2.2.18.jarcpe:2.3:a:http-swagger_project:http-swagger:2.2.18:*:*:*:*:*:*:*pkg:maven/io.swagger.core.v3/swagger-annotations@2.2.18 0Low40
tomcat-embed-core-10.1.40.jarcpe:2.3:a:apache:tomcat:10.1.40:*:*:*:*:*:*:*
cpe:2.3:a:apache_tomcat:apache_tomcat:10.1.40:*:*:*:*:*:*:*		pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.40 0Highest69
tomcat-embed-el-10.1.40.jarpkg:maven/org.apache.tomcat.embed/tomcat-embed-el@10.1.40 035

Dependencies

HikariCP-5.1.0.jar

Description:

Ultimate JDBC Connection Pool

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/com/zaxxer/HikariCP/5.1.0/HikariCP-5.1.0.jar
MD5: 37404f82207a28141bd9b0fe6b1d0a16
SHA1: 8c96e36c14461fc436bb02b264b96ef3ca5dca8c
SHA256:a47a6ee62379694ee52c30036f0931b72f9aee2a801d590341ed82bd839e2134
Referenced In Project/Scope: Core Web:compile
HikariCP-5.1.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.mybatis.spring.boot/mybatis-spring-boot-starter@3.0.4

Identifiers

accessors-smart-2.5.2.jar

Description:

Java reflect give poor performance on getter setter an constructor calls, accessors-smart use ASM to speed up those calls.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/net/minidev/accessors-smart/2.5.2/accessors-smart-2.5.2.jar
MD5: 24191e0bb215c72902e89f46dde839e1
SHA1: ce16fd235cfee48e67eda33e684423bba09f7d07
SHA256:9b8a7bc43861d6156c021166d941fb7dddbe4463e2fa5ee88077e4b01452a836
Referenced In Project/Scope: Core Web:runtime
accessors-smart-2.5.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-oauth2-client@3.3.11

Identifiers

CVE-2022-45688  

A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data.
CWE-787 Out-of-bounds Write

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2023-5072  

Denial of Service  in JSON-Java versions up to and including 20230618.  A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

amqp-client-5.19.0.jar

Description:

The RabbitMQ Java client library allows Java applications to interface with RabbitMQ.

License:

AL 2.0: https://www.apache.org/licenses/LICENSE-2.0.html
GPL v2: https://www.gnu.org/licenses/gpl-2.0.txt
MPL 2.0: https://www.mozilla.org/en-US/MPL/2.0/
File Path: /opt/tomcat/.m2/repository/com/rabbitmq/amqp-client/5.19.0/amqp-client-5.19.0.jar
MD5: 66dd87e201ca617388a786db0edf6be2
SHA1: 6bd68c3cdf2662a9fbff8de5b9ef2b0fb1e6fe57
SHA256:d2c7a35031bf7f101b9cfcb5f58b201201b1f8232b6608171db7befe3a2b860d
Referenced In Project/Scope: Core Web:compile
amqp-client-5.19.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.amqp/spring-rabbit@3.1.11

Identifiers

angus-activation-2.0.1.jar

Description:

${project.name} Implementation

License:

http://www.eclipse.org/org/documents/edl-v10.php
File Path: /opt/tomcat/.m2/repository/org/eclipse/angus/angus-activation/2.0.1/angus-activation-2.0.1.jar
MD5: 9a66564224140488f83f645ac32d4169
SHA1: eaafaf4eb71b400e4136fc3a286f50e34a68ecb7
SHA256:b226761815868edf8964c1d71e6d2d54ab238c2788507061b4e0633933b4c131
Referenced In Project/Scope: Core Web:runtime
angus-activation-2.0.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-mail@3.3.11

Identifiers

asm-9.7.1.jar

Description:

ASM, a very small and fast Java bytecode manipulation framework

License:

BSD-3-Clause: https://asm.ow2.io/license.html
File Path: /opt/tomcat/.m2/repository/org/ow2/asm/asm/9.7.1/asm-9.7.1.jar
MD5: e2cdd32d198ad31427d298eee9d39d8d
SHA1: f0ed132a49244b042cd0e15702ab9f2ce3cc8436
SHA256:8cadd43ac5eb6d09de05faecca38b917a040bb9139c7edeb4cc81c740b713281
Referenced In Project/Scope: Core Web:runtime
asm-9.7.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-oauth2-client@3.3.11

Identifiers

aspectjweaver-1.9.24.jar

Description:

The AspectJ weaver applies aspects to Java classes. It can be used as a Java agent in order to apply load-time
		weaving (LTW) during class-loading and also contains the AspectJ runtime classes.

License:

Eclipse Public License - v 2.0: https://www.eclipse.org/org/documents/epl-2.0/EPL-2.0.txt
File Path: /opt/tomcat/.m2/repository/org/aspectj/aspectjweaver/1.9.24/aspectjweaver-1.9.24.jar
MD5: d95bb9406a5351d45a02145777b9a241
SHA1: 9b5aeb0cea9f958b9c57fb80e62996e95a3e9379
SHA256:75e4227fb7dc5f97c3d4689cd1c2439f4db0bd18cea2fa242c4656cd93c599aa
Referenced In Project/Scope: Core Web:compile
aspectjweaver-1.9.24.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-core-services@2.0.0-SNAPSHOT

Identifiers

avro-1.11.4.jar

Description:

Avro core components

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/org/apache/avro/avro/1.11.4/avro-1.11.4.jar
MD5: 915002011d651686f94b4e20d25234a6
SHA1: 25d54640c4a17aa342490c4c63c172759361bf56
SHA256:eeba11b77070b9aa6337d886fdf778f6695f6c4c3dcfd2a02389925c885079fa
Referenced In Project/Scope: Core Web:compile
avro-1.11.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-core-services@2.0.0-SNAPSHOT

Identifiers

checker-qual-3.48.3.jar

Description:

checker-qual contains annotations (type qualifiers) that a programmerwrites to specify Java code for type-checking by the Checker Framework.

License:

The MIT License: http://opensource.org/licenses/MIT
File Path: /opt/tomcat/.m2/repository/org/checkerframework/checker-qual/3.48.3/checker-qual-3.48.3.jar
MD5: 9fe3deae54d20bd78960459c952ac7d4
SHA1: c48effe7d78de3cf5e8a98c614281ec6a2466a77
SHA256:443685b1b232803baaf803c15d6f5a425473c6f7b81c5f276dfcf93288e389a5
Referenced In Project/Scope: Core Web:runtime
checker-qual-3.48.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-core-db@2.0.0-SNAPSHOT

Identifiers

classmate-1.5.1.jar

Description:

Library for introspecting types with full generic information
        including resolving of field and method types.

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/com/fasterxml/classmate/1.5.1/classmate-1.5.1.jar
MD5: e91fcd30ba329fd1b0b6dc5321fd067c
SHA1: 3fe0bed568c62df5e89f4f174c101eab25345b6c
SHA256:aab4de3006808c09d25dd4ff4a3611cfb63c95463cfd99e73d2e1680d229a33b
Referenced In Project/Scope: Core Web:compile
classmate-1.5.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-validation@3.3.11

Identifiers

commons-codec-1.16.1.jar

Description:

     The Apache Commons Codec component contains encoder and decoders for
     various formats such as Base16, Base32, Base64, digest, and Hexadecimal. In addition to these
     widely used encoders and decoders, the codec package also maintains a
     collection of phonetic encoding utilities.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/commons-codec/commons-codec/1.16.1/commons-codec-1.16.1.jar
MD5: 6c5be822d8d3fa61c3b54c4c8978dfdc
SHA1: 47bd4d333fba53406f6c6c51884ddbca435c8862
SHA256:ec87bfb55f22cbd1b21e2190eeda28b2b312ed2a431ee49fbdcc01812d04a5e4
Referenced In Project/Scope: Core Web:compile
commons-codec-1.16.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-core-services@2.0.0-SNAPSHOT

Identifiers

commons-collections4-4.4.jar

Description:

The Apache Commons Collections package contains types that extend and augment the Java Collections Framework.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/org/apache/commons/commons-collections4/4.4/commons-collections4-4.4.jar
MD5: 4a37023740719b391f10030362c86be6
SHA1: 62ebe7544cb7164d87e0637a2a6a2bdc981395e8
SHA256:1df8b9430b5c8ed143d7815e403e33ef5371b2400aadbe9bda0883762e0846d1
Referenced In Project/Scope: Core Web:compile
commons-collections4-4.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-core-web@2.0.0-SNAPSHOT

Identifiers

commons-compress-1.26.2.jar

Description:

Apache Commons Compress defines an API for working with
compression and archive formats. These include bzip2, gzip, pack200,
LZMA, XZ, Snappy, traditional Unix Compress, DEFLATE, DEFLATE64, LZ4,
Brotli, Zstandard and ar, cpio, jar, tar, zip, dump, 7z, arj.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/org/apache/commons/commons-compress/1.26.2/commons-compress-1.26.2.jar
MD5: d2c5abbd0a822c0b79cf4f03ead483ee
SHA1: eb1f823447af685208e684fce84783b43517960c
SHA256:9168a03141d8fc7eda21a2360d83cc0412bcbb1d6204d992bd48c2573cb3c6b8
Referenced In Project/Scope: Core Web:compile
commons-compress-1.26.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-core-services@2.0.0-SNAPSHOT

Identifiers

commons-io-2.15.0.jar

Description:

The Apache Commons IO library contains utility classes, stream implementations, file filters,
file comparators, endian transformation classes, and much more.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/commons-io/commons-io/2.15.0/commons-io-2.15.0.jar
MD5: 125a9d3dc2477b10cc6fa6e89c699e81
SHA1: 5c3c2db10f6f797430a7f9c696b4d1273768c924
SHA256:a328dad730921d197b6a9b195dffa00e41c974c2dac8fe37e84d31706bca7792
Referenced In Project/Scope: Core Web:compile
commons-io-2.15.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-core-services@2.0.0-SNAPSHOT

Identifiers

commons-lang3-3.13.0.jar

Description:

  Apache Commons Lang, a package of Java utility classes for the
  classes that are in java.lang's hierarchy, or are considered to be so
  standard as to justify existence in java.lang.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/org/apache/commons/commons-lang3/3.13.0/commons-lang3-3.13.0.jar
MD5: 3435b913691a5c1b173485a49850b1a8
SHA1: b7263237aa89c1f99b327197c41d0669707a462e
SHA256:82f528cf718c7a3c2f30fc5bc784e3c6a0a10b17605dadb9e16c82ede11e6064
Referenced In Project/Scope: Core Web:compile
commons-lang3-3.13.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-core-services@2.0.0-SNAPSHOT

Identifiers

commons-text-1.11.0.jar

Description:

Apache Commons Text is a library focused on algorithms working on strings.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/org/apache/commons/commons-text/1.11.0/commons-text-1.11.0.jar
MD5: ebfec4f77cc595c518d655f7e68346be
SHA1: 2bb044b7717ec2eccaf9ea7769c1509054b50e9a
SHA256:2acf30a070b19163d5a480eae411a281341e870020e3534c6d5d4c8472739e30
Referenced In Project/Scope: Core Web:compile
commons-text-1.11.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-core-services@2.0.0-SNAPSHOT

Identifiers

content-type-2.2.jar

Description:

Java library for Content (Media) Type representation

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/com/nimbusds/content-type/2.2/content-type-2.2.jar
MD5: 135aaa5ebcc12a45f4b3ff08cb6fa46a
SHA1: 9a894bce7646dd4086652d85b88013229f23724b
SHA256:730f1816196145e88275093c147f2e6da3c3e541207acd3503a1b06129b9bea9
Referenced In Project/Scope: Core Web:runtime
content-type-2.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-oauth2-client@3.3.11

Identifiers

flyway-core-10.10.0.jar

File Path: /opt/tomcat/.m2/repository/org/flywaydb/flyway-core/10.10.0/flyway-core-10.10.0.jar
MD5: c31003dacfe66439c92a78f5019775d4
SHA1: 8761d308b9fc9697a95ae362bcbbb5abe8f6e08f
SHA256:9ca803176bf3c9450b58af79c07ffdc7922fa029b97e4f51675b6a9766d4e1d6
Referenced In Project/Scope: Core Web:compile
flyway-core-10.10.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-core-db@2.0.0-SNAPSHOT

Identifiers

freemarker-2.3.34.jar

Description:

    FreeMarker is a "template engine"; a generic tool to generate text output based on templates.

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/org/freemarker/freemarker/2.3.34/freemarker-2.3.34.jar
MD5: 1704fd3c579385ca5fd0ebcdf50df73c
SHA1: c2fa47a1c3b6dcdfca90e952e51211967a4baa54
SHA256:9a9fb91cd64199232eb1ca9766148a5d30ef8944be5fac051018f96c70c8f6a3
Referenced In Project/Scope: Core Web:compile
freemarker-2.3.34.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-messaging-services@2.0.0-SNAPSHOT

Identifiers

gson-2.10.1.jar

Description:

Gson JSON library

License:

Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/com/google/code/gson/gson/2.10.1/gson-2.10.1.jar
MD5: df6097815738cb31fc56391553210843
SHA1: b3add478d4382b78ea20b1671390a858002feb6c
SHA256:4241c14a7727c34feea6507ec801318a3d4a90f070e4525681079fb94ee4c593
Referenced In Project/Scope: Core Web:compile
gson-2.10.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-core-db@2.0.0-SNAPSHOT

Identifiers

hibernate-validator-8.0.2.Final.jar

Description:

Hibernate's Jakarta Bean Validation reference implementation.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/org/hibernate/validator/hibernate-validator/8.0.2.Final/hibernate-validator-8.0.2.Final.jar
MD5: 1adda123292ba2627d03a696d8c7e76a
SHA1: 220e64815dd87535525331de20570017f899eb13
SHA256:2f2224a5a19bdcfa73540e9ff5c971b6c425ad80415876f305259fe873a15b2f
Referenced In Project/Scope: Core Web:compile
hibernate-validator-8.0.2.Final.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-validation@3.3.11

Identifiers

jackson-annotations-2.17.3.jar

Description:

Core annotations used for value types, used by Jackson data binding package.

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/com/fasterxml/jackson/core/jackson-annotations/2.17.3/jackson-annotations-2.17.3.jar
MD5: cb80e34a9fa3c0b27560e1562dfdff43
SHA1: 4f30a05d2eee0ab700cdc27aa5967e934d3042b2
SHA256:2747f60343783a6ec8a68405c7c839fa0bbe30ee4e2459d21a1ac3b7365e1ed5
Referenced In Project/Scope: Core Web:compile
jackson-annotations-2.17.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-core-web@2.0.0-SNAPSHOT

Identifiers

jackson-core-2.17.3.jar

Description:

Core Jackson processing abstractions (aka Streaming API), implementation for JSON

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.17.3/jackson-core-2.17.3.jar
MD5: b38c1cd06ec2b87bd23494962c44da69
SHA1: 1d6eb3e959c737692b720d3492b2f1f34c4c8579
SHA256:19e03ee71f00a86255fa3c980560b231e1305486f6482c905601209014f5870c
Referenced In Project/Scope: Core Web:compile
jackson-core-2.17.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.17.3

Identifiers

CVE-2022-45688  

A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data.
CWE-787 Out-of-bounds Write

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2023-5072  

Denial of Service  in JSON-Java versions up to and including 20230618.  A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

jackson-databind-2.17.3.jar

Description:

General data-binding functionality for Jackson: works on core streaming API

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.17.3/jackson-databind-2.17.3.jar
MD5: 820811143157937e800b899a4feeb261
SHA1: 42c617beb411ee813bdc39a287424bfb19d99185
SHA256:93b13e709a0b620de42019180a75bc1fc4885c81fe5b6087a4aa248f91fb9a95
Referenced In Project/Scope: Core Web:compile
jackson-databind-2.17.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-core-web@2.0.0-SNAPSHOT

Identifiers

jackson-dataformat-toml-2.17.3.jar

Description:

Support for reading and writing TOML-encoded data via Jackson abstractions.

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/com/fasterxml/jackson/dataformat/jackson-dataformat-toml/2.17.3/jackson-dataformat-toml-2.17.3.jar
MD5: d2ad35af9cbda38b7c342e5db2f42714
SHA1: 34c86ea69dac79a2a684d5d2261b62116e788e37
SHA256:c5785f6ab645e4cda167424359b32a6af466a06d46d6c2195c1f14058be7e212
Referenced In Project/Scope: Core Web:compile
jackson-dataformat-toml-2.17.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-core-db@2.0.0-SNAPSHOT

Identifiers

jakarta.activation-api-2.1.3.jar

Description:

${project.name} ${spec.version} Specification

License:

EDL 1.0: http://www.eclipse.org/org/documents/edl-v10.php
File Path: /opt/tomcat/.m2/repository/jakarta/activation/jakarta.activation-api/2.1.3/jakarta.activation-api-2.1.3.jar
MD5: 76e7b680375ea9f40f3ddbd702efcd25
SHA1: fa165bd70cda600368eee31555222776a46b881f
SHA256:01b176d718a169263e78290691fc479977186bcc6b333487325084d6586f4627
Referenced In Project/Scope: Core Web:compile
jakarta.activation-api-2.1.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-messaging-services@2.0.0-SNAPSHOT

Identifiers

CVE-2023-4218  

In Eclipse IDE versions < 2023-09 (4.29) some files with xml content are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil project or update an open project with a vulnerable file (for example for review a foreign repository or patch).
CWE-611 Improper Restriction of XML External Entity Reference ('XXE')

CVSSv3:
  • Base Score: MEDIUM (5.0)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2008-7271  

Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE, possibly 3.3.2, allow remote attackers to inject arbitrary web script or HTML via (1) the searchWord parameter to help/advanced/searchView.jsp or (2) the workingSet parameter in an add action to help/advanced/workingSetManager.jsp, a different issue than CVE-2010-4647.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2010-4647  

Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE before 3.6.2 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) help/index.jsp or (2) help/advanced/content.jsp.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions: (show all)

jakarta.annotation-api-2.1.1.jar

Description:

Jakarta Annotations API

License:

EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html
File Path: /opt/tomcat/.m2/repository/jakarta/annotation/jakarta.annotation-api/2.1.1/jakarta.annotation-api-2.1.1.jar
MD5: 5dac2f68e8288d0add4dc92cb161711d
SHA1: 48b9bda22b091b1f48b13af03fe36db3be6e1ae3
SHA256:5f65fdaf424eee2b55e1d882ba9bb376be93fb09b37b808be6e22e8851c909fe
Referenced In Project/Scope: Core Web:compile
jakarta.annotation-api-2.1.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-core-web@2.0.0-SNAPSHOT

Identifiers

jakarta.mail-2.0.3.jar (shaded: org.eclipse.angus:angus-core:2.0.3)

File Path: /opt/tomcat/.m2/repository/org/eclipse/angus/jakarta.mail/2.0.3/jakarta.mail-2.0.3.jar/META-INF/maven/org.eclipse.angus/angus-core/pom.xml
MD5: 9907dbe21768f81f0436f492e8ceca57
SHA1: 108609abe9269199421273dfe2b5520c00ac800c
SHA256:a52a66e7dd0b6006ab29360dfe735a9d32243f70be56ea1af92bc7dca11fd1ed
Referenced In Project/Scope: Core Web:compile

Identifiers

jakarta.mail-2.0.3.jar (shaded: org.eclipse.angus:angus-mail:2.0.3)

File Path: /opt/tomcat/.m2/repository/org/eclipse/angus/jakarta.mail/2.0.3/jakarta.mail-2.0.3.jar/META-INF/maven/org.eclipse.angus/angus-mail/pom.xml
MD5: 8560eb9e79bba0fcd136126b210e4e55
SHA1: fd9a8039c371be9e5b61d88592f88cb7b7dc9a65
SHA256:dbf3a31ca61225a6a91b2832d5c131a187a037ec0761adb19e08362e36a7ad8b
Referenced In Project/Scope: Core Web:compile

Identifiers

jakarta.mail-2.0.3.jar (shaded: org.eclipse.angus:imap:2.0.3)

File Path: /opt/tomcat/.m2/repository/org/eclipse/angus/jakarta.mail/2.0.3/jakarta.mail-2.0.3.jar/META-INF/maven/org.eclipse.angus/imap/pom.xml
MD5: 55d43d94fda869a2551af9303a7ea370
SHA1: fed2fd168251a00aef8e0ebfc379a58a05aa6346
SHA256:2769e1c98f6d6ae4285eb0872ae1d20ce78bd503ed7a824d406e22e25e9d1b16
Referenced In Project/Scope: Core Web:compile

Identifiers

jakarta.mail-2.0.3.jar (shaded: org.eclipse.angus:logging-mailhandler:2.0.3)

File Path: /opt/tomcat/.m2/repository/org/eclipse/angus/jakarta.mail/2.0.3/jakarta.mail-2.0.3.jar/META-INF/maven/org.eclipse.angus/logging-mailhandler/pom.xml
MD5: eb9a0a396f32310dcaeddef53c4fecf2
SHA1: 9d10a9bd90cb079dcdb9b1ab25e1d1f6c253e78d
SHA256:e9546707cf60f5eace422c9f542ba2548fcef1639f1270e103720d54a4ea2a66
Referenced In Project/Scope: Core Web:compile

Identifiers

jakarta.mail-2.0.3.jar (shaded: org.eclipse.angus:pop3:2.0.3)

File Path: /opt/tomcat/.m2/repository/org/eclipse/angus/jakarta.mail/2.0.3/jakarta.mail-2.0.3.jar/META-INF/maven/org.eclipse.angus/pop3/pom.xml
MD5: f814ea6c49648addacecaad34e700890
SHA1: fad30d04e576332a8ce304438a8c60444a2a15fd
SHA256:1bf0ed0c897f7825319a0b4a8926a95a7a4430ddf4d9c11b6d1af7a34acf5261
Referenced In Project/Scope: Core Web:compile

Identifiers

jakarta.mail-2.0.3.jar (shaded: org.eclipse.angus:smtp:2.0.3)

File Path: /opt/tomcat/.m2/repository/org/eclipse/angus/jakarta.mail/2.0.3/jakarta.mail-2.0.3.jar/META-INF/maven/org.eclipse.angus/smtp/pom.xml
MD5: 88fdc95cc63d9167e76af8fd06ad205d
SHA1: 3d3b38a40ef48a4feb95a7e4d6d133df2b58c5b0
SHA256:f69db19b0c17d856e923ce29d4d6089e5dcafa30678fe549c11d316712ca3fae
Referenced In Project/Scope: Core Web:compile

Identifiers

jakarta.mail-2.0.3.jar

Description:

Angus Mail default provider

License:

http://www.eclipse.org/legal/epl-2.0, https://www.gnu.org/software/classpath/license.html, http://www.eclipse.org/org/documents/edl-v10.php
File Path: /opt/tomcat/.m2/repository/org/eclipse/angus/jakarta.mail/2.0.3/jakarta.mail-2.0.3.jar
MD5: 33043478b24ab3845a3bf702c18f9226
SHA1: 3dea6aeee9603f573687b0d4da5dc1316d921bb7
SHA256:efb946424933806bc6f8136752d22fdb3ba887ea0527ff849c474e51f7b3715e
Referenced In Project/Scope: Core Web:compile
jakarta.mail-2.0.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-mail@3.3.11

Identifiers

jakarta.mail-api-2.1.3.jar

Description:

${project.name} ${spec.version} Specification API

License:

EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html
EDL 1.0: http://www.eclipse.org/org/documents/edl-v10.php
File Path: /opt/tomcat/.m2/repository/jakarta/mail/jakarta.mail-api/2.1.3/jakarta.mail-api-2.1.3.jar
MD5: 288a687deb06b87602ce14cd03dddff4
SHA1: a327aa5f514ba86e80d54584417d7376ed2bde0e
SHA256:8051b58d75f982f9a5b963b3765426e824b2a64865ef0af17205e455b98db05c
Referenced In Project/Scope: Core Web:compile
jakarta.mail-api-2.1.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-messaging-services@2.0.0-SNAPSHOT

Identifiers

CVE-2023-4218  

In Eclipse IDE versions < 2023-09 (4.29) some files with xml content are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil project or update an open project with a vulnerable file (for example for review a foreign repository or patch).
CWE-611 Improper Restriction of XML External Entity Reference ('XXE')

CVSSv3:
  • Base Score: MEDIUM (5.0)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2008-7271  

Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE, possibly 3.3.2, allow remote attackers to inject arbitrary web script or HTML via (1) the searchWord parameter to help/advanced/searchView.jsp or (2) the workingSet parameter in an add action to help/advanced/workingSetManager.jsp, a different issue than CVE-2010-4647.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2010-4647  

Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE before 3.6.2 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) help/index.jsp or (2) help/advanced/content.jsp.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions: (show all)

jakarta.servlet-api-6.0.0.jar

Description:

Jakarta Servlet 6.0

License:

EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html
File Path: /opt/tomcat/.m2/repository/jakarta/servlet/jakarta.servlet-api/6.0.0/jakarta.servlet-api-6.0.0.jar
MD5: 4bcb3175ed9b7aa3f038d082879ec2a8
SHA1: abecc699286e65035ebba9844c03931357a6a963
SHA256:c034eb1afb158987dbb53a5fea0cadf611c8dae8daadd59c44d9d5ab70129cef
Referenced In Project/Scope: Core Web:provided
jakarta.servlet-api-6.0.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-core-web@2.0.0-SNAPSHOT

Identifiers

jakarta.validation-api-3.0.2.jar

Description:

        Jakarta Bean Validation API

License:

Apache License 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/jakarta/validation/jakarta.validation-api/3.0.2/jakarta.validation-api-3.0.2.jar
MD5: 3a1ee6efca3e41e3320599790f54c5eb
SHA1: 92b6631659ba35ca09e44874d3eb936edfeee532
SHA256:291c25e6910cc6a7ebd96d4c6baebf6d7c37676c5482c2d96146e901b62c1fc9
Referenced In Project/Scope: Core Web:compile
jakarta.validation-api-3.0.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-core-web@2.0.0-SNAPSHOT

Identifiers

jboss-logging-3.5.3.Final.jar

Description:

The JBoss Logging Framework

License:

Apache License 2.0: https://repository.jboss.org/licenses/apache-2.0.txt
File Path: /opt/tomcat/.m2/repository/org/jboss/logging/jboss-logging/3.5.3.Final/jboss-logging-3.5.3.Final.jar
MD5: ee7e24e94235c13f53392ecaa53f938c
SHA1: c88fc1d8a96d4c3491f55d4317458ccad53ca663
SHA256:7b119460de174195aca412dfed52ca0bbef0ece26c2d74301b6172cfadf4ff59
Referenced In Project/Scope: Core Web:compile
jboss-logging-3.5.3.Final.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-validation@3.3.11

Identifiers

jcip-annotations-1.0-1.jar

Description:

    A clean room implementation of the JCIP Annotations based entirely on the specification provided by the javadocs.

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/com/github/stephenc/jcip/jcip-annotations/1.0-1/jcip-annotations-1.0-1.jar
MD5: d62dbfa8789378457ada685e2f614846
SHA1: ef31541dd28ae2cefdd17c7ebf352d93e9058c63
SHA256:4fccff8382aafc589962c4edb262f6aa595e34f1e11e61057d1c6a96e8fc7323
Referenced In Project/Scope: Core Web:compile
jcip-annotations-1.0-1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.security/spring-security-oauth2-jose@6.3.9

Identifiers

json-smart-2.5.2.jar

Description:

JSON (JavaScript Object Notation) is a lightweight data-interchange format. It is easy for humans to read and write. It is easy for machines to parse and generate. It is based on a subset of the JavaScript Programming Language, Standard ECMA-262 3rd Edition - December 1999. JSON is a text format that is completely language independent but uses conventions that are familiar to programmers of the C-family of languages, including C, C++, C#, Java, JavaScript, Perl, Python, and many others. These properties make JSON an ideal data-interchange language.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/net/minidev/json-smart/2.5.2/json-smart-2.5.2.jar
MD5: e3ad34c55c0d2627255f79f4411c6bdd
SHA1: 95d166b18f95907be0f46cdb9e1c0695eed03387
SHA256:4fbdedb0105cedc7f766b95c297d2e88fb6a560da48f3bbaa0cc538ea8b7bf71
Referenced In Project/Scope: Core Web:runtime
json-smart-2.5.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-oauth2-client@3.3.11

Identifiers

lang-tag-1.7.jar

Description:

Java implementation of "Tags for Identifying Languages" (RFC 5646)

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/com/nimbusds/lang-tag/1.7/lang-tag-1.7.jar
MD5: 31b8a4f76fdbf21f1d667f9d6618e0b2
SHA1: 97c73ecd70bc7e8eefb26c5eea84f251a63f1031
SHA256:e8c1c594e2425bdbea2d860de55c69b69fc5d59454452449a0f0913c2a5b8a31
Referenced In Project/Scope: Core Web:runtime
lang-tag-1.7.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-oauth2-client@3.3.11

Identifiers

logback-core-1.5.18.jar

Description:

logback-core module

License:

http://www.eclipse.org/legal/epl-v10.html, http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html
File Path: /opt/tomcat/.m2/repository/ch/qos/logback/logback-core/1.5.18/logback-core-1.5.18.jar
MD5: 10bcea83842beead15f072799b9c923d
SHA1: 6c0375624f6f36b4e089e2488ba21334a11ef13f
SHA256:85139e7b57b464f8e5e36326dd81317648bed199ccc4f98cd42585f8d7571027
Referenced In Project/Scope: Core Web:compile
logback-core-1.5.18.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-messaging-services@2.0.0-SNAPSHOT

Identifiers

mapstruct-1.5.5.Final.jar

Description:

An annotation processor for generating type-safe bean mappers

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/org/mapstruct/mapstruct/1.5.5.Final/mapstruct-1.5.5.Final.jar
MD5: 9f2f737ffa2496ca5c40dcc323068803
SHA1: 2ca3cbe39b6e9ea8d5ea521965a89bef2a1e8eeb
SHA256:6391e07982855dd804d825b63a55ab9251003716547216e5f581123c841328d5
Referenced In Project/Scope: Core Web:compile
mapstruct-1.5.5.Final.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-core-web@2.0.0-SNAPSHOT

Identifiers

micrometer-commons-1.13.13.jar

Description:

Module containing common code

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/io/micrometer/micrometer-commons/1.13.13/micrometer-commons-1.13.13.jar
MD5: 3a91c7465b7ee9c005e26c3481a636b2
SHA1: 9fa147a70b0fbc237bd0ce9ec2a2fa9b33bc7bd7
SHA256:8613395fb4914819610d0b24ccf7345b30ee40e7bc08699cfcfb746bb2cb881d
Referenced In Project/Scope: Core Web:compile
micrometer-commons-1.13.13.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework/spring-context@6.1.19

Identifiers

micrometer-observation-1.13.13.jar

Description:

Module containing Observation related code

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/io/micrometer/micrometer-observation/1.13.13/micrometer-observation-1.13.13.jar
MD5: 5511e8e9460c294024a0789dbb015948
SHA1: 8f5dcc8e44120ac65f53cf79581ca8894c560c5b
SHA256:35b40b485eb0514ff57fa15cbcd3c0cc850a1c72421cb7090e97e8e191167b99
Referenced In Project/Scope: Core Web:compile
micrometer-observation-1.13.13.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework/spring-context@6.1.19

Identifiers

mybatis-3.5.19.jar (shaded: ognl:ognl:3.4.4)

Description:

OGNL - Object Graph Navigation Library

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/org/mybatis/mybatis/3.5.19/mybatis-3.5.19.jar/META-INF/maven/ognl/ognl/pom.xml
MD5: 24a86428b8e57ffae0c6960674232532
SHA1: b3461ef165d68058c312e3728f855ded87efd9f9
SHA256:789b916ed18989c719c1e9abb024945e5ff24cda29d3cdc755a6db06573fbab7
Referenced In Project/Scope: Core Web:compile

Identifiers

mybatis-3.5.19.jar (shaded: org.javassist:javassist:3.30.2-GA)

Description:

    Javassist (JAVA programming ASSISTant) makes Java bytecode manipulation
    simple. It is a class library for editing bytecodes in Java.

License:

MPL 1.1: https://www.mozilla.org/en-US/MPL/1.1/
LGPL 2.1: https://www.gnu.org/licenses/lgpl-2.1.html
Apache License 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /opt/tomcat/.m2/repository/org/mybatis/mybatis/3.5.19/mybatis-3.5.19.jar/META-INF/maven/org.javassist/javassist/pom.xml
MD5: adefe9ccbb66e8f75db5fa9a27df3668
SHA1: 005e8895e8598228aa2c1d3b426585a49e2c22fc
SHA256:4227851cb70e43f73aced8bffe692de3ae4412c4a62dcdff055e513ee3d801a3
Referenced In Project/Scope: Core Web:compile

Identifiers

mybatis-3.5.19.jar

Description:

The MyBatis SQL mapper framework makes it easier to use a relational database with object-oriented
    applications. MyBatis couples objects with stored procedures or SQL statements using a XML descriptor or
    annotations. Simplicity is the biggest advantage of the MyBatis data mapper over object relational mapping
    tools.

License:

"The Apache Software License, Version 2.0";link="https://www.apache.org/licenses/LICENSE-2.0.txt"
File Path: /opt/tomcat/.m2/repository/org/mybatis/mybatis/3.5.19/mybatis-3.5.19.jar
MD5: c08c2e37b85829ca613dda4d5dbb6fcc
SHA1: 79b20d963e38e66f41431ea49bc22f7cce718142
SHA256:93eea616ae355751bd5fbabb57f0732713fbe79f3196f33c51a0aeeb4255862a
Referenced In Project/Scope: Core Web:compile
mybatis-3.5.19.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-core-services@2.0.0-SNAPSHOT

Identifiers

mybatis-spring-3.0.4.jar

Description:

An easy-to-use Spring bridge for MyBatis sql mapping framework.

License:

"The Apache Software License, Version 2.0";link="https://www.apache.org/licenses/LICENSE-2.0.txt"
File Path: /opt/tomcat/.m2/repository/org/mybatis/mybatis-spring/3.0.4/mybatis-spring-3.0.4.jar
MD5: adb6d883f5c2eba7218b48d8d7e11691
SHA1: 8a1250161c6b5c15103c1f51d6a1ad8307af4418
SHA256:e21d766c8e505a3762b0220e36f81d6be53eddbed55bb2a8c06dbff4cbdc6f6e
Referenced In Project/Scope: Core Web:compile
mybatis-spring-3.0.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-core-services@2.0.0-SNAPSHOT

Identifiers

mybatis-spring-boot-autoconfigure-3.0.4.jar

Description:

Spring Boot Support for MyBatis

License:

"The Apache Software License, Version 2.0";link="https://www.apache.org/licenses/LICENSE-2.0.txt"
File Path: /opt/tomcat/.m2/repository/org/mybatis/spring/boot/mybatis-spring-boot-autoconfigure/3.0.4/mybatis-spring-boot-autoconfigure-3.0.4.jar
MD5: 9987b40ef7acebed60290c30c801ea5e
SHA1: 027c887cbd92c780e7d8baaf30d9dc5b5d5f0c03
SHA256:b4aab3e93ac4f5082d8060198d2e4c35be25d76dbb2f3e556e35b8f1b6056924
Referenced In Project/Scope: Core Web:compile
mybatis-spring-boot-autoconfigure-3.0.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.mybatis.spring.boot/mybatis-spring-boot-starter@3.0.4

Identifiers

mybatis-spring-boot-starter-3.0.4.jar

Description:

Spring Boot Support for MyBatis

License:

"The Apache Software License, Version 2.0";link="https://www.apache.org/licenses/LICENSE-2.0.txt"
File Path: /opt/tomcat/.m2/repository/org/mybatis/spring/boot/mybatis-spring-boot-starter/3.0.4/mybatis-spring-boot-starter-3.0.4.jar
MD5: 759980a3e0d7a81c3697f7356d5ccb62
SHA1: 2a56c4aa1f81aaef9abb0105f72702a737517d9a
SHA256:c4ad5690dd58ad94bbb385dace45e7dafe7c4252f3849ffca8be0819cbfdc590
Referenced In Project/Scope: Core Web:compile
mybatis-spring-boot-starter-3.0.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-core-web@2.0.0-SNAPSHOT

Identifiers

net.andresbustamante:y-a-foot-commons-api:2.0.0-SNAPSHOT

Description:

Shared API classes and interfaces

File Path: /opt/tomcat/.jenkins/workspace/y-a-foot_y-a-foot_build_develop/y-a-foot-commons-api/pom.xml

Referenced In Project/Scope: Core Web
net.andresbustamante:y-a-foot-commons-api:2.0.0-SNAPSHOT is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-core-web@2.0.0-SNAPSHOT

Identifiers

net.andresbustamante:y-a-foot-commons-services:2.0.0-SNAPSHOT

Description:

Shared classes and interfaces for the services layer

File Path: /opt/tomcat/.jenkins/workspace/y-a-foot_y-a-foot_build_develop/y-a-foot-commons-services/pom.xml

Referenced In Project/Scope: Core Web
net.andresbustamante:y-a-foot-commons-services:2.0.0-SNAPSHOT is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-core-web@2.0.0-SNAPSHOT

Identifiers

net.andresbustamante:y-a-foot-commons-web:2.0.0-SNAPSHOT

Description:

Shared classes, interfaces and configurations for the Web layer

File Path: /opt/tomcat/.jenkins/workspace/y-a-foot_y-a-foot_build_develop/y-a-foot-commons-web/pom.xml

Referenced In Project/Scope: Core Web
net.andresbustamante:y-a-foot-commons-web:2.0.0-SNAPSHOT is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-core-web@2.0.0-SNAPSHOT

Identifiers

net.andresbustamante:y-a-foot-core-api:2.0.0-SNAPSHOT

Description:

Core API classes and interfaces

File Path: /opt/tomcat/.jenkins/workspace/y-a-foot_y-a-foot_build_develop/y-a-foot-core-api/pom.xml

Referenced In Project/Scope: Core Web
net.andresbustamante:y-a-foot-core-api:2.0.0-SNAPSHOT is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-core-web@2.0.0-SNAPSHOT

Identifiers

net.andresbustamante:y-a-foot-core-db:2.0.0-SNAPSHOT

Description:

Core database migration resources

File Path: /opt/tomcat/.jenkins/workspace/y-a-foot_y-a-foot_build_develop/y-a-foot-core-db/pom.xml

Referenced In Project/Scope: Core Web
net.andresbustamante:y-a-foot-core-db:2.0.0-SNAPSHOT is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-core-web@2.0.0-SNAPSHOT

Identifiers

net.andresbustamante:y-a-foot-core-events:2.0.0-SNAPSHOT

Description:

Sport planning for amateurs

File Path: /opt/tomcat/.jenkins/workspace/y-a-foot_y-a-foot_build_develop/y-a-foot-core-events/pom.xml

Referenced In Project/Scope: Core Web
net.andresbustamante:y-a-foot-core-events:2.0.0-SNAPSHOT is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-core-web@2.0.0-SNAPSHOT

Identifiers

net.andresbustamante:y-a-foot-core-services:2.0.0-SNAPSHOT

Description:

Core services implementations

File Path: /opt/tomcat/.jenkins/workspace/y-a-foot_y-a-foot_build_develop/y-a-foot-core-services/pom.xml

Referenced In Project/Scope: Core Web
net.andresbustamante:y-a-foot-core-services:2.0.0-SNAPSHOT is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-core-web@2.0.0-SNAPSHOT

Identifiers

net.andresbustamante:y-a-foot-messaging-api:2.0.0-SNAPSHOT

Description:

Messaging API classes and interfaces

File Path: /opt/tomcat/.jenkins/workspace/y-a-foot_y-a-foot_build_develop/y-a-foot-messaging-api/pom.xml

Referenced In Project/Scope: Core Web
net.andresbustamante:y-a-foot-messaging-api:2.0.0-SNAPSHOT is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-core-web@2.0.0-SNAPSHOT

Identifiers

net.andresbustamante:y-a-foot-messaging-services:2.0.0-SNAPSHOT

Description:

Messaging services implementation

File Path: /opt/tomcat/.jenkins/workspace/y-a-foot_y-a-foot_build_develop/y-a-foot-messaging-services/pom.xml

Referenced In Project/Scope: Core Web
net.andresbustamante:y-a-foot-messaging-services:2.0.0-SNAPSHOT is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-core-web@2.0.0-SNAPSHOT

Identifiers

net.andresbustamante:y-a-foot-users-api:2.0.0-SNAPSHOT

Description:

Users API classes and interfaces

File Path: /opt/tomcat/.jenkins/workspace/y-a-foot_y-a-foot_build_develop/y-a-foot-users-api/pom.xml

Referenced In Project/Scope: Core Web
net.andresbustamante:y-a-foot-users-api:2.0.0-SNAPSHOT is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-core-web@2.0.0-SNAPSHOT

Identifiers

nimbus-jose-jwt-9.37.3.jar

Description:

        Java library for Javascript Object Signing and Encryption (JOSE) and
        JSON Web Tokens (JWT)

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/com/nimbusds/nimbus-jose-jwt/9.37.3/nimbus-jose-jwt-9.37.3.jar
MD5: a2ecba11e197522b7f963cbcf0b59715
SHA1: 700f71ffefd60c16bd8ce711a956967ea9071cec
SHA256:12ae4a3a260095d7aeba2adea7ae396e8b9570db8b7b409e09a824c219cc0444
Referenced In Project/Scope: Core Web:compile
nimbus-jose-jwt-9.37.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.security/spring-security-oauth2-jose@6.3.9

Identifiers

oauth2-oidc-sdk-9.43.6.jar

Description:

		OAuth 2.0 SDK with OpenID Connection extensions for developing
		client and server applications.

License:

Apache License, version 2.0: https://www.apache.org/licenses/LICENSE-2.0.html
File Path: /opt/tomcat/.m2/repository/com/nimbusds/oauth2-oidc-sdk/9.43.6/oauth2-oidc-sdk-9.43.6.jar
MD5: 7b90ae947014dca2dcba869735270a7f
SHA1: a1842456e236f53e30946b2cb0bdeb17a44cdfd3
SHA256:fee94eae5c4388e1de7fba84e3ada2b92d17bbbb28c630d4258a6f0615c1f303
Referenced In Project/Scope: Core Web:runtime
oauth2-oidc-sdk-9.43.6.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-oauth2-client@3.3.11

Identifiers

postgresql-42.7.5.jar

Description:

PostgreSQL JDBC Driver Postgresql

License:

BSD-2-Clause: https://jdbc.postgresql.org/about/license.html
File Path: /opt/tomcat/.m2/repository/org/postgresql/postgresql/42.7.5/postgresql-42.7.5.jar
MD5: 5cd7ba0dfa9ec82c4812b5bf387de185
SHA1: 747897987b86c741fb8b56f6b81929ae1e6e4b46
SHA256:69020b3bd20984543e817393f2e6c01a890ef2e37a77dd11d6d8508181d079ab
Referenced In Project/Scope: Core Web:compile
postgresql-42.7.5.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-core-db@2.0.0-SNAPSHOT

Identifiers

slf4j-api-2.0.17.jar

Description:

The slf4j API

License:

https://opensource.org/license/mit
File Path: /opt/tomcat/.m2/repository/org/slf4j/slf4j-api/2.0.17/slf4j-api-2.0.17.jar
MD5: b6480d114a23683498ac3f746f959d2f
SHA1: d9e58ac9c7779ba3bf8142aff6c830617a7fe60f
SHA256:7b751d952061954d5abfed7181c1f645d336091b679891591d63329c622eb832
Referenced In Project/Scope: Core Web:compile
slf4j-api-2.0.17.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-core-web@2.0.0-SNAPSHOT

Identifiers

snakeyaml-2.2.jar

Description:

YAML 1.1 parser and emitter for Java

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/org/yaml/snakeyaml/2.2/snakeyaml-2.2.jar
MD5: d78aacf5f2de5b52f1a327470efd1ad7
SHA1: 3af797a25458550a16bf89acc8e4ab2b7f2bfce0
SHA256:1467931448a0817696ae2805b7b8b20bfb082652bf9c4efaed528930dc49389b
Referenced In Project/Scope: Core Web:compile
snakeyaml-2.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-web@3.3.11

Identifiers

spring-amqp-3.1.11.jar

Description:

Spring AMQP Core

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/org/springframework/amqp/spring-amqp/3.1.11/spring-amqp-3.1.11.jar
MD5: a783fffa27f1fd15a7e6f94b6ee4555f
SHA1: 878a936dda58b32eb08913fe1d3543dd158e38aa
SHA256:c8f866734524bed1a486653f424daf586fec7a1559171534efaef515878cef3e
Referenced In Project/Scope: Core Web:compile
spring-amqp-3.1.11.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-core-web@2.0.0-SNAPSHOT

Identifiers

  • pkg:maven/org.springframework.amqp/spring-amqp@3.1.11  (Confidence:High)
  • cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:3.1.11:*:*:*:*:*:*:*  (Confidence:Low)  
  • cpe:2.3:a:vmware:spring_advanced_message_queuing_protocol:3.1.11:*:*:*:*:*:*:*  (Confidence:Low)  

spring-boot-starter-jdbc-3.4.0.jar

Description:

Starter for using JDBC with the HikariCP connection pool

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /opt/tomcat/.m2/repository/org/springframework/boot/spring-boot-starter-jdbc/3.4.0/spring-boot-starter-jdbc-3.4.0.jar
MD5: 2a8ab619db1fbca0dc235e3dc503834b
SHA1: 8e24eb3bee1a26a5b0ef58ad677ac3f6bf58a4ea
SHA256:c567a29527d1bea5d3454d234f7348732b5d7db7afc55fc79e487fc155fe7c67
Referenced In Project/Scope: Core Web:compile
spring-boot-starter-jdbc-3.4.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.mybatis.spring.boot/mybatis-spring-boot-starter@3.0.4

Identifiers

spring-boot-starter-oauth2-resource-server-3.3.11.jar

Description:

Starter for using Spring Security's OAuth2 resource server features

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /opt/tomcat/.m2/repository/org/springframework/boot/spring-boot-starter-oauth2-resource-server/3.3.11/spring-boot-starter-oauth2-resource-server-3.3.11.jar
MD5: 38cd4eacd464e3d917f115b5a9b73eb5
SHA1: d6dacb95f167cabbf822d24ff244cd839262a28e
SHA256:b4506f9df96932ff83ebbd4f2f632730d090e4608b10d283bc214a74b645819c
Referenced In Project/Scope: Core Web:compile
spring-boot-starter-oauth2-resource-server-3.3.11.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-core-web@2.0.0-SNAPSHOT

Identifiers

spring-boot-starter-web-3.3.11.jar

Description:

Starter for building web, including RESTful, applications using Spring MVC. Uses Tomcat as the default embedded container

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /opt/tomcat/.m2/repository/org/springframework/boot/spring-boot-starter-web/3.3.11/spring-boot-starter-web-3.3.11.jar
MD5: dce8a00363ffc8a242d86d0ba59e4a20
SHA1: a447c26f78b6023366143c13d8836082462fb5ed
SHA256:3343bbca057aa530b72e59788625c26fdec43c8cdaa42836cedae183db20b526
Referenced In Project/Scope: Core Web:compile
spring-boot-starter-web-3.3.11.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-core-web@2.0.0-SNAPSHOT

Identifiers

spring-core-6.1.19.jar

Description:

Spring Core

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /opt/tomcat/.m2/repository/org/springframework/spring-core/6.1.19/spring-core-6.1.19.jar
MD5: c7b7de19a43581b1f22d87fbfa192cd5
SHA1: 85718bafdeda6c6b4b0782afda2002299c3f918a
SHA256:a46e9b693d6be2cce3bc3f2b6ed144c4a7198dcc5c355ca3c63b383d8e911800
Referenced In Project/Scope: Core Web:compile
spring-core-6.1.19.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-core-services@2.0.0-SNAPSHOT

Identifiers

spring-retry-2.0.11.jar

Description:

		Spring Retry provides an abstraction around retrying failed operations, with an
		emphasis on declarative control of the process and policy-based behaviour that is
		easy to extend and customize. For instance, you can configure a plain POJO
		operation to retry if it fails, based on the type of exception, and with a fixed
		or exponential backoff.

License:

Apache 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/org/springframework/retry/spring-retry/2.0.11/spring-retry-2.0.11.jar
MD5: 24fe2b3e01091f9fb1c6038a8f3e57d9
SHA1: 0bd4fae67445baf330b69b6b786748a308ab31f6
SHA256:1be1d42bb1ae33813f84557b0e419d3471e35850269c749dab8610e521a82567
Referenced In Project/Scope: Core Web:compile
spring-retry-2.0.11.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.amqp/spring-amqp@3.1.11

Identifiers

spring-security-core-6.3.9.jar

Description:

Spring Security

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /opt/tomcat/.m2/repository/org/springframework/security/spring-security-core/6.3.9/spring-security-core-6.3.9.jar
MD5: 119f8471a5db75c043d52e8539b735c6
SHA1: 70dd35fe2c70fe78c3f431647b2fc492f0912120
SHA256:c3b06c4c7e4cc437363785b94d5ac57af5a08ff54046bfecf4c387220660be06
Referenced In Project/Scope: Core Web:compile
spring-security-core-6.3.9.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-core-web@2.0.0-SNAPSHOT

Identifiers

spring-security-oauth2-resource-server-6.3.9.jar

Description:

Spring Security

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /opt/tomcat/.m2/repository/org/springframework/security/spring-security-oauth2-resource-server/6.3.9/spring-security-oauth2-resource-server-6.3.9.jar
MD5: 2354be71eebe2c9ad68266579cd2b7e0
SHA1: 517b1e3c296869335a3abf6f775ceeba8184d3a8
SHA256:41037e11206a5e9453e9890c859ca5fed82d1cf79f2ece61d9fd23296390c123
Referenced In Project/Scope: Core Web:compile
spring-security-oauth2-resource-server-6.3.9.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-core-web@2.0.0-SNAPSHOT

Identifiers

spring-security-web-6.3.9.jar

Description:

Spring Security

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /opt/tomcat/.m2/repository/org/springframework/security/spring-security-web/6.3.9/spring-security-web-6.3.9.jar
MD5: d2ffe936d52fc7c438007c14e59641a6
SHA1: 172d00cd128561a0acd2ca81fe7ee508ba489ada
SHA256:0d452463f5a860da963873842e72dbb96c0198513d19d186cd15fadb111344ab
Referenced In Project/Scope: Core Web:compile
spring-security-web-6.3.9.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-core-web@2.0.0-SNAPSHOT

Identifiers

spring-web-6.1.19.jar

Description:

Spring Web

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /opt/tomcat/.m2/repository/org/springframework/spring-web/6.1.19/spring-web-6.1.19.jar
MD5: 0dc2be1ade9148172e2c76546eaa6418
SHA1: 86ee75c9042bff1c1e59e35ad15a8f9385b45f0f
SHA256:163d2155b9ac25eb56b26fd5bf667192c4290992bc0444f90033a81f5f6e887e
Referenced In Project/Scope: Core Web:compile
spring-web-6.1.19.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-core-web@2.0.0-SNAPSHOT

Identifiers

swagger-annotations-2.2.18.jar

Description:

swagger-annotations

License:

"Apache License 2.0";link="http://www.apache.org/licenses/LICENSE-2.0.html"
File Path: /opt/tomcat/.m2/repository/io/swagger/core/v3/swagger-annotations/2.2.18/swagger-annotations-2.2.18.jar
MD5: 89fdf32376651c2a5f1d6ba6ee92c4e9
SHA1: 72ed83a368c13d8963e986bdc82f7105a1439c49
SHA256:436eb3cea261c770be1a37eb6b4752bb08b776228f8480890763df38390a227d
Referenced In Project/Scope: Core Web:compile
swagger-annotations-2.2.18.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-core-web@2.0.0-SNAPSHOT

Identifiers

tomcat-embed-core-10.1.40.jar

Description:

Core Tomcat implementation

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/org/apache/tomcat/embed/tomcat-embed-core/10.1.40/tomcat-embed-core-10.1.40.jar
MD5: 469a77d350935dc68e88be91bc337ee1
SHA1: fc1c09b726336dc6f7dde0408cebb1a56a3a28d3
SHA256:a837da48929985b35a489265bc4d6250b7209a2eaf646de7597ed22a028c610c
Referenced In Project/Scope: Core Web:compile
tomcat-embed-core-10.1.40.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-web@3.3.11

Identifiers

tomcat-embed-el-10.1.40.jar

Description:

Core Tomcat implementation

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/org/apache/tomcat/embed/tomcat-embed-el/10.1.40/tomcat-embed-el-10.1.40.jar
MD5: c80cb09246e057b85dfa5c25deb562ba
SHA1: 1b321790508c1d410689b4f496dae18a97fa6ae9
SHA256:138e1b8bcb06890b38408b0801d2f4c2a5a375947aa8d3fc12ac2f98573d5385
Referenced In Project/Scope: Core Web:compile
tomcat-embed-el-10.1.40.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-validation@3.3.11

Identifiers



This report contains data retrieved from the National Vulnerability Database.
This report may contain data retrieved from the CISA Known Exploited Vulnerability Catalog.
This report may contain data retrieved from the NPM Public Advisories.
This report may contain data retrieved from RetireJS.
This report may contain data retrieved from the Sonatype OSS Index.