Press CTR-C to copy XML [help]


Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

How to read the report | Suppressing false positives | Getting Help: github issues

 Sponsor

Project: Users Admin Web

net.andresbustamante:y-a-foot-users-admin-web:2.0.0-SNAPSHOT

Scan Information (show all):

Summary

Display: Showing Vulnerable Dependencies (click to show all)

DependencyVulnerability IDsPackageHighest SeverityCVE CountConfidenceEvidence Count
amqp-client-5.19.0.jarcpe:2.3:a:vmware:rabbitmq:5.19.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:rabbitmq_java_client:5.19.0:*:*:*:*:*:*:*		pkg:maven/com.rabbitmq/amqp-client@5.19.0 0High51
angus-activation-2.0.1.jarpkg:maven/org.eclipse.angus/angus-activation@2.0.1 037
angus-mail-2.0.1.jar (shaded: org.eclipse.angus:angus-core:2.0.1)pkg:maven/org.eclipse.angus/angus-core@2.0.1 09
angus-mail-2.0.1.jar (shaded: org.eclipse.angus:imap:2.0.1)pkg:maven/org.eclipse.angus/imap@2.0.1 09
angus-mail-2.0.1.jar (shaded: org.eclipse.angus:logging-mailhandler:2.0.1)pkg:maven/org.eclipse.angus/logging-mailhandler@2.0.1 09
angus-mail-2.0.1.jar (shaded: org.eclipse.angus:pop3:2.0.1)pkg:maven/org.eclipse.angus/pop3@2.0.1 09
angus-mail-2.0.1.jar (shaded: org.eclipse.angus:smtp:2.0.1)pkg:maven/org.eclipse.angus/smtp@2.0.1 09
angus-mail-2.0.1.jarcpe:2.3:a:service_project:service:2.0.1:*:*:*:*:*:*:*pkg:maven/org.eclipse.angus/angus-mail@2.0.1 0Low33
apache-mime4j-core-0.8.11.jarcpe:2.3:a:apache:james_mime4j:0.8.11:*:*:*:*:*:*:*pkg:maven/org.apache.james/apache-mime4j-core@0.8.11 0Highest36
apache-mime4j-storage-0.8.11.jarpkg:maven/org.apache.james/apache-mime4j-storage@0.8.11 036
aspectjweaver-1.9.24.jarpkg:maven/org.aspectj/aspectjweaver@1.9.24 049
asyncutil-0.1.0.jarpkg:maven/com.ibm.async/asyncutil@0.1.0 034
btf-1.3.jarcpe:2.3:a:json-java_project:json-java:1.3:*:*:*:*:*:*:*pkg:maven/com.github.java-json-tools/btf@1.3HIGH2Highest29
classmate-1.5.1.jarpkg:maven/com.fasterxml/classmate@1.5.1 057
codemodel-4.0.3.jarcpe:2.3:a:oracle:java_se:4.0.3:*:*:*:*:*:*:*pkg:maven/org.glassfish.jaxb/codemodel@4.0.3 0Low38
commons-codec-1.16.1.jarpkg:maven/commons-codec/commons-codec@1.16.1 0125
commons-collections4-4.4.jarcpe:2.3:a:apache:commons_collections:4.4:*:*:*:*:*:*:*pkg:maven/org.apache.commons/commons-collections4@4.4 0Highest107
commons-io-2.15.0.jarcpe:2.3:a:apache:commons_io:2.15.0:*:*:*:*:*:*:*pkg:maven/commons-io/commons-io@2.15.0 0Highest127
commons-lang3-3.13.0.jarpkg:maven/org.apache.commons/commons-lang3@3.13.0 0145
commons-logging-1.2.jarpkg:maven/commons-logging/commons-logging@1.2 0117
commons-logging-jboss-logging-1.0.0.Final.jarpkg:maven/org.jboss.logging/commons-logging-jboss-logging@1.0.0.Final 036
commons-text-1.11.0.jarcpe:2.3:a:apache:commons_text:1.11.0:*:*:*:*:*:*:*pkg:maven/org.apache.commons/commons-text@1.11.0 0Highest75
freemarker-2.3.34.jarpkg:maven/org.freemarker/freemarker@2.3.34 044
hibernate-validator-8.0.2.Final.jarcpe:2.3:a:redhat:hibernate_validator:8.0.2:*:*:*:*:*:*:*pkg:maven/org.hibernate.validator/hibernate-validator@8.0.2.Final 0Highest36
httpclient-4.5.14.jarcpe:2.3:a:apache:httpclient:4.5.14:*:*:*:*:*:*:*pkg:maven/org.apache.httpcomponents/httpclient@4.5.14 0Highest32
httpcore-4.4.16.jarpkg:maven/org.apache.httpcomponents/httpcore@4.4.16 032
istack-commons-tools-4.1.2.jarcpe:2.3:a:oracle:java_se:4.1.2:*:*:*:*:*:*:*pkg:maven/com.sun.istack/istack-commons-tools@4.1.2 0Low33
jackson-annotations-2.17.3.jarcpe:2.3:a:fasterxml:jackson-modules-java8:2.17.3:*:*:*:*:*:*:*pkg:maven/com.fasterxml.jackson.core/jackson-annotations@2.17.3 0Low40
jackson-core-2.17.3.jarcpe:2.3:a:fasterxml:jackson-modules-java8:2.17.3:*:*:*:*:*:*:*
cpe:2.3:a:json-java_project:json-java:2.17.3:*:*:*:*:*:*:*		pkg:maven/com.fasterxml.jackson.core/jackson-core@2.17.3HIGH2Low51
jackson-coreutils-2.0.jarcpe:2.3:a:json-java_project:json-java:2.0:*:*:*:*:*:*:*pkg:maven/com.github.java-json-tools/jackson-coreutils@2.0HIGH2Highest28
jackson-databind-2.17.3.jarcpe:2.3:a:fasterxml:jackson-databind:2.17.3:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-modules-java8:2.17.3:*:*:*:*:*:*:*		pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.17.3 0Highest43
jackson-jakarta-rs-base-2.17.3.jarpkg:maven/com.fasterxml.jackson.jakarta.rs/jackson-jakarta-rs-base@2.17.3 040
jackson-jakarta-rs-json-provider-2.17.3.jarcpe:2.3:a:json-java_project:json-java:2.17.3:*:*:*:*:*:*:*pkg:maven/com.fasterxml.jackson.jakarta.rs/jackson-jakarta-rs-json-provider@2.17.3HIGH2Low40
jackson-module-jakarta-xmlbind-annotations-2.17.3.jarpkg:maven/com.fasterxml.jackson.module/jackson-module-jakarta-xmlbind-annotations@2.17.3 041
jakarta.activation-api-2.1.3.jarcpe:2.3:a:eclipse:eclipse_ide:2.1.3:*:*:*:*:*:*:*pkg:maven/jakarta.activation/jakarta.activation-api@2.1.3MEDIUM3Highest50
jakarta.annotation-api-2.1.1.jarcpe:2.3:a:oracle:projects:2.1.1:*:*:*:*:*:*:*pkg:maven/jakarta.annotation/jakarta.annotation-api@2.1.1 0Low44
jakarta.mail-api-2.1.3.jarcpe:2.3:a:eclipse:eclipse_ide:2.1.3:*:*:*:*:*:*:*pkg:maven/jakarta.mail/jakarta.mail-api@2.1.3MEDIUM3Highest41
jakarta.servlet-api-6.0.0.jarcpe:2.3:a:oracle:projects:6.0.0:*:*:*:*:*:*:*pkg:maven/jakarta.servlet/jakarta.servlet-api@6.0.0 0Low47
jakarta.validation-api-3.0.2.jarpkg:maven/jakarta.validation/jakarta.validation-api@3.0.2 058
jakarta.ws.rs-api-3.1.0.jarcpe:2.3:a:web_project:web:3.1.0:*:*:*:*:*:*:*pkg:maven/jakarta.ws.rs/jakarta.ws.rs-api@3.1.0 0Low45
jakarta.xml.bind-api-4.0.2.jarpkg:maven/jakarta.xml.bind/jakarta.xml.bind-api@4.0.2 034
jandex-2.4.5.Final.jarpkg:maven/org.jboss/jandex@2.4.5.Final 042
jaxb-core-4.0.3.jarpkg:maven/org.glassfish.jaxb/jaxb-core@4.0.3 042
jaxb-jxc-4.0.3.jarpkg:maven/org.glassfish.jaxb/jaxb-jxc@4.0.3 030
jaxb-runtime-4.0.3.jarpkg:maven/org.glassfish.jaxb/jaxb-runtime@4.0.3 042
jaxb-xjc-4.0.3.jarpkg:maven/org.glassfish.jaxb/jaxb-xjc@4.0.3 030
jboss-logging-3.5.3.Final.jarpkg:maven/org.jboss.logging/jboss-logging@3.5.3.Final 043
jcip-annotations-1.0-1.jarpkg:maven/com.github.stephenc.jcip/jcip-annotations@1.0-1 025
json-patch-1.13.jarcpe:2.3:a:json-java_project:json-java:1.13:*:*:*:*:*:*:*pkg:maven/com.github.java-json-tools/json-patch@1.13HIGH2Highest28
keycloak-admin-client-26.0.5.jarcpe:2.3:a:keycloak:keycloak:26.0.5:*:*:*:*:*:*:*
cpe:2.3:a:redhat:keycloak:26.0.5:*:*:*:*:*:*:*		pkg:maven/org.keycloak/keycloak-admin-client@26.0.5 0Highest33
keycloak-core-26.1.3.jarcpe:2.3:a:keycloak:keycloak:26.1.3:*:*:*:*:*:*:*
cpe:2.3:a:redhat:keycloak:26.1.3:*:*:*:*:*:*:*		pkg:maven/org.keycloak/keycloak-core@26.1.3 0Highest29
logback-core-1.5.18.jarcpe:2.3:a:qos:logback:1.5.18:*:*:*:*:*:*:*pkg:maven/ch.qos.logback/logback-core@1.5.18 0Highest41
mapstruct-1.5.5.Final.jarpkg:maven/org.mapstruct/mapstruct@1.5.5.Final 038
micrometer-commons-1.13.13.jarpkg:maven/io.micrometer/micrometer-commons@1.13.13 067
micrometer-observation-1.13.13.jarpkg:maven/io.micrometer/micrometer-observation@1.13.13 067
microprofile-openapi-api-3.1.1.jarpkg:maven/org.eclipse.microprofile.openapi/microprofile-openapi-api@3.1.1 029
msg-simple-1.2.jarcpe:2.3:a:json-java_project:json-java:1.2:*:*:*:*:*:*:*pkg:maven/com.github.java-json-tools/msg-simple@1.2HIGH2Highest27
net.andresbustamante:y-a-foot-commons-api:2.0.0-SNAPSHOTpkg:maven/net.andresbustamante/y-a-foot-commons-api@2.0.0-SNAPSHOT 06
net.andresbustamante:y-a-foot-commons-services:2.0.0-SNAPSHOTpkg:maven/net.andresbustamante/y-a-foot-commons-services@2.0.0-SNAPSHOT 06
net.andresbustamante:y-a-foot-commons-web:2.0.0-SNAPSHOTcpe:2.3:a:web_project:web:2.0.0:snapshot:*:*:*:*:*:*pkg:maven/net.andresbustamante/y-a-foot-commons-web@2.0.0-SNAPSHOT 0Low6
net.andresbustamante:y-a-foot-users-api:2.0.0-SNAPSHOTpkg:maven/net.andresbustamante/y-a-foot-users-api@2.0.0-SNAPSHOT 06
net.andresbustamante:y-a-foot-users-services:2.0.0-SNAPSHOTpkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT 06
nimbus-jose-jwt-9.37.3.jar (shaded: com.google.code.gson:gson:2.10.1)cpe:2.3:a:google:gson:2.10.1:*:*:*:*:*:*:*pkg:maven/com.google.code.gson/gson@2.10.1 0Highest9
nimbus-jose-jwt-9.37.3.jarcpe:2.3:a:connect2id:nimbus_jose\+jwt:9.37.3:*:*:*:*:*:*:*pkg:maven/com.nimbusds/nimbus-jose-jwt@9.37.3 0Highest54
reactive-streams-1.0.4.jarpkg:maven/org.reactivestreams/reactive-streams@1.0.4 029
relaxng-datatype-4.0.3.jarcpe:2.3:a:oracle:java_se:4.0.3:*:*:*:*:*:*:*pkg:maven/com.sun.xml.bind.external/relaxng-datatype@4.0.3 0Low38
resteasy-core-6.2.9.Final.jarcpe:2.3:a:redhat:resteasy:6.2.9:*:*:*:*:*:*:*pkg:maven/org.jboss.resteasy/resteasy-core@6.2.9.Final 0Highest32
rngom-4.0.3.jarcpe:2.3:a:oracle:java_se:4.0.3:*:*:*:*:*:*:*pkg:maven/com.sun.xml.bind.external/rngom@4.0.3 0Low40
slf4j-api-2.0.17.jarpkg:maven/org.slf4j/slf4j-api@2.0.17 033
snakeyaml-2.2.jarcpe:2.3:a:snakeyaml_project:snakeyaml:2.2:*:*:*:*:*:*:*pkg:maven/org.yaml/snakeyaml@2.2 0Highest44
spring-amqp-3.1.11.jarcpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:3.1.11:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_advanced_message_queuing_protocol:3.1.11:*:*:*:*:*:*:*		pkg:maven/org.springframework.amqp/spring-amqp@3.1.11 0Low71
spring-boot-3.3.11.jarcpe:2.3:a:vmware:spring_boot:3.3.11:*:*:*:*:*:*:*pkg:maven/org.springframework.boot/spring-boot@3.3.11 0Highest38
spring-boot-starter-web-3.3.11.jarcpe:2.3:a:vmware:spring_boot:3.3.11:*:*:*:*:*:*:*
cpe:2.3:a:web_project:web:3.3.11:*:*:*:*:*:*:*		pkg:maven/org.springframework.boot/spring-boot-starter-web@3.3.11 0Highest36
spring-core-6.1.19.jarcpe:2.3:a:pivotal_software:spring_framework:6.1.19:*:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:6.1.19:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:6.1.19:*:*:*:*:*:*:*		pkg:maven/org.springframework/spring-core@6.1.19 0Highest41
spring-retry-2.0.11.jarpkg:maven/org.springframework.retry/spring-retry@2.0.11 048
spring-security-core-6.3.9.jarcpe:2.3:a:pivotal_software:spring_security:6.3.9:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_security:6.3.9:*:*:*:*:*:*:*		pkg:maven/org.springframework.security/spring-security-core@6.3.9 0Highest38
spring-security-oauth2-resource-server-6.3.9.jarcpe:2.3:a:pivotal:spring_security_oauth:6.3.9:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_security:6.3.9:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_security_oauth:6.3.9:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_security:6.3.9:*:*:*:*:*:*:*		pkg:maven/org.springframework.security/spring-security-oauth2-resource-server@6.3.9 0Highest40
spring-security-web-6.3.9.jarcpe:2.3:a:pivotal_software:spring_security:6.3.9:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_security:6.3.9:*:*:*:*:*:*:*
cpe:2.3:a:web_project:web:6.3.9:*:*:*:*:*:*:*		pkg:maven/org.springframework.security/spring-security-web@6.3.9 0Highest38
spring-web-6.1.19.jarcpe:2.3:a:pivotal_software:spring_framework:6.1.19:*:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:6.1.19:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:6.1.19:*:*:*:*:*:*:*
cpe:2.3:a:web_project:web:6.1.19:*:*:*:*:*:*:*		pkg:maven/org.springframework/spring-web@6.1.19 0Highest35
swagger-annotations-2.2.18.jarcpe:2.3:a:http-swagger_project:http-swagger:2.2.18:*:*:*:*:*:*:*pkg:maven/io.swagger.core.v3/swagger-annotations@2.2.18 0Low40
tomcat-embed-core-10.1.40.jarcpe:2.3:a:apache:tomcat:10.1.40:*:*:*:*:*:*:*
cpe:2.3:a:apache_tomcat:apache_tomcat:10.1.40:*:*:*:*:*:*:*		pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.40 0Highest69
tomcat-embed-el-10.1.40.jarpkg:maven/org.apache.tomcat.embed/tomcat-embed-el@10.1.40 035
txw2-4.0.3.jarpkg:maven/org.glassfish.jaxb/txw2@4.0.3 034
xsom-4.0.3.jarpkg:maven/org.glassfish.jaxb/xsom@4.0.3 038

Dependencies

amqp-client-5.19.0.jar

Description:

The RabbitMQ Java client library allows Java applications to interface with RabbitMQ.

License:

AL 2.0: https://www.apache.org/licenses/LICENSE-2.0.html
GPL v2: https://www.gnu.org/licenses/gpl-2.0.txt
MPL 2.0: https://www.mozilla.org/en-US/MPL/2.0/
File Path: /opt/tomcat/.m2/repository/com/rabbitmq/amqp-client/5.19.0/amqp-client-5.19.0.jar
MD5: 66dd87e201ca617388a786db0edf6be2
SHA1: 6bd68c3cdf2662a9fbff8de5b9ef2b0fb1e6fe57
SHA256:d2c7a35031bf7f101b9cfcb5f58b201201b1f8232b6608171db7befe3a2b860d
Referenced In Project/Scope: Users Admin Web:compile
amqp-client-5.19.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-amqp@3.3.11

Identifiers

angus-activation-2.0.1.jar

Description:

${project.name} Implementation

License:

http://www.eclipse.org/org/documents/edl-v10.php
File Path: /opt/tomcat/.m2/repository/org/eclipse/angus/angus-activation/2.0.1/angus-activation-2.0.1.jar
MD5: 9a66564224140488f83f645ac32d4169
SHA1: eaafaf4eb71b400e4136fc3a286f50e34a68ecb7
SHA256:b226761815868edf8964c1d71e6d2d54ab238c2788507061b4e0633933b4c131
Referenced In Project/Scope: Users Admin Web:compile
angus-activation-2.0.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT

Identifiers

angus-mail-2.0.1.jar (shaded: org.eclipse.angus:angus-core:2.0.1)

File Path: /opt/tomcat/.m2/repository/org/eclipse/angus/angus-mail/2.0.1/angus-mail-2.0.1.jar/META-INF/maven/org.eclipse.angus/angus-core/pom.xml
MD5: f360e369882e5a0e72c9b8478bb3b89d
SHA1: 441ce7c16adde6d27b18f8483bed824de1345ce4
SHA256:d14626b21a4173d2cf26168a89f01cd4bb3b49e67077abc6c97a122fc68b061b
Referenced In Project/Scope: Users Admin Web:compile

Identifiers

angus-mail-2.0.1.jar (shaded: org.eclipse.angus:imap:2.0.1)

File Path: /opt/tomcat/.m2/repository/org/eclipse/angus/angus-mail/2.0.1/angus-mail-2.0.1.jar/META-INF/maven/org.eclipse.angus/imap/pom.xml
MD5: 05102a237edc3b98999ac6d990ccd6bf
SHA1: a5b9f48971acc1e6469b3d3c6370f9557d517aa0
SHA256:b62ab94e0e77f341653b9546a8ff7e0e42b21bd6668f64762d9bdaf2bf257f48
Referenced In Project/Scope: Users Admin Web:compile

Identifiers

angus-mail-2.0.1.jar (shaded: org.eclipse.angus:logging-mailhandler:2.0.1)

File Path: /opt/tomcat/.m2/repository/org/eclipse/angus/angus-mail/2.0.1/angus-mail-2.0.1.jar/META-INF/maven/org.eclipse.angus/logging-mailhandler/pom.xml
MD5: dbfd0bb62cf7c3787e593b49829a3188
SHA1: a3c463c283bff762d132f742266fb6daf9b01d55
SHA256:de393af2c75ed62b8d6975886623dbb880d59df5d587f90d309ce82ad16f82c9
Referenced In Project/Scope: Users Admin Web:compile

Identifiers

angus-mail-2.0.1.jar (shaded: org.eclipse.angus:pop3:2.0.1)

File Path: /opt/tomcat/.m2/repository/org/eclipse/angus/angus-mail/2.0.1/angus-mail-2.0.1.jar/META-INF/maven/org.eclipse.angus/pop3/pom.xml
MD5: 0e0c10ef42056448a3c9d56722891b2d
SHA1: c414da9569662c1e964978805045429ea5f0ab51
SHA256:698d9c6b990f311a8bdea17624d307da6356227d95203a5d00a7513327c223d7
Referenced In Project/Scope: Users Admin Web:compile

Identifiers

angus-mail-2.0.1.jar (shaded: org.eclipse.angus:smtp:2.0.1)

File Path: /opt/tomcat/.m2/repository/org/eclipse/angus/angus-mail/2.0.1/angus-mail-2.0.1.jar/META-INF/maven/org.eclipse.angus/smtp/pom.xml
MD5: 5c13f420e93a799e77a06a61c9c1dac3
SHA1: 45d00fe1ee33ac6dee9cabda854da88c99232bd2
SHA256:b88a786ecae5834454ffe1c0ffa067f636bc37ae602e13b221c9f01838d06fff
Referenced In Project/Scope: Users Admin Web:compile

Identifiers

angus-mail-2.0.1.jar

Description:

Angus Mail Provider

License:

http://www.eclipse.org/legal/epl-2.0, https://www.gnu.org/software/classpath/license.html, http://www.eclipse.org/org/documents/edl-v10.php
File Path: /opt/tomcat/.m2/repository/org/eclipse/angus/angus-mail/2.0.1/angus-mail-2.0.1.jar
MD5: 8d14ee5ed48e5c25913dec56e9e76f23
SHA1: 7adb247e025999f7bc435415f99ddf3764463d51
SHA256:130c53932fb205bd3dc965619ae37a82922f3153c1418b2ce0e0ab71bf0c2721
Referenced In Project/Scope: Users Admin Web:compile
angus-mail-2.0.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT

Identifiers

apache-mime4j-core-0.8.11.jar

Description:

Java stream based MIME message parser

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/org/apache/james/apache-mime4j-core/0.8.11/apache-mime4j-core-0.8.11.jar
MD5: 83990269ea1fdba6f423c26963a0440a
SHA1: 6d1eb5f7b84eaa9d38fca13b761f01c693aef3da
SHA256:62a7853523dff0c382065df82fa280c1bf59bcd9b329180d707b0f6f15ceb903
Referenced In Project/Scope: Users Admin Web:compile
apache-mime4j-core-0.8.11.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT

Identifiers

apache-mime4j-storage-0.8.11.jar

Description:

Java MIME Document Object Model Storage

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/org/apache/james/apache-mime4j-storage/0.8.11/apache-mime4j-storage-0.8.11.jar
MD5: 5e9a9c4a751a54de790476f96bf3d152
SHA1: 874a7338051442158412a2734bbb84a8595e1428
SHA256:70802a28b4f71319da90bc8b5b981d61163aeed7d1ecec083a0e4c49375f8b4f
Referenced In Project/Scope: Users Admin Web:compile
apache-mime4j-storage-0.8.11.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT

Identifiers

aspectjweaver-1.9.24.jar

Description:

The AspectJ weaver applies aspects to Java classes. It can be used as a Java agent in order to apply load-time
		weaving (LTW) during class-loading and also contains the AspectJ runtime classes.

License:

Eclipse Public License - v 2.0: https://www.eclipse.org/org/documents/epl-2.0/EPL-2.0.txt
File Path: /opt/tomcat/.m2/repository/org/aspectj/aspectjweaver/1.9.24/aspectjweaver-1.9.24.jar
MD5: d95bb9406a5351d45a02145777b9a241
SHA1: 9b5aeb0cea9f958b9c57fb80e62996e95a3e9379
SHA256:75e4227fb7dc5f97c3d4689cd1c2439f4db0bd18cea2fa242c4656cd93c599aa
Referenced In Project/Scope: Users Admin Web:compile
aspectjweaver-1.9.24.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT

Identifiers

asyncutil-0.1.0.jar

Description:

Utilities for working with CompletionStages

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/com/ibm/async/asyncutil/0.1.0/asyncutil-0.1.0.jar
MD5: cbf288497b12b8c6c4ca728c57db77fd
SHA1: 440941c382166029a299602e6c9ff5abde1b5143
SHA256:cb80a7a5cd1fef63c7ea4c9abbc5138e84136657c19d148879d22e28e144fe04
Referenced In Project/Scope: Users Admin Web:compile
asyncutil-0.1.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT

Identifiers

btf-1.3.jar

Description:

Generic interfaces to the classical builder pattern and the less classical "freeze/thaw" pattern

License:

Lesser General Public License, version 3 or greater: http://www.gnu.org/licenses/lgpl.html
Apache Software License, version 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: /opt/tomcat/.m2/repository/com/github/java-json-tools/btf/1.3/btf-1.3.jar
MD5: 884a930eed6ea9212ae61521fa655af3
SHA1: 6cf5405e214cbc83337a107cdef8401fb6aa6383
SHA256:67c3e462eb50807f4e0a5f4dee304bbf17cd986a42ee5eb0b2f4c9bf64d130d9
Referenced In Project/Scope: Users Admin Web:compile
btf-1.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT

Identifiers

CVE-2022-45688  

A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data.
CWE-787 Out-of-bounds Write

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2023-5072  

Denial of Service  in JSON-Java versions up to and including 20230618.  A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

classmate-1.5.1.jar

Description:

Library for introspecting types with full generic information
        including resolving of field and method types.

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/com/fasterxml/classmate/1.5.1/classmate-1.5.1.jar
MD5: e91fcd30ba329fd1b0b6dc5321fd067c
SHA1: 3fe0bed568c62df5e89f4f174c101eab25345b6c
SHA256:aab4de3006808c09d25dd4ff4a3611cfb63c95463cfd99e73d2e1680d229a33b
Referenced In Project/Scope: Users Admin Web:compile
classmate-1.5.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-validation@3.3.11

Identifiers

codemodel-4.0.3.jar

Description:

The core functionality of the CodeModel java source code generation library

License:

http://www.eclipse.org/org/documents/edl-v10.php
File Path: /opt/tomcat/.m2/repository/org/glassfish/jaxb/codemodel/4.0.3/codemodel-4.0.3.jar
MD5: 1e4f79edf55ab8c0f0e8e8803f511530
SHA1: 04ce3895b414420e7140cd51d52420aaddaccd45
SHA256:15acc9323d54b14527de229b76f2de13a258f3fe2470c290cd00014cc6641d40
Referenced In Project/Scope: Users Admin Web:compile
codemodel-4.0.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT

Identifiers

commons-codec-1.16.1.jar

Description:

     The Apache Commons Codec component contains encoder and decoders for
     various formats such as Base16, Base32, Base64, digest, and Hexadecimal. In addition to these
     widely used encoders and decoders, the codec package also maintains a
     collection of phonetic encoding utilities.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/commons-codec/commons-codec/1.16.1/commons-codec-1.16.1.jar
MD5: 6c5be822d8d3fa61c3b54c4c8978dfdc
SHA1: 47bd4d333fba53406f6c6c51884ddbca435c8862
SHA256:ec87bfb55f22cbd1b21e2190eeda28b2b312ed2a431ee49fbdcc01812d04a5e4
Referenced In Project/Scope: Users Admin Web:compile
commons-codec-1.16.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT

Identifiers

commons-collections4-4.4.jar

Description:

The Apache Commons Collections package contains types that extend and augment the Java Collections Framework.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/org/apache/commons/commons-collections4/4.4/commons-collections4-4.4.jar
MD5: 4a37023740719b391f10030362c86be6
SHA1: 62ebe7544cb7164d87e0637a2a6a2bdc981395e8
SHA256:1df8b9430b5c8ed143d7815e403e33ef5371b2400aadbe9bda0883762e0846d1
Referenced In Project/Scope: Users Admin Web:compile
commons-collections4-4.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT

Identifiers

commons-io-2.15.0.jar

Description:

The Apache Commons IO library contains utility classes, stream implementations, file filters,
file comparators, endian transformation classes, and much more.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/commons-io/commons-io/2.15.0/commons-io-2.15.0.jar
MD5: 125a9d3dc2477b10cc6fa6e89c699e81
SHA1: 5c3c2db10f6f797430a7f9c696b4d1273768c924
SHA256:a328dad730921d197b6a9b195dffa00e41c974c2dac8fe37e84d31706bca7792
Referenced In Project/Scope: Users Admin Web:compile
commons-io-2.15.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT

Identifiers

commons-lang3-3.13.0.jar

Description:

  Apache Commons Lang, a package of Java utility classes for the
  classes that are in java.lang's hierarchy, or are considered to be so
  standard as to justify existence in java.lang.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/org/apache/commons/commons-lang3/3.13.0/commons-lang3-3.13.0.jar
MD5: 3435b913691a5c1b173485a49850b1a8
SHA1: b7263237aa89c1f99b327197c41d0669707a462e
SHA256:82f528cf718c7a3c2f30fc5bc784e3c6a0a10b17605dadb9e16c82ede11e6064
Referenced In Project/Scope: Users Admin Web:compile
commons-lang3-3.13.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT

Identifiers

commons-logging-1.2.jar

Description:

Apache Commons Logging is a thin adapter allowing configurable bridging to other,
    well known logging systems.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/commons-logging/commons-logging/1.2/commons-logging-1.2.jar
MD5: 040b4b4d8eac886f6b4a2a3bd2f31b00
SHA1: 4bfc12adfe4842bf07b657f0369c4cb522955686
SHA256:daddea1ea0be0f56978ab3006b8ac92834afeefbd9b7e4e6316fca57df0fa636
Referenced In Project/Scope: Users Admin Web:compile
commons-logging-1.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-commons-test@2.0.0-SNAPSHOT

Identifiers

commons-logging-jboss-logging-1.0.0.Final.jar

Description:

Apache Commons Logging to JBoss Logging implementation

License:

Apache License 2.0: http://repository.jboss.org/licenses/apache-2.0.txt
File Path: /opt/tomcat/.m2/repository/org/jboss/logging/commons-logging-jboss-logging/1.0.0.Final/commons-logging-jboss-logging-1.0.0.Final.jar
MD5: 46328c16f47be35563b73425d456445a
SHA1: 27a4e823d661bde67ec103bba2baf33cddde6e75
SHA256:f12176263ea25f4e78bb4fa4b36d335a29738dde6a8123e1b6da89a655d150ff
Referenced In Project/Scope: Users Admin Web:runtime
commons-logging-jboss-logging-1.0.0.Final.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT

Identifiers

commons-text-1.11.0.jar

Description:

Apache Commons Text is a library focused on algorithms working on strings.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/org/apache/commons/commons-text/1.11.0/commons-text-1.11.0.jar
MD5: ebfec4f77cc595c518d655f7e68346be
SHA1: 2bb044b7717ec2eccaf9ea7769c1509054b50e9a
SHA256:2acf30a070b19163d5a480eae411a281341e870020e3534c6d5d4c8472739e30
Referenced In Project/Scope: Users Admin Web:compile
commons-text-1.11.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT

Identifiers

freemarker-2.3.34.jar

Description:

    FreeMarker is a "template engine"; a generic tool to generate text output based on templates.

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/org/freemarker/freemarker/2.3.34/freemarker-2.3.34.jar
MD5: 1704fd3c579385ca5fd0ebcdf50df73c
SHA1: c2fa47a1c3b6dcdfca90e952e51211967a4baa54
SHA256:9a9fb91cd64199232eb1ca9766148a5d30ef8944be5fac051018f96c70c8f6a3
Referenced In Project/Scope: Users Admin Web:compile
freemarker-2.3.34.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT

Identifiers

hibernate-validator-8.0.2.Final.jar

Description:

Hibernate's Jakarta Bean Validation reference implementation.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/org/hibernate/validator/hibernate-validator/8.0.2.Final/hibernate-validator-8.0.2.Final.jar
MD5: 1adda123292ba2627d03a696d8c7e76a
SHA1: 220e64815dd87535525331de20570017f899eb13
SHA256:2f2224a5a19bdcfa73540e9ff5c971b6c425ad80415876f305259fe873a15b2f
Referenced In Project/Scope: Users Admin Web:compile
hibernate-validator-8.0.2.Final.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-validation@3.3.11

Identifiers

httpclient-4.5.14.jar

Description:

   Apache HttpComponents Client

File Path: /opt/tomcat/.m2/repository/org/apache/httpcomponents/httpclient/4.5.14/httpclient-4.5.14.jar
MD5: 2cb357c4b763f47e58af6cad47df6ba3
SHA1: 1194890e6f56ec29177673f2f12d0b8e627dec98
SHA256:c8bc7e1c51a6d4ce72f40d2ebbabf1c4b68bfe76e732104b04381b493478e9d6
Referenced In Project/Scope: Users Admin Web:compile
httpclient-4.5.14.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT

Identifiers

httpcore-4.4.16.jar

Description:

   Apache HttpComponents Core (blocking I/O)

File Path: /opt/tomcat/.m2/repository/org/apache/httpcomponents/httpcore/4.4.16/httpcore-4.4.16.jar
MD5: 28d2cd9bf8789fd2ec774fb88436ebd1
SHA1: 51cf043c87253c9f58b539c9f7e44c8894223850
SHA256:6c9b3dd142a09dc468e23ad39aad6f75a0f2b85125104469f026e52a474e464f
Referenced In Project/Scope: Users Admin Web:compile
httpcore-4.4.16.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT

Identifiers

istack-commons-tools-4.1.2.jar

Description:

istack common utility code

License:

http://www.eclipse.org/org/documents/edl-v10.php
File Path: /opt/tomcat/.m2/repository/com/sun/istack/istack-commons-tools/4.1.2/istack-commons-tools-4.1.2.jar
MD5: 53590bcdfeafccd31d1d1bc791af1555
SHA1: 585c1af261fbc0b0cccf72f4d6c5ff11c1e596b1
SHA256:85b4fe7ad6fdfc64a586133f039d3de7b51db2c8111a1aa98a267891e27f386f
Referenced In Project/Scope: Users Admin Web:compile
istack-commons-tools-4.1.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT

Identifiers

jackson-annotations-2.17.3.jar

Description:

Core annotations used for value types, used by Jackson data binding package.

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/com/fasterxml/jackson/core/jackson-annotations/2.17.3/jackson-annotations-2.17.3.jar
MD5: cb80e34a9fa3c0b27560e1562dfdff43
SHA1: 4f30a05d2eee0ab700cdc27aa5967e934d3042b2
SHA256:2747f60343783a6ec8a68405c7c839fa0bbe30ee4e2459d21a1ac3b7365e1ed5
Referenced In Project/Scope: Users Admin Web:compile
jackson-annotations-2.17.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-users-admin-web@2.0.0-SNAPSHOT

Identifiers

jackson-core-2.17.3.jar

Description:

Core Jackson processing abstractions (aka Streaming API), implementation for JSON

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.17.3/jackson-core-2.17.3.jar
MD5: b38c1cd06ec2b87bd23494962c44da69
SHA1: 1d6eb3e959c737692b720d3492b2f1f34c4c8579
SHA256:19e03ee71f00a86255fa3c980560b231e1305486f6482c905601209014f5870c
Referenced In Project/Scope: Users Admin Web:compile
jackson-core-2.17.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.17.3

Identifiers

CVE-2022-45688  

A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data.
CWE-787 Out-of-bounds Write

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2023-5072  

Denial of Service  in JSON-Java versions up to and including 20230618.  A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

jackson-coreutils-2.0.jar

Description:

JSON Pointer (RFC 6901) and numeric equality for Jackson (2.2.x)

License:

Lesser General Public License, version 3 or greater: http://www.gnu.org/licenses/lgpl.html
Apache Software License, version 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: /opt/tomcat/.m2/repository/com/github/java-json-tools/jackson-coreutils/2.0/jackson-coreutils-2.0.jar
MD5: 7d2699a50f92f6ee224d1d75fbd884ef
SHA1: 6374371261b91b829d10f21256b2feefdf8f0a78
SHA256:16b3aabd3a9eb25655dda433e35f9bd9c7c1aa7991427702f5f11f000813dbb0
Referenced In Project/Scope: Users Admin Web:compile
jackson-coreutils-2.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT

Identifiers

CVE-2022-45688  

A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data.
CWE-787 Out-of-bounds Write

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2023-5072  

Denial of Service  in JSON-Java versions up to and including 20230618.  A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

jackson-databind-2.17.3.jar

Description:

General data-binding functionality for Jackson: works on core streaming API

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.17.3/jackson-databind-2.17.3.jar
MD5: 820811143157937e800b899a4feeb261
SHA1: 42c617beb411ee813bdc39a287424bfb19d99185
SHA256:93b13e709a0b620de42019180a75bc1fc4885c81fe5b6087a4aa248f91fb9a95
Referenced In Project/Scope: Users Admin Web:compile
jackson-databind-2.17.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-users-admin-web@2.0.0-SNAPSHOT

Identifiers

jackson-jakarta-rs-base-2.17.3.jar

Description:

Pile of code that is shared by all Jackson-based Jakarta-RS
providers.

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/com/fasterxml/jackson/jakarta/rs/jackson-jakarta-rs-base/2.17.3/jackson-jakarta-rs-base-2.17.3.jar
MD5: e5e65ccf37efb69f3bddfcce87254c22
SHA1: 686bb983cf901d79d456fa7b12dbf492a250f624
SHA256:c01b46163ee2e639962be14d1e16d18c84e135beff572122f4bce12229ce2113
Referenced In Project/Scope: Users Admin Web:compile
jackson-jakarta-rs-base-2.17.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT

Identifiers

jackson-jakarta-rs-json-provider-2.17.3.jar

Description:

Functionality to handle JSON input/output for Jakarta-RS implementations
(like Jersey and RESTeasy) using standard Jackson data binding.

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/com/fasterxml/jackson/jakarta/rs/jackson-jakarta-rs-json-provider/2.17.3/jackson-jakarta-rs-json-provider-2.17.3.jar
MD5: cfbb0b864f335bb3f7ba47a6c1c8eb56
SHA1: 7caa7f9b3b307cd9de31cc034d55802b224ab8fb
SHA256:2ecc4a35fad7eed375ef29861291138f6759f0a3af7868effa387af4d14d6c77
Referenced In Project/Scope: Users Admin Web:compile
jackson-jakarta-rs-json-provider-2.17.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT

Identifiers

CVE-2022-45688  

A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data.
CWE-787 Out-of-bounds Write

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2023-5072  

Denial of Service  in JSON-Java versions up to and including 20230618.  A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

jackson-module-jakarta-xmlbind-annotations-2.17.3.jar

Description:

Support for using Jakarta XML Bind (aka JAXB 3.0) annotations as an alternative
  to "native" Jackson annotations, for configuring data-binding.

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/com/fasterxml/jackson/module/jackson-module-jakarta-xmlbind-annotations/2.17.3/jackson-module-jakarta-xmlbind-annotations-2.17.3.jar
MD5: f999c40ff7777d2e3162ba3f4a5f63c3
SHA1: 93c4f8434820f7581c8905804be34dffc7f2a189
SHA256:167d7d48ddabe3a3c2941551992832232f61b19d77cafbf9f7080d1293aafcb4
Referenced In Project/Scope: Users Admin Web:compile
jackson-module-jakarta-xmlbind-annotations-2.17.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT

Identifiers

jakarta.activation-api-2.1.3.jar

Description:

${project.name} ${spec.version} Specification

License:

EDL 1.0: http://www.eclipse.org/org/documents/edl-v10.php
File Path: /opt/tomcat/.m2/repository/jakarta/activation/jakarta.activation-api/2.1.3/jakarta.activation-api-2.1.3.jar
MD5: 76e7b680375ea9f40f3ddbd702efcd25
SHA1: fa165bd70cda600368eee31555222776a46b881f
SHA256:01b176d718a169263e78290691fc479977186bcc6b333487325084d6586f4627
Referenced In Project/Scope: Users Admin Web:compile
jakarta.activation-api-2.1.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-test@3.3.11

Identifiers

CVE-2023-4218  

In Eclipse IDE versions < 2023-09 (4.29) some files with xml content are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil project or update an open project with a vulnerable file (for example for review a foreign repository or patch).
CWE-611 Improper Restriction of XML External Entity Reference ('XXE')

CVSSv3:
  • Base Score: MEDIUM (5.0)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2008-7271  

Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE, possibly 3.3.2, allow remote attackers to inject arbitrary web script or HTML via (1) the searchWord parameter to help/advanced/searchView.jsp or (2) the workingSet parameter in an add action to help/advanced/workingSetManager.jsp, a different issue than CVE-2010-4647.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2010-4647  

Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE before 3.6.2 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) help/index.jsp or (2) help/advanced/content.jsp.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions: (show all)

jakarta.annotation-api-2.1.1.jar

Description:

Jakarta Annotations API

License:

EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html
File Path: /opt/tomcat/.m2/repository/jakarta/annotation/jakarta.annotation-api/2.1.1/jakarta.annotation-api-2.1.1.jar
MD5: 5dac2f68e8288d0add4dc92cb161711d
SHA1: 48b9bda22b091b1f48b13af03fe36db3be6e1ae3
SHA256:5f65fdaf424eee2b55e1d882ba9bb376be93fb09b37b808be6e22e8851c909fe
Referenced In Project/Scope: Users Admin Web:compile
jakarta.annotation-api-2.1.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-commons-test@2.0.0-SNAPSHOT

Identifiers

jakarta.mail-api-2.1.3.jar

Description:

${project.name} ${spec.version} Specification API

License:

EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html
EDL 1.0: http://www.eclipse.org/org/documents/edl-v10.php
File Path: /opt/tomcat/.m2/repository/jakarta/mail/jakarta.mail-api/2.1.3/jakarta.mail-api-2.1.3.jar
MD5: 288a687deb06b87602ce14cd03dddff4
SHA1: a327aa5f514ba86e80d54584417d7376ed2bde0e
SHA256:8051b58d75f982f9a5b963b3765426e824b2a64865ef0af17205e455b98db05c
Referenced In Project/Scope: Users Admin Web:compile
jakarta.mail-api-2.1.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT

Identifiers

CVE-2023-4218  

In Eclipse IDE versions < 2023-09 (4.29) some files with xml content are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil project or update an open project with a vulnerable file (for example for review a foreign repository or patch).
CWE-611 Improper Restriction of XML External Entity Reference ('XXE')

CVSSv3:
  • Base Score: MEDIUM (5.0)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2008-7271  

Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE, possibly 3.3.2, allow remote attackers to inject arbitrary web script or HTML via (1) the searchWord parameter to help/advanced/searchView.jsp or (2) the workingSet parameter in an add action to help/advanced/workingSetManager.jsp, a different issue than CVE-2010-4647.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2010-4647  

Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE before 3.6.2 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) help/index.jsp or (2) help/advanced/content.jsp.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions: (show all)

jakarta.servlet-api-6.0.0.jar

Description:

Jakarta Servlet 6.0

License:

EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html
File Path: /opt/tomcat/.m2/repository/jakarta/servlet/jakarta.servlet-api/6.0.0/jakarta.servlet-api-6.0.0.jar
MD5: 4bcb3175ed9b7aa3f038d082879ec2a8
SHA1: abecc699286e65035ebba9844c03931357a6a963
SHA256:c034eb1afb158987dbb53a5fea0cadf611c8dae8daadd59c44d9d5ab70129cef
Referenced In Project/Scope: Users Admin Web:provided
jakarta.servlet-api-6.0.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-users-admin-web@2.0.0-SNAPSHOT

Identifiers

jakarta.validation-api-3.0.2.jar

Description:

        Jakarta Bean Validation API

License:

Apache License 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/jakarta/validation/jakarta.validation-api/3.0.2/jakarta.validation-api-3.0.2.jar
MD5: 3a1ee6efca3e41e3320599790f54c5eb
SHA1: 92b6631659ba35ca09e44874d3eb936edfeee532
SHA256:291c25e6910cc6a7ebd96d4c6baebf6d7c37676c5482c2d96146e901b62c1fc9
Referenced In Project/Scope: Users Admin Web:compile
jakarta.validation-api-3.0.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-users-admin-web@2.0.0-SNAPSHOT

Identifiers

jakarta.ws.rs-api-3.1.0.jar

Description:

Jakarta RESTful Web Services

License:

EPL-2.0: http://www.eclipse.org/legal/epl-2.0
GPL-2.0-with-classpath-exception: https://www.gnu.org/software/classpath/license.html
File Path: /opt/tomcat/.m2/repository/jakarta/ws/rs/jakarta.ws.rs-api/3.1.0/jakarta.ws.rs-api-3.1.0.jar
MD5: 6ce4c6749e048456b2c452c1091689ca
SHA1: 15ce10d249a38865b58fc39521f10f29ab0e3363
SHA256:6b3b3628b8b4aedda0d24c3354335e985497d8ef3c510b8f3028e920d5b8663d
Referenced In Project/Scope: Users Admin Web:compile
jakarta.ws.rs-api-3.1.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT

Identifiers

jakarta.xml.bind-api-4.0.2.jar

Description:

Jakarta XML Binding API 4.0 Design Specification

License:

http://www.eclipse.org/org/documents/edl-v10.php
File Path: /opt/tomcat/.m2/repository/jakarta/xml/bind/jakarta.xml.bind-api/4.0.2/jakarta.xml.bind-api-4.0.2.jar
MD5: 0c8f9991081def819435c3ff36e4d93f
SHA1: 6cd5a999b834b63238005b7144136379dc36cad2
SHA256:0d6bcfe47763e85047acf7c398336dc84ff85ebcad0a7cb6f3b9d3e981245406
Referenced In Project/Scope: Users Admin Web:compile
jakarta.xml.bind-api-4.0.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-test@3.3.11

Identifiers

jandex-2.4.5.Final.jar

Description:

Parent POM for JBoss projects. Provides default project build configuration.

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/org/jboss/jandex/2.4.5.Final/jandex-2.4.5.Final.jar
MD5: 81ce0b995162eedcd867f10b3914c517
SHA1: 9b4634d1fa28628549eb986b7c0c73f387090fba
SHA256:70a283bcf11a82b14c20d1a9be731d301aedfd98be1b4c0f5b35fe60b305caff
Referenced In Project/Scope: Users Admin Web:compile
jandex-2.4.5.Final.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT

Identifiers

jaxb-core-4.0.3.jar

Description:

JAXB Core module. Contains sources required by XJC, JXC and Runtime modules.

License:

http://www.eclipse.org/org/documents/edl-v10.php
File Path: /opt/tomcat/.m2/repository/org/glassfish/jaxb/jaxb-core/4.0.3/jaxb-core-4.0.3.jar
MD5: 8c5d90e32ee3e76972b7d2acf7a49fdf
SHA1: e9093b4a82069a1d78ee9a3233ca387bca88861f
SHA256:d6d75c422752684fbf04dd74a21698feae0e4a406c2892b5af02d23dc97b2ac6
Referenced In Project/Scope: Users Admin Web:compile
jaxb-core-4.0.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT

Identifiers

jaxb-jxc-4.0.3.jar

Description:

        JAXB schema generator.The *tool* to generate XML schema based on java classes.

File Path: /opt/tomcat/.m2/repository/org/glassfish/jaxb/jaxb-jxc/4.0.3/jaxb-jxc-4.0.3.jar
MD5: 084bf03ab3beb840a96d480b51a1abb3
SHA1: ff97bfca3455817a3605bf21289abb4d12e27ff3
SHA256:1ab742bf26e939e87682c32973996cc067a3357ac3b0efb744c3f0d153063a30
Referenced In Project/Scope: Users Admin Web:compile
jaxb-jxc-4.0.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT

Identifiers

jaxb-runtime-4.0.3.jar

Description:

JAXB (JSR 222) Reference Implementation

License:

http://www.eclipse.org/org/documents/edl-v10.php
File Path: /opt/tomcat/.m2/repository/org/glassfish/jaxb/jaxb-runtime/4.0.3/jaxb-runtime-4.0.3.jar
MD5: 1e3fe19cc19a1393c48b5116c0e0999f
SHA1: 93af25be25b2c92c83e0ce61cb8b3ed23568f316
SHA256:795e2dbdd3e64c8ba7e532e35f83136603931a8e9a3b5ffeb05f9f483adab6e0
Referenced In Project/Scope: Users Admin Web:compile
jaxb-runtime-4.0.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT

Identifiers

jaxb-xjc-4.0.3.jar

Description:

        JAXB Binding Compiler. Contains source code needed for binding customization files into java sources.
        In other words: the *tool* to generate java classes for the given xml representation.

File Path: /opt/tomcat/.m2/repository/org/glassfish/jaxb/jaxb-xjc/4.0.3/jaxb-xjc-4.0.3.jar
MD5: 877234d80035820c4504868536d83124
SHA1: 7420f2fa71646abc584381bc7a6f4ce436d88d15
SHA256:53437669f695d263d7d3632251dca423f4cf87e1f2210a181d6696c7ca753990
Referenced In Project/Scope: Users Admin Web:compile
jaxb-xjc-4.0.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT

Identifiers

jboss-logging-3.5.3.Final.jar

Description:

The JBoss Logging Framework

License:

Apache License 2.0: https://repository.jboss.org/licenses/apache-2.0.txt
File Path: /opt/tomcat/.m2/repository/org/jboss/logging/jboss-logging/3.5.3.Final/jboss-logging-3.5.3.Final.jar
MD5: ee7e24e94235c13f53392ecaa53f938c
SHA1: c88fc1d8a96d4c3491f55d4317458ccad53ca663
SHA256:7b119460de174195aca412dfed52ca0bbef0ece26c2d74301b6172cfadf4ff59
Referenced In Project/Scope: Users Admin Web:compile
jboss-logging-3.5.3.Final.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-validation@3.3.11

Identifiers

jcip-annotations-1.0-1.jar

Description:

    A clean room implementation of the JCIP Annotations based entirely on the specification provided by the javadocs.

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/com/github/stephenc/jcip/jcip-annotations/1.0-1/jcip-annotations-1.0-1.jar
MD5: d62dbfa8789378457ada685e2f614846
SHA1: ef31541dd28ae2cefdd17c7ebf352d93e9058c63
SHA256:4fccff8382aafc589962c4edb262f6aa595e34f1e11e61057d1c6a96e8fc7323
Referenced In Project/Scope: Users Admin Web:compile
jcip-annotations-1.0-1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-commons-web@2.0.0-SNAPSHOT

Identifiers

json-patch-1.13.jar

Description:

JSON Patch (RFC 6902) and JSON Merge Patch (RFC 7386) implementation in Java

License:

Lesser General Public License, version 3 or greater: http://www.gnu.org/licenses/lgpl.html
Apache Software License, version 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: /opt/tomcat/.m2/repository/com/github/java-json-tools/json-patch/1.13/json-patch-1.13.jar
MD5: 2cca1a560d862f9d0e74da8cf4d5fca3
SHA1: c8b72249e50fe778e7df223e5b1fed1931a4a688
SHA256:1f794d256965b53ef37e70b55505e2ed00ddc0184d44e2e8e1fdce5a3cacc7de
Referenced In Project/Scope: Users Admin Web:compile
json-patch-1.13.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT

Identifiers

CVE-2022-45688  

A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data.
CWE-787 Out-of-bounds Write

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2023-5072  

Denial of Service  in JSON-Java versions up to and including 20230618.  A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

keycloak-admin-client-26.0.5.jar

File Path: /opt/tomcat/.m2/repository/org/keycloak/keycloak-admin-client/26.0.5/keycloak-admin-client-26.0.5.jar
MD5: a942027d2297bd2df35e2f79e80e05ee
SHA1: 5fed495319d1a8addd0f4b54deb1195beac4640f
SHA256:fe0f28032634b6b7373e2edd7e3d60d10078801727f8c8d6d530041f38154187
Referenced In Project/Scope: Users Admin Web:compile
keycloak-admin-client-26.0.5.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT

Identifiers

keycloak-core-26.1.3.jar

File Path: /opt/tomcat/.m2/repository/org/keycloak/keycloak-core/26.1.3/keycloak-core-26.1.3.jar
MD5: 0e4e1fdbdded0470fe86cbb630ba0411
SHA1: baf69d73c38f4d6fc5ca469669af225329e877a3
SHA256:224877b24a6d4d634519a90d73d714c7739d0debac2b5d9ac9c9e0293cf6d024
Referenced In Project/Scope: Users Admin Web:compile
keycloak-core-26.1.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT

Identifiers

logback-core-1.5.18.jar

Description:

logback-core module

License:

http://www.eclipse.org/legal/epl-v10.html, http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html
File Path: /opt/tomcat/.m2/repository/ch/qos/logback/logback-core/1.5.18/logback-core-1.5.18.jar
MD5: 10bcea83842beead15f072799b9c923d
SHA1: 6c0375624f6f36b4e089e2488ba21334a11ef13f
SHA256:85139e7b57b464f8e5e36326dd81317648bed199ccc4f98cd42585f8d7571027
Referenced In Project/Scope: Users Admin Web:compile
logback-core-1.5.18.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT

Identifiers

mapstruct-1.5.5.Final.jar

Description:

An annotation processor for generating type-safe bean mappers

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/org/mapstruct/mapstruct/1.5.5.Final/mapstruct-1.5.5.Final.jar
MD5: 9f2f737ffa2496ca5c40dcc323068803
SHA1: 2ca3cbe39b6e9ea8d5ea521965a89bef2a1e8eeb
SHA256:6391e07982855dd804d825b63a55ab9251003716547216e5f581123c841328d5
Referenced In Project/Scope: Users Admin Web:compile
mapstruct-1.5.5.Final.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-users-admin-web@2.0.0-SNAPSHOT

Identifiers

micrometer-commons-1.13.13.jar

Description:

Module containing common code

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/io/micrometer/micrometer-commons/1.13.13/micrometer-commons-1.13.13.jar
MD5: 3a91c7465b7ee9c005e26c3481a636b2
SHA1: 9fa147a70b0fbc237bd0ce9ec2a2fa9b33bc7bd7
SHA256:8613395fb4914819610d0b24ccf7345b30ee40e7bc08699cfcfb746bb2cb881d
Referenced In Project/Scope: Users Admin Web:compile
micrometer-commons-1.13.13.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework/spring-context@6.1.19

Identifiers

micrometer-observation-1.13.13.jar

Description:

Module containing Observation related code

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/io/micrometer/micrometer-observation/1.13.13/micrometer-observation-1.13.13.jar
MD5: 5511e8e9460c294024a0789dbb015948
SHA1: 8f5dcc8e44120ac65f53cf79581ca8894c560c5b
SHA256:35b40b485eb0514ff57fa15cbcd3c0cc850a1c72421cb7090e97e8e191167b99
Referenced In Project/Scope: Users Admin Web:compile
micrometer-observation-1.13.13.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework/spring-context@6.1.19

Identifiers

microprofile-openapi-api-3.1.1.jar

Description:

MicroProfile OpenAPI API :: API

License:

Apache License, Version 2.0
File Path: /opt/tomcat/.m2/repository/org/eclipse/microprofile/openapi/microprofile-openapi-api/3.1.1/microprofile-openapi-api-3.1.1.jar
MD5: d49b4088a9b12341dd37b881fbf14d1d
SHA1: 24d319e0caeca078d2bc748d063ba4f7239d44dc
SHA256:b482278365efc155fe8de06aac2e715911df4abc01562391a958cae2ce941814
Referenced In Project/Scope: Users Admin Web:compile
microprofile-openapi-api-3.1.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT

Identifiers

msg-simple-1.2.jar

Description:

A lightweight, UTF-8 capable, printf() capable alternative to Java's ResourceBundle

License:

Lesser General Public License, version 3 or greater: http://www.gnu.org/licenses/lgpl.html
Apache Software License, version 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: /opt/tomcat/.m2/repository/com/github/java-json-tools/msg-simple/1.2/msg-simple-1.2.jar
MD5: b0ad6fb398838287f1993c44bafb18e2
SHA1: a06afa2d5d75c98e54ab370107930978fc3f9937
SHA256:bef4111b993a5b3e6148d8f585621cceac2a1889cdbc34448b11632e0d8a9a8f
Referenced In Project/Scope: Users Admin Web:compile
msg-simple-1.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT

Identifiers

CVE-2022-45688  

A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data.
CWE-787 Out-of-bounds Write

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2023-5072  

Denial of Service  in JSON-Java versions up to and including 20230618.  A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

net.andresbustamante:y-a-foot-commons-api:2.0.0-SNAPSHOT

Description:

Shared API classes and interfaces

File Path: /opt/tomcat/.jenkins/workspace/y-a-foot_y-a-foot_build_develop/y-a-foot-commons-api/pom.xml

Referenced In Project/Scope: Users Admin Web
net.andresbustamante:y-a-foot-commons-api:2.0.0-SNAPSHOT is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-users-admin-web@2.0.0-SNAPSHOT

Identifiers

net.andresbustamante:y-a-foot-commons-services:2.0.0-SNAPSHOT

Description:

Shared classes and interfaces for the services layer

File Path: /opt/tomcat/.jenkins/workspace/y-a-foot_y-a-foot_build_develop/y-a-foot-commons-services/pom.xml

Referenced In Project/Scope: Users Admin Web
net.andresbustamante:y-a-foot-commons-services:2.0.0-SNAPSHOT is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-users-admin-web@2.0.0-SNAPSHOT

Identifiers

net.andresbustamante:y-a-foot-commons-web:2.0.0-SNAPSHOT

Description:

Shared classes, interfaces and configurations for the Web layer

File Path: /opt/tomcat/.jenkins/workspace/y-a-foot_y-a-foot_build_develop/y-a-foot-commons-web/pom.xml

Referenced In Project/Scope: Users Admin Web
net.andresbustamante:y-a-foot-commons-web:2.0.0-SNAPSHOT is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-users-admin-web@2.0.0-SNAPSHOT

Identifiers

net.andresbustamante:y-a-foot-users-api:2.0.0-SNAPSHOT

Description:

Users API classes and interfaces

File Path: /opt/tomcat/.jenkins/workspace/y-a-foot_y-a-foot_build_develop/y-a-foot-users-api/pom.xml

Referenced In Project/Scope: Users Admin Web
net.andresbustamante:y-a-foot-users-api:2.0.0-SNAPSHOT is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-users-admin-web@2.0.0-SNAPSHOT

Identifiers

net.andresbustamante:y-a-foot-users-services:2.0.0-SNAPSHOT

Description:

Users services implementations

File Path: /opt/tomcat/.jenkins/workspace/y-a-foot_y-a-foot_build_develop/y-a-foot-users-services/pom.xml

Referenced In Project/Scope: Users Admin Web
net.andresbustamante:y-a-foot-users-services:2.0.0-SNAPSHOT is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-users-admin-web@2.0.0-SNAPSHOT

Identifiers

nimbus-jose-jwt-9.37.3.jar (shaded: com.google.code.gson:gson:2.10.1)

License:

Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/com/nimbusds/nimbus-jose-jwt/9.37.3/nimbus-jose-jwt-9.37.3.jar/META-INF/maven/com.google.code.gson/gson/pom.xml
MD5: c13f373086992bab8989b514941891a6
SHA1: ce159faf33c1e665e1f3a785a5d678a2b20151bc
SHA256:d2b115634f5c085db4b9c9ffc2658e89e231fdbfbe2242121a1cd95d4d948dd7
Referenced In Project/Scope: Users Admin Web:compile

Identifiers

nimbus-jose-jwt-9.37.3.jar

Description:

        Java library for Javascript Object Signing and Encryption (JOSE) and
        JSON Web Tokens (JWT)

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/com/nimbusds/nimbus-jose-jwt/9.37.3/nimbus-jose-jwt-9.37.3.jar
MD5: a2ecba11e197522b7f963cbcf0b59715
SHA1: 700f71ffefd60c16bd8ce711a956967ea9071cec
SHA256:12ae4a3a260095d7aeba2adea7ae396e8b9570db8b7b409e09a824c219cc0444
Referenced In Project/Scope: Users Admin Web:compile
nimbus-jose-jwt-9.37.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-commons-web@2.0.0-SNAPSHOT

Identifiers

reactive-streams-1.0.4.jar

Description:

A Protocol for Asynchronous Non-Blocking Data Sequence

License:

MIT-0: https://spdx.org/licenses/MIT-0.html
File Path: /opt/tomcat/.m2/repository/org/reactivestreams/reactive-streams/1.0.4/reactive-streams-1.0.4.jar
MD5: eda7978509c32d99166745cc144c99cd
SHA1: 3864a1320d97d7b045f729a326e1e077661f31b7
SHA256:f75ca597789b3dac58f61857b9ac2e1034a68fa672db35055a8fb4509e325f28
Referenced In Project/Scope: Users Admin Web:compile
reactive-streams-1.0.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT

Identifiers

relaxng-datatype-4.0.3.jar

Description:

RelaxNG Datatype library.

License:

http://www.eclipse.org/org/documents/edl-v10.php
File Path: /opt/tomcat/.m2/repository/com/sun/xml/bind/external/relaxng-datatype/4.0.3/relaxng-datatype-4.0.3.jar
MD5: 809a7974433a9d3a56756ce4431630e7
SHA1: 4959f0b554ac5674c951205077a3adcdf0b03118
SHA256:4e62f0f16f933c27a80ced4e6b091cea7e3c853704116b40f324e792ce5a2c73
Referenced In Project/Scope: Users Admin Web:compile
relaxng-datatype-4.0.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT

Identifiers

resteasy-core-6.2.9.Final.jar

File Path: /opt/tomcat/.m2/repository/org/jboss/resteasy/resteasy-core/6.2.9.Final/resteasy-core-6.2.9.Final.jar
MD5: a2def701dea0ec5efbd51fa0da101c1f
SHA1: 7731f7881444f757743ced96d00bec7a36117352
SHA256:f7802bb92ee0e8d0bdf95cc9964ff02f6c5177232fd62476073c848bb6314c96
Referenced In Project/Scope: Users Admin Web:compile
resteasy-core-6.2.9.Final.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT

Identifiers

rngom-4.0.3.jar

Description:

        RNGOM is a RelaxNG Object model library (XSOM for RelaxNG).

License:

http://www.eclipse.org/org/documents/edl-v10.php
File Path: /opt/tomcat/.m2/repository/com/sun/xml/bind/external/rngom/4.0.3/rngom-4.0.3.jar
MD5: 460a0926da0591f50b09ec85d3c65774
SHA1: 4d240e2341114dcef812c8e572011df44648f4af
SHA256:e86474b30f9ef547d55bf5c035f4a1e3f2fddc28a393c9cfb1c315bb94dbd3fd
Referenced In Project/Scope: Users Admin Web:compile
rngom-4.0.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT

Identifiers

slf4j-api-2.0.17.jar

Description:

The slf4j API

License:

https://opensource.org/license/mit
File Path: /opt/tomcat/.m2/repository/org/slf4j/slf4j-api/2.0.17/slf4j-api-2.0.17.jar
MD5: b6480d114a23683498ac3f746f959d2f
SHA1: d9e58ac9c7779ba3bf8142aff6c830617a7fe60f
SHA256:7b751d952061954d5abfed7181c1f645d336091b679891591d63329c622eb832
Referenced In Project/Scope: Users Admin Web:compile
slf4j-api-2.0.17.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-users-admin-web@2.0.0-SNAPSHOT

Identifiers

snakeyaml-2.2.jar

Description:

YAML 1.1 parser and emitter for Java

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/org/yaml/snakeyaml/2.2/snakeyaml-2.2.jar
MD5: d78aacf5f2de5b52f1a327470efd1ad7
SHA1: 3af797a25458550a16bf89acc8e4ab2b7f2bfce0
SHA256:1467931448a0817696ae2805b7b8b20bfb082652bf9c4efaed528930dc49389b
Referenced In Project/Scope: Users Admin Web:compile
snakeyaml-2.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-web@3.3.11

Identifiers

spring-amqp-3.1.11.jar

Description:

Spring AMQP Core

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/org/springframework/amqp/spring-amqp/3.1.11/spring-amqp-3.1.11.jar
MD5: a783fffa27f1fd15a7e6f94b6ee4555f
SHA1: 878a936dda58b32eb08913fe1d3543dd158e38aa
SHA256:c8f866734524bed1a486653f424daf586fec7a1559171534efaef515878cef3e
Referenced In Project/Scope: Users Admin Web:compile
spring-amqp-3.1.11.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-amqp@3.3.11

Identifiers

  • pkg:maven/org.springframework.amqp/spring-amqp@3.1.11  (Confidence:High)
  • cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:3.1.11:*:*:*:*:*:*:*  (Confidence:Low)  
  • cpe:2.3:a:vmware:spring_advanced_message_queuing_protocol:3.1.11:*:*:*:*:*:*:*  (Confidence:Low)  

spring-boot-3.3.11.jar

Description:

Spring Boot

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /opt/tomcat/.m2/repository/org/springframework/boot/spring-boot/3.3.11/spring-boot-3.3.11.jar
MD5: cb3ffb9e07a9d8d0140466e583958f8b
SHA1: b1f0b53e38e2bf45eae8f5bd27983a07bdeaac30
SHA256:272efd80096c864ad93edb9c08f450cc37f7f997505a1b0c458587b71a3e6268
Referenced In Project/Scope: Users Admin Web:compile
spring-boot-3.3.11.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-users-admin-web@2.0.0-SNAPSHOT

Identifiers

spring-boot-starter-web-3.3.11.jar

Description:

Starter for building web, including RESTful, applications using Spring MVC. Uses Tomcat as the default embedded container

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /opt/tomcat/.m2/repository/org/springframework/boot/spring-boot-starter-web/3.3.11/spring-boot-starter-web-3.3.11.jar
MD5: dce8a00363ffc8a242d86d0ba59e4a20
SHA1: a447c26f78b6023366143c13d8836082462fb5ed
SHA256:3343bbca057aa530b72e59788625c26fdec43c8cdaa42836cedae183db20b526
Referenced In Project/Scope: Users Admin Web:compile
spring-boot-starter-web-3.3.11.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-users-admin-web@2.0.0-SNAPSHOT

Identifiers

spring-core-6.1.19.jar

Description:

Spring Core

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /opt/tomcat/.m2/repository/org/springframework/spring-core/6.1.19/spring-core-6.1.19.jar
MD5: c7b7de19a43581b1f22d87fbfa192cd5
SHA1: 85718bafdeda6c6b4b0782afda2002299c3f918a
SHA256:a46e9b693d6be2cce3bc3f2b6ed144c4a7198dcc5c355ca3c63b383d8e911800
Referenced In Project/Scope: Users Admin Web:compile
spring-core-6.1.19.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-commons-test@2.0.0-SNAPSHOT

Identifiers

spring-retry-2.0.11.jar

Description:

		Spring Retry provides an abstraction around retrying failed operations, with an
		emphasis on declarative control of the process and policy-based behaviour that is
		easy to extend and customize. For instance, you can configure a plain POJO
		operation to retry if it fails, based on the type of exception, and with a fixed
		or exponential backoff.

License:

Apache 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/org/springframework/retry/spring-retry/2.0.11/spring-retry-2.0.11.jar
MD5: 24fe2b3e01091f9fb1c6038a8f3e57d9
SHA1: 0bd4fae67445baf330b69b6b786748a308ab31f6
SHA256:1be1d42bb1ae33813f84557b0e419d3471e35850269c749dab8610e521a82567
Referenced In Project/Scope: Users Admin Web:compile
spring-retry-2.0.11.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-amqp@3.3.11

Identifiers

spring-security-core-6.3.9.jar

Description:

Spring Security

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /opt/tomcat/.m2/repository/org/springframework/security/spring-security-core/6.3.9/spring-security-core-6.3.9.jar
MD5: 119f8471a5db75c043d52e8539b735c6
SHA1: 70dd35fe2c70fe78c3f431647b2fc492f0912120
SHA256:c3b06c4c7e4cc437363785b94d5ac57af5a08ff54046bfecf4c387220660be06
Referenced In Project/Scope: Users Admin Web:compile
spring-security-core-6.3.9.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-commons-web@2.0.0-SNAPSHOT

Identifiers

spring-security-oauth2-resource-server-6.3.9.jar

Description:

Spring Security

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /opt/tomcat/.m2/repository/org/springframework/security/spring-security-oauth2-resource-server/6.3.9/spring-security-oauth2-resource-server-6.3.9.jar
MD5: 2354be71eebe2c9ad68266579cd2b7e0
SHA1: 517b1e3c296869335a3abf6f775ceeba8184d3a8
SHA256:41037e11206a5e9453e9890c859ca5fed82d1cf79f2ece61d9fd23296390c123
Referenced In Project/Scope: Users Admin Web:compile
spring-security-oauth2-resource-server-6.3.9.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-commons-web@2.0.0-SNAPSHOT

Identifiers

spring-security-web-6.3.9.jar

Description:

Spring Security

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /opt/tomcat/.m2/repository/org/springframework/security/spring-security-web/6.3.9/spring-security-web-6.3.9.jar
MD5: d2ffe936d52fc7c438007c14e59641a6
SHA1: 172d00cd128561a0acd2ca81fe7ee508ba489ada
SHA256:0d452463f5a860da963873842e72dbb96c0198513d19d186cd15fadb111344ab
Referenced In Project/Scope: Users Admin Web:compile
spring-security-web-6.3.9.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-users-admin-web@2.0.0-SNAPSHOT

Identifiers

spring-web-6.1.19.jar

Description:

Spring Web

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /opt/tomcat/.m2/repository/org/springframework/spring-web/6.1.19/spring-web-6.1.19.jar
MD5: 0dc2be1ade9148172e2c76546eaa6418
SHA1: 86ee75c9042bff1c1e59e35ad15a8f9385b45f0f
SHA256:163d2155b9ac25eb56b26fd5bf667192c4290992bc0444f90033a81f5f6e887e
Referenced In Project/Scope: Users Admin Web:compile
spring-web-6.1.19.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-users-admin-web@2.0.0-SNAPSHOT

Identifiers

swagger-annotations-2.2.18.jar

Description:

swagger-annotations

License:

"Apache License 2.0";link="http://www.apache.org/licenses/LICENSE-2.0.html"
File Path: /opt/tomcat/.m2/repository/io/swagger/core/v3/swagger-annotations/2.2.18/swagger-annotations-2.2.18.jar
MD5: 89fdf32376651c2a5f1d6ba6ee92c4e9
SHA1: 72ed83a368c13d8963e986bdc82f7105a1439c49
SHA256:436eb3cea261c770be1a37eb6b4752bb08b776228f8480890763df38390a227d
Referenced In Project/Scope: Users Admin Web:compile
swagger-annotations-2.2.18.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-users-admin-web@2.0.0-SNAPSHOT

Identifiers

tomcat-embed-core-10.1.40.jar

Description:

Core Tomcat implementation

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/org/apache/tomcat/embed/tomcat-embed-core/10.1.40/tomcat-embed-core-10.1.40.jar
MD5: 469a77d350935dc68e88be91bc337ee1
SHA1: fc1c09b726336dc6f7dde0408cebb1a56a3a28d3
SHA256:a837da48929985b35a489265bc4d6250b7209a2eaf646de7597ed22a028c610c
Referenced In Project/Scope: Users Admin Web:compile
tomcat-embed-core-10.1.40.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-web@3.3.11

Identifiers

tomcat-embed-el-10.1.40.jar

Description:

Core Tomcat implementation

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /opt/tomcat/.m2/repository/org/apache/tomcat/embed/tomcat-embed-el/10.1.40/tomcat-embed-el-10.1.40.jar
MD5: c80cb09246e057b85dfa5c25deb562ba
SHA1: 1b321790508c1d410689b4f496dae18a97fa6ae9
SHA256:138e1b8bcb06890b38408b0801d2f4c2a5a375947aa8d3fc12ac2f98573d5385
Referenced In Project/Scope: Users Admin Web:compile
tomcat-embed-el-10.1.40.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-validation@3.3.11

Identifiers

txw2-4.0.3.jar

Description:

        TXW is a library that allows you to write XML documents.

File Path: /opt/tomcat/.m2/repository/org/glassfish/jaxb/txw2/4.0.3/txw2-4.0.3.jar
MD5: b95e92bbc4dd7183916a11ed210b6169
SHA1: 47b8fe31c6d1a3382203af919400527389e01e9c
SHA256:df07a51801b995e44aec9a95ef875d95fbb8de2874417de6066d84f731cb9e9c
Referenced In Project/Scope: Users Admin Web:compile
txw2-4.0.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT

Identifiers

xsom-4.0.3.jar

Description:

XML Schema Object Model (XSOM) is a Java library that allows applications to easily parse XML Schema
        documents and inspect information in them. It is expected to be useful for applications that need to take XML
        Schema as an input.

License:

Eclipse Distribution License - v 1.0: http://www.eclipse.org/org/documents/edl-v10.php
File Path: /opt/tomcat/.m2/repository/org/glassfish/jaxb/xsom/4.0.3/xsom-4.0.3.jar
MD5: 050161218c72a27c4191e9e6e6f33122
SHA1: 4406ab2fd87b18abfa996870000ff88119de7c6d
SHA256:247a2348fcfd983ef38d9ada0827d0684630e9018b3839c91df3f56a10a9b01a
Referenced In Project/Scope: Users Admin Web:compile
xsom-4.0.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.andresbustamante/y-a-foot-users-services@2.0.0-SNAPSHOT

Identifiers



This report contains data retrieved from the National Vulnerability Database.
This report may contain data retrieved from the CISA Known Exploited Vulnerability Catalog.
This report may contain data retrieved from the NPM Public Advisories.
This report may contain data retrieved from RetireJS.
This report may contain data retrieved from the Sonatype OSS Index.