Press CTR-C to copy XML [help]


Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

How to read the report | Suppressing false positives | Getting Help: github issues

Project: blueMarine II :: MusicBrainz

it.tidalwave.bluemarine2:it-tidalwave-bluemarine2-metadata-musicbrainz:1.1-ALPHA-1

Scan Information (show all):

Summary

Display: Showing Vulnerable Dependencies (click to show all)

DependencyVulnerability IDsPackageHighest SeverityCVE CountConfidenceEvidence Count
activation-1.1.1.jarpkg:maven/javax.activation/activation@1.1.1 025
aspectjrt-1.9.6.jarpkg:maven/org.aspectj/aspectjrt@1.9.6 023
commons-lang3-3.5.jarpkg:maven/org.apache.commons/commons-lang3@3.5 041
guava-18.0.jarcpe:2.3:a:google:guava:18.0:*:*:*:*:*:*:*pkg:maven/com.google.guava/guava@18.0MEDIUM2Highest22
it-tidalwave-bluemarine2-commons-1.1-ALPHA-1.jarpkg:maven/it.tidalwave.bluemarine2/it-tidalwave-bluemarine2-commons@1.1-ALPHA-1 023
it-tidalwave-bluemarine2-model-1.1-ALPHA-1.jarpkg:maven/it.tidalwave.bluemarine2/it-tidalwave-bluemarine2-model@1.1-ALPHA-1 025
it-tidalwave-bluemarine2-musicbrainz-datamodel-1.1-ALPHA-1.jarpkg:maven/it.tidalwave.bluemarine2/it-tidalwave-bluemarine2-musicbrainz-datamodel@1.1-ALPHA-1 019
it-tidalwave-bluemarine2-vocabulary-1.1-ALPHA-1.jarpkg:maven/it.tidalwave.bluemarine2/it-tidalwave-bluemarine2-vocabulary@1.1-ALPHA-1 023
it-tidalwave-messagebus-3.2-ALPHA-11.jarpkg:maven/it.tidalwave.thesefoolishthings/it-tidalwave-messagebus@3.2-ALPHA-11 023
it-tidalwave-messagebus-spring-3.2-ALPHA-11.jarpkg:maven/it.tidalwave.thesefoolishthings/it-tidalwave-messagebus-spring@3.2-ALPHA-11 023
it-tidalwave-role-3.2-ALPHA-11.jarpkg:maven/it.tidalwave.thesefoolishthings/it-tidalwave-role@3.2-ALPHA-11 023
it-tidalwave-role-ui-javafx-1.1-ALPHA-2.jarpkg:maven/it.tidalwave.steelblue/it-tidalwave-role-ui-javafx@1.1-ALPHA-2 027
it-tidalwave-util-3.2-ALPHA-11.jarpkg:maven/it.tidalwave.thesefoolishthings/it-tidalwave-util@3.2-ALPHA-11 023
jaudiotagger-2.2.5.jarpkg:maven/net.jthink/jaudiotagger@2.2.5 030
javafx-base-11.0.1-mac.jarpkg:maven/org.openjfx/javafx-base@11.0.1 09
javafx-base-11.0.1.jarpkg:maven/org.openjfx/javafx-base@11.0.1 015
javafx-controls-11.0.1-mac.jarpkg:maven/org.openjfx/javafx-controls@11.0.1 011
javafx-controls-11.0.1.jarpkg:maven/org.openjfx/javafx-controls@11.0.1 015
javafx-fxml-11.0.1-mac.jarpkg:maven/org.openjfx/javafx-fxml@11.0.1 09
javafx-fxml-11.0.1.jarpkg:maven/org.openjfx/javafx-fxml@11.0.1 015
javafx-graphics-11.0.1-mac.jarcpe:2.3:a:oracle:javafx:11.0.1:*:*:*:*:*:*:*pkg:maven/org.openjfx/javafx-graphics@11.0.1 0Low9
javafx-graphics-11.0.1-mac.jar: javafx-swt.jar 07
javafx-graphics-11.0.1.jarpkg:maven/org.openjfx/javafx-graphics@11.0.1 015
javax.annotation-api-1.3.2.jarpkg:maven/javax.annotation/javax.annotation-api@1.3.2 039
javax.inject-1.jarpkg:maven/javax.inject/javax.inject@1 019
jaxb-api-2.2.11.jarpkg:maven/javax.xml.bind/jaxb-api@2.2.11 042
jaxb-core-2.2.11.jarpkg:maven/com.sun.xml.bind/jaxb-core@2.2.11
pkg:maven/org.glassfish.jaxb/jaxb-core@2.2.11		 044
jaxb-core-2.2.11.jar (shaded: com.sun.istack:istack-commons-runtime:2.21)pkg:maven/com.sun.istack/istack-commons-runtime@2.21 011
jaxb-core-2.2.11.jar (shaded: org.glassfish.jaxb:txw2:2.2.11)pkg:maven/org.glassfish.jaxb/txw2@2.2.11 011
jaxb-impl-2.2.11.jarpkg:maven/com.sun.xml.bind/jaxb-impl@2.2.11 040
jaxb-impl-2.2.11.jar (shaded: org.glassfish.jaxb:jaxb-runtime:2.2.11)pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.2.11 011
jcl-over-slf4j-1.7.30.jarpkg:maven/org.slf4j/jcl-over-slf4j@1.7.30 033
jsr305-3.0.2.jarpkg:maven/com.google.code.findbugs/jsr305@3.0.2 017
jul-to-slf4j-1.7.30.jarpkg:maven/org.slf4j/jul-to-slf4j@1.7.30 028
logback-core-1.2.3.jarcpe:2.3:a:logback:logback:1.2.3:*:*:*:*:*:*:*pkg:maven/ch.qos.logback/logback-core@1.2.3 0Highest32
lombok-1.18.18.jarpkg:maven/org.projectlombok/lombok@1.18.18 024
rdf4j-util-2.1.4.jarcpe:2.3:a:eclipse:rdf4j:2.1.4:*:*:*:*:*:*:*pkg:maven/org.eclipse.rdf4j/rdf4j-util@2.1.4CRITICAL1Highest26
slf4j-api-1.7.30.jarpkg:maven/org.slf4j/slf4j-api@1.7.30 029
spotbugs-annotations-3.1.9.jarpkg:maven/com.github.spotbugs/spotbugs-annotations@3.1.9 021
spring-core-5.3.1.jarcpe:2.3:a:pivotal_software:spring_framework:5.3.1:*:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:5.3.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:springsource_spring_framework:5.3.1:*:*:*:*:*:*:*		pkg:maven/org.springframework/spring-core@5.3.1 0Highest31

Dependencies

activation-1.1.1.jar

Description:

The JavaBeans(TM) Activation Framework is used by the JavaMail(TM) API to manage MIME data

License:

COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0: https://glassfish.dev.java.net/public/CDDLv1.0.html
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/javax/activation/activation/1.1.1/activation-1.1.1.jar
MD5: 46a37512971d8eca81c3fcf245bf07d2
SHA1: 485de3a253e23f645037828c07f1d7f1af40763a
SHA256:ae475120e9fcd99b4b00b38329bd61cdc5eb754eee03fe66c01f50e137724f99
Referenced In Project/Scope:blueMarine II :: MusicBrainz:runtime

Identifiers

aspectjrt-1.9.6.jar

Description:

The runtime needed to execute a program using AspectJ

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/legal/epl-v10.html
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/aspectj/aspectjrt/1.9.6/aspectjrt-1.9.6.jar
MD5: 391f9257f19b84b45eb79a1878b9600a
SHA1: 1651849d48659e5703adc2599e694bf67b8c3fc4
SHA256:20c785678cbb4ee045914daf83da25f98a16071177dfa0e3451326723dfb4705
Referenced In Project/Scope:blueMarine II :: MusicBrainz:compile

Identifiers

commons-lang3-3.5.jar

Description:

  Apache Commons Lang, a package of Java utility classes for the
  classes that are in java.lang's hierarchy, or are considered to be so
  standard as to justify existence in java.lang.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/apache/commons/commons-lang3/3.5/commons-lang3-3.5.jar
MD5: 780b5a8b72eebe6d0dbff1c11b5658fa
SHA1: 6c6c702c89bfff3cd9e80b04d668c5e190d588c6
SHA256:8ac96fc686512d777fca85e144f196cd7cfe0c0aec23127229497d1a38ff651c
Referenced In Project/Scope:blueMarine II :: MusicBrainz:compile

Identifiers

guava-18.0.jar

Description:

    Guava is a suite of core and expanded libraries that include
    utility classes, google's collections, io classes, and much
    much more.

    Guava has only one code dependency - javax.annotation,
    per the JSR-305 spec.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/com/google/guava/guava/18.0/guava-18.0.jar
MD5: 947641f6bb535b1d942d1bc387c45290
SHA1: cce0823396aa693798f8882e64213b1772032b09
SHA256:d664fbfc03d2e5ce9cab2a44fb01f1d0bf9dfebeccc1a473b1f9ea31f79f6f99
Referenced In Project/Scope:blueMarine II :: MusicBrainz:compile

Identifiers

CVE-2018-10237  

Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable.
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: MEDIUM (5.9)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2020-8908  

A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in question has been marked @Deprecated in versions 30.0 and later and should not be used. For Android developers, we recommend choosing a temporary directory API provided by Android, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime's java.io.tmpdir system property to point to a location whose permissions are appropriately configured.
CWE-732 Incorrect Permission Assignment for Critical Resource

CVSSv2:
  • Base Score: LOW (2.1)
  • Vector: /AV:L/AC:L/Au:N/C:P/I:N/A:N
CVSSv3:
  • Base Score: LOW (3.3)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

it-tidalwave-bluemarine2-commons-1.1-ALPHA-1.jar

Description:

        Utility code that is common to the whole project.

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/it/tidalwave/bluemarine2/it-tidalwave-bluemarine2-commons/1.1-ALPHA-1/it-tidalwave-bluemarine2-commons-1.1-ALPHA-1.jar
MD5: d450852502b7d426979a720126db986d
SHA1: 555bac8561a9f0bdd8da3ab174f13cd1db500ad8
SHA256:cdd10c81760079227e642bf9693cfd01c6c621f574adcd2b7531985fd9322a3a
Referenced In Project/Scope:blueMarine II :: MusicBrainz:compile

Identifiers

it-tidalwave-bluemarine2-model-1.1-ALPHA-1.jar

Description:

        The core model for the application.

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/it/tidalwave/bluemarine2/it-tidalwave-bluemarine2-model/1.1-ALPHA-1/it-tidalwave-bluemarine2-model-1.1-ALPHA-1.jar
MD5: b5054e83856058deb7aa52409e9ea67d
SHA1: 97bbf8594aabfb7d85aca8daef6f0ccf404d6e8c
SHA256:f18ccf14a88ce48db2c5e4fe54fcacbe4ac5c9c975f7c198e2dabe4f455c78fa
Referenced In Project/Scope:blueMarine II :: MusicBrainz:compile

Identifiers

it-tidalwave-bluemarine2-musicbrainz-datamodel-1.1-ALPHA-1.jar

Description:

        The data model for MusicBrainz. This module contains code auto-generated from MusicBrainz XSD.

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/it/tidalwave/bluemarine2/it-tidalwave-bluemarine2-musicbrainz-datamodel/1.1-ALPHA-1/it-tidalwave-bluemarine2-musicbrainz-datamodel-1.1-ALPHA-1.jar
MD5: cfa1b73437594cc20fc2bbd57d89e587
SHA1: 4d3b5b8a54dfc651a0c3b0de4178d247d44224cb
SHA256:25f5b51b4a0c5863d6f6ab5c34fbe5f6637d1882f5dcab13d76e8c440877ae2d
Referenced In Project/Scope:blueMarine II :: MusicBrainz:compile

Identifiers

it-tidalwave-bluemarine2-vocabulary-1.1-ALPHA-1.jar

Description:

        A collection of semantic elements for the database.

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/it/tidalwave/bluemarine2/it-tidalwave-bluemarine2-vocabulary/1.1-ALPHA-1/it-tidalwave-bluemarine2-vocabulary-1.1-ALPHA-1.jar
MD5: 6687e82a11c5d2debbb78283341d13b1
SHA1: 9c428ccc2eb12149d6984f656d7526c59da5e8d2
SHA256:04deb665a70841f40ac7e5f4b1d43fb3a664315159ac9d13dc56dd690b546317
Referenced In Project/Scope:blueMarine II :: MusicBrainz:compile

Identifiers

it-tidalwave-messagebus-3.2-ALPHA-11.jar

Description:

        An abstract description of a simple message bus to be used within an application.

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/it/tidalwave/thesefoolishthings/it-tidalwave-messagebus/3.2-ALPHA-11/it-tidalwave-messagebus-3.2-ALPHA-11.jar
MD5: 5e429b1fdc1357593bdbe4ae2e43eb73
SHA1: 6359be911f918b89a7f164e11c91a953a29d7072
SHA256:d9d982eea5a0bbdb8769ad675866b3324e544eeeba7a3b1a241bffdf557c5cf0
Referenced In Project/Scope:blueMarine II :: MusicBrainz:compile

Identifiers

it-tidalwave-messagebus-spring-3.2-ALPHA-11.jar

Description:

        A Spring implementation of a simple message bus to be used within an application.

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/it/tidalwave/thesefoolishthings/it-tidalwave-messagebus-spring/3.2-ALPHA-11/it-tidalwave-messagebus-spring-3.2-ALPHA-11.jar
MD5: 834a621cb0ac1cc5ee479dbf63631627
SHA1: 7bdeee0717482d985703c445d3eeed39914db684
SHA256:8ad4ec01a28fd88643e030c44f750c4856070c374e875d1d6ea592e29f03ca02
Referenced In Project/Scope:blueMarine II :: MusicBrainz:compile

Identifiers

it-tidalwave-role-3.2-ALPHA-11.jar

Description:

        Roles are a powerful way for designing complex behaviours while keeping good practices such as Single Responsibility, Dependency Inversion and
        Interface Segregation.

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/it/tidalwave/thesefoolishthings/it-tidalwave-role/3.2-ALPHA-11/it-tidalwave-role-3.2-ALPHA-11.jar
MD5: 80ba630d9714bee82e8ec9e143a4b3c9
SHA1: 1ca57201c455a955a9995ab1d48289fed76d8800
SHA256:7e847b7a3d662155d47077626d315bd75d42f28300b22db54d7cfb9fed031d0a
Referenced In Project/Scope:blueMarine II :: MusicBrainz:compile

Identifiers

it-tidalwave-role-ui-javafx-1.1-ALPHA-2.jar

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/it/tidalwave/steelblue/it-tidalwave-role-ui-javafx/1.1-ALPHA-2/it-tidalwave-role-ui-javafx-1.1-ALPHA-2.jar
MD5: 04595283cb55863ac87a817253ca60ae
SHA1: e189745e52eac13dc6000594214142da2d64ffb8
SHA256:a09c323a23445fff711856d3389ce841a0a52c3bed83c2c00fc37d5ebe567bef
Referenced In Project/Scope:blueMarine II :: MusicBrainz:compile

Identifiers

it-tidalwave-util-3.2-ALPHA-11.jar

Description:

        A collection of common utilities.

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/it/tidalwave/thesefoolishthings/it-tidalwave-util/3.2-ALPHA-11/it-tidalwave-util-3.2-ALPHA-11.jar
MD5: 177cfe76d9466ac36a64135f63fb3b11
SHA1: 1a9d9cd4f18be3e11f7b6a43b767f5d3a0f5dbde
SHA256:c2a653eccad40eef79de288779dc5e30999b15e2d68d561b82c7e8bf9356aeab
Referenced In Project/Scope:blueMarine II :: MusicBrainz:compile

Identifiers

jaudiotagger-2.2.5.jar

Description:

    The aim of this project is to provide a world class Java library
    for editing tag information in audio files.
    Most existing solutions are not java based inhibiting the use of
    java applications with digital files.

License:

LGPL: http://www.gnu.org/copyleft/lesser.html
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/net/jthink/jaudiotagger/2.2.5/jaudiotagger-2.2.5.jar
MD5: 192fd43df458a04d32b215e38489f8ae
SHA1: e9a1c27942a89439e3f8dca737075b7a354a46e1
SHA256:ccf8dc43a2846de375c97e834114b904febc3f4792e103692149a2498d5e390d
Referenced In Project/Scope:blueMarine II :: MusicBrainz:compile

Identifiers

javafx-base-11.0.1-mac.jar

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/openjfx/javafx-base/11.0.1/javafx-base-11.0.1-mac.jar
MD5: 94933060e439fba99478e14fcf2d1b02
SHA1: 2b9ca67aea06b0ea7aa0e740498fc97c822b307e
SHA256:2d8052a08fd2e5d98e1d5a16d724ea5dd02102879de20a193225f57199803983
Referenced In Project/Scope:blueMarine II :: MusicBrainz:compile

Identifiers

javafx-base-11.0.1.jar

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/openjfx/javafx-base/11.0.1/javafx-base-11.0.1.jar
MD5: b85ce0631dae83fe643fbd32ccd08e4c
SHA1: f1354a284f4151d20358e776f6ff68ee35bbb96d
SHA256:c5084a74417a89c69a0c122fae96a4b70bf619fc3d6218ea102a4047ec85ad04
Referenced In Project/Scope:blueMarine II :: MusicBrainz:compile

Identifiers

javafx-controls-11.0.1-mac.jar

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/openjfx/javafx-controls/11.0.1/javafx-controls-11.0.1-mac.jar
MD5: f321c782b9bf158a630cb0a7bea73644
SHA1: 0538fd08a4ecd76788766a69c19e90b4cc0179f8
SHA256:148468742e957b765d5ac6d5ba66ce983e1acdf582c191bb35dbfe8cdefdb314
Referenced In Project/Scope:blueMarine II :: MusicBrainz:compile

Identifiers

javafx-controls-11.0.1.jar

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/openjfx/javafx-controls/11.0.1/javafx-controls-11.0.1.jar
MD5: 2e18fc95e4aa7ce325cefa67b9f61f3d
SHA1: 61cf91bf3494d0616216f49c9e1d183d170adf0a
SHA256:71be28dc4d80744ba541fc50d933729e8703fe1e642ae92037f6fccc7f961971
Referenced In Project/Scope:blueMarine II :: MusicBrainz:compile

Identifiers

javafx-fxml-11.0.1-mac.jar

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/openjfx/javafx-fxml/11.0.1/javafx-fxml-11.0.1-mac.jar
MD5: a835057792b4fc1aa7d6c4bea9547add
SHA1: 352a51a0f0cb13cf83a081b5dd5526acd4fbab30
SHA256:56f9a32b3a1fc76c761bd40c16917ed1675c8d5dcbe492a44ce9ee2391e27139
Referenced In Project/Scope:blueMarine II :: MusicBrainz:compile

Identifiers

javafx-fxml-11.0.1.jar

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/openjfx/javafx-fxml/11.0.1/javafx-fxml-11.0.1.jar
MD5: 6e4c64769d877a47edbdd0023d89a074
SHA1: f290c13d7e984d880c9f114f38c2da949ef18d54
SHA256:546fc449f01cd0bbe51a921f9d3f0e5d8764764480caca4a709e681e7ad0b6cf
Referenced In Project/Scope:blueMarine II :: MusicBrainz:compile

Identifiers

javafx-graphics-11.0.1-mac.jar

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/openjfx/javafx-graphics/11.0.1/javafx-graphics-11.0.1-mac.jar
MD5: 64a05ff45e2ff0e9695817816284daf5
SHA1: 3c5014c500e6d308eca4ac9f952d4f7e7e8dfc7e
SHA256:e0bcd295cae13c636f92911474acbab6bee836e6950d1696a02d79a041d61df2
Referenced In Project/Scope:blueMarine II :: MusicBrainz:compile

Identifiers

javafx-graphics-11.0.1-mac.jar: javafx-swt.jar

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/openjfx/javafx-graphics/11.0.1/javafx-graphics-11.0.1-mac.jar/javafx-swt.jar
MD5: ee1545edcd485b34080e9389f2f86b5e
SHA1: c12e9a9d5ad723c3e2b60651659b0290d68d9e48
SHA256:a7432e9a357e03571ded2ef3d148086b92c297605797bcb31d37eb95b4779317
Referenced In Project/Scope:blueMarine II :: MusicBrainz:compile

Identifiers

  • None

javafx-graphics-11.0.1.jar

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/openjfx/javafx-graphics/11.0.1/javafx-graphics-11.0.1.jar
MD5: ff0579b2b89bfc26f6eb73f812076a1b
SHA1: e062cb01783effc6413abbd94d1838f6b0add209
SHA256:f597c672a4337a75ba856f38cf548c524b039f452423c34b55653e56c306733d
Referenced In Project/Scope:blueMarine II :: MusicBrainz:compile

Identifiers

javax.annotation-api-1.3.2.jar

Description:

Common Annotations for the JavaTM Platform API

License:

CDDL + GPLv2 with classpath exception: https://github.com/javaee/javax.annotation/blob/master/LICENSE
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/javax/annotation/javax.annotation-api/1.3.2/javax.annotation-api-1.3.2.jar
MD5: 2ab1973eefffaa2aeec47d50b9e40b9d
SHA1: 934c04d3cfef185a8008e7bf34331b79730a9d43
SHA256:e04ba5195bcd555dc95650f7cc614d151e4bcd52d29a10b8aa2197f3ab89ab9b
Referenced In Project/Scope:blueMarine II :: MusicBrainz:compile

Identifiers

javax.inject-1.jar

Description:

The javax.inject API

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/javax/inject/javax.inject/1/javax.inject-1.jar
MD5: 289075e48b909e9e74e6c915b3631d2e
SHA1: 6975da39a7040257bd51d21a231b76c915872d38
SHA256:91c77044a50c481636c32d916fd89c9118a72195390452c81065080f957de7ff
Referenced In Project/Scope:blueMarine II :: MusicBrainz:compile

Identifiers

jaxb-api-2.2.11.jar

Description:

JAXB (JSR 222) API

License:

CDDL 1.1: https://glassfish.java.net/public/CDDL+GPL_1_1.html
GPL2 w/ CPE: https://glassfish.java.net/public/CDDL+GPL_1_1.html
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/javax/xml/bind/jaxb-api/2.2.11/jaxb-api-2.2.11.jar
MD5: 5983d1e2ec1a9b0604575cd9e9582591
SHA1: 32274d4244967ff43e7a5d967743d94ed3d2aea7
SHA256:273d82f8653b53ad9d00ce2b2febaef357e79a273560e796ff3fcfec765f8910
Referenced In Project/Scope:blueMarine II :: MusicBrainz:compile

Identifiers

jaxb-core-2.2.11.jar

Description:

Old JAXB Core module. Contains sources required by XJC, JXC and Runtime modules with dependencies.

License:

http://glassfish.java.net/public/CDDL+GPL_1_1.html
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/com/sun/xml/bind/jaxb-core/2.2.11/jaxb-core-2.2.11.jar
MD5: c5eca4e58a75eabe3379926803421bab
SHA1: c3f87d654f8d5943cd08592f3f758856544d279a
SHA256:b13da0c655a3d590a2a945553648c407e6347648c9f7a3f811b7b3a8a1974baa
Referenced In Project/Scope:blueMarine II :: MusicBrainz:runtime

Identifiers

jaxb-core-2.2.11.jar (shaded: com.sun.istack:istack-commons-runtime:2.21)

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/com/sun/xml/bind/jaxb-core/2.2.11/jaxb-core-2.2.11.jar/META-INF/maven/com.sun.istack/istack-commons-runtime/pom.xml
MD5: caebf95d1d57fc0321b36137e246e192
SHA1: 04c234cf684a202c5c9bb7f0a198ba97e958f8f4
SHA256:ebe7137b5fbfd050545f9a7f3f339ae55beb0b53755071b4fd62aa024c626d1c
Referenced In Project/Scope:blueMarine II :: MusicBrainz:runtime

Identifiers

jaxb-core-2.2.11.jar (shaded: org.glassfish.jaxb:txw2:2.2.11)

Description:

        TXW is a library that allows you to write XML documents.

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/com/sun/xml/bind/jaxb-core/2.2.11/jaxb-core-2.2.11.jar/META-INF/maven/org.glassfish.jaxb/txw2/pom.xml
MD5: 83d24d59202baf2810daa01739963822
SHA1: 4be03527dbf2428f7ea99fb9c2f50f089dffad5e
SHA256:8514cb724b4fca59a5cf272b632e539bd0a0f3cacf1844082d0a173a86406bd8
Referenced In Project/Scope:blueMarine II :: MusicBrainz:runtime

Identifiers

jaxb-impl-2.2.11.jar

Description:

Old JAXB Runtime module. Contains sources required for runtime processing.

License:

http://glassfish.java.net/public/CDDL+GPL_1_1.html
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/com/sun/xml/bind/jaxb-impl/2.2.11/jaxb-impl-2.2.11.jar
MD5: bea06b3ee5ef2c338beac9187b7782f3
SHA1: a49ce57aee680f9435f49ba6ef427d38c93247a6
SHA256:f91793a96f185a2fc004c86a37086f060985854ce6b19935e03c4de51e3201d2
Referenced In Project/Scope:blueMarine II :: MusicBrainz:runtime

Identifiers

jaxb-impl-2.2.11.jar (shaded: org.glassfish.jaxb:jaxb-runtime:2.2.11)

Description:

JAXB (JSR 222) Reference Implementation

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/com/sun/xml/bind/jaxb-impl/2.2.11/jaxb-impl-2.2.11.jar/META-INF/maven/org.glassfish.jaxb/jaxb-runtime/pom.xml
MD5: fa2e4dc2609e6a4d96418f4ac6519e8d
SHA1: 6a1651361e4c2392aff30da0df648187f670f8cb
SHA256:e5327b31b595ab8143e97836d5ccdf85feb91e7ff5666f7b26913632facca4aa
Referenced In Project/Scope:blueMarine II :: MusicBrainz:runtime

Identifiers

jcl-over-slf4j-1.7.30.jar

Description:

JCL 1.2 implemented over SLF4J

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/slf4j/jcl-over-slf4j/1.7.30/jcl-over-slf4j-1.7.30.jar
MD5: 69ad224b2feb6f86554fe8997b9c3d4b
SHA1: cd92524ea19d27e5b94ecd251e1af729cffdfe15
SHA256:71e9ee37b9e4eb7802a2acc5f41728a4cf3915e7483d798db3b4ff2ec8847c50
Referenced In Project/Scope:blueMarine II :: MusicBrainz:runtime

Identifiers

jsr305-3.0.2.jar

Description:

JSR305 Annotations for Findbugs

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar
MD5: dd83accb899363c32b07d7a1b2e4ce40
SHA1: 25ea2e8b0c338a877313bd4672d3fe056ea78f0d
SHA256:766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7
Referenced In Project/Scope:blueMarine II :: MusicBrainz:compile

Identifiers

jul-to-slf4j-1.7.30.jar

Description:

JUL to SLF4J bridge

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/slf4j/jul-to-slf4j/1.7.30/jul-to-slf4j-1.7.30.jar
MD5: f2c78cb93d70dc5dea0c50f36ace09c1
SHA1: d58bebff8cbf70ff52b59208586095f467656c30
SHA256:bbcbfdaa72572255c4f85207a9bfdb24358dc993e41252331bd4d0913e4988b9
Referenced In Project/Scope:blueMarine II :: MusicBrainz:runtime

Identifiers

logback-core-1.2.3.jar

Description:

logback-core module

License:

http://www.eclipse.org/legal/epl-v10.html, http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/ch/qos/logback/logback-core/1.2.3/logback-core-1.2.3.jar
MD5: 841fc80c6edff60d947a3872a2db4d45
SHA1: 864344400c3d4d92dfeb0a305dc87d953677c03c
SHA256:5946d837fe6f960c02a53eda7a6926ecc3c758bbdd69aa453ee429f858217f22
Referenced In Project/Scope:blueMarine II :: MusicBrainz:runtime

Identifiers

lombok-1.18.18.jar

Description:

Spice up your java: Automatic Resource Management, automatic generation of getters, setters, equals, hashCode and toString, and more!

License:

The MIT License: https://projectlombok.org/LICENSE
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/projectlombok/lombok/1.18.18/lombok-1.18.18.jar
MD5: 6a157cf72924f8d135dcd6c571bf0405
SHA1: 481f5bfed3ae29f656eedfe9e98c8365b8ba5c57
SHA256:601ec46206e0f9cac2c0583b3350e79f095419c395e991c761640f929038e9cc
Referenced In Project/Scope:blueMarine II :: MusicBrainz:provided

Identifiers

rdf4j-util-2.1.4.jar

Description:

RDF4J utility classes

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/eclipse/rdf4j/rdf4j-util/2.1.4/rdf4j-util-2.1.4.jar
MD5: b0ba71a689f885b04610ecca34113409
SHA1: cab3522cde4e2f4f1690095716c9bbb70c071bdb
SHA256:a46050f4cd8880177cf0cadc4f90970108b88f06b3e9022e400e4d16b376b3e5
Referenced In Project/Scope:blueMarine II :: MusicBrainz:compile

Identifiers

CVE-2018-1000644  

Eclipse RDF4j version < 2.4.0 Milestone 2 contains a XML External Entity (XXE) vulnerability in RDF4j XML parser parsing RDF files that can result in the disclosure of confidential data, denial of service, server side request forgery, port scanning. This attack appear to be exploitable via Specially crafted RDF file.
CWE-611 Improper Restriction of XML External Entity Reference ('XXE')

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: CRITICAL (10.0)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

slf4j-api-1.7.30.jar

Description:

The slf4j API

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/slf4j/slf4j-api/1.7.30/slf4j-api-1.7.30.jar
MD5: f8be00da99bc4ab64c79ab1e2be7cb7c
SHA1: b5a4b6d16ab13e34a88fae84c35cd5d68cac922c
SHA256:cdba07964d1bb40a0761485c6b1e8c2f8fd9eb1d19c53928ac0d7f9510105c57
Referenced In Project/Scope:blueMarine II :: MusicBrainz:compile

Identifiers

spotbugs-annotations-3.1.9.jar

Description:

Annotations the SpotBugs tool supports

License:

GNU LESSER GENERAL PUBLIC LICENSE, Version 2.1: https://www.gnu.org/licenses/old-licenses/lgpl-2.1.en.html
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/com/github/spotbugs/spotbugs-annotations/3.1.9/spotbugs-annotations-3.1.9.jar
MD5: 56a1a81d69b6a111161bbce0e6dea26a
SHA1: 2ef5127efcc1a899aab8c66d449a631c9a99c469
SHA256:68c7c46b4299e94837e236ae742f399901a950fe910fe3ca710026753b5dd2e1
Referenced In Project/Scope:blueMarine II :: MusicBrainz:compile

Identifiers

spring-core-5.3.1.jar

Description:

Spring Core

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/springframework/spring-core/5.3.1/spring-core-5.3.1.jar
MD5: df36706fc74458c9c28e97aca7fae409
SHA1: 47af5b161749cd249fc074b4f140e011a3337efd
SHA256:6ee995055163c59703be237be59f0565acb97c9d42c5d60df2bf3a4b4c6ef6e9
Referenced In Project/Scope:blueMarine II :: MusicBrainz:compile

Identifiers



This report contains data retrieved from the National Vulnerability Database.
This report may contain data retrieved from the NPM Public Advisories.
This report may contain data retrieved from RetireJS.
This report may contain data retrieved from the Sonatype OSS Index.