Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies;
false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and
the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties,
implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided
is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever
arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
The JavaBeans(TM) Activation Framework is used by the JavaMail(TM) API to manage MIME data
License:
COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0: https://glassfish.dev.java.net/public/CDDLv1.0.html
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/javax/activation/activation/1.1.1/activation-1.1.1.jar MD5: 46a37512971d8eca81c3fcf245bf07d2 SHA1: 485de3a253e23f645037828c07f1d7f1af40763a SHA256:ae475120e9fcd99b4b00b38329bd61cdc5eb754eee03fe66c01f50e137724f99 Referenced In Project/Scope:blueMarine II :: Media Server :: UPnP:runtime
The runtime needed to execute a program using AspectJ
License:
Eclipse Public License - v 1.0: http://www.eclipse.org/legal/epl-v10.html
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/aspectj/aspectjrt/1.9.6/aspectjrt-1.9.6.jar MD5: 391f9257f19b84b45eb79a1878b9600a SHA1: 1651849d48659e5703adc2599e694bf67b8c3fc4 SHA256:20c785678cbb4ee045914daf83da25f98a16071177dfa0e3451326723dfb4705 Referenced In Project/Scope:blueMarine II :: Media Server :: UPnP:compile
APIs for CDI (Contexts and Dependency Injection for Java EE)
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.html
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/javax/enterprise/cdi-api/1.2/cdi-api-1.2.jar MD5: 2a8c973affa178efb89e6c50f78d79da SHA1: 53bba91dc3968adf411e076df020cf207283d7dc SHA256:cc5ce2cbc62fe96bf59af00bba00bde823a1094462b4364747863510b76c0518 Referenced In Project/Scope:blueMarine II :: Media Server :: UPnP:provided
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/fourthline/cling/cling-core/2.1.1/cling-core-2.1.1.jar MD5: 54a3af9ee2022ec78ee3a00c152a7af0 SHA1: 767954a4d738b8c77606d19a6c0255193651ccba SHA256:435497b9c1d768a220d366bc98f37a2d86469dcfaec7ff8ddb46a18384748128 Referenced In Project/Scope:blueMarine II :: Media Server :: UPnP:compile
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/fourthline/cling/cling-support/2.1.1/cling-support-2.1.1.jar MD5: 84f5b91563f5c05f1f48b2c9ccb67402 SHA1: 4b24a331452a3b4b078954490bf7430459495f6c SHA256:c8abb2925e371cd8baffff2fb07316f8d3a4723e7903280cf46323f884967946 Referenced In Project/Scope:blueMarine II :: Media Server :: UPnP:compile
The Apache Commons Codec package contains simple encoder and decoders for
various formats such as Base64 and Hexadecimal. In addition to these
widely used encoders and decoders, the codec package also maintains a
collection of phonetic encoding utilities.
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/commons-codec/commons-codec/1.10/commons-codec-1.10.jar MD5: 353cf6a2bdba09595ccfa073b78c7fcb SHA1: 4b95f4897fa13f2cd904aee711aeafc0c5295cd8 SHA256:4241dfa94e711d435f29a4604a3e2de5c4aa3c165e23bd066be6fc1fc4309569 Referenced In Project/Scope:blueMarine II :: Media Server :: UPnP:runtime
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/commons-io/commons-io/2.4/commons-io-2.4.jar MD5: 7f97854dc04c119d461fed14f5d8bb96 SHA1: b1b6ea3b7e4aa4f492509a4952029cd8e48019ad SHA256:cc6a41dc3eaacc9e440a6bd0d2890b20d36b4ee408fe2d67122f328bb6e01581 Referenced In Project/Scope:blueMarine II :: Media Server :: UPnP:compile
Commons Lang, a package of Java utility classes for the
classes that are in java.lang's hierarchy, or are considered to be so
standard as to justify existence in java.lang.
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/commons-lang/commons-lang/2.6/commons-lang-2.6.jar MD5: 4d5c1693079575b362edf41500630bbd SHA1: 0ce1edb914c94ebc388f086c6827e8bdeec71ac2 SHA256:50f11b09f877c294d56f24463f47d28f929cf5044f648661c0f0cfbae9a2f49c Referenced In Project/Scope:blueMarine II :: Media Server :: UPnP:runtime
Apache Commons Lang, a package of Java utility classes for the
classes that are in java.lang's hierarchy, or are considered to be so
standard as to justify existence in java.lang.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/apache/commons/commons-lang3/3.5/commons-lang3-3.5.jar MD5: 780b5a8b72eebe6d0dbff1c11b5658fa SHA1: 6c6c702c89bfff3cd9e80b04d668c5e190d588c6 SHA256:8ac96fc686512d777fca85e144f196cd7cfe0c0aec23127229497d1a38ff651c Referenced In Project/Scope:blueMarine II :: Media Server :: UPnP:runtime
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/apache/httpcomponents/fluent-hc/4.5.2/fluent-hc-4.5.2.jar MD5: cf1dabb4e28eb4bef54a3dfd268a9e19 SHA1: 7bfdfa49de6d720ad3c8cedb6a5238eec564dfed SHA256:f63f033bef4041274aab064ca63fc731298d579de7fd87c9cc1ca2c789717bb8 Referenced In Project/Scope:blueMarine II :: Media Server :: UPnP:compile
Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.
Guava is a suite of core and expanded libraries that include
utility classes, google's collections, io classes, and much
much more.
Guava has only one code dependency - javax.annotation,
per the JSR-305 spec.
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/com/google/guava/guava/18.0/guava-18.0.jar MD5: 947641f6bb535b1d942d1bc387c45290 SHA1: cce0823396aa693798f8882e64213b1772032b09 SHA256:d664fbfc03d2e5ce9cab2a44fb01f1d0bf9dfebeccc1a473b1f9ea31f79f6f99 Referenced In Project/Scope:blueMarine II :: Media Server :: UPnP:compile
Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable.
CWE-770 Allocation of Resources Without Limits or Throttling
A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in question has been marked @Deprecated in versions 30.0 and later and should not be used. For Android developers, we recommend choosing a temporary directory API provided by Android, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime's java.io.tmpdir system property to point to a location whose permissions are appropriately configured.
CWE-732 Incorrect Permission Assignment for Critical Resource
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/apache/httpcomponents/httpclient/4.4/httpclient-4.4.jar MD5: ccf9833ec0cbd38831ceeb8fc246e2dd SHA1: 6d220441ca681dddc55a189eae81a437309128b8 SHA256:c50eafa5477af2fa8217d3f729b815ff3c669dbc467552c0feeedc61be965523 Referenced In Project/Scope:blueMarine II :: Media Server :: UPnP:compile
Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/apache/httpcomponents/httpclient-osgi/4.5.2/httpclient-osgi-4.5.2.jar MD5: 59c3fe979bf2cd795786bf28373b43f6 SHA1: 3262c30d156f3ae05a5c95d9aa39f0e3eed17585 SHA256:de3ec9919ab0d3263fb1c993ceb1d1aba29dba33a26f8aaf0c3679cc8348beea Referenced In Project/Scope:blueMarine II :: Media Server :: UPnP:compile
Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.
The Apache Commons Codec package contains simple encoder and decoders for
various formats such as Base64 and Hexadecimal. In addition to these
widely used encoders and decoders, the codec package also maintains a
collection of phonetic encoding utilities.
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/apache/httpcomponents/httpclient-osgi/4.5.2/httpclient-osgi-4.5.2.jar/META-INF/maven/commons-codec/commons-codec/pom.xml MD5: 921b8b50ce6dc0c5a8605d7c7011bd37 SHA1: f5357ff0f308600af3660bf00a8be3415a335723 SHA256:e5efcf039cd909688c201dc5479b144fd6f01f0e40252b7fc5e7d2e1b5c07990 Referenced In Project/Scope:blueMarine II :: Media Server :: UPnP:compile
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/apache/httpcomponents/httpclient-osgi/4.5.2/httpclient-osgi-4.5.2.jar/META-INF/maven/org.apache.httpcomponents/httpclient-cache/pom.xml MD5: b19b9eca8a6d93f431eb48f0dbd1fb57 SHA1: b51afa5f36dd4f0b2d7e87867a646a34ab690c96 SHA256:8ed51e8da875c225f5417db283e61f0d2817959f8564a99a5c4e90113aef32d2 Referenced In Project/Scope:blueMarine II :: Media Server :: UPnP:compile
Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/apache/httpcomponents/httpcore/4.4/httpcore-4.4.jar MD5: e016cf1346ba3f65302c3d71c5b91f44 SHA1: e9b3863fd9c8a273ceed4a7fae10f40bb10a2328 SHA256:1ef8db5d30b7741ab5fdf6df876a090a7dd51623e83f3736d0bb8fb1b5ead32f Referenced In Project/Scope:blueMarine II :: Media Server :: UPnP:compile
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/apache/httpcomponents/httpcore-nio/4.4.4/httpcore-nio-4.4.4.jar MD5: 562f930326530c262c04d7b4f6b1d055 SHA1: 16badfc2d99db264c486ba8c57ae577301a58bd9 SHA256:f21be11ed00a7c655204c03d3ff38c2e8ac88db0913da3598ce5f9ffd686ae1f Referenced In Project/Scope:blueMarine II :: Media Server :: UPnP:compile
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/apache/httpcomponents/httpcore-osgi/4.4.4/httpcore-osgi-4.4.4.jar MD5: a667179ec81d755e6455ffe6cc5276e8 SHA1: d5c14055e569afca96f4603d6f9d467bc72ccba8 SHA256:a0bd904e00cb6788efd5cd8c180cb19569bba43e22a711e9b020ffa51b045a4c Referenced In Project/Scope:blueMarine II :: Media Server :: UPnP:compile
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/apache/httpcomponents/httpmime/4.5.2/httpmime-4.5.2.jar MD5: 336fa980f7527be719fa997f5df8046f SHA1: 22b4c53dd9b6761024258de8f9240c3dce6ea368 SHA256:231a3f7e4962053db2be8461d5422e68fc458a3a7dd7d8ada803a348e21f8f07 Referenced In Project/Scope:blueMarine II :: Media Server :: UPnP:compile
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/it/tidalwave/bluemarine2/it-tidalwave-bluemarine2-catalog/1.1-ALPHA-1/it-tidalwave-bluemarine2-catalog-1.1-ALPHA-1.jar MD5: d491adf243cb25507e81efd7140a0ece SHA1: 064ff3d421935cfd4f1fd0bd35e2e8801e96d890 SHA256:7ce7fd8c02097f8f38606b7f6cb0165fcfc0eff61fd2f4d5b7374ae3ce274475 Referenced In Project/Scope:blueMarine II :: Media Server :: UPnP:compile
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/it/tidalwave/bluemarine2/it-tidalwave-bluemarine2-commons/1.1-ALPHA-1/it-tidalwave-bluemarine2-commons-1.1-ALPHA-1.jar MD5: d450852502b7d426979a720126db986d SHA1: 555bac8561a9f0bdd8da3ab174f13cd1db500ad8 SHA256:cdd10c81760079227e642bf9693cfd01c6c621f574adcd2b7531985fd9322a3a Referenced In Project/Scope:blueMarine II :: Media Server :: UPnP:compile
The abstract model of the component that exposes media.
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/it/tidalwave/bluemarine2/it-tidalwave-bluemarine2-mediaserver/1.1-ALPHA-1/it-tidalwave-bluemarine2-mediaserver-1.1-ALPHA-1.jar MD5: 9224fda114b8492ef7128eb0aea26caf SHA1: 276000785eef568737570095536fd802c7c64d44 SHA256:85081720b19e589dcbdabf54721cb71a92e1971a5196cb9ae3a862360593d3dc Referenced In Project/Scope:blueMarine II :: Media Server :: UPnP:compile
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/it/tidalwave/bluemarine2/it-tidalwave-bluemarine2-model/1.1-ALPHA-1/it-tidalwave-bluemarine2-model-1.1-ALPHA-1.jar MD5: b5054e83856058deb7aa52409e9ea67d SHA1: 97bbf8594aabfb7d85aca8daef6f0ccf404d6e8c SHA256:f18ccf14a88ce48db2c5e4fe54fcacbe4ac5c9c975f7c198e2dabe4f455c78fa Referenced In Project/Scope:blueMarine II :: Media Server :: UPnP:compile
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/it/tidalwave/bluemarine2/it-tidalwave-bluemarine2-persistence/1.1-ALPHA-1/it-tidalwave-bluemarine2-persistence-1.1-ALPHA-1.jar MD5: 5a44b650d03c8141505c755563ebd6a2 SHA1: de11aa5ead48f9e6b8a0ae86372906b3680a5238 SHA256:ccd2be9b26d20152a11c87ef7026e726dbef821cf966ddedda6b840ca34caa67 Referenced In Project/Scope:blueMarine II :: Media Server :: UPnP:compile
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/it/tidalwave/bluemarine2/it-tidalwave-bluemarine2-rest/1.1-ALPHA-1/it-tidalwave-bluemarine2-rest-1.1-ALPHA-1.jar MD5: 1ecc18ff747a26594c7b63faab80e473 SHA1: a0648a2e469d9446425dcd6e1566711be5aaed0f SHA256:61262ce895c158d4091080599d738a546e1180a7810a83b3fbc5ad6f44fb0cf4 Referenced In Project/Scope:blueMarine II :: Media Server :: UPnP:compile
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/it/tidalwave/bluemarine2/it-tidalwave-bluemarine2-rest/1.1-ALPHA-1/it-tidalwave-bluemarine2-rest-1.1-ALPHA-1.jar/webapp/js/bootstrap.min.js MD5: c5b5b2fa19bd66ff23211d9f844e0131 SHA1: 791aa054a026bddc0de92bad6cf7a1c6e73713d5 SHA256:2979f9a6e32fc42c3e7406339ee9fe76b31d1b52059776a02b4a7fa6a4fd280a Referenced In Project/Scope:blueMarine II :: Media Server :: UPnP:compile
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/it/tidalwave/bluemarine2/it-tidalwave-bluemarine2-rest/1.1-ALPHA-1/it-tidalwave-bluemarine2-rest-1.1-ALPHA-1.jar/webapp/js/handlebars.min.js MD5: c29e40d32ace051a672be040fadc6683 SHA1: 16cbc4c0a67117a5a3e6cfd78ad457359f82faf8 SHA256:acc39238ce470f35443285594efdb5f3df912924d2818e5929f4df6a9eeadb31 Referenced In Project/Scope:blueMarine II :: Media Server :: UPnP:compile
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/it/tidalwave/bluemarine2/it-tidalwave-bluemarine2-rest/1.1-ALPHA-1/it-tidalwave-bluemarine2-rest-1.1-ALPHA-1.jar/webapp/js/jquery.min.js MD5: 6fc159d00dc3cea4153c038739683f93 SHA1: 5d7e5bbfa540f0e53bd599e4305e1a4e815b5dd1 SHA256:8a102873a33f24f7eb22221e6b23c4f718e29f85168ecc769a35bfaed9b12cce Referenced In Project/Scope:blueMarine II :: Media Server :: UPnP:compile
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.7
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 7.3.3; versions up to (including) 7.3.5
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.0; versions up to (including) 8.0.7
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
cpe:2.3:a:oracle:financial_services_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.8
cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_us_federal_reserve:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.1.0
cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.15
cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 7.3.3; versions up to (including) 7.3.5
cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.7
cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.9
cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.12.0; versions up to (excluding) 1.12.6
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8
cpe:2.3:a:oracle:hospitality_simphony:*:*:*:*:*:*:*:* versions from (including) 19.1.0; versions up to (including) 19.1.2
cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8
cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8
cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8
cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_us_federal_reserve:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.9
cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.9
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.6.0.0; versions up to (including) 8.1.0.0.0
cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/it/tidalwave/bluemarine2/it-tidalwave-bluemarine2-rest/1.1-ALPHA-1/it-tidalwave-bluemarine2-rest-1.1-ALPHA-1.jar/webapp/js/luga.min.js MD5: 861cc0e3567b51af13c746cbdf30947e SHA1: 350221d635df64742820f06845b6e6c89b2b3b7d SHA256:220a496b817fd625011e9fe49c7ae0165b420f96637b74df09957e840a4a2b64 Referenced In Project/Scope:blueMarine II :: Media Server :: UPnP:compile
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/it/tidalwave/bluemarine2/it-tidalwave-bluemarine2-rest/1.1-ALPHA-1/it-tidalwave-bluemarine2-rest-1.1-ALPHA-1.jar/webapp/js/moment.min.js MD5: 0a8c0ed69de37d65b29e9e0de39e1eaa SHA1: 0eeec1bc6e620cd1020bb1a7d5760ed45c969937 SHA256:1a7ecc510a27a3c2d4c537d1034599cc9813b9ae7651d9b521fae4e78db5ce40 Referenced In Project/Scope:blueMarine II :: Media Server :: UPnP:compile
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/it/tidalwave/bluemarine2/it-tidalwave-bluemarine2-rest/1.1-ALPHA-1/it-tidalwave-bluemarine2-rest-1.1-ALPHA-1.jar/webapp/js/numeral.min.js MD5: 769d83d47eeb4951f02c8848195b9553 SHA1: ad79f25aa5ca283d2ec9328008cafaa11f209994 SHA256:01b2c1b9ab356e9899c8e4e72bf4617a7c998d13e2818a7ff4ca9ac3dee80325 Referenced In Project/Scope:blueMarine II :: Media Server :: UPnP:compile
A collection of semantic elements for the database.
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/it/tidalwave/bluemarine2/it-tidalwave-bluemarine2-vocabulary/1.1-ALPHA-1/it-tidalwave-bluemarine2-vocabulary-1.1-ALPHA-1.jar MD5: 6687e82a11c5d2debbb78283341d13b1 SHA1: 9c428ccc2eb12149d6984f656d7526c59da5e8d2 SHA256:04deb665a70841f40ac7e5f4b1d43fb3a664315159ac9d13dc56dd690b546317 Referenced In Project/Scope:blueMarine II :: Media Server :: UPnP:compile
An abstract description of a simple message bus to be used within an application.
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/it/tidalwave/thesefoolishthings/it-tidalwave-messagebus/3.2-ALPHA-11/it-tidalwave-messagebus-3.2-ALPHA-11.jar MD5: 5e429b1fdc1357593bdbe4ae2e43eb73 SHA1: 6359be911f918b89a7f164e11c91a953a29d7072 SHA256:d9d982eea5a0bbdb8769ad675866b3324e544eeeba7a3b1a241bffdf557c5cf0 Referenced In Project/Scope:blueMarine II :: Media Server :: UPnP:compile
A Spring implementation of a simple message bus to be used within an application.
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/it/tidalwave/thesefoolishthings/it-tidalwave-messagebus-spring/3.2-ALPHA-11/it-tidalwave-messagebus-spring-3.2-ALPHA-11.jar MD5: 834a621cb0ac1cc5ee479dbf63631627 SHA1: 7bdeee0717482d985703c445d3eeed39914db684 SHA256:8ad4ec01a28fd88643e030c44f750c4856070c374e875d1d6ea592e29f03ca02 Referenced In Project/Scope:blueMarine II :: Media Server :: UPnP:compile
Roles are a powerful way for designing complex behaviours while keeping good practices such as Single Responsibility, Dependency Inversion and
Interface Segregation.
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/it/tidalwave/thesefoolishthings/it-tidalwave-role/3.2-ALPHA-11/it-tidalwave-role-3.2-ALPHA-11.jar MD5: 80ba630d9714bee82e8ec9e143a4b3c9 SHA1: 1ca57201c455a955a9995ab1d48289fed76d8800 SHA256:7e847b7a3d662155d47077626d315bd75d42f28300b22db54d7cfb9fed031d0a Referenced In Project/Scope:blueMarine II :: Media Server :: UPnP:compile
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/it/tidalwave/steelblue/it-tidalwave-role-ui-javafx/1.1-ALPHA-2/it-tidalwave-role-ui-javafx-1.1-ALPHA-2.jar MD5: 04595283cb55863ac87a817253ca60ae SHA1: e189745e52eac13dc6000594214142da2d64ffb8 SHA256:a09c323a23445fff711856d3389ce841a0a52c3bed83c2c00fc37d5ebe567bef Referenced In Project/Scope:blueMarine II :: Media Server :: UPnP:compile
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/it/tidalwave/thesefoolishthings/it-tidalwave-util/3.2-ALPHA-11/it-tidalwave-util-3.2-ALPHA-11.jar MD5: 177cfe76d9466ac36a64135f63fb3b11 SHA1: 1a9d9cd4f18be3e11f7b6a43b767f5d3a0f5dbde SHA256:c2a653eccad40eef79de288779dc5e30999b15e2d68d561b82c7e8bf9356aeab Referenced In Project/Scope:blueMarine II :: Media Server :: UPnP:compile
Core Jackson processing abstractions (aka Streaming API), implementation for JSON
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/com/fasterxml/jackson/core/jackson-core/2.12.2/jackson-core-2.12.2.jar MD5: d9c1faa07f50abade5c796de00c4b23c SHA1: 8df50138521d05561a308ec2799cc8dda20c06df SHA256:7883331763729b72735fdd8a117f32eb7d22695babfb37cc99df8392c196efc3 Referenced In Project/Scope:blueMarine II :: Media Server :: UPnP:compile
General data-binding functionality for Jackson: works on core streaming API
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/com/fasterxml/jackson/core/jackson-databind/2.12.2/jackson-databind-2.12.2.jar MD5: 8ce740ce76d0b2b0f6e4a13f4dc58c4f SHA1: 5f9d79e09ebf5d54a46e9f4543924cf7ae7654e0 SHA256:c4002f861d8d33f3202bf8effabb53acc320c5276cc50c1bfaae73c36ce8db32 Referenced In Project/Scope:blueMarine II :: Media Server :: UPnP:compile
The aim of this project is to provide a world class Java library
for editing tag information in audio files.
Most existing solutions are not java based inhibiting the use of
java applications with digital files.
License:
LGPL: http://www.gnu.org/copyleft/lesser.html
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/net/jthink/jaudiotagger/2.2.5/jaudiotagger-2.2.5.jar MD5: 192fd43df458a04d32b215e38489f8ae SHA1: e9a1c27942a89439e3f8dca737075b7a354a46e1 SHA256:ccf8dc43a2846de375c97e834114b904febc3f4792e103692149a2498d5e390d Referenced In Project/Scope:blueMarine II :: Media Server :: UPnP:compile
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/openjfx/javafx-base/11.0.1/javafx-base-11.0.1-mac.jar MD5: 94933060e439fba99478e14fcf2d1b02 SHA1: 2b9ca67aea06b0ea7aa0e740498fc97c822b307e SHA256:2d8052a08fd2e5d98e1d5a16d724ea5dd02102879de20a193225f57199803983 Referenced In Project/Scope:blueMarine II :: Media Server :: UPnP:compile
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/openjfx/javafx-base/11.0.1/javafx-base-11.0.1.jar MD5: b85ce0631dae83fe643fbd32ccd08e4c SHA1: f1354a284f4151d20358e776f6ff68ee35bbb96d SHA256:c5084a74417a89c69a0c122fae96a4b70bf619fc3d6218ea102a4047ec85ad04 Referenced In Project/Scope:blueMarine II :: Media Server :: UPnP:compile
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/openjfx/javafx-controls/11.0.1/javafx-controls-11.0.1-mac.jar MD5: f321c782b9bf158a630cb0a7bea73644 SHA1: 0538fd08a4ecd76788766a69c19e90b4cc0179f8 SHA256:148468742e957b765d5ac6d5ba66ce983e1acdf582c191bb35dbfe8cdefdb314 Referenced In Project/Scope:blueMarine II :: Media Server :: UPnP:compile
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/openjfx/javafx-controls/11.0.1/javafx-controls-11.0.1.jar MD5: 2e18fc95e4aa7ce325cefa67b9f61f3d SHA1: 61cf91bf3494d0616216f49c9e1d183d170adf0a SHA256:71be28dc4d80744ba541fc50d933729e8703fe1e642ae92037f6fccc7f961971 Referenced In Project/Scope:blueMarine II :: Media Server :: UPnP:compile
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/openjfx/javafx-fxml/11.0.1/javafx-fxml-11.0.1-mac.jar MD5: a835057792b4fc1aa7d6c4bea9547add SHA1: 352a51a0f0cb13cf83a081b5dd5526acd4fbab30 SHA256:56f9a32b3a1fc76c761bd40c16917ed1675c8d5dcbe492a44ce9ee2391e27139 Referenced In Project/Scope:blueMarine II :: Media Server :: UPnP:compile
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/openjfx/javafx-fxml/11.0.1/javafx-fxml-11.0.1.jar MD5: 6e4c64769d877a47edbdd0023d89a074 SHA1: f290c13d7e984d880c9f114f38c2da949ef18d54 SHA256:546fc449f01cd0bbe51a921f9d3f0e5d8764764480caca4a709e681e7ad0b6cf Referenced In Project/Scope:blueMarine II :: Media Server :: UPnP:compile
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/openjfx/javafx-graphics/11.0.1/javafx-graphics-11.0.1-mac.jar MD5: 64a05ff45e2ff0e9695817816284daf5 SHA1: 3c5014c500e6d308eca4ac9f952d4f7e7e8dfc7e SHA256:e0bcd295cae13c636f92911474acbab6bee836e6950d1696a02d79a041d61df2 Referenced In Project/Scope:blueMarine II :: Media Server :: UPnP:compile
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/openjfx/javafx-graphics/11.0.1/javafx-graphics-11.0.1-mac.jar/javafx-swt.jar MD5: ee1545edcd485b34080e9389f2f86b5e SHA1: c12e9a9d5ad723c3e2b60651659b0290d68d9e48 SHA256:a7432e9a357e03571ded2ef3d148086b92c297605797bcb31d37eb95b4779317 Referenced In Project/Scope:blueMarine II :: Media Server :: UPnP:compile
Evidence
Type
Source
Name
Value
Confidence
Vendor
jar
package name
swt
Low
Vendor
jar
package name
embed
Low
Vendor
file
name
javafx-swt
High
Vendor
jar
package name
javafx
Low
Product
jar
package name
swt
Low
Product
jar
package name
embed
Low
Product
file
name
javafx-swt
High
Identifiers
None
javafx-graphics-11.0.1.jar
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/openjfx/javafx-graphics/11.0.1/javafx-graphics-11.0.1.jar MD5: ff0579b2b89bfc26f6eb73f812076a1b SHA1: e062cb01783effc6413abbd94d1838f6b0add209 SHA256:f597c672a4337a75ba856f38cf548c524b039f452423c34b55653e56c306733d Referenced In Project/Scope:blueMarine II :: Media Server :: UPnP:compile
CDDL + GPLv2 with classpath exception: https://github.com/javaee/javax.annotation/blob/master/LICENSE
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/javax/annotation/javax.annotation-api/1.3.2/javax.annotation-api-1.3.2.jar MD5: 2ab1973eefffaa2aeec47d50b9e40b9d SHA1: 934c04d3cfef185a8008e7bf34331b79730a9d43 SHA256:e04ba5195bcd555dc95650f7cc614d151e4bcd52d29a10b8aa2197f3ab89ab9b Referenced In Project/Scope:blueMarine II :: Media Server :: UPnP:compile
CDDL + GPLv2 with classpath exception: https://glassfish.dev.java.net/nonav/public/CDDL+GPL.html
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/javax/el/javax.el-api/3.0.0/javax.el-api-3.0.0.jar MD5: 018bd5e6158d75bf328b2cafd53cfc6a SHA1: 60a59edc89f93d57541da31ee1c83428ab1cdcb3 SHA256:8d21ac8c3a38027be27ff4c4fe24806ae2fc188559123253ddc7425066d78fa1 Referenced In Project/Scope:blueMarine II :: Media Server :: UPnP:provided
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/javax/inject/javax.inject/1/javax.inject-1.jar MD5: 289075e48b909e9e74e6c915b3631d2e SHA1: 6975da39a7040257bd51d21a231b76c915872d38 SHA256:91c77044a50c481636c32d916fd89c9118a72195390452c81065080f957de7ff Referenced In Project/Scope:blueMarine II :: Media Server :: UPnP:compile
CDDL + GPLv2 with classpath exception: https://glassfish.dev.java.net/nonav/public/CDDL+GPL.html
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/javax/interceptor/javax.interceptor-api/1.2/javax.interceptor-api-1.2.jar MD5: 001934e19937dc127ff1d4d60cd8fc5d SHA1: a5c058610aebacc1eb89c89e8fde2a978090e374 SHA256:62acf2da0e19e813e0f5aa5de09108368b12e40b4a2f47c66a88f984f4f5143b Referenced In Project/Scope:blueMarine II :: Media Server :: UPnP:provided
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/javax/xml/bind/jaxb-api/2.2.11/jaxb-api-2.2.11.jar MD5: 5983d1e2ec1a9b0604575cd9e9582591 SHA1: 32274d4244967ff43e7a5d967743d94ed3d2aea7 SHA256:273d82f8653b53ad9d00ce2b2febaef357e79a273560e796ff3fcfec765f8910 Referenced In Project/Scope:blueMarine II :: Media Server :: UPnP:compile
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/com/sun/xml/bind/jaxb-core/2.2.11/jaxb-core-2.2.11.jar MD5: c5eca4e58a75eabe3379926803421bab SHA1: c3f87d654f8d5943cd08592f3f758856544d279a SHA256:b13da0c655a3d590a2a945553648c407e6347648c9f7a3f811b7b3a8a1974baa Referenced In Project/Scope:blueMarine II :: Media Server :: UPnP:runtime
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/com/sun/xml/bind/jaxb-core/2.2.11/jaxb-core-2.2.11.jar/META-INF/maven/com.sun.istack/istack-commons-runtime/pom.xml MD5: caebf95d1d57fc0321b36137e246e192 SHA1: 04c234cf684a202c5c9bb7f0a198ba97e958f8f4 SHA256:ebe7137b5fbfd050545f9a7f3f339ae55beb0b53755071b4fd62aa024c626d1c Referenced In Project/Scope:blueMarine II :: Media Server :: UPnP:runtime
TXW is a library that allows you to write XML documents.
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/com/sun/xml/bind/jaxb-core/2.2.11/jaxb-core-2.2.11.jar/META-INF/maven/org.glassfish.jaxb/txw2/pom.xml MD5: 83d24d59202baf2810daa01739963822 SHA1: 4be03527dbf2428f7ea99fb9c2f50f089dffad5e SHA256:8514cb724b4fca59a5cf272b632e539bd0a0f3cacf1844082d0a173a86406bd8 Referenced In Project/Scope:blueMarine II :: Media Server :: UPnP:runtime
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/com/sun/xml/bind/jaxb-impl/2.2.11/jaxb-impl-2.2.11.jar MD5: bea06b3ee5ef2c338beac9187b7782f3 SHA1: a49ce57aee680f9435f49ba6ef427d38c93247a6 SHA256:f91793a96f185a2fc004c86a37086f060985854ce6b19935e03c4de51e3201d2 Referenced In Project/Scope:blueMarine II :: Media Server :: UPnP:runtime
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/com/sun/xml/bind/jaxb-impl/2.2.11/jaxb-impl-2.2.11.jar/META-INF/maven/org.glassfish.jaxb/jaxb-runtime/pom.xml MD5: fa2e4dc2609e6a4d96418f4ac6519e8d SHA1: 6a1651361e4c2392aff30da0df648187f670f8cb SHA256:e5327b31b595ab8143e97836d5ccdf85feb91e7ff5666f7b26913632facca4aa Referenced In Project/Scope:blueMarine II :: Media Server :: UPnP:runtime
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/slf4j/jcl-over-slf4j/1.7.30/jcl-over-slf4j-1.7.30.jar MD5: 69ad224b2feb6f86554fe8997b9c3d4b SHA1: cd92524ea19d27e5b94ecd251e1af729cffdfe15 SHA256:71e9ee37b9e4eb7802a2acc5f41728a4cf3915e7483d798db3b4ff2ec8847c50 Referenced In Project/Scope:blueMarine II :: Media Server :: UPnP:runtime
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/eclipse/jetty/jetty-http/10.0.1/jetty-http-10.0.1.jar MD5: 1ab05e224ff68c7893f434271b340c58 SHA1: bc5fd44f638be64ee6e665e53abb6122c179ccb0 SHA256:43f3566dc7e8b97b023f5b61b1caca98e54cfcd7cceb93066ae7aa4332b723ec Referenced In Project/Scope:blueMarine II :: Media Server :: UPnP:compile
In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that directory.
CWE-59 Improper Link Resolution Before File Access ('Link Following')
In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame.
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/eclipse/jetty/jetty-io/10.0.1/jetty-io-10.0.1.jar MD5: 75b6e2dcd4ed97cfec4e3471a5921954 SHA1: c3a08489113d7717862c52686fea46dc7a5b8a83 SHA256:7f140341ad0a328998ba974a6eeeec3354189fdd5852f10ed677f56d8e3be9e6 Referenced In Project/Scope:blueMarine II :: Media Server :: UPnP:compile
Evidence
Type
Source
Name
Value
Confidence
Vendor
Manifest
bundle-symbolicname
org.eclipse.jetty.io
Medium
Vendor
pom
parent-groupid
org.eclipse.jetty
Medium
Vendor
Manifest
url
https://www.eclipse.org/jetty/
Low
Vendor
pom
groupid
eclipse.jetty
Highest
Vendor
Manifest
Implementation-Vendor
Eclipse Jetty Project
High
Vendor
jar
package name
io
Highest
Vendor
pom
parent-artifactid
jetty-project
Low
Vendor
file
name
jetty-io
High
Vendor
Manifest
build-jdk-spec
11
Low
Vendor
Manifest
bundle-copyright
Copyright (c) 2008-2021 Mort Bay Consulting Pty Ltd and others.
Low
Vendor
jar
package name
eclipse
Highest
Vendor
Manifest
bundle-docurl
https://www.eclipse.org/jetty/
Low
Vendor
pom
name
Jetty :: IO Utility
High
Vendor
jar
package name
jetty
Highest
Vendor
pom
groupid
org.eclipse.jetty
Highest
Vendor
Manifest
bundle-requiredexecutionenvironment
JavaSE-11
Low
Vendor
pom
artifactid
jetty-io
Low
Product
Manifest
bundle-symbolicname
org.eclipse.jetty.io
Medium
Product
pom
parent-groupid
org.eclipse.jetty
Medium
Product
Manifest
url
https://www.eclipse.org/jetty/
Low
Product
pom
artifactid
jetty-io
Highest
Product
pom
groupid
eclipse.jetty
Highest
Product
jar
package name
io
Highest
Product
file
name
jetty-io
High
Product
pom
parent-artifactid
jetty-project
Medium
Product
Manifest
Bundle-Name
Jetty :: IO Utility
Medium
Product
Manifest
build-jdk-spec
11
Low
Product
Manifest
bundle-copyright
Copyright (c) 2008-2021 Mort Bay Consulting Pty Ltd and others.
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/eclipse/jetty/jetty-server/10.0.1/jetty-server-10.0.1.jar MD5: 4a44534049d5d57b3f117c375c577ffa SHA1: 2bdf137df2e5f478b4e1a65cf284fc329b9e4d78 SHA256:eabe5a2cb803a5523030c36026048c3c2a4d49e881691915313627d6e224fbf0 Referenced In Project/Scope:blueMarine II :: Media Server :: UPnP:compile
Evidence
Type
Source
Name
Value
Confidence
Vendor
pom
parent-groupid
org.eclipse.jetty
Medium
Vendor
Manifest
url
https://www.eclipse.org/jetty/
Low
Vendor
pom
groupid
eclipse.jetty
Highest
Vendor
Manifest
Implementation-Vendor
Eclipse Jetty Project
High
Vendor
file
name
jetty-server
High
Vendor
jar
package name
server
Highest
Vendor
pom
parent-artifactid
jetty-project
Low
Vendor
Manifest
bundle-symbolicname
org.eclipse.jetty.server
Medium
Vendor
pom
artifactid
jetty-server
Low
Vendor
Manifest
build-jdk-spec
11
Low
Vendor
Manifest
bundle-copyright
Copyright (c) 2008-2021 Mort Bay Consulting Pty Ltd and others.
Low
Vendor
jar
package name
eclipse
Highest
Vendor
Manifest
bundle-docurl
https://www.eclipse.org/jetty/
Low
Vendor
jar
package name
jetty
Highest
Vendor
pom
groupid
org.eclipse.jetty
Highest
Vendor
pom
name
Jetty :: Server Core
High
Vendor
Manifest
bundle-requiredexecutionenvironment
JavaSE-11
Low
Product
Manifest
Bundle-Name
Jetty :: Server Core
Medium
Product
pom
parent-groupid
org.eclipse.jetty
Medium
Product
Manifest
url
https://www.eclipse.org/jetty/
Low
Product
pom
groupid
eclipse.jetty
Highest
Product
file
name
jetty-server
High
Product
jar
package name
server
Highest
Product
pom
parent-artifactid
jetty-project
Medium
Product
Manifest
bundle-symbolicname
org.eclipse.jetty.server
Medium
Product
Manifest
build-jdk-spec
11
Low
Product
Manifest
bundle-copyright
Copyright (c) 2008-2021 Mort Bay Consulting Pty Ltd and others.
In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that directory.
CWE-59 Improper Link Resolution Before File Access ('Link Following')
In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame.
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/eclipse/jetty/toolchain/jetty-servlet-api/4.0.6/jetty-servlet-api-4.0.6.jar MD5: d63413e02885c25d0129e3d2936606f6 SHA1: 959c5d83d08f5cddf56caff749e48b735193191b SHA256:d90bf1f8a9d2ba89f4510bb51e1516dcf94ef6dc034e00f233654abdd78f2210 Referenced In Project/Scope:blueMarine II :: Media Server :: UPnP:compile
Evidence
Type
Source
Name
Value
Confidence
Vendor
pom
groupid
org.eclipse.jetty.toolchain
Highest
Vendor
file
name
jetty-servlet-api
High
Vendor
jar
package name
servlet
Highest
Vendor
pom
groupid
eclipse.jetty.toolchain
Highest
Vendor
pom
parent-groupid
org.eclipse.jetty.toolchain
Medium
Vendor
Manifest
bundle-docurl
https://eclipse.org/jetty
Low
Vendor
Manifest
bundle-symbolicname
org.eclipse.jetty.servlet-api
Medium
Vendor
Manifest
require-capability
osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=11))"
Low
Vendor
pom
parent-artifactid
jetty-toolchain
Low
Vendor
pom
name
Jetty :: Servlet API and Schemas for JPMS and OSGi
High
Vendor
pom
artifactid
jetty-servlet-api
Low
Vendor
Manifest
build-jdk-spec
11
Low
Vendor
Manifest
bundle-requiredexecutionenvironment
JavaSE-11
Low
Product
jar
package name
filter
Highest
Product
pom
parent-artifactid
jetty-toolchain
Medium
Product
file
name
jetty-servlet-api
High
Product
jar
package name
servlet
Highest
Product
pom
groupid
eclipse.jetty.toolchain
Highest
Product
pom
parent-groupid
org.eclipse.jetty.toolchain
Medium
Product
Manifest
bundle-docurl
https://eclipse.org/jetty
Low
Product
Manifest
Bundle-Name
Eclipse Jetty Servlet API and Schemas for JPMS and OSGi
Medium
Product
Manifest
bundle-symbolicname
org.eclipse.jetty.servlet-api
Medium
Product
Manifest
require-capability
osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=11))"
Low
Product
pom
name
Jetty :: Servlet API and Schemas for JPMS and OSGi
In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), HTTP/0.9 is handled poorly. An HTTP/1 style request line (i.e. method space URI space version) that declares a version of HTTP/0.9 was accepted and treated as a 0.9 request. If deployed behind an intermediary that also accepted and passed through the 0.9 version (but did not act on it), then the response sent could be interpreted by the intermediary as HTTP/1 headers. This could be used to poison the cache if the server allowed the origin client to generate arbitrary content in the response.
In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a smaller chunk size and content sent as chunk body could be interpreted as a pipelined request. If Jetty was deployed behind an intermediary that imposed some authorization and that intermediary allowed arbitrarily large chunks to be passed on unchanged, then this flaw could be used to bypass the authorization imposed by the intermediary as the fake pipelined request would not be interpreted by the intermediary as a request.
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling'), CWE-190 Integer Overflow or Wraparound
In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length and a chunked encoding header, the content-length was ignored (as per RFC 2616). If an intermediary decided on the shorter length, but still passed on the longer body, then body content could be interpreted by Jetty as a pipelined request. If the intermediary was imposing authorization, the fake pipelined request would bypass that authorization.
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords.
In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability.
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/com/github/jsonld-java/jsonld-java/0.8.3/jsonld-java-0.8.3.jar MD5: 2bb1918de0760e21660f548cc5fedddf SHA1: 214e8c5ac2ccadbf7c9c9f80ce8b720a5e0d6b25 SHA256:ee0affd3325c623dfef89c48ded3ea98a19bae90ba26ecd615358dd47cd311be Referenced In Project/Scope:blueMarine II :: Media Server :: UPnP:compile
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar MD5: dd83accb899363c32b07d7a1b2e4ce40 SHA1: 25ea2e8b0c338a877313bd4672d3fe056ea78f0d SHA256:766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7 Referenced In Project/Scope:blueMarine II :: Media Server :: UPnP:compile
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/ch/qos/logback/logback-core/1.2.3/logback-core-1.2.3.jar MD5: 841fc80c6edff60d947a3872a2db4d45 SHA1: 864344400c3d4d92dfeb0a305dc87d953677c03c SHA256:5946d837fe6f960c02a53eda7a6926ecc3c758bbdd69aa453ee429f858217f22 Referenced In Project/Scope:blueMarine II :: Media Server :: UPnP:runtime
Spice up your java: Automatic Resource Management, automatic generation of getters, setters, equals, hashCode and toString, and more!
License:
The MIT License: https://projectlombok.org/LICENSE
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/projectlombok/lombok/1.18.18/lombok-1.18.18.jar MD5: 6a157cf72924f8d135dcd6c571bf0405 SHA1: 481f5bfed3ae29f656eedfe9e98c8365b8ba5c57 SHA256:601ec46206e0f9cac2c0583b3350e79f095419c395e991c761640f929038e9cc Referenced In Project/Scope:blueMarine II :: Media Server :: UPnP:provided
MapDB provides concurrent Maps, Sets and Queues backed by disk storage or off-heap memory. It is a fast, scalable and easy to use embedded Java database.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/mapdb/mapdb/1.0.8/mapdb-1.0.8.jar MD5: aaea7b500b214a08b2dc61d38d04024e SHA1: 64485a221d9095fc7ab9b50cc34c6b4b58467e2e SHA256:e757738f3a0867d7d9a1f1532bf7ca09eab02f032767eb403c991cb4e09c4fe0 Referenced In Project/Scope:blueMarine II :: Media Server :: UPnP:compile
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/com/opencsv/opencsv/3.2/opencsv-3.2.jar MD5: ae00a81a37f8a4102b5d265e7d5a872e SHA1: 11986807ecb3288728bdb33a3165ce84f057d7a4 SHA256:8da30a0838a09ae8a3d4e8bffa42a787ec462dfe824da043d1d625ae7e4c7c94 Referenced In Project/Scope:blueMarine II :: Media Server :: UPnP:runtime
SPARQL input notation interfaces and implementations
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/eclipse/rdf4j/rdf4j-spin/2.1.4/rdf4j-spin-2.1.4.jar MD5: 4cf3ed3b0340e6701e99e59b6bf127bd SHA1: bc0a1f5bea07048cac86e4c570faaf5bace180b1 SHA256:df8614f35f6eeb51fc49cb09cba85116cb0c0a19019db99f5e64338b2944600e Referenced In Project/Scope:blueMarine II :: Media Server :: UPnP:runtime
Eclipse RDF4j version < 2.4.0 Milestone 2 contains a XML External Entity (XXE) vulnerability in RDF4j XML parser parsing RDF files that can result in the disclosure of confidential data, denial of service, server side request forgery, port scanning. This attack appear to be exploitable via Specially crafted RDF file.
CWE-611 Improper Restriction of XML External Entity Reference ('XXE')
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/seamless/seamless-http/1.1.1/seamless-http-1.1.1.jar MD5: 1928a351212b418631309c33e7036753 SHA1: 18cc72baf8fbb8f85993dfc4e252c5b6b8cc0139 SHA256:05da30fa260cf53770fefbd46482c04f6a37e19b663fec282a4c4384c0def813 Referenced In Project/Scope:blueMarine II :: Media Server :: UPnP:compile
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/seamless/seamless-swing/1.1.1/seamless-swing-1.1.1.jar MD5: 68b88b69dde7a8067a0d8e7d5d7fa9e8 SHA1: 0dd7141e863a53f0e7210147d5ab39c626546493 SHA256:653fa6fea357f1349075bdd94328fc9c0d285046d7deb25a56dc8a86513b64e0 Referenced In Project/Scope:blueMarine II :: Media Server :: UPnP:compile
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/seamless/seamless-util/1.1.1/seamless-util-1.1.1.jar MD5: e2bf5ce54b06a7cf06fea4ded6fb44fd SHA1: 989fb6690245740d76ed08634c04610f52ca1e2a SHA256:eb663e3739d67137baab18e65ed2cdec28213a8871458323c3cc62da085cec3c Referenced In Project/Scope:blueMarine II :: Media Server :: UPnP:compile
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/seamless/seamless-xml/1.1.1/seamless-xml-1.1.1.jar MD5: ce48d7a6ba4e759283b26b9b2b084445 SHA1: ddc628b23904faf124b84f768e9caa03147da5ab SHA256:6d80a97918e4ae91ecb676f9cd056942f1565d981d054a461058a16096464298 Referenced In Project/Scope:blueMarine II :: Media Server :: UPnP:compile
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/slf4j/slf4j-api/1.7.30/slf4j-api-1.7.30.jar MD5: f8be00da99bc4ab64c79ab1e2be7cb7c SHA1: b5a4b6d16ab13e34a88fae84c35cd5d68cac922c SHA256:cdba07964d1bb40a0761485c6b1e8c2f8fd9eb1d19c53928ac0d7f9510105c57 Referenced In Project/Scope:blueMarine II :: Media Server :: UPnP:compile
Spatial4j is a general purpose spatial / geospatial ASL licensed open-source Java library. It's
core capabilities are 3-fold: to provide common geospatially-aware shapes, to provide distance
calculations and other math, and to read shapes in WKT format.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/com/spatial4j/spatial4j/0.4.1/spatial4j-0.4.1.jar MD5: 7eafc2e18e82d7a38cb800be2dc9d678 SHA1: 4234d12b1ba4d4b539fb3e29edd948a99539d9eb SHA256:c467b888bf475495a86a0f4491cb87f80f584e7646cafc7686489f81bce371bc Referenced In Project/Scope:blueMarine II :: Media Server :: UPnP:runtime
GNU LESSER GENERAL PUBLIC LICENSE, Version 2.1: https://www.gnu.org/licenses/old-licenses/lgpl-2.1.en.html
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/com/github/spotbugs/spotbugs-annotations/3.1.9/spotbugs-annotations-3.1.9.jar MD5: 56a1a81d69b6a111161bbce0e6dea26a SHA1: 2ef5127efcc1a899aab8c66d449a631c9a99c469 SHA256:68c7c46b4299e94837e236ae742f399901a950fe910fe3ca710026753b5dd2e1 Referenced In Project/Scope:blueMarine II :: Media Server :: UPnP:compile
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/springframework/spring-core/5.3.1/spring-core-5.3.1.jar MD5: df36706fc74458c9c28e97aca7fae409 SHA1: 47af5b161749cd249fc074b4f140e011a3337efd SHA256:6ee995055163c59703be237be59f0565acb97c9d42c5d60df2bf3a4b4c6ef6e9 Referenced In Project/Scope:blueMarine II :: Media Server :: UPnP:compile