Dependency-Check Report

Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

Scan Information (show all):

dependency-check version: 6.1.1
Report Generated On: Sun, 5 Feb 2023 01:33:36 +0100
Dependencies Scanned: 74 (65 unique)
Vulnerable Dependencies: 11
Vulnerabilities Found: 45
Vulnerabilities Suppressed: 0
...
NVD CVE Checked: 2023-02-05T01:32:47
NVD CVE Modified: 2023-02-05T00:00:03
VersionCheckOn: 2023-01-15T14:18:40

Summary

Display: Showing Vulnerable Dependencies (click to show all)

Dependency	Vulnerability IDs	Package	Highest Severity	CVE Count	Confidence	Evidence Count
ST4-4.1.jar		pkg:maven/org.antlr/ST4@4.1		0		16
antlr-runtime-3.5.2.jar		pkg:maven/org.antlr/antlr-runtime@3.5.2		0		25
aspectjrt-1.9.6.jar		pkg:maven/org.aspectj/aspectjrt@1.9.6		0		23
codemodel-3.0.0.jar	cpe:2.3:a:oracle:java_se:3.0.0:::::::*	pkg:maven/org.glassfish.jaxb/codemodel@3.0.0		0	Low	36
commons-io-2.4.jar	cpe:2.3:a:apache:commons_io:2.4:::::::* cpe:2.3:a:apache:commons_net:2.4:::::::*	pkg:maven/commons-io/commons-io@2.4	MEDIUM	2	Highest	36
commons-math3-3.0.jar	cpe:2.3:a:apache:commons_net:3.0:::::::*	pkg:maven/org.apache.commons/commons-math3@3.0	MEDIUM	1	Highest	37
dtd-parser-1.4.3.jar	cpe:2.3:a:oracle:java_se:1.4.3:::::::*	pkg:maven/com.sun.xml.dtd-parser/dtd-parser@1.4.3		0	Low	42
hamcrest-core-1.3.jar		pkg:maven/org.hamcrest/hamcrest-core@1.3		0		26
image-core-1.0-ALPHA-7.jar		pkg:maven/it.tidalwave.image/image-core@1.0-ALPHA-7		0		23
istack-commons-tools-4.0.0.jar	cpe:2.3:a:oracle:java_se:4.0.0:::::::*	pkg:maven/com.sun.istack/istack-commons-tools@4.0.0		0	Low	39
it-tidalwave-html-patches-1.2-ALPHA-11.jar		pkg:maven/it.tidalwave.northernwind/it-tidalwave-html-patches@1.2-ALPHA-11		0		23
it-tidalwave-messagebus-3.2-ALPHA-18.jar		pkg:maven/it.tidalwave.thesefoolishthings/it-tidalwave-messagebus@3.2-ALPHA-18		0		23
it-tidalwave-messagebus-spring-3.2-ALPHA-18.jar		pkg:maven/it.tidalwave.thesefoolishthings/it-tidalwave-messagebus-spring@3.2-ALPHA-18		0		23
it-tidalwave-northernwind-core-1.2-ALPHA-11.jar		pkg:maven/it.tidalwave.northernwind/it-tidalwave-northernwind-core@1.2-ALPHA-11		0		25
it-tidalwave-northernwind-core-default-1.2-ALPHA-11.jar		pkg:maven/it.tidalwave.northernwind/it-tidalwave-northernwind-core-default@1.2-ALPHA-11		0		25
it-tidalwave-northernwind-core-filesystem-basic-1.2-ALPHA-11.jar		pkg:maven/it.tidalwave.northernwind/it-tidalwave-northernwind-core-filesystem-basic@1.2-ALPHA-11		0		23
it-tidalwave-northernwind-core-filesystem-git-1.2-ALPHA-11.jar		pkg:maven/it.tidalwave.northernwind/it-tidalwave-northernwind-core-filesystem-git@1.2-ALPHA-11		0		23
it-tidalwave-northernwind-core-filesystem-hg-1.2-ALPHA-11.jar	cpe:2.3:a:mercurial:mercurial:1.2:alpha::::::	pkg:maven/it.tidalwave.northernwind/it-tidalwave-northernwind-core-filesystem-hg@1.2-ALPHA-11	CRITICAL	17	Low	23
it-tidalwave-northernwind-core-filesystem-scm-1.2-ALPHA-11.jar		pkg:maven/it.tidalwave.northernwind/it-tidalwave-northernwind-core-filesystem-scm@1.2-ALPHA-11		0		23
it-tidalwave-northernwind-core-marshalling-default-1.2-ALPHA-11.jar		pkg:maven/it.tidalwave.northernwind/it-tidalwave-northernwind-core-marshalling-default@1.2-ALPHA-11		0		25
it-tidalwave-northernwind-core-profiling-1.2-ALPHA-11.jar		pkg:maven/it.tidalwave.northernwind/it-tidalwave-northernwind-core-profiling@1.2-ALPHA-11		0		25
it-tidalwave-northernwind-frontend-commons-1.2-ALPHA-11.jar		pkg:maven/it.tidalwave.northernwind/it-tidalwave-northernwind-frontend-commons@1.2-ALPHA-11		0		25
it-tidalwave-northernwind-frontend-components-1.2-ALPHA-11.jar		pkg:maven/it.tidalwave.northernwind/it-tidalwave-northernwind-frontend-components@1.2-ALPHA-11		0		25
it-tidalwave-northernwind-frontend-components-htmltemplate-1.2-ALPHA-11.jar		pkg:maven/it.tidalwave.northernwind/it-tidalwave-northernwind-frontend-components-htmltemplate@1.2-ALPHA-11		0		25
it-tidalwave-northernwind-frontend-media-1.2-ALPHA-11.jar		pkg:maven/it.tidalwave.northernwind/it-tidalwave-northernwind-frontend-media@1.2-ALPHA-11		0		25
it-tidalwave-northernwind-frontend-media-springmvc-1.2-ALPHA-11.jar		pkg:maven/it.tidalwave.northernwind/it-tidalwave-northernwind-frontend-media-springmvc@1.2-ALPHA-11		0		17
it-tidalwave-northernwind-frontend-springmvc-1.2-ALPHA-11.jar		pkg:maven/it.tidalwave.northernwind/it-tidalwave-northernwind-frontend-springmvc@1.2-ALPHA-11		0		25
it-tidalwave-role-3.2-ALPHA-18.jar		pkg:maven/it.tidalwave.thesefoolishthings/it-tidalwave-role@3.2-ALPHA-18		0		23
it-tidalwave-role-spring-3.2-ALPHA-18.jar		pkg:maven/it.tidalwave.thesefoolishthings/it-tidalwave-role-spring@3.2-ALPHA-18		0		25
it-tidalwave-util-3.2-ALPHA-18.jar		pkg:maven/it.tidalwave.thesefoolishthings/it-tidalwave-util@3.2-ALPHA-18		0		23
it-tidalwave-util-test-3.2-ALPHA-18.jar		pkg:maven/it.tidalwave.thesefoolishthings/it-tidalwave-util-test@3.2-ALPHA-18		0		25
jakarta.activation-2.0.0.jar	cpe:2.3:a:oracle:java_se:2.0.0:::::::*	pkg:maven/com.sun.activation/jakarta.activation@2.0.0		0	Low	40
jakarta.xml.bind-api-3.0.0.jar		pkg:maven/jakarta.xml.bind/jakarta.xml.bind-api@3.0.0		0		34
java-diff-utils-4.12.jar	cpe:2.3:a:utils_project:utils:4.12:::::::*	pkg:maven/io.github.java-diff-utils/java-diff-utils@4.12	MEDIUM	1	Highest	22
javax.annotation-api-1.3.2.jar		pkg:maven/javax.annotation/javax.annotation-api@1.3.2		0		39
javax.inject-1.jar		pkg:maven/javax.inject/javax.inject@1		0		19
javax.servlet-api-3.1.0.jar	cpe:2.3:a:oracle:java_se:3.1.0:::::::*	pkg:maven/javax.servlet/javax.servlet-api@3.1.0		0	Low	37
jaxb-core-3.0.0.jar		pkg:maven/org.glassfish.jaxb/jaxb-core@3.0.0		0		45
jaxb-core-3.0.0.jar	cpe:2.3:a:oracle:java_se:3.0.0:::::::*	pkg:maven/com.sun.xml.bind/jaxb-core@3.0.0 pkg:maven/org.glassfish.jaxb/jaxb-core@3.0.0		0	Low	55
jaxb-core-3.0.0.jar (shaded: com.sun.istack:istack-commons-runtime:4.0.0)		pkg:maven/com.sun.istack/istack-commons-runtime@4.0.0		0		11
jaxb-impl-3.0.0.jar		pkg:maven/com.sun.xml.bind/jaxb-impl@3.0.0		0		40
jaxb-impl-3.0.0.jar (shaded: org.glassfish.jaxb:jaxb-runtime:3.0.0)		pkg:maven/org.glassfish.jaxb/jaxb-runtime@3.0.0		0		11
jaxb-xjc-3.0.0.jar		pkg:maven/org.glassfish.jaxb/jaxb-xjc@3.0.0		0		33
jcl-over-slf4j-1.7.30.jar	cpe:2.3:a:apache:commons_net:1.7.30:::::::*	pkg:maven/org.slf4j/jcl-over-slf4j@1.7.30	MEDIUM	1	Low	33
jdom-1.0.jar	cpe:2.3:a:jdom:jdom:1.0:::::::*	pkg:maven/jdom/jdom@1.0	HIGH	1	Highest	44
jetty-util-6.1.26.jar	cpe:2.3:a:jetty:jetty:6.1.26:::::::* cpe:2.3:a:mortbay:jetty:6.1.26:::::::* cpe:2.3:a:mortbay_jetty:jetty:6.1.26:::::::*	pkg:maven/org.mortbay.jetty/jetty-util@6.1.26	MEDIUM	2	Highest	34
jsr305-3.0.2.jar		pkg:maven/com.google.code.findbugs/jsr305@3.0.2		0		17
jul-to-slf4j-1.7.30.jar		pkg:maven/org.slf4j/jul-to-slf4j@1.7.30		0		28
junit-4.12.jar		pkg:maven/junit/junit@4.12	MEDIUM	1		24
logback-core-1.2.3.jar	cpe:2.3:a:qos:logback:1.2.3:::::::*	pkg:maven/ch.qos.logback/logback-core@1.2.3	MEDIUM	1	Highest	32
lombok-1.18.22.jar		pkg:maven/org.projectlombok/lombok@1.18.22		0		24
metadata-extractor-2.18.0.jar	cpe:2.3:a:metadata-extractor_project:metadata-extractor:2.18.0:::::::*	pkg:maven/com.drewnoakes/metadata-extractor@2.18.0		0	Highest	27
org-openide-filesystems-RELEASE80.jar		pkg:maven/org.netbeans.api/org-openide-filesystems@RELEASE80		0		24
org-openide-util-RELEASE80.jar		pkg:maven/org.netbeans.api/org-openide-util@RELEASE80		0		22
org-openide-util-lookup-RELEASE80.jar		pkg:maven/org.netbeans.api/org-openide-util-lookup@RELEASE80		0		22
relaxng-datatype-3.0.0.jar	cpe:2.3:a:oracle:java_se:3.0.0:::::::*	pkg:maven/com.sun.xml.bind.external/relaxng-datatype@3.0.0		0	Low	36
rngom-3.0.0.jar	cpe:2.3:a:oracle:java_se:3.0.0:::::::*	pkg:maven/com.sun.xml.bind.external/rngom@3.0.0		0	Low	38
rome-1.0.0.jar		pkg:maven/net.java.dev.rome/rome@1.0.0		0		32
slf4j-api-1.7.30.jar		pkg:maven/org.slf4j/slf4j-api@1.7.30		0		29
spotbugs-annotations-3.1.9.jar		pkg:maven/com.github.spotbugs/spotbugs-annotations@3.1.9		0		21
spring-core-5.3.1.jar	cpe:2.3:a:pivotal_software:spring_framework:5.3.1:::::::* cpe:2.3:a:springsource:spring_framework:5.3.1:::::::* cpe:2.3:a:vmware:spring_framework:5.3.1:::::::*	pkg:maven/org.springframework/spring-core@5.3.1	CRITICAL	9	Highest	31
spring-web-5.3.1.jar	cpe:2.3:a:pivotal_software:spring_framework:5.3.1:::::::* cpe:2.3:a:springsource:spring_framework:5.3.1:::::::* cpe:2.3:a:vmware:spring_framework:5.3.1:::::::* cpe:2.3:a:web_project:web:5.3.1:::::::*	pkg:maven/org.springframework/spring-web@5.3.1	CRITICAL	9	Highest	29
txw2-3.0.0.jar		pkg:maven/org.glassfish.jaxb/txw2@3.0.0		0		33
xmpcore-6.1.11.jar		pkg:maven/com.adobe.xmp/xmpcore@6.1.11		0		25
xsom-3.0.0.jar		pkg:maven/org.glassfish.jaxb/xsom@3.0.0		0		36

Dependencies

ST4-4.1.jar

Description:

StringTemplate is a java template engine for generating source code,
		web pages, emails, or any other formatted text output.

		StringTemplate is particularly good at multi-targeted code generators,
		multiple site skins, and internationalization/localization.

		It evolved over years of effort developing jGuru.com.

		StringTemplate also powers the ANTLR 3 and 4 code generator. Its distinguishing characteristic
		is that unlike other engines, it strictly enforces model-view separation.

		Strict separation makes websites and code generators more flexible
		and maintainable; it also provides an excellent defense against malicious
		template authors.

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/antlr/ST4/4.1/ST4-4.1.jar
MD5: 0ed049972a799b12d8bd57031a48522a
SHA1: 467d508be07a542ad0a68ffcaed2d561c5fb2e0c
SHA256:8b1ccaed9edc55cd255d9c19c4d8da4756d9b6fcb435671292b43470b16d75d8
Referenced In Projects/Scopes:

NorthernWind :: Filesystems :: SCM:compile
NorthernWind :: Frontend :: Components :: HTML Template:compile
NorthernWind :: Frontend :: Media:compile
NorthernWind :: Frontend :: Webapp:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:compile
NorthernWind :: Frontend :: Spring MVC:compile
NorthernWind :: Frontend :: Media :: Spring MVC:compile
NorthernWind :: Filesystems :: SCM :: Mercurial:compile
NorthernWind :: Core :: Default Implementation:compile
NorthernWind :: Filesystems :: SCM :: Git:compile
NorthernWind :: Frontend :: Webapp :: Commons:compile
NorthernWind :: Frontend :: Components:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	jar	package name	stringtemplate	Highest
Vendor	pom	name	StringTemplate 4	High
Vendor	pom	groupid	org.antlr	Highest
Vendor	jar	package name	stringtemplate	Low
Vendor	jar	package name	v4	Low
Vendor	pom	groupid	antlr	Highest
Vendor	pom	artifactid	ST4	Low
Vendor	file	name	ST4	High
Product	jar	package name	stringtemplate	Highest
Product	pom	name	StringTemplate 4	High
Product	pom	artifactid	ST4	Highest
Product	jar	package name	v4	Low
Product	pom	groupid	antlr	Highest
Product	file	name	ST4	High
Version	pom	version	4.1	Highest
Version	file	version	4.1	High

Identifiers

pkg:maven/org.antlr/ST4@4.1 (Confidence:High)

antlr-runtime-3.5.2.jar

Description:

A framework for constructing recognizers, compilers, and translators from grammatical descriptions containing Java, C#, C++, or Python actions.

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/antlr/antlr-runtime/3.5.2/antlr-runtime-3.5.2.jar
MD5: 1fbbae2cb72530207c20b797bdabd029
SHA1: cd9cd41361c155f3af0f653009dcecb08d8b4afd
SHA256:ce3fc8ecb10f39e9a3cddcbb2ce350d272d9cd3d0b1e18e6fe73c3b9389c8734
Referenced In Projects/Scopes:

NorthernWind :: Filesystems :: SCM:compile
NorthernWind :: Frontend :: Components :: HTML Template:compile
NorthernWind :: Frontend :: Media:compile
NorthernWind :: Frontend :: Webapp:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:compile
NorthernWind :: Frontend :: Spring MVC:compile
NorthernWind :: Frontend :: Media :: Spring MVC:compile
NorthernWind :: Filesystems :: SCM :: Mercurial:compile
NorthernWind :: Core :: Default Implementation:compile
NorthernWind :: Filesystems :: SCM :: Git:compile
NorthernWind :: Frontend :: Webapp :: Commons:compile
NorthernWind :: Frontend :: Components:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	name	ANTLR 3 Runtime	High
Vendor	pom	groupid	org.antlr	Highest
Vendor	jar	package name	runtime	Highest
Vendor	pom	parent-groupid	org.antlr	Medium
Vendor	pom	groupid	antlr	Highest
Vendor	jar	package name	antlr	Highest
Vendor	pom	parent-artifactid	antlr-master	Low
Vendor	pom	artifactid	antlr-runtime	Low
Vendor	Manifest	Implementation-Vendor	ANTLR	High
Vendor	pom	url	http://www.antlr.org	Highest
Vendor	Manifest	Implementation-Vendor-Id	org.antlr	Medium
Vendor	file	name	antlr-runtime	High
Product	pom	name	ANTLR 3 Runtime	High
Product	jar	package name	antlr	Highest
Product	pom	parent-artifactid	antlr-master	Medium
Product	pom	artifactid	antlr-runtime	Highest
Product	jar	package name	runtime	Highest
Product	pom	url	http://www.antlr.org	Medium
Product	pom	parent-groupid	org.antlr	Medium
Product	pom	groupid	antlr	Highest
Product	file	name	antlr-runtime	High
Product	Manifest	Implementation-Title	ANTLR 3 Runtime	High
Version	Manifest	Implementation-Version	3.5.2	High
Version	file	version	3.5.2	High
Version	pom	version	3.5.2	Highest

Identifiers

pkg:maven/org.antlr/antlr-runtime@3.5.2 (Confidence:High)

aspectjrt-1.9.6.jar

Description:

The runtime needed to execute a program using AspectJ

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/legal/epl-v10.html

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/aspectj/aspectjrt/1.9.6/aspectjrt-1.9.6.jar
MD5: 391f9257f19b84b45eb79a1878b9600a
SHA1: 1651849d48659e5703adc2599e694bf67b8c3fc4
SHA256:20c785678cbb4ee045914daf83da25f98a16071177dfa0e3451326723dfb4705
Referenced In Projects/Scopes:

NorthernWind :: Profiling:compile
NorthernWind :: Filesystems :: SCM:compile
NorthernWind :: Frontend :: Components :: HTML Template:compile
NorthernWind :: Frontend :: Media:compile
NorthernWind :: Frontend :: Webapp:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:compile
NorthernWind :: Frontend :: Spring MVC:compile
NorthernWind :: Frontend :: Media :: Spring MVC:compile
NorthernWind :: Frontend :: Commons:compile
NorthernWind :: Filesystems :: SCM :: Mercurial:compile
NorthernWind :: Core :: Default Marshalling:compile
NorthernWind :: Core :: Default Implementation:compile
NorthernWind :: Frontend:compile
NorthernWind :: Filesystems :: Basic:compile
NorthernWind :: Filesystems :: SCM :: Git:compile
NorthernWind :: Frontend :: Webapp :: Commons:compile
NorthernWind :: Core:compile
NorthernWind :: Frontend :: Components:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	url	https://www.eclipse.org/aspectj/	Highest
Vendor	file	name	aspectjrt	High
Vendor	manifest: org/aspectj/lang/	Implementation-Vendor	https://www.eclipse.org/aspectj/	Medium
Vendor	pom	groupid	aspectj	Highest
Vendor	pom	artifactid	aspectjrt	Low
Vendor	pom	name	AspectJ runtime	High
Vendor	Manifest	automatic-module-name	org.aspectj.runtime	Medium
Vendor	jar	package name	runtime	Highest
Vendor	pom	groupid	org.aspectj	Highest
Vendor	jar	package name	aspectj	Highest
Product	file	name	aspectjrt	High
Product	pom	url	https://www.eclipse.org/aspectj/	Medium
Product	manifest: org/aspectj/lang/	Specification-Title	AspectJ Runtime Classes	Medium
Product	pom	groupid	aspectj	Highest
Product	pom	name	AspectJ runtime	High
Product	pom	artifactid	aspectjrt	Highest
Product	Manifest	automatic-module-name	org.aspectj.runtime	Medium
Product	jar	package name	runtime	Highest
Product	manifest: org/aspectj/lang/	Implementation-Title	org.aspectj.runtime	Medium
Product	jar	package name	aspectj	Highest
Version	file	version	1.9.6	High
Version	manifest: org/aspectj/lang/	Implementation-Version	1.9.6	Medium
Version	pom	version	1.9.6	Highest

Identifiers

pkg:maven/org.aspectj/aspectjrt@1.9.6 (Confidence:High)

codemodel-3.0.0.jar

Description:

The core functionality of the CodeModel java source code generation library

License:

http://www.eclipse.org/org/documents/edl-v10.php

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/glassfish/jaxb/codemodel/3.0.0/codemodel-3.0.0.jar
MD5: 3be06899dd53a82f25d18c181c9e88e5
SHA1: e4022db305a953ab260d60aaa25849525455fd48
SHA256:7d5a3bd8290ca9b0720b1033b89e3bc4e45714b5a021ec4e39e009ac035239ef
Referenced In Projects/Scopes:

NorthernWind :: Core :: Default Marshalling:compile
NorthernWind :: Frontend :: Webapp:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:compile
NorthernWind :: Frontend :: Webapp :: Commons:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	codemodel	High
Vendor	jar (hint)	package name	oracle	Highest
Vendor	Manifest	Implementation-Vendor	Eclipse Foundation	High
Vendor	Manifest	bundle-symbolicname	org.glassfish.jaxb.codemodel	Medium
Vendor	pom	groupid	glassfish.jaxb	Highest
Vendor	jar	package name	sun	Highest
Vendor	pom	groupid	org.glassfish.jaxb	Highest
Vendor	Manifest	implementation-build-id	3.0.0 - 697e104	Low
Vendor	pom	parent-groupid	com.sun.xml.bind.mvn	Medium
Vendor	pom	artifactid	codemodel	Low
Vendor	pom	parent-artifactid	jaxb-codemodel-parent	Low
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	Manifest	bundle-docurl	https://www.eclipse.org	Low
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	pom	name	Codemodel Core	High
Vendor	jar	package name	codemodel	Highest
Product	file	name	codemodel	High
Product	pom	parent-artifactid	jaxb-codemodel-parent	Medium
Product	Manifest	bundle-symbolicname	org.glassfish.jaxb.codemodel	Medium
Product	pom	artifactid	codemodel	Highest
Product	pom	groupid	glassfish.jaxb	Highest
Product	Manifest	Implementation-Title	Codemodel Core	High
Product	jar	package name	sun	Highest
Product	Manifest	implementation-build-id	3.0.0 - 697e104	Low
Product	pom	parent-groupid	com.sun.xml.bind.mvn	Medium
Product	Manifest	Bundle-Name	Codemodel Core	Medium
Product	Manifest	build-jdk-spec	11	Low
Product	Manifest	bundle-docurl	https://www.eclipse.org	Low
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	pom	name	Codemodel Core	High
Product	jar	package name	codemodel	Highest
Version	Manifest	Bundle-Version	3.0.0	High
Version	Manifest	Implementation-Version	3.0.0	High
Version	pom	version	3.0.0	Highest
Version	file	version	3.0.0	High
Version	Manifest	implementation-build-id	3.0.0	Low

Identifiers

pkg:maven/org.glassfish.jaxb/codemodel@3.0.0 (Confidence:High)
cpe:2.3:a:oracle:java_se:3.0.0:*:*:*:*:*:*:* (Confidence:Low)

commons-io-2.4.jar

Description:

The Commons IO library contains utility classes, stream implementations, file filters, 
file comparators, endian transformation classes, and much more.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/commons-io/commons-io/2.4/commons-io-2.4.jar
MD5: 7f97854dc04c119d461fed14f5d8bb96
SHA1: b1b6ea3b7e4aa4f492509a4952029cd8e48019ad
SHA256:cc6a41dc3eaacc9e440a6bd0d2890b20d36b4ee408fe2d67122f328bb6e01581
Referenced In Projects/Scopes:

NorthernWind :: Frontend :: Media :: Spring MVC:compile
NorthernWind :: Core :: Default Implementation:compile
NorthernWind :: Frontend :: Components :: HTML Template:compile
NorthernWind :: Frontend :: Webapp:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:compile
NorthernWind :: Frontend :: Webapp :: Commons:compile
NorthernWind :: Frontend :: Spring MVC:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	Manifest	implementation-build	tags/2.4-RC2@r1349569; 2012-06-12 18:18:20-0400	Low
Vendor	jar	package name	io	Highest
Vendor	pom	parent-groupid	org.apache.commons	Medium
Vendor	Manifest	Implementation-Vendor-Id	org.apache	Medium
Vendor	jar	package name	commons	Highest
Vendor	Manifest	bundle-docurl	http://commons.apache.org/io/	Low
Vendor	pom	artifactid	commons-io	Low
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	pom	parent-artifactid	commons-parent	Low
Vendor	file	name	commons-io	High
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	pom	url	http://commons.apache.org/io/	Highest
Vendor	Manifest	bundle-symbolicname	org.apache.commons.io	Medium
Vendor	jar	package name	apache	Highest
Vendor	pom	groupid	commons-io	Highest
Vendor	pom	name	Commons IO	High
Product	Manifest	implementation-build	tags/2.4-RC2@r1349569; 2012-06-12 18:18:20-0400	Low
Product	jar	package name	io	Highest
Product	pom	parent-groupid	org.apache.commons	Medium
Product	Manifest	Bundle-Name	Commons IO	Medium
Product	jar	package name	commons	Highest
Product	Manifest	bundle-docurl	http://commons.apache.org/io/	Low
Product	file	name	commons-io	High
Product	pom	artifactid	commons-io	Highest
Product	pom	url	http://commons.apache.org/io/	Medium
Product	pom	parent-artifactid	commons-parent	Medium
Product	Manifest	Implementation-Title	Commons IO	High
Product	Manifest	bundle-symbolicname	org.apache.commons.io	Medium
Product	jar	package name	apache	Highest
Product	pom	groupid	commons-io	Highest
Product	Manifest	specification-title	Commons IO	Medium
Product	pom	name	Commons IO	High
Version	file	version	2.4	High
Version	pom	parent-version	2.4	Low
Version	Manifest	Implementation-Version	2.4	High
Version	pom	version	2.4	Highest

Identifiers

pkg:maven/commons-io/commons-io@2.4 (Confidence:High)
cpe:2.3:a:apache:commons_io:2.4:*:*:*:*:*:*:* (Confidence:Highest)
cpe:2.3:a:apache:commons_net:2.4:*:*:*:*:*:*:* (Confidence:Highest)

Published Vulnerabilities

CVE-2021-29425

In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value.

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv2:

Base Score: MEDIUM (5.8)
Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSSv3:

Base Score: MEDIUM (4.8)
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2021-37533

Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711.

CWE-20 Improper Input Validation

CVSSv3:

Base Score: MEDIUM (6.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions:

cpe:2.3:a:apache:commons_net:*:*:*:*:*:*:*:* versions up to (excluding) 3.9.0

commons-math3-3.0.jar

Description:

The Math project is a library of lightweight, self-contained mathematics and statistics components addressing the most common practical problems not immediately available in the Java programming language or commons-lang.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/apache/commons/commons-math3/3.0/commons-math3-3.0.jar
MD5: 1c32031c57f7ad9a99fef07bcf1209e8
SHA1: 5f8d1d720333aa9a7dee1c949ea70d9ed7da6106
SHA256:0bde674d932bfc7f048390f86ceb631cf1e8790de7163c0e7bb22409599a38db
Referenced In Projects/Scopes:

NorthernWind :: Profiling:compile
NorthernWind :: Filesystems :: SCM:compile
NorthernWind :: Frontend :: Components :: HTML Template:compile
NorthernWind :: Frontend :: Webapp:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:compile
NorthernWind :: Frontend :: Spring MVC:compile
NorthernWind :: Frontend :: Media :: Spring MVC:compile
NorthernWind :: Filesystems :: SCM :: Mercurial:compile
NorthernWind :: Core :: Default Implementation:compile
NorthernWind :: Filesystems :: SCM :: Git:compile
NorthernWind :: Frontend :: Webapp :: Commons:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	groupid	apache.commons	Highest
Vendor	jar	package name	math3	Highest
Vendor	Manifest	bundle-docurl	http://commons.apache.org/math/	Low
Vendor	pom	parent-groupid	org.apache.commons	Medium
Vendor	Manifest	Implementation-Vendor-Id	org.apache	Medium
Vendor	pom	artifactid	commons-math3	Low
Vendor	jar	package name	commons	Highest
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	pom	parent-artifactid	commons-parent	Low
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	Manifest	bundle-symbolicname	org.apache.commons.math	Medium
Vendor	Manifest	implementation-build	tags/MATH_3_0_RC3@r1296853; 2012-03-05 11:10:26+0100	Low
Vendor	pom	name	Commons Math	High
Vendor	pom	groupid	org.apache.commons	Highest
Vendor	jar	package name	apache	Highest
Vendor	file	name	commons-math3	High
Vendor	pom	url	http://commons.apache.org/math/	Highest
Product	pom	groupid	apache.commons	Highest
Product	Manifest	Bundle-Name	Commons Math	Medium
Product	jar	package name	math3	Highest
Product	Manifest	bundle-docurl	http://commons.apache.org/math/	Low
Product	pom	parent-groupid	org.apache.commons	Medium
Product	pom	artifactid	commons-math3	Highest
Product	jar	package name	commons	Highest
Product	pom	url	http://commons.apache.org/math/	Medium
Product	pom	parent-artifactid	commons-parent	Medium
Product	Manifest	bundle-symbolicname	org.apache.commons.math	Medium
Product	Manifest	Implementation-Title	Commons Math	High
Product	Manifest	implementation-build	tags/MATH_3_0_RC3@r1296853; 2012-03-05 11:10:26+0100	Low
Product	pom	name	Commons Math	High
Product	jar	package name	apache	Highest
Product	file	name	commons-math3	High
Product	Manifest	specification-title	Commons Math	Medium
Version	pom	version	3.0	Highest
Version	file	version	3.0	High
Version	pom	parent-version	3.0	Low
Version	Manifest	Implementation-Version	3.0	High

Identifiers

pkg:maven/org.apache.commons/commons-math3@3.0 (Confidence:High)
cpe:2.3:a:apache:commons_net:3.0:*:*:*:*:*:*:* (Confidence:Highest)

Published Vulnerabilities

CVE-2021-37533

Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711.

CWE-20 Improper Input Validation

CVSSv3:

Base Score: MEDIUM (6.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions:

cpe:2.3:a:apache:commons_net:*:*:*:*:*:*:*:* versions up to (excluding) 3.9.0

dtd-parser-1.4.3.jar

Description:

SAX-like API for parsing XML DTDs.

License:

Eclipse Distribution License - v 1.0: http://www.eclipse.org/org/documents/edl-v10.php

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/com/sun/xml/dtd-parser/dtd-parser/1.4.3/dtd-parser-1.4.3.jar
MD5: ed00546105860ff9b42d40eee3a17080
SHA1: 090ff8310e0c62177d66502009e2642f88901753
SHA256:245b4a51df10169ad268768faa0dc01401849fa0a7d8b743cceff20cdd61bfc0
Referenced In Projects/Scopes:

NorthernWind :: Core :: Default Marshalling:compile
NorthernWind :: Frontend :: Webapp:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:compile
NorthernWind :: Frontend :: Webapp :: Commons:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	jar (hint)	package name	oracle	Highest
Vendor	Manifest	Implementation-Vendor	Eclipse Foundation	High
Vendor	Manifest	bundle-symbolicname	com.sun.xml.dtd-parser	Medium
Vendor	jar	package name	xml	Highest
Vendor	jar	package name	sun	Highest
Vendor	pom	parent-groupid	org.eclipse.ee4j	Medium
Vendor	pom	artifactid	dtd-parser	Low
Vendor	pom	parent-artifactid	project	Low
Vendor	pom	groupid	com.sun.xml.dtd-parser	Highest
Vendor	Manifest	Implementation-Vendor-Id	com.sun.xml.dtd-parser	Medium
Vendor	file	name	dtd-parser	High
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	Manifest	implementation-url	https://github.com/eclipse-ee4j/jaxb-dtd-parser	Low
Vendor	Manifest	bundle-docurl	https://www.eclipse.org	Low
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	pom	groupid	sun.xml.dtd-parser	Highest
Vendor	pom	name	DTD Parser	High
Vendor	Manifest	implementation-build-id	1.4.3 - 1.4.3-RELEASE-acc434d	Low
Vendor	pom	url	eclipse-ee4j/jaxb-dtd-parser	Highest
Product	pom	parent-artifactid	project	Medium
Product	Manifest	bundle-symbolicname	com.sun.xml.dtd-parser	Medium
Product	jar	package name	xml	Highest
Product	Manifest	Bundle-Name	DTD Parser	Medium
Product	jar	package name	sun	Highest
Product	pom	parent-groupid	org.eclipse.ee4j	Medium
Product	pom	artifactid	dtd-parser	Highest
Product	Manifest	Implementation-Title	DTD Parser	High
Product	file	name	dtd-parser	High
Product	pom	url	eclipse-ee4j/jaxb-dtd-parser	High
Product	Manifest	build-jdk-spec	11	Low
Product	Manifest	implementation-url	https://github.com/eclipse-ee4j/jaxb-dtd-parser	Low
Product	Manifest	bundle-docurl	https://www.eclipse.org	Low
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	pom	groupid	sun.xml.dtd-parser	Highest
Product	pom	name	DTD Parser	High
Product	Manifest	implementation-build-id	1.4.3 - 1.4.3-RELEASE-acc434d	Low
Version	Manifest	implementation-build-id	1.4.3	Low
Version	file	version	1.4.3	High
Version	pom	parent-version	1.4.3	Low
Version	Manifest	Bundle-Version	1.4.3	High
Version	pom	version	1.4.3	Highest
Version	Manifest	Implementation-Version	1.4.3	High

Identifiers

pkg:maven/com.sun.xml.dtd-parser/dtd-parser@1.4.3 (Confidence:High)
cpe:2.3:a:oracle:java_se:1.4.3:*:*:*:*:*:*:* (Confidence:Low)

hamcrest-core-1.3.jar

Description:

    This is the core API of hamcrest matcher framework to be used by third-party framework providers. This includes the a foundation set of matcher implementations for common operations.

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/hamcrest/hamcrest-core/1.3/hamcrest-core-1.3.jar
MD5: 6393363b47ddcbba82321110c3e07519
SHA1: 42a25dc3219429f0e5d060061f71acb49bf010a0
SHA256:66fdef91e9739348df7a096aa384a5685f4e875584cce89386a7a47251c4d8e9
Referenced In Projects/Scopes:

NorthernWind :: Frontend :: Media :: Spring MVC:compile
NorthernWind :: Commons for tests:compile
NorthernWind :: Filesystems :: SCM :: Mercurial:compile
NorthernWind :: Core :: Default Marshalling:compile
NorthernWind :: Core :: Default Implementation:compile
NorthernWind :: Filesystems :: SCM:compile
NorthernWind :: Frontend:compile
NorthernWind :: Filesystems :: Basic:compile
NorthernWind :: Filesystems :: SCM :: Git:compile
NorthernWind :: Core:compile
NorthernWind :: Frontend :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	Manifest	Implementation-Vendor	hamcrest.org	High
Vendor	jar	package name	matcher	Highest
Vendor	pom	groupid	hamcrest	Highest
Vendor	Manifest	built-date	2012-07-09 19:49:34	Low
Vendor	file	name	hamcrest-core	High
Vendor	jar	package name	core	Highest
Vendor	pom	artifactid	hamcrest-core	Low
Vendor	pom	parent-artifactid	hamcrest-parent	Low
Vendor	jar	package name	hamcrest	Highest
Vendor	pom	name	Hamcrest Core	High
Vendor	pom	groupid	org.hamcrest	Highest
Vendor	pom	parent-groupid	org.hamcrest	Medium
Product	jar	package name	matcher	Highest
Product	pom	groupid	hamcrest	Highest
Product	pom	artifactid	hamcrest-core	Highest
Product	jar	package name	hamcrest	Highest
Product	Manifest	built-date	2012-07-09 19:49:34	Low
Product	Manifest	Implementation-Title	hamcrest-core	High
Product	file	name	hamcrest-core	High
Product	jar	package name	core	Highest
Product	pom	name	Hamcrest Core	High
Product	pom	parent-artifactid	hamcrest-parent	Medium
Product	pom	parent-groupid	org.hamcrest	Medium
Version	Manifest	Implementation-Version	1.3	High
Version	pom	version	1.3	Highest
Version	file	version	1.3	High

Identifiers

pkg:maven/org.hamcrest/hamcrest-core@1.3 (Confidence:High)

image-core-1.0-ALPHA-7.jar

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/it/tidalwave/image/image-core/1.0-ALPHA-7/image-core-1.0-ALPHA-7.jar
MD5: d444c332738e029bb1d3e6d111a58e02
SHA1: 65a6b56825ad7691a66275503d3eee75b8bd7ffe
SHA256:6b645acea6d854f6532c568eca49a202d41cbea2bbe9edf7333d3e527191d2b3
Referenced In Projects/Scopes:

NorthernWind :: Frontend :: Media :: Spring MVC:compile
NorthernWind :: Frontend :: Media:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	image-core	High
Vendor	pom	groupid	it.tidalwave.image	Highest
Vendor	jar	package name	image	Highest
Vendor	Manifest	specification-vendor	Tidalwave s.a.s.	Low
Vendor	pom	artifactid	image-core	Low
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	Manifest	Implementation-Vendor	Tidalwave s.a.s.	High
Vendor	jar	package name	tidalwave	Highest
Vendor	pom	parent-artifactid	image-modules	Low
Vendor	pom	name	Mistral Core	High
Vendor	jar	package name	it	Highest
Product	file	name	image-core	High
Product	pom	groupid	it.tidalwave.image	Highest
Product	jar	package name	image	Highest
Product	pom	artifactid	image-core	Highest
Product	Manifest	build-jdk-spec	11	Low
Product	Manifest	Implementation-Title	Mistral Core	High
Product	Manifest	specification-title	Mistral Core	Medium
Product	jar	package name	tidalwave	Highest
Product	pom	parent-artifactid	image-modules	Medium
Product	pom	name	Mistral Core	High
Product	jar	package name	it	Highest
Version	pom	version	1.0-ALPHA-7	Highest

Identifiers

pkg:maven/it.tidalwave.image/image-core@1.0-ALPHA-7 (Confidence:High)

istack-commons-tools-4.0.0.jar

Description:

istack common utility code

License:

http://www.eclipse.org/org/documents/edl-v10.php

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/com/sun/istack/istack-commons-tools/4.0.0/istack-commons-tools-4.0.0.jar
MD5: 99b2cc622a2d2230bb705eae4cce6bbf
SHA1: 653511c28867dd002e15bfa082d00682e0114a56
SHA256:9212ecc51900faa244054ab51a098b2cd73117cff240dcaeb39eeb7e0dc6ddec
Referenced In Projects/Scopes:

NorthernWind :: Core :: Default Marshalling:compile
NorthernWind :: Frontend :: Webapp:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:compile
NorthernWind :: Frontend :: Webapp :: Commons:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	Manifest	Implementation-Vendor-Id	com.sun.istack	Medium
Vendor	Manifest	multi-release	true	Low
Vendor	jar (hint)	package name	oracle	Highest
Vendor	jar	package name	tools	Highest
Vendor	Manifest	Implementation-Vendor	Eclipse Foundation	High
Vendor	pom	name	istack common utility code tools	High
Vendor	pom	groupid	sun.istack	Highest
Vendor	pom	artifactid	istack-commons-tools	Low
Vendor	jar	package name	sun	Highest
Vendor	jar	package name	com	Highest
Vendor	jar	package name	istack	Highest
Vendor	Manifest	bundle-symbolicname	com.sun.istack.commons-tools	Medium
Vendor	Manifest	implementation-build-id	4.0.0 - 39e0843	Low
Vendor	file	name	istack-commons-tools	High
Vendor	Manifest	bundle-docurl	https://www.eclipse.org	Low
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	pom	groupid	com.sun.istack	Highest
Vendor	pom	parent-artifactid	istack-commons	Low
Vendor	pom	parent-groupid	com.sun.istack	Medium
Product	Manifest	multi-release	true	Low
Product	jar	package name	tools	Highest
Product	Manifest	Bundle-Name	istack common utility code tools	Medium
Product	pom	name	istack common utility code tools	High
Product	pom	groupid	sun.istack	Highest
Product	jar	package name	sun	Highest
Product	pom	artifactid	istack-commons-tools	Highest
Product	jar	package name	com	Highest
Product	jar	package name	istack	Highest
Product	pom	parent-artifactid	istack-commons	Medium
Product	Manifest	bundle-symbolicname	com.sun.istack.commons-tools	Medium
Product	Manifest	implementation-build-id	4.0.0 - 39e0843	Low
Product	file	name	istack-commons-tools	High
Product	Manifest	bundle-docurl	https://www.eclipse.org	Low
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	pom	parent-groupid	com.sun.istack	Medium
Version	file	version	4.0.0	High
Version	Manifest	implementation-build-id	4.0.0	Low
Version	Manifest	Bundle-Version	4.0.0	High
Version	pom	version	4.0.0	Highest

Related Dependencies

Identifiers

pkg:maven/com.sun.istack/istack-commons-tools@4.0.0 (Confidence:High)
cpe:2.3:a:oracle:java_se:4.0.0:*:*:*:*:*:*:* (Confidence:Low)

it-tidalwave-html-patches-1.2-ALPHA-11.jar

Description:

Some patched classes for manipulating HTML.

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/it/tidalwave/northernwind/it-tidalwave-html-patches/1.2-ALPHA-11/it-tidalwave-html-patches-1.2-ALPHA-11.jar
MD5: 85fec0fbb1a8c5cdc65be78e7cafe703
SHA1: 9fc483b722fdf2b2a417b570753b80435500ec95
SHA256:3e8d2d3eac2e123da967423146d6019f2a91604e784b9ed235483c34bc8a8055
Referenced In Projects/Scopes:

NorthernWind :: Frontend :: Media :: Spring MVC:compile
NorthernWind :: Filesystems :: SCM :: Mercurial:compile
NorthernWind :: Core :: Default Implementation:compile
NorthernWind :: Filesystems :: SCM:compile
NorthernWind :: Frontend :: Components :: HTML Template:compile
NorthernWind :: Frontend :: Webapp:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:compile
NorthernWind :: Filesystems :: SCM :: Git:compile
NorthernWind :: Frontend :: Webapp :: Commons:compile
NorthernWind :: Frontend :: Spring MVC:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	groupid	it.tidalwave.northernwind	Highest
Vendor	file	name	it-tidalwave-html-patches	High
Vendor	jar	package name	northernwind	Highest
Vendor	Manifest	specification-vendor	Tidalwave s.a.s.	Low
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	pom	name	NorthernWind :: HTML Patches	High
Vendor	Manifest	Implementation-Vendor	Tidalwave s.a.s.	High
Vendor	jar	package name	tidalwave	Highest
Vendor	pom	parent-artifactid	it-tidalwave-northernwind-modules	Low
Vendor	jar	package name	it	Highest
Vendor	pom	artifactid	it-tidalwave-html-patches	Low
Product	pom	parent-artifactid	it-tidalwave-northernwind-modules	Medium
Product	Manifest	specification-title	NorthernWind :: HTML Patches	Medium
Product	pom	groupid	it.tidalwave.northernwind	Highest
Product	file	name	it-tidalwave-html-patches	High
Product	jar	package name	northernwind	Highest
Product	Manifest	build-jdk-spec	11	Low
Product	pom	name	NorthernWind :: HTML Patches	High
Product	jar	package name	tidalwave	Highest
Product	Manifest	Implementation-Title	NorthernWind :: HTML Patches	High
Product	jar	package name	it	Highest
Product	pom	artifactid	it-tidalwave-html-patches	Highest
Version	pom	version	1.2-ALPHA-11	Highest

Identifiers

pkg:maven/it.tidalwave.northernwind/it-tidalwave-html-patches@1.2-ALPHA-11 (Confidence:High)

it-tidalwave-messagebus-3.2-ALPHA-18.jar

Description:

        An abstract description of a simple message bus to be used within an application.

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/it/tidalwave/thesefoolishthings/it-tidalwave-messagebus/3.2-ALPHA-18/it-tidalwave-messagebus-3.2-ALPHA-18.jar
MD5: d096c1a93719f7ad3310e5eb4ac74a94
SHA1: bb007fbb1be125742ff92b9899da7caf5a84338a
SHA256:71738844dc7644107bc2222da3fb7f90f364938ecc789e9a233bc2739431cd11
Referenced In Projects/Scopes:

NorthernWind :: Profiling:compile
NorthernWind :: Filesystems :: SCM:compile
NorthernWind :: Frontend :: Components :: HTML Template:compile
NorthernWind :: Frontend :: Media:compile
NorthernWind :: Frontend :: Webapp:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:compile
NorthernWind :: Frontend :: Spring MVC:compile
NorthernWind :: Frontend :: Media :: Spring MVC:compile
NorthernWind :: Frontend :: Commons:compile
NorthernWind :: Filesystems :: SCM :: Mercurial:compile
NorthernWind :: Core :: Default Marshalling:compile
NorthernWind :: Core :: Default Implementation:compile
NorthernWind :: Frontend:compile
NorthernWind :: Filesystems :: Basic:compile
NorthernWind :: Filesystems :: SCM :: Git:compile
NorthernWind :: Frontend :: Webapp :: Commons:compile
NorthernWind :: Core:compile
NorthernWind :: Frontend :: Components:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	it-tidalwave-messagebus	High
Vendor	Manifest	specification-vendor	Tidalwave s.a.s.	Low
Vendor	pom	artifactid	it-tidalwave-messagebus	Low
Vendor	pom	parent-artifactid	modules	Low
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	Manifest	Implementation-Vendor	Tidalwave s.a.s.	High
Vendor	jar	package name	tidalwave	Highest
Vendor	pom	groupid	it.tidalwave.thesefoolishthings	Highest
Vendor	jar	package name	it	Highest
Vendor	jar	package name	messagebus	Highest
Vendor	pom	name	TheseFoolishThings :: MessageBus	High
Product	Manifest	Implementation-Title	TheseFoolishThings :: MessageBus	High
Product	file	name	it-tidalwave-messagebus	High
Product	pom	parent-artifactid	modules	Medium
Product	pom	artifactid	it-tidalwave-messagebus	Highest
Product	Manifest	build-jdk-spec	11	Low
Product	jar	package name	tidalwave	Highest
Product	pom	groupid	it.tidalwave.thesefoolishthings	Highest
Product	Manifest	specification-title	TheseFoolishThings :: MessageBus	Medium
Product	jar	package name	it	Highest
Product	jar	package name	messagebus	Highest
Product	pom	name	TheseFoolishThings :: MessageBus	High
Version	pom	version	3.2-ALPHA-18	Highest

Identifiers

pkg:maven/it.tidalwave.thesefoolishthings/it-tidalwave-messagebus@3.2-ALPHA-18 (Confidence:High)

it-tidalwave-messagebus-spring-3.2-ALPHA-18.jar

Description:

        A Spring implementation of a simple message bus to be used within an application.

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/it/tidalwave/thesefoolishthings/it-tidalwave-messagebus-spring/3.2-ALPHA-18/it-tidalwave-messagebus-spring-3.2-ALPHA-18.jar
MD5: c56268ba166b58a0898b0262dfb3dfce
SHA1: ba73bd1d4f91d76d64ed84a73cfc4c82a04d383f
SHA256:f1bf442de8defb2ed0d14240b79a88f2be25ec9fc1b134ad3980c616eb0cab50
Referenced In Projects/Scopes:

NorthernWind :: Frontend :: Webapp:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:compile
NorthernWind :: Frontend :: Webapp :: Commons:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	artifactid	it-tidalwave-messagebus-spring	Low
Vendor	pom	name	TheseFoolishThings :: MessageBus :: Spring	High
Vendor	Manifest	specification-vendor	Tidalwave s.a.s.	Low
Vendor	pom	parent-artifactid	modules	Low
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	file	name	it-tidalwave-messagebus-spring	High
Vendor	Manifest	Implementation-Vendor	Tidalwave s.a.s.	High
Vendor	jar	package name	tidalwave	Highest
Vendor	pom	groupid	it.tidalwave.thesefoolishthings	Highest
Vendor	jar	package name	it	Highest
Vendor	jar	package name	messagebus	Highest
Product	Manifest	Implementation-Title	TheseFoolishThings :: MessageBus :: Spring	High
Product	Manifest	specification-title	TheseFoolishThings :: MessageBus :: Spring	Medium
Product	pom	artifactid	it-tidalwave-messagebus-spring	Highest
Product	pom	parent-artifactid	modules	Medium
Product	pom	name	TheseFoolishThings :: MessageBus :: Spring	High
Product	Manifest	build-jdk-spec	11	Low
Product	file	name	it-tidalwave-messagebus-spring	High
Product	jar	package name	tidalwave	Highest
Product	pom	groupid	it.tidalwave.thesefoolishthings	Highest
Product	jar	package name	it	Highest
Product	jar	package name	messagebus	Highest
Version	pom	version	3.2-ALPHA-18	Highest

Identifiers

pkg:maven/it.tidalwave.thesefoolishthings/it-tidalwave-messagebus-spring@3.2-ALPHA-18 (Confidence:High)

it-tidalwave-northernwind-core-1.2-ALPHA-11.jar

Description:

Contains the interfaces of the Core.

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/it/tidalwave/northernwind/it-tidalwave-northernwind-core/1.2-ALPHA-11/it-tidalwave-northernwind-core-1.2-ALPHA-11.jar
MD5: 56ee1f2838142ac2a72530f1846a4cde
SHA1: 34d35e470efa7e5545b6009d62c880821981b054
SHA256:32bf78e00461b9c4a7f8fd081ab29d5aeddeb6201b0beacfeccaa654c1edc144
Referenced In Projects/Scopes:

NorthernWind :: Profiling:compile
NorthernWind :: Filesystems :: SCM:compile
NorthernWind :: Frontend :: Components :: HTML Template:compile
NorthernWind :: Frontend :: Media:compile
NorthernWind :: Frontend :: Webapp:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:compile
NorthernWind :: Frontend :: Spring MVC:compile
NorthernWind :: Frontend :: Media :: Spring MVC:compile
NorthernWind :: Frontend :: Commons:compile
NorthernWind :: Filesystems :: SCM :: Mercurial:compile
NorthernWind :: Core :: Default Marshalling:compile
NorthernWind :: Core :: Default Implementation:compile
NorthernWind :: Frontend:compile
NorthernWind :: Filesystems :: Basic:compile
NorthernWind :: Filesystems :: SCM :: Git:compile
NorthernWind :: Frontend :: Webapp :: Commons:compile
NorthernWind :: Frontend :: Components:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	groupid	it.tidalwave.northernwind	Highest
Vendor	Manifest	specification-vendor	Tidalwave s.a.s.	Low
Vendor	pom	artifactid	it-tidalwave-northernwind-core	Low
Vendor	jar	package name	core	Highest
Vendor	jar	package name	tidalwave	Highest
Vendor	jar	package name	it	Highest
Vendor	file	name	it-tidalwave-northernwind-core	High
Vendor	jar	package name	northernwind	Highest
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	pom	name	NorthernWind :: Core	High
Vendor	Manifest	Implementation-Vendor	Tidalwave s.a.s.	High
Vendor	pom	parent-artifactid	it-tidalwave-northernwind-modules	Low
Product	pom	groupid	it.tidalwave.northernwind	Highest
Product	jar	package name	core	Highest
Product	jar	package name	tidalwave	Highest
Product	Manifest	Implementation-Title	NorthernWind :: Core	High
Product	jar	package name	it	Highest
Product	pom	parent-artifactid	it-tidalwave-northernwind-modules	Medium
Product	file	name	it-tidalwave-northernwind-core	High
Product	jar	package name	northernwind	Highest
Product	Manifest	specification-title	NorthernWind :: Core	Medium
Product	pom	artifactid	it-tidalwave-northernwind-core	Highest
Product	Manifest	build-jdk-spec	11	Low
Product	pom	name	NorthernWind :: Core	High
Version	pom	version	1.2-ALPHA-11	Highest

Identifiers

pkg:maven/it.tidalwave.northernwind/it-tidalwave-northernwind-core@1.2-ALPHA-11 (Confidence:High)

it-tidalwave-northernwind-core-default-1.2-ALPHA-11.jar

Description:

A default implementation of the Core.

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/it/tidalwave/northernwind/it-tidalwave-northernwind-core-default/1.2-ALPHA-11/it-tidalwave-northernwind-core-default-1.2-ALPHA-11.jar
MD5: 6528c917fc79d85f82838601b41741ae
SHA1: 619285f9910ddf86042de42cdc91e8fe763e6da5
SHA256:364565e70e56a5f915881f633264f2212cef04b32e64d03f0b9ab46837c3d9ec
Referenced In Projects/Scopes:

NorthernWind :: Frontend :: Media :: Spring MVC:compile
NorthernWind :: Filesystems :: SCM :: Mercurial:compile
NorthernWind :: Filesystems :: SCM:compile
NorthernWind :: Frontend :: Components :: HTML Template:compile
NorthernWind :: Frontend :: Webapp:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:compile
NorthernWind :: Filesystems :: SCM :: Git:compile
NorthernWind :: Frontend :: Webapp :: Commons:compile
NorthernWind :: Frontend :: Spring MVC:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	artifactid	it-tidalwave-northernwind-core-default	Low
Vendor	pom	groupid	it.tidalwave.northernwind	Highest
Vendor	Manifest	specification-vendor	Tidalwave s.a.s.	Low
Vendor	jar	package name	core	Highest
Vendor	jar	package name	tidalwave	Highest
Vendor	jar	package name	it	Highest
Vendor	file	name	it-tidalwave-northernwind-core-default	High
Vendor	pom	name	NorthernWind :: Core :: Default Implementation	High
Vendor	jar	package name	northernwind	Highest
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	Manifest	Implementation-Vendor	Tidalwave s.a.s.	High
Vendor	pom	parent-artifactid	it-tidalwave-northernwind-modules	Low
Product	pom	groupid	it.tidalwave.northernwind	Highest
Product	jar	package name	core	Highest
Product	Manifest	Implementation-Title	NorthernWind :: Core :: Default Implementation	High
Product	jar	package name	tidalwave	Highest
Product	jar	package name	it	Highest
Product	file	name	it-tidalwave-northernwind-core-default	High
Product	pom	parent-artifactid	it-tidalwave-northernwind-modules	Medium
Product	pom	name	NorthernWind :: Core :: Default Implementation	High
Product	jar	package name	northernwind	Highest
Product	Manifest	build-jdk-spec	11	Low
Product	pom	artifactid	it-tidalwave-northernwind-core-default	Highest
Product	Manifest	specification-title	NorthernWind :: Core :: Default Implementation	Medium
Version	pom	version	1.2-ALPHA-11	Highest

Identifiers

pkg:maven/it.tidalwave.northernwind/it-tidalwave-northernwind-core-default@1.2-ALPHA-11 (Confidence:High)

it-tidalwave-northernwind-core-filesystem-basic-1.2-ALPHA-11.jar

Description:

The implementation of some basic filesystems.

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/it/tidalwave/northernwind/it-tidalwave-northernwind-core-filesystem-basic/1.2-ALPHA-11/it-tidalwave-northernwind-core-filesystem-basic-1.2-ALPHA-11.jar
MD5: 8d7a9c992c5a1aff13fd591dad353d35
SHA1: 505ae697390a2c14512eda6eff1e3c884bf6e6a7
SHA256:2085cc652b1876176353d599455087724a0c126dc262e5f6de1958800e0ab3f0
Referenced In Projects/Scopes:

NorthernWind :: Filesystems :: SCM :: Mercurial:compile
NorthernWind :: Filesystems :: SCM:compile
NorthernWind :: Frontend :: Webapp:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:compile
NorthernWind :: Filesystems :: SCM :: Git:compile
NorthernWind :: Frontend :: Webapp :: Commons:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	it-tidalwave-northernwind-core-filesystem-basic	High
Vendor	pom	groupid	it.tidalwave.northernwind	Highest
Vendor	pom	artifactid	it-tidalwave-northernwind-core-filesystem-basic	Low
Vendor	pom	name	NorthernWind :: Filesystems :: Basic	High
Vendor	jar	package name	northernwind	Highest
Vendor	Manifest	specification-vendor	Tidalwave s.a.s.	Low
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	Manifest	Implementation-Vendor	Tidalwave s.a.s.	High
Vendor	jar	package name	tidalwave	Highest
Vendor	jar	package name	it	Highest
Vendor	pom	parent-artifactid	it-tidalwave-northernwind-filesystem	Low
Product	file	name	it-tidalwave-northernwind-core-filesystem-basic	High
Product	Manifest	Implementation-Title	NorthernWind :: Filesystems :: Basic	High
Product	Manifest	specification-title	NorthernWind :: Filesystems :: Basic	Medium
Product	pom	groupid	it.tidalwave.northernwind	Highest
Product	pom	name	NorthernWind :: Filesystems :: Basic	High
Product	jar	package name	northernwind	Highest
Product	Manifest	build-jdk-spec	11	Low
Product	pom	artifactid	it-tidalwave-northernwind-core-filesystem-basic	Highest
Product	jar	package name	tidalwave	Highest
Product	pom	parent-artifactid	it-tidalwave-northernwind-filesystem	Medium
Product	jar	package name	it	Highest
Version	pom	version	1.2-ALPHA-11	Highest

Identifiers

pkg:maven/it.tidalwave.northernwind/it-tidalwave-northernwind-core-filesystem-basic@1.2-ALPHA-11 (Confidence:High)

it-tidalwave-northernwind-core-filesystem-git-1.2-ALPHA-11.jar

Description:

The implementation of the Git filesystem.

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/it/tidalwave/northernwind/it-tidalwave-northernwind-core-filesystem-git/1.2-ALPHA-11/it-tidalwave-northernwind-core-filesystem-git-1.2-ALPHA-11.jar
MD5: 01606f4f1ae9988eb3ea3c4b3a3dd442
SHA1: 3ee4cb0a272680b791c4c61f283334d5623d6d26
SHA256:c8890cac2b24e64e67e0a4736affe1a7a0ec5ad4049df5932bd71e6ede9b5ae4
Referenced In Projects/Scopes:

NorthernWind :: Frontend :: Webapp:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:compile
NorthernWind :: Frontend :: Webapp :: Commons:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	groupid	it.tidalwave.northernwind	Highest
Vendor	pom	name	NorthernWind :: Filesystems :: SCM :: Git	High
Vendor	jar	package name	northernwind	Highest
Vendor	Manifest	specification-vendor	Tidalwave s.a.s.	Low
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	Manifest	Implementation-Vendor	Tidalwave s.a.s.	High
Vendor	jar	package name	tidalwave	Highest
Vendor	file	name	it-tidalwave-northernwind-core-filesystem-git	High
Vendor	jar	package name	it	Highest
Vendor	pom	artifactid	it-tidalwave-northernwind-core-filesystem-git	Low
Vendor	pom	parent-artifactid	it-tidalwave-northernwind-filesystem	Low
Product	pom	groupid	it.tidalwave.northernwind	Highest
Product	pom	name	NorthernWind :: Filesystems :: SCM :: Git	High
Product	jar	package name	northernwind	Highest
Product	Manifest	specification-title	NorthernWind :: Filesystems :: SCM :: Git	Medium
Product	Manifest	build-jdk-spec	11	Low
Product	pom	artifactid	it-tidalwave-northernwind-core-filesystem-git	Highest
Product	jar	package name	tidalwave	Highest
Product	file	name	it-tidalwave-northernwind-core-filesystem-git	High
Product	pom	parent-artifactid	it-tidalwave-northernwind-filesystem	Medium
Product	Manifest	Implementation-Title	NorthernWind :: Filesystems :: SCM :: Git	High
Product	jar	package name	it	Highest
Version	pom	version	1.2-ALPHA-11	Highest

Identifiers

pkg:maven/it.tidalwave.northernwind/it-tidalwave-northernwind-core-filesystem-git@1.2-ALPHA-11 (Confidence:High)

it-tidalwave-northernwind-core-filesystem-hg-1.2-ALPHA-11.jar

Description:

The implementation of the Mercurial filesystem.

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/it/tidalwave/northernwind/it-tidalwave-northernwind-core-filesystem-hg/1.2-ALPHA-11/it-tidalwave-northernwind-core-filesystem-hg-1.2-ALPHA-11.jar
MD5: c6cc5865a841c9d0adec29d3428b5af6
SHA1: ce2ab81a836bb09510ae144268ace52f4c7c9e0a
SHA256:1495d1f1c81310a9258e0696d788a46233bce9c623684d1e4af843c4162f5a45
Referenced In Projects/Scopes:

NorthernWind :: Frontend :: Webapp:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:compile
NorthernWind :: Frontend :: Webapp :: Commons:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	groupid	it.tidalwave.northernwind	Highest
Vendor	pom	artifactid	it-tidalwave-northernwind-core-filesystem-hg	Low
Vendor	jar	package name	northernwind	Highest
Vendor	Manifest	specification-vendor	Tidalwave s.a.s.	Low
Vendor	pom	name	NorthernWind :: Filesystems :: SCM :: Mercurial	High
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	Manifest	Implementation-Vendor	Tidalwave s.a.s.	High
Vendor	jar	package name	tidalwave	Highest
Vendor	file	name	it-tidalwave-northernwind-core-filesystem-hg	High
Vendor	jar	package name	it	Highest
Vendor	pom	parent-artifactid	it-tidalwave-northernwind-filesystem	Low
Product	pom	groupid	it.tidalwave.northernwind	Highest
Product	jar	package name	northernwind	Highest
Product	pom	artifactid	it-tidalwave-northernwind-core-filesystem-hg	Highest
Product	pom	name	NorthernWind :: Filesystems :: SCM :: Mercurial	High
Product	Manifest	build-jdk-spec	11	Low
Product	Manifest	specification-title	NorthernWind :: Filesystems :: SCM :: Mercurial	Medium
Product	Manifest	Implementation-Title	NorthernWind :: Filesystems :: SCM :: Mercurial	High
Product	jar	package name	tidalwave	Highest
Product	pom	parent-artifactid	it-tidalwave-northernwind-filesystem	Medium
Product	file	name	it-tidalwave-northernwind-core-filesystem-hg	High
Product	jar	package name	it	Highest
Version	pom	version	1.2-ALPHA-11	Highest

Identifiers

pkg:maven/it.tidalwave.northernwind/it-tidalwave-northernwind-core-filesystem-hg@1.2-ALPHA-11 (Confidence:High)
cpe:2.3:a:mercurial:mercurial:1.2:alpha:*:*:*:*:*:* (Confidence:Low)

Published Vulnerabilities

CVE-2010-4237

Mercurial before 1.6.4 fails to verify the Common Name field of SSL certificates which allows remote attackers who acquire a certificate signed by a Certificate Authority to perform a man-in-the-middle attack.

CWE-295 Improper Certificate Validation

CVSSv2:

Base Score: MEDIUM (4.3)
Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSSv3:

Base Score: MEDIUM (5.9)
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

Vulnerable Software & Versions:

cpe:2.3:a:mercurial:mercurial:*:*:*:*:*:*:*:* versions up to (excluding) 1.6.4

CVE-2014-9390

Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case that is improperly handled on a case-insensitive filesystem.

CWE-20 Improper Input Validation

CVSSv2:

Base Score: HIGH (7.5)
Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSSv3:

Base Score: CRITICAL (9.8)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2014-9462

The _validaterepo function in sshpeer in Mercurial before 3.2.4 allows remote attackers to execute arbitrary commands via a crafted repository name in a clone command.

CWE-20 Improper Input Validation

CVSSv2:

Base Score: HIGH (7.5)
Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

CONFIRM - http://mercurial.selenic.com/wiki/WhatsNew
CONFIRM - http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
DEBIAN - DSA-3257
GENTOO - GLSA-201612-19
MISC - http://chargen.matasano.com/chargen/2015/3/17/this-new-vulnerability-mercurial-command-injection-cve-2014-9462.html
OSVDB - 119816
SUSE - openSUSE-SU-2015:0617

Vulnerable Software & Versions:

cpe:2.3:a:mercurial:mercurial:*:*:*:*:*:*:*:* versions up to (including) 3.2.3

CVE-2016-3068

Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted git ext:: URL when cloning a subrepository.

CWE-20 Improper Input Validation

CVSSv2:

Base Score: MEDIUM (6.8)
Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSSv3:

Base Score: HIGH (8.8)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

BID - 85733
CONFIRM - http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
CONFIRM - http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
CONFIRM - https://selenic.com/repo/hg-stable/rev/34d43cb85de8
CONFIRM - https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.7.3_.282016-3-29.29
DEBIAN - DSA-3542
FEDORA - FEDORA-2016-79604dde9f
FEDORA - FEDORA-2016-b7f1f8e3bf
GENTOO - GLSA-201612-19
REDHAT - RHSA-2016:0706
SUSE - SUSE-SU-2016:1010
SUSE - SUSE-SU-2016:1011
SUSE - openSUSE-SU-2016:1016
SUSE - openSUSE-SU-2016:1073

Vulnerable Software & Versions: (show all)

CVE-2016-3069

Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository.

CWE-20 Improper Input Validation

CVSSv2:

Base Score: MEDIUM (6.8)
Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSSv3:

Base Score: HIGH (8.8)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CONFIRM - http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
CONFIRM - http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
CONFIRM - https://selenic.com/repo/hg-stable/rev/197eed39e3d5
CONFIRM - https://selenic.com/repo/hg-stable/rev/80cac1de6aea
CONFIRM - https://selenic.com/repo/hg-stable/rev/ae279d4a19e9
CONFIRM - https://selenic.com/repo/hg-stable/rev/b732e7f2aba4
CONFIRM - https://selenic.com/repo/hg-stable/rev/cdda7b96afff
CONFIRM - https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.7.3_.282016-3-29.29
DEBIAN - DSA-3542
FEDORA - FEDORA-2016-79604dde9f
FEDORA - FEDORA-2016-b7f1f8e3bf
GENTOO - GLSA-201612-19
REDHAT - RHSA-2016:0706
SUSE - SUSE-SU-2016:1010
SUSE - SUSE-SU-2016:1011
SUSE - openSUSE-SU-2016:1016
SUSE - openSUSE-SU-2016:1073

Vulnerable Software & Versions: (show all)

CVE-2016-3105

The convert extension in Mercurial before 3.8 might allow context-dependent attackers to execute arbitrary code via a crafted git repository name.

CWE-284 Improper Access Control

CVSSv2:

Base Score: MEDIUM (6.8)
Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSSv3:

Base Score: HIGH (8.8)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

BID - 90536
CONFIRM - https://selenic.com/hg/rev/a56296f55a5e
CONFIRM - https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.8_.2F_3.8.1_.282016-5-1.29
DEBIAN - DSA-3570
GENTOO - GLSA-201612-19
SLACKWARE - SSA:2016-123-01
SUSE - openSUSE-SU-2016:1336

Vulnerable Software & Versions:

cpe:2.3:a:mercurial:mercurial:*:*:*:*:*:*:*:* versions up to (including) 3.7.3

CVE-2016-3630

The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a (1) clone, (2) push, or (3) pull command, related to (a) a list sizing rounding error and (b) short records.

CWE-19 Data Processing Errors

CVSSv2:

Base Score: MEDIUM (6.8)
Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSSv3:

Base Score: HIGH (8.8)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CONFIRM - http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
CONFIRM - https://selenic.com/repo/hg-stable/rev/b6ed2505d6cf
CONFIRM - https://selenic.com/repo/hg-stable/rev/b9714d958e89
CONFIRM - https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.7.3_.282016-3-29.29
DEBIAN - DSA-3542
FEDORA - FEDORA-2016-79604dde9f
FEDORA - FEDORA-2016-b7f1f8e3bf
GENTOO - GLSA-201612-19
SUSE - SUSE-SU-2016:1010
SUSE - SUSE-SU-2016:1011
SUSE - openSUSE-SU-2016:1016
SUSE - openSUSE-SU-2016:1073

Vulnerable Software & Versions: (show all)

CVE-2017-1000115

Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositories to modify files outside the repository

CWE-59 Improper Link Resolution Before File Access ('Link Following')

CVSSv2:

Base Score: MEDIUM (5.0)
Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSSv3:

Base Score: HIGH (7.5)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

BID - 100290
CONFIRM - https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.3_.2F_4.3.1_.282017-08-10.29
DEBIAN - DSA-3963
GENTOO - GLSA-201709-18
REDHAT - RHSA-2017:2489

Vulnerable Software & Versions:

cpe:2.3:a:mercurial:mercurial:*:*:*:*:*:*:*:* versions up to (excluding) 4.3

CVE-2017-1000116

Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks.

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVSSv2:

Base Score: HIGH (10.0)
Vector: /AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSSv3:

Base Score: CRITICAL (9.8)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

BID - 100290
CONFIRM - https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.3_.2F_4.3.1_.282017-08-10.29
DEBIAN - DSA-3963
GENTOO - GLSA-201709-18
REDHAT - RHSA-2017:2489

Vulnerable Software & Versions:

cpe:2.3:a:mercurial:mercurial:*:*:*:*:*:*:*:* versions up to (excluding) 4.3

CVE-2017-17458

In Mercurial before 4.4.1, it is possible that a specially malformed repository can cause Git subrepositories to run arbitrary code in the form of a .git/hooks/post-update script checked into the repository. Typical use of Mercurial prevents construction of such repositories, but they can be created programmatically.

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVSSv2:

Base Score: HIGH (10.0)
Vector: /AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSSv3:

Base Score: CRITICAL (9.8)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions:

cpe:2.3:a:mercurial:mercurial:*:*:*:*:*:*:*:* versions up to (excluding) 4.4.1

CVE-2017-9462

In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name.

CWE-732 Incorrect Permission Assignment for Critical Resource

CVSSv2:

Base Score: HIGH (9.0)
Vector: /AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSSv3:

Base Score: HIGH (8.8)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

BID - 99123
CONFIRM - https://bugs.debian.org/861243
CONFIRM - https://www.mercurial-scm.org/repo/hg/rev/77eaf9539499
CONFIRM - https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.1.3_.282017-4-18.29
DEBIAN - DSA-3963
GENTOO - GLSA-201709-18
MLIST - [debian-lts-announce] 20180705 [SECURITY] [DLA 1414-1] mercurial security update
REDHAT - RHSA-2017:1576

Vulnerable Software & Versions:

cpe:2.3:a:mercurial:mercurial:*:*:*:*:*:*:*:* versions up to (excluding) 4.1.3

CVE-2018-1000132

Mercurial version 4.5 and earlier contains a Incorrect Access Control (CWE-285) vulnerability in Protocol server that can result in Unauthorized data access. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in 4.5.1.

CWE-732 Incorrect Permission Assignment for Critical Resource

CVSSv2:

Base Score: MEDIUM (6.4)
Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:N

CVSSv3:

Base Score: CRITICAL (9.1)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

References:

Vulnerable Software & Versions:

cpe:2.3:a:mercurial:mercurial:*:*:*:*:*:*:*:* versions up to (excluding) 4.5.1

CVE-2018-13346

The mpatch_apply function in mpatch.c in Mercurial before 4.6.1 incorrectly proceeds in cases where the fragment start is past the end of the original data, aka OVE-20180430-0004.

CWE-20 Improper Input Validation

CVSSv2:

Base Score: MEDIUM (5.0)
Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSSv3:

Base Score: HIGH (7.5)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

Vulnerable Software & Versions:

cpe:2.3:a:mercurial:mercurial:*:*:*:*:*:*:*:* versions up to (excluding) 4.6.1

CVE-2018-13347

mpatch.c in Mercurial before 4.6.1 mishandles integer addition and subtraction, aka OVE-20180430-0002.

CWE-190 Integer Overflow or Wraparound

CVSSv2:

Base Score: HIGH (7.5)
Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSSv3:

Base Score: CRITICAL (9.8)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions:

cpe:2.3:a:mercurial:mercurial:*:*:*:*:*:*:*:* versions up to (excluding) 4.6.1

CVE-2018-13348

The mpatch_decode function in mpatch.c in Mercurial before 4.6.1 mishandles certain situations where there should be at least 12 bytes remaining after the current position in the patch data, but actually are not, aka OVE-20180430-0001.

CWE-20 Improper Input Validation

CVSSv2:

Base Score: MEDIUM (5.0)
Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSSv3:

Base Score: HIGH (7.5)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

Vulnerable Software & Versions:

cpe:2.3:a:mercurial:mercurial:*:*:*:*:*:*:*:* versions up to (excluding) 4.6.1

CVE-2018-17983

cext/manifest.c in Mercurial before 4.7.2 has an out-of-bounds read during parsing of a malformed manifest entry.

CWE-125 Out-of-bounds Read

CVSSv2:

Base Score: MEDIUM (6.4)
Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:P

CVSSv3:

Base Score: CRITICAL (9.1)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

References:

Vulnerable Software & Versions:

cpe:2.3:a:mercurial:mercurial:*:*:*:*:*:*:*:* versions up to (excluding) 4.7.2

CVE-2019-3902

A flaw was found in Mercurial before 4.9. It was possible to use symlinks and subrepositories to defeat Mercurial's path-checking logic and write files outside a repository.

CWE-59 Improper Link Resolution Before File Access ('Link Following')

CVSSv2:

Base Score: MEDIUM (5.8)
Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:P

CVSSv3:

Base Score: MEDIUM (5.9)
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

Vulnerable Software & Versions:

cpe:2.3:a:mercurial:mercurial:*:*:*:*:*:*:*:* versions up to (excluding) 4.9

it-tidalwave-northernwind-core-filesystem-scm-1.2-ALPHA-11.jar

Description:

Support classes for SCM filesystems.

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/it/tidalwave/northernwind/it-tidalwave-northernwind-core-filesystem-scm/1.2-ALPHA-11/it-tidalwave-northernwind-core-filesystem-scm-1.2-ALPHA-11.jar
MD5: a8bd427b7465b1caa36eae42d22ea03d
SHA1: a1e2500d3f49cf2b0088f0f1829fefe0f2fe877a
SHA256:ff23f79a08453d09d907de8e00c640609cd8858c9b69212050fb1e4b2ce70f5c
Referenced In Projects/Scopes:

NorthernWind :: Filesystems :: SCM :: Mercurial:compile
NorthernWind :: Frontend :: Webapp:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:compile
NorthernWind :: Filesystems :: SCM :: Git:compile
NorthernWind :: Frontend :: Webapp :: Commons:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	groupid	it.tidalwave.northernwind	Highest
Vendor	pom	artifactid	it-tidalwave-northernwind-core-filesystem-scm	Low
Vendor	jar	package name	northernwind	Highest
Vendor	file	name	it-tidalwave-northernwind-core-filesystem-scm	High
Vendor	Manifest	specification-vendor	Tidalwave s.a.s.	Low
Vendor	pom	name	NorthernWind :: Filesystems :: SCM	High
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	Manifest	Implementation-Vendor	Tidalwave s.a.s.	High
Vendor	jar	package name	tidalwave	Highest
Vendor	jar	package name	it	Highest
Vendor	pom	parent-artifactid	it-tidalwave-northernwind-filesystem	Low
Product	Manifest	specification-title	NorthernWind :: Filesystems :: SCM	Medium
Product	pom	groupid	it.tidalwave.northernwind	Highest
Product	jar	package name	northernwind	Highest
Product	Manifest	Implementation-Title	NorthernWind :: Filesystems :: SCM	High
Product	file	name	it-tidalwave-northernwind-core-filesystem-scm	High
Product	pom	name	NorthernWind :: Filesystems :: SCM	High
Product	Manifest	build-jdk-spec	11	Low
Product	jar	package name	tidalwave	Highest
Product	pom	artifactid	it-tidalwave-northernwind-core-filesystem-scm	Highest
Product	pom	parent-artifactid	it-tidalwave-northernwind-filesystem	Medium
Product	jar	package name	it	Highest
Version	pom	version	1.2-ALPHA-11	Highest

Identifiers

pkg:maven/it.tidalwave.northernwind/it-tidalwave-northernwind-core-filesystem-scm@1.2-ALPHA-11 (Confidence:High)

it-tidalwave-northernwind-core-marshalling-default-1.2-ALPHA-11.jar

Description:

The default implementation of marshalling for some Core classes.

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/it/tidalwave/northernwind/it-tidalwave-northernwind-core-marshalling-default/1.2-ALPHA-11/it-tidalwave-northernwind-core-marshalling-default-1.2-ALPHA-11.jar
MD5: c04174e0a1bced163253e4b80738234b
SHA1: 9c204814950be3cf25591c256fece3fdd4ef2016
SHA256:ac52b1a843d3e1bc27379496abcfc45213c436639df8030b15776b7852dff608
Referenced In Projects/Scopes:

NorthernWind :: Frontend :: Webapp:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:compile
NorthernWind :: Frontend :: Webapp :: Commons:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	groupid	it.tidalwave.northernwind	Highest
Vendor	Manifest	specification-vendor	Tidalwave s.a.s.	Low
Vendor	jar	package name	core	Highest
Vendor	file	name	it-tidalwave-northernwind-core-marshalling-default	High
Vendor	jar	package name	tidalwave	Highest
Vendor	jar	package name	it	Highest
Vendor	jar	package name	northernwind	Highest
Vendor	pom	artifactid	it-tidalwave-northernwind-core-marshalling-default	Low
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	pom	name	NorthernWind :: Core :: Default Marshalling	High
Vendor	Manifest	Implementation-Vendor	Tidalwave s.a.s.	High
Vendor	pom	parent-artifactid	it-tidalwave-northernwind-modules	Low
Product	pom	groupid	it.tidalwave.northernwind	Highest
Product	jar	package name	core	Highest
Product	file	name	it-tidalwave-northernwind-core-marshalling-default	High
Product	jar	package name	tidalwave	Highest
Product	jar	package name	it	Highest
Product	pom	parent-artifactid	it-tidalwave-northernwind-modules	Medium
Product	pom	artifactid	it-tidalwave-northernwind-core-marshalling-default	Highest
Product	jar	package name	northernwind	Highest
Product	Manifest	build-jdk-spec	11	Low
Product	pom	name	NorthernWind :: Core :: Default Marshalling	High
Product	Manifest	Implementation-Title	NorthernWind :: Core :: Default Marshalling	High
Product	Manifest	specification-title	NorthernWind :: Core :: Default Marshalling	Medium
Version	pom	version	1.2-ALPHA-11	Highest

Identifiers

pkg:maven/it.tidalwave.northernwind/it-tidalwave-northernwind-core-marshalling-default@1.2-ALPHA-11 (Confidence:High)

it-tidalwave-northernwind-core-profiling-1.2-ALPHA-11.jar

Description:

This module collects elapsed times for processing requests and builds up some statistics.

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/it/tidalwave/northernwind/it-tidalwave-northernwind-core-profiling/1.2-ALPHA-11/it-tidalwave-northernwind-core-profiling-1.2-ALPHA-11.jar
MD5: 39c9d733b15b80d4ecf2783ed229de33
SHA1: 345759910b91f32926f94897d78e4b640730d196
SHA256:b76bffd34c303f7cbce8dbbbe06bd83d80039d251be53014eb8adf5e382534a1
Referenced In Projects/Scopes:

NorthernWind :: Frontend :: Media :: Spring MVC:compile
NorthernWind :: Filesystems :: SCM :: Mercurial:compile
NorthernWind :: Core :: Default Implementation:compile
NorthernWind :: Filesystems :: SCM:compile
NorthernWind :: Frontend :: Components :: HTML Template:compile
NorthernWind :: Frontend :: Webapp:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:compile
NorthernWind :: Filesystems :: SCM :: Git:compile
NorthernWind :: Frontend :: Webapp :: Commons:compile
NorthernWind :: Frontend :: Spring MVC:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	jar	package name	profiling	Highest
Vendor	pom	groupid	it.tidalwave.northernwind	Highest
Vendor	Manifest	specification-vendor	Tidalwave s.a.s.	Low
Vendor	jar	package name	tidalwave	Highest
Vendor	pom	artifactid	it-tidalwave-northernwind-core-profiling	Low
Vendor	jar	package name	it	Highest
Vendor	file	name	it-tidalwave-northernwind-core-profiling	High
Vendor	jar	package name	northernwind	Highest
Vendor	pom	name	NorthernWind :: Profiling	High
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	Manifest	Implementation-Vendor	Tidalwave s.a.s.	High
Vendor	pom	parent-artifactid	it-tidalwave-northernwind-modules	Low
Product	jar	package name	profiling	Highest
Product	pom	groupid	it.tidalwave.northernwind	Highest
Product	jar	package name	tidalwave	Highest
Product	jar	package name	it	Highest
Product	file	name	it-tidalwave-northernwind-core-profiling	High
Product	Manifest	Implementation-Title	NorthernWind :: Profiling	High
Product	Manifest	specification-title	NorthernWind :: Profiling	Medium
Product	pom	artifactid	it-tidalwave-northernwind-core-profiling	Highest
Product	pom	parent-artifactid	it-tidalwave-northernwind-modules	Medium
Product	jar	package name	northernwind	Highest
Product	pom	name	NorthernWind :: Profiling	High
Product	Manifest	build-jdk-spec	11	Low
Version	pom	version	1.2-ALPHA-11	Highest

Identifiers

pkg:maven/it.tidalwave.northernwind/it-tidalwave-northernwind-core-profiling@1.2-ALPHA-11 (Confidence:High)

it-tidalwave-northernwind-frontend-commons-1.2-ALPHA-11.jar

Description:

Utilities used by the front end implementations.

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/it/tidalwave/northernwind/it-tidalwave-northernwind-frontend-commons/1.2-ALPHA-11/it-tidalwave-northernwind-frontend-commons-1.2-ALPHA-11.jar
MD5: e60439cab9485397f4df0df1aa5bade5
SHA1: fe5ac860c14347f8f963533c08c2c33e45fb321f
SHA256:d9f549ee156e3944eb843158bba0cc6c403e3d79e225acd10d12785b58feddce
Referenced In Projects/Scopes:

NorthernWind :: Frontend :: Media :: Spring MVC:compile
NorthernWind :: Frontend:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:compile
NorthernWind :: Frontend :: Spring MVC:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	groupid	it.tidalwave.northernwind	Highest
Vendor	pom	artifactid	it-tidalwave-northernwind-frontend-commons	Low
Vendor	Manifest	specification-vendor	Tidalwave s.a.s.	Low
Vendor	jar	package name	frontend	Highest
Vendor	jar	package name	tidalwave	Highest
Vendor	jar	package name	it	Highest
Vendor	file	name	it-tidalwave-northernwind-frontend-commons	High
Vendor	jar	package name	northernwind	Highest
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	Manifest	Implementation-Vendor	Tidalwave s.a.s.	High
Vendor	pom	name	NorthernWind :: Frontend :: Commons	High
Vendor	pom	parent-artifactid	it-tidalwave-northernwind-modules	Low
Product	pom	groupid	it.tidalwave.northernwind	Highest
Product	jar	package name	frontend	Highest
Product	jar	package name	tidalwave	Highest
Product	jar	package name	it	Highest
Product	pom	artifactid	it-tidalwave-northernwind-frontend-commons	Highest
Product	pom	parent-artifactid	it-tidalwave-northernwind-modules	Medium
Product	file	name	it-tidalwave-northernwind-frontend-commons	High
Product	jar	package name	northernwind	Highest
Product	Manifest	build-jdk-spec	11	Low
Product	Manifest	Implementation-Title	NorthernWind :: Frontend :: Commons	High
Product	Manifest	specification-title	NorthernWind :: Frontend :: Commons	Medium
Product	pom	name	NorthernWind :: Frontend :: Commons	High
Version	pom	version	1.2-ALPHA-11	Highest

Identifiers

pkg:maven/it.tidalwave.northernwind/it-tidalwave-northernwind-frontend-commons@1.2-ALPHA-11 (Confidence:High)

it-tidalwave-northernwind-frontend-components-1.2-ALPHA-11.jar

Description:

The definitions of page components.

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/it/tidalwave/northernwind/it-tidalwave-northernwind-frontend-components/1.2-ALPHA-11/it-tidalwave-northernwind-frontend-components-1.2-ALPHA-11.jar
MD5: 36555fabe467dae076dece879bdd72c0
SHA1: 3f870893cca2c112a601df8be316a882fa4a36bc
SHA256:96a956a6c755d59ee71d60d47cdefd1dd3a55c13ea5a3ca5f1ba5259157b8193
Referenced In Projects/Scopes:

NorthernWind :: Frontend :: Media :: Spring MVC:compile
NorthernWind :: Frontend :: Components :: HTML Template:compile
NorthernWind :: Frontend :: Media:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:compile
NorthernWind :: Frontend :: Spring MVC:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	groupid	it.tidalwave.northernwind	Highest
Vendor	Manifest	specification-vendor	Tidalwave s.a.s.	Low
Vendor	jar	package name	frontend	Highest
Vendor	pom	name	NorthernWind :: Frontend :: Components	High
Vendor	jar	package name	tidalwave	Highest
Vendor	file	name	it-tidalwave-northernwind-frontend-components	High
Vendor	jar	package name	it	Highest
Vendor	jar	package name	northernwind	Highest
Vendor	pom	artifactid	it-tidalwave-northernwind-frontend-components	Low
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	Manifest	Implementation-Vendor	Tidalwave s.a.s.	High
Vendor	pom	parent-artifactid	it-tidalwave-northernwind-modules	Low
Product	pom	groupid	it.tidalwave.northernwind	Highest
Product	jar	package name	frontend	Highest
Product	pom	name	NorthernWind :: Frontend :: Components	High
Product	jar	package name	tidalwave	Highest
Product	file	name	it-tidalwave-northernwind-frontend-components	High
Product	jar	package name	it	Highest
Product	pom	parent-artifactid	it-tidalwave-northernwind-modules	Medium
Product	jar	package name	northernwind	Highest
Product	Manifest	specification-title	NorthernWind :: Frontend :: Components	Medium
Product	pom	artifactid	it-tidalwave-northernwind-frontend-components	Highest
Product	Manifest	build-jdk-spec	11	Low
Product	Manifest	Implementation-Title	NorthernWind :: Frontend :: Components	High
Version	pom	version	1.2-ALPHA-11	Highest

Identifiers

pkg:maven/it.tidalwave.northernwind/it-tidalwave-northernwind-frontend-components@1.2-ALPHA-11 (Confidence:High)

it-tidalwave-northernwind-frontend-components-htmltemplate-1.2-ALPHA-11.jar

Description:

An implementation of page components based on HTML templating.

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/it/tidalwave/northernwind/it-tidalwave-northernwind-frontend-components-htmltemplate/1.2-ALPHA-11/it-tidalwave-northernwind-frontend-components-htmltemplate-1.2-ALPHA-11.jar
MD5: 043e878a96b651d02761c26417cb0f28
SHA1: 3a934fc455d37ee33f11f47b3e627eb45899550e
SHA256:7e233f8c96b1958b6958e349d63c79ba03f318f0733f0be332713a9407e94c92
Referenced In Projects/Scopes:

NorthernWind :: Frontend :: Media :: Spring MVC:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:compile
NorthernWind :: Frontend :: Spring MVC:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	name	NorthernWind :: Frontend :: Components :: HTML Template	High
Vendor	pom	groupid	it.tidalwave.northernwind	Highest
Vendor	Manifest	specification-vendor	Tidalwave s.a.s.	Low
Vendor	jar	package name	frontend	Highest
Vendor	jar	package name	tidalwave	Highest
Vendor	jar	package name	it	Highest
Vendor	jar	package name	northernwind	Highest
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	pom	artifactid	it-tidalwave-northernwind-frontend-components-htmltemplate	Low
Vendor	Manifest	Implementation-Vendor	Tidalwave s.a.s.	High
Vendor	pom	parent-artifactid	it-tidalwave-northernwind-modules	Low
Vendor	file	name	it-tidalwave-northernwind-frontend-components-htmltemplate	High
Product	pom	name	NorthernWind :: Frontend :: Components :: HTML Template	High
Product	pom	groupid	it.tidalwave.northernwind	Highest
Product	jar	package name	frontend	Highest
Product	jar	package name	tidalwave	Highest
Product	Manifest	specification-title	NorthernWind :: Frontend :: Components :: HTML Template	Medium
Product	jar	package name	it	Highest
Product	pom	artifactid	it-tidalwave-northernwind-frontend-components-htmltemplate	Highest
Product	Manifest	Implementation-Title	NorthernWind :: Frontend :: Components :: HTML Template	High
Product	pom	parent-artifactid	it-tidalwave-northernwind-modules	Medium
Product	jar	package name	northernwind	Highest
Product	Manifest	build-jdk-spec	11	Low
Product	file	name	it-tidalwave-northernwind-frontend-components-htmltemplate	High
Version	pom	version	1.2-ALPHA-11	Highest

Identifiers

pkg:maven/it.tidalwave.northernwind/it-tidalwave-northernwind-frontend-components-htmltemplate@1.2-ALPHA-11 (Confidence:High)

it-tidalwave-northernwind-frontend-media-1.2-ALPHA-11.jar

Description:

Media Extensions.

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/it/tidalwave/northernwind/it-tidalwave-northernwind-frontend-media/1.2-ALPHA-11/it-tidalwave-northernwind-frontend-media-1.2-ALPHA-11.jar
MD5: f33927cce0c978fe11cb7b1819c6e1ec
SHA1: d67fd8618b3b2178272f7e494c78dc4473fbccd8
SHA256:58f40f09d6daf24dab3c19277f1f0006734b4460694afe2b651f41b6c037fc10
Referenced In Projects/Scopes:

NorthernWind :: Frontend :: Media :: Spring MVC:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	groupid	it.tidalwave.northernwind	Highest
Vendor	pom	artifactid	it-tidalwave-northernwind-frontend-media	Low
Vendor	Manifest	specification-vendor	Tidalwave s.a.s.	Low
Vendor	jar	package name	frontend	Highest
Vendor	jar	package name	tidalwave	Highest
Vendor	jar	package name	it	Highest
Vendor	pom	name	NorthernWind :: Frontend :: Media	High
Vendor	file	name	it-tidalwave-northernwind-frontend-media	High
Vendor	jar	package name	northernwind	Highest
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	Manifest	Implementation-Vendor	Tidalwave s.a.s.	High
Vendor	pom	parent-artifactid	it-tidalwave-northernwind-modules	Low
Product	Manifest	Implementation-Title	NorthernWind :: Frontend :: Media	High
Product	pom	groupid	it.tidalwave.northernwind	Highest
Product	jar	package name	frontend	Highest
Product	pom	artifactid	it-tidalwave-northernwind-frontend-media	Highest
Product	jar	package name	tidalwave	Highest
Product	jar	package name	it	Highest
Product	Manifest	specification-title	NorthernWind :: Frontend :: Media	Medium
Product	pom	parent-artifactid	it-tidalwave-northernwind-modules	Medium
Product	pom	name	NorthernWind :: Frontend :: Media	High
Product	file	name	it-tidalwave-northernwind-frontend-media	High
Product	jar	package name	northernwind	Highest
Product	Manifest	build-jdk-spec	11	Low
Version	pom	version	1.2-ALPHA-11	Highest

Identifiers

pkg:maven/it.tidalwave.northernwind/it-tidalwave-northernwind-frontend-media@1.2-ALPHA-11 (Confidence:High)

it-tidalwave-northernwind-frontend-media-springmvc-1.2-ALPHA-11.jar

Description:

An implementation of the front end based on Spring MVC including Media Extensions.

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/it/tidalwave/northernwind/it-tidalwave-northernwind-frontend-media-springmvc/1.2-ALPHA-11/it-tidalwave-northernwind-frontend-media-springmvc-1.2-ALPHA-11.jar
MD5: db7d9edea5ed559e0966e4e51f66a80c
SHA1: 30224316b23692ec4e08191165cec47f174e8184
SHA256:eeac05d1d3c3b8d8cd137ec89be3bb9b909ce81cfb9c9de2c84493573fb3ac46
Referenced In Project/Scope:NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	groupid	it.tidalwave.northernwind	Highest
Vendor	pom	name	NorthernWind :: Frontend :: Media :: Spring MVC	High
Vendor	file	name	it-tidalwave-northernwind-frontend-media-springmvc	High
Vendor	pom	artifactid	it-tidalwave-northernwind-frontend-media-springmvc	Low
Vendor	Manifest	specification-vendor	Tidalwave s.a.s.	Low
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	Manifest	Implementation-Vendor	Tidalwave s.a.s.	High
Vendor	pom	parent-artifactid	it-tidalwave-northernwind-frontend	Low
Product	pom	groupid	it.tidalwave.northernwind	Highest
Product	pom	name	NorthernWind :: Frontend :: Media :: Spring MVC	High
Product	file	name	it-tidalwave-northernwind-frontend-media-springmvc	High
Product	Manifest	Implementation-Title	NorthernWind :: Frontend :: Media :: Spring MVC	High
Product	Manifest	build-jdk-spec	11	Low
Product	pom	artifactid	it-tidalwave-northernwind-frontend-media-springmvc	Highest
Product	Manifest	specification-title	NorthernWind :: Frontend :: Media :: Spring MVC	Medium
Product	pom	parent-artifactid	it-tidalwave-northernwind-frontend	Medium
Version	pom	version	1.2-ALPHA-11	Highest

Identifiers

pkg:maven/it.tidalwave.northernwind/it-tidalwave-northernwind-frontend-media-springmvc@1.2-ALPHA-11 (Confidence:High)

it-tidalwave-northernwind-frontend-springmvc-1.2-ALPHA-11.jar

Description:

An implementation of the front end based on Spring MVC.

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/it/tidalwave/northernwind/it-tidalwave-northernwind-frontend-springmvc/1.2-ALPHA-11/it-tidalwave-northernwind-frontend-springmvc-1.2-ALPHA-11.jar
MD5: 23d0dd18ae2a447250fba0bf2a3b2c9b
SHA1: 353c8c423f120033ba7d34d971298b9a10d97030
SHA256:3dca21d6e6b8471b8839998c11262d5d7a04a02335ffba9ea0e731395cb08211
Referenced In Projects/Scopes:

NorthernWind :: Frontend :: Media :: Spring MVC:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	groupid	it.tidalwave.northernwind	Highest
Vendor	pom	artifactid	it-tidalwave-northernwind-frontend-springmvc	Low
Vendor	Manifest	specification-vendor	Tidalwave s.a.s.	Low
Vendor	jar	package name	frontend	Highest
Vendor	file	name	it-tidalwave-northernwind-frontend-springmvc	High
Vendor	jar	package name	tidalwave	Highest
Vendor	jar	package name	it	Highest
Vendor	pom	parent-artifactid	it-tidalwave-northernwind-frontend	Low
Vendor	jar	package name	northernwind	Highest
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	Manifest	Implementation-Vendor	Tidalwave s.a.s.	High
Vendor	pom	name	NorthernWind :: Frontend :: Spring MVC	High
Product	Manifest	specification-title	NorthernWind :: Frontend :: Spring MVC	Medium
Product	pom	groupid	it.tidalwave.northernwind	Highest
Product	pom	artifactid	it-tidalwave-northernwind-frontend-springmvc	Highest
Product	jar	package name	frontend	Highest
Product	file	name	it-tidalwave-northernwind-frontend-springmvc	High
Product	jar	package name	tidalwave	Highest
Product	jar	package name	it	Highest
Product	Manifest	Implementation-Title	NorthernWind :: Frontend :: Spring MVC	High
Product	jar	package name	northernwind	Highest
Product	Manifest	build-jdk-spec	11	Low
Product	pom	name	NorthernWind :: Frontend :: Spring MVC	High
Product	pom	parent-artifactid	it-tidalwave-northernwind-frontend	Medium
Version	pom	version	1.2-ALPHA-11	Highest

Identifiers

pkg:maven/it.tidalwave.northernwind/it-tidalwave-northernwind-frontend-springmvc@1.2-ALPHA-11 (Confidence:High)

it-tidalwave-role-3.2-ALPHA-18.jar

Description:

        Roles are a powerful way for designing complex behaviours while keeping good practices such as Single Responsibility, Dependency Inversion and
        Interface Segregation.

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/it/tidalwave/thesefoolishthings/it-tidalwave-role/3.2-ALPHA-18/it-tidalwave-role-3.2-ALPHA-18.jar
MD5: e8e9c2b529d07ec22ad2dd0fb60ea59a
SHA1: 5f72bad43fe46580b2c22675715a095fe3930cb9
SHA256:34554cd1c8cc8d5328fdcfbe245d7977670eccc04c4dfeb8bd70b5face428997
Referenced In Projects/Scopes:

NorthernWind :: Profiling:compile
NorthernWind :: Filesystems :: SCM:compile
NorthernWind :: Frontend :: Components :: HTML Template:compile
NorthernWind :: Frontend :: Media:compile
NorthernWind :: Frontend :: Webapp:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:compile
NorthernWind :: Frontend :: Spring MVC:compile
NorthernWind :: Frontend :: Media :: Spring MVC:compile
NorthernWind :: Frontend :: Commons:compile
NorthernWind :: Filesystems :: SCM :: Mercurial:compile
NorthernWind :: Core :: Default Marshalling:compile
NorthernWind :: Core :: Default Implementation:compile
NorthernWind :: Frontend:compile
NorthernWind :: Filesystems :: Basic:compile
NorthernWind :: Filesystems :: SCM :: Git:compile
NorthernWind :: Frontend :: Webapp :: Commons:compile
NorthernWind :: Core:compile
NorthernWind :: Frontend :: Components:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	Manifest	specification-vendor	Tidalwave s.a.s.	Low
Vendor	jar	package name	role	Highest
Vendor	pom	parent-artifactid	modules	Low
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	Manifest	Implementation-Vendor	Tidalwave s.a.s.	High
Vendor	jar	package name	tidalwave	Highest
Vendor	pom	groupid	it.tidalwave.thesefoolishthings	Highest
Vendor	file	name	it-tidalwave-role	High
Vendor	pom	artifactid	it-tidalwave-role	Low
Vendor	jar	package name	it	Highest
Vendor	pom	name	TheseFoolishThings :: Roles	High
Product	Manifest	Implementation-Title	TheseFoolishThings :: Roles	High
Product	Manifest	specification-title	TheseFoolishThings :: Roles	Medium
Product	pom	parent-artifactid	modules	Medium
Product	jar	package name	role	Highest
Product	Manifest	build-jdk-spec	11	Low
Product	pom	artifactid	it-tidalwave-role	Highest
Product	jar	package name	tidalwave	Highest
Product	pom	groupid	it.tidalwave.thesefoolishthings	Highest
Product	file	name	it-tidalwave-role	High
Product	jar	package name	it	Highest
Product	pom	name	TheseFoolishThings :: Roles	High
Version	pom	version	3.2-ALPHA-18	Highest

Identifiers

pkg:maven/it.tidalwave.thesefoolishthings/it-tidalwave-role@3.2-ALPHA-18 (Confidence:High)

it-tidalwave-role-spring-3.2-ALPHA-18.jar

Description:

        Specific Spring support for DCI roles.

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/it/tidalwave/thesefoolishthings/it-tidalwave-role-spring/3.2-ALPHA-18/it-tidalwave-role-spring-3.2-ALPHA-18.jar
MD5: f305b5f799d75fc3860c23d472ab8119
SHA1: 26a506a6e216d6a963bc95029e5b0713924bbfd8
SHA256:cbfce53649d0cc28f7e98631ec9228b1823f4da60399be3b73f3d955774880a1
Referenced In Projects/Scopes:

NorthernWind :: Filesystems :: SCM:compile
NorthernWind :: Frontend :: Components :: HTML Template:compile
NorthernWind :: Frontend :: Media:compile
NorthernWind :: Frontend :: Webapp:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:compile
NorthernWind :: Frontend :: Spring MVC:compile
NorthernWind :: Frontend :: Media :: Spring MVC:compile
NorthernWind :: Filesystems :: SCM :: Mercurial:compile
NorthernWind :: Core :: Default Marshalling:compile
NorthernWind :: Core :: Default Implementation:compile
NorthernWind :: Filesystems :: SCM :: Git:compile
NorthernWind :: Frontend :: Webapp :: Commons:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	Manifest	specification-vendor	Tidalwave s.a.s.	Low
Vendor	pom	parent-artifactid	modules	Low
Vendor	jar	package name	tidalwave	Highest
Vendor	pom	groupid	it.tidalwave.thesefoolishthings	Highest
Vendor	pom	artifactid	it-tidalwave-role-spring	Low
Vendor	jar	package name	spring	Highest
Vendor	jar	package name	it	Highest
Vendor	pom	name	TheseFoolishThings :: Roles :: Spring	High
Vendor	file	name	it-tidalwave-role-spring	High
Vendor	jar	package name	role	Highest
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	Manifest	Implementation-Vendor	Tidalwave s.a.s.	High
Product	jar	package name	tidalwave	Highest
Product	Manifest	Implementation-Title	TheseFoolishThings :: Roles :: Spring	High
Product	pom	groupid	it.tidalwave.thesefoolishthings	Highest
Product	jar	package name	spring	Highest
Product	pom	artifactid	it-tidalwave-role-spring	Highest
Product	jar	package name	it	Highest
Product	pom	name	TheseFoolishThings :: Roles :: Spring	High
Product	file	name	it-tidalwave-role-spring	High
Product	Manifest	specification-title	TheseFoolishThings :: Roles :: Spring	Medium
Product	pom	parent-artifactid	modules	Medium
Product	jar	package name	role	Highest
Product	Manifest	build-jdk-spec	11	Low
Version	pom	version	3.2-ALPHA-18	Highest

Identifiers

pkg:maven/it.tidalwave.thesefoolishthings/it-tidalwave-role-spring@3.2-ALPHA-18 (Confidence:High)

it-tidalwave-util-3.2-ALPHA-18.jar

Description:

        A collection of common utilities.

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/it/tidalwave/thesefoolishthings/it-tidalwave-util/3.2-ALPHA-18/it-tidalwave-util-3.2-ALPHA-18.jar
MD5: 4786722b8b0ce865c6013c439c60661a
SHA1: 526d65b89c62395bf4ef60489bb04532d511e763
SHA256:7a9ad30086c1fd62f08f156fd517f5497b4b642144c01b34963ee8674f0528b3
Referenced In Projects/Scopes:

NorthernWind :: Profiling:compile
NorthernWind :: Commons for tests:compile
NorthernWind :: Filesystems :: SCM:compile
NorthernWind :: Frontend :: Components :: HTML Template:compile
NorthernWind :: Frontend :: Media:compile
NorthernWind :: Frontend :: Webapp:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:compile
NorthernWind :: Frontend :: Spring MVC:compile
NorthernWind :: Frontend :: Media :: Spring MVC:compile
NorthernWind :: Frontend :: Commons:compile
NorthernWind :: Filesystems :: SCM :: Mercurial:compile
NorthernWind :: Core :: Default Marshalling:compile
NorthernWind :: Core :: Default Implementation:compile
NorthernWind :: Frontend:compile
NorthernWind :: Filesystems :: Basic:compile
NorthernWind :: Filesystems :: SCM :: Git:compile
NorthernWind :: Frontend :: Webapp :: Commons:compile
NorthernWind :: Core:compile
NorthernWind :: Frontend :: Components:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	name	TheseFoolishThings :: Utilities	High
Vendor	file	name	it-tidalwave-util	High
Vendor	jar	package name	util	Highest
Vendor	Manifest	specification-vendor	Tidalwave s.a.s.	Low
Vendor	pom	parent-artifactid	modules	Low
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	Manifest	Implementation-Vendor	Tidalwave s.a.s.	High
Vendor	jar	package name	tidalwave	Highest
Vendor	pom	groupid	it.tidalwave.thesefoolishthings	Highest
Vendor	jar	package name	it	Highest
Vendor	pom	artifactid	it-tidalwave-util	Low
Product	Manifest	Implementation-Title	TheseFoolishThings :: Utilities	High
Product	pom	name	TheseFoolishThings :: Utilities	High
Product	file	name	it-tidalwave-util	High
Product	jar	package name	util	Highest
Product	pom	parent-artifactid	modules	Medium
Product	Manifest	specification-title	TheseFoolishThings :: Utilities	Medium
Product	Manifest	build-jdk-spec	11	Low
Product	jar	package name	tidalwave	Highest
Product	pom	groupid	it.tidalwave.thesefoolishthings	Highest
Product	jar	package name	it	Highest
Product	pom	artifactid	it-tidalwave-util	Highest
Version	pom	version	3.2-ALPHA-18	Highest

Identifiers

pkg:maven/it.tidalwave.thesefoolishthings/it-tidalwave-util@3.2-ALPHA-18 (Confidence:High)

it-tidalwave-util-test-3.2-ALPHA-18.jar

Description:

        Miscellaneous utilities for testing.

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/it/tidalwave/thesefoolishthings/it-tidalwave-util-test/3.2-ALPHA-18/it-tidalwave-util-test-3.2-ALPHA-18.jar
MD5: 2b02968bac95228202733ec745e1ac78
SHA1: bc8bdfad04132cc67d9be147783f959716460c01
SHA256:95ed341de5719f1e7fef7ee791ca8f2308d4b56bc257409a0b0b85b1abdb5834
Referenced In Projects/Scopes:

NorthernWind :: Frontend :: Media :: Spring MVC:compile
NorthernWind :: Commons for tests:compile
NorthernWind :: Filesystems :: SCM :: Mercurial:compile
NorthernWind :: Core :: Default Marshalling:compile
NorthernWind :: Core :: Default Implementation:compile
NorthernWind :: Filesystems :: SCM:compile
NorthernWind :: Frontend:compile
NorthernWind :: Filesystems :: Basic:compile
NorthernWind :: Filesystems :: SCM :: Git:compile
NorthernWind :: Core:compile
NorthernWind :: Frontend :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	Manifest	specification-vendor	Tidalwave s.a.s.	Low
Vendor	pom	parent-artifactid	modules	Low
Vendor	jar	package name	tidalwave	Highest
Vendor	jar	package name	test	Highest
Vendor	pom	groupid	it.tidalwave.thesefoolishthings	Highest
Vendor	jar	package name	it	Highest
Vendor	jar	package name	util	Highest
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	file	name	it-tidalwave-util-test	High
Vendor	Manifest	Implementation-Vendor	Tidalwave s.a.s.	High
Vendor	pom	name	TheseFoolishThings :: Test Utilities	High
Vendor	pom	artifactid	it-tidalwave-util-test	Low
Product	Manifest	Implementation-Title	TheseFoolishThings :: Test Utilities	High
Product	jar	package name	test	Highest
Product	jar	package name	tidalwave	Highest
Product	pom	groupid	it.tidalwave.thesefoolishthings	Highest
Product	jar	package name	it	Highest
Product	jar	package name	util	Highest
Product	pom	parent-artifactid	modules	Medium
Product	Manifest	build-jdk-spec	11	Low
Product	Manifest	specification-title	TheseFoolishThings :: Test Utilities	Medium
Product	file	name	it-tidalwave-util-test	High
Product	pom	name	TheseFoolishThings :: Test Utilities	High
Product	pom	artifactid	it-tidalwave-util-test	Highest
Version	pom	version	3.2-ALPHA-18	Highest

Identifiers

pkg:maven/it.tidalwave.thesefoolishthings/it-tidalwave-util-test@3.2-ALPHA-18 (Confidence:High)

jakarta.activation-2.0.0.jar

Description:

Jakarta Activation

License:

http://www.eclipse.org/org/documents/edl-v10.php

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/com/sun/activation/jakarta.activation/2.0.0/jakarta.activation-2.0.0.jar
MD5: e8fe27b2ed2bec52b561e4e0348a1a9f
SHA1: f4e7519148dee347c7666f336210deedb8aca09d
SHA256:db9c7e30f4d61ec33fd47942c9b7cf6e094025e7d5d8e20db73fce5a912a4366
Referenced In Projects/Scopes:

NorthernWind :: Core :: Default Marshalling:compile
NorthernWind :: Frontend :: Webapp:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:compile
NorthernWind :: Frontend :: Webapp :: Commons:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	jar (hint)	package name	oracle	Highest
Vendor	Manifest	Implementation-Vendor	Eclipse Foundation	High
Vendor	Manifest	extension-name	jakarta.activation	Medium
Vendor	pom	parent-artifactid	all	Low
Vendor	jar	package name	sun	Highest
Vendor	pom	groupid	sun.activation	Highest
Vendor	jar	package name	jakarta	Highest
Vendor	jar	package name	activation	Highest
Vendor	Manifest	bundle-symbolicname	com.sun.activation.jakarta.activation	Medium
Vendor	pom	name	Jakarta Activation	High
Vendor	Manifest	specification-vendor	Eclipse Foundation	Low
Vendor	file	name	jakarta.activation	High
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	Manifest	Implementation-Vendor-Id	com.sun	Medium
Vendor	Manifest	bundle-docurl	https://www.eclipse.org	Low
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	pom	groupid	com.sun.activation	Highest
Vendor	pom	parent-groupid	com.sun.activation	Medium
Vendor	pom	artifactid	jakarta.activation	Low
Product	Manifest	Bundle-Name	Jakarta Activation	Medium
Product	Manifest	extension-name	jakarta.activation	Medium
Product	jar	package name	sun	Highest
Product	pom	groupid	sun.activation	Highest
Product	jar	package name	jakarta	Highest
Product	jar	package name	activation	Highest
Product	Manifest	bundle-symbolicname	com.sun.activation.jakarta.activation	Medium
Product	pom	name	Jakarta Activation	High
Product	file	name	jakarta.activation	High
Product	Manifest	build-jdk-spec	11	Low
Product	Manifest	bundle-docurl	https://www.eclipse.org	Low
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	Manifest	specification-title	Jakarta Activation Specification	Medium
Product	Manifest	Implementation-Title	jakarta.activation	High
Product	pom	parent-artifactid	all	Medium
Product	pom	parent-groupid	com.sun.activation	Medium
Product	pom	artifactid	jakarta.activation	Highest
Version	Manifest	Bundle-Version	2.0.0	High
Version	Manifest	Implementation-Version	2.0.0	High
Version	pom	version	2.0.0	Highest
Version	file	version	2.0.0	High

Identifiers

pkg:maven/com.sun.activation/jakarta.activation@2.0.0 (Confidence:High)
cpe:2.3:a:oracle:java_se:2.0.0:*:*:*:*:*:*:* (Confidence:Low)

jakarta.xml.bind-api-3.0.0.jar

Description:

Jakarta XML Binding API 3.0 Design Specification

License:

http://www.eclipse.org/org/documents/edl-v10.php

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/jakarta/xml/bind/jakarta.xml.bind-api/3.0.0/jakarta.xml.bind-api-3.0.0.jar
MD5: 78cf2b809e4daa0beff13efdad12da76
SHA1: 9275db6e21287df61690989254a0b46d8d31e99a
SHA256:0037ab1eba33a969b36119c61a9f28313460a85eea9b800470a70cb2227d35f4
Referenced In Projects/Scopes:

NorthernWind :: Core :: Default Marshalling:compile
NorthernWind :: Frontend :: Webapp:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:compile
NorthernWind :: Frontend :: Webapp :: Commons:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	Manifest	multi-release	true	Low
Vendor	Manifest	extension-name	jakarta.xml.bind	Medium
Vendor	pom	groupid	jakarta.xml.bind	Highest
Vendor	pom	parent-artifactid	jakarta.xml.bind-api-parent	Low
Vendor	jar	package name	xml	Highest
Vendor	jar	package name	bind	Highest
Vendor	Manifest	bundle-symbolicname	jakarta.xml.bind-api	Medium
Vendor	jar	package name	jakarta	Highest
Vendor	Manifest	specification-vendor	Eclipse Foundation	Low
Vendor	Manifest	bundle-docurl	https://www.eclipse.org	Low
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	pom	name	Jakarta XML Binding API	High
Vendor	pom	artifactid	jakarta.xml.bind-api	Low
Vendor	Manifest	implementation-build-id	2d7fc02	Low
Vendor	file	name	jakarta.xml.bind-api	High
Product	Manifest	multi-release	true	Low
Product	Manifest	extension-name	jakarta.xml.bind	Medium
Product	pom	groupid	jakarta.xml.bind	Highest
Product	jar	package name	xml	Highest
Product	jar	package name	bind	Highest
Product	Manifest	bundle-symbolicname	jakarta.xml.bind-api	Medium
Product	Manifest	Bundle-Name	Jakarta XML Binding API	Medium
Product	pom	artifactid	jakarta.xml.bind-api	Highest
Product	jar	package name	jakarta	Highest
Product	Manifest	bundle-docurl	https://www.eclipse.org	Low
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	pom	name	Jakarta XML Binding API	High
Product	pom	parent-artifactid	jakarta.xml.bind-api-parent	Medium
Product	Manifest	implementation-build-id	2d7fc02	Low
Product	file	name	jakarta.xml.bind-api	High
Version	Manifest	Bundle-Version	3.0.0	High
Version	Manifest	Implementation-Version	3.0.0	High
Version	pom	version	3.0.0	Highest
Version	file	version	3.0.0	High

Identifiers

pkg:maven/jakarta.xml.bind/jakarta.xml.bind-api@3.0.0 (Confidence:High)

java-diff-utils-4.12.jar

Description:

The DiffUtils library for computing diffs, applying patches, generationg side-by-side view in Java.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/io/github/java-diff-utils/java-diff-utils/4.12/java-diff-utils-4.12.jar
MD5: 2bab3395dcfe2ea5b092ad646ca899d3
SHA1: 1a712a91324d566eef39817fc5c9980eb10c21db
SHA256:9990a2039778f6b4cc94790141c2868864eacee0620c6c459451121a901cd5b5
Referenced In Projects/Scopes:

NorthernWind :: Frontend :: Media :: Spring MVC:compile
NorthernWind :: Commons for tests:compile
NorthernWind :: Filesystems :: SCM :: Mercurial:compile
NorthernWind :: Core :: Default Marshalling:compile
NorthernWind :: Core :: Default Implementation:compile
NorthernWind :: Filesystems :: SCM:compile
NorthernWind :: Frontend:compile
NorthernWind :: Filesystems :: Basic:compile
NorthernWind :: Filesystems :: SCM :: Git:compile
NorthernWind :: Core:compile
NorthernWind :: Frontend :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	jar	package name	github	Highest
Vendor	pom	parent-artifactid	java-diff-utils-parent	Low
Vendor	file	name	java-diff-utils	High
Vendor	pom	artifactid	java-diff-utils	Low
Vendor	Manifest	automatic-module-name	io.github.javadiffutils	Medium
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	Manifest	bundle-symbolicname	io.github.java-diff-utils	Medium
Vendor	pom	name	java-diff-utils	High
Vendor	pom	groupid	io.github.java-diff-utils	Highest
Product	jar	package name	diffutils	Highest
Product	jar	package name	github	Highest
Product	file	name	java-diff-utils	High
Product	Manifest	automatic-module-name	io.github.javadiffutils	Medium
Product	pom	artifactid	java-diff-utils	Highest
Product	pom	parent-artifactid	java-diff-utils-parent	Medium
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	Manifest	Bundle-Name	java-diff-utils	Medium
Product	Manifest	bundle-symbolicname	io.github.java-diff-utils	Medium
Product	pom	name	java-diff-utils	High
Product	pom	groupid	io.github.java-diff-utils	Highest
Version	file	version	4.12	High
Version	pom	version	4.12	Highest

Identifiers

pkg:maven/io.github.java-diff-utils/java-diff-utils@4.12 (Confidence:High)
cpe:2.3:a:utils_project:utils:4.12:*:*:*:*:*:*:* (Confidence:Highest)

Published Vulnerabilities

CVE-2021-4277

A vulnerability, which was classified as problematic, has been found in fredsmith utils. This issue affects some unknown processing of the file screenshot_sync of the component Filename Handler. The manipulation leads to predictable from observable state. The name of the patch is dbab1b66955eeb3d76b34612b358307f5c4e3944. It is recommended to apply a patch to fix this issue. The identifier VDB-216749 was assigned to this vulnerability.

CWE-330 Use of Insufficiently Random Values

CVSSv3:

Base Score: MEDIUM (5.3)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References:

Vulnerable Software & Versions:

cpe:2.3:a:utils_project:utils:*:*:*:*:*:*:*:* versions up to (excluding) 2021-05-14

javax.annotation-api-1.3.2.jar

Description:

Common Annotations for the JavaTM Platform API

License:

CDDL + GPLv2 with classpath exception: https://github.com/javaee/javax.annotation/blob/master/LICENSE

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/javax/annotation/javax.annotation-api/1.3.2/javax.annotation-api-1.3.2.jar
MD5: 2ab1973eefffaa2aeec47d50b9e40b9d
SHA1: 934c04d3cfef185a8008e7bf34331b79730a9d43
SHA256:e04ba5195bcd555dc95650f7cc614d151e4bcd52d29a10b8aa2197f3ab89ab9b
Referenced In Projects/Scopes:

NorthernWind (modules):compile
NorthernWind :: Profiling:compile
NorthernWind :: Commons for tests:compile
NorthernWind :: Filesystems :: SCM:compile
NorthernWind :: Frontend :: Components :: HTML Template:compile
NorthernWind :: Frontend :: Media:compile
NorthernWind :: Frontend :: Webapp:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:compile
NorthernWind :: Frontend :: Spring MVC:compile
NorthernWind :: Frontend :: Media :: Spring MVC:compile
NorthernWind :: Frontend :: Commons:compile
NorthernWind :: Filesystems:compile
NorthernWind :: Filesystems :: SCM :: Mercurial:compile
NorthernWind :: Core :: Default Marshalling:compile
NorthernWind :: Core :: Default Implementation:compile
NorthernWind :: Frontend:compile
NorthernWind :: Filesystems :: Basic:compile
NorthernWind :: Filesystems :: SCM :: Git:compile
NorthernWind :: Frontend :: Webapp :: Commons:compile
NorthernWind :: Core:compile
NorthernWind :: Frontend :: Components:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile
NorthernWind :: HTML Patches:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	parent-groupid	net.java	Medium
Vendor	pom	url	http://jcp.org/en/jsr/detail?id=250	Highest
Vendor	pom	parent-artifactid	jvnet-parent	Low
Vendor	file	name	javax.annotation-api	High
Vendor	Manifest	extension-name	javax.annotation	Medium
Vendor	pom	organization url	https://javaee.github.io/glassfish	Medium
Vendor	Manifest	specification-vendor	Oracle Corporation	Low
Vendor	Manifest	bundle-symbolicname	javax.annotation-api	Medium
Vendor	jar	package name	javax	Highest
Vendor	jar	package name	annotation	Highest
Vendor	Manifest	bundle-docurl	https://javaee.github.io/glassfish	Low
Vendor	Manifest	automatic-module-name	java.annotation	Medium
Vendor	Manifest	Implementation-Vendor	GlassFish Community	High
Vendor	Manifest	Implementation-Vendor-Id	org.glassfish	Medium
Vendor	pom	organization name	GlassFish Community	High
Vendor	pom	name	${extension.name} API	High
Vendor	pom	groupid	javax.annotation	Highest
Vendor	pom	artifactid	javax.annotation-api	Low
Product	pom	parent-groupid	net.java	Medium
Product	pom	url	http://jcp.org/en/jsr/detail?id=250	Medium
Product	file	name	javax.annotation-api	High
Product	Manifest	extension-name	javax.annotation	Medium
Product	pom	organization url	https://javaee.github.io/glassfish	Low
Product	Manifest	Bundle-Name	javax.annotation API	Medium
Product	Manifest	bundle-symbolicname	javax.annotation-api	Medium
Product	jar	package name	javax	Highest
Product	jar	package name	annotation	Highest
Product	Manifest	bundle-docurl	https://javaee.github.io/glassfish	Low
Product	Manifest	automatic-module-name	java.annotation	Medium
Product	pom	organization name	GlassFish Community	Low
Product	pom	parent-artifactid	jvnet-parent	Medium
Product	pom	name	${extension.name} API	High
Product	pom	groupid	javax.annotation	Highest
Product	pom	artifactid	javax.annotation-api	Highest
Version	Manifest	Bundle-Version	1.3.2	High
Version	Manifest	Implementation-Version	1.3.2	High
Version	file	version	1.3.2	High
Version	pom	version	1.3.2	Highest
Version	pom	parent-version	1.3.2	Low

Identifiers

pkg:maven/javax.annotation/javax.annotation-api@1.3.2 (Confidence:High)

javax.inject-1.jar

Description:

The javax.inject API

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/javax/inject/javax.inject/1/javax.inject-1.jar
MD5: 289075e48b909e9e74e6c915b3631d2e
SHA1: 6975da39a7040257bd51d21a231b76c915872d38
SHA256:91c77044a50c481636c32d916fd89c9118a72195390452c81065080f957de7ff
Referenced In Projects/Scopes:

NorthernWind (modules):compile
NorthernWind :: Profiling:compile
NorthernWind :: Commons for tests:compile
NorthernWind :: Filesystems :: SCM:compile
NorthernWind :: Frontend :: Components :: HTML Template:compile
NorthernWind :: Frontend :: Media:compile
NorthernWind :: Frontend :: Webapp:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:compile
NorthernWind :: Frontend :: Spring MVC:compile
NorthernWind :: Frontend :: Media :: Spring MVC:compile
NorthernWind :: Frontend :: Commons:compile
NorthernWind :: Filesystems:compile
NorthernWind :: Filesystems :: SCM :: Mercurial:compile
NorthernWind :: Core :: Default Marshalling:compile
NorthernWind :: Core :: Default Implementation:compile
NorthernWind :: Frontend:compile
NorthernWind :: Filesystems :: Basic:compile
NorthernWind :: Filesystems :: SCM :: Git:compile
NorthernWind :: Frontend :: Webapp :: Commons:compile
NorthernWind :: Core:compile
NorthernWind :: Frontend :: Components:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile
NorthernWind :: HTML Patches:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	url	http://code.google.com/p/atinject/	Highest
Vendor	pom	groupid	javax.inject	Highest
Vendor	pom	artifactid	javax.inject	Low
Vendor	jar	package name	javax	Highest
Vendor	pom	name	javax.inject	High
Vendor	file	name	javax.inject-1	High
Vendor	jar	package name	javax	Low
Vendor	jar	package name	inject	Low
Vendor	jar	package name	inject	Highest
Product	pom	artifactid	javax.inject	Highest
Product	pom	groupid	javax.inject	Highest
Product	pom	url	http://code.google.com/p/atinject/	Medium
Product	jar	package name	javax	Highest
Product	pom	name	javax.inject	High
Product	file	name	javax.inject-1	High
Product	jar	package name	inject	Low
Product	jar	package name	inject	Highest
Version	pom	version	1	Highest
Version	file	version	1	Medium

Identifiers

pkg:maven/javax.inject/javax.inject@1 (Confidence:High)

javax.servlet-api-3.1.0.jar

Description:

Java(TM) Servlet 3.1 API Design Specification

License:

CDDL + GPLv2 with classpath exception: https://glassfish.dev.java.net/nonav/public/CDDL+GPL.html

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/javax/servlet/javax.servlet-api/3.1.0/javax.servlet-api-3.1.0.jar
MD5: 79de69e9f5ed8c7fcb8342585732bbf7
SHA1: 3cd63d075497751784b2fa84be59432f4905bf7c
SHA256:af456b2dd41c4e82cf54f3e743bc678973d9fe35bd4d3071fa05c7e5333b8482
Referenced In Projects/Scopes:

NorthernWind :: Filesystems :: Basic:provided
NorthernWind :: Frontend:provided
NorthernWind :: Frontend :: Components:provided
NorthernWind :: Core :: Default Implementation:provided
NorthernWind :: Frontend :: Components :: HTML Template:provided
NorthernWind :: Frontend :: Spring MVC:provided
NorthernWind :: Frontend :: Commons:provided
NorthernWind :: Frontend :: Media :: Spring MVC:provided
NorthernWind :: Core:provided

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	parent-groupid	net.java	Medium
Vendor	pom	artifactid	javax.servlet-api	Low
Vendor	pom	parent-artifactid	jvnet-parent	Low
Vendor	pom	groupid	javax.servlet	Highest
Vendor	Manifest	specification-vendor	Oracle Corporation	Low
Vendor	jar	package name	javax	Highest
Vendor	pom	name	Java Servlet API	High
Vendor	file	name	javax.servlet-api	High
Vendor	Manifest	Implementation-Vendor	GlassFish Community	High
Vendor	pom	url	http://servlet-spec.java.net	Highest
Vendor	Manifest	Implementation-Vendor-Id	org.glassfish	Medium
Vendor	jar	package name	servlet	Highest
Vendor	pom	organization name	GlassFish Community	High
Vendor	Manifest	bundle-docurl	https://glassfish.dev.java.net	Low
Vendor	Manifest	bundle-symbolicname	javax.servlet-api	Medium
Vendor	Manifest	extension-name	javax.servlet	Medium
Vendor	pom	organization url	https://glassfish.dev.java.net	Medium
Product	pom	parent-groupid	net.java	Medium
Product	pom	organization url	https://glassfish.dev.java.net	Low
Product	pom	groupid	javax.servlet	Highest
Product	pom	artifactid	javax.servlet-api	Highest
Product	jar	package name	javax	Highest
Product	pom	name	Java Servlet API	High
Product	file	name	javax.servlet-api	High
Product	pom	url	http://servlet-spec.java.net	Medium
Product	pom	organization name	GlassFish Community	Low
Product	Manifest	Bundle-Name	Java Servlet API	Medium
Product	pom	parent-artifactid	jvnet-parent	Medium
Product	jar	package name	servlet	Highest
Product	Manifest	bundle-docurl	https://glassfish.dev.java.net	Low
Product	Manifest	bundle-symbolicname	javax.servlet-api	Medium
Product	Manifest	extension-name	javax.servlet	Medium
Version	file	version	3.1.0	High
Version	pom	parent-version	3.1.0	Low
Version	Manifest	Implementation-Version	3.1.0	High
Version	Manifest	Bundle-Version	3.1.0	High
Version	pom	version	3.1.0	Highest

Identifiers

pkg:maven/javax.servlet/javax.servlet-api@3.1.0 (Confidence:High)
cpe:2.3:a:oracle:java_se:3.1.0:*:*:*:*:*:*:* (Confidence:Low)

jaxb-core-3.0.0.jar

Description:

JAXB Core module. Contains sources required by XJC, JXC and Runtime modules.

License:

http://www.eclipse.org/org/documents/edl-v10.php

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/glassfish/jaxb/jaxb-core/3.0.0/jaxb-core-3.0.0.jar
MD5: 0529ad63165dc6ff29329750b62f4e7d
SHA1: d3e976f31e1a233cac7a9d29ece92ab65c9a5d34
SHA256:75b97352b14aa2bb419f37a4d1f00196d0f9d1ca1053982ff51bac46e855c27e
Referenced In Projects/Scopes:

NorthernWind :: Core :: Default Marshalling:compile
NorthernWind :: Frontend :: Webapp:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:compile
NorthernWind :: Frontend :: Webapp :: Commons:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	Manifest	multi-release	true	Low
Vendor	Manifest	Implementation-Vendor-Id	org.glassfish.jaxb	Medium
Vendor	Manifest	Implementation-Vendor	Eclipse Foundation	High
Vendor	jar	package name	core	Highest
Vendor	jar	package name	glassfish	Highest
Vendor	pom	groupid	glassfish.jaxb	Highest
Vendor	pom	name	JAXB Core	High
Vendor	pom	groupid	org.glassfish.jaxb	Highest
Vendor	Manifest	git-revision	697e104	Low
Vendor	Manifest	implementation-build-id	3.0.0 - 697e104	Low
Vendor	pom	parent-groupid	com.sun.xml.bind.mvn	Medium
Vendor	jar	package name	jaxb	Highest
Vendor	Manifest	bundle-symbolicname	org.glassfish.jaxb.core	Medium
Vendor	Manifest	bundle-docurl	https://www.eclipse.org	Low
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	file	name	jaxb-core	High
Vendor	jar	package name	org	Highest
Vendor	pom	parent-artifactid	jaxb-parent	Low
Vendor	pom	artifactid	jaxb-core	Low
Product	Manifest	Implementation-Title	Jakarta XML Binding Implementation	High
Product	Manifest	multi-release	true	Low
Product	jar	package name	core	Highest
Product	Manifest	specification-title	Jakarta XML Binding	Medium
Product	jar	package name	glassfish	Highest
Product	pom	parent-artifactid	jaxb-parent	Medium
Product	pom	groupid	glassfish.jaxb	Highest
Product	pom	name	JAXB Core	High
Product	Manifest	git-revision	697e104	Low
Product	Manifest	implementation-build-id	3.0.0 - 697e104	Low
Product	pom	parent-groupid	com.sun.xml.bind.mvn	Medium
Product	jar	package name	jaxb	Highest
Product	Manifest	bundle-symbolicname	org.glassfish.jaxb.core	Medium
Product	Manifest	bundle-docurl	https://www.eclipse.org	Low
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	file	name	jaxb-core	High
Product	pom	artifactid	jaxb-core	Highest
Product	jar	package name	org	Highest
Product	Manifest	Bundle-Name	JAXB Core	Medium
Version	Manifest	build-id	3.0.0	Medium
Version	Manifest	major-version	3.0.0	Medium
Version	Manifest	Bundle-Version	3.0.0	High
Version	Manifest	Implementation-Version	3.0.0	High
Version	pom	version	3.0.0	Highest
Version	file	version	3.0.0	High
Version	Manifest	implementation-build-id	3.0.0	Low

Identifiers

pkg:maven/org.glassfish.jaxb/jaxb-core@3.0.0 (Confidence:High)

jaxb-core-3.0.0.jar

Description:

Old JAXB Core module. Contains sources required by XJC, JXC and Runtime modules with dependencies.

License:

http://www.eclipse.org/org/documents/edl-v10.php

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/com/sun/xml/bind/jaxb-core/3.0.0/jaxb-core-3.0.0.jar
MD5: b3095fb0bcc4ac39c373f2a5168a5987
SHA1: 6aae6e87468c15dfe5fffcb9039d05469b8ef318
SHA256:b1e4b8137505333ed59b08e748c46c3894795fa1d524d042354609fd9ca6754f
Referenced In Projects/Scopes:

NorthernWind :: Core :: Default Marshalling:compile
NorthernWind :: Frontend :: Webapp:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:compile
NorthernWind :: Frontend :: Webapp :: Commons:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	jar (hint)	package name	oracle	Highest
Vendor	jar	package name	core	Highest
Vendor	jar	package name	glassfish	Highest
Vendor	pom	name	Old JAXB Core	High
Vendor	pom	groupid	glassfish.jaxb	Highest
Vendor	jar	package name	com	Highest
Vendor	pom	groupid	com.sun.xml.bind	Highest
Vendor	Manifest	bundle-symbolicname	com.sun.xml.bind.jaxb-core	Medium
Vendor	pom	parent-artifactid	jaxb-bundles	Low
Vendor	file	name	jaxb-core	High
Vendor	pom	parent-artifactid	jaxb-parent	Low
Vendor	pom	artifactid	jaxb-core	Low
Vendor	Manifest	multi-release	true	Low
Vendor	pom	groupid	sun.xml.bind	Highest
Vendor	Manifest	Implementation-Vendor	Eclipse Foundation	High
Vendor	Manifest	Implementation-Vendor-Id	org.eclipse	Medium
Vendor	jar	package name	xml	Highest
Vendor	pom	name	JAXB Core	High
Vendor	jar	package name	sun	Highest
Vendor	Manifest	git-revision	697e104	Low
Vendor	pom	parent-groupid	com.sun.xml.bind.mvn	Medium
Vendor	jar	package name	jaxb	Highest
Vendor	Manifest	bundle-docurl	https://www.eclipse.org	Low
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	jar	package name	org	Highest
Product	jar	package name	core	Highest
Product	jar	package name	glassfish	Highest
Product	pom	name	Old JAXB Core	High
Product	pom	groupid	glassfish.jaxb	Highest
Product	jar	package name	com	Highest
Product	Manifest	bundle-symbolicname	com.sun.xml.bind.jaxb-core	Medium
Product	file	name	jaxb-core	High
Product	pom	artifactid	jaxb-core	Highest
Product	Manifest	Implementation-Title	Jakarta XML Binding Implementation	High
Product	Manifest	multi-release	true	Low
Product	pom	groupid	sun.xml.bind	Highest
Product	Manifest	specification-title	Jakarta XML Binding	Medium
Product	pom	parent-artifactid	jaxb-parent	Medium
Product	jar	package name	xml	Highest
Product	pom	name	JAXB Core	High
Product	jar	package name	sun	Highest
Product	pom	parent-artifactid	jaxb-bundles	Medium
Product	Manifest	git-revision	697e104	Low
Product	pom	parent-groupid	com.sun.xml.bind.mvn	Medium
Product	jar	package name	jaxb	Highest
Product	Manifest	bundle-docurl	https://www.eclipse.org	Low
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	jar	package name	org	Highest
Product	Manifest	Bundle-Name	Old JAXB Core	Medium
Version	Manifest	build-id	3.0.0	Medium
Version	Manifest	major-version	3.0.0	Medium
Version	Manifest	Bundle-Version	3.0.0	High
Version	Manifest	Implementation-Version	3.0.0	High
Version	pom	version	3.0.0	Highest
Version	file	version	3.0.0	High

Identifiers

pkg:maven/com.sun.xml.bind/jaxb-core@3.0.0 (Confidence:High)
pkg:maven/org.glassfish.jaxb/jaxb-core@3.0.0 (Confidence:High)
cpe:2.3:a:oracle:java_se:3.0.0:*:*:*:*:*:*:* (Confidence:Low)

jaxb-core-3.0.0.jar (shaded: com.sun.istack:istack-commons-runtime:4.0.0)

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/com/sun/xml/bind/jaxb-core/3.0.0/jaxb-core-3.0.0.jar/META-INF/maven/com.sun.istack/istack-commons-runtime/pom.xml
MD5: c794116e14cf6b4880c5fa97484a1669
SHA1: 74d35d998969df9d8236e198d61d2668b35fbded
SHA256:4b7815ba5011033993d2d72142241a0213ced4010ec9f55e5d3baf7d0e357560
Referenced In Projects/Scopes:

NorthernWind :: Core :: Default Marshalling:compile
NorthernWind :: Frontend :: Webapp:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:compile
NorthernWind :: Frontend :: Webapp :: Commons:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	artifactid	istack-commons-runtime	Low
Vendor	pom	groupid	sun.istack	Highest
Vendor	pom	name	istack common utility code runtime	High
Vendor	pom	parent-artifactid	istack-commons	Low
Vendor	pom	parent-groupid	com.sun.istack	Medium
Product	pom	parent-artifactid	istack-commons	Medium
Product	pom	artifactid	istack-commons-runtime	Highest
Product	pom	groupid	sun.istack	Highest
Product	pom	name	istack common utility code runtime	High
Product	pom	parent-groupid	com.sun.istack	Medium
Version	pom	version	4.0.0	Highest

Identifiers

pkg:maven/com.sun.istack/istack-commons-runtime@4.0.0 (Confidence:High)

jaxb-impl-3.0.0.jar

Description:

Old JAXB Runtime module. Contains sources required for runtime processing.

License:

http://www.eclipse.org/org/documents/edl-v10.php

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/com/sun/xml/bind/jaxb-impl/3.0.0/jaxb-impl-3.0.0.jar
MD5: ba0d3f0dfdd2f16951734b3c87cf073f
SHA1: da6cc5533db0f41078f424f3bc84d0f8c28f5f9c
SHA256:6d5a3cddb6948b6adc6707b121d627c3b50bc23334e072e8ddd8e82b894f384e
Referenced In Projects/Scopes:

NorthernWind :: Core :: Default Marshalling:compile
NorthernWind :: Frontend :: Webapp:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:compile
NorthernWind :: Frontend :: Webapp :: Commons:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	Manifest	multi-release	true	Low
Vendor	Manifest	bundle-symbolicname	com.sun.xml.bind.jaxb-impl	Medium
Vendor	pom	groupid	sun.xml.bind	Highest
Vendor	Manifest	Implementation-Vendor	Eclipse Foundation	High
Vendor	Manifest	Implementation-Vendor-Id	org.eclipse	Medium
Vendor	file	name	jaxb-impl	High
Vendor	jar	package name	runtime	Highest
Vendor	pom	artifactid	jaxb-impl	Low
Vendor	Manifest	git-revision	697e104	Low
Vendor	pom	groupid	com.sun.xml.bind	Highest
Vendor	pom	parent-groupid	com.sun.xml.bind.mvn	Medium
Vendor	jar	package name	jaxb	Highest
Vendor	pom	parent-artifactid	jaxb-bundles	Low
Vendor	pom	name	Old JAXB Runtime	High
Vendor	Manifest	bundle-docurl	https://www.eclipse.org	Low
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	jar	package name	org	Highest
Product	Manifest	Implementation-Title	Jakarta XML Binding Implementation	High
Product	Manifest	multi-release	true	Low
Product	Manifest	bundle-symbolicname	com.sun.xml.bind.jaxb-impl	Medium
Product	pom	groupid	sun.xml.bind	Highest
Product	pom	artifactid	jaxb-impl	Highest
Product	file	name	jaxb-impl	High
Product	Manifest	specification-title	Jakarta XML Binding	Medium
Product	jar	package name	runtime	Highest
Product	pom	parent-artifactid	jaxb-bundles	Medium
Product	Manifest	git-revision	697e104	Low
Product	pom	parent-groupid	com.sun.xml.bind.mvn	Medium
Product	jar	package name	jaxb	Highest
Product	Manifest	Bundle-Name	Old JAXB Runtime	Medium
Product	pom	name	Old JAXB Runtime	High
Product	Manifest	bundle-docurl	https://www.eclipse.org	Low
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	jar	package name	org	Highest
Version	Manifest	build-id	3.0.0	Medium
Version	Manifest	major-version	3.0.0	Medium
Version	Manifest	Bundle-Version	3.0.0	High
Version	Manifest	Implementation-Version	3.0.0	High
Version	pom	version	3.0.0	Highest
Version	file	version	3.0.0	High

Identifiers

pkg:maven/com.sun.xml.bind/jaxb-impl@3.0.0 (Confidence:High)

jaxb-impl-3.0.0.jar (shaded: org.glassfish.jaxb:jaxb-runtime:3.0.0)

Description:

JAXB (JSR 222) Reference Implementation

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/com/sun/xml/bind/jaxb-impl/3.0.0/jaxb-impl-3.0.0.jar/META-INF/maven/org.glassfish.jaxb/jaxb-runtime/pom.xml
MD5: 04337bb90bd23c070d299d51cfeef188
SHA1: 2698a6bb35c314aab0db0d36be6d9ffb5a9448f4
SHA256:62e62c624e799caeb1c8b36140a7671841bb94b55cfb1aa01319acb274b40bc4
Referenced In Projects/Scopes:

NorthernWind :: Core :: Default Marshalling:compile
NorthernWind :: Frontend :: Webapp:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:compile
NorthernWind :: Frontend :: Webapp :: Commons:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	parent-groupid	com.sun.xml.bind.mvn	Medium
Vendor	pom	artifactid	jaxb-runtime	Low
Vendor	pom	name	JAXB Runtime	High
Vendor	pom	parent-artifactid	jaxb-runtime-parent	Low
Vendor	pom	groupid	glassfish.jaxb	Highest
Product	pom	parent-groupid	com.sun.xml.bind.mvn	Medium
Product	pom	name	JAXB Runtime	High
Product	pom	parent-artifactid	jaxb-runtime-parent	Medium
Product	pom	groupid	glassfish.jaxb	Highest
Product	pom	artifactid	jaxb-runtime	Highest
Version	pom	version	3.0.0	Highest

Identifiers

pkg:maven/org.glassfish.jaxb/jaxb-runtime@3.0.0 (Confidence:High)

jaxb-xjc-3.0.0.jar

Description:

        JAXB Binding Compiler. Contains source code needed for binding customization files into java sources.
        In other words: the *tool* to generate java classes for the given xml representation.

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/glassfish/jaxb/jaxb-xjc/3.0.0/jaxb-xjc-3.0.0.jar
MD5: a2a5dd45abbe12e13ab854a0c90cb726
SHA1: d7360fd0988a8ffb0fdbb7d6b28527b7e9073e18
SHA256:c1e7cea2a98c05c9461cd05f145d5aeb99b1b6d28fc2646e1dc4508508505c66
Referenced In Projects/Scopes:

NorthernWind :: Core :: Default Marshalling:compile
NorthernWind :: Frontend :: Webapp:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:compile
NorthernWind :: Frontend :: Webapp :: Commons:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	Manifest	multi-release	true	Low
Vendor	jar (hint)	package name	oracle	Highest
Vendor	Manifest	Implementation-Vendor	Eclipse Foundation	High
Vendor	file	name	jaxb-xjc	High
Vendor	Manifest	Implementation-Vendor-Id	org.eclipse	Medium
Vendor	pom	groupid	glassfish.jaxb	Highest
Vendor	jar	package name	sun	Highest
Vendor	pom	groupid	org.glassfish.jaxb	Highest
Vendor	jar	package name	com	Highest
Vendor	jar	package name	xjc	Highest
Vendor	Manifest	git-revision	697e104	Low
Vendor	pom	parent-groupid	com.sun.xml.bind.mvn	Medium
Vendor	pom	artifactid	jaxb-xjc	Low
Vendor	pom	name	JAXB XJC	High
Vendor	pom	parent-artifactid	jaxb-parent	Low
Product	Manifest	Implementation-Title	Jakarta XML Binding Implementation	High
Product	Manifest	multi-release	true	Low
Product	file	name	jaxb-xjc	High
Product	Manifest	specification-title	Jakarta XML Binding	Medium
Product	pom	parent-artifactid	jaxb-parent	Medium
Product	pom	groupid	glassfish.jaxb	Highest
Product	jar	package name	sun	Highest
Product	jar	package name	com	Highest
Product	jar	package name	xjc	Highest
Product	Manifest	git-revision	697e104	Low
Product	pom	parent-groupid	com.sun.xml.bind.mvn	Medium
Product	pom	name	JAXB XJC	High
Product	pom	artifactid	jaxb-xjc	Highest
Version	Manifest	build-id	3.0.0	Medium
Version	Manifest	major-version	3.0.0	Medium
Version	Manifest	Implementation-Version	3.0.0	High
Version	pom	version	3.0.0	Highest
Version	file	version	3.0.0	High

Identifiers

pkg:maven/org.glassfish.jaxb/jaxb-xjc@3.0.0 (Confidence:High)

jcl-over-slf4j-1.7.30.jar

Description:

JCL 1.2 implemented over SLF4J

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/slf4j/jcl-over-slf4j/1.7.30/jcl-over-slf4j-1.7.30.jar
MD5: 69ad224b2feb6f86554fe8997b9c3d4b
SHA1: cd92524ea19d27e5b94ecd251e1af729cffdfe15
SHA256:71e9ee37b9e4eb7802a2acc5f41728a4cf3915e7483d798db3b4ff2ec8847c50
Referenced In Projects/Scopes:

NorthernWind :: Frontend :: Components :: HTML Template:runtime
NorthernWind :: Frontend :: Media:runtime
NorthernWind :: Filesystems :: SCM :: Git:runtime
NorthernWind :: Frontend :: Webapp:runtime
NorthernWind :: Profiling:runtime
NorthernWind :: Frontend :: Components:runtime
NorthernWind :: HTML Patches:runtime
NorthernWind :: Core:runtime
NorthernWind :: Filesystems :: SCM:runtime
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:runtime
NorthernWind :: Frontend:runtime
NorthernWind :: Core :: Default Marshalling:runtime
NorthernWind :: Frontend :: Webapp :: Commons:runtime
NorthernWind :: Filesystems :: SCM :: Mercurial:runtime
NorthernWind :: Filesystems :: Basic:runtime
NorthernWind :: Frontend :: Commons:provided
NorthernWind :: Core :: Default Implementation:runtime
NorthernWind :: Filesystems:runtime
NorthernWind :: Frontend :: Media :: Spring MVC:runtime
NorthernWind :: Commons for tests:runtime
NorthernWind :: Frontend :: Webapp :: Spring MVC:runtime
NorthernWind (modules):runtime
NorthernWind :: Frontend :: Spring MVC:runtime

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	artifactid	jcl-over-slf4j	Low
Vendor	pom	parent-groupid	org.slf4j	Medium
Vendor	jar	package name	commons	Highest
Vendor	pom	groupid	org.slf4j	Highest
Vendor	file	name	jcl-over-slf4j	High
Vendor	Manifest	bundle-symbolicname	jcl.over.slf4j	Medium
Vendor	pom	name	JCL 1.2 implemented over SLF4J	High
Vendor	Manifest	bundle-requiredexecutionenvironment	J2SE-1.5	Low
Vendor	jar	package name	logging	Highest
Vendor	pom	groupid	slf4j	Highest
Vendor	pom	parent-artifactid	slf4j-parent	Low
Vendor	jar	package name	apache	Highest
Vendor	pom	url	http://www.slf4j.org	Highest
Vendor	Manifest	automatic-module-name	org.apache.commons.logging	Medium
Product	pom	parent-artifactid	slf4j-parent	Medium
Product	pom	parent-groupid	org.slf4j	Medium
Product	jar	package name	commons	Highest
Product	pom	artifactid	jcl-over-slf4j	Highest
Product	pom	url	http://www.slf4j.org	Medium
Product	file	name	jcl-over-slf4j	High
Product	Manifest	Implementation-Title	jcl-over-slf4j	High
Product	Manifest	bundle-symbolicname	jcl.over.slf4j	Medium
Product	pom	name	JCL 1.2 implemented over SLF4J	High
Product	Manifest	bundle-requiredexecutionenvironment	J2SE-1.5	Low
Product	jar	package name	logging	Highest
Product	pom	groupid	slf4j	Highest
Product	Manifest	Bundle-Name	jcl-over-slf4j	Medium
Product	jar	package name	apache	Highest
Product	Manifest	automatic-module-name	org.apache.commons.logging	Medium
Version	pom	version	1.7.30	Highest
Version	file	version	1.7.30	High
Version	Manifest	Implementation-Version	1.7.30	High
Version	Manifest	Bundle-Version	1.7.30	High

Identifiers

pkg:maven/org.slf4j/jcl-over-slf4j@1.7.30 (Confidence:High)
cpe:2.3:a:apache:commons_net:1.7.30:*:*:*:*:*:*:* (Confidence:Low)

Published Vulnerabilities

CVE-2021-37533

Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711.

CWE-20 Improper Input Validation

CVSSv3:

Base Score: MEDIUM (6.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions:

cpe:2.3:a:apache:commons_net:*:*:*:*:*:*:*:* versions up to (excluding) 3.9.0

jdom-1.0.jar

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/jdom/jdom/1.0/jdom-1.0.jar
MD5: 0b8f97de82fc9529b1028a77125ce4f8
SHA1: a2ac1cd690ab4c80defe7f9bce14d35934c35cec
SHA256:3b23bc3979aec14a952a12aafc483010dc57579775f2ffcacef5256a90eeda02
Referenced In Projects/Scopes:

NorthernWind :: Frontend :: Media :: Spring MVC:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:compile
NorthernWind :: Frontend :: Spring MVC:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	jar	package name	jdom	Highest
Vendor	pom	groupid	jdom	Highest
Vendor	pom	artifactid	jdom	Low
Vendor	manifest: org/jdom/filter/	Implementation-Vendor	jdom.org	Medium
Vendor	manifest: org/jdom/adapters/	Implementation-Vendor	jdom.org	Medium
Vendor	manifest: org/jdom/transform/	Implementation-Vendor	jdom.org	Medium
Vendor	manifest: org/jdom/	Implementation-Vendor	jdom.org	Medium
Vendor	manifest: org/jdom/input/	Implementation-Vendor	jdom.org	Medium
Vendor	file	name	jdom	High
Vendor	manifest: org/jdom/output/	Implementation-Vendor	jdom.org	Medium
Vendor	manifest: org/jdom/xpath/	Implementation-Vendor	jdom.org	Medium
Product	manifest: org/jdom/output/	Implementation-Title	org.jdom.output	Medium
Product	jar	package name	xpath	Highest
Product	jar	package name	filter	Highest
Product	manifest: org/jdom/adapters/	Implementation-Title	org.jdom.adapters	Medium
Product	jar	package name	input	Highest
Product	manifest: org/jdom/	Implementation-Title	org.jdom	Medium
Product	manifest: org/jdom/input/	Specification-Title	JDOM Input Classes	Medium
Product	manifest: org/jdom/filter/	Specification-Title	JDOM Filter Classes	Medium
Product	jar	package name	jdom	Highest
Product	jar	package name	output	Highest
Product	pom	artifactid	jdom	Highest
Product	manifest: org/jdom/transform/	Specification-Title	JDOM Transformation Classes	Medium
Product	manifest: org/jdom/output/	Specification-Title	JDOM Output Classes	Medium
Product	manifest: org/jdom/adapters/	Specification-Title	JDOM Adapter Classes	Medium
Product	manifest: org/jdom/filter/	Implementation-Title	org.jdom.filter	Medium
Product	manifest: org/jdom/xpath/	Specification-Title	JDOM XPath Classes	Medium
Product	jar	package name	transform	Highest
Product	manifest: org/jdom/	Specification-Title	JDOM Classes	Medium
Product	manifest: org/jdom/input/	Implementation-Title	org.jdom.input	Medium
Product	jar	package name	adapters	Highest
Product	pom	groupid	jdom	Highest
Product	manifest: org/jdom/transform/	Implementation-Title	org.jdom.transform	Medium
Product	manifest: org/jdom/xpath/	Implementation-Title	org.jdom.xpath	Medium
Product	file	name	jdom	High
Version	manifest: org/jdom/xpath/	Implementation-Version	1.0	Medium
Version	pom	version	1.0	Highest
Version	manifest: org/jdom/adapters/	Implementation-Version	1.0	Medium
Version	file	version	1.0	High
Version	manifest: org/jdom/output/	Implementation-Version	1.0	Medium
Version	manifest: org/jdom/	Implementation-Version	1.0	Medium
Version	manifest: org/jdom/transform/	Implementation-Version	1.0	Medium
Version	manifest: org/jdom/filter/	Implementation-Version	1.0	Medium
Version	manifest: org/jdom/input/	Implementation-Version	1.0	Medium

Identifiers

pkg:maven/jdom/jdom@1.0 (Confidence:High)
cpe:2.3:a:jdom:jdom:1.0:*:*:*:*:*:*:* (Confidence:Highest)

Published Vulnerabilities

CVE-2021-33813

An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request.

CWE-611 Improper Restriction of XML External Entity Reference ('XXE')

CVSSv2:

Base Score: MEDIUM (5.0)
Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSSv3:

Base Score: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

jetty-util-6.1.26.jar

Description:

Utility classes for Jetty

License:

http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/mortbay/jetty/jetty-util/6.1.26/jetty-util-6.1.26.jar
MD5: 450fedce4f7f8ad3761577b10a664200
SHA1: e5642fe0399814e1687d55a3862aa5a3417226a9
SHA256:9b974ce2b99f48254b76126337dc45b21226f383aaed616f59780adaf167c047
Referenced In Projects/Scopes:

NorthernWind :: Frontend :: Media :: Spring MVC:runtime
NorthernWind :: Frontend :: Webapp :: Spring MVC:runtime
NorthernWind :: Frontend :: Spring MVC:runtime
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:runtime

Evidence

Type	Source	Name	Value	Confidence
Vendor	Manifest	bundle-requiredexecutionenvironment	J2SE-1.4	Low
Vendor	Manifest	bundle-docurl	http://jetty.mortbay.org	Low
Vendor	pom	name	Jetty Utilities	High
Vendor	pom	parent-groupid	org.mortbay.jetty	Medium
Vendor	pom	artifactid	jetty-util	Low
Vendor	Manifest	originally-created-by	1.6.0_22 (Sun Microsystems Inc.)	Low
Vendor	Manifest	bundle-symbolicname	org.mortbay.jetty.util	Medium
Vendor	pom	groupid	mortbay.jetty	Highest
Vendor	pom	parent-artifactid	project	Low
Vendor	Manifest	url	http://www.eclipse.org/jetty/jetty-parent/project/modules/jetty-util	Low
Vendor	jar	package name	mortbay	Highest
Vendor	jar	package name	util	Highest
Vendor	pom	groupid	org.mortbay.jetty	Highest
Vendor	file	name	jetty-util	High
Vendor	Manifest	mode	development	Low
Product	Manifest	bundle-requiredexecutionenvironment	J2SE-1.4	Low
Product	Manifest	bundle-docurl	http://jetty.mortbay.org	Low
Product	pom	parent-artifactid	project	Medium
Product	pom	name	Jetty Utilities	High
Product	pom	parent-groupid	org.mortbay.jetty	Medium
Product	Manifest	originally-created-by	1.6.0_22 (Sun Microsystems Inc.)	Low
Product	Manifest	bundle-symbolicname	org.mortbay.jetty.util	Medium
Product	pom	groupid	mortbay.jetty	Highest
Product	Manifest	Bundle-Name	Jetty Utilities	Medium
Product	Manifest	url	http://www.eclipse.org/jetty/jetty-parent/project/modules/jetty-util	Low
Product	pom	artifactid	jetty-util	Highest
Product	jar	package name	util	Highest
Product	jar	package name	mortbay	Highest
Product	file	name	jetty-util	High
Product	Manifest	mode	development	Low
Version	pom	version	6.1.26	Highest
Version	Manifest	implementation-version	6.1.26	High
Version	Manifest	Bundle-Version	6.1.26	High
Version	file	version	6.1.26	High

Identifiers

pkg:maven/org.mortbay.jetty/jetty-util@6.1.26 (Confidence:High)
cpe:2.3:a:jetty:jetty:6.1.26:*:*:*:*:*:*:* (Confidence:Highest)
cpe:2.3:a:mortbay:jetty:6.1.26:*:*:*:*:*:*:* (Confidence:Highest)
cpe:2.3:a:mortbay_jetty:jetty:6.1.26:*:*:*:*:*:*:* (Confidence:Highest)

Published Vulnerabilities

CVE-2009-1523

Directory traversal vulnerability in the HTTP server in Mort Bay Jetty 5.1.14, 6.x before 6.1.17, and 7.x through 7.0.0.M2 allows remote attackers to access arbitrary files via directory traversal sequences in the URI.

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv2:

Base Score: MEDIUM (5.0)
Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N

References:

BID - 34800
BID - 35675
CERT-VN - VU#402580
CONFIRM - http://jira.codehaus.org/browse/JETTY-1004
CONFIRM - http://www.kb.cert.org/vuls/id/CRDY-7RKQCY
CONFIRM - http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html
CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=499867
FEDORA - FEDORA-2009-5500
FEDORA - FEDORA-2009-5509
FEDORA - FEDORA-2009-5513
HP - SSRT100184
SECTRACK - 1022563
SECUNIA - 34975
SECUNIA - 35143
SECUNIA - 35225
SECUNIA - 35776
SECUNIA - 40553
VUPEN - ADV-2009-1900
VUPEN - ADV-2010-1792

Vulnerable Software & Versions: (show all)

CVE-2011-4461

Jetty 8.1.0.RC2 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

CWE-310 Cryptographic Issues

CVSSv2:

Base Score: MEDIUM (5.0)
Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSSv3:

Base Score: MEDIUM (5.3)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

References:

BUGTRAQ - 20111228 n.runs-SA-2011.004 - web programming languages and platforms - DoS through hash table
CERT-VN - VU#903934
CONFIRM - http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
CONFIRM - http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
CONFIRM - http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
CONFIRM - https://security.netapp.com/advisory/ntap-20190307-0004/
HP - HPSBST03346
MISC - http://www.nruns.com/_downloads/advisory28122011.pdf
MISC - http://www.ocert.org/advisories/ocert-2011-003.html
SECTRACK - 1026475
SECUNIA - 47408
SECUNIA - 48981
UBUNTU - USN-1429-1
XF - jetty-hash-dos(72017)

Vulnerable Software & Versions: (show all)

jsr305-3.0.2.jar

Description:

JSR305 Annotations for Findbugs

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar
MD5: dd83accb899363c32b07d7a1b2e4ce40
SHA1: 25ea2e8b0c338a877313bd4672d3fe056ea78f0d
SHA256:766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7
Referenced In Projects/Scopes:

NorthernWind (modules):compile
NorthernWind :: Profiling:compile
NorthernWind :: Commons for tests:compile
NorthernWind :: Filesystems :: SCM:compile
NorthernWind :: Frontend :: Components :: HTML Template:compile
NorthernWind :: Frontend :: Media:compile
NorthernWind :: Frontend :: Webapp:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:compile
NorthernWind :: Frontend :: Spring MVC:compile
NorthernWind :: Frontend :: Media :: Spring MVC:compile
NorthernWind :: Frontend :: Commons:compile
NorthernWind :: Filesystems:compile
NorthernWind :: Filesystems :: SCM :: Mercurial:compile
NorthernWind :: Core :: Default Marshalling:compile
NorthernWind :: Core :: Default Implementation:compile
NorthernWind :: Frontend:compile
NorthernWind :: Filesystems :: Basic:compile
NorthernWind :: Filesystems :: SCM :: Git:compile
NorthernWind :: Frontend :: Webapp :: Commons:compile
NorthernWind :: Core:compile
NorthernWind :: Frontend :: Components:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile
NorthernWind :: HTML Patches:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	groupid	com.google.code.findbugs	Highest
Vendor	file	name	jsr305	High
Vendor	Manifest	bundle-symbolicname	org.jsr-305	Medium
Vendor	pom	groupid	google.code.findbugs	Highest
Vendor	pom	name	FindBugs-jsr305	High
Vendor	pom	url	http://findbugs.sourceforge.net/	Highest
Vendor	pom	artifactid	jsr305	Low
Product	file	name	jsr305	High
Product	Manifest	bundle-symbolicname	org.jsr-305	Medium
Product	Manifest	Bundle-Name	FindBugs-jsr305	Medium
Product	pom	groupid	google.code.findbugs	Highest
Product	pom	name	FindBugs-jsr305	High
Product	pom	artifactid	jsr305	Highest
Product	pom	url	http://findbugs.sourceforge.net/	Medium
Version	Manifest	Bundle-Version	3.0.2	High
Version	pom	version	3.0.2	Highest
Version	file	version	3.0.2	High

Identifiers

pkg:maven/com.google.code.findbugs/jsr305@3.0.2 (Confidence:High)

jul-to-slf4j-1.7.30.jar

Description:

JUL to SLF4J bridge

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/slf4j/jul-to-slf4j/1.7.30/jul-to-slf4j-1.7.30.jar
MD5: f2c78cb93d70dc5dea0c50f36ace09c1
SHA1: d58bebff8cbf70ff52b59208586095f467656c30
SHA256:bbcbfdaa72572255c4f85207a9bfdb24358dc993e41252331bd4d0913e4988b9
Referenced In Projects/Scopes:

NorthernWind :: Frontend :: Components :: HTML Template:runtime
NorthernWind :: Frontend :: Media:runtime
NorthernWind :: Filesystems :: SCM :: Git:runtime
NorthernWind :: Frontend :: Webapp:runtime
NorthernWind :: Profiling:runtime
NorthernWind :: Core :: Default Implementation:provided
NorthernWind :: Frontend :: Components:runtime
NorthernWind :: HTML Patches:runtime
NorthernWind :: Filesystems :: SCM:runtime
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:runtime
NorthernWind :: Frontend:runtime
NorthernWind :: Frontend :: Commons:compile
NorthernWind :: Core :: Default Marshalling:runtime
NorthernWind :: Frontend :: Webapp :: Commons:runtime
NorthernWind :: Filesystems :: SCM :: Mercurial:runtime
NorthernWind :: Filesystems :: Basic:runtime
NorthernWind :: Core:provided
NorthernWind :: Filesystems:runtime
NorthernWind :: Frontend :: Media :: Spring MVC:runtime
NorthernWind :: Commons for tests:runtime
NorthernWind :: Frontend :: Webapp :: Spring MVC:runtime
NorthernWind (modules):runtime
NorthernWind :: Frontend :: Spring MVC:runtime

Evidence

Type	Source	Name	Value	Confidence
Vendor	Manifest	bundle-symbolicname	jul.to.slf4j	Medium
Vendor	pom	parent-groupid	org.slf4j	Medium
Vendor	jar	package name	bridge	Highest
Vendor	pom	groupid	org.slf4j	Highest
Vendor	jar	package name	slf4j	Highest
Vendor	Manifest	bundle-requiredexecutionenvironment	J2SE-1.5	Low
Vendor	pom	groupid	slf4j	Highest
Vendor	pom	parent-artifactid	slf4j-parent	Low
Vendor	file	name	jul-to-slf4j	High
Vendor	pom	artifactid	jul-to-slf4j	Low
Vendor	pom	name	JUL to SLF4J bridge	High
Vendor	pom	url	http://www.slf4j.org	Highest
Product	pom	parent-artifactid	slf4j-parent	Medium
Product	Manifest	bundle-symbolicname	jul.to.slf4j	Medium
Product	pom	parent-groupid	org.slf4j	Medium
Product	jar	package name	bridge	Highest
Product	jar	package name	slf4j	Highest
Product	pom	url	http://www.slf4j.org	Medium
Product	pom	artifactid	jul-to-slf4j	Highest
Product	Manifest	bundle-requiredexecutionenvironment	J2SE-1.5	Low
Product	pom	groupid	slf4j	Highest
Product	file	name	jul-to-slf4j	High
Product	pom	name	JUL to SLF4J bridge	High
Product	Manifest	Bundle-Name	jul-to-slf4j	Medium
Version	pom	version	1.7.30	Highest
Version	file	version	1.7.30	High
Version	Manifest	Implementation-Version	1.7.30	High
Version	Manifest	Bundle-Version	1.7.30	High

Identifiers

pkg:maven/org.slf4j/jul-to-slf4j@1.7.30 (Confidence:High)

junit-4.12.jar

Description:

JUnit is a unit testing framework for Java, created by Erich Gamma and Kent Beck.

License:

Eclipse Public License 1.0: http://www.eclipse.org/legal/epl-v10.html

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/junit/junit/4.12/junit-4.12.jar
MD5: 5b38c40c97fbd0adee29f91e60405584
SHA1: 2973d150c0dc1fefe998f834810d68f278ea58ec
SHA256:59721f0805e223d84b90677887d9ff567dc534d7c502ca903c0c2b17f05c116a
Referenced In Projects/Scopes:

NorthernWind :: Frontend :: Media :: Spring MVC:compile
NorthernWind :: Commons for tests:compile
NorthernWind :: Filesystems :: SCM :: Mercurial:compile
NorthernWind :: Core :: Default Marshalling:compile
NorthernWind :: Core :: Default Implementation:compile
NorthernWind :: Filesystems :: SCM:compile
NorthernWind :: Frontend:compile
NorthernWind :: Filesystems :: Basic:compile
NorthernWind :: Filesystems :: SCM :: Git:compile
NorthernWind :: Core:compile
NorthernWind :: Frontend :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	jar	package name	junit	Highest
Vendor	Manifest	Implementation-Vendor-Id	junit	Medium
Vendor	pom	url	http://junit.org	Highest
Vendor	jar	package name	framework	Highest
Vendor	Manifest	Implementation-Vendor	JUnit	High
Vendor	pom	artifactid	junit	Low
Vendor	pom	name	JUnit	High
Vendor	pom	organization name	JUnit	High
Vendor	pom	groupid	junit	Highest
Vendor	pom	organization url	http://www.junit.org	Medium
Vendor	file	name	junit	High
Product	jar	package name	junit	Highest
Product	pom	url	http://junit.org	Medium
Product	pom	artifactid	junit	Highest
Product	pom	organization url	http://www.junit.org	Low
Product	jar	package name	framework	Highest
Product	pom	organization name	JUnit	Low
Product	Manifest	Implementation-Title	JUnit	High
Product	pom	name	JUnit	High
Product	pom	groupid	junit	Highest
Product	file	name	junit	High
Version	file	version	4.12	High
Version	pom	version	4.12	Highest
Version	Manifest	Implementation-Version	4.12	High

Identifiers

pkg:maven/junit/junit@4.12 (Confidence:High)

Published Vulnerabilities

CVE-2020-15250 (OSSINDEX)

In JUnit4 from version 4.7 and before 4.13.1, the test rule TemporaryFolder contains a local information disclosure vulnerability. On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability does not allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. This vulnerability impacts you if the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder, and the JUnit tests execute in an environment where the OS has other untrusted users. Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. For Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. For Java 1.6 and lower users: no patch is available, you must use the workaround below. If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. For more information, including an example of vulnerable code, see the referenced GitHub Security Advisory.

CWE-732 Incorrect Permission Assignment for Critical Resource

CVSSv2:

Base Score: MEDIUM (5.5)
Vector: /AV:L/AC:L/Au:/C:H/I:N/A:N

References:

OSSINDEX - [CVE-2020-15250] CWE-732: Incorrect Permission Assignment for Critical Resource

Vulnerable Software & Versions (OSSINDEX):

cpe:2.3:a:junit:junit:4.12:*:*:*:*:*:*:*

logback-core-1.2.3.jar

Description:

logback-core module

License:

http://www.eclipse.org/legal/epl-v10.html, http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/ch/qos/logback/logback-core/1.2.3/logback-core-1.2.3.jar
MD5: 841fc80c6edff60d947a3872a2db4d45
SHA1: 864344400c3d4d92dfeb0a305dc87d953677c03c
SHA256:5946d837fe6f960c02a53eda7a6926ecc3c758bbdd69aa453ee429f858217f22
Referenced In Projects/Scopes:

NorthernWind :: Frontend :: Media :: Spring MVC:compile
NorthernWind :: Frontend :: Webapp :: Commons:runtime
NorthernWind :: Frontend :: Webapp:runtime
NorthernWind :: Frontend:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:runtime
NorthernWind :: Frontend :: Spring MVC:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:runtime

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	groupid	ch.qos.logback	Highest
Vendor	Manifest	bundle-symbolicname	ch.qos.logback.core	Medium
Vendor	Manifest	bundle-requiredexecutionenvironment	JavaSE-1.6	Low
Vendor	jar	package name	qos	Highest
Vendor	jar	package name	core	Highest
Vendor	pom	artifactid	logback-core	Low
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))"	Low
Vendor	jar	package name	ch	Highest
Vendor	jar	package name	logback	Highest
Vendor	Manifest	bundle-docurl	http://www.qos.ch	Low
Vendor	pom	name	Logback Core Module	High
Vendor	file	name	logback-core	High
Vendor	pom	parent-artifactid	logback-parent	Low
Vendor	Manifest	originally-created-by	Apache Maven Bundle Plugin	Low
Product	pom	groupid	ch.qos.logback	Highest
Product	Manifest	bundle-symbolicname	ch.qos.logback.core	Medium
Product	Manifest	bundle-requiredexecutionenvironment	JavaSE-1.6	Low
Product	jar	package name	core	Highest
Product	jar	package name	qos	Highest
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))"	Low
Product	jar	package name	ch	Highest
Product	jar	package name	logback	Highest
Product	Manifest	bundle-docurl	http://www.qos.ch	Low
Product	pom	name	Logback Core Module	High
Product	file	name	logback-core	High
Product	pom	artifactid	logback-core	Highest
Product	pom	parent-artifactid	logback-parent	Medium
Product	Manifest	originally-created-by	Apache Maven Bundle Plugin	Low
Product	Manifest	Bundle-Name	Logback Core Module	Medium
Version	file	version	1.2.3	High
Version	pom	version	1.2.3	Highest
Version	Manifest	Bundle-Version	1.2.3	High

Related Dependencies

Identifiers

pkg:maven/ch.qos.logback/logback-core@1.2.3 (Confidence:High)
cpe:2.3:a:qos:logback:1.2.3:*:*:*:*:*:*:* (Confidence:Highest)

Published Vulnerabilities

CVE-2021-42550

In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.

CWE-502 Deserialization of Untrusted Data

CVSSv2:

Base Score: HIGH (8.5)
Vector: /AV:N/AC:M/Au:S/C:C/I:C/A:C

CVSSv3:

Base Score: MEDIUM (6.6)
Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

lombok-1.18.22.jar

Description:

Spice up your java: Automatic Resource Management, automatic generation of getters, setters, equals, hashCode and toString, and more!

License:

The MIT License: https://projectlombok.org/LICENSE

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/projectlombok/lombok/1.18.22/lombok-1.18.22.jar
MD5: 30905901647fe0ebb06fb20ee8a638bf
SHA1: 9c08ea24c6eb714e2d6170e8122c069a0ba9aacf
SHA256:ecef1581411d7a82cc04281667ee0bac5d7c0a5aae74cfc38430396c91c31831
Referenced In Projects/Scopes:

NorthernWind :: Filesystems:provided
NorthernWind :: Filesystems :: Basic:provided
NorthernWind :: Core :: Default Marshalling:provided
NorthernWind :: Core :: Default Implementation:provided
NorthernWind :: Frontend :: Components :: HTML Template:provided
NorthernWind :: Filesystems :: SCM:provided
NorthernWind :: Frontend :: Webapp:provided
NorthernWind :: Frontend :: Webapp :: Commons:provided
NorthernWind :: HTML Patches:provided
NorthernWind :: Frontend:provided
NorthernWind :: Frontend :: Components:provided
NorthernWind :: Profiling:provided
NorthernWind :: Filesystems :: SCM :: Git:provided
NorthernWind :: Frontend :: Spring MVC:provided
NorthernWind :: Frontend :: Commons:provided
NorthernWind :: Frontend :: Media :: Spring MVC:provided
NorthernWind :: Core:provided
NorthernWind :: Commons for tests:provided
NorthernWind (modules):provided
NorthernWind :: Frontend :: Media:provided
NorthernWind :: Frontend :: Webapp :: Spring MVC:provided
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:provided
NorthernWind :: Filesystems :: SCM :: Mercurial:provided

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	lombok	High
Vendor	pom	artifactid	lombok	Low
Vendor	pom	url	https://projectlombok.org	Highest
Vendor	Manifest	can-redefine-classes	true	Low
Vendor	pom	groupid	projectlombok	Highest
Vendor	jar	package name	java	Highest
Vendor	pom	name	Project Lombok	High
Vendor	Manifest	automatic-module-name	lombok	Medium
Vendor	pom	groupid	org.projectlombok	Highest
Vendor	jar	package name	lombok	Highest
Vendor	jar	package name	tostring	Highest
Product	file	name	lombok	High
Product	Manifest	can-redefine-classes	true	Low
Product	pom	groupid	projectlombok	Highest
Product	jar	package name	java	Highest
Product	pom	name	Project Lombok	High
Product	pom	artifactid	lombok	Highest
Product	Manifest	automatic-module-name	lombok	Medium
Product	jar	package name	lombok	Highest
Product	jar	package name	tostring	Highest
Product	pom	url	https://projectlombok.org	Medium
Version	pom	version	1.18.22	Highest
Version	file	version	1.18.22	High
Version	Manifest	lombok-version	1.18.22	Medium

Identifiers

pkg:maven/org.projectlombok/lombok@1.18.22 (Confidence:High)

metadata-extractor-2.18.0.jar

Description:

Java library for extracting EXIF, IPTC, XMP, ICC and other metadata from image and video files.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/com/drewnoakes/metadata-extractor/2.18.0/metadata-extractor-2.18.0.jar
MD5: b6794ef7c38ce80abca173119a7a4ebd
SHA1: fa9fd43a28b10333108c603819810d5176d2b092
SHA256:4789361fd0638bdb241554b7a0ccae205ed239697e2b70fa9cadaded6984b565
Referenced In Projects/Scopes:

NorthernWind :: Frontend :: Media :: Spring MVC:compile
NorthernWind :: Frontend :: Media:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	jar	package name	exif	Highest
Vendor	jar	package name	metadata	Highest
Vendor	pom	artifactid	metadata-extractor	Low
Vendor	file	name	metadata-extractor	High
Vendor	pom	groupid	drewnoakes	Highest
Vendor	pom	groupid	com.drewnoakes	Highest
Vendor	jar	package name	xmp	Highest
Vendor	jar	package name	icc	Highest
Vendor	Manifest	build-jdk-spec	1.8	Low
Vendor	pom	url	https://drewnoakes.com/code/exif/	Highest
Vendor	jar	package name	drew	Highest
Vendor	Manifest	Implementation-Vendor	Drew Noakes	High
Vendor	jar	package name	iptc	Highest
Product	file	name	metadata-extractor	High
Product	pom	groupid	drewnoakes	Highest
Product	jar	package name	exif	Highest
Product	jar	package name	xmp	Highest
Product	jar	package name	icc	Highest
Product	Manifest	build-jdk-spec	1.8	Low
Product	pom	artifactid	metadata-extractor	Highest
Product	jar	package name	metadata	Highest
Product	Manifest	Implementation-Title	metadata-extractor	High
Product	pom	url	https://drewnoakes.com/code/exif/	Medium
Product	jar	package name	iptc	Highest
Version	Manifest	Implementation-Version	2.18.0	High
Version	pom	version	2.18.0	Highest
Version	file	version	2.18.0	High

Identifiers

pkg:maven/com.drewnoakes/metadata-extractor@2.18.0 (Confidence:High)
cpe:2.3:a:metadata-extractor_project:metadata-extractor:2.18.0:*:*:*:*:*:*:* (Confidence:Highest)

org-openide-filesystems-RELEASE80.jar

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/netbeans/api/org-openide-filesystems/RELEASE80/org-openide-filesystems-RELEASE80.jar
MD5: e0156cecd9b59b39d6f563147b33d06b
SHA1: 49a7350f013a9eb94e77f0d612b8e48c0b277664
SHA256:122784ee11f7ee519b4ecfa08018491d6e478604406e0213e7a72b801585d10e
Referenced In Projects/Scopes:

NorthernWind :: Filesystems :: SCM :: Mercurial:compile
NorthernWind :: Filesystems :: SCM:compile
NorthernWind :: Filesystems :: Basic:compile
NorthernWind :: Frontend :: Webapp:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:compile
NorthernWind :: Filesystems :: SCM :: Git:compile
NorthernWind :: Frontend :: Webapp :: Commons:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	Manifest	autoupdate-show-in-client	false	Low
Vendor	Manifest	openide-module-module-dependencies	org.openide.util > 8.25, org.openide.util.lookup > 8.17	Low
Vendor	jar	package name	filesystems	Highest
Vendor	Manifest	openide-module-layer	org/openide/filesystems/resources/layer.xml	Low
Vendor	pom	groupid	netbeans.api	Highest
Vendor	Manifest	openide-module-localizing-bundle	org/openide/filesystems/Bundle.properties	Low
Vendor	jar	package name	openide	Highest
Vendor	jar	package name	netbeans	Highest
Vendor	pom	groupid	org.netbeans.api	Highest
Vendor	file	name	org-openide-filesystems-RELEASE80	High
Vendor	pom	artifactid	org-openide-filesystems	Low
Vendor	Manifest	openide-module-java-dependencies	Java > 1.6	Low
Product	pom	artifactid	org-openide-filesystems	Highest
Product	Manifest	autoupdate-show-in-client	false	Low
Product	file	name	org-openide-filesystems-RELEASE80	High
Product	Manifest	openide-module-module-dependencies	org.openide.util > 8.25, org.openide.util.lookup > 8.17	Low
Product	jar	package name	filesystems	Highest
Product	Manifest	openide-module-layer	org/openide/filesystems/resources/layer.xml	Low
Product	pom	groupid	netbeans.api	Highest
Product	Manifest	openide-module-java-dependencies	Java > 1.6	Low
Product	jar	package name	openide	Highest
Product	Manifest	openide-module-localizing-bundle	org/openide/filesystems/Bundle.properties	Low
Product	jar	package name	netbeans	Highest
Version	pom	version	RELEASE80	Highest

Identifiers

pkg:maven/org.netbeans.api/org-openide-filesystems@RELEASE80 (Confidence:High)

org-openide-util-RELEASE80.jar

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/netbeans/api/org-openide-util/RELEASE80/org-openide-util-RELEASE80.jar
MD5: d566d984d4b7141f0c1b310a9cc88989
SHA1: 93d71a0289ce4881c1a8e5bca620409f87f81287
SHA256:4bd08c136ecdf665261b893da19f2660f450c7556a17970dd161c999af779b2d
Referenced In Projects/Scopes:

NorthernWind :: Filesystems :: SCM :: Mercurial:compile
NorthernWind :: Filesystems :: SCM:compile
NorthernWind :: Filesystems :: Basic:compile
NorthernWind :: Frontend :: Webapp:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:compile
NorthernWind :: Filesystems :: SCM :: Git:compile
NorthernWind :: Frontend :: Webapp :: Commons:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	Manifest	openide-module-module-dependencies	org.openide.util.lookup > 8.14	Low
Vendor	Manifest	autoupdate-show-in-client	false	Low
Vendor	pom	groupid	org.netbeans.api	Highest
Vendor	pom	artifactid	org-openide-util	Low
Vendor	jar	package name	util	Highest
Vendor	Manifest	openide-module-localizing-bundle	org/openide/util/Bundle.properties	Low
Vendor	pom	groupid	netbeans.api	Highest
Vendor	file	name	org-openide-util-RELEASE80	High
Vendor	jar	package name	openide	Highest
Vendor	Manifest	openide-module-java-dependencies	Java > 1.7	Low
Vendor	jar	package name	netbeans	Highest
Product	Manifest	openide-module-module-dependencies	org.openide.util.lookup > 8.14	Low
Product	Manifest	autoupdate-show-in-client	false	Low
Product	jar	package name	util	Highest
Product	pom	artifactid	org-openide-util	Highest
Product	Manifest	openide-module-localizing-bundle	org/openide/util/Bundle.properties	Low
Product	pom	groupid	netbeans.api	Highest
Product	file	name	org-openide-util-RELEASE80	High
Product	jar	package name	openide	Highest
Product	Manifest	openide-module-java-dependencies	Java > 1.7	Low
Product	jar	package name	netbeans	Highest
Version	pom	version	RELEASE80	Highest

Identifiers

pkg:maven/org.netbeans.api/org-openide-util@RELEASE80 (Confidence:High)

org-openide-util-lookup-RELEASE80.jar

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/netbeans/api/org-openide-util-lookup/RELEASE80/org-openide-util-lookup-RELEASE80.jar
MD5: c127b6177adc1c32dcdfe83f4265cb77
SHA1: ae3673a0268f1e34fc7c1e8b56f805036de914bb
SHA256:955d96e2df1b5724624a317e910db51c3e29666b38c7c68c52ad773a294ffd47
Referenced In Projects/Scopes:

NorthernWind :: Filesystems :: SCM :: Mercurial:compile
NorthernWind :: Filesystems :: SCM:compile
NorthernWind :: Filesystems :: Basic:compile
NorthernWind :: Frontend :: Webapp:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:compile
NorthernWind :: Filesystems :: SCM :: Git:compile
NorthernWind :: Frontend :: Webapp :: Commons:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	Manifest	autoupdate-show-in-client	false	Low
Vendor	pom	groupid	org.netbeans.api	Highest
Vendor	jar	package name	util	Highest
Vendor	jar	package name	lookup	Highest
Vendor	pom	groupid	netbeans.api	Highest
Vendor	file	name	org-openide-util-lookup-RELEASE80	High
Vendor	Manifest	openide-module-localizing-bundle	org/openide/util/lookup/Bundle.properties	Low
Vendor	pom	artifactid	org-openide-util-lookup	Low
Vendor	Manifest	openide-module-java-dependencies	Java > 1.6	Low
Vendor	jar	package name	openide	Highest
Vendor	jar	package name	netbeans	Highest
Product	Manifest	autoupdate-show-in-client	false	Low
Product	jar	package name	util	Highest
Product	jar	package name	lookup	Highest
Product	pom	artifactid	org-openide-util-lookup	Highest
Product	pom	groupid	netbeans.api	Highest
Product	file	name	org-openide-util-lookup-RELEASE80	High
Product	Manifest	openide-module-localizing-bundle	org/openide/util/lookup/Bundle.properties	Low
Product	Manifest	openide-module-java-dependencies	Java > 1.6	Low
Product	jar	package name	openide	Highest
Product	jar	package name	netbeans	Highest
Version	pom	version	RELEASE80	Highest

Identifiers

pkg:maven/org.netbeans.api/org-openide-util-lookup@RELEASE80 (Confidence:High)

relaxng-datatype-3.0.0.jar

Description:

RelaxNG Datatype library.

License:

http://www.eclipse.org/org/documents/edl-v10.php

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/com/sun/xml/bind/external/relaxng-datatype/3.0.0/relaxng-datatype-3.0.0.jar
MD5: 886fd0f2cdd2c9f5c7d65b2f4846c4d8
SHA1: cf2d26e66bc02e1dbd0966bc613febc068c22834
SHA256:bb277c06217a2c6f8e59c560cba74c0a25bf297b06be0326bca0c55a7ff4db79
Referenced In Projects/Scopes:

NorthernWind :: Core :: Default Marshalling:compile
NorthernWind :: Frontend :: Webapp:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:compile
NorthernWind :: Frontend :: Webapp :: Commons:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	jar (hint)	package name	oracle	Highest
Vendor	Manifest	Implementation-Vendor	Eclipse Foundation	High
Vendor	pom	name	RelaxNG Datatype	High
Vendor	Manifest	bundle-symbolicname	com.sun.xml.bind.external.relaxng-datatype	Medium
Vendor	jar	package name	datatype	Highest
Vendor	file	name	relaxng-datatype	High
Vendor	jar	package name	sun	Highest
Vendor	Manifest	implementation-build-id	3.0.0 - 697e104	Low
Vendor	pom	parent-groupid	com.sun.xml.bind.mvn	Medium
Vendor	pom	groupid	com.sun.xml.bind.external	Highest
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	pom	groupid	sun.xml.bind.external	Highest
Vendor	pom	parent-artifactid	jaxb-external-parent	Low
Vendor	Manifest	bundle-docurl	https://www.eclipse.org	Low
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	pom	artifactid	relaxng-datatype	Low
Product	pom	parent-artifactid	jaxb-external-parent	Medium
Product	pom	name	RelaxNG Datatype	High
Product	jar	package name	datatype	Highest
Product	Manifest	bundle-symbolicname	com.sun.xml.bind.external.relaxng-datatype	Medium
Product	file	name	relaxng-datatype	High
Product	jar	package name	sun	Highest
Product	Manifest	implementation-build-id	3.0.0 - 697e104	Low
Product	Manifest	Bundle-Name	RelaxNG Datatype	Medium
Product	pom	parent-groupid	com.sun.xml.bind.mvn	Medium
Product	pom	artifactid	relaxng-datatype	Highest
Product	Manifest	build-jdk-spec	11	Low
Product	pom	groupid	sun.xml.bind.external	Highest
Product	Manifest	bundle-docurl	https://www.eclipse.org	Low
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	Manifest	Implementation-Title	RelaxNG Datatype	High
Version	Manifest	Bundle-Version	3.0.0	High
Version	Manifest	Implementation-Version	3.0.0	High
Version	pom	version	3.0.0	Highest
Version	file	version	3.0.0	High
Version	Manifest	implementation-build-id	3.0.0	Low

Identifiers

pkg:maven/com.sun.xml.bind.external/relaxng-datatype@3.0.0 (Confidence:High)
cpe:2.3:a:oracle:java_se:3.0.0:*:*:*:*:*:*:* (Confidence:Low)

rngom-3.0.0.jar

Description:

        RNGOM is a RelaxNG Object model library (XSOM for RelaxNG).

License:

http://www.eclipse.org/org/documents/edl-v10.php

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/com/sun/xml/bind/external/rngom/3.0.0/rngom-3.0.0.jar
MD5: c698af2e8962f0fed15275fbfa649ed7
SHA1: e13dc5263d288e060fe4b82d3b151527299faa69
SHA256:762c03f61af49f35d79e2b422fc20b6dc95d27692912fda5a7c991241421039a
Referenced In Projects/Scopes:

NorthernWind :: Core :: Default Marshalling:compile
NorthernWind :: Frontend :: Webapp:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:compile
NorthernWind :: Frontend :: Webapp :: Commons:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	jar (hint)	package name	oracle	Highest
Vendor	pom	artifactid	rngom	Low
Vendor	Manifest	Implementation-Vendor	Eclipse Foundation	High
Vendor	Manifest	bundle-symbolicname	com.sun.xml.bind.external.rngom	Medium
Vendor	jar	package name	xml	Highest
Vendor	jar	package name	sun	Highest
Vendor	jar	package name	rngom	Highest
Vendor	file	name	rngom	High
Vendor	Manifest	implementation-build-id	3.0.0 - 697e104	Low
Vendor	pom	parent-groupid	com.sun.xml.bind.mvn	Medium
Vendor	pom	groupid	com.sun.xml.bind.external	Highest
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	pom	groupid	sun.xml.bind.external	Highest
Vendor	pom	parent-artifactid	jaxb-external-parent	Low
Vendor	Manifest	bundle-docurl	https://www.eclipse.org	Low
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	pom	name	RNGOM	High
Product	pom	parent-artifactid	jaxb-external-parent	Medium
Product	Manifest	bundle-symbolicname	com.sun.xml.bind.external.rngom	Medium
Product	jar	package name	xml	Highest
Product	Manifest	Implementation-Title	RNGOM	High
Product	jar	package name	rngom	Highest
Product	jar	package name	sun	Highest
Product	Manifest	Bundle-Name	RNGOM	Medium
Product	file	name	rngom	High
Product	Manifest	implementation-build-id	3.0.0 - 697e104	Low
Product	pom	parent-groupid	com.sun.xml.bind.mvn	Medium
Product	pom	artifactid	rngom	Highest
Product	Manifest	build-jdk-spec	11	Low
Product	pom	groupid	sun.xml.bind.external	Highest
Product	Manifest	bundle-docurl	https://www.eclipse.org	Low
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	pom	name	RNGOM	High
Version	Manifest	Bundle-Version	3.0.0	High
Version	Manifest	Implementation-Version	3.0.0	High
Version	pom	version	3.0.0	Highest
Version	file	version	3.0.0	High
Version	Manifest	implementation-build-id	3.0.0	Low

Identifiers

pkg:maven/com.sun.xml.bind.external/rngom@3.0.0 (Confidence:High)
cpe:2.3:a:oracle:java_se:3.0.0:*:*:*:*:*:*:* (Confidence:Low)

rome-1.0.0.jar

Description:

All Roads Lead to ROME. ROME is a set of Atom/RSS Java utilities that make it
        easy to work in Java with most syndication formats. Today it accepts all flavors of RSS
        (0.90, 0.91, 0.92, 0.93, 0.94, 1.0 and 2.0), Atom 0.3 and Atom 1.0 feeds. Rome includes
        a set of parsers and generators for the various flavors of feeds, as well as converters
        to convert from one format to another. The parsers can give you back Java objects that
        are either specific for the format you want to work with, or a generic normalized
        SyndFeed object that lets you work on with the data without bothering about the
    underlying format.

License:

Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/net/java/dev/rome/rome/1.0.0/rome-1.0.0.jar
MD5: 18564f25636f0b2ac6c2054d60155028
SHA1: 8b4f0da455c59746435e987285b30c22b09ba18d
SHA256:8b096b9c07b1baca0174c35b19eb3453911b2cc46f1e4c3dbb3bfa5ceb5ace59
Referenced In Projects/Scopes:

NorthernWind :: Frontend :: Media :: Spring MVC:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:compile
NorthernWind :: Frontend :: Spring MVC:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	organization name	ROME Project	High
Vendor	pom	url	https://rome.dev.java.net/	Highest
Vendor	pom	organization url	http://rome.dev.java.net	Medium
Vendor	Manifest	embed-transitive	true	Low
Vendor	Manifest	embed-directory	META-INF/lib	Low
Vendor	jar	package name	syndication	Highest
Vendor	jar	package name	atom	Highest
Vendor	Manifest	bundle-docurl	http://rome.dev.java.net	Low
Vendor	Manifest	bundle-symbolicname	net.java.dev.rome	Medium
Vendor	pom	groupid	net.java.dev.rome	Highest
Vendor	file	name	rome	High
Vendor	jar	package name	rss	Highest
Vendor	pom	name	ROME, RSS and atOM utilitiEs for Java	High
Vendor	pom	artifactid	rome	Low
Product	pom	artifactid	rome	Highest
Product	Manifest	Bundle-Name	ROME, RSS and atOM utilitiEs for Java	Medium
Product	Manifest	embed-transitive	true	Low
Product	jar	package name	syndication	Highest
Product	Manifest	embed-directory	META-INF/lib	Low
Product	jar	package name	atom	Highest
Product	Manifest	bundle-docurl	http://rome.dev.java.net	Low
Product	Manifest	bundle-symbolicname	net.java.dev.rome	Medium
Product	pom	groupid	net.java.dev.rome	Highest
Product	pom	organization url	http://rome.dev.java.net	Low
Product	pom	organization name	ROME Project	Low
Product	file	name	rome	High
Product	jar	package name	rss	Highest
Product	pom	url	https://rome.dev.java.net/	Medium
Product	pom	name	ROME, RSS and atOM utilitiEs for Java	High
Version	file	version	1.0.0	High
Version	pom	version	1.0.0	Highest
Version	Manifest	Bundle-Version	1.0.0	High

Identifiers

pkg:maven/net.java.dev.rome/rome@1.0.0 (Confidence:High)

slf4j-api-1.7.30.jar

Description:

The slf4j API

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/slf4j/slf4j-api/1.7.30/slf4j-api-1.7.30.jar
MD5: f8be00da99bc4ab64c79ab1e2be7cb7c
SHA1: b5a4b6d16ab13e34a88fae84c35cd5d68cac922c
SHA256:cdba07964d1bb40a0761485c6b1e8c2f8fd9eb1d19c53928ac0d7f9510105c57
Referenced In Projects/Scopes:

NorthernWind (modules):compile
NorthernWind :: Profiling:compile
NorthernWind :: Commons for tests:compile
NorthernWind :: Filesystems :: SCM:compile
NorthernWind :: Frontend :: Components :: HTML Template:compile
NorthernWind :: Frontend :: Media:compile
NorthernWind :: Frontend :: Webapp:runtime
NorthernWind :: Frontend :: Spring MVC:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:runtime
NorthernWind :: Frontend :: Media :: Spring MVC:compile
NorthernWind :: Frontend :: Commons:compile
NorthernWind :: Filesystems:compile
NorthernWind :: Filesystems :: SCM :: Mercurial:compile
NorthernWind :: Core :: Default Marshalling:compile
NorthernWind :: Core :: Default Implementation:compile
NorthernWind :: Frontend :: Webapp :: Commons:runtime
NorthernWind :: Frontend:compile
NorthernWind :: Filesystems :: Basic:compile
NorthernWind :: Filesystems :: SCM :: Git:compile
NorthernWind :: Core:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:runtime
NorthernWind :: Frontend :: Components:compile
NorthernWind :: HTML Patches:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	parent-groupid	org.slf4j	Medium
Vendor	pom	artifactid	slf4j-api	Low
Vendor	Manifest	bundle-symbolicname	slf4j.api	Medium
Vendor	pom	name	SLF4J API Module	High
Vendor	pom	groupid	org.slf4j	Highest
Vendor	Manifest	automatic-module-name	org.slf4j	Medium
Vendor	jar	package name	slf4j	Highest
Vendor	Manifest	bundle-requiredexecutionenvironment	J2SE-1.5	Low
Vendor	pom	groupid	slf4j	Highest
Vendor	pom	parent-artifactid	slf4j-parent	Low
Vendor	pom	url	http://www.slf4j.org	Highest
Vendor	file	name	slf4j-api	High
Product	pom	parent-artifactid	slf4j-parent	Medium
Product	pom	parent-groupid	org.slf4j	Medium
Product	Manifest	bundle-symbolicname	slf4j.api	Medium
Product	pom	name	SLF4J API Module	High
Product	Manifest	automatic-module-name	org.slf4j	Medium
Product	jar	package name	slf4j	Highest
Product	pom	url	http://www.slf4j.org	Medium
Product	pom	artifactid	slf4j-api	Highest
Product	Manifest	bundle-requiredexecutionenvironment	J2SE-1.5	Low
Product	pom	groupid	slf4j	Highest
Product	Manifest	Implementation-Title	slf4j-api	High
Product	Manifest	Bundle-Name	slf4j-api	Medium
Product	file	name	slf4j-api	High
Version	pom	version	1.7.30	Highest
Version	file	version	1.7.30	High
Version	Manifest	Implementation-Version	1.7.30	High
Version	Manifest	Bundle-Version	1.7.30	High

Identifiers

pkg:maven/org.slf4j/slf4j-api@1.7.30 (Confidence:High)

spotbugs-annotations-3.1.9.jar

Description:

Annotations the SpotBugs tool supports

License:

GNU LESSER GENERAL PUBLIC LICENSE, Version 2.1: https://www.gnu.org/licenses/old-licenses/lgpl-2.1.en.html

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/com/github/spotbugs/spotbugs-annotations/3.1.9/spotbugs-annotations-3.1.9.jar
MD5: 56a1a81d69b6a111161bbce0e6dea26a
SHA1: 2ef5127efcc1a899aab8c66d449a631c9a99c469
SHA256:68c7c46b4299e94837e236ae742f399901a950fe910fe3ca710026753b5dd2e1
Referenced In Projects/Scopes:

NorthernWind (modules):compile
NorthernWind :: Profiling:compile
NorthernWind :: Commons for tests:compile
NorthernWind :: Filesystems :: SCM:compile
NorthernWind :: Frontend :: Components :: HTML Template:compile
NorthernWind :: Frontend :: Media:compile
NorthernWind :: Frontend :: Webapp:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:compile
NorthernWind :: Frontend :: Spring MVC:compile
NorthernWind :: Frontend :: Media :: Spring MVC:compile
NorthernWind :: Frontend :: Commons:compile
NorthernWind :: Filesystems:compile
NorthernWind :: Filesystems :: SCM :: Mercurial:compile
NorthernWind :: Core :: Default Marshalling:compile
NorthernWind :: Core :: Default Implementation:compile
NorthernWind :: Frontend:compile
NorthernWind :: Filesystems :: Basic:compile
NorthernWind :: Filesystems :: SCM :: Git:compile
NorthernWind :: Frontend :: Webapp :: Commons:compile
NorthernWind :: Core:compile
NorthernWind :: Frontend :: Components:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile
NorthernWind :: HTML Patches:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	groupid	com.github.spotbugs	Highest
Vendor	pom	url	https://spotbugs.github.io/	Highest
Vendor	pom	groupid	github.spotbugs	Highest
Vendor	Manifest	bundle-requiredexecutionenvironment	J2SE-1.5	Low
Vendor	pom	artifactid	spotbugs-annotations	Low
Vendor	pom	name	SpotBugs Annotations	High
Vendor	file	name	spotbugs-annotations	High
Vendor	Manifest	bundle-symbolicname	spotbugs-annotations	Medium
Vendor	Manifest	automatic-module-name	com.github.spotbugs.annotations	Medium
Product	pom	artifactid	spotbugs-annotations	Highest
Product	Manifest	Bundle-Name	spotbugs-annotations	Medium
Product	pom	groupid	github.spotbugs	Highest
Product	Manifest	bundle-requiredexecutionenvironment	J2SE-1.5	Low
Product	pom	name	SpotBugs Annotations	High
Product	file	name	spotbugs-annotations	High
Product	Manifest	bundle-symbolicname	spotbugs-annotations	Medium
Product	Manifest	automatic-module-name	com.github.spotbugs.annotations	Medium
Product	pom	url	https://spotbugs.github.io/	Medium
Version	Manifest	Bundle-Version	3.1.9	High
Version	pom	version	3.1.9	Highest
Version	file	version	3.1.9	High

Identifiers

pkg:maven/com.github.spotbugs/spotbugs-annotations@3.1.9 (Confidence:High)

spring-core-5.3.1.jar

Description:

Spring Core

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/springframework/spring-core/5.3.1/spring-core-5.3.1.jar
MD5: df36706fc74458c9c28e97aca7fae409
SHA1: 47af5b161749cd249fc074b4f140e011a3337efd
SHA256:6ee995055163c59703be237be59f0565acb97c9d42c5d60df2bf3a4b4c6ef6e9
Referenced In Projects/Scopes:

NorthernWind :: Profiling:compile
NorthernWind :: Commons for tests:compile
NorthernWind :: Filesystems :: SCM:compile
NorthernWind :: Frontend :: Components :: HTML Template:compile
NorthernWind :: Frontend :: Media:compile
NorthernWind :: Frontend :: Webapp:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:compile
NorthernWind :: Frontend :: Spring MVC:compile
NorthernWind :: Frontend :: Media :: Spring MVC:compile
NorthernWind :: Frontend :: Commons:compile
NorthernWind :: Filesystems :: SCM :: Mercurial:compile
NorthernWind :: Core :: Default Marshalling:compile
NorthernWind :: Core :: Default Implementation:compile
NorthernWind :: Frontend:compile
NorthernWind :: Filesystems :: Basic:compile
NorthernWind :: Filesystems :: SCM :: Git:compile
NorthernWind :: Frontend :: Webapp :: Commons:compile
NorthernWind :: Core:compile
NorthernWind :: Frontend :: Components:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	jar	package name	io	Highest
Vendor	pom	organization url	https://spring.io/projects/spring-framework	Medium
Vendor	jar	package name	core	Highest
Vendor	pom	artifactid	spring-core	Low
Vendor	pom	organization name	Spring IO	High
Vendor	pom	groupid	org.springframework	Highest
Vendor	jar	package name	springframework	Highest
Vendor	file	name	spring-core	High
Vendor	pom	groupid	springframework	Highest
Vendor	hint analyzer	vendor	SpringSource	Highest
Vendor	Manifest	automatic-module-name	spring.core	Medium
Vendor	hint analyzer	vendor	pivotal software	Highest
Vendor	hint analyzer	vendor	vmware	Highest
Vendor	pom	url	spring-projects/spring-framework	Highest
Vendor	pom	name	Spring Core	High
Product	jar	package name	io	Highest
Product	pom	artifactid	spring-core	Highest
Product	jar	package name	core	Highest
Product	Manifest	Implementation-Title	spring-core	High
Product	pom	organization name	Spring IO	Low
Product	jar	package name	springframework	Highest
Product	file	name	spring-core	High
Product	hint analyzer	product	springsource_spring_framework	Highest
Product	pom	groupid	springframework	Highest
Product	pom	url	spring-projects/spring-framework	High
Product	Manifest	automatic-module-name	spring.core	Medium
Product	pom	organization url	https://spring.io/projects/spring-framework	Low
Product	pom	name	Spring Core	High
Version	Manifest	Implementation-Version	5.3.1	High
Version	pom	version	5.3.1	Highest
Version	file	version	5.3.1	High

Related Dependencies

spring-expression-5.3.1.jar
- File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/springframework/spring-expression/5.3.1/spring-expression-5.3.1.jar
- MD5: d465932c5f36eed42ae9958fed2a098c
- SHA1: aee660842a21fbf49f6e5921aa07974f1650c498
- SHA256: 897f79c85ba4fb3ed7a086a982c909d5aba9161c4d8707b00868fa27403256b8
- pkg:maven/org.springframework/spring-expression@5.3.1
spring-context-5.3.1.jar
- File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/springframework/spring-context/5.3.1/spring-context-5.3.1.jar
- MD5: bd13eda44ac28f87d752abaf0bbd5325
- SHA1: 736836c8098981ddabd309a0c15f967594da62bc
- SHA256: 5adcc88fc791d012e0993e2f5d3770e03c2432df5a561c63bfa9e1dc6ac93501
- pkg:maven/org.springframework/spring-context@5.3.1
spring-aspects-5.3.1.jar
- File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/springframework/spring-aspects/5.3.1/spring-aspects-5.3.1.jar
- MD5: f364d6228c719936bc8751e997cb861d
- SHA1: 968c9205f85589b5c102b3232f499fa90ec28a48
- SHA256: 962195358fdd97d30204d5ad75dd9339c3f1db7e008ab106b524197a4889ac96
- pkg:maven/org.springframework/spring-aspects@5.3.1
spring-beans-5.3.1.jar
- File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/springframework/spring-beans/5.3.1/spring-beans-5.3.1.jar
- MD5: 8218016c1dfa50b56eb65bb7415db575
- SHA1: a4bb5ffad5564e4a0e25955e3a40b1c6158385b2
- SHA256: 86f7c1cdac78f5fe6e2547d8faef52e8c3528526563b542c4922479f5422c440
- pkg:maven/org.springframework/spring-beans@5.3.1
spring-aop-5.3.1.jar
- File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/springframework/spring-aop/5.3.1/spring-aop-5.3.1.jar
- MD5: f08cd6faaf67d097bc4fbdf9684f325c
- SHA1: 25c310880484082ffba3130deb8e10c5afb29f10
- SHA256: a1f67fe0a11341c7da562053a74457191ead48db8ee49b7713f65c383c8b9526
- pkg:maven/org.springframework/spring-aop@5.3.1
spring-jcl-5.3.1.jar
- File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/springframework/spring-jcl/5.3.1/spring-jcl-5.3.1.jar
- MD5: 5a4890886c1d3540e3b52a0ae3f6b850
- SHA1: 1158888aa7517f8997eb43afe47776d9d2de8a38
- SHA256: 31081cbd5bdfb2cc80d50f11d59deb6a410b1f21593af9e20f6ec6b4c0fe220d
- pkg:maven/org.springframework/spring-jcl@5.3.1

Identifiers

pkg:maven/org.springframework/spring-core@5.3.1 (Confidence:High)
cpe:2.3:a:pivotal_software:spring_framework:5.3.1:*:*:*:*:*:*:* (Confidence:Highest)
cpe:2.3:a:springsource:spring_framework:5.3.1:*:*:*:*:*:*:* (Confidence:Highest)
cpe:2.3:a:vmware:spring_framework:5.3.1:*:*:*:*:*:*:* (Confidence:Highest)

Published Vulnerabilities

CVE-2016-1000027

Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's position is that untrusted data is not an intended use case. The product's behavior will not be changed because some users rely on deserialization of trusted data.

CWE-502 Deserialization of Untrusted Data

CVSSv2:

Base Score: HIGH (7.5)
Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSSv3:

Base Score: CRITICAL (9.8)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions:

cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:* versions up to (excluding) 6.0.0

CVE-2021-22060

In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more places of the Spring Framework codebase.

NVD-CWE-noinfo

CVSSv2:

Base Score: MEDIUM (4.0)
Vector: /AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSSv3:

Base Score: MEDIUM (4.3)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2021-22096

In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries.

NVD-CWE-Other

CVSSv2:

Base Score: MEDIUM (4.0)
Vector: /AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSSv3:

Base Score: MEDIUM (4.3)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2021-22118

In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data.

CWE-668 Exposure of Resource to Wrong Sphere

CVSSv2:

Base Score: MEDIUM (4.6)
Vector: /AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSSv3:

Base Score: HIGH (7.8)
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

CONFIRM - https://security.netapp.com/advisory/ntap-20210713-0005/
MISC - https://tanzu.vmware.com/security/cve-2021-22118
MISC - https://www.oracle.com/security-alerts/cpuapr2022.html
MISC - https://www.oracle.com/security-alerts/cpujan2022.html
MISC - https://www.oracle.com/security-alerts/cpuoct2021.html
N/A - N/A
N/A - N/A
OSSINDEX - [CVE-2021-22118] CWE-668: Exposure of Resource to Wrong Sphere

Vulnerable Software & Versions: (show all)

CVE-2022-22950

n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.

CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv2:

Base Score: MEDIUM (4.0)
Vector: /AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSSv3:

Base Score: MEDIUM (6.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2022-22965

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.

CWE-94 Improper Control of Generation of Code ('Code Injection')

CVSSv2:

Base Score: HIGH (7.5)
Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSSv3:

Base Score: CRITICAL (9.8)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2022-22968

In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path.

CWE-178 Improper Handling of Case Sensitivity

CVSSv2:

Base Score: MEDIUM (5.0)
Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSSv3:

Base Score: MEDIUM (5.3)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References:

CONFIRM - https://security.netapp.com/advisory/ntap-20220602-0004/
MISC - https://tanzu.vmware.com/security/cve-2022-22968
N/A - N/A
OSSINDEX - [CVE-2022-22968] CWE-178: Improper Handling of Case Sensitivity

Vulnerable Software & Versions: (show all)

CVE-2022-22970

In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object.

CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv2:

Base Score: LOW (3.5)
Vector: /AV:N/AC:M/Au:S/C:N/I:N/A:P

CVSSv3:

Base Score: MEDIUM (5.3)
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

CONFIRM - https://security.netapp.com/advisory/ntap-20220616-0006/
MISC - https://tanzu.vmware.com/security/cve-2022-22970
N/A - N/A

Vulnerable Software & Versions: (show all)

CVE-2022-22971

In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user.

CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv2:

Base Score: MEDIUM (4.0)
Vector: /AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSSv3:

Base Score: MEDIUM (6.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

CONFIRM - https://security.netapp.com/advisory/ntap-20220616-0003/
MISC - https://tanzu.vmware.com/security/cve-2022-22971
N/A - N/A

Vulnerable Software & Versions: (show all)

spring-web-5.3.1.jar

Description:

Spring Web

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/springframework/spring-web/5.3.1/spring-web-5.3.1.jar
MD5: 2c074c8766b7fb749bdad2332d61d7f5
SHA1: 4e1e1d1c6b5a00597162db84132414c409bcf615
SHA256:925f3b82035f31b410309154c3ae1e48ffa5204280275bdc9390d91312ad4fb4
Referenced In Projects/Scopes:

NorthernWind :: Frontend :: Media :: Spring MVC:compile
NorthernWind :: Frontend :: Commons:compile
NorthernWind :: Frontend:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:compile
NorthernWind :: Frontend :: Spring MVC:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	Manifest	automatic-module-name	spring.web	Medium
Vendor	pom	artifactid	spring-web	Low
Vendor	pom	organization url	https://spring.io/projects/spring-framework	Medium
Vendor	pom	organization name	Spring IO	High
Vendor	pom	groupid	org.springframework	Highest
Vendor	jar	package name	springframework	Highest
Vendor	pom	groupid	springframework	Highest
Vendor	hint analyzer	vendor	SpringSource	Highest
Vendor	jar	package name	web	Highest
Vendor	hint analyzer	vendor	pivotal software	Highest
Vendor	pom	name	Spring Web	High
Vendor	hint analyzer	vendor	vmware	Highest
Vendor	file	name	spring-web	High
Vendor	pom	url	spring-projects/spring-framework	Highest
Product	Manifest	automatic-module-name	spring.web	Medium
Product	pom	artifactid	spring-web	Highest
Product	pom	organization name	Spring IO	Low
Product	jar	package name	springframework	Highest
Product	hint analyzer	product	springsource_spring_framework	Highest
Product	pom	groupid	springframework	Highest
Product	Manifest	Implementation-Title	spring-web	High
Product	pom	url	spring-projects/spring-framework	High
Product	jar	package name	web	Highest
Product	pom	organization url	https://spring.io/projects/spring-framework	Low
Product	pom	name	Spring Web	High
Product	file	name	spring-web	High
Version	Manifest	Implementation-Version	5.3.1	High
Version	pom	version	5.3.1	Highest
Version	file	version	5.3.1	High

Related Dependencies

Identifiers

pkg:maven/org.springframework/spring-web@5.3.1 (Confidence:High)
cpe:2.3:a:pivotal_software:spring_framework:5.3.1:*:*:*:*:*:*:* (Confidence:Highest)
cpe:2.3:a:springsource:spring_framework:5.3.1:*:*:*:*:*:*:* (Confidence:Highest)
cpe:2.3:a:vmware:spring_framework:5.3.1:*:*:*:*:*:*:* (Confidence:Highest)
cpe:2.3:a:web_project:web:5.3.1:*:*:*:*:*:*:* (Confidence:Highest)

Published Vulnerabilities

CVE-2016-1000027

Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's position is that untrusted data is not an intended use case. The product's behavior will not be changed because some users rely on deserialization of trusted data.

CWE-502 Deserialization of Untrusted Data

CVSSv2:

Base Score: HIGH (7.5)
Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSSv3:

Base Score: CRITICAL (9.8)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions:

cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:* versions up to (excluding) 6.0.0

CVE-2021-22060

In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more places of the Spring Framework codebase.

NVD-CWE-noinfo

CVSSv2:

Base Score: MEDIUM (4.0)
Vector: /AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSSv3:

Base Score: MEDIUM (4.3)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2021-22096

In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries.

NVD-CWE-Other

CVSSv2:

Base Score: MEDIUM (4.0)
Vector: /AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSSv3:

Base Score: MEDIUM (4.3)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2021-22118

In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data.

CWE-668 Exposure of Resource to Wrong Sphere

CVSSv2:

Base Score: MEDIUM (4.6)
Vector: /AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSSv3:

Base Score: HIGH (7.8)
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

CONFIRM - https://security.netapp.com/advisory/ntap-20210713-0005/
MISC - https://tanzu.vmware.com/security/cve-2021-22118
MISC - https://www.oracle.com/security-alerts/cpuapr2022.html
MISC - https://www.oracle.com/security-alerts/cpujan2022.html
MISC - https://www.oracle.com/security-alerts/cpuoct2021.html
N/A - N/A
N/A - N/A
OSSINDEX - [CVE-2021-22118] CWE-668: Exposure of Resource to Wrong Sphere

Vulnerable Software & Versions: (show all)

CVE-2022-22950

n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.

CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv2:

Base Score: MEDIUM (4.0)
Vector: /AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSSv3:

Base Score: MEDIUM (6.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2022-22965

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.

CWE-94 Improper Control of Generation of Code ('Code Injection')

CVSSv2:

Base Score: HIGH (7.5)
Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSSv3:

Base Score: CRITICAL (9.8)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2022-22968

In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path.

CWE-178 Improper Handling of Case Sensitivity

CVSSv2:

Base Score: MEDIUM (5.0)
Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSSv3:

Base Score: MEDIUM (5.3)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References:

CONFIRM - https://security.netapp.com/advisory/ntap-20220602-0004/
MISC - https://tanzu.vmware.com/security/cve-2022-22968
N/A - N/A
OSSINDEX - [CVE-2022-22968] CWE-178: Improper Handling of Case Sensitivity

Vulnerable Software & Versions: (show all)

CVE-2022-22970

In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object.

CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv2:

Base Score: LOW (3.5)
Vector: /AV:N/AC:M/Au:S/C:N/I:N/A:P

CVSSv3:

Base Score: MEDIUM (5.3)
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

CONFIRM - https://security.netapp.com/advisory/ntap-20220616-0006/
MISC - https://tanzu.vmware.com/security/cve-2022-22970
N/A - N/A

Vulnerable Software & Versions: (show all)

CVE-2022-22971

In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user.

CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv2:

Base Score: MEDIUM (4.0)
Vector: /AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSSv3:

Base Score: MEDIUM (6.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

CONFIRM - https://security.netapp.com/advisory/ntap-20220616-0003/
MISC - https://tanzu.vmware.com/security/cve-2022-22971
N/A - N/A

Vulnerable Software & Versions: (show all)

txw2-3.0.0.jar

Description:

        TXW is a library that allows you to write XML documents.

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/glassfish/jaxb/txw2/3.0.0/txw2-3.0.0.jar
MD5: 2a1d385c609f13bbe5dddf3fb80902f3
SHA1: 01d2da507fbae72a98730c5dc19ec41e67f2cccd
SHA256:c9fe8d6d4ed08dff43f2173fd5f24dd0ae6c4fa293d12172de43bc41dcf502b2
Referenced In Projects/Scopes:

NorthernWind :: Core :: Default Marshalling:compile
NorthernWind :: Frontend :: Webapp:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:compile
NorthernWind :: Frontend :: Webapp :: Commons:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	jar (hint)	package name	oracle	Highest
Vendor	Manifest	Implementation-Vendor	Eclipse Foundation	High
Vendor	file	name	txw2	High
Vendor	Manifest	Implementation-Vendor-Id	org.eclipse	Medium
Vendor	pom	groupid	glassfish.jaxb	Highest
Vendor	jar	package name	xml	Highest
Vendor	jar	package name	sun	Highest
Vendor	pom	groupid	org.glassfish.jaxb	Highest
Vendor	Manifest	git-revision	697e104	Low
Vendor	pom	parent-groupid	com.sun.xml.bind.mvn	Medium
Vendor	pom	parent-artifactid	jaxb-txw-parent	Low
Vendor	jar	package name	txw	Highest
Vendor	pom	artifactid	txw2	Low
Vendor	jar	package name	txw2	Highest
Vendor	pom	name	TXW2 Runtime	High
Product	Manifest	Implementation-Title	Jakarta XML Binding Implementation	High
Product	file	name	txw2	High
Product	Manifest	specification-title	Jakarta XML Binding	Medium
Product	pom	artifactid	txw2	Highest
Product	jar	package name	xml	Highest
Product	pom	groupid	glassfish.jaxb	Highest
Product	jar	package name	sun	Highest
Product	Manifest	git-revision	697e104	Low
Product	pom	parent-groupid	com.sun.xml.bind.mvn	Medium
Product	jar	package name	txw	Highest
Product	pom	parent-artifactid	jaxb-txw-parent	Medium
Product	jar	package name	txw2	Highest
Product	pom	name	TXW2 Runtime	High
Version	Manifest	build-id	3.0.0	Medium
Version	Manifest	major-version	3.0.0	Medium
Version	Manifest	Implementation-Version	3.0.0	High
Version	pom	version	3.0.0	Highest
Version	file	version	3.0.0	High

Identifiers

pkg:maven/org.glassfish.jaxb/txw2@3.0.0 (Confidence:High)

xmpcore-6.1.11.jar

Description:

The Adobe XMP Core library

License:

The BSD 3-Clause License (BSD3): https://opensource.org/licenses/BSD-3-Clause

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/com/adobe/xmp/xmpcore/6.1.11/xmpcore-6.1.11.jar
MD5: 37892425fcfeffe88554b3d66dd084ca
SHA1: 852f14101381e527e6d43339d7db1698c970436c
SHA256:8f7033c579b99fa0d9d6ddcb9448875b5e4b577c350002278ce46997d678b737
Referenced In Projects/Scopes:

NorthernWind :: Frontend :: Media :: Spring MVC:compile
NorthernWind :: Frontend :: Media:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	xmpcore	High
Vendor	jar	package name	adobe	Highest
Vendor	pom	artifactid	xmpcore	Low
Vendor	pom	url	https://www.adobe.com/devnet/xmp/library/eula-xmp-library-java.html	Highest
Vendor	jar	package name	xmp	Highest
Vendor	pom	groupid	adobe.xmp	Highest
Vendor	Manifest	bundle-symbolicname	com.adobe.xmp.xmpcore	Medium
Vendor	Manifest	build-jdk-spec	1.8	Low
Vendor	pom	groupid	com.adobe.xmp	Highest
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))"	Low
Vendor	pom	name	Adobe XMPCore	High
Product	file	name	xmpcore	High
Product	jar	package name	adobe	Highest
Product	pom	artifactid	xmpcore	Highest
Product	pom	url	https://www.adobe.com/devnet/xmp/library/eula-xmp-library-java.html	Medium
Product	jar	package name	xmp	Highest
Product	pom	groupid	adobe.xmp	Highest
Product	Manifest	bundle-symbolicname	com.adobe.xmp.xmpcore	Medium
Product	Manifest	build-jdk-spec	1.8	Low
Product	Manifest	Bundle-Name	Adobe XMPCore	Medium
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))"	Low
Product	pom	name	Adobe XMPCore	High
Version	Manifest	Bundle-Version	6.1.11	High
Version	file	version	6.1.11	High
Version	pom	version	6.1.11	Highest

Identifiers

pkg:maven/com.adobe.xmp/xmpcore@6.1.11 (Confidence:High)

xsom-3.0.0.jar

Description:

XML Schema Object Model (XSOM) is a Java library that allows applications to easily parse XML Schema
        documents and inspect information in them. It is expected to be useful for applications that need to take XML
        Schema as an input.

License:

Eclipse Distribution License - v 1.0: http://www.eclipse.org/org/documents/edl-v10.php

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/glassfish/jaxb/xsom/3.0.0/xsom-3.0.0.jar
MD5: 121b95bf9d4281ee572173186b638c65
SHA1: c1f8c470769764aeac3a6cd3146c4524ee24c61e
SHA256:e1a96df9da08da8c0dcf0287794f0e5036ad37a3e392328091c8ea74237997d9
Referenced In Projects/Scopes:

NorthernWind :: Core :: Default Marshalling:compile
NorthernWind :: Frontend :: Webapp:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:compile
NorthernWind :: Frontend :: Webapp :: Commons:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	xsom	High
Vendor	Manifest	Implementation-Vendor	Eclipse Foundation	High
Vendor	pom	groupid	glassfish.jaxb	Highest
Vendor	jar	package name	xml	Highest
Vendor	Manifest	bundle-symbolicname	org.glassfish.jaxb.xsom	Medium
Vendor	pom	parent-groupid	org.eclipse.ee4j	Medium
Vendor	pom	parent-artifactid	project	Low
Vendor	pom	groupid	org.glassfish.jaxb	Highest
Vendor	pom	name	XSOM	High
Vendor	Manifest	implementation-build-id	3.0.0 - 697e104	Low
Vendor	pom	artifactid	xsom	Low
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	Manifest	bundle-docurl	https://www.eclipse.org	Low
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	jar	package name	xsom	Highest
Product	file	name	xsom	High
Product	pom	parent-artifactid	project	Medium
Product	pom	artifactid	xsom	Highest
Product	jar	package name	xml	Highest
Product	pom	groupid	glassfish.jaxb	Highest
Product	Manifest	bundle-symbolicname	org.glassfish.jaxb.xsom	Medium
Product	pom	parent-groupid	org.eclipse.ee4j	Medium
Product	pom	name	XSOM	High
Product	Manifest	implementation-build-id	3.0.0 - 697e104	Low
Product	Manifest	build-jdk-spec	11	Low
Product	Manifest	bundle-docurl	https://www.eclipse.org	Low
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	Manifest	Implementation-Title	XSOM	High
Product	jar	package name	xsom	Highest
Product	Manifest	Bundle-Name	XSOM	Medium
Version	Manifest	Bundle-Version	3.0.0	High
Version	Manifest	Implementation-Version	3.0.0	High
Version	pom	version	3.0.0	Highest
Version	file	version	3.0.0	High
Version	pom	parent-version	3.0.0	Low
Version	Manifest	implementation-build-id	3.0.0	Low

Identifiers

pkg:maven/org.glassfish.jaxb/xsom@3.0.0 (Confidence:High)

How to read the report | Suppressing false positives | Getting Help: github issues

Project: NorthernWind

it.tidalwave.northernwind:northernwind:1.2-ALPHA-11

Summary

Dependencies

ST4-4.1.jar

Evidence

Identifiers

antlr-runtime-3.5.2.jar

Evidence

Identifiers

aspectjrt-1.9.6.jar

Evidence

Identifiers

codemodel-3.0.0.jar

Evidence

Identifiers

commons-io-2.4.jar

Evidence

Identifiers

Published Vulnerabilities

commons-math3-3.0.jar

Evidence

Identifiers

Published Vulnerabilities

dtd-parser-1.4.3.jar

Evidence

Identifiers

hamcrest-core-1.3.jar

Evidence

Identifiers

image-core-1.0-ALPHA-7.jar

Evidence

Identifiers

istack-commons-tools-4.0.0.jar

Evidence

Related Dependencies

Identifiers

it-tidalwave-html-patches-1.2-ALPHA-11.jar

Evidence

Identifiers

it-tidalwave-messagebus-3.2-ALPHA-18.jar

Evidence

Identifiers

it-tidalwave-messagebus-spring-3.2-ALPHA-18.jar

Evidence

Identifiers

it-tidalwave-northernwind-core-1.2-ALPHA-11.jar

Evidence

Identifiers

it-tidalwave-northernwind-core-default-1.2-ALPHA-11.jar

Evidence

Identifiers

it-tidalwave-northernwind-core-filesystem-basic-1.2-ALPHA-11.jar

Evidence

Identifiers

it-tidalwave-northernwind-core-filesystem-git-1.2-ALPHA-11.jar

Evidence

Identifiers

it-tidalwave-northernwind-core-filesystem-hg-1.2-ALPHA-11.jar

Evidence

Identifiers

Published Vulnerabilities

it-tidalwave-northernwind-core-filesystem-scm-1.2-ALPHA-11.jar

Evidence

Identifiers

it-tidalwave-northernwind-core-marshalling-default-1.2-ALPHA-11.jar

Evidence

Identifiers

it-tidalwave-northernwind-core-profiling-1.2-ALPHA-11.jar

Evidence

Identifiers

it-tidalwave-northernwind-frontend-commons-1.2-ALPHA-11.jar

Evidence

Identifiers

it-tidalwave-northernwind-frontend-components-1.2-ALPHA-11.jar

Evidence

Identifiers

it-tidalwave-northernwind-frontend-components-htmltemplate-1.2-ALPHA-11.jar

Evidence