Dependency-Check Report

Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

Scan Information (show all):

dependency-check version: 6.1.1
Report Generated On: Sun, 22 Jan 2023 17:53:18 +0100
Dependencies Scanned: 74 (65 unique)
Vulnerable Dependencies: 11
Vulnerabilities Found: 45
Vulnerabilities Suppressed: 0
...
NVD CVE Checked: 2023-01-22T17:13:26
NVD CVE Modified: 2023-01-22T16:00:01
VersionCheckOn: 2023-01-15T14:18:40

Summary

Display: Showing Vulnerable Dependencies (click to show all)

Dependency	Vulnerability IDs	Package	Highest Severity	CVE Count	Confidence	Evidence Count
ST4-4.1.jar		pkg:maven/org.antlr/ST4@4.1		0		16
antlr-runtime-3.5.2.jar		pkg:maven/org.antlr/antlr-runtime@3.5.2		0		25
aspectjrt-1.9.6.jar		pkg:maven/org.aspectj/aspectjrt@1.9.6		0		23
codemodel-3.0.0.jar	cpe:2.3:a:oracle:java_se:3.0.0:::::::*	pkg:maven/org.glassfish.jaxb/codemodel@3.0.0		0	Low	36
commons-io-2.4.jar	cpe:2.3:a:apache:commons_io:2.4:::::::* cpe:2.3:a:apache:commons_net:2.4:::::::*	pkg:maven/commons-io/commons-io@2.4	MEDIUM	2	Highest	36
commons-math3-3.0.jar	cpe:2.3:a:apache:commons_net:3.0:::::::*	pkg:maven/org.apache.commons/commons-math3@3.0	MEDIUM	1	Highest	37
dtd-parser-1.4.3.jar	cpe:2.3:a:oracle:java_se:1.4.3:::::::*	pkg:maven/com.sun.xml.dtd-parser/dtd-parser@1.4.3		0	Low	42
hamcrest-core-1.3.jar		pkg:maven/org.hamcrest/hamcrest-core@1.3		0		26
image-core-1.0-ALPHA-7.jar		pkg:maven/it.tidalwave.image/image-core@1.0-ALPHA-7		0		23
istack-commons-tools-4.0.0.jar	cpe:2.3:a:oracle:java_se:4.0.0:::::::*	pkg:maven/com.sun.istack/istack-commons-tools@4.0.0		0	Low	39
it-tidalwave-html-patches-1.2-ALPHA-9.jar		pkg:maven/it.tidalwave.northernwind/it-tidalwave-html-patches@1.2-ALPHA-9		0		23
it-tidalwave-messagebus-3.2-ALPHA-13.jar		pkg:maven/it.tidalwave.thesefoolishthings/it-tidalwave-messagebus@3.2-ALPHA-13		0		23
it-tidalwave-messagebus-spring-3.2-ALPHA-13.jar		pkg:maven/it.tidalwave.thesefoolishthings/it-tidalwave-messagebus-spring@3.2-ALPHA-13		0		23
it-tidalwave-northernwind-core-1.2-ALPHA-9.jar		pkg:maven/it.tidalwave.northernwind/it-tidalwave-northernwind-core@1.2-ALPHA-9		0		25
it-tidalwave-northernwind-core-default-1.2-ALPHA-9.jar		pkg:maven/it.tidalwave.northernwind/it-tidalwave-northernwind-core-default@1.2-ALPHA-9		0		25
it-tidalwave-northernwind-core-filesystem-basic-1.2-ALPHA-9.jar		pkg:maven/it.tidalwave.northernwind/it-tidalwave-northernwind-core-filesystem-basic@1.2-ALPHA-9		0		23
it-tidalwave-northernwind-core-filesystem-git-1.2-ALPHA-9.jar		pkg:maven/it.tidalwave.northernwind/it-tidalwave-northernwind-core-filesystem-git@1.2-ALPHA-9		0		23
it-tidalwave-northernwind-core-filesystem-hg-1.2-ALPHA-9.jar	cpe:2.3:a:mercurial:mercurial:1.2:alpha::::::	pkg:maven/it.tidalwave.northernwind/it-tidalwave-northernwind-core-filesystem-hg@1.2-ALPHA-9	CRITICAL	17	Low	23
it-tidalwave-northernwind-core-filesystem-scm-1.2-ALPHA-9.jar		pkg:maven/it.tidalwave.northernwind/it-tidalwave-northernwind-core-filesystem-scm@1.2-ALPHA-9		0		23
it-tidalwave-northernwind-core-marshalling-default-1.2-ALPHA-9.jar		pkg:maven/it.tidalwave.northernwind/it-tidalwave-northernwind-core-marshalling-default@1.2-ALPHA-9		0		25
it-tidalwave-northernwind-core-profiling-1.2-ALPHA-9.jar		pkg:maven/it.tidalwave.northernwind/it-tidalwave-northernwind-core-profiling@1.2-ALPHA-9		0		25
it-tidalwave-northernwind-frontend-commons-1.2-ALPHA-9.jar		pkg:maven/it.tidalwave.northernwind/it-tidalwave-northernwind-frontend-commons@1.2-ALPHA-9		0		25
it-tidalwave-northernwind-frontend-components-1.2-ALPHA-9.jar		pkg:maven/it.tidalwave.northernwind/it-tidalwave-northernwind-frontend-components@1.2-ALPHA-9		0		25
it-tidalwave-northernwind-frontend-components-htmltemplate-1.2-ALPHA-9.jar		pkg:maven/it.tidalwave.northernwind/it-tidalwave-northernwind-frontend-components-htmltemplate@1.2-ALPHA-9		0		25
it-tidalwave-northernwind-frontend-media-1.2-ALPHA-9.jar		pkg:maven/it.tidalwave.northernwind/it-tidalwave-northernwind-frontend-media@1.2-ALPHA-9		0		25
it-tidalwave-northernwind-frontend-media-springmvc-1.2-ALPHA-9.jar		pkg:maven/it.tidalwave.northernwind/it-tidalwave-northernwind-frontend-media-springmvc@1.2-ALPHA-9		0		17
it-tidalwave-northernwind-frontend-springmvc-1.2-ALPHA-9.jar		pkg:maven/it.tidalwave.northernwind/it-tidalwave-northernwind-frontend-springmvc@1.2-ALPHA-9		0		25
it-tidalwave-role-3.2-ALPHA-13.jar		pkg:maven/it.tidalwave.thesefoolishthings/it-tidalwave-role@3.2-ALPHA-13		0		23
it-tidalwave-role-spring-3.2-ALPHA-13.jar		pkg:maven/it.tidalwave.thesefoolishthings/it-tidalwave-role-spring@3.2-ALPHA-13		0		25
it-tidalwave-util-3.2-ALPHA-13.jar		pkg:maven/it.tidalwave.thesefoolishthings/it-tidalwave-util@3.2-ALPHA-13		0		23
it-tidalwave-util-test-3.2-ALPHA-13.jar		pkg:maven/it.tidalwave.thesefoolishthings/it-tidalwave-util-test@3.2-ALPHA-13		0		25
jakarta.activation-2.0.0.jar	cpe:2.3:a:oracle:java_se:2.0.0:::::::*	pkg:maven/com.sun.activation/jakarta.activation@2.0.0		0	Low	40
jakarta.xml.bind-api-3.0.0.jar		pkg:maven/jakarta.xml.bind/jakarta.xml.bind-api@3.0.0		0		34
java-diff-utils-4.9.jar	cpe:2.3:a:utils_project:utils:4.9:::::::*	pkg:maven/io.github.java-diff-utils/java-diff-utils@4.9	MEDIUM	1	Highest	22
javax.annotation-api-1.3.2.jar		pkg:maven/javax.annotation/javax.annotation-api@1.3.2		0		39
javax.inject-1.jar		pkg:maven/javax.inject/javax.inject@1		0		19
javax.servlet-api-3.1.0.jar	cpe:2.3:a:oracle:java_se:3.1.0:::::::*	pkg:maven/javax.servlet/javax.servlet-api@3.1.0		0	Low	37
jaxb-core-3.0.0.jar		pkg:maven/org.glassfish.jaxb/jaxb-core@3.0.0		0		45
jaxb-core-3.0.0.jar	cpe:2.3:a:oracle:java_se:3.0.0:::::::*	pkg:maven/com.sun.xml.bind/jaxb-core@3.0.0 pkg:maven/org.glassfish.jaxb/jaxb-core@3.0.0		0	Low	55
jaxb-core-3.0.0.jar (shaded: com.sun.istack:istack-commons-runtime:4.0.0)		pkg:maven/com.sun.istack/istack-commons-runtime@4.0.0		0		11
jaxb-impl-3.0.0.jar		pkg:maven/com.sun.xml.bind/jaxb-impl@3.0.0		0		40
jaxb-impl-3.0.0.jar (shaded: org.glassfish.jaxb:jaxb-runtime:3.0.0)		pkg:maven/org.glassfish.jaxb/jaxb-runtime@3.0.0		0		11
jaxb-xjc-3.0.0.jar		pkg:maven/org.glassfish.jaxb/jaxb-xjc@3.0.0		0		33
jcl-over-slf4j-1.7.30.jar	cpe:2.3:a:apache:commons_net:1.7.30:::::::*	pkg:maven/org.slf4j/jcl-over-slf4j@1.7.30	MEDIUM	1	Low	33
jdom-1.0.jar	cpe:2.3:a:jdom:jdom:1.0:::::::*	pkg:maven/jdom/jdom@1.0	HIGH	1	Highest	44
jetty-util-6.1.26.jar	cpe:2.3:a:jetty:jetty:6.1.26:::::::* cpe:2.3:a:mortbay:jetty:6.1.26:::::::* cpe:2.3:a:mortbay_jetty:jetty:6.1.26:::::::*	pkg:maven/org.mortbay.jetty/jetty-util@6.1.26	MEDIUM	2	Highest	34
jsr305-3.0.2.jar		pkg:maven/com.google.code.findbugs/jsr305@3.0.2		0		17
jul-to-slf4j-1.7.30.jar		pkg:maven/org.slf4j/jul-to-slf4j@1.7.30		0		28
junit-4.12.jar		pkg:maven/junit/junit@4.12	MEDIUM	1		24
logback-core-1.2.3.jar	cpe:2.3:a:qos:logback:1.2.3:::::::*	pkg:maven/ch.qos.logback/logback-core@1.2.3	MEDIUM	1	Highest	32
lombok-1.18.22.jar		pkg:maven/org.projectlombok/lombok@1.18.22		0		24
metadata-extractor-2.18.0.jar	cpe:2.3:a:metadata-extractor_project:metadata-extractor:2.18.0:::::::*	pkg:maven/com.drewnoakes/metadata-extractor@2.18.0		0	Highest	27
org-openide-filesystems-RELEASE80.jar		pkg:maven/org.netbeans.api/org-openide-filesystems@RELEASE80		0		24
org-openide-util-RELEASE80.jar		pkg:maven/org.netbeans.api/org-openide-util@RELEASE80		0		22
org-openide-util-lookup-RELEASE80.jar		pkg:maven/org.netbeans.api/org-openide-util-lookup@RELEASE80		0		22
relaxng-datatype-3.0.0.jar	cpe:2.3:a:oracle:java_se:3.0.0:::::::*	pkg:maven/com.sun.xml.bind.external/relaxng-datatype@3.0.0		0	Low	36
rngom-3.0.0.jar	cpe:2.3:a:oracle:java_se:3.0.0:::::::*	pkg:maven/com.sun.xml.bind.external/rngom@3.0.0		0	Low	38
rome-1.0.0.jar		pkg:maven/net.java.dev.rome/rome@1.0.0		0		32
slf4j-api-1.7.30.jar		pkg:maven/org.slf4j/slf4j-api@1.7.30		0		29
spotbugs-annotations-3.1.9.jar		pkg:maven/com.github.spotbugs/spotbugs-annotations@3.1.9		0		21
spring-core-5.3.1.jar	cpe:2.3:a:pivotal_software:spring_framework:5.3.1:::::::* cpe:2.3:a:springsource:spring_framework:5.3.1:::::::* cpe:2.3:a:vmware:spring_framework:5.3.1:::::::*	pkg:maven/org.springframework/spring-core@5.3.1	CRITICAL	9	Highest	31
spring-web-5.3.1.jar	cpe:2.3:a:pivotal_software:spring_framework:5.3.1:::::::* cpe:2.3:a:springsource:spring_framework:5.3.1:::::::* cpe:2.3:a:vmware:spring_framework:5.3.1:::::::* cpe:2.3:a:web_project:web:5.3.1:::::::*	pkg:maven/org.springframework/spring-web@5.3.1	CRITICAL	9	Highest	29
txw2-3.0.0.jar		pkg:maven/org.glassfish.jaxb/txw2@3.0.0		0		33
xmpcore-6.1.11.jar		pkg:maven/com.adobe.xmp/xmpcore@6.1.11		0		25
xsom-3.0.0.jar		pkg:maven/org.glassfish.jaxb/xsom@3.0.0		0		36

Dependencies

ST4-4.1.jar

Description:

StringTemplate is a java template engine for generating source code,
		web pages, emails, or any other formatted text output.

		StringTemplate is particularly good at multi-targeted code generators,
		multiple site skins, and internationalization/localization.

		It evolved over years of effort developing jGuru.com.

		StringTemplate also powers the ANTLR 3 and 4 code generator. Its distinguishing characteristic
		is that unlike other engines, it strictly enforces model-view separation.

		Strict separation makes websites and code generators more flexible
		and maintainable; it also provides an excellent defense against malicious
		template authors.

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/antlr/ST4/4.1/ST4-4.1.jar
MD5: 0ed049972a799b12d8bd57031a48522a
SHA1: 467d508be07a542ad0a68ffcaed2d561c5fb2e0c
SHA256:8b1ccaed9edc55cd255d9c19c4d8da4756d9b6fcb435671292b43470b16d75d8
Referenced In Projects/Scopes:

NorthernWind :: Filesystems :: SCM:compile
NorthernWind :: Frontend :: Components :: HTML Template:compile
NorthernWind :: Frontend :: Media:compile
NorthernWind :: Frontend :: Webapp:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:compile
NorthernWind :: Frontend :: Spring MVC:compile
NorthernWind :: Frontend :: Media :: Spring MVC:compile
NorthernWind :: Filesystems :: SCM :: Mercurial:compile
NorthernWind :: Core :: Default Implementation:compile
NorthernWind :: Filesystems :: SCM :: Git:compile
NorthernWind :: Frontend :: Webapp :: Commons:compile
NorthernWind :: Frontend :: Components:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	jar	package name	v4	Low
Vendor	jar	package name	stringtemplate	Highest
Vendor	pom	groupid	org.antlr	Highest
Vendor	pom	artifactid	ST4	Low
Vendor	file	name	ST4	High
Vendor	jar	package name	stringtemplate	Low
Vendor	pom	groupid	antlr	Highest
Vendor	pom	name	StringTemplate 4	High
Product	jar	package name	v4	Low
Product	jar	package name	stringtemplate	Highest
Product	file	name	ST4	High
Product	pom	artifactid	ST4	Highest
Product	pom	groupid	antlr	Highest
Product	pom	name	StringTemplate 4	High
Version	pom	version	4.1	Highest
Version	file	version	4.1	High

Identifiers

pkg:maven/org.antlr/ST4@4.1 (Confidence:High)

antlr-runtime-3.5.2.jar

Description:

A framework for constructing recognizers, compilers, and translators from grammatical descriptions containing Java, C#, C++, or Python actions.

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/antlr/antlr-runtime/3.5.2/antlr-runtime-3.5.2.jar
MD5: 1fbbae2cb72530207c20b797bdabd029
SHA1: cd9cd41361c155f3af0f653009dcecb08d8b4afd
SHA256:ce3fc8ecb10f39e9a3cddcbb2ce350d272d9cd3d0b1e18e6fe73c3b9389c8734
Referenced In Projects/Scopes:

NorthernWind :: Filesystems :: SCM:compile
NorthernWind :: Frontend :: Components :: HTML Template:compile
NorthernWind :: Frontend :: Media:compile
NorthernWind :: Frontend :: Webapp:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:compile
NorthernWind :: Frontend :: Spring MVC:compile
NorthernWind :: Frontend :: Media :: Spring MVC:compile
NorthernWind :: Filesystems :: SCM :: Mercurial:compile
NorthernWind :: Core :: Default Implementation:compile
NorthernWind :: Filesystems :: SCM :: Git:compile
NorthernWind :: Frontend :: Webapp :: Commons:compile
NorthernWind :: Frontend :: Components:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	Manifest	Implementation-Vendor-Id	org.antlr	Medium
Vendor	pom	url	http://www.antlr.org	Highest
Vendor	jar	package name	antlr	Highest
Vendor	pom	artifactid	antlr-runtime	Low
Vendor	pom	name	ANTLR 3 Runtime	High
Vendor	pom	parent-artifactid	antlr-master	Low
Vendor	pom	parent-groupid	org.antlr	Medium
Vendor	pom	groupid	org.antlr	Highest
Vendor	pom	groupid	antlr	Highest
Vendor	file	name	antlr-runtime	High
Vendor	jar	package name	runtime	Highest
Vendor	Manifest	Implementation-Vendor	ANTLR	High
Product	pom	artifactid	antlr-runtime	Highest
Product	pom	url	http://www.antlr.org	Medium
Product	pom	parent-groupid	org.antlr	Medium
Product	jar	package name	antlr	Highest
Product	Manifest	Implementation-Title	ANTLR 3 Runtime	High
Product	pom	groupid	antlr	Highest
Product	file	name	antlr-runtime	High
Product	jar	package name	runtime	Highest
Product	pom	name	ANTLR 3 Runtime	High
Product	pom	parent-artifactid	antlr-master	Medium
Version	file	version	3.5.2	High
Version	Manifest	Implementation-Version	3.5.2	High
Version	pom	version	3.5.2	Highest

Identifiers

pkg:maven/org.antlr/antlr-runtime@3.5.2 (Confidence:High)

aspectjrt-1.9.6.jar

Description:

The runtime needed to execute a program using AspectJ

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/legal/epl-v10.html

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/aspectj/aspectjrt/1.9.6/aspectjrt-1.9.6.jar
MD5: 391f9257f19b84b45eb79a1878b9600a
SHA1: 1651849d48659e5703adc2599e694bf67b8c3fc4
SHA256:20c785678cbb4ee045914daf83da25f98a16071177dfa0e3451326723dfb4705
Referenced In Projects/Scopes:

NorthernWind :: Profiling:compile
NorthernWind :: Filesystems :: SCM:compile
NorthernWind :: Frontend :: Components :: HTML Template:compile
NorthernWind :: Frontend :: Media:compile
NorthernWind :: Frontend :: Webapp:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:compile
NorthernWind :: Frontend :: Spring MVC:compile
NorthernWind :: Frontend :: Media :: Spring MVC:compile
NorthernWind :: Frontend :: Commons:compile
NorthernWind :: Filesystems :: SCM :: Mercurial:compile
NorthernWind :: Core :: Default Implementation:compile
NorthernWind :: Core :: Default Marshalling:compile
NorthernWind :: Frontend:compile
NorthernWind :: Filesystems :: Basic:compile
NorthernWind :: Filesystems :: SCM :: Git:compile
NorthernWind :: Frontend :: Webapp :: Commons:compile
NorthernWind :: Core:compile
NorthernWind :: Frontend :: Components:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	name	AspectJ runtime	High
Vendor	pom	artifactid	aspectjrt	Low
Vendor	pom	groupid	org.aspectj	Highest
Vendor	pom	groupid	aspectj	Highest
Vendor	pom	url	https://www.eclipse.org/aspectj/	Highest
Vendor	jar	package name	runtime	Highest
Vendor	manifest: org/aspectj/lang/	Implementation-Vendor	https://www.eclipse.org/aspectj/	Medium
Vendor	file	name	aspectjrt	High
Vendor	Manifest	automatic-module-name	org.aspectj.runtime	Medium
Vendor	jar	package name	aspectj	Highest
Product	pom	name	AspectJ runtime	High
Product	manifest: org/aspectj/lang/	Implementation-Title	org.aspectj.runtime	Medium
Product	pom	artifactid	aspectjrt	Highest
Product	pom	groupid	aspectj	Highest
Product	pom	url	https://www.eclipse.org/aspectj/	Medium
Product	jar	package name	runtime	Highest
Product	file	name	aspectjrt	High
Product	manifest: org/aspectj/lang/	Specification-Title	AspectJ Runtime Classes	Medium
Product	Manifest	automatic-module-name	org.aspectj.runtime	Medium
Product	jar	package name	aspectj	Highest
Version	pom	version	1.9.6	Highest
Version	file	version	1.9.6	High
Version	manifest: org/aspectj/lang/	Implementation-Version	1.9.6	Medium

Identifiers

pkg:maven/org.aspectj/aspectjrt@1.9.6 (Confidence:High)

codemodel-3.0.0.jar

Description:

The core functionality of the CodeModel java source code generation library

License:

http://www.eclipse.org/org/documents/edl-v10.php

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/glassfish/jaxb/codemodel/3.0.0/codemodel-3.0.0.jar
MD5: 3be06899dd53a82f25d18c181c9e88e5
SHA1: e4022db305a953ab260d60aaa25849525455fd48
SHA256:7d5a3bd8290ca9b0720b1033b89e3bc4e45714b5a021ec4e39e009ac035239ef
Referenced In Projects/Scopes:

NorthernWind :: Core :: Default Marshalling:compile
NorthernWind :: Frontend :: Webapp:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:compile
NorthernWind :: Frontend :: Webapp :: Commons:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	jar	package name	sun	Highest
Vendor	Manifest	implementation-build-id	3.0.0 - 697e104	Low
Vendor	pom	groupid	glassfish.jaxb	Highest
Vendor	pom	name	Codemodel Core	High
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	pom	parent-groupid	com.sun.xml.bind.mvn	Medium
Vendor	Manifest	Implementation-Vendor	Eclipse Foundation	High
Vendor	Manifest	bundle-docurl	https://www.eclipse.org	Low
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	jar (hint)	package name	oracle	Highest
Vendor	jar	package name	codemodel	Highest
Vendor	Manifest	bundle-symbolicname	org.glassfish.jaxb.codemodel	Medium
Vendor	pom	parent-artifactid	jaxb-codemodel-parent	Low
Vendor	pom	artifactid	codemodel	Low
Vendor	pom	groupid	org.glassfish.jaxb	Highest
Vendor	file	name	codemodel	High
Product	jar	package name	sun	Highest
Product	Manifest	implementation-build-id	3.0.0 - 697e104	Low
Product	pom	groupid	glassfish.jaxb	Highest
Product	pom	name	Codemodel Core	High
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	pom	parent-groupid	com.sun.xml.bind.mvn	Medium
Product	Manifest	bundle-docurl	https://www.eclipse.org	Low
Product	Manifest	build-jdk-spec	11	Low
Product	jar	package name	codemodel	Highest
Product	Manifest	bundle-symbolicname	org.glassfish.jaxb.codemodel	Medium
Product	pom	artifactid	codemodel	Highest
Product	pom	parent-artifactid	jaxb-codemodel-parent	Medium
Product	Manifest	Implementation-Title	Codemodel Core	High
Product	Manifest	Bundle-Name	Codemodel Core	Medium
Product	file	name	codemodel	High
Version	pom	version	3.0.0	Highest
Version	file	version	3.0.0	High
Version	Manifest	implementation-build-id	3.0.0	Low
Version	Manifest	Implementation-Version	3.0.0	High
Version	Manifest	Bundle-Version	3.0.0	High

Identifiers

pkg:maven/org.glassfish.jaxb/codemodel@3.0.0 (Confidence:High)
cpe:2.3:a:oracle:java_se:3.0.0:*:*:*:*:*:*:* (Confidence:Low)

commons-io-2.4.jar

Description:

The Commons IO library contains utility classes, stream implementations, file filters, 
file comparators, endian transformation classes, and much more.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/commons-io/commons-io/2.4/commons-io-2.4.jar
MD5: 7f97854dc04c119d461fed14f5d8bb96
SHA1: b1b6ea3b7e4aa4f492509a4952029cd8e48019ad
SHA256:cc6a41dc3eaacc9e440a6bd0d2890b20d36b4ee408fe2d67122f328bb6e01581
Referenced In Projects/Scopes:

NorthernWind :: Frontend :: Media :: Spring MVC:compile
NorthernWind :: Core :: Default Implementation:compile
NorthernWind :: Frontend :: Components :: HTML Template:compile
NorthernWind :: Frontend :: Webapp:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:compile
NorthernWind :: Frontend :: Webapp :: Commons:compile
NorthernWind :: Frontend :: Spring MVC:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	Manifest	bundle-symbolicname	org.apache.commons.io	Medium
Vendor	file	name	commons-io	High
Vendor	pom	url	http://commons.apache.org/io/	Highest
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	pom	groupid	commons-io	Highest
Vendor	pom	parent-groupid	org.apache.commons	Medium
Vendor	jar	package name	apache	Highest
Vendor	Manifest	implementation-build	tags/2.4-RC2@r1349569; 2012-06-12 18:18:20-0400	Low
Vendor	pom	name	Commons IO	High
Vendor	jar	package name	commons	Highest
Vendor	jar	package name	io	Highest
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	Manifest	Implementation-Vendor-Id	org.apache	Medium
Vendor	pom	artifactid	commons-io	Low
Vendor	pom	parent-artifactid	commons-parent	Low
Vendor	Manifest	bundle-docurl	http://commons.apache.org/io/	Low
Product	Manifest	bundle-symbolicname	org.apache.commons.io	Medium
Product	file	name	commons-io	High
Product	pom	groupid	commons-io	Highest
Product	pom	parent-artifactid	commons-parent	Medium
Product	Manifest	Bundle-Name	Commons IO	Medium
Product	Manifest	Implementation-Title	Commons IO	High
Product	pom	parent-groupid	org.apache.commons	Medium
Product	jar	package name	apache	Highest
Product	Manifest	implementation-build	tags/2.4-RC2@r1349569; 2012-06-12 18:18:20-0400	Low
Product	pom	name	Commons IO	High
Product	jar	package name	commons	Highest
Product	Manifest	specification-title	Commons IO	Medium
Product	jar	package name	io	Highest
Product	pom	url	http://commons.apache.org/io/	Medium
Product	pom	artifactid	commons-io	Highest
Product	Manifest	bundle-docurl	http://commons.apache.org/io/	Low
Version	Manifest	Implementation-Version	2.4	High
Version	pom	parent-version	2.4	Low
Version	file	version	2.4	High
Version	pom	version	2.4	Highest

Identifiers

pkg:maven/commons-io/commons-io@2.4 (Confidence:High)
cpe:2.3:a:apache:commons_io:2.4:*:*:*:*:*:*:* (Confidence:Highest)
cpe:2.3:a:apache:commons_net:2.4:*:*:*:*:*:*:* (Confidence:Highest)

Published Vulnerabilities

CVE-2021-29425

In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value.

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv2:

Base Score: MEDIUM (5.8)
Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSSv3:

Base Score: MEDIUM (4.8)
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2021-37533

Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711.

CWE-20 Improper Input Validation

CVSSv3:

Base Score: MEDIUM (6.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions:

cpe:2.3:a:apache:commons_net:*:*:*:*:*:*:*:* versions up to (excluding) 3.9.0

commons-math3-3.0.jar

Description:

The Math project is a library of lightweight, self-contained mathematics and statistics components addressing the most common practical problems not immediately available in the Java programming language or commons-lang.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/apache/commons/commons-math3/3.0/commons-math3-3.0.jar
MD5: 1c32031c57f7ad9a99fef07bcf1209e8
SHA1: 5f8d1d720333aa9a7dee1c949ea70d9ed7da6106
SHA256:0bde674d932bfc7f048390f86ceb631cf1e8790de7163c0e7bb22409599a38db
Referenced In Projects/Scopes:

NorthernWind :: Profiling:compile
NorthernWind :: Filesystems :: SCM:compile
NorthernWind :: Frontend :: Components :: HTML Template:compile
NorthernWind :: Frontend :: Webapp:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:compile
NorthernWind :: Frontend :: Spring MVC:compile
NorthernWind :: Frontend :: Media :: Spring MVC:compile
NorthernWind :: Filesystems :: SCM :: Mercurial:compile
NorthernWind :: Core :: Default Implementation:compile
NorthernWind :: Filesystems :: SCM :: Git:compile
NorthernWind :: Frontend :: Webapp :: Commons:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	commons-math3	High
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	pom	groupid	org.apache.commons	Highest
Vendor	Manifest	implementation-build	tags/MATH_3_0_RC3@r1296853; 2012-03-05 11:10:26+0100	Low
Vendor	Manifest	bundle-symbolicname	org.apache.commons.math	Medium
Vendor	pom	groupid	apache.commons	Highest
Vendor	pom	parent-groupid	org.apache.commons	Medium
Vendor	jar	package name	apache	Highest
Vendor	pom	url	http://commons.apache.org/math/	Highest
Vendor	pom	name	Commons Math	High
Vendor	pom	artifactid	commons-math3	Low
Vendor	jar	package name	commons	Highest
Vendor	jar	package name	math3	Highest
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	Manifest	bundle-docurl	http://commons.apache.org/math/	Low
Vendor	Manifest	Implementation-Vendor-Id	org.apache	Medium
Vendor	pom	parent-artifactid	commons-parent	Low
Product	file	name	commons-math3	High
Product	Manifest	Bundle-Name	Commons Math	Medium
Product	pom	parent-artifactid	commons-parent	Medium
Product	Manifest	implementation-build	tags/MATH_3_0_RC3@r1296853; 2012-03-05 11:10:26+0100	Low
Product	Manifest	bundle-symbolicname	org.apache.commons.math	Medium
Product	pom	groupid	apache.commons	Highest
Product	pom	parent-groupid	org.apache.commons	Medium
Product	Manifest	Implementation-Title	Commons Math	High
Product	jar	package name	apache	Highest
Product	pom	name	Commons Math	High
Product	pom	url	http://commons.apache.org/math/	Medium
Product	jar	package name	commons	Highest
Product	jar	package name	math3	Highest
Product	pom	artifactid	commons-math3	Highest
Product	Manifest	specification-title	Commons Math	Medium
Product	Manifest	bundle-docurl	http://commons.apache.org/math/	Low
Version	pom	version	3.0	Highest
Version	Manifest	Implementation-Version	3.0	High
Version	file	version	3.0	High
Version	pom	parent-version	3.0	Low

Identifiers

pkg:maven/org.apache.commons/commons-math3@3.0 (Confidence:High)
cpe:2.3:a:apache:commons_net:3.0:*:*:*:*:*:*:* (Confidence:Highest)

Published Vulnerabilities

CVE-2021-37533

Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711.

CWE-20 Improper Input Validation

CVSSv3:

Base Score: MEDIUM (6.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions:

cpe:2.3:a:apache:commons_net:*:*:*:*:*:*:*:* versions up to (excluding) 3.9.0

dtd-parser-1.4.3.jar

Description:

SAX-like API for parsing XML DTDs.

License:

Eclipse Distribution License - v 1.0: http://www.eclipse.org/org/documents/edl-v10.php

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/com/sun/xml/dtd-parser/dtd-parser/1.4.3/dtd-parser-1.4.3.jar
MD5: ed00546105860ff9b42d40eee3a17080
SHA1: 090ff8310e0c62177d66502009e2642f88901753
SHA256:245b4a51df10169ad268768faa0dc01401849fa0a7d8b743cceff20cdd61bfc0
Referenced In Projects/Scopes:

NorthernWind :: Core :: Default Marshalling:compile
NorthernWind :: Frontend :: Webapp:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:compile
NorthernWind :: Frontend :: Webapp :: Commons:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	jar	package name	sun	Highest
Vendor	file	name	dtd-parser	High
Vendor	Manifest	implementation-build-id	1.4.3 - 1.4.3-RELEASE-acc434d	Low
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	pom	parent-groupid	org.eclipse.ee4j	Medium
Vendor	Manifest	Implementation-Vendor	Eclipse Foundation	High
Vendor	Manifest	bundle-docurl	https://www.eclipse.org	Low
Vendor	pom	groupid	sun.xml.dtd-parser	Highest
Vendor	Manifest	Implementation-Vendor-Id	com.sun.xml.dtd-parser	Medium
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	jar (hint)	package name	oracle	Highest
Vendor	pom	url	eclipse-ee4j/jaxb-dtd-parser	Highest
Vendor	Manifest	implementation-url	https://github.com/eclipse-ee4j/jaxb-dtd-parser	Low
Vendor	pom	artifactid	dtd-parser	Low
Vendor	Manifest	bundle-symbolicname	com.sun.xml.dtd-parser	Medium
Vendor	pom	name	DTD Parser	High
Vendor	pom	parent-artifactid	project	Low
Vendor	jar	package name	xml	Highest
Vendor	pom	groupid	com.sun.xml.dtd-parser	Highest
Product	jar	package name	sun	Highest
Product	file	name	dtd-parser	High
Product	Manifest	implementation-build-id	1.4.3 - 1.4.3-RELEASE-acc434d	Low
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	Manifest	Implementation-Title	DTD Parser	High
Product	Manifest	Bundle-Name	DTD Parser	Medium
Product	pom	parent-groupid	org.eclipse.ee4j	Medium
Product	Manifest	bundle-docurl	https://www.eclipse.org	Low
Product	pom	groupid	sun.xml.dtd-parser	Highest
Product	Manifest	build-jdk-spec	11	Low
Product	pom	parent-artifactid	project	Medium
Product	Manifest	implementation-url	https://github.com/eclipse-ee4j/jaxb-dtd-parser	Low
Product	Manifest	bundle-symbolicname	com.sun.xml.dtd-parser	Medium
Product	pom	name	DTD Parser	High
Product	pom	artifactid	dtd-parser	Highest
Product	jar	package name	xml	Highest
Product	pom	url	eclipse-ee4j/jaxb-dtd-parser	High
Version	Manifest	Bundle-Version	1.4.3	High
Version	Manifest	implementation-build-id	1.4.3	Low
Version	Manifest	Implementation-Version	1.4.3	High
Version	file	version	1.4.3	High
Version	pom	version	1.4.3	Highest
Version	pom	parent-version	1.4.3	Low

Identifiers

pkg:maven/com.sun.xml.dtd-parser/dtd-parser@1.4.3 (Confidence:High)
cpe:2.3:a:oracle:java_se:1.4.3:*:*:*:*:*:*:* (Confidence:Low)

hamcrest-core-1.3.jar

Description:

    This is the core API of hamcrest matcher framework to be used by third-party framework providers. This includes the a foundation set of matcher implementations for common operations.

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/hamcrest/hamcrest-core/1.3/hamcrest-core-1.3.jar
MD5: 6393363b47ddcbba82321110c3e07519
SHA1: 42a25dc3219429f0e5d060061f71acb49bf010a0
SHA256:66fdef91e9739348df7a096aa384a5685f4e875584cce89386a7a47251c4d8e9
Referenced In Projects/Scopes:

NorthernWind :: Frontend :: Media :: Spring MVC:compile
NorthernWind :: Filesystems :: SCM :: Mercurial:compile
NorthernWind :: Commons for tests:compile
NorthernWind :: Core :: Default Implementation:compile
NorthernWind :: Filesystems :: SCM:compile
NorthernWind :: Core :: Default Marshalling:compile
NorthernWind :: Frontend:compile
NorthernWind :: Filesystems :: Basic:compile
NorthernWind :: Filesystems :: SCM :: Git:compile
NorthernWind :: Core:compile
NorthernWind :: Frontend :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	parent-artifactid	hamcrest-parent	Low
Vendor	jar	package name	hamcrest	Highest
Vendor	pom	parent-groupid	org.hamcrest	Medium
Vendor	pom	groupid	org.hamcrest	Highest
Vendor	pom	name	Hamcrest Core	High
Vendor	pom	groupid	hamcrest	Highest
Vendor	jar	package name	core	Highest
Vendor	Manifest	built-date	2012-07-09 19:49:34	Low
Vendor	Manifest	Implementation-Vendor	hamcrest.org	High
Vendor	file	name	hamcrest-core	High
Vendor	jar	package name	matcher	Highest
Vendor	pom	artifactid	hamcrest-core	Low
Product	Manifest	Implementation-Title	hamcrest-core	High
Product	pom	parent-artifactid	hamcrest-parent	Medium
Product	jar	package name	hamcrest	Highest
Product	pom	artifactid	hamcrest-core	Highest
Product	pom	parent-groupid	org.hamcrest	Medium
Product	pom	groupid	hamcrest	Highest
Product	jar	package name	core	Highest
Product	Manifest	built-date	2012-07-09 19:49:34	Low
Product	pom	name	Hamcrest Core	High
Product	file	name	hamcrest-core	High
Product	jar	package name	matcher	Highest
Version	file	version	1.3	High
Version	pom	version	1.3	Highest
Version	Manifest	Implementation-Version	1.3	High

Identifiers

pkg:maven/org.hamcrest/hamcrest-core@1.3 (Confidence:High)

image-core-1.0-ALPHA-7.jar

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/it/tidalwave/image/image-core/1.0-ALPHA-7/image-core-1.0-ALPHA-7.jar
MD5: d444c332738e029bb1d3e6d111a58e02
SHA1: 65a6b56825ad7691a66275503d3eee75b8bd7ffe
SHA256:6b645acea6d854f6532c568eca49a202d41cbea2bbe9edf7333d3e527191d2b3
Referenced In Projects/Scopes:

NorthernWind :: Frontend :: Media :: Spring MVC:compile
NorthernWind :: Frontend :: Media:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	parent-artifactid	image-modules	Low
Vendor	Manifest	Implementation-Vendor	Tidalwave s.a.s.	High
Vendor	Manifest	specification-vendor	Tidalwave s.a.s.	Low
Vendor	pom	name	Mistral Core	High
Vendor	pom	groupid	it.tidalwave.image	Highest
Vendor	jar	package name	image	Highest
Vendor	pom	artifactid	image-core	Low
Vendor	file	name	image-core	High
Vendor	jar	package name	tidalwave	Highest
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	jar	package name	it	Highest
Product	Manifest	specification-title	Mistral Core	Medium
Product	Manifest	Implementation-Title	Mistral Core	High
Product	pom	name	Mistral Core	High
Product	pom	artifactid	image-core	Highest
Product	pom	groupid	it.tidalwave.image	Highest
Product	jar	package name	image	Highest
Product	file	name	image-core	High
Product	jar	package name	tidalwave	Highest
Product	Manifest	build-jdk-spec	11	Low
Product	jar	package name	it	Highest
Product	pom	parent-artifactid	image-modules	Medium
Version	pom	version	1.0-ALPHA-7	Highest

Identifiers

pkg:maven/it.tidalwave.image/image-core@1.0-ALPHA-7 (Confidence:High)

istack-commons-tools-4.0.0.jar

Description:

istack common utility code

License:

http://www.eclipse.org/org/documents/edl-v10.php

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/com/sun/istack/istack-commons-tools/4.0.0/istack-commons-tools-4.0.0.jar
MD5: 99b2cc622a2d2230bb705eae4cce6bbf
SHA1: 653511c28867dd002e15bfa082d00682e0114a56
SHA256:9212ecc51900faa244054ab51a098b2cd73117cff240dcaeb39eeb7e0dc6ddec
Referenced In Projects/Scopes:

NorthernWind :: Core :: Default Marshalling:compile
NorthernWind :: Frontend :: Webapp:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:compile
NorthernWind :: Frontend :: Webapp :: Commons:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	istack-commons-tools	High
Vendor	jar	package name	sun	Highest
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	pom	parent-groupid	com.sun.istack	Medium
Vendor	Manifest	bundle-symbolicname	com.sun.istack.commons-tools	Medium
Vendor	Manifest	implementation-build-id	4.0.0 - 39e0843	Low
Vendor	pom	groupid	com.sun.istack	Highest
Vendor	pom	parent-artifactid	istack-commons	Low
Vendor	Manifest	bundle-docurl	https://www.eclipse.org	Low
Vendor	Manifest	Implementation-Vendor	Eclipse Foundation	High
Vendor	jar	package name	istack	Highest
Vendor	jar (hint)	package name	oracle	Highest
Vendor	jar	package name	com	Highest
Vendor	Manifest	multi-release	true	Low
Vendor	jar	package name	tools	Highest
Vendor	Manifest	Implementation-Vendor-Id	com.sun.istack	Medium
Vendor	pom	groupid	sun.istack	Highest
Vendor	pom	artifactid	istack-commons-tools	Low
Vendor	pom	name	istack common utility code tools	High
Product	file	name	istack-commons-tools	High
Product	jar	package name	sun	Highest
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	pom	parent-groupid	com.sun.istack	Medium
Product	Manifest	bundle-symbolicname	com.sun.istack.commons-tools	Medium
Product	Manifest	implementation-build-id	4.0.0 - 39e0843	Low
Product	Manifest	bundle-docurl	https://www.eclipse.org	Low
Product	jar	package name	istack	Highest
Product	Manifest	Bundle-Name	istack common utility code tools	Medium
Product	jar	package name	com	Highest
Product	Manifest	multi-release	true	Low
Product	jar	package name	tools	Highest
Product	pom	artifactid	istack-commons-tools	Highest
Product	pom	parent-artifactid	istack-commons	Medium
Product	pom	groupid	sun.istack	Highest
Product	pom	name	istack common utility code tools	High
Version	Manifest	implementation-build-id	4.0.0	Low
Version	Manifest	Bundle-Version	4.0.0	High
Version	pom	version	4.0.0	Highest
Version	file	version	4.0.0	High

Related Dependencies

Identifiers

pkg:maven/com.sun.istack/istack-commons-tools@4.0.0 (Confidence:High)
cpe:2.3:a:oracle:java_se:4.0.0:*:*:*:*:*:*:* (Confidence:Low)

it-tidalwave-html-patches-1.2-ALPHA-9.jar

Description:

Some patched classes for manipulating HTML.

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/it/tidalwave/northernwind/it-tidalwave-html-patches/1.2-ALPHA-9/it-tidalwave-html-patches-1.2-ALPHA-9.jar
MD5: 658cc6629a3b00f5ff01dc26eb5fba59
SHA1: 4edc61de577bec35111a59f3cedb5e7fb7e96468
SHA256:68dc18c99fedf2e711504f3ccfe7f5ffc408bfa7a7d51e69d173c23260143061
Referenced In Projects/Scopes:

NorthernWind :: Frontend :: Media :: Spring MVC:compile
NorthernWind :: Filesystems :: SCM :: Mercurial:compile
NorthernWind :: Core :: Default Implementation:compile
NorthernWind :: Filesystems :: SCM:compile
NorthernWind :: Frontend :: Components :: HTML Template:compile
NorthernWind :: Frontend :: Webapp:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:compile
NorthernWind :: Filesystems :: SCM :: Git:compile
NorthernWind :: Frontend :: Webapp :: Commons:compile
NorthernWind :: Frontend :: Spring MVC:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	name	NorthernWind :: HTML Patches	High
Vendor	Manifest	Implementation-Vendor	Tidalwave s.a.s.	High
Vendor	pom	groupid	it.tidalwave.northernwind	Highest
Vendor	file	name	it-tidalwave-html-patches	High
Vendor	Manifest	specification-vendor	Tidalwave s.a.s.	Low
Vendor	pom	artifactid	it-tidalwave-html-patches	Low
Vendor	jar	package name	northernwind	Highest
Vendor	jar	package name	tidalwave	Highest
Vendor	pom	parent-artifactid	it-tidalwave-northernwind-modules	Low
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	jar	package name	it	Highest
Product	pom	name	NorthernWind :: HTML Patches	High
Product	file	name	it-tidalwave-html-patches	High
Product	Manifest	Implementation-Title	NorthernWind :: HTML Patches	High
Product	pom	groupid	it.tidalwave.northernwind	Highest
Product	jar	package name	northernwind	Highest
Product	jar	package name	tidalwave	Highest
Product	pom	parent-artifactid	it-tidalwave-northernwind-modules	Medium
Product	Manifest	build-jdk-spec	11	Low
Product	Manifest	specification-title	NorthernWind :: HTML Patches	Medium
Product	jar	package name	it	Highest
Product	pom	artifactid	it-tidalwave-html-patches	Highest
Version	pom	version	1.2-ALPHA-9	Highest

Identifiers

pkg:maven/it.tidalwave.northernwind/it-tidalwave-html-patches@1.2-ALPHA-9 (Confidence:High)

it-tidalwave-messagebus-3.2-ALPHA-13.jar

Description:

        An abstract description of a simple message bus to be used within an application.

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/it/tidalwave/thesefoolishthings/it-tidalwave-messagebus/3.2-ALPHA-13/it-tidalwave-messagebus-3.2-ALPHA-13.jar
MD5: 9992d8a0d104bf4ad40b9fc375d7149b
SHA1: 0dd552ddf34b26b3cd6e20b4f719666ef4b98ada
SHA256:03f9d03588cce9ff2ede5a423198ef8c605ee1e2ffbde776eba6a465546f48e3
Referenced In Projects/Scopes:

NorthernWind :: Profiling:compile
NorthernWind :: Filesystems :: SCM:compile
NorthernWind :: Frontend :: Components :: HTML Template:compile
NorthernWind :: Frontend :: Media:compile
NorthernWind :: Frontend :: Webapp:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:compile
NorthernWind :: Frontend :: Spring MVC:compile
NorthernWind :: Frontend :: Media :: Spring MVC:compile
NorthernWind :: Frontend :: Commons:compile
NorthernWind :: Filesystems :: SCM :: Mercurial:compile
NorthernWind :: Core :: Default Implementation:compile
NorthernWind :: Core :: Default Marshalling:compile
NorthernWind :: Frontend:compile
NorthernWind :: Filesystems :: Basic:compile
NorthernWind :: Filesystems :: SCM :: Git:compile
NorthernWind :: Frontend :: Webapp :: Commons:compile
NorthernWind :: Core:compile
NorthernWind :: Frontend :: Components:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	artifactid	it-tidalwave-messagebus	Low
Vendor	pom	groupid	it.tidalwave.thesefoolishthings	Highest
Vendor	Manifest	Implementation-Vendor	Tidalwave s.a.s.	High
Vendor	Manifest	specification-vendor	Tidalwave s.a.s.	Low
Vendor	pom	name	TheseFoolishThings :: MessageBus	High
Vendor	jar	package name	tidalwave	Highest
Vendor	pom	parent-artifactid	modules	Low
Vendor	file	name	it-tidalwave-messagebus	High
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	jar	package name	it	Highest
Vendor	jar	package name	messagebus	Highest
Product	pom	groupid	it.tidalwave.thesefoolishthings	Highest
Product	pom	parent-artifactid	modules	Medium
Product	pom	artifactid	it-tidalwave-messagebus	Highest
Product	pom	name	TheseFoolishThings :: MessageBus	High
Product	Manifest	Implementation-Title	TheseFoolishThings :: MessageBus	High
Product	jar	package name	tidalwave	Highest
Product	Manifest	specification-title	TheseFoolishThings :: MessageBus	Medium
Product	file	name	it-tidalwave-messagebus	High
Product	Manifest	build-jdk-spec	11	Low
Product	jar	package name	it	Highest
Product	jar	package name	messagebus	Highest
Version	pom	version	3.2-ALPHA-13	Highest

Identifiers

pkg:maven/it.tidalwave.thesefoolishthings/it-tidalwave-messagebus@3.2-ALPHA-13 (Confidence:High)

it-tidalwave-messagebus-spring-3.2-ALPHA-13.jar

Description:

        A Spring implementation of a simple message bus to be used within an application.

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/it/tidalwave/thesefoolishthings/it-tidalwave-messagebus-spring/3.2-ALPHA-13/it-tidalwave-messagebus-spring-3.2-ALPHA-13.jar
MD5: da4f4ce0f5299155e2436adc730b45ea
SHA1: b81a309c0e0e75deafa85ae77813f189a4aa7d08
SHA256:df92b5faa765a25ef9f8c1f2b4ceb5f6e1c6b7deb4ddbd87a1b5b9c0a5e5a669
Referenced In Projects/Scopes:

NorthernWind :: Frontend :: Webapp:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:compile
NorthernWind :: Frontend :: Webapp :: Commons:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	groupid	it.tidalwave.thesefoolishthings	Highest
Vendor	Manifest	Implementation-Vendor	Tidalwave s.a.s.	High
Vendor	pom	artifactid	it-tidalwave-messagebus-spring	Low
Vendor	file	name	it-tidalwave-messagebus-spring	High
Vendor	Manifest	specification-vendor	Tidalwave s.a.s.	Low
Vendor	jar	package name	tidalwave	Highest
Vendor	pom	parent-artifactid	modules	Low
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	jar	package name	it	Highest
Vendor	pom	name	TheseFoolishThings :: MessageBus :: Spring	High
Vendor	jar	package name	messagebus	Highest
Product	pom	groupid	it.tidalwave.thesefoolishthings	Highest
Product	file	name	it-tidalwave-messagebus-spring	High
Product	pom	parent-artifactid	modules	Medium
Product	Manifest	specification-title	TheseFoolishThings :: MessageBus :: Spring	Medium
Product	pom	artifactid	it-tidalwave-messagebus-spring	Highest
Product	jar	package name	tidalwave	Highest
Product	Manifest	Implementation-Title	TheseFoolishThings :: MessageBus :: Spring	High
Product	Manifest	build-jdk-spec	11	Low
Product	jar	package name	it	Highest
Product	pom	name	TheseFoolishThings :: MessageBus :: Spring	High
Product	jar	package name	messagebus	Highest
Version	pom	version	3.2-ALPHA-13	Highest

Identifiers

pkg:maven/it.tidalwave.thesefoolishthings/it-tidalwave-messagebus-spring@3.2-ALPHA-13 (Confidence:High)

it-tidalwave-northernwind-core-1.2-ALPHA-9.jar

Description:

Contains the interfaces of the Core.

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/it/tidalwave/northernwind/it-tidalwave-northernwind-core/1.2-ALPHA-9/it-tidalwave-northernwind-core-1.2-ALPHA-9.jar
MD5: 6b06ae27e1c1c8fea0f3bcd6ed5b307e
SHA1: 36cd99ff0039c46fb87fe3c63c471d72fa1c5d95
SHA256:b224f10ed7a02aa6eda65566fe91c7fc25db2534fb8863a70600d42c5f47b8f2
Referenced In Projects/Scopes:

NorthernWind :: Profiling:compile
NorthernWind :: Filesystems :: SCM:compile
NorthernWind :: Frontend :: Components :: HTML Template:compile
NorthernWind :: Frontend :: Media:compile
NorthernWind :: Frontend :: Webapp:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:compile
NorthernWind :: Frontend :: Spring MVC:compile
NorthernWind :: Frontend :: Media :: Spring MVC:compile
NorthernWind :: Frontend :: Commons:compile
NorthernWind :: Filesystems :: SCM :: Mercurial:compile
NorthernWind :: Core :: Default Implementation:compile
NorthernWind :: Core :: Default Marshalling:compile
NorthernWind :: Frontend:compile
NorthernWind :: Filesystems :: Basic:compile
NorthernWind :: Filesystems :: SCM :: Git:compile
NorthernWind :: Frontend :: Webapp :: Commons:compile
NorthernWind :: Frontend :: Components:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	name	NorthernWind :: Core	High
Vendor	Manifest	Implementation-Vendor	Tidalwave s.a.s.	High
Vendor	pom	parent-artifactid	it-tidalwave-northernwind-modules	Low
Vendor	file	name	it-tidalwave-northernwind-core	High
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	pom	groupid	it.tidalwave.northernwind	Highest
Vendor	Manifest	specification-vendor	Tidalwave s.a.s.	Low
Vendor	pom	artifactid	it-tidalwave-northernwind-core	Low
Vendor	jar	package name	core	Highest
Vendor	jar	package name	northernwind	Highest
Vendor	jar	package name	tidalwave	Highest
Vendor	jar	package name	it	Highest
Product	pom	name	NorthernWind :: Core	High
Product	pom	artifactid	it-tidalwave-northernwind-core	Highest
Product	file	name	it-tidalwave-northernwind-core	High
Product	Manifest	build-jdk-spec	11	Low
Product	Manifest	specification-title	NorthernWind :: Core	Medium
Product	pom	groupid	it.tidalwave.northernwind	Highest
Product	jar	package name	core	Highest
Product	Manifest	Implementation-Title	NorthernWind :: Core	High
Product	jar	package name	northernwind	Highest
Product	jar	package name	tidalwave	Highest
Product	pom	parent-artifactid	it-tidalwave-northernwind-modules	Medium
Product	jar	package name	it	Highest
Version	pom	version	1.2-ALPHA-9	Highest

Identifiers

pkg:maven/it.tidalwave.northernwind/it-tidalwave-northernwind-core@1.2-ALPHA-9 (Confidence:High)

it-tidalwave-northernwind-core-default-1.2-ALPHA-9.jar

Description:

A default implementation of the Core.

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/it/tidalwave/northernwind/it-tidalwave-northernwind-core-default/1.2-ALPHA-9/it-tidalwave-northernwind-core-default-1.2-ALPHA-9.jar
MD5: 078ce2c5503388a63174e0dfe521a31f
SHA1: 58747f97eb5e6218d029feebf86a5a32a1223b22
SHA256:981b7b48b65de3a3d3371050a9cda9c50082e5ca8451b8c180e65534a0dd7cb0
Referenced In Projects/Scopes:

NorthernWind :: Frontend :: Media :: Spring MVC:compile
NorthernWind :: Filesystems :: SCM :: Mercurial:compile
NorthernWind :: Filesystems :: SCM:compile
NorthernWind :: Frontend :: Components :: HTML Template:compile
NorthernWind :: Frontend :: Webapp:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:compile
NorthernWind :: Filesystems :: SCM :: Git:compile
NorthernWind :: Frontend :: Webapp :: Commons:compile
NorthernWind :: Frontend :: Spring MVC:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	Manifest	Implementation-Vendor	Tidalwave s.a.s.	High
Vendor	file	name	it-tidalwave-northernwind-core-default	High
Vendor	pom	parent-artifactid	it-tidalwave-northernwind-modules	Low
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	pom	groupid	it.tidalwave.northernwind	Highest
Vendor	Manifest	specification-vendor	Tidalwave s.a.s.	Low
Vendor	pom	artifactid	it-tidalwave-northernwind-core-default	Low
Vendor	jar	package name	core	Highest
Vendor	pom	name	NorthernWind :: Core :: Default Implementation	High
Vendor	jar	package name	northernwind	Highest
Vendor	jar	package name	tidalwave	Highest
Vendor	jar	package name	it	Highest
Product	pom	artifactid	it-tidalwave-northernwind-core-default	Highest
Product	file	name	it-tidalwave-northernwind-core-default	High
Product	Manifest	build-jdk-spec	11	Low
Product	Manifest	Implementation-Title	NorthernWind :: Core :: Default Implementation	High
Product	pom	groupid	it.tidalwave.northernwind	Highest
Product	jar	package name	core	Highest
Product	Manifest	specification-title	NorthernWind :: Core :: Default Implementation	Medium
Product	pom	name	NorthernWind :: Core :: Default Implementation	High
Product	jar	package name	northernwind	Highest
Product	jar	package name	tidalwave	Highest
Product	pom	parent-artifactid	it-tidalwave-northernwind-modules	Medium
Product	jar	package name	it	Highest
Version	pom	version	1.2-ALPHA-9	Highest

Identifiers

pkg:maven/it.tidalwave.northernwind/it-tidalwave-northernwind-core-default@1.2-ALPHA-9 (Confidence:High)

it-tidalwave-northernwind-core-filesystem-basic-1.2-ALPHA-9.jar

Description:

The implementation of some basic filesystems.

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/it/tidalwave/northernwind/it-tidalwave-northernwind-core-filesystem-basic/1.2-ALPHA-9/it-tidalwave-northernwind-core-filesystem-basic-1.2-ALPHA-9.jar
MD5: 1e50a7796d60a2c804862972ef7cbc9c
SHA1: de26590f64fc09a81596318070468617ebb30cc3
SHA256:e6af382d0edb52543109656598cfc76a2e02d57abaad9003575ded3485007070
Referenced In Projects/Scopes:

NorthernWind :: Filesystems :: SCM :: Mercurial:compile
NorthernWind :: Filesystems :: SCM:compile
NorthernWind :: Frontend :: Webapp:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:compile
NorthernWind :: Filesystems :: SCM :: Git:compile
NorthernWind :: Frontend :: Webapp :: Commons:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	Manifest	Implementation-Vendor	Tidalwave s.a.s.	High
Vendor	pom	groupid	it.tidalwave.northernwind	Highest
Vendor	Manifest	specification-vendor	Tidalwave s.a.s.	Low
Vendor	pom	parent-artifactid	it-tidalwave-northernwind-filesystem	Low
Vendor	pom	name	NorthernWind :: Filesystems :: Basic	High
Vendor	file	name	it-tidalwave-northernwind-core-filesystem-basic	High
Vendor	jar	package name	northernwind	Highest
Vendor	jar	package name	tidalwave	Highest
Vendor	pom	artifactid	it-tidalwave-northernwind-core-filesystem-basic	Low
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	jar	package name	it	Highest
Product	pom	artifactid	it-tidalwave-northernwind-core-filesystem-basic	Highest
Product	pom	groupid	it.tidalwave.northernwind	Highest
Product	pom	name	NorthernWind :: Filesystems :: Basic	High
Product	file	name	it-tidalwave-northernwind-core-filesystem-basic	High
Product	jar	package name	northernwind	Highest
Product	Manifest	Implementation-Title	NorthernWind :: Filesystems :: Basic	High
Product	jar	package name	tidalwave	Highest
Product	pom	parent-artifactid	it-tidalwave-northernwind-filesystem	Medium
Product	Manifest	build-jdk-spec	11	Low
Product	jar	package name	it	Highest
Product	Manifest	specification-title	NorthernWind :: Filesystems :: Basic	Medium
Version	pom	version	1.2-ALPHA-9	Highest

Identifiers

pkg:maven/it.tidalwave.northernwind/it-tidalwave-northernwind-core-filesystem-basic@1.2-ALPHA-9 (Confidence:High)

it-tidalwave-northernwind-core-filesystem-git-1.2-ALPHA-9.jar

Description:

The implementation of the Git filesystem.

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/it/tidalwave/northernwind/it-tidalwave-northernwind-core-filesystem-git/1.2-ALPHA-9/it-tidalwave-northernwind-core-filesystem-git-1.2-ALPHA-9.jar
MD5: 16b46e0ce53c4528f9e711d3c206edec
SHA1: 92e22bc16cadc97b2e3ef44c4d6e623b6c6ce86a
SHA256:fca4ad283d8851649c623a24fad517f7d48b4f777b7d0d3af0cbdcfdaf38c82b
Referenced In Projects/Scopes:

NorthernWind :: Frontend :: Webapp:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:compile
NorthernWind :: Frontend :: Webapp :: Commons:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	artifactid	it-tidalwave-northernwind-core-filesystem-git	Low
Vendor	Manifest	Implementation-Vendor	Tidalwave s.a.s.	High
Vendor	pom	groupid	it.tidalwave.northernwind	Highest
Vendor	Manifest	specification-vendor	Tidalwave s.a.s.	Low
Vendor	file	name	it-tidalwave-northernwind-core-filesystem-git	High
Vendor	pom	parent-artifactid	it-tidalwave-northernwind-filesystem	Low
Vendor	jar	package name	northernwind	Highest
Vendor	jar	package name	tidalwave	Highest
Vendor	pom	name	NorthernWind :: Filesystems :: SCM :: Git	High
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	jar	package name	it	Highest
Product	pom	groupid	it.tidalwave.northernwind	Highest
Product	file	name	it-tidalwave-northernwind-core-filesystem-git	High
Product	jar	package name	northernwind	Highest
Product	Manifest	Implementation-Title	NorthernWind :: Filesystems :: SCM :: Git	High
Product	jar	package name	tidalwave	Highest
Product	pom	parent-artifactid	it-tidalwave-northernwind-filesystem	Medium
Product	pom	name	NorthernWind :: Filesystems :: SCM :: Git	High
Product	Manifest	build-jdk-spec	11	Low
Product	jar	package name	it	Highest
Product	pom	artifactid	it-tidalwave-northernwind-core-filesystem-git	Highest
Product	Manifest	specification-title	NorthernWind :: Filesystems :: SCM :: Git	Medium
Version	pom	version	1.2-ALPHA-9	Highest

Identifiers

pkg:maven/it.tidalwave.northernwind/it-tidalwave-northernwind-core-filesystem-git@1.2-ALPHA-9 (Confidence:High)

it-tidalwave-northernwind-core-filesystem-hg-1.2-ALPHA-9.jar

Description:

The implementation of the Mercurial filesystem.

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/it/tidalwave/northernwind/it-tidalwave-northernwind-core-filesystem-hg/1.2-ALPHA-9/it-tidalwave-northernwind-core-filesystem-hg-1.2-ALPHA-9.jar
MD5: ec9ffb1dea0a4ecfd29c4f984f46aa0c
SHA1: c37bf71721aa9b8aaab1c1034d66405ec5833ee5
SHA256:a12a08ee4f4605e19b9bd1264bbec4a0d797efec7698c454b998d493eecff2eb
Referenced In Projects/Scopes:

NorthernWind :: Frontend :: Webapp:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:compile
NorthernWind :: Frontend :: Webapp :: Commons:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	Manifest	Implementation-Vendor	Tidalwave s.a.s.	High
Vendor	pom	groupid	it.tidalwave.northernwind	Highest
Vendor	Manifest	specification-vendor	Tidalwave s.a.s.	Low
Vendor	pom	parent-artifactid	it-tidalwave-northernwind-filesystem	Low
Vendor	pom	artifactid	it-tidalwave-northernwind-core-filesystem-hg	Low
Vendor	file	name	it-tidalwave-northernwind-core-filesystem-hg	High
Vendor	jar	package name	northernwind	Highest
Vendor	jar	package name	tidalwave	Highest
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	jar	package name	it	Highest
Vendor	pom	name	NorthernWind :: Filesystems :: SCM :: Mercurial	High
Product	pom	artifactid	it-tidalwave-northernwind-core-filesystem-hg	Highest
Product	Manifest	specification-title	NorthernWind :: Filesystems :: SCM :: Mercurial	Medium
Product	pom	groupid	it.tidalwave.northernwind	Highest
Product	Manifest	Implementation-Title	NorthernWind :: Filesystems :: SCM :: Mercurial	High
Product	file	name	it-tidalwave-northernwind-core-filesystem-hg	High
Product	jar	package name	northernwind	Highest
Product	jar	package name	tidalwave	Highest
Product	pom	parent-artifactid	it-tidalwave-northernwind-filesystem	Medium
Product	Manifest	build-jdk-spec	11	Low
Product	jar	package name	it	Highest
Product	pom	name	NorthernWind :: Filesystems :: SCM :: Mercurial	High
Version	pom	version	1.2-ALPHA-9	Highest

Identifiers

pkg:maven/it.tidalwave.northernwind/it-tidalwave-northernwind-core-filesystem-hg@1.2-ALPHA-9 (Confidence:High)
cpe:2.3:a:mercurial:mercurial:1.2:alpha:*:*:*:*:*:* (Confidence:Low)

Published Vulnerabilities

CVE-2010-4237

Mercurial before 1.6.4 fails to verify the Common Name field of SSL certificates which allows remote attackers who acquire a certificate signed by a Certificate Authority to perform a man-in-the-middle attack.

CWE-295 Improper Certificate Validation

CVSSv2:

Base Score: MEDIUM (4.3)
Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSSv3:

Base Score: MEDIUM (5.9)
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

Vulnerable Software & Versions:

cpe:2.3:a:mercurial:mercurial:*:*:*:*:*:*:*:* versions up to (excluding) 1.6.4

CVE-2014-9390

Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case that is improperly handled on a case-insensitive filesystem.

CWE-20 Improper Input Validation

CVSSv2:

Base Score: HIGH (7.5)
Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSSv3:

Base Score: CRITICAL (9.8)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2014-9462

The _validaterepo function in sshpeer in Mercurial before 3.2.4 allows remote attackers to execute arbitrary commands via a crafted repository name in a clone command.

CWE-20 Improper Input Validation

CVSSv2:

Base Score: HIGH (7.5)
Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

CONFIRM - http://mercurial.selenic.com/wiki/WhatsNew
CONFIRM - http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
DEBIAN - DSA-3257
GENTOO - GLSA-201612-19
MISC - http://chargen.matasano.com/chargen/2015/3/17/this-new-vulnerability-mercurial-command-injection-cve-2014-9462.html
OSVDB - 119816
SUSE - openSUSE-SU-2015:0617

Vulnerable Software & Versions:

cpe:2.3:a:mercurial:mercurial:*:*:*:*:*:*:*:* versions up to (including) 3.2.3

CVE-2016-3068

Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted git ext:: URL when cloning a subrepository.

CWE-20 Improper Input Validation

CVSSv2:

Base Score: MEDIUM (6.8)
Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSSv3:

Base Score: HIGH (8.8)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

BID - 85733
CONFIRM - http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
CONFIRM - http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
CONFIRM - https://selenic.com/repo/hg-stable/rev/34d43cb85de8
CONFIRM - https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.7.3_.282016-3-29.29
DEBIAN - DSA-3542
FEDORA - FEDORA-2016-79604dde9f
FEDORA - FEDORA-2016-b7f1f8e3bf
GENTOO - GLSA-201612-19
REDHAT - RHSA-2016:0706
SUSE - SUSE-SU-2016:1010
SUSE - SUSE-SU-2016:1011
SUSE - openSUSE-SU-2016:1016
SUSE - openSUSE-SU-2016:1073

Vulnerable Software & Versions: (show all)

CVE-2016-3069

Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository.

CWE-20 Improper Input Validation

CVSSv2:

Base Score: MEDIUM (6.8)
Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSSv3:

Base Score: HIGH (8.8)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CONFIRM - http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
CONFIRM - http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
CONFIRM - https://selenic.com/repo/hg-stable/rev/197eed39e3d5
CONFIRM - https://selenic.com/repo/hg-stable/rev/80cac1de6aea
CONFIRM - https://selenic.com/repo/hg-stable/rev/ae279d4a19e9
CONFIRM - https://selenic.com/repo/hg-stable/rev/b732e7f2aba4
CONFIRM - https://selenic.com/repo/hg-stable/rev/cdda7b96afff
CONFIRM - https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.7.3_.282016-3-29.29
DEBIAN - DSA-3542
FEDORA - FEDORA-2016-79604dde9f
FEDORA - FEDORA-2016-b7f1f8e3bf
GENTOO - GLSA-201612-19
REDHAT - RHSA-2016:0706
SUSE - SUSE-SU-2016:1010
SUSE - SUSE-SU-2016:1011
SUSE - openSUSE-SU-2016:1016
SUSE - openSUSE-SU-2016:1073

Vulnerable Software & Versions: (show all)

CVE-2016-3105

The convert extension in Mercurial before 3.8 might allow context-dependent attackers to execute arbitrary code via a crafted git repository name.

CWE-284 Improper Access Control

CVSSv2:

Base Score: MEDIUM (6.8)
Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSSv3:

Base Score: HIGH (8.8)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

BID - 90536
CONFIRM - https://selenic.com/hg/rev/a56296f55a5e
CONFIRM - https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.8_.2F_3.8.1_.282016-5-1.29
DEBIAN - DSA-3570
GENTOO - GLSA-201612-19
SLACKWARE - SSA:2016-123-01
SUSE - openSUSE-SU-2016:1336

Vulnerable Software & Versions:

cpe:2.3:a:mercurial:mercurial:*:*:*:*:*:*:*:* versions up to (including) 3.7.3

CVE-2016-3630

The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a (1) clone, (2) push, or (3) pull command, related to (a) a list sizing rounding error and (b) short records.

CWE-19 Data Processing Errors

CVSSv2:

Base Score: MEDIUM (6.8)
Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSSv3:

Base Score: HIGH (8.8)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CONFIRM - http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
CONFIRM - https://selenic.com/repo/hg-stable/rev/b6ed2505d6cf
CONFIRM - https://selenic.com/repo/hg-stable/rev/b9714d958e89
CONFIRM - https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.7.3_.282016-3-29.29
DEBIAN - DSA-3542
FEDORA - FEDORA-2016-79604dde9f
FEDORA - FEDORA-2016-b7f1f8e3bf
GENTOO - GLSA-201612-19
SUSE - SUSE-SU-2016:1010
SUSE - SUSE-SU-2016:1011
SUSE - openSUSE-SU-2016:1016
SUSE - openSUSE-SU-2016:1073

Vulnerable Software & Versions: (show all)

CVE-2017-1000115

Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositories to modify files outside the repository

CWE-59 Improper Link Resolution Before File Access ('Link Following')

CVSSv2:

Base Score: MEDIUM (5.0)
Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSSv3:

Base Score: HIGH (7.5)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

BID - 100290
CONFIRM - https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.3_.2F_4.3.1_.282017-08-10.29
DEBIAN - DSA-3963
GENTOO - GLSA-201709-18
REDHAT - RHSA-2017:2489

Vulnerable Software & Versions:

cpe:2.3:a:mercurial:mercurial:*:*:*:*:*:*:*:* versions up to (excluding) 4.3

CVE-2017-1000116

Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks.

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVSSv2:

Base Score: HIGH (10.0)
Vector: /AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSSv3:

Base Score: CRITICAL (9.8)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

BID - 100290
CONFIRM - https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.3_.2F_4.3.1_.282017-08-10.29
DEBIAN - DSA-3963
GENTOO - GLSA-201709-18
REDHAT - RHSA-2017:2489

Vulnerable Software & Versions:

cpe:2.3:a:mercurial:mercurial:*:*:*:*:*:*:*:* versions up to (excluding) 4.3

CVE-2017-17458

In Mercurial before 4.4.1, it is possible that a specially malformed repository can cause Git subrepositories to run arbitrary code in the form of a .git/hooks/post-update script checked into the repository. Typical use of Mercurial prevents construction of such repositories, but they can be created programmatically.

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVSSv2:

Base Score: HIGH (10.0)
Vector: /AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSSv3:

Base Score: CRITICAL (9.8)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions:

cpe:2.3:a:mercurial:mercurial:*:*:*:*:*:*:*:* versions up to (excluding) 4.4.1

CVE-2017-9462

In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name.

CWE-732 Incorrect Permission Assignment for Critical Resource

CVSSv2:

Base Score: HIGH (9.0)
Vector: /AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSSv3:

Base Score: HIGH (8.8)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

BID - 99123
CONFIRM - https://bugs.debian.org/861243
CONFIRM - https://www.mercurial-scm.org/repo/hg/rev/77eaf9539499
CONFIRM - https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.1.3_.282017-4-18.29
DEBIAN - DSA-3963
GENTOO - GLSA-201709-18
MLIST - [debian-lts-announce] 20180705 [SECURITY] [DLA 1414-1] mercurial security update
REDHAT - RHSA-2017:1576

Vulnerable Software & Versions:

cpe:2.3:a:mercurial:mercurial:*:*:*:*:*:*:*:* versions up to (excluding) 4.1.3

CVE-2018-1000132

Mercurial version 4.5 and earlier contains a Incorrect Access Control (CWE-285) vulnerability in Protocol server that can result in Unauthorized data access. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in 4.5.1.

CWE-732 Incorrect Permission Assignment for Critical Resource

CVSSv2:

Base Score: MEDIUM (6.4)
Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:N

CVSSv3:

Base Score: CRITICAL (9.1)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

References:

Vulnerable Software & Versions:

cpe:2.3:a:mercurial:mercurial:*:*:*:*:*:*:*:* versions up to (excluding) 4.5.1

CVE-2018-13346

The mpatch_apply function in mpatch.c in Mercurial before 4.6.1 incorrectly proceeds in cases where the fragment start is past the end of the original data, aka OVE-20180430-0004.

CWE-20 Improper Input Validation

CVSSv2:

Base Score: MEDIUM (5.0)
Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSSv3:

Base Score: HIGH (7.5)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

Vulnerable Software & Versions:

cpe:2.3:a:mercurial:mercurial:*:*:*:*:*:*:*:* versions up to (excluding) 4.6.1

CVE-2018-13347

mpatch.c in Mercurial before 4.6.1 mishandles integer addition and subtraction, aka OVE-20180430-0002.

CWE-190 Integer Overflow or Wraparound

CVSSv2:

Base Score: HIGH (7.5)
Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSSv3:

Base Score: CRITICAL (9.8)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions:

cpe:2.3:a:mercurial:mercurial:*:*:*:*:*:*:*:* versions up to (excluding) 4.6.1

CVE-2018-13348

The mpatch_decode function in mpatch.c in Mercurial before 4.6.1 mishandles certain situations where there should be at least 12 bytes remaining after the current position in the patch data, but actually are not, aka OVE-20180430-0001.

CWE-20 Improper Input Validation

CVSSv2:

Base Score: MEDIUM (5.0)
Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSSv3:

Base Score: HIGH (7.5)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

Vulnerable Software & Versions:

cpe:2.3:a:mercurial:mercurial:*:*:*:*:*:*:*:* versions up to (excluding) 4.6.1

CVE-2018-17983

cext/manifest.c in Mercurial before 4.7.2 has an out-of-bounds read during parsing of a malformed manifest entry.

CWE-125 Out-of-bounds Read

CVSSv2:

Base Score: MEDIUM (6.4)
Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:P

CVSSv3:

Base Score: CRITICAL (9.1)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

References:

Vulnerable Software & Versions:

cpe:2.3:a:mercurial:mercurial:*:*:*:*:*:*:*:* versions up to (excluding) 4.7.2

CVE-2019-3902

A flaw was found in Mercurial before 4.9. It was possible to use symlinks and subrepositories to defeat Mercurial's path-checking logic and write files outside a repository.

CWE-59 Improper Link Resolution Before File Access ('Link Following')

CVSSv2:

Base Score: MEDIUM (5.8)
Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:P

CVSSv3:

Base Score: MEDIUM (5.9)
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

Vulnerable Software & Versions:

cpe:2.3:a:mercurial:mercurial:*:*:*:*:*:*:*:* versions up to (excluding) 4.9

it-tidalwave-northernwind-core-filesystem-scm-1.2-ALPHA-9.jar

Description:

Support classes for SCM filesystems.

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/it/tidalwave/northernwind/it-tidalwave-northernwind-core-filesystem-scm/1.2-ALPHA-9/it-tidalwave-northernwind-core-filesystem-scm-1.2-ALPHA-9.jar
MD5: c9810c089ac7e6689bc6099418e662ce
SHA1: d1cd31170b343b5ef5da7c1b23d5625435592dc3
SHA256:b7fc4774fe1045fa0f607769e0e7725a9af80cd3b6c0f68638c660a6af8c68f0
Referenced In Projects/Scopes:

NorthernWind :: Filesystems :: SCM :: Mercurial:compile
NorthernWind :: Frontend :: Webapp:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:compile
NorthernWind :: Filesystems :: SCM :: Git:compile
NorthernWind :: Frontend :: Webapp :: Commons:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	Manifest	Implementation-Vendor	Tidalwave s.a.s.	High
Vendor	pom	groupid	it.tidalwave.northernwind	Highest
Vendor	Manifest	specification-vendor	Tidalwave s.a.s.	Low
Vendor	pom	parent-artifactid	it-tidalwave-northernwind-filesystem	Low
Vendor	file	name	it-tidalwave-northernwind-core-filesystem-scm	High
Vendor	jar	package name	northernwind	Highest
Vendor	jar	package name	tidalwave	Highest
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	jar	package name	it	Highest
Vendor	pom	artifactid	it-tidalwave-northernwind-core-filesystem-scm	Low
Vendor	pom	name	NorthernWind :: Filesystems :: SCM	High
Product	pom	artifactid	it-tidalwave-northernwind-core-filesystem-scm	Highest
Product	Manifest	Implementation-Title	NorthernWind :: Filesystems :: SCM	High
Product	pom	groupid	it.tidalwave.northernwind	Highest
Product	Manifest	specification-title	NorthernWind :: Filesystems :: SCM	Medium
Product	file	name	it-tidalwave-northernwind-core-filesystem-scm	High
Product	jar	package name	northernwind	Highest
Product	jar	package name	tidalwave	Highest
Product	pom	parent-artifactid	it-tidalwave-northernwind-filesystem	Medium
Product	Manifest	build-jdk-spec	11	Low
Product	jar	package name	it	Highest
Product	pom	name	NorthernWind :: Filesystems :: SCM	High
Version	pom	version	1.2-ALPHA-9	Highest

Identifiers

pkg:maven/it.tidalwave.northernwind/it-tidalwave-northernwind-core-filesystem-scm@1.2-ALPHA-9 (Confidence:High)

it-tidalwave-northernwind-core-marshalling-default-1.2-ALPHA-9.jar

Description:

The default implementation of marshalling for some Core classes.

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/it/tidalwave/northernwind/it-tidalwave-northernwind-core-marshalling-default/1.2-ALPHA-9/it-tidalwave-northernwind-core-marshalling-default-1.2-ALPHA-9.jar
MD5: 783c550f98f531045056e59b562608b8
SHA1: 7fc5287c58fba236e615adbbdf8fc7c62e4a50df
SHA256:c2de40299da52108a8a158bf4f19ec3c02f69ca1ef7a74ceda7a029faf92960e
Referenced In Projects/Scopes:

NorthernWind :: Frontend :: Webapp:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:compile
NorthernWind :: Frontend :: Webapp :: Commons:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	Manifest	Implementation-Vendor	Tidalwave s.a.s.	High
Vendor	pom	parent-artifactid	it-tidalwave-northernwind-modules	Low
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	pom	artifactid	it-tidalwave-northernwind-core-marshalling-default	Low
Vendor	file	name	it-tidalwave-northernwind-core-marshalling-default	High
Vendor	pom	groupid	it.tidalwave.northernwind	Highest
Vendor	Manifest	specification-vendor	Tidalwave s.a.s.	Low
Vendor	jar	package name	core	Highest
Vendor	jar	package name	northernwind	Highest
Vendor	jar	package name	tidalwave	Highest
Vendor	jar	package name	it	Highest
Vendor	pom	name	NorthernWind :: Core :: Default Marshalling	High
Product	Manifest	Implementation-Title	NorthernWind :: Core :: Default Marshalling	High
Product	pom	artifactid	it-tidalwave-northernwind-core-marshalling-default	Highest
Product	Manifest	build-jdk-spec	11	Low
Product	file	name	it-tidalwave-northernwind-core-marshalling-default	High
Product	Manifest	specification-title	NorthernWind :: Core :: Default Marshalling	Medium
Product	pom	groupid	it.tidalwave.northernwind	Highest
Product	jar	package name	core	Highest
Product	jar	package name	northernwind	Highest
Product	jar	package name	tidalwave	Highest
Product	pom	parent-artifactid	it-tidalwave-northernwind-modules	Medium
Product	jar	package name	it	Highest
Product	pom	name	NorthernWind :: Core :: Default Marshalling	High
Version	pom	version	1.2-ALPHA-9	Highest

Identifiers

pkg:maven/it.tidalwave.northernwind/it-tidalwave-northernwind-core-marshalling-default@1.2-ALPHA-9 (Confidence:High)

it-tidalwave-northernwind-core-profiling-1.2-ALPHA-9.jar

Description:

This module collects elapsed times for processing requests and builds up some statistics.

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/it/tidalwave/northernwind/it-tidalwave-northernwind-core-profiling/1.2-ALPHA-9/it-tidalwave-northernwind-core-profiling-1.2-ALPHA-9.jar
MD5: 4f5ddb9697f93f3b3061c85da37d10be
SHA1: 735aa7e4a1abea4695b0319257d2911ba93aeb53
SHA256:85aa3f5e75cd1b816033509b1610d617ae2fe1260faa5a9c288e8a970184dfd3
Referenced In Projects/Scopes:

NorthernWind :: Frontend :: Media :: Spring MVC:compile
NorthernWind :: Filesystems :: SCM :: Mercurial:compile
NorthernWind :: Core :: Default Implementation:compile
NorthernWind :: Filesystems :: SCM:compile
NorthernWind :: Frontend :: Components :: HTML Template:compile
NorthernWind :: Frontend :: Webapp:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:compile
NorthernWind :: Filesystems :: SCM :: Git:compile
NorthernWind :: Frontend :: Webapp :: Commons:compile
NorthernWind :: Frontend :: Spring MVC:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	Manifest	Implementation-Vendor	Tidalwave s.a.s.	High
Vendor	pom	name	NorthernWind :: Profiling	High
Vendor	pom	artifactid	it-tidalwave-northernwind-core-profiling	Low
Vendor	jar	package name	profiling	Highest
Vendor	pom	parent-artifactid	it-tidalwave-northernwind-modules	Low
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	pom	groupid	it.tidalwave.northernwind	Highest
Vendor	Manifest	specification-vendor	Tidalwave s.a.s.	Low
Vendor	file	name	it-tidalwave-northernwind-core-profiling	High
Vendor	jar	package name	northernwind	Highest
Vendor	jar	package name	tidalwave	Highest
Vendor	jar	package name	it	Highest
Product	pom	name	NorthernWind :: Profiling	High
Product	jar	package name	profiling	Highest
Product	Manifest	build-jdk-spec	11	Low
Product	Manifest	specification-title	NorthernWind :: Profiling	Medium
Product	pom	groupid	it.tidalwave.northernwind	Highest
Product	file	name	it-tidalwave-northernwind-core-profiling	High
Product	Manifest	Implementation-Title	NorthernWind :: Profiling	High
Product	jar	package name	northernwind	Highest
Product	jar	package name	tidalwave	Highest
Product	pom	artifactid	it-tidalwave-northernwind-core-profiling	Highest
Product	pom	parent-artifactid	it-tidalwave-northernwind-modules	Medium
Product	jar	package name	it	Highest
Version	pom	version	1.2-ALPHA-9	Highest

Identifiers

pkg:maven/it.tidalwave.northernwind/it-tidalwave-northernwind-core-profiling@1.2-ALPHA-9 (Confidence:High)

it-tidalwave-northernwind-frontend-commons-1.2-ALPHA-9.jar

Description:

Utilities used by the front end implementations.

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/it/tidalwave/northernwind/it-tidalwave-northernwind-frontend-commons/1.2-ALPHA-9/it-tidalwave-northernwind-frontend-commons-1.2-ALPHA-9.jar
MD5: ef8c2d988033c0bc609fbc2489654df6
SHA1: 1a3d9b7d7cb76f8c521e0864ca55f42fcbe4fe4f
SHA256:d4a2cb47e1837cf96779bdb4408804b97ab855969ca8ff8992a8eb651a9439df
Referenced In Projects/Scopes:

NorthernWind :: Frontend :: Media :: Spring MVC:compile
NorthernWind :: Frontend:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:compile
NorthernWind :: Frontend :: Spring MVC:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	Manifest	Implementation-Vendor	Tidalwave s.a.s.	High
Vendor	jar	package name	frontend	Highest
Vendor	pom	artifactid	it-tidalwave-northernwind-frontend-commons	Low
Vendor	pom	parent-artifactid	it-tidalwave-northernwind-modules	Low
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	file	name	it-tidalwave-northernwind-frontend-commons	High
Vendor	pom	groupid	it.tidalwave.northernwind	Highest
Vendor	Manifest	specification-vendor	Tidalwave s.a.s.	Low
Vendor	jar	package name	northernwind	Highest
Vendor	jar	package name	tidalwave	Highest
Vendor	pom	name	NorthernWind :: Frontend :: Commons	High
Vendor	jar	package name	it	Highest
Product	Manifest	Implementation-Title	NorthernWind :: Frontend :: Commons	High
Product	pom	artifactid	it-tidalwave-northernwind-frontend-commons	Highest
Product	jar	package name	frontend	Highest
Product	Manifest	build-jdk-spec	11	Low
Product	file	name	it-tidalwave-northernwind-frontend-commons	High
Product	Manifest	specification-title	NorthernWind :: Frontend :: Commons	Medium
Product	pom	groupid	it.tidalwave.northernwind	Highest
Product	jar	package name	northernwind	Highest
Product	jar	package name	tidalwave	Highest
Product	pom	parent-artifactid	it-tidalwave-northernwind-modules	Medium
Product	pom	name	NorthernWind :: Frontend :: Commons	High
Product	jar	package name	it	Highest
Version	pom	version	1.2-ALPHA-9	Highest

Identifiers

pkg:maven/it.tidalwave.northernwind/it-tidalwave-northernwind-frontend-commons@1.2-ALPHA-9 (Confidence:High)

it-tidalwave-northernwind-frontend-components-1.2-ALPHA-9.jar

Description:

The definitions of page components.

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/it/tidalwave/northernwind/it-tidalwave-northernwind-frontend-components/1.2-ALPHA-9/it-tidalwave-northernwind-frontend-components-1.2-ALPHA-9.jar
MD5: 35c643937f7114e4d92251f7c86d5b30
SHA1: 215b5c1de7499e24a7fa6b89f400342deff34869
SHA256:0439e00d27702fc4e91461a2e8d6f8eecb39ead8f99537959e892206224b9649
Referenced In Projects/Scopes:

NorthernWind :: Frontend :: Media :: Spring MVC:compile
NorthernWind :: Frontend :: Components :: HTML Template:compile
NorthernWind :: Frontend :: Media:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:compile
NorthernWind :: Frontend :: Spring MVC:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	artifactid	it-tidalwave-northernwind-frontend-components	Low
Vendor	Manifest	Implementation-Vendor	Tidalwave s.a.s.	High
Vendor	jar	package name	frontend	Highest
Vendor	pom	parent-artifactid	it-tidalwave-northernwind-modules	Low
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	pom	groupid	it.tidalwave.northernwind	Highest
Vendor	file	name	it-tidalwave-northernwind-frontend-components	High
Vendor	Manifest	specification-vendor	Tidalwave s.a.s.	Low
Vendor	jar	package name	northernwind	Highest
Vendor	jar	package name	tidalwave	Highest
Vendor	jar	package name	it	Highest
Vendor	pom	name	NorthernWind :: Frontend :: Components	High
Product	Manifest	specification-title	NorthernWind :: Frontend :: Components	Medium
Product	jar	package name	frontend	Highest
Product	Manifest	build-jdk-spec	11	Low
Product	Manifest	Implementation-Title	NorthernWind :: Frontend :: Components	High
Product	file	name	it-tidalwave-northernwind-frontend-components	High
Product	pom	groupid	it.tidalwave.northernwind	Highest
Product	pom	artifactid	it-tidalwave-northernwind-frontend-components	Highest
Product	jar	package name	northernwind	Highest
Product	jar	package name	tidalwave	Highest
Product	pom	parent-artifactid	it-tidalwave-northernwind-modules	Medium
Product	jar	package name	it	Highest
Product	pom	name	NorthernWind :: Frontend :: Components	High
Version	pom	version	1.2-ALPHA-9	Highest

Identifiers

pkg:maven/it.tidalwave.northernwind/it-tidalwave-northernwind-frontend-components@1.2-ALPHA-9 (Confidence:High)

it-tidalwave-northernwind-frontend-components-htmltemplate-1.2-ALPHA-9.jar

Description:

An implementation of page components based on HTML templating.

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/it/tidalwave/northernwind/it-tidalwave-northernwind-frontend-components-htmltemplate/1.2-ALPHA-9/it-tidalwave-northernwind-frontend-components-htmltemplate-1.2-ALPHA-9.jar
MD5: 6c7e7711b1352fb1e08151aaafafc79e
SHA1: 13dcfefeb07cf9b6dfe2fca8b99838a47fce93e1
SHA256:b50c0142e95b5439c02c05a87b509969c1d0f79d588b7e1457ddea6074c57ccc
Referenced In Projects/Scopes:

NorthernWind :: Frontend :: Media :: Spring MVC:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:compile
NorthernWind :: Frontend :: Spring MVC:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	Manifest	Implementation-Vendor	Tidalwave s.a.s.	High
Vendor	pom	artifactid	it-tidalwave-northernwind-frontend-components-htmltemplate	Low
Vendor	jar	package name	frontend	Highest
Vendor	pom	name	NorthernWind :: Frontend :: Components :: HTML Template	High
Vendor	pom	parent-artifactid	it-tidalwave-northernwind-modules	Low
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	pom	groupid	it.tidalwave.northernwind	Highest
Vendor	Manifest	specification-vendor	Tidalwave s.a.s.	Low
Vendor	file	name	it-tidalwave-northernwind-frontend-components-htmltemplate	High
Vendor	jar	package name	northernwind	Highest
Vendor	jar	package name	tidalwave	Highest
Vendor	jar	package name	it	Highest
Product	pom	artifactid	it-tidalwave-northernwind-frontend-components-htmltemplate	Highest
Product	jar	package name	frontend	Highest
Product	pom	name	NorthernWind :: Frontend :: Components :: HTML Template	High
Product	Manifest	build-jdk-spec	11	Low
Product	pom	groupid	it.tidalwave.northernwind	Highest
Product	file	name	it-tidalwave-northernwind-frontend-components-htmltemplate	High
Product	jar	package name	northernwind	Highest
Product	Manifest	Implementation-Title	NorthernWind :: Frontend :: Components :: HTML Template	High
Product	Manifest	specification-title	NorthernWind :: Frontend :: Components :: HTML Template	Medium
Product	jar	package name	tidalwave	Highest
Product	pom	parent-artifactid	it-tidalwave-northernwind-modules	Medium
Product	jar	package name	it	Highest
Version	pom	version	1.2-ALPHA-9	Highest

Identifiers

pkg:maven/it.tidalwave.northernwind/it-tidalwave-northernwind-frontend-components-htmltemplate@1.2-ALPHA-9 (Confidence:High)

it-tidalwave-northernwind-frontend-media-1.2-ALPHA-9.jar

Description:

Media Extensions.

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/it/tidalwave/northernwind/it-tidalwave-northernwind-frontend-media/1.2-ALPHA-9/it-tidalwave-northernwind-frontend-media-1.2-ALPHA-9.jar
MD5: d20c469ccd1abcb2d99737f186019428
SHA1: 651829732103a524c516cecb7efa885894e99c02
SHA256:91747e6e5c0e5fd79fba0a593d5ab387187f231aaab45188af7d0bef3e6850cb
Referenced In Projects/Scopes:

NorthernWind :: Frontend :: Media :: Spring MVC:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	Manifest	Implementation-Vendor	Tidalwave s.a.s.	High
Vendor	jar	package name	frontend	Highest
Vendor	pom	parent-artifactid	it-tidalwave-northernwind-modules	Low
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	pom	name	NorthernWind :: Frontend :: Media	High
Vendor	pom	artifactid	it-tidalwave-northernwind-frontend-media	Low
Vendor	pom	groupid	it.tidalwave.northernwind	Highest
Vendor	Manifest	specification-vendor	Tidalwave s.a.s.	Low
Vendor	jar	package name	northernwind	Highest
Vendor	jar	package name	tidalwave	Highest
Vendor	jar	package name	it	Highest
Vendor	file	name	it-tidalwave-northernwind-frontend-media	High
Product	jar	package name	frontend	Highest
Product	Manifest	specification-title	NorthernWind :: Frontend :: Media	Medium
Product	Manifest	build-jdk-spec	11	Low
Product	pom	name	NorthernWind :: Frontend :: Media	High
Product	pom	groupid	it.tidalwave.northernwind	Highest
Product	Manifest	Implementation-Title	NorthernWind :: Frontend :: Media	High
Product	jar	package name	northernwind	Highest
Product	pom	artifactid	it-tidalwave-northernwind-frontend-media	Highest
Product	jar	package name	tidalwave	Highest
Product	pom	parent-artifactid	it-tidalwave-northernwind-modules	Medium
Product	jar	package name	it	Highest
Product	file	name	it-tidalwave-northernwind-frontend-media	High
Version	pom	version	1.2-ALPHA-9	Highest

Identifiers

pkg:maven/it.tidalwave.northernwind/it-tidalwave-northernwind-frontend-media@1.2-ALPHA-9 (Confidence:High)

it-tidalwave-northernwind-frontend-media-springmvc-1.2-ALPHA-9.jar

Description:

An implementation of the front end based on Spring MVC including Media Extensions.

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/it/tidalwave/northernwind/it-tidalwave-northernwind-frontend-media-springmvc/1.2-ALPHA-9/it-tidalwave-northernwind-frontend-media-springmvc-1.2-ALPHA-9.jar
MD5: 748cee26e5a1cd2334445f6ff5a99197
SHA1: 1f9ffb7010a786d9ea96594d57f70c0bace3a636
SHA256:0868ff09bb6b9194c036c739135f004934a4415a4d362fdcc6799db53221e7a5
Referenced In Project/Scope:NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	artifactid	it-tidalwave-northernwind-frontend-media-springmvc	Low
Vendor	Manifest	Implementation-Vendor	Tidalwave s.a.s.	High
Vendor	pom	groupid	it.tidalwave.northernwind	Highest
Vendor	Manifest	specification-vendor	Tidalwave s.a.s.	Low
Vendor	pom	parent-artifactid	it-tidalwave-northernwind-frontend	Low
Vendor	pom	name	NorthernWind :: Frontend :: Media :: Spring MVC	High
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	file	name	it-tidalwave-northernwind-frontend-media-springmvc	High
Product	pom	groupid	it.tidalwave.northernwind	Highest
Product	Manifest	specification-title	NorthernWind :: Frontend :: Media :: Spring MVC	Medium
Product	Manifest	Implementation-Title	NorthernWind :: Frontend :: Media :: Spring MVC	High
Product	pom	artifactid	it-tidalwave-northernwind-frontend-media-springmvc	Highest
Product	pom	name	NorthernWind :: Frontend :: Media :: Spring MVC	High
Product	pom	parent-artifactid	it-tidalwave-northernwind-frontend	Medium
Product	Manifest	build-jdk-spec	11	Low
Product	file	name	it-tidalwave-northernwind-frontend-media-springmvc	High
Version	pom	version	1.2-ALPHA-9	Highest

Identifiers

pkg:maven/it.tidalwave.northernwind/it-tidalwave-northernwind-frontend-media-springmvc@1.2-ALPHA-9 (Confidence:High)

it-tidalwave-northernwind-frontend-springmvc-1.2-ALPHA-9.jar

Description:

An implementation of the front end based on Spring MVC.

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/it/tidalwave/northernwind/it-tidalwave-northernwind-frontend-springmvc/1.2-ALPHA-9/it-tidalwave-northernwind-frontend-springmvc-1.2-ALPHA-9.jar
MD5: 17494dc574bbcc987af6df490a6c22be
SHA1: 97ce36bfefdafa49acf36c217b0338eb36b5cfdd
SHA256:9ea7a300e9039b3515edb5b592b370df3212eb2624648863a309ea0cab087766
Referenced In Projects/Scopes:

NorthernWind :: Frontend :: Media :: Spring MVC:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	it-tidalwave-northernwind-frontend-springmvc	High
Vendor	Manifest	Implementation-Vendor	Tidalwave s.a.s.	High
Vendor	pom	parent-artifactid	it-tidalwave-northernwind-frontend	Low
Vendor	jar	package name	frontend	Highest
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	pom	artifactid	it-tidalwave-northernwind-frontend-springmvc	Low
Vendor	pom	groupid	it.tidalwave.northernwind	Highest
Vendor	Manifest	specification-vendor	Tidalwave s.a.s.	Low
Vendor	pom	name	NorthernWind :: Frontend :: Spring MVC	High
Vendor	jar	package name	northernwind	Highest
Vendor	jar	package name	tidalwave	Highest
Vendor	jar	package name	it	Highest
Product	file	name	it-tidalwave-northernwind-frontend-springmvc	High
Product	jar	package name	frontend	Highest
Product	pom	artifactid	it-tidalwave-northernwind-frontend-springmvc	Highest
Product	Manifest	specification-title	NorthernWind :: Frontend :: Spring MVC	Medium
Product	pom	parent-artifactid	it-tidalwave-northernwind-frontend	Medium
Product	Manifest	build-jdk-spec	11	Low
Product	Manifest	Implementation-Title	NorthernWind :: Frontend :: Spring MVC	High
Product	pom	groupid	it.tidalwave.northernwind	Highest
Product	pom	name	NorthernWind :: Frontend :: Spring MVC	High
Product	jar	package name	northernwind	Highest
Product	jar	package name	tidalwave	Highest
Product	jar	package name	it	Highest
Version	pom	version	1.2-ALPHA-9	Highest

Identifiers

pkg:maven/it.tidalwave.northernwind/it-tidalwave-northernwind-frontend-springmvc@1.2-ALPHA-9 (Confidence:High)

it-tidalwave-role-3.2-ALPHA-13.jar

Description:

        Roles are a powerful way for designing complex behaviours while keeping good practices such as Single Responsibility, Dependency Inversion and
        Interface Segregation.

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/it/tidalwave/thesefoolishthings/it-tidalwave-role/3.2-ALPHA-13/it-tidalwave-role-3.2-ALPHA-13.jar
MD5: 47fc775a52a26416035d14e471a6dfa7
SHA1: cb3eac18bf1f94bef761915cd1ff22a0b30dc6d7
SHA256:33bd323639d78f8369ab2d2be41f8089c42eb752f8b5a6206b7fd543152daf8f
Referenced In Projects/Scopes:

NorthernWind :: Profiling:compile
NorthernWind :: Filesystems :: SCM:compile
NorthernWind :: Frontend :: Components :: HTML Template:compile
NorthernWind :: Frontend :: Media:compile
NorthernWind :: Frontend :: Webapp:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:compile
NorthernWind :: Frontend :: Spring MVC:compile
NorthernWind :: Frontend :: Media :: Spring MVC:compile
NorthernWind :: Frontend :: Commons:compile
NorthernWind :: Filesystems :: SCM :: Mercurial:compile
NorthernWind :: Core :: Default Implementation:compile
NorthernWind :: Core :: Default Marshalling:compile
NorthernWind :: Frontend:compile
NorthernWind :: Filesystems :: Basic:compile
NorthernWind :: Filesystems :: SCM :: Git:compile
NorthernWind :: Frontend :: Webapp :: Commons:compile
NorthernWind :: Core:compile
NorthernWind :: Frontend :: Components:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	artifactid	it-tidalwave-role	Low
Vendor	pom	groupid	it.tidalwave.thesefoolishthings	Highest
Vendor	Manifest	Implementation-Vendor	Tidalwave s.a.s.	High
Vendor	Manifest	specification-vendor	Tidalwave s.a.s.	Low
Vendor	jar	package name	role	Highest
Vendor	file	name	it-tidalwave-role	High
Vendor	pom	name	TheseFoolishThings :: Roles	High
Vendor	jar	package name	tidalwave	Highest
Vendor	pom	parent-artifactid	modules	Low
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	jar	package name	it	Highest
Product	pom	groupid	it.tidalwave.thesefoolishthings	Highest
Product	pom	parent-artifactid	modules	Medium
Product	jar	package name	role	Highest
Product	file	name	it-tidalwave-role	High
Product	pom	name	TheseFoolishThings :: Roles	High
Product	Manifest	specification-title	TheseFoolishThings :: Roles	Medium
Product	pom	artifactid	it-tidalwave-role	Highest
Product	jar	package name	tidalwave	Highest
Product	Manifest	Implementation-Title	TheseFoolishThings :: Roles	High
Product	Manifest	build-jdk-spec	11	Low
Product	jar	package name	it	Highest
Version	pom	version	3.2-ALPHA-13	Highest

Identifiers

pkg:maven/it.tidalwave.thesefoolishthings/it-tidalwave-role@3.2-ALPHA-13 (Confidence:High)

it-tidalwave-role-spring-3.2-ALPHA-13.jar

Description:

        Specific Spring support for DCI roles.

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/it/tidalwave/thesefoolishthings/it-tidalwave-role-spring/3.2-ALPHA-13/it-tidalwave-role-spring-3.2-ALPHA-13.jar
MD5: cd6c6f56d524561e8e999872e69bb324
SHA1: ba43b1585e31d2e025bc026ec5282515ab87f0de
SHA256:790e337889c7e50051bfc9db4aa032918a93752cff4ffab31d0fdb6295d306c1
Referenced In Projects/Scopes:

NorthernWind :: Filesystems :: SCM:compile
NorthernWind :: Frontend :: Components :: HTML Template:compile
NorthernWind :: Frontend :: Media:compile
NorthernWind :: Frontend :: Webapp:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:compile
NorthernWind :: Frontend :: Spring MVC:compile
NorthernWind :: Frontend :: Media :: Spring MVC:compile
NorthernWind :: Filesystems :: SCM :: Mercurial:compile
NorthernWind :: Core :: Default Implementation:compile
NorthernWind :: Core :: Default Marshalling:compile
NorthernWind :: Filesystems :: SCM :: Git:compile
NorthernWind :: Frontend :: Webapp :: Commons:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	groupid	it.tidalwave.thesefoolishthings	Highest
Vendor	Manifest	Implementation-Vendor	Tidalwave s.a.s.	High
Vendor	file	name	it-tidalwave-role-spring	High
Vendor	jar	package name	role	Highest
Vendor	pom	name	TheseFoolishThings :: Roles :: Spring	High
Vendor	pom	parent-artifactid	modules	Low
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	pom	artifactid	it-tidalwave-role-spring	Low
Vendor	Manifest	specification-vendor	Tidalwave s.a.s.	Low
Vendor	jar	package name	spring	Highest
Vendor	jar	package name	tidalwave	Highest
Vendor	jar	package name	it	Highest
Product	pom	groupid	it.tidalwave.thesefoolishthings	Highest
Product	file	name	it-tidalwave-role-spring	High
Product	pom	parent-artifactid	modules	Medium
Product	Manifest	Implementation-Title	TheseFoolishThings :: Roles :: Spring	High
Product	jar	package name	role	Highest
Product	pom	name	TheseFoolishThings :: Roles :: Spring	High
Product	Manifest	specification-title	TheseFoolishThings :: Roles :: Spring	Medium
Product	Manifest	build-jdk-spec	11	Low
Product	jar	package name	spring	Highest
Product	jar	package name	tidalwave	Highest
Product	jar	package name	it	Highest
Product	pom	artifactid	it-tidalwave-role-spring	Highest
Version	pom	version	3.2-ALPHA-13	Highest

Identifiers

pkg:maven/it.tidalwave.thesefoolishthings/it-tidalwave-role-spring@3.2-ALPHA-13 (Confidence:High)

it-tidalwave-util-3.2-ALPHA-13.jar

Description:

        A collection of common utilities.

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/it/tidalwave/thesefoolishthings/it-tidalwave-util/3.2-ALPHA-13/it-tidalwave-util-3.2-ALPHA-13.jar
MD5: f5c49524e4c30ff650eb46976a767aad
SHA1: ba3cfecfeffeaaf48d11acaf1c6e5a93eef527ee
SHA256:4cbbc7184cccba63987059dd67753273e019a677a2513395a86d44066c0a7804
Referenced In Projects/Scopes:

NorthernWind :: Profiling:compile
NorthernWind :: Commons for tests:compile
NorthernWind :: Filesystems :: SCM:compile
NorthernWind :: Frontend :: Components :: HTML Template:compile
NorthernWind :: Frontend :: Media:compile
NorthernWind :: Frontend :: Webapp:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:compile
NorthernWind :: Frontend :: Spring MVC:compile
NorthernWind :: Frontend :: Media :: Spring MVC:compile
NorthernWind :: Frontend :: Commons:compile
NorthernWind :: Filesystems :: SCM :: Mercurial:compile
NorthernWind :: Core :: Default Implementation:compile
NorthernWind :: Core :: Default Marshalling:compile
NorthernWind :: Frontend:compile
NorthernWind :: Filesystems :: Basic:compile
NorthernWind :: Filesystems :: SCM :: Git:compile
NorthernWind :: Frontend :: Webapp :: Commons:compile
NorthernWind :: Core:compile
NorthernWind :: Frontend :: Components:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	groupid	it.tidalwave.thesefoolishthings	Highest
Vendor	Manifest	Implementation-Vendor	Tidalwave s.a.s.	High
Vendor	Manifest	specification-vendor	Tidalwave s.a.s.	Low
Vendor	file	name	it-tidalwave-util	High
Vendor	jar	package name	util	Highest
Vendor	jar	package name	tidalwave	Highest
Vendor	pom	parent-artifactid	modules	Low
Vendor	pom	name	TheseFoolishThings :: Utilities	High
Vendor	pom	artifactid	it-tidalwave-util	Low
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	jar	package name	it	Highest
Product	pom	groupid	it.tidalwave.thesefoolishthings	Highest
Product	pom	parent-artifactid	modules	Medium
Product	file	name	it-tidalwave-util	High
Product	Manifest	Implementation-Title	TheseFoolishThings :: Utilities	High
Product	Manifest	specification-title	TheseFoolishThings :: Utilities	Medium
Product	jar	package name	util	Highest
Product	jar	package name	tidalwave	Highest
Product	pom	name	TheseFoolishThings :: Utilities	High
Product	Manifest	build-jdk-spec	11	Low
Product	jar	package name	it	Highest
Product	pom	artifactid	it-tidalwave-util	Highest
Version	pom	version	3.2-ALPHA-13	Highest

Identifiers

pkg:maven/it.tidalwave.thesefoolishthings/it-tidalwave-util@3.2-ALPHA-13 (Confidence:High)

it-tidalwave-util-test-3.2-ALPHA-13.jar

Description:

        Miscellaneous utilities for testing.

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/it/tidalwave/thesefoolishthings/it-tidalwave-util-test/3.2-ALPHA-13/it-tidalwave-util-test-3.2-ALPHA-13.jar
MD5: d6cec46f8079cb51c72a15ebc26b9d30
SHA1: e3951a6dcec26e755d780ef526a8c4f064a4ab53
SHA256:eb1f96397bfe1ffe99c7f34e850db6802b1a76880eb6e7931c0388338b208f88
Referenced In Projects/Scopes:

NorthernWind :: Frontend :: Media :: Spring MVC:compile
NorthernWind :: Filesystems :: SCM :: Mercurial:compile
NorthernWind :: Commons for tests:compile
NorthernWind :: Core :: Default Implementation:compile
NorthernWind :: Filesystems :: SCM:compile
NorthernWind :: Core :: Default Marshalling:compile
NorthernWind :: Frontend:compile
NorthernWind :: Filesystems :: Basic:compile
NorthernWind :: Filesystems :: SCM :: Git:compile
NorthernWind :: Core:compile
NorthernWind :: Frontend :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	groupid	it.tidalwave.thesefoolishthings	Highest
Vendor	Manifest	Implementation-Vendor	Tidalwave s.a.s.	High
Vendor	file	name	it-tidalwave-util-test	High
Vendor	pom	name	TheseFoolishThings :: Test Utilities	High
Vendor	jar	package name	util	Highest
Vendor	pom	parent-artifactid	modules	Low
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	pom	artifactid	it-tidalwave-util-test	Low
Vendor	Manifest	specification-vendor	Tidalwave s.a.s.	Low
Vendor	jar	package name	test	Highest
Vendor	jar	package name	tidalwave	Highest
Vendor	jar	package name	it	Highest
Product	pom	groupid	it.tidalwave.thesefoolishthings	Highest
Product	file	name	it-tidalwave-util-test	High
Product	pom	parent-artifactid	modules	Medium
Product	pom	name	TheseFoolishThings :: Test Utilities	High
Product	pom	artifactid	it-tidalwave-util-test	Highest
Product	jar	package name	util	Highest
Product	Manifest	build-jdk-spec	11	Low
Product	Manifest	specification-title	TheseFoolishThings :: Test Utilities	Medium
Product	Manifest	Implementation-Title	TheseFoolishThings :: Test Utilities	High
Product	jar	package name	test	Highest
Product	jar	package name	tidalwave	Highest
Product	jar	package name	it	Highest
Version	pom	version	3.2-ALPHA-13	Highest

Identifiers

pkg:maven/it.tidalwave.thesefoolishthings/it-tidalwave-util-test@3.2-ALPHA-13 (Confidence:High)

jakarta.activation-2.0.0.jar

Description:

Jakarta Activation

License:

http://www.eclipse.org/org/documents/edl-v10.php

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/com/sun/activation/jakarta.activation/2.0.0/jakarta.activation-2.0.0.jar
MD5: e8fe27b2ed2bec52b561e4e0348a1a9f
SHA1: f4e7519148dee347c7666f336210deedb8aca09d
SHA256:db9c7e30f4d61ec33fd47942c9b7cf6e094025e7d5d8e20db73fce5a912a4366
Referenced In Projects/Scopes:

NorthernWind :: Core :: Default Marshalling:compile
NorthernWind :: Frontend :: Webapp:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:compile
NorthernWind :: Frontend :: Webapp :: Commons:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	Manifest	Implementation-Vendor-Id	com.sun	Medium
Vendor	jar	package name	sun	Highest
Vendor	pom	groupid	sun.activation	Highest
Vendor	file	name	jakarta.activation	High
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	pom	parent-artifactid	all	Low
Vendor	pom	groupid	com.sun.activation	Highest
Vendor	jar	package name	jakarta	Highest
Vendor	Manifest	Implementation-Vendor	Eclipse Foundation	High
Vendor	Manifest	bundle-docurl	https://www.eclipse.org	Low
Vendor	Manifest	specification-vendor	Eclipse Foundation	Low
Vendor	Manifest	bundle-symbolicname	com.sun.activation.jakarta.activation	Medium
Vendor	pom	artifactid	jakarta.activation	Low
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	jar (hint)	package name	oracle	Highest
Vendor	Manifest	extension-name	jakarta.activation	Medium
Vendor	pom	parent-groupid	com.sun.activation	Medium
Vendor	jar	package name	activation	Highest
Vendor	pom	name	Jakarta Activation	High
Product	Manifest	specification-title	Jakarta Activation Specification	Medium
Product	jar	package name	sun	Highest
Product	pom	groupid	sun.activation	Highest
Product	file	name	jakarta.activation	High
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	Manifest	Implementation-Title	jakarta.activation	High
Product	jar	package name	jakarta	Highest
Product	Manifest	bundle-docurl	https://www.eclipse.org	Low
Product	Manifest	bundle-symbolicname	com.sun.activation.jakarta.activation	Medium
Product	Manifest	build-jdk-spec	11	Low
Product	pom	artifactid	jakarta.activation	Highest
Product	Manifest	Bundle-Name	Jakarta Activation	Medium
Product	Manifest	extension-name	jakarta.activation	Medium
Product	pom	parent-groupid	com.sun.activation	Medium
Product	pom	parent-artifactid	all	Medium
Product	jar	package name	activation	Highest
Product	pom	name	Jakarta Activation	High
Version	file	version	2.0.0	High
Version	pom	version	2.0.0	Highest
Version	Manifest	Bundle-Version	2.0.0	High
Version	Manifest	Implementation-Version	2.0.0	High

Identifiers

pkg:maven/com.sun.activation/jakarta.activation@2.0.0 (Confidence:High)
cpe:2.3:a:oracle:java_se:2.0.0:*:*:*:*:*:*:* (Confidence:Low)

jakarta.xml.bind-api-3.0.0.jar

Description:

Jakarta XML Binding API 3.0 Design Specification

License:

http://www.eclipse.org/org/documents/edl-v10.php

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/jakarta/xml/bind/jakarta.xml.bind-api/3.0.0/jakarta.xml.bind-api-3.0.0.jar
MD5: 78cf2b809e4daa0beff13efdad12da76
SHA1: 9275db6e21287df61690989254a0b46d8d31e99a
SHA256:0037ab1eba33a969b36119c61a9f28313460a85eea9b800470a70cb2227d35f4
Referenced In Projects/Scopes:

NorthernWind :: Core :: Default Marshalling:compile
NorthernWind :: Frontend :: Webapp:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:compile
NorthernWind :: Frontend :: Webapp :: Commons:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	name	Jakarta XML Binding API	High
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	Manifest	implementation-build-id	2d7fc02	Low
Vendor	pom	artifactid	jakarta.xml.bind-api	Low
Vendor	Manifest	bundle-docurl	https://www.eclipse.org	Low
Vendor	jar	package name	jakarta	Highest
Vendor	Manifest	specification-vendor	Eclipse Foundation	Low
Vendor	Manifest	extension-name	jakarta.xml.bind	Medium
Vendor	Manifest	multi-release	true	Low
Vendor	Manifest	bundle-symbolicname	jakarta.xml.bind-api	Medium
Vendor	pom	parent-artifactid	jakarta.xml.bind-api-parent	Low
Vendor	pom	groupid	jakarta.xml.bind	Highest
Vendor	file	name	jakarta.xml.bind-api	High
Vendor	jar	package name	bind	Highest
Vendor	jar	package name	xml	Highest
Product	pom	name	Jakarta XML Binding API	High
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	Manifest	implementation-build-id	2d7fc02	Low
Product	pom	parent-artifactid	jakarta.xml.bind-api-parent	Medium
Product	jar	package name	jakarta	Highest
Product	Manifest	bundle-docurl	https://www.eclipse.org	Low
Product	Manifest	Bundle-Name	Jakarta XML Binding API	Medium
Product	pom	artifactid	jakarta.xml.bind-api	Highest
Product	Manifest	extension-name	jakarta.xml.bind	Medium
Product	Manifest	multi-release	true	Low
Product	Manifest	bundle-symbolicname	jakarta.xml.bind-api	Medium
Product	file	name	jakarta.xml.bind-api	High
Product	pom	groupid	jakarta.xml.bind	Highest
Product	jar	package name	bind	Highest
Product	jar	package name	xml	Highest
Version	pom	version	3.0.0	Highest
Version	file	version	3.0.0	High
Version	Manifest	Implementation-Version	3.0.0	High
Version	Manifest	Bundle-Version	3.0.0	High

Identifiers

pkg:maven/jakarta.xml.bind/jakarta.xml.bind-api@3.0.0 (Confidence:High)

java-diff-utils-4.9.jar

Description:

The DiffUtils library for computing diffs, applying patches, generationg side-by-side view in Java.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/io/github/java-diff-utils/java-diff-utils/4.9/java-diff-utils-4.9.jar
MD5: 6a4c9c3c4f2a61ff97b38c9f7bac91fa
SHA1: 3ec791c5aa74a72fb499ae8d9547abe27b637b0f
SHA256:2dcf8710d0a453d8fa56c6d76bc4f16f86ec5de8eb7155f17ebff595c0c64aa0
Referenced In Projects/Scopes:

NorthernWind :: Frontend :: Media :: Spring MVC:compile
NorthernWind :: Filesystems :: SCM :: Mercurial:compile
NorthernWind :: Commons for tests:compile
NorthernWind :: Core :: Default Implementation:compile
NorthernWind :: Filesystems :: SCM:compile
NorthernWind :: Core :: Default Marshalling:compile
NorthernWind :: Frontend:compile
NorthernWind :: Filesystems :: Basic:compile
NorthernWind :: Filesystems :: SCM :: Git:compile
NorthernWind :: Core:compile
NorthernWind :: Frontend :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	jar	package name	github	Highest
Vendor	pom	artifactid	java-diff-utils	Low
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	pom	name	java-diff-utils	High
Vendor	Manifest	bundle-symbolicname	io.github.java-diff-utils	Medium
Vendor	file	name	java-diff-utils	High
Vendor	Manifest	automatic-module-name	io.github.javadiffutils	Medium
Vendor	pom	groupid	io.github.java-diff-utils	Highest
Vendor	pom	parent-artifactid	java-diff-utils-parent	Low
Product	jar	package name	github	Highest
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	jar	package name	diffutils	Highest
Product	Manifest	Bundle-Name	java-diff-utils	Medium
Product	pom	name	java-diff-utils	High
Product	pom	artifactid	java-diff-utils	Highest
Product	Manifest	bundle-symbolicname	io.github.java-diff-utils	Medium
Product	file	name	java-diff-utils	High
Product	Manifest	automatic-module-name	io.github.javadiffutils	Medium
Product	pom	groupid	io.github.java-diff-utils	Highest
Product	pom	parent-artifactid	java-diff-utils-parent	Medium
Version	pom	version	4.9	Highest
Version	file	version	4.9	High

Identifiers

pkg:maven/io.github.java-diff-utils/java-diff-utils@4.9 (Confidence:High)
cpe:2.3:a:utils_project:utils:4.9:*:*:*:*:*:*:* (Confidence:Highest)

Published Vulnerabilities

CVE-2021-4277

A vulnerability, which was classified as problematic, has been found in fredsmith utils. This issue affects some unknown processing of the file screenshot_sync of the component Filename Handler. The manipulation leads to predictable from observable state. The name of the patch is dbab1b66955eeb3d76b34612b358307f5c4e3944. It is recommended to apply a patch to fix this issue. The identifier VDB-216749 was assigned to this vulnerability.

CWE-330 Use of Insufficiently Random Values

CVSSv3:

Base Score: MEDIUM (5.3)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References:

Vulnerable Software & Versions:

cpe:2.3:a:utils_project:utils:*:*:*:*:*:*:*:* versions up to (excluding) 2021-05-14

javax.annotation-api-1.3.2.jar

Description:

Common Annotations for the JavaTM Platform API

License:

CDDL + GPLv2 with classpath exception: https://github.com/javaee/javax.annotation/blob/master/LICENSE

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/javax/annotation/javax.annotation-api/1.3.2/javax.annotation-api-1.3.2.jar
MD5: 2ab1973eefffaa2aeec47d50b9e40b9d
SHA1: 934c04d3cfef185a8008e7bf34331b79730a9d43
SHA256:e04ba5195bcd555dc95650f7cc614d151e4bcd52d29a10b8aa2197f3ab89ab9b
Referenced In Projects/Scopes:

NorthernWind (modules):compile
NorthernWind :: Profiling:compile
NorthernWind :: Commons for tests:compile
NorthernWind :: Filesystems :: SCM:compile
NorthernWind :: Frontend :: Components :: HTML Template:compile
NorthernWind :: Frontend :: Media:compile
NorthernWind :: Frontend :: Webapp:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:compile
NorthernWind :: Frontend :: Spring MVC:compile
NorthernWind :: Frontend :: Media :: Spring MVC:compile
NorthernWind :: Frontend :: Commons:compile
NorthernWind :: Filesystems:compile
NorthernWind :: Filesystems :: SCM :: Mercurial:compile
NorthernWind :: Core :: Default Implementation:compile
NorthernWind :: Core :: Default Marshalling:compile
NorthernWind :: Frontend:compile
NorthernWind :: Filesystems :: Basic:compile
NorthernWind :: Filesystems :: SCM :: Git:compile
NorthernWind :: Frontend :: Webapp :: Commons:compile
NorthernWind :: Core:compile
NorthernWind :: Frontend :: Components:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile
NorthernWind :: HTML Patches:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	name	${extension.name} API	High
Vendor	pom	artifactid	javax.annotation-api	Low
Vendor	file	name	javax.annotation-api	High
Vendor	pom	parent-groupid	net.java	Medium
Vendor	pom	parent-artifactid	jvnet-parent	Low
Vendor	Manifest	Implementation-Vendor-Id	org.glassfish	Medium
Vendor	pom	url	http://jcp.org/en/jsr/detail?id=250	Highest
Vendor	pom	groupid	javax.annotation	Highest
Vendor	Manifest	automatic-module-name	java.annotation	Medium
Vendor	jar	package name	annotation	Highest
Vendor	Manifest	bundle-docurl	https://javaee.github.io/glassfish	Low
Vendor	Manifest	Implementation-Vendor	GlassFish Community	High
Vendor	Manifest	extension-name	javax.annotation	Medium
Vendor	Manifest	specification-vendor	Oracle Corporation	Low
Vendor	jar	package name	javax	Highest
Vendor	pom	organization url	https://javaee.github.io/glassfish	Medium
Vendor	Manifest	bundle-symbolicname	javax.annotation-api	Medium
Vendor	pom	organization name	GlassFish Community	High
Product	pom	organization name	GlassFish Community	Low
Product	pom	parent-artifactid	jvnet-parent	Medium
Product	pom	name	${extension.name} API	High
Product	file	name	javax.annotation-api	High
Product	pom	parent-groupid	net.java	Medium
Product	pom	artifactid	javax.annotation-api	Highest
Product	pom	organization url	https://javaee.github.io/glassfish	Low
Product	Manifest	Bundle-Name	javax.annotation API	Medium
Product	pom	groupid	javax.annotation	Highest
Product	Manifest	automatic-module-name	java.annotation	Medium
Product	pom	url	http://jcp.org/en/jsr/detail?id=250	Medium
Product	jar	package name	annotation	Highest
Product	Manifest	bundle-docurl	https://javaee.github.io/glassfish	Low
Product	Manifest	extension-name	javax.annotation	Medium
Product	jar	package name	javax	Highest
Product	Manifest	bundle-symbolicname	javax.annotation-api	Medium
Version	pom	version	1.3.2	Highest
Version	pom	parent-version	1.3.2	Low
Version	Manifest	Bundle-Version	1.3.2	High
Version	Manifest	Implementation-Version	1.3.2	High
Version	file	version	1.3.2	High

Identifiers

pkg:maven/javax.annotation/javax.annotation-api@1.3.2 (Confidence:High)

javax.inject-1.jar

Description:

The javax.inject API

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/javax/inject/javax.inject/1/javax.inject-1.jar
MD5: 289075e48b909e9e74e6c915b3631d2e
SHA1: 6975da39a7040257bd51d21a231b76c915872d38
SHA256:91c77044a50c481636c32d916fd89c9118a72195390452c81065080f957de7ff
Referenced In Projects/Scopes:

NorthernWind (modules):compile
NorthernWind :: Profiling:compile
NorthernWind :: Commons for tests:compile
NorthernWind :: Filesystems :: SCM:compile
NorthernWind :: Frontend :: Components :: HTML Template:compile
NorthernWind :: Frontend :: Media:compile
NorthernWind :: Frontend :: Webapp:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:compile
NorthernWind :: Frontend :: Spring MVC:compile
NorthernWind :: Frontend :: Media :: Spring MVC:compile
NorthernWind :: Frontend :: Commons:compile
NorthernWind :: Filesystems:compile
NorthernWind :: Filesystems :: SCM :: Mercurial:compile
NorthernWind :: Core :: Default Implementation:compile
NorthernWind :: Core :: Default Marshalling:compile
NorthernWind :: Frontend:compile
NorthernWind :: Filesystems :: Basic:compile
NorthernWind :: Filesystems :: SCM :: Git:compile
NorthernWind :: Frontend :: Webapp :: Commons:compile
NorthernWind :: Core:compile
NorthernWind :: Frontend :: Components:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile
NorthernWind :: HTML Patches:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	jar	package name	javax	Low
Vendor	pom	name	javax.inject	High
Vendor	pom	url	http://code.google.com/p/atinject/	Highest
Vendor	file	name	javax.inject-1	High
Vendor	pom	groupid	javax.inject	Highest
Vendor	jar	package name	inject	Low
Vendor	jar	package name	javax	Highest
Vendor	pom	artifactid	javax.inject	Low
Vendor	jar	package name	inject	Highest
Product	pom	name	javax.inject	High
Product	pom	artifactid	javax.inject	Highest
Product	file	name	javax.inject-1	High
Product	pom	groupid	javax.inject	Highest
Product	jar	package name	inject	Low
Product	jar	package name	javax	Highest
Product	pom	url	http://code.google.com/p/atinject/	Medium
Product	jar	package name	inject	Highest
Version	file	version	1	Medium
Version	pom	version	1	Highest

Identifiers

pkg:maven/javax.inject/javax.inject@1 (Confidence:High)

javax.servlet-api-3.1.0.jar

Description:

Java(TM) Servlet 3.1 API Design Specification

License:

CDDL + GPLv2 with classpath exception: https://glassfish.dev.java.net/nonav/public/CDDL+GPL.html

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/javax/servlet/javax.servlet-api/3.1.0/javax.servlet-api-3.1.0.jar
MD5: 79de69e9f5ed8c7fcb8342585732bbf7
SHA1: 3cd63d075497751784b2fa84be59432f4905bf7c
SHA256:af456b2dd41c4e82cf54f3e743bc678973d9fe35bd4d3071fa05c7e5333b8482
Referenced In Projects/Scopes:

NorthernWind :: Frontend:provided
NorthernWind :: Filesystems :: Basic:provided
NorthernWind :: Frontend :: Components:provided
NorthernWind :: Core :: Default Implementation:provided
NorthernWind :: Frontend :: Components :: HTML Template:provided
NorthernWind :: Frontend :: Commons:provided
NorthernWind :: Frontend :: Spring MVC:provided
NorthernWind :: Frontend :: Media :: Spring MVC:provided
NorthernWind :: Core:provided

Evidence

Type	Source	Name	Value	Confidence
Vendor	Manifest	extension-name	javax.servlet	Medium
Vendor	pom	organization url	https://glassfish.dev.java.net	Medium
Vendor	pom	name	Java Servlet API	High
Vendor	pom	groupid	javax.servlet	Highest
Vendor	file	name	javax.servlet-api	High
Vendor	pom	parent-groupid	net.java	Medium
Vendor	pom	parent-artifactid	jvnet-parent	Low
Vendor	Manifest	Implementation-Vendor-Id	org.glassfish	Medium
Vendor	pom	url	http://servlet-spec.java.net	Highest
Vendor	jar	package name	servlet	Highest
Vendor	pom	artifactid	javax.servlet-api	Low
Vendor	Manifest	bundle-symbolicname	javax.servlet-api	Medium
Vendor	Manifest	bundle-docurl	https://glassfish.dev.java.net	Low
Vendor	Manifest	Implementation-Vendor	GlassFish Community	High
Vendor	Manifest	specification-vendor	Oracle Corporation	Low
Vendor	jar	package name	javax	Highest
Vendor	pom	organization name	GlassFish Community	High
Product	Manifest	extension-name	javax.servlet	Medium
Product	pom	organization name	GlassFish Community	Low
Product	pom	name	Java Servlet API	High
Product	pom	artifactid	javax.servlet-api	Highest
Product	pom	groupid	javax.servlet	Highest
Product	pom	parent-artifactid	jvnet-parent	Medium
Product	file	name	javax.servlet-api	High
Product	pom	parent-groupid	net.java	Medium
Product	jar	package name	servlet	Highest
Product	pom	organization url	https://glassfish.dev.java.net	Low
Product	Manifest	bundle-symbolicname	javax.servlet-api	Medium
Product	Manifest	bundle-docurl	https://glassfish.dev.java.net	Low
Product	pom	url	http://servlet-spec.java.net	Medium
Product	Manifest	Bundle-Name	Java Servlet API	Medium
Product	jar	package name	javax	Highest
Version	Manifest	Implementation-Version	3.1.0	High
Version	Manifest	Bundle-Version	3.1.0	High
Version	pom	parent-version	3.1.0	Low
Version	file	version	3.1.0	High
Version	pom	version	3.1.0	Highest

Identifiers

pkg:maven/javax.servlet/javax.servlet-api@3.1.0 (Confidence:High)
cpe:2.3:a:oracle:java_se:3.1.0:*:*:*:*:*:*:* (Confidence:Low)

jaxb-core-3.0.0.jar

Description:

JAXB Core module. Contains sources required by XJC, JXC and Runtime modules.

License:

http://www.eclipse.org/org/documents/edl-v10.php

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/glassfish/jaxb/jaxb-core/3.0.0/jaxb-core-3.0.0.jar
MD5: 0529ad63165dc6ff29329750b62f4e7d
SHA1: d3e976f31e1a233cac7a9d29ece92ab65c9a5d34
SHA256:75b97352b14aa2bb419f37a4d1f00196d0f9d1ca1053982ff51bac46e855c27e
Referenced In Projects/Scopes:

NorthernWind :: Core :: Default Marshalling:compile
NorthernWind :: Frontend :: Webapp:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:compile
NorthernWind :: Frontend :: Webapp :: Commons:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	parent-artifactid	jaxb-parent	Low
Vendor	Manifest	implementation-build-id	3.0.0 - 697e104	Low
Vendor	pom	groupid	glassfish.jaxb	Highest
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	pom	name	JAXB Core	High
Vendor	pom	parent-groupid	com.sun.xml.bind.mvn	Medium
Vendor	Manifest	bundle-symbolicname	org.glassfish.jaxb.core	Medium
Vendor	Manifest	Implementation-Vendor	Eclipse Foundation	High
Vendor	Manifest	bundle-docurl	https://www.eclipse.org	Low
Vendor	jar	package name	jaxb	Highest
Vendor	pom	artifactid	jaxb-core	Low
Vendor	Manifest	Implementation-Vendor-Id	org.glassfish.jaxb	Medium
Vendor	jar	package name	org	Highest
Vendor	file	name	jaxb-core	High
Vendor	Manifest	multi-release	true	Low
Vendor	jar	package name	core	Highest
Vendor	Manifest	git-revision	697e104	Low
Vendor	pom	groupid	org.glassfish.jaxb	Highest
Vendor	jar	package name	glassfish	Highest
Product	Manifest	implementation-build-id	3.0.0 - 697e104	Low
Product	pom	groupid	glassfish.jaxb	Highest
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	pom	name	JAXB Core	High
Product	Manifest	Bundle-Name	JAXB Core	Medium
Product	pom	parent-groupid	com.sun.xml.bind.mvn	Medium
Product	Manifest	Implementation-Title	Jakarta XML Binding Implementation	High
Product	Manifest	bundle-symbolicname	org.glassfish.jaxb.core	Medium
Product	Manifest	bundle-docurl	https://www.eclipse.org	Low
Product	jar	package name	jaxb	Highest
Product	pom	artifactid	jaxb-core	Highest
Product	jar	package name	org	Highest
Product	pom	parent-artifactid	jaxb-parent	Medium
Product	file	name	jaxb-core	High
Product	Manifest	multi-release	true	Low
Product	jar	package name	core	Highest
Product	Manifest	git-revision	697e104	Low
Product	jar	package name	glassfish	Highest
Product	Manifest	specification-title	Jakarta XML Binding	Medium
Version	pom	version	3.0.0	Highest
Version	file	version	3.0.0	High
Version	Manifest	implementation-build-id	3.0.0	Low
Version	Manifest	major-version	3.0.0	Medium
Version	Manifest	Implementation-Version	3.0.0	High
Version	Manifest	build-id	3.0.0	Medium
Version	Manifest	Bundle-Version	3.0.0	High

Identifiers

pkg:maven/org.glassfish.jaxb/jaxb-core@3.0.0 (Confidence:High)

jaxb-core-3.0.0.jar

Description:

Old JAXB Core module. Contains sources required by XJC, JXC and Runtime modules with dependencies.

License:

http://www.eclipse.org/org/documents/edl-v10.php

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/com/sun/xml/bind/jaxb-core/3.0.0/jaxb-core-3.0.0.jar
MD5: b3095fb0bcc4ac39c373f2a5168a5987
SHA1: 6aae6e87468c15dfe5fffcb9039d05469b8ef318
SHA256:b1e4b8137505333ed59b08e748c46c3894795fa1d524d042354609fd9ca6754f
Referenced In Projects/Scopes:

NorthernWind :: Core :: Default Marshalling:compile
NorthernWind :: Frontend :: Webapp:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:compile
NorthernWind :: Frontend :: Webapp :: Commons:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	jar	package name	sun	Highest
Vendor	pom	parent-artifactid	jaxb-parent	Low
Vendor	pom	name	JAXB Core	High
Vendor	pom	parent-artifactid	jaxb-bundles	Low
Vendor	Manifest	Implementation-Vendor	Eclipse Foundation	High
Vendor	jar	package name	org	Highest
Vendor	pom	name	Old JAXB Core	High
Vendor	Manifest	bundle-symbolicname	com.sun.xml.bind.jaxb-core	Medium
Vendor	Manifest	Implementation-Vendor-Id	org.eclipse	Medium
Vendor	pom	groupid	glassfish.jaxb	Highest
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	pom	groupid	com.sun.xml.bind	Highest
Vendor	pom	parent-groupid	com.sun.xml.bind.mvn	Medium
Vendor	Manifest	bundle-docurl	https://www.eclipse.org	Low
Vendor	jar	package name	jaxb	Highest
Vendor	pom	artifactid	jaxb-core	Low
Vendor	jar (hint)	package name	oracle	Highest
Vendor	jar	package name	com	Highest
Vendor	file	name	jaxb-core	High
Vendor	Manifest	multi-release	true	Low
Vendor	pom	groupid	sun.xml.bind	Highest
Vendor	jar	package name	core	Highest
Vendor	Manifest	git-revision	697e104	Low
Vendor	jar	package name	xml	Highest
Vendor	jar	package name	glassfish	Highest
Product	jar	package name	sun	Highest
Product	pom	name	JAXB Core	High
Product	Manifest	Implementation-Title	Jakarta XML Binding Implementation	High
Product	pom	artifactid	jaxb-core	Highest
Product	jar	package name	org	Highest
Product	pom	name	Old JAXB Core	High
Product	pom	parent-artifactid	jaxb-parent	Medium
Product	pom	parent-artifactid	jaxb-bundles	Medium
Product	Manifest	bundle-symbolicname	com.sun.xml.bind.jaxb-core	Medium
Product	Manifest	specification-title	Jakarta XML Binding	Medium
Product	pom	groupid	glassfish.jaxb	Highest
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	Manifest	Bundle-Name	Old JAXB Core	Medium
Product	pom	parent-groupid	com.sun.xml.bind.mvn	Medium
Product	Manifest	bundle-docurl	https://www.eclipse.org	Low
Product	jar	package name	jaxb	Highest
Product	jar	package name	com	Highest
Product	file	name	jaxb-core	High
Product	Manifest	multi-release	true	Low
Product	pom	groupid	sun.xml.bind	Highest
Product	jar	package name	core	Highest
Product	Manifest	git-revision	697e104	Low
Product	jar	package name	xml	Highest
Product	jar	package name	glassfish	Highest
Version	pom	version	3.0.0	Highest
Version	file	version	3.0.0	High
Version	Manifest	major-version	3.0.0	Medium
Version	Manifest	Implementation-Version	3.0.0	High
Version	Manifest	build-id	3.0.0	Medium
Version	Manifest	Bundle-Version	3.0.0	High

Identifiers

pkg:maven/com.sun.xml.bind/jaxb-core@3.0.0 (Confidence:High)
pkg:maven/org.glassfish.jaxb/jaxb-core@3.0.0 (Confidence:High)
cpe:2.3:a:oracle:java_se:3.0.0:*:*:*:*:*:*:* (Confidence:Low)

jaxb-core-3.0.0.jar (shaded: com.sun.istack:istack-commons-runtime:4.0.0)

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/com/sun/xml/bind/jaxb-core/3.0.0/jaxb-core-3.0.0.jar/META-INF/maven/com.sun.istack/istack-commons-runtime/pom.xml
MD5: c794116e14cf6b4880c5fa97484a1669
SHA1: 74d35d998969df9d8236e198d61d2668b35fbded
SHA256:4b7815ba5011033993d2d72142241a0213ced4010ec9f55e5d3baf7d0e357560
Referenced In Projects/Scopes:

NorthernWind :: Core :: Default Marshalling:compile
NorthernWind :: Frontend :: Webapp:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:compile
NorthernWind :: Frontend :: Webapp :: Commons:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	name	istack common utility code runtime	High
Vendor	pom	parent-groupid	com.sun.istack	Medium
Vendor	pom	artifactid	istack-commons-runtime	Low
Vendor	pom	parent-artifactid	istack-commons	Low
Vendor	pom	groupid	sun.istack	Highest
Product	pom	name	istack common utility code runtime	High
Product	pom	parent-groupid	com.sun.istack	Medium
Product	pom	parent-artifactid	istack-commons	Medium
Product	pom	groupid	sun.istack	Highest
Product	pom	artifactid	istack-commons-runtime	Highest
Version	pom	version	4.0.0	Highest

Identifiers

pkg:maven/com.sun.istack/istack-commons-runtime@4.0.0 (Confidence:High)

jaxb-impl-3.0.0.jar

Description:

Old JAXB Runtime module. Contains sources required for runtime processing.

License:

http://www.eclipse.org/org/documents/edl-v10.php

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/com/sun/xml/bind/jaxb-impl/3.0.0/jaxb-impl-3.0.0.jar
MD5: ba0d3f0dfdd2f16951734b3c87cf073f
SHA1: da6cc5533db0f41078f424f3bc84d0f8c28f5f9c
SHA256:6d5a3cddb6948b6adc6707b121d627c3b50bc23334e072e8ddd8e82b894f384e
Referenced In Projects/Scopes:

NorthernWind :: Core :: Default Marshalling:compile
NorthernWind :: Frontend :: Webapp:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:compile
NorthernWind :: Frontend :: Webapp :: Commons:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	name	Old JAXB Runtime	High
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	pom	groupid	com.sun.xml.bind	Highest
Vendor	file	name	jaxb-impl	High
Vendor	pom	parent-artifactid	jaxb-bundles	Low
Vendor	pom	parent-groupid	com.sun.xml.bind.mvn	Medium
Vendor	Manifest	Implementation-Vendor	Eclipse Foundation	High
Vendor	Manifest	bundle-docurl	https://www.eclipse.org	Low
Vendor	Manifest	bundle-symbolicname	com.sun.xml.bind.jaxb-impl	Medium
Vendor	jar	package name	jaxb	Highest
Vendor	jar	package name	org	Highest
Vendor	Manifest	multi-release	true	Low
Vendor	pom	groupid	sun.xml.bind	Highest
Vendor	pom	artifactid	jaxb-impl	Low
Vendor	Manifest	git-revision	697e104	Low
Vendor	jar	package name	runtime	Highest
Vendor	Manifest	Implementation-Vendor-Id	org.eclipse	Medium
Product	pom	name	Old JAXB Runtime	High
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	file	name	jaxb-impl	High
Product	pom	parent-groupid	com.sun.xml.bind.mvn	Medium
Product	Manifest	Implementation-Title	Jakarta XML Binding Implementation	High
Product	Manifest	bundle-docurl	https://www.eclipse.org	Low
Product	jar	package name	jaxb	Highest
Product	Manifest	bundle-symbolicname	com.sun.xml.bind.jaxb-impl	Medium
Product	jar	package name	org	Highest
Product	Manifest	multi-release	true	Low
Product	pom	groupid	sun.xml.bind	Highest
Product	pom	parent-artifactid	jaxb-bundles	Medium
Product	pom	artifactid	jaxb-impl	Highest
Product	Manifest	git-revision	697e104	Low
Product	jar	package name	runtime	Highest
Product	Manifest	Bundle-Name	Old JAXB Runtime	Medium
Product	Manifest	specification-title	Jakarta XML Binding	Medium
Version	pom	version	3.0.0	Highest
Version	file	version	3.0.0	High
Version	Manifest	major-version	3.0.0	Medium
Version	Manifest	Implementation-Version	3.0.0	High
Version	Manifest	build-id	3.0.0	Medium
Version	Manifest	Bundle-Version	3.0.0	High

Identifiers

pkg:maven/com.sun.xml.bind/jaxb-impl@3.0.0 (Confidence:High)

jaxb-impl-3.0.0.jar (shaded: org.glassfish.jaxb:jaxb-runtime:3.0.0)

Description:

JAXB (JSR 222) Reference Implementation

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/com/sun/xml/bind/jaxb-impl/3.0.0/jaxb-impl-3.0.0.jar/META-INF/maven/org.glassfish.jaxb/jaxb-runtime/pom.xml
MD5: 04337bb90bd23c070d299d51cfeef188
SHA1: 2698a6bb35c314aab0db0d36be6d9ffb5a9448f4
SHA256:62e62c624e799caeb1c8b36140a7671841bb94b55cfb1aa01319acb274b40bc4
Referenced In Projects/Scopes:

NorthernWind :: Core :: Default Marshalling:compile
NorthernWind :: Frontend :: Webapp:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:compile
NorthernWind :: Frontend :: Webapp :: Commons:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	groupid	glassfish.jaxb	Highest
Vendor	pom	parent-artifactid	jaxb-runtime-parent	Low
Vendor	pom	parent-groupid	com.sun.xml.bind.mvn	Medium
Vendor	pom	name	JAXB Runtime	High
Vendor	pom	artifactid	jaxb-runtime	Low
Product	pom	groupid	glassfish.jaxb	Highest
Product	pom	artifactid	jaxb-runtime	Highest
Product	pom	parent-groupid	com.sun.xml.bind.mvn	Medium
Product	pom	parent-artifactid	jaxb-runtime-parent	Medium
Product	pom	name	JAXB Runtime	High
Version	pom	version	3.0.0	Highest

Identifiers

pkg:maven/org.glassfish.jaxb/jaxb-runtime@3.0.0 (Confidence:High)

jaxb-xjc-3.0.0.jar

Description:

        JAXB Binding Compiler. Contains source code needed for binding customization files into java sources.
        In other words: the *tool* to generate java classes for the given xml representation.

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/glassfish/jaxb/jaxb-xjc/3.0.0/jaxb-xjc-3.0.0.jar
MD5: a2a5dd45abbe12e13ab854a0c90cb726
SHA1: d7360fd0988a8ffb0fdbb7d6b28527b7e9073e18
SHA256:c1e7cea2a98c05c9461cd05f145d5aeb99b1b6d28fc2646e1dc4508508505c66
Referenced In Projects/Scopes:

NorthernWind :: Core :: Default Marshalling:compile
NorthernWind :: Frontend :: Webapp:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:compile
NorthernWind :: Frontend :: Webapp :: Commons:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	jar	package name	sun	Highest
Vendor	pom	artifactid	jaxb-xjc	Low
Vendor	pom	parent-artifactid	jaxb-parent	Low
Vendor	pom	name	JAXB XJC	High
Vendor	pom	groupid	glassfish.jaxb	Highest
Vendor	pom	parent-groupid	com.sun.xml.bind.mvn	Medium
Vendor	Manifest	Implementation-Vendor	Eclipse Foundation	High
Vendor	file	name	jaxb-xjc	High
Vendor	jar (hint)	package name	oracle	Highest
Vendor	jar	package name	com	Highest
Vendor	jar	package name	xjc	Highest
Vendor	Manifest	multi-release	true	Low
Vendor	Manifest	git-revision	697e104	Low
Vendor	pom	groupid	org.glassfish.jaxb	Highest
Vendor	Manifest	Implementation-Vendor-Id	org.eclipse	Medium
Product	jar	package name	sun	Highest
Product	pom	name	JAXB XJC	High
Product	pom	groupid	glassfish.jaxb	Highest
Product	pom	parent-groupid	com.sun.xml.bind.mvn	Medium
Product	Manifest	Implementation-Title	Jakarta XML Binding Implementation	High
Product	file	name	jaxb-xjc	High
Product	jar	package name	com	Highest
Product	jar	package name	xjc	Highest
Product	pom	parent-artifactid	jaxb-parent	Medium
Product	Manifest	multi-release	true	Low
Product	pom	artifactid	jaxb-xjc	Highest
Product	Manifest	git-revision	697e104	Low
Product	Manifest	specification-title	Jakarta XML Binding	Medium
Version	pom	version	3.0.0	Highest
Version	file	version	3.0.0	High
Version	Manifest	major-version	3.0.0	Medium
Version	Manifest	Implementation-Version	3.0.0	High
Version	Manifest	build-id	3.0.0	Medium

Identifiers

pkg:maven/org.glassfish.jaxb/jaxb-xjc@3.0.0 (Confidence:High)

jcl-over-slf4j-1.7.30.jar

Description:

JCL 1.2 implemented over SLF4J

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/slf4j/jcl-over-slf4j/1.7.30/jcl-over-slf4j-1.7.30.jar
MD5: 69ad224b2feb6f86554fe8997b9c3d4b
SHA1: cd92524ea19d27e5b94ecd251e1af729cffdfe15
SHA256:71e9ee37b9e4eb7802a2acc5f41728a4cf3915e7483d798db3b4ff2ec8847c50
Referenced In Projects/Scopes:

NorthernWind :: Frontend :: Components :: HTML Template:runtime
NorthernWind :: Frontend :: Media:runtime
NorthernWind :: Frontend :: Webapp:runtime
NorthernWind :: Filesystems :: SCM :: Git:runtime
NorthernWind :: Profiling:runtime
NorthernWind :: HTML Patches:runtime
NorthernWind :: Frontend :: Components:runtime
NorthernWind :: Core:runtime
NorthernWind :: Filesystems :: SCM:runtime
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:runtime
NorthernWind :: Frontend:runtime
NorthernWind :: Core :: Default Marshalling:runtime
NorthernWind :: Frontend :: Webapp :: Commons:runtime
NorthernWind :: Filesystems :: SCM :: Mercurial:runtime
NorthernWind :: Filesystems :: Basic:runtime
NorthernWind :: Frontend :: Commons:provided
NorthernWind :: Core :: Default Implementation:runtime
NorthernWind :: Filesystems:runtime
NorthernWind :: Frontend :: Media :: Spring MVC:runtime
NorthernWind :: Frontend :: Webapp :: Spring MVC:runtime
NorthernWind :: Commons for tests:runtime
NorthernWind (modules):runtime
NorthernWind :: Frontend :: Spring MVC:runtime

Evidence

Type	Source	Name	Value	Confidence
Vendor	Manifest	bundle-requiredexecutionenvironment	J2SE-1.5	Low
Vendor	jar	package name	logging	Highest
Vendor	pom	groupid	slf4j	Highest
Vendor	pom	url	http://www.slf4j.org	Highest
Vendor	Manifest	bundle-symbolicname	jcl.over.slf4j	Medium
Vendor	jar	package name	apache	Highest
Vendor	pom	name	JCL 1.2 implemented over SLF4J	High
Vendor	Manifest	automatic-module-name	org.apache.commons.logging	Medium
Vendor	jar	package name	commons	Highest
Vendor	pom	parent-groupid	org.slf4j	Medium
Vendor	pom	parent-artifactid	slf4j-parent	Low
Vendor	pom	groupid	org.slf4j	Highest
Vendor	pom	artifactid	jcl-over-slf4j	Low
Vendor	file	name	jcl-over-slf4j	High
Product	Manifest	bundle-requiredexecutionenvironment	J2SE-1.5	Low
Product	Manifest	Bundle-Name	jcl-over-slf4j	Medium
Product	pom	artifactid	jcl-over-slf4j	Highest
Product	jar	package name	logging	Highest
Product	pom	groupid	slf4j	Highest
Product	pom	url	http://www.slf4j.org	Medium
Product	pom	parent-artifactid	slf4j-parent	Medium
Product	Manifest	bundle-symbolicname	jcl.over.slf4j	Medium
Product	jar	package name	apache	Highest
Product	pom	name	JCL 1.2 implemented over SLF4J	High
Product	Manifest	automatic-module-name	org.apache.commons.logging	Medium
Product	jar	package name	commons	Highest
Product	pom	parent-groupid	org.slf4j	Medium
Product	file	name	jcl-over-slf4j	High
Product	Manifest	Implementation-Title	jcl-over-slf4j	High
Version	file	version	1.7.30	High
Version	pom	version	1.7.30	Highest
Version	Manifest	Bundle-Version	1.7.30	High
Version	Manifest	Implementation-Version	1.7.30	High

Identifiers

pkg:maven/org.slf4j/jcl-over-slf4j@1.7.30 (Confidence:High)
cpe:2.3:a:apache:commons_net:1.7.30:*:*:*:*:*:*:* (Confidence:Low)

Published Vulnerabilities

CVE-2021-37533

Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711.

CWE-20 Improper Input Validation

CVSSv3:

Base Score: MEDIUM (6.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions:

cpe:2.3:a:apache:commons_net:*:*:*:*:*:*:*:* versions up to (excluding) 3.9.0

jdom-1.0.jar

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/jdom/jdom/1.0/jdom-1.0.jar
MD5: 0b8f97de82fc9529b1028a77125ce4f8
SHA1: a2ac1cd690ab4c80defe7f9bce14d35934c35cec
SHA256:3b23bc3979aec14a952a12aafc483010dc57579775f2ffcacef5256a90eeda02
Referenced In Projects/Scopes:

NorthernWind :: Frontend :: Media :: Spring MVC:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:compile
NorthernWind :: Frontend :: Spring MVC:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	manifest: org/jdom/xpath/	Implementation-Vendor	jdom.org	Medium
Vendor	manifest: org/jdom/input/	Implementation-Vendor	jdom.org	Medium
Vendor	jar	package name	jdom	Highest
Vendor	manifest: org/jdom/output/	Implementation-Vendor	jdom.org	Medium
Vendor	manifest: org/jdom/	Implementation-Vendor	jdom.org	Medium
Vendor	manifest: org/jdom/transform/	Implementation-Vendor	jdom.org	Medium
Vendor	file	name	jdom	High
Vendor	pom	artifactid	jdom	Low
Vendor	pom	groupid	jdom	Highest
Vendor	manifest: org/jdom/adapters/	Implementation-Vendor	jdom.org	Medium
Vendor	manifest: org/jdom/filter/	Implementation-Vendor	jdom.org	Medium
Product	jar	package name	adapters	Highest
Product	manifest: org/jdom/input/	Specification-Title	JDOM Input Classes	Medium
Product	manifest: org/jdom/	Implementation-Title	org.jdom	Medium
Product	jar	package name	filter	Highest
Product	jar	package name	xpath	Highest
Product	manifest: org/jdom/output/	Implementation-Title	org.jdom.output	Medium
Product	manifest: org/jdom/xpath/	Implementation-Title	org.jdom.xpath	Medium
Product	pom	artifactid	jdom	Highest
Product	manifest: org/jdom/adapters/	Specification-Title	JDOM Adapter Classes	Medium
Product	jar	package name	input	Highest
Product	jar	package name	jdom	Highest
Product	file	name	jdom	High
Product	manifest: org/jdom/filter/	Specification-Title	JDOM Filter Classes	Medium
Product	jar	package name	output	Highest
Product	manifest: org/jdom/filter/	Implementation-Title	org.jdom.filter	Medium
Product	manifest: org/jdom/output/	Specification-Title	JDOM Output Classes	Medium
Product	jar	package name	transform	Highest
Product	manifest: org/jdom/input/	Implementation-Title	org.jdom.input	Medium
Product	manifest: org/jdom/xpath/	Specification-Title	JDOM XPath Classes	Medium
Product	manifest: org/jdom/adapters/	Implementation-Title	org.jdom.adapters	Medium
Product	manifest: org/jdom/transform/	Specification-Title	JDOM Transformation Classes	Medium
Product	manifest: org/jdom/transform/	Implementation-Title	org.jdom.transform	Medium
Product	manifest: org/jdom/	Specification-Title	JDOM Classes	Medium
Product	pom	groupid	jdom	Highest
Version	manifest: org/jdom/transform/	Implementation-Version	1.0	Medium
Version	pom	version	1.0	Highest
Version	file	version	1.0	High
Version	manifest: org/jdom/input/	Implementation-Version	1.0	Medium
Version	manifest: org/jdom/xpath/	Implementation-Version	1.0	Medium
Version	manifest: org/jdom/adapters/	Implementation-Version	1.0	Medium
Version	manifest: org/jdom/filter/	Implementation-Version	1.0	Medium
Version	manifest: org/jdom/	Implementation-Version	1.0	Medium
Version	manifest: org/jdom/output/	Implementation-Version	1.0	Medium

Identifiers

pkg:maven/jdom/jdom@1.0 (Confidence:High)
cpe:2.3:a:jdom:jdom:1.0:*:*:*:*:*:*:* (Confidence:Highest)

Published Vulnerabilities

CVE-2021-33813

An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request.

CWE-611 Improper Restriction of XML External Entity Reference ('XXE')

CVSSv2:

Base Score: MEDIUM (5.0)
Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSSv3:

Base Score: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

jetty-util-6.1.26.jar

Description:

Utility classes for Jetty

License:

http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/mortbay/jetty/jetty-util/6.1.26/jetty-util-6.1.26.jar
MD5: 450fedce4f7f8ad3761577b10a664200
SHA1: e5642fe0399814e1687d55a3862aa5a3417226a9
SHA256:9b974ce2b99f48254b76126337dc45b21226f383aaed616f59780adaf167c047
Referenced In Projects/Scopes:

NorthernWind :: Frontend :: Media :: Spring MVC:runtime
NorthernWind :: Frontend :: Webapp :: Spring MVC:runtime
NorthernWind :: Frontend :: Spring MVC:runtime
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:runtime

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	groupid	org.mortbay.jetty	Highest
Vendor	jar	package name	mortbay	Highest
Vendor	Manifest	bundle-symbolicname	org.mortbay.jetty.util	Medium
Vendor	Manifest	originally-created-by	1.6.0_22 (Sun Microsystems Inc.)	Low
Vendor	Manifest	url	http://www.eclipse.org/jetty/jetty-parent/project/modules/jetty-util	Low
Vendor	pom	name	Jetty Utilities	High
Vendor	jar	package name	util	Highest
Vendor	pom	parent-groupid	org.mortbay.jetty	Medium
Vendor	Manifest	bundle-docurl	http://jetty.mortbay.org	Low
Vendor	Manifest	mode	development	Low
Vendor	Manifest	bundle-requiredexecutionenvironment	J2SE-1.4	Low
Vendor	pom	parent-artifactid	project	Low
Vendor	pom	groupid	mortbay.jetty	Highest
Vendor	file	name	jetty-util	High
Vendor	pom	artifactid	jetty-util	Low
Product	Manifest	Bundle-Name	Jetty Utilities	Medium
Product	jar	package name	mortbay	Highest
Product	Manifest	bundle-symbolicname	org.mortbay.jetty.util	Medium
Product	pom	artifactid	jetty-util	Highest
Product	Manifest	originally-created-by	1.6.0_22 (Sun Microsystems Inc.)	Low
Product	Manifest	url	http://www.eclipse.org/jetty/jetty-parent/project/modules/jetty-util	Low
Product	pom	name	Jetty Utilities	High
Product	jar	package name	util	Highest
Product	pom	parent-groupid	org.mortbay.jetty	Medium
Product	Manifest	bundle-docurl	http://jetty.mortbay.org	Low
Product	pom	parent-artifactid	project	Medium
Product	Manifest	mode	development	Low
Product	Manifest	bundle-requiredexecutionenvironment	J2SE-1.4	Low
Product	pom	groupid	mortbay.jetty	Highest
Product	file	name	jetty-util	High
Version	Manifest	Bundle-Version	6.1.26	High
Version	Manifest	implementation-version	6.1.26	High
Version	file	version	6.1.26	High
Version	pom	version	6.1.26	Highest

Identifiers

pkg:maven/org.mortbay.jetty/jetty-util@6.1.26 (Confidence:High)
cpe:2.3:a:jetty:jetty:6.1.26:*:*:*:*:*:*:* (Confidence:Highest)
cpe:2.3:a:mortbay:jetty:6.1.26:*:*:*:*:*:*:* (Confidence:Highest)
cpe:2.3:a:mortbay_jetty:jetty:6.1.26:*:*:*:*:*:*:* (Confidence:Highest)

Published Vulnerabilities

CVE-2009-1523

Directory traversal vulnerability in the HTTP server in Mort Bay Jetty 5.1.14, 6.x before 6.1.17, and 7.x through 7.0.0.M2 allows remote attackers to access arbitrary files via directory traversal sequences in the URI.

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv2:

Base Score: MEDIUM (5.0)
Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N

References:

BID - 34800
BID - 35675
CERT-VN - VU#402580
CONFIRM - http://jira.codehaus.org/browse/JETTY-1004
CONFIRM - http://www.kb.cert.org/vuls/id/CRDY-7RKQCY
CONFIRM - http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html
CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=499867
FEDORA - FEDORA-2009-5500
FEDORA - FEDORA-2009-5509
FEDORA - FEDORA-2009-5513
HP - SSRT100184
SECTRACK - 1022563
SECUNIA - 34975
SECUNIA - 35143
SECUNIA - 35225
SECUNIA - 35776
SECUNIA - 40553
VUPEN - ADV-2009-1900
VUPEN - ADV-2010-1792

Vulnerable Software & Versions: (show all)

CVE-2011-4461

Jetty 8.1.0.RC2 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

CWE-310 Cryptographic Issues

CVSSv2:

Base Score: MEDIUM (5.0)
Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSSv3:

Base Score: MEDIUM (5.3)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

References:

BUGTRAQ - 20111228 n.runs-SA-2011.004 - web programming languages and platforms - DoS through hash table
CERT-VN - VU#903934
CONFIRM - http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
CONFIRM - http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
CONFIRM - http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
CONFIRM - https://security.netapp.com/advisory/ntap-20190307-0004/
HP - HPSBST03346
MISC - http://www.nruns.com/_downloads/advisory28122011.pdf
MISC - http://www.ocert.org/advisories/ocert-2011-003.html
SECTRACK - 1026475
SECUNIA - 47408
SECUNIA - 48981
UBUNTU - USN-1429-1
XF - jetty-hash-dos(72017)

Vulnerable Software & Versions: (show all)

jsr305-3.0.2.jar

Description:

JSR305 Annotations for Findbugs

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar
MD5: dd83accb899363c32b07d7a1b2e4ce40
SHA1: 25ea2e8b0c338a877313bd4672d3fe056ea78f0d
SHA256:766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7
Referenced In Projects/Scopes:

NorthernWind (modules):compile
NorthernWind :: Profiling:compile
NorthernWind :: Commons for tests:compile
NorthernWind :: Filesystems :: SCM:compile
NorthernWind :: Frontend :: Components :: HTML Template:compile
NorthernWind :: Frontend :: Media:compile
NorthernWind :: Frontend :: Webapp:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:compile
NorthernWind :: Frontend :: Spring MVC:compile
NorthernWind :: Frontend :: Media :: Spring MVC:compile
NorthernWind :: Frontend :: Commons:compile
NorthernWind :: Filesystems:compile
NorthernWind :: Filesystems :: SCM :: Mercurial:compile
NorthernWind :: Core :: Default Implementation:compile
NorthernWind :: Core :: Default Marshalling:compile
NorthernWind :: Frontend:compile
NorthernWind :: Filesystems :: Basic:compile
NorthernWind :: Filesystems :: SCM :: Git:compile
NorthernWind :: Frontend :: Webapp :: Commons:compile
NorthernWind :: Core:compile
NorthernWind :: Frontend :: Components:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile
NorthernWind :: HTML Patches:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	groupid	google.code.findbugs	Highest
Vendor	pom	groupid	com.google.code.findbugs	Highest
Vendor	pom	artifactid	jsr305	Low
Vendor	file	name	jsr305	High
Vendor	pom	url	http://findbugs.sourceforge.net/	Highest
Vendor	Manifest	bundle-symbolicname	org.jsr-305	Medium
Vendor	pom	name	FindBugs-jsr305	High
Product	pom	artifactid	jsr305	Highest
Product	pom	groupid	google.code.findbugs	Highest
Product	pom	url	http://findbugs.sourceforge.net/	Medium
Product	file	name	jsr305	High
Product	Manifest	bundle-symbolicname	org.jsr-305	Medium
Product	Manifest	Bundle-Name	FindBugs-jsr305	Medium
Product	pom	name	FindBugs-jsr305	High
Version	Manifest	Bundle-Version	3.0.2	High
Version	file	version	3.0.2	High
Version	pom	version	3.0.2	Highest

Identifiers

pkg:maven/com.google.code.findbugs/jsr305@3.0.2 (Confidence:High)

jul-to-slf4j-1.7.30.jar

Description:

JUL to SLF4J bridge

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/slf4j/jul-to-slf4j/1.7.30/jul-to-slf4j-1.7.30.jar
MD5: f2c78cb93d70dc5dea0c50f36ace09c1
SHA1: d58bebff8cbf70ff52b59208586095f467656c30
SHA256:bbcbfdaa72572255c4f85207a9bfdb24358dc993e41252331bd4d0913e4988b9
Referenced In Projects/Scopes:

NorthernWind :: Frontend :: Components :: HTML Template:runtime
NorthernWind :: Frontend :: Media:runtime
NorthernWind :: Frontend :: Webapp:runtime
NorthernWind :: Filesystems :: SCM :: Git:runtime
NorthernWind :: Core :: Default Implementation:provided
NorthernWind :: Profiling:runtime
NorthernWind :: HTML Patches:runtime
NorthernWind :: Frontend :: Components:runtime
NorthernWind :: Filesystems :: SCM:runtime
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:runtime
NorthernWind :: Frontend:runtime
NorthernWind :: Frontend :: Commons:compile
NorthernWind :: Core :: Default Marshalling:runtime
NorthernWind :: Frontend :: Webapp :: Commons:runtime
NorthernWind :: Filesystems :: SCM :: Mercurial:runtime
NorthernWind :: Filesystems :: Basic:runtime
NorthernWind :: Core:provided
NorthernWind :: Filesystems:runtime
NorthernWind :: Frontend :: Media :: Spring MVC:runtime
NorthernWind :: Frontend :: Webapp :: Spring MVC:runtime
NorthernWind :: Commons for tests:runtime
NorthernWind (modules):runtime
NorthernWind :: Frontend :: Spring MVC:runtime

Evidence

Type	Source	Name	Value	Confidence
Vendor	Manifest	bundle-requiredexecutionenvironment	J2SE-1.5	Low
Vendor	pom	artifactid	jul-to-slf4j	Low
Vendor	pom	groupid	slf4j	Highest
Vendor	Manifest	bundle-symbolicname	jul.to.slf4j	Medium
Vendor	jar	package name	bridge	Highest
Vendor	pom	url	http://www.slf4j.org	Highest
Vendor	file	name	jul-to-slf4j	High
Vendor	pom	name	JUL to SLF4J bridge	High
Vendor	pom	parent-groupid	org.slf4j	Medium
Vendor	pom	parent-artifactid	slf4j-parent	Low
Vendor	pom	groupid	org.slf4j	Highest
Vendor	jar	package name	slf4j	Highest
Product	Manifest	bundle-requiredexecutionenvironment	J2SE-1.5	Low
Product	pom	groupid	slf4j	Highest
Product	pom	url	http://www.slf4j.org	Medium
Product	Manifest	bundle-symbolicname	jul.to.slf4j	Medium
Product	pom	parent-artifactid	slf4j-parent	Medium
Product	pom	artifactid	jul-to-slf4j	Highest
Product	jar	package name	bridge	Highest
Product	file	name	jul-to-slf4j	High
Product	pom	name	JUL to SLF4J bridge	High
Product	Manifest	Bundle-Name	jul-to-slf4j	Medium
Product	pom	parent-groupid	org.slf4j	Medium
Product	jar	package name	slf4j	Highest
Version	file	version	1.7.30	High
Version	pom	version	1.7.30	Highest
Version	Manifest	Bundle-Version	1.7.30	High
Version	Manifest	Implementation-Version	1.7.30	High

Identifiers

pkg:maven/org.slf4j/jul-to-slf4j@1.7.30 (Confidence:High)

junit-4.12.jar

Description:

JUnit is a unit testing framework for Java, created by Erich Gamma and Kent Beck.

License:

Eclipse Public License 1.0: http://www.eclipse.org/legal/epl-v10.html

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/junit/junit/4.12/junit-4.12.jar
MD5: 5b38c40c97fbd0adee29f91e60405584
SHA1: 2973d150c0dc1fefe998f834810d68f278ea58ec
SHA256:59721f0805e223d84b90677887d9ff567dc534d7c502ca903c0c2b17f05c116a
Referenced In Projects/Scopes:

NorthernWind :: Frontend :: Media :: Spring MVC:compile
NorthernWind :: Filesystems :: SCM :: Mercurial:compile
NorthernWind :: Commons for tests:compile
NorthernWind :: Core :: Default Implementation:compile
NorthernWind :: Filesystems :: SCM:compile
NorthernWind :: Core :: Default Marshalling:compile
NorthernWind :: Frontend:compile
NorthernWind :: Filesystems :: Basic:compile
NorthernWind :: Filesystems :: SCM :: Git:compile
NorthernWind :: Core:compile
NorthernWind :: Frontend :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	jar	package name	framework	Highest
Vendor	pom	organization name	JUnit	High
Vendor	file	name	junit	High
Vendor	jar	package name	junit	Highest
Vendor	pom	name	JUnit	High
Vendor	pom	artifactid	junit	Low
Vendor	pom	organization url	http://www.junit.org	Medium
Vendor	pom	groupid	junit	Highest
Vendor	Manifest	Implementation-Vendor-Id	junit	Medium
Vendor	Manifest	Implementation-Vendor	JUnit	High
Vendor	pom	url	http://junit.org	Highest
Product	Manifest	Implementation-Title	JUnit	High
Product	jar	package name	framework	Highest
Product	pom	artifactid	junit	Highest
Product	file	name	junit	High
Product	jar	package name	junit	Highest
Product	pom	name	JUnit	High
Product	pom	organization url	http://www.junit.org	Low
Product	pom	groupid	junit	Highest
Product	pom	organization name	JUnit	Low
Product	pom	url	http://junit.org	Medium
Version	Manifest	Implementation-Version	4.12	High
Version	pom	version	4.12	Highest
Version	file	version	4.12	High

Identifiers

pkg:maven/junit/junit@4.12 (Confidence:High)

Published Vulnerabilities

CVE-2020-15250 (OSSINDEX)

In JUnit4 from version 4.7 and before 4.13.1, the test rule TemporaryFolder contains a local information disclosure vulnerability. On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability does not allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. This vulnerability impacts you if the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder, and the JUnit tests execute in an environment where the OS has other untrusted users. Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. For Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. For Java 1.6 and lower users: no patch is available, you must use the workaround below. If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. For more information, including an example of vulnerable code, see the referenced GitHub Security Advisory.

CWE-732 Incorrect Permission Assignment for Critical Resource

CVSSv2:

Base Score: MEDIUM (5.5)
Vector: /AV:L/AC:L/Au:/C:H/I:N/A:N

References:

OSSINDEX - [CVE-2020-15250] CWE-732: Incorrect Permission Assignment for Critical Resource

Vulnerable Software & Versions (OSSINDEX):

cpe:2.3:a:junit:junit:4.12:*:*:*:*:*:*:*

logback-core-1.2.3.jar

Description:

logback-core module

License:

http://www.eclipse.org/legal/epl-v10.html, http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/ch/qos/logback/logback-core/1.2.3/logback-core-1.2.3.jar
MD5: 841fc80c6edff60d947a3872a2db4d45
SHA1: 864344400c3d4d92dfeb0a305dc87d953677c03c
SHA256:5946d837fe6f960c02a53eda7a6926ecc3c758bbdd69aa453ee429f858217f22
Referenced In Projects/Scopes:

NorthernWind :: Frontend :: Media :: Spring MVC:compile
NorthernWind :: Frontend :: Webapp :: Commons:runtime
NorthernWind :: Frontend :: Webapp:runtime
NorthernWind :: Frontend:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:runtime
NorthernWind :: Frontend :: Spring MVC:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:runtime

Evidence

Type	Source	Name	Value	Confidence
Vendor	jar	package name	logback	Highest
Vendor	jar	package name	ch	Highest
Vendor	Manifest	originally-created-by	Apache Maven Bundle Plugin	Low
Vendor	Manifest	bundle-docurl	http://www.qos.ch	Low
Vendor	pom	groupid	ch.qos.logback	Highest
Vendor	jar	package name	qos	Highest
Vendor	jar	package name	core	Highest
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))"	Low
Vendor	pom	artifactid	logback-core	Low
Vendor	pom	name	Logback Core Module	High
Vendor	Manifest	bundle-symbolicname	ch.qos.logback.core	Medium
Vendor	file	name	logback-core	High
Vendor	Manifest	bundle-requiredexecutionenvironment	JavaSE-1.6	Low
Vendor	pom	parent-artifactid	logback-parent	Low
Product	jar	package name	logback	Highest
Product	jar	package name	ch	Highest
Product	pom	artifactid	logback-core	Highest
Product	Manifest	originally-created-by	Apache Maven Bundle Plugin	Low
Product	Manifest	bundle-docurl	http://www.qos.ch	Low
Product	pom	parent-artifactid	logback-parent	Medium
Product	Manifest	Bundle-Name	Logback Core Module	Medium
Product	pom	groupid	ch.qos.logback	Highest
Product	jar	package name	core	Highest
Product	jar	package name	qos	Highest
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))"	Low
Product	pom	name	Logback Core Module	High
Product	Manifest	bundle-symbolicname	ch.qos.logback.core	Medium
Product	file	name	logback-core	High
Product	Manifest	bundle-requiredexecutionenvironment	JavaSE-1.6	Low
Version	file	version	1.2.3	High
Version	pom	version	1.2.3	Highest
Version	Manifest	Bundle-Version	1.2.3	High

Related Dependencies

Identifiers

pkg:maven/ch.qos.logback/logback-core@1.2.3 (Confidence:High)
cpe:2.3:a:qos:logback:1.2.3:*:*:*:*:*:*:* (Confidence:Highest)

Published Vulnerabilities

CVE-2021-42550

In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.

CWE-502 Deserialization of Untrusted Data

CVSSv2:

Base Score: HIGH (8.5)
Vector: /AV:N/AC:M/Au:S/C:C/I:C/A:C

CVSSv3:

Base Score: MEDIUM (6.6)
Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

lombok-1.18.22.jar

Description:

Spice up your java: Automatic Resource Management, automatic generation of getters, setters, equals, hashCode and toString, and more!

License:

The MIT License: https://projectlombok.org/LICENSE

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/projectlombok/lombok/1.18.22/lombok-1.18.22.jar
MD5: 30905901647fe0ebb06fb20ee8a638bf
SHA1: 9c08ea24c6eb714e2d6170e8122c069a0ba9aacf
SHA256:ecef1581411d7a82cc04281667ee0bac5d7c0a5aae74cfc38430396c91c31831
Referenced In Projects/Scopes:

NorthernWind :: Filesystems:provided
NorthernWind :: Filesystems :: Basic:provided
NorthernWind :: Core :: Default Marshalling:provided
NorthernWind :: Core :: Default Implementation:provided
NorthernWind :: Filesystems :: SCM:provided
NorthernWind :: Frontend :: Components :: HTML Template:provided
NorthernWind :: Frontend :: Webapp:provided
NorthernWind :: Frontend :: Webapp :: Commons:provided
NorthernWind :: HTML Patches:provided
NorthernWind :: Frontend:provided
NorthernWind :: Frontend :: Components:provided
NorthernWind :: Profiling:provided
NorthernWind :: Filesystems :: SCM :: Git:provided
NorthernWind :: Frontend :: Commons:provided
NorthernWind :: Frontend :: Spring MVC:provided
NorthernWind :: Frontend :: Media :: Spring MVC:provided
NorthernWind :: Core:provided
NorthernWind :: Commons for tests:provided
NorthernWind (modules):provided
NorthernWind :: Frontend :: Media:provided
NorthernWind :: Frontend :: Webapp :: Spring MVC:provided
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:provided
NorthernWind :: Filesystems :: SCM :: Mercurial:provided

Evidence

Type	Source	Name	Value	Confidence
Vendor	Manifest	can-redefine-classes	true	Low
Vendor	pom	url	https://projectlombok.org	Highest
Vendor	Manifest	automatic-module-name	lombok	Medium
Vendor	pom	groupid	projectlombok	Highest
Vendor	pom	groupid	org.projectlombok	Highest
Vendor	jar	package name	java	Highest
Vendor	pom	artifactid	lombok	Low
Vendor	jar	package name	lombok	Highest
Vendor	pom	name	Project Lombok	High
Vendor	file	name	lombok	High
Vendor	jar	package name	tostring	Highest
Product	Manifest	can-redefine-classes	true	Low
Product	pom	artifactid	lombok	Highest
Product	pom	url	https://projectlombok.org	Medium
Product	Manifest	automatic-module-name	lombok	Medium
Product	pom	groupid	projectlombok	Highest
Product	jar	package name	java	Highest
Product	jar	package name	lombok	Highest
Product	pom	name	Project Lombok	High
Product	file	name	lombok	High
Product	jar	package name	tostring	Highest
Version	Manifest	lombok-version	1.18.22	Medium
Version	file	version	1.18.22	High
Version	pom	version	1.18.22	Highest

Identifiers

pkg:maven/org.projectlombok/lombok@1.18.22 (Confidence:High)

metadata-extractor-2.18.0.jar

Description:

Java library for extracting EXIF, IPTC, XMP, ICC and other metadata from image and video files.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/com/drewnoakes/metadata-extractor/2.18.0/metadata-extractor-2.18.0.jar
MD5: b6794ef7c38ce80abca173119a7a4ebd
SHA1: fa9fd43a28b10333108c603819810d5176d2b092
SHA256:4789361fd0638bdb241554b7a0ccae205ed239697e2b70fa9cadaded6984b565
Referenced In Projects/Scopes:

NorthernWind :: Frontend :: Media :: Spring MVC:compile
NorthernWind :: Frontend :: Media:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	groupid	drewnoakes	Highest
Vendor	pom	groupid	com.drewnoakes	Highest
Vendor	jar	package name	xmp	Highest
Vendor	jar	package name	drew	Highest
Vendor	jar	package name	iptc	Highest
Vendor	Manifest	build-jdk-spec	1.8	Low
Vendor	pom	url	https://drewnoakes.com/code/exif/	Highest
Vendor	jar	package name	exif	Highest
Vendor	Manifest	Implementation-Vendor	Drew Noakes	High
Vendor	jar	package name	icc	Highest
Vendor	jar	package name	metadata	Highest
Vendor	file	name	metadata-extractor	High
Vendor	pom	artifactid	metadata-extractor	Low
Product	pom	artifactid	metadata-extractor	Highest
Product	jar	package name	exif	Highest
Product	pom	groupid	drewnoakes	Highest
Product	jar	package name	xmp	Highest
Product	Manifest	Implementation-Title	metadata-extractor	High
Product	jar	package name	icc	Highest
Product	pom	url	https://drewnoakes.com/code/exif/	Medium
Product	jar	package name	metadata	Highest
Product	jar	package name	iptc	Highest
Product	file	name	metadata-extractor	High
Product	Manifest	build-jdk-spec	1.8	Low
Version	pom	version	2.18.0	Highest
Version	file	version	2.18.0	High
Version	Manifest	Implementation-Version	2.18.0	High

Identifiers

pkg:maven/com.drewnoakes/metadata-extractor@2.18.0 (Confidence:High)
cpe:2.3:a:metadata-extractor_project:metadata-extractor:2.18.0:*:*:*:*:*:*:* (Confidence:Highest)

org-openide-filesystems-RELEASE80.jar

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/netbeans/api/org-openide-filesystems/RELEASE80/org-openide-filesystems-RELEASE80.jar
MD5: e0156cecd9b59b39d6f563147b33d06b
SHA1: 49a7350f013a9eb94e77f0d612b8e48c0b277664
SHA256:122784ee11f7ee519b4ecfa08018491d6e478604406e0213e7a72b801585d10e
Referenced In Projects/Scopes:

NorthernWind :: Filesystems :: SCM :: Mercurial:compile
NorthernWind :: Filesystems :: SCM:compile
NorthernWind :: Frontend :: Webapp:compile
NorthernWind :: Filesystems :: Basic:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:compile
NorthernWind :: Filesystems :: SCM :: Git:compile
NorthernWind :: Frontend :: Webapp :: Commons:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	groupid	org.netbeans.api	Highest
Vendor	Manifest	openide-module-java-dependencies	Java > 1.6	Low
Vendor	pom	artifactid	org-openide-filesystems	Low
Vendor	Manifest	autoupdate-show-in-client	false	Low
Vendor	jar	package name	filesystems	Highest
Vendor	Manifest	openide-module-module-dependencies	org.openide.util > 8.25, org.openide.util.lookup > 8.17	Low
Vendor	Manifest	openide-module-layer	org/openide/filesystems/resources/layer.xml	Low
Vendor	jar	package name	netbeans	Highest
Vendor	jar	package name	openide	Highest
Vendor	file	name	org-openide-filesystems-RELEASE80	High
Vendor	Manifest	openide-module-localizing-bundle	org/openide/filesystems/Bundle.properties	Low
Vendor	pom	groupid	netbeans.api	Highest
Product	jar	package name	filesystems	Highest
Product	pom	artifactid	org-openide-filesystems	Highest
Product	Manifest	openide-module-module-dependencies	org.openide.util > 8.25, org.openide.util.lookup > 8.17	Low
Product	Manifest	openide-module-layer	org/openide/filesystems/resources/layer.xml	Low
Product	jar	package name	netbeans	Highest
Product	jar	package name	openide	Highest
Product	Manifest	openide-module-java-dependencies	Java > 1.6	Low
Product	file	name	org-openide-filesystems-RELEASE80	High
Product	Manifest	openide-module-localizing-bundle	org/openide/filesystems/Bundle.properties	Low
Product	pom	groupid	netbeans.api	Highest
Product	Manifest	autoupdate-show-in-client	false	Low
Version	pom	version	RELEASE80	Highest

Identifiers

pkg:maven/org.netbeans.api/org-openide-filesystems@RELEASE80 (Confidence:High)

org-openide-util-RELEASE80.jar

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/netbeans/api/org-openide-util/RELEASE80/org-openide-util-RELEASE80.jar
MD5: d566d984d4b7141f0c1b310a9cc88989
SHA1: 93d71a0289ce4881c1a8e5bca620409f87f81287
SHA256:4bd08c136ecdf665261b893da19f2660f450c7556a17970dd161c999af779b2d
Referenced In Projects/Scopes:

NorthernWind :: Filesystems :: SCM :: Mercurial:compile
NorthernWind :: Filesystems :: SCM:compile
NorthernWind :: Frontend :: Webapp:compile
NorthernWind :: Filesystems :: Basic:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:compile
NorthernWind :: Filesystems :: SCM :: Git:compile
NorthernWind :: Frontend :: Webapp :: Commons:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	Manifest	openide-module-module-dependencies	org.openide.util.lookup > 8.14	Low
Vendor	pom	groupid	org.netbeans.api	Highest
Vendor	file	name	org-openide-util-RELEASE80	High
Vendor	Manifest	openide-module-java-dependencies	Java > 1.7	Low
Vendor	jar	package name	netbeans	Highest
Vendor	pom	artifactid	org-openide-util	Low
Vendor	jar	package name	openide	Highest
Vendor	jar	package name	util	Highest
Vendor	Manifest	openide-module-localizing-bundle	org/openide/util/Bundle.properties	Low
Vendor	pom	groupid	netbeans.api	Highest
Vendor	Manifest	autoupdate-show-in-client	false	Low
Product	pom	artifactid	org-openide-util	Highest
Product	Manifest	openide-module-module-dependencies	org.openide.util.lookup > 8.14	Low
Product	file	name	org-openide-util-RELEASE80	High
Product	Manifest	openide-module-java-dependencies	Java > 1.7	Low
Product	jar	package name	netbeans	Highest
Product	jar	package name	openide	Highest
Product	jar	package name	util	Highest
Product	Manifest	openide-module-localizing-bundle	org/openide/util/Bundle.properties	Low
Product	pom	groupid	netbeans.api	Highest
Product	Manifest	autoupdate-show-in-client	false	Low
Version	pom	version	RELEASE80	Highest

Identifiers

pkg:maven/org.netbeans.api/org-openide-util@RELEASE80 (Confidence:High)

org-openide-util-lookup-RELEASE80.jar

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/netbeans/api/org-openide-util-lookup/RELEASE80/org-openide-util-lookup-RELEASE80.jar
MD5: c127b6177adc1c32dcdfe83f4265cb77
SHA1: ae3673a0268f1e34fc7c1e8b56f805036de914bb
SHA256:955d96e2df1b5724624a317e910db51c3e29666b38c7c68c52ad773a294ffd47
Referenced In Projects/Scopes:

NorthernWind :: Filesystems :: SCM :: Mercurial:compile
NorthernWind :: Filesystems :: SCM:compile
NorthernWind :: Frontend :: Webapp:compile
NorthernWind :: Filesystems :: Basic:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:compile
NorthernWind :: Filesystems :: SCM :: Git:compile
NorthernWind :: Frontend :: Webapp :: Commons:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	org-openide-util-lookup-RELEASE80	High
Vendor	pom	groupid	org.netbeans.api	Highest
Vendor	Manifest	openide-module-localizing-bundle	org/openide/util/lookup/Bundle.properties	Low
Vendor	jar	package name	lookup	Highest
Vendor	jar	package name	netbeans	Highest
Vendor	Manifest	openide-module-java-dependencies	Java > 1.6	Low
Vendor	jar	package name	openide	Highest
Vendor	jar	package name	util	Highest
Vendor	pom	artifactid	org-openide-util-lookup	Low
Vendor	pom	groupid	netbeans.api	Highest
Vendor	Manifest	autoupdate-show-in-client	false	Low
Product	file	name	org-openide-util-lookup-RELEASE80	High
Product	pom	artifactid	org-openide-util-lookup	Highest
Product	Manifest	openide-module-localizing-bundle	org/openide/util/lookup/Bundle.properties	Low
Product	jar	package name	lookup	Highest
Product	jar	package name	netbeans	Highest
Product	Manifest	openide-module-java-dependencies	Java > 1.6	Low
Product	jar	package name	openide	Highest
Product	jar	package name	util	Highest
Product	pom	groupid	netbeans.api	Highest
Product	Manifest	autoupdate-show-in-client	false	Low
Version	pom	version	RELEASE80	Highest

Identifiers

pkg:maven/org.netbeans.api/org-openide-util-lookup@RELEASE80 (Confidence:High)

relaxng-datatype-3.0.0.jar

Description:

RelaxNG Datatype library.

License:

http://www.eclipse.org/org/documents/edl-v10.php

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/com/sun/xml/bind/external/relaxng-datatype/3.0.0/relaxng-datatype-3.0.0.jar
MD5: 886fd0f2cdd2c9f5c7d65b2f4846c4d8
SHA1: cf2d26e66bc02e1dbd0966bc613febc068c22834
SHA256:bb277c06217a2c6f8e59c560cba74c0a25bf297b06be0326bca0c55a7ff4db79
Referenced In Projects/Scopes:

NorthernWind :: Core :: Default Marshalling:compile
NorthernWind :: Frontend :: Webapp:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:compile
NorthernWind :: Frontend :: Webapp :: Commons:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	jar	package name	sun	Highest
Vendor	Manifest	implementation-build-id	3.0.0 - 697e104	Low
Vendor	pom	groupid	com.sun.xml.bind.external	Highest
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	pom	parent-groupid	com.sun.xml.bind.mvn	Medium
Vendor	Manifest	Implementation-Vendor	Eclipse Foundation	High
Vendor	Manifest	bundle-docurl	https://www.eclipse.org	Low
Vendor	pom	parent-artifactid	jaxb-external-parent	Low
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	pom	artifactid	relaxng-datatype	Low
Vendor	jar (hint)	package name	oracle	Highest
Vendor	file	name	relaxng-datatype	High
Vendor	pom	groupid	sun.xml.bind.external	Highest
Vendor	Manifest	bundle-symbolicname	com.sun.xml.bind.external.relaxng-datatype	Medium
Vendor	jar	package name	datatype	Highest
Vendor	pom	name	RelaxNG Datatype	High
Product	jar	package name	sun	Highest
Product	Manifest	implementation-build-id	3.0.0 - 697e104	Low
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	pom	artifactid	relaxng-datatype	Highest
Product	pom	parent-groupid	com.sun.xml.bind.mvn	Medium
Product	Manifest	bundle-docurl	https://www.eclipse.org	Low
Product	Manifest	build-jdk-spec	11	Low
Product	file	name	relaxng-datatype	High
Product	Manifest	Bundle-Name	RelaxNG Datatype	Medium
Product	pom	groupid	sun.xml.bind.external	Highest
Product	Manifest	Implementation-Title	RelaxNG Datatype	High
Product	Manifest	bundle-symbolicname	com.sun.xml.bind.external.relaxng-datatype	Medium
Product	pom	parent-artifactid	jaxb-external-parent	Medium
Product	jar	package name	datatype	Highest
Product	pom	name	RelaxNG Datatype	High
Version	pom	version	3.0.0	Highest
Version	file	version	3.0.0	High
Version	Manifest	implementation-build-id	3.0.0	Low
Version	Manifest	Implementation-Version	3.0.0	High
Version	Manifest	Bundle-Version	3.0.0	High

Identifiers

pkg:maven/com.sun.xml.bind.external/relaxng-datatype@3.0.0 (Confidence:High)
cpe:2.3:a:oracle:java_se:3.0.0:*:*:*:*:*:*:* (Confidence:Low)

rngom-3.0.0.jar

Description:

        RNGOM is a RelaxNG Object model library (XSOM for RelaxNG).

License:

http://www.eclipse.org/org/documents/edl-v10.php

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/com/sun/xml/bind/external/rngom/3.0.0/rngom-3.0.0.jar
MD5: c698af2e8962f0fed15275fbfa649ed7
SHA1: e13dc5263d288e060fe4b82d3b151527299faa69
SHA256:762c03f61af49f35d79e2b422fc20b6dc95d27692912fda5a7c991241421039a
Referenced In Projects/Scopes:

NorthernWind :: Core :: Default Marshalling:compile
NorthernWind :: Frontend :: Webapp:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:compile
NorthernWind :: Frontend :: Webapp :: Commons:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	jar	package name	sun	Highest
Vendor	Manifest	implementation-build-id	3.0.0 - 697e104	Low
Vendor	jar	package name	rngom	Highest
Vendor	pom	groupid	com.sun.xml.bind.external	Highest
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	pom	name	RNGOM	High
Vendor	file	name	rngom	High
Vendor	pom	parent-groupid	com.sun.xml.bind.mvn	Medium
Vendor	Manifest	Implementation-Vendor	Eclipse Foundation	High
Vendor	Manifest	bundle-docurl	https://www.eclipse.org	Low
Vendor	pom	parent-artifactid	jaxb-external-parent	Low
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	jar (hint)	package name	oracle	Highest
Vendor	pom	groupid	sun.xml.bind.external	Highest
Vendor	pom	artifactid	rngom	Low
Vendor	Manifest	bundle-symbolicname	com.sun.xml.bind.external.rngom	Medium
Vendor	jar	package name	xml	Highest
Product	pom	artifactid	rngom	Highest
Product	jar	package name	sun	Highest
Product	Manifest	implementation-build-id	3.0.0 - 697e104	Low
Product	jar	package name	rngom	Highest
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	Manifest	Bundle-Name	RNGOM	Medium
Product	pom	name	RNGOM	High
Product	file	name	rngom	High
Product	pom	parent-groupid	com.sun.xml.bind.mvn	Medium
Product	Manifest	bundle-docurl	https://www.eclipse.org	Low
Product	Manifest	Implementation-Title	RNGOM	High
Product	Manifest	build-jdk-spec	11	Low
Product	pom	groupid	sun.xml.bind.external	Highest
Product	Manifest	bundle-symbolicname	com.sun.xml.bind.external.rngom	Medium
Product	jar	package name	xml	Highest
Product	pom	parent-artifactid	jaxb-external-parent	Medium
Version	pom	version	3.0.0	Highest
Version	file	version	3.0.0	High
Version	Manifest	implementation-build-id	3.0.0	Low
Version	Manifest	Implementation-Version	3.0.0	High
Version	Manifest	Bundle-Version	3.0.0	High

Identifiers

pkg:maven/com.sun.xml.bind.external/rngom@3.0.0 (Confidence:High)
cpe:2.3:a:oracle:java_se:3.0.0:*:*:*:*:*:*:* (Confidence:Low)

rome-1.0.0.jar

Description:

All Roads Lead to ROME. ROME is a set of Atom/RSS Java utilities that make it
        easy to work in Java with most syndication formats. Today it accepts all flavors of RSS
        (0.90, 0.91, 0.92, 0.93, 0.94, 1.0 and 2.0), Atom 0.3 and Atom 1.0 feeds. Rome includes
        a set of parsers and generators for the various flavors of feeds, as well as converters
        to convert from one format to another. The parsers can give you back Java objects that
        are either specific for the format you want to work with, or a generic normalized
        SyndFeed object that lets you work on with the data without bothering about the
    underlying format.

License:

Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/net/java/dev/rome/rome/1.0.0/rome-1.0.0.jar
MD5: 18564f25636f0b2ac6c2054d60155028
SHA1: 8b4f0da455c59746435e987285b30c22b09ba18d
SHA256:8b096b9c07b1baca0174c35b19eb3453911b2cc46f1e4c3dbb3bfa5ceb5ace59
Referenced In Projects/Scopes:

NorthernWind :: Frontend :: Media :: Spring MVC:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:compile
NorthernWind :: Frontend :: Spring MVC:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	jar	package name	rss	Highest
Vendor	file	name	rome	High
Vendor	pom	groupid	net.java.dev.rome	Highest
Vendor	pom	artifactid	rome	Low
Vendor	pom	organization url	http://rome.dev.java.net	Medium
Vendor	Manifest	embed-transitive	true	Low
Vendor	Manifest	bundle-symbolicname	net.java.dev.rome	Medium
Vendor	Manifest	bundle-docurl	http://rome.dev.java.net	Low
Vendor	pom	name	ROME, RSS and atOM utilitiEs for Java	High
Vendor	jar	package name	atom	Highest
Vendor	pom	organization name	ROME Project	High
Vendor	jar	package name	syndication	Highest
Vendor	pom	url	https://rome.dev.java.net/	Highest
Vendor	Manifest	embed-directory	META-INF/lib	Low
Product	jar	package name	rss	Highest
Product	file	name	rome	High
Product	pom	url	https://rome.dev.java.net/	Medium
Product	pom	groupid	net.java.dev.rome	Highest
Product	Manifest	Bundle-Name	ROME, RSS and atOM utilitiEs for Java	Medium
Product	Manifest	embed-transitive	true	Low
Product	Manifest	bundle-symbolicname	net.java.dev.rome	Medium
Product	pom	artifactid	rome	Highest
Product	Manifest	bundle-docurl	http://rome.dev.java.net	Low
Product	pom	organization name	ROME Project	Low
Product	pom	name	ROME, RSS and atOM utilitiEs for Java	High
Product	jar	package name	atom	Highest
Product	pom	organization url	http://rome.dev.java.net	Low
Product	jar	package name	syndication	Highest
Product	Manifest	embed-directory	META-INF/lib	Low
Version	pom	version	1.0.0	Highest
Version	Manifest	Bundle-Version	1.0.0	High
Version	file	version	1.0.0	High

Identifiers

pkg:maven/net.java.dev.rome/rome@1.0.0 (Confidence:High)

slf4j-api-1.7.30.jar

Description:

The slf4j API

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/slf4j/slf4j-api/1.7.30/slf4j-api-1.7.30.jar
MD5: f8be00da99bc4ab64c79ab1e2be7cb7c
SHA1: b5a4b6d16ab13e34a88fae84c35cd5d68cac922c
SHA256:cdba07964d1bb40a0761485c6b1e8c2f8fd9eb1d19c53928ac0d7f9510105c57
Referenced In Projects/Scopes:

NorthernWind (modules):compile
NorthernWind :: Profiling:compile
NorthernWind :: Commons for tests:compile
NorthernWind :: Filesystems :: SCM:compile
NorthernWind :: Frontend :: Webapp:runtime
NorthernWind :: Frontend :: Components :: HTML Template:compile
NorthernWind :: Frontend :: Media:compile
NorthernWind :: Frontend :: Spring MVC:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:runtime
NorthernWind :: Frontend :: Media :: Spring MVC:compile
NorthernWind :: Frontend :: Commons:compile
NorthernWind :: Filesystems:compile
NorthernWind :: Filesystems :: SCM :: Mercurial:compile
NorthernWind :: Core :: Default Implementation:compile
NorthernWind :: Frontend :: Webapp :: Commons:runtime
NorthernWind :: Core :: Default Marshalling:compile
NorthernWind :: Frontend:compile
NorthernWind :: Filesystems :: Basic:compile
NorthernWind :: Filesystems :: SCM :: Git:compile
NorthernWind :: Core:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:runtime
NorthernWind :: Frontend :: Components:compile
NorthernWind :: HTML Patches:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	Manifest	bundle-requiredexecutionenvironment	J2SE-1.5	Low
Vendor	Manifest	automatic-module-name	org.slf4j	Medium
Vendor	pom	groupid	slf4j	Highest
Vendor	pom	url	http://www.slf4j.org	Highest
Vendor	Manifest	bundle-symbolicname	slf4j.api	Medium
Vendor	pom	parent-groupid	org.slf4j	Medium
Vendor	pom	artifactid	slf4j-api	Low
Vendor	file	name	slf4j-api	High
Vendor	pom	parent-artifactid	slf4j-parent	Low
Vendor	pom	groupid	org.slf4j	Highest
Vendor	pom	name	SLF4J API Module	High
Vendor	jar	package name	slf4j	Highest
Product	pom	artifactid	slf4j-api	Highest
Product	Manifest	bundle-requiredexecutionenvironment	J2SE-1.5	Low
Product	Manifest	automatic-module-name	org.slf4j	Medium
Product	pom	groupid	slf4j	Highest
Product	pom	url	http://www.slf4j.org	Medium
Product	Manifest	Bundle-Name	slf4j-api	Medium
Product	pom	parent-artifactid	slf4j-parent	Medium
Product	Manifest	bundle-symbolicname	slf4j.api	Medium
Product	Manifest	Implementation-Title	slf4j-api	High
Product	pom	parent-groupid	org.slf4j	Medium
Product	file	name	slf4j-api	High
Product	pom	name	SLF4J API Module	High
Product	jar	package name	slf4j	Highest
Version	file	version	1.7.30	High
Version	pom	version	1.7.30	Highest
Version	Manifest	Bundle-Version	1.7.30	High
Version	Manifest	Implementation-Version	1.7.30	High

Identifiers

pkg:maven/org.slf4j/slf4j-api@1.7.30 (Confidence:High)

spotbugs-annotations-3.1.9.jar

Description:

Annotations the SpotBugs tool supports

License:

GNU LESSER GENERAL PUBLIC LICENSE, Version 2.1: https://www.gnu.org/licenses/old-licenses/lgpl-2.1.en.html

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/com/github/spotbugs/spotbugs-annotations/3.1.9/spotbugs-annotations-3.1.9.jar
MD5: 56a1a81d69b6a111161bbce0e6dea26a
SHA1: 2ef5127efcc1a899aab8c66d449a631c9a99c469
SHA256:68c7c46b4299e94837e236ae742f399901a950fe910fe3ca710026753b5dd2e1
Referenced In Projects/Scopes:

NorthernWind (modules):compile
NorthernWind :: Profiling:compile
NorthernWind :: Commons for tests:compile
NorthernWind :: Filesystems :: SCM:compile
NorthernWind :: Frontend :: Components :: HTML Template:compile
NorthernWind :: Frontend :: Media:compile
NorthernWind :: Frontend :: Webapp:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:compile
NorthernWind :: Frontend :: Spring MVC:compile
NorthernWind :: Frontend :: Media :: Spring MVC:compile
NorthernWind :: Frontend :: Commons:compile
NorthernWind :: Filesystems:compile
NorthernWind :: Filesystems :: SCM :: Mercurial:compile
NorthernWind :: Core :: Default Implementation:compile
NorthernWind :: Core :: Default Marshalling:compile
NorthernWind :: Frontend:compile
NorthernWind :: Filesystems :: Basic:compile
NorthernWind :: Filesystems :: SCM :: Git:compile
NorthernWind :: Frontend :: Webapp :: Commons:compile
NorthernWind :: Core:compile
NorthernWind :: Frontend :: Components:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile
NorthernWind :: HTML Patches:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	url	https://spotbugs.github.io/	Highest
Vendor	Manifest	bundle-symbolicname	spotbugs-annotations	Medium
Vendor	Manifest	bundle-requiredexecutionenvironment	J2SE-1.5	Low
Vendor	pom	name	SpotBugs Annotations	High
Vendor	Manifest	automatic-module-name	com.github.spotbugs.annotations	Medium
Vendor	pom	groupid	github.spotbugs	Highest
Vendor	pom	artifactid	spotbugs-annotations	Low
Vendor	pom	groupid	com.github.spotbugs	Highest
Vendor	file	name	spotbugs-annotations	High
Product	Manifest	bundle-symbolicname	spotbugs-annotations	Medium
Product	Manifest	bundle-requiredexecutionenvironment	J2SE-1.5	Low
Product	pom	name	SpotBugs Annotations	High
Product	Manifest	Bundle-Name	spotbugs-annotations	Medium
Product	pom	url	https://spotbugs.github.io/	Medium
Product	pom	artifactid	spotbugs-annotations	Highest
Product	Manifest	automatic-module-name	com.github.spotbugs.annotations	Medium
Product	pom	groupid	github.spotbugs	Highest
Product	file	name	spotbugs-annotations	High
Version	file	version	3.1.9	High
Version	Manifest	Bundle-Version	3.1.9	High
Version	pom	version	3.1.9	Highest

Identifiers

pkg:maven/com.github.spotbugs/spotbugs-annotations@3.1.9 (Confidence:High)

spring-core-5.3.1.jar

Description:

Spring Core

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/springframework/spring-core/5.3.1/spring-core-5.3.1.jar
MD5: df36706fc74458c9c28e97aca7fae409
SHA1: 47af5b161749cd249fc074b4f140e011a3337efd
SHA256:6ee995055163c59703be237be59f0565acb97c9d42c5d60df2bf3a4b4c6ef6e9
Referenced In Projects/Scopes:

NorthernWind :: Profiling:compile
NorthernWind :: Commons for tests:compile
NorthernWind :: Filesystems :: SCM:compile
NorthernWind :: Frontend :: Components :: HTML Template:compile
NorthernWind :: Frontend :: Media:compile
NorthernWind :: Frontend :: Webapp:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:compile
NorthernWind :: Frontend :: Spring MVC:compile
NorthernWind :: Frontend :: Media :: Spring MVC:compile
NorthernWind :: Frontend :: Commons:compile
NorthernWind :: Filesystems :: SCM :: Mercurial:compile
NorthernWind :: Core :: Default Implementation:compile
NorthernWind :: Core :: Default Marshalling:compile
NorthernWind :: Frontend:compile
NorthernWind :: Filesystems :: Basic:compile
NorthernWind :: Filesystems :: SCM :: Git:compile
NorthernWind :: Frontend :: Webapp :: Commons:compile
NorthernWind :: Core:compile
NorthernWind :: Frontend :: Components:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	groupid	org.springframework	Highest
Vendor	hint analyzer	vendor	SpringSource	Highest
Vendor	pom	groupid	springframework	Highest
Vendor	file	name	spring-core	High
Vendor	pom	artifactid	spring-core	Low
Vendor	hint analyzer	vendor	vmware	Highest
Vendor	pom	url	spring-projects/spring-framework	Highest
Vendor	jar	package name	springframework	Highest
Vendor	pom	organization name	Spring IO	High
Vendor	jar	package name	core	Highest
Vendor	jar	package name	io	Highest
Vendor	hint analyzer	vendor	pivotal software	Highest
Vendor	pom	organization url	https://spring.io/projects/spring-framework	Medium
Vendor	pom	name	Spring Core	High
Vendor	Manifest	automatic-module-name	spring.core	Medium
Product	Manifest	Implementation-Title	spring-core	High
Product	pom	groupid	springframework	Highest
Product	file	name	spring-core	High
Product	pom	organization url	https://spring.io/projects/spring-framework	Low
Product	jar	package name	springframework	Highest
Product	pom	artifactid	spring-core	Highest
Product	jar	package name	core	Highest
Product	jar	package name	io	Highest
Product	pom	organization name	Spring IO	Low
Product	pom	name	Spring Core	High
Product	pom	url	spring-projects/spring-framework	High
Product	Manifest	automatic-module-name	spring.core	Medium
Product	hint analyzer	product	springsource_spring_framework	Highest
Version	file	version	5.3.1	High
Version	pom	version	5.3.1	Highest
Version	Manifest	Implementation-Version	5.3.1	High

Related Dependencies

spring-jcl-5.3.1.jar
- File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/springframework/spring-jcl/5.3.1/spring-jcl-5.3.1.jar
- MD5: 5a4890886c1d3540e3b52a0ae3f6b850
- SHA1: 1158888aa7517f8997eb43afe47776d9d2de8a38
- SHA256: 31081cbd5bdfb2cc80d50f11d59deb6a410b1f21593af9e20f6ec6b4c0fe220d
- pkg:maven/org.springframework/spring-jcl@5.3.1
spring-expression-5.3.1.jar
- File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/springframework/spring-expression/5.3.1/spring-expression-5.3.1.jar
- MD5: d465932c5f36eed42ae9958fed2a098c
- SHA1: aee660842a21fbf49f6e5921aa07974f1650c498
- SHA256: 897f79c85ba4fb3ed7a086a982c909d5aba9161c4d8707b00868fa27403256b8
- pkg:maven/org.springframework/spring-expression@5.3.1
spring-aspects-5.3.1.jar
- File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/springframework/spring-aspects/5.3.1/spring-aspects-5.3.1.jar
- MD5: f364d6228c719936bc8751e997cb861d
- SHA1: 968c9205f85589b5c102b3232f499fa90ec28a48
- SHA256: 962195358fdd97d30204d5ad75dd9339c3f1db7e008ab106b524197a4889ac96
- pkg:maven/org.springframework/spring-aspects@5.3.1
spring-aop-5.3.1.jar
- File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/springframework/spring-aop/5.3.1/spring-aop-5.3.1.jar
- MD5: f08cd6faaf67d097bc4fbdf9684f325c
- SHA1: 25c310880484082ffba3130deb8e10c5afb29f10
- SHA256: a1f67fe0a11341c7da562053a74457191ead48db8ee49b7713f65c383c8b9526
- pkg:maven/org.springframework/spring-aop@5.3.1
spring-context-5.3.1.jar
- File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/springframework/spring-context/5.3.1/spring-context-5.3.1.jar
- MD5: bd13eda44ac28f87d752abaf0bbd5325
- SHA1: 736836c8098981ddabd309a0c15f967594da62bc
- SHA256: 5adcc88fc791d012e0993e2f5d3770e03c2432df5a561c63bfa9e1dc6ac93501
- pkg:maven/org.springframework/spring-context@5.3.1
spring-beans-5.3.1.jar
- File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/springframework/spring-beans/5.3.1/spring-beans-5.3.1.jar
- MD5: 8218016c1dfa50b56eb65bb7415db575
- SHA1: a4bb5ffad5564e4a0e25955e3a40b1c6158385b2
- SHA256: 86f7c1cdac78f5fe6e2547d8faef52e8c3528526563b542c4922479f5422c440
- pkg:maven/org.springframework/spring-beans@5.3.1

Identifiers

pkg:maven/org.springframework/spring-core@5.3.1 (Confidence:High)
cpe:2.3:a:pivotal_software:spring_framework:5.3.1:*:*:*:*:*:*:* (Confidence:Highest)
cpe:2.3:a:springsource:spring_framework:5.3.1:*:*:*:*:*:*:* (Confidence:Highest)
cpe:2.3:a:vmware:spring_framework:5.3.1:*:*:*:*:*:*:* (Confidence:Highest)

Published Vulnerabilities

CVE-2016-1000027

Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's position is that untrusted data is not an intended use case. The product's behavior will not be changed because some users rely on deserialization of trusted data.

CWE-502 Deserialization of Untrusted Data

CVSSv2:

Base Score: HIGH (7.5)
Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSSv3:

Base Score: CRITICAL (9.8)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions:

cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:* versions up to (excluding) 6.0.0

CVE-2021-22060

In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more places of the Spring Framework codebase.

NVD-CWE-noinfo

CVSSv2:

Base Score: MEDIUM (4.0)
Vector: /AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSSv3:

Base Score: MEDIUM (4.3)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2021-22096

In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries.

NVD-CWE-Other

CVSSv2:

Base Score: MEDIUM (4.0)
Vector: /AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSSv3:

Base Score: MEDIUM (4.3)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2021-22118

In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data.

CWE-668 Exposure of Resource to Wrong Sphere

CVSSv2:

Base Score: MEDIUM (4.6)
Vector: /AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSSv3:

Base Score: HIGH (7.8)
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

CONFIRM - https://security.netapp.com/advisory/ntap-20210713-0005/
MISC - https://tanzu.vmware.com/security/cve-2021-22118
MISC - https://www.oracle.com/security-alerts/cpuapr2022.html
MISC - https://www.oracle.com/security-alerts/cpujan2022.html
MISC - https://www.oracle.com/security-alerts/cpuoct2021.html
N/A - N/A
N/A - N/A
OSSINDEX - [CVE-2021-22118] CWE-668: Exposure of Resource to Wrong Sphere

Vulnerable Software & Versions: (show all)

CVE-2022-22950

n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.

CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv2:

Base Score: MEDIUM (4.0)
Vector: /AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSSv3:

Base Score: MEDIUM (6.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2022-22965

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.

CWE-94 Improper Control of Generation of Code ('Code Injection')

CVSSv2:

Base Score: HIGH (7.5)
Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSSv3:

Base Score: CRITICAL (9.8)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2022-22968

In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path.

CWE-178 Improper Handling of Case Sensitivity

CVSSv2:

Base Score: MEDIUM (5.0)
Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSSv3:

Base Score: MEDIUM (5.3)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References:

CONFIRM - https://security.netapp.com/advisory/ntap-20220602-0004/
MISC - https://tanzu.vmware.com/security/cve-2022-22968
N/A - N/A
OSSINDEX - [CVE-2022-22968] CWE-178: Improper Handling of Case Sensitivity

Vulnerable Software & Versions: (show all)

CVE-2022-22970

In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object.

CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv2:

Base Score: LOW (3.5)
Vector: /AV:N/AC:M/Au:S/C:N/I:N/A:P

CVSSv3:

Base Score: MEDIUM (5.3)
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

CONFIRM - https://security.netapp.com/advisory/ntap-20220616-0006/
MISC - https://tanzu.vmware.com/security/cve-2022-22970
N/A - N/A

Vulnerable Software & Versions: (show all)

CVE-2022-22971

In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user.

CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv2:

Base Score: MEDIUM (4.0)
Vector: /AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSSv3:

Base Score: MEDIUM (6.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

CONFIRM - https://security.netapp.com/advisory/ntap-20220616-0003/
MISC - https://tanzu.vmware.com/security/cve-2022-22971
N/A - N/A

Vulnerable Software & Versions: (show all)

spring-web-5.3.1.jar

Description:

Spring Web

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/springframework/spring-web/5.3.1/spring-web-5.3.1.jar
MD5: 2c074c8766b7fb749bdad2332d61d7f5
SHA1: 4e1e1d1c6b5a00597162db84132414c409bcf615
SHA256:925f3b82035f31b410309154c3ae1e48ffa5204280275bdc9390d91312ad4fb4
Referenced In Projects/Scopes:

NorthernWind :: Frontend :: Media :: Spring MVC:compile
NorthernWind :: Frontend :: Commons:compile
NorthernWind :: Frontend:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:compile
NorthernWind :: Frontend :: Spring MVC:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	groupid	org.springframework	Highest
Vendor	hint analyzer	vendor	SpringSource	Highest
Vendor	file	name	spring-web	High
Vendor	jar	package name	web	Highest
Vendor	pom	groupid	springframework	Highest
Vendor	hint analyzer	vendor	vmware	Highest
Vendor	pom	url	spring-projects/spring-framework	Highest
Vendor	pom	artifactid	spring-web	Low
Vendor	pom	name	Spring Web	High
Vendor	jar	package name	springframework	Highest
Vendor	pom	organization name	Spring IO	High
Vendor	hint analyzer	vendor	pivotal software	Highest
Vendor	pom	organization url	https://spring.io/projects/spring-framework	Medium
Vendor	Manifest	automatic-module-name	spring.web	Medium
Product	file	name	spring-web	High
Product	jar	package name	web	Highest
Product	pom	groupid	springframework	Highest
Product	pom	artifactid	spring-web	Highest
Product	pom	organization url	https://spring.io/projects/spring-framework	Low
Product	pom	name	Spring Web	High
Product	jar	package name	springframework	Highest
Product	pom	organization name	Spring IO	Low
Product	Manifest	Implementation-Title	spring-web	High
Product	Manifest	automatic-module-name	spring.web	Medium
Product	pom	url	spring-projects/spring-framework	High
Product	hint analyzer	product	springsource_spring_framework	Highest
Version	file	version	5.3.1	High
Version	pom	version	5.3.1	Highest
Version	Manifest	Implementation-Version	5.3.1	High

Related Dependencies

Identifiers

pkg:maven/org.springframework/spring-web@5.3.1 (Confidence:High)
cpe:2.3:a:pivotal_software:spring_framework:5.3.1:*:*:*:*:*:*:* (Confidence:Highest)
cpe:2.3:a:springsource:spring_framework:5.3.1:*:*:*:*:*:*:* (Confidence:Highest)
cpe:2.3:a:vmware:spring_framework:5.3.1:*:*:*:*:*:*:* (Confidence:Highest)
cpe:2.3:a:web_project:web:5.3.1:*:*:*:*:*:*:* (Confidence:Highest)

Published Vulnerabilities

CVE-2016-1000027

Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's position is that untrusted data is not an intended use case. The product's behavior will not be changed because some users rely on deserialization of trusted data.

CWE-502 Deserialization of Untrusted Data

CVSSv2:

Base Score: HIGH (7.5)
Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSSv3:

Base Score: CRITICAL (9.8)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions:

cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:* versions up to (excluding) 6.0.0

CVE-2021-22060

In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more places of the Spring Framework codebase.

NVD-CWE-noinfo

CVSSv2:

Base Score: MEDIUM (4.0)
Vector: /AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSSv3:

Base Score: MEDIUM (4.3)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2021-22096

In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries.

NVD-CWE-Other

CVSSv2:

Base Score: MEDIUM (4.0)
Vector: /AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSSv3:

Base Score: MEDIUM (4.3)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2021-22118

In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data.

CWE-668 Exposure of Resource to Wrong Sphere

CVSSv2:

Base Score: MEDIUM (4.6)
Vector: /AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSSv3:

Base Score: HIGH (7.8)
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

CONFIRM - https://security.netapp.com/advisory/ntap-20210713-0005/
MISC - https://tanzu.vmware.com/security/cve-2021-22118
MISC - https://www.oracle.com/security-alerts/cpuapr2022.html
MISC - https://www.oracle.com/security-alerts/cpujan2022.html
MISC - https://www.oracle.com/security-alerts/cpuoct2021.html
N/A - N/A
N/A - N/A
OSSINDEX - [CVE-2021-22118] CWE-668: Exposure of Resource to Wrong Sphere

Vulnerable Software & Versions: (show all)

CVE-2022-22950

n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.

CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv2:

Base Score: MEDIUM (4.0)
Vector: /AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSSv3:

Base Score: MEDIUM (6.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2022-22965

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.

CWE-94 Improper Control of Generation of Code ('Code Injection')

CVSSv2:

Base Score: HIGH (7.5)
Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSSv3:

Base Score: CRITICAL (9.8)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2022-22968

In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path.

CWE-178 Improper Handling of Case Sensitivity

CVSSv2:

Base Score: MEDIUM (5.0)
Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSSv3:

Base Score: MEDIUM (5.3)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References:

CONFIRM - https://security.netapp.com/advisory/ntap-20220602-0004/
MISC - https://tanzu.vmware.com/security/cve-2022-22968
N/A - N/A
OSSINDEX - [CVE-2022-22968] CWE-178: Improper Handling of Case Sensitivity

Vulnerable Software & Versions: (show all)

CVE-2022-22970

In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object.

CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv2:

Base Score: LOW (3.5)
Vector: /AV:N/AC:M/Au:S/C:N/I:N/A:P

CVSSv3:

Base Score: MEDIUM (5.3)
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

CONFIRM - https://security.netapp.com/advisory/ntap-20220616-0006/
MISC - https://tanzu.vmware.com/security/cve-2022-22970
N/A - N/A

Vulnerable Software & Versions: (show all)

CVE-2022-22971

In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user.

CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv2:

Base Score: MEDIUM (4.0)
Vector: /AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSSv3:

Base Score: MEDIUM (6.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

CONFIRM - https://security.netapp.com/advisory/ntap-20220616-0003/
MISC - https://tanzu.vmware.com/security/cve-2022-22971
N/A - N/A

Vulnerable Software & Versions: (show all)

txw2-3.0.0.jar

Description:

        TXW is a library that allows you to write XML documents.

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/glassfish/jaxb/txw2/3.0.0/txw2-3.0.0.jar
MD5: 2a1d385c609f13bbe5dddf3fb80902f3
SHA1: 01d2da507fbae72a98730c5dc19ec41e67f2cccd
SHA256:c9fe8d6d4ed08dff43f2173fd5f24dd0ae6c4fa293d12172de43bc41dcf502b2
Referenced In Projects/Scopes:

NorthernWind :: Core :: Default Marshalling:compile
NorthernWind :: Frontend :: Webapp:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:compile
NorthernWind :: Frontend :: Webapp :: Commons:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	parent-artifactid	jaxb-txw-parent	Low
Vendor	jar	package name	sun	Highest
Vendor	pom	groupid	glassfish.jaxb	Highest
Vendor	jar	package name	txw	Highest
Vendor	pom	name	TXW2 Runtime	High
Vendor	pom	parent-groupid	com.sun.xml.bind.mvn	Medium
Vendor	jar	package name	txw2	Highest
Vendor	Manifest	Implementation-Vendor	Eclipse Foundation	High
Vendor	jar (hint)	package name	oracle	Highest
Vendor	Manifest	git-revision	697e104	Low
Vendor	jar	package name	xml	Highest
Vendor	pom	groupid	org.glassfish.jaxb	Highest
Vendor	Manifest	Implementation-Vendor-Id	org.eclipse	Medium
Vendor	file	name	txw2	High
Vendor	pom	artifactid	txw2	Low
Product	jar	package name	sun	Highest
Product	pom	groupid	glassfish.jaxb	Highest
Product	jar	package name	txw	Highest
Product	pom	name	TXW2 Runtime	High
Product	pom	parent-groupid	com.sun.xml.bind.mvn	Medium
Product	Manifest	Implementation-Title	Jakarta XML Binding Implementation	High
Product	jar	package name	txw2	Highest
Product	pom	parent-artifactid	jaxb-txw-parent	Medium
Product	pom	artifactid	txw2	Highest
Product	Manifest	git-revision	697e104	Low
Product	jar	package name	xml	Highest
Product	file	name	txw2	High
Product	Manifest	specification-title	Jakarta XML Binding	Medium
Version	pom	version	3.0.0	Highest
Version	file	version	3.0.0	High
Version	Manifest	major-version	3.0.0	Medium
Version	Manifest	Implementation-Version	3.0.0	High
Version	Manifest	build-id	3.0.0	Medium

Identifiers

pkg:maven/org.glassfish.jaxb/txw2@3.0.0 (Confidence:High)

xmpcore-6.1.11.jar

Description:

The Adobe XMP Core library

License:

The BSD 3-Clause License (BSD3): https://opensource.org/licenses/BSD-3-Clause

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/com/adobe/xmp/xmpcore/6.1.11/xmpcore-6.1.11.jar
MD5: 37892425fcfeffe88554b3d66dd084ca
SHA1: 852f14101381e527e6d43339d7db1698c970436c
SHA256:8f7033c579b99fa0d9d6ddcb9448875b5e4b577c350002278ce46997d678b737
Referenced In Projects/Scopes:

NorthernWind :: Frontend :: Media :: Spring MVC:compile
NorthernWind :: Frontend :: Media:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	groupid	com.adobe.xmp	Highest
Vendor	pom	groupid	adobe.xmp	Highest
Vendor	Manifest	bundle-symbolicname	com.adobe.xmp.xmpcore	Medium
Vendor	pom	artifactid	xmpcore	Low
Vendor	pom	url	https://www.adobe.com/devnet/xmp/library/eula-xmp-library-java.html	Highest
Vendor	jar	package name	xmp	Highest
Vendor	pom	name	Adobe XMPCore	High
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))"	Low
Vendor	Manifest	build-jdk-spec	1.8	Low
Vendor	file	name	xmpcore	High
Vendor	jar	package name	adobe	Highest
Product	pom	groupid	adobe.xmp	Highest
Product	Manifest	bundle-symbolicname	com.adobe.xmp.xmpcore	Medium
Product	pom	artifactid	xmpcore	Highest
Product	jar	package name	xmp	Highest
Product	Manifest	Bundle-Name	Adobe XMPCore	Medium
Product	pom	name	Adobe XMPCore	High
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))"	Low
Product	pom	url	https://www.adobe.com/devnet/xmp/library/eula-xmp-library-java.html	Medium
Product	Manifest	build-jdk-spec	1.8	Low
Product	file	name	xmpcore	High
Product	jar	package name	adobe	Highest
Version	file	version	6.1.11	High
Version	Manifest	Bundle-Version	6.1.11	High
Version	pom	version	6.1.11	Highest

Identifiers

pkg:maven/com.adobe.xmp/xmpcore@6.1.11 (Confidence:High)

xsom-3.0.0.jar

Description:

XML Schema Object Model (XSOM) is a Java library that allows applications to easily parse XML Schema
        documents and inspect information in them. It is expected to be useful for applications that need to take XML
        Schema as an input.

License:

Eclipse Distribution License - v 1.0: http://www.eclipse.org/org/documents/edl-v10.php

File Path: /Volumes/Users/fritz/LocalData/Business/Tidalwave/Projects/WorkAreas/tidalwave.bitbucket.io/repository/org/glassfish/jaxb/xsom/3.0.0/xsom-3.0.0.jar
MD5: 121b95bf9d4281ee572173186b638c65
SHA1: c1f8c470769764aeac3a6cd3146c4524ee24c61e
SHA256:e1a96df9da08da8c0dcf0287794f0e5036ad37a3e392328091c8ea74237997d9
Referenced In Projects/Scopes:

NorthernWind :: Core :: Default Marshalling:compile
NorthernWind :: Frontend :: Webapp:compile
NorthernWind :: Frontend :: Webapp :: Spring MVC:compile
NorthernWind :: Frontend :: Webapp :: Commons:compile
NorthernWind :: Frontend :: Webapp :: Media :: Spring MVC:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	Manifest	implementation-build-id	3.0.0 - 697e104	Low
Vendor	pom	groupid	glassfish.jaxb	Highest
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	pom	artifactid	xsom	Low
Vendor	pom	parent-groupid	org.eclipse.ee4j	Medium
Vendor	Manifest	Implementation-Vendor	Eclipse Foundation	High
Vendor	Manifest	bundle-docurl	https://www.eclipse.org	Low
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	jar	package name	xsom	Highest
Vendor	Manifest	bundle-symbolicname	org.glassfish.jaxb.xsom	Medium
Vendor	pom	name	XSOM	High
Vendor	file	name	xsom	High
Vendor	pom	parent-artifactid	project	Low
Vendor	jar	package name	xml	Highest
Vendor	pom	groupid	org.glassfish.jaxb	Highest
Product	Manifest	implementation-build-id	3.0.0 - 697e104	Low
Product	pom	groupid	glassfish.jaxb	Highest
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	pom	parent-groupid	org.eclipse.ee4j	Medium
Product	Manifest	bundle-docurl	https://www.eclipse.org	Low
Product	Manifest	build-jdk-spec	11	Low
Product	pom	parent-artifactid	project	Medium
Product	jar	package name	xsom	Highest
Product	pom	artifactid	xsom	Highest
Product	Manifest	Bundle-Name	XSOM	Medium
Product	Manifest	bundle-symbolicname	org.glassfish.jaxb.xsom	Medium
Product	pom	name	XSOM	High
Product	file	name	xsom	High
Product	jar	package name	xml	Highest
Product	Manifest	Implementation-Title	XSOM	High
Version	pom	version	3.0.0	Highest
Version	file	version	3.0.0	High
Version	pom	parent-version	3.0.0	Low
Version	Manifest	implementation-build-id	3.0.0	Low
Version	Manifest	Implementation-Version	3.0.0	High
Version	Manifest	Bundle-Version	3.0.0	High

Identifiers

pkg:maven/org.glassfish.jaxb/xsom@3.0.0 (Confidence:High)

How to read the report | Suppressing false positives | Getting Help: github issues

Project: NorthernWind (modules)

it.tidalwave.northernwind:it-tidalwave-northernwind-modules:1.2-ALPHA-9

Summary

Dependencies

ST4-4.1.jar

Evidence

Identifiers

antlr-runtime-3.5.2.jar

Evidence

Identifiers

aspectjrt-1.9.6.jar

Evidence

Identifiers

codemodel-3.0.0.jar

Evidence

Identifiers

commons-io-2.4.jar

Evidence

Identifiers

Published Vulnerabilities

commons-math3-3.0.jar

Evidence

Identifiers

Published Vulnerabilities

dtd-parser-1.4.3.jar

Evidence

Identifiers

hamcrest-core-1.3.jar

Evidence

Identifiers

image-core-1.0-ALPHA-7.jar

Evidence

Identifiers

istack-commons-tools-4.0.0.jar

Evidence

Related Dependencies

Identifiers

it-tidalwave-html-patches-1.2-ALPHA-9.jar

Evidence

Identifiers

it-tidalwave-messagebus-3.2-ALPHA-13.jar

Evidence

Identifiers

it-tidalwave-messagebus-spring-3.2-ALPHA-13.jar

Evidence

Identifiers

it-tidalwave-northernwind-core-1.2-ALPHA-9.jar

Evidence

Identifiers

it-tidalwave-northernwind-core-default-1.2-ALPHA-9.jar

Evidence

Identifiers

it-tidalwave-northernwind-core-filesystem-basic-1.2-ALPHA-9.jar

Evidence

Identifiers

it-tidalwave-northernwind-core-filesystem-git-1.2-ALPHA-9.jar

Evidence

Identifiers

it-tidalwave-northernwind-core-filesystem-hg-1.2-ALPHA-9.jar

Evidence

Identifiers

Published Vulnerabilities

it-tidalwave-northernwind-core-filesystem-scm-1.2-ALPHA-9.jar

Evidence

Identifiers

it-tidalwave-northernwind-core-marshalling-default-1.2-ALPHA-9.jar

Evidence

Identifiers

it-tidalwave-northernwind-core-profiling-1.2-ALPHA-9.jar

Evidence

Identifiers

it-tidalwave-northernwind-frontend-commons-1.2-ALPHA-9.jar

Evidence

Identifiers

it-tidalwave-northernwind-frontend-components-1.2-ALPHA-9.jar

Evidence

Identifiers

it-tidalwave-northernwind-frontend-components-htmltemplate-1.2-ALPHA-9.jar

Evidence