Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies;
false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and
the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties,
implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided
is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever
arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
The AspectJ runtime is a small library necessary to run Java programs enhanced by AspectJ aspects during a previous
compile-time or post-compile-time (binary weaving) build step.
License:
Eclipse Public License - v 2.0: https://www.eclipse.org/org/documents/epl-2.0/EPL-2.0.txt
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/aspectj/aspectjrt/1.9.22.1/aspectjrt-1.9.22.1.jar MD5: fde533763d923fce83b4feca25e6b07c SHA1: 2b4f27c886fe697fc042f1f67eff7aa6e17e9473 SHA256:00011425df09198c005b8f9e1203f0c4ddd46b52bd4d4b38746c1b7eb6b9c10e Referenced In Project/Scope: SteelBlue - Examples - JavaFX presentation:runtime aspectjrt-1.9.22.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/it.tidalwave.steelblue/it-tidalwave-steelblue-example-presentation-javafx@1.1-ALPHA-4
The AspectJ weaver applies aspects to Java classes. It can be used as a Java agent in order to apply load-time
weaving (LTW) during class-loading and also contains the AspectJ runtime classes.
License:
Eclipse Public License - v 2.0: https://www.eclipse.org/org/documents/epl-2.0/EPL-2.0.txt
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/aspectj/aspectjweaver/1.9.22.1/aspectjweaver-1.9.22.1.jar MD5: f2edbc088126174a11b68279bd26c6eb SHA1: bca243d0af0db4758fbae45c5f4995cb5dabb612 SHA256:cd2dd01ec2424c05669df4d557f6c6cd7ed87b05257ee3c866b4c5b116b18a78 Referenced In Project/Scope: SteelBlue - Examples - JavaFX presentation:compile aspectjweaver-1.9.22.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework/spring-aspects@5.3.37
High quality UI controls and other tools to complement the core JavaFX distribution
License:
The 3-Clause BSD License: http://www.opensource.org/licenses/bsd-license.php
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/controlsfx/controlsfx/11.0.0/controlsfx-11.0.0.jar MD5: 8476c5f2b8e53057ced89957b5800a41 SHA1: b6d091db1c3323eaa11d7c95b36f7830c4814689 SHA256:7b9373284bdb94bdaf4a47a4c86097ab7e944135170c06e0db0c564e721b5992 Referenced In Project/Scope: SteelBlue - Examples - JavaFX presentation:runtime controlsfx-11.0.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/it.tidalwave.steelblue/it-tidalwave-role-ui-javafx@1.1-ALPHA-4
Roles are a powerful way for designing complex behaviours while keeping good practices such as Single Responsibility, Dependency Inversion and
Interface Segregation.
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/it/tidalwave/thesefoolishthings/it-tidalwave-role/3.2-ALPHA-24/it-tidalwave-role-3.2-ALPHA-24.jar MD5: 03c70042a28ce3c67af0117708e78a8d SHA1: cb965781b67b40d6c7f3e09bbe5a59ef934bb0fc SHA256:0ff4eb4ccb233cbfb65c89ce121e3fc2b6d907d4d1d494133e0dd49b8fe45551 Referenced In Project/Scope: SteelBlue - Examples - JavaFX presentation:compile it-tidalwave-role-3.2-ALPHA-24.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/it.tidalwave.steelblue/it-tidalwave-steelblue-example-presentation-javafx@1.1-ALPHA-4
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/it/tidalwave/thesefoolishthings/it-tidalwave-role-spring/3.2-ALPHA-24/it-tidalwave-role-spring-3.2-ALPHA-24.jar MD5: 2f14e90a953ccc7bbaeb3e8961e7a693 SHA1: 7bd5a5916099ac476a3d7eeb4955d59eb2151144 SHA256:070b8113493b8970adbd2253168c82e8312e7ed59a767bf516766f455b958882 Referenced In Project/Scope: SteelBlue - Examples - JavaFX presentation:compile it-tidalwave-role-spring-3.2-ALPHA-24.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/it.tidalwave.steelblue/it-tidalwave-steelblue-example-presentation-javafx@1.1-ALPHA-4
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/it/tidalwave/thesefoolishthings/it-tidalwave-util/3.2-ALPHA-24/it-tidalwave-util-3.2-ALPHA-24.jar MD5: 1bd6e1d7d3b38390d73e52d60125ad65 SHA1: 77df5aa3f7b6a1647c7ac73b70dfd1ea047afc8e SHA256:1cd466c22b0df169f21e90380f111449507fddef314d9fb829b7ed4068b6d34b Referenced In Project/Scope: SteelBlue - Examples - JavaFX presentation:compile it-tidalwave-util-3.2-ALPHA-24.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/it.tidalwave.steelblue/it-tidalwave-steelblue-example-presentation@1.1-ALPHA-4
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/openjfx/javafx-base/23.0.1/javafx-base-23.0.1-mac.jar MD5: 50521c3cf24408c66eb193d9fb52389c SHA1: f05e1e71fd87eb17b445b02b08307e722023439b SHA256:c904420bb5381a048e00102cbe96e70d34194b1a4f0d7acba5df8dd6820c4e11 Referenced In Project/Scope: SteelBlue - Examples - JavaFX presentation:compile javafx-base-23.0.1-mac.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/it.tidalwave.steelblue/it-tidalwave-role-ui-javafx@1.1-ALPHA-4
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/openjfx/javafx-base/23.0.1/javafx-base-23.0.1.jar MD5: 24fafc190097fa4d3191414e409794a8 SHA1: b09ccc9d998ad8eb1fade4e100c3ff0835d018b5 SHA256:88453a8d4cc921740c84e315e8021b9d984b0920d3c923187c5fd0c2cc1d683c Referenced In Project/Scope: SteelBlue - Examples - JavaFX presentation:compile javafx-base-23.0.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/it.tidalwave.steelblue/it-tidalwave-role-ui-javafx@1.1-ALPHA-4
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/openjfx/javafx-controls/23.0.1/javafx-controls-23.0.1-mac.jar MD5: 7b6b79148d891ebf79e93e25dfa698e9 SHA1: aa479f0c3f6275c20dbdf9591bbeffdcabe7b459 SHA256:5ed2be004d63e98803295b37e0c22a84b1c45c0b0343e2595cf4dcf17777037d Referenced In Project/Scope: SteelBlue - Examples - JavaFX presentation:compile javafx-controls-23.0.1-mac.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/it.tidalwave.steelblue/it-tidalwave-role-ui-javafx@1.1-ALPHA-4
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/openjfx/javafx-controls/23.0.1/javafx-controls-23.0.1.jar MD5: 3e895a68f8b410520579f1fac70f4cf2 SHA1: c85b22eae11514b5481eb3dea9e2d448235ac592 SHA256:dd771a1dcd8b744e1672035aa3c62833e63465fa6066b3a0c2ea27f177cbd4ef Referenced In Project/Scope: SteelBlue - Examples - JavaFX presentation:compile javafx-controls-23.0.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/it.tidalwave.steelblue/it-tidalwave-role-ui-javafx@1.1-ALPHA-4
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/openjfx/javafx-fxml/23.0.1/javafx-fxml-23.0.1-mac.jar MD5: a3f7dbeeb1746f64659cadc55bef307e SHA1: b2dd65b856b98a785b154ed395cad830763aefdc SHA256:2d4c42b15d0e08c3ccd6626b32cf669cd4c38cf4b82d9b64bb9d0805d15e58f9 Referenced In Project/Scope: SteelBlue - Examples - JavaFX presentation:compile javafx-fxml-23.0.1-mac.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/it.tidalwave.steelblue/it-tidalwave-role-ui-javafx@1.1-ALPHA-4
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/openjfx/javafx-fxml/23.0.1/javafx-fxml-23.0.1.jar MD5: cd2178449193cd81f101514d072eef88 SHA1: 48ddf89947ddfba21890f670006e3692050e28a3 SHA256:4400b42878b249a776a6cf920d9523cab42c9fb26ba220f9a4f86b932270dde0 Referenced In Project/Scope: SteelBlue - Examples - JavaFX presentation:compile javafx-fxml-23.0.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/it.tidalwave.steelblue/it-tidalwave-role-ui-javafx@1.1-ALPHA-4
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/openjfx/javafx-graphics/23.0.1/javafx-graphics-23.0.1-mac.jar MD5: 0ff8b8cd7d68417844a84558a1dc0999 SHA1: 2179e556885f143e43b0bd180a347719a9ff26c6 SHA256:ea4bbfdece5852b4b7e4facad497a02e28e78c6c47f2762d3f09ade034f90b9c Referenced In Project/Scope: SteelBlue - Examples - JavaFX presentation:compile javafx-graphics-23.0.1-mac.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/it.tidalwave.steelblue/it-tidalwave-role-ui-javafx@1.1-ALPHA-4
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/openjfx/javafx-graphics/23.0.1/javafx-graphics-23.0.1.jar MD5: 04e5cde14cc94c22025b2edbe7380c42 SHA1: 86bfcc23faf67f7eb9a6dc09b062f75499e9a76c SHA256:9090abb6881488e74b8f87e45a8238ec3324ec44ecc60fc1fb7b5032d8095111 Referenced In Project/Scope: SteelBlue - Examples - JavaFX presentation:compile javafx-graphics-23.0.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/it.tidalwave.steelblue/it-tidalwave-role-ui-javafx@1.1-ALPHA-4
CDDL + GPLv2 with classpath exception: https://github.com/javaee/javax.annotation/blob/master/LICENSE
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/javax/annotation/javax.annotation-api/1.3.2/javax.annotation-api-1.3.2.jar MD5: 2ab1973eefffaa2aeec47d50b9e40b9d SHA1: 934c04d3cfef185a8008e7bf34331b79730a9d43 SHA256:e04ba5195bcd555dc95650f7cc614d151e4bcd52d29a10b8aa2197f3ab89ab9b Referenced In Project/Scope: SteelBlue - Examples - JavaFX presentation:compile javax.annotation-api-1.3.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/it.tidalwave.thesefoolishthings/it-tidalwave-role@3.2-ALPHA-24
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/javax/inject/javax.inject/1/javax.inject-1.jar MD5: 289075e48b909e9e74e6c915b3631d2e SHA1: 6975da39a7040257bd51d21a231b76c915872d38 SHA256:91c77044a50c481636c32d916fd89c9118a72195390452c81065080f957de7ff Referenced In Project/Scope: SteelBlue - Examples - JavaFX presentation:compile javax.inject-1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/it.tidalwave.steelblue/it-tidalwave-role-ui-javafx@1.1-ALPHA-4
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/slf4j/jcl-over-slf4j/2.0.16/jcl-over-slf4j-2.0.16.jar MD5: c077b88c43f9d63f64f9880fdb457efb SHA1: 9d08badad22f1ac07deac9188ade596472a2bfd9 SHA256:5744d62c5af556e839ab922c9fa3f737f0a5971e478ba68b2eb5256b2842ec78 Referenced In Project/Scope: SteelBlue - Examples - JavaFX presentation:runtime jcl-over-slf4j-2.0.16.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/it.tidalwave.steelblue/it-tidalwave-steelblue-example-presentation-javafx@1.1-ALPHA-4
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/jfxtras/jmetro/11.6.14/jmetro-11.6.14.jar MD5: 2dbdab0d96cf0b0d9d886a5f618b2d21 SHA1: e7a760f00799966e257a4fae37ab13563f461af9 SHA256:d05af705f5fafb1fd2a12131671809796937bef95a94f8913ab25636f3263694 Referenced In Project/Scope: SteelBlue - Examples - JavaFX presentation:compile jmetro-11.6.14.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/it.tidalwave.steelblue/it-tidalwave-role-ui-javafx@1.1-ALPHA-4
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar MD5: dd83accb899363c32b07d7a1b2e4ce40 SHA1: 25ea2e8b0c338a877313bd4672d3fe056ea78f0d SHA256:766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7 Referenced In Project/Scope: SteelBlue - Examples - JavaFX presentation:compile jsr305-3.0.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/it.tidalwave.thesefoolishthings/it-tidalwave-role@3.2-ALPHA-24
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/slf4j/jul-to-slf4j/2.0.16/jul-to-slf4j-2.0.16.jar MD5: 410ad2f2230e0150216d86e12a4af995 SHA1: 6d57da3e961daac65bcca0dd3def6cd11e48a24a SHA256:0f2ec396ea29c9a440890d1f09fdb82fdd574b47b298435764235451c193861d Referenced In Project/Scope: SteelBlue - Examples - JavaFX presentation:runtime jul-to-slf4j-2.0.16.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/it.tidalwave.steelblue/it-tidalwave-steelblue-example-presentation-javafx@1.1-ALPHA-4
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/ch/qos/logback/logback-classic/1.5.12/logback-classic-1.5.12.jar MD5: 5f752b29e5cf40b79a5bedef12cee8c3 SHA1: 3790d1a62e868f7915776dfb392bd9a29ce8d954 SHA256:ebe1a2ce1072b365090d58af40fcb7482d7864a31cd2b1c62c9b1d13f9a80c09 Referenced In Project/Scope: SteelBlue - Examples - JavaFX presentation:runtime logback-classic-1.5.12.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/it.tidalwave.steelblue/it-tidalwave-steelblue-example-presentation-javafx@1.1-ALPHA-4
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/ch/qos/logback/logback-core/1.5.12/logback-core-1.5.12.jar MD5: e381425e2c7eb1b0b0f3fa93f6c67355 SHA1: 65b1fa25fe8d8e4bdc140e79eb67ac6741f775e2 SHA256:3f35b41621c2cbf72a9d9f3ce2270ba2040e4808bd6befdd720866e926d3e84a Referenced In Project/Scope: SteelBlue - Examples - JavaFX presentation:runtime logback-core-1.5.12.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/it.tidalwave.steelblue/it-tidalwave-steelblue-example-presentation-javafx@1.1-ALPHA-4
ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core
upto and including version 1.5.12 in Java applications allows
attacker to execute arbitrary code by compromising an existing
logback configuration file or by injecting an environment variable
before program execution.
Malicious logback configuration files can allow the attacker to execute
arbitrary code using the JaninoEventEvaluator extension.
A successful attack requires the user to have write access to a
configuration file. Alternatively, the attacker could inject a malicious
environment variable pointing to a malicious configuration file. In both
cases, the attack requires existing privilege.
CWE-917 Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
Server-Side Request Forgery (SSRF) in SaxEventRecorder by QOS.CH logback version 1.5.12 on the Java platform, allows an attacker to
forge requests by compromising logback configuration files in XML.
The attacks involves the modification of DOCTYPE declaration in XML configuration files.
Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2024-12801 for details
Spice up your java: Automatic Resource Management, automatic generation of getters, setters, equals, hashCode and toString, and more!
License:
The MIT License: https://projectlombok.org/LICENSE
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/projectlombok/lombok/1.18.36/lombok-1.18.36.jar MD5: 92c08153ae16c161c8cc2cc8185d2724 SHA1: 5a30490a6e14977d97d9c73c924c1f1b5311ea95 SHA256:73b6b05b6a2d365b700bab08d30f94de9d336490bc0acce5b6181fef48cbf18e Referenced In Project/Scope: SteelBlue - Examples - JavaFX presentation:provided lombok-1.18.36.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/it.tidalwave.steelblue/it-tidalwave-steelblue-example-presentation-javafx@1.1-ALPHA-4
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/slf4j/slf4j-api/2.0.16/slf4j-api-2.0.16.jar MD5: c8de8f5d740584cb24b5652cfba8b3c4 SHA1: 0172931663a09a1fa515567af5fbef00897d3c04 SHA256:a12578dde1ba00bd9b816d388a0b879928d00bab3c83c240f7013bf4196c579a Referenced In Project/Scope: SteelBlue - Examples - JavaFX presentation:compile slf4j-api-2.0.16.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/it.tidalwave.thesefoolishthings/it-tidalwave-role@3.2-ALPHA-24
GNU LESSER GENERAL PUBLIC LICENSE, Version 2.1: https://www.gnu.org/licenses/old-licenses/lgpl-2.1.en.html
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/com/github/spotbugs/spotbugs-annotations/3.1.9/spotbugs-annotations-3.1.9.jar MD5: 56a1a81d69b6a111161bbce0e6dea26a SHA1: 2ef5127efcc1a899aab8c66d449a631c9a99c469 SHA256:68c7c46b4299e94837e236ae742f399901a950fe910fe3ca710026753b5dd2e1 Referenced In Project/Scope: SteelBlue - Examples - JavaFX presentation:compile spotbugs-annotations-3.1.9.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/it.tidalwave.thesefoolishthings/it-tidalwave-role@3.2-ALPHA-24
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/springframework/spring-core/5.3.37/spring-core-5.3.37.jar MD5: fbc5c33d34c54949e9f8cb07acf70e16 SHA1: a6664808571dcb93b2949c20c8af923a51946b1b SHA256:fa368ec048ab821774c5259498462a53eb7c860c3ce876e427e1b18999efb4b8 Referenced In Project/Scope: SteelBlue - Examples - JavaFX presentation:compile spring-core-5.3.37.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework/spring-beans@5.3.37
The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected.
NVD-CWE-noinfo, CWE-178 Improper Handling of Case Sensitivity
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/springframework/spring-expression/5.3.37/spring-expression-5.3.37.jar MD5: 4cb4ca755ad6d729b0fff17be4071014 SHA1: df34b75531291e192144bb08ae307540504fef19 SHA256:1b8bc056a122b49a6d80c3c024395bebdfada8353eae31b052da98963dabc00d Referenced In Project/Scope: SteelBlue - Examples - JavaFX presentation:compile spring-expression-5.3.37.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/it.tidalwave.steelblue/it-tidalwave-role-ui-javafx@1.1-ALPHA-4
In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language (SpEL) expression that may cause a denial of service (DoS) condition.
Specifically, an application is vulnerable when the following is true:
* The application evaluates user-supplied SpEL expressions.
Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2024-38808 for details
CWE-770 Allocation of Resources Without Limits or Throttling
The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected.
NVD-CWE-noinfo, CWE-178 Improper Handling of Case Sensitivity