Press CTR-C to copy XML [help]


Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

How to read the report | Suppressing false positives | Getting Help: github issues

 Sponsor

Project: SteelBlue :: Core

it.tidalwave.steelblue:it-tidalwave-ui-core:3.0-ALPHA-5

Scan Information (show all):

Summary

Display: Showing Vulnerable Dependencies (click to show all)

DependencyVulnerability IDsPackageHighest SeverityCVE CountConfidenceEvidence Count
apiguardian-api-1.1.2.jarpkg:maven/org.apiguardian/apiguardian-api@1.1.2 040
aspectjweaver-1.9.24.jarpkg:maven/org.aspectj/aspectjweaver@1.9.24 049
it-tidalwave-messagebus-5.0-ALPHA-3.jarpkg:maven/it.tidalwave.thesefoolishthings/it-tidalwave-messagebus@5.0-ALPHA-3 024
it-tidalwave-messagebus-spring-5.0-ALPHA-3.jarpkg:maven/it.tidalwave.thesefoolishthings/it-tidalwave-messagebus-spring@5.0-ALPHA-3 024
it-tidalwave-role-5.0-ALPHA-3.jarpkg:maven/it.tidalwave.thesefoolishthings/it-tidalwave-role@5.0-ALPHA-3 024
it-tidalwave-util-5.0-ALPHA-3.jarpkg:maven/it.tidalwave.thesefoolishthings/it-tidalwave-util@5.0-ALPHA-3 024
jakarta.annotation-api-3.0.0.jarcpe:2.3:a:oracle:projects:3.0.0:*:*:*:*:*:*:*pkg:maven/jakarta.annotation/jakarta.annotation-api@3.0.0 0Low42
jsr305-3.0.2.jarpkg:maven/com.google.code.findbugs/jsr305@3.0.2 017
lombok-1.18.38.jarpkg:maven/org.projectlombok/lombok@1.18.38 036
lombok-1.18.38.jar: mavenEcjBootstrapAgent.jar 07
micrometer-commons-1.14.5.jarpkg:maven/io.micrometer/micrometer-commons@1.14.5 065
micrometer-observation-1.14.5.jarpkg:maven/io.micrometer/micrometer-observation@1.14.5 065
slf4j-api-2.0.17.jarpkg:maven/org.slf4j/slf4j-api@2.0.17 029
spotbugs-annotations-4.9.3.jarpkg:maven/com.github.spotbugs/spotbugs-annotations@4.9.3 053
spring-context-6.2.6.jarcpe:2.3:a:pivotal_software:spring_framework:6.2.6:*:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:6.2.6:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:6.2.6:*:*:*:*:*:*:*		pkg:maven/org.springframework/spring-context@6.2.6LOW1Highest35
spring-core-6.2.6.jarcpe:2.3:a:pivotal_software:spring_framework:6.2.6:*:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:6.2.6:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:6.2.6:*:*:*:*:*:*:*		pkg:maven/org.springframework/spring-core@6.2.6 0Highest41

Dependencies (vulnerable)

apiguardian-api-1.1.2.jar

Description:

@API Guardian

License:

The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/apiguardian/apiguardian-api/1.1.2/apiguardian-api-1.1.2.jar
MD5: 8c7de3f82037fa4a2e8be2a2f13092af
SHA1: a231e0d844d2721b0fa1b238006d15c6ded6842a
SHA256:b509448ac506d607319f182537f0b35d71007582ec741832a1f111e5b5b70b38
Referenced In Project/Scope: SteelBlue :: Core:compile
apiguardian-api-1.1.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/it.tidalwave.steelblue/it-tidalwave-ui-core@3.0-ALPHA-5

Identifiers

aspectjweaver-1.9.24.jar

Description:

The AspectJ weaver applies aspects to Java classes. It can be used as a Java agent in order to apply load-time
		weaving (LTW) during class-loading and also contains the AspectJ runtime classes.

License:

Eclipse Public License - v 2.0: https://www.eclipse.org/org/documents/epl-2.0/EPL-2.0.txt
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/aspectj/aspectjweaver/1.9.24/aspectjweaver-1.9.24.jar
MD5: d95bb9406a5351d45a02145777b9a241
SHA1: 9b5aeb0cea9f958b9c57fb80e62996e95a3e9379
SHA256:75e4227fb7dc5f97c3d4689cd1c2439f4db0bd18cea2fa242c4656cd93c599aa
Referenced In Project/Scope: SteelBlue :: Core:compile
aspectjweaver-1.9.24.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/it.tidalwave.thesefoolishthings/it-tidalwave-messagebus-spring@5.0-ALPHA-3

Identifiers

it-tidalwave-messagebus-5.0-ALPHA-3.jar

Description:

        An abstract description of a simple message bus to be used within an application.

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/it/tidalwave/thesefoolishthings/it-tidalwave-messagebus/5.0-ALPHA-3/it-tidalwave-messagebus-5.0-ALPHA-3.jar
MD5: 6e854cf06e3912f37f2c8b865c835c83
SHA1: a419a06764c44e83364c831fd3615e5d8ce221ab
SHA256:2169d03735e48e256d63bc0aada79ee920b7f44b2802fa6fa5784da44733ff76
Referenced In Project/Scope: SteelBlue :: Core:compile
it-tidalwave-messagebus-5.0-ALPHA-3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/it.tidalwave.steelblue/it-tidalwave-ui-core@3.0-ALPHA-5

Identifiers

it-tidalwave-messagebus-spring-5.0-ALPHA-3.jar

Description:

        A Spring implementation of a simple message bus to be used within an application.

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/it/tidalwave/thesefoolishthings/it-tidalwave-messagebus-spring/5.0-ALPHA-3/it-tidalwave-messagebus-spring-5.0-ALPHA-3.jar
MD5: 9b53e76c2c03ae7e2f6b95fe7b93d682
SHA1: 3d44f6e1da7a23b048a6b9916a49343863bf92ce
SHA256:bafafb32b0c8065b2aca7aaafd9ca5641afe67c6ff5bddb3ca8d30c4a5ac28c1
Referenced In Project/Scope: SteelBlue :: Core:compile
it-tidalwave-messagebus-spring-5.0-ALPHA-3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/it.tidalwave.steelblue/it-tidalwave-ui-core@3.0-ALPHA-5

Identifiers

it-tidalwave-role-5.0-ALPHA-3.jar

Description:

        Roles are a powerful way for designing complex behaviours while keeping good practices such as Single Responsibility, Dependency Inversion and
        Interface Segregation.

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/it/tidalwave/thesefoolishthings/it-tidalwave-role/5.0-ALPHA-3/it-tidalwave-role-5.0-ALPHA-3.jar
MD5: 317704421a25571fd7ae9cfbf7d35d1e
SHA1: 9b2b8ef03139eb1d9033dc06d91e4a274efe3947
SHA256:23dcb4adf1b407e28fe2cac95cb2ccbca8039fc458b3af0d70dff3ab7fa5afdb
Referenced In Project/Scope: SteelBlue :: Core:compile
it-tidalwave-role-5.0-ALPHA-3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/it.tidalwave.steelblue/it-tidalwave-ui-core@3.0-ALPHA-5

Identifiers

it-tidalwave-util-5.0-ALPHA-3.jar

Description:

        A collection of common utilities.

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/it/tidalwave/thesefoolishthings/it-tidalwave-util/5.0-ALPHA-3/it-tidalwave-util-5.0-ALPHA-3.jar
MD5: 388db401372813eb3c5d27cbea6003d5
SHA1: b5ca0cea5f435818fc460cbbc56af6ed461855cc
SHA256:504c7f09d642419b9ba45455d088c7f8cea9661200064ced325a24901407118d
Referenced In Project/Scope: SteelBlue :: Core:compile
it-tidalwave-util-5.0-ALPHA-3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/it.tidalwave.steelblue/it-tidalwave-ui-core@3.0-ALPHA-5

Identifiers

jakarta.annotation-api-3.0.0.jar

Description:

Jakarta Annotations API

License:

EPL 2.0: https://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/jakarta/annotation/jakarta.annotation-api/3.0.0/jakarta.annotation-api-3.0.0.jar
MD5: 7faffaab962918da4cf5ddfd76609dd2
SHA1: 54f928fadec906a99d558536756d171917b9d936
SHA256:b01f55552284cfb149411e64eabca75e942d26d2e1786b32914250e4330afaa2
Referenced In Project/Scope: SteelBlue :: Core:compile
jakarta.annotation-api-3.0.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/it.tidalwave.steelblue/it-tidalwave-ui-core@3.0-ALPHA-5

Identifiers

jsr305-3.0.2.jar

Description:

JSR305 Annotations for Findbugs

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar
MD5: dd83accb899363c32b07d7a1b2e4ce40
SHA1: 25ea2e8b0c338a877313bd4672d3fe056ea78f0d
SHA256:766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7
Referenced In Project/Scope: SteelBlue :: Core:compile
jsr305-3.0.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs-annotations@4.9.3

Identifiers

lombok-1.18.38.jar

Description:

Spice up your java: Automatic Resource Management, automatic generation of getters, setters, equals, hashCode and toString, and more!

License:

The MIT License: https://projectlombok.org/LICENSE
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/projectlombok/lombok/1.18.38/lombok-1.18.38.jar
MD5: 789cacd8d3969e9d23e6e6baec747f70
SHA1: 57f8f5e02e92a30fd21b80cbd426a4172b5f8e29
SHA256:1e1e427c36ff63c44fd30ef292d9e773ea3154460ab6265d3fed7e6f5bc50fb9
Referenced In Project/Scope: SteelBlue :: Core:provided
lombok-1.18.38.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/it.tidalwave.steelblue/it-tidalwave-ui-core@3.0-ALPHA-5

Identifiers

lombok-1.18.38.jar: mavenEcjBootstrapAgent.jar

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/projectlombok/lombok/1.18.38/lombok-1.18.38.jar/lombok/launch/mavenEcjBootstrapAgent.jar
MD5: 885d5d6be90a5dcd4b82cdf741e3f31a
SHA1: e1f7f1779f40157fd0b984c1bc32a0cb45cae66e
SHA256:74a80a6ee84e5c6fe497dfcc46a46dbe30578525e747eb531e918ee0750c8da9
Referenced In Project/Scope: SteelBlue :: Core:provided

Identifiers

  • None

micrometer-commons-1.14.5.jar

Description:

Module containing common code

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/io/micrometer/micrometer-commons/1.14.5/micrometer-commons-1.14.5.jar
MD5: 0be73dc7b0067614939038a5c513e940
SHA1: 6201a40489ccedc9539c5f7a2c84e9e64702bf10
SHA256:e98485ffecb7d8cc9af47cfe627ea8bf3897915dd0f34b3e3a190d6896875b4b
Referenced In Project/Scope: SteelBlue :: Core:compile
micrometer-commons-1.14.5.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/it.tidalwave.thesefoolishthings/it-tidalwave-messagebus-spring@5.0-ALPHA-3

Identifiers

micrometer-observation-1.14.5.jar

Description:

Module containing Observation related code

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/io/micrometer/micrometer-observation/1.14.5/micrometer-observation-1.14.5.jar
MD5: 1cc820f1baf9c84bfc92300f6890c6f5
SHA1: b23dff6bf07a29f67fdae8f3f3f8f1c78fa7b126
SHA256:7cfbf714abdf3779c820ff19712199ac9bae03d2f0e809ba8e74c3663c12128a
Referenced In Project/Scope: SteelBlue :: Core:compile
micrometer-observation-1.14.5.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/it.tidalwave.thesefoolishthings/it-tidalwave-messagebus-spring@5.0-ALPHA-3

Identifiers

slf4j-api-2.0.17.jar

Description:

The slf4j API

License:

https://opensource.org/license/mit
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/slf4j/slf4j-api/2.0.17/slf4j-api-2.0.17.jar
MD5: b6480d114a23683498ac3f746f959d2f
SHA1: d9e58ac9c7779ba3bf8142aff6c830617a7fe60f
SHA256:7b751d952061954d5abfed7181c1f645d336091b679891591d63329c622eb832
Referenced In Project/Scope: SteelBlue :: Core:compile
slf4j-api-2.0.17.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/it.tidalwave.thesefoolishthings/it-tidalwave-messagebus@5.0-ALPHA-3

Identifiers

spotbugs-annotations-4.9.3.jar

Description:

Annotations the SpotBugs tool supports

License:

GNU LESSER GENERAL PUBLIC LICENSE, Version 2.1: https://www.gnu.org/licenses/old-licenses/lgpl-2.1.en.html
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/com/github/spotbugs/spotbugs-annotations/4.9.3/spotbugs-annotations-4.9.3.jar
MD5: 6149845e438bd5a34ebaf81f8bc9e243
SHA1: 4d362bffcfdfd734999e94d7d98fde678aae71cf
SHA256:13532bfe2f45fcd491432221df72d9cd0efb8f987c9245e12befa192c8925ce3
Referenced In Project/Scope: SteelBlue :: Core:compile
spotbugs-annotations-4.9.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/it.tidalwave.steelblue/it-tidalwave-ui-core@3.0-ALPHA-5

Identifiers

spring-context-6.2.6.jar

Description:

Spring Context

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/springframework/spring-context/6.2.6/spring-context-6.2.6.jar
MD5: 026d0114f36db4c411533e2b5bb56999
SHA1: ae08b2ec4a49ab7acb0b5eea7c309363139d54ad
SHA256:c0b16aea693b6b8e5350c3f3adbed21b88d9e84ec0d8bb3adea5575e9a515ffb
Referenced In Project/Scope: SteelBlue :: Core:compile
spring-context-6.2.6.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/it.tidalwave.thesefoolishthings/it-tidalwave-messagebus-spring@5.0-ALPHA-3

Identifiers

CVE-2025-22233 (OSSINDEX)  

CVE-2024-38820 ensured Locale-independent, lowercase conversion for both the configured disallowedFields patterns and for request parameter names. However, there are still cases where it is possible to bypass the disallowedFields checks.

Affected Spring Products and Versions

Spring Framework:
  *  6.2.0 - 6.2.6

  *  6.1.0 - 6.1.19

  *  6.0.0 - 6.0.27

  *  5.3.0 - 5.3.42
  *  Older, unsupported versions are also affected



Mitigation

Users of affected versions should upgrade to the corresponding fixed version.

Affected version(s)Fix Version Availability 6.2.x
 6.2.7
OSS6.1.x
 6.1.20
OSS6.0.x
 6.0.28
 Commercial https://enterprise.spring.io/ 5.3.x
 5.3.43
 Commercial https://enterprise.spring.io/ 
No further mitigation steps are necessary.


Generally, we recommend using a dedicated model object with properties only for data binding, or using constructor binding since constructor arguments explicitly declare what to bind together with turning off setter binding through the declarativeBinding flag. See the Model Design section in the reference documentation.

For setting binding, prefer the use of allowedFields (an explicit list) over disallowedFields.

Credit

This issue was responsibly reported by the TERASOLUNA Framework Development Team from NTT DATA Group Corporation.

Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2025-22233 for details
CWE-20 Improper Input Validation

CVSSv2:
  • Base Score: LOW (2.299999952316284)
  • Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.springframework:spring-context:6.2.6:*:*:*:*:*:*:*

spring-core-6.2.6.jar

Description:

Spring Core

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/springframework/spring-core/6.2.6/spring-core-6.2.6.jar
MD5: fc1ca03f275ed5b67a6d4a93ddf78482
SHA1: 4639dac5fc46cb6a9f6eb2709decfb90313e0f2c
SHA256:77628fba8bb8d059be0fb355a9716fefb808b5c7d9ed9c574a4a264140404352
Referenced In Project/Scope: SteelBlue :: Core:compile
spring-core-6.2.6.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/it.tidalwave.thesefoolishthings/it-tidalwave-messagebus-spring@5.0-ALPHA-3

Identifiers



This report contains data retrieved from the National Vulnerability Database.
This report may contain data retrieved from the CISA Known Exploited Vulnerability Catalog.
This report may contain data retrieved from the Github Advisory Database (via NPM Audit API).
This report may contain data retrieved from RetireJS.
This report may contain data retrieved from the Sonatype OSS Index.