Dependency-Check Report

Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

Scan Information (show all):

dependency-check version: 11.1.1
Report Generated On: Thu, 19 Dec 2024 00:14:17 +0100
Dependencies Scanned: 29 (25 unique)
Vulnerable Dependencies: 2
Vulnerabilities Found: 3
Vulnerabilities Suppressed: 0
...
NVD API Last Checked: 2024-12-18T23:40:13+01
NVD API Last Modified: 2024-12-18T22:27:39Z

Summary

Display: Showing Vulnerable Dependencies (click to show all)

Dependency	Vulnerability IDs	Package	Highest Severity	CVE Count	Confidence	Evidence Count
byte-buddy-1.15.0.jar		pkg:maven/net.bytebuddy/byte-buddy@1.15.0		0		29
byte-buddy-agent-1.15.0.jar		pkg:maven/net.bytebuddy/byte-buddy-agent@1.15.0		0		33
it-tidalwave-util-3.2-ALPHA-24.jar		pkg:maven/it.tidalwave.thesefoolishthings/it-tidalwave-util@3.2-ALPHA-24		0		24
java-diff-utils-4.15.jar	cpe:2.3:a:utils_project:utils:4.15:::::::*	pkg:maven/io.github.java-diff-utils/java-diff-utils@4.15		0	Highest	21
javax.annotation-api-1.3.2.jar		pkg:maven/javax.annotation/javax.annotation-api@1.3.2		0		48
jcommander-1.82.jar		pkg:maven/com.beust/jcommander@1.82		0		26
jquery-3.7.1.jar		pkg:maven/org.webjars/jquery@3.7.1		0		21
jquery-3.7.1.jar: jquery.js				0		0
jquery-3.7.1.jar: jquery.min.js				0		0
jquery-3.7.1.jar: jquery.slim.js				0		0
jquery-3.7.1.jar: jquery.slim.min.js				0		0
jquery-3.7.1.jar: webjars-requirejs.js				0		0
jsr305-3.0.2.jar		pkg:maven/com.google.code.findbugs/jsr305@3.0.2		0		17
lombok-1.18.36.jar		pkg:maven/org.projectlombok/lombok@1.18.36		0		36
lombok-1.18.36.jar: mavenEcjBootstrapAgent.jar				0		7
mockito-core-5.13.0.jar		pkg:maven/org.mockito/mockito-core@5.13.0		0		41
objenesis-3.3.jar		pkg:maven/org.objenesis/objenesis@3.3		0		27
slf4j-api-2.0.16.jar		pkg:maven/org.slf4j/slf4j-api@2.0.16		0		29
spotbugs-annotations-3.1.9.jar		pkg:maven/com.github.spotbugs/spotbugs-annotations@3.1.9		0		53
spring-core-5.3.37.jar	cpe:2.3:a:pivotal_software:spring_framework:5.3.37:::::::* cpe:2.3:a:springsource:spring_framework:5.3.37:::::::* cpe:2.3:a:vmware:spring_framework:5.3.37:::::::*	pkg:maven/org.springframework/spring-core@5.3.37	MEDIUM	1	Highest	37
spring-expression-5.3.37.jar	cpe:2.3:a:pivotal_software:spring_framework:5.3.37:::::::* cpe:2.3:a:springsource:spring_framework:5.3.37:::::::* cpe:2.3:a:vmware:spring_framework:5.3.37:::::::*	pkg:maven/org.springframework/spring-expression@5.3.37	MEDIUM	2	Highest	37
testng-7.10.2.jar	cpe:2.3:a:testng_project:testng:7.10.2:::::::*	pkg:maven/org.testng/testng@7.10.2		0	Highest	47
testng-7.10.2.jar: jquery-3.6.0.min.js				0		0
testng-7.10.2.jar: testng-reports.js				0		0
testng-7.10.2.jar: testng-reports2.js				0		0

Dependencies (vulnerable)

byte-buddy-1.15.0.jar

Description:

        Byte Buddy is a Java library for creating Java classes at run time.
        This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/net/bytebuddy/byte-buddy/1.15.0/byte-buddy-1.15.0.jar
MD5: e830b0eae8ae0e4b7df4f4ddba23fbe1
SHA1: a5b1159b91c5334015de0f22ab4b1188cd42bbff
SHA256:c743cfb4db1e6c67af6297fbe32a3ad94710884cde4c7eecb1bad7d820d4f2ba
Referenced In Project/Scope: TheseFoolishThings :: Test Utilities:compile
pkg:maven/org.mockito/mockito-core@5.13.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	byte-buddy	High
Vendor	jar	package name	asm	Highest
Vendor	jar	package name	build	Highest
Vendor	jar	package name	bytebuddy	Highest
Vendor	jar	package name	net	Highest
Vendor	Manifest	build-jdk-spec	1.8	Low
Vendor	Manifest	bundle-symbolicname	net.bytebuddy.byte-buddy	Medium
Vendor	Manifest	multi-release	true	Low
Vendor	pom	artifactid	byte-buddy	Highest
Vendor	pom	artifactid	byte-buddy	Low
Vendor	pom	groupid	net.bytebuddy	Highest
Vendor	pom	name	Byte Buddy (without dependencies)	High
Vendor	pom	parent-artifactid	byte-buddy-parent	Low
Product	file	name	byte-buddy	High
Product	jar	package name	asm	Highest
Product	jar	package name	build	Highest
Product	jar	package name	bytebuddy	Highest
Product	jar	package name	net	Highest
Product	Manifest	build-jdk-spec	1.8	Low
Product	Manifest	Bundle-Name	Byte Buddy (without dependencies)	Medium
Product	Manifest	bundle-symbolicname	net.bytebuddy.byte-buddy	Medium
Product	Manifest	multi-release	true	Low
Product	pom	artifactid	byte-buddy	Highest
Product	pom	groupid	net.bytebuddy	Highest
Product	pom	name	Byte Buddy (without dependencies)	High
Product	pom	parent-artifactid	byte-buddy-parent	Medium
Version	file	version	1.15.0	High
Version	Manifest	Bundle-Version	1.15.0	High
Version	pom	version	1.15.0	Highest

Identifiers

pkg:maven/net.bytebuddy/byte-buddy@1.15.0 (Confidence:High)

byte-buddy-agent-1.15.0.jar

Description:

The Byte Buddy agent offers convenience for attaching an agent to the local or a remote VM.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/net/bytebuddy/byte-buddy-agent/1.15.0/byte-buddy-agent-1.15.0.jar
MD5: a207cc7dadc16dad523a33145669b9e2
SHA1: e32740c43acebaac9d55b86399ecf6a5df3c17fb
SHA256:3399a0fdf7ba3f1386ebf831a706037428f1b1af81d653c25cf8a8fde2e4d2ea
Referenced In Project/Scope: TheseFoolishThings :: Test Utilities:compile
pkg:maven/org.mockito/mockito-core@5.13.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	byte-buddy-agent	High
Vendor	jar	package name	agent	Highest
Vendor	jar	package name	bytebuddy	Highest
Vendor	jar	package name	net	Highest
Vendor	Manifest	build-jdk-spec	1.8	Low
Vendor	Manifest	bundle-symbolicname	net.bytebuddy.byte-buddy-agent	Medium
Vendor	Manifest	can-redefine-classes	true	Low
Vendor	Manifest	can-retransform-classes	true	Low
Vendor	Manifest	can-set-native-method-prefix	true	Low
Vendor	Manifest	multi-release	true	Low
Vendor	pom	artifactid	byte-buddy-agent	Highest
Vendor	pom	artifactid	byte-buddy-agent	Low
Vendor	pom	groupid	net.bytebuddy	Highest
Vendor	pom	name	Byte Buddy agent	High
Vendor	pom	parent-artifactid	byte-buddy-parent	Low
Product	file	name	byte-buddy-agent	High
Product	jar	package name	agent	Highest
Product	jar	package name	bytebuddy	Highest
Product	jar	package name	net	Highest
Product	Manifest	build-jdk-spec	1.8	Low
Product	Manifest	Bundle-Name	Byte Buddy agent	Medium
Product	Manifest	bundle-symbolicname	net.bytebuddy.byte-buddy-agent	Medium
Product	Manifest	can-redefine-classes	true	Low
Product	Manifest	can-retransform-classes	true	Low
Product	Manifest	can-set-native-method-prefix	true	Low
Product	Manifest	multi-release	true	Low
Product	pom	artifactid	byte-buddy-agent	Highest
Product	pom	groupid	net.bytebuddy	Highest
Product	pom	name	Byte Buddy agent	High
Product	pom	parent-artifactid	byte-buddy-parent	Medium
Version	file	version	1.15.0	High
Version	Manifest	Bundle-Version	1.15.0	High
Version	pom	version	1.15.0	Highest

Identifiers

pkg:maven/net.bytebuddy/byte-buddy-agent@1.15.0 (Confidence:High)

it-tidalwave-util-3.2-ALPHA-24.jar

Description:

        A collection of common utilities.

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/it/tidalwave/thesefoolishthings/it-tidalwave-util/3.2-ALPHA-24/it-tidalwave-util-3.2-ALPHA-24.jar
MD5: 1bd6e1d7d3b38390d73e52d60125ad65
SHA1: 77df5aa3f7b6a1647c7ac73b70dfd1ea047afc8e
SHA256:1cd466c22b0df169f21e90380f111449507fddef314d9fb829b7ed4068b6d34b
Referenced In Project/Scope: TheseFoolishThings :: Test Utilities:compile
it-tidalwave-util-3.2-ALPHA-24.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/it.tidalwave.thesefoolishthings/it-tidalwave-util-test@3.2-ALPHA-24

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	it-tidalwave-util	High
Vendor	jar	package name	it	Highest
Vendor	jar	package name	tidalwave	Highest
Vendor	jar	package name	util	Highest
Vendor	Manifest	build-jdk-spec	21	Low
Vendor	Manifest	Implementation-Vendor	Tidalwave s.a.s.	High
Vendor	Manifest	specification-vendor	Tidalwave s.a.s.	Low
Vendor	pom	artifactid	it-tidalwave-util	Highest
Vendor	pom	artifactid	it-tidalwave-util	Low
Vendor	pom	groupid	it.tidalwave.thesefoolishthings	Highest
Vendor	pom	name	TheseFoolishThings :: Utilities	High
Vendor	pom	parent-artifactid	modules	Low
Product	file	name	it-tidalwave-util	High
Product	jar	package name	it	Highest
Product	jar	package name	tidalwave	Highest
Product	jar	package name	util	Highest
Product	Manifest	build-jdk-spec	21	Low
Product	Manifest	Implementation-Title	TheseFoolishThings :: Utilities	High
Product	Manifest	specification-title	TheseFoolishThings :: Utilities	Medium
Product	pom	artifactid	it-tidalwave-util	Highest
Product	pom	groupid	it.tidalwave.thesefoolishthings	Highest
Product	pom	name	TheseFoolishThings :: Utilities	High
Product	pom	parent-artifactid	modules	Medium
Version	pom	version	3.2-ALPHA-24	Highest

Identifiers

pkg:maven/it.tidalwave.thesefoolishthings/it-tidalwave-util@3.2-ALPHA-24 (Confidence:High)

java-diff-utils-4.15.jar

Description:

The DiffUtils library for computing diffs, applying patches, generationg side-by-side view in Java.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/io/github/java-diff-utils/java-diff-utils/4.15/java-diff-utils-4.15.jar
MD5: 7307001832630cebc9ea88620d4af2d8
SHA1: a8b782ac93bf6c714526ac880adef7c52a87dad7
SHA256:964c69e3a23a892db2778ae6806aa1d42f81230032bd8e4982dc8620582ee6b7
Referenced In Project/Scope: TheseFoolishThings :: Test Utilities:compile
pkg:maven/it.tidalwave.thesefoolishthings/it-tidalwave-util-test@3.2-ALPHA-24

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	java-diff-utils	High
Vendor	jar	package name	github	Highest
Vendor	Manifest	automatic-module-name	io.github.javadiffutils	Medium
Vendor	Manifest	bundle-symbolicname	io.github.java-diff-utils	Medium
Vendor	pom	artifactid	java-diff-utils	Highest
Vendor	pom	artifactid	java-diff-utils	Low
Vendor	pom	groupid	io.github.java-diff-utils	Highest
Vendor	pom	name	java-diff-utils	High
Vendor	pom	parent-artifactid	java-diff-utils-parent	Low
Product	file	name	java-diff-utils	High
Product	jar	package name	diffutils	Highest
Product	jar	package name	github	Highest
Product	Manifest	automatic-module-name	io.github.javadiffutils	Medium
Product	Manifest	Bundle-Name	java-diff-utils	Medium
Product	Manifest	bundle-symbolicname	io.github.java-diff-utils	Medium
Product	pom	artifactid	java-diff-utils	Highest
Product	pom	groupid	io.github.java-diff-utils	Highest
Product	pom	name	java-diff-utils	High
Product	pom	parent-artifactid	java-diff-utils-parent	Medium
Version	file	version	4.15	High
Version	pom	version	4.15	Highest

Identifiers

pkg:maven/io.github.java-diff-utils/java-diff-utils@4.15 (Confidence:High)
cpe:2.3:a:utils_project:utils:4.15:*:*:*:*:*:*:* (Confidence:Highest)

javax.annotation-api-1.3.2.jar

Description:

Common Annotations for the JavaTM Platform API

License:

CDDL + GPLv2 with classpath exception: https://github.com/javaee/javax.annotation/blob/master/LICENSE

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/javax/annotation/javax.annotation-api/1.3.2/javax.annotation-api-1.3.2.jar
MD5: 2ab1973eefffaa2aeec47d50b9e40b9d
SHA1: 934c04d3cfef185a8008e7bf34331b79730a9d43
SHA256:e04ba5195bcd555dc95650f7cc614d151e4bcd52d29a10b8aa2197f3ab89ab9b
Referenced In Project/Scope: TheseFoolishThings :: Test Utilities:compile
pkg:maven/it.tidalwave.thesefoolishthings/it-tidalwave-util-test@3.2-ALPHA-24

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	javax.annotation-api	High
Vendor	jar	package name	annotation	Highest
Vendor	jar	package name	javax	Highest
Vendor	Manifest	automatic-module-name	java.annotation	Medium
Vendor	Manifest	bundle-docurl	https://javaee.github.io/glassfish	Low
Vendor	Manifest	bundle-symbolicname	javax.annotation-api	Medium
Vendor	Manifest	extension-name	javax.annotation	Medium
Vendor	Manifest	Implementation-Vendor	GlassFish Community	High
Vendor	Manifest	Implementation-Vendor-Id	org.glassfish	Medium
Vendor	Manifest	specification-vendor	Oracle Corporation	Low
Vendor	pom	artifactid	javax.annotation-api	Highest
Vendor	pom	artifactid	javax.annotation-api	Low
Vendor	pom	developer id	ldemichiel	Medium
Vendor	pom	developer name	Linda De Michiel	Medium
Vendor	pom	developer org	Oracle Corp.	Medium
Vendor	pom	groupid	javax.annotation	Highest
Vendor	pom	name	API	High
Vendor	pom	name	${extension.name} API	High
Vendor	pom	organization name	GlassFish Community	High
Vendor	pom	organization url	https://javaee.github.io/glassfish	Medium
Vendor	pom	parent-artifactid	jvnet-parent	Low
Vendor	pom	parent-groupid	net.java	Medium
Vendor	pom	url	http://jcp.org/en/jsr/detail?id=250	Highest
Product	file	name	javax.annotation-api	High
Product	jar	package name	annotation	Highest
Product	jar	package name	javax	Highest
Product	Manifest	automatic-module-name	java.annotation	Medium
Product	Manifest	bundle-docurl	https://javaee.github.io/glassfish	Low
Product	Manifest	Bundle-Name	javax.annotation API	Medium
Product	Manifest	bundle-symbolicname	javax.annotation-api	Medium
Product	Manifest	extension-name	javax.annotation	Medium
Product	pom	artifactid	javax.annotation-api	Highest
Product	pom	developer id	ldemichiel	Low
Product	pom	developer name	Linda De Michiel	Low
Product	pom	developer org	Oracle Corp.	Low
Product	pom	groupid	javax.annotation	Highest
Product	pom	name	API	High
Product	pom	name	${extension.name} API	High
Product	pom	organization name	GlassFish Community	Low
Product	pom	organization url	https://javaee.github.io/glassfish	Low
Product	pom	parent-artifactid	jvnet-parent	Medium
Product	pom	parent-groupid	net.java	Medium
Product	pom	url	http://jcp.org/en/jsr/detail?id=250	Medium
Version	file	version	1.3.2	High
Version	Manifest	Bundle-Version	1.3.2	High
Version	Manifest	Implementation-Version	1.3.2	High
Version	pom	parent-version	1.3.2	Low
Version	pom	version	1.3.2	Highest

Identifiers

pkg:maven/javax.annotation/javax.annotation-api@1.3.2 (Confidence:High)

jcommander-1.82.jar

Description:

Command line parsing library for Java

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/com/beust/jcommander/1.82/jcommander-1.82.jar
MD5: c350dc0db8aa038e6bbaf0050720d69c
SHA1: 0a7c5fef184d238065de38f81bbc6ee50cca2e21
SHA256:deeac157c8de6822878d85d0c7bc8467a19cc8484d37788f7804f039dde280b1
Referenced In Project/Scope: TheseFoolishThings :: Test Utilities:compile
pkg:maven/org.testng/testng@7.10.2

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	jcommander	High
Vendor	jar	package name	beust	Highest
Vendor	jar	package name	beust	Low
Vendor	jar	package name	jcommander	Highest
Vendor	jar	package name	jcommander	Low
Vendor	pom	artifactid	jcommander	Highest
Vendor	pom	artifactid	jcommander	Low
Vendor	pom	developer email	cedric@beust.com	Low
Vendor	pom	developer id	cbeust	Medium
Vendor	pom	developer name	Cedric Beust	Medium
Vendor	pom	groupid	com.beust	Highest
Vendor	pom	name	jcommander	High
Vendor	pom	url	https://jcommander.org	Highest
Product	file	name	jcommander	High
Product	jar	package name	beust	Highest
Product	jar	package name	jcommander	Highest
Product	jar	package name	jcommander	Low
Product	pom	artifactid	jcommander	Highest
Product	pom	developer email	cedric@beust.com	Low
Product	pom	developer id	cbeust	Low
Product	pom	developer name	Cedric Beust	Low
Product	pom	groupid	com.beust	Highest
Product	pom	name	jcommander	High
Product	pom	url	https://jcommander.org	Medium
Version	file	version	1.82	High
Version	pom	version	1.82	Highest

Identifiers

pkg:maven/com.beust/jcommander@1.82 (Confidence:High)

jquery-3.7.1.jar

Description:

WebJar for jQuery

License:

MIT License: https://github.com/jquery/jquery/blob/master/MIT-LICENSE.txt

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/webjars/jquery/3.7.1/jquery-3.7.1.jar
MD5: bc444e0ba9afc1f621d54e6b687a5f9a
SHA1: 42088e652462c40a369b64d87e18e825644acfab
SHA256:262016dd3a559df87aefbe392804e9bf620787c9204c0ab8522d4c231ea65097
Referenced In Project/Scope: TheseFoolishThings :: Test Utilities:runtime
pkg:maven/org.testng/testng@7.10.2

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	jquery	High
Vendor	Manifest	build-jdk-spec	19	Low
Vendor	pom	artifactid	jquery	Highest
Vendor	pom	artifactid	jquery	Low
Vendor	pom	developer email	james@jamesward.org	Low
Vendor	pom	developer id	jamesward	Medium
Vendor	pom	developer name	James Ward	Medium
Vendor	pom	groupid	org.webjars	Highest
Vendor	pom	name	jquery	High
Vendor	pom	url	http://webjars.org	Highest
Product	file	name	jquery	High
Product	Manifest	build-jdk-spec	19	Low
Product	pom	artifactid	jquery	Highest
Product	pom	developer email	james@jamesward.org	Low
Product	pom	developer id	jamesward	Low
Product	pom	developer name	James Ward	Low
Product	pom	groupid	org.webjars	Highest
Product	pom	name	jquery	High
Product	pom	url	http://webjars.org	Medium
Version	file	version	3.7.1	High
Version	pom	version	3.7.1	Highest

Identifiers

pkg:maven/org.webjars/jquery@3.7.1 (Confidence:High)

jquery-3.7.1.jar: jquery.js

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/webjars/jquery/3.7.1/jquery-3.7.1.jar/META-INF/resources/webjars/jquery/3.7.1/jquery.js
MD5: 12e87d2f3a4c8b347ab13a0764d420a3
SHA1: 4be715e11048c057fdf2ee0fbbfad4dbf3504c55
SHA256:78a85aca2f0b110c29e0d2b137e09f0a1fb7a8e554b499f740d6744dc8962cfe
Referenced In Project/Scope: TheseFoolishThings :: Test Utilities:runtime

Evidence

Identifiers

None

jquery-3.7.1.jar: jquery.min.js

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/webjars/jquery/3.7.1/jquery-3.7.1.jar/META-INF/resources/webjars/jquery/3.7.1/jquery.min.js
MD5: 2c872dbe60f4ba70fb85356113d8b35e
SHA1: ee48592d1fff952fcf06ce0b666ed4785493afdc
SHA256:fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a
Referenced In Project/Scope: TheseFoolishThings :: Test Utilities:runtime

Evidence

Identifiers

None

jquery-3.7.1.jar: jquery.slim.js

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/webjars/jquery/3.7.1/jquery-3.7.1.jar/META-INF/resources/webjars/jquery/3.7.1/jquery.slim.js
MD5: d5e71829ecdc0456818e3b93f57b14a0
SHA1: e502aa0259449fc0f077ac15815a1eb81737dd85
SHA256:520bef37cbc19203b496e3d2525dacf13225392611a061405f88e50889bd01d7
Referenced In Project/Scope: TheseFoolishThings :: Test Utilities:runtime

Evidence

Identifiers

None

jquery-3.7.1.jar: jquery.slim.min.js

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/webjars/jquery/3.7.1/jquery-3.7.1.jar/META-INF/resources/webjars/jquery/3.7.1/jquery.slim.min.js
MD5: af73dd50819a5fc22dff8b0ed2229d6c
SHA1: 8b1d5dbd114b9c92f4a20139e1aca3196d94814b
SHA256:9261efb3407e3a9096e4654750d8eff6b3a663422f48845c7fbcc65034c340cf
Referenced In Project/Scope: TheseFoolishThings :: Test Utilities:runtime

Evidence

Identifiers

None

jquery-3.7.1.jar: webjars-requirejs.js

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/webjars/jquery/3.7.1/jquery-3.7.1.jar/META-INF/resources/webjars/jquery/3.7.1/webjars-requirejs.js
MD5: 30e1a7f167b667001f50e32ea87bf7b5
SHA1: d18dc733350ad3549af2df096599e824c10f777e
SHA256:daca7b23bc4d8302a8961373b92b78d36d5c85d730fc14130e29d55d976aa420
Referenced In Project/Scope: TheseFoolishThings :: Test Utilities:runtime

Evidence

Identifiers

None

jsr305-3.0.2.jar

Description:

JSR305 Annotations for Findbugs

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar
MD5: dd83accb899363c32b07d7a1b2e4ce40
SHA1: 25ea2e8b0c338a877313bd4672d3fe056ea78f0d
SHA256:766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7
Referenced In Project/Scope: TheseFoolishThings :: Test Utilities:compile
pkg:maven/com.github.spotbugs/spotbugs-annotations@3.1.9

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	jsr305	High
Vendor	Manifest	bundle-symbolicname	org.jsr-305	Medium
Vendor	pom	artifactid	jsr305	Highest
Vendor	pom	artifactid	jsr305	Low
Vendor	pom	groupid	com.google.code.findbugs	Highest
Vendor	pom	name	FindBugs-jsr305	High
Vendor	pom	url	http://findbugs.sourceforge.net/	Highest
Product	file	name	jsr305	High
Product	Manifest	Bundle-Name	FindBugs-jsr305	Medium
Product	Manifest	bundle-symbolicname	org.jsr-305	Medium
Product	pom	artifactid	jsr305	Highest
Product	pom	groupid	com.google.code.findbugs	Highest
Product	pom	name	FindBugs-jsr305	High
Product	pom	url	http://findbugs.sourceforge.net/	Medium
Version	file	version	3.0.2	High
Version	Manifest	Bundle-Version	3.0.2	High
Version	pom	version	3.0.2	Highest

Identifiers

pkg:maven/com.google.code.findbugs/jsr305@3.0.2 (Confidence:High)

lombok-1.18.36.jar

Description:

Spice up your java: Automatic Resource Management, automatic generation of getters, setters, equals, hashCode and toString, and more!

License:

The MIT License: https://projectlombok.org/LICENSE

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/projectlombok/lombok/1.18.36/lombok-1.18.36.jar
MD5: 92c08153ae16c161c8cc2cc8185d2724
SHA1: 5a30490a6e14977d97d9c73c924c1f1b5311ea95
SHA256:73b6b05b6a2d365b700bab08d30f94de9d336490bc0acce5b6181fef48cbf18e
Referenced In Project/Scope: TheseFoolishThings :: Test Utilities:provided
pkg:maven/it.tidalwave.thesefoolishthings/it-tidalwave-util-test@3.2-ALPHA-24

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	lombok	High
Vendor	jar	package name	java	Highest
Vendor	jar	package name	lombok	Highest
Vendor	jar	package name	tostring	Highest
Vendor	Manifest	automatic-module-name	lombok	Medium
Vendor	Manifest	can-redefine-classes	true	Low
Vendor	pom	artifactid	lombok	Highest
Vendor	pom	artifactid	lombok	Low
Vendor	pom	developer email	reinier@projectlombok.org	Low
Vendor	pom	developer email	roel@projectlombok.org	Low
Vendor	pom	developer id	rspilker	Medium
Vendor	pom	developer id	rzwitserloot	Medium
Vendor	pom	developer name	Reinier Zwitserloot	Medium
Vendor	pom	developer name	Roel Spilker	Medium
Vendor	pom	groupid	org.projectlombok	Highest
Vendor	pom	name	Project Lombok	High
Vendor	pom	url	https://projectlombok.org	Highest
Product	file	name	lombok	High
Product	jar	package name	java	Highest
Product	jar	package name	lombok	Highest
Product	jar	package name	tostring	Highest
Product	Manifest	automatic-module-name	lombok	Medium
Product	Manifest	can-redefine-classes	true	Low
Product	pom	artifactid	lombok	Highest
Product	pom	developer email	reinier@projectlombok.org	Low
Product	pom	developer email	roel@projectlombok.org	Low
Product	pom	developer id	rspilker	Low
Product	pom	developer id	rzwitserloot	Low
Product	pom	developer name	Reinier Zwitserloot	Low
Product	pom	developer name	Roel Spilker	Low
Product	pom	groupid	org.projectlombok	Highest
Product	pom	name	Project Lombok	High
Product	pom	url	https://projectlombok.org	Medium
Version	file	version	1.18.36	High
Version	Manifest	lombok-version	1.18.36	Medium
Version	pom	version	1.18.36	Highest

Identifiers

pkg:maven/org.projectlombok/lombok@1.18.36 (Confidence:High)

lombok-1.18.36.jar: mavenEcjBootstrapAgent.jar

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/projectlombok/lombok/1.18.36/lombok-1.18.36.jar/lombok/launch/mavenEcjBootstrapAgent.jar
MD5: 27467519bf9615b24cad3b003c4353a9
SHA1: 37d92e0a726a67883ab94bee27c6f292e6318dcd
SHA256:9566d0706d6245cac3cdd9db6d1d81551aa3e727febcf64452c6db9701c40037
Referenced In Project/Scope: TheseFoolishThings :: Test Utilities:provided

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	mavenEcjBootstrapAgent	High
Vendor	jar	package name	launch	Low
Vendor	jar	package name	lombok	Low
Vendor	Manifest	can-redefine-classes	true	Low
Product	file	name	mavenEcjBootstrapAgent	High
Product	jar	package name	launch	Low
Product	Manifest	can-redefine-classes	true	Low

Identifiers

None

mockito-core-5.13.0.jar

Description:

Mockito mock objects library core API and implementation

License:

MIT: https://opensource.org/licenses/MIT

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/mockito/mockito-core/5.13.0/mockito-core-5.13.0.jar
MD5: c864b3580f411640982bbf7700f57889
SHA1: bb2ba38657ce6fa72a13d96009d0b3bb9d7ddc1e
SHA256:f8a6dad9511fbc809c493b1840414e42172335e414bdbabe643dd2d53dae9a7e
Referenced In Project/Scope: TheseFoolishThings :: Test Utilities:compile
pkg:maven/it.tidalwave.thesefoolishthings/it-tidalwave-util-test@3.2-ALPHA-24

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	mockito-core	High
Vendor	jar	package name	and	Highest
Vendor	jar	package name	api	Highest
Vendor	jar	package name	mockito	Highest
Vendor	Manifest	automatic-module-name	org.mockito	Medium
Vendor	Manifest	bundle-symbolicname	org.mockito.mockito-core	Medium
Vendor	pom	artifactid	mockito-core	Highest
Vendor	pom	artifactid	mockito-core	Low
Vendor	pom	developer id	bric3	Medium
Vendor	pom	developer id	mockitoguy	Medium
Vendor	pom	developer id	raphw	Medium
Vendor	pom	developer id	TimvdLippe	Medium
Vendor	pom	developer name	Brice Dutheil	Medium
Vendor	pom	developer name	Rafael Winterhalter	Medium
Vendor	pom	developer name	Szczepan Faber	Medium
Vendor	pom	developer name	Tim van der Lippe	Medium
Vendor	pom	groupid	org.mockito	Highest
Vendor	pom	name	mockito-core	High
Vendor	pom	url	mockito/mockito	Highest
Product	file	name	mockito-core	High
Product	jar	package name	and	Highest
Product	jar	package name	api	Highest
Product	jar	package name	mockito	Highest
Product	Manifest	automatic-module-name	org.mockito	Medium
Product	Manifest	Bundle-Name	Mockito Mock Library for Java. Core bundle requires Byte Buddy and Objenesis.	Medium
Product	Manifest	bundle-symbolicname	org.mockito.mockito-core	Medium
Product	pom	artifactid	mockito-core	Highest
Product	pom	developer id	bric3	Low
Product	pom	developer id	mockitoguy	Low
Product	pom	developer id	raphw	Low
Product	pom	developer id	TimvdLippe	Low
Product	pom	developer name	Brice Dutheil	Low
Product	pom	developer name	Rafael Winterhalter	Low
Product	pom	developer name	Szczepan Faber	Low
Product	pom	developer name	Tim van der Lippe	Low
Product	pom	groupid	org.mockito	Highest
Product	pom	name	mockito-core	High
Product	pom	url	mockito/mockito	High
Version	file	version	5.13.0	High
Version	Manifest	Bundle-Version	5.13.0	High
Version	pom	version	5.13.0	Highest

Identifiers

pkg:maven/org.mockito/mockito-core@5.13.0 (Confidence:High)

objenesis-3.3.jar

Description:

A library for instantiating Java objects

License:

http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/objenesis/objenesis/3.3/objenesis-3.3.jar
MD5: ab0e0b2ab81affdd7f38bcc60fd85571
SHA1: 1049c09f1de4331e8193e579448d0916d75b7631
SHA256:02dfd0b0439a5591e35b708ed2f5474eb0948f53abf74637e959b8e4ef69bfeb
Referenced In Project/Scope: TheseFoolishThings :: Test Utilities:runtime
pkg:maven/org.mockito/mockito-core@5.13.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	objenesis	High
Vendor	jar	package name	objenesis	Highest
Vendor	Manifest	automatic-module-name	org.objenesis	Medium
Vendor	Manifest	build-jdk-spec	1.8	Low
Vendor	Manifest	bundle-symbolicname	org.objenesis	Medium
Vendor	Manifest	Implementation-Vendor	Joe Walnes, Henri Tremblay, Leonardo Mesquita	High
Vendor	Manifest	specification-vendor	Joe Walnes, Henri Tremblay, Leonardo Mesquita	Low
Vendor	pom	artifactid	objenesis	Highest
Vendor	pom	artifactid	objenesis	Low
Vendor	pom	groupid	org.objenesis	Highest
Vendor	pom	name	Objenesis	High
Vendor	pom	parent-artifactid	objenesis-parent	Low
Product	file	name	objenesis	High
Product	jar	package name	objenesis	Highest
Product	Manifest	automatic-module-name	org.objenesis	Medium
Product	Manifest	build-jdk-spec	1.8	Low
Product	Manifest	Bundle-Name	Objenesis	Medium
Product	Manifest	bundle-symbolicname	org.objenesis	Medium
Product	Manifest	Implementation-Title	Objenesis	High
Product	Manifest	specification-title	Objenesis	Medium
Product	pom	artifactid	objenesis	Highest
Product	pom	groupid	org.objenesis	Highest
Product	pom	name	Objenesis	High
Product	pom	parent-artifactid	objenesis-parent	Medium
Version	file	version	3.3	High
Version	Manifest	Implementation-Version	3.3	High
Version	pom	version	3.3	Highest

Identifiers

pkg:maven/org.objenesis/objenesis@3.3 (Confidence:High)

slf4j-api-2.0.16.jar

Description:

The slf4j API

License:

http://www.opensource.org/licenses/mit-license.php

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/slf4j/slf4j-api/2.0.16/slf4j-api-2.0.16.jar
MD5: c8de8f5d740584cb24b5652cfba8b3c4
SHA1: 0172931663a09a1fa515567af5fbef00897d3c04
SHA256:a12578dde1ba00bd9b816d388a0b879928d00bab3c83c240f7013bf4196c579a
Referenced In Project/Scope: TheseFoolishThings :: Test Utilities:compile
pkg:maven/it.tidalwave.thesefoolishthings/it-tidalwave-util-test@3.2-ALPHA-24

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	slf4j-api	High
Vendor	jar	package name	slf4j	Highest
Vendor	Manifest	build-jdk-spec	21	Low
Vendor	Manifest	bundle-docurl	http://www.slf4j.org	Low
Vendor	Manifest	bundle-symbolicname	slf4j.api	Medium
Vendor	Manifest	multi-release	true	Low
Vendor	pom	artifactid	slf4j-api	Highest
Vendor	pom	artifactid	slf4j-api	Low
Vendor	pom	groupid	org.slf4j	Highest
Vendor	pom	name	SLF4J API Module	High
Vendor	pom	parent-artifactid	slf4j-parent	Low
Vendor	pom	url	http://www.slf4j.org	Highest
Product	file	name	slf4j-api	High
Product	jar	package name	slf4j	Highest
Product	Manifest	build-jdk-spec	21	Low
Product	Manifest	bundle-docurl	http://www.slf4j.org	Low
Product	Manifest	Bundle-Name	SLF4J API Module	Medium
Product	Manifest	bundle-symbolicname	slf4j.api	Medium
Product	Manifest	Implementation-Title	slf4j-api	High
Product	Manifest	multi-release	true	Low
Product	pom	artifactid	slf4j-api	Highest
Product	pom	groupid	org.slf4j	Highest
Product	pom	name	SLF4J API Module	High
Product	pom	parent-artifactid	slf4j-parent	Medium
Product	pom	url	http://www.slf4j.org	Medium
Version	file	version	2.0.16	High
Version	Manifest	Bundle-Version	2.0.16	High
Version	Manifest	Implementation-Version	2.0.16	High
Version	pom	version	2.0.16	Highest

Identifiers

pkg:maven/org.slf4j/slf4j-api@2.0.16 (Confidence:High)

spotbugs-annotations-3.1.9.jar

Description:

Annotations the SpotBugs tool supports

License:

GNU LESSER GENERAL PUBLIC LICENSE, Version 2.1: https://www.gnu.org/licenses/old-licenses/lgpl-2.1.en.html

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/com/github/spotbugs/spotbugs-annotations/3.1.9/spotbugs-annotations-3.1.9.jar
MD5: 56a1a81d69b6a111161bbce0e6dea26a
SHA1: 2ef5127efcc1a899aab8c66d449a631c9a99c469
SHA256:68c7c46b4299e94837e236ae742f399901a950fe910fe3ca710026753b5dd2e1
Referenced In Project/Scope: TheseFoolishThings :: Test Utilities:compile
pkg:maven/it.tidalwave.thesefoolishthings/it-tidalwave-util-test@3.2-ALPHA-24

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	spotbugs-annotations	High
Vendor	Manifest	automatic-module-name	com.github.spotbugs.annotations	Medium
Vendor	Manifest	bundle-requiredexecutionenvironment	J2SE-1.5	Low
Vendor	Manifest	bundle-symbolicname	spotbugs-annotations	Medium
Vendor	pom	artifactid	spotbugs-annotations	Highest
Vendor	pom	artifactid	spotbugs-annotations	Low
Vendor	pom	developer email	andreas.sewe@codetrails.com	Low
Vendor	pom	developer email	dbrosius@mebigfatguy.com	Low
Vendor	pom	developer email	loskutov@gmx.de	Low
Vendor	pom	developer email	skypencil@gmail.com	Low
Vendor	pom	developer id	henrik242	Medium
Vendor	pom	developer id	iloveeclipse	Medium
Vendor	pom	developer id	jsotuyod	Medium
Vendor	pom	developer id	KengoTODA	Medium
Vendor	pom	developer id	mebigfatguy	Medium
Vendor	pom	developer id	sewe	Medium
Vendor	pom	developer id	ThrawnCA	Medium
Vendor	pom	developer name	Andreas Sewe	Medium
Vendor	pom	developer name	Andrey Loskutov	Medium
Vendor	pom	developer name	Dave Brosius	Medium
Vendor	pom	developer name	Juan Martín Sotuyo Dodero	Medium
Vendor	pom	developer name	Kengo TODA	Medium
Vendor	pom	groupid	com.github.spotbugs	Highest
Vendor	pom	name	SpotBugs Annotations	High
Vendor	pom	url	https://spotbugs.github.io/	Highest
Product	file	name	spotbugs-annotations	High
Product	Manifest	automatic-module-name	com.github.spotbugs.annotations	Medium
Product	Manifest	Bundle-Name	spotbugs-annotations	Medium
Product	Manifest	bundle-requiredexecutionenvironment	J2SE-1.5	Low
Product	Manifest	bundle-symbolicname	spotbugs-annotations	Medium
Product	pom	artifactid	spotbugs-annotations	Highest
Product	pom	developer email	andreas.sewe@codetrails.com	Low
Product	pom	developer email	dbrosius@mebigfatguy.com	Low
Product	pom	developer email	loskutov@gmx.de	Low
Product	pom	developer email	skypencil@gmail.com	Low
Product	pom	developer id	henrik242	Low
Product	pom	developer id	iloveeclipse	Low
Product	pom	developer id	jsotuyod	Low
Product	pom	developer id	KengoTODA	Low
Product	pom	developer id	mebigfatguy	Low
Product	pom	developer id	sewe	Low
Product	pom	developer id	ThrawnCA	Low
Product	pom	developer name	Andreas Sewe	Low
Product	pom	developer name	Andrey Loskutov	Low
Product	pom	developer name	Dave Brosius	Low
Product	pom	developer name	Juan Martín Sotuyo Dodero	Low
Product	pom	developer name	Kengo TODA	Low
Product	pom	groupid	com.github.spotbugs	Highest
Product	pom	name	SpotBugs Annotations	High
Product	pom	url	https://spotbugs.github.io/	Medium
Version	file	version	3.1.9	High
Version	Manifest	Bundle-Version	3.1.9	High
Version	pom	version	3.1.9	Highest

Identifiers

pkg:maven/com.github.spotbugs/spotbugs-annotations@3.1.9 (Confidence:High)

spring-core-5.3.37.jar

Description:

Spring Core

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/springframework/spring-core/5.3.37/spring-core-5.3.37.jar
MD5: fbc5c33d34c54949e9f8cb07acf70e16
SHA1: a6664808571dcb93b2949c20c8af923a51946b1b
SHA256:fa368ec048ab821774c5259498462a53eb7c860c3ce876e427e1b18999efb4b8
Referenced In Project/Scope: TheseFoolishThings :: Test Utilities:compile
pkg:maven/org.springframework/spring-context@5.3.37

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	spring-core	High
Vendor	hint analyzer	vendor	pivotal software	Highest
Vendor	hint analyzer	vendor	SpringSource	Highest
Vendor	hint analyzer	vendor	vmware	Highest
Vendor	jar	package name	core	Highest
Vendor	jar	package name	io	Highest
Vendor	jar	package name	springframework	Highest
Vendor	Manifest	automatic-module-name	spring.core	Medium
Vendor	pom	artifactid	spring-core	Highest
Vendor	pom	artifactid	spring-core	Low
Vendor	pom	developer email	jhoeller@pivotal.io	Low
Vendor	pom	developer id	jhoeller	Medium
Vendor	pom	developer name	Juergen Hoeller	Medium
Vendor	pom	groupid	org.springframework	Highest
Vendor	pom	name	Spring Core	High
Vendor	pom	organization name	Spring IO	High
Vendor	pom	organization url	https://spring.io/projects/spring-framework	Medium
Vendor	pom	url	spring-projects/spring-framework	Highest
Product	file	name	spring-core	High
Product	hint analyzer	product	springsource_spring_framework	Highest
Product	jar	package name	core	Highest
Product	jar	package name	io	Highest
Product	jar	package name	springframework	Highest
Product	Manifest	automatic-module-name	spring.core	Medium
Product	Manifest	Implementation-Title	spring-core	High
Product	pom	artifactid	spring-core	Highest
Product	pom	developer email	jhoeller@pivotal.io	Low
Product	pom	developer id	jhoeller	Low
Product	pom	developer name	Juergen Hoeller	Low
Product	pom	groupid	org.springframework	Highest
Product	pom	name	Spring Core	High
Product	pom	organization name	Spring IO	Low
Product	pom	organization url	https://spring.io/projects/spring-framework	Low
Product	pom	url	spring-projects/spring-framework	High
Version	file	version	5.3.37	High
Version	Manifest	Implementation-Version	5.3.37	High
Version	pom	version	5.3.37	Highest

Related Dependencies

Identifiers

pkg:maven/org.springframework/spring-core@5.3.37 (Confidence:High)
cpe:2.3:a:pivotal_software:spring_framework:5.3.37:*:*:*:*:*:*:* (Confidence:Highest)
cpe:2.3:a:springsource:spring_framework:5.3.37:*:*:*:*:*:*:* (Confidence:Highest)
cpe:2.3:a:vmware:spring_framework:5.3.37:*:*:*:*:*:*:* (Confidence:Highest)

Published Vulnerabilities

CVE-2024-38820

The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected.

NVD-CWE-noinfo, CWE-178 Improper Handling of Case Sensitivity

CVSSv3:

Base Score: MEDIUM (5.3)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A

References:

security@vmware.com - VENDOR_ADVISORY

Vulnerable Software & Versions: (show all)

spring-expression-5.3.37.jar

Description:

Spring Expression Language (SpEL)

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/springframework/spring-expression/5.3.37/spring-expression-5.3.37.jar
MD5: 4cb4ca755ad6d729b0fff17be4071014
SHA1: df34b75531291e192144bb08ae307540504fef19
SHA256:1b8bc056a122b49a6d80c3c024395bebdfada8353eae31b052da98963dabc00d
Referenced In Project/Scope: TheseFoolishThings :: Test Utilities:compile
pkg:maven/org.springframework/spring-context@5.3.37

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	spring-expression	High
Vendor	hint analyzer	vendor	pivotal software	Highest
Vendor	hint analyzer	vendor	SpringSource	Highest
Vendor	hint analyzer	vendor	vmware	Highest
Vendor	jar	package name	expression	Highest
Vendor	jar	package name	spel	Highest
Vendor	jar	package name	springframework	Highest
Vendor	Manifest	automatic-module-name	spring.expression	Medium
Vendor	pom	artifactid	spring-expression	Highest
Vendor	pom	artifactid	spring-expression	Low
Vendor	pom	developer email	jhoeller@pivotal.io	Low
Vendor	pom	developer id	jhoeller	Medium
Vendor	pom	developer name	Juergen Hoeller	Medium
Vendor	pom	groupid	org.springframework	Highest
Vendor	pom	name	Spring Expression Language (SpEL)	High
Vendor	pom	organization name	Spring IO	High
Vendor	pom	organization url	https://spring.io/projects/spring-framework	Medium
Vendor	pom	url	spring-projects/spring-framework	Highest
Product	file	name	spring-expression	High
Product	hint analyzer	product	springsource_spring_framework	Highest
Product	jar	package name	expression	Highest
Product	jar	package name	spel	Highest
Product	jar	package name	springframework	Highest
Product	Manifest	automatic-module-name	spring.expression	Medium
Product	Manifest	Implementation-Title	spring-expression	High
Product	pom	artifactid	spring-expression	Highest
Product	pom	developer email	jhoeller@pivotal.io	Low
Product	pom	developer id	jhoeller	Low
Product	pom	developer name	Juergen Hoeller	Low
Product	pom	groupid	org.springframework	Highest
Product	pom	name	Spring Expression Language (SpEL)	High
Product	pom	organization name	Spring IO	Low
Product	pom	organization url	https://spring.io/projects/spring-framework	Low
Product	pom	url	spring-projects/spring-framework	High
Version	file	version	5.3.37	High
Version	Manifest	Implementation-Version	5.3.37	High
Version	pom	version	5.3.37	Highest

Identifiers

pkg:maven/org.springframework/spring-expression@5.3.37 (Confidence:High)
cpe:2.3:a:pivotal_software:spring_framework:5.3.37:*:*:*:*:*:*:* (Confidence:Highest)
cpe:2.3:a:springsource:spring_framework:5.3.37:*:*:*:*:*:*:* (Confidence:Highest)
cpe:2.3:a:vmware:spring_framework:5.3.37:*:*:*:*:*:*:* (Confidence:Highest)

Published Vulnerabilities

CVE-2024-38808 (OSSINDEX)

In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language (SpEL) expression that may cause a denial of service (DoS) condition.

Specifically, an application is vulnerable when the following is true:

  *  The application evaluates user-supplied SpEL expressions.

Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2024-38808 for details

CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv2:

Base Score: MEDIUM (5.300000190734863)
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

References:

OSSINDEX - [CVE-2024-38808] CWE-770: Allocation of Resources Without Limits or Throttling
OSSIndex - http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-38808
OSSIndex - https://spring.io/security/cve-2024-38808

Vulnerable Software & Versions (OSSINDEX):

cpe:2.3:a:org.springframework:spring-expression:5.3.37:*:*:*:*:*:*:*

CVE-2024-38820

The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected.

NVD-CWE-noinfo, CWE-178 Improper Handling of Case Sensitivity

CVSSv3:

Base Score: MEDIUM (5.3)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A

References:

security@vmware.com - VENDOR_ADVISORY

Vulnerable Software & Versions: (show all)

testng-7.10.2.jar

Description:

Testing framework for Java

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/testng/testng/7.10.2/testng-7.10.2.jar
MD5: 166d606c04bdf9f4f2c0f4cc42ab362e
SHA1: 30742acada21960d4333a4204039fbdc6a92083a
SHA256:225fd56447f2e5e439db3b483a79cd9f294fad9f357f8352b12ee6a3411ebb15
Referenced In Project/Scope: TheseFoolishThings :: Test Utilities:compile
pkg:maven/it.tidalwave.thesefoolishthings/it-tidalwave-util-test@3.2-ALPHA-24

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	testng	High
Vendor	jar	package name	testng	Highest
Vendor	Manifest	automatic-module-name	org.testng	Medium
Vendor	Manifest	bundle-symbolicname	org.testng	Medium
Vendor	Manifest	implementation-url	https://testng.org	Low
Vendor	Manifest	Implementation-Vendor	TestNG	High
Vendor	Manifest	Implementation-Vendor-Id	org.testng	Medium
Vendor	Manifest	specification-vendor	TestNG	Low
Vendor	pom	artifactid	testng	Highest
Vendor	pom	artifactid	testng	Low
Vendor	pom	developer email	cedric@beust.com	Low
Vendor	pom	developer email	julien@herr.fr	Low
Vendor	pom	developer email	krishnan.mahadevan1978@gmail.com	Low
Vendor	pom	developer id	cbeust	Medium
Vendor	pom	developer id	juherr	Medium
Vendor	pom	developer id	krmahadevan	Medium
Vendor	pom	developer name	Cedric Beust	Medium
Vendor	pom	developer name	Julien Herr	Medium
Vendor	pom	developer name	Krishnan Mahadevan	Medium
Vendor	pom	groupid	org.testng	Highest
Vendor	pom	name	testng	High
Vendor	pom	url	https://testng.org	Highest
Product	file	name	testng	High
Product	jar	package name	testng	Highest
Product	Manifest	automatic-module-name	org.testng	Medium
Product	Manifest	Bundle-Name	TestNG	Medium
Product	Manifest	bundle-symbolicname	org.testng	Medium
Product	Manifest	Implementation-Title	TestNG	High
Product	Manifest	implementation-url	https://testng.org	Low
Product	Manifest	specification-title	TestNG	Medium
Product	pom	artifactid	testng	Highest
Product	pom	developer email	cedric@beust.com	Low
Product	pom	developer email	julien@herr.fr	Low
Product	pom	developer email	krishnan.mahadevan1978@gmail.com	Low
Product	pom	developer id	cbeust	Low
Product	pom	developer id	juherr	Low
Product	pom	developer id	krmahadevan	Low
Product	pom	developer name	Cedric Beust	Low
Product	pom	developer name	Julien Herr	Low
Product	pom	developer name	Krishnan Mahadevan	Low
Product	pom	groupid	org.testng	Highest
Product	pom	name	testng	High
Product	pom	url	https://testng.org	Medium
Version	file	version	7.10.2	High
Version	Manifest	Bundle-Version	7.10.2	High
Version	Manifest	Implementation-Version	7.10.2	High
Version	pom	version	7.10.2	Highest

Identifiers

pkg:maven/org.testng/testng@7.10.2 (Confidence:High)
cpe:2.3:a:testng_project:testng:7.10.2:*:*:*:*:*:*:* (Confidence:Highest)

testng-7.10.2.jar: jquery-3.6.0.min.js

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/testng/testng/7.10.2/testng-7.10.2.jar/org/testng/jquery-3.6.0.min.js
MD5: 8fb8fee4fcc3cc86ff6c724154c49c42
SHA1: b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
SHA256:ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
Referenced In Project/Scope: TheseFoolishThings :: Test Utilities:compile

Evidence

Identifiers

None

testng-7.10.2.jar: testng-reports.js

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/testng/testng/7.10.2/testng-7.10.2.jar/org/testng/testng-reports.js
MD5: e18bdeef11d95e4802ca1e74ce8f4813
SHA1: 8e530ffd7c6528b0a47b4405b241181c09ed3534
SHA256:88d2a0988765ed96e51e5b0c5c63d6b9d25169a12d3c49003c2e87d98d0bdee2
Referenced In Project/Scope: TheseFoolishThings :: Test Utilities:compile

Evidence

Identifiers

None

testng-7.10.2.jar: testng-reports2.js

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/testng/testng/7.10.2/testng-7.10.2.jar/org/testng/testng-reports2.js
MD5: b45815e612fdfbeeffd1909e6551c84d
SHA1: 99dc7548ca6d9add4cc8d1022f392ccac385583b
SHA256:0cd0609bd983faf69e9eec6091de6a6e45400292a4f182fb9aa35a12acb7e852
Referenced In Project/Scope: TheseFoolishThings :: Test Utilities:compile

Evidence

Identifiers

None

How to read the report | Suppressing false positives | Getting Help: github issues Sponsor

Project: TheseFoolishThings :: Test Utilities

it.tidalwave.thesefoolishthings:it-tidalwave-util-test:3.2-ALPHA-24

Summary

Dependencies (vulnerable)

byte-buddy-1.15.0.jar

Evidence

Identifiers

byte-buddy-agent-1.15.0.jar

Evidence

Identifiers

it-tidalwave-util-3.2-ALPHA-24.jar

Evidence

Identifiers

java-diff-utils-4.15.jar

Evidence

Identifiers

javax.annotation-api-1.3.2.jar

Evidence

Identifiers

jcommander-1.82.jar

Evidence

Identifiers

jquery-3.7.1.jar

Evidence

Identifiers

jquery-3.7.1.jar: jquery.js

Evidence

Identifiers

jquery-3.7.1.jar: jquery.min.js

Evidence

Identifiers

jquery-3.7.1.jar: jquery.slim.js

Evidence

Identifiers

jquery-3.7.1.jar: jquery.slim.min.js

Evidence

Identifiers

jquery-3.7.1.jar: webjars-requirejs.js

Evidence

Identifiers

jsr305-3.0.2.jar

Evidence

Identifiers

lombok-1.18.36.jar

Evidence

Identifiers

lombok-1.18.36.jar: mavenEcjBootstrapAgent.jar

Evidence

Identifiers

mockito-core-5.13.0.jar

Evidence

Identifiers

objenesis-3.3.jar

Evidence

Identifiers

slf4j-api-2.0.16.jar

Evidence

Identifiers

spotbugs-annotations-3.1.9.jar

Evidence

Identifiers

spring-core-5.3.37.jar

Evidence

Related Dependencies

Identifiers

Published Vulnerabilities

spring-expression-5.3.37.jar

Evidence

Identifiers

Published Vulnerabilities

testng-7.10.2.jar

Evidence

Identifiers

testng-7.10.2.jar: jquery-3.6.0.min.js

Evidence

Identifiers

testng-7.10.2.jar: testng-reports.js

Evidence

Identifiers

How to read the report | Suppressing false positives | Getting Help: github issues

Sponsor