Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies;
false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and
the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties,
implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided
is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever
arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/com/zaxxer/HikariCP/4.0.3/HikariCP-4.0.3.jar MD5: e725642926105cd1bbf4ad7fdff5d5a9 SHA1: 107cbdf0db6780a065f895ae9d8fbf3bb0e1c21f SHA256:7c024aeff1c1063576d74453513f9de6447d8e624d17f8e27f30a2e97688c6c9 Referenced In Project/Scope: TheseFoolishThings :: Examples :: DCI :: Persistence JPA:compile HikariCP-4.0.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@2.7.18
A framework for constructing recognizers, compilers,
and translators from grammatical descriptions containing
Java, C#, C++, or Python actions.
License:
BSD License: http://www.antlr.org/license.html
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/antlr/antlr/2.7.7/antlr-2.7.7.jar MD5: f8f1352c52a4c6a500b597596501fc64 SHA1: 83cd2cd674a217ade95a4bb83a8a14f351f48bd0 SHA256:88fbda4b912596b9f56e8e12e580cc954bacfb51776ecfddd3e18fc1cf56dc4c Referenced In Project/Scope: TheseFoolishThings :: Examples :: DCI :: Persistence JPA:compile antlr-2.7.7.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@2.7.18
The AspectJ runtime is a small library necessary to run Java programs enhanced by AspectJ aspects during a previous
compile-time or post-compile-time (binary weaving) build step.
License:
Eclipse Public License - v 2.0: https://www.eclipse.org/org/documents/epl-2.0/EPL-2.0.txt
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/aspectj/aspectjrt/1.9.20.1/aspectjrt-1.9.20.1.jar MD5: 6398abe3162564b5b87e7a3ce4dfd204 SHA1: 26954e413fd6e4278c5720abe29726a904f14bc8 SHA256:1921492949907e700a8918a21d51a508c421d08461652b77daab89cf0e6291d5 Referenced In Project/Scope: TheseFoolishThings :: Examples :: DCI :: Persistence JPA:compile aspectjrt-1.9.20.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/it.tidalwave.thesefoolishthings/it-tidalwave-role-spring@3.2-ALPHA-24
Byte Buddy is a Java library for creating Java classes at run time.
This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/net/bytebuddy/byte-buddy/1.12.23/byte-buddy-1.12.23.jar MD5: bdf44dc7543f6bf2728b6e7d32e3bf8c SHA1: d470526e8c4566c04e9ae5d3ccb62d1a7aa58986 SHA256:0433a8e4efcc5e137ceb6e7e1d83c2f1f95057c13b66fb92a901f883cb4df4b4 Referenced In Project/Scope: TheseFoolishThings :: Examples :: DCI :: Persistence JPA:compile byte-buddy-1.12.23.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.mockito/mockito-core@5.13.0
Library for introspecting types with full generic information
including resolving of field and method types.
License:
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/com/fasterxml/classmate/1.5.1/classmate-1.5.1.jar MD5: e91fcd30ba329fd1b0b6dc5321fd067c SHA1: 3fe0bed568c62df5e89f4f174c101eab25345b6c SHA256:aab4de3006808c09d25dd4ff4a3611cfb63c95463cfd99e73d2e1680d229a33b Referenced In Project/Scope: TheseFoolishThings :: Examples :: DCI :: Persistence JPA:compile classmate-1.5.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@2.7.18
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/com/h2database/h2/2.3.232/h2-2.3.232.jar MD5: 756154ae197457f2995b89c11bc9b2c3 SHA1: 4fcc05d966ccdb2812ae8b9a718f69226c0cf4e2 SHA256:8dae62d22db8982c3dcb3826edb9c727c5d302063a67eef7d63d82de401f07d3 Referenced In Project/Scope: TheseFoolishThings :: Examples :: DCI :: Persistence JPA:compile h2-2.3.232.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/it.tidalwave.thesefoolishthings/it-tidalwave-thesefoolishthings-examples-dci-persistence-jpa@3.2-ALPHA-24
h2database - Improper Link Resolution Before File Access
The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
CWE-59 Improper Link Resolution Before File Access ('Link Following')
Common reflection code used in support of annotation processing
License:
GNU Library General Public License v2.1 or later: http://www.opensource.org/licenses/LGPL-2.1
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/hibernate/common/hibernate-commons-annotations/5.1.2.Final/hibernate-commons-annotations-5.1.2.Final.jar MD5: 2a2490b3eb8e7585a6a899d27d7ed43f SHA1: e59ffdbc6ad09eeb33507b39ffcf287679a498c8 SHA256:1c7ce712b2679fea0a5441eb02a04144297125b768944819be0765befb996275 Referenced In Project/Scope: TheseFoolishThings :: Examples :: DCI :: Persistence JPA:compile hibernate-commons-annotations-5.1.2.Final.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@2.7.18
GNU Library General Public License v2.1 or later: https://www.opensource.org/licenses/LGPL-2.1
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/hibernate/hibernate-core/5.6.15.Final/hibernate-core-5.6.15.Final.jar MD5: 0bc0673435fbabce62a7a0d5fe967fd8 SHA1: ab14b7cef1fdff654ca81923048a6034d6c7cfa7 SHA256:9b5a7e1faf094d98c9e33b6a27c4cae42e52f65b139091c08b9a0b4a9858b207 Referenced In Project/Scope: TheseFoolishThings :: Examples :: DCI :: Persistence JPA:compile hibernate-core-5.6.15.Final.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@2.7.18
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/com/sun/istack/istack-commons-runtime/3.0.12/istack-commons-runtime-3.0.12.jar MD5: 1952bd76321f8580cfaa57e332a68287 SHA1: cbbe1a62b0cc6c85972e99d52aaee350153dc530 SHA256:27d85fc134c9271d5c79d3300fc4669668f017e72409727c428f54f2417f04cd Referenced In Project/Scope: TheseFoolishThings :: Examples :: DCI :: Persistence JPA:compile istack-commons-runtime-3.0.12.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@2.7.18
Roles are a powerful way for designing complex behaviours while keeping good practices such as Single Responsibility, Dependency Inversion and
Interface Segregation.
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/it/tidalwave/thesefoolishthings/it-tidalwave-role/3.2-ALPHA-24/it-tidalwave-role-3.2-ALPHA-24.jar MD5: 03c70042a28ce3c67af0117708e78a8d SHA1: cb965781b67b40d6c7f3e09bbe5a59ef934bb0fc SHA256:0ff4eb4ccb233cbfb65c89ce121e3fc2b6d907d4d1d494133e0dd49b8fe45551 Referenced In Project/Scope: TheseFoolishThings :: Examples :: DCI :: Persistence JPA:compile it-tidalwave-role-3.2-ALPHA-24.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/it.tidalwave.thesefoolishthings/it-tidalwave-thesefoolishthings-examples-dci-persistence-jpa@3.2-ALPHA-24
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/it/tidalwave/thesefoolishthings/it-tidalwave-role-spring/3.2-ALPHA-24/it-tidalwave-role-spring-3.2-ALPHA-24.jar MD5: 2f14e90a953ccc7bbaeb3e8961e7a693 SHA1: 7bd5a5916099ac476a3d7eeb4955d59eb2151144 SHA256:070b8113493b8970adbd2253168c82e8312e7ed59a767bf516766f455b958882 Referenced In Project/Scope: TheseFoolishThings :: Examples :: DCI :: Persistence JPA:compile it-tidalwave-role-spring-3.2-ALPHA-24.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/it.tidalwave.thesefoolishthings/it-tidalwave-thesefoolishthings-examples-dci-persistence-jpa@3.2-ALPHA-24
This module provides sample data structures used by other examples.
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/it/tidalwave/thesefoolishthings/it-tidalwave-thesefoolishthings-examples-data/3.2-ALPHA-24/it-tidalwave-thesefoolishthings-examples-data-3.2-ALPHA-24.jar MD5: 1c4973eca764969f9940e274bb085d0e SHA1: a942c61b6beb3e2d082a02f6871c4d4833effc51 SHA256:37d19c36166c1c64419556969929effdb00bf28f05943b9064eff51360195513 Referenced In Project/Scope: TheseFoolishThings :: Examples :: DCI :: Persistence JPA:compile it-tidalwave-thesefoolishthings-examples-data-3.2-ALPHA-24.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/it.tidalwave.thesefoolishthings/it-tidalwave-thesefoolishthings-examples-dci-persistence-jpa@3.2-ALPHA-24
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/it/tidalwave/thesefoolishthings/it-tidalwave-util/3.2-ALPHA-24/it-tidalwave-util-3.2-ALPHA-24.jar MD5: 1bd6e1d7d3b38390d73e52d60125ad65 SHA1: 77df5aa3f7b6a1647c7ac73b70dfd1ea047afc8e SHA256:1cd466c22b0df169f21e90380f111449507fddef314d9fb829b7ed4068b6d34b Referenced In Project/Scope: TheseFoolishThings :: Examples :: DCI :: Persistence JPA:compile it-tidalwave-util-3.2-ALPHA-24.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/it.tidalwave.thesefoolishthings/it-tidalwave-thesefoolishthings-examples-dci-persistence-jpa@3.2-ALPHA-24
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/it/tidalwave/thesefoolishthings/it-tidalwave-util-test/3.2-ALPHA-24/it-tidalwave-util-test-3.2-ALPHA-24.jar MD5: 7e3905d448c300bf5794e833c3454e03 SHA1: e52747b2c214e8c2b5d298a0cfd6e5fce9f70f44 SHA256:d7ead438b21335f9d3f34e856c3ad7255607c253ee926f1af892940205dc9276 Referenced In Project/Scope: TheseFoolishThings :: Examples :: DCI :: Persistence JPA:compile it-tidalwave-util-test-3.2-ALPHA-24.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/it.tidalwave.thesefoolishthings/it-tidalwave-thesefoolishthings-examples-dci-persistence-jpa@3.2-ALPHA-24
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/com/sun/activation/jakarta.activation/1.2.2/jakarta.activation-1.2.2.jar MD5: 0b8bee3bf29b9a015f8b992035581a7c SHA1: 74548703f9851017ce2f556066659438019e7eb5 SHA256:02156773e4ae9d048d14a56ad35d644bee9f1052a791d072df3ded3c656e6e1a Referenced In Project/Scope: TheseFoolishThings :: Examples :: DCI :: Persistence JPA:runtime jakarta.activation-1.2.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@2.7.18
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/jakarta/annotation/jakarta.annotation-api/1.3.5/jakarta.annotation-api-1.3.5.jar MD5: 8b165cf58df5f8c2a222f637c0a07c97 SHA1: 59eb84ee0d616332ff44aba065f3888cf002cd2d SHA256:85fb03fc054cdf4efca8efd9b6712bbb418e1ab98241c4539c8585bbc23e1b8a Referenced In Project/Scope: TheseFoolishThings :: Examples :: DCI :: Persistence JPA:compile jakarta.annotation-api-1.3.5.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter@2.7.18
Eclipse Public License v. 2.0: http://www.eclipse.org/legal/epl-2.0
Eclipse Distribution License v. 1.0: http://www.eclipse.org/org/documents/edl-v10.php
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/jakarta/persistence/jakarta.persistence-api/2.2.3/jakarta.persistence-api-2.2.3.jar MD5: e0a655f398f8e68e0afebb0f71fba4e5 SHA1: 8f6ea5daedc614f07a3654a455660145286f024e SHA256:0c2d73ab36ad24eeed6e0bea928e9d0ef771de8df689e23b7754d366dda27c53 Referenced In Project/Scope: TheseFoolishThings :: Examples :: DCI :: Persistence JPA:compile jakarta.persistence-api-2.2.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@2.7.18
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/jakarta/transaction/jakarta.transaction-api/1.3.3/jakarta.transaction-api-1.3.3.jar MD5: cc45726045cc9a0728f803f9db4c90c4 SHA1: c4179d48720a1e87202115fbed6089bdc4195405 SHA256:0b02a194dd04ee2e192dc9da9579e10955dd6e8ac707adfc91d92f119b0e67ab Referenced In Project/Scope: TheseFoolishThings :: Examples :: DCI :: Persistence JPA:compile jakarta.transaction-api-1.3.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@2.7.18
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/jakarta/xml/bind/jakarta.xml.bind-api/2.3.3/jakarta.xml.bind-api-2.3.3.jar MD5: 61286918ca0192e9f87d1358aef718dd SHA1: 48e3b9cfc10752fba3521d6511f4165bea951801 SHA256:c04539f472e9a6dd0c7685ea82d677282269ab8e7baca2e14500e381e0c6cec5 Referenced In Project/Scope: TheseFoolishThings :: Examples :: DCI :: Persistence JPA:compile jakarta.xml.bind-api-2.3.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@2.7.18
Parent POM for JBoss projects. Provides default project build configuration.
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/jboss/jandex/2.4.2.Final/jandex-2.4.2.Final.jar MD5: 489f7a97d2ed7ae34ea56d01b3566d57 SHA1: 1e1c385990b258ff1a24c801e84aebbacf70eb39 SHA256:3f2ce55c7d71e744581488dc5105806aa8084c08e6e916a019bab8f8698994f0 Referenced In Project/Scope: TheseFoolishThings :: Examples :: DCI :: Persistence JPA:compile jandex-2.4.2.Final.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@2.7.18
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/io/github/java-diff-utils/java-diff-utils/4.15/java-diff-utils-4.15.jar MD5: 7307001832630cebc9ea88620d4af2d8 SHA1: a8b782ac93bf6c714526ac880adef7c52a87dad7 SHA256:964c69e3a23a892db2778ae6806aa1d42f81230032bd8e4982dc8620582ee6b7 Referenced In Project/Scope: TheseFoolishThings :: Examples :: DCI :: Persistence JPA:compile java-diff-utils-4.15.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/it.tidalwave.thesefoolishthings/it-tidalwave-util-test@3.2-ALPHA-24
CDDL + GPLv2 with classpath exception: https://github.com/javaee/javax.annotation/blob/master/LICENSE
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/javax/annotation/javax.annotation-api/1.3.2/javax.annotation-api-1.3.2.jar MD5: 2ab1973eefffaa2aeec47d50b9e40b9d SHA1: 934c04d3cfef185a8008e7bf34331b79730a9d43 SHA256:e04ba5195bcd555dc95650f7cc614d151e4bcd52d29a10b8aa2197f3ab89ab9b Referenced In Project/Scope: TheseFoolishThings :: Examples :: DCI :: Persistence JPA:compile javax.annotation-api-1.3.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/it.tidalwave.thesefoolishthings/it-tidalwave-thesefoolishthings-examples-dci-persistence-jpa@3.2-ALPHA-24
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/javax/inject/javax.inject/1/javax.inject-1.jar MD5: 289075e48b909e9e74e6c915b3631d2e SHA1: 6975da39a7040257bd51d21a231b76c915872d38 SHA256:91c77044a50c481636c32d916fd89c9118a72195390452c81065080f957de7ff Referenced In Project/Scope: TheseFoolishThings :: Examples :: DCI :: Persistence JPA:compile javax.inject-1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/it.tidalwave.thesefoolishthings/it-tidalwave-thesefoolishthings-examples-dci-persistence-jpa@3.2-ALPHA-24
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/glassfish/jaxb/jaxb-runtime/2.3.9/jaxb-runtime-2.3.9.jar MD5: 9383286160dde0e1a0fec25aee8a44ef SHA1: 9d42b4f19df7e20b625b2044a7de81d95f6dff29 SHA256:ba88e5bde7c0d878c3e1f2ec2fcabaf51d201eaf93b3bb9cfecfc1f11b2304d4 Referenced In Project/Scope: TheseFoolishThings :: Examples :: DCI :: Persistence JPA:compile jaxb-runtime-2.3.9.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@2.7.18
Apache License, version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/jboss/logging/jboss-logging/3.4.3.Final/jboss-logging-3.4.3.Final.jar MD5: b298d4b79e591843c1eb1458ea79f070 SHA1: c4bd7e12a745c0e7f6cf98c45cdcdf482fd827ea SHA256:0b324cca4d550060e51e70cc0045a6cce62f264278ec1f5082aafeb670fcac49 Referenced In Project/Scope: TheseFoolishThings :: Examples :: DCI :: Persistence JPA:compile jboss-logging-3.4.3.Final.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@2.7.18
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/slf4j/jcl-over-slf4j/2.0.16/jcl-over-slf4j-2.0.16.jar MD5: c077b88c43f9d63f64f9880fdb457efb SHA1: 9d08badad22f1ac07deac9188ade596472a2bfd9 SHA256:5744d62c5af556e839ab922c9fa3f737f0a5971e478ba68b2eb5256b2842ec78 Referenced In Project/Scope: TheseFoolishThings :: Examples :: DCI :: Persistence JPA:compile jcl-over-slf4j-2.0.16.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/it.tidalwave.thesefoolishthings/it-tidalwave-thesefoolishthings-examples-dci-persistence-jpa@3.2-ALPHA-24
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar MD5: dd83accb899363c32b07d7a1b2e4ce40 SHA1: 25ea2e8b0c338a877313bd4672d3fe056ea78f0d SHA256:766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7 Referenced In Project/Scope: TheseFoolishThings :: Examples :: DCI :: Persistence JPA:compile jsr305-3.0.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs-annotations@3.1.9
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/slf4j/jul-to-slf4j/2.0.16/jul-to-slf4j-2.0.16.jar MD5: 410ad2f2230e0150216d86e12a4af995 SHA1: 6d57da3e961daac65bcca0dd3def6cd11e48a24a SHA256:0f2ec396ea29c9a440890d1f09fdb82fdd574b47b298435764235451c193861d Referenced In Project/Scope: TheseFoolishThings :: Examples :: DCI :: Persistence JPA:compile jul-to-slf4j-2.0.16.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter@2.7.18
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/apache/logging/log4j/log4j-api/2.17.2/log4j-api-2.17.2.jar MD5: 0c39d90e7819c92c111e447bdf786a90 SHA1: f42d6afa111b4dec5d2aea0fe2197240749a4ea6 SHA256:09351b5a03828f369cdcff76f4ed39e6a6fc20f24f046935d0b28ef5152f8ce4 Referenced In Project/Scope: TheseFoolishThings :: Examples :: DCI :: Persistence JPA:compile log4j-api-2.17.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter@2.7.18
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/apache/logging/log4j/log4j-to-slf4j/2.17.2/log4j-to-slf4j-2.17.2.jar MD5: 14b27a4266c6d71c949cb4591ee463cc SHA1: 17dd0fae2747d9a28c67bc9534108823d2376b46 SHA256:9bcfa5273527b950d79739d11e8f8080cfc881908fa2a946b4e891c0293094de Referenced In Project/Scope: TheseFoolishThings :: Examples :: DCI :: Persistence JPA:compile log4j-to-slf4j-2.17.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter@2.7.18
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/ch/qos/logback/logback-core/1.5.12/logback-core-1.5.12.jar MD5: e381425e2c7eb1b0b0f3fa93f6c67355 SHA1: 65b1fa25fe8d8e4bdc140e79eb67ac6741f775e2 SHA256:3f35b41621c2cbf72a9d9f3ce2270ba2040e4808bd6befdd720866e926d3e84a Referenced In Project/Scope: TheseFoolishThings :: Examples :: DCI :: Persistence JPA:runtime logback-core-1.5.12.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/it.tidalwave.thesefoolishthings/it-tidalwave-thesefoolishthings-examples-dci-persistence-jpa@3.2-ALPHA-24
Spice up your java: Automatic Resource Management, automatic generation of getters, setters, equals, hashCode and toString, and more!
License:
The MIT License: https://projectlombok.org/LICENSE
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/projectlombok/lombok/1.18.36/lombok-1.18.36.jar MD5: 92c08153ae16c161c8cc2cc8185d2724 SHA1: 5a30490a6e14977d97d9c73c924c1f1b5311ea95 SHA256:73b6b05b6a2d365b700bab08d30f94de9d336490bc0acce5b6181fef48cbf18e Referenced In Project/Scope: TheseFoolishThings :: Examples :: DCI :: Persistence JPA:provided lombok-1.18.36.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/it.tidalwave.thesefoolishthings/it-tidalwave-thesefoolishthings-examples-dci-persistence-jpa@3.2-ALPHA-24
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/slf4j/slf4j-api/2.0.16/slf4j-api-2.0.16.jar MD5: c8de8f5d740584cb24b5652cfba8b3c4 SHA1: 0172931663a09a1fa515567af5fbef00897d3c04 SHA256:a12578dde1ba00bd9b816d388a0b879928d00bab3c83c240f7013bf4196c579a Referenced In Project/Scope: TheseFoolishThings :: Examples :: DCI :: Persistence JPA:compile slf4j-api-2.0.16.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/it.tidalwave.thesefoolishthings/it-tidalwave-thesefoolishthings-examples-dci-persistence-jpa@3.2-ALPHA-24
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar MD5: ba063b8ef3a8bfd591a1b56451166b14 SHA1: 8fde7fe2586328ac3c68db92045e1c8759125000 SHA256:f43a4e40a946b8cdfd0321bc1c9a839bc3f119c57e4ca84fb87c367f51c8b2b3 Referenced In Project/Scope: TheseFoolishThings :: Examples :: DCI :: Persistence JPA:compile snakeyaml-1.30.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter@2.7.18
SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization. We recommend upgrading to version 2.0 and beyond.
CWE-502 Deserialization of Untrusted Data, CWE-20 Improper Input Validation
The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.
CWE-776 Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.
Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.
GNU LESSER GENERAL PUBLIC LICENSE, Version 2.1: https://www.gnu.org/licenses/old-licenses/lgpl-2.1.en.html
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/com/github/spotbugs/spotbugs-annotations/3.1.9/spotbugs-annotations-3.1.9.jar MD5: 56a1a81d69b6a111161bbce0e6dea26a SHA1: 2ef5127efcc1a899aab8c66d449a631c9a99c469 SHA256:68c7c46b4299e94837e236ae742f399901a950fe910fe3ca710026753b5dd2e1 Referenced In Project/Scope: TheseFoolishThings :: Examples :: DCI :: Persistence JPA:compile spotbugs-annotations-3.1.9.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/it.tidalwave.thesefoolishthings/it-tidalwave-thesefoolishthings-examples-dci-persistence-jpa@3.2-ALPHA-24
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/springframework/boot/spring-boot/2.7.18/spring-boot-2.7.18.jar MD5: 0941c83c25204150f8bd73ae66c63fd1 SHA1: f6dbdd8da7c2bded63dff9b1f48d01a4923f20a0 SHA256:530f4e0fdfeb3a0e2b3a369d15cdea38fbdc1696f8b030c35a6ad65c27524950 Referenced In Project/Scope: TheseFoolishThings :: Examples :: DCI :: Persistence JPA:compile spring-boot-2.7.18.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter@2.7.18
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/springframework/spring-core/5.3.31/spring-core-5.3.31.jar MD5: a9ef5a29eaa89fe909a0c4ed870d90a1 SHA1: 368e76f732a3c331b970f69cafec1525d27b34d3 SHA256:7013ed3da15a8d4be797f5c310f9aa1b196b97f2313bc41e60ef3f5627224fe9 Referenced In Project/Scope: TheseFoolishThings :: Examples :: DCI :: Persistence JPA:compile spring-core-5.3.31.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter@2.7.18
The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected.
NVD-CWE-noinfo, CWE-178 Improper Handling of Case Sensitivity
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/springframework/data/spring-data-commons/2.7.18/spring-data-commons-2.7.18.jar MD5: 92abbc5fc0193ed932a1ab973a249c8a SHA1: e7cc3f9746e9439f3e33355b4d4ef262e5b136d1 SHA256:896e203a870b77a5a58f6c642fb9ba1cac858e013637ce3f9bffa9420e1f7f56 Referenced In Project/Scope: TheseFoolishThings :: Examples :: DCI :: Persistence JPA:compile spring-data-commons-2.7.18.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@2.7.18
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/springframework/data/spring-data-jpa/2.7.18/spring-data-jpa-2.7.18.jar MD5: 60c555a859deadcc9383f2af49f9e289 SHA1: ad78adb26ea2e4f11589aa73c7b3eb473a16078c SHA256:a16bbbf5721d9c35cbb21ef3f079ae2c28fd9cb8d9d6451cacc0fa917e44620d Referenced In Project/Scope: TheseFoolishThings :: Examples :: DCI :: Persistence JPA:compile spring-data-jpa-2.7.18.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@2.7.18
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/springframework/spring-expression/5.3.31/spring-expression-5.3.31.jar MD5: 9e309bb1a738acbd0ac9c9fc58931fd3 SHA1: 55637af1b186d1008890980c2876c5fc83599756 SHA256:e027f122b8a4e3030339068220bed02d1c9d397eb5897f1e33ba2f63b22591ac Referenced In Project/Scope: TheseFoolishThings :: Examples :: DCI :: Persistence JPA:compile spring-expression-5.3.31.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/it.tidalwave.thesefoolishthings/it-tidalwave-role-spring@3.2-ALPHA-24
In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language (SpEL) expression that may cause a denial of service (DoS) condition.
Specifically, an application is vulnerable when the following is true:
* The application evaluates user-supplied SpEL expressions.
Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2024-38808 for details
CWE-770 Allocation of Resources Without Limits or Throttling
The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected.
NVD-CWE-noinfo, CWE-178 Improper Handling of Case Sensitivity
TXW is a library that allows you to write XML documents.
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/glassfish/jaxb/txw2/2.3.9/txw2-2.3.9.jar MD5: 5db04c7917b3c0a07862a7e63bfc1581 SHA1: 13a78453a89bf7d268382a520cba4d5435c5adfc SHA256:973018b87af911ecf6e6d861dd0d6a477e4d8ae6a883ec5d073d3df1330b87f0 Referenced In Project/Scope: TheseFoolishThings :: Examples :: DCI :: Persistence JPA:compile txw2-2.3.9.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@2.7.18