Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

How to read the report | Suppressing false positives | Getting Help: github issues

 Sponsor

Project: TheseFoolishThings :: Examples :: DCI :: Persistence JPA

it.tidalwave.thesefoolishthings:it-tidalwave-thesefoolishthings-examples-dci-persistence-jpa:3.2-ALPHA-24

Scan Information (show all):

Summary

Display: Showing Vulnerable Dependencies (click to show all)

DependencyVulnerability IDsPackageHighest SeverityCVE CountConfidenceEvidence Count
HikariCP-4.0.3.jarpkg:maven/com.zaxxer/HikariCP@4.0.3 038
antlr-2.7.7.jarpkg:maven/antlr/antlr@2.7.7 024
aspectjrt-1.9.20.1.jarpkg:maven/org.aspectj/aspectjrt@1.9.20.1 037
byte-buddy-1.12.23.jarpkg:maven/net.bytebuddy/byte-buddy@1.12.23 029
classmate-1.5.1.jarpkg:maven/com.fasterxml/classmate@1.5.1 054
h2-2.3.232.jarcpe:2.3:a:h2database:h2:2.3.232:*:*:*:*:*:*:*pkg:maven/com.h2database/h2@2.3.232MEDIUM1Highest44
h2-2.3.232.jar: data.zip: table.js 00
h2-2.3.232.jar: data.zip: tree.js 00
hibernate-commons-annotations-5.1.2.Final.jarpkg:maven/org.hibernate.common/hibernate-commons-annotations@5.1.2.Final 044
hibernate-core-5.6.15.Final.jarcpe:2.3:a:hibernate:hibernate_orm:5.6.15:*:*:*:*:*:*:*pkg:maven/org.hibernate/hibernate-core@5.6.15.Final 0Low44
istack-commons-runtime-3.0.12.jarpkg:maven/com.sun.istack/istack-commons-runtime@3.0.12 033
it-tidalwave-role-3.2-ALPHA-24.jarpkg:maven/it.tidalwave.thesefoolishthings/it-tidalwave-role@3.2-ALPHA-24 024
it-tidalwave-role-spring-3.2-ALPHA-24.jarpkg:maven/it.tidalwave.thesefoolishthings/it-tidalwave-role-spring@3.2-ALPHA-24 026
it-tidalwave-thesefoolishthings-examples-data-3.2-ALPHA-24.jarpkg:maven/it.tidalwave.thesefoolishthings/it-tidalwave-thesefoolishthings-examples-data@3.2-ALPHA-24 026
it-tidalwave-util-3.2-ALPHA-24.jarpkg:maven/it.tidalwave.thesefoolishthings/it-tidalwave-util@3.2-ALPHA-24 024
it-tidalwave-util-test-3.2-ALPHA-24.jarpkg:maven/it.tidalwave.thesefoolishthings/it-tidalwave-util-test@3.2-ALPHA-24 026
jakarta.activation-1.2.2.jarpkg:maven/com.sun.activation/jakarta.activation@1.2.2 033
jakarta.annotation-api-1.3.5.jarcpe:2.3:a:oracle:projects:1.3.5:*:*:*:*:*:*:*pkg:maven/jakarta.annotation/jakarta.annotation-api@1.3.5 0Low35
jakarta.persistence-api-2.2.3.jarpkg:maven/jakarta.persistence/jakarta.persistence-api@2.2.3 038
jakarta.transaction-api-1.3.3.jarcpe:2.3:a:oracle:projects:1.3.3:*:*:*:*:*:*:*pkg:maven/jakarta.transaction/jakarta.transaction-api@1.3.3 0Low48
jakarta.xml.bind-api-2.3.3.jarpkg:maven/jakarta.xml.bind/jakarta.xml.bind-api@2.3.3 033
jandex-2.4.2.Final.jarpkg:maven/org.jboss/jandex@2.4.2.Final 042
java-diff-utils-4.15.jarcpe:2.3:a:utils_project:utils:4.15:*:*:*:*:*:*:*pkg:maven/io.github.java-diff-utils/java-diff-utils@4.15 0Highest21
javax.annotation-api-1.3.2.jarpkg:maven/javax.annotation/javax.annotation-api@1.3.2 048
javax.inject-1.jarpkg:maven/javax.inject/javax.inject@1 020
jaxb-runtime-2.3.9.jarpkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 047
jboss-logging-3.4.3.Final.jarpkg:maven/org.jboss.logging/jboss-logging@3.4.3.Final 043
jcl-over-slf4j-2.0.16.jarpkg:maven/org.slf4j/jcl-over-slf4j@2.0.16 031
jsr305-3.0.2.jarpkg:maven/com.google.code.findbugs/jsr305@3.0.2 017
jul-to-slf4j-2.0.16.jarpkg:maven/org.slf4j/jul-to-slf4j@2.0.16 031
log4j-api-2.17.2.jarcpe:2.3:a:apache:log4j:2.17.2:*:*:*:*:*:*:*pkg:maven/org.apache.logging.log4j/log4j-api@2.17.2 0Highest44
log4j-to-slf4j-2.17.2.jarpkg:maven/org.apache.logging.log4j/log4j-to-slf4j@2.17.2 044
logback-core-1.5.12.jarcpe:2.3:a:qos:logback:1.5.12:*:*:*:*:*:*:*pkg:maven/ch.qos.logback/logback-core@1.5.12 0Highest39
lombok-1.18.36.jarpkg:maven/org.projectlombok/lombok@1.18.36 036
lombok-1.18.36.jar: mavenEcjBootstrapAgent.jar 07
slf4j-api-2.0.16.jarpkg:maven/org.slf4j/slf4j-api@2.0.16 029
snakeyaml-1.30.jarcpe:2.3:a:snakeyaml_project:snakeyaml:1.30:*:*:*:*:*:*:*pkg:maven/org.yaml/snakeyaml@1.30CRITICAL7Highest44
spotbugs-annotations-3.1.9.jarpkg:maven/com.github.spotbugs/spotbugs-annotations@3.1.9 053
spring-boot-2.7.18.jarcpe:2.3:a:vmware:spring_boot:2.7.18:*:*:*:*:*:*:*pkg:maven/org.springframework.boot/spring-boot@2.7.18 0Highest38
spring-core-5.3.31.jarcpe:2.3:a:pivotal_software:spring_framework:5.3.31:*:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:5.3.31:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:5.3.31:*:*:*:*:*:*:*
pkg:maven/org.springframework/spring-core@5.3.31MEDIUM1Highest37
spring-data-commons-2.7.18.jarcpe:2.3:a:pivotal_software:spring_data_commons:2.7.18:*:*:*:*:*:*:*pkg:maven/org.springframework.data/spring-data-commons@2.7.18 0Highest30
spring-data-jpa-2.7.18.jarcpe:2.3:a:pivotal_software:spring_data_jpa:2.7.18:*:*:*:*:*:*:*pkg:maven/org.springframework.data/spring-data-jpa@2.7.18 0Highest32
spring-expression-5.3.31.jarcpe:2.3:a:pivotal_software:spring_framework:5.3.31:*:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:5.3.31:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:5.3.31:*:*:*:*:*:*:*
pkg:maven/org.springframework/spring-expression@5.3.31MEDIUM2Highest37
txw2-2.3.9.jarpkg:maven/org.glassfish.jaxb/txw2@2.3.9 035

Dependencies (vulnerable)

HikariCP-4.0.3.jar

Description:

Ultimate JDBC Connection Pool

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/com/zaxxer/HikariCP/4.0.3/HikariCP-4.0.3.jar
MD5: e725642926105cd1bbf4ad7fdff5d5a9
SHA1: 107cbdf0db6780a065f895ae9d8fbf3bb0e1c21f
SHA256:7c024aeff1c1063576d74453513f9de6447d8e624d17f8e27f30a2e97688c6c9
Referenced In Project/Scope: TheseFoolishThings :: Examples :: DCI :: Persistence JPA:compile
HikariCP-4.0.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@2.7.18

Identifiers

antlr-2.7.7.jar

Description:

    A framework for constructing recognizers, compilers,
    and translators from grammatical descriptions containing
    Java, C#, C++, or Python actions.
  

License:

BSD License: http://www.antlr.org/license.html
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/antlr/antlr/2.7.7/antlr-2.7.7.jar
MD5: f8f1352c52a4c6a500b597596501fc64
SHA1: 83cd2cd674a217ade95a4bb83a8a14f351f48bd0
SHA256:88fbda4b912596b9f56e8e12e580cc954bacfb51776ecfddd3e18fc1cf56dc4c
Referenced In Project/Scope: TheseFoolishThings :: Examples :: DCI :: Persistence JPA:compile
antlr-2.7.7.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@2.7.18

Identifiers

aspectjrt-1.9.20.1.jar

Description:

The AspectJ runtime is a small library necessary to run Java programs enhanced by AspectJ aspects during a previous
		compile-time or post-compile-time (binary weaving) build step.

License:

Eclipse Public License - v 2.0: https://www.eclipse.org/org/documents/epl-2.0/EPL-2.0.txt
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/aspectj/aspectjrt/1.9.20.1/aspectjrt-1.9.20.1.jar
MD5: 6398abe3162564b5b87e7a3ce4dfd204
SHA1: 26954e413fd6e4278c5720abe29726a904f14bc8
SHA256:1921492949907e700a8918a21d51a508c421d08461652b77daab89cf0e6291d5
Referenced In Project/Scope: TheseFoolishThings :: Examples :: DCI :: Persistence JPA:compile
aspectjrt-1.9.20.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/it.tidalwave.thesefoolishthings/it-tidalwave-role-spring@3.2-ALPHA-24

Identifiers

byte-buddy-1.12.23.jar

Description:

        Byte Buddy is a Java library for creating Java classes at run time.
        This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.
    

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/net/bytebuddy/byte-buddy/1.12.23/byte-buddy-1.12.23.jar
MD5: bdf44dc7543f6bf2728b6e7d32e3bf8c
SHA1: d470526e8c4566c04e9ae5d3ccb62d1a7aa58986
SHA256:0433a8e4efcc5e137ceb6e7e1d83c2f1f95057c13b66fb92a901f883cb4df4b4
Referenced In Project/Scope: TheseFoolishThings :: Examples :: DCI :: Persistence JPA:compile
byte-buddy-1.12.23.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.mockito/mockito-core@5.13.0

Identifiers

classmate-1.5.1.jar

Description:

Library for introspecting types with full generic information
        including resolving of field and method types.
    

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/com/fasterxml/classmate/1.5.1/classmate-1.5.1.jar
MD5: e91fcd30ba329fd1b0b6dc5321fd067c
SHA1: 3fe0bed568c62df5e89f4f174c101eab25345b6c
SHA256:aab4de3006808c09d25dd4ff4a3611cfb63c95463cfd99e73d2e1680d229a33b
Referenced In Project/Scope: TheseFoolishThings :: Examples :: DCI :: Persistence JPA:compile
classmate-1.5.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@2.7.18

Identifiers

h2-2.3.232.jar

Description:

H2 Database Engine

License:

MPL 2.0: https://www.mozilla.org/en-US/MPL/2.0/
EPL 1.0: https://opensource.org/licenses/eclipse-1.0.php
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/com/h2database/h2/2.3.232/h2-2.3.232.jar
MD5: 756154ae197457f2995b89c11bc9b2c3
SHA1: 4fcc05d966ccdb2812ae8b9a718f69226c0cf4e2
SHA256:8dae62d22db8982c3dcb3826edb9c727c5d302063a67eef7d63d82de401f07d3
Referenced In Project/Scope: TheseFoolishThings :: Examples :: DCI :: Persistence JPA:compile
h2-2.3.232.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/it.tidalwave.thesefoolishthings/it-tidalwave-thesefoolishthings-examples-dci-persistence-jpa@3.2-ALPHA-24

Identifiers

CVE-2018-14335 (OSSINDEX)  

h2database - Improper Link Resolution Before File Access

The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
CWE-59 Improper Link Resolution Before File Access ('Link Following')

CVSSv3:
  • Base Score: MEDIUM (6.0)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:com.h2database:h2:2.3.232:*:*:*:*:*:*:*

h2-2.3.232.jar: data.zip: table.js

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/com/h2database/h2/2.3.232/h2-2.3.232.jar/org/h2/util/data.zip/org/h2/server/web/res/table.js
MD5: 8973a8c183f3455d8c4fe07a9a963429
SHA1: 4b32bb0b435151f899abdc8a98dab8f844b10b94
SHA256:807d50c7d28cc022b174774cfaff3d1c8b39ea04c1e260ddb6265e7fc0660910
Referenced In Project/Scope: TheseFoolishThings :: Examples :: DCI :: Persistence JPA:compile

Identifiers

  • None

h2-2.3.232.jar: data.zip: tree.js

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/com/h2database/h2/2.3.232/h2-2.3.232.jar/org/h2/util/data.zip/org/h2/server/web/res/tree.js
MD5: 8105bba99dd1db86cb1cf23b2556a620
SHA1: 1c00b802f6cb1013cb0ed40eec6a98b5ba4cd0e7
SHA256:c5602b0b3488bb7d61959228a224a5f806f2749d67f9cdc182327fe069b94238
Referenced In Project/Scope: TheseFoolishThings :: Examples :: DCI :: Persistence JPA:compile

Identifiers

  • None

hibernate-commons-annotations-5.1.2.Final.jar

Description:

Common reflection code used in support of annotation processing

License:

GNU Library General Public License v2.1 or later: http://www.opensource.org/licenses/LGPL-2.1
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/hibernate/common/hibernate-commons-annotations/5.1.2.Final/hibernate-commons-annotations-5.1.2.Final.jar
MD5: 2a2490b3eb8e7585a6a899d27d7ed43f
SHA1: e59ffdbc6ad09eeb33507b39ffcf287679a498c8
SHA256:1c7ce712b2679fea0a5441eb02a04144297125b768944819be0765befb996275
Referenced In Project/Scope: TheseFoolishThings :: Examples :: DCI :: Persistence JPA:compile
hibernate-commons-annotations-5.1.2.Final.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@2.7.18

Identifiers

hibernate-core-5.6.15.Final.jar

Description:

Hibernate's core ORM functionality

License:

GNU Library General Public License v2.1 or later: https://www.opensource.org/licenses/LGPL-2.1
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/hibernate/hibernate-core/5.6.15.Final/hibernate-core-5.6.15.Final.jar
MD5: 0bc0673435fbabce62a7a0d5fe967fd8
SHA1: ab14b7cef1fdff654ca81923048a6034d6c7cfa7
SHA256:9b5a7e1faf094d98c9e33b6a27c4cae42e52f65b139091c08b9a0b4a9858b207
Referenced In Project/Scope: TheseFoolishThings :: Examples :: DCI :: Persistence JPA:compile
hibernate-core-5.6.15.Final.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@2.7.18

Identifiers

istack-commons-runtime-3.0.12.jar

Description:

istack common utility code

License:

http://www.eclipse.org/org/documents/edl-v10.php
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/com/sun/istack/istack-commons-runtime/3.0.12/istack-commons-runtime-3.0.12.jar
MD5: 1952bd76321f8580cfaa57e332a68287
SHA1: cbbe1a62b0cc6c85972e99d52aaee350153dc530
SHA256:27d85fc134c9271d5c79d3300fc4669668f017e72409727c428f54f2417f04cd
Referenced In Project/Scope: TheseFoolishThings :: Examples :: DCI :: Persistence JPA:compile
istack-commons-runtime-3.0.12.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@2.7.18

Identifiers

it-tidalwave-role-3.2-ALPHA-24.jar

Description:

        Roles are a powerful way for designing complex behaviours while keeping good practices such as Single Responsibility, Dependency Inversion and
        Interface Segregation.
    

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/it/tidalwave/thesefoolishthings/it-tidalwave-role/3.2-ALPHA-24/it-tidalwave-role-3.2-ALPHA-24.jar
MD5: 03c70042a28ce3c67af0117708e78a8d
SHA1: cb965781b67b40d6c7f3e09bbe5a59ef934bb0fc
SHA256:0ff4eb4ccb233cbfb65c89ce121e3fc2b6d907d4d1d494133e0dd49b8fe45551
Referenced In Project/Scope: TheseFoolishThings :: Examples :: DCI :: Persistence JPA:compile
it-tidalwave-role-3.2-ALPHA-24.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/it.tidalwave.thesefoolishthings/it-tidalwave-thesefoolishthings-examples-dci-persistence-jpa@3.2-ALPHA-24

Identifiers

it-tidalwave-role-spring-3.2-ALPHA-24.jar

Description:

        Specific Spring support for DCI roles.
    

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/it/tidalwave/thesefoolishthings/it-tidalwave-role-spring/3.2-ALPHA-24/it-tidalwave-role-spring-3.2-ALPHA-24.jar
MD5: 2f14e90a953ccc7bbaeb3e8961e7a693
SHA1: 7bd5a5916099ac476a3d7eeb4955d59eb2151144
SHA256:070b8113493b8970adbd2253168c82e8312e7ed59a767bf516766f455b958882
Referenced In Project/Scope: TheseFoolishThings :: Examples :: DCI :: Persistence JPA:compile
it-tidalwave-role-spring-3.2-ALPHA-24.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/it.tidalwave.thesefoolishthings/it-tidalwave-thesefoolishthings-examples-dci-persistence-jpa@3.2-ALPHA-24

Identifiers

it-tidalwave-thesefoolishthings-examples-data-3.2-ALPHA-24.jar

Description:

        This module provides sample data structures used by other examples.
    

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/it/tidalwave/thesefoolishthings/it-tidalwave-thesefoolishthings-examples-data/3.2-ALPHA-24/it-tidalwave-thesefoolishthings-examples-data-3.2-ALPHA-24.jar
MD5: 1c4973eca764969f9940e274bb085d0e
SHA1: a942c61b6beb3e2d082a02f6871c4d4833effc51
SHA256:37d19c36166c1c64419556969929effdb00bf28f05943b9064eff51360195513
Referenced In Project/Scope: TheseFoolishThings :: Examples :: DCI :: Persistence JPA:compile
it-tidalwave-thesefoolishthings-examples-data-3.2-ALPHA-24.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/it.tidalwave.thesefoolishthings/it-tidalwave-thesefoolishthings-examples-dci-persistence-jpa@3.2-ALPHA-24

Identifiers

it-tidalwave-util-3.2-ALPHA-24.jar

Description:

        A collection of common utilities.
    

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/it/tidalwave/thesefoolishthings/it-tidalwave-util/3.2-ALPHA-24/it-tidalwave-util-3.2-ALPHA-24.jar
MD5: 1bd6e1d7d3b38390d73e52d60125ad65
SHA1: 77df5aa3f7b6a1647c7ac73b70dfd1ea047afc8e
SHA256:1cd466c22b0df169f21e90380f111449507fddef314d9fb829b7ed4068b6d34b
Referenced In Project/Scope: TheseFoolishThings :: Examples :: DCI :: Persistence JPA:compile
it-tidalwave-util-3.2-ALPHA-24.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/it.tidalwave.thesefoolishthings/it-tidalwave-thesefoolishthings-examples-dci-persistence-jpa@3.2-ALPHA-24

Identifiers

it-tidalwave-util-test-3.2-ALPHA-24.jar

Description:

        Miscellaneous utilities for testing.
    

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/it/tidalwave/thesefoolishthings/it-tidalwave-util-test/3.2-ALPHA-24/it-tidalwave-util-test-3.2-ALPHA-24.jar
MD5: 7e3905d448c300bf5794e833c3454e03
SHA1: e52747b2c214e8c2b5d298a0cfd6e5fce9f70f44
SHA256:d7ead438b21335f9d3f34e856c3ad7255607c253ee926f1af892940205dc9276
Referenced In Project/Scope: TheseFoolishThings :: Examples :: DCI :: Persistence JPA:compile
it-tidalwave-util-test-3.2-ALPHA-24.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/it.tidalwave.thesefoolishthings/it-tidalwave-thesefoolishthings-examples-dci-persistence-jpa@3.2-ALPHA-24

Identifiers

jakarta.activation-1.2.2.jar

Description:

Jakarta Activation

License:

http://www.eclipse.org/org/documents/edl-v10.php
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/com/sun/activation/jakarta.activation/1.2.2/jakarta.activation-1.2.2.jar
MD5: 0b8bee3bf29b9a015f8b992035581a7c
SHA1: 74548703f9851017ce2f556066659438019e7eb5
SHA256:02156773e4ae9d048d14a56ad35d644bee9f1052a791d072df3ded3c656e6e1a
Referenced In Project/Scope: TheseFoolishThings :: Examples :: DCI :: Persistence JPA:runtime
jakarta.activation-1.2.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@2.7.18

Identifiers

jakarta.annotation-api-1.3.5.jar

Description:

Jakarta Annotations API

License:

EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/jakarta/annotation/jakarta.annotation-api/1.3.5/jakarta.annotation-api-1.3.5.jar
MD5: 8b165cf58df5f8c2a222f637c0a07c97
SHA1: 59eb84ee0d616332ff44aba065f3888cf002cd2d
SHA256:85fb03fc054cdf4efca8efd9b6712bbb418e1ab98241c4539c8585bbc23e1b8a
Referenced In Project/Scope: TheseFoolishThings :: Examples :: DCI :: Persistence JPA:compile
jakarta.annotation-api-1.3.5.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter@2.7.18

Identifiers

jakarta.persistence-api-2.2.3.jar

Description:

Jakarta Persistence 2.2 API jar

License:

Eclipse Public License v. 2.0: http://www.eclipse.org/legal/epl-2.0
Eclipse Distribution License v. 1.0: http://www.eclipse.org/org/documents/edl-v10.php
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/jakarta/persistence/jakarta.persistence-api/2.2.3/jakarta.persistence-api-2.2.3.jar
MD5: e0a655f398f8e68e0afebb0f71fba4e5
SHA1: 8f6ea5daedc614f07a3654a455660145286f024e
SHA256:0c2d73ab36ad24eeed6e0bea928e9d0ef771de8df689e23b7754d366dda27c53
Referenced In Project/Scope: TheseFoolishThings :: Examples :: DCI :: Persistence JPA:compile
jakarta.persistence-api-2.2.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@2.7.18

Identifiers

jakarta.transaction-api-1.3.3.jar

Description:

Jakarta Transactions

License:

EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/jakarta/transaction/jakarta.transaction-api/1.3.3/jakarta.transaction-api-1.3.3.jar
MD5: cc45726045cc9a0728f803f9db4c90c4
SHA1: c4179d48720a1e87202115fbed6089bdc4195405
SHA256:0b02a194dd04ee2e192dc9da9579e10955dd6e8ac707adfc91d92f119b0e67ab
Referenced In Project/Scope: TheseFoolishThings :: Examples :: DCI :: Persistence JPA:compile
jakarta.transaction-api-1.3.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@2.7.18

Identifiers

jakarta.xml.bind-api-2.3.3.jar

Description:

Jakarta XML Binding API 2.3 Design Specification

License:

http://www.eclipse.org/org/documents/edl-v10.php
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/jakarta/xml/bind/jakarta.xml.bind-api/2.3.3/jakarta.xml.bind-api-2.3.3.jar
MD5: 61286918ca0192e9f87d1358aef718dd
SHA1: 48e3b9cfc10752fba3521d6511f4165bea951801
SHA256:c04539f472e9a6dd0c7685ea82d677282269ab8e7baca2e14500e381e0c6cec5
Referenced In Project/Scope: TheseFoolishThings :: Examples :: DCI :: Persistence JPA:compile
jakarta.xml.bind-api-2.3.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@2.7.18

Identifiers

jandex-2.4.2.Final.jar

Description:

Parent POM for JBoss projects. Provides default project build configuration.

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/jboss/jandex/2.4.2.Final/jandex-2.4.2.Final.jar
MD5: 489f7a97d2ed7ae34ea56d01b3566d57
SHA1: 1e1c385990b258ff1a24c801e84aebbacf70eb39
SHA256:3f2ce55c7d71e744581488dc5105806aa8084c08e6e916a019bab8f8698994f0
Referenced In Project/Scope: TheseFoolishThings :: Examples :: DCI :: Persistence JPA:compile
jandex-2.4.2.Final.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@2.7.18

Identifiers

java-diff-utils-4.15.jar

Description:

The DiffUtils library for computing diffs, applying patches, generationg side-by-side view in Java.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/io/github/java-diff-utils/java-diff-utils/4.15/java-diff-utils-4.15.jar
MD5: 7307001832630cebc9ea88620d4af2d8
SHA1: a8b782ac93bf6c714526ac880adef7c52a87dad7
SHA256:964c69e3a23a892db2778ae6806aa1d42f81230032bd8e4982dc8620582ee6b7
Referenced In Project/Scope: TheseFoolishThings :: Examples :: DCI :: Persistence JPA:compile
java-diff-utils-4.15.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/it.tidalwave.thesefoolishthings/it-tidalwave-util-test@3.2-ALPHA-24

Identifiers

javax.annotation-api-1.3.2.jar

Description:

Common Annotations for the JavaTM Platform API

License:

CDDL + GPLv2 with classpath exception: https://github.com/javaee/javax.annotation/blob/master/LICENSE
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/javax/annotation/javax.annotation-api/1.3.2/javax.annotation-api-1.3.2.jar
MD5: 2ab1973eefffaa2aeec47d50b9e40b9d
SHA1: 934c04d3cfef185a8008e7bf34331b79730a9d43
SHA256:e04ba5195bcd555dc95650f7cc614d151e4bcd52d29a10b8aa2197f3ab89ab9b
Referenced In Project/Scope: TheseFoolishThings :: Examples :: DCI :: Persistence JPA:compile
javax.annotation-api-1.3.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/it.tidalwave.thesefoolishthings/it-tidalwave-thesefoolishthings-examples-dci-persistence-jpa@3.2-ALPHA-24

Identifiers

javax.inject-1.jar

Description:

The javax.inject API

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/javax/inject/javax.inject/1/javax.inject-1.jar
MD5: 289075e48b909e9e74e6c915b3631d2e
SHA1: 6975da39a7040257bd51d21a231b76c915872d38
SHA256:91c77044a50c481636c32d916fd89c9118a72195390452c81065080f957de7ff
Referenced In Project/Scope: TheseFoolishThings :: Examples :: DCI :: Persistence JPA:compile
javax.inject-1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/it.tidalwave.thesefoolishthings/it-tidalwave-thesefoolishthings-examples-dci-persistence-jpa@3.2-ALPHA-24

Identifiers

jaxb-runtime-2.3.9.jar

Description:

JAXB (JSR 222) Reference Implementation

License:

http://www.eclipse.org/org/documents/edl-v10.php
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/glassfish/jaxb/jaxb-runtime/2.3.9/jaxb-runtime-2.3.9.jar
MD5: 9383286160dde0e1a0fec25aee8a44ef
SHA1: 9d42b4f19df7e20b625b2044a7de81d95f6dff29
SHA256:ba88e5bde7c0d878c3e1f2ec2fcabaf51d201eaf93b3bb9cfecfc1f11b2304d4
Referenced In Project/Scope: TheseFoolishThings :: Examples :: DCI :: Persistence JPA:compile
jaxb-runtime-2.3.9.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@2.7.18

Identifiers

jboss-logging-3.4.3.Final.jar

Description:

The JBoss Logging Framework

License:

Apache License, version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/jboss/logging/jboss-logging/3.4.3.Final/jboss-logging-3.4.3.Final.jar
MD5: b298d4b79e591843c1eb1458ea79f070
SHA1: c4bd7e12a745c0e7f6cf98c45cdcdf482fd827ea
SHA256:0b324cca4d550060e51e70cc0045a6cce62f264278ec1f5082aafeb670fcac49
Referenced In Project/Scope: TheseFoolishThings :: Examples :: DCI :: Persistence JPA:compile
jboss-logging-3.4.3.Final.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@2.7.18

Identifiers

jcl-over-slf4j-2.0.16.jar

Description:

JCL 1.2 implemented over SLF4J

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/slf4j/jcl-over-slf4j/2.0.16/jcl-over-slf4j-2.0.16.jar
MD5: c077b88c43f9d63f64f9880fdb457efb
SHA1: 9d08badad22f1ac07deac9188ade596472a2bfd9
SHA256:5744d62c5af556e839ab922c9fa3f737f0a5971e478ba68b2eb5256b2842ec78
Referenced In Project/Scope: TheseFoolishThings :: Examples :: DCI :: Persistence JPA:compile
jcl-over-slf4j-2.0.16.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/it.tidalwave.thesefoolishthings/it-tidalwave-thesefoolishthings-examples-dci-persistence-jpa@3.2-ALPHA-24

Identifiers

jsr305-3.0.2.jar

Description:

JSR305 Annotations for Findbugs

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar
MD5: dd83accb899363c32b07d7a1b2e4ce40
SHA1: 25ea2e8b0c338a877313bd4672d3fe056ea78f0d
SHA256:766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7
Referenced In Project/Scope: TheseFoolishThings :: Examples :: DCI :: Persistence JPA:compile
jsr305-3.0.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs-annotations@3.1.9

Identifiers

jul-to-slf4j-2.0.16.jar

Description:

JUL to SLF4J bridge

License:

http://www.opensource.org/licenses/mit-license.php
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/slf4j/jul-to-slf4j/2.0.16/jul-to-slf4j-2.0.16.jar
MD5: 410ad2f2230e0150216d86e12a4af995
SHA1: 6d57da3e961daac65bcca0dd3def6cd11e48a24a
SHA256:0f2ec396ea29c9a440890d1f09fdb82fdd574b47b298435764235451c193861d
Referenced In Project/Scope: TheseFoolishThings :: Examples :: DCI :: Persistence JPA:compile
jul-to-slf4j-2.0.16.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter@2.7.18

Identifiers

log4j-api-2.17.2.jar

Description:

The Apache Log4j API

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/apache/logging/log4j/log4j-api/2.17.2/log4j-api-2.17.2.jar
MD5: 0c39d90e7819c92c111e447bdf786a90
SHA1: f42d6afa111b4dec5d2aea0fe2197240749a4ea6
SHA256:09351b5a03828f369cdcff76f4ed39e6a6fc20f24f046935d0b28ef5152f8ce4
Referenced In Project/Scope: TheseFoolishThings :: Examples :: DCI :: Persistence JPA:compile
log4j-api-2.17.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter@2.7.18

Identifiers

log4j-to-slf4j-2.17.2.jar

Description:

The Apache Log4j binding between Log4j 2 API and SLF4J.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/apache/logging/log4j/log4j-to-slf4j/2.17.2/log4j-to-slf4j-2.17.2.jar
MD5: 14b27a4266c6d71c949cb4591ee463cc
SHA1: 17dd0fae2747d9a28c67bc9534108823d2376b46
SHA256:9bcfa5273527b950d79739d11e8f8080cfc881908fa2a946b4e891c0293094de
Referenced In Project/Scope: TheseFoolishThings :: Examples :: DCI :: Persistence JPA:compile
log4j-to-slf4j-2.17.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter@2.7.18

Identifiers

logback-core-1.5.12.jar

Description:

logback-core module

License:

http://www.eclipse.org/legal/epl-v10.html, http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/ch/qos/logback/logback-core/1.5.12/logback-core-1.5.12.jar
MD5: e381425e2c7eb1b0b0f3fa93f6c67355
SHA1: 65b1fa25fe8d8e4bdc140e79eb67ac6741f775e2
SHA256:3f35b41621c2cbf72a9d9f3ce2270ba2040e4808bd6befdd720866e926d3e84a
Referenced In Project/Scope: TheseFoolishThings :: Examples :: DCI :: Persistence JPA:runtime
logback-core-1.5.12.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/it.tidalwave.thesefoolishthings/it-tidalwave-thesefoolishthings-examples-dci-persistence-jpa@3.2-ALPHA-24

Identifiers

lombok-1.18.36.jar

Description:

Spice up your java: Automatic Resource Management, automatic generation of getters, setters, equals, hashCode and toString, and more!

License:

The MIT License: https://projectlombok.org/LICENSE
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/projectlombok/lombok/1.18.36/lombok-1.18.36.jar
MD5: 92c08153ae16c161c8cc2cc8185d2724
SHA1: 5a30490a6e14977d97d9c73c924c1f1b5311ea95
SHA256:73b6b05b6a2d365b700bab08d30f94de9d336490bc0acce5b6181fef48cbf18e
Referenced In Project/Scope: TheseFoolishThings :: Examples :: DCI :: Persistence JPA:provided
lombok-1.18.36.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/it.tidalwave.thesefoolishthings/it-tidalwave-thesefoolishthings-examples-dci-persistence-jpa@3.2-ALPHA-24

Identifiers

lombok-1.18.36.jar: mavenEcjBootstrapAgent.jar

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/projectlombok/lombok/1.18.36/lombok-1.18.36.jar/lombok/launch/mavenEcjBootstrapAgent.jar
MD5: 27467519bf9615b24cad3b003c4353a9
SHA1: 37d92e0a726a67883ab94bee27c6f292e6318dcd
SHA256:9566d0706d6245cac3cdd9db6d1d81551aa3e727febcf64452c6db9701c40037
Referenced In Project/Scope: TheseFoolishThings :: Examples :: DCI :: Persistence JPA:provided

Identifiers

  • None

slf4j-api-2.0.16.jar

Description:

The slf4j API

License:

http://www.opensource.org/licenses/mit-license.php
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/slf4j/slf4j-api/2.0.16/slf4j-api-2.0.16.jar
MD5: c8de8f5d740584cb24b5652cfba8b3c4
SHA1: 0172931663a09a1fa515567af5fbef00897d3c04
SHA256:a12578dde1ba00bd9b816d388a0b879928d00bab3c83c240f7013bf4196c579a
Referenced In Project/Scope: TheseFoolishThings :: Examples :: DCI :: Persistence JPA:compile
slf4j-api-2.0.16.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/it.tidalwave.thesefoolishthings/it-tidalwave-thesefoolishthings-examples-dci-persistence-jpa@3.2-ALPHA-24

Identifiers

snakeyaml-1.30.jar

Description:

YAML 1.1 parser and emitter for Java

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar
MD5: ba063b8ef3a8bfd591a1b56451166b14
SHA1: 8fde7fe2586328ac3c68db92045e1c8759125000
SHA256:f43a4e40a946b8cdfd0321bc1c9a839bc3f119c57e4ca84fb87c367f51c8b2b3
Referenced In Project/Scope: TheseFoolishThings :: Examples :: DCI :: Persistence JPA:compile
snakeyaml-1.30.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter@2.7.18

Identifiers

CVE-2022-1471  

SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization. We recommend upgrading to version 2.0 and beyond.
CWE-502 Deserialization of Untrusted Data, CWE-20 Improper Input Validation

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions:

CVE-2022-25857  

The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.
CWE-776 Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions:

CVE-2022-38749  

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.
CWE-787 Out-of-bounds Write, CWE-121 Stack-based Buffer Overflow

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions:

CVE-2022-38751  

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.
CWE-787 Out-of-bounds Write, CWE-121 Stack-based Buffer Overflow

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions:

CVE-2022-38752  

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.
CWE-787 Out-of-bounds Write, CWE-121 Stack-based Buffer Overflow

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions:

CVE-2022-41854  

Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.
CWE-787 Out-of-bounds Write, CWE-121 Stack-based Buffer Overflow

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions:

CVE-2022-38750  

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.
CWE-787 Out-of-bounds Write, CWE-121 Stack-based Buffer Overflow

CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A

References:

Vulnerable Software & Versions:

spotbugs-annotations-3.1.9.jar

Description:

Annotations the SpotBugs tool supports

License:

GNU LESSER GENERAL PUBLIC LICENSE, Version 2.1: https://www.gnu.org/licenses/old-licenses/lgpl-2.1.en.html
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/com/github/spotbugs/spotbugs-annotations/3.1.9/spotbugs-annotations-3.1.9.jar
MD5: 56a1a81d69b6a111161bbce0e6dea26a
SHA1: 2ef5127efcc1a899aab8c66d449a631c9a99c469
SHA256:68c7c46b4299e94837e236ae742f399901a950fe910fe3ca710026753b5dd2e1
Referenced In Project/Scope: TheseFoolishThings :: Examples :: DCI :: Persistence JPA:compile
spotbugs-annotations-3.1.9.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/it.tidalwave.thesefoolishthings/it-tidalwave-thesefoolishthings-examples-dci-persistence-jpa@3.2-ALPHA-24

Identifiers

spring-boot-2.7.18.jar

Description:

Spring Boot

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/springframework/boot/spring-boot/2.7.18/spring-boot-2.7.18.jar
MD5: 0941c83c25204150f8bd73ae66c63fd1
SHA1: f6dbdd8da7c2bded63dff9b1f48d01a4923f20a0
SHA256:530f4e0fdfeb3a0e2b3a369d15cdea38fbdc1696f8b030c35a6ad65c27524950
Referenced In Project/Scope: TheseFoolishThings :: Examples :: DCI :: Persistence JPA:compile
spring-boot-2.7.18.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter@2.7.18

Identifiers

spring-core-5.3.31.jar

Description:

Spring Core

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/springframework/spring-core/5.3.31/spring-core-5.3.31.jar
MD5: a9ef5a29eaa89fe909a0c4ed870d90a1
SHA1: 368e76f732a3c331b970f69cafec1525d27b34d3
SHA256:7013ed3da15a8d4be797f5c310f9aa1b196b97f2313bc41e60ef3f5627224fe9
Referenced In Project/Scope: TheseFoolishThings :: Examples :: DCI :: Persistence JPA:compile
spring-core-5.3.31.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter@2.7.18

Identifiers

CVE-2024-38820  

The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected.
NVD-CWE-noinfo, CWE-178 Improper Handling of Case Sensitivity

CVSSv3:
  • Base Score: MEDIUM (5.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

spring-data-commons-2.7.18.jar

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/springframework/data/spring-data-commons/2.7.18/spring-data-commons-2.7.18.jar
MD5: 92abbc5fc0193ed932a1ab973a249c8a
SHA1: e7cc3f9746e9439f3e33355b4d4ef262e5b136d1
SHA256:896e203a870b77a5a58f6c642fb9ba1cac858e013637ce3f9bffa9420e1f7f56
Referenced In Project/Scope: TheseFoolishThings :: Examples :: DCI :: Persistence JPA:compile
spring-data-commons-2.7.18.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@2.7.18

Identifiers

spring-data-jpa-2.7.18.jar

Description:

Spring Data module for JPA repositories.

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/springframework/data/spring-data-jpa/2.7.18/spring-data-jpa-2.7.18.jar
MD5: 60c555a859deadcc9383f2af49f9e289
SHA1: ad78adb26ea2e4f11589aa73c7b3eb473a16078c
SHA256:a16bbbf5721d9c35cbb21ef3f079ae2c28fd9cb8d9d6451cacc0fa917e44620d
Referenced In Project/Scope: TheseFoolishThings :: Examples :: DCI :: Persistence JPA:compile
spring-data-jpa-2.7.18.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@2.7.18

Identifiers

spring-expression-5.3.31.jar

Description:

Spring Expression Language (SpEL)

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/springframework/spring-expression/5.3.31/spring-expression-5.3.31.jar
MD5: 9e309bb1a738acbd0ac9c9fc58931fd3
SHA1: 55637af1b186d1008890980c2876c5fc83599756
SHA256:e027f122b8a4e3030339068220bed02d1c9d397eb5897f1e33ba2f63b22591ac
Referenced In Project/Scope: TheseFoolishThings :: Examples :: DCI :: Persistence JPA:compile
spring-expression-5.3.31.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/it.tidalwave.thesefoolishthings/it-tidalwave-role-spring@3.2-ALPHA-24

Identifiers

CVE-2024-38808 (OSSINDEX)  

In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language (SpEL) expression that may cause a denial of service (DoS) condition.

Specifically, an application is vulnerable when the following is true:

  *  The application evaluates user-supplied SpEL expressions.

Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2024-38808 for details
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv2:
  • Base Score: MEDIUM (5.300000190734863)
  • Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.springframework:spring-expression:5.3.31:*:*:*:*:*:*:*

CVE-2024-38820  

The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected.
NVD-CWE-noinfo, CWE-178 Improper Handling of Case Sensitivity

CVSSv3:
  • Base Score: MEDIUM (5.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

txw2-2.3.9.jar

Description:

        TXW is a library that allows you to write XML documents.
    

File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/glassfish/jaxb/txw2/2.3.9/txw2-2.3.9.jar
MD5: 5db04c7917b3c0a07862a7e63bfc1581
SHA1: 13a78453a89bf7d268382a520cba4d5435c5adfc
SHA256:973018b87af911ecf6e6d861dd0d6a477e4d8ae6a883ec5d073d3df1330b87f0
Referenced In Project/Scope: TheseFoolishThings :: Examples :: DCI :: Persistence JPA:compile
txw2-2.3.9.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@2.7.18

Identifiers



This report contains data retrieved from the National Vulnerability Database.
This report may contain data retrieved from the CISA Known Exploited Vulnerability Catalog.
This report may contain data retrieved from the Github Advisory Database (via NPM Audit API).
This report may contain data retrieved from RetireJS.
This report may contain data retrieved from the Sonatype OSS Index.