Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies;
false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and
the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties,
implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided
is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever
arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
Scan Information (
show all ):
dependency-check version : 3.2.1Report Generated On : May 19, 2019 at 23:31:31 -03:00Dependencies Scanned : 25 (21 unique)Vulnerable Dependencies : 2 Vulnerabilities Found : 12Vulnerabilities Suppressed : 0... NVD CVE 2002 : 16/05/2019 06:15:31NVD CVE 2003 : 18/05/2019 05:45:36NVD CVE 2004 : 16/05/2019 06:15:31NVD CVE 2005 : 18/05/2019 05:45:36NVD CVE 2006 : 18/05/2019 05:45:36NVD CVE 2007 : 18/05/2019 05:45:36NVD CVE 2008 : 18/05/2019 05:45:36NVD CVE 2009 : 18/05/2019 05:15:39NVD CVE 2010 : 18/05/2019 05:15:39NVD CVE 2011 : 17/05/2019 05:45:49NVD CVE 2012 : 17/05/2019 05:15:37NVD CVE 2013 : 17/05/2019 05:15:37NVD CVE 2014 : 18/05/2019 05:15:40NVD CVE 2015 : 18/05/2019 05:15:40NVD CVE 2016 : 18/05/2019 05:15:40NVD CVE 2017 : 18/05/2019 04:45:35NVD CVE 2018 : 18/05/2019 04:45:36NVD CVE 2019 : 18/05/2019 04:15:29NVD CVE Checked : 19/05/2019 21:43:37NVD CVE Modified : 19/05/2019 21:15:29VersionCheckOn : 1558313017458Display:
Showing Vulnerable Dependencies (click to show all) Dependencies Description:
The slf4j API File Path: /home/paulo/.m2/repository/org/slf4j/slf4j-api/1.7.25/slf4j-api-1.7.25.jarMD5: caafe376afb7086dcbee79f780394ca3SHA1: da76ca59f6a57ee3102f8f9bd9cee742973efa8aReferenced In Project/Scope: marxls:compile
Evidence Type Source Name Value Confidence Vendor pom parent-artifactid slf4j-parent Low Vendor pom artifactid slf4j-api Low Vendor pom groupid org.slf4j Highest Vendor pom name SLF4J API Module High Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor pom description The slf4j API Medium Vendor pom url http://www.slf4j.org Highest Vendor Manifest bundle-symbolicname slf4j.api Medium Vendor pom groupid slf4j Highest Vendor manifest Bundle-Description The slf4j API Medium Vendor file name slf4j-api High Vendor pom parent-groupid org.slf4j Medium Product pom artifactid slf4j-api Highest Product pom name SLF4J API Module High Product pom parent-groupid org.slf4j Low Product Manifest Implementation-Title slf4j-api High Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product pom description The slf4j API Medium Product pom parent-artifactid slf4j-parent Medium Product Manifest bundle-symbolicname slf4j.api Medium Product pom url http://www.slf4j.org Medium Product Manifest Bundle-Name slf4j-api Medium Product manifest Bundle-Description The slf4j API Medium Product file name slf4j-api High Product pom groupid slf4j Low Version Manifest Implementation-Version 1.7.25 High Version pom version 1.7.25 Highest Version file version 1.7.25 Highest
maven: org.slf4j:slf4j-api:1.7.25 Confidence :Highest Description:
Spice up your java: Automatic Resource Management, automatic generation of getters, setters, equals, hashCode and toString, and more! License:
The MIT License: https://projectlombok.org/LICENSE File Path: /home/paulo/.m2/repository/org/projectlombok/lombok/1.18.0/lombok-1.18.0.jar
MD5: b9e6229086cbbb6ac6fc6ecbc62a6ef4
SHA1: c4647d46f0742746ac07ce4abeeee9b2fb18d147
Referenced In Project/Scope: marxls:provided
Evidence Type Source Name Value Confidence Vendor pom groupid org.projectlombok Highest Vendor file name lombok High Vendor pom groupid projectlombok Highest Vendor pom description Spice up your java: Automatic Resource Management, automatic generation of getters, setters, equals, hashCode and toString, and more! Low Vendor pom artifactid lombok Low Vendor pom url https://projectlombok.org Highest Vendor pom name Project Lombok High Product file name lombok High Product pom description Spice up your java: Automatic Resource Management, automatic generation of getters, setters, equals, hashCode and toString, and more! Low Product pom url https://projectlombok.org Medium Product pom artifactid lombok Highest Product pom groupid projectlombok Low Product pom name Project Lombok High Version file version 1.18.0 Highest Version pom version 1.18.0 Highest
maven: org.projectlombok:lombok:1.18.0 Confidence :Highest Description:
The Apache Commons Codec package contains simple encoder and decoders for
various formats such as Base64 and Hexadecimal. In addition to these
widely used encoders and decoders, the codec package also maintains a
collection of phonetic encoding utilities.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/paulo/.m2/repository/commons-codec/commons-codec/1.10/commons-codec-1.10.jar
MD5: 353cf6a2bdba09595ccfa073b78c7fcb
SHA1: 4b95f4897fa13f2cd904aee711aeafc0c5295cd8
Referenced In Project/Scope: marxls:compile
Evidence Type Source Name Value Confidence Vendor pom description The Apache Commons Codec package contains simple encoder and decoders for various formats such as Base64 and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities. Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom url http://commons.apache.org/proper/commons-codec/ Highest Vendor file name commons-codec High Vendor pom parent-artifactid commons-parent Low Vendor Manifest bundle-symbolicname org.apache.commons.codec Medium Vendor Manifest bundle-docurl http://commons.apache.org/proper/commons-codec/ Low Vendor pom name Apache Commons Codec High Vendor pom parent-groupid org.apache.commons Medium Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor pom artifactid commons-codec Low Vendor manifest Bundle-Description The Apache Commons Codec package contains simple encoder and decoders for various formats such as Base64 and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities. Low Vendor Manifest implementation-build trunk@r1637108; 2014-11-06 14:14:12+0000 Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor pom groupid commons-codec Highest Product pom description The Apache Commons Codec package contains simple encoder and decoders for various formats such as Base64 and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities. Low Product pom url http://commons.apache.org/proper/commons-codec/ Medium Product pom parent-groupid org.apache.commons Low Product pom parent-artifactid commons-parent Medium Product file name commons-codec High Product Manifest bundle-symbolicname org.apache.commons.codec Medium Product Manifest bundle-docurl http://commons.apache.org/proper/commons-codec/ Low Product pom name Apache Commons Codec High Product Manifest Bundle-Name Apache Commons Codec Medium Product Manifest Implementation-Title Apache Commons Codec High Product manifest Bundle-Description The Apache Commons Codec package contains simple encoder and decoders for various formats such as Base64 and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities. Low Product Manifest implementation-build trunk@r1637108; 2014-11-06 14:14:12+0000 Low Product pom artifactid commons-codec Highest Product Manifest specification-title Apache Commons Codec Medium Product pom groupid commons-codec Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Version Manifest Implementation-Version 1.10 High Version file version 1.10 Highest Version pom version 1.10 Highest
maven: commons-codec:commons-codec:1.10 Confidence :Highest Description:
The Apache Commons Collections package contains types that extend and augment the Java Collections Framework. License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/paulo/.m2/repository/org/apache/commons/commons-collections4/4.1/commons-collections4-4.1.jar
MD5: 45af6a8e5b51d5945de6c7411e290bd1
SHA1: a4cf4688fe1c7e3a63aa636cc96d013af537768e
Referenced In Project/Scope: marxls:compile
Evidence Type Source Name Value Confidence Vendor pom groupid org.apache.commons Highest Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest bundle-symbolicname org.apache.commons.collections4 Medium Vendor pom url http://commons.apache.org/proper/commons-collections/ Highest Vendor pom groupid apache.commons Highest Vendor file name commons-collections4 High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom parent-artifactid commons-parent Low Vendor manifest Bundle-Description The Apache Commons Collections package contains types that extend and augment the Java Collections Framework. Low Vendor Manifest implementation-build tags/COLLECTIONS_4_1_RC2@r1716550; 2015-11-25 22:53:13+0100 Low Vendor Manifest bundle-docurl http://commons.apache.org/proper/commons-collections/ Low Vendor pom parent-groupid org.apache.commons Medium Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor pom name Apache Commons Collections High Vendor pom artifactid commons-collections4 Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor pom description The Apache Commons Collections package contains types that extend and augment the Java Collections Framework. Low Product Manifest Bundle-Name Apache Commons Collections Medium Product Manifest bundle-symbolicname org.apache.commons.collections4 Medium Product pom parent-groupid org.apache.commons Low Product file name commons-collections4 High Product pom parent-artifactid commons-parent Medium Product pom url http://commons.apache.org/proper/commons-collections/ Medium Product pom groupid apache.commons Low Product manifest Bundle-Description The Apache Commons Collections package contains types that extend and augment the Java Collections Framework. Low Product Manifest implementation-build tags/COLLECTIONS_4_1_RC2@r1716550; 2015-11-25 22:53:13+0100 Low Product Manifest bundle-docurl http://commons.apache.org/proper/commons-collections/ Low Product pom name Apache Commons Collections High Product Manifest specification-title Apache Commons Collections Medium Product Manifest Implementation-Title Apache Commons Collections High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product pom description The Apache Commons Collections package contains types that extend and augment the Java Collections Framework. Low Product pom artifactid commons-collections4 Highest Version pom version 4.1 Highest Version Manifest Implementation-Version 4.1 High Version file version 4.1 Highest
maven: org.apache.commons:commons-collections4:4.1 Confidence :Highestcpe: cpe:/a:apache:commons_collections:4.1 Confidence :Low suppress Description:
Apache POI - Java API To Access Microsoft Format Files License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/paulo/.m2/repository/org/apache/poi/poi/3.17/poi-3.17.jar
MD5: 243bc3d431e4fadb79738719504c64f7
SHA1: 0ae92292a2043888b40d418da97dc0b669fde326
Referenced In Project/Scope: marxls:compile
Evidence Type Source Name Value Confidence Vendor pom organization url http://www.apache.org/ Medium Vendor Manifest Implementation-Vendor-Id org.apache.poi Medium Vendor pom artifactid poi Low Vendor pom name Apache POI High Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom groupid org.apache.poi Highest Vendor pom description Apache POI - Java API To Access Microsoft Format Files Medium Vendor file name poi High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom url http://poi.apache.org/ Highest Vendor pom groupid apache.poi Highest Vendor pom organization name Apache Software Foundation High Product pom artifactid poi Highest Product pom organization name Apache Software Foundation Low Product pom groupid apache.poi Low Product pom name Apache POI High Product pom url http://poi.apache.org/ Medium Product pom description Apache POI - Java API To Access Microsoft Format Files Medium Product file name poi High Product pom organization url http://www.apache.org/ Low Product Manifest Implementation-Title Apache POI High Product Manifest specification-title Apache POI Medium Version pom version 3.17 Highest Version Manifest Implementation-Version 3.17 High Version file version 3.17 Highest
Related Dependencies poi-ooxml-schemas-3.17.jarFile Path: /home/paulo/.m2/repository/org/apache/poi/poi-ooxml-schemas/3.17/poi-ooxml-schemas-3.17.jar MD5: dadbc17356f315e5a753d4641db26ba9 SHA1: 890114bfa82f5b6380ea0e9b0bf49b0af797b414 poi-ooxml-3.17.jarFile Path: /home/paulo/.m2/repository/org/apache/poi/poi-ooxml/3.17/poi-ooxml-3.17.jar MD5: 16d7c8ccfc6ddefd890194f46ba4c66b SHA1: 07d8c44407178b73246462842bf1e206e99c8e0a cpe: cpe:/a:apache:poi:3.17 Confidence :Low suppress maven: org.apache.poi:poi:3.17 Confidence :Highest Description:
Implementation of various mathematical curves that define themselves over a set of control points. The API is written in Java. The curves supported are: Bezier, B-Spline, Cardinal Spline, Catmull-Rom Spline, Lagrange, Natural Cubic Spline, and NURBS. License:
BSD License: http://opensource.org/licenses/BSD-3-Clause File Path: /home/paulo/.m2/repository/com/github/virtuald/curvesapi/1.04/curvesapi-1.04.jar
MD5: 0dcbd9b7e498d1118c920d1d55046743
SHA1: 3386abf821719bc89c7685f9eaafaf4a842f0199
Referenced In Project/Scope: marxls:compile
Evidence Type Source Name Value Confidence Vendor pom url virtuald/curvesapi Highest Vendor jar package name math Low Vendor jar package name graphbuilder Low Vendor pom artifactid curvesapi Low Vendor pom description Implementation of various mathematical curves that define themselves over a set of control points. The API is written in Java. The curves supported are: Bezier, B-Spline, Cardinal Spline, Catmull-Rom Spline, Lagrange, Natural Cubic Spline, and NURBS. Low Vendor pom name curvesapi High Vendor pom groupid com.github.virtuald Highest Vendor file name curvesapi High Vendor pom groupid github.virtuald Highest Product pom url virtuald/curvesapi High Product jar package name math Low Product pom description Implementation of various mathematical curves that define themselves over a set of control points. The API is written in Java. The curves supported are: Bezier, B-Spline, Cardinal Spline, Catmull-Rom Spline, Lagrange, Natural Cubic Spline, and NURBS. Low Product pom artifactid curvesapi Highest Product pom name curvesapi High Product file name curvesapi High Product pom groupid github.virtuald Low Version pom version 1.04 Highest Version file version 1.04 Highest
maven: com.github.virtuald:curvesapi:1.04 Confidence :Highest Description:
JSR305 Annotations for Findbugs License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/paulo/.m2/repository/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar
MD5: dd83accb899363c32b07d7a1b2e4ce40
SHA1: 25ea2e8b0c338a877313bd4672d3fe056ea78f0d
Referenced In Project/Scope: marxls:compile
Evidence Type Source Name Value Confidence Vendor Manifest bundle-symbolicname org.jsr-305 Medium Vendor pom groupid com.google.code.findbugs Highest Vendor pom groupid google.code.findbugs Highest Vendor file name jsr305 High Vendor manifest Bundle-Description JSR305 Annotations for Findbugs Medium Vendor pom description JSR305 Annotations for Findbugs Medium Vendor pom name FindBugs-jsr305 High Vendor pom artifactid jsr305 Low Vendor pom url http://findbugs.sourceforge.net/ Highest Product pom groupid google.code.findbugs Low Product Manifest bundle-symbolicname org.jsr-305 Medium Product pom url http://findbugs.sourceforge.net/ Medium Product file name jsr305 High Product manifest Bundle-Description JSR305 Annotations for Findbugs Medium Product pom artifactid jsr305 Highest Product pom description JSR305 Annotations for Findbugs Medium Product pom name FindBugs-jsr305 High Product Manifest Bundle-Name FindBugs-jsr305 Medium Version file version 3.0.2 Highest Version pom version 3.0.2 Highest
maven: com.google.code.findbugs:jsr305:3.0.2 Confidence :Highest Description:
Checker Qual is the set of annotations (qualifiers) and supporting classes
used by the Checker Framework to type check Java source code. Please
see artifact:
org.checkerframework:checker
License:
The MIT License: http://opensource.org/licenses/MIT File Path: /home/paulo/.m2/repository/org/checkerframework/checker-qual/2.5.2/checker-qual-2.5.2.jar
MD5: 04acc78b24bbd365423da357da003cf0
SHA1: cea74543d5904a30861a61b4643a5f2bb372efc4
Referenced In Project/Scope: marxls:compile
Evidence Type Source Name Value Confidence Vendor pom url https://checkerframework.org Highest Vendor Manifest implementation-url https://checkerframework.org Low Vendor pom name Checker Qual High Vendor pom artifactid checker-qual Low Vendor pom description Checker Qual is the set of annotations (qualifiers) and supporting classes used by the Checker Framework to type check Java source code. Please see artifact: org.checkerframework:checker Low Vendor file name checker-qual High Vendor pom groupid checkerframework Highest Vendor pom groupid org.checkerframework Highest Product Manifest implementation-url https://checkerframework.org Low Product pom name Checker Qual High Product pom description Checker Qual is the set of annotations (qualifiers) and supporting classes used by the Checker Framework to type check Java source code. Please see artifact: org.checkerframework:checker Low Product pom url https://checkerframework.org Medium Product file name checker-qual High Product pom artifactid checker-qual Highest Product pom groupid checkerframework Low Version pom version 2.5.2 Highest Version file version 2.5.2 Highest Version Manifest Implementation-Version 2.5.2 High
maven: org.checkerframework:checker-qual:2.5.2 Confidence :Highest License:
Apache 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/paulo/.m2/repository/com/google/errorprone/error_prone_annotations/2.1.3/error_prone_annotations-2.1.3.jar
MD5: 97504b36cf871722d81a4b9e114f2a16
SHA1: 39b109f2cd352b2d71b52a3b5a1a9850e1dc304b
Referenced In Project/Scope: marxls:compile
Evidence Type Source Name Value Confidence Vendor pom artifactid error_prone_annotations Low Vendor pom name error-prone annotations High Vendor jar package name google Low Vendor pom parent-artifactid error_prone_parent Low Vendor pom groupid com.google.errorprone Highest Vendor file name error_prone_annotations High Vendor jar package name annotations Low Vendor pom groupid google.errorprone Highest Vendor jar package name errorprone Low Vendor pom parent-groupid com.google.errorprone Medium Product pom parent-groupid com.google.errorprone Low Product pom name error-prone annotations High Product file name error_prone_annotations High Product jar package name annotations Low Product jar package name errorprone Low Product pom groupid google.errorprone Low Product pom artifactid error_prone_annotations Highest Product pom parent-artifactid error_prone_parent Medium Version pom version 2.1.3 Highest Version file version 2.1.3 Highest
maven: com.google.errorprone:error_prone_annotations:2.1.3 Confidence :Highest Description:
A set of annotations that provide additional information to the J2ObjC
translator to modify the result of translation.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/paulo/.m2/repository/com/google/j2objc/j2objc-annotations/1.1/j2objc-annotations-1.1.jar
MD5: 49ae3204bb0bb9b2ac77062641f4a6d7
SHA1: ed28ded51a8b1c6b112568def5f4b455e6809019
Referenced In Project/Scope: marxls:compile
Evidence Type Source Name Value Confidence Vendor pom description A set of annotations that provide additional information to the J2ObjC translator to modify the result of translation. Low Vendor jar package name j2objc Low Vendor file name j2objc-annotations High Vendor jar package name google Low Vendor pom groupid google.j2objc Highest Vendor pom name J2ObjC Annotations High Vendor jar package name annotations Low Vendor pom artifactid j2objc-annotations Low Vendor pom url google/j2objc/ Highest Vendor pom groupid com.google.j2objc Highest Product pom description A set of annotations that provide additional information to the J2ObjC translator to modify the result of translation. Low Product jar package name j2objc Low Product file name j2objc-annotations High Product pom url google/j2objc/ High Product pom artifactid j2objc-annotations Highest Product pom groupid google.j2objc Low Product pom name J2ObjC Annotations High Product jar package name annotations Low Version file version 1.1 Highest Version pom version 1.1 Highest
maven: com.google.j2objc:j2objc-annotations:1.1 Confidence :Highest File Path: /home/paulo/.m2/repository/org/codehaus/mojo/animal-sniffer-annotations/1.14/animal-sniffer-annotations-1.14.jarMD5: 9d42e46845c874f1710a9f6a741f6c14SHA1: 775b7e22fb10026eed3f86e8dc556dfafe35f2d5Referenced In Project/Scope: marxls:compile
Evidence Type Source Name Value Confidence Vendor pom groupid codehaus.mojo Highest Vendor pom groupid org.codehaus.mojo Highest Vendor jar package name animal_sniffer Low Vendor pom parent-groupid org.codehaus.mojo Medium Vendor pom artifactid animal-sniffer-annotations Low Vendor jar package name mojo Low Vendor jar package name codehaus Low Vendor pom parent-artifactid animal-sniffer-parent Low Vendor file name animal-sniffer-annotations High Vendor pom name Animal Sniffer Annotations High Product pom artifactid animal-sniffer-annotations Highest Product jar package name animal_sniffer Low Product jar package name mojo Low Product pom groupid codehaus.mojo Low Product pom parent-groupid org.codehaus.mojo Low Product jar package name ignorejrerequirement Low Product file name animal-sniffer-annotations High Product pom name Animal Sniffer Annotations High Product pom parent-artifactid animal-sniffer-parent Medium Version pom version 1.14 Highest Version file version 1.14 Highest
maven: org.codehaus.mojo:animal-sniffer-annotations:1.14 Confidence :Highest Description:
Guava is a suite of core and expanded libraries that include
utility classes, google's collections, io classes, and much
much more.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/paulo/.m2/repository/com/google/guava/guava/26.0-jre/guava-26.0-jre.jar
MD5: db2d6eae3ec08b0fd752ef0c5672aab7
SHA1: 6a806eff209f36f635f943e16d97491f00f6bfab
Referenced In Project/Scope: marxls:compile
Evidence Type Source Name Value Confidence Vendor pom artifactid guava Low Vendor pom parent-groupid com.google.guava Medium Vendor Manifest bundle-docurl https://github.com/google/guava/ Low Vendor Manifest automatic-module-name com.google.common Medium Vendor file name guava High Vendor pom name Guava: Google Core Libraries for Java High Vendor pom groupid com.google.guava Highest Vendor Manifest bundle-symbolicname com.google.guava Medium Vendor pom description Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more. Low Vendor pom parent-artifactid guava-parent Low Vendor pom groupid google.guava Highest Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor manifest Bundle-Description Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more. Low Product pom artifactid guava Highest Product Manifest Bundle-Name Guava: Google Core Libraries for Java Medium Product pom parent-artifactid guava-parent Medium Product Manifest bundle-docurl https://github.com/google/guava/ Low Product Manifest automatic-module-name com.google.common Medium Product file name guava High Product pom parent-groupid com.google.guava Low Product pom name Guava: Google Core Libraries for Java High Product Manifest bundle-symbolicname com.google.guava Medium Product pom groupid google.guava Low Product pom description Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more. Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product manifest Bundle-Description Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more. Low Version file version 26.0 Highest Version pom version 26.0-jre Highest
cpe: cpe:/a:google:guava:26.0 Confidence :Low suppress maven: com.google.guava:guava:26.0-jre Confidence :Highest Description:
StAX API is the standard java XML processing API defined by JSR-173 License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/paulo/.m2/repository/stax/stax-api/1.0.1/stax-api-1.0.1.jar
MD5: 7d436a53c64490bee564c576babb36b4
SHA1: 49c100caf72d658aca8e58bd74a4ba90fa2b0d70
Referenced In Project/Scope: marxls:compile
Evidence Type Source Name Value Confidence Vendor pom groupid stax Highest Vendor pom name StAX API High Vendor file name stax-api High Vendor Manifest specification-vendor JCP-173 Low Vendor Manifest Implementation-Vendor JCP High Vendor pom url http://stax.codehaus.org/ Highest Vendor pom artifactid stax-api Low Vendor pom description StAX API is the standard java XML processing API defined by JSR-173 Medium Product pom name StAX API High Product file name stax-api High Product pom url http://stax.codehaus.org/ Medium Product pom artifactid stax-api Highest Product Manifest Implementation-Title StAX 1.0 API High Product Manifest specification-title StAX Medium Product pom groupid stax Low Product pom description StAX API is the standard java XML processing API defined by JSR-173 Medium Version pom version 1.0.1 Highest Version file version 1.0.1 Highest Version Manifest Implementation-Version 1.0.1 High
cpe: cpe:/a:st_project:st:1.0.1 Confidence :Low suppress maven: stax:stax-api:1.0.1 Confidence :Highest Published Vulnerabilities CVE-2017-16224 suppress
Severity:Medium
st is a module for serving static files. An attacker is able to craft a request that results in an HTTP 301 (redirect) to an entirely different domain. A request for: http://some.server.com//nodesecurity.org/%2e%2e would result in a 301 to //nodesecurity.org/%2e%2e which most browsers treat as a proper redirect as // is translated into the current schema being used. Mitigating factor: In order for this to work, st must be serving from the root of a server (/) rather than the typical sub directory (/static/) and the redirect URL will end with some form of URL encoded .. ("%2e%2e", "%2e.", ".%2e"). Vulnerable Software & Versions:
Description:
XmlBeans main jar License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/paulo/.m2/repository/org/apache/xmlbeans/xmlbeans/2.6.0/xmlbeans-2.6.0.jar
MD5: 6591c08682d613194dacb01e95c78c2c
SHA1: 29e80d2dd51f9dcdef8f9ffaee0d4dc1c9bbfc87
Referenced In Project/Scope: marxls:compile
Evidence Type Source Name Value Confidence Vendor pom organization url http://xmlbeans.apache.org/ Medium Vendor manifest: org/apache/xmlbeans/ Implementation-Vendor Apache Software Foundation Medium Vendor file name xmlbeans High Vendor pom organization name XmlBeans High Vendor pom groupid apache.xmlbeans Highest Vendor pom description XmlBeans main jar Medium Vendor pom artifactid xmlbeans Low Vendor pom name XmlBeans High Vendor pom groupid org.apache.xmlbeans Highest Vendor pom url http://xmlbeans.apache.org Highest Product file name xmlbeans High Product pom groupid apache.xmlbeans Low Product pom organization name XmlBeans Low Product pom url http://xmlbeans.apache.org Medium Product pom description XmlBeans main jar Medium Product pom name XmlBeans High Product pom artifactid xmlbeans Highest Product manifest: org/apache/xmlbeans/ Implementation-Title org.apache.xmlbeans Medium Product pom organization url http://xmlbeans.apache.org/ Low Version pom version 2.6.0 Highest Version file version 2.6.0 Highest
maven: org.apache.xmlbeans:xmlbeans:2.6.0 Confidence :Highest Description:
Apache Commons Lang, a package of Java utility classes for the
classes that are in java.lang's hierarchy, or are considered to be so
standard as to justify existence in java.lang.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/paulo/.m2/repository/org/apache/commons/commons-lang3/3.7/commons-lang3-3.7.jar
MD5: f1df5623d78c432b7c3d58ff491e1801
SHA1: 557edd918fd41f9260963583ebf5a61a43a6b423
Referenced In Project/Scope: marxls:compile
Evidence Type Source Name Value Confidence Vendor pom url http://commons.apache.org/proper/commons-lang/ Highest Vendor pom groupid org.apache.commons Highest Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom name Apache Commons Lang High Vendor pom groupid apache.commons Highest Vendor Manifest Implementation-Vendor-Id org.apache.commons Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor manifest Bundle-Description Apache Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang. Low Vendor pom description Apache Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang. Low Vendor file name commons-lang3 High Vendor Manifest bundle-docurl http://commons.apache.org/proper/commons-lang/ Low Vendor pom parent-artifactid commons-parent Low Vendor Manifest implementation-url http://commons.apache.org/proper/commons-lang/ Low Vendor Manifest bundle-symbolicname org.apache.commons.lang3 Medium Vendor pom parent-groupid org.apache.commons Medium Vendor pom artifactid commons-lang3 Low Vendor Manifest automatic-module-name org.apache.commons.lang3 Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Product pom name Apache Commons Lang High Product pom parent-groupid org.apache.commons Low Product pom parent-artifactid commons-parent Medium Product pom groupid apache.commons Low Product manifest Bundle-Description Apache Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang. Low Product pom description Apache Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang. Low Product file name commons-lang3 High Product Manifest bundle-docurl http://commons.apache.org/proper/commons-lang/ Low Product Manifest implementation-url http://commons.apache.org/proper/commons-lang/ Low Product pom artifactid commons-lang3 Highest Product Manifest bundle-symbolicname org.apache.commons.lang3 Medium Product Manifest Bundle-Name Apache Commons Lang Medium Product Manifest automatic-module-name org.apache.commons.lang3 Medium Product pom url http://commons.apache.org/proper/commons-lang/ Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Product Manifest specification-title Apache Commons Lang Medium Product Manifest Implementation-Title Apache Commons Lang High Version Manifest Implementation-Version 3.7 High Version file version 3.7 Highest Version pom version 3.7 Highest
maven: org.apache.commons:commons-lang3:3.7 Confidence :Highest Description:
YAML 1.1 parser and emitter for Java License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/paulo/.m2/repository/org/yaml/snakeyaml/1.17/snakeyaml-1.17.jar
MD5: ab621c3cee316236ad04a6f0fe4dd17c
SHA1: 7a27ea250c5130b2922b86dea63cbb1cc10a660c
Referenced In Project/Scope: marxls:compile
Evidence Type Source Name Value Confidence Vendor pom artifactid snakeyaml Low Vendor pom name SnakeYAML High Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low Vendor pom groupid yaml Highest Vendor pom url http://www.snakeyaml.org Highest Vendor manifest Bundle-Description YAML 1.1 parser and emitter for Java Medium Vendor Manifest bundle-symbolicname org.yaml.snakeyaml Medium Vendor file name snakeyaml High Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor pom description YAML 1.1 parser and emitter for Java Medium Vendor pom groupid org.yaml Highest Product pom name SnakeYAML High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low Product pom url http://www.snakeyaml.org Medium Product manifest Bundle-Description YAML 1.1 parser and emitter for Java Medium Product Manifest bundle-symbolicname org.yaml.snakeyaml Medium Product pom groupid yaml Low Product file name snakeyaml High Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product pom description YAML 1.1 parser and emitter for Java Medium Product Manifest Bundle-Name SnakeYAML Medium Product pom artifactid snakeyaml Highest Version file version 1.17 Highest Version pom version 1.17 Highest
maven: org.yaml:snakeyaml:1.17 Confidence :Highest Description:
Core Jackson processing abstractions (aka Streaming API), implementation for JSON License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/paulo/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.9.0/jackson-core-2.9.0.jar
MD5: 2db8443005d095a6c7464b56324a738f
SHA1: 88e7c6220be3b3497b3074d3fc7754213289b987
Referenced In Project/Scope: marxls:compile
Evidence Type Source Name Value Confidence Vendor pom description Core Jackson processing abstractions (aka Streaming API), implementation for JSON Medium Vendor Manifest Implementation-Vendor FasterXML High Vendor Manifest specification-vendor FasterXML Low Vendor pom parent-groupid com.fasterxml.jackson Medium Vendor pom name Jackson-core High Vendor pom artifactid jackson-core Low Vendor Manifest implementation-build-date 2017-07-30 04:02:37+0000 Low Vendor pom url FasterXML/jackson-core Highest Vendor pom groupid fasterxml.jackson.core Highest Vendor pom parent-artifactid jackson-parent Low Vendor file name jackson-core High Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.core Medium Vendor Manifest bundle-docurl https://github.com/FasterXML/jackson-core Low Vendor Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-core Medium Vendor manifest Bundle-Description Core Jackson processing abstractions (aka Streaming API), implementation for JSON Medium Vendor pom groupid com.fasterxml.jackson.core Highest Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product Manifest Implementation-Title Jackson-core High Product pom description Core Jackson processing abstractions (aka Streaming API), implementation for JSON Medium Product pom url FasterXML/jackson-core High Product Manifest Bundle-Name Jackson-core Medium Product pom artifactid jackson-core Highest Product pom name Jackson-core High Product Manifest implementation-build-date 2017-07-30 04:02:37+0000 Low Product pom groupid fasterxml.jackson.core Low Product pom parent-groupid com.fasterxml.jackson Low Product file name jackson-core High Product Manifest bundle-docurl https://github.com/FasterXML/jackson-core Low Product Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-core Medium Product manifest Bundle-Description Core Jackson processing abstractions (aka Streaming API), implementation for JSON Medium Product Manifest specification-title Jackson-core Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product pom parent-artifactid jackson-parent Medium Version Manifest Implementation-Version 2.9.0 High Version file version 2.9.0 Highest Version pom version 2.9.0 Highest
Related Dependencies jackson-annotations-2.9.0.jarFile Path: /home/paulo/.m2/repository/com/fasterxml/jackson/core/jackson-annotations/2.9.0/jackson-annotations-2.9.0.jar MD5: c09faa1b063681cf45706c6df50685b6 SHA1: 07c10d545325e3a6e72e06381afe469fd40eb701 jackson-dataformat-yaml-2.9.0.jarFile Path: /home/paulo/.m2/repository/com/fasterxml/jackson/dataformat/jackson-dataformat-yaml/2.9.0/jackson-dataformat-yaml-2.9.0.jar MD5: 485a61d459b63adec3bb2ad721dda8ee SHA1: bb774cd393710a8513e802dbda0f402a66a928a5 cpe: cpe:/a:fasterxml:jackson:2.9.0 Confidence :Low suppress maven: com.fasterxml.jackson.core:jackson-core:2.9.0 Confidence :Highest Description:
General data-binding functionality for Jackson: works on core streaming API License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/paulo/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.9.0/jackson-databind-2.9.0.jar
MD5: bc9eddd751df7dbe30d4c68a1662c3de
SHA1: 14fb5f088cc0b0dc90a73ba745bcade4961a3ee3
Referenced In Project/Scope: marxls:compile
Evidence Type Source Name Value Confidence Vendor manifest Bundle-Description General data-binding functionality for Jackson: works on core streaming API Medium Vendor pom artifactid jackson-databind Low Vendor Manifest bundle-docurl http://github.com/FasterXML/jackson Low Vendor Manifest implementation-build-date 2017-07-30 04:21:33+0000 Low Vendor Manifest Implementation-Vendor FasterXML High Vendor pom name jackson-databind High Vendor pom url http://github.com/FasterXML/jackson Highest Vendor Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-databind Medium Vendor Manifest specification-vendor FasterXML Low Vendor pom parent-groupid com.fasterxml.jackson Medium Vendor pom parent-artifactid jackson-bom Low Vendor pom groupid fasterxml.jackson.core Highest Vendor pom description General data-binding functionality for Jackson: works on core streaming API Medium Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.core Medium Vendor file name jackson-databind High Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Vendor pom groupid com.fasterxml.jackson.core Highest Product Manifest specification-title jackson-databind Medium Product manifest Bundle-Description General data-binding functionality for Jackson: works on core streaming API Medium Product Manifest bundle-docurl http://github.com/FasterXML/jackson Low Product Manifest implementation-build-date 2017-07-30 04:21:33+0000 Low Product pom artifactid jackson-databind Highest Product pom name jackson-databind High Product Manifest Bundle-Name jackson-databind Medium Product Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-databind Medium Product Manifest Implementation-Title jackson-databind High Product pom groupid fasterxml.jackson.core Low Product pom description General data-binding functionality for Jackson: works on core streaming API Medium Product pom parent-groupid com.fasterxml.jackson Low Product file name jackson-databind High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Product pom parent-artifactid jackson-bom Medium Product pom url http://github.com/FasterXML/jackson Medium Version Manifest Implementation-Version 2.9.0 High Version file version 2.9.0 Highest Version pom version 2.9.0 Highest
cpe: cpe:/a:fasterxml:jackson-databind:2.9.0 Confidence :Highest suppress maven: com.fasterxml.jackson.core:jackson-databind:2.9.0 Confidence :Highestcpe: cpe:/a:fasterxml:jackson:2.9.0 Confidence :Low suppress Published Vulnerabilities CVE-2017-15095 suppress
Severity:High
A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously. Vulnerable Software & Versions: (show all )
CVE-2018-1000873 suppress
Severity:Medium
Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Modules-Java8 that can result in Causes a denial-of-service (DoS). This attack appear to be exploitable via The victim deserializes malicious input, specifically very large values in the nanoseconds field of a time value. This vulnerability appears to have been fixed in 2.9.8. Vulnerable Software & Versions: (show all )
CVE-2018-12022 suppress
Severity:Medium
An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db jar (for database access for the Jodd framework) in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload. Vulnerable Software & Versions: (show all )
CVE-2018-12023 suppress
Severity:Medium
An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Oracle JDBC jar in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload. Vulnerable Software & Versions: (show all )
CVE-2018-14719 suppress
Severity:High
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization. Vulnerable Software & Versions: (show all )
CVE-2018-14720 suppress
Severity:High
FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization. Vulnerable Software & Versions: (show all )
CVE-2018-14721 suppress
Severity:High
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization. Vulnerable Software & Versions: (show all )
CVE-2018-19360 suppress
Severity:High
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization. Vulnerable Software & Versions: (show all )
CVE-2018-19361 suppress
Severity:High
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization. Vulnerable Software & Versions: (show all )
CVE-2018-19362 suppress
Severity:High
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization. Vulnerable Software & Versions: (show all )
CVE-2018-5968 suppress
Severity:Medium
FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist. Vulnerable Software & Versions: (show all )
Description:
Apache Commons Logging is a thin adapter allowing configurable bridging to other,
well known logging systems. License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/paulo/.m2/repository/commons-logging/commons-logging/1.2/commons-logging-1.2.jar
MD5: 040b4b4d8eac886f6b4a2a3bd2f31b00
SHA1: 4bfc12adfe4842bf07b657f0369c4cb522955686
Referenced In Project/Scope: marxls:compile
Evidence Type Source Name Value Confidence Vendor pom artifactid commons-logging Low Vendor pom url http://commons.apache.org/proper/commons-logging/ Highest Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor file name commons-logging High Vendor pom groupid commons-logging Highest Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom parent-artifactid commons-parent Low Vendor manifest Bundle-Description Apache Commons Logging is a thin adapter allowing configurable bridging to other, well known logging systems. Low Vendor Manifest implementation-build tags/LOGGING_1_2_RC2@r1608092; 2014-07-05 20:11:44+0200 Low Vendor pom parent-groupid org.apache.commons Medium Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest bundle-docurl http://commons.apache.org/proper/commons-logging/ Low Vendor Manifest bundle-symbolicname org.apache.commons.logging Medium Vendor pom name Apache Commons Logging High Vendor pom description Apache Commons Logging is a thin adapter allowing configurable bridging to other, well known logging systems. Low Product pom artifactid commons-logging Highest Product Manifest Implementation-Title Apache Commons Logging High Product Manifest specification-title Apache Commons Logging Medium Product pom parent-groupid org.apache.commons Low Product file name commons-logging High Product pom parent-artifactid commons-parent Medium Product pom url http://commons.apache.org/proper/commons-logging/ Medium Product manifest Bundle-Description Apache Commons Logging is a thin adapter allowing configurable bridging to other, well known logging systems. Low Product Manifest implementation-build tags/LOGGING_1_2_RC2@r1608092; 2014-07-05 20:11:44+0200 Low Product Manifest bundle-docurl http://commons.apache.org/proper/commons-logging/ Low Product Manifest bundle-symbolicname org.apache.commons.logging Medium Product pom groupid commons-logging Low Product pom name Apache Commons Logging High Product Manifest Bundle-Name Apache Commons Logging Medium Product pom description Apache Commons Logging is a thin adapter allowing configurable bridging to other, well known logging systems. Low Version pom version 1.2 Highest Version file version 1.2 Highest Version Manifest Implementation-Version 1.2 High
maven: commons-logging:commons-logging:1.2 Confidence :Highest Description:
Types that extend and augment the Java Collections Framework. License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/paulo/.m2/repository/commons-collections/commons-collections/3.2.2/commons-collections-3.2.2.jar
MD5: f54a8510f834a1a57166970bfc982e94
SHA1: 8ad72fe39fa8c91eaaf12aadb21e0c3661fe26d5
Referenced In Project/Scope: marxls:compile
Evidence Type Source Name Value Confidence Vendor pom url http://commons.apache.org/collections/ Highest Vendor pom groupid commons-collections Highest Vendor Manifest implementation-url http://commons.apache.org/collections/ Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest bundle-symbolicname org.apache.commons.collections Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor manifest Bundle-Description Types that extend and augment the Java Collections Framework. Medium Vendor Manifest implementation-build tags/COLLECTIONS_3_2_2_RC3@r1714131; 2015-11-13 00:09:45+0100 Low Vendor pom parent-artifactid commons-parent Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.3))" Low Vendor file name commons-collections High Vendor pom parent-groupid org.apache.commons Medium Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest bundle-docurl http://commons.apache.org/collections/ Low Vendor pom name Apache Commons Collections High Vendor pom artifactid commons-collections Low Vendor pom description Types that extend and augment the Java Collections Framework. Medium Product Manifest Bundle-Name Apache Commons Collections Medium Product pom groupid commons-collections Low Product Manifest implementation-url http://commons.apache.org/collections/ Low Product pom parent-groupid org.apache.commons Low Product pom parent-artifactid commons-parent Medium Product Manifest bundle-symbolicname org.apache.commons.collections Medium Product manifest Bundle-Description Types that extend and augment the Java Collections Framework. Medium Product Manifest implementation-build tags/COLLECTIONS_3_2_2_RC3@r1714131; 2015-11-13 00:09:45+0100 Low Product pom url http://commons.apache.org/collections/ Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.3))" Low Product file name commons-collections High Product Manifest bundle-docurl http://commons.apache.org/collections/ Low Product pom name Apache Commons Collections High Product pom description Types that extend and augment the Java Collections Framework. Medium Product Manifest specification-title Apache Commons Collections Medium Product pom artifactid commons-collections Highest Product Manifest Implementation-Title Apache Commons Collections High Version pom version 3.2.2 Highest Version Manifest Implementation-Version 3.2.2 High Version file version 3.2.2 Highest
cpe: cpe:/a:apache:commons_collections:3.2.2 Confidence :Low suppress maven: commons-collections:commons-collections:3.2.2 Confidence :Highest Description:
Apache Commons BeanUtils provides an easy-to-use but flexible wrapper around reflection and introspection. License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/paulo/.m2/repository/commons-beanutils/commons-beanutils/1.9.3/commons-beanutils-1.9.3.jar
MD5: 4a105c9d029a7edc6f2b16567d37eab6
SHA1: c845703de334ddc6b4b3cd26835458cb1cba1f3d
Referenced In Project/Scope: marxls:compile
Evidence Type Source Name Value Confidence Vendor Manifest bundle-docurl https://commons.apache.org/proper/commons-beanutils/ Low Vendor pom description Apache Commons BeanUtils provides an easy-to-use but flexible wrapper around reflection and introspection. Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom artifactid commons-beanutils Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom groupid commons-beanutils Highest Vendor pom parent-artifactid commons-parent Low Vendor pom url https://commons.apache.org/proper/commons-beanutils/ Highest Vendor Manifest implementation-build tags/BEANUTILS_1_9_3_RC3@r1761785; 2016-09-21 16:19:55+0000 Low Vendor manifest Bundle-Description Apache Commons BeanUtils provides an easy-to-use but flexible wrapper around reflection and introspection. Low Vendor pom name Apache Commons BeanUtils High Vendor pom parent-groupid org.apache.commons Medium Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest implementation-url https://commons.apache.org/proper/commons-beanutils/ Low Vendor file name commons-beanutils High Vendor Manifest bundle-symbolicname org.apache.commons.beanutils Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product Manifest bundle-docurl https://commons.apache.org/proper/commons-beanutils/ Low Product pom description Apache Commons BeanUtils provides an easy-to-use but flexible wrapper around reflection and introspection. Low Product pom artifactid commons-beanutils Highest Product pom parent-groupid org.apache.commons Low Product pom parent-artifactid commons-parent Medium Product pom groupid commons-beanutils Low Product Manifest implementation-build tags/BEANUTILS_1_9_3_RC3@r1761785; 2016-09-21 16:19:55+0000 Low Product manifest Bundle-Description Apache Commons BeanUtils provides an easy-to-use but flexible wrapper around reflection and introspection. Low Product pom name Apache Commons BeanUtils High Product Manifest implementation-url https://commons.apache.org/proper/commons-beanutils/ Low Product Manifest specification-title Apache Commons BeanUtils Medium Product file name commons-beanutils High Product Manifest bundle-symbolicname org.apache.commons.beanutils Medium Product Manifest Implementation-Title Apache Commons BeanUtils High Product pom url https://commons.apache.org/proper/commons-beanutils/ Medium Product Manifest Bundle-Name Apache Commons BeanUtils Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Version file version 1.9.3 Highest Version Manifest Implementation-Version 1.9.3 High Version pom version 1.9.3 Highest
cpe: cpe:/a:apache:commons_beanutils:1.9.3 Confidence :Low suppress maven: commons-beanutils:commons-beanutils:1.9.3 Confidence :Highest