Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies;
false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and
the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties,
implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided
is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever
arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
Scan Information (
show all ):
dependency-check version : 3.2.1Report Generated On : Aug 27, 2018 at 22:14:44 -03:00Dependencies Scanned : 40 (28 unique)Vulnerable Dependencies : 1 Vulnerabilities Found : 1Vulnerabilities Suppressed : 0... NVD CVE 2002 : 14/08/2018 05:28:49NVD CVE 2003 : 14/08/2018 05:25:07NVD CVE 2004 : 15/08/2018 05:16:37NVD CVE 2005 : 15/08/2018 05:14:46NVD CVE 2006 : 15/08/2018 05:11:39NVD CVE 2007 : 15/08/2018 05:06:55NVD CVE 2008 : 15/08/2018 05:02:24NVD CVE 2009 : 15/08/2018 04:57:28NVD CVE 2010 : 15/08/2018 04:53:24NVD CVE 2011 : 21/08/2018 19:47:53NVD CVE 2012 : 15/08/2018 04:41:21NVD CVE 2013 : 14/08/2018 04:42:48NVD CVE 2014 : 15/08/2018 04:36:43NVD CVE 2015 : 21/08/2018 19:47:54NVD CVE 2016 : 21/08/2018 19:47:54NVD CVE 2017 : 21/08/2018 19:47:54NVD CVE 2018 : 21/08/2018 04:05:30NVD CVE Checked : 27/08/2018 22:14:39NVD CVE Modified : 27/08/2018 21:02:21VersionCheckOn : 1534897549191Display:
Showing Vulnerable Dependencies (click to show all) Dependencies Description:
Java(TM) Servlet 3.1 API Design Specification License:
CDDL + GPLv2 with classpath exception: https://glassfish.dev.java.net/nonav/public/CDDL+GPL.html File Path: /home/paulo/.m2/repository/javax/servlet/javax.servlet-api/3.1.0/javax.servlet-api-3.1.0.jar
MD5: 79de69e9f5ed8c7fcb8342585732bbf7
SHA1: 3cd63d075497751784b2fa84be59432f4905bf7c
Referenced In Project/Scope: rip:compile
Evidence Type Source Name Value Confidence Vendor pom parent-artifactid jvnet-parent Low Vendor pom url http://servlet-spec.java.net Highest Vendor manifest Bundle-Description Java(TM) Servlet 3.1 API Design Specification Medium Vendor file name javax.servlet-api High Vendor pom parent-groupid net.java Medium Vendor Manifest Implementation-Vendor-Id org.glassfish Medium Vendor pom name Java Servlet API High Vendor Manifest bundle-symbolicname javax.servlet-api Medium Vendor Manifest bundle-docurl https://glassfish.dev.java.net Low Vendor pom organization url https://glassfish.dev.java.net Medium Vendor Manifest specification-vendor Oracle Corporation Low Vendor Manifest extension-name javax.servlet Medium Vendor pom groupid javax.servlet Highest Vendor Manifest Implementation-Vendor GlassFish Community High Vendor pom organization name GlassFish Community High Vendor pom artifactid javax.servlet-api Low Product Manifest Bundle-Name Java Servlet API Medium Product pom organization url https://glassfish.dev.java.net Low Product manifest Bundle-Description Java(TM) Servlet 3.1 API Design Specification Medium Product file name javax.servlet-api High Product pom parent-groupid net.java Low Product pom name Java Servlet API High Product Manifest bundle-symbolicname javax.servlet-api Medium Product Manifest bundle-docurl https://glassfish.dev.java.net Low Product pom url http://servlet-spec.java.net Medium Product Manifest extension-name javax.servlet Medium Product pom groupid javax.servlet Low Product pom parent-artifactid jvnet-parent Medium Product pom organization name GlassFish Community Low Product pom artifactid javax.servlet-api Highest Version Manifest Implementation-Version 3.1.0 High Version file version 3.1.0 Highest Version pom version 3.1.0 Highest
maven: javax.servlet:javax.servlet-api:3.1.0 Confidence :Highest Description:
Jetty module for Jetty :: IO Utility License:
http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php File Path: /home/paulo/.m2/repository/org/eclipse/jetty/jetty-io/9.4.8.v20171121/jetty-io-9.4.8.v20171121.jar
MD5: b7cf135927d91368e8813354c1048f43
SHA1: d3fe2dfa62f52ee91ff07cb359f63387e0e30b40
Referenced In Project/Scope: rip:compile
Evidence Type Source Name Value Confidence Vendor Manifest bundle-docurl http://www.eclipse.org/jetty Low Vendor Manifest originally-created-by Apache Maven Bundle Plugin Low Vendor Manifest url http://www.eclipse.org/jetty Low Vendor file name jetty-io High Vendor Manifest bundle-copyright Copyright (c) 2008-2017 Mort Bay Consulting Pty. Ltd. Low Vendor pom groupid org.eclipse.jetty Highest Vendor pom parent-artifactid jetty-project Low Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.8 Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor pom groupid eclipse.jetty Highest Vendor Manifest Implementation-Vendor Eclipse.org - Jetty High Vendor pom artifactid jetty-io Low Vendor Manifest bundle-symbolicname org.eclipse.jetty.io Medium Vendor pom name Jetty :: IO Utility High Vendor manifest Bundle-Description Jetty module for Jetty :: IO Utility Medium Vendor pom url http://www.eclipse.org/jetty Highest Vendor pom parent-groupid org.eclipse.jetty Medium Product Manifest Bundle-Name Jetty :: IO Utility Medium Product Manifest bundle-docurl http://www.eclipse.org/jetty Low Product Manifest originally-created-by Apache Maven Bundle Plugin Low Product Manifest url http://www.eclipse.org/jetty Low Product pom groupid eclipse.jetty Low Product file name jetty-io High Product Manifest bundle-copyright Copyright (c) 2008-2017 Mort Bay Consulting Pty. Ltd. Low Product Manifest bundle-requiredexecutionenvironment JavaSE-1.8 Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product pom parent-groupid org.eclipse.jetty Low Product pom artifactid jetty-io Highest Product pom parent-artifactid jetty-project Medium Product Manifest bundle-symbolicname org.eclipse.jetty.io Medium Product pom url http://www.eclipse.org/jetty Medium Product pom name Jetty :: IO Utility High Product manifest Bundle-Description Jetty module for Jetty :: IO Utility Medium Version Manifest Implementation-Version 9.4.8.v20171121 High Version pom version 9.4.8.v20171121 Highest Version file version 9.4.8.v20171121 Highest
maven: org.eclipse.jetty:jetty-io:9.4.8.v20171121 Confidence :Highest Description:
The jetty xml utilities. License:
http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php File Path: /home/paulo/.m2/repository/org/eclipse/jetty/jetty-xml/9.4.8.v20171121/jetty-xml-9.4.8.v20171121.jar
MD5: 2389d2577916fc18a3c1e0e1af668b92
SHA1: b0d6f87f580a9bd7fa9aaf9b7448bf63cf0ac34f
Referenced In Project/Scope: rip:compile
Evidence Type Source Name Value Confidence Vendor pom name Jetty :: XML utilities High Vendor Manifest bundle-symbolicname org.eclipse.jetty.xml Medium Vendor Manifest bundle-docurl http://www.eclipse.org/jetty Low Vendor Manifest originally-created-by Apache Maven Bundle Plugin Low Vendor file name jetty-xml High Vendor pom description The jetty xml utilities. Medium Vendor Manifest url http://www.eclipse.org/jetty Low Vendor Manifest bundle-copyright Copyright (c) 2008-2017 Mort Bay Consulting Pty. Ltd. Low Vendor pom groupid org.eclipse.jetty Highest Vendor pom parent-artifactid jetty-project Low Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.8 Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor pom groupid eclipse.jetty Highest Vendor Manifest Implementation-Vendor Eclipse.org - Jetty High Vendor manifest Bundle-Description Jetty module for Jetty :: XML utilities Medium Vendor pom artifactid jetty-xml Low Vendor pom url http://www.eclipse.org/jetty Highest Vendor pom parent-groupid org.eclipse.jetty Medium Product pom name Jetty :: XML utilities High Product Manifest bundle-symbolicname org.eclipse.jetty.xml Medium Product Manifest bundle-docurl http://www.eclipse.org/jetty Low Product Manifest originally-created-by Apache Maven Bundle Plugin Low Product file name jetty-xml High Product pom description The jetty xml utilities. Medium Product Manifest url http://www.eclipse.org/jetty Low Product pom groupid eclipse.jetty Low Product Manifest bundle-copyright Copyright (c) 2008-2017 Mort Bay Consulting Pty. Ltd. Low Product Manifest bundle-requiredexecutionenvironment JavaSE-1.8 Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product pom artifactid jetty-xml Highest Product pom parent-groupid org.eclipse.jetty Low Product manifest Bundle-Description Jetty module for Jetty :: XML utilities Medium Product Manifest Bundle-Name Jetty :: XML utilities Medium Product pom parent-artifactid jetty-project Medium Product pom url http://www.eclipse.org/jetty Medium Version Manifest Implementation-Version 9.4.8.v20171121 High Version pom version 9.4.8.v20171121 Highest Version file version 9.4.8.v20171121 Highest
Related Dependencies jetty-http-9.4.8.v20171121.jarFile Path: /home/paulo/.m2/repository/org/eclipse/jetty/jetty-http/9.4.8.v20171121/jetty-http-9.4.8.v20171121.jar MD5: 57af2d4ce5882a0108c762af272fc7f5 SHA1: 9879d6c4e37400bf43f0cd4b3c6e34a3ba409864 jetty-server-9.4.8.v20171121.jarFile Path: /home/paulo/.m2/repository/org/eclipse/jetty/jetty-server/9.4.8.v20171121/jetty-server-9.4.8.v20171121.jar MD5: 77ba4a59440ceb24a7aea5060adb08a6 SHA1: 34614bd9a29de57ef28ca31f1f2b49a412af196d jetty-client-9.4.8.v20171121.jarFile Path: /home/paulo/.m2/repository/org/eclipse/jetty/jetty-client/9.4.8.v20171121/jetty-client-9.4.8.v20171121.jar MD5: 86c16eb0a6f32cdfc38d906c1992e422 SHA1: e93cac2ce46e81ee8b36288cf7e19d3bac82d536 jetty-servlet-9.4.8.v20171121.jarFile Path: /home/paulo/.m2/repository/org/eclipse/jetty/jetty-servlet/9.4.8.v20171121/jetty-servlet-9.4.8.v20171121.jar MD5: b02628051d9030595ac46aaaf9ea978a SHA1: bbbb9b5de08f468c7b9b3de6aea0b098d2c679b6 jetty-security-9.4.8.v20171121.jarFile Path: /home/paulo/.m2/repository/org/eclipse/jetty/jetty-security/9.4.8.v20171121/jetty-security-9.4.8.v20171121.jar MD5: ec45c08d3ec28099293715e46c41df60 SHA1: e8350eec683b55494287f06740543e4be6f75425 jetty-webapp-9.4.8.v20171121.jarFile Path: /home/paulo/.m2/repository/org/eclipse/jetty/jetty-webapp/9.4.8.v20171121/jetty-webapp-9.4.8.v20171121.jar MD5: 934cc6d9aac3a24a69c96dfddb94af1e SHA1: 695278449233cee9bae9eed930a5264b574774f0 jetty-util-9.4.8.v20171121.jarFile Path: /home/paulo/.m2/repository/org/eclipse/jetty/jetty-util/9.4.8.v20171121/jetty-util-9.4.8.v20171121.jar MD5: c3622460f80b2baad98c2b0cc188c05e SHA1: d6ec1a1613c7fa72aa6bf5d8c204750afbc3df3b cpe: cpe:/a:eclipse:jetty:9.4.8.v20171121 Confidence :Low suppress cpe: cpe:/a:jetty:jetty:9.4.8.v20171121 Confidence :Low suppress maven: org.eclipse.jetty:jetty-xml:9.4.8.v20171121 Confidence :Highest Description:
Jetty module for Jetty :: Websocket :: Common License:
http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php File Path: /home/paulo/.m2/repository/org/eclipse/jetty/websocket/websocket-common/9.4.8.v20171121/websocket-common-9.4.8.v20171121.jar
MD5: 866abae06fcf8d1a5e90ce636c7e8d12
SHA1: 82cd6d9caa68baf6557176159e6e5c37faed0e9b
Referenced In Project/Scope: rip:compile
Evidence Type Source Name Value Confidence Vendor pom artifactid websocket-common Low Vendor Manifest bundle-docurl http://www.eclipse.org/jetty Low Vendor pom parent-artifactid websocket-parent Low Vendor Manifest originally-created-by Apache Maven Bundle Plugin Low Vendor Manifest bundle-symbolicname org.eclipse.jetty.websocket.common Medium Vendor Manifest url http://www.eclipse.org/jetty Low Vendor pom name Jetty :: Websocket :: Common High Vendor pom groupid org.eclipse.jetty.websocket Highest Vendor Manifest bundle-copyright Copyright (c) 2008-2017 Mort Bay Consulting Pty. Ltd. Low Vendor file name websocket-common High Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.8 Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor Manifest Implementation-Vendor Eclipse.org - Jetty High Vendor manifest Bundle-Description Jetty module for Jetty :: Websocket :: Common Medium Vendor pom parent-groupid org.eclipse.jetty.websocket Medium Vendor pom groupid eclipse.jetty.websocket Highest Product pom artifactid websocket-common Highest Product Manifest bundle-docurl http://www.eclipse.org/jetty Low Product Manifest originally-created-by Apache Maven Bundle Plugin Low Product pom groupid eclipse.jetty.websocket Low Product Manifest bundle-symbolicname org.eclipse.jetty.websocket.common Medium Product pom parent-groupid org.eclipse.jetty.websocket Low Product Manifest url http://www.eclipse.org/jetty Low Product pom name Jetty :: Websocket :: Common High Product Manifest bundle-copyright Copyright (c) 2008-2017 Mort Bay Consulting Pty. Ltd. Low Product Manifest Bundle-Name Jetty :: Websocket :: Common Medium Product file name websocket-common High Product Manifest bundle-requiredexecutionenvironment JavaSE-1.8 Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product pom parent-artifactid websocket-parent Medium Product manifest Bundle-Description Jetty module for Jetty :: Websocket :: Common Medium Version Manifest Implementation-Version 9.4.8.v20171121 High Version pom version 9.4.8.v20171121 Highest Version file version 9.4.8.v20171121 Highest
Related Dependencies websocket-servlet-9.4.8.v20171121.jarFile Path: /home/paulo/.m2/repository/org/eclipse/jetty/websocket/websocket-servlet/9.4.8.v20171121/websocket-servlet-9.4.8.v20171121.jar MD5: 48bad0d6b2d6f9531759dbcc5ee65a15 SHA1: 9061f66101a8654ae1a55a3336438473f1b00713 websocket-client-9.4.8.v20171121.jarFile Path: /home/paulo/.m2/repository/org/eclipse/jetty/websocket/websocket-client/9.4.8.v20171121/websocket-client-9.4.8.v20171121.jar MD5: 56ef7aa7ab3ba86f391dafb299b2188d SHA1: f83fc3fbd52109a57d09b3ef88b715a36e8acdb4 websocket-server-9.4.8.v20171121.jarFile Path: /home/paulo/.m2/repository/org/eclipse/jetty/websocket/websocket-server/9.4.8.v20171121/websocket-server-9.4.8.v20171121.jar MD5: bbfe21b2e7180c938721e1ef1fb2fd98 SHA1: c6ae10f65664d90e24dede5dec23098f5f4c3a58 maven: org.eclipse.jetty.websocket:websocket-common:9.4.8.v20171121 Confidence :Highestcpe: cpe:/a:eclipse:jetty:9.4.8.v20171121 Confidence :Low suppress cpe: cpe:/a:jetty:jetty:9.4.8.v20171121 Confidence :Low suppress Description:
Jetty module for Jetty :: Websocket :: API License:
http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php File Path: /home/paulo/.m2/repository/org/eclipse/jetty/websocket/websocket-api/9.4.8.v20171121/websocket-api-9.4.8.v20171121.jar
MD5: a982aafeda9238f41b8fa87ac787fd23
SHA1: 6d889f9a8b5fd2a573c6d1d518c7e119a6d8c170
Referenced In Project/Scope: rip:compile
Evidence Type Source Name Value Confidence Vendor pom name Jetty :: Websocket :: API High Vendor Manifest bundle-docurl http://www.eclipse.org/jetty Low Vendor pom parent-artifactid websocket-parent Low Vendor Manifest originally-created-by Apache Maven Bundle Plugin Low Vendor file name websocket-api High Vendor Manifest url http://www.eclipse.org/jetty Low Vendor pom groupid org.eclipse.jetty.websocket Highest Vendor Manifest bundle-copyright Copyright (c) 2008-2017 Mort Bay Consulting Pty. Ltd. Low Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.8 Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor Manifest Implementation-Vendor Eclipse.org - Jetty High Vendor pom artifactid websocket-api Low Vendor Manifest bundle-symbolicname org.eclipse.jetty.websocket.api Medium Vendor manifest Bundle-Description Jetty module for Jetty :: Websocket :: API Medium Vendor pom parent-groupid org.eclipse.jetty.websocket Medium Vendor pom groupid eclipse.jetty.websocket Highest Product pom name Jetty :: Websocket :: API High Product Manifest bundle-docurl http://www.eclipse.org/jetty Low Product Manifest originally-created-by Apache Maven Bundle Plugin Low Product pom groupid eclipse.jetty.websocket Low Product pom parent-groupid org.eclipse.jetty.websocket Low Product file name websocket-api High Product Manifest url http://www.eclipse.org/jetty Low Product Manifest bundle-copyright Copyright (c) 2008-2017 Mort Bay Consulting Pty. Ltd. Low Product pom artifactid websocket-api Highest Product Manifest bundle-requiredexecutionenvironment JavaSE-1.8 Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product pom parent-artifactid websocket-parent Medium Product Manifest Bundle-Name Jetty :: Websocket :: API Medium Product Manifest bundle-symbolicname org.eclipse.jetty.websocket.api Medium Product manifest Bundle-Description Jetty module for Jetty :: Websocket :: API Medium Version Manifest Implementation-Version 9.4.8.v20171121 High Version pom version 9.4.8.v20171121 Highest Version file version 9.4.8.v20171121 Highest
maven: org.eclipse.jetty.websocket:websocket-api:9.4.8.v20171121 Confidence :Highest Description:
A Sinatra inspired java web framework License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/paulo/.m2/repository/com/sparkjava/spark-core/2.7.2/spark-core-2.7.2.jar
MD5: 1c59a69913622d25d39efe91ddbe264a
SHA1: b832cca2704a96c027424efafec3fe39392f5aab
Referenced In Project/Scope: rip:compile
Evidence Type Source Name Value Confidence Vendor file name spark-core High Vendor pom artifactid spark-core Low Vendor pom name Spark High Vendor pom groupid com.sparkjava Highest Vendor manifest Bundle-Description A Sinatra inspired java web framework Medium Vendor pom groupid sparkjava Highest Vendor pom description A Sinatra inspired java web framework Medium Vendor pom url http://www.sparkjava.com Highest Vendor Manifest bundle-symbolicname com.sparkjava.spark-core Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product file name spark-core High Product Manifest Bundle-Name Spark Medium Product pom groupid sparkjava Low Product pom url http://www.sparkjava.com Medium Product pom artifactid spark-core Highest Product pom name Spark High Product manifest Bundle-Description A Sinatra inspired java web framework Medium Product pom description A Sinatra inspired java web framework Medium Product Manifest bundle-symbolicname com.sparkjava.spark-core Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Version pom version 2.7.2 Highest Version file version 2.7.2 Highest
maven: com.sparkjava:spark-core:2.7.2 Confidence :Highestcpe: cpe:/a:sparkjava:spark:2.7.2 Confidence :Low suppress Description:
The slf4j API File Path: /home/paulo/.m2/repository/org/slf4j/slf4j-api/1.7.25/slf4j-api-1.7.25.jarMD5: caafe376afb7086dcbee79f780394ca3SHA1: da76ca59f6a57ee3102f8f9bd9cee742973efa8aReferenced In Project/Scope: rip:compile
Evidence Type Source Name Value Confidence Vendor pom groupid org.slf4j Highest Vendor pom url http://www.slf4j.org Highest Vendor manifest Bundle-Description The slf4j API Medium Vendor pom groupid slf4j Highest Vendor file name slf4j-api High Vendor pom parent-artifactid slf4j-parent Low Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor Manifest bundle-symbolicname slf4j.api Medium Vendor pom parent-groupid org.slf4j Medium Vendor pom name SLF4J API Module High Vendor pom artifactid slf4j-api Low Vendor pom description The slf4j API Medium Product pom artifactid slf4j-api Highest Product manifest Bundle-Description The slf4j API Medium Product file name slf4j-api High Product Manifest Bundle-Name slf4j-api Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product Manifest bundle-symbolicname slf4j.api Medium Product pom groupid slf4j Low Product pom parent-artifactid slf4j-parent Medium Product pom url http://www.slf4j.org Medium Product pom name SLF4J API Module High Product Manifest Implementation-Title slf4j-api High Product pom parent-groupid org.slf4j Low Product pom description The slf4j API Medium Version file version 1.7.25 Highest Version Manifest Implementation-Version 1.7.25 High Version pom version 1.7.25 Highest
maven: org.slf4j:slf4j-api:1.7.25 Confidence :Highestcpe: cpe:/a:slf4j:slf4j:1.7.25 Confidence :Low suppress Description:
Apache Commons CLI provides a simple API for presenting, processing and validating a command line interface.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/paulo/.m2/repository/commons-cli/commons-cli/1.4/commons-cli-1.4.jar
MD5: c966d7e03507c834d5b09b848560174e
SHA1: c51c00206bb913cd8612b24abd9fa98ae89719b1
Referenced In Project/Scope: rip:compile
Evidence Type Source Name Value Confidence Vendor pom groupid commons-cli Highest Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor Manifest implementation-url http://commons.apache.org/proper/commons-cli/ Low Vendor pom description Apache Commons CLI provides a simple API for presenting, processing and validating a command line interface. Low Vendor pom parent-artifactid commons-parent Low Vendor pom url http://commons.apache.org/proper/commons-cli/ Highest Vendor pom artifactid commons-cli Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom parent-groupid org.apache.commons Medium Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor manifest Bundle-Description Apache Commons CLI provides a simple API for presenting, processing and validating a command line interface. Low Vendor Manifest bundle-symbolicname org.apache.commons.cli Medium Vendor Manifest implementation-build tags/cli-1.4-RC1@r1786159; 2017-03-09 13:01:35+0000 Low Vendor Manifest bundle-docurl http://commons.apache.org/proper/commons-cli/ Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low Vendor pom name Apache Commons CLI High Vendor file name commons-cli High Product pom groupid commons-cli Low Product Manifest implementation-url http://commons.apache.org/proper/commons-cli/ Low Product pom description Apache Commons CLI provides a simple API for presenting, processing and validating a command line interface. Low Product Manifest specification-title Apache Commons CLI Medium Product pom url http://commons.apache.org/proper/commons-cli/ Medium Product Manifest Bundle-Name Apache Commons CLI Medium Product pom artifactid commons-cli Highest Product manifest Bundle-Description Apache Commons CLI provides a simple API for presenting, processing and validating a command line interface. Low Product Manifest bundle-symbolicname org.apache.commons.cli Medium Product Manifest implementation-build tags/cli-1.4-RC1@r1786159; 2017-03-09 13:01:35+0000 Low Product Manifest bundle-docurl http://commons.apache.org/proper/commons-cli/ Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low Product pom name Apache Commons CLI High Product pom parent-artifactid commons-parent Medium Product pom parent-groupid org.apache.commons Low Product Manifest Implementation-Title Apache Commons CLI High Product file name commons-cli High Version pom version 1.4 Highest Version Manifest Implementation-Version 1.4 High Version file version 1.4 Highest
maven: commons-cli:commons-cli:1.4 Confidence :Highest Description:
Apache Commons Lang, a package of Java utility classes for the
classes that are in java.lang's hierarchy, or are considered to be so
standard as to justify existence in java.lang.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/paulo/.m2/repository/org/apache/commons/commons-lang3/3.8/commons-lang3-3.8.jar
MD5: 0e9023b7d40f09a8f7bdb32889ef4449
SHA1: 222fc4cf714a63f27cbdafdbd863efd0d30c8a1e
Referenced In Project/Scope: rip:compile
Evidence Type Source Name Value Confidence Vendor pom description Apache Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang. Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor manifest Bundle-Description Apache Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang. Low Vendor pom name Apache Commons Lang High Vendor pom parent-artifactid commons-parent Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache.commons Medium Vendor pom parent-groupid org.apache.commons Medium Vendor Manifest automatic-module-name org.apache.commons.lang3 Medium Vendor Manifest bundle-docurl http://commons.apache.org/proper/commons-lang/ Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Vendor Manifest bundle-symbolicname org.apache.commons.commons-lang3 Medium Vendor pom groupid apache.commons Highest Vendor pom artifactid commons-lang3 Low Vendor pom groupid org.apache.commons Highest Vendor Manifest implementation-url http://commons.apache.org/proper/commons-lang/ Low Vendor file name commons-lang3 High Vendor pom url http://commons.apache.org/proper/commons-lang/ Highest Product pom description Apache Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang. Low Product manifest Bundle-Description Apache Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang. Low Product pom name Apache Commons Lang High Product Manifest specification-title Apache Commons Lang Medium Product Manifest Bundle-Name Apache Commons Lang Medium Product Manifest Implementation-Title Apache Commons Lang High Product Manifest automatic-module-name org.apache.commons.lang3 Medium Product Manifest bundle-docurl http://commons.apache.org/proper/commons-lang/ Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Product pom groupid apache.commons Low Product Manifest bundle-symbolicname org.apache.commons.commons-lang3 Medium Product Manifest implementation-url http://commons.apache.org/proper/commons-lang/ Low Product pom url http://commons.apache.org/proper/commons-lang/ Medium Product pom artifactid commons-lang3 Highest Product pom parent-artifactid commons-parent Medium Product file name commons-lang3 High Product pom parent-groupid org.apache.commons Low Version Manifest Implementation-Version 3.8 High Version file version 3.8 Highest Version pom version 3.8 Highest
maven: org.apache.commons:commons-lang3:3.8 Confidence :Highest Description:
Core Jackson processing abstractions (aka Streaming API), implementation for JSON License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/paulo/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.9.6/jackson-core-2.9.6.jar
MD5: f3cf83b839fac92307cad542c2ded5c4
SHA1: 4e393793c37c77e042ccc7be5a914ae39251b365
Referenced In Project/Scope: rip:compile
Evidence Type Source Name Value Confidence Vendor pom artifactid jackson-core Low Vendor Manifest specification-vendor FasterXML Low Vendor pom parent-artifactid jackson-base Low Vendor Manifest Implementation-Vendor FasterXML High Vendor Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-core Medium Vendor Manifest automatic-module-name com.fasterxml.jackson.core Medium Vendor pom url FasterXML/jackson-core Highest Vendor manifest Bundle-Description Core Jackson processing abstractions (aka Streaming API), implementation for JSON Medium Vendor pom groupid com.fasterxml.jackson.core Highest Vendor pom name Jackson-core High Vendor file name jackson-core High Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.core Medium Vendor Manifest bundle-docurl https://github.com/FasterXML/jackson-core Low Vendor Manifest implementation-build-date 2018-06-12 00:53:14+0000 Low Vendor pom groupid fasterxml.jackson.core Highest Vendor pom parent-groupid com.fasterxml.jackson Medium Vendor pom description Core Jackson processing abstractions (aka Streaming API), implementation for JSON Medium Product Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-core Medium Product Manifest automatic-module-name com.fasterxml.jackson.core Medium Product Manifest Implementation-Title Jackson-core High Product Manifest Bundle-Name Jackson-core Medium Product pom parent-groupid com.fasterxml.jackson Low Product pom url FasterXML/jackson-core High Product Manifest specification-title Jackson-core Medium Product manifest Bundle-Description Core Jackson processing abstractions (aka Streaming API), implementation for JSON Medium Product pom name Jackson-core High Product file name jackson-core High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product pom parent-artifactid jackson-base Medium Product pom groupid fasterxml.jackson.core Low Product pom artifactid jackson-core Highest Product Manifest bundle-docurl https://github.com/FasterXML/jackson-core Low Product Manifest implementation-build-date 2018-06-12 00:53:14+0000 Low Product pom description Core Jackson processing abstractions (aka Streaming API), implementation for JSON Medium Version pom version 2.9.6 Highest Version Manifest Implementation-Version 2.9.6 High Version file version 2.9.6 Highest
cpe: cpe:/a:fasterxml:jackson:2.9.6 Confidence :Low suppress maven: com.fasterxml.jackson.core:jackson-core:2.9.6 Confidence :Highest Description:
JSR305 Annotations for Findbugs License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/paulo/.m2/repository/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar
MD5: dd83accb899363c32b07d7a1b2e4ce40
SHA1: 25ea2e8b0c338a877313bd4672d3fe056ea78f0d
Referenced In Project/Scope: rip:compile
Evidence Type Source Name Value Confidence Vendor pom url http://findbugs.sourceforge.net/ Highest Vendor pom groupid google.code.findbugs Highest Vendor pom name FindBugs-jsr305 High Vendor Manifest bundle-symbolicname org.jsr-305 Medium Vendor pom artifactid jsr305 Low Vendor pom groupid com.google.code.findbugs Highest Vendor pom description JSR305 Annotations for Findbugs Medium Vendor file name jsr305 High Vendor manifest Bundle-Description JSR305 Annotations for Findbugs Medium Product pom name FindBugs-jsr305 High Product Manifest bundle-symbolicname org.jsr-305 Medium Product pom url http://findbugs.sourceforge.net/ Medium Product pom groupid google.code.findbugs Low Product pom artifactid jsr305 Highest Product pom description JSR305 Annotations for Findbugs Medium Product file name jsr305 High Product manifest Bundle-Description JSR305 Annotations for Findbugs Medium Product Manifest Bundle-Name FindBugs-jsr305 Medium Version file version 3.0.2 Highest Version pom version 3.0.2 Highest
maven: com.google.code.findbugs:jsr305:3.0.2 Confidence :Highest Description:
Checker Qual is the set of annotations (qualifiers) and supporting classes
used by the Checker Framework to type check Java source code. Please
see artifact:
org.checkerframework:checker
License:
The MIT License: http://opensource.org/licenses/MIT File Path: /home/paulo/.m2/repository/org/checkerframework/checker-qual/2.5.2/checker-qual-2.5.2.jar
MD5: 04acc78b24bbd365423da357da003cf0
SHA1: cea74543d5904a30861a61b4643a5f2bb372efc4
Referenced In Project/Scope: rip:compile
Evidence Type Source Name Value Confidence Vendor file name checker-qual High Vendor pom groupid checkerframework Highest Vendor Manifest implementation-url https://checkerframework.org Low Vendor pom url https://checkerframework.org Highest Vendor pom name Checker Qual High Vendor pom artifactid checker-qual Low Vendor pom description Checker Qual is the set of annotations (qualifiers) and supporting classes used by the Checker Framework to type check Java source code. Please see artifact: org.checkerframework:checker Low Vendor pom groupid org.checkerframework Highest Product pom artifactid checker-qual Highest Product file name checker-qual High Product pom groupid checkerframework Low Product Manifest implementation-url https://checkerframework.org Low Product pom url https://checkerframework.org Medium Product pom name Checker Qual High Product pom description Checker Qual is the set of annotations (qualifiers) and supporting classes used by the Checker Framework to type check Java source code. Please see artifact: org.checkerframework:checker Low Version file version 2.5.2 Highest Version pom version 2.5.2 Highest Version Manifest Implementation-Version 2.5.2 High
maven: org.checkerframework:checker-qual:2.5.2 Confidence :Highest License:
Apache 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/paulo/.m2/repository/com/google/errorprone/error_prone_annotations/2.1.3/error_prone_annotations-2.1.3.jar
MD5: 97504b36cf871722d81a4b9e114f2a16
SHA1: 39b109f2cd352b2d71b52a3b5a1a9850e1dc304b
Referenced In Project/Scope: rip:compile
Evidence Type Source Name Value Confidence Vendor jar package name errorprone Low Vendor pom groupid com.google.errorprone Highest Vendor pom name error-prone annotations High Vendor jar package name annotations Low Vendor file name error_prone_annotations High Vendor pom parent-groupid com.google.errorprone Medium Vendor pom parent-artifactid error_prone_parent Low Vendor jar package name google Low Vendor pom artifactid error_prone_annotations Low Vendor pom groupid google.errorprone Highest Product pom groupid google.errorprone Low Product jar package name errorprone Low Product pom parent-artifactid error_prone_parent Medium Product pom name error-prone annotations High Product jar package name annotations Low Product file name error_prone_annotations High Product pom artifactid error_prone_annotations Highest Product pom parent-groupid com.google.errorprone Low Version file version 2.1.3 Highest Version pom version 2.1.3 Highest
maven: com.google.errorprone:error_prone_annotations:2.1.3 Confidence :Highest Description:
A set of annotations that provide additional information to the J2ObjC
translator to modify the result of translation.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/paulo/.m2/repository/com/google/j2objc/j2objc-annotations/1.1/j2objc-annotations-1.1.jar
MD5: 49ae3204bb0bb9b2ac77062641f4a6d7
SHA1: ed28ded51a8b1c6b112568def5f4b455e6809019
Referenced In Project/Scope: rip:compile
Evidence Type Source Name Value Confidence Vendor pom artifactid j2objc-annotations Low Vendor pom url google/j2objc/ Highest Vendor jar package name annotations Low Vendor file name j2objc-annotations High Vendor pom groupid com.google.j2objc Highest Vendor pom description A set of annotations that provide additional information to the J2ObjC translator to modify the result of translation. Low Vendor jar package name google Low Vendor jar package name j2objc Low Vendor pom name J2ObjC Annotations High Vendor pom groupid google.j2objc Highest Product pom groupid google.j2objc Low Product jar package name annotations Low Product file name j2objc-annotations High Product pom url google/j2objc/ High Product pom description A set of annotations that provide additional information to the J2ObjC translator to modify the result of translation. Low Product pom artifactid j2objc-annotations Highest Product jar package name j2objc Low Product pom name J2ObjC Annotations High Version file version 1.1 Highest Version pom version 1.1 Highest
maven: com.google.j2objc:j2objc-annotations:1.1 Confidence :Highest File Path: /home/paulo/.m2/repository/org/codehaus/mojo/animal-sniffer-annotations/1.14/animal-sniffer-annotations-1.14.jarMD5: 9d42e46845c874f1710a9f6a741f6c14SHA1: 775b7e22fb10026eed3f86e8dc556dfafe35f2d5Referenced In Project/Scope: rip:compile
Evidence Type Source Name Value Confidence Vendor pom parent-groupid org.codehaus.mojo Medium Vendor pom groupid org.codehaus.mojo Highest Vendor pom artifactid animal-sniffer-annotations Low Vendor jar package name animal_sniffer Low Vendor pom groupid codehaus.mojo Highest Vendor jar package name mojo Low Vendor file name animal-sniffer-annotations High Vendor jar package name codehaus Low Vendor pom name Animal Sniffer Annotations High Vendor pom parent-artifactid animal-sniffer-parent Low Product pom parent-groupid org.codehaus.mojo Low Product pom parent-artifactid animal-sniffer-parent Medium Product jar package name ignorejrerequirement Low Product jar package name animal_sniffer Low Product jar package name mojo Low Product pom artifactid animal-sniffer-annotations Highest Product file name animal-sniffer-annotations High Product pom name Animal Sniffer Annotations High Product pom groupid codehaus.mojo Low Version pom version 1.14 Highest Version file version 1.14 Highest
maven: org.codehaus.mojo:animal-sniffer-annotations:1.14 Confidence :Highest Description:
Guava is a suite of core and expanded libraries that include
utility classes, google's collections, io classes, and much
much more.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/paulo/.m2/repository/com/google/guava/guava/26.0-jre/guava-26.0-jre.jar
MD5: db2d6eae3ec08b0fd752ef0c5672aab7
SHA1: 6a806eff209f36f635f943e16d97491f00f6bfab
Referenced In Project/Scope: rip:compile
Evidence Type Source Name Value Confidence Vendor Manifest bundle-docurl https://github.com/google/guava/ Low Vendor manifest Bundle-Description Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more. Low Vendor pom parent-groupid com.google.guava Medium Vendor pom artifactid guava Low Vendor pom description Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more. Low Vendor Manifest bundle-symbolicname com.google.guava Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor pom name Guava: Google Core Libraries for Java High Vendor pom groupid google.guava Highest Vendor pom parent-artifactid guava-parent Low Vendor pom groupid com.google.guava Highest Vendor Manifest automatic-module-name com.google.common Medium Vendor file name guava High Product Manifest bundle-docurl https://github.com/google/guava/ Low Product manifest Bundle-Description Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more. Low Product pom artifactid guava Highest Product Manifest Bundle-Name Guava: Google Core Libraries for Java Medium Product pom description Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more. Low Product Manifest bundle-symbolicname com.google.guava Medium Product pom parent-artifactid guava-parent Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product pom name Guava: Google Core Libraries for Java High Product pom parent-groupid com.google.guava Low Product pom groupid google.guava Low Product Manifest automatic-module-name com.google.common Medium Product file name guava High Version file version 26.0 Highest Version pom version 26.0-jre Highest
maven: com.google.guava:guava:26.0-jre Confidence :Highest Description:
The Apache Commons Codec package contains simple encoder and decoders for
various formats such as Base64 and Hexadecimal. In addition to these
widely used encoders and decoders, the codec package also maintains a
collection of phonetic encoding utilities.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/paulo/.m2/repository/commons-codec/commons-codec/1.10/commons-codec-1.10.jar
MD5: 353cf6a2bdba09595ccfa073b78c7fcb
SHA1: 4b95f4897fa13f2cd904aee711aeafc0c5295cd8
Referenced In Project/Scope: rip:compile
Evidence Type Source Name Value Confidence Vendor file name commons-codec High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor Manifest bundle-docurl http://commons.apache.org/proper/commons-codec/ Low Vendor pom parent-artifactid commons-parent Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom groupid commons-codec Highest Vendor pom parent-groupid org.apache.commons Medium Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest bundle-symbolicname org.apache.commons.codec Medium Vendor pom url http://commons.apache.org/proper/commons-codec/ Highest Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor pom artifactid commons-codec Low Vendor pom description The Apache Commons Codec package contains simple encoder and decoders for various formats such as Base64 and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities. Low Vendor manifest Bundle-Description The Apache Commons Codec package contains simple encoder and decoders for various formats such as Base64 and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities. Low Vendor pom name Apache Commons Codec High Vendor Manifest implementation-build trunk@r1637108; 2014-11-06 14:14:12+0000 Low Product file name commons-codec High Product pom url http://commons.apache.org/proper/commons-codec/ Medium Product Manifest bundle-docurl http://commons.apache.org/proper/commons-codec/ Low Product Manifest Implementation-Title Apache Commons Codec High Product Manifest specification-title Apache Commons Codec Medium Product pom groupid commons-codec Low Product pom artifactid commons-codec Highest Product Manifest bundle-symbolicname org.apache.commons.codec Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product Manifest Bundle-Name Apache Commons Codec Medium Product pom description The Apache Commons Codec package contains simple encoder and decoders for various formats such as Base64 and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities. Low Product manifest Bundle-Description The Apache Commons Codec package contains simple encoder and decoders for various formats such as Base64 and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities. Low Product pom parent-artifactid commons-parent Medium Product pom parent-groupid org.apache.commons Low Product pom name Apache Commons Codec High Product Manifest implementation-build trunk@r1637108; 2014-11-06 14:14:12+0000 Low Version file version 1.10 Highest Version Manifest Implementation-Version 1.10 High Version pom version 1.10 Highest
maven: commons-codec:commons-codec:1.10 Confidence :Highest Description:
The Apache Commons Collections package contains types that extend and augment the Java Collections Framework. License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/paulo/.m2/repository/org/apache/commons/commons-collections4/4.1/commons-collections4-4.1.jar
MD5: 45af6a8e5b51d5945de6c7411e290bd1
SHA1: a4cf4688fe1c7e3a63aa636cc96d013af537768e
Referenced In Project/Scope: rip:compile
Evidence Type Source Name Value Confidence Vendor Manifest bundle-symbolicname org.apache.commons.collections4 Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor manifest Bundle-Description The Apache Commons Collections package contains types that extend and augment the Java Collections Framework. Low Vendor pom parent-artifactid commons-parent Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom artifactid commons-collections4 Low Vendor pom description The Apache Commons Collections package contains types that extend and augment the Java Collections Framework. Low Vendor pom parent-groupid org.apache.commons Medium Vendor Manifest implementation-build tags/COLLECTIONS_4_1_RC2@r1716550; 2015-11-25 22:53:13+0100 Low Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor pom name Apache Commons Collections High Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor Manifest bundle-docurl http://commons.apache.org/proper/commons-collections/ Low Vendor file name commons-collections4 High Vendor pom groupid apache.commons Highest Vendor pom groupid org.apache.commons Highest Vendor pom url http://commons.apache.org/proper/commons-collections/ Highest Product Manifest bundle-symbolicname org.apache.commons.collections4 Medium Product Manifest Bundle-Name Apache Commons Collections Medium Product manifest Bundle-Description The Apache Commons Collections package contains types that extend and augment the Java Collections Framework. Low Product pom artifactid commons-collections4 Highest Product Manifest Implementation-Title Apache Commons Collections High Product pom description The Apache Commons Collections package contains types that extend and augment the Java Collections Framework. Low Product Manifest implementation-build tags/COLLECTIONS_4_1_RC2@r1716550; 2015-11-25 22:53:13+0100 Low Product pom name Apache Commons Collections High Product pom groupid apache.commons Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product Manifest bundle-docurl http://commons.apache.org/proper/commons-collections/ Low Product file name commons-collections4 High Product Manifest specification-title Apache Commons Collections Medium Product pom parent-artifactid commons-parent Medium Product pom parent-groupid org.apache.commons Low Product pom url http://commons.apache.org/proper/commons-collections/ Medium Version file version 4.1 Highest Version Manifest Implementation-Version 4.1 High Version pom version 4.1 Highest
maven: org.apache.commons:commons-collections4:4.1 Confidence :Highestcpe: cpe:/a:apache:commons_collections:4.1 Confidence :Low suppress Description:
Apache POI - Java API To Access Microsoft Format Files License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/paulo/.m2/repository/org/apache/poi/poi/3.17/poi-3.17.jar
MD5: 243bc3d431e4fadb79738719504c64f7
SHA1: 0ae92292a2043888b40d418da97dc0b669fde326
Referenced In Project/Scope: rip:compile
Evidence Type Source Name Value Confidence Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor Manifest Implementation-Vendor-Id org.apache.poi Medium Vendor pom groupid apache.poi Highest Vendor pom organization url http://www.apache.org/ Medium Vendor pom groupid org.apache.poi Highest Vendor pom name Apache POI High Vendor pom artifactid poi Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom organization name Apache Software Foundation High Vendor file name poi High Vendor pom url http://poi.apache.org/ Highest Vendor pom description Apache POI - Java API To Access Microsoft Format Files Medium Product pom url http://poi.apache.org/ Medium Product file name poi High Product pom name Apache POI High Product pom organization name Apache Software Foundation Low Product Manifest specification-title Apache POI Medium Product pom organization url http://www.apache.org/ Low Product pom description Apache POI - Java API To Access Microsoft Format Files Medium Product Manifest Implementation-Title Apache POI High Product pom groupid apache.poi Low Product pom artifactid poi Highest Version Manifest Implementation-Version 3.17 High Version pom version 3.17 Highest Version file version 3.17 Highest
Related Dependencies poi-ooxml-3.17.jarFile Path: /home/paulo/.m2/repository/org/apache/poi/poi-ooxml/3.17/poi-ooxml-3.17.jar MD5: 16d7c8ccfc6ddefd890194f46ba4c66b SHA1: 07d8c44407178b73246462842bf1e206e99c8e0a poi-ooxml-schemas-3.17.jarFile Path: /home/paulo/.m2/repository/org/apache/poi/poi-ooxml-schemas/3.17/poi-ooxml-schemas-3.17.jar MD5: dadbc17356f315e5a753d4641db26ba9 SHA1: 890114bfa82f5b6380ea0e9b0bf49b0af797b414 cpe: cpe:/a:apache:poi:3.17 Confidence :Low suppress maven: org.apache.poi:poi:3.17 Confidence :Highest Description:
StAX API is the standard java XML processing API defined by JSR-173 License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/paulo/.m2/repository/stax/stax-api/1.0.1/stax-api-1.0.1.jar
MD5: 7d436a53c64490bee564c576babb36b4
SHA1: 49c100caf72d658aca8e58bd74a4ba90fa2b0d70
Referenced In Project/Scope: rip:compile
Evidence Type Source Name Value Confidence Vendor Manifest Implementation-Vendor JCP High Vendor pom artifactid stax-api Low Vendor pom description StAX API is the standard java XML processing API defined by JSR-173 Medium Vendor file name stax-api High Vendor pom name StAX API High Vendor pom groupid stax Highest Vendor Manifest specification-vendor JCP-173 Low Vendor pom url http://stax.codehaus.org/ Highest Product pom url http://stax.codehaus.org/ Medium Product Manifest Implementation-Title StAX 1.0 API High Product Manifest specification-title StAX Medium Product pom groupid stax Low Product pom artifactid stax-api Highest Product pom description StAX API is the standard java XML processing API defined by JSR-173 Medium Product file name stax-api High Product pom name StAX API High Version pom version 1.0.1 Highest Version Manifest Implementation-Version 1.0.1 High Version file version 1.0.1 Highest
cpe: cpe:/a:st_project:st:1.0.1 Confidence :Low suppress maven: stax:stax-api:1.0.1 Confidence :Highest Published Vulnerabilities CVE-2017-16224 suppress
Severity:Medium
st is a module for serving static files. An attacker is able to craft a request that results in an HTTP 301 (redirect) to an entirely different domain. A request for: http://some.server.com//nodesecurity.org/%2e%2e would result in a 301 to //nodesecurity.org/%2e%2e which most browsers treat as a proper redirect as // is translated into the current schema being used. Mitigating factor: In order for this to work, st must be serving from the root of a server (/) rather than the typical sub directory (/static/) and the redirect URL will end with some form of URL encoded .. ("%2e%2e", "%2e.", ".%2e"). Vulnerable Software & Versions:
Description:
XmlBeans main jar License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/paulo/.m2/repository/org/apache/xmlbeans/xmlbeans/2.6.0/xmlbeans-2.6.0.jar
MD5: 6591c08682d613194dacb01e95c78c2c
SHA1: 29e80d2dd51f9dcdef8f9ffaee0d4dc1c9bbfc87
Referenced In Project/Scope: rip:compile
Evidence Type Source Name Value Confidence Vendor pom groupid org.apache.xmlbeans Highest Vendor pom groupid apache.xmlbeans Highest Vendor pom name XmlBeans High Vendor pom organization url http://xmlbeans.apache.org/ Medium Vendor pom artifactid xmlbeans Low Vendor pom organization name XmlBeans High Vendor file name xmlbeans High Vendor pom description XmlBeans main jar Medium Vendor manifest: org/apache/xmlbeans/ Implementation-Vendor Apache Software Foundation Medium Vendor pom url http://xmlbeans.apache.org Highest Product pom url http://xmlbeans.apache.org Medium Product pom name XmlBeans High Product pom organization name XmlBeans Low Product pom organization url http://xmlbeans.apache.org/ Low Product pom groupid apache.xmlbeans Low Product manifest: org/apache/xmlbeans/ Implementation-Title org.apache.xmlbeans Medium Product file name xmlbeans High Product pom description XmlBeans main jar Medium Product pom artifactid xmlbeans Highest Version file version 2.6.0 Highest Version pom version 2.6.0 Highest
maven: org.apache.xmlbeans:xmlbeans:2.6.0 Confidence :Highest Description:
Implementation of various mathematical curves that define themselves over a set of control points. The API is written in Java. The curves supported are: Bezier, B-Spline, Cardinal Spline, Catmull-Rom Spline, Lagrange, Natural Cubic Spline, and NURBS. License:
BSD License: http://opensource.org/licenses/BSD-3-Clause File Path: /home/paulo/.m2/repository/com/github/virtuald/curvesapi/1.04/curvesapi-1.04.jar
MD5: 0dcbd9b7e498d1118c920d1d55046743
SHA1: 3386abf821719bc89c7685f9eaafaf4a842f0199
Referenced In Project/Scope: rip:compile
Evidence Type Source Name Value Confidence Vendor pom description Implementation of various mathematical curves that define themselves over a set of control points. The API is written in Java. The curves supported are: Bezier, B-Spline, Cardinal Spline, Catmull-Rom Spline, Lagrange, Natural Cubic Spline, and NURBS. Low Vendor jar package name math Low Vendor jar package name graphbuilder Low Vendor pom name curvesapi High Vendor pom artifactid curvesapi Low Vendor pom groupid com.github.virtuald Highest Vendor file name curvesapi High Vendor pom groupid github.virtuald Highest Vendor pom url virtuald/curvesapi Highest Product pom groupid github.virtuald Low Product pom artifactid curvesapi Highest Product pom description Implementation of various mathematical curves that define themselves over a set of control points. The API is written in Java. The curves supported are: Bezier, B-Spline, Cardinal Spline, Catmull-Rom Spline, Lagrange, Natural Cubic Spline, and NURBS. Low Product jar package name math Low Product pom name curvesapi High Product file name curvesapi High Product pom url virtuald/curvesapi High Version file version 1.04 Highest Version pom version 1.04 Highest
maven: com.github.virtuald:curvesapi:1.04 Confidence :Highest Description:
FreeMarker is a "template engine"; a generic tool to generate text output based on templates.
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/paulo/.m2/repository/org/freemarker/freemarker/2.3.26-incubating/freemarker-2.3.26-incubating.jar
MD5: cbb030d58da59a3c597b65cec837c37e
SHA1: 713237e013f725b72f4f9ec931a49c14b1805359
Referenced In Project/Scope: rip:compile
Evidence Type Source Name Value Confidence Vendor Manifest today March 15 2017 Low Vendor Manifest specification-vendor freemarker.org Low Vendor Manifest Implementation-Vendor freemarker.org High Vendor Manifest tstamp 2105 Low Vendor pom parent-artifactid apache Low Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.8, JavaSE-1.7, JavaSE-1.6, J2SE-1.5 Low Vendor Manifest bundle-symbolicname org.freemarker.freemarker Medium Vendor file name freemarker High Vendor pom organization url http://apache.org Medium Vendor Manifest extension-name FreeMarker Medium Vendor pom organization name Apache Software Foundation High Vendor pom description FreeMarker is a "template engine"; a generic tool to generate text output based on templates. Low Vendor pom url http://freemarker.org/ Highest Vendor pom groupid freemarker Highest Vendor Manifest dstamp 20170315 Low Vendor pom name Apache FreeMarker High Vendor pom artifactid freemarker Low Vendor pom groupid org.freemarker Highest Vendor pom parent-groupid org.apache Medium Product Manifest today March 15 2017 Low Product Manifest tstamp 2105 Low Product Manifest bundle-requiredexecutionenvironment JavaSE-1.8, JavaSE-1.7, JavaSE-1.6, J2SE-1.5 Low Product pom url http://freemarker.org/ Medium Product Manifest bundle-symbolicname org.freemarker.freemarker Medium Product file name freemarker High Product pom organization name Apache Software Foundation Low Product Manifest specification-title FreeMarker Medium Product Manifest extension-name FreeMarker Medium Product pom description FreeMarker is a "template engine"; a generic tool to generate text output based on templates. Low Product pom parent-artifactid apache Medium Product pom parent-groupid org.apache Low Product Manifest dstamp 20170315 Low Product pom groupid freemarker Low Product pom name Apache FreeMarker High Product Manifest Implementation-Title FreeMarker High Product pom artifactid freemarker Highest Product pom organization url http://apache.org Low Product Manifest Bundle-Name org.freemarker.freemarker Medium Version file version 2.3.26 Highest Version pom version 2.3.26-incubating Highest Version Manifest Implementation-Version 2.3.26 High
maven: org.freemarker:freemarker:2.3.26-incubating Confidence :Highest Description:
Freemarker Template Engine implementation for Spark License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/paulo/.m2/repository/com/sparkjava/spark-template-freemarker/2.7.1/spark-template-freemarker-2.7.1.jar
MD5: 6e8db1ef3b369caa9bfd2bf9e9f7ba41
SHA1: 918e0063095a40a606dbf5f5c9917936b33b9686
Referenced In Project/Scope: rip:compile
Evidence Type Source Name Value Confidence Vendor pom artifactid spark-template-freemarker Low Vendor pom description Freemarker Template Engine implementation for Spark Medium Vendor file name spark-template-freemarker High Vendor jar package name freemarker Low Vendor pom name spark-template-freemarker High Vendor pom groupid com.sparkjava Highest Vendor pom groupid sparkjava Highest Vendor pom url http://www.sparkjava.com Highest Vendor jar package name template Low Vendor jar package name spark Low Product pom description Freemarker Template Engine implementation for Spark Medium Product jar package name freemarkerengine Low Product pom artifactid spark-template-freemarker Highest Product file name spark-template-freemarker High Product jar package name freemarker Low Product pom name spark-template-freemarker High Product pom groupid sparkjava Low Product pom url http://www.sparkjava.com Medium Product jar package name template Low Version pom version 2.7.1 Highest Version file version 2.7.1 Highest
cpe: cpe:/a:sparkjava:spark:2.7.1 Confidence :Low suppress maven: com.sparkjava:spark-template-freemarker:2.7.1 Confidence :Highest Description:
Commons Logging is a thin adapter allowing configurable bridging to other,
well known logging systems. License:
The Apache Software License, Version 2.0: /LICENSE.txt File Path: /home/paulo/.m2/repository/commons-logging/commons-logging/1.0.4/commons-logging-1.0.4.jar
MD5: 8a507817b28077e0478add944c64586a
SHA1: f029a2aefe2b3e1517573c580f948caac31b1056
Referenced In Project/Scope: rip:compile
Evidence Type Source Name Value Confidence Vendor pom description Commons Logging is a thin adapter allowing configurable bridging to other, well known logging systems. Low Vendor Manifest specification-vendor Apache Software Foundation Low Vendor Manifest extension-name org.apache.commons.logging Medium Vendor file name commons-logging High Vendor pom groupid commons-logging Highest Vendor pom name Logging High Vendor pom url http://jakarta.apache.org/commons/logging/ Highest Vendor Manifest Implementation-Vendor Apache Software Foundation High Vendor pom organization name The Apache Software Foundation High Vendor pom artifactid commons-logging Low Vendor pom organization url http://jakarta.apache.org Medium Product pom groupid commons-logging Low Product pom description Commons Logging is a thin adapter allowing configurable bridging to other, well known logging systems. Low Product Manifest extension-name org.apache.commons.logging Medium Product file name commons-logging High Product pom organization url http://jakarta.apache.org Low Product pom name Logging High Product pom url http://jakarta.apache.org/commons/logging/ Medium Product pom artifactid commons-logging Highest Product pom organization name The Apache Software Foundation Low Version file version 1.0.4 Highest Version Manifest Implementation-Version 1.0.4 High Version pom version 1.0.4 Highest
maven: commons-logging:commons-logging:1.0.4 Confidence :Highest Description:
The Commons IO library contains utility classes, stream implementations, file filters, file comparators and endian classes.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/paulo/.m2/repository/commons-io/commons-io/2.1/commons-io-2.1.jar
MD5: 4854c2344aa182ad4f37976e83348aa0
SHA1: fd51f906669f49a4ffd06650666c3b8147a6106e
Referenced In Project/Scope: rip:compile
Evidence Type Source Name Value Confidence Vendor pom groupid commons-io Highest Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom url http://commons.apache.org/io/ Highest Vendor pom name Commons IO High Vendor Manifest bundle-symbolicname org.apache.commons.io Medium Vendor pom parent-artifactid commons-parent Low Vendor pom description The Commons IO library contains utility classes, stream implementations, file filters, file comparators and endian classes. Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom artifactid commons-io Low Vendor manifest Bundle-Description The Commons IO library contains utility classes, stream implementations, file filters, file comparators and endian classes. Low Vendor Manifest implementation-build trunk@r1178270; 2011-10-03 17:30:43-0400 Low Vendor pom parent-groupid org.apache.commons Medium Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor file name commons-io High Vendor Manifest bundle-docurl http://commons.apache.org/io/ Low Product pom groupid commons-io Low Product pom name Commons IO High Product Manifest bundle-symbolicname org.apache.commons.io Medium Product pom description The Commons IO library contains utility classes, stream implementations, file filters, file comparators and endian classes. Low Product manifest Bundle-Description The Commons IO library contains utility classes, stream implementations, file filters, file comparators and endian classes. Low Product Manifest implementation-build trunk@r1178270; 2011-10-03 17:30:43-0400 Low Product Manifest specification-title Commons IO Medium Product pom url http://commons.apache.org/io/ Medium Product pom artifactid commons-io Highest Product Manifest Implementation-Title Commons IO High Product Manifest Bundle-Name Commons IO Medium Product pom parent-artifactid commons-parent Medium Product file name commons-io High Product pom parent-groupid org.apache.commons Low Product Manifest bundle-docurl http://commons.apache.org/io/ Low Version file version 2.1 Highest Version pom version 2.1 Highest Version Manifest Implementation-Version 2.1 High
maven: commons-io:commons-io:2.1 Confidence :Highest Description:
jMimeMagic is a Java library for determining the content type of files or streams. License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/paulo/.m2/repository/net/sf/jmimemagic/jmimemagic/0.1.5/jmimemagic-0.1.5.jar
MD5: 395348f324e112a92b1b3fe53f2f7bae
SHA1: 578173de87352d7b589fdb8f3648b5b8e112f7a0
Referenced In Project/Scope: rip:compile
Evidence Type Source Name Value Confidence Vendor pom artifactid jmimemagic Low Vendor jar package name sf Low Vendor jar package name jmimemagic Low Vendor pom description jMimeMagic is a Java library for determining the content type of files or streams. Medium Vendor pom name jMimeMagic High Vendor jar package name net Low Vendor pom url http://github.com/arimus/jmimemagic/ Highest Vendor pom groupid net.sf.jmimemagic Highest Vendor file name jmimemagic High Product jar package name sf Low Product jar package name jmimemagic Low Product pom groupid net.sf.jmimemagic Low Product pom description jMimeMagic is a Java library for determining the content type of files or streams. Medium Product pom artifactid jmimemagic Highest Product pom name jMimeMagic High Product pom url http://github.com/arimus/jmimemagic/ Medium Product file name jmimemagic High Version file version 0.1.5 Highest Version pom version 0.1.5 Highest
maven: net.sf.jmimemagic:jmimemagic:0.1.5 Confidence :Highest Description:
Spice up your java: Automatic Resource Management, automatic generation of getters, setters, equals, hashCode and toString, and more! License:
The MIT License: https://projectlombok.org/LICENSE File Path: /home/paulo/.m2/repository/org/projectlombok/lombok/1.18.0/lombok-1.18.0.jar
MD5: b9e6229086cbbb6ac6fc6ecbc62a6ef4
SHA1: c4647d46f0742746ac07ce4abeeee9b2fb18d147
Referenced In Project/Scope: rip:provided
Evidence Type Source Name Value Confidence Vendor pom artifactid lombok Low Vendor pom groupid projectlombok Highest Vendor pom url https://projectlombok.org Highest Vendor file name lombok High Vendor pom description Spice up your java: Automatic Resource Management, automatic generation of getters, setters, equals, hashCode and toString, and more! Low Vendor pom groupid org.projectlombok Highest Vendor pom name Project Lombok High Product pom artifactid lombok Highest Product pom groupid projectlombok Low Product pom url https://projectlombok.org Medium Product file name lombok High Product pom description Spice up your java: Automatic Resource Management, automatic generation of getters, setters, equals, hashCode and toString, and more! Low Product pom name Project Lombok High Version file version 1.18.0 Highest Version pom version 1.18.0 Highest
maven: org.projectlombok:lombok:1.18.0 Confidence :Highest