Press CTR-C to copy XML [help]


Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

How to read the report | Suppressing false positives | Getting Help: google group | github issues

Project: springing

net.technearts:rest-two-datasources:0.1.0

Scan Information (show all):

Display: Showing Vulnerable Dependencies (click to show all)

DependencyCPECoordinatesHighest SeverityCVE CountCPE ConfidenceEvidence Count
spring-boot-starter-data-rest-2.1.2.RELEASE.jarorg.springframework.boot:spring-boot-starter-data-rest:2.1.2.RELEASE 026
tomcat-embed-core-9.0.14.jarcpe:/a:apache_tomcat:apache_tomcat:9.0.14org.apache.tomcat.embed:tomcat-embed-core:9.0.14 0Low30
tomcat-embed-el-9.0.14.jarorg.apache.tomcat.embed:tomcat-embed-el:9.0.14 030
hibernate-validator-6.0.14.Final.jarcpe:/a:hibernate:hibernate_validator:6.0.14org.hibernate.validator:hibernate-validator:6.0.14.Final 0Low30
validation-api-2.0.1.Final.jarjavax.validation:validation-api:2.0.1.Final 023
spring-data-rest-core-3.1.4.RELEASE.jarcpe:/a:pivotal_software:spring_data_rest:3.1.4org.springframework.data:spring-data-rest-core:3.1.4.RELEASE 0Low20
spring-hateoas-0.25.0.RELEASE.jarorg.springframework.hateoas:spring-hateoas:0.25.0.RELEASE 026
spring-plugin-core-1.2.0.RELEASE.jarorg.springframework.plugin:spring-plugin-core:1.2.0.RELEASE 024
evo-inflector-1.2.2.jarorg.atteo:evo-inflector:1.2.2 021
jackson-databind-2.9.8.jarcpe:/a:fasterxml:jackson:2.9.8
cpe:/a:fasterxml:jackson-databind:2.9.8		com.fasterxml.jackson.core:jackson-databind:2.9.8 0Low37
jackson-core-2.9.8.jarcpe:/a:fasterxml:jackson:2.9.8com.fasterxml.jackson.core:jackson-core:2.9.8 0Low37
jackson-annotations-2.9.0.jarcpe:/a:fasterxml:jackson:2.9.0com.fasterxml.jackson.core:jackson-annotations:2.9.0 0Low35
slf4j-api-1.7.25.jarorg.slf4j:slf4j-api:1.7.25 025
aspectjweaver-1.9.2.jarorg.aspectj:aspectjweaver:1.9.2 023
HikariCP-3.2.0.jarcom.zaxxer:HikariCP:3.2.0 029
javax.transaction-api-1.3.jarcpe:/a:fish:fish:1.3javax.transaction:javax.transaction-api:1.3 0Low37
jaxb-api-2.3.1.jarjavax.xml.bind:jaxb-api:2.3.1 027
javax.activation-api-1.2.0.jarjavax.activation:javax.activation-api:1.2.0 035
hibernate-core-5.3.7.Final.jarorg.hibernate:hibernate-core:5.3.7.Final 035
jboss-logging-3.3.2.Final.jarorg.jboss.logging:jboss-logging:3.3.2.Final 040
javax.persistence-api-2.2.jarjavax.persistence:javax.persistence-api:2.2 030
javassist-3.23.1-GA.jarorg.javassist:javassist:3.23.1-GA 025
byte-buddy-1.9.7.jarnet.bytebuddy:byte-buddy:1.9.7 014
antlr-2.7.7.jarantlr:antlr:2.7.7 015
jandex-2.0.5.Final.jarorg.jboss:jandex:2.0.5.Final 032
classmate-1.4.0.jarcom.fasterxml:classmate:1.4.0 039
dom4j-2.1.1.jarcpe:/a:dom4j_project:dom4j:2.1.1org.dom4j:dom4j:2.1.1 0Low15
hibernate-commons-annotations-5.0.4.Final.jarorg.hibernate.common:hibernate-commons-annotations:5.0.4.Final 030
spring-data-jpa-2.1.4.RELEASE.jarcpe:/a:pivotal_software:spring_data_jpa:2.1.4org.springframework.data:spring-data-jpa:2.1.4.RELEASE 0Low24
spring-data-commons-2.1.4.RELEASE.jarcpe:/a:pivotal_software:spring_data_commons:2.1.4org.springframework.data:spring-data-commons:2.1.4.RELEASE 0Low20
spring-tx-5.1.4.RELEASE.jarcpe:/a:pivotal_software:spring_framework:5.1.4
cpe:/a:pivotal:spring_framework:5.1.4
cpe:/a:springsource:spring_framework:5.1.4		org.springframework:spring-tx:5.1.4.RELEASE 0Low25
h2-1.4.197.jarcpe:/a:h2database:h2:1.4.197com.h2database:h2:1.4.197Medium2Highest23
guava-24.0-jre.jarcpe:/a:google:guava:24.0com.google.guava:guava:24.0-jreMedium1Highest25
jsr305-1.3.9.jarcom.google.code.findbugs:jsr305:1.3.9 017
checker-compat-qual-2.0.0.jarorg.checkerframework:checker-compat-qual:2.0.0 017
error_prone_annotations-2.1.3.jarcom.google.errorprone:error_prone_annotations:2.1.3 017
j2objc-annotations-1.1.jarcom.google.j2objc:j2objc-annotations:1.1 019
animal-sniffer-annotations-1.14.jarorg.codehaus.mojo:animal-sniffer-annotations:1.14 018
lombok-1.18.4.jarorg.projectlombok:lombok:1.18.4 014
spring-boot-2.1.2.RELEASE.jarcpe:/a:pivotal_software:spring_boot:2.1.2org.springframework.boot:spring-boot:2.1.2.RELEASE 0Low26
logback-core-1.2.3.jarcpe:/a:logback:logback:1.2.3ch.qos.logback:logback-core:1.2.3 0Low27
log4j-api-2.11.1.jarcpe:/a:apache:log4j:2.11.1org.apache.logging.log4j:log4j-api:2.11.1 0Low33
jul-to-slf4j-1.7.25.jarorg.slf4j:jul-to-slf4j:1.7.25 024
javax.annotation-api-1.3.2.jarjavax.annotation:javax.annotation-api:1.3.2 037
snakeyaml-1.23.jarorg.yaml:snakeyaml:1.23 021
micrometer-core-1.1.2.jario.micrometer:micrometer-core:1.1.2 031
HdrHistogram-2.1.9.jarorg.hdrhistogram:HdrHistogram:2.1.9 025
LatencyUtils-2.0.3.jarorg.latencyutils:LatencyUtils:2.0.3 015
spring-core-5.1.4.RELEASE.jarcpe:/a:pivotal_software:spring_framework:5.1.4
cpe:/a:pivotal:spring_framework:5.1.4
cpe:/a:vmware:springsource_spring_framework:5.1.4
cpe:/a:springsource:spring_framework:5.1.4		org.springframework:spring-core:5.1.4.RELEASE 0Low26
byte-buddy-1.9.7.jar (shaded: net.bytebuddy:byte-buddy-dep:1.9.7)net.bytebuddy:byte-buddy-dep:1.9.7 011

Dependencies

spring-boot-starter-data-rest-2.1.2.RELEASE.jar

Description:

 Starter for exposing Spring Data repositories over REST using Spring
		Data REST

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: /home/paulo/.m2/repository/org/springframework/boot/spring-boot-starter-data-rest/2.1.2.RELEASE/spring-boot-starter-data-rest-2.1.2.RELEASE.jar
MD5: ffca56fa1c83ec0305e017b6a18929de
SHA1: 7efd91daeeb68fb2991cf2658e942d8274e0112a
SHA256:73eed0a2bfc4c4b2557c972b21dc8814ca29f13aba65bec4fb4c1137f7dd1d2a
Referenced In Project/Scope:springing:compile

Identifiers

  • maven: org.springframework.boot:spring-boot-starter-data-rest:2.1.2.RELEASE  Confidence:Highest

tomcat-embed-core-9.0.14.jar

Description:

 Core Tomcat implementation

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/paulo/.m2/repository/org/apache/tomcat/embed/tomcat-embed-core/9.0.14/tomcat-embed-core-9.0.14.jar
MD5: 354efb3cec0597326258cba5c13f9d27
SHA1: c3959b59158063aeb4f090752a2410d4574b93d7
SHA256:4bc37dbf0f147cb3b591a945a5578c7f3346d2f56a85caa7a3479e0225f6e7dd
Referenced In Project/Scope:springing:compile

Identifiers

  • maven: org.apache.tomcat.embed:tomcat-embed-core:9.0.14  Confidence:Highest
  • cpe: cpe:/a:apache_tomcat:apache_tomcat:9.0.14  Confidence:Low  

tomcat-embed-el-9.0.14.jar

Description:

 Core Tomcat implementation

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/paulo/.m2/repository/org/apache/tomcat/embed/tomcat-embed-el/9.0.14/tomcat-embed-el-9.0.14.jar
MD5: 4b6cf88e33a5faf53f93290033f61d88
SHA1: 9215cdff4e09fba2ae5d28118fd1b1bc9732de6a
SHA256:2f22fdf5f5effe2cdb28284d845e0266efcf93f00b372146a132956442408154
Referenced In Project/Scope:springing:compile

Identifiers

  • maven: org.apache.tomcat.embed:tomcat-embed-el:9.0.14  Confidence:Highest

hibernate-validator-6.0.14.Final.jar

Description:

 Hibernate's Bean Validation (JSR-380) reference implementation.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/paulo/.m2/repository/org/hibernate/validator/hibernate-validator/6.0.14.Final/hibernate-validator-6.0.14.Final.jar
MD5: b50302738d1619276c86dec558651100
SHA1: c424524aa7718c564d9199ac5892b05901cabae6
SHA256:8b366c9ad8969a1f25bd81af88a9e8630e70fdf1b6229298c30b58950527802c
Referenced In Project/Scope:springing:compile

Identifiers

  • maven: org.hibernate.validator:hibernate-validator:6.0.14.Final  Confidence:Highest
  • cpe: cpe:/a:hibernate:hibernate_validator:6.0.14  Confidence:Low  

validation-api-2.0.1.Final.jar

Description:

 
        Bean Validation API

License:

Apache License 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/paulo/.m2/repository/javax/validation/validation-api/2.0.1.Final/validation-api-2.0.1.Final.jar
MD5: 5d02c034034a7a16725ceff787e191d6
SHA1: cb855558e6271b1b32e716d24cb85c7f583ce09e
SHA256:9873b46df1833c9ee8f5bc1ff6853375115dadd8897bcb5a0dffb5848835ee6c
Referenced In Project/Scope:springing:compile

Identifiers

  • maven: javax.validation:validation-api:2.0.1.Final  Confidence:Highest

spring-data-rest-core-3.1.4.RELEASE.jar

Description:

 Spring Data REST - Core

File Path: /home/paulo/.m2/repository/org/springframework/data/spring-data-rest-core/3.1.4.RELEASE/spring-data-rest-core-3.1.4.RELEASE.jar
MD5: 9589f5b7ce84d0f9f439e1c3b666e2fd
SHA1: f12dc817fe55f7c097a6ecbf0e9173c1e4e7d4d2
SHA256:437a07c0fecf35797c3b5ccdbad1ace565e39ddd729ba0b0f379cc675ec998d4
Referenced In Project/Scope:springing:compile

Identifiers

  • maven: org.springframework.data:spring-data-rest-core:3.1.4.RELEASE  Confidence:Highest
  • cpe: cpe:/a:pivotal_software:spring_data_rest:3.1.4  Confidence:Low  

spring-hateoas-0.25.0.RELEASE.jar

Description:

 
		Library to support implementing representations for
		hyper-text driven REST web services.

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: /home/paulo/.m2/repository/org/springframework/hateoas/spring-hateoas/0.25.0.RELEASE/spring-hateoas-0.25.0.RELEASE.jar
MD5: 4dd4732fb24ee0196d0f118cc2147151
SHA1: 22d1abd575426709734ab83e7d81d6deb4addbf6
SHA256:3f694984f4304e87f4a479e51206ce968681bcf2857d21b1248d00e39835afa9
Referenced In Project/Scope:springing:compile

Identifiers

  • maven: org.springframework.hateoas:spring-hateoas:0.25.0.RELEASE  Confidence:Highest

spring-plugin-core-1.2.0.RELEASE.jar

Description:

 Core plugin infrastructure

File Path: /home/paulo/.m2/repository/org/springframework/plugin/spring-plugin-core/1.2.0.RELEASE/spring-plugin-core-1.2.0.RELEASE.jar
MD5: 4e6325e5ed2c1aa1949313c184d83640
SHA1: f380e7760032e7d929184f8ad8a33716b75c0657
SHA256:de8d411556cccbb9a68a4b40f847e473593336412de86fb3f6f7f61f3923c09e
Referenced In Project/Scope:springing:compile

Identifiers

  • maven: org.springframework.plugin:spring-plugin-core:1.2.0.RELEASE  Confidence:Highest

evo-inflector-1.2.2.jar

Description:

 Evo Inflector implements English pluralization algorithm.

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/paulo/.m2/repository/org/atteo/evo-inflector/1.2.2/evo-inflector-1.2.2.jar
MD5: da63c9ef600b74c760d81a09f9053d04
SHA1: 2551aad98d65ac5464d81fe05f0e1516cfe471c9
SHA256:c485c110870c597ba401dda2c7c5819a3b2e15ee064f539323138302bd591d48
Referenced In Project/Scope:springing:compile

Identifiers

  • maven: org.atteo:evo-inflector:1.2.2  Confidence:Highest

jackson-databind-2.9.8.jar

Description:

 General data-binding functionality for Jackson: works on core streaming API

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/paulo/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.9.8/jackson-databind-2.9.8.jar
MD5: 39271d9bb1cb7ec563925953b1fa9ff7
SHA1: 11283f21cc480aa86c4df7a0a3243ec508372ed2
SHA256:2351c3eba73a545db9079f5d6d768347ad72666537362c8220fe3e950a55a864
Referenced In Project/Scope:springing:compile

Identifiers

  • cpe: cpe:/a:fasterxml:jackson:2.9.8  Confidence:Low  
  • cpe: cpe:/a:fasterxml:jackson-databind:2.9.8  Confidence:Low  
  • maven: com.fasterxml.jackson.core:jackson-databind:2.9.8  Confidence:Highest

jackson-core-2.9.8.jar

Description:

 Core Jackson processing abstractions (aka Streaming API), implementation for JSON

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/paulo/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.9.8/jackson-core-2.9.8.jar
MD5: 65831e4f46f29db904708e4b9cc72843
SHA1: 0f5a654e4675769c716e5b387830d19b501ca191
SHA256:d934dab0bd48994eeea2c1b493cb547158a338a80b58c4fbc8e85fb0905e105f
Referenced In Project/Scope:springing:compile

Identifiers

  • cpe: cpe:/a:fasterxml:jackson:2.9.8  Confidence:Low  
  • maven: com.fasterxml.jackson.core:jackson-core:2.9.8  Confidence:Highest

jackson-annotations-2.9.0.jar

Description:

 Core annotations used for value types, used by Jackson data binding package.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/paulo/.m2/repository/com/fasterxml/jackson/core/jackson-annotations/2.9.0/jackson-annotations-2.9.0.jar
MD5: c09faa1b063681cf45706c6df50685b6
SHA1: 07c10d545325e3a6e72e06381afe469fd40eb701
SHA256:45d32ac61ef8a744b464c54c2b3414be571016dd46bfc2bec226761cf7ae457a
Referenced In Project/Scope:springing:compile

Identifiers

  • maven: com.fasterxml.jackson.core:jackson-annotations:2.9.0  Confidence:Highest
  • cpe: cpe:/a:fasterxml:jackson:2.9.0  Confidence:Low  

slf4j-api-1.7.25.jar

Description:

 The slf4j API

File Path: /home/paulo/.m2/repository/org/slf4j/slf4j-api/1.7.25/slf4j-api-1.7.25.jar
MD5: caafe376afb7086dcbee79f780394ca3
SHA1: da76ca59f6a57ee3102f8f9bd9cee742973efa8a
SHA256:18c4a0095d5c1da6b817592e767bb23d29dd2f560ad74df75ff3961dbde25b79
Referenced In Project/Scope:springing:compile

Identifiers

  • maven: org.slf4j:slf4j-api:1.7.25  Confidence:Highest

aspectjweaver-1.9.2.jar

Description:

 The AspectJ weaver introduces advices to java classes

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/legal/epl-v10.html
File Path: /home/paulo/.m2/repository/org/aspectj/aspectjweaver/1.9.2/aspectjweaver-1.9.2.jar
MD5: 04981b83d23c4f69d4b63ade89faa693
SHA1: d2502817521477faf0712c49a6ee2a5388787fc7
SHA256:b98ad94989052b195150edf1f85db2ee10f33e140d416f19f03c9746da16b691
Referenced In Project/Scope:springing:compile

Identifiers

  • maven: org.aspectj:aspectjweaver:1.9.2  Confidence:Highest

HikariCP-3.2.0.jar

Description:

 Ultimate JDBC Connection Pool

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/paulo/.m2/repository/com/zaxxer/HikariCP/3.2.0/HikariCP-3.2.0.jar
MD5: ce78a822d3e6a6ae9bb1ed2fce078ae5
SHA1: 6c66db1c636ee90beb4c65fe34abd8ba9396bca6
SHA256:b008de68bbd85811f4b6e8f0860d0966c6acb4f2e75fabd46ec2094569cbefeb
Referenced In Project/Scope:springing:compile

Identifiers

  • maven: com.zaxxer:HikariCP:3.2.0  Confidence:Highest

javax.transaction-api-1.3.jar

Description:

 Project GlassFish Java Transaction API

License:

CDDL + GPLv2 with classpath exception: https://github.com/javaee/javax.transaction/blob/master/LICENSE
File Path: /home/paulo/.m2/repository/javax/transaction/javax.transaction-api/1.3/javax.transaction-api-1.3.jar
MD5: 6e9cb1684621821248b6823143ae26c0
SHA1: e006adf5cf3cca2181d16bd640ecb80148ec0fce
SHA256:603df5e4fc1eeae8f5e5d363a8be6c1fa47d0df1df8739a05cbcb9fafd6df2da
Referenced In Project/Scope:springing:compile

Identifiers

  • cpe: cpe:/a:fish:fish:1.3  Confidence:Low  
  • maven: javax.transaction:javax.transaction-api:1.3  Confidence:Highest

jaxb-api-2.3.1.jar

Description:

 JAXB (JSR 222) API

License:

https://oss.oracle.com/licenses/CDDL+GPL-1.1, https://oss.oracle.com/licenses/CDDL+GPL-1.1
File Path: /home/paulo/.m2/repository/javax/xml/bind/jaxb-api/2.3.1/jaxb-api-2.3.1.jar
MD5: bcf270d320f645ad19f5edb60091e87f
SHA1: 8531ad5ac454cc2deb9d4d32c40c4d7451939b5d
SHA256:88b955a0df57880a26a74708bc34f74dcaf8ebf4e78843a28b50eae945732b06
Referenced In Project/Scope:springing:compile

Identifiers

  • maven: javax.xml.bind:jaxb-api:2.3.1  Confidence:Highest

javax.activation-api-1.2.0.jar

Description:

 JavaBeans Activation Framework API jar

License:

https://github.com/javaee/activation/blob/master/LICENSE.txt
File Path: /home/paulo/.m2/repository/javax/activation/javax.activation-api/1.2.0/javax.activation-api-1.2.0.jar
MD5: 5e50e56bcf4a3ef3bc758f69f7643c3b
SHA1: 85262acf3ca9816f9537ca47d5adeabaead7cb16
SHA256:43fdef0b5b6ceb31b0424b208b930c74ab58fac2ceeb7b3f6fd3aeb8b5ca4393
Referenced In Project/Scope:springing:compile

Identifiers

  • maven: javax.activation:javax.activation-api:1.2.0  Confidence:Highest

hibernate-core-5.3.7.Final.jar

Description:

 Hibernate's core ORM functionality

License:

GNU Library General Public License v2.1 or later: http://www.opensource.org/licenses/LGPL-2.1
File Path: /home/paulo/.m2/repository/org/hibernate/hibernate-core/5.3.7.Final/hibernate-core-5.3.7.Final.jar
MD5: 20f0daf39f05db0085796d9813431e15
SHA1: f87c5c1bbfc638309824140e68dfaaeb1bb479f3
SHA256:862822a3ebf43aa38ff7d36346bb4cef1fc5a5c400b0a8f35d4a33df816202e9
Referenced In Project/Scope:springing:compile

Identifiers

  • maven: org.hibernate:hibernate-core:5.3.7.Final  Confidence:Highest

jboss-logging-3.3.2.Final.jar

Description:

 The JBoss Logging Framework

License:

Apache License, version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/paulo/.m2/repository/org/jboss/logging/jboss-logging/3.3.2.Final/jboss-logging-3.3.2.Final.jar
MD5: c397132f958d7e8ac0d566b6723ca7ca
SHA1: 3789d00e859632e6c6206adc0c71625559e6e3b0
SHA256:cb914bfe888da7d9162e965ac8b0d6f28f2f32eca944a00fbbf6dd3cf1aacc13
Referenced In Project/Scope:springing:compile

Identifiers

  • maven: org.jboss.logging:jboss-logging:3.3.2.Final  Confidence:Highest

javax.persistence-api-2.2.jar

Description:

 Java(TM) Persistence API

License:

Eclipse Public License v1.0: http://www.eclipse.org/legal/epl-v10.html
Eclipse Distribution License v. 1.0: http://www.eclipse.org/org/documents/edl-v10.php
File Path: /home/paulo/.m2/repository/javax/persistence/javax.persistence-api/2.2/javax.persistence-api-2.2.jar
MD5: e6520b3435f5b6d58eee415b5542abf8
SHA1: 25665ac8c0b62f50e6488173233239120fc52c96
SHA256:5578b71b37999a5eaed3fea0d14aa61c60c6ec6328256f2b63472f336318baf4
Referenced In Project/Scope:springing:compile

Identifiers

  • maven: javax.persistence:javax.persistence-api:2.2  Confidence:Highest

javassist-3.23.1-GA.jar

Description:

 
  	Javassist (JAVA programming ASSISTant) makes Java bytecode manipulation
    simple.  It is a class library for editing bytecodes in Java.

License:

MPL 1.1: http://www.mozilla.org/MPL/MPL-1.1.html
LGPL 2.1: http://www.gnu.org/licenses/lgpl-2.1.html
Apache License 2.0: http://www.apache.org/licenses/
File Path: /home/paulo/.m2/repository/org/javassist/javassist/3.23.1-GA/javassist-3.23.1-GA.jar
MD5: c99b30482cfdcd42bdc301970a3b2d5d
SHA1: c072c13dcb7f705471c40bafb1536171df850ab2
SHA256:d2b14c09763523374624f32a09d6e31fcb174082a97addb5ae2d580b474fd806
Referenced In Project/Scope:springing:compile

Identifiers

  • maven: org.javassist:javassist:3.23.1-GA  Confidence:Highest

byte-buddy-1.9.7.jar

Description:

 Byte Buddy is a Java library for creating Java classes at run time.        This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/paulo/.m2/repository/net/bytebuddy/byte-buddy/1.9.7/byte-buddy-1.9.7.jar
MD5: 3038371407163c76c89749c3a7c458b0
SHA1: 8fea78fea6449e1738b675cb155ce8422661e237
SHA256:69a9140c11de463789a1badfe6c3dcdc17608c4304cb443c5c3a179585b78b39
Referenced In Project/Scope:springing:compile

Identifiers

  • maven: net.bytebuddy:byte-buddy:1.9.7  Confidence:Highest

antlr-2.7.7.jar

Description:

 
    A framework for constructing recognizers, compilers,
    and translators from grammatical descriptions containing
    Java, C#, C++, or Python actions.

License:

BSD License: http://www.antlr.org/license.html
File Path: /home/paulo/.m2/repository/antlr/antlr/2.7.7/antlr-2.7.7.jar
MD5: f8f1352c52a4c6a500b597596501fc64
SHA1: 83cd2cd674a217ade95a4bb83a8a14f351f48bd0
SHA256:88fbda4b912596b9f56e8e12e580cc954bacfb51776ecfddd3e18fc1cf56dc4c
Referenced In Project/Scope:springing:compile

Identifiers

  • maven: antlr:antlr:2.7.7  Confidence:Highest

jandex-2.0.5.Final.jar

Description:

 Parent POM for JBoss projects. Provides default project build configuration.

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/paulo/.m2/repository/org/jboss/jandex/2.0.5.Final/jandex-2.0.5.Final.jar
MD5: 8faa3033123cfc8470107d2ae4ebe76d
SHA1: 7060f67764565b9ee9d467e3ed0cb8a9c601b23a
SHA256:9112a9c33175b8c64b999ecf47b649fdf1cd6fa8262d0677895e976ed2891f0b
Referenced In Project/Scope:springing:compile

Identifiers

  • maven: org.jboss:jandex:2.0.5.Final  Confidence:Highest

classmate-1.4.0.jar

Description:

 Library for introspecting types with full generic information
        including resolving of field and method types.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/paulo/.m2/repository/com/fasterxml/classmate/1.4.0/classmate-1.4.0.jar
MD5: 85716d3adddffaaacb5e316be6681bf0
SHA1: 291658ac2ce2476256c7115943652c0accb5c857
SHA256:2829acc59abf4aa6b72579697a0391c0fc69df7772ae59c58e0237f909cd6803
Referenced In Project/Scope:springing:compile

Identifiers

  • maven: com.fasterxml:classmate:1.4.0  Confidence:Highest

dom4j-2.1.1.jar

Description:

 flexible XML framework for Java

License:

BSD 3-clause New License: https://github.com/dom4j/dom4j/blob/master/LICENSE
File Path: /home/paulo/.m2/repository/org/dom4j/dom4j/2.1.1/dom4j-2.1.1.jar
MD5: f5710c1d5f5627ae5ce850a0b12ea87a
SHA1: 3dce5dbb3571aa820c677fadd8349bfa8f00c199
SHA256:a2ef5fb4990b914a31176c51f6137f6f04253dd165420985051f9fd4fb032128
Referenced In Project/Scope:springing:compile

Identifiers

  • cpe: cpe:/a:dom4j_project:dom4j:2.1.1  Confidence:Low  
  • maven: org.dom4j:dom4j:2.1.1  Confidence:Highest

hibernate-commons-annotations-5.0.4.Final.jar

Description:

 Common reflection code used in support of annotation processing

License:

GNU Lesser General Public License v2.1 or later: http://www.gnu.org/licenses/lgpl-2.1.html
File Path: /home/paulo/.m2/repository/org/hibernate/common/hibernate-commons-annotations/5.0.4.Final/hibernate-commons-annotations-5.0.4.Final.jar
MD5: 1b78fde0083b0fc394eb1e491df3308c
SHA1: 965a18fdf939ee75e41f7918532d37b3a8350535
SHA256:b509d514d33265c0e8d872a3bf93df9da1c4d8760bdeec274b73c3310976c4f8
Referenced In Project/Scope:springing:compile

Identifiers

  • maven: org.hibernate.common:hibernate-commons-annotations:5.0.4.Final  Confidence:Highest

spring-data-jpa-2.1.4.RELEASE.jar

Description:

 Spring Data module for JPA repositories.

File Path: /home/paulo/.m2/repository/org/springframework/data/spring-data-jpa/2.1.4.RELEASE/spring-data-jpa-2.1.4.RELEASE.jar
MD5: b31ef169e5deac0a47f0231d3605093e
SHA1: aedc52b1f5acdfe11cb665d0ad3920de8bca480a
SHA256:9ff0a54bb9a75a6fced4730f3495af35aa820be307620379c667e50d02886ff6
Referenced In Project/Scope:springing:compile

Identifiers

  • cpe: cpe:/a:pivotal_software:spring_data_jpa:2.1.4  Confidence:Low  
  • maven: org.springframework.data:spring-data-jpa:2.1.4.RELEASE  Confidence:Highest

spring-data-commons-2.1.4.RELEASE.jar

File Path: /home/paulo/.m2/repository/org/springframework/data/spring-data-commons/2.1.4.RELEASE/spring-data-commons-2.1.4.RELEASE.jar
MD5: c7ce87c13e0d2ad7298aaf4aa0239a6e
SHA1: 144d71cfb0cc330fead0a00969e2ba871a83904b
SHA256:7458d7b9d6a457022ac0d6ffa3615766995ba190b8c99d79846de4b2ab5c21e3
Referenced In Project/Scope:springing:compile

Identifiers

  • maven: org.springframework.data:spring-data-commons:2.1.4.RELEASE  Confidence:Highest
  • cpe: cpe:/a:pivotal_software:spring_data_commons:2.1.4  Confidence:Low  

spring-tx-5.1.4.RELEASE.jar

Description:

 Spring Transaction

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: /home/paulo/.m2/repository/org/springframework/spring-tx/5.1.4.RELEASE/spring-tx-5.1.4.RELEASE.jar
MD5: 4e58f06cdf9a66c82f98081a06243692
SHA1: a671702999fd8b5f1798cd3a7dfbbbf5a4705494
SHA256:f2cdfd8a2b511c095620243e15ddef5b800655996415df5182f7081a78407214
Referenced In Project/Scope:springing:compile

Identifiers

  • cpe: cpe:/a:pivotal_software:spring_framework:5.1.4  Confidence:Low  
  • cpe: cpe:/a:pivotal:spring_framework:5.1.4  Confidence:Low  
  • cpe: cpe:/a:springsource:spring_framework:5.1.4  Confidence:Low  
  • maven: org.springframework:spring-tx:5.1.4.RELEASE  Confidence:Highest

h2-1.4.197.jar

Description:

 H2 Database Engine

License:

MPL 2.0 or EPL 1.0: http://h2database.com/html/license.html
File Path: /home/paulo/.m2/repository/com/h2database/h2/1.4.197/h2-1.4.197.jar
MD5: f9893acfa22b7fe1492dd9c515af2e5b
SHA1: bb391050048ca8ae3e32451b5a3714ecd3596a46
SHA256:37f5216e14af2772930dff9b8734353f0a80e89ba3f33e065441de6537c5e842
Referenced In Project/Scope:springing:compile

Identifiers

CVE-2018-10054  

Severity:Medium
CVSS Score: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)
CWE: CWE-20 Improper Input Validation 

H2 1.4.197, as used in Datomic before 0.9.5697 and other products, allows remote code execution because CREATE ALIAS can execute arbitrary Java code.

Vulnerable Software & Versions:

CVE-2018-14335  

Severity:Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:P/I:N/A:N)
CWE: CWE-275 Permission Issues 

An issue was discovered in H2 1.4.197. Insecure handling of permissions in the backup function allows attackers to read sensitive files (outside of their permissions) via a symlink to a fake database file.

Vulnerable Software & Versions:

guava-24.0-jre.jar

Description:

 
    Guava is a suite of core and expanded libraries that include
    utility classes, google's collections, io classes, and much
    much more.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/paulo/.m2/repository/com/google/guava/guava/24.0-jre/guava-24.0-jre.jar
MD5: 185a66f9779345bc780d94a621cad51e
SHA1: 041ac1e74d6b4e1ea1f027139cffeb536c732a81
SHA256:e0274470b16ba1154e926b5f54ef8ae159197fbc356406bda9b261ba67e3e599
Referenced In Project/Scope:springing:compile

Identifiers

  • maven: com.google.guava:guava:24.0-jre  Confidence:Highest
  • cpe: cpe:/a:google:guava:24.0  Confidence:Highest  

CVE-2018-10237  

Severity:Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-502 Deserialization of Untrusted Data 

Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable.

Vulnerable Software & Versions: (show all)

jsr305-1.3.9.jar

Description:

 JSR305 Annotations for Findbugs

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/paulo/.m2/repository/com/google/code/findbugs/jsr305/1.3.9/jsr305-1.3.9.jar
MD5: 1d5a772e400b04bb67a7ef4a0e0996d8
SHA1: 40719ea6961c0cb6afaeb6a921eaa1f6afd4cfdf
SHA256:905721a0eea90a81534abb7ee6ef4ea2e5e645fa1def0a5cd88402df1b46c9ed
Referenced In Project/Scope:springing:compile

Identifiers

  • maven: com.google.code.findbugs:jsr305:1.3.9  Confidence:Highest

checker-compat-qual-2.0.0.jar

Description:

 
        Checker Qual is the set of annotations (qualifiers) and supporting classes
        used by the Checker Framework to type check Java source code.  Please
        see artifact:
        org.checkerframework:checker

License:

GNU General Public License, version 2 (GPL2), with the classpath exception: http://www.gnu.org/software/classpath/license.html
The MIT License: http://opensource.org/licenses/MIT
File Path: /home/paulo/.m2/repository/org/checkerframework/checker-compat-qual/2.0.0/checker-compat-qual-2.0.0.jar
MD5: b6fb2610dacd211a3e2c3d8af1b60d0f
SHA1: fc89b03860d11d6213d0154a62bcd1c2f69b9efa
SHA256:a40b2ce6d8551e5b90b1bf637064303f32944d61b52ab2014e38699df573941b
Referenced In Project/Scope:springing:compile

Identifiers

  • maven: org.checkerframework:checker-compat-qual:2.0.0  Confidence:Highest

error_prone_annotations-2.1.3.jar

License:

Apache 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/paulo/.m2/repository/com/google/errorprone/error_prone_annotations/2.1.3/error_prone_annotations-2.1.3.jar
MD5: 97504b36cf871722d81a4b9e114f2a16
SHA1: 39b109f2cd352b2d71b52a3b5a1a9850e1dc304b
SHA256:03d0329547c13da9e17c634d1049ea2ead093925e290567e1a364fd6b1fc7ff8
Referenced In Project/Scope:springing:compile

Identifiers

  • maven: com.google.errorprone:error_prone_annotations:2.1.3  Confidence:Highest

j2objc-annotations-1.1.jar

Description:

 
    A set of annotations that provide additional information to the J2ObjC
    translator to modify the result of translation.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/paulo/.m2/repository/com/google/j2objc/j2objc-annotations/1.1/j2objc-annotations-1.1.jar
MD5: 49ae3204bb0bb9b2ac77062641f4a6d7
SHA1: ed28ded51a8b1c6b112568def5f4b455e6809019
SHA256:2994a7eb78f2710bd3d3bfb639b2c94e219cedac0d4d084d516e78c16dddecf6
Referenced In Project/Scope:springing:compile

Identifiers

  • maven: com.google.j2objc:j2objc-annotations:1.1  Confidence:Highest

animal-sniffer-annotations-1.14.jar

File Path: /home/paulo/.m2/repository/org/codehaus/mojo/animal-sniffer-annotations/1.14/animal-sniffer-annotations-1.14.jar
MD5: 9d42e46845c874f1710a9f6a741f6c14
SHA1: 775b7e22fb10026eed3f86e8dc556dfafe35f2d5
SHA256:2068320bd6bad744c3673ab048f67e30bef8f518996fa380033556600669905d
Referenced In Project/Scope:springing:compile

Identifiers

  • maven: org.codehaus.mojo:animal-sniffer-annotations:1.14  Confidence:Highest

lombok-1.18.4.jar

Description:

 Spice up your java: Automatic Resource Management, automatic generation of getters, setters, equals, hashCode and toString, and more!

License:

The MIT License: https://projectlombok.org/LICENSE
File Path: /home/paulo/.m2/repository/org/projectlombok/lombok/1.18.4/lombok-1.18.4.jar
MD5: a27a7ed4f61fa3424262cce02b76fde4
SHA1: 7103ab519b1cdbb0642ad4eaf1db209d905d0f96
SHA256:39f3922deb679b1852af519eb227157ef2dd0a21eec3542c8ce1b45f2df39742
Referenced In Project/Scope:springing:provided

Identifiers

  • maven: org.projectlombok:lombok:1.18.4  Confidence:Highest

spring-boot-2.1.2.RELEASE.jar

Description:

 Spring Boot

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: /home/paulo/.m2/repository/org/springframework/boot/spring-boot/2.1.2.RELEASE/spring-boot-2.1.2.RELEASE.jar
MD5: be1a03d18b763789a17235daf511e412
SHA1: ea72e00516adf1a97f0e4b023ad55e79686cefac
SHA256:5048e791d22b1659f7e23eca634ac86d158fe3f817dd3e29ec788bb040ec9214
Referenced In Project/Scope:springing:compile

Identifiers

  • cpe: cpe:/a:pivotal_software:spring_boot:2.1.2  Confidence:Low  
  • maven: org.springframework.boot:spring-boot:2.1.2.RELEASE  Confidence:Highest

logback-core-1.2.3.jar

Description:

 logback-core module

License:

http://www.eclipse.org/legal/epl-v10.html, http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html
File Path: /home/paulo/.m2/repository/ch/qos/logback/logback-core/1.2.3/logback-core-1.2.3.jar
MD5: 841fc80c6edff60d947a3872a2db4d45
SHA1: 864344400c3d4d92dfeb0a305dc87d953677c03c
SHA256:5946d837fe6f960c02a53eda7a6926ecc3c758bbdd69aa453ee429f858217f22
Referenced In Project/Scope:springing:compile

Identifiers

  • cpe: cpe:/a:logback:logback:1.2.3  Confidence:Low  
  • maven: ch.qos.logback:logback-core:1.2.3  Confidence:Highest

log4j-api-2.11.1.jar

Description:

 The Apache Log4j API

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/paulo/.m2/repository/org/apache/logging/log4j/log4j-api/2.11.1/log4j-api-2.11.1.jar
MD5: fc110208241ce5b48bd07464ecc7e137
SHA1: 268f0fe4df3eefe052b57c87ec48517d64fb2a10
SHA256:493b37b5a6c49c4f5fb609b966375e4dc1783df436587584ca1dc7e861d0742b
Referenced In Project/Scope:springing:compile

Identifiers

  • maven: org.apache.logging.log4j:log4j-api:2.11.1  Confidence:Highest
  • cpe: cpe:/a:apache:log4j:2.11.1  Confidence:Low  

jul-to-slf4j-1.7.25.jar

Description:

 JUL to SLF4J bridge

File Path: /home/paulo/.m2/repository/org/slf4j/jul-to-slf4j/1.7.25/jul-to-slf4j-1.7.25.jar
MD5: ab28124cb05fec600f2ffe37b94629e0
SHA1: 0af5364cd6679bfffb114f0dec8a157aaa283b76
SHA256:416c5a0c145ad19526e108d44b6bf77b75412d47982cce6ce8d43abdbdbb0fac
Referenced In Project/Scope:springing:compile

Identifiers

  • maven: org.slf4j:jul-to-slf4j:1.7.25  Confidence:Highest

javax.annotation-api-1.3.2.jar

Description:

 Common Annotations for the JavaTM Platform API

License:

CDDL + GPLv2 with classpath exception: https://github.com/javaee/javax.annotation/blob/master/LICENSE
File Path: /home/paulo/.m2/repository/javax/annotation/javax.annotation-api/1.3.2/javax.annotation-api-1.3.2.jar
MD5: 2ab1973eefffaa2aeec47d50b9e40b9d
SHA1: 934c04d3cfef185a8008e7bf34331b79730a9d43
SHA256:e04ba5195bcd555dc95650f7cc614d151e4bcd52d29a10b8aa2197f3ab89ab9b
Referenced In Project/Scope:springing:compile

Identifiers

  • maven: javax.annotation:javax.annotation-api:1.3.2  Confidence:Highest

snakeyaml-1.23.jar

Description:

 YAML 1.1 parser and emitter for Java

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/paulo/.m2/repository/org/yaml/snakeyaml/1.23/snakeyaml-1.23.jar
MD5: 64ec8bd26b6d5034a87ecb1c8ce0efdc
SHA1: ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68
SHA256:13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1
Referenced In Project/Scope:springing:runtime

Identifiers

  • maven: org.yaml:snakeyaml:1.23  Confidence:Highest

micrometer-core-1.1.2.jar

Description:

 A Persistent Java Collections Library

License:

The MIT License: https://opensource.org/licenses/mit-license.php
File Path: /home/paulo/.m2/repository/io/micrometer/micrometer-core/1.1.2/micrometer-core-1.1.2.jar
MD5: 48f28cffb525c149ead7ddb7be7890f7
SHA1: 2cec164586314f33a8d7d4b727df3f6ac9a7e9cb
SHA256:cc31af6802dbb3faf0b4be5f71ad8092d82babc075645ce4071473cd11d2eec7
Referenced In Project/Scope:springing:compile

Identifiers

  • maven: org.pcollections:pcollections:3.0.3  Confidence:High
  • maven: io.micrometer:micrometer-core:1.1.2  Confidence:Highest

HdrHistogram-2.1.9.jar

Description:

 
        HdrHistogram supports the recording and analyzing sampled data value
        counts across a configurable integer value range with configurable value
        precision within the range. Value precision is expressed as the number of
        significant digits in the value recording, and provides control over value
        quantization behavior across the value range and the subsequent value
        resolution at any given level.

License:

Public Domain, per Creative Commons CC0: http://creativecommons.org/publicdomain/zero/1.0/
File Path: /home/paulo/.m2/repository/org/hdrhistogram/HdrHistogram/2.1.9/HdrHistogram-2.1.9.jar
MD5: ee302e5e7489719991aa0ca2dd67febd
SHA1: e4631ce165eb400edecfa32e03d3f1be53dee754
SHA256:95d40913be28dfd439cefea9170c40898ea84f11f25e6ff8de50339b8a7b5e3e
Referenced In Project/Scope:springing:compile

Identifiers

  • maven: org.hdrhistogram:HdrHistogram:2.1.9  Confidence:Highest

LatencyUtils-2.0.3.jar

Description:

 
        LatencyUtils is a package that provides latency recording and reporting utilities.

License:

Public Domain, per Creative Commons CC0: http://creativecommons.org/publicdomain/zero/1.0/
File Path: /home/paulo/.m2/repository/org/latencyutils/LatencyUtils/2.0.3/LatencyUtils-2.0.3.jar
MD5: 2ad12e1ef7614cecfb0483fa9ac6da73
SHA1: 769c0b82cb2421c8256300e907298a9410a2a3d3
SHA256:a32a9ffa06b2f4e01c5360f8f9df7bc5d9454a5d373cd8f361347fa5a57165ec
Referenced In Project/Scope:springing:compile

Identifiers

  • maven: org.latencyutils:LatencyUtils:2.0.3  Confidence:Highest

spring-core-5.1.4.RELEASE.jar

Description:

 Spring Core

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: /home/paulo/.m2/repository/org/springframework/spring-core/5.1.4.RELEASE/spring-core-5.1.4.RELEASE.jar
MD5: 65b129195fe4721916ab8d837921c3aa
SHA1: e7d2ad03a50ebff117a6efe2e0e3f15946d0768a
SHA256:9f2bde81a26d1c54f60d888219be305d86d094d7262ca9faa1bae0558a95fcb6
Referenced In Project/Scope:springing:compile

Identifiers

  • cpe: cpe:/a:pivotal_software:spring_framework:5.1.4  Confidence:Low  
  • cpe: cpe:/a:pivotal:spring_framework:5.1.4  Confidence:Low  
  • cpe: cpe:/a:vmware:springsource_spring_framework:5.1.4  Confidence:Low  
  • maven: org.springframework:spring-core:5.1.4.RELEASE  Confidence:Highest
  • cpe: cpe:/a:springsource:spring_framework:5.1.4  Confidence:Low  

byte-buddy-1.9.7.jar (shaded: net.bytebuddy:byte-buddy-dep:1.9.7)

Description:

 
        Byte Buddy is a Java library for creating Java classes at run time.
        This artifact is a build of Byte Buddy with a remaining dependency onto ASM.
        You should never depend on this module without repackaging Byte Buddy and ASM into your own namespace.

File Path: /home/paulo/.m2/repository/net/bytebuddy/byte-buddy/1.9.7/byte-buddy-1.9.7.jar/META-INF/maven/net.bytebuddy/byte-buddy-dep/pom.xml
MD5: f1f80ac92fc8efa5ca1f100b363335eb
SHA1: 7085b201ff3c60eba9e16ef07c0b271790ad114c
SHA256:de20f3a142ef8cb2e5cb34190f867bf3ffd50fc5f855441979eb9847f80176fc
Referenced In Project/Scope:springing:compile

Identifiers

  • maven: net.bytebuddy:byte-buddy-dep:1.9.7  Confidence:High


This report contains data retrieved from the National Vulnerability Database.
This report may contain data retrieved from the NPM Public Advisories.