Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

How to read the report | Suppressing false positives | Getting Help: github issues

 Sponsor

Project: Simplicite Platform

com.simplicite:simplicite:4.0.P25

Scan Information (show all):

Summary

Display: Showing Vulnerable Dependencies (click to show all)

DependencyVulnerability IDsPackageHighest SeverityCVE CountConfidenceEvidence Count
FastInfoset-1.2.16.jarpkg:maven/com.sun.xml.fastinfoset/FastInfoset@1.2.16 036
HikariCP-3.4.0.jarpkg:maven/com.zaxxer/HikariCP@3.4.0 037
JavaEWAH-1.1.6.jarpkg:maven/com.googlecode.javaewah/JavaEWAH@1.1.6 033
activation-1.1.jarpkg:maven/javax.activation/activation@1.1 026
animal-sniffer-annotations-1.18.jarpkg:maven/org.codehaus.mojo/animal-sniffer-annotations@1.18 023
annotations-4.1.1.4.jarpkg:maven/com.google.android/annotations@4.1.1.4 020
ant-1.10.7.jarcpe:2.3:a:apache:ant:1.10.7:*:*:*:*:*:*:*pkg:maven/org.apache.ant/ant@1.10.7MEDIUM3Highest24
antlr-2.7.7.jarpkg:maven/antlr/antlr@2.7.7 024
antlr-runtime-3.5.2.jarcpe:2.3:a:temporal:temporal:3.5.2:*:*:*:*:*:*:*pkg:maven/org.antlr/antlr-runtime@3.5.2 0Low39
aopalliance-1.0.jarpkg:maven/aopalliance/aopalliance@1.0 020
apache-mime4j-core-0.8.3.jarpkg:maven/org.apache.james/apache-mime4j-core@0.8.3 033
apache-mime4j-dom-0.8.3.jarpkg:maven/org.apache.james/apache-mime4j-dom@0.8.3 033
api-common-1.8.1.jarpkg:maven/com.google.api/api-common@1.8.1 029
asm-7.2-beta.jarpkg:maven/org.ow2.asm/asm@7.2-beta 052
auto-value-annotations-1.6.6.jarpkg:maven/com.google.auto.value/auto-value-annotations@1.6.6 028
autolink-0.10.0.jarpkg:maven/org.nibor.autolink/autolink@0.10.0 023
avalon-framework-impl-4.2.0.jarpkg:maven/avalon-framework/avalon-framework-impl@4.2.0 021
aws-s3-2.2.0.jarcpe:2.3:a:apache:jclouds:2.2.0:*:*:*:*:*:*:*pkg:maven/org.apache.jclouds.provider/aws-s3@2.2.0 0Highest33
azureblob-2.2.0.jarcpe:2.3:a:apache:jclouds:2.2.0:*:*:*:*:*:*:*pkg:maven/org.apache.jclouds.provider/azureblob@2.2.0 0Highest35
barcode4j-2.1.jarcpe:2.3:a:web_project:web:2.1:*:*:*:*:*:*:*pkg:maven/net.sf.barcode4j/barcode4j@2.1 0Low50
base64-2.3.8.jarpkg:maven/net.iharder/base64@2.3.8 034
bcmail-jdk15on-1.63.jarcpe:2.3:a:bouncycastle:bouncy_castle_for_java:1.63:*:*:*:*:*:*:*
cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle:1.63:*:*:*:*:*:*:*
pkg:maven/org.bouncycastle/bcmail-jdk15on@1.63MEDIUM1Low52
bcpg-jdk15on-1.63.jarcpe:2.3:a:bouncycastle:bouncy_castle_for_java:1.63:*:*:*:*:*:*:*
cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle:1.63:*:*:*:*:*:*:*
pkg:maven/org.bouncycastle/bcpg-jdk15on@1.63MEDIUM1Low54
bcpkix-jdk15on-1.63.jarcpe:2.3:a:bouncycastle:bouncy_castle_for_java:1.63:*:*:*:*:*:*:*
cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle:1.63:*:*:*:*:*:*:*
pkg:maven/org.bouncycastle/bcpkix-jdk15on@1.63MEDIUM1Low66
bcprov-jdk15on-1.63.jarcpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.63:*:*:*:*:*:*:*
cpe:2.3:a:bouncycastle:bouncy_castle_crypto_package:1.63:*:*:*:*:*:*:*
cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.63:*:*:*:*:*:*:*
cpe:2.3:a:bouncycastle:the_bouncy_castle_crypto_package_for_java:1.63:*:*:*:*:*:*:*
pkg:maven/org.bouncycastle/bcprov-jdk15on@1.63HIGH4Highest58
boilerpipe-1.1.0.jarpkg:maven/de.l3s.boilerpipe/boilerpipe@1.1.0 030
bson-3.11.0.jarcpe:2.3:a:mongodb:bson:3.11.0:*:*:*:*:*:*:*pkg:maven/org.mongodb/bson@3.11.0 0Highest28
bzip2-0.9.1.jarcpe:2.3:a:bzip2_project:bzip2:0.9.1:*:*:*:*:*:*:*pkg:maven/org.itadaki/bzip2@0.9.1 0Highest20
c3p0-0.9.5.4.jarcpe:2.3:a:mchange:c3p0:0.9.5.4:*:*:*:*:*:*:*pkg:maven/com.mchange/c3p0@0.9.5.4 0Highest31
cdm-4.5.5.jarpkg:maven/edu.ucar/cdm@4.5.5 028
checker-qual-2.11.0.jarpkg:maven/org.checkerframework/checker-qual@2.11.0 062
codemodel-2.3.2.jarpkg:maven/org.glassfish.jaxb/codemodel@2.3.2 024
commonmark-0.13.0.jarpkg:maven/com.atlassian.commonmark/commonmark@0.13.0 021
commonmark-ext-autolink-0.13.0.jarpkg:maven/com.atlassian.commonmark/commonmark-ext-autolink@0.13.0 021
commonmark-ext-gfm-strikethrough-0.13.0.jarpkg:maven/com.atlassian.commonmark/commonmark-ext-gfm-strikethrough@0.13.0 023
commonmark-ext-gfm-tables-0.13.0.jarpkg:maven/com.atlassian.commonmark/commonmark-ext-gfm-tables@0.13.0 023
commonmark-ext-heading-anchor-0.13.0.jarpkg:maven/com.atlassian.commonmark/commonmark-ext-heading-anchor@0.13.0 023
commonmark-ext-ins-0.13.0.jarpkg:maven/com.atlassian.commonmark/commonmark-ext-ins@0.13.0 021
commons-beanutils-1.9.4.jarcpe:2.3:a:apache:commons_beanutils:1.9.4:*:*:*:*:*:*:*pkg:maven/commons-beanutils/commons-beanutils@1.9.4 0Highest170
commons-cli-1.4.jarpkg:maven/commons-cli/commons-cli@1.4 087
commons-codec-1.13.jarpkg:maven/commons-codec/commons-codec@1.13 0111
commons-collections-3.2.2.jarcpe:2.3:a:apache:commons_collections:3.2.2:*:*:*:*:*:*:*pkg:maven/commons-collections/commons-collections@3.2.2 0Highest86
commons-collections4-4.4.jarcpe:2.3:a:apache:commons_collections:4.4:*:*:*:*:*:*:*pkg:maven/org.apache.commons/commons-collections4@4.4 0Highest107
commons-compress-1.19.jarcpe:2.3:a:apache:commons_compress:1.19:*:*:*:*:*:*:*pkg:maven/org.apache.commons/commons-compress@1.19HIGH4Highest97
commons-csv-1.7.jarpkg:maven/org.apache.commons/commons-csv@1.7 085
commons-discovery-0.5.jarcpe:2.3:a:spirit-project:spirit:0.5:*:*:*:*:*:*:*pkg:maven/commons-discovery/commons-discovery@0.5MEDIUM1Low86
commons-email-1.5.jarcpe:2.3:a:apache:commons_email:1.5:*:*:*:*:*:*:*pkg:maven/org.apache.commons/commons-email@1.5 0Highest139
commons-exec-1.3.jarpkg:maven/org.apache.commons/commons-exec@1.3 061
commons-fileupload-1.4.jarcpe:2.3:a:apache:commons_fileupload:1.4:*:*:*:*:*:*:*pkg:maven/commons-fileupload/commons-fileupload@1.4HIGH1Highest117
commons-httpclient-3.1.jarcpe:2.3:a:apache:commons-httpclient:3.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:httpclient:3.1:*:*:*:*:*:*:*
pkg:maven/commons-httpclient/commons-httpclient@3.1MEDIUM2Highest91
commons-io-2.6.jarcpe:2.3:a:apache:commons_io:2.6:*:*:*:*:*:*:*pkg:maven/commons-io/commons-io@2.6MEDIUM1Highest119
commons-lang-2.6.jarpkg:maven/commons-lang/commons-lang@2.6 0122
commons-lang3-3.9.jarpkg:maven/org.apache.commons/commons-lang3@3.9 0141
commons-logging-1.2.jarpkg:maven/commons-logging/commons-logging@1.2 0117
commons-math3-3.6.1.jarpkg:maven/org.apache.commons/commons-math3@3.6.1 0137
commons-net-3.6.jarcpe:2.3:a:apache:commons_net:3.6:*:*:*:*:*:*:*pkg:maven/commons-net/commons-net@3.6MEDIUM1Highest97
commons-pool2-2.7.0.jarpkg:maven/org.apache.commons/commons-pool2@2.7.0 086
commons-vfs2-2.4.1.jarpkg:maven/org.apache.commons/commons-vfs2@2.4.1 042
core-3.0.1.jarpkg:maven/com.google.zxing/core@3.0.1 020
curvesapi-1.06.jarpkg:maven/com.github.virtuald/curvesapi@1.06 024
dec-0.1.2.jarpkg:maven/org.brotli/dec@0.1.2 023
diffutils-1.3.0.jarcpe:2.3:a:utils_project:utils:1.3.0:*:*:*:*:*:*:*pkg:maven/com.googlecode.java-diff-utils/diffutils@1.3.0MEDIUM1Highest19
docusign-esign-java-3.2.0.jarpkg:maven/com.docusign/docusign-esign-java@3.2.0 032
docx4j-ImportXHTML-8.0.0.jarpkg:maven/org.docx4j/docx4j-ImportXHTML@8.0.0 029
docx4j-JAXB-ReferenceImpl-11.1.3.jarpkg:maven/org.docx4j/docx4j-JAXB-ReferenceImpl@11.1.3 030
docx4j-core-11.1.3.jarpkg:maven/org.docx4j/docx4j-core@11.1.3 034
docx4j-openxml-objects-11.1.3.jarpkg:maven/org.docx4j/docx4j-openxml-objects@11.1.3 026
docx4j-openxml-objects-pml-11.1.3.jarpkg:maven/org.docx4j/docx4j-openxml-objects-pml@11.1.3 026
docx4j-openxml-objects-sml-11.1.3.jarpkg:maven/org.docx4j/docx4j-openxml-objects-sml@11.1.3 026
dtd-parser-1.4.1.jarpkg:maven/com.sun.xml.dtd-parser/dtd-parser@1.4.1 044
ehcache-core-2.6.2.jarpkg:maven/net.sf.ehcache/ehcache-core@2.6.2 022
ehcache-core-2.6.2.jar: sizeof-agent.jarpkg:maven/net.sf.ehcache/sizeof-agent@1.0.1 028
error_prone_annotations-2.3.2.jarpkg:maven/com.google.errorprone/error_prone_annotations@2.3.2 024
failureaccess-1.0.1.jarpkg:maven/com.google.guava/failureaccess@1.0.1 030
fast-and-simple-minify-1.0.jarpkg:maven/ch.simschla/fast-and-simple-minify@1.0 028
firebase-admin-6.10.0.jarpkg:maven/com.google.firebase/firebase-admin@6.10.0 034
fontbox-2.0.16.jarpkg:maven/org.apache.pdfbox/fontbox@2.0.16 033
fuzzywuzzy-1.2.0.jar (shaded: me.xdrop:diffutils:1.3)pkg:maven/me.xdrop/diffutils@1.3 07
fuzzywuzzy-1.2.0.jar (shaded: me.xdrop:fuzzywuzzy-build:1.2.0)pkg:maven/me.xdrop/fuzzywuzzy-build@1.2.0 011
fuzzywuzzy-1.2.0.jarpkg:maven/me.xdrop/fuzzywuzzy@1.2.0 028
gax-1.48.1.jarpkg:maven/com.google.api/gax@1.48.1 034
gax-grpc-1.48.1.jarcpe:2.3:a:grpc:grpc:1.48.1:*:*:*:*:*:*:*pkg:maven/com.google.api/gax-grpc@1.48.1HIGH4Highest36
gax-httpjson-0.65.1.jarcpe:2.3:a:json-java_project:json-java:0.65.1:*:*:*:*:*:*:*pkg:maven/com.google.api/gax-httpjson@0.65.1HIGH2Low36
geoapi-3.0.1.jarpkg:maven/org.opengis/geoapi@3.0.1 039
google-api-client-1.30.3.jarpkg:maven/com.google.api-client/google-api-client@1.30.3 039
google-api-client-gson-1.30.3.jarcpe:2.3:a:json-java_project:json-java:1.30.3:*:*:*:*:*:*:*pkg:maven/com.google.api-client/google-api-client-gson@1.30.3HIGH2Low39
google-api-services-calendar-v3-rev20190910-1.30.1.jarpkg:maven/com.google.apis/google-api-services-calendar@v3-rev20190910-1.30.1 026
google-api-services-drive-v3-rev20190822-1.30.1.jarcpe:2.3:a:google:drive:v3.rev20190822.1.30.1:*:*:*:*:*:*:*pkg:maven/com.google.apis/google-api-services-drive@v3-rev20190822-1.30.1 0Highest26
google-api-services-gmail-v1-rev20190602-1.30.1.jarcpe:2.3:a:google:gmail:v1.rev20190602.1.30.1:*:*:*:*:*:*:*pkg:maven/com.google.apis/google-api-services-gmail@v1-rev20190602-1.30.1 0Highest26
google-api-services-plus-v1-rev20190328-1.30.1.jarpkg:maven/com.google.apis/google-api-services-plus@v1-rev20190328-1.30.1 026
google-api-services-sheets-v4-rev20190813-1.30.1.jarpkg:maven/com.google.apis/google-api-services-sheets@v4-rev20190813-1.30.1 026
google-api-services-storage-v1-rev20190624-1.30.1.jarpkg:maven/com.google.apis/google-api-services-storage@v1-rev20190624-1.30.1 026
google-api-services-translate-v2-rev20170525-1.30.1.jarpkg:maven/com.google.apis/google-api-services-translate@v2-rev20170525-1.30.1 026
google-api-services-youtube-v3-rev20190827-1.30.1.jarpkg:maven/com.google.apis/google-api-services-youtube@v3-rev20190827-1.30.1 026
google-auth-library-credentials-0.17.1.jarpkg:maven/com.google.auth/google-auth-library-credentials@0.17.1 023
google-auth-library-oauth2-http-0.17.1.jarpkg:maven/com.google.auth/google-auth-library-oauth2-http@0.17.1 025
google-cloud-core-1.90.0.jarpkg:maven/com.google.cloud/google-cloud-core@1.90.0 031
google-cloud-core-grpc-1.90.0.jarcpe:2.3:a:grpc:grpc:1.90.0:*:*:*:*:*:*:*pkg:maven/com.google.cloud/google-cloud-core-grpc@1.90.0 0Highest33
google-cloud-core-http-1.90.0.jarpkg:maven/com.google.cloud/google-cloud-core-http@1.90.0 033
google-cloud-firestore-1.9.0.jarpkg:maven/com.google.cloud/google-cloud-firestore@1.9.0 033
google-cloud-pubsub-1.91.0.jarpkg:maven/com.google.cloud/google-cloud-pubsub@1.91.0 033
google-cloud-storage-1.91.0.jarpkg:maven/com.google.cloud/google-cloud-storage@1.91.0 033
google-cloud-storage-2.2.0.jarcpe:2.3:a:apache:jclouds:2.2.0:*:*:*:*:*:*:*pkg:maven/org.apache.jclouds.provider/google-cloud-storage@2.2.0 0Highest29
google-http-client-1.32.0.jarpkg:maven/com.google.http-client/google-http-client@1.32.0 039
google-http-client-appengine-1.31.0.jarpkg:maven/com.google.http-client/google-http-client-appengine@1.31.0 021
google-http-client-gson-1.32.0.jarpkg:maven/com.google.http-client/google-http-client-gson@1.32.0 025
google-http-client-jackson-1.29.2.jarcpe:2.3:a:apache:httpclient:1.29.2:*:*:*:*:*:*:*pkg:maven/com.google.http-client/google-http-client-jackson@1.29.2MEDIUM1Low33
google-http-client-jackson2-1.32.0.jarcpe:2.3:a:json-java_project:json-java:1.32.0:*:*:*:*:*:*:*pkg:maven/com.google.http-client/google-http-client-jackson2@1.32.0HIGH2Low25
google-oauth-client-1.30.2.jarcpe:2.3:a:google:oauth_client_library_for_java:1.30.2:*:*:*:*:*:*:*pkg:maven/com.google.oauth-client/google-oauth-client@1.30.2CRITICAL2Low41
googlecloud-2.2.0.jarcpe:2.3:a:apache:jclouds:2.2.0:*:*:*:*:*:*:*pkg:maven/org.apache.jclouds.common/googlecloud@2.2.0 0Highest31
grib-4.5.5.jarpkg:maven/edu.ucar/grib@4.5.5 041
grpc-context-1.22.1.jarcpe:2.3:a:grpc:grpc:1.22.1:*:*:*:*:*:*:*pkg:maven/io.grpc/grpc-context@1.22.1HIGH3Highest35
grpc-core-1.23.0.jarcpe:2.3:a:grpc:grpc:1.23.0:*:*:*:*:*:*:*pkg:maven/io.grpc/grpc-core@1.23.0HIGH4Highest33
grpc-google-cloud-pubsub-v1-1.73.0.jarcpe:2.3:a:grpc:grpc:1.73.0:*:*:*:*:*:*:*pkg:maven/com.google.api.grpc/grpc-google-cloud-pubsub-v1@1.73.0 0Highest25
grpc-netty-shaded-1.23.0.jar (shaded: io.netty:netty-codec-http2:4.1.38.Final)cpe:2.3:a:netty:netty:4.1.38:*:*:*:*:*:*:*pkg:maven/io.netty/netty-codec-http2@4.1.38.FinalCRITICAL18Highest9
grpc-netty-shaded-1.23.0.jar (shaded: io.netty:netty-codec:4.1.38.Final)cpe:2.3:a:netty:netty:4.1.38:*:*:*:*:*:*:*pkg:maven/io.netty/netty-codec@4.1.38.FinalCRITICAL15Highest9
grpc-netty-shaded-1.23.0.jar (shaded: io.netty:netty-tcnative-boringssl-static:2.0.25.Final)pkg:maven/io.netty/netty-tcnative-boringssl-static@2.0.25.Final 09
grpc-netty-shaded-1.23.0.jar (shaded: io.netty:netty-transport:4.1.38.Final)cpe:2.3:a:netty:netty:4.1.38:*:*:*:*:*:*:*pkg:maven/io.netty/netty-transport@4.1.38.FinalCRITICAL14Highest9
grpc-netty-shaded-1.23.0.jar (shaded: org.jctools:jctools-core:2.1.1)pkg:maven/org.jctools/jctools-core@2.1.1 09
grpc-netty-shaded-1.23.0.jar: io_grpc_netty_shaded_netty_tcnative_windows_x86_64.dll 02
grpc-protobuf-1.23.0.jarcpe:2.3:a:grpc:grpc:1.23.0:*:*:*:*:*:*:*
cpe:2.3:a:protobuf:protobuf:1.23.0:*:*:*:*:*:*:*
pkg:maven/io.grpc/grpc-protobuf@1.23.0HIGH4Highest35
gson-2.8.5.jarcpe:2.3:a:google:gson:2.8.5:*:*:*:*:*:*:*pkg:maven/com.google.code.gson/gson@2.8.5HIGH1Highest27
guava-28.1-jre.jarcpe:2.3:a:google:guava:28.1:*:*:*:*:*:*:*pkg:maven/com.google.guava/guava@28.1-jreHIGH2Highest25
guice-3.0.jarpkg:maven/com.google.inject/guice@3.0 029
guice-assistedinject-3.0.jarpkg:maven/com.google.inject.extensions/guice-assistedinject@3.0 028
guice-multibindings-3.0.jarpkg:maven/com.google.inject.extensions/guice-multibindings@3.0 028
h2-1.4.199.jarcpe:2.3:a:h2database:h2:1.4.199:*:*:*:*:*:*:*pkg:maven/com.h2database/h2@1.4.199CRITICAL5Highest44
h2-1.4.199.jar: data.zip: table.js 00
h2-1.4.199.jar: data.zip: tree.js 00
hamcrest-core-1.3.jarpkg:maven/org.hamcrest/hamcrest-core@1.3 024
hsqldb-2.5.0.jarcpe:2.3:a:hsqldb:hypersql_database:2.5.0:*:*:*:*:*:*:*pkg:maven/org.hsqldb/hsqldb@2.5.0CRITICAL1Low41
httpclient-4.5.10.jarcpe:2.3:a:apache:httpclient:4.5.10:*:*:*:*:*:*:*pkg:maven/org.apache.httpcomponents/httpclient@4.5.10MEDIUM1Highest32
httpcore-4.4.12.jarpkg:maven/org.apache.httpcomponents/httpcore@4.4.12 032
httpmime-4.5.10.jarpkg:maven/org.apache.httpcomponents/httpmime@4.5.10 030
httpservices-4.5.5.jarpkg:maven/edu.ucar/httpservices@4.5.5 025
icu4j-64.2.jarcpe:2.3:a:icu-project:international_components_for_unicode:64.2:*:*:*:*:*:*:*
cpe:2.3:a:unicode:international_components_for_unicode:64.2:*:*:*:*:*:*:*
pkg:maven/com.ibm.icu/icu4j@64.2 0Low79
isoparser-1.1.22.jarpkg:maven/com.googlecode.mp4parser/isoparser@1.1.22 026
istack-commons-runtime-3.0.8.jarpkg:maven/com.sun.istack/istack-commons-runtime@3.0.8 028
istack-commons-tools-3.0.8.jarpkg:maven/com.sun.istack/istack-commons-tools@3.0.8 030
itext-2.1.7.jarpkg:maven/com.lowagie/itext@2.1.7HIGH146
itext-rtf-2.1.7.jarpkg:maven/com.lowagie/itext-rtf@2.1.7 046
j2objc-annotations-1.3.jarpkg:maven/com.google.j2objc/j2objc-annotations@1.3 024
jackcess-3.0.1.jarpkg:maven/com.healthmarketscience.jackcess/jackcess@3.0.1 045
jackcess-encrypt-3.0.0.jarpkg:maven/com.healthmarketscience.jackcess/jackcess-encrypt@3.0.0 038
jackson-annotations-2.10.5.jarcpe:2.3:a:fasterxml:jackson-modules-java8:2.10.5:*:*:*:*:*:*:*pkg:maven/com.fasterxml.jackson.core/jackson-annotations@2.10.5 0Low40
jackson-core-2.10.5.jarcpe:2.3:a:fasterxml:jackson-modules-java8:2.10.5:*:*:*:*:*:*:*
cpe:2.3:a:json-java_project:json-java:2.10.5:*:*:*:*:*:*:*
pkg:maven/com.fasterxml.jackson.core/jackson-core@2.10.5HIGH2Low47
jackson-core-asl-1.9.13.jarpkg:maven/org.codehaus.jackson/jackson-core-asl@1.9.13 038
jackson-databind-2.10.5.jarcpe:2.3:a:fasterxml:jackson-databind:2.10.5:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-modules-java8:2.10.5:*:*:*:*:*:*:*
pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.10.5HIGH6Highest41
jackson-dataformat-csv-2.10.5.jarcpe:2.3:a:fasterxml:jackson-dataformat-xml:2.10.5:*:*:*:*:*:*:*pkg:maven/com.fasterxml.jackson.dataformat/jackson-dataformat-csv@2.10.5 0Highest39
jackson-datatype-guava-2.10.5.jarpkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-guava@2.10.5 039
jackson-datatype-joda-2.10.5.jarpkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-joda@2.10.5 041
jackson-jaxrs-base-2.10.5.jarpkg:maven/com.fasterxml.jackson.jaxrs/jackson-jaxrs-base@2.10.5 037
jackson-jaxrs-json-provider-2.10.5.jarcpe:2.3:a:json-java_project:json-java:2.10.5:*:*:*:*:*:*:*pkg:maven/com.fasterxml.jackson.jaxrs/jackson-jaxrs-json-provider@2.10.5HIGH2Low37
jackson-jaxrs-xml-provider-2.10.5.jarpkg:maven/com.fasterxml.jackson.jaxrs/jackson-jaxrs-xml-provider@2.10.5 037
jackson-module-jaxb-annotations-2.10.5.jarpkg:maven/com.fasterxml.jackson.module/jackson-module-jaxb-annotations@2.10.5 039
jai-imageio-core-1.4.0.jarpkg:maven/com.github.jai-imageio/jai-imageio-core@1.4.0 044
jakarta.activation-1.2.1.jarpkg:maven/com.sun.activation/jakarta.activation@1.2.1 035
jakarta.activation-api-1.2.1.jarpkg:maven/jakarta.activation/jakarta.activation-api@1.2.1 033
jakarta.xml.bind-api-2.3.2.jarpkg:maven/jakarta.xml.bind/jakarta.xml.bind-api@2.3.2 030
java-jwt-3.10.2.jarpkg:maven/com.auth0/java-jwt@3.10.2 037
java-libpst-0.8.1.jarpkg:maven/com.pff/java-libpst@0.8.1 022
java-saml-2.5.0.jarpkg:maven/com.onelogin/java-saml@2.5.0 018
java-saml-core-2.5.0.jarpkg:maven/com.onelogin/java-saml-core@2.5.0 018
java-xmlbuilder-1.1.jarcpe:2.3:a:java-xmlbuilder_project:java-xmlbuilder:1.1:*:*:*:*:*:*:*
cpe:2.3:a:utils_project:utils:1.1:*:*:*:*:*:*:*
pkg:maven/com.jamesmurty.utils/java-xmlbuilder@1.1CRITICAL2Highest26
javase-3.0.1.jarpkg:maven/com.google.zxing/javase@3.0.1 023
javax.activation-api-1.2.0.jarpkg:maven/javax.activation/javax.activation-api@1.2.0 039
javax.annotation-api-1.3.2.jarpkg:maven/javax.annotation/javax.annotation-api@1.3.2 046
javax.ejb-api-3.2.2.jarpkg:maven/javax.ejb/javax.ejb-api@3.2.2 044
javax.inject-1.jarpkg:maven/javax.inject/javax.inject@1 020
javax.jms-api-2.0.1.jarcpe:2.3:a:oracle:projects:2.0.1:*:*:*:*:*:*:*pkg:maven/javax.jms/javax.jms-api@2.0.1 0Low34
javax.mail-1.6.2.jarcpe:2.3:a:oracle:java_se:1.6.2:*:*:*:*:*:*:*pkg:maven/com.sun.mail/javax.mail@1.6.2 0Low45
javax.servlet-api-4.0.1.jarcpe:2.3:a:oracle:java_se:4.0.1:*:*:*:*:*:*:*pkg:maven/javax.servlet/javax.servlet-api@4.0.1 0Medium48
javax.servlet.jsp-api-2.3.3.jarcpe:2.3:a:oracle:java_se:2.3.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jsp:2.3.3:*:*:*:*:*:*:*
pkg:maven/javax.servlet.jsp/javax.servlet.jsp-api@2.3.3 0High46
javax.transaction-api-1.3.jarpkg:maven/javax.transaction/javax.transaction-api@1.3 046
javax.websocket-api-1.1.jarpkg:maven/javax.websocket/javax.websocket-api@1.1 030
javax.ws.rs-api-2.0.1.jarcpe:2.3:a:oracle:java_se:2.0.1:*:*:*:*:*:*:*pkg:maven/javax.ws.rs/javax.ws.rs-api@2.0.1 0Low59
jawk-1.02.jarpkg:maven/org.jawk/jawk@1.02 012
jaxb-api-2.3.1.jarpkg:maven/javax.xml.bind/jaxb-api@2.3.1 037
jaxb-runtime-2.3.2.jarpkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.2 032
jaxb-svg11-1.0.2.jarpkg:maven/org.plutext/jaxb-svg11@1.0.2 034
jaxb-xjc-2.3.2.jarpkg:maven/org.glassfish.jaxb/jaxb-xjc@2.3.2 034
jbig2-imageio-3.0.2.jarcpe:2.3:a:apache:pdfbox:3.0.2:*:*:*:*:*:*:*pkg:maven/org.apache.pdfbox/jbig2-imageio@3.0.2 0Highest128
jcip-annotations-1.0.jarpkg:maven/net.jcip/jcip-annotations@1.0 024
jcl-over-slf4j-1.7.30.jarpkg:maven/org.slf4j/jcl-over-slf4j@1.7.30 031
jclouds-core-2.2.0.jarcpe:2.3:a:apache:jclouds:2.2.0:*:*:*:*:*:*:*pkg:maven/org.apache.jclouds/jclouds-core@2.2.0 0Highest28
jclouds-log4j-2.2.0.jarcpe:2.3:a:apache:jclouds:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.2.0:*:*:*:*:*:*:*
pkg:maven/org.apache.jclouds.driver/jclouds-log4j@2.2.0CRITICAL6Highest33
jcommander-1.35.jarpkg:maven/com.beust/jcommander@1.35 022
jdom2-2.0.6.jarcpe:2.3:a:jdom:jdom:2.0.6:*:*:*:*:*:*:*pkg:maven/org.jdom/jdom2@2.0.6HIGH1Highest65
jempbox-1.8.16.jarcpe:2.3:a:apache:pdfbox:1.8.16:*:*:*:*:*:*:*pkg:maven/org.apache.pdfbox/jempbox@1.8.16 0Highest33
jersey-core-1.19.1.jarcpe:2.3:a:jersey_project:jersey:1.19.1:*:*:*:*:*:*:*pkg:maven/com.sun.jersey/jersey-core@1.19.1 0Highest30
jfreechart-1.5.0.jarcpe:2.3:a:time_project:time:1.5.0:*:*:*:*:*:*:*pkg:maven/org.jfree/jfreechart@1.5.0 0Low38
jhighlight-1.0.3.jarpkg:maven/org.codelibs/jhighlight@1.0.3 020
jjwt-0.4.jarcpe:2.3:a:json_web_token_project:json_web_token:0.4:*:*:*:*:*:*:*
cpe:2.3:a:web_project:web:0.4:*:*:*:*:*:*:*
pkg:maven/io.jsonwebtoken/jjwt@0.4 0High19
jlessc-1.8.jarpkg:maven/de.inetsoftware/jlessc@1.8 033
jlessc-ant-1.8.jarpkg:maven/com.simplicite.ant/jlessc-ant@1.8
pkg:maven/com.simplicite/jlessc-ant@1.8
 026
jmatio-1.5.jarpkg:maven/org.tallison/jmatio@1.5 026
jmustache-1.15.jarpkg:maven/com.samskivert/jmustache@1.15 030
jna-5.3.1.jarcpe:2.3:a:oracle:java_se:5.3.1:*:*:*:*:*:*:*pkg:maven/net.java.dev.jna/jna@5.3.1 0Low48
jna-5.3.1.jar: jnidispatch.dll 02
jna-5.3.1.jar: jnidispatch.dll 02
joda-time-2.10.3.jarpkg:maven/joda-time/joda-time@2.10.3 047
jsch-0.1.55.jarcpe:2.3:a:jcraft:jsch:0.1.55:*:*:*:*:*:*:*pkg:maven/com.jcraft/jsch@0.1.55 0Highest34
json-20190722.jarcpe:2.3:a:json-java_project:json-java:*:*:*:*:*:*:*:*pkg:maven/org.json/json@20190722HIGH2Highest32
json-simple-1.1.1.jarpkg:maven/com.googlecode.json-simple/json-simple@1.1.1 025
jsoup-1.12.1.jarcpe:2.3:a:jsoup:jsoup:1.12.1:*:*:*:*:*:*:*pkg:maven/org.jsoup/jsoup@1.12.1HIGH2Highest37
jsr305-3.0.2.jarpkg:maven/com.google.code.findbugs/jsr305@3.0.2 017
jsr311-api-1.1.1.jarcpe:2.3:a:web_project:web:1.1.1:*:*:*:*:*:*:*pkg:maven/javax.ws.rs/jsr311-api@1.1.1 0Low36
jtidy-r938.jarcpe:2.3:a:jtidy_project:jtidy:r938:*:*:*:*:*:*:*pkg:maven/net.sf.jtidy/jtidy@r938HIGH1Highest53
jul-to-slf4j-1.7.30.jarpkg:maven/org.slf4j/jul-to-slf4j@1.7.30 026
junit-4.13.2.jarcpe:2.3:a:junit:junit4:4.13.2:*:*:*:*:*:*:*pkg:maven/junit/junit@4.13.2 0Low53
juniversalchardet-1.0.3.jarpkg:maven/com.googlecode.juniversalchardet/juniversalchardet@1.0.3 024
junrar-4.0.0.jarcpe:2.3:a:junrar_project:junrar:4.0.0:*:*:*:*:*:*:*pkg:maven/com.github.junrar/junrar@4.0.0HIGH1Highest25
jzlib-1.1.1.jarcpe:2.3:a:jcraft:jzlib:1.1.1:*:*:*:*:*:*:*pkg:maven/com.jcraft/jzlib@1.1.1 0Highest34
libphonenumber-8.12.6.jarpkg:maven/com.googlecode.libphonenumber/libphonenumber@8.12.6 022
listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jarpkg:maven/com.google.guava/listenablefuture@9999.0-empty-to-avoid-conflict-with-guava 013
log4j-1.2.17.jarcpe:2.3:a:apache:log4j:1.2.17:*:*:*:*:*:*:*pkg:maven/log4j/log4j@1.2.17CRITICAL7Highest30
lucene-core-8.2.0.jarpkg:maven/org.apache.lucene/lucene-core@8.2.0 028
mbassador-1.3.2.jarpkg:maven/net.engio/mbassador@1.3.2 029
mchange-commons-java-0.2.15.jarpkg:maven/com.mchange/mchange-commons-java@0.2.15 029
metadata-extractor-2.11.0.jarcpe:2.3:a:metadata-extractor_project:metadata-extractor:2.11.0:*:*:*:*:*:*:*pkg:maven/com.drewnoakes/metadata-extractor@2.11.0HIGH3Highest32
migbase64-2.2.jarpkg:maven/com.brsanthu/migbase64@2.2 038
mimepull-1.9.3.jarpkg:maven/org.jvnet.mimepull/mimepull@1.9.3 048
mongodb-driver-core-3.11.0.jarcpe:2.3:a:mongodb:java_driver:3.11.0:*:*:*:*:*:*:*pkg:maven/org.mongodb/mongodb-driver-core@3.11.0MEDIUM1Low30
mssql-jdbc-12.2.0.jre8.jarcpe:2.3:a:www-sql_project:www-sql:12.2.0.jre8:*:*:*:*:*:*:*pkg:maven/com.microsoft.sqlserver/mssql-jdbc@12.2.0
pkg:maven/com.microsoft.sqlserver/mssql-jdbc@12.2.0.jre8
 0Highest37
mysql-connector-j-8.1.0.jarcpe:2.3:a:mysql:mysql:8.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_connector\/j:8.1.0:*:*:*:*:*:*:*
pkg:maven/com.mysql/mysql-connector-j@8.1.0HIGH1Highest52
netcdf4-4.5.5.jarpkg:maven/edu.ucar/netcdf4@4.5.5 025
netty-codec-4.1.49.Final.jarcpe:2.3:a:netty:netty:4.1.49:*:*:*:*:*:*:*pkg:maven/io.netty/netty-codec@4.1.49.FinalHIGH11Highest34
netty-codec-mqtt-4.1.49.Final.jarcpe:2.3:a:mqtt:mqtt:4.1.49:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.1.49:*:*:*:*:*:*:*
pkg:maven/io.netty/netty-codec-mqtt@4.1.49.FinalHIGH10Highest34
netty-common-4.1.49.Final.jar (shaded: org.jctools:jctools-core:3.0.0)pkg:maven/org.jctools/jctools-core@3.0.0 09
netty-transport-4.1.49.Final.jarcpe:2.3:a:netty:netty:4.1.49:*:*:*:*:*:*:*pkg:maven/io.netty/netty-transport@4.1.49.FinalHIGH10Highest32
netty-transport-native-kqueue-4.1.48.Final-osx-x86_64.jarcpe:2.3:a:netty:netty:4.1.48:*:*:*:*:*:*:*pkg:maven/io.netty/netty-transport-native-kqueue@4.1.48.FinalHIGH10Highest36
oauth-2.2.0.jarcpe:2.3:a:apache:jclouds:2.2.0:*:*:*:*:*:*:*pkg:maven/org.apache.jclouds.api/oauth@2.2.0 0Highest31
ojdbc8-23.3.0.23.09.jarcpe:2.3:a:oracle:jdbc:23.3.0.23.09:*:*:*:*:*:*:*pkg:maven/com.oracle.database.jdbc/ojdbc8@23.3.0.23.09 0Highest33
opencensus-api-0.24.0.jarpkg:maven/io.opencensus/opencensus-api@0.24.0 033
opencensus-contrib-grpc-metrics-0.21.0.jarpkg:maven/io.opencensus/opencensus-contrib-grpc-metrics@0.21.0 037
opencensus-contrib-grpc-util-0.21.0.jarpkg:maven/io.opencensus/opencensus-contrib-grpc-util@0.21.0 037
opencensus-contrib-http-util-0.24.0.jarpkg:maven/io.opencensus/opencensus-contrib-http-util@0.24.0 037
openjson-1.0.11.jarcpe:2.3:a:json-java_project:json-java:1.0.11:*:*:*:*:*:*:*pkg:maven/com.github.openjson/openjson@1.0.11HIGH2Low37
opennlp-tools-1.9.1.jarcpe:2.3:a:apache:opennlp:1.9.1:*:*:*:*:*:*:*pkg:maven/org.apache.opennlp/opennlp-tools@1.9.1 0Highest36
openstack-keystone-2.2.0.jarcpe:2.3:a:apache:jclouds:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:openstack:keystone:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:openstack:openstack:2.2.0:*:*:*:*:*:*:*
pkg:maven/org.apache.jclouds.api/openstack-keystone@2.2.0HIGH7Highest33
openstack-swift-2.2.0.jarcpe:2.3:a:apache:jclouds:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:openstack:openstack:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:openstack:swift:2.2.0:*:*:*:*:*:*:*
pkg:maven/org.apache.jclouds.api/openstack-swift@2.2.0CRITICAL7Highest33
org.apache.oltu.oauth2.client-1.0.2.jarpkg:maven/org.apache.oltu.oauth2/org.apache.oltu.oauth2.client@1.0.2 032
org.apache.oltu.oauth2.common-1.0.2.jarpkg:maven/org.apache.oltu.oauth2/org.apache.oltu.oauth2.common@1.0.2 032
org.eclipse.jgit.http.server-5.5.0.201909110433-r.jarcpe:2.3:a:eclipse:jgit:5.5.0:201909110433:*:*:*:*:*:*pkg:maven/org.eclipse.jgit/org.eclipse.jgit.http.server@5.5.0.201909110433-rHIGH1Highest40
org.eclipse.paho.client.mqttv3-1.2.1.jarcpe:2.3:a:eclipse:paho_java_client:1.2.1:*:*:*:*:*:*:*pkg:maven/org.eclipse.paho/org.eclipse.paho.client.mqttv3@1.2.1 0Low30
parso-2.0.11.jarcpe:2.3:a:parso_project:parso:2.0.11:*:*:*:*:*:*:*pkg:maven/com.epam/parso@2.0.11 0Highest34
pdfbox-2.0.16.jarcpe:2.3:a:apache:pdfbox:2.0.16:*:*:*:*:*:*:*pkg:maven/org.apache.pdfbox/pdfbox@2.0.16MEDIUM4Highest33
perfmark-api-0.17.0.jarpkg:maven/io.perfmark/perfmark-api@0.17.0 026
poi-4.1.0.jarcpe:2.3:a:apache:poi:4.1.0:*:*:*:*:*:*:*pkg:maven/org.apache.poi/poi@4.1.0MEDIUM2Highest29
postgresql-42.6.0.jarcpe:2.3:a:postgresql:postgresql_jdbc_driver:42.6.0:*:*:*:*:*:*:*pkg:maven/org.postgresql/postgresql@42.6.0 0Low71
proto-google-cloud-firestore-admin-v1-1.9.0.jarpkg:maven/com.google.api.grpc/proto-google-cloud-firestore-admin-v1@1.9.0 028
proto-google-cloud-firestore-v1-1.9.0.jarpkg:maven/com.google.api.grpc/proto-google-cloud-firestore-v1@1.9.0 025
proto-google-cloud-firestore-v1beta1-0.62.0.jarpkg:maven/com.google.api.grpc/proto-google-cloud-firestore-v1beta1@0.62.0 024
proto-google-cloud-pubsub-v1-1.73.0.jarpkg:maven/com.google.api.grpc/proto-google-cloud-pubsub-v1@1.73.0 025
proto-google-common-protos-1.16.0.jarpkg:maven/com.google.api.grpc/proto-google-common-protos@1.16.0 032
proto-google-iam-v1-0.12.0.jarpkg:maven/com.google.api.grpc/proto-google-iam-v1@0.12.0 068
protobuf-java-3.10.0.jarcpe:2.3:a:google:protobuf-java:3.10.0:*:*:*:*:*:*:*
cpe:2.3:a:protobuf:protobuf:3.10.0:*:*:*:*:*:*:*
pkg:maven/com.google.protobuf/protobuf-java@3.10.0HIGH4Highest27
protobuf-java-util-3.10.0.jarcpe:2.3:a:google:protobuf-java:3.10.0:*:*:*:*:*:*:*
cpe:2.3:a:protobuf:protobuf:3.10.0:*:*:*:*:*:*:*
pkg:maven/com.google.protobuf/protobuf-java-util@3.10.0HIGH2Highest29
proton-j-0.33.4.jarcpe:2.3:a:apache:qpid:0.33.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:qpid_proton:0.33.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:qpid_proton-j:0.33.4:*:*:*:*:*:*:*
cpe:2.3:a:proton_project:proton:0.33.4:*:*:*:*:*:*:*
pkg:maven/org.apache.qpid/proton-j@0.33.4 0Highest30
qpid-jms-client-0.51.0.jarcpe:2.3:a:apache:qpid:0.51.0:*:*:*:*:*:*:*pkg:maven/org.apache.qpid/qpid-jms-client@0.51.0 0Highest27
qrgen-1.4.jarpkg:maven/net.glxn/qrgen@1.4 030
quartz-2.3.1.jarcpe:2.3:a:softwareag:quartz:2.3.1:*:*:*:*:*:*:*pkg:maven/org.quartz-scheduler/quartz@2.3.1CRITICAL2Highest33
relaxng-datatype-2.3.2.jarpkg:maven/com.sun.xml.bind.external/relaxng-datatype@2.3.2 027
rhino-1.7.13.jarpkg:maven/org.mozilla/rhino@1.7.13 031
rhino-1.7.13.jar: test.js 00
rhino-js-engine-1.7.10.jarpkg:maven/cat.inspiracio/rhino-js-engine@1.7.10 032
rhino-js-engine-1.7.10.jar: toplevel.js 00
rngom-2.3.2.jarpkg:maven/com.sun.xml.bind.external/rngom@2.3.2 023
rome-1.12.1.jarpkg:maven/com.rometools/rome@1.12.1 035
rome-utils-1.12.1.jarcpe:2.3:a:utils_project:utils:1.12.1:*:*:*:*:*:*:*pkg:maven/com.rometools/rome-utils@1.12.1MEDIUM1Highest19
s3-2.2.0.jarcpe:2.3:a:apache:jclouds:2.2.0:*:*:*:*:*:*:*pkg:maven/org.apache.jclouds.api/s3@2.2.0 0Highest31
sentiment-analysis-parser-0.1.jarcpe:2.3:a:ini-parser_project:ini-parser:0.1:*:*:*:*:*:*:*pkg:maven/edu.usc.ir/sentiment-analysis-parser@0.1 0Low38
serializer-2.7.2.jarcpe:2.3:a:apache:xalan-java:2.7.2:*:*:*:*:*:*:*pkg:maven/xalan/serializer@2.7.2HIGH1Low32
sis-feature-0.8.jarpkg:maven/org.apache.sis.core/sis-feature@0.8 056
sis-metadata-0.8.jarpkg:maven/org.apache.sis.core/sis-metadata@0.8 054
sis-netcdf-0.8.jarpkg:maven/org.apache.sis.storage/sis-netcdf@0.8 056
sis-referencing-0.8.jarcpe:2.3:a:temporal:temporal:0.8:*:*:*:*:*:*:*pkg:maven/org.apache.sis.core/sis-referencing@0.8LOW1Low71
sis-storage-0.8.jarpkg:maven/org.apache.sis.storage/sis-storage@0.8 070
sis-utility-0.8.jarpkg:maven/org.apache.sis.core/sis-utility@0.8 058
slf4j-api-1.7.30.jarpkg:maven/org.slf4j/slf4j-api@1.7.30 027
slf4j-log4j12-1.7.30.jarpkg:maven/org.slf4j/slf4j-log4j12@1.7.30 027
snakeyaml-1.25.jarcpe:2.3:a:snakeyaml_project:snakeyaml:1.25:*:*:*:*:*:*:*pkg:maven/org.yaml/snakeyaml@1.25CRITICAL8Highest46
stax-ex-1.8.1.jarcpe:2.3:a:oracle:projects:1.8.1:*:*:*:*:*:*:*pkg:maven/org.jvnet.staxex/stax-ex@1.8.1 0Low46
stax2-api-4.2.jarcpe:2.3:a:fasterxml:woodstox:4.2:*:*:*:*:*:*:*pkg:maven/org.codehaus.woodstox/stax2-api@4.2HIGH1Highest54
stringtemplate-3.2.1.jarcpe:2.3:a:temporal:temporal:3.2.1:*:*:*:*:*:*:*pkg:maven/org.antlr/stringtemplate@3.2.1 0Low38
stripe-java-12.0.0.jarcpe:2.3:a:stripe:stripe:12.0.0:*:*:*:*:*:*:*pkg:maven/com.stripe/stripe-java@12.0.0 0Highest34
sts-2.2.0.jarcpe:2.3:a:apache:jclouds:2.2.0:*:*:*:*:*:*:*pkg:maven/org.apache.jclouds.api/sts@2.2.0 0Highest31
swagger-annotations-1.5.8.jarpkg:maven/io.swagger/swagger-annotations@1.5.8 029
tagsoup-1.2.1.jarpkg:maven/org.ccil.cowan.tagsoup/tagsoup@1.2.1 024
threeten-extra-1.5.0.jarpkg:maven/org.threeten/threeten-extra@1.5.0 041
threetenbp-1.3.3.jarpkg:maven/org.threeten/threetenbp@1.3.3 039
tika-core-1.22.jarcpe:2.3:a:apache:tika:1.22:*:*:*:*:*:*:*pkg:maven/org.apache.tika/tika-core@1.22MEDIUM7Highest42
tika-parsers-1.22.jarcpe:2.3:a:apache:tika:1.22:*:*:*:*:*:*:*pkg:maven/org.apache.tika/tika-parsers@1.22MEDIUM8Highest41
twilio-7.42.0.jarpkg:maven/com.twilio.sdk/twilio@7.42.0 028
txw2-2.3.2.jarpkg:maven/org.glassfish.jaxb/txw2@2.3.2 034
udunits-4.5.5.jarpkg:maven/edu.ucar/udunits@4.5.5 029
unit-api-1.0.jarpkg:maven/javax.measure/unit-api@1.0 0128
vorbis-java-core-0.8.jarpkg:maven/org.gagravarr/vorbis-java-core@0.8 022
vorbis-java-tika-0.8.jarpkg:maven/org.gagravarr/vorbis-java-tika@0.8 022
wmf2svg-0.9.8.jarpkg:maven/net.arnx/wmf2svg@0.9.8 031
woodstox-core-6.2.0.jar (shaded: com.sun.xml.bind.jaxb:isorelax:20090621)cpe:2.3:a:xml_library_project:xml_library:*:*:*:*:*:rust:*:*pkg:maven/com.sun.xml.bind.jaxb/isorelax@20090621HIGH1Highest12
woodstox-core-6.2.0.jar (shaded: net.java.dev.msv:xsdlib:2013.6.1)cpe:2.3:a:xml_library_project:xml_library:2013.6.1:*:*:*:*:*:*:*pkg:maven/net.java.dev.msv/xsdlib@2013.6.1 0Low9
woodstox-core-6.2.0.jarcpe:2.3:a:fasterxml:woodstox:6.2.0:*:*:*:*:*:*:*pkg:maven/com.fasterxml.woodstox/woodstox-core@6.2.0HIGH1Highest47
xalan-2.7.2.jarcpe:2.3:a:apache:xalan-java:2.7.2:*:*:*:*:*:*:*pkg:maven/xalan/xalan@2.7.2HIGH1Low66
xalan-interpretive-11.0.0.jarpkg:maven/org.docx4j.org.apache/xalan-interpretive@11.0.0 042
xalan-serializer-11.0.0.jarpkg:maven/org.docx4j.org.apache/xalan-serializer@11.0.0 041
xercesImpl-2.12.0.jarcpe:2.3:a:apache:xerces-j:2.12.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:xerces2_java:2.12.0:*:*:*:*:*:*:*
pkg:maven/xerces/xercesImpl@2.12.0MEDIUM2Low86
xhtmlrenderer-3.0.0.jarpkg:maven/org.docx4j/xhtmlrenderer@3.0.0 036
xmlbeans-3.1.0.jarcpe:2.3:a:apache:xmlbeans:3.1.0:*:*:*:*:*:*:*pkg:maven/org.apache.xmlbeans/xmlbeans@3.1.0 0Highest58
xmlgraphics-commons-2.3.jarcpe:2.3:a:apache:xmlgraphics_commons:2.3:*:*:*:*:*:*:*pkg:maven/org.apache.xmlgraphics/xmlgraphics-commons@2.3HIGH1Highest29
xmlsec-2.1.4.jarcpe:2.3:a:apache:santuario_xml_security_for_java:2.1.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:xml_security_for_java:2.1.4:*:*:*:*:*:*:*
pkg:maven/org.apache.santuario/xmlsec@2.1.4HIGH2Low48
xmpcore-5.1.3.jarpkg:maven/com.adobe.xmp/xmpcore@5.1.3 037
xsom-2.3.2.jarcpe:2.3:a:eclipse:glassfish:2.3.2:*:*:*:*:*:*:*pkg:maven/org.glassfish.jaxb/xsom@2.3.2 0Medium27
xz-1.8.jarcpe:2.3:a:tukaani:xz:1.8:*:*:*:*:*:*:*pkg:maven/org.tukaani/xz@1.8 0Highest33

Dependencies

FastInfoset-1.2.16.jar

Description:

Open Source implementation of the Fast Infoset Standard for Binary XML (http://www.itu.int/ITU-T/asn1/).

License:

http://www.opensource.org/licenses/apache2.0.php, http://www.eclipse.org/org/documents/edl-v10.php
File Path: /var/simplicite/.m2/repository/com/sun/xml/fastinfoset/FastInfoset/1.2.16/FastInfoset-1.2.16.jar
MD5: f7f4be4695e2501a6d585beca305c74c
SHA1: 4eb6a0adad553bf759ffe86927df6f3b848c8bea
SHA256:056f3a1e144409f21ed16afc26805f58e9a21f3fce1543c42d400719d250c511
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

HikariCP-3.4.0.jar

Description:

Ultimate JDBC Connection Pool

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/zaxxer/HikariCP/3.4.0/HikariCP-3.4.0.jar
MD5: 60549ba87bf28ce69702302b62e527c5
SHA1: 6ce7ce51bd472b93a26bd26b41ad18e9b842ad41
SHA256:0bd769d01a0e64b1a61053206343364ec6bde30b84d819c29de163bcfb485852
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

JavaEWAH-1.1.6.jar

Description:

The bit array data structure is implemented in Java as the BitSet class. Unfortunately, this fails to scale without compression.
  JavaEWAH is a word-aligned compressed variant of the Java bitset class. It uses a 64-bit run-length encoding (RLE) compression scheme.
  The goal of word-aligned compression is not to achieve the best compression, but rather to improve query processing time. Hence, we try to save CPU cycles, maybe at the expense of storage. However, the EWAH scheme we implemented is always more efficient storage-wise than an uncompressed bitmap (implemented in Java as the BitSet class). Unlike some alternatives, javaewah does not rely on a patented scheme. 

License:

Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/googlecode/javaewah/JavaEWAH/1.1.6/JavaEWAH-1.1.6.jar
MD5: ad90237fa8e47defd9fdac73e68608fd
SHA1: 94ad16d728b374d65bd897625f3fbb3da223a2b6
SHA256:f78d44a1e3877f1ce748b4a85df5171e5e8e9a5c3c6f63bb9003db6f84cce952
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

activation-1.1.jar

Description:

    JavaBeans Activation Framework (JAF) is a standard extension to the Java platform that lets you take advantage of standard services to: determine the type of an arbitrary piece of data; encapsulate access to it; discover the operations available on it; and instantiate the appropriate bean to perform the operation(s).
  

License:

Common Development and Distribution License (CDDL) v1.0: https://glassfish.dev.java.net/public/CDDLv1.0.html
File Path: /var/simplicite/.m2/repository/javax/activation/activation/1.1/activation-1.1.jar
MD5: 8ae38e87cd4f86059c0294a8fe3e0b18
SHA1: e6cb541461c2834bdea3eb920f1884d1eb508b50
SHA256:2881c79c9d6ef01c58e62beea13e9d1ac8b8baa16f2fc198ad6e6776defdcdd3
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

animal-sniffer-annotations-1.18.jar

File Path: /var/simplicite/.m2/repository/org/codehaus/mojo/animal-sniffer-annotations/1.18/animal-sniffer-annotations-1.18.jar
MD5: f0a84f9b30590b3aa76edc893d6fe4ff
SHA1: f7aa683ea79dc6681ee9fb95756c999acbb62f5d
SHA256:47f05852b48ee9baefef80fa3d8cea60efa4753c0013121dd7fe5eef2e5c729d
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

annotations-4.1.1.4.jar

Description:

A library jar that provides annotations for the Google Android Platform.

License:

Apache 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: /var/simplicite/.m2/repository/com/google/android/annotations/4.1.1.4/annotations-4.1.1.4.jar
MD5: c2cdd26a6ae577f24775e8ce75da1fdc
SHA1: a1678ba907bf92691d879fef34e1a187038f9259
SHA256:ba734e1e84c09d615af6a09d33034b4f0442f8772dec120efb376d86a565ae15
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

ant-1.10.7.jar

File Path: /var/simplicite/.m2/repository/org/apache/ant/ant/1.10.7/ant-1.10.7.jar
MD5: 66386ce040556ca4836fe829d0f1b293
SHA1: ebd23eb1f451de96e9a616f239408db88eedc1c2
SHA256:dab4d3b2e45b73aec95cb25ce5050a651ad060f50f74662bbc3c1cb406ec1d19
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

CVE-2020-1945  

Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process.
CWE-668 Exposure of Resource to Wrong Sphere

CVSSv2:
  • Base Score: LOW (3.3)
  • Vector: /AV:L/AC:M/Au:N/C:P/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.3)
  • Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2021-36373  

When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Apache Ant prior to 1.9.16 and 1.10.11 were affected.
NVD-CWE-Other

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2021-36374  

When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Commonly used derived formats from ZIP archives are for instance JAR files and many office files. Apache Ant prior to 1.9.16 and 1.10.11 were affected.
NVD-CWE-Other

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

antlr-2.7.7.jar

Description:

    A framework for constructing recognizers, compilers,
    and translators from grammatical descriptions containing
    Java, C#, C++, or Python actions.
  

License:

BSD License: http://www.antlr.org/license.html
File Path: /var/simplicite/.m2/repository/antlr/antlr/2.7.7/antlr-2.7.7.jar
MD5: f8f1352c52a4c6a500b597596501fc64
SHA1: 83cd2cd674a217ade95a4bb83a8a14f351f48bd0
SHA256:88fbda4b912596b9f56e8e12e580cc954bacfb51776ecfddd3e18fc1cf56dc4c
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

antlr-runtime-3.5.2.jar

Description:

A framework for constructing recognizers, compilers, and translators from grammatical descriptions containing Java, C#, C++, or Python actions.

File Path: /var/simplicite/.m2/repository/org/antlr/antlr-runtime/3.5.2/antlr-runtime-3.5.2.jar
MD5: 1fbbae2cb72530207c20b797bdabd029
SHA1: cd9cd41361c155f3af0f653009dcecb08d8b4afd
SHA256:ce3fc8ecb10f39e9a3cddcbb2ce350d272d9cd3d0b1e18e6fe73c3b9389c8734
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

aopalliance-1.0.jar

Description:

AOP Alliance

License:

Public Domain
File Path: /var/simplicite/.m2/repository/aopalliance/aopalliance/1.0/aopalliance-1.0.jar
MD5: 04177054e180d09e3998808efa0401c7
SHA1: 0235ba8b489512805ac13a8f9ea77a1ca5ebe3e8
SHA256:0addec670fedcd3f113c5c8091d783280d23f75e3acb841b61a9cdb079376a08
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

apache-mime4j-core-0.8.3.jar

Description:

Java stream based MIME message parser

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/james/apache-mime4j-core/0.8.3/apache-mime4j-core-0.8.3.jar
MD5: dc03793d8d9e208f4a21a36b78f922f0
SHA1: 1179b56c9919c1a8e20d3a528ee4c6cee19bcbe0
SHA256:910002bd8d2fc413220386cd656a33b32f0007850dd53c2c0f30f90801eba6c6
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

apache-mime4j-dom-0.8.3.jar

Description:

Java MIME Document Object Model

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/james/apache-mime4j-dom/0.8.3/apache-mime4j-dom-0.8.3.jar
MD5: 13a1a7be7b85c9b03f6cba68e72d83c2
SHA1: e80733714eb6a70895bfc74a9528c658504c2c83
SHA256:b7f85517887b268d94fd16b13267d9e37a151440eff8acefab3a29ef30977435
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

api-common-1.8.1.jar

Description:

Common utilities for Google APIs in Java

License:

BSD: https://github.com/googleapis/api-common-java/blob/master/LICENSE
File Path: /var/simplicite/.m2/repository/com/google/api/api-common/1.8.1/api-common-1.8.1.jar
MD5: 839b9b829ff6a7172d640b33fbc2e1b3
SHA1: e89befb19b08ad84b262b2f226ab79aefcaa9d7f
SHA256:9840ed24fce0a96492e671853077be62edab802b6760e3b327362d6949943674
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

asm-7.2-beta.jar

Description:

ASM, a very small and fast Java bytecode manipulation framework

License:

BSD: http://asm.ow2.org/license.html
File Path: /var/simplicite/.m2/repository/org/ow2/asm/asm/7.2-beta/asm-7.2-beta.jar
MD5: 11be68755323a89d5d9cf33ee306416a
SHA1: 42e26c6613fc9cb3002b55897802ab605c92dc44
SHA256:00acf26a20b0c032b3d19ea0fbc079d6694b56de46e018ecf90e68cb7dd5caa2
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

auto-value-annotations-1.6.6.jar

Description:

    Immutable value-type code generation for Java 1.6+.
  

File Path: /var/simplicite/.m2/repository/com/google/auto/value/auto-value-annotations/1.6.6/auto-value-annotations-1.6.6.jar
MD5: fc2c981dc803b953b9b45ace05a98d8f
SHA1: 9947ae63d8ec42ea159283baf2e5b9c0ff100909
SHA256:3bf4b9e74a6bf0f38ac70af571e0f8a9d85ccba4c0693a72fea9ea46def0d5a0
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

autolink-0.10.0.jar

Description:

        Java library to extract links (URLs, email addresses) from plain text;
        fast, small and smart about recognizing where links end
    

License:

MIT License: http://www.opensource.org/licenses/mit-license.php
File Path: /var/simplicite/.m2/repository/org/nibor/autolink/autolink/0.10.0/autolink-0.10.0.jar
MD5: be771f6d4d82b9098596afa30b4f48ea
SHA1: 6579ea7079be461e5ffa99f33222a632711cc671
SHA256:302b30160968415ee6cd1907987138c7575a6315f9b6ef13b9fe3abc87367857
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

avalon-framework-impl-4.2.0.jar

File Path: /var/simplicite/.m2/repository/avalon-framework/avalon-framework-impl/4.2.0/avalon-framework-impl-4.2.0.jar
MD5: 5c1f8f5c8c6c043538fc4ea038c2aaf6
SHA1: 4da1db18947eb6950abb7ad79253011b9aec0e48
SHA256:ed42c573cab460ca634b5c64a3b40ed1d67d6ee47fe25f87947370bede6af814
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

aws-s3-2.2.0.jar

Description:

Simple Storage Service (S3) implementation targeted to Amazon Web Services

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/jclouds/provider/aws-s3/2.2.0/aws-s3-2.2.0.jar
MD5: e0888fec8e07a0030b16eed4fb4c2014
SHA1: 09a357c4d48dc2cc1cfe52a09d15794f6c7c84dd
SHA256:fc971624321f1945574ba23e3dc1327c9d946c1f4c30a50588f75013795154e8
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

azureblob-2.2.0.jar

Description:

jclouds components to access Azure Blob Service

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/jclouds/provider/azureblob/2.2.0/azureblob-2.2.0.jar
MD5: 6e496c24207ed776f9a933a558d878c6
SHA1: 724f1331e5124dc17621f5417df4c74ee1940be7
SHA256:17910ad862f1f61ed87875cd735b137c8a7cdeb69f9754448e0004592094f78f
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

barcode4j-2.1.jar

Description:

Barcode4J is a flexible generator for barcodes written in Java.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/net/sf/barcode4j/barcode4j/2.1/barcode4j-2.1.jar
MD5: 4fc30cdb7b1abaf1ce08f26b0666e351
SHA1: 4b38b2219c0d522fcea8238493f2ea3e238ef529
SHA256:eb7252cc41a1539bcd018348e9f60e0942872bdaa49c58051e656a6be94969fb
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

base64-2.3.8.jar

Description:

A Java class providing very fast Base64 encoding and decoding 
               in the form of convenience methods and input/output streams.
  

License:

Public domain
File Path: /var/simplicite/.m2/repository/net/iharder/base64/2.3.8/base64-2.3.8.jar
MD5: 9a9828f0caa016a2f3e0c90fe3af771b
SHA1: 7d2e2cea90cc51169fd02a35888820ab07f6d02f
SHA256:bbf41fda22877a538f6bc2d5ad0aa372a7ddf4a756af3386aa09d3d4eea84f7f
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

bcmail-jdk15on-1.63.jar

Description:

The Bouncy Castle Java S/MIME APIs for handling S/MIME protocols. This jar contains S/MIME APIs for JDK 1.5 to JDK 1.8. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs. The JavaMail API and the Java activation framework will also be needed.

License:

Bouncy Castle Licence: http://www.bouncycastle.org/licence.html
File Path: /var/simplicite/.m2/repository/org/bouncycastle/bcmail-jdk15on/1.63/bcmail-jdk15on-1.63.jar
MD5: 2ff3d5ba2e923c1030401cd7e91dd2bd
SHA1: aa0f31cf8d4717aa213539d469478220d679357f
SHA256:6078638744a1b3ce842fd70330681c058ad9aa278696dc71c430b4d6449501c3
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

  • pkg:maven/org.bouncycastle/bcmail-jdk15on@1.63  (Confidence:High)
  • cpe:2.3:a:bouncycastle:bouncy_castle_for_java:1.63:*:*:*:*:*:*:*  (Confidence:Low)  
  • cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle:1.63:*:*:*:*:*:*:*  (Confidence:Low)  

CVE-2023-33202  

Bouncy Castle for Java before 1.73 contains a potential Denial of Service (DoS) issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams containing X.509 certificates, PKCS8 encoded keys, and PKCS7 objects. Parsing a file that has crafted ASN.1 data through the PEMParser causes an OutOfMemoryError, which can enable a denial of service attack. (For users of the FIPS Java API: BC-FJA 1.0.2.3 and earlier are affected; BC-FJA 1.0.2.4 is fixed.)
CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')

CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

bcpg-jdk15on-1.63.jar

Description:

The Bouncy Castle Java API for handling the OpenPGP protocol. This jar contains the OpenPGP API for JDK 1.5 to JDK 1.8. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs.

License:

Bouncy Castle Licence: http://www.bouncycastle.org/licence.html
Apache Software License, Version 1.1: http://www.apache.org/licenses/LICENSE-1.1
File Path: /var/simplicite/.m2/repository/org/bouncycastle/bcpg-jdk15on/1.63/bcpg-jdk15on-1.63.jar
MD5: c551097b29b7d81bc5ae1184a6bcc7c6
SHA1: a93a004e30ba70feb94213bd9adb3bb5295361ef
SHA256:dc4f51adfc46583c2543489c82708fef5660202bf264c7cd453f081a117ea536
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

  • pkg:maven/org.bouncycastle/bcpg-jdk15on@1.63  (Confidence:High)
  • cpe:2.3:a:bouncycastle:bouncy_castle_for_java:1.63:*:*:*:*:*:*:*  (Confidence:Low)  
  • cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle:1.63:*:*:*:*:*:*:*  (Confidence:Low)  

CVE-2023-33202  

Bouncy Castle for Java before 1.73 contains a potential Denial of Service (DoS) issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams containing X.509 certificates, PKCS8 encoded keys, and PKCS7 objects. Parsing a file that has crafted ASN.1 data through the PEMParser causes an OutOfMemoryError, which can enable a denial of service attack. (For users of the FIPS Java API: BC-FJA 1.0.2.3 and earlier are affected; BC-FJA 1.0.2.4 is fixed.)
CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')

CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

bcpkix-jdk15on-1.63.jar

Description:

The Bouncy Castle Java APIs for CMS, PKCS, EAC, TSP, CMP, CRMF, OCSP, and certificate generation. This jar contains APIs for JDK 1.5 to JDK 1.8. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs.

License:

Bouncy Castle Licence: http://www.bouncycastle.org/licence.html
File Path: /var/simplicite/.m2/repository/org/bouncycastle/bcpkix-jdk15on/1.63/bcpkix-jdk15on-1.63.jar
MD5: c7dc9b66a0535f44dd088babea47b506
SHA1: 81e2a6d531213271dd936e4a94a041d49e4721e8
SHA256:e9e6a1a9c411681100dce967b6a8e66f4a0bbdc8ae18379a0044dd0e19b888b0
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

  • pkg:maven/org.bouncycastle/bcpkix-jdk15on@1.63  (Confidence:High)
  • cpe:2.3:a:bouncycastle:bouncy_castle_for_java:1.63:*:*:*:*:*:*:*  (Confidence:Low)  
  • cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle:1.63:*:*:*:*:*:*:*  (Confidence:Low)  

CVE-2023-33202  

Bouncy Castle for Java before 1.73 contains a potential Denial of Service (DoS) issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams containing X.509 certificates, PKCS8 encoded keys, and PKCS7 objects. Parsing a file that has crafted ASN.1 data through the PEMParser causes an OutOfMemoryError, which can enable a denial of service attack. (For users of the FIPS Java API: BC-FJA 1.0.2.3 and earlier are affected; BC-FJA 1.0.2.4 is fixed.)
CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')

CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

bcprov-jdk15on-1.63.jar

Description:

The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.5 to JDK 1.8.

License:

Bouncy Castle Licence: http://www.bouncycastle.org/licence.html
File Path: /var/simplicite/.m2/repository/org/bouncycastle/bcprov-jdk15on/1.63/bcprov-jdk15on-1.63.jar
MD5: d357114f1605c034ebcb99f3c9d36f7e
SHA1: c996f9c64dc0e94e2d2ae962cc7b7cad7744fcc8
SHA256:28155c8695934f666fabc235f992096e40d97ecb044d5b6b0902db6e15a0b72f
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

CVE-2019-17359  

The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMemoryError error, via crafted ASN.1 data. This is fixed in 1.64.
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2020-15522  

Bouncy Castle BC Java before 1.66, BC C# .NET before 1.8.7, BC-FJA before 1.0.1.2, 1.0.2.1, and BC-FNA before 1.0.1.1 have a timing issue within the EC math library that can expose information about the private key when an attacker is able to observe timing information for the generation of multiple deterministic ECDSA signatures.
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSSv3:
  • Base Score: MEDIUM (5.9)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2020-0187 (OSSINDEX)  

In engineSetMode of BaseBlockCipher.java, there is a possible incorrect cryptographic algorithm chosen due to an incomplete comparison. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-148517383
CWE-310 Cryptographic Issues

CVSSv2:
  • Base Score: MEDIUM (5.5)
  • Vector: /AV:L/AC:L/Au:/C:H/I:N/A:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.bouncycastle:bcprov-jdk15on:1.63:*:*:*:*:*:*:*

CVE-2023-33201 (OSSINDEX)  

Bouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability. The vulnerability only affects applications that use an LDAP CertStore from Bouncy Castle to validate X.509 certificates. During the certificate validation process, Bouncy Castle inserts the certificate's Subject Name into an LDAP search filter without any escaping, which leads to an LDAP injection vulnerability.
CWE-295 Improper Certificate Validation

CVSSv2:
  • Base Score: MEDIUM (5.3)
  • Vector: /AV:N/AC:L/Au:/C:L/I:N/A:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.bouncycastle:bcprov-jdk15on:1.63:*:*:*:*:*:*:*

boilerpipe-1.1.0.jar

Description:

The boilerpipe library provides algorithms to detect and remove the surplus "clutter" (boilerplate, templates) around the main textual content of a web page.

The library already provides specific strategies for common tasks (for example: news article extraction) and may also be easily extended for individual problem settings.

Extracting content is very fast (milliseconds), just needs the input document (no global or site-level information required) and is usually quite accurate.

Boilerpipe is a Java library written by Christian Kohlschütter. It is released under the Apache License 2.0.

The algorithms used by the library are based on (and extending) some concepts of the paper "Boilerplate Detection using Shallow Text Features" by Christian Kohlschütter et al., presented at WSDM 2010 -- The Third ACM International Conference on Web Search and Data Mining New York City, NY USA.
  

License:

Apache License 2.0
File Path: /var/simplicite/.m2/repository/de/l3s/boilerpipe/boilerpipe/1.1.0/boilerpipe-1.1.0.jar
MD5: 0616568083786d0f49e2cb07a5d09fe4
SHA1: f62cb75ed52455a9e68d1d05b84c500673340eb2
SHA256:088203df4326c4dcc42cec1253a2b41e03dc8904984eae744543b48e2cc63846
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

bson-3.11.0.jar

Description:

The BSON library

License:

The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/mongodb/bson/3.11.0/bson-3.11.0.jar
MD5: fee103bbdf1b62541826f1fff8c75166
SHA1: 5f00c5a8f05b66a33239efd1131aaef5a49ba5b8
SHA256:87015c5e3d35ae0e1593a89adacaa744c265ba617a4e045252a0e67855998c4d
Referenced In Project/Scope:Simplicite Platform:runtime

Identifiers

bzip2-0.9.1.jar

Description:

jbzip2 is a Java bzip2 compression/decompression library. It can be used as a replacement for the Apache CBZip2InputStream / CBZip2OutputStream classes.

License:

MIT License (MIT): http://opensource.org/licenses/mit-license.php
File Path: /var/simplicite/.m2/repository/org/itadaki/bzip2/0.9.1/bzip2-0.9.1.jar
MD5: ddd5eb3a035655cbbb536e9b86907a00
SHA1: 47ca95f71e3ccae756c4a24354d48069c58f475c
SHA256:865a7a13dd33ef0388f675993adaf4c6f95632ba80d609d42e9d42e6343aae77
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

c3p0-0.9.5.4.jar

Description:

a JDBC Connection pooling / Statement caching library

License:

GNU Lesser General Public License, Version 2.1: http://www.gnu.org/licenses/lgpl-2.1.html
Eclipse Public License, Version 1.0: http://www.eclipse.org/org/documents/epl-v10.php
File Path: /var/simplicite/.m2/repository/com/mchange/c3p0/0.9.5.4/c3p0-0.9.5.4.jar
MD5: 45fd4a89c9fd671a0d1dc97c0ec77abe
SHA1: a21a1d37ae0b59efce99671544f51c34ed1e8def
SHA256:60cf2906cd6ad6771f514a3e848b74b3e3da99c1806f2a63c38e2dd8da5ef11f
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

cdm-4.5.5.jar

Description:

    The NetCDF-Java Library is a Java interface to NetCDF files,
    as well as to many other types of scientific data formats.
  

File Path: /var/simplicite/.m2/repository/edu/ucar/cdm/4.5.5/cdm-4.5.5.jar
MD5: 7770c86aabbd0ec5e12ed1f0600d5492
SHA1: af1748a3d024069cb7fd3fc2591efe806c914589
SHA256:74ea183cda0f7aa06fae2f3cfa8c3c6c64d013ce8cb87bde4a06de6676eacfdb
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

checker-qual-2.11.0.jar

Description:

        Checker Qual is the set of annotations (qualifiers) and supporting classes
        used by the Checker Framework to type check Java source code.  Please
        see artifact:
        org.checkerframework:checker
    

License:

The MIT License: http://opensource.org/licenses/MIT
File Path: /var/simplicite/.m2/repository/org/checkerframework/checker-qual/2.11.0/checker-qual-2.11.0.jar
MD5: 33a7c3e20614e973a80aa284e3782156
SHA1: 7de2908ee759b650dcddfd9913698e472cbe7272
SHA256:493ccb75b28a164c7dbe066bcfef0fd4091fdc1d384cef664ae9555ff397cd83
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

codemodel-2.3.2.jar

Description:

The core functionality of the CodeModel java source code generation library

File Path: /var/simplicite/.m2/repository/org/glassfish/jaxb/codemodel/2.3.2/codemodel-2.3.2.jar
MD5: 8651b4954656d27a3408ffc38f041060
SHA1: 143b70e564189b3f71a2e7f02d6bb8c6b16b5632
SHA256:8a89a76dffb491a3b2bcfcb6e8d9fb2e30ec0c36629a033f90c93182799af773
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

commonmark-0.13.0.jar

Description:

Core of commonmark-java (implementation of CommonMark for parsing markdown and rendering to HTML)

File Path: /var/simplicite/.m2/repository/com/atlassian/commonmark/commonmark/0.13.0/commonmark-0.13.0.jar
MD5: 535b94d32fa44874a37824586ab5906b
SHA1: d233ad1436f35c7f88e3488ce6c1e65425c1a059
SHA256:fd38aecef680649894ffd7b434e10081fc609e260c63e16c4323a3eaa2a9f096
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

commonmark-ext-autolink-0.13.0.jar

Description:

commonmark-java extension for turning plain URLs and email addresses into links

File Path: /var/simplicite/.m2/repository/com/atlassian/commonmark/commonmark-ext-autolink/0.13.0/commonmark-ext-autolink-0.13.0.jar
MD5: 3dc8ecec8ae20ad6211002d9d39ce47a
SHA1: 06c68a2bea2d1643024ab2533350f3317e46a066
SHA256:610a086274e7ccc9611d99de91d7a4c8ee9a429ede65eb2afd7691882f837bd5
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

commonmark-ext-gfm-strikethrough-0.13.0.jar

Description:

commonmark-java extension for GFM strikethrough using ~~ (GitHub Flavored Markdown)

File Path: /var/simplicite/.m2/repository/com/atlassian/commonmark/commonmark-ext-gfm-strikethrough/0.13.0/commonmark-ext-gfm-strikethrough-0.13.0.jar
MD5: 40a9c6854bf27aa785c979ada9ebac9c
SHA1: 60c7582b118a9c47e859544df04da88cf1282eaf
SHA256:5f3ad6d147eeab88f99b4f0f7be42969e1e876d4d3b851abd57a71b4af80ea6f
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

commonmark-ext-gfm-tables-0.13.0.jar

Description:

commonmark-java extension for GFM tables using "|" pipes (GitHub Flavored Markdown)

File Path: /var/simplicite/.m2/repository/com/atlassian/commonmark/commonmark-ext-gfm-tables/0.13.0/commonmark-ext-gfm-tables-0.13.0.jar
MD5: 7e660c78c296f6ae4aa1382193e83d80
SHA1: c3a5ba4217cacc7833c697e5081da42ae996655f
SHA256:b4709a5149cd3cbfb9762216955ba0576abc88b52973b30dd6f697a7a6290d15
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

commonmark-ext-heading-anchor-0.13.0.jar

Description:

commonmark-java extension for adding unique id attributes to header tags

File Path: /var/simplicite/.m2/repository/com/atlassian/commonmark/commonmark-ext-heading-anchor/0.13.0/commonmark-ext-heading-anchor-0.13.0.jar
MD5: 6cad26a7747122569d835428b7486df3
SHA1: 37d5856e790aeb5244fe931111d9ab7e13955d51
SHA256:c1fbe40469f494c6f31f7870ea69f8db60d854b6c12bb0e2b615e08a55901c46
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

commonmark-ext-ins-0.13.0.jar

Description:

commonmark-java extension for using ++

File Path: /var/simplicite/.m2/repository/com/atlassian/commonmark/commonmark-ext-ins/0.13.0/commonmark-ext-ins-0.13.0.jar
MD5: ded30f88bf404a24ba589e544eeaf378
SHA1: c61ce9b71905e0a83871511c9eeec2051212036e
SHA256:5c65a7191a40d7cd3a49655e8534229b286b121169ff69ffbbace009ecd63965
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

commons-beanutils-1.9.4.jar

Description:

Apache Commons BeanUtils provides an easy-to-use but flexible wrapper around reflection and introspection.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/commons-beanutils/commons-beanutils/1.9.4/commons-beanutils-1.9.4.jar
MD5: 07dc532ee316fe1f2f0323e9bd2f8df4
SHA1: d52b9abcd97f38c81342bb7e7ae1eee9b73cba51
SHA256:7d938c81789028045c08c065e94be75fc280527620d5bd62b519d5838532368a
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

commons-cli-1.4.jar

Description:

    Apache Commons CLI provides a simple API for presenting, processing and validating a command line interface.
  

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/commons-cli/commons-cli/1.4/commons-cli-1.4.jar
MD5: c966d7e03507c834d5b09b848560174e
SHA1: c51c00206bb913cd8612b24abd9fa98ae89719b1
SHA256:fd3c7c9545a9cdb2051d1f9155c4f76b1e4ac5a57304404a6eedb578ffba7328
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

commons-codec-1.13.jar

Description:

     The Apache Commons Codec package contains simple encoder and decoders for
     various formats such as Base64 and Hexadecimal.  In addition to these
     widely used encoders and decoders, the codec package also maintains a
     collection of phonetic encoding utilities.
  

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/commons-codec/commons-codec/1.13/commons-codec-1.13.jar
MD5: 5085f186156822fa3a02e55bcd5584a8
SHA1: 3f18e1aa31031d89db6f01ba05d501258ce69d2c
SHA256:61f7a3079e92b9fdd605238d0295af5fd11ac411a0a0af48deace1f6c5ffa072
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

commons-collections-3.2.2.jar

Description:

Types that extend and augment the Java Collections Framework.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/commons-collections/commons-collections/3.2.2/commons-collections-3.2.2.jar
MD5: f54a8510f834a1a57166970bfc982e94
SHA1: 8ad72fe39fa8c91eaaf12aadb21e0c3661fe26d5
SHA256:eeeae917917144a68a741d4c0dff66aa5c5c5fd85593ff217bced3fc8ca783b8
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

commons-collections4-4.4.jar

Description:

The Apache Commons Collections package contains types that extend and augment the Java Collections Framework.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/commons/commons-collections4/4.4/commons-collections4-4.4.jar
MD5: 4a37023740719b391f10030362c86be6
SHA1: 62ebe7544cb7164d87e0637a2a6a2bdc981395e8
SHA256:1df8b9430b5c8ed143d7815e403e33ef5371b2400aadbe9bda0883762e0846d1
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

commons-compress-1.19.jar

Description:

Apache Commons Compress software defines an API for working with
compression and archive formats.  These include: bzip2, gzip, pack200,
lzma, xz, Snappy, traditional Unix Compress, DEFLATE, DEFLATE64, LZ4,
Brotli, Zstandard and ar, cpio, jar, tar, zip, dump, 7z, arj.
  

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/commons/commons-compress/1.19/commons-compress-1.19.jar
MD5: fe897bced43468450b785b66c1cff455
SHA1: 7e65777fb451ddab6a9c054beb879e521b7eab78
SHA256:ff2d59fad74e867630fbc7daab14c432654712ac624dbee468d220677b124dd5
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

CVE-2021-35515  

When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz package.
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2021-35516  

When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' sevenz package.
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2021-35517  

When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' tar package.
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2021-36090  

When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' zip package.
NVD-CWE-Other

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

commons-csv-1.7.jar

Description:

The Apache Commons CSV library provides a simple interface for reading and writing
CSV files of various types.
  

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/commons/commons-csv/1.7/commons-csv-1.7.jar
MD5: 2565c6a73ddefd0ceb9e130063f9e51e
SHA1: cb5d05520f8fe1b409aaf29962e47dc5764f8f39
SHA256:25f5e7914729a3cb9cbb83918b5f1116625cca63ce38a50f0fe596f837b9a524
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

commons-discovery-0.5.jar

Description:

The Apache Commons Discovery component is about discovering, or finding,
  implementations for pluggable interfaces.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/commons-discovery/commons-discovery/0.5/commons-discovery-0.5.jar
MD5: b35120680c3a22cec7a037fce196cd97
SHA1: 3a8ac816bbe02d2f88523ef22cbf2c4abd71d6a8
SHA256:e5b7d58ae62e5b309d5c0ffa5a5b1d9d1e0f0c4c3cc18d1fe3103fd29f90149d
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

CVE-2022-0869  

Multiple Open Redirect in GitHub repository nitely/spirit prior to 0.12.3.
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

CVSSv2:
  • Base Score: MEDIUM (5.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions:

commons-email-1.5.jar

Description:

        Apache Commons Email aims to provide an API for sending email. It is built on top of
        the JavaMail API, which it aims to simplify.
    

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/commons/commons-email/1.5/commons-email-1.5.jar
MD5: e72657496d31f152aa26d4122e0850d9
SHA1: e8e677c6362eba14ff3c476ba63ccb83132dbd52
SHA256:ee8479906abb2c355a46a0a9845cfa1803bcc3c520a34baea4a6cf4e1f0f0cc1
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

commons-exec-1.3.jar

Description:

Apache Commons Exec is a library to reliably execute external processes from within the JVM.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/commons/commons-exec/1.3/commons-exec-1.3.jar
MD5: 8bb8fa2edfd60d5c7ed6bf9923d14aa8
SHA1: 8dfb9facd0830a27b1b5f29f84593f0aeee7773b
SHA256:cb49812dc1bfb0ea4f20f398bcae1a88c6406e213e67f7524fb10d4f8ad9347b
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

commons-fileupload-1.4.jar

Description:

    The Apache Commons FileUpload component provides a simple yet flexible means of adding support for multipart
    file upload functionality to servlets and web applications.
  

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/commons-fileupload/commons-fileupload/1.4/commons-fileupload-1.4.jar
MD5: 0c3b924dcaaa90c3fb93fe04ae96a35e
SHA1: f95188e3d372e20e7328706c37ef366e5d7859b0
SHA256:a4ec02336f49253ea50405698b79232b8c5cbf02cb60df3a674d77a749a1def7
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

CVE-2023-24998  

Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads.




Note that, like all of the file upload limits, the
          new configuration option (FileUploadBase#setFileCountMax) is not
          enabled by default and must be explicitly configured.


CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

commons-httpclient-3.1.jar

Description:

The HttpClient  component supports the client-side of RFC 1945 (HTTP/1.0)  and RFC 2616 (HTTP/1.1) , several related specifications (RFC 2109 (Cookies) , RFC 2617 (HTTP Authentication) , etc.), and provides a framework by which new request types (methods) or HTTP extensions can be created easily.

License:

Apache License: http://www.apache.org/licenses/LICENSE-2.0
File Path: /var/simplicite/.m2/repository/commons-httpclient/commons-httpclient/3.1/commons-httpclient-3.1.jar
MD5: 8ad8c9229ef2d59ab9f59f7050e846a5
SHA1: 964cd74171f427720480efdec40a7c7f6e58426a
SHA256:dbd4953d013e10e7c1cc3701a3e6ccd8c950c892f08d804fabfac21705930443
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

CVE-2012-5783  

Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
CWE-295 Improper Certificate Validation

CVSSv2:
  • Base Score: MEDIUM (5.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N

References:

Vulnerable Software & Versions:

CVE-2020-13956  

Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.
NVD-CWE-noinfo

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (5.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References:

Vulnerable Software & Versions: (show all)

commons-io-2.6.jar

Description:

The Apache Commons IO library contains utility classes, stream implementations, file filters,
file comparators, endian transformation classes, and much more.
  

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/commons-io/commons-io/2.6/commons-io-2.6.jar
MD5: 467c2a1f64319c99b5faf03fc78572af
SHA1: 815893df5f31da2ece4040fe0a12fd44b577afaf
SHA256:f877d304660ac2a142f3865badfc971dec7ed73c747c7f8d5d2f5139ca736513
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

CVE-2021-29425  

In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value.
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv2:
  • Base Score: MEDIUM (5.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (4.8)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

References:

Vulnerable Software & Versions: (show all)

commons-lang-2.6.jar

Description:

        Commons Lang, a package of Java utility classes for the
        classes that are in java.lang's hierarchy, or are considered to be so
        standard as to justify existence in java.lang.
    

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/commons-lang/commons-lang/2.6/commons-lang-2.6.jar
MD5: 4d5c1693079575b362edf41500630bbd
SHA1: 0ce1edb914c94ebc388f086c6827e8bdeec71ac2
SHA256:50f11b09f877c294d56f24463f47d28f929cf5044f648661c0f0cfbae9a2f49c
Referenced In Project/Scope:Simplicite Platform:compile