Press CTR-C to copy XML [help]


Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

How to read the report | Suppressing false positives | Getting Help: github issues

 Sponsor

Project: Simplicite Platform

com.simplicite:simplicite:5.1.66

Scan Information (show all):

Summary

Display: Showing Vulnerable Dependencies (click to show all)

DependencyVulnerability IDsPackageHighest SeverityCVE CountConfidenceEvidence Count
@aashutoshrathi/word-wrap:1.2.6pkg:npm/%40aashutoshrathi%2Fword-wrap@1.2.6 08
@ampproject/remapping:2.2.1pkg:npm/%40ampproject%2Fremapping@2.2.1 06
@babel/cli:7.23.0cpe:2.3:a:babelcli_project:babelcli:7.23.0:*:*:*:*:*:*:*pkg:npm/%40babel%2Fcli@7.23.0 0Low8
@babel/code-frame:7.22.13pkg:npm/%40babel%2Fcode-frame@7.22.13 08
@babel/compat-data:7.23.2pkg:npm/%40babel%2Fcompat-data@7.23.2 06
@babel/core:7.23.2pkg:npm/%40babel%2Fcore@7.23.2 08
@babel/generator:7.23.0pkg:npm/%40babel%2Fgenerator@7.23.0 08
@babel/helper-annotate-as-pure:7.22.5pkg:npm/%40babel%2Fhelper-annotate-as-pure@7.22.5 07
@babel/helper-builder-binary-assignment-operator-visitor:7.22.5pkg:npm/%40babel%2Fhelper-builder-binary-assignment-operator-visitor@7.22.5 07
@babel/helper-compilation-targets:7.22.15pkg:npm/%40babel%2Fhelper-compilation-targets@7.22.15 06
@babel/helper-create-class-features-plugin:7.22.15pkg:npm/%40babel%2Fhelper-create-class-features-plugin@7.22.15 06
@babel/helper-create-regexp-features-plugin:7.22.5pkg:npm/%40babel%2Fhelper-create-regexp-features-plugin@7.22.5 06
@babel/helper-define-polyfill-provider:0.4.3pkg:npm/%40babel%2Fhelper-define-polyfill-provider@0.4.3 05
@babel/helper-environment-visitor:7.22.20pkg:npm/%40babel%2Fhelper-environment-visitor@7.22.20 07
@babel/helper-function-name:7.23.0pkg:npm/%40babel%2Fhelper-function-name@7.23.0 07
@babel/helper-hoist-variables:7.22.5pkg:npm/%40babel%2Fhelper-hoist-variables@7.22.5 07
@babel/helper-member-expression-to-functions:7.22.15pkg:npm/%40babel%2Fhelper-member-expression-to-functions@7.22.15 07
@babel/helper-module-imports:7.22.15pkg:npm/%40babel%2Fhelper-module-imports@7.22.15 07
@babel/helper-module-transforms:7.23.0pkg:npm/%40babel%2Fhelper-module-transforms@7.23.0 07
@babel/helper-optimise-call-expression:7.22.5pkg:npm/%40babel%2Fhelper-optimise-call-expression@7.22.5 07
@babel/helper-plugin-utils:7.22.5pkg:npm/%40babel%2Fhelper-plugin-utils@7.22.5 07
@babel/helper-remap-async-to-generator:7.22.20pkg:npm/%40babel%2Fhelper-remap-async-to-generator@7.22.20 07
@babel/helper-replace-supers:7.22.20pkg:npm/%40babel%2Fhelper-replace-supers@7.22.20 07
@babel/helper-simple-access:7.22.5pkg:npm/%40babel%2Fhelper-simple-access@7.22.5 07
@babel/helper-skip-transparent-expression-wrappers:7.22.5pkg:npm/%40babel%2Fhelper-skip-transparent-expression-wrappers@7.22.5 06
@babel/helper-split-export-declaration:7.22.6pkg:npm/%40babel%2Fhelper-split-export-declaration@7.22.6 07
@babel/helper-string-parser:7.22.5pkg:npm/%40babel%2Fhelper-string-parser@7.22.5 07
@babel/helper-validator-identifier:7.22.20pkg:npm/%40babel%2Fhelper-validator-identifier@7.22.20 06
@babel/helper-validator-option:7.22.15pkg:npm/%40babel%2Fhelper-validator-option@7.22.15 06
@babel/helper-wrap-function:7.22.20pkg:npm/%40babel%2Fhelper-wrap-function@7.22.20 07
@babel/helpers:7.23.2pkg:npm/%40babel%2Fhelpers@7.23.2 07
@babel/highlight:7.22.20pkg:npm/%40babel%2Fhighlight@7.22.20 07
@babel/node:7.22.19pkg:npm/%40babel%2Fnode@7.22.19 07
@babel/parser:7.16.4pkg:npm/%40babel%2Fparser@7.16.4 08
@babel/parser:7.23.0pkg:npm/%40babel%2Fparser@7.23.0 08
@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression:7.22.15pkg:npm/%40babel%2Fplugin-bugfix-safari-id-destructuring-collision-in-function-expression@7.22.15 07
@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining:7.22.15pkg:npm/%40babel%2Fplugin-bugfix-v8-spread-parameters-in-optional-chaining@7.22.15 07
@babel/plugin-proposal-private-property-in-object:7.21.0-placeholder-for-preset-env.2pkg:npm/%40babel%2Fplugin-proposal-private-property-in-object@7.21.0-placeholder-for-preset-env.2 07
@babel/plugin-syntax-async-generators:7.8.4pkg:npm/%40babel%2Fplugin-syntax-async-generators@7.8.4 05
@babel/plugin-syntax-class-properties:7.12.13pkg:npm/%40babel%2Fplugin-syntax-class-properties@7.12.13 06
@babel/plugin-syntax-class-static-block:7.14.5pkg:npm/%40babel%2Fplugin-syntax-class-static-block@7.14.5 07
@babel/plugin-syntax-dynamic-import:7.8.3pkg:npm/%40babel%2Fplugin-syntax-dynamic-import@7.8.3 05
@babel/plugin-syntax-export-namespace-from:7.8.3pkg:npm/%40babel%2Fplugin-syntax-export-namespace-from@7.8.3 05
@babel/plugin-syntax-import-assertions:7.22.5pkg:npm/%40babel%2Fplugin-syntax-import-assertions@7.22.5 06
@babel/plugin-syntax-import-attributes:7.22.5pkg:npm/%40babel%2Fplugin-syntax-import-attributes@7.22.5 06
@babel/plugin-syntax-import-meta:7.10.4pkg:npm/%40babel%2Fplugin-syntax-import-meta@7.10.4 05
@babel/plugin-syntax-json-strings:7.8.3pkg:npm/%40babel%2Fplugin-syntax-json-strings@7.8.3 05
@babel/plugin-syntax-logical-assignment-operators:7.10.4pkg:npm/%40babel%2Fplugin-syntax-logical-assignment-operators@7.10.4 05
@babel/plugin-syntax-nullish-coalescing-operator:7.8.3pkg:npm/%40babel%2Fplugin-syntax-nullish-coalescing-operator@7.8.3 05
@babel/plugin-syntax-numeric-separator:7.10.4pkg:npm/%40babel%2Fplugin-syntax-numeric-separator@7.10.4 05
@babel/plugin-syntax-object-rest-spread:7.8.3pkg:npm/%40babel%2Fplugin-syntax-object-rest-spread@7.8.3 05
@babel/plugin-syntax-optional-catch-binding:7.8.3pkg:npm/%40babel%2Fplugin-syntax-optional-catch-binding@7.8.3 05
@babel/plugin-syntax-optional-chaining:7.8.3pkg:npm/%40babel%2Fplugin-syntax-optional-chaining@7.8.3 05
@babel/plugin-syntax-private-property-in-object:7.14.5pkg:npm/%40babel%2Fplugin-syntax-private-property-in-object@7.14.5 07
@babel/plugin-syntax-top-level-await:7.14.5pkg:npm/%40babel%2Fplugin-syntax-top-level-await@7.14.5 07
@babel/plugin-syntax-unicode-sets-regex:7.18.6pkg:npm/%40babel%2Fplugin-syntax-unicode-sets-regex@7.18.6 08
@babel/plugin-transform-arrow-functions:7.22.5pkg:npm/%40babel%2Fplugin-transform-arrow-functions@7.22.5 07
@babel/plugin-transform-async-generator-functions:7.23.2pkg:npm/%40babel%2Fplugin-transform-async-generator-functions@7.23.2 07
@babel/plugin-transform-async-to-generator:7.22.5pkg:npm/%40babel%2Fplugin-transform-async-to-generator@7.22.5 07
@babel/plugin-transform-block-scoped-functions:7.22.5pkg:npm/%40babel%2Fplugin-transform-block-scoped-functions@7.22.5 07
@babel/plugin-transform-block-scoping:7.23.0pkg:npm/%40babel%2Fplugin-transform-block-scoping@7.23.0 07
@babel/plugin-transform-class-properties:7.22.5pkg:npm/%40babel%2Fplugin-transform-class-properties@7.22.5 07
@babel/plugin-transform-class-static-block:7.22.11pkg:npm/%40babel%2Fplugin-transform-class-static-block@7.22.11 07
@babel/plugin-transform-classes:7.22.15pkg:npm/%40babel%2Fplugin-transform-classes@7.22.15 07
@babel/plugin-transform-computed-properties:7.22.5pkg:npm/%40babel%2Fplugin-transform-computed-properties@7.22.5 07
@babel/plugin-transform-destructuring:7.23.0pkg:npm/%40babel%2Fplugin-transform-destructuring@7.23.0 07
@babel/plugin-transform-dotall-regex:7.22.5pkg:npm/%40babel%2Fplugin-transform-dotall-regex@7.22.5 08
@babel/plugin-transform-duplicate-keys:7.22.5pkg:npm/%40babel%2Fplugin-transform-duplicate-keys@7.22.5 07
@babel/plugin-transform-dynamic-import:7.22.11pkg:npm/%40babel%2Fplugin-transform-dynamic-import@7.22.11 06
@babel/plugin-transform-exponentiation-operator:7.22.5pkg:npm/%40babel%2Fplugin-transform-exponentiation-operator@7.22.5 07
@babel/plugin-transform-export-namespace-from:7.22.11pkg:npm/%40babel%2Fplugin-transform-export-namespace-from@7.22.11 07
@babel/plugin-transform-for-of:7.22.15pkg:npm/%40babel%2Fplugin-transform-for-of@7.22.15 07
@babel/plugin-transform-function-name:7.22.5pkg:npm/%40babel%2Fplugin-transform-function-name@7.22.5 07
@babel/plugin-transform-json-strings:7.22.11pkg:npm/%40babel%2Fplugin-transform-json-strings@7.22.11 07
@babel/plugin-transform-literals:7.22.5pkg:npm/%40babel%2Fplugin-transform-literals@7.22.5 07
@babel/plugin-transform-logical-assignment-operators:7.22.11pkg:npm/%40babel%2Fplugin-transform-logical-assignment-operators@7.22.11 07
@babel/plugin-transform-member-expression-literals:7.22.5pkg:npm/%40babel%2Fplugin-transform-member-expression-literals@7.22.5 07
@babel/plugin-transform-modules-amd:7.23.0pkg:npm/%40babel%2Fplugin-transform-modules-amd@7.23.0 07
@babel/plugin-transform-modules-commonjs:7.23.0pkg:npm/%40babel%2Fplugin-transform-modules-commonjs@7.23.0 07
@babel/plugin-transform-modules-systemjs:7.23.0pkg:npm/%40babel%2Fplugin-transform-modules-systemjs@7.23.0 07
@babel/plugin-transform-modules-umd:7.22.5pkg:npm/%40babel%2Fplugin-transform-modules-umd@7.22.5 07
@babel/plugin-transform-named-capturing-groups-regex:7.22.5pkg:npm/%40babel%2Fplugin-transform-named-capturing-groups-regex@7.22.5 08
@babel/plugin-transform-new-target:7.22.5pkg:npm/%40babel%2Fplugin-transform-new-target@7.22.5 07
@babel/plugin-transform-nullish-coalescing-operator:7.22.11pkg:npm/%40babel%2Fplugin-transform-nullish-coalescing-operator@7.22.11 07
@babel/plugin-transform-numeric-separator:7.22.11pkg:npm/%40babel%2Fplugin-transform-numeric-separator@7.22.11 07
@babel/plugin-transform-object-rest-spread:7.22.15pkg:npm/%40babel%2Fplugin-transform-object-rest-spread@7.22.15 07
@babel/plugin-transform-object-super:7.22.5pkg:npm/%40babel%2Fplugin-transform-object-super@7.22.5 07
@babel/plugin-transform-optional-catch-binding:7.22.11pkg:npm/%40babel%2Fplugin-transform-optional-catch-binding@7.22.11 07
@babel/plugin-transform-optional-chaining:7.23.0pkg:npm/%40babel%2Fplugin-transform-optional-chaining@7.23.0 07
@babel/plugin-transform-parameters:7.22.15pkg:npm/%40babel%2Fplugin-transform-parameters@7.22.15 07
@babel/plugin-transform-private-methods:7.22.5pkg:npm/%40babel%2Fplugin-transform-private-methods@7.22.5 07
@babel/plugin-transform-private-property-in-object:7.22.11pkg:npm/%40babel%2Fplugin-transform-private-property-in-object@7.22.11 07
@babel/plugin-transform-property-literals:7.22.5pkg:npm/%40babel%2Fplugin-transform-property-literals@7.22.5 07
@babel/plugin-transform-regenerator:7.22.10pkg:npm/%40babel%2Fplugin-transform-regenerator@7.22.10 07
@babel/plugin-transform-reserved-words:7.22.5pkg:npm/%40babel%2Fplugin-transform-reserved-words@7.22.5 07
@babel/plugin-transform-shorthand-properties:7.22.5pkg:npm/%40babel%2Fplugin-transform-shorthand-properties@7.22.5 07
@babel/plugin-transform-spread:7.22.5pkg:npm/%40babel%2Fplugin-transform-spread@7.22.5 07
@babel/plugin-transform-sticky-regex:7.22.5pkg:npm/%40babel%2Fplugin-transform-sticky-regex@7.22.5 07
@babel/plugin-transform-template-literals:7.22.5pkg:npm/%40babel%2Fplugin-transform-template-literals@7.22.5 07
@babel/plugin-transform-typeof-symbol:7.22.5pkg:npm/%40babel%2Fplugin-transform-typeof-symbol@7.22.5 07
@babel/plugin-transform-unicode-escapes:7.22.10pkg:npm/%40babel%2Fplugin-transform-unicode-escapes@7.22.10 07
@babel/plugin-transform-unicode-property-regex:7.22.5pkg:npm/%40babel%2Fplugin-transform-unicode-property-regex@7.22.5 08
@babel/plugin-transform-unicode-regex:7.22.5pkg:npm/%40babel%2Fplugin-transform-unicode-regex@7.22.5 07
@babel/plugin-transform-unicode-sets-regex:7.22.5pkg:npm/%40babel%2Fplugin-transform-unicode-sets-regex@7.22.5 08
@babel/preset-env:7.23.2pkg:npm/%40babel%2Fpreset-env@7.23.2 08
@babel/preset-modules:0.1.6-no-external-pluginspkg:npm/%40babel%2Fpreset-modules@0.1.6-no-external-plugins 05
@babel/register:7.22.15pkg:npm/%40babel%2Fregister@7.22.15 08
@babel/regjsgen:0.8.0pkg:npm/%40babel%2Fregjsgen@0.8.0 09
@babel/runtime:7.22.15pkg:npm/%40babel%2Fruntime@7.22.15 07
@babel/template:7.22.15pkg:npm/%40babel%2Ftemplate@7.22.15 08
@babel/traverse:7.23.2pkg:npm/%40babel%2Ftraverse@7.23.2 08
@babel/types:7.23.0pkg:npm/%40babel%2Ftypes@7.23.0 08
@colors/colors:1.5.0pkg:npm/%40colors%2Fcolors@1.5.0 08
@csstools/selector-specificity:2.2.0pkg:npm/%40csstools%2Fselector-specificity@2.2.0 07
@devexpress/error-stack-parser:2.0.6pkg:npm/%40devexpress%2Ferror-stack-parser@2.0.6 07
@es-joy/jsdoccomment:0.40.1pkg:npm/%40es-joy%2Fjsdoccomment@0.40.1 08
@eslint-community/eslint-utils:4.4.0pkg:npm/%40eslint-community%2Feslint-utils@4.4.0 08
@eslint-community/regexpp:4.6.2pkg:npm/%40eslint-community%2Fregexpp@4.6.2 08
@eslint/eslintrc:2.1.2pkg:npm/%40eslint%2Feslintrc@2.1.2 08
@eslint/js:8.52.0pkg:npm/%40eslint%2Fjs@8.52.0 07
@fullcalendar/bootstrap:5.5.0pkg:npm/%40fullcalendar%2Fbootstrap@5.5.0 010
@fullcalendar/common:5.5.1pkg:npm/%40fullcalendar%2Fcommon@5.5.1 010
@fullcalendar/core:5.5.0pkg:npm/%40fullcalendar%2Fcore@5.5.0 010
@fullcalendar/daygrid:5.5.0pkg:npm/%40fullcalendar%2Fdaygrid@5.5.0 010
@fullcalendar/google-calendar:5.5.0pkg:npm/%40fullcalendar%2Fgoogle-calendar@5.5.0 010
@fullcalendar/interaction:5.5.0pkg:npm/%40fullcalendar%2Finteraction@5.5.0 010
@fullcalendar/list:5.5.0pkg:npm/%40fullcalendar%2Flist@5.5.0 010
@fullcalendar/luxon:5.5.0pkg:npm/%40fullcalendar%2Fluxon@5.5.0 010
@fullcalendar/moment-timezone:5.5.0pkg:npm/%40fullcalendar%2Fmoment-timezone@5.5.0 010
@fullcalendar/moment:5.5.0pkg:npm/%40fullcalendar%2Fmoment@5.5.0 010
@fullcalendar/rrule:5.5.0pkg:npm/%40fullcalendar%2Frrule@5.5.0 010
@fullcalendar/timegrid:5.5.0pkg:npm/%40fullcalendar%2Ftimegrid@5.5.0 010
@humanwhocodes/config-array:0.11.13pkg:npm/%40humanwhocodes%2Fconfig-array@0.11.13 08
@humanwhocodes/module-importer:1.0.1pkg:npm/%40humanwhocodes%2Fmodule-importer@1.0.1 06
@humanwhocodes/object-schema:2.0.1pkg:npm/%40humanwhocodes%2Fobject-schema@2.0.1 08
@isaacs/cliui:8.0.2pkg:npm/%40isaacs%2Fcliui@8.0.2 06
@jridgewell/gen-mapping:0.3.3pkg:npm/%40jridgewell%2Fgen-mapping@0.3.3 06
@jridgewell/resolve-uri:3.1.0pkg:npm/%40jridgewell%2Fresolve-uri@3.1.0 06
@jridgewell/set-array:1.1.2pkg:npm/%40jridgewell%2Fset-array@1.1.2 06
@jridgewell/sourcemap-codec:1.4.14pkg:npm/%40jridgewell%2Fsourcemap-codec@1.4.14 06
@jridgewell/sourcemap-codec:1.4.15pkg:npm/%40jridgewell%2Fsourcemap-codec@1.4.15 06
@jridgewell/trace-mapping:0.3.18pkg:npm/%40jridgewell%2Ftrace-mapping@0.3.18 06
@jsdoc/salty:0.2.5pkg:npm/%40jsdoc%2Fsalty@0.2.5 08
@kessler/tableify:1.0.2pkg:npm/%40kessler%2Ftableify@1.0.2 08
@nicolo-ribaudo/chokidar-2:2.1.8-no-fsevents.3pkg:npm/%40nicolo-ribaudo%2Fchokidar-2@2.1.8-no-fsevents.3 06
@nodelib/fs.scandir:2.1.5pkg:npm/%40nodelib%2Ffs.scandir@2.1.5 05
@nodelib/fs.stat:2.0.5pkg:npm/%40nodelib%2Ffs.stat@2.0.5 05
@nodelib/fs.walk:1.2.8pkg:npm/%40nodelib%2Ffs.walk@1.2.8 05
@npmcli/fs:3.1.0pkg:npm/%40npmcli%2Ffs@3.1.0 06
@npmcli/git:4.1.0pkg:npm/%40npmcli%2Fgit@4.1.0 06
@npmcli/installed-package-contents:2.0.2pkg:npm/%40npmcli%2Finstalled-package-contents@2.0.2 06
@npmcli/node-gyp:3.0.0pkg:npm/%40npmcli%2Fnode-gyp@3.0.0 06
@npmcli/promise-spawn:6.0.2pkg:npm/%40npmcli%2Fpromise-spawn@6.0.2 06
@npmcli/run-script:6.0.2pkg:npm/%40npmcli%2Frun-script@6.0.2 06
@pkgjs/parseargs:0.11.0pkg:npm/%40pkgjs%2Fparseargs@0.11.0 08
@pnpm/config.env-replace:1.1.0pkg:npm/%40pnpm%2Fconfig.env-replace@1.1.0 05
@pnpm/network.ca-file:1.0.2pkg:npm/%40pnpm%2Fnetwork.ca-file@1.0.2 05
@pnpm/npm-conf:2.2.2pkg:npm/%40pnpm%2Fnpm-conf@2.2.2 05
@sigstore/bundle:1.0.0pkg:npm/%40sigstore%2Fbundle@1.0.0 08
@sigstore/protobuf-specs:0.2.0pkg:npm/%40sigstore%2Fprotobuf-specs@0.2.0 08
@sigstore/tuf:1.0.3pkg:npm/%40sigstore%2Ftuf@1.0.3 08
@sindresorhus/is:5.4.1pkg:npm/%40sindresorhus%2Fis@5.4.1 08
@szmarczak/http-timer:5.0.1pkg:npm/%40szmarczak%2Fhttp-timer@5.0.1 08
@tootallnate/once:2.0.0pkg:npm/%40tootallnate%2Fonce@2.0.0 07
@tufjs/canonical-json:1.0.0pkg:npm/%40tufjs%2Fcanonical-json@1.0.0 08
@tufjs/models:1.0.4pkg:npm/%40tufjs%2Fmodels@1.0.4 08
@types/http-cache-semantics:4.0.1pkg:npm/%40types%2Fhttp-cache-semantics@4.0.1 06
@types/linkify-it:3.0.2pkg:npm/%40types%2Flinkify-it@3.0.2 06
@types/lodash:4.14.195pkg:npm/%40types%2Flodash@4.14.195 06
@types/markdown-it:12.2.3pkg:npm/%40types%2Fmarkdown-it@12.2.3 06
@types/mdurl:1.0.2pkg:npm/%40types%2Fmdurl@1.0.2 05
@types/minimatch:3.0.5pkg:npm/%40types%2Fminimatch@3.0.5 06
@types/minimist:1.2.2pkg:npm/%40types%2Fminimist@1.2.2 06
@types/normalize-package-data:2.4.1pkg:npm/%40types%2Fnormalize-package-data@2.4.1 06
@types/parse-json:4.0.0pkg:npm/%40types%2Fparse-json@4.0.0 05
@ungap/structured-clone:1.2.0pkg:npm/%40ungap%2Fstructured-clone@1.2.0 08
@vue/compiler-core:3.3.4pkg:npm/%40vue%2Fcompiler-core@3.3.4 08
@vue/compiler-dom:3.3.4pkg:npm/%40vue%2Fcompiler-dom@3.3.4 08
@vue/compiler-sfc:3.3.4pkg:npm/%40vue%2Fcompiler-sfc@3.3.4 08
@vue/compiler-ssr:3.3.4pkg:npm/%40vue%2Fcompiler-ssr@3.3.4 08
@vue/reactivity-transform:3.3.4pkg:npm/%40vue%2Freactivity-transform@3.3.4 08
@vue/shared:3.3.4pkg:npm/%40vue%2Fshared@3.3.4 08
FastInfoset-1.2.16.jarpkg:maven/com.sun.xml.fastinfoset/FastInfoset@1.2.16 036
HikariCP-3.4.5.jarpkg:maven/com.zaxxer/HikariCP@3.4.5 037
JavaEWAH-1.1.13.jarpkg:maven/com.googlecode.javaewah/JavaEWAH@1.1.13 033
SparseBitSet-1.2.jarcpe:2.3:a:bit_project:bit:1.2:*:*:*:*:*:*:*pkg:maven/com.zaxxer/SparseBitSet@1.2 0Low27
abbrev:1.1.1pkg:npm/abbrev@1.1.1 06
ace-builds:1.4.12pkg:npm/ace-builds@1.4.12 08
ace-diff:3.0.3pkg:npm/ace-diff@3.0.3 08
acorn-jsx:5.3.2pkg:npm/acorn-jsx@5.3.2 09
acorn:8.10.0pkg:npm/acorn@8.10.0 014
agent-base:6.0.2pkg:npm/agent-base@6.0.2 07
agentkeepalive:4.3.0pkg:npm/agentkeepalive@4.3.0 07
aggregate-error:3.1.0pkg:npm/aggregate-error@3.1.0 08
ajv:6.12.6cpe:2.3:a:ajv.js:ajv:6.12.6:*:*:*:*:*:*:*pkg:npm/ajv@6.12.6 0Highest8
ajv:8.12.0cpe:2.3:a:ajv.js:ajv:8.12.0:*:*:*:*:*:*:*pkg:npm/ajv@8.12.0 0Highest8
animal-sniffer-annotations-1.17.jarpkg:maven/org.codehaus.mojo/animal-sniffer-annotations@1.17 023
annotations-4.1.1.4.jarpkg:maven/com.google.android/annotations@4.1.1.4 020
ansi-align:3.0.1pkg:npm/ansi-align@3.0.1 08
ansi-escapes:4.3.2pkg:npm/ansi-escapes@4.3.2 08
ansi-regex:5.0.1cpe:2.3:a:ansi-regex_project:ansi-regex:5.0.1:*:*:*:*:*:*:*pkg:npm/ansi-regex@5.0.1 0Highest9
ansi-styles:3.2.1pkg:npm/ansi-styles@3.2.1 09
ansi-styles:4.3.0pkg:npm/ansi-styles@4.3.0 08
ant-1.10.9.jarcpe:2.3:a:apache:ant:1.10.9:*:*:*:*:*:*:*pkg:maven/org.apache.ant/ant@1.10.9MEDIUM2Highest24
antlr-2.7.7.jarpkg:maven/antlr/antlr@2.7.7 024
antlr-runtime-3.5.2.jarcpe:2.3:a:temporal:temporal:3.5.2:*:*:*:*:*:*:*pkg:maven/org.antlr/antlr-runtime@3.5.2 0Low39
anymatch:3.1.3pkg:npm/anymatch@3.1.3 08
aopalliance-1.0.jarpkg:maven/aopalliance/aopalliance@1.0 020
apache-mime4j-core-0.8.3.jarpkg:maven/org.apache.james/apache-mime4j-core@0.8.3 033
apache-mime4j-dom-0.8.3.jarpkg:maven/org.apache.james/apache-mime4j-dom@0.8.3 033
api-common-1.8.1.jarpkg:maven/com.google.api/api-common@1.8.1 029
aproba:2.0.0pkg:npm/aproba@2.0.0 08
are-docs-informative:0.0.2pkg:npm/are-docs-informative@0.0.2 06
are-we-there-yet:3.0.1pkg:npm/are-we-there-yet@3.0.1 08
argparse:2.0.1pkg:npm/argparse@2.0.1 05
array-buffer-byte-length:1.0.0pkg:npm/array-buffer-byte-length@1.0.0 08
array-differ:3.0.0pkg:npm/array-differ@3.0.0 08
array-union:2.1.0pkg:npm/array-union@2.1.0 08
array.prototype.reduce:1.0.5pkg:npm/array.prototype.reduce@1.0.5 08
arrify:1.0.1pkg:npm/arrify@1.0.1 08
arrify:2.0.1pkg:npm/arrify@2.0.1 08
asm-7.2.jarpkg:maven/org.ow2.asm/asm@7.2 053
astral-regex:2.0.0pkg:npm/astral-regex@2.0.0 08
auto-value-annotations-1.7.jarpkg:maven/com.google.auto.value/auto-value-annotations@1.7 028
autolink-0.10.0.jarpkg:maven/org.nibor.autolink/autolink@0.10.0 023
available-typed-arrays:1.0.5pkg:npm/available-typed-arrays@1.0.5 08
avalon-framework-impl-4.2.0.jarpkg:maven/avalon-framework/avalon-framework-impl@4.2.0 021
aws-s3-2.3.0.jarcpe:2.3:a:apache:jclouds:2.3.0:*:*:*:*:*:*:*pkg:maven/org.apache.jclouds.provider/aws-s3@2.3.0 0Highest35
azureblob-2.3.0.jarcpe:2.3:a:apache:jclouds:2.3.0:*:*:*:*:*:*:*pkg:maven/org.apache.jclouds.provider/azureblob@2.3.0 0Highest37
babel-plugin-polyfill-corejs2:0.4.6pkg:npm/babel-plugin-polyfill-corejs2@0.4.6 05
babel-plugin-polyfill-corejs3:0.8.5pkg:npm/babel-plugin-polyfill-corejs3@0.8.5 05
babel-plugin-polyfill-regenerator:0.5.3pkg:npm/babel-plugin-polyfill-regenerator@0.5.3 05
balanced-match:1.0.2pkg:npm/balanced-match@1.0.2 09
balanced-match:2.0.0pkg:npm/balanced-match@2.0.0 09
barcode4j-2.1.jarcpe:2.3:a:web_project:web:2.1:*:*:*:*:*:*:*pkg:maven/net.sf.barcode4j/barcode4j@2.1 0Low50
base64-2.3.8.jarpkg:maven/net.iharder/base64@2.3.8 034
base64-js:1.5.1pkg:npm/base64-js@1.5.1 08
bcmail-jdk15on-1.70.jarcpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle:1.70:*:*:*:*:*:*:*pkg:maven/org.bouncycastle/bcmail-jdk15on@1.70 0Low52
bcpg-jdk15on-1.70.jarcpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle:1.70:*:*:*:*:*:*:*pkg:maven/org.bouncycastle/bcpg-jdk15on@1.70 0Low54
bcpkix-jdk15on-1.70.jarcpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle:1.70:*:*:*:*:*:*:*pkg:maven/org.bouncycastle/bcpkix-jdk15on@1.70 0Low66
bcprov-ext-jdk15on-1.70.jarcpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle:1.70:*:*:*:*:*:*:*pkg:maven/org.bouncycastle/bcprov-ext-jdk15on@1.70MEDIUM1Low58
bcprov-jdk15on-1.70.jarcpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.70:*:*:*:*:*:*:*
cpe:2.3:a:bouncycastle:bouncy_castle_crypto_package:1.70:*:*:*:*:*:*:*
cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle:1.70:*:*:*:*:*:*:*
cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.70:*:*:*:*:*:*:*
cpe:2.3:a:bouncycastle:the_bouncy_castle_crypto_package_for_java:1.70:*:*:*:*:*:*:*		pkg:maven/org.bouncycastle/bcprov-jdk15on@1.70MEDIUM1Low60
bcutil-jdk15on-1.70.jarcpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle:1.70:*:*:*:*:*:*:*pkg:maven/org.bouncycastle/bcutil-jdk15on@1.70 0Low50
binary-extensions:2.2.0pkg:npm/binary-extensions@2.2.0 08
bl:4.1.0pkg:npm/bl@4.1.0 06
bluebird:3.7.2pkg:npm/bluebird@3.7.2 010
boilerpipe-1.1.0.jarpkg:maven/de.l3s.boilerpipe/boilerpipe@1.1.0 030
bootbox:5.5.2pkg:npm/bootbox@5.5.2moderate16
bootstrap-datetimepicker:0.0.7pkg:npm/bootstrap-datetimepicker@0.0.7 04
bootstrap:4.5.3cpe:2.3:a:getbootstrap:bootstrap:4.5.3:*:*:*:*:*:*:*pkg:npm/bootstrap@4.5.3 0Highest8
boxen:4.2.0pkg:npm/boxen@4.2.0 08
brace-expansion:1.1.11cpe:2.3:a:brace_expansion_project:brace_expansion:1.1.11:*:*:*:*:*:*:*pkg:npm/brace-expansion@1.1.11 0Highest9
braces:3.0.2cpe:2.3:a:braces_project:braces:3.0.2:*:*:*:*:*:*:*pkg:npm/braces@3.0.2 0Highest8
browserslist:4.22.1cpe:2.3:a:browserslist_project:browserslist:4.22.1:*:*:*:*:*:*:*pkg:npm/browserslist@4.22.1 0Highest6
bson-3.12.7.jarcpe:2.3:a:mongodb:bson:3.12.7:*:*:*:*:*:*:*pkg:maven/org.mongodb/bson@3.12.7 0Highest28
buffer-from:1.1.2pkg:npm/buffer-from@1.1.2 04
buffer:5.7.1pkg:npm/buffer@5.7.1 010
buffer:6.0.3pkg:npm/buffer@6.0.3 010
builtin-modules:3.3.0pkg:npm/builtin-modules@3.3.0 08
builtins:5.0.1pkg:npm/builtins@5.0.1 05
bzip2-0.9.1.jarcpe:2.3:a:bzip2_project:bzip2:0.9.1:*:*:*:*:*:*:*pkg:maven/org.itadaki/bzip2@0.9.1 0Highest20
c3p0-0.9.5.5.jarcpe:2.3:a:mchange:c3p0:0.9.5.5:*:*:*:*:*:*:*pkg:maven/com.mchange/c3p0@0.9.5.5 0Highest31
cacache:17.1.3pkg:npm/cacache@17.1.3 06
cacheable-lookup:7.0.0pkg:npm/cacheable-lookup@7.0.0 08
cacheable-request:10.2.12pkg:npm/cacheable-request@10.2.12 06
call-bind:1.0.2pkg:npm/call-bind@1.0.2 08
callsite-record:4.1.5pkg:npm/callsite-record@4.1.5 08
callsite:1.0.0pkg:npm/callsite@1.0.0 06
callsites:3.1.0pkg:npm/callsites@3.1.0 08
camelcase-keys:6.2.2pkg:npm/camelcase-keys@6.2.2 08
camelcase:5.3.1pkg:npm/camelcase@5.3.1 08
camelcase:6.3.0pkg:npm/camelcase@6.3.0 08
camelcase:7.0.1pkg:npm/camelcase@7.0.1 08
caniuse-lite:1.0.30001547pkg:npm/caniuse-lite@1.0.30001547 08
catharsis:0.9.0pkg:npm/catharsis@0.9.0 07
cdm-4.5.5.jarpkg:maven/edu.ucar/cdm@4.5.5 028
chalk:2.4.2pkg:npm/chalk@2.4.2 05
chalk:3.0.0pkg:npm/chalk@3.0.0 05
chalk:4.1.2pkg:npm/chalk@4.1.2 05
chardet:0.7.0pkg:npm/chardet@0.7.0 09
chart.js:2.9.4cpe:2.3:a:chartjs:chart.js:2.9.4:*:*:*:*:*:*:*pkg:npm/chart.js@2.9.4 0Highest7
chartjs-color-string:0.6.0pkg:npm/chartjs-color-string@0.6.0 06
chartjs-color:2.4.1pkg:npm/chartjs-color@2.4.1 05
checker-qual-3.8.0.jarpkg:maven/org.checkerframework/checker-qual@3.8.0 060
chokidar:3.5.3pkg:npm/chokidar@3.5.3 08
chownr:2.0.0cpe:2.3:a:chownr_project:chownr:2.0.0:*:*:*:*:*:*:*pkg:npm/chownr@2.0.0 0Highest6
ci-info:2.0.0pkg:npm/ci-info@2.0.0 08
clean-stack:2.2.0pkg:npm/clean-stack@2.2.0 08
cli-boxes:2.2.1pkg:npm/cli-boxes@2.2.1 08
cli-boxes:3.0.0pkg:npm/cli-boxes@3.0.0 08
cli-cursor:3.1.0pkg:npm/cli-cursor@3.1.0 08
cli-spinners:2.9.0pkg:npm/cli-spinners@2.9.0 08
cli-table3:0.6.3pkg:npm/cli-table3@0.6.3 08
cli-width:3.0.0pkg:npm/cli-width@3.0.0 08
cli:1.0.1cpe:2.3:a:cli_project:cli:1.0.1:*:*:*:*:*:*:*pkg:npm/cli@1.0.1 0Highest9
cliui:7.0.4pkg:npm/cliui@7.0.4 06
clone-deep:4.0.1pkg:npm/clone-deep@4.0.1 08
clone-response:1.0.3pkg:npm/clone-response@1.0.3 06
clone:1.0.4pkg:npm/clone@1.0.4 07
co:4.6.0pkg:npm/co@4.6.0 05
codemodel-2.3.2.jarpkg:maven/org.glassfish.jaxb/codemodel@2.3.2 024
color-convert:1.9.3pkg:npm/color-convert@1.9.3 06
color-convert:2.0.1pkg:npm/color-convert@2.0.1 06
color-name:1.1.3pkg:npm/color-name@1.1.3 08
color-name:1.1.4pkg:npm/color-name@1.1.4 08
color-support:1.1.3pkg:npm/color-support@1.1.3 06
colord:2.9.3pkg:npm/colord@2.9.3 06
commander:10.0.1pkg:npm/commander@10.0.1 06
commander:2.20.3pkg:npm/commander@2.20.3 06
commander:3.0.2pkg:npm/commander@3.0.2 06
commander:4.1.1pkg:npm/commander@4.1.1 06
comment-parser:1.4.0pkg:npm/comment-parser@1.4.0 08
commondir:1.0.1pkg:npm/commondir@1.0.1 08
commonmark-0.16.1.jarpkg:maven/com.atlassian.commonmark/commonmark@0.16.1 021
commonmark-ext-autolink-0.16.1.jarpkg:maven/com.atlassian.commonmark/commonmark-ext-autolink@0.16.1 021
commonmark-ext-gfm-strikethrough-0.16.1.jarpkg:maven/com.atlassian.commonmark/commonmark-ext-gfm-strikethrough@0.16.1 023
commonmark-ext-gfm-tables-0.16.1.jarpkg:maven/com.atlassian.commonmark/commonmark-ext-gfm-tables@0.16.1 023
commonmark-ext-heading-anchor-0.16.1.jarpkg:maven/com.atlassian.commonmark/commonmark-ext-heading-anchor@0.16.1 023
commonmark-ext-ins-0.16.1.jarpkg:maven/com.atlassian.commonmark/commonmark-ext-ins@0.16.1 021
commons-beanutils-1.9.4.jarcpe:2.3:a:apache:commons_beanutils:1.9.4:*:*:*:*:*:*:*pkg:maven/commons-beanutils/commons-beanutils@1.9.4 0Highest170
commons-cli-1.4.jarpkg:maven/commons-cli/commons-cli@1.4 087
commons-codec-1.15.jarpkg:maven/commons-codec/commons-codec@1.15 0110
commons-collections-3.2.2.jarcpe:2.3:a:apache:commons_collections:3.2.2:*:*:*:*:*:*:*pkg:maven/commons-collections/commons-collections@3.2.2 0Highest86
commons-collections4-4.4.jarcpe:2.3:a:apache:commons_collections:4.4:*:*:*:*:*:*:*pkg:maven/org.apache.commons/commons-collections4@4.4 0Highest107
commons-compress-1.20.jarcpe:2.3:a:apache:commons_compress:1.20:*:*:*:*:*:*:*pkg:maven/org.apache.commons/commons-compress@1.20HIGH4Highest97
commons-csv-1.8.jarpkg:maven/org.apache.commons/commons-csv@1.8 086
commons-digester-2.1.jarpkg:maven/commons-digester/commons-digester@2.1 098
commons-discovery-0.5.jarcpe:2.3:a:spirit-project:spirit:0.5:*:*:*:*:*:*:*pkg:maven/commons-discovery/commons-discovery@0.5MEDIUM1Low86
commons-email-1.5.jarcpe:2.3:a:apache:commons_email:1.5:*:*:*:*:*:*:*pkg:maven/org.apache.commons/commons-email@1.5 0Highest139
commons-exec-1.3.jarpkg:maven/org.apache.commons/commons-exec@1.3 061
commons-fileupload-1.4.jarcpe:2.3:a:apache:commons_fileupload:1.4:*:*:*:*:*:*:*pkg:maven/commons-fileupload/commons-fileupload@1.4HIGH1Highest117
commons-httpclient-3.1.jarcpe:2.3:a:apache:commons-httpclient:3.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:httpclient:3.1:*:*:*:*:*:*:*		pkg:maven/commons-httpclient/commons-httpclient@3.1MEDIUM2Highest91
commons-imaging-1.0-alpha2.jarcpe:2.3:a:apache:commons_imaging:1.0:pha2:*:*:*:*:*:*pkg:maven/org.apache.commons/commons-imaging@1.0-alpha2 0Highest69
commons-io-2.8.0.jarcpe:2.3:a:apache:commons_io:2.8.0:*:*:*:*:*:*:*pkg:maven/commons-io/commons-io@2.8.0 0Highest121
commons-lang-2.6.jarpkg:maven/commons-lang/commons-lang@2.6 0122
commons-lang3-3.11.jarpkg:maven/org.apache.commons/commons-lang3@3.11 0140
commons-logging-1.2.jarpkg:maven/commons-logging/commons-logging@1.2 0117
commons-math3-3.6.1.jarpkg:maven/org.apache.commons/commons-math3@3.6.1 0137
commons-net-3.7.2.jarcpe:2.3:a:apache:commons_net:3.7.2:*:*:*:*:*:*:*pkg:maven/commons-net/commons-net@3.7.2MEDIUM1Highest101
commons-pool2-2.11.1.jarpkg:maven/org.apache.commons/commons-pool2@2.11.1 092
commons-validator-1.7.jarpkg:maven/commons-validator/commons-validator@1.7 0127
commons-vfs2-2.7.0.jarpkg:maven/org.apache.commons/commons-vfs2@2.7.0 042
concat-map:0.0.1pkg:npm/concat-map@0.0.1 08
config-chain:1.1.13pkg:npm/config-chain@1.1.13 07
configstore:5.0.1pkg:npm/configstore@5.0.1 08
conscrypt-openjdk-uber-2.2.1.jarpkg:maven/org.conscrypt/conscrypt-openjdk-uber@2.2.1 033
conscrypt-openjdk-uber-2.2.1.jar: conscrypt_openjdk_jni-windows-x86.dll 04
conscrypt-openjdk-uber-2.2.1.jar: conscrypt_openjdk_jni-windows-x86_64.dll 02
console-browserify:1.1.0pkg:npm/console-browserify@1.1.0 09
console-control-strings:1.1.0pkg:npm/console-control-strings@1.1.0 06
convert-source-map:2.0.0pkg:npm/convert-source-map@2.0.0 09
core-3.0.1.jarpkg:maven/com.google.zxing/core@3.0.1 020
core-js-compat:3.33.0pkg:npm/core-js-compat@3.33.0 08
core-js:3.31.0pkg:npm/core-js@3.31.0 08
core-util-is:1.0.3pkg:npm/core-util-is@1.0.3 07
cosmiconfig:7.1.0pkg:npm/cosmiconfig@7.1.0 08
cross-spawn:7.0.3pkg:npm/cross-spawn@7.0.3 07
crypto-random-string:2.0.0pkg:npm/crypto-random-string@2.0.0 08
css-functions-list:3.1.0pkg:npm/css-functions-list@3.1.0 08
cssesc:3.0.0pkg:npm/cssesc@3.0.0 09
curvesapi-1.06.jarpkg:maven/com.github.virtuald/curvesapi@1.06 024
date-now:0.1.4pkg:npm/date-now@0.1.4 09
debug:4.3.4cpe:2.3:a:debug_project:debug:4.3.4:*:*:*:*:*:*:*pkg:npm/debug@4.3.4 0Highest6
dec-0.1.2.jarpkg:maven/org.brotli/dec@0.1.2 023
decamelize-keys:1.1.1pkg:npm/decamelize-keys@1.1.1 08
decamelize:1.2.0cpe:2.3:a:decamelize_project:decamelize:1.2.0:*:*:*:*:*:*:*pkg:npm/decamelize@1.2.0 0Highest8
decompress-response:6.0.0pkg:npm/decompress-response@6.0.0 08
deep-extend:0.6.0cpe:2.3:a:deep_extend_project:deep_extend:0.6.0:*:*:*:*:*:*:*pkg:npm/deep-extend@0.6.0 0Highest8
deep-is:0.1.4pkg:npm/deep-is@0.1.4 08
defaults:1.0.4pkg:npm/defaults@1.0.4 06
defer-to-connect:1.1.3pkg:npm/defer-to-connect@1.1.3 08
defer-to-connect:2.0.1pkg:npm/defer-to-connect@2.0.1 08
define-properties:1.2.0pkg:npm/define-properties@1.2.0 06
delegates:1.0.0pkg:npm/delegates@1.0.0 05
depcheck:1.4.3pkg:npm/depcheck@1.4.3 07
depd:2.0.0pkg:npm/depd@2.0.0 06
deps-regex:0.1.4pkg:npm/deps-regex@0.1.4 08
diff-match-patch:1.0.5pkg:npm/diff-match-patch@1.0.5 05
diffutils-1.3.0.jarcpe:2.3:a:utils_project:utils:1.3.0:*:*:*:*:*:*:*pkg:maven/com.googlecode.java-diff-utils/diffutils@1.3.0MEDIUM1Highest19
dir-glob:3.0.1pkg:npm/dir-glob@3.0.1 08
docdash:2.0.2pkg:npm/docdash@2.0.2 06
doctrine:3.0.0cpe:2.3:a:doctrine-project:doctrine:3.0.0:*:*:*:*:*:*:*pkg:npm/doctrine@3.0.0 0Highest12
docusign-esign-java-3.5.0.jarpkg:maven/com.docusign/docusign-esign-java@3.5.0 032
docx4j-ImportXHTML-8.0.0.jarpkg:maven/org.docx4j/docx4j-ImportXHTML@8.0.0 029
docx4j-JAXB-ReferenceImpl-11.2.8.jarpkg:maven/org.docx4j/docx4j-JAXB-ReferenceImpl@11.2.8 030
docx4j-core-11.2.8.jarpkg:maven/org.docx4j/docx4j-core@11.2.8 034
docx4j-openxml-objects-11.2.8.jarpkg:maven/org.docx4j/docx4j-openxml-objects@11.2.8 026
docx4j-openxml-objects-pml-11.2.8.jarpkg:maven/org.docx4j/docx4j-openxml-objects-pml@11.2.8 026
docx4j-openxml-objects-sml-11.2.8.jarpkg:maven/org.docx4j/docx4j-openxml-objects-sml@11.2.8 026
dom-serializer:0.2.2pkg:npm/dom-serializer@0.2.2 06
domelementtype:1.3.1pkg:npm/domelementtype@1.3.1 06
domelementtype:2.3.0pkg:npm/domelementtype@2.3.0 06
domhandler:2.3.0pkg:npm/domhandler@2.3.0 06
domutils:1.5.1pkg:npm/domutils@1.5.1 06
dot-prop:5.3.0cpe:2.3:a:dot-prop_project:dot-prop:5.3.0:*:*:*:*:*:*:*pkg:npm/dot-prop@5.3.0 0Highest8
dot-prop:6.0.1cpe:2.3:a:dot-prop_project:dot-prop:6.0.1:*:*:*:*:*:*:*pkg:npm/dot-prop@6.0.1 0Highest8
dtd-parser-1.4.1.jarpkg:maven/com.sun.xml.dtd-parser/dtd-parser@1.4.1 044
duplexer3:0.1.5pkg:npm/duplexer3@0.1.5 05
eastasianwidth:0.2.0pkg:npm/eastasianwidth@0.2.0 06
eddsa-0.3.0.jarpkg:maven/net.i2p.crypto/eddsa@0.3.0 035
editorconfig:0.15.3pkg:npm/editorconfig@0.15.3 07
ehcache-core-2.6.2.jarpkg:maven/net.sf.ehcache/ehcache-core@2.6.2 022
ehcache-core-2.6.2.jar: sizeof-agent.jarpkg:maven/net.sf.ehcache/sizeof-agent@1.0.1 028
electron-to-chromium:1.4.553pkg:npm/electron-to-chromium@1.4.553 06
emoji-regex:8.0.0pkg:npm/emoji-regex@8.0.0 09
encoding:0.1.13pkg:npm/encoding@0.1.13 06
end-of-stream:1.4.4pkg:npm/end-of-stream@1.4.4 08
entities:1.0.0pkg:npm/entities@1.0.0 06
entities:2.1.0pkg:npm/entities@2.1.0 06
entities:2.2.0pkg:npm/entities@2.2.0 06
env-paths:2.2.1pkg:npm/env-paths@2.2.1 08
eol:0.9.1pkg:npm/eol@0.9.1 08
err-code:2.0.3pkg:npm/err-code@2.0.3 07
error-ex:1.3.2pkg:npm/error-ex@1.3.2 05
error_prone_annotations-2.3.4.jarpkg:maven/com.google.errorprone/error_prone_annotations@2.3.4 021
es-abstract:1.21.2pkg:npm/es-abstract@1.21.2 08
es-array-method-boxes-properly:1.0.0pkg:npm/es-array-method-boxes-properly@1.0.0 08
es-set-tostringtag:2.0.1pkg:npm/es-set-tostringtag@2.0.1 08
es-to-primitive:1.2.1pkg:npm/es-to-primitive@1.2.1 06
escalade:3.1.1pkg:npm/escalade@3.1.1 08
escape-goat:2.1.1pkg:npm/escape-goat@2.1.1 08
escape-string-regexp:1.0.5pkg:npm/escape-string-regexp@1.0.5 08
escape-string-regexp:2.0.0pkg:npm/escape-string-regexp@2.0.0 08
escape-string-regexp:4.0.0pkg:npm/escape-string-regexp@4.0.0 08
eslint-plugin-jsdoc:46.8.2pkg:npm/eslint-plugin-jsdoc@46.8.2 08
eslint-scope:7.2.2pkg:npm/eslint-scope@7.2.2 07
eslint-visitor-keys:3.4.3pkg:npm/eslint-visitor-keys@3.4.3 08
eslint:8.52.0pkg:npm/eslint@8.52.0 08
espree:9.6.1pkg:npm/espree@9.6.1 08
esprima:4.0.1pkg:npm/esprima@4.0.1 012
esquery:1.5.0pkg:npm/esquery@1.5.0 08
esrecurse:4.3.0pkg:npm/esrecurse@4.3.0 09
estraverse:5.3.0pkg:npm/estraverse@5.3.0 09
estree-walker:2.0.2pkg:npm/estree-walker@2.0.2 06
esutils:2.0.3pkg:npm/esutils@2.0.3 09
execa:5.1.1pkg:npm/execa@5.1.1 08
exit:0.1.2pkg:npm/exit@0.1.2 09
exponential-backoff:3.1.1pkg:npm/exponential-backoff@3.1.1 08
external-editor:3.1.0pkg:npm/external-editor@3.1.0 08
failureaccess-1.0.1.jarpkg:maven/com.google.guava/failureaccess@1.0.1 030
fast-and-simple-minify-1.0.jarpkg:maven/ch.simschla/fast-and-simple-minify@1.0 028
fast-deep-equal:3.1.3pkg:npm/fast-deep-equal@3.1.3 08
fast-glob:3.3.0pkg:npm/fast-glob@3.3.0 07
fast-json-stable-stringify:2.1.0pkg:npm/fast-json-stable-stringify@2.1.0 09
fast-levenshtein:2.0.6pkg:npm/fast-levenshtein@2.0.6 06
fast-memoize:2.5.2pkg:npm/fast-memoize@2.5.2 08
fastest-levenshtein:1.0.16pkg:npm/fastest-levenshtein@1.0.16 08
fastq:1.15.0pkg:npm/fastq@1.15.0 08
figures:3.2.0pkg:npm/figures@3.2.0 08
file-entry-cache:6.0.1pkg:npm/file-entry-cache@6.0.1 07
fill-range:7.0.1pkg:npm/fill-range@7.0.1 08
find-cache-dir:2.1.0pkg:npm/find-cache-dir@2.1.0 05
find-up:3.0.0pkg:npm/find-up@3.0.0 08
find-up:4.1.0pkg:npm/find-up@4.1.0 08
find-up:5.0.0pkg:npm/find-up@5.0.0 08
find-yarn-workspace-root2:1.2.16pkg:npm/find-yarn-workspace-root2@1.2.16 08
firebase-admin-6.12.0.jarpkg:maven/com.google.firebase/firebase-admin@6.12.0 034
flat-cache:3.0.4pkg:npm/flat-cache@3.0.4 07
flatted:3.2.7pkg:npm/flatted@3.2.7 08
fontbox-2.0.22.jarpkg:maven/org.apache.pdfbox/fontbox@2.0.22 035
for-each:0.3.3pkg:npm/for-each@0.3.3 09
foreground-child:3.1.1pkg:npm/foreground-child@3.1.1 06
form-data-encoder:2.1.4pkg:npm/form-data-encoder@2.1.4 06
fp-and-or:0.1.4pkg:npm/fp-and-or@0.1.4 08
fs-extra:8.1.0pkg:npm/fs-extra@8.1.0 07
fs-minipass:2.1.0pkg:npm/fs-minipass@2.1.0 08
fs-minipass:3.0.2pkg:npm/fs-minipass@3.0.2 08
fs-readdir-recursive:1.1.0pkg:npm/fs-readdir-recursive@1.1.0 09
fs.realpath:1.0.0pkg:npm/fs.realpath@1.0.0 06
function-bind:1.1.1pkg:npm/function-bind@1.1.1 09
function.prototype.name:1.1.5pkg:npm/function.prototype.name@1.1.5 06
functions-have-names:1.2.3pkg:npm/functions-have-names@1.2.3 08
fuzzywuzzy-1.3.1.jar (shaded: me.xdrop:diffutils:1.3)pkg:maven/me.xdrop/diffutils@1.3 07
fuzzywuzzy-1.3.1.jar (shaded: me.xdrop:fuzzywuzzy-build:1.3.1)pkg:maven/me.xdrop/fuzzywuzzy-build@1.3.1 011
fuzzywuzzy-1.3.1.jarpkg:maven/me.xdrop/fuzzywuzzy@1.3.1 028
gauge:4.0.4pkg:npm/gauge@4.0.4 08
gax-1.52.0.jarpkg:maven/com.google.api/gax@1.52.0 034
gax-grpc-1.52.0.jarcpe:2.3:a:grpc:grpc:1.52.0:*:*:*:*:*:*:*pkg:maven/com.google.api/gax-grpc@1.52.0HIGH5Highest36
gax-httpjson-0.69.0.jarcpe:2.3:a:json-java_project:json-java:0.69.0:*:*:*:*:*:*:*pkg:maven/com.google.api/gax-httpjson@0.69.0HIGH2Low36
gensync:1.0.0-beta.2pkg:npm/gensync@1.0.0-beta.2 07
geoapi-3.0.1.jarpkg:maven/org.opengis/geoapi@3.0.1 039
get-caller-file:2.0.5pkg:npm/get-caller-file@2.0.5 08
get-intrinsic:1.2.1pkg:npm/get-intrinsic@1.2.1 08
get-stdin:5.0.1pkg:npm/get-stdin@5.0.1 08
get-stdin:8.0.0pkg:npm/get-stdin@8.0.0 08
get-stream:5.2.0pkg:npm/get-stream@5.2.0 08
get-stream:6.0.1pkg:npm/get-stream@6.0.1 08
get-symbol-description:1.0.0pkg:npm/get-symbol-description@1.0.0 08
giturl:1.0.3pkg:npm/giturl@1.0.3 09
glob-parent:5.1.2cpe:2.3:a:gulpjs:glob-parent:5.1.2:*:*:*:*:*:*:*pkg:npm/glob-parent@5.1.2 0Highest6
glob-parent:6.0.2cpe:2.3:a:gulpjs:glob-parent:6.0.2:*:*:*:*:*:*:*pkg:npm/glob-parent@6.0.2 0Highest6
glob:10.3.3pkg:npm/glob@10.3.3 06
glob:7.2.3pkg:npm/glob@7.2.3 06
global-dirs:2.1.0pkg:npm/global-dirs@2.1.0 08
global-modules:2.0.0pkg:npm/global-modules@2.0.0 08
global-prefix:3.0.0pkg:npm/global-prefix@3.0.0 08
globals:11.12.0pkg:npm/globals@11.12.0 08
globals:13.20.0pkg:npm/globals@13.20.0 08
globalthis:1.0.3pkg:npm/globalthis@1.0.3 06
globby:11.1.0pkg:npm/globby@11.1.0 08
globjoin:0.1.4pkg:npm/globjoin@0.1.4 08
google-api-client-1.30.7.jarpkg:maven/com.google.api-client/google-api-client@1.30.7 039
google-api-client-gson-1.30.7.jarcpe:2.3:a:json-java_project:json-java:1.30.7:*:*:*:*:*:*:*pkg:maven/com.google.api-client/google-api-client-gson@1.30.7HIGH2Low39
google-api-services-calendar-v3-rev20191117-1.30.3.jarpkg:maven/com.google.apis/google-api-services-calendar@v3-rev20191117-1.30.3 026
google-api-services-drive-v3-rev20191108-1.30.3.jarcpe:2.3:a:google:drive:v3.rev20191108.1.30.3:*:*:*:*:*:*:*pkg:maven/com.google.apis/google-api-services-drive@v3-rev20191108-1.30.3 0Highest26
google-api-services-gmail-v1-rev20191113-1.30.3.jarcpe:2.3:a:google:gmail:v1.rev20191113.1.30.3:*:*:*:*:*:*:*pkg:maven/com.google.apis/google-api-services-gmail@v1-rev20191113-1.30.3 0Highest26
google-api-services-plus-v1-rev20190328-1.30.1.jarpkg:maven/com.google.apis/google-api-services-plus@v1-rev20190328-1.30.1 026
google-api-services-sheets-v4-rev20191213-1.30.3.jarpkg:maven/com.google.apis/google-api-services-sheets@v4-rev20191213-1.30.3 026
google-api-services-storage-v1-rev20191011-1.30.3.jarpkg:maven/com.google.apis/google-api-services-storage@v1-rev20191011-1.30.3 026
google-api-services-translate-v2-rev20170525-1.30.1.jarpkg:maven/com.google.apis/google-api-services-translate@v2-rev20170525-1.30.1 026
google-api-services-youtube-v3-rev20190827-1.30.1.jarpkg:maven/com.google.apis/google-api-services-youtube@v3-rev20190827-1.30.1 026
google-auth-library-credentials-0.19.0.jarpkg:maven/com.google.auth/google-auth-library-credentials@0.19.0 023
google-auth-library-oauth2-http-0.19.0.jarpkg:maven/com.google.auth/google-auth-library-oauth2-http@0.19.0 025
google-cloud-core-1.91.3.jarpkg:maven/com.google.cloud/google-cloud-core@1.91.3 029
google-cloud-core-grpc-1.92.1.jarcpe:2.3:a:grpc:grpc:1.92.1:*:*:*:*:*:*:*pkg:maven/com.google.cloud/google-cloud-core-grpc@1.92.1 0Highest31
google-cloud-core-http-1.92.1.jarpkg:maven/com.google.cloud/google-cloud-core-http@1.92.1 031
google-cloud-firestore-1.31.0.jarpkg:maven/com.google.cloud/google-cloud-firestore@1.31.0 033
google-cloud-pubsub-1.102.0.jarpkg:maven/com.google.cloud/google-cloud-pubsub@1.102.0 031
google-cloud-storage-1.103.0.jarpkg:maven/com.google.cloud/google-cloud-storage@1.103.0 031
google-cloud-storage-2.3.0.jarcpe:2.3:a:apache:jclouds:2.3.0:*:*:*:*:*:*:*pkg:maven/org.apache.jclouds.provider/google-cloud-storage@2.3.0 0Highest31
google-http-client-1.34.0.jarpkg:maven/com.google.http-client/google-http-client@1.34.0 039
google-http-client-appengine-1.34.0.jarpkg:maven/com.google.http-client/google-http-client-appengine@1.34.0 025
google-http-client-gson-1.34.0.jarpkg:maven/com.google.http-client/google-http-client-gson@1.34.0 025
google-http-client-jackson-1.29.2.jarcpe:2.3:a:apache:httpclient:1.29.2:*:*:*:*:*:*:*pkg:maven/com.google.http-client/google-http-client-jackson@1.29.2MEDIUM1Low33
google-http-client-jackson2-1.34.0.jarcpe:2.3:a:json-java_project:json-java:1.34.0:*:*:*:*:*:*:*pkg:maven/com.google.http-client/google-http-client-jackson2@1.34.0HIGH2Low25
google-java-format-1.11.0.jarpkg:maven/com.google.googlejavaformat/google-java-format@1.11.0 029
google-oauth-client-1.30.5.jarcpe:2.3:a:google:oauth_client_library_for_java:1.30.5:*:*:*:*:*:*:*pkg:maven/com.google.oauth-client/google-oauth-client@1.30.5CRITICAL2Low41
googlecloud-2.3.0.jarcpe:2.3:a:apache:jclouds:2.3.0:*:*:*:*:*:*:*pkg:maven/org.apache.jclouds.common/googlecloud@2.3.0 0Highest33
gopd:1.0.1pkg:npm/gopd@1.0.1 08
got:12.6.1cpe:2.3:a:got_project:got:12.6.1:*:*:*:*:*:*:*pkg:npm/got@12.6.1 0Highest5
got:13.0.0cpe:2.3:a:got_project:got:13.0.0:*:*:*:*:*:*:*pkg:npm/got@13.0.0 0Highest5
got:9.6.0cpe:2.3:a:got_project:got:9.6.0:*:*:*:*:*:*:*pkg:npm/got@9.6.0MEDIUM1Highest5
graceful-fs:4.2.11pkg:npm/graceful-fs@4.2.11 05
graphemer:1.4.0pkg:npm/graphemer@1.4.0 08
graphics2d-0.30.jarpkg:maven/de.rototor.pdfbox/graphics2d@0.30 025
grib-4.5.5.jarpkg:maven/edu.ucar/grib@4.5.5 041
grpc-context-1.22.1.jarcpe:2.3:a:grpc:grpc:1.22.1:*:*:*:*:*:*:*pkg:maven/io.grpc/grpc-context@1.22.1HIGH3Highest35
grpc-core-1.25.0.jarcpe:2.3:a:grpc:grpc:1.25.0:*:*:*:*:*:*:*pkg:maven/io.grpc/grpc-core@1.25.0HIGH4Highest33
grpc-netty-shaded-1.25.0.jar (shaded: io.netty:netty-codec-http:4.1.42.Final)cpe:2.3:a:netty:netty:4.1.42:*:*:*:*:*:*:*pkg:maven/io.netty/netty-codec-http@4.1.42.FinalCRITICAL15Highest9
grpc-netty-shaded-1.25.0.jar (shaded: io.netty:netty-codec:4.1.42.Final)cpe:2.3:a:netty:netty:4.1.42:*:*:*:*:*:*:*pkg:maven/io.netty/netty-codec@4.1.42.FinalCRITICAL15Highest9
grpc-netty-shaded-1.25.0.jar (shaded: io.netty:netty-tcnative-boringssl-static:2.0.26.Final)pkg:maven/io.netty/netty-tcnative-boringssl-static@2.0.26.Final 09
grpc-netty-shaded-1.25.0.jar (shaded: io.netty:netty-transport:4.1.42.Final)cpe:2.3:a:netty:netty:4.1.42:*:*:*:*:*:*:*pkg:maven/io.netty/netty-transport@4.1.42.FinalCRITICAL14Highest9
grpc-netty-shaded-1.25.0.jar (shaded: org.jctools:jctools-core:2.1.1)pkg:maven/org.jctools/jctools-core@2.1.1 09
grpc-netty-shaded-1.25.0.jar: io_grpc_netty_shaded_netty_tcnative_windows_x86_64.dll 02
grpc-protobuf-1.25.0.jarcpe:2.3:a:grpc:grpc:1.25.0:*:*:*:*:*:*:*
cpe:2.3:a:protobuf:protobuf:1.25.0:*:*:*:*:*:*:*		pkg:maven/io.grpc/grpc-protobuf@1.25.0HIGH4Highest35
gson-2.8.6.jarcpe:2.3:a:google:gson:2.8.6:*:*:*:*:*:*:*pkg:maven/com.google.code.gson/gson@2.8.6HIGH1Highest27
guava-30.1-jre.jarcpe:2.3:a:google:guava:30.1:*:*:*:*:*:*:*pkg:maven/com.google.guava/guava@30.1-jreHIGH2Highest25
guice-4.2.3.jar (shaded: cglib:cglib:3.3.0)pkg:maven/cglib/cglib@3.3.0 07
guice-4.2.3.jarpkg:maven/com.google.inject/guice@4.2.3 036
guice-assistedinject-4.2.3.jarpkg:maven/com.google.inject.extensions/guice-assistedinject@4.2.3 033
h2-1.4.200.jarcpe:2.3:a:h2database:h2:1.4.200:*:*:*:*:*:*:*pkg:maven/com.h2database/h2@1.4.200CRITICAL5Highest44
h2-1.4.200.jar: data.zip: table.js 00
h2-1.4.200.jar: data.zip: tree.js 00
hadoop-hdfs-client-3.3.0.jarcpe:2.3:a:apache:hadoop:3.3.0:*:*:*:*:*:*:*pkg:maven/org.apache.hadoop/hadoop-hdfs-client@3.3.0CRITICAL4Highest27
hamcrest-core-1.3.jarpkg:maven/org.hamcrest/hamcrest-core@1.3 024
handlebars:4.7.7cpe:2.3:a:handlebarsjs:handlebars:4.7.7:*:*:*:*:*:*:*pkg:npm/handlebars@4.7.7 0Highest7
hard-rejection:2.1.0pkg:npm/hard-rejection@2.1.0 08
has-bigints:1.0.2pkg:npm/has-bigints@1.0.2 08
has-flag:3.0.0pkg:npm/has-flag@3.0.0 08
has-property-descriptors:1.0.0pkg:npm/has-property-descriptors@1.0.0 08
has-proto:1.0.1pkg:npm/has-proto@1.0.1 08
has-symbols:1.0.3pkg:npm/has-symbols@1.0.3 010
has-tostringtag:1.0.0pkg:npm/has-tostringtag@1.0.0 010
has-unicode:2.0.1pkg:npm/has-unicode@2.0.1 08
has-yarn:2.1.0pkg:npm/has-yarn@2.1.0 08
has:1.0.3pkg:npm/has@1.0.3 09
highlight-es:1.0.3pkg:npm/highlight-es@1.0.3 08
highlight.js:10.5.0cpe:2.3:a:highlightjs:highlight.js:10.5.0:*:*:*:*:*:*:*pkg:npm/highlight.js@10.5.0 0Highest9
homedir-polyfill:1.0.3pkg:npm/homedir-polyfill@1.0.3 08
hosted-git-info:4.1.0pkg:npm/hosted-git-info@4.1.0 08
hosted-git-info:5.2.1pkg:npm/hosted-git-info@5.2.1 08
hsqldb-2.5.2.jarcpe:2.3:a:hsqldb:hypersql_database:2.5.2:*:*:*:*:*:*:*pkg:maven/org.hsqldb/hsqldb@2.5.2CRITICAL1Low41
html-tags:3.3.1pkg:npm/html-tags@3.3.1 08
htmlparser2:3.8.3pkg:npm/htmlparser2@3.8.3 08
http-cache-semantics:4.1.1cpe:2.3:a:http-cache-semantics_project:http-cache-semantics:4.1.1:*:*:*:*:*:*:*pkg:npm/http-cache-semantics@4.1.1 0Highest6
http-proxy-agent:5.0.0cpe:2.3:a:http-proxy-agent_project:http-proxy-agent:5.0.0:*:*:*:*:*:*:*pkg:npm/http-proxy-agent@5.0.0 0Highest7
http2-wrapper:2.2.0pkg:npm/http2-wrapper@2.2.0 08
httpasyncclient-4.1.4.jarcpe:2.3:a:apache:httpasyncclient:4.1.4:*:*:*:*:*:*:*pkg:maven/org.apache.httpcomponents/httpasyncclient@4.1.4 0Highest25
httpclient-4.5.13.jarcpe:2.3:a:apache:httpclient:4.5.13:*:*:*:*:*:*:*pkg:maven/org.apache.httpcomponents/httpclient@4.5.13 0Highest32
httpcore-4.4.14.jarpkg:maven/org.apache.httpcomponents/httpcore@4.4.14 032
httpcore-nio-4.4.14.jarpkg:maven/org.apache.httpcomponents/httpcore-nio@4.4.14 030
httpmime-4.5.13.jarpkg:maven/org.apache.httpcomponents/httpmime@4.5.13 030
https-proxy-agent:5.0.1cpe:2.3:a:https-proxy-agent_project:https-proxy-agent:5.0.1:*:*:*:*:*:*:*pkg:npm/https-proxy-agent@5.0.1 0Highest7
httpservices-4.5.5.jarpkg:maven/edu.ucar/httpservices@4.5.5 025
human-signals:2.1.0pkg:npm/human-signals@2.1.0 08
humanize-ms:1.2.1pkg:npm/humanize-ms@1.2.1 08
ical.js:1.5.0pkg:npm/ical.js@1.5.0 06
iconv-lite:0.4.24pkg:npm/iconv-lite@0.4.24 08
iconv-lite:0.6.3pkg:npm/iconv-lite@0.6.3 08
icu4j-68.2.jarcpe:2.3:a:icu-project:international_components_for_unicode:68.2:*:*:*:*:*:*:*
cpe:2.3:a:unicode:international_components_for_unicode:68.2:*:*:*:*:*:*:*		pkg:maven/com.ibm.icu/icu4j@68.2 0Low79
ieee754:1.2.1pkg:npm/ieee754@1.2.1 08
ignore-walk:6.0.3pkg:npm/ignore-walk@6.0.3 06
ignore:5.2.4pkg:npm/ignore@5.2.4 07
immediate:3.0.6pkg:npm/immediate@3.0.6 06
immutable:4.3.0pkg:npm/immutable@4.3.0 09
import-fresh:3.3.0pkg:npm/import-fresh@3.3.0 08
import-lazy:2.1.0pkg:npm/import-lazy@2.1.0 08
import-lazy:4.0.0pkg:npm/import-lazy@4.0.0 08
imurmurhash:0.1.4pkg:npm/imurmurhash@0.1.4 010
indent-string:4.0.0pkg:npm/indent-string@4.0.0 08
inflight:1.0.6pkg:npm/inflight@1.0.6 08
inherits:2.0.4pkg:npm/inherits@2.0.4 05
ini:1.3.8cpe:2.3:a:ini_project:ini:1.3.8:*:*:*:*:*:*:*pkg:npm/ini@1.3.8 0Highest6
ini:2.0.0cpe:2.3:a:ini_project:ini:2.0.0:*:*:*:*:*:*:*pkg:npm/ini@2.0.0 0Highest6
ini:4.1.1cpe:2.3:a:ini_project:ini:4.1.1:*:*:*:*:*:*:*pkg:npm/ini@4.1.1 0Highest6
inquirer:7.3.3pkg:npm/inquirer@7.3.3 06
internal-slot:1.0.5pkg:npm/internal-slot@1.0.5 08
invariant:2.2.4pkg:npm/invariant@2.2.4 06
ip:2.0.0pkg:npm/ip@2.0.0 06
is-array-buffer:3.0.2pkg:npm/is-array-buffer@3.0.2 08
is-arrayish:0.2.1pkg:npm/is-arrayish@0.2.1 06
is-bigint:1.0.4pkg:npm/is-bigint@1.0.4 08
is-binary-path:2.1.0pkg:npm/is-binary-path@2.1.0 08
is-boolean-object:1.1.2pkg:npm/is-boolean-object@1.1.2 06
is-builtin-module:3.2.1pkg:npm/is-builtin-module@3.2.1 08
is-callable:1.2.7pkg:npm/is-callable@1.2.7 08
is-ci:2.0.0pkg:npm/is-ci@2.0.0 08
is-core-module:2.12.1pkg:npm/is-core-module@2.12.1 08
is-date-object:1.0.5pkg:npm/is-date-object@1.0.5 06
is-docker:2.2.1pkg:npm/is-docker@2.2.1 08
is-es2016-keyword:1.0.0pkg:npm/is-es2016-keyword@1.0.0 08
is-extglob:2.1.1pkg:npm/is-extglob@2.1.1 08
is-fullwidth-code-point:3.0.0pkg:npm/is-fullwidth-code-point@3.0.0 08
is-glob:4.0.3pkg:npm/is-glob@4.0.3 08
is-installed-globally:0.3.2pkg:npm/is-installed-globally@0.3.2 08
is-interactive:1.0.0pkg:npm/is-interactive@1.0.0 08
is-lambda:1.0.1pkg:npm/is-lambda@1.0.1 08
is-negative-zero:2.0.2pkg:npm/is-negative-zero@2.0.2 08
is-npm:4.0.0pkg:npm/is-npm@4.0.0 08
is-number-object:1.0.7pkg:npm/is-number-object@1.0.7 08
is-number:7.0.0pkg:npm/is-number@7.0.0 08
is-obj:2.0.0pkg:npm/is-obj@2.0.0 08
is-path-inside:3.0.3pkg:npm/is-path-inside@3.0.3 08
is-plain-obj:1.1.0pkg:npm/is-plain-obj@1.1.0 08
is-plain-object:2.0.4pkg:npm/is-plain-object@2.0.4 08
is-plain-object:5.0.0pkg:npm/is-plain-object@5.0.0 08
is-regex:1.1.4pkg:npm/is-regex@1.1.4 08
is-shared-array-buffer:1.0.2pkg:npm/is-shared-array-buffer@1.0.2 010
is-stream:2.0.1pkg:npm/is-stream@2.0.1 08
is-string:1.0.7pkg:npm/is-string@1.0.7 06
is-symbol:1.0.4pkg:npm/is-symbol@1.0.4 07
is-typed-array:1.1.10pkg:npm/is-typed-array@1.1.10 08
is-typedarray:1.0.0pkg:npm/is-typedarray@1.0.0 08
is-unicode-supported:0.1.0pkg:npm/is-unicode-supported@0.1.0 08
is-weakref:1.0.2pkg:npm/is-weakref@1.0.2 08
is-wsl:2.2.0pkg:npm/is-wsl@2.2.0 08
is-yarn-global:0.3.0pkg:npm/is-yarn-global@0.3.0 06
isarray:0.0.1pkg:npm/isarray@0.0.1 09
isarray:2.0.5pkg:npm/isarray@2.0.5 09
isexe:2.0.0pkg:npm/isexe@2.0.0 08
isobject:3.0.1pkg:npm/isobject@3.0.1 08
isoparser-1.1.22.jarpkg:maven/com.googlecode.mp4parser/isoparser@1.1.22 026
istack-commons-runtime-3.0.8.jarpkg:maven/com.sun.istack/istack-commons-runtime@3.0.8 028
istack-commons-tools-3.0.8.jarpkg:maven/com.sun.istack/istack-commons-tools@3.0.8 030
itext-2.1.7.jarpkg:maven/com.lowagie/itext@2.1.7HIGH146
itext-rtf-2.1.7.jarpkg:maven/com.lowagie/itext-rtf@2.1.7 046
j2objc-annotations-1.3.jarpkg:maven/com.google.j2objc/j2objc-annotations@1.3 024
jackcess-3.0.1.jarpkg:maven/com.healthmarketscience.jackcess/jackcess@3.0.1 045
jackcess-encrypt-3.0.0.jarpkg:maven/com.healthmarketscience.jackcess/jackcess-encrypt@3.0.0 038
jackson-annotations-2.12.1.jarcpe:2.3:a:fasterxml:jackson-modules-java8:2.12.1:*:*:*:*:*:*:*pkg:maven/com.fasterxml.jackson.core/jackson-annotations@2.12.1 0Low42
jackson-core-2.12.1.jarcpe:2.3:a:fasterxml:jackson-modules-java8:2.12.1:*:*:*:*:*:*:*
cpe:2.3:a:json-java_project:json-java:2.12.1:*:*:*:*:*:*:*		pkg:maven/com.fasterxml.jackson.core/jackson-core@2.12.1HIGH2Low49
jackson-core-asl-1.9.13.jarpkg:maven/org.codehaus.jackson/jackson-core-asl@1.9.13 038
jackson-databind-2.12.1.jarcpe:2.3:a:fasterxml:jackson-databind:2.12.1:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-modules-java8:2.12.1:*:*:*:*:*:*:*		pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.1HIGH5Highest43
jackson-dataformat-csv-2.12.1.jarcpe:2.3:a:fasterxml:jackson-dataformat-xml:2.12.1:*:*:*:*:*:*:*pkg:maven/com.fasterxml.jackson.dataformat/jackson-dataformat-csv@2.12.1 0Highest41
jackson-datatype-guava-2.12.1.jarpkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-guava@2.12.1 041
jackson-datatype-joda-2.12.1.jarpkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-joda@2.12.1 043
jackson-jaxrs-base-2.12.1.jarpkg:maven/com.fasterxml.jackson.jaxrs/jackson-jaxrs-base@2.12.1 041
jackson-jaxrs-json-provider-2.12.1.jarcpe:2.3:a:json-java_project:json-java:2.12.1:*:*:*:*:*:*:*pkg:maven/com.fasterxml.jackson.jaxrs/jackson-jaxrs-json-provider@2.12.1HIGH2Low41
jackson-jaxrs-xml-provider-2.12.1.jarpkg:maven/com.fasterxml.jackson.jaxrs/jackson-jaxrs-xml-provider@2.12.1 039
jackson-module-jaxb-annotations-2.12.1.jarpkg:maven/com.fasterxml.jackson.module/jackson-module-jaxb-annotations@2.12.1 043
jackspeak:2.3.6pkg:npm/jackspeak@2.3.6 06
jai-imageio-core-1.4.0.jarpkg:maven/com.github.jai-imageio/jai-imageio-core@1.4.0 044
jakarta.activation-1.2.1.jarpkg:maven/com.sun.activation/jakarta.activation@1.2.1 035
jakarta.xml.bind-api-2.3.2.jarpkg:maven/jakarta.xml.bind/jakarta.xml.bind-api@2.3.2 030
java-jwt-3.16.0.jarpkg:maven/com.auth0/java-jwt@3.16.0 037
java-libpst-0.8.1.jarpkg:maven/com.pff/java-libpst@0.8.1 022
java-saml-2.6.0.jarpkg:maven/com.onelogin/java-saml@2.6.0 018
java-saml-core-2.6.0.jarpkg:maven/com.onelogin/java-saml-core@2.6.0 017
java-xmlbuilder-1.2.jarcpe:2.3:a:java-xmlbuilder_project:java-xmlbuilder:1.2:*:*:*:*:*:*:*
cpe:2.3:a:utils_project:utils:1.2:*:*:*:*:*:*:*		pkg:maven/com.jamesmurty.utils/java-xmlbuilder@1.2MEDIUM1Highest26
javase-3.0.1.jarpkg:maven/com.google.zxing/javase@3.0.1 023
javax.annotation-api-1.3.2.jarpkg:maven/javax.annotation/javax.annotation-api@1.3.2 046
javax.ejb-api-3.2.2.jarpkg:maven/javax.ejb/javax.ejb-api@3.2.2 044
javax.inject-1.jarpkg:maven/javax.inject/javax.inject@1 020
javax.jms-api-2.0.1.jarcpe:2.3:a:oracle:projects:2.0.1:*:*:*:*:*:*:*pkg:maven/javax.jms/javax.jms-api@2.0.1 0Low34
javax.mail-1.6.2.jarcpe:2.3:a:oracle:java_se:1.6.2:*:*:*:*:*:*:*pkg:maven/com.sun.mail/javax.mail@1.6.2 0Low45
javax.servlet-api-4.0.1.jarcpe:2.3:a:oracle:java_se:4.0.1:*:*:*:*:*:*:*pkg:maven/javax.servlet/javax.servlet-api@4.0.1 0Medium48
javax.servlet.jsp-api-2.3.3.jarcpe:2.3:a:oracle:java_se:2.3.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jsp:2.3.3:*:*:*:*:*:*:*		pkg:maven/javax.servlet.jsp/javax.servlet.jsp-api@2.3.3 0High46
javax.transaction-api-1.3.jarpkg:maven/javax.transaction/javax.transaction-api@1.3 046
javax.websocket-api-1.1.jarpkg:maven/javax.websocket/javax.websocket-api@1.1 030
javax.ws.rs-api-2.0.1.jarcpe:2.3:a:oracle:java_se:2.0.1:*:*:*:*:*:*:*pkg:maven/javax.ws.rs/javax.ws.rs-api@2.0.1 0Low59
jawk-1.02.jarpkg:maven/org.jawk/jawk@1.02 012
jaxb-api-2.3.1.jarpkg:maven/javax.xml.bind/jaxb-api@2.3.1 037
jaxb-runtime-2.3.2.jarpkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.2 032
jaxb-svg11-1.0.2.jarpkg:maven/org.plutext/jaxb-svg11@1.0.2 034
jaxb-xjc-2.3.2.jarpkg:maven/org.glassfish.jaxb/jaxb-xjc@2.3.2 034
jbig2-imageio-3.0.3.jarcpe:2.3:a:apache:pdfbox:3.0.3:*:*:*:*:*:*:*pkg:maven/org.apache.pdfbox/jbig2-imageio@3.0.3 0Highest130
jcip-annotations-1.0.jarpkg:maven/net.jcip/jcip-annotations@1.0 024
jcl-over-slf4j-1.7.30.jarpkg:maven/org.slf4j/jcl-over-slf4j@1.7.30 031
jclouds-core-2.3.0.jarcpe:2.3:a:apache:jclouds:2.3.0:*:*:*:*:*:*:*pkg:maven/org.apache.jclouds/jclouds-core@2.3.0 0Highest30
jclouds-core-2.3.0.jar: gson-2.8.5.jarcpe:2.3:a:google:gson:2.8.5:*:*:*:*:*:*:*pkg:maven/com.google.code.gson/gson@2.8.5HIGH1Highest26
jcommander-1.35.jarpkg:maven/com.beust/jcommander@1.35 022
jdom2-2.0.6.jarcpe:2.3:a:jdom:jdom:2.0.6:*:*:*:*:*:*:*pkg:maven/org.jdom/jdom2@2.0.6HIGH1Highest65
jedis-3.4.1.jarpkg:maven/redis.clients/jedis@3.4.1 027
jempbox-1.8.16.jarcpe:2.3:a:apache:pdfbox:1.8.16:*:*:*:*:*:*:*pkg:maven/org.apache.pdfbox/jempbox@1.8.16 0Highest33
jersey-core-1.19.1.jarcpe:2.3:a:jersey_project:jersey:1.19.1:*:*:*:*:*:*:*pkg:maven/com.sun.jersey/jersey-core@1.19.1 0Highest30
jfreechart-1.5.2.jarcpe:2.3:a:time_project:time:1.5.2:*:*:*:*:*:*:*pkg:maven/org.jfree/jfreechart@1.5.2 0Low39
jhighlight-1.0.3.jarpkg:maven/org.codelibs/jhighlight@1.0.3 020
jju:1.4.0pkg:npm/jju@1.4.0 09
jjwt-api-0.11.2.jarcpe:2.3:a:json-java_project:json-java:0.11.2:*:*:*:*:*:*:*pkg:maven/io.jsonwebtoken/jjwt-api@0.11.2HIGH2Low33
jlessc-1.10.jarpkg:maven/de.inetsoftware/jlessc@1.10 033
jlessc-ant-1.10.jarpkg:maven/com.simplicite.ant/jlessc-ant@1.10
pkg:maven/com.simplicite/jlessc-ant@1.10		 028
jmatio-1.5.jarpkg:maven/org.tallison/jmatio@1.5 026
jmustache-1.15.jarpkg:maven/com.samskivert/jmustache@1.15 030
jna-5.5.0.jarcpe:2.3:a:oracle:java_se:5.5.0:*:*:*:*:*:*:*pkg:maven/net.java.dev.jna/jna@5.5.0 0Low48
jna-5.5.0.jar: jnidispatch.dll 02
jna-5.5.0.jar: jnidispatch.dll 02
joda-time-2.10.9.jarpkg:maven/joda-time/joda-time@2.10.9 047
jquery:3.5.1cpe:2.3:a:jquery:jquery:3.5.1:*:*:*:*:*:*:*pkg:npm/jquery@3.5.1 0Highest9
js-beautify:1.14.0cpe:2.3:a:js-beautify_project:js-beautify:1.14.0:*:*:*:*:*:*:*pkg:npm/js-beautify@1.14.0 0Highest8
js-tokens:4.0.0pkg:npm/js-tokens@4.0.0 06
js-yaml:3.14.1cpe:2.3:a:js-yaml_project:js-yaml:3.14.1:*:*:*:*:*:*:*pkg:npm/js-yaml@3.14.1 0Highest7
js-yaml:4.1.0cpe:2.3:a:js-yaml_project:js-yaml:4.1.0:*:*:*:*:*:*:*pkg:npm/js-yaml@4.1.0 0Highest6
js2xmlparser:4.0.2pkg:npm/js2xmlparser@4.0.2 07
jsdoc-type-pratt-parser:4.0.0pkg:npm/jsdoc-type-pratt-parser@4.0.0 08
jsdoc:4.0.2pkg:npm/jsdoc@4.0.2 010
jsesc:0.5.0pkg:npm/jsesc@0.5.0 09
jsesc:2.5.2pkg:npm/jsesc@2.5.2 09
jshint:2.12.0pkg:npm/jshint@2.12.0 010
json-20211205.jarcpe:2.3:a:json-java_project:json-java:*:*:*:*:*:*:*:*pkg:maven/org.json/json@20211205HIGH2Highest32
json-buffer:3.0.1pkg:npm/json-buffer@3.0.1 07
json-parse-even-better-errors:2.3.1pkg:npm/json-parse-even-better-errors@2.3.1 08
json-parse-even-better-errors:3.0.0pkg:npm/json-parse-even-better-errors@3.0.0 06
json-parse-helpfulerror:1.0.3pkg:npm/json-parse-helpfulerror@1.0.3 08
json-schema-traverse:0.4.1pkg:npm/json-schema-traverse@0.4.1 08
json-schema-traverse:1.0.0pkg:npm/json-schema-traverse@1.0.0 08
json-simple-1.1.1.jarpkg:maven/com.googlecode.json-simple/json-simple@1.1.1 025
json-stable-stringify-without-jsonify:1.0.1pkg:npm/json-stable-stringify-without-jsonify@1.0.1 09
json5:2.2.3cpe:2.3:a:json5:json5:2.2.3:*:*:*:*:*:*:*pkg:npm/json5@2.2.3 0Highest8
jsonfile:4.0.0pkg:npm/jsonfile@4.0.0 06
jsonlines:0.1.1pkg:npm/jsonlines@0.1.1 05
jsonparse:1.3.1pkg:npm/jsonparse@1.3.1 07
jsoup-1.14.3.jarcpe:2.3:a:jsoup:jsoup:1.14.3:*:*:*:*:*:*:*pkg:maven/org.jsoup/jsoup@1.14.3MEDIUM1Highest39
jsr305-3.0.2.jarpkg:maven/com.google.code.findbugs/jsr305@3.0.2 017
jsr311-api-1.1.1.jarcpe:2.3:a:web_project:web:1.1.1:*:*:*:*:*:*:*pkg:maven/javax.ws.rs/jsr311-api@1.1.1 0Low36
jszip-utils:0.1.0pkg:npm/jszip-utils@0.1.0 06
jszip:3.5.0cpe:2.3:a:jszip_project:jszip:3.5.0:*:*:*:*:*:*:*pkg:npm/jszip@3.5.0HIGH4Highest6
jtidy-r938.jarcpe:2.3:a:jtidy_project:jtidy:r938:*:*:*:*:*:*:*pkg:maven/net.sf.jtidy/jtidy@r938HIGH1Highest53
jul-to-slf4j-1.7.30.jarpkg:maven/org.slf4j/jul-to-slf4j@1.7.30 026
junit-4.13.1.jarcpe:2.3:a:junit:junit4:4.13.1:*:*:*:*:*:*:*pkg:maven/junit/junit@4.13.1 0Low53
juniversalchardet-1.0.3.jarpkg:maven/com.googlecode.juniversalchardet/juniversalchardet@1.0.3 024
junrar-4.0.0.jarcpe:2.3:a:junrar_project:junrar:4.0.0:*:*:*:*:*:*:*pkg:maven/com.github.junrar/junrar@4.0.0HIGH1Highest25
keyv:3.1.0pkg:npm/keyv@3.1.0 08
keyv:4.5.2pkg:npm/keyv@4.5.2 08
kind-of:6.0.3cpe:2.3:a:kind-of_project:kind-of:6.0.3:*:*:*:*:*:*:*pkg:npm/kind-of@6.0.3 0Highest8
klaw:3.0.0pkg:npm/klaw@3.0.0 08
kleur:4.1.5pkg:npm/kleur@4.1.5 08
known-css-properties:0.26.0pkg:npm/known-css-properties@0.26.0 010
latest-version:5.1.0pkg:npm/latest-version@5.1.0 08
leaflet:1.7.1pkg:npm/leaflet@1.7.1 06
levn:0.4.1pkg:npm/levn@0.4.1 08
libphonenumber-8.12.15.jarpkg:maven/com.googlecode.libphonenumber/libphonenumber@8.12.15 022
license-report:6.5.0pkg:npm/license-report@6.5.0 08
lie:3.3.0pkg:npm/lie@3.3.0 06
lines-and-columns:1.2.4pkg:npm/lines-and-columns@1.2.4 08
linkify-it:3.0.3pkg:npm/linkify-it@3.0.3 05
listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jarpkg:maven/com.google.guava/listenablefuture@9999.0-empty-to-avoid-conflict-with-guava 013
load-yaml-file:0.2.0pkg:npm/load-yaml-file@0.2.0 04
locate-path:3.0.0pkg:npm/locate-path@3.0.0 08
locate-path:5.0.0pkg:npm/locate-path@5.0.0 08
locate-path:6.0.0pkg:npm/locate-path@6.0.0 08
lodash.debounce:4.0.8pkg:npm/lodash.debounce@4.0.8 07
lodash.merge:4.6.2pkg:npm/lodash.merge@4.6.2 07
lodash.truncate:4.4.2pkg:npm/lodash.truncate@4.4.2 07
lodash:4.17.21cpe:2.3:a:lodash:lodash:4.17.21:*:*:*:*:*:*:*pkg:npm/lodash@4.17.21 0Highest7
log-symbols:4.1.0pkg:npm/log-symbols@4.1.0 08
log4j-core-2.17.2.jarcpe:2.3:a:apache:log4j:2.17.2:*:*:*:*:*:*:*pkg:maven/org.apache.logging.log4j/log4j-core@2.17.2 0Highest50
log4j-slf4j-impl-2.17.2.jarpkg:maven/org.apache.logging.log4j/log4j-slf4j-impl@2.17.2 046
loose-envify:1.4.0pkg:npm/loose-envify@1.4.0 07
lower-case:2.0.2pkg:npm/lower-case@2.0.2 010
lowercase-keys:2.0.0pkg:npm/lowercase-keys@2.0.0 08
lowercase-keys:3.0.0pkg:npm/lowercase-keys@3.0.0 08
lru-cache:10.0.0pkg:npm/lru-cache@10.0.0 06
lru-cache:4.1.5pkg:npm/lru-cache@4.1.5 06
lru-cache:5.1.1pkg:npm/lru-cache@5.1.1 06
lru-cache:6.0.0pkg:npm/lru-cache@6.0.0 06
lru-cache:7.18.3pkg:npm/lru-cache@7.18.3 06
lucene-core-8.7.0.jarpkg:maven/org.apache.lucene/lucene-core@8.7.0 028
magic-string:0.30.0pkg:npm/magic-string@0.30.0 06
make-dir:2.1.0pkg:npm/make-dir@2.1.0 08
make-dir:3.1.0pkg:npm/make-dir@3.1.0 08
make-fetch-happen:11.1.1pkg:npm/make-fetch-happen@11.1.1 06
map-obj:1.0.1pkg:npm/map-obj@1.0.1 08
map-obj:4.3.0pkg:npm/map-obj@4.3.0 08
markdown-it-anchor:8.6.7pkg:npm/markdown-it-anchor@8.6.7 05
markdown-it:12.3.2cpe:2.3:a:markdown-it_project:markdown-it:12.3.2:*:*:*:*:*:*:*pkg:npm/markdown-it@12.3.2 0Highest5
marked:1.2.7cpe:2.3:a:marked_project:marked:1.2.7:*:*:*:*:*:*:*pkg:npm/marked@1.2.7HIGH6Highest8
marked:4.3.0cpe:2.3:a:marked_project:marked:4.3.0:*:*:*:*:*:*:*pkg:npm/marked@4.3.0 0Highest8
mathml-tag-names:2.1.3pkg:npm/mathml-tag-names@2.1.3 07
mbassador-1.3.2.jarpkg:maven/net.engio/mbassador@1.3.2 029
mchange-commons-java-0.2.19.jarpkg:maven/com.mchange/mchange-commons-java@0.2.19 029
mdurl:1.0.1pkg:npm/mdurl@1.0.1 05
meow:9.0.0pkg:npm/meow@9.0.0 08
merge-stream:2.0.0pkg:npm/merge-stream@2.0.0 06
merge2:1.4.1pkg:npm/merge2@1.4.1 06
metadata-extractor-2.11.0.jarcpe:2.3:a:metadata-extractor_project:metadata-extractor:2.11.0:*:*:*:*:*:*:*pkg:maven/com.drewnoakes/metadata-extractor@2.11.0HIGH3Highest32
micromatch:4.0.5pkg:npm/micromatch@4.0.5 08
migbase64-2.2.jarpkg:maven/com.brsanthu/migbase64@2.2 038
mimepull-1.9.3.jarpkg:maven/org.jvnet.mimepull/mimepull@1.9.3 048
mimic-fn:2.1.0pkg:npm/mimic-fn@2.1.0 08
mimic-response:1.0.1pkg:npm/mimic-response@1.0.1 08
mimic-response:3.1.0pkg:npm/mimic-response@3.1.0 08
mimic-response:4.0.0pkg:npm/mimic-response@4.0.0 08
min-indent:1.0.1pkg:npm/min-indent@1.0.1 08
minimatch:3.1.2cpe:2.3:a:minimatch_project:minimatch:3.1.2:*:*:*:*:*:*:*pkg:npm/minimatch@3.1.2 0Highest6
minimatch:9.0.3cpe:2.3:a:minimatch_project:minimatch:9.0.3:*:*:*:*:*:*:*pkg:npm/minimatch@9.0.3 0Highest6
minimist-options:4.1.0pkg:npm/minimist-options@4.1.0 06
minimist:1.2.8cpe:2.3:a:substack:minimist:1.2.8:*:*:*:*:*:*:*pkg:npm/minimist@1.2.8 0Highest9
minipass-collect:1.0.2pkg:npm/minipass-collect@1.0.2 06
minipass-fetch:3.0.3pkg:npm/minipass-fetch@3.0.3 06
minipass-flush:1.0.5pkg:npm/minipass-flush@1.0.5 06
minipass-json-stream:1.0.1pkg:npm/minipass-json-stream@1.0.1 06
minipass-pipeline:1.2.4pkg:npm/minipass-pipeline@1.2.4 06
minipass-sized:1.0.3pkg:npm/minipass-sized@1.0.3 06
minipass:3.3.6pkg:npm/minipass@3.3.6 06
minipass:5.0.0pkg:npm/minipass@5.0.0 06
minipass:6.0.2pkg:npm/minipass@6.0.2 06
minizlib:2.1.2pkg:npm/minizlib@2.1.2 06
mkdirp:1.0.4pkg:npm/mkdirp@1.0.4 05
moment:2.29.1cpe:2.3:a:momentjs:moment:2.29.1:*:*:*:*:*:*:*pkg:npm/moment@2.29.1HIGH4Highest8
mongodb-driver-core-3.12.7.jarcpe:2.3:a:mongodb:java_driver:3.12.7:*:*:*:*:*:*:*pkg:maven/org.mongodb/mongodb-driver-core@3.12.7MEDIUM1Low30
ms:2.1.2pkg:npm/ms@2.1.2 05
mssql-jdbc-11.2.2.jre8.jarcpe:2.3:a:www-sql_project:www-sql:11.2.2.jre8:*:*:*:*:*:*:*pkg:maven/com.microsoft.sqlserver/mssql-jdbc@11.2.2
pkg:maven/com.microsoft.sqlserver/mssql-jdbc@11.2.2.jre8		 0Highest37
multimatch:5.0.0pkg:npm/multimatch@5.0.0 08
mustache:4.1.0pkg:npm/mustache@4.1.0 07
mute-stream:0.0.8pkg:npm/mute-stream@0.0.8 06
mysql-connector-j-8.0.31.jarcpe:2.3:a:mysql:mysql:8.0.31:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_connector\/j:8.0.31:*:*:*:*:*:*:*		pkg:maven/com.mysql/mysql-connector-j@8.0.31 0Highest52
nanoid:3.3.6cpe:2.3:a:nanoid_project:nanoid:3.3.6:*:*:*:*:*:*:*pkg:npm/nanoid@3.3.6 0Highest6
natural-compare:1.4.0pkg:npm/natural-compare@1.4.0 07
negotiator:0.6.3cpe:2.3:a:negotiator_project:negotiator:0.6.3:*:*:*:*:*:*:*pkg:npm/negotiator@0.6.3 0Highest5
neo-async:2.6.2pkg:npm/neo-async@2.6.2 06
netcdf4-4.5.5.jarpkg:maven/edu.ucar/netcdf4@4.5.5 025
netty-codec-4.1.49.Final.jarcpe:2.3:a:netty:netty:4.1.49:*:*:*:*:*:*:*pkg:maven/io.netty/netty-codec@4.1.49.FinalHIGH12Highest34
netty-codec-mqtt-4.1.49.Final.jarcpe:2.3:a:mqtt:mqtt:4.1.49:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.1.49:*:*:*:*:*:*:*		pkg:maven/io.netty/netty-codec-mqtt@4.1.49.FinalHIGH11Highest34
netty-common-4.1.49.Final.jar (shaded: org.jctools:jctools-core:3.0.0)pkg:maven/org.jctools/jctools-core@3.0.0 09
netty-transport-4.1.49.Final.jarcpe:2.3:a:netty:netty:4.1.49:*:*:*:*:*:*:*pkg:maven/io.netty/netty-transport@4.1.49.FinalHIGH11Highest32
netty-transport-native-kqueue-4.1.55.Final-osx-x86_64.jarcpe:2.3:a:netty:netty:4.1.55:*:*:*:*:*:*:*pkg:maven/io.netty/netty-transport-native-kqueue@4.1.55.FinalHIGH11Highest36
no-case:3.0.4cpe:2.3:a:no-case_project:no-case:3.0.4:*:*:*:*:*:*:*pkg:npm/no-case@3.0.4 0Highest10
node-emoji:1.11.0pkg:npm/node-emoji@1.11.0 07
node-environment-flags:1.0.6pkg:npm/node-environment-flags@1.0.6 06
node-fetch:2.7.0cpe:2.3:a:node-fetch_project:node-fetch:2.7.0:*:*:*:*:*:*:*pkg:npm/node-fetch@2.7.0 0Highest8
node-gyp:9.4.0pkg:npm/node-gyp@9.4.0 06
node-releases:2.0.13pkg:npm/node-releases@2.0.13 06
nopt:5.0.0pkg:npm/nopt@5.0.0 06
nopt:6.0.0pkg:npm/nopt@6.0.0 06
normalize-package-data:2.5.0pkg:npm/normalize-package-data@2.5.0 06
normalize-package-data:3.0.3pkg:npm/normalize-package-data@3.0.3 06
normalize-package-data:5.0.0pkg:npm/normalize-package-data@5.0.0 06
normalize-path:3.0.0pkg:npm/normalize-path@3.0.0 08
normalize-url:4.5.1cpe:2.3:a:normalize-url_project:normalize-url:4.5.1:*:*:*:*:*:*:*pkg:npm/normalize-url@4.5.1 0Highest8
normalize-url:8.0.0cpe:2.3:a:normalize-url_project:normalize-url:8.0.0:*:*:*:*:*:*:*pkg:npm/normalize-url@8.0.0 0Highest8
npm-audit-html:1.5.0pkg:npm/npm-audit-html@1.5.0 06
npm-bundled:3.0.0pkg:npm/npm-bundled@3.0.0 06
npm-check-updates:16.14.6pkg:npm/npm-check-updates@16.14.6 08
npm-check:6.0.1pkg:npm/npm-check@6.0.1 09
npm-install-checks:6.1.1pkg:npm/npm-install-checks@6.1.1 06
npm-normalize-package-bin:3.0.1pkg:npm/npm-normalize-package-bin@3.0.1 06
npm-package-arg:10.1.0pkg:npm/npm-package-arg@10.1.0 08
npm-packlist:7.0.4pkg:npm/npm-packlist@7.0.4 06
npm-pick-manifest:8.0.2pkg:npm/npm-pick-manifest@8.0.2 06
npm-registry-fetch:14.0.5pkg:npm/npm-registry-fetch@14.0.5 06
npm-run-path:4.0.1pkg:npm/npm-run-path@4.0.1 08
npmlog:6.0.2pkg:npm/npmlog@6.0.2 06
numeral:2.0.6pkg:npm/numeral@2.0.6 010
oauth-2.3.0.jarcpe:2.3:a:apache:jclouds:2.3.0:*:*:*:*:*:*:*pkg:maven/org.apache.jclouds.api/oauth@2.3.0 0Highest33
object-inspect:1.12.3pkg:npm/object-inspect@1.12.3 09
object-keys:1.1.1pkg:npm/object-keys@1.1.1 08
object.assign:4.1.4pkg:npm/object.assign@4.1.4 06
object.getownpropertydescriptors:2.1.6pkg:npm/object.getownpropertydescriptors@2.1.6 06
ojdbc8-21.9.0.0.jarcpe:2.3:a:oracle:jdbc:21.9.0.0:*:*:*:*:*:*:*pkg:maven/com.oracle.database.jdbc/ojdbc8@21.9.0.0 0Highest32
okhttp-2.7.5.jarcpe:2.3:a:squareup:okhttp:2.7.5:*:*:*:*:*:*:*pkg:maven/com.squareup.okhttp/okhttp@2.7.5HIGH2Highest22
okio-1.6.0.jarcpe:2.3:a:squareup:okio:1.6.0:*:*:*:*:*:*:*pkg:maven/com.squareup.okio/okio@1.6.0HIGH1Highest16
once:1.4.0pkg:npm/once@1.4.0 06
onetime:5.1.2pkg:npm/onetime@5.1.2 08
open:7.4.2pkg:npm/open@7.4.2 08
opencensus-api-0.24.0.jarpkg:maven/io.opencensus/opencensus-api@0.24.0 033
opencensus-contrib-grpc-metrics-0.21.0.jarpkg:maven/io.opencensus/opencensus-contrib-grpc-metrics@0.21.0 037
opencensus-contrib-grpc-util-0.24.0.jarpkg:maven/io.opencensus/opencensus-contrib-grpc-util@0.24.0 037
opencensus-contrib-http-util-0.24.0.jarpkg:maven/io.opencensus/opencensus-contrib-http-util@0.24.0 037
openhtmltopdf-core-1.0.7.jarpkg:maven/com.openhtmltopdf/openhtmltopdf-core@1.0.7 027
openhtmltopdf-pdfbox-1.0.7.jarcpe:2.3:a:apache:pdfbox:1.0.7:*:*:*:*:*:*:*pkg:maven/com.openhtmltopdf/openhtmltopdf-pdfbox@1.0.7 0High23
openjson-1.0.11.jarcpe:2.3:a:json-java_project:json-java:1.0.11:*:*:*:*:*:*:*pkg:maven/com.github.openjson/openjson@1.0.11HIGH2Low37
opennlp-tools-1.9.1.jarcpe:2.3:a:apache:opennlp:1.9.1:*:*:*:*:*:*:*pkg:maven/org.apache.opennlp/opennlp-tools@1.9.1 0Highest36
openstack-keystone-2.3.0.jarcpe:2.3:a:apache:jclouds:2.3.0:*:*:*:*:*:*:*
cpe:2.3:a:openstack:keystone:2.3.0:*:*:*:*:*:*:*
cpe:2.3:a:openstack:openstack:2.3.0:*:*:*:*:*:*:*		pkg:maven/org.apache.jclouds.api/openstack-keystone@2.3.0HIGH7Highest35
openstack-swift-2.3.0.jarcpe:2.3:a:apache:jclouds:2.3.0:*:*:*:*:*:*:*
cpe:2.3:a:openstack:openstack:2.3.0:*:*:*:*:*:*:*
cpe:2.3:a:openstack:swift:2.3.0:*:*:*:*:*:*:*		pkg:maven/org.apache.jclouds.api/openstack-swift@2.3.0CRITICAL6Highest35
optionator:0.9.3pkg:npm/optionator@0.9.3 08
ora:5.4.1pkg:npm/ora@5.4.1 08
org.apache.oltu.oauth2.client-1.0.2.jarpkg:maven/org.apache.oltu.oauth2/org.apache.oltu.oauth2.client@1.0.2 032
org.apache.oltu.oauth2.common-1.0.2.jarpkg:maven/org.apache.oltu.oauth2/org.apache.oltu.oauth2.common@1.0.2 032
org.eclipse.jgit-6.1.0.202203080745-r.jarcpe:2.3:a:eclipse:jgit:6.1.0:202203080745:*:*:*:*:*:*pkg:maven/org.eclipse.jgit/org.eclipse.jgit@6.1.0.202203080745-rHIGH1Highest38
org.eclipse.jgit.http.server-6.1.0.202203080745-r.jarcpe:2.3:a:eclipse:jgit:6.1.0:202203080745:*:*:*:*:*:*pkg:maven/org.eclipse.jgit/org.eclipse.jgit.http.server@6.1.0.202203080745-r 0Highest40
org.eclipse.paho.client.mqttv3-1.2.5.jarcpe:2.3:a:eclipse:paho_java_client:1.2.5:*:*:*:*:*:*:*pkg:maven/org.eclipse.paho/org.eclipse.paho.client.mqttv3@1.2.5 0Low32
os-tmpdir:1.0.2pkg:npm/os-tmpdir@1.0.2 08
p-cancelable:1.1.0pkg:npm/p-cancelable@1.1.0 08
p-cancelable:3.0.0pkg:npm/p-cancelable@3.0.0 08
p-limit:3.1.0pkg:npm/p-limit@3.1.0 09
p-locate:3.0.0pkg:npm/p-locate@3.0.0 08
p-locate:4.1.0pkg:npm/p-locate@4.1.0 08
p-locate:5.0.0pkg:npm/p-locate@5.0.0 08
p-map:4.0.0pkg:npm/p-map@4.0.0 08
p-try:2.2.0pkg:npm/p-try@2.2.0 08
package-json:6.5.0pkg:npm/package-json@6.5.0 08
package-json:8.1.1pkg:npm/package-json@8.1.1 08
pacote:15.2.0pkg:npm/pacote@15.2.0 06
pako:1.0.11pkg:npm/pako@1.0.11 06
parent-module:1.0.1pkg:npm/parent-module@1.0.1 08
parse-github-url:1.0.2pkg:npm/parse-github-url@1.0.2 08
parse-json:5.2.0cpe:2.3:a:parsejson_project:parsejson:5.2.0:*:*:*:*:*:*:*pkg:npm/parse-json@5.2.0 0Low8
parse-passwd:1.0.0pkg:npm/parse-passwd@1.0.0 08
parso-2.0.11.jarcpe:2.3:a:parso_project:parso:2.0.11:*:*:*:*:*:*:*pkg:maven/com.epam/parso@2.0.11 0Highest34
path-exists:3.0.0pkg:npm/path-exists@3.0.0 08
path-exists:4.0.0pkg:npm/path-exists@4.0.0 08
path-is-absolute:1.0.1pkg:npm/path-is-absolute@1.0.1 08
path-key:3.1.1pkg:npm/path-key@3.1.1 08
path-parse:1.0.7cpe:2.3:a:path-parse_project:path-parse:1.0.7:*:*:*:*:*:*:*pkg:npm/path-parse@1.0.7 0Highest8
path-scurry:1.10.1pkg:npm/path-scurry@1.10.1 06
path-type:4.0.0pkg:npm/path-type@4.0.0 08
pdfbox-2.0.22.jarcpe:2.3:a:apache:pdfbox:2.0.22:*:*:*:*:*:*:*pkg:maven/org.apache.pdfbox/pdfbox@2.0.22MEDIUM4Highest35
perfmark-api-0.19.0.jarpkg:maven/io.perfmark/perfmark-api@0.19.0 026
picocolors:1.0.0pkg:npm/picocolors@1.0.0 06
picomatch:2.3.1pkg:npm/picomatch@2.3.1 08
pify:4.0.1pkg:npm/pify@4.0.1 08
pinkie-promise:2.0.1pkg:npm/pinkie-promise@2.0.1 08
pinkie:2.0.4pkg:npm/pinkie@2.0.4 08
pirates:4.0.6pkg:npm/pirates@4.0.6 010
pkg-dir:3.0.0pkg:npm/pkg-dir@3.0.0 08
pkg-dir:4.2.0pkg:npm/pkg-dir@4.2.0 08
pkg-dir:5.0.0pkg:npm/pkg-dir@5.0.0 08
please-upgrade-node:3.2.0pkg:npm/please-upgrade-node@3.2.0 08
poi-4.1.2.jarcpe:2.3:a:apache:poi:4.1.2:*:*:*:*:*:*:*pkg:maven/org.apache.poi/poi@4.1.2MEDIUM1Highest29
popper.js:1.16.1pkg:npm/popper.js@1.16.1 08
postcss-less:6.0.0pkg:npm/postcss-less@6.0.0 08
postcss-media-query-parser:0.2.3pkg:npm/postcss-media-query-parser@0.2.3 08
postcss-resolve-nested-selector:0.1.1pkg:npm/postcss-resolve-nested-selector@0.1.1 06
postcss-safe-parser:6.0.0pkg:npm/postcss-safe-parser@6.0.0 06
postcss-selector-parser:6.0.13pkg:npm/postcss-selector-parser@6.0.13 05
postcss-value-parser:4.2.0pkg:npm/postcss-value-parser@4.2.0 08
postcss:8.4.24cpe:2.3:a:postcss:postcss:8.4.24:*:*:*:*:*:*:*pkg:npm/postcss@8.4.24MEDIUM1Highest8
postgresql-42.5.3.jarcpe:2.3:a:postgresql:postgresql_jdbc_driver:42.5.3:*:*:*:*:*:*:*pkg:maven/org.postgresql/postgresql@42.5.3 0Low71
preact:10.15.1pkg:npm/preact@10.15.1 07
preferred-pm:3.0.3pkg:npm/preferred-pm@3.0.3 010
preflight-2.0.22.jarcpe:2.3:a:apache:pdfbox:2.0.22:*:*:*:*:*:*:*pkg:maven/org.apache.pdfbox/preflight@2.0.22MEDIUM4Highest35
prelude-ls:1.2.1pkg:npm/prelude-ls@1.2.1 08
prepend-http:2.0.0pkg:npm/prepend-http@2.0.0 08
proc-log:3.0.0pkg:npm/proc-log@3.0.0 06
process-nextick-args:2.0.1pkg:npm/process-nextick-args@2.0.1 08
progress:2.0.3pkg:npm/progress@2.0.3 06
promise-inflight:1.0.1pkg:npm/promise-inflight@1.0.1 08
promise-retry:2.0.1pkg:npm/promise-retry@2.0.1 07
prompts-ncu:3.0.0pkg:npm/prompts-ncu@3.0.0 08
proto-google-cloud-firestore-admin-v1-1.31.0.jarpkg:maven/com.google.api.grpc/proto-google-cloud-firestore-admin-v1@1.31.0 028
proto-google-cloud-firestore-v1-1.31.0.jarpkg:maven/com.google.api.grpc/proto-google-cloud-firestore-v1@1.31.0 025
proto-google-cloud-firestore-v1beta1-0.84.0.jarpkg:maven/com.google.api.grpc/proto-google-cloud-firestore-v1beta1@0.84.0 024
proto-google-cloud-pubsub-v1-1.84.0.jarpkg:maven/com.google.api.grpc/proto-google-cloud-pubsub-v1@1.84.0 032
proto-google-common-protos-1.17.0.jarpkg:maven/com.google.api.grpc/proto-google-common-protos@1.17.0 064
proto-google-iam-v1-0.13.0.jarpkg:maven/com.google.api.grpc/proto-google-iam-v1@0.13.0 068
proto-list:1.2.4pkg:npm/proto-list@1.2.4 06
protobuf-java-3.11.4.jarcpe:2.3:a:google:protobuf-java:3.11.4:*:*:*:*:*:*:*
cpe:2.3:a:protobuf:protobuf:3.11.4:*:*:*:*:*:*:*		pkg:maven/com.google.protobuf/protobuf-java@3.11.4HIGH4Highest27
protobuf-java-util-3.11.4.jarcpe:2.3:a:google:protobuf-java:3.11.4:*:*:*:*:*:*:*
cpe:2.3:a:protobuf:protobuf:3.11.4:*:*:*:*:*:*:*		pkg:maven/com.google.protobuf/protobuf-java-util@3.11.4HIGH2Highest29
proton-j-0.33.8.jarcpe:2.3:a:apache:qpid:0.33.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:qpid_proton:0.33.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:qpid_proton-j:0.33.8:*:*:*:*:*:*:*
cpe:2.3:a:proton_project:proton:0.33.8:*:*:*:*:*:*:*		pkg:maven/org.apache.qpid/proton-j@0.33.8 0Highest32
pseudomap:1.0.2pkg:npm/pseudomap@1.0.2 08
pump:3.0.0pkg:npm/pump@3.0.0 06
punycode:2.3.0pkg:npm/punycode@2.3.0 09
pupa:2.1.1pkg:npm/pupa@2.1.1 09
qpid-jms-client-0.56.0.jarcpe:2.3:a:apache:qpid:0.56.0:*:*:*:*:*:*:*pkg:maven/org.apache.qpid/qpid-jms-client@0.56.0 0Highest29
qrgen-1.4.jarpkg:maven/net.glxn/qrgen@1.4 030
quartz-2.3.2.jarcpe:2.3:a:softwareag:quartz:2.3.2:*:*:*:*:*:*:*pkg:maven/org.quartz-scheduler/quartz@2.3.2CRITICAL1Highest33
query-ast:1.0.5pkg:npm/query-ast@1.0.5 07
queue-microtask:1.2.3pkg:npm/queue-microtask@1.2.3 010
quick-lru:4.0.1pkg:npm/quick-lru@4.0.1 08
quick-lru:5.1.1pkg:npm/quick-lru@5.1.1 08
rc-config-loader:4.1.3pkg:npm/rc-config-loader@4.1.3 08
rc:1.2.8pkg:npm/rc@1.2.8 06
read-package-json-fast:3.0.2pkg:npm/read-package-json-fast@3.0.2 06
read-package-json:6.0.4pkg:npm/read-package-json@6.0.4 06
read-pkg-up:7.0.1pkg:npm/read-pkg-up@7.0.1 08
read-pkg:5.2.0pkg:npm/read-pkg@5.2.0 08
readable-stream:1.1.14pkg:npm/readable-stream@1.1.14 06
readable-stream:2.3.8pkg:npm/readable-stream@2.3.8 05
readable-stream:3.6.2pkg:npm/readable-stream@3.6.2 05
readdirp:3.6.0pkg:npm/readdirp@3.6.0 08
redent:3.0.0pkg:npm/redent@3.0.0 08
regenerate-unicode-properties:10.1.0pkg:npm/regenerate-unicode-properties@10.1.0 09
regenerate:1.4.2pkg:npm/regenerate@1.4.2 09
regenerator-runtime:0.14.0pkg:npm/regenerator-runtime@0.14.0 06
regenerator-transform:0.15.2pkg:npm/regenerator-transform@0.15.2 06
regexp.prototype.flags:1.5.0pkg:npm/regexp.prototype.flags@1.5.0 06
regexpu-core:5.3.2pkg:npm/regexpu-core@5.3.2 09
registry-auth-token:4.2.2pkg:npm/registry-auth-token@4.2.2 08
registry-auth-token:5.0.2pkg:npm/registry-auth-token@5.0.2 08
registry-url:5.1.0pkg:npm/registry-url@5.1.0 08
registry-url:6.0.1pkg:npm/registry-url@6.0.1 08
regjsparser:0.9.1pkg:npm/regjsparser@0.9.1 06
relaxng-datatype-2.3.2.jarpkg:maven/com.sun.xml.bind.external/relaxng-datatype@2.3.2 027
remote-git-tags:3.0.0pkg:npm/remote-git-tags@3.0.0 08
require-directory:2.1.1pkg:npm/require-directory@2.1.1 08
require-from-string:2.0.2pkg:npm/require-from-string@2.0.2 08
require-package-name:2.0.1pkg:npm/require-package-name@2.0.1 010
requizzle:0.2.4pkg:npm/requizzle@0.2.4 08
resolve-alpn:1.2.1pkg:npm/resolve-alpn@1.2.1 08
resolve-from:4.0.0pkg:npm/resolve-from@4.0.0 08
resolve-from:5.0.0pkg:npm/resolve-from@5.0.0 08
resolve:1.22.2pkg:npm/resolve@1.22.2 08
responselike:1.0.2pkg:npm/responselike@1.0.2 06
responselike:3.0.0pkg:npm/responselike@3.0.0 06
restore-cursor:3.1.0pkg:npm/restore-cursor@3.1.0 08
retry:0.12.0pkg:npm/retry@0.12.0 07
reusify:1.0.4pkg:npm/reusify@1.0.4 08
rhino-1.7.13.jarpkg:maven/org.mozilla/rhino@1.7.13 031
rhino-1.7.13.jar: test.js 00
rhino-js-engine-1.7.10.jarpkg:maven/cat.inspiracio/rhino-js-engine@1.7.10 032
rhino-js-engine-1.7.10.jar: toplevel.js 00
rimraf:3.0.2pkg:npm/rimraf@3.0.2 06
rimraf:5.0.5pkg:npm/rimraf@5.0.5 06
rngom-2.3.2.jarpkg:maven/com.sun.xml.bind.external/rngom@2.3.2 023
rome-1.12.2.jarpkg:maven/com.rometools/rome@1.12.2 035
rome-utils-1.12.2.jarcpe:2.3:a:utils_project:utils:1.12.2:*:*:*:*:*:*:*pkg:maven/com.rometools/rome-utils@1.12.2MEDIUM1Highest19
run-async:2.4.1pkg:npm/run-async@2.4.1 06
run-parallel:1.2.0pkg:npm/run-parallel@1.2.0 010
rxjs:6.6.7pkg:npm/rxjs@6.6.7 08
s3-2.3.0.jarcpe:2.3:a:apache:jclouds:2.3.0:*:*:*:*:*:*:*pkg:maven/org.apache.jclouds.api/s3@2.3.0 0Highest33
safe-array-concat:1.0.0pkg:npm/safe-array-concat@1.0.0 08
safe-buffer:5.2.1pkg:npm/safe-buffer@5.2.1 010
safe-regex-test:1.0.0pkg:npm/safe-regex-test@1.0.0 08
safer-buffer:2.1.2pkg:npm/safer-buffer@2.1.2 09
sass:1.63.6pkg:npm/sass@1.63.6 010
scss-parser:1.0.6pkg:npm/scss-parser@1.0.6 06
select2-theme-bootstrap4:1.0.0pkg:npm/select2-theme-bootstrap4@1.0.0 08
select2:4.0.13cpe:2.3:a:select2:select2:4.0.13:*:*:*:*:*:*:*pkg:npm/select2@4.0.13 0Highest9
semver-compare:1.0.0pkg:npm/semver-compare@1.0.0 09
semver-diff:3.1.1pkg:npm/semver-diff@3.1.1 08
semver-utils:1.1.4pkg:npm/semver-utils@1.1.4 07
semver:5.7.1pkg:npm/semver@5.7.1HIGH15
semver:6.3.1pkg:npm/semver@6.3.1 06
semver:7.5.4pkg:npm/semver@7.5.4 06
sentence-case:3.0.4pkg:npm/sentence-case@3.0.4 010
sentiment-analysis-parser-0.1.jarcpe:2.3:a:ini-parser_project:ini-parser:0.1:*:*:*:*:*:*:*pkg:maven/edu.usc.ir/sentiment-analysis-parser@0.1 0Low38
serializer-2.7.2.jarcpe:2.3:a:apache:xalan-java:2.7.2:*:*:*:*:*:*:*pkg:maven/xalan/serializer@2.7.2HIGH1Low32
set-blocking:2.0.0pkg:npm/set-blocking@2.0.0 08
set-immediate-shim:1.0.1pkg:npm/set-immediate-shim@1.0.1 08
shallow-clone:3.0.1pkg:npm/shallow-clone@3.0.1 08
shebang-command:2.0.0pkg:npm/shebang-command@2.0.0 08
shebang-regex:3.0.0pkg:npm/shebang-regex@3.0.0 08
shelljs:0.3.0cpe:2.3:a:shelljs_project:shelljs:0.3.0:*:*:*:*:*:*:*pkg:npm/shelljs@0.3.0HIGH1Highest7
side-channel:1.0.4pkg:npm/side-channel@1.0.4 08
sigmund:1.0.1pkg:npm/sigmund@1.0.1 06
signal-exit:3.0.7pkg:npm/signal-exit@3.0.7 08
signal-exit:4.0.2pkg:npm/signal-exit@4.0.2 06
sigstore:1.8.0pkg:npm/sigstore@1.8.0 08
simplicite-bootstrap-datetimepicker:1.0.6pkg:npm/simplicite-bootstrap-datetimepicker@1.0.6 07
simplicite:2.2.37pkg:npm/simplicite@2.2.37 08
sis-feature-1.0.jarpkg:maven/org.apache.sis.core/sis-feature@1.0 064
sis-metadata-1.0.jarpkg:maven/org.apache.sis.core/sis-metadata@1.0 048
sis-netcdf-1.0.jarpkg:maven/org.apache.sis.storage/sis-netcdf@1.0 052
sis-referencing-1.0.jarpkg:maven/org.apache.sis.core/sis-referencing@1.0 064
sis-storage-1.0.jarpkg:maven/org.apache.sis.storage/sis-storage@1.0 066
sis-utility-1.0.jarpkg:maven/org.apache.sis.core/sis-utility@1.0 051
sisteransi:1.0.5pkg:npm/sisteransi@1.0.5 08
slash:2.0.0pkg:npm/slash@2.0.0 08
slash:3.0.0pkg:npm/slash@3.0.0 08
slf4j-api-1.7.30.jarpkg:maven/org.slf4j/slf4j-api@1.7.30 027
slice-ansi:4.0.0pkg:npm/slice-ansi@4.0.0 05
smart-buffer:4.2.0pkg:npm/smart-buffer@4.2.0 08
snakeyaml-1.27.jarcpe:2.3:a:snakeyaml_project:snakeyaml:1.27:*:*:*:*:*:*:*pkg:maven/org.yaml/snakeyaml@1.27CRITICAL7Highest46
socks-proxy-agent:7.0.0pkg:npm/socks-proxy-agent@7.0.0 010
socks:2.7.1pkg:npm/socks@2.7.1 08
source-map-js:1.0.2pkg:npm/source-map-js@1.0.2 07
source-map-support:0.5.21pkg:npm/source-map-support@0.5.21 06
source-map:0.6.1pkg:npm/source-map@0.6.1 07
spawn-please:2.0.2pkg:npm/spawn-please@2.0.2 07
spdx-correct:3.2.0pkg:npm/spdx-correct@3.2.0 05
spdx-exceptions:2.3.0pkg:npm/spdx-exceptions@2.3.0 06
spdx-expression-parse:3.0.1pkg:npm/spdx-expression-parse@3.0.1 06
spdx-license-ids:3.0.13pkg:npm/spdx-license-ids@3.0.13 06
spectrum-colorpicker:1.8.1pkg:npm/spectrum-colorpicker@1.8.1 09
split-text-to-chunks:1.0.0pkg:npm/split-text-to-chunks@1.0.0 05
sprintf-js:1.0.3pkg:npm/sprintf-js@1.0.3 06
sshd-osgi-2.8.0.jarcpe:2.3:a:apache:sshd:2.8.0:*:*:*:*:*:*:*pkg:maven/org.apache.sshd/sshd-osgi@2.8.0CRITICAL1Highest38
sshd-sftp-2.8.0.jarcpe:2.3:a:apache:sshd:2.8.0:*:*:*:*:*:*:*pkg:maven/org.apache.sshd/sshd-sftp@2.8.0CRITICAL2Highest38
ssri:10.0.4cpe:2.3:a:ssri_project:ssri:10.0.4:*:*:*:*:*:*:*pkg:npm/ssri@10.0.4 0Highest6
stackframe:1.3.4pkg:npm/stackframe@1.3.4 07
stax-ex-1.8.1.jarcpe:2.3:a:oracle:projects:1.8.1:*:*:*:*:*:*:*pkg:maven/org.jvnet.staxex/stax-ex@1.8.1 0Low46
stax2-api-4.2.jarcpe:2.3:a:fasterxml:woodstox:4.2:*:*:*:*:*:*:*pkg:maven/org.codehaus.woodstox/stax2-api@4.2HIGH1Highest54
string-width:4.2.3pkg:npm/string-width@4.2.3 08
string.prototype.trim:1.2.7pkg:npm/string.prototype.trim@1.2.7 08
string.prototype.trimend:1.0.6pkg:npm/string.prototype.trimend@1.0.6 06
string.prototype.trimstart:1.0.6pkg:npm/string.prototype.trimstart@1.0.6 06
string_decoder:0.10.31pkg:npm/string_decoder@0.10.31 06
string_decoder:1.1.1pkg:npm/string_decoder@1.1.1 06
string_decoder:1.3.0pkg:npm/string_decoder@1.3.0 06
stringtemplate-3.2.1.jarcpe:2.3:a:temporal:temporal:3.2.1:*:*:*:*:*:*:*pkg:maven/org.antlr/stringtemplate@3.2.1 0Low38
strip-ansi:6.0.1pkg:npm/strip-ansi@6.0.1 08
strip-bom:3.0.0pkg:npm/strip-bom@3.0.0 08
strip-final-newline:2.0.0pkg:npm/strip-final-newline@2.0.0 08
strip-indent:3.0.0pkg:npm/strip-indent@3.0.0 08
strip-json-comments:1.0.4pkg:npm/strip-json-comments@1.0.4 08
strip-json-comments:2.0.1pkg:npm/strip-json-comments@2.0.1 08
strip-json-comments:3.1.1pkg:npm/strip-json-comments@3.1.1 08
strip-json-comments:5.0.1pkg:npm/strip-json-comments@5.0.1 08
stripe-java-20.32.0.jarcpe:2.3:a:stripe:stripe:20.32.0:*:*:*:*:*:*:*pkg:maven/com.stripe/stripe-java@20.32.0 0Highest34
sts-2.3.0.jarcpe:2.3:a:apache:jclouds:2.3.0:*:*:*:*:*:*:*pkg:maven/org.apache.jclouds.api/sts@2.3.0 0Highest33
style-search:0.1.0pkg:npm/style-search@0.1.0 08
stylelint-config-recommended:9.0.0pkg:npm/stylelint-config-recommended@9.0.0 06
stylelint-config-standard:29.0.0pkg:npm/stylelint-config-standard@29.0.0 06
stylelint:14.16.1pkg:npm/stylelint@14.16.1 07
supports-color:5.5.0pkg:npm/supports-color@5.5.0 08
supports-color:7.2.0pkg:npm/supports-color@7.2.0 08
supports-hyperlinks:2.3.0pkg:npm/supports-hyperlinks@2.3.0 08
supports-preserve-symlinks-flag:1.0.0pkg:npm/supports-preserve-symlinks-flag@1.0.0 08
svg-tags:1.0.0pkg:npm/svg-tags@1.0.0 08
swagger-annotations-1.5.8.jarpkg:maven/io.swagger/swagger-annotations@1.5.8 029
swagger-ui-dist:3.39.0pkg:npm/swagger-ui-dist@3.39.0MEDIUM34
table:6.8.1pkg:npm/table@6.8.1 08
tablemark:3.0.0pkg:npm/tablemark@3.0.0 08
tagsoup-1.2.1.jarpkg:maven/org.ccil.cowan.tagsoup/tagsoup@1.2.1 024
tar:6.1.15cpe:2.3:a:tar_project:tar:6.1.15:*:*:*:*:*:*:*pkg:npm/tar@6.1.15 0Highest6
term-size:2.2.1pkg:npm/term-size@2.2.1 08
terminal-link:2.1.1pkg:npm/terminal-link@2.1.1 08
text-table:0.2.0pkg:npm/text-table@0.2.0 09
threeten-extra-1.5.0.jarpkg:maven/org.threeten/threeten-extra@1.5.0 041
threetenbp-1.4.0.jarpkg:maven/org.threeten/threetenbp@1.4.0 043
throat:6.0.2pkg:npm/throat@6.0.2 06
through:2.3.8pkg:npm/through@2.3.8 07
tika-core-1.23.jarcpe:2.3:a:apache:tika:1.23:*:*:*:*:*:*:*pkg:maven/org.apache.tika/tika-core@1.23MEDIUM7Highest42
tika-parsers-1.23.jarcpe:2.3:a:apache:tika:1.23:*:*:*:*:*:*:*pkg:maven/org.apache.tika/tika-parsers@1.23MEDIUM8Highest41
tinymce-i18n:20.12.25pkg:npm/tinymce-i18n@20.12.25 06
tinymce:5.6.2cpe:2.3:a:tiny:tinymce:5.6.2:*:*:*:*:*:*:*
cpe:2.3:a:tinymce:tinymce:5.6.2:*:*:*:*:*:*:*		pkg:npm/tinymce@5.6.2MEDIUM9Highest7
tmp:0.0.33pkg:npm/tmp@0.0.33 08
to-fast-properties:2.0.0pkg:npm/to-fast-properties@2.0.0 08
to-readable-stream:1.0.0pkg:npm/to-readable-stream@1.0.0 08
to-regex-range:5.0.1pkg:npm/to-regex-range@5.0.1 08
totp-1.7.1.jarcpe:2.3:a:time_project:time:1.7.1:*:*:*:*:*:*:*pkg:maven/dev.samstevens.totp/totp@1.7.1 0Low24
tr46:0.0.3pkg:npm/tr46@0.0.3 08
trim-newlines:3.0.1cpe:2.3:a:trim-newlines_project:trim-newlines:3.0.1:*:*:*:*:*:*:*pkg:npm/trim-newlines@3.0.1 0Highest8
tslib:1.14.1pkg:npm/tslib@1.14.1 08
tslib:2.6.0pkg:npm/tslib@2.6.0 08
tuf-js:1.1.7pkg:npm/tuf-js@1.1.7 08
twilio-8.5.0.jarpkg:maven/com.twilio.sdk/twilio@8.5.0 028
txw2-2.3.2.jarpkg:maven/org.glassfish.jaxb/txw2@2.3.2 034
type-check:0.4.0pkg:npm/type-check@0.4.0 08
type-fest:0.18.1pkg:npm/type-fest@0.18.1 08
type-fest:0.20.2pkg:npm/type-fest@0.20.2 08
type-fest:0.21.3pkg:npm/type-fest@0.21.3 08
type-fest:0.6.0pkg:npm/type-fest@0.6.0 08
type-fest:0.8.1pkg:npm/type-fest@0.8.1 08
type-fest:1.4.0pkg:npm/type-fest@1.4.0 08
type-fest:2.19.0pkg:npm/type-fest@2.19.0 08
typed-array-length:1.0.4pkg:npm/typed-array-length@1.0.4 08
typedarray-to-buffer:3.1.5pkg:npm/typedarray-to-buffer@3.1.5 010
uc.micro:1.0.6pkg:npm/uc.micro@1.0.6 05
udunits-4.5.5.jarpkg:maven/edu.ucar/udunits@4.5.5 029
uglify-js:3.17.4cpe:2.3:a:uglifyjs_project:uglifyjs:3.17.4:*:*:*:*:*:*:*pkg:npm/uglify-js@3.17.4 0Low6
unbox-primitive:1.0.2pkg:npm/unbox-primitive@1.0.2 08
underscore:1.13.6cpe:2.3:a:underscorejs:underscore:1.13.6:*:*:*:*:*:*:*pkg:npm/underscore@1.13.6 0Highest7
unicode-canonical-property-names-ecmascript:2.0.0pkg:npm/unicode-canonical-property-names-ecmascript@2.0.0 09
unicode-match-property-ecmascript:2.0.0pkg:npm/unicode-match-property-ecmascript@2.0.0 09
unicode-match-property-value-ecmascript:2.1.0pkg:npm/unicode-match-property-value-ecmascript@2.1.0 09
unicode-property-aliases-ecmascript:2.1.0pkg:npm/unicode-property-aliases-ecmascript@2.1.0 09
unique-filename:3.0.0pkg:npm/unique-filename@3.0.0 08
unique-slug:4.0.0pkg:npm/unique-slug@4.0.0 06
unique-string:2.0.0pkg:npm/unique-string@2.0.0 08
unique-string:3.0.0pkg:npm/unique-string@3.0.0 08
unirest-java-3.11.09.jarpkg:maven/com.konghq/unirest-java@3.11.09 018
unit-api-1.0.jarpkg:maven/javax.measure/unit-api@1.0 0128
universalify:0.1.2pkg:npm/universalify@0.1.2 08
untildify:4.0.0pkg:npm/untildify@4.0.0 08
update-browserslist-db:1.0.13pkg:npm/update-browserslist-db@1.0.13 06
update-notifier:4.1.3pkg:npm/update-notifier@4.1.3 08
update-notifier:5.1.0pkg:npm/update-notifier@5.1.0 08
update-notifier:6.0.2pkg:npm/update-notifier@6.0.2 08
upper-case-first:2.0.2pkg:npm/upper-case-first@2.0.2 010
uri-js:4.4.1cpe:2.3:a:uri-js_project:uri-js:4.4.1:*:*:*:*:*:*:*
cpe:2.3:a:uri.js_project:uri.js:4.4.1:*:*:*:*:*:*:*		pkg:npm/uri-js@4.4.1 0Highest8
url-parse-lax:3.0.0pkg:npm/url-parse-lax@3.0.0 08
util-deprecate:1.0.2pkg:npm/util-deprecate@1.0.2 08
v8-compile-cache:2.3.0pkg:npm/v8-compile-cache@2.3.0 06
v8flags:3.2.0pkg:npm/v8flags@3.2.0 06
validate-npm-package-license:3.0.4pkg:npm/validate-npm-package-license@3.0.4 06
validate-npm-package-name:5.0.0pkg:npm/validate-npm-package-name@5.0.0 08
visit-values:2.0.0pkg:npm/visit-values@2.0.0 08
vorbis-java-core-0.8.jarpkg:maven/org.gagravarr/vorbis-java-core@0.8 022
vorbis-java-tika-0.8.jarpkg:maven/org.gagravarr/vorbis-java-tika@0.8 022
vue:2.6.12pkg:npm/vue@2.6.12 08
wcwidth:1.0.1pkg:npm/wcwidth@1.0.1 08
webidl-conversions:3.0.1pkg:npm/webidl-conversions@3.0.1 06
whatwg-url:5.0.0pkg:npm/whatwg-url@5.0.0 06
which-boxed-primitive:1.0.2pkg:npm/which-boxed-primitive@1.0.2 08
which-pm:2.0.0pkg:npm/which-pm@2.0.0 07
which-typed-array:1.1.9pkg:npm/which-typed-array@1.1.9 08
which:1.3.1pkg:npm/which@1.3.1 06
which:2.0.2pkg:npm/which@2.0.2 06
which:3.0.1pkg:npm/which@3.0.1 06
wide-align:1.1.5pkg:npm/wide-align@1.1.5 06
widest-line:3.1.0pkg:npm/widest-line@3.1.0 08
widest-line:4.0.1pkg:npm/widest-line@4.0.1 08
wmf2svg-0.9.8.jarpkg:maven/net.arnx/wmf2svg@0.9.8 031
woodstox-core-6.2.3.jar (shaded: com.sun.xml.bind.jaxb:isorelax:20090621)cpe:2.3:a:xml_library_project:xml_library:*:*:*:*:*:rust:*:*pkg:maven/com.sun.xml.bind.jaxb/isorelax@20090621HIGH1Highest12
woodstox-core-6.2.3.jar (shaded: net.java.dev.msv:xsdlib:2013.6.1)cpe:2.3:a:xml_library_project:xml_library:2013.6.1:*:*:*:*:*:*:*pkg:maven/net.java.dev.msv/xsdlib@2013.6.1 0Low9
woodstox-core-6.2.3.jarcpe:2.3:a:fasterxml:woodstox:6.2.3:*:*:*:*:*:*:*pkg:maven/com.fasterxml.woodstox/woodstox-core@6.2.3HIGH1Highest49
wordwrap:1.0.0cpe:2.3:a:word-wrap_project:word-wrap:1.0.0:*:*:*:*:*:*:*pkg:npm/wordwrap@1.0.0HIGH1Highest8
wrap-ansi:7.0.0pkg:npm/wrap-ansi@7.0.0 08
wrap-ansi:8.1.0pkg:npm/wrap-ansi@8.1.0 08
wrappy:1.0.2pkg:npm/wrappy@1.0.2 08
write-file-atomic:3.0.3pkg:npm/write-file-atomic@3.0.3 08
write-file-atomic:4.0.2pkg:npm/write-file-atomic@4.0.2 08
xalan-2.7.2.jarcpe:2.3:a:apache:xalan-java:2.7.2:*:*:*:*:*:*:*pkg:maven/xalan/xalan@2.7.2HIGH1Low66
xalan-interpretive-11.0.0.jarpkg:maven/org.docx4j.org.apache/xalan-interpretive@11.0.0 042
xalan-serializer-11.0.0.jarpkg:maven/org.docx4j.org.apache/xalan-serializer@11.0.0 041
xdg-basedir:4.0.0pkg:npm/xdg-basedir@4.0.0 08
xdg-basedir:5.1.0pkg:npm/xdg-basedir@5.1.0 08
xercesImpl-2.12.2.jarcpe:2.3:a:apache:xerces-j:2.12.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:xerces2_java:2.12.2:*:*:*:*:*:*:*		pkg:maven/xerces/xercesImpl@2.12.2MEDIUM1Low84
xhtmlrenderer-3.0.0.jarpkg:maven/org.docx4j/xhtmlrenderer@3.0.0 036
xmlbeans-3.1.0.jarcpe:2.3:a:apache:xmlbeans:3.1.0:*:*:*:*:*:*:*pkg:maven/org.apache.xmlbeans/xmlbeans@3.1.0 0Highest58
xmlcreate:2.0.4pkg:npm/xmlcreate@2.0.4 07
xmlgraphics-commons-2.3.jarcpe:2.3:a:apache:xmlgraphics_commons:2.3:*:*:*:*:*:*:*pkg:maven/org.apache.xmlgraphics/xmlgraphics-commons@2.3HIGH1Highest29
xmlsec-2.2.0.jarcpe:2.3:a:apache:santuario_xml_security_for_java:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:xml_security_for_java:2.2.0:*:*:*:*:*:*:*		pkg:maven/org.apache.santuario/xmlsec@2.2.0HIGH2Low50
xmpbox-2.0.22.jarcpe:2.3:a:apache:pdfbox:2.0.22:*:*:*:*:*:*:*pkg:maven/org.apache.pdfbox/xmpbox@2.0.22MEDIUM4Highest33
xmpcore-5.1.3.jarpkg:maven/com.adobe.xmp/xmpcore@5.1.3 037
xsom-2.3.2.jarcpe:2.3:a:eclipse:glassfish:2.3.2:*:*:*:*:*:*:*pkg:maven/org.glassfish.jaxb/xsom@2.3.2 0Medium27
xtend:4.0.2pkg:npm/xtend@4.0.2 09
xz-1.8.jarcpe:2.3:a:tukaani:xz:1.8:*:*:*:*:*:*:*pkg:maven/org.tukaani/xz@1.8 0Highest33
y18n:5.0.8cpe:2.3:a:y18n_project:y18n:5.0.8:*:*:*:*:*:*:*pkg:npm/y18n@5.0.8 0Highest8
yallist:2.1.2pkg:npm/yallist@2.1.2 06
yallist:3.1.1pkg:npm/yallist@3.1.1 06
yallist:4.0.0pkg:npm/yallist@4.0.0 06
yaml:1.10.2cpe:2.3:a:yaml_project:yaml:1.10.2:*:*:*:*:*:*:*pkg:npm/yaml@1.10.2 0Highest7
yargs-parser:20.2.9cpe:2.3:a:yargs:yargs-parser:20.2.9:*:*:*:*:*:*:*pkg:npm/yargs-parser@20.2.9 0Highest6
yargs:16.2.0pkg:npm/yargs@16.2.0 06
yocto-queue:0.1.0pkg:npm/yocto-queue@0.1.0 08

Dependencies

@aashutoshrathi/word-wrap:1.2.6

Description:

Wrap words to a specified length.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?optionator:0.9.3/@aashutoshrathi/word-wrap:^1.2.3

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/optionator:0.9.3

Identifiers

@ampproject/remapping:2.2.1

Description:

Remap sequential sourcemaps through transformations to point at the original source code

License:

Apache-2.0
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@babel/core:7.23.2/@ampproject/remapping:^2.2.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/core:7.23.2

Identifiers

@babel/cli:7.23.0

Description:

Babel command line.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/@babel/cli:7.23.0

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

@babel/code-frame:7.22.13

Description:

Generate errors that contain a code frame that point to source locations.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?parse-json:5.2.0/@babel/code-frame:^7.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65/@babel/traverse:7.23.2
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/core:7.23.2
  • simplicite-js:5.1.65/@babel/template:7.22.15
  • simplicite-js:5.1.65/parse-json:5.2.0

Identifiers

@babel/compat-data:7.23.2

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?babel-plugin-polyfill-corejs2:0.4.6/@babel/compat-data:^7.22.6

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/helper-compilation-targets:7.22.15
  • simplicite-js:5.1.65/babel-plugin-polyfill-corejs2:0.4.6
  • simplicite-js:5.1.65/@babel/preset-env:7.23.2
  • simplicite-js:5.1.65/@babel/plugin-transform-object-rest-spread:7.22.15

Identifiers

@babel/core:7.23.2

Description:

Babel compiler core.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/@babel/core:7.23.2

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

@babel/generator:7.23.0

Description:

Turns an AST into code.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@babel/traverse:7.23.2/@babel/generator:^7.23.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65/@babel/traverse:7.23.2
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/core:7.23.2

Identifiers

@babel/helper-annotate-as-pure:7.22.5

Description:

Helper function to annotate paths and nodes with #__PURE__ comment

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@babel/plugin-transform-private-property-in-object:7.22.11/@babel/helper-annotate-as-pure:^7.22.5

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/helper-create-class-features-plugin:7.22.15
  • simplicite-js:5.1.65/@babel/plugin-transform-classes:7.22.15
  • simplicite-js:5.1.65/@babel/helper-remap-async-to-generator:7.22.20
  • simplicite-js:5.1.65/@babel/plugin-transform-private-property-in-object:7.22.11
  • simplicite-js:5.1.65/@babel/helper-create-regexp-features-plugin:7.22.5

Identifiers

@babel/helper-builder-binary-assignment-operator-visitor:7.22.5

Description:

Helper function to build binary assignment operator visitors

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@babel/plugin-transform-exponentiation-operator:7.22.5/@babel/helper-builder-binary-assignment-operator-visitor:^7.22.5

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/plugin-transform-exponentiation-operator:7.22.5

Identifiers

@babel/helper-compilation-targets:7.22.15

Description:

Helper functions on Babel compilation targets

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@babel/preset-env:7.23.2/@babel/helper-compilation-targets:^7.22.15

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/helper-define-polyfill-provider:0.4.3
  • simplicite-js:5.1.65/@babel/core:7.23.2
  • simplicite-js:5.1.65/@babel/plugin-transform-classes:7.22.15
  • simplicite-js:5.1.65/@babel/plugin-transform-function-name:7.22.5
  • simplicite-js:5.1.65/@babel/preset-env:7.23.2
  • simplicite-js:5.1.65/@babel/plugin-transform-object-rest-spread:7.22.15

Identifiers

@babel/helper-create-class-features-plugin:7.22.15

Description:

Compile class public and private fields, private methods and decorators to ES6

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@babel/plugin-transform-private-property-in-object:7.22.11/@babel/helper-create-class-features-plugin:^7.22.11

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65/@babel/plugin-transform-class-static-block:7.22.11
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/plugin-transform-private-methods:7.22.5
  • simplicite-js:5.1.65/@babel/plugin-transform-private-property-in-object:7.22.11
  • simplicite-js:5.1.65/@babel/plugin-transform-class-properties:7.22.5

Identifiers

@babel/helper-create-regexp-features-plugin:7.22.5

Description:

Compile ESNext Regular Expressions to ES5

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@babel/plugin-transform-unicode-sets-regex:7.22.5/@babel/helper-create-regexp-features-plugin:^7.22.5

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/plugin-transform-dotall-regex:7.22.5
  • simplicite-js:5.1.65/@babel/plugin-syntax-unicode-sets-regex:7.18.6
  • simplicite-js:5.1.65/@babel/plugin-transform-unicode-regex:7.22.5
  • simplicite-js:5.1.65/@babel/plugin-transform-unicode-sets-regex:7.22.5
  • simplicite-js:5.1.65/@babel/plugin-transform-unicode-property-regex:7.22.5
  • simplicite-js:5.1.65/@babel/plugin-transform-named-capturing-groups-regex:7.22.5

Identifiers

@babel/helper-define-polyfill-provider:0.4.3

Description:

Babel helper to create your own polyfill provider

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?babel-plugin-polyfill-regenerator:0.5.3/@babel/helper-define-polyfill-provider:^0.4.3

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/babel-plugin-polyfill-corejs2:0.4.6
  • simplicite-js:5.1.65/babel-plugin-polyfill-regenerator:0.5.3
  • simplicite-js:5.1.65/babel-plugin-polyfill-corejs3:0.8.5

Identifiers

@babel/helper-environment-visitor:7.22.20

Description:

Helper visitor to only visit nodes in the current 'this' context

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@babel/traverse:7.23.2/@babel/helper-environment-visitor:^7.22.20

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65/@babel/traverse:7.23.2
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/helper-create-class-features-plugin:7.22.15
  • simplicite-js:5.1.65/@babel/helper-replace-supers:7.22.20
  • simplicite-js:5.1.65/@babel/plugin-transform-classes:7.22.15
  • simplicite-js:5.1.65/@babel/helper-remap-async-to-generator:7.22.20
  • simplicite-js:5.1.65/@babel/helper-module-transforms:7.23.0
  • simplicite-js:5.1.65/@babel/plugin-transform-async-generator-functions:7.23.2

Identifiers

@babel/helper-function-name:7.23.0

Description:

Helper function to change the property 'name' of every function

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@babel/traverse:7.23.2/@babel/helper-function-name:^7.23.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65/@babel/traverse:7.23.2
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/helper-create-class-features-plugin:7.22.15
  • simplicite-js:5.1.65/@babel/helper-wrap-function:7.22.20
  • simplicite-js:5.1.65/@babel/plugin-transform-classes:7.22.15
  • simplicite-js:5.1.65/@babel/plugin-transform-function-name:7.22.5

Identifiers

@babel/helper-hoist-variables:7.22.5

Description:

Helper function to hoist variables

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@babel/traverse:7.23.2/@babel/helper-hoist-variables:^7.22.5

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65/@babel/traverse:7.23.2
  • simplicite-js:5.1.65/@babel/plugin-transform-modules-systemjs:7.23.0
  • simplicite-js:5.1.65

Identifiers

@babel/helper-member-expression-to-functions:7.22.15

Description:

Helper function to replace certain member expressions with function calls

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@babel/helper-replace-supers:7.22.20/@babel/helper-member-expression-to-functions:^7.22.15

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/helper-create-class-features-plugin:7.22.15
  • simplicite-js:5.1.65/@babel/helper-replace-supers:7.22.20

Identifiers

@babel/helper-module-imports:7.22.15

Description:

Babel helper functions for inserting module loads

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@babel/plugin-transform-async-to-generator:7.22.5/@babel/helper-module-imports:^7.22.5

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/helper-module-transforms:7.23.0
  • simplicite-js:5.1.65/@babel/plugin-transform-async-to-generator:7.22.5

Identifiers

@babel/helper-module-transforms:7.23.0

Description:

Babel helper functions for implementing ES6 module transformations

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@babel/plugin-transform-modules-umd:7.22.5/@babel/helper-module-transforms:^7.22.5

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65/@babel/plugin-transform-modules-systemjs:7.23.0
  • simplicite-js:5.1.65/@babel/plugin-transform-modules-umd:7.22.5
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/plugin-transform-modules-amd:7.23.0
  • simplicite-js:5.1.65/@babel/core:7.23.2
  • simplicite-js:5.1.65/@babel/plugin-transform-modules-commonjs:7.23.0

Identifiers

@babel/helper-optimise-call-expression:7.22.5

Description:

Helper function to optimise call expression

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@babel/plugin-transform-classes:7.22.15/@babel/helper-optimise-call-expression:^7.22.5

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/helper-create-class-features-plugin:7.22.15
  • simplicite-js:5.1.65/@babel/helper-replace-supers:7.22.20
  • simplicite-js:5.1.65/@babel/plugin-transform-classes:7.22.15

Identifiers

@babel/helper-plugin-utils:7.22.5

Description:

General utilities for plugins to use

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@babel/preset-modules:0.1.6-no-external-plugins/@babel/helper-plugin-utils:^7.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65/@babel/plugin-transform-dotall-regex:7.22.5
  • simplicite-js:5.1.65/@babel/plugin-transform-private-methods:7.22.5
  • simplicite-js:5.1.65/@babel/plugin-transform-json-strings:7.22.11
  • simplicite-js:5.1.65/@babel/plugin-transform-exponentiation-operator:7.22.5
  • simplicite-js:5.1.65/@babel/plugin-syntax-top-level-await:7.14.5
  • simplicite-js:5.1.65/@babel/plugin-transform-parameters:7.22.15
  • simplicite-js:5.1.65/@babel/plugin-transform-computed-properties:7.22.5
  • simplicite-js:5.1.65/@babel/plugin-syntax-optional-chaining:7.8.3
  • simplicite-js:5.1.65/@babel/plugin-transform-unicode-regex:7.22.5
  • simplicite-js:5.1.65/@babel/plugin-transform-new-target:7.22.5
  • simplicite-js:5.1.65/@babel/plugin-syntax-object-rest-spread:7.8.3
  • simplicite-js:5.1.65/@babel/plugin-transform-template-literals:7.22.5
  • simplicite-js:5.1.65/@babel/plugin-transform-optional-chaining:7.23.0
  • simplicite-js:5.1.65/@babel/plugin-transform-modules-systemjs:7.23.0
  • simplicite-js:5.1.65/@babel/plugin-transform-modules-umd:7.22.5
  • simplicite-js:5.1.65/@babel/plugin-transform-member-expression-literals:7.22.5
  • simplicite-js:5.1.65/@babel/plugin-syntax-class-properties:7.12.13
  • simplicite-js:5.1.65/@babel/plugin-transform-spread:7.22.5
  • simplicite-js:5.1.65/@babel/plugin-transform-arrow-functions:7.22.5
  • simplicite-js:5.1.65/@babel/preset-modules:0.1.6-no-external-plugins
  • simplicite-js:5.1.65/@babel/plugin-transform-class-properties:7.22.5
  • simplicite-js:5.1.65/@babel/plugin-syntax-import-attributes:7.22.5
  • simplicite-js:5.1.65/@babel/plugin-transform-named-capturing-groups-regex:7.22.5
  • simplicite-js:5.1.65/@babel/plugin-transform-optional-catch-binding:7.22.11
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/helper-define-polyfill-provider:0.4.3
  • simplicite-js:5.1.65/@babel/plugin-transform-typeof-symbol:7.22.5
  • simplicite-js:5.1.65/@babel/plugin-transform-destructuring:7.23.0
  • simplicite-js:5.1.65/@babel/plugin-syntax-private-property-in-object:7.14.5
  • simplicite-js:5.1.65/@babel/plugin-transform-literals:7.22.5
  • simplicite-js:5.1.65/@babel/plugin-transform-block-scoped-functions:7.22.5
  • simplicite-js:5.1.65/@babel/plugin-transform-modules-commonjs:7.23.0
  • simplicite-js:5.1.65/@babel/plugin-transform-function-name:7.22.5
  • simplicite-js:5.1.65/@babel/plugin-syntax-import-assertions:7.22.5
  • simplicite-js:5.1.65/@babel/plugin-syntax-async-generators:7.8.4
  • simplicite-js:5.1.65/@babel/plugin-transform-async-generator-functions:7.23.2
  • simplicite-js:5.1.65/@babel/plugin-transform-async-to-generator:7.22.5
  • simplicite-js:5.1.65/@babel/plugin-transform-export-namespace-from:7.22.11
  • simplicite-js:5.1.65/@babel/preset-env:7.23.2
  • simplicite-js:5.1.65/@babel/plugin-transform-sticky-regex:7.22.5
  • simplicite-js:5.1.65/@babel/plugin-transform-class-static-block:7.22.11
  • simplicite-js:5.1.65/@babel/plugin-transform-private-property-in-object:7.22.11
  • simplicite-js:5.1.65/@babel/plugin-transform-block-scoping:7.23.0
  • simplicite-js:5.1.65/@babel/plugin-syntax-dynamic-import:7.8.3
  • simplicite-js:5.1.65/@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining:7.22.15
  • simplicite-js:5.1.65/@babel/plugin-transform-unicode-property-regex:7.22.5
  • simplicite-js:5.1.65/@babel/plugin-transform-dynamic-import:7.22.11
  • simplicite-js:5.1.65/@babel/plugin-transform-regenerator:7.22.10
  • simplicite-js:5.1.65/@babel/plugin-syntax-nullish-coalescing-operator:7.8.3
  • simplicite-js:5.1.65/@babel/plugin-syntax-logical-assignment-operators:7.10.4
  • simplicite-js:5.1.65/@babel/plugin-transform-nullish-coalescing-operator:7.22.11
  • simplicite-js:5.1.65/@babel/plugin-syntax-unicode-sets-regex:7.18.6
  • simplicite-js:5.1.65/@babel/plugin-transform-numeric-separator:7.22.11
  • simplicite-js:5.1.65/@babel/plugin-syntax-export-namespace-from:7.8.3
  • simplicite-js:5.1.65/@babel/plugin-transform-unicode-escapes:7.22.10
  • simplicite-js:5.1.65/@babel/plugin-transform-duplicate-keys:7.22.5
  • simplicite-js:5.1.65/@babel/plugin-syntax-optional-catch-binding:7.8.3
  • simplicite-js:5.1.65/@babel/plugin-syntax-class-static-block:7.14.5
  • simplicite-js:5.1.65/@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression:7.22.15
  • simplicite-js:5.1.65/@babel/plugin-transform-modules-amd:7.23.0
  • simplicite-js:5.1.65/@babel/plugin-transform-property-literals:7.22.5
  • simplicite-js:5.1.65/@babel/plugin-transform-classes:7.22.15
  • simplicite-js:5.1.65/@babel/plugin-syntax-numeric-separator:7.10.4
  • simplicite-js:5.1.65/@babel/plugin-syntax-import-meta:7.10.4
  • simplicite-js:5.1.65/@babel/plugin-syntax-json-strings:7.8.3
  • simplicite-js:5.1.65/@babel/plugin-transform-unicode-sets-regex:7.22.5
  • simplicite-js:5.1.65/@babel/plugin-transform-logical-assignment-operators:7.22.11
  • simplicite-js:5.1.65/@babel/plugin-transform-shorthand-properties:7.22.5
  • simplicite-js:5.1.65/@babel/plugin-transform-for-of:7.22.15
  • simplicite-js:5.1.65/@babel/plugin-transform-reserved-words:7.22.5
  • simplicite-js:5.1.65/@babel/plugin-transform-object-super:7.22.5
  • simplicite-js:5.1.65/@babel/plugin-transform-object-rest-spread:7.22.15

Identifiers

@babel/helper-remap-async-to-generator:7.22.20

Description:

Helper function to remap async functions to generators

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@babel/plugin-transform-async-to-generator:7.22.5/@babel/helper-remap-async-to-generator:^7.22.5

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/plugin-transform-async-generator-functions:7.23.2
  • simplicite-js:5.1.65/@babel/plugin-transform-async-to-generator:7.22.5

Identifiers

@babel/helper-replace-supers:7.22.20

Description:

Helper function to replace supers

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@babel/plugin-transform-object-super:7.22.5/@babel/helper-replace-supers:^7.22.5

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/helper-create-class-features-plugin:7.22.15
  • simplicite-js:5.1.65/@babel/plugin-transform-classes:7.22.15
  • simplicite-js:5.1.65/@babel/plugin-transform-object-super:7.22.5

Identifiers

@babel/helper-simple-access:7.22.5

Description:

Babel helper for ensuring that access to a given value is performed through simple accesses

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@babel/plugin-transform-modules-commonjs:7.23.0/@babel/helper-simple-access:^7.22.5

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/helper-module-transforms:7.23.0
  • simplicite-js:5.1.65/@babel/plugin-transform-modules-commonjs:7.23.0

Identifiers

@babel/helper-skip-transparent-expression-wrappers:7.22.5

Description:

Helper which skips types and parentheses

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@babel/plugin-transform-spread:7.22.5/@babel/helper-skip-transparent-expression-wrappers:^7.22.5

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/helper-create-class-features-plugin:7.22.15
  • simplicite-js:5.1.65/@babel/plugin-transform-spread:7.22.5
  • simplicite-js:5.1.65/@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining:7.22.15
  • simplicite-js:5.1.65/@babel/plugin-transform-optional-chaining:7.23.0

Identifiers

@babel/helper-split-export-declaration:7.22.6

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@babel/traverse:7.23.2/@babel/helper-split-export-declaration:^7.22.6

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65/@babel/traverse:7.23.2
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/helper-create-class-features-plugin:7.22.15
  • simplicite-js:5.1.65/@babel/plugin-transform-classes:7.22.15
  • simplicite-js:5.1.65/@babel/helper-module-transforms:7.23.0

Identifiers

@babel/helper-string-parser:7.22.5

Description:

A utility package to parse strings

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@babel/types:7.23.0/@babel/helper-string-parser:^7.22.5

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/types:7.23.0

Identifiers

@babel/helper-validator-identifier:7.22.20

Description:

Validate identifier/keywords name

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@babel/types:7.23.0/@babel/helper-validator-identifier:^7.22.20

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65/@babel/plugin-transform-modules-systemjs:7.23.0
  • simplicite-js:5.1.65/@babel/highlight:7.22.20
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/types:7.23.0
  • simplicite-js:5.1.65/@babel/helper-module-transforms:7.23.0

Identifiers

@babel/helper-validator-option:7.22.15

Description:

Validate plugin/preset options

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@babel/preset-env:7.23.2/@babel/helper-validator-option:^7.22.15

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/helper-compilation-targets:7.22.15
  • simplicite-js:5.1.65/@babel/preset-env:7.23.2

Identifiers

@babel/helper-wrap-function:7.22.20

Description:

Helper to wrap functions inside a function call.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/@babel/helper-wrap-function:7.22.20

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/helper-remap-async-to-generator:7.22.20

Identifiers

@babel/helpers:7.23.2

Description:

Collection of helper functions used by Babel transforms.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/@babel/helpers:7.23.2

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/core:7.23.2

Identifiers

@babel/highlight:7.22.20

Description:

Syntax highlight JavaScript strings for output in terminals.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/@babel/highlight:7.22.20

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/code-frame:7.22.13

Identifiers

@babel/node:7.22.19

Description:

Babel command line

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/@babel/node:7.22.19

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

@babel/parser:7.16.4

Description:

A JavaScript parser

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/@babel/parser:7.16.4

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

@babel/parser:7.23.0

Description:

A JavaScript parser

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?jsdoc:4.0.2/@babel/parser:^7.20.15

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65/@babel/traverse:7.23.2
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@vue/reactivity-transform:3.3.4
  • simplicite-js:5.1.65/@babel/core:7.23.2
  • simplicite-js:5.1.65/@babel/template:7.22.15
  • simplicite-js:5.1.65/jsdoc:4.0.2
  • simplicite-js:5.1.65/@vue/compiler-sfc:3.3.4
  • simplicite-js:5.1.65/@vue/compiler-core:3.3.4
  • simplicite-js:5.1.65/depcheck:1.4.3

Identifiers

@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression:7.22.15

Description:

Rename destructuring parameter to workaround https://bugs.webkit.org/show_bug.cgi?id=220517

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@babel/preset-env:7.23.2/@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression:^7.22.15

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/preset-env:7.23.2

Identifiers

@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining:7.22.15

Description:

Transform optional chaining operators to workaround https://crbug.com/v8/11558

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@babel/preset-env:7.23.2/@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining:^7.22.15

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/preset-env:7.23.2

Identifiers

@babel/plugin-proposal-private-property-in-object:7.21.0-placeholder-for-preset-env.2

Description:

This plugin transforms checks for a private property in an object

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@babel/preset-env:7.23.2/@babel/plugin-proposal-private-property-in-object:7.21.0-placeholder-for-preset-env.2

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/preset-env:7.23.2

Identifiers

@babel/plugin-syntax-async-generators:7.8.4

Description:

Allow parsing of async generator functions

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@babel/preset-env:7.23.2/@babel/plugin-syntax-async-generators:^7.8.4

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/plugin-transform-async-generator-functions:7.23.2
  • simplicite-js:5.1.65/@babel/preset-env:7.23.2

Identifiers

@babel/plugin-syntax-class-properties:7.12.13

Description:

Allow parsing of class properties

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@babel/preset-env:7.23.2/@babel/plugin-syntax-class-properties:^7.12.13

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/preset-env:7.23.2

Identifiers

@babel/plugin-syntax-class-static-block:7.14.5

Description:

Allow parsing of class static blocks

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@babel/preset-env:7.23.2/@babel/plugin-syntax-class-static-block:^7.14.5

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65/@babel/plugin-transform-class-static-block:7.22.11
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/preset-env:7.23.2

Identifiers

@babel/plugin-syntax-dynamic-import:7.8.3

Description:

Allow parsing of import()

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@babel/preset-env:7.23.2/@babel/plugin-syntax-dynamic-import:^7.8.3

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/preset-env:7.23.2
  • simplicite-js:5.1.65/@babel/plugin-transform-dynamic-import:7.22.11

Identifiers

@babel/plugin-syntax-export-namespace-from:7.8.3

Description:

Allow parsing of export namespace from

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@babel/preset-env:7.23.2/@babel/plugin-syntax-export-namespace-from:^7.8.3

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/plugin-transform-export-namespace-from:7.22.11
  • simplicite-js:5.1.65/@babel/preset-env:7.23.2

Identifiers

@babel/plugin-syntax-import-assertions:7.22.5

Description:

Allow parsing of the module assertion attributes in the import statement

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@babel/preset-env:7.23.2/@babel/plugin-syntax-import-assertions:^7.22.5

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/preset-env:7.23.2

Identifiers

@babel/plugin-syntax-import-attributes:7.22.5

Description:

Allow parsing of the module attributes in the import statement

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@babel/preset-env:7.23.2/@babel/plugin-syntax-import-attributes:^7.22.5

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/preset-env:7.23.2

Identifiers

@babel/plugin-syntax-import-meta:7.10.4

Description:

Allow parsing of import.meta

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@babel/preset-env:7.23.2/@babel/plugin-syntax-import-meta:^7.10.4

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/preset-env:7.23.2

Identifiers

@babel/plugin-syntax-json-strings:7.8.3

Description:

Allow parsing of the U+2028 LINE SEPARATOR and U+2029 PARAGRAPH SEPARATOR in JS strings

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@babel/preset-env:7.23.2/@babel/plugin-syntax-json-strings:^7.8.3

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/plugin-transform-json-strings:7.22.11
  • simplicite-js:5.1.65/@babel/preset-env:7.23.2

Identifiers

@babel/plugin-syntax-logical-assignment-operators:7.10.4

Description:

Allow parsing of the logical assignment operators

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@babel/preset-env:7.23.2/@babel/plugin-syntax-logical-assignment-operators:^7.10.4

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/preset-env:7.23.2
  • simplicite-js:5.1.65/@babel/plugin-transform-logical-assignment-operators:7.22.11

Identifiers

@babel/plugin-syntax-nullish-coalescing-operator:7.8.3

Description:

Allow parsing of the nullish-coalescing operator

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@babel/preset-env:7.23.2/@babel/plugin-syntax-nullish-coalescing-operator:^7.8.3

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/plugin-transform-nullish-coalescing-operator:7.22.11
  • simplicite-js:5.1.65/@babel/preset-env:7.23.2

Identifiers

@babel/plugin-syntax-numeric-separator:7.10.4

Description:

Allow parsing of Decimal, Binary, Hex and Octal literals that contain a Numeric Literal Separator

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@babel/preset-env:7.23.2/@babel/plugin-syntax-numeric-separator:^7.10.4

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/plugin-transform-numeric-separator:7.22.11
  • simplicite-js:5.1.65/@babel/preset-env:7.23.2

Identifiers

@babel/plugin-syntax-object-rest-spread:7.8.3

Description:

Allow parsing of object rest/spread

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@babel/preset-env:7.23.2/@babel/plugin-syntax-object-rest-spread:^7.8.3

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/preset-env:7.23.2
  • simplicite-js:5.1.65/@babel/plugin-transform-object-rest-spread:7.22.15

Identifiers

@babel/plugin-syntax-optional-catch-binding:7.8.3

Description:

Allow parsing of optional catch bindings

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@babel/preset-env:7.23.2/@babel/plugin-syntax-optional-catch-binding:^7.8.3

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65/@babel/plugin-transform-optional-catch-binding:7.22.11
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/preset-env:7.23.2

Identifiers

@babel/plugin-syntax-optional-chaining:7.8.3

Description:

Allow parsing of optional properties

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@babel/preset-env:7.23.2/@babel/plugin-syntax-optional-chaining:^7.8.3

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/plugin-transform-optional-chaining:7.23.0
  • simplicite-js:5.1.65/@babel/preset-env:7.23.2

Identifiers

@babel/plugin-syntax-private-property-in-object:7.14.5

Description:

Allow parsing of '#foo in obj' brand checks

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@babel/preset-env:7.23.2/@babel/plugin-syntax-private-property-in-object:^7.14.5

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/plugin-transform-private-property-in-object:7.22.11
  • simplicite-js:5.1.65/@babel/preset-env:7.23.2

Identifiers

@babel/plugin-syntax-top-level-await:7.14.5

Description:

Allow parsing of top-level await in modules

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@babel/preset-env:7.23.2/@babel/plugin-syntax-top-level-await:^7.14.5

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/preset-env:7.23.2

Identifiers

@babel/plugin-syntax-unicode-sets-regex:7.18.6

Description:

Parse regular expressions' unicodeSets (v) flag.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@babel/preset-env:7.23.2/@babel/plugin-syntax-unicode-sets-regex:^7.18.6

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/preset-env:7.23.2

Identifiers

@babel/plugin-transform-arrow-functions:7.22.5

Description:

Compile ES2015 arrow functions to ES5

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@babel/preset-env:7.23.2/@babel/plugin-transform-arrow-functions:^7.22.5

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/preset-env:7.23.2

Identifiers

@babel/plugin-transform-async-generator-functions:7.23.2

Description:

Turn async generator functions into ES2015 generators

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@babel/preset-env:7.23.2/@babel/plugin-transform-async-generator-functions:^7.23.2

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/preset-env:7.23.2

Identifiers

@babel/plugin-transform-async-to-generator:7.22.5

Description:

Turn async functions into ES2015 generators

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@babel/preset-env:7.23.2/@babel/plugin-transform-async-to-generator:^7.22.5

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/preset-env:7.23.2

Identifiers

@babel/plugin-transform-block-scoped-functions:7.22.5

Description:

Babel plugin to ensure function declarations at the block level are block scoped

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@babel/preset-env:7.23.2/@babel/plugin-transform-block-scoped-functions:^7.22.5

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/preset-env:7.23.2

Identifiers

@babel/plugin-transform-block-scoping:7.23.0

Description:

Compile ES2015 block scoping (const and let) to ES5

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@babel/preset-env:7.23.2/@babel/plugin-transform-block-scoping:^7.23.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/preset-env:7.23.2

Identifiers

@babel/plugin-transform-class-properties:7.22.5

Description:

This plugin transforms static class properties as well as properties declared with the property initializer syntax

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@babel/preset-env:7.23.2/@babel/plugin-transform-class-properties:^7.22.5

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/preset-env:7.23.2

Identifiers

@babel/plugin-transform-class-static-block:7.22.11

Description:

Transform class static blocks

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@babel/preset-env:7.23.2/@babel/plugin-transform-class-static-block:^7.22.11

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/preset-env:7.23.2

Identifiers

@babel/plugin-transform-classes:7.22.15

Description:

Compile ES2015 classes to ES5

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@babel/preset-env:7.23.2/@babel/plugin-transform-classes:^7.22.15

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/preset-env:7.23.2

Identifiers

@babel/plugin-transform-computed-properties:7.22.5

Description:

Compile ES2015 computed properties to ES5

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@babel/preset-env:7.23.2/@babel/plugin-transform-computed-properties:^7.22.5

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/preset-env:7.23.2

Identifiers

@babel/plugin-transform-destructuring:7.23.0

Description:

Compile ES2015 destructuring to ES5

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@babel/preset-env:7.23.2/@babel/plugin-transform-destructuring:^7.23.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/preset-env:7.23.2

Identifiers

@babel/plugin-transform-dotall-regex:7.22.5

Description:

Compile regular expressions using the `s` (`dotAll`) flag to ES5.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@babel/preset-env:7.23.2/@babel/plugin-transform-dotall-regex:^7.22.5

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/preset-env:7.23.2

Identifiers

@babel/plugin-transform-duplicate-keys:7.22.5

Description:

Compile objects with duplicate keys to valid strict ES5

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@babel/preset-env:7.23.2/@babel/plugin-transform-duplicate-keys:^7.22.5

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/preset-env:7.23.2

Identifiers

@babel/plugin-transform-dynamic-import:7.22.11

Description:

Transform import() expressions

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@babel/preset-env:7.23.2/@babel/plugin-transform-dynamic-import:^7.22.11

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/preset-env:7.23.2

Identifiers

@babel/plugin-transform-exponentiation-operator:7.22.5

Description:

Compile exponentiation operator to ES5

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@babel/preset-env:7.23.2/@babel/plugin-transform-exponentiation-operator:^7.22.5

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/preset-env:7.23.2

Identifiers

@babel/plugin-transform-export-namespace-from:7.22.11

Description:

Compile export namespace to ES2015

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@babel/preset-env:7.23.2/@babel/plugin-transform-export-namespace-from:^7.22.11

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/preset-env:7.23.2

Identifiers

@babel/plugin-transform-for-of:7.22.15

Description:

Compile ES2015 for...of to ES5

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@babel/preset-env:7.23.2/@babel/plugin-transform-for-of:^7.22.15

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/preset-env:7.23.2

Identifiers

@babel/plugin-transform-function-name:7.22.5

Description:

Apply ES2015 function.name semantics to all functions

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@babel/preset-env:7.23.2/@babel/plugin-transform-function-name:^7.22.5

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/preset-env:7.23.2

Identifiers

@babel/plugin-transform-json-strings:7.22.11

Description:

Escape U+2028 LINE SEPARATOR and U+2029 PARAGRAPH SEPARATOR in JS strings

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@babel/preset-env:7.23.2/@babel/plugin-transform-json-strings:^7.22.11

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/preset-env:7.23.2

Identifiers

@babel/plugin-transform-literals:7.22.5

Description:

Compile ES2015 unicode string and number literals to ES5

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@babel/preset-env:7.23.2/@babel/plugin-transform-literals:^7.22.5

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/preset-env:7.23.2

Identifiers

@babel/plugin-transform-logical-assignment-operators:7.22.11

Description:

Transforms logical assignment operators into short-circuited assignments

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@babel/preset-env:7.23.2/@babel/plugin-transform-logical-assignment-operators:^7.22.11

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/preset-env:7.23.2

Identifiers

@babel/plugin-transform-member-expression-literals:7.22.5

Description:

Ensure that reserved words are quoted in property accesses

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@babel/preset-env:7.23.2/@babel/plugin-transform-member-expression-literals:^7.22.5

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/preset-env:7.23.2

Identifiers

@babel/plugin-transform-modules-amd:7.23.0

Description:

This plugin transforms ES2015 modules to AMD

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@babel/preset-env:7.23.2/@babel/plugin-transform-modules-amd:^7.23.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/preset-env:7.23.2

Identifiers

@babel/plugin-transform-modules-commonjs:7.23.0

Description:

This plugin transforms ES2015 modules to CommonJS

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@babel/preset-env:7.23.2/@babel/plugin-transform-modules-commonjs:^7.23.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/preset-env:7.23.2

Identifiers

@babel/plugin-transform-modules-systemjs:7.23.0

Description:

This plugin transforms ES2015 modules to SystemJS

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@babel/preset-env:7.23.2/@babel/plugin-transform-modules-systemjs:^7.23.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/preset-env:7.23.2

Identifiers

@babel/plugin-transform-modules-umd:7.22.5

Description:

This plugin transforms ES2015 modules to UMD

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@babel/preset-env:7.23.2/@babel/plugin-transform-modules-umd:^7.22.5

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/preset-env:7.23.2

Identifiers

@babel/plugin-transform-named-capturing-groups-regex:7.22.5

Description:

Compile regular expressions using named groups to ES5.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@babel/preset-env:7.23.2/@babel/plugin-transform-named-capturing-groups-regex:^7.22.5

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/preset-env:7.23.2

Identifiers

@babel/plugin-transform-new-target:7.22.5

Description:

Transforms new.target meta property

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@babel/preset-env:7.23.2/@babel/plugin-transform-new-target:^7.22.5

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/preset-env:7.23.2

Identifiers

@babel/plugin-transform-nullish-coalescing-operator:7.22.11

Description:

Remove nullish coalescing operator

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@babel/preset-env:7.23.2/@babel/plugin-transform-nullish-coalescing-operator:^7.22.11

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/preset-env:7.23.2

Identifiers

@babel/plugin-transform-numeric-separator:7.22.11

Description:

Remove numeric separators from Decimal, Binary, Hex and Octal literals

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@babel/preset-env:7.23.2/@babel/plugin-transform-numeric-separator:^7.22.11

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/preset-env:7.23.2

Identifiers

@babel/plugin-transform-object-rest-spread:7.22.15

Description:

Compile object rest and spread to ES5

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@babel/preset-env:7.23.2/@babel/plugin-transform-object-rest-spread:^7.22.15

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/preset-env:7.23.2

Identifiers

@babel/plugin-transform-object-super:7.22.5

Description:

Compile ES2015 object super to ES5

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@babel/preset-env:7.23.2/@babel/plugin-transform-object-super:^7.22.5

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/preset-env:7.23.2

Identifiers

@babel/plugin-transform-optional-catch-binding:7.22.11

Description:

Compile optional catch bindings

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@babel/preset-env:7.23.2/@babel/plugin-transform-optional-catch-binding:^7.22.11

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/preset-env:7.23.2

Identifiers

@babel/plugin-transform-optional-chaining:7.23.0

Description:

Transform optional chaining operators into a series of nil checks

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@babel/preset-env:7.23.2/@babel/plugin-transform-optional-chaining:^7.23.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining:7.22.15
  • simplicite-js:5.1.65/@babel/preset-env:7.23.2

Identifiers

@babel/plugin-transform-parameters:7.22.15

Description:

Compile ES2015 default and rest parameters to ES5

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@babel/preset-env:7.23.2/@babel/plugin-transform-parameters:^7.22.15

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/preset-env:7.23.2
  • simplicite-js:5.1.65/@babel/plugin-transform-object-rest-spread:7.22.15

Identifiers

@babel/plugin-transform-private-methods:7.22.5

Description:

This plugin transforms private class methods

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@babel/preset-env:7.23.2/@babel/plugin-transform-private-methods:^7.22.5

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/preset-env:7.23.2

Identifiers

@babel/plugin-transform-private-property-in-object:7.22.11

Description:

This plugin transforms checks for a private property in an object

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@babel/preset-env:7.23.2/@babel/plugin-transform-private-property-in-object:^7.22.11

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/preset-env:7.23.2

Identifiers

@babel/plugin-transform-property-literals:7.22.5

Description:

Ensure that reserved words are quoted in object property keys

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@babel/preset-env:7.23.2/@babel/plugin-transform-property-literals:^7.22.5

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/preset-env:7.23.2

Identifiers

@babel/plugin-transform-regenerator:7.22.10

Description:

Explode async and generator functions into a state machine.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@babel/preset-env:7.23.2/@babel/plugin-transform-regenerator:^7.22.10

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/preset-env:7.23.2

Identifiers

@babel/plugin-transform-reserved-words:7.22.5

Description:

Ensure that no reserved words are used.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@babel/preset-env:7.23.2/@babel/plugin-transform-reserved-words:^7.22.5

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/preset-env:7.23.2

Identifiers

@babel/plugin-transform-shorthand-properties:7.22.5

Description:

Compile ES2015 shorthand properties to ES5

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@babel/preset-env:7.23.2/@babel/plugin-transform-shorthand-properties:^7.22.5

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/preset-env:7.23.2

Identifiers

@babel/plugin-transform-spread:7.22.5

Description:

Compile ES2015 spread to ES5

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@babel/preset-env:7.23.2/@babel/plugin-transform-spread:^7.22.5

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/preset-env:7.23.2

Identifiers

@babel/plugin-transform-sticky-regex:7.22.5

Description:

Compile ES2015 sticky regex to an ES5 RegExp constructor

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@babel/preset-env:7.23.2/@babel/plugin-transform-sticky-regex:^7.22.5

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/preset-env:7.23.2

Identifiers

@babel/plugin-transform-template-literals:7.22.5

Description:

Compile ES2015 template literals to ES5

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@babel/preset-env:7.23.2/@babel/plugin-transform-template-literals:^7.22.5

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/preset-env:7.23.2

Identifiers

@babel/plugin-transform-typeof-symbol:7.22.5

Description:

This transformer wraps all typeof expressions with a method that replicates native behaviour. (ie. returning “symbol” for symbols)

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@babel/preset-env:7.23.2/@babel/plugin-transform-typeof-symbol:^7.22.5

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/preset-env:7.23.2

Identifiers

@babel/plugin-transform-unicode-escapes:7.22.10

Description:

Compile ES2015 Unicode escapes to ES5

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@babel/preset-env:7.23.2/@babel/plugin-transform-unicode-escapes:^7.22.10

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/preset-env:7.23.2

Identifiers

@babel/plugin-transform-unicode-property-regex:7.22.5

Description:

Compile Unicode property escapes in Unicode regular expressions to ES5.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@babel/preset-env:7.23.2/@babel/plugin-transform-unicode-property-regex:^7.22.5

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/preset-env:7.23.2

Identifiers

@babel/plugin-transform-unicode-regex:7.22.5

Description:

Compile ES2015 Unicode regex to ES5

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@babel/preset-env:7.23.2/@babel/plugin-transform-unicode-regex:^7.22.5

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/preset-env:7.23.2

Identifiers

@babel/plugin-transform-unicode-sets-regex:7.22.5

Description:

Compile regular expressions' unicodeSets (v) flag.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@babel/preset-env:7.23.2/@babel/plugin-transform-unicode-sets-regex:^7.22.5

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/preset-env:7.23.2

Identifiers

@babel/preset-env:7.23.2

Description:

A Babel preset for each environment.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/@babel/preset-env:7.23.2

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

@babel/preset-modules:0.1.6-no-external-plugins

Description:

A Babel preset that targets modern browsers by fixing engine bugs.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/@babel/preset-modules:0.1.6-no-external-plugins

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/preset-env:7.23.2

Identifiers

@babel/register:7.22.15

Description:

babel require hook

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/@babel/register:7.22.15

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/node:7.22.19

Identifiers

@babel/regjsgen:0.8.0

Description:

Generate regular expressions from regjsparser’s AST.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?regexpu-core:5.3.2/@babel/regjsgen:^0.8.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/regexpu-core:5.3.2

Identifiers

@babel/runtime:7.22.15

Description:

babel's modular runtime helpers

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?regenerator-transform:0.15.2/@babel/runtime:^7.8.4

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65/regenerator-transform:0.15.2
  • simplicite-js:5.1.65

Identifiers

@babel/template:7.22.15

Description:

Generate an AST from a string template.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/@babel/template:7.22.15

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/helper-wrap-function:7.22.20
  • simplicite-js:5.1.65/@babel/core:7.23.2
  • simplicite-js:5.1.65/@babel/plugin-transform-computed-properties:7.22.5
  • simplicite-js:5.1.65/@babel/helper-function-name:7.23.0
  • simplicite-js:5.1.65/@babel/helpers:7.23.2

Identifiers

@babel/traverse:7.23.2

Description:

The Babel Traverse module maintains the overall tree state, and is responsible for replacing, removing, and adding nodes

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?depcheck:1.4.3/@babel/traverse:^7.12.5

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/core:7.23.2
  • simplicite-js:5.1.65/@babel/helpers:7.23.2
  • simplicite-js:5.1.65/depcheck:1.4.3

Identifiers

@babel/types:7.23.0

Description:

Babel Types is a Lodash-esque utility library for AST nodes

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/@babel/types:7.23.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/helper-split-export-declaration:7.22.6
  • simplicite-js:5.1.65/@babel/helper-simple-access:7.22.5
  • simplicite-js:5.1.65/@babel/helper-skip-transparent-expression-wrappers:7.22.5
  • simplicite-js:5.1.65/@babel/core:7.23.2
  • simplicite-js:5.1.65/@babel/helper-function-name:7.23.0
  • simplicite-js:5.1.65/@babel/helpers:7.23.2
  • simplicite-js:5.1.65/@babel/preset-env:7.23.2
  • simplicite-js:5.1.65/@babel/helper-annotate-as-pure:7.22.5
  • simplicite-js:5.1.65/@babel/traverse:7.23.2
  • simplicite-js:5.1.65/@babel/helper-builder-binary-assignment-operator-visitor:7.22.5
  • simplicite-js:5.1.65/@babel/helper-wrap-function:7.22.20
  • simplicite-js:5.1.65/@babel/template:7.22.15
  • simplicite-js:5.1.65/@babel/helper-module-imports:7.22.15
  • simplicite-js:5.1.65/@babel/preset-modules:0.1.6-no-external-plugins
  • simplicite-js:5.1.65/@babel/helper-optimise-call-expression:7.22.5
  • simplicite-js:5.1.65/@babel/helper-hoist-variables:7.22.5
  • simplicite-js:5.1.65/@babel/helper-member-expression-to-functions:7.22.15
  • simplicite-js:5.1.65/@babel/generator:7.23.0

Identifiers

@colors/colors:1.5.0

Description:

get colors in your node.js console

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/@colors/colors:1.5.0

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

@csstools/selector-specificity:2.2.0

Description:

Determine selector specificity with postcss-selector-parser

License:

CC0-1.0
File Path: /var/simplicite/simplicite-5.1/package-lock.json?stylelint:14.16.1/@csstools/selector-specificity:^2.0.2

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/stylelint:14.16.1

Identifiers

@devexpress/error-stack-parser:2.0.6

Description:

Extract meaning from JS Errors

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?callsite-record:4.1.5/@devexpress/error-stack-parser:^2.0.6

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65/callsite-record:4.1.5
  • simplicite-js:5.1.65

Identifiers

@es-joy/jsdoccomment:0.40.1

Description:

Maintained replacement for ESLint's deprecated SourceCode#getJSDocComment along with other jsdoc utilities

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?eslint-plugin-jsdoc:46.8.2/@es-joy/jsdoccomment:~0.40.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/eslint-plugin-jsdoc:46.8.2

Identifiers

@eslint-community/eslint-utils:4.4.0

Description:

Utilities for ESLint plugins.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?eslint:8.52.0/@eslint-community/eslint-utils:^4.2.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/eslint:8.52.0

Identifiers

@eslint-community/regexpp:4.6.2

Description:

Regular expression parser for ECMAScript.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?eslint:8.52.0/@eslint-community/regexpp:^4.6.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/eslint:8.52.0

Identifiers

@eslint/eslintrc:2.1.2

Description:

The legacy ESLintRC config file format for ESLint

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?eslint:8.52.0/@eslint/eslintrc:^2.1.2

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/eslint:8.52.0

Identifiers

@eslint/js:8.52.0

Description:

ESLint JavaScript language implementation

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?eslint:8.52.0/@eslint/js:8.52.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/eslint:8.52.0

Identifiers

@fullcalendar/bootstrap:5.5.0

Description:

Bootstrap 4 theming for your calendar

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/@fullcalendar/bootstrap:5.5.0

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

@fullcalendar/common:5.5.1

Description:

internal package

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@fullcalendar/timegrid:5.5.0/@fullcalendar/common:~5.5.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65/@fullcalendar/core:5.5.0
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@fullcalendar/moment-timezone:5.5.0
  • simplicite-js:5.1.65/@fullcalendar/luxon:5.5.0
  • simplicite-js:5.1.65/@fullcalendar/list:5.5.0
  • simplicite-js:5.1.65/@fullcalendar/moment:5.5.0
  • simplicite-js:5.1.65/@fullcalendar/google-calendar:5.5.0
  • simplicite-js:5.1.65/@fullcalendar/timegrid:5.5.0
  • simplicite-js:5.1.65/@fullcalendar/daygrid:5.5.0
  • simplicite-js:5.1.65/@fullcalendar/bootstrap:5.5.0
  • simplicite-js:5.1.65/@fullcalendar/rrule:5.5.0
  • simplicite-js:5.1.65/@fullcalendar/interaction:5.5.0

Identifiers

@fullcalendar/core:5.5.0

Description:

Provides core functionality, including the Calendar class

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/@fullcalendar/core:5.5.0

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

@fullcalendar/daygrid:5.5.0

Description:

Display events on Month view or DayGrid view

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@fullcalendar/timegrid:5.5.0/@fullcalendar/daygrid:~5.5.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@fullcalendar/timegrid:5.5.0

Identifiers

@fullcalendar/google-calendar:5.5.0

Description:

Fetch events from a public Google Calendar feed

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/@fullcalendar/google-calendar:5.5.0

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

@fullcalendar/interaction:5.5.0

Description:

Provides functionality for event drag-n-drop, resizing, dateClick, and selectable actions

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/@fullcalendar/interaction:5.5.0

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

@fullcalendar/list:5.5.0

Description:

View your events as a bulleted list

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/@fullcalendar/list:5.5.0

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

@fullcalendar/luxon:5.5.0

Description:

A connector to the Luxon date library

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/@fullcalendar/luxon:5.5.0

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

@fullcalendar/moment-timezone:5.5.0

Description:

A connector to the moment-timezone library

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/@fullcalendar/moment-timezone:5.5.0

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

@fullcalendar/moment:5.5.0

Description:

A connector to the MomentJS date library

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/@fullcalendar/moment:5.5.0

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

@fullcalendar/rrule:5.5.0

Description:

A connector to the RRule library, for recurring events

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/@fullcalendar/rrule:5.5.0

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

@fullcalendar/timegrid:5.5.0

Description:

Display your events on a grid of time slots

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/@fullcalendar/timegrid:5.5.0

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

@humanwhocodes/config-array:0.11.13

Description:

Glob-based configuration matching.

License:

Apache-2.0
File Path: /var/simplicite/simplicite-5.1/package-lock.json?eslint:8.52.0/@humanwhocodes/config-array:^0.11.13

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/eslint:8.52.0

Identifiers

@humanwhocodes/module-importer:1.0.1

Description:

Universal module importer for Node.js

License:

Apache-2.0
File Path: /var/simplicite/simplicite-5.1/package-lock.json?eslint:8.52.0/@humanwhocodes/module-importer:^1.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/eslint:8.52.0

Identifiers

@humanwhocodes/object-schema:2.0.1

Description:

An object schema merger/validator

License:

BSD-3-Clause
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/@humanwhocodes/object-schema:2.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@humanwhocodes/config-array:0.11.13

Identifiers

@isaacs/cliui:8.0.2

Description:

easily create complex multi-column command-line-interfaces

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?jackspeak:2.3.6/@isaacs/cliui:^8.0.2

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/jackspeak:2.3.6

Identifiers

@jridgewell/gen-mapping:0.3.3

Description:

Generate source maps

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/@jridgewell/gen-mapping:0.3.3

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@ampproject/remapping:2.2.1
  • simplicite-js:5.1.65/@babel/generator:7.23.0

Identifiers

@jridgewell/resolve-uri:3.1.0

Description:

Resolve a URI relative to an optional base URI

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@jridgewell/trace-mapping:0.3.18/@jridgewell/resolve-uri:3.1.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65/@jridgewell/trace-mapping:0.3.18
  • simplicite-js:5.1.65

Identifiers

@jridgewell/set-array:1.1.2

Description:

Like a Set, but provides the index of the `key` in the backing array

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/@jridgewell/set-array:1.1.2

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@jridgewell/gen-mapping:0.3.3

Identifiers

@jridgewell/sourcemap-codec:1.4.14

Description:

Encode/decode sourcemap mappings

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/@jridgewell/sourcemap-codec:1.4.14

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

@jridgewell/sourcemap-codec:1.4.15

Description:

Encode/decode sourcemap mappings

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?magic-string:0.30.0/@jridgewell/sourcemap-codec:^1.4.13

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@jridgewell/trace-mapping:0.3.18
  • simplicite-js:5.1.65/@jridgewell/gen-mapping:0.3.3
  • simplicite-js:5.1.65/magic-string:0.30.0

Identifiers

@jridgewell/trace-mapping:0.3.18

Description:

Trace the original position through a source map

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/@jridgewell/trace-mapping:0.3.18

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@jridgewell/gen-mapping:0.3.3
  • simplicite-js:5.1.65/@ampproject/remapping:2.2.1
  • simplicite-js:5.1.65/@babel/cli:7.23.0
  • simplicite-js:5.1.65/@babel/generator:7.23.0

Identifiers

@jsdoc/salty:0.2.5

Description:

A drop-in replacement for (some of) TaffyDB.

License:

Apache-2.0
File Path: /var/simplicite/simplicite-5.1/package-lock.json?jsdoc:4.0.2/@jsdoc/salty:^0.2.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/docdash:2.0.2
  • simplicite-js:5.1.65/jsdoc:4.0.2

Identifiers

@kessler/tableify:1.0.2

Description:

Create HTML tables from Javascript Objects

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?license-report:6.5.0/@kessler/tableify:^1.0.2

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/license-report:6.5.0

Identifiers

@nicolo-ribaudo/chokidar-2:2.1.8-no-fsevents.3

Description:

A wrapper around chokidar@2 to be able to specify both @2 and @3 as dependencies

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/@nicolo-ribaudo/chokidar-2:2.1.8-no-fsevents.3

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

@nodelib/fs.scandir:2.1.5

Description:

List files and directories inside the specified directory

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@nodelib/fs.walk:1.2.8/@nodelib/fs.scandir:2.1.5

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65/@nodelib/fs.walk:1.2.8
  • simplicite-js:5.1.65

Identifiers

@nodelib/fs.stat:2.0.5

Description:

Get the status of a file with some features

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?fast-glob:3.3.0/@nodelib/fs.stat:^2.0.2

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@nodelib/fs.scandir:2.1.5
  • simplicite-js:5.1.65/fast-glob:3.3.0

Identifiers

@nodelib/fs.walk:1.2.8

Description:

A library for efficiently walking a directory recursively

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?fast-glob:3.3.0/@nodelib/fs.walk:^1.2.3

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/eslint:8.52.0
  • simplicite-js:5.1.65/fast-glob:3.3.0

Identifiers

@npmcli/fs:3.1.0

Description:

filesystem utilities for the npm cli

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?cacache:17.1.3/@npmcli/fs:^3.1.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/cacache:17.1.3

Identifiers

@npmcli/git:4.1.0

Description:

a util for spawning git from npm CLI contexts

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?pacote:15.2.0/@npmcli/git:^4.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/pacote:15.2.0

Identifiers

@npmcli/installed-package-contents:2.0.2

Description:

Get the list of files installed in a package in node_modules, including bundled dependencies

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?pacote:15.2.0/@npmcli/installed-package-contents:^2.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/pacote:15.2.0

Identifiers

@npmcli/node-gyp:3.0.0

Description:

Tools for dealing with node-gyp packages

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@npmcli/run-script:6.0.2/@npmcli/node-gyp:^3.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@npmcli/run-script:6.0.2

Identifiers

@npmcli/promise-spawn:6.0.2

Description:

spawn processes the way the npm cli likes to do

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?pacote:15.2.0/@npmcli/promise-spawn:^6.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/pacote:15.2.0
  • simplicite-js:5.1.65/@npmcli/run-script:6.0.2
  • simplicite-js:5.1.65/@npmcli/git:4.1.0

Identifiers

@npmcli/run-script:6.0.2

Description:

Run a lifecycle script for a package (descendant of npm-lifecycle)

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?pacote:15.2.0/@npmcli/run-script:^6.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/pacote:15.2.0

Identifiers

@pkgjs/parseargs:0.11.0

Description:

Polyfill of future proposal for `util.parseArgs()`

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/@pkgjs/parseargs:0.11.0

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

@pnpm/config.env-replace:1.1.0

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@pnpm/npm-conf:2.2.2/@pnpm/config.env-replace:^1.1.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65/@pnpm/npm-conf:2.2.2
  • simplicite-js:5.1.65

Identifiers

@pnpm/network.ca-file:1.0.2

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@pnpm/npm-conf:2.2.2/@pnpm/network.ca-file:^1.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65/@pnpm/npm-conf:2.2.2
  • simplicite-js:5.1.65

Identifiers

@pnpm/npm-conf:2.2.2

Description:

Get the npm config

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?registry-auth-token:5.0.2/@pnpm/npm-conf:^2.1.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65/registry-auth-token:5.0.2
  • simplicite-js:5.1.65

Identifiers

@sigstore/bundle:1.0.0

Description:

Sigstore bundle type

License:

Apache-2.0
File Path: /var/simplicite/simplicite-5.1/package-lock.json?sigstore:1.8.0/@sigstore/bundle:^1.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65/sigstore:1.8.0
  • simplicite-js:5.1.65

Identifiers

@sigstore/protobuf-specs:0.2.0

Description:

code-signing for npm packages

License:

Apache-2.0
File Path: /var/simplicite/simplicite-5.1/package-lock.json?sigstore:1.8.0/@sigstore/protobuf-specs:^0.2.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65/sigstore:1.8.0
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@sigstore/bundle:1.0.0
  • simplicite-js:5.1.65/@sigstore/tuf:1.0.3

Identifiers

@sigstore/tuf:1.0.3

Description:

Client for the Sigstore TUF repository

License:

Apache-2.0
File Path: /var/simplicite/simplicite-5.1/package-lock.json?sigstore:1.8.0/@sigstore/tuf:^1.0.3

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65/sigstore:1.8.0
  • simplicite-js:5.1.65

Identifiers

@sindresorhus/is:5.4.1

Description:

Type check values

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?got:13.0.0/@sindresorhus/is:^5.2.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/got:9.6.0
  • simplicite-js:5.1.65/got:13.0.0
  • simplicite-js:5.1.65/got:12.6.1

Identifiers

@szmarczak/http-timer:5.0.1

Description:

Timings for HTTP requests

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?got:13.0.0/@szmarczak/http-timer:^5.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/got:9.6.0
  • simplicite-js:5.1.65/got:13.0.0
  • simplicite-js:5.1.65/got:12.6.1

Identifiers

@tootallnate/once:2.0.0

Description:

Creates a Promise that waits for a single event

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/@tootallnate/once:2.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/http-proxy-agent:5.0.0

Identifiers

@tufjs/canonical-json:1.0.0

Description:

OLPC JSON canonicalization

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@tufjs/models:1.0.4/@tufjs/canonical-json:1.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@tufjs/models:1.0.4

Identifiers

@tufjs/models:1.0.4

Description:

TUF metadata models

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?tuf-js:1.1.7/@tufjs/models:1.0.4

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/tuf-js:1.1.7

Identifiers

@types/http-cache-semantics:4.0.1

Description:

TypeScript definitions for http-cache-semantics

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?cacheable-request:10.2.12/@types/http-cache-semantics:^4.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65/cacheable-request:10.2.12
  • simplicite-js:5.1.65

Identifiers

@types/linkify-it:3.0.2

Description:

TypeScript definitions for linkify-it

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@types/markdown-it:12.2.3/@types/linkify-it:*

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@types/markdown-it:12.2.3

Identifiers

@types/lodash:4.14.195

Description:

TypeScript definitions for Lo-Dash

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?callsite-record:4.1.5/@types/lodash:^4.14.72

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65/callsite-record:4.1.5
  • simplicite-js:5.1.65

Identifiers

@types/markdown-it:12.2.3

Description:

TypeScript definitions for markdown-it

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?jsdoc:4.0.2/@types/markdown-it:^12.2.3

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/jsdoc:4.0.2

Identifiers

@types/mdurl:1.0.2

Description:

TypeScript definitions for mdurl

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/@types/mdurl:1.0.2

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@types/markdown-it:12.2.3

Identifiers

@types/minimatch:3.0.5

Description:

TypeScript definitions for Minimatch

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?multimatch:5.0.0/@types/minimatch:^3.0.3

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/multimatch:5.0.0

Identifiers

@types/minimist:1.2.2

Description:

TypeScript definitions for minimist

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?meow:9.0.0/@types/minimist:^1.2.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65/meow:9.0.0
  • simplicite-js:5.1.65

Identifiers

@types/normalize-package-data:2.4.1

Description:

TypeScript definitions for normalize-package-data

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?read-pkg:5.2.0/@types/normalize-package-data:^2.4.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/read-pkg:5.2.0

Identifiers

@types/parse-json:4.0.0

Description:

TypeScript definitions for parse-json

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?cosmiconfig:7.1.0/@types/parse-json:^4.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/cosmiconfig:7.1.0

Identifiers

@ungap/structured-clone:1.2.0

Description:

A structuredClone polyfill

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?eslint:8.52.0/@ungap/structured-clone:^1.2.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/eslint:8.52.0

Identifiers

@vue/compiler-core:3.3.4

Description:

@vue/compiler-core

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@vue/reactivity-transform:3.3.4/@vue/compiler-core:3.3.4

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@vue/reactivity-transform:3.3.4
  • simplicite-js:5.1.65/@vue/compiler-sfc:3.3.4
  • simplicite-js:5.1.65/@vue/compiler-dom:3.3.4

Identifiers

@vue/compiler-dom:3.3.4

Description:

@vue/compiler-dom

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?@vue/compiler-ssr:3.3.4/@vue/compiler-dom:3.3.4

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@vue/compiler-ssr:3.3.4
  • simplicite-js:5.1.65/@vue/compiler-sfc:3.3.4

Identifiers

@vue/compiler-sfc:3.3.4

Description:

@vue/compiler-sfc

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?depcheck:1.4.3/@vue/compiler-sfc:^3.0.5

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/depcheck:1.4.3

Identifiers

@vue/compiler-ssr:3.3.4

Description:

@vue/compiler-ssr

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/@vue/compiler-ssr:3.3.4

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@vue/compiler-sfc:3.3.4

Identifiers

@vue/reactivity-transform:3.3.4

Description:

@vue/reactivity-transform

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/@vue/reactivity-transform:3.3.4

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@vue/compiler-sfc:3.3.4

Identifiers

@vue/shared:3.3.4

Description:

internal utils shared across @vue packages

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/@vue/shared:3.3.4

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@vue/reactivity-transform:3.3.4
  • simplicite-js:5.1.65/@vue/compiler-ssr:3.3.4
  • simplicite-js:5.1.65/@vue/compiler-sfc:3.3.4
  • simplicite-js:5.1.65/@vue/compiler-dom:3.3.4
  • simplicite-js:5.1.65/@vue/compiler-core:3.3.4

Identifiers

FastInfoset-1.2.16.jar

Description:

Open Source implementation of the Fast Infoset Standard for Binary XML (http://www.itu.int/ITU-T/asn1/).

License:

http://www.opensource.org/licenses/apache2.0.php, http://www.eclipse.org/org/documents/edl-v10.php
File Path: /var/simplicite/.m2/repository/com/sun/xml/fastinfoset/FastInfoset/1.2.16/FastInfoset-1.2.16.jar
MD5: f7f4be4695e2501a6d585beca305c74c
SHA1: 4eb6a0adad553bf759ffe86927df6f3b848c8bea
SHA256:056f3a1e144409f21ed16afc26805f58e9a21f3fce1543c42d400719d250c511
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

HikariCP-3.4.5.jar

Description:

Ultimate JDBC Connection Pool

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/zaxxer/HikariCP/3.4.5/HikariCP-3.4.5.jar
MD5: bb1517da5023eadbd4a78ca836723525
SHA1: aa1a2c00aae8e4ba8308e19940711bb9525b103d
SHA256:8b732f9470570d4a841dc1ef6c826b586978b25ba830712ff1fa59de275dfa61
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

JavaEWAH-1.1.13.jar

Description:

The bit array data structure is implemented in Java as the BitSet class. Unfortunately, this fails to scale without compression.
  JavaEWAH is a word-aligned compressed variant of the Java bitset class. It uses a 64-bit run-length encoding (RLE) compression scheme.
  The goal of word-aligned compression is not to achieve the best compression, but rather to improve query processing time. Hence, we try to save CPU cycles, maybe at the expense of storage. However, the EWAH scheme we implemented is always more efficient storage-wise than an uncompressed bitmap (implemented in Java as the BitSet class). Unlike some alternatives, javaewah does not rely on a patented scheme.

License:

Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/googlecode/javaewah/JavaEWAH/1.1.13/JavaEWAH-1.1.13.jar
MD5: a1eb305e5cc5bba238d4360e3139abb4
SHA1: 32cd724a42dc73f99ca08453d11a4bb83e0034c7
SHA256:4c0fda2b1d317750d7ea324e36c70b2bc48310c0aaae67b98df0915d696d7111
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

SparseBitSet-1.2.jar

Description:

An efficient sparse bitset implementation for Java

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/zaxxer/SparseBitSet/1.2/SparseBitSet-1.2.jar
MD5: 1c6032441aec11b523e1a7bfa96d60cf
SHA1: 8467c813d442837fcaeddbc42cf5c5359fab4933
SHA256:91e6b318c901a0f2dd1f6ce781d62474435ae627d22fbac9b21bbc39ffd804b6
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

abbrev:1.1.1

Description:

Like ruby's abbrev module, but in js

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?nopt:6.0.0/abbrev:^1.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/nopt:5.0.0
  • simplicite-js:5.1.65/nopt:6.0.0

Identifiers

ace-builds:1.4.12

Description:

Ace (Ajax.org Cloud9 Editor)

License:

BSD-3-Clause
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/ace-builds:1.4.12

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

ace-diff:3.0.3

Description:

A diff/merging wrapper for Ace Editor built on google-diff-match-patch

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/ace-diff:3.0.3

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

acorn-jsx:5.3.2

Description:

Modern, fast React.js JSX parser

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?espree:9.6.1/acorn-jsx:^5.3.2

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/espree:9.6.1

Identifiers

acorn:8.10.0

Description:

ECMAScript parser

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?espree:9.6.1/acorn:^8.9.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/espree:9.6.1

Identifiers

agent-base:6.0.2

Description:

Turn a function into an `http.Agent` instance

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?socks-proxy-agent:7.0.0/agent-base:^6.0.2

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/socks-proxy-agent:7.0.0
  • simplicite-js:5.1.65/https-proxy-agent:5.0.1
  • simplicite-js:5.1.65/http-proxy-agent:5.0.0

Identifiers

agentkeepalive:4.3.0

Description:

Missing keepalive http.Agent

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?make-fetch-happen:11.1.1/agentkeepalive:^4.2.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/make-fetch-happen:11.1.1

Identifiers

aggregate-error:3.1.0

Description:

Create an error from multiple errors

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?p-map:4.0.0/aggregate-error:^3.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/p-map:4.0.0

Identifiers

ajv:6.12.6

Description:

Another JSON Schema Validator

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?eslint:8.52.0/ajv:^6.12.4

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/eslint:8.52.0
  • simplicite-js:5.1.65/@eslint/eslintrc:2.1.2
  • simplicite-js:5.1.65/table:6.8.1

Identifiers

ajv:8.12.0

Description:

Another JSON Schema Validator

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/ajv:8.12.0

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

animal-sniffer-annotations-1.17.jar

File Path: /var/simplicite/.m2/repository/org/codehaus/mojo/animal-sniffer-annotations/1.17/animal-sniffer-annotations-1.17.jar
MD5: 7ca108b790cf6ab5dbf5422cc79f0d89
SHA1: f97ce6decaea32b36101e37979f8b647f00681fb
SHA256:92654f493ecfec52082e76354f0ebf87648dc3d5cec2e3c3cdb947c016747a53
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

annotations-4.1.1.4.jar

Description:

A library jar that provides annotations for the Google Android Platform.

License:

Apache 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: /var/simplicite/.m2/repository/com/google/android/annotations/4.1.1.4/annotations-4.1.1.4.jar
MD5: c2cdd26a6ae577f24775e8ce75da1fdc
SHA1: a1678ba907bf92691d879fef34e1a187038f9259
SHA256:ba734e1e84c09d615af6a09d33034b4f0442f8772dec120efb376d86a565ae15
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

ansi-align:3.0.1

Description:

align-text with ANSI support for CLIs

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?boxen:5.1.2/ansi-align:^3.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/boxen:7.1.0
  • simplicite-js:5.1.65/boxen:5.1.2
  • simplicite-js:5.1.65/boxen:4.2.0

Identifiers

ansi-escapes:4.3.2

Description:

ANSI escape codes for manipulating the terminal

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?terminal-link:2.1.1/ansi-escapes:^4.2.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/inquirer:7.3.3
  • simplicite-js:5.1.65/terminal-link:2.1.1

Identifiers

ansi-regex:5.0.1

Description:

Regular expression for matching ANSI escape codes

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?strip-ansi-cjs:6.0.1/ansi-regex:^5.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/strip-ansi:6.0.1
  • simplicite-js:5.1.65/strip-ansi-cjs:6.0.1
  • simplicite-js:5.1.65/strip-ansi:7.1.0

Identifiers

ansi-styles:3.2.1

Description:

ANSI escape codes for styling strings in the terminal

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?chalk:2.4.2/ansi-styles:^3.2.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65/wrap-ansi:8.1.0
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/chalk:4.1.2
  • simplicite-js:5.1.65/chalk:3.0.0
  • simplicite-js:5.1.65/wrap-ansi:7.0.0
  • simplicite-js:5.1.65/slice-ansi:4.0.0
  • simplicite-js:5.1.65/chalk:2.4.2
  • simplicite-js:5.1.65/wrap-ansi-cjs:7.0.0

Identifiers

ansi-styles:4.3.0

Description:

ANSI escape codes for styling strings in the terminal

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/ansi-styles:4.3.0

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

ant-1.10.9.jar

File Path: /var/simplicite/.m2/repository/org/apache/ant/ant/1.10.9/ant-1.10.9.jar
MD5: 92251abf72cdcededfad473cc40dcbe2
SHA1: a8a0c9bc4473acdac25832d0a9da2ca9fd9cd35f
SHA256:0715478af585ea80a18985613ebecdc7922122d45b2c3c970ff9b352cddb75fc
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

CVE-2021-36373  

When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Apache Ant prior to 1.9.16 and 1.10.11 were affected.
NVD-CWE-Other

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2021-36374  

When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Commonly used derived formats from ZIP archives are for instance JAR files and many office files. Apache Ant prior to 1.9.16 and 1.10.11 were affected.
NVD-CWE-Other

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

antlr-2.7.7.jar

Description:

    A framework for constructing recognizers, compilers,
    and translators from grammatical descriptions containing
    Java, C#, C++, or Python actions.

License:

BSD License: http://www.antlr.org/license.html
File Path: /var/simplicite/.m2/repository/antlr/antlr/2.7.7/antlr-2.7.7.jar
MD5: f8f1352c52a4c6a500b597596501fc64
SHA1: 83cd2cd674a217ade95a4bb83a8a14f351f48bd0
SHA256:88fbda4b912596b9f56e8e12e580cc954bacfb51776ecfddd3e18fc1cf56dc4c
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

antlr-runtime-3.5.2.jar

Description:

A framework for constructing recognizers, compilers, and translators from grammatical descriptions containing Java, C#, C++, or Python actions.

File Path: /var/simplicite/.m2/repository/org/antlr/antlr-runtime/3.5.2/antlr-runtime-3.5.2.jar
MD5: 1fbbae2cb72530207c20b797bdabd029
SHA1: cd9cd41361c155f3af0f653009dcecb08d8b4afd
SHA256:ce3fc8ecb10f39e9a3cddcbb2ce350d272d9cd3d0b1e18e6fe73c3b9389c8734
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

anymatch:3.1.3

Description:

Matches strings against configurable strings, globs, regular expressions, and/or functions

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?chokidar:3.5.3/anymatch:~3.1.2

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/chokidar:3.5.3

Identifiers

aopalliance-1.0.jar

Description:

AOP Alliance

License:

Public Domain
File Path: /var/simplicite/.m2/repository/aopalliance/aopalliance/1.0/aopalliance-1.0.jar
MD5: 04177054e180d09e3998808efa0401c7
SHA1: 0235ba8b489512805ac13a8f9ea77a1ca5ebe3e8
SHA256:0addec670fedcd3f113c5c8091d783280d23f75e3acb841b61a9cdb079376a08
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

apache-mime4j-core-0.8.3.jar

Description:

Java stream based MIME message parser

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/james/apache-mime4j-core/0.8.3/apache-mime4j-core-0.8.3.jar
MD5: dc03793d8d9e208f4a21a36b78f922f0
SHA1: 1179b56c9919c1a8e20d3a528ee4c6cee19bcbe0
SHA256:910002bd8d2fc413220386cd656a33b32f0007850dd53c2c0f30f90801eba6c6
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

apache-mime4j-dom-0.8.3.jar

Description:

Java MIME Document Object Model

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/james/apache-mime4j-dom/0.8.3/apache-mime4j-dom-0.8.3.jar
MD5: 13a1a7be7b85c9b03f6cba68e72d83c2
SHA1: e80733714eb6a70895bfc74a9528c658504c2c83
SHA256:b7f85517887b268d94fd16b13267d9e37a151440eff8acefab3a29ef30977435
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

api-common-1.8.1.jar

Description:

Common utilities for Google APIs in Java

License:

BSD: https://github.com/googleapis/api-common-java/blob/master/LICENSE
File Path: /var/simplicite/.m2/repository/com/google/api/api-common/1.8.1/api-common-1.8.1.jar
MD5: 839b9b829ff6a7172d640b33fbc2e1b3
SHA1: e89befb19b08ad84b262b2f226ab79aefcaa9d7f
SHA256:9840ed24fce0a96492e671853077be62edab802b6760e3b327362d6949943674
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

aproba:2.0.0

Description:

A ridiculously light-weight argument validator (now browser friendly)

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?gauge:4.0.4/aproba:^1.0.3 || ^2.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/gauge:4.0.4

Identifiers

are-docs-informative:0.0.2

Description:

Checks whether a documentation description introduces any new information.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?eslint-plugin-jsdoc:46.8.2/are-docs-informative:^0.0.2

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/eslint-plugin-jsdoc:46.8.2

Identifiers

are-we-there-yet:3.0.1

Description:

Keep track of the overall completion of many disparate processes

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?npmlog:6.0.2/are-we-there-yet:^3.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/npmlog:6.0.2

Identifiers

argparse:2.0.1

Description:

CLI arguments parser. Native port of python's argparse.

License:

Python-2.0
File Path: /var/simplicite/simplicite-5.1/package-lock.json?markdown-it:12.3.2/argparse:^2.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/markdown-it:12.3.2
  • simplicite-js:5.1.65/js-yaml:4.1.0
  • simplicite-js:5.1.65/js-yaml:3.14.1

Identifiers

array-buffer-byte-length:1.0.0

Description:

Get the byte length of an ArrayBuffer, even in engines without a `.byteLength` method.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?es-abstract:1.21.2/array-buffer-byte-length:^1.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/es-abstract:1.21.2

Identifiers

array-differ:3.0.0

Description:

Create an array with values that are present in the first input array but not additional ones

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?multimatch:5.0.0/array-differ:^3.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/multimatch:5.0.0

Identifiers

array-union:2.1.0

Description:

Create an array of unique values, in order, from the input arrays

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?multimatch:5.0.0/array-union:^2.1.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/globby:11.1.0
  • simplicite-js:5.1.65/multimatch:5.0.0

Identifiers

array.prototype.reduce:1.0.5

Description:

An ES5 spec-compliant `Array.prototype.reduce` shim/polyfill/replacement that works as far down as ES3.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?object.getownpropertydescriptors:2.1.6/array.prototype.reduce:^1.0.5

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/object.getownpropertydescriptors:2.1.6

Identifiers

arrify:1.0.1

Description:

Convert a value to an array

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?minimist-options:4.1.0/arrify:^1.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/multimatch:5.0.0
  • simplicite-js:5.1.65/minimist-options:4.1.0

Identifiers

arrify:2.0.1

Description:

Convert a value to an array

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/arrify:2.0.1

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

asm-7.2.jar

Description:

ASM, a very small and fast Java bytecode manipulation framework

License:

BSD-3-Clause: https://asm.ow2.io/license.html
File Path: /var/simplicite/.m2/repository/org/ow2/asm/asm/7.2/asm-7.2.jar
MD5: 26cf10dfd4729fd22fcae0694e041167
SHA1: fa637eb67eb7628c915d73762b681ae7ff0b9731
SHA256:7e6cc9e92eb94d04e39356c6d8144ca058cda961c344a7f62166a405f3206672
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

astral-regex:2.0.0

Description:

Regular expression for matching astral symbols

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?slice-ansi:4.0.0/astral-regex:^2.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/slice-ansi:4.0.0

Identifiers

auto-value-annotations-1.7.jar

Description:

    Immutable value-type code generation for Java 1.6+.

File Path: /var/simplicite/.m2/repository/com/google/auto/value/auto-value-annotations/1.7/auto-value-annotations-1.7.jar
MD5: c4b705920e4044484c73f632cb1de868
SHA1: 5be124948ebdc7807df68207f35a0f23ce427f29
SHA256:b134bab5082e9f49f2b45802573c78e0726e059b645323645da03e328e501f86
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

autolink-0.10.0.jar

Description:

        Java library to extract links (URLs, email addresses) from plain text;
        fast, small and smart about recognizing where links end

License:

MIT License: http://www.opensource.org/licenses/mit-license.php
File Path: /var/simplicite/.m2/repository/org/nibor/autolink/autolink/0.10.0/autolink-0.10.0.jar
MD5: be771f6d4d82b9098596afa30b4f48ea
SHA1: 6579ea7079be461e5ffa99f33222a632711cc671
SHA256:302b30160968415ee6cd1907987138c7575a6315f9b6ef13b9fe3abc87367857
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

available-typed-arrays:1.0.5

Description:

Returns an array of Typed Array names that are available in the current environment

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?which-typed-array:1.1.9/available-typed-arrays:^1.0.5

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/is-typed-array:1.1.10
  • simplicite-js:5.1.65/es-abstract:1.21.2
  • simplicite-js:5.1.65/which-typed-array:1.1.9

Identifiers

avalon-framework-impl-4.2.0.jar

File Path: /var/simplicite/.m2/repository/avalon-framework/avalon-framework-impl/4.2.0/avalon-framework-impl-4.2.0.jar
MD5: 5c1f8f5c8c6c043538fc4ea038c2aaf6
SHA1: 4da1db18947eb6950abb7ad79253011b9aec0e48
SHA256:ed42c573cab460ca634b5c64a3b40ed1d67d6ee47fe25f87947370bede6af814
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

aws-s3-2.3.0.jar

Description:

Simple Storage Service (S3) implementation targeted to Amazon Web Services

File Path: /var/simplicite/.m2/repository/org/apache/jclouds/provider/aws-s3/2.3.0/aws-s3-2.3.0.jar
MD5: 7ab27997d440839f5e797178f52cb4d0
SHA1: a89f3dda5c9005fa820cc5e4f89da42f7d8a817a
SHA256:7da9c5b6440c6b7eb87cc5c334726a60e57a8f75b5899a8aef1160e82b477a17
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

azureblob-2.3.0.jar

Description:

jclouds components to access Azure Blob Service

File Path: /var/simplicite/.m2/repository/org/apache/jclouds/provider/azureblob/2.3.0/azureblob-2.3.0.jar
MD5: 6f4477ff81097f3c2be3b9424f4ec6b4
SHA1: 9aaeb7547abe1dffc0b12139a42278ee7b5a22c3
SHA256:a0faa3ab3ac7ad3227346c96ff20cb73ff14e400c309c1f67f6561a46981e606
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

babel-plugin-polyfill-corejs2:0.4.6

Description:

A Babel plugin to inject imports to core-js@2 polyfills

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/babel-plugin-polyfill-corejs2:0.4.6

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/preset-env:7.23.2

Identifiers

babel-plugin-polyfill-corejs3:0.8.5

Description:

A Babel plugin to inject imports to core-js@3 polyfills

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/babel-plugin-polyfill-corejs3:0.8.5

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/preset-env:7.23.2

Identifiers

babel-plugin-polyfill-regenerator:0.5.3

Description:

A Babel plugin to inject imports to regenerator-runtime

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/babel-plugin-polyfill-regenerator:0.5.3

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/preset-env:7.23.2

Identifiers

balanced-match:1.0.2

Description:

Match balanced character pairs, like "{" and "}"

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?brace-expansion:2.0.1/balanced-match:^1.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65/brace-expansion:1.1.11
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/brace-expansion:2.0.1
  • simplicite-js:5.1.65/stylelint:14.16.1

Identifiers

balanced-match:2.0.0

Description:

Match balanced character pairs, like "{" and "}"

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/balanced-match:2.0.0

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

barcode4j-2.1.jar

Description:

Barcode4J is a flexible generator for barcodes written in Java.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/net/sf/barcode4j/barcode4j/2.1/barcode4j-2.1.jar
MD5: 4fc30cdb7b1abaf1ce08f26b0666e351
SHA1: 4b38b2219c0d522fcea8238493f2ea3e238ef529
SHA256:eb7252cc41a1539bcd018348e9f60e0942872bdaa49c58051e656a6be94969fb
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

base64-2.3.8.jar

Description:

A Java class providing very fast Base64 encoding and decoding 
               in the form of convenience methods and input/output streams.

License:

Public domain
File Path: /var/simplicite/.m2/repository/net/iharder/base64/2.3.8/base64-2.3.8.jar
MD5: 9a9828f0caa016a2f3e0c90fe3af771b
SHA1: 7d2e2cea90cc51169fd02a35888820ab07f6d02f
SHA256:bbf41fda22877a538f6bc2d5ad0aa372a7ddf4a756af3386aa09d3d4eea84f7f
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

base64-js:1.5.1

Description:

Base64 encoding/decoding in pure JS

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?buffer:6.0.3/base64-js:^1.3.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/buffer:6.0.3
  • simplicite-js:5.1.65/buffer:5.7.1

Identifiers

bcmail-jdk15on-1.70.jar

Description:

The Bouncy Castle Java S/MIME APIs for handling S/MIME protocols. This jar contains S/MIME APIs for JDK 1.5 and up. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs. The JavaMail API and the Java activation framework will also be needed.

License:

Bouncy Castle Licence: https://www.bouncycastle.org/licence.html
File Path: /var/simplicite/.m2/repository/org/bouncycastle/bcmail-jdk15on/1.70/bcmail-jdk15on-1.70.jar
MD5: 8bb191ccc5fb9aacd10e6d90eb827133
SHA1: 08f4aafad90f6cc7f16b9992279828ae848c9e0d
SHA256:ff6cde372bcabca182e40c1cc5d9b1f9eb73370cad286ce362d3747aff15f230
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

bcpg-jdk15on-1.70.jar

Description:

The Bouncy Castle Java API for handling the OpenPGP protocol. This jar contains the OpenPGP API for JDK 1.5 and up. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs.

License:

Bouncy Castle Licence: https://www.bouncycastle.org/licence.html
Apache Software License, Version 1.1: https://www.apache.org/licenses/LICENSE-1.1
File Path: /var/simplicite/.m2/repository/org/bouncycastle/bcpg-jdk15on/1.70/bcpg-jdk15on-1.70.jar
MD5: 01ddc3aa0289346f4db19d95039cefdb
SHA1: 062f72ec06f31a6c31a3f3355fce0384b21126d7
SHA256:4f08f4aa74048824151c98dd3e92e7165ac30659834404f08a8e843bdad32847
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

bcpkix-jdk15on-1.70.jar

Description:

The Bouncy Castle Java APIs for CMS, PKCS, EAC, TSP, CMP, CRMF, OCSP, and certificate generation. This jar contains APIs for JDK 1.5 and up. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs.

License:

Bouncy Castle Licence: https://www.bouncycastle.org/licence.html
File Path: /var/simplicite/.m2/repository/org/bouncycastle/bcpkix-jdk15on/1.70/bcpkix-jdk15on-1.70.jar
MD5: 2c383f50d41937eae4fd32c35d8668cd
SHA1: f81e5af49571a9d5a109a88f239a73ce87055417
SHA256:e5b9cb821df57f70b0593358e89c0e8d7266515da9d088af6c646f63d433c07c
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

bcprov-ext-jdk15on-1.70.jar

Description:

The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.5 and up. Note: this package includes the NTRU encryption algorithms.

License:

Bouncy Castle Licence: https://www.bouncycastle.org/licence.html
File Path: /var/simplicite/.m2/repository/org/bouncycastle/bcprov-ext-jdk15on/1.70/bcprov-ext-jdk15on-1.70.jar
MD5: b94196703cf09438fb33c5d083c42f55
SHA1: 373d425c5ecb4edc9e3e2f7f7ff39bc8eff4abbf
SHA256:5d819f3b88597ec680c94151a0ba0a3afff0c0c1c999b5b065a67c998a3e3e1b
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

CVE-2023-33201 (OSSINDEX)  

Bouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability. The vulnerability only affects applications that use an LDAP CertStore from Bouncy Castle to validate X.509 certificates. During the certificate validation process, Bouncy Castle inserts the certificate's Subject Name into an LDAP search filter without any escaping, which leads to an LDAP injection vulnerability.
CWE-295 Improper Certificate Validation

CVSSv2:
  • Base Score: MEDIUM (5.3)
  • Vector: /AV:N/AC:L/Au:/C:L/I:N/A:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.bouncycastle:bcprov-ext-jdk15on:1.70:*:*:*:*:*:*:*

bcprov-jdk15on-1.70.jar

Description:

The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.5 and up.

License:

Bouncy Castle Licence: https://www.bouncycastle.org/licence.html
File Path: /var/simplicite/.m2/repository/org/bouncycastle/bcprov-jdk15on/1.70/bcprov-jdk15on-1.70.jar
MD5: 1809d0449a6374279c01fdd3be26cd92
SHA1: 4636a0d01f74acaf28082fb62b317f1080118371
SHA256:8f3c20e3e2d565d26f33e8d4857a37d0d7f8ac39b62a7026496fcab1bdac30d4
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

  • pkg:maven/org.bouncycastle/bcprov-jdk15on@1.70  (Confidence:High)
  • cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.70:*:*:*:*:*:*:*  (Confidence:Low)  
  • cpe:2.3:a:bouncycastle:bouncy_castle_crypto_package:1.70:*:*:*:*:*:*:*  (Confidence:Low)  
  • cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle:1.70:*:*:*:*:*:*:*  (Confidence:Low)  
  • cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.70:*:*:*:*:*:*:*  (Confidence:Low)  
  • cpe:2.3:a:bouncycastle:the_bouncy_castle_crypto_package_for_java:1.70:*:*:*:*:*:*:*  (Confidence:Low)  

CVE-2023-33201 (OSSINDEX)  

Bouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability. The vulnerability only affects applications that use an LDAP CertStore from Bouncy Castle to validate X.509 certificates. During the certificate validation process, Bouncy Castle inserts the certificate's Subject Name into an LDAP search filter without any escaping, which leads to an LDAP injection vulnerability.
CWE-295 Improper Certificate Validation

CVSSv2:
  • Base Score: MEDIUM (5.3)
  • Vector: /AV:N/AC:L/Au:/C:L/I:N/A:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.bouncycastle:bcprov-jdk15on:1.70:*:*:*:*:*:*:*

bcutil-jdk15on-1.70.jar

Description:

The Bouncy Castle Java APIs for ASN.1 extension and utility APIs used to support bcpkix and bctls. This jar contains APIs for JDK 1.5 and up.

License:

Bouncy Castle Licence: https://www.bouncycastle.org/licence.html
File Path: /var/simplicite/.m2/repository/org/bouncycastle/bcutil-jdk15on/1.70/bcutil-jdk15on-1.70.jar
MD5: 805173dfb0891331dbe69d0e53371af4
SHA1: 54280e7195a7430d7911ded93fc01e07300b9526
SHA256:52dc5551b0257666526c5095424567fed7dc7b00d2b1ba7bd52298411112b1d0
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

binary-extensions:2.2.0

Description:

List of binary file extensions

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?is-binary-path:2.1.0/binary-extensions:^2.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/is-binary-path:2.1.0

Identifiers

bl:4.1.0

Description:

Buffer List: collect buffers and access with a standard readable Buffer interface, streamable too!

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?ora:5.4.1/bl:^4.1.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65/ora:5.4.1
  • simplicite-js:5.1.65

Identifiers

bluebird:3.7.2

Description:

Full featured Promises/A+ implementation with exceptionally good performance

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?jsdoc:4.0.2/bluebird:^3.7.2

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/jsdoc:4.0.2

Identifiers

boilerpipe-1.1.0.jar

Description:

The boilerpipe library provides algorithms to detect and remove the surplus "clutter" (boilerplate, templates) around the main textual content of a web page.

The library already provides specific strategies for common tasks (for example: news article extraction) and may also be easily extended for individual problem settings.

Extracting content is very fast (milliseconds), just needs the input document (no global or site-level information required) and is usually quite accurate.

Boilerpipe is a Java library written by Christian Kohlschütter. It is released under the Apache License 2.0.

The algorithms used by the library are based on (and extending) some concepts of the paper "Boilerplate Detection using Shallow Text Features" by Christian Kohlschütter et al., presented at WSDM 2010 -- The Third ACM International Conference on Web Search and Data Mining New York City, NY USA.

License:

Apache License 2.0
File Path: /var/simplicite/.m2/repository/de/l3s/boilerpipe/boilerpipe/1.1.0/boilerpipe-1.1.0.jar
MD5: 0616568083786d0f49e2cb07a5d09fe4
SHA1: f62cb75ed52455a9e68d1d05b84c500673340eb2
SHA256:088203df4326c4dcc42cec1253a2b41e03dc8904984eae744543b48e2cc63846
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

bootbox:5.5.2

Description:

Wrappers for JavaScript alert(), confirm(), prompt(), and other flexible dialogs using the Bootstrap framework

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/bootbox:5.5.2

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

NPM-1085581  

All version of `bootbox` are vulnerable to Cross-Site Scripting. The package does not sanitize user input in the provided dialog boxes, allowing attackers to inject HTML code and execute arbitrary JavaScript.


## Recommendation

Sanitize user input being passed to `bootbox` or consider using an alternative package.
Unscored:
  • Severity: moderate

References:
  • Advisory 1085581: Cross-Site Scripting in bootbox - - https://github.com/makeusabrew/bootbox/issues/661 - https://hackerone.com/reports/508446 - https://www.npmjs.com/advisories/882 - https://github.com/advisories/GHSA-87mg-h5r3-hw88

Vulnerable Software & Versions (NPM):

  • cpe:2.3:a:*:bootbox:\<\=5.5.2:*:*:*:*:*:*:*

bootstrap-datetimepicker:0.0.7

File Path: /var/simplicite/simplicite-5.1/package-lock.json?simplicite-bootstrap-datetimepicker:1.0.6/bootstrap-datetimepicker:0.0.7

Referenced In Projects/Scopes:

  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/simplicite-bootstrap-datetimepicker:1.0.6

Identifiers

bootstrap:4.5.3

Description:

The most popular front-end framework for developing responsive, mobile first projects on the web.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/bootstrap:4.5.3

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/bootbox:5.5.2

Identifiers

boxen:4.2.0

Description:

Create boxes in the terminal

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?update-notifier:4.1.3/boxen:^4.2.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/update-notifier:6.0.2
  • simplicite-js:5.1.65/update-notifier:5.1.0
  • simplicite-js:5.1.65/update-notifier:4.1.3

Identifiers

brace-expansion:1.1.11

Description:

Brace expansion as known from sh/bash

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?minimatch:3.1.2/brace-expansion:^1.1.7

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65/minimatch:3.1.2
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/minimatch:9.0.3
  • simplicite-js:5.1.65/minimatch:3.0.8

Identifiers

braces:3.0.2

Description:

Bash-like brace expansion, implemented in JavaScript. Safer than other brace expansion libs, with complete support for the Bash 4.3 braces specification, without sacrificing speed.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?micromatch:4.0.5/braces:^3.0.2

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/micromatch:4.0.5
  • simplicite-js:5.1.65/chokidar:3.5.3

Identifiers

browserslist:4.22.1

Description:

Share target browsers between different front-end tools, like Autoprefixer, Stylelint and babel-env-preset

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?core-js-compat:3.33.0/browserslist:^4.22.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65/core-js-compat:3.33.0
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/helper-compilation-targets:7.22.15

Identifiers

bson-3.12.7.jar

Description:

The BSON library

License:

The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/mongodb/bson/3.12.7/bson-3.12.7.jar
MD5: a80ed09010ac00a42c6380ed1a8b4f20
SHA1: 25cc11d227e5fcd8858b2d2f2027f298d79cdd2a
SHA256:e6f08b39d492cc15244434fe3a87f29e8b202fdeefed79bbdf0f4324cecebc98
Referenced In Project/Scope:Simplicite Platform:runtime

Identifiers

buffer-from:1.1.2

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?source-map-support:0.5.21/buffer-from:^1.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/source-map-support:0.5.21

Identifiers

buffer:5.7.1

Description:

Node.js Buffer API, for the browser

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/buffer:5.7.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/simplicite:2.2.37
  • simplicite-js:5.1.65/bl:4.1.0

Identifiers

buffer:6.0.3

Description:

Node.js Buffer API, for the browser

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/buffer:6.0.3

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

builtin-modules:3.3.0

Description:

List of the Node.js builtin modules

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?is-builtin-module:3.2.1/builtin-modules:^3.3.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65/is-builtin-module:3.2.1
  • simplicite-js:5.1.65

Identifiers

builtins:5.0.1

Description:

List of node.js builtin modules

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?validate-npm-package-name:5.0.0/builtins:^5.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/validate-npm-package-name:5.0.0

Identifiers

bzip2-0.9.1.jar

Description:

jbzip2 is a Java bzip2 compression/decompression library. It can be used as a replacement for the Apache CBZip2InputStream / CBZip2OutputStream classes.

License:

MIT License (MIT): http://opensource.org/licenses/mit-license.php
File Path: /var/simplicite/.m2/repository/org/itadaki/bzip2/0.9.1/bzip2-0.9.1.jar
MD5: ddd5eb3a035655cbbb536e9b86907a00
SHA1: 47ca95f71e3ccae756c4a24354d48069c58f475c
SHA256:865a7a13dd33ef0388f675993adaf4c6f95632ba80d609d42e9d42e6343aae77
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

c3p0-0.9.5.5.jar

Description:

a JDBC Connection pooling / Statement caching library

License:

GNU Lesser General Public License, Version 2.1: http://www.gnu.org/licenses/lgpl-2.1.html
Eclipse Public License, Version 1.0: http://www.eclipse.org/org/documents/epl-v10.php
File Path: /var/simplicite/.m2/repository/com/mchange/c3p0/0.9.5.5/c3p0-0.9.5.5.jar
MD5: 9fc982b4b179e44cec986ea86fe1bff7
SHA1: 37dfc3021e5589d65ff2ae0becf811510b87ab01
SHA256:96cec5ddfe2f08b8407125d8228eb0392121e1bf2239ca621bb19228b67f741a
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

cacache:17.1.3

Description:

Fast, fault-tolerant, cross-platform, disk-based, data-agnostic, content-addressable cache.

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?pacote:15.2.0/cacache:^17.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/pacote:15.2.0
  • simplicite-js:5.1.65/make-fetch-happen:11.1.1

Identifiers

cacheable-lookup:7.0.0

Description:

A cacheable dns.lookup(…) that respects TTL

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?got:13.0.0/cacheable-lookup:^7.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/got:13.0.0
  • simplicite-js:5.1.65/got:12.6.1

Identifiers

cacheable-request:10.2.12

Description:

Wrap native HTTP requests with RFC compliant cache support

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?got:13.0.0/cacheable-request:^10.2.8

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/got:9.6.0
  • simplicite-js:5.1.65/got:13.0.0
  • simplicite-js:5.1.65/got:12.6.1

Identifiers

call-bind:1.0.2

Description:

Robustly `.call.bind()` a function

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?which-typed-array:1.1.9/call-bind:^1.0.2

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65/is-weakref:1.0.2
  • simplicite-js:5.1.65/function.prototype.name:1.1.5
  • simplicite-js:5.1.65/array.prototype.reduce:1.0.5
  • simplicite-js:5.1.65/is-typed-array:1.1.10
  • simplicite-js:5.1.65/es-abstract:1.21.2
  • simplicite-js:5.1.65/side-channel:1.0.4
  • simplicite-js:5.1.65/string.prototype.trim:1.2.7
  • simplicite-js:5.1.65/object.assign:4.1.4
  • simplicite-js:5.1.65/is-regex:1.1.4
  • simplicite-js:5.1.65/safe-array-concat:1.0.0
  • simplicite-js:5.1.65/string.prototype.trimend:1.0.6
  • simplicite-js:5.1.65/is-array-buffer:3.0.2
  • simplicite-js:5.1.65/string.prototype.trimstart:1.0.6
  • simplicite-js:5.1.65/array-buffer-byte-length:1.0.0
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/is-shared-array-buffer:1.0.2
  • simplicite-js:5.1.65/unbox-primitive:1.0.2
  • simplicite-js:5.1.65/typed-array-length:1.0.4
  • simplicite-js:5.1.65/get-symbol-description:1.0.0
  • simplicite-js:5.1.65/which-typed-array:1.1.9
  • simplicite-js:5.1.65/regexp.prototype.flags:1.5.0
  • simplicite-js:5.1.65/is-boolean-object:1.1.2
  • simplicite-js:5.1.65/object.getownpropertydescriptors:2.1.6
  • simplicite-js:5.1.65/safe-regex-test:1.0.0

Identifiers

callsite-record:4.1.5

Description:

Create fancy log entries for errors and function call sites.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?npm-check:6.0.1/callsite-record:^4.1.3

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/npm-check:6.0.1

Identifiers

callsite:1.0.0

Description:

access to v8's CallSites

File Path: /var/simplicite/simplicite-5.1/package-lock.json?callsite-record:4.1.5/callsite:^1.0.0

Referenced In Projects/Scopes:

  • simplicite-js:5.1.65/callsite-record:4.1.5
  • simplicite-js:5.1.65

Identifiers

callsites:3.1.0

Description:

Get callsites from the V8 stack trace API

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?parent-module:1.0.1/callsites:^3.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65/parent-module:1.0.1
  • simplicite-js:5.1.65

Identifiers

camelcase-keys:6.2.2

Description:

Convert object keys to camel case

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?meow:9.0.0/camelcase-keys:^6.2.2

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65/meow:9.0.0
  • simplicite-js:5.1.65

Identifiers

camelcase:5.3.1

Description:

Convert a dash/dot/underscore/space separated string to camelCase or PascalCase: `foo-bar` → `fooBar`

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/camelcase:5.3.1

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

camelcase:6.3.0

Description:

Convert a dash/dot/underscore/space separated string to camelCase or PascalCase: `foo-bar` → `fooBar`

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?boxen:5.1.2/camelcase:^6.2.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/boxen:7.1.0
  • simplicite-js:5.1.65/boxen:5.1.2
  • simplicite-js:5.1.65/boxen:4.2.0
  • simplicite-js:5.1.65/camelcase-keys:6.2.2
  • simplicite-js:5.1.65/depcheck:1.4.3

Identifiers

camelcase:7.0.1

Description:

Convert a dash/dot/underscore/space separated string to camelCase or PascalCase: `foo-bar` → `fooBar`

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/camelcase:7.0.1

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

caniuse-lite:1.0.30001547

Description:

A smaller version of caniuse-db, with only the essentials!

License:

CC-BY-4.0
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/caniuse-lite:1.0.30001547

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/browserslist:4.22.1

Identifiers

catharsis:0.9.0

Description:

A JavaScript parser for Google Closure Compiler and JSDoc type expressions.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?jsdoc:4.0.2/catharsis:^0.9.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/jsdoc:4.0.2

Identifiers

cdm-4.5.5.jar

Description:

    The NetCDF-Java Library is a Java interface to NetCDF files,
    as well as to many other types of scientific data formats.

File Path: /var/simplicite/.m2/repository/edu/ucar/cdm/4.5.5/cdm-4.5.5.jar
MD5: 7770c86aabbd0ec5e12ed1f0600d5492
SHA1: af1748a3d024069cb7fd3fc2591efe806c914589
SHA256:74ea183cda0f7aa06fae2f3cfa8c3c6c64d013ce8cb87bde4a06de6676eacfdb
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

chalk:2.4.2

Description:

Terminal string styling done right

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?highlight-es:1.0.3/chalk:^2.4.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65/callsite-record:4.1.5
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/highlight:7.22.20
  • simplicite-js:5.1.65/@babel/code-frame:7.22.13
  • simplicite-js:5.1.65/update-notifier:5.1.0
  • simplicite-js:5.1.65/npm-check:6.0.1
  • simplicite-js:5.1.65/boxen:5.1.2
  • simplicite-js:5.1.65/ora:5.4.1
  • simplicite-js:5.1.65/eslint:8.52.0
  • simplicite-js:5.1.65/boxen:7.1.0
  • simplicite-js:5.1.65/update-notifier:6.0.2
  • simplicite-js:5.1.65/highlight-es:1.0.3
  • simplicite-js:5.1.65/log-symbols:4.1.0
  • simplicite-js:5.1.65/update-notifier:4.1.3
  • simplicite-js:5.1.65/inquirer:7.3.3
  • simplicite-js:5.1.65/npm-audit-html:1.5.0
  • simplicite-js:5.1.65/npm-check-updates:16.14.6
  • simplicite-js:5.1.65/boxen:4.2.0

Identifiers

chalk:3.0.0

Description:

Terminal string styling done right

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/chalk:3.0.0

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

chalk:4.1.2

Description:

Terminal string styling done right

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/chalk:4.1.2

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

chardet:0.7.0

Description:

Character detector

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?external-editor:3.1.0/chardet:^0.7.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/external-editor:3.1.0

Identifiers

chart.js:2.9.4

Description:

Simple HTML5 charts using the canvas element.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/chart.js:2.9.4

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

chartjs-color-string:0.6.0

Description:

Parser and generator for CSS color strings

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/chartjs-color-string:0.6.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/chartjs-color:2.4.1

Identifiers

chartjs-color:2.4.1

Description:

Color conversion and manipulation with CSS string support

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/chartjs-color:2.4.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/chart.js:2.9.4

Identifiers

checker-qual-3.8.0.jar

Description:

        Checker Qual is the set of annotations (qualifiers) and supporting classes
        used by the Checker Framework to type check Java source code.

        Please
        see artifact:
        org.checkerframework:checker

License:

The MIT License: http://opensource.org/licenses/MIT
File Path: /var/simplicite/.m2/repository/org/checkerframework/checker-qual/3.8.0/checker-qual-3.8.0.jar
MD5: b9822b33f72326c74abded69b7c717cc
SHA1: 6b83e4a33220272c3a08991498ba9dc09519f190
SHA256:c88c2e6a5fdaeb9f26fcf879264042de8a9ee9d376e2477838feaabcfa44dda6
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

chokidar:3.5.3

Description:

Minimal and efficient cross-platform file watching library

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?sass:1.63.6/chokidar:>=3.0.0 <4.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/sass:1.63.6

Identifiers

chownr:2.0.0

Description:

like `chown -R`

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?tar:6.1.15/chownr:^2.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65/tar:6.1.15
  • simplicite-js:5.1.65

Identifiers

ci-info:2.0.0

Description:

Get details about the current Continuous Integration environment

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?is-ci:2.0.0/ci-info:^2.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/is-ci:3.0.1
  • simplicite-js:5.1.65/is-ci:2.0.0

Identifiers

clean-stack:2.2.0

Description:

Clean up error stack traces

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/clean-stack:2.2.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/aggregate-error:3.1.0

Identifiers

cli-boxes:2.2.1

Description:

Boxes for use in the terminal

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?boxen:5.1.2/cli-boxes:^2.2.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/boxen:7.1.0
  • simplicite-js:5.1.65/boxen:5.1.2
  • simplicite-js:5.1.65/boxen:4.2.0

Identifiers

cli-boxes:3.0.0

Description:

Boxes for use in the terminal

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/cli-boxes:3.0.0

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

cli-cursor:3.1.0

Description:

Toggle the CLI cursor

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?ora:5.4.1/cli-cursor:^3.1.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65/ora:5.4.1
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/inquirer:7.3.3

Identifiers

cli-spinners:2.9.0

Description:

Spinners for use in the terminal

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?ora:5.4.1/cli-spinners:^2.5.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65/ora:5.4.1
  • simplicite-js:5.1.65

Identifiers

cli-table3:0.6.3

Description:

Pretty unicode tables for the command line. Based on the original cli-table.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?npm-check-updates:16.14.6/cli-table3:^0.6.3

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/npm-check-updates:16.14.6

Identifiers

cli-width:3.0.0

Description:

Get stdout window width, with two fallbacks, tty and then a default.

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?inquirer:7.3.3/cli-width:^3.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/inquirer:7.3.3

Identifiers

cli:1.0.1

Description:

A tool for rapidly building command line apps

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?jshint:2.12.0/cli:~1.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/jshint:2.12.0

Identifiers

cliui:7.0.4

Description:

easily create complex multi-column command-line-interfaces

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?yargs:16.2.0/cliui:^7.0.2

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/yargs:16.2.0

Identifiers

clone-deep:4.0.1

Description:

Recursively (deep) clone JavaScript native types, like Object, Array, RegExp, Date as well as primitives.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/clone-deep:4.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/register:7.22.15

Identifiers

clone-response:1.0.3

Description:

Clone a Node.js HTTP response stream

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?cacheable-request:6.1.0/clone-response:^1.0.2

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/cacheable-request:6.1.0

Identifiers

clone:1.0.4

Description:

deep cloning of objects and arrays

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?defaults:1.0.4/clone:^1.0.2

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/defaults:1.0.4

Identifiers

co:4.6.0

Description:

generator async control flow goodness

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?npm-check:6.0.1/co:^4.6.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/npm-check:6.0.1

Identifiers

codemodel-2.3.2.jar

Description:

The core functionality of the CodeModel java source code generation library

File Path: /var/simplicite/.m2/repository/org/glassfish/jaxb/codemodel/2.3.2/codemodel-2.3.2.jar
MD5: 8651b4954656d27a3408ffc38f041060
SHA1: 143b70e564189b3f71a2e7f02d6bb8c6b16b5632
SHA256:8a89a76dffb491a3b2bcfcb6e8d9fb2e30ec0c36629a033f90c93182799af773
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

color-convert:1.9.3

Description:

Plain color conversion functions

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/color-convert:1.9.3

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/chartjs-color:2.4.1
  • simplicite-js:5.1.65/ansi-styles:3.2.1
  • simplicite-js:5.1.65/ansi-styles:4.3.0

Identifiers

color-convert:2.0.1

Description:

Plain color conversion functions

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/color-convert:2.0.1

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

color-name:1.1.3

Description:

A list of color names and its values

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/color-name:1.1.3

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

color-name:1.1.4

Description:

A list of color names and its values

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?color-convert:2.0.1/color-name:~1.1.4

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/color-convert:1.9.3
  • simplicite-js:5.1.65/chartjs-color-string:0.6.0
  • simplicite-js:5.1.65/color-convert:2.0.1

Identifiers

color-support:1.1.3

Description:

A module which will endeavor to guess your terminal's level of color support.

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?gauge:4.0.4/color-support:^1.1.3

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/gauge:4.0.4

Identifiers

colord:2.9.3

Description:

👑 A tiny yet powerful tool for high-performance color manipulations and conversions

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?stylelint:14.16.1/colord:^2.9.3

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/stylelint:14.16.1

Identifiers

commander:10.0.1

Description:

the complete solution for node.js command-line programs

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/commander:10.0.1

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

commander:2.20.3

Description:

the complete solution for node.js command-line programs

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/commander:2.20.3

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

commander:3.0.2

Description:

the complete solution for node.js command-line programs

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/commander:3.0.2

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

commander:4.1.1

Description:

the complete solution for node.js command-line programs

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/commander:4.1.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/editorconfig:0.15.3
  • simplicite-js:5.1.65/npm-audit-html:1.5.0
  • simplicite-js:5.1.65/@babel/cli:7.23.0
  • simplicite-js:5.1.65/npm-check-updates:16.14.6
  • simplicite-js:5.1.65/@babel/node:7.22.19

Identifiers

comment-parser:1.4.0

Description:

Generic JSDoc-like comment parser

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?eslint-plugin-jsdoc:46.8.2/comment-parser:1.4.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/eslint-plugin-jsdoc:46.8.2
  • simplicite-js:5.1.65/@es-joy/jsdoccomment:0.40.1

Identifiers

commondir:1.0.1

Description:

compute the closest common parent for file paths

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?find-cache-dir:2.1.0/commondir:^1.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/find-cache-dir:2.1.0

Identifiers

commonmark-0.16.1.jar

Description:

Core of commonmark-java (implementation of CommonMark for parsing markdown and rendering to HTML)

File Path: /var/simplicite/.m2/repository/com/atlassian/commonmark/commonmark/0.16.1/commonmark-0.16.1.jar
MD5: eb2c093f59977ba769229be8c1ae57a6
SHA1: cf74938bb3dcccb7eb58d8c17b02e2ba0c42473a
SHA256:3413dc74f8e11d7ca14cce4cb0311236a22d7f0703641626263eec053e5f275d
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

commonmark-ext-autolink-0.16.1.jar

Description:

commonmark-java extension for turning plain URLs and email addresses into links

File Path: /var/simplicite/.m2/repository/com/atlassian/commonmark/commonmark-ext-autolink/0.16.1/commonmark-ext-autolink-0.16.1.jar
MD5: d93389d215e048677cef4deb70e9d8a0
SHA1: 5106c1994231c1106626e5ffd8eb7a0c81b21ee7
SHA256:ae8afab6b6436532f724e1c7e1fcd22f49c663ca7529831ac272a5f3ab6dac76
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

commonmark-ext-gfm-strikethrough-0.16.1.jar

Description:

commonmark-java extension for GFM strikethrough using ~~ (GitHub Flavored Markdown)

File Path: /var/simplicite/.m2/repository/com/atlassian/commonmark/commonmark-ext-gfm-strikethrough/0.16.1/commonmark-ext-gfm-strikethrough-0.16.1.jar
MD5: a743c0cd4775d9e0fe8e5b666415e653
SHA1: a9255fb5de15019c4d3ff59d00265042ee7a1643
SHA256:f2d07858eecd10dcb10d22a33e594a8f0ac7609f9ffaa8949ad9d69725b2ff5d
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

commonmark-ext-gfm-tables-0.16.1.jar

Description:

commonmark-java extension for GFM tables using "|" pipes (GitHub Flavored Markdown)

File Path: /var/simplicite/.m2/repository/com/atlassian/commonmark/commonmark-ext-gfm-tables/0.16.1/commonmark-ext-gfm-tables-0.16.1.jar
MD5: bd00e52325cbb6c570ec358c67a0794b
SHA1: 4dd8addb7e9864d84b11045d7454300f498e22bf
SHA256:716274d6190b68d14db986ebdc2dc263883e6999db5a943395aa535991d8b5a6
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

commonmark-ext-heading-anchor-0.16.1.jar

Description:

commonmark-java extension for adding unique id attributes to header tags

File Path: /var/simplicite/.m2/repository/com/atlassian/commonmark/commonmark-ext-heading-anchor/0.16.1/commonmark-ext-heading-anchor-0.16.1.jar
MD5: ba83d7c58a51f1073a387743ba95a662
SHA1: 19732639ce1707d7ff198740588c1e2791dc000e
SHA256:7e929ffa68b37c00f44dc698f394d27c4297a060aeb731b22aa827051c368779
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

commonmark-ext-ins-0.16.1.jar

Description:

commonmark-java extension for using ++

File Path: /var/simplicite/.m2/repository/com/atlassian/commonmark/commonmark-ext-ins/0.16.1/commonmark-ext-ins-0.16.1.jar
MD5: f002b1f9bfebf5929097d74c26a1497b
SHA1: b5adf3e9e5dc3d0cf4c1cacb2fcf4d6631edde3f
SHA256:77e6dd75e89aaf7b5b23624703d476c77975d9c1ab90cd3e8d3e776668c77e79
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

commons-beanutils-1.9.4.jar

Description:

Apache Commons BeanUtils provides an easy-to-use but flexible wrapper around reflection and introspection.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/commons-beanutils/commons-beanutils/1.9.4/commons-beanutils-1.9.4.jar
MD5: 07dc532ee316fe1f2f0323e9bd2f8df4
SHA1: d52b9abcd97f38c81342bb7e7ae1eee9b73cba51
SHA256:7d938c81789028045c08c065e94be75fc280527620d5bd62b519d5838532368a
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

commons-cli-1.4.jar

Description:

    Apache Commons CLI provides a simple API for presenting, processing and validating a command line interface.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/commons-cli/commons-cli/1.4/commons-cli-1.4.jar
MD5: c966d7e03507c834d5b09b848560174e
SHA1: c51c00206bb913cd8612b24abd9fa98ae89719b1
SHA256:fd3c7c9545a9cdb2051d1f9155c4f76b1e4ac5a57304404a6eedb578ffba7328
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

commons-codec-1.15.jar

Description:

     The Apache Commons Codec package contains simple encoder and decoders for
     various formats such as Base64 and Hexadecimal.  In addition to these
     widely used encoders and decoders, the codec package also maintains a
     collection of phonetic encoding utilities.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/commons-codec/commons-codec/1.15/commons-codec-1.15.jar
MD5: 303baf002ce6d382198090aedd9d79a2
SHA1: 49d94806b6e3dc933dacbd8acb0fdbab8ebd1e5d
SHA256:b3e9f6d63a790109bf0d056611fbed1cf69055826defeb9894a71369d246ed63
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

commons-collections-3.2.2.jar

Description:

Types that extend and augment the Java Collections Framework.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/commons-collections/commons-collections/3.2.2/commons-collections-3.2.2.jar
MD5: f54a8510f834a1a57166970bfc982e94
SHA1: 8ad72fe39fa8c91eaaf12aadb21e0c3661fe26d5
SHA256:eeeae917917144a68a741d4c0dff66aa5c5c5fd85593ff217bced3fc8ca783b8
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

commons-collections4-4.4.jar

Description:

The Apache Commons Collections package contains types that extend and augment the Java Collections Framework.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/commons/commons-collections4/4.4/commons-collections4-4.4.jar
MD5: 4a37023740719b391f10030362c86be6
SHA1: 62ebe7544cb7164d87e0637a2a6a2bdc981395e8
SHA256:1df8b9430b5c8ed143d7815e403e33ef5371b2400aadbe9bda0883762e0846d1
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

commons-compress-1.20.jar

Description:

Apache Commons Compress software defines an API for working with
compression and archive formats.  These include: bzip2, gzip, pack200,
lzma, xz, Snappy, traditional Unix Compress, DEFLATE, DEFLATE64, LZ4,
Brotli, Zstandard and ar, cpio, jar, tar, zip, dump, 7z, arj.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/commons/commons-compress/1.20/commons-compress-1.20.jar
MD5: 3f7237fb56029591b5bdd2698c196220
SHA1: b8df472b31e1f17c232d2ad78ceb1c84e00c641b
SHA256:0aeb625c948c697ea7b205156e112363b59ed5e2551212cd4e460bdb72c7c06e
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

CVE-2021-35515  

When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz package.
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2021-35516  

When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' sevenz package.
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2021-35517  

When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' tar package.
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2021-36090  

When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' zip package.
NVD-CWE-Other

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

commons-csv-1.8.jar

Description:

The Apache Commons CSV library provides a simple interface for reading and writing CSV files of various types.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/commons/commons-csv/1.8/commons-csv-1.8.jar
MD5: 9019d99d6072f48fd9b1f909f0c45d24
SHA1: 037ca9a9aa2d4be2599e55506a6d3170dd7a3df4
SHA256:a8bd56652ed4668d9d5a33994ae52f59b9e39c8eb0ebcb6684e68aeee7579a61
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

commons-digester-2.1.jar

Description:

    The Digester package lets you configure an XML to Java object mapping module
    which triggers certain actions called rules whenever a particular 
    pattern of nested XML elements is recognized.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/commons-digester/commons-digester/2.1/commons-digester-2.1.jar
MD5: 528445033f22da28f5047b6abcd1c7c9
SHA1: 73a8001e7a54a255eef0f03521ec1805dc738ca0
SHA256:e0b2b980a84fc6533c5ce291f1917b32c507f62bcad64198fff44368c2196a3d
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

commons-discovery-0.5.jar

Description:

The Apache Commons Discovery component is about discovering, or finding,
  implementations for pluggable interfaces.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/commons-discovery/commons-discovery/0.5/commons-discovery-0.5.jar
MD5: b35120680c3a22cec7a037fce196cd97
SHA1: 3a8ac816bbe02d2f88523ef22cbf2c4abd71d6a8
SHA256:e5b7d58ae62e5b309d5c0ffa5a5b1d9d1e0f0c4c3cc18d1fe3103fd29f90149d
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

CVE-2022-0869  

Multiple Open Redirect in GitHub repository nitely/spirit prior to 0.12.3.
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

CVSSv2:
  • Base Score: MEDIUM (5.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions:

commons-email-1.5.jar

Description:

        Apache Commons Email aims to provide an API for sending email. It is built on top of
        the JavaMail API, which it aims to simplify.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/commons/commons-email/1.5/commons-email-1.5.jar
MD5: e72657496d31f152aa26d4122e0850d9
SHA1: e8e677c6362eba14ff3c476ba63ccb83132dbd52
SHA256:ee8479906abb2c355a46a0a9845cfa1803bcc3c520a34baea4a6cf4e1f0f0cc1
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

commons-exec-1.3.jar

Description:

Apache Commons Exec is a library to reliably execute external processes from within the JVM.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/commons/commons-exec/1.3/commons-exec-1.3.jar
MD5: 8bb8fa2edfd60d5c7ed6bf9923d14aa8
SHA1: 8dfb9facd0830a27b1b5f29f84593f0aeee7773b
SHA256:cb49812dc1bfb0ea4f20f398bcae1a88c6406e213e67f7524fb10d4f8ad9347b
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

commons-fileupload-1.4.jar

Description:

    The Apache Commons FileUpload component provides a simple yet flexible means of adding support for multipart
    file upload functionality to servlets and web applications.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/commons-fileupload/commons-fileupload/1.4/commons-fileupload-1.4.jar
MD5: 0c3b924dcaaa90c3fb93fe04ae96a35e
SHA1: f95188e3d372e20e7328706c37ef366e5d7859b0
SHA256:a4ec02336f49253ea50405698b79232b8c5cbf02cb60df3a674d77a749a1def7
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

CVE-2023-24998  

Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads.




Note that, like all of the file upload limits, the
          new configuration option (FileUploadBase#setFileCountMax) is not
          enabled by default and must be explicitly configured.
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

commons-httpclient-3.1.jar

Description:

The HttpClient  component supports the client-side of RFC 1945 (HTTP/1.0)  and RFC 2616 (HTTP/1.1) , several related specifications (RFC 2109 (Cookies) , RFC 2617 (HTTP Authentication) , etc.), and provides a framework by which new request types (methods) or HTTP extensions can be created easily.

License:

Apache License: http://www.apache.org/licenses/LICENSE-2.0
File Path: /var/simplicite/.m2/repository/commons-httpclient/commons-httpclient/3.1/commons-httpclient-3.1.jar
MD5: 8ad8c9229ef2d59ab9f59f7050e846a5
SHA1: 964cd74171f427720480efdec40a7c7f6e58426a
SHA256:dbd4953d013e10e7c1cc3701a3e6ccd8c950c892f08d804fabfac21705930443
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

CVE-2012-5783  

Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
CWE-295 Improper Certificate Validation

CVSSv2:
  • Base Score: MEDIUM (5.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N

References:

Vulnerable Software & Versions:

CVE-2020-13956  

Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.
NVD-CWE-noinfo

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (5.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References:

Vulnerable Software & Versions: (show all)

commons-imaging-1.0-alpha2.jar

Description:

Apache Commons Imaging (previously Sanselan) is a pure-Java image library.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/commons/commons-imaging/1.0-alpha2/commons-imaging-1.0-alpha2.jar
MD5: b1b9d002d76145c50fe3947d7b9724e2
SHA1: 838bd680e85e4611cdc0a81c81174bb87927e255
SHA256:64d649007364d70dcab24a1f895646e6976f5e2b339ba73a4af20642d041666a
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

commons-io-2.8.0.jar

Description:

The Apache Commons IO library contains utility classes, stream implementations, file filters,
file comparators, endian transformation classes, and much more.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/commons-io/commons-io/2.8.0/commons-io-2.8.0.jar
MD5: 21ba575792e2694c39af13918a80550b
SHA1: 92999e26e6534606b5678014e66948286298a35c
SHA256:02f291e5d1243dc143496e3cbbb40a1ced47aa58f2d633d3e38780cd068d5074
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

commons-lang-2.6.jar

Description:

        Commons Lang, a package of Java utility classes for the
        classes that are in java.lang's hierarchy, or are considered to be so
        standard as to justify existence in java.lang.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/commons-lang/commons-lang/2.6/commons-lang-2.6.jar
MD5: 4d5c1693079575b362edf41500630bbd
SHA1: 0ce1edb914c94ebc388f086c6827e8bdeec71ac2
SHA256:50f11b09f877c294d56f24463f47d28f929cf5044f648661c0f0cfbae9a2f49c
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

commons-lang3-3.11.jar

Description:

  Apache Commons Lang, a package of Java utility classes for the
  classes that are in java.lang's hierarchy, or are considered to be so
  standard as to justify existence in java.lang.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/commons/commons-lang3/3.11/commons-lang3-3.11.jar
MD5: c592f49f703f9b3ab25556559b1ff379
SHA1: 68e9a6adf7cf8eb7e9d31bbc554c7c75eeaac568
SHA256:4ee380259c068d1dbe9e84ab52186f2acd65de067ec09beff731fca1697fdb16
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

commons-logging-1.2.jar

Description:

Apache Commons Logging is a thin adapter allowing configurable bridging to other,
    well known logging systems.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/commons-logging/commons-logging/1.2/commons-logging-1.2.jar
MD5: 040b4b4d8eac886f6b4a2a3bd2f31b00
SHA1: 4bfc12adfe4842bf07b657f0369c4cb522955686
SHA256:daddea1ea0be0f56978ab3006b8ac92834afeefbd9b7e4e6316fca57df0fa636
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

commons-math3-3.6.1.jar

Description:

The Apache Commons Math project is a library of lightweight, self-contained mathematics and statistics components addressing the most common practical problems not immediately available in the Java programming language or commons-lang.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/commons/commons-math3/3.6.1/commons-math3-3.6.1.jar
MD5: 5b730d97e4e6368069de1983937c508e
SHA1: e4ba98f1d4b3c80ec46392f25e094a6a2e58fcbf
SHA256:1e56d7b058d28b65abd256b8458e3885b674c1d588fa43cd7d1cbb9c7ef2b308
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

commons-net-3.7.2.jar

Description:

Apache Commons Net library contains a collection of network utilities and protocol implementations.
Supported protocols include: Echo, Finger, FTP, NNTP, NTP, POP3(S), SMTP(S), Telnet, Whois

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/commons-net/commons-net/3.7.2/commons-net-3.7.2.jar
MD5: 2255a15c53751f988d1a56b047959ede
SHA1: fc22868c06d0b59dc97f23dc93ca77efd9381ab2
SHA256:a84e3429f8aeedefdfc11df060e50e1e0e90e9fc7f960f14dba49be38c4572d1
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

CVE-2021-37533  

Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711.
CWE-20 Improper Input Validation

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions:

commons-pool2-2.11.1.jar

Description:

The Apache Commons Object Pooling Library.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/commons/commons-pool2/2.11.1/commons-pool2-2.11.1.jar
MD5: 2210a041929e7c94485d5402458340b9
SHA1: 8970fd110c965f285ed4c6e40be7630c62db6f68
SHA256:ea0505ee7515e58b1ac0e686e4d1a5d9f7d808e251a61bc371aa0595b9963f83
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

commons-validator-1.7.jar

Description:

    Apache Commons Validator provides the building blocks for both client side validation and server side data validation.
    It may be used standalone or with a framework like Struts.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/commons-validator/commons-validator/1.7/commons-validator-1.7.jar
MD5: 4b6f22de69432bc03254b47310d59651
SHA1: 76069c915de3787f3ddd8726a56f47a95bfcbb0e
SHA256:4d74f4ce4fb68b2617edad086df6defdf9338467d2377d2c62e69038e1c4f02f
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

commons-vfs2-2.7.0.jar

Description:

Apache Commons VFS is a Virtual File System library.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/commons/commons-vfs2/2.7.0/commons-vfs2-2.7.0.jar
MD5: ece34444a38affd242a24541a7ff8329
SHA1: 1c8990c6c4f8e5e3e108620c5b6612e8051c3fea
SHA256:5966fb6943202a82d2cb1b948bc56ba08caf5f9554e6f72ee9ce1e4cbea36e20
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

concat-map:0.0.1

Description:

concatenative mapdashery

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/concat-map:0.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/brace-expansion:1.1.11

Identifiers

config-chain:1.1.13

Description:

HANDLE CONFIGURATION ONCE AND FOR ALL

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?js-beautify:1.14.0/config-chain:^1.1.12

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@pnpm/npm-conf:2.2.2
  • simplicite-js:5.1.65/js-beautify:1.14.0

Identifiers

configstore:5.0.1

Description:

Easily load and save config without having to think about where and how

License:

BSD-2-Clause
File Path: /var/simplicite/simplicite-5.1/package-lock.json?update-notifier:4.1.3/configstore:^5.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/update-notifier:5.1.0
  • simplicite-js:5.1.65/update-notifier:6.0.2
  • simplicite-js:5.1.65/update-notifier:4.1.3

Identifiers

conscrypt-openjdk-uber-2.2.1.jar

Description:

Conscrypt: OpenJdk UberJAR

License:

Apache 2: https://www.apache.org/licenses/LICENSE-2.0
File Path: /var/simplicite/.m2/repository/org/conscrypt/conscrypt-openjdk-uber/2.2.1/conscrypt-openjdk-uber-2.2.1.jar
MD5: 14be6639cf4f0b39a43a2e6afa6462e4
SHA1: 59a346d64c0ddca750c5c877e274d5e6278e53ce
SHA256:27f4314bf01e5af288ade537f06cb6eb7f0c760aed4a8d7cf441de71de0a7abb
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

conscrypt-openjdk-uber-2.2.1.jar: conscrypt_openjdk_jni-windows-x86.dll

File Path: /var/simplicite/.m2/repository/org/conscrypt/conscrypt-openjdk-uber/2.2.1/conscrypt-openjdk-uber-2.2.1.jar/META-INF/native/conscrypt_openjdk_jni-windows-x86.dll
MD5: b2f1e1d5cfb95e8df9fa2ff5b9f41ded
SHA1: ff34a602794c24bf674cb2cf165c0add4869a9e0
SHA256:1e7bb8e15528f36f85a29301141fc9de6d9fd4605b20d39aeeac50586fea039a
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

  • None

conscrypt-openjdk-uber-2.2.1.jar: conscrypt_openjdk_jni-windows-x86_64.dll

File Path: /var/simplicite/.m2/repository/org/conscrypt/conscrypt-openjdk-uber/2.2.1/conscrypt-openjdk-uber-2.2.1.jar/META-INF/native/conscrypt_openjdk_jni-windows-x86_64.dll
MD5: 44c40c22b67e6e342cbe9dc987b49e2a
SHA1: 839a2daa3ccfaa28e13c3a925e8b9bccea1cd010
SHA256:cad5cc8321850c48c5f7435fe0af78075090b8090708b9ae3c5e1a448f2e059a
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

  • None

console-browserify:1.1.0

Description:

Emulate console for all the browsers

File Path: /var/simplicite/simplicite-5.1/package-lock.json?/console-browserify:1.1.0

Referenced In Projects/Scopes:

  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/jshint:2.12.0

Identifiers

console-control-strings:1.1.0

Description:

A library of cross-platform tested terminal/console command strings for doing things like color and cursor positioning.  This is a subset of both ansi and vt100.  All control codes included work on both Windows & Unix-like OSes, except where noted.

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?npmlog:6.0.2/console-control-strings:^1.1.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/gauge:4.0.4
  • simplicite-js:5.1.65/npmlog:6.0.2

Identifiers

convert-source-map:2.0.0

Description:

Converts a source-map from/to  different formats and allows adding/changing properties.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/convert-source-map:2.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/core:7.23.2
  • simplicite-js:5.1.65/@babel/cli:7.23.0

Identifiers

core-3.0.1.jar

Description:

Core barcode encoding/decoding library

File Path: /var/simplicite/.m2/repository/com/google/zxing/core/3.0.1/core-3.0.1.jar
MD5: 0a0184c3f92492f721d8631d6f5237de
SHA1: 9ebf6cd580d67601fbf88fd007aab4703b19e4c2
SHA256:38c49045765281e4c170062fa3f48e4e988629bf985cab850c7497be5eaa72a1
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

core-js-compat:3.33.0

Description:

core-js compat

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/core-js-compat:3.33.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/babel-plugin-polyfill-corejs3:0.8.5
  • simplicite-js:5.1.65/@babel/preset-env:7.23.2

Identifiers

core-js:3.31.0

Description:

Standard library

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/core-js:3.31.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/node:7.22.19

Identifiers

core-util-is:1.0.3

Description:

The `util.is*` functions introduced in Node v0.12.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?readable-stream:1.1.14/core-util-is:~1.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/readable-stream:2.3.8
  • simplicite-js:5.1.65/readable-stream:1.1.14

Identifiers

cosmiconfig:7.1.0

Description:

Find and load configuration from a package.json property, rc file, or CommonJS module

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?stylelint:14.16.1/cosmiconfig:^7.1.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/stylelint:14.16.1
  • simplicite-js:5.1.65/depcheck:1.4.3

Identifiers

cross-spawn:7.0.3

Description:

Cross platform child_process#spawn and child_process#spawnSync

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?spawn-please:2.0.2/cross-spawn:^7.0.3

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/eslint:8.52.0
  • simplicite-js:5.1.65/execa:5.1.1
  • simplicite-js:5.1.65/foreground-child:3.1.1
  • simplicite-js:5.1.65/spawn-please:2.0.2

Identifiers

crypto-random-string:2.0.0

Description:

Generate a cryptographically strong random string

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?unique-string:2.0.0/crypto-random-string:^2.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/unique-string:3.0.0
  • simplicite-js:5.1.65/unique-string:2.0.0

Identifiers

css-functions-list:3.1.0

Description:

List of standard and browser specific CSS functions.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?stylelint:14.16.1/css-functions-list:^3.1.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/stylelint:14.16.1

Identifiers

cssesc:3.0.0

Description:

A JavaScript library for escaping CSS strings and identifiers while generating the shortest possible ASCII-only output.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?postcss-selector-parser:6.0.13/cssesc:^3.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65/postcss-selector-parser:6.0.13
  • simplicite-js:5.1.65

Identifiers

curvesapi-1.06.jar

Description:

Implementation of various mathematical curves that define themselves over a set of control points. The API is written in Java. The curves supported are: Bezier, B-Spline, Cardinal Spline, Catmull-Rom Spline, Lagrange, Natural Cubic Spline, and NURBS.

License:

BSD License: http://opensource.org/licenses/BSD-3-Clause
File Path: /var/simplicite/.m2/repository/com/github/virtuald/curvesapi/1.06/curvesapi-1.06.jar
MD5: 049221bdb7f8d8a2065c02000e854ed4
SHA1: 159dd2e8956459a4eb0a9a6ecda9004d8d289708
SHA256:38bb45c99e6153260c19b97b99b6a7370a067de63344de6d1ea11922acaed86b
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

date-now:0.1.4

Description:

A requirable version of Date.now()

File Path: /var/simplicite/simplicite-5.1/package-lock.json?/date-now:0.1.4

Referenced In Projects/Scopes:

  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/console-browserify:1.1.0

Identifiers

debug:4.3.4

Description:

Lightweight debugging utility for Node.js and the browser

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?tuf-js:1.1.7/debug:^4.3.4

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/agentkeepalive:4.3.0
  • simplicite-js:5.1.65/rc-config-loader:4.1.3
  • simplicite-js:5.1.65/@babel/helper-define-polyfill-provider:0.4.3
  • simplicite-js:5.1.65/@humanwhocodes/config-array:0.11.13
  • simplicite-js:5.1.65/@babel/core:7.23.2
  • simplicite-js:5.1.65/eslint-plugin-jsdoc:46.8.2
  • simplicite-js:5.1.65/@eslint/eslintrc:2.1.2
  • simplicite-js:5.1.65/license-report:6.5.0
  • simplicite-js:5.1.65/http-proxy-agent:5.0.0
  • simplicite-js:5.1.65/tuf-js:1.1.7
  • simplicite-js:5.1.65/@babel/traverse:7.23.2
  • simplicite-js:5.1.65/socks-proxy-agent:7.0.0
  • simplicite-js:5.1.65/eslint:8.52.0
  • simplicite-js:5.1.65/agent-base:6.0.2
  • simplicite-js:5.1.65/stylelint:14.16.1
  • simplicite-js:5.1.65/https-proxy-agent:5.0.1
  • simplicite-js:5.1.65/depcheck:1.4.3

Identifiers

dec-0.1.2.jar

Description:

Brotli is a generic-purpose lossless compression algorithm.

License:

http://www.opensource.org/licenses/mit-license.php
File Path: /var/simplicite/.m2/repository/org/brotli/dec/0.1.2/dec-0.1.2.jar
MD5: 4b1cd14cf29733941cc536b27e6aedfa
SHA1: 0c26a897ae0d524809eef1c786cc6183b4ddcc3b
SHA256:615c0c3efef990d77831104475fba6a1f7971388691d4bad1471ad84101f6d52
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

decamelize-keys:1.1.1

Description:

Convert object keys from camelCase to lowercase with a custom separator

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?meow:9.0.0/decamelize-keys:^1.1.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65/meow:9.0.0
  • simplicite-js:5.1.65

Identifiers

decamelize:1.2.0

Description:

Convert a camelized string into a lowercased one with a custom separator: unicornRainbow → unicorn_rainbow

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?meow:9.0.0/decamelize:^1.2.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65/meow:9.0.0
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/decamelize-keys:1.1.1

Identifiers

decompress-response:6.0.0

Description:

Decompress a HTTP response if needed

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?got:13.0.0/decompress-response:^6.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/got:9.6.0
  • simplicite-js:5.1.65/got:13.0.0
  • simplicite-js:5.1.65/got:12.6.1

Identifiers

deep-extend:0.6.0

Description:

Recursive object extending

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?rc:1.2.8/deep-extend:^0.6.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/rc:1.2.8

Identifiers

deep-is:0.1.4

Description:

node's assert.deepEqual algorithm except for NaN being equal to NaN

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?optionator:0.9.3/deep-is:^0.1.3

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/optionator:0.9.3

Identifiers

defaults:1.0.4

Description:

merge single level defaults over a config object

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?wcwidth:1.0.1/defaults:^1.0.3

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/wcwidth:1.0.1

Identifiers

defer-to-connect:1.1.3

Description:

The safe way to handle the `connect` socket event

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/defer-to-connect:1.1.3

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

defer-to-connect:2.0.1

Description:

The safe way to handle the `connect` socket event

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/defer-to-connect:2.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@szmarczak/http-timer:5.0.1
  • simplicite-js:5.1.65/@szmarczak/http-timer:1.1.2

Identifiers

define-properties:1.2.0

Description:

Define multiple non-enumerable properties at once. Uses `Object.defineProperty` when available; falls back to standard assignment in older engines.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?string.prototype.trimstart:1.0.6/define-properties:^1.1.4

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/string.prototype.trimend:1.0.6
  • simplicite-js:5.1.65/function.prototype.name:1.1.5
  • simplicite-js:5.1.65/array.prototype.reduce:1.0.5
  • simplicite-js:5.1.65/regexp.prototype.flags:1.5.0
  • simplicite-js:5.1.65/object.getownpropertydescriptors:2.1.6
  • simplicite-js:5.1.65/globalthis:1.0.3
  • simplicite-js:5.1.65/string.prototype.trimstart:1.0.6
  • simplicite-js:5.1.65/string.prototype.trim:1.2.7
  • simplicite-js:5.1.65/object.assign:4.1.4

Identifiers

delegates:1.0.0

Description:

delegate methods and accessors to another property

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/delegates:1.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/are-we-there-yet:3.0.1

Identifiers

depcheck:1.4.3

Description:

Check dependencies in your node module

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?npm-check:6.0.1/depcheck:^1.3.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/npm-check:6.0.1

Identifiers

depd:2.0.0

Description:

Deprecate all the things

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/depd:2.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/agentkeepalive:4.3.0

Identifiers

deps-regex:0.1.4

Description:

Regular expression for matching javascript require statements.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/deps-regex:0.1.4

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/depcheck:1.4.3

Identifiers

diff-match-patch:1.0.5

Description:

npm package for https://github.com/google/diff-match-patch

License:

Apache-2.0
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/diff-match-patch:1.0.5

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/ace-diff:3.0.3

Identifiers

diffutils-1.3.0.jar

Description:

The DiffUtils library for computing diffs, applying patches, generationg side-by-side view in Java.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/googlecode/java-diff-utils/diffutils/1.3.0/diffutils-1.3.0.jar
MD5: 638158a6bca62926aa9986c92ccb15e0
SHA1: 7e060dd5b19431e6d198e91ff670644372f60fbd
SHA256:61ba4dc49adca95243beaa0569adc2a23aedb5292ae78aa01186fa782ebdc5c2
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

CVE-2021-4277  

A vulnerability, which was classified as problematic, has been found in fredsmith utils. This issue affects some unknown processing of the file screenshot_sync of the component Filename Handler. The manipulation leads to predictable from observable state. The name of the patch is dbab1b66955eeb3d76b34612b358307f5c4e3944. It is recommended to apply a patch to fix this issue. The identifier VDB-216749 was assigned to this vulnerability.
CWE-330 Use of Insufficiently Random Values

CVSSv3:
  • Base Score: MEDIUM (5.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References:

Vulnerable Software & Versions:

dir-glob:3.0.1

Description:

Convert directories to glob compatible strings

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?globby:11.1.0/dir-glob:^3.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/globby:11.1.0

Identifiers

docdash:2.0.2

Description:

A clean, responsive documentation template theme for JSDoc 3 inspired by lodash and minami

License:

Apache-2.0
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/docdash:2.0.2

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

doctrine:3.0.0

Description:

JSDoc parser

License:

Apache-2.0
File Path: /var/simplicite/simplicite-5.1/package-lock.json?eslint:8.52.0/doctrine:^3.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/eslint:8.52.0

Identifiers

docusign-esign-java-3.5.0.jar

Description:

The official DocuSign eSignature JAVA client is based on version 2 of the DocuSign REST API and provides libraries for JAVA application integration. It is recommended that you use this version of the library for new development.

License:

DocuSign Java Client License: https://raw.githubusercontent.com/docusign/docusign-java-client/master/LICENSE
File Path: /var/simplicite/.m2/repository/com/docusign/docusign-esign-java/3.5.0/docusign-esign-java-3.5.0.jar
MD5: 7b458d4dbd7e82d4db1678a8d3332e88
SHA1: 00ee25ddd49785db7804696440aeaa130985a88f
SHA256:fa225ccb4edf77208a8a4411bbf68802e51f8d60b2c32274ac400ccd19e3cfbc
Referenced In Project/Scope:Simplicite Platform:provided

Identifiers

docx4j-ImportXHTML-8.0.0.jar

Description:

		docx4j-ImportXHTML converts XHTML to OpenXML WordML (docx) using docx4j

License:

LGPL v2.1: http://www.gnu.org/licenses/lgpl-2.1.html
File Path: /var/simplicite/.m2/repository/org/docx4j/docx4j-ImportXHTML/8.0.0/docx4j-ImportXHTML-8.0.0.jar
MD5: 24d6600cd4f8f594d64de4ed925bd417
SHA1: f90d3d0f0f1d4463a1172b1cb26f8cb02b16da09
SHA256:d89550699321099bc98c45b58abf608a03fba557668eaba1e3301cdb98e678f4
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

docx4j-JAXB-ReferenceImpl-11.2.8.jar

Description:

config specifying that docx4j should use the JAXB reference impls

License:

Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/docx4j/docx4j-JAXB-ReferenceImpl/11.2.8/docx4j-JAXB-ReferenceImpl-11.2.8.jar
MD5: 47bede260898e195a2f73f11683f4480
SHA1: 3089efa2fbecf0296fbbff3a4c04e7a606a20ca8
SHA256:ee5ec2df8938abc0bc4a2a8ca76a99c867c4e7f1ede83476c14d33c3f39fca2c
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

docx4j-core-11.2.8.jar

Description:

docx4j is a library which helps you to work with the Office Open
		XML file format as used in docx
		documents, pptx presentations, and xlsx spreadsheets.

License:

Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/docx4j/docx4j-core/11.2.8/docx4j-core-11.2.8.jar
MD5: b81c8eea6b875dfb1de3663a88c8cf83
SHA1: 72053a18e2c7911f4dc4997967db3651c5837f5c
SHA256:7d7ca762c33ddfb4912e2654ce27e13a890f0866e7e7424ee9a20ebb272c1e42
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

docx4j-openxml-objects-11.2.8.jar

Description:

Our JAXB representation of OpenXML, except for pml and sml (handled separately)

License:

Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/docx4j/docx4j-openxml-objects/11.2.8/docx4j-openxml-objects-11.2.8.jar
MD5: 03af0f54fce303cf5b3477d95dc6e310
SHA1: 46444482c29ce062b26e5dd3436826be26150644
SHA256:ca707fe7fc69127e0c787bfbeddcd7d01783057efdd3b058eab4f88fa6f9a9d5
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

docx4j-openxml-objects-pml-11.2.8.jar

Description:

Our JAXB representation of OpenXML Presentation Markup Language (pml)

License:

Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/docx4j/docx4j-openxml-objects-pml/11.2.8/docx4j-openxml-objects-pml-11.2.8.jar
MD5: a80fa40ce33697aa8414fd01b1f18411
SHA1: 1d2a91952192437f10ff68ce08daaf1d95958848
SHA256:4445295c8d54d88bc37e405a5b6ce8c9730cbd8cd549e313a48fea1eb90599ea
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

docx4j-openxml-objects-sml-11.2.8.jar

Description:

Our JAXB representation of OpenXML Spreadsheet Markup Language (sml)

License:

Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/docx4j/docx4j-openxml-objects-sml/11.2.8/docx4j-openxml-objects-sml-11.2.8.jar
MD5: 27f0e2cc91350619f382d4623d07229e
SHA1: 0597634fb4001cf464ff2d595fc2e9813564a9ea
SHA256:aa4bf70fb37f75ffc9b2810353dde5da21e2eaff3e9b9c600a317e71c8575fb0
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

dom-serializer:0.2.2

Description:

render dom nodes to string

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/dom-serializer:0.2.2

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65/domutils:1.5.1
  • simplicite-js:5.1.65

Identifiers

domelementtype:1.3.1

Description:

all the types of nodes in htmlparser2's dom

License:

BSD-2-Clause
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/domelementtype:1.3.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65/domutils:1.5.1
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/dom-serializer:0.2.2
  • simplicite-js:5.1.65/domhandler:2.3.0
  • simplicite-js:5.1.65/htmlparser2:3.8.3

Identifiers

domelementtype:2.3.0

Description:

all the types of nodes in htmlparser2's dom

License:

BSD-2-Clause
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/domelementtype:2.3.0

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

domhandler:2.3.0

Description:

handler for htmlparser2 that turns pages into a dom

File Path: /var/simplicite/simplicite-5.1/package-lock.json?/domhandler:2.3.0

Referenced In Projects/Scopes:

  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/htmlparser2:3.8.3

Identifiers

domutils:1.5.1

Description:

utilities for working with htmlparser2's dom

File Path: /var/simplicite/simplicite-5.1/package-lock.json?/domutils:1.5.1

Referenced In Projects/Scopes:

  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/htmlparser2:3.8.3

Identifiers

dot-prop:5.3.0

Description:

Get, set, or delete a property from a nested object using a dot path

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/dot-prop:5.3.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/configstore:5.0.1
  • simplicite-js:5.1.65/configstore:6.0.0

Identifiers

dot-prop:6.0.1

Description:

Get, set, or delete a property from a nested object using a dot path

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/dot-prop:6.0.1

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

dtd-parser-1.4.1.jar

Description:

SAX-like API for parsing XML DTDs.

License:

Eclipse Distribution License - v 1.0: http://www.eclipse.org/org/documents/edl-v10.php
File Path: /var/simplicite/.m2/repository/com/sun/xml/dtd-parser/dtd-parser/1.4.1/dtd-parser-1.4.1.jar
MD5: 888996ba7078ccac5d93b19b28605ca7
SHA1: c5957db3100f10d1604141ae1545e59e774da2e6
SHA256:7d02cf299162ed207df82a02079d1d9ac4569d34146b4c3ddc7f1de8f9711d46
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

duplexer3:0.1.5

Description:

Like duplexer but using streams3

License:

BSD-3-Clause
File Path: /var/simplicite/simplicite-5.1/package-lock.json?got:9.6.0/duplexer3:^0.1.4

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/got:9.6.0

Identifiers

eastasianwidth:0.2.0

Description:

Get East Asian Width from a character.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?string-width:5.1.2/eastasianwidth:^0.2.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/string-width:5.1.2

Identifiers

eddsa-0.3.0.jar

Description:

Implementation of EdDSA in Java

License:

CC0 1.0 Universal: https://creativecommons.org/publicdomain/zero/1.0/
File Path: /var/simplicite/.m2/repository/net/i2p/crypto/eddsa/0.3.0/eddsa-0.3.0.jar
MD5: ee7de3b6f19de76a06e465efc978f669
SHA1: 1901c8d4d8bffb7d79027686cfb91e704217c3e1
SHA256:4dda1120db856640dbec04140ed23242215a075fe127bdefa0dcfa29fb31267d
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

editorconfig:0.15.3

Description:

EditorConfig File Locator and Interpreter for Node.js

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?js-beautify:1.14.0/editorconfig:^0.15.3

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/js-beautify:1.14.0

Identifiers

ehcache-core-2.6.2.jar

Description:

This is the ehcache core module. Pair it with other modules for added functionality.

License:

The Apache Software License, Version 2.0: src/assemble/EHCACHE-CORE-LICENSE.txt
File Path: /var/simplicite/.m2/repository/net/sf/ehcache/ehcache-core/2.6.2/ehcache-core-2.6.2.jar
MD5: b6abecd2c01070700a9001b33b94b3f4
SHA1: 3baecd92015a9f8fe4cf51c8b5d3a5bddcdd3e86
SHA256:df61f1a1724aa674d922dce21965b907df8f77e730679ae1abe92679390a2fd6
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

ehcache-core-2.6.2.jar: sizeof-agent.jar

File Path: /var/simplicite/.m2/repository/net/sf/ehcache/ehcache-core/2.6.2/ehcache-core-2.6.2.jar/net/sf/ehcache/pool/sizeof/sizeof-agent.jar
MD5: 5ad919b3ac0516897bdca079c9a222a8
SHA1: e86399a80ae6a6c7a563717eaa0ce9ba4708571c
SHA256:3bcd560ca5f05248db9b689244b043e9c7549e3791281631a64e5dfff15870d2
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

electron-to-chromium:1.4.553

Description:

Provides a list of electron-to-chromium version mappings

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/electron-to-chromium:1.4.553

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/browserslist:4.22.1

Identifiers

emoji-regex:8.0.0

Description:

A regular expression to match all Emoji-only symbols as per the Unicode Standard.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?string-width-cjs:4.2.3/emoji-regex:^8.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/string-width-cjs:4.2.3
  • simplicite-js:5.1.65/string-width:4.2.3
  • simplicite-js:5.1.65/string-width:5.1.2

Identifiers

encoding:0.1.13

Description:

Convert encodings, uses iconv-lite

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/encoding:0.1.13

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

end-of-stream:1.4.4

Description:

Call a callback when a readable/writable/duplex stream has completed or failed.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?pump:3.0.0/end-of-stream:^1.1.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65/pump:3.0.0
  • simplicite-js:5.1.65

Identifiers

entities:1.0.0

Description:

Encode & decode XML/HTML entities with ease

License:

BSD-like
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/entities:1.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/markdown-it:12.3.2
  • simplicite-js:5.1.65/dom-serializer:0.2.2
  • simplicite-js:5.1.65/htmlparser2:3.8.3

Identifiers

entities:2.1.0

Description:

Encode & decode XML and HTML entities with ease

License:

BSD-2-Clause
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/entities:2.1.0

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

entities:2.2.0

Description:

Encode & decode XML and HTML entities with ease

License:

BSD-2-Clause
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/entities:2.2.0

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

env-paths:2.2.1

Description:

Get paths for storing things like data, config, cache, etc

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?node-gyp:9.4.0/env-paths:^2.2.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/node-gyp:9.4.0

Identifiers

eol:0.9.1

Description:

Newline character converter

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?license-report:6.5.0/eol:^0.9.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/license-report:6.5.0

Identifiers

err-code:2.0.3

Description:

Create an error with a code

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?promise-retry:2.0.1/err-code:^2.0.2

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/promise-retry:2.0.1

Identifiers

error-ex:1.3.2

Description:

Easy error subclassing and stack customization

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?parse-json:5.2.0/error-ex:^1.3.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/parse-json:5.2.0

Identifiers

error_prone_annotations-2.3.4.jar

License:

Apache 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/google/errorprone/error_prone_annotations/2.3.4/error_prone_annotations-2.3.4.jar
MD5: 67beeee58df00366100061c7da82f4c2
SHA1: dac170e4594de319655ffb62f41cbd6dbb5e601e
SHA256:baf7d6ea97ce606c53e11b6854ba5f2ce7ef5c24dddf0afa18d1260bd25b002c
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

es-abstract:1.21.2

Description:

ECMAScript spec abstract operations.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?string.prototype.trimstart:1.0.6/es-abstract:^1.20.4

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/string.prototype.trimend:1.0.6
  • simplicite-js:5.1.65/function.prototype.name:1.1.5
  • simplicite-js:5.1.65/array.prototype.reduce:1.0.5
  • simplicite-js:5.1.65/object.getownpropertydescriptors:2.1.6
  • simplicite-js:5.1.65/string.prototype.trimstart:1.0.6
  • simplicite-js:5.1.65/string.prototype.trim:1.2.7

Identifiers

es-array-method-boxes-properly:1.0.0

Description:

Utility package to determine if an `Array.prototype` method properly boxes the callback's receiver and third argument.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/es-array-method-boxes-properly:1.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/array.prototype.reduce:1.0.5

Identifiers

es-set-tostringtag:2.0.1

Description:

A helper to optimistically set Symbol.toStringTag, when possible.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/es-set-tostringtag:2.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/es-abstract:1.21.2

Identifiers

es-to-primitive:1.2.1

Description:

ECMAScript “ToPrimitive” algorithm. Provides ES5 and ES2015 versions.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/es-to-primitive:1.2.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/es-abstract:1.21.2

Identifiers

escalade:3.1.1

Description:

A tiny (183B to 210B) and fast utility to ascend parent directories

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?yargs:16.2.0/escalade:^3.1.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/yargs:16.2.0
  • simplicite-js:5.1.65/update-browserslist-db:1.0.13

Identifiers

escape-goat:2.1.1

Description:

Escape a string for use in HTML or the inverse

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?pupa:2.1.1/escape-goat:^2.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/pupa:2.1.1
  • simplicite-js:5.1.65/pupa:3.1.0

Identifiers

escape-string-regexp:1.0.5

Description:

Escape RegExp special characters

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?figures:3.2.0/escape-string-regexp:^1.0.5

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65/figures:3.2.0
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/eslint:8.52.0
  • simplicite-js:5.1.65/eslint-plugin-jsdoc:46.8.2
  • simplicite-js:5.1.65/jsdoc:4.0.2
  • simplicite-js:5.1.65/chalk:2.4.2

Identifiers

escape-string-regexp:2.0.0

Description:

Escape RegExp special characters

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/escape-string-regexp:2.0.0

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

escape-string-regexp:4.0.0

Description:

Escape RegExp special characters

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/escape-string-regexp:4.0.0

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

eslint-plugin-jsdoc:46.8.2

Description:

JSDoc linting rules for ESLint.

License:

BSD-3-Clause
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/eslint-plugin-jsdoc:46.8.2

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

eslint-scope:7.2.2

Description:

ECMAScript scope analyzer for ESLint

License:

BSD-2-Clause
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/eslint-scope:7.2.2

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/eslint:8.52.0

Identifiers

eslint-visitor-keys:3.4.3

Description:

Constants and utilities about visitor keys to traverse AST.

License:

Apache-2.0
File Path: /var/simplicite/simplicite-5.1/package-lock.json?espree:9.6.1/eslint-visitor-keys:^3.4.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/eslint:8.52.0
  • simplicite-js:5.1.65/@eslint-community/eslint-utils:4.4.0
  • simplicite-js:5.1.65/espree:9.6.1

Identifiers

eslint:8.52.0

Description:

An AST-based pattern checker for JavaScript.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/eslint:8.52.0

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

espree:9.6.1

Description:

An Esprima-compatible JavaScript parser built on Acorn

License:

BSD-2-Clause
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/espree:9.6.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/eslint:8.52.0
  • simplicite-js:5.1.65/@eslint/eslintrc:2.1.2

Identifiers

esprima:4.0.1

Description:

ECMAScript parsing infrastructure for multipurpose analysis

License:

BSD-2-Clause
File Path: /var/simplicite/simplicite-5.1/package-lock.json?js-yaml:3.14.1/esprima:^4.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/js-yaml:3.14.1

Identifiers

esquery:1.5.0

Description:

A query library for ECMAScript AST using a CSS selector like query language.

License:

BSD-3-Clause
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/esquery:1.5.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/eslint:8.52.0
  • simplicite-js:5.1.65/eslint-plugin-jsdoc:46.8.2
  • simplicite-js:5.1.65/@es-joy/jsdoccomment:0.40.1

Identifiers

esrecurse:4.3.0

Description:

ECMAScript AST recursive visitor

License:

BSD-2-Clause
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/esrecurse:4.3.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/eslint-scope:7.2.2

Identifiers

estraverse:5.3.0

Description:

ECMAScript JS AST traversal functions

License:

BSD-2-Clause
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/estraverse:5.3.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/esrecurse:4.3.0
  • simplicite-js:5.1.65/eslint-scope:7.2.2
  • simplicite-js:5.1.65/esquery:1.5.0

Identifiers

estree-walker:2.0.2

Description:

Traverse an ESTree-compliant AST

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/estree-walker:2.0.2

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@vue/reactivity-transform:3.3.4
  • simplicite-js:5.1.65/@vue/compiler-sfc:3.3.4
  • simplicite-js:5.1.65/@vue/compiler-core:3.3.4

Identifiers

esutils:2.0.3

Description:

utility box for ECMAScript language tools

License:

BSD-2-Clause
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/esutils:2.0.3

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/eslint:8.52.0
  • simplicite-js:5.1.65/doctrine:3.0.0
  • simplicite-js:5.1.65/@babel/preset-modules:0.1.6-no-external-plugins

Identifiers

execa:5.1.1

Description:

Process execution for humans

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?npm-check:6.0.1/execa:^5.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/npm-check:6.0.1

Identifiers

exit:0.1.2

Description:

A replacement for process.exit that ensures stdio are fully drained before exiting.

File Path: /var/simplicite/simplicite-5.1/package-lock.json?/exit:0.1.2

Referenced In Projects/Scopes:

  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/jshint:2.12.0
  • simplicite-js:5.1.65/cli:1.0.1

Identifiers

exponential-backoff:3.1.1

Description:

A utility that allows retrying a function with an exponential delay between attempts.

License:

Apache-2.0
File Path: /var/simplicite/simplicite-5.1/package-lock.json?node-gyp:9.4.0/exponential-backoff:^3.1.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/node-gyp:9.4.0

Identifiers

external-editor:3.1.0

Description:

Edit a string with the users preferred text editor using $VISUAL or $ENVIRONMENT

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?inquirer:7.3.3/external-editor:^3.0.3

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/inquirer:7.3.3

Identifiers

failureaccess-1.0.1.jar

Description:

    Contains
    com.google.common.util.concurrent.internal.InternalFutureFailureAccess and
    InternalFutures. Most users will never need to use this artifact. Its
    classes is conceptually a part of Guava, but they're in this separate
    artifact so that Android libraries can use them without pulling in all of
    Guava (just as they can use ListenableFuture by depending on the
    listenablefuture artifact).

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.jar
MD5: 091883993ef5bfa91da01dcc8fc52236
SHA1: 1dcf1de382a0bf95a3d8b0849546c88bac1292c9
SHA256:a171ee4c734dd2da837e4b16be9df4661afab72a41adaf31eb84dfdaf936ca26
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

fast-and-simple-minify-1.0.jar

Description:

fast-and-simple-minify is a combined java-port of the JSMin and CSSMin utility with some additional features

License:

The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/ch/simschla/fast-and-simple-minify/1.0/fast-and-simple-minify-1.0.jar
MD5: 762fd1d990bb4e97a7581d2cd3255fc1
SHA1: ade6ae013ee38869b79eeb0661203451ddc16f46
SHA256:86e94527a0705c1ac20ff2b80e7d673975cc92f988210cc440f5bd1bb44087b5
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

fast-deep-equal:3.1.3

Description:

Fast deep equal

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?ajv:8.12.0/fast-deep-equal:^3.1.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/eslint:8.52.0
  • simplicite-js:5.1.65/ajv:8.12.0
  • simplicite-js:5.1.65/ajv:6.12.6

Identifiers

fast-glob:3.3.0

Description:

It's a very fast and efficient glob library for Node.js

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?stylelint:14.16.1/fast-glob:^3.2.12

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/globby:11.1.0
  • simplicite-js:5.1.65/stylelint:14.16.1

Identifiers

fast-json-stable-stringify:2.1.0

Description:

deterministic `JSON.stringify()` - a faster version of substack's json-stable-strigify without jsonify

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/fast-json-stable-stringify:2.1.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/ajv:6.12.6

Identifiers

fast-levenshtein:2.0.6

Description:

Efficient implementation of Levenshtein algorithm  with locale-specific collator support.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?optionator:0.9.3/fast-levenshtein:^2.0.6

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/optionator:0.9.3

Identifiers

fast-memoize:2.5.2

Description:

Fastest memoization lib that supports N arguments

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?npm-check-updates:16.14.6/fast-memoize:^2.5.2

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/npm-check-updates:16.14.6

Identifiers

fastest-levenshtein:1.0.16

Description:

Fastest Levenshtein distance implementation in JS.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?stylelint:14.16.1/fastest-levenshtein:^1.0.16

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/stylelint:14.16.1

Identifiers

fastq:1.15.0

Description:

Fast, in memory work queue

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/fastq:1.15.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@nodelib/fs.walk:1.2.8

Identifiers

figures:3.2.0

Description:

Unicode symbols with Windows CMD fallbacks

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?inquirer:7.3.3/figures:^3.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/inquirer:7.3.3

Identifiers

file-entry-cache:6.0.1

Description:

Super simple cache for file metadata, useful for process that work o a given series of files and that only need to repeat the job on the changed ones since the previous run of the process

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?stylelint:14.16.1/file-entry-cache:^6.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/eslint:8.52.0
  • simplicite-js:5.1.65/stylelint:14.16.1

Identifiers

fill-range:7.0.1

Description:

Fill in a range of numbers or letters, optionally passing an increment or `step` to use, or create a regex-compatible range with `options.toRegex`

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/fill-range:7.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/braces:3.0.2

Identifiers

find-cache-dir:2.1.0

Description:

Finds the common standard cache directory

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/find-cache-dir:2.1.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/register:7.22.15

Identifiers

find-up:3.0.0

Description:

Find a file or directory by walking up parent directories

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/find-up:3.0.0

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

find-up:4.1.0

Description:

Find a file or directory by walking up parent directories

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/find-up:4.1.0

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

find-up:5.0.0

Description:

Find a file or directory by walking up parent directories

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?preferred-pm:3.0.3/find-up:^5.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/eslint:8.52.0
  • simplicite-js:5.1.65/read-pkg-up:7.0.1
  • simplicite-js:5.1.65/preferred-pm:3.0.3
  • simplicite-js:5.1.65/pkg-dir:5.0.0
  • simplicite-js:5.1.65/npm-check-updates:16.14.6
  • simplicite-js:5.1.65/pkg-dir:3.0.0
  • simplicite-js:5.1.65/pkg-dir:4.2.0

Identifiers

find-yarn-workspace-root2:1.2.16

Description:

Algorithm for finding the root of a yarn workspace, extracted from yarnpkg.com

License:

Apache-2.0
File Path: /var/simplicite/simplicite-5.1/package-lock.json?preferred-pm:3.0.3/find-yarn-workspace-root2:1.2.16

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/preferred-pm:3.0.3

Identifiers

firebase-admin-6.12.0.jar

Description:

        This is the official Firebase Admin Java SDK. Build extraordinary native JVM apps in
        minutes with Firebase. The Firebase platform can power your app’s backend, user
        authentication, static hosting, and more.

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/google/firebase/firebase-admin/6.12.0/firebase-admin-6.12.0.jar
MD5: 59f379b958fecc8f57bb26d43ff854a9
SHA1: e24883795d6832c52709b7f9f38692d38fe17016
SHA256:b7b005edb9325ae97363ed3f64cbe6759510e6484cf270dec02e39791e69da43
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

flat-cache:3.0.4

Description:

A stupidly simple key/value storage using files to persist some data

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/flat-cache:3.0.4

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/file-entry-cache:6.0.1

Identifiers

flatted:3.2.7

Description:

A super light and fast circular JSON parser.

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/flatted:3.2.7

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/flat-cache:3.0.4

Identifiers

fontbox-2.0.22.jar

Description:

    The Apache FontBox library is an open source Java tool to obtain low level information
    from font files. FontBox is a subproject of Apache PDFBox.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/pdfbox/fontbox/2.0.22/fontbox-2.0.22.jar
MD5: dba672a1fa1386423d94aced4b573e22
SHA1: 8b1db262fa6b79cde6d1c8e976a530b960820ae3
SHA256:9710db93da64d85a609120a627878f409995ec530a092ababd80d51033d2e508
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

for-each:0.3.3

Description:

A better forEach

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?which-typed-array:1.1.9/for-each:^0.3.3

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/is-typed-array:1.1.10
  • simplicite-js:5.1.65/typed-array-length:1.0.4
  • simplicite-js:5.1.65/which-typed-array:1.1.9

Identifiers

foreground-child:3.1.1

Description:

Run a child as if it's the foreground process. Give it stdio. Exit when it exits.

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?glob:10.3.3/foreground-child:^3.1.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/glob:10.3.10
  • simplicite-js:5.1.65/glob:10.3.3

Identifiers

form-data-encoder:2.1.4

Description:

Encode FormData content into the multipart/form-data format

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?got:13.0.0/form-data-encoder:^2.1.2

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/got:13.0.0
  • simplicite-js:5.1.65/got:12.6.1

Identifiers

fp-and-or:0.1.4

Description:

Simple `and` and `or` functional programming predicates

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?npm-check-updates:16.14.6/fp-and-or:^0.1.4

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/npm-check-updates:16.14.6

Identifiers

fs-extra:8.1.0

Description:

fs-extra contains methods that aren't included in the vanilla Node.js fs package. Such as mkdir -p, cp -r, and rm -rf.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?npm-audit-html:1.5.0/fs-extra:^8.1.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/npm-audit-html:1.5.0

Identifiers

fs-minipass:2.1.0

Description:

fs read and write streams based on minipass

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/fs-minipass:2.1.0

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

fs-minipass:3.0.2

Description:

fs read and write streams based on minipass

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?pacote:15.2.0/fs-minipass:^3.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65/tar:6.1.15
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/pacote:15.2.0
  • simplicite-js:5.1.65/cacache:17.1.3

Identifiers

fs-readdir-recursive:1.1.0

Description:

Recursively read a directory

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/fs-readdir-recursive:1.1.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/cli:7.23.0

Identifiers

fs.realpath:1.0.0

Description:

Use node's fs.realpath, but fall back to the JS implementation if the native one fails

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?glob:7.2.3/fs.realpath:^1.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/glob:7.2.3

Identifiers

function-bind:1.1.1

Description:

Implementation of Function.prototype.bind

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?has:1.0.3/function-bind:^1.1.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/has:1.0.3
  • simplicite-js:5.1.65/get-intrinsic:1.2.1
  • simplicite-js:5.1.65/call-bind:1.0.2

Identifiers

function.prototype.name:1.1.5

Description:

An ES2015 spec-compliant `Function.prototype.name` shim

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/function.prototype.name:1.1.5

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/es-abstract:1.21.2

Identifiers

functions-have-names:1.2.3

Description:

Does this JS environment support the `name` property on functions?

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?regexp.prototype.flags:1.5.0/functions-have-names:^1.2.3

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/function.prototype.name:1.1.5
  • simplicite-js:5.1.65/regexp.prototype.flags:1.5.0

Identifiers

fuzzywuzzy-1.3.1.jar (shaded: me.xdrop:diffutils:1.3)

File Path: /var/simplicite/.m2/repository/me/xdrop/fuzzywuzzy/1.3.1/fuzzywuzzy-1.3.1.jar/META-INF/maven/me.xdrop/diffutils/pom.xml
MD5: 9d75ff06b99ebf130bb19c8e085714b2
SHA1: edcb90cdd072a9291d9580eb01656c925a73cdad
SHA256:8f44a4acb88339f7d9d858d504a8f88d268e4fc6094d0e55f8918227b87709bf
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

fuzzywuzzy-1.3.1.jar (shaded: me.xdrop:fuzzywuzzy-build:1.3.1)

Description:

Fuzzy string matching algorithm for Java

License:

GPL 2: https://www.gnu.org/licenses/old-licenses/gpl-2.0.html
File Path: /var/simplicite/.m2/repository/me/xdrop/fuzzywuzzy/1.3.1/fuzzywuzzy-1.3.1.jar/META-INF/maven/me.xdrop/fuzzywuzzy-build/pom.xml
MD5: c15930598f1712ac392d73ef1fc51fa0
SHA1: 5d8908e51ae7bb25697600f6b0238a63b1289e22
SHA256:d60db08c740e18d5bf4bebfe4e7afca866a4dc57dac047d090807e55f1a707b9
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

fuzzywuzzy-1.3.1.jar

Description:

Fuzzy string searching implementation of the well-known fuzzywuzzy algorithm in Java

License:

GPL 2: https://www.gnu.org/licenses/old-licenses/gpl-2.0.html
File Path: /var/simplicite/.m2/repository/me/xdrop/fuzzywuzzy/1.3.1/fuzzywuzzy-1.3.1.jar
MD5: c740aacfef63c5c3dd2c74bc4ca5df0c
SHA1: c691e88d356f92a29f22c68c56a053efba8569d0
SHA256:99947e309302a45870e48453e8f53faefa2ed03eea3bbc0e8fe8003905773bd3
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

gauge:4.0.4

Description:

A terminal based horizontal gauge

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?npmlog:6.0.2/gauge:^4.0.3

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/npmlog:6.0.2

Identifiers

gax-1.52.0.jar

Description:

Google Api eXtensions for Java

License:

BSD: https://github.com/googleapis/gax-java/blob/master/LICENSE
File Path: /var/simplicite/.m2/repository/com/google/api/gax/1.52.0/gax-1.52.0.jar
MD5: b3cd1e5531ae13f2b8f00b2eab126b69
SHA1: f386e4e022bb0eb415cbbf8ce927d473b002d101
SHA256:4a28323248655babe05deeca7f2d828e59bd02794d89d2d182490f531170ee80
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

gax-grpc-1.52.0.jar

Description:

Google Api eXtensions for Java

License:

BSD: https://github.com/googleapis/gax-java/blob/master/LICENSE
File Path: /var/simplicite/.m2/repository/com/google/api/gax-grpc/1.52.0/gax-grpc-1.52.0.jar
MD5: c6ff87dabbf4bb22d44cb748e29c59de
SHA1: fbf8a14d7d45e1f578418368adda769bb911a747
SHA256:a4b16f762c7b4997aa42b714b9c7f27aef66cff9f881726674ac695114c9718a
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

CVE-2023-1428  

There exists an vulnerability causing an abort() to be called in gRPC. 
The following headers cause gRPC's C++ implementation to abort() when called via http2:

te: x (x != trailers)

:scheme: x (x != http, https)

grpclb_client_stats: x (x == anything)

On top of sending one of those headers, a later header must be sent that gets the total header size past 8KB. We recommend upgrading past git commit 2485fa94bd8a723e5c977d55a3ce10b301b437f8 or v1.53 and above.
CWE-617 Reachable Assertion

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

CVE-2023-33953  

gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/ Three vectors were found that allow the following DOS attacks:

- Unbounded memory buffering in the HPACK parser
- Unbounded CPU consumption in the HPACK parser

The unbounded CPU consumption is down to a copy that occurred per-input-block in the parser, and because that could be unbounded due to the memory copy bug we end up with an O(n^2) parsing loop, with n selected by the client.

The unbounded memory buffering bugs:

- The header size limit check was behind the string reading code, so we needed to first buffer up to a 4 gigabyte string before rejecting it as longer than 8 or 16kb.
- HPACK varints have an encoding quirk whereby an infinite number of 0’s can be added at the start of an integer. gRPC’s hpack parser needed to read all of them before concluding a parse.
- gRPC’s metadata overflow check was performed per frame, so that the following sequence of frames could cause infinite buffering: HEADERS: containing a: 1 CONTINUATION: containing a: 2 CONTINUATION: containing a: 3 etc…
CWE-834 Excessive Iteration, CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2023-44487  

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2023-4785  

Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms (ex. Linux) allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are affected, but gRPC Java, and Go are NOT affected. 
NVD-CWE-noinfo

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2023-32732  

gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for `-bin` suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recommend upgrading beyond the commit in  https://github.com/grpc/grpc/pull/32309 https://www.google.com/url
NVD-CWE-Other

CVSSv3:
  • Base Score: MEDIUM (5.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

References:

Vulnerable Software & Versions:

gax-httpjson-0.69.0.jar

Description:

Google Api eXtensions for Java

License:

BSD: https://github.com/googleapis/gax-java/blob/master/LICENSE
File Path: /var/simplicite/.m2/repository/com/google/api/gax-httpjson/0.69.0/gax-httpjson-0.69.0.jar
MD5: 3650e33f054bbb386283f33592a4b0c5
SHA1: e60fb4c08c7cd8d60bfa5816e036c4fac1e6e5fe
SHA256:e69773d800a68a65468755a719ea52ff6050ca9c418bf914acf18b91b20aa032
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

CVE-2022-45688  

A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data.
CWE-787 Out-of-bounds Write

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2023-5072  

Denial of Service  in JSON-Java versions up to and including 20230618.  A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used. 
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

gensync:1.0.0-beta.2

Description:

Allows users to use generators in order to write common functions that can be both sync or async.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/gensync:1.0.0-beta.2

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/core:7.23.2

Identifiers

geoapi-3.0.1.jar

Description:


The development community in building GIS solutions is sustaining an enormous level
 of effort. The GeoAPI project aims to reduce duplication and increase interoperability
 by providing neutral, interface-only APIs derived from OGC/ISO Standards.

License:

https://raw.githubusercontent.com/opengeospatial/geoapi/master/LICENSE.txt
File Path: /var/simplicite/.m2/repository/org/opengis/geoapi/3.0.1/geoapi-3.0.1.jar
MD5: fa9a86892774b94b2bde0446ebbebd62
SHA1: a69b261841b0794b82b8d42fcd6e9a370eb62809
SHA256:ca1dfeba112d0dea575c7abba76a8ecd6ea7818e508de964302a9cfc4779b837
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

get-caller-file:2.0.5

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?yargs:16.2.0/get-caller-file:^2.0.5

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/yargs:16.2.0

Identifiers

get-intrinsic:1.2.1

Description:

Get and robustly cache all JS language-level intrinsics at first require time

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?side-channel:1.0.4/get-intrinsic:^1.0.2

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/has-property-descriptors:1.0.0
  • simplicite-js:5.1.65/es-abstract:1.21.2
  • simplicite-js:5.1.65/side-channel:1.0.4
  • simplicite-js:5.1.65/gopd:1.0.1
  • simplicite-js:5.1.65/get-symbol-description:1.0.0
  • simplicite-js:5.1.65/safe-array-concat:1.0.0
  • simplicite-js:5.1.65/is-array-buffer:3.0.2
  • simplicite-js:5.1.65/call-bind:1.0.2
  • simplicite-js:5.1.65/es-set-tostringtag:2.0.1
  • simplicite-js:5.1.65/safe-regex-test:1.0.0
  • simplicite-js:5.1.65/internal-slot:1.0.5

Identifiers

get-stdin:5.0.1

Description:

Get stdin as a string or buffer

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/get-stdin:5.0.1

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

get-stdin:8.0.0

Description:

Get stdin as a string or buffer

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?npm-check-updates:16.14.6/get-stdin:^8.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/split-text-to-chunks:1.0.0
  • simplicite-js:5.1.65/npm-check-updates:16.14.6

Identifiers

get-stream:5.2.0

Description:

Get a stream as a string, buffer, or array

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/get-stream:5.2.0

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

get-stream:6.0.1

Description:

Get a stream as a string, buffer, or array

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?got:13.0.0/get-stream:^6.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/cacheable-request:10.2.12
  • simplicite-js:5.1.65/got:9.6.0
  • simplicite-js:5.1.65/execa:5.1.1
  • simplicite-js:5.1.65/cacheable-request:6.1.0
  • simplicite-js:5.1.65/got:13.0.0
  • simplicite-js:5.1.65/got:12.6.1

Identifiers

get-symbol-description:1.0.0

Description:

Gets the description of a Symbol. Handles `Symbol()` vs `Symbol('')` properly when possible.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/get-symbol-description:1.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/es-abstract:1.21.2

Identifiers

giturl:1.0.3

Description:

Transfer git url to web url

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?npm-check:6.0.1/giturl:^1.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/npm-check:6.0.1

Identifiers

glob-parent:5.1.2

Description:

Extract the non-magic parent path from a glob string.

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/glob-parent:5.1.2

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/eslint:8.52.0
  • simplicite-js:5.1.65/fast-glob:3.3.0
  • simplicite-js:5.1.65/chokidar:3.5.3

Identifiers

glob-parent:6.0.2

Description:

Extract the non-magic parent path from a glob string.

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/glob-parent:6.0.2

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

glob:10.3.3

Description:

the most correct and second fastest glob implementation in JavaScript

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/glob:10.3.3

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

glob:7.2.3

Description:

a little globber

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?rimraf:3.0.2/glob:^7.1.3

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/rimraf:3.0.2
  • simplicite-js:5.1.65/cli:1.0.1
  • simplicite-js:5.1.65/cacache:17.1.3
  • simplicite-js:5.1.65/rimraf:5.0.5
  • simplicite-js:5.1.65/@babel/cli:7.23.0
  • simplicite-js:5.1.65/node-gyp:9.4.0
  • simplicite-js:5.1.65/js-beautify:1.14.0
  • simplicite-js:5.1.65/read-package-json:6.0.4

Identifiers

global-dirs:2.1.0

Description:

Get the directory of globally installed packages and binaries

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?is-installed-globally:0.3.2/global-dirs:^2.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/is-installed-globally:0.4.0
  • simplicite-js:5.1.65/is-installed-globally:0.3.2

Identifiers

global-modules:2.0.0

Description:

The directory used by npm for globally installed npm modules.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?stylelint:14.16.1/global-modules:^2.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/npm-check:6.0.1
  • simplicite-js:5.1.65/stylelint:14.16.1

Identifiers

global-prefix:3.0.0

Description:

Get the npm global path prefix.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/global-prefix:3.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/global-modules:2.0.0

Identifiers

globals:11.12.0

Description:

Global identifiers from different JavaScript environments

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/globals:11.12.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65/@babel/traverse:7.23.2
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/eslint:8.52.0
  • simplicite-js:5.1.65/@eslint/eslintrc:2.1.2
  • simplicite-js:5.1.65/@babel/plugin-transform-classes:7.22.15

Identifiers

globals:13.20.0

Description:

Global identifiers from different JavaScript environments

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/globals:13.20.0

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

globalthis:1.0.3

Description:

ECMAScript spec-compliant polyfill/shim for `globalThis`

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/globalthis:1.0.3

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/es-abstract:1.21.2

Identifiers

globby:11.1.0

Description:

User-friendly glob matching

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?stylelint:14.16.1/globby:^11.1.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/npm-check:6.0.1
  • simplicite-js:5.1.65/stylelint:14.16.1
  • simplicite-js:5.1.65/npm-check-updates:16.14.6

Identifiers

globjoin:0.1.4

Description:

Join paths and globs.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?stylelint:14.16.1/globjoin:^0.1.4

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/stylelint:14.16.1

Identifiers

google-api-client-1.30.7.jar

Description:

The Google API Client Library for Java provides functionality common to all Google APIs; for example HTTP transport, error handling, authentication, JSON parsing, media download/upload, and batching.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/google/api-client/google-api-client/1.30.7/google-api-client-1.30.7.jar
MD5: 0ca80f11bc834ec8aac16639c3376c9f
SHA1: 684626a9f57b8c1a64aac63a6a3811c8da4907b4
SHA256:85773551c2dbf2af6ffc11242a2721486179aee6f2f5e0e671f73744db7ee144
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

google-api-client-gson-1.30.7.jar

Description:

GSON extensions to the Google APIs Client Library for Java

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/google/api-client/google-api-client-gson/1.30.7/google-api-client-gson-1.30.7.jar
MD5: d44c58a55192d47bef946b47720bbfce
SHA1: 2cff54518d40d7495c1f11d16610528afe661db4
SHA256:16df3e9704220ebb627443a14912141154b4f33ffb316a7a74e4abbd853acbde
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

CVE-2022-45688  

A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data.
CWE-787 Out-of-bounds Write

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2023-5072  

Denial of Service  in JSON-Java versions up to and including 20230618.  A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used. 
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

google-api-services-calendar-v3-rev20191117-1.30.3.jar

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/google/apis/google-api-services-calendar/v3-rev20191117-1.30.3/google-api-services-calendar-v3-rev20191117-1.30.3.jar
MD5: ec65903462184d759908bd1edf59d2fe
SHA1: 96421bd7307b04a2370675df12a120ac113b8f53
SHA256:706f3565a8bcad79c13d0586b9187e2b02ab0955a586887c59c3e569e485c933
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

google-api-services-drive-v3-rev20191108-1.30.3.jar

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/google/apis/google-api-services-drive/v3-rev20191108-1.30.3/google-api-services-drive-v3-rev20191108-1.30.3.jar
MD5: 7a768da2352f158aed4a3b372f30cd1b
SHA1: fa754376cebfc31bf531c819400f13a3acfb3a0c
SHA256:6d122b5e76ce7f6b80aa860869e8f8b5e684db971bff45ea19f1218eac9c001d
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

google-api-services-gmail-v1-rev20191113-1.30.3.jar

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/google/apis/google-api-services-gmail/v1-rev20191113-1.30.3/google-api-services-gmail-v1-rev20191113-1.30.3.jar
MD5: 2a183ea3cab9b6057f49a3b31f156879
SHA1: 641302ba8008b6ff477d2716689f5ec1dddc2ecd
SHA256:3469198d82bb9f98bdaf1fe3fe51829b720f82cbe9a7db9ce61cd46cc66ba748
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

google-api-services-plus-v1-rev20190328-1.30.1.jar

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/google/apis/google-api-services-plus/v1-rev20190328-1.30.1/google-api-services-plus-v1-rev20190328-1.30.1.jar
MD5: d190b6cd10aee91d96975ee633ad4101
SHA1: 5d37538b7be26f10dff011cfb30bbf3ab9d8f19f
SHA256:6609b0440916f3c66197ed795f7642ae481a81bfb9b1f81da29928cf85a49891
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

google-api-services-sheets-v4-rev20191213-1.30.3.jar

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/google/apis/google-api-services-sheets/v4-rev20191213-1.30.3/google-api-services-sheets-v4-rev20191213-1.30.3.jar
MD5: a6837eb676764bad3fa99911ca9edabf
SHA1: b6ab2d0605bf51275a09374ac0d01cfa4258bc2d
SHA256:4884a5f28d51ba00404f3ad4f624619163fd8049b536c8a8fbe0e4d4aa2f5c0b
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

google-api-services-storage-v1-rev20191011-1.30.3.jar

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/google/apis/google-api-services-storage/v1-rev20191011-1.30.3/google-api-services-storage-v1-rev20191011-1.30.3.jar
MD5: 8a7689cc7d1eae4f633eef72c2623d01
SHA1: 53fc173da380f9b65caad69912223db128dbf7ac
SHA256:7d1400d085da415d95c94c985c31569caa4cb6cc1ee66d8db9661e1c5bc2c4c9
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

google-api-services-translate-v2-rev20170525-1.30.1.jar

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/google/apis/google-api-services-translate/v2-rev20170525-1.30.1/google-api-services-translate-v2-rev20170525-1.30.1.jar
MD5: 49b810431970d3585119ebae4d372955
SHA1: d190fa670e88901a2e5247ea394f7ae2cc394c15
SHA256:ae3b32be4e5a9450a36f8fed26ea5f26bc624ec15fb4a0f1160c6c8cf0e35559
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

google-api-services-youtube-v3-rev20190827-1.30.1.jar

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/google/apis/google-api-services-youtube/v3-rev20190827-1.30.1/google-api-services-youtube-v3-rev20190827-1.30.1.jar
MD5: de23af4810f28bc7e19a236704b5c35a
SHA1: f200641b91698b977a8fbf2c671711b73fadbc14
SHA256:5790dac99030ec79b164da72c1a6690f4724b8e2b19ee73cd4cadf78a5231e71
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

google-auth-library-credentials-0.19.0.jar

File Path: /var/simplicite/.m2/repository/com/google/auth/google-auth-library-credentials/0.19.0/google-auth-library-credentials-0.19.0.jar
MD5: 10154220ac78fa8ade788cf4a1e6776f
SHA1: f58b35cb48e695bc840d1b2441b3cfd9ead26ee2
SHA256:3f81ea05795abc40daf36f4c427487a738489f7cc0f515b7930f838ed301165a
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

google-auth-library-oauth2-http-0.19.0.jar

File Path: /var/simplicite/.m2/repository/com/google/auth/google-auth-library-oauth2-http/0.19.0/google-auth-library-oauth2-http-0.19.0.jar
MD5: 4434239a74817934e9f42e1224cdca90
SHA1: 284f264012d80bb0f882a667f88b74a5972d6a68
SHA256:51992d58ec0f903fb521412f677bd09d83895609a0198d4a9ae65a3d88e2aa4a
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

google-cloud-core-1.91.3.jar

Description:

    Core module for the google-cloud.

File Path: /var/simplicite/.m2/repository/com/google/cloud/google-cloud-core/1.91.3/google-cloud-core-1.91.3.jar
MD5: 2f9989870c5a2957cd4a386fef33657b
SHA1: 66b11b43a9e039226d0554bd0ba442ba72c54a03
SHA256:d31aef4a61f79a786185b1527690fdcc1397041a46d1bf19e4eb27749afba0f8
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

google-cloud-core-grpc-1.92.1.jar

Description:

    Core gRPC module for the google-cloud.

File Path: /var/simplicite/.m2/repository/com/google/cloud/google-cloud-core-grpc/1.92.1/google-cloud-core-grpc-1.92.1.jar
MD5: 5bf25ecf8a1f167a4038076f2a6dad76
SHA1: dc501e6c05e017b70ededc4e9e136ff8eaa1e519
SHA256:51629d003193061bb2cef114f66c2e780cfb12b5c64c53d89d0cd153adb0efbb
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

google-cloud-core-http-1.92.1.jar

Description:

    Core http module for the google-cloud.

File Path: /var/simplicite/.m2/repository/com/google/cloud/google-cloud-core-http/1.92.1/google-cloud-core-http-1.92.1.jar
MD5: b88412af25b759bf3625c4369b1cd5f9
SHA1: 784bbc2b881bae0b466b8568a262b50f1d76d71b
SHA256:53f83b0da989878466844ba585e6248fdb67b3fdad9cc4c702926a95b38b8dc8
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

google-cloud-firestore-1.31.0.jar

Description:

    Java idiomatic client for Google Cloud Firestore.

File Path: /var/simplicite/.m2/repository/com/google/cloud/google-cloud-firestore/1.31.0/google-cloud-firestore-1.31.0.jar
MD5: c684cf5240bd2457b2b1825e2a348c15
SHA1: 9c6bc832e21e7d7a93c0786cb4dd48cdac1675d6
SHA256:00bb122b9823624e14e8351084271278ab17edd7aa187e467c7cbe37efeabd58
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

google-cloud-pubsub-1.102.0.jar

Description:

Java idiomatic client for Google Cloud Pub/Sub

File Path: /var/simplicite/.m2/repository/com/google/cloud/google-cloud-pubsub/1.102.0/google-cloud-pubsub-1.102.0.jar
MD5: c15dff833be0804449b9176c2fdc8708
SHA1: c85e61d46e84d3280fb9c546ec5d3266b7444b90
SHA256:0bcb879f0f033ea273e35532f958d51a96b99102030d0016b8931e4dae7e09ad
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

google-cloud-storage-1.103.0.jar

Description:

    Java idiomatic client for Google Cloud Storage.

File Path: /var/simplicite/.m2/repository/com/google/cloud/google-cloud-storage/1.103.0/google-cloud-storage-1.103.0.jar
MD5: 334784f8243c257ac94fce2c7bc6d84c
SHA1: 3025681cf3989af3482c7ba02b6dd6198dce9cd1
SHA256:a0d015abf37aa842915f72813ad5062dfa5fc08d32fe88a480e01abdcbb39ff0
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

google-cloud-storage-2.3.0.jar

Description:

jclouds components to access Google Cloud Storage

File Path: /var/simplicite/.m2/repository/org/apache/jclouds/provider/google-cloud-storage/2.3.0/google-cloud-storage-2.3.0.jar
MD5: 04ffb09cd1f0342d1d9c78eba450aebe
SHA1: 9ca0e557af32e0c52f1f7fc7a279ddb7f150f21d
SHA256:97ae5e78816907f10f7842388e326ef4cddfb1f7f2d5a576fb9696d863f41b3e
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

google-http-client-1.34.0.jar

Description:

    Google HTTP Client Library for Java. Functionality that works on all supported Java platforms,
    including Java 7 (or higher) desktop (SE) and web (EE), Android, and Google App Engine.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/google/http-client/google-http-client/1.34.0/google-http-client-1.34.0.jar
MD5: ccd3c412c272670e7e3091af87b1d152
SHA1: 263190d4ea87727af0d632d40ee4dc40716b1597
SHA256:376abdc782970145c673446c119bbb158641bca1b311d6098adc238c58be5ed7
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

google-http-client-appengine-1.34.0.jar

File Path: /var/simplicite/.m2/repository/com/google/http-client/google-http-client-appengine/1.34.0/google-http-client-appengine-1.34.0.jar
MD5: 5c5253dd8d1f38edea944c81a48fbd09
SHA1: 2445ac95eee0c15bb756537569c5cd43178a747d
SHA256:e82bef67edd1d30c5271293fcfac8270c71d1045c45bf3c43690a934c9fb113b
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

google-http-client-gson-1.34.0.jar

File Path: /var/simplicite/.m2/repository/com/google/http-client/google-http-client-gson/1.34.0/google-http-client-gson-1.34.0.jar
MD5: 3028e2c4847cd603e6029babe46f6459
SHA1: b218bed0da6b23e7b3edcc3a3b9681a7d96bfd77
SHA256:7dc8355554971819fc22442f761dd0603119e8b3af3b3e9a128ad8f036dc7a97
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

google-http-client-jackson-1.29.2.jar

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/google/http-client/google-http-client-jackson/1.29.2/google-http-client-jackson-1.29.2.jar
MD5: 72ad680f4cd70758086ec12492544fcd
SHA1: 98ba3a73bbfcabbaa1105fc013305d319f6ebf32
SHA256:54478a70cc90eb7fd7e6ab89a447a41fb1f4f98201bf4d5418d4647751538552
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

CVE-2020-13956  

Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.
NVD-CWE-noinfo

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (5.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References:

Vulnerable Software & Versions: (show all)

google-http-client-jackson2-1.34.0.jar

File Path: /var/simplicite/.m2/repository/com/google/http-client/google-http-client-jackson2/1.34.0/google-http-client-jackson2-1.34.0.jar
MD5: 14e47d4f9bb770a0f10379c715cc99a9
SHA1: 417e7f7e88376fbca6073264da97d201611acf1f
SHA256:c6c2d55048c880f0a26d3e01eb4f1c686284501397793ff6fc8239e0fd368dcc
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

CVE-2022-45688  

A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data.
CWE-787 Out-of-bounds Write

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2023-5072  

Denial of Service  in JSON-Java versions up to and including 20230618.  A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used. 
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

google-java-format-1.11.0.jar

Description:

    A Java source code formatter that follows Google Java Style.

File Path: /var/simplicite/.m2/repository/com/google/googlejavaformat/google-java-format/1.11.0/google-java-format-1.11.0.jar
MD5: a8e0485cee059bfc0a62cd8a491f4562
SHA1: 6deca3d92cbff57be7e5a288cc6fdbf7f90e64dd
SHA256:6865907d78a745018fb47b604d493c563bddfd7f6129b995e71156d9b7ec673c
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

google-oauth-client-1.30.5.jar

Description:

    Google OAuth Client Library for Java. Functionality that works on all supported Java platforms,
    including Java 7 (or higher) desktop (SE) and web (EE), Android, and Google App Engine.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/google/oauth-client/google-oauth-client/1.30.5/google-oauth-client-1.30.5.jar
MD5: 715b4b16241e37532295e3b17debcdca
SHA1: a12f9f95ecd0e74d7d2d54f974a270113f1da00c
SHA256:24b8e30e03c539b98fb9e137e53dbb21877c2e8464ca1253f4ced9832fa22726
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

CVE-2020-7692  

PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an authorization server is not enough to guarantee that the client that issued the initial authorization request is the one that will be authorized. An attacker is able to obtain the authorization code using a malicious app on the client-side and use it to gain authorization to the protected resource. This affects the package com.google.oauth-client:google-oauth-client before 1.31.0.
CWE-863 Incorrect Authorization

CVSSv2:
  • Base Score: MEDIUM (6.4)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:N
CVSSv3:
  • Base Score: CRITICAL (9.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

References:

Vulnerable Software & Versions:

CVE-2021-22573  

The vulnerability is that IDToken verifier does not verify if token is properly signed. Signature verification makes sure that the token's payload comes from valid provider, not from someone else. An attacker can provide a compromised token with custom payload. The token will pass the validation on the client side. We recommend upgrading to version 1.33.3 or above
CWE-347 Improper Verification of Cryptographic Signature

CVSSv2:
  • Base Score: LOW (3.5)
  • Vector: /AV:N/AC:M/Au:S/C:N/I:P/A:N
CVSSv3:
  • Base Score: HIGH (7.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

References:

Vulnerable Software & Versions:

googlecloud-2.3.0.jar

Description:

jclouds components common to Google Cloud products

File Path: /var/simplicite/.m2/repository/org/apache/jclouds/common/googlecloud/2.3.0/googlecloud-2.3.0.jar
MD5: f1affecaf6de7408ced674e4365c84c5
SHA1: 6d479c7d2caa759d4faf4e81e8c4cb41f0e95993
SHA256:446a4ffe5608147bb8d6f8a7756a65a938cc4773ca383af99918535764780b69
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

gopd:1.0.1

Description:

`Object.getOwnPropertyDescriptor`, but accounts for IE's broken implementation.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?which-typed-array:1.1.9/gopd:^1.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/is-typed-array:1.1.10
  • simplicite-js:5.1.65/es-abstract:1.21.2
  • simplicite-js:5.1.65/which-typed-array:1.1.9

Identifiers

got:12.6.1

Description:

Human-friendly and powerful HTTP request library for Node.js

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?package-json:8.1.1/got:^12.1.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/license-report:6.5.0
  • simplicite-js:5.1.65/package-json:6.5.0
  • simplicite-js:5.1.65/package-json:8.1.1

Identifiers

got:13.0.0

Description:

Human-friendly and powerful HTTP request library for Node.js

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/got:13.0.0

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

got:9.6.0

Description:

Simplified HTTP requests

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/got:9.6.0

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

CVE-2022-33987  

The got package before 12.1.0 (also fixed in 11.8.5) for Node.js allows a redirect to a UNIX socket.
NVD-CWE-noinfo

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (5.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References:

Vulnerable Software & Versions:

graceful-fs:4.2.11

Description:

A drop-in replacement for fs, making various improvements.

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?configstore:6.0.0/graceful-fs:^4.2.6

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65/fs-extra:8.1.0
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@pnpm/network.ca-file:1.0.2
  • simplicite-js:5.1.65/klaw:3.0.0
  • simplicite-js:5.1.65/configstore:5.0.1
  • simplicite-js:5.1.65/configstore:6.0.0
  • simplicite-js:5.1.65/node-gyp:9.4.0
  • simplicite-js:5.1.65/load-yaml-file:0.2.0

Identifiers

graphemer:1.4.0

Description:

A JavaScript library that breaks strings into their individual user-perceived characters (including emojis!)

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/graphemer:1.4.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/eslint:8.52.0

Identifiers

graphics2d-0.30.jar

Description:

Graphics2D Bridge for Apache PDFBox

File Path: /var/simplicite/.m2/repository/de/rototor/pdfbox/graphics2d/0.30/graphics2d-0.30.jar
MD5: 512a2975face2c8b9e8f5acbac6f28ee
SHA1: e34a2638d08357e206a9df58fdc90d7c8eec4600
SHA256:8297f6290b53997e07fa977cea08bc5b65248fff5f2977638c33c3f0e52726c9
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

grib-4.5.5.jar

Description:

    Decoder for the GRIB format.

File Path: /var/simplicite/.m2/repository/edu/ucar/grib/4.5.5/grib-4.5.5.jar
MD5: 0cb80276d8ea89cacc1d5632dbf39fe9
SHA1: cfe552910e9a8d57ce71134796abb281a74ead16
SHA256:1e0492135f421f554c4651a95225f27f2a3230e993329f69348110f8521c32d9
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

grpc-context-1.22.1.jar

Description:

gRPC: Context

License:

Apache 2.0: https://opensource.org/licenses/Apache-2.0
File Path: /var/simplicite/.m2/repository/io/grpc/grpc-context/1.22.1/grpc-context-1.22.1.jar
MD5: c114b573888704a725b5a86c04f817da
SHA1: 1a074f9cf6f367b99c25e70dc68589f142f82d11
SHA256:780a3937705b3c92e07292c97d065b2676fcbe031eae250f1622b026485f294e
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

CVE-2023-33953  

gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/ Three vectors were found that allow the following DOS attacks:

- Unbounded memory buffering in the HPACK parser
- Unbounded CPU consumption in the HPACK parser

The unbounded CPU consumption is down to a copy that occurred per-input-block in the parser, and because that could be unbounded due to the memory copy bug we end up with an O(n^2) parsing loop, with n selected by the client.

The unbounded memory buffering bugs:

- The header size limit check was behind the string reading code, so we needed to first buffer up to a 4 gigabyte string before rejecting it as longer than 8 or 16kb.
- HPACK varints have an encoding quirk whereby an infinite number of 0’s can be added at the start of an integer. gRPC’s hpack parser needed to read all of them before concluding a parse.
- gRPC’s metadata overflow check was performed per frame, so that the following sequence of frames could cause infinite buffering: HEADERS: containing a: 1 CONTINUATION: containing a: 2 CONTINUATION: containing a: 3 etc…
CWE-834 Excessive Iteration, CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2023-44487  

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2023-32732  

gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for `-bin` suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recommend upgrading beyond the commit in  https://github.com/grpc/grpc/pull/32309 https://www.google.com/url
NVD-CWE-Other

CVSSv3:
  • Base Score: MEDIUM (5.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

References:

Vulnerable Software & Versions:

grpc-core-1.25.0.jar

Description:

gRPC: Core

License:

Apache 2.0: https://opensource.org/licenses/Apache-2.0
File Path: /var/simplicite/.m2/repository/io/grpc/grpc-core/1.25.0/grpc-core-1.25.0.jar
MD5: 0003527e3d3918c8fa829f4a4c2a17e8
SHA1: 651fcf1a6702483ac7321b3ae983001beb3a1ddb
SHA256:d67fa113fd9cc45a02710f9c41dda9c15191448c14e9e96fcc21839a41345d4c
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

CVE-2023-33953  

gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/ Three vectors were found that allow the following DOS attacks:

- Unbounded memory buffering in the HPACK parser
- Unbounded CPU consumption in the HPACK parser

The unbounded CPU consumption is down to a copy that occurred per-input-block in the parser, and because that could be unbounded due to the memory copy bug we end up with an O(n^2) parsing loop, with n selected by the client.

The unbounded memory buffering bugs:

- The header size limit check was behind the string reading code, so we needed to first buffer up to a 4 gigabyte string before rejecting it as longer than 8 or 16kb.
- HPACK varints have an encoding quirk whereby an infinite number of 0’s can be added at the start of an integer. gRPC’s hpack parser needed to read all of them before concluding a parse.
- gRPC’s metadata overflow check was performed per frame, so that the following sequence of frames could cause infinite buffering: HEADERS: containing a: 1 CONTINUATION: containing a: 2 CONTINUATION: containing a: 3 etc…
CWE-834 Excessive Iteration, CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2023-44487  

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2023-4785  

Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms (ex. Linux) allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are affected, but gRPC Java, and Go are NOT affected. 
NVD-CWE-noinfo

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2023-32732  

gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for `-bin` suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recommend upgrading beyond the commit in  https://github.com/grpc/grpc/pull/32309 https://www.google.com/url
NVD-CWE-Other

CVSSv3:
  • Base Score: MEDIUM (5.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

References:

Vulnerable Software & Versions:

grpc-netty-shaded-1.25.0.jar (shaded: io.netty:netty-codec-http:4.1.42.Final)

File Path: /var/simplicite/.m2/repository/io/grpc/grpc-netty-shaded/1.25.0/grpc-netty-shaded-1.25.0.jar/META-INF/maven/io.netty/netty-codec-http/pom.xml
MD5: 7eec31676e509d15cc427996f5d6d8a1
SHA1: 9496524fad6a4ad818a91f0db3d5780adbed9843
SHA256:c5d480910df2b0d05d072bc91305c7a49121beae41c69cbe71415d3fed0ca08a
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

CVE-2019-20444  

HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold."
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

CVSSv2:
  • Base Score: MEDIUM (6.4)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:N
CVSSv3:
  • Base Score: CRITICAL (9.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2019-20445  

HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header.
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

CVSSv2:
  • Base Score: MEDIUM (6.4)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:N
CVSSv3:
  • Base Score: CRITICAL (9.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2020-11612  

The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large ZlibEncoded byte stream to the Netty server, forcing the server to allocate all of its free memory to a single decoder.
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2020-7238 (OSSINDEX)  

Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header. This issue exists because of an incomplete fix for CVE-2019-16869.
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:/C:N/I:H/A:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:io.netty:netty-codec-http:4.1.42.Final:*:*:*:*:*:*:*

CVE-2021-37136  

The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack
CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2021-37137  

The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well. This vulnerability can be triggered by supplying malicious input that decompresses to a very big size (via a network stream or a file) or by sending a huge skippable chunk.
CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2022-41881  

Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version 4.1.86.Final. There is no workaround, except using a custom HaProxyMessageDecoder.
CWE-674 Uncontrolled Recursion

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

CVE-2023-44487  

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2023-4586  

A vulnerability was found in the Hot Rod client. This security issue occurs as the Hot Rod client does not enable hostname validation when using TLS, possibly resulting in a man-in-the-middle (MITM) attack.
CWE-295 Improper Certificate Validation

CVSSv3:
  • Base Score: HIGH (7.4)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2021-43797  

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Netty prior to version 4.1.71.Final skips control chars when they are present at the beginning / end of the header name. It should instead fail fast as these are not allowed by the spec and could lead to HTTP request smuggling. Failing to do the validation might cause netty to "sanitize" header names before it forward these to another remote system when used as proxy. This remote system can't see the invalid usage anymore, and therefore does not do the validation itself. Users should upgrade to version 4.1.71.Final.
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2023-34462  

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `SniHandler` can allocate up to 16MB of heap for each channel during the TLS handshake. When the handler or the channel does not have an idle timeout, it can be used to make a TCP server using the `SniHandler` to allocate 16MB of heap. The `SniHandler` class is a handler that waits for the TLS handshake to configure a `SslHandler` according to the indicated server name by the `ClientHello` record. For this matter it allocates a `ByteBuf` using the value defined in the `ClientHello` record. Normally the value of the packet should be smaller than the handshake packet but there are not checks done here and the way the code is written, it is possible to craft a packet that makes the `SslClientHelloHandler`. This vulnerability has been fixed in version 4.1.94.Final.
CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

CVE-2021-21295  

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.60.Final there is a vulnerability that enables request smuggling. If a Content-Length header is present in the original HTTP/2 request, the field is not validated by `Http2MultiplexHandler` as it is propagated up. This is fine as long as the request is not proxied through as HTTP/1.1. If the request comes in as an HTTP/2 stream, gets converted into the HTTP/1.1 domain objects (`HttpRequest`, `HttpContent`, etc.) via `Http2StreamFrameToHttpObjectCodec `and then sent up to the child channel's pipeline and proxied through a remote peer as HTTP/1.1 this may result in request smuggling. In a proxy case, users may assume the content-length is validated somehow, which is not the case. If the request is forwarded to a backend channel that is a HTTP/1.1 connection, the Content-Length now has meaning and needs to be checked. An attacker can smuggle requests inside the body as it gets downgraded from HTTP/2 to HTTP/1.1. For an example attack refer to the linked GitHub Advisory. Users are only affected if all of this is true: `HTTP2MultiplexCodec` or `Http2FrameCodec` is used, `Http2StreamFrameToHttpObjectCodec` is used to convert to HTTP/1.1 objects, and these HTTP/1.1 objects are forwarded to another remote peer. This has been patched in 4.1.60.Final As a workaround, the user can do the validation by themselves by implementing a custom `ChannelInboundHandler` that is put in the `ChannelPipeline` behind `Http2StreamFrameToHttpObjectCodec`.
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

CVSSv2:
  • Base Score: LOW (2.6)
  • Vector: /AV:N/AC:H/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (5.9)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2021-21409  

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.61.Final there is a vulnerability that enables request smuggling. The content-length header is not correctly validated if the request only uses a single Http2HeaderFrame with the endStream set to to true. This could lead to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. This is a followup of GHSA-wm47-8v5p-wjpj/CVE-2021-21295 which did miss to fix this one case. This was fixed as part of 4.1.61.Final.
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (5.9)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2021-21290  

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty before version 4.1.59.Final there is a vulnerability on Unix-like systems involving an insecure temp file. When netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure. Of note, this does not impact modern MacOS Operating Systems. The method "File.createTempFile" on unix-like systems creates a random file, but, by default will create this file with the permissions "-rw-r--r--". Thus, if sensitive information is written to this file, other local users can read this information. This is the case in netty's "AbstractDiskHttpData" is vulnerable. This has been fixed in version 4.1.59.Final. As a workaround, one may specify your own "java.io.tmpdir" when you start the JVM or use "DefaultHttpDataFactory.setBaseDir(...)" to set the directory to something that is only readable by the current user.
CWE-378 Creation of Temporary File With Insecure Permissions, CWE-379 Creation of Temporary File in Directory with Incorrect Permissions

CVSSv2:
  • Base Score: LOW (1.9)
  • Vector: /AV:L/AC:M/Au:N/C:P/I:N/A:N
CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2022-24823  

Netty is an open-source, asynchronous event-driven network application framework. The package `io.netty:netty-codec-http` prior to version 4.1.77.Final contains an insufficient fix for CVE-2021-21290. When Netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. This only impacts applications running on Java version 6 and lower. Additionally, this vulnerability impacts code running on Unix-like systems, and very old versions of Mac OSX and Windows as they all share the system temporary directory between all users. Version 4.1.77.Final contains a patch for this vulnerability. As a workaround, specify one's own `java.io.tmpdir` when starting the JVM or use DefaultHttpDataFactory.setBaseDir(...) to set the directory to something that is only readable by the current user.
CWE-378 Creation of Temporary File With Insecure Permissions, CWE-379 Creation of Temporary File in Directory with Incorrect Permissions, CWE-668 Exposure of Resource to Wrong Sphere

CVSSv2:
  • Base Score: LOW (1.9)
  • Vector: /AV:L/AC:M/Au:N/C:P/I:N/A:N
CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

grpc-netty-shaded-1.25.0.jar (shaded: io.netty:netty-codec:4.1.42.Final)

File Path: /var/simplicite/.m2/repository/io/grpc/grpc-netty-shaded/1.25.0/grpc-netty-shaded-1.25.0.jar/META-INF/maven/io.netty/netty-codec/pom.xml
MD5: 3afe589c637391eb1e2ee6c41f3eb26f
SHA1: 8f35107b29513eb70154e0b50055e393b802b29f
SHA256:791261b0b69b1d9d30851f0cc94892472ca195af8e70228c1afc51a07438c2fa
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

CVE-2019-20444  

HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold."
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

CVSSv2:
  • Base Score: MEDIUM (6.4)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:N
CVSSv3:
  • Base Score: CRITICAL (9.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2019-20445  

HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header.
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

CVSSv2:
  • Base Score: MEDIUM (6.4)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:N
CVSSv3:
  • Base Score: CRITICAL (9.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2020-11612  

The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large ZlibEncoded byte stream to the Netty server, forcing the server to allocate all of its free memory to a single decoder.
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2021-37136  

The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack
CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2021-37137  

The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well. This vulnerability can be triggered by supplying malicious input that decompresses to a very big size (via a network stream or a file) or by sending a huge skippable chunk.
CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2022-41881  

Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version 4.1.86.Final. There is no workaround, except using a custom HaProxyMessageDecoder.
CWE-674 Uncontrolled Recursion

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

CVE-2023-44487  

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2023-4586  

A vulnerability was found in the Hot Rod client. This security issue occurs as the Hot Rod client does not enable hostname validation when using TLS, possibly resulting in a man-in-the-middle (MITM) attack.
CWE-295 Improper Certificate Validation

CVSSv3:
  • Base Score: HIGH (7.4)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2021-43797  

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Netty prior to version 4.1.71.Final skips control chars when they are present at the beginning / end of the header name. It should instead fail fast as these are not allowed by the spec and could lead to HTTP request smuggling. Failing to do the validation might cause netty to "sanitize" header names before it forward these to another remote system when used as proxy. This remote system can't see the invalid usage anymore, and therefore does not do the validation itself. Users should upgrade to version 4.1.71.Final.
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2022-41915 (OSSINDEX)  

Netty project is an event-driven asynchronous network application framework. Starting in version 4.1.83.Final and prior to 4.1.86.Final, when calling `DefaultHttpHeadesr.set` with an _iterator_ of values, header value validation was not performed, allowing malicious header values in the iterator to perform HTTP Response Splitting. This issue has been patched in version 4.1.86.Final. Integrators can work around the issue by changing the `DefaultHttpHeaders.set(CharSequence, Iterator<?>)` call, into a `remove()` call, and call `add()` in a loop over the iterator of values.

Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2022-41915 for details
CWE-113 Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')

CVSSv2:
  • Base Score: MEDIUM (6.5)
  • Vector: /AV:N/AC:L/Au:/C:L/I:L/A:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:io.netty:netty-codec:4.1.42.Final:*:*:*:*:*:*:*

CVE-2023-34462  

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `SniHandler` can allocate up to 16MB of heap for each channel during the TLS handshake. When the handler or the channel does not have an idle timeout, it can be used to make a TCP server using the `SniHandler` to allocate 16MB of heap. The `SniHandler` class is a handler that waits for the TLS handshake to configure a `SslHandler` according to the indicated server name by the `ClientHello` record. For this matter it allocates a `ByteBuf` using the value defined in the `ClientHello` record. Normally the value of the packet should be smaller than the handshake packet but there are not checks done here and the way the code is written, it is possible to craft a packet that makes the `SslClientHelloHandler`. This vulnerability has been fixed in version 4.1.94.Final.
CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

CVE-2021-21295  

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.60.Final there is a vulnerability that enables request smuggling. If a Content-Length header is present in the original HTTP/2 request, the field is not validated by `Http2MultiplexHandler` as it is propagated up. This is fine as long as the request is not proxied through as HTTP/1.1. If the request comes in as an HTTP/2 stream, gets converted into the HTTP/1.1 domain objects (`HttpRequest`, `HttpContent`, etc.) via `Http2StreamFrameToHttpObjectCodec `and then sent up to the child channel's pipeline and proxied through a remote peer as HTTP/1.1 this may result in request smuggling. In a proxy case, users may assume the content-length is validated somehow, which is not the case. If the request is forwarded to a backend channel that is a HTTP/1.1 connection, the Content-Length now has meaning and needs to be checked. An attacker can smuggle requests inside the body as it gets downgraded from HTTP/2 to HTTP/1.1. For an example attack refer to the linked GitHub Advisory. Users are only affected if all of this is true: `HTTP2MultiplexCodec` or `Http2FrameCodec` is used, `Http2StreamFrameToHttpObjectCodec` is used to convert to HTTP/1.1 objects, and these HTTP/1.1 objects are forwarded to another remote peer. This has been patched in 4.1.60.Final As a workaround, the user can do the validation by themselves by implementing a custom `ChannelInboundHandler` that is put in the `ChannelPipeline` behind `Http2StreamFrameToHttpObjectCodec`.
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

CVSSv2:
  • Base Score: LOW (2.6)
  • Vector: /AV:N/AC:H/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (5.9)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2021-21409  

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.61.Final there is a vulnerability that enables request smuggling. The content-length header is not correctly validated if the request only uses a single Http2HeaderFrame with the endStream set to to true. This could lead to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. This is a followup of GHSA-wm47-8v5p-wjpj/CVE-2021-21295 which did miss to fix this one case. This was fixed as part of 4.1.61.Final.
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (5.9)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2021-21290  

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty before version 4.1.59.Final there is a vulnerability on Unix-like systems involving an insecure temp file. When netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure. Of note, this does not impact modern MacOS Operating Systems. The method "File.createTempFile" on unix-like systems creates a random file, but, by default will create this file with the permissions "-rw-r--r--". Thus, if sensitive information is written to this file, other local users can read this information. This is the case in netty's "AbstractDiskHttpData" is vulnerable. This has been fixed in version 4.1.59.Final. As a workaround, one may specify your own "java.io.tmpdir" when you start the JVM or use "DefaultHttpDataFactory.setBaseDir(...)" to set the directory to something that is only readable by the current user.
CWE-378 Creation of Temporary File With Insecure Permissions, CWE-379 Creation of Temporary File in Directory with Incorrect Permissions

CVSSv2:
  • Base Score: LOW (1.9)
  • Vector: /AV:L/AC:M/Au:N/C:P/I:N/A:N
CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2022-24823  

Netty is an open-source, asynchronous event-driven network application framework. The package `io.netty:netty-codec-http` prior to version 4.1.77.Final contains an insufficient fix for CVE-2021-21290. When Netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. This only impacts applications running on Java version 6 and lower. Additionally, this vulnerability impacts code running on Unix-like systems, and very old versions of Mac OSX and Windows as they all share the system temporary directory between all users. Version 4.1.77.Final contains a patch for this vulnerability. As a workaround, specify one's own `java.io.tmpdir` when starting the JVM or use DefaultHttpDataFactory.setBaseDir(...) to set the directory to something that is only readable by the current user.
CWE-378 Creation of Temporary File With Insecure Permissions, CWE-379 Creation of Temporary File in Directory with Incorrect Permissions, CWE-668 Exposure of Resource to Wrong Sphere

CVSSv2:
  • Base Score: LOW (1.9)
  • Vector: /AV:L/AC:M/Au:N/C:P/I:N/A:N
CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

grpc-netty-shaded-1.25.0.jar (shaded: io.netty:netty-tcnative-boringssl-static:2.0.26.Final)

Description:

    A Mavenized fork of Tomcat Native which incorporates various patches. This artifact is statically linked
    to BoringSSL and Apache APR.

File Path: /var/simplicite/.m2/repository/io/grpc/grpc-netty-shaded/1.25.0/grpc-netty-shaded-1.25.0.jar/META-INF/maven/io.netty/netty-tcnative-boringssl-static/pom.xml
MD5: 20f0fdf22f4edbf23e8d2899496b27b7
SHA1: 4d282bca7a7b5adb1492c050fcae087a530695fc
SHA256:78be2ef3fd90d48f73d3eb20fa2a88abf171326269f490e8c692a8afdfbe22a2
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

grpc-netty-shaded-1.25.0.jar (shaded: io.netty:netty-transport:4.1.42.Final)

File Path: /var/simplicite/.m2/repository/io/grpc/grpc-netty-shaded/1.25.0/grpc-netty-shaded-1.25.0.jar/META-INF/maven/io.netty/netty-transport/pom.xml
MD5: a868be6d503450afde2c3bce50c52859
SHA1: 819707a64d4c0fda9ef0eac5970ff27f6f2c5bba
SHA256:08d971d0da0fae4c64c34e4b5525423fc5365aaa13f628f1e0f49b1df8abd6f7
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

CVE-2019-20444  

HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold."
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

CVSSv2:
  • Base Score: MEDIUM (6.4)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:N
CVSSv3:
  • Base Score: CRITICAL (9.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2019-20445  

HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header.
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

CVSSv2:
  • Base Score: MEDIUM (6.4)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:N
CVSSv3:
  • Base Score: CRITICAL (9.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2020-11612  

The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large ZlibEncoded byte stream to the Netty server, forcing the server to allocate all of its free memory to a single decoder.
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2021-37136  

The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack
CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2021-37137  

The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well. This vulnerability can be triggered by supplying malicious input that decompresses to a very big size (via a network stream or a file) or by sending a huge skippable chunk.
CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2022-41881  

Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version 4.1.86.Final. There is no workaround, except using a custom HaProxyMessageDecoder.
CWE-674 Uncontrolled Recursion

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

CVE-2023-44487  

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2023-4586  

A vulnerability was found in the Hot Rod client. This security issue occurs as the Hot Rod client does not enable hostname validation when using TLS, possibly resulting in a man-in-the-middle (MITM) attack.
CWE-295 Improper Certificate Validation

CVSSv3:
  • Base Score: HIGH (7.4)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2021-43797  

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Netty prior to version 4.1.71.Final skips control chars when they are present at the beginning / end of the header name. It should instead fail fast as these are not allowed by the spec and could lead to HTTP request smuggling. Failing to do the validation might cause netty to "sanitize" header names before it forward these to another remote system when used as proxy. This remote system can't see the invalid usage anymore, and therefore does not do the validation itself. Users should upgrade to version 4.1.71.Final.
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2023-34462  

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `SniHandler` can allocate up to 16MB of heap for each channel during the TLS handshake. When the handler or the channel does not have an idle timeout, it can be used to make a TCP server using the `SniHandler` to allocate 16MB of heap. The `SniHandler` class is a handler that waits for the TLS handshake to configure a `SslHandler` according to the indicated server name by the `ClientHello` record. For this matter it allocates a `ByteBuf` using the value defined in the `ClientHello` record. Normally the value of the packet should be smaller than the handshake packet but there are not checks done here and the way the code is written, it is possible to craft a packet that makes the `SslClientHelloHandler`. This vulnerability has been fixed in version 4.1.94.Final.
CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

CVE-2021-21295  

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.60.Final there is a vulnerability that enables request smuggling. If a Content-Length header is present in the original HTTP/2 request, the field is not validated by `Http2MultiplexHandler` as it is propagated up. This is fine as long as the request is not proxied through as HTTP/1.1. If the request comes in as an HTTP/2 stream, gets converted into the HTTP/1.1 domain objects (`HttpRequest`, `HttpContent`, etc.) via `Http2StreamFrameToHttpObjectCodec `and then sent up to the child channel's pipeline and proxied through a remote peer as HTTP/1.1 this may result in request smuggling. In a proxy case, users may assume the content-length is validated somehow, which is not the case. If the request is forwarded to a backend channel that is a HTTP/1.1 connection, the Content-Length now has meaning and needs to be checked. An attacker can smuggle requests inside the body as it gets downgraded from HTTP/2 to HTTP/1.1. For an example attack refer to the linked GitHub Advisory. Users are only affected if all of this is true: `HTTP2MultiplexCodec` or `Http2FrameCodec` is used, `Http2StreamFrameToHttpObjectCodec` is used to convert to HTTP/1.1 objects, and these HTTP/1.1 objects are forwarded to another remote peer. This has been patched in 4.1.60.Final As a workaround, the user can do the validation by themselves by implementing a custom `ChannelInboundHandler` that is put in the `ChannelPipeline` behind `Http2StreamFrameToHttpObjectCodec`.
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

CVSSv2:
  • Base Score: LOW (2.6)
  • Vector: /AV:N/AC:H/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (5.9)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2021-21409  

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.61.Final there is a vulnerability that enables request smuggling. The content-length header is not correctly validated if the request only uses a single Http2HeaderFrame with the endStream set to to true. This could lead to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. This is a followup of GHSA-wm47-8v5p-wjpj/CVE-2021-21295 which did miss to fix this one case. This was fixed as part of 4.1.61.Final.
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (5.9)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2021-21290  

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty before version 4.1.59.Final there is a vulnerability on Unix-like systems involving an insecure temp file. When netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure. Of note, this does not impact modern MacOS Operating Systems. The method "File.createTempFile" on unix-like systems creates a random file, but, by default will create this file with the permissions "-rw-r--r--". Thus, if sensitive information is written to this file, other local users can read this information. This is the case in netty's "AbstractDiskHttpData" is vulnerable. This has been fixed in version 4.1.59.Final. As a workaround, one may specify your own "java.io.tmpdir" when you start the JVM or use "DefaultHttpDataFactory.setBaseDir(...)" to set the directory to something that is only readable by the current user.
CWE-378 Creation of Temporary File With Insecure Permissions, CWE-379 Creation of Temporary File in Directory with Incorrect Permissions

CVSSv2:
  • Base Score: LOW (1.9)
  • Vector: /AV:L/AC:M/Au:N/C:P/I:N/A:N
CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2022-24823  

Netty is an open-source, asynchronous event-driven network application framework. The package `io.netty:netty-codec-http` prior to version 4.1.77.Final contains an insufficient fix for CVE-2021-21290. When Netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. This only impacts applications running on Java version 6 and lower. Additionally, this vulnerability impacts code running on Unix-like systems, and very old versions of Mac OSX and Windows as they all share the system temporary directory between all users. Version 4.1.77.Final contains a patch for this vulnerability. As a workaround, specify one's own `java.io.tmpdir` when starting the JVM or use DefaultHttpDataFactory.setBaseDir(...) to set the directory to something that is only readable by the current user.
CWE-378 Creation of Temporary File With Insecure Permissions, CWE-379 Creation of Temporary File in Directory with Incorrect Permissions, CWE-668 Exposure of Resource to Wrong Sphere

CVSSv2:
  • Base Score: LOW (1.9)
  • Vector: /AV:L/AC:M/Au:N/C:P/I:N/A:N
CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

grpc-netty-shaded-1.25.0.jar (shaded: org.jctools:jctools-core:2.1.1)

Description:

Java Concurrency Tools Core Library

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/io/grpc/grpc-netty-shaded/1.25.0/grpc-netty-shaded-1.25.0.jar/META-INF/maven/org.jctools/jctools-core/pom.xml
MD5: d532029de01ef1c790266dea91b1ecdc
SHA1: f9571c65e428d21c795a34de2b217419dfc0e2f7
SHA256:db8f1cd5b23d38e3dcf7020d739e1c2f9559489051291d8a07095e62b8d7f750
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

grpc-netty-shaded-1.25.0.jar: io_grpc_netty_shaded_netty_tcnative_windows_x86_64.dll

File Path: /var/simplicite/.m2/repository/io/grpc/grpc-netty-shaded/1.25.0/grpc-netty-shaded-1.25.0.jar/META-INF/native/io_grpc_netty_shaded_netty_tcnative_windows_x86_64.dll
MD5: 4f5164814c07528f584b797f551ad69a
SHA1: df20648a574905e67f33d25a0161caba442bbaca
SHA256:e233f51035239a40fbb46ebd6964e08eba7112b2da5be61e93fe46e0f8a30bf6
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

  • None

grpc-protobuf-1.25.0.jar

Description:

gRPC: Protobuf

License:

Apache 2.0: https://opensource.org/licenses/Apache-2.0
File Path: /var/simplicite/.m2/repository/io/grpc/grpc-protobuf/1.25.0/grpc-protobuf-1.25.0.jar
MD5: 7aa728d845b9549f020b01926e379776
SHA1: 43ef1166fd0025025fb19135b602db9837a3d1d0
SHA256:454dae7e246dac25526ed5b795d97a5dafedd3cc2042cfc810f02051d7d3e3cb
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

CVE-2023-33953  

gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/ Three vectors were found that allow the following DOS attacks:

- Unbounded memory buffering in the HPACK parser
- Unbounded CPU consumption in the HPACK parser

The unbounded CPU consumption is down to a copy that occurred per-input-block in the parser, and because that could be unbounded due to the memory copy bug we end up with an O(n^2) parsing loop, with n selected by the client.

The unbounded memory buffering bugs:

- The header size limit check was behind the string reading code, so we needed to first buffer up to a 4 gigabyte string before rejecting it as longer than 8 or 16kb.
- HPACK varints have an encoding quirk whereby an infinite number of 0’s can be added at the start of an integer. gRPC’s hpack parser needed to read all of them before concluding a parse.
- gRPC’s metadata overflow check was performed per frame, so that the following sequence of frames could cause infinite buffering: HEADERS: containing a: 1 CONTINUATION: containing a: 2 CONTINUATION: containing a: 3 etc…
CWE-834 Excessive Iteration, CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2023-44487  

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2023-4785  

Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms (ex. Linux) allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are affected, but gRPC Java, and Go are NOT affected. 
NVD-CWE-noinfo

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2023-32732  

gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for `-bin` suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recommend upgrading beyond the commit in  https://github.com/grpc/grpc/pull/32309 https://www.google.com/url
NVD-CWE-Other

CVSSv3:
  • Base Score: MEDIUM (5.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

References:

Vulnerable Software & Versions:

gson-2.8.6.jar

Description:

Gson JSON library

File Path: /var/simplicite/.m2/repository/com/google/code/gson/gson/2.8.6/gson-2.8.6.jar
MD5: 310f5841387183aca7900fead98d4858
SHA1: 9180733b7df8542621dc12e21e87557e8c99b8cb
SHA256:c8fb4839054d280b3033f800d1f5a97de2f028eb8ba2eb458ad287e536f3f25f
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

CVE-2022-25647  

The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks.
CWE-502 Deserialization of Untrusted Data

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

guava-30.1-jre.jar

Description:

    Guava is a suite of core and expanded libraries that include
    utility classes, Google's collections, I/O classes, and
    much more.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/google/guava/guava/30.1-jre/guava-30.1-jre.jar
MD5: 2f8966f27f06101a08083bfa9f9277e7
SHA1: 00d0c3ce2311c9e36e73228da25a6e99b2ab826f
SHA256:e6dd072f9d3fe02a4600688380bd422bdac184caf6fe2418cfdd0934f09432aa
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

CVE-2023-2976  

Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class.

Even though the security vulnerability is fixed in version 32.0.0, we recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.
CWE-552 Files or Directories Accessible to External Parties

CVSSv3:
  • Base Score: HIGH (7.1)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

References:

Vulnerable Software & Versions:

CVE-2020-8908  

A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in question has been marked @Deprecated in versions 30.0 and later and should not be used. For Android developers, we recommend choosing a temporary directory API provided by Android, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime's java.io.tmpdir system property to point to a location whose permissions are appropriately configured.
CWE-732 Incorrect Permission Assignment for Critical Resource

CVSSv2:
  • Base Score: LOW (2.1)
  • Vector: /AV:L/AC:L/Au:N/C:P/I:N/A:N
CVSSv3:
  • Base Score: LOW (3.3)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

guice-4.2.3.jar (shaded: cglib:cglib:3.3.0)

File Path: /var/simplicite/.m2/repository/com/google/inject/guice/4.2.3/guice-4.2.3.jar/META-INF/maven/cglib/cglib/pom.xml
MD5: a7ecad92e5ab821614c934f58b17de64
SHA1: e6b82e37edf3d2709f59e92f6752a929f72076c5
SHA256:4bce8fb88b4f0ef6bef2ab889c5276c4b5abbd3bdb7c7e5146f6f31c372ac253
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

guice-4.2.3.jar

Description:

Guice is a lightweight dependency injection framework for Java 6 and above

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/google/inject/guice/4.2.3/guice-4.2.3.jar
MD5: 4209f9e543a157db0f194688760409c9
SHA1: 2ea992d6d7bdcac7a43111a95d182a4c42eb5ff7
SHA256:a21e50ffbb67e7adc5b46cf7b9e1a480f1e0f04fd4201ddb1c65da91290601af
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

guice-assistedinject-4.2.3.jar

Description:

Guice is a lightweight dependency injection framework for Java 6 and above

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/google/inject/extensions/guice-assistedinject/4.2.3/guice-assistedinject-4.2.3.jar
MD5: acb899a13864c3e0994f3342b7fdc604
SHA1: acbfddc556ee9496293ed1df250cc378f331d854
SHA256:f27810a4b60663fa2d06b8423eda402fa9f8553bfbfde81bf0f0f1f2876b1385
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

h2-1.4.200.jar

Description:

H2 Database Engine

License:

MPL 2.0 or EPL 1.0: https://h2database.com/html/license.html
File Path: /var/simplicite/.m2/repository/com/h2database/h2/1.4.200/h2-1.4.200.jar
MD5: 18c05829a03b92c0880f22a3c4d1d11d
SHA1: f7533fe7cb8e99c87a43d325a77b4b678ad9031a
SHA256:3ad9ac4b6aae9cd9d3ac1c447465e1ed06019b851b893dd6a8d76ddb6d85bca6
Referenced In Project/Scope:Simplicite Platform:runtime

Identifiers

CVE-2021-42392  

The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. An attacker may pass a JNDI driver name and a URL leading to a LDAP or RMI servers, causing remote code execution. This can be exploited through various attack vectors, most notably through the H2 Console which leads to unauthenticated remote code execution.
CWE-502 Deserialization of Untrusted Data

CVSSv2:
  • Base Score: HIGH (10.0)
  • Vector: /AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2022-23221  

H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.
CWE-88 Argument Injection or Modification

CVSSv2:
  • Base Score: HIGH (10.0)
  • Vector: /AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2021-23463  

The package com.h2database:h2 from 1.4.198 and before 2.0.202 are vulnerable to XML External Entity (XXE) Injection via the org.h2.jdbc.JdbcSQLXML class object, when it receives parsed string data from org.h2.jdbc.JdbcResultSet.getSQLXML() method. If it executes the getSource() method when the parameter is DOMSource.class it will trigger the vulnerability.
CWE-611 Improper Restriction of XML External Entity Reference ('XXE')

CVSSv2:
  • Base Score: MEDIUM (6.4)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:P
CVSSv3:
  • Base Score: CRITICAL (9.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

References:

Vulnerable Software & Versions:

CVE-2022-45868  

** DISPUTED ** The web-based admin console in H2 Database Engine through 2.1.214 can be started via the CLI with the argument -webAdminPassword, which allows the user to specify the password in cleartext for the web admin console. Consequently, a local user (or an attacker that has obtained local access through some means) would be able to discover the password by listing processes and their arguments. NOTE: the vendor states "This is not a vulnerability of H2 Console ... Passwords should never be passed on the command line and every qualified DBA or system administrator is expected to know that."
CWE-312 Cleartext Storage of Sensitive Information

CVSSv3:
  • Base Score: HIGH (7.8)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions:

CVE-2018-14335 (OSSINDEX)  

h2database - Improper Link Resolution Before File Access

The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
CWE-59 Improper Link Resolution Before File Access ('Link Following')

CVSSv2:
  • Base Score: MEDIUM (6.0)
  • Vector: /AV:L/AC:L/Au:/C:H/I:N/A:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:com.h2database:h2:1.4.200:*:*:*:*:*:*:*

h2-1.4.200.jar: data.zip: table.js

File Path: /var/simplicite/.m2/repository/com/h2database/h2/1.4.200/h2-1.4.200.jar/org/h2/util/data.zip/org/h2/server/web/res/table.js
MD5: 0e4b062032d1a5ea21b7ad0d878d3c31
SHA1: c5efb4c787ace5210d545d68742f415d28a61bdc
SHA256:0e1bf9d8833063242e13836bd0fca607763676308acf8b6e6992e7d7d8008d45
Referenced In Project/Scope:Simplicite Platform:runtime

Identifiers

  • None

h2-1.4.200.jar: data.zip: tree.js

File Path: /var/simplicite/.m2/repository/com/h2database/h2/1.4.200/h2-1.4.200.jar/org/h2/util/data.zip/org/h2/server/web/res/tree.js
MD5: 98225c0658feee5efb09b28c76e25884
SHA1: 6b84951f0a2febfbb1046e768d12f784047ce48c
SHA256:e9ee4656df4c1db81dcf20b7dcdcf08701c3b63f929ae8d8af69c334212c169e
Referenced In Project/Scope:Simplicite Platform:runtime

Identifiers

  • None

hadoop-hdfs-client-3.3.0.jar

Description:

Apache Hadoop HDFS Client

File Path: /var/simplicite/.m2/repository/org/apache/hadoop/hadoop-hdfs-client/3.3.0/hadoop-hdfs-client-3.3.0.jar
MD5: 3f79700a9848fdde63d862e49d05b41f
SHA1: 53c402ef4b737b7a3abdc3c41178ca32da3a461a
SHA256:e042918a57b371ff8cd6eee8f956a7d61c5b7a2800c43106d7cb479109c4fe8f
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

CVE-2021-37404  

There is a potential heap buffer overflow in Apache Hadoop libhdfs native code. Opening a file path provided by user without validation may result in a denial of service or arbitrary code execution. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher.
CWE-787 Out-of-bounds Write

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2022-25168  

Apache Hadoop's FileUtil.unTar(File, File) API does not escape the input file name before being passed to the shell. An attacker can inject arbitrary commands. This is only used in Hadoop 3.3 InMemoryAliasMap.completeBootstrapTransfer, which is only ever run by a local user. It has been used in Hadoop 2.x for yarn localization, which does enable remote code execution. It is used in Apache Spark, from the SQL command ADD ARCHIVE. As the ADD ARCHIVE command adds new binaries to the classpath, being able to execute shell scripts does not confer new permissions to the caller. SPARK-38305. "Check existence of file before untarring/zipping", which is included in 3.3.0, 3.1.4, 3.2.2, prevents shell commands being executed, regardless of which version of the hadoop libraries are in use. Users should upgrade to Apache Hadoop 2.10.2, 3.2.4, 3.3.3 or upper (including HADOOP-18136).
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2021-25642  

ZKConfigurationStore which is optionally used by CapacityScheduler of Apache Hadoop YARN deserializes data obtained from ZooKeeper without validation. An attacker having access to ZooKeeper can run arbitrary commands as YARN user by exploiting this. Users should upgrade to Apache Hadoop 2.10.2, 3.2.4, 3.3.4 or later (containing YARN-11126) if ZKConfigurationStore is used.
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: HIGH (8.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2021-33036  

In Apache Hadoop 2.2.0 to 2.10.1, 3.0.0-alpha1 to 3.1.4, 3.2.0 to 3.2.2, and 3.3.0 to 3.3.1, a user who can escalate to yarn user can possibly run arbitrary commands as root user. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher.
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv2:
  • Base Score: HIGH (9.0)
  • Vector: /AV:N/AC:L/Au:S/C:C/I:C/A:C
CVSSv3:
  • Base Score: HIGH (8.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

hamcrest-core-1.3.jar

Description:

    This is the core API of hamcrest matcher framework to be used by third-party framework providers. This includes the a foundation set of matcher implementations for common operations.

File Path: /var/simplicite/.m2/repository/org/hamcrest/hamcrest-core/1.3/hamcrest-core-1.3.jar
MD5: 6393363b47ddcbba82321110c3e07519
SHA1: 42a25dc3219429f0e5d060061f71acb49bf010a0
SHA256:66fdef91e9739348df7a096aa384a5685f4e875584cce89386a7a47251c4d8e9
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

handlebars:4.7.7

Description:

Handlebars provides the power necessary to let you build semantic templates effectively with no frustration

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?npm-audit-html:1.5.0/handlebars:^4.7.6

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/npm-audit-html:1.5.0

Identifiers

hard-rejection:2.1.0

Description:

Make unhandled promise rejections fail hard right away instead of the default silent fail

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?meow:9.0.0/hard-rejection:^2.1.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65/meow:9.0.0
  • simplicite-js:5.1.65

Identifiers

has-bigints:1.0.2

Description:

Determine if the JS environment has BigInt support.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?unbox-primitive:1.0.2/has-bigints:^1.0.2

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/unbox-primitive:1.0.2
  • simplicite-js:5.1.65/is-bigint:1.0.4

Identifiers

has-flag:3.0.0

Description:

Check if argv has a specific flag

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?supports-color:5.5.0/has-flag:^3.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/supports-color:5.5.0
  • simplicite-js:5.1.65/supports-color:7.2.0
  • simplicite-js:5.1.65/supports-hyperlinks:2.3.0

Identifiers

has-property-descriptors:1.0.0

Description:

Does the environment have full property descriptor support? Handles IE 8's broken defineProperty/gOPD.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/has-property-descriptors:1.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/es-abstract:1.21.2
  • simplicite-js:5.1.65/define-properties:1.2.0

Identifiers

has-proto:1.0.1

Description:

Does this environment have the ability to get the [[Prototype]] of an object on creation with `__proto__`?

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/has-proto:1.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/get-intrinsic:1.2.1
  • simplicite-js:5.1.65/es-abstract:1.21.2

Identifiers

has-symbols:1.0.3

Description:

Determine if the JS environment has Symbol support. Supports spec, or shams.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?unbox-primitive:1.0.2/has-symbols:^1.0.3

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/safe-array-concat:1.0.0
  • simplicite-js:5.1.65/is-symbol:1.0.4
  • simplicite-js:5.1.65/get-intrinsic:1.2.1
  • simplicite-js:5.1.65/unbox-primitive:1.0.2
  • simplicite-js:5.1.65/es-abstract:1.21.2
  • simplicite-js:5.1.65/has-tostringtag:1.0.0
  • simplicite-js:5.1.65/object.assign:4.1.4

Identifiers

has-tostringtag:1.0.0

Description:

Determine if the JS environment has `Symbol.toStringTag` support. Supports spec, or shams.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?which-typed-array:1.1.9/has-tostringtag:^1.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/is-string:1.0.7
  • simplicite-js:5.1.65/is-date-object:1.0.5
  • simplicite-js:5.1.65/is-typed-array:1.1.10
  • simplicite-js:5.1.65/is-boolean-object:1.1.2
  • simplicite-js:5.1.65/is-number-object:1.0.7
  • simplicite-js:5.1.65/es-set-tostringtag:2.0.1
  • simplicite-js:5.1.65/which-typed-array:1.1.9
  • simplicite-js:5.1.65/is-regex:1.1.4

Identifiers

has-unicode:2.0.1

Description:

Try to guess if your terminal supports unicode

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/has-unicode:2.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/gauge:4.0.4

Identifiers

has-yarn:2.1.0

Description:

Check if a project is using Yarn

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?update-notifier:4.1.3/has-yarn:^2.1.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/update-notifier:5.1.0
  • simplicite-js:5.1.65/update-notifier:6.0.2
  • simplicite-js:5.1.65/update-notifier:4.1.3

Identifiers

has:1.0.3

Description:

Object.prototype.hasOwnProperty.call shortcut

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?is-core-module:2.12.1/has:^1.0.3

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65/is-core-module:2.12.1
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/get-intrinsic:1.2.1
  • simplicite-js:5.1.65/es-abstract:1.21.2
  • simplicite-js:5.1.65/es-set-tostringtag:2.0.1
  • simplicite-js:5.1.65/internal-slot:1.0.5

Identifiers

highlight-es:1.0.3

Description:

Highlight ECMAScript syntax for the console or any other medium.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/highlight-es:1.0.3

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65/callsite-record:4.1.5
  • simplicite-js:5.1.65

Identifiers

highlight.js:10.5.0

Description:

Syntax highlighting with language autodetection.

License:

BSD-3-Clause
File Path: /var/simplicite/simplicite-5.1/package-lock.json?npm-audit-html:1.5.0/highlight.js:^10.3.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/npm-audit-html:1.5.0

Identifiers

homedir-polyfill:1.0.3

Description:

Node.js os.homedir polyfill for older versions of node.js.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?v8flags:3.2.0/homedir-polyfill:^1.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/v8flags:3.2.0

Identifiers

hosted-git-info:4.1.0

Description:

Provides metadata and conversions from repository urls for GitHub, Bitbucket and GitLab

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?normalize-package-data:3.0.3/hosted-git-info:^4.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65/normalize-package-data:2.5.0
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/normalize-package-data:3.0.3
  • simplicite-js:5.1.65/npm-package-arg:10.1.0
  • simplicite-js:5.1.65/npm-check-updates:16.14.6
  • simplicite-js:5.1.65/normalize-package-data:5.0.0

Identifiers

hosted-git-info:5.2.1

Description:

Provides metadata and conversions from repository urls for GitHub, Bitbucket and GitLab

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/hosted-git-info:5.2.1

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

hsqldb-2.5.2.jar

Description:

HSQLDB - Lightweight 100% Java SQL Database Engine

License:

HSQLDB License, a BSD open source license: http://hsqldb.org/web/hsqlLicense.html
File Path: /var/simplicite/.m2/repository/org/hsqldb/hsqldb/2.5.2/hsqldb-2.5.2.jar
MD5: f94c91b0816ab38e387f3de5682ed435
SHA1: 0d8ec10f8ed2d9ac8c400208f4f78a546b116afe
SHA256:e4aa39c5afb318e8effdec80a0e6de7c9dacc453c1cf7666c515f29a16658dac
Referenced In Project/Scope:Simplicite Platform:runtime

Identifiers

CVE-2022-41853  

Those using java.sql.Statement or java.sql.PreparedStatement in hsqldb (HyperSQL DataBase) to process untrusted input may be vulnerable to a remote code execution attack. By default it is allowed to call any static method of any Java class in the classpath resulting in code execution. The issue can be prevented by updating to 2.7.1 or by setting the system property "hsqldb.method_class_names" to classes which are allowed to be called. For example, System.setProperty("hsqldb.method_class_names", "abc") or Java argument -Dhsqldb.method_class_names="abc" can be used. From version 2.7.1 all classes by default are not accessible except those in java.lang.Math and need to be manually enabled.
NVD-CWE-noinfo

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions:

html-tags:3.3.1

Description:

List of standard HTML tags

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?stylelint:14.16.1/html-tags:^3.2.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/stylelint:14.16.1

Identifiers

htmlparser2:3.8.3

Description:

Fast & forgiving HTML/XML/RSS parser

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/htmlparser2:3.8.3

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/jshint:2.12.0

Identifiers

http-cache-semantics:4.1.1

Description:

Parses Cache-Control and other headers. Helps building correct HTTP caches and proxies

License:

BSD-2-Clause
File Path: /var/simplicite/simplicite-5.1/package-lock.json?cacheable-request:6.1.0/http-cache-semantics:^4.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/cacheable-request:10.2.12
  • simplicite-js:5.1.65/cacheable-request:6.1.0
  • simplicite-js:5.1.65/make-fetch-happen:11.1.1

Identifiers

http-proxy-agent:5.0.0

Description:

An HTTP(s) proxy `http.Agent` implementation for HTTP

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?make-fetch-happen:11.1.1/http-proxy-agent:^5.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/make-fetch-happen:11.1.1

Identifiers

http2-wrapper:2.2.0

Description:

HTTP2 client, just with the familiar `https` API

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?got:13.0.0/http2-wrapper:^2.1.10

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/got:13.0.0
  • simplicite-js:5.1.65/got:12.6.1

Identifiers

httpasyncclient-4.1.4.jar

Description:

   Apache HttpComponents AsyncClient

File Path: /var/simplicite/.m2/repository/org/apache/httpcomponents/httpasyncclient/4.1.4/httpasyncclient-4.1.4.jar
MD5: f29a16f1c28f5b3dd511cbd16d7fa422
SHA1: f3a3240681faae3fa46b573a4c7e50cec9db0d86
SHA256:50e981a8e567a16ebdad104605b156540a863459fa127b8ba647f310dfc83ef8
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

httpclient-4.5.13.jar

Description:

   Apache HttpComponents Client

File Path: /var/simplicite/.m2/repository/org/apache/httpcomponents/httpclient/4.5.13/httpclient-4.5.13.jar
MD5: 40d6b9075fbd28fa10292a45a0db9457
SHA1: e5f6cae5ca7ecaac1ec2827a9e2d65ae2869cada
SHA256:6fe9026a566c6a5001608cf3fc32196641f6c1e5e1986d1037ccdbd5f31ef743
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

httpcore-4.4.14.jar

Description:

   Apache HttpComponents Core (blocking I/O)

File Path: /var/simplicite/.m2/repository/org/apache/httpcomponents/httpcore/4.4.14/httpcore-4.4.14.jar
MD5: 2b3991eda121042765a5ee299556c200
SHA1: 9dd1a631c082d92ecd4bd8fd4cf55026c720a8c1
SHA256:f956209e450cb1d0c51776dfbd23e53e9dd8db9a1298ed62b70bf0944ba63b28
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

httpcore-nio-4.4.14.jar

Description:

   Apache HttpComponents Core (non-blocking I/O)

File Path: /var/simplicite/.m2/repository/org/apache/httpcomponents/httpcore-nio/4.4.14/httpcore-nio-4.4.14.jar
MD5: fc67803925f395dbb90e61992bbf0291
SHA1: 175aeb59b09cf2ebbec622fe1704904a092ee291
SHA256:88c695f7342ba76dafd4035fa9bebbf82837c573de0d81324ba7921b4e14f5c8
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

httpmime-4.5.13.jar

Description:

   Apache HttpComponents HttpClient - MIME coded entities

File Path: /var/simplicite/.m2/repository/org/apache/httpcomponents/httpmime/4.5.13/httpmime-4.5.13.jar
MD5: 3f0c1ef2c9dc47b62b780192f54b0c18
SHA1: efc110bad4a0d45cda7858e6beee1d8a8313da5a
SHA256:06e754d99245b98dcc2860dcb43d20e737d650da2bf2077a105f68accbd5c5cc
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

https-proxy-agent:5.0.1

Description:

An HTTP(s) proxy `http.Agent` implementation for HTTPS

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?make-fetch-happen:11.1.1/https-proxy-agent:^5.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/make-fetch-happen:11.1.1

Identifiers

httpservices-4.5.5.jar

File Path: /var/simplicite/.m2/repository/edu/ucar/httpservices/4.5.5/httpservices-4.5.5.jar
MD5: c5207827b8b7e6045b2af7e1e8c5b1d4
SHA1: ee5f217be599e5e03f7f0e55e03f9e721a154f62
SHA256:8334da7adc9ed7a7b941a780f4d22054f8a11d03973be83ae8399400d55300e4
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

human-signals:2.1.0

Description:

Human-friendly process signals

License:

Apache-2.0
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/human-signals:2.1.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/execa:5.1.1

Identifiers

humanize-ms:1.2.1

Description:

transform humanize time to ms

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/humanize-ms:1.2.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/agentkeepalive:4.3.0

Identifiers

ical.js:1.5.0

Description:

Javascript parser for ics (rfc5545) and vcard (rfc6350) data

License:

MPL-2.0
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/ical.js:1.5.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@fullcalendar/common:5.5.1

Identifiers

iconv-lite:0.4.24

Description:

Convert character encodings in pure javascript.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/iconv-lite:0.4.24

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/external-editor:3.1.0
  • simplicite-js:5.1.65/encoding:0.1.13

Identifiers

iconv-lite:0.6.3

Description:

Convert character encodings in pure javascript.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/iconv-lite:0.6.3

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

icu4j-68.2.jar

Description:

    International Component for Unicode for Java (ICU4J) is a mature, widely used Java library
    providing Unicode and Globalization support

License:

Unicode/ICU License: https://raw.githubusercontent.com/unicode-org/icu/master/icu4c/LICENSE
File Path: /var/simplicite/.m2/repository/com/ibm/icu/icu4j/68.2/icu4j-68.2.jar
MD5: 04b7854f897b7e00820d082ab4f27368
SHA1: 76893e6000401ace133a65262254be0ebe556d46
SHA256:9bd7bf869a44ba8aeb0cddd7e6616e88cd4795ba5bfce2230447cb0e185a646c
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

  • pkg:maven/com.ibm.icu/icu4j@68.2  (Confidence:High)
  • cpe:2.3:a:icu-project:international_components_for_unicode:68.2:*:*:*:*:*:*:*  (Confidence:Low)  
  • cpe:2.3:a:unicode:international_components_for_unicode:68.2:*:*:*:*:*:*:*  (Confidence:Low)  

ieee754:1.2.1

Description:

Read/write IEEE754 floating point numbers from/to a Buffer or array-like object

License:

BSD-3-Clause
File Path: /var/simplicite/simplicite-5.1/package-lock.json?buffer:6.0.3/ieee754:^1.2.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/buffer:6.0.3
  • simplicite-js:5.1.65/buffer:5.7.1

Identifiers

ignore-walk:6.0.3

Description:

Nested/recursive `.gitignore`/`.npmignore` parsing and filtering.

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?npm-packlist:7.0.4/ignore-walk:^6.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/npm-packlist:7.0.4

Identifiers

ignore:5.2.4

Description:

Ignore is a manager and filter for .gitignore rules, the one used by eslint, gitbook and many others.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?stylelint:14.16.1/ignore:^5.2.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/eslint:8.52.0
  • simplicite-js:5.1.65/globby:11.1.0
  • simplicite-js:5.1.65/@eslint/eslintrc:2.1.2
  • simplicite-js:5.1.65/stylelint:14.16.1
  • simplicite-js:5.1.65/depcheck:1.4.3

Identifiers

immediate:3.0.6

Description:

A cross browser microtask library

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?lie:3.3.0/immediate:~3.0.5

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/lie:3.3.0

Identifiers

immutable:4.3.0

Description:

Immutable Data Collections

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?sass:1.63.6/immutable:^4.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/sass:1.63.6

Identifiers

import-fresh:3.3.0

Description:

Import a module while bypassing the cache

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/import-fresh:3.3.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/cosmiconfig:7.1.0
  • simplicite-js:5.1.65/@eslint/eslintrc:2.1.2

Identifiers

import-lazy:2.1.0

Description:

Import modules lazily

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/import-lazy:2.1.0

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

import-lazy:4.0.0

Description:

Import a module lazily

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?stylelint:14.16.1/import-lazy:^4.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/update-notifier:6.0.2
  • simplicite-js:5.1.65/update-notifier:5.1.0
  • simplicite-js:5.1.65/update-notifier:4.1.3
  • simplicite-js:5.1.65/stylelint:14.16.1

Identifiers

imurmurhash:0.1.4

Description:

An incremental implementation of MurmurHash3

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?write-file-atomic:4.0.2/imurmurhash:^0.1.4

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/eslint:8.52.0
  • simplicite-js:5.1.65/write-file-atomic:4.0.2
  • simplicite-js:5.1.65/write-file-atomic:3.0.3
  • simplicite-js:5.1.65/stylelint:14.16.1
  • simplicite-js:5.1.65/unique-slug:4.0.0

Identifiers

indent-string:4.0.0

Description:

Indent each line in a string

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?redent:3.0.0/indent-string:^4.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65/redent:3.0.0
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/aggregate-error:3.1.0

Identifiers

inflight:1.0.6

Description:

Add callbacks to requests in flight to avoid async duplication

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/inflight:1.0.6

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/glob:7.2.3

Identifiers

inherits:2.0.4

Description:

Browser-friendly inheritance fully compatible with standard node.js inherits()

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?readable-stream:1.1.14/inherits:~2.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/glob:7.2.3
  • simplicite-js:5.1.65/readable-stream:2.3.8
  • simplicite-js:5.1.65/readable-stream:3.6.2
  • simplicite-js:5.1.65/readable-stream:1.1.14
  • simplicite-js:5.1.65/bl:4.1.0

Identifiers

ini:1.3.8

Description:

An ini encoder/decoder for node

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/ini:1.3.8

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/config-chain:1.1.13
  • simplicite-js:5.1.65/global-dirs:3.0.1
  • simplicite-js:5.1.65/rc:1.2.8
  • simplicite-js:5.1.65/npm-check-updates:16.14.6
  • simplicite-js:5.1.65/global-dirs:2.1.0
  • simplicite-js:5.1.65/global-prefix:3.0.0

Identifiers

ini:2.0.0

Description:

An ini encoder/decoder for node

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/ini:2.0.0

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

ini:4.1.1

Description:

An ini encoder/decoder for node

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/ini:4.1.1

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

inquirer:7.3.3

Description:

A collection of common interactive command line user interfaces.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?npm-check:6.0.1/inquirer:^7.3.3

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/npm-check:6.0.1

Identifiers

internal-slot:1.0.5

Description:

ES spec-like internal slots

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/internal-slot:1.0.5

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/es-abstract:1.21.2

Identifiers

invariant:2.2.4

Description:

invariant

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?scss-parser:1.0.6/invariant:2.2.4

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/query-ast:1.0.5
  • simplicite-js:5.1.65/scss-parser:1.0.6

Identifiers

ip:2.0.0

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?socks:2.7.1/ip:^2.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/socks:2.7.1

Identifiers

is-array-buffer:3.0.2

Description:

Is this value a JS ArrayBuffer?

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/is-array-buffer:3.0.2

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65/array-buffer-byte-length:1.0.0
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/es-abstract:1.21.2

Identifiers

is-arrayish:0.2.1

Description:

Determines if an object can be used as an array

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/is-arrayish:0.2.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/error-ex:1.3.2

Identifiers

is-bigint:1.0.4

Description:

Is this value an ES BigInt?

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?which-boxed-primitive:1.0.2/is-bigint:^1.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/which-boxed-primitive:1.0.2

Identifiers

is-binary-path:2.1.0

Description:

Check if a file path is a binary file

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/is-binary-path:2.1.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/chokidar:3.5.3

Identifiers

is-boolean-object:1.1.2

Description:

Is this value a JS Boolean? This module works cross-realm/iframe, and despite ES6 @@toStringTag.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?which-boxed-primitive:1.0.2/is-boolean-object:^1.1.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/which-boxed-primitive:1.0.2

Identifiers

is-builtin-module:3.2.1

Description:

Check if a string matches the name of a Node.js builtin module

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/is-builtin-module:3.2.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/eslint-plugin-jsdoc:46.8.2

Identifiers

is-callable:1.2.7

Description:

Is this JS value callable? Works with Functions and GeneratorFunctions, despite ES6 @@toStringTag.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/is-callable:1.2.7

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/for-each:0.3.3
  • simplicite-js:5.1.65/es-to-primitive:1.2.1
  • simplicite-js:5.1.65/es-abstract:1.21.2

Identifiers

is-ci:2.0.0

Description:

Detect if the current environment is a CI server

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?update-notifier:4.1.3/is-ci:^2.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/update-notifier:5.1.0
  • simplicite-js:5.1.65/update-notifier:6.0.2
  • simplicite-js:5.1.65/update-notifier:4.1.3
  • simplicite-js:5.1.65/npm-check:6.0.1

Identifiers

is-core-module:2.12.1

Description:

Is this specifier a node.js core module?

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?resolve:1.22.2/is-core-module:^2.11.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65/resolve:1.22.2
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/normalize-package-data:3.0.3
  • simplicite-js:5.1.65/normalize-package-data:5.0.0
  • simplicite-js:5.1.65/depcheck:1.4.3

Identifiers

is-date-object:1.0.5

Description:

Is this value a JS Date object? This module works cross-realm/iframe, and despite ES6 @@toStringTag.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/is-date-object:1.0.5

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/es-to-primitive:1.2.1

Identifiers

is-docker:2.2.1

Description:

Check if the process is running inside a Docker container

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?open:7.4.2/is-docker:^2.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/is-wsl:2.2.0
  • simplicite-js:5.1.65/open:7.4.2

Identifiers

is-es2016-keyword:1.0.0

Description:

Determine if string is an ES2016 keyword.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/is-es2016-keyword:1.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/highlight-es:1.0.3

Identifiers

is-extglob:2.1.1

Description:

Returns true if a string has an extglob.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?is-glob:4.0.3/is-extglob:^2.1.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/is-glob:4.0.3

Identifiers

is-fullwidth-code-point:3.0.0

Description:

Check if the character represented by a given Unicode code point is fullwidth

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?string-width-cjs:4.2.3/is-fullwidth-code-point:^3.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/string-width-cjs:4.2.3
  • simplicite-js:5.1.65/string-width:4.2.3
  • simplicite-js:5.1.65/slice-ansi:4.0.0

Identifiers

is-glob:4.0.3

Description:

Returns `true` if the given string looks like a glob pattern or an extglob pattern. This makes it easy to create code that only uses external modules like node-glob when necessary, resulting in much faster code execution and initialization time, and a better user experience.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/is-glob:4.0.3

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/eslint:8.52.0
  • simplicite-js:5.1.65/glob-parent:6.0.2
  • simplicite-js:5.1.65/glob-parent:5.1.2
  • simplicite-js:5.1.65/chokidar:3.5.3

Identifiers

is-installed-globally:0.3.2

Description:

Check if your package was installed globally

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?update-notifier:4.1.3/is-installed-globally:^0.3.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/update-notifier:6.0.2
  • simplicite-js:5.1.65/update-notifier:5.1.0
  • simplicite-js:5.1.65/update-notifier:4.1.3

Identifiers

is-interactive:1.0.0

Description:

Check if stdout or stderr is interactive

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?ora:5.4.1/is-interactive:^1.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65/ora:5.4.1
  • simplicite-js:5.1.65

Identifiers

is-lambda:1.0.1

Description:

Detect if your code is running on an AWS Lambda server

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?make-fetch-happen:11.1.1/is-lambda:^1.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/make-fetch-happen:11.1.1

Identifiers

is-negative-zero:2.0.2

Description:

Is this value negative zero? === will lie to you

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/is-negative-zero:2.0.2

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/es-abstract:1.21.2

Identifiers

is-npm:4.0.0

Description:

Check if your code is running as an npm script

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?update-notifier:4.1.3/is-npm:^4.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/update-notifier:6.0.2
  • simplicite-js:5.1.65/update-notifier:5.1.0
  • simplicite-js:5.1.65/update-notifier:4.1.3

Identifiers

is-number-object:1.0.7

Description:

Is this value a JS Number object? This module works cross-realm/iframe, and despite ES6 @@toStringTag.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?which-boxed-primitive:1.0.2/is-number-object:^1.0.4

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/which-boxed-primitive:1.0.2

Identifiers

is-number:7.0.0

Description:

Returns true if a number or string value is a finite number. Useful for regex matches, parsing, user input, etc.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?to-regex-range:5.0.1/is-number:^7.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/to-regex-range:5.0.1

Identifiers

is-obj:2.0.0

Description:

Check if a value is an object

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?dot-prop:6.0.1/is-obj:^2.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/dot-prop:6.0.1
  • simplicite-js:5.1.65/dot-prop:5.3.0

Identifiers

is-path-inside:3.0.3

Description:

Check if a path is inside another path

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?is-installed-globally:0.4.0/is-path-inside:^3.0.2

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65/is-installed-globally:0.4.0
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/eslint:8.52.0
  • simplicite-js:5.1.65/is-installed-globally:0.3.2

Identifiers

is-plain-obj:1.1.0

Description:

Check if a value is a plain object

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?minimist-options:4.1.0/is-plain-obj:^1.1.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/minimist-options:4.1.0

Identifiers

is-plain-object:2.0.4

Description:

Returns true if an object was created by the `Object` constructor.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/is-plain-object:2.0.4

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/stylelint:14.16.1
  • simplicite-js:5.1.65/clone-deep:4.0.1

Identifiers

is-plain-object:5.0.0

Description:

Returns true if an object was created by the `Object` constructor, or Object.create(null).

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/is-plain-object:5.0.0

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

is-regex:1.1.4

Description:

Is this value a JS regex? Works cross-realm/iframe, and despite ES6 @@toStringTag

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?safe-regex-test:1.0.0/is-regex:^1.1.4

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/es-abstract:1.21.2
  • simplicite-js:5.1.65/safe-regex-test:1.0.0

Identifiers

is-shared-array-buffer:1.0.2

Description:

Is this value a JS SharedArrayBuffer?

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/is-shared-array-buffer:1.0.2

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/es-abstract:1.21.2

Identifiers

is-stream:2.0.1

Description:

Check if something is a Node.js stream

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/is-stream:2.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/execa:5.1.1

Identifiers

is-string:1.0.7

Description:

Is this value a JS String object or primitive? This module works cross-realm/iframe, and despite ES6 @@toStringTag.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?which-boxed-primitive:1.0.2/is-string:^1.0.5

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/array.prototype.reduce:1.0.5
  • simplicite-js:5.1.65/es-abstract:1.21.2
  • simplicite-js:5.1.65/which-boxed-primitive:1.0.2

Identifiers

is-symbol:1.0.4

Description:

Determine if a value is an ES6 Symbol or not.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?which-boxed-primitive:1.0.2/is-symbol:^1.0.3

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/es-to-primitive:1.2.1
  • simplicite-js:5.1.65/which-boxed-primitive:1.0.2

Identifiers

is-typed-array:1.1.10

Description:

Is this value a JS Typed Array? This module works cross-realm/iframe, does not depend on `instanceof` or mutable properties, and despite ES6 Symbol.toStringTag.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?which-typed-array:1.1.9/is-typed-array:^1.1.10

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/is-array-buffer:3.0.2
  • simplicite-js:5.1.65/typed-array-length:1.0.4
  • simplicite-js:5.1.65/es-abstract:1.21.2
  • simplicite-js:5.1.65/which-typed-array:1.1.9

Identifiers

is-typedarray:1.0.0

Description:

Detect whether or not an object is a Typed Array

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?typedarray-to-buffer:3.1.5/is-typedarray:^1.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/write-file-atomic:3.0.3
  • simplicite-js:5.1.65/typedarray-to-buffer:3.1.5

Identifiers

is-unicode-supported:0.1.0

Description:

Detect whether the terminal supports Unicode

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?ora:5.4.1/is-unicode-supported:^0.1.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65/ora:5.4.1
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/log-symbols:4.1.0

Identifiers

is-weakref:1.0.2

Description:

Is this value a JS WeakRef? This module works cross-realm/iframe, and despite ES6 @@toStringTag.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/is-weakref:1.0.2

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/es-abstract:1.21.2

Identifiers

is-wsl:2.2.0

Description:

Check if the process is running inside Windows Subsystem for Linux (Bash on Windows)

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?open:7.4.2/is-wsl:^2.1.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/open:7.4.2

Identifiers

is-yarn-global:0.3.0

Description:

Check if installed by yarn globally without any `fs` calls

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?update-notifier:4.1.3/is-yarn-global:^0.3.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/update-notifier:5.1.0
  • simplicite-js:5.1.65/update-notifier:6.0.2
  • simplicite-js:5.1.65/update-notifier:4.1.3

Identifiers

isarray:0.0.1

Description:

Array#isArray for older browsers

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?readable-stream:1.1.14/isarray:0.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/safe-array-concat:1.0.0
  • simplicite-js:5.1.65/readable-stream:2.3.8
  • simplicite-js:5.1.65/readable-stream:1.1.14

Identifiers

isarray:2.0.5

Description:

Array#isArray for older browsers

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/isarray:2.0.5

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

isexe:2.0.0

Description:

Minimal module to check if a file is executable.

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?which:2.0.2/isexe:^2.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/which:1.3.1
  • simplicite-js:5.1.65/which:2.0.2
  • simplicite-js:5.1.65/which:3.0.1

Identifiers

isobject:3.0.1

Description:

Returns true if the value is an object and not an array or null.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/isobject:3.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/is-plain-object:2.0.4

Identifiers

isoparser-1.1.22.jar

Description:

A generic parser and writer for all ISO 14496 based files (MP4, Quicktime, DCF, PDCF, ...)

License:

Apache Software License - Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/googlecode/mp4parser/isoparser/1.1.22/isoparser-1.1.22.jar
MD5: b6cb35cf16232e5850de5900f753ed91
SHA1: 70b5c26b52c120d2e94643717a764c4a67640fd6
SHA256:f37f0a997dcc494409b60aeb48cef319348503f84efcd1edcb0fcfb81148fc2d
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

istack-commons-runtime-3.0.8.jar

Description:

istack common utility code

License:

http://www.eclipse.org/org/documents/edl-v10.php
File Path: /var/simplicite/.m2/repository/com/sun/istack/istack-commons-runtime/3.0.8/istack-commons-runtime-3.0.8.jar
MD5: d8555a2f242c55d6727b4d0e82ab8446
SHA1: d6a97364045aa6b99bf2d3c566a3f98599c2d296
SHA256:4ffabb06be454a05e4398e20c77fa2b6308d4b88dfbef7ca30a76b5b7d5505ef
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

istack-commons-tools-3.0.8.jar

Description:

istack common utility code

License:

http://www.eclipse.org/org/documents/edl-v10.php
File Path: /var/simplicite/.m2/repository/com/sun/istack/istack-commons-tools/3.0.8/istack-commons-tools-3.0.8.jar
MD5: 920af7b9915c9724948517228e727a11
SHA1: a9bb4e2d83d50623bb2dd26cde8d7dd88e6b7104
SHA256:3b0e0a85924ebb91303175f2a2183c7f9246fa00342be95205397e73434008ec
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

itext-2.1.7.jar

Description:

iText, a free Java-PDF library

License:

Mozilla Public License: http://www.mozilla.org/MPL/MPL-1.1.html
File Path: /var/simplicite/.m2/repository/com/lowagie/itext/2.1.7/itext-2.1.7.jar
MD5: 7587a618197a065eac4a453d173d4ed6
SHA1: 892bfb3e97074a61123b3b2d7caa2db112750864
SHA256:7d82c6b097a31cdf5a6d49a327bf582fdec7304da69308f9f6abf54aa9fd9055
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

CVE-2017-9096 (OSSINDEX)  

The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML external entity (XXE) attacks via a crafted PDF.
CWE-611 Improper Restriction of XML External Entity Reference ('XXE')

CVSSv3:
  • Base Score: HIGH (8.8)
  • Vector: CVSS:/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:com.lowagie:itext:2.1.7:*:*:*:*:*:*:*

itext-rtf-2.1.7.jar

Description:

iText, a free Java-PDF library (rtf package)

License:

Mozilla Public License: http://www.mozilla.org/MPL/MPL-1.1.html
File Path: /var/simplicite/.m2/repository/com/lowagie/itext-rtf/2.1.7/itext-rtf-2.1.7.jar
MD5: f95d38da50192bc9e3876e3a987f02c1
SHA1: ed1cbe69ff69c6e6fa7645f51c8d25894a177e7b
SHA256:49d3b9df20ccc6565c91b8b18c638ecb018fd528b6eb64991d6d8ba73975c135
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

j2objc-annotations-1.3.jar

Description:

    A set of annotations that provide additional information to the J2ObjC
    translator to modify the result of translation.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/google/j2objc/j2objc-annotations/1.3/j2objc-annotations-1.3.jar
MD5: 5fa4ec4ec0c5aa70af8a7d4922df1931
SHA1: ba035118bc8bac37d7eff77700720999acd9986d
SHA256:21af30c92267bd6122c0e0b4d20cccb6641a37eaf956c6540ec471d584e64a7b
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

jackcess-3.0.1.jar

Description:

A pure Java library for reading from and writing to MS Access databases.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/healthmarketscience/jackcess/jackcess/3.0.1/jackcess-3.0.1.jar
MD5: e787e04bfd785b16d366021373309617
SHA1: e753ed760d06a0b6849c02d3d4c603ae6c8e05c8
SHA256:743bfe830de83f2a64b0ff23337c18f1412c3caf35f98c5f6668f65c109993d7
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

jackcess-encrypt-3.0.0.jar

Description:

An add-on to the Jackcess library for handling encryption in MS Access files.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/healthmarketscience/jackcess/jackcess-encrypt/3.0.0/jackcess-encrypt-3.0.0.jar
MD5: 4e12f5c0713e5e1b38b74f8946d17c27
SHA1: 24ee9302d731e7c66e828049bb055ca710e29f03
SHA256:d624d55b3090ab733192041a758727b94a3136031660ab794998f3bd72b4c213
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

jackson-annotations-2.12.1.jar

Description:

Core annotations used for value types, used by Jackson data binding package.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/fasterxml/jackson/core/jackson-annotations/2.12.1/jackson-annotations-2.12.1.jar
MD5: ac96cb6fdf09ba1e2c41f461047f1eb4
SHA1: aa079f822ddce5548018286d19ccb15c2fc202d7
SHA256:203cefdfa6c81e6aa84e11f292f29ca97344a3c3bc0293abea065cd837592873
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

jackson-core-2.12.1.jar

Description:

Core Jackson processing abstractions (aka Streaming API), implementation for JSON

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.12.1/jackson-core-2.12.1.jar
MD5: 6a65df7a5e62df2754726857b4ab0257
SHA1: 7c5493930e439be6fcec80a9afd6516b8e5e8760
SHA256:cc899cb6eae0c80b87d590eea86528797369cc4feb7b79463207d6bb18f0c257
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

CVE-2022-45688  

A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data.
CWE-787 Out-of-bounds Write

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2023-5072  

Denial of Service  in JSON-Java versions up to and including 20230618.  A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used. 
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

jackson-core-asl-1.9.13.jar

Description:

Jackson is a high-performance JSON processor (parser, generator)

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/codehaus/jackson/jackson-core-asl/1.9.13/jackson-core-asl-1.9.13.jar
MD5: 319c49a4304e3fa9fe3cd8dcfc009d37
SHA1: 3c304d70f42f832e0a86d45bd437f692129299a4
SHA256:440a9cb5ca95b215f953d3a20a6b1a10da1f09b529a9ddea5f8a4905ddab4f5a
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

jackson-databind-2.12.1.jar

Description:

General data-binding functionality for Jackson: works on core streaming API

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.12.1/jackson-databind-2.12.1.jar
MD5: 1925b6e2feac7e63e164f57e6fb42c9d
SHA1: 8a97e00e429c42f74757b0a8cd1d39dddd41524f
SHA256:f2ca3c28ebded59c98447d51afe945323df961540af66a063c015597af936aa0
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

CVE-2020-36518  

jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
CWE-787 Out-of-bounds Write

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2021-46877  

jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before 2.13.1 allows attackers to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization.
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2022-42003  

In FasterXML jackson-databind before 2.14.0-rc1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. Additional fix version in 2.13.4.1 and 2.12.17.1
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2022-42004  

In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2023-35116  

** DISPUTED ** jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor's perspective is that this is not a valid vulnerability report, because the steps of constructing a cyclic data structure and trying to serialize it cannot be achieved by an external attacker.
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv3:
  • Base Score: MEDIUM (4.7)
  • Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

jackson-dataformat-csv-2.12.1.jar

Description:

Support for reading and writing CSV-encoded data via Jackson
abstractions.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/fasterxml/jackson/dataformat/jackson-dataformat-csv/2.12.1/jackson-dataformat-csv-2.12.1.jar
MD5: 19862cee22a9e4a143416a2ff9091d49
SHA1: fd0a6ac93587631e48bf86f9fd25a11bc61048a5
SHA256:22b6f2679925d0950d1e2421aff6894e01605f6446feae717f1d1f2079835e95
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

jackson-datatype-guava-2.12.1.jar

Description:

Add-on datatype-support module for Jackson (https://github.com/FasterXML/jackson) that handles
Guava (http://code.google.com/p/guava-libraries/) types (currently mostly just collection ones)

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/fasterxml/jackson/datatype/jackson-datatype-guava/2.12.1/jackson-datatype-guava-2.12.1.jar
MD5: 808a37f9d2afc8456dff5f4a55be4f31
SHA1: 93bda8133651ac977c4590e417e7fbe31997b721
SHA256:89b9dcf6ea77c25b6b0199f46c0aa42806a1ab040bb62b5ad7ca5de6d450dbb1
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

jackson-datatype-joda-2.12.1.jar

Description:

Add-on module for Jackson (http://github.com/FasterXML/jackson) to support Joda (https://www.joda.org/joda-time/) data types.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/fasterxml/jackson/datatype/jackson-datatype-joda/2.12.1/jackson-datatype-joda-2.12.1.jar
MD5: 8461dd73c521b761fe789f6d024497a4
SHA1: d35d1de7d9651e849dfd76c602e0f4d19f68603d
SHA256:b5b90042bf1febbf4eb1cf5c8de5c76e12d2a3a8cf49dcc2a7e374c01430ef0e
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

jackson-jaxrs-base-2.12.1.jar

Description:

Pile of code that is shared by all Jackson-based JAX-RS
providers.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/fasterxml/jackson/jaxrs/jackson-jaxrs-base/2.12.1/jackson-jaxrs-base-2.12.1.jar
MD5: df99a83eb2e4b55114d1dc991aa0ffe1
SHA1: 2dcc2d2205a2cc05af33bcfe98727306884682fa
SHA256:86712f6810fb60ebc30d2744ea87f00fa3c3517c3a7dfd727bd5cd4a5192201f
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

jackson-jaxrs-json-provider-2.12.1.jar

Description:

Functionality to handle JSON input/output for JAX-RS implementations (like Jersey and RESTeasy) using standard Jackson data binding.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/fasterxml/jackson/jaxrs/jackson-jaxrs-json-provider/2.12.1/jackson-jaxrs-json-provider-2.12.1.jar
MD5: 10ac481534128456f3a0c7d2ab069201
SHA1: 6702d7d4c7ecec57586d7c330aaec3e1a2797d9d
SHA256:a432f4486670a4755d6f0bab5366574164569b45f87595f1e947cf54bfd69cff
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

CVE-2022-45688  

A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data.
CWE-787 Out-of-bounds Write

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2023-5072  

Denial of Service  in JSON-Java versions up to and including 20230618.  A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used. 
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

jackson-jaxrs-xml-provider-2.12.1.jar

Description:

Functionality to handle XML input/output for JAX-RS implementations (like Jersey and RESTeasy) using standard Jackson data binding.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/fasterxml/jackson/jaxrs/jackson-jaxrs-xml-provider/2.12.1/jackson-jaxrs-xml-provider-2.12.1.jar
MD5: 14b12f85ccf6f3a73f1cee82fee3cd15
SHA1: d2753d636e50edc15620786f0ad09ad83382063f
SHA256:33b25a51214fb2c3b93a55ec9902b856955596d16f3923029167a478bd6b79f3
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

jackson-module-jaxb-annotations-2.12.1.jar

Description:

Support for using JAXB annotations as an alternative to "native" Jackson annotations, for configuring
data-binding.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/fasterxml/jackson/module/jackson-module-jaxb-annotations/2.12.1/jackson-module-jaxb-annotations-2.12.1.jar
MD5: 2d411db70682a858791a46e080b67d34
SHA1: a486cbce4607b5ce329cbf5a400bed234afdcc23
SHA256:868bf0efa8831f490b886de5bf803b3eb2d30776a03e1416f8ac48af2145c526
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

jackspeak:2.3.6

Description:

A very strict and proper argument parser.

License:

BlueOak-1.0.0
File Path: /var/simplicite/simplicite-5.1/package-lock.json?glob:10.3.3/jackspeak:^2.0.3

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/glob:10.3.10
  • simplicite-js:5.1.65/glob:10.3.3

Identifiers

jai-imageio-core-1.4.0.jar

Description:

    Java Advanced Imaging Image I/O Tools API core, but without the classes 
    involved with javax.media.jai dependencies, JPEG2000 or 
    codecLibJIIO, meaning that this library can be distributed under the 
    modified BSD license and should be GPL compatible.

License:

BSD 3-clause License w/nuclear disclaimer: LICENSE.txt
File Path: /var/simplicite/.m2/repository/com/github/jai-imageio/jai-imageio-core/1.4.0/jai-imageio-core-1.4.0.jar
MD5: 6978d733bfb55c0a82639f724fe5f3bb
SHA1: fb6d79b929556362a241b2f65a04e538062f0077
SHA256:8ad3c68e9efffb10ac87ff8bc589adf64b04a729c5194c079efd0643607fd72a
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

jakarta.activation-1.2.1.jar

Description:

JavaBeans Activation Framework

License:

http://www.eclipse.org/org/documents/edl-v10.php
File Path: /var/simplicite/.m2/repository/com/sun/activation/jakarta.activation/1.2.1/jakarta.activation-1.2.1.jar
MD5: dc519b1f09bbaf9274ea5da358a00110
SHA1: 8013606426a73d8ba6b568370877251e91a38b89
SHA256:d84d4ba8b55cdb7fdcbb885e6939386367433f56f5ab8cfdc302a7c3587fa92b
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

jakarta.xml.bind-api-2.3.2.jar

Description:

JAXB (JSR 222) API

License:

http://www.eclipse.org/org/documents/edl-v10.php
File Path: /var/simplicite/.m2/repository/jakarta/xml/bind/jakarta.xml.bind-api/2.3.2/jakarta.xml.bind-api-2.3.2.jar
MD5: dabb40ba58199304c640b7bd8bb2fbac
SHA1: 8d49996a4338670764d7ca4b85a1c4ccf7fe665d
SHA256:69156304079bdeed9fc0ae3b39389f19b3cc4ba4443bc80508995394ead742ea
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

java-jwt-3.16.0.jar

Description:

Java implementation of JSON Web Token (JWT)

License:

The MIT License (MIT): https://raw.githubusercontent.com/auth0/java-jwt/master/LICENSE
File Path: /var/simplicite/.m2/repository/com/auth0/java-jwt/3.16.0/java-jwt-3.16.0.jar
MD5: 1f524c1450f75a68eb1794b16064be1c
SHA1: dc15a8b6ee22f64ad63bdea8523ca3ed2e038092
SHA256:4c30bcd1e3be2a6fdd1fee64752d6df57219e630460f48c7aed440b71b3cdef6
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

java-libpst-0.8.1.jar

Description:

A library to read PST files with java, without need for external libraries.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/pff/java-libpst/0.8.1/java-libpst-0.8.1.jar
MD5: 6be27662e0b06154e5f05938937d16b7
SHA1: ad31986653dac9cb5132ea5b2999c20b4b286255
SHA256:a3f7b3c934f477b0fc3c0eadebc3d24872bbebc3ac5a22ab575e5f476ea34757
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

java-saml-2.6.0.jar

File Path: /var/simplicite/.m2/repository/com/onelogin/java-saml/2.6.0/java-saml-2.6.0.jar
MD5: 2c1fc0250c3f87d0d28ea2c555918bdf
SHA1: 839c7bfc96c13f322c94c95b15da18cd6bfb386f
SHA256:9bf3eb92697d6207bc94c8073b444c936e3ce88b39376de3a221a28b32ded617
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

java-saml-core-2.6.0.jar

File Path: /var/simplicite/.m2/repository/com/onelogin/java-saml-core/2.6.0/java-saml-core-2.6.0.jar
MD5: ee1f89abd687098a7c203bddd94b9c8d
SHA1: f2d7b517292ae8d7509c80b8a54734818b265ff2
SHA256:8ac69aab30405e10ae1ccea1d0d1e4f5038ffccacf1be0bff99e48bceb542cee
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

java-xmlbuilder-1.2.jar

Description:

XML Builder is a utility that creates simple XML documents using relatively sparse Java code

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: /var/simplicite/.m2/repository/com/jamesmurty/utils/java-xmlbuilder/1.2/java-xmlbuilder-1.2.jar
MD5: da26c3029d677da3f1f281e55ab82c23
SHA1: fef5136a82e7ca7305f95255f12cc8cc5036375d
SHA256:cc582a0fa5b803ee9d4987eb9407054c275fb98a6d57c2712c83becbd4ee0e47
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

CVE-2021-4277  

A vulnerability, which was classified as problematic, has been found in fredsmith utils. This issue affects some unknown processing of the file screenshot_sync of the component Filename Handler. The manipulation leads to predictable from observable state. The name of the patch is dbab1b66955eeb3d76b34612b358307f5c4e3944. It is recommended to apply a patch to fix this issue. The identifier VDB-216749 was assigned to this vulnerability.
CWE-330 Use of Insufficiently Random Values

CVSSv3:
  • Base Score: MEDIUM (5.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References:

Vulnerable Software & Versions:

javase-3.0.1.jar

Description:

Java SE-specific extensions to core ZXing library

File Path: /var/simplicite/.m2/repository/com/google/zxing/javase/3.0.1/javase-3.0.1.jar
MD5: 04258960339322ce4fb90718899ff4c9
SHA1: 06fa0ae253f5bb2943fb64100c936d6a142832c2
SHA256:83c1e61db240c81b9b9628ea8dd63944cacf2b4f3578b4f3f4d3104506e4d0a4
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

javax.annotation-api-1.3.2.jar

Description:

Common Annotations for the JavaTM Platform API

License:

CDDL + GPLv2 with classpath exception: https://github.com/javaee/javax.annotation/blob/master/LICENSE
File Path: /var/simplicite/.m2/repository/javax/annotation/javax.annotation-api/1.3.2/javax.annotation-api-1.3.2.jar
MD5: 2ab1973eefffaa2aeec47d50b9e40b9d
SHA1: 934c04d3cfef185a8008e7bf34331b79730a9d43
SHA256:e04ba5195bcd555dc95650f7cc614d151e4bcd52d29a10b8aa2197f3ab89ab9b
Referenced In Project/Scope:Simplicite Platform:provided

Identifiers

javax.ejb-api-3.2.2.jar

Description:

Project GlassFish Enterprise JavaBean API

License:

CDDL + GPLv2 with classpath exception: https://oss.oracle.com/licenses/CDDL+GPL-1.1
File Path: /var/simplicite/.m2/repository/javax/ejb/javax.ejb-api/3.2.2/javax.ejb-api-3.2.2.jar
MD5: f7a1ffa8ec359720a01dd09f79f042c3
SHA1: 8921a3e3cb30fe5966531ad53902eef19303123b
SHA256:13ff874c58c32b649077dab6ab23bc93938610adc99e90d63933f6f074805b72
Referenced In Project/Scope:Simplicite Platform:provided

Identifiers

javax.inject-1.jar

Description:

The javax.inject API

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/javax/inject/javax.inject/1/javax.inject-1.jar
MD5: 289075e48b909e9e74e6c915b3631d2e
SHA1: 6975da39a7040257bd51d21a231b76c915872d38
SHA256:91c77044a50c481636c32d916fd89c9118a72195390452c81065080f957de7ff
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

javax.jms-api-2.0.1.jar

Description:

Java(TM) Message Service Specification

License:

CDDL + GPLv2 with classpath exception: https://glassfish.java.net/nonav/public/CDDL+GPL_1_1.html
File Path: /var/simplicite/.m2/repository/javax/jms/javax.jms-api/2.0.1/javax.jms-api-2.0.1.jar
MD5: d69d2e02910e97b2478c0105e9b2caab
SHA1: 5faaa3864ff6025ce69809b60d65bda3e358610c
SHA256:aa4a16fac46d949b17b32091036e4d1e3c812ef3b4bd184ec838efffb53ba4f8
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

javax.mail-1.6.2.jar

Description:

JavaMail API

License:

https://javaee.github.io/javamail/LICENSE
File Path: /var/simplicite/.m2/repository/com/sun/mail/javax.mail/1.6.2/javax.mail-1.6.2.jar
MD5: 0b81d022797740d72d21620781841374
SHA1: 935151eb71beff17a2ffac15dd80184a99a0514f
SHA256:45b515e7104944c09e45b9c7bb1ce5dff640486374852dd2b2e80cc3752dfa11
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

javax.servlet-api-4.0.1.jar

Description:

Java(TM) Servlet 4.0 API Design Specification

License:

CDDL + GPLv2 with classpath exception: https://oss.oracle.com/licenses/CDDL+GPL-1.1
File Path: /var/simplicite/.m2/repository/javax/servlet/javax.servlet-api/4.0.1/javax.servlet-api-4.0.1.jar
MD5: b80414033bf3397de334b95e892a2f44
SHA1: a27082684a2ff0bf397666c3943496c44541d1ca
SHA256:83a03dd877d3674576f0da7b90755c8524af099ccf0607fc61aa971535ad7c60
Referenced In Project/Scope:Simplicite Platform:provided

Identifiers

javax.servlet.jsp-api-2.3.3.jar

Description:

Java.net - The Source for Java Technology Collaboration

License:

CDDL + GPLv2 with classpath exception: ://oss.oracle.com/licenses/CDDL+GPL-1.1
File Path: /var/simplicite/.m2/repository/javax/servlet/jsp/javax.servlet.jsp-api/2.3.3/javax.servlet.jsp-api-2.3.3.jar
MD5: f6676a5961328c41c5e722da5e48d047
SHA1: 81191ab80e342912dc9cea735c30ff4eddc64de3
SHA256:409a534d275ef0958a2c1692472da30e3706bfe6933d56c039376f53f13689b7
Referenced In Project/Scope:Simplicite Platform:provided

Identifiers

javax.transaction-api-1.3.jar

Description:

Project GlassFish Java Transaction API

License:

CDDL + GPLv2 with classpath exception: https://github.com/javaee/javax.transaction/blob/master/LICENSE
File Path: /var/simplicite/.m2/repository/javax/transaction/javax.transaction-api/1.3/javax.transaction-api-1.3.jar
MD5: 6e9cb1684621821248b6823143ae26c0
SHA1: e006adf5cf3cca2181d16bd640ecb80148ec0fce
SHA256:603df5e4fc1eeae8f5e5d363a8be6c1fa47d0df1df8739a05cbcb9fafd6df2da
Referenced In Project/Scope:Simplicite Platform:provided

Identifiers

javax.websocket-api-1.1.jar

Description:

JSR 356: Java API for WebSocket

License:

https://glassfish.java.net/public/CDDL+GPL_1_1.html
File Path: /var/simplicite/.m2/repository/javax/websocket/javax.websocket-api/1.1/javax.websocket-api-1.1.jar
MD5: be29e11a4a15742aa6fb418fa46345e3
SHA1: eeeb68631711256418dfbb47b11c731b6c8f6235
SHA256:a260973517bf6411d659b588a719aa27e7e4e47dfbd510fceb5bf1023a2c45e4
Referenced In Project/Scope:Simplicite Platform:provided

Identifiers

javax.ws.rs-api-2.0.1.jar

Description:

Java API for RESTful Web Services (JAX-RS)

License:

CDDL 1.1: http://glassfish.java.net/public/CDDL+GPL_1_1.html
GPL2 w/ CPE: http://glassfish.java.net/public/CDDL+GPL_1_1.html
File Path: /var/simplicite/.m2/repository/javax/ws/rs/javax.ws.rs-api/2.0.1/javax.ws.rs-api-2.0.1.jar
MD5: edcd111cf4d3ba8ac8e1f326efc37a17
SHA1: 104e9c2b5583cfcfeac0402316221648d6d8ea6b
SHA256:38607d626f2288d8fbc1b1f8a62c369e63806d9a313ac7cbc5f9d6c94f4b466d
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

jawk-1.02.jar

Description:

POM was created from install:install-file

File Path: /var/simplicite/.m2/repository/org/jawk/jawk/1.02/jawk-1.02.jar
MD5: cd04ea3460d71a03ca5f4232c9ee5f0c
SHA1: 7bdd8bb1a1b9adff9b471cc041cba83ef3a2abe6
SHA256:2773c7f47b2ee8f483d6cb30f799c31f81645d23f49910e58ef4cccb2ffe1c7b
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

jaxb-api-2.3.1.jar

Description:

JAXB (JSR 222) API

License:

https://oss.oracle.com/licenses/CDDL+GPL-1.1, https://oss.oracle.com/licenses/CDDL+GPL-1.1
File Path: /var/simplicite/.m2/repository/javax/xml/bind/jaxb-api/2.3.1/jaxb-api-2.3.1.jar
MD5: bcf270d320f645ad19f5edb60091e87f
SHA1: 8531ad5ac454cc2deb9d4d32c40c4d7451939b5d
SHA256:88b955a0df57880a26a74708bc34f74dcaf8ebf4e78843a28b50eae945732b06
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

jaxb-runtime-2.3.2.jar

Description:

JAXB (JSR 222) Reference Implementation

File Path: /var/simplicite/.m2/repository/org/glassfish/jaxb/jaxb-runtime/2.3.2/jaxb-runtime-2.3.2.jar
MD5: 9c3bf13a58e56c1b955bf5a365ca10b2
SHA1: 5528bc882ea499a09d720b42af11785c4fc6be2a
SHA256:e6e0a1e89fb6ff786279e6a0082d5cef52dc2ebe67053d041800737652b4fd1b
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

jaxb-svg11-1.0.2.jar

Description:

JAXB classes modelling SVG 1.1

License:

Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/plutext/jaxb-svg11/1.0.2/jaxb-svg11-1.0.2.jar
MD5: 91f22bed36295692c384e846dfc460b0
SHA1: 3c0cd54d5691f5b5f8c60ed0c06353ff1db424e1
SHA256:6799f39d49d9dbfef140e76b33d0884d55372935768a3955900eb022576a760d
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

jaxb-xjc-2.3.2.jar

Description:

        JAXB Binding Compiler. Contains source code needed for binding customization files into java sources.
        In other words: the *tool* to generate java classes for the given xml representation.

File Path: /var/simplicite/.m2/repository/org/glassfish/jaxb/jaxb-xjc/2.3.2/jaxb-xjc-2.3.2.jar
MD5: 1c78df3990145ef0acfeb83c1d2ae567
SHA1: 9cfd86529359747d07251c017d4e46254faa2c2b
SHA256:b68ad7eeb5c0b514114897c37ff7efb8885419d03fd6e8e5fae2d4ce76f51d89
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

jbig2-imageio-3.0.3.jar

Description:

	Java Image I/O plugin for reading JBIG2-compressed image data. 
	Formerly known as the levigo JBig2 ImageIO plugin (com.levigo.jbig2:levigo-jbig2-imageio).

File Path: /var/simplicite/.m2/repository/org/apache/pdfbox/jbig2-imageio/3.0.3/jbig2-imageio-3.0.3.jar
MD5: 3c19c78788d7669c1caf2ee8ccb84a54
SHA1: 1719861ff0b86162c5b391fb4d1084c05ff72b35
SHA256:c80110fda57128563d3d0656bff78da8bf35a934cf54edfa10e8b76fc6389929
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

jcip-annotations-1.0.jar

File Path: /var/simplicite/.m2/repository/net/jcip/jcip-annotations/1.0/jcip-annotations-1.0.jar
MD5: 9d5272954896c5a5d234f66b7372b17a
SHA1: afba4942caaeaf46aab0b976afd57cc7c181467e
SHA256:be5805392060c71474bf6c9a67a099471274d30b83eef84bfc4e0889a4f1dcc0
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

jcl-over-slf4j-1.7.30.jar

Description:

JCL 1.2 implemented over SLF4J

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/slf4j/jcl-over-slf4j/1.7.30/jcl-over-slf4j-1.7.30.jar
MD5: 69ad224b2feb6f86554fe8997b9c3d4b
SHA1: cd92524ea19d27e5b94ecd251e1af729cffdfe15
SHA256:71e9ee37b9e4eb7802a2acc5f41728a4cf3915e7483d798db3b4ff2ec8847c50
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

jclouds-core-2.3.0.jar

Description:

Core components to access jclouds services

File Path: /var/simplicite/.m2/repository/org/apache/jclouds/jclouds-core/2.3.0/jclouds-core-2.3.0.jar
MD5: 7d8c4d15a4205c055c329c0d1c54f926
SHA1: 25f0be89751d38f06c9906c25eb2024f48b15489
SHA256:756c7a6826c83bc4252015236cd17e47a45c095225cd170f834f4c988a541901
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

jclouds-core-2.3.0.jar: gson-2.8.5.jar

Description:

Gson JSON library

File Path: /var/simplicite/.m2/repository/org/apache/jclouds/jclouds-core/2.3.0/jclouds-core-2.3.0.jar/lib/gson-2.8.5.jar
MD5: 089104cb90d8b4e1aa00b1f5faef0742
SHA1: f645ed69d595b24d4cf8b3fbb64cc505bede8829
SHA256:233a0149fc365c9f6edbd683cfe266b19bdc773be98eabdaf6b3c924b48e7d81
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

CVE-2022-25647  

The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks.
CWE-502 Deserialization of Untrusted Data

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

jcommander-1.35.jar

Description:

A Java framework to parse command line options with annotations.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/beust/jcommander/1.35/jcommander-1.35.jar
MD5: 90216444fab67357c5bdf3293b47107e
SHA1: 47592e181b0bdbbeb63029e08c5e74f6803c4edd
SHA256:019c12fec1ce5c02cbabb150f6ac8a86d92a0ecc9c89a549e5537283e863000c
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

jdom2-2.0.6.jar

Description:

		A complete, Java-based solution for accessing, manipulating, 
		and outputting XML data

License:

Similar to Apache License but with the acknowledgment clause removed: https://raw.github.com/hunterhacker/jdom/master/LICENSE.txt
File Path: /var/simplicite/.m2/repository/org/jdom/jdom2/2.0.6/jdom2-2.0.6.jar
MD5: 86a30c9b1ddc08ca155747890db423b7
SHA1: 6f14738ec2e9dd0011e343717fa624a10f8aab64
SHA256:1345f11ba606d15603d6740551a8c21947c0215640770ec67271fe78bea97cf5
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

CVE-2021-33813  

An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request.
CWE-611 Improper Restriction of XML External Entity Reference ('XXE')

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

jedis-3.4.1.jar

Description:

Jedis is a blazingly small and sane Redis java client.

License:

MIT: http://github.com/redis/jedis/raw/master/LICENSE.txt
File Path: /var/simplicite/.m2/repository/redis/clients/jedis/3.4.1/jedis-3.4.1.jar
MD5: 78de8de0af0ba774da236ee42dbe27ff
SHA1: 18dd643f48d3611df5cc8a85f15ae552a6954708
SHA256:f83fdad2f187a10cf8e0443806a038cdf3d550b0fdc6faa3507b2bf07542586a
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

jempbox-1.8.16.jar

Description:

    The Apache JempBox library is an open source Java tool that implements Adobe's XMP(TM)
    specification. JempBox is a subproject of Apache PDFBox.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/pdfbox/jempbox/1.8.16/jempbox-1.8.16.jar
MD5: 1cb997cdd8302c7e19131c81ba0b7ee2
SHA1: 1f41de81768ef84ca2d8cda4cb79e9272c8ee966
SHA256:ebef7cca5a5a77768e686972b4a89f0ffce7b46907fd96ac3d4f6ce2fa038055
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

jersey-core-1.19.1.jar

Description:

Jersey is the open source (under dual CDDL+GPL license) JAX-RS (JSR 311)        production quality Reference Implementation for building        RESTful Web services.

License:

http://glassfish.java.net/public/CDDL+GPL_1_1.html, http://glassfish.java.net/public/CDDL+GPL_1_1.html
File Path: /var/simplicite/.m2/repository/com/sun/jersey/jersey-core/1.19.1/jersey-core-1.19.1.jar
MD5: 577161779fabb561d73388d1ffc46b1f
SHA1: 04282d106f2acd5051bd9bc2935ed9a2920c9385
SHA256:86c3b0f6b933478dfdd2486f047861dd2f68502e05e3c76c7dfa3968ea2b5532
Referenced In Project/Scope:Simplicite Platform:provided

Identifiers

jfreechart-1.5.2.jar

Description:

        JFreeChart is a class library, written in Java, for generating charts. 
        Utilising the Java2D APIs, it currently supports bar charts, pie charts, 
        line charts, XY-plots and time series plots.

License:

GNU Lesser General Public Licence: http://www.gnu.org/licenses/lgpl.txt
File Path: /var/simplicite/.m2/repository/org/jfree/jfreechart/1.5.2/jfreechart-1.5.2.jar
MD5: fa0872cf4ef4a326e021bf3c866ab83c
SHA1: 2891e21e4b304811dc05a477753a23d820677230
SHA256:94bf5393e74d4ee15d848cbf4ee0ade0db476c849ed436a741442f91cccaa43c
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

jhighlight-1.0.3.jar

Description:

    JHighlight is an embeddable pure Java syntax highlighting
    library that supports Java, HTML, XHTML, XML and LZX
    languages and outputs to XHTML.
    
    It also supports RIFE templates tags and highlights them
    clearly so that you can easily identify the difference
    between your RIFE markup and the actual marked up source.

License:

CDDL, v1.0: http://www.opensource.org/licenses/cddl1.php
LGPL, v2.1 or later: http://www.opensource.org/licenses/lgpl-license.php
File Path: /var/simplicite/.m2/repository/org/codelibs/jhighlight/1.0.3/jhighlight-1.0.3.jar
MD5: 318e72a07b2bbe089f0c41df45d2f484
SHA1: 88831dce3d56aa53a1bfcba78518e8939b8d4779
SHA256:34405394e068b5d8c40ed45928ce077f8b5140bf33851a55b9cb53116ded43e5
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

jju:1.4.0

Description:

a set of utilities to work with JSON / JSON5 documents

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?json-parse-helpfulerror:1.0.3/jju:^1.1.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/json-parse-helpfulerror:1.0.3

Identifiers

jjwt-api-0.11.2.jar

Description:

JSON Web Token support for the JVM and Android

License:

http://www.apache.org/licenses/LICENSE-2.0
File Path: /var/simplicite/.m2/repository/io/jsonwebtoken/jjwt-api/0.11.2/jjwt-api-0.11.2.jar
MD5: 19d7722419b64944d28b7432e596c94c
SHA1: 57c34dce3e88f2972c5c5465b6291acfb5628084
SHA256:fa340e4c0b81f24c4c0f943c4454343efe9e055f648c600f2b3b637763cf6f28
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

CVE-2022-45688  

A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data.
CWE-787 Out-of-bounds Write

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2023-5072  

Denial of Service  in JSON-Java versions up to and including 20230618.  A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used. 
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

jlessc-1.10.jar

Description:

A Less CSS compiler written completely in Java (pure Java).

License:

MIT License: http://www.opensource.org/licenses/mit-license.php
File Path: /var/simplicite/.m2/repository/de/inetsoftware/jlessc/1.10/jlessc-1.10.jar
MD5: bd2d9f6be54058c2e109ebdbce16b3d8
SHA1: be040c43e8d0b032e58706646bdf44e7e4062ec7
SHA256:7d2012d7ca2f529843dcc9db701e3e59d0cbf590fd48c8a6153d2bfa6968018e
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

jlessc-ant-1.10.jar

Description:

Simple Apache Ant task for JLessC

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/simplicite/ant/jlessc-ant/1.10/jlessc-ant-1.10.jar
MD5: face16e0be54ff562cef7ba12707377f
SHA1: 58e69a229c0390095331edf520c4d547700d18a1
SHA256:094c7c03c77c421e5f6fe750ab11f4162e75487862038dc19b2342e7ebeb56c7
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

jmatio-1.5.jar

Description:

Matlab's MAT-file I/O API in JAVA. Supports Matlab 5 MAT-flie format reading and writing. Written in pure JAVA.

License:

BSD: http://www.linfo.org/bsdlicense.html
File Path: /var/simplicite/.m2/repository/org/tallison/jmatio/1.5/jmatio-1.5.jar
MD5: 6eccf45b3a4bb3dd0518afcf37b8ed35
SHA1: 517d932cc87a3b564f3f7a07ac347b725b619ab4
SHA256:70db8cf9a1818072f290fd464f14a8369c9c58993e6640128a6e8a6379d67ac7
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

jmustache-1.15.jar

Description:

A Java implementation of the Mustache templating language.

License:

The (New) BSD License: http://www.opensource.org/licenses/bsd-license.php
File Path: /var/simplicite/.m2/repository/com/samskivert/jmustache/1.15/jmustache-1.15.jar
MD5: 0b166350b8b372d5caae4f0b692e016f
SHA1: 7b3b15951d13b774c76db2f4e14d977952f8b4d8
SHA256:1aeb96b9dc17bc29540b8c3342e8e91ee974d5c604165ecd469dd76b041c250c
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

jna-5.5.0.jar

Description:

Java Native Access

License:

LGPL, version 2.1: http://www.gnu.org/licenses/licenses.html
Apache License v2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/net/java/dev/jna/jna/5.5.0/jna-5.5.0.jar
MD5: acfb5b5fd9ee10bf69497792fd469f85
SHA1: 0e0845217c4907822403912ad6828d8e0b256208
SHA256:b308faebfe4ed409de8410e0a632d164b2126b035f6eacff968d3908cafb4d9e
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

jna-5.5.0.jar: jnidispatch.dll

File Path: /var/simplicite/.m2/repository/net/java/dev/jna/jna/5.5.0/jna-5.5.0.jar/com/sun/jna/win32-x86-64/jnidispatch.dll
MD5: e02979ecd43bcc9061eb2b494ab5af50
SHA1: 3122ac0e751660f646c73b10c4f79685aa65c545
SHA256:a66959bec2ef5af730198db9f3b3f7cab0d4ae70ce01bec02bf1d738e6d1ee7a
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

  • None

jna-5.5.0.jar: jnidispatch.dll

File Path: /var/simplicite/.m2/repository/net/java/dev/jna/jna/5.5.0/jna-5.5.0.jar/com/sun/jna/win32-x86/jnidispatch.dll
MD5: 28d895a3cb7e9a0b6a5ae5ed6a62b254
SHA1: 703d8604a8d04d29c52c0ebcde1e86f3bc8ff824
SHA256:04c9a8ab43d1eb616b84d0686c8ae1d881ef03fe4f3aa26511e5b19d35ef16af
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

  • None

joda-time-2.10.9.jar

Description:

Date and time library to replace JDK date handling

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/joda-time/joda-time/2.10.9/joda-time-2.10.9.jar
MD5: f5a8839f853ba5ba8c7637f4d092afe4
SHA1: 2227c292c0ee4f57205dbdc65fd57a94694050ec
SHA256:b36dd8c325b7afa19e92cf5879a9fe6780bad42fdc18f67c93cafe1fcf6375ae
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

jquery:3.5.1

Description:

JavaScript library for DOM operations

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/jquery:3.5.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/bootbox:5.5.2

Identifiers

js-beautify:1.14.0

Description:

beautifier.io for node

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/js-beautify:1.14.0

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

js-tokens:4.0.0

Description:

A regex that tokenizes JavaScript.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/js-tokens:4.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/highlight:7.22.20
  • simplicite-js:5.1.65/highlight-es:1.0.3
  • simplicite-js:5.1.65/loose-envify:1.4.0

Identifiers

js-yaml:3.14.1

Description:

YAML 1.2 parser and serializer

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/js-yaml:3.14.1

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

js-yaml:4.1.0

Description:

YAML 1.2 parser and serializer

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?rc-config-loader:4.1.3/js-yaml:^4.1.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/rc-config-loader:4.1.3
  • simplicite-js:5.1.65/eslint:8.52.0
  • simplicite-js:5.1.65/@eslint/eslintrc:2.1.2
  • simplicite-js:5.1.65/npm-check-updates:16.14.6
  • simplicite-js:5.1.65/load-yaml-file:0.2.0
  • simplicite-js:5.1.65/depcheck:1.4.3

Identifiers

js2xmlparser:4.0.2

Description:

Parses JavaScript objects into XML

License:

Apache-2.0
File Path: /var/simplicite/simplicite-5.1/package-lock.json?jsdoc:4.0.2/js2xmlparser:^4.0.2

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/jsdoc:4.0.2

Identifiers

jsdoc-type-pratt-parser:4.0.0

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/jsdoc-type-pratt-parser:4.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@es-joy/jsdoccomment:0.40.1

Identifiers

jsdoc:4.0.2

Description:

An API documentation generator for JavaScript.

License:

Apache-2.0
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/jsdoc:4.0.2

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

jsesc:0.5.0

Description:

A JavaScript library for escaping JavaScript strings while generating the shortest possible valid output.

File Path: /var/simplicite/simplicite-5.1/package-lock.json?/jsesc:0.5.0

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

jsesc:2.5.2

Description:

Given some data, jsesc returns the shortest possible stringified & ASCII-safe representation of that data.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/jsesc:2.5.2

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/regjsparser:0.9.1
  • simplicite-js:5.1.65/@babel/generator:7.23.0

Identifiers

jshint:2.12.0

Description:

Static analysis tool for JavaScript

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/jshint:2.12.0

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

json-20211205.jar

Description:

        JSON is a light-weight, language independent, data interchange format.
        See http://www.JSON.org/

        The files in this package implement JSON encoders/decoders in Java.
        It also includes the capability to convert between JSON and XML, HTTP
        headers, Cookies, and CDL.

        This is a reference implementation. There is a large number of JSON packages
        in Java. Perhaps someday the Java community will standardize on one. Until
        then, choose carefully.

        The license includes this restriction: "The software shall be used for good,
        not evil." If your conscience cannot live with that, then choose a different
        package.

License:

The JSON License: http://json.org/license.html
File Path: /var/simplicite/.m2/repository/org/json/json/20211205/json-20211205.jar
MD5: 2aa4313aaabdcf89e1847d5bf6d3535f
SHA1: 47032dcf2f69880f07dab3dc60b4b0ad97318308
SHA256:7f38d61fbb7e2afdc31c6be865720ee4fc8a0c3c14fac4f3ec47fd3deb3939c6
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

CVE-2022-45688  

A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data.
CWE-787 Out-of-bounds Write

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2023-5072  

Denial of Service  in JSON-Java versions up to and including 20230618.  A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used. 
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

json-buffer:3.0.1

Description:

JSON parse & stringify that supports binary via bops & base64

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?keyv:4.5.2/json-buffer:3.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/keyv:3.1.0
  • simplicite-js:5.1.65/keyv:4.5.2

Identifiers

json-parse-even-better-errors:2.3.1

Description:

JSON.parse with context information on error

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?parse-json:5.2.0/json-parse-even-better-errors:^2.3.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/read-package-json-fast:3.0.2
  • simplicite-js:5.1.65/parse-json:5.2.0
  • simplicite-js:5.1.65/read-package-json:6.0.4

Identifiers

json-parse-even-better-errors:3.0.0

Description:

JSON.parse with context information on error

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/json-parse-even-better-errors:3.0.0

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

json-parse-helpfulerror:1.0.3

Description:

A drop-in replacement for JSON.parse that uses `jju` to give helpful errors

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?npm-check-updates:16.14.6/json-parse-helpfulerror:^1.0.3

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/npm-check-updates:16.14.6

Identifiers

json-schema-traverse:0.4.1

Description:

Traverse JSON Schema passing each schema object to callback

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/json-schema-traverse:0.4.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/ajv:8.12.0
  • simplicite-js:5.1.65/ajv:6.12.6

Identifiers

json-schema-traverse:1.0.0

Description:

Traverse JSON Schema passing each schema object to callback

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/json-schema-traverse:1.0.0

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

json-simple-1.1.1.jar

Description:

A simple Java toolkit for JSON

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/googlecode/json-simple/json-simple/1.1.1/json-simple-1.1.1.jar
MD5: 5cc2c478d73e8454b4c369cee66c5bc7
SHA1: c9ad4a0850ab676c5c64461a05ca524cdfff59f1
SHA256:4e69696892b88b41c55d49ab2fdcc21eead92bf54acc588c0050596c3b75199c
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

json-stable-stringify-without-jsonify:1.0.1

Description:

deterministic JSON.stringify() with custom sorting to get deterministic hashes from stringified results, with no public domain dependencies

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/json-stable-stringify-without-jsonify:1.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/eslint:8.52.0

Identifiers

json5:2.2.3

Description:

JSON for Humans

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?rc-config-loader:4.1.3/json5:^2.2.2

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/rc-config-loader:4.1.3
  • simplicite-js:5.1.65/@babel/core:7.23.2
  • simplicite-js:5.1.65/depcheck:1.4.3

Identifiers

jsonfile:4.0.0

Description:

Easily read/write JSON files.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/jsonfile:4.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65/fs-extra:8.1.0
  • simplicite-js:5.1.65

Identifiers

jsonlines:0.1.1

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?npm-check-updates:16.14.6/jsonlines:^0.1.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/npm-check-updates:16.14.6

Identifiers

jsonparse:1.3.1

Description:

This is a pure-js JSON streaming parser for node.js

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?minipass-json-stream:1.0.1/jsonparse:^1.3.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/minipass-json-stream:1.0.1

Identifiers

jsoup-1.14.3.jar

Description:

jsoup is a Java library for working with real-world HTML. It provides a very convenient API for fetching URLs and extracting and manipulating data, using the best of HTML5 DOM methods and CSS selectors. jsoup implements the WHATWG HTML5 specification, and parses HTML to the same DOM as modern browsers do.

License:

The MIT License: https://jsoup.org/license
File Path: /var/simplicite/.m2/repository/org/jsoup/jsoup/1.14.3/jsoup-1.14.3.jar
MD5: 079f92557fa3577329d498aee5cc25ee
SHA1: c43a81e18e6d0eb71951aa031d55d5c293c531a6
SHA256:92af19ec57cc77637db4490f0f5011f0444d353209ce36083bac428f9b81a39c
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

CVE-2022-36033  

jsoup is a Java HTML parser, built for HTML editing, cleaning, scraping, and cross-site scripting (XSS) safety. jsoup may incorrectly sanitize HTML including `javascript:` URL expressions, which could allow XSS attacks when a reader subsequently clicks that link. If the non-default `SafeList.preserveRelativeLinks` option is enabled, HTML including `javascript:` URLs that have been crafted with control characters will not be sanitized. If the site that this HTML is published on does not set a Content Security Policy, an XSS attack is then possible. This issue is patched in jsoup 1.15.3. Users should upgrade to this version. Additionally, as the unsanitized input may have been persisted, old content should be cleaned again using the updated version. To remediate this issue without immediately upgrading: - disable `SafeList.preserveRelativeLinks`, which will rewrite input URLs as absolute URLs - ensure an appropriate [Content Security Policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP) is defined. (This should be used regardless of upgrading, as a defence-in-depth best practice.)
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions: (show all)

jsr305-3.0.2.jar

Description:

JSR305 Annotations for Findbugs

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar
MD5: dd83accb899363c32b07d7a1b2e4ce40
SHA1: 25ea2e8b0c338a877313bd4672d3fe056ea78f0d
SHA256:766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

jsr311-api-1.1.1.jar

License:

                CDDL License
            : http://www.opensource.org/licenses/cddl1.php
File Path: /var/simplicite/.m2/repository/javax/ws/rs/jsr311-api/1.1.1/jsr311-api-1.1.1.jar
MD5: c9803468299ec255c047a280ddec510f
SHA1: 59033da2a1afd56af1ac576750a8d0b1830d59e6
SHA256:ab1534b73b5fa055808e6598a5e73b599ccda28c3159c3c0908977809422ee4a
Referenced In Project/Scope:Simplicite Platform:provided

Identifiers

jszip-utils:0.1.0

Description:

A collection of cross-browser utilities to go along with JSZip.

License:

(MIT OR GPL-3.0)
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/jszip-utils:0.1.0

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

jszip:3.5.0

Description:

Create, read and edit .zip files with JavaScript http://stuartk.com/jszip

License:

(MIT OR GPL-3.0)
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/jszip:3.5.0

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

CVE-2022-48285  

loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive.
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv3:
  • Base Score: HIGH (7.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

References:

Vulnerable Software & Versions:

NPM-1091267  

loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive.
Unscored:
  • Severity: high

References:
  • Advisory 1091267: JSZip contains Path Traversal via loadAsync - - https://nvd.nist.gov/vuln/detail/CVE-2022-48285 - https://github.com/Stuk/jszip/commit/2edab366119c9ee948357c02f1206c28566cdf15 - https://github.com/Stuk/jszip/compare/v3.7.1...v3.8.0 - https://www.mend.io/vulnerability-database/WS-2023-0004 - https://exchange.xforce.ibmcloud.com/vulnerabilities/244499 - https://github.com/advisories/GHSA-36fh-84j7-cv5h

Vulnerable Software & Versions (NPM):

  • cpe:2.3:a:*:jszip:\<3.8.0:*:*:*:*:*:*:*

CVE-2021-23413  

This affects the package jszip before 3.7.0. Crafting a new zip file with filenames set to Object prototype values (e.g __proto__, toString, etc) results in a returned object with a modified prototype instance.
NVD-CWE-noinfo

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: MEDIUM (5.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

References:

Vulnerable Software & Versions:

NPM-1094051  

This affects the package jszip before 3.7.0. Crafting a new zip file with filenames set to Object prototype values (e.g `__proto__`, `toString`, etc) results in a returned object with a modified prototype instance.
Unscored:
  • Severity: moderate

References:
  • Advisory 1094051: jszip Vulnerable to Prototype Pollution - - https://nvd.nist.gov/vuln/detail/CVE-2021-23413 - https://github.com/Stuk/jszip/pull/766 - https://github.com/Stuk/jszip/commit/22357494f424178cb416cdb7d93b26dd4f824b36 - https://github.com/Stuk/jszip/blob/master/lib/object.js%23L88 - https://snyk.io/vuln/SNYK-JS-JSZIP-1251497 - https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1251499 - https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1251498 - https://github.com/advisories/GHSA-jg8v-48h5-wgxg

Vulnerable Software & Versions (NPM):

  • cpe:2.3:a:*:jszip:\>\=3.0.0\<3.7.0:*:*:*:*:*:*:*

jtidy-r938.jar

Description:

    JTidy is a Java port of HTML Tidy, a HTML syntax checker and pretty printer. Like its non-Java cousin, JTidy can be
    used as a tool for cleaning up malformed and faulty HTML. In addition, JTidy provides a DOM interface to the
    document that is being processed, which effectively makes you able to use JTidy as a DOM parser for real-world HTML.

License:

Java HTML Tidy License: http://jtidy.svn.sourceforge.net/viewvc/jtidy/trunk/jtidy/LICENSE.txt?revision=95
File Path: /var/simplicite/.m2/repository/net/sf/jtidy/jtidy/r938/jtidy-r938.jar
MD5: 6a9121561b8f98c0a8fb9b6e57f50e6b
SHA1: ab08d87a225a715a69107732b67f21e1da930349
SHA256:6fc03e51e73fa884f06e7eae0761e045e56fdeb4e146a4d952e3023cc9e3fb43
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

CVE-2023-34623  

An issue was discovered jtidy thru r938 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.
CWE-787 Out-of-bounds Write

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

jul-to-slf4j-1.7.30.jar

Description:

JUL to SLF4J bridge

File Path: /var/simplicite/.m2/repository/org/slf4j/jul-to-slf4j/1.7.30/jul-to-slf4j-1.7.30.jar
MD5: f2c78cb93d70dc5dea0c50f36ace09c1
SHA1: d58bebff8cbf70ff52b59208586095f467656c30
SHA256:bbcbfdaa72572255c4f85207a9bfdb24358dc993e41252331bd4d0913e4988b9
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

junit-4.13.1.jar

Description:

JUnit is a unit testing framework for Java, created by Erich Gamma and Kent Beck.

License:

Eclipse Public License 1.0: http://www.eclipse.org/legal/epl-v10.html
File Path: /var/simplicite/.m2/repository/junit/junit/4.13.1/junit-4.13.1.jar
MD5: 83d91f209ddcb104776fa41c448c7ee2
SHA1: cdd00374f1fee76b11e2a9d127405aa3f6be5b6a
SHA256:c30719db974d6452793fe191b3638a5777005485bae145924044530ffa5f6122
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

juniversalchardet-1.0.3.jar

Description:

Java port of universalchardet

License:

Mozilla Public License 1.1 (MPL 1.1): http://www.mozilla.org/MPL/MPL-1.1.html
File Path: /var/simplicite/.m2/repository/com/googlecode/juniversalchardet/juniversalchardet/1.0.3/juniversalchardet-1.0.3.jar
MD5: d9ea0a9a275336c175b343f2e4cd8f27
SHA1: cd49678784c46aa8789c060538e0154013bb421b
SHA256:757bfe906193b8b651e79dc26cd67d6b55d0770a2cdfb0381591504f779d4a76
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

junrar-4.0.0.jar

Description:

rar decompression library in plain java

License:

UnRar License: https://raw.github.com/junrar/junrar/master/license.txt
File Path: /var/simplicite/.m2/repository/com/github/junrar/junrar/4.0.0/junrar-4.0.0.jar
MD5: 38103347e0c3e06ee52ce032cee9e902
SHA1: 93f9b74e1507db9c55c5bdd35369376a474e4db5
SHA256:2eafa4571dfebe4e42e686657f9e597aaa86bb68942b590d5af9902e7caddb20
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

CVE-2022-23596  

Junrar is an open source java RAR archive library. In affected versions A carefully crafted RAR archive can trigger an infinite loop while extracting said archive. The impact depends solely on how the application uses the library, and whether files can be provided by malignant users. The problem is patched in 7.4.1. There are no known workarounds and users are advised to upgrade as soon as possible.
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

keyv:3.1.0

Description:

Simple key-value storage with support for multiple backends

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/keyv:3.1.0

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

keyv:4.5.2

Description:

Simple key-value storage with support for multiple backends

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/keyv:4.5.2

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/cacheable-request:10.2.12
  • simplicite-js:5.1.65/cacheable-request:6.1.0

Identifiers

kind-of:6.0.3

Description:

Get the native type of a value.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?shallow-clone:3.0.1/kind-of:^6.0.2

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/clone-deep:4.0.1
  • simplicite-js:5.1.65/shallow-clone:3.0.1
  • simplicite-js:5.1.65/global-prefix:3.0.0
  • simplicite-js:5.1.65/minimist-options:4.1.0

Identifiers

klaw:3.0.0

Description:

File system walker with Readable stream interface.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/klaw:3.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/jsdoc:4.0.2

Identifiers

kleur:4.1.5

Description:

The fastest Node.js library for formatting terminal text with ANSI colors~!

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?prompts-ncu:3.0.0/kleur:^4.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/prompts-ncu:3.0.0

Identifiers

known-css-properties:0.26.0

Description:

List of known CSS properties

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?stylelint:14.16.1/known-css-properties:^0.26.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/stylelint:14.16.1

Identifiers

latest-version:5.1.0

Description:

Get the latest version of an npm package

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?update-notifier:4.1.3/latest-version:^5.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/update-notifier:5.1.0
  • simplicite-js:5.1.65/update-notifier:6.0.2
  • simplicite-js:5.1.65/update-notifier:4.1.3

Identifiers

leaflet:1.7.1

Description:

JavaScript library for mobile-friendly interactive maps

License:

BSD-2-Clause
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/leaflet:1.7.1

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

levn:0.4.1

Description:

Light ECMAScript (JavaScript) Value Notation - human written, concise, typed, flexible

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?optionator:0.9.3/levn:^0.4.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/eslint:8.52.0
  • simplicite-js:5.1.65/optionator:0.9.3

Identifiers

libphonenumber-8.12.15.jar

Description:

Google's common Java library for parsing, formatting, storing and validating international phone numbers.    Optimized for running on smartphones.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/googlecode/libphonenumber/libphonenumber/8.12.15/libphonenumber-8.12.15.jar
MD5: dd3c590ac9fb0c650939730bc0a21ce5
SHA1: e76114e789ea8f8401ffceb4b2560c01711aa12c
SHA256:62da7d8e53ff893af13c3df3674a4fbce6383ff72bb8b6264c1d7941552672f5
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

license-report:6.5.0

Description:

creates a short report about project's dependencies (license, url etc)

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/license-report:6.5.0

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

lie:3.3.0

Description:

A basic but performant promise implementation

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/lie:3.3.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/jszip:3.5.0

Identifiers

lines-and-columns:1.2.4

Description:

Maps lines and columns to character offsets and back.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?parse-json:5.2.0/lines-and-columns:^1.1.6

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/parse-json:5.2.0

Identifiers

linkify-it:3.0.3

Description:

Links recognition library with FULL unicode support

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?markdown-it:12.3.2/linkify-it:^3.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/markdown-it:12.3.2

Identifiers

listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar

Description:

    An empty artifact that Guava depends on to signal that it is providing
    ListenableFuture -- but is also available in a second "version" that
    contains com.google.common.util.concurrent.ListenableFuture class, without
    any other Guava classes. The idea is:

    - If users want only ListenableFuture, they depend on listenablefuture-1.0.

    - If users want all of Guava, they depend on guava, which, as of Guava
    27.0, depends on
    listenablefuture-9999.0-empty-to-avoid-conflict-with-guava. The 9999.0-...
    version number is enough for some build systems (notably, Gradle) to select
    that empty artifact over the "real" listenablefuture-1.0 -- avoiding a
    conflict with the copy of ListenableFuture in guava itself. If users are
    using an older version of Guava or a build system other than Gradle, they
    may see class conflicts. If so, they can solve them by manually excluding
    the listenablefuture artifact or manually forcing their build systems to
    use 9999.0-....

File Path: /var/simplicite/.m2/repository/com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar
MD5: d094c22570d65e132c19cea5d352e381
SHA1: b421526c5f297295adef1c886e5246c39d4ac629
SHA256:b372a037d4230aa57fbeffdef30fd6123f9c0c2db85d0aced00c91b974f33f99
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

load-yaml-file:0.2.0

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?which-pm:2.0.0/load-yaml-file:^0.2.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/which-pm:2.0.0

Identifiers

locate-path:3.0.0

Description:

Get the first path that exists on disk of multiple paths

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/locate-path:3.0.0

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

locate-path:5.0.0

Description:

Get the first path that exists on disk of multiple paths

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/locate-path:5.0.0

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

locate-path:6.0.0

Description:

Get the first path that exists on disk of multiple paths

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/locate-path:6.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/find-up:3.0.0
  • simplicite-js:5.1.65/find-up:4.1.0
  • simplicite-js:5.1.65/find-up:5.0.0

Identifiers

lodash.debounce:4.0.8

Description:

The lodash method `_.debounce` exported as a module.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/lodash.debounce:4.0.8

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/helper-define-polyfill-provider:0.4.3

Identifiers

lodash.merge:4.6.2

Description:

The Lodash method `_.merge` exported as a module.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/lodash.merge:4.6.2

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/eslint:8.52.0

Identifiers

lodash.truncate:4.4.2

Description:

The lodash method `_.truncate` exported as a module.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?table:6.8.1/lodash.truncate:^4.4.2

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/table:6.8.1

Identifiers

lodash:4.17.21

Description:

Lodash modular utilities.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?scss-parser:1.0.6/lodash:4.17.21

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65/callsite-record:4.1.5
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/query-ast:1.0.5
  • simplicite-js:5.1.65/@jsdoc/salty:0.2.5
  • simplicite-js:5.1.65/jshint:2.12.0
  • simplicite-js:5.1.65/npm-check:6.0.1
  • simplicite-js:5.1.65/node-emoji:1.11.0
  • simplicite-js:5.1.65/scss-parser:1.0.6
  • simplicite-js:5.1.65/requizzle:0.2.4
  • simplicite-js:5.1.65/inquirer:7.3.3
  • simplicite-js:5.1.65/npm-check-updates:16.14.6
  • simplicite-js:5.1.65/catharsis:0.9.0
  • simplicite-js:5.1.65/depcheck:1.4.3

Identifiers

log-symbols:4.1.0

Description:

Colored symbols for various log levels. Example: `✔︎ Success`

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?ora:5.4.1/log-symbols:^4.1.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65/ora:5.4.1
  • simplicite-js:5.1.65

Identifiers

log4j-core-2.17.2.jar

Description:

The Apache Log4j Implementation

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/logging/log4j/log4j-core/2.17.2/log4j-core-2.17.2.jar
MD5: b35d06ffd3ea52e5ba9efe455108745c
SHA1: fa43ba4467f5300b16d1e0742934149bfc5ac564
SHA256:5adb34ff4197cd16a8d24f63035856a933cb59562a6888dde86e9450fcfef646
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

log4j-slf4j-impl-2.17.2.jar

Description:

The Apache Log4j SLF4J API binding to Log4j 2 Core

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/logging/log4j/log4j-slf4j-impl/2.17.2/log4j-slf4j-impl-2.17.2.jar
MD5: fe52fcd1f4027ab9a12bed89acdbf109
SHA1: 0183f7c95fc981f3e97d008b363341343508848e
SHA256:77912d47190a5d25d583728e048496a92a2cb32308b71d3439931d7719996637
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

loose-envify:1.4.0

Description:

Fast (and loose) selective `process.env` replacer using js-tokens instead of an AST

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/loose-envify:1.4.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/invariant:2.2.4

Identifiers

lower-case:2.0.2

Description:

Transforms the string to lower case

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?no-case:3.0.4/lower-case:^2.0.2

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/no-case:3.0.4

Identifiers

lowercase-keys:2.0.0

Description:

Lowercase the keys of an object

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/lowercase-keys:2.0.0

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

lowercase-keys:3.0.0

Description:

Lowercase the keys of an object

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?responselike:3.0.0/lowercase-keys:^3.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/got:9.6.0
  • simplicite-js:5.1.65/cacheable-request:6.1.0
  • simplicite-js:5.1.65/got:13.0.0
  • simplicite-js:5.1.65/responselike:1.0.2
  • simplicite-js:5.1.65/responselike:3.0.0
  • simplicite-js:5.1.65/got:12.6.1

Identifiers

lru-cache:10.0.0

Description:

A cache object that deletes the least-recently-used items.

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/lru-cache:10.0.0

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

lru-cache:4.1.5

Description:

A cache object that deletes the least-recently-used items.

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/lru-cache:4.1.5

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

lru-cache:5.1.1

Description:

A cache object that deletes the least-recently-used items.

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/lru-cache:5.1.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/helper-compilation-targets:7.22.15
  • simplicite-js:5.1.65/hosted-git-info:5.2.1
  • simplicite-js:5.1.65/cacache:17.1.3
  • simplicite-js:5.1.65/hosted-git-info:6.1.1
  • simplicite-js:5.1.65/path-scurry:1.10.1
  • simplicite-js:5.1.65/@npmcli/git:4.1.0
  • simplicite-js:5.1.65/editorconfig:0.15.3
  • simplicite-js:5.1.65/semver:7.5.4
  • simplicite-js:5.1.65/make-fetch-happen:11.1.1
  • simplicite-js:5.1.65/semver:7.5.3
  • simplicite-js:5.1.65/hosted-git-info:4.1.0

Identifiers

lru-cache:6.0.0

Description:

A cache object that deletes the least-recently-used items.

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/lru-cache:6.0.0

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

lru-cache:7.18.3

Description:

A cache object that deletes the least-recently-used items.

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/lru-cache:7.18.3

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

lucene-core-8.7.0.jar

Description:

Apache Lucene Java Core

File Path: /var/simplicite/.m2/repository/org/apache/lucene/lucene-core/8.7.0/lucene-core-8.7.0.jar
MD5: 3290130c054f5be59c05609ebe0bd171
SHA1: ed64084a1502c2a6a411cbd9826131b81e0bf07f
SHA256:8f2678fa42ffd71e5b54be3badc4e641fb4f54b0c777ef5c7f023114f847e4ef
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

magic-string:0.30.0

Description:

Modify strings, generate sourcemaps

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/magic-string:0.30.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@vue/reactivity-transform:3.3.4
  • simplicite-js:5.1.65/@vue/compiler-sfc:3.3.4

Identifiers

make-dir:2.1.0

Description:

Make a directory and its parents if needed - Think `mkdir -p`

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/make-dir:2.1.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/register:7.22.15
  • simplicite-js:5.1.65/configstore:5.0.1
  • simplicite-js:5.1.65/find-cache-dir:2.1.0
  • simplicite-js:5.1.65/@babel/cli:7.23.0

Identifiers

make-dir:3.1.0

Description:

Make a directory and its parents if needed - Think `mkdir -p`

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/make-dir:3.1.0

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

make-fetch-happen:11.1.1

Description:

Opinionated, caching, retrying fetch client

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?tuf-js:1.1.7/make-fetch-happen:^11.1.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65/sigstore:1.8.0
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/npm-registry-fetch:14.0.5
  • simplicite-js:5.1.65/npm-check-updates:16.14.6
  • simplicite-js:5.1.65/node-gyp:9.4.0
  • simplicite-js:5.1.65/tuf-js:1.1.7

Identifiers

map-obj:1.0.1

Description:

Map object keys and values into a new object

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/map-obj:1.0.1

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

map-obj:4.3.0

Description:

Map object keys and values into a new object

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/map-obj:4.3.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/decamelize-keys:1.1.1
  • simplicite-js:5.1.65/camelcase-keys:6.2.2

Identifiers

markdown-it-anchor:8.6.7

Description:

Header anchors for markdown-it.

License:

Unlicense
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/markdown-it-anchor:8.6.7

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/jsdoc:4.0.2

Identifiers

markdown-it:12.3.2

Description:

Markdown-it - modern pluggable markdown parser.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/markdown-it:12.3.2

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/jsdoc:4.0.2

Identifiers

marked:1.2.7

Description:

A markdown parser built for speed

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?npm-audit-html:1.5.0/marked:^1.2.2

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/npm-audit-html:1.5.0
  • simplicite-js:5.1.65/jsdoc:4.0.2

Identifiers

CVE-2021-21306  

Marked is an open-source markdown parser and compiler (npm package "marked"). In marked from version 1.1.1 and before version 2.0.0, there is a Regular expression Denial of Service vulnerability. This vulnerability can affect anyone who runs user generated code through marked. This vulnerability is fixed in version 2.0.0.
CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

CVE-2022-21680  

Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression `block.def` may cause catastrophic backtracking against some strings and lead to a regular expression denial of service (ReDoS). Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a worker with a time limit may be affected. This issue is patched in version 4.0.10. As a workaround, avoid running untrusted markdown through marked or run marked on a worker thread and set a reasonable time limit to prevent draining resources.
CWE-1333

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

CVE-2022-21681  

Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression `inline.reflinkSearch` may cause catastrophic backtracking against some strings and lead to a denial of service (DoS). Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a worker with a time limit may be affected. This issue is patched in version 4.0.10. As a workaround, avoid running untrusted markdown through marked or run marked on a worker thread and set a reasonable time limit to prevent draining resources.
CWE-1333

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

NPM-1092964  

### Impact

_What kind of vulnerability is it?_

Denial of service.

The regular expression `inline.reflinkSearch` may cause catastrophic backtracking against some strings.
PoC is the following.

```javascript
import * as marked from 'marked';

console.log(marked.parse(`[x]: x

\\[\\](\\[\\](\\[\\](\\[\\](\\[\\](\\[\\](\\[\\](\\[\\](\\[\\](\\[\\](\\[\\](\\[\\](\\[\\](\\[\\](\\[\\](\\[\\](\\[\\](\\[\\](\\[\\](\\[\\](\\[\\](\\[\\](\\[\\](\\[\\](\\[\\](\\[\\](\\[\\](\\[\\](\\[\\](\\[\\](`));
```

_Who is impacted?_

Anyone who runs untrusted markdown through marked and does not use a worker with a time limit.

### Patches

_Has the problem been patched?_

Yes

_What versions should users upgrade to?_

4.0.10

### Workarounds

_Is there a way for users to fix or remediate the vulnerability without upgrading?_

Do not run untrusted markdown through marked or run marked on a [worker](https://marked.js.org/using_advanced#workers) thread and set a reasonable time limit to prevent draining resources.

### References

_Are there any links users can visit to find out more?_

- https://marked.js.org/using_advanced#workers
- https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS

### For more information

If you have any questions or comments about this advisory:

* Open an issue in [marked](https://github.com/markedjs/marked)
Unscored:
  • Severity: high

References:
  • Advisory 1092964: Inefficient Regular Expression Complexity in marked - - https://github.com/markedjs/marked/security/advisories/GHSA-5v2h-r2cx-5xgj - https://nvd.nist.gov/vuln/detail/CVE-2022-21681 - https://github.com/markedjs/marked/commit/8f806573a3f6c6b7a39b8cdb66ab5ebb8d55a5f5 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AIXDMC3CSHYW3YWVSQOXAWLUYQHAO5UX/ - https://github.com/advisories/GHSA-5v2h-r2cx-5xgj

Vulnerable Software & Versions (NPM):

  • cpe:2.3:a:*:marked:\<4.0.10:*:*:*:*:*:*:*

NPM-1092969  

### Impact

_What kind of vulnerability is it?_

Denial of service.

The regular expression `block.def` may cause catastrophic backtracking against some strings.
PoC is the following.

```javascript
import * as marked from "marked";

marked.parse(`[x]:${' '.repeat(1500)}x ${' '.repeat(1500)} x`);
```

_Who is impacted?_

Anyone who runs untrusted markdown through marked and does not use a worker with a time limit.

### Patches

_Has the problem been patched?_

Yes

_What versions should users upgrade to?_

4.0.10

### Workarounds

_Is there a way for users to fix or remediate the vulnerability without upgrading?_

Do not run untrusted markdown through marked or run marked on a [worker](https://marked.js.org/using_advanced#workers) thread and set a reasonable time limit to prevent draining resources.

### References

_Are there any links users can visit to find out more?_

- https://marked.js.org/using_advanced#workers
- https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS

### For more information

If you have any questions or comments about this advisory:

* Open an issue in [marked](https://github.com/markedjs/marked)
Unscored:
  • Severity: high

References:
  • Advisory 1092969: Inefficient Regular Expression Complexity in marked - - https://github.com/markedjs/marked/security/advisories/GHSA-rrrm-qjm4-v8hf - https://nvd.nist.gov/vuln/detail/CVE-2022-21680 - https://github.com/markedjs/marked/commit/c4a3ccd344b6929afa8a1d50ac54a721e57012c0 - https://github.com/markedjs/marked/releases/tag/v4.0.10 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AIXDMC3CSHYW3YWVSQOXAWLUYQHAO5UX/ - https://github.com/advisories/GHSA-rrrm-qjm4-v8hf

Vulnerable Software & Versions (NPM):

  • cpe:2.3:a:*:marked:\<4.0.10:*:*:*:*:*:*:*

NPM-1090022  

### Impact
_What kind of vulnerability is it? Who is impacted?_

[Regular expression Denial of Service](https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS)

A Denial of Service attack can affect anyone who runs user generated code through `marked`.

### Patches
_Has the problem been patched? What versions should users upgrade to?_

patched in v2.0.0

### Workarounds
_Is there a way for users to fix or remediate the vulnerability without upgrading?_

None.

### References
_Are there any links users can visit to find out more?_

https://github.com/markedjs/marked/issues/1927
https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS

### For more information
If you have any questions or comments about this advisory:
* Open an issue in [marked](https://github.com/markedjs/marked/issues)
Unscored:
  • Severity: moderate

References:
  • Advisory 1090022: Regular Expression Denial of Service (REDoS) in Marked - - https://github.com/markedjs/marked/security/advisories/GHSA-4r62-v4vq-hr96 - https://github.com/markedjs/marked/issues/1927 - https://github.com/markedjs/marked/pull/1864 - https://github.com/markedjs/marked/commit/7293251c438e3ee968970f7609f1a27f9007bccd - https://www.npmjs.com/package/marked - https://nvd.nist.gov/vuln/detail/CVE-2021-21306 - https://github.com/advisories/GHSA-4r62-v4vq-hr96

Vulnerable Software & Versions (NPM):

  • cpe:2.3:a:*:marked:\>\=1.1.1\<2.0.0:*:*:*:*:*:*:*

marked:4.3.0

Description:

A markdown parser built for speed

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/marked:4.3.0

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

mathml-tag-names:2.1.3

Description:

List of known MathML tag-names

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?stylelint:14.16.1/mathml-tag-names:^2.1.3

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/stylelint:14.16.1

Identifiers

mbassador-1.3.2.jar

Description:

        Mbassador is a fast and flexible event bus system following the publish subscribe pattern.
        It is designed for ease of use and aims to be feature rich and extensible while preserving resource efficiency
        and performance.
        It provides non-blocking iterators and minimal write contention with low memory footprint.

        Some features:
        declarative handler definition via annotations,
        sync and/or async event delivery,
        weak or strong references,
        configurable event filters,

License:

MIT license: http://www.opensource.org/licenses/mit-license.php
File Path: /var/simplicite/.m2/repository/net/engio/mbassador/1.3.2/mbassador-1.3.2.jar
MD5: 6844d9220e623fa491776e38a61f29a2
SHA1: 4ebb2c5f853bf8a5f87147b186a9758d2e2ec0af
SHA256:469e2e9c68271eadaff12483bbb1abc640ea9973af7fa0519250e04f503aca67
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

mchange-commons-java-0.2.19.jar

Description:

mchange-commons-java

License:

GNU Lesser General Public License, Version 2.1: http://www.gnu.org/licenses/lgpl-2.1.html
Eclipse Public License, Version 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: /var/simplicite/.m2/repository/com/mchange/mchange-commons-java/0.2.19/mchange-commons-java-0.2.19.jar
MD5: 795d7e75026388f4d90aa9719666e5db
SHA1: 7a4bee38ea02bd7dee776869b19fb3f6861d6acf
SHA256:03761838ba2a7c9cce56ba84781633f107c8befb4e3607b336ee3010f915165d
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

mdurl:1.0.1

Description:

URL utilities for markdown-it

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/mdurl:1.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/markdown-it:12.3.2

Identifiers

meow:9.0.0

Description:

CLI app helper

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?stylelint:14.16.1/meow:^9.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/npm-check:6.0.1
  • simplicite-js:5.1.65/stylelint:14.16.1

Identifiers

merge-stream:2.0.0

Description:

Create a stream that emits events from multiple other streams

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/merge-stream:2.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/execa:5.1.1

Identifiers

merge2:1.4.1

Description:

Merge multiple streams into one stream in sequence or parallel.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/merge2:1.4.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/globby:11.1.0
  • simplicite-js:5.1.65/fast-glob:3.3.0

Identifiers

metadata-extractor-2.11.0.jar

Description:

Java library for extracting EXIF, IPTC, XMP, ICC and other metadata from image files.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/drewnoakes/metadata-extractor/2.11.0/metadata-extractor-2.11.0.jar
MD5: e95f394e786c0c7f22e61bff2e54ff8d
SHA1: 5f11883f6d06a16ca5fb8a9edf7c6c1237a92da0
SHA256:f5ec56c6b01afbfd7019e2da73bdec5d22c60d620c0e8043e6a85adb554d0df7
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

CVE-2019-14262 (OSSINDEX)  

MetadataExtractor 2.1.0 allows stack consumption.
CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:com.drewnoakes:metadata-extractor:2.11.0:*:*:*:*:*:*:*

CVE-2022-24613  

metadata-extractor up to 2.16.0 can throw various uncaught exceptions while parsing a specially crafted JPEG file, which could result in an application crash. This could be used to mount a denial of service attack against services that use metadata-extractor library.
CWE-755 Improper Handling of Exceptional Conditions

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

CVE-2022-24614  

When reading a specially crafted JPEG file, metadata-extractor up to 2.16.0 can be made to allocate large amounts of memory that finally leads to an out-of-memory error even for very small inputs. This could be used to mount a denial of service attack against services that use metadata-extractor library.
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

micromatch:4.0.5

Description:

Glob matching for javascript/node.js. A replacement and faster alternative to minimatch and multimatch.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?stylelint:14.16.1/micromatch:^4.0.5

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/find-yarn-workspace-root2:1.2.16
  • simplicite-js:5.1.65/stylelint:14.16.1
  • simplicite-js:5.1.65/fast-glob:3.3.0

Identifiers

migbase64-2.2.jar

Description:

MiGBase64 is a very fast and small Base64 Codec written in Java

License:

Prior BSD License: http://en.wikipedia.org/wiki/BSD_licenses
File Path: /var/simplicite/.m2/repository/com/brsanthu/migbase64/2.2/migbase64-2.2.jar
MD5: da3ef3a9a9fa358ed789b37a3c780727
SHA1: bcc14967d516e93c527897a6c531ba76b5751faa
SHA256:07224584b6227efbb815e96e3153945786e2a6b1a934620b6130331c2351c129
Referenced In Project/Scope:Simplicite Platform:provided

Identifiers

mimepull-1.9.3.jar

Description:

        Provides a streaming API to access attachments parts in a MIME message.

License:

CDDL 1.1: https://glassfish.java.net/public/CDDL+GPL_1_1.html
GPL2 w/ CPE: https://glassfish.java.net/public/CDDL+GPL_1_1.html
File Path: /var/simplicite/.m2/repository/org/jvnet/mimepull/mimepull/1.9.3/mimepull-1.9.3.jar
MD5: a3ee04c11e1c613128f07d5f819196ca
SHA1: c55096ff89a27e22c2e081371d0570ac19cc6788
SHA256:072eb5692f180ed0685705fb31c900eca0986b4523c23eefc0779e87d79eea35
Referenced In Project/Scope:Simplicite Platform:provided

Identifiers

mimic-fn:2.1.0

Description:

Make a function mimic another one

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?onetime:5.1.2/mimic-fn:^2.1.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/onetime:5.1.2

Identifiers

mimic-response:1.0.1

Description:

Mimic a Node.js HTTP response stream

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/mimic-response:1.0.1

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

mimic-response:3.1.0

Description:

Mimic a Node.js HTTP response stream

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/mimic-response:3.1.0

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

mimic-response:4.0.0

Description:

Mimic a Node.js HTTP response stream

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/mimic-response:4.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/cacheable-request:10.2.12
  • simplicite-js:5.1.65/clone-response:1.0.3
  • simplicite-js:5.1.65/got:9.6.0
  • simplicite-js:5.1.65/decompress-response:3.3.0
  • simplicite-js:5.1.65/decompress-response:6.0.0

Identifiers

min-indent:1.0.1

Description:

Get the shortest leading whitespace from lines in a string

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?strip-indent:3.0.0/min-indent:^1.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/strip-indent:3.0.0

Identifiers

minimatch:3.1.2

Description:

a glob matcher in javascript

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?npm-check:6.0.1/minimatch:^3.0.2

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/glob:7.2.3
  • simplicite-js:5.1.65/@humanwhocodes/config-array:0.11.13
  • simplicite-js:5.1.65/@eslint/eslintrc:2.1.2
  • simplicite-js:5.1.65/jshint:2.12.0
  • simplicite-js:5.1.65/glob:10.3.10
  • simplicite-js:5.1.65/npm-check:6.0.1
  • simplicite-js:5.1.65/multimatch:5.0.0
  • simplicite-js:5.1.65/@tufjs/models:1.0.4
  • simplicite-js:5.1.65/glob:10.3.3
  • simplicite-js:5.1.65/eslint:8.52.0
  • simplicite-js:5.1.65/npm-check-updates:16.14.6
  • simplicite-js:5.1.65/depcheck:1.4.3
  • simplicite-js:5.1.65/ignore-walk:6.0.3

Identifiers

minimatch:9.0.3

Description:

a glob matcher in javascript

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/minimatch:9.0.3

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

minimist-options:4.1.0

Description:

Pretty options for minimist

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/minimist-options:4.1.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/meow:9.0.0

Identifiers

minimist:1.2.8

Description:

parse argument options

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?split-text-to-chunks:1.0.0/minimist:^1.2.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/rc:1.2.8
  • simplicite-js:5.1.65/handlebars:4.7.7
  • simplicite-js:5.1.65/split-text-to-chunks:1.0.0

Identifiers

minipass-collect:1.0.2

Description:

A Minipass stream that collects all the data into a single chunk

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/minipass-collect:1.0.2

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/cacache:17.1.3

Identifiers

minipass-fetch:3.0.3

Description:

An implementation of window.fetch in Node.js using Minipass streams

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?npm-registry-fetch:14.0.5/minipass-fetch:^3.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/make-fetch-happen:11.1.1
  • simplicite-js:5.1.65/npm-registry-fetch:14.0.5

Identifiers

minipass-flush:1.0.5

Description:

A Minipass stream that calls a flush function before emitting 'end'

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/minipass-flush:1.0.5

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/cacache:17.1.3
  • simplicite-js:5.1.65/make-fetch-happen:11.1.1

Identifiers

minipass-json-stream:1.0.1

Description:

Like JSONStream, but using Minipass streams

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?npm-registry-fetch:14.0.5/minipass-json-stream:^1.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/npm-registry-fetch:14.0.5

Identifiers

minipass-pipeline:1.2.4

Description:

create a pipeline of streams using Minipass

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/minipass-pipeline:1.2.4

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/cacache:17.1.3
  • simplicite-js:5.1.65/make-fetch-happen:11.1.1

Identifiers

minipass-sized:1.0.3

Description:

A Minipass stream that raises an error if you get a different number of bytes than expected

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/minipass-sized:1.0.3

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/minipass-fetch:3.0.3

Identifiers

minipass:3.3.6

Description:

minimal implementation of a PassThrough stream

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/minipass:3.3.6

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

minipass:5.0.0

Description:

minimal implementation of a PassThrough stream

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?tar:6.1.15/minipass:^5.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/pacote:15.2.0
  • simplicite-js:5.1.65/minipass-flush:1.0.5
  • simplicite-js:5.1.65/glob:10.3.10
  • simplicite-js:5.1.65/cacache:17.1.3
  • simplicite-js:5.1.65/minipass-pipeline:1.2.4
  • simplicite-js:5.1.65/minipass-collect:1.0.2
  • simplicite-js:5.1.65/fs-minipass:3.0.2
  • simplicite-js:5.1.65/glob:10.3.3
  • simplicite-js:5.1.65/tar:6.1.15
  • simplicite-js:5.1.65/minipass-fetch:3.0.3
  • simplicite-js:5.1.65/minipass-json-stream:1.0.1
  • simplicite-js:5.1.65/path-scurry:1.10.1
  • simplicite-js:5.1.65/make-fetch-happen:11.1.1
  • simplicite-js:5.1.65/npm-registry-fetch:14.0.5
  • simplicite-js:5.1.65/minizlib:2.1.2
  • simplicite-js:5.1.65/fs-minipass:2.1.0
  • simplicite-js:5.1.65/ssri:10.0.4
  • simplicite-js:5.1.65/minipass-sized:1.0.3

Identifiers

minipass:6.0.2

Description:

minimal implementation of a PassThrough stream

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/minipass:6.0.2

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

minizlib:2.1.2

Description:

A small fast zlib stream built on [minipass](http://npm.im/minipass) and Node.js's zlib binding.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?tar:6.1.15/minizlib:^2.1.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65/tar:6.1.15
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/minipass-fetch:3.0.3
  • simplicite-js:5.1.65/npm-registry-fetch:14.0.5

Identifiers

mkdirp:1.0.4

Description:

Recursively mkdir, like `mkdir -p`

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?tar:6.1.15/mkdirp:^1.0.3

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65/tar:6.1.15
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/jsdoc:4.0.2

Identifiers

moment:2.29.1

Description:

Parse, validate, manipulate, and display dates

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?npm-audit-html:1.5.0/moment:^2.29.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/chart.js:2.9.4
  • simplicite-js:5.1.65/npm-audit-html:1.5.0

Identifiers

CVE-2022-24785  

Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm (server) users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale. This problem is patched in 2.29.2, and the patch can be applied to all affected versions. As a workaround, sanitize the user-provided locale name before passing it to Moment.js.
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), CWE-27 Path Traversal: 'dir/../../filename'

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2022-31129  

moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment (more specifically rfc2822 parsing, which is tried by default) has quadratic (N^2) complexity on specific inputs. Users may notice a noticeable slowdown is observed with inputs above 10k characters. Users who pass user-provided strings without sanity length checks to moment constructor are vulnerable to (Re)DoS attacks. The problem is patched in 2.29.4, the patch can be applied to all affected versions with minimal tweaking. Users are advised to upgrade. Users unable to upgrade should consider limiting date lengths accepted from user input.
CWE-1333

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

NPM-1091430  

### Impact
This vulnerability impacts npm (server) users of moment.js, especially if user provided locale string, eg `fr` is directly used to switch moment locale.

### Patches
This problem is patched in 2.29.2, and the patch can be applied to all affected versions (from 1.0.1 up until 2.29.1, inclusive).

### Workarounds
Sanitize user-provided locale name before passing it to moment.js.

### References
_Are there any links users can visit to find out more?_

### For more information
If you have any questions or comments about this advisory:
* Open an issue in [moment repo](https://github.com/moment/moment)
Unscored:
  • Severity: high

References:
  • Advisory 1091430: Path Traversal: 'dir/../../filename' in moment.locale - - https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4 - https://nvd.nist.gov/vuln/detail/CVE-2022-24785 - https://github.com/moment/moment/commit/4211bfc8f15746be4019bba557e29a7ba83d54c5 - https://www.tenable.com/security/tns-2022-09 - https://security.netapp.com/advisory/ntap-20220513-0006/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QIO6YNLTK2T7SPKDS4JEL45FANLNC2Q/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ORJX2LF6KMPIHP6B2P6KZIVKMLE3LVJ5/ - https://lists.debian.org/debian-lts-announce/2023/01/msg00035.html - https://github.com/advisories/GHSA-8hfj-j24r-96c4

Vulnerable Software & Versions (NPM):

  • cpe:2.3:a:*:moment:\<2.29.2:*:*:*:*:*:*:*

NPM-1091441  

### Impact

* using string-to-date parsing in moment (more specifically rfc2822 parsing, which is tried by default) has quadratic (N^2) complexity on specific inputs
* noticeable slowdown is observed with inputs above 10k characters
* users who pass user-provided strings without sanity length checks to moment constructor are vulnerable to (Re)DoS attacks

### Patches
The problem is patched in 2.29.4, the patch can be applied to all affected versions with minimal tweaking.

### Workarounds
In general, given the proliferation of ReDoS attacks, it makes sense to limit the length of the user input to something sane, like 200 characters or less. I haven't seen legitimate cases of date-time strings longer than that, so all moment users who do pass a user-originating string to constructor are encouraged to apply such a rudimentary filter, that would help with this but also most future ReDoS vulnerabilities.

### References
There is an excellent writeup of the issue here: https://github.com/moment/moment/pull/6015#issuecomment-1152961973=

### Details
The issue is rooted in the code that removes legacy comments (stuff inside parenthesis) from strings during rfc2822 parsing. `moment("(".repeat(500000))` will take a few minutes to process, which is unacceptable.
Unscored:
  • Severity: high

References:
  • Advisory 1091441: Moment.js vulnerable to Inefficient Regular Expression Complexity - - https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g - https://github.com/moment/moment/pull/6015#issuecomment-1152961973 - https://github.com/moment/moment/commit/9a3b5894f3d5d602948ac8a02e4ee528a49ca3a3 - https://nvd.nist.gov/vuln/detail/CVE-2022-31129 - https://huntr.dev/bounties/f0952b67-f2ff-44a9-a9cd-99e0a87cb633/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QIO6YNLTK2T7SPKDS4JEL45FANLNC2Q/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ORJX2LF6KMPIHP6B2P6KZIVKMLE3LVJ5/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IWY24RJA3SBJGA5N4CU4VBPHJPPPJL5O/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZMX5YHELQVCGKKQVFXIYOTBMN23YYSRO/ - https://security.netapp.com/advisory/ntap-20221014-0003/ - https://lists.debian.org/debian-lts-announce/2023/01/msg00035.html - https://github.com/moment/moment/pull/6015/commits/4bbb9f3ccbe231de40207503f344fe5ce97584f4 - https://github.com/moment/moment/pull/6015/commits/bfd4f2375d5c1a2106246721d693a9611dddfbfe - https://github.com/moment/moment/pull/6015/commits/dc0d180e90d8a84f7ff13572363330a22b3ea504 - https://github.com/advisories/GHSA-wc69-rhjr-hc9g

Vulnerable Software & Versions (NPM):

  • cpe:2.3:a:*:moment:\>\=2.18.0\<2.29.4:*:*:*:*:*:*:*

mongodb-driver-core-3.12.7.jar

Description:

The Java operations layer for the MongoDB Java Driver.
 Third parties can wrap this layer to provide custom higher-level APIs

License:

The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/mongodb/mongodb-driver-core/3.12.7/mongodb-driver-core-3.12.7.jar
MD5: c07b286cb8781b62af5149a6079b1d92
SHA1: 39b02f8bef73a24ebcc4b50f17f884bfc71ea5a5
SHA256:81d16c9db2f97a9ba632639285c20e0f130a3895918a6e98640633f0f4c7b9fa
Referenced In Project/Scope:Simplicite Platform:runtime

Identifiers

CVE-2021-20328  

Specific versions of the Java driver that support client-side field level encryption (CSFLE) fail to perform correct host name verification on the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffic between the Java driver and the KMS service rendering Field Level Encryption ineffective. This issue was discovered during internal testing and affects all versions of the Java driver that support CSFLE. The Java async, Scala, and reactive streams drivers are not impacted. This vulnerability does not impact driver traffic payloads with CSFLE-supported key services originating from applications residing inside the AWS, GCP, and Azure network fabrics due to compensating controls in these environments. This issue does not impact driver workloads that don’t use Field Level Encryption.
CWE-295 Improper Certificate Validation

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:A/AC:M/Au:N/C:P/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.8)
  • Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

References:

Vulnerable Software & Versions: (show all)

ms:2.1.2

Description:

Tiny millisecond conversion utility

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/ms:2.1.2

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/humanize-ms:1.2.1
  • simplicite-js:5.1.65/debug:4.3.4

Identifiers

mssql-jdbc-11.2.2.jre8.jar

Description:

		Microsoft JDBC Driver for SQL Server.

License:

MIT License: http://www.opensource.org/licenses/mit-license.php
File Path: /var/simplicite/.m2/repository/com/microsoft/sqlserver/mssql-jdbc/11.2.2.jre8/mssql-jdbc-11.2.2.jre8.jar
MD5: 80b508cfcfe65ce081519cc6b1cce203
SHA1: 12579bb0d4821188f053f71cfb828d7df58bf41d
SHA256:386b3d085429e52b4260009d3225c9731cb634bc11f8f325cca3ae7b46278572
Referenced In Project/Scope:Simplicite Platform:runtime

Identifiers

multimatch:5.0.0

Description:

Extends `minimatch.match()` with support for multiple patterns

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/multimatch:5.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/depcheck:1.4.3

Identifiers

mustache:4.1.0

Description:

Logic-less {{mustache}} templates with JavaScript

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/mustache:4.1.0

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

mute-stream:0.0.8

Description:

Bytes go in, but they don't come out (when muted).

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/mute-stream:0.0.8

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/inquirer:7.3.3

Identifiers

mysql-connector-j-8.0.31.jar

Description:

JDBC Type 4 driver for MySQL.

License:

The GNU General Public License, v2 with Universal FOSS Exception, v1.0
File Path: /var/simplicite/.m2/repository/com/mysql/mysql-connector-j/8.0.31/mysql-connector-j-8.0.31.jar
MD5: 15a3a312bda04a4463a118ce8b460c82
SHA1: 3fd5850719d7e82d50705d34cc6a0037fab5731f
SHA256:5249e3dc6d6531b37790e3f61845b96db5e41e891d3d8edb0e2e3a1b53ca2f4f
Referenced In Project/Scope:Simplicite Platform:runtime

Identifiers

nanoid:3.3.6

Description:

A tiny (116 bytes), secure URL-friendly unique string ID generator

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?postcss:8.4.24/nanoid:^3.3.6

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65/postcss:8.4.24
  • simplicite-js:5.1.65

Identifiers

natural-compare:1.4.0

Description:

Compare strings containing a mix of letters and numbers in the way a human being would in sort order.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/natural-compare:1.4.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/eslint:8.52.0

Identifiers

negotiator:0.6.3

Description:

HTTP content negotiation

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/negotiator:0.6.3

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/make-fetch-happen:11.1.1

Identifiers

neo-async:2.6.2

Description:

Neo-Async is a drop-in replacement for Async, it almost fully covers its functionality and runs faster

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/neo-async:2.6.2

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/handlebars:4.7.7

Identifiers

netcdf4-4.5.5.jar

File Path: /var/simplicite/.m2/repository/edu/ucar/netcdf4/4.5.5/netcdf4-4.5.5.jar
MD5: 5f14df469295650fd65748a003c9ba56
SHA1: 0675d63ecc857c50dd50858011b670160aa30b62
SHA256:131e3983dcf001677be069a7471797a4a9ad2c9783e88db56e32506cf1039635
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

netty-codec-4.1.49.Final.jar

Description:

Netty is an asynchronous event-driven network application framework for    rapid development of maintainable high performance protocol servers and    clients.

License:

http://www.apache.org/licenses/LICENSE-2.0
File Path: /var/simplicite/.m2/repository/io/netty/netty-codec/4.1.49.Final/netty-codec-4.1.49.Final.jar
MD5: d93ec0a7903c28b2b4c74eda0912aa41
SHA1: 20218de83c906348283f548c255650fd06030424
SHA256:670c1f09d43b6e881437296ce6e8fa7f8dcb1eaef78b2144d61234d6515b47af
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

CVE-2021-37136  

The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack
CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2021-37137  

The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well. This vulnerability can be triggered by supplying malicious input that decompresses to a very big size (via a network stream or a file) or by sending a huge skippable chunk.
CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2022-41881  

Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version 4.1.86.Final. There is no workaround, except using a custom HaProxyMessageDecoder.
CWE-674 Uncontrolled Recursion

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

CVE-2023-44487  

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2023-4586  

A vulnerability was found in the Hot Rod client. This security issue occurs as the Hot Rod client does not enable hostname validation when using TLS, possibly resulting in a man-in-the-middle (MITM) attack.
CWE-295 Improper Certificate Validation

CVSSv3:
  • Base Score: HIGH (7.4)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2021-43797  

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Netty prior to version 4.1.71.Final skips control chars when they are present at the beginning / end of the header name. It should instead fail fast as these are not allowed by the spec and could lead to HTTP request smuggling. Failing to do the validation might cause netty to "sanitize" header names before it forward these to another remote system when used as proxy. This remote system can't see the invalid usage anymore, and therefore does not do the validation itself. Users should upgrade to version 4.1.71.Final.
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2022-41915 (OSSINDEX)  

Netty project is an event-driven asynchronous network application framework. Starting in version 4.1.83.Final and prior to 4.1.86.Final, when calling `DefaultHttpHeadesr.set` with an _iterator_ of values, header value validation was not performed, allowing malicious header values in the iterator to perform HTTP Response Splitting. This issue has been patched in version 4.1.86.Final. Integrators can work around the issue by changing the `DefaultHttpHeaders.set(CharSequence, Iterator<?>)` call, into a `remove()` call, and call `add()` in a loop over the iterator of values.

Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2022-41915 for details
CWE-113 Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')

CVSSv2:
  • Base Score: MEDIUM (6.5)
  • Vector: /AV:N/AC:L/Au:/C:L/I:L/A:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:io.netty:netty-codec:4.1.49.Final:*:*:*:*:*:*:*

CVE-2023-34462  

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `SniHandler` can allocate up to 16MB of heap for each channel during the TLS handshake. When the handler or the channel does not have an idle timeout, it can be used to make a TCP server using the `SniHandler` to allocate 16MB of heap. The `SniHandler` class is a handler that waits for the TLS handshake to configure a `SslHandler` according to the indicated server name by the `ClientHello` record. For this matter it allocates a `ByteBuf` using the value defined in the `ClientHello` record. Normally the value of the packet should be smaller than the handshake packet but there are not checks done here and the way the code is written, it is possible to craft a packet that makes the `SslClientHelloHandler`. This vulnerability has been fixed in version 4.1.94.Final.
CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

CVE-2021-21295  

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.60.Final there is a vulnerability that enables request smuggling. If a Content-Length header is present in the original HTTP/2 request, the field is not validated by `Http2MultiplexHandler` as it is propagated up. This is fine as long as the request is not proxied through as HTTP/1.1. If the request comes in as an HTTP/2 stream, gets converted into the HTTP/1.1 domain objects (`HttpRequest`, `HttpContent`, etc.) via `Http2StreamFrameToHttpObjectCodec `and then sent up to the child channel's pipeline and proxied through a remote peer as HTTP/1.1 this may result in request smuggling. In a proxy case, users may assume the content-length is validated somehow, which is not the case. If the request is forwarded to a backend channel that is a HTTP/1.1 connection, the Content-Length now has meaning and needs to be checked. An attacker can smuggle requests inside the body as it gets downgraded from HTTP/2 to HTTP/1.1. For an example attack refer to the linked GitHub Advisory. Users are only affected if all of this is true: `HTTP2MultiplexCodec` or `Http2FrameCodec` is used, `Http2StreamFrameToHttpObjectCodec` is used to convert to HTTP/1.1 objects, and these HTTP/1.1 objects are forwarded to another remote peer. This has been patched in 4.1.60.Final As a workaround, the user can do the validation by themselves by implementing a custom `ChannelInboundHandler` that is put in the `ChannelPipeline` behind `Http2StreamFrameToHttpObjectCodec`.
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

CVSSv2:
  • Base Score: LOW (2.6)
  • Vector: /AV:N/AC:H/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (5.9)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2021-21409  

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.61.Final there is a vulnerability that enables request smuggling. The content-length header is not correctly validated if the request only uses a single Http2HeaderFrame with the endStream set to to true. This could lead to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. This is a followup of GHSA-wm47-8v5p-wjpj/CVE-2021-21295 which did miss to fix this one case. This was fixed as part of 4.1.61.Final.
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (5.9)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2021-21290  

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty before version 4.1.59.Final there is a vulnerability on Unix-like systems involving an insecure temp file. When netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure. Of note, this does not impact modern MacOS Operating Systems. The method "File.createTempFile" on unix-like systems creates a random file, but, by default will create this file with the permissions "-rw-r--r--". Thus, if sensitive information is written to this file, other local users can read this information. This is the case in netty's "AbstractDiskHttpData" is vulnerable. This has been fixed in version 4.1.59.Final. As a workaround, one may specify your own "java.io.tmpdir" when you start the JVM or use "DefaultHttpDataFactory.setBaseDir(...)" to set the directory to something that is only readable by the current user.
CWE-378 Creation of Temporary File With Insecure Permissions, CWE-379 Creation of Temporary File in Directory with Incorrect Permissions

CVSSv2:
  • Base Score: LOW (1.9)
  • Vector: /AV:L/AC:M/Au:N/C:P/I:N/A:N
CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2022-24823  

Netty is an open-source, asynchronous event-driven network application framework. The package `io.netty:netty-codec-http` prior to version 4.1.77.Final contains an insufficient fix for CVE-2021-21290. When Netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. This only impacts applications running on Java version 6 and lower. Additionally, this vulnerability impacts code running on Unix-like systems, and very old versions of Mac OSX and Windows as they all share the system temporary directory between all users. Version 4.1.77.Final contains a patch for this vulnerability. As a workaround, specify one's own `java.io.tmpdir` when starting the JVM or use DefaultHttpDataFactory.setBaseDir(...) to set the directory to something that is only readable by the current user.
CWE-378 Creation of Temporary File With Insecure Permissions, CWE-379 Creation of Temporary File in Directory with Incorrect Permissions, CWE-668 Exposure of Resource to Wrong Sphere

CVSSv2:
  • Base Score: LOW (1.9)
  • Vector: /AV:L/AC:M/Au:N/C:P/I:N/A:N
CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

netty-codec-mqtt-4.1.49.Final.jar

Description:

Netty is an asynchronous event-driven network application framework for    rapid development of maintainable high performance protocol servers and    clients.

License:

http://www.apache.org/licenses/LICENSE-2.0
File Path: /var/simplicite/.m2/repository/io/netty/netty-codec-mqtt/4.1.49.Final/netty-codec-mqtt-4.1.49.Final.jar
MD5: 14e4d0ff5219c11a43001f55712d0735
SHA1: 5a71467b1a92cc3a7a6e8dd12dc69af33089a067
SHA256:b2f7bf31bececabdfdf65418831c358f4be61ce185e1b044bb274c0bf99e61a9
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

CVE-2021-37136  

The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack
CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2021-37137  

The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well. This vulnerability can be triggered by supplying malicious input that decompresses to a very big size (via a network stream or a file) or by sending a huge skippable chunk.
CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2022-41881  

Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version 4.1.86.Final. There is no workaround, except using a custom HaProxyMessageDecoder.
CWE-674 Uncontrolled Recursion

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

CVE-2023-44487  

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2023-4586  

A vulnerability was found in the Hot Rod client. This security issue occurs as the Hot Rod client does not enable hostname validation when using TLS, possibly resulting in a man-in-the-middle (MITM) attack.
CWE-295 Improper Certificate Validation

CVSSv3:
  • Base Score: HIGH (7.4)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2021-43797  

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Netty prior to version 4.1.71.Final skips control chars when they are present at the beginning / end of the header name. It should instead fail fast as these are not allowed by the spec and could lead to HTTP request smuggling. Failing to do the validation might cause netty to "sanitize" header names before it forward these to another remote system when used as proxy. This remote system can't see the invalid usage anymore, and therefore does not do the validation itself. Users should upgrade to version 4.1.71.Final.
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2023-34462  

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `SniHandler` can allocate up to 16MB of heap for each channel during the TLS handshake. When the handler or the channel does not have an idle timeout, it can be used to make a TCP server using the `SniHandler` to allocate 16MB of heap. The `SniHandler` class is a handler that waits for the TLS handshake to configure a `SslHandler` according to the indicated server name by the `ClientHello` record. For this matter it allocates a `ByteBuf` using the value defined in the `ClientHello` record. Normally the value of the packet should be smaller than the handshake packet but there are not checks done here and the way the code is written, it is possible to craft a packet that makes the `SslClientHelloHandler`. This vulnerability has been fixed in version 4.1.94.Final.
CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

CVE-2021-21295  

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.60.Final there is a vulnerability that enables request smuggling. If a Content-Length header is present in the original HTTP/2 request, the field is not validated by `Http2MultiplexHandler` as it is propagated up. This is fine as long as the request is not proxied through as HTTP/1.1. If the request comes in as an HTTP/2 stream, gets converted into the HTTP/1.1 domain objects (`HttpRequest`, `HttpContent`, etc.) via `Http2StreamFrameToHttpObjectCodec `and then sent up to the child channel's pipeline and proxied through a remote peer as HTTP/1.1 this may result in request smuggling. In a proxy case, users may assume the content-length is validated somehow, which is not the case. If the request is forwarded to a backend channel that is a HTTP/1.1 connection, the Content-Length now has meaning and needs to be checked. An attacker can smuggle requests inside the body as it gets downgraded from HTTP/2 to HTTP/1.1. For an example attack refer to the linked GitHub Advisory. Users are only affected if all of this is true: `HTTP2MultiplexCodec` or `Http2FrameCodec` is used, `Http2StreamFrameToHttpObjectCodec` is used to convert to HTTP/1.1 objects, and these HTTP/1.1 objects are forwarded to another remote peer. This has been patched in 4.1.60.Final As a workaround, the user can do the validation by themselves by implementing a custom `ChannelInboundHandler` that is put in the `ChannelPipeline` behind `Http2StreamFrameToHttpObjectCodec`.
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

CVSSv2:
  • Base Score: LOW (2.6)
  • Vector: /AV:N/AC:H/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (5.9)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2021-21409  

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.61.Final there is a vulnerability that enables request smuggling. The content-length header is not correctly validated if the request only uses a single Http2HeaderFrame with the endStream set to to true. This could lead to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. This is a followup of GHSA-wm47-8v5p-wjpj/CVE-2021-21295 which did miss to fix this one case. This was fixed as part of 4.1.61.Final.
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (5.9)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2021-21290  

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty before version 4.1.59.Final there is a vulnerability on Unix-like systems involving an insecure temp file. When netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure. Of note, this does not impact modern MacOS Operating Systems. The method "File.createTempFile" on unix-like systems creates a random file, but, by default will create this file with the permissions "-rw-r--r--". Thus, if sensitive information is written to this file, other local users can read this information. This is the case in netty's "AbstractDiskHttpData" is vulnerable. This has been fixed in version 4.1.59.Final. As a workaround, one may specify your own "java.io.tmpdir" when you start the JVM or use "DefaultHttpDataFactory.setBaseDir(...)" to set the directory to something that is only readable by the current user.
CWE-378 Creation of Temporary File With Insecure Permissions, CWE-379 Creation of Temporary File in Directory with Incorrect Permissions

CVSSv2:
  • Base Score: LOW (1.9)
  • Vector: /AV:L/AC:M/Au:N/C:P/I:N/A:N
CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2022-24823  

Netty is an open-source, asynchronous event-driven network application framework. The package `io.netty:netty-codec-http` prior to version 4.1.77.Final contains an insufficient fix for CVE-2021-21290. When Netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. This only impacts applications running on Java version 6 and lower. Additionally, this vulnerability impacts code running on Unix-like systems, and very old versions of Mac OSX and Windows as they all share the system temporary directory between all users. Version 4.1.77.Final contains a patch for this vulnerability. As a workaround, specify one's own `java.io.tmpdir` when starting the JVM or use DefaultHttpDataFactory.setBaseDir(...) to set the directory to something that is only readable by the current user.
CWE-378 Creation of Temporary File With Insecure Permissions, CWE-379 Creation of Temporary File in Directory with Incorrect Permissions, CWE-668 Exposure of Resource to Wrong Sphere

CVSSv2:
  • Base Score: LOW (1.9)
  • Vector: /AV:L/AC:M/Au:N/C:P/I:N/A:N
CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

netty-common-4.1.49.Final.jar (shaded: org.jctools:jctools-core:3.0.0)

Description:

Java Concurrency Tools Core Library

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/io/netty/netty-common/4.1.49.Final/netty-common-4.1.49.Final.jar/META-INF/maven/org.jctools/jctools-core/pom.xml
MD5: 095b6221b2a65322d08458d37fa574d2
SHA1: ad6ba95498dc140e8d8c7b4c1348f73be69205c9
SHA256:87c10bb67da5c9894623829c24d8290edcd429979ebe568d97009ee3eca9d6c1
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

netty-transport-4.1.49.Final.jar

Description:

Netty is an asynchronous event-driven network application framework for    rapid development of maintainable high performance protocol servers and    clients.

License:

http://www.apache.org/licenses/LICENSE-2.0
File Path: /var/simplicite/.m2/repository/io/netty/netty-transport/4.1.49.Final/netty-transport-4.1.49.Final.jar
MD5: f94308ae6129d24af529effbf3fc4cab
SHA1: 415ea7f326635743aec952fe2349ca45959e94a7
SHA256:94e95c5d2b3372806e25c574bb2f51e92eb2e84ff9ae0738789f0aa0a34fb036
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

CVE-2021-37136  

The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack
CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2021-37137  

The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well. This vulnerability can be triggered by supplying malicious input that decompresses to a very big size (via a network stream or a file) or by sending a huge skippable chunk.
CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2022-41881  

Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version 4.1.86.Final. There is no workaround, except using a custom HaProxyMessageDecoder.
CWE-674 Uncontrolled Recursion

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

CVE-2023-44487  

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2023-4586  

A vulnerability was found in the Hot Rod client. This security issue occurs as the Hot Rod client does not enable hostname validation when using TLS, possibly resulting in a man-in-the-middle (MITM) attack.
CWE-295 Improper Certificate Validation

CVSSv3:
  • Base Score: HIGH (7.4)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2021-43797  

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Netty prior to version 4.1.71.Final skips control chars when they are present at the beginning / end of the header name. It should instead fail fast as these are not allowed by the spec and could lead to HTTP request smuggling. Failing to do the validation might cause netty to "sanitize" header names before it forward these to another remote system when used as proxy. This remote system can't see the invalid usage anymore, and therefore does not do the validation itself. Users should upgrade to version 4.1.71.Final.
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2023-34462  

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `SniHandler` can allocate up to 16MB of heap for each channel during the TLS handshake. When the handler or the channel does not have an idle timeout, it can be used to make a TCP server using the `SniHandler` to allocate 16MB of heap. The `SniHandler` class is a handler that waits for the TLS handshake to configure a `SslHandler` according to the indicated server name by the `ClientHello` record. For this matter it allocates a `ByteBuf` using the value defined in the `ClientHello` record. Normally the value of the packet should be smaller than the handshake packet but there are not checks done here and the way the code is written, it is possible to craft a packet that makes the `SslClientHelloHandler`. This vulnerability has been fixed in version 4.1.94.Final.
CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

CVE-2021-21295  

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.60.Final there is a vulnerability that enables request smuggling. If a Content-Length header is present in the original HTTP/2 request, the field is not validated by `Http2MultiplexHandler` as it is propagated up. This is fine as long as the request is not proxied through as HTTP/1.1. If the request comes in as an HTTP/2 stream, gets converted into the HTTP/1.1 domain objects (`HttpRequest`, `HttpContent`, etc.) via `Http2StreamFrameToHttpObjectCodec `and then sent up to the child channel's pipeline and proxied through a remote peer as HTTP/1.1 this may result in request smuggling. In a proxy case, users may assume the content-length is validated somehow, which is not the case. If the request is forwarded to a backend channel that is a HTTP/1.1 connection, the Content-Length now has meaning and needs to be checked. An attacker can smuggle requests inside the body as it gets downgraded from HTTP/2 to HTTP/1.1. For an example attack refer to the linked GitHub Advisory. Users are only affected if all of this is true: `HTTP2MultiplexCodec` or `Http2FrameCodec` is used, `Http2StreamFrameToHttpObjectCodec` is used to convert to HTTP/1.1 objects, and these HTTP/1.1 objects are forwarded to another remote peer. This has been patched in 4.1.60.Final As a workaround, the user can do the validation by themselves by implementing a custom `ChannelInboundHandler` that is put in the `ChannelPipeline` behind `Http2StreamFrameToHttpObjectCodec`.
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

CVSSv2:
  • Base Score: LOW (2.6)
  • Vector: /AV:N/AC:H/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (5.9)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2021-21409  

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.61.Final there is a vulnerability that enables request smuggling. The content-length header is not correctly validated if the request only uses a single Http2HeaderFrame with the endStream set to to true. This could lead to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. This is a followup of GHSA-wm47-8v5p-wjpj/CVE-2021-21295 which did miss to fix this one case. This was fixed as part of 4.1.61.Final.
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (5.9)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2021-21290  

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty before version 4.1.59.Final there is a vulnerability on Unix-like systems involving an insecure temp file. When netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure. Of note, this does not impact modern MacOS Operating Systems. The method "File.createTempFile" on unix-like systems creates a random file, but, by default will create this file with the permissions "-rw-r--r--". Thus, if sensitive information is written to this file, other local users can read this information. This is the case in netty's "AbstractDiskHttpData" is vulnerable. This has been fixed in version 4.1.59.Final. As a workaround, one may specify your own "java.io.tmpdir" when you start the JVM or use "DefaultHttpDataFactory.setBaseDir(...)" to set the directory to something that is only readable by the current user.
CWE-378 Creation of Temporary File With Insecure Permissions, CWE-379 Creation of Temporary File in Directory with Incorrect Permissions

CVSSv2:
  • Base Score: LOW (1.9)
  • Vector: /AV:L/AC:M/Au:N/C:P/I:N/A:N
CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2022-24823  

Netty is an open-source, asynchronous event-driven network application framework. The package `io.netty:netty-codec-http` prior to version 4.1.77.Final contains an insufficient fix for CVE-2021-21290. When Netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. This only impacts applications running on Java version 6 and lower. Additionally, this vulnerability impacts code running on Unix-like systems, and very old versions of Mac OSX and Windows as they all share the system temporary directory between all users. Version 4.1.77.Final contains a patch for this vulnerability. As a workaround, specify one's own `java.io.tmpdir` when starting the JVM or use DefaultHttpDataFactory.setBaseDir(...) to set the directory to something that is only readable by the current user.
CWE-378 Creation of Temporary File With Insecure Permissions, CWE-379 Creation of Temporary File in Directory with Incorrect Permissions, CWE-668 Exposure of Resource to Wrong Sphere

CVSSv2:
  • Base Score: LOW (1.9)
  • Vector: /AV:L/AC:M/Au:N/C:P/I:N/A:N
CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

netty-transport-native-kqueue-4.1.55.Final-osx-x86_64.jar

Description:

Netty is an asynchronous event-driven network application framework for    rapid development of maintainable high performance protocol servers and    clients.

License:

https://www.apache.org/licenses/LICENSE-2.0
File Path: /var/simplicite/.m2/repository/io/netty/netty-transport-native-kqueue/4.1.55.Final/netty-transport-native-kqueue-4.1.55.Final-osx-x86_64.jar
MD5: ba8aad3727c40aad66cd3970395e5fb5
SHA1: 78750b3227b3b5c9f1e986ae432ba1379e4e435d
SHA256:c1dad5ee3647388de1f548f29caf711724d0bb4d478db11958983cd3c67af39a
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

CVE-2021-37136  

The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack
CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2021-37137  

The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well. This vulnerability can be triggered by supplying malicious input that decompresses to a very big size (via a network stream or a file) or by sending a huge skippable chunk.
CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2022-41881  

Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version 4.1.86.Final. There is no workaround, except using a custom HaProxyMessageDecoder.
CWE-674 Uncontrolled Recursion

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

CVE-2023-44487  

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2023-4586  

A vulnerability was found in the Hot Rod client. This security issue occurs as the Hot Rod client does not enable hostname validation when using TLS, possibly resulting in a man-in-the-middle (MITM) attack.
CWE-295 Improper Certificate Validation

CVSSv3:
  • Base Score: HIGH (7.4)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2021-43797  

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Netty prior to version 4.1.71.Final skips control chars when they are present at the beginning / end of the header name. It should instead fail fast as these are not allowed by the spec and could lead to HTTP request smuggling. Failing to do the validation might cause netty to "sanitize" header names before it forward these to another remote system when used as proxy. This remote system can't see the invalid usage anymore, and therefore does not do the validation itself. Users should upgrade to version 4.1.71.Final.
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2023-34462  

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `SniHandler` can allocate up to 16MB of heap for each channel during the TLS handshake. When the handler or the channel does not have an idle timeout, it can be used to make a TCP server using the `SniHandler` to allocate 16MB of heap. The `SniHandler` class is a handler that waits for the TLS handshake to configure a `SslHandler` according to the indicated server name by the `ClientHello` record. For this matter it allocates a `ByteBuf` using the value defined in the `ClientHello` record. Normally the value of the packet should be smaller than the handshake packet but there are not checks done here and the way the code is written, it is possible to craft a packet that makes the `SslClientHelloHandler`. This vulnerability has been fixed in version 4.1.94.Final.
CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

CVE-2021-21295  

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.60.Final there is a vulnerability that enables request smuggling. If a Content-Length header is present in the original HTTP/2 request, the field is not validated by `Http2MultiplexHandler` as it is propagated up. This is fine as long as the request is not proxied through as HTTP/1.1. If the request comes in as an HTTP/2 stream, gets converted into the HTTP/1.1 domain objects (`HttpRequest`, `HttpContent`, etc.) via `Http2StreamFrameToHttpObjectCodec `and then sent up to the child channel's pipeline and proxied through a remote peer as HTTP/1.1 this may result in request smuggling. In a proxy case, users may assume the content-length is validated somehow, which is not the case. If the request is forwarded to a backend channel that is a HTTP/1.1 connection, the Content-Length now has meaning and needs to be checked. An attacker can smuggle requests inside the body as it gets downgraded from HTTP/2 to HTTP/1.1. For an example attack refer to the linked GitHub Advisory. Users are only affected if all of this is true: `HTTP2MultiplexCodec` or `Http2FrameCodec` is used, `Http2StreamFrameToHttpObjectCodec` is used to convert to HTTP/1.1 objects, and these HTTP/1.1 objects are forwarded to another remote peer. This has been patched in 4.1.60.Final As a workaround, the user can do the validation by themselves by implementing a custom `ChannelInboundHandler` that is put in the `ChannelPipeline` behind `Http2StreamFrameToHttpObjectCodec`.
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

CVSSv2:
  • Base Score: LOW (2.6)
  • Vector: /AV:N/AC:H/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (5.9)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2021-21409  

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.61.Final there is a vulnerability that enables request smuggling. The content-length header is not correctly validated if the request only uses a single Http2HeaderFrame with the endStream set to to true. This could lead to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. This is a followup of GHSA-wm47-8v5p-wjpj/CVE-2021-21295 which did miss to fix this one case. This was fixed as part of 4.1.61.Final.
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (5.9)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2021-21290  

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty before version 4.1.59.Final there is a vulnerability on Unix-like systems involving an insecure temp file. When netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure. Of note, this does not impact modern MacOS Operating Systems. The method "File.createTempFile" on unix-like systems creates a random file, but, by default will create this file with the permissions "-rw-r--r--". Thus, if sensitive information is written to this file, other local users can read this information. This is the case in netty's "AbstractDiskHttpData" is vulnerable. This has been fixed in version 4.1.59.Final. As a workaround, one may specify your own "java.io.tmpdir" when you start the JVM or use "DefaultHttpDataFactory.setBaseDir(...)" to set the directory to something that is only readable by the current user.
CWE-378 Creation of Temporary File With Insecure Permissions, CWE-379 Creation of Temporary File in Directory with Incorrect Permissions

CVSSv2:
  • Base Score: LOW (1.9)
  • Vector: /AV:L/AC:M/Au:N/C:P/I:N/A:N
CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2022-24823  

Netty is an open-source, asynchronous event-driven network application framework. The package `io.netty:netty-codec-http` prior to version 4.1.77.Final contains an insufficient fix for CVE-2021-21290. When Netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. This only impacts applications running on Java version 6 and lower. Additionally, this vulnerability impacts code running on Unix-like systems, and very old versions of Mac OSX and Windows as they all share the system temporary directory between all users. Version 4.1.77.Final contains a patch for this vulnerability. As a workaround, specify one's own `java.io.tmpdir` when starting the JVM or use DefaultHttpDataFactory.setBaseDir(...) to set the directory to something that is only readable by the current user.
CWE-378 Creation of Temporary File With Insecure Permissions, CWE-379 Creation of Temporary File in Directory with Incorrect Permissions, CWE-668 Exposure of Resource to Wrong Sphere

CVSSv2:
  • Base Score: LOW (1.9)
  • Vector: /AV:L/AC:M/Au:N/C:P/I:N/A:N
CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

no-case:3.0.4

Description:

Transform into a lower cased string with spaces between words

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?sentence-case:3.0.4/no-case:^3.0.4

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/sentence-case:3.0.4

Identifiers

node-emoji:1.11.0

Description:

simple emoji support for node.js projects

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?npm-check:6.0.1/node-emoji:^1.10.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/npm-check:6.0.1

Identifiers

node-environment-flags:1.0.6

License:

Apache-2.0
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/node-environment-flags:1.0.6

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/node:7.22.19

Identifiers

node-fetch:2.7.0

Description:

A light-weight module that brings window.fetch to node.js

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?simplicite:2.2.37/node-fetch:^2.7.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/simplicite:2.2.37

Identifiers

node-gyp:9.4.0

Description:

Node.js native addon build tool

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/node-gyp:9.4.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@npmcli/run-script:6.0.2

Identifiers

node-releases:2.0.13

Description:

Node.js releases data

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/node-releases:2.0.13

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/browserslist:4.22.1

Identifiers

nopt:5.0.0

Description:

Option parsing for Node, supporting types, shorthands, etc. Used by npm.

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/nopt:5.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/node-gyp:9.4.0
  • simplicite-js:5.1.65/js-beautify:1.14.0

Identifiers

nopt:6.0.0

Description:

Option parsing for Node, supporting types, shorthands, etc. Used by npm.

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/nopt:6.0.0

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

normalize-package-data:2.5.0

Description:

Normalizes data that can be found in package.json files.

License:

BSD-2-Clause
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/normalize-package-data:2.5.0

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

normalize-package-data:3.0.3

Description:

Normalizes data that can be found in package.json files.

License:

BSD-2-Clause
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/normalize-package-data:3.0.3

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/meow:9.0.0
  • simplicite-js:5.1.65/read-pkg:5.2.0
  • simplicite-js:5.1.65/read-package-json:6.0.4

Identifiers

normalize-package-data:5.0.0

Description:

Normalizes data that can be found in package.json files.

License:

BSD-2-Clause
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/normalize-package-data:5.0.0

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

normalize-path:3.0.0

Description:

Normalize slashes in a file path to be posix/unix-like forward slashes. Also condenses repeat slashes to a single slash and removes and trailing slashes, unless disabled.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?stylelint:14.16.1/normalize-path:^3.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/anymatch:3.1.3
  • simplicite-js:5.1.65/stylelint:14.16.1
  • simplicite-js:5.1.65/chokidar:3.5.3

Identifiers

normalize-url:4.5.1

Description:

Normalize a URL

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/normalize-url:4.5.1

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

normalize-url:8.0.0

Description:

Normalize a URL

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/normalize-url:8.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/cacheable-request:10.2.12
  • simplicite-js:5.1.65/cacheable-request:6.1.0

Identifiers

npm-audit-html:1.5.0

Description:

Generate a HTML report for NPM Audit

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/npm-audit-html:1.5.0

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

npm-bundled:3.0.0

Description:

list things in node_modules that are bundledDependencies, or transitive dependencies thereof

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/npm-bundled:3.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@npmcli/installed-package-contents:2.0.2

Identifiers

npm-check-updates:16.14.6

Description:

Find newer versions of dependencies than what your package.json allows

License:

Apache-2.0
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/npm-check-updates:16.14.6

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

npm-check:6.0.1

Description:

Check for outdated, incorrect, and unused dependencies.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/npm-check:6.0.1

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

npm-install-checks:6.1.1

Description:

Check the engines and platform fields in package.json

License:

BSD-2-Clause
File Path: /var/simplicite/simplicite-5.1/package-lock.json?npm-pick-manifest:8.0.2/npm-install-checks:^6.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65/npm-pick-manifest:8.0.2
  • simplicite-js:5.1.65

Identifiers

npm-normalize-package-bin:3.0.1

Description:

Turn any flavor of allowable package.json bin into a normalized object

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?read-package-json-fast:3.0.2/npm-normalize-package-bin:^3.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65/npm-bundled:3.0.0
  • simplicite-js:5.1.65/npm-pick-manifest:8.0.2
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@npmcli/installed-package-contents:2.0.2
  • simplicite-js:5.1.65/read-package-json-fast:3.0.2
  • simplicite-js:5.1.65/read-package-json:6.0.4

Identifiers

npm-package-arg:10.1.0

Description:

Parse the things that can be arguments to `npm install`

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?pacote:15.2.0/npm-package-arg:^10.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65/npm-pick-manifest:8.0.2
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/pacote:15.2.0
  • simplicite-js:5.1.65/npm-registry-fetch:14.0.5

Identifiers

npm-packlist:7.0.4

Description:

Get a list of the files to add from a folder into an npm package

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?pacote:15.2.0/npm-packlist:^7.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/pacote:15.2.0

Identifiers

npm-pick-manifest:8.0.2

Description:

Resolves a matching manifest from a package metadata document according to standard npm semver resolution rules.

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?pacote:15.2.0/npm-pick-manifest:^8.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/pacote:15.2.0
  • simplicite-js:5.1.65/@npmcli/git:4.1.0

Identifiers

npm-registry-fetch:14.0.5

Description:

Fetch-based http client for use with npm registry APIs

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?pacote:15.2.0/npm-registry-fetch:^14.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/pacote:15.2.0

Identifiers

npm-run-path:4.0.1

Description:

Get your PATH prepended with locally installed binaries

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/npm-run-path:4.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/execa:5.1.1

Identifiers

npmlog:6.0.2

Description:

logger for npm

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/npmlog:6.0.2

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/node-gyp:9.4.0

Identifiers

numeral:2.0.6

Description:

Format and manipulate numbers.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/numeral:2.0.6

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/npm-audit-html:1.5.0

Identifiers

oauth-2.3.0.jar

Description:

jclouds components to access OAuth

File Path: /var/simplicite/.m2/repository/org/apache/jclouds/api/oauth/2.3.0/oauth-2.3.0.jar
MD5: a51256719b0b1f8aa6cd01a07d6b0609
SHA1: b18ff951229041eae96cc8732940f7414d249d46
SHA256:27fd47b9389793fce8c148eb256e82ec99dba6b097ea85ed1872f36cc4648035
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

object-inspect:1.12.3

Description:

string representations of objects in node and the browser

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?side-channel:1.0.4/object-inspect:^1.9.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/es-abstract:1.21.2
  • simplicite-js:5.1.65/side-channel:1.0.4

Identifiers

object-keys:1.1.1

Description:

An Object.keys replacement, in case Object.keys is not available. From https://github.com/es-shims/es5-shim

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?object.assign:4.1.4/object-keys:^1.1.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/es-abstract:1.21.2
  • simplicite-js:5.1.65/define-properties:1.2.0
  • simplicite-js:5.1.65/object.assign:4.1.4

Identifiers

object.assign:4.1.4

Description:

ES6 spec-compliant Object.assign shim. From https://github.com/es-shims/es6-shim

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/object.assign:4.1.4

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/es-abstract:1.21.2

Identifiers

object.getownpropertydescriptors:2.1.6

Description:

ES2017 spec-compliant shim for `Object.getOwnPropertyDescriptors` that works in ES5.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/object.getownpropertydescriptors:2.1.6

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/node-environment-flags:1.0.6

Identifiers

ojdbc8-21.9.0.0.jar

Description:

 Oracle JDBC Driver compatible with JDK8, JDK11, JDK12, JDK13, JDK14 and JDK15

License:

Oracle Free Use Terms and Conditions (FUTC): https://www.oracle.com/downloads/licenses/oracle-free-license.html
File Path: /var/simplicite/.m2/repository/com/oracle/database/jdbc/ojdbc8/21.9.0.0/ojdbc8-21.9.0.0.jar
MD5: d23c84482e9524de3a29a3816b4d6fcd
SHA1: a68f29ad2376bdb8c04a87cda70c62907995855d
SHA256:e7bbab05994715e2810fc20e7ac4052905c5b604a0a1fb2b2f8a9d2f9a5c2c84
Referenced In Project/Scope:Simplicite Platform:runtime

Identifiers

okhttp-2.7.5.jar

File Path: /var/simplicite/.m2/repository/com/squareup/okhttp/okhttp/2.7.5/okhttp-2.7.5.jar
MD5: 1943a0ecbb1c503874c8c483284377e4
SHA1: 7a15a7db50f86c4b64aa3367424a60e3a325b8f1
SHA256:88ac9fd1bb51f82bcc664cc1eb9c225c90dc4389d660231b4cc737bebfe7d0aa
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

CVE-2021-0341 (OSSINDEX)  

In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-171980069
CWE-295 Improper Certificate Validation

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:/C:H/I:N/A:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:com.squareup.okhttp:okhttp:2.7.5:*:*:*:*:*:*:*

CVE-2023-0833  

A flaw was found in Red Hat's AMQ-Streams, which ships a version of the OKHttp component with an information disclosure flaw via an exception triggered by a header containing an illegal value. This issue could allow an authenticated attacker to access information outside of their regular permissions.
CWE-209 Information Exposure Through an Error Message

CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

okio-1.6.0.jar

File Path: /var/simplicite/.m2/repository/com/squareup/okio/okio/1.6.0/okio-1.6.0.jar
MD5: 164d1c28c323cf6e2a917d60374c5718
SHA1: 98476622f10715998eacf9240d6b479f12c66143
SHA256:114bdc1f47338a68bcbc95abf2f5cdc72beeec91812f2fcd7b521c1937876266
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

CVE-2023-3635  

GzipSource does not handle an exception that might be raised when parsing a malformed gzip buffer. This may lead to denial of service of the Okio client when handling a crafted GZIP archive, by using the GzipSource class.
CWE-681 Incorrect Conversion between Numeric Types

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

once:1.4.0

Description:

Run a function exactly one time

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?pump:3.0.0/once:^1.3.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65/pump:3.0.0
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/glob:7.2.3
  • simplicite-js:5.1.65/inflight:1.0.6
  • simplicite-js:5.1.65/end-of-stream:1.4.4

Identifiers

onetime:5.1.2

Description:

Ensure a function is only called once

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?restore-cursor:3.1.0/onetime:^5.1.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/execa:5.1.1
  • simplicite-js:5.1.65/restore-cursor:3.1.0

Identifiers

open:7.4.2

Description:

Open stuff like URLs, files, executables. Cross-platform.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/open:7.4.2

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/npm-audit-html:1.5.0

Identifiers

opencensus-api-0.24.0.jar

Description:

null

License:

The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/io/opencensus/opencensus-api/0.24.0/opencensus-api-0.24.0.jar
MD5: 57e26d9c2d3947a0b3716ec8bb32c9bf
SHA1: f974451b19007ce820f433311ce8adb88e2b7d2c
SHA256:f561b1cc2673844288e596ddf5bb6596868a8472fd2cb8993953fc5c034b2352
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

opencensus-contrib-grpc-metrics-0.21.0.jar

Description:

null

License:

The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/io/opencensus/opencensus-contrib-grpc-metrics/0.21.0/opencensus-contrib-grpc-metrics-0.21.0.jar
MD5: dbbefdc1c3e6bee5e578812d961ca6ba
SHA1: f07d3a325f1fe69ee40d6b409086964edfef4e69
SHA256:29fc79401082301542cab89d7054d2f0825f184492654c950020553ef4ff0ef8
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

opencensus-contrib-grpc-util-0.24.0.jar

Description:

null

License:

The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/io/opencensus/opencensus-contrib-grpc-util/0.24.0/opencensus-contrib-grpc-util-0.24.0.jar
MD5: a08eb9c6e16d21a9c1dea09a0c846162
SHA1: 1ac2f0c1a02c7ec0cd244e59228f687a90dfddab
SHA256:6d3e561866c651d9a7d47f11eef2b35e555a6269924c741a76a057b9c1201c76
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

opencensus-contrib-http-util-0.24.0.jar

Description:

null

License:

The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/io/opencensus/opencensus-contrib-http-util/0.24.0/opencensus-contrib-http-util-0.24.0.jar
MD5: 12d9df25feb2c6ff817465103dd3e13f
SHA1: 006d96406c272d884038eb63b262458df75b5445
SHA256:7155273bbb1ed3d477ea33cf19d7bbc0b285ff395f43b29ae576722cf247000f
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

openhtmltopdf-core-1.0.7.jar

Description:

Open HTML to PDF is a CSS 2.1 renderer written in Java.  This artifact contains the core rendering and layout code.

License:

GNU Lesser General Public License (LGPL), version 2.1 or later: http://www.gnu.org/licenses/lgpl.html
File Path: /var/simplicite/.m2/repository/com/openhtmltopdf/openhtmltopdf-core/1.0.7/openhtmltopdf-core-1.0.7.jar
MD5: 1df32f2ce59be39fb5134e028c7b3c78
SHA1: cb423461cfb74cc0381bd31accd5b18ac610170d
SHA256:e67270ad767218c037b6ee956afdff911989ca4857a4b31bb4cbe903547ab4c2
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

openhtmltopdf-pdfbox-1.0.7.jar

Description:

Openhtmltopdf is a CSS 2.1 renderer written in Java. This artifact supports PDF output with Apache PDF-BOX 2.

License:

GNU Lesser General Public License (LGPL), version 2.1 or later: http://www.gnu.org/licenses/lgpl.html
File Path: /var/simplicite/.m2/repository/com/openhtmltopdf/openhtmltopdf-pdfbox/1.0.7/openhtmltopdf-pdfbox-1.0.7.jar
MD5: 56cb66ecae994dba554a1b37bfd6a937
SHA1: be32b9f2d170f25ae62ce39cc57271ebdda2c4bd
SHA256:dd2fcabc026dfb5171f29b17b69e331ca4400999c280a650f6e3a593e02b57d4
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

openjson-1.0.11.jar

Description:

A clean-room Apache-licensed implementation of simple JSON processing

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/github/openjson/openjson/1.0.11/openjson-1.0.11.jar
MD5: adea05d96e2b300d8d93d87877bbfc0c
SHA1: 89d80fba6ebca174f23614cdfd6e50331c676d26
SHA256:6086e8c4219281e42c4ccb3dbf207995bd10787d27b01aaf00ac1f9b0dd34c9f
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

CVE-2022-45688  

A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data.
CWE-787 Out-of-bounds Write

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2023-5072  

Denial of Service  in JSON-Java versions up to and including 20230618.  A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used. 
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

opennlp-tools-1.9.1.jar

Description:

The Apache Software Foundation provides support for the Apache community of open-source software projects.    The Apache projects are characterized by a collaborative, consensus based development process, an open and    pragmatic software license, and a desire to create high quality software that leads the way in its field.    We consider ourselves not simply a group of projects sharing a server, but rather a community of developers    and users.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/opennlp/opennlp-tools/1.9.1/opennlp-tools-1.9.1.jar
MD5: d7c38308f18fcbba1bd87d0d8991ed82
SHA1: 8145429d82a4b811fdd3390557dbe6546b0153ad
SHA256:79711328756f4c8a909d7ae36d62bf2f949cca685d98bfd46b052e24b15df7e2
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

openstack-keystone-2.3.0.jar

Description:

jclouds components to access an implementation of OpenStack Keystone

File Path: /var/simplicite/.m2/repository/org/apache/jclouds/api/openstack-keystone/2.3.0/openstack-keystone-2.3.0.jar
MD5: a3fa668fcd110837b525f8ff32fe34ad
SHA1: 7cf6369137c511f6ca17a376338e180b6da9d090
SHA256:bb08ae91e1180b8963339eb14d3cbc727bd1673ada3b841a4fbbad4461fe3751
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

CVE-2020-12689  

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any user authenticated within a limited scope (trust/oauth/application credential) can create an EC2 credential with an escalated permission, such as obtaining admin while the user is on a limited viewer role. This potentially allows a malicious user to act as the admin on a project another user has the admin role on, which can effectively grant that user global admin privileges.
CWE-269 Improper Privilege Management

CVSSv2:
  • Base Score: MEDIUM (6.5)
  • Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSSv3:
  • Base Score: HIGH (8.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2020-12690  

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The list of roles provided for an OAuth1 access token is silently ignored. Thus, when an access token is used to request a keystone token, the keystone token contains every role assignment the creator had for the project. This results in the provided keystone token having more role assignments than the creator intended, possibly giving unintended escalated access.
CWE-613 Insufficient Session Expiration

CVSSv2:
  • Base Score: MEDIUM (6.5)
  • Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSSv3:
  • Base Score: HIGH (8.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2020-12691  

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any authenticated user can create an EC2 credential for themselves for a project that they have a specified role on, and then perform an update to the credential user and project, allowing them to masquerade as another user. This potentially allows a malicious user to act as the admin on a project another user has the admin role on, which can effectively grant that user global admin privileges.
CWE-863 Incorrect Authorization

CVSSv2:
  • Base Score: MEDIUM (6.5)
  • Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSSv3:
  • Base Score: HIGH (8.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2021-3563  

A flaw was found in openstack-keystone. Only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integrity.
CWE-863 Incorrect Authorization

CVSSv3:
  • Base Score: HIGH (7.4)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2020-12692  

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The EC2 API doesn't have a signature TTL check for AWS Signature V4. An attacker can sniff the Authorization header, and then use it to reissue an OpenStack token an unlimited number of times.
CWE-347 Improper Verification of Cryptographic Signature, CWE-294 Authentication Bypass by Capture-replay

CVSSv2:
  • Base Score: MEDIUM (5.5)
  • Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (5.4)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2018-14432  

In the Federation component of OpenStack Keystone before 11.0.4, 12.0.0, and 13.0.0, an authenticated "GET /v3/OS-FEDERATION/projects" request may bypass intended access restrictions on listing projects. An authenticated user may discover projects they have no authority to access, leaking all projects in the deployment and their attributes. Only Keystone with the /v3/OS-FEDERATION endpoint enabled via policy.json is affected.
CWE-200 Information Exposure

CVSSv2:
  • Base Score: LOW (3.5)
  • Vector: /AV:N/AC:M/Au:S/C:P/I:N/A:N
CVSSv3:
  • Base Score: MEDIUM (5.3)
  • Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2018-20170  

** DISPUTED ** OpenStack Keystone through 14.0.1 has a user enumeration vulnerability because invalid usernames have much faster responses than valid ones for a POST /v3/auth/tokens request. NOTE: the vendor's position is that this is a hardening opportunity, and not necessarily an issue that should have an OpenStack Security Advisory.
CWE-200 Information Exposure

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSSv3:
  • Base Score: MEDIUM (5.3)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References:

Vulnerable Software & Versions:

openstack-swift-2.3.0.jar

Description:

jclouds components to access an implementation of OpenStack Swift

File Path: /var/simplicite/.m2/repository/org/apache/jclouds/api/openstack-swift/2.3.0/openstack-swift-2.3.0.jar
MD5: d5d8d16b13f9b16f4c9f8da968a65d0f
SHA1: 1da7c6dbcb62fb7ebd1ed9b472835e841604890c
SHA256:e2aeaecfaa5d66d8ae697994b748c76758af5f03abd5292ff2d591d186e3f80a
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

CVE-2017-16613  

An issue was discovered in middleware.py in OpenStack Swauth through 1.2.0 when used with OpenStack Swift through 2.15.1. The Swift object store and proxy server are saving (unhashed) tokens retrieved from the Swauth middleware authentication mechanism to a log file as part of a GET URI. This allows attackers to bypass authentication by inserting a token into an X-Auth-Token header of a new request. NOTE: github.com/openstack/swauth URLs do not mean that Swauth is maintained by an official OpenStack project team.
CWE-287 Improper Authentication

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2016-0737  

OpenStack Object Storage (Swift) before 2.4.0 does not properly close client connections, which allows remote attackers to cause a denial of service (proxy-server resource consumption) via a series of interrupted requests to a Large Object URL.
CWE-399 Resource Management Errors

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

CVE-2016-0738  

OpenStack Object Storage (Swift) before 2.3.1 (Kilo), 2.4.x, and 2.5.x before 2.5.1 (Liberty) do not properly close server connections, which allows remote attackers to cause a denial of service (proxy-server resource consumption) via a series of interrupted requests to a Large Object URL.
CWE-399 Resource Management Errors

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2022-47950  

An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x before 2.29.2, and 2.30.0. By supplying crafted XML files, an authenticated user may coerce the S3 API into returning arbitrary file contents from the host server, resulting in unauthorized read access to potentially sensitive data. This impacts both s3api deployments (Rocky or later), and swift3 deployments (Queens and earlier, no longer actively developed).
CWE-552 Files or Directories Accessible to External Parties

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2015-5223  

OpenStack Object Storage (Swift) before 2.4.0 allows attackers to obtain sensitive information via a PUT tempurl and a DLO object manifest that references an object in another container.
CWE-200 Information Exposure

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N

References:

Vulnerable Software & Versions:

CVE-2017-8761  

In OpenStack Swift through 2.10.1, 2.11.0 through 2.13.0, and 2.14.0, the proxy-server logs full tempurl paths, potentially leaking reusable tempurl signatures to anyone with read access to these logs. All Swift deployments using the tempurl middleware are affected.
CWE-200 Information Exposure

CVSSv2:
  • Base Score: MEDIUM (4.0)
  • Vector: /AV:N/AC:L/Au:S/C:P/I:N/A:N
CVSSv3:
  • Base Score: MEDIUM (4.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

optionator:0.9.3

Description:

option parsing and help generation

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/optionator:0.9.3

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/eslint:8.52.0

Identifiers

ora:5.4.1

Description:

Elegant terminal spinner

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/ora:5.4.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/npm-check:6.0.1

Identifiers

org.apache.oltu.oauth2.client-1.0.2.jar

Description:

Apache Oltu is an OAuth protocol implementation in Java.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/oltu/oauth2/org.apache.oltu.oauth2.client/1.0.2/org.apache.oltu.oauth2.client-1.0.2.jar
MD5: 433638a5fab67c3a8f111d58c1fec0a0
SHA1: b34e09d1cb84c4b63cedb65c5346ac44eecc22c5
SHA256:ebbe0095c829ecbbb29b5ab572277ff11b9e3969114e6f1bac5d23a8c97e7708
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

org.apache.oltu.oauth2.common-1.0.2.jar

Description:

OAuth 2.0 library - Common

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/oltu/oauth2/org.apache.oltu.oauth2.common/1.0.2/org.apache.oltu.oauth2.common-1.0.2.jar
MD5: 48d5e8f17d2f292b32788d2b98b1aebd
SHA1: a82fff95276f4c6feadc7993670e659076e43260
SHA256:5e7ce01db88b361543e75644269c9447a059a5fecc23a15f3546eff8680ec968
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

org.eclipse.jgit-6.1.0.202203080745-r.jar

Description:

    Repository access and algorithms

File Path: /var/simplicite/.m2/repository/org/eclipse/jgit/org.eclipse.jgit/6.1.0.202203080745-r/org.eclipse.jgit-6.1.0.202203080745-r.jar
MD5: 19a83df8b0132f825437715a33e91d28
SHA1: 7b4a7cc2ef31bea3d2b283c06864fe791ccb22be
SHA256:b54f9fb14f62554a131bee6dd2a6dfaac82762037be5f2d78003d4ddd67c7e67
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

CVE-2023-4759 (OSSINDEX)  

Arbitrary File Overwrite in Eclipse JGit <= 6.6.0

In Eclipse JGit, all versions <= 6.6.0.202305301015-r, a symbolic link present in a specially crafted git repository can be used to write a file to locations outside the working tree when this repository is cloned with JGit to a case-insensitive filesystem, or when a checkout from a clone of such a repository is performed on a case-insensitive filesystem.

This can happen on checkout (DirCacheCheckout), merge (ResolveMerger via its WorkingTreeUpdater), pull (PullCommand using merge), and when applying a patch (PatchApplier). This can be exploited for remote code execution (RCE), for instance if the file written outside the working tree is a git filter that gets executed on a subsequent git command.

The issue occurs only on case-insensitive filesystems, like the default filesystems on Windows and macOS. The user performing the clone or checkout must have the rights to create symbolic links for the problem to occur, and symbolic links must be enabled in the git configuration.

Setting git configuration option core.symlinks = false before checking out avoids the problem.

The issue was fixed in Eclipse JGit version 6.6.1.202309021850-r and 6.7.0.202309050840-r, available via  Maven Central https://repo1.maven.org/maven2/org/eclipse/jgit/  and  repo.eclipse.org https://repo.eclipse.org/content/repositories/jgit-releases/ .


The JGit maintainers would like to thank RyotaK for finding and reporting this issue.





Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2023-4759 for details
CWE-178 Improper Handling of Case Sensitivity

CVSSv2:
  • Base Score: HIGH (8.8)
  • Vector: /AV:N/AC:L/Au:/C:H/I:H/A:H

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.eclipse.jgit:org.eclipse.jgit:6.1.0.202203080745-r:*:*:*:*:*:*:*

org.eclipse.jgit.http.server-6.1.0.202203080745-r.jar

Description:

    Git aware HTTP server implementation.

File Path: /var/simplicite/.m2/repository/org/eclipse/jgit/org.eclipse.jgit.http.server/6.1.0.202203080745-r/org.eclipse.jgit.http.server-6.1.0.202203080745-r.jar
MD5: e98293841bce4f122bca2b0cf2e78fa0
SHA1: 8c61b038cc12c78da107701e6a443bb9a88aa8ad
SHA256:c206f4eba35dba8aaa76a26fd19ae7dbcb4b2cd862cfb7b12c95cd0150a36449
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

org.eclipse.paho.client.mqttv3-1.2.5.jar

File Path: /var/simplicite/.m2/repository/org/eclipse/paho/org.eclipse.paho.client.mqttv3/1.2.5/org.eclipse.paho.client.mqttv3-1.2.5.jar
MD5: eb09d20835460ad2de7b6d46e77ad113
SHA1: 1546cfc794449c39ad569853843a930104fdc297
SHA256:59914287adac506a28d5e8172eed262a22605f3df4d426b9d92f41dae2448185
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

os-tmpdir:1.0.2

Description:

Node.js os.tmpdir() ponyfill

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?tmp:0.0.33/os-tmpdir:~1.0.2

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/tmp:0.0.33

Identifiers

p-cancelable:1.1.0

Description:

Create a promise that can be canceled

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/p-cancelable:1.1.0

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

p-cancelable:3.0.0

Description:

Create a promise that can be canceled

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/p-cancelable:3.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/got:9.6.0
  • simplicite-js:5.1.65/got:13.0.0
  • simplicite-js:5.1.65/got:12.6.1

Identifiers

p-limit:3.1.0

Description:

Run multiple promise-returning & async functions with limited concurrency

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?p-locate:5.0.0/p-limit:^3.0.2

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/p-locate:4.1.0
  • simplicite-js:5.1.65/p-locate:3.0.0
  • simplicite-js:5.1.65/p-locate:5.0.0

Identifiers

p-locate:3.0.0

Description:

Get the first fulfilled promise that satisfies the provided testing function

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/p-locate:3.0.0

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

p-locate:4.1.0

Description:

Get the first fulfilled promise that satisfies the provided testing function

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/p-locate:4.1.0

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

p-locate:5.0.0

Description:

Get the first fulfilled promise that satisfies the provided testing function

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/p-locate:5.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/locate-path:5.0.0
  • simplicite-js:5.1.65/locate-path:3.0.0
  • simplicite-js:5.1.65/locate-path:6.0.0

Identifiers

p-map:4.0.0

Description:

Map over promises concurrently

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/p-map:4.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/cacache:17.1.3
  • simplicite-js:5.1.65/npm-check-updates:16.14.6

Identifiers

p-try:2.2.0

Description:

`Start a promise chain

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?p-limit:2.3.0/p-try:^2.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/p-limit:2.3.0

Identifiers

package-json:6.5.0

Description:

Get metadata of a package from the npm registry

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/package-json:6.5.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/latest-version:5.1.0
  • simplicite-js:5.1.65/npm-check:6.0.1
  • simplicite-js:5.1.65/latest-version:7.0.0

Identifiers

package-json:8.1.1

Description:

Get metadata of a package from the npm registry

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/package-json:8.1.1

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

pacote:15.2.0

Description:

JavaScript package downloader

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/pacote:15.2.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/npm-check-updates:16.14.6

Identifiers

pako:1.0.11

Description:

zlib port to javascript - fast, modularized, with browser support

License:

(MIT AND Zlib)
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/pako:1.0.11

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/jszip:3.5.0

Identifiers

parent-module:1.0.1

Description:

Get the path of the parent module

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/parent-module:1.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/import-fresh:3.3.0

Identifiers

parse-github-url:1.0.2

Description:

Parse a github URL into an object.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/parse-github-url:1.0.2

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/npm-check-updates:16.14.6

Identifiers

parse-json:5.2.0

Description:

Parse JSON with more helpful errors

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?read-pkg:5.2.0/parse-json:^5.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/cosmiconfig:7.1.0
  • simplicite-js:5.1.65/read-pkg:5.2.0

Identifiers

  • pkg:npm/parse-json@5.2.0  (Confidence:Highest)
  • cpe:2.3:a:parsejson_project:parsejson:5.2.0:*:*:*:*:*:*:*  (Confidence:Low)  

parse-passwd:1.0.0

Description:

Parse a passwd file into a list of users.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/parse-passwd:1.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/homedir-polyfill:1.0.3

Identifiers

parso-2.0.11.jar

Description:

Parso is a lightweight Java library designed to read SAS7BDAT datasets. The Parso interfaces
        are analogous to libraries designed to read table-storing files, for example, CSVReader library.
        Despite its small size, the Parso library is the only full-featured open-source solution to process SAS7BDAT
        datasets, both uncompressed, CHAR-compressed and BIN-compressed. It is effective in processing clinical and
        statistical data often stored in SAS7BDAT format. Parso allows converting data into CSV format.

License:

Apache License v2: http://www.apache.org/licenses/LICENSE-2.0.html
File Path: /var/simplicite/.m2/repository/com/epam/parso/2.0.11/parso-2.0.11.jar
MD5: 5600fb69b3bb3ca4c0270941fa80bf10
SHA1: 3cd3dde9ace470e102bb344e05467ce308108a8e
SHA256:c3042420664fccf8634f77d99bd75e1d2ec03af985e1bf9f1c7a9f4cc79c8fe8
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

path-exists:3.0.0

Description:

Check if a path exists

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/path-exists:3.0.0

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

path-exists:4.0.0

Description:

Check if a path exists

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?which-pm:2.0.0/path-exists:^4.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/which-pm:2.0.0
  • simplicite-js:5.1.65/find-up:4.1.0
  • simplicite-js:5.1.65/preferred-pm:3.0.3
  • simplicite-js:5.1.65/npm-check:6.0.1
  • simplicite-js:5.1.65/find-up:5.0.0
  • simplicite-js:5.1.65/locate-path:3.0.0

Identifiers

path-is-absolute:1.0.1

Description:

Node.js 0.12 path.isAbsolute() ponyfill

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/path-is-absolute:1.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/glob:7.2.3

Identifiers

path-key:3.1.1

Description:

Get the PATH environment variable key cross-platform

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/path-key:3.1.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/cross-spawn:7.0.3
  • simplicite-js:5.1.65/npm-run-path:4.0.1

Identifiers

path-parse:1.0.7

Description:

Node.js path.parse() ponyfill

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?resolve:1.22.2/path-parse:^1.0.7

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65/resolve:1.22.2
  • simplicite-js:5.1.65

Identifiers

path-scurry:1.10.1

Description:

walk paths fast and efficiently

License:

BlueOak-1.0.0
File Path: /var/simplicite/simplicite-5.1/package-lock.json?glob:10.3.3/path-scurry:^1.10.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/glob:10.3.10
  • simplicite-js:5.1.65/glob:10.3.3

Identifiers

path-type:4.0.0

Description:

Check if a path is a file, directory, or symlink

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/path-type:4.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/cosmiconfig:7.1.0
  • simplicite-js:5.1.65/dir-glob:3.0.1

Identifiers

pdfbox-2.0.22.jar

Description:

        The Apache PDFBox library is an open source Java tool for working with PDF documents.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/pdfbox/pdfbox/2.0.22/pdfbox-2.0.22.jar
MD5: 7de0d7e4c89e5e07d0298ca112907921
SHA1: 61f19d1ebc0bec25bbbc0eb2b28ee872a39a76b3
SHA256:3069a03429c9c11edbbaf4eb503261bbf87260ff58c74e7e9f0f4ceeae640441
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

CVE-2021-27807  

A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.
CWE-834 Excessive Iteration

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2021-27906  

A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.
NVD-CWE-Other

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2021-31811  

In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2021-31812  

In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

perfmark-api-0.19.0.jar

Description:

PerfMark API

License:

Apache 2.0: https://opensource.org/licenses/Apache-2.0
File Path: /var/simplicite/.m2/repository/io/perfmark/perfmark-api/0.19.0/perfmark-api-0.19.0.jar
MD5: 6d88469151f53de768d399b6c7b1a56b
SHA1: 2bfc352777fa6e27ad1e11d11ea55651ba93236b
SHA256:b734ba2149712409a44eabdb799f64768578fee0defe1418bb108fe32ea43e1a
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

picocolors:1.0.0

Description:

The tiniest and the fastest library for terminal output formatting with ANSI colors

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?update-browserslist-db:1.0.13/picocolors:^1.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65/postcss:8.4.24
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/update-browserslist-db:1.0.13
  • simplicite-js:5.1.65/stylelint:14.16.1

Identifiers

picomatch:2.3.1

Description:

Blazing fast and accurate glob matcher written in JavaScript, with no dependencies and full support for standard and extended Bash glob features, including braces, extglobs, POSIX brackets, and regular expressions.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?readdirp:3.6.0/picomatch:^2.2.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/readdirp:3.6.0
  • simplicite-js:5.1.65/anymatch:3.1.3
  • simplicite-js:5.1.65/micromatch:4.0.5

Identifiers

pify:4.0.1

Description:

Promisify a callback-style function

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/pify:4.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/make-dir:2.1.0
  • simplicite-js:5.1.65/load-yaml-file:0.2.0

Identifiers

pinkie-promise:2.0.1

Description:

ES2015 Promise ponyfill

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/pinkie-promise:2.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65/callsite-record:4.1.5
  • simplicite-js:5.1.65

Identifiers

pinkie:2.0.4

Description:

Itty bitty little widdle twinkie pinkie ES2015 Promise implementation

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?pinkie-promise:2.0.1/pinkie:^2.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/pinkie-promise:2.0.1

Identifiers

pirates:4.0.6

Description:

Properly hijack require, i.e., properly define require hooks and customizations

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/pirates:4.0.6

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/register:7.22.15

Identifiers

pkg-dir:3.0.0

Description:

Find the root directory of a Node.js project or npm package

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/pkg-dir:3.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/find-yarn-workspace-root2:1.2.16
  • simplicite-js:5.1.65/npm-check:6.0.1
  • simplicite-js:5.1.65/find-cache-dir:2.1.0

Identifiers

pkg-dir:4.2.0

Description:

Find the root directory of a Node.js project or npm package

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/pkg-dir:4.2.0

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

pkg-dir:5.0.0

Description:

Find the root directory of a Node.js project or npm package

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/pkg-dir:5.0.0

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

please-upgrade-node:3.2.0

Description:

Displays a beginner-friendly message telling your user to upgrade their version of Node

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/please-upgrade-node:3.2.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/depcheck:1.4.3

Identifiers

poi-4.1.2.jar

Description:

Apache POI - Java API To Access Microsoft Format Files

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/poi/poi/4.1.2/poi-4.1.2.jar
MD5: e9a7c049c62c41c70354669bcd448212
SHA1: 964bf41cf68bce08e4ef6b2279b559fdf8d454f4
SHA256:ab1612406541968434044b2defad58aa8b657cad073baa22a04faaf9d7fb9d1c
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

CVE-2022-26336  

A shortcoming in the HMEF package of poi-scratchpad (Apache POI) allows an attacker to cause an Out of Memory exception. This package is used to read TNEF files (Microsoft Outlook and Microsoft Exchange Server). If an application uses poi-scratchpad to parse TNEF files and the application allows untrusted users to supply them, then a carefully crafted file can cause an Out of Memory exception. This issue affects poi-scratchpad version 5.2.0 and prior versions. Users are recommended to upgrade to poi-scratchpad 5.2.1.
CWE-20 Improper Input Validation, CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

popper.js:1.16.1

Description:

A kickass library to manage your poppers

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/popper.js:1.16.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/bootbox:5.5.2

Identifiers

postcss-less:6.0.0

Description:

LESS parser for PostCSS

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/postcss-less:6.0.0

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

postcss-media-query-parser:0.2.3

Description:

A tool for parsing media query lists.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?stylelint:14.16.1/postcss-media-query-parser:^0.2.3

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/stylelint:14.16.1

Identifiers

postcss-resolve-nested-selector:0.1.1

Description:

Resolve a nested selector in a PostCSS AST

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?stylelint:14.16.1/postcss-resolve-nested-selector:^0.1.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/stylelint:14.16.1

Identifiers

postcss-safe-parser:6.0.0

Description:

Fault-tolerant CSS parser for PostCSS

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?stylelint:14.16.1/postcss-safe-parser:^6.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/stylelint:14.16.1

Identifiers

postcss-selector-parser:6.0.13

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?stylelint:14.16.1/postcss-selector-parser:^6.0.11

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/stylelint:14.16.1

Identifiers

postcss-value-parser:4.2.0

Description:

Transforms css values and at-rule params into the tree

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?stylelint:14.16.1/postcss-value-parser:^4.2.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/stylelint:14.16.1

Identifiers

postcss:8.4.24

Description:

Tool for transforming styles with JS plugins

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?stylelint:14.16.1/postcss:^8.4.19

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/stylelint:14.16.1
  • simplicite-js:5.1.65/@vue/compiler-sfc:3.3.4

Identifiers

CVE-2023-44270  

An issue was discovered in PostCSS before 8.4.31. The vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the PostCSS output in CSS nodes (rules, properties) despite being included in a comment.
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CVSSv3:
  • Base Score: MEDIUM (5.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References:

Vulnerable Software & Versions:

postgresql-42.5.3.jar

Description:

PostgreSQL JDBC Driver Postgresql

License:

BSD-2-Clause: https://jdbc.postgresql.org/about/license.html
File Path: /var/simplicite/.m2/repository/org/postgresql/postgresql/42.5.3/postgresql-42.5.3.jar
MD5: ff8425773fb40fdd34a96b34c775ddd4
SHA1: 646a6b458e463746946721409e370cea9cd005ed
SHA256:56959b820bfbd15638b4f2b5d71e6cb411cd9d84b5a98a09e02af26a178b50be
Referenced In Project/Scope:Simplicite Platform:runtime

Identifiers

preact:10.15.1

Description:

Fast 3kb React-compatible Virtual DOM library.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/preact:10.15.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@fullcalendar/core:5.5.0

Identifiers

preferred-pm:3.0.3

Description:

Detects what package manager was used for installation

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/preferred-pm:3.0.3

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/npm-check:6.0.1

Identifiers

preflight-2.0.22.jar

Description:

      The Apache Preflight library is an open source Java tool that implements 
      a parser compliant with the ISO-19005 (PDF/A) specification. Preflight is a 
      subproject of Apache PDFBox.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/pdfbox/preflight/2.0.22/preflight-2.0.22.jar
MD5: 4981ad5560f516f731fb22a147be6fb2
SHA1: 9ccfaad34777c8d481fd87059a09412058d34e1f
SHA256:4137c7bd9ff48bb962156eb7afa784ecf234e2459d01c7b64dd56310d6b2efb1
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

CVE-2021-27807  

A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.
CWE-834 Excessive Iteration

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2021-27906  

A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.
NVD-CWE-Other

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2021-31811  

In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2021-31812  

In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

prelude-ls:1.2.1

Description:

prelude.ls is a functionally oriented utility library. It is powerful and flexible. Almost all of its functions are curried. It is written in, and is the recommended base library for, LiveScript.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?type-check:0.4.0/prelude-ls:^1.2.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/optionator:0.9.3
  • simplicite-js:5.1.65/levn:0.4.1
  • simplicite-js:5.1.65/type-check:0.4.0

Identifiers

prepend-http:2.0.0

Description:

Prepend `http://` to humanized URLs like todomvc.com and localhost

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?url-parse-lax:3.0.0/prepend-http:^2.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/url-parse-lax:3.0.0

Identifiers

proc-log:3.0.0

Description:

just emit 'log' events on the process object

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/proc-log:3.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/pacote:15.2.0
  • simplicite-js:5.1.65/npm-package-arg:10.1.0
  • simplicite-js:5.1.65/@npmcli/git:4.1.0
  • simplicite-js:5.1.65/npm-registry-fetch:14.0.5

Identifiers

process-nextick-args:2.0.1

Description:

process.nextTick but always with args

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/process-nextick-args:2.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/readable-stream:2.3.8

Identifiers

progress:2.0.3

Description:

Flexible ascii progress bar

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/progress:2.0.3

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/npm-check-updates:16.14.6

Identifiers

promise-inflight:1.0.1

Description:

One promise for multiple requests in flight to avoid async duplication

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/promise-inflight:1.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@npmcli/git:4.1.0

Identifiers

promise-retry:2.0.1

Description:

Retries a function that returns a promise, leveraging the power of the retry module.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/promise-retry:2.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/pacote:15.2.0
  • simplicite-js:5.1.65/@npmcli/git:4.1.0
  • simplicite-js:5.1.65/make-fetch-happen:11.1.1

Identifiers

prompts-ncu:3.0.0

Description:

Lightweight, beautiful and user-friendly prompts

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/prompts-ncu:3.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/npm-check-updates:16.14.6

Identifiers

proto-google-cloud-firestore-admin-v1-1.31.0.jar

Description:

PROTO library for proto-google-cloud-firestore-admin-v1

File Path: /var/simplicite/.m2/repository/com/google/api/grpc/proto-google-cloud-firestore-admin-v1/1.31.0/proto-google-cloud-firestore-admin-v1-1.31.0.jar
MD5: f93382542e10f303aa8bc0d705d1de7b
SHA1: def08d0a296bfd2dc336c6e47ec6e0ba87e72956
SHA256:709a552d603d1f0f8f52cb727a47f9ea28338e60f0721f903d4913187edf455b
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

proto-google-cloud-firestore-v1-1.31.0.jar

Description:

PROTO library for proto-google-cloud-firestore-v1

File Path: /var/simplicite/.m2/repository/com/google/api/grpc/proto-google-cloud-firestore-v1/1.31.0/proto-google-cloud-firestore-v1-1.31.0.jar
MD5: 1de1ee1185b9c5a2784aeab4dbe5f15c
SHA1: 5a5d463dad9b082d7e208c6c1c0dca1f2ea7092f
SHA256:40b9f4c228dde696c88c2218a599e52fce0ce1083dd1fe98b45053e20b4c5515
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

proto-google-cloud-firestore-v1beta1-0.84.0.jar

Description:

PROTO library for proto-google-cloud-firestore-v1beta1

File Path: /var/simplicite/.m2/repository/com/google/api/grpc/proto-google-cloud-firestore-v1beta1/0.84.0/proto-google-cloud-firestore-v1beta1-0.84.0.jar
MD5: b2f732ae43d5585498be97c88afd6329
SHA1: 8f1e375d414d20f9699078ef6ed555eee226a575
SHA256:0900923191f78875937e86fbe0c7dd876b1472a7a523eb93f46d4b0ab05fe97f
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

proto-google-cloud-pubsub-v1-1.84.0.jar

Description:

PROTO library for proto-google-cloud-pubsub-v1

File Path: /var/simplicite/.m2/repository/com/google/api/grpc/proto-google-cloud-pubsub-v1/1.84.0/proto-google-cloud-pubsub-v1-1.84.0.jar
MD5: 16c4640f2e537fe4f7186f99d19dbddf
SHA1: 521d922d9d4fe17608f25786776e6048396df642
SHA256:39b92b64e7fa1db25c269696740386f73a726baac541b452a4ca4c3dbf039a16
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

proto-google-common-protos-1.17.0.jar

Description:

PROTO library for proto-google-common-protos

License:

Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/google/api/grpc/proto-google-common-protos/1.17.0/proto-google-common-protos-1.17.0.jar
MD5: 640e1d58d6edc25e7e14833207a70dba
SHA1: 40471bf2045151c17da555889b5550fcfd5224a8
SHA256:ad25472c73ee470606fb500b376ae5a97973d5406c2f5c3b7d07fb25b4648b65
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

proto-google-iam-v1-0.13.0.jar

Description:

PROTO library for proto-google-iam-v1

License:

Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/google/api/grpc/proto-google-iam-v1/0.13.0/proto-google-iam-v1-0.13.0.jar
MD5: c7306880a96217f687a42fbee83c1f84
SHA1: ed3d62b64aa23a3decf324c8988eb4aae9f36e94
SHA256:1b440938d7bdad70e3fad9cb5db91c075a02ab08995c5cca55533ed580c7e185
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

proto-list:1.2.4

Description:

A utility for managing a prototype chain

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/proto-list:1.2.4

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/config-chain:1.1.13

Identifiers

protobuf-java-3.11.4.jar

Description:

    Core Protocol Buffers library. Protocol Buffers are a way of encoding structured data in an
    efficient yet extensible format.

License:

https://opensource.org/licenses/BSD-3-Clause
File Path: /var/simplicite/.m2/repository/com/google/protobuf/protobuf-java/3.11.4/protobuf-java-3.11.4.jar
MD5: c4ceefed77d79affded2a1302e74606d
SHA1: 7ec0925cc3aef0335bbc7d57edfd42b0f86f8267
SHA256:42e98f58f53d1a49fd734c2dd193880f2dfec3436a2993a00d06b8800a22a3f2
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

CVE-2022-3171  

A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above.
NVD-CWE-noinfo

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2022-3509 (OSSINDEX)  

A parsing issue similar to CVE-2022-3171, but with textformat in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above.
CWE-20 Improper Input Validation

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:/C:N/I:N/A:H

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:com.google.protobuf:protobuf-java:3.11.4:*:*:*:*:*:*:*

CVE-2022-3510 (OSSINDEX)  

A parsing issue similar to CVE-2022-3171, but with Message-Type Extensions in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above.

Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2022-3510 for details
CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:/C:N/I:N/A:H

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:com.google.protobuf:protobuf-java:3.11.4:*:*:*:*:*:*:*

CVE-2021-22569  

An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. A small malicious payload can occupy the parser for several minutes by creating large numbers of short-lived objects that cause frequent, repeated pauses. We recommend upgrading libraries beyond the vulnerable versions.
NVD-CWE-noinfo

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

protobuf-java-util-3.11.4.jar

Description:

Utilities for Protocol Buffers

License:

https://opensource.org/licenses/BSD-3-Clause
File Path: /var/simplicite/.m2/repository/com/google/protobuf/protobuf-java-util/3.11.4/protobuf-java-util-3.11.4.jar
MD5: 91d2b7e16d3f3db0b3c4ff96ec52f240
SHA1: 99a6a669e55f3d587ac8eb61857f7b81d0bbd7f7
SHA256:29aacfff1cc455102627d4cfe6f319e4864ea7ce1a4e9d03b4c7bb01fc8255b0
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

CVE-2022-3171  

A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above.
NVD-CWE-noinfo

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2021-22569  

An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. A small malicious payload can occupy the parser for several minutes by creating large numbers of short-lived objects that cause frequent, repeated pauses. We recommend upgrading libraries beyond the vulnerable versions.
NVD-CWE-noinfo

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

proton-j-0.33.8.jar

Description:

Proton is a library for speaking AMQP.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/qpid/proton-j/0.33.8/proton-j-0.33.8.jar
MD5: cd1f6987b69e8f5bfc2847fe8695fd79
SHA1: f7e503d4505d73c604c3a4a8e190d461136c9797
SHA256:2181e51532fcd1d5fcc7bddea8bf1b4e69cc028346777780011b30faea8d70cb
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

pseudomap:1.0.2

Description:

A thing that is a lot like ES6 `Map`, but without iterators, for use in environments where `for..of` syntax and `Map` are not available.

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/pseudomap:1.0.2

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65/lru-cache:4.1.5
  • simplicite-js:5.1.65

Identifiers

pump:3.0.0

Description:

pipe streams together and close all of them if one of them closes

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/pump:3.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/get-stream:5.2.0
  • simplicite-js:5.1.65/get-stream:4.1.0

Identifiers

punycode:2.3.0

Description:

A robust Punycode converter that fully complies to RFC 3492 and RFC 5891, and works on nearly all JavaScript platforms.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?uri-js:4.4.1/punycode:^2.1.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/uri-js:4.4.1

Identifiers

pupa:2.1.1

Description:

Simple micro templating

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?update-notifier:4.1.3/pupa:^2.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/update-notifier:5.1.0
  • simplicite-js:5.1.65/update-notifier:6.0.2
  • simplicite-js:5.1.65/update-notifier:4.1.3

Identifiers

qpid-jms-client-0.56.0.jar

Description:

The core JMS Client implementation

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/qpid/qpid-jms-client/0.56.0/qpid-jms-client-0.56.0.jar
MD5: e105e2134436b48cc5db4211bbed5474
SHA1: 3dbc0a85a0a38fa2df85173b4c7796e1a7e64af3
SHA256:5f590a735463b444663505fc1bdd637622899883f1ba52d612102be0aa7a382c
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

qrgen-1.4.jar

Description:

a simple QRCode generation api for java built on top ZXING

License:

Apache License v2: http://www.apache.org/licenses/LICENSE-2.0.html
File Path: /var/simplicite/.m2/repository/net/glxn/qrgen/1.4/qrgen-1.4.jar
MD5: 22aedd5cea2b5d4edc650ab1e08a1ff9
SHA1: fbb2465ec16db786a164e66f2a1e67e2e9254303
SHA256:4985f423c0ced38a1b60ac0f2b76e9a260fe54a276ed313c362ae85fdbe39c35
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

quartz-2.3.2.jar

Description:

Enterprise Job Scheduler

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
Apache Software License, Version 2.0
File Path: /var/simplicite/.m2/repository/org/quartz-scheduler/quartz/2.3.2/quartz-2.3.2.jar
MD5: d7299dbaec0e0ed7af281b07cc40c8c1
SHA1: 18a6d6b5a40b77bd060b34cb9f2acadc4bae7c8a
SHA256:639c6a675bc472e1568df9d8c954ff702da6f83ed27da0ff9a7bd12ed73b8bf0
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

CVE-2023-39017  

** DISPUTED ** quartz-jobs 2.3.2 and below was discovered to contain a code injection vulnerability in the component org.quartz.jobs.ee.jms.SendQueueMessageJob.execute. This vulnerability is exploited via passing an unchecked argument. NOTE: this is disputed by multiple parties because it is not plausible that untrusted user input would reach the code location where injection must occur.
CWE-94 Improper Control of Generation of Code ('Code Injection')

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions:

query-ast:1.0.5

Description:

A library to traverse/modify an AST

License:

BSD-3-Clause
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/query-ast:1.0.5

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/depcheck:1.4.3

Identifiers

queue-microtask:1.2.3

Description:

fast, tiny `queueMicrotask` shim for modern engines

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?run-parallel:1.2.0/queue-microtask:^1.2.2

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/run-parallel:1.2.0

Identifiers

quick-lru:4.0.1

Description:

Simple "Least Recently Used" (LRU) cache

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/quick-lru:4.0.1

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

quick-lru:5.1.1

Description:

Simple “Least Recently Used” (LRU) cache

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/quick-lru:5.1.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65/http2-wrapper:2.2.0
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/camelcase-keys:6.2.2

Identifiers

rc-config-loader:4.1.3

Description:

load config file from .{product}rc.{json,yml,js}

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/rc-config-loader:4.1.3

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/npm-check:6.0.1
  • simplicite-js:5.1.65/npm-check-updates:16.14.6

Identifiers

rc:1.2.8

Description:

hardwired configuration loader

License:

(BSD-2-Clause OR MIT OR Apache-2.0)
File Path: /var/simplicite/simplicite-5.1/package-lock.json?registry-url:5.1.0/rc:^1.2.8

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/registry-auth-token:4.2.2
  • simplicite-js:5.1.65/license-report:6.5.0
  • simplicite-js:5.1.65/registry-url:6.0.1
  • simplicite-js:5.1.65/registry-url:5.1.0

Identifiers

read-package-json-fast:3.0.2

Description:

Like read-package-json, but faster

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/read-package-json-fast:3.0.2

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/pacote:15.2.0
  • simplicite-js:5.1.65/@npmcli/run-script:6.0.2

Identifiers

read-package-json:6.0.4

Description:

The thing npm uses to read package.json files with semantics and defaults and validation

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/read-package-json:6.0.4

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/pacote:15.2.0

Identifiers

read-pkg-up:7.0.1

Description:

Read the closest package.json file

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/read-pkg-up:7.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/meow:9.0.0

Identifiers

read-pkg:5.2.0

Description:

Read a package.json file

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?read-pkg-up:7.0.1/read-pkg:^5.2.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/read-pkg-up:7.0.1

Identifiers

readable-stream:1.1.14

Description:

Streams3, a user-land copy of the stream library from Node.js v0.11.x

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/readable-stream:1.1.14

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/are-we-there-yet:3.0.1
  • simplicite-js:5.1.65/jszip:3.5.0
  • simplicite-js:5.1.65/bl:4.1.0
  • simplicite-js:5.1.65/htmlparser2:3.8.3

Identifiers

readable-stream:2.3.8

Description:

Streams3, a user-land copy of the stream library from Node.js

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/readable-stream:2.3.8

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

readable-stream:3.6.2

Description:

Streams3, a user-land copy of the stream library from Node.js

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/readable-stream:3.6.2

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

readdirp:3.6.0

Description:

Recursive version of fs.readdir with streaming API.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/readdirp:3.6.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/chokidar:3.5.3
  • simplicite-js:5.1.65/depcheck:1.4.3

Identifiers

redent:3.0.0

Description:

Strip redundant indentation and indent the string

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/redent:3.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/meow:9.0.0

Identifiers

regenerate-unicode-properties:10.1.0

Description:

Regenerate sets for Unicode properties and values.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?regexpu-core:5.3.2/regenerate-unicode-properties:^10.1.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/regexpu-core:5.3.2

Identifiers

regenerate:1.4.2

Description:

Generate JavaScript-compatible regular expressions based on a given set of Unicode symbols or code points.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?regexpu-core:5.3.2/regenerate:^1.4.2

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/regexpu-core:5.3.2
  • simplicite-js:5.1.65/regenerate-unicode-properties:10.1.0

Identifiers

regenerator-runtime:0.14.0

Description:

Runtime for Regenerator-compiled generator and async functions.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/regenerator-runtime:0.14.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/runtime:7.22.15
  • simplicite-js:5.1.65/@babel/node:7.22.19

Identifiers

regenerator-transform:0.15.2

Description:

Explode async and generator functions into a state machine.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/regenerator-transform:0.15.2

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/plugin-transform-regenerator:7.22.10

Identifiers

regexp.prototype.flags:1.5.0

Description:

ES6 spec-compliant RegExp.prototype.flags shim.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/regexp.prototype.flags:1.5.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/es-abstract:1.21.2

Identifiers

regexpu-core:5.3.2

Description:

regexpu’s core functionality (i.e. `rewritePattern(pattern, flag)`), capable of translating ES6 Unicode regular expressions to ES5.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/regexpu-core:5.3.2

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/helper-create-regexp-features-plugin:7.22.5

Identifiers

registry-auth-token:4.2.2

Description:

Get the auth token set for an npm registry (if any)

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/registry-auth-token:4.2.2

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/package-json:6.5.0
  • simplicite-js:5.1.65/package-json:8.1.1

Identifiers

registry-auth-token:5.0.2

Description:

Get the auth token set for an npm registry (if any)

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/registry-auth-token:5.0.2

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

registry-url:5.1.0

Description:

Get the set npm registry URL

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/registry-url:5.1.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/package-json:6.5.0
  • simplicite-js:5.1.65/package-json:8.1.1

Identifiers

registry-url:6.0.1

Description:

Get the set npm registry URL

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/registry-url:6.0.1

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

regjsparser:0.9.1

License:

BSD-2-Clause
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/regjsparser:0.9.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/regexpu-core:5.3.2

Identifiers

relaxng-datatype-2.3.2.jar

File Path: /var/simplicite/.m2/repository/com/sun/xml/bind/external/relaxng-datatype/2.3.2/relaxng-datatype-2.3.2.jar
MD5: 0ebc89465bebcaedb3d97ed959b45fa8
SHA1: d202e2c8bdd0a5286490260e311f0df1955f4dbf
SHA256:6a746e2e38eb08b755e1a6b1badc3ab99c1fce81159c1687974da868714a82f5
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

remote-git-tags:3.0.0

Description:

Get tags from a remote Git repo

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/remote-git-tags:3.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/npm-check-updates:16.14.6

Identifiers

require-directory:2.1.1

Description:

Recursively iterates over specified directory, require()'ing each file, and returning a nested hash structure containing those modules.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?yargs:16.2.0/require-directory:^2.1.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/yargs:16.2.0

Identifiers

require-from-string:2.0.2

Description:

Require module from string

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?ajv:8.12.0/require-from-string:^2.0.2

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/rc-config-loader:4.1.3
  • simplicite-js:5.1.65/ajv:8.12.0

Identifiers

require-package-name:2.0.1

Description:

gets the package name for a require statement

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/require-package-name:2.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/depcheck:1.4.3

Identifiers

requizzle:0.2.4

Description:

Swizzle a little something into your require() calls.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/requizzle:0.2.4

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/jsdoc:4.0.2

Identifiers

resolve-alpn:1.2.1

Description:

Detects the ALPN protocol

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/resolve-alpn:1.2.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65/http2-wrapper:2.2.0
  • simplicite-js:5.1.65

Identifiers

resolve-from:4.0.0

Description:

Resolve the path of a module like `require.resolve()` but from a given path

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/resolve-from:4.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/import-fresh:3.3.0
  • simplicite-js:5.1.65/stylelint:14.16.1

Identifiers

resolve-from:5.0.0

Description:

Resolve the path of a module like `require.resolve()` but from a given path

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/resolve-from:5.0.0

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

resolve:1.22.2

Description:

resolve like require.resolve() on behalf of files asynchronously and synchronously

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/resolve:1.22.2

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65/normalize-package-data:2.5.0
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/helper-define-polyfill-provider:0.4.3
  • simplicite-js:5.1.65/depcheck:1.4.3

Identifiers

responselike:1.0.2

Description:

A response-like object for mocking a Node.js HTTP response stream

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/responselike:1.0.2

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

responselike:3.0.0

Description:

A response-like object for mocking a Node.js HTTP response stream

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/responselike:3.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/cacheable-request:10.2.12
  • simplicite-js:5.1.65/cacheable-request:6.1.0
  • simplicite-js:5.1.65/got:13.0.0
  • simplicite-js:5.1.65/got:12.6.1

Identifiers

restore-cursor:3.1.0

Description:

Gracefully restore the CLI cursor on exit

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/restore-cursor:3.1.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/cli-cursor:3.1.0

Identifiers

retry:0.12.0

Description:

Abstraction for exponential and custom retry strategies for failed operations.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/retry:0.12.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/promise-retry:2.0.1

Identifiers

reusify:1.0.4

Description:

Reuse objects and functions with style

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/reusify:1.0.4

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/fastq:1.15.0

Identifiers

rhino-1.7.13.jar

Description:

    Rhino is an open-source implementation of JavaScript written entirely in Java.
    It is typically embedded into Java applications to provide scripting to end users.

License:

Mozilla Public License, Version 2.0: http://www.mozilla.org/MPL/2.0/index.txt
File Path: /var/simplicite/.m2/repository/org/mozilla/rhino/1.7.13/rhino-1.7.13.jar
MD5: 17d7bed97d9c03a77578ec16e26bfc2f
SHA1: e6b2e12dc79fbdc58d8bf62a583705a551ec37d6
SHA256:931dda33789d8e004ff5b5478ee3d6d224305de330c48266df7c3e49d52fc606
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

rhino-1.7.13.jar: test.js

File Path: /var/simplicite/.m2/repository/org/mozilla/rhino/1.7.13/rhino-1.7.13.jar/org/mozilla/javascript/tools/debugger/test.js
MD5: 3f4137118304ccd25816067cf8d1edd6
SHA1: d3c7ae4c10cb6c7ac191cb65a39e53ba6a4e6cfb
SHA256:950d2db0a646488500b58ba76a02c33501a048708c083e3b743b73b16e105331
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

  • None

rhino-js-engine-1.7.10.jar

Description:

A js-engine.jar that provides a script engine "rhino" with old Rhino JavaScript.

The source code for js-engine comes from https://java.net/projects/Scripting.

The Rhino engine itself is pulled by maven. Its source is at https://github.com/mozilla/rhino.

License:

The BSD 3-Clause License: https://opensource.org/licenses/BSD-3-Clause
File Path: /var/simplicite/.m2/repository/cat/inspiracio/rhino-js-engine/1.7.10/rhino-js-engine-1.7.10.jar
MD5: 5543d39bea21e5c9515e8d967a61e1b1
SHA1: 09cc9336acf7bd2f370ae812d5713e90463edc33
SHA256:b47d73c223c86fd3f70470a9a8269626dbb6e9cb0195d062ba53171a2df7ff44
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

rhino-js-engine-1.7.10.jar: toplevel.js

File Path: /var/simplicite/.m2/repository/cat/inspiracio/rhino-js-engine/1.7.10/rhino-js-engine-1.7.10.jar/META-INF/toplevel.js
MD5: 491854ddbf3787e63aec2d77d4aad938
SHA1: 0cc36fe5c5269749b8d94252d7490d2d82bda8ed
SHA256:511041250766b0811a7767801a1bec1be89a5bddbbe9e455ad7ea2057ba473f7
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

  • None

rimraf:3.0.2

Description:

A deep deletion module for node (like `rm -rf`)

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/rimraf:3.0.2

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/flat-cache:3.0.4
  • simplicite-js:5.1.65/npm-check-updates:16.14.6
  • simplicite-js:5.1.65/node-gyp:9.4.0

Identifiers

rimraf:5.0.5

Description:

A deep deletion module for node (like `rm -rf`)

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/rimraf:5.0.5

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

rngom-2.3.2.jar

Description:

        RNGOM is a RelaxNG Object model library (XSOM for RelaxNG).

File Path: /var/simplicite/.m2/repository/com/sun/xml/bind/external/rngom/2.3.2/rngom-2.3.2.jar
MD5: 16cae2e80f24e2cf10ad6b5d95114ae0
SHA1: 6b8c5d0984c31a01d98290cee4ab9bde13536431
SHA256:02165b9f0020160873f13e29e243b02e5c578792f9d1f2367fbadfcf8374fc78
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

rome-1.12.2.jar

Description:

All Roads Lead to ROME. ROME is a set of Atom/RSS Java utilities that make it
        easy to work in Java with most syndication formats. Today it accepts all flavors of RSS
        (0.90, 0.91, 0.92, 0.93, 0.94, 1.0 and 2.0), Atom 0.3 and Atom 1.0 feeds. Rome includes
        a set of parsers and generators for the various flavors of feeds, as well as converters
        to convert from one format to another. The parsers can give you back Java objects that
        are either specific for the format you want to work with, or a generic normalized
        SyndFeed object that lets you work on with the data without bothering about the
        underlying format.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/rometools/rome/1.12.2/rome-1.12.2.jar
MD5: 113ebb2155100074704294d37875bffe
SHA1: eaa7a2025cd38a6678d96b2b78b4f7e68e3f8e36
SHA256:ee1f9b116d3246699cfa51690688aafe17ca46ce3aea7f5a5f1170fbf7695ed8
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

rome-utils-1.12.2.jar

Description:

Utility classes for ROME projects

File Path: /var/simplicite/.m2/repository/com/rometools/rome-utils/1.12.2/rome-utils-1.12.2.jar
MD5: ddabb58127fc60357eeb313ec2a5b902
SHA1: 240dc40fb9333ac872319e7d31178bffc63f7900
SHA256:8f6e8cc73c9cd35d313c2092a18e45caab522e177f14c5653211c4890ede36f1
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

CVE-2021-4277  

A vulnerability, which was classified as problematic, has been found in fredsmith utils. This issue affects some unknown processing of the file screenshot_sync of the component Filename Handler. The manipulation leads to predictable from observable state. The name of the patch is dbab1b66955eeb3d76b34612b358307f5c4e3944. It is recommended to apply a patch to fix this issue. The identifier VDB-216749 was assigned to this vulnerability.
CWE-330 Use of Insufficiently Random Values

CVSSv3:
  • Base Score: MEDIUM (5.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References:

Vulnerable Software & Versions:

run-async:2.4.1

Description:

Utility method to run function either synchronously or asynchronously using the common `this.async()` style.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/run-async:2.4.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/inquirer:7.3.3

Identifiers

run-parallel:1.2.0

Description:

Run an array of functions in parallel

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/run-parallel:1.2.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@nodelib/fs.scandir:2.1.5

Identifiers

rxjs:6.6.7

Description:

Reactive Extensions for modern JavaScript

License:

Apache-2.0
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/rxjs:6.6.7

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/inquirer:7.3.3

Identifiers

s3-2.3.0.jar

Description:

jclouds components to access an implementation of S3

File Path: /var/simplicite/.m2/repository/org/apache/jclouds/api/s3/2.3.0/s3-2.3.0.jar
MD5: cf420da4da3be6ee7918c6d16621c6e5
SHA1: 32dc29e8bf3f18f63831034a02f6318198963478
SHA256:8bdd69129e51d07181636f5b2a2e442b6255a026f14a64b5d8e6334e18536993
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

safe-array-concat:1.0.0

Description:

`Array.prototype.concat`, but made safe by ignoring Symbol.isConcatSpreadable

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/safe-array-concat:1.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/object.getownpropertydescriptors:2.1.6

Identifiers

safe-buffer:5.2.1

Description:

Safer Node.js Buffer API

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/safe-buffer:5.2.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65/string_decoder:1.3.0
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/string_decoder:1.1.1
  • simplicite-js:5.1.65/readable-stream:2.3.8

Identifiers

safe-regex-test:1.0.0

Description:

Give a regex, get a robust predicate function that tests it against a string.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/safe-regex-test:1.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/es-abstract:1.21.2

Identifiers

safer-buffer:2.1.2

Description:

Modern Buffer API polyfill without footguns

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/safer-buffer:2.1.2

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/iconv-lite:0.4.24
  • simplicite-js:5.1.65/iconv-lite:0.6.3

Identifiers

sass:1.63.6

Description:

A pure JavaScript implementation of Sass.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/sass:1.63.6

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/depcheck:1.4.3

Identifiers

scss-parser:1.0.6

Description:

A library to parse/stringify SCSS

License:

SEE LICENSE IN README
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/scss-parser:1.0.6

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/depcheck:1.4.3

Identifiers

select2-theme-bootstrap4:1.0.0

Description:

A theme for Select2 v4 and Bootstrap 4.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/select2-theme-bootstrap4:1.0.0

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

select2:4.0.13

Description:

Select2 is a jQuery based replacement for select boxes. It supports searching, remote data sets, and infinite scrolling of results.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/select2:4.0.13

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

semver-compare:1.0.0

Description:

compare two semver version strings, returning -1, 0, or 1

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/semver-compare:1.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/please-upgrade-node:3.2.0

Identifiers

semver-diff:3.1.1

Description:

Get the diff type of two semver versions: 0.0.1 0.0.2 → patch

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?update-notifier:4.1.3/semver-diff:^3.1.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/update-notifier:5.1.0
  • simplicite-js:5.1.65/update-notifier:6.0.2
  • simplicite-js:5.1.65/update-notifier:4.1.3
  • simplicite-js:5.1.65/npm-check:6.0.1

Identifiers

semver-utils:1.1.4

Description:

Tools for manipulating semver strings and objects

License:

APACHEv2
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/semver-utils:1.1.4

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/npm-check-updates:16.14.6

Identifiers

semver:5.7.1

Description:

The semantic version parser used by npm.

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/semver:5.7.1

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

CVE-2022-25883 (OSSINDEX)  

Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.



Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2022-25883 for details
CWE-1333

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:/C:N/I:N/A:H

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:*:semver:5.7.1:*:*:*:*:*:*:*

semver:6.3.1

Description:

The semantic version parser used by npm.

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?semver-diff:3.1.1/semver:^6.3.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65/@babel/helper-compilation-targets:7.22.15
  • simplicite-js:5.1.65/update-notifier:5.1.0
  • simplicite-js:5.1.65/npm-check:6.0.1
  • simplicite-js:5.1.65/npm-install-checks:6.1.1
  • simplicite-js:5.1.65/normalize-package-data:5.0.0
  • simplicite-js:5.1.65/npm-pick-manifest:8.0.2
  • simplicite-js:5.1.65/update-notifier:6.0.2
  • simplicite-js:5.1.65/npm-package-arg:10.1.0
  • simplicite-js:5.1.65/package-json:6.5.0
  • simplicite-js:5.1.65/editorconfig:0.15.3
  • simplicite-js:5.1.65/node-environment-flags:1.0.6
  • simplicite-js:5.1.65/npm-check-updates:16.14.6
  • simplicite-js:5.1.65/make-dir:3.1.0
  • simplicite-js:5.1.65/builtins:5.0.1
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/core:7.23.2
  • simplicite-js:5.1.65/normalize-package-data:3.0.3
  • simplicite-js:5.1.65/eslint-plugin-jsdoc:46.8.2
  • simplicite-js:5.1.65/license-report:6.5.0
  • simplicite-js:5.1.65/babel-plugin-polyfill-corejs2:0.4.6
  • simplicite-js:5.1.65/@npmcli/fs:3.1.0
  • simplicite-js:5.1.65/make-dir:2.1.0
  • simplicite-js:5.1.65/@babel/helper-create-regexp-features-plugin:7.22.5
  • simplicite-js:5.1.65/@babel/preset-env:7.23.2
  • simplicite-js:5.1.65/normalize-package-data:2.5.0
  • simplicite-js:5.1.65/@babel/helper-create-class-features-plugin:7.22.15
  • simplicite-js:5.1.65/semver-diff:3.1.1
  • simplicite-js:5.1.65/@npmcli/git:4.1.0
  • simplicite-js:5.1.65/package-json:8.1.1
  • simplicite-js:5.1.65/node-gyp:9.4.0
  • simplicite-js:5.1.65/semver-diff:4.0.0
  • simplicite-js:5.1.65/depcheck:1.4.3

Identifiers

semver:7.5.4

Description:

The semantic version parser used by npm.

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/semver:7.5.4

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

sentence-case:3.0.4

Description:

Transform into a lower case with spaces between words, then capitalize the string

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?tablemark:3.0.0/sentence-case:^3.0.4

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/tablemark:3.0.0

Identifiers

sentiment-analysis-parser-0.1.jar

Description:

Combines Apache OpenNLP and Apache Tika and provides facilities for automatically deriving sentiment from text.

License:

The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/edu/usc/ir/sentiment-analysis-parser/0.1/sentiment-analysis-parser-0.1.jar
MD5: 69727e01cb8165e2e5d637e527ea82d4
SHA1: 20d1524a1270c1d26e3314d2ee71a12e6a29a27d
SHA256:035a28b4d65993b405ddcc98b4bb67cd038d4617e5c8e5c2f4d16d34c8f49e2b
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

serializer-2.7.2.jar

Description:

    Serializer to write out XML, HTML etc. as a stream of characters from an input DOM or from input
    SAX events.

File Path: /var/simplicite/.m2/repository/xalan/serializer/2.7.2/serializer-2.7.2.jar
MD5: e8325763fd4235f174ab7b72ed815db1
SHA1: 24247f3bb052ee068971393bdb83e04512bb1c3c
SHA256:e8f5b4340d3b12a0cfa44ac2db4be4e0639e479ae847df04c4ed8b521734bb4a
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

CVE-2022-34169  

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.
CWE-681 Incorrect Conversion between Numeric Types

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

Vulnerable Software & Versions: (show all)

set-blocking:2.0.0

Description:

set blocking stdio and stderr ensuring that terminal output does not truncate

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/set-blocking:2.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/npmlog:6.0.2

Identifiers

set-immediate-shim:1.0.1

Description:

Simple setImmediate shim

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/set-immediate-shim:1.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/jszip:3.5.0

Identifiers

shallow-clone:3.0.1

Description:

Creates a shallow clone of any JavaScript value.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/shallow-clone:3.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/clone-deep:4.0.1

Identifiers

shebang-command:2.0.0

Description:

Get the command from a shebang

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/shebang-command:2.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/cross-spawn:7.0.3

Identifiers

shebang-regex:3.0.0

Description:

Regular expression for matching a shebang line

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/shebang-regex:3.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/shebang-command:2.0.0

Identifiers

shelljs:0.3.0

Description:

Portable Unix shell commands for Node.js

License:

BSD*
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/shelljs:0.3.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/jshint:2.12.0

Identifiers

CVE-2022-0144  

shelljs is vulnerable to Improper Privilege Management
CWE-269 Improper Privilege Management

CVSSv2:
  • Base Score: LOW (3.6)
  • Vector: /AV:L/AC:L/Au:N/C:P/I:N/A:P
CVSSv3:
  • Base Score: HIGH (7.1)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

References:

Vulnerable Software & Versions:

side-channel:1.0.4

Description:

Store information about any JS value in a side channel. Uses WeakMap if available.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/side-channel:1.0.4

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/internal-slot:1.0.5

Identifiers

sigmund:1.0.1

Description:

Quick and dirty signatures for Objects.

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/sigmund:1.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/editorconfig:0.15.3

Identifiers

signal-exit:3.0.7

Description:

when you want to fire an event no matter how a process exits.

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?write-file-atomic:4.0.2/signal-exit:^3.0.7

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/write-file-atomic:4.0.2
  • simplicite-js:5.1.65/execa:5.1.1
  • simplicite-js:5.1.65/write-file-atomic:3.0.3
  • simplicite-js:5.1.65/gauge:4.0.4
  • simplicite-js:5.1.65/foreground-child:3.1.1
  • simplicite-js:5.1.65/restore-cursor:3.1.0

Identifiers

signal-exit:4.0.2

Description:

when you want to fire an event no matter how a process exits.

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/signal-exit:4.0.2

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

sigstore:1.8.0

Description:

code-signing for npm packages

License:

Apache-2.0
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/sigstore:1.8.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/pacote:15.2.0

Identifiers

simplicite-bootstrap-datetimepicker:1.0.6

Description:

Bootstrap date and time picker adapted and refactored for Bootstrap 4 from archived https://github.com/smalot/bootstrap-datetimepicker

License:

Apache-2.0
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/simplicite-bootstrap-datetimepicker:1.0.6

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

simplicite:2.2.37

Description:

Simplicite(R) platform Javascript API (for node.js and browser)

License:

Apache-2.0
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/simplicite:2.2.37

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

sis-feature-1.0.jar

Description:

    Representations of geographic features.
    Includes access to both vector and raster data.

File Path: /var/simplicite/.m2/repository/org/apache/sis/core/sis-feature/1.0/sis-feature-1.0.jar
MD5: 9dd6c6f6054d25b499d449c3c5643cac
SHA1: 4178a349ce0c14bc442d97ed43c13a9f6b6b53e8
SHA256:3049c514fc9bc815781b0c7d0b56e2c61e6d4d680cf14ec1adb7da6f591440c6
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

sis-metadata-1.0.jar

Description:

    Implementations of metadata derived from ISO 19115. This module provides both an implementation
    of the metadata interfaces defined in GeoAPI, and a framework for handling those metadata through
    Java reflection.

File Path: /var/simplicite/.m2/repository/org/apache/sis/core/sis-metadata/1.0/sis-metadata-1.0.jar
MD5: 289e5e47d5045d0bbb788d001aaefb27
SHA1: 8a31d969f98a539cc35ef86b1b7f28d364792393
SHA256:382ac1d5d53a363f7aab26121ce5093b2a1db9d359b7f3409ec95dc131968b6a
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

sis-netcdf-1.0.jar

Description:

    Bridge between netCDF Climate and Forecast (CF) convention and ISO 19115 metadata.

File Path: /var/simplicite/.m2/repository/org/apache/sis/storage/sis-netcdf/1.0/sis-netcdf-1.0.jar
MD5: 9582d3b6db23ee114dca7fb1137bbf93
SHA1: aa181ec5975feaebb38bfaeef295550bdec48bde
SHA256:acfb71b94a5df80cf8e66389dc41a2ee347bcd2078f86320ffaf2c11f4ca87a0
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

sis-referencing-1.0.jar

Description:

    Implementations of Coordinate Reference Systems (CRS),
    conversion and transformation services derived from ISO 19111.

File Path: /var/simplicite/.m2/repository/org/apache/sis/core/sis-referencing/1.0/sis-referencing-1.0.jar
MD5: f2db942fea46bd4b3aa1f17f63066030
SHA1: cc09bc1cc25222a47660e3a217762fa8b4c66f36
SHA256:2225d3c5989f53d696b9c60958c7c181e3b5f493e0bd5ed54b829cbf6fbeb442
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

sis-storage-1.0.jar

Description:

    Provides the interfaces and base classes to be implemented by various storage formats.

File Path: /var/simplicite/.m2/repository/org/apache/sis/storage/sis-storage/1.0/sis-storage-1.0.jar
MD5: 7a78861b4d4fe256a344cfecacbec7d0
SHA1: 7604108ad33b9c0d70b90518a265b9bacc37c4c6
SHA256:f4563d827db841163707ec0d772cbfbb70c6973237498309975d8e732cffc4f2
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

sis-utility-1.0.jar

Description:

    Miscellaneous utilities.

File Path: /var/simplicite/.m2/repository/org/apache/sis/core/sis-utility/1.0/sis-utility-1.0.jar
MD5: a19ef6fcc5f530ad8c6d7dcbb75b0289
SHA1: 37f59318fa1e5093f5131abf6e5ee8be0ebdb214
SHA256:2b082d4e6f5e723141d541787a7bd096b0d4e489a3cca906a473632eee217732
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

sisteransi:1.0.5

Description:

ANSI escape codes for some terminal swag

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/sisteransi:1.0.5

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/prompts-ncu:3.0.0

Identifiers

slash:2.0.0

Description:

Convert Windows backslash paths to slash paths

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/slash:2.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/globby:11.1.0
  • simplicite-js:5.1.65/@babel/cli:7.23.0

Identifiers

slash:3.0.0

Description:

Convert Windows backslash paths to slash paths

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/slash:3.0.0

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

slf4j-api-1.7.30.jar

Description:

The slf4j API

File Path: /var/simplicite/.m2/repository/org/slf4j/slf4j-api/1.7.30/slf4j-api-1.7.30.jar
MD5: f8be00da99bc4ab64c79ab1e2be7cb7c
SHA1: b5a4b6d16ab13e34a88fae84c35cd5d68cac922c
SHA256:cdba07964d1bb40a0761485c6b1e8c2f8fd9eb1d19c53928ac0d7f9510105c57
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

slice-ansi:4.0.0

Description:

Slice a string with ANSI escape codes

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?table:6.8.1/slice-ansi:^4.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/table:6.8.1

Identifiers

smart-buffer:4.2.0

Description:

smart-buffer is a Buffer wrapper that adds automatic read & write offset tracking, string operations, data insertions, and more.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?socks:2.7.1/smart-buffer:^4.2.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/socks:2.7.1

Identifiers

snakeyaml-1.27.jar

Description:

YAML 1.1 parser and emitter for Java

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/yaml/snakeyaml/1.27/snakeyaml-1.27.jar
MD5: 466ff09da784f9f21b2e6bf3b486a8cd
SHA1: 359d62567480b07a679dc643f82fc926b100eed5
SHA256:7e7cce6740ed705bfdfaac7b442c1375d2986d2f2935936a5bd40c14e18fd736
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

CVE-2022-1471  

SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization. We recommend upgrading to version 2.0 and beyond.
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions:

CVE-2022-25857  

The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.
CWE-776 Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

CVE-2022-38749  

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.
CWE-787 Out-of-bounds Write

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

CVE-2022-38751  

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.
CWE-787 Out-of-bounds Write

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

CVE-2022-38752  

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.
CWE-787 Out-of-bounds Write

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

CVE-2022-41854  

Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.
CWE-787 Out-of-bounds Write

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

CVE-2022-38750  

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.
CWE-787 Out-of-bounds Write

CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

socks-proxy-agent:7.0.0

Description:

A SOCKS proxy `http.Agent` implementation for HTTP and HTTPS

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/socks-proxy-agent:7.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/make-fetch-happen:11.1.1

Identifiers

socks:2.7.1

Description:

Fully featured SOCKS proxy client supporting SOCKSv4, SOCKSv4a, and SOCKSv5. Includes Bind and Associate functionality.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?socks-proxy-agent:7.0.0/socks:^2.6.2

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/socks-proxy-agent:7.0.0

Identifiers

source-map-js:1.0.2

Description:

Generates and consumes source maps

License:

BSD-3-Clause
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/source-map-js:1.0.2

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/postcss:8.4.24
  • simplicite-js:5.1.65/@vue/compiler-sfc:3.3.4
  • simplicite-js:5.1.65/@vue/compiler-core:3.3.4
  • simplicite-js:5.1.65/sass:1.63.6

Identifiers

source-map-support:0.5.21

Description:

Fixes stack traces for files with source maps

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/source-map-support:0.5.21

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/register:7.22.15
  • simplicite-js:5.1.65/npm-check-updates:16.14.6

Identifiers

source-map:0.6.1

Description:

Generates and consumes source maps

License:

BSD-3-Clause
File Path: /var/simplicite/simplicite-5.1/package-lock.json?source-map-support:0.5.21/source-map:^0.6.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/handlebars:4.7.7
  • simplicite-js:5.1.65/source-map-support:0.5.21

Identifiers

spawn-please:2.0.2

Description:

Promisified child_process.spawn. *Supports stdin* *Rejects on stderr*

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/spawn-please:2.0.2

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/npm-check-updates:16.14.6

Identifiers

spdx-correct:3.2.0

Description:

correct invalid SPDX expressions

License:

Apache-2.0
File Path: /var/simplicite/simplicite-5.1/package-lock.json?validate-npm-package-license:3.0.4/spdx-correct:^3.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/validate-npm-package-license:3.0.4

Identifiers

spdx-exceptions:2.3.0

Description:

list of SPDX standard license exceptions

License:

CC-BY-3.0
File Path: /var/simplicite/simplicite-5.1/package-lock.json?spdx-expression-parse:3.0.1/spdx-exceptions:^2.1.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/spdx-expression-parse:3.0.1

Identifiers

spdx-expression-parse:3.0.1

Description:

parse SPDX license expressions

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?validate-npm-package-license:3.0.4/spdx-expression-parse:^3.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/eslint-plugin-jsdoc:46.8.2
  • simplicite-js:5.1.65/spdx-correct:3.2.0
  • simplicite-js:5.1.65/validate-npm-package-license:3.0.4

Identifiers

spdx-license-ids:3.0.13

Description:

A list of SPDX license identifiers

License:

CC0-1.0
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/spdx-license-ids:3.0.13

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/spdx-correct:3.2.0
  • simplicite-js:5.1.65/spdx-expression-parse:3.0.1

Identifiers

spectrum-colorpicker:1.8.1

Description:

Spectrum: the no hassle jQuery colorpicker

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/spectrum-colorpicker:1.8.1

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

split-text-to-chunks:1.0.0

Description:

Split a text string to chunks for e.g. word wrapping

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?tablemark:3.0.0/split-text-to-chunks:^1.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/tablemark:3.0.0

Identifiers

sprintf-js:1.0.3

Description:

JavaScript sprintf implementation

License:

BSD-3-Clause
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/sprintf-js:1.0.3

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/argparse:1.0.10

Identifiers

sshd-osgi-2.8.0.jar

Description:

The Apache Software Foundation provides support for the Apache community of open-source software projects.    The Apache projects are characterized by a collaborative, consensus based development process, an open and    pragmatic software license, and a desire to create high quality software that leads the way in its field.    We consider ourselves not simply a group of projects sharing a server, but rather a community of developers    and users.

License:

https://www.apache.org/licenses/LICENSE-2.0
File Path: /var/simplicite/.m2/repository/org/apache/sshd/sshd-osgi/2.8.0/sshd-osgi-2.8.0.jar
MD5: 15b16cddad3c6d3bc9d45a74585e2f6e
SHA1: b2a59b73c045f40d5722b9160d4f909a646d86c9
SHA256:734ee51c6babaf0fdfebfc9f38c148a38b8a1d8bce03d0bad26b3fba21a48463
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

CVE-2022-45047  

Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD <= 2.9.1 uses Java deserialization to load a serialized java.security.PrivateKey. The class is one of several implementations that an implementor using Apache MINA SSHD can choose for loading the host keys of an SSH server.
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions:

sshd-sftp-2.8.0.jar

Description:

The Apache Software Foundation provides support for the Apache community of open-source software projects.    The Apache projects are characterized by a collaborative, consensus based development process, an open and    pragmatic software license, and a desire to create high quality software that leads the way in its field.    We consider ourselves not simply a group of projects sharing a server, but rather a community of developers    and users.

License:

https://www.apache.org/licenses/LICENSE-2.0
File Path: /var/simplicite/.m2/repository/org/apache/sshd/sshd-sftp/2.8.0/sshd-sftp-2.8.0.jar
MD5: d4bcc5b494436d6a16e0b32a50cb4c4e
SHA1: d3cd9bc8d335b3ed1a86d2965deb4d202de27442
SHA256:bb18aa1a9e9e1e49bfd47b4e1bce23580215eac73f1bf18b9d7d90f06d59d220
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

CVE-2022-45047  

Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD <= 2.9.1 uses Java deserialization to load a serialized java.security.PrivateKey. The class is one of several implementations that an implementor using Apache MINA SSHD can choose for loading the host keys of an SSH server.
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions:

CVE-2023-35887 (OSSINDEX)  

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache MINA.

In SFTP servers implemented using Apache MINA SSHD that use a RootedFileSystem, logged users may be able to discover "exists/does not exist" information about items outside the rooted tree via paths including parent navigation ("..") beyond the root, or involving symlinks.

This issue affects Apache MINA: from 1.0 before 2.10. Users are recommended to upgrade to 2.10
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:L/Au:/C:L/I:N/A:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.apache.sshd:sshd-sftp:2.8.0:*:*:*:*:*:*:*

ssri:10.0.4

Description:

Standard Subresource Integrity library -- parses, serializes, generates, and verifies integrity metadata according to the SRI spec.

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/ssri:10.0.4

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/pacote:15.2.0
  • simplicite-js:5.1.65/cacache:17.1.3
  • simplicite-js:5.1.65/make-fetch-happen:11.1.1

Identifiers

stackframe:1.3.4

Description:

JS Object representation of a stack frame

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/stackframe:1.3.4

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@devexpress/error-stack-parser:2.0.6

Identifiers

stax-ex-1.8.1.jar

Description:

Extensions to JSR-173 StAX API.

License:

Eclipse Distribution License - v 1.0: http://www.eclipse.org/org/documents/edl-v10.php
File Path: /var/simplicite/.m2/repository/org/jvnet/staxex/stax-ex/1.8.1/stax-ex-1.8.1.jar
MD5: 8fea4418fa80e957e39c174cec08053c
SHA1: 78011e483a21102fb4858f3e8f269a677e50aa23
SHA256:20522549056e9e50aa35ef0b445a2e47a53d06be0b0a9467d704e2483ffb049a
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

stax2-api-4.2.jar

Description:

tax2 API is an extension to basic Stax 1.0 API that adds significant new functionality, such as full-featured bi-direction validation interface and high-performance Typed Access API.

License:

The BSD License: http://www.opensource.org/licenses/bsd-license.php
File Path: /var/simplicite/.m2/repository/org/codehaus/woodstox/stax2-api/4.2/stax2-api-4.2.jar
MD5: 5d22fe6dbb276d1fd6dab40c386a4f0a
SHA1: 13c2b30926bca0429c704c4b4ca0b5d0432b69cd
SHA256:badf6081a0bb526fd2c01951dfefad91b6846b6dd0eb0048587e30d1dd334e68
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

CVE-2022-40152  

Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks (DOS) if DTD support is enabled. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.
CWE-787 Out-of-bounds Write

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

string-width:4.2.3

Description:

Get the visual width of a string - the number of columns required to display it

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?yargs:16.2.0/string-width:^4.2.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/cli-table3:0.6.3
  • simplicite-js:5.1.65/yargs:16.2.0
  • simplicite-js:5.1.65/cliui:7.0.4
  • simplicite-js:5.1.65/boxen:5.1.2
  • simplicite-js:5.1.65/widest-line:3.1.0
  • simplicite-js:5.1.65/wrap-ansi:8.1.0
  • simplicite-js:5.1.65/boxen:7.1.0
  • simplicite-js:5.1.65/ansi-align:3.0.1
  • simplicite-js:5.1.65/gauge:4.0.4
  • simplicite-js:5.1.65/inquirer:7.3.3
  • simplicite-js:5.1.65/widest-line:4.0.1
  • simplicite-js:5.1.65/stylelint:14.16.1
  • simplicite-js:5.1.65/wide-align:1.1.5
  • simplicite-js:5.1.65/wrap-ansi:7.0.0
  • simplicite-js:5.1.65/@isaacs/cliui:8.0.2
  • simplicite-js:5.1.65/table:6.8.1
  • simplicite-js:5.1.65/boxen:4.2.0
  • simplicite-js:5.1.65/wrap-ansi-cjs:7.0.0

Identifiers

string.prototype.trim:1.2.7

Description:

ES5 spec-compliant shim for String.prototype.trim

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/string.prototype.trim:1.2.7

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/es-abstract:1.21.2

Identifiers

string.prototype.trimend:1.0.6

Description:

ES2019 spec-compliant String.prototype.trimEnd shim.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/string.prototype.trimend:1.0.6

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/es-abstract:1.21.2

Identifiers

string.prototype.trimstart:1.0.6

Description:

ES2019 spec-compliant String.prototype.trimStart shim.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/string.prototype.trimstart:1.0.6

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/es-abstract:1.21.2

Identifiers

string_decoder:0.10.31

Description:

The string_decoder module from Node core

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/string_decoder:0.10.31

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/readable-stream:3.6.2
  • simplicite-js:5.1.65/readable-stream:2.3.8
  • simplicite-js:5.1.65/readable-stream:1.1.14

Identifiers

string_decoder:1.1.1

Description:

The string_decoder module from Node core

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/string_decoder:1.1.1

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

string_decoder:1.3.0

Description:

The string_decoder module from Node core

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/string_decoder:1.3.0

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

stringtemplate-3.2.1.jar

Description:

StringTemplate is a java template engine for generating source code,
web pages, emails, or any other formatted text output.

StringTemplate is particularly good at multi-targeted code generators,
multiple site skins, and internationalization/localization. 

It evolved over years of effort developing jGuru.com. 

StringTemplate also generates the stringtemplate website: http://www.stringtemplate.org
and powers the ANTLR v3 code generator. Its distinguishing characteristic 
is that unlike other engines, it strictly enforces model-view separation.

Strict separation makes websites and code generators more flexible
and maintainable; it also provides an excellent defense against malicious
template authors.

There are currently about 600 StringTemplate source downloads a month.

License:

BSD licence: http://antlr.org/license.html
File Path: /var/simplicite/.m2/repository/org/antlr/stringtemplate/3.2.1/stringtemplate-3.2.1.jar
MD5: b58ca53e518a92a1991eb63b61917582
SHA1: 59ec8083721eae215c6f3caee944c410d2be34de
SHA256:f66ce72e965e5301cb0f020e54d2ba6ad76feb91b3cbfc30dbbf00c06a6df6d7
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

strip-ansi:6.0.1

Description:

Strip ANSI escape codes from a string

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?wrap-ansi-cjs:7.0.0/strip-ansi:^6.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/string-width-cjs:4.2.3
  • simplicite-js:5.1.65/npm-check:6.0.1
  • simplicite-js:5.1.65/cliui:7.0.4
  • simplicite-js:5.1.65/string-width:5.1.2
  • simplicite-js:5.1.65/wrap-ansi:8.1.0
  • simplicite-js:5.1.65/ora:5.4.1
  • simplicite-js:5.1.65/eslint:8.52.0
  • simplicite-js:5.1.65/gauge:4.0.4
  • simplicite-js:5.1.65/inquirer:7.3.3
  • simplicite-js:5.1.65/stylelint:14.16.1
  • simplicite-js:5.1.65/string-width:4.2.3
  • simplicite-js:5.1.65/npm-check-updates:16.14.6
  • simplicite-js:5.1.65/wrap-ansi:7.0.0
  • simplicite-js:5.1.65/@isaacs/cliui:8.0.2
  • simplicite-js:5.1.65/table:6.8.1
  • simplicite-js:5.1.65/wrap-ansi-cjs:7.0.0

Identifiers

strip-bom:3.0.0

Description:

Strip UTF-8 byte order mark (BOM) from a string

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/strip-bom:3.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/load-yaml-file:0.2.0

Identifiers

strip-final-newline:2.0.0

Description:

Strip the final newline character from a string/buffer

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/strip-final-newline:2.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/execa:5.1.1

Identifiers

strip-indent:3.0.0

Description:

Strip leading whitespace from each line in a string

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/strip-indent:3.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65/redent:3.0.0
  • simplicite-js:5.1.65

Identifiers

strip-json-comments:1.0.4

Description:

Strip comments from JSON. Lets you use comments in your JSON files!

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/strip-json-comments:1.0.4

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

strip-json-comments:2.0.1

Description:

Strip comments from JSON. Lets you use comments in your JSON files!

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/strip-json-comments:2.0.1

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

strip-json-comments:3.1.1

Description:

Strip comments from JSON. Lets you use comments in your JSON files!

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/strip-json-comments:3.1.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/rc:1.2.8
  • simplicite-js:5.1.65/@eslint/eslintrc:2.1.2
  • simplicite-js:5.1.65/jshint:2.12.0
  • simplicite-js:5.1.65/jsdoc:4.0.2
  • simplicite-js:5.1.65/npm-check-updates:16.14.6

Identifiers

strip-json-comments:5.0.1

Description:

Strip comments from JSON. Lets you use comments in your JSON files!

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/strip-json-comments:5.0.1

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

stripe-java-20.32.0.jar

Description:

Stripe Java Bindings

License:

The MIT License: https://opensource.org/licenses/MIT
File Path: /var/simplicite/.m2/repository/com/stripe/stripe-java/20.32.0/stripe-java-20.32.0.jar
MD5: 616a1625062eaae0bc36d75e6a3b8a83
SHA1: a11a53f1cd10d55d8ce076c2438c6d20fab9ba7f
SHA256:4b92dd727c09e53bcc5caf9d0773d3fa17bf47acf1e2bd083076f66a116b1b89
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

sts-2.3.0.jar

Description:

jclouds components to access an implementation of Security Token Service (STS)

File Path: /var/simplicite/.m2/repository/org/apache/jclouds/api/sts/2.3.0/sts-2.3.0.jar
MD5: 4e2192c5386eeeae769ffcb671db7f49
SHA1: 1d0e804ab29a6e02b459b445ec8ec22e3e4a336b
SHA256:8a391ced32e23b462273067d17eda0b6e59d185301538c423d10d4b06597801b
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

style-search:0.1.0

Description:

Search CSS(-like) strings

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?stylelint:14.16.1/style-search:^0.1.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/stylelint:14.16.1

Identifiers

stylelint-config-recommended:9.0.0

Description:

Recommended shareable config for Stylelint

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?stylelint-config-standard:29.0.0/stylelint-config-recommended:^9.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65/stylelint-config-standard:29.0.0
  • simplicite-js:5.1.65

Identifiers

stylelint-config-standard:29.0.0

Description:

Standard shareable config for Stylelint

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/stylelint-config-standard:29.0.0

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

stylelint:14.16.1

Description:

A mighty, modern CSS linter.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/stylelint:14.16.1

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

supports-color:5.5.0

Description:

Detect whether a terminal supports color

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/supports-color:5.5.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/chalk:4.1.2
  • simplicite-js:5.1.65/chalk:3.0.0
  • simplicite-js:5.1.65/supports-hyperlinks:2.3.0
  • simplicite-js:5.1.65/chalk:2.4.2

Identifiers

supports-color:7.2.0

Description:

Detect whether a terminal supports color

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/supports-color:7.2.0

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

supports-hyperlinks:2.3.0

Description:

Detect if your terminal emulator supports hyperlinks

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?terminal-link:2.1.1/supports-hyperlinks:^2.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/terminal-link:2.1.1
  • simplicite-js:5.1.65/stylelint:14.16.1

Identifiers

supports-preserve-symlinks-flag:1.0.0

Description:

Determine if the current node version supports the `--preserve-symlinks` flag.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/supports-preserve-symlinks-flag:1.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65/resolve:1.22.2
  • simplicite-js:5.1.65

Identifiers

svg-tags:1.0.0

Description:

List of standard SVG tags.

File Path: /var/simplicite/simplicite-5.1/package-lock.json?/svg-tags:1.0.0

Referenced In Projects/Scopes:

  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/stylelint:14.16.1

Identifiers

swagger-annotations-1.5.8.jar

License:

http://www.apache.org/licenses/LICENSE-2.0.html
File Path: /var/simplicite/.m2/repository/io/swagger/swagger-annotations/1.5.8/swagger-annotations-1.5.8.jar
MD5: 57370150b5f709d54e96e50162653b51
SHA1: 48d3002e43bde443f19750ec5670d345e9cd8d62
SHA256:a476592aad2355c20559ba323c08fd1d8bf630aab75a8c8ddde22987d65f2d52
Referenced In Project/Scope:Simplicite Platform:provided

Identifiers

swagger-ui-dist:3.39.0

License:

Apache-2.0
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/swagger-ui-dist:3.39.0

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

CVE-2018-25031 (OSSINDEX)  

Swagger UI before 4.1.3 could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions.
CWE-20 Improper Input Validation

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:L/Au:/C:L/I:N/A:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:*:swagger-ui-dist:3.39.0:*:*:*:*:*:*:*

NPM-1088759  

The swagger-ui-dist package before 4.1.3 for Node.js could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim.
Unscored:
  • Severity: moderate

References:
  • Advisory 1088759: Spoofing attack in swagger-ui-dist - - https://nvd.nist.gov/vuln/detail/CVE-2021-46708 - https://security.snyk.io/vuln/SNYK-JS-SWAGGERUIDIST-2314884 - https://www.npmjs.com/package/swagger-ui-dist/v/4.1.3 - https://security.netapp.com/advisory/ntap-20220407-0004/ - https://github.com/advisories/GHSA-6c9x-mj3g-h47x

Vulnerable Software & Versions (NPM):

  • cpe:2.3:a:*:swagger-ui-dist:\<4.1.3:*:*:*:*:*:*:*

NPM-1092160  

SwaggerUI supports displaying remote OpenAPI definitions through the `?url` parameter. This enables robust demonstration capabilities on sites like `petstore.swagger.io`, `editor.swagger.io`, and similar sites, where users often want to see what their OpenAPI definitions would look like rendered.

However, this functionality may pose a risk for users who host their own SwaggerUI instances. In particular, including remote OpenAPI definitions opens a vector for phishing attacks by abusing the trusted names/domains of self-hosted instances.

An example scenario abusing this functionality could take the following form:
- `https://example.com/api-docs` hosts a version of SwaggerUI with `?url=` query parameter enabled.
- Users will trust the domain `https://example.com` and the contents of the OpenAPI definition.
- A malicious actor may craft a similar OpenAPI definition and service that responds to the defined APIs at `https://evildomain`.
- Users mistakenly click a phishing URL like `https://example.com/api-docs?url=https://evildomain/fakeapi.yaml` and enters sensitive data via the "Try-it-out" feature.

We do want to stress that this attack vector is limited to scenarios that actively trick users into divulging sensitive information. The ease of this is highly contextual and, therefore, the threat model may be different for individual users and organizations. It is *not* possible to perform non-interactive attacks (e.g., cross-site scripting or code injection) through this mechanism.

### Resolution 
We've made the decision to [disable query parameters (#4872)](https://github.com/swagger-api/swagger-ui/issues/4872) by default starting with SwaggerUI version `4.1.3`. Please update to this version when it becomes available (**ETA: 2021 December**). Users will still be able to be re-enable the options at their discretion. We'll continue to enable query parameters on the Swagger demo sites.

### Workaround
If you host a version of SwaggerUI and wish to mitigate this issue immediately, you are encouraged to add the following custom plugin code:

```js
SwaggerUI({
  //  ...other configuration options,
  plugins: [function UrlParamDisablePlugin() {
    return {
      statePlugins: {
        spec: {
          wrapActions: {
            // Remove the ?url parameter from loading an external OpenAPI definition.
            updateUrl: (oriAction) => (payload) => {
              const url = new URL(window.location.href)
              if (url.searchParams.has('url')) {
                url.searchParams.delete('url')
                window.location.replace(url.toString())
              }
              return oriAction(payload)
            }
          }
        }
      }
    }
  }],
})
```

### Future UX work

Through the exploration of this issue, it became apparent that users may not be aware to which web server the Try-it-out function will send requests. While this information is currently presented at the top of the page, understanding may improve by displaying it closer to the "Execute" button where requests are actually made. We'll be exploring these UX improvements over the coming months and welcome community input. Please create a Feature Request under the GitHub Issue tab to start a conversation with us and the community.

## Reflected XSS attack

**Warning** in versions < 3.38.0, it is possible to combine the URL options (as mentioned above) with a vulnerability in DOMPurify (https://www.cvedetails.com/cve/CVE-2020-26870/) to create a reflected XSS vector. If your version of Swagger UI is older than 3.38.0, we suggest you upgrade or implement the workaround as mentioned above.
Unscored:
  • Severity: moderate

References:
  • Advisory 1092160: Server side request forgery in SwaggerUI - - https://github.com/swagger-api/swagger-ui/security/advisories/GHSA-qrmm-w75w-3wpx - https://github.com/swagger-api/swagger-ui/issues/4872 - https://github.com/swagger-api/swagger-ui/commit/01a3e55960f864a0acf6a8d06e5ddaf6776a7f76 - https://github.com/domaindrivendev/Swashbuckle.AspNetCore/commit/401c7cb81e5efe835ceb8aae23e82057d57c7d29 - https://github.com/advisories/GHSA-qrmm-w75w-3wpx

Vulnerable Software & Versions (NPM):

  • cpe:2.3:a:*:swagger-ui-dist:\<4.1.3:*:*:*:*:*:*:*

table:6.8.1

Description:

Formats data into a string table.

License:

BSD-3-Clause
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/table:6.8.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/stylelint:14.16.1

Identifiers

tablemark:3.0.0

Description:

Generate markdown tables from a list of objects or JSON data.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/tablemark:3.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/license-report:6.5.0

Identifiers

tagsoup-1.2.1.jar

Description:

TagSoup is a SAX-compliant parser written in Java that, instead of parsing well-formed or valid XML, parses HTML as it is found in the wild: poor, nasty and brutish, though quite often far from short. TagSoup is designed for people who have to process this stuff using some semblance of a rational application design. By providing a SAX interface, it allows standard XML tools to be applied to even the worst HTML. TagSoup also includes a command-line processor that reads HTML files and can generate either clean HTML or well-formed XML that is a close approximation to XHTML.

License:

Apache License 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/ccil/cowan/tagsoup/tagsoup/1.2.1/tagsoup-1.2.1.jar
MD5: ae73a52cdcbec10cd61d9ef22fab5936
SHA1: 5584627487e984c03456266d3f8802eb85a9ce97
SHA256:ac97f7b4b1d8e9337edfa0e34044f8d0efe7223f6ad8f3a85d54cc1018ea2e04
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

tar:6.1.15

Description:

tar for node

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/tar:6.1.15

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/pacote:15.2.0
  • simplicite-js:5.1.65/cacache:17.1.3
  • simplicite-js:5.1.65/node-gyp:9.4.0

Identifiers

term-size:2.2.1

Description:

Reliably get the terminal window size (columns & rows)

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/term-size:2.2.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/boxen:4.2.0

Identifiers

terminal-link:2.1.1

Description:

Create clickable links in the terminal

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/terminal-link:2.1.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/npm-audit-html:1.5.0

Identifiers

text-table:0.2.0

Description:

borderless text tables with alignment

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/text-table:0.2.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/eslint:8.52.0
  • simplicite-js:5.1.65/license-report:6.5.0
  • simplicite-js:5.1.65/npm-check:6.0.1

Identifiers

threeten-extra-1.5.0.jar

Description:

Additional functionality that enhances JSR-310 dates and times in Java SE 8 and later

License:

BSD 3-clause: https://raw.githubusercontent.com/ThreeTen/threeten-extra/master/LICENSE.txt
File Path: /var/simplicite/.m2/repository/org/threeten/threeten-extra/1.5.0/threeten-extra-1.5.0.jar
MD5: 25fcd93381bd0b0d2cf6b99c231e4bb4
SHA1: d6adb54fefe72482ed049f07af31ddf2c287345f
SHA256:e7def554536188fbaf8aac1a0a2f956b039cbbb5696edc3b8336c442c56ae445
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

threetenbp-1.4.0.jar

Description:

Backport of JSR-310 from JDK 8 to JDK 7 and JDK 6. NOT an implementation of the JSR.

License:

BSD 3-clause: https://raw.githubusercontent.com/ThreeTen/threetenbp/master/LICENSE.txt
File Path: /var/simplicite/.m2/repository/org/threeten/threetenbp/1.4.0/threetenbp-1.4.0.jar
MD5: 0c65e55d3357fc35748b66b5d35ab4f6
SHA1: 938bfa477f21d8f58785fea97813b724c36c5584
SHA256:b4d92c16ab337db632046e2588eaef5796d91bd1b615a70f541fe31c26f3abaa
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

throat:6.0.2

Description:

Throttle the parallelism of an asynchronous (promise returning) function / functions

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/throat:6.0.2

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/npm-check:6.0.1

Identifiers

through:2.3.8

Description:

simplified stream construction

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/through:2.3.8

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/inquirer:7.3.3

Identifiers

tika-core-1.23.jar

Description:

This is the core Apache Tika™ toolkit library from which all other modules inherit functionality. It also
    includes the core facades for the Tika API.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/tika/tika-core/1.23/tika-core-1.23.jar
MD5: 3238e7df12448b8efe0f90f3f340bc7a
SHA1: 9ae162fa4758b8f3da5d0651c000c5e5f9efca04
SHA256:d256a3f434456c100354d624daac042ceaefa3ec2b44fca8fc017f93cd4bb52c
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

CVE-2020-1950  

A carefully crafted or corrupt PSD file can cause excessive memory usage in Apache Tika's PSDParser in versions 1.0-1.23.
CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2020-1951  

A carefully crafted or corrupt PSD file can cause an infinite loop in Apache Tika's PSDParser in versions 1.0-1.23.
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2021-28657  

A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser up to and including Tika 1.25. Apache Tika users should upgrade to 1.26 or later.
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2022-25169  

The BPG parser in versions of Apache Tika before 1.28.2 and 2.4.0 may allocate an unreasonable amount of memory on carefully crafted files.
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2022-30126  

In Apache Tika, a regular expression in our StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. This only affects users who are running the StandardsExtractingContentHandler, which is a non-standard handler. This is fixed in 1.28.2 and 2.4.0
NVD-CWE-Other

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2022-30973  

We failed to apply the fix for CVE-2022-30126 to the 1.x branch in the 1.28.2 release. In Apache Tika, a regular expression in the StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. This only affects users who are running the StandardsExtractingContentHandler, which is a non-standard handler. This is fixed in 1.28.3.
NVD-CWE-Other

CVSSv2:
  • Base Score: LOW (2.6)
  • Vector: /AV:N/AC:H/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

CVE-2022-33879  

The initial fixes in CVE-2022-30126 and CVE-2022-30973 for regexes in the StandardsExtractingContentHandler were insufficient, and we found a separate, new regex DoS in a different regex in the StandardsExtractingContentHandler. These are now fixed in 1.28.4 and 2.4.1.
NVD-CWE-Other

CVSSv2:
  • Base Score: LOW (2.6)
  • Vector: /AV:N/AC:H/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: LOW (3.3)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

References:

Vulnerable Software & Versions: (show all)

tika-parsers-1.23.jar

Description:

Apache Tika is a toolkit for detecting and extracting metadata and    structured text content from various documents using existing parser    libraries.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/tika/tika-parsers/1.23/tika-parsers-1.23.jar
MD5: bd88ff34d281a0dcaead79fa96e62eca
SHA1: 9507a1123b6fbb3de7c99368589fac4184cbcfaa
SHA256:1bb3922e6094926e4c89cd1a03e1a9ca5cc5e4c01adf960d09b7cf1d282e306d
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

CVE-2020-1950  

A carefully crafted or corrupt PSD file can cause excessive memory usage in Apache Tika's PSDParser in versions 1.0-1.23.
CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2020-1951  

A carefully crafted or corrupt PSD file can cause an infinite loop in Apache Tika's PSDParser in versions 1.0-1.23.
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2020-9489 (OSSINDEX)  

A carefully crafted or corrupt file may trigger a System.exit in Tika's OneNote Parser. Crafted or corrupted files can also cause out of memory errors and/or infinite loops in Tika's ICNSParser, MP3Parser, MP4Parser, SAS7BDATParser, OneNoteParser and ImageParser. Apache Tika users should upgrade to 1.24.1 or later. The vulnerabilities in the MP4Parser were partially fixed by upgrading the com.googlecode:isoparser:1.1.22 dependency to org.tallison:isoparser:1.9.41.2. For unrelated security reasons, we upgraded org.apache.cxf to 3.3.6 as part of the 1.24.1 release.

Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2020-9489 for details
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

CVSSv2:
  • Base Score: MEDIUM (5.5)
  • Vector: /AV:L/AC:L/Au:/C:N/I:N/A:H

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.apache.tika:tika-parsers:1.23:*:*:*:*:*:*:*

CVE-2021-28657  

A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser up to and including Tika 1.25. Apache Tika users should upgrade to 1.26 or later.
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2022-25169  

The BPG parser in versions of Apache Tika before 1.28.2 and 2.4.0 may allocate an unreasonable amount of memory on carefully crafted files.
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2022-30126  

In Apache Tika, a regular expression in our StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. This only affects users who are running the StandardsExtractingContentHandler, which is a non-standard handler. This is fixed in 1.28.2 and 2.4.0
NVD-CWE-Other

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2022-30973  

We failed to apply the fix for CVE-2022-30126 to the 1.x branch in the 1.28.2 release. In Apache Tika, a regular expression in the StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. This only affects users who are running the StandardsExtractingContentHandler, which is a non-standard handler. This is fixed in 1.28.3.
NVD-CWE-Other

CVSSv2:
  • Base Score: LOW (2.6)
  • Vector: /AV:N/AC:H/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

CVE-2022-33879  

The initial fixes in CVE-2022-30126 and CVE-2022-30973 for regexes in the StandardsExtractingContentHandler were insufficient, and we found a separate, new regex DoS in a different regex in the StandardsExtractingContentHandler. These are now fixed in 1.28.4 and 2.4.1.
NVD-CWE-Other

CVSSv2:
  • Base Score: LOW (2.6)
  • Vector: /AV:N/AC:H/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: LOW (3.3)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

References:

Vulnerable Software & Versions: (show all)

tinymce-i18n:20.12.25

Description:

Languages for TinyMCE 4 and 5

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/tinymce-i18n:20.12.25

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

tinymce:5.6.2

Description:

Web based JavaScript HTML WYSIWYG editor control.

License:

LGPL-2.1
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/tinymce:5.6.2

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

CVE-2022-23494  

tinymce is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in the alert and confirm dialogs when these dialogs were provided with malicious HTML content. This can occur in plugins that use the alert or confirm dialogs, such as in the `image` plugin, which presents these dialogs when certain errors occur. The vulnerability allowed arbitrary JavaScript execution when an alert presented in the TinyMCE UI for the current user. This vulnerability has been patched in TinyMCE 5.10.7 and TinyMCE 6.3.1 by ensuring HTML sanitization was still performed after unwrapping invalid elements. Users are advised to upgrade to either 5.10.7 or 6.3.1. Users unable to upgrade may ensure the the `images_upload_handler` returns a valid value as per the images_upload_handler documentation.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2023-45818  

TinyMCE is an open source rich text editor. A mutation cross-site scripting (mXSS) vulnerability was discovered in TinyMCE’s core undo and redo functionality. When a carefully-crafted HTML snippet passes the XSS sanitisation layer, it is manipulated as a string by internal trimming functions before being stored in the undo stack. If the HTML snippet is restored from the undo stack, the combination of the string manipulation and reparative parsing by either the browser's native [DOMParser API](https://developer.mozilla.org/en-US/docs/Web/API/DOMParser) (TinyMCE 6) or the SaxParser API (TinyMCE 5) mutates the HTML maliciously, allowing an XSS payload to be executed. This vulnerability has been patched in TinyMCE 5.10.8 and TinyMCE 6.7.1 by ensuring HTML is trimmed using node-level manipulation instead of string manipulation. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2023-45819  

TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s Notification Manager API. The vulnerability exploits TinyMCE's unfiltered notification system, which is used in error handling. The conditions for this exploit requires carefully crafted malicious content to have been inserted into the editor and a notification to have been triggered. When a notification was opened, the HTML within the text argument was displayed unfiltered in the notification. The vulnerability allowed arbitrary JavaScript execution when an notification presented in the TinyMCE UI for the current user.  This issue could also be exploited by any integration which uses a TinyMCE notification to display unfiltered HTML content. This vulnerability has been patched in TinyMCE 5.10.8 and TinyMCE 6.7.1 by ensuring that the HTML displayed in the notification is sanitized, preventing the exploit. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions: (show all)

NPM-1085868  

### Impact
A cross-site scripting (XSS) vulnerability was discovered in the URL processing logic of the `image` and `link` plugins. The vulnerability allowed arbitrary JavaScript execution when updating an image or link using a specially crafted URL. This issue only impacted users while editing and the dangerous URLs were stripped in any content extracted from the editor. This impacts all users who are using TinyMCE 5.9.2 or lower.

### Patches
This vulnerability has been patched in TinyMCE 5.10.0 by improved sanitization logic when updating URLs in the relevant plugins.

### Workarounds
To work around this vulnerability, either:
- Upgrade to TinyMCE 5.10.0 or higher
- Disable the `image` and `link` plugins

### Acknowledgements
Tiny Technologies would like to thank Yakir6 for discovering this vulnerability.

### References
https://www.tiny.cloud/docs/release-notes/release-notes510/#securityfixes

### For more information
If you have any questions or comments about this advisory:
* Email us at [infosec@tiny.cloud](mailto:infosec@tiny.cloud)
* Open an issue in the [TinyMCE repo](https://github.com/tinymce/tinymce/issues)
Unscored:
  • Severity: moderate

References:
  • Advisory 1085868: Cross-site scripting vulnerability in TinyMCE plugins - - https://github.com/tinymce/tinymce/security/advisories/GHSA-r8hm-w5f7-wj39 - https://github.com/jazzband/django-tinymce/issues/366 - https://github.com/jazzband/django-tinymce/releases/tag/3.4.0 - https://pypi.org/project/django-tinymce/3.4.0/ - https://github.com/advisories/GHSA-r8hm-w5f7-wj39

Vulnerable Software & Versions (NPM):

  • cpe:2.3:a:*:tinymce:\<5.10.0:*:*:*:*:*:*:*

NPM-1085879  

### Impact
A cross-site scripting (XSS) vulnerability was discovered in the schema validation logic of the core parser. The vulnerability allowed arbitrary JavaScript execution when inserting a specially crafted piece of content into the editor using the clipboard or editor APIs. This malicious content could then end up in content published outside the editor, if no server-side sanitization was performed. This impacts all users who are using TinyMCE 5.8.2 or lower.

### Patches
This vulnerability has been patched in TinyMCE 5.9.0 by ensuring schema validation was still performed after unwrapping invalid elements.

### Workarounds
To work around this vulnerability, either:
- Upgrade to TinyMCE 5.9.0 or higher
- Manually sanitize the content using the `BeforeSetContent` event (see below)

#### Example: Manually sanitize content
```js
editor.on('BeforeSetContent', function(e) {
  var sanitizedContent = ...; // Manually sanitize content here
  e.content = sanitizedContent;
});
```

### Acknowledgements
Tiny Technologies would like to thank William Bowling for discovering this vulnerability.

### References
https://www.tiny.cloud/docs/release-notes/release-notes59/#securityfixes

### For more information
If you have any questions or comments about this advisory:
* Email us at [infosec@tiny.cloud](mailto:infosec@tiny.cloud)
* Open an issue in the [TinyMCE repo](https://github.com/tinymce/tinymce/issues)
Unscored:
  • Severity: moderate

References:
  • Advisory 1085879: Cross-site scripting vulnerability in TinyMCE - - https://github.com/tinymce/tinymce/security/advisories/GHSA-5h9g-x5rv-25wg - https://www.tiny.cloud/docs/release-notes/release-notes59/#securityfixes - https://github.com/advisories/GHSA-5h9g-x5rv-25wg

Vulnerable Software & Versions (NPM):

  • cpe:2.3:a:*:tinymce:\<5.9.0:*:*:*:*:*:*:*

NPM-1086108  

### Impact
A cross-site scripting (XSS) vulnerability was discovered in the URL sanitization logic of the core parser for `form` elements. The vulnerability allowed arbitrary JavaScript execution when inserting a specially crafted piece of content into the editor using the clipboard or APIs, and then submitting the form. However, as TinyMCE does not allow forms to be submitted while editing, the vulnerability could only be triggered when the content was previewed or rendered outside of the editor. This impacts all users who are using TinyMCE 5.7.0 or lower.

### Patches
This vulnerability has been patched in TinyMCE 5.7.1 by improved URL sanitization logic.

### Workarounds
To work around this vulnerability, either:
- Upgrade to TinyMCE 5.7.1 or higher
- Manually sanitize `form` URL attributes using a [TinyMCE node filter](https://www.tiny.cloud/docs/api/tinymce.html/tinymce.html.domparser/#addnodefilter).
- Disable `form` elements in your content using the [invalid_elements](https://www.tiny.cloud/docs/configure/content-filtering/#invalid_elements) setting.

#### Example: Sanitizing using a node filter
```js
editor.parser.addNodeFilter('form', function(nodes) {
  nodes.forEach(function(node) {
    if (node.attributes) {
      node.attributes.forEach(function(attr) {
        var name = attr.name;
        var value = attr.value;
        // Sanitize the attribute value here or remove it entirely
        var sanitizedValue = ...;
        node.attr(name, santizedValue);
      });
    }
  });
});
```

#### Example: Using invalid_elements
```js
invalid_elements: 'form'
```

### Acknowledgements
Tiny Technologies would like to thank Mikhail Khramenkov at Solar Security Research Team for discovering this vulnerability.

### References
https://www.tiny.cloud/docs/release-notes/release-notes571/#securityfixes

### For more information
If you have any questions or comments about this advisory:
* Open an issue in the [TinyMCE repo](https://github.com/tinymce/tinymce/issues)
* Email us at [infosec@tiny.cloud](mailto:infosec@tiny.cloud)
Unscored:
  • Severity: moderate

References:
  • Advisory 1086108: Cross-site scripting vulnerability in TinyMCE - - https://github.com/tinymce/tinymce/security/advisories/GHSA-5vm8-hhgr-jcjp - https://github.com/advisories/GHSA-5vm8-hhgr-jcjp

Vulnerable Software & Versions (NPM):

  • cpe:2.3:a:*:tinymce:\<5.7.1:*:*:*:*:*:*:*

NPM-1089106  

### Impact
A cross-site scripting (XSS) vulnerability was discovered in the alert and confirm dialogs when these dialogs were provided with malicious HTML content. This can occur in plugins that use the alert or confirm dialogs, such as in the `image` plugin, which presents these dialogs when certain errors occur. The vulnerability allowed arbitrary JavaScript execution when an alert presented in the TinyMCE UI for the current user.

### Patches
This vulnerability has been patched in TinyMCE 5.10.7 and TinyMCE 6.3.1 by ensuring HTML sanitization was still performed after unwrapping invalid elements.

### Fix
To avoid this vulnerability:
- Upgrade to TinyMCE 5.10.7 or higher for TinyMCE 5.x.
- Upgrade to TinyMCE 6.3.1 or higher for TinyMCE 6.x.

### Workaround
To reduce the impact of this vulnerability:
- Ensure the the `images_upload_handler` returns a valid value as per the images_upload_handler documentation.

### References
- https://www.tiny.cloud/docs/release-notes/release-notes5107/#securityfixes
- https://www.tiny.cloud/docs/tinymce/6/6.3-release-notes/#security-fixes

### For more information
If you have any questions or comments about this advisory:
* Email us at [infosec@tiny.cloud](mailto:infosec@tiny.cloud)
* Open an issue in the [TinyMCE repo](https://github.com/tinymce/tinymce/issues)
Unscored:
  • Severity: moderate

References:
  • Advisory 1089106: Cross-site scripting vulnerability in TinyMCE alerts - - https://github.com/tinymce/tinymce/security/advisories/GHSA-gg8r-xjwq-4w92 - https://www.tiny.cloud/docs/release-notes/release-notes5107/#securityfixes - https://www.tiny.cloud/docs/tinymce/6/6.3-release-notes/#security-fixes - https://nvd.nist.gov/vuln/detail/CVE-2022-23494 - https://github.com/tinymce/tinymce/commit/6923d85eba6de3e08ebc9c5a387b5abdaa21150e - https://github.com/tinymce/tinymce/commit/8bb2d2646d4e1a718fce61a775fa22e9d317b32d - https://www.tiny.cloud/docs/tinymce/6/file-image-upload/#images_upload_handler - https://github.com/advisories/GHSA-gg8r-xjwq-4w92

Vulnerable Software & Versions (NPM):

  • cpe:2.3:a:*:tinymce:\<5.10.7:*:*:*:*:*:*:*

NPM-1094417  

### Impact
A [mutation cross-site scripting](https://researchgate.net/publication/266654651_mXSS_attacks_Attacking_well-secured_web-applications_by_using_innerHTML_mutations) (mXSS) vulnerability was discovered in TinyMCE’s core undo and redo functionality. When a carefully-crafted HTML snippet passes the XSS sanitisation layer, it is manipulated as a string by internal trimming functions before being stored in the undo stack. If the HTML snippet is restored from the undo stack, the combination of the string manipulation and reparative parsing by either the browser's native [DOMParser API](https://developer.mozilla.org/en-US/docs/Web/API/DOMParser) (TinyMCE 6) or the [SaxParser API](https://www.tiny.cloud/docs/api/tinymce.html/tinymce.html.saxparser/) (TinyMCE 5) mutates the HTML maliciously, allowing an XSS payload to be executed.
​This vulnerability also impacts these related TinyMCE APIs and plugins:​
* [`tinymce.Editor.getContent({ format: 'raw' })`](https://tiny.cloud/docs/tinymce/6/apis/tinymce.editor/#getContent)
* [`tinymce.Editor.resetContent()`](https://tiny.cloud/docs/tinymce/6/apis/tinymce.editor/#resetContent)
* [Austosave Plugin](https://tiny.cloud/docs/tinymce/6/autosave/)

### Patches
This vulnerability has been patched in TinyMCE 5.10.8 and TinyMCE 6.7.1 by ensuring HTML is trimmed using node-level manipulation instead of string manipulation.

### Fix
To avoid this vulnerability:
* Upgrade to TinyMCE 5.10.8 or higher for TinyMCE 5.x.
* Upgrade to TinyMCE 6.7.1 or higher for TinyMCE 6.x.


### References
* <https://tiny.cloud/docs/release-notes/release-notes5108/#securityfixes>
* <https://tiny.cloud/docs/tinymce/6/6.7.1-release-notes/#security-fixes>

### For more information
If you have any questions or comments about this advisory:
* Email us at <infosec@tiny.cloud>
* Open an issue in the [TinyMCE repo](https://github.com/tinymce/tinymce/issues?q=is%3Aissue+is%3Aopen+sort%3Aupdated-desc)
Unscored:
  • Severity: moderate

References:
  • Advisory 1094417: TinyMCE mXSS vulnerability in undo/redo, getContent API, resetContent API, and Autosave plugin - - https://github.com/tinymce/tinymce/security/advisories/GHSA-v65r-p3vv-jjfv - https://tiny.cloud/docs/release-notes/release-notes5108/#securityfixes - https://tiny.cloud/docs/tinymce/6/6.7.1-release-notes/#security-fixes - https://nvd.nist.gov/vuln/detail/CVE-2023-45818 - https://researchgate.net/publication/266654651_mXSS_attacks_Attacking_well-secured_web-applications_by_using_innerHTML_mutations - https://www.tiny.cloud/docs/api/tinymce.html/tinymce.html.saxparser/ - https://github.com/advisories/GHSA-v65r-p3vv-jjfv

Vulnerable Software & Versions (NPM):

  • cpe:2.3:a:*:tinymce:\<5.10.8:*:*:*:*:*:*:*

NPM-1094469  

### Impact
A [cross-site scripting (XSS)](https://owasp.org/www-community/attacks/xss/) vulnerability was discovered in TinyMCE’s Notification Manager API. The vulnerability exploits TinyMCE's unfiltered notification system, which is used in error handling.  The conditions for this exploit requires carefully crafted malicious content to have been inserted into the editor and a notification to have been triggered.  

When a notification was opened, the HTML within the text argument was displayed unfiltered in the notification. The vulnerability allowed arbitrary JavaScript execution when an notification presented in the TinyMCE UI for the current user.  This issue could also be exploited by any integration which uses a TinyMCE notification to display unfiltered HTML content.

### Patches
This vulnerability has been patched in TinyMCE 5.10.8 and TinyMCE 6.7.1 by ensuring that the HTML displayed in the notification is sanitized, preventing the exploit.

### Fix
To avoid this vulnerability:

* Upgrade to TinyMCE 5.10.8 or higher for TinyMCE 5.x.
* Upgrade to TinyMCE 6.7.1 or higher for TinyMCE 6.x.

### References
* <https://tiny.cloud/docs/release-notes/release-notes5108/#securityfixes>
* <https://tiny.cloud/docs/tinymce/6/6.7.1-release-notes/#security-fixes>

### For more information
If you have any questions or comments about this advisory:
* Email us at <infosec@tiny.cloud>
* Open an issue in the [TinyMCE repo](https://github.com/tinymce/tinymce/issues?q=is%3Aissue+is%3Aopen+sort%3Aupdated-desc)
Unscored:
  • Severity: moderate

References:
  • Advisory 1094469: TinyMCE XSS vulnerability in notificationManager.open API - - https://github.com/tinymce/tinymce/security/advisories/GHSA-hgqx-r2hp-jr38 - https://tiny.cloud/docs/release-notes/release-notes5108/#securityfixes - https://tiny.cloud/docs/tinymce/6/6.7.1-release-notes/#security-fixes - https://nvd.nist.gov/vuln/detail/CVE-2023-45819 - https://github.com/advisories/GHSA-hgqx-r2hp-jr38

Vulnerable Software & Versions (NPM):

  • cpe:2.3:a:*:tinymce:\<5.10.8:*:*:*:*:*:*:*

tmp:0.0.33

Description:

Temporary file and directory creator

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/tmp:0.0.33

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/external-editor:3.1.0

Identifiers

to-fast-properties:2.0.0

Description:

Force V8 to use fast properties for an object

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/to-fast-properties:2.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/types:7.23.0

Identifiers

to-readable-stream:1.0.0

Description:

Convert a string/Buffer/Uint8Array to a readable stream

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/to-readable-stream:1.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/got:9.6.0

Identifiers

to-regex-range:5.0.1

Description:

Pass two numbers, get a regex-compatible source string for matching ranges. Validated against more than 2.78 million test assertions.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/to-regex-range:5.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/fill-range:7.0.1

Identifiers

totp-1.7.1.jar

Description:

A library to help implement time-based one time passwords to enable MFA.

File Path: /var/simplicite/.m2/repository/dev/samstevens/totp/totp/1.7.1/totp-1.7.1.jar
MD5: ceaed46be1e655c451d11cc5cb33e4ff
SHA1: c2bcced6c255d48223f5626c4db9af9aa9d43c35
SHA256:f02b3fcab62298907d655acc54c0dc85f7103dc26cee95eed44ebe6fc2af3415
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

tr46:0.0.3

Description:

An implementation of the Unicode TR46 spec

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?whatwg-url:5.0.0/tr46:~0.0.3

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/whatwg-url:5.0.0

Identifiers

trim-newlines:3.0.1

Description:

Trim newlines from the start and/or end of a string

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/trim-newlines:3.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/meow:9.0.0

Identifiers

tslib:1.14.1

Description:

Runtime library for TypeScript helper functions

License:

0BSD
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/tslib:1.14.1

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

tslib:2.6.0

Description:

Runtime library for TypeScript helper functions

License:

0BSD
File Path: /var/simplicite/simplicite-5.1/package-lock.json?upper-case-first:2.0.2/tslib:^2.0.3

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@fullcalendar/core:5.5.0
  • simplicite-js:5.1.65/@fullcalendar/moment-timezone:5.5.0
  • simplicite-js:5.1.65/@fullcalendar/luxon:5.5.0
  • simplicite-js:5.1.65/@fullcalendar/list:5.5.0
  • simplicite-js:5.1.65/@fullcalendar/moment:5.5.0
  • simplicite-js:5.1.65/upper-case-first:2.0.2
  • simplicite-js:5.1.65/sentence-case:3.0.4
  • simplicite-js:5.1.65/@fullcalendar/common:5.5.1
  • simplicite-js:5.1.65/no-case:3.0.4
  • simplicite-js:5.1.65/@fullcalendar/google-calendar:5.5.0
  • simplicite-js:5.1.65/rxjs:6.6.7
  • simplicite-js:5.1.65/@fullcalendar/timegrid:5.5.0
  • simplicite-js:5.1.65/lower-case:2.0.2
  • simplicite-js:5.1.65/@fullcalendar/daygrid:5.5.0
  • simplicite-js:5.1.65/@fullcalendar/bootstrap:5.5.0
  • simplicite-js:5.1.65/@fullcalendar/rrule:5.5.0
  • simplicite-js:5.1.65/@fullcalendar/interaction:5.5.0

Identifiers

tuf-js:1.1.7

Description:

JavaScript implementation of The Update Framework (TUF)

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/tuf-js:1.1.7

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@sigstore/tuf:1.0.3

Identifiers

twilio-8.5.0.jar

Description:

Twilio Java Helper Library

License:

MIT License: http://www.opensource.org/licenses/mit-license.php
File Path: /var/simplicite/.m2/repository/com/twilio/sdk/twilio/8.5.0/twilio-8.5.0.jar
MD5: 239c1edc5be333eeca47eb8763027fc3
SHA1: 88d47173fe14eb27b61c49069898e33672592558
SHA256:5799ca4245a89d3198f58d90c3f81a4e70ab0a6931a29bd1c8e7342ce103daea
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

txw2-2.3.2.jar

Description:

        TXW is a library that allows you to write XML documents.

File Path: /var/simplicite/.m2/repository/org/glassfish/jaxb/txw2/2.3.2/txw2-2.3.2.jar
MD5: 3f278f148c5d27dc608c25cb7d093b94
SHA1: ce5be7da2e442c25ec14c766cb60cb802741727b
SHA256:4a6a9f483388d461b81aa9a28c685b8b74c0597993bf1884b04eddbca95f48fe
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

type-check:0.4.0

Description:

type-check allows you to check the types of JavaScript values at runtime with a Haskell like type syntax.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/type-check:0.4.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/optionator:0.9.3
  • simplicite-js:5.1.65/levn:0.4.1

Identifiers

type-fest:0.18.1

Description:

A collection of essential TypeScript types

License:

(MIT OR CC0-1.0)
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/type-fest:0.18.1

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

type-fest:0.20.2

Description:

A collection of essential TypeScript types

License:

(MIT OR CC0-1.0)
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/type-fest:0.20.2

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

type-fest:0.21.3

Description:

A collection of essential TypeScript types

License:

(MIT OR CC0-1.0)
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/type-fest:0.21.3

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/meow:9.0.0
  • simplicite-js:5.1.65/boxen:7.1.0
  • simplicite-js:5.1.65/globals:13.22.0
  • simplicite-js:5.1.65/read-pkg-up:7.0.1
  • simplicite-js:5.1.65/globals:13.20.0
  • simplicite-js:5.1.65/ansi-escapes:4.3.2
  • simplicite-js:5.1.65/read-pkg:5.2.0
  • simplicite-js:5.1.65/boxen:4.2.0
  • simplicite-js:5.1.65/crypto-random-string:4.0.0
  • simplicite-js:5.1.65/boxen:5.1.2

Identifiers

type-fest:0.6.0

Description:

A collection of essential TypeScript types

License:

(MIT OR CC0-1.0)
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/type-fest:0.6.0

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

type-fest:0.8.1

Description:

A collection of essential TypeScript types

License:

(MIT OR CC0-1.0)
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/type-fest:0.8.1

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

type-fest:1.4.0

Description:

A collection of essential TypeScript types

License:

(MIT OR CC0-1.0)
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/type-fest:1.4.0

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

type-fest:2.19.0

Description:

A collection of essential TypeScript types

License:

(MIT OR CC0-1.0)
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/type-fest:2.19.0

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

typed-array-length:1.0.4

Description:

Robustly get the length of a Typed Array

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/typed-array-length:1.0.4

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/es-abstract:1.21.2

Identifiers

typedarray-to-buffer:3.1.5

Description:

Convert a typed array to a Buffer without a copy

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/typedarray-to-buffer:3.1.5

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/write-file-atomic:3.0.3

Identifiers

uc.micro:1.0.6

Description:

Micro subset of unicode data files for markdown-it projects.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/uc.micro:1.0.6

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/markdown-it:12.3.2
  • simplicite-js:5.1.65/linkify-it:3.0.3

Identifiers

udunits-4.5.5.jar

Description:

The ucar.units Java package is for decoding and encoding
    formatted unit specifications (e.g. "m/s"), converting numeric values
    between compatible units (e.g. between "m/s" and "knot"), and for
    performing arithmetic operations on units (e.g. dividing one unit by
    another, raising a unit to a power).

File Path: /var/simplicite/.m2/repository/edu/ucar/udunits/4.5.5/udunits-4.5.5.jar
MD5: 025ffadf77de73601443c8262c995df0
SHA1: d8c8d65ade13666eedcf764889c69321c247f153
SHA256:fb641ad901d1526d53f2b13bc86baec703c57d58e6001cfa54ca7734c97fb30d
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

uglify-js:3.17.4

Description:

JavaScript parser, mangler/compressor and beautifier toolkit

License:

BSD-2-Clause
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/uglify-js:3.17.4

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

  • pkg:npm/uglify-js@3.17.4  (Confidence:Highest)
  • cpe:2.3:a:uglifyjs_project:uglifyjs:3.17.4:*:*:*:*:*:*:*  (Confidence:Low)  

unbox-primitive:1.0.2

Description:

Unbox a boxed JS primitive value.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/unbox-primitive:1.0.2

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/es-abstract:1.21.2

Identifiers

underscore:1.13.6

Description:

JavaScript's functional programming helper library.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/underscore:1.13.6

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/jsdoc:4.0.2

Identifiers

unicode-canonical-property-names-ecmascript:2.0.0

Description:

The set of canonical Unicode property names supported in ECMAScript RegExp property escapes.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?unicode-match-property-ecmascript:2.0.0/unicode-canonical-property-names-ecmascript:^2.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/unicode-match-property-ecmascript:2.0.0

Identifiers

unicode-match-property-ecmascript:2.0.0

Description:

Match a Unicode property or property alias to its canonical property name per the algorithm used for RegExp Unicode property escapes in ECMAScript.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/unicode-match-property-ecmascript:2.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/regexpu-core:5.3.2

Identifiers

unicode-match-property-value-ecmascript:2.1.0

Description:

Match a Unicode property or property alias to its canonical property name per the algorithm used for RegExp Unicode property escapes in ECMAScript.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/unicode-match-property-value-ecmascript:2.1.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/regexpu-core:5.3.2

Identifiers

unicode-property-aliases-ecmascript:2.1.0

Description:

Unicode property alias mappings in JavaScript format for property names that are supported in ECMAScript RegExp property escapes.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/unicode-property-aliases-ecmascript:2.1.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/unicode-match-property-ecmascript:2.0.0

Identifiers

unique-filename:3.0.0

Description:

Generate a unique filename for use in temporary directories or caches.

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/unique-filename:3.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/cacache:17.1.3

Identifiers

unique-slug:4.0.0

Description:

Generate a unique character string suitible for use in files and URLs.

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/unique-slug:4.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/unique-filename:3.0.0

Identifiers

unique-string:2.0.0

Description:

Generate a unique random string

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/unique-string:2.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/configstore:5.0.1
  • simplicite-js:5.1.65/configstore:6.0.0

Identifiers

unique-string:3.0.0

Description:

Generate a unique random string

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/unique-string:3.0.0

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

unirest-java-3.11.09.jar

Description:

Simplified, lightweight HTTP client library.

File Path: /var/simplicite/.m2/repository/com/konghq/unirest-java/3.11.09/unirest-java-3.11.09.jar
MD5: 30a43e45bab5b109c22be4ebcf628009
SHA1: aaed8a95e406b2fe8236d01d305e58c69c027ccb
SHA256:cf717add2a65149d1d625d92b3d755575f09151a7750cf621b137870119e1d89
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

unit-api-1.0.jar

Description:

Units of Measurement Standard - This JSR specifies Java packages for modeling and working with measurement values, quantities and their corresponding units.

License:

BSD: LICENSE.txt
File Path: /var/simplicite/.m2/repository/javax/measure/unit-api/1.0/unit-api-1.0.jar
MD5: 0e62b80ee212b7bb9d3cd150ff988a93
SHA1: 6b960260278588d7ff02fe376e5aad39a9c7440b
SHA256:35da65fdbd3f9c1fe79cfc8399db975fd97660d8a219febfda9fd1a5fc058f10
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

universalify:0.1.2

Description:

Make a callback- or promise-based function support both promises and callbacks.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/universalify:0.1.2

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65/fs-extra:8.1.0
  • simplicite-js:5.1.65

Identifiers

untildify:4.0.0

Description:

Convert a tilde path to an absolute path: `~/dev` → `/Users/sindresorhus/dev`

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/untildify:4.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/npm-check-updates:16.14.6

Identifiers

update-browserslist-db:1.0.13

Description:

CLI tool to update caniuse-lite to refresh target browsers from Browserslist config

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/update-browserslist-db:1.0.13

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/browserslist:4.22.1

Identifiers

update-notifier:4.1.3

Description:

Update notifications for your CLI app

License:

BSD-2-Clause
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/update-notifier:4.1.3

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/npm-check:6.0.1
  • simplicite-js:5.1.65/npm-audit-html:1.5.0
  • simplicite-js:5.1.65/npm-check-updates:16.14.6

Identifiers

update-notifier:5.1.0

Description:

Update notifications for your CLI app

License:

BSD-2-Clause
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/update-notifier:5.1.0

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

update-notifier:6.0.2

Description:

Update notifications for your CLI app

License:

BSD-2-Clause
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/update-notifier:6.0.2

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

upper-case-first:2.0.2

Description:

Transforms the string with the first character in upper cased

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/upper-case-first:2.0.2

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/sentence-case:3.0.4

Identifiers

uri-js:4.4.1

Description:

An RFC 3986/3987 compliant, scheme extendable URI/IRI parsing/validating/resolving library for JavaScript.

License:

BSD-2-Clause
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/uri-js:4.4.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/ajv:8.12.0
  • simplicite-js:5.1.65/ajv:6.12.6

Identifiers

url-parse-lax:3.0.0

Description:

Lax url.parse() with support for protocol-less URLs & IPs

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/url-parse-lax:3.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/got:9.6.0

Identifiers

util-deprecate:1.0.2

Description:

The Node.js `util.deprecate()` function with browser support

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/util-deprecate:1.0.2

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/postcss-selector-parser:6.0.13
  • simplicite-js:5.1.65/readable-stream:2.3.8
  • simplicite-js:5.1.65/readable-stream:3.6.2

Identifiers

v8-compile-cache:2.3.0

Description:

Require hook for automatic V8 compile cache persistence

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/v8-compile-cache:2.3.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/stylelint:14.16.1

Identifiers

v8flags:3.2.0

Description:

Get available v8 and Node.js flags.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/v8flags:3.2.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/@babel/node:7.22.19

Identifiers

validate-npm-package-license:3.0.4

Description:

Give me a string and I'll tell you if it's a valid npm package license string

License:

Apache-2.0
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/validate-npm-package-license:3.0.4

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65/normalize-package-data:2.5.0
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/normalize-package-data:3.0.3
  • simplicite-js:5.1.65/normalize-package-data:5.0.0

Identifiers

validate-npm-package-name:5.0.0

Description:

Give me a string and I'll tell you if it's a valid npm package name

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/validate-npm-package-name:5.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/npm-package-arg:10.1.0

Identifiers

visit-values:2.0.0

Description:

visit all the children of a javascript object

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/visit-values:2.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/license-report:6.5.0

Identifiers

vorbis-java-core-0.8.jar

File Path: /var/simplicite/.m2/repository/org/gagravarr/vorbis-java-core/0.8/vorbis-java-core-0.8.jar
MD5: 71b623b57f56daf112bddb3337ee896d
SHA1: 7e9937c2575cda2e3fc116415117c74f23e43fa6
SHA256:879bb0c8923fea686609e207fd9050ab246e001868341c725929405e755cf68e
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

vorbis-java-tika-0.8.jar

File Path: /var/simplicite/.m2/repository/org/gagravarr/vorbis-java-tika/0.8/vorbis-java-tika-0.8.jar
MD5: 85c7b34d5f94e66bf0c79f5d673db750
SHA1: 4ddbb27ac5884a0f0398a63d46a89d3bc87dc457
SHA256:a1b62281a99aec10dc69db1d2f8250952dca5841eedf1167b6b6f9585e2d0d26
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

vue:2.6.12

Description:

Reactive, component-oriented view layer for modern web interfaces.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/vue:2.6.12

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

wcwidth:1.0.1

Description:

Port of C's wcwidth() and wcswidth()

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/wcwidth:1.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/ora:5.4.1

Identifiers

webidl-conversions:3.0.1

Description:

Implements the WebIDL algorithms for converting to and from JavaScript values

License:

BSD-2-Clause
File Path: /var/simplicite/simplicite-5.1/package-lock.json?whatwg-url:5.0.0/webidl-conversions:^3.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/whatwg-url:5.0.0

Identifiers

whatwg-url:5.0.0

Description:

An implementation of the WHATWG URL Standard's URL API and parsing machinery

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/whatwg-url:5.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/node-fetch:2.7.0

Identifiers

which-boxed-primitive:1.0.2

Description:

Which kind of boxed JS primitive is this?

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/which-boxed-primitive:1.0.2

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/unbox-primitive:1.0.2

Identifiers

which-pm:2.0.0

Description:

Detects what package manager was used for installation

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/which-pm:2.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/preferred-pm:3.0.3

Identifiers

which-typed-array:1.1.9

Description:

Which kind of Typed Array is this JavaScript value? Works cross-realm, without `instanceof`, and despite Symbol.toStringTag.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/which-typed-array:1.1.9

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/es-abstract:1.21.2

Identifiers

which:1.3.1

Description:

Like which(1) unix command. Find the first instance of an executable in the PATH.

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/which:1.3.1

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

which:2.0.2

Description:

Like which(1) unix command. Find the first instance of an executable in the PATH.

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/which:2.0.2

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/cross-spawn:7.0.3
  • simplicite-js:5.1.65/@npmcli/run-script:6.0.2
  • simplicite-js:5.1.65/@npmcli/git:4.1.0
  • simplicite-js:5.1.65/node-gyp:9.4.0
  • simplicite-js:5.1.65/@npmcli/promise-spawn:6.0.2
  • simplicite-js:5.1.65/global-prefix:3.0.0

Identifiers

which:3.0.1

Description:

Like which(1) unix command. Find the first instance of an executable in the PATH.

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/which:3.0.1

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

wide-align:1.1.5

Description:

A wide-character aware text alignment function for use on the console or with fixed width fonts.

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/wide-align:1.1.5

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/gauge:4.0.4

Identifiers

widest-line:3.1.0

Description:

Get the visual width of the widest line in a string - the number of columns required to display it

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/widest-line:3.1.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/boxen:7.1.0
  • simplicite-js:5.1.65/boxen:5.1.2
  • simplicite-js:5.1.65/boxen:4.2.0

Identifiers

widest-line:4.0.1

Description:

Get the visual width of the widest line in a string - the number of columns required to display it

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/widest-line:4.0.1

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

wmf2svg-0.9.8.jar

Description:

WMF to SVG Converting Tool & Library

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/net/arnx/wmf2svg/0.9.8/wmf2svg-0.9.8.jar
MD5: 34b920f0aa840b1792702d253c2c58b7
SHA1: 365614a3ee72ec475d9032f906d37b753fbe2bfa
SHA256:c7f136558140c3fbe9410199ca509895faad4fa79bdc185e72a868f1c2819b4a
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

woodstox-core-6.2.3.jar (shaded: com.sun.xml.bind.jaxb:isorelax:20090621)

Description:

Unknown version of isorelax library used in JAXB project

File Path: /var/simplicite/.m2/repository/com/fasterxml/woodstox/woodstox-core/6.2.3/woodstox-core-6.2.3.jar/META-INF/maven/com.sun.xml.bind.jaxb/isorelax/pom.xml
MD5: 6fbb4bc95fbf2072bc6e3b790553fe81
SHA1: 314ec72948d5c1fc71d553cbbd7a130caa6f9f13
SHA256:cda6451d0231a973352b592ff950e39224ba6ba1a2f35eeab66511b5c225dff1
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

CVE-2023-34411  

The xml-rs crate before 0.8.14 for Rust and Crab allows a denial of service (panic) via an invalid <! token (such as <!DOCTYPEs/%<!A nesting) in an XML document. The earliest affected version is 0.8.9.
CWE-611 Improper Restriction of XML External Entity Reference ('XXE')

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

woodstox-core-6.2.3.jar (shaded: net.java.dev.msv:xsdlib:2013.6.1)

Description:

XML Schema datatypes library

File Path: /var/simplicite/.m2/repository/com/fasterxml/woodstox/woodstox-core/6.2.3/woodstox-core-6.2.3.jar/META-INF/maven/net.java.dev.msv/xsdlib/pom.xml
MD5: aaf872ed9d1aabee25e03c2a132ffd8e
SHA1: 47f218a999411ed028f089d59ebef8f14e0fe914
SHA256:d6e83c124436049d83238fc532a26c5d8ccd7e4ab10eba6d96043c850ac82f3c
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

woodstox-core-6.2.3.jar

Description:

Woodstox is a high-performance XML processor that implements Stax (JSR-173),
SAX2 and Stax2 APIs

License:

The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/fasterxml/woodstox/woodstox-core/6.2.3/woodstox-core-6.2.3.jar
MD5: 9ee55bb0a0b5d0842b5e6d3c86a0b43e
SHA1: f70ebf235f1df4c6999b6e0d4fb7c53436fef11a
SHA256:3526e331e1dc970456479efda64199f95e9cc7991b7cd1f24cd7e5be08b50125
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

CVE-2022-40152  

Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks (DOS) if DTD support is enabled. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.
CWE-787 Out-of-bounds Write

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

wordwrap:1.0.0

Description:

Wrap those words. Show them at what columns to start and stop.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/wordwrap:1.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/handlebars:4.7.7

Identifiers

CVE-2023-26115  

All versions of the package word-wrap are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of an insecure regular expression within the result variable.
CWE-1333

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

wrap-ansi:7.0.0

Description:

Wordwrap a string with ANSI escape codes

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/wrap-ansi:7.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/boxen:7.1.0
  • simplicite-js:5.1.65/cliui:7.0.4
  • simplicite-js:5.1.65/@isaacs/cliui:8.0.2
  • simplicite-js:5.1.65/boxen:5.1.2

Identifiers

wrap-ansi:8.1.0

Description:

Wordwrap a string with ANSI escape codes

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/wrap-ansi:8.1.0

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

wrappy:1.0.2

Description:

Callback wrapping utility

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/wrappy:1.0.2

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65/once:1.4.0
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/inflight:1.0.6

Identifiers

write-file-atomic:3.0.3

Description:

Write files in an atomic fashion w/configurable ownership

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/write-file-atomic:3.0.3

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

write-file-atomic:4.0.2

Description:

Write files in an atomic fashion w/configurable ownership

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/write-file-atomic:4.0.2

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/stylelint:14.16.1
  • simplicite-js:5.1.65/configstore:5.0.1
  • simplicite-js:5.1.65/configstore:6.0.0

Identifiers

xalan-2.7.2.jar

Description:

    Xalan-Java is an XSLT processor for transforming XML documents into HTML,
    text, or other XML document types. It implements XSL Transformations (XSLT)
    Version 1.0 and XML Path Language (XPath) Version 1.0 and can be used from
    the command line, in an applet or a servlet, or as a module in other program.

File Path: /var/simplicite/.m2/repository/xalan/xalan/2.7.2/xalan-2.7.2.jar
MD5: 6aa6607802502c8016b676f25f8e4873
SHA1: d55d3f02a56ec4c25695fe67e1334ff8c2ecea23
SHA256:a44bd80e82cb0f4cfac0dac8575746223802514e3cec9dc75235bc0de646af14
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

CVE-2022-34169  

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.
CWE-681 Incorrect Conversion between Numeric Types

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

Vulnerable Software & Versions: (show all)

xalan-interpretive-11.0.0.jar

Description:

xalan-interpretive

License:

Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/docx4j/org/apache/xalan-interpretive/11.0.0/xalan-interpretive-11.0.0.jar
MD5: fc5a8e36ca1cbe5eb05dbf328e058403
SHA1: 7494b62aced4c3d0ffa259e59c435dc9bd7f07b3
SHA256:badfeb922041262d667363e05bd1cea3947f2ad63dc0f586582ef20ab5a52456
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

xalan-serializer-11.0.0.jar

Description:

xalan-serializer

License:

Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/docx4j/org/apache/xalan-serializer/11.0.0/xalan-serializer-11.0.0.jar
MD5: f21112d50f8c5e067bcb388697cb6af1
SHA1: 7a6b5802bdba3d3b12e935b8a0ae2e020d839cfd
SHA256:ee20541b9180bbd4dc4d55b825e397aefc1545d11d819e4d488012fa76a4b6dc
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

xdg-basedir:4.0.0

Description:

Get XDG Base Directory paths

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/xdg-basedir:4.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/update-notifier:5.1.0
  • simplicite-js:5.1.65/update-notifier:6.0.2
  • simplicite-js:5.1.65/update-notifier:4.1.3
  • simplicite-js:5.1.65/configstore:5.0.1
  • simplicite-js:5.1.65/configstore:6.0.0

Identifiers

xdg-basedir:5.1.0

Description:

Get XDG Base Directory paths

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/xdg-basedir:5.1.0

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

xercesImpl-2.12.2.jar

Description:

      Xerces2 provides high performance, fully compliant XML parsers in the Apache Xerces family. This new version of Xerces continues to build upon the Xerces Native Interface (XNI), a complete framework for building parser components and configurations that is extremely modular and easy to program.

      The Apache Xerces2 parser is the reference implementation of XNI but other parser components, configurations, and parsers can be written using the Xerces Native Interface. For complete design and implementation documents, refer to the XNI Manual.

      Xerces2 provides fully conforming XML Schema 1.0 and 1.1 processors. An experimental implementation of the "XML Schema Definition Language (XSD): Component Designators (SCD) Candidate Recommendation (January 2010)" is also provided for evaluation. For more information, refer to the XML Schema page.

      Xerces2 also provides a complete implementation of the Document Object Model Level 3 Core and Load/Save W3C Recommendations and provides a complete implementation of the XML Inclusions (XInclude) W3C Recommendation. It also provides support for OASIS XML Catalogs v1.1.

      Xerces2 is able to parse documents written according to the XML 1.1 Recommendation, except that it does not yet provide an option to enable normalization checking as described in section 2.13 of this specification. It also handles namespaces according to the XML Namespaces 1.1 Recommendation, and will correctly serialize XML 1.1 documents if the DOM level 3 load/save APIs are in use.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/xerces/xercesImpl/2.12.2/xercesImpl-2.12.2.jar
MD5: 40e4f2d5aacfbf51a9a1572d77a0e5e9
SHA1: f051f988aa2c9b4d25d05f95742ab0cc3ed789e2
SHA256:6fc991829af1708d15aea50c66f0beadcd2cfeb6968e0b2f55c1b0909883fe16
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

  • pkg:maven/xerces/xercesImpl@2.12.2  (Confidence:High)
  • cpe:2.3:a:apache:xerces-j:2.12.2:*:*:*:*:*:*:*  (Confidence:Low)  
  • cpe:2.3:a:apache:xerces2_java:2.12.2:*:*:*:*:*:*:*  (Confidence:Low)  

CVE-2017-10355 (OSSINDEX)  

sonatype-2017-0348 - xerces:xercesImpl - Denial of Service (DoS)

The software contains multiple threads or executable segments that are waiting for each other to release a necessary lock, resulting in deadlock.
CWE-833 Deadlock

CVSSv3:
  • Base Score: MEDIUM (5.9)
  • Vector: CVSS:/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:xerces:xercesImpl:2.12.2:*:*:*:*:*:*:*

xhtmlrenderer-3.0.0.jar

Description:

		Modified flyingsaucer XML/XHTML and CSS 2.1 renderer, to support docx (and eventually pptx) output

License:

Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/docx4j/xhtmlrenderer/3.0.0/xhtmlrenderer-3.0.0.jar
MD5: d1f1faf911c376261b7698282bbf0c08
SHA1: 14c766017bd26c1b1f96f170833845bc1bab6aeb
SHA256:7189d588e7888c92da996eded1b5a17ac435eb6193b47e2207805fc458e318c9
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

xmlbeans-3.1.0.jar

Description:

XmlBeans main jar

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/xmlbeans/xmlbeans/3.1.0/xmlbeans-3.1.0.jar
MD5: 408902d943e5bd51a4813dae131681a3
SHA1: 6dac1f897dfb3e3f17fc79b18a3353b2e51c464e
SHA256:a19ea1ec835a101165f7aa3c55427e81b5f2b187bfe7689a19277c51402620b0
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

xmlcreate:2.0.4

Description:

Simple XML builder for Node.js

License:

Apache-2.0
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/xmlcreate:2.0.4

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/js2xmlparser:4.0.2

Identifiers

xmlgraphics-commons-2.3.jar

Description:

    Apache XML Graphics Commons is a library that consists of several reusable 
    components used by Apache Batik and Apache FOP. Many of these components 
    can easily be used separately outside the domains of SVG and XSL-FO.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/xmlgraphics/xmlgraphics-commons/2.3/xmlgraphics-commons-2.3.jar
MD5: 3edc187a769f9ff50e53f095bccb20cd
SHA1: f0b77d80c4d8f02538512b4d505af0cf5286eb7f
SHA256:1fb91bac2795f7a768a7665f40cde996023a489ecc43e5ee67ad40fbaa79e194
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

CVE-2020-11988  

Apache XmlGraphics Commons 2.4 and earlier is vulnerable to server-side request forgery, caused by improper input validation by the XMPParser. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. Users should upgrade to 2.6 or later.
CWE-20 Improper Input Validation, CWE-918 Server-Side Request Forgery (SSRF)

CVSSv2:
  • Base Score: MEDIUM (6.4)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:N
CVSSv3:
  • Base Score: HIGH (8.2)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

References:

Vulnerable Software & Versions:

xmlsec-2.2.0.jar

Description:

        Apache XML Security for Java supports XML-Signature Syntax and Processing,
        W3C Recommendation 12 February 2002, and XML Encryption Syntax and
        Processing, W3C Recommendation 10 December 2002. As of version 1.4,
        the library supports the standard Java API JSR-105: XML Digital Signature APIs.

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/santuario/xmlsec/2.2.0/xmlsec-2.2.0.jar
MD5: d54ca1f6e68c677285cf0a4772e9eb3d
SHA1: 5ab3e8f659cae9477e64d603d802e1310baace1e
SHA256:d05e88877c43ac5da9f269ca7e5bdaa2483578950b33220cdd0085275ffc9017
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

  • pkg:maven/org.apache.santuario/xmlsec@2.2.0  (Confidence:High)
  • cpe:2.3:a:apache:santuario_xml_security_for_java:2.2.0:*:*:*:*:*:*:*  (Confidence:Low)  
  • cpe:2.3:a:apache:xml_security_for_java:2.2.0:*:*:*:*:*:*:*  (Confidence:Low)  

CVE-2021-40690  

All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any local .xml files in a RetrievalMethod element.
CWE-200 Information Exposure

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2023-44483  

All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled. Users are recommended to upgrade to version 2.2.6, 2.3.4, or 3.0.3, which fixes this issue.
CWE-532 Information Exposure Through Log Files

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

xmpbox-2.0.22.jar

Description:

    The Apache XmpBox library is an open source Java tool that implements Adobe's XMP(TM)
    specification. It can be used to parse, validate and create xmp contents.
    It is mainly used by subproject preflight of Apache PDFBox. 
    XmpBox is a subproject of Apache PDFBox.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/pdfbox/xmpbox/2.0.22/xmpbox-2.0.22.jar
MD5: e58336a0a1a0f373b3f4ec255aa3fed5
SHA1: efad0ec9f3c3d31d74e82be8358696b0af4f976f
SHA256:d660de755fe9e24aa3f077734ffb9aefc01ae39e77b1ae8e36bf15b873f14ad8
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

CVE-2021-27807  

A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.
CWE-834 Excessive Iteration

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2021-27906  

A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.
NVD-CWE-Other

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2021-31811  

In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2021-31812  

In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

xmpcore-5.1.3.jar

Description:

    The XMP Library for Java is based on the C++ XMPCore library
    and the API is similar.

License:

The BSD License: http://www.adobe.com/devnet/xmp/library/eula-xmp-library-java.html
File Path: /var/simplicite/.m2/repository/com/adobe/xmp/xmpcore/5.1.3/xmpcore-5.1.3.jar
MD5: 08d154cf297e87471637df85172f93e6
SHA1: 57e70c3b10ff269fff9adfa7a31d61af0df30757
SHA256:821be907f1e514ebb50f0ca04b2c098370a3cb5e5f9ddcc2ecf81e73eb265daa
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

xsom-2.3.2.jar

Description:

XML Schema Object Model (XSOM) is a Java library that allows applications to easily parse XML Schema
        documents and inspect information in them. It is expected to be useful for applications that need to take XML
        Schema as an input.

File Path: /var/simplicite/.m2/repository/org/glassfish/jaxb/xsom/2.3.2/xsom-2.3.2.jar
MD5: 69490072151ce34b84c8d0990a931c6d
SHA1: 0157dc2bf479c524d63a214e8fe9888f45a667db
SHA256:598196320e56138f78895c9bbc3055983d25b76814f072dfcb836f8cc4437c73
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

xtend:4.0.2

Description:

extend like a boss

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/xtend:4.0.2

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/npm-check:6.0.1

Identifiers

xz-1.8.jar

Description:

XZ data compression

License:

Public Domain
File Path: /var/simplicite/.m2/repository/org/tukaani/xz/1.8/xz-1.8.jar
MD5: 5f982127e0de85b785c4b2abad21aa2e
SHA1: c4f7d054303948eb6a4066194253886c8af07128
SHA256:8c7964b36fe3f0cbe644b04fcbff84e491ce81917db2f5bfa0cba8e9548aff5d
Referenced In Project/Scope:Simplicite Platform:compile

Identifiers

y18n:5.0.8

Description:

the bare-bones internationalization library used by yargs

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?yargs:16.2.0/y18n:^5.0.5

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/yargs:16.2.0

Identifiers

yallist:2.1.2

Description:

Yet Another Linked List

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/yallist:2.1.2

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

yallist:3.1.1

Description:

Yet Another Linked List

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/yallist:3.1.1

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65/lru-cache:6.0.0
  • simplicite-js:5.1.65/lru-cache:4.1.5
  • simplicite-js:5.1.65/minipass:3.3.6
  • simplicite-js:5.1.65/tar:6.1.15
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/lru-cache:5.1.1
  • simplicite-js:5.1.65/minizlib:2.1.2

Identifiers

yallist:4.0.0

Description:

Yet Another Linked List

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/yallist:4.0.0

Referenced In Project/Scope:simplicite-js:5.1.65

Identifiers

yaml:1.10.2

Description:

JavaScript parser and stringifier for YAML

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/yaml:1.10.2

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/cosmiconfig:7.1.0

Identifiers

yargs-parser:20.2.9

Description:

the mighty option parser used by yargs

License:

ISC
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/yargs-parser:20.2.9

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/meow:9.0.0
  • simplicite-js:5.1.65/yargs:16.2.0

Identifiers

yargs:16.2.0

Description:

yargs the modern, pirate-themed, successor to optimist.

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/yargs:16.2.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/depcheck:1.4.3

Identifiers

yocto-queue:0.1.0

Description:

Tiny queue data structure

License:

MIT
File Path: /var/simplicite/simplicite-5.1/package-lock.json?/yocto-queue:0.1.0

Referenced In Projects/Scopes:
  • simplicite-js:5.1.65
  • simplicite-js:5.1.65/p-limit:3.1.0

Identifiers



This report contains data retrieved from the National Vulnerability Database.
This report may contain data retrieved from the NPM Public Advisories.
This report may contain data retrieved from RetireJS.
This report may contain data retrieved from the Sonatype OSS Index.