Press CTR-C to copy XML [help]


Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

How to read the report | Suppressing false positives | Getting Help: github issues

 Sponsor

Project: Simplicite Platform

com.simplicite:simplicite:5.2.54

Scan Information (show all):

Summary

Display: Showing Vulnerable Dependencies (click to show all)

DependencyVulnerability IDsPackageHighest SeverityCVE CountConfidenceEvidence Count
@aashutoshrathi/word-wrap:1.2.6pkg:npm/%40aashutoshrathi%2Fword-wrap@1.2.6 08
@ampproject/remapping:2.2.1pkg:npm/%40ampproject%2Fremapping@2.2.1 06
@babel/cli:7.23.9cpe:2.3:a:babelcli_project:babelcli:7.23.9:*:*:*:*:*:*:*pkg:npm/%40babel%2Fcli@7.23.9 0Low8
@babel/code-frame:7.23.5pkg:npm/%40babel%2Fcode-frame@7.23.5 08
@babel/compat-data:7.23.5pkg:npm/%40babel%2Fcompat-data@7.23.5 06
@babel/core:7.23.9pkg:npm/%40babel%2Fcore@7.23.9 08
@babel/generator:7.23.6pkg:npm/%40babel%2Fgenerator@7.23.6 08
@babel/helper-annotate-as-pure:7.22.5pkg:npm/%40babel%2Fhelper-annotate-as-pure@7.22.5 07
@babel/helper-builder-binary-assignment-operator-visitor:7.22.15pkg:npm/%40babel%2Fhelper-builder-binary-assignment-operator-visitor@7.22.15 07
@babel/helper-compilation-targets:7.23.6pkg:npm/%40babel%2Fhelper-compilation-targets@7.23.6 06
@babel/helper-create-class-features-plugin:7.23.10pkg:npm/%40babel%2Fhelper-create-class-features-plugin@7.23.10 06
@babel/helper-create-regexp-features-plugin:7.22.15pkg:npm/%40babel%2Fhelper-create-regexp-features-plugin@7.22.15 06
@babel/helper-define-polyfill-provider:0.5.0pkg:npm/%40babel%2Fhelper-define-polyfill-provider@0.5.0 05
@babel/helper-environment-visitor:7.22.20pkg:npm/%40babel%2Fhelper-environment-visitor@7.22.20 07
@babel/helper-function-name:7.23.0pkg:npm/%40babel%2Fhelper-function-name@7.23.0 07
@babel/helper-hoist-variables:7.22.5pkg:npm/%40babel%2Fhelper-hoist-variables@7.22.5 07
@babel/helper-member-expression-to-functions:7.23.0pkg:npm/%40babel%2Fhelper-member-expression-to-functions@7.23.0 07
@babel/helper-module-imports:7.22.15pkg:npm/%40babel%2Fhelper-module-imports@7.22.15 07
@babel/helper-module-transforms:7.23.3pkg:npm/%40babel%2Fhelper-module-transforms@7.23.3 07
@babel/helper-optimise-call-expression:7.22.5pkg:npm/%40babel%2Fhelper-optimise-call-expression@7.22.5 07
@babel/helper-plugin-utils:7.22.5pkg:npm/%40babel%2Fhelper-plugin-utils@7.22.5 07
@babel/helper-remap-async-to-generator:7.22.20pkg:npm/%40babel%2Fhelper-remap-async-to-generator@7.22.20 07
@babel/helper-replace-supers:7.22.20pkg:npm/%40babel%2Fhelper-replace-supers@7.22.20 07
@babel/helper-simple-access:7.22.5pkg:npm/%40babel%2Fhelper-simple-access@7.22.5 07
@babel/helper-skip-transparent-expression-wrappers:7.22.5pkg:npm/%40babel%2Fhelper-skip-transparent-expression-wrappers@7.22.5 06
@babel/helper-split-export-declaration:7.22.6pkg:npm/%40babel%2Fhelper-split-export-declaration@7.22.6 07
@babel/helper-string-parser:7.23.4pkg:npm/%40babel%2Fhelper-string-parser@7.23.4 07
@babel/helper-validator-identifier:7.22.20pkg:npm/%40babel%2Fhelper-validator-identifier@7.22.20 06
@babel/helper-validator-option:7.23.5pkg:npm/%40babel%2Fhelper-validator-option@7.23.5 06
@babel/helper-wrap-function:7.22.20pkg:npm/%40babel%2Fhelper-wrap-function@7.22.20 07
@babel/helpers:7.23.9pkg:npm/%40babel%2Fhelpers@7.23.9 07
@babel/highlight:7.23.4pkg:npm/%40babel%2Fhighlight@7.23.4 07
@babel/node:7.23.9pkg:npm/%40babel%2Fnode@7.23.9 07
@babel/parser:7.16.4pkg:npm/%40babel%2Fparser@7.16.4 08
@babel/parser:7.23.9pkg:npm/%40babel%2Fparser@7.23.9 08
@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression:7.23.3pkg:npm/%40babel%2Fplugin-bugfix-safari-id-destructuring-collision-in-function-expression@7.23.3 07
@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining:7.23.3pkg:npm/%40babel%2Fplugin-bugfix-v8-spread-parameters-in-optional-chaining@7.23.3 07
@babel/plugin-bugfix-v8-static-class-fields-redefine-readonly:7.23.7pkg:npm/%40babel%2Fplugin-bugfix-v8-static-class-fields-redefine-readonly@7.23.7 07
@babel/plugin-proposal-private-property-in-object:7.21.0-placeholder-for-preset-env.2pkg:npm/%40babel%2Fplugin-proposal-private-property-in-object@7.21.0-placeholder-for-preset-env.2 07
@babel/plugin-syntax-async-generators:7.8.4pkg:npm/%40babel%2Fplugin-syntax-async-generators@7.8.4 05
@babel/plugin-syntax-class-properties:7.12.13pkg:npm/%40babel%2Fplugin-syntax-class-properties@7.12.13 06
@babel/plugin-syntax-class-static-block:7.14.5pkg:npm/%40babel%2Fplugin-syntax-class-static-block@7.14.5 07
@babel/plugin-syntax-dynamic-import:7.8.3pkg:npm/%40babel%2Fplugin-syntax-dynamic-import@7.8.3 05
@babel/plugin-syntax-export-namespace-from:7.8.3pkg:npm/%40babel%2Fplugin-syntax-export-namespace-from@7.8.3 05
@babel/plugin-syntax-import-assertions:7.23.3pkg:npm/%40babel%2Fplugin-syntax-import-assertions@7.23.3 06
@babel/plugin-syntax-import-attributes:7.23.3pkg:npm/%40babel%2Fplugin-syntax-import-attributes@7.23.3 06
@babel/plugin-syntax-import-meta:7.10.4pkg:npm/%40babel%2Fplugin-syntax-import-meta@7.10.4 05
@babel/plugin-syntax-json-strings:7.8.3pkg:npm/%40babel%2Fplugin-syntax-json-strings@7.8.3 05
@babel/plugin-syntax-logical-assignment-operators:7.10.4pkg:npm/%40babel%2Fplugin-syntax-logical-assignment-operators@7.10.4 05
@babel/plugin-syntax-nullish-coalescing-operator:7.8.3pkg:npm/%40babel%2Fplugin-syntax-nullish-coalescing-operator@7.8.3 05
@babel/plugin-syntax-numeric-separator:7.10.4pkg:npm/%40babel%2Fplugin-syntax-numeric-separator@7.10.4 05
@babel/plugin-syntax-object-rest-spread:7.8.3pkg:npm/%40babel%2Fplugin-syntax-object-rest-spread@7.8.3 05
@babel/plugin-syntax-optional-catch-binding:7.8.3pkg:npm/%40babel%2Fplugin-syntax-optional-catch-binding@7.8.3 05
@babel/plugin-syntax-optional-chaining:7.8.3pkg:npm/%40babel%2Fplugin-syntax-optional-chaining@7.8.3 05
@babel/plugin-syntax-private-property-in-object:7.14.5pkg:npm/%40babel%2Fplugin-syntax-private-property-in-object@7.14.5 07
@babel/plugin-syntax-top-level-await:7.14.5pkg:npm/%40babel%2Fplugin-syntax-top-level-await@7.14.5 07
@babel/plugin-syntax-unicode-sets-regex:7.18.6pkg:npm/%40babel%2Fplugin-syntax-unicode-sets-regex@7.18.6 08
@babel/plugin-transform-arrow-functions:7.23.3pkg:npm/%40babel%2Fplugin-transform-arrow-functions@7.23.3 07
@babel/plugin-transform-async-generator-functions:7.23.9pkg:npm/%40babel%2Fplugin-transform-async-generator-functions@7.23.9 07
@babel/plugin-transform-async-to-generator:7.23.3pkg:npm/%40babel%2Fplugin-transform-async-to-generator@7.23.3 07
@babel/plugin-transform-block-scoped-functions:7.23.3pkg:npm/%40babel%2Fplugin-transform-block-scoped-functions@7.23.3 07
@babel/plugin-transform-block-scoping:7.23.4pkg:npm/%40babel%2Fplugin-transform-block-scoping@7.23.4 07
@babel/plugin-transform-class-properties:7.23.3pkg:npm/%40babel%2Fplugin-transform-class-properties@7.23.3 07
@babel/plugin-transform-class-static-block:7.23.4pkg:npm/%40babel%2Fplugin-transform-class-static-block@7.23.4 07
@babel/plugin-transform-classes:7.23.8pkg:npm/%40babel%2Fplugin-transform-classes@7.23.8 07
@babel/plugin-transform-computed-properties:7.23.3pkg:npm/%40babel%2Fplugin-transform-computed-properties@7.23.3 07
@babel/plugin-transform-destructuring:7.23.3pkg:npm/%40babel%2Fplugin-transform-destructuring@7.23.3 07
@babel/plugin-transform-dotall-regex:7.23.3pkg:npm/%40babel%2Fplugin-transform-dotall-regex@7.23.3 08
@babel/plugin-transform-duplicate-keys:7.23.3pkg:npm/%40babel%2Fplugin-transform-duplicate-keys@7.23.3 07
@babel/plugin-transform-dynamic-import:7.23.4pkg:npm/%40babel%2Fplugin-transform-dynamic-import@7.23.4 06
@babel/plugin-transform-exponentiation-operator:7.23.3pkg:npm/%40babel%2Fplugin-transform-exponentiation-operator@7.23.3 07
@babel/plugin-transform-export-namespace-from:7.23.4pkg:npm/%40babel%2Fplugin-transform-export-namespace-from@7.23.4 07
@babel/plugin-transform-for-of:7.23.6pkg:npm/%40babel%2Fplugin-transform-for-of@7.23.6 07
@babel/plugin-transform-function-name:7.23.3pkg:npm/%40babel%2Fplugin-transform-function-name@7.23.3 07
@babel/plugin-transform-json-strings:7.23.4pkg:npm/%40babel%2Fplugin-transform-json-strings@7.23.4 07
@babel/plugin-transform-literals:7.23.3pkg:npm/%40babel%2Fplugin-transform-literals@7.23.3 07
@babel/plugin-transform-logical-assignment-operators:7.23.4pkg:npm/%40babel%2Fplugin-transform-logical-assignment-operators@7.23.4 07
@babel/plugin-transform-member-expression-literals:7.23.3pkg:npm/%40babel%2Fplugin-transform-member-expression-literals@7.23.3 07
@babel/plugin-transform-modules-amd:7.23.3pkg:npm/%40babel%2Fplugin-transform-modules-amd@7.23.3 07
@babel/plugin-transform-modules-commonjs:7.23.3pkg:npm/%40babel%2Fplugin-transform-modules-commonjs@7.23.3 07
@babel/plugin-transform-modules-systemjs:7.23.9pkg:npm/%40babel%2Fplugin-transform-modules-systemjs@7.23.9 07
@babel/plugin-transform-modules-umd:7.23.3pkg:npm/%40babel%2Fplugin-transform-modules-umd@7.23.3 07
@babel/plugin-transform-named-capturing-groups-regex:7.22.5pkg:npm/%40babel%2Fplugin-transform-named-capturing-groups-regex@7.22.5 08
@babel/plugin-transform-new-target:7.23.3pkg:npm/%40babel%2Fplugin-transform-new-target@7.23.3 07
@babel/plugin-transform-nullish-coalescing-operator:7.23.4pkg:npm/%40babel%2Fplugin-transform-nullish-coalescing-operator@7.23.4 07
@babel/plugin-transform-numeric-separator:7.23.4pkg:npm/%40babel%2Fplugin-transform-numeric-separator@7.23.4 07
@babel/plugin-transform-object-rest-spread:7.23.4pkg:npm/%40babel%2Fplugin-transform-object-rest-spread@7.23.4 07
@babel/plugin-transform-object-super:7.23.3pkg:npm/%40babel%2Fplugin-transform-object-super@7.23.3 07
@babel/plugin-transform-optional-catch-binding:7.23.4pkg:npm/%40babel%2Fplugin-transform-optional-catch-binding@7.23.4 07
@babel/plugin-transform-optional-chaining:7.23.4pkg:npm/%40babel%2Fplugin-transform-optional-chaining@7.23.4 07
@babel/plugin-transform-parameters:7.23.3pkg:npm/%40babel%2Fplugin-transform-parameters@7.23.3 07
@babel/plugin-transform-private-methods:7.23.3pkg:npm/%40babel%2Fplugin-transform-private-methods@7.23.3 07
@babel/plugin-transform-private-property-in-object:7.23.4pkg:npm/%40babel%2Fplugin-transform-private-property-in-object@7.23.4 07
@babel/plugin-transform-property-literals:7.23.3pkg:npm/%40babel%2Fplugin-transform-property-literals@7.23.3 07
@babel/plugin-transform-regenerator:7.23.3pkg:npm/%40babel%2Fplugin-transform-regenerator@7.23.3 07
@babel/plugin-transform-reserved-words:7.23.3pkg:npm/%40babel%2Fplugin-transform-reserved-words@7.23.3 07
@babel/plugin-transform-shorthand-properties:7.23.3pkg:npm/%40babel%2Fplugin-transform-shorthand-properties@7.23.3 07
@babel/plugin-transform-spread:7.23.3pkg:npm/%40babel%2Fplugin-transform-spread@7.23.3 07
@babel/plugin-transform-sticky-regex:7.23.3pkg:npm/%40babel%2Fplugin-transform-sticky-regex@7.23.3 07
@babel/plugin-transform-template-literals:7.23.3pkg:npm/%40babel%2Fplugin-transform-template-literals@7.23.3 07
@babel/plugin-transform-typeof-symbol:7.23.3pkg:npm/%40babel%2Fplugin-transform-typeof-symbol@7.23.3 07
@babel/plugin-transform-unicode-escapes:7.23.3pkg:npm/%40babel%2Fplugin-transform-unicode-escapes@7.23.3 07
@babel/plugin-transform-unicode-property-regex:7.23.3pkg:npm/%40babel%2Fplugin-transform-unicode-property-regex@7.23.3 08
@babel/plugin-transform-unicode-regex:7.23.3pkg:npm/%40babel%2Fplugin-transform-unicode-regex@7.23.3 07
@babel/plugin-transform-unicode-sets-regex:7.23.3pkg:npm/%40babel%2Fplugin-transform-unicode-sets-regex@7.23.3 08
@babel/preset-env:7.23.9pkg:npm/%40babel%2Fpreset-env@7.23.9 08
@babel/preset-modules:0.1.6-no-external-pluginspkg:npm/%40babel%2Fpreset-modules@0.1.6-no-external-plugins 05
@babel/register:7.23.7pkg:npm/%40babel%2Fregister@7.23.7 08
@babel/regjsgen:0.8.0pkg:npm/%40babel%2Fregjsgen@0.8.0 09
@babel/runtime:7.23.9pkg:npm/%40babel%2Fruntime@7.23.9 07
@babel/template:7.23.9pkg:npm/%40babel%2Ftemplate@7.23.9 08
@babel/traverse:7.23.9pkg:npm/%40babel%2Ftraverse@7.23.9 08
@babel/types:7.23.9pkg:npm/%40babel%2Ftypes@7.23.9 08
@colors/colors:1.5.0pkg:npm/%40colors%2Fcolors@1.5.0 08
@csstools/selector-specificity:2.2.0pkg:npm/%40csstools%2Fselector-specificity@2.2.0 07
@devexpress/error-stack-parser:2.0.6pkg:npm/%40devexpress%2Ferror-stack-parser@2.0.6 07
@es-joy/jsdoccomment:0.41.0pkg:npm/%40es-joy%2Fjsdoccomment@0.41.0 08
@eslint-community/eslint-utils:4.4.0pkg:npm/%40eslint-community%2Feslint-utils@4.4.0 08
@eslint-community/regexpp:4.6.2pkg:npm/%40eslint-community%2Fregexpp@4.6.2 08
@eslint/eslintrc:2.1.4pkg:npm/%40eslint%2Feslintrc@2.1.4 08
@eslint/js:8.56.0pkg:npm/%40eslint%2Fjs@8.56.0 07
@fullcalendar/bootstrap:5.11.0pkg:npm/%40fullcalendar%2Fbootstrap@5.11.0 010
@fullcalendar/common:5.11.5pkg:npm/%40fullcalendar%2Fcommon@5.11.5 010
@fullcalendar/core:5.11.0pkg:npm/%40fullcalendar%2Fcore@5.11.0 010
@fullcalendar/daygrid:5.11.0pkg:npm/%40fullcalendar%2Fdaygrid@5.11.0 010
@fullcalendar/google-calendar:5.11.0pkg:npm/%40fullcalendar%2Fgoogle-calendar@5.11.0 010
@fullcalendar/interaction:5.11.0pkg:npm/%40fullcalendar%2Finteraction@5.11.0 010
@fullcalendar/list:5.11.0pkg:npm/%40fullcalendar%2Flist@5.11.0 010
@fullcalendar/luxon:5.11.0pkg:npm/%40fullcalendar%2Fluxon@5.11.0 010
@fullcalendar/moment-timezone:5.11.0pkg:npm/%40fullcalendar%2Fmoment-timezone@5.11.0 010
@fullcalendar/moment:5.11.0pkg:npm/%40fullcalendar%2Fmoment@5.11.0 010
@fullcalendar/rrule:5.11.0pkg:npm/%40fullcalendar%2Frrule@5.11.0 010
@fullcalendar/timegrid:5.11.0pkg:npm/%40fullcalendar%2Ftimegrid@5.11.0 010
@humanwhocodes/config-array:0.11.13pkg:npm/%40humanwhocodes%2Fconfig-array@0.11.13 08
@humanwhocodes/module-importer:1.0.1pkg:npm/%40humanwhocodes%2Fmodule-importer@1.0.1 06
@humanwhocodes/object-schema:2.0.1pkg:npm/%40humanwhocodes%2Fobject-schema@2.0.1 08
@isaacs/cliui:8.0.2pkg:npm/%40isaacs%2Fcliui@8.0.2 06
@jridgewell/gen-mapping:0.3.3pkg:npm/%40jridgewell%2Fgen-mapping@0.3.3 06
@jridgewell/resolve-uri:3.1.0pkg:npm/%40jridgewell%2Fresolve-uri@3.1.0 06
@jridgewell/set-array:1.1.2pkg:npm/%40jridgewell%2Fset-array@1.1.2 06
@jridgewell/sourcemap-codec:1.4.14pkg:npm/%40jridgewell%2Fsourcemap-codec@1.4.14 06
@jridgewell/sourcemap-codec:1.4.15pkg:npm/%40jridgewell%2Fsourcemap-codec@1.4.15 06
@jridgewell/trace-mapping:0.3.18pkg:npm/%40jridgewell%2Ftrace-mapping@0.3.18 06
@jsdoc/salty:0.2.5pkg:npm/%40jsdoc%2Fsalty@0.2.5 08
@kessler/tableify:1.0.2pkg:npm/%40kessler%2Ftableify@1.0.2 08
@nicolo-ribaudo/chokidar-2:2.1.8-no-fsevents.3pkg:npm/%40nicolo-ribaudo%2Fchokidar-2@2.1.8-no-fsevents.3 06
@nodelib/fs.scandir:2.1.5pkg:npm/%40nodelib%2Ffs.scandir@2.1.5 05
@nodelib/fs.stat:2.0.5pkg:npm/%40nodelib%2Ffs.stat@2.0.5 05
@nodelib/fs.walk:1.2.8pkg:npm/%40nodelib%2Ffs.walk@1.2.8 05
@npmcli/fs:3.1.0pkg:npm/%40npmcli%2Ffs@3.1.0 06
@npmcli/git:4.1.0pkg:npm/%40npmcli%2Fgit@4.1.0 06
@npmcli/installed-package-contents:2.0.2pkg:npm/%40npmcli%2Finstalled-package-contents@2.0.2 06
@npmcli/node-gyp:3.0.0pkg:npm/%40npmcli%2Fnode-gyp@3.0.0 06
@npmcli/promise-spawn:6.0.2pkg:npm/%40npmcli%2Fpromise-spawn@6.0.2 06
@npmcli/run-script:6.0.2pkg:npm/%40npmcli%2Frun-script@6.0.2 06
@pkgjs/parseargs:0.11.0pkg:npm/%40pkgjs%2Fparseargs@0.11.0 08
@pnpm/config.env-replace:1.1.0pkg:npm/%40pnpm%2Fconfig.env-replace@1.1.0 05
@pnpm/network.ca-file:1.0.2pkg:npm/%40pnpm%2Fnetwork.ca-file@1.0.2 05
@pnpm/npm-conf:2.2.2pkg:npm/%40pnpm%2Fnpm-conf@2.2.2 05
@sigstore/bundle:1.0.0pkg:npm/%40sigstore%2Fbundle@1.0.0 08
@sigstore/protobuf-specs:0.2.0pkg:npm/%40sigstore%2Fprotobuf-specs@0.2.0 08
@sigstore/tuf:1.0.3pkg:npm/%40sigstore%2Ftuf@1.0.3 08
@sindresorhus/is:5.4.1pkg:npm/%40sindresorhus%2Fis@5.4.1 08
@szmarczak/http-timer:5.0.1pkg:npm/%40szmarczak%2Fhttp-timer@5.0.1 08
@tootallnate/once:2.0.0pkg:npm/%40tootallnate%2Fonce@2.0.0 07
@tufjs/canonical-json:1.0.0pkg:npm/%40tufjs%2Fcanonical-json@1.0.0 08
@tufjs/models:1.0.4pkg:npm/%40tufjs%2Fmodels@1.0.4 08
@types/http-cache-semantics:4.0.1pkg:npm/%40types%2Fhttp-cache-semantics@4.0.1 06
@types/linkify-it:3.0.2pkg:npm/%40types%2Flinkify-it@3.0.2 06
@types/lodash:4.14.195pkg:npm/%40types%2Flodash@4.14.195 06
@types/markdown-it:12.2.3pkg:npm/%40types%2Fmarkdown-it@12.2.3 06
@types/mdurl:1.0.2pkg:npm/%40types%2Fmdurl@1.0.2 05
@types/minimatch:3.0.5pkg:npm/%40types%2Fminimatch@3.0.5 06
@types/minimist:1.2.2pkg:npm/%40types%2Fminimist@1.2.2 06
@types/normalize-package-data:2.4.1pkg:npm/%40types%2Fnormalize-package-data@2.4.1 06
@types/parse-json:4.0.0pkg:npm/%40types%2Fparse-json@4.0.0 05
@ungap/structured-clone:1.2.0pkg:npm/%40ungap%2Fstructured-clone@1.2.0 08
@vue/compiler-core:3.3.4pkg:npm/%40vue%2Fcompiler-core@3.3.4 08
@vue/compiler-dom:3.3.4pkg:npm/%40vue%2Fcompiler-dom@3.3.4 08
@vue/compiler-sfc:3.3.4pkg:npm/%40vue%2Fcompiler-sfc@3.3.4 08
@vue/compiler-ssr:3.3.4pkg:npm/%40vue%2Fcompiler-ssr@3.3.4 08
@vue/reactivity-transform:3.3.4pkg:npm/%40vue%2Freactivity-transform@3.3.4 08
@vue/shared:3.3.4pkg:npm/%40vue%2Fshared@3.3.4 08
HikariCP-5.0.0.jarpkg:maven/com.zaxxer/HikariCP@5.0.0 038
JavaEWAH-1.1.13.jarpkg:maven/com.googlecode.javaewah/JavaEWAH@1.1.13 033
SparseBitSet-1.2.jarcpe:2.3:a:bit_project:bit:1.2:*:*:*:*:*:*:*pkg:maven/com.zaxxer/SparseBitSet@1.2 0Low27
abbrev:1.1.1pkg:npm/abbrev@1.1.1 06
ace-builds:1.4.12pkg:npm/ace-builds@1.4.12 08
ace-diff:3.0.3pkg:npm/ace-diff@3.0.3 08
acorn-jsx:5.3.2pkg:npm/acorn-jsx@5.3.2 09
acorn:8.11.3pkg:npm/acorn@8.11.3 014
agent-base:6.0.2pkg:npm/agent-base@6.0.2 07
agentkeepalive:4.3.0pkg:npm/agentkeepalive@4.3.0 07
aggregate-error:3.1.0pkg:npm/aggregate-error@3.1.0 08
ajv:6.12.6cpe:2.3:a:ajv.js:ajv:6.12.6:*:*:*:*:*:*:*pkg:npm/ajv@6.12.6 0Highest8
ajv:8.12.0cpe:2.3:a:ajv.js:ajv:8.12.0:*:*:*:*:*:*:*pkg:npm/ajv@8.12.0 0Highest8
ansi-align:3.0.1pkg:npm/ansi-align@3.0.1 08
ansi-escapes:4.3.2pkg:npm/ansi-escapes@4.3.2 08
ansi-regex:5.0.1cpe:2.3:a:ansi-regex_project:ansi-regex:5.0.1:*:*:*:*:*:*:*pkg:npm/ansi-regex@5.0.1 0Highest9
ansi-styles:3.2.1pkg:npm/ansi-styles@3.2.1 09
ansi-styles:4.3.0pkg:npm/ansi-styles@4.3.0 08
ant-1.10.11.jarcpe:2.3:a:apache:ant:1.10.11:*:*:*:*:*:*:*pkg:maven/org.apache.ant/ant@1.10.11 0Highest24
anymatch:3.1.3pkg:npm/anymatch@3.1.3 08
aproba:2.0.0pkg:npm/aproba@2.0.0 08
are-docs-informative:0.0.2pkg:npm/are-docs-informative@0.0.2 06
are-we-there-yet:3.0.1pkg:npm/are-we-there-yet@3.0.1 08
argparse:2.0.1pkg:npm/argparse@2.0.1 05
array-buffer-byte-length:1.0.0pkg:npm/array-buffer-byte-length@1.0.0 08
array-differ:3.0.0pkg:npm/array-differ@3.0.0 08
array-union:2.1.0pkg:npm/array-union@2.1.0 08
array.prototype.reduce:1.0.5pkg:npm/array.prototype.reduce@1.0.5 08
arrify:1.0.1pkg:npm/arrify@1.0.1 08
arrify:2.0.1pkg:npm/arrify@2.0.1 08
astral-regex:2.0.0pkg:npm/astral-regex@2.0.0 08
autolink-0.10.0.jarpkg:maven/org.nibor.autolink/autolink@0.10.0 023
available-typed-arrays:1.0.5pkg:npm/available-typed-arrays@1.0.5 08
babel-plugin-polyfill-corejs2:0.4.8pkg:npm/babel-plugin-polyfill-corejs2@0.4.8 05
babel-plugin-polyfill-corejs3:0.9.0pkg:npm/babel-plugin-polyfill-corejs3@0.9.0 05
babel-plugin-polyfill-regenerator:0.5.5pkg:npm/babel-plugin-polyfill-regenerator@0.5.5 05
balanced-match:1.0.2pkg:npm/balanced-match@1.0.2 09
balanced-match:2.0.0pkg:npm/balanced-match@2.0.0 09
base64-js:1.5.1pkg:npm/base64-js@1.5.1 08
bcmail-jdk15on-1.70.jarcpe:2.3:a:bouncycastle:bouncy_castle_for_java:1.70:*:*:*:*:*:*:*
cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle:1.70:*:*:*:*:*:*:*		pkg:maven/org.bouncycastle/bcmail-jdk15on@1.70MEDIUM1Low52
bcpg-jdk15on-1.70.jarcpe:2.3:a:bouncycastle:bouncy_castle_for_java:1.70:*:*:*:*:*:*:*
cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle:1.70:*:*:*:*:*:*:*		pkg:maven/org.bouncycastle/bcpg-jdk15on@1.70MEDIUM1Low54
bcpkix-jdk15on-1.70.jarcpe:2.3:a:bouncycastle:bouncy_castle_for_java:1.70:*:*:*:*:*:*:*
cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle:1.70:*:*:*:*:*:*:*		pkg:maven/org.bouncycastle/bcpkix-jdk15on@1.70MEDIUM1Low66
bcprov-ext-jdk15on-1.70.jarcpe:2.3:a:bouncycastle:bouncy_castle_for_java:1.70:*:*:*:*:*:*:*
cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle:1.70:*:*:*:*:*:*:*		pkg:maven/org.bouncycastle/bcprov-ext-jdk15on@1.70MEDIUM2Low58
bcprov-jdk15on-1.70.jarcpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.70:*:*:*:*:*:*:*
cpe:2.3:a:bouncycastle:bouncy_castle_crypto_package:1.70:*:*:*:*:*:*:*
cpe:2.3:a:bouncycastle:bouncy_castle_for_java:1.70:*:*:*:*:*:*:*
cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle:1.70:*:*:*:*:*:*:*
cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.70:*:*:*:*:*:*:*
cpe:2.3:a:bouncycastle:the_bouncy_castle_crypto_package_for_java:1.70:*:*:*:*:*:*:*		pkg:maven/org.bouncycastle/bcprov-jdk15on@1.70MEDIUM2Low60
bcutil-jdk15on-1.70.jarcpe:2.3:a:bouncycastle:bouncy_castle_for_java:1.70:*:*:*:*:*:*:*
cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle:1.70:*:*:*:*:*:*:*		pkg:maven/org.bouncycastle/bcutil-jdk15on@1.70MEDIUM1Low50
binary-extensions:2.2.0pkg:npm/binary-extensions@2.2.0 08
bl:4.1.0pkg:npm/bl@4.1.0 06
bluebird:3.7.2pkg:npm/bluebird@3.7.2 010
bootbox:5.5.2pkg:npm/bootbox@5.5.2MEDIUM36
bootstrap-datetimepicker:0.0.7pkg:npm/bootstrap-datetimepicker@0.0.7 04
bootstrap:4.6.0cpe:2.3:a:getbootstrap:bootstrap:4.6.0:*:*:*:*:*:*:*pkg:npm/bootstrap@4.6.0 0Highest8
boxen:4.2.0pkg:npm/boxen@4.2.0 08
brace-expansion:1.1.11cpe:2.3:a:brace_expansion_project:brace_expansion:1.1.11:*:*:*:*:*:*:*pkg:npm/brace-expansion@1.1.11 0Highest9
braces:3.0.2cpe:2.3:a:braces_project:braces:3.0.2:*:*:*:*:*:*:*pkg:npm/braces@3.0.2 0Highest8
browserslist:4.22.3cpe:2.3:a:browserslist_project:browserslist:4.22.3:*:*:*:*:*:*:*pkg:npm/browserslist@4.22.3 0Highest6
bson-3.12.12.jarcpe:2.3:a:mongodb:bson:3.12.12:*:*:*:*:*:*:*pkg:maven/org.mongodb/bson@3.12.12 0Highest26
buffer-from:1.1.2pkg:npm/buffer-from@1.1.2 04
buffer:5.7.1pkg:npm/buffer@5.7.1 010
buffer:6.0.3pkg:npm/buffer@6.0.3 010
builtin-modules:3.3.0pkg:npm/builtin-modules@3.3.0 08
builtins:5.0.1pkg:npm/builtins@5.0.1 05
byte-buddy-1.12.9.jar (shaded: net.bytebuddy:byte-buddy-dep:1.12.9)pkg:maven/net.bytebuddy/byte-buddy-dep@1.12.9 09
byte-buddy-1.12.9.jarpkg:maven/net.bytebuddy/byte-buddy@1.12.9 027
byte-buddy-agent-1.12.9.jarpkg:maven/net.bytebuddy/byte-buddy-agent@1.12.9 031
byte-buddy-agent-1.12.9.jar: attach_hotspot_windows.dll 02
byte-buddy-agent-1.12.9.jar: attach_hotspot_windows.dll 02
c3p0-0.9.5.5.jarcpe:2.3:a:mchange:c3p0:0.9.5.5:*:*:*:*:*:*:*pkg:maven/com.mchange/c3p0@0.9.5.5 0Highest31
cacache:17.1.3pkg:npm/cacache@17.1.3 06
cacheable-lookup:7.0.0pkg:npm/cacheable-lookup@7.0.0 08
cacheable-request:10.2.12pkg:npm/cacheable-request@10.2.12 06
caffeine-3.0.6.jarpkg:maven/com.github.ben-manes.caffeine/caffeine@3.0.6 033
call-bind:1.0.2pkg:npm/call-bind@1.0.2 08
callsite-record:4.1.5pkg:npm/callsite-record@4.1.5 08
callsite:1.0.0pkg:npm/callsite@1.0.0 06
callsites:3.1.0pkg:npm/callsites@3.1.0 08
camelcase-keys:6.2.2pkg:npm/camelcase-keys@6.2.2 08
camelcase:5.3.1pkg:npm/camelcase@5.3.1 08
camelcase:6.3.0pkg:npm/camelcase@6.3.0 08
camelcase:7.0.1pkg:npm/camelcase@7.0.1 08
caniuse-lite:1.0.30001584pkg:npm/caniuse-lite@1.0.30001584 08
catharsis:0.9.0pkg:npm/catharsis@0.9.0 07
chalk:2.4.2pkg:npm/chalk@2.4.2 05
chalk:3.0.0pkg:npm/chalk@3.0.0 05
chalk:4.1.2pkg:npm/chalk@4.1.2 05
chardet:0.7.0pkg:npm/chardet@0.7.0 09
chart.js:2.9.4cpe:2.3:a:chartjs:chart.js:2.9.4:*:*:*:*:*:*:*pkg:npm/chart.js@2.9.4 0Highest7
chartjs-color-string:0.6.0pkg:npm/chartjs-color-string@0.6.0 06
chartjs-color:2.4.1pkg:npm/chartjs-color@2.4.1 05
checker-qual-3.18.0.jarpkg:maven/org.checkerframework/checker-qual@3.18.0 046
chokidar:3.5.3pkg:npm/chokidar@3.5.3 08
chownr:2.0.0cpe:2.3:a:chownr_project:chownr:2.0.0:*:*:*:*:*:*:*pkg:npm/chownr@2.0.0 0Highest6
ci-info:2.0.0pkg:npm/ci-info@2.0.0 08
clean-stack:2.2.0pkg:npm/clean-stack@2.2.0 08
cli-boxes:2.2.1pkg:npm/cli-boxes@2.2.1 08
cli-boxes:3.0.0pkg:npm/cli-boxes@3.0.0 08
cli-cursor:3.1.0pkg:npm/cli-cursor@3.1.0 08
cli-spinners:2.9.0pkg:npm/cli-spinners@2.9.0 08
cli-table3:0.6.3pkg:npm/cli-table3@0.6.3 08
cli-width:3.0.0pkg:npm/cli-width@3.0.0 08
cli:1.0.1cpe:2.3:a:cli_project:cli:1.0.1:*:*:*:*:*:*:*pkg:npm/cli@1.0.1 0Highest9
cliui:7.0.4pkg:npm/cliui@7.0.4 06
clone-deep:4.0.1pkg:npm/clone-deep@4.0.1 08
clone-response:1.0.3pkg:npm/clone-response@1.0.3 06
clone:1.0.4pkg:npm/clone@1.0.4 07
co:4.6.0pkg:npm/co@4.6.0 05
codemodel-2.3.4.jarcpe:2.3:a:eclipse:glassfish:2.3.4:*:*:*:*:*:*:*pkg:maven/org.glassfish.jaxb/codemodel@2.3.4 0High34
color-convert:1.9.3pkg:npm/color-convert@1.9.3 06
color-convert:2.0.1pkg:npm/color-convert@2.0.1 06
color-name:1.1.3pkg:npm/color-name@1.1.3 08
color-name:1.1.4pkg:npm/color-name@1.1.4 08
color-support:1.1.3pkg:npm/color-support@1.1.3 06
colord:2.9.3pkg:npm/colord@2.9.3 06
commander:10.0.1pkg:npm/commander@10.0.1 06
commander:2.20.3pkg:npm/commander@2.20.3 06
commander:3.0.2pkg:npm/commander@3.0.2 06
commander:4.1.1pkg:npm/commander@4.1.1 06
comment-parser:1.4.1pkg:npm/comment-parser@1.4.1 08
commondir:1.0.1pkg:npm/commondir@1.0.1 08
commonmark-0.18.0.jarpkg:maven/org.commonmark/commonmark@0.18.0 023
commonmark-ext-autolink-0.18.0.jarpkg:maven/org.commonmark/commonmark-ext-autolink@0.18.0 023
commonmark-ext-gfm-strikethrough-0.18.0.jarpkg:maven/org.commonmark/commonmark-ext-gfm-strikethrough@0.18.0 025
commonmark-ext-gfm-tables-0.18.0.jarpkg:maven/org.commonmark/commonmark-ext-gfm-tables@0.18.0 025
commonmark-ext-heading-anchor-0.18.0.jarpkg:maven/org.commonmark/commonmark-ext-heading-anchor@0.18.0 025
commonmark-ext-image-attributes-0.18.0.jarpkg:maven/org.commonmark/commonmark-ext-image-attributes@0.18.0 025
commonmark-ext-ins-0.18.0.jarpkg:maven/org.commonmark/commonmark-ext-ins@0.18.0 023
commonmark-ext-task-list-items-0.18.0.jarpkg:maven/org.commonmark/commonmark-ext-task-list-items@0.18.0 025
commonmark-ext-yaml-front-matter-0.18.0.jarpkg:maven/org.commonmark/commonmark-ext-yaml-front-matter@0.18.0 025
commons-beanutils-1.9.4.jarcpe:2.3:a:apache:commons_beanutils:1.9.4:*:*:*:*:*:*:*pkg:maven/commons-beanutils/commons-beanutils@1.9.4 0Highest168
commons-cli-1.4.jarpkg:maven/commons-cli/commons-cli@1.4 085
commons-codec-1.15.jarpkg:maven/commons-codec/commons-codec@1.15 0108
commons-collections-3.2.2.jarcpe:2.3:a:apache:commons_collections:3.2.2:*:*:*:*:*:*:*pkg:maven/commons-collections/commons-collections@3.2.2 0Highest84
commons-collections4-4.4.jarcpe:2.3:a:apache:commons_collections:4.4:*:*:*:*:*:*:*pkg:maven/org.apache.commons/commons-collections4@4.4 0Highest105
commons-compress-1.21.jarcpe:2.3:a:apache:commons_compress:1.21:*:*:*:*:*:*:*pkg:maven/org.apache.commons/commons-compress@1.21MEDIUM2Highest105
commons-csv-1.9.0.jarpkg:maven/org.apache.commons/commons-csv@1.9.0 086
commons-digester-2.1.jarpkg:maven/commons-digester/commons-digester@2.1 098
commons-discovery-0.5.jarcpe:2.3:a:spirit-project:spirit:0.5:*:*:*:*:*:*:*pkg:maven/commons-discovery/commons-discovery@0.5MEDIUM1Low86
commons-email-1.5.jarcpe:2.3:a:apache:commons_email:1.5:*:*:*:*:*:*:*pkg:maven/org.apache.commons/commons-email@1.5 0Highest137
commons-exec-1.3.jarpkg:maven/org.apache.commons/commons-exec@1.3 059
commons-fileupload-1.4.jarcpe:2.3:a:apache:commons_fileupload:1.4:*:*:*:*:*:*:*pkg:maven/commons-fileupload/commons-fileupload@1.4HIGH1Highest115
commons-imaging-1.0-alpha2.jarcpe:2.3:a:apache:commons_imaging:1.0:pha2:*:*:*:*:*:*pkg:maven/org.apache.commons/commons-imaging@1.0-alpha2 0Highest67
commons-io-2.11.0.jarcpe:2.3:a:apache:commons_io:2.11.0:*:*:*:*:*:*:*pkg:maven/commons-io/commons-io@2.11.0 0Highest123
commons-lang-2.6.jarpkg:maven/commons-lang/commons-lang@2.6 0122
commons-lang3-3.12.0.jarpkg:maven/org.apache.commons/commons-lang3@3.12.0 0139
commons-logging-1.2.jarpkg:maven/commons-logging/commons-logging@1.2 0117
commons-math3-3.6.1.jarpkg:maven/org.apache.commons/commons-math3@3.6.1 0134
commons-net-3.8.0.jarcpe:2.3:a:apache:commons_net:3.8.0:*:*:*:*:*:*:*pkg:maven/commons-net/commons-net@3.8.0MEDIUM1Highest99
commons-pool2-2.11.1.jarpkg:maven/org.apache.commons/commons-pool2@2.11.1 090
commons-validator-1.7.jarpkg:maven/commons-validator/commons-validator@1.7 0125
commons-vfs2-2.9.0.jarpkg:maven/org.apache.commons/commons-vfs2@2.9.0 039
concat-map:0.0.1pkg:npm/concat-map@0.0.1 08
config-chain:1.1.13pkg:npm/config-chain@1.1.13 07
configstore:5.0.1pkg:npm/configstore@5.0.1 08
console-browserify:1.1.0pkg:npm/console-browserify@1.1.0 09
console-control-strings:1.1.0pkg:npm/console-control-strings@1.1.0 06
convert-source-map:2.0.0pkg:npm/convert-source-map@2.0.0 09
core-3.4.0.jarpkg:maven/com.google.zxing/core@3.4.0 029
core-js-compat:3.35.1pkg:npm/core-js-compat@3.35.1 08
core-js:3.31.0pkg:npm/core-js@3.31.0 08
core-util-is:1.0.3pkg:npm/core-util-is@1.0.3 07
cosmiconfig:7.1.0pkg:npm/cosmiconfig@7.1.0 08
cross-spawn:7.0.3pkg:npm/cross-spawn@7.0.3 07
crypto-random-string:2.0.0pkg:npm/crypto-random-string@2.0.0 08
css-functions-list:3.1.0pkg:npm/css-functions-list@3.1.0 08
cssesc:3.0.0pkg:npm/cssesc@3.0.0 09
curvesapi-1.06.jarpkg:maven/com.github.virtuald/curvesapi@1.06 024
date-now:0.1.4pkg:npm/date-now@0.1.4 09
debug:4.3.4cpe:2.3:a:debug_project:debug:4.3.4:*:*:*:*:*:*:*pkg:npm/debug@4.3.4 0Highest6
decamelize-keys:1.1.1pkg:npm/decamelize-keys@1.1.1 08
decamelize:1.2.0cpe:2.3:a:decamelize_project:decamelize:1.2.0:*:*:*:*:*:*:*pkg:npm/decamelize@1.2.0 0Highest8
decompress-response:6.0.0pkg:npm/decompress-response@6.0.0 08
deep-extend:0.6.0cpe:2.3:a:deep_extend_project:deep_extend:0.6.0:*:*:*:*:*:*:*pkg:npm/deep-extend@0.6.0 0Highest8
deep-is:0.1.4pkg:npm/deep-is@0.1.4 08
defaults:1.0.4pkg:npm/defaults@1.0.4 06
defer-to-connect:1.1.3pkg:npm/defer-to-connect@1.1.3 08
defer-to-connect:2.0.1pkg:npm/defer-to-connect@2.0.1 08
define-properties:1.2.0pkg:npm/define-properties@1.2.0 06
delegates:1.0.0pkg:npm/delegates@1.0.0 05
depcheck:1.4.3pkg:npm/depcheck@1.4.3 07
depd:2.0.0pkg:npm/depd@2.0.0 06
deps-regex:0.1.4pkg:npm/deps-regex@0.1.4 08
diff-match-patch:1.0.5pkg:npm/diff-match-patch@1.0.5 05
diffutils-1.3.0.jarcpe:2.3:a:utils_project:utils:1.3.0:*:*:*:*:*:*:*pkg:maven/com.googlecode.java-diff-utils/diffutils@1.3.0 0Highest19
dir-glob:3.0.1pkg:npm/dir-glob@3.0.1 08
docdash:2.0.2pkg:npm/docdash@2.0.2 06
doctrine:3.0.0cpe:2.3:a:doctrine-project:doctrine:3.0.0:*:*:*:*:*:*:*pkg:npm/doctrine@3.0.0 0Highest12
dom-serializer:0.2.2pkg:npm/dom-serializer@0.2.2 06
domelementtype:1.3.1pkg:npm/domelementtype@1.3.1 06
domelementtype:2.3.0pkg:npm/domelementtype@2.3.0 06
domhandler:2.3.0pkg:npm/domhandler@2.3.0 06
domutils:1.5.1pkg:npm/domutils@1.5.1 06
dot-prop:5.3.0cpe:2.3:a:dot-prop_project:dot-prop:5.3.0:*:*:*:*:*:*:*pkg:npm/dot-prop@5.3.0 0Highest8
dot-prop:6.0.1cpe:2.3:a:dot-prop_project:dot-prop:6.0.1:*:*:*:*:*:*:*pkg:npm/dot-prop@6.0.1 0Highest8
dtd-parser-1.4.4.jarpkg:maven/com.sun.xml.dtd-parser/dtd-parser@1.4.4 038
duplexer3:0.1.5pkg:npm/duplexer3@0.1.5 05
eastasianwidth:0.2.0pkg:npm/eastasianwidth@0.2.0 06
eddsa-0.3.0.jarcpe:2.3:a:4d:4d:0.3.0:*:*:*:*:*:*:*pkg:maven/net.i2p.crypto/eddsa@0.3.0 0Low33
editorconfig:0.15.3pkg:npm/editorconfig@0.15.3 07
ehcache-3.9.6.jar (shaded: org.ehcache.modules:ehcache-107:3.9.6)pkg:maven/org.ehcache.modules/ehcache-107@3.9.6 021
ehcache-3.9.6.jar (shaded: org.ehcache.modules:ehcache-api:3.9.6)pkg:maven/org.ehcache.modules/ehcache-api@3.9.6 021
ehcache-3.9.6.jar (shaded: org.ehcache.modules:ehcache-core:3.9.6)pkg:maven/org.ehcache.modules/ehcache-core@3.9.6 021
ehcache-3.9.6.jar (shaded: org.ehcache.modules:ehcache-impl:3.9.6)pkg:maven/org.ehcache.modules/ehcache-impl@3.9.6 021
ehcache-3.9.6.jar (shaded: org.ehcache.modules:ehcache-xml:3.9.6)pkg:maven/org.ehcache.modules/ehcache-xml@3.9.6 021
ehcache-3.9.6.jar (shaded: org.ehcache:sizeof:0.4.0)pkg:maven/org.ehcache/sizeof@0.4.0 013
ehcache-3.9.6.jar (shaded: org.terracotta:offheap-store:2.5.2)pkg:maven/org.terracotta/offheap-store@2.5.2 017
ehcache-3.9.6.jar (shaded: org.terracotta:statistics:2.1)pkg:maven/org.terracotta/statistics@2.1 025
ehcache-3.9.6.jar (shaded: org.terracotta:terracotta-utilities-tools:0.0.9)pkg:maven/org.terracotta/terracotta-utilities-tools@0.0.9 019
ehcache-3.9.6.jarcpe:2.3:a:service_project:service:3.9.6:*:*:*:*:*:*:*pkg:maven/org.ehcache/ehcache@3.9.6 0Low52
ehcache-3.9.6.jar: sizeof-agent.jar 08
electron-to-chromium:1.4.656pkg:npm/electron-to-chromium@1.4.656 06
emoji-regex:8.0.0pkg:npm/emoji-regex@8.0.0 09
encoding:0.1.13pkg:npm/encoding@0.1.13 06
end-of-stream:1.4.4pkg:npm/end-of-stream@1.4.4 08
entities:1.0.0pkg:npm/entities@1.0.0 06
entities:2.1.0pkg:npm/entities@2.1.0 06
entities:2.2.0pkg:npm/entities@2.2.0 06
env-paths:2.2.1pkg:npm/env-paths@2.2.1 08
eol:0.9.1pkg:npm/eol@0.9.1 08
err-code:2.0.3pkg:npm/err-code@2.0.3 07
error-ex:1.3.2pkg:npm/error-ex@1.3.2 05
error_prone_annotations-2.3.4.jarpkg:maven/com.google.errorprone/error_prone_annotations@2.3.4 021
es-abstract:1.21.2pkg:npm/es-abstract@1.21.2 08
es-array-method-boxes-properly:1.0.0pkg:npm/es-array-method-boxes-properly@1.0.0 08
es-set-tostringtag:2.0.1pkg:npm/es-set-tostringtag@2.0.1 08
es-to-primitive:1.2.1pkg:npm/es-to-primitive@1.2.1 06
escalade:3.1.1pkg:npm/escalade@3.1.1 08
escape-goat:2.1.1pkg:npm/escape-goat@2.1.1 08
escape-string-regexp:1.0.5pkg:npm/escape-string-regexp@1.0.5 08
escape-string-regexp:2.0.0pkg:npm/escape-string-regexp@2.0.0 08
escape-string-regexp:4.0.0pkg:npm/escape-string-regexp@4.0.0 08
eslint-plugin-jsdoc:48.0.4pkg:npm/eslint-plugin-jsdoc@48.0.4 08
eslint-scope:7.2.2pkg:npm/eslint-scope@7.2.2 07
eslint-visitor-keys:3.4.3pkg:npm/eslint-visitor-keys@3.4.3 08
eslint:8.56.0pkg:npm/eslint@8.56.0 08
espree:9.6.1pkg:npm/espree@9.6.1 08
esprima:4.0.1pkg:npm/esprima@4.0.1 012
esquery:1.5.0pkg:npm/esquery@1.5.0 08
esrecurse:4.3.0pkg:npm/esrecurse@4.3.0 09
estraverse:5.3.0pkg:npm/estraverse@5.3.0 09
estree-walker:2.0.2pkg:npm/estree-walker@2.0.2 06
esutils:2.0.3pkg:npm/esutils@2.0.3 09
execa:5.1.1pkg:npm/execa@5.1.1 08
exit:0.1.2pkg:npm/exit@0.1.2 09
exponential-backoff:3.1.1pkg:npm/exponential-backoff@3.1.1 08
external-editor:3.1.0pkg:npm/external-editor@3.1.0 08
failureaccess-1.0.1.jarpkg:maven/com.google.guava/failureaccess@1.0.1 028
fast-and-simple-minify-1.0.jarpkg:maven/ch.simschla/fast-and-simple-minify@1.0 028
fast-deep-equal:3.1.3pkg:npm/fast-deep-equal@3.1.3 08
fast-glob:3.3.0pkg:npm/fast-glob@3.3.0 07
fast-json-stable-stringify:2.1.0pkg:npm/fast-json-stable-stringify@2.1.0 09
fast-levenshtein:2.0.6pkg:npm/fast-levenshtein@2.0.6 06
fast-memoize:2.5.2pkg:npm/fast-memoize@2.5.2 08
fastest-levenshtein:1.0.16pkg:npm/fastest-levenshtein@1.0.16 08
fastq:1.15.0pkg:npm/fastq@1.15.0 08
figures:3.2.0pkg:npm/figures@3.2.0 08
file-entry-cache:6.0.1pkg:npm/file-entry-cache@6.0.1 07
fill-range:7.0.1pkg:npm/fill-range@7.0.1 08
find-cache-dir:2.1.0pkg:npm/find-cache-dir@2.1.0 05
find-up:3.0.0pkg:npm/find-up@3.0.0 08
find-up:4.1.0pkg:npm/find-up@4.1.0 08
find-up:5.0.0pkg:npm/find-up@5.0.0 08
find-yarn-workspace-root2:1.2.16pkg:npm/find-yarn-workspace-root2@1.2.16 08
flat-cache:3.0.4pkg:npm/flat-cache@3.0.4 07
flatted:3.2.7pkg:npm/flatted@3.2.7 08
fontbox-2.0.23.jarpkg:maven/org.apache.pdfbox/fontbox@2.0.23 033
for-each:0.3.3pkg:npm/for-each@0.3.3 09
foreground-child:3.1.1pkg:npm/foreground-child@3.1.1 06
form-data-encoder:2.1.4pkg:npm/form-data-encoder@2.1.4 06
fp-and-or:0.1.4pkg:npm/fp-and-or@0.1.4 08
fs-extra:8.1.0pkg:npm/fs-extra@8.1.0 07
fs-minipass:2.1.0pkg:npm/fs-minipass@2.1.0 08
fs-minipass:3.0.2pkg:npm/fs-minipass@3.0.2 08
fs-readdir-recursive:1.1.0pkg:npm/fs-readdir-recursive@1.1.0 09
fs.realpath:1.0.0pkg:npm/fs.realpath@1.0.0 06
function-bind:1.1.1pkg:npm/function-bind@1.1.1 09
function.prototype.name:1.1.5pkg:npm/function.prototype.name@1.1.5 06
functions-have-names:1.2.3pkg:npm/functions-have-names@1.2.3 08
fuzzywuzzy-1.3.1.jar (shaded: me.xdrop:diffutils:1.3)pkg:maven/me.xdrop/diffutils@1.3 07
fuzzywuzzy-1.3.1.jar (shaded: me.xdrop:fuzzywuzzy-build:1.3.1)pkg:maven/me.xdrop/fuzzywuzzy-build@1.3.1 011
fuzzywuzzy-1.3.1.jarpkg:maven/me.xdrop/fuzzywuzzy@1.3.1 028
gauge:4.0.4pkg:npm/gauge@4.0.4 08
gensync:1.0.0-beta.2pkg:npm/gensync@1.0.0-beta.2 07
get-caller-file:2.0.5pkg:npm/get-caller-file@2.0.5 08
get-intrinsic:1.2.1pkg:npm/get-intrinsic@1.2.1 08
get-stdin:5.0.1pkg:npm/get-stdin@5.0.1 08
get-stdin:8.0.0pkg:npm/get-stdin@8.0.0 08
get-stream:5.2.0pkg:npm/get-stream@5.2.0 08
get-stream:6.0.1pkg:npm/get-stream@6.0.1 08
get-symbol-description:1.0.0pkg:npm/get-symbol-description@1.0.0 08
giturl:1.0.3pkg:npm/giturl@1.0.3 09
glob-parent:5.1.2cpe:2.3:a:gulpjs:glob-parent:5.1.2:*:*:*:*:*:*:*pkg:npm/glob-parent@5.1.2 0Highest6
glob-parent:6.0.2cpe:2.3:a:gulpjs:glob-parent:6.0.2:*:*:*:*:*:*:*pkg:npm/glob-parent@6.0.2 0Highest6
glob:10.3.3pkg:npm/glob@10.3.3 06
glob:7.2.3pkg:npm/glob@7.2.3 06
global-dirs:2.1.0pkg:npm/global-dirs@2.1.0 08
global-modules:2.0.0pkg:npm/global-modules@2.0.0 08
global-prefix:3.0.0pkg:npm/global-prefix@3.0.0 08
globals:11.12.0pkg:npm/globals@11.12.0 08
globals:13.20.0pkg:npm/globals@13.20.0 08
globalthis:1.0.3pkg:npm/globalthis@1.0.3 06
globby:11.1.0pkg:npm/globby@11.1.0 08
globjoin:0.1.4pkg:npm/globjoin@0.1.4 08
google-java-format-1.11.0.jarpkg:maven/com.google.googlejavaformat/google-java-format@1.11.0 029
gopd:1.0.1pkg:npm/gopd@1.0.1 08
got:12.6.1cpe:2.3:a:got_project:got:12.6.1:*:*:*:*:*:*:*pkg:npm/got@12.6.1 0Highest5
got:13.0.0cpe:2.3:a:got_project:got:13.0.0:*:*:*:*:*:*:*pkg:npm/got@13.0.0 0Highest5
got:9.6.0cpe:2.3:a:got_project:got:9.6.0:*:*:*:*:*:*:*pkg:npm/got@9.6.0MEDIUM1Highest5
graceful-fs:4.2.11pkg:npm/graceful-fs@4.2.11 05
graphemer:1.4.0pkg:npm/graphemer@1.4.0 08
graphics2d-0.32.jarpkg:maven/de.rototor.pdfbox/graphics2d@0.32 025
gson-2.8.6.jarcpe:2.3:a:google:gson:2.8.6:*:*:*:*:*:*:*pkg:maven/com.google.code.gson/gson@2.8.6HIGH1Highest25
guava-30.1.1-jre.jarcpe:2.3:a:google:guava:30.1.1:*:*:*:*:*:*:*pkg:maven/com.google.guava/guava@30.1.1-jreHIGH2Highest23
h2-2.1.214.jarcpe:2.3:a:h2database:h2:2.1.214:*:*:*:*:*:*:*pkg:maven/com.h2database/h2@2.1.214HIGH2Highest44
h2-2.1.214.jar: data.zip: table.js 00
h2-2.1.214.jar: data.zip: tree.js 00
hadoop-hdfs-client-3.3.1.jarcpe:2.3:a:apache:hadoop:3.3.1:*:*:*:*:*:*:*pkg:maven/org.apache.hadoop/hadoop-hdfs-client@3.3.1CRITICAL6Highest27
hamcrest-core-1.3.jarpkg:maven/org.hamcrest/hamcrest-core@1.3 024
handlebars:4.7.7cpe:2.3:a:handlebarsjs:handlebars:4.7.7:*:*:*:*:*:*:*pkg:npm/handlebars@4.7.7 0Highest7
hard-rejection:2.1.0pkg:npm/hard-rejection@2.1.0 08
has-bigints:1.0.2pkg:npm/has-bigints@1.0.2 08
has-flag:3.0.0pkg:npm/has-flag@3.0.0 08
has-property-descriptors:1.0.0pkg:npm/has-property-descriptors@1.0.0 08
has-proto:1.0.1pkg:npm/has-proto@1.0.1 08
has-symbols:1.0.3pkg:npm/has-symbols@1.0.3 010
has-tostringtag:1.0.0pkg:npm/has-tostringtag@1.0.0 010
has-unicode:2.0.1pkg:npm/has-unicode@2.0.1 08
has-yarn:2.1.0pkg:npm/has-yarn@2.1.0 08
has:1.0.3pkg:npm/has@1.0.3 09
highlight-es:1.0.3pkg:npm/highlight-es@1.0.3 08
highlight.js:10.7.3cpe:2.3:a:highlightjs:highlight.js:10.7.3:*:*:*:*:*:*:*pkg:npm/highlight.js@10.7.3 0Highest9
highlight.js:11.5.1cpe:2.3:a:highlightjs:highlight.js:11.5.1:*:*:*:*:*:*:*pkg:npm/highlight.js@11.5.1 0Highest9
homedir-polyfill:1.0.3pkg:npm/homedir-polyfill@1.0.3 08
hosted-git-info:4.1.0pkg:npm/hosted-git-info@4.1.0 08
hosted-git-info:5.2.1pkg:npm/hosted-git-info@5.2.1 08
hsqldb-2.6.1.jarcpe:2.3:a:hsqldb:hypersql_database:2.6.1:*:*:*:*:*:*:*pkg:maven/org.hsqldb/hsqldb@2.6.1CRITICAL1Low41
html-tags:3.3.1pkg:npm/html-tags@3.3.1 08
htmlparser2:3.8.3pkg:npm/htmlparser2@3.8.3 08
http-cache-semantics:4.1.1cpe:2.3:a:http-cache-semantics_project:http-cache-semantics:4.1.1:*:*:*:*:*:*:*pkg:npm/http-cache-semantics@4.1.1 0Highest6
http-proxy-agent:5.0.0cpe:2.3:a:http-proxy-agent_project:http-proxy-agent:5.0.0:*:*:*:*:*:*:*pkg:npm/http-proxy-agent@5.0.0 0Highest7
http2-wrapper:2.2.0pkg:npm/http2-wrapper@2.2.0 08
httpasyncclient-4.1.4.jarcpe:2.3:a:apache:httpasyncclient:4.1.4:*:*:*:*:*:*:*pkg:maven/org.apache.httpcomponents/httpasyncclient@4.1.4 0Highest25
httpclient-4.5.13.jarcpe:2.3:a:apache:httpclient:4.5.13:*:*:*:*:*:*:*pkg:maven/org.apache.httpcomponents/httpclient@4.5.13 0Highest32
httpcore-4.4.14.jarpkg:maven/org.apache.httpcomponents/httpcore@4.4.14 032
httpcore-nio-4.4.14.jarpkg:maven/org.apache.httpcomponents/httpcore-nio@4.4.14 030
httpmime-4.5.13.jarpkg:maven/org.apache.httpcomponents/httpmime@4.5.13 030
https-proxy-agent:5.0.1cpe:2.3:a:https-proxy-agent_project:https-proxy-agent:5.0.1:*:*:*:*:*:*:*pkg:npm/https-proxy-agent@5.0.1 0Highest7
human-signals:2.1.0pkg:npm/human-signals@2.1.0 08
humanize-ms:1.2.1pkg:npm/humanize-ms@1.2.1 08
iconv-lite:0.4.24pkg:npm/iconv-lite@0.4.24 08
iconv-lite:0.6.3pkg:npm/iconv-lite@0.6.3 08
icu4j-69.1.jarcpe:2.3:a:icu-project:international_components_for_unicode:69.1:*:*:*:*:*:*:*
cpe:2.3:a:unicode:international_components_for_unicode:69.1:*:*:*:*:*:*:*		pkg:maven/com.ibm.icu/icu4j@69.1 0Low79
ieee754:1.2.1pkg:npm/ieee754@1.2.1 08
ignore-walk:6.0.3pkg:npm/ignore-walk@6.0.3 06
ignore:5.2.4pkg:npm/ignore@5.2.4 07
immediate:3.0.6pkg:npm/immediate@3.0.6 06
immutable:4.3.0pkg:npm/immutable@4.3.0 09
import-fresh:3.3.0pkg:npm/import-fresh@3.3.0 08
import-lazy:2.1.0pkg:npm/import-lazy@2.1.0 08
import-lazy:4.0.0pkg:npm/import-lazy@4.0.0 08
imurmurhash:0.1.4pkg:npm/imurmurhash@0.1.4 010
indent-string:4.0.0pkg:npm/indent-string@4.0.0 08
inflight:1.0.6pkg:npm/inflight@1.0.6 08
inherits:2.0.4pkg:npm/inherits@2.0.4 05
ini:1.3.8cpe:2.3:a:ini_project:ini:1.3.8:*:*:*:*:*:*:*pkg:npm/ini@1.3.8 0Highest6
ini:2.0.0cpe:2.3:a:ini_project:ini:2.0.0:*:*:*:*:*:*:*pkg:npm/ini@2.0.0 0Highest6
ini:4.1.1cpe:2.3:a:ini_project:ini:4.1.1:*:*:*:*:*:*:*pkg:npm/ini@4.1.1 0Highest6
inquirer:7.3.3pkg:npm/inquirer@7.3.3 06
internal-slot:1.0.5pkg:npm/internal-slot@1.0.5 08
invariant:2.2.4pkg:npm/invariant@2.2.4 06
ip:2.0.0cpe:2.3:a:fedorindutny:ip:2.0.0:*:*:*:*:*:*:*pkg:npm/ip@2.0.0CRITICAL1Highest6
is-array-buffer:3.0.2pkg:npm/is-array-buffer@3.0.2 08
is-arrayish:0.2.1pkg:npm/is-arrayish@0.2.1 06
is-bigint:1.0.4pkg:npm/is-bigint@1.0.4 08
is-binary-path:2.1.0pkg:npm/is-binary-path@2.1.0 08
is-boolean-object:1.1.2pkg:npm/is-boolean-object@1.1.2 06
is-builtin-module:3.2.1pkg:npm/is-builtin-module@3.2.1 08
is-callable:1.2.7pkg:npm/is-callable@1.2.7 08
is-ci:2.0.0pkg:npm/is-ci@2.0.0 08
is-core-module:2.12.1pkg:npm/is-core-module@2.12.1 08
is-date-object:1.0.5pkg:npm/is-date-object@1.0.5 06
is-docker:2.2.1pkg:npm/is-docker@2.2.1 08
is-es2016-keyword:1.0.0pkg:npm/is-es2016-keyword@1.0.0 08
is-extglob:2.1.1pkg:npm/is-extglob@2.1.1 08
is-fullwidth-code-point:3.0.0pkg:npm/is-fullwidth-code-point@3.0.0 08
is-glob:4.0.3pkg:npm/is-glob@4.0.3 08
is-installed-globally:0.3.2pkg:npm/is-installed-globally@0.3.2 08
is-interactive:1.0.0pkg:npm/is-interactive@1.0.0 08
is-lambda:1.0.1pkg:npm/is-lambda@1.0.1 08
is-negative-zero:2.0.2pkg:npm/is-negative-zero@2.0.2 08
is-npm:4.0.0pkg:npm/is-npm@4.0.0 08
is-number-object:1.0.7pkg:npm/is-number-object@1.0.7 08
is-number:7.0.0pkg:npm/is-number@7.0.0 08
is-obj:2.0.0pkg:npm/is-obj@2.0.0 08
is-path-inside:3.0.3pkg:npm/is-path-inside@3.0.3 08
is-plain-obj:1.1.0pkg:npm/is-plain-obj@1.1.0 08
is-plain-object:2.0.4pkg:npm/is-plain-object@2.0.4 08
is-plain-object:5.0.0pkg:npm/is-plain-object@5.0.0 08
is-regex:1.1.4pkg:npm/is-regex@1.1.4 08
is-shared-array-buffer:1.0.2pkg:npm/is-shared-array-buffer@1.0.2 010
is-stream:2.0.1pkg:npm/is-stream@2.0.1 08
is-string:1.0.7pkg:npm/is-string@1.0.7 06
is-symbol:1.0.4pkg:npm/is-symbol@1.0.4 07
is-typed-array:1.1.10pkg:npm/is-typed-array@1.1.10 08
is-typedarray:1.0.0pkg:npm/is-typedarray@1.0.0 08
is-unicode-supported:0.1.0pkg:npm/is-unicode-supported@0.1.0 08
is-weakref:1.0.2pkg:npm/is-weakref@1.0.2 08
is-wsl:2.2.0pkg:npm/is-wsl@2.2.0 08
is-yarn-global:0.3.0pkg:npm/is-yarn-global@0.3.0 06
isarray:0.0.1pkg:npm/isarray@0.0.1 09
isarray:2.0.5pkg:npm/isarray@2.0.5 09
isexe:2.0.0pkg:npm/isexe@2.0.0 08
isobject:3.0.1pkg:npm/isobject@3.0.1 08
istack-commons-runtime-3.0.12.jarpkg:maven/com.sun.istack/istack-commons-runtime@3.0.12 033
istack-commons-tools-3.0.12.jarpkg:maven/com.sun.istack/istack-commons-tools@3.0.12 035
itext-2.1.7.jarpkg:maven/com.lowagie/itext@2.1.7HIGH146
itext-rtf-2.1.7.jarpkg:maven/com.lowagie/itext-rtf@2.1.7 046
j2objc-annotations-1.3.jarpkg:maven/com.google.j2objc/j2objc-annotations@1.3 024
jackson-core-2.12.4.jarcpe:2.3:a:fasterxml:jackson-modules-java8:2.12.4:*:*:*:*:*:*:*pkg:maven/com.fasterxml.jackson.core/jackson-core@2.12.4 0Low45
jackson-databind-2.12.4.jarcpe:2.3:a:fasterxml:jackson-databind:2.12.4:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-modules-java8:2.12.4:*:*:*:*:*:*:*		pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.4HIGH5Highest41
jackson-dataformat-csv-2.12.4.jarcpe:2.3:a:fasterxml:jackson-dataformat-xml:2.12.4:*:*:*:*:*:*:*pkg:maven/com.fasterxml.jackson.dataformat/jackson-dataformat-csv@2.12.4 0Highest39
jackson-datatype-guava-2.12.4.jarpkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-guava@2.12.4 039
jackson-datatype-joda-2.12.4.jarpkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-joda@2.12.4 041
jackson-jaxrs-base-2.12.4.jarpkg:maven/com.fasterxml.jackson.jaxrs/jackson-jaxrs-base@2.12.4 039
jackson-jaxrs-json-provider-2.12.4.jarpkg:maven/com.fasterxml.jackson.jaxrs/jackson-jaxrs-json-provider@2.12.4 039
jackson-jaxrs-xml-provider-2.12.4.jarpkg:maven/com.fasterxml.jackson.jaxrs/jackson-jaxrs-xml-provider@2.12.4 039
jackson-module-jaxb-annotations-2.12.4.jarpkg:maven/com.fasterxml.jackson.module/jackson-module-jaxb-annotations@2.12.4 041
jackspeak:2.3.6pkg:npm/jackspeak@2.3.6 06
jai-imageio-core-1.4.0.jarpkg:maven/com.github.jai-imageio/jai-imageio-core@1.4.0 042
jakarta.activation-2.0.1.jarpkg:maven/com.sun.activation/jakarta.activation@2.0.1 036
jakarta.mail-2.0.1.jarpkg:maven/com.sun.mail/jakarta.mail@2.0.1 042
jakarta.xml.bind-api-2.3.3.jarpkg:maven/jakarta.xml.bind/jakarta.xml.bind-api@2.3.3 033
java-jwt-3.18.2.jarpkg:maven/com.auth0/java-jwt@3.18.2 039
java-saml-2.7.0.jarpkg:maven/com.onelogin/java-saml@2.7.0 018
java-saml-core-2.7.0.jarpkg:maven/com.onelogin/java-saml-core@2.7.0 017
javase-3.4.0.jarpkg:maven/com.google.zxing/javase@3.4.0 021
javax.activation-api-1.2.0.jarpkg:maven/javax.activation/javax.activation-api@1.2.0 039
javax.annotation-api-1.3.2.jarpkg:maven/javax.annotation/javax.annotation-api@1.3.2 048
javax.ejb-api-3.2.2.jarpkg:maven/javax.ejb/javax.ejb-api@3.2.2 046
javax.jms-api-2.0.1.jarcpe:2.3:a:oracle:projects:2.0.1:*:*:*:*:*:*:*pkg:maven/javax.jms/javax.jms-api@2.0.1 0Low34
javax.mail-api-1.6.2.jarpkg:maven/javax.mail/javax.mail-api@1.6.2 039
javax.servlet-api-4.0.1.jarcpe:2.3:a:oracle:java_se:4.0.1:*:*:*:*:*:*:*pkg:maven/javax.servlet/javax.servlet-api@4.0.1 0Medium48
javax.servlet.jsp-api-2.3.3.jarcpe:2.3:a:oracle:java_se:2.3.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jsp:2.3.3:*:*:*:*:*:*:*		pkg:maven/javax.servlet.jsp/javax.servlet.jsp-api@2.3.3 0High46
javax.transaction-api-1.3.jarpkg:maven/javax.transaction/javax.transaction-api@1.3 048
javax.websocket-api-1.1.jarpkg:maven/javax.websocket/javax.websocket-api@1.1 030
javax.ws.rs-api-2.0.1.jarpkg:maven/javax.ws.rs/javax.ws.rs-api@2.0.1 057
jawk-1.02.jarpkg:maven/org.jawk/jawk@1.02 012
jaxb-api-2.3.1.jarpkg:maven/javax.xml.bind/jaxb-api@2.3.1 035
jaxb-xjc-2.3.4.jarcpe:2.3:a:eclipse:glassfish:2.3.4:*:*:*:*:*:*:*pkg:maven/org.glassfish.jaxb/jaxb-xjc@2.3.4 0High33
jbig2-imageio-3.0.3.jarcpe:2.3:a:apache:pdfbox:3.0.3:*:*:*:*:*:*:*pkg:maven/org.apache.pdfbox/jbig2-imageio@3.0.3 0Highest130
jcl-over-slf4j-1.7.32.jarpkg:maven/org.slf4j/jcl-over-slf4j@1.7.32 031
jcommander-1.72.jarpkg:maven/com.beust/jcommander@1.72 027
jedis-3.7.0.jarpkg:maven/redis.clients/jedis@3.7.0 027
jfreechart-1.5.3.jarcpe:2.3:a:time_project:time:1.5.3:*:*:*:*:*:*:*pkg:maven/org.jfree/jfreechart@1.5.3 0Low41
jju:1.4.0pkg:npm/jju@1.4.0 09
jlessc-1.10.jarpkg:maven/de.inetsoftware/jlessc@1.10 033
jlessc-ant-1.10.jarpkg:maven/com.simplicite.ant/jlessc-ant@1.10
pkg:maven/com.simplicite/jlessc-ant@1.10		 028
jmustache-1.15.jarpkg:maven/com.samskivert/jmustache@1.15 028
joda-time-2.10.10.jarpkg:maven/joda-time/joda-time@2.10.10 047
jose4j-0.7.11.jarcpe:2.3:a:jose4j_project:jose4j:0.7.11:*:*:*:*:*:*:*pkg:maven/org.bitbucket.b_c/jose4j@0.7.11HIGH2Highest39
jquery:3.6.0cpe:2.3:a:jquery:jquery:3.6.0:*:*:*:*:*:*:*pkg:npm/jquery@3.6.0 0Highest9
js-beautify:1.14.0cpe:2.3:a:js-beautify_project:js-beautify:1.14.0:*:*:*:*:*:*:*pkg:npm/js-beautify@1.14.0 0Highest8
js-tokens:4.0.0pkg:npm/js-tokens@4.0.0 06
js-yaml:3.14.1cpe:2.3:a:js-yaml_project:js-yaml:3.14.1:*:*:*:*:*:*:*pkg:npm/js-yaml@3.14.1 0Highest7
js-yaml:4.1.0cpe:2.3:a:js-yaml_project:js-yaml:4.1.0:*:*:*:*:*:*:*pkg:npm/js-yaml@4.1.0 0Highest6
js2xmlparser:4.0.2pkg:npm/js2xmlparser@4.0.2 07
jsdoc-type-pratt-parser:4.0.0pkg:npm/jsdoc-type-pratt-parser@4.0.0 08
jsdoc:4.0.2pkg:npm/jsdoc@4.0.2 010
jsesc:0.5.0pkg:npm/jsesc@0.5.0 09
jsesc:2.5.2pkg:npm/jsesc@2.5.2 09
jshint:2.13.1pkg:npm/jshint@2.13.1 010
json-20211205.jarcpe:2.3:a:json-java_project:json-java:*:*:*:*:*:*:*:*pkg:maven/org.json/json@20211205HIGH2Highest30
json-buffer:3.0.1pkg:npm/json-buffer@3.0.1 07
json-parse-even-better-errors:2.3.1pkg:npm/json-parse-even-better-errors@2.3.1 08
json-parse-even-better-errors:3.0.0pkg:npm/json-parse-even-better-errors@3.0.0 06
json-parse-helpfulerror:1.0.3pkg:npm/json-parse-helpfulerror@1.0.3 08
json-schema-traverse:0.4.1pkg:npm/json-schema-traverse@0.4.1 08
json-schema-traverse:1.0.0pkg:npm/json-schema-traverse@1.0.0 08
json-simple-1.1.1.jarpkg:maven/com.googlecode.json-simple/json-simple@1.1.1 025
json-stable-stringify-without-jsonify:1.0.1pkg:npm/json-stable-stringify-without-jsonify@1.0.1 09
json5:2.2.3cpe:2.3:a:json5:json5:2.2.3:*:*:*:*:*:*:*pkg:npm/json5@2.2.3 0Highest8
jsonfile:4.0.0pkg:npm/jsonfile@4.0.0 06
jsonlines:0.1.1pkg:npm/jsonlines@0.1.1 05
jsonparse:1.3.1pkg:npm/jsonparse@1.3.1 07
jsoup-1.14.3.jarcpe:2.3:a:jsoup:jsoup:1.14.3:*:*:*:*:*:*:*pkg:maven/org.jsoup/jsoup@1.14.3MEDIUM1Highest37
jsr305-3.0.2.jarpkg:maven/com.google.code.findbugs/jsr305@3.0.2 017
jszip-utils:0.1.0pkg:npm/jszip-utils@0.1.0 06
jszip:3.7.1cpe:2.3:a:jszip_project:jszip:3.7.1:*:*:*:*:*:*:*pkg:npm/jszip@3.7.1HIGH2Highest6
jtidy-r938.jarcpe:2.3:a:jtidy_project:jtidy:r938:*:*:*:*:*:*:*pkg:maven/net.sf.jtidy/jtidy@r938HIGH1Highest53
jul-to-slf4j-1.7.32.jarpkg:maven/org.slf4j/jul-to-slf4j@1.7.32 026
junit-4.13.2.jarcpe:2.3:a:junit:junit4:4.13.2:*:*:*:*:*:*:*pkg:maven/junit/junit@4.13.2 0Low53
kafka-clients-3.3.1.jarcpe:2.3:a:apache:kafka:3.3.1:*:*:*:*:*:*:*pkg:maven/org.apache.kafka/kafka-clients@3.3.1HIGH1Highest24
keyv:3.1.0pkg:npm/keyv@3.1.0 08
keyv:4.5.2pkg:npm/keyv@4.5.2 08
kind-of:6.0.3cpe:2.3:a:kind-of_project:kind-of:6.0.3:*:*:*:*:*:*:*pkg:npm/kind-of@6.0.3 0Highest8
klaw:3.0.0pkg:npm/klaw@3.0.0 08
kleur:4.1.5pkg:npm/kleur@4.1.5 08
known-css-properties:0.26.0pkg:npm/known-css-properties@0.26.0 010
latest-version:5.1.0pkg:npm/latest-version@5.1.0 08
leaflet:1.7.1pkg:npm/leaflet@1.7.1 06
levn:0.4.1pkg:npm/levn@0.4.1 08
libphonenumber-8.12.32.jarpkg:maven/com.googlecode.libphonenumber/libphonenumber@8.12.32 020
license-report:6.5.0pkg:npm/license-report@6.5.0 08
lie:3.3.0pkg:npm/lie@3.3.0 06
lines-and-columns:1.2.4pkg:npm/lines-and-columns@1.2.4 08
linkify-it:3.0.3pkg:npm/linkify-it@3.0.3 05
listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jarpkg:maven/com.google.guava/listenablefuture@9999.0-empty-to-avoid-conflict-with-guava 013
load-yaml-file:0.2.0pkg:npm/load-yaml-file@0.2.0 04
locate-path:3.0.0pkg:npm/locate-path@3.0.0 08
locate-path:5.0.0pkg:npm/locate-path@5.0.0 08
locate-path:6.0.0pkg:npm/locate-path@6.0.0 08
lodash.debounce:4.0.8pkg:npm/lodash.debounce@4.0.8 07
lodash.merge:4.6.2pkg:npm/lodash.merge@4.6.2 07
lodash.truncate:4.4.2pkg:npm/lodash.truncate@4.4.2 07
lodash:4.17.21cpe:2.3:a:lodash:lodash:4.17.21:*:*:*:*:*:*:*pkg:npm/lodash@4.17.21 0Highest7
log-symbols:4.1.0pkg:npm/log-symbols@4.1.0 08
log4j-core-2.19.0.jarcpe:2.3:a:apache:log4j:2.19.0:*:*:*:*:*:*:*pkg:maven/org.apache.logging.log4j/log4j-core@2.19.0 0Highest48
log4j-slf4j-impl-2.19.0.jarpkg:maven/org.apache.logging.log4j/log4j-slf4j-impl@2.19.0 044
loose-envify:1.4.0pkg:npm/loose-envify@1.4.0 07
lower-case:2.0.2pkg:npm/lower-case@2.0.2 010
lowercase-keys:2.0.0pkg:npm/lowercase-keys@2.0.0 08
lowercase-keys:3.0.0pkg:npm/lowercase-keys@3.0.0 08
lru-cache:10.0.0pkg:npm/lru-cache@10.0.0 06
lru-cache:4.1.5pkg:npm/lru-cache@4.1.5 06
lru-cache:5.1.1pkg:npm/lru-cache@5.1.1 06
lru-cache:6.0.0pkg:npm/lru-cache@6.0.0 06
lru-cache:7.18.3pkg:npm/lru-cache@7.18.3 06
lucene-core-8.9.0.jarpkg:maven/org.apache.lucene/lucene-core@8.9.0 028
luxon:1.28.1pkg:npm/luxon@1.28.1 06
lz4-java-1.8.0.jarpkg:maven/org.lz4/lz4-java@1.8.0 037
magic-string:0.30.0pkg:npm/magic-string@0.30.0 06
make-dir:2.1.0pkg:npm/make-dir@2.1.0 08
make-dir:3.1.0pkg:npm/make-dir@3.1.0 08
make-fetch-happen:11.1.1pkg:npm/make-fetch-happen@11.1.1 06
map-obj:1.0.1pkg:npm/map-obj@1.0.1 08
map-obj:4.3.0pkg:npm/map-obj@4.3.0 08
markdown-it-anchor:8.6.7pkg:npm/markdown-it-anchor@8.6.7 05
markdown-it:12.3.2cpe:2.3:a:markdown-it_project:markdown-it:12.3.2:*:*:*:*:*:*:*pkg:npm/markdown-it@12.3.2 0Highest5
marked:1.2.9cpe:2.3:a:marked_project:marked:1.2.9:*:*:*:*:*:*:*pkg:npm/marked@1.2.9HIGH6Highest8
marked:3.0.4cpe:2.3:a:marked_project:marked:3.0.4:*:*:*:*:*:*:*pkg:npm/marked@3.0.4HIGH2Highest8
marked:4.3.0cpe:2.3:a:marked_project:marked:4.3.0:*:*:*:*:*:*:*pkg:npm/marked@4.3.0 0Highest8
mathml-tag-names:2.1.3pkg:npm/mathml-tag-names@2.1.3 07
mchange-commons-java-0.2.19.jarpkg:maven/com.mchange/mchange-commons-java@0.2.19 029
mdurl:1.0.1pkg:npm/mdurl@1.0.1 05
meow:9.0.0pkg:npm/meow@9.0.0 08
merge-stream:2.0.0pkg:npm/merge-stream@2.0.0 06
merge2:1.4.1pkg:npm/merge2@1.4.1 06
micromatch:4.0.5pkg:npm/micromatch@4.0.5 08
mimic-fn:2.1.0pkg:npm/mimic-fn@2.1.0 08
mimic-response:1.0.1pkg:npm/mimic-response@1.0.1 08
mimic-response:3.1.0pkg:npm/mimic-response@3.1.0 08
mimic-response:4.0.0pkg:npm/mimic-response@4.0.0 08
min-indent:1.0.1pkg:npm/min-indent@1.0.1 08
minimatch:3.1.2cpe:2.3:a:minimatch_project:minimatch:3.1.2:*:*:*:*:*:*:*pkg:npm/minimatch@3.1.2 0Highest6
minimatch:9.0.3cpe:2.3:a:minimatch_project:minimatch:9.0.3:*:*:*:*:*:*:*pkg:npm/minimatch@9.0.3 0Highest6
minimist-options:4.1.0pkg:npm/minimist-options@4.1.0 06
minimist:1.2.8cpe:2.3:a:substack:minimist:1.2.8:*:*:*:*:*:*:*pkg:npm/minimist@1.2.8 0Highest9
minipass-collect:1.0.2pkg:npm/minipass-collect@1.0.2 06
minipass-fetch:3.0.3pkg:npm/minipass-fetch@3.0.3 06
minipass-flush:1.0.5pkg:npm/minipass-flush@1.0.5 06
minipass-json-stream:1.0.1pkg:npm/minipass-json-stream@1.0.1 06
minipass-pipeline:1.2.4pkg:npm/minipass-pipeline@1.2.4 06
minipass-sized:1.0.3pkg:npm/minipass-sized@1.0.3 06
minipass:3.3.6pkg:npm/minipass@3.3.6 06
minipass:5.0.0pkg:npm/minipass@5.0.0 06
minizlib:2.1.2pkg:npm/minizlib@2.1.2 06
mkdirp:1.0.4pkg:npm/mkdirp@1.0.4 05
mockito-core-4.5.1.jarpkg:maven/org.mockito/mockito-core@4.5.1 041
moment-timezone:0.5.34pkg:npm/moment-timezone@0.5.34MODERATE28
moment:2.29.4cpe:2.3:a:momentjs:moment:2.29.4:*:*:*:*:*:*:*pkg:npm/moment@2.29.4 0Highest8
mongodb-driver-core-3.12.12.jarcpe:2.3:a:mongodb:java_driver:3.12.12:*:*:*:*:*:*:*pkg:maven/org.mongodb/mongodb-driver-core@3.12.12 0Low28
ms:2.1.2pkg:npm/ms@2.1.2 05
mssql-jdbc-12.4.1.jre8.jarcpe:2.3:a:www-sql_project:www-sql:12.4.1.jre8:*:*:*:*:*:*:*pkg:maven/com.microsoft.sqlserver/mssql-jdbc@12.4.1
pkg:maven/com.microsoft.sqlserver/mssql-jdbc@12.4.1.jre8		 0Highest34
multimatch:5.0.0pkg:npm/multimatch@5.0.0 08
mustache:4.2.0pkg:npm/mustache@4.2.0 07
mute-stream:0.0.8pkg:npm/mute-stream@0.0.8 06
mysql-connector-j-8.1.0.jarcpe:2.3:a:mysql:mysql:8.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_connector\/j:8.1.0:*:*:*:*:*:*:*		pkg:maven/com.mysql/mysql-connector-j@8.1.0HIGH1Highest52
nanoid:3.3.6cpe:2.3:a:nanoid_project:nanoid:3.3.6:*:*:*:*:*:*:*pkg:npm/nanoid@3.3.6 0Highest6
natural-compare:1.4.0pkg:npm/natural-compare@1.4.0 07
negotiator:0.6.3cpe:2.3:a:negotiator_project:negotiator:0.6.3:*:*:*:*:*:*:*pkg:npm/negotiator@0.6.3 0Highest5
neo-async:2.6.2pkg:npm/neo-async@2.6.2 06
netty-codec-4.1.59.Final.jarcpe:2.3:a:netty:netty:4.1.59:*:*:*:*:*:*:*pkg:maven/io.netty/netty-codec@4.1.59.FinalHIGH*10Highest32
netty-codec-http-4.1.59.Final.jarcpe:2.3:a:netty:netty:4.1.59:*:*:*:*:*:*:*pkg:maven/io.netty/netty-codec-http@4.1.59.FinalHIGH*10Highest32
netty-codec-mqtt-4.1.59.Final.jarcpe:2.3:a:mqtt:mqtt:4.1.59:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.1.59:*:*:*:*:*:*:*		pkg:maven/io.netty/netty-codec-mqtt@4.1.59.FinalHIGH*9Highest32
netty-common-4.1.59.Final.jar (shaded: org.jctools:jctools-core:3.1.0)pkg:maven/org.jctools/jctools-core@3.1.0 09
netty-transport-4.1.59.Final.jarcpe:2.3:a:netty:netty:4.1.59:*:*:*:*:*:*:*pkg:maven/io.netty/netty-transport@4.1.59.FinalHIGH*9Highest30
netty-transport-native-kqueue-4.1.65.Final-osx-x86_64.jarcpe:2.3:a:netty:netty:4.1.65:*:*:*:*:*:*:*pkg:maven/io.netty/netty-transport-native-kqueue@4.1.65.FinalHIGH*7Highest34
no-case:3.0.4cpe:2.3:a:no-case_project:no-case:3.0.4:*:*:*:*:*:*:*pkg:npm/no-case@3.0.4 0Highest10
node-emoji:1.11.0pkg:npm/node-emoji@1.11.0 07
node-environment-flags:1.0.6pkg:npm/node-environment-flags@1.0.6 06
node-gyp:9.4.0pkg:npm/node-gyp@9.4.0 06
node-releases:2.0.14pkg:npm/node-releases@2.0.14 06
nopt:5.0.0pkg:npm/nopt@5.0.0 06
nopt:6.0.0pkg:npm/nopt@6.0.0 06
normalize-package-data:2.5.0pkg:npm/normalize-package-data@2.5.0 06
normalize-package-data:3.0.3pkg:npm/normalize-package-data@3.0.3 06
normalize-package-data:5.0.0pkg:npm/normalize-package-data@5.0.0 06
normalize-path:3.0.0pkg:npm/normalize-path@3.0.0 08
normalize-url:4.5.1cpe:2.3:a:normalize-url_project:normalize-url:4.5.1:*:*:*:*:*:*:*pkg:npm/normalize-url@4.5.1 0Highest8
normalize-url:8.0.0cpe:2.3:a:normalize-url_project:normalize-url:8.0.0:*:*:*:*:*:*:*pkg:npm/normalize-url@8.0.0 0Highest8
npm-audit-html:1.5.0pkg:npm/npm-audit-html@1.5.0 06
npm-bundled:3.0.0pkg:npm/npm-bundled@3.0.0 06
npm-check-updates:16.14.14pkg:npm/npm-check-updates@16.14.14 08
npm-check:6.0.1pkg:npm/npm-check@6.0.1 09
npm-install-checks:6.1.1pkg:npm/npm-install-checks@6.1.1 06
npm-normalize-package-bin:3.0.1pkg:npm/npm-normalize-package-bin@3.0.1 06
npm-package-arg:10.1.0pkg:npm/npm-package-arg@10.1.0 08
npm-packlist:7.0.4pkg:npm/npm-packlist@7.0.4 06
npm-pick-manifest:8.0.2pkg:npm/npm-pick-manifest@8.0.2 06
npm-registry-fetch:14.0.5pkg:npm/npm-registry-fetch@14.0.5 06
npm-run-path:4.0.1pkg:npm/npm-run-path@4.0.1 08
npmlog:6.0.2pkg:npm/npmlog@6.0.2 06
numeral:2.0.6pkg:npm/numeral@2.0.6 010
object-inspect:1.12.3pkg:npm/object-inspect@1.12.3 09
object-keys:1.1.1pkg:npm/object-keys@1.1.1 08
object.assign:4.1.4pkg:npm/object.assign@4.1.4 06
object.getownpropertydescriptors:2.1.6pkg:npm/object.getownpropertydescriptors@2.1.6 06
objenesis-3.2.jarpkg:maven/org.objenesis/objenesis@3.2 027
ojdbc8-23.2.0.0.jarcpe:2.3:a:oracle:jdbc:23.2.0.0:*:*:*:*:*:*:*pkg:maven/com.oracle.database.jdbc/ojdbc8@23.2.0.0 0Highest32
okhttp-2.7.5.jarcpe:2.3:a:squareup:okhttp:2.7.5:*:*:*:*:*:*:*pkg:maven/com.squareup.okhttp/okhttp@2.7.5HIGH2Highest22
okio-1.6.0.jarcpe:2.3:a:squareup:okio:1.6.0:*:*:*:*:*:*:*pkg:maven/com.squareup.okio/okio@1.6.0HIGH1Highest16
once:1.4.0pkg:npm/once@1.4.0 06
onetime:5.1.2pkg:npm/onetime@5.1.2 08
open:7.4.2pkg:npm/open@7.4.2 08
openhtmltopdf-core-1.0.10.jarpkg:maven/com.openhtmltopdf/openhtmltopdf-core@1.0.10 025
openhtmltopdf-pdfbox-1.0.10.jarcpe:2.3:a:apache:pdfbox:1.0.10:*:*:*:*:*:*:*pkg:maven/com.openhtmltopdf/openhtmltopdf-pdfbox@1.0.10 0High21
optionator:0.9.3pkg:npm/optionator@0.9.3 08
ora:5.4.1pkg:npm/ora@5.4.1 08
org.apache.oltu.oauth2.client-1.0.2.jarpkg:maven/org.apache.oltu.oauth2/org.apache.oltu.oauth2.client@1.0.2 032
org.apache.oltu.oauth2.common-1.0.2.jarpkg:maven/org.apache.oltu.oauth2/org.apache.oltu.oauth2.common@1.0.2 032
org.eclipse.jgit.http.server-6.1.0.202203080745-r.jarcpe:2.3:a:eclipse:jgit:6.1.0:202203080745:*:*:*:*:*:*pkg:maven/org.eclipse.jgit/org.eclipse.jgit.http.server@6.1.0.202203080745-rHIGH1Highest40
org.eclipse.paho.client.mqttv3-1.2.5.jarcpe:2.3:a:eclipse:paho_java_client:1.2.5:*:*:*:*:*:*:*pkg:maven/org.eclipse.paho/org.eclipse.paho.client.mqttv3@1.2.5 0Low32
os-tmpdir:1.0.2pkg:npm/os-tmpdir@1.0.2 08
p-cancelable:1.1.0pkg:npm/p-cancelable@1.1.0 08
p-cancelable:3.0.0pkg:npm/p-cancelable@3.0.0 08
p-limit:3.1.0pkg:npm/p-limit@3.1.0 09
p-locate:3.0.0pkg:npm/p-locate@3.0.0 08
p-locate:4.1.0pkg:npm/p-locate@4.1.0 08
p-locate:5.0.0pkg:npm/p-locate@5.0.0 08
p-map:4.0.0pkg:npm/p-map@4.0.0 08
p-try:2.2.0pkg:npm/p-try@2.2.0 08
package-json:6.5.0pkg:npm/package-json@6.5.0 08
package-json:8.1.1pkg:npm/package-json@8.1.1 08
pacote:15.2.0pkg:npm/pacote@15.2.0 06
pako:1.0.11pkg:npm/pako@1.0.11 06
parent-module:1.0.1pkg:npm/parent-module@1.0.1 08
parse-github-url:1.0.2pkg:npm/parse-github-url@1.0.2 08
parse-json:5.2.0cpe:2.3:a:parsejson_project:parsejson:5.2.0:*:*:*:*:*:*:*pkg:npm/parse-json@5.2.0 0Low8
parse-passwd:1.0.0pkg:npm/parse-passwd@1.0.0 08
path-exists:3.0.0pkg:npm/path-exists@3.0.0 08
path-exists:4.0.0pkg:npm/path-exists@4.0.0 08
path-is-absolute:1.0.1pkg:npm/path-is-absolute@1.0.1 08
path-key:3.1.1pkg:npm/path-key@3.1.1 08
path-parse:1.0.7cpe:2.3:a:path-parse_project:path-parse:1.0.7:*:*:*:*:*:*:*pkg:npm/path-parse@1.0.7 0Highest8
path-scurry:1.10.1pkg:npm/path-scurry@1.10.1 06
path-type:4.0.0pkg:npm/path-type@4.0.0 08
pdfbox-2.0.23.jarcpe:2.3:a:apache:pdfbox:2.0.23:*:*:*:*:*:*:*pkg:maven/org.apache.pdfbox/pdfbox@2.0.23MEDIUM2Highest31
picocolors:1.0.0pkg:npm/picocolors@1.0.0 06
picomatch:2.3.1pkg:npm/picomatch@2.3.1 08
pify:4.0.1pkg:npm/pify@4.0.1 08
pinkie-promise:2.0.1pkg:npm/pinkie-promise@2.0.1 08
pinkie:2.0.4pkg:npm/pinkie@2.0.4 08
pirates:4.0.6pkg:npm/pirates@4.0.6 010
pkg-dir:3.0.0pkg:npm/pkg-dir@3.0.0 08
pkg-dir:4.2.0pkg:npm/pkg-dir@4.2.0 08
pkg-dir:5.0.0pkg:npm/pkg-dir@5.0.0 08
please-upgrade-node:3.2.0pkg:npm/please-upgrade-node@3.2.0 08
poi-4.1.2.jarcpe:2.3:a:apache:poi:4.1.2:*:*:*:*:*:*:*pkg:maven/org.apache.poi/poi@4.1.2MEDIUM1Highest29
popper.js:1.16.1pkg:npm/popper.js@1.16.1 08
postcss-less:6.0.0pkg:npm/postcss-less@6.0.0 08
postcss-media-query-parser:0.2.3pkg:npm/postcss-media-query-parser@0.2.3 08
postcss-resolve-nested-selector:0.1.1pkg:npm/postcss-resolve-nested-selector@0.1.1 06
postcss-safe-parser:6.0.0pkg:npm/postcss-safe-parser@6.0.0 06
postcss-selector-parser:6.0.13pkg:npm/postcss-selector-parser@6.0.13 05
postcss-value-parser:4.2.0pkg:npm/postcss-value-parser@4.2.0 08
postcss:8.4.24cpe:2.3:a:postcss:postcss:8.4.24:*:*:*:*:*:*:*pkg:npm/postcss@8.4.24MEDIUM1Highest8
postgresql-42.6.0.jarcpe:2.3:a:postgresql:postgresql_jdbc_driver:42.6.0:*:*:*:*:*:*:*pkg:maven/org.postgresql/postgresql@42.6.0CRITICAL1Low68
preact:10.15.1pkg:npm/preact@10.15.1 07
preferred-pm:3.0.3pkg:npm/preferred-pm@3.0.3 010
preflight-2.0.23.jarcpe:2.3:a:apache:pdfbox:2.0.23:*:*:*:*:*:*:*pkg:maven/org.apache.pdfbox/preflight@2.0.23MEDIUM2Highest33
prelude-ls:1.2.1pkg:npm/prelude-ls@1.2.1 08
prepend-http:2.0.0pkg:npm/prepend-http@2.0.0 08
proc-log:3.0.0pkg:npm/proc-log@3.0.0 06
process-nextick-args:2.0.1pkg:npm/process-nextick-args@2.0.1 08
progress:2.0.3pkg:npm/progress@2.0.3 06
promise-inflight:1.0.1pkg:npm/promise-inflight@1.0.1 08
promise-retry:2.0.1pkg:npm/promise-retry@2.0.1 07
prompts-ncu:3.0.0pkg:npm/prompts-ncu@3.0.0 08
proto-list:1.2.4pkg:npm/proto-list@1.2.4 06
protobuf-java-3.17.3.jarcpe:2.3:a:google:protobuf-java:3.17.3:*:*:*:*:*:*:*
cpe:2.3:a:protobuf:protobuf:3.17.3:*:*:*:*:*:*:*		pkg:maven/com.google.protobuf/protobuf-java@3.17.3HIGH3Highest25
protobuf-java-util-3.17.3.jarcpe:2.3:a:google:protobuf-java:3.17.3:*:*:*:*:*:*:*
cpe:2.3:a:protobuf:protobuf:3.17.3:*:*:*:*:*:*:*		pkg:maven/com.google.protobuf/protobuf-java-util@3.17.3HIGH1Highest27
proton-j-0.33.8.jarcpe:2.3:a:apache:qpid:0.33.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:qpid_proton:0.33.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:qpid_proton-j:0.33.8:*:*:*:*:*:*:*
cpe:2.3:a:proton_project:proton:0.33.8:*:*:*:*:*:*:*		pkg:maven/org.apache.qpid/proton-j@0.33.8 0Highest30
pseudomap:1.0.2pkg:npm/pseudomap@1.0.2 08
pump:3.0.0pkg:npm/pump@3.0.0 06
punycode:2.3.0pkg:npm/punycode@2.3.0 09
pupa:2.1.1pkg:npm/pupa@2.1.1 09
qpid-jms-client-1.1.0.jarcpe:2.3:a:apache:qpid:1.1.0:*:*:*:*:*:*:*pkg:maven/org.apache.qpid/qpid-jms-client@1.1.0 0Highest25
quartz-2.3.2.jarcpe:2.3:a:softwareag:quartz:2.3.2:*:*:*:*:*:*:*pkg:maven/org.quartz-scheduler/quartz@2.3.2CRITICAL1Highest33
query-ast:1.0.5pkg:npm/query-ast@1.0.5 07
queue-microtask:1.2.3pkg:npm/queue-microtask@1.2.3 010
quick-lru:4.0.1pkg:npm/quick-lru@4.0.1 08
quick-lru:5.1.1pkg:npm/quick-lru@5.1.1 08
rc-config-loader:4.1.3pkg:npm/rc-config-loader@4.1.3 08
rc:1.2.8pkg:npm/rc@1.2.8 06
read-package-json-fast:3.0.2pkg:npm/read-package-json-fast@3.0.2 06
read-package-json:6.0.4pkg:npm/read-package-json@6.0.4 06
read-pkg-up:7.0.1pkg:npm/read-pkg-up@7.0.1 08
read-pkg:5.2.0pkg:npm/read-pkg@5.2.0 08
readable-stream:1.1.14pkg:npm/readable-stream@1.1.14 06
readable-stream:2.3.8pkg:npm/readable-stream@2.3.8 05
readable-stream:3.6.2pkg:npm/readable-stream@3.6.2 05
readdirp:3.6.0pkg:npm/readdirp@3.6.0 08
redent:3.0.0pkg:npm/redent@3.0.0 08
regenerate-unicode-properties:10.1.0pkg:npm/regenerate-unicode-properties@10.1.0 09
regenerate:1.4.2pkg:npm/regenerate@1.4.2 09
regenerator-runtime:0.14.0pkg:npm/regenerator-runtime@0.14.0 06
regenerator-transform:0.15.2pkg:npm/regenerator-transform@0.15.2 06
regexp.prototype.flags:1.5.0pkg:npm/regexp.prototype.flags@1.5.0 06
regexpu-core:5.3.2pkg:npm/regexpu-core@5.3.2 09
registry-auth-token:4.2.2pkg:npm/registry-auth-token@4.2.2 08
registry-auth-token:5.0.2pkg:npm/registry-auth-token@5.0.2 08
registry-url:5.1.0pkg:npm/registry-url@5.1.0 08
registry-url:6.0.1pkg:npm/registry-url@6.0.1 08
regjsparser:0.9.1pkg:npm/regjsparser@0.9.1 06
relaxng-datatype-2.3.4.jarpkg:maven/com.sun.xml.bind.external/relaxng-datatype@2.3.4 034
remote-git-tags:3.0.0pkg:npm/remote-git-tags@3.0.0 08
require-directory:2.1.1pkg:npm/require-directory@2.1.1 08
require-from-string:2.0.2pkg:npm/require-from-string@2.0.2 08
require-package-name:2.0.1pkg:npm/require-package-name@2.0.1 010
requizzle:0.2.4pkg:npm/requizzle@0.2.4 08
resolve-alpn:1.2.1pkg:npm/resolve-alpn@1.2.1 08
resolve-from:4.0.0pkg:npm/resolve-from@4.0.0 08
resolve-from:5.0.0pkg:npm/resolve-from@5.0.0 08
resolve:1.22.2pkg:npm/resolve@1.22.2 08
responselike:1.0.2pkg:npm/responselike@1.0.2 06
responselike:3.0.0pkg:npm/responselike@3.0.0 06
restore-cursor:3.1.0pkg:npm/restore-cursor@3.1.0 08
retry:0.12.0pkg:npm/retry@0.12.0 07
reusify:1.0.4pkg:npm/reusify@1.0.4 08
rhino-1.7.13.jarpkg:maven/org.mozilla/rhino@1.7.13 031
rhino-1.7.13.jar: test.js 00
rhino-js-engine-1.7.10.jarpkg:maven/cat.inspiracio/rhino-js-engine@1.7.10 032
rhino-js-engine-1.7.10.jar: toplevel.js 00
rimraf:3.0.2pkg:npm/rimraf@3.0.2 06
rimraf:5.0.5pkg:npm/rimraf@5.0.5 06
rngom-2.3.4.jarpkg:maven/com.sun.xml.bind.external/rngom@2.3.4 036
rrule:2.8.1pkg:npm/rrule@2.8.1 07
run-async:2.4.1pkg:npm/run-async@2.4.1 06
run-parallel:1.2.0pkg:npm/run-parallel@1.2.0 010
rxjs:6.6.7pkg:npm/rxjs@6.6.7 08
safe-array-concat:1.0.0pkg:npm/safe-array-concat@1.0.0 08
safe-buffer:5.2.1pkg:npm/safe-buffer@5.2.1 010
safe-regex-test:1.0.0pkg:npm/safe-regex-test@1.0.0 08
safer-buffer:2.1.2pkg:npm/safer-buffer@2.1.2 09
sass:1.63.6pkg:npm/sass@1.63.6 010
scss-parser:1.0.6pkg:npm/scss-parser@1.0.6 06
select2-theme-bootstrap4:1.0.0pkg:npm/select2-theme-bootstrap4@1.0.0 08
select2:4.0.13cpe:2.3:a:select2:select2:4.0.13:*:*:*:*:*:*:*pkg:npm/select2@4.0.13 0Highest9
semver-compare:1.0.0pkg:npm/semver-compare@1.0.0 09
semver-diff:3.1.1pkg:npm/semver-diff@3.1.1 08
semver-utils:1.1.4pkg:npm/semver-utils@1.1.4 07
semver:5.7.1pkg:npm/semver@5.7.1HIGH15
semver:6.3.1pkg:npm/semver@6.3.1 06
semver:7.5.4pkg:npm/semver@7.5.4 06
sentence-case:3.0.4pkg:npm/sentence-case@3.0.4 010
serializer-2.7.2.jarcpe:2.3:a:apache:xalan-java:2.7.2:*:*:*:*:*:*:*pkg:maven/xalan/serializer@2.7.2HIGH1Low32
set-blocking:2.0.0pkg:npm/set-blocking@2.0.0 08
set-immediate-shim:1.0.1pkg:npm/set-immediate-shim@1.0.1 08
shallow-clone:3.0.1pkg:npm/shallow-clone@3.0.1 08
shebang-command:2.0.0pkg:npm/shebang-command@2.0.0 08
shebang-regex:3.0.0pkg:npm/shebang-regex@3.0.0 08
shelljs:0.3.0cpe:2.3:a:shelljs_project:shelljs:0.3.0:*:*:*:*:*:*:*pkg:npm/shelljs@0.3.0HIGH1Highest7
side-channel:1.0.4pkg:npm/side-channel@1.0.4 08
sigmund:1.0.1pkg:npm/sigmund@1.0.1 06
signal-exit:3.0.7pkg:npm/signal-exit@3.0.7 08
signal-exit:4.0.2pkg:npm/signal-exit@4.0.2 06
signature_pad:2.3.2pkg:npm/signature_pad@2.3.2 09
sigstore:1.8.0pkg:npm/sigstore@1.8.0 08
simplicite-bootstrap-datetimepicker:1.0.6pkg:npm/simplicite-bootstrap-datetimepicker@1.0.6 07
simplicite:3.0.1pkg:npm/simplicite@3.0.1 08
sisteransi:1.0.5pkg:npm/sisteransi@1.0.5 08
slash:2.0.0pkg:npm/slash@2.0.0 08
slash:3.0.0pkg:npm/slash@3.0.0 08
slf4j-api-1.7.32.jarpkg:maven/org.slf4j/slf4j-api@1.7.32 027
slice-ansi:4.0.0pkg:npm/slice-ansi@4.0.0 05
smart-buffer:4.2.0pkg:npm/smart-buffer@4.2.0 08
snakeyaml-1.29.jarcpe:2.3:a:snakeyaml_project:snakeyaml:1.29:*:*:*:*:*:*:*pkg:maven/org.yaml/snakeyaml@1.29CRITICAL7Highest44
snappy-java-1.1.8.4.jarcpe:2.3:a:xerial:snappy-java:1.1.8.4:*:*:*:*:*:*:*pkg:maven/org.xerial.snappy/snappy-java@1.1.8.4HIGH4Highest49
snappy-java-1.1.8.4.jar: snappyjava.dll 02
snappy-java-1.1.8.4.jar: snappyjava.dll 02
socks-proxy-agent:7.0.0pkg:npm/socks-proxy-agent@7.0.0 010
socks:2.7.1pkg:npm/socks@2.7.1 08
source-map-js:1.0.2pkg:npm/source-map-js@1.0.2 07
source-map-support:0.5.21pkg:npm/source-map-support@0.5.21 06
source-map:0.6.1pkg:npm/source-map@0.6.1 07
spawn-please:2.0.2pkg:npm/spawn-please@2.0.2 07
spdx-correct:3.2.0pkg:npm/spdx-correct@3.2.0 05
spdx-exceptions:2.3.0pkg:npm/spdx-exceptions@2.3.0 06
spdx-expression-parse:3.0.1pkg:npm/spdx-expression-parse@3.0.1 06
spdx-expression-parse:4.0.0pkg:npm/spdx-expression-parse@4.0.0 06
spdx-license-ids:3.0.13pkg:npm/spdx-license-ids@3.0.13 06
spectrum-colorpicker:1.8.1pkg:npm/spectrum-colorpicker@1.8.1 09
split-text-to-chunks:1.0.0pkg:npm/split-text-to-chunks@1.0.0 05
sprintf-js:1.0.3pkg:npm/sprintf-js@1.0.3 06
sshd-osgi-2.8.0.jarcpe:2.3:a:apache:sshd:2.8.0:*:*:*:*:*:*:*pkg:maven/org.apache.sshd/sshd-osgi@2.8.0CRITICAL3Highest36
ssri:10.0.4cpe:2.3:a:ssri_project:ssri:10.0.4:*:*:*:*:*:*:*pkg:npm/ssri@10.0.4 0Highest6
stackframe:1.3.4pkg:npm/stackframe@1.3.4 07
stax2-api-4.2.jarpkg:maven/org.codehaus.woodstox/stax2-api@4.2 051
string-width:4.2.3pkg:npm/string-width@4.2.3 09
string.prototype.trim:1.2.7pkg:npm/string.prototype.trim@1.2.7 08
string.prototype.trimend:1.0.6pkg:npm/string.prototype.trimend@1.0.6 06
string.prototype.trimstart:1.0.6pkg:npm/string.prototype.trimstart@1.0.6 06
string_decoder:0.10.31pkg:npm/string_decoder@0.10.31 06
string_decoder:1.1.1pkg:npm/string_decoder@1.1.1 06
string_decoder:1.3.0pkg:npm/string_decoder@1.3.0 06
strip-ansi:6.0.1pkg:npm/strip-ansi@6.0.1 09
strip-bom:3.0.0pkg:npm/strip-bom@3.0.0 08
strip-final-newline:2.0.0pkg:npm/strip-final-newline@2.0.0 08
strip-indent:3.0.0pkg:npm/strip-indent@3.0.0 08
strip-json-comments:1.0.4pkg:npm/strip-json-comments@1.0.4 08
strip-json-comments:2.0.1pkg:npm/strip-json-comments@2.0.1 08
strip-json-comments:3.1.1pkg:npm/strip-json-comments@3.1.1 08
strip-json-comments:5.0.1pkg:npm/strip-json-comments@5.0.1 08
style-search:0.1.0pkg:npm/style-search@0.1.0 08
stylelint-config-recommended:9.0.0pkg:npm/stylelint-config-recommended@9.0.0 06
stylelint-config-standard:29.0.0pkg:npm/stylelint-config-standard@29.0.0 06
stylelint:14.16.1pkg:npm/stylelint@14.16.1 07
supports-color:5.5.0pkg:npm/supports-color@5.5.0 08
supports-color:7.2.0pkg:npm/supports-color@7.2.0 08
supports-hyperlinks:2.3.0pkg:npm/supports-hyperlinks@2.3.0 08
supports-preserve-symlinks-flag:1.0.0pkg:npm/supports-preserve-symlinks-flag@1.0.0 08
svg-tags:1.0.0pkg:npm/svg-tags@1.0.0 08
swagger-ui-dist:4.15.5pkg:npm/swagger-ui-dist@4.15.5 04
table:6.8.1pkg:npm/table@6.8.1 08
tablemark:3.0.0pkg:npm/tablemark@3.0.0 08
tar:6.1.15cpe:2.3:a:tar_project:tar:6.1.15:*:*:*:*:*:*:*pkg:npm/tar@6.1.15MEDIUM1Highest6
term-size:2.2.1pkg:npm/term-size@2.2.1 08
terminal-link:2.1.1pkg:npm/terminal-link@2.1.1 08
text-table:0.2.0pkg:npm/text-table@0.2.0 09
threeten-extra-1.7.0.jarpkg:maven/org.threeten/threeten-extra@1.7.0 039
threetenbp-1.5.1.jarpkg:maven/org.threeten/threetenbp@1.5.1 041
throat:6.0.2pkg:npm/throat@6.0.2 06
through:2.3.8pkg:npm/through@2.3.8 07
tinymce-i18n:20.12.25pkg:npm/tinymce-i18n@20.12.25 06
tinymce:5.9.2cpe:2.3:a:tiny:tinymce:5.9.2:*:*:*:*:*:*:*
cpe:2.3:a:tinymce:tinymce:5.9.2:*:*:*:*:*:*:*		pkg:npm/tinymce@5.9.2MEDIUM14Highest8
tmp:0.0.33pkg:npm/tmp@0.0.33 08
to-fast-properties:2.0.0pkg:npm/to-fast-properties@2.0.0 08
to-readable-stream:1.0.0pkg:npm/to-readable-stream@1.0.0 08
to-regex-range:5.0.1pkg:npm/to-regex-range@5.0.1 08
totp-1.7.1.jarcpe:2.3:a:time_project:time:1.7.1:*:*:*:*:*:*:*pkg:maven/dev.samstevens.totp/totp@1.7.1 0Low26
trim-newlines:3.0.1cpe:2.3:a:trim-newlines_project:trim-newlines:3.0.1:*:*:*:*:*:*:*pkg:npm/trim-newlines@3.0.1 0Highest8
tslib:1.14.1pkg:npm/tslib@1.14.1 08
tslib:2.6.0pkg:npm/tslib@2.6.0 08
tuf-js:1.1.7pkg:npm/tuf-js@1.1.7 08
txw2-2.3.4.jarcpe:2.3:a:eclipse:glassfish:2.3.4:*:*:*:*:*:*:*pkg:maven/org.glassfish.jaxb/txw2@2.3.4 0High33
type-check:0.4.0pkg:npm/type-check@0.4.0 08
type-fest:0.18.1pkg:npm/type-fest@0.18.1 08
type-fest:0.20.2pkg:npm/type-fest@0.20.2 08
type-fest:0.21.3pkg:npm/type-fest@0.21.3 08
type-fest:0.6.0pkg:npm/type-fest@0.6.0 08
type-fest:0.8.1pkg:npm/type-fest@0.8.1 08
type-fest:1.4.0pkg:npm/type-fest@1.4.0 08
type-fest:2.19.0pkg:npm/type-fest@2.19.0 08
typed-array-length:1.0.4pkg:npm/typed-array-length@1.0.4 08
typedarray-to-buffer:3.1.5pkg:npm/typedarray-to-buffer@3.1.5 010
uc.micro:1.0.6pkg:npm/uc.micro@1.0.6 05
uglify-js:3.17.4cpe:2.3:a:uglifyjs_project:uglifyjs:3.17.4:*:*:*:*:*:*:*pkg:npm/uglify-js@3.17.4 0Low6
unbox-primitive:1.0.2pkg:npm/unbox-primitive@1.0.2 08
underscore:1.13.6cpe:2.3:a:underscorejs:underscore:1.13.6:*:*:*:*:*:*:*pkg:npm/underscore@1.13.6 0Highest7
unicode-canonical-property-names-ecmascript:2.0.0pkg:npm/unicode-canonical-property-names-ecmascript@2.0.0 09
unicode-match-property-ecmascript:2.0.0pkg:npm/unicode-match-property-ecmascript@2.0.0 09
unicode-match-property-value-ecmascript:2.1.0pkg:npm/unicode-match-property-value-ecmascript@2.1.0 09
unicode-property-aliases-ecmascript:2.1.0pkg:npm/unicode-property-aliases-ecmascript@2.1.0 09
unique-filename:3.0.0pkg:npm/unique-filename@3.0.0 08
unique-slug:4.0.0pkg:npm/unique-slug@4.0.0 06
unique-string:2.0.0pkg:npm/unique-string@2.0.0 08
unique-string:3.0.0pkg:npm/unique-string@3.0.0 08
unirest-java-3.14.2.jarpkg:maven/com.konghq/unirest-java@3.14.2 018
universalify:0.1.2pkg:npm/universalify@0.1.2 08
untildify:4.0.0pkg:npm/untildify@4.0.0 08
update-browserslist-db:1.0.13pkg:npm/update-browserslist-db@1.0.13 06
update-notifier:4.1.3pkg:npm/update-notifier@4.1.3 08
update-notifier:5.1.0pkg:npm/update-notifier@5.1.0 08
update-notifier:6.0.2pkg:npm/update-notifier@6.0.2 08
upper-case-first:2.0.2pkg:npm/upper-case-first@2.0.2 010
uri-js:4.4.1cpe:2.3:a:garycourt:uri-js:4.4.1:*:*:*:*:*:*:*
cpe:2.3:a:uri.js_project:uri.js:4.4.1:*:*:*:*:*:*:*		pkg:npm/uri-js@4.4.1 0Highest8
url-parse-lax:3.0.0pkg:npm/url-parse-lax@3.0.0 08
util-deprecate:1.0.2pkg:npm/util-deprecate@1.0.2 08
v8-compile-cache:2.3.0pkg:npm/v8-compile-cache@2.3.0 06
v8flags:3.2.0pkg:npm/v8flags@3.2.0 06
validate-npm-package-license:3.0.4pkg:npm/validate-npm-package-license@3.0.4 06
validate-npm-package-name:5.0.0pkg:npm/validate-npm-package-name@5.0.0 08
visit-values:2.0.0pkg:npm/visit-values@2.0.0 08
vue:2.6.14pkg:npm/vue@2.6.14 08
wcwidth:1.0.1pkg:npm/wcwidth@1.0.1 08
which-boxed-primitive:1.0.2pkg:npm/which-boxed-primitive@1.0.2 08
which-pm:2.0.0pkg:npm/which-pm@2.0.0 07
which-typed-array:1.1.9pkg:npm/which-typed-array@1.1.9 08
which:1.3.1pkg:npm/which@1.3.1 06
which:2.0.2pkg:npm/which@2.0.2 06
which:3.0.1pkg:npm/which@3.0.1 06
wide-align:1.1.5pkg:npm/wide-align@1.1.5 06
widest-line:3.1.0pkg:npm/widest-line@3.1.0 08
widest-line:4.0.1pkg:npm/widest-line@4.0.1 08
woodstox-core-6.2.4.jar (shaded: com.sun.xml.bind.jaxb:isorelax:20090621)pkg:maven/com.sun.xml.bind.jaxb/isorelax@20090621 012
woodstox-core-6.2.4.jar (shaded: net.java.dev.msv:xsdlib:2013.6.1)cpe:2.3:a:xml_library_project:xml_library:2013.6.1:*:*:*:*:*:*:*pkg:maven/net.java.dev.msv/xsdlib@2013.6.1 0Low9
woodstox-core-6.2.4.jarcpe:2.3:a:fasterxml:woodstox:6.2.4:*:*:*:*:*:*:*pkg:maven/com.fasterxml.woodstox/woodstox-core@6.2.4HIGH1Highest46
wordwrap:1.0.0pkg:npm/wordwrap@1.0.0 08
wrap-ansi:7.0.0pkg:npm/wrap-ansi@7.0.0 08
wrap-ansi:8.1.0pkg:npm/wrap-ansi@8.1.0 08
wrappy:1.0.2pkg:npm/wrappy@1.0.2 08
write-file-atomic:3.0.3pkg:npm/write-file-atomic@3.0.3 08
write-file-atomic:4.0.2pkg:npm/write-file-atomic@4.0.2 09
xalan-2.7.2.jarcpe:2.3:a:apache:xalan-java:2.7.2:*:*:*:*:*:*:*pkg:maven/xalan/xalan@2.7.2HIGH1Low66
xdg-basedir:4.0.0pkg:npm/xdg-basedir@4.0.0 08
xdg-basedir:5.1.0pkg:npm/xdg-basedir@5.1.0 08
xercesImpl-2.12.2.jarcpe:2.3:a:apache:xerces-j:2.12.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:xerces2_java:2.12.2:*:*:*:*:*:*:*		pkg:maven/xerces/xercesImpl@2.12.2MEDIUM1Low84
xmlbeans-3.1.0.jarcpe:2.3:a:apache:xmlbeans:3.1.0:*:*:*:*:*:*:*pkg:maven/org.apache.xmlbeans/xmlbeans@3.1.0 0Highest58
xmlcreate:2.0.4pkg:npm/xmlcreate@2.0.4 07
xmlsec-2.2.3.jarcpe:2.3:a:apache:santuario_xml_security_for_java:2.2.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:xml_security_for_java:2.2.3:*:*:*:*:*:*:*		pkg:maven/org.apache.santuario/xmlsec@2.2.3MEDIUM1Low48
xmpbox-2.0.23.jarcpe:2.3:a:apache:pdfbox:2.0.23:*:*:*:*:*:*:*pkg:maven/org.apache.pdfbox/xmpbox@2.0.23MEDIUM2Highest31
xsom-2.3.4.jarcpe:2.3:a:eclipse:glassfish:2.3.4:*:*:*:*:*:*:*pkg:maven/org.glassfish.jaxb/xsom@2.3.4 0High34
xtend:4.0.2pkg:npm/xtend@4.0.2 09
xterm-js:4.9.0cpe:2.3:a:xtermjs:xterm.js:4.9.0:*:*:*:*:*:*:*pkg:npm/xterm-js@4.9.0HIGH1Highest5
y18n:5.0.8cpe:2.3:a:y18n_project:y18n:5.0.8:*:*:*:*:*:*:*pkg:npm/y18n@5.0.8 0Highest8
yallist:2.1.2pkg:npm/yallist@2.1.2 06
yallist:3.1.1pkg:npm/yallist@3.1.1 06
yallist:4.0.0pkg:npm/yallist@4.0.0 06
yaml:1.10.2cpe:2.3:a:yaml_project:yaml:1.10.2:*:*:*:*:*:*:*pkg:npm/yaml@1.10.2 0Highest7
yargs-parser:20.2.9cpe:2.3:a:yargs:yargs-parser:20.2.9:*:*:*:*:*:*:*pkg:npm/yargs-parser@20.2.9 0Highest6
yargs:16.2.0pkg:npm/yargs@16.2.0 06
yocto-queue:0.1.0pkg:npm/yocto-queue@0.1.0 08
zstd-jni-1.5.2-1.jarpkg:maven/com.github.luben/zstd-jni@1.5.2-1 043
zstd-jni-1.5.2-1.jar: libzstd-jni-1.5.2-1.dll 04
zstd-jni-1.5.2-1.jar: libzstd-jni-1.5.2-1.dll 04

* indicates the dependency has a known exploited vulnerability

Dependencies

@aashutoshrathi/word-wrap:1.2.6

Description:

Wrap words to a specified length.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?optionator:0.9.3/@aashutoshrathi/word-wrap:^1.2.3

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/optionator:0.9.3
  • simplicite-js:5.2.54

Identifiers

@ampproject/remapping:2.2.1

Description:

Remap sequential sourcemaps through transformations to point at the original source code

License:

Apache-2.0
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@babel/core:7.23.9/@ampproject/remapping:^2.2.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/core:7.23.9
  • simplicite-js:5.2.54

Identifiers

@babel/cli:7.23.9

Description:

Babel command line.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/@babel/cli:7.23.9

Referenced In Project/Scope: simplicite-js:5.2.54

Identifiers

@babel/code-frame:7.23.5

Description:

Generate errors that contain a code frame that point to source locations.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?parse-json:5.2.0/@babel/code-frame:^7.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/traverse:7.23.9
  • simplicite-js:5.2.54/@babel/template:7.23.9
  • simplicite-js:5.2.54/@babel/core:7.23.9
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/parse-json:5.2.0

Identifiers

@babel/compat-data:7.23.5

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?babel-plugin-polyfill-corejs2:0.4.8/@babel/compat-data:^7.22.6

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/helper-compilation-targets:7.23.6
  • simplicite-js:5.2.54/babel-plugin-polyfill-corejs2:0.4.8
  • simplicite-js:5.2.54/@babel/plugin-transform-object-rest-spread:7.23.4
  • simplicite-js:5.2.54/@babel/preset-env:7.23.9
  • simplicite-js:5.2.54

Identifiers

@babel/core:7.23.9

Description:

Babel compiler core.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/@babel/core:7.23.9

Referenced In Project/Scope: simplicite-js:5.2.54

Identifiers

@babel/generator:7.23.6

Description:

Turns an AST into code.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@babel/traverse:7.23.9/@babel/generator:^7.23.6

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/traverse:7.23.9
  • simplicite-js:5.2.54/@babel/core:7.23.9
  • simplicite-js:5.2.54

Identifiers

@babel/helper-annotate-as-pure:7.22.5

Description:

Helper function to annotate paths and nodes with #__PURE__ comment

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@babel/plugin-transform-private-property-in-object:7.23.4/@babel/helper-annotate-as-pure:^7.22.5

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/plugin-transform-classes:7.23.8
  • simplicite-js:5.2.54/@babel/helper-create-regexp-features-plugin:7.22.15
  • simplicite-js:5.2.54/@babel/helper-create-class-features-plugin:7.23.10
  • simplicite-js:5.2.54/@babel/helper-remap-async-to-generator:7.22.20
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/@babel/plugin-transform-private-property-in-object:7.23.4

Identifiers

@babel/helper-builder-binary-assignment-operator-visitor:7.22.15

Description:

Helper function to build binary assignment operator visitors

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@babel/plugin-transform-exponentiation-operator:7.23.3/@babel/helper-builder-binary-assignment-operator-visitor:^7.22.15

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/plugin-transform-exponentiation-operator:7.23.3
  • simplicite-js:5.2.54

Identifiers

@babel/helper-compilation-targets:7.23.6

Description:

Helper functions on Babel compilation targets

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@babel/preset-env:7.23.9/@babel/helper-compilation-targets:^7.23.6

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/plugin-transform-function-name:7.23.3
  • simplicite-js:5.2.54/@babel/plugin-transform-classes:7.23.8
  • simplicite-js:5.2.54/@babel/plugin-transform-object-rest-spread:7.23.4
  • simplicite-js:5.2.54/@babel/preset-env:7.23.9
  • simplicite-js:5.2.54/@babel/helper-define-polyfill-provider:0.5.0
  • simplicite-js:5.2.54/@babel/core:7.23.9
  • simplicite-js:5.2.54

Identifiers

@babel/helper-create-class-features-plugin:7.23.10

Description:

Compile class public and private fields, private methods and decorators to ES6

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@babel/plugin-transform-private-property-in-object:7.23.4/@babel/helper-create-class-features-plugin:^7.22.15

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/plugin-transform-class-static-block:7.23.4
  • simplicite-js:5.2.54/@babel/plugin-transform-private-methods:7.23.3
  • simplicite-js:5.2.54/@babel/plugin-transform-class-properties:7.23.3
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/@babel/plugin-transform-private-property-in-object:7.23.4

Identifiers

@babel/helper-create-regexp-features-plugin:7.22.15

Description:

Compile ESNext Regular Expressions to ES5

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@babel/plugin-transform-unicode-sets-regex:7.23.3/@babel/helper-create-regexp-features-plugin:^7.22.15

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/plugin-transform-unicode-regex:7.23.3
  • simplicite-js:5.2.54/@babel/plugin-transform-unicode-property-regex:7.23.3
  • simplicite-js:5.2.54/@babel/plugin-transform-dotall-regex:7.23.3
  • simplicite-js:5.2.54/@babel/plugin-transform-named-capturing-groups-regex:7.22.5
  • simplicite-js:5.2.54/@babel/plugin-transform-unicode-sets-regex:7.23.3
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/@babel/plugin-syntax-unicode-sets-regex:7.18.6

Identifiers

@babel/helper-define-polyfill-provider:0.5.0

Description:

Babel helper to create your own polyfill provider

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?babel-plugin-polyfill-regenerator:0.5.5/@babel/helper-define-polyfill-provider:^0.5.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/babel-plugin-polyfill-regenerator:0.5.5
  • simplicite-js:5.2.54/babel-plugin-polyfill-corejs2:0.4.8
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/babel-plugin-polyfill-corejs3:0.9.0

Identifiers

@babel/helper-environment-visitor:7.22.20

Description:

Helper visitor to only visit nodes in the current 'this' context

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@babel/traverse:7.23.9/@babel/helper-environment-visitor:^7.22.20

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/plugin-transform-classes:7.23.8
  • simplicite-js:5.2.54/@babel/traverse:7.23.9
  • simplicite-js:5.2.54/@babel/helper-create-class-features-plugin:7.23.10
  • simplicite-js:5.2.54/@babel/helper-replace-supers:7.22.20
  • simplicite-js:5.2.54/@babel/helper-module-transforms:7.23.3
  • simplicite-js:5.2.54/@babel/plugin-transform-async-generator-functions:7.23.9
  • simplicite-js:5.2.54/@babel/helper-remap-async-to-generator:7.22.20
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/@babel/plugin-bugfix-v8-static-class-fields-redefine-readonly:7.23.7

Identifiers

@babel/helper-function-name:7.23.0

Description:

Helper function to change the property 'name' of every function

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@babel/traverse:7.23.9/@babel/helper-function-name:^7.23.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/plugin-transform-function-name:7.23.3
  • simplicite-js:5.2.54/@babel/plugin-transform-classes:7.23.8
  • simplicite-js:5.2.54/@babel/helper-wrap-function:7.22.20
  • simplicite-js:5.2.54/@babel/traverse:7.23.9
  • simplicite-js:5.2.54/@babel/helper-create-class-features-plugin:7.23.10
  • simplicite-js:5.2.54

Identifiers

@babel/helper-hoist-variables:7.22.5

Description:

Helper function to hoist variables

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@babel/traverse:7.23.9/@babel/helper-hoist-variables:^7.22.5

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/plugin-transform-modules-systemjs:7.23.9
  • simplicite-js:5.2.54/@babel/traverse:7.23.9
  • simplicite-js:5.2.54

Identifiers

@babel/helper-member-expression-to-functions:7.23.0

Description:

Helper function to replace certain member expressions with function calls

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@babel/helper-replace-supers:7.22.20/@babel/helper-member-expression-to-functions:^7.22.15

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/helper-create-class-features-plugin:7.23.10
  • simplicite-js:5.2.54/@babel/helper-replace-supers:7.22.20
  • simplicite-js:5.2.54

Identifiers

@babel/helper-module-imports:7.22.15

Description:

Babel helper functions for inserting module loads

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@babel/plugin-transform-async-to-generator:7.23.3/@babel/helper-module-imports:^7.22.15

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/plugin-transform-async-to-generator:7.23.3
  • simplicite-js:5.2.54/@babel/helper-module-transforms:7.23.3
  • simplicite-js:5.2.54

Identifiers

@babel/helper-module-transforms:7.23.3

Description:

Babel helper functions for implementing ES6 module transformations

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@babel/plugin-transform-modules-umd:7.23.3/@babel/helper-module-transforms:^7.23.3

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/plugin-transform-modules-systemjs:7.23.9
  • simplicite-js:5.2.54/@babel/plugin-transform-modules-amd:7.23.3
  • simplicite-js:5.2.54/@babel/plugin-transform-modules-commonjs:7.23.3
  • simplicite-js:5.2.54/@babel/plugin-transform-modules-umd:7.23.3
  • simplicite-js:5.2.54/@babel/core:7.23.9
  • simplicite-js:5.2.54

Identifiers

@babel/helper-optimise-call-expression:7.22.5

Description:

Helper function to optimise call expression

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@babel/helper-replace-supers:7.22.20/@babel/helper-optimise-call-expression:^7.22.5

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/helper-create-class-features-plugin:7.23.10
  • simplicite-js:5.2.54/@babel/helper-replace-supers:7.22.20
  • simplicite-js:5.2.54

Identifiers

@babel/helper-plugin-utils:7.22.5

Description:

General utilities for plugins to use

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@babel/preset-modules:0.1.6-no-external-plugins/@babel/helper-plugin-utils:^7.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/plugin-transform-reserved-words:7.23.3
  • simplicite-js:5.2.54/@babel/plugin-syntax-numeric-separator:7.10.4
  • simplicite-js:5.2.54/@babel/plugin-syntax-logical-assignment-operators:7.10.4
  • simplicite-js:5.2.54/@babel/plugin-transform-new-target:7.23.3
  • simplicite-js:5.2.54/@babel/plugin-transform-modules-commonjs:7.23.3
  • simplicite-js:5.2.54/@babel/plugin-transform-block-scoped-functions:7.23.3
  • simplicite-js:5.2.54/@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining:7.23.3
  • simplicite-js:5.2.54/@babel/plugin-syntax-optional-chaining:7.8.3
  • simplicite-js:5.2.54/@babel/plugin-syntax-import-assertions:7.23.3
  • simplicite-js:5.2.54/@babel/plugin-transform-unicode-property-regex:7.23.3
  • simplicite-js:5.2.54/@babel/plugin-transform-destructuring:7.23.3
  • simplicite-js:5.2.54/@babel/plugin-transform-classes:7.23.8
  • simplicite-js:5.2.54/@babel/plugin-syntax-object-rest-spread:7.8.3
  • simplicite-js:5.2.54/@babel/plugin-transform-shorthand-properties:7.23.3
  • simplicite-js:5.2.54/@babel/plugin-transform-logical-assignment-operators:7.23.4
  • simplicite-js:5.2.54/@babel/plugin-transform-dynamic-import:7.23.4
  • simplicite-js:5.2.54/@babel/plugin-syntax-top-level-await:7.14.5
  • simplicite-js:5.2.54/@babel/helper-define-polyfill-provider:0.5.0
  • simplicite-js:5.2.54/@babel/plugin-transform-typeof-symbol:7.23.3
  • simplicite-js:5.2.54/@babel/plugin-syntax-async-generators:7.8.4
  • simplicite-js:5.2.54/@babel/plugin-syntax-optional-catch-binding:7.8.3
  • simplicite-js:5.2.54/@babel/plugin-transform-parameters:7.23.3
  • simplicite-js:5.2.54/@babel/plugin-syntax-class-static-block:7.14.5
  • simplicite-js:5.2.54/@babel/plugin-transform-object-super:7.23.3
  • simplicite-js:5.2.54/@babel/plugin-transform-function-name:7.23.3
  • simplicite-js:5.2.54/@babel/preset-modules:0.1.6-no-external-plugins
  • simplicite-js:5.2.54/@babel/plugin-transform-spread:7.23.3
  • simplicite-js:5.2.54/@babel/plugin-transform-for-of:7.23.6
  • simplicite-js:5.2.54/@babel/plugin-transform-async-to-generator:7.23.3
  • simplicite-js:5.2.54/@babel/plugin-transform-export-namespace-from:7.23.4
  • simplicite-js:5.2.54/@babel/plugin-transform-computed-properties:7.23.3
  • simplicite-js:5.2.54/@babel/plugin-transform-async-generator-functions:7.23.9
  • simplicite-js:5.2.54/@babel/plugin-transform-duplicate-keys:7.23.3
  • simplicite-js:5.2.54/@babel/plugin-syntax-json-strings:7.8.3
  • simplicite-js:5.2.54/@babel/plugin-transform-named-capturing-groups-regex:7.22.5
  • simplicite-js:5.2.54/@babel/plugin-transform-optional-catch-binding:7.23.4
  • simplicite-js:5.2.54/@babel/plugin-transform-modules-amd:7.23.3
  • simplicite-js:5.2.54/@babel/plugin-transform-class-static-block:7.23.4
  • simplicite-js:5.2.54/@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression:7.23.3
  • simplicite-js:5.2.54/@babel/plugin-transform-object-rest-spread:7.23.4
  • simplicite-js:5.2.54/@babel/plugin-transform-literals:7.23.3
  • simplicite-js:5.2.54/@babel/plugin-syntax-import-meta:7.10.4
  • simplicite-js:5.2.54/@babel/plugin-syntax-import-attributes:7.23.3
  • simplicite-js:5.2.54/@babel/plugin-transform-private-property-in-object:7.23.4
  • simplicite-js:5.2.54/@babel/plugin-transform-unicode-regex:7.23.3
  • simplicite-js:5.2.54/@babel/plugin-transform-unicode-escapes:7.23.3
  • simplicite-js:5.2.54/@babel/plugin-transform-regenerator:7.23.3
  • simplicite-js:5.2.54/@babel/plugin-transform-exponentiation-operator:7.23.3
  • simplicite-js:5.2.54/@babel/plugin-transform-json-strings:7.23.4
  • simplicite-js:5.2.54/@babel/plugin-transform-member-expression-literals:7.23.3
  • simplicite-js:5.2.54/@babel/plugin-transform-numeric-separator:7.23.4
  • simplicite-js:5.2.54/@babel/preset-env:7.23.9
  • simplicite-js:5.2.54/@babel/plugin-transform-modules-umd:7.23.3
  • simplicite-js:5.2.54/@babel/plugin-bugfix-v8-static-class-fields-redefine-readonly:7.23.7
  • simplicite-js:5.2.54/@babel/plugin-transform-nullish-coalescing-operator:7.23.4
  • simplicite-js:5.2.54/@babel/plugin-transform-optional-chaining:7.23.4
  • simplicite-js:5.2.54/@babel/plugin-syntax-export-namespace-from:7.8.3
  • simplicite-js:5.2.54/@babel/plugin-syntax-private-property-in-object:7.14.5
  • simplicite-js:5.2.54/@babel/plugin-syntax-nullish-coalescing-operator:7.8.3
  • simplicite-js:5.2.54/@babel/plugin-transform-private-methods:7.23.3
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/@babel/plugin-syntax-unicode-sets-regex:7.18.6
  • simplicite-js:5.2.54/@babel/plugin-transform-template-literals:7.23.3
  • simplicite-js:5.2.54/@babel/plugin-transform-dotall-regex:7.23.3
  • simplicite-js:5.2.54/@babel/plugin-transform-arrow-functions:7.23.3
  • simplicite-js:5.2.54/@babel/plugin-transform-modules-systemjs:7.23.9
  • simplicite-js:5.2.54/@babel/plugin-transform-block-scoping:7.23.4
  • simplicite-js:5.2.54/@babel/plugin-transform-unicode-sets-regex:7.23.3
  • simplicite-js:5.2.54/@babel/plugin-syntax-dynamic-import:7.8.3
  • simplicite-js:5.2.54/@babel/plugin-syntax-class-properties:7.12.13
  • simplicite-js:5.2.54/@babel/plugin-transform-class-properties:7.23.3
  • simplicite-js:5.2.54/@babel/plugin-transform-property-literals:7.23.3
  • simplicite-js:5.2.54/@babel/plugin-transform-sticky-regex:7.23.3

Identifiers

@babel/helper-remap-async-to-generator:7.22.20

Description:

Helper function to remap async functions to generators

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@babel/plugin-transform-async-to-generator:7.23.3/@babel/helper-remap-async-to-generator:^7.22.20

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/plugin-transform-async-to-generator:7.23.3
  • simplicite-js:5.2.54/@babel/plugin-transform-async-generator-functions:7.23.9
  • simplicite-js:5.2.54

Identifiers

@babel/helper-replace-supers:7.22.20

Description:

Helper function to replace supers

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@babel/plugin-transform-object-super:7.23.3/@babel/helper-replace-supers:^7.22.20

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/plugin-transform-object-super:7.23.3
  • simplicite-js:5.2.54/@babel/plugin-transform-classes:7.23.8
  • simplicite-js:5.2.54/@babel/helper-create-class-features-plugin:7.23.10
  • simplicite-js:5.2.54

Identifiers

@babel/helper-simple-access:7.22.5

Description:

Babel helper for ensuring that access to a given value is performed through simple accesses

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@babel/plugin-transform-modules-commonjs:7.23.3/@babel/helper-simple-access:^7.22.5

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/helper-module-transforms:7.23.3
  • simplicite-js:5.2.54/@babel/plugin-transform-modules-commonjs:7.23.3
  • simplicite-js:5.2.54

Identifiers

@babel/helper-skip-transparent-expression-wrappers:7.22.5

Description:

Helper which skips types and parentheses

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@babel/plugin-transform-spread:7.23.3/@babel/helper-skip-transparent-expression-wrappers:^7.22.5

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/plugin-transform-optional-chaining:7.23.4
  • simplicite-js:5.2.54/@babel/plugin-transform-spread:7.23.3
  • simplicite-js:5.2.54/@babel/plugin-transform-for-of:7.23.6
  • simplicite-js:5.2.54/@babel/helper-create-class-features-plugin:7.23.10
  • simplicite-js:5.2.54/@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining:7.23.3
  • simplicite-js:5.2.54

Identifiers

@babel/helper-split-export-declaration:7.22.6

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@babel/traverse:7.23.9/@babel/helper-split-export-declaration:^7.22.6

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/plugin-transform-classes:7.23.8
  • simplicite-js:5.2.54/@babel/traverse:7.23.9
  • simplicite-js:5.2.54/@babel/helper-create-class-features-plugin:7.23.10
  • simplicite-js:5.2.54/@babel/helper-module-transforms:7.23.3
  • simplicite-js:5.2.54

Identifiers

@babel/helper-string-parser:7.23.4

Description:

A utility package to parse strings

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@babel/types:7.23.9/@babel/helper-string-parser:^7.23.4

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/types:7.23.9
  • simplicite-js:5.2.54

Identifiers

@babel/helper-validator-identifier:7.22.20

Description:

Validate identifier/keywords name

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@babel/types:7.23.9/@babel/helper-validator-identifier:^7.22.20

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/plugin-transform-modules-systemjs:7.23.9
  • simplicite-js:5.2.54/@babel/highlight:7.23.4
  • simplicite-js:5.2.54/@babel/helper-module-transforms:7.23.3
  • simplicite-js:5.2.54/@babel/types:7.23.9
  • simplicite-js:5.2.54

Identifiers

@babel/helper-validator-option:7.23.5

Description:

Validate plugin/preset options

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@babel/preset-env:7.23.9/@babel/helper-validator-option:^7.23.5

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/helper-compilation-targets:7.23.6
  • simplicite-js:5.2.54/@babel/preset-env:7.23.9
  • simplicite-js:5.2.54

Identifiers

@babel/helper-wrap-function:7.22.20

Description:

Helper to wrap functions inside a function call.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/@babel/helper-wrap-function:7.22.20

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/@babel/helper-remap-async-to-generator:7.22.20

Identifiers

@babel/helpers:7.23.9

Description:

Collection of helper functions used by Babel transforms.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/@babel/helpers:7.23.9

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/core:7.23.9
  • simplicite-js:5.2.54

Identifiers

@babel/highlight:7.23.4

Description:

Syntax highlight JavaScript strings for output in terminals.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/@babel/highlight:7.23.4

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/@babel/code-frame:7.23.5

Identifiers

@babel/node:7.23.9

Description:

Babel command line

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/@babel/node:7.23.9

Referenced In Project/Scope: simplicite-js:5.2.54

Identifiers

@babel/parser:7.16.4

Description:

A JavaScript parser

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/@babel/parser:7.16.4

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/depcheck:1.4.3

Identifiers

@babel/parser:7.23.9

Description:

A JavaScript parser

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?jsdoc:4.0.2/@babel/parser:^7.20.15

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@vue/compiler-sfc:3.3.4
  • simplicite-js:5.2.54/jsdoc:4.0.2
  • simplicite-js:5.2.54/@vue/compiler-core:3.3.4
  • simplicite-js:5.2.54/@babel/traverse:7.23.9
  • simplicite-js:5.2.54/@vue/reactivity-transform:3.3.4
  • simplicite-js:5.2.54/@babel/template:7.23.9
  • simplicite-js:5.2.54/@babel/core:7.23.9
  • simplicite-js:5.2.54

Identifiers

@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression:7.23.3

Description:

Rename destructuring parameter to workaround https://bugs.webkit.org/show_bug.cgi?id=220517

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@babel/preset-env:7.23.9/@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression:^7.23.3

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/preset-env:7.23.9
  • simplicite-js:5.2.54

Identifiers

@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining:7.23.3

Description:

Transform optional chaining operators to workaround https://crbug.com/v8/11558

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@babel/preset-env:7.23.9/@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining:^7.23.3

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/preset-env:7.23.9
  • simplicite-js:5.2.54

Identifiers

@babel/plugin-bugfix-v8-static-class-fields-redefine-readonly:7.23.7

Description:

Transform static class fields assignments that are affected by https://crbug.com/v8/12421

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@babel/preset-env:7.23.9/@babel/plugin-bugfix-v8-static-class-fields-redefine-readonly:^7.23.7

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/preset-env:7.23.9
  • simplicite-js:5.2.54

Identifiers

@babel/plugin-proposal-private-property-in-object:7.21.0-placeholder-for-preset-env.2

Description:

This plugin transforms checks for a private property in an object

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@babel/preset-env:7.23.9/@babel/plugin-proposal-private-property-in-object:7.21.0-placeholder-for-preset-env.2

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/preset-env:7.23.9
  • simplicite-js:5.2.54

Identifiers

@babel/plugin-syntax-async-generators:7.8.4

Description:

Allow parsing of async generator functions

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@babel/preset-env:7.23.9/@babel/plugin-syntax-async-generators:^7.8.4

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/preset-env:7.23.9
  • simplicite-js:5.2.54/@babel/plugin-transform-async-generator-functions:7.23.9
  • simplicite-js:5.2.54

Identifiers

@babel/plugin-syntax-class-properties:7.12.13

Description:

Allow parsing of class properties

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@babel/preset-env:7.23.9/@babel/plugin-syntax-class-properties:^7.12.13

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/preset-env:7.23.9
  • simplicite-js:5.2.54

Identifiers

@babel/plugin-syntax-class-static-block:7.14.5

Description:

Allow parsing of class static blocks

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@babel/preset-env:7.23.9/@babel/plugin-syntax-class-static-block:^7.14.5

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/plugin-transform-class-static-block:7.23.4
  • simplicite-js:5.2.54/@babel/preset-env:7.23.9
  • simplicite-js:5.2.54

Identifiers

@babel/plugin-syntax-dynamic-import:7.8.3

Description:

Allow parsing of import()

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@babel/preset-env:7.23.9/@babel/plugin-syntax-dynamic-import:^7.8.3

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/plugin-transform-dynamic-import:7.23.4
  • simplicite-js:5.2.54/@babel/preset-env:7.23.9
  • simplicite-js:5.2.54

Identifiers

@babel/plugin-syntax-export-namespace-from:7.8.3

Description:

Allow parsing of export namespace from

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@babel/preset-env:7.23.9/@babel/plugin-syntax-export-namespace-from:^7.8.3

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/plugin-transform-export-namespace-from:7.23.4
  • simplicite-js:5.2.54/@babel/preset-env:7.23.9
  • simplicite-js:5.2.54

Identifiers

@babel/plugin-syntax-import-assertions:7.23.3

Description:

Allow parsing of the module assertion attributes in the import statement

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@babel/preset-env:7.23.9/@babel/plugin-syntax-import-assertions:^7.23.3

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/preset-env:7.23.9
  • simplicite-js:5.2.54

Identifiers

@babel/plugin-syntax-import-attributes:7.23.3

Description:

Allow parsing of the module attributes in the import statement

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@babel/preset-env:7.23.9/@babel/plugin-syntax-import-attributes:^7.23.3

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/preset-env:7.23.9
  • simplicite-js:5.2.54

Identifiers

@babel/plugin-syntax-import-meta:7.10.4

Description:

Allow parsing of import.meta

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@babel/preset-env:7.23.9/@babel/plugin-syntax-import-meta:^7.10.4

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/preset-env:7.23.9
  • simplicite-js:5.2.54

Identifiers

@babel/plugin-syntax-json-strings:7.8.3

Description:

Allow parsing of the U+2028 LINE SEPARATOR and U+2029 PARAGRAPH SEPARATOR in JS strings

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@babel/preset-env:7.23.9/@babel/plugin-syntax-json-strings:^7.8.3

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/preset-env:7.23.9
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/@babel/plugin-transform-json-strings:7.23.4

Identifiers

@babel/plugin-syntax-logical-assignment-operators:7.10.4

Description:

Allow parsing of the logical assignment operators

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@babel/preset-env:7.23.9/@babel/plugin-syntax-logical-assignment-operators:^7.10.4

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/plugin-transform-logical-assignment-operators:7.23.4
  • simplicite-js:5.2.54/@babel/preset-env:7.23.9
  • simplicite-js:5.2.54

Identifiers

@babel/plugin-syntax-nullish-coalescing-operator:7.8.3

Description:

Allow parsing of the nullish-coalescing operator

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@babel/preset-env:7.23.9/@babel/plugin-syntax-nullish-coalescing-operator:^7.8.3

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/plugin-transform-nullish-coalescing-operator:7.23.4
  • simplicite-js:5.2.54/@babel/preset-env:7.23.9
  • simplicite-js:5.2.54

Identifiers

@babel/plugin-syntax-numeric-separator:7.10.4

Description:

Allow parsing of Decimal, Binary, Hex and Octal literals that contain a Numeric Literal Separator

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@babel/preset-env:7.23.9/@babel/plugin-syntax-numeric-separator:^7.10.4

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/plugin-transform-numeric-separator:7.23.4
  • simplicite-js:5.2.54/@babel/preset-env:7.23.9
  • simplicite-js:5.2.54

Identifiers

@babel/plugin-syntax-object-rest-spread:7.8.3

Description:

Allow parsing of object rest/spread

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@babel/preset-env:7.23.9/@babel/plugin-syntax-object-rest-spread:^7.8.3

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/plugin-transform-object-rest-spread:7.23.4
  • simplicite-js:5.2.54/@babel/preset-env:7.23.9
  • simplicite-js:5.2.54

Identifiers

@babel/plugin-syntax-optional-catch-binding:7.8.3

Description:

Allow parsing of optional catch bindings

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@babel/preset-env:7.23.9/@babel/plugin-syntax-optional-catch-binding:^7.8.3

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/plugin-transform-optional-catch-binding:7.23.4
  • simplicite-js:5.2.54/@babel/preset-env:7.23.9
  • simplicite-js:5.2.54

Identifiers

@babel/plugin-syntax-optional-chaining:7.8.3

Description:

Allow parsing of optional properties

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@babel/preset-env:7.23.9/@babel/plugin-syntax-optional-chaining:^7.8.3

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/plugin-transform-optional-chaining:7.23.4
  • simplicite-js:5.2.54/@babel/preset-env:7.23.9
  • simplicite-js:5.2.54

Identifiers

@babel/plugin-syntax-private-property-in-object:7.14.5

Description:

Allow parsing of '#foo in obj' brand checks

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@babel/preset-env:7.23.9/@babel/plugin-syntax-private-property-in-object:^7.14.5

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/preset-env:7.23.9
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/@babel/plugin-transform-private-property-in-object:7.23.4

Identifiers

@babel/plugin-syntax-top-level-await:7.14.5

Description:

Allow parsing of top-level await in modules

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@babel/preset-env:7.23.9/@babel/plugin-syntax-top-level-await:^7.14.5

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/preset-env:7.23.9
  • simplicite-js:5.2.54

Identifiers

@babel/plugin-syntax-unicode-sets-regex:7.18.6

Description:

Parse regular expressions' unicodeSets (v) flag.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@babel/preset-env:7.23.9/@babel/plugin-syntax-unicode-sets-regex:^7.18.6

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/preset-env:7.23.9
  • simplicite-js:5.2.54

Identifiers

@babel/plugin-transform-arrow-functions:7.23.3

Description:

Compile ES2015 arrow functions to ES5

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@babel/preset-env:7.23.9/@babel/plugin-transform-arrow-functions:^7.23.3

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/preset-env:7.23.9
  • simplicite-js:5.2.54

Identifiers

@babel/plugin-transform-async-generator-functions:7.23.9

Description:

Turn async generator functions into ES2015 generators

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@babel/preset-env:7.23.9/@babel/plugin-transform-async-generator-functions:^7.23.9

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/preset-env:7.23.9
  • simplicite-js:5.2.54

Identifiers

@babel/plugin-transform-async-to-generator:7.23.3

Description:

Turn async functions into ES2015 generators

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@babel/preset-env:7.23.9/@babel/plugin-transform-async-to-generator:^7.23.3

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/preset-env:7.23.9
  • simplicite-js:5.2.54

Identifiers

@babel/plugin-transform-block-scoped-functions:7.23.3

Description:

Babel plugin to ensure function declarations at the block level are block scoped

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@babel/preset-env:7.23.9/@babel/plugin-transform-block-scoped-functions:^7.23.3

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/preset-env:7.23.9
  • simplicite-js:5.2.54

Identifiers

@babel/plugin-transform-block-scoping:7.23.4

Description:

Compile ES2015 block scoping (const and let) to ES5

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@babel/preset-env:7.23.9/@babel/plugin-transform-block-scoping:^7.23.4

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/preset-env:7.23.9
  • simplicite-js:5.2.54

Identifiers

@babel/plugin-transform-class-properties:7.23.3

Description:

This plugin transforms static class properties as well as properties declared with the property initializer syntax

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@babel/preset-env:7.23.9/@babel/plugin-transform-class-properties:^7.23.3

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/preset-env:7.23.9
  • simplicite-js:5.2.54

Identifiers

@babel/plugin-transform-class-static-block:7.23.4

Description:

Transform class static blocks

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@babel/preset-env:7.23.9/@babel/plugin-transform-class-static-block:^7.23.4

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/preset-env:7.23.9
  • simplicite-js:5.2.54

Identifiers

@babel/plugin-transform-classes:7.23.8

Description:

Compile ES2015 classes to ES5

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@babel/preset-env:7.23.9/@babel/plugin-transform-classes:^7.23.8

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/preset-env:7.23.9
  • simplicite-js:5.2.54

Identifiers

@babel/plugin-transform-computed-properties:7.23.3

Description:

Compile ES2015 computed properties to ES5

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@babel/preset-env:7.23.9/@babel/plugin-transform-computed-properties:^7.23.3

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/preset-env:7.23.9
  • simplicite-js:5.2.54

Identifiers

@babel/plugin-transform-destructuring:7.23.3

Description:

Compile ES2015 destructuring to ES5

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@babel/preset-env:7.23.9/@babel/plugin-transform-destructuring:^7.23.3

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/preset-env:7.23.9
  • simplicite-js:5.2.54

Identifiers

@babel/plugin-transform-dotall-regex:7.23.3

Description:

Compile regular expressions using the `s` (`dotAll`) flag to ES5.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@babel/preset-env:7.23.9/@babel/plugin-transform-dotall-regex:^7.23.3

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/preset-env:7.23.9
  • simplicite-js:5.2.54

Identifiers

@babel/plugin-transform-duplicate-keys:7.23.3

Description:

Compile objects with duplicate keys to valid strict ES5

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@babel/preset-env:7.23.9/@babel/plugin-transform-duplicate-keys:^7.23.3

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/preset-env:7.23.9
  • simplicite-js:5.2.54

Identifiers

@babel/plugin-transform-dynamic-import:7.23.4

Description:

Transform import() expressions

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@babel/preset-env:7.23.9/@babel/plugin-transform-dynamic-import:^7.23.4

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/preset-env:7.23.9
  • simplicite-js:5.2.54

Identifiers

@babel/plugin-transform-exponentiation-operator:7.23.3

Description:

Compile exponentiation operator to ES5

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@babel/preset-env:7.23.9/@babel/plugin-transform-exponentiation-operator:^7.23.3

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/preset-env:7.23.9
  • simplicite-js:5.2.54

Identifiers

@babel/plugin-transform-export-namespace-from:7.23.4

Description:

Compile export namespace to ES2015

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@babel/preset-env:7.23.9/@babel/plugin-transform-export-namespace-from:^7.23.4

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/preset-env:7.23.9
  • simplicite-js:5.2.54

Identifiers

@babel/plugin-transform-for-of:7.23.6

Description:

Compile ES2015 for...of to ES5

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@babel/preset-env:7.23.9/@babel/plugin-transform-for-of:^7.23.6

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/preset-env:7.23.9
  • simplicite-js:5.2.54

Identifiers

@babel/plugin-transform-function-name:7.23.3

Description:

Apply ES2015 function.name semantics to all functions

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@babel/preset-env:7.23.9/@babel/plugin-transform-function-name:^7.23.3

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/preset-env:7.23.9
  • simplicite-js:5.2.54

Identifiers

@babel/plugin-transform-json-strings:7.23.4

Description:

Escape U+2028 LINE SEPARATOR and U+2029 PARAGRAPH SEPARATOR in JS strings

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@babel/preset-env:7.23.9/@babel/plugin-transform-json-strings:^7.23.4

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/preset-env:7.23.9
  • simplicite-js:5.2.54

Identifiers

@babel/plugin-transform-literals:7.23.3

Description:

Compile ES2015 unicode string and number literals to ES5

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@babel/preset-env:7.23.9/@babel/plugin-transform-literals:^7.23.3

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/preset-env:7.23.9
  • simplicite-js:5.2.54

Identifiers

@babel/plugin-transform-logical-assignment-operators:7.23.4

Description:

Transforms logical assignment operators into short-circuited assignments

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@babel/preset-env:7.23.9/@babel/plugin-transform-logical-assignment-operators:^7.23.4

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/preset-env:7.23.9
  • simplicite-js:5.2.54

Identifiers

@babel/plugin-transform-member-expression-literals:7.23.3

Description:

Ensure that reserved words are quoted in property accesses

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@babel/preset-env:7.23.9/@babel/plugin-transform-member-expression-literals:^7.23.3

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/preset-env:7.23.9
  • simplicite-js:5.2.54

Identifiers

@babel/plugin-transform-modules-amd:7.23.3

Description:

This plugin transforms ES2015 modules to AMD

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@babel/preset-env:7.23.9/@babel/plugin-transform-modules-amd:^7.23.3

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/preset-env:7.23.9
  • simplicite-js:5.2.54

Identifiers

@babel/plugin-transform-modules-commonjs:7.23.3

Description:

This plugin transforms ES2015 modules to CommonJS

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@babel/preset-env:7.23.9/@babel/plugin-transform-modules-commonjs:^7.23.3

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/preset-env:7.23.9
  • simplicite-js:5.2.54

Identifiers

@babel/plugin-transform-modules-systemjs:7.23.9

Description:

This plugin transforms ES2015 modules to SystemJS

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@babel/preset-env:7.23.9/@babel/plugin-transform-modules-systemjs:^7.23.9

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/preset-env:7.23.9
  • simplicite-js:5.2.54

Identifiers

@babel/plugin-transform-modules-umd:7.23.3

Description:

This plugin transforms ES2015 modules to UMD

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@babel/preset-env:7.23.9/@babel/plugin-transform-modules-umd:^7.23.3

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/preset-env:7.23.9
  • simplicite-js:5.2.54

Identifiers

@babel/plugin-transform-named-capturing-groups-regex:7.22.5

Description:

Compile regular expressions using named groups to ES5.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@babel/preset-env:7.23.9/@babel/plugin-transform-named-capturing-groups-regex:^7.22.5

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/preset-env:7.23.9
  • simplicite-js:5.2.54

Identifiers

@babel/plugin-transform-new-target:7.23.3

Description:

Transforms new.target meta property

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@babel/preset-env:7.23.9/@babel/plugin-transform-new-target:^7.23.3

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/preset-env:7.23.9
  • simplicite-js:5.2.54

Identifiers

@babel/plugin-transform-nullish-coalescing-operator:7.23.4

Description:

Remove nullish coalescing operator

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@babel/preset-env:7.23.9/@babel/plugin-transform-nullish-coalescing-operator:^7.23.4

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/preset-env:7.23.9
  • simplicite-js:5.2.54

Identifiers

@babel/plugin-transform-numeric-separator:7.23.4

Description:

Remove numeric separators from Decimal, Binary, Hex and Octal literals

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@babel/preset-env:7.23.9/@babel/plugin-transform-numeric-separator:^7.23.4

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/preset-env:7.23.9
  • simplicite-js:5.2.54

Identifiers

@babel/plugin-transform-object-rest-spread:7.23.4

Description:

Compile object rest and spread to ES5

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@babel/preset-env:7.23.9/@babel/plugin-transform-object-rest-spread:^7.23.4

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/preset-env:7.23.9
  • simplicite-js:5.2.54

Identifiers

@babel/plugin-transform-object-super:7.23.3

Description:

Compile ES2015 object super to ES5

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@babel/preset-env:7.23.9/@babel/plugin-transform-object-super:^7.23.3

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/preset-env:7.23.9
  • simplicite-js:5.2.54

Identifiers

@babel/plugin-transform-optional-catch-binding:7.23.4

Description:

Compile optional catch bindings

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@babel/preset-env:7.23.9/@babel/plugin-transform-optional-catch-binding:^7.23.4

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/preset-env:7.23.9
  • simplicite-js:5.2.54

Identifiers

@babel/plugin-transform-optional-chaining:7.23.4

Description:

Transform optional chaining operators into a series of nil checks

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@babel/preset-env:7.23.9/@babel/plugin-transform-optional-chaining:^7.23.4

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/preset-env:7.23.9
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining:7.23.3

Identifiers

@babel/plugin-transform-parameters:7.23.3

Description:

Compile ES2015 default and rest parameters to ES5

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@babel/preset-env:7.23.9/@babel/plugin-transform-parameters:^7.23.3

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/plugin-transform-object-rest-spread:7.23.4
  • simplicite-js:5.2.54/@babel/preset-env:7.23.9
  • simplicite-js:5.2.54

Identifiers

@babel/plugin-transform-private-methods:7.23.3

Description:

This plugin transforms private class methods

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@babel/preset-env:7.23.9/@babel/plugin-transform-private-methods:^7.23.3

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/preset-env:7.23.9
  • simplicite-js:5.2.54

Identifiers

@babel/plugin-transform-private-property-in-object:7.23.4

Description:

This plugin transforms checks for a private property in an object

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@babel/preset-env:7.23.9/@babel/plugin-transform-private-property-in-object:^7.23.4

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/preset-env:7.23.9
  • simplicite-js:5.2.54

Identifiers

@babel/plugin-transform-property-literals:7.23.3

Description:

Ensure that reserved words are quoted in object property keys

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@babel/preset-env:7.23.9/@babel/plugin-transform-property-literals:^7.23.3

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/preset-env:7.23.9
  • simplicite-js:5.2.54

Identifiers

@babel/plugin-transform-regenerator:7.23.3

Description:

Explode async and generator functions into a state machine.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@babel/preset-env:7.23.9/@babel/plugin-transform-regenerator:^7.23.3

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/preset-env:7.23.9
  • simplicite-js:5.2.54

Identifiers

@babel/plugin-transform-reserved-words:7.23.3

Description:

Ensure that no reserved words are used.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@babel/preset-env:7.23.9/@babel/plugin-transform-reserved-words:^7.23.3

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/preset-env:7.23.9
  • simplicite-js:5.2.54

Identifiers

@babel/plugin-transform-shorthand-properties:7.23.3

Description:

Compile ES2015 shorthand properties to ES5

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@babel/preset-env:7.23.9/@babel/plugin-transform-shorthand-properties:^7.23.3

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/preset-env:7.23.9
  • simplicite-js:5.2.54

Identifiers

@babel/plugin-transform-spread:7.23.3

Description:

Compile ES2015 spread to ES5

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@babel/preset-env:7.23.9/@babel/plugin-transform-spread:^7.23.3

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/preset-env:7.23.9
  • simplicite-js:5.2.54

Identifiers

@babel/plugin-transform-sticky-regex:7.23.3

Description:

Compile ES2015 sticky regex to an ES5 RegExp constructor

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@babel/preset-env:7.23.9/@babel/plugin-transform-sticky-regex:^7.23.3

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/preset-env:7.23.9
  • simplicite-js:5.2.54

Identifiers

@babel/plugin-transform-template-literals:7.23.3

Description:

Compile ES2015 template literals to ES5

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@babel/preset-env:7.23.9/@babel/plugin-transform-template-literals:^7.23.3

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/preset-env:7.23.9
  • simplicite-js:5.2.54

Identifiers

@babel/plugin-transform-typeof-symbol:7.23.3

Description:

This transformer wraps all typeof expressions with a method that replicates native behaviour. (ie. returning “symbol” for symbols)

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@babel/preset-env:7.23.9/@babel/plugin-transform-typeof-symbol:^7.23.3

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/preset-env:7.23.9
  • simplicite-js:5.2.54

Identifiers

@babel/plugin-transform-unicode-escapes:7.23.3

Description:

Compile ES2015 Unicode escapes to ES5

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@babel/preset-env:7.23.9/@babel/plugin-transform-unicode-escapes:^7.23.3

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/preset-env:7.23.9
  • simplicite-js:5.2.54

Identifiers

@babel/plugin-transform-unicode-property-regex:7.23.3

Description:

Compile Unicode property escapes in Unicode regular expressions to ES5.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@babel/preset-env:7.23.9/@babel/plugin-transform-unicode-property-regex:^7.23.3

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/preset-env:7.23.9
  • simplicite-js:5.2.54

Identifiers

@babel/plugin-transform-unicode-regex:7.23.3

Description:

Compile ES2015 Unicode regex to ES5

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@babel/preset-env:7.23.9/@babel/plugin-transform-unicode-regex:^7.23.3

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/preset-env:7.23.9
  • simplicite-js:5.2.54

Identifiers

@babel/plugin-transform-unicode-sets-regex:7.23.3

Description:

Compile regular expressions' unicodeSets (v) flag.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@babel/preset-env:7.23.9/@babel/plugin-transform-unicode-sets-regex:^7.23.3

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/preset-env:7.23.9
  • simplicite-js:5.2.54

Identifiers

@babel/preset-env:7.23.9

Description:

A Babel preset for each environment.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/@babel/preset-env:7.23.9

Referenced In Project/Scope: simplicite-js:5.2.54

Identifiers

@babel/preset-modules:0.1.6-no-external-plugins

Description:

A Babel preset that targets modern browsers by fixing engine bugs.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/@babel/preset-modules:0.1.6-no-external-plugins

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/preset-env:7.23.9
  • simplicite-js:5.2.54

Identifiers

@babel/register:7.23.7

Description:

babel require hook

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/@babel/register:7.23.7

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/node:7.23.9
  • simplicite-js:5.2.54

Identifiers

@babel/regjsgen:0.8.0

Description:

Generate regular expressions from regjsparser’s AST.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?regexpu-core:5.3.2/@babel/regjsgen:^0.8.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/regexpu-core:5.3.2
  • simplicite-js:5.2.54

Identifiers

@babel/runtime:7.23.9

Description:

babel's modular runtime helpers

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?regenerator-transform:0.15.2/@babel/runtime:^7.8.4

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/regenerator-transform:0.15.2
  • simplicite-js:5.2.54

Identifiers

@babel/template:7.23.9

Description:

Generate an AST from a string template.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/@babel/template:7.23.9

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/helper-function-name:7.23.0
  • simplicite-js:5.2.54/@babel/helper-wrap-function:7.22.20
  • simplicite-js:5.2.54/@babel/plugin-transform-computed-properties:7.23.3
  • simplicite-js:5.2.54/@babel/core:7.23.9
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/@babel/helpers:7.23.9

Identifiers

@babel/traverse:7.23.9

Description:

The Babel Traverse module maintains the overall tree state, and is responsible for replacing, removing, and adding nodes

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?depcheck:1.4.3/@babel/traverse:^7.12.5

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/core:7.23.9
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/depcheck:1.4.3
  • simplicite-js:5.2.54/@babel/helpers:7.23.9

Identifiers

@babel/types:7.23.9

Description:

Babel Types is a Lodash-esque utility library for AST nodes

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/@babel/types:7.23.9

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/helper-split-export-declaration:7.22.6
  • simplicite-js:5.2.54/@babel/helper-module-imports:7.22.15
  • simplicite-js:5.2.54/@babel/helper-simple-access:7.22.5
  • simplicite-js:5.2.54/@babel/preset-modules:0.1.6-no-external-plugins
  • simplicite-js:5.2.54/@babel/helper-optimise-call-expression:7.22.5
  • simplicite-js:5.2.54/@babel/traverse:7.23.9
  • simplicite-js:5.2.54/@babel/helper-skip-transparent-expression-wrappers:7.22.5
  • simplicite-js:5.2.54/@babel/generator:7.23.6
  • simplicite-js:5.2.54/@babel/helper-builder-binary-assignment-operator-visitor:7.22.15
  • simplicite-js:5.2.54/@babel/core:7.23.9
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/@babel/helper-hoist-variables:7.22.5
  • simplicite-js:5.2.54/@babel/helper-annotate-as-pure:7.22.5
  • simplicite-js:5.2.54/@babel/helper-function-name:7.23.0
  • simplicite-js:5.2.54/@babel/helper-wrap-function:7.22.20
  • simplicite-js:5.2.54/@babel/template:7.23.9
  • simplicite-js:5.2.54/@babel/helpers:7.23.9
  • simplicite-js:5.2.54/@babel/helper-member-expression-to-functions:7.23.0

Identifiers

@colors/colors:1.5.0

Description:

get colors in your node.js console

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/@colors/colors:1.5.0

Referenced In Project/Scope: simplicite-js:5.2.54

Identifiers

@csstools/selector-specificity:2.2.0

Description:

Determine selector specificity with postcss-selector-parser

License:

CC0-1.0
File Path: /var/simplicite/simplicite-5.2/package-lock.json?stylelint:14.16.1/@csstools/selector-specificity:^2.0.2

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/stylelint:14.16.1
  • simplicite-js:5.2.54

Identifiers

@devexpress/error-stack-parser:2.0.6

Description:

Extract meaning from JS Errors

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?callsite-record:4.1.5/@devexpress/error-stack-parser:^2.0.6

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/callsite-record:4.1.5
  • simplicite-js:5.2.54

Identifiers

@es-joy/jsdoccomment:0.41.0

Description:

Maintained replacement for ESLint's deprecated SourceCode#getJSDocComment along with other jsdoc utilities

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?eslint-plugin-jsdoc:48.0.4/@es-joy/jsdoccomment:~0.41.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/eslint-plugin-jsdoc:48.0.4
  • simplicite-js:5.2.54

Identifiers

@eslint-community/eslint-utils:4.4.0

Description:

Utilities for ESLint plugins.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?eslint:8.56.0/@eslint-community/eslint-utils:^4.2.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/eslint:8.56.0
  • simplicite-js:5.2.54

Identifiers

@eslint-community/regexpp:4.6.2

Description:

Regular expression parser for ECMAScript.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?eslint:8.56.0/@eslint-community/regexpp:^4.6.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/eslint:8.56.0
  • simplicite-js:5.2.54

Identifiers

@eslint/eslintrc:2.1.4

Description:

The legacy ESLintRC config file format for ESLint

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?eslint:8.56.0/@eslint/eslintrc:^2.1.4

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/eslint:8.56.0
  • simplicite-js:5.2.54

Identifiers

@eslint/js:8.56.0

Description:

ESLint JavaScript language implementation

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?eslint:8.56.0/@eslint/js:8.56.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/eslint:8.56.0
  • simplicite-js:5.2.54

Identifiers

@fullcalendar/bootstrap:5.11.0

Description:

Bootstrap 4 theming for your calendar

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/@fullcalendar/bootstrap:5.11.0

Referenced In Project/Scope: simplicite-js:5.2.54

Identifiers

@fullcalendar/common:5.11.5

Description:

internal package

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@fullcalendar/timegrid:5.11.0/@fullcalendar/common:~5.11.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@fullcalendar/moment:5.11.0
  • simplicite-js:5.2.54/@fullcalendar/moment-timezone:5.11.0
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/@fullcalendar/interaction:5.11.0
  • simplicite-js:5.2.54/@fullcalendar/luxon:5.11.0
  • simplicite-js:5.2.54/@fullcalendar/google-calendar:5.11.0
  • simplicite-js:5.2.54/@fullcalendar/bootstrap:5.11.0
  • simplicite-js:5.2.54/@fullcalendar/daygrid:5.11.0
  • simplicite-js:5.2.54/@fullcalendar/timegrid:5.11.0
  • simplicite-js:5.2.54/@fullcalendar/list:5.11.0
  • simplicite-js:5.2.54/@fullcalendar/rrule:5.11.0
  • simplicite-js:5.2.54/@fullcalendar/core:5.11.0

Identifiers

@fullcalendar/core:5.11.0

Description:

Provides core functionality, including the Calendar class

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/@fullcalendar/core:5.11.0

Referenced In Project/Scope: simplicite-js:5.2.54

Identifiers

@fullcalendar/daygrid:5.11.0

Description:

Display events on Month view or DayGrid view

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@fullcalendar/timegrid:5.11.0/@fullcalendar/daygrid:~5.11.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@fullcalendar/timegrid:5.11.0
  • simplicite-js:5.2.54

Identifiers

@fullcalendar/google-calendar:5.11.0

Description:

Fetch events from a public Google Calendar feed

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/@fullcalendar/google-calendar:5.11.0

Referenced In Project/Scope: simplicite-js:5.2.54

Identifiers

@fullcalendar/interaction:5.11.0

Description:

Provides functionality for event drag-n-drop, resizing, dateClick, and selectable actions

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/@fullcalendar/interaction:5.11.0

Referenced In Project/Scope: simplicite-js:5.2.54

Identifiers

@fullcalendar/list:5.11.0

Description:

View your events as a bulleted list

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/@fullcalendar/list:5.11.0

Referenced In Project/Scope: simplicite-js:5.2.54

Identifiers

@fullcalendar/luxon:5.11.0

Description:

A connector to the Luxon 1 date library

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/@fullcalendar/luxon:5.11.0

Referenced In Project/Scope: simplicite-js:5.2.54

Identifiers

@fullcalendar/moment-timezone:5.11.0

Description:

A connector to the moment-timezone library

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/@fullcalendar/moment-timezone:5.11.0

Referenced In Project/Scope: simplicite-js:5.2.54

Identifiers

@fullcalendar/moment:5.11.0

Description:

A connector to the MomentJS date library

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/@fullcalendar/moment:5.11.0

Referenced In Project/Scope: simplicite-js:5.2.54

Identifiers

@fullcalendar/rrule:5.11.0

Description:

A connector to the RRule library, for recurring events

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/@fullcalendar/rrule:5.11.0

Referenced In Project/Scope: simplicite-js:5.2.54

Identifiers

@fullcalendar/timegrid:5.11.0

Description:

Display your events on a grid of time slots

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/@fullcalendar/timegrid:5.11.0

Referenced In Project/Scope: simplicite-js:5.2.54

Identifiers

@humanwhocodes/config-array:0.11.13

Description:

Glob-based configuration matching.

License:

Apache-2.0
File Path: /var/simplicite/simplicite-5.2/package-lock.json?eslint:8.56.0/@humanwhocodes/config-array:^0.11.13

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/eslint:8.56.0
  • simplicite-js:5.2.54

Identifiers

@humanwhocodes/module-importer:1.0.1

Description:

Universal module importer for Node.js

License:

Apache-2.0
File Path: /var/simplicite/simplicite-5.2/package-lock.json?eslint:8.56.0/@humanwhocodes/module-importer:^1.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/eslint:8.56.0
  • simplicite-js:5.2.54

Identifiers

@humanwhocodes/object-schema:2.0.1

Description:

An object schema merger/validator

License:

BSD-3-Clause
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/@humanwhocodes/object-schema:2.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/@humanwhocodes/config-array:0.11.13

Identifiers

@isaacs/cliui:8.0.2

Description:

easily create complex multi-column command-line-interfaces

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?jackspeak:2.3.6/@isaacs/cliui:^8.0.2

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/jackspeak:2.3.6
  • simplicite-js:5.2.54

Identifiers

@jridgewell/gen-mapping:0.3.3

Description:

Generate source maps

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/@jridgewell/gen-mapping:0.3.3

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@ampproject/remapping:2.2.1
  • simplicite-js:5.2.54/@babel/generator:7.23.6
  • simplicite-js:5.2.54

Identifiers

@jridgewell/resolve-uri:3.1.0

Description:

Resolve a URI relative to an optional base URI

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@jridgewell/trace-mapping:0.3.18/@jridgewell/resolve-uri:3.1.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@jridgewell/trace-mapping:0.3.18
  • simplicite-js:5.2.54

Identifiers

@jridgewell/set-array:1.1.2

Description:

Like a Set, but provides the index of the `key` in the backing array

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/@jridgewell/set-array:1.1.2

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@jridgewell/gen-mapping:0.3.3
  • simplicite-js:5.2.54

Identifiers

@jridgewell/sourcemap-codec:1.4.14

Description:

Encode/decode sourcemap mappings

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/@jridgewell/sourcemap-codec:1.4.14

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@jridgewell/trace-mapping:0.3.18
  • simplicite-js:5.2.54

Identifiers

@jridgewell/sourcemap-codec:1.4.15

Description:

Encode/decode sourcemap mappings

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?magic-string:0.30.0/@jridgewell/sourcemap-codec:^1.4.13

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@jridgewell/gen-mapping:0.3.3
  • simplicite-js:5.2.54/magic-string:0.30.0
  • simplicite-js:5.2.54

Identifiers

@jridgewell/trace-mapping:0.3.18

Description:

Trace the original position through a source map

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/@jridgewell/trace-mapping:0.3.18

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@ampproject/remapping:2.2.1
  • simplicite-js:5.2.54/@jridgewell/gen-mapping:0.3.3
  • simplicite-js:5.2.54/@babel/generator:7.23.6
  • simplicite-js:5.2.54/@babel/cli:7.23.9
  • simplicite-js:5.2.54

Identifiers

@jsdoc/salty:0.2.5

Description:

A drop-in replacement for (some of) TaffyDB.

License:

Apache-2.0
File Path: /var/simplicite/simplicite-5.2/package-lock.json?jsdoc:4.0.2/@jsdoc/salty:^0.2.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/jsdoc:4.0.2
  • simplicite-js:5.2.54/docdash:2.0.2
  • simplicite-js:5.2.54

Identifiers

@kessler/tableify:1.0.2

Description:

Create HTML tables from Javascript Objects

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?license-report:6.5.0/@kessler/tableify:^1.0.2

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/license-report:6.5.0
  • simplicite-js:5.2.54

Identifiers

@nicolo-ribaudo/chokidar-2:2.1.8-no-fsevents.3

Description:

A wrapper around chokidar@2 to be able to specify both @2 and @3 as dependencies

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/@nicolo-ribaudo/chokidar-2:2.1.8-no-fsevents.3

Referenced In Project/Scope: simplicite-js:5.2.54

Identifiers

@nodelib/fs.scandir:2.1.5

Description:

List files and directories inside the specified directory

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@nodelib/fs.walk:1.2.8/@nodelib/fs.scandir:2.1.5

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@nodelib/fs.walk:1.2.8
  • simplicite-js:5.2.54

Identifiers

@nodelib/fs.stat:2.0.5

Description:

Get the status of a file with some features

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?fast-glob:3.3.0/@nodelib/fs.stat:^2.0.2

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/@nodelib/fs.scandir:2.1.5
  • simplicite-js:5.2.54/fast-glob:3.3.0

Identifiers

@nodelib/fs.walk:1.2.8

Description:

A library for efficiently walking a directory recursively

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?fast-glob:3.3.0/@nodelib/fs.walk:^1.2.3

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/eslint:8.56.0
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/fast-glob:3.3.0

Identifiers

@npmcli/fs:3.1.0

Description:

filesystem utilities for the npm cli

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?cacache:17.1.3/@npmcli/fs:^3.1.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/cacache:17.1.3
  • simplicite-js:5.2.54

Identifiers

@npmcli/git:4.1.0

Description:

a util for spawning git from npm CLI contexts

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?pacote:15.2.0/@npmcli/git:^4.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/pacote:15.2.0
  • simplicite-js:5.2.54

Identifiers

@npmcli/installed-package-contents:2.0.2

Description:

Get the list of files installed in a package in node_modules, including bundled dependencies

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?pacote:15.2.0/@npmcli/installed-package-contents:^2.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/pacote:15.2.0
  • simplicite-js:5.2.54

Identifiers

@npmcli/node-gyp:3.0.0

Description:

Tools for dealing with node-gyp packages

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@npmcli/run-script:6.0.2/@npmcli/node-gyp:^3.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@npmcli/run-script:6.0.2
  • simplicite-js:5.2.54

Identifiers

@npmcli/promise-spawn:6.0.2

Description:

spawn processes the way the npm cli likes to do

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?pacote:15.2.0/@npmcli/promise-spawn:^6.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@npmcli/run-script:6.0.2
  • simplicite-js:5.2.54/pacote:15.2.0
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/@npmcli/git:4.1.0

Identifiers

@npmcli/run-script:6.0.2

Description:

Run a lifecycle script for a package (descendant of npm-lifecycle)

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?pacote:15.2.0/@npmcli/run-script:^6.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/pacote:15.2.0
  • simplicite-js:5.2.54

Identifiers

@pkgjs/parseargs:0.11.0

Description:

Polyfill of future proposal for `util.parseArgs()`

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/@pkgjs/parseargs:0.11.0

Referenced In Project/Scope: simplicite-js:5.2.54

Identifiers

@pnpm/config.env-replace:1.1.0

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@pnpm/npm-conf:2.2.2/@pnpm/config.env-replace:^1.1.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/@pnpm/npm-conf:2.2.2

Identifiers

@pnpm/network.ca-file:1.0.2

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@pnpm/npm-conf:2.2.2/@pnpm/network.ca-file:^1.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/@pnpm/npm-conf:2.2.2

Identifiers

@pnpm/npm-conf:2.2.2

Description:

Get the npm config

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?registry-auth-token:5.0.2/@pnpm/npm-conf:^2.1.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/registry-auth-token:5.0.2
  • simplicite-js:5.2.54

Identifiers

@sigstore/bundle:1.0.0

Description:

Sigstore bundle type

License:

Apache-2.0
File Path: /var/simplicite/simplicite-5.2/package-lock.json?sigstore:1.8.0/@sigstore/bundle:^1.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/sigstore:1.8.0
  • simplicite-js:5.2.54

Identifiers

@sigstore/protobuf-specs:0.2.0

Description:

code-signing for npm packages

License:

Apache-2.0
File Path: /var/simplicite/simplicite-5.2/package-lock.json?sigstore:1.8.0/@sigstore/protobuf-specs:^0.2.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/sigstore:1.8.0
  • simplicite-js:5.2.54/@sigstore/tuf:1.0.3
  • simplicite-js:5.2.54/@sigstore/bundle:1.0.0
  • simplicite-js:5.2.54

Identifiers

@sigstore/tuf:1.0.3

Description:

Client for the Sigstore TUF repository

License:

Apache-2.0
File Path: /var/simplicite/simplicite-5.2/package-lock.json?sigstore:1.8.0/@sigstore/tuf:^1.0.3

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/sigstore:1.8.0
  • simplicite-js:5.2.54

Identifiers

@sindresorhus/is:5.4.1

Description:

Type check values

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?got:13.0.0/@sindresorhus/is:^5.2.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/got:12.6.1
  • simplicite-js:5.2.54/got:9.6.0
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/got:13.0.0

Identifiers

@szmarczak/http-timer:5.0.1

Description:

Timings for HTTP requests

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?got:13.0.0/@szmarczak/http-timer:^5.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/got:12.6.1
  • simplicite-js:5.2.54/got:9.6.0
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/got:13.0.0

Identifiers

@tootallnate/once:2.0.0

Description:

Creates a Promise that waits for a single event

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/@tootallnate/once:2.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/http-proxy-agent:5.0.0
  • simplicite-js:5.2.54

Identifiers

@tufjs/canonical-json:1.0.0

Description:

OLPC JSON canonicalization

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@tufjs/models:1.0.4/@tufjs/canonical-json:1.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@tufjs/models:1.0.4
  • simplicite-js:5.2.54

Identifiers

@tufjs/models:1.0.4

Description:

TUF metadata models

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?tuf-js:1.1.7/@tufjs/models:1.0.4

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/tuf-js:1.1.7
  • simplicite-js:5.2.54

Identifiers

@types/http-cache-semantics:4.0.1

Description:

TypeScript definitions for http-cache-semantics

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?cacheable-request:10.2.12/@types/http-cache-semantics:^4.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/cacheable-request:10.2.12
  • simplicite-js:5.2.54

Identifiers

@types/linkify-it:3.0.2

Description:

TypeScript definitions for linkify-it

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@types/markdown-it:12.2.3/@types/linkify-it:*

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@types/markdown-it:12.2.3
  • simplicite-js:5.2.54

Identifiers

@types/lodash:4.14.195

Description:

TypeScript definitions for Lo-Dash

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?callsite-record:4.1.5/@types/lodash:^4.14.72

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/callsite-record:4.1.5
  • simplicite-js:5.2.54

Identifiers

@types/markdown-it:12.2.3

Description:

TypeScript definitions for markdown-it

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?jsdoc:4.0.2/@types/markdown-it:^12.2.3

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/jsdoc:4.0.2
  • simplicite-js:5.2.54

Identifiers

@types/mdurl:1.0.2

Description:

TypeScript definitions for mdurl

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/@types/mdurl:1.0.2

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@types/markdown-it:12.2.3
  • simplicite-js:5.2.54

Identifiers

@types/minimatch:3.0.5

Description:

TypeScript definitions for Minimatch

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?multimatch:5.0.0/@types/minimatch:^3.0.3

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/multimatch:5.0.0
  • simplicite-js:5.2.54

Identifiers

@types/minimist:1.2.2

Description:

TypeScript definitions for minimist

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?meow:9.0.0/@types/minimist:^1.2.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/meow:9.0.0
  • simplicite-js:5.2.54

Identifiers

@types/normalize-package-data:2.4.1

Description:

TypeScript definitions for normalize-package-data

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?read-pkg:5.2.0/@types/normalize-package-data:^2.4.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/read-pkg:5.2.0
  • simplicite-js:5.2.54

Identifiers

@types/parse-json:4.0.0

Description:

TypeScript definitions for parse-json

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?cosmiconfig:7.1.0/@types/parse-json:^4.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/cosmiconfig:7.1.0
  • simplicite-js:5.2.54

Identifiers

@ungap/structured-clone:1.2.0

Description:

A structuredClone polyfill

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?eslint:8.56.0/@ungap/structured-clone:^1.2.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/eslint:8.56.0
  • simplicite-js:5.2.54

Identifiers

@vue/compiler-core:3.3.4

Description:

@vue/compiler-core

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@vue/reactivity-transform:3.3.4/@vue/compiler-core:3.3.4

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@vue/compiler-sfc:3.3.4
  • simplicite-js:5.2.54/@vue/reactivity-transform:3.3.4
  • simplicite-js:5.2.54/@vue/compiler-dom:3.3.4
  • simplicite-js:5.2.54

Identifiers

@vue/compiler-dom:3.3.4

Description:

@vue/compiler-dom

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?@vue/compiler-ssr:3.3.4/@vue/compiler-dom:3.3.4

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@vue/compiler-sfc:3.3.4
  • simplicite-js:5.2.54/@vue/compiler-ssr:3.3.4
  • simplicite-js:5.2.54

Identifiers

@vue/compiler-sfc:3.3.4

Description:

@vue/compiler-sfc

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?depcheck:1.4.3/@vue/compiler-sfc:^3.0.5

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/depcheck:1.4.3

Identifiers

@vue/compiler-ssr:3.3.4

Description:

@vue/compiler-ssr

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/@vue/compiler-ssr:3.3.4

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@vue/compiler-sfc:3.3.4
  • simplicite-js:5.2.54

Identifiers

@vue/reactivity-transform:3.3.4

Description:

@vue/reactivity-transform

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/@vue/reactivity-transform:3.3.4

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@vue/compiler-sfc:3.3.4
  • simplicite-js:5.2.54

Identifiers

@vue/shared:3.3.4

Description:

internal utils shared across @vue packages

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/@vue/shared:3.3.4

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@vue/compiler-sfc:3.3.4
  • simplicite-js:5.2.54/@vue/compiler-ssr:3.3.4
  • simplicite-js:5.2.54/@vue/compiler-core:3.3.4
  • simplicite-js:5.2.54/@vue/reactivity-transform:3.3.4
  • simplicite-js:5.2.54/@vue/compiler-dom:3.3.4
  • simplicite-js:5.2.54

Identifiers

HikariCP-5.0.0.jar

Description:

Ultimate JDBC Connection Pool

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/zaxxer/HikariCP/5.0.0/HikariCP-5.0.0.jar
MD5: 0231648391cf340e30a360f28b259073
SHA1: 8685b74cebc0435144d652311a2930f5914c968a
SHA256:cfab85c04fcb590ae4cfdbe1b1e87cfd7277c4ba378229422d8e8bce989a97d6
Referenced In Project/Scope: Simplicite Platform:compile
HikariCP-5.0.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

JavaEWAH-1.1.13.jar

Description:

The bit array data structure is implemented in Java as the BitSet class. Unfortunately, this fails to scale without compression.
  JavaEWAH is a word-aligned compressed variant of the Java bitset class. It uses a 64-bit run-length encoding (RLE) compression scheme.
  The goal of word-aligned compression is not to achieve the best compression, but rather to improve query processing time. Hence, we try to save CPU cycles, maybe at the expense of storage. However, the EWAH scheme we implemented is always more efficient storage-wise than an uncompressed bitmap (implemented in Java as the BitSet class). Unlike some alternatives, javaewah does not rely on a patented scheme.

License:

Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/googlecode/javaewah/JavaEWAH/1.1.13/JavaEWAH-1.1.13.jar
MD5: a1eb305e5cc5bba238d4360e3139abb4
SHA1: 32cd724a42dc73f99ca08453d11a4bb83e0034c7
SHA256:4c0fda2b1d317750d7ea324e36c70b2bc48310c0aaae67b98df0915d696d7111
Referenced In Project/Scope: Simplicite Platform:compile
JavaEWAH-1.1.13.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.eclipse.jgit/org.eclipse.jgit@6.1.0.202203080745-r

Identifiers

SparseBitSet-1.2.jar

Description:

An efficient sparse bitset implementation for Java

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/zaxxer/SparseBitSet/1.2/SparseBitSet-1.2.jar
MD5: 1c6032441aec11b523e1a7bfa96d60cf
SHA1: 8467c813d442837fcaeddbc42cf5c5359fab4933
SHA256:91e6b318c901a0f2dd1f6ce781d62474435ae627d22fbac9b21bbc39ffd804b6
Referenced In Project/Scope: Simplicite Platform:compile
SparseBitSet-1.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.poi/poi@4.1.2

Identifiers

abbrev:1.1.1

Description:

Like ruby's abbrev module, but in js

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?nopt:6.0.0/abbrev:^1.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/nopt:5.0.0
  • simplicite-js:5.2.54/nopt:6.0.0
  • simplicite-js:5.2.54

Identifiers

ace-builds:1.4.12

Description:

Ace (Ajax.org Cloud9 Editor)

License:

BSD-3-Clause
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/ace-builds:1.4.12

Referenced In Project/Scope: simplicite-js:5.2.54

Identifiers

ace-diff:3.0.3

Description:

A diff/merging wrapper for Ace Editor built on google-diff-match-patch

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/ace-diff:3.0.3

Referenced In Project/Scope: simplicite-js:5.2.54

Identifiers

acorn-jsx:5.3.2

Description:

Modern, fast React.js JSX parser

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?espree:9.6.1/acorn-jsx:^5.3.2

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/espree:9.6.1
  • simplicite-js:5.2.54

Identifiers

acorn:8.11.3

Description:

ECMAScript parser

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?espree:9.6.1/acorn:^8.9.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/espree:9.6.1
  • simplicite-js:5.2.54

Identifiers

agent-base:6.0.2

Description:

Turn a function into an `http.Agent` instance

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?socks-proxy-agent:7.0.0/agent-base:^6.0.2

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/https-proxy-agent:5.0.1
  • simplicite-js:5.2.54/socks-proxy-agent:7.0.0
  • simplicite-js:5.2.54/http-proxy-agent:5.0.0
  • simplicite-js:5.2.54

Identifiers

agentkeepalive:4.3.0

Description:

Missing keepalive http.Agent

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?make-fetch-happen:11.1.1/agentkeepalive:^4.2.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/make-fetch-happen:11.1.1
  • simplicite-js:5.2.54

Identifiers

aggregate-error:3.1.0

Description:

Create an error from multiple errors

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?p-map:4.0.0/aggregate-error:^3.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/p-map:4.0.0
  • simplicite-js:5.2.54

Identifiers

ajv:6.12.6

Description:

Another JSON Schema Validator

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?eslint:8.56.0/ajv:^6.12.4

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/eslint:8.56.0
  • simplicite-js:5.2.54/@eslint/eslintrc:2.1.4
  • simplicite-js:5.2.54

Identifiers

ajv:8.12.0

Description:

Another JSON Schema Validator

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/ajv:8.12.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/table:6.8.1
  • simplicite-js:5.2.54

Identifiers

ansi-align:3.0.1

Description:

align-text with ANSI support for CLIs

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?boxen:5.1.2/ansi-align:^3.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/boxen:5.1.2
  • simplicite-js:5.2.54/boxen:7.1.0
  • simplicite-js:5.2.54/boxen:4.2.0
  • simplicite-js:5.2.54

Identifiers

ansi-escapes:4.3.2

Description:

ANSI escape codes for manipulating the terminal

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?terminal-link:2.1.1/ansi-escapes:^4.2.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/terminal-link:2.1.1
  • simplicite-js:5.2.54/inquirer:7.3.3
  • simplicite-js:5.2.54

Identifiers

ansi-regex:5.0.1

Description:

Regular expression for matching ANSI escape codes

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?strip-ansi-cjs:6.0.1/ansi-regex:^5.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/strip-ansi-cjs:6.0.1
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/strip-ansi:6.0.1
  • simplicite-js:5.2.54/strip-ansi:7.1.0

Identifiers

ansi-styles:3.2.1

Description:

ANSI escape codes for styling strings in the terminal

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?chalk:2.4.2/ansi-styles:^3.2.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/slice-ansi:4.0.0
  • simplicite-js:5.2.54/chalk:3.0.0
  • simplicite-js:5.2.54/wrap-ansi:8.1.0
  • simplicite-js:5.2.54/chalk:4.1.2
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/chalk:2.4.2

Identifiers

ansi-styles:4.3.0

Description:

ANSI escape codes for styling strings in the terminal

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/ansi-styles:4.3.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/wrap-ansi:7.0.0
  • simplicite-js:5.2.54/wrap-ansi-cjs:7.0.0
  • simplicite-js:5.2.54

Identifiers

ant-1.10.11.jar

File Path: /var/simplicite/.m2/repository/org/apache/ant/ant/1.10.11/ant-1.10.11.jar
MD5: ee3529760a0cf967e19f38523adc603e
SHA1: b875cd48a0bc955ae9c5c477ad991e1f26fb24d2
SHA256:88c0b89bbbaae01e0d9fcae93be792f5abbe3409106f8eee858fdf365dbc0754
Referenced In Project/Scope: Simplicite Platform:compile
ant-1.10.11.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

anymatch:3.1.3

Description:

Matches strings against configurable strings, globs, regular expressions, and/or functions

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?chokidar:3.5.3/anymatch:~3.1.2

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/chokidar:3.5.3
  • simplicite-js:5.2.54

Identifiers

aproba:2.0.0

Description:

A ridiculously light-weight argument validator (now browser friendly)

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?gauge:4.0.4/aproba:^1.0.3 || ^2.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/gauge:4.0.4
  • simplicite-js:5.2.54

Identifiers

are-docs-informative:0.0.2

Description:

Checks whether a documentation description introduces any new information.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?eslint-plugin-jsdoc:48.0.4/are-docs-informative:^0.0.2

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/eslint-plugin-jsdoc:48.0.4
  • simplicite-js:5.2.54

Identifiers

are-we-there-yet:3.0.1

Description:

Keep track of the overall completion of many disparate processes

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?npmlog:6.0.2/are-we-there-yet:^3.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/npmlog:6.0.2
  • simplicite-js:5.2.54

Identifiers

argparse:2.0.1

Description:

CLI arguments parser. Native port of python's argparse.

License:

Python-2.0
File Path: /var/simplicite/simplicite-5.2/package-lock.json?markdown-it:12.3.2/argparse:^2.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/js-yaml:3.14.1
  • simplicite-js:5.2.54/js-yaml:4.1.0
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/markdown-it:12.3.2

Identifiers

array-buffer-byte-length:1.0.0

Description:

Get the byte length of an ArrayBuffer, even in engines without a `.byteLength` method.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?es-abstract:1.21.2/array-buffer-byte-length:^1.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/es-abstract:1.21.2
  • simplicite-js:5.2.54

Identifiers

array-differ:3.0.0

Description:

Create an array with values that are present in the first input array but not additional ones

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?multimatch:5.0.0/array-differ:^3.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/multimatch:5.0.0
  • simplicite-js:5.2.54

Identifiers

array-union:2.1.0

Description:

Create an array of unique values, in order, from the input arrays

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?multimatch:5.0.0/array-union:^2.1.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/multimatch:5.0.0
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/globby:11.1.0

Identifiers

array.prototype.reduce:1.0.5

Description:

An ES5 spec-compliant `Array.prototype.reduce` shim/polyfill/replacement that works as far down as ES3.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?object.getownpropertydescriptors:2.1.6/array.prototype.reduce:^1.0.5

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/object.getownpropertydescriptors:2.1.6
  • simplicite-js:5.2.54

Identifiers

arrify:1.0.1

Description:

Convert a value to an array

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?minimist-options:4.1.0/arrify:^1.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/minimist-options:4.1.0

Identifiers

arrify:2.0.1

Description:

Convert a value to an array

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/arrify:2.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/multimatch:5.0.0
  • simplicite-js:5.2.54

Identifiers

astral-regex:2.0.0

Description:

Regular expression for matching astral symbols

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?slice-ansi:4.0.0/astral-regex:^2.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/slice-ansi:4.0.0
  • simplicite-js:5.2.54

Identifiers

autolink-0.10.0.jar

Description:

        Java library to extract links (URLs, email addresses) from plain text;
        fast, small and smart about recognizing where links end

License:

MIT License: http://www.opensource.org/licenses/mit-license.php
File Path: /var/simplicite/.m2/repository/org/nibor/autolink/autolink/0.10.0/autolink-0.10.0.jar
MD5: be771f6d4d82b9098596afa30b4f48ea
SHA1: 6579ea7079be461e5ffa99f33222a632711cc671
SHA256:302b30160968415ee6cd1907987138c7575a6315f9b6ef13b9fe3abc87367857
Referenced In Project/Scope: Simplicite Platform:compile
autolink-0.10.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.commonmark/commonmark-ext-autolink@0.18.0

Identifiers

available-typed-arrays:1.0.5

Description:

Returns an array of Typed Array names that are available in the current environment

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?which-typed-array:1.1.9/available-typed-arrays:^1.0.5

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/es-abstract:1.21.2
  • simplicite-js:5.2.54/is-typed-array:1.1.10
  • simplicite-js:5.2.54/which-typed-array:1.1.9
  • simplicite-js:5.2.54

Identifiers

babel-plugin-polyfill-corejs2:0.4.8

Description:

A Babel plugin to inject imports to core-js@2 polyfills

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/babel-plugin-polyfill-corejs2:0.4.8

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/preset-env:7.23.9
  • simplicite-js:5.2.54

Identifiers

babel-plugin-polyfill-corejs3:0.9.0

Description:

A Babel plugin to inject imports to core-js@3 polyfills

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/babel-plugin-polyfill-corejs3:0.9.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/preset-env:7.23.9
  • simplicite-js:5.2.54

Identifiers

babel-plugin-polyfill-regenerator:0.5.5

Description:

A Babel plugin to inject imports to regenerator-runtime

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/babel-plugin-polyfill-regenerator:0.5.5

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/preset-env:7.23.9
  • simplicite-js:5.2.54

Identifiers

balanced-match:1.0.2

Description:

Match balanced character pairs, like "{" and "}"

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?brace-expansion:2.0.1/balanced-match:^1.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/brace-expansion:1.1.11
  • simplicite-js:5.2.54/brace-expansion:2.0.1
  • simplicite-js:5.2.54

Identifiers

balanced-match:2.0.0

Description:

Match balanced character pairs, like "{" and "}"

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/balanced-match:2.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/stylelint:14.16.1
  • simplicite-js:5.2.54

Identifiers

base64-js:1.5.1

Description:

Base64 encoding/decoding in pure JS

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?buffer:6.0.3/base64-js:^1.3.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/buffer:6.0.3
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/buffer:5.7.1

Identifiers

bcmail-jdk15on-1.70.jar

Description:

The Bouncy Castle Java S/MIME APIs for handling S/MIME protocols. This jar contains S/MIME APIs for JDK 1.5 and up. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs. The JavaMail API and the Java activation framework will also be needed.

License:

Bouncy Castle Licence: https://www.bouncycastle.org/licence.html
File Path: /var/simplicite/.m2/repository/org/bouncycastle/bcmail-jdk15on/1.70/bcmail-jdk15on-1.70.jar
MD5: 8bb191ccc5fb9aacd10e6d90eb827133
SHA1: 08f4aafad90f6cc7f16b9992279828ae848c9e0d
SHA256:ff6cde372bcabca182e40c1cc5d9b1f9eb73370cad286ce362d3747aff15f230
Referenced In Project/Scope: Simplicite Platform:compile
bcmail-jdk15on-1.70.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

  • pkg:maven/org.bouncycastle/bcmail-jdk15on@1.70  (Confidence:High)
  • cpe:2.3:a:bouncycastle:bouncy_castle_for_java:1.70:*:*:*:*:*:*:*  (Confidence:Low)  
  • cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle:1.70:*:*:*:*:*:*:*  (Confidence:Low)  

CVE-2023-33202  

Bouncy Castle for Java before 1.73 contains a potential Denial of Service (DoS) issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams containing X.509 certificates, PKCS8 encoded keys, and PKCS7 objects. Parsing a file that has crafted ASN.1 data through the PEMParser causes an OutOfMemoryError, which can enable a denial of service attack. (For users of the FIPS Java API: BC-FJA 1.0.2.3 and earlier are affected; BC-FJA 1.0.2.4 is fixed.)
CWE-400 Uncontrolled Resource Consumption

CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

bcpg-jdk15on-1.70.jar

Description:

The Bouncy Castle Java API for handling the OpenPGP protocol. This jar contains the OpenPGP API for JDK 1.5 and up. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs.

License:

Bouncy Castle Licence: https://www.bouncycastle.org/licence.html
Apache Software License, Version 1.1: https://www.apache.org/licenses/LICENSE-1.1
File Path: /var/simplicite/.m2/repository/org/bouncycastle/bcpg-jdk15on/1.70/bcpg-jdk15on-1.70.jar
MD5: 01ddc3aa0289346f4db19d95039cefdb
SHA1: 062f72ec06f31a6c31a3f3355fce0384b21126d7
SHA256:4f08f4aa74048824151c98dd3e92e7165ac30659834404f08a8e843bdad32847
Referenced In Project/Scope: Simplicite Platform:compile
bcpg-jdk15on-1.70.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

  • pkg:maven/org.bouncycastle/bcpg-jdk15on@1.70  (Confidence:High)
  • cpe:2.3:a:bouncycastle:bouncy_castle_for_java:1.70:*:*:*:*:*:*:*  (Confidence:Low)  
  • cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle:1.70:*:*:*:*:*:*:*  (Confidence:Low)  

CVE-2023-33202  

Bouncy Castle for Java before 1.73 contains a potential Denial of Service (DoS) issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams containing X.509 certificates, PKCS8 encoded keys, and PKCS7 objects. Parsing a file that has crafted ASN.1 data through the PEMParser causes an OutOfMemoryError, which can enable a denial of service attack. (For users of the FIPS Java API: BC-FJA 1.0.2.3 and earlier are affected; BC-FJA 1.0.2.4 is fixed.)
CWE-400 Uncontrolled Resource Consumption

CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

bcpkix-jdk15on-1.70.jar

Description:

The Bouncy Castle Java APIs for CMS, PKCS, EAC, TSP, CMP, CRMF, OCSP, and certificate generation. This jar contains APIs for JDK 1.5 and up. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs.

License:

Bouncy Castle Licence: https://www.bouncycastle.org/licence.html
File Path: /var/simplicite/.m2/repository/org/bouncycastle/bcpkix-jdk15on/1.70/bcpkix-jdk15on-1.70.jar
MD5: 2c383f50d41937eae4fd32c35d8668cd
SHA1: f81e5af49571a9d5a109a88f239a73ce87055417
SHA256:e5b9cb821df57f70b0593358e89c0e8d7266515da9d088af6c646f63d433c07c
Referenced In Project/Scope: Simplicite Platform:compile
bcpkix-jdk15on-1.70.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

  • pkg:maven/org.bouncycastle/bcpkix-jdk15on@1.70  (Confidence:High)
  • cpe:2.3:a:bouncycastle:bouncy_castle_for_java:1.70:*:*:*:*:*:*:*  (Confidence:Low)  
  • cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle:1.70:*:*:*:*:*:*:*  (Confidence:Low)  

CVE-2023-33202  

Bouncy Castle for Java before 1.73 contains a potential Denial of Service (DoS) issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams containing X.509 certificates, PKCS8 encoded keys, and PKCS7 objects. Parsing a file that has crafted ASN.1 data through the PEMParser causes an OutOfMemoryError, which can enable a denial of service attack. (For users of the FIPS Java API: BC-FJA 1.0.2.3 and earlier are affected; BC-FJA 1.0.2.4 is fixed.)
CWE-400 Uncontrolled Resource Consumption

CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

bcprov-ext-jdk15on-1.70.jar

Description:

The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.5 and up. Note: this package includes the NTRU encryption algorithms.

License:

Bouncy Castle Licence: https://www.bouncycastle.org/licence.html
File Path: /var/simplicite/.m2/repository/org/bouncycastle/bcprov-ext-jdk15on/1.70/bcprov-ext-jdk15on-1.70.jar
MD5: b94196703cf09438fb33c5d083c42f55
SHA1: 373d425c5ecb4edc9e3e2f7f7ff39bc8eff4abbf
SHA256:5d819f3b88597ec680c94151a0ba0a3afff0c0c1c999b5b065a67c998a3e3e1b
Referenced In Project/Scope: Simplicite Platform:compile
bcprov-ext-jdk15on-1.70.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

  • pkg:maven/org.bouncycastle/bcprov-ext-jdk15on@1.70  (Confidence:High)
  • cpe:2.3:a:bouncycastle:bouncy_castle_for_java:1.70:*:*:*:*:*:*:*  (Confidence:Low)  
  • cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle:1.70:*:*:*:*:*:*:*  (Confidence:Low)  

CVE-2023-33202  

Bouncy Castle for Java before 1.73 contains a potential Denial of Service (DoS) issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams containing X.509 certificates, PKCS8 encoded keys, and PKCS7 objects. Parsing a file that has crafted ASN.1 data through the PEMParser causes an OutOfMemoryError, which can enable a denial of service attack. (For users of the FIPS Java API: BC-FJA 1.0.2.3 and earlier are affected; BC-FJA 1.0.2.4 is fixed.)
CWE-400 Uncontrolled Resource Consumption

CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

CVE-2023-33201 (OSSINDEX)  

Bouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability. The vulnerability only affects applications that use an LDAP CertStore from Bouncy Castle to validate X.509 certificates. During the certificate validation process, Bouncy Castle inserts the certificate's Subject Name into an LDAP search filter without any escaping, which leads to an LDAP injection vulnerability.
CWE-295 Improper Certificate Validation

CVSSv2:
  • Base Score: MEDIUM (5.3)
  • Vector: /AV:N/AC:L/Au:/C:L/I:N/A:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.bouncycastle:bcprov-ext-jdk15on:1.70:*:*:*:*:*:*:*

bcprov-jdk15on-1.70.jar

Description:

The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.5 and up.

License:

Bouncy Castle Licence: https://www.bouncycastle.org/licence.html
File Path: /var/simplicite/.m2/repository/org/bouncycastle/bcprov-jdk15on/1.70/bcprov-jdk15on-1.70.jar
MD5: 1809d0449a6374279c01fdd3be26cd92
SHA1: 4636a0d01f74acaf28082fb62b317f1080118371
SHA256:8f3c20e3e2d565d26f33e8d4857a37d0d7f8ac39b62a7026496fcab1bdac30d4
Referenced In Project/Scope: Simplicite Platform:compile
bcprov-jdk15on-1.70.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.bouncycastle/bcpkix-jdk15on@1.70

Identifiers

  • pkg:maven/org.bouncycastle/bcprov-jdk15on@1.70  (Confidence:High)
  • cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.70:*:*:*:*:*:*:*  (Confidence:Low)  
  • cpe:2.3:a:bouncycastle:bouncy_castle_crypto_package:1.70:*:*:*:*:*:*:*  (Confidence:Low)  
  • cpe:2.3:a:bouncycastle:bouncy_castle_for_java:1.70:*:*:*:*:*:*:*  (Confidence:Low)  
  • cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle:1.70:*:*:*:*:*:*:*  (Confidence:Low)  
  • cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.70:*:*:*:*:*:*:*  (Confidence:Low)  
  • cpe:2.3:a:bouncycastle:the_bouncy_castle_crypto_package_for_java:1.70:*:*:*:*:*:*:*  (Confidence:Low)  

CVE-2023-33202  

Bouncy Castle for Java before 1.73 contains a potential Denial of Service (DoS) issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams containing X.509 certificates, PKCS8 encoded keys, and PKCS7 objects. Parsing a file that has crafted ASN.1 data through the PEMParser causes an OutOfMemoryError, which can enable a denial of service attack. (For users of the FIPS Java API: BC-FJA 1.0.2.3 and earlier are affected; BC-FJA 1.0.2.4 is fixed.)
CWE-400 Uncontrolled Resource Consumption

CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

CVE-2023-33201 (OSSINDEX)  

Bouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability. The vulnerability only affects applications that use an LDAP CertStore from Bouncy Castle to validate X.509 certificates. During the certificate validation process, Bouncy Castle inserts the certificate's Subject Name into an LDAP search filter without any escaping, which leads to an LDAP injection vulnerability.
CWE-295 Improper Certificate Validation

CVSSv2:
  • Base Score: MEDIUM (5.3)
  • Vector: /AV:N/AC:L/Au:/C:L/I:N/A:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.bouncycastle:bcprov-jdk15on:1.70:*:*:*:*:*:*:*

bcutil-jdk15on-1.70.jar

Description:

The Bouncy Castle Java APIs for ASN.1 extension and utility APIs used to support bcpkix and bctls. This jar contains APIs for JDK 1.5 and up.

License:

Bouncy Castle Licence: https://www.bouncycastle.org/licence.html
File Path: /var/simplicite/.m2/repository/org/bouncycastle/bcutil-jdk15on/1.70/bcutil-jdk15on-1.70.jar
MD5: 805173dfb0891331dbe69d0e53371af4
SHA1: 54280e7195a7430d7911ded93fc01e07300b9526
SHA256:52dc5551b0257666526c5095424567fed7dc7b00d2b1ba7bd52298411112b1d0
Referenced In Project/Scope: Simplicite Platform:compile
bcutil-jdk15on-1.70.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

  • pkg:maven/org.bouncycastle/bcutil-jdk15on@1.70  (Confidence:High)
  • cpe:2.3:a:bouncycastle:bouncy_castle_for_java:1.70:*:*:*:*:*:*:*  (Confidence:Low)  
  • cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle:1.70:*:*:*:*:*:*:*  (Confidence:Low)  

CVE-2023-33202  

Bouncy Castle for Java before 1.73 contains a potential Denial of Service (DoS) issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams containing X.509 certificates, PKCS8 encoded keys, and PKCS7 objects. Parsing a file that has crafted ASN.1 data through the PEMParser causes an OutOfMemoryError, which can enable a denial of service attack. (For users of the FIPS Java API: BC-FJA 1.0.2.3 and earlier are affected; BC-FJA 1.0.2.4 is fixed.)
CWE-400 Uncontrolled Resource Consumption

CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

binary-extensions:2.2.0

Description:

List of binary file extensions

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?is-binary-path:2.1.0/binary-extensions:^2.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/is-binary-path:2.1.0
  • simplicite-js:5.2.54

Identifiers

bl:4.1.0

Description:

Buffer List: collect buffers and access with a standard readable Buffer interface, streamable too!

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?ora:5.4.1/bl:^4.1.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/ora:5.4.1
  • simplicite-js:5.2.54

Identifiers

bluebird:3.7.2

Description:

Full featured Promises/A+ implementation with exceptionally good performance

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?jsdoc:4.0.2/bluebird:^3.7.2

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/jsdoc:4.0.2
  • simplicite-js:5.2.54

Identifiers

bootbox:5.5.2

Description:

Wrappers for JavaScript alert(), confirm(), prompt(), and other flexible dialogs using the Bootstrap framework

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/bootbox:5.5.2

Referenced In Project/Scope: simplicite-js:5.2.54

Identifiers

CVE-2023-46998 (OSSINDEX)  

Cross Site Scripting vulnerability in BootBox Bootbox.js v.3.2 through 6.0 allows a remote attacker to execute arbitrary code via a crafted payload to alert(), confirm(), prompt() functions.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (6.1)
  • Vector: /AV:N/AC:L/Au:/C:L/I:L/A:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:*:bootbox:5.5.2:*:*:*:*:*:*:*

GHSA-m4ch-4m5f-2gp6 (NPM)  

Cross Site Scripting vulnerability in BootBox Bootbox.js v.3.2 through 6.0 allows a remote attacker to execute arbitrary code via a crafted payload to alert(), confirm(), prompt() functions.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Unscored:
  • Severity: moderate

References:

Vulnerable Software & Versions (NPM):

  • cpe:2.3:a:*:bootbox:\>\=3.2.0\<\=6.0.0:*:*:*:*:*:*:*

GHSA-87mg-h5r3-hw88 (NPM)  

All version of `bootbox` are vulnerable to Cross-Site Scripting. The package does not sanitize user input in the provided dialog boxes, allowing attackers to inject HTML code and execute arbitrary JavaScript.


## Recommendation

Sanitize user input being passed to `bootbox` or consider using an alternative package.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), CWE-64 Windows Shortcut Following (.LNK)

Unscored:
  • Severity: moderate

References:

Vulnerable Software & Versions (NPM):

  • cpe:2.3:a:*:bootbox:\<\=5.5.2:*:*:*:*:*:*:*

bootstrap-datetimepicker:0.0.7

File Path: /var/simplicite/simplicite-5.2/package-lock.json?simplicite-bootstrap-datetimepicker:1.0.6/bootstrap-datetimepicker:0.0.7

Referenced In Projects/Scopes:

  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/simplicite-bootstrap-datetimepicker:1.0.6

Identifiers

bootstrap:4.6.0

Description:

The most popular front-end framework for developing responsive, mobile first projects on the web.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/bootstrap:4.6.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/bootbox:5.5.2
  • simplicite-js:5.2.54

Identifiers

boxen:4.2.0

Description:

Create boxes in the terminal

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?update-notifier:4.1.3/boxen:^4.2.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/update-notifier:6.0.2
  • simplicite-js:5.2.54/update-notifier:4.1.3
  • simplicite-js:5.2.54/update-notifier:5.1.0
  • simplicite-js:5.2.54

Identifiers

brace-expansion:1.1.11

Description:

Brace expansion as known from sh/bash

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?minimatch:3.1.2/brace-expansion:^1.1.7

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/minimatch:3.0.8
  • simplicite-js:5.2.54/minimatch:9.0.3
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/minimatch:3.1.2

Identifiers

braces:3.0.2

Description:

Bash-like brace expansion, implemented in JavaScript. Safer than other brace expansion libs, with complete support for the Bash 4.3 braces specification, without sacrificing speed.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?micromatch:4.0.5/braces:^3.0.2

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/chokidar:3.5.3
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/micromatch:4.0.5

Identifiers

browserslist:4.22.3

Description:

Share target browsers between different front-end tools, like Autoprefixer, Stylelint and babel-env-preset

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?core-js-compat:3.35.1/browserslist:^4.22.2

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/helper-compilation-targets:7.23.6
  • simplicite-js:5.2.54/core-js-compat:3.35.1
  • simplicite-js:5.2.54

Identifiers

bson-3.12.12.jar

Description:

The BSON library

License:

The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/mongodb/bson/3.12.12/bson-3.12.12.jar
MD5: e942910fb1444c0841a7e269b53c05af
SHA1: 1696b031f013389d1754379a064c73a893ba8453
SHA256:f926aae0055c051ccca6d17c0e0da36f17d49984a65c133687892a63a89cbfd4
Referenced In Project/Scope: Simplicite Platform:compile
bson-3.12.12.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.mongodb/mongodb-driver@3.12.12

Identifiers

buffer-from:1.1.2

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?source-map-support:0.5.21/buffer-from:^1.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/source-map-support:0.5.21
  • simplicite-js:5.2.54

Identifiers

buffer:5.7.1

Description:

Node.js Buffer API, for the browser

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/buffer:5.7.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/bl:4.1.0
  • simplicite-js:5.2.54

Identifiers

buffer:6.0.3

Description:

Node.js Buffer API, for the browser

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/buffer:6.0.3

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/simplicite:3.0.1
  • simplicite-js:5.2.54

Identifiers

builtin-modules:3.3.0

Description:

List of the Node.js builtin modules

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?is-builtin-module:3.2.1/builtin-modules:^3.3.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/is-builtin-module:3.2.1
  • simplicite-js:5.2.54

Identifiers

builtins:5.0.1

Description:

List of node.js builtin modules

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?validate-npm-package-name:5.0.0/builtins:^5.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/validate-npm-package-name:5.0.0
  • simplicite-js:5.2.54

Identifiers

byte-buddy-1.12.9.jar (shaded: net.bytebuddy:byte-buddy-dep:1.12.9)

Description:

        Byte Buddy is a Java library for creating Java classes at run time.
        This artifact is a build of Byte Buddy with a remaining dependency onto ASM.
        You should never depend on this module without repackaging Byte Buddy and ASM into your own namespace.

File Path: /var/simplicite/.m2/repository/net/bytebuddy/byte-buddy/1.12.9/byte-buddy-1.12.9.jar/META-INF/maven/net.bytebuddy/byte-buddy-dep/pom.xml
MD5: f252b6a3ad73a2fe8b82d4e5e252b6e7
SHA1: bd386dc86918b6f7769ad855aa2636b40b639c76
SHA256:71c523053fd9cd841080a5bc89a4740b49f5dedd648e8de0ab064456e3113c14
Referenced In Project/Scope: Simplicite Platform:compile

Identifiers

byte-buddy-1.12.9.jar

Description:

        Byte Buddy is a Java library for creating Java classes at run time.
        This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/net/bytebuddy/byte-buddy/1.12.9/byte-buddy-1.12.9.jar
MD5: a120a37aba17a10766b9bc869f90fd2b
SHA1: 424ded9ef3496b0d997ce066f2166a4f7ec7b07a
SHA256:e305b6b5bdf8602bc5012efaa50c96b0fb922a3c60308ee1af85605b74d82710
Referenced In Project/Scope: Simplicite Platform:compile
byte-buddy-1.12.9.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.mockito/mockito-core@4.5.1

Identifiers

byte-buddy-agent-1.12.9.jar

Description:

The Byte Buddy agent offers convenience for attaching an agent to the local or a remote VM.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/net/bytebuddy/byte-buddy-agent/1.12.9/byte-buddy-agent-1.12.9.jar
MD5: cb4881cad7e1625aad4a59e333847a2a
SHA1: f58bf71d15e827fa47e9b37e63156b333e3389d3
SHA256:5d62779f66436ef2130b470b7ecb6463c552fd411be757267034798a130bf5ed
Referenced In Project/Scope: Simplicite Platform:compile
byte-buddy-agent-1.12.9.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.mockito/mockito-core@4.5.1

Identifiers

byte-buddy-agent-1.12.9.jar: attach_hotspot_windows.dll

File Path: /var/simplicite/.m2/repository/net/bytebuddy/byte-buddy-agent/1.12.9/byte-buddy-agent-1.12.9.jar/win32-x86-64/attach_hotspot_windows.dll
MD5: 053a783e5777c6a9867c27d51af89677
SHA1: 5ef4d98ae6a033a5707d0b5466e6138beb337e76
SHA256:16d424423f9b09accf132ad35dbeaa52ac9f6bd45bba1406b89df851f651db20
Referenced In Project/Scope: Simplicite Platform:compile

Identifiers

  • None

byte-buddy-agent-1.12.9.jar: attach_hotspot_windows.dll

File Path: /var/simplicite/.m2/repository/net/bytebuddy/byte-buddy-agent/1.12.9/byte-buddy-agent-1.12.9.jar/win32-x86/attach_hotspot_windows.dll
MD5: fbca33102ac97be0ed496c0f78e466b3
SHA1: c4df05146a86a6d073769bb697d550ef42518ed5
SHA256:810f94c4a2f5ca1a072c19859f7954fed9aa3a1dcb0d601e92d2338793202e72
Referenced In Project/Scope: Simplicite Platform:compile

Identifiers

  • None

c3p0-0.9.5.5.jar

Description:

a JDBC Connection pooling / Statement caching library

License:

GNU Lesser General Public License, Version 2.1: http://www.gnu.org/licenses/lgpl-2.1.html
Eclipse Public License, Version 1.0: http://www.eclipse.org/org/documents/epl-v10.php
File Path: /var/simplicite/.m2/repository/com/mchange/c3p0/0.9.5.5/c3p0-0.9.5.5.jar
MD5: 9fc982b4b179e44cec986ea86fe1bff7
SHA1: 37dfc3021e5589d65ff2ae0becf811510b87ab01
SHA256:96cec5ddfe2f08b8407125d8228eb0392121e1bf2239ca621bb19228b67f741a
Referenced In Project/Scope: Simplicite Platform:compile
c3p0-0.9.5.5.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

cacache:17.1.3

Description:

Fast, fault-tolerant, cross-platform, disk-based, data-agnostic, content-addressable cache.

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?pacote:15.2.0/cacache:^17.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/make-fetch-happen:11.1.1
  • simplicite-js:5.2.54/pacote:15.2.0
  • simplicite-js:5.2.54

Identifiers

cacheable-lookup:7.0.0

Description:

A cacheable dns.lookup(…) that respects TTL

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?got:13.0.0/cacheable-lookup:^7.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/got:12.6.1
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/got:13.0.0

Identifiers

cacheable-request:10.2.12

Description:

Wrap native HTTP requests with RFC compliant cache support

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?got:13.0.0/cacheable-request:^10.2.8

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/got:12.6.1
  • simplicite-js:5.2.54/got:9.6.0
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/got:13.0.0

Identifiers

caffeine-3.0.6.jar

Description:

A high performance caching library

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/github/ben-manes/caffeine/caffeine/3.0.6/caffeine-3.0.6.jar
MD5: b3db829baf2b527a737abf24aabfd27f
SHA1: e261a64f8f828eeadae139d8d0ff2a9b1224f4ef
SHA256:0b1aabc3ba98c95d4f0a5376b006c4126a1a09e153826b9294c9c64c68ef7bcd
Referenced In Project/Scope: Simplicite Platform:compile
caffeine-3.0.6.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

call-bind:1.0.2

Description:

Robustly `.call.bind()` a function

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?which-typed-array:1.1.9/call-bind:^1.0.2

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/function.prototype.name:1.1.5
  • simplicite-js:5.2.54/is-weakref:1.0.2
  • simplicite-js:5.2.54/safe-array-concat:1.0.0
  • simplicite-js:5.2.54/is-typed-array:1.1.10
  • simplicite-js:5.2.54/get-symbol-description:1.0.0
  • simplicite-js:5.2.54/object.getownpropertydescriptors:2.1.6
  • simplicite-js:5.2.54/safe-regex-test:1.0.0
  • simplicite-js:5.2.54/is-regex:1.1.4
  • simplicite-js:5.2.54/es-abstract:1.21.2
  • simplicite-js:5.2.54/side-channel:1.0.4
  • simplicite-js:5.2.54/string.prototype.trimend:1.0.6
  • simplicite-js:5.2.54/array.prototype.reduce:1.0.5
  • simplicite-js:5.2.54/regexp.prototype.flags:1.5.0
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/string.prototype.trimstart:1.0.6
  • simplicite-js:5.2.54/object.assign:4.1.4
  • simplicite-js:5.2.54/array-buffer-byte-length:1.0.0
  • simplicite-js:5.2.54/unbox-primitive:1.0.2
  • simplicite-js:5.2.54/is-array-buffer:3.0.2
  • simplicite-js:5.2.54/typed-array-length:1.0.4
  • simplicite-js:5.2.54/which-typed-array:1.1.9
  • simplicite-js:5.2.54/is-boolean-object:1.1.2
  • simplicite-js:5.2.54/string.prototype.trim:1.2.7
  • simplicite-js:5.2.54/is-shared-array-buffer:1.0.2

Identifiers

callsite-record:4.1.5

Description:

Create fancy log entries for errors and function call sites.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?npm-check:6.0.1/callsite-record:^4.1.3

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/npm-check:6.0.1
  • simplicite-js:5.2.54

Identifiers

callsite:1.0.0

Description:

access to v8's CallSites

File Path: /var/simplicite/simplicite-5.2/package-lock.json?callsite-record:4.1.5/callsite:^1.0.0

Referenced In Projects/Scopes:

  • simplicite-js:5.2.54/callsite-record:4.1.5
  • simplicite-js:5.2.54

Identifiers

callsites:3.1.0

Description:

Get callsites from the V8 stack trace API

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?parent-module:1.0.1/callsites:^3.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/parent-module:1.0.1
  • simplicite-js:5.2.54

Identifiers

camelcase-keys:6.2.2

Description:

Convert object keys to camel case

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?meow:9.0.0/camelcase-keys:^6.2.2

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/meow:9.0.0
  • simplicite-js:5.2.54

Identifiers

camelcase:5.3.1

Description:

Convert a dash/dot/underscore/space separated string to camelCase or PascalCase: `foo-bar` → `fooBar`

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/camelcase:5.3.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/camelcase-keys:6.2.2
  • simplicite-js:5.2.54/boxen:4.2.0
  • simplicite-js:5.2.54

Identifiers

camelcase:6.3.0

Description:

Convert a dash/dot/underscore/space separated string to camelCase or PascalCase: `foo-bar` → `fooBar`

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?boxen:5.1.2/camelcase:^6.2.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/boxen:5.1.2
  • simplicite-js:5.2.54/boxen:7.1.0
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/depcheck:1.4.3

Identifiers

camelcase:7.0.1

Description:

Convert a dash/dot/underscore/space separated string to camelCase or PascalCase: `foo-bar` → `fooBar`

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/camelcase:7.0.1

Referenced In Project/Scope: simplicite-js:5.2.54

Identifiers

caniuse-lite:1.0.30001584

Description:

A smaller version of caniuse-db, with only the essentials!

License:

CC-BY-4.0
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/caniuse-lite:1.0.30001584

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/browserslist:4.22.3
  • simplicite-js:5.2.54

Identifiers

catharsis:0.9.0

Description:

A JavaScript parser for Google Closure Compiler and JSDoc type expressions.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?jsdoc:4.0.2/catharsis:^0.9.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/jsdoc:4.0.2
  • simplicite-js:5.2.54

Identifiers

chalk:2.4.2

Description:

Terminal string styling done right

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?highlight-es:1.0.3/chalk:^2.4.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/npm-audit-html:1.5.0
  • simplicite-js:5.2.54/npm-check:6.0.1
  • simplicite-js:5.2.54/update-notifier:5.1.0
  • simplicite-js:5.2.54/callsite-record:4.1.5
  • simplicite-js:5.2.54/npm-check-updates:16.14.14
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/log-symbols:4.1.0
  • simplicite-js:5.2.54/update-notifier:6.0.2
  • simplicite-js:5.2.54/eslint:8.56.0
  • simplicite-js:5.2.54/inquirer:7.3.3
  • simplicite-js:5.2.54/boxen:5.1.2
  • simplicite-js:5.2.54/@babel/highlight:7.23.4
  • simplicite-js:5.2.54/boxen:7.1.0
  • simplicite-js:5.2.54/highlight-es:1.0.3
  • simplicite-js:5.2.54/@babel/code-frame:7.23.5

Identifiers

chalk:3.0.0

Description:

Terminal string styling done right

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/chalk:3.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/update-notifier:4.1.3
  • simplicite-js:5.2.54/boxen:4.2.0
  • simplicite-js:5.2.54

Identifiers

chalk:4.1.2

Description:

Terminal string styling done right

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/chalk:4.1.2

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/ora:5.4.1
  • simplicite-js:5.2.54

Identifiers

chardet:0.7.0

Description:

Character detector

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?external-editor:3.1.0/chardet:^0.7.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/external-editor:3.1.0

Identifiers

chart.js:2.9.4

Description:

Simple HTML5 charts using the canvas element.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/chart.js:2.9.4

Referenced In Project/Scope: simplicite-js:5.2.54

Identifiers

chartjs-color-string:0.6.0

Description:

Parser and generator for CSS color strings

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/chartjs-color-string:0.6.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/chartjs-color:2.4.1
  • simplicite-js:5.2.54

Identifiers

chartjs-color:2.4.1

Description:

Color conversion and manipulation with CSS string support

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/chartjs-color:2.4.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/chart.js:2.9.4
  • simplicite-js:5.2.54

Identifiers

checker-qual-3.18.0.jar

Description:

checker-qual contains annotations (type qualifiers) that a programmer
writes to specify Java code for type-checking by the Checker Framework.

License:

The MIT License: http://opensource.org/licenses/MIT
File Path: /var/simplicite/.m2/repository/org/checkerframework/checker-qual/3.18.0/checker-qual-3.18.0.jar
MD5: abc64881dec789241c89d9e1738fde98
SHA1: 7d1ffd35973fa4c94c3aebf187a26cf0b4350281
SHA256:99d4491b3a8b810641eb2fd7d96b2869e8ca8c05b5ae2cf4bc030f65bb12c3a1
Referenced In Project/Scope: Simplicite Platform:compile
checker-qual-3.18.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

chokidar:3.5.3

Description:

Minimal and efficient cross-platform file watching library

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?sass:1.63.6/chokidar:>=3.0.0 <4.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/sass:1.63.6

Identifiers

chownr:2.0.0

Description:

like `chown -R`

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?tar:6.1.15/chownr:^2.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/tar:6.1.15
  • simplicite-js:5.2.54

Identifiers

ci-info:2.0.0

Description:

Get details about the current Continuous Integration environment

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?is-ci:2.0.0/ci-info:^2.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/is-ci:2.0.0
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/is-ci:3.0.1

Identifiers

clean-stack:2.2.0

Description:

Clean up error stack traces

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/clean-stack:2.2.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/aggregate-error:3.1.0
  • simplicite-js:5.2.54

Identifiers

cli-boxes:2.2.1

Description:

Boxes for use in the terminal

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?boxen:5.1.2/cli-boxes:^2.2.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/boxen:5.1.2
  • simplicite-js:5.2.54/boxen:4.2.0
  • simplicite-js:5.2.54/boxen:7.1.0
  • simplicite-js:5.2.54

Identifiers

cli-boxes:3.0.0

Description:

Boxes for use in the terminal

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/cli-boxes:3.0.0

Referenced In Project/Scope: simplicite-js:5.2.54

Identifiers

cli-cursor:3.1.0

Description:

Toggle the CLI cursor

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?ora:5.4.1/cli-cursor:^3.1.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/inquirer:7.3.3
  • simplicite-js:5.2.54/ora:5.4.1
  • simplicite-js:5.2.54

Identifiers

cli-spinners:2.9.0

Description:

Spinners for use in the terminal

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?ora:5.4.1/cli-spinners:^2.5.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/ora:5.4.1
  • simplicite-js:5.2.54

Identifiers

cli-table3:0.6.3

Description:

Pretty unicode tables for the command line. Based on the original cli-table.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?npm-check-updates:16.14.14/cli-table3:^0.6.3

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/npm-check-updates:16.14.14
  • simplicite-js:5.2.54

Identifiers

cli-width:3.0.0

Description:

Get stdout window width, with two fallbacks, tty and then a default.

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?inquirer:7.3.3/cli-width:^3.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/inquirer:7.3.3
  • simplicite-js:5.2.54

Identifiers

cli:1.0.1

Description:

A tool for rapidly building command line apps

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?jshint:2.13.1/cli:~1.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/jshint:2.13.1
  • simplicite-js:5.2.54

Identifiers

cliui:7.0.4

Description:

easily create complex multi-column command-line-interfaces

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?yargs:16.2.0/cliui:^7.0.2

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/yargs:16.2.0
  • simplicite-js:5.2.54

Identifiers

clone-deep:4.0.1

Description:

Recursively (deep) clone JavaScript native types, like Object, Array, RegExp, Date as well as primitives.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/clone-deep:4.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/@babel/register:7.23.7

Identifiers

clone-response:1.0.3

Description:

Clone a Node.js HTTP response stream

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?cacheable-request:6.1.0/clone-response:^1.0.2

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/cacheable-request:6.1.0
  • simplicite-js:5.2.54

Identifiers

clone:1.0.4

Description:

deep cloning of objects and arrays

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?defaults:1.0.4/clone:^1.0.2

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/defaults:1.0.4
  • simplicite-js:5.2.54

Identifiers

co:4.6.0

Description:

generator async control flow goodness

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?npm-check:6.0.1/co:^4.6.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/npm-check:6.0.1
  • simplicite-js:5.2.54

Identifiers

codemodel-2.3.4.jar

Description:

The core functionality of the CodeModel java source code generation library

License:

http://www.eclipse.org/org/documents/edl-v10.php
File Path: /var/simplicite/.m2/repository/org/glassfish/jaxb/codemodel/2.3.4/codemodel-2.3.4.jar
MD5: c1d9b683da4372476e0a24a5145f1376
SHA1: 8ab752f833454bbd9bc736749cbc939427dd9ef9
SHA256:de6863199942948ea1cdf0c9740539a7ada7e87a70049fb7d00798c0a2e4210e
Referenced In Project/Scope: Simplicite Platform:compile
codemodel-2.3.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.glassfish.jaxb/jaxb-xjc@2.3.4

Identifiers

color-convert:1.9.3

Description:

Plain color conversion functions

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/color-convert:1.9.3

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/ansi-styles:3.2.1
  • simplicite-js:5.2.54/ansi-styles:4.3.0
  • simplicite-js:5.2.54/chartjs-color:2.4.1
  • simplicite-js:5.2.54

Identifiers

color-convert:2.0.1

Description:

Plain color conversion functions

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/color-convert:2.0.1

Referenced In Project/Scope: simplicite-js:5.2.54

Identifiers

color-name:1.1.3

Description:

A list of color names and its values

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/color-name:1.1.3

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/color-convert:1.9.3
  • simplicite-js:5.2.54

Identifiers

color-name:1.1.4

Description:

A list of color names and its values

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?color-convert:2.0.1/color-name:~1.1.4

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/chartjs-color-string:0.6.0
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/color-convert:2.0.1

Identifiers

color-support:1.1.3

Description:

A module which will endeavor to guess your terminal's level of color support.

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?gauge:4.0.4/color-support:^1.1.3

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/gauge:4.0.4
  • simplicite-js:5.2.54

Identifiers

colord:2.9.3

Description:

👑 A tiny yet powerful tool for high-performance color manipulations and conversions

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?stylelint:14.16.1/colord:^2.9.3

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/stylelint:14.16.1
  • simplicite-js:5.2.54

Identifiers

commander:10.0.1

Description:

the complete solution for node.js command-line programs

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/commander:10.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/npm-check-updates:16.14.14
  • simplicite-js:5.2.54

Identifiers

commander:2.20.3

Description:

the complete solution for node.js command-line programs

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/commander:2.20.3

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/editorconfig:0.15.3
  • simplicite-js:5.2.54

Identifiers

commander:3.0.2

Description:

the complete solution for node.js command-line programs

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/commander:3.0.2

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/npm-audit-html:1.5.0
  • simplicite-js:5.2.54

Identifiers

commander:4.1.1

Description:

the complete solution for node.js command-line programs

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/commander:4.1.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/node:7.23.9
  • simplicite-js:5.2.54/@babel/cli:7.23.9
  • simplicite-js:5.2.54

Identifiers

comment-parser:1.4.1

Description:

Generic JSDoc-like comment parser

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?eslint-plugin-jsdoc:48.0.4/comment-parser:1.4.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/eslint-plugin-jsdoc:48.0.4
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/@es-joy/jsdoccomment:0.41.0

Identifiers

commondir:1.0.1

Description:

compute the closest common parent for file paths

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?find-cache-dir:2.1.0/commondir:^1.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/find-cache-dir:2.1.0
  • simplicite-js:5.2.54

Identifiers

commonmark-0.18.0.jar

Description:

Core of commonmark-java (implementation of CommonMark for parsing markdown and rendering to HTML)

File Path: /var/simplicite/.m2/repository/org/commonmark/commonmark/0.18.0/commonmark-0.18.0.jar
MD5: 16eff9d995c0fbe10f46daee7b7f2796
SHA1: 89d6f732805a7ae903a03de5d24daf5541bdac87
SHA256:533c431a2ec613074a48ba011d319a327c649aeb5b8d69c9e66e437f18cfbccb
Referenced In Project/Scope: Simplicite Platform:compile
commonmark-0.18.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

commonmark-ext-autolink-0.18.0.jar

Description:

commonmark-java extension for turning plain URLs and email addresses into links

File Path: /var/simplicite/.m2/repository/org/commonmark/commonmark-ext-autolink/0.18.0/commonmark-ext-autolink-0.18.0.jar
MD5: 6627c79a625066f5be762e5f39ef7e24
SHA1: d6faf1eb8cff81888dbda77f74c82090fe260adb
SHA256:10feb418bc1849a2fed75a8cf7224c4863f7e0ba11b7d36fa05af613a332c035
Referenced In Project/Scope: Simplicite Platform:compile
commonmark-ext-autolink-0.18.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

commonmark-ext-gfm-strikethrough-0.18.0.jar

Description:

commonmark-java extension for GFM strikethrough using ~~ (GitHub Flavored Markdown)

File Path: /var/simplicite/.m2/repository/org/commonmark/commonmark-ext-gfm-strikethrough/0.18.0/commonmark-ext-gfm-strikethrough-0.18.0.jar
MD5: 882d5909d422496addca68d51b0b86c1
SHA1: 26a14a38e55e465241b30f96a0d67be02064f622
SHA256:5243b357e493e69f39a03d60504e957c0a03d633638bf87d420537073d8dc7b0
Referenced In Project/Scope: Simplicite Platform:compile
commonmark-ext-gfm-strikethrough-0.18.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

commonmark-ext-gfm-tables-0.18.0.jar

Description:

commonmark-java extension for GFM tables using "|" pipes (GitHub Flavored Markdown)

File Path: /var/simplicite/.m2/repository/org/commonmark/commonmark-ext-gfm-tables/0.18.0/commonmark-ext-gfm-tables-0.18.0.jar
MD5: 656495abc933a6d5b024dfa83c5d8837
SHA1: 27885f6bbe1ac5b74eedc74bfee452e206ffcdf4
SHA256:50e63bea8f1ae8166de3a6bd27330064247ab534db931e194bd90bb2ad655b0f
Referenced In Project/Scope: Simplicite Platform:compile
commonmark-ext-gfm-tables-0.18.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

commonmark-ext-heading-anchor-0.18.0.jar

Description:

commonmark-java extension for adding unique id attributes to header tags

File Path: /var/simplicite/.m2/repository/org/commonmark/commonmark-ext-heading-anchor/0.18.0/commonmark-ext-heading-anchor-0.18.0.jar
MD5: c320f2bb2a369012f2d8d711f8ca1b1e
SHA1: 3c580d3a7e9a193d78e36f36f5e07a52ae8e31a3
SHA256:a21a24bbddec2a35c1dc17f0a45f0006ff37f289d06c3d5df64f8d265531ca71
Referenced In Project/Scope: Simplicite Platform:compile
commonmark-ext-heading-anchor-0.18.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

commonmark-ext-image-attributes-0.18.0.jar

Description:

commonmark-java extension for adding attributes to images

File Path: /var/simplicite/.m2/repository/org/commonmark/commonmark-ext-image-attributes/0.18.0/commonmark-ext-image-attributes-0.18.0.jar
MD5: 9689b1bccdce2e16c49638738bf99318
SHA1: edae8c5450ae6bcf9505bf4d7d496498a7167707
SHA256:786ddf5e3a1b8f19c5cb0ea23285c8cc362734541169aa8cf99dc5ee195e584c
Referenced In Project/Scope: Simplicite Platform:compile
commonmark-ext-image-attributes-0.18.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

commonmark-ext-ins-0.18.0.jar

Description:

commonmark-java extension for using ++

File Path: /var/simplicite/.m2/repository/org/commonmark/commonmark-ext-ins/0.18.0/commonmark-ext-ins-0.18.0.jar
MD5: 01e7942caf3cfa753520598f8fc62f97
SHA1: b5c97a6443bada4e6cc5dced0c7bb7a712f084c3
SHA256:3b5a6d0d9245c290721850abd9017910172a0d5349bfaf3fd6327a991543ec5a
Referenced In Project/Scope: Simplicite Platform:compile
commonmark-ext-ins-0.18.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

commonmark-ext-task-list-items-0.18.0.jar

Description:

commonmark-java extension for task list items

File Path: /var/simplicite/.m2/repository/org/commonmark/commonmark-ext-task-list-items/0.18.0/commonmark-ext-task-list-items-0.18.0.jar
MD5: f9f7bc9524e2b6a10c3c2cf9091481ab
SHA1: ab00471367a4bae9c3574669910841a72362cdd2
SHA256:10c4a970d410201ce131291ac9105ed7e09c4b7abba3d76a7e2fc07e296cae14
Referenced In Project/Scope: Simplicite Platform:compile
commonmark-ext-task-list-items-0.18.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

commonmark-ext-yaml-front-matter-0.18.0.jar

Description:

commonmark-java extension for YAML front matter

File Path: /var/simplicite/.m2/repository/org/commonmark/commonmark-ext-yaml-front-matter/0.18.0/commonmark-ext-yaml-front-matter-0.18.0.jar
MD5: 9cce63bec84708f4006f2ca305d203b4
SHA1: 944587429d6f2d2df6acd75534c5f02e48972b49
SHA256:3170acbd220b0f5d27c16ec52323e641ea99ce36c3c86dfbb46ef5e925bd5ba0
Referenced In Project/Scope: Simplicite Platform:compile
commonmark-ext-yaml-front-matter-0.18.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

commons-beanutils-1.9.4.jar

Description:

Apache Commons BeanUtils provides an easy-to-use but flexible wrapper around reflection and introspection.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/commons-beanutils/commons-beanutils/1.9.4/commons-beanutils-1.9.4.jar
MD5: 07dc532ee316fe1f2f0323e9bd2f8df4
SHA1: d52b9abcd97f38c81342bb7e7ae1eee9b73cba51
SHA256:7d938c81789028045c08c065e94be75fc280527620d5bd62b519d5838532368a
Referenced In Project/Scope: Simplicite Platform:compile
commons-beanutils-1.9.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

commons-cli-1.4.jar

Description:

    Apache Commons CLI provides a simple API for presenting, processing and validating a command line interface.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/commons-cli/commons-cli/1.4/commons-cli-1.4.jar
MD5: c966d7e03507c834d5b09b848560174e
SHA1: c51c00206bb913cd8612b24abd9fa98ae89719b1
SHA256:fd3c7c9545a9cdb2051d1f9155c4f76b1e4ac5a57304404a6eedb578ffba7328
Referenced In Project/Scope: Simplicite Platform:compile
commons-cli-1.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

commons-codec-1.15.jar

Description:

     The Apache Commons Codec package contains simple encoder and decoders for
     various formats such as Base64 and Hexadecimal.  In addition to these
     widely used encoders and decoders, the codec package also maintains a
     collection of phonetic encoding utilities.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/commons-codec/commons-codec/1.15/commons-codec-1.15.jar
MD5: 303baf002ce6d382198090aedd9d79a2
SHA1: 49d94806b6e3dc933dacbd8acb0fdbab8ebd1e5d
SHA256:b3e9f6d63a790109bf0d056611fbed1cf69055826defeb9894a71369d246ed63
Referenced In Project/Scope: Simplicite Platform:compile
commons-codec-1.15.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

commons-collections-3.2.2.jar

Description:

Types that extend and augment the Java Collections Framework.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/commons-collections/commons-collections/3.2.2/commons-collections-3.2.2.jar
MD5: f54a8510f834a1a57166970bfc982e94
SHA1: 8ad72fe39fa8c91eaaf12aadb21e0c3661fe26d5
SHA256:eeeae917917144a68a741d4c0dff66aa5c5c5fd85593ff217bced3fc8ca783b8
Referenced In Project/Scope: Simplicite Platform:compile
commons-collections-3.2.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

commons-collections4-4.4.jar

Description:

The Apache Commons Collections package contains types that extend and augment the Java Collections Framework.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/commons/commons-collections4/4.4/commons-collections4-4.4.jar
MD5: 4a37023740719b391f10030362c86be6
SHA1: 62ebe7544cb7164d87e0637a2a6a2bdc981395e8
SHA256:1df8b9430b5c8ed143d7815e403e33ef5371b2400aadbe9bda0883762e0846d1
Referenced In Project/Scope: Simplicite Platform:compile
commons-collections4-4.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

commons-compress-1.21.jar

Description:

Apache Commons Compress software defines an API for working with
compression and archive formats.  These include: bzip2, gzip, pack200,
lzma, xz, Snappy, traditional Unix Compress, DEFLATE, DEFLATE64, LZ4,
Brotli, Zstandard and ar, cpio, jar, tar, zip, dump, 7z, arj.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/commons/commons-compress/1.21/commons-compress-1.21.jar
MD5: 2a713d10331bc4e13459a3dc0463f16f
SHA1: 4ec95b60d4e86b5c95a0e919cb172a0af98011ef
SHA256:6aecfd5459728a595601cfa07258d131972ffc39b492eb48bdd596577a2f244a
Referenced In Project/Scope: Simplicite Platform:compile
commons-compress-1.21.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

CVE-2024-25710  

Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.3 through 1.25.0.

Users are recommended to upgrade to version 1.26.0 which fixes the issue.
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

CVE-2024-26308  

Allocation of Resources Without Limits or Throttling vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.21 before 1.26.

Users are recommended to upgrade to version 1.26, which fixes the issue.
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

commons-csv-1.9.0.jar

Description:

The Apache Commons CSV library provides a simple interface for reading and writing CSV files of various types.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/commons/commons-csv/1.9.0/commons-csv-1.9.0.jar
MD5: 75559edcb39c783299289690c5a45816
SHA1: b59d8f64cd0b83ee1c04ff1748de2504457018c1
SHA256:c418d6aab4db4f1f70983d355de8d7c1e755c754820a92294da2e5f5081022cc
Referenced In Project/Scope: Simplicite Platform:compile
commons-csv-1.9.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

commons-digester-2.1.jar

Description:

    The Digester package lets you configure an XML to Java object mapping module
    which triggers certain actions called rules whenever a particular 
    pattern of nested XML elements is recognized.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/commons-digester/commons-digester/2.1/commons-digester-2.1.jar
MD5: 528445033f22da28f5047b6abcd1c7c9
SHA1: 73a8001e7a54a255eef0f03521ec1805dc738ca0
SHA256:e0b2b980a84fc6533c5ce291f1917b32c507f62bcad64198fff44368c2196a3d
Referenced In Project/Scope: Simplicite Platform:compile
commons-digester-2.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/commons-validator/commons-validator@1.7

Identifiers

commons-discovery-0.5.jar

Description:

The Apache Commons Discovery component is about discovering, or finding,
  implementations for pluggable interfaces.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/commons-discovery/commons-discovery/0.5/commons-discovery-0.5.jar
MD5: b35120680c3a22cec7a037fce196cd97
SHA1: 3a8ac816bbe02d2f88523ef22cbf2c4abd71d6a8
SHA256:e5b7d58ae62e5b309d5c0ffa5a5b1d9d1e0f0c4c3cc18d1fe3103fd29f90149d
Referenced In Project/Scope: Simplicite Platform:compile
commons-discovery-0.5.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

CVE-2022-0869  

Multiple Open Redirect in GitHub repository nitely/spirit prior to 0.12.3.
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

CVSSv2:
  • Base Score: MEDIUM (5.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions:

commons-email-1.5.jar

Description:

        Apache Commons Email aims to provide an API for sending email. It is built on top of
        the JavaMail API, which it aims to simplify.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/commons/commons-email/1.5/commons-email-1.5.jar
MD5: e72657496d31f152aa26d4122e0850d9
SHA1: e8e677c6362eba14ff3c476ba63ccb83132dbd52
SHA256:ee8479906abb2c355a46a0a9845cfa1803bcc3c520a34baea4a6cf4e1f0f0cc1
Referenced In Project/Scope: Simplicite Platform:compile
commons-email-1.5.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

commons-exec-1.3.jar

Description:

Apache Commons Exec is a library to reliably execute external processes from within the JVM.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/commons/commons-exec/1.3/commons-exec-1.3.jar
MD5: 8bb8fa2edfd60d5c7ed6bf9923d14aa8
SHA1: 8dfb9facd0830a27b1b5f29f84593f0aeee7773b
SHA256:cb49812dc1bfb0ea4f20f398bcae1a88c6406e213e67f7524fb10d4f8ad9347b
Referenced In Project/Scope: Simplicite Platform:compile
commons-exec-1.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

commons-fileupload-1.4.jar

Description:

    The Apache Commons FileUpload component provides a simple yet flexible means of adding support for multipart
    file upload functionality to servlets and web applications.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/commons-fileupload/commons-fileupload/1.4/commons-fileupload-1.4.jar
MD5: 0c3b924dcaaa90c3fb93fe04ae96a35e
SHA1: f95188e3d372e20e7328706c37ef366e5d7859b0
SHA256:a4ec02336f49253ea50405698b79232b8c5cbf02cb60df3a674d77a749a1def7
Referenced In Project/Scope: Simplicite Platform:compile
commons-fileupload-1.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

CVE-2023-24998  

Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads.




Note that, like all of the file upload limits, the
          new configuration option (FileUploadBase#setFileCountMax) is not
          enabled by default and must be explicitly configured.
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

commons-imaging-1.0-alpha2.jar

Description:

Apache Commons Imaging (previously Sanselan) is a pure-Java image library.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/commons/commons-imaging/1.0-alpha2/commons-imaging-1.0-alpha2.jar
MD5: b1b9d002d76145c50fe3947d7b9724e2
SHA1: 838bd680e85e4611cdc0a81c81174bb87927e255
SHA256:64d649007364d70dcab24a1f895646e6976f5e2b339ba73a4af20642d041666a
Referenced In Project/Scope: Simplicite Platform:compile
commons-imaging-1.0-alpha2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

commons-io-2.11.0.jar

Description:

The Apache Commons IO library contains utility classes, stream implementations, file filters,
file comparators, endian transformation classes, and much more.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/commons-io/commons-io/2.11.0/commons-io-2.11.0.jar
MD5: 3b4b7ccfaeceeac240b804839ee1a1ca
SHA1: a2503f302b11ebde7ebc3df41daebe0e4eea3689
SHA256:961b2f6d87dbacc5d54abf45ab7a6e2495f89b75598962d8c723cea9bc210908
Referenced In Project/Scope: Simplicite Platform:compile
commons-io-2.11.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

commons-lang-2.6.jar

Description:

        Commons Lang, a package of Java utility classes for the
        classes that are in java.lang's hierarchy, or are considered to be so
        standard as to justify existence in java.lang.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/commons-lang/commons-lang/2.6/commons-lang-2.6.jar
MD5: 4d5c1693079575b362edf41500630bbd
SHA1: 0ce1edb914c94ebc388f086c6827e8bdeec71ac2
SHA256:50f11b09f877c294d56f24463f47d28f929cf5044f648661c0f0cfbae9a2f49c
Referenced In Project/Scope: Simplicite Platform:compile
commons-lang-2.6.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

commons-lang3-3.12.0.jar

Description:

  Apache Commons Lang, a package of Java utility classes for the
  classes that are in java.lang's hierarchy, or are considered to be so
  standard as to justify existence in java.lang.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/commons/commons-lang3/3.12.0/commons-lang3-3.12.0.jar
MD5: 19fe50567358922bdad277959ea69545
SHA1: c6842c86792ff03b9f1d1fe2aab8dc23aa6c6f0e
SHA256:d919d904486c037f8d193412da0c92e22a9fa24230b9d67a57855c5c31c7e94e
Referenced In Project/Scope: Simplicite Platform:compile
commons-lang3-3.12.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

commons-logging-1.2.jar

Description:

Apache Commons Logging is a thin adapter allowing configurable bridging to other,
    well known logging systems.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/commons-logging/commons-logging/1.2/commons-logging-1.2.jar
MD5: 040b4b4d8eac886f6b4a2a3bd2f31b00
SHA1: 4bfc12adfe4842bf07b657f0369c4cb522955686
SHA256:daddea1ea0be0f56978ab3006b8ac92834afeefbd9b7e4e6316fca57df0fa636
Referenced In Project/Scope: Simplicite Platform:compile
commons-logging-1.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

commons-math3-3.6.1.jar

Description:

The Apache Commons Math project is a library of lightweight, self-contained mathematics and statistics components addressing the most common practical problems not immediately available in the Java programming language or commons-lang.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/commons/commons-math3/3.6.1/commons-math3-3.6.1.jar
MD5: 5b730d97e4e6368069de1983937c508e
SHA1: e4ba98f1d4b3c80ec46392f25e094a6a2e58fcbf
SHA256:1e56d7b058d28b65abd256b8458e3885b674c1d588fa43cd7d1cbb9c7ef2b308
Referenced In Project/Scope: Simplicite Platform:compile
commons-math3-3.6.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

commons-net-3.8.0.jar

Description:

Apache Commons Net library contains a collection of network utilities and protocol implementations.
Supported protocols include: Echo, Finger, FTP, NNTP, NTP, POP3(S), SMTP(S), Telnet, Whois

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/commons-net/commons-net/3.8.0/commons-net-3.8.0.jar
MD5: d4b7197bf50afc96e2fa2657a339f037
SHA1: 63ea56587c8aaf05adab5cb0397e056bac8a2db0
SHA256:352b0ba1c657d8930063a9b83878fb717deef2d29ee25d13943be9beccc64d49
Referenced In Project/Scope: Simplicite Platform:compile
commons-net-3.8.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

CVE-2021-37533  

Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711.
CWE-20 Improper Input Validation

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions:

commons-pool2-2.11.1.jar

Description:

The Apache Commons Object Pooling Library.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/commons/commons-pool2/2.11.1/commons-pool2-2.11.1.jar
MD5: 2210a041929e7c94485d5402458340b9
SHA1: 8970fd110c965f285ed4c6e40be7630c62db6f68
SHA256:ea0505ee7515e58b1ac0e686e4d1a5d9f7d808e251a61bc371aa0595b9963f83
Referenced In Project/Scope: Simplicite Platform:compile
commons-pool2-2.11.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

commons-validator-1.7.jar

Description:

    Apache Commons Validator provides the building blocks for both client side validation and server side data validation.
    It may be used standalone or with a framework like Struts.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/commons-validator/commons-validator/1.7/commons-validator-1.7.jar
MD5: 4b6f22de69432bc03254b47310d59651
SHA1: 76069c915de3787f3ddd8726a56f47a95bfcbb0e
SHA256:4d74f4ce4fb68b2617edad086df6defdf9338467d2377d2c62e69038e1c4f02f
Referenced In Project/Scope: Simplicite Platform:compile
commons-validator-1.7.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

commons-vfs2-2.9.0.jar

Description:

Apache Commons VFS is a Virtual File System library.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/commons/commons-vfs2/2.9.0/commons-vfs2-2.9.0.jar
MD5: beba9c4909dd2799ee95c8e0c280dbf2
SHA1: 48115c2fb1c5f0a2498a4365162d6b69adec73f3
SHA256:266f96b77aa18773191f6992fc7910999bf8ee8a244ec67a3398b486eb726a7f
Referenced In Project/Scope: Simplicite Platform:compile
commons-vfs2-2.9.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

concat-map:0.0.1

Description:

concatenative mapdashery

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/concat-map:0.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/brace-expansion:1.1.11
  • simplicite-js:5.2.54

Identifiers

config-chain:1.1.13

Description:

HANDLE CONFIGURATION ONCE AND FOR ALL

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?js-beautify:1.14.0/config-chain:^1.1.12

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/js-beautify:1.14.0
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/@pnpm/npm-conf:2.2.2

Identifiers

configstore:5.0.1

Description:

Easily load and save config without having to think about where and how

License:

BSD-2-Clause
File Path: /var/simplicite/simplicite-5.2/package-lock.json?update-notifier:4.1.3/configstore:^5.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/update-notifier:6.0.2
  • simplicite-js:5.2.54/update-notifier:4.1.3
  • simplicite-js:5.2.54/update-notifier:5.1.0
  • simplicite-js:5.2.54

Identifiers

console-browserify:1.1.0

Description:

Emulate console for all the browsers

File Path: /var/simplicite/simplicite-5.2/package-lock.json?/console-browserify:1.1.0

Referenced In Projects/Scopes:

  • simplicite-js:5.2.54/jshint:2.13.1
  • simplicite-js:5.2.54

Identifiers

console-control-strings:1.1.0

Description:

A library of cross-platform tested terminal/console command strings for doing things like color and cursor positioning.  This is a subset of both ansi and vt100.  All control codes included work on both Windows & Unix-like OSes, except where noted.

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?npmlog:6.0.2/console-control-strings:^1.1.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/gauge:4.0.4
  • simplicite-js:5.2.54/npmlog:6.0.2
  • simplicite-js:5.2.54

Identifiers

convert-source-map:2.0.0

Description:

Converts a source-map from/to  different formats and allows adding/changing properties.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/convert-source-map:2.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/core:7.23.9
  • simplicite-js:5.2.54/@babel/cli:7.23.9
  • simplicite-js:5.2.54

Identifiers

core-3.4.0.jar

Description:

Core barcode encoding/decoding library

License:

"The Apache Software License, Version 2.0";link="https://www.apache.org/licenses/LICENSE-2.0.txt"
File Path: /var/simplicite/.m2/repository/com/google/zxing/core/3.4.0/core-3.4.0.jar
MD5: 8542da29497cf33e80d7630e62d58a81
SHA1: 5264296c46634347890ec9250bc65f14b7362bf8
SHA256:65004806a669234c698fbe0755258100375fb01fe93b538455f3903713d4a50d
Referenced In Project/Scope: Simplicite Platform:compile
core-3.4.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/dev.samstevens.totp/totp@1.7.1

Identifiers

core-js-compat:3.35.1

Description:

core-js compat

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/core-js-compat:3.35.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/preset-env:7.23.9
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/babel-plugin-polyfill-corejs3:0.9.0

Identifiers

core-js:3.31.0

Description:

Standard library

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/core-js:3.31.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/node:7.23.9
  • simplicite-js:5.2.54

Identifiers

core-util-is:1.0.3

Description:

The `util.is*` functions introduced in Node v0.12.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?readable-stream:1.1.14/core-util-is:~1.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/readable-stream:2.3.8
  • simplicite-js:5.2.54/readable-stream:1.1.14
  • simplicite-js:5.2.54

Identifiers

cosmiconfig:7.1.0

Description:

Find and load configuration from a package.json property, rc file, or CommonJS module

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?stylelint:14.16.1/cosmiconfig:^7.1.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/stylelint:14.16.1
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/depcheck:1.4.3

Identifiers

cross-spawn:7.0.3

Description:

Cross platform child_process#spawn and child_process#spawnSync

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?spawn-please:2.0.2/cross-spawn:^7.0.3

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/eslint:8.56.0
  • simplicite-js:5.2.54/foreground-child:3.1.1
  • simplicite-js:5.2.54/spawn-please:2.0.2
  • simplicite-js:5.2.54/execa:5.1.1
  • simplicite-js:5.2.54

Identifiers

crypto-random-string:2.0.0

Description:

Generate a cryptographically strong random string

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?unique-string:2.0.0/crypto-random-string:^2.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/unique-string:2.0.0
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/unique-string:3.0.0

Identifiers

css-functions-list:3.1.0

Description:

List of standard and browser specific CSS functions.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?stylelint:14.16.1/css-functions-list:^3.1.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/stylelint:14.16.1
  • simplicite-js:5.2.54

Identifiers

cssesc:3.0.0

Description:

A JavaScript library for escaping CSS strings and identifiers while generating the shortest possible ASCII-only output.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?postcss-selector-parser:6.0.13/cssesc:^3.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/postcss-selector-parser:6.0.13
  • simplicite-js:5.2.54

Identifiers

curvesapi-1.06.jar

Description:

Implementation of various mathematical curves that define themselves over a set of control points. The API is written in Java. The curves supported are: Bezier, B-Spline, Cardinal Spline, Catmull-Rom Spline, Lagrange, Natural Cubic Spline, and NURBS.

License:

BSD License: http://opensource.org/licenses/BSD-3-Clause
File Path: /var/simplicite/.m2/repository/com/github/virtuald/curvesapi/1.06/curvesapi-1.06.jar
MD5: 049221bdb7f8d8a2065c02000e854ed4
SHA1: 159dd2e8956459a4eb0a9a6ecda9004d8d289708
SHA256:38bb45c99e6153260c19b97b99b6a7370a067de63344de6d1ea11922acaed86b
Referenced In Project/Scope: Simplicite Platform:compile
curvesapi-1.06.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.poi/poi-ooxml@4.1.2

Identifiers

date-now:0.1.4

Description:

A requirable version of Date.now()

File Path: /var/simplicite/simplicite-5.2/package-lock.json?/date-now:0.1.4

Referenced In Projects/Scopes:

  • simplicite-js:5.2.54/console-browserify:1.1.0
  • simplicite-js:5.2.54

Identifiers

debug:4.3.4

Description:

Lightweight debugging utility for Node.js and the browser

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?tuf-js:1.1.7/debug:^4.3.4

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/rc-config-loader:4.1.3
  • simplicite-js:5.2.54/socks-proxy-agent:7.0.0
  • simplicite-js:5.2.54/@eslint/eslintrc:2.1.4
  • simplicite-js:5.2.54/@babel/traverse:7.23.9
  • simplicite-js:5.2.54/http-proxy-agent:5.0.0
  • simplicite-js:5.2.54/license-report:6.5.0
  • simplicite-js:5.2.54/agentkeepalive:4.3.0
  • simplicite-js:5.2.54/@babel/core:7.23.9
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/@humanwhocodes/config-array:0.11.13
  • simplicite-js:5.2.54/depcheck:1.4.3
  • simplicite-js:5.2.54/https-proxy-agent:5.0.1
  • simplicite-js:5.2.54/eslint:8.56.0
  • simplicite-js:5.2.54/stylelint:14.16.1
  • simplicite-js:5.2.54/eslint-plugin-jsdoc:48.0.4
  • simplicite-js:5.2.54/agent-base:6.0.2
  • simplicite-js:5.2.54/@babel/helper-define-polyfill-provider:0.5.0
  • simplicite-js:5.2.54/tuf-js:1.1.7

Identifiers

decamelize-keys:1.1.1

Description:

Convert object keys from camelCase to lowercase with a custom separator

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?meow:9.0.0/decamelize-keys:^1.1.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/meow:9.0.0
  • simplicite-js:5.2.54

Identifiers

decamelize:1.2.0

Description:

Convert a camelized string into a lowercased one with a custom separator: unicornRainbow → unicorn_rainbow

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?meow:9.0.0/decamelize:^1.2.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/meow:9.0.0
  • simplicite-js:5.2.54/decamelize-keys:1.1.1
  • simplicite-js:5.2.54

Identifiers

decompress-response:6.0.0

Description:

Decompress a HTTP response if needed

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?got:13.0.0/decompress-response:^6.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/got:12.6.1
  • simplicite-js:5.2.54/got:9.6.0
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/got:13.0.0

Identifiers

deep-extend:0.6.0

Description:

Recursive object extending

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?rc:1.2.8/deep-extend:^0.6.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/rc:1.2.8
  • simplicite-js:5.2.54

Identifiers

deep-is:0.1.4

Description:

node's assert.deepEqual algorithm except for NaN being equal to NaN

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?optionator:0.9.3/deep-is:^0.1.3

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/optionator:0.9.3
  • simplicite-js:5.2.54

Identifiers

defaults:1.0.4

Description:

merge single level defaults over a config object

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?wcwidth:1.0.1/defaults:^1.0.3

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/wcwidth:1.0.1
  • simplicite-js:5.2.54

Identifiers

defer-to-connect:1.1.3

Description:

The safe way to handle the `connect` socket event

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/defer-to-connect:1.1.3

Referenced In Project/Scope: simplicite-js:5.2.54

Identifiers

defer-to-connect:2.0.1

Description:

The safe way to handle the `connect` socket event

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/defer-to-connect:2.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@szmarczak/http-timer:5.0.1
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/@szmarczak/http-timer:1.1.2

Identifiers

define-properties:1.2.0

Description:

Define multiple non-enumerable properties at once. Uses `Object.defineProperty` when available; falls back to standard assignment in older engines.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?string.prototype.trimstart:1.0.6/define-properties:^1.1.4

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/function.prototype.name:1.1.5
  • simplicite-js:5.2.54/string.prototype.trimend:1.0.6
  • simplicite-js:5.2.54/object.getownpropertydescriptors:2.1.6
  • simplicite-js:5.2.54/globalthis:1.0.3
  • simplicite-js:5.2.54/array.prototype.reduce:1.0.5
  • simplicite-js:5.2.54/string.prototype.trim:1.2.7
  • simplicite-js:5.2.54/regexp.prototype.flags:1.5.0
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/string.prototype.trimstart:1.0.6
  • simplicite-js:5.2.54/object.assign:4.1.4

Identifiers

delegates:1.0.0

Description:

delegate methods and accessors to another property

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/delegates:1.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/are-we-there-yet:3.0.1
  • simplicite-js:5.2.54

Identifiers

depcheck:1.4.3

Description:

Check dependencies in your node module

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?npm-check:6.0.1/depcheck:^1.3.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/npm-check:6.0.1
  • simplicite-js:5.2.54

Identifiers

depd:2.0.0

Description:

Deprecate all the things

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/depd:2.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/agentkeepalive:4.3.0
  • simplicite-js:5.2.54

Identifiers

deps-regex:0.1.4

Description:

Regular expression for matching javascript require statements.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/deps-regex:0.1.4

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/depcheck:1.4.3

Identifiers

diff-match-patch:1.0.5

Description:

npm package for https://github.com/google/diff-match-patch

License:

Apache-2.0
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/diff-match-patch:1.0.5

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/ace-diff:3.0.3

Identifiers

diffutils-1.3.0.jar

Description:

The DiffUtils library for computing diffs, applying patches, generationg side-by-side view in Java.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/googlecode/java-diff-utils/diffutils/1.3.0/diffutils-1.3.0.jar
MD5: 638158a6bca62926aa9986c92ccb15e0
SHA1: 7e060dd5b19431e6d198e91ff670644372f60fbd
SHA256:61ba4dc49adca95243beaa0569adc2a23aedb5292ae78aa01186fa782ebdc5c2
Referenced In Project/Scope: Simplicite Platform:compile
diffutils-1.3.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

dir-glob:3.0.1

Description:

Convert directories to glob compatible strings

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?globby:11.1.0/dir-glob:^3.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/globby:11.1.0

Identifiers

docdash:2.0.2

Description:

A clean, responsive documentation template theme for JSDoc 3 inspired by lodash and minami

License:

Apache-2.0
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/docdash:2.0.2

Referenced In Project/Scope: simplicite-js:5.2.54

Identifiers

doctrine:3.0.0

Description:

JSDoc parser

License:

Apache-2.0
File Path: /var/simplicite/simplicite-5.2/package-lock.json?eslint:8.56.0/doctrine:^3.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/eslint:8.56.0
  • simplicite-js:5.2.54

Identifiers

dom-serializer:0.2.2

Description:

render dom nodes to string

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/dom-serializer:0.2.2

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/domutils:1.5.1

Identifiers

domelementtype:1.3.1

Description:

all the types of nodes in htmlparser2's dom

License:

BSD-2-Clause
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/domelementtype:1.3.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/htmlparser2:3.8.3
  • simplicite-js:5.2.54/domhandler:2.3.0
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/domutils:1.5.1

Identifiers

domelementtype:2.3.0

Description:

all the types of nodes in htmlparser2's dom

License:

BSD-2-Clause
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/domelementtype:2.3.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/dom-serializer:0.2.2
  • simplicite-js:5.2.54

Identifiers

domhandler:2.3.0

Description:

handler for htmlparser2 that turns pages into a dom

File Path: /var/simplicite/simplicite-5.2/package-lock.json?/domhandler:2.3.0

Referenced In Projects/Scopes:

  • simplicite-js:5.2.54/htmlparser2:3.8.3
  • simplicite-js:5.2.54

Identifiers

domutils:1.5.1

Description:

utilities for working with htmlparser2's dom

File Path: /var/simplicite/simplicite-5.2/package-lock.json?/domutils:1.5.1

Referenced In Projects/Scopes:

  • simplicite-js:5.2.54/htmlparser2:3.8.3
  • simplicite-js:5.2.54

Identifiers

dot-prop:5.3.0

Description:

Get, set, or delete a property from a nested object using a dot path

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/dot-prop:5.3.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/configstore:6.0.0
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/configstore:5.0.1

Identifiers

dot-prop:6.0.1

Description:

Get, set, or delete a property from a nested object using a dot path

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/dot-prop:6.0.1

Referenced In Project/Scope: simplicite-js:5.2.54

Identifiers

dtd-parser-1.4.4.jar

Description:

SAX-like API for parsing XML DTDs.

License:

Eclipse Distribution License - v 1.0: http://www.eclipse.org/org/documents/edl-v10.php
File Path: /var/simplicite/.m2/repository/com/sun/xml/dtd-parser/dtd-parser/1.4.4/dtd-parser-1.4.4.jar
MD5: f711370da18d104e1edcc44b7e831e95
SHA1: 77b8756371b63d4004a53c90a731945f34ea4c71
SHA256:13d244b7dc112f05ea51b8320fc0b20628e4bea631e1230875df155c56082c59
Referenced In Project/Scope: Simplicite Platform:compile
dtd-parser-1.4.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.glassfish.jaxb/jaxb-xjc@2.3.4

Identifiers

duplexer3:0.1.5

Description:

Like duplexer but using streams3

License:

BSD-3-Clause
File Path: /var/simplicite/simplicite-5.2/package-lock.json?got:9.6.0/duplexer3:^0.1.4

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/got:9.6.0
  • simplicite-js:5.2.54

Identifiers

eastasianwidth:0.2.0

Description:

Get East Asian Width from a character.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?string-width:5.1.2/eastasianwidth:^0.2.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/string-width:5.1.2
  • simplicite-js:5.2.54

Identifiers

eddsa-0.3.0.jar

Description:

Implementation of EdDSA in Java

License:

CC0 1.0 Universal: https://creativecommons.org/publicdomain/zero/1.0/
File Path: /var/simplicite/.m2/repository/net/i2p/crypto/eddsa/0.3.0/eddsa-0.3.0.jar
MD5: ee7de3b6f19de76a06e465efc978f669
SHA1: 1901c8d4d8bffb7d79027686cfb91e704217c3e1
SHA256:4dda1120db856640dbec04140ed23242215a075fe127bdefa0dcfa29fb31267d
Referenced In Project/Scope: Simplicite Platform:compile
eddsa-0.3.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.eclipse.jgit/org.eclipse.jgit.ssh.apache@6.1.0.202203080745-r

Identifiers

editorconfig:0.15.3

Description:

EditorConfig File Locator and Interpreter for Node.js

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?js-beautify:1.14.0/editorconfig:^0.15.3

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/js-beautify:1.14.0
  • simplicite-js:5.2.54

Identifiers

ehcache-3.9.6.jar (shaded: org.ehcache.modules:ehcache-107:3.9.6)

Description:

The JSR-107 compatibility module of Ehcache 3

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/ehcache/ehcache/3.9.6/ehcache-3.9.6.jar/META-INF/maven/org.ehcache.modules/ehcache-107/pom.xml
MD5: 13c94acb6584e8f0305a98ade3df97e7
SHA1: d0cd4e5dfcc655527b4c390291cfc42c418935b9
SHA256:5a3e9568b9a4b6a7972279d92b604769070aade315882ed0330cacf6243505a6
Referenced In Project/Scope: Simplicite Platform:compile

Identifiers

ehcache-3.9.6.jar (shaded: org.ehcache.modules:ehcache-api:3.9.6)

Description:

The API module of Ehcache 3

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/ehcache/ehcache/3.9.6/ehcache-3.9.6.jar/META-INF/maven/org.ehcache.modules/ehcache-api/pom.xml
MD5: de091a511003ad153bf8f2b1fb430474
SHA1: 7bdbd3589b3bb6fb7552067cd43128625145be04
SHA256:ac3d73e785d839a019faa5446e8d7feb00f708557191345e82b59f1d48379d19
Referenced In Project/Scope: Simplicite Platform:compile

Identifiers

ehcache-3.9.6.jar (shaded: org.ehcache.modules:ehcache-core:3.9.6)

Description:

The Core module of Ehcache 3

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/ehcache/ehcache/3.9.6/ehcache-3.9.6.jar/META-INF/maven/org.ehcache.modules/ehcache-core/pom.xml
MD5: 57178604434be0022c4815062e52e26b
SHA1: c46d1c2fd9d0fd1ae74c40ef82f7582a3053a6b7
SHA256:3eea5cd5a9b8583c24bf77bb85b2d568ce6fe672ba6dd9d754fe457aa89ec74d
Referenced In Project/Scope: Simplicite Platform:compile

Identifiers

ehcache-3.9.6.jar (shaded: org.ehcache.modules:ehcache-impl:3.9.6)

Description:

The implementation module of Ehcache 3

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/ehcache/ehcache/3.9.6/ehcache-3.9.6.jar/META-INF/maven/org.ehcache.modules/ehcache-impl/pom.xml
MD5: 956f6047a239689f506d981c715b8a61
SHA1: 8e194f6b76fb23899d8091719fc70516ecdc0c65
SHA256:7b19e56f8525654a0cb4f3355a518d39721562d8cd1da34be3b7fcabdc1b8e3a
Referenced In Project/Scope: Simplicite Platform:compile

Identifiers

ehcache-3.9.6.jar (shaded: org.ehcache.modules:ehcache-xml:3.9.6)

Description:

The module containing all XML parsing logic Ehcache 3

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/ehcache/ehcache/3.9.6/ehcache-3.9.6.jar/META-INF/maven/org.ehcache.modules/ehcache-xml/pom.xml
MD5: 298122afe88cc7c818768b30abd92733
SHA1: 84fcb1a938a1ffc9b815eaf1c0ca36a6866c11f1
SHA256:800fe5e94fe94f682f75ac2ed9e8fb89e1562daf063b9732f2b75943e82d79eb
Referenced In Project/Scope: Simplicite Platform:compile

Identifiers

ehcache-3.9.6.jar (shaded: org.ehcache:sizeof:0.4.0)

Description:

SizeOf engine, extracted from Ehcache

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/ehcache/ehcache/3.9.6/ehcache-3.9.6.jar/META-INF/maven/org.ehcache/sizeof/pom.xml
MD5: 4c6f7de9f499531083e2a0d03392f3cf
SHA1: 73ae8131061b4f5b29fa15819c0ed429ac4708d4
SHA256:e9a89defb70a370e182e4eb1e4ced5e8b5a0ebc3c21d1da4342ed040bf02d4ad
Referenced In Project/Scope: Simplicite Platform:compile

Identifiers

ehcache-3.9.6.jar (shaded: org.terracotta:offheap-store:2.5.2)

Description:

A library that offers data structures allocated off the java heap.

License:

The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/ehcache/ehcache/3.9.6/ehcache-3.9.6.jar/META-INF/maven/org.terracotta/offheap-store/pom.xml
MD5: d089641b4a80a158a3bc42c39610173a
SHA1: 8b22532136a07c5a03aa5b571d55e3bd4919b43d
SHA256:79fdf6cc2cfa6c9332864109cbf13e69cfbeb7b381023793e40d35c3e959c9cb
Referenced In Project/Scope: Simplicite Platform:compile

Identifiers

ehcache-3.9.6.jar (shaded: org.terracotta:statistics:2.1)

Description:

A statistics framework used inside Ehcache and the Terracotta products

License:

The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/ehcache/ehcache/3.9.6/ehcache-3.9.6.jar/META-INF/maven/org.terracotta/statistics/pom.xml
MD5: c2e7d02d7e332392956c557deed20543
SHA1: 56e7b6d8a273bd82f2d7066b7063de656763f2b7
SHA256:c97d57efb3ac671e65a39fc2109e354ef5ea665a1a6490491e5a348e0dbf1ebb
Referenced In Project/Scope: Simplicite Platform:compile

Identifiers

ehcache-3.9.6.jar (shaded: org.terracotta:terracotta-utilities-tools:0.0.9)

Description:

Utility classes/methods for common Java tasks

License:

The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/ehcache/ehcache/3.9.6/ehcache-3.9.6.jar/META-INF/maven/org.terracotta/terracotta-utilities-tools/pom.xml
MD5: a55b2ab2781f5fdd83ae6c23d9e42887
SHA1: 6ee0ebbb1f94e470f04d3a5737a0650e9d02e30e
SHA256:7703955943c1f9ab2f4343a0f21a8aa61d159df0eaf2a2786c81be464dda6aaa
Referenced In Project/Scope: Simplicite Platform:compile

Identifiers

ehcache-3.9.6.jar

Description:

End-user ehcache3 jar artifact

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/ehcache/ehcache/3.9.6/ehcache-3.9.6.jar
MD5: f3cad96e513526c473610fb449ed411a
SHA1: c63362936308b841f81dbc7cd40384ffc473c595
SHA256:e1a0f4f270ed4a5b194cb632369a2d851472122d436b548a5a22430acad9cd24
Referenced In Project/Scope: Simplicite Platform:compile
ehcache-3.9.6.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

ehcache-3.9.6.jar: sizeof-agent.jar

File Path: /var/simplicite/.m2/repository/org/ehcache/ehcache/3.9.6/ehcache-3.9.6.jar/org/ehcache/sizeof/impl/sizeof-agent.jar
MD5: ebbbeb86eb031d51e9607e2e5581ec70
SHA1: fb0f17e0abef2dce271fe80fff4ec331bb635a2a
SHA256:e0bc6c03760bf71296d00ca2c15eb4b9bfa19f60a287edf002b2b2423f993d88
Referenced In Project/Scope: Simplicite Platform:compile

Identifiers

  • None

electron-to-chromium:1.4.656

Description:

Provides a list of electron-to-chromium version mappings

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/electron-to-chromium:1.4.656

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/browserslist:4.22.3
  • simplicite-js:5.2.54

Identifiers

emoji-regex:8.0.0

Description:

A regular expression to match all Emoji-only symbols as per the Unicode Standard.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?string-width-cjs:4.2.3/emoji-regex:^8.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/string-width:4.2.3
  • simplicite-js:5.2.54/string-width-cjs:4.2.3
  • simplicite-js:5.2.54/string-width:5.1.2
  • simplicite-js:5.2.54

Identifiers

encoding:0.1.13

Description:

Convert encodings, uses iconv-lite

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/encoding:0.1.13

Referenced In Project/Scope: simplicite-js:5.2.54

Identifiers

end-of-stream:1.4.4

Description:

Call a callback when a readable/writable/duplex stream has completed or failed.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?pump:3.0.0/end-of-stream:^1.1.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/pump:3.0.0
  • simplicite-js:5.2.54

Identifiers

entities:1.0.0

Description:

Encode & decode XML/HTML entities with ease

License:

BSD-like
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/entities:1.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/htmlparser2:3.8.3
  • simplicite-js:5.2.54

Identifiers

entities:2.1.0

Description:

Encode & decode XML and HTML entities with ease

License:

BSD-2-Clause
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/entities:2.1.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/markdown-it:12.3.2

Identifiers

entities:2.2.0

Description:

Encode & decode XML and HTML entities with ease

License:

BSD-2-Clause
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/entities:2.2.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/dom-serializer:0.2.2
  • simplicite-js:5.2.54

Identifiers

env-paths:2.2.1

Description:

Get paths for storing things like data, config, cache, etc

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?node-gyp:9.4.0/env-paths:^2.2.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/node-gyp:9.4.0
  • simplicite-js:5.2.54

Identifiers

eol:0.9.1

Description:

Newline character converter

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?license-report:6.5.0/eol:^0.9.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/license-report:6.5.0
  • simplicite-js:5.2.54

Identifiers

err-code:2.0.3

Description:

Create an error with a code

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?promise-retry:2.0.1/err-code:^2.0.2

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/promise-retry:2.0.1

Identifiers

error-ex:1.3.2

Description:

Easy error subclassing and stack customization

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?parse-json:5.2.0/error-ex:^1.3.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/parse-json:5.2.0

Identifiers

error_prone_annotations-2.3.4.jar

License:

Apache 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/google/errorprone/error_prone_annotations/2.3.4/error_prone_annotations-2.3.4.jar
MD5: 67beeee58df00366100061c7da82f4c2
SHA1: dac170e4594de319655ffb62f41cbd6dbb5e601e
SHA256:baf7d6ea97ce606c53e11b6854ba5f2ce7ef5c24dddf0afa18d1260bd25b002c
Referenced In Project/Scope: Simplicite Platform:compile
error_prone_annotations-2.3.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.google.protobuf/protobuf-java-util@3.17.3

Identifiers

es-abstract:1.21.2

Description:

ECMAScript spec abstract operations.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?string.prototype.trimstart:1.0.6/es-abstract:^1.20.4

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/function.prototype.name:1.1.5
  • simplicite-js:5.2.54/string.prototype.trimend:1.0.6
  • simplicite-js:5.2.54/object.getownpropertydescriptors:2.1.6
  • simplicite-js:5.2.54/array.prototype.reduce:1.0.5
  • simplicite-js:5.2.54/string.prototype.trim:1.2.7
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/string.prototype.trimstart:1.0.6

Identifiers

es-array-method-boxes-properly:1.0.0

Description:

Utility package to determine if an `Array.prototype` method properly boxes the callback's receiver and third argument.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/es-array-method-boxes-properly:1.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/array.prototype.reduce:1.0.5
  • simplicite-js:5.2.54

Identifiers

es-set-tostringtag:2.0.1

Description:

A helper to optimistically set Symbol.toStringTag, when possible.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/es-set-tostringtag:2.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/es-abstract:1.21.2
  • simplicite-js:5.2.54

Identifiers

es-to-primitive:1.2.1

Description:

ECMAScript “ToPrimitive” algorithm. Provides ES5 and ES2015 versions.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/es-to-primitive:1.2.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/es-abstract:1.21.2
  • simplicite-js:5.2.54

Identifiers

escalade:3.1.1

Description:

A tiny (183B to 210B) and fast utility to ascend parent directories

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?yargs:16.2.0/escalade:^3.1.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/yargs:16.2.0
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/update-browserslist-db:1.0.13

Identifiers

escape-goat:2.1.1

Description:

Escape a string for use in HTML or the inverse

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?pupa:2.1.1/escape-goat:^2.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/pupa:2.1.1
  • simplicite-js:5.2.54/pupa:3.1.0
  • simplicite-js:5.2.54

Identifiers

escape-string-regexp:1.0.5

Description:

Escape RegExp special characters

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?figures:3.2.0/escape-string-regexp:^1.0.5

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/figures:3.2.0
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/chalk:2.4.2

Identifiers

escape-string-regexp:2.0.0

Description:

Escape RegExp special characters

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/escape-string-regexp:2.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/jsdoc:4.0.2
  • simplicite-js:5.2.54

Identifiers

escape-string-regexp:4.0.0

Description:

Escape RegExp special characters

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/escape-string-regexp:4.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/eslint:8.56.0
  • simplicite-js:5.2.54/eslint-plugin-jsdoc:48.0.4
  • simplicite-js:5.2.54

Identifiers

eslint-plugin-jsdoc:48.0.4

Description:

JSDoc linting rules for ESLint.

License:

BSD-3-Clause
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/eslint-plugin-jsdoc:48.0.4

Referenced In Project/Scope: simplicite-js:5.2.54

Identifiers

eslint-scope:7.2.2

Description:

ECMAScript scope analyzer for ESLint

License:

BSD-2-Clause
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/eslint-scope:7.2.2

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/eslint:8.56.0
  • simplicite-js:5.2.54

Identifiers

eslint-visitor-keys:3.4.3

Description:

Constants and utilities about visitor keys to traverse AST.

License:

Apache-2.0
File Path: /var/simplicite/simplicite-5.2/package-lock.json?espree:9.6.1/eslint-visitor-keys:^3.4.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/espree:9.6.1
  • simplicite-js:5.2.54/eslint:8.56.0
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/@eslint-community/eslint-utils:4.4.0

Identifiers

eslint:8.56.0

Description:

An AST-based pattern checker for JavaScript.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/eslint:8.56.0

Referenced In Project/Scope: simplicite-js:5.2.54

Identifiers

espree:9.6.1

Description:

An Esprima-compatible JavaScript parser built on Acorn

License:

BSD-2-Clause
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/espree:9.6.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/eslint:8.56.0
  • simplicite-js:5.2.54/@eslint/eslintrc:2.1.4
  • simplicite-js:5.2.54

Identifiers

esprima:4.0.1

Description:

ECMAScript parsing infrastructure for multipurpose analysis

License:

BSD-2-Clause
File Path: /var/simplicite/simplicite-5.2/package-lock.json?js-yaml:3.14.1/esprima:^4.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/js-yaml:3.14.1
  • simplicite-js:5.2.54

Identifiers

esquery:1.5.0

Description:

A query library for ECMAScript AST using a CSS selector like query language.

License:

BSD-3-Clause
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/esquery:1.5.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/eslint:8.56.0
  • simplicite-js:5.2.54/eslint-plugin-jsdoc:48.0.4
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/@es-joy/jsdoccomment:0.41.0

Identifiers

esrecurse:4.3.0

Description:

ECMAScript AST recursive visitor

License:

BSD-2-Clause
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/esrecurse:4.3.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/eslint-scope:7.2.2
  • simplicite-js:5.2.54

Identifiers

estraverse:5.3.0

Description:

ECMAScript JS AST traversal functions

License:

BSD-2-Clause
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/estraverse:5.3.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/esquery:1.5.0
  • simplicite-js:5.2.54/eslint-scope:7.2.2
  • simplicite-js:5.2.54/esrecurse:4.3.0
  • simplicite-js:5.2.54

Identifiers

estree-walker:2.0.2

Description:

Traverse an ESTree-compliant AST

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/estree-walker:2.0.2

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@vue/compiler-sfc:3.3.4
  • simplicite-js:5.2.54/@vue/compiler-core:3.3.4
  • simplicite-js:5.2.54/@vue/reactivity-transform:3.3.4
  • simplicite-js:5.2.54

Identifiers

esutils:2.0.3

Description:

utility box for ECMAScript language tools

License:

BSD-2-Clause
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/esutils:2.0.3

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/eslint:8.56.0
  • simplicite-js:5.2.54/doctrine:3.0.0
  • simplicite-js:5.2.54/@babel/preset-modules:0.1.6-no-external-plugins
  • simplicite-js:5.2.54

Identifiers

execa:5.1.1

Description:

Process execution for humans

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?npm-check:6.0.1/execa:^5.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/npm-check:6.0.1
  • simplicite-js:5.2.54

Identifiers

exit:0.1.2

Description:

A replacement for process.exit that ensures stdio are fully drained before exiting.

File Path: /var/simplicite/simplicite-5.2/package-lock.json?/exit:0.1.2

Referenced In Projects/Scopes:

  • simplicite-js:5.2.54/jshint:2.13.1
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/cli:1.0.1

Identifiers

exponential-backoff:3.1.1

Description:

A utility that allows retrying a function with an exponential delay between attempts.

License:

Apache-2.0
File Path: /var/simplicite/simplicite-5.2/package-lock.json?node-gyp:9.4.0/exponential-backoff:^3.1.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/node-gyp:9.4.0
  • simplicite-js:5.2.54

Identifiers

external-editor:3.1.0

Description:

Edit a string with the users preferred text editor using $VISUAL or $ENVIRONMENT

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?inquirer:7.3.3/external-editor:^3.0.3

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/inquirer:7.3.3
  • simplicite-js:5.2.54

Identifiers

failureaccess-1.0.1.jar

Description:

    Contains
    com.google.common.util.concurrent.internal.InternalFutureFailureAccess and
    InternalFutures. Most users will never need to use this artifact. Its
    classes is conceptually a part of Guava, but they're in this separate
    artifact so that Android libraries can use them without pulling in all of
    Guava (just as they can use ListenableFuture by depending on the
    listenablefuture artifact).

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.jar
MD5: 091883993ef5bfa91da01dcc8fc52236
SHA1: 1dcf1de382a0bf95a3d8b0849546c88bac1292c9
SHA256:a171ee4c734dd2da837e4b16be9df4661afab72a41adaf31eb84dfdaf936ca26
Referenced In Project/Scope: Simplicite Platform:compile
failureaccess-1.0.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.google.guava/guava@30.1.1-jre

Identifiers

fast-and-simple-minify-1.0.jar

Description:

fast-and-simple-minify is a combined java-port of the JSMin and CSSMin utility with some additional features

License:

The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/ch/simschla/fast-and-simple-minify/1.0/fast-and-simple-minify-1.0.jar
MD5: 762fd1d990bb4e97a7581d2cd3255fc1
SHA1: ade6ae013ee38869b79eeb0661203451ddc16f46
SHA256:86e94527a0705c1ac20ff2b80e7d673975cc92f988210cc440f5bd1bb44087b5
Referenced In Project/Scope: Simplicite Platform:compile
fast-and-simple-minify-1.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

fast-deep-equal:3.1.3

Description:

Fast deep equal

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?ajv:8.12.0/fast-deep-equal:^3.1.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/ajv:8.12.0
  • simplicite-js:5.2.54/eslint:8.56.0
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/ajv:6.12.6

Identifiers

fast-glob:3.3.0

Description:

It's a very fast and efficient glob library for Node.js

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?stylelint:14.16.1/fast-glob:^3.2.12

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/stylelint:14.16.1
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/globby:11.1.0

Identifiers

fast-json-stable-stringify:2.1.0

Description:

deterministic `JSON.stringify()` - a faster version of substack's json-stable-strigify without jsonify

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/fast-json-stable-stringify:2.1.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/ajv:6.12.6

Identifiers

fast-levenshtein:2.0.6

Description:

Efficient implementation of Levenshtein algorithm  with locale-specific collator support.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?optionator:0.9.3/fast-levenshtein:^2.0.6

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/optionator:0.9.3
  • simplicite-js:5.2.54

Identifiers

fast-memoize:2.5.2

Description:

Fastest memoization lib that supports N arguments

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?npm-check-updates:16.14.14/fast-memoize:^2.5.2

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/npm-check-updates:16.14.14
  • simplicite-js:5.2.54

Identifiers

fastest-levenshtein:1.0.16

Description:

Fastest Levenshtein distance implementation in JS.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?stylelint:14.16.1/fastest-levenshtein:^1.0.16

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/stylelint:14.16.1
  • simplicite-js:5.2.54

Identifiers

fastq:1.15.0

Description:

Fast, in memory work queue

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/fastq:1.15.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@nodelib/fs.walk:1.2.8
  • simplicite-js:5.2.54

Identifiers

figures:3.2.0

Description:

Unicode symbols with Windows CMD fallbacks

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?inquirer:7.3.3/figures:^3.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/inquirer:7.3.3
  • simplicite-js:5.2.54

Identifiers

file-entry-cache:6.0.1

Description:

Super simple cache for file metadata, useful for process that work o a given series of files and that only need to repeat the job on the changed ones since the previous run of the process

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?stylelint:14.16.1/file-entry-cache:^6.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/eslint:8.56.0
  • simplicite-js:5.2.54/stylelint:14.16.1
  • simplicite-js:5.2.54

Identifiers

fill-range:7.0.1

Description:

Fill in a range of numbers or letters, optionally passing an increment or `step` to use, or create a regex-compatible range with `options.toRegex`

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/fill-range:7.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/braces:3.0.2
  • simplicite-js:5.2.54

Identifiers

find-cache-dir:2.1.0

Description:

Finds the common standard cache directory

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/find-cache-dir:2.1.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/@babel/register:7.23.7

Identifiers

find-up:3.0.0

Description:

Find a file or directory by walking up parent directories

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/find-up:3.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/pkg-dir:3.0.0

Identifiers

find-up:4.1.0

Description:

Find a file or directory by walking up parent directories

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/find-up:4.1.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/read-pkg-up:7.0.1
  • simplicite-js:5.2.54

Identifiers

find-up:5.0.0

Description:

Find a file or directory by walking up parent directories

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?preferred-pm:3.0.3/find-up:^5.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/pkg-dir:4.2.0
  • simplicite-js:5.2.54/eslint:8.56.0
  • simplicite-js:5.2.54/preferred-pm:3.0.3
  • simplicite-js:5.2.54/npm-check-updates:16.14.14
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/pkg-dir:5.0.0

Identifiers

find-yarn-workspace-root2:1.2.16

Description:

Algorithm for finding the root of a yarn workspace, extracted from yarnpkg.com

License:

Apache-2.0
File Path: /var/simplicite/simplicite-5.2/package-lock.json?preferred-pm:3.0.3/find-yarn-workspace-root2:1.2.16

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/preferred-pm:3.0.3
  • simplicite-js:5.2.54

Identifiers

flat-cache:3.0.4

Description:

A stupidly simple key/value storage using files to persist some data

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/flat-cache:3.0.4

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/file-entry-cache:6.0.1
  • simplicite-js:5.2.54

Identifiers

flatted:3.2.7

Description:

A super light and fast circular JSON parser.

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/flatted:3.2.7

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/flat-cache:3.0.4
  • simplicite-js:5.2.54

Identifiers

fontbox-2.0.23.jar

Description:

    The Apache FontBox library is an open source Java tool to obtain low level information
    from font files. FontBox is a subproject of Apache PDFBox.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/pdfbox/fontbox/2.0.23/fontbox-2.0.23.jar
MD5: f9aa90c666c88ff29e3cd34c15d538ca
SHA1: 1a6b960dd2c1b1f8a5f5d6668b2930b50ff4324d
SHA256:5b8a00ee90b1e7ec29b00a96230c667279cac5e61cfd6cfc5efb6294ff4639b1
Referenced In Project/Scope: Simplicite Platform:compile
fontbox-2.0.23.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

for-each:0.3.3

Description:

A better forEach

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?which-typed-array:1.1.9/for-each:^0.3.3

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/is-typed-array:1.1.10
  • simplicite-js:5.2.54/typed-array-length:1.0.4
  • simplicite-js:5.2.54/which-typed-array:1.1.9
  • simplicite-js:5.2.54

Identifiers

foreground-child:3.1.1

Description:

Run a child as if it's the foreground process. Give it stdio. Exit when it exits.

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?glob:10.3.3/foreground-child:^3.1.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/glob:10.3.10
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/glob:10.3.3

Identifiers

form-data-encoder:2.1.4

Description:

Encode FormData content into the multipart/form-data format

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?got:13.0.0/form-data-encoder:^2.1.2

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/got:12.6.1
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/got:13.0.0

Identifiers

fp-and-or:0.1.4

Description:

Simple `and` and `or` functional programming predicates

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?npm-check-updates:16.14.14/fp-and-or:^0.1.4

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/npm-check-updates:16.14.14
  • simplicite-js:5.2.54

Identifiers

fs-extra:8.1.0

Description:

fs-extra contains methods that aren't included in the vanilla Node.js fs package. Such as mkdir -p, cp -r, and rm -rf.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?npm-audit-html:1.5.0/fs-extra:^8.1.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/npm-audit-html:1.5.0
  • simplicite-js:5.2.54

Identifiers

fs-minipass:2.1.0

Description:

fs read and write streams based on minipass

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/fs-minipass:2.1.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/tar:6.1.15
  • simplicite-js:5.2.54

Identifiers

fs-minipass:3.0.2

Description:

fs read and write streams based on minipass

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?pacote:15.2.0/fs-minipass:^3.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/cacache:17.1.3
  • simplicite-js:5.2.54/pacote:15.2.0
  • simplicite-js:5.2.54

Identifiers

fs-readdir-recursive:1.1.0

Description:

Recursively read a directory

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/fs-readdir-recursive:1.1.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/cli:7.23.9
  • simplicite-js:5.2.54

Identifiers

fs.realpath:1.0.0

Description:

Use node's fs.realpath, but fall back to the JS implementation if the native one fails

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?glob:7.2.3/fs.realpath:^1.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/glob:7.2.3
  • simplicite-js:5.2.54

Identifiers

function-bind:1.1.1

Description:

Implementation of Function.prototype.bind

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?has:1.0.3/function-bind:^1.1.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/call-bind:1.0.2
  • simplicite-js:5.2.54/has:1.0.3
  • simplicite-js:5.2.54/get-intrinsic:1.2.1
  • simplicite-js:5.2.54

Identifiers

function.prototype.name:1.1.5

Description:

An ES2015 spec-compliant `Function.prototype.name` shim

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/function.prototype.name:1.1.5

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/es-abstract:1.21.2
  • simplicite-js:5.2.54

Identifiers

functions-have-names:1.2.3

Description:

Does this JS environment support the `name` property on functions?

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?regexp.prototype.flags:1.5.0/functions-have-names:^1.2.3

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/function.prototype.name:1.1.5
  • simplicite-js:5.2.54/regexp.prototype.flags:1.5.0
  • simplicite-js:5.2.54

Identifiers

fuzzywuzzy-1.3.1.jar (shaded: me.xdrop:diffutils:1.3)

File Path: /var/simplicite/.m2/repository/me/xdrop/fuzzywuzzy/1.3.1/fuzzywuzzy-1.3.1.jar/META-INF/maven/me.xdrop/diffutils/pom.xml
MD5: 9d75ff06b99ebf130bb19c8e085714b2
SHA1: edcb90cdd072a9291d9580eb01656c925a73cdad
SHA256:8f44a4acb88339f7d9d858d504a8f88d268e4fc6094d0e55f8918227b87709bf
Referenced In Project/Scope: Simplicite Platform:compile

Identifiers

fuzzywuzzy-1.3.1.jar (shaded: me.xdrop:fuzzywuzzy-build:1.3.1)

Description:

Fuzzy string matching algorithm for Java

License:

GPL 2: https://www.gnu.org/licenses/old-licenses/gpl-2.0.html
File Path: /var/simplicite/.m2/repository/me/xdrop/fuzzywuzzy/1.3.1/fuzzywuzzy-1.3.1.jar/META-INF/maven/me.xdrop/fuzzywuzzy-build/pom.xml
MD5: c15930598f1712ac392d73ef1fc51fa0
SHA1: 5d8908e51ae7bb25697600f6b0238a63b1289e22
SHA256:d60db08c740e18d5bf4bebfe4e7afca866a4dc57dac047d090807e55f1a707b9
Referenced In Project/Scope: Simplicite Platform:compile

Identifiers

fuzzywuzzy-1.3.1.jar

Description:

Fuzzy string searching implementation of the well-known fuzzywuzzy algorithm in Java

License:

GPL 2: https://www.gnu.org/licenses/old-licenses/gpl-2.0.html
File Path: /var/simplicite/.m2/repository/me/xdrop/fuzzywuzzy/1.3.1/fuzzywuzzy-1.3.1.jar
MD5: c740aacfef63c5c3dd2c74bc4ca5df0c
SHA1: c691e88d356f92a29f22c68c56a053efba8569d0
SHA256:99947e309302a45870e48453e8f53faefa2ed03eea3bbc0e8fe8003905773bd3
Referenced In Project/Scope: Simplicite Platform:compile
fuzzywuzzy-1.3.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

gauge:4.0.4

Description:

A terminal based horizontal gauge

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?npmlog:6.0.2/gauge:^4.0.3

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/npmlog:6.0.2
  • simplicite-js:5.2.54

Identifiers

gensync:1.0.0-beta.2

Description:

Allows users to use generators in order to write common functions that can be both sync or async.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/gensync:1.0.0-beta.2

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/core:7.23.9
  • simplicite-js:5.2.54

Identifiers

get-caller-file:2.0.5

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?yargs:16.2.0/get-caller-file:^2.0.5

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/yargs:16.2.0
  • simplicite-js:5.2.54

Identifiers

get-intrinsic:1.2.1

Description:

Get and robustly cache all JS language-level intrinsics at first require time

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?side-channel:1.0.4/get-intrinsic:^1.0.2

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/es-abstract:1.21.2
  • simplicite-js:5.2.54/call-bind:1.0.2
  • simplicite-js:5.2.54/side-channel:1.0.4
  • simplicite-js:5.2.54/internal-slot:1.0.5
  • simplicite-js:5.2.54/safe-array-concat:1.0.0
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/is-array-buffer:3.0.2
  • simplicite-js:5.2.54/gopd:1.0.1
  • simplicite-js:5.2.54/get-symbol-description:1.0.0
  • simplicite-js:5.2.54/has-property-descriptors:1.0.0
  • simplicite-js:5.2.54/safe-regex-test:1.0.0
  • simplicite-js:5.2.54/es-set-tostringtag:2.0.1

Identifiers

get-stdin:5.0.1

Description:

Get stdin as a string or buffer

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/get-stdin:5.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/split-text-to-chunks:1.0.0
  • simplicite-js:5.2.54

Identifiers

get-stdin:8.0.0

Description:

Get stdin as a string or buffer

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?npm-check-updates:16.14.14/get-stdin:^8.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/npm-check-updates:16.14.14
  • simplicite-js:5.2.54

Identifiers

get-stream:5.2.0

Description:

Get a stream as a string, buffer, or array

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/get-stream:5.2.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/cacheable-request:6.1.0
  • simplicite-js:5.2.54

Identifiers

get-stream:6.0.1

Description:

Get a stream as a string, buffer, or array

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?got:13.0.0/get-stream:^6.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/cacheable-request:10.2.12
  • simplicite-js:5.2.54/got:12.6.1
  • simplicite-js:5.2.54/execa:5.1.1
  • simplicite-js:5.2.54/got:9.6.0
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/got:13.0.0

Identifiers

get-symbol-description:1.0.0

Description:

Gets the description of a Symbol. Handles `Symbol()` vs `Symbol('')` properly when possible.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/get-symbol-description:1.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/es-abstract:1.21.2
  • simplicite-js:5.2.54

Identifiers

giturl:1.0.3

Description:

Transfer git url to web url

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?npm-check:6.0.1/giturl:^1.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/npm-check:6.0.1
  • simplicite-js:5.2.54

Identifiers

glob-parent:5.1.2

Description:

Extract the non-magic parent path from a glob string.

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/glob-parent:5.1.2

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/chokidar:3.5.3
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/fast-glob:3.3.0

Identifiers

glob-parent:6.0.2

Description:

Extract the non-magic parent path from a glob string.

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/glob-parent:6.0.2

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/eslint:8.56.0
  • simplicite-js:5.2.54

Identifiers

glob:10.3.3

Description:

the most correct and second fastest glob implementation in JavaScript

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/glob:10.3.3

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/read-package-json:6.0.4
  • simplicite-js:5.2.54/cacache:17.1.3
  • simplicite-js:5.2.54

Identifiers

glob:7.2.3

Description:

a little globber

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?rimraf:3.0.2/glob:^7.1.3

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/js-beautify:1.14.0
  • simplicite-js:5.2.54/rimraf:3.0.2
  • simplicite-js:5.2.54/rimraf:5.0.5
  • simplicite-js:5.2.54/node-gyp:9.4.0
  • simplicite-js:5.2.54/@babel/cli:7.23.9
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/cli:1.0.1

Identifiers

global-dirs:2.1.0

Description:

Get the directory of globally installed packages and binaries

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?is-installed-globally:0.3.2/global-dirs:^2.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/is-installed-globally:0.4.0
  • simplicite-js:5.2.54/is-installed-globally:0.3.2
  • simplicite-js:5.2.54

Identifiers

global-modules:2.0.0

Description:

The directory used by npm for globally installed npm modules.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?stylelint:14.16.1/global-modules:^2.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/npm-check:6.0.1
  • simplicite-js:5.2.54/stylelint:14.16.1
  • simplicite-js:5.2.54

Identifiers

global-prefix:3.0.0

Description:

Get the npm global path prefix.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/global-prefix:3.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/global-modules:2.0.0
  • simplicite-js:5.2.54

Identifiers

globals:11.12.0

Description:

Global identifiers from different JavaScript environments

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/globals:11.12.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/plugin-transform-classes:7.23.8
  • simplicite-js:5.2.54/@babel/traverse:7.23.9
  • simplicite-js:5.2.54

Identifiers

globals:13.20.0

Description:

Global identifiers from different JavaScript environments

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/globals:13.20.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/eslint:8.56.0
  • simplicite-js:5.2.54/@eslint/eslintrc:2.1.4
  • simplicite-js:5.2.54

Identifiers

globalthis:1.0.3

Description:

ECMAScript spec-compliant polyfill/shim for `globalThis`

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/globalthis:1.0.3

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/es-abstract:1.21.2
  • simplicite-js:5.2.54

Identifiers

globby:11.1.0

Description:

User-friendly glob matching

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?stylelint:14.16.1/globby:^11.1.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/npm-check:6.0.1
  • simplicite-js:5.2.54/stylelint:14.16.1
  • simplicite-js:5.2.54/npm-check-updates:16.14.14
  • simplicite-js:5.2.54

Identifiers

globjoin:0.1.4

Description:

Join paths and globs.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?stylelint:14.16.1/globjoin:^0.1.4

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/stylelint:14.16.1
  • simplicite-js:5.2.54

Identifiers

google-java-format-1.11.0.jar

Description:

    A Java source code formatter that follows Google Java Style.

File Path: /var/simplicite/.m2/repository/com/google/googlejavaformat/google-java-format/1.11.0/google-java-format-1.11.0.jar
MD5: a8e0485cee059bfc0a62cd8a491f4562
SHA1: 6deca3d92cbff57be7e5a288cc6fdbf7f90e64dd
SHA256:6865907d78a745018fb47b604d493c563bddfd7f6129b995e71156d9b7ec673c
Referenced In Project/Scope: Simplicite Platform:compile
google-java-format-1.11.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

gopd:1.0.1

Description:

`Object.getOwnPropertyDescriptor`, but accounts for IE's broken implementation.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?which-typed-array:1.1.9/gopd:^1.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/es-abstract:1.21.2
  • simplicite-js:5.2.54/is-typed-array:1.1.10
  • simplicite-js:5.2.54/which-typed-array:1.1.9
  • simplicite-js:5.2.54

Identifiers

got:12.6.1

Description:

Human-friendly and powerful HTTP request library for Node.js

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?package-json:8.1.1/got:^12.1.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/package-json:8.1.1
  • simplicite-js:5.2.54

Identifiers

got:13.0.0

Description:

Human-friendly and powerful HTTP request library for Node.js

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/got:13.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/license-report:6.5.0
  • simplicite-js:5.2.54

Identifiers

got:9.6.0

Description:

Simplified HTTP requests

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/got:9.6.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/package-json:6.5.0

Identifiers

CVE-2022-33987  

The got package before 12.1.0 (also fixed in 11.8.5) for Node.js allows a redirect to a UNIX socket.
NVD-CWE-noinfo

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (5.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References:

Vulnerable Software & Versions:

graceful-fs:4.2.11

Description:

A drop-in replacement for fs, making various improvements.

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?configstore:6.0.0/graceful-fs:^4.2.6

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/configstore:6.0.0
  • simplicite-js:5.2.54/@pnpm/network.ca-file:1.0.2
  • simplicite-js:5.2.54/klaw:3.0.0
  • simplicite-js:5.2.54/load-yaml-file:0.2.0
  • simplicite-js:5.2.54/fs-extra:8.1.0
  • simplicite-js:5.2.54/node-gyp:9.4.0
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/configstore:5.0.1

Identifiers

graphemer:1.4.0

Description:

A JavaScript library that breaks strings into their individual user-perceived characters (including emojis!)

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/graphemer:1.4.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/eslint:8.56.0
  • simplicite-js:5.2.54

Identifiers

graphics2d-0.32.jar

Description:

Graphics2D Bridge for Apache PDFBox

File Path: /var/simplicite/.m2/repository/de/rototor/pdfbox/graphics2d/0.32/graphics2d-0.32.jar
MD5: 164b89cef806e962457f2dda37915993
SHA1: d8892871a9a1446e94f25eb625a7eec3bfa31b15
SHA256:37f8f387395f96c214ac44f7475c7a2e1f832dfc1de289a3610e0ffbf728f679
Referenced In Project/Scope: Simplicite Platform:compile
graphics2d-0.32.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.openhtmltopdf/openhtmltopdf-pdfbox@1.0.10

Identifiers

gson-2.8.6.jar

Description:

Gson JSON library

File Path: /var/simplicite/.m2/repository/com/google/code/gson/gson/2.8.6/gson-2.8.6.jar
MD5: 310f5841387183aca7900fead98d4858
SHA1: 9180733b7df8542621dc12e21e87557e8c99b8cb
SHA256:c8fb4839054d280b3033f800d1f5a97de2f028eb8ba2eb458ad287e536f3f25f
Referenced In Project/Scope: Simplicite Platform:compile
gson-2.8.6.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.google.protobuf/protobuf-java-util@3.17.3

Identifiers

CVE-2022-25647  

The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks.
CWE-502 Deserialization of Untrusted Data

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

guava-30.1.1-jre.jar

Description:

    Guava is a suite of core and expanded libraries that include
    utility classes, Google's collections, I/O classes, and
    much more.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/google/guava/guava/30.1.1-jre/guava-30.1.1-jre.jar
MD5: 05374f163d0a4141db672fff9df95b12
SHA1: 87e0fd1df874ea3cbe577702fe6f17068b790fd8
SHA256:44ce229ce26d880bf3afc362bbfcec34d7e6903d195bbb1db9f3b6e0d9834f06
Referenced In Project/Scope: Simplicite Platform:compile
guava-30.1.1-jre.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

CVE-2023-2976  

Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class.

Even though the security vulnerability is fixed in version 32.0.0, we recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.
CWE-552 Files or Directories Accessible to External Parties

CVSSv3:
  • Base Score: HIGH (7.1)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

References:

Vulnerable Software & Versions:

CVE-2020-8908  

A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in question has been marked @Deprecated in versions 30.0 and later and should not be used. For Android developers, we recommend choosing a temporary directory API provided by Android, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime's java.io.tmpdir system property to point to a location whose permissions are appropriately configured.
CWE-732 Incorrect Permission Assignment for Critical Resource

CVSSv2:
  • Base Score: LOW (2.1)
  • Vector: /AV:L/AC:L/Au:N/C:P/I:N/A:N
CVSSv3:
  • Base Score: LOW (3.3)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

h2-2.1.214.jar

Description:

H2 Database Engine

License:

MPL 2.0: https://www.mozilla.org/en-US/MPL/2.0/
EPL 1.0: https://opensource.org/licenses/eclipse-1.0.php
File Path: /var/simplicite/.m2/repository/com/h2database/h2/2.1.214/h2-2.1.214.jar
MD5: 93628fb706e682dd989f697394039025
SHA1: d5c2005c9e3279201e12d4776c948578b16bf8b2
SHA256:d623cdc0f61d218cf549a8d09f1c391ff91096116b22e2475475fce4fbe72bd0
Referenced In Project/Scope: Simplicite Platform:runtime
h2-2.1.214.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

CVE-2022-45868  

The web-based admin console in H2 Database Engine through 2.1.214 can be started via the CLI with the argument -webAdminPassword, which allows the user to specify the password in cleartext for the web admin console. Consequently, a local user (or an attacker that has obtained local access through some means) would be able to discover the password by listing processes and their arguments. NOTE: the vendor states "This is not a vulnerability of H2 Console ... Passwords should never be passed on the command line and every qualified DBA or system administrator is expected to know that."
CWE-312 Cleartext Storage of Sensitive Information

CVSSv3:
  • Base Score: HIGH (7.8)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions:

CVE-2018-14335 (OSSINDEX)  

h2database - Improper Link Resolution Before File Access

The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
CWE-59 Improper Link Resolution Before File Access ('Link Following')

CVSSv2:
  • Base Score: MEDIUM (6.0)
  • Vector: /AV:L/AC:L/Au:/C:H/I:N/A:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:com.h2database:h2:2.1.214:*:*:*:*:*:*:*

h2-2.1.214.jar: data.zip: table.js

File Path: /var/simplicite/.m2/repository/com/h2database/h2/2.1.214/h2-2.1.214.jar/org/h2/util/data.zip/org/h2/server/web/res/table.js
MD5: 1c37e9e03787c821410ce684efa8feb7
SHA1: 3377bc4afb4fa0aeaa4fff9098ebb4446fa5be99
SHA256:07e1b3fc6feb8a8713b6659fc047cd9177d85b22f4bb0fa857be1c81786db701
Referenced In Project/Scope: Simplicite Platform:runtime

Identifiers

  • None

h2-2.1.214.jar: data.zip: tree.js

File Path: /var/simplicite/.m2/repository/com/h2database/h2/2.1.214/h2-2.1.214.jar/org/h2/util/data.zip/org/h2/server/web/res/tree.js
MD5: 4303428a5a49c1ae6c87a5dde9b4c9c3
SHA1: 9bca06117ddee5657dbe89eea197372128fe56e9
SHA256:1d5c4ba3b1a5dfcfe250fba716b55a9a7d0ffe624fc480713ff782c4d671836f
Referenced In Project/Scope: Simplicite Platform:runtime

Identifiers

  • None

hadoop-hdfs-client-3.3.1.jar

Description:

Apache Hadoop HDFS Client

File Path: /var/simplicite/.m2/repository/org/apache/hadoop/hadoop-hdfs-client/3.3.1/hadoop-hdfs-client-3.3.1.jar
MD5: df16b76d5b2b4c33561e94ae47827637
SHA1: 5ad71520a3632a9b5b2c65f9f53d1c9d80544ee0
SHA256:23e86d658b016394c263f80b8e318f232167a8862a07a3d50e5369175f3e8a58
Referenced In Project/Scope: Simplicite Platform:compile
hadoop-hdfs-client-3.3.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.commons/commons-vfs2@2.9.0

Identifiers

CVE-2021-37404  

There is a potential heap buffer overflow in Apache Hadoop libhdfs native code. Opening a file path provided by user without validation may result in a denial of service or arbitrary code execution. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher.
CWE-787 Out-of-bounds Write

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2022-25168  

Apache Hadoop's FileUtil.unTar(File, File) API does not escape the input file name before being passed to the shell. An attacker can inject arbitrary commands. This is only used in Hadoop 3.3 InMemoryAliasMap.completeBootstrapTransfer, which is only ever run by a local user. It has been used in Hadoop 2.x for yarn localization, which does enable remote code execution. It is used in Apache Spark, from the SQL command ADD ARCHIVE. As the ADD ARCHIVE command adds new binaries to the classpath, being able to execute shell scripts does not confer new permissions to the caller. SPARK-38305. "Check existence of file before untarring/zipping", which is included in 3.3.0, 3.1.4, 3.2.2, prevents shell commands being executed, regardless of which version of the hadoop libraries are in use. Users should upgrade to Apache Hadoop 2.10.2, 3.2.4, 3.3.3 or upper (including HADOOP-18136).
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2022-26612  

In Apache Hadoop, The unTar function uses unTarUsingJava function on Windows and the built-in tar utility on Unix and other OSes. As a result, a TAR entry may create a symlink under the expected extraction directory which points to an external directory. A subsequent TAR entry may extract an arbitrary file into the external directory using the symlink name. This however would be caught by the same targetDirPath check on Unix because of the getCanonicalPath call. However on Windows, getCanonicalPath doesn't resolve symbolic links, which bypasses the check. unpackEntries during TAR extraction follows symbolic links which allows writing outside expected base directory on Windows. This was addressed in Apache Hadoop 3.2.3
CWE-59 Improper Link Resolution Before File Access ('Link Following')

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2021-25642  

ZKConfigurationStore which is optionally used by CapacityScheduler of Apache Hadoop YARN deserializes data obtained from ZooKeeper without validation. An attacker having access to ZooKeeper can run arbitrary commands as YARN user by exploiting this. Users should upgrade to Apache Hadoop 2.10.2, 3.2.4, 3.3.4 or later (containing YARN-11126) if ZKConfigurationStore is used.
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: HIGH (8.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2021-33036  

In Apache Hadoop 2.2.0 to 2.10.1, 3.0.0-alpha1 to 3.1.4, 3.2.0 to 3.2.2, and 3.3.0 to 3.3.1, a user who can escalate to yarn user can possibly run arbitrary commands as root user. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher.
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv2:
  • Base Score: HIGH (9.0)
  • Vector: /AV:N/AC:L/Au:S/C:C/I:C/A:C
CVSSv3:
  • Base Score: HIGH (8.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2023-26031  

Relative library resolution in linux container-executor binary in Apache Hadoop 3.3.1-3.3.4 on Linux allows local user to gain root privileges. If the YARN cluster is accepting work from remote (authenticated) users, this MAY permit remote users to gain root privileges.

Hadoop 3.3.0 updated the " YARN Secure Containers https://hadoop.apache.org/docs/stable/hadoop-yarn/hadoop-yarn-site/SecureContainer.html " to add a feature for executing user-submitted applications in isolated linux containers.

The native binary HADOOP_HOME/bin/container-executor is used to launch these containers; it must be owned by root and have the suid bit set in order for the YARN processes to run the containers as the specific users submitting the jobs.

The patch " YARN-10495 https://issues.apache.org/jira/browse/YARN-10495 . make the rpath of container-executor configurable" modified the library loading path for loading .so files from "$ORIGIN/" to ""$ORIGIN/:../lib/native/". This is the a path through which libcrypto.so is located. Thus it is is possible for a user with reduced privileges to install a malicious libcrypto library into a path to which they have write access, invoke the container-executor command, and have their modified library executed as root.
If the YARN cluster is accepting work from remote (authenticated) users, and these users' submitted job are executed in the physical host, rather than a container, then the CVE permits remote users to gain root privileges.

The fix for the vulnerability is to revert the change, which is done in  YARN-11441 https://issues.apache.org/jira/browse/YARN-11441 , "Revert YARN-10495". This patch is in hadoop-3.3.5.

To determine whether a version of container-executor is vulnerable, use the readelf command. If the RUNPATH or RPATH value contains the relative path "./lib/native/" then it  is at risk

$ readelf -d container-executor|grep 'RUNPATH\|RPATH' 
0x000000000000001d (RUNPATH)            Library runpath: [$ORIGIN/:../lib/native/]

If it does not, then it is safe:

$ readelf -d container-executor|grep 'RUNPATH\|RPATH' 
0x000000000000001d (RUNPATH)            Library runpath: [$ORIGIN/]

For an at-risk version of container-executor to enable privilege escalation, the owner must be root and the suid bit must be set

$ ls -laF /opt/hadoop/bin/container-executor
---Sr-s---. 1 root hadoop 802968 May 9 20:21 /opt/hadoop/bin/container-executor

A safe installation lacks the suid bit; ideally is also not owned by root.

$ ls -laF /opt/hadoop/bin/container-executor
-rwxr-xr-x. 1 yarn hadoop 802968 May 9 20:21 /opt/hadoop/bin/container-executor

This configuration does not support Yarn Secure Containers, but all other hadoop services, including YARN job execution outside secure containers continue to work.
CWE-426 Untrusted Search Path

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions:

hamcrest-core-1.3.jar

Description:

    This is the core API of hamcrest matcher framework to be used by third-party framework providers. This includes the a foundation set of matcher implementations for common operations.

File Path: /var/simplicite/.m2/repository/org/hamcrest/hamcrest-core/1.3/hamcrest-core-1.3.jar
MD5: 6393363b47ddcbba82321110c3e07519
SHA1: 42a25dc3219429f0e5d060061f71acb49bf010a0
SHA256:66fdef91e9739348df7a096aa384a5685f4e875584cce89386a7a47251c4d8e9
Referenced In Project/Scope: Simplicite Platform:compile
hamcrest-core-1.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/junit/junit@4.13.2

Identifiers

handlebars:4.7.7

Description:

Handlebars provides the power necessary to let you build semantic templates effectively with no frustration

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?npm-audit-html:1.5.0/handlebars:^4.7.6

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/npm-audit-html:1.5.0
  • simplicite-js:5.2.54

Identifiers

hard-rejection:2.1.0

Description:

Make unhandled promise rejections fail hard right away instead of the default silent fail

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?meow:9.0.0/hard-rejection:^2.1.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/meow:9.0.0
  • simplicite-js:5.2.54

Identifiers

has-bigints:1.0.2

Description:

Determine if the JS environment has BigInt support.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?unbox-primitive:1.0.2/has-bigints:^1.0.2

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/unbox-primitive:1.0.2
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/is-bigint:1.0.4

Identifiers

has-flag:3.0.0

Description:

Check if argv has a specific flag

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?supports-color:5.5.0/has-flag:^3.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/supports-color:5.5.0
  • simplicite-js:5.2.54/supports-hyperlinks:2.3.0
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/supports-color:7.2.0

Identifiers

has-property-descriptors:1.0.0

Description:

Does the environment have full property descriptor support? Handles IE 8's broken defineProperty/gOPD.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/has-property-descriptors:1.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/es-abstract:1.21.2
  • simplicite-js:5.2.54/define-properties:1.2.0
  • simplicite-js:5.2.54

Identifiers

has-proto:1.0.1

Description:

Does this environment have the ability to get the [[Prototype]] of an object on creation with `__proto__`?

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/has-proto:1.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/es-abstract:1.21.2
  • simplicite-js:5.2.54/get-intrinsic:1.2.1
  • simplicite-js:5.2.54

Identifiers

has-symbols:1.0.3

Description:

Determine if the JS environment has Symbol support. Supports spec, or shams.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?unbox-primitive:1.0.2/has-symbols:^1.0.3

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/unbox-primitive:1.0.2
  • simplicite-js:5.2.54/es-abstract:1.21.2
  • simplicite-js:5.2.54/has-tostringtag:1.0.0
  • simplicite-js:5.2.54/is-symbol:1.0.4
  • simplicite-js:5.2.54/safe-array-concat:1.0.0
  • simplicite-js:5.2.54/get-intrinsic:1.2.1
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/object.assign:4.1.4

Identifiers

has-tostringtag:1.0.0

Description:

Determine if the JS environment has `Symbol.toStringTag` support. Supports spec, or shams.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?which-typed-array:1.1.9/has-tostringtag:^1.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/is-string:1.0.7
  • simplicite-js:5.2.54/is-typed-array:1.1.10
  • simplicite-js:5.2.54/which-typed-array:1.1.9
  • simplicite-js:5.2.54/is-boolean-object:1.1.2
  • simplicite-js:5.2.54/is-number-object:1.0.7
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/es-set-tostringtag:2.0.1
  • simplicite-js:5.2.54/is-regex:1.1.4
  • simplicite-js:5.2.54/is-date-object:1.0.5

Identifiers

has-unicode:2.0.1

Description:

Try to guess if your terminal supports unicode

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/has-unicode:2.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/gauge:4.0.4
  • simplicite-js:5.2.54

Identifiers

has-yarn:2.1.0

Description:

Check if a project is using Yarn

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?update-notifier:4.1.3/has-yarn:^2.1.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/update-notifier:6.0.2
  • simplicite-js:5.2.54/update-notifier:4.1.3
  • simplicite-js:5.2.54/update-notifier:5.1.0
  • simplicite-js:5.2.54

Identifiers

has:1.0.3

Description:

Object.prototype.hasOwnProperty.call shortcut

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?is-core-module:2.12.1/has:^1.0.3

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/es-abstract:1.21.2
  • simplicite-js:5.2.54/internal-slot:1.0.5
  • simplicite-js:5.2.54/is-core-module:2.12.1
  • simplicite-js:5.2.54/get-intrinsic:1.2.1
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/es-set-tostringtag:2.0.1

Identifiers

highlight-es:1.0.3

Description:

Highlight ECMAScript syntax for the console or any other medium.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/highlight-es:1.0.3

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/callsite-record:4.1.5
  • simplicite-js:5.2.54

Identifiers

highlight.js:10.7.3

Description:

Syntax highlighting with language autodetection.

License:

BSD-3-Clause
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/highlight.js:10.7.3

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/npm-audit-html:1.5.0
  • simplicite-js:5.2.54

Identifiers

highlight.js:11.5.1

Description:

Syntax highlighting with language autodetection.

License:

BSD-3-Clause
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/highlight.js:11.5.1

Referenced In Project/Scope: simplicite-js:5.2.54

Identifiers

homedir-polyfill:1.0.3

Description:

Node.js os.homedir polyfill for older versions of node.js.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?v8flags:3.2.0/homedir-polyfill:^1.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/v8flags:3.2.0

Identifiers

hosted-git-info:4.1.0

Description:

Provides metadata and conversions from repository urls for GitHub, Bitbucket and GitLab

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?normalize-package-data:3.0.3/hosted-git-info:^4.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/normalize-package-data:3.0.3
  • simplicite-js:5.2.54/normalize-package-data:2.5.0
  • simplicite-js:5.2.54/npm-package-arg:10.1.0
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/normalize-package-data:5.0.0

Identifiers

hosted-git-info:5.2.1

Description:

Provides metadata and conversions from repository urls for GitHub, Bitbucket and GitLab

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/hosted-git-info:5.2.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/npm-check-updates:16.14.14
  • simplicite-js:5.2.54

Identifiers

hsqldb-2.6.1.jar

Description:

HSQLDB - Lightweight 100% Java SQL Database Engine

License:

HSQLDB License, a BSD open source license: http://hsqldb.org/web/hsqlLicense.html
File Path: /var/simplicite/.m2/repository/org/hsqldb/hsqldb/2.6.1/hsqldb-2.6.1.jar
MD5: 9dd059b3f1558202870d7cf585275ef7
SHA1: e626f8231592da1862fac632a6230752cf69b8e9
SHA256:e3f9e9d472d985b95ee5c10ed40d03496c3a26b950590ae0a49ce608626dcbe8
Referenced In Project/Scope: Simplicite Platform:runtime
hsqldb-2.6.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

CVE-2022-41853  

Those using java.sql.Statement or java.sql.PreparedStatement in hsqldb (HyperSQL DataBase) to process untrusted input may be vulnerable to a remote code execution attack. By default it is allowed to call any static method of any Java class in the classpath resulting in code execution. The issue can be prevented by updating to 2.7.1 or by setting the system property "hsqldb.method_class_names" to classes which are allowed to be called. For example, System.setProperty("hsqldb.method_class_names", "abc") or Java argument -Dhsqldb.method_class_names="abc" can be used. From version 2.7.1 all classes by default are not accessible except those in java.lang.Math and need to be manually enabled.
NVD-CWE-noinfo

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions:

html-tags:3.3.1

Description:

List of standard HTML tags

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?stylelint:14.16.1/html-tags:^3.2.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/stylelint:14.16.1
  • simplicite-js:5.2.54

Identifiers

htmlparser2:3.8.3

Description:

Fast & forgiving HTML/XML/RSS parser

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/htmlparser2:3.8.3

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/jshint:2.13.1
  • simplicite-js:5.2.54

Identifiers

http-cache-semantics:4.1.1

Description:

Parses Cache-Control and other headers. Helps building correct HTTP caches and proxies

License:

BSD-2-Clause
File Path: /var/simplicite/simplicite-5.2/package-lock.json?cacheable-request:6.1.0/http-cache-semantics:^4.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/cacheable-request:6.1.0
  • simplicite-js:5.2.54/make-fetch-happen:11.1.1
  • simplicite-js:5.2.54/cacheable-request:10.2.12
  • simplicite-js:5.2.54

Identifiers

http-proxy-agent:5.0.0

Description:

An HTTP(s) proxy `http.Agent` implementation for HTTP

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?make-fetch-happen:11.1.1/http-proxy-agent:^5.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/make-fetch-happen:11.1.1
  • simplicite-js:5.2.54

Identifiers

http2-wrapper:2.2.0

Description:

HTTP2 client, just with the familiar `https` API

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?got:13.0.0/http2-wrapper:^2.1.10

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/got:12.6.1
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/got:13.0.0

Identifiers

httpasyncclient-4.1.4.jar

Description:

   Apache HttpComponents AsyncClient

File Path: /var/simplicite/.m2/repository/org/apache/httpcomponents/httpasyncclient/4.1.4/httpasyncclient-4.1.4.jar
MD5: f29a16f1c28f5b3dd511cbd16d7fa422
SHA1: f3a3240681faae3fa46b573a4c7e50cec9db0d86
SHA256:50e981a8e567a16ebdad104605b156540a863459fa127b8ba647f310dfc83ef8
Referenced In Project/Scope: Simplicite Platform:compile
httpasyncclient-4.1.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

httpclient-4.5.13.jar

Description:

   Apache HttpComponents Client

File Path: /var/simplicite/.m2/repository/org/apache/httpcomponents/httpclient/4.5.13/httpclient-4.5.13.jar
MD5: 40d6b9075fbd28fa10292a45a0db9457
SHA1: e5f6cae5ca7ecaac1ec2827a9e2d65ae2869cada
SHA256:6fe9026a566c6a5001608cf3fc32196641f6c1e5e1986d1037ccdbd5f31ef743
Referenced In Project/Scope: Simplicite Platform:compile
httpclient-4.5.13.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

httpcore-4.4.14.jar

Description:

   Apache HttpComponents Core (blocking I/O)

File Path: /var/simplicite/.m2/repository/org/apache/httpcomponents/httpcore/4.4.14/httpcore-4.4.14.jar
MD5: 2b3991eda121042765a5ee299556c200
SHA1: 9dd1a631c082d92ecd4bd8fd4cf55026c720a8c1
SHA256:f956209e450cb1d0c51776dfbd23e53e9dd8db9a1298ed62b70bf0944ba63b28
Referenced In Project/Scope: Simplicite Platform:compile
httpcore-4.4.14.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

httpcore-nio-4.4.14.jar

Description:

   Apache HttpComponents Core (non-blocking I/O)

File Path: /var/simplicite/.m2/repository/org/apache/httpcomponents/httpcore-nio/4.4.14/httpcore-nio-4.4.14.jar
MD5: fc67803925f395dbb90e61992bbf0291
SHA1: 175aeb59b09cf2ebbec622fe1704904a092ee291
SHA256:88c695f7342ba76dafd4035fa9bebbf82837c573de0d81324ba7921b4e14f5c8
Referenced In Project/Scope: Simplicite Platform:compile
httpcore-nio-4.4.14.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

httpmime-4.5.13.jar

Description:

   Apache HttpComponents HttpClient - MIME coded entities

File Path: /var/simplicite/.m2/repository/org/apache/httpcomponents/httpmime/4.5.13/httpmime-4.5.13.jar
MD5: 3f0c1ef2c9dc47b62b780192f54b0c18
SHA1: efc110bad4a0d45cda7858e6beee1d8a8313da5a
SHA256:06e754d99245b98dcc2860dcb43d20e737d650da2bf2077a105f68accbd5c5cc
Referenced In Project/Scope: Simplicite Platform:compile
httpmime-4.5.13.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

https-proxy-agent:5.0.1

Description:

An HTTP(s) proxy `http.Agent` implementation for HTTPS

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?make-fetch-happen:11.1.1/https-proxy-agent:^5.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/make-fetch-happen:11.1.1
  • simplicite-js:5.2.54

Identifiers

human-signals:2.1.0

Description:

Human-friendly process signals

License:

Apache-2.0
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/human-signals:2.1.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/execa:5.1.1
  • simplicite-js:5.2.54

Identifiers

humanize-ms:1.2.1

Description:

transform humanize time to ms

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/humanize-ms:1.2.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/agentkeepalive:4.3.0
  • simplicite-js:5.2.54

Identifiers

iconv-lite:0.4.24

Description:

Convert character encodings in pure javascript.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/iconv-lite:0.4.24

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/external-editor:3.1.0

Identifiers

iconv-lite:0.6.3

Description:

Convert character encodings in pure javascript.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/iconv-lite:0.6.3

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/encoding:0.1.13

Identifiers

icu4j-69.1.jar

Description:

    International Component for Unicode for Java (ICU4J) is a mature, widely used Java library
    providing Unicode and Globalization support

License:

Unicode/ICU License: https://raw.githubusercontent.com/unicode-org/icu/master/icu4c/LICENSE
File Path: /var/simplicite/.m2/repository/com/ibm/icu/icu4j/69.1/icu4j-69.1.jar
MD5: 1be8018240774c697a812df60e23aed4
SHA1: ff666ac55986650893aacb9e2e0003538e9799c0
SHA256:98286f3d538bc7bde87d70bf2cac3acc9ed7b7fe941db5e94a8c3fa13516f963
Referenced In Project/Scope: Simplicite Platform:compile
icu4j-69.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

  • pkg:maven/com.ibm.icu/icu4j@69.1  (Confidence:High)
  • cpe:2.3:a:icu-project:international_components_for_unicode:69.1:*:*:*:*:*:*:*  (Confidence:Low)  
  • cpe:2.3:a:unicode:international_components_for_unicode:69.1:*:*:*:*:*:*:*  (Confidence:Low)  

ieee754:1.2.1

Description:

Read/write IEEE754 floating point numbers from/to a Buffer or array-like object

License:

BSD-3-Clause
File Path: /var/simplicite/simplicite-5.2/package-lock.json?buffer:6.0.3/ieee754:^1.2.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/buffer:6.0.3
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/buffer:5.7.1

Identifiers

ignore-walk:6.0.3

Description:

Nested/recursive `.gitignore`/`.npmignore` parsing and filtering.

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?npm-packlist:7.0.4/ignore-walk:^6.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/npm-packlist:7.0.4
  • simplicite-js:5.2.54

Identifiers

ignore:5.2.4

Description:

Ignore is a manager and filter for .gitignore rules, the one used by eslint, gitbook and many others.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?stylelint:14.16.1/ignore:^5.2.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/eslint:8.56.0
  • simplicite-js:5.2.54/stylelint:14.16.1
  • simplicite-js:5.2.54/@eslint/eslintrc:2.1.4
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/globby:11.1.0
  • simplicite-js:5.2.54/depcheck:1.4.3

Identifiers

immediate:3.0.6

Description:

A cross browser microtask library

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?lie:3.3.0/immediate:~3.0.5

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/lie:3.3.0
  • simplicite-js:5.2.54

Identifiers

immutable:4.3.0

Description:

Immutable Data Collections

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?sass:1.63.6/immutable:^4.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/sass:1.63.6

Identifiers

import-fresh:3.3.0

Description:

Import a module while bypassing the cache

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/import-fresh:3.3.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@eslint/eslintrc:2.1.4
  • simplicite-js:5.2.54/cosmiconfig:7.1.0
  • simplicite-js:5.2.54

Identifiers

import-lazy:2.1.0

Description:

Import modules lazily

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/import-lazy:2.1.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/update-notifier:4.1.3
  • simplicite-js:5.2.54

Identifiers

import-lazy:4.0.0

Description:

Import a module lazily

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?stylelint:14.16.1/import-lazy:^4.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/update-notifier:6.0.2
  • simplicite-js:5.2.54/stylelint:14.16.1
  • simplicite-js:5.2.54/update-notifier:5.1.0
  • simplicite-js:5.2.54

Identifiers

imurmurhash:0.1.4

Description:

An incremental implementation of MurmurHash3

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?write-file-atomic:4.0.2/imurmurhash:^0.1.4

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/unique-slug:4.0.0
  • simplicite-js:5.2.54/eslint:8.56.0
  • simplicite-js:5.2.54/stylelint:14.16.1
  • simplicite-js:5.2.54/write-file-atomic:4.0.2
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/write-file-atomic:3.0.3

Identifiers

indent-string:4.0.0

Description:

Indent each line in a string

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?redent:3.0.0/indent-string:^4.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/redent:3.0.0
  • simplicite-js:5.2.54/aggregate-error:3.1.0
  • simplicite-js:5.2.54

Identifiers

inflight:1.0.6

Description:

Add callbacks to requests in flight to avoid async duplication

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/inflight:1.0.6

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/glob:7.2.3
  • simplicite-js:5.2.54

Identifiers

inherits:2.0.4

Description:

Browser-friendly inheritance fully compatible with standard node.js inherits()

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?readable-stream:1.1.14/inherits:~2.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/bl:4.1.0
  • simplicite-js:5.2.54/glob:7.2.3
  • simplicite-js:5.2.54/readable-stream:2.3.8
  • simplicite-js:5.2.54/readable-stream:3.6.2
  • simplicite-js:5.2.54/readable-stream:1.1.14
  • simplicite-js:5.2.54

Identifiers

ini:1.3.8

Description:

An ini encoder/decoder for node

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/ini:1.3.8

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/config-chain:1.1.13
  • simplicite-js:5.2.54/rc:1.2.8
  • simplicite-js:5.2.54/global-dirs:2.1.0
  • simplicite-js:5.2.54/global-dirs:3.0.1
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/global-prefix:3.0.0

Identifiers

ini:2.0.0

Description:

An ini encoder/decoder for node

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/ini:2.0.0

Referenced In Project/Scope: simplicite-js:5.2.54

Identifiers

ini:4.1.1

Description:

An ini encoder/decoder for node

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/ini:4.1.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/npm-check-updates:16.14.14
  • simplicite-js:5.2.54

Identifiers

inquirer:7.3.3

Description:

A collection of common interactive command line user interfaces.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?npm-check:6.0.1/inquirer:^7.3.3

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/npm-check:6.0.1
  • simplicite-js:5.2.54

Identifiers

internal-slot:1.0.5

Description:

ES spec-like internal slots

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/internal-slot:1.0.5

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/es-abstract:1.21.2
  • simplicite-js:5.2.54

Identifiers

invariant:2.2.4

Description:

invariant

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?scss-parser:1.0.6/invariant:2.2.4

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/scss-parser:1.0.6
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/query-ast:1.0.5

Identifiers

ip:2.0.0

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?socks:2.7.1/ip:^2.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/socks:2.7.1
  • simplicite-js:5.2.54

Identifiers

is-array-buffer:3.0.2

Description:

Is this value a JS ArrayBuffer?

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/is-array-buffer:3.0.2

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/array-buffer-byte-length:1.0.0
  • simplicite-js:5.2.54/es-abstract:1.21.2
  • simplicite-js:5.2.54

Identifiers

is-arrayish:0.2.1

Description:

Determines if an object can be used as an array

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/is-arrayish:0.2.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/error-ex:1.3.2
  • simplicite-js:5.2.54

Identifiers

is-bigint:1.0.4

Description:

Is this value an ES BigInt?

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?which-boxed-primitive:1.0.2/is-bigint:^1.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/which-boxed-primitive:1.0.2

Identifiers

is-binary-path:2.1.0

Description:

Check if a file path is a binary file

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/is-binary-path:2.1.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/chokidar:3.5.3
  • simplicite-js:5.2.54

Identifiers

is-boolean-object:1.1.2

Description:

Is this value a JS Boolean? This module works cross-realm/iframe, and despite ES6 @@toStringTag.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?which-boxed-primitive:1.0.2/is-boolean-object:^1.1.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/which-boxed-primitive:1.0.2

Identifiers

is-builtin-module:3.2.1

Description:

Check if a string matches the name of a Node.js builtin module

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/is-builtin-module:3.2.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/eslint-plugin-jsdoc:48.0.4
  • simplicite-js:5.2.54

Identifiers

is-callable:1.2.7

Description:

Is this JS value callable? Works with Functions and GeneratorFunctions, despite ES6 @@toStringTag.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/is-callable:1.2.7

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/es-abstract:1.21.2
  • simplicite-js:5.2.54/for-each:0.3.3
  • simplicite-js:5.2.54/es-to-primitive:1.2.1
  • simplicite-js:5.2.54

Identifiers

is-ci:2.0.0

Description:

Detect if the current environment is a CI server

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?update-notifier:4.1.3/is-ci:^2.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/npm-check:6.0.1
  • simplicite-js:5.2.54/update-notifier:6.0.2
  • simplicite-js:5.2.54/update-notifier:4.1.3
  • simplicite-js:5.2.54/update-notifier:5.1.0
  • simplicite-js:5.2.54

Identifiers

is-core-module:2.12.1

Description:

Is this specifier a node.js core module?

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?resolve:1.22.2/is-core-module:^2.11.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/normalize-package-data:3.0.3
  • simplicite-js:5.2.54/normalize-package-data:5.0.0
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/resolve:1.22.2
  • simplicite-js:5.2.54/depcheck:1.4.3

Identifiers

is-date-object:1.0.5

Description:

Is this value a JS Date object? This module works cross-realm/iframe, and despite ES6 @@toStringTag.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/is-date-object:1.0.5

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/es-to-primitive:1.2.1
  • simplicite-js:5.2.54

Identifiers

is-docker:2.2.1

Description:

Check if the process is running inside a Docker container

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?open:7.4.2/is-docker:^2.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/is-wsl:2.2.0
  • simplicite-js:5.2.54/open:7.4.2
  • simplicite-js:5.2.54

Identifiers

is-es2016-keyword:1.0.0

Description:

Determine if string is an ES2016 keyword.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/is-es2016-keyword:1.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/highlight-es:1.0.3

Identifiers

is-extglob:2.1.1

Description:

Returns true if a string has an extglob.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?is-glob:4.0.3/is-extglob:^2.1.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/is-glob:4.0.3
  • simplicite-js:5.2.54

Identifiers

is-fullwidth-code-point:3.0.0

Description:

Check if the character represented by a given Unicode code point is fullwidth

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?string-width-cjs:4.2.3/is-fullwidth-code-point:^3.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/slice-ansi:4.0.0
  • simplicite-js:5.2.54/string-width:4.2.3
  • simplicite-js:5.2.54/string-width-cjs:4.2.3
  • simplicite-js:5.2.54

Identifiers

is-glob:4.0.3

Description:

Returns `true` if the given string looks like a glob pattern or an extglob pattern. This makes it easy to create code that only uses external modules like node-glob when necessary, resulting in much faster code execution and initialization time, and a better user experience.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/is-glob:4.0.3

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/eslint:8.56.0
  • simplicite-js:5.2.54/chokidar:3.5.3
  • simplicite-js:5.2.54/glob-parent:5.1.2
  • simplicite-js:5.2.54/glob-parent:6.0.2
  • simplicite-js:5.2.54

Identifiers

is-installed-globally:0.3.2

Description:

Check if your package was installed globally

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?update-notifier:4.1.3/is-installed-globally:^0.3.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/update-notifier:6.0.2
  • simplicite-js:5.2.54/update-notifier:4.1.3
  • simplicite-js:5.2.54/update-notifier:5.1.0
  • simplicite-js:5.2.54

Identifiers

is-interactive:1.0.0

Description:

Check if stdout or stderr is interactive

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?ora:5.4.1/is-interactive:^1.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/ora:5.4.1
  • simplicite-js:5.2.54

Identifiers

is-lambda:1.0.1

Description:

Detect if your code is running on an AWS Lambda server

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?make-fetch-happen:11.1.1/is-lambda:^1.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/make-fetch-happen:11.1.1
  • simplicite-js:5.2.54

Identifiers

is-negative-zero:2.0.2

Description:

Is this value negative zero? === will lie to you

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/is-negative-zero:2.0.2

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/es-abstract:1.21.2
  • simplicite-js:5.2.54

Identifiers

is-npm:4.0.0

Description:

Check if your code is running as an npm script

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?update-notifier:4.1.3/is-npm:^4.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/update-notifier:6.0.2
  • simplicite-js:5.2.54/update-notifier:4.1.3
  • simplicite-js:5.2.54/update-notifier:5.1.0
  • simplicite-js:5.2.54

Identifiers

is-number-object:1.0.7

Description:

Is this value a JS Number object? This module works cross-realm/iframe, and despite ES6 @@toStringTag.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?which-boxed-primitive:1.0.2/is-number-object:^1.0.4

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/which-boxed-primitive:1.0.2

Identifiers

is-number:7.0.0

Description:

Returns true if a number or string value is a finite number. Useful for regex matches, parsing, user input, etc.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?to-regex-range:5.0.1/is-number:^7.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/to-regex-range:5.0.1
  • simplicite-js:5.2.54

Identifiers

is-obj:2.0.0

Description:

Check if a value is an object

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?dot-prop:6.0.1/is-obj:^2.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/dot-prop:6.0.1
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/dot-prop:5.3.0

Identifiers

is-path-inside:3.0.3

Description:

Check if a path is inside another path

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?is-installed-globally:0.4.0/is-path-inside:^3.0.2

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/is-installed-globally:0.4.0
  • simplicite-js:5.2.54/eslint:8.56.0
  • simplicite-js:5.2.54/is-installed-globally:0.3.2
  • simplicite-js:5.2.54

Identifiers

is-plain-obj:1.1.0

Description:

Check if a value is a plain object

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?minimist-options:4.1.0/is-plain-obj:^1.1.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/minimist-options:4.1.0

Identifiers

is-plain-object:2.0.4

Description:

Returns true if an object was created by the `Object` constructor.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/is-plain-object:2.0.4

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/clone-deep:4.0.1

Identifiers

is-plain-object:5.0.0

Description:

Returns true if an object was created by the `Object` constructor, or Object.create(null).

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/is-plain-object:5.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/stylelint:14.16.1
  • simplicite-js:5.2.54

Identifiers

is-regex:1.1.4

Description:

Is this value a JS regex? Works cross-realm/iframe, and despite ES6 @@toStringTag

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?safe-regex-test:1.0.0/is-regex:^1.1.4

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/es-abstract:1.21.2
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/safe-regex-test:1.0.0

Identifiers

is-shared-array-buffer:1.0.2

Description:

Is this value a JS SharedArrayBuffer?

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/is-shared-array-buffer:1.0.2

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/es-abstract:1.21.2
  • simplicite-js:5.2.54

Identifiers

is-stream:2.0.1

Description:

Check if something is a Node.js stream

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/is-stream:2.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/execa:5.1.1
  • simplicite-js:5.2.54

Identifiers

is-string:1.0.7

Description:

Is this value a JS String object or primitive? This module works cross-realm/iframe, and despite ES6 @@toStringTag.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?which-boxed-primitive:1.0.2/is-string:^1.0.5

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/es-abstract:1.21.2
  • simplicite-js:5.2.54/array.prototype.reduce:1.0.5
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/which-boxed-primitive:1.0.2

Identifiers

is-symbol:1.0.4

Description:

Determine if a value is an ES6 Symbol or not.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?which-boxed-primitive:1.0.2/is-symbol:^1.0.3

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/es-to-primitive:1.2.1
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/which-boxed-primitive:1.0.2

Identifiers

is-typed-array:1.1.10

Description:

Is this value a JS Typed Array? This module works cross-realm/iframe, does not depend on `instanceof` or mutable properties, and despite ES6 Symbol.toStringTag.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?which-typed-array:1.1.9/is-typed-array:^1.1.10

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/es-abstract:1.21.2
  • simplicite-js:5.2.54/is-array-buffer:3.0.2
  • simplicite-js:5.2.54/typed-array-length:1.0.4
  • simplicite-js:5.2.54/which-typed-array:1.1.9
  • simplicite-js:5.2.54

Identifiers

is-typedarray:1.0.0

Description:

Detect whether or not an object is a Typed Array

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?typedarray-to-buffer:3.1.5/is-typedarray:^1.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/typedarray-to-buffer:3.1.5
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/write-file-atomic:3.0.3

Identifiers

is-unicode-supported:0.1.0

Description:

Detect whether the terminal supports Unicode

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?ora:5.4.1/is-unicode-supported:^0.1.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/log-symbols:4.1.0
  • simplicite-js:5.2.54/ora:5.4.1
  • simplicite-js:5.2.54

Identifiers

is-weakref:1.0.2

Description:

Is this value a JS WeakRef? This module works cross-realm/iframe, and despite ES6 @@toStringTag.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/is-weakref:1.0.2

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/es-abstract:1.21.2
  • simplicite-js:5.2.54

Identifiers

is-wsl:2.2.0

Description:

Check if the process is running inside Windows Subsystem for Linux (Bash on Windows)

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?open:7.4.2/is-wsl:^2.1.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/open:7.4.2
  • simplicite-js:5.2.54

Identifiers

is-yarn-global:0.3.0

Description:

Check if installed by yarn globally without any `fs` calls

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?update-notifier:4.1.3/is-yarn-global:^0.3.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/update-notifier:6.0.2
  • simplicite-js:5.2.54/update-notifier:4.1.3
  • simplicite-js:5.2.54/update-notifier:5.1.0
  • simplicite-js:5.2.54

Identifiers

isarray:0.0.1

Description:

Array#isArray for older browsers

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?readable-stream:1.1.14/isarray:0.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/readable-stream:2.3.8
  • simplicite-js:5.2.54/readable-stream:1.1.14
  • simplicite-js:5.2.54

Identifiers

isarray:2.0.5

Description:

Array#isArray for older browsers

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/isarray:2.0.5

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/safe-array-concat:1.0.0
  • simplicite-js:5.2.54

Identifiers

isexe:2.0.0

Description:

Minimal module to check if a file is executable.

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?which:2.0.2/isexe:^2.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/which:1.3.1
  • simplicite-js:5.2.54/which:2.0.2
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/which:3.0.1

Identifiers

isobject:3.0.1

Description:

Returns true if the value is an object and not an array or null.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/isobject:3.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/is-plain-object:2.0.4
  • simplicite-js:5.2.54

Identifiers

istack-commons-runtime-3.0.12.jar

Description:

istack common utility code

License:

http://www.eclipse.org/org/documents/edl-v10.php
File Path: /var/simplicite/.m2/repository/com/sun/istack/istack-commons-runtime/3.0.12/istack-commons-runtime-3.0.12.jar
MD5: 1952bd76321f8580cfaa57e332a68287
SHA1: cbbe1a62b0cc6c85972e99d52aaee350153dc530
SHA256:27d85fc134c9271d5c79d3300fc4669668f017e72409727c428f54f2417f04cd
Referenced In Project/Scope: Simplicite Platform:compile
istack-commons-runtime-3.0.12.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.4

Identifiers

istack-commons-tools-3.0.12.jar

Description:

istack common utility code

License:

http://www.eclipse.org/org/documents/edl-v10.php
File Path: /var/simplicite/.m2/repository/com/sun/istack/istack-commons-tools/3.0.12/istack-commons-tools-3.0.12.jar
MD5: 466851283328c997fc3c9008ba71b869
SHA1: 7213eee4e9f65972968f03c9dd4df266ce42530b
SHA256:88369766d2f7bf7904595d295d759ef553de47f2b9fc7d0c82a42f602ed70af0
Referenced In Project/Scope: Simplicite Platform:compile
istack-commons-tools-3.0.12.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.glassfish.jaxb/jaxb-xjc@2.3.4

Identifiers

itext-2.1.7.jar

Description:

iText, a free Java-PDF library

License:

Mozilla Public License: http://www.mozilla.org/MPL/MPL-1.1.html
File Path: /var/simplicite/.m2/repository/com/lowagie/itext/2.1.7/itext-2.1.7.jar
MD5: 7587a618197a065eac4a453d173d4ed6
SHA1: 892bfb3e97074a61123b3b2d7caa2db112750864
SHA256:7d82c6b097a31cdf5a6d49a327bf582fdec7304da69308f9f6abf54aa9fd9055
Referenced In Project/Scope: Simplicite Platform:compile
itext-2.1.7.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

CVE-2017-9096 (OSSINDEX)  

The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML external entity (XXE) attacks via a crafted PDF.
CWE-611 Improper Restriction of XML External Entity Reference

CVSSv3:
  • Base Score: HIGH (8.8)
  • Vector: CVSS:/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:com.lowagie:itext:2.1.7:*:*:*:*:*:*:*

itext-rtf-2.1.7.jar

Description:

iText, a free Java-PDF library (rtf package)

License:

Mozilla Public License: http://www.mozilla.org/MPL/MPL-1.1.html
File Path: /var/simplicite/.m2/repository/com/lowagie/itext-rtf/2.1.7/itext-rtf-2.1.7.jar
MD5: f95d38da50192bc9e3876e3a987f02c1
SHA1: ed1cbe69ff69c6e6fa7645f51c8d25894a177e7b
SHA256:49d3b9df20ccc6565c91b8b18c638ecb018fd528b6eb64991d6d8ba73975c135
Referenced In Project/Scope: Simplicite Platform:compile
itext-rtf-2.1.7.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

j2objc-annotations-1.3.jar

Description:

    A set of annotations that provide additional information to the J2ObjC
    translator to modify the result of translation.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/google/j2objc/j2objc-annotations/1.3/j2objc-annotations-1.3.jar
MD5: 5fa4ec4ec0c5aa70af8a7d4922df1931
SHA1: ba035118bc8bac37d7eff77700720999acd9986d
SHA256:21af30c92267bd6122c0e0b4d20cccb6641a37eaf956c6540ec471d584e64a7b
Referenced In Project/Scope: Simplicite Platform:compile
j2objc-annotations-1.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.google.guava/guava@30.1.1-jre

Identifiers

jackson-core-2.12.4.jar

Description:

Core Jackson processing abstractions (aka Streaming API), implementation for JSON

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.12.4/jackson-core-2.12.4.jar
MD5: 58ffcb451f0bf6beb78e306cfe5d46f3
SHA1: 006a1bd259b6c4e3f9219ec8ec0be55ed11eed0c
SHA256:3506ce47ec2604ae2d80d79505f7cb374f718060639415c07d144adadd2d68a3
Referenced In Project/Scope: Simplicite Platform:compile
jackson-core-2.12.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

jackson-databind-2.12.4.jar

Description:

General data-binding functionality for Jackson: works on core streaming API

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.12.4/jackson-databind-2.12.4.jar
MD5: 7bf7ed4119602e8a7b23356dc0fba920
SHA1: 069206e02e6a696034f06a59d3ddbfbba5a4cd81
SHA256:e99a7b4b89074bc689aabcd9eb1f2c1318b68cc5c34979daf3e34edc558c7a01
Referenced In Project/Scope: Simplicite Platform:compile
jackson-databind-2.12.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

CVE-2020-36518  

jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
CWE-787 Out-of-bounds Write

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2021-46877  

jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before 2.13.1 allows attackers to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization.
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2022-42003  

In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2022-42004  

In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2023-35116  

jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor's perspective is that this is not a valid vulnerability report, because the steps of constructing a cyclic data structure and trying to serialize it cannot be achieved by an external attacker.
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv3:
  • Base Score: MEDIUM (4.7)
  • Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

jackson-dataformat-csv-2.12.4.jar

Description:

Support for reading and writing CSV-encoded data via Jackson
abstractions.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/fasterxml/jackson/dataformat/jackson-dataformat-csv/2.12.4/jackson-dataformat-csv-2.12.4.jar
MD5: 9ffd8d59e1aaa71413c539f2447fbee0
SHA1: 3c224197f67564b62148245a0ff6f36c8e6c878c
SHA256:e1205a19931b8e170d3eff96a2bca3b44d800b4e43538bc2d81dcdc1d4646ffd
Referenced In Project/Scope: Simplicite Platform:compile
jackson-dataformat-csv-2.12.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

jackson-datatype-guava-2.12.4.jar

Description:

Add-on datatype-support module for Jackson (https://github.com/FasterXML/jackson) that handles
Guava (http://code.google.com/p/guava-libraries/) types (currently mostly just collection ones)

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/fasterxml/jackson/datatype/jackson-datatype-guava/2.12.4/jackson-datatype-guava-2.12.4.jar
MD5: f3d25b735082c72426f760163260fdf7
SHA1: 40ef5fb094f8c0c2ff1c21ce496bfce94d159a52
SHA256:6b6b3ebadc433463e4c202222ddabb3991d166eb8d0f81d008f061f11506b0f5
Referenced In Project/Scope: Simplicite Platform:compile
jackson-datatype-guava-2.12.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

jackson-datatype-joda-2.12.4.jar

Description:

Add-on module for Jackson (http://github.com/FasterXML/jackson) to support Joda (https://www.joda.org/joda-time/) data types.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/fasterxml/jackson/datatype/jackson-datatype-joda/2.12.4/jackson-datatype-joda-2.12.4.jar
MD5: e26dff4f5c5d1b2900884909a5dfa2bf
SHA1: dcd7bb5f1158914903fae6c61bf0f9a44df480e1
SHA256:0de93d725472df2027c3e869301a3035892e607d94423c589c96964305d51051
Referenced In Project/Scope: Simplicite Platform:compile
jackson-datatype-joda-2.12.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

jackson-jaxrs-base-2.12.4.jar

Description:

Pile of code that is shared by all Jackson-based JAX-RS
providers.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/fasterxml/jackson/jaxrs/jackson-jaxrs-base/2.12.4/jackson-jaxrs-base-2.12.4.jar
MD5: 0a61dd890055bbdd1659010a553b37aa
SHA1: f5ee76196227cbd92452fabfa85d8c76f1f65467
SHA256:4dad3e5798b8c4d063363a8c30cedb1cc36bcd6fdbe5a91c75d6e37b88e813d5
Referenced In Project/Scope: Simplicite Platform:compile
jackson-jaxrs-base-2.12.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

jackson-jaxrs-json-provider-2.12.4.jar

Description:

Functionality to handle JSON input/output for JAX-RS implementations (like Jersey and RESTeasy) using standard Jackson data binding.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/fasterxml/jackson/jaxrs/jackson-jaxrs-json-provider/2.12.4/jackson-jaxrs-json-provider-2.12.4.jar
MD5: 7238aeaf1cd9b480dd6b6050902d3578
SHA1: f29fbd66937fcc8dc6485c64697b1283a37cbda7
SHA256:0dc4ddb9033d3f3e7bfebdb95a11d6ee9b8a85605fd8e8491994eae67a65025c
Referenced In Project/Scope: Simplicite Platform:compile
jackson-jaxrs-json-provider-2.12.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

jackson-jaxrs-xml-provider-2.12.4.jar

Description:

Functionality to handle XML input/output for JAX-RS implementations (like Jersey and RESTeasy) using standard Jackson data binding.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/fasterxml/jackson/jaxrs/jackson-jaxrs-xml-provider/2.12.4/jackson-jaxrs-xml-provider-2.12.4.jar
MD5: 8c2d3701d13137577dbbeedd16f54f91
SHA1: 33756ed83d16003cfc13431ecf576ccb1cc9185b
SHA256:a7f0a5305126cd4f36dc8ed7f4f2418ba1150f23c192f2d1950f8e50448e08ce
Referenced In Project/Scope: Simplicite Platform:compile
jackson-jaxrs-xml-provider-2.12.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

jackson-module-jaxb-annotations-2.12.4.jar

Description:

Support for using JAXB annotations as an alternative to "native" Jackson annotations, for configuring
data-binding.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/fasterxml/jackson/module/jackson-module-jaxb-annotations/2.12.4/jackson-module-jaxb-annotations-2.12.4.jar
MD5: 29ff9647ec16c8e897b29c380b7e87d7
SHA1: 5e43703aae1a9843dfd7df0a0ad6cbfedcaff67f
SHA256:7a6063c76ba26f14f18b808ad50955f87fa20d2a5225a1d8dc5add63ce234f75
Referenced In Project/Scope: Simplicite Platform:compile
jackson-module-jaxb-annotations-2.12.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

jackspeak:2.3.6

Description:

A very strict and proper argument parser.

License:

BlueOak-1.0.0
File Path: /var/simplicite/simplicite-5.2/package-lock.json?glob:10.3.3/jackspeak:^2.0.3

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/glob:10.3.10
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/glob:10.3.3

Identifiers

jai-imageio-core-1.4.0.jar

Description:

    Java Advanced Imaging Image I/O Tools API core, but without the classes 
    involved with javax.media.jai dependencies, JPEG2000 or 
    codecLibJIIO, meaning that this library can be distributed under the 
    modified BSD license and should be GPL compatible.

License:

BSD 3-clause License w/nuclear disclaimer: LICENSE.txt
File Path: /var/simplicite/.m2/repository/com/github/jai-imageio/jai-imageio-core/1.4.0/jai-imageio-core-1.4.0.jar
MD5: 6978d733bfb55c0a82639f724fe5f3bb
SHA1: fb6d79b929556362a241b2f65a04e538062f0077
SHA256:8ad3c68e9efffb10ac87ff8bc589adf64b04a729c5194c079efd0643607fd72a
Referenced In Project/Scope: Simplicite Platform:runtime
jai-imageio-core-1.4.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/dev.samstevens.totp/totp@1.7.1

Identifiers

jakarta.activation-2.0.1.jar

Description:

Jakarta Activation

License:

http://www.eclipse.org/org/documents/edl-v10.php
File Path: /var/simplicite/.m2/repository/com/sun/activation/jakarta.activation/2.0.1/jakarta.activation-2.0.1.jar
MD5: 39228ac67f033514a0ccb3360ac461f3
SHA1: 828b80e886a52bb09fe41ff410b10b342f533ce1
SHA256:b9e24b7dd6e07495562ea96531be3130c96dba4d78e1dfd88adbbdebf4332871
Referenced In Project/Scope: Simplicite Platform:compile
jakarta.activation-2.0.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

jakarta.mail-2.0.1.jar

Description:

Jakarta Mail API

License:

http://www.eclipse.org/legal/epl-2.0, https://www.gnu.org/software/classpath/license.html, http://www.eclipse.org/org/documents/edl-v10.php
File Path: /var/simplicite/.m2/repository/com/sun/mail/jakarta.mail/2.0.1/jakarta.mail-2.0.1.jar
MD5: 8885560796641719f1cc0c9ea17b8bee
SHA1: 96d3645f02a92bcc5e7ae1ff037151e44179f230
SHA256:8988bdbde922ee173db7179e23393dd2258f3b64f708f41082e03f0e0494cc23
Referenced In Project/Scope: Simplicite Platform:compile
jakarta.mail-2.0.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

jakarta.xml.bind-api-2.3.3.jar

Description:

Jakarta XML Binding API 2.3 Design Specification

License:

http://www.eclipse.org/org/documents/edl-v10.php
File Path: /var/simplicite/.m2/repository/jakarta/xml/bind/jakarta.xml.bind-api/2.3.3/jakarta.xml.bind-api-2.3.3.jar
MD5: 61286918ca0192e9f87d1358aef718dd
SHA1: 48e3b9cfc10752fba3521d6511f4165bea951801
SHA256:c04539f472e9a6dd0c7685ea82d677282269ab8e7baca2e14500e381e0c6cec5
Referenced In Project/Scope: Simplicite Platform:compile
jakarta.xml.bind-api-2.3.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.4

Identifiers

java-jwt-3.18.2.jar

Description:

Java implementation of JSON Web Token (JWT)

License:

The MIT License (MIT): https://raw.githubusercontent.com/auth0/java-jwt/master/LICENSE
File Path: /var/simplicite/.m2/repository/com/auth0/java-jwt/3.18.2/java-jwt-3.18.2.jar
MD5: 574622007c3a0184dd88fc84894142e0
SHA1: 089c1da37cd738d9c3c7176fbf1e291ff2a8b988
SHA256:b5cd12b6db70a39f8c3d688e6fac930bd32d9a7f5d0e584e8a554a3e42cbfbf1
Referenced In Project/Scope: Simplicite Platform:compile
java-jwt-3.18.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

java-saml-2.7.0.jar

File Path: /var/simplicite/.m2/repository/com/onelogin/java-saml/2.7.0/java-saml-2.7.0.jar
MD5: 9cc7410f00de4806a7654e40c91c9e29
SHA1: cf109ade576a9823f8c1237aa88b31a9b16c64f9
SHA256:e1da178c2f34f5ddba62a9f84dd2da6e994c27a88717af3a33761029f75904a8
Referenced In Project/Scope: Simplicite Platform:compile
java-saml-2.7.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

java-saml-core-2.7.0.jar

File Path: /var/simplicite/.m2/repository/com/onelogin/java-saml-core/2.7.0/java-saml-core-2.7.0.jar
MD5: 666fb08176b089416b8c7090897c1b37
SHA1: 942ab18d2e21dcba64eed4628c112860bef263a0
SHA256:efc4c25ffcf6a548a755e55b5324bd1f90fa7e3d01a70d458f97dc8eba380c81
Referenced In Project/Scope: Simplicite Platform:compile
java-saml-core-2.7.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.onelogin/java-saml@2.7.0

Identifiers

javase-3.4.0.jar

Description:

Java SE-specific extensions to core ZXing library

File Path: /var/simplicite/.m2/repository/com/google/zxing/javase/3.4.0/javase-3.4.0.jar
MD5: fd431a1d523512b68c4642a2a5fed474
SHA1: 8be20100f28515037a31cc0bbe557501c0538147
SHA256:7aeef746a544effcd9e499214d9f315e69c3a835e7c81abfb703be79f859a6d7
Referenced In Project/Scope: Simplicite Platform:compile
javase-3.4.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/dev.samstevens.totp/totp@1.7.1

Identifiers

javax.activation-api-1.2.0.jar

Description:

JavaBeans Activation Framework API jar

License:

https://github.com/javaee/activation/blob/master/LICENSE.txt
File Path: /var/simplicite/.m2/repository/javax/activation/javax.activation-api/1.2.0/javax.activation-api-1.2.0.jar
MD5: 5e50e56bcf4a3ef3bc758f69f7643c3b
SHA1: 85262acf3ca9816f9537ca47d5adeabaead7cb16
SHA256:43fdef0b5b6ceb31b0424b208b930c74ab58fac2ceeb7b3f6fd3aeb8b5ca4393
Referenced In Project/Scope: Simplicite Platform:compile
javax.activation-api-1.2.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

javax.annotation-api-1.3.2.jar

Description:

Common Annotations for the JavaTM Platform API

License:

CDDL + GPLv2 with classpath exception: https://github.com/javaee/javax.annotation/blob/master/LICENSE
File Path: /var/simplicite/.m2/repository/javax/annotation/javax.annotation-api/1.3.2/javax.annotation-api-1.3.2.jar
MD5: 2ab1973eefffaa2aeec47d50b9e40b9d
SHA1: 934c04d3cfef185a8008e7bf34331b79730a9d43
SHA256:e04ba5195bcd555dc95650f7cc614d151e4bcd52d29a10b8aa2197f3ab89ab9b
Referenced In Project/Scope: Simplicite Platform:provided
javax.annotation-api-1.3.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

javax.ejb-api-3.2.2.jar

Description:

Project GlassFish Enterprise JavaBean API

License:

CDDL + GPLv2 with classpath exception: https://oss.oracle.com/licenses/CDDL+GPL-1.1
File Path: /var/simplicite/.m2/repository/javax/ejb/javax.ejb-api/3.2.2/javax.ejb-api-3.2.2.jar
MD5: f7a1ffa8ec359720a01dd09f79f042c3
SHA1: 8921a3e3cb30fe5966531ad53902eef19303123b
SHA256:13ff874c58c32b649077dab6ab23bc93938610adc99e90d63933f6f074805b72
Referenced In Project/Scope: Simplicite Platform:provided
javax.ejb-api-3.2.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

javax.jms-api-2.0.1.jar

Description:

Java(TM) Message Service Specification

License:

CDDL + GPLv2 with classpath exception: https://glassfish.java.net/nonav/public/CDDL+GPL_1_1.html
File Path: /var/simplicite/.m2/repository/javax/jms/javax.jms-api/2.0.1/javax.jms-api-2.0.1.jar
MD5: d69d2e02910e97b2478c0105e9b2caab
SHA1: 5faaa3864ff6025ce69809b60d65bda3e358610c
SHA256:aa4a16fac46d949b17b32091036e4d1e3c812ef3b4bd184ec838efffb53ba4f8
Referenced In Project/Scope: Simplicite Platform:compile
javax.jms-api-2.0.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

javax.mail-api-1.6.2.jar

Description:

JavaMail API jar

License:

https://javaee.github.io/javamail/LICENSE
File Path: /var/simplicite/.m2/repository/javax/mail/javax.mail-api/1.6.2/javax.mail-api-1.6.2.jar
MD5: c1df29c4b85433bd2f378b06c323c2d3
SHA1: 17a8151bab44f9c94f34c10db70d95ba3c830eda
SHA256:17489addfc8d7b43afc7775072a56bbaadf32cfb1e9d39fb4b7ece890d6698f1
Referenced In Project/Scope: Simplicite Platform:compile
javax.mail-api-1.6.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

javax.servlet-api-4.0.1.jar

Description:

Java(TM) Servlet 4.0 API Design Specification

License:

CDDL + GPLv2 with classpath exception: https://oss.oracle.com/licenses/CDDL+GPL-1.1
File Path: /var/simplicite/.m2/repository/javax/servlet/javax.servlet-api/4.0.1/javax.servlet-api-4.0.1.jar
MD5: b80414033bf3397de334b95e892a2f44
SHA1: a27082684a2ff0bf397666c3943496c44541d1ca
SHA256:83a03dd877d3674576f0da7b90755c8524af099ccf0607fc61aa971535ad7c60
Referenced In Project/Scope: Simplicite Platform:provided
javax.servlet-api-4.0.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

javax.servlet.jsp-api-2.3.3.jar

Description:

Java.net - The Source for Java Technology Collaboration

License:

CDDL + GPLv2 with classpath exception: ://oss.oracle.com/licenses/CDDL+GPL-1.1
File Path: /var/simplicite/.m2/repository/javax/servlet/jsp/javax.servlet.jsp-api/2.3.3/javax.servlet.jsp-api-2.3.3.jar
MD5: f6676a5961328c41c5e722da5e48d047
SHA1: 81191ab80e342912dc9cea735c30ff4eddc64de3
SHA256:409a534d275ef0958a2c1692472da30e3706bfe6933d56c039376f53f13689b7
Referenced In Project/Scope: Simplicite Platform:provided
javax.servlet.jsp-api-2.3.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

javax.transaction-api-1.3.jar

Description:

Project GlassFish Java Transaction API

License:

CDDL + GPLv2 with classpath exception: https://github.com/javaee/javax.transaction/blob/master/LICENSE
File Path: /var/simplicite/.m2/repository/javax/transaction/javax.transaction-api/1.3/javax.transaction-api-1.3.jar
MD5: 6e9cb1684621821248b6823143ae26c0
SHA1: e006adf5cf3cca2181d16bd640ecb80148ec0fce
SHA256:603df5e4fc1eeae8f5e5d363a8be6c1fa47d0df1df8739a05cbcb9fafd6df2da
Referenced In Project/Scope: Simplicite Platform:provided
javax.transaction-api-1.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

javax.websocket-api-1.1.jar

Description:

JSR 356: Java API for WebSocket

License:

https://glassfish.java.net/public/CDDL+GPL_1_1.html
File Path: /var/simplicite/.m2/repository/javax/websocket/javax.websocket-api/1.1/javax.websocket-api-1.1.jar
MD5: be29e11a4a15742aa6fb418fa46345e3
SHA1: eeeb68631711256418dfbb47b11c731b6c8f6235
SHA256:a260973517bf6411d659b588a719aa27e7e4e47dfbd510fceb5bf1023a2c45e4
Referenced In Project/Scope: Simplicite Platform:provided
javax.websocket-api-1.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

javax.ws.rs-api-2.0.1.jar

Description:

Java API for RESTful Web Services (JAX-RS)

License:

CDDL 1.1: http://glassfish.java.net/public/CDDL+GPL_1_1.html
GPL2 w/ CPE: http://glassfish.java.net/public/CDDL+GPL_1_1.html
File Path: /var/simplicite/.m2/repository/javax/ws/rs/javax.ws.rs-api/2.0.1/javax.ws.rs-api-2.0.1.jar
MD5: edcd111cf4d3ba8ac8e1f326efc37a17
SHA1: 104e9c2b5583cfcfeac0402316221648d6d8ea6b
SHA256:38607d626f2288d8fbc1b1f8a62c369e63806d9a313ac7cbc5f9d6c94f4b466d
Referenced In Project/Scope: Simplicite Platform:compile
javax.ws.rs-api-2.0.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

jawk-1.02.jar

Description:

POM was created from install:install-file

File Path: /var/simplicite/.m2/repository/org/jawk/jawk/1.02/jawk-1.02.jar
MD5: cd04ea3460d71a03ca5f4232c9ee5f0c
SHA1: 7bdd8bb1a1b9adff9b471cc041cba83ef3a2abe6
SHA256:2773c7f47b2ee8f483d6cb30f799c31f81645d23f49910e58ef4cccb2ffe1c7b
Referenced In Project/Scope: Simplicite Platform:compile
jawk-1.02.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

jaxb-api-2.3.1.jar

Description:

JAXB (JSR 222) API

License:

https://oss.oracle.com/licenses/CDDL+GPL-1.1, https://oss.oracle.com/licenses/CDDL+GPL-1.1
File Path: /var/simplicite/.m2/repository/javax/xml/bind/jaxb-api/2.3.1/jaxb-api-2.3.1.jar
MD5: bcf270d320f645ad19f5edb60091e87f
SHA1: 8531ad5ac454cc2deb9d4d32c40c4d7451939b5d
SHA256:88b955a0df57880a26a74708bc34f74dcaf8ebf4e78843a28b50eae945732b06
Referenced In Project/Scope: Simplicite Platform:compile
jaxb-api-2.3.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

jaxb-xjc-2.3.4.jar

Description:

        JAXB Binding Compiler. Contains source code needed for binding customization files into java sources.
        In other words: the *tool* to generate java classes for the given xml representation.

File Path: /var/simplicite/.m2/repository/org/glassfish/jaxb/jaxb-xjc/2.3.4/jaxb-xjc-2.3.4.jar
MD5: 3dbfc9f439c82f35f5fa2e4e5ba46d1d
SHA1: 2ffd30b67f304df5bd440048469e63be4ab45be5
SHA256:e03c5df079afb7366e8b7d4bf159898e7f646fbe77cd6e3486a51b1113877713
Referenced In Project/Scope: Simplicite Platform:compile
jaxb-xjc-2.3.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

jbig2-imageio-3.0.3.jar

Description:

	Java Image I/O plugin for reading JBIG2-compressed image data. 
	Formerly known as the levigo JBig2 ImageIO plugin (com.levigo.jbig2:levigo-jbig2-imageio).

File Path: /var/simplicite/.m2/repository/org/apache/pdfbox/jbig2-imageio/3.0.3/jbig2-imageio-3.0.3.jar
MD5: 3c19c78788d7669c1caf2ee8ccb84a54
SHA1: 1719861ff0b86162c5b391fb4d1084c05ff72b35
SHA256:c80110fda57128563d3d0656bff78da8bf35a934cf54edfa10e8b76fc6389929
Referenced In Project/Scope: Simplicite Platform:compile
jbig2-imageio-3.0.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

jcl-over-slf4j-1.7.32.jar

Description:

JCL 1.2 implemented over SLF4J

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/slf4j/jcl-over-slf4j/1.7.32/jcl-over-slf4j-1.7.32.jar
MD5: 8788169f5d5be6550efc75d3bfffc82c
SHA1: 32c060250bcc5282cdbc1fd7008c12eb4ebad00e
SHA256:60f3bda5922e3912889cca1311d1b227753610bf60cb4e5e914e8b2eaa0326b4
Referenced In Project/Scope: Simplicite Platform:compile
jcl-over-slf4j-1.7.32.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

jcommander-1.72.jar

Description:

Command line parsing

License:

Apache 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: /var/simplicite/.m2/repository/com/beust/jcommander/1.72/jcommander-1.72.jar
MD5: 9fde6bc0ba1032eceb7267fd1ad1657b
SHA1: 6375e521c1e11d6563d4f25a07ce124ccf8cd171
SHA256:e0de160b129b2414087e01fe845609cd55caec6820cfd4d0c90fabcc7bdb8c1e
Referenced In Project/Scope: Simplicite Platform:compile
jcommander-1.72.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/dev.samstevens.totp/totp@1.7.1

Identifiers

jedis-3.7.0.jar

Description:

Jedis is a blazingly small and sane Redis java client.

License:

MIT: http://github.com/redis/jedis/raw/master/LICENSE.txt
File Path: /var/simplicite/.m2/repository/redis/clients/jedis/3.7.0/jedis-3.7.0.jar
MD5: 6d0cb033af256883dae5a54832ae299a
SHA1: ef74361bcfec4fdcc63e0141ff744d1774ad809b
SHA256:2bfa2cc3ef6ae1ca14a1d51a5e5f31ab7aeede7da5f1c6fd198a992b27ba9aab
Referenced In Project/Scope: Simplicite Platform:compile
jedis-3.7.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

jfreechart-1.5.3.jar

Description:

        JFreeChart is a class library, written in Java, for generating charts. 
        Utilising the Java2D API, it supports a wide range of chart types including
        bar charts, pie charts, line charts, XY-plots, time series plots, Sankey charts
        and more.

License:

GNU Lesser General Public Licence: http://www.gnu.org/licenses/lgpl.txt
File Path: /var/simplicite/.m2/repository/org/jfree/jfreechart/1.5.3/jfreechart-1.5.3.jar
MD5: b4e3884a30da4b8a36ef4e5ba03f23e2
SHA1: 26c6d7143d8a905a54c7e2296cea6ce4c5ecb417
SHA256:23bd63ece2284d6578ed51f336cd33681c53f817e4595a705690922a3c0f0f44
Referenced In Project/Scope: Simplicite Platform:compile
jfreechart-1.5.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

jju:1.4.0

Description:

a set of utilities to work with JSON / JSON5 documents

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?json-parse-helpfulerror:1.0.3/jju:^1.1.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/json-parse-helpfulerror:1.0.3
  • simplicite-js:5.2.54

Identifiers

jlessc-1.10.jar

Description:

A Less CSS compiler written completely in Java (pure Java).

License:

MIT License: http://www.opensource.org/licenses/mit-license.php
File Path: /var/simplicite/.m2/repository/de/inetsoftware/jlessc/1.10/jlessc-1.10.jar
MD5: bd2d9f6be54058c2e109ebdbce16b3d8
SHA1: be040c43e8d0b032e58706646bdf44e7e4062ec7
SHA256:7d2012d7ca2f529843dcc9db701e3e59d0cbf590fd48c8a6153d2bfa6968018e
Referenced In Project/Scope: Simplicite Platform:compile
jlessc-1.10.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

jlessc-ant-1.10.jar

Description:

Simple Apache Ant task for JLessC

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/simplicite/ant/jlessc-ant/1.10/jlessc-ant-1.10.jar
MD5: face16e0be54ff562cef7ba12707377f
SHA1: 58e69a229c0390095331edf520c4d547700d18a1
SHA256:094c7c03c77c421e5f6fe750ab11f4162e75487862038dc19b2342e7ebeb56c7
Referenced In Project/Scope: Simplicite Platform:compile
jlessc-ant-1.10.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

jmustache-1.15.jar

Description:

A Java implementation of the Mustache templating language.

License:

The (New) BSD License: http://www.opensource.org/licenses/bsd-license.php
File Path: /var/simplicite/.m2/repository/com/samskivert/jmustache/1.15/jmustache-1.15.jar
MD5: 0b166350b8b372d5caae4f0b692e016f
SHA1: 7b3b15951d13b774c76db2f4e14d977952f8b4d8
SHA256:1aeb96b9dc17bc29540b8c3342e8e91ee974d5c604165ecd469dd76b041c250c
Referenced In Project/Scope: Simplicite Platform:compile
jmustache-1.15.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

joda-time-2.10.10.jar

Description:

Date and time library to replace JDK date handling

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/joda-time/joda-time/2.10.10/joda-time-2.10.10.jar
MD5: c2a46de8a73ec7b60011429561ae72e3
SHA1: 29e8126e31f41e5c12b9fe3a7eb02e704c47d70b
SHA256:dd8e7c92185a678d1b7b933f31209b6203c8ffa91e9880475a1be0346b9617e3
Referenced In Project/Scope: Simplicite Platform:compile
joda-time-2.10.10.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

jose4j-0.7.11.jar

Description:

     The jose.4.j library is a robust and easy to use open source implementation of JSON Web Token (JWT) and the JOSE specification suite (JWS, JWE, and JWK).
     It is written in Java and relies solely on the JCA APIs for cryptography.
     Please see https://bitbucket.org/b_c/jose4j/wiki/Home for more info, examples, etc..

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/bitbucket/b_c/jose4j/0.7.11/jose4j-0.7.11.jar
MD5: b0adec9404696821b8eeec8158840a85
SHA1: 2fbe1070816cc5a2e4d010d45cfc3fc921ad36fd
SHA256:383af3e38fd2f21104c0f9a09b11dececd6fb320766d1c796902375b60492bcd
Referenced In Project/Scope: Simplicite Platform:compile
jose4j-0.7.11.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

CVE-2023-51775 (OSSINDEX)  

The jose4j component before 0.9.4 for Java allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.

Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2023-51775 for details
CWE-400 Uncontrolled Resource Consumption

CVSSv2:
  • Base Score: HIGH (8.6)
  • Vector: /AV:N/AC:L/Au:/C:N/I:N/A:H

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.bitbucket.b_c:jose4j:0.7.11:*:*:*:*:*:*:*

CVE-2023-31582  

jose4j before v0.9.3 allows attackers to set a low iteration count of 1000 or less.
CWE-331 Insufficient Entropy

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

Vulnerable Software & Versions:

jquery:3.6.0

Description:

JavaScript library for DOM operations

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/jquery:3.6.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/bootbox:5.5.2
  • simplicite-js:5.2.54

Identifiers

js-beautify:1.14.0

Description:

beautifier.io for node

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/js-beautify:1.14.0

Referenced In Project/Scope: simplicite-js:5.2.54

Identifiers

js-tokens:4.0.0

Description:

A regex that tokenizes JavaScript.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/js-tokens:4.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/loose-envify:1.4.0
  • simplicite-js:5.2.54/@babel/highlight:7.23.4
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/highlight-es:1.0.3

Identifiers

js-yaml:3.14.1

Description:

YAML 1.2 parser and serializer

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/js-yaml:3.14.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/load-yaml-file:0.2.0
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/depcheck:1.4.3

Identifiers

js-yaml:4.1.0

Description:

YAML 1.2 parser and serializer

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?rc-config-loader:4.1.3/js-yaml:^4.1.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/rc-config-loader:4.1.3
  • simplicite-js:5.2.54/eslint:8.56.0
  • simplicite-js:5.2.54/@eslint/eslintrc:2.1.4
  • simplicite-js:5.2.54/npm-check-updates:16.14.14
  • simplicite-js:5.2.54

Identifiers

js2xmlparser:4.0.2

Description:

Parses JavaScript objects into XML

License:

Apache-2.0
File Path: /var/simplicite/simplicite-5.2/package-lock.json?jsdoc:4.0.2/js2xmlparser:^4.0.2

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/jsdoc:4.0.2
  • simplicite-js:5.2.54

Identifiers

jsdoc-type-pratt-parser:4.0.0

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/jsdoc-type-pratt-parser:4.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/@es-joy/jsdoccomment:0.41.0

Identifiers

jsdoc:4.0.2

Description:

An API documentation generator for JavaScript.

License:

Apache-2.0
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/jsdoc:4.0.2

Referenced In Project/Scope: simplicite-js:5.2.54

Identifiers

jsesc:0.5.0

Description:

A JavaScript library for escaping JavaScript strings while generating the shortest possible valid output.

File Path: /var/simplicite/simplicite-5.2/package-lock.json?/jsesc:0.5.0

Referenced In Projects/Scopes:

  • simplicite-js:5.2.54/regjsparser:0.9.1
  • simplicite-js:5.2.54

Identifiers

jsesc:2.5.2

Description:

Given some data, jsesc returns the shortest possible stringified & ASCII-safe representation of that data.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/jsesc:2.5.2

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/generator:7.23.6
  • simplicite-js:5.2.54

Identifiers

jshint:2.13.1

Description:

Static analysis tool for JavaScript

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/jshint:2.13.1

Referenced In Project/Scope: simplicite-js:5.2.54

Identifiers

json-20211205.jar

Description:

        JSON is a light-weight, language independent, data interchange format.
        See http://www.JSON.org/

        The files in this package implement JSON encoders/decoders in Java.
        It also includes the capability to convert between JSON and XML, HTTP
        headers, Cookies, and CDL.

        This is a reference implementation. There is a large number of JSON packages
        in Java. Perhaps someday the Java community will standardize on one. Until
        then, choose carefully.

        The license includes this restriction: "The software shall be used for good,
        not evil." If your conscience cannot live with that, then choose a different
        package.

License:

The JSON License: http://json.org/license.html
File Path: /var/simplicite/.m2/repository/org/json/json/20211205/json-20211205.jar
MD5: 2aa4313aaabdcf89e1847d5bf6d3535f
SHA1: 47032dcf2f69880f07dab3dc60b4b0ad97318308
SHA256:7f38d61fbb7e2afdc31c6be865720ee4fc8a0c3c14fac4f3ec47fd3deb3939c6
Referenced In Project/Scope: Simplicite Platform:compile
json-20211205.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

CVE-2022-45688  

A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data.
CWE-787 Out-of-bounds Write

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2023-5072  

Denial of Service  in JSON-Java versions up to and including 20230618.  A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used. 
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

json-buffer:3.0.1

Description:

JSON parse & stringify that supports binary via bops & base64

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?keyv:4.5.2/json-buffer:3.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/keyv:4.5.2
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/keyv:3.1.0

Identifiers

json-parse-even-better-errors:2.3.1

Description:

JSON.parse with context information on error

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?parse-json:5.2.0/json-parse-even-better-errors:^2.3.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/parse-json:5.2.0

Identifiers

json-parse-even-better-errors:3.0.0

Description:

JSON.parse with context information on error

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/json-parse-even-better-errors:3.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/read-package-json:6.0.4
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/read-package-json-fast:3.0.2

Identifiers

json-parse-helpfulerror:1.0.3

Description:

A drop-in replacement for JSON.parse that uses `jju` to give helpful errors

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?npm-check-updates:16.14.14/json-parse-helpfulerror:^1.0.3

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/npm-check-updates:16.14.14
  • simplicite-js:5.2.54

Identifiers

json-schema-traverse:0.4.1

Description:

Traverse JSON Schema passing each schema object to callback

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/json-schema-traverse:0.4.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/ajv:8.12.0
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/ajv:6.12.6

Identifiers

json-schema-traverse:1.0.0

Description:

Traverse JSON Schema passing each schema object to callback

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/json-schema-traverse:1.0.0

Referenced In Project/Scope: simplicite-js:5.2.54

Identifiers

json-simple-1.1.1.jar

Description:

A simple Java toolkit for JSON

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/googlecode/json-simple/json-simple/1.1.1/json-simple-1.1.1.jar
MD5: 5cc2c478d73e8454b4c369cee66c5bc7
SHA1: c9ad4a0850ab676c5c64461a05ca524cdfff59f1
SHA256:4e69696892b88b41c55d49ab2fdcc21eead92bf54acc588c0050596c3b75199c
Referenced In Project/Scope: Simplicite Platform:compile
json-simple-1.1.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

json-stable-stringify-without-jsonify:1.0.1

Description:

deterministic JSON.stringify() with custom sorting to get deterministic hashes from stringified results, with no public domain dependencies

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/json-stable-stringify-without-jsonify:1.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/eslint:8.56.0
  • simplicite-js:5.2.54

Identifiers

json5:2.2.3

Description:

JSON for Humans

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?rc-config-loader:4.1.3/json5:^2.2.2

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/rc-config-loader:4.1.3
  • simplicite-js:5.2.54/@babel/core:7.23.9
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/depcheck:1.4.3

Identifiers

jsonfile:4.0.0

Description:

Easily read/write JSON files.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/jsonfile:4.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/fs-extra:8.1.0
  • simplicite-js:5.2.54

Identifiers

jsonlines:0.1.1

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?npm-check-updates:16.14.14/jsonlines:^0.1.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/npm-check-updates:16.14.14
  • simplicite-js:5.2.54

Identifiers

jsonparse:1.3.1

Description:

This is a pure-js JSON streaming parser for node.js

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?minipass-json-stream:1.0.1/jsonparse:^1.3.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/minipass-json-stream:1.0.1
  • simplicite-js:5.2.54

Identifiers

jsoup-1.14.3.jar

Description:

jsoup is a Java library for working with real-world HTML. It provides a very convenient API for fetching URLs and extracting and manipulating data, using the best of HTML5 DOM methods and CSS selectors. jsoup implements the WHATWG HTML5 specification, and parses HTML to the same DOM as modern browsers do.

License:

The MIT License: https://jsoup.org/license
File Path: /var/simplicite/.m2/repository/org/jsoup/jsoup/1.14.3/jsoup-1.14.3.jar
MD5: 079f92557fa3577329d498aee5cc25ee
SHA1: c43a81e18e6d0eb71951aa031d55d5c293c531a6
SHA256:92af19ec57cc77637db4490f0f5011f0444d353209ce36083bac428f9b81a39c
Referenced In Project/Scope: Simplicite Platform:compile
jsoup-1.14.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

CVE-2022-36033  

jsoup is a Java HTML parser, built for HTML editing, cleaning, scraping, and cross-site scripting (XSS) safety. jsoup may incorrectly sanitize HTML including `javascript:` URL expressions, which could allow XSS attacks when a reader subsequently clicks that link. If the non-default `SafeList.preserveRelativeLinks` option is enabled, HTML including `javascript:` URLs that have been crafted with control characters will not be sanitized. If the site that this HTML is published on does not set a Content Security Policy, an XSS attack is then possible. This issue is patched in jsoup 1.15.3. Users should upgrade to this version. Additionally, as the unsanitized input may have been persisted, old content should be cleaned again using the updated version. To remediate this issue without immediately upgrading: - disable `SafeList.preserveRelativeLinks`, which will rewrite input URLs as absolute URLs - ensure an appropriate [Content Security Policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP) is defined. (This should be used regardless of upgrading, as a defence-in-depth best practice.)
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions: (show all)

jsr305-3.0.2.jar

Description:

JSR305 Annotations for Findbugs

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar
MD5: dd83accb899363c32b07d7a1b2e4ce40
SHA1: 25ea2e8b0c338a877313bd4672d3fe056ea78f0d
SHA256:766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7
Referenced In Project/Scope: Simplicite Platform:compile
jsr305-3.0.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.google.guava/guava@30.1.1-jre

Identifiers

jszip-utils:0.1.0

Description:

A collection of cross-browser utilities to go along with JSZip.

License:

(MIT OR GPL-3.0)
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/jszip-utils:0.1.0

Referenced In Project/Scope: simplicite-js:5.2.54

Identifiers

jszip:3.7.1

Description:

Create, read and edit .zip files with JavaScript http://stuartk.com/jszip

License:

(MIT OR GPL-3.0-or-later)
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/jszip:3.7.1

Referenced In Project/Scope: simplicite-js:5.2.54

Identifiers

CVE-2022-48285  

loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive.
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv3:
  • Base Score: HIGH (7.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

References:

Vulnerable Software & Versions:

GHSA-36fh-84j7-cv5h (NPM)  

loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive.
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv3:
  • Base Score: HIGH (7.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Unscored:
  • Severity: high

References:

Vulnerable Software & Versions (NPM):

  • cpe:2.3:a:*:jszip:\<3.8.0:*:*:*:*:*:*:*

jtidy-r938.jar

Description:

    JTidy is a Java port of HTML Tidy, a HTML syntax checker and pretty printer. Like its non-Java cousin, JTidy can be
    used as a tool for cleaning up malformed and faulty HTML. In addition, JTidy provides a DOM interface to the
    document that is being processed, which effectively makes you able to use JTidy as a DOM parser for real-world HTML.

License:

Java HTML Tidy License: http://jtidy.svn.sourceforge.net/viewvc/jtidy/trunk/jtidy/LICENSE.txt?revision=95
File Path: /var/simplicite/.m2/repository/net/sf/jtidy/jtidy/r938/jtidy-r938.jar
MD5: 6a9121561b8f98c0a8fb9b6e57f50e6b
SHA1: ab08d87a225a715a69107732b67f21e1da930349
SHA256:6fc03e51e73fa884f06e7eae0761e045e56fdeb4e146a4d952e3023cc9e3fb43
Referenced In Project/Scope: Simplicite Platform:compile
jtidy-r938.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

CVE-2023-34623  

An issue was discovered jtidy thru r938 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.
CWE-787 Out-of-bounds Write

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

jul-to-slf4j-1.7.32.jar

Description:

JUL to SLF4J bridge

File Path: /var/simplicite/.m2/repository/org/slf4j/jul-to-slf4j/1.7.32/jul-to-slf4j-1.7.32.jar
MD5: cf36bbee73d82b6b96a6414ef9f54df1
SHA1: 8a055c04ab44e8e8326901cadf89080721348bdb
SHA256:6dee8d85ad6943aff0600f14897c469e64bae0413ee33a15c448af00432c0642
Referenced In Project/Scope: Simplicite Platform:compile
jul-to-slf4j-1.7.32.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

junit-4.13.2.jar

Description:

JUnit is a unit testing framework for Java, created by Erich Gamma and Kent Beck.

License:

Eclipse Public License 1.0: http://www.eclipse.org/legal/epl-v10.html
File Path: /var/simplicite/.m2/repository/junit/junit/4.13.2/junit-4.13.2.jar
MD5: d98a9a02a99a9acd22d7653cbcc1f31f
SHA1: 8ac9e16d933b6fb43bc7f576336b8f4d7eb5ba12
SHA256:8e495b634469d64fb8acfa3495a065cbacc8a0fff55ce1e31007be4c16dc57d3
Referenced In Project/Scope: Simplicite Platform:compile
junit-4.13.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

kafka-clients-3.3.1.jar

License:

The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/kafka/kafka-clients/3.3.1/kafka-clients-3.3.1.jar
MD5: 989cbfe5c4adcc81966a682bdb306925
SHA1: aea4008ab34761ef8057b13cce6d0ec767397406
SHA256:39d06474e22c6c8f5bd1d67c69a56e43dfb6a21605454c6e7d705c65aafe118c
Referenced In Project/Scope: Simplicite Platform:compile
kafka-clients-3.3.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

CVE-2023-25194 (OSSINDEX)  

A possible security vulnerability has been identified in Apache Kafka Connect API.
This requires access to a Kafka Connect worker, and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS config
and a SASL-based security protocol, which has been possible on Kafka Connect clusters since Apache Kafka Connect 2.3.0.
When configuring the connector via the Kafka Connect REST API, an authenticated operator can set the `sasl.jaas.config`
property for any of the connector's Kafka clients to "com.sun.security.auth.module.JndiLoginModule", which can be done via the
`producer.override.sasl.jaas.config`, `consumer.override.sasl.jaas.config`, or `admin.override.sasl.jaas.config` properties.
This will allow the server to connect to the attacker's LDAP server
and deserialize the LDAP response, which the attacker can use to execute java deserialization gadget chains on the Kafka connect server.
Attacker can cause unrestricted deserialization of untrusted data (or) RCE vulnerability when there are gadgets in the classpath.

Since Apache Kafka 3.0.0, users are allowed to specify these properties in connector configurations for Kafka Connect clusters running with out-of-the-box
configurations. Before Apache Kafka 3.0.0, users may not specify these properties unless the Kafka Connect cluster has been reconfigured with a connector
client override policy that permits them.

Since Apache Kafka 3.4.0, we have added a system property ("-Dorg.apache.kafka.disallowed.login.modules") to disable the problematic login modules usage
in SASL JAAS configuration. Also by default "com.sun.security.auth.module.JndiLoginModule" is disabled in Apache Kafka Connect 3.4.0. 

We advise the Kafka Connect users to validate connector configurations and only allow trusted JNDI configurations. Also examine connector dependencies for 
vulnerable versions and either upgrade their connectors, upgrading that specific dependency, or removing the connectors as options for remediation. Finally,
in addition to leveraging the "org.apache.kafka.disallowed.login.modules" system property, Kafka Connect users can also implement their own connector
client config override policy, which can be used to control which Kafka client properties can be overridden directly in a connector config and which cannot.


Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2023-25194 for details
CWE-502 Deserialization of Untrusted Data

CVSSv2:
  • Base Score: HIGH (8.8)
  • Vector: /AV:N/AC:L/Au:/C:H/I:H/A:H

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.apache.kafka:kafka-clients:3.3.1:*:*:*:*:*:*:*

keyv:3.1.0

Description:

Simple key-value storage with support for multiple backends

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/keyv:3.1.0

Referenced In Project/Scope: simplicite-js:5.2.54

Identifiers

keyv:4.5.2

Description:

Simple key-value storage with support for multiple backends

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/keyv:4.5.2

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/cacheable-request:6.1.0
  • simplicite-js:5.2.54/cacheable-request:10.2.12
  • simplicite-js:5.2.54

Identifiers

kind-of:6.0.3

Description:

Get the native type of a value.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?shallow-clone:3.0.1/kind-of:^6.0.2

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/shallow-clone:3.0.1
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/global-prefix:3.0.0
  • simplicite-js:5.2.54/minimist-options:4.1.0
  • simplicite-js:5.2.54/clone-deep:4.0.1

Identifiers

klaw:3.0.0

Description:

File system walker with Readable stream interface.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/klaw:3.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/jsdoc:4.0.2
  • simplicite-js:5.2.54

Identifiers

kleur:4.1.5

Description:

The fastest Node.js library for formatting terminal text with ANSI colors~!

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?prompts-ncu:3.0.0/kleur:^4.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/prompts-ncu:3.0.0
  • simplicite-js:5.2.54

Identifiers

known-css-properties:0.26.0

Description:

List of known CSS properties

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?stylelint:14.16.1/known-css-properties:^0.26.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/stylelint:14.16.1
  • simplicite-js:5.2.54

Identifiers

latest-version:5.1.0

Description:

Get the latest version of an npm package

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?update-notifier:4.1.3/latest-version:^5.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/update-notifier:6.0.2
  • simplicite-js:5.2.54/update-notifier:4.1.3
  • simplicite-js:5.2.54/update-notifier:5.1.0
  • simplicite-js:5.2.54

Identifiers

leaflet:1.7.1

Description:

JavaScript library for mobile-friendly interactive maps

License:

BSD-2-Clause
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/leaflet:1.7.1

Referenced In Project/Scope: simplicite-js:5.2.54

Identifiers

levn:0.4.1

Description:

Light ECMAScript (JavaScript) Value Notation - human written, concise, typed, flexible

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?optionator:0.9.3/levn:^0.4.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/eslint:8.56.0
  • simplicite-js:5.2.54/optionator:0.9.3
  • simplicite-js:5.2.54

Identifiers

libphonenumber-8.12.32.jar

Description:

Google's common Java library for parsing, formatting, storing and validating international phone numbers.    Optimized for running on smartphones.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/googlecode/libphonenumber/libphonenumber/8.12.32/libphonenumber-8.12.32.jar
MD5: 025cea7bdc6d512192f8234da02396ab
SHA1: 6e06d91dcb36eb8ba01a0fab97fc6d1da699b69a
SHA256:f6dfafdfe54c3d13d9e19a55105a85e4bf783efd3a84046a1de9885c2f921874
Referenced In Project/Scope: Simplicite Platform:compile
libphonenumber-8.12.32.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

license-report:6.5.0

Description:

creates a short report about project's dependencies (license, url etc)

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/license-report:6.5.0

Referenced In Project/Scope: simplicite-js:5.2.54

Identifiers

lie:3.3.0

Description:

A basic but performant promise implementation

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/lie:3.3.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/jszip:3.7.1

Identifiers

lines-and-columns:1.2.4

Description:

Maps lines and columns to character offsets and back.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?parse-json:5.2.0/lines-and-columns:^1.1.6

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/parse-json:5.2.0

Identifiers

linkify-it:3.0.3

Description:

Links recognition library with FULL unicode support

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?markdown-it:12.3.2/linkify-it:^3.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/markdown-it:12.3.2

Identifiers

listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar

Description:

    An empty artifact that Guava depends on to signal that it is providing
    ListenableFuture -- but is also available in a second "version" that
    contains com.google.common.util.concurrent.ListenableFuture class, without
    any other Guava classes. The idea is:

    - If users want only ListenableFuture, they depend on listenablefuture-1.0.

    - If users want all of Guava, they depend on guava, which, as of Guava
    27.0, depends on
    listenablefuture-9999.0-empty-to-avoid-conflict-with-guava. The 9999.0-...
    version number is enough for some build systems (notably, Gradle) to select
    that empty artifact over the "real" listenablefuture-1.0 -- avoiding a
    conflict with the copy of ListenableFuture in guava itself. If users are
    using an older version of Guava or a build system other than Gradle, they
    may see class conflicts. If so, they can solve them by manually excluding
    the listenablefuture artifact or manually forcing their build systems to
    use 9999.0-....

File Path: /var/simplicite/.m2/repository/com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar
MD5: d094c22570d65e132c19cea5d352e381
SHA1: b421526c5f297295adef1c886e5246c39d4ac629
SHA256:b372a037d4230aa57fbeffdef30fd6123f9c0c2db85d0aced00c91b974f33f99
Referenced In Project/Scope: Simplicite Platform:compile
listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.google.guava/guava@30.1.1-jre

Identifiers

load-yaml-file:0.2.0

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?which-pm:2.0.0/load-yaml-file:^0.2.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/which-pm:2.0.0
  • simplicite-js:5.2.54

Identifiers

locate-path:3.0.0

Description:

Get the first path that exists on disk of multiple paths

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/locate-path:3.0.0

Referenced In Project/Scope: simplicite-js:5.2.54

Identifiers

locate-path:5.0.0

Description:

Get the first path that exists on disk of multiple paths

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/locate-path:5.0.0

Referenced In Project/Scope: simplicite-js:5.2.54

Identifiers

locate-path:6.0.0

Description:

Get the first path that exists on disk of multiple paths

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/locate-path:6.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/find-up:4.1.0
  • simplicite-js:5.2.54/find-up:3.0.0
  • simplicite-js:5.2.54/find-up:5.0.0
  • simplicite-js:5.2.54

Identifiers

lodash.debounce:4.0.8

Description:

The lodash method `_.debounce` exported as a module.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/lodash.debounce:4.0.8

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/helper-define-polyfill-provider:0.5.0
  • simplicite-js:5.2.54

Identifiers

lodash.merge:4.6.2

Description:

The Lodash method `_.merge` exported as a module.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/lodash.merge:4.6.2

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/eslint:8.56.0
  • simplicite-js:5.2.54

Identifiers

lodash.truncate:4.4.2

Description:

The lodash method `_.truncate` exported as a module.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?table:6.8.1/lodash.truncate:^4.4.2

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/table:6.8.1
  • simplicite-js:5.2.54

Identifiers

lodash:4.17.21

Description:

Lodash modular utilities.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?scss-parser:1.0.6/lodash:4.17.21

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/npm-check:6.0.1
  • simplicite-js:5.2.54/node-emoji:1.11.0
  • simplicite-js:5.2.54/catharsis:0.9.0
  • simplicite-js:5.2.54/jshint:2.13.1
  • simplicite-js:5.2.54/callsite-record:4.1.5
  • simplicite-js:5.2.54/scss-parser:1.0.6
  • simplicite-js:5.2.54/@jsdoc/salty:0.2.5
  • simplicite-js:5.2.54/npm-check-updates:16.14.14
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/query-ast:1.0.5
  • simplicite-js:5.2.54/depcheck:1.4.3
  • simplicite-js:5.2.54/inquirer:7.3.3
  • simplicite-js:5.2.54/requizzle:0.2.4

Identifiers

log-symbols:4.1.0

Description:

Colored symbols for various log levels. Example: `✔︎ Success`

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?ora:5.4.1/log-symbols:^4.1.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/ora:5.4.1
  • simplicite-js:5.2.54

Identifiers

log4j-core-2.19.0.jar

Description:

The Apache Log4j Implementation

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/logging/log4j/log4j-core/2.19.0/log4j-core-2.19.0.jar
MD5: b7f521926226a16531f8e212b1da1ffd
SHA1: 3b6eeb4de4c49c0fe38a4ee27188ff5fee44d0bb
SHA256:b4a1796fab7bfc36df015c1b4052459147997e8d215a7199d71d05f9e747e4f4
Referenced In Project/Scope: Simplicite Platform:compile
log4j-core-2.19.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

log4j-slf4j-impl-2.19.0.jar

Description:

The Apache Log4j SLF4J API binding to Log4j 2 Core

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/logging/log4j/log4j-slf4j-impl/2.19.0/log4j-slf4j-impl-2.19.0.jar
MD5: fa576fa465880e374c504d21b4481f47
SHA1: 1a0c9615ba9fd5b96db8c1136afbef4394286e93
SHA256:015d5c229f3cd5c0ebf175c1da08d596d94043362ae9d92637d88848c90537c8
Referenced In Project/Scope: Simplicite Platform:compile
log4j-slf4j-impl-2.19.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

loose-envify:1.4.0

Description:

Fast (and loose) selective `process.env` replacer using js-tokens instead of an AST

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/loose-envify:1.4.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/invariant:2.2.4

Identifiers

lower-case:2.0.2

Description:

Transforms the string to lower case

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?no-case:3.0.4/lower-case:^2.0.2

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/no-case:3.0.4
  • simplicite-js:5.2.54

Identifiers

lowercase-keys:2.0.0

Description:

Lowercase the keys of an object

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/lowercase-keys:2.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/cacheable-request:6.1.0
  • simplicite-js:5.2.54

Identifiers

lowercase-keys:3.0.0

Description:

Lowercase the keys of an object

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?responselike:3.0.0/lowercase-keys:^3.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/responselike:1.0.2
  • simplicite-js:5.2.54/got:12.6.1
  • simplicite-js:5.2.54/responselike:3.0.0
  • simplicite-js:5.2.54/got:9.6.0
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/got:13.0.0

Identifiers

lru-cache:10.0.0

Description:

A cache object that deletes the least-recently-used items.

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/lru-cache:10.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/path-scurry:1.10.1

Identifiers

lru-cache:4.1.5

Description:

A cache object that deletes the least-recently-used items.

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/lru-cache:4.1.5

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/editorconfig:0.15.3
  • simplicite-js:5.2.54

Identifiers

lru-cache:5.1.1

Description:

A cache object that deletes the least-recently-used items.

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/lru-cache:5.1.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/helper-compilation-targets:7.23.6
  • simplicite-js:5.2.54/make-fetch-happen:11.1.1
  • simplicite-js:5.2.54/hosted-git-info:4.1.0
  • simplicite-js:5.2.54/hosted-git-info:5.2.1
  • simplicite-js:5.2.54/cacache:17.1.3
  • simplicite-js:5.2.54/semver:7.5.4
  • simplicite-js:5.2.54/hosted-git-info:6.1.1
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/semver:7.5.3
  • simplicite-js:5.2.54/@npmcli/git:4.1.0

Identifiers

lru-cache:6.0.0

Description:

A cache object that deletes the least-recently-used items.

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/lru-cache:6.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/semver:7.5.4
  • simplicite-js:5.2.54

Identifiers

lru-cache:7.18.3

Description:

A cache object that deletes the least-recently-used items.

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/lru-cache:7.18.3

Referenced In Project/Scope: simplicite-js:5.2.54

Identifiers

lucene-core-8.9.0.jar

Description:

Apache Lucene Java Core

File Path: /var/simplicite/.m2/repository/org/apache/lucene/lucene-core/8.9.0/lucene-core-8.9.0.jar
MD5: 7128480b9293b6f225719688eb9bedf8
SHA1: 5c3f72357089f7f0c1ef44bbe7b4c67b6149a5af
SHA256:5b0b8be0f86cc2d8aa9d0790624f7f9b8e895abd32752238829c6f0c69a902b8
Referenced In Project/Scope: Simplicite Platform:compile
lucene-core-8.9.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

luxon:1.28.1

Description:

Immutable date wrapper

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/luxon:1.28.1

Referenced In Project/Scope: simplicite-js:5.2.54

Identifiers

lz4-java-1.8.0.jar

Description:

Java ports and bindings of the LZ4 compression algorithm and the xxHash hashing algorithm

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/lz4/lz4-java/1.8.0/lz4-java-1.8.0.jar
MD5: 936a927700aa8fc3b75d21d7571171f6
SHA1: 4b986a99445e49ea5fbf5d149c4b63f6ed6c6780
SHA256:d74a3334fb35195009b338a951f918203d6bbca3d1d359033dc33edd1cadc9ef
Referenced In Project/Scope: Simplicite Platform:runtime
lz4-java-1.8.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.kafka/kafka-clients@3.3.1

Identifiers

magic-string:0.30.0

Description:

Modify strings, generate sourcemaps

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/magic-string:0.30.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@vue/compiler-sfc:3.3.4
  • simplicite-js:5.2.54/@vue/reactivity-transform:3.3.4
  • simplicite-js:5.2.54

Identifiers

make-dir:2.1.0

Description:

Make a directory and its parents if needed - Think `mkdir -p`

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/make-dir:2.1.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/find-cache-dir:2.1.0
  • simplicite-js:5.2.54/@babel/cli:7.23.9
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/@babel/register:7.23.7

Identifiers

make-dir:3.1.0

Description:

Make a directory and its parents if needed - Think `mkdir -p`

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/make-dir:3.1.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/configstore:5.0.1

Identifiers

make-fetch-happen:11.1.1

Description:

Opinionated, caching, retrying fetch client

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?tuf-js:1.1.7/make-fetch-happen:^11.1.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/npm-registry-fetch:14.0.5
  • simplicite-js:5.2.54/sigstore:1.8.0
  • simplicite-js:5.2.54/node-gyp:9.4.0
  • simplicite-js:5.2.54/npm-check-updates:16.14.14
  • simplicite-js:5.2.54/tuf-js:1.1.7
  • simplicite-js:5.2.54

Identifiers

map-obj:1.0.1

Description:

Map object keys and values into a new object

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/map-obj:1.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/decamelize-keys:1.1.1

Identifiers

map-obj:4.3.0

Description:

Map object keys and values into a new object

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/map-obj:4.3.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/camelcase-keys:6.2.2
  • simplicite-js:5.2.54

Identifiers

markdown-it-anchor:8.6.7

Description:

Header anchors for markdown-it.

License:

Unlicense
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/markdown-it-anchor:8.6.7

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/jsdoc:4.0.2
  • simplicite-js:5.2.54

Identifiers

markdown-it:12.3.2

Description:

Markdown-it - modern pluggable markdown parser.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/markdown-it:12.3.2

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/jsdoc:4.0.2
  • simplicite-js:5.2.54

Identifiers

marked:1.2.9

Description:

A markdown parser built for speed

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/marked:1.2.9

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/npm-audit-html:1.5.0
  • simplicite-js:5.2.54

Identifiers

CVE-2021-21306  

Marked is an open-source markdown parser and compiler (npm package "marked"). In marked from version 1.1.1 and before version 2.0.0, there is a Regular expression Denial of Service vulnerability. This vulnerability can affect anyone who runs user generated code through marked. This vulnerability is fixed in version 2.0.0.
CWE-400 Uncontrolled Resource Consumption

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

CVE-2022-21680  

Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression `block.def` may cause catastrophic backtracking against some strings and lead to a regular expression denial of service (ReDoS). Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a worker with a time limit may be affected. This issue is patched in version 4.0.10. As a workaround, avoid running untrusted markdown through marked or run marked on a worker thread and set a reasonable time limit to prevent draining resources.
CWE-1333 Inefficient Regular Expression Complexity

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

CVE-2022-21681  

Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression `inline.reflinkSearch` may cause catastrophic backtracking against some strings and lead to a denial of service (DoS). Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a worker with a time limit may be affected. This issue is patched in version 4.0.10. As a workaround, avoid running untrusted markdown through marked or run marked on a worker thread and set a reasonable time limit to prevent draining resources.
CWE-1333 Inefficient Regular Expression Complexity

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

GHSA-5v2h-r2cx-5xgj (NPM)  

### Impact

_What kind of vulnerability is it?_

Denial of service.

The regular expression `inline.reflinkSearch` may cause catastrophic backtracking against some strings.
PoC is the following.

```javascript
import * as marked from 'marked';

console.log(marked.parse(`[x]: x

\\[\\](\\[\\](\\[\\](\\[\\](\\[\\](\\[\\](\\[\\](\\[\\](\\[\\](\\[\\](\\[\\](\\[\\](\\[\\](\\[\\](\\[\\](\\[\\](\\[\\](\\[\\](\\[\\](\\[\\](\\[\\](\\[\\](\\[\\](\\[\\](\\[\\](\\[\\](\\[\\](\\[\\](\\[\\](\\[\\](`));
```

_Who is impacted?_

Anyone who runs untrusted markdown through marked and does not use a worker with a time limit.

### Patches

_Has the problem been patched?_

Yes

_What versions should users upgrade to?_

4.0.10

### Workarounds

_Is there a way for users to fix or remediate the vulnerability without upgrading?_

Do not run untrusted markdown through marked or run marked on a [worker](https://marked.js.org/using_advanced#workers) thread and set a reasonable time limit to prevent draining resources.

### References

_Are there any links users can visit to find out more?_

- https://marked.js.org/using_advanced#workers
- https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS

### For more information

If you have any questions or comments about this advisory:

* Open an issue in [marked](https://github.com/markedjs/marked)
CWE-1333 Inefficient Regular Expression Complexity

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Unscored:
  • Severity: high

References:

Vulnerable Software & Versions (NPM):

  • cpe:2.3:a:*:marked:\<4.0.10:*:*:*:*:*:*:*

GHSA-rrrm-qjm4-v8hf (NPM)  

### Impact

_What kind of vulnerability is it?_

Denial of service.

The regular expression `block.def` may cause catastrophic backtracking against some strings.
PoC is the following.

```javascript
import * as marked from "marked";

marked.parse(`[x]:${' '.repeat(1500)}x ${' '.repeat(1500)} x`);
```

_Who is impacted?_

Anyone who runs untrusted markdown through marked and does not use a worker with a time limit.

### Patches

_Has the problem been patched?_

Yes

_What versions should users upgrade to?_

4.0.10

### Workarounds

_Is there a way for users to fix or remediate the vulnerability without upgrading?_

Do not run untrusted markdown through marked or run marked on a [worker](https://marked.js.org/using_advanced#workers) thread and set a reasonable time limit to prevent draining resources.

### References

_Are there any links users can visit to find out more?_

- https://marked.js.org/using_advanced#workers
- https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS

### For more information

If you have any questions or comments about this advisory:

* Open an issue in [marked](https://github.com/markedjs/marked)
CWE-400 Uncontrolled Resource Consumption, CWE-1333 Inefficient Regular Expression Complexity

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Unscored:
  • Severity: high

References:

Vulnerable Software & Versions (NPM):

  • cpe:2.3:a:*:marked:\<4.0.10:*:*:*:*:*:*:*

GHSA-4r62-v4vq-hr96 (NPM)  

### Impact
_What kind of vulnerability is it? Who is impacted?_

[Regular expression Denial of Service](https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS)

A Denial of Service attack can affect anyone who runs user generated code through `marked`.

### Patches
_Has the problem been patched? What versions should users upgrade to?_

patched in v2.0.0

### Workarounds
_Is there a way for users to fix or remediate the vulnerability without upgrading?_

None.

### References
_Are there any links users can visit to find out more?_

https://github.com/markedjs/marked/issues/1927
https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS

### For more information
If you have any questions or comments about this advisory:
* Open an issue in [marked](https://github.com/markedjs/marked/issues)
CWE-400 Uncontrolled Resource Consumption

CVSSv3:
  • Base Score: MEDIUM (5.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Unscored:
  • Severity: moderate

References:

Vulnerable Software & Versions (NPM):

  • cpe:2.3:a:*:marked:\>\=1.1.1\<2.0.0:*:*:*:*:*:*:*

marked:3.0.4

Description:

A markdown parser built for speed

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/marked:3.0.4

Referenced In Project/Scope: simplicite-js:5.2.54

Identifiers

CVE-2022-21680  

Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression `block.def` may cause catastrophic backtracking against some strings and lead to a regular expression denial of service (ReDoS). Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a worker with a time limit may be affected. This issue is patched in version 4.0.10. As a workaround, avoid running untrusted markdown through marked or run marked on a worker thread and set a reasonable time limit to prevent draining resources.
CWE-1333 Inefficient Regular Expression Complexity

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

CVE-2022-21681  

Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression `inline.reflinkSearch` may cause catastrophic backtracking against some strings and lead to a denial of service (DoS). Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a worker with a time limit may be affected. This issue is patched in version 4.0.10. As a workaround, avoid running untrusted markdown through marked or run marked on a worker thread and set a reasonable time limit to prevent draining resources.
CWE-1333 Inefficient Regular Expression Complexity

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

marked:4.3.0

Description:

A markdown parser built for speed

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/marked:4.3.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/jsdoc:4.0.2
  • simplicite-js:5.2.54

Identifiers

mathml-tag-names:2.1.3

Description:

List of known MathML tag-names

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?stylelint:14.16.1/mathml-tag-names:^2.1.3

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/stylelint:14.16.1
  • simplicite-js:5.2.54

Identifiers

mchange-commons-java-0.2.19.jar

Description:

mchange-commons-java

License:

GNU Lesser General Public License, Version 2.1: http://www.gnu.org/licenses/lgpl-2.1.html
Eclipse Public License, Version 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: /var/simplicite/.m2/repository/com/mchange/mchange-commons-java/0.2.19/mchange-commons-java-0.2.19.jar
MD5: 795d7e75026388f4d90aa9719666e5db
SHA1: 7a4bee38ea02bd7dee776869b19fb3f6861d6acf
SHA256:03761838ba2a7c9cce56ba84781633f107c8befb4e3607b336ee3010f915165d
Referenced In Project/Scope: Simplicite Platform:compile
mchange-commons-java-0.2.19.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.mchange/c3p0@0.9.5.5

Identifiers

mdurl:1.0.1

Description:

URL utilities for markdown-it

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/mdurl:1.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/markdown-it:12.3.2

Identifiers

meow:9.0.0

Description:

CLI app helper

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?stylelint:14.16.1/meow:^9.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/npm-check:6.0.1
  • simplicite-js:5.2.54/stylelint:14.16.1
  • simplicite-js:5.2.54

Identifiers

merge-stream:2.0.0

Description:

Create a stream that emits events from multiple other streams

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/merge-stream:2.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/execa:5.1.1
  • simplicite-js:5.2.54

Identifiers

merge2:1.4.1

Description:

Merge multiple streams into one stream in sequence or parallel.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/merge2:1.4.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/globby:11.1.0
  • simplicite-js:5.2.54/fast-glob:3.3.0

Identifiers

micromatch:4.0.5

Description:

Glob matching for javascript/node.js. A replacement and faster alternative to minimatch and multimatch.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?stylelint:14.16.1/micromatch:^4.0.5

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/stylelint:14.16.1
  • simplicite-js:5.2.54/find-yarn-workspace-root2:1.2.16
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/fast-glob:3.3.0

Identifiers

mimic-fn:2.1.0

Description:

Make a function mimic another one

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?onetime:5.1.2/mimic-fn:^2.1.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/onetime:5.1.2
  • simplicite-js:5.2.54

Identifiers

mimic-response:1.0.1

Description:

Mimic a Node.js HTTP response stream

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/mimic-response:1.0.1

Referenced In Project/Scope: simplicite-js:5.2.54

Identifiers

mimic-response:3.1.0

Description:

Mimic a Node.js HTTP response stream

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/mimic-response:3.1.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/decompress-response:6.0.0
  • simplicite-js:5.2.54

Identifiers

mimic-response:4.0.0

Description:

Mimic a Node.js HTTP response stream

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/mimic-response:4.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/decompress-response:3.3.0
  • simplicite-js:5.2.54/cacheable-request:10.2.12
  • simplicite-js:5.2.54/clone-response:1.0.3
  • simplicite-js:5.2.54/got:9.6.0
  • simplicite-js:5.2.54

Identifiers

min-indent:1.0.1

Description:

Get the shortest leading whitespace from lines in a string

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?strip-indent:3.0.0/min-indent:^1.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/strip-indent:3.0.0
  • simplicite-js:5.2.54

Identifiers

minimatch:3.1.2

Description:

a glob matcher in javascript

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?npm-check:6.0.1/minimatch:^3.0.2

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/npm-check:6.0.1
  • simplicite-js:5.2.54/glob:7.2.3
  • simplicite-js:5.2.54/multimatch:5.0.0
  • simplicite-js:5.2.54/ignore-walk:6.0.3
  • simplicite-js:5.2.54/@eslint/eslintrc:2.1.4
  • simplicite-js:5.2.54/jshint:2.13.1
  • simplicite-js:5.2.54/npm-check-updates:16.14.14
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/@humanwhocodes/config-array:0.11.13
  • simplicite-js:5.2.54/depcheck:1.4.3
  • simplicite-js:5.2.54/@tufjs/models:1.0.4
  • simplicite-js:5.2.54/eslint:8.56.0
  • simplicite-js:5.2.54/glob:10.3.10
  • simplicite-js:5.2.54/glob:10.3.3

Identifiers

minimatch:9.0.3

Description:

a glob matcher in javascript

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/minimatch:9.0.3

Referenced In Project/Scope: simplicite-js:5.2.54

Identifiers

minimist-options:4.1.0

Description:

Pretty options for minimist

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/minimist-options:4.1.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/meow:9.0.0
  • simplicite-js:5.2.54

Identifiers

minimist:1.2.8

Description:

parse argument options

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?split-text-to-chunks:1.0.0/minimist:^1.2.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/rc:1.2.8
  • simplicite-js:5.2.54/split-text-to-chunks:1.0.0
  • simplicite-js:5.2.54/handlebars:4.7.7
  • simplicite-js:5.2.54

Identifiers

minipass-collect:1.0.2

Description:

A Minipass stream that collects all the data into a single chunk

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/minipass-collect:1.0.2

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/cacache:17.1.3
  • simplicite-js:5.2.54

Identifiers

minipass-fetch:3.0.3

Description:

An implementation of window.fetch in Node.js using Minipass streams

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?npm-registry-fetch:14.0.5/minipass-fetch:^3.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/npm-registry-fetch:14.0.5
  • simplicite-js:5.2.54/make-fetch-happen:11.1.1
  • simplicite-js:5.2.54

Identifiers

minipass-flush:1.0.5

Description:

A Minipass stream that calls a flush function before emitting 'end'

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/minipass-flush:1.0.5

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/make-fetch-happen:11.1.1
  • simplicite-js:5.2.54/cacache:17.1.3
  • simplicite-js:5.2.54

Identifiers

minipass-json-stream:1.0.1

Description:

Like JSONStream, but using Minipass streams

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?npm-registry-fetch:14.0.5/minipass-json-stream:^1.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/npm-registry-fetch:14.0.5
  • simplicite-js:5.2.54

Identifiers

minipass-pipeline:1.2.4

Description:

create a pipeline of streams using Minipass

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/minipass-pipeline:1.2.4

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/make-fetch-happen:11.1.1
  • simplicite-js:5.2.54/cacache:17.1.3
  • simplicite-js:5.2.54

Identifiers

minipass-sized:1.0.3

Description:

A Minipass stream that raises an error if you get a different number of bytes than expected

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/minipass-sized:1.0.3

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/minipass-fetch:3.0.3
  • simplicite-js:5.2.54

Identifiers

minipass:3.3.6

Description:

minimal implementation of a PassThrough stream

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/minipass:3.3.6

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/minipass-pipeline:1.2.4
  • simplicite-js:5.2.54/fs-minipass:2.1.0
  • simplicite-js:5.2.54/minipass-sized:1.0.3
  • simplicite-js:5.2.54/minipass-json-stream:1.0.1
  • simplicite-js:5.2.54/minizlib:2.1.2
  • simplicite-js:5.2.54/minipass-flush:1.0.5
  • simplicite-js:5.2.54/minipass-collect:1.0.2
  • simplicite-js:5.2.54

Identifiers

minipass:5.0.0

Description:

minimal implementation of a PassThrough stream

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?tar:6.1.15/minipass:^5.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/npm-registry-fetch:14.0.5
  • simplicite-js:5.2.54/make-fetch-happen:11.1.1
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/ssri:10.0.4
  • simplicite-js:5.2.54/path-scurry:1.10.1
  • simplicite-js:5.2.54/fs-minipass:3.0.2
  • simplicite-js:5.2.54/tar:6.1.15
  • simplicite-js:5.2.54/glob:10.3.10
  • simplicite-js:5.2.54/minipass-fetch:3.0.3
  • simplicite-js:5.2.54/cacache:17.1.3
  • simplicite-js:5.2.54/pacote:15.2.0
  • simplicite-js:5.2.54/glob:10.3.3

Identifiers

minizlib:2.1.2

Description:

A small fast zlib stream built on [minipass](http://npm.im/minipass) and Node.js's zlib binding.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?tar:6.1.15/minizlib:^2.1.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/npm-registry-fetch:14.0.5
  • simplicite-js:5.2.54/tar:6.1.15
  • simplicite-js:5.2.54/minipass-fetch:3.0.3
  • simplicite-js:5.2.54

Identifiers

mkdirp:1.0.4

Description:

Recursively mkdir, like `mkdir -p`

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?tar:6.1.15/mkdirp:^1.0.3

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/jsdoc:4.0.2
  • simplicite-js:5.2.54/tar:6.1.15
  • simplicite-js:5.2.54

Identifiers

mockito-core-4.5.1.jar

Description:

Mockito mock objects library core API and implementation

License:

The MIT License: https://github.com/mockito/mockito/blob/main/LICENSE
File Path: /var/simplicite/.m2/repository/org/mockito/mockito-core/4.5.1/mockito-core-4.5.1.jar
MD5: 839f61b6c516e873a28b4830c18a0a06
SHA1: 0ed456e623e5afc6f4cee3ae58144e5c45f3b3bf
SHA256:0b66f11abbb39eaffb05989109892a50fd344d633a3b3587726ef1fe5fc8ab78
Referenced In Project/Scope: Simplicite Platform:compile
mockito-core-4.5.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

moment-timezone:0.5.34

Description:

Parse and display moments in any timezone.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/moment-timezone:0.5.34

Referenced In Project/Scope: simplicite-js:5.2.54

Identifiers

GHSA-v78c-4p63-2j6c (NPM)  

### Impact

* if Alice uses `grunt data` (or `grunt release`) to prepare a custom-build, moment-timezone with the latest tzdata from IANA's website
* and Mallory intercepts the request to IANA's unencrypted ftp server, Mallory can serve data which might exploit further stages of the moment-timezone tzdata pipeline, or potentially produce a tainted version of moment-timezone (practicality of such attacks is not proved)

### Patches
Problem has been patched in version 0.5.35, patch should be applicable with minor modifications to all affected versions. The patch includes changing the FTP endpoint with an HTTPS endpoint.

### Workarounds
Specify the exact version of tzdata (like `2014d`, full command being `grunt data:2014d`, then run the rest of the release tasks by hand), or just apply the patch before issuing the grunt command.
CWE-319 Cleartext Transmission of Sensitive Information

Unscored:
  • Severity: moderate

References:

Vulnerable Software & Versions (NPM):

  • cpe:2.3:a:*:moment-timezone:\>\=0.1.0\<0.5.35:*:*:*:*:*:*:*

GHSA-56x4-j7p9-fcf9 (NPM)  

### Impact

All versions of moment-timezone from 0.1.0 contain build tasks vulnerable to command injection.

* if Alice uses tzdata pipeline to package moment-timezone on her own (for example via `grunt data:2014d`, where `2014d` stands for the version of the tzdata to be used from IANA's website),
* and Alice let's Mallory select the version (`2014d` in our example), then Mallory can execute arbitrary commands on the machine running the grunt task, with the same privilege as the grunt task

#### Am I affected?

##### Do you build custom versions of moment-timezone with grunt?

If no, you're not affected.

##### Do you allow a third party to specify which particular version you want build?

If yes, you're vulnerable to command injection -- third party may execute arbitrary commands on the system running grunt task with the same privileges as grunt task.

### Description

#### Command Injection via grunt-zdownload.js and MITM on iana's ftp endpoint

The `tasks/data-download.js` script takes in a parameter from grunt and uses it to form a command line which is then executed:

```
6  module.exports = function (grunt) {
7      grunt.registerTask('data-download', '1. Download data from iana.org/time-zones.', function (version) {
8          version = version || 'latest';

10          var done  = this.async(),
11              src   = 'ftp://ftp.iana.org/tz/tzdata-latest.tar.gz',
12              curl  = path.resolve('temp/curl', version, 'data.tar.gz'),
13              dest  = path.resolve('temp/download', version);
...
24          exec('curl ' + src + ' -o ' + curl + ' && cd ' + dest + ' && gzip -dc ' + curl + ' | tar -xf -', function (err) {
```

Ordinarily, one one run this script using something like `grunt data-download:2014d`, in which case version would have the value `2014d`. However, if an attacker were to provide additional content on the command line, they would be able to execute arbitrary code

```
root@e94ba0490b65:/usr/src/app/moment-timezone# grunt 'data-download:2014d ; echo flag>/tmp/foo #'
\Running "data-download:2014d ; echo flag>/tmp/foo #" (data-download) task
>> Downloading https://data.iana.org/time-zones/releases/tzdata2014d ; echo flag>/tmp/foo #.tar.gz
>> Downloaded https://data.iana.org/time-zones/releases/tzdata2014d ; echo flag>/tmp/foo #.tar.gz

Done.
root@e94ba0490b65:/usr/src/app/moment-timezone# cat /tmp/foo
flag
```

#### Command Injection via data-zdump.js

The `tasks/data-zdump.js` script reads a list of files present in a temporary directory (created by previous tasks), and for each one, assembles and executes a command line without sanitization. As a result, an attacker able to influence the contents of that directory could gain code execution. This attack is exacerbated by timezone data being downloaded via cleartext FTP (described above), but beyond that, an attacker at iana.org able to modify the timezone files could disrupt any systems that build moment-timezone.

```
15              files     = grunt.file.expand({ filter : 'isFile', cwd : 'temp/zic/' + version }, '**/*');
...
27          function next () {
...
33              var file = files.pop(),
34                  src  = path.join(zicBase, file),
35                  dest = path.join(zdumpBase, file);
36              exec('zdump -v ' + src, { maxBuffer: 20*1024*1024 }, function (err, stdout) {
```

In this case, an attacker able to add a file to `temp/zic/2014d` (for example) with a filename like `Z; curl www.example.com` would influence the called to exec on line 36 and run arbitrary code. There are a few minor challenges in exploiting this, since the string needs to be a valid filename.

#### Command Injection via data-zic.js

Similar to the vulnerability in /tasks/data-download.js, the /tasks/data-zic.js script takes a version from the command line and uses it as part of a command line, executed without sanitization.

```
10          var done  = this.async(),
11              dest  = path.resolve('temp/zic', version),
...
22              var file = files.shift(),
23                  src = path.resolve('temp/download', version, file);
24
25              exec('zic -d ' + dest + ' ' + src, function (err) {
```

As a result, an attacker able to influence that string can run arbitrary commands. Of course, it requires an attacker able to influence the command passed to grunt, so may be unlikely in practice.

```
root@e94ba0490b65:/usr/src/app/moment-timezone# grunt 'data-zic:2014d; echo hi > /tmp/evil; echo '
Running "data-zic:2014d; echo hi > /tmp/evil; echo " (data-zic) task
exec: zid -d /usr/src/app/moment-timezone/temp/zic/2014d; echo hi > /tmp/evil; echo  /usr/src/app/moment-timezone/temp/download/2014d; echo hi > /tmp/evil; echo /africa
...

root@e94ba0490b65:/usr/src/app/moment-timezone# cat /tmp/evil
hi
```

### Patches

The supplied patch on top of 0.5.34 is applicable with minor tweaks to all affected versions. It switches `exec` to `execFile` so arbitrary bash fragments won't be executed any more.

### References

* https://knowledge-base.secureflag.com/vulnerabilities/code_injection/os_command_injection_nodejs.html
* https://auth0.com/blog/preventing-command-injection-attacks-in-node-js-apps/
Unscored:
  • Severity: low

References:

Vulnerable Software & Versions (NPM):

  • cpe:2.3:a:*:moment-timezone:\>\=0.1.0\<0.5.35:*:*:*:*:*:*:*

moment:2.29.4

Description:

Parse, validate, manipulate, and display dates

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?npm-audit-html:1.5.0/moment:^2.29.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/npm-audit-html:1.5.0
  • simplicite-js:5.2.54/chart.js:2.9.4
  • simplicite-js:5.2.54/moment-timezone:0.5.34
  • simplicite-js:5.2.54

Identifiers

mongodb-driver-core-3.12.12.jar

Description:

The Java operations layer for the MongoDB Java Driver.
 Third parties can wrap this layer to provide custom higher-level APIs

License:

The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/mongodb/mongodb-driver-core/3.12.12/mongodb-driver-core-3.12.12.jar
MD5: 909a1ce74cb81db2a2686d958fa1ecd0
SHA1: f0ce8a99d1b3705fd2702c3532036bbb68f88221
SHA256:9103fe4e5d95f752614de7f074a2953119a8fba87c5e3dba1c806139c8c42382
Referenced In Project/Scope: Simplicite Platform:compile
mongodb-driver-core-3.12.12.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.mongodb/mongodb-driver@3.12.12

Identifiers

ms:2.1.2

Description:

Tiny millisecond conversion utility

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/ms:2.1.2

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/debug:4.3.4
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/humanize-ms:1.2.1

Identifiers

mssql-jdbc-12.4.1.jre8.jar

Description:

		Microsoft JDBC Driver for SQL Server.

License:

MIT License: http://www.opensource.org/licenses/mit-license.php
File Path: /var/simplicite/.m2/repository/com/microsoft/sqlserver/mssql-jdbc/12.4.1.jre8/mssql-jdbc-12.4.1.jre8.jar
MD5: 56461011bb8aae30f3f0b8d1ff1a8159
SHA1: 9654deb288383d3048cd907c65ada3832d58ccc0
SHA256:0a2e7d30b539d0397eae652cb57edcfc1740249fc608260ba9ccabc46af683b1
Referenced In Project/Scope: Simplicite Platform:runtime
mssql-jdbc-12.4.1.jre8.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

multimatch:5.0.0

Description:

Extends `minimatch.match()` with support for multiple patterns

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/multimatch:5.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/depcheck:1.4.3

Identifiers

mustache:4.2.0

Description:

Logic-less {{mustache}} templates with JavaScript

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/mustache:4.2.0

Referenced In Project/Scope: simplicite-js:5.2.54

Identifiers

mute-stream:0.0.8

Description:

Bytes go in, but they don't come out (when muted).

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/mute-stream:0.0.8

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/inquirer:7.3.3
  • simplicite-js:5.2.54

Identifiers

mysql-connector-j-8.1.0.jar

Description:

JDBC Type 4 driver for MySQL.

License:

The GNU General Public License, v2 with Universal FOSS Exception, v1.0
File Path: /var/simplicite/.m2/repository/com/mysql/mysql-connector-j/8.1.0/mysql-connector-j-8.1.0.jar
MD5: e84fdafa40e6625878f79efc7339d93b
SHA1: 3f78d2963935f44a61edb3961a591cdc392c8941
SHA256:e2e657e9c5ebe06a73485c9739ebd8a18e7bebb852a58d0da287da850beca1c7
Referenced In Project/Scope: Simplicite Platform:runtime
mysql-connector-j-8.1.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

CVE-2023-22102  

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J).  Supported versions that are affected are 8.1.0 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Connectors, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
NVD-CWE-noinfo

CVSSv3:
  • Base Score: HIGH (8.3)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

nanoid:3.3.6

Description:

A tiny (116 bytes), secure URL-friendly unique string ID generator

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?postcss:8.4.24/nanoid:^3.3.6

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/postcss:8.4.24
  • simplicite-js:5.2.54

Identifiers

natural-compare:1.4.0

Description:

Compare strings containing a mix of letters and numbers in the way a human being would in sort order.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/natural-compare:1.4.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/eslint:8.56.0
  • simplicite-js:5.2.54

Identifiers

negotiator:0.6.3

Description:

HTTP content negotiation

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/negotiator:0.6.3

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/make-fetch-happen:11.1.1
  • simplicite-js:5.2.54

Identifiers

neo-async:2.6.2

Description:

Neo-Async is a drop-in replacement for Async, it almost fully covers its functionality and runs faster

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/neo-async:2.6.2

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/handlebars:4.7.7
  • simplicite-js:5.2.54

Identifiers

netty-codec-4.1.59.Final.jar

Description:

Netty is an asynchronous event-driven network application framework for    rapid development of maintainable high performance protocol servers and    clients.

License:

https://www.apache.org/licenses/LICENSE-2.0
File Path: /var/simplicite/.m2/repository/io/netty/netty-codec/4.1.59.Final/netty-codec-4.1.59.Final.jar
MD5: f38a8ce1d0a9a7a93032f759ef5af0dd
SHA1: 5e563309b99cf55bdbecc4dab7c417a0167c31aa
SHA256:7f65a27aed141fef0e1601dc6e7172f0d337ca5bdce0162b60a5b07be4929547
Referenced In Project/Scope: Simplicite Platform:compile
netty-codec-4.1.59.Final.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/io.netty/netty-handler@4.1.59.Final

Identifiers

CVE-2021-37136  

The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack
CWE-400 Uncontrolled Resource Consumption

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2021-37137  

The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well. This vulnerability can be triggered by supplying malicious input that decompresses to a very big size (via a network stream or a file) or by sending a huge skippable chunk.
CWE-400 Uncontrolled Resource Consumption

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2022-41881  

Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version 4.1.86.Final. There is no workaround, except using a custom HaProxyMessageDecoder.
CWE-674 Uncontrolled Recursion

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

CVE-2023-44487  

CISA Known Exploited Vulnerability:
  • Product: IETF HTTP/2
  • Name: HTTP/2 Rapid Reset Attack Vulnerability
  • Date Added: 2023-10-10
  • Description: HTTP/2 contains a rapid reset vulnerability that allows for a distributed denial-of-service attack (DDoS).
  • Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Due Date: 2023-10-31
  • Notes: https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
CWE-400 Uncontrolled Resource Consumption

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2021-43797  

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Netty prior to version 4.1.71.Final skips control chars when they are present at the beginning / end of the header name. It should instead fail fast as these are not allowed by the spec and could lead to HTTP request smuggling. Failing to do the validation might cause netty to "sanitize" header names before it forward these to another remote system when used as proxy. This remote system can't see the invalid usage anymore, and therefore does not do the validation itself. Users should upgrade to version 4.1.71.Final.
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2022-41915 (OSSINDEX)  

Netty project is an event-driven asynchronous network application framework. Starting in version 4.1.83.Final and prior to 4.1.86.Final, when calling `DefaultHttpHeadesr.set` with an _iterator_ of values, header value validation was not performed, allowing malicious header values in the iterator to perform HTTP Response Splitting. This issue has been patched in version 4.1.86.Final. Integrators can work around the issue by changing the `DefaultHttpHeaders.set(CharSequence, Iterator<?>)` call, into a `remove()` call, and call `add()` in a loop over the iterator of values.

Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2022-41915 for details
CWE-113 Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')

CVSSv2:
  • Base Score: MEDIUM (6.5)
  • Vector: /AV:N/AC:L/Au:/C:L/I:L/A:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:io.netty:netty-codec:4.1.59.Final:*:*:*:*:*:*:*

CVE-2023-34462  

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `SniHandler` can allocate up to 16MB of heap for each channel during the TLS handshake. When the handler or the channel does not have an idle timeout, it can be used to make a TCP server using the `SniHandler` to allocate 16MB of heap. The `SniHandler` class is a handler that waits for the TLS handshake to configure a `SslHandler` according to the indicated server name by the `ClientHello` record. For this matter it allocates a `ByteBuf` using the value defined in the `ClientHello` record. Normally the value of the packet should be smaller than the handshake packet but there are not checks done here and the way the code is written, it is possible to craft a packet that makes the `SslClientHelloHandler`. This vulnerability has been fixed in version 4.1.94.Final.
CWE-400 Uncontrolled Resource Consumption

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

CVE-2021-21295  

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.60.Final there is a vulnerability that enables request smuggling. If a Content-Length header is present in the original HTTP/2 request, the field is not validated by `Http2MultiplexHandler` as it is propagated up. This is fine as long as the request is not proxied through as HTTP/1.1. If the request comes in as an HTTP/2 stream, gets converted into the HTTP/1.1 domain objects (`HttpRequest`, `HttpContent`, etc.) via `Http2StreamFrameToHttpObjectCodec `and then sent up to the child channel's pipeline and proxied through a remote peer as HTTP/1.1 this may result in request smuggling. In a proxy case, users may assume the content-length is validated somehow, which is not the case. If the request is forwarded to a backend channel that is a HTTP/1.1 connection, the Content-Length now has meaning and needs to be checked. An attacker can smuggle requests inside the body as it gets downgraded from HTTP/2 to HTTP/1.1. For an example attack refer to the linked GitHub Advisory. Users are only affected if all of this is true: `HTTP2MultiplexCodec` or `Http2FrameCodec` is used, `Http2StreamFrameToHttpObjectCodec` is used to convert to HTTP/1.1 objects, and these HTTP/1.1 objects are forwarded to another remote peer. This has been patched in 4.1.60.Final As a workaround, the user can do the validation by themselves by implementing a custom `ChannelInboundHandler` that is put in the `ChannelPipeline` behind `Http2StreamFrameToHttpObjectCodec`.
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

CVSSv2:
  • Base Score: LOW (2.6)
  • Vector: /AV:N/AC:H/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (5.9)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2021-21409  

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.61.Final there is a vulnerability that enables request smuggling. The content-length header is not correctly validated if the request only uses a single Http2HeaderFrame with the endStream set to to true. This could lead to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. This is a followup of GHSA-wm47-8v5p-wjpj/CVE-2021-21295 which did miss to fix this one case. This was fixed as part of 4.1.61.Final.
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (5.9)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2022-24823  

Netty is an open-source, asynchronous event-driven network application framework. The package `io.netty:netty-codec-http` prior to version 4.1.77.Final contains an insufficient fix for CVE-2021-21290. When Netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. This only impacts applications running on Java version 6 and lower. Additionally, this vulnerability impacts code running on Unix-like systems, and very old versions of Mac OSX and Windows as they all share the system temporary directory between all users. Version 4.1.77.Final contains a patch for this vulnerability. As a workaround, specify one's own `java.io.tmpdir` when starting the JVM or use DefaultHttpDataFactory.setBaseDir(...) to set the directory to something that is only readable by the current user.
CWE-378 Creation of Temporary File With Insecure Permissions, CWE-379 Creation of Temporary File in Directory with Insecure Permissions, CWE-668 Exposure of Resource to Wrong Sphere

CVSSv2:
  • Base Score: LOW (1.9)
  • Vector: /AV:L/AC:M/Au:N/C:P/I:N/A:N
CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

netty-codec-http-4.1.59.Final.jar

Description:

Netty is an asynchronous event-driven network application framework for    rapid development of maintainable high performance protocol servers and    clients.

License:

https://www.apache.org/licenses/LICENSE-2.0
File Path: /var/simplicite/.m2/repository/io/netty/netty-codec-http/4.1.59.Final/netty-codec-http-4.1.59.Final.jar
MD5: 14eb72d0a3b44d64949575ec5e1121d7
SHA1: 766327d675678686a05faa446c4413d8ccb79b5c
SHA256:79cfb3a2bfe87f5f0f3a969bab783724eeee78d1fecef2fe841beddf947336b7
Referenced In Project/Scope: Simplicite Platform:compile
netty-codec-http-4.1.59.Final.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

CVE-2021-37136  

The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack
CWE-400 Uncontrolled Resource Consumption

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2021-37137  

The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well. This vulnerability can be triggered by supplying malicious input that decompresses to a very big size (via a network stream or a file) or by sending a huge skippable chunk.
CWE-400 Uncontrolled Resource Consumption

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2022-41881  

Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version 4.1.86.Final. There is no workaround, except using a custom HaProxyMessageDecoder.
CWE-674 Uncontrolled Recursion

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

CVE-2023-44487  

CISA Known Exploited Vulnerability:
  • Product: IETF HTTP/2
  • Name: HTTP/2 Rapid Reset Attack Vulnerability
  • Date Added: 2023-10-10
  • Description: HTTP/2 contains a rapid reset vulnerability that allows for a distributed denial-of-service attack (DDoS).
  • Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Due Date: 2023-10-31
  • Notes: https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
CWE-400 Uncontrolled Resource Consumption

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2021-43797  

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Netty prior to version 4.1.71.Final skips control chars when they are present at the beginning / end of the header name. It should instead fail fast as these are not allowed by the spec and could lead to HTTP request smuggling. Failing to do the validation might cause netty to "sanitize" header names before it forward these to another remote system when used as proxy. This remote system can't see the invalid usage anymore, and therefore does not do the validation itself. Users should upgrade to version 4.1.71.Final.
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2023-34462  

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `SniHandler` can allocate up to 16MB of heap for each channel during the TLS handshake. When the handler or the channel does not have an idle timeout, it can be used to make a TCP server using the `SniHandler` to allocate 16MB of heap. The `SniHandler` class is a handler that waits for the TLS handshake to configure a `SslHandler` according to the indicated server name by the `ClientHello` record. For this matter it allocates a `ByteBuf` using the value defined in the `ClientHello` record. Normally the value of the packet should be smaller than the handshake packet but there are not checks done here and the way the code is written, it is possible to craft a packet that makes the `SslClientHelloHandler`. This vulnerability has been fixed in version 4.1.94.Final.
CWE-400 Uncontrolled Resource Consumption

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

CVE-2021-21295  

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.60.Final there is a vulnerability that enables request smuggling. If a Content-Length header is present in the original HTTP/2 request, the field is not validated by `Http2MultiplexHandler` as it is propagated up. This is fine as long as the request is not proxied through as HTTP/1.1. If the request comes in as an HTTP/2 stream, gets converted into the HTTP/1.1 domain objects (`HttpRequest`, `HttpContent`, etc.) via `Http2StreamFrameToHttpObjectCodec `and then sent up to the child channel's pipeline and proxied through a remote peer as HTTP/1.1 this may result in request smuggling. In a proxy case, users may assume the content-length is validated somehow, which is not the case. If the request is forwarded to a backend channel that is a HTTP/1.1 connection, the Content-Length now has meaning and needs to be checked. An attacker can smuggle requests inside the body as it gets downgraded from HTTP/2 to HTTP/1.1. For an example attack refer to the linked GitHub Advisory. Users are only affected if all of this is true: `HTTP2MultiplexCodec` or `Http2FrameCodec` is used, `Http2StreamFrameToHttpObjectCodec` is used to convert to HTTP/1.1 objects, and these HTTP/1.1 objects are forwarded to another remote peer. This has been patched in 4.1.60.Final As a workaround, the user can do the validation by themselves by implementing a custom `ChannelInboundHandler` that is put in the `ChannelPipeline` behind `Http2StreamFrameToHttpObjectCodec`.
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

CVSSv2:
  • Base Score: LOW (2.6)
  • Vector: /AV:N/AC:H/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (5.9)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2021-21409  

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.61.Final there is a vulnerability that enables request smuggling. The content-length header is not correctly validated if the request only uses a single Http2HeaderFrame with the endStream set to to true. This could lead to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. This is a followup of GHSA-wm47-8v5p-wjpj/CVE-2021-21295 which did miss to fix this one case. This was fixed as part of 4.1.61.Final.
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (5.9)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2022-24823  

Netty is an open-source, asynchronous event-driven network application framework. The package `io.netty:netty-codec-http` prior to version 4.1.77.Final contains an insufficient fix for CVE-2021-21290. When Netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. This only impacts applications running on Java version 6 and lower. Additionally, this vulnerability impacts code running on Unix-like systems, and very old versions of Mac OSX and Windows as they all share the system temporary directory between all users. Version 4.1.77.Final contains a patch for this vulnerability. As a workaround, specify one's own `java.io.tmpdir` when starting the JVM or use DefaultHttpDataFactory.setBaseDir(...) to set the directory to something that is only readable by the current user.
CWE-378 Creation of Temporary File With Insecure Permissions, CWE-379 Creation of Temporary File in Directory with Insecure Permissions, CWE-668 Exposure of Resource to Wrong Sphere

CVSSv2:
  • Base Score: LOW (1.9)
  • Vector: /AV:L/AC:M/Au:N/C:P/I:N/A:N
CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2024-29025 (OSSINDEX)  

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `HttpPostRequestDecoder` can be tricked to accumulate data. While the decoder can store items on the disk if configured so, there are no limits to the number of fields the form can have, an attacher can send a chunked post consisting of many small fields that will be accumulated in the `bodyListHttpData` list. The decoder cumulates bytes in the `undecodedChunk` buffer until it can decode a field, this field can cumulate data without limits. This vulnerability is fixed in 4.1.108.Final.

Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2024-29025 for details
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv2:
  • Base Score: MEDIUM (5.3)
  • Vector: /AV:N/AC:L/Au:/C:N/I:N/A:L

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:io.netty:netty-codec-http:4.1.59.Final:*:*:*:*:*:*:*

netty-codec-mqtt-4.1.59.Final.jar

Description:

Netty is an asynchronous event-driven network application framework for    rapid development of maintainable high performance protocol servers and    clients.

License:

https://www.apache.org/licenses/LICENSE-2.0
File Path: /var/simplicite/.m2/repository/io/netty/netty-codec-mqtt/4.1.59.Final/netty-codec-mqtt-4.1.59.Final.jar
MD5: 19100012fe39601c746da260a5b7222d
SHA1: 67fc273b306e2b14a83dd7d63cad86031d46c25a
SHA256:2df05770e36cd592db3e98858f858f87f2f3bc3e3d762c11986d99b1e68403c8
Referenced In Project/Scope: Simplicite Platform:compile
netty-codec-mqtt-4.1.59.Final.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

CVE-2021-37136  

The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack
CWE-400 Uncontrolled Resource Consumption

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2021-37137  

The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well. This vulnerability can be triggered by supplying malicious input that decompresses to a very big size (via a network stream or a file) or by sending a huge skippable chunk.
CWE-400 Uncontrolled Resource Consumption

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2022-41881  

Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version 4.1.86.Final. There is no workaround, except using a custom HaProxyMessageDecoder.
CWE-674 Uncontrolled Recursion

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

CVE-2023-44487  

CISA Known Exploited Vulnerability:
  • Product: IETF HTTP/2
  • Name: HTTP/2 Rapid Reset Attack Vulnerability
  • Date Added: 2023-10-10
  • Description: HTTP/2 contains a rapid reset vulnerability that allows for a distributed denial-of-service attack (DDoS).
  • Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Due Date: 2023-10-31
  • Notes: https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
CWE-400 Uncontrolled Resource Consumption

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2021-43797  

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Netty prior to version 4.1.71.Final skips control chars when they are present at the beginning / end of the header name. It should instead fail fast as these are not allowed by the spec and could lead to HTTP request smuggling. Failing to do the validation might cause netty to "sanitize" header names before it forward these to another remote system when used as proxy. This remote system can't see the invalid usage anymore, and therefore does not do the validation itself. Users should upgrade to version 4.1.71.Final.
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2023-34462  

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `SniHandler` can allocate up to 16MB of heap for each channel during the TLS handshake. When the handler or the channel does not have an idle timeout, it can be used to make a TCP server using the `SniHandler` to allocate 16MB of heap. The `SniHandler` class is a handler that waits for the TLS handshake to configure a `SslHandler` according to the indicated server name by the `ClientHello` record. For this matter it allocates a `ByteBuf` using the value defined in the `ClientHello` record. Normally the value of the packet should be smaller than the handshake packet but there are not checks done here and the way the code is written, it is possible to craft a packet that makes the `SslClientHelloHandler`. This vulnerability has been fixed in version 4.1.94.Final.
CWE-400 Uncontrolled Resource Consumption

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

CVE-2021-21295  

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.60.Final there is a vulnerability that enables request smuggling. If a Content-Length header is present in the original HTTP/2 request, the field is not validated by `Http2MultiplexHandler` as it is propagated up. This is fine as long as the request is not proxied through as HTTP/1.1. If the request comes in as an HTTP/2 stream, gets converted into the HTTP/1.1 domain objects (`HttpRequest`, `HttpContent`, etc.) via `Http2StreamFrameToHttpObjectCodec `and then sent up to the child channel's pipeline and proxied through a remote peer as HTTP/1.1 this may result in request smuggling. In a proxy case, users may assume the content-length is validated somehow, which is not the case. If the request is forwarded to a backend channel that is a HTTP/1.1 connection, the Content-Length now has meaning and needs to be checked. An attacker can smuggle requests inside the body as it gets downgraded from HTTP/2 to HTTP/1.1. For an example attack refer to the linked GitHub Advisory. Users are only affected if all of this is true: `HTTP2MultiplexCodec` or `Http2FrameCodec` is used, `Http2StreamFrameToHttpObjectCodec` is used to convert to HTTP/1.1 objects, and these HTTP/1.1 objects are forwarded to another remote peer. This has been patched in 4.1.60.Final As a workaround, the user can do the validation by themselves by implementing a custom `ChannelInboundHandler` that is put in the `ChannelPipeline` behind `Http2StreamFrameToHttpObjectCodec`.
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

CVSSv2:
  • Base Score: LOW (2.6)
  • Vector: /AV:N/AC:H/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (5.9)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2021-21409  

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.61.Final there is a vulnerability that enables request smuggling. The content-length header is not correctly validated if the request only uses a single Http2HeaderFrame with the endStream set to to true. This could lead to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. This is a followup of GHSA-wm47-8v5p-wjpj/CVE-2021-21295 which did miss to fix this one case. This was fixed as part of 4.1.61.Final.
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (5.9)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2022-24823  

Netty is an open-source, asynchronous event-driven network application framework. The package `io.netty:netty-codec-http` prior to version 4.1.77.Final contains an insufficient fix for CVE-2021-21290. When Netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. This only impacts applications running on Java version 6 and lower. Additionally, this vulnerability impacts code running on Unix-like systems, and very old versions of Mac OSX and Windows as they all share the system temporary directory between all users. Version 4.1.77.Final contains a patch for this vulnerability. As a workaround, specify one's own `java.io.tmpdir` when starting the JVM or use DefaultHttpDataFactory.setBaseDir(...) to set the directory to something that is only readable by the current user.
CWE-378 Creation of Temporary File With Insecure Permissions, CWE-379 Creation of Temporary File in Directory with Insecure Permissions, CWE-668 Exposure of Resource to Wrong Sphere

CVSSv2:
  • Base Score: LOW (1.9)
  • Vector: /AV:L/AC:M/Au:N/C:P/I:N/A:N
CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

netty-common-4.1.59.Final.jar (shaded: org.jctools:jctools-core:3.1.0)

Description:

Java Concurrency Tools Core Library

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/io/netty/netty-common/4.1.59.Final/netty-common-4.1.59.Final.jar/META-INF/maven/org.jctools/jctools-core/pom.xml
MD5: 08e7326c64d7fd6ae4ea32e7eb4e5b79
SHA1: 9deceaba814dea198202b04fe0eec0d2dbf69ea9
SHA256:acaf1b4c366f6794a734288a2c003f16af90a9c479cf4d7daade689764e4fb47
Referenced In Project/Scope: Simplicite Platform:compile

Identifiers

netty-transport-4.1.59.Final.jar

Description:

Netty is an asynchronous event-driven network application framework for    rapid development of maintainable high performance protocol servers and    clients.

License:

https://www.apache.org/licenses/LICENSE-2.0
File Path: /var/simplicite/.m2/repository/io/netty/netty-transport/4.1.59.Final/netty-transport-4.1.59.Final.jar
MD5: 106b6b5e9e73a22a77caae2f5afda8c4
SHA1: 864d20f35ce909e6a7462095cb8f91ee94d1cd4c
SHA256:59b7b84be412683a26cfaa4c85b01ff5c5aeb38f07baeabbd8ca98f6e8b0715e
Referenced In Project/Scope: Simplicite Platform:compile
netty-transport-4.1.59.Final.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

CVE-2021-37136  

The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack
CWE-400 Uncontrolled Resource Consumption

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2021-37137  

The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well. This vulnerability can be triggered by supplying malicious input that decompresses to a very big size (via a network stream or a file) or by sending a huge skippable chunk.
CWE-400 Uncontrolled Resource Consumption

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2022-41881  

Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version 4.1.86.Final. There is no workaround, except using a custom HaProxyMessageDecoder.
CWE-674 Uncontrolled Recursion

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

CVE-2023-44487  

CISA Known Exploited Vulnerability:
  • Product: IETF HTTP/2
  • Name: HTTP/2 Rapid Reset Attack Vulnerability
  • Date Added: 2023-10-10
  • Description: HTTP/2 contains a rapid reset vulnerability that allows for a distributed denial-of-service attack (DDoS).
  • Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Due Date: 2023-10-31
  • Notes: https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
CWE-400 Uncontrolled Resource Consumption

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2021-43797  

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Netty prior to version 4.1.71.Final skips control chars when they are present at the beginning / end of the header name. It should instead fail fast as these are not allowed by the spec and could lead to HTTP request smuggling. Failing to do the validation might cause netty to "sanitize" header names before it forward these to another remote system when used as proxy. This remote system can't see the invalid usage anymore, and therefore does not do the validation itself. Users should upgrade to version 4.1.71.Final.
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2023-34462  

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `SniHandler` can allocate up to 16MB of heap for each channel during the TLS handshake. When the handler or the channel does not have an idle timeout, it can be used to make a TCP server using the `SniHandler` to allocate 16MB of heap. The `SniHandler` class is a handler that waits for the TLS handshake to configure a `SslHandler` according to the indicated server name by the `ClientHello` record. For this matter it allocates a `ByteBuf` using the value defined in the `ClientHello` record. Normally the value of the packet should be smaller than the handshake packet but there are not checks done here and the way the code is written, it is possible to craft a packet that makes the `SslClientHelloHandler`. This vulnerability has been fixed in version 4.1.94.Final.
CWE-400 Uncontrolled Resource Consumption

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

CVE-2021-21295  

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.60.Final there is a vulnerability that enables request smuggling. If a Content-Length header is present in the original HTTP/2 request, the field is not validated by `Http2MultiplexHandler` as it is propagated up. This is fine as long as the request is not proxied through as HTTP/1.1. If the request comes in as an HTTP/2 stream, gets converted into the HTTP/1.1 domain objects (`HttpRequest`, `HttpContent`, etc.) via `Http2StreamFrameToHttpObjectCodec `and then sent up to the child channel's pipeline and proxied through a remote peer as HTTP/1.1 this may result in request smuggling. In a proxy case, users may assume the content-length is validated somehow, which is not the case. If the request is forwarded to a backend channel that is a HTTP/1.1 connection, the Content-Length now has meaning and needs to be checked. An attacker can smuggle requests inside the body as it gets downgraded from HTTP/2 to HTTP/1.1. For an example attack refer to the linked GitHub Advisory. Users are only affected if all of this is true: `HTTP2MultiplexCodec` or `Http2FrameCodec` is used, `Http2StreamFrameToHttpObjectCodec` is used to convert to HTTP/1.1 objects, and these HTTP/1.1 objects are forwarded to another remote peer. This has been patched in 4.1.60.Final As a workaround, the user can do the validation by themselves by implementing a custom `ChannelInboundHandler` that is put in the `ChannelPipeline` behind `Http2StreamFrameToHttpObjectCodec`.
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

CVSSv2:
  • Base Score: LOW (2.6)
  • Vector: /AV:N/AC:H/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (5.9)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2021-21409  

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.61.Final there is a vulnerability that enables request smuggling. The content-length header is not correctly validated if the request only uses a single Http2HeaderFrame with the endStream set to to true. This could lead to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. This is a followup of GHSA-wm47-8v5p-wjpj/CVE-2021-21295 which did miss to fix this one case. This was fixed as part of 4.1.61.Final.
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (5.9)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2022-24823  

Netty is an open-source, asynchronous event-driven network application framework. The package `io.netty:netty-codec-http` prior to version 4.1.77.Final contains an insufficient fix for CVE-2021-21290. When Netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. This only impacts applications running on Java version 6 and lower. Additionally, this vulnerability impacts code running on Unix-like systems, and very old versions of Mac OSX and Windows as they all share the system temporary directory between all users. Version 4.1.77.Final contains a patch for this vulnerability. As a workaround, specify one's own `java.io.tmpdir` when starting the JVM or use DefaultHttpDataFactory.setBaseDir(...) to set the directory to something that is only readable by the current user.
CWE-378 Creation of Temporary File With Insecure Permissions, CWE-379 Creation of Temporary File in Directory with Insecure Permissions, CWE-668 Exposure of Resource to Wrong Sphere

CVSSv2:
  • Base Score: LOW (1.9)
  • Vector: /AV:L/AC:M/Au:N/C:P/I:N/A:N
CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

netty-transport-native-kqueue-4.1.65.Final-osx-x86_64.jar

Description:

Netty is an asynchronous event-driven network application framework for    rapid development of maintainable high performance protocol servers and    clients.

License:

https://www.apache.org/licenses/LICENSE-2.0
File Path: /var/simplicite/.m2/repository/io/netty/netty-transport-native-kqueue/4.1.65.Final/netty-transport-native-kqueue-4.1.65.Final-osx-x86_64.jar
MD5: 9e3e10aecd5534c7f1c0fece085e11e9
SHA1: 502a18402e38131c669840363ad50fe60a899d0d
SHA256:73a15a9312b591b585da4063f88b2cea6b470008879e647704d83b28a0fb062e
Referenced In Project/Scope: Simplicite Platform:compile
netty-transport-native-kqueue-4.1.65.Final-osx-x86_64.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.qpid/qpid-jms-client@1.1.0

Identifiers

CVE-2021-37136  

The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack
CWE-400 Uncontrolled Resource Consumption

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2021-37137  

The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well. This vulnerability can be triggered by supplying malicious input that decompresses to a very big size (via a network stream or a file) or by sending a huge skippable chunk.
CWE-400 Uncontrolled Resource Consumption

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2022-41881  

Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version 4.1.86.Final. There is no workaround, except using a custom HaProxyMessageDecoder.
CWE-674 Uncontrolled Recursion

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

CVE-2023-44487  

CISA Known Exploited Vulnerability:
  • Product: IETF HTTP/2
  • Name: HTTP/2 Rapid Reset Attack Vulnerability
  • Date Added: 2023-10-10
  • Description: HTTP/2 contains a rapid reset vulnerability that allows for a distributed denial-of-service attack (DDoS).
  • Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Due Date: 2023-10-31
  • Notes: https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
CWE-400 Uncontrolled Resource Consumption

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2021-43797  

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Netty prior to version 4.1.71.Final skips control chars when they are present at the beginning / end of the header name. It should instead fail fast as these are not allowed by the spec and could lead to HTTP request smuggling. Failing to do the validation might cause netty to "sanitize" header names before it forward these to another remote system when used as proxy. This remote system can't see the invalid usage anymore, and therefore does not do the validation itself. Users should upgrade to version 4.1.71.Final.
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2023-34462  

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `SniHandler` can allocate up to 16MB of heap for each channel during the TLS handshake. When the handler or the channel does not have an idle timeout, it can be used to make a TCP server using the `SniHandler` to allocate 16MB of heap. The `SniHandler` class is a handler that waits for the TLS handshake to configure a `SslHandler` according to the indicated server name by the `ClientHello` record. For this matter it allocates a `ByteBuf` using the value defined in the `ClientHello` record. Normally the value of the packet should be smaller than the handshake packet but there are not checks done here and the way the code is written, it is possible to craft a packet that makes the `SslClientHelloHandler`. This vulnerability has been fixed in version 4.1.94.Final.
CWE-400 Uncontrolled Resource Consumption

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

CVE-2022-24823  

Netty is an open-source, asynchronous event-driven network application framework. The package `io.netty:netty-codec-http` prior to version 4.1.77.Final contains an insufficient fix for CVE-2021-21290. When Netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. This only impacts applications running on Java version 6 and lower. Additionally, this vulnerability impacts code running on Unix-like systems, and very old versions of Mac OSX and Windows as they all share the system temporary directory between all users. Version 4.1.77.Final contains a patch for this vulnerability. As a workaround, specify one's own `java.io.tmpdir` when starting the JVM or use DefaultHttpDataFactory.setBaseDir(...) to set the directory to something that is only readable by the current user.
CWE-378 Creation of Temporary File With Insecure Permissions, CWE-379 Creation of Temporary File in Directory with Insecure Permissions, CWE-668 Exposure of Resource to Wrong Sphere

CVSSv2:
  • Base Score: LOW (1.9)
  • Vector: /AV:L/AC:M/Au:N/C:P/I:N/A:N
CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

no-case:3.0.4

Description:

Transform into a lower cased string with spaces between words

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?sentence-case:3.0.4/no-case:^3.0.4

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/sentence-case:3.0.4
  • simplicite-js:5.2.54

Identifiers

node-emoji:1.11.0

Description:

simple emoji support for node.js projects

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?npm-check:6.0.1/node-emoji:^1.10.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/npm-check:6.0.1
  • simplicite-js:5.2.54

Identifiers

node-environment-flags:1.0.6

License:

Apache-2.0
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/node-environment-flags:1.0.6

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/node:7.23.9
  • simplicite-js:5.2.54

Identifiers

node-gyp:9.4.0

Description:

Node.js native addon build tool

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/node-gyp:9.4.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@npmcli/run-script:6.0.2
  • simplicite-js:5.2.54

Identifiers

node-releases:2.0.14

Description:

Node.js releases data

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/node-releases:2.0.14

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/browserslist:4.22.3
  • simplicite-js:5.2.54

Identifiers

nopt:5.0.0

Description:

Option parsing for Node, supporting types, shorthands, etc. Used by npm.

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/nopt:5.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/js-beautify:1.14.0
  • simplicite-js:5.2.54

Identifiers

nopt:6.0.0

Description:

Option parsing for Node, supporting types, shorthands, etc. Used by npm.

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/nopt:6.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/node-gyp:9.4.0
  • simplicite-js:5.2.54

Identifiers

normalize-package-data:2.5.0

Description:

Normalizes data that can be found in package.json files.

License:

BSD-2-Clause
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/normalize-package-data:2.5.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/read-pkg:5.2.0
  • simplicite-js:5.2.54

Identifiers

normalize-package-data:3.0.3

Description:

Normalizes data that can be found in package.json files.

License:

BSD-2-Clause
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/normalize-package-data:3.0.3

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/meow:9.0.0
  • simplicite-js:5.2.54

Identifiers

normalize-package-data:5.0.0

Description:

Normalizes data that can be found in package.json files.

License:

BSD-2-Clause
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/normalize-package-data:5.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/read-package-json:6.0.4
  • simplicite-js:5.2.54

Identifiers

normalize-path:3.0.0

Description:

Normalize slashes in a file path to be posix/unix-like forward slashes. Also condenses repeat slashes to a single slash and removes and trailing slashes, unless disabled.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?stylelint:14.16.1/normalize-path:^3.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/anymatch:3.1.3
  • simplicite-js:5.2.54/stylelint:14.16.1
  • simplicite-js:5.2.54/chokidar:3.5.3
  • simplicite-js:5.2.54

Identifiers

normalize-url:4.5.1

Description:

Normalize a URL

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/normalize-url:4.5.1

Referenced In Project/Scope: simplicite-js:5.2.54

Identifiers

normalize-url:8.0.0

Description:

Normalize a URL

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/normalize-url:8.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/cacheable-request:6.1.0
  • simplicite-js:5.2.54/cacheable-request:10.2.12
  • simplicite-js:5.2.54

Identifiers

npm-audit-html:1.5.0

Description:

Generate a HTML report for NPM Audit

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/npm-audit-html:1.5.0

Referenced In Project/Scope: simplicite-js:5.2.54

Identifiers

npm-bundled:3.0.0

Description:

list things in node_modules that are bundledDependencies, or transitive dependencies thereof

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/npm-bundled:3.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@npmcli/installed-package-contents:2.0.2
  • simplicite-js:5.2.54

Identifiers

npm-check-updates:16.14.14

Description:

Find newer versions of dependencies than what your package.json allows

License:

Apache-2.0
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/npm-check-updates:16.14.14

Referenced In Project/Scope: simplicite-js:5.2.54

Identifiers

npm-check:6.0.1

Description:

Check for outdated, incorrect, and unused dependencies.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/npm-check:6.0.1

Referenced In Project/Scope: simplicite-js:5.2.54

Identifiers

npm-install-checks:6.1.1

Description:

Check the engines and platform fields in package.json

License:

BSD-2-Clause
File Path: /var/simplicite/simplicite-5.2/package-lock.json?npm-pick-manifest:8.0.2/npm-install-checks:^6.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/npm-pick-manifest:8.0.2

Identifiers

npm-normalize-package-bin:3.0.1

Description:

Turn any flavor of allowable package.json bin into a normalized object

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?read-package-json-fast:3.0.2/npm-normalize-package-bin:^3.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/read-package-json:6.0.4
  • simplicite-js:5.2.54/@npmcli/installed-package-contents:2.0.2
  • simplicite-js:5.2.54/read-package-json-fast:3.0.2
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/npm-bundled:3.0.0
  • simplicite-js:5.2.54/npm-pick-manifest:8.0.2

Identifiers

npm-package-arg:10.1.0

Description:

Parse the things that can be arguments to `npm install`

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?pacote:15.2.0/npm-package-arg:^10.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/npm-registry-fetch:14.0.5
  • simplicite-js:5.2.54/pacote:15.2.0
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/npm-pick-manifest:8.0.2

Identifiers

npm-packlist:7.0.4

Description:

Get a list of the files to add from a folder into an npm package

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?pacote:15.2.0/npm-packlist:^7.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/pacote:15.2.0
  • simplicite-js:5.2.54

Identifiers

npm-pick-manifest:8.0.2

Description:

Resolves a matching manifest from a package metadata document according to standard npm semver resolution rules.

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?pacote:15.2.0/npm-pick-manifest:^8.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/pacote:15.2.0
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/@npmcli/git:4.1.0

Identifiers

npm-registry-fetch:14.0.5

Description:

Fetch-based http client for use with npm registry APIs

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?pacote:15.2.0/npm-registry-fetch:^14.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/pacote:15.2.0
  • simplicite-js:5.2.54

Identifiers

npm-run-path:4.0.1

Description:

Get your PATH prepended with locally installed binaries

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/npm-run-path:4.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/execa:5.1.1
  • simplicite-js:5.2.54

Identifiers

npmlog:6.0.2

Description:

logger for npm

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/npmlog:6.0.2

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/node-gyp:9.4.0
  • simplicite-js:5.2.54

Identifiers

numeral:2.0.6

Description:

Format and manipulate numbers.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/numeral:2.0.6

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/npm-audit-html:1.5.0
  • simplicite-js:5.2.54

Identifiers

object-inspect:1.12.3

Description:

string representations of objects in node and the browser

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?side-channel:1.0.4/object-inspect:^1.9.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/es-abstract:1.21.2
  • simplicite-js:5.2.54/side-channel:1.0.4
  • simplicite-js:5.2.54

Identifiers

object-keys:1.1.1

Description:

An Object.keys replacement, in case Object.keys is not available. From https://github.com/es-shims/es5-shim

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?object.assign:4.1.4/object-keys:^1.1.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/es-abstract:1.21.2
  • simplicite-js:5.2.54/define-properties:1.2.0
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/object.assign:4.1.4

Identifiers

object.assign:4.1.4

Description:

ES6 spec-compliant Object.assign shim. From https://github.com/es-shims/es6-shim

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/object.assign:4.1.4

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/es-abstract:1.21.2
  • simplicite-js:5.2.54

Identifiers

object.getownpropertydescriptors:2.1.6

Description:

ES2017 spec-compliant shim for `Object.getOwnPropertyDescriptors` that works in ES5.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/object.getownpropertydescriptors:2.1.6

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/node-environment-flags:1.0.6
  • simplicite-js:5.2.54

Identifiers

objenesis-3.2.jar

Description:

A library for instantiating Java objects

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/objenesis/objenesis/3.2/objenesis-3.2.jar
MD5: 5c1ee20481a06561af295034ea89c4b4
SHA1: 7fadf57620c8b8abdf7519533e5527367cb51f09
SHA256:03d960bd5aef03c653eb000413ada15eb77cdd2b8e4448886edf5692805e35f3
Referenced In Project/Scope: Simplicite Platform:runtime
objenesis-3.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.mockito/mockito-core@4.5.1

Identifiers

ojdbc8-23.2.0.0.jar

Description:

 Oracle JDBC Driver compatible with JDK8, JDK11, JDK12, JDK13, JDK14 and JDK15

License:

Oracle Free Use Terms and Conditions (FUTC): https://www.oracle.com/downloads/licenses/oracle-free-license.html
File Path: /var/simplicite/.m2/repository/com/oracle/database/jdbc/ojdbc8/23.2.0.0/ojdbc8-23.2.0.0.jar
MD5: 26b4d74defb08bc6b2c4cfb70ee8a00b
SHA1: 49acfb33ee776e43d2085e2fcc838778202a9128
SHA256:233c0e33ab58e516d7c91d5cef6bf6272fa518e4ea29e9123cc8fe8a70ea39c9
Referenced In Project/Scope: Simplicite Platform:runtime
ojdbc8-23.2.0.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

okhttp-2.7.5.jar

File Path: /var/simplicite/.m2/repository/com/squareup/okhttp/okhttp/2.7.5/okhttp-2.7.5.jar
MD5: 1943a0ecbb1c503874c8c483284377e4
SHA1: 7a15a7db50f86c4b64aa3367424a60e3a325b8f1
SHA256:88ac9fd1bb51f82bcc664cc1eb9c225c90dc4389d660231b4cc737bebfe7d0aa
Referenced In Project/Scope: Simplicite Platform:compile
okhttp-2.7.5.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.commons/commons-vfs2@2.9.0

Identifiers

CVE-2021-0341 (OSSINDEX)  

In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-171980069
CWE-295 Improper Certificate Validation

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:/C:H/I:N/A:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:com.squareup.okhttp:okhttp:2.7.5:*:*:*:*:*:*:*

CVE-2023-0833  

A flaw was found in Red Hat's AMQ-Streams, which ships a version of the OKHttp component with an information disclosure flaw via an exception triggered by a header containing an illegal value. This issue could allow an authenticated attacker to access information outside of their regular permissions.
CWE-209 Generation of Error Message Containing Sensitive Information

CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

okio-1.6.0.jar

File Path: /var/simplicite/.m2/repository/com/squareup/okio/okio/1.6.0/okio-1.6.0.jar
MD5: 164d1c28c323cf6e2a917d60374c5718
SHA1: 98476622f10715998eacf9240d6b479f12c66143
SHA256:114bdc1f47338a68bcbc95abf2f5cdc72beeec91812f2fcd7b521c1937876266
Referenced In Project/Scope: Simplicite Platform:compile
okio-1.6.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.commons/commons-vfs2@2.9.0

Identifiers

CVE-2023-3635  

GzipSource does not handle an exception that might be raised when parsing a malformed gzip buffer. This may lead to denial of service of the Okio client when handling a crafted GZIP archive, by using the GzipSource class.
CWE-681 Incorrect Conversion between Numeric Types

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

once:1.4.0

Description:

Run a function exactly one time

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?pump:3.0.0/once:^1.3.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/glob:7.2.3
  • simplicite-js:5.2.54/inflight:1.0.6
  • simplicite-js:5.2.54/end-of-stream:1.4.4
  • simplicite-js:5.2.54/pump:3.0.0
  • simplicite-js:5.2.54

Identifiers

onetime:5.1.2

Description:

Ensure a function is only called once

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?restore-cursor:3.1.0/onetime:^5.1.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/restore-cursor:3.1.0
  • simplicite-js:5.2.54/execa:5.1.1
  • simplicite-js:5.2.54

Identifiers

open:7.4.2

Description:

Open stuff like URLs, files, executables. Cross-platform.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/open:7.4.2

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/npm-audit-html:1.5.0
  • simplicite-js:5.2.54

Identifiers

openhtmltopdf-core-1.0.10.jar

Description:

Open HTML to PDF is a CSS 2.1 renderer written in Java.  This artifact contains the core rendering and layout code.

License:

GNU Lesser General Public License (LGPL), version 2.1 or later: http://www.gnu.org/licenses/lgpl.html
File Path: /var/simplicite/.m2/repository/com/openhtmltopdf/openhtmltopdf-core/1.0.10/openhtmltopdf-core-1.0.10.jar
MD5: 3a71c751b039576e64db702941185600
SHA1: cab5dcb31834bd86ffb1b1f82811a37fcea63cd2
SHA256:3e6fd2250d833d500b7cd48b7a896700d0c33bd9f77a219e820493b01566eda3
Referenced In Project/Scope: Simplicite Platform:compile
openhtmltopdf-core-1.0.10.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.openhtmltopdf/openhtmltopdf-pdfbox@1.0.10

Identifiers

openhtmltopdf-pdfbox-1.0.10.jar

Description:

Openhtmltopdf is a CSS 2.1 renderer written in Java. This artifact supports PDF output with Apache PDF-BOX 2.

License:

GNU Lesser General Public License (LGPL), version 2.1 or later: http://www.gnu.org/licenses/lgpl.html
File Path: /var/simplicite/.m2/repository/com/openhtmltopdf/openhtmltopdf-pdfbox/1.0.10/openhtmltopdf-pdfbox-1.0.10.jar
MD5: 1a0db19be8e308ae5326833e7e08b674
SHA1: 4041442fda47e760985cea8005d51a830031420f
SHA256:7de90df1b3ecf84e6f0daf808d724c11142007a2f22bff1936479bf17251d31a
Referenced In Project/Scope: Simplicite Platform:compile
openhtmltopdf-pdfbox-1.0.10.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

optionator:0.9.3

Description:

option parsing and help generation

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/optionator:0.9.3

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/eslint:8.56.0
  • simplicite-js:5.2.54

Identifiers

ora:5.4.1

Description:

Elegant terminal spinner

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/ora:5.4.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/npm-check:6.0.1
  • simplicite-js:5.2.54

Identifiers

org.apache.oltu.oauth2.client-1.0.2.jar

Description:

Apache Oltu is an OAuth protocol implementation in Java.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/oltu/oauth2/org.apache.oltu.oauth2.client/1.0.2/org.apache.oltu.oauth2.client-1.0.2.jar
MD5: 433638a5fab67c3a8f111d58c1fec0a0
SHA1: b34e09d1cb84c4b63cedb65c5346ac44eecc22c5
SHA256:ebbe0095c829ecbbb29b5ab572277ff11b9e3969114e6f1bac5d23a8c97e7708
Referenced In Project/Scope: Simplicite Platform:compile
org.apache.oltu.oauth2.client-1.0.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

org.apache.oltu.oauth2.common-1.0.2.jar

Description:

OAuth 2.0 library - Common

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/oltu/oauth2/org.apache.oltu.oauth2.common/1.0.2/org.apache.oltu.oauth2.common-1.0.2.jar
MD5: 48d5e8f17d2f292b32788d2b98b1aebd
SHA1: a82fff95276f4c6feadc7993670e659076e43260
SHA256:5e7ce01db88b361543e75644269c9447a059a5fecc23a15f3546eff8680ec968
Referenced In Project/Scope: Simplicite Platform:compile
org.apache.oltu.oauth2.common-1.0.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.oltu.oauth2/org.apache.oltu.oauth2.client@1.0.2

Identifiers

org.eclipse.jgit.http.server-6.1.0.202203080745-r.jar

Description:

    Git aware HTTP server implementation.

File Path: /var/simplicite/.m2/repository/org/eclipse/jgit/org.eclipse.jgit.http.server/6.1.0.202203080745-r/org.eclipse.jgit.http.server-6.1.0.202203080745-r.jar
MD5: e98293841bce4f122bca2b0cf2e78fa0
SHA1: 8c61b038cc12c78da107701e6a443bb9a88aa8ad
SHA256:c206f4eba35dba8aaa76a26fd19ae7dbcb4b2cd862cfb7b12c95cd0150a36449
Referenced In Project/Scope: Simplicite Platform:compile
org.eclipse.jgit.http.server-6.1.0.202203080745-r.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

CVE-2023-4759  

Arbitrary File Overwrite in Eclipse JGit <= 6.6.0

In Eclipse JGit, all versions <= 6.6.0.202305301015-r, a symbolic link present in a specially crafted git repository can be used to write a file to locations outside the working tree when this repository is cloned with JGit to a case-insensitive filesystem, or when a checkout from a clone of such a repository is performed on a case-insensitive filesystem.

This can happen on checkout (DirCacheCheckout), merge (ResolveMerger via its WorkingTreeUpdater), pull (PullCommand using merge), and when applying a patch (PatchApplier). This can be exploited for remote code execution (RCE), for instance if the file written outside the working tree is a git filter that gets executed on a subsequent git command.

The issue occurs only on case-insensitive filesystems, like the default filesystems on Windows and macOS. The user performing the clone or checkout must have the rights to create symbolic links for the problem to occur, and symbolic links must be enabled in the git configuration.

Setting git configuration option core.symlinks = false before checking out avoids the problem.

The issue was fixed in Eclipse JGit version 6.6.1.202309021850-r and 6.7.0.202309050840-r, available via  Maven Central https://repo1.maven.org/maven2/org/eclipse/jgit/  and  repo.eclipse.org https://repo.eclipse.org/content/repositories/jgit-releases/ . A backport is available in 5.13.3 starting from  5.13.3.202401111512-r.


The JGit maintainers would like to thank RyotaK for finding and reporting this issue.
CWE-59 Improper Link Resolution Before File Access ('Link Following'), CWE-178 Improper Handling of Case Sensitivity

CVSSv3:
  • Base Score: HIGH (8.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

org.eclipse.paho.client.mqttv3-1.2.5.jar

File Path: /var/simplicite/.m2/repository/org/eclipse/paho/org.eclipse.paho.client.mqttv3/1.2.5/org.eclipse.paho.client.mqttv3-1.2.5.jar
MD5: eb09d20835460ad2de7b6d46e77ad113
SHA1: 1546cfc794449c39ad569853843a930104fdc297
SHA256:59914287adac506a28d5e8172eed262a22605f3df4d426b9d92f41dae2448185
Referenced In Project/Scope: Simplicite Platform:compile
org.eclipse.paho.client.mqttv3-1.2.5.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

os-tmpdir:1.0.2

Description:

Node.js os.tmpdir() ponyfill

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?tmp:0.0.33/os-tmpdir:~1.0.2

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/tmp:0.0.33
  • simplicite-js:5.2.54

Identifiers

p-cancelable:1.1.0

Description:

Create a promise that can be canceled

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/p-cancelable:1.1.0

Referenced In Project/Scope: simplicite-js:5.2.54

Identifiers

p-cancelable:3.0.0

Description:

Create a promise that can be canceled

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/p-cancelable:3.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/got:12.6.1
  • simplicite-js:5.2.54/got:9.6.0
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/got:13.0.0

Identifiers

p-limit:3.1.0

Description:

Run multiple promise-returning & async functions with limited concurrency

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?p-locate:5.0.0/p-limit:^3.0.2

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/p-locate:3.0.0
  • simplicite-js:5.2.54/p-locate:5.0.0
  • simplicite-js:5.2.54/p-locate:4.1.0
  • simplicite-js:5.2.54

Identifiers

p-locate:3.0.0

Description:

Get the first fulfilled promise that satisfies the provided testing function

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/p-locate:3.0.0

Referenced In Project/Scope: simplicite-js:5.2.54

Identifiers

p-locate:4.1.0

Description:

Get the first fulfilled promise that satisfies the provided testing function

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/p-locate:4.1.0

Referenced In Project/Scope: simplicite-js:5.2.54

Identifiers

p-locate:5.0.0

Description:

Get the first fulfilled promise that satisfies the provided testing function

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/p-locate:5.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/locate-path:5.0.0
  • simplicite-js:5.2.54/locate-path:6.0.0
  • simplicite-js:5.2.54/locate-path:3.0.0
  • simplicite-js:5.2.54

Identifiers

p-map:4.0.0

Description:

Map over promises concurrently

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/p-map:4.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/cacache:17.1.3
  • simplicite-js:5.2.54/npm-check-updates:16.14.14
  • simplicite-js:5.2.54

Identifiers

p-try:2.2.0

Description:

`Start a promise chain

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?p-limit:2.3.0/p-try:^2.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/p-limit:2.3.0
  • simplicite-js:5.2.54

Identifiers

package-json:6.5.0

Description:

Get metadata of a package from the npm registry

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/package-json:6.5.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/latest-version:7.0.0
  • simplicite-js:5.2.54/npm-check:6.0.1
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/latest-version:5.1.0

Identifiers

package-json:8.1.1

Description:

Get metadata of a package from the npm registry

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/package-json:8.1.1

Referenced In Project/Scope: simplicite-js:5.2.54

Identifiers

pacote:15.2.0

Description:

JavaScript package downloader

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/pacote:15.2.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/npm-check-updates:16.14.14
  • simplicite-js:5.2.54

Identifiers

pako:1.0.11

Description:

zlib port to javascript - fast, modularized, with browser support

License:

(MIT AND Zlib)
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/pako:1.0.11

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/jszip:3.7.1

Identifiers

parent-module:1.0.1

Description:

Get the path of the parent module

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/parent-module:1.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/import-fresh:3.3.0
  • simplicite-js:5.2.54

Identifiers

parse-github-url:1.0.2

Description:

Parse a github URL into an object.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/parse-github-url:1.0.2

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/npm-check-updates:16.14.14
  • simplicite-js:5.2.54

Identifiers

parse-json:5.2.0

Description:

Parse JSON with more helpful errors

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?read-pkg:5.2.0/parse-json:^5.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/read-pkg:5.2.0
  • simplicite-js:5.2.54/cosmiconfig:7.1.0
  • simplicite-js:5.2.54

Identifiers

  • pkg:npm/parse-json@5.2.0  (Confidence:Highest)
  • cpe:2.3:a:parsejson_project:parsejson:5.2.0:*:*:*:*:*:*:*  (Confidence:Low)  

parse-passwd:1.0.0

Description:

Parse a passwd file into a list of users.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/parse-passwd:1.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/homedir-polyfill:1.0.3
  • simplicite-js:5.2.54

Identifiers

path-exists:3.0.0

Description:

Check if a path exists

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/path-exists:3.0.0

Referenced In Project/Scope: simplicite-js:5.2.54

Identifiers

path-exists:4.0.0

Description:

Check if a path exists

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?which-pm:2.0.0/path-exists:^4.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/find-up:4.1.0
  • simplicite-js:5.2.54/npm-check:6.0.1
  • simplicite-js:5.2.54/find-up:5.0.0
  • simplicite-js:5.2.54/preferred-pm:3.0.3
  • simplicite-js:5.2.54/locate-path:3.0.0
  • simplicite-js:5.2.54/which-pm:2.0.0
  • simplicite-js:5.2.54

Identifiers

path-is-absolute:1.0.1

Description:

Node.js 0.12 path.isAbsolute() ponyfill

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/path-is-absolute:1.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/glob:7.2.3
  • simplicite-js:5.2.54

Identifiers

path-key:3.1.1

Description:

Get the PATH environment variable key cross-platform

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/path-key:3.1.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/npm-run-path:4.0.1
  • simplicite-js:5.2.54/cross-spawn:7.0.3
  • simplicite-js:5.2.54

Identifiers

path-parse:1.0.7

Description:

Node.js path.parse() ponyfill

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?resolve:1.22.2/path-parse:^1.0.7

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/resolve:1.22.2

Identifiers

path-scurry:1.10.1

Description:

walk paths fast and efficiently

License:

BlueOak-1.0.0
File Path: /var/simplicite/simplicite-5.2/package-lock.json?glob:10.3.3/path-scurry:^1.10.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/glob:10.3.10
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/glob:10.3.3

Identifiers

path-type:4.0.0

Description:

Check if a path is a file, directory, or symlink

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/path-type:4.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/dir-glob:3.0.1
  • simplicite-js:5.2.54/cosmiconfig:7.1.0
  • simplicite-js:5.2.54

Identifiers

pdfbox-2.0.23.jar

Description:

        The Apache PDFBox library is an open source Java tool for working with PDF documents.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/pdfbox/pdfbox/2.0.23/pdfbox-2.0.23.jar
MD5: 6b71c42c567d419f068f46f410dcc3a5
SHA1: b89643d162c4e30b4fe39cfa265546cc506d4d18
SHA256:d465edb2a805ec69dd7425d4e26968cfb23b471d885f475e0e6154744e3387a7
Referenced In Project/Scope: Simplicite Platform:compile
pdfbox-2.0.23.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

CVE-2021-31811  

In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2021-31812  

In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

picocolors:1.0.0

Description:

The tiniest and the fastest library for terminal output formatting with ANSI colors

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?update-browserslist-db:1.0.13/picocolors:^1.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/postcss:8.4.24
  • simplicite-js:5.2.54/stylelint:14.16.1
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/update-browserslist-db:1.0.13

Identifiers

picomatch:2.3.1

Description:

Blazing fast and accurate glob matcher written in JavaScript, with no dependencies and full support for standard and extended Bash glob features, including braces, extglobs, POSIX brackets, and regular expressions.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?readdirp:3.6.0/picomatch:^2.2.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/anymatch:3.1.3
  • simplicite-js:5.2.54/readdirp:3.6.0
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/micromatch:4.0.5

Identifiers

pify:4.0.1

Description:

Promisify a callback-style function

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/pify:4.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/load-yaml-file:0.2.0
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/make-dir:2.1.0

Identifiers

pinkie-promise:2.0.1

Description:

ES2015 Promise ponyfill

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/pinkie-promise:2.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/callsite-record:4.1.5
  • simplicite-js:5.2.54

Identifiers

pinkie:2.0.4

Description:

Itty bitty little widdle twinkie pinkie ES2015 Promise implementation

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?pinkie-promise:2.0.1/pinkie:^2.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/pinkie-promise:2.0.1
  • simplicite-js:5.2.54

Identifiers

pirates:4.0.6

Description:

Properly hijack require, i.e., properly define require hooks and customizations

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/pirates:4.0.6

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/@babel/register:7.23.7

Identifiers

pkg-dir:3.0.0

Description:

Find the root directory of a Node.js project or npm package

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/pkg-dir:3.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/find-cache-dir:2.1.0
  • simplicite-js:5.2.54

Identifiers

pkg-dir:4.2.0

Description:

Find the root directory of a Node.js project or npm package

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/pkg-dir:4.2.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/find-yarn-workspace-root2:1.2.16
  • simplicite-js:5.2.54

Identifiers

pkg-dir:5.0.0

Description:

Find the root directory of a Node.js project or npm package

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/pkg-dir:5.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/npm-check:6.0.1
  • simplicite-js:5.2.54

Identifiers

please-upgrade-node:3.2.0

Description:

Displays a beginner-friendly message telling your user to upgrade their version of Node

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/please-upgrade-node:3.2.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/depcheck:1.4.3

Identifiers

poi-4.1.2.jar

Description:

Apache POI - Java API To Access Microsoft Format Files

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/poi/poi/4.1.2/poi-4.1.2.jar
MD5: e9a7c049c62c41c70354669bcd448212
SHA1: 964bf41cf68bce08e4ef6b2279b559fdf8d454f4
SHA256:ab1612406541968434044b2defad58aa8b657cad073baa22a04faaf9d7fb9d1c
Referenced In Project/Scope: Simplicite Platform:compile
poi-4.1.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

CVE-2022-26336  

A shortcoming in the HMEF package of poi-scratchpad (Apache POI) allows an attacker to cause an Out of Memory exception. This package is used to read TNEF files (Microsoft Outlook and Microsoft Exchange Server). If an application uses poi-scratchpad to parse TNEF files and the application allows untrusted users to supply them, then a carefully crafted file can cause an Out of Memory exception. This issue affects poi-scratchpad version 5.2.0 and prior versions. Users are recommended to upgrade to poi-scratchpad 5.2.1.
CWE-20 Improper Input Validation, CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

popper.js:1.16.1

Description:

A kickass library to manage your poppers

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/popper.js:1.16.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/bootbox:5.5.2
  • simplicite-js:5.2.54

Identifiers

postcss-less:6.0.0

Description:

LESS parser for PostCSS

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/postcss-less:6.0.0

Referenced In Project/Scope: simplicite-js:5.2.54

Identifiers

postcss-media-query-parser:0.2.3

Description:

A tool for parsing media query lists.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?stylelint:14.16.1/postcss-media-query-parser:^0.2.3

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/stylelint:14.16.1
  • simplicite-js:5.2.54

Identifiers

postcss-resolve-nested-selector:0.1.1

Description:

Resolve a nested selector in a PostCSS AST

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?stylelint:14.16.1/postcss-resolve-nested-selector:^0.1.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/stylelint:14.16.1
  • simplicite-js:5.2.54

Identifiers

postcss-safe-parser:6.0.0

Description:

Fault-tolerant CSS parser for PostCSS

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?stylelint:14.16.1/postcss-safe-parser:^6.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/stylelint:14.16.1
  • simplicite-js:5.2.54

Identifiers

postcss-selector-parser:6.0.13

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?stylelint:14.16.1/postcss-selector-parser:^6.0.11

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/stylelint:14.16.1
  • simplicite-js:5.2.54

Identifiers

postcss-value-parser:4.2.0

Description:

Transforms css values and at-rule params into the tree

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?stylelint:14.16.1/postcss-value-parser:^4.2.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/stylelint:14.16.1
  • simplicite-js:5.2.54

Identifiers

postcss:8.4.24

Description:

Tool for transforming styles with JS plugins

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?stylelint:14.16.1/postcss:^8.4.19

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@vue/compiler-sfc:3.3.4
  • simplicite-js:5.2.54/stylelint:14.16.1
  • simplicite-js:5.2.54

Identifiers

CVE-2023-44270  

An issue was discovered in PostCSS before 8.4.31. The vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the PostCSS output in CSS nodes (rules, properties) despite being included in a comment.
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CVSSv3:
  • Base Score: MEDIUM (5.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References:

Vulnerable Software & Versions:

postgresql-42.6.0.jar

Description:

PostgreSQL JDBC Driver Postgresql

License:

BSD-2-Clause: https://jdbc.postgresql.org/about/license.html
File Path: /var/simplicite/.m2/repository/org/postgresql/postgresql/42.6.0/postgresql-42.6.0.jar
MD5: 527f2c51d65f6a78d6548c51a35556aa
SHA1: 7614cfce466145b84972781ab0079b8dea49e363
SHA256:b817c67a40c94249fd59d4e686e3327ed0d3d3fae426b20da0f1e75652cfc461
Referenced In Project/Scope: Simplicite Platform:runtime
postgresql-42.6.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

CVE-2024-1597  

pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a string value after the first placeholder; both must be on the same line. By constructing a matching string payload, the attacker can inject SQL to alter the query,bypassing the protections that parameterized queries bring against SQL Injection attacks. Versions before 42.7.2, 42.6.1, 42.5.5, 42.4.4, 42.3.9, and 42.2.8 are affected.
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

preact:10.15.1

Description:

Fast 3kb React-compatible Virtual DOM library.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/preact:10.15.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@fullcalendar/core:5.11.0
  • simplicite-js:5.2.54

Identifiers

preferred-pm:3.0.3

Description:

Detects what package manager was used for installation

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/preferred-pm:3.0.3

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/npm-check:6.0.1
  • simplicite-js:5.2.54

Identifiers

preflight-2.0.23.jar

Description:

      The Apache Preflight library is an open source Java tool that implements 
      a parser compliant with the ISO-19005 (PDF/A) specification. Preflight is a 
      subproject of Apache PDFBox.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/pdfbox/preflight/2.0.23/preflight-2.0.23.jar
MD5: d297d9afec757a6f405575be83626a04
SHA1: c862a2ca119e37280a1658420e3349b9f295f177
SHA256:a5c0812996f38e798356fa92e5ec2c0220c619242dfd884b62af463be1460990
Referenced In Project/Scope: Simplicite Platform:compile
preflight-2.0.23.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

CVE-2021-31811  

In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2021-31812  

In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

prelude-ls:1.2.1

Description:

prelude.ls is a functionally oriented utility library. It is powerful and flexible. Almost all of its functions are curried. It is written in, and is the recommended base library for, LiveScript.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?type-check:0.4.0/prelude-ls:^1.2.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/levn:0.4.1
  • simplicite-js:5.2.54/type-check:0.4.0
  • simplicite-js:5.2.54/optionator:0.9.3
  • simplicite-js:5.2.54

Identifiers

prepend-http:2.0.0

Description:

Prepend `http://` to humanized URLs like todomvc.com and localhost

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?url-parse-lax:3.0.0/prepend-http:^2.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/url-parse-lax:3.0.0
  • simplicite-js:5.2.54

Identifiers

proc-log:3.0.0

Description:

just emit 'log' events on the process object

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/proc-log:3.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/npm-registry-fetch:14.0.5
  • simplicite-js:5.2.54/npm-package-arg:10.1.0
  • simplicite-js:5.2.54/pacote:15.2.0
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/@npmcli/git:4.1.0

Identifiers

process-nextick-args:2.0.1

Description:

process.nextTick but always with args

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/process-nextick-args:2.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/readable-stream:2.3.8
  • simplicite-js:5.2.54

Identifiers

progress:2.0.3

Description:

Flexible ascii progress bar

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/progress:2.0.3

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/npm-check-updates:16.14.14
  • simplicite-js:5.2.54

Identifiers

promise-inflight:1.0.1

Description:

One promise for multiple requests in flight to avoid async duplication

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/promise-inflight:1.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/@npmcli/git:4.1.0

Identifiers

promise-retry:2.0.1

Description:

Retries a function that returns a promise, leveraging the power of the retry module.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/promise-retry:2.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/make-fetch-happen:11.1.1
  • simplicite-js:5.2.54/pacote:15.2.0
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/@npmcli/git:4.1.0

Identifiers

prompts-ncu:3.0.0

Description:

Lightweight, beautiful and user-friendly prompts

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/prompts-ncu:3.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/npm-check-updates:16.14.14
  • simplicite-js:5.2.54

Identifiers

proto-list:1.2.4

Description:

A utility for managing a prototype chain

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/proto-list:1.2.4

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/config-chain:1.1.13
  • simplicite-js:5.2.54

Identifiers

protobuf-java-3.17.3.jar

Description:

    Core Protocol Buffers library. Protocol Buffers are a way of encoding structured data in an
    efficient yet extensible format.

License:

https://opensource.org/licenses/BSD-3-Clause
File Path: /var/simplicite/.m2/repository/com/google/protobuf/protobuf-java/3.17.3/protobuf-java-3.17.3.jar
MD5: cd233934a824c6eb401aef8ff4e4448b
SHA1: 313b1861fa9312dd71e1033a77c2e64fb1a94dd3
SHA256:4ac549b192694141958049f060a1c826a33342f619e108ced8c17d9877f5e3ed
Referenced In Project/Scope: Simplicite Platform:compile
protobuf-java-3.17.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

CVE-2022-3171  

A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above.
NVD-CWE-noinfo

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2022-3509 (OSSINDEX)  

A parsing issue similar to CVE-2022-3171, but with textformat in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above.
CWE-20 Improper Input Validation

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:/C:N/I:N/A:H

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:com.google.protobuf:protobuf-java:3.17.3:*:*:*:*:*:*:*

CVE-2021-22569 (OSSINDEX)  

An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. A small malicious payload can occupy the parser for several minutes by creating large numbers of short-lived objects that cause frequent, repeated pauses. We recommend upgrading libraries beyond the vulnerable versions.

Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2021-22569 for details
CWE-noinfo

CVSSv2:
  • Base Score: MEDIUM (5.5)
  • Vector: /AV:L/AC:L/Au:/C:N/I:N/A:H

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:com.google.protobuf:protobuf-java:3.17.3:*:*:*:*:*:*:*

protobuf-java-util-3.17.3.jar

Description:

Utilities for Protocol Buffers

License:

https://opensource.org/licenses/BSD-3-Clause
File Path: /var/simplicite/.m2/repository/com/google/protobuf/protobuf-java-util/3.17.3/protobuf-java-util-3.17.3.jar
MD5: 2622e6f183581d74e6e89cac23d7e44a
SHA1: 4340f06a346f46eab1b38feb066e4a2d30aed3b7
SHA256:bf320ed076000e1d8c7cbf7601b056acaecab80f75b9a659b9f6398d0d7e3f79
Referenced In Project/Scope: Simplicite Platform:compile
protobuf-java-util-3.17.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

CVE-2022-3171  

A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above.
NVD-CWE-noinfo

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

proton-j-0.33.8.jar

Description:

Proton is a library for speaking AMQP.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/qpid/proton-j/0.33.8/proton-j-0.33.8.jar
MD5: cd1f6987b69e8f5bfc2847fe8695fd79
SHA1: f7e503d4505d73c604c3a4a8e190d461136c9797
SHA256:2181e51532fcd1d5fcc7bddea8bf1b4e69cc028346777780011b30faea8d70cb
Referenced In Project/Scope: Simplicite Platform:compile
proton-j-0.33.8.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.qpid/qpid-jms-client@1.1.0

Identifiers

pseudomap:1.0.2

Description:

A thing that is a lot like ES6 `Map`, but without iterators, for use in environments where `for..of` syntax and `Map` are not available.

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/pseudomap:1.0.2

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/lru-cache:4.1.5
  • simplicite-js:5.2.54

Identifiers

pump:3.0.0

Description:

pipe streams together and close all of them if one of them closes

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/pump:3.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/get-stream:5.2.0
  • simplicite-js:5.2.54/get-stream:4.1.0
  • simplicite-js:5.2.54

Identifiers

punycode:2.3.0

Description:

A robust Punycode converter that fully complies to RFC 3492 and RFC 5891, and works on nearly all JavaScript platforms.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?uri-js:4.4.1/punycode:^2.1.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/uri-js:4.4.1
  • simplicite-js:5.2.54

Identifiers

pupa:2.1.1

Description:

Simple micro templating

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?update-notifier:4.1.3/pupa:^2.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/update-notifier:6.0.2
  • simplicite-js:5.2.54/update-notifier:4.1.3
  • simplicite-js:5.2.54/update-notifier:5.1.0
  • simplicite-js:5.2.54

Identifiers

qpid-jms-client-1.1.0.jar

Description:

The core JMS Client implementation

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/qpid/qpid-jms-client/1.1.0/qpid-jms-client-1.1.0.jar
MD5: 50603ba8c2efa1fc9ba66259af3293ae
SHA1: 7b0201557bb76108f43282aeac523f8c3b11f7e8
SHA256:84523481e3374b53b1a45b6de5835c09975a10b29f446a7e83cb14124bdf1872
Referenced In Project/Scope: Simplicite Platform:compile
qpid-jms-client-1.1.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

quartz-2.3.2.jar

Description:

Enterprise Job Scheduler

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
Apache Software License, Version 2.0
File Path: /var/simplicite/.m2/repository/org/quartz-scheduler/quartz/2.3.2/quartz-2.3.2.jar
MD5: d7299dbaec0e0ed7af281b07cc40c8c1
SHA1: 18a6d6b5a40b77bd060b34cb9f2acadc4bae7c8a
SHA256:639c6a675bc472e1568df9d8c954ff702da6f83ed27da0ff9a7bd12ed73b8bf0
Referenced In Project/Scope: Simplicite Platform:compile
quartz-2.3.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

CVE-2023-39017  

quartz-jobs 2.3.2 and below was discovered to contain a code injection vulnerability in the component org.quartz.jobs.ee.jms.SendQueueMessageJob.execute. This vulnerability is exploited via passing an unchecked argument. NOTE: this is disputed by multiple parties because it is not plausible that untrusted user input would reach the code location where injection must occur.
CWE-94 Improper Control of Generation of Code ('Code Injection')

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions:

query-ast:1.0.5

Description:

A library to traverse/modify an AST

License:

BSD-3-Clause
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/query-ast:1.0.5

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/depcheck:1.4.3

Identifiers

queue-microtask:1.2.3

Description:

fast, tiny `queueMicrotask` shim for modern engines

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?run-parallel:1.2.0/queue-microtask:^1.2.2

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/run-parallel:1.2.0
  • simplicite-js:5.2.54

Identifiers

quick-lru:4.0.1

Description:

Simple "Least Recently Used" (LRU) cache

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/quick-lru:4.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/camelcase-keys:6.2.2
  • simplicite-js:5.2.54

Identifiers

quick-lru:5.1.1

Description:

Simple “Least Recently Used” (LRU) cache

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/quick-lru:5.1.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/http2-wrapper:2.2.0
  • simplicite-js:5.2.54

Identifiers

rc-config-loader:4.1.3

Description:

load config file from .{product}rc.{json,yml,js}

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/rc-config-loader:4.1.3

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/npm-check:6.0.1
  • simplicite-js:5.2.54/npm-check-updates:16.14.14
  • simplicite-js:5.2.54

Identifiers

rc:1.2.8

Description:

hardwired configuration loader

License:

(BSD-2-Clause OR MIT OR Apache-2.0)
File Path: /var/simplicite/simplicite-5.2/package-lock.json?registry-url:5.1.0/rc:^1.2.8

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/registry-url:5.1.0
  • simplicite-js:5.2.54/registry-auth-token:4.2.2
  • simplicite-js:5.2.54/license-report:6.5.0
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/registry-url:6.0.1

Identifiers

read-package-json-fast:3.0.2

Description:

Like read-package-json, but faster

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/read-package-json-fast:3.0.2

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@npmcli/run-script:6.0.2
  • simplicite-js:5.2.54/pacote:15.2.0
  • simplicite-js:5.2.54

Identifiers

read-package-json:6.0.4

Description:

The thing npm uses to read package.json files with semantics and defaults and validation

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/read-package-json:6.0.4

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/pacote:15.2.0
  • simplicite-js:5.2.54

Identifiers

read-pkg-up:7.0.1

Description:

Read the closest package.json file

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/read-pkg-up:7.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/meow:9.0.0
  • simplicite-js:5.2.54

Identifiers

read-pkg:5.2.0

Description:

Read a package.json file

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?read-pkg-up:7.0.1/read-pkg:^5.2.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/read-pkg-up:7.0.1
  • simplicite-js:5.2.54

Identifiers

readable-stream:1.1.14

Description:

Streams3, a user-land copy of the stream library from Node.js v0.11.x

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/readable-stream:1.1.14

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/htmlparser2:3.8.3
  • simplicite-js:5.2.54

Identifiers

readable-stream:2.3.8

Description:

Streams3, a user-land copy of the stream library from Node.js

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/readable-stream:2.3.8

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/jszip:3.7.1

Identifiers

readable-stream:3.6.2

Description:

Streams3, a user-land copy of the stream library from Node.js

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/readable-stream:3.6.2

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/bl:4.1.0
  • simplicite-js:5.2.54/are-we-there-yet:3.0.1
  • simplicite-js:5.2.54

Identifiers

readdirp:3.6.0

Description:

Recursive version of fs.readdir with streaming API.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/readdirp:3.6.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/chokidar:3.5.3
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/depcheck:1.4.3

Identifiers

redent:3.0.0

Description:

Strip redundant indentation and indent the string

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/redent:3.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/meow:9.0.0
  • simplicite-js:5.2.54

Identifiers

regenerate-unicode-properties:10.1.0

Description:

Regenerate sets for Unicode properties and values.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?regexpu-core:5.3.2/regenerate-unicode-properties:^10.1.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/regexpu-core:5.3.2
  • simplicite-js:5.2.54

Identifiers

regenerate:1.4.2

Description:

Generate JavaScript-compatible regular expressions based on a given set of Unicode symbols or code points.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?regexpu-core:5.3.2/regenerate:^1.4.2

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/regexpu-core:5.3.2
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/regenerate-unicode-properties:10.1.0

Identifiers

regenerator-runtime:0.14.0

Description:

Runtime for Regenerator-compiled generator and async functions.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/regenerator-runtime:0.14.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/node:7.23.9
  • simplicite-js:5.2.54/@babel/runtime:7.23.9
  • simplicite-js:5.2.54

Identifiers

regenerator-transform:0.15.2

Description:

Explode async and generator functions into a state machine.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/regenerator-transform:0.15.2

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/plugin-transform-regenerator:7.23.3
  • simplicite-js:5.2.54

Identifiers

regexp.prototype.flags:1.5.0

Description:

ES6 spec-compliant RegExp.prototype.flags shim.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/regexp.prototype.flags:1.5.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/es-abstract:1.21.2
  • simplicite-js:5.2.54

Identifiers

regexpu-core:5.3.2

Description:

regexpu’s core functionality (i.e. `rewritePattern(pattern, flag)`), capable of translating ES6 Unicode regular expressions to ES5.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/regexpu-core:5.3.2

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/helper-create-regexp-features-plugin:7.22.15
  • simplicite-js:5.2.54

Identifiers

registry-auth-token:4.2.2

Description:

Get the auth token set for an npm registry (if any)

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/registry-auth-token:4.2.2

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/package-json:8.1.1
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/package-json:6.5.0

Identifiers

registry-auth-token:5.0.2

Description:

Get the auth token set for an npm registry (if any)

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/registry-auth-token:5.0.2

Referenced In Project/Scope: simplicite-js:5.2.54

Identifiers

registry-url:5.1.0

Description:

Get the set npm registry URL

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/registry-url:5.1.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/package-json:8.1.1
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/package-json:6.5.0

Identifiers

registry-url:6.0.1

Description:

Get the set npm registry URL

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/registry-url:6.0.1

Referenced In Project/Scope: simplicite-js:5.2.54

Identifiers

regjsparser:0.9.1

License:

BSD-2-Clause
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/regjsparser:0.9.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/regexpu-core:5.3.2
  • simplicite-js:5.2.54

Identifiers

relaxng-datatype-2.3.4.jar

Description:

RelaxNG Datatype library.

License:

http://www.eclipse.org/org/documents/edl-v10.php
File Path: /var/simplicite/.m2/repository/com/sun/xml/bind/external/relaxng-datatype/2.3.4/relaxng-datatype-2.3.4.jar
MD5: 16bc84c029a2ea1350d86be887178615
SHA1: 5b2712a7a9fc1947640a45bb7b519d8d13196854
SHA256:8b8819d440a5fb1e6b3d5fe525128f15ddf8ee35414bd7ceda28981e1f3ffed4
Referenced In Project/Scope: Simplicite Platform:compile
relaxng-datatype-2.3.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.glassfish.jaxb/jaxb-xjc@2.3.4

Identifiers

remote-git-tags:3.0.0

Description:

Get tags from a remote Git repo

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/remote-git-tags:3.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/npm-check-updates:16.14.14
  • simplicite-js:5.2.54

Identifiers

require-directory:2.1.1

Description:

Recursively iterates over specified directory, require()'ing each file, and returning a nested hash structure containing those modules.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?yargs:16.2.0/require-directory:^2.1.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/yargs:16.2.0
  • simplicite-js:5.2.54

Identifiers

require-from-string:2.0.2

Description:

Require module from string

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?ajv:8.12.0/require-from-string:^2.0.2

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/rc-config-loader:4.1.3
  • simplicite-js:5.2.54/ajv:8.12.0
  • simplicite-js:5.2.54

Identifiers

require-package-name:2.0.1

Description:

gets the package name for a require statement

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/require-package-name:2.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/depcheck:1.4.3

Identifiers

requizzle:0.2.4

Description:

Swizzle a little something into your require() calls.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/requizzle:0.2.4

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/jsdoc:4.0.2
  • simplicite-js:5.2.54

Identifiers

resolve-alpn:1.2.1

Description:

Detects the ALPN protocol

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/resolve-alpn:1.2.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/http2-wrapper:2.2.0
  • simplicite-js:5.2.54

Identifiers

resolve-from:4.0.0

Description:

Resolve the path of a module like `require.resolve()` but from a given path

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/resolve-from:4.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/import-fresh:3.3.0
  • simplicite-js:5.2.54

Identifiers

resolve-from:5.0.0

Description:

Resolve the path of a module like `require.resolve()` but from a given path

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/resolve-from:5.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/stylelint:14.16.1
  • simplicite-js:5.2.54

Identifiers

resolve:1.22.2

Description:

resolve like require.resolve() on behalf of files asynchronously and synchronously

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/resolve:1.22.2

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/normalize-package-data:2.5.0
  • simplicite-js:5.2.54/@babel/helper-define-polyfill-provider:0.5.0
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/depcheck:1.4.3

Identifiers

responselike:1.0.2

Description:

A response-like object for mocking a Node.js HTTP response stream

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/responselike:1.0.2

Referenced In Project/Scope: simplicite-js:5.2.54

Identifiers

responselike:3.0.0

Description:

A response-like object for mocking a Node.js HTTP response stream

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/responselike:3.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/cacheable-request:6.1.0
  • simplicite-js:5.2.54/cacheable-request:10.2.12
  • simplicite-js:5.2.54/got:12.6.1
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/got:13.0.0

Identifiers

restore-cursor:3.1.0

Description:

Gracefully restore the CLI cursor on exit

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/restore-cursor:3.1.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/cli-cursor:3.1.0
  • simplicite-js:5.2.54

Identifiers

retry:0.12.0

Description:

Abstraction for exponential and custom retry strategies for failed operations.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/retry:0.12.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/promise-retry:2.0.1

Identifiers

reusify:1.0.4

Description:

Reuse objects and functions with style

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/reusify:1.0.4

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/fastq:1.15.0
  • simplicite-js:5.2.54

Identifiers

rhino-1.7.13.jar

Description:

    Rhino is an open-source implementation of JavaScript written entirely in Java.
    It is typically embedded into Java applications to provide scripting to end users.

License:

Mozilla Public License, Version 2.0: http://www.mozilla.org/MPL/2.0/index.txt
File Path: /var/simplicite/.m2/repository/org/mozilla/rhino/1.7.13/rhino-1.7.13.jar
MD5: 17d7bed97d9c03a77578ec16e26bfc2f
SHA1: e6b2e12dc79fbdc58d8bf62a583705a551ec37d6
SHA256:931dda33789d8e004ff5b5478ee3d6d224305de330c48266df7c3e49d52fc606
Referenced In Project/Scope: Simplicite Platform:compile
rhino-1.7.13.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

rhino-1.7.13.jar: test.js

File Path: /var/simplicite/.m2/repository/org/mozilla/rhino/1.7.13/rhino-1.7.13.jar/org/mozilla/javascript/tools/debugger/test.js
MD5: 3f4137118304ccd25816067cf8d1edd6
SHA1: d3c7ae4c10cb6c7ac191cb65a39e53ba6a4e6cfb
SHA256:950d2db0a646488500b58ba76a02c33501a048708c083e3b743b73b16e105331
Referenced In Project/Scope: Simplicite Platform:compile

Identifiers

  • None

rhino-js-engine-1.7.10.jar

Description:

A js-engine.jar that provides a script engine "rhino" with old Rhino JavaScript.

The source code for js-engine comes from https://java.net/projects/Scripting.

The Rhino engine itself is pulled by maven. Its source is at https://github.com/mozilla/rhino.

License:

The BSD 3-Clause License: https://opensource.org/licenses/BSD-3-Clause
File Path: /var/simplicite/.m2/repository/cat/inspiracio/rhino-js-engine/1.7.10/rhino-js-engine-1.7.10.jar
MD5: 5543d39bea21e5c9515e8d967a61e1b1
SHA1: 09cc9336acf7bd2f370ae812d5713e90463edc33
SHA256:b47d73c223c86fd3f70470a9a8269626dbb6e9cb0195d062ba53171a2df7ff44
Referenced In Project/Scope: Simplicite Platform:compile
rhino-js-engine-1.7.10.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

rhino-js-engine-1.7.10.jar: toplevel.js

File Path: /var/simplicite/.m2/repository/cat/inspiracio/rhino-js-engine/1.7.10/rhino-js-engine-1.7.10.jar/META-INF/toplevel.js
MD5: 491854ddbf3787e63aec2d77d4aad938
SHA1: 0cc36fe5c5269749b8d94252d7490d2d82bda8ed
SHA256:511041250766b0811a7767801a1bec1be89a5bddbbe9e455ad7ea2057ba473f7
Referenced In Project/Scope: Simplicite Platform:compile

Identifiers

  • None

rimraf:3.0.2

Description:

A deep deletion module for node (like `rm -rf`)

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/rimraf:3.0.2

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/flat-cache:3.0.4
  • simplicite-js:5.2.54/node-gyp:9.4.0
  • simplicite-js:5.2.54

Identifiers

rimraf:5.0.5

Description:

A deep deletion module for node (like `rm -rf`)

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/rimraf:5.0.5

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/npm-check-updates:16.14.14
  • simplicite-js:5.2.54

Identifiers

rngom-2.3.4.jar

Description:

        RNGOM is a RelaxNG Object model library (XSOM for RelaxNG).

License:

http://www.eclipse.org/org/documents/edl-v10.php
File Path: /var/simplicite/.m2/repository/com/sun/xml/bind/external/rngom/2.3.4/rngom-2.3.4.jar
MD5: 42f6df97140d71c05db8d17f22bedfb7
SHA1: 3ccfeb42b0ec2432f6a940cc32163d4479685093
SHA256:4630528cc9361a1ad9b8208dfd157b3d0d9c3f5d5edda4245f705e081e1498c5
Referenced In Project/Scope: Simplicite Platform:compile
rngom-2.3.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.glassfish.jaxb/jaxb-xjc@2.3.4

Identifiers

rrule:2.8.1

Description:

JavaScript library for working with recurrence rules for calendar dates.

License:

BSD-3-Clause
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/rrule:2.8.1

Referenced In Project/Scope: simplicite-js:5.2.54

Identifiers

run-async:2.4.1

Description:

Utility method to run function either synchronously or asynchronously using the common `this.async()` style.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/run-async:2.4.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/inquirer:7.3.3
  • simplicite-js:5.2.54

Identifiers

run-parallel:1.2.0

Description:

Run an array of functions in parallel

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/run-parallel:1.2.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/@nodelib/fs.scandir:2.1.5

Identifiers

rxjs:6.6.7

Description:

Reactive Extensions for modern JavaScript

License:

Apache-2.0
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/rxjs:6.6.7

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/inquirer:7.3.3
  • simplicite-js:5.2.54

Identifiers

safe-array-concat:1.0.0

Description:

`Array.prototype.concat`, but made safe by ignoring Symbol.isConcatSpreadable

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/safe-array-concat:1.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/object.getownpropertydescriptors:2.1.6
  • simplicite-js:5.2.54

Identifiers

safe-buffer:5.2.1

Description:

Safer Node.js Buffer API

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/safe-buffer:5.2.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/readable-stream:2.3.8
  • simplicite-js:5.2.54/string_decoder:1.3.0
  • simplicite-js:5.2.54/string_decoder:1.1.1
  • simplicite-js:5.2.54

Identifiers

safe-regex-test:1.0.0

Description:

Give a regex, get a robust predicate function that tests it against a string.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/safe-regex-test:1.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/es-abstract:1.21.2
  • simplicite-js:5.2.54

Identifiers

safer-buffer:2.1.2

Description:

Modern Buffer API polyfill without footguns

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/safer-buffer:2.1.2

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/iconv-lite:0.6.3
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/iconv-lite:0.4.24

Identifiers

sass:1.63.6

Description:

A pure JavaScript implementation of Sass.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/sass:1.63.6

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/depcheck:1.4.3

Identifiers

scss-parser:1.0.6

Description:

A library to parse/stringify SCSS

License:

SEE LICENSE IN README
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/scss-parser:1.0.6

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/depcheck:1.4.3

Identifiers

select2-theme-bootstrap4:1.0.0

Description:

A theme for Select2 v4 and Bootstrap 4.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/select2-theme-bootstrap4:1.0.0

Referenced In Project/Scope: simplicite-js:5.2.54

Identifiers

select2:4.0.13

Description:

Select2 is a jQuery based replacement for select boxes. It supports searching, remote data sets, and infinite scrolling of results.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/select2:4.0.13

Referenced In Project/Scope: simplicite-js:5.2.54

Identifiers

semver-compare:1.0.0

Description:

compare two semver version strings, returning -1, 0, or 1

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/semver-compare:1.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/please-upgrade-node:3.2.0
  • simplicite-js:5.2.54

Identifiers

semver-diff:3.1.1

Description:

Get the diff type of two semver versions: 0.0.1 0.0.2 → patch

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?update-notifier:4.1.3/semver-diff:^3.1.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/npm-check:6.0.1
  • simplicite-js:5.2.54/update-notifier:6.0.2
  • simplicite-js:5.2.54/update-notifier:4.1.3
  • simplicite-js:5.2.54/update-notifier:5.1.0
  • simplicite-js:5.2.54

Identifiers

semver-utils:1.1.4

Description:

Tools for manipulating semver strings and objects

License:

APACHEv2
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/semver-utils:1.1.4

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/npm-check-updates:16.14.14
  • simplicite-js:5.2.54

Identifiers

semver:5.7.1

Description:

The semantic version parser used by npm.

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/semver:5.7.1

Referenced In Project/Scope: simplicite-js:5.2.54

Identifiers

CVE-2022-25883 (OSSINDEX)  

Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.



Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2022-25883 for details
CWE-1333 Inefficient Regular Expression Complexity

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:/C:N/I:N/A:H

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:*:semver:5.7.1:*:*:*:*:*:*:*

semver:6.3.1

Description:

The semantic version parser used by npm.

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?semver-diff:3.1.1/semver:^6.3.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/normalize-package-data:3.0.3
  • simplicite-js:5.2.54/babel-plugin-polyfill-corejs2:0.4.8
  • simplicite-js:5.2.54/npm-install-checks:6.1.1
  • simplicite-js:5.2.54/semver-diff:4.0.0
  • simplicite-js:5.2.54/@babel/helper-create-class-features-plugin:7.23.10
  • simplicite-js:5.2.54/node-gyp:9.4.0
  • simplicite-js:5.2.54/editorconfig:0.15.3
  • simplicite-js:5.2.54/license-report:6.5.0
  • simplicite-js:5.2.54/npm-check-updates:16.14.14
  • simplicite-js:5.2.54/make-dir:3.1.0
  • simplicite-js:5.2.54/depcheck:1.4.3
  • simplicite-js:5.2.54/normalize-package-data:2.5.0
  • simplicite-js:5.2.54/builtins:5.0.1
  • simplicite-js:5.2.54/semver-diff:3.1.1
  • simplicite-js:5.2.54/eslint-plugin-jsdoc:48.0.4
  • simplicite-js:5.2.54/npm-package-arg:10.1.0
  • simplicite-js:5.2.54/@babel/preset-env:7.23.9
  • simplicite-js:5.2.54/npm-pick-manifest:8.0.2
  • simplicite-js:5.2.54/make-dir:2.1.0
  • simplicite-js:5.2.54/npm-check:6.0.1
  • simplicite-js:5.2.54/package-json:8.1.1
  • simplicite-js:5.2.54/@babel/helper-create-regexp-features-plugin:7.22.15
  • simplicite-js:5.2.54/update-notifier:5.1.0
  • simplicite-js:5.2.54/@npmcli/fs:3.1.0
  • simplicite-js:5.2.54/@babel/core:7.23.9
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/normalize-package-data:5.0.0
  • simplicite-js:5.2.54/node-environment-flags:1.0.6
  • simplicite-js:5.2.54/@babel/helper-compilation-targets:7.23.6
  • simplicite-js:5.2.54/update-notifier:6.0.2
  • simplicite-js:5.2.54/package-json:6.5.0
  • simplicite-js:5.2.54/@npmcli/git:4.1.0

Identifiers

semver:7.5.4

Description:

The semantic version parser used by npm.

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/semver:7.5.4

Referenced In Project/Scope: simplicite-js:5.2.54

Identifiers

sentence-case:3.0.4

Description:

Transform into a lower case with spaces between words, then capitalize the string

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?tablemark:3.0.0/sentence-case:^3.0.4

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/tablemark:3.0.0
  • simplicite-js:5.2.54

Identifiers

serializer-2.7.2.jar

Description:

    Serializer to write out XML, HTML etc. as a stream of characters from an input DOM or from input
    SAX events.

File Path: /var/simplicite/.m2/repository/xalan/serializer/2.7.2/serializer-2.7.2.jar
MD5: e8325763fd4235f174ab7b72ed815db1
SHA1: 24247f3bb052ee068971393bdb83e04512bb1c3c
SHA256:e8f5b4340d3b12a0cfa44ac2db4be4e0639e479ae847df04c4ed8b521734bb4a
Referenced In Project/Scope: Simplicite Platform:compile
serializer-2.7.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/xalan/xalan@2.7.2

Identifiers

CVE-2022-34169  

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.
CWE-681 Incorrect Conversion between Numeric Types

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

Vulnerable Software & Versions: (show all)

set-blocking:2.0.0

Description:

set blocking stdio and stderr ensuring that terminal output does not truncate

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/set-blocking:2.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/npmlog:6.0.2
  • simplicite-js:5.2.54

Identifiers

set-immediate-shim:1.0.1

Description:

Simple setImmediate shim

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/set-immediate-shim:1.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/jszip:3.7.1

Identifiers

shallow-clone:3.0.1

Description:

Creates a shallow clone of any JavaScript value.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/shallow-clone:3.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/clone-deep:4.0.1

Identifiers

shebang-command:2.0.0

Description:

Get the command from a shebang

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/shebang-command:2.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/cross-spawn:7.0.3
  • simplicite-js:5.2.54

Identifiers

shebang-regex:3.0.0

Description:

Regular expression for matching a shebang line

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/shebang-regex:3.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/shebang-command:2.0.0
  • simplicite-js:5.2.54

Identifiers

shelljs:0.3.0

Description:

Portable Unix shell commands for Node.js

License:

BSD*
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/shelljs:0.3.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/jshint:2.13.1
  • simplicite-js:5.2.54

Identifiers

CVE-2022-0144  

shelljs is vulnerable to Improper Privilege Management
CWE-269 Improper Privilege Management

CVSSv2:
  • Base Score: LOW (3.6)
  • Vector: /AV:L/AC:L/Au:N/C:P/I:N/A:P
CVSSv3:
  • Base Score: HIGH (7.1)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

References:

Vulnerable Software & Versions:

side-channel:1.0.4

Description:

Store information about any JS value in a side channel. Uses WeakMap if available.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/side-channel:1.0.4

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/internal-slot:1.0.5
  • simplicite-js:5.2.54

Identifiers

sigmund:1.0.1

Description:

Quick and dirty signatures for Objects.

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/sigmund:1.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/editorconfig:0.15.3
  • simplicite-js:5.2.54

Identifiers

signal-exit:3.0.7

Description:

when you want to fire an event no matter how a process exits.

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?write-file-atomic:4.0.2/signal-exit:^3.0.7

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/restore-cursor:3.1.0
  • simplicite-js:5.2.54/gauge:4.0.4
  • simplicite-js:5.2.54/execa:5.1.1
  • simplicite-js:5.2.54/write-file-atomic:4.0.2
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/write-file-atomic:3.0.3

Identifiers

signal-exit:4.0.2

Description:

when you want to fire an event no matter how a process exits.

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/signal-exit:4.0.2

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/foreground-child:3.1.1
  • simplicite-js:5.2.54

Identifiers

signature_pad:2.3.2

Description:

Library for drawing smooth signatures.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/signature_pad:2.3.2

Referenced In Project/Scope: simplicite-js:5.2.54

Identifiers

sigstore:1.8.0

Description:

code-signing for npm packages

License:

Apache-2.0
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/sigstore:1.8.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/pacote:15.2.0
  • simplicite-js:5.2.54

Identifiers

simplicite-bootstrap-datetimepicker:1.0.6

Description:

Bootstrap date and time picker adapted and refactored for Bootstrap 4 from archived https://github.com/smalot/bootstrap-datetimepicker

License:

Apache-2.0
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/simplicite-bootstrap-datetimepicker:1.0.6

Referenced In Project/Scope: simplicite-js:5.2.54

Identifiers

simplicite:3.0.1

Description:

Simplicite(R) platform Javascript API (for node.js and browser)

License:

Apache-2.0
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/simplicite:3.0.1

Referenced In Project/Scope: simplicite-js:5.2.54

Identifiers

sisteransi:1.0.5

Description:

ANSI escape codes for some terminal swag

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/sisteransi:1.0.5

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/prompts-ncu:3.0.0

Identifiers

slash:2.0.0

Description:

Convert Windows backslash paths to slash paths

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/slash:2.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/cli:7.23.9
  • simplicite-js:5.2.54

Identifiers

slash:3.0.0

Description:

Convert Windows backslash paths to slash paths

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/slash:3.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/globby:11.1.0

Identifiers

slf4j-api-1.7.32.jar

Description:

The slf4j API

File Path: /var/simplicite/.m2/repository/org/slf4j/slf4j-api/1.7.32/slf4j-api-1.7.32.jar
MD5: fbcf58513bc25b80f075d812aad3e3cf
SHA1: cdcff33940d9f2de763bc41ea05a0be5941176c3
SHA256:3624f8474c1af46d75f98bc097d7864a323c81b3808aa43689a6e1c601c027be
Referenced In Project/Scope: Simplicite Platform:compile
slf4j-api-1.7.32.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

slice-ansi:4.0.0

Description:

Slice a string with ANSI escape codes

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?table:6.8.1/slice-ansi:^4.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/table:6.8.1
  • simplicite-js:5.2.54

Identifiers

smart-buffer:4.2.0

Description:

smart-buffer is a Buffer wrapper that adds automatic read & write offset tracking, string operations, data insertions, and more.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?socks:2.7.1/smart-buffer:^4.2.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/socks:2.7.1
  • simplicite-js:5.2.54

Identifiers

snakeyaml-1.29.jar

Description:

YAML 1.1 parser and emitter for Java

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/yaml/snakeyaml/1.29/snakeyaml-1.29.jar
MD5: 5bdf841bc5abda0507fa5ce91c44cc86
SHA1: 6d0cdafb2010f1297e574656551d7145240f6e25
SHA256:89c5f029811b08c878f0b81dbb05e9626624c1fda4087a26871101e499a217ab
Referenced In Project/Scope: Simplicite Platform:compile
snakeyaml-1.29.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

CVE-2022-1471  

SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization. We recommend upgrading to version 2.0 and beyond.
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions:

CVE-2022-25857  

The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.
CWE-776 Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

CVE-2022-38749  

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.
CWE-787 Out-of-bounds Write

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

CVE-2022-38751  

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.
CWE-787 Out-of-bounds Write

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

CVE-2022-38752  

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.
CWE-787 Out-of-bounds Write

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

CVE-2022-41854  

Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.
CWE-787 Out-of-bounds Write

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

CVE-2022-38750  

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.
CWE-787 Out-of-bounds Write

CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

snappy-java-1.1.8.4.jar

Description:

snappy-java: A fast compression/decompression library

License:

Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.html
File Path: /var/simplicite/.m2/repository/org/xerial/snappy/snappy-java/1.1.8.4/snappy-java-1.1.8.4.jar
MD5: 3aca6cae2cada8442809bc79be3df269
SHA1: 66f0d56454509f6e36175f2331572e250e04a6cc
SHA256:24c4d1fc1e89e078331ab8f401a99cad68599bde4a2e4516042cb548c51b1c3e
Referenced In Project/Scope: Simplicite Platform:runtime
snappy-java-1.1.8.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.kafka/kafka-clients@3.3.1

Identifiers

CVE-2023-34453  

snappy-java is a fast compressor/decompressor for Java. Due to unchecked multiplications, an integer overflow may occur in versions prior to 1.1.10.1, causing a fatal error.

The function `shuffle(int[] input)` in the file `BitShuffle.java` receives an array of integers and applies a bit shuffle on it. It does so by multiplying the length by 4 and passing it to the natively compiled shuffle function. Since the length is not tested, the multiplication by four can cause an integer overflow and become a smaller value than the true size, or even zero or negative. In the case of a negative value, a `java.lang.NegativeArraySizeException` exception will raise, which can crash the program. In a case of a value that is zero or too small, the code that afterwards references the shuffled array will assume a bigger size of the array, which might cause exceptions such as `java.lang.ArrayIndexOutOfBoundsException`.

The same issue exists also when using the `shuffle` functions that receive a double, float, long and short, each using a different multiplier that may cause the same issue.

Version 1.1.10.1 contains a patch for this vulnerability.
CWE-190 Integer Overflow or Wraparound

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

CVE-2023-34454  

snappy-java is a fast compressor/decompressor for Java. Due to unchecked multiplications, an integer overflow may occur in versions prior to 1.1.10.1, causing an unrecoverable fatal error.

The function `compress(char[] input)` in the file `Snappy.java` receives an array of characters and compresses it. It does so by multiplying the length by 2 and passing it to the rawCompress` function.

Since the length is not tested, the multiplication by two can cause an integer overflow and become negative. The rawCompress function then uses the received length and passes it to the natively compiled maxCompressedLength function, using the returned value to allocate a byte array.

Since the maxCompressedLength function treats the length as an unsigned integer, it doesn’t care that it is negative, and it returns a valid value, which is casted to a signed integer by the Java engine. If the result is negative, a `java.lang.NegativeArraySizeException` exception will be raised while trying to allocate the array `buf`. On the other side, if the result is positive, the `buf` array will successfully be allocated, but its size might be too small to use for the compression, causing a fatal Access Violation error.

The same issue exists also when using the `compress` functions that receive double, float, int, long and short, each using a different multiplier that may cause the same issue. The issue most likely won’t occur when using a byte array, since creating a byte array of size 0x80000000 (or any other negative value) is impossible in the first place.

Version 1.1.10.1 contains a patch for this issue.
CWE-190 Integer Overflow or Wraparound

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

CVE-2023-34455  

snappy-java is a fast compressor/decompressor for Java. Due to use of an unchecked chunk length, an unrecoverable fatal error can occur in versions prior to 1.1.10.1.

The code in the function hasNextChunk in the fileSnappyInputStream.java checks if a given stream has more chunks to read. It does that by attempting to read 4 bytes. If it wasn’t possible to read the 4 bytes, the function returns false. Otherwise, if 4 bytes were available, the code treats them as the length of the next chunk.

In the case that the `compressed` variable is null, a byte array is allocated with the size given by the input data. Since the code doesn’t test the legality of the `chunkSize` variable, it is possible to pass a negative number (such as 0xFFFFFFFF which is -1), which will cause the code to raise a `java.lang.NegativeArraySizeException` exception. A worse case would happen when passing a huge positive value (such as 0x7FFFFFFF), which would raise the fatal `java.lang.OutOfMemoryError` error.

Version 1.1.10.1 contains a patch for this issue.
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

CVE-2023-43642  

snappy-java is a Java port of the snappy, a fast C++ compresser/decompresser developed by Google. The SnappyInputStream was found to be vulnerable to Denial of Service (DoS) attacks when decompressing data with a too large chunk size. Due to missing upper bound check on chunk length, an unrecoverable fatal error can occur. All versions of snappy-java including the latest released version 1.1.10.3 are vulnerable to this issue. A fix has been introduced in commit `9f8c3cf74` which will be included in the 1.1.10.4 release. Users are advised to upgrade. Users unable to upgrade should only accept compressed data from trusted sources.
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

snappy-java-1.1.8.4.jar: snappyjava.dll

File Path: /var/simplicite/.m2/repository/org/xerial/snappy/snappy-java/1.1.8.4/snappy-java-1.1.8.4.jar/org/xerial/snappy/native/Windows/x86/snappyjava.dll
MD5: 10d5fed1e53436b1eaebd5af74411ab9
SHA1: a7e426427985ed03e37b7e2198cecbe0be95b92d
SHA256:d2d922984b4487a4d9117137db6072bebd37b82a33adee02d0d57bcd8c723da8
Referenced In Project/Scope: Simplicite Platform:runtime

Identifiers

  • None

snappy-java-1.1.8.4.jar: snappyjava.dll

File Path: /var/simplicite/.m2/repository/org/xerial/snappy/snappy-java/1.1.8.4/snappy-java-1.1.8.4.jar/org/xerial/snappy/native/Windows/x86_64/snappyjava.dll
MD5: 9c14838fdac91cc0666eab07bfc21bc8
SHA1: 1a439f0d589c48cfb3e3e17499e4961cdcda7bb9
SHA256:ba2eb1fc7d6b209bae559f0091dd85a899db422b8824b6bd25ff147b725a4ae3
Referenced In Project/Scope: Simplicite Platform:runtime

Identifiers

  • None

socks-proxy-agent:7.0.0

Description:

A SOCKS proxy `http.Agent` implementation for HTTP and HTTPS

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/socks-proxy-agent:7.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/make-fetch-happen:11.1.1
  • simplicite-js:5.2.54

Identifiers

socks:2.7.1

Description:

Fully featured SOCKS proxy client supporting SOCKSv4, SOCKSv4a, and SOCKSv5. Includes Bind and Associate functionality.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?socks-proxy-agent:7.0.0/socks:^2.6.2

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/socks-proxy-agent:7.0.0
  • simplicite-js:5.2.54

Identifiers

source-map-js:1.0.2

Description:

Generates and consumes source maps

License:

BSD-3-Clause
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/source-map-js:1.0.2

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/postcss:8.4.24
  • simplicite-js:5.2.54/@vue/compiler-sfc:3.3.4
  • simplicite-js:5.2.54/@vue/compiler-core:3.3.4
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/sass:1.63.6

Identifiers

source-map-support:0.5.21

Description:

Fixes stack traces for files with source maps

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/source-map-support:0.5.21

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/npm-check-updates:16.14.14
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/@babel/register:7.23.7

Identifiers

source-map:0.6.1

Description:

Generates and consumes source maps

License:

BSD-3-Clause
File Path: /var/simplicite/simplicite-5.2/package-lock.json?source-map-support:0.5.21/source-map:^0.6.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/handlebars:4.7.7
  • simplicite-js:5.2.54/source-map-support:0.5.21
  • simplicite-js:5.2.54

Identifiers

spawn-please:2.0.2

Description:

Promisified child_process.spawn. *Supports stdin* *Rejects on stderr*

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/spawn-please:2.0.2

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/npm-check-updates:16.14.14
  • simplicite-js:5.2.54

Identifiers

spdx-correct:3.2.0

Description:

correct invalid SPDX expressions

License:

Apache-2.0
File Path: /var/simplicite/simplicite-5.2/package-lock.json?validate-npm-package-license:3.0.4/spdx-correct:^3.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/validate-npm-package-license:3.0.4
  • simplicite-js:5.2.54

Identifiers

spdx-exceptions:2.3.0

Description:

list of SPDX standard license exceptions

License:

CC-BY-3.0
File Path: /var/simplicite/simplicite-5.2/package-lock.json?spdx-expression-parse:3.0.1/spdx-exceptions:^2.1.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/spdx-expression-parse:3.0.1
  • simplicite-js:5.2.54/spdx-expression-parse:4.0.0
  • simplicite-js:5.2.54

Identifiers

spdx-expression-parse:3.0.1

Description:

parse SPDX license expressions

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?validate-npm-package-license:3.0.4/spdx-expression-parse:^3.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/spdx-correct:3.2.0
  • simplicite-js:5.2.54/validate-npm-package-license:3.0.4
  • simplicite-js:5.2.54

Identifiers

spdx-expression-parse:4.0.0

Description:

parse SPDX license expressions

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/spdx-expression-parse:4.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/eslint-plugin-jsdoc:48.0.4
  • simplicite-js:5.2.54

Identifiers

spdx-license-ids:3.0.13

Description:

A list of SPDX license identifiers

License:

CC0-1.0
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/spdx-license-ids:3.0.13

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/spdx-correct:3.2.0
  • simplicite-js:5.2.54/spdx-expression-parse:3.0.1
  • simplicite-js:5.2.54/spdx-expression-parse:4.0.0
  • simplicite-js:5.2.54

Identifiers

spectrum-colorpicker:1.8.1

Description:

Spectrum: the no hassle jQuery colorpicker

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/spectrum-colorpicker:1.8.1

Referenced In Project/Scope: simplicite-js:5.2.54

Identifiers

split-text-to-chunks:1.0.0

Description:

Split a text string to chunks for e.g. word wrapping

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?tablemark:3.0.0/split-text-to-chunks:^1.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/tablemark:3.0.0
  • simplicite-js:5.2.54

Identifiers

sprintf-js:1.0.3

Description:

JavaScript sprintf implementation

License:

BSD-3-Clause
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/sprintf-js:1.0.3

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/argparse:1.0.10
  • simplicite-js:5.2.54

Identifiers

sshd-osgi-2.8.0.jar

Description:

The Apache Software Foundation provides support for the Apache community of open-source software projects.    The Apache projects are characterized by a collaborative, consensus based development process, an open and    pragmatic software license, and a desire to create high quality software that leads the way in its field.    We consider ourselves not simply a group of projects sharing a server, but rather a community of developers    and users.

License:

https://www.apache.org/licenses/LICENSE-2.0
File Path: /var/simplicite/.m2/repository/org/apache/sshd/sshd-osgi/2.8.0/sshd-osgi-2.8.0.jar
MD5: 15b16cddad3c6d3bc9d45a74585e2f6e
SHA1: b2a59b73c045f40d5722b9160d4f909a646d86c9
SHA256:734ee51c6babaf0fdfebfc9f38c148a38b8a1d8bce03d0bad26b3fba21a48463
Referenced In Project/Scope: Simplicite Platform:compile
sshd-osgi-2.8.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.eclipse.jgit/org.eclipse.jgit.ssh.apache@6.1.0.202203080745-r

Identifiers

CVE-2022-45047  

Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD <= 2.9.1 uses Java deserialization to load a serialized java.security.PrivateKey. The class is one of several implementations that an implementor using Apache MINA SSHD can choose for loading the host keys of an SSH server.
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions:

CVE-2023-48795  

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.
CWE-354 Improper Validation of Integrity Check Value

CVSSv3:
  • Base Score: MEDIUM (5.9)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2023-35887  

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache MINA.

In SFTP servers implemented using Apache MINA SSHD that use a RootedFileSystem, logged users may be able to discover "exists/does not exist" information about items outside the rooted tree via paths including parent navigation ("..") beyond the root, or involving symlinks.

This issue affects Apache MINA: from 1.0 before 2.10. Users are recommended to upgrade to 2.10
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv3:
  • Base Score: MEDIUM (4.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

References:

Vulnerable Software & Versions:

ssri:10.0.4

Description:

Standard Subresource Integrity library -- parses, serializes, generates, and verifies integrity metadata according to the SRI spec.

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/ssri:10.0.4

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/make-fetch-happen:11.1.1
  • simplicite-js:5.2.54/cacache:17.1.3
  • simplicite-js:5.2.54/pacote:15.2.0
  • simplicite-js:5.2.54

Identifiers

stackframe:1.3.4

Description:

JS Object representation of a stack frame

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/stackframe:1.3.4

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@devexpress/error-stack-parser:2.0.6
  • simplicite-js:5.2.54

Identifiers

stax2-api-4.2.jar

Description:

tax2 API is an extension to basic Stax 1.0 API that adds significant new functionality, such as full-featured bi-direction validation interface and high-performance Typed Access API.

License:

The BSD License: http://www.opensource.org/licenses/bsd-license.php
File Path: /var/simplicite/.m2/repository/org/codehaus/woodstox/stax2-api/4.2/stax2-api-4.2.jar
MD5: 5d22fe6dbb276d1fd6dab40c386a4f0a
SHA1: 13c2b30926bca0429c704c4b4ca0b5d0432b69cd
SHA256:badf6081a0bb526fd2c01951dfefad91b6846b6dd0eb0048587e30d1dd334e68
Referenced In Project/Scope: Simplicite Platform:compile
stax2-api-4.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.fasterxml.jackson.jaxrs/jackson-jaxrs-xml-provider@2.12.4

Identifiers

string-width:4.2.3

Description:

Get the visual width of a string - the number of columns required to display it

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?yargs:16.2.0/string-width:^4.2.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/cliui:7.0.4
  • simplicite-js:5.2.54/widest-line:3.1.0
  • simplicite-js:5.2.54/gauge:4.0.4
  • simplicite-js:5.2.54/cli-table3:0.6.3
  • simplicite-js:5.2.54/wrap-ansi:8.1.0
  • simplicite-js:5.2.54/table:6.8.1
  • simplicite-js:5.2.54/boxen:4.2.0
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/ansi-align:3.0.1
  • simplicite-js:5.2.54/@isaacs/cliui:8.0.2
  • simplicite-js:5.2.54/wrap-ansi:7.0.0
  • simplicite-js:5.2.54/stylelint:14.16.1
  • simplicite-js:5.2.54/inquirer:7.3.3
  • simplicite-js:5.2.54/widest-line:4.0.1
  • simplicite-js:5.2.54/wrap-ansi-cjs:7.0.0
  • simplicite-js:5.2.54/boxen:5.1.2
  • simplicite-js:5.2.54/wide-align:1.1.5
  • simplicite-js:5.2.54/yargs:16.2.0
  • simplicite-js:5.2.54/boxen:7.1.0

Identifiers

string.prototype.trim:1.2.7

Description:

ES5 spec-compliant shim for String.prototype.trim

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/string.prototype.trim:1.2.7

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/es-abstract:1.21.2
  • simplicite-js:5.2.54

Identifiers

string.prototype.trimend:1.0.6

Description:

ES2019 spec-compliant String.prototype.trimEnd shim.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/string.prototype.trimend:1.0.6

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/es-abstract:1.21.2
  • simplicite-js:5.2.54

Identifiers

string.prototype.trimstart:1.0.6

Description:

ES2019 spec-compliant String.prototype.trimStart shim.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/string.prototype.trimstart:1.0.6

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/es-abstract:1.21.2
  • simplicite-js:5.2.54

Identifiers

string_decoder:0.10.31

Description:

The string_decoder module from Node core

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/string_decoder:0.10.31

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/readable-stream:3.6.2
  • simplicite-js:5.2.54/readable-stream:2.3.8
  • simplicite-js:5.2.54/readable-stream:1.1.14
  • simplicite-js:5.2.54

Identifiers

string_decoder:1.1.1

Description:

The string_decoder module from Node core

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/string_decoder:1.1.1

Referenced In Project/Scope: simplicite-js:5.2.54

Identifiers

string_decoder:1.3.0

Description:

The string_decoder module from Node core

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/string_decoder:1.3.0

Referenced In Project/Scope: simplicite-js:5.2.54

Identifiers

strip-ansi:6.0.1

Description:

Strip ANSI escape codes from a string

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?wrap-ansi-cjs:7.0.0/strip-ansi:^6.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/npm-check:6.0.1
  • simplicite-js:5.2.54/string-width-cjs:4.2.3
  • simplicite-js:5.2.54/cliui:7.0.4
  • simplicite-js:5.2.54/gauge:4.0.4
  • simplicite-js:5.2.54/string-width:5.1.2
  • simplicite-js:5.2.54/wrap-ansi:8.1.0
  • simplicite-js:5.2.54/table:6.8.1
  • simplicite-js:5.2.54/npm-check-updates:16.14.14
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/@isaacs/cliui:8.0.2
  • simplicite-js:5.2.54/string-width:4.2.3
  • simplicite-js:5.2.54/eslint:8.56.0
  • simplicite-js:5.2.54/wrap-ansi:7.0.0
  • simplicite-js:5.2.54/stylelint:14.16.1
  • simplicite-js:5.2.54/inquirer:7.3.3
  • simplicite-js:5.2.54/ora:5.4.1
  • simplicite-js:5.2.54/wrap-ansi-cjs:7.0.0

Identifiers

strip-bom:3.0.0

Description:

Strip UTF-8 byte order mark (BOM) from a string

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/strip-bom:3.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/load-yaml-file:0.2.0
  • simplicite-js:5.2.54

Identifiers

strip-final-newline:2.0.0

Description:

Strip the final newline character from a string/buffer

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/strip-final-newline:2.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/execa:5.1.1
  • simplicite-js:5.2.54

Identifiers

strip-indent:3.0.0

Description:

Strip leading whitespace from each line in a string

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/strip-indent:3.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/redent:3.0.0
  • simplicite-js:5.2.54

Identifiers

strip-json-comments:1.0.4

Description:

Strip comments from JSON. Lets you use comments in your JSON files!

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/strip-json-comments:1.0.4

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/jshint:2.13.1
  • simplicite-js:5.2.54

Identifiers

strip-json-comments:2.0.1

Description:

Strip comments from JSON. Lets you use comments in your JSON files!

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/strip-json-comments:2.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/rc:1.2.8
  • simplicite-js:5.2.54

Identifiers

strip-json-comments:3.1.1

Description:

Strip comments from JSON. Lets you use comments in your JSON files!

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/strip-json-comments:3.1.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/jsdoc:4.0.2
  • simplicite-js:5.2.54/@eslint/eslintrc:2.1.4
  • simplicite-js:5.2.54

Identifiers

strip-json-comments:5.0.1

Description:

Strip comments from JSON. Lets you use comments in your JSON files!

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/strip-json-comments:5.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/npm-check-updates:16.14.14
  • simplicite-js:5.2.54

Identifiers

style-search:0.1.0

Description:

Search CSS(-like) strings

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?stylelint:14.16.1/style-search:^0.1.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/stylelint:14.16.1
  • simplicite-js:5.2.54

Identifiers

stylelint-config-recommended:9.0.0

Description:

Recommended shareable config for Stylelint

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?stylelint-config-standard:29.0.0/stylelint-config-recommended:^9.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/stylelint-config-standard:29.0.0
  • simplicite-js:5.2.54

Identifiers

stylelint-config-standard:29.0.0

Description:

Standard shareable config for Stylelint

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/stylelint-config-standard:29.0.0

Referenced In Project/Scope: simplicite-js:5.2.54

Identifiers

stylelint:14.16.1

Description:

A mighty, modern CSS linter.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/stylelint:14.16.1

Referenced In Project/Scope: simplicite-js:5.2.54

Identifiers

supports-color:5.5.0

Description:

Detect whether a terminal supports color

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/supports-color:5.5.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/chalk:3.0.0
  • simplicite-js:5.2.54/chalk:4.1.2
  • simplicite-js:5.2.54/supports-hyperlinks:2.3.0
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/chalk:2.4.2

Identifiers

supports-color:7.2.0

Description:

Detect whether a terminal supports color

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/supports-color:7.2.0

Referenced In Project/Scope: simplicite-js:5.2.54

Identifiers

supports-hyperlinks:2.3.0

Description:

Detect if your terminal emulator supports hyperlinks

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?terminal-link:2.1.1/supports-hyperlinks:^2.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/terminal-link:2.1.1
  • simplicite-js:5.2.54/stylelint:14.16.1
  • simplicite-js:5.2.54

Identifiers

supports-preserve-symlinks-flag:1.0.0

Description:

Determine if the current node version supports the `--preserve-symlinks` flag.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/supports-preserve-symlinks-flag:1.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/resolve:1.22.2

Identifiers

svg-tags:1.0.0

Description:

List of standard SVG tags.

File Path: /var/simplicite/simplicite-5.2/package-lock.json?/svg-tags:1.0.0

Referenced In Projects/Scopes:

  • simplicite-js:5.2.54/stylelint:14.16.1
  • simplicite-js:5.2.54

Identifiers

swagger-ui-dist:4.15.5

License:

Apache-2.0
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/swagger-ui-dist:4.15.5

Referenced In Project/Scope: simplicite-js:5.2.54

Identifiers

table:6.8.1

Description:

Formats data into a string table.

License:

BSD-3-Clause
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/table:6.8.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/stylelint:14.16.1
  • simplicite-js:5.2.54

Identifiers

tablemark:3.0.0

Description:

Generate markdown tables from a list of objects or JSON data.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/tablemark:3.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/license-report:6.5.0
  • simplicite-js:5.2.54

Identifiers

tar:6.1.15

Description:

tar for node

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/tar:6.1.15

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/cacache:17.1.3
  • simplicite-js:5.2.54/pacote:15.2.0
  • simplicite-js:5.2.54/node-gyp:9.4.0
  • simplicite-js:5.2.54

Identifiers

CVE-2024-28863 (OSSINDEX)  

node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders can consume memory on the system running node-tar and even crash the Node.js client within few seconds of running it using a path with too many sub-folders inside. Version 6.2.1 fixes this issue by preventing extraction in excessively deep sub-folders.
CWE-400 Uncontrolled Resource Consumption

CVSSv2:
  • Base Score: MEDIUM (6.5)
  • Vector: /AV:N/AC:L/Au:/C:N/I:N/A:H

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:*:tar:6.1.15:*:*:*:*:*:*:*

term-size:2.2.1

Description:

Reliably get the terminal window size (columns & rows)

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/term-size:2.2.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/boxen:4.2.0
  • simplicite-js:5.2.54

Identifiers

terminal-link:2.1.1

Description:

Create clickable links in the terminal

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/terminal-link:2.1.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/npm-audit-html:1.5.0
  • simplicite-js:5.2.54

Identifiers

text-table:0.2.0

Description:

borderless text tables with alignment

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/text-table:0.2.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/npm-check:6.0.1
  • simplicite-js:5.2.54/eslint:8.56.0
  • simplicite-js:5.2.54/license-report:6.5.0
  • simplicite-js:5.2.54

Identifiers

threeten-extra-1.7.0.jar

Description:

Additional functionality that enhances JSR-310 dates and times in Java SE 8 and later

License:

BSD 3-clause: https://raw.githubusercontent.com/ThreeTen/threeten-extra/master/LICENSE.txt
File Path: /var/simplicite/.m2/repository/org/threeten/threeten-extra/1.7.0/threeten-extra-1.7.0.jar
MD5: 4550c6bca1ba7815ed84a5e09ad93d01
SHA1: 358940b345b7d09e9f7fcd11c7e24af898e580d3
SHA256:c6569098f8a28897872a3e3b85f65f594be9e7b906eecc4687183b24b0f05edc
Referenced In Project/Scope: Simplicite Platform:compile
threeten-extra-1.7.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

threetenbp-1.5.1.jar

Description:

Backport of JSR-310 from JDK 8 to JDK 7 and JDK 6. NOT an implementation of the JSR.

License:

BSD 3-clause: https://raw.githubusercontent.com/ThreeTen/threetenbp/master/LICENSE.txt
File Path: /var/simplicite/.m2/repository/org/threeten/threetenbp/1.5.1/threetenbp-1.5.1.jar
MD5: f04e22e9d4e183b42c8555d584b9edd8
SHA1: 4307ad2fdd4ba8b5ecd3fdb88b932aa49fa25920
SHA256:4342ee04d87040f71b0aa9188ee960780ef2da734e32a8d43a522a580b5e0f3b
Referenced In Project/Scope: Simplicite Platform:compile
threetenbp-1.5.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

throat:6.0.2

Description:

Throttle the parallelism of an asynchronous (promise returning) function / functions

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/throat:6.0.2

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/npm-check:6.0.1
  • simplicite-js:5.2.54

Identifiers

through:2.3.8

Description:

simplified stream construction

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/through:2.3.8

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/inquirer:7.3.3
  • simplicite-js:5.2.54

Identifiers

tinymce-i18n:20.12.25

Description:

Languages for TinyMCE 4 and 5

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/tinymce-i18n:20.12.25

Referenced In Project/Scope: simplicite-js:5.2.54

Identifiers

tinymce:5.9.2

Description:

Web based JavaScript HTML WYSIWYG editor control.

License:

LGPL-2.1
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/tinymce:5.9.2

Referenced In Project/Scope: simplicite-js:5.2.54

Identifiers

CVE-2022-23494  

tinymce is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in the alert and confirm dialogs when these dialogs were provided with malicious HTML content. This can occur in plugins that use the alert or confirm dialogs, such as in the `image` plugin, which presents these dialogs when certain errors occur. The vulnerability allowed arbitrary JavaScript execution when an alert presented in the TinyMCE UI for the current user. This vulnerability has been patched in TinyMCE 5.10.7 and TinyMCE 6.3.1 by ensuring HTML sanitization was still performed after unwrapping invalid elements. Users are advised to upgrade to either 5.10.7 or 6.3.1. Users unable to upgrade may ensure the the `images_upload_handler` returns a valid value as per the images_upload_handler documentation.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2023-45818  

TinyMCE is an open source rich text editor. A mutation cross-site scripting (mXSS) vulnerability was discovered in TinyMCE’s core undo and redo functionality. When a carefully-crafted HTML snippet passes the XSS sanitisation layer, it is manipulated as a string by internal trimming functions before being stored in the undo stack. If the HTML snippet is restored from the undo stack, the combination of the string manipulation and reparative parsing by either the browser's native [DOMParser API](https://developer.mozilla.org/en-US/docs/Web/API/DOMParser) (TinyMCE 6) or the SaxParser API (TinyMCE 5) mutates the HTML maliciously, allowing an XSS payload to be executed. This vulnerability has been patched in TinyMCE 5.10.8 and TinyMCE 6.7.1 by ensuring HTML is trimmed using node-level manipulation instead of string manipulation. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2023-45819  

TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s Notification Manager API. The vulnerability exploits TinyMCE's unfiltered notification system, which is used in error handling. The conditions for this exploit requires carefully crafted malicious content to have been inserted into the editor and a notification to have been triggered. When a notification was opened, the HTML within the text argument was displayed unfiltered in the notification. The vulnerability allowed arbitrary JavaScript execution when an notification presented in the TinyMCE UI for the current user.  This issue could also be exploited by any integration which uses a TinyMCE notification to display unfiltered HTML content. This vulnerability has been patched in TinyMCE 5.10.8 and TinyMCE 6.7.1 by ensuring that the HTML displayed in the notification is sanitized, preventing the exploit. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2023-48219  

TinyMCE is an open source rich text editor. A mutation cross-site scripting (mXSS) vulnerability was discovered in TinyMCE’s core undo/redo functionality and other APIs and plugins. Text nodes within specific parents are not escaped upon serialization according to the HTML standard. If such text nodes contain a special character reserved as an internal marker, they can be combined with other HTML patterns to form malicious snippets. These snippets pass the initial sanitisation layer when the content is parsed into the editor body, but can trigger XSS when the special internal marker is removed from the content and re-parsed. his vulnerability has been patched in TinyMCE versions 6.7.3 and 5.10.9. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2024-21910  

TinyMCE versions before 5.10.0 are affected by a cross-site scripting vulnerability. A remote and unauthenticated attacker could introduce crafted image or link URLs that would result in the execution of arbitrary JavaScript in an editing user's browser.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions:

GHSA-hgqx-r2hp-jr38 (NPM)  

### Impact
A [cross-site scripting (XSS)](https://owasp.org/www-community/attacks/xss/) vulnerability was discovered in TinyMCE’s Notification Manager API. The vulnerability exploits TinyMCE's unfiltered notification system, which is used in error handling.  The conditions for this exploit requires carefully crafted malicious content to have been inserted into the editor and a notification to have been triggered.  

When a notification was opened, the HTML within the text argument was displayed unfiltered in the notification. The vulnerability allowed arbitrary JavaScript execution when an notification presented in the TinyMCE UI for the current user.  This issue could also be exploited by any integration which uses a TinyMCE notification to display unfiltered HTML content.

### Patches
This vulnerability has been patched in TinyMCE 5.10.8 and TinyMCE 6.7.1 by ensuring that the HTML displayed in the notification is sanitized, preventing the exploit.

### Fix
To avoid this vulnerability:

* Upgrade to TinyMCE 5.10.8 or higher for TinyMCE 5.x.
* Upgrade to TinyMCE 6.7.1 or higher for TinyMCE 6.x.

### References
* <https://tiny.cloud/docs/release-notes/release-notes5108/#securityfixes>
* <https://tiny.cloud/docs/tinymce/6/6.7.1-release-notes/#security-fixes>

### For more information
If you have any questions or comments about this advisory:
* Email us at <infosec@tiny.cloud>
* Open an issue in the [TinyMCE repo](https://github.com/tinymce/tinymce/issues?q=is%3Aissue+is%3Aopen+sort%3Aupdated-desc)
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Unscored:
  • Severity: moderate

References:

Vulnerable Software & Versions (NPM):

  • cpe:2.3:a:*:tinymce:\<5.10.8:*:*:*:*:*:*:*

GHSA-r8hm-w5f7-wj39 (NPM)  

### Impact
A cross-site scripting (XSS) vulnerability was discovered in the URL processing logic of the `image` and `link` plugins. The vulnerability allowed arbitrary JavaScript execution when updating an image or link using a specially crafted URL. This issue only impacted users while editing and the dangerous URLs were stripped in any content extracted from the editor. This impacts all users who are using TinyMCE 5.9.2 or lower.

### Patches
This vulnerability has been patched in TinyMCE 5.10.0 by improved sanitization logic when updating URLs in the relevant plugins.

### Workarounds
To work around this vulnerability, either:
- Upgrade to TinyMCE 5.10.0 or higher
- Disable the `image` and `link` plugins

### Acknowledgements
Tiny Technologies would like to thank Yakir6 for discovering this vulnerability.

### References
https://www.tiny.cloud/docs/release-notes/release-notes510/#securityfixes

### For more information
If you have any questions or comments about this advisory:
* Email us at [infosec@tiny.cloud](mailto:infosec@tiny.cloud)
* Open an issue in the [TinyMCE repo](https://github.com/tinymce/tinymce/issues)
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), CWE-64 Windows Shortcut Following (.LNK)

CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Unscored:
  • Severity: moderate

References:

Vulnerable Software & Versions (NPM):

  • cpe:2.3:a:*:tinymce:\<5.10.0:*:*:*:*:*:*:*

GHSA-v626-r774-j7f8 (NPM)  

### Impact
A [mutation cross-site scripting](https://researchgate.net/publication/266654651_mXSS_attacks_Attacking_well-secured_web-applications_by_using_innerHTML_mutations) (mXSS) vulnerability was discovered in TinyMCE’s core undo/redo functionality and other APIs and plugins. Text nodes within specific parents are not escaped upon serialization according to the [HTML standard](https://html.spec.whatwg.org/multipage/parsing.html#serialising-html-fragments). If such text nodes contain a special character reserved as an internal marker, they can be combined with other HTML patterns to form malicious snippets. These snippets pass the initial sanitisation layer when the content is parsed into the editor body, but can trigger XSS when the special internal marker is removed from the content and re-parsed. Such mutations occur when serialised HTML content is processed before being stored in the undo stack, or when the following APIs and plugins are used:
* [`tinymce.Editor.getContent({ format: 'raw' })`](https://tiny.cloud/docs/tinymce/6/apis/tinymce.editor/#getContent)
* [`tinymce.Editor.resetContent()`](https://tiny.cloud/docs/tinymce/6/apis/tinymce.editor/#resetContent)
* [Autosave Plugin](https://tiny.cloud/docs/tinymce/6/autosave/)

### Patches
This vulnerability has been patched in TinyMCE 6.7.3 by:
* ensuring that any unescaped text nodes which contain the special internal marker are emptied before removing the marker from the rest of the HTML, and
* removing the special internal marker from content strings passed to `Editor.setContent`, `Editor.insertContent`, and `Editor.resetContent` APIs to prevent them from being loaded into the editor as user-provided content.

### Fix
To avoid this vulnerability:
- Upgrade to TinyMCE 6.7.3 or higher for TinyMCE 6.x.
- Upgrade to TinyMCE 5.10.9 or higher for TinyMCE 5.x.

### Acknowledgements
Tiny Technologies would like to thank Masato Kinugawa of [Cure53](https://cure53.de/) for discovering this vulnerability.

### References
- [TinyMCE 5.10.9 Release Notes](https://tiny.cloud/docs/release-notes/release-notes5109/)
- [TinyMCE 6.7.3 Release Notes](https://tiny.cloud/docs/tinymce/6/6.7.3-release-notes/)

### For more information

Email us at [infosec@tiny.cloud](mailto:infosec@tiny.cloud)
Open an issue in the [TinyMCE repo](https://github.com/tinymce/tinymce/issues?q=is%3Aissue+is%3Aopen+sort%3Aupdated-desc)
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Unscored:
  • Severity: moderate

References:

Vulnerable Software & Versions (NPM):

  • cpe:2.3:a:*:tinymce:\<5.10.9:*:*:*:*:*:*:*

GHSA-v65r-p3vv-jjfv (NPM)  

### Impact
A [mutation cross-site scripting](https://researchgate.net/publication/266654651_mXSS_attacks_Attacking_well-secured_web-applications_by_using_innerHTML_mutations) (mXSS) vulnerability was discovered in TinyMCE’s core undo and redo functionality. When a carefully-crafted HTML snippet passes the XSS sanitisation layer, it is manipulated as a string by internal trimming functions before being stored in the undo stack. If the HTML snippet is restored from the undo stack, the combination of the string manipulation and reparative parsing by either the browser's native [DOMParser API](https://developer.mozilla.org/en-US/docs/Web/API/DOMParser) (TinyMCE 6) or the [SaxParser API](https://www.tiny.cloud/docs/api/tinymce.html/tinymce.html.saxparser/) (TinyMCE 5) mutates the HTML maliciously, allowing an XSS payload to be executed.
​This vulnerability also impacts these related TinyMCE APIs and plugins:​
* [`tinymce.Editor.getContent({ format: 'raw' })`](https://tiny.cloud/docs/tinymce/6/apis/tinymce.editor/#getContent)
* [`tinymce.Editor.resetContent()`](https://tiny.cloud/docs/tinymce/6/apis/tinymce.editor/#resetContent)
* [Autosave Plugin](https://tiny.cloud/docs/tinymce/6/autosave/)

### Patches
This vulnerability has been patched in TinyMCE 5.10.8 and TinyMCE 6.7.1 by ensuring HTML is trimmed using node-level manipulation instead of string manipulation.

### Fix
To avoid this vulnerability:
* Upgrade to TinyMCE 5.10.8 or higher for TinyMCE 5.x.
* Upgrade to TinyMCE 6.7.1 or higher for TinyMCE 6.x.

### Acknowledgements
Tiny Technologies would like to thank Masato Kinugawa of [Cure53](https://cure53.de/) for discovering this vulnerability.

### References
* [TinyMCE 5.10.8 Release Notes](https://tiny.cloud/docs/release-notes/release-notes5108/)
* [TinyMCE 6.7.1 Release Notes](https://tiny.cloud/docs/tinymce/6/6.7.1-release-notes/)

### For more information
If you have any questions or comments about this advisory:
* Email us at <infosec@tiny.cloud>
* Open an issue in the [TinyMCE repo](https://github.com/tinymce/tinymce/issues?q=is%3Aissue+is%3Aopen+sort%3Aupdated-desc)
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Unscored:
  • Severity: moderate

References:

Vulnerable Software & Versions (NPM):

  • cpe:2.3:a:*:tinymce:\<5.10.8:*:*:*:*:*:*:*

GHSA-gg8r-xjwq-4w92 (NPM)  

### Impact
A cross-site scripting (XSS) vulnerability was discovered in the alert and confirm dialogs when these dialogs were provided with malicious HTML content. This can occur in plugins that use the alert or confirm dialogs, such as in the `image` plugin, which presents these dialogs when certain errors occur. The vulnerability allowed arbitrary JavaScript execution when an alert presented in the TinyMCE UI for the current user.

### Patches
This vulnerability has been patched in TinyMCE 5.10.7 and TinyMCE 6.3.1 by ensuring HTML sanitization was still performed after unwrapping invalid elements.

### Fix
To avoid this vulnerability:
- Upgrade to TinyMCE 5.10.7 or higher for TinyMCE 5.x.
- Upgrade to TinyMCE 6.3.1 or higher for TinyMCE 6.x.

### Workaround
To reduce the impact of this vulnerability:
- Ensure the the `images_upload_handler` returns a valid value as per the images_upload_handler documentation.

### References
- https://www.tiny.cloud/docs/release-notes/release-notes5107/#securityfixes
- https://www.tiny.cloud/docs/tinymce/6/6.3-release-notes/#security-fixes

### For more information
If you have any questions or comments about this advisory:
* Email us at [infosec@tiny.cloud](mailto:infosec@tiny.cloud)
* Open an issue in the [TinyMCE repo](https://github.com/tinymce/tinymce/issues)
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv3:
  • Base Score: MEDIUM (5.4)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Unscored:
  • Severity: moderate

References:

Vulnerable Software & Versions (NPM):

  • cpe:2.3:a:*:tinymce:\<5.10.7:*:*:*:*:*:*:*

CVE-2024-29203 (OSSINDEX)  

TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s content insertion code.  This allowed `iframe` elements containing malicious code to execute when inserted into the editor.  These `iframe` elements are restricted in their permissions by same-origin browser protections, but could still trigger operations such as downloading of malicious assets. This vulnerability is fixed in 6.8.1.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:L/Au:/C:L/I:N/A:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:*:tinymce:5.9.2:*:*:*:*:*:*:*

CVE-2024-29881 (OSSINDEX)  

TinyMCE is an open source rich text editor.  A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s content loading and content inserting code. A SVG image could be loaded though an `object` or `embed` element and that image could potentially contain a XSS payload. This vulnerability is fixed in 6.8.1 and 7.0.0.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:L/Au:/C:L/I:N/A:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:*:tinymce:5.9.2:*:*:*:*:*:*:*

GHSA-438c-3975-5x3f (NPM)  

### Impact
A [cross-site scripting (XSS)](https://owasp.org/www-community/attacks/xss/) vulnerability was discovered in TinyMCE’s content insertion code.  This allowed `iframe` elements containing malicious code to execute when inserted into the editor.  These `iframe` elements are restricted in their permissions by same-origin browser protections, but could still trigger operations such as downloading of malicious assets.

### Fix
TinyMCE 6.8.1 introduced a new `sandbox_iframes` boolean option which adds the `sandbox=""` attribute to every `iframe` element by default when enabled. This will prevent cross-origin, and in special cases same-origin, XSS by embedded resources in `iframe` elements. From TinyMCE 7.0.0 onwards the default value of this option is `true`.

In TinyMCE 7.0.0 a new `sandbox_iframes_exclusions` option was also added, allowing a list of domains to be specified that should be excluded from having the `sandbox=""` attribute applied when the `sandbox_iframes` option is enabled. By default, this option is set to an array of domains that are provided in embed code by popular websites. To sandbox `iframe` elements from every domain, set this option to `[]`.

### Workarounds
The HTTP Content-Security-Policy (CSP) `frame-src` or `object-src` can be configured to restrict or block the loading of unauthorized URLS.  Refer to the [TinyMCE Content Security Policy Guide](https://www.tiny.cloud/docs/tinymce/latest/tinymce-and-csp/).

### References
- [TinyMCE 6.8.1](https://www.tiny.cloud/docs/tinymce/6/6.8.1-release-notes/#new-convert_unsafe_embeds-option-that-controls-whether-object-and-embed-elements-will-be-converted-to-more-restrictive-alternatives-namely-img-for-image-mime-types-video-for-video-mime-types-audio-audio-mime-types-or-iframe-for-other-or-unspecified-mime-types)
- [TinyMCE 7.0.0](https://www.tiny.cloud/docs/tinymce/7/7.0-release-notes/#sandbox_iframes-editor-option-is-now-defaulted-to-true)
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv3:
  • Base Score: MEDIUM (4.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Unscored:
  • Severity: moderate

References:

Vulnerable Software & Versions (NPM):

  • cpe:2.3:a:*:tinymce:\<6.8.1:*:*:*:*:*:*:*

GHSA-5359-pvf2-pw78 (NPM)  

### Impact
A [cross-site scripting (XSS)](https://owasp.org/www-community/attacks/xss/) vulnerability was discovered in TinyMCE’s content loading and content inserting code. A SVG image could be loaded though an `object` or `embed` element and that image could potentially contain a XSS payload.

### Fix
TinyMCE 6.8.1 introduced a new `convert_unsafe_embeds` option to automatically convert `object` and `embed` elements respective of their `type` attribute.  From TinyMCE 7.0.0 onwards, the `convert_unsafe_embeds` option is enabled by default.

### Workarounds
If you are using TinyMCE 6.8.1 or higher, set `convert_unsafe_embeds` to true. For any earlier versions, a custom NodeFilter is recommended to remove or modify any `object` or `embed` elements. This can be added using the `editor.parser.addNodeFilter` and `editor.serializer.addNodeFilter` APIs.

### Acknowledgements
Tiny Technologies would like to thank Toni Huttunen of [Fraktal Oy](https://www.fraktal.fi/) for discovering this vulnerability.

### References
- [TinyMCE 6.8.1](https://www.tiny.cloud/docs/tinymce/6/6.8.1-release-notes/#new-convert_unsafe_embeds-option-that-controls-whether-object-and-embed-elements-will-be-converted-to-more-restrictive-alternatives-namely-img-for-image-mime-types-video-for-video-mime-types-audio-audio-mime-types-or-iframe-for-other-or-unspecified-mime-types)
- [TinyMCE 7.0.0](https://www.tiny.cloud/docs/tinymce/7/7.0-release-notes/#convert_unsafe_embeds-editor-option-is-now-defaulted-to-true)
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv3:
  • Base Score: MEDIUM (4.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Unscored:
  • Severity: moderate

References:

Vulnerable Software & Versions (NPM):

  • cpe:2.3:a:*:tinymce:\<7.0.0:*:*:*:*:*:*:*

tmp:0.0.33

Description:

Temporary file and directory creator

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/tmp:0.0.33

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/external-editor:3.1.0

Identifiers

to-fast-properties:2.0.0

Description:

Force V8 to use fast properties for an object

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/to-fast-properties:2.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/types:7.23.9
  • simplicite-js:5.2.54

Identifiers

to-readable-stream:1.0.0

Description:

Convert a string/Buffer/Uint8Array to a readable stream

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/to-readable-stream:1.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/got:9.6.0
  • simplicite-js:5.2.54

Identifiers

to-regex-range:5.0.1

Description:

Pass two numbers, get a regex-compatible source string for matching ranges. Validated against more than 2.78 million test assertions.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/to-regex-range:5.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/fill-range:7.0.1
  • simplicite-js:5.2.54

Identifiers

totp-1.7.1.jar

Description:

A library to help implement time-based one time passwords to enable MFA.

File Path: /var/simplicite/.m2/repository/dev/samstevens/totp/totp/1.7.1/totp-1.7.1.jar
MD5: ceaed46be1e655c451d11cc5cb33e4ff
SHA1: c2bcced6c255d48223f5626c4db9af9aa9d43c35
SHA256:f02b3fcab62298907d655acc54c0dc85f7103dc26cee95eed44ebe6fc2af3415
Referenced In Project/Scope: Simplicite Platform:compile
totp-1.7.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

trim-newlines:3.0.1

Description:

Trim newlines from the start and/or end of a string

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/trim-newlines:3.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/meow:9.0.0
  • simplicite-js:5.2.54

Identifiers

tslib:1.14.1

Description:

Runtime library for TypeScript helper functions

License:

0BSD
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/tslib:1.14.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/rxjs:6.6.7
  • simplicite-js:5.2.54

Identifiers

tslib:2.6.0

Description:

Runtime library for TypeScript helper functions

License:

0BSD
File Path: /var/simplicite/simplicite-5.2/package-lock.json?upper-case-first:2.0.2/tslib:^2.0.3

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@fullcalendar/moment:5.11.0
  • simplicite-js:5.2.54/upper-case-first:2.0.2
  • simplicite-js:5.2.54/sentence-case:3.0.4
  • simplicite-js:5.2.54/@fullcalendar/moment-timezone:5.11.0
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/no-case:3.0.4
  • simplicite-js:5.2.54/@fullcalendar/interaction:5.11.0
  • simplicite-js:5.2.54/@fullcalendar/luxon:5.11.0
  • simplicite-js:5.2.54/@fullcalendar/google-calendar:5.11.0
  • simplicite-js:5.2.54/@fullcalendar/bootstrap:5.11.0
  • simplicite-js:5.2.54/@fullcalendar/daygrid:5.11.0
  • simplicite-js:5.2.54/@fullcalendar/common:5.11.5
  • simplicite-js:5.2.54/@fullcalendar/timegrid:5.11.0
  • simplicite-js:5.2.54/@fullcalendar/list:5.11.0
  • simplicite-js:5.2.54/@fullcalendar/rrule:5.11.0
  • simplicite-js:5.2.54/@fullcalendar/core:5.11.0
  • simplicite-js:5.2.54/rrule:2.8.1
  • simplicite-js:5.2.54/lower-case:2.0.2

Identifiers

tuf-js:1.1.7

Description:

JavaScript implementation of The Update Framework (TUF)

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/tuf-js:1.1.7

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@sigstore/tuf:1.0.3
  • simplicite-js:5.2.54

Identifiers

txw2-2.3.4.jar

Description:

        TXW is a library that allows you to write XML documents.

File Path: /var/simplicite/.m2/repository/org/glassfish/jaxb/txw2/2.3.4/txw2-2.3.4.jar
MD5: 0d2de5cab75137d954fe38fb6d10471b
SHA1: 257fa649d3137a1060d222aefb96b7d1dd5f1286
SHA256:32c0c524624bd535d4e40b30afa2def7399cbb824fb3e74c73aea62872ad753b
Referenced In Project/Scope: Simplicite Platform:compile
txw2-2.3.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.4

Identifiers

type-check:0.4.0

Description:

type-check allows you to check the types of JavaScript values at runtime with a Haskell like type syntax.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/type-check:0.4.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/levn:0.4.1
  • simplicite-js:5.2.54/optionator:0.9.3
  • simplicite-js:5.2.54

Identifiers

type-fest:0.18.1

Description:

A collection of essential TypeScript types

License:

(MIT OR CC0-1.0)
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/type-fest:0.18.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/meow:9.0.0
  • simplicite-js:5.2.54

Identifiers

type-fest:0.20.2

Description:

A collection of essential TypeScript types

License:

(MIT OR CC0-1.0)
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/type-fest:0.20.2

Referenced In Project/Scope: simplicite-js:5.2.54

Identifiers

type-fest:0.21.3

Description:

A collection of essential TypeScript types

License:

(MIT OR CC0-1.0)
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/type-fest:0.21.3

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/ansi-escapes:4.3.2
  • simplicite-js:5.2.54/boxen:5.1.2
  • simplicite-js:5.2.54/globals:13.24.0
  • simplicite-js:5.2.54/boxen:7.1.0
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/globals:13.20.0

Identifiers

type-fest:0.6.0

Description:

A collection of essential TypeScript types

License:

(MIT OR CC0-1.0)
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/type-fest:0.6.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/read-pkg:5.2.0
  • simplicite-js:5.2.54

Identifiers

type-fest:0.8.1

Description:

A collection of essential TypeScript types

License:

(MIT OR CC0-1.0)
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/type-fest:0.8.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/read-pkg-up:7.0.1
  • simplicite-js:5.2.54/boxen:4.2.0
  • simplicite-js:5.2.54

Identifiers

type-fest:1.4.0

Description:

A collection of essential TypeScript types

License:

(MIT OR CC0-1.0)
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/type-fest:1.4.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/crypto-random-string:4.0.0
  • simplicite-js:5.2.54

Identifiers

type-fest:2.19.0

Description:

A collection of essential TypeScript types

License:

(MIT OR CC0-1.0)
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/type-fest:2.19.0

Referenced In Project/Scope: simplicite-js:5.2.54

Identifiers

typed-array-length:1.0.4

Description:

Robustly get the length of a Typed Array

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/typed-array-length:1.0.4

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/es-abstract:1.21.2
  • simplicite-js:5.2.54

Identifiers

typedarray-to-buffer:3.1.5

Description:

Convert a typed array to a Buffer without a copy

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/typedarray-to-buffer:3.1.5

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/write-file-atomic:3.0.3

Identifiers

uc.micro:1.0.6

Description:

Micro subset of unicode data files for markdown-it projects.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/uc.micro:1.0.6

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/linkify-it:3.0.3
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/markdown-it:12.3.2

Identifiers

uglify-js:3.17.4

Description:

JavaScript parser, mangler/compressor and beautifier toolkit

License:

BSD-2-Clause
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/uglify-js:3.17.4

Referenced In Project/Scope: simplicite-js:5.2.54

Identifiers

  • pkg:npm/uglify-js@3.17.4  (Confidence:Highest)
  • cpe:2.3:a:uglifyjs_project:uglifyjs:3.17.4:*:*:*:*:*:*:*  (Confidence:Low)  

unbox-primitive:1.0.2

Description:

Unbox a boxed JS primitive value.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/unbox-primitive:1.0.2

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/es-abstract:1.21.2
  • simplicite-js:5.2.54

Identifiers

underscore:1.13.6

Description:

JavaScript's functional programming helper library.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/underscore:1.13.6

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/jsdoc:4.0.2
  • simplicite-js:5.2.54

Identifiers

unicode-canonical-property-names-ecmascript:2.0.0

Description:

The set of canonical Unicode property names supported in ECMAScript RegExp property escapes.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?unicode-match-property-ecmascript:2.0.0/unicode-canonical-property-names-ecmascript:^2.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/unicode-match-property-ecmascript:2.0.0
  • simplicite-js:5.2.54

Identifiers

unicode-match-property-ecmascript:2.0.0

Description:

Match a Unicode property or property alias to its canonical property name per the algorithm used for RegExp Unicode property escapes in ECMAScript.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/unicode-match-property-ecmascript:2.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/regexpu-core:5.3.2
  • simplicite-js:5.2.54

Identifiers

unicode-match-property-value-ecmascript:2.1.0

Description:

Match a Unicode property or property alias to its canonical property name per the algorithm used for RegExp Unicode property escapes in ECMAScript.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/unicode-match-property-value-ecmascript:2.1.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/regexpu-core:5.3.2
  • simplicite-js:5.2.54

Identifiers

unicode-property-aliases-ecmascript:2.1.0

Description:

Unicode property alias mappings in JavaScript format for property names that are supported in ECMAScript RegExp property escapes.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/unicode-property-aliases-ecmascript:2.1.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/unicode-match-property-ecmascript:2.0.0
  • simplicite-js:5.2.54

Identifiers

unique-filename:3.0.0

Description:

Generate a unique filename for use in temporary directories or caches.

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/unique-filename:3.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/cacache:17.1.3
  • simplicite-js:5.2.54

Identifiers

unique-slug:4.0.0

Description:

Generate a unique character string suitible for use in files and URLs.

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/unique-slug:4.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/unique-filename:3.0.0
  • simplicite-js:5.2.54

Identifiers

unique-string:2.0.0

Description:

Generate a unique random string

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/unique-string:2.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/configstore:6.0.0
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/configstore:5.0.1

Identifiers

unique-string:3.0.0

Description:

Generate a unique random string

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/unique-string:3.0.0

Referenced In Project/Scope: simplicite-js:5.2.54

Identifiers

unirest-java-3.14.2.jar

Description:

Simplified, lightweight HTTP client library.

File Path: /var/simplicite/.m2/repository/com/konghq/unirest-java/3.14.2/unirest-java-3.14.2.jar
MD5: 68e701e21ea22313fa93b506db1c57df
SHA1: 0e7693bc22f364014d9164519fb057a7d86af9a7
SHA256:1df56813f4410de105265f91cb37be4cc9c1dc32902b18b8b8b7bf069ef2f2a7
Referenced In Project/Scope: Simplicite Platform:compile
unirest-java-3.14.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

universalify:0.1.2

Description:

Make a callback- or promise-based function support both promises and callbacks.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/universalify:0.1.2

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/fs-extra:8.1.0
  • simplicite-js:5.2.54

Identifiers

untildify:4.0.0

Description:

Convert a tilde path to an absolute path: `~/dev` → `/Users/sindresorhus/dev`

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/untildify:4.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/npm-check-updates:16.14.14
  • simplicite-js:5.2.54

Identifiers

update-browserslist-db:1.0.13

Description:

CLI tool to update caniuse-lite to refresh target browsers from Browserslist config

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/update-browserslist-db:1.0.13

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/browserslist:4.22.3
  • simplicite-js:5.2.54

Identifiers

update-notifier:4.1.3

Description:

Update notifications for your CLI app

License:

BSD-2-Clause
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/update-notifier:4.1.3

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/npm-audit-html:1.5.0
  • simplicite-js:5.2.54

Identifiers

update-notifier:5.1.0

Description:

Update notifications for your CLI app

License:

BSD-2-Clause
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/update-notifier:5.1.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/npm-check:6.0.1
  • simplicite-js:5.2.54

Identifiers

update-notifier:6.0.2

Description:

Update notifications for your CLI app

License:

BSD-2-Clause
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/update-notifier:6.0.2

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/npm-check-updates:16.14.14
  • simplicite-js:5.2.54

Identifiers

upper-case-first:2.0.2

Description:

Transforms the string with the first character in upper cased

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/upper-case-first:2.0.2

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/sentence-case:3.0.4
  • simplicite-js:5.2.54

Identifiers

uri-js:4.4.1

Description:

An RFC 3986/3987 compliant, scheme extendable URI/IRI parsing/validating/resolving library for JavaScript.

License:

BSD-2-Clause
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/uri-js:4.4.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/ajv:8.12.0
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/ajv:6.12.6

Identifiers

url-parse-lax:3.0.0

Description:

Lax url.parse() with support for protocol-less URLs & IPs

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/url-parse-lax:3.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/got:9.6.0
  • simplicite-js:5.2.54

Identifiers

util-deprecate:1.0.2

Description:

The Node.js `util.deprecate()` function with browser support

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/util-deprecate:1.0.2

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/postcss-selector-parser:6.0.13
  • simplicite-js:5.2.54/readable-stream:2.3.8
  • simplicite-js:5.2.54/readable-stream:3.6.2
  • simplicite-js:5.2.54

Identifiers

v8-compile-cache:2.3.0

Description:

Require hook for automatic V8 compile cache persistence

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/v8-compile-cache:2.3.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/stylelint:14.16.1
  • simplicite-js:5.2.54

Identifiers

v8flags:3.2.0

Description:

Get available v8 and Node.js flags.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/v8flags:3.2.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@babel/node:7.23.9
  • simplicite-js:5.2.54

Identifiers

validate-npm-package-license:3.0.4

Description:

Give me a string and I'll tell you if it's a valid npm package license string

License:

Apache-2.0
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/validate-npm-package-license:3.0.4

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/normalize-package-data:3.0.3
  • simplicite-js:5.2.54/normalize-package-data:2.5.0
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/normalize-package-data:5.0.0

Identifiers

validate-npm-package-name:5.0.0

Description:

Give me a string and I'll tell you if it's a valid npm package name

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/validate-npm-package-name:5.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/npm-package-arg:10.1.0
  • simplicite-js:5.2.54

Identifiers

visit-values:2.0.0

Description:

visit all the children of a javascript object

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/visit-values:2.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/license-report:6.5.0
  • simplicite-js:5.2.54

Identifiers

vue:2.6.14

Description:

Reactive, component-oriented view layer for modern web interfaces.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/vue:2.6.14

Referenced In Project/Scope: simplicite-js:5.2.54

Identifiers

wcwidth:1.0.1

Description:

Port of C's wcwidth() and wcswidth()

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/wcwidth:1.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/ora:5.4.1
  • simplicite-js:5.2.54

Identifiers

which-boxed-primitive:1.0.2

Description:

Which kind of boxed JS primitive is this?

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/which-boxed-primitive:1.0.2

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/unbox-primitive:1.0.2
  • simplicite-js:5.2.54

Identifiers

which-pm:2.0.0

Description:

Detects what package manager was used for installation

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/which-pm:2.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/preferred-pm:3.0.3
  • simplicite-js:5.2.54

Identifiers

which-typed-array:1.1.9

Description:

Which kind of Typed Array is this JavaScript value? Works cross-realm, without `instanceof`, and despite Symbol.toStringTag.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/which-typed-array:1.1.9

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/es-abstract:1.21.2
  • simplicite-js:5.2.54

Identifiers

which:1.3.1

Description:

Like which(1) unix command. Find the first instance of an executable in the PATH.

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/which:1.3.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/global-prefix:3.0.0

Identifiers

which:2.0.2

Description:

Like which(1) unix command. Find the first instance of an executable in the PATH.

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/which:2.0.2

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/node-gyp:9.4.0
  • simplicite-js:5.2.54/cross-spawn:7.0.3
  • simplicite-js:5.2.54

Identifiers

which:3.0.1

Description:

Like which(1) unix command. Find the first instance of an executable in the PATH.

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/which:3.0.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@npmcli/run-script:6.0.2
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/@npmcli/promise-spawn:6.0.2
  • simplicite-js:5.2.54/@npmcli/git:4.1.0

Identifiers

wide-align:1.1.5

Description:

A wide-character aware text alignment function for use on the console or with fixed width fonts.

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/wide-align:1.1.5

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/gauge:4.0.4
  • simplicite-js:5.2.54

Identifiers

widest-line:3.1.0

Description:

Get the visual width of the widest line in a string - the number of columns required to display it

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/widest-line:3.1.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/boxen:5.1.2
  • simplicite-js:5.2.54/boxen:4.2.0
  • simplicite-js:5.2.54/boxen:7.1.0
  • simplicite-js:5.2.54

Identifiers

widest-line:4.0.1

Description:

Get the visual width of the widest line in a string - the number of columns required to display it

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/widest-line:4.0.1

Referenced In Project/Scope: simplicite-js:5.2.54

Identifiers

woodstox-core-6.2.4.jar (shaded: com.sun.xml.bind.jaxb:isorelax:20090621)

Description:

Unknown version of isorelax library used in JAXB project

File Path: /var/simplicite/.m2/repository/com/fasterxml/woodstox/woodstox-core/6.2.4/woodstox-core-6.2.4.jar/META-INF/maven/com.sun.xml.bind.jaxb/isorelax/pom.xml
MD5: 6fbb4bc95fbf2072bc6e3b790553fe81
SHA1: 314ec72948d5c1fc71d553cbbd7a130caa6f9f13
SHA256:cda6451d0231a973352b592ff950e39224ba6ba1a2f35eeab66511b5c225dff1
Referenced In Project/Scope: Simplicite Platform:compile

Identifiers

woodstox-core-6.2.4.jar (shaded: net.java.dev.msv:xsdlib:2013.6.1)

Description:

XML Schema datatypes library

File Path: /var/simplicite/.m2/repository/com/fasterxml/woodstox/woodstox-core/6.2.4/woodstox-core-6.2.4.jar/META-INF/maven/net.java.dev.msv/xsdlib/pom.xml
MD5: aaf872ed9d1aabee25e03c2a132ffd8e
SHA1: 47f218a999411ed028f089d59ebef8f14e0fe914
SHA256:d6e83c124436049d83238fc532a26c5d8ccd7e4ab10eba6d96043c850ac82f3c
Referenced In Project/Scope: Simplicite Platform:compile

Identifiers

woodstox-core-6.2.4.jar

Description:

Woodstox is a high-performance XML processor that implements Stax (JSR-173),
SAX2 and Stax2 APIs

License:

The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/fasterxml/woodstox/woodstox-core/6.2.4/woodstox-core-6.2.4.jar
MD5: c72181f3fb82bda9aa724e6b0fed3395
SHA1: 16b9f8ab972e67eb21872ea2c40046249d543989
SHA256:5fa734d5050f097405a801022d09377bbc81e811ef9a17cd0279ed3279f495a5
Referenced In Project/Scope: Simplicite Platform:compile
woodstox-core-6.2.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.fasterxml.jackson.jaxrs/jackson-jaxrs-xml-provider@2.12.4

Identifiers

CVE-2022-40152  

Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks (DOS) if DTD support is enabled. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.
CWE-787 Out-of-bounds Write

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

wordwrap:1.0.0

Description:

Wrap those words. Show them at what columns to start and stop.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/wordwrap:1.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/handlebars:4.7.7
  • simplicite-js:5.2.54

Identifiers

wrap-ansi:7.0.0

Description:

Wordwrap a string with ANSI escape codes

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/wrap-ansi:7.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/@isaacs/cliui:8.0.2
  • simplicite-js:5.2.54/cliui:7.0.4
  • simplicite-js:5.2.54/boxen:5.1.2
  • simplicite-js:5.2.54/boxen:7.1.0
  • simplicite-js:5.2.54

Identifiers

wrap-ansi:8.1.0

Description:

Wordwrap a string with ANSI escape codes

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/wrap-ansi:8.1.0

Referenced In Project/Scope: simplicite-js:5.2.54

Identifiers

wrappy:1.0.2

Description:

Callback wrapping utility

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/wrappy:1.0.2

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/inflight:1.0.6
  • simplicite-js:5.2.54/once:1.4.0
  • simplicite-js:5.2.54

Identifiers

write-file-atomic:3.0.3

Description:

Write files in an atomic fashion w/configurable ownership

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/write-file-atomic:3.0.3

Referenced In Project/Scope: simplicite-js:5.2.54

Identifiers

write-file-atomic:4.0.2

Description:

Write files in an atomic fashion w/configurable ownership

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/write-file-atomic:4.0.2

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/configstore:6.0.0
  • simplicite-js:5.2.54/stylelint:14.16.1
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/configstore:5.0.1

Identifiers

xalan-2.7.2.jar

Description:

    Xalan-Java is an XSLT processor for transforming XML documents into HTML,
    text, or other XML document types. It implements XSL Transformations (XSLT)
    Version 1.0 and XML Path Language (XPath) Version 1.0 and can be used from
    the command line, in an applet or a servlet, or as a module in other program.

File Path: /var/simplicite/.m2/repository/xalan/xalan/2.7.2/xalan-2.7.2.jar
MD5: 6aa6607802502c8016b676f25f8e4873
SHA1: d55d3f02a56ec4c25695fe67e1334ff8c2ecea23
SHA256:a44bd80e82cb0f4cfac0dac8575746223802514e3cec9dc75235bc0de646af14
Referenced In Project/Scope: Simplicite Platform:compile
xalan-2.7.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

CVE-2022-34169  

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.
CWE-681 Incorrect Conversion between Numeric Types

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

Vulnerable Software & Versions: (show all)

xdg-basedir:4.0.0

Description:

Get XDG Base Directory paths

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/xdg-basedir:4.0.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/configstore:6.0.0
  • simplicite-js:5.2.54/update-notifier:6.0.2
  • simplicite-js:5.2.54/update-notifier:4.1.3
  • simplicite-js:5.2.54/update-notifier:5.1.0
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/configstore:5.0.1

Identifiers

xdg-basedir:5.1.0

Description:

Get XDG Base Directory paths

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/xdg-basedir:5.1.0

Referenced In Project/Scope: simplicite-js:5.2.54

Identifiers

xercesImpl-2.12.2.jar

Description:

      Xerces2 provides high performance, fully compliant XML parsers in the Apache Xerces family. This new version of Xerces continues to build upon the Xerces Native Interface (XNI), a complete framework for building parser components and configurations that is extremely modular and easy to program.

      The Apache Xerces2 parser is the reference implementation of XNI but other parser components, configurations, and parsers can be written using the Xerces Native Interface. For complete design and implementation documents, refer to the XNI Manual.

      Xerces2 provides fully conforming XML Schema 1.0 and 1.1 processors. An experimental implementation of the "XML Schema Definition Language (XSD): Component Designators (SCD) Candidate Recommendation (January 2010)" is also provided for evaluation. For more information, refer to the XML Schema page.

      Xerces2 also provides a complete implementation of the Document Object Model Level 3 Core and Load/Save W3C Recommendations and provides a complete implementation of the XML Inclusions (XInclude) W3C Recommendation. It also provides support for OASIS XML Catalogs v1.1.

      Xerces2 is able to parse documents written according to the XML 1.1 Recommendation, except that it does not yet provide an option to enable normalization checking as described in section 2.13 of this specification. It also handles namespaces according to the XML Namespaces 1.1 Recommendation, and will correctly serialize XML 1.1 documents if the DOM level 3 load/save APIs are in use.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/xerces/xercesImpl/2.12.2/xercesImpl-2.12.2.jar
MD5: 40e4f2d5aacfbf51a9a1572d77a0e5e9
SHA1: f051f988aa2c9b4d25d05f95742ab0cc3ed789e2
SHA256:6fc991829af1708d15aea50c66f0beadcd2cfeb6968e0b2f55c1b0909883fe16
Referenced In Project/Scope: Simplicite Platform:compile
xercesImpl-2.12.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

  • pkg:maven/xerces/xercesImpl@2.12.2  (Confidence:High)
  • cpe:2.3:a:apache:xerces-j:2.12.2:*:*:*:*:*:*:*  (Confidence:Low)  
  • cpe:2.3:a:apache:xerces2_java:2.12.2:*:*:*:*:*:*:*  (Confidence:Low)  

CVE-2017-10355 (OSSINDEX)  

sonatype-2017-0348 - xerces:xercesImpl - Denial of Service (DoS)

The software contains multiple threads or executable segments that are waiting for each other to release a necessary lock, resulting in deadlock.
CWE-833 Deadlock

CVSSv3:
  • Base Score: MEDIUM (5.9)
  • Vector: CVSS:/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:xerces:xercesImpl:2.12.2:*:*:*:*:*:*:*

xmlbeans-3.1.0.jar

Description:

XmlBeans main jar

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/xmlbeans/xmlbeans/3.1.0/xmlbeans-3.1.0.jar
MD5: 408902d943e5bd51a4813dae131681a3
SHA1: 6dac1f897dfb3e3f17fc79b18a3353b2e51c464e
SHA256:a19ea1ec835a101165f7aa3c55427e81b5f2b187bfe7689a19277c51402620b0
Referenced In Project/Scope: Simplicite Platform:compile
xmlbeans-3.1.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.poi/poi-ooxml-schemas@4.1.2

Identifiers

xmlcreate:2.0.4

Description:

Simple XML builder for Node.js

License:

Apache-2.0
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/xmlcreate:2.0.4

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/js2xmlparser:4.0.2

Identifiers

xmlsec-2.2.3.jar

Description:

        Apache XML Security for Java supports XML-Signature Syntax and Processing,
        W3C Recommendation 12 February 2002, and XML Encryption Syntax and
        Processing, W3C Recommendation 10 December 2002. As of version 1.4,
        the library supports the standard Java API JSR-105: XML Digital Signature APIs.

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/santuario/xmlsec/2.2.3/xmlsec-2.2.3.jar
MD5: 3ce56109cd24b76243c3846e42b4a493
SHA1: 216237777d6371fa618d8b8a51a53a1c295291f5
SHA256:7c42fee8eb82b24ef1c2b505026d3a44eb2b1edcdc728f0e4726bc2e79261053
Referenced In Project/Scope: Simplicite Platform:compile
xmlsec-2.2.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

  • pkg:maven/org.apache.santuario/xmlsec@2.2.3  (Confidence:High)
  • cpe:2.3:a:apache:santuario_xml_security_for_java:2.2.3:*:*:*:*:*:*:*  (Confidence:Low)  
  • cpe:2.3:a:apache:xml_security_for_java:2.2.3:*:*:*:*:*:*:*  (Confidence:Low)  

CVE-2023-44483  

All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled. Users are recommended to upgrade to version 2.2.6, 2.3.4, or 3.0.3, which fixes this issue.
CWE-532 Insertion of Sensitive Information into Log File

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

xmpbox-2.0.23.jar

Description:

    The Apache XmpBox library is an open source Java tool that implements Adobe's XMP(TM)
    specification. It can be used to parse, validate and create xmp contents.
    It is mainly used by subproject preflight of Apache PDFBox. 
    XmpBox is a subproject of Apache PDFBox.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/pdfbox/xmpbox/2.0.23/xmpbox-2.0.23.jar
MD5: d964e89c70c0a0e2606ab58cd307faae
SHA1: 929cb01b738f84798fcae7786e608af6735898da
SHA256:e52214fd41f23b2531197ce2186d123c577e2ee4ca466b0cf33b2df73a92a0f9
Referenced In Project/Scope: Simplicite Platform:compile
xmpbox-2.0.23.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.2.54

Identifiers

CVE-2021-31811  

In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2021-31812  

In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

xsom-2.3.4.jar

Description:

XML Schema Object Model (XSOM) is a Java library that allows applications to easily parse XML Schema
        documents and inspect information in them. It is expected to be useful for applications that need to take XML
        Schema as an input.

License:

Eclipse Distribution License - v 1.0: http://www.eclipse.org/org/documents/edl-v10.php
File Path: /var/simplicite/.m2/repository/org/glassfish/jaxb/xsom/2.3.4/xsom-2.3.4.jar
MD5: c2e2614dca203d71067effe159721a80
SHA1: e538afe3b621b1bb90aad11eeef9db811f50b85a
SHA256:a668cb130d6f24b8a60f48c34987ac22f920b2c4f95932ace873f2258cf06ddf
Referenced In Project/Scope: Simplicite Platform:compile
xsom-2.3.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.glassfish.jaxb/jaxb-xjc@2.3.4

Identifiers

xtend:4.0.2

Description:

extend like a boss

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/xtend:4.0.2

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/npm-check:6.0.1
  • simplicite-js:5.2.54

Identifiers

xterm-js:4.9.0

Description:

Full xterm terminal, in your browser

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/xterm-js:4.9.0

Referenced In Project/Scope: simplicite-js:5.2.54

Identifiers

CVE-2019-0542  

A remote code execution vulnerability exists in Xterm.js when the component mishandles special characters, aka "Xterm Remote Code Execution Vulnerability." This affects xterm.js.
CWE-94 Improper Control of Generation of Code ('Code Injection')

CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: HIGH (8.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

y18n:5.0.8

Description:

the bare-bones internationalization library used by yargs

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?yargs:16.2.0/y18n:^5.0.5

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/yargs:16.2.0
  • simplicite-js:5.2.54

Identifiers

yallist:2.1.2

Description:

Yet Another Linked List

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/yallist:2.1.2

Referenced In Project/Scope: simplicite-js:5.2.54

Identifiers

yallist:3.1.1

Description:

Yet Another Linked List

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/yallist:3.1.1

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/tar:6.1.15
  • simplicite-js:5.2.54/lru-cache:5.1.1
  • simplicite-js:5.2.54/minizlib:2.1.2
  • simplicite-js:5.2.54/lru-cache:6.0.0
  • simplicite-js:5.2.54/lru-cache:4.1.5
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/minipass:3.3.6

Identifiers

yallist:4.0.0

Description:

Yet Another Linked List

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/yallist:4.0.0

Referenced In Project/Scope: simplicite-js:5.2.54

Identifiers

yaml:1.10.2

Description:

JavaScript parser and stringifier for YAML

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/yaml:1.10.2

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/cosmiconfig:7.1.0
  • simplicite-js:5.2.54

Identifiers

yargs-parser:20.2.9

Description:

the mighty option parser used by yargs

License:

ISC
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/yargs-parser:20.2.9

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54/meow:9.0.0
  • simplicite-js:5.2.54/yargs:16.2.0
  • simplicite-js:5.2.54

Identifiers

yargs:16.2.0

Description:

yargs the modern, pirate-themed, successor to optimist.

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/yargs:16.2.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/depcheck:1.4.3

Identifiers

yocto-queue:0.1.0

Description:

Tiny queue data structure

License:

MIT
File Path: /var/simplicite/simplicite-5.2/package-lock.json?/yocto-queue:0.1.0

Referenced In Projects/Scopes:
  • simplicite-js:5.2.54
  • simplicite-js:5.2.54/p-limit:3.1.0

Identifiers

zstd-jni-1.5.2-1.jar

Description:

JNI bindings for Zstd native library that provides fast and high compression lossless algorithm for Java and all JVM languages.

License:

BSD 2-Clause License: https://opensource.org/licenses/BSD-2-Clause
File Path: /var/simplicite/.m2/repository/com/github/luben/zstd-jni/1.5.2-1/zstd-jni-1.5.2-1.jar
MD5: 2909788860e8e3ee29d51b327a43ca24
SHA1: fad786abc1d1b81570e8d9a2fc8a1ef479bc27b6
SHA256:93f7e4cbc907c2650f89f9f0bec94873735a58f1e4b66a54973294e4ec1878e8
Referenced In Project/Scope: Simplicite Platform:runtime
zstd-jni-1.5.2-1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.kafka/kafka-clients@3.3.1

Identifiers

zstd-jni-1.5.2-1.jar: libzstd-jni-1.5.2-1.dll

File Path: /var/simplicite/.m2/repository/com/github/luben/zstd-jni/1.5.2-1/zstd-jni-1.5.2-1.jar/win/amd64/libzstd-jni-1.5.2-1.dll
MD5: 47cb3a35f42743eb1f9346af229e87b7
SHA1: e31a10143ab3690a9bc2836ba62696023c94dfa0
SHA256:210044a424ce01b5b34d192d1c1c51b8058f7790770943f94e2df01906ea1f64
Referenced In Project/Scope: Simplicite Platform:runtime

Identifiers

  • None

zstd-jni-1.5.2-1.jar: libzstd-jni-1.5.2-1.dll

File Path: /var/simplicite/.m2/repository/com/github/luben/zstd-jni/1.5.2-1/zstd-jni-1.5.2-1.jar/win/x86/libzstd-jni-1.5.2-1.dll
MD5: 74ee40fd92c62a5a1b6a385b5a1251cd
SHA1: 8bbd3dc53b0bf577304fc048a2cd36709a190ae9
SHA256:3b887bee98cbce3af607256d2390f7cc5d068099f541590a4c3f7d6d5b48c65d
Referenced In Project/Scope: Simplicite Platform:runtime

Identifiers

  • None


This report contains data retrieved from the National Vulnerability Database.
This report may contain data retrieved from the CISA Known Exploited Vulnerability Catalog.
This report may contain data retrieved from the Github Advisory Database (via NPM Audit API).
This report may contain data retrieved from RetireJS.
This report may contain data retrieved from the Sonatype OSS Index.