Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

How to read the report | Suppressing false positives | Getting Help: github issues

 Sponsor

Project: Simplicite Platform

com.simplicite:simplicite:5.3.40

Scan Information (show all):

Summary

Display: Showing Vulnerable Dependencies (click to show all)

DependencyVulnerability IDsPackageHighest SeverityCVE CountConfidenceEvidence Count
@fullcalendar/bootstrap:5.11.4pkg:npm/%40fullcalendar%2Fbootstrap@5.11.4 010
@fullcalendar/core:5.11.4pkg:npm/%40fullcalendar%2Fcore@5.11.4 010
@fullcalendar/daygrid:5.11.4pkg:npm/%40fullcalendar%2Fdaygrid@5.11.4 010
@fullcalendar/google-calendar:5.11.4pkg:npm/%40fullcalendar%2Fgoogle-calendar@5.11.4 010
@fullcalendar/interaction:5.11.4pkg:npm/%40fullcalendar%2Finteraction@5.11.4 010
@fullcalendar/list:5.11.4pkg:npm/%40fullcalendar%2Flist@5.11.4 010
@fullcalendar/luxon:5.11.4pkg:npm/%40fullcalendar%2Fluxon@5.11.4 010
@fullcalendar/moment-timezone:5.11.4pkg:npm/%40fullcalendar%2Fmoment-timezone@5.11.4 010
@fullcalendar/moment:5.11.4pkg:npm/%40fullcalendar%2Fmoment@5.11.4 010
@fullcalendar/rrule:5.11.4pkg:npm/%40fullcalendar%2Frrule@5.11.4 010
@fullcalendar/timegrid:5.11.4pkg:npm/%40fullcalendar%2Ftimegrid@5.11.4 010
HikariCP-5.0.1.jarpkg:maven/com.zaxxer/HikariCP@5.0.1 038
JavaEWAH-1.1.13.jarpkg:maven/com.googlecode.javaewah/JavaEWAH@1.1.13 033
SparseBitSet-1.2.jarcpe:2.3:a:bit_project:bit:1.2:*:*:*:*:*:*:*pkg:maven/com.zaxxer/SparseBitSet@1.2 0Low27
accessors-smart-2.4.9.jarpkg:maven/net.minidev/accessors-smart@2.4.9 041
ace-builds:1.18.0pkg:npm/ace-builds@1.18.0 08
ace-diff:3.0.3pkg:npm/ace-diff@3.0.3 08
angus-activation-2.0.0.jarcpe:2.3:a:service_project:service:2.0.0:*:*:*:*:*:*:*pkg:maven/org.eclipse.angus/angus-activation@2.0.0 0Low37
ant-1.10.13.jarcpe:2.3:a:apache:ant:1.10.13:*:*:*:*:*:*:*pkg:maven/org.apache.ant/ant@1.10.13 0Highest24
asm-9.3.jarpkg:maven/org.ow2.asm/asm@9.3 053
autolink-0.10.0.jarpkg:maven/org.nibor.autolink/autolink@0.10.0 023
bcmail-jdk18on-1.73.jarcpe:2.3:a:bouncycastle:bouncy_castle_for_java:1.73:*:*:*:*:*:*:*pkg:maven/org.bouncycastle/bcmail-jdk18on@1.73 0Highest52
bcpg-jdk18on-1.73.jarcpe:2.3:a:bouncycastle:bouncy_castle_for_java:1.73:*:*:*:*:*:*:*
cpe:2.3:a:openpgp:openpgp:1.73:*:*:*:*:*:*:*
pkg:maven/org.bouncycastle/bcpg-jdk18on@1.73 0Highest54
bcpkix-jdk18on-1.73.jarcpe:2.3:a:bouncycastle:bouncy_castle_for_java:1.73:*:*:*:*:*:*:*pkg:maven/org.bouncycastle/bcpkix-jdk18on@1.73 0Highest66
bcprov-ext-jdk18on-1.73.jarcpe:2.3:a:bouncycastle:bouncy_castle_for_java:1.73:*:*:*:*:*:*:*pkg:maven/org.bouncycastle/bcprov-ext-jdk18on@1.73HIGH5Highest58
bcprov-jdk18on-1.73.jarcpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.73:*:*:*:*:*:*:*
cpe:2.3:a:bouncycastle:bouncy_castle_crypto_package:1.73:*:*:*:*:*:*:*
cpe:2.3:a:bouncycastle:bouncy_castle_for_java:1.73:*:*:*:*:*:*:*
cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.73:*:*:*:*:*:*:*
cpe:2.3:a:bouncycastle:the_bouncy_castle_crypto_package_for_java:1.73:*:*:*:*:*:*:*
pkg:maven/org.bouncycastle/bcprov-jdk18on@1.73HIGH5Highest60
bcutil-jdk18on-1.73.jarcpe:2.3:a:bouncycastle:bouncy_castle_for_java:1.73:*:*:*:*:*:*:*pkg:maven/org.bouncycastle/bcutil-jdk18on@1.73 0Highest50
bootbox:6.0.0pkg:npm/bootbox@6.0.0MEDIUM16
bootstrap:5.2.3cpe:2.3:a:getbootstrap:bootstrap:5.2.3:*:*:*:*:*:*:*pkg:npm/bootstrap@5.2.3 0Highest8
bson-3.12.13.jarcpe:2.3:a:mongodb:bson:3.12.13:*:*:*:*:*:*:*pkg:maven/org.mongodb/bson@3.12.13 0Highest26
byte-buddy-1.14.4.jarpkg:maven/net.bytebuddy/byte-buddy@1.14.4 029
byte-buddy-agent-1.14.4.jarpkg:maven/net.bytebuddy/byte-buddy-agent@1.14.4 033
byte-buddy-agent-1.14.4.jar: attach_hotspot_windows.dll 02
byte-buddy-agent-1.14.4.jar: attach_hotspot_windows.dll 02
c3p0-0.9.5.5.jarcpe:2.3:a:mchange:c3p0:0.9.5.5:*:*:*:*:*:*:*pkg:maven/com.mchange/c3p0@0.9.5.5 0Highest31
cache-api-1.1.0.jarpkg:maven/javax.cache/cache-api@1.1.0 023
caffeine-3.1.6.jarpkg:maven/com.github.ben-manes.caffeine/caffeine@3.1.6 037
chart.js:3.9.1cpe:2.3:a:chartjs:chart.js:3.9.1:*:*:*:*:*:*:*pkg:npm/chart.js@3.9.1 0Highest7
chartjs-adapter-moment:1.0.1pkg:npm/chartjs-adapter-moment@1.0.1 06
checker-qual-3.33.0.jarpkg:maven/org.checkerframework/checker-qual@3.33.0 046
codemodel-3.0.2.jarcpe:2.3:a:eclipse:glassfish:3.0.2:*:*:*:*:*:*:*pkg:maven/org.glassfish.jaxb/codemodel@3.0.2 0Highest36
commonmark-0.21.0.jarpkg:maven/org.commonmark/commonmark@0.21.0 023
commonmark-ext-autolink-0.21.0.jarpkg:maven/org.commonmark/commonmark-ext-autolink@0.21.0 023
commonmark-ext-gfm-strikethrough-0.21.0.jarpkg:maven/org.commonmark/commonmark-ext-gfm-strikethrough@0.21.0 025
commonmark-ext-gfm-tables-0.21.0.jarpkg:maven/org.commonmark/commonmark-ext-gfm-tables@0.21.0 025
commonmark-ext-heading-anchor-0.21.0.jarpkg:maven/org.commonmark/commonmark-ext-heading-anchor@0.21.0 025
commonmark-ext-image-attributes-0.21.0.jarpkg:maven/org.commonmark/commonmark-ext-image-attributes@0.21.0 025
commonmark-ext-ins-0.21.0.jarpkg:maven/org.commonmark/commonmark-ext-ins@0.21.0 023
commonmark-ext-task-list-items-0.21.0.jarpkg:maven/org.commonmark/commonmark-ext-task-list-items@0.21.0 025
commonmark-ext-yaml-front-matter-0.21.0.jarpkg:maven/org.commonmark/commonmark-ext-yaml-front-matter@0.21.0 025
commons-beanutils-1.9.4.jarcpe:2.3:a:apache:commons_beanutils:1.9.4:*:*:*:*:*:*:*pkg:maven/commons-beanutils/commons-beanutils@1.9.4 0Highest168
commons-cli-1.5.0.jarpkg:maven/commons-cli/commons-cli@1.5.0 0102
commons-codec-1.15.jarpkg:maven/commons-codec/commons-codec@1.15 0108
commons-collections-3.2.2.jarcpe:2.3:a:apache:commons_collections:3.2.2:*:*:*:*:*:*:*pkg:maven/commons-collections/commons-collections@3.2.2 0Highest84
commons-collections4-4.4.jarcpe:2.3:a:apache:commons_collections:4.4:*:*:*:*:*:*:*pkg:maven/org.apache.commons/commons-collections4@4.4 0Highest105
commons-compress-1.23.0.jarcpe:2.3:a:apache:commons_compress:1.23.0:*:*:*:*:*:*:*pkg:maven/org.apache.commons/commons-compress@1.23.0MEDIUM3Highest108
commons-csv-1.10.0.jarpkg:maven/org.apache.commons/commons-csv@1.10.0 085
commons-digester-2.1.jarpkg:maven/commons-digester/commons-digester@2.1 098
commons-discovery-0.5.jarcpe:2.3:a:spirit-project:spirit:0.5:*:*:*:*:*:*:*pkg:maven/commons-discovery/commons-discovery@0.5MEDIUM1Low86
commons-email-1.5.jarcpe:2.3:a:apache:commons_email:1.5:*:*:*:*:*:*:*pkg:maven/org.apache.commons/commons-email@1.5 0Highest137
commons-exec-1.3.jarpkg:maven/org.apache.commons/commons-exec@1.3 059
commons-fileupload-1.5.jarcpe:2.3:a:apache:commons_fileupload:1.5:*:*:*:*:*:*:*pkg:maven/commons-fileupload/commons-fileupload@1.5 0Highest115
commons-imaging-1.0-alpha3.jarcpe:2.3:a:apache:commons_imaging:1.0:pha3:*:*:*:*:*:*pkg:maven/org.apache.commons/commons-imaging@1.0-alpha3 0Highest67
commons-io-2.11.0.jarcpe:2.3:a:apache:commons_io:2.11.0:*:*:*:*:*:*:*pkg:maven/commons-io/commons-io@2.11.0 0Highest123
commons-lang-2.6.jarpkg:maven/commons-lang/commons-lang@2.6 0122
commons-lang3-3.12.0.jarpkg:maven/org.apache.commons/commons-lang3@3.12.0 0139
commons-logging-1.2.jarpkg:maven/commons-logging/commons-logging@1.2 0117
commons-math3-3.6.1.jarpkg:maven/org.apache.commons/commons-math3@3.6.1 0134
commons-net-3.9.0.jarcpe:2.3:a:apache:commons_net:3.9.0:*:*:*:*:*:*:*pkg:maven/commons-net/commons-net@3.9.0 0Highest105
commons-pool2-2.11.1.jarpkg:maven/org.apache.commons/commons-pool2@2.11.1 090
commons-text-1.10.0.jarcpe:2.3:a:apache:commons_text:1.10.0:*:*:*:*:*:*:*pkg:maven/org.apache.commons/commons-text@1.10.0 0Highest71
commons-validator-1.7.jarpkg:maven/commons-validator/commons-validator@1.7 0125
commons-vfs2-2.9.0.jarpkg:maven/org.apache.commons/commons-vfs2@2.9.0 039
core-3.4.0.jarpkg:maven/com.google.zxing/core@3.4.0 029
curvesapi-1.07.jarpkg:maven/com.github.virtuald/curvesapi@1.07 023
derby-10.16.1.1.jarcpe:2.3:a:apache:derby:10.16.1.1:*:*:*:*:*:*:*pkg:maven/org.apache.derby/derby@10.16.1.1CRITICAL1Highest28
derbyshared-10.16.1.1.jarcpe:2.3:a:apache:derby:10.16.1.1:*:*:*:*:*:*:*pkg:maven/org.apache.derby/derbyshared@10.16.1.1CRITICAL1Highest27
diffutils-1.3.0.jarcpe:2.3:a:utils_project:utils:1.3.0:*:*:*:*:*:*:*pkg:maven/com.googlecode.java-diff-utils/diffutils@1.3.0 0Highest19
dtd-parser-1.4.5.jarpkg:maven/com.sun.xml.dtd-parser/dtd-parser@1.4.5 038
eddsa-0.3.0.jarcpe:2.3:a:4d:4d:0.3.0:*:*:*:*:*:*:*pkg:maven/net.i2p.crypto/eddsa@0.3.0 0Low33
ehcache-3.10.8.jar (shaded: org.ehcache.modules:ehcache-107:3.10.8)pkg:maven/org.ehcache.modules/ehcache-107@3.10.8 021
ehcache-3.10.8.jar (shaded: org.ehcache.modules:ehcache-api:3.10.8)pkg:maven/org.ehcache.modules/ehcache-api@3.10.8 021
ehcache-3.10.8.jar (shaded: org.ehcache.modules:ehcache-core:3.10.8)pkg:maven/org.ehcache.modules/ehcache-core@3.10.8 021
ehcache-3.10.8.jar (shaded: org.ehcache.modules:ehcache-impl:3.10.8)pkg:maven/org.ehcache.modules/ehcache-impl@3.10.8 021
ehcache-3.10.8.jar (shaded: org.ehcache.modules:ehcache-xml-spi:3.10.8)pkg:maven/org.ehcache.modules/ehcache-xml-spi@3.10.8 021
ehcache-3.10.8.jar (shaded: org.ehcache.modules:ehcache-xml:3.10.8)pkg:maven/org.ehcache.modules/ehcache-xml@3.10.8 021
ehcache-3.10.8.jar (shaded: org.ehcache:sizeof:0.4.3)pkg:maven/org.ehcache/sizeof@0.4.3 013
ehcache-3.10.8.jar (shaded: org.terracotta:offheap-store:2.5.3)pkg:maven/org.terracotta/offheap-store@2.5.3 017
ehcache-3.10.8.jar (shaded: org.terracotta:statistics:2.1.2)pkg:maven/org.terracotta/statistics@2.1.2 025
ehcache-3.10.8.jar (shaded: org.terracotta:terracotta-utilities-tools:0.0.15)pkg:maven/org.terracotta/terracotta-utilities-tools@0.0.15 019
ehcache-3.10.8.jarcpe:2.3:a:service_project:service:3.10.8:*:*:*:*:*:*:*pkg:maven/org.ehcache/ehcache@3.10.8 0Low54
ehcache-3.10.8.jar: sizeof-agent.jar 08
error_prone_annotations-2.11.0.jarpkg:maven/com.google.errorprone/error_prone_annotations@2.11.0 023
failureaccess-1.0.1.jarpkg:maven/com.google.guava/failureaccess@1.0.1 028
fast-and-simple-minify-1.0.jarpkg:maven/ch.simschla/fast-and-simple-minify@1.0 028
fontbox-2.0.28.jarpkg:maven/org.apache.pdfbox/fontbox@2.0.28 035
fuzzywuzzy-1.4.0.jar (shaded: me.xdrop:diffutils:1.3)pkg:maven/me.xdrop/diffutils@1.3 07
fuzzywuzzy-1.4.0.jar (shaded: me.xdrop:fuzzywuzzy-build:1.4.0)pkg:maven/me.xdrop/fuzzywuzzy-build@1.4.0 011
fuzzywuzzy-1.4.0.jarpkg:maven/me.xdrop/fuzzywuzzy@1.4.0 025
google-java-format-1.16.0.jarpkg:maven/com.google.googlejavaformat/google-java-format@1.16.0 033
graphics2d-0.32.jarpkg:maven/de.rototor.pdfbox/graphics2d@0.32 025
graphql-java-20.2.jar (shaded: com.google.guava:guava:31.0.1-jre)cpe:2.3:a:google:guava:31.0.1:*:*:*:*:*:*:*pkg:maven/com.google.guava/guava@31.0.1-jreHIGH2Highest11
graphql-java-20.2.jar (shaded: org.antlr:antlr4-runtime:4.9.3)pkg:maven/org.antlr/antlr4-runtime@4.9.3 09
graphql-java-20.2.jarcpe:2.3:a:graphql-java:graphql-java:20.2:*:*:*:*:*:*:*
cpe:2.3:a:graphql-java_project:graphql-java:20.2:*:*:*:*:*:*:*
pkg:maven/com.graphql-java/graphql-java@20.2 0Highest26
gson-2.8.9.jarcpe:2.3:a:google:gson:2.8.9:*:*:*:*:*:*:*pkg:maven/com.google.code.gson/gson@2.8.9 0Highest29
guava-31.1-jre.jarcpe:2.3:a:google:guava:31.1:*:*:*:*:*:*:*pkg:maven/com.google.guava/guava@31.1-jreHIGH2Highest25
h2-2.1.214.jarcpe:2.3:a:h2database:h2:2.1.214:*:*:*:*:*:*:*pkg:maven/com.h2database/h2@2.1.214HIGH2Highest44
h2-2.1.214.jar: data.zip: table.js 00
h2-2.1.214.jar: data.zip: tree.js 00
hadoop-hdfs-client-3.3.1.jarcpe:2.3:a:apache:hadoop:3.3.1:*:*:*:*:*:*:*pkg:maven/org.apache.hadoop/hadoop-hdfs-client@3.3.1CRITICAL6Highest27
hamcrest-core-1.3.jarpkg:maven/org.hamcrest/hamcrest-core@1.3 024
highlight.js:11.7.0cpe:2.3:a:highlightjs:highlight.js:11.7.0:*:*:*:*:*:*:*pkg:npm/highlight.js@11.7.0 0Highest8
hsqldb-2.7.1.jarcpe:2.3:a:hsqldb:hypersql_database:2.7.1:*:*:*:*:*:*:*pkg:maven/org.hsqldb/hsqldb@2.7.1 0Low47
html5-qrcode:2.3.8pkg:npm/html5-qrcode@2.3.8 08
httpasyncclient-4.1.5.jarcpe:2.3:a:apache:httpasyncclient:4.1.5:*:*:*:*:*:*:*pkg:maven/org.apache.httpcomponents/httpasyncclient@4.1.5 0Highest28
httpclient-4.5.14.jarcpe:2.3:a:apache:httpclient:4.5.14:*:*:*:*:*:*:*pkg:maven/org.apache.httpcomponents/httpclient@4.5.14 0Highest32
httpcore-4.4.16.jarpkg:maven/org.apache.httpcomponents/httpcore@4.4.16 032
httpcore-nio-4.4.16.jarpkg:maven/org.apache.httpcomponents/httpcore-nio@4.4.16 030
httpmime-4.5.14.jarpkg:maven/org.apache.httpcomponents/httpmime@4.5.14 030
icu4j-73.1.jarcpe:2.3:a:icu-project:international_components_for_unicode:73.1:*:*:*:*:*:*:*
cpe:2.3:a:unicode:international_components_for_unicode:73.1:*:*:*:*:*:*:*
pkg:maven/com.ibm.icu/icu4j@73.1 0Low79
istack-commons-runtime-4.0.1.jarpkg:maven/com.sun.istack/istack-commons-runtime@4.0.1 033
istack-commons-tools-4.0.1.jarpkg:maven/com.sun.istack/istack-commons-tools@4.0.1 035
itext-2.1.7.jarcpe:2.3:a:itextpdf:itext:2.1.7:*:*:*:*:*:*:*pkg:maven/com.lowagie/itext@2.1.7HIGH3High47
j2objc-annotations-1.3.jarpkg:maven/com.google.j2objc/j2objc-annotations@1.3 024
jackson-core-2.14.2.jarcpe:2.3:a:fasterxml:jackson-modules-java8:2.14.2:*:*:*:*:*:*:*pkg:maven/com.fasterxml.jackson.core/jackson-core@2.14.2 0Low45
jackson-databind-2.14.2.jarcpe:2.3:a:fasterxml:jackson-databind:2.14.2:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-modules-java8:2.14.2:*:*:*:*:*:*:*
pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.14.2MEDIUM1Highest41
jackson-dataformat-csv-2.14.2.jarcpe:2.3:a:fasterxml:jackson-dataformat-xml:2.14.2:*:*:*:*:*:*:*pkg:maven/com.fasterxml.jackson.dataformat/jackson-dataformat-csv@2.14.2 0Highest39
jackson-datatype-guava-2.14.2.jarpkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-guava@2.14.2 039
jackson-datatype-joda-2.14.2.jarpkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-joda@2.14.2 041
jackson-jaxrs-base-2.14.2.jarpkg:maven/com.fasterxml.jackson.jaxrs/jackson-jaxrs-base@2.14.2 037
jackson-jaxrs-json-provider-2.14.2.jarpkg:maven/com.fasterxml.jackson.jaxrs/jackson-jaxrs-json-provider@2.14.2 037
jackson-jaxrs-xml-provider-2.14.2.jarpkg:maven/com.fasterxml.jackson.jaxrs/jackson-jaxrs-xml-provider@2.14.2 037
jackson-module-jaxb-annotations-2.14.2.jarpkg:maven/com.fasterxml.jackson.module/jackson-module-jaxb-annotations@2.14.2 039
jai-imageio-core-1.4.0.jarpkg:maven/com.github.jai-imageio/jai-imageio-core@1.4.0 042
jakarta.activation-api-2.1.1.jarpkg:maven/jakarta.activation/jakarta.activation-api@2.1.1 045
jakarta.jms-api-2.0.3.jarpkg:maven/jakarta.jms/jakarta.jms-api@2.0.3 033
jakarta.mail-2.0.1.jar (shaded: jakarta.mail:jakarta.mail-api:2.1.1)pkg:maven/jakarta.mail/jakarta.mail-api@2.1.1 012
jakarta.mail-2.0.1.jar (shaded: org.eclipse.angus:angus-core:2.0.1)pkg:maven/org.eclipse.angus/angus-core@2.0.1 09
jakarta.mail-2.0.1.jar (shaded: org.eclipse.angus:angus-mail:2.0.1)pkg:maven/org.eclipse.angus/angus-mail@2.0.1 09
jakarta.mail-2.0.1.jar (shaded: org.eclipse.angus:imap:2.0.1)pkg:maven/org.eclipse.angus/imap@2.0.1 09
jakarta.mail-2.0.1.jar (shaded: org.eclipse.angus:logging-mailhandler:2.0.1)pkg:maven/org.eclipse.angus/logging-mailhandler@2.0.1 09
jakarta.mail-2.0.1.jar (shaded: org.eclipse.angus:pop3:2.0.1)pkg:maven/org.eclipse.angus/pop3@2.0.1 09
jakarta.mail-2.0.1.jar (shaded: org.eclipse.angus:smtp:2.0.1)pkg:maven/org.eclipse.angus/smtp@2.0.1 09
jakarta.mail-2.0.1.jarcpe:2.3:a:service_project:service:2.0.1:*:*:*:*:*:*:*pkg:maven/org.eclipse.angus/jakarta.mail@2.0.1 0Low36
jakarta.validation-api-2.0.2.jarpkg:maven/jakarta.validation/jakarta.validation-api@2.0.2 056
jakarta.xml.bind-api-4.0.0.jarpkg:maven/jakarta.xml.bind/jakarta.xml.bind-api@4.0.0 031
java-dataloader-3.2.0.jarpkg:maven/com.graphql-java/java-dataloader@3.2.0 031
java-jwt-4.4.0.jarpkg:maven/com.auth0/java-jwt@4.4.0 039
java-saml-2.9.0.jarpkg:maven/com.onelogin/java-saml@2.9.0 018
java-saml-core-2.9.0.jarpkg:maven/com.onelogin/java-saml-core@2.9.0 017
javase-3.4.0.jarpkg:maven/com.google.zxing/javase@3.4.0 021
javax.activation-api-1.2.0.jarpkg:maven/javax.activation/javax.activation-api@1.2.0 039
javax.annotation-api-1.3.2.jarpkg:maven/javax.annotation/javax.annotation-api@1.3.2 048
javax.ejb-api-3.2.2.jarpkg:maven/javax.ejb/javax.ejb-api@3.2.2 046
javax.jms-api-2.0.1.jarcpe:2.3:a:oracle:projects:2.0.1:*:*:*:*:*:*:*pkg:maven/javax.jms/javax.jms-api@2.0.1 0Low34
javax.servlet-api-4.0.1.jarcpe:2.3:a:oracle:java_se:4.0.1:*:*:*:*:*:*:*pkg:maven/javax.servlet/javax.servlet-api@4.0.1 0Medium48
javax.servlet.jsp-api-2.3.3.jarcpe:2.3:a:oracle:java_se:2.3.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jsp:2.3.3:*:*:*:*:*:*:*
pkg:maven/javax.servlet.jsp/javax.servlet.jsp-api@2.3.3 0High46
javax.transaction-api-1.3.jarpkg:maven/javax.transaction/javax.transaction-api@1.3 048
javax.websocket-api-1.1.jarpkg:maven/javax.websocket/javax.websocket-api@1.1 030
jawk-1.02.jarpkg:maven/org.jawk/jawk@1.02 012
jaxb-api-2.3.1.jarpkg:maven/javax.xml.bind/jaxb-api@2.3.1 035
jaxb-core-3.0.2.jarcpe:2.3:a:eclipse:glassfish:3.0.2:*:*:*:*:*:*:*pkg:maven/org.glassfish.jaxb/jaxb-core@3.0.2 0Highest45
jbig2-imageio-3.0.4.jarcpe:2.3:a:apache:pdfbox:3.0.4:*:*:*:*:*:*:*pkg:maven/org.apache.pdfbox/jbig2-imageio@3.0.4 0Highest130
jcl-over-slf4j-1.7.36.jarpkg:maven/org.slf4j/jcl-over-slf4j@1.7.36 033
jcommander-1.72.jarpkg:maven/com.beust/jcommander@1.72 027
jedis-4.3.1.jarpkg:maven/redis.clients/jedis@4.3.1 025
jempbox-1.8.17.jarcpe:2.3:a:apache:pdfbox:1.8.17:*:*:*:*:*:*:*pkg:maven/org.apache.pdfbox/jempbox@1.8.17 0Highest31
jfreechart-1.5.4.jarcpe:2.3:a:time_project:time:1.5.4:*:*:*:*:*:*:*pkg:maven/org.jfree/jfreechart@1.5.4HIGH3Low37
jlessc-1.10.jarpkg:maven/de.inetsoftware/jlessc@1.10 033
jlessc-ant-1.10.jarpkg:maven/com.simplicite.ant/jlessc-ant@1.10
pkg:maven/com.simplicite/jlessc-ant@1.10
 028
jmustache-1.15.jarpkg:maven/com.samskivert/jmustache@1.15 028
joda-time-2.12.4.jarpkg:maven/joda-time/joda-time@2.12.4 047
jose4j-0.9.3.jarcpe:2.3:a:jose4j_project:jose4j:0.9.3:*:*:*:*:*:*:*pkg:maven/org.bitbucket.b_c/jose4j@0.9.3HIGH1Highest39
jquery:3.6.4cpe:2.3:a:jquery:jquery:3.6.4:*:*:*:*:*:*:*pkg:npm/jquery@3.6.4 0Highest9
js-beautify:1.14.7cpe:2.3:a:js-beautify_project:js-beautify:1.14.7:*:*:*:*:*:*:*pkg:npm/js-beautify@1.14.7 0Highest8
jshint:2.13.6pkg:npm/jshint@2.13.6 010
json-20231013.jarcpe:2.3:a:json-java_project:json-java:20231013:*:*:*:*:*:*:*pkg:maven/org.json/json@20231013 0Highest32
json-path-2.8.0.jarcpe:2.3:a:json-path:jayway_jsonpath:2.8.0:*:*:*:*:*:*:*pkg:maven/com.jayway.jsonpath/json-path@2.8.0MEDIUM1Highest32
json-simple-1.1.1.jarpkg:maven/com.googlecode.json-simple/json-simple@1.1.1 025
json-smart-2.4.10.jarcpe:2.3:a:json-smart_project:json-smart:2.4.10:*:*:*:*:*:*:*
cpe:2.3:a:json-smart_project:json-smart-v2:2.4.10:*:*:*:*:*:*:*
pkg:maven/net.minidev/json-smart@2.4.10 0Highest51
jsoup-1.16.1.jarcpe:2.3:a:jsoup:jsoup:1.16.1:*:*:*:*:*:*:*pkg:maven/org.jsoup/jsoup@1.16.1 0Highest40
jsr305-3.0.2.jarpkg:maven/com.google.code.findbugs/jsr305@3.0.2 017
jszip-utils:0.1.0pkg:npm/jszip-utils@0.1.0 06
jszip:3.10.1cpe:2.3:a:jszip_project:jszip:3.10.1:*:*:*:*:*:*:*pkg:npm/jszip@3.10.1 0Highest6
jtidy-r938.jarcpe:2.3:a:jtidy_project:jtidy:r938:*:*:*:*:*:*:*pkg:maven/net.sf.jtidy/jtidy@r938HIGH1Highest53
jul-to-slf4j-1.7.36.jarpkg:maven/org.slf4j/jul-to-slf4j@1.7.36 028
junit-4.13.2.jarcpe:2.3:a:junit:junit4:4.13.2:*:*:*:*:*:*:*pkg:maven/junit/junit@4.13.2 0Low53
kafka-clients-3.5.1.jarcpe:2.3:a:apache:kafka:3.5.1:*:*:*:*:*:*:*pkg:maven/org.apache.kafka/kafka-clients@3.5.1 0Highest24
leaflet.markercluster:1.5.3pkg:npm/leaflet.markercluster@1.5.3 05
leaflet:1.9.3pkg:npm/leaflet@1.9.3 06
libphonenumber-8.13.11.jarpkg:maven/com.googlecode.libphonenumber/libphonenumber@8.13.11 022
listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jarpkg:maven/com.google.guava/listenablefuture@9999.0-empty-to-avoid-conflict-with-guava 013
log4j-core-2.21.0.jarcpe:2.3:a:apache:log4j:2.21.0:*:*:*:*:*:*:*pkg:maven/org.apache.logging.log4j/log4j-core@2.21.0 0Highest33
log4j-slf4j-impl-2.21.0.jarpkg:maven/org.apache.logging.log4j/log4j-slf4j-impl@2.21.0 029
lucene-core-9.5.0.jarpkg:maven/org.apache.lucene/lucene-core@9.5.0 030
lz4-java-1.8.0.jarpkg:maven/org.lz4/lz4-java@1.8.0 037
marked:4.3.0cpe:2.3:a:marked_project:marked:4.3.0:*:*:*:*:*:*:*pkg:npm/marked@4.3.0 0Highest8
mchange-commons-java-0.2.19.jarpkg:maven/com.mchange/mchange-commons-java@0.2.19 029
mockito-core-5.3.0.jarpkg:maven/org.mockito/mockito-core@5.3.0 041
moment-timezone:0.5.43pkg:npm/moment-timezone@0.5.43 08
moment:2.29.4cpe:2.3:a:momentjs:moment:2.29.4:*:*:*:*:*:*:*pkg:npm/moment@2.29.4 0Highest8
mongodb-driver-core-3.12.13.jarcpe:2.3:a:mongodb:java_driver:3.12.13:*:*:*:*:*:*:*pkg:maven/org.mongodb/mongodb-driver-core@3.12.13 0Highest28
mssql-jdbc-12.6.2.jre11.jarcpe:2.3:a:www-sql_project:www-sql:12.6.2.jre11:*:*:*:*:*:*:*pkg:maven/com.microsoft.sqlserver/mssql-jdbc@12.6.2
pkg:maven/com.microsoft.sqlserver/mssql-jdbc@12.6.2.jre11
 0Highest36
mustache:4.2.0pkg:npm/mustache@4.2.0 07
mysql-connector-j-8.4.0.jarcpe:2.3:a:mysql:mysql:8.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_connector\/j:8.4.0:*:*:*:*:*:*:*
pkg:maven/com.mysql/mysql-connector-j@8.4.0 0Highest52
netty-codec-http-4.1.91.Final.jarcpe:2.3:a:netty:netty:4.1.91:*:*:*:*:*:*:*pkg:maven/io.netty/netty-codec-http@4.1.91.FinalHIGH*3Highest34
netty-codec-mqtt-4.1.91.Final.jarcpe:2.3:a:mqtt:mqtt:4.1.91:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.1.91:*:*:*:*:*:*:*
pkg:maven/io.netty/netty-codec-mqtt@4.1.91.FinalHIGH*2Highest34
netty-common-4.1.91.Final.jar (shaded: org.jctools:jctools-core:3.1.0)pkg:maven/org.jctools/jctools-core@3.1.0 09
netty-transport-4.1.91.Final.jarcpe:2.3:a:netty:netty:4.1.91:*:*:*:*:*:*:*pkg:maven/io.netty/netty-transport@4.1.91.FinalHIGH*2Highest32
netty-transport-native-kqueue-4.1.75.Final-osx-x86_64.jarcpe:2.3:a:netty:netty:4.1.75:*:*:*:*:*:*:*pkg:maven/io.netty/netty-transport-native-kqueue@4.1.75.FinalHIGH*4Highest30
objenesis-3.3.jarpkg:maven/org.objenesis/objenesis@3.3 027
ojdbc11-23.4.0.24.05.jarcpe:2.3:a:oracle:jdbc:23.4.0.24.05:*:*:*:*:*:*:*pkg:maven/com.oracle.database.jdbc/ojdbc11@23.4.0.24.05 0Highest33
okhttp-2.7.5.jarcpe:2.3:a:squareup:okhttp:2.7.5:*:*:*:*:*:*:*pkg:maven/com.squareup.okhttp/okhttp@2.7.5HIGH2Highest22
okio-1.6.0.jarcpe:2.3:a:squareup:okio:1.6.0:*:*:*:*:*:*:*pkg:maven/com.squareup.okio/okio@1.6.0HIGH1Highest16
opencsv-5.7.1.jarpkg:maven/com.opencsv/opencsv@5.7.1 035
openhtmltopdf-core-1.0.10.jarpkg:maven/com.openhtmltopdf/openhtmltopdf-core@1.0.10 025
openhtmltopdf-pdfbox-1.0.10.jarcpe:2.3:a:apache:pdfbox:1.0.10:*:*:*:*:*:*:*pkg:maven/com.openhtmltopdf/openhtmltopdf-pdfbox@1.0.10 0High21
org.apache.oltu.oauth2.client-1.0.2.jarpkg:maven/org.apache.oltu.oauth2/org.apache.oltu.oauth2.client@1.0.2 032
org.apache.oltu.oauth2.common-1.0.2.jarpkg:maven/org.apache.oltu.oauth2/org.apache.oltu.oauth2.common@1.0.2 032
org.eclipse.jgit-6.5.0.202303070854-r.jarcpe:2.3:a:eclipse:jgit:6.5.0:202303070854:*:*:*:*:*:*pkg:maven/org.eclipse.jgit/org.eclipse.jgit@6.5.0.202303070854-rHIGH1Highest38
org.eclipse.jgit.http.server-6.5.0.202303070854-r.jarcpe:2.3:a:eclipse:jgit:6.5.0:202303070854:*:*:*:*:*:*pkg:maven/org.eclipse.jgit/org.eclipse.jgit.http.server@6.5.0.202303070854-r 0Highest40
org.eclipse.paho.client.mqttv3-1.2.5.jarcpe:2.3:a:eclipse:paho_java_client:1.2.5:*:*:*:*:*:*:*pkg:maven/org.eclipse.paho/org.eclipse.paho.client.mqttv3@1.2.5 0Highest32
package.json 00
pdfbox-2.0.28.jarcpe:2.3:a:apache:pdfbox:2.0.28:*:*:*:*:*:*:*pkg:maven/org.apache.pdfbox/pdfbox@2.0.28 0Highest33
poi-5.2.3.jarcpe:2.3:a:apache:poi:5.2.3:*:*:*:*:*:*:*pkg:maven/org.apache.poi/poi@5.2.3 0Highest35
postgresql-42.7.3.jarcpe:2.3:a:postgresql:postgresql_jdbc_driver:42.7.3:*:*:*:*:*:*:*pkg:maven/org.postgresql/postgresql@42.7.3 0Low68
preflight-2.0.28.jarcpe:2.3:a:apache:pdfbox:2.0.28:*:*:*:*:*:*:*pkg:maven/org.apache.pdfbox/preflight@2.0.28 0Highest35
protobuf-java-3.22.3.jarcpe:2.3:a:google:protobuf-java:3.22.3:*:*:*:*:*:*:*
cpe:2.3:a:protobuf:protobuf:3.22.3:*:*:*:*:*:*:*
pkg:maven/com.google.protobuf/protobuf-java@3.22.3 0Highest19
proton-j-0.33.10.jarcpe:2.3:a:apache:qpid:0.33.10:*:*:*:*:*:*:*
cpe:2.3:a:apache:qpid_proton:0.33.10:*:*:*:*:*:*:*
cpe:2.3:a:apache:qpid_proton-j:0.33.10:*:*:*:*:*:*:*
cpe:2.3:a:proton_project:proton:0.33.10:*:*:*:*:*:*:*
pkg:maven/org.apache.qpid/proton-j@0.33.10 0Highest28
qpid-jms-client-1.6.0.jarcpe:2.3:a:apache:qpid:1.6.0:*:*:*:*:*:*:*pkg:maven/org.apache.qpid/qpid-jms-client@1.6.0 0Highest25
quartz-2.3.2.jarcpe:2.3:a:softwareag:quartz:2.3.2:*:*:*:*:*:*:*pkg:maven/org.quartz-scheduler/quartz@2.3.2CRITICAL1Highest33
reactive-streams-1.0.3.jarpkg:maven/org.reactivestreams/reactive-streams@1.0.3 027
relaxng-datatype-3.0.2.jarpkg:maven/com.sun.xml.bind.external/relaxng-datatype@3.0.2 036
rhino-1.7.13.jarpkg:maven/org.mozilla/rhino@1.7.13 031
rhino-1.7.13.jar: test.js 00
rhino-js-engine-1.7.10.jarpkg:maven/cat.inspiracio/rhino-js-engine@1.7.10 032
rhino-js-engine-1.7.10.jar: toplevel.js 00
rngom-3.0.2.jarpkg:maven/com.sun.xml.bind.external/rngom@3.0.2 038
select2-theme-bootstrap4:1.0.2pkg:npm/select2-theme-bootstrap4@1.0.2 08
select2:4.0.13cpe:2.3:a:select2:select2:4.0.13:*:*:*:*:*:*:*pkg:npm/select2@4.0.13 0Highest9
semver4j-5.2.2.jarpkg:maven/org.semver4j/semver4j@5.2.2 023
serializer-2.7.3.jarpkg:maven/xalan/serializer@2.7.3 022
signature_pad:4.1.5pkg:npm/signature_pad@4.1.5 09
simplicite-bootstrap-datetimepicker:1.1.0pkg:npm/simplicite-bootstrap-datetimepicker@1.1.0 07
simplicite:3.0.1pkg:npm/simplicite@3.0.1 08
slf4j-api-1.7.36.jarpkg:maven/org.slf4j/slf4j-api@1.7.36 029
snakeyaml-2.0.jarcpe:2.3:a:snakeyaml_project:snakeyaml:2.0:*:*:*:*:*:*:*pkg:maven/org.yaml/snakeyaml@2.0 0Highest42
snappy-java-1.1.10.1.jarcpe:2.3:a:xerial:snappy-java:1.1.10.1:*:*:*:*:*:*:*pkg:maven/org.xerial.snappy/snappy-java@1.1.10.1HIGH1Highest44
snappy-java-1.1.10.1.jar: snappyjava.dll 02
snappy-java-1.1.10.1.jar: snappyjava.dll 02
spectrum-colorpicker:1.8.1pkg:npm/spectrum-colorpicker@1.8.1 09
sqlite-jdbc-3.45.2.0.jarcpe:2.3:a:sqlite:sqlite:3.45.2.0:*:*:*:*:*:*:*
cpe:2.3:a:sqlite_jdbc_project:sqlite_jdbc:3.45.2.0:*:*:*:*:*:*:*
pkg:maven/org.xerial/sqlite-jdbc@3.45.2.0 0Highest38
sqlite-jdbc-3.45.2.0.jar: sqlitejdbc.dll 02
sqlite-jdbc-3.45.2.0.jar: sqlitejdbc.dll 02
sqlite-jdbc-3.45.2.0.jar: sqlitejdbc.dll 02
sqlite-jdbc-3.45.2.0.jar: sqlitejdbc.dll 02
sshd-core-2.9.2.jarcpe:2.3:a:apache:sshd:2.9.2:*:*:*:*:*:*:*pkg:maven/org.apache.sshd/sshd-core@2.9.2MEDIUM2Highest26
stax2-api-4.2.1.jarpkg:maven/org.codehaus.woodstox/stax2-api@4.2.1 052
swagger-core-2.2.9.jarcpe:2.3:a:http-swagger_project:http-swagger:2.2.9:*:*:*:*:*:*:*pkg:maven/io.swagger.core.v3/swagger-core@2.2.9 0Low38
swagger-ui-dist:4.18.2pkg:npm/swagger-ui-dist@4.18.2 04
threeten-extra-1.7.2.jarpkg:maven/org.threeten/threeten-extra@1.7.2 038
threetenbp-1.6.8.jarpkg:maven/org.threeten/threetenbp@1.6.8MEDIUM240
tinymce-i18n:24.5.8pkg:npm/tinymce-i18n@24.5.8 06
tinymce:6.8.3cpe:2.3:a:tiny:tinymce:6.8.3:*:*:*:*:*:*:*
cpe:2.3:a:tinymce:tinymce:6.8.3:*:*:*:*:*:*:*
pkg:npm/tinymce@6.8.3MEDIUM2Highest8
totp-1.7.1.jarcpe:2.3:a:time_project:time:1.7.1:*:*:*:*:*:*:*pkg:maven/dev.samstevens.totp/totp@1.7.1 0Low26
txw2-3.0.2.jarcpe:2.3:a:eclipse:glassfish:3.0.2:*:*:*:*:*:*:*pkg:maven/org.glassfish.jaxb/txw2@3.0.2 0Highest35
unirest-java-3.14.2.jarpkg:maven/com.konghq/unirest-java@3.14.2 018
vue:3.4.21pkg:npm/vue@3.4.21 08
woodstox-core-6.5.0.jar (shaded: com.sun.xml.bind.jaxb:isorelax:20090621)pkg:maven/com.sun.xml.bind.jaxb/isorelax@20090621 012
woodstox-core-6.5.0.jar (shaded: net.java.dev.msv:xsdlib:2013.6.1)cpe:2.3:a:xml_library_project:xml_library:2013.6.1:*:*:*:*:*:*:*pkg:maven/net.java.dev.msv/xsdlib@2013.6.1 0Low9
woodstox-core-6.5.0.jarcpe:2.3:a:fasterxml:woodstox:6.5.0:*:*:*:*:*:*:*pkg:maven/com.fasterxml.woodstox/woodstox-core@6.5.0 0Highest56
xalan-2.7.3.jar (shaded: org.apache.bcel:bcel:6.7.0)cpe:2.3:a:apache:commons_bcel:6.7.0:*:*:*:*:*:*:*pkg:maven/org.apache.bcel/bcel@6.7.0 0Low52
xalan-2.7.3.jarcpe:2.3:a:apache:xalan-java:2.7.3:*:*:*:*:*:*:*pkg:maven/xalan/xalan@2.7.3 0Highest46
xercesImpl-2.12.2.jarcpe:2.3:a:apache:xerces-j:2.12.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:xerces2_java:2.12.2:*:*:*:*:*:*:*
pkg:maven/xerces/xercesImpl@2.12.2MEDIUM1Low84
xmlbeans-5.1.1.jarcpe:2.3:a:apache:xmlbeans:5.1.1:*:*:*:*:*:*:*pkg:maven/org.apache.xmlbeans/xmlbeans@5.1.1 0Highest37
xmlsec-3.0.2.jarcpe:2.3:a:apache:santuario_xml_security_for_java:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:xml_security_for_java:3.0.2:*:*:*:*:*:*:*
pkg:maven/org.apache.santuario/xmlsec@3.0.2MEDIUM1Low48
xmpbox-2.0.28.jarcpe:2.3:a:apache:pdfbox:2.0.28:*:*:*:*:*:*:*pkg:maven/org.apache.pdfbox/xmpbox@2.0.28 0Highest33
xsom-3.0.2.jarcpe:2.3:a:eclipse:glassfish:3.0.2:*:*:*:*:*:*:*pkg:maven/org.glassfish.jaxb/xsom@3.0.2 0Highest36
xterm-js:4.9.0cpe:2.3:a:xtermjs:xterm.js:4.9.0:*:*:*:*:*:*:*pkg:npm/xterm-js@4.9.0HIGH1Highest5
zstd-jni-1.5.5-1.jarpkg:maven/com.github.luben/zstd-jni@1.5.5-1 043
zstd-jni-1.5.5-1.jar: libzstd-jni-1.5.5-1.dll 04
zstd-jni-1.5.5-1.jar: libzstd-jni-1.5.5-1.dll 04

* indicates the dependency has a known exploited vulnerability

Dependencies (vulnerable)

@fullcalendar/bootstrap:5.11.4

Description:

Bootstrap 4 theming for your calendar

License:

MIT
File Path: /var/simplicite/simplicite-5.3/package.json?/@fullcalendar/bootstrap:5.11.4

Referenced In Project/Scope: simplicite-js:5.3.40

Identifiers

@fullcalendar/core:5.11.4

Description:

Provides core functionality, including the Calendar class

License:

MIT
File Path: /var/simplicite/simplicite-5.3/package.json?/@fullcalendar/core:5.11.4

Referenced In Project/Scope: simplicite-js:5.3.40

Identifiers

@fullcalendar/daygrid:5.11.4

Description:

Display events on Month view or DayGrid view

License:

MIT
File Path: /var/simplicite/simplicite-5.3/package.json?/@fullcalendar/daygrid:5.11.4

Referenced In Project/Scope: simplicite-js:5.3.40

Identifiers

@fullcalendar/google-calendar:5.11.4

Description:

Fetch events from a public Google Calendar feed

License:

MIT
File Path: /var/simplicite/simplicite-5.3/package.json?/@fullcalendar/google-calendar:5.11.4

Referenced In Project/Scope: simplicite-js:5.3.40

Identifiers

@fullcalendar/interaction:5.11.4

Description:

Provides functionality for event drag-n-drop, resizing, dateClick, and selectable actions

License:

MIT
File Path: /var/simplicite/simplicite-5.3/package.json?/@fullcalendar/interaction:5.11.4

Referenced In Project/Scope: simplicite-js:5.3.40

Identifiers

@fullcalendar/list:5.11.4

Description:

View your events as a bulleted list

License:

MIT
File Path: /var/simplicite/simplicite-5.3/package.json?/@fullcalendar/list:5.11.4

Referenced In Project/Scope: simplicite-js:5.3.40

Identifiers

@fullcalendar/luxon:5.11.4

Description:

A connector to the Luxon 1 date library

License:

MIT
File Path: /var/simplicite/simplicite-5.3/package.json?/@fullcalendar/luxon:5.11.4

Referenced In Project/Scope: simplicite-js:5.3.40

Identifiers

@fullcalendar/moment-timezone:5.11.4

Description:

A connector to the moment-timezone library

License:

MIT
File Path: /var/simplicite/simplicite-5.3/package.json?/@fullcalendar/moment-timezone:5.11.4

Referenced In Project/Scope: simplicite-js:5.3.40

Identifiers

@fullcalendar/moment:5.11.4

Description:

A connector to the MomentJS date library

License:

MIT
File Path: /var/simplicite/simplicite-5.3/package.json?/@fullcalendar/moment:5.11.4

Referenced In Project/Scope: simplicite-js:5.3.40

Identifiers

@fullcalendar/rrule:5.11.4

Description:

A connector to the RRule library, for recurring events

License:

MIT
File Path: /var/simplicite/simplicite-5.3/package.json?/@fullcalendar/rrule:5.11.4

Referenced In Project/Scope: simplicite-js:5.3.40

Identifiers

@fullcalendar/timegrid:5.11.4

Description:

Display your events on a grid of time slots

License:

MIT
File Path: /var/simplicite/simplicite-5.3/package.json?/@fullcalendar/timegrid:5.11.4

Referenced In Project/Scope: simplicite-js:5.3.40

Identifiers

HikariCP-5.0.1.jar

Description:

Ultimate JDBC Connection Pool

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/zaxxer/HikariCP/5.0.1/HikariCP-5.0.1.jar
MD5: 3bc96d2ce8285470da11ec41bff6129f
SHA1: a74c7f0a37046846e88d54f7cb6ea6d565c65f9c
SHA256:26d492397e6775b4296737a8919bf04047afe5827fdd2c08b4557595436b3a2b
Referenced In Project/Scope: Simplicite Platform:compile
HikariCP-5.0.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.40

Identifiers

JavaEWAH-1.1.13.jar

Description:

The bit array data structure is implemented in Java as the BitSet class. Unfortunately, this fails to scale without compression.
  JavaEWAH is a word-aligned compressed variant of the Java bitset class. It uses a 64-bit run-length encoding (RLE) compression scheme.
  The goal of word-aligned compression is not to achieve the best compression, but rather to improve query processing time. Hence, we try to save CPU cycles, maybe at the expense of storage. However, the EWAH scheme we implemented is always more efficient storage-wise than an uncompressed bitmap (implemented in Java as the BitSet class). Unlike some alternatives, javaewah does not rely on a patented scheme. 

License:

Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/googlecode/javaewah/JavaEWAH/1.1.13/JavaEWAH-1.1.13.jar
MD5: a1eb305e5cc5bba238d4360e3139abb4
SHA1: 32cd724a42dc73f99ca08453d11a4bb83e0034c7
SHA256:4c0fda2b1d317750d7ea324e36c70b2bc48310c0aaae67b98df0915d696d7111
Referenced In Project/Scope: Simplicite Platform:compile
JavaEWAH-1.1.13.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.eclipse.jgit/org.eclipse.jgit@6.5.0.202303070854-r

Identifiers

SparseBitSet-1.2.jar

Description:

An efficient sparse bitset implementation for Java

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/zaxxer/SparseBitSet/1.2/SparseBitSet-1.2.jar
MD5: 1c6032441aec11b523e1a7bfa96d60cf
SHA1: 8467c813d442837fcaeddbc42cf5c5359fab4933
SHA256:91e6b318c901a0f2dd1f6ce781d62474435ae627d22fbac9b21bbc39ffd804b6
Referenced In Project/Scope: Simplicite Platform:compile
SparseBitSet-1.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.poi/poi@5.2.3

Identifiers

accessors-smart-2.4.9.jar

Description:

Java reflect give poor performance on getter setter an constructor calls, accessors-smart use ASM to speed up those calls.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/net/minidev/accessors-smart/2.4.9/accessors-smart-2.4.9.jar
MD5: 339685c20dcac95c4f5b59e70daadc0e
SHA1: 32e540749224c22c9b17de8137e916aae9057e22
SHA256:accdd5c7ac4c49b155890aaea1ffca2a9ccd5826b562dd95a99fc1887003e031
Referenced In Project/Scope: Simplicite Platform:runtime
accessors-smart-2.4.9.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.jayway.jsonpath/json-path@2.8.0

Identifiers

ace-builds:1.18.0

Description:

Ace (Ajax.org Cloud9 Editor)

License:

BSD-3-Clause
File Path: /var/simplicite/simplicite-5.3/package.json?/ace-builds:1.18.0

Referenced In Project/Scope: simplicite-js:5.3.40

Identifiers

ace-diff:3.0.3

Description:

A diff/merging wrapper for Ace Editor built on google-diff-match-patch

License:

MIT
File Path: /var/simplicite/simplicite-5.3/package.json?/ace-diff:3.0.3

Referenced In Project/Scope: simplicite-js:5.3.40

Identifiers

angus-activation-2.0.0.jar

Description:

 Implementation

License:

http://www.eclipse.org/org/documents/edl-v10.php
File Path: /var/simplicite/.m2/repository/org/eclipse/angus/angus-activation/2.0.0/angus-activation-2.0.0.jar
MD5: 834539f269d476663784d8571048f3c4
SHA1: 72369f4e2314d38de2dcbb277141ef0226f73151
SHA256:3a12d321a0f35aa9458ff9b6ee93a3de76b78e3f18b077c81721473d83079147
Referenced In Project/Scope: Simplicite Platform:runtime
angus-activation-2.0.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.eclipse.angus/jakarta.mail@2.0.1

Identifiers

ant-1.10.13.jar

File Path: /var/simplicite/.m2/repository/org/apache/ant/ant/1.10.13/ant-1.10.13.jar
MD5: 0781dacdb3a7af3a1c1f6d5187438da4
SHA1: 85fd5990a27ddafe8af3f7a6d7132d2c29a22a7c
SHA256:befbfc79e744e9892cfa7db96df3b6e82dc17d2571af42aa427976fc22299838
Referenced In Project/Scope: Simplicite Platform:compile
ant-1.10.13.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.40

Identifiers

asm-9.3.jar

Description:

ASM, a very small and fast Java bytecode manipulation framework

License:

BSD-3-Clause: https://asm.ow2.io/license.html
File Path: /var/simplicite/.m2/repository/org/ow2/asm/asm/9.3/asm-9.3.jar
MD5: e1c3b96035117ab516ffe0de9bd696e0
SHA1: 8e6300ef51c1d801a7ed62d07cd221aca3a90640
SHA256:1263369b59e29c943918de11d6d6152e2ec6085ce63e5710516f8c67d368e4bc
Referenced In Project/Scope: Simplicite Platform:runtime
asm-9.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.jayway.jsonpath/json-path@2.8.0

Identifiers

autolink-0.10.0.jar

Description:

        Java library to extract links (URLs, email addresses) from plain text;
        fast, small and smart about recognizing where links end
    

License:

MIT License: http://www.opensource.org/licenses/mit-license.php
File Path: /var/simplicite/.m2/repository/org/nibor/autolink/autolink/0.10.0/autolink-0.10.0.jar
MD5: be771f6d4d82b9098596afa30b4f48ea
SHA1: 6579ea7079be461e5ffa99f33222a632711cc671
SHA256:302b30160968415ee6cd1907987138c7575a6315f9b6ef13b9fe3abc87367857
Referenced In Project/Scope: Simplicite Platform:compile
autolink-0.10.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.commonmark/commonmark-ext-autolink@0.21.0

Identifiers

bcmail-jdk18on-1.73.jar

Description:

The Bouncy Castle Java S/MIME APIs for handling S/MIME protocols. This jar contains S/MIME APIs for JDK 1.8 and up. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs. The JavaMail API and the Java activation framework will also be needed.

License:

Bouncy Castle Licence: https://www.bouncycastle.org/licence.html
File Path: /var/simplicite/.m2/repository/org/bouncycastle/bcmail-jdk18on/1.73/bcmail-jdk18on-1.73.jar
MD5: d0f7939c8a9b3f7d90bfa8060318843e
SHA1: 2c132108f42d6fe499938440b5da9c65da06033b
SHA256:d94dc99d55152cab2bb5496601902cd7db06dfd960450d27b67118102f91f7e1
Referenced In Project/Scope: Simplicite Platform:compile
bcmail-jdk18on-1.73.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.40

Identifiers

bcpg-jdk18on-1.73.jar

Description:

The Bouncy Castle Java API for handling the OpenPGP protocol. This jar contains the OpenPGP API for JDK 1.8 and up. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs.

License:

Bouncy Castle Licence: https://www.bouncycastle.org/licence.html
Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /var/simplicite/.m2/repository/org/bouncycastle/bcpg-jdk18on/1.73/bcpg-jdk18on-1.73.jar
MD5: 0e3aaf2b2fae29065f9098fd24b63899
SHA1: 2838f8c35e6e716349ce780c9c88271cab32065d
SHA256:dd6efbd826f0d3aed3a1193acf1d81dd6044c585b90ddf88adca4e1fb41a0984
Referenced In Project/Scope: Simplicite Platform:compile
bcpg-jdk18on-1.73.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.40

Identifiers

bcpkix-jdk18on-1.73.jar

Description:

The Bouncy Castle Java APIs for CMS, PKCS, EAC, TSP, CMP, CRMF, OCSP, and certificate generation. This jar contains APIs for JDK 1.8 and up. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs.

License:

Bouncy Castle Licence: https://www.bouncycastle.org/licence.html
File Path: /var/simplicite/.m2/repository/org/bouncycastle/bcpkix-jdk18on/1.73/bcpkix-jdk18on-1.73.jar
MD5: 18315c3729fc76e2217efffd1f618e64
SHA1: fd41dae0f564a93888ed5ade426281de94824717
SHA256:9487164ba018f2211fcc0f989d6f4ea25b7d48fc6031501c3c7e3a17b164d860
Referenced In Project/Scope: Simplicite Platform:compile
bcpkix-jdk18on-1.73.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.40

Identifiers

bcprov-ext-jdk18on-1.73.jar

Description:

The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.8 and up. Note: this package includes the NTRU encryption algorithms.

License:

Bouncy Castle Licence: https://www.bouncycastle.org/licence.html
File Path: /var/simplicite/.m2/repository/org/bouncycastle/bcprov-ext-jdk18on/1.73/bcprov-ext-jdk18on-1.73.jar
MD5: e0e7191a082e33ca6fe4af159fbd5bff
SHA1: faec66c90751bf9e97f4ae148955e377021982f2
SHA256:f137490b4d8fa5aeaca5683bca391f7c91eb2085b625c28dde1a3e18506d7034
Referenced In Project/Scope: Simplicite Platform:compile
bcprov-ext-jdk18on-1.73.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.40

Identifiers

CVE-2024-34447 (OSSINDEX)  

bouncycastle - Improper Validation of Certificate with Host Mismatch

The software communicates with a host that provides a certificate, but the software does not properly ensure that the certificate is actually associated with that host.
CWE-297 Improper Validation of Certificate with Host Mismatch

CVSSv3:
  • Base Score: HIGH (7.699999809265137)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.bouncycastle:bcprov-ext-jdk18on:1.73:*:*:*:*:*:*:*

CVE-2024-29857 (OSSINDEX)  

An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java (BC Java) before 1.78, BC Java LTS before 2.73.6, BC-FJA before 1.0.2.5, and BC C# .Net before 2.3.1. Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during the evaluation of the curve parameters.
CWE-400 Uncontrolled Resource Consumption

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.bouncycastle:bcprov-ext-jdk18on:1.73:*:*:*:*:*:*:*

CVE-2024-30171 (OSSINDEX)  

An issue was discovered in Bouncy Castle Java TLS API and JSSE Provider before 1.78. Timing-based leakage may occur in RSA based handshakes because of exception processing.
CWE-208 Observable Timing Discrepancy

CVSSv3:
  • Base Score: MEDIUM (5.900000095367432)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.bouncycastle:bcprov-ext-jdk18on:1.73:*:*:*:*:*:*:*

CVE-2024-30172 (OSSINDEX)  

An issue was discovered in Bouncy Castle Java Cryptography APIs before 1.78. An Ed25519 verification code infinite loop can occur via a crafted signature and public key.
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

CVSSv3:
  • Base Score: MEDIUM (5.900000095367432)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.bouncycastle:bcprov-ext-jdk18on:1.73:*:*:*:*:*:*:*

CVE-2023-33201 (OSSINDEX)  

Bouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability. The vulnerability only affects applications that use an LDAP CertStore from Bouncy Castle to validate X.509 certificates. During the certificate validation process, Bouncy Castle inserts the certificate's Subject Name into an LDAP search filter without any escaping, which leads to an LDAP injection vulnerability.
CWE-295 Improper Certificate Validation

CVSSv3:
  • Base Score: MEDIUM (5.300000190734863)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.bouncycastle:bcprov-ext-jdk18on:1.73:*:*:*:*:*:*:*

bcprov-jdk18on-1.73.jar

Description:

The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.8 and up.

License:

Bouncy Castle Licence: https://www.bouncycastle.org/licence.html
File Path: /var/simplicite/.m2/repository/org/bouncycastle/bcprov-jdk18on/1.73/bcprov-jdk18on-1.73.jar
MD5: db1309ef2297987495d57456a66fe137
SHA1: 4bd3de48e5153059fe3f80cbcf86ea221795ee55
SHA256:ad3ae628f4459a8fecb5c1a142b5525ce5118817414f97efd92f5448a69180ff
Referenced In Project/Scope: Simplicite Platform:compile
bcprov-jdk18on-1.73.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.40

Identifiers

  • pkg:maven/org.bouncycastle/bcprov-jdk18on@1.73  (Confidence:High)
  • cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.73:*:*:*:*:*:*:*  (Confidence:Low)  
  • cpe:2.3:a:bouncycastle:bouncy_castle_crypto_package:1.73:*:*:*:*:*:*:*  (Confidence:Low)  
  • cpe:2.3:a:bouncycastle:bouncy_castle_for_java:1.73:*:*:*:*:*:*:*  (Confidence:Highest)  
  • cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.73:*:*:*:*:*:*:*  (Confidence:Low)  
  • cpe:2.3:a:bouncycastle:the_bouncy_castle_crypto_package_for_java:1.73:*:*:*:*:*:*:*  (Confidence:Low)  

CVE-2024-34447 (OSSINDEX)  

bouncycastle - Improper Validation of Certificate with Host Mismatch

The software communicates with a host that provides a certificate, but the software does not properly ensure that the certificate is actually associated with that host.
CWE-297 Improper Validation of Certificate with Host Mismatch

CVSSv3:
  • Base Score: HIGH (7.699999809265137)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.bouncycastle:bcprov-jdk18on:1.73:*:*:*:*:*:*:*

CVE-2024-29857 (OSSINDEX)  

An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java (BC Java) before 1.78, BC Java LTS before 2.73.6, BC-FJA before 1.0.2.5, and BC C# .Net before 2.3.1. Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during the evaluation of the curve parameters.
CWE-400 Uncontrolled Resource Consumption

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.bouncycastle:bcprov-jdk18on:1.73:*:*:*:*:*:*:*

CVE-2024-30171 (OSSINDEX)  

An issue was discovered in Bouncy Castle Java TLS API and JSSE Provider before 1.78. Timing-based leakage may occur in RSA based handshakes because of exception processing.
CWE-208 Observable Timing Discrepancy

CVSSv3:
  • Base Score: MEDIUM (5.900000095367432)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.bouncycastle:bcprov-jdk18on:1.73:*:*:*:*:*:*:*

CVE-2024-30172 (OSSINDEX)  

An issue was discovered in Bouncy Castle Java Cryptography APIs before 1.78. An Ed25519 verification code infinite loop can occur via a crafted signature and public key.
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

CVSSv3:
  • Base Score: MEDIUM (5.900000095367432)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.bouncycastle:bcprov-jdk18on:1.73:*:*:*:*:*:*:*

CVE-2023-33201 (OSSINDEX)  

Bouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability. The vulnerability only affects applications that use an LDAP CertStore from Bouncy Castle to validate X.509 certificates. During the certificate validation process, Bouncy Castle inserts the certificate's Subject Name into an LDAP search filter without any escaping, which leads to an LDAP injection vulnerability.
CWE-295 Improper Certificate Validation

CVSSv3:
  • Base Score: MEDIUM (5.300000190734863)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.bouncycastle:bcprov-jdk18on:1.73:*:*:*:*:*:*:*

bcutil-jdk18on-1.73.jar

Description:

The Bouncy Castle Java APIs for ASN.1 extension and utility APIs used to support bcpkix and bctls. This jar contains APIs for JDK 1.8 and up.

License:

Bouncy Castle Licence: https://www.bouncycastle.org/licence.html
File Path: /var/simplicite/.m2/repository/org/bouncycastle/bcutil-jdk18on/1.73/bcutil-jdk18on-1.73.jar
MD5: e535f6c495b9197e287f68375b0508f1
SHA1: 073a680acd04b249a6773f49200092cadb670bf0
SHA256:0b70292c36cfe08ac00a71f5cc5af4c412ceedbc8c0f0a22995dbacfaf25dd42
Referenced In Project/Scope: Simplicite Platform:compile
bcutil-jdk18on-1.73.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.bouncycastle/bcpkix-jdk18on@1.73

Identifiers

bootbox:6.0.0

Description:

Wrappers for JavaScript alert(), confirm(), prompt(), and other flexible dialogs using the Bootstrap framework

License:

MIT
File Path: /var/simplicite/simplicite-5.3/package.json?/bootbox:6.0.0

Referenced In Project/Scope: simplicite-js:5.3.40

Identifiers

CVE-2023-46998 (OSSINDEX)  

Cross Site Scripting vulnerability in BootBox Bootbox.js v.3.2 through 6.0 allows a remote attacker to execute arbitrary code via a crafted payload to alert(), confirm(), prompt() functions.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv3:
  • Base Score: MEDIUM (6.099999904632568)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:*:bootbox:6.0.0:*:*:*:*:*:*:*

bootstrap:5.2.3

Description:

The most popular front-end framework for developing responsive, mobile first projects on the web.

License:

MIT
File Path: /var/simplicite/simplicite-5.3/package.json?/bootstrap:5.2.3

Referenced In Project/Scope: simplicite-js:5.3.40

Identifiers

bson-3.12.13.jar

Description:

The BSON library

License:

The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/mongodb/bson/3.12.13/bson-3.12.13.jar
MD5: 8372c7e19dfc5164761daaeca1557548
SHA1: 49dc931b5629509b06a9f696f8036d258adc90ef
SHA256:d1837cb8c051e4212f95adba227f566b752fe0f14e51717b5d60b4ed77b8803e
Referenced In Project/Scope: Simplicite Platform:compile
bson-3.12.13.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.mongodb/mongodb-driver@3.12.13

Identifiers

byte-buddy-1.14.4.jar

Description:

        Byte Buddy is a Java library for creating Java classes at run time.
        This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.
    

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/net/bytebuddy/byte-buddy/1.14.4/byte-buddy-1.14.4.jar
MD5: 21117c3c69db9aa3080d611640a27bb9
SHA1: 20498aaec9b00a5cfdb831e7bf68feafa833ce4b
SHA256:7ae2b39ac230be9e3e09ce020406c017ff8ceba06eaf078c62a88c218a0ff2b4
Referenced In Project/Scope: Simplicite Platform:compile
byte-buddy-1.14.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.mockito/mockito-core@5.3.0

Identifiers

byte-buddy-agent-1.14.4.jar

Description:

The Byte Buddy agent offers convenience for attaching an agent to the local or a remote VM.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/net/bytebuddy/byte-buddy-agent/1.14.4/byte-buddy-agent-1.14.4.jar
MD5: f9b055b741a5a0539d86a4f984ac9a68
SHA1: 3bf5ac1104554908cc623e40e58a00be37c35f36
SHA256:fbd1ab3db43c6c78b8804908cb95b656517f5c82e7fde8d255d8bdceef412d70
Referenced In Project/Scope: Simplicite Platform:compile
byte-buddy-agent-1.14.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.mockito/mockito-core@5.3.0

Identifiers

byte-buddy-agent-1.14.4.jar: attach_hotspot_windows.dll

File Path: /var/simplicite/.m2/repository/net/bytebuddy/byte-buddy-agent/1.14.4/byte-buddy-agent-1.14.4.jar/win32-x86-64/attach_hotspot_windows.dll
MD5: 053a783e5777c6a9867c27d51af89677
SHA1: 5ef4d98ae6a033a5707d0b5466e6138beb337e76
SHA256:16d424423f9b09accf132ad35dbeaa52ac9f6bd45bba1406b89df851f651db20
Referenced In Project/Scope: Simplicite Platform:compile

Identifiers

  • None

byte-buddy-agent-1.14.4.jar: attach_hotspot_windows.dll

File Path: /var/simplicite/.m2/repository/net/bytebuddy/byte-buddy-agent/1.14.4/byte-buddy-agent-1.14.4.jar/win32-x86/attach_hotspot_windows.dll
MD5: fbca33102ac97be0ed496c0f78e466b3
SHA1: c4df05146a86a6d073769bb697d550ef42518ed5
SHA256:810f94c4a2f5ca1a072c19859f7954fed9aa3a1dcb0d601e92d2338793202e72
Referenced In Project/Scope: Simplicite Platform:compile

Identifiers

  • None

c3p0-0.9.5.5.jar

Description:

a JDBC Connection pooling / Statement caching library

License:

GNU Lesser General Public License, Version 2.1: http://www.gnu.org/licenses/lgpl-2.1.html
Eclipse Public License, Version 1.0: http://www.eclipse.org/org/documents/epl-v10.php
File Path: /var/simplicite/.m2/repository/com/mchange/c3p0/0.9.5.5/c3p0-0.9.5.5.jar
MD5: 9fc982b4b179e44cec986ea86fe1bff7
SHA1: 37dfc3021e5589d65ff2ae0becf811510b87ab01
SHA256:96cec5ddfe2f08b8407125d8228eb0392121e1bf2239ca621bb19228b67f741a
Referenced In Project/Scope: Simplicite Platform:compile
c3p0-0.9.5.5.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.40

Identifiers

cache-api-1.1.0.jar

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/javax/cache/cache-api/1.1.0/cache-api-1.1.0.jar
MD5: ac907ad12e9a7ac5d41abf703855002f
SHA1: 77bdcff7814076dfa61611b0db88487c515150b6
SHA256:6c980ad1ae4a6dda3bdb62986c3ef5b41ccf766e12353587ee4e4307e27e155a
Referenced In Project/Scope: Simplicite Platform:compile
cache-api-1.1.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.ehcache/ehcache@3.10.8

Identifiers

caffeine-3.1.6.jar

Description:

A high performance caching library

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/github/ben-manes/caffeine/caffeine/3.1.6/caffeine-3.1.6.jar
MD5: 7661b25999918646ec802846cc4c16bc
SHA1: 3646a0d1b1abe6a31f72f2237d9004d10a5be91d
SHA256:0311f9d5d9750aa2a1c11cbdba5a5cb7fec91c8870d6f179f324b3f5295b87dd
Referenced In Project/Scope: Simplicite Platform:compile
caffeine-3.1.6.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.40

Identifiers

chart.js:3.9.1

Description:

Simple HTML5 charts using the canvas element.

License:

MIT
File Path: /var/simplicite/simplicite-5.3/package.json?/chart.js:3.9.1

Referenced In Project/Scope: simplicite-js:5.3.40

Identifiers

chartjs-adapter-moment:1.0.1

Description:

Chart.js adapter to use Moment.js for time functionalities

License:

MIT
File Path: /var/simplicite/simplicite-5.3/package.json?/chartjs-adapter-moment:1.0.1

Referenced In Project/Scope: simplicite-js:5.3.40

Identifiers

checker-qual-3.33.0.jar

Description:

checker-qual contains annotations (type qualifiers) that a programmer
writes to specify Java code for type-checking by the Checker Framework.

License:

The MIT License: http://opensource.org/licenses/MIT
File Path: /var/simplicite/.m2/repository/org/checkerframework/checker-qual/3.33.0/checker-qual-3.33.0.jar
MD5: fc9418b779d9d57dcd52197006cbdb9b
SHA1: de2b60b62da487644fc11f734e73c8b0b431238f
SHA256:e316255bbfcd9fe50d165314b85abb2b33cb2a66a93c491db648e498a82c2de1
Referenced In Project/Scope: Simplicite Platform:compile
checker-qual-3.33.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.40

Identifiers

codemodel-3.0.2.jar

Description:

The core functionality of the CodeModel java source code generation library

License:

http://www.eclipse.org/org/documents/edl-v10.php
File Path: /var/simplicite/.m2/repository/org/glassfish/jaxb/codemodel/3.0.2/codemodel-3.0.2.jar
MD5: b0847dc199eb2cd4ee6e8d3627eedaa7
SHA1: 0b7caeacad98da5c40de8650317cfa573b0674c7
SHA256:693c03822476403b9fcb6578cf6b07b20c7f9d0d36a2d27cccf0c08dc587ee27
Referenced In Project/Scope: Simplicite Platform:compile
codemodel-3.0.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.glassfish.jaxb/jaxb-xjc@3.0.2

Identifiers

commonmark-0.21.0.jar

Description:

Core of commonmark-java (implementation of CommonMark for parsing markdown and rendering to HTML)

File Path: /var/simplicite/.m2/repository/org/commonmark/commonmark/0.21.0/commonmark-0.21.0.jar
MD5: c0c0bf595a23b868d229b5f5806b0646
SHA1: c98f0473b17c87fe4fa2fc62a7c6523a2fe018f0
SHA256:81084a7035046fe306f0dbf16ef57a68d08ee5c97004ea867e62b5db46e98afb
Referenced In Project/Scope: Simplicite Platform:compile
commonmark-0.21.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.40

Identifiers

commonmark-ext-autolink-0.21.0.jar

Description:

commonmark-java extension for turning plain URLs and email addresses into links

File Path: /var/simplicite/.m2/repository/org/commonmark/commonmark-ext-autolink/0.21.0/commonmark-ext-autolink-0.21.0.jar
MD5: eafd2cf973eb3d6b88cfbf825f53353b
SHA1: 55c0312cf443fa3d5af0daeeeca00d6deee3cf90
SHA256:3cd57d5d1dbde724e6700c53a590534bb24f3e2695ff3505eba32dc4c7781ba9
Referenced In Project/Scope: Simplicite Platform:compile
commonmark-ext-autolink-0.21.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.40

Identifiers

commonmark-ext-gfm-strikethrough-0.21.0.jar

Description:

commonmark-java extension for GFM strikethrough using ~~ (GitHub Flavored Markdown)

File Path: /var/simplicite/.m2/repository/org/commonmark/commonmark-ext-gfm-strikethrough/0.21.0/commonmark-ext-gfm-strikethrough-0.21.0.jar
MD5: 0d67b70370ae58992db317e6f59c4b6c
SHA1: 953f4b71e133a98fcca93f3c3f4e58b895b76d1f
SHA256:b5ed6fa18214e588e502385d95e878a8150f122c7a874a75a389682837b906f8
Referenced In Project/Scope: Simplicite Platform:compile
commonmark-ext-gfm-strikethrough-0.21.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.40

Identifiers

commonmark-ext-gfm-tables-0.21.0.jar

Description:

commonmark-java extension for GFM tables using "|" pipes (GitHub Flavored Markdown)

File Path: /var/simplicite/.m2/repository/org/commonmark/commonmark-ext-gfm-tables/0.21.0/commonmark-ext-gfm-tables-0.21.0.jar
MD5: 94435093a666e5b7c26b3fa497a314c8
SHA1: fb7d65fa89a4cfcd2f51535d2549b570cf1dbd1a
SHA256:fc05fe991f2254ab0c8f6ccb9f0b6ec1c2b6df350389ed3e411ac6f52e7a75e5
Referenced In Project/Scope: Simplicite Platform:compile
commonmark-ext-gfm-tables-0.21.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.40

Identifiers

commonmark-ext-heading-anchor-0.21.0.jar

Description:

commonmark-java extension for adding unique id attributes to header tags

File Path: /var/simplicite/.m2/repository/org/commonmark/commonmark-ext-heading-anchor/0.21.0/commonmark-ext-heading-anchor-0.21.0.jar
MD5: c50cfa7efc450625f763d7840db083cc
SHA1: 92529c00bb762aa3ab83ba3cd50dceb5e5e9f8e4
SHA256:e4d53590e0eefe2987786b5b5a9145c0a66c64f570eb4955b52b0255ee333e16
Referenced In Project/Scope: Simplicite Platform:compile
commonmark-ext-heading-anchor-0.21.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.40

Identifiers

commonmark-ext-image-attributes-0.21.0.jar

Description:

commonmark-java extension for adding attributes to images

File Path: /var/simplicite/.m2/repository/org/commonmark/commonmark-ext-image-attributes/0.21.0/commonmark-ext-image-attributes-0.21.0.jar
MD5: b31855c624f339806124fc055f8ddcd0
SHA1: a4ea23623ed6e7546425077f5161af209d302a7f
SHA256:6caf48abe76f66b857577b1c006ec31e2b56f73e321779d233f035fa2cddde1f
Referenced In Project/Scope: Simplicite Platform:compile
commonmark-ext-image-attributes-0.21.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.40

Identifiers

commonmark-ext-ins-0.21.0.jar

Description:

commonmark-java extension for using ++

File Path: /var/simplicite/.m2/repository/org/commonmark/commonmark-ext-ins/0.21.0/commonmark-ext-ins-0.21.0.jar
MD5: 9e05ae2e9e40e7cf30f3b90f7c437439
SHA1: 5d2126c4af5e25a0ac67aa7cd0892a562c4bfd9e
SHA256:3b544e076d3cf2259f008b168ffe6bdff4fb2871537c56f3b2a1cf3a93c84250
Referenced In Project/Scope: Simplicite Platform:compile
commonmark-ext-ins-0.21.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.40

Identifiers

commonmark-ext-task-list-items-0.21.0.jar

Description:

commonmark-java extension for task list items

File Path: /var/simplicite/.m2/repository/org/commonmark/commonmark-ext-task-list-items/0.21.0/commonmark-ext-task-list-items-0.21.0.jar
MD5: e03887a06f645da25e87f8f0c953365e
SHA1: 3aafb756507be546e1aa1f6f8ee6c0f1e71ebf4a
SHA256:53a3c76cf56947af1f6882a9a1ce962f3b338ca952d83dd402b7f5711c14bee0
Referenced In Project/Scope: Simplicite Platform:compile
commonmark-ext-task-list-items-0.21.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.40

Identifiers

commonmark-ext-yaml-front-matter-0.21.0.jar

Description:

commonmark-java extension for YAML front matter

File Path: /var/simplicite/.m2/repository/org/commonmark/commonmark-ext-yaml-front-matter/0.21.0/commonmark-ext-yaml-front-matter-0.21.0.jar
MD5: a59fa78ad0444d1bb245d35b103a3f0a
SHA1: d99588df09445d3e70627dffdb02da4338851ff2
SHA256:0683332fd8ef7aafdf28de2658fa4200e5c9a9e219c331bfde3f501854b8f798
Referenced In Project/Scope: Simplicite Platform:compile
commonmark-ext-yaml-front-matter-0.21.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.40

Identifiers

commons-beanutils-1.9.4.jar

Description:

Apache Commons BeanUtils provides an easy-to-use but flexible wrapper around reflection and introspection.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/commons-beanutils/commons-beanutils/1.9.4/commons-beanutils-1.9.4.jar
MD5: 07dc532ee316fe1f2f0323e9bd2f8df4
SHA1: d52b9abcd97f38c81342bb7e7ae1eee9b73cba51
SHA256:7d938c81789028045c08c065e94be75fc280527620d5bd62b519d5838532368a
Referenced In Project/Scope: Simplicite Platform:compile
commons-beanutils-1.9.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.40

Identifiers

commons-cli-1.5.0.jar

Description:

    Apache Commons CLI provides a simple API for presenting, processing and validating a Command Line Interface.
  

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/commons-cli/commons-cli/1.5.0/commons-cli-1.5.0.jar
MD5: 6c3b2052160144196118b1f019504388
SHA1: dc98be5d5390230684a092589d70ea76a147925c
SHA256:bc8bb01fc0fad250385706e20f927ddcff6173f6339b387dc879237752567ac6
Referenced In Project/Scope: Simplicite Platform:compile
commons-cli-1.5.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.40

Identifiers

commons-codec-1.15.jar

Description:

     The Apache Commons Codec package contains simple encoder and decoders for
     various formats such as Base64 and Hexadecimal.  In addition to these
     widely used encoders and decoders, the codec package also maintains a
     collection of phonetic encoding utilities.
  

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/commons-codec/commons-codec/1.15/commons-codec-1.15.jar
MD5: 303baf002ce6d382198090aedd9d79a2
SHA1: 49d94806b6e3dc933dacbd8acb0fdbab8ebd1e5d
SHA256:b3e9f6d63a790109bf0d056611fbed1cf69055826defeb9894a71369d246ed63
Referenced In Project/Scope: Simplicite Platform:compile
commons-codec-1.15.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.40

Identifiers

commons-collections-3.2.2.jar

Description:

Types that extend and augment the Java Collections Framework.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/commons-collections/commons-collections/3.2.2/commons-collections-3.2.2.jar
MD5: f54a8510f834a1a57166970bfc982e94
SHA1: 8ad72fe39fa8c91eaaf12aadb21e0c3661fe26d5
SHA256:eeeae917917144a68a741d4c0dff66aa5c5c5fd85593ff217bced3fc8ca783b8
Referenced In Project/Scope: Simplicite Platform:compile
commons-collections-3.2.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.40

Identifiers

commons-collections4-4.4.jar

Description:

The Apache Commons Collections package contains types that extend and augment the Java Collections Framework.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/commons/commons-collections4/4.4/commons-collections4-4.4.jar
MD5: 4a37023740719b391f10030362c86be6
SHA1: 62ebe7544cb7164d87e0637a2a6a2bdc981395e8
SHA256:1df8b9430b5c8ed143d7815e403e33ef5371b2400aadbe9bda0883762e0846d1
Referenced In Project/Scope: Simplicite Platform:compile
commons-collections4-4.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.40

Identifiers

commons-compress-1.23.0.jar

Description:

Apache Commons Compress software defines an API for working with
compression and archive formats.  These include: bzip2, gzip, pack200,
lzma, xz, Snappy, traditional Unix Compress, DEFLATE, DEFLATE64, LZ4,
Brotli, Zstandard and ar, cpio, jar, tar, zip, dump, 7z, arj.
  

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/commons/commons-compress/1.23.0/commons-compress-1.23.0.jar
MD5: 96b88349958aeaa15cdf6e5e877bdced
SHA1: 4af2060ea9b0c8b74f1854c6cafe4d43cfc161fc
SHA256:c267f17160e9ef662b4d78b7f29dca7c82b15c5cff2cb6a9865ef4ab3dd5b787
Referenced In Project/Scope: Simplicite Platform:compile
commons-compress-1.23.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.40

Identifiers

CVE-2023-42503  

Improper Input Validation, Uncontrolled Resource Consumption vulnerability in Apache Commons Compress in TAR parsing.This issue affects Apache Commons Compress:��from 1.22 before 1.24.0.

Users are recommended to upgrade to version 1.24.0, which fixes the issue.

A third party can create a malformed TAR file by manipulating file modification times headers, which when parsed with Apache Commons Compress, will cause a denial of service issue via CPU consumption.

In version 1.22 of Apache Commons Compress, support was added for file modification times with higher precision (issue # COMPRESS-612 [1]). The format for the PAX extended headers carrying this data consists of two numbers separated by a period [2], indicating seconds and subsecond precision (for example ���1647221103.5998539���). The impacted fields are ���atime���, ���ctime���, ���mtime��� and ���LIBARCHIVE.creationtime���. No input validation is performed prior to the parsing of header values.

Parsing of these numbers uses the BigDecimal [3] class from the JDK which has a publicly known algorithmic complexity issue when doing operations on large numbers, causing denial of service (see issue # JDK-6560193 [4]). A third party can manipulate file time headers in a TAR file by placing a number with a very long fraction (300,000 digits) or a number with exponent notation (such as ���9e9999999���) within a file modification time header, and the parsing of files with these headers will take hours instead of seconds, leading to a denial of service via exhaustion of CPU resources. This issue is similar to CVE-2012-2098 [5].

[1]:  https://issues.apache.org/jira/browse/COMPRESS-612 
[2]:  https://pubs.opengroup.org/onlinepubs/9699919799/utilities/pax.html#tag_20_92_13_05 
[3]:  https://docs.oracle.com/javase/8/docs/api/java/math/BigDecimal.html 
[4]:  https://bugs.openjdk.org/browse/JDK-6560193 
[5]:  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2098 

Only applications using CompressorStreamFactory class (with auto-detection of file types), TarArchiveInputStream and TarFile classes to parse TAR files are impacted. Since this code was introduced in v1.22, only that version and later versions are impacted.

CWE-400 Uncontrolled Resource Consumption, CWE-20 Improper Input Validation, NVD-CWE-noinfo

CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A

References:

Vulnerable Software & Versions:

CVE-2024-25710  

Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.3 through 1.25.0.

Users are recommended to upgrade to version 1.26.0 which fixes the issue.

CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A

References:

Vulnerable Software & Versions:

CVE-2024-26308  

Allocation of Resources Without Limits or Throttling vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.21 before 1.26.

Users are recommended to upgrade to version 1.26, which fixes the issue.

CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A

References:

Vulnerable Software & Versions:

commons-csv-1.10.0.jar

Description:

The Apache Commons CSV library provides a simple interface for reading and writing CSV files of various types.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/commons/commons-csv/1.10.0/commons-csv-1.10.0.jar
MD5: 9b3be74e726a151524bf31ec293ff285
SHA1: 8669bee353424c3223c93723291b5c3753260c1c
SHA256:2d06e6a07a636baf777ad8e659256f2119109dde23551c9b80c5422d424b808c
Referenced In Project/Scope: Simplicite Platform:compile
commons-csv-1.10.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.40

Identifiers

commons-digester-2.1.jar

Description:

    The Digester package lets you configure an XML to Java object mapping module
    which triggers certain actions called rules whenever a particular 
    pattern of nested XML elements is recognized.
  

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/commons-digester/commons-digester/2.1/commons-digester-2.1.jar
MD5: 528445033f22da28f5047b6abcd1c7c9
SHA1: 73a8001e7a54a255eef0f03521ec1805dc738ca0
SHA256:e0b2b980a84fc6533c5ce291f1917b32c507f62bcad64198fff44368c2196a3d
Referenced In Project/Scope: Simplicite Platform:compile
commons-digester-2.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/commons-validator/commons-validator@1.7

Identifiers

commons-discovery-0.5.jar

Description:

The Apache Commons Discovery component is about discovering, or finding,
  implementations for pluggable interfaces.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/commons-discovery/commons-discovery/0.5/commons-discovery-0.5.jar
MD5: b35120680c3a22cec7a037fce196cd97
SHA1: 3a8ac816bbe02d2f88523ef22cbf2c4abd71d6a8
SHA256:e5b7d58ae62e5b309d5c0ffa5a5b1d9d1e0f0c4c3cc18d1fe3103fd29f90149d
Referenced In Project/Scope: Simplicite Platform:compile
commons-discovery-0.5.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.40

Identifiers

CVE-2022-0869  

Multiple Open Redirect in GitHub repository nitely/spirit prior to 0.12.3.
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

CVSSv2:
  • Base Score: MEDIUM (5.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions:

commons-email-1.5.jar

Description:

        Apache Commons Email aims to provide an API for sending email. It is built on top of
        the JavaMail API, which it aims to simplify.
    

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/commons/commons-email/1.5/commons-email-1.5.jar
MD5: e72657496d31f152aa26d4122e0850d9
SHA1: e8e677c6362eba14ff3c476ba63ccb83132dbd52
SHA256:ee8479906abb2c355a46a0a9845cfa1803bcc3c520a34baea4a6cf4e1f0f0cc1
Referenced In Project/Scope: Simplicite Platform:compile
commons-email-1.5.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.40

Identifiers

commons-exec-1.3.jar

Description:

Apache Commons Exec is a library to reliably execute external processes from within the JVM.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/commons/commons-exec/1.3/commons-exec-1.3.jar
MD5: 8bb8fa2edfd60d5c7ed6bf9923d14aa8
SHA1: 8dfb9facd0830a27b1b5f29f84593f0aeee7773b
SHA256:cb49812dc1bfb0ea4f20f398bcae1a88c6406e213e67f7524fb10d4f8ad9347b
Referenced In Project/Scope: Simplicite Platform:compile
commons-exec-1.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.40

Identifiers

commons-fileupload-1.5.jar

Description:

    The Apache Commons FileUpload component provides a simple yet flexible means of adding support for multipart
    file upload functionality to servlets and web applications.
  

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/commons-fileupload/commons-fileupload/1.5/commons-fileupload-1.5.jar
MD5: e57ac8a1a6412886a133a2fa08b89735
SHA1: ad4ad2ab2961b4e1891472bd1a33fabefb0385f3
SHA256:51f7b3dcb4e50c7662994da2f47231519ff99707a5c7fb7b05f4c4d3a1728c14
Referenced In Project/Scope: Simplicite Platform:compile
commons-fileupload-1.5.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.40

Identifiers

commons-imaging-1.0-alpha3.jar

Description:

Apache Commons Imaging (previously Sanselan) is a pure-Java image library.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/commons/commons-imaging/1.0-alpha3/commons-imaging-1.0-alpha3.jar
MD5: c08d610dd64f970d286444654733a38f
SHA1: 6c753938422d5810ab815a24337d062bf4e22614
SHA256:3c5efe8c6654eae6384f0c2e382fafec1f164be527117803d869f8df27b84853
Referenced In Project/Scope: Simplicite Platform:compile
commons-imaging-1.0-alpha3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.40

Identifiers

commons-io-2.11.0.jar

Description:

The Apache Commons IO library contains utility classes, stream implementations, file filters,
file comparators, endian transformation classes, and much more.
  

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/commons-io/commons-io/2.11.0/commons-io-2.11.0.jar
MD5: 3b4b7ccfaeceeac240b804839ee1a1ca
SHA1: a2503f302b11ebde7ebc3df41daebe0e4eea3689
SHA256:961b2f6d87dbacc5d54abf45ab7a6e2495f89b75598962d8c723cea9bc210908
Referenced In Project/Scope: Simplicite Platform:compile
commons-io-2.11.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.40

Identifiers

commons-lang-2.6.jar

Description:

        Commons Lang, a package of Java utility classes for the
        classes that are in java.lang's hierarchy, or are considered to be so
        standard as to justify existence in java.lang.
    

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/commons-lang/commons-lang/2.6/commons-lang-2.6.jar
MD5: 4d5c1693079575b362edf41500630bbd
SHA1: 0ce1edb914c94ebc388f086c6827e8bdeec71ac2
SHA256:50f11b09f877c294d56f24463f47d28f929cf5044f648661c0f0cfbae9a2f49c
Referenced In Project/Scope: Simplicite Platform:compile
commons-lang-2.6.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.40

Identifiers

commons-lang3-3.12.0.jar

Description:

  Apache Commons Lang, a package of Java utility classes for the
  classes that are in java.lang's hierarchy, or are considered to be so
  standard as to justify existence in java.lang.
  

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/commons/commons-lang3/3.12.0/commons-lang3-3.12.0.jar
MD5: 19fe50567358922bdad277959ea69545
SHA1: c6842c86792ff03b9f1d1fe2aab8dc23aa6c6f0e
SHA256:d919d904486c037f8d193412da0c92e22a9fa24230b9d67a57855c5c31c7e94e
Referenced In Project/Scope: Simplicite Platform:compile
commons-lang3-3.12.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.40

Identifiers

commons-logging-1.2.jar

Description:

Apache Commons Logging is a thin adapter allowing configurable bridging to other,
    well known logging systems.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/commons-logging/commons-logging/1.2/commons-logging-1.2.jar
MD5: 040b4b4d8eac886f6b4a2a3bd2f31b00
SHA1: 4bfc12adfe4842bf07b657f0369c4cb522955686
SHA256:daddea1ea0be0f56978ab3006b8ac92834afeefbd9b7e4e6316fca57df0fa636
Referenced In Project/Scope: Simplicite Platform:compile
commons-logging-1.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.40

Identifiers

commons-math3-3.6.1.jar

Description:

The Apache Commons Math project is a library of lightweight, self-contained mathematics and statistics components addressing the most common practical problems not immediately available in the Java programming language or commons-lang.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/commons/commons-math3/3.6.1/commons-math3-3.6.1.jar
MD5: 5b730d97e4e6368069de1983937c508e
SHA1: e4ba98f1d4b3c80ec46392f25e094a6a2e58fcbf
SHA256:1e56d7b058d28b65abd256b8458e3885b674c1d588fa43cd7d1cbb9c7ef2b308
Referenced In Project/Scope: Simplicite Platform:compile
commons-math3-3.6.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.40

Identifiers

commons-net-3.9.0.jar

Description:

Apache Commons Net library contains a collection of network utilities and protocol implementations.
Supported protocols include: Echo, Finger, FTP, NNTP, NTP, POP3(S), SMTP(S), Telnet, Whois
    

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/commons-net/commons-net/3.9.0/commons-net-3.9.0.jar
MD5: 5254d7c277c30a378518e99b9d1d3522
SHA1: 5a4e26802e0a5a42938f987976b55dae4a6cc636
SHA256:e3c1566f821b84489308cd933f57e8c00dd8714dc96b898bef844386510d3461
Referenced In Project/Scope: Simplicite Platform:compile
commons-net-3.9.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.40

Identifiers

commons-pool2-2.11.1.jar

Description:

The Apache Commons Object Pooling Library.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/commons/commons-pool2/2.11.1/commons-pool2-2.11.1.jar
MD5: 2210a041929e7c94485d5402458340b9
SHA1: 8970fd110c965f285ed4c6e40be7630c62db6f68
SHA256:ea0505ee7515e58b1ac0e686e4d1a5d9f7d808e251a61bc371aa0595b9963f83
Referenced In Project/Scope: Simplicite Platform:compile
commons-pool2-2.11.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.40

Identifiers

commons-text-1.10.0.jar

Description:

Apache Commons Text is a library focused on algorithms working on strings.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/commons/commons-text/1.10.0/commons-text-1.10.0.jar
MD5: 4afc9bfa2d31dbf7330c98fcc954b892
SHA1: 3363381aef8cef2dbc1023b3e3a9433b08b64e01
SHA256:770cd903fa7b604d1f7ef7ba17f84108667294b2b478be8ed1af3bffb4ae0018
Referenced In Project/Scope: Simplicite Platform:compile
commons-text-1.10.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.40

Identifiers

commons-validator-1.7.jar

Description:

    Apache Commons Validator provides the building blocks for both client side validation and server side data validation.
    It may be used standalone or with a framework like Struts.
  

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/commons-validator/commons-validator/1.7/commons-validator-1.7.jar
MD5: 4b6f22de69432bc03254b47310d59651
SHA1: 76069c915de3787f3ddd8726a56f47a95bfcbb0e
SHA256:4d74f4ce4fb68b2617edad086df6defdf9338467d2377d2c62e69038e1c4f02f
Referenced In Project/Scope: Simplicite Platform:compile
commons-validator-1.7.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.40

Identifiers

commons-vfs2-2.9.0.jar

Description:

Apache Commons VFS is a Virtual File System library.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/commons/commons-vfs2/2.9.0/commons-vfs2-2.9.0.jar
MD5: beba9c4909dd2799ee95c8e0c280dbf2
SHA1: 48115c2fb1c5f0a2498a4365162d6b69adec73f3
SHA256:266f96b77aa18773191f6992fc7910999bf8ee8a244ec67a3398b486eb726a7f
Referenced In Project/Scope: Simplicite Platform:compile
commons-vfs2-2.9.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.40

Identifiers

core-3.4.0.jar

Description:

Core barcode encoding/decoding library

License:

"The Apache Software License, Version 2.0";link="https://www.apache.org/licenses/LICENSE-2.0.txt"
File Path: /var/simplicite/.m2/repository/com/google/zxing/core/3.4.0/core-3.4.0.jar
MD5: 8542da29497cf33e80d7630e62d58a81
SHA1: 5264296c46634347890ec9250bc65f14b7362bf8
SHA256:65004806a669234c698fbe0755258100375fb01fe93b538455f3903713d4a50d
Referenced In Project/Scope: Simplicite Platform:compile
core-3.4.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/dev.samstevens.totp/totp@1.7.1

Identifiers

curvesapi-1.07.jar

Description:

Implementation of various mathematical curves that define themselves over a set of control points. The API is written in Java. The curves supported are: Bezier, B-Spline, Cardinal Spline, Catmull-Rom Spline, Lagrange, Natural Cubic Spline, and NURBS.

License:

BSD License: http://opensource.org/licenses/BSD-3-Clause
File Path: /var/simplicite/.m2/repository/com/github/virtuald/curvesapi/1.07/curvesapi-1.07.jar
MD5: 79e44d3a323887fba21a34202b8eb1f9
SHA1: 863654849995f9d4f0ed2ed1a3870da3a108473c
SHA256:b31539cdcf189d9e68a1f6998cba09ea912f99f5f24bcd0650212b1af9d355a2
Referenced In Project/Scope: Simplicite Platform:compile
curvesapi-1.07.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.poi/poi-ooxml@5.2.3

Identifiers

derby-10.16.1.1.jar

Description:

Contains the core Apache Derby database engine, which also includes the embedded JDBC driver.

File Path: /var/simplicite/.m2/repository/org/apache/derby/derby/10.16.1.1/derby-10.16.1.1.jar
MD5: d9c38ece80f4ec0756f54b06716a3dd6
SHA1: f9ca2054b3e33ec3f3f19df4a7490352d82de54a
SHA256:ede804cb04e871d7c52d2414e952ab939f9ef243abb7bd0ce7dbeb6e1e28bd0b
Referenced In Project/Scope: Simplicite Platform:runtime
derby-10.16.1.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.40

Identifiers

CVE-2022-46337  

A cleverly devised username might bypass LDAP authentication checks. In 
LDAP-authenticated Derby installations, this could let an attacker fill 
up the disk by creating junk Derby databases. In LDAP-authenticated 
Derby installations, this could also allow the attacker to execute 
malware which was visible to and executable by the account which booted 
the Derby server. In LDAP-protected databases which weren't also 
protected by SQL GRANT/REVOKE authorization, this vulnerability could 
also let an attacker view and corrupt sensitive data and run sensitive 
database functions and procedures.

Mitigation:

Users should upgrade to Java 21 and Derby 10.17.1.0.

Alternatively, users who wish to remain on older Java versions should 
build their own Derby distribution from one of the release families to 
which the fix was backported: 10.16, 10.15, and 10.14. Those are the 
releases which correspond, respectively, with Java LTS versions 17, 11, 
and 8.

CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

derbyshared-10.16.1.1.jar

Description:

The code which is shared across all Derby configurations.

File Path: /var/simplicite/.m2/repository/org/apache/derby/derbyshared/10.16.1.1/derbyshared-10.16.1.1.jar
MD5: e423cba3150f195debaf7ff0d307ecf6
SHA1: 77a3ec6b9791c7c29c76148c5d56fc1f3f12d638
SHA256:27d4be683a45f6c15940167277ce39bb7e26b9f6dc0bc05efbcf813cac5d2b8f
Referenced In Project/Scope: Simplicite Platform:runtime
derbyshared-10.16.1.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.derby/derby@10.16.1.1

Identifiers

CVE-2022-46337  

A cleverly devised username might bypass LDAP authentication checks. In 
LDAP-authenticated Derby installations, this could let an attacker fill 
up the disk by creating junk Derby databases. In LDAP-authenticated 
Derby installations, this could also allow the attacker to execute 
malware which was visible to and executable by the account which booted 
the Derby server. In LDAP-protected databases which weren't also 
protected by SQL GRANT/REVOKE authorization, this vulnerability could 
also let an attacker view and corrupt sensitive data and run sensitive 
database functions and procedures.

Mitigation:

Users should upgrade to Java 21 and Derby 10.17.1.0.

Alternatively, users who wish to remain on older Java versions should 
build their own Derby distribution from one of the release families to 
which the fix was backported: 10.16, 10.15, and 10.14. Those are the 
releases which correspond, respectively, with Java LTS versions 17, 11, 
and 8.

CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

diffutils-1.3.0.jar

Description:

The DiffUtils library for computing diffs, applying patches, generationg side-by-side view in Java.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/googlecode/java-diff-utils/diffutils/1.3.0/diffutils-1.3.0.jar
MD5: 638158a6bca62926aa9986c92ccb15e0
SHA1: 7e060dd5b19431e6d198e91ff670644372f60fbd
SHA256:61ba4dc49adca95243beaa0569adc2a23aedb5292ae78aa01186fa782ebdc5c2
Referenced In Project/Scope: Simplicite Platform:compile
diffutils-1.3.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.40

Identifiers

dtd-parser-1.4.5.jar

Description:

SAX-like API for parsing XML DTDs.

License:

Eclipse Distribution License - v 1.0: http://www.eclipse.org/org/documents/edl-v10.php
File Path: /var/simplicite/.m2/repository/com/sun/xml/dtd-parser/dtd-parser/1.4.5/dtd-parser-1.4.5.jar
MD5: b27b38e842491770c5a1953dc86468d1
SHA1: bd01768721835f13a6da58f6edea5f8c57ee7b3c
SHA256:a4cd6addced42e2f870dcca1716f459da51f06f2fe49430d2d128f147c8e929d
Referenced In Project/Scope: Simplicite Platform:compile
dtd-parser-1.4.5.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.glassfish.jaxb/jaxb-xjc@3.0.2

Identifiers

eddsa-0.3.0.jar

Description:

Implementation of EdDSA in Java

License:

CC0 1.0 Universal: https://creativecommons.org/publicdomain/zero/1.0/
File Path: /var/simplicite/.m2/repository/net/i2p/crypto/eddsa/0.3.0/eddsa-0.3.0.jar
MD5: ee7de3b6f19de76a06e465efc978f669
SHA1: 1901c8d4d8bffb7d79027686cfb91e704217c3e1
SHA256:4dda1120db856640dbec04140ed23242215a075fe127bdefa0dcfa29fb31267d
Referenced In Project/Scope: Simplicite Platform:compile
eddsa-0.3.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.eclipse.jgit/org.eclipse.jgit.ssh.apache@6.5.0.202303070854-r

Identifiers

ehcache-3.10.8.jar (shaded: org.ehcache.modules:ehcache-107:3.10.8)

Description:

The JSR-107 compatibility module of Ehcache 3

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/ehcache/ehcache/3.10.8/ehcache-3.10.8.jar/META-INF/maven/org.ehcache.modules/ehcache-107/pom.xml
MD5: cbb6582f7bae2d80eba99428ba1fa879
SHA1: 93ece0b8696af1b39d5a59f4ac001ff67ade031b
SHA256:881431ccba0094c52fde3d05f6800c5fa488f21ce8e0c253b3080868822362cb
Referenced In Project/Scope: Simplicite Platform:compile

Identifiers

ehcache-3.10.8.jar (shaded: org.ehcache.modules:ehcache-api:3.10.8)

Description:

The API module of Ehcache 3

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/ehcache/ehcache/3.10.8/ehcache-3.10.8.jar/META-INF/maven/org.ehcache.modules/ehcache-api/pom.xml
MD5: 684f68673f7e1877dd8710c9c20b66a8
SHA1: 5cb0644b5714e1cd3b9ed067db5b74c1d2f90405
SHA256:8cb81dbe787af826481c2a79ad85bef6e46cf429a982a765581142a823db54e5
Referenced In Project/Scope: Simplicite Platform:compile

Identifiers

ehcache-3.10.8.jar (shaded: org.ehcache.modules:ehcache-core:3.10.8)

Description:

The Core module of Ehcache 3

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/ehcache/ehcache/3.10.8/ehcache-3.10.8.jar/META-INF/maven/org.ehcache.modules/ehcache-core/pom.xml
MD5: 81e4d90adf09bff8de32a927f13fa7dd
SHA1: 1603c939dbc836b9a67ba29c8e3f5bde24a35345
SHA256:d26e487336af1baa60250c41d3f30d6f62fed549c8f282ecccdbb9a905f00a3f
Referenced In Project/Scope: Simplicite Platform:compile

Identifiers

ehcache-3.10.8.jar (shaded: org.ehcache.modules:ehcache-impl:3.10.8)

Description:

The implementation module of Ehcache 3

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/ehcache/ehcache/3.10.8/ehcache-3.10.8.jar/META-INF/maven/org.ehcache.modules/ehcache-impl/pom.xml
MD5: 68666160c19c3a231099a0d5d61f364f
SHA1: 99176e4618d2a09bbef35ab175273edf50b72f3c
SHA256:9ccbc05db652fe94233c346648fb06d503bfbf27f13aaaec4be87752b14f1d9c
Referenced In Project/Scope: Simplicite Platform:compile

Identifiers

ehcache-3.10.8.jar (shaded: org.ehcache.modules:ehcache-xml-spi:3.10.8)

Description:

This module contains the XML parsing SPI for Ehcache 3. This allows Ehcache extension services to provide XML configuration capabilities.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/ehcache/ehcache/3.10.8/ehcache-3.10.8.jar/META-INF/maven/org.ehcache.modules/ehcache-xml-spi/pom.xml
MD5: d692ac727407f129dc07ce98a6c309b2
SHA1: 35f69aaa6f9b7b413aa6c12c969f0e91ba1ffb1f
SHA256:aecb4a20f1ce69a777649b65343557329e031641481841a233973d857d2ba32d
Referenced In Project/Scope: Simplicite Platform:compile

Identifiers

ehcache-3.10.8.jar (shaded: org.ehcache.modules:ehcache-xml:3.10.8)

Description:

The module containing all XML parsing logic Ehcache 3

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/ehcache/ehcache/3.10.8/ehcache-3.10.8.jar/META-INF/maven/org.ehcache.modules/ehcache-xml/pom.xml
MD5: c0cfdd21ebfc0207a9516d08ab7e2858
SHA1: 0cec45ad454b3eb0d5cd4a5f4fffd71b1e462e31
SHA256:bd6c0ce56beca6eb6b0b6a55fcf3c86a652b8ddc0bb2cf390c8c3f3e660603fe
Referenced In Project/Scope: Simplicite Platform:compile

Identifiers

ehcache-3.10.8.jar (shaded: org.ehcache:sizeof:0.4.3)

Description:

SizeOf engine, extracted from Ehcache

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/ehcache/ehcache/3.10.8/ehcache-3.10.8.jar/META-INF/maven/org.ehcache/sizeof/pom.xml
MD5: c0ad3baef0ef03d4ca849743f1f26b70
SHA1: 8589b7bd18f4b3e12cd222a44bdcbbada5363da8
SHA256:9c03a981dbff96ff6b7d74dffb5e8a9a46bb66e06ba98d18f6b8ff4472bd0709
Referenced In Project/Scope: Simplicite Platform:compile

Identifiers

ehcache-3.10.8.jar (shaded: org.terracotta:offheap-store:2.5.3)

Description:

A library that offers data structures allocated off the java heap.

License:

The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/ehcache/ehcache/3.10.8/ehcache-3.10.8.jar/META-INF/maven/org.terracotta/offheap-store/pom.xml
MD5: f5ad26371f4a3b04c5b8a0a089639d87
SHA1: 1979a0cbe0be10a6d5215bb9cbbb5635b9314924
SHA256:d8ae272530d98560cf81066b0409bcba2648a2528c00bd0147253695bb5f0949
Referenced In Project/Scope: Simplicite Platform:compile

Identifiers

ehcache-3.10.8.jar (shaded: org.terracotta:statistics:2.1.2)

Description:

A statistics framework used inside Ehcache and the Terracotta products

License:

The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/ehcache/ehcache/3.10.8/ehcache-3.10.8.jar/META-INF/maven/org.terracotta/statistics/pom.xml
MD5: 9df3f5a18142de19c1c7f379885a4391
SHA1: 305a0214578ebf1c14e8d78adce1a5af028c8132
SHA256:25c36806fdcd2ab5e4c1c1c5625bc4f966c10a4a93ab3dd321aa82b3f9e43081
Referenced In Project/Scope: Simplicite Platform:compile

Identifiers

ehcache-3.10.8.jar (shaded: org.terracotta:terracotta-utilities-tools:0.0.15)

Description:

Utility classes/methods for common Java tasks

License:

The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/ehcache/ehcache/3.10.8/ehcache-3.10.8.jar/META-INF/maven/org.terracotta/terracotta-utilities-tools/pom.xml
MD5: e4749433aaf243a0fbc14ddad08bbe55
SHA1: 9b7960438f39f7be178e17bba391f38c7b38c860
SHA256:144603b5fb19b5900a9a28a3a5d7a74f4deeddbdc34d1de8a716f79f91854ada
Referenced In Project/Scope: Simplicite Platform:compile

Identifiers

ehcache-3.10.8.jar

Description:

End-user ehcache3 jar artifact

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/ehcache/ehcache/3.10.8/ehcache-3.10.8.jar
MD5: 35f94bd99bae66088df39d8a45e73468
SHA1: f0d50ede46609db78413ca7f4250d348a597b101
SHA256:bed87f71d8cd25a8a4ef65f274cc58301f28929a01417d0bee8d73953dc30bac
Referenced In Project/Scope: Simplicite Platform:compile
ehcache-3.10.8.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.40

Identifiers

ehcache-3.10.8.jar: sizeof-agent.jar

File Path: /var/simplicite/.m2/repository/org/ehcache/ehcache/3.10.8/ehcache-3.10.8.jar/org/ehcache/sizeof/impl/sizeof-agent.jar
MD5: 532dbbf741bfb7f531938786bc0bb970
SHA1: 4e5d8c485b09104825c0d8ec635f775ab522be06
SHA256:60e093acb08d3bc30235ef15941380195cbb85b1ec8b4afd672249f9c530e356
Referenced In Project/Scope: Simplicite Platform:compile

Identifiers

  • None

error_prone_annotations-2.11.0.jar

License:

Apache 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/google/errorprone/error_prone_annotations/2.11.0/error_prone_annotations-2.11.0.jar
MD5: 656ad66261b7e7ea472ed0ffeea773ea
SHA1: c5a0ace696d3f8b1c1d8cc036d8c03cc0cbe6b69
SHA256:721cb91842b46fa056847d104d5225c8b8e1e8b62263b993051e1e5a0137b7ec
Referenced In Project/Scope: Simplicite Platform:compile
error_prone_annotations-2.11.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.google.protobuf/protobuf-java-util@3.22.3

Identifiers

failureaccess-1.0.1.jar

Description:

    Contains
    com.google.common.util.concurrent.internal.InternalFutureFailureAccess and
    InternalFutures. Most users will never need to use this artifact. Its
    classes is conceptually a part of Guava, but they're in this separate
    artifact so that Android libraries can use them without pulling in all of
    Guava (just as they can use ListenableFuture by depending on the
    listenablefuture artifact).
  

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.jar
MD5: 091883993ef5bfa91da01dcc8fc52236
SHA1: 1dcf1de382a0bf95a3d8b0849546c88bac1292c9
SHA256:a171ee4c734dd2da837e4b16be9df4661afab72a41adaf31eb84dfdaf936ca26
Referenced In Project/Scope: Simplicite Platform:compile
failureaccess-1.0.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.google.guava/guava@31.1-jre

Identifiers

fast-and-simple-minify-1.0.jar

Description:

fast-and-simple-minify is a combined java-port of the JSMin and CSSMin utility with some additional features

License:

The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/ch/simschla/fast-and-simple-minify/1.0/fast-and-simple-minify-1.0.jar
MD5: 762fd1d990bb4e97a7581d2cd3255fc1
SHA1: ade6ae013ee38869b79eeb0661203451ddc16f46
SHA256:86e94527a0705c1ac20ff2b80e7d673975cc92f988210cc440f5bd1bb44087b5
Referenced In Project/Scope: Simplicite Platform:compile
fast-and-simple-minify-1.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.40

Identifiers

fontbox-2.0.28.jar

Description:

    The Apache FontBox library is an open source Java tool to obtain low level information
    from font files. FontBox is a subproject of Apache PDFBox.
  

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/pdfbox/fontbox/2.0.28/fontbox-2.0.28.jar
MD5: b63595ca4f3f2d2d1fb11af4dbce2da3
SHA1: cae8486c676f4119140a06dbec5f97bbae68c34b
SHA256:a915e4f01ff5b829a95231f6befd92401c319c09669e2d4fa0336441655e7395
Referenced In Project/Scope: Simplicite Platform:compile
fontbox-2.0.28.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.40

Identifiers

fuzzywuzzy-1.4.0.jar (shaded: me.xdrop:diffutils:1.3)

File Path: /var/simplicite/.m2/repository/me/xdrop/fuzzywuzzy/1.4.0/fuzzywuzzy-1.4.0.jar/META-INF/maven/me.xdrop/diffutils/pom.xml
MD5: 9d75ff06b99ebf130bb19c8e085714b2
SHA1: edcb90cdd072a9291d9580eb01656c925a73cdad
SHA256:8f44a4acb88339f7d9d858d504a8f88d268e4fc6094d0e55f8918227b87709bf
Referenced In Project/Scope: Simplicite Platform:compile

Identifiers

fuzzywuzzy-1.4.0.jar (shaded: me.xdrop:fuzzywuzzy-build:1.4.0)

Description:

Fuzzy string matching algorithm for Java

License:

GPL 2: https://www.gnu.org/licenses/old-licenses/gpl-2.0.html
File Path: /var/simplicite/.m2/repository/me/xdrop/fuzzywuzzy/1.4.0/fuzzywuzzy-1.4.0.jar/META-INF/maven/me.xdrop/fuzzywuzzy-build/pom.xml
MD5: e9fb268512b5315f56dee46872cd2c61
SHA1: c0374bdabe5a0d4c565da24af7f80250eedc865a
SHA256:dda03d552c25e71e5b8983f9c956ead1f7fd3cc2c73c7d195856758baa8a399e
Referenced In Project/Scope: Simplicite Platform:compile

Identifiers

fuzzywuzzy-1.4.0.jar

Description:

Fuzzy string searching implementation of the well-known fuzzywuzzy algorithm in Java

License:

GPL 2: https://www.gnu.org/licenses/old-licenses/gpl-2.0.html
File Path: /var/simplicite/.m2/repository/me/xdrop/fuzzywuzzy/1.4.0/fuzzywuzzy-1.4.0.jar
MD5: d46388ab184ae8849720ac3a46500cec
SHA1: 9ab5d0aa1c87892e7c4c53d74d1e008c1724cf1a
SHA256:23a2dd1f54b910675944f4c8d4845d7eaf1b780dd0ea89763733fd0b43a8258a
Referenced In Project/Scope: Simplicite Platform:compile
fuzzywuzzy-1.4.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.40

Identifiers

google-java-format-1.16.0.jar

Description:

    A Java source code formatter that follows Google Java Style.
  

File Path: /var/simplicite/.m2/repository/com/google/googlejavaformat/google-java-format/1.16.0/google-java-format-1.16.0.jar
MD5: 505664004942c7f223f4567d8448d210
SHA1: ac8e55ff8dce2cd11bdd08bf95cf9a2cb4af5296
SHA256:0cff5d0230ba20d538f3f70b2aa68bd33f9fdc69768cde07337c563c23eb7c43
Referenced In Project/Scope: Simplicite Platform:compile
google-java-format-1.16.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.40

Identifiers

graphics2d-0.32.jar

Description:

Graphics2D Bridge for Apache PDFBox

File Path: /var/simplicite/.m2/repository/de/rototor/pdfbox/graphics2d/0.32/graphics2d-0.32.jar
MD5: 164b89cef806e962457f2dda37915993
SHA1: d8892871a9a1446e94f25eb625a7eec3bfa31b15
SHA256:37f8f387395f96c214ac44f7475c7a2e1f832dfc1de289a3610e0ffbf728f679
Referenced In Project/Scope: Simplicite Platform:compile
graphics2d-0.32.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.openhtmltopdf/openhtmltopdf-pdfbox@1.0.10

Identifiers

graphql-java-20.2.jar (shaded: com.google.guava:guava:31.0.1-jre)

Description:

    Guava is a suite of core and expanded libraries that include
    utility classes, Google's collections, I/O classes, and
    much more.
  

File Path: /var/simplicite/.m2/repository/com/graphql-java/graphql-java/20.2/graphql-java-20.2.jar/META-INF/maven/com.google.guava/guava/pom.xml
MD5: 7b626959454a65ef1f2d7c63c866aa22
SHA1: d0ec1628dcc04e4835721416103672384ea3136f
SHA256:2be566920c21c60c5ccaf2827867caff766646e2113b7fcc3ee9c24a40b2f396
Referenced In Project/Scope: Simplicite Platform:compile

Identifiers

CVE-2023-2976  

Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class.

Even though the security vulnerability is fixed in version 32.0.0, we recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.

CWE-552 Files or Directories Accessible to External Parties

CVSSv3:
  • Base Score: HIGH (7.1)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:1.8/RC:R/MAV:A

References:

Vulnerable Software & Versions:

CVE-2020-8908  

A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in question has been marked @Deprecated in versions 30.0 and later and should not be used. For Android developers, we recommend choosing a temporary directory API provided by Android, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime's java.io.tmpdir system property to point to a location whose permissions are appropriately configured.

CWE-378 Creation of Temporary File With Insecure Permissions, CWE-732 Incorrect Permission Assignment for Critical Resource

CVSSv2:
  • Base Score: LOW (2.1)
  • Vector: /AV:L/AC:L/Au:N/C:P/I:N/A:N
CVSSv3:
  • Base Score: LOW (3.3)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:1.8/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

graphql-java-20.2.jar (shaded: org.antlr:antlr4-runtime:4.9.3)

Description:

The ANTLR 4 Runtime

File Path: /var/simplicite/.m2/repository/com/graphql-java/graphql-java/20.2/graphql-java-20.2.jar/META-INF/maven/org.antlr/antlr4-runtime/pom.xml
MD5: 60e00b56e1ccc29d9ff97820575191fa
SHA1: 7ed961275fcdee7e2b69a66bf1ae6c4f9f5a1ab8
SHA256:4f7e44e4ea0629fa3a759b1116feb9fb28814e95f791e1eeedd20c12889d7aa4
Referenced In Project/Scope: Simplicite Platform:compile

Identifiers

graphql-java-20.2.jar

Description:

GraphqL Java

License:

MIT: https://github.com/graphql-java/graphql-java/blob/master/LICENSE.md
File Path: /var/simplicite/.m2/repository/com/graphql-java/graphql-java/20.2/graphql-java-20.2.jar
MD5: 4aa9caaa0a0f5204eb913eb0f2e60d5c
SHA1: e1c82dba7f2e1c08d3b7759ba3a30aafab046b00
SHA256:98c63c1bf51876f84a3770573279be4f98bbfc2c86d6b4819c327fa1cbd2b137
Referenced In Project/Scope: Simplicite Platform:compile
graphql-java-20.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.40

Identifiers

gson-2.8.9.jar

Description:

Gson JSON library

License:

Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/google/code/gson/gson/2.8.9/gson-2.8.9.jar
MD5: e67627f67e03301092dc7de0a2d7cef8
SHA1: 8a432c1d6825781e21a02db2e2c33c5fde2833b9
SHA256:d3999291855de495c94c743761b8ab5176cfeabe281a5ab0d8e8d45326fd703e
Referenced In Project/Scope: Simplicite Platform:compile
gson-2.8.9.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.40

Identifiers