Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies;
false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and
the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties,
implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided
is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever
arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
Scan Information (
show all ):
dependency-check version : 5.3.2Report Generated On : Mon, 20 Apr 2020 20:11:51 +0200Dependencies Scanned : 21 (21 unique)Vulnerable Dependencies : 1 Vulnerabilities Found : 2Vulnerabilities Suppressed : 0... NVD CVE Checked : 2020-04-20T20:09:46NVD CVE Modified : 2020-04-20T18:03:43VersionCheckOn : 2020-04-19T10:27:56Summary Display:
Showing Vulnerable Dependencies (click to show all) Dependencies Description:
The Apache Commons FileUpload component provides a simple yet flexible means of adding support for multipart
file upload functionality to servlets and web applications.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/lukaszlenart/.m2/repository/commons-fileupload/commons-fileupload/1.4/commons-fileupload-1.4.jar
MD5: 0c3b924dcaaa90c3fb93fe04ae96a35e
SHA1: f95188e3d372e20e7328706c37ef366e5d7859b0
SHA256: a4ec02336f49253ea50405698b79232b8c5cbf02cb60df3a674d77a749a1def7
Referenced In Project/Scope: Struts 2 OVal Plugin:compile
Evidence Type Source Name Value Confidence Vendor Manifest bundle-docurl http://commons.apache.org/proper/commons-fileupload/ Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor jar package name apache Highest Vendor jar package name fileupload Highest Vendor pom url http://commons.apache.org/proper/commons-fileupload/ Highest Vendor pom groupid commons-fileupload Highest Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom artifactid commons-fileupload Low Vendor pom parent-groupid org.apache.commons Medium Vendor jar package name commons Highest Vendor Manifest implementation-url http://commons.apache.org/proper/commons-fileupload/ Low Vendor Manifest implementation-build UNKNOWN@r047f31576411beee69cf75584ae76531cc9ac753; 2018-12-24 07:06:18+0000 Low Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor pom name Apache Commons FileUpload High Vendor file name commons-fileupload High Vendor Manifest bundle-symbolicname org.apache.commons.commons-fileupload Medium Vendor pom parent-artifactid commons-parent Low Product Manifest specification-title Apache Commons FileUpload Medium Product Manifest bundle-docurl http://commons.apache.org/proper/commons-fileupload/ Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product jar package name apache Highest Product jar package name fileupload Highest Product Manifest Implementation-Title Apache Commons FileUpload High Product Manifest Bundle-Name Apache Commons FileUpload Medium Product pom groupid commons-fileupload Highest Product pom parent-groupid org.apache.commons Medium Product pom parent-artifactid commons-parent Medium Product jar package name commons Highest Product pom url http://commons.apache.org/proper/commons-fileupload/ Medium Product Manifest implementation-url http://commons.apache.org/proper/commons-fileupload/ Low Product pom artifactid commons-fileupload Highest Product Manifest implementation-build UNKNOWN@r047f31576411beee69cf75584ae76531cc9ac753; 2018-12-24 07:06:18+0000 Low Product pom name Apache Commons FileUpload High Product file name commons-fileupload High Product Manifest bundle-symbolicname org.apache.commons.commons-fileupload Medium Version pom parent-version 1.4 Low Version pom version 1.4 Highest Version file version 1.4 High Version Manifest Implementation-Version 1.4 High
Description:
The Apache Commons IO library contains utility classes, stream implementations, file filters,
file comparators, endian transformation classes, and much more.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/lukaszlenart/.m2/repository/commons-io/commons-io/2.6/commons-io-2.6.jar
MD5: 467c2a1f64319c99b5faf03fc78572af
SHA1: 815893df5f31da2ece4040fe0a12fd44b577afaf
SHA256: f877d304660ac2a142f3865badfc971dec7ed73c747c7f8d5d2f5139ca736513
Referenced In Project/Scope: Struts 2 OVal Plugin:compile
Evidence Type Source Name Value Confidence Vendor Manifest bundle-symbolicname org.apache.commons.io Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor Manifest bundle-docurl http://commons.apache.org/proper/commons-io/ Low Vendor pom groupid commons-io Highest Vendor jar package name apache Highest Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom url http://commons.apache.org/proper/commons-io/ Highest Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Vendor Manifest implementation-url http://commons.apache.org/proper/commons-io/ Low Vendor file name commons-io High Vendor jar package name io Highest Vendor pom parent-groupid org.apache.commons Medium Vendor jar package name commons Highest Vendor pom name Apache Commons IO High Vendor Manifest automatic-module-name org.apache.commons.io Medium Vendor pom artifactid commons-io Low Vendor Manifest Implementation-Vendor-Id commons-io Medium Vendor pom parent-artifactid commons-parent Low Product Manifest Implementation-Title Apache Commons IO High Product Manifest bundle-symbolicname org.apache.commons.io Medium Product Manifest bundle-docurl http://commons.apache.org/proper/commons-io/ Low Product jar package name apache Highest Product Manifest specification-title Apache Commons IO Medium Product pom groupid commons-io Highest Product pom url http://commons.apache.org/proper/commons-io/ Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Product Manifest implementation-url http://commons.apache.org/proper/commons-io/ Low Product file name commons-io High Product jar package name io Highest Product pom parent-groupid org.apache.commons Medium Product pom parent-artifactid commons-parent Medium Product jar package name commons Highest Product pom name Apache Commons IO High Product pom artifactid commons-io Highest Product Manifest Bundle-Name Apache Commons IO Medium Product Manifest automatic-module-name org.apache.commons.io Medium Version pom version 2.6 Highest Version Manifest Implementation-Version 2.6 High Version pom parent-version 2.6 Low Version file version 2.6 High
Description:
Apache Commons Lang, a package of Java utility classes for the
classes that are in java.lang's hierarchy, or are considered to be so
standard as to justify existence in java.lang.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/lukaszlenart/.m2/repository/org/apache/commons/commons-lang3/3.10/commons-lang3-3.10.jar
MD5: 238dcae7363dd86b2e515a2a29e8b4d9
SHA1: e155460aaf5b464062a09c3923f089ce99128a17
SHA256: 28968ae55fff465494083aeba856f8824c34902329882bf61e77246a91e25aa9
Referenced In Project/Scope: Struts 2 OVal Plugin:compile
Evidence Type Source Name Value Confidence Vendor Manifest automatic-module-name org.apache.commons.lang3 Medium Vendor pom name Apache Commons Lang High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor jar package name apache Highest Vendor pom artifactid commons-lang3 Low Vendor file name commons-lang3 High Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom url https://commons.apache.org/proper/commons-lang/ Highest Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor jar package name lang3 Highest Vendor pom parent-groupid org.apache.commons Medium Vendor jar package name commons Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://commons.apache.org/proper/commons-lang/ Low Vendor pom groupid apache.commons Highest Vendor pom groupid org.apache.commons Highest Vendor Manifest bundle-symbolicname org.apache.commons.lang3 Medium Vendor pom parent-artifactid commons-parent Low Product Manifest automatic-module-name org.apache.commons.lang3 Medium Product pom name Apache Commons Lang High Product jar package name apache Highest Product Manifest specification-title Apache Commons Lang Medium Product file name commons-lang3 High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product jar package name lang3 Highest Product pom artifactid commons-lang3 Highest Product pom parent-groupid org.apache.commons Medium Product pom parent-artifactid commons-parent Medium Product jar package name commons Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest Implementation-Title Apache Commons Lang High Product Manifest bundle-docurl https://commons.apache.org/proper/commons-lang/ Low Product pom groupid apache.commons Highest Product Manifest bundle-symbolicname org.apache.commons.lang3 Medium Product Manifest Bundle-Name Apache Commons Lang Medium Product pom url https://commons.apache.org/proper/commons-lang/ Medium Version file version 3.10 High Version pom version 3.10 Highest Version Manifest Implementation-Version 3.10 High Version pom parent-version 3.10 Low
Description:
Apache Commons Text is a library focused on algorithms working on strings. License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/lukaszlenart/.m2/repository/org/apache/commons/commons-text/1.8/commons-text-1.8.jar
MD5: f2243d67b348e7175f55902cdb7e54af
SHA1: 879a6bde4c0537a25504c72ec7a94ba4099f469c
SHA256: 6fe7ad4ad5349d6b77e7a0e1c9f6037108a1ee48c42e7e6eb4b18f56d324f7b2
Referenced In Project/Scope: Struts 2 OVal Plugin:compile
Evidence Type Source Name Value Confidence Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor jar package name apache Highest Vendor pom url https://commons.apache.org/proper/commons-text Highest Vendor Manifest bundle-docurl https://commons.apache.org/proper/commons-text Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor jar package name text Highest Vendor pom parent-groupid org.apache.commons Medium Vendor jar package name commons Highest Vendor pom groupid apache.commons Highest Vendor pom groupid org.apache.commons Highest Vendor file name commons-text High Vendor Manifest implementation-url https://commons.apache.org/proper/commons-text Low Vendor pom artifactid commons-text Low Vendor Manifest automatic-module-name org.apache.commons.text Medium Vendor pom name Apache Commons Text High Vendor Manifest bundle-symbolicname org.apache.commons.commons-text Medium Vendor Manifest Implementation-Vendor-Id org.apache.commons Medium Vendor pom parent-artifactid commons-parent Low Product Manifest Bundle-Name Apache Commons Text Medium Product jar package name apache Highest Product Manifest bundle-docurl https://commons.apache.org/proper/commons-text Low Product Manifest Implementation-Title Apache Commons Text High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product Manifest specification-title Apache Commons Text Medium Product jar package name text Highest Product pom parent-groupid org.apache.commons Medium Product pom parent-artifactid commons-parent Medium Product jar package name commons Highest Product pom groupid apache.commons Highest Product file name commons-text High Product Manifest implementation-url https://commons.apache.org/proper/commons-text Low Product pom artifactid commons-text Highest Product Manifest automatic-module-name org.apache.commons.text Medium Product pom name Apache Commons Text High Product pom url https://commons.apache.org/proper/commons-text Medium Product Manifest bundle-symbolicname org.apache.commons.commons-text Medium Version pom parent-version 1.8 Low Version Manifest Implementation-Version 1.8 High Version file version 1.8 High Version pom version 1.8 Highest
Description:
FreeMarker is a "template engine"; a generic tool to generate text output based on templates.
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/lukaszlenart/.m2/repository/org/freemarker/freemarker/2.3.30/freemarker-2.3.30.jar
MD5: e702848d716f17cd39fabfe2415e104e
SHA1: 86d70d335c7821178f62b554aa3a4bc538a94f1a
SHA256: 6586433d90957c0b05a32bce07c71e8cebcea6afbea2e043bfe0c576c4d94338
Referenced In Project/Scope: Struts 2 OVal Plugin:compile
Evidence Type Source Name Value Confidence Vendor Manifest Implementation-Vendor freemarker.org High Vendor jar package name template Highest Vendor pom groupid org.freemarker Highest Vendor pom url https://freemarker.apache.org/ Highest Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.8, JavaSE-1.7, JavaSE-1.6, J2SE-1.5 Low Vendor pom name Apache FreeMarker High Vendor pom groupid freemarker Highest Vendor jar package name freemarker Highest Vendor pom parent-groupid org.apache Medium Vendor Manifest extension-name FreeMarker Medium Vendor pom parent-artifactid apache Low Vendor Manifest dstamp 20200216 Low Vendor pom artifactid freemarker Low Vendor Manifest today February 16 2020 Low Vendor pom organization name Apache Software Foundation High Vendor pom organization url http://apache.org Medium Vendor Manifest tstamp 1915 Low Vendor file name freemarker High Vendor Manifest bundle-symbolicname org.freemarker.freemarker Medium Vendor Manifest specification-vendor freemarker.org Low Product jar package name template Highest Product Manifest bundle-requiredexecutionenvironment JavaSE-1.8, JavaSE-1.7, JavaSE-1.6, J2SE-1.5 Low Product pom name Apache FreeMarker High Product pom groupid freemarker Highest Product pom artifactid freemarker Highest Product jar package name freemarker Highest Product Manifest Bundle-Name org.freemarker.freemarker Medium Product pom parent-groupid org.apache Medium Product pom url https://freemarker.apache.org/ Medium Product Manifest extension-name FreeMarker Medium Product pom organization url http://apache.org Low Product Manifest dstamp 20200216 Low Product pom organization name Apache Software Foundation Low Product Manifest today February 16 2020 Low Product Manifest specification-title FreeMarker Medium Product Manifest tstamp 1915 Low Product file name freemarker High Product Manifest bundle-symbolicname org.freemarker.freemarker Medium Product Manifest Implementation-Title FreeMarker High Product pom parent-artifactid apache Medium Version Manifest Implementation-Version 2.3.30 High Version pom version 2.3.30 Highest Version file version 2.3.30 High Version pom parent-version 2.3.30 Low
Description:
Javassist (JAVA programming ASSISTant) makes Java bytecode manipulation
simple. It is a class library for editing bytecodes in Java.
License:
MPL 1.1: http://www.mozilla.org/MPL/MPL-1.1.html
LGPL 2.1: http://www.gnu.org/licenses/lgpl-2.1.html
Apache License 2.0: http://www.apache.org/licenses/ File Path: /Users/lukaszlenart/.m2/repository/org/javassist/javassist/3.24.1-GA/javassist-3.24.1-GA.jar
MD5: 527cebd64b0f941d5058bae3d1726d06
SHA1: 921b466d6a14a8edbe25923c973fd767fc71c045
SHA256: 5d57ea5b0ec8cb46143dfe521f888b208028be126f274cc4f852e641755f1553
Referenced In Project/Scope: Struts 2 OVal Plugin:compile
Evidence Type Source Name Value Confidence Vendor file name javassist High Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Vendor jar package name javassist Highest Vendor pom organization name Shigeru Chiba, www.javassist.org High Vendor pom artifactid javassist Low Vendor pom name Javassist High Vendor pom groupid org.javassist Highest Vendor pom url http://www.javassist.org/ Highest Vendor jar package name bytecode Highest Vendor Manifest specification-vendor Shigeru Chiba, www.javassist.org Low Vendor pom groupid javassist Highest Vendor Manifest bundle-symbolicname javassist Medium Product file name javassist High Product pom artifactid javassist Highest Product pom organization name Shigeru Chiba, www.javassist.org Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Product jar package name javassist Highest Product Manifest Bundle-Name Javassist Medium Product pom name Javassist High Product pom url http://www.javassist.org/ Medium Product Manifest specification-title Javassist Medium Product jar package name bytecode Highest Product pom groupid javassist Highest Product Manifest bundle-symbolicname javassist Medium Version Manifest specification-version 3.24.1-GA High Version pom version 3.24.1-GA Highest
Description:
The Apache Log4j API License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/lukaszlenart/.m2/repository/org/apache/logging/log4j/log4j-api/2.13.1/log4j-api-2.13.1.jar
MD5: 65795ba3dfef693a82bdfb369d030439
SHA1: cc670f92dc77bbf4540904c3fa211b997cba00d8
SHA256: 307fffc2623d010e3fe67d9f6b101c14bae33ec310e5f56960d491885fd59630
Referenced In Project/Scope: Struts 2 OVal Plugin:compile
Evidence Type Source Name Value Confidence Vendor Manifest Implementation-Vendor-Id org.apache.logging.log4j Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor jar package name apache Highest Vendor pom groupid apache.logging.log4j Highest Vendor Manifest implementation-url https://logging.apache.org/log4j/2.x/log4j-api/ Low Vendor Manifest log4jreleasekey B3D8E1BA Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor pom parent-groupid org.apache.logging.log4j Medium Vendor Manifest log4jreleasemanager Ralph Goers Low Vendor pom groupid org.apache.logging.log4j Highest Vendor jar package name logging Highest Vendor file name log4j-api High Vendor Manifest bundle-docurl https://www.apache.org/ Low Vendor pom parent-artifactid log4j Low Vendor Manifest multi-release true Low Vendor pom name Apache Log4j API High Vendor jar package name org Highest Vendor Manifest bundle-symbolicname org.apache.logging.log4j.api Medium Vendor pom artifactid log4j-api Low Vendor jar package name log4j Highest Product Manifest Implementation-Title Apache Log4j API High Product jar package name apache Highest Product pom groupid apache.logging.log4j Highest Product Manifest specification-title Apache Log4j API Medium Product Manifest implementation-url https://logging.apache.org/log4j/2.x/log4j-api/ Low Product Manifest log4jreleasekey B3D8E1BA Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product pom parent-groupid org.apache.logging.log4j Medium Product Manifest log4jreleasemanager Ralph Goers Low Product jar package name logging Highest Product file name log4j-api High Product Manifest bundle-docurl https://www.apache.org/ Low Product Manifest multi-release true Low Product pom artifactid log4j-api Highest Product pom name Apache Log4j API High Product jar package name org Highest Product pom parent-artifactid log4j Medium Product Manifest Bundle-Name Apache Log4j API Medium Product Manifest bundle-symbolicname org.apache.logging.log4j.api Medium Product jar package name log4j Highest Version file version 2.13.1 High Version pom version 2.13.1 Highest Version Manifest Implementation-Version 2.13.1 High Version Manifest Bundle-Version 2.13.1 High Version Manifest log4jreleaseversion 2.13.1 Medium
Description:
OGNL - Object Graph Navigation Library License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/lukaszlenart/.m2/repository/ognl/ognl/3.2.14/ognl-3.2.14.jar
MD5: 0baa4d72fcb508e100c821518e5cdf19
SHA1: 18178dd7cfcb8b81c262c072b60a5bf701073917
SHA256: 02da5bd743cbaab1ebb61a17844b122f52cc69d10b23a8e3356f55c1e6988e71
Referenced In Project/Scope: Struts 2 OVal Plugin:compile
Evidence Type Source Name Value Confidence Vendor pom artifactid ognl Low Vendor pom organization url http://www.opensymphony.com Medium Vendor pom name OGNL - Object Graph Navigation Library High Vendor pom organization name OpenSymphony High Vendor pom groupid ognl Highest Vendor file name ognl High Vendor Manifest automatic-module-name ognl Medium Vendor pom url jkuhnert/ognl/ Highest Vendor jar package name ognl Highest Product pom url jkuhnert/ognl/ High Product pom name OGNL - Object Graph Navigation Library High Product pom artifactid ognl Highest Product pom groupid ognl Highest Product file name ognl High Product Manifest automatic-module-name ognl Medium Product jar package name ognl Highest Product pom organization name OpenSymphony Low Product pom organization url http://www.opensymphony.com Low Version file version 3.2.14 High Version pom version 3.2.14 Highest
Description:
OVal is a pragmatic and extensible validation framework for any kind of Java objects (not only JavaBeans).
Constraints can be declared with annotations (@NotNull, @MaxLength), POJOs or XML.
Custom constraints can be expressed as custom Java classes or by using scripting languages such as JavaScript, Groovy, BeanShell, OGNL or MVEL.
Besides field/property validation OVal implements Programming by Contract features by utilizing AspectJ based aspects. This for example allows runtime validation of method arguments. License:
Eclipse Public License 1.0: http://www.spdx.org/licenses/EPL-1.0 File Path: /Users/lukaszlenart/.m2/repository/net/sf/oval/oval/1.90/oval-1.90.jar
MD5: 356793921c338506b56bda9a113d2f4e
SHA1: 1827d5ad7c049ba0618c8c8f36ecced1db3e75b0
SHA256: b61418a77abb2c16dc2d7fc8146e50164a79415b22dc7e54553bd5376418b198
Referenced In Project/Scope: Struts 2 OVal Plugin:compile
Evidence Type Source Name Value Confidence Vendor Manifest specification-url http://oval.sf.net Low Vendor Manifest Implementation-Vendor High Vendor Manifest bundle-symbolicname net.sf.oval;singleton:=true Medium Vendor pom name OVal High Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor Manifest Implementation-Vendor-Id net.sf.oval Medium Vendor pom url http://oval.sf.net Highest Vendor Manifest specification-vendor Low Vendor jar package name constraints Highest Vendor pom artifactid oval Low Vendor jar package name oval Highest Vendor Manifest implementation-url http://oval.sf.net Low Vendor jar package name sf Highest Vendor jar package name validation Highest Vendor jar package name net Highest Vendor pom groupid net.sf.oval Highest Vendor Manifest eclipse-lazystart true Low Vendor Manifest require-bundle org.aspectj.runtime;bundle-version="1.6.0";resolution:=optional,org.apache.commons.logging;resolution:=optional,org.apache.commons.jexl;resolution:=optional,org.apache.log4j;resolution:=optional,org.codehaus.groovy;resolution:=optional,org.thoughtworks.paranamer;resolution:=optional,org.thoughtworks.xstream;resolution:=optional,org.mvel;resolution:=optional,org.mozilla.javascript;resolution:=optional,org.jruby;resolution:=optional,org.springframework.bundle.spring;resolution:=optional Low Vendor file name oval High Vendor Manifest eclipse-buddypolicy registered Low Product Manifest specification-url http://oval.sf.net Low Product Manifest bundle-symbolicname net.sf.oval;singleton:=true Medium Product pom name OVal High Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product Manifest Bundle-Name OVal - the Object Validation Framework for Java 5 or later Medium Product jar package name constraints Highest Product jar package name logging Highest Product jar package name oval Highest Product Manifest implementation-url http://oval.sf.net Low Product jar package name sf Highest Product Manifest specification-title OVal Medium Product jar package name validation Highest Product jar package name net Highest Product pom artifactid oval Highest Product Manifest eclipse-lazystart true Low Product pom groupid net.sf.oval Highest Product pom url http://oval.sf.net Medium Product Manifest require-bundle org.aspectj.runtime;bundle-version="1.6.0";resolution:=optional,org.apache.commons.logging;resolution:=optional,org.apache.commons.jexl;resolution:=optional,org.apache.log4j;resolution:=optional,org.codehaus.groovy;resolution:=optional,org.thoughtworks.paranamer;resolution:=optional,org.thoughtworks.xstream;resolution:=optional,org.mvel;resolution:=optional,org.mozilla.javascript;resolution:=optional,org.jruby;resolution:=optional,org.springframework.bundle.spring;resolution:=optional Low Product file name oval High Product Manifest eclipse-buddypolicy registered Low Product Manifest Implementation-Title OVal High Version file version 1.90 High Version Manifest Bundle-Version 1.90 High Version Manifest Implementation-Version 1.90 High Version pom version 1.90 Highest
pkg:maven/net.sf.oval/oval@1.90 (Confidence :High)cpe:2.3:a:apache:groovy:1.90:*:*:*:*:*:*:* (Confidence :Low) suppress cpe:2.3:a:apache:log4j:1.90:*:*:*:*:*:*:* (Confidence :Low) suppress cpe:2.3:a:jruby:jruby:1.90:*:*:*:*:*:*:* (Confidence :Low) suppress cpe:2.3:a:xstream_project:xstream:1.90:*:*:*:*:*:*:* (Confidence :Low) suppress Published Vulnerabilities CVE-2016-6497 suppress
main/java/org/apache/directory/groovyldap/LDAP.java in the Groovy LDAP API in Apache allows attackers to conduct LDAP entry poisoning attacks by leveraging setting returnObjFlag to true for all search methods. CWE-254 7PK - Security Features
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:N CVSSv3:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N References:
Vulnerable Software & Versions:
CVE-2016-6814 suppress
When an application with unsupported Codehaus versions of Groovy from 1.7.0 to 2.4.3, Apache Groovy 2.4.4 to 2.4.7 on classpath uses standard Java serialization mechanisms, e.g. to communicate between servers or to store local data, it was possible for an attacker to bake a special serialized object that will execute code directly when deserialized. All applications which rely on serialization and do not isolate the code which deserializes objects were subject to this vulnerability. CWE-502 Deserialization of Untrusted Data
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions: (show all )
Description:
Apache Struts 2 License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/lukaszlenart/.m2/repository/org/apache/struts/struts2-core/2.6-SNAPSHOT/struts2-core-2.6-SNAPSHOT.jar
MD5: bdabb37e4b04f29f4ca390fa2aefce44
SHA1: 64a03701b6797529aaa7cb200f803b7b26c6bb3f
SHA256: e2932ae7ddfa0747221ea42a6d12263237248e3ab9c2ed12b162c13a06147183
Referenced In Project/Scope: Struts 2 OVal Plugin:compile
Evidence Type Source Name Value Confidence Vendor Manifest originally-created-by Apache Maven Bundle Plugin Low Vendor jar package name struts2 Highest Vendor Manifest implementation-url http://struts.apache.org/struts2-core/ Low Vendor pom groupid apache.struts Highest Vendor Manifest bundle-docurl http://www.apache.org Low Vendor jar package name apache Highest Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor pom artifactid struts2-core Low Vendor Manifest Implementation-Vendor-Id org.apache.struts Medium Vendor Manifest build-jdk-spec 1.8 Low Vendor pom name Struts 2 Core High Vendor Manifest specification-vendor Apache Software Foundation Low Vendor pom parent-artifactid struts2-parent Low Vendor file name struts2-core High Vendor pom groupid org.apache.struts Highest Vendor Manifest bundle-symbolicname org.apache.struts.2-core Medium Vendor Manifest Implementation-Vendor Apache Software Foundation High Vendor pom parent-groupid org.apache.struts Medium Product Manifest originally-created-by Apache Maven Bundle Plugin Low Product jar package name struts2 Highest Product Manifest implementation-url http://struts.apache.org/struts2-core/ Low Product pom groupid apache.struts Highest Product pom parent-artifactid struts2-parent Medium Product Manifest bundle-docurl http://www.apache.org Low Product jar package name apache Highest Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product pom artifactid struts2-core Highest Product Manifest build-jdk-spec 1.8 Low Product pom name Struts 2 Core High Product jar package name filter Highest Product Manifest Bundle-Name Struts 2 Core Medium Product file name struts2-core High Product Manifest bundle-symbolicname org.apache.struts.2-core Medium Product pom parent-groupid org.apache.struts Medium Product Manifest Implementation-Title Struts 2 Core High Product Manifest specification-title Struts 2 Core Medium Version Manifest Implementation-Version 2.6-SNAPSHOT High Version pom version 2.6-SNAPSHOT Highest
File Path: /Users/lukaszlenart/.m2/repository/org/apache/struts/struts2-core/2.6-SNAPSHOT/struts2-core-2.6-SNAPSHOT.jar/org/apache/struts2/static/domTT.jsMD5: 44ed51154c7fa928005f39bbbed7d01aSHA1: 5584aa1028220f041ff7d89c48e9e8ffeaa05256SHA256: 60c72fad5a9688fc6a143176d84814b9ea2c4c9c882b4799921b950c415b961eReferenced In Project/Scope: Struts 2 OVal Plugin:compile
Evidence Type Source Name Value Confidence
File Path: /Users/lukaszlenart/.m2/repository/org/apache/struts/struts2-core/2.6-SNAPSHOT/struts2-core-2.6-SNAPSHOT.jar/org/apache/struts2/static/inputtransferselect.jsMD5: 2955e039eab5ef8216705c05d239f378SHA1: 94316238b9eb45a97e2547fa66881cca27a5b6eeSHA256: e5ef24f60cfb27a88880ee89ba6eb4664bbebe0c32d3dc1ce385cbe6d8b01194Referenced In Project/Scope: Struts 2 OVal Plugin:compile
Evidence Type Source Name Value Confidence
File Path: /Users/lukaszlenart/.m2/repository/org/apache/struts/struts2-core/2.6-SNAPSHOT/struts2-core-2.6-SNAPSHOT.jar/jshint.conf.jsMD5: 7b7c2d7894e972b45298ea8d533008d7SHA1: 5a88e8d212d51cdc3ac0305978dfc483ce25fa25SHA256: 15942ecb04925afc65666d3d8f758ed0e65f90f7b5faec2b7381e29e397200c6Referenced In Project/Scope: Struts 2 OVal Plugin:compile
Evidence Type Source Name Value Confidence
File Path: /Users/lukaszlenart/.m2/repository/org/apache/struts/struts2-core/2.6-SNAPSHOT/struts2-core-2.6-SNAPSHOT.jar/org/apache/struts2/static/optiontransferselect.jsMD5: f4194635b442cd6a9354132eb1f5c544SHA1: 51fd3c3d66bed260a48bcc1bc9f56c799acab501SHA256: 2028278976d9adfaa90186556cca99bbd476df3818155161d877272b738cc762Referenced In Project/Scope: Struts 2 OVal Plugin:compile
Evidence Type Source Name Value Confidence
File Path: /Users/lukaszlenart/.m2/repository/org/apache/struts/struts2-core/2.6-SNAPSHOT/struts2-core-2.6-SNAPSHOT.jar/org/apache/struts2/static/utils.jsMD5: a1287feb0882f494dc6ebfbdcb2c8d6aSHA1: 61201962d41fec8139c940c5a1468796d49a6139SHA256: 309abee1bddd03fe16c196e2cc00b58318ff707764824d9b71a38f667736720dReferenced In Project/Scope: Struts 2 OVal Plugin:compile
Evidence Type Source Name Value Confidence
File Path: /Users/lukaszlenart/.m2/repository/org/apache/struts/struts2-core/2.6-SNAPSHOT/struts2-core-2.6-SNAPSHOT.jar/template/xhtml/validation.jsMD5: dea68bdb50b41aee5fc61170e3faf14eSHA1: affda7d0fecb0d16b9ebfc119833ec50ee920b4bSHA256: fdbcbc87e6495252ff1d697712e1604733d1cf6299b2f7075fdc27c2fa23687eReferenced In Project/Scope: Struts 2 OVal Plugin:compile
Evidence Type Source Name Value Confidence
File Path: /Users/lukaszlenart/.m2/repository/org/apache/struts/struts2-core/2.6-SNAPSHOT/struts2-core-2.6-SNAPSHOT.jar/template/css_xhtml/validation.jsMD5: c66d23a2391879f74077a1af7888ede7SHA1: c4c980b34207fbca373f2032c770371606220da2SHA256: ec4dc0658f00c3a64e9a890565a3dfb71678babb484d2960c22f123c10f2c03cReferenced In Project/Scope: Struts 2 OVal Plugin:compile
Evidence Type Source Name Value Confidence
File Path: /Users/lukaszlenart/.m2/repository/org/apache/struts/struts2-core/2.6-SNAPSHOT/struts2-core-2.6-SNAPSHOT.jar/org/apache/struts2/interceptor/debugging/webconsole.jsMD5: a7202aefd2637c63ee607db0a608c6deSHA1: 5618fb1f032d4972287158e5754570992448695dSHA256: 9ab03200e9abb3ddb95ee83321b518d660ba0734683c3a6844c633a5c5dbabfdReferenced In Project/Scope: Struts 2 OVal Plugin:compile
Evidence Type Source Name Value Confidence
License:
Public Domain: http://www.xmlpull.org/v1/download/unpacked/LICENSE.txt File Path: /Users/lukaszlenart/.m2/repository/xmlpull/xmlpull/1.1.3.1/xmlpull-1.1.3.1.jar
MD5: cc57dacc720eca721a50e78934b822d2
SHA1: 2b8e230d2ab644e4ecaa94db7cdedbc40c805dfa
SHA256: 34e08ee62116071cbb69c0ed70d15a7a5b208d62798c59f2120bb8929324cb63
Referenced In Project/Scope: Struts 2 OVal Plugin:compile
Evidence Type Source Name Value Confidence Vendor pom groupid xmlpull Highest Vendor pom name XML Pull Parsing API High Vendor pom url http://www.xmlpull.org Highest Vendor jar package name xmlpull Low Vendor jar package name v1 Low Vendor file name xmlpull High Vendor jar package name xmlpull Highest Vendor pom artifactid xmlpull Low Product pom groupid xmlpull Highest Product pom name XML Pull Parsing API High Product pom artifactid xmlpull Highest Product pom url http://www.xmlpull.org Medium Product jar package name v1 Low Product file name xmlpull High Product jar package name xmlpull Highest Version file version 1.1.3.1 High Version pom version 1.1.3.1 Highest
Description:
MXP1 is a stable XmlPull parsing engine that is based on ideas from XPP and in particular XPP2 but completely revised and rewritten to take the best advantage of latest JIT JVMs such as Hotspot in JDK 1.4+. License:
Indiana University Extreme! Lab Software License, vesion 1.1.1: http://www.extreme.indiana.edu/viewcvs/~checkout~/XPP3/java/LICENSE.txt
Public Domain: http://creativecommons.org/licenses/publicdomain File Path: /Users/lukaszlenart/.m2/repository/xpp3/xpp3_min/1.1.4c/xpp3_min-1.1.4c.jar
MD5: dcd95bcb84b09897b2b66d4684c040da
SHA1: 19d4e90b43059058f6e056f794f0ea4030d60b86
SHA256: bfc90e9e32d0eab1f397fb974b5f150a815188382ac41f372a7149d5bc178008
Referenced In Project/Scope: Struts 2 OVal Plugin:compile
Evidence Type Source Name Value Confidence Vendor pom organization url http://www.extreme.indiana.edu/ Medium Vendor pom url http://www.extreme.indiana.edu/xgws/xsoap/xpp/mxp1/ Highest Vendor pom artifactid xpp3_min Low Vendor jar package name xmlpull Low Vendor jar package name mxp1 Highest Vendor pom name MXP1: Xml Pull Parser 3rd Edition (XPP3) High Vendor file name xpp3_min High Vendor pom organization name Extreme! Lab, Indiana University High Vendor pom groupid xpp3 Highest Vendor jar package name v1 Low Vendor jar package name xmlpull Highest Product pom artifactid xpp3_min Highest Product pom organization name Extreme! Lab, Indiana University Low Product jar package name mxp1 Highest Product pom organization url http://www.extreme.indiana.edu/ Low Product pom url http://www.extreme.indiana.edu/xgws/xsoap/xpp/mxp1/ Medium Product pom name MXP1: Xml Pull Parser 3rd Edition (XPP3) High Product file name xpp3_min High Product pom groupid xpp3 Highest Product jar package name v1 Low Product jar package name xmlpull Highest Version pom version 1.1.4c Highest Version file version 1.1.4c High
Description:
XStream is a serialization library from Java objects to XML and back. License:
http://x-stream.github.io/license.html File Path: /Users/lukaszlenart/.m2/repository/com/thoughtworks/xstream/xstream/1.4.11.1/xstream-1.4.11.1.jar
MD5: 0eb564c0c83b6d4fea7ff1a9cc5bc6bc
SHA1: 6c120c45a8c480bb2fea5b56502e3993ddd74fd2
SHA256: 5e59757590948b5a08ec946f6eb69fb25927c465125370b1a7861261dafc6b36
Referenced In Project/Scope: Struts 2 OVal Plugin:compile
Evidence Type Source Name Value Confidence Vendor Manifest java_1_6_home /opt/sun-jdk-1.6.0.45 Low Vendor Manifest x-compile-source 1.4 Low Vendor Manifest x-compile-target 1.4 Low Vendor Manifest Implementation-Vendor-Id com.thoughtworks.xstream Medium Vendor jar package name xstream Highest Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor pom groupid thoughtworks.xstream Highest Vendor pom name XStream Core High Vendor pom groupid com.thoughtworks.xstream Highest Vendor Manifest java_1_5_home /opt/sun-jdk-1.5.0.22 Low Vendor Manifest x-build-time 2018-10-26T19:06:47Z Low Vendor Manifest bundle-symbolicname xstream Medium Vendor Manifest java_1_8_home /opt/oracle-jdk-bin-1.8.0.192 Low Vendor pom artifactid xstream Low Vendor Manifest x-build-os Linux Low Vendor jar package name core Highest Vendor Manifest java_1_4_home /opt/blackdown-jdk-1.4.2.03 Low Vendor Manifest java_1_7_home /opt/oracle-jdk-bin-1.7.0.80 Low Vendor Manifest x-builder Maven 3.5.4 Low Vendor file name xstream High Vendor jar package name thoughtworks Highest Vendor pom parent-artifactid xstream-parent Low Vendor Manifest specification-vendor XStream Low Vendor Manifest java_9_home /opt/oracle-jdk-bin-9.0.4 Low Vendor pom parent-groupid com.thoughtworks.xstream Medium Vendor Manifest bundle-docurl http://x-stream.github.io Low Vendor Manifest Implementation-Vendor XStream High Product pom artifactid xstream Highest Product Manifest java_1_6_home /opt/sun-jdk-1.6.0.45 Low Product Manifest x-compile-source 1.4 Low Product Manifest x-compile-target 1.4 Low Product jar package name xstream Highest Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product pom groupid thoughtworks.xstream Highest Product pom name XStream Core High Product Manifest Bundle-Name XStream Core Medium Product Manifest java_1_5_home /opt/sun-jdk-1.5.0.22 Low Product Manifest x-build-time 2018-10-26T19:06:47Z Low Product Manifest bundle-symbolicname xstream Medium Product Manifest java_1_8_home /opt/oracle-jdk-bin-1.8.0.192 Low Product Manifest specification-title XStream Core Medium Product Manifest x-build-os Linux Low Product jar package name core Highest Product Manifest java_1_4_home /opt/blackdown-jdk-1.4.2.03 Low Product Manifest java_1_7_home /opt/oracle-jdk-bin-1.7.0.80 Low Product Manifest x-builder Maven 3.5.4 Low Product file name xstream High Product jar package name thoughtworks Highest Product jar package name xml Highest Product jar package name io Highest Product Manifest java_9_home /opt/oracle-jdk-bin-9.0.4 Low Product pom parent-artifactid xstream-parent Medium Product pom parent-groupid com.thoughtworks.xstream Medium Product Manifest bundle-docurl http://x-stream.github.io Low Product Manifest Implementation-Title XStream Core High Version file version 1.4.11.1 High Version pom version 1.4.11.1 Highest Version Manifest Implementation-Version 1.4.11.1 High Version Manifest Bundle-Version 1.4.11.1 High