Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

How to read the report | Suppressing false positives | Getting Help: google group | github issues

Project: Struts 2 OVal Plugin

Scan Information (show all):

Display: Showing Vulnerable Dependencies (click to show all)

Dependency CPE GAV Highest Severity CVE Count CPE Confidence Evidence Count
oval-1.31.jar net.sf.oval:oval:1.31    0 38
xmlpull-1.1.3.1.jar xmlpull:xmlpull:1.1.3.1    0 18
xpp3_min-1.1.4c.jar xpp3:xpp3_min:1.1.4c    0 24
xstream-1.4.10.jar cpe:/a:xstream_project:xstream:1.4.10
cpe:/a:x-stream:xstream:1.4.10
com.thoughtworks.xstream:xstream:1.4.10    0 Low 53
commons-lang3-3.6.jar org.apache.commons:commons-lang3:3.6    0 41
freemarker-2.3.26-incubating.jar org.freemarker:freemarker:2.3.26-incubating    0 44
javassist-3.20.0-GA.jar org.javassist:javassist:3.20.0-GA    0 27
ognl-3.1.15.jar cpe:/a:ognl_project:ognl:3.1.15 ognl:ognl:3.1.15    0 Low 22
log4j-api-2.9.1.jar cpe:/a:apache:log4j:2.9.1 org.apache.logging.log4j:log4j-api:2.9.1    0 Low 39
commons-fileupload-1.3.3.jar cpe:/a:apache:commons_fileupload:1.3.3 commons-fileupload:commons-fileupload:1.3.3    0 Low 40
commons-io-2.5.jar commons-io:commons-io:2.5    0 40
struts2-core-2.5.14.1.jar cpe:/a:apache:struts:2.5.14.1 org.apache.struts:struts2-core:2.5.14.1    0 Low 33

Dependencies

oval-1.31.jar

Description:  OVal is a pragmatic and extensible validation framework for any kind of Java objects (not only JavaBeans). Constraints can be declared with annotations (@NotNull, @MaxLength), POJOs or XML. Custom constraints can be expressed as custom Java classes or by using scripting languages such as JavaScript, Groovy, BeanShell, OGNL or MVEL. Besides field/property validation OVal implements Programming by Contract features by utilizing AspectJ based aspects. This for example allows runtime validation of method arguments.

License:

Eclipse Public License - v 1.0: http://oval.sf.net/license/epl-v10.txt
File Path: /home/jenkins/.m2/repository/net/sf/oval/oval/1.31/oval-1.31.jar
MD5: 424ec662362b798f6252b627f8713ded
SHA1: 3c2b983182f04f3854bbada755aa10a63bf3350e
Referenced In Project/Scope: Struts 2 OVal Plugin:compile

Identifiers

xmlpull-1.1.3.1.jar

License:

Public Domain: http://www.xmlpull.org/v1/download/unpacked/LICENSE.txt
File Path: /home/jenkins/.m2/repository/xmlpull/xmlpull/1.1.3.1/xmlpull-1.1.3.1.jar
MD5: cc57dacc720eca721a50e78934b822d2
SHA1: 2b8e230d2ab644e4ecaa94db7cdedbc40c805dfa
Referenced In Project/Scope: Struts 2 OVal Plugin:compile

Identifiers

xpp3_min-1.1.4c.jar

Description: MXP1 is a stable XmlPull parsing engine that is based on ideas from XPP and in particular XPP2 but completely revised and rewritten to take the best advantage of latest JIT JVMs such as Hotspot in JDK 1.4+.

License:

Indiana University Extreme! Lab Software License, vesion 1.1.1: http://www.extreme.indiana.edu/viewcvs/~checkout~/XPP3/java/LICENSE.txt
Public Domain: http://creativecommons.org/licenses/publicdomain
File Path: /home/jenkins/.m2/repository/xpp3/xpp3_min/1.1.4c/xpp3_min-1.1.4c.jar
MD5: dcd95bcb84b09897b2b66d4684c040da
SHA1: 19d4e90b43059058f6e056f794f0ea4030d60b86
Referenced In Project/Scope: Struts 2 OVal Plugin:compile

Identifiers

xstream-1.4.10.jar

Description: XStream is a serialization library from Java objects to XML and back.

License:

http://x-stream.github.io/license.html
File Path: /home/jenkins/.m2/repository/com/thoughtworks/xstream/xstream/1.4.10/xstream-1.4.10.jar
MD5: d00eec778910f95b26201395ac64cca0
SHA1: dfecae23647abc9d9fd0416629a4213a3882b101
Referenced In Project/Scope: Struts 2 OVal Plugin:compile

Identifiers

  • cpe: cpe:/a:xstream_project:xstream:1.4.10   Confidence:Low   
  • cpe: cpe:/a:x-stream:xstream:1.4.10   Confidence:Low   
  • maven: com.thoughtworks.xstream:xstream:1.4.10    Confidence:Highest

commons-lang3-3.6.jar

Description:  Apache Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/org/apache/commons/commons-lang3/3.6/commons-lang3-3.6.jar
MD5: 5d18f68b5122fd398c118df53ab4cf55
SHA1: 9d28a6b23650e8a7e9063c04588ace6cf7012c17
Referenced In Project/Scope: Struts 2 OVal Plugin:compile

Identifiers

freemarker-2.3.26-incubating.jar

Description:  FreeMarker is a "template engine"; a generic tool to generate text output based on templates.

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/org/freemarker/freemarker/2.3.26-incubating/freemarker-2.3.26-incubating.jar
MD5: cbb030d58da59a3c597b65cec837c37e
SHA1: 713237e013f725b72f4f9ec931a49c14b1805359
Referenced In Project/Scope: Struts 2 OVal Plugin:compile

Identifiers

javassist-3.20.0-GA.jar

Description:  Javassist (JAVA programming ASSISTant) makes Java bytecode manipulation simple. It is a class library for editing bytecodes in Java.

License:

MPL 1.1: http://www.mozilla.org/MPL/MPL-1.1.html
LGPL 2.1: http://www.gnu.org/licenses/lgpl-2.1.html
Apache License 2.0: http://www.apache.org/licenses/
File Path: /home/jenkins/.m2/repository/org/javassist/javassist/3.20.0-GA/javassist-3.20.0-GA.jar
MD5: a89dd7907d76e061ec2c07e762a74256
SHA1: a9cbcdfb7e9f86fbc74d3afae65f2248bfbf82a0
Referenced In Project/Scope: Struts 2 OVal Plugin:compile

Identifiers

ognl-3.1.15.jar

Description: OGNL - Object Graph Navigation Library

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/ognl/ognl/3.1.15/ognl-3.1.15.jar
MD5: 47a2f86e8dcd313d606cc5581e202fe6
SHA1: 8ea2a66fafbf9d6f0353c6fac562a1ddb1bedf13
Referenced In Project/Scope: Struts 2 OVal Plugin:compile

Identifiers

  • maven: ognl:ognl:3.1.15    Confidence:Highest
  • cpe: cpe:/a:ognl_project:ognl:3.1.15   Confidence:Low   

log4j-api-2.9.1.jar

Description: The Apache Log4j API

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/org/apache/logging/log4j/log4j-api/2.9.1/log4j-api-2.9.1.jar
MD5: 20f0b4e1a16bd2030f0acc2b277cb16f
SHA1: 7a2999229464e7a324aa503c0a52ec0f05efe7bd
Referenced In Project/Scope: Struts 2 OVal Plugin:compile

Identifiers

commons-fileupload-1.3.3.jar

Description:  The Apache Commons FileUpload component provides a simple yet flexible means of adding support for multipart file upload functionality to servlets and web applications.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/commons-fileupload/commons-fileupload/1.3.3/commons-fileupload-1.3.3.jar
MD5: dd77e787b7b5dc56f6a1cb658716d55d
SHA1: 04ff14d809195b711fd6bcc87e6777f886730ca1
Referenced In Project/Scope: Struts 2 OVal Plugin:compile

Identifiers

commons-io-2.5.jar

Description:  The Apache Commons IO library contains utility classes, stream implementations, file filters, file comparators, endian transformation classes, and much more.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/commons-io/commons-io/2.5/commons-io-2.5.jar
MD5: e2d74794fba570ec2115fb9d5b05dc9b
SHA1: 2852e6e05fbb95076fc091f6d1780f1f8fe35e0f
Referenced In Project/Scope: Struts 2 OVal Plugin:compile

Identifiers

struts2-core-2.5.14.1.jar

Description: Apache Struts 2

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/org/apache/struts/struts2-core/2.5.14.1/struts2-core-2.5.14.1.jar
MD5: 4f5b5fda13e20991d13a18c75010d49b
SHA1: ef575752783dc8f22fade1a3b13330274e7d7f23
Referenced In Project/Scope: Struts 2 OVal Plugin:compile

Identifiers



This report contains data retrieved from the National Vulnerability Database.
This report may contain data retrieved from the Node Security Platform.