Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies;
false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and
the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties,
implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided
is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever
arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
Scan Information (
show all ):
dependency-check version : 5.3.2Report Generated On : Mon, 20 Apr 2020 20:12:19 +0200Dependencies Scanned : 25 (24 unique)Vulnerable Dependencies : 1 Vulnerabilities Found : 4Vulnerabilities Suppressed : 1... NVD CVE Checked : 2020-04-20T20:09:46NVD CVE Modified : 2020-04-20T18:03:43VersionCheckOn : 2020-04-19T10:27:56Summary Display:
Showing Vulnerable Dependencies (click to show all) Dependencies Description:
BeanShell File Path: /Users/lukaszlenart/.m2/repository/org/beanshell/bsh/2.0b4/bsh-2.0b4.jarMD5: a1c60aa83c9c9a6cb2391c1c1b85eb00SHA1: a05f0a0feefa8d8467ac80e16e7de071489f0d9cSHA256: 91395c07885839a8c6986d5b7c577cd9bacf01bf129c89141f35e8ea858427b6Referenced In Project/Scope: Struts 2 TestNG Plugin:compile
Evidence Type Source Name Value Confidence Vendor Manifest specification-vendor http://www.beanshell.org/ Low Vendor Manifest Implementation-Vendor Pat Niemeyer (pat@pat.net) High Vendor file name bsh High Vendor pom groupid beanshell Highest Vendor pom parent-groupid org.beanshell Medium Vendor pom parent-artifactid beanshell Low Vendor pom name BeanShell High Vendor pom artifactid bsh Low Vendor hint analyzer vendor beanshell_project Highest Vendor pom groupid org.beanshell Highest Vendor jar package name org Highest Vendor jar package name bsh Highest Product pom name BeanShell High Product Manifest specification-title BeanShell Medium Product jar package name org Highest Product pom parent-artifactid beanshell Medium Product file name bsh High Product pom artifactid bsh Highest Product pom groupid beanshell Highest Product hint analyzer product beanshell Highest Product jar package name bsh Highest Product pom parent-groupid org.beanshell Medium Version pom version 2.0b4 Highest
Description:
The Apache Commons FileUpload component provides a simple yet flexible means of adding support for multipart
file upload functionality to servlets and web applications.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/lukaszlenart/.m2/repository/commons-fileupload/commons-fileupload/1.4/commons-fileupload-1.4.jar
MD5: 0c3b924dcaaa90c3fb93fe04ae96a35e
SHA1: f95188e3d372e20e7328706c37ef366e5d7859b0
SHA256: a4ec02336f49253ea50405698b79232b8c5cbf02cb60df3a674d77a749a1def7
Referenced In Project/Scope: Struts 2 TestNG Plugin:compile
Evidence Type Source Name Value Confidence Vendor Manifest bundle-docurl http://commons.apache.org/proper/commons-fileupload/ Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor jar package name apache Highest Vendor jar package name fileupload Highest Vendor pom url http://commons.apache.org/proper/commons-fileupload/ Highest Vendor pom groupid commons-fileupload Highest Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom artifactid commons-fileupload Low Vendor pom parent-groupid org.apache.commons Medium Vendor jar package name commons Highest Vendor Manifest implementation-url http://commons.apache.org/proper/commons-fileupload/ Low Vendor Manifest implementation-build UNKNOWN@r047f31576411beee69cf75584ae76531cc9ac753; 2018-12-24 07:06:18+0000 Low Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor pom name Apache Commons FileUpload High Vendor file name commons-fileupload High Vendor Manifest bundle-symbolicname org.apache.commons.commons-fileupload Medium Vendor pom parent-artifactid commons-parent Low Product Manifest specification-title Apache Commons FileUpload Medium Product Manifest bundle-docurl http://commons.apache.org/proper/commons-fileupload/ Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product jar package name apache Highest Product jar package name fileupload Highest Product Manifest Implementation-Title Apache Commons FileUpload High Product Manifest Bundle-Name Apache Commons FileUpload Medium Product pom groupid commons-fileupload Highest Product pom parent-groupid org.apache.commons Medium Product pom parent-artifactid commons-parent Medium Product jar package name commons Highest Product pom url http://commons.apache.org/proper/commons-fileupload/ Medium Product Manifest implementation-url http://commons.apache.org/proper/commons-fileupload/ Low Product pom artifactid commons-fileupload Highest Product Manifest implementation-build UNKNOWN@r047f31576411beee69cf75584ae76531cc9ac753; 2018-12-24 07:06:18+0000 Low Product pom name Apache Commons FileUpload High Product file name commons-fileupload High Product Manifest bundle-symbolicname org.apache.commons.commons-fileupload Medium Version pom parent-version 1.4 Low Version pom version 1.4 Highest Version file version 1.4 High Version Manifest Implementation-Version 1.4 High
Description:
The Apache Commons IO library contains utility classes, stream implementations, file filters,
file comparators, endian transformation classes, and much more.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/lukaszlenart/.m2/repository/commons-io/commons-io/2.6/commons-io-2.6.jar
MD5: 467c2a1f64319c99b5faf03fc78572af
SHA1: 815893df5f31da2ece4040fe0a12fd44b577afaf
SHA256: f877d304660ac2a142f3865badfc971dec7ed73c747c7f8d5d2f5139ca736513
Referenced In Project/Scope: Struts 2 TestNG Plugin:compile
Evidence Type Source Name Value Confidence Vendor Manifest bundle-symbolicname org.apache.commons.io Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor Manifest bundle-docurl http://commons.apache.org/proper/commons-io/ Low Vendor pom groupid commons-io Highest Vendor jar package name apache Highest Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom url http://commons.apache.org/proper/commons-io/ Highest Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Vendor Manifest implementation-url http://commons.apache.org/proper/commons-io/ Low Vendor file name commons-io High Vendor jar package name io Highest Vendor pom parent-groupid org.apache.commons Medium Vendor jar package name commons Highest Vendor pom name Apache Commons IO High Vendor Manifest automatic-module-name org.apache.commons.io Medium Vendor pom artifactid commons-io Low Vendor Manifest Implementation-Vendor-Id commons-io Medium Vendor pom parent-artifactid commons-parent Low Product Manifest Implementation-Title Apache Commons IO High Product Manifest bundle-symbolicname org.apache.commons.io Medium Product Manifest bundle-docurl http://commons.apache.org/proper/commons-io/ Low Product jar package name apache Highest Product Manifest specification-title Apache Commons IO Medium Product pom groupid commons-io Highest Product pom url http://commons.apache.org/proper/commons-io/ Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Product Manifest implementation-url http://commons.apache.org/proper/commons-io/ Low Product file name commons-io High Product jar package name io Highest Product pom parent-groupid org.apache.commons Medium Product pom parent-artifactid commons-parent Medium Product jar package name commons Highest Product pom name Apache Commons IO High Product pom artifactid commons-io Highest Product Manifest Bundle-Name Apache Commons IO Medium Product Manifest automatic-module-name org.apache.commons.io Medium Version pom version 2.6 Highest Version Manifest Implementation-Version 2.6 High Version pom parent-version 2.6 Low Version file version 2.6 High
Description:
Apache Commons Lang, a package of Java utility classes for the
classes that are in java.lang's hierarchy, or are considered to be so
standard as to justify existence in java.lang.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/lukaszlenart/.m2/repository/org/apache/commons/commons-lang3/3.10/commons-lang3-3.10.jar
MD5: 238dcae7363dd86b2e515a2a29e8b4d9
SHA1: e155460aaf5b464062a09c3923f089ce99128a17
SHA256: 28968ae55fff465494083aeba856f8824c34902329882bf61e77246a91e25aa9
Referenced In Project/Scope: Struts 2 TestNG Plugin:compile
Evidence Type Source Name Value Confidence Vendor Manifest automatic-module-name org.apache.commons.lang3 Medium Vendor pom name Apache Commons Lang High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor jar package name apache Highest Vendor pom artifactid commons-lang3 Low Vendor file name commons-lang3 High Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom url https://commons.apache.org/proper/commons-lang/ Highest Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor jar package name lang3 Highest Vendor pom parent-groupid org.apache.commons Medium Vendor jar package name commons Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://commons.apache.org/proper/commons-lang/ Low Vendor pom groupid apache.commons Highest Vendor pom groupid org.apache.commons Highest Vendor Manifest bundle-symbolicname org.apache.commons.lang3 Medium Vendor pom parent-artifactid commons-parent Low Product Manifest automatic-module-name org.apache.commons.lang3 Medium Product pom name Apache Commons Lang High Product jar package name apache Highest Product Manifest specification-title Apache Commons Lang Medium Product file name commons-lang3 High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product jar package name lang3 Highest Product pom artifactid commons-lang3 Highest Product pom parent-groupid org.apache.commons Medium Product pom parent-artifactid commons-parent Medium Product jar package name commons Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest Implementation-Title Apache Commons Lang High Product Manifest bundle-docurl https://commons.apache.org/proper/commons-lang/ Low Product pom groupid apache.commons Highest Product Manifest bundle-symbolicname org.apache.commons.lang3 Medium Product Manifest Bundle-Name Apache Commons Lang Medium Product pom url https://commons.apache.org/proper/commons-lang/ Medium Version file version 3.10 High Version pom version 3.10 Highest Version Manifest Implementation-Version 3.10 High Version pom parent-version 3.10 Low
Description:
Apache Commons Logging is a thin adapter allowing configurable bridging to other,
well known logging systems. License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/lukaszlenart/.m2/repository/commons-logging/commons-logging/1.2/commons-logging-1.2.jar
MD5: 040b4b4d8eac886f6b4a2a3bd2f31b00
SHA1: 4bfc12adfe4842bf07b657f0369c4cb522955686
SHA256: daddea1ea0be0f56978ab3006b8ac92834afeefbd9b7e4e6316fca57df0fa636
Referenced In Project/Scope: Struts 2 TestNG Plugin:compile
Evidence Type Source Name Value Confidence Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor jar package name apache Highest Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest bundle-docurl http://commons.apache.org/proper/commons-logging/ Low Vendor pom parent-groupid org.apache.commons Medium Vendor jar package name commons Highest Vendor jar package name logging Highest Vendor pom groupid commons-logging Highest Vendor Manifest bundle-symbolicname org.apache.commons.logging Medium Vendor pom artifactid commons-logging Low Vendor Manifest implementation-build tags/LOGGING_1_2_RC2@r1608092; 2014-07-05 20:11:44+0200 Low Vendor file name commons-logging High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor pom parent-artifactid commons-parent Low Vendor pom name Apache Commons Logging High Vendor pom url http://commons.apache.org/proper/commons-logging/ Highest Product Manifest Implementation-Title Apache Commons Logging High Product pom url http://commons.apache.org/proper/commons-logging/ Medium Product jar package name apache Highest Product pom artifactid commons-logging Highest Product Manifest bundle-docurl http://commons.apache.org/proper/commons-logging/ Low Product pom parent-groupid org.apache.commons Medium Product pom parent-artifactid commons-parent Medium Product jar package name commons Highest Product jar package name logging Highest Product Manifest specification-title Apache Commons Logging Medium Product pom groupid commons-logging Highest Product Manifest bundle-symbolicname org.apache.commons.logging Medium Product Manifest implementation-build tags/LOGGING_1_2_RC2@r1608092; 2014-07-05 20:11:44+0200 Low Product Manifest Bundle-Name Apache Commons Logging Medium Product file name commons-logging High Product pom name Apache Commons Logging High Version pom parent-version 1.2 Low Version pom version 1.2 Highest Version Manifest Implementation-Version 1.2 High Version file version 1.2 High
Description:
Apache Commons Text is a library focused on algorithms working on strings. License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/lukaszlenart/.m2/repository/org/apache/commons/commons-text/1.8/commons-text-1.8.jar
MD5: f2243d67b348e7175f55902cdb7e54af
SHA1: 879a6bde4c0537a25504c72ec7a94ba4099f469c
SHA256: 6fe7ad4ad5349d6b77e7a0e1c9f6037108a1ee48c42e7e6eb4b18f56d324f7b2
Referenced In Project/Scope: Struts 2 TestNG Plugin:compile
Evidence Type Source Name Value Confidence Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor jar package name apache Highest Vendor pom url https://commons.apache.org/proper/commons-text Highest Vendor Manifest bundle-docurl https://commons.apache.org/proper/commons-text Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor jar package name text Highest Vendor pom parent-groupid org.apache.commons Medium Vendor jar package name commons Highest Vendor pom groupid apache.commons Highest Vendor pom groupid org.apache.commons Highest Vendor file name commons-text High Vendor Manifest implementation-url https://commons.apache.org/proper/commons-text Low Vendor pom artifactid commons-text Low Vendor Manifest automatic-module-name org.apache.commons.text Medium Vendor pom name Apache Commons Text High Vendor Manifest bundle-symbolicname org.apache.commons.commons-text Medium Vendor Manifest Implementation-Vendor-Id org.apache.commons Medium Vendor pom parent-artifactid commons-parent Low Product Manifest Bundle-Name Apache Commons Text Medium Product jar package name apache Highest Product Manifest bundle-docurl https://commons.apache.org/proper/commons-text Low Product Manifest Implementation-Title Apache Commons Text High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product Manifest specification-title Apache Commons Text Medium Product jar package name text Highest Product pom parent-groupid org.apache.commons Medium Product pom parent-artifactid commons-parent Medium Product jar package name commons Highest Product pom groupid apache.commons Highest Product file name commons-text High Product Manifest implementation-url https://commons.apache.org/proper/commons-text Low Product pom artifactid commons-text Highest Product Manifest automatic-module-name org.apache.commons.text Medium Product pom name Apache Commons Text High Product pom url https://commons.apache.org/proper/commons-text Medium Product Manifest bundle-symbolicname org.apache.commons.commons-text Medium Version pom parent-version 1.8 Low Version Manifest Implementation-Version 1.8 High Version file version 1.8 High Version pom version 1.8 Highest
Description:
FreeMarker is a "template engine"; a generic tool to generate text output based on templates.
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/lukaszlenart/.m2/repository/org/freemarker/freemarker/2.3.30/freemarker-2.3.30.jar
MD5: e702848d716f17cd39fabfe2415e104e
SHA1: 86d70d335c7821178f62b554aa3a4bc538a94f1a
SHA256: 6586433d90957c0b05a32bce07c71e8cebcea6afbea2e043bfe0c576c4d94338
Referenced In Project/Scope: Struts 2 TestNG Plugin:compile
Evidence Type Source Name Value Confidence Vendor Manifest Implementation-Vendor freemarker.org High Vendor jar package name template Highest Vendor pom groupid org.freemarker Highest Vendor pom url https://freemarker.apache.org/ Highest Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.8, JavaSE-1.7, JavaSE-1.6, J2SE-1.5 Low Vendor pom name Apache FreeMarker High Vendor pom groupid freemarker Highest Vendor jar package name freemarker Highest Vendor pom parent-groupid org.apache Medium Vendor Manifest extension-name FreeMarker Medium Vendor pom parent-artifactid apache Low Vendor Manifest dstamp 20200216 Low Vendor pom artifactid freemarker Low Vendor Manifest today February 16 2020 Low Vendor pom organization name Apache Software Foundation High Vendor pom organization url http://apache.org Medium Vendor Manifest tstamp 1915 Low Vendor file name freemarker High Vendor Manifest bundle-symbolicname org.freemarker.freemarker Medium Vendor Manifest specification-vendor freemarker.org Low Product jar package name template Highest Product Manifest bundle-requiredexecutionenvironment JavaSE-1.8, JavaSE-1.7, JavaSE-1.6, J2SE-1.5 Low Product pom name Apache FreeMarker High Product pom groupid freemarker Highest Product pom artifactid freemarker Highest Product jar package name freemarker Highest Product Manifest Bundle-Name org.freemarker.freemarker Medium Product pom parent-groupid org.apache Medium Product pom url https://freemarker.apache.org/ Medium Product Manifest extension-name FreeMarker Medium Product pom organization url http://apache.org Low Product Manifest dstamp 20200216 Low Product pom organization name Apache Software Foundation Low Product Manifest today February 16 2020 Low Product Manifest specification-title FreeMarker Medium Product Manifest tstamp 1915 Low Product file name freemarker High Product Manifest bundle-symbolicname org.freemarker.freemarker Medium Product Manifest Implementation-Title FreeMarker High Product pom parent-artifactid apache Medium Version Manifest Implementation-Version 2.3.30 High Version pom version 2.3.30 Highest Version file version 2.3.30 High Version pom parent-version 2.3.30 Low
Description:
Javassist (JAVA programming ASSISTant) makes Java bytecode manipulation
simple. It is a class library for editing bytecodes in Java.
License:
MPL 1.1: http://www.mozilla.org/MPL/MPL-1.1.html
LGPL 2.1: http://www.gnu.org/licenses/lgpl-2.1.html
Apache License 2.0: http://www.apache.org/licenses/ File Path: /Users/lukaszlenart/.m2/repository/org/javassist/javassist/3.24.1-GA/javassist-3.24.1-GA.jar
MD5: 527cebd64b0f941d5058bae3d1726d06
SHA1: 921b466d6a14a8edbe25923c973fd767fc71c045
SHA256: 5d57ea5b0ec8cb46143dfe521f888b208028be126f274cc4f852e641755f1553
Referenced In Project/Scope: Struts 2 TestNG Plugin:compile
Evidence Type Source Name Value Confidence Vendor file name javassist High Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Vendor jar package name javassist Highest Vendor pom organization name Shigeru Chiba, www.javassist.org High Vendor pom artifactid javassist Low Vendor pom name Javassist High Vendor pom groupid org.javassist Highest Vendor pom url http://www.javassist.org/ Highest Vendor jar package name bytecode Highest Vendor Manifest specification-vendor Shigeru Chiba, www.javassist.org Low Vendor pom groupid javassist Highest Vendor Manifest bundle-symbolicname javassist Medium Product file name javassist High Product pom artifactid javassist Highest Product pom organization name Shigeru Chiba, www.javassist.org Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Product jar package name javassist Highest Product Manifest Bundle-Name Javassist Medium Product pom name Javassist High Product pom url http://www.javassist.org/ Medium Product Manifest specification-title Javassist Medium Product jar package name bytecode Highest Product pom groupid javassist Highest Product Manifest bundle-symbolicname javassist Medium Version Manifest specification-version 3.24.1-GA High Version pom version 3.24.1-GA Highest
Description:
A Java framework to parse command line options with annotations. License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/lukaszlenart/.m2/repository/com/beust/jcommander/1.48/jcommander-1.48.jar
MD5: 7a84fb4b01f46c904bd549e67e6c48a1
SHA1: bfcb96281ea3b59d626704f74bc6d625ff51cbce
SHA256: a7313fcfde070930e40ec79edf3c5948cf34e4f0d25cb3a09f9963d8bdd84113
Referenced In Project/Scope: Struts 2 TestNG Plugin:compile
Evidence Type Source Name Value Confidence Vendor file name jcommander High Vendor pom groupid beust Highest Vendor pom name JCommander High Vendor Manifest bundle-symbolicname com.beust.jcommander Medium Vendor jar package name beust Highest Vendor jar package name jcommander Highest Vendor pom artifactid jcommander Low Vendor pom url http://beust.com/jcommander Highest Vendor pom groupid com.beust Highest Product file name jcommander High Product pom groupid beust Highest Product pom name JCommander High Product Manifest bundle-symbolicname com.beust.jcommander Medium Product jar package name beust Highest Product Manifest Bundle-Name JCommander Medium Product jar package name jcommander Highest Product pom artifactid jcommander Highest Product pom url http://beust.com/jcommander Medium Version pom version 1.48 Highest Version file version 1.48 High
Description:
The Apache Log4j API License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/lukaszlenart/.m2/repository/org/apache/logging/log4j/log4j-api/2.13.1/log4j-api-2.13.1.jar
MD5: 65795ba3dfef693a82bdfb369d030439
SHA1: cc670f92dc77bbf4540904c3fa211b997cba00d8
SHA256: 307fffc2623d010e3fe67d9f6b101c14bae33ec310e5f56960d491885fd59630
Referenced In Project/Scope: Struts 2 TestNG Plugin:compile
Evidence Type Source Name Value Confidence Vendor Manifest Implementation-Vendor-Id org.apache.logging.log4j Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor jar package name apache Highest Vendor pom groupid apache.logging.log4j Highest Vendor Manifest implementation-url https://logging.apache.org/log4j/2.x/log4j-api/ Low Vendor Manifest log4jreleasekey B3D8E1BA Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor pom parent-groupid org.apache.logging.log4j Medium Vendor Manifest log4jreleasemanager Ralph Goers Low Vendor pom groupid org.apache.logging.log4j Highest Vendor jar package name logging Highest Vendor file name log4j-api High Vendor Manifest bundle-docurl https://www.apache.org/ Low Vendor pom parent-artifactid log4j Low Vendor Manifest multi-release true Low Vendor pom name Apache Log4j API High Vendor jar package name org Highest Vendor Manifest bundle-symbolicname org.apache.logging.log4j.api Medium Vendor pom artifactid log4j-api Low Vendor jar package name log4j Highest Product Manifest Implementation-Title Apache Log4j API High Product jar package name apache Highest Product pom groupid apache.logging.log4j Highest Product Manifest specification-title Apache Log4j API Medium Product Manifest implementation-url https://logging.apache.org/log4j/2.x/log4j-api/ Low Product Manifest log4jreleasekey B3D8E1BA Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product pom parent-groupid org.apache.logging.log4j Medium Product Manifest log4jreleasemanager Ralph Goers Low Product jar package name logging Highest Product file name log4j-api High Product Manifest bundle-docurl https://www.apache.org/ Low Product Manifest multi-release true Low Product pom artifactid log4j-api Highest Product pom name Apache Log4j API High Product jar package name org Highest Product pom parent-artifactid log4j Medium Product Manifest Bundle-Name Apache Log4j API Medium Product Manifest bundle-symbolicname org.apache.logging.log4j.api Medium Product jar package name log4j Highest Version file version 2.13.1 High Version pom version 2.13.1 Highest Version Manifest Implementation-Version 2.13.1 High Version Manifest Bundle-Version 2.13.1 High Version Manifest log4jreleaseversion 2.13.1 Medium
Description:
OGNL - Object Graph Navigation Library License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/lukaszlenart/.m2/repository/ognl/ognl/3.2.14/ognl-3.2.14.jar
MD5: 0baa4d72fcb508e100c821518e5cdf19
SHA1: 18178dd7cfcb8b81c262c072b60a5bf701073917
SHA256: 02da5bd743cbaab1ebb61a17844b122f52cc69d10b23a8e3356f55c1e6988e71
Referenced In Project/Scope: Struts 2 TestNG Plugin:compile
Evidence Type Source Name Value Confidence Vendor pom artifactid ognl Low Vendor pom organization url http://www.opensymphony.com Medium Vendor pom name OGNL - Object Graph Navigation Library High Vendor pom organization name OpenSymphony High Vendor pom groupid ognl Highest Vendor file name ognl High Vendor Manifest automatic-module-name ognl Medium Vendor pom url jkuhnert/ognl/ Highest Vendor jar package name ognl Highest Product pom url jkuhnert/ognl/ High Product pom name OGNL - Object Graph Navigation Library High Product pom artifactid ognl Highest Product pom groupid ognl Highest Product file name ognl High Product Manifest automatic-module-name ognl Medium Product jar package name ognl Highest Product pom organization name OpenSymphony Low Product pom organization url http://www.opensymphony.com Low Version file version 3.2.14 High Version pom version 3.2.14 Highest
Description:
Spring Core License:
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0 File Path: /Users/lukaszlenart/.m2/repository/org/springframework/spring-core/4.3.26.RELEASE/spring-core-4.3.26.RELEASE.jar
MD5: ec39a4f76633c98bc4819e397355b8aa
SHA1: a8b090664504b833e2d5d1e6863138cee1239681
SHA256: 70ae68ce99fdb11afaaac6487b39b59b7a8db6ecd5f8a2c01181b7b9c3b15a1d
Referenced In Project/Scope: Struts 2 TestNG Plugin:compile
Evidence Type Source Name Value Confidence Vendor pom groupid springframework Highest Vendor pom artifactid spring-core Low Vendor pom groupid org.springframework Highest Vendor pom organization name Spring IO High Vendor file name spring-core High Vendor pom organization url https://projects.spring.io/spring-framework Medium Vendor hint analyzer vendor vmware Highest Vendor jar package name io Highest Vendor hint analyzer vendor pivotal software Highest Vendor jar package name springframework Highest Vendor pom url spring-projects/spring-framework Highest Vendor pom name Spring Core High Vendor hint analyzer vendor SpringSource Highest Vendor jar package name core Highest Product pom groupid springframework Highest Product hint analyzer product springsource_spring_framework Highest Product file name spring-core High Product pom artifactid spring-core Highest Product jar package name io Highest Product pom organization name Spring IO Low Product Manifest Implementation-Title spring-core High Product jar package name springframework Highest Product pom organization url https://projects.spring.io/spring-framework Low Product pom url spring-projects/spring-framework High Product pom name Spring Core High Product jar package name core Highest Version pom version 4.3.26.RELEASE Highest Version Manifest Implementation-Version 4.3.26.RELEASE High
Related Dependencies spring-test-4.3.26.RELEASE.jarFile Path: /Users/lukaszlenart/.m2/repository/org/springframework/spring-test/4.3.26.RELEASE/spring-test-4.3.26.RELEASE.jar MD5: 2bd1645c9b39b85bf74174a6c95e24c5 SHA1: 60921b6c34f3bf7ccd7845708adee8c30998d226 SHA256: a9fb06a6c06d3742ade19cae7ae56946c7555311ee6ccd5fd0f578865cd4d319 pkg:maven/org.springframework/spring-test@4.3.26.RELEASE Description:
Apache Struts 2 License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/lukaszlenart/.m2/repository/org/apache/struts/struts2-core/2.6-SNAPSHOT/struts2-core-2.6-SNAPSHOT.jar
MD5: bdabb37e4b04f29f4ca390fa2aefce44
SHA1: 64a03701b6797529aaa7cb200f803b7b26c6bb3f
SHA256: e2932ae7ddfa0747221ea42a6d12263237248e3ab9c2ed12b162c13a06147183
Referenced In Project/Scope: Struts 2 TestNG Plugin:compile
Evidence Type Source Name Value Confidence Vendor Manifest originally-created-by Apache Maven Bundle Plugin Low Vendor jar package name struts2 Highest Vendor Manifest implementation-url http://struts.apache.org/struts2-core/ Low Vendor pom groupid apache.struts Highest Vendor Manifest bundle-docurl http://www.apache.org Low Vendor jar package name apache Highest Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor pom artifactid struts2-core Low Vendor Manifest Implementation-Vendor-Id org.apache.struts Medium Vendor Manifest build-jdk-spec 1.8 Low Vendor pom name Struts 2 Core High Vendor Manifest specification-vendor Apache Software Foundation Low Vendor pom parent-artifactid struts2-parent Low Vendor file name struts2-core High Vendor pom groupid org.apache.struts Highest Vendor Manifest bundle-symbolicname org.apache.struts.2-core Medium Vendor Manifest Implementation-Vendor Apache Software Foundation High Vendor pom parent-groupid org.apache.struts Medium Product Manifest originally-created-by Apache Maven Bundle Plugin Low Product jar package name struts2 Highest Product Manifest implementation-url http://struts.apache.org/struts2-core/ Low Product pom groupid apache.struts Highest Product pom parent-artifactid struts2-parent Medium Product Manifest bundle-docurl http://www.apache.org Low Product jar package name apache Highest Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product pom artifactid struts2-core Highest Product Manifest build-jdk-spec 1.8 Low Product pom name Struts 2 Core High Product jar package name filter Highest Product Manifest Bundle-Name Struts 2 Core Medium Product file name struts2-core High Product Manifest bundle-symbolicname org.apache.struts.2-core Medium Product pom parent-groupid org.apache.struts Medium Product Manifest Implementation-Title Struts 2 Core High Product Manifest specification-title Struts 2 Core Medium Version Manifest Implementation-Version 2.6-SNAPSHOT High Version pom version 2.6-SNAPSHOT Highest
File Path: /Users/lukaszlenart/.m2/repository/org/apache/struts/struts2-core/2.6-SNAPSHOT/struts2-core-2.6-SNAPSHOT.jar/org/apache/struts2/static/domTT.jsMD5: 44ed51154c7fa928005f39bbbed7d01aSHA1: 5584aa1028220f041ff7d89c48e9e8ffeaa05256SHA256: 60c72fad5a9688fc6a143176d84814b9ea2c4c9c882b4799921b950c415b961eReferenced In Project/Scope: Struts 2 TestNG Plugin:compile
Evidence Type Source Name Value Confidence
File Path: /Users/lukaszlenart/.m2/repository/org/apache/struts/struts2-core/2.6-SNAPSHOT/struts2-core-2.6-SNAPSHOT.jar/org/apache/struts2/static/inputtransferselect.jsMD5: 2955e039eab5ef8216705c05d239f378SHA1: 94316238b9eb45a97e2547fa66881cca27a5b6eeSHA256: e5ef24f60cfb27a88880ee89ba6eb4664bbebe0c32d3dc1ce385cbe6d8b01194Referenced In Project/Scope: Struts 2 TestNG Plugin:compile
Evidence Type Source Name Value Confidence
File Path: /Users/lukaszlenart/.m2/repository/org/apache/struts/struts2-core/2.6-SNAPSHOT/struts2-core-2.6-SNAPSHOT.jar/jshint.conf.jsMD5: 7b7c2d7894e972b45298ea8d533008d7SHA1: 5a88e8d212d51cdc3ac0305978dfc483ce25fa25SHA256: 15942ecb04925afc65666d3d8f758ed0e65f90f7b5faec2b7381e29e397200c6Referenced In Project/Scope: Struts 2 TestNG Plugin:compile
Evidence Type Source Name Value Confidence
File Path: /Users/lukaszlenart/.m2/repository/org/apache/struts/struts2-core/2.6-SNAPSHOT/struts2-core-2.6-SNAPSHOT.jar/org/apache/struts2/static/optiontransferselect.jsMD5: f4194635b442cd6a9354132eb1f5c544SHA1: 51fd3c3d66bed260a48bcc1bc9f56c799acab501SHA256: 2028278976d9adfaa90186556cca99bbd476df3818155161d877272b738cc762Referenced In Project/Scope: Struts 2 TestNG Plugin:compile
Evidence Type Source Name Value Confidence
File Path: /Users/lukaszlenart/.m2/repository/org/apache/struts/struts2-core/2.6-SNAPSHOT/struts2-core-2.6-SNAPSHOT.jar/org/apache/struts2/static/utils.jsMD5: a1287feb0882f494dc6ebfbdcb2c8d6aSHA1: 61201962d41fec8139c940c5a1468796d49a6139SHA256: 309abee1bddd03fe16c196e2cc00b58318ff707764824d9b71a38f667736720dReferenced In Project/Scope: Struts 2 TestNG Plugin:compile
Evidence Type Source Name Value Confidence
File Path: /Users/lukaszlenart/.m2/repository/org/apache/struts/struts2-core/2.6-SNAPSHOT/struts2-core-2.6-SNAPSHOT.jar/template/xhtml/validation.jsMD5: dea68bdb50b41aee5fc61170e3faf14eSHA1: affda7d0fecb0d16b9ebfc119833ec50ee920b4bSHA256: fdbcbc87e6495252ff1d697712e1604733d1cf6299b2f7075fdc27c2fa23687eReferenced In Project/Scope: Struts 2 TestNG Plugin:compile
Evidence Type Source Name Value Confidence
File Path: /Users/lukaszlenart/.m2/repository/org/apache/struts/struts2-core/2.6-SNAPSHOT/struts2-core-2.6-SNAPSHOT.jar/template/css_xhtml/validation.jsMD5: c66d23a2391879f74077a1af7888ede7SHA1: c4c980b34207fbca373f2032c770371606220da2SHA256: ec4dc0658f00c3a64e9a890565a3dfb71678babb484d2960c22f123c10f2c03cReferenced In Project/Scope: Struts 2 TestNG Plugin:compile
Evidence Type Source Name Value Confidence
File Path: /Users/lukaszlenart/.m2/repository/org/apache/struts/struts2-core/2.6-SNAPSHOT/struts2-core-2.6-SNAPSHOT.jar/org/apache/struts2/interceptor/debugging/webconsole.jsMD5: a7202aefd2637c63ee607db0a608c6deSHA1: 5618fb1f032d4972287158e5754570992448695dSHA256: 9ab03200e9abb3ddb95ee83321b518d660ba0734683c3a6844c633a5c5dbabfdReferenced In Project/Scope: Struts 2 TestNG Plugin:compile
Evidence Type Source Name Value Confidence
Description:
Testing framework for Java License:
Apache Version 2.0, January 2004 File Path: /Users/lukaszlenart/.m2/repository/org/testng/testng/6.9.10/testng-6.9.10.jar
MD5: 83e26cb672a81f5bbda139436ef4d8d0
SHA1: 6feb3e964aeb7097aff30c372aac3ec0f8d87ede
SHA256: 240ae7bbcf066aadff967b42a27a697693bf5a4e6a5ff4bf339b6bfe371288e4
Referenced In Project/Scope: Struts 2 TestNG Plugin:compile
Evidence Type Source Name Value Confidence Vendor Manifest build-date 2015-12-16 Low Vendor pom artifactid testng Low Vendor file name testng High Vendor jar package name testng Highest Vendor pom url http://github.com/cbeust/testng Highest Vendor Manifest bundle-symbolicname org.testng Medium Vendor pom name testng High Vendor Manifest build-time 01:14:26.500+0400 Low Vendor pom groupid testng Highest Vendor pom groupid org.testng Highest Product Manifest build-date 2015-12-16 Low Product Manifest Bundle-Name testng Medium Product Manifest specification-title testng Medium Product file name testng High Product jar package name testng Highest Product pom artifactid testng Highest Product Manifest bundle-symbolicname org.testng Medium Product pom name testng High Product Manifest build-time 01:14:26.500+0400 Low Product pom groupid testng Highest Product pom url http://github.com/cbeust/testng Medium Version file version 6.9.10 High Version Manifest Bundle-Version 6.9.10 High Version Manifest specification-version 6.9.10 High Version pom version 6.9.10 Highest
File Path: /Users/lukaszlenart/.m2/repository/org/testng/testng/6.9.10/testng-6.9.10.jar/jquery-1.7.1.min.jsMD5: ddb84c1587287b2df08966081ef063bfSHA1: 9eb9ac595e9b5544e2dc79fff7cd2d0b4b5ef71fSHA256: 88171413fc76dda23ab32baa17b11e4fff89141c633ece737852445f1ba6c1bdReferenced In Project/Scope: Struts 2 TestNG Plugin:compile
Evidence Type Source Name Value Confidence Vendor file name jquery High Product file name jquery High Version file version 1.7.1.min High
Published Vulnerabilities CVE-2012-6708 suppress
jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 1.9.0 CVE-2015-9251 suppress
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:oracle:healthcare_foundation:7.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_workforce_management_software:1.64.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:* versions from (including) 8.0.5; versions up to (including) 8.0.7 cpe:2.3:a:oracle:retail_workforce_management_software:1.60.9:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:endeca_information_discovery_studio:3.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:webcenter_sites:11.1.1.8.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_management:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.6 cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:siebel_ui_framework:18.10:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_reporting_and_analytics:9.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_interactive_session_recorder:6.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_interactive_session_recorder:6.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.6 cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:* cpe:2.3:a:oracle:real-time_scheduler:2.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_sales_audit:15.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:* versions from (including) 4.3.0.1; versions up to (including) 4.3.0.4 cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.7 cpe:2.3:a:oracle:utilities_mobile_workforce_management:2.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_cruise_fleet_management:9.0.11:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.3:*:*:*:*:*:*:* cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 3.0.0 cpe:2.3:a:oracle:communications_interactive_session_recorder:6.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.0; versions up to (including) 8.0.7 cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.1; versions up to (including) 17.12 cpe:2.3:a:oracle:siebel_ui_framework:18.11:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:* cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:retail_allocation:15.0.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_invoice_matching:15.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:oss_support_tools:19.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:* versions up to (excluding) 7.2 cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:enterprise_operations_monitor:4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_operations_monitor:3.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:* versions up to (excluding) 7.0.0.1 cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:* versions up to (excluding) 6.1.0.4.0 cpe:2.3:a:oracle:jdeveloper:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 7.3.3; versions up to (including) 7.3.5 cpe:2.3:a:oracle:business_process_management_suite:11.1.1.9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.1:*:*:*:*:*:*:* CVE-2019-11358 suppress
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.5.0; versions up to (excluding) 8.5.15 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.6.0; versions up to (excluding) 8.6.15 cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.66 cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.12.0; versions up to (excluding) 1.12.6 cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.11.0; versions up to (excluding) 1.11.9 Regex in its jQuery.htmlPrefilter sometimes may introduce XSS (RETIREJS)suppress
Regex in its jQuery.htmlPrefilter sometimes may introduce XSS Unscored:
References:
File Path: /Users/lukaszlenart/.m2/repository/org/testng/testng/6.9.10/testng-6.9.10.jar/testng-reports.jsMD5: 4311beca6e78e253ebd35f4f8c46166dSHA1: f40c090d15e2e6eb179b4eb3919c365afe882adeSHA256: 45616558165413f0bc3f315e6bd52f7f4238d384169b3355e2e0465a611642cbReferenced In Project/Scope: Struts 2 TestNG Plugin:compile
Evidence Type Source Name Value Confidence
Suppressed Vulnerabilities bsh-2.0b4.jar Description:
BeanShell File Path: /Users/lukaszlenart/.m2/repository/org/beanshell/bsh/2.0b4/bsh-2.0b4.jarMD5: a1c60aa83c9c9a6cb2391c1c1b85eb00SHA1: a05f0a0feefa8d8467ac80e16e7de071489f0d9cSHA256: 91395c07885839a8c6986d5b7c577cd9bacf01bf129c89141f35e8ea858427b6
Evidence Type Source Name Value Confidence Vendor Manifest specification-vendor http://www.beanshell.org/ Low Vendor Manifest Implementation-Vendor Pat Niemeyer (pat@pat.net) High Vendor file name bsh High Vendor pom groupid beanshell Highest Vendor pom parent-groupid org.beanshell Medium Vendor pom parent-artifactid beanshell Low Vendor pom name BeanShell High Vendor pom artifactid bsh Low Vendor hint analyzer vendor beanshell_project Highest Vendor pom groupid org.beanshell Highest Vendor jar package name org Highest Vendor jar package name bsh Highest Product pom name BeanShell High Product Manifest specification-title BeanShell Medium Product jar package name org Highest Product pom parent-artifactid beanshell Medium Product file name bsh High Product pom artifactid bsh Highest Product pom groupid beanshell Highest Product hint analyzer product beanshell Highest Product jar package name bsh Highest Product pom parent-groupid org.beanshell Medium Version pom version 2.0b4 Highest
Suppressed Vulnerabilities CVE-2016-2510 (OSSINDEX) suppressed
BeanShell (bsh) before 2.0b6, when included on the classpath by an application that uses Java serialization or XStream, allows remote attackers to execute arbitrary code via crafted serialized data, related to XThis.Handler. Notes: file name: bsh-2.0b4.jar
CVSSv3:
HIGH (8.1) /AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.beanshell:bsh:2.0b4:*:*:*:*:*:*:*