Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

How to read the report | Suppressing false positives | Getting Help: github issues

Project: Struts 2

org.apache.struts:struts2-parent:2.6-SNAPSHOT

Scan Information (show all):

Summary

Display: Showing Vulnerable Dependencies (click to show all)

DependencyVulnerability IDsPackageHighest SeverityCVE CountConfidenceEvidence Count
animal-sniffer-annotations-1.9.jarpkg:maven/org.codehaus.mojo/animal-sniffer-annotations@1.9 025
aopalliance-1.0.jarpkg:maven/aopalliance/aopalliance@1.0 019
asm-3.3.1.jarpkg:maven/asm/asm@3.3.1 017
asm-7.3.1.jarpkg:maven/org.ow2.asm/asm@7.3.1 036
asm-analysis-7.3.1.jarpkg:maven/org.ow2.asm/asm-analysis@7.3.1 042
asm-commons-7.3.1.jarpkg:maven/org.ow2.asm/asm-commons@7.3.1 040
asm-tree-7.3.1.jarpkg:maven/org.ow2.asm/asm-tree@7.3.1 040
aspectjweaver-1.8.9.jarpkg:maven/org.aspectj/aspectjweaver@1.8.9 028
bootstrap.min.jspkg:javascript/bootstrap@3.3.4MEDIUM43
bsh-2.0b4.jarcpe:2.3:a:beanshell:beanshell:2.0.b4:*:*:*:*:*:*:*pkg:maven/org.beanshell/bsh@2.0b4 0Highest23
cglib-2.2.2.jarpkg:maven/cglib/cglib@2.2.2 019
classmate-1.3.4.jarpkg:maven/com.fasterxml/classmate@1.3.4 047
classworlds-1.1.jarpkg:maven/classworlds/classworlds@1.1 027
commons-beanutils-1.9.4.jarcpe:2.3:a:apache:commons_beanutils:1.9.4:*:*:*:*:*:*:*pkg:maven/commons-beanutils/commons-beanutils@1.9.4 0Highest41
commons-collections-3.2.2.jarcpe:2.3:a:apache:commons_collections:3.2.2:*:*:*:*:*:*:*pkg:maven/commons-collections/commons-collections@3.2.2 0Highest41
commons-digester-2.1.jarpkg:maven/commons-digester/commons-digester@2.1 037
commons-digester3-3.2.jarpkg:maven/org.apache.commons/commons-digester3@3.2 041
commons-fileupload-1.4.jarcpe:2.3:a:apache:commons_fileupload:1.4:*:*:*:*:*:*:*pkg:maven/commons-fileupload/commons-fileupload@1.4 0Highest40
commons-io-2.6.jarpkg:maven/commons-io/commons-io@2.6 040
commons-jci-fam-1.1.jarpkg:maven/org.apache.commons/commons-jci-fam@1.1 034
commons-lang3-3.10.jarpkg:maven/org.apache.commons/commons-lang3@3.10 040
commons-logging-1.2.jarpkg:maven/commons-logging/commons-logging@1.2 036
commons-text-1.8.jarpkg:maven/org.apache.commons/commons-text@1.8 041
domTT.js 00
dwr-3.0.2-RELEASE.jarcpe:2.3:a:directwebremoting:direct_web_remoting:3.0.2:release:*:*:*:*:*:*pkg:maven/org.directwebremoting/dwr@3.0.2-RELEASE 0High21
dwr-3.0.2-RELEASE.jar: DWRActionUtil.js 00
dwr-3.0.2-RELEASE.jar: dwr-bayeux.js 00
dwr-3.0.2-RELEASE.jar: engine.js 00
dwr-3.0.2-RELEASE.jar: util.js 00
freemarker-2.3.30.jarpkg:maven/org.freemarker/freemarker@2.3.30 044
google-collections-1.0.jarpkg:maven/com.google.collections/google-collections@1.0 029
google-gxp-0.2.4-beta.jarpkg:maven/com.google.gxp/google-gxp@0.2.4-beta 030
guava-19.0.jarcpe:2.3:a:google:guava:19.0:*:*:*:*:*:*:*pkg:maven/com.google.guava/guava@19.0MEDIUM1Highest22
guice-4.1.0-no_aop.jarpkg:maven/com.google.inject/guice@4.1.0 028
hamcrest-core-1.3.jarpkg:maven/org.hamcrest/hamcrest-core@1.3 026
hibernate-validator-6.1.2.Final.jarcpe:2.3:a:hibernate:hibernate-validator:6.1.2:*:*:*:*:*:*:*
cpe:2.3:a:redhat:hibernate_validator:6.1.2:*:*:*:*:*:*:*
pkg:maven/org.hibernate.validator/hibernate-validator@6.1.2.Final 0Highest36
inputtransferselect.js 00
jackson-core-2.10.3.jarcpe:2.3:a:fasterxml:jackson:2.10.3:*:*:*:*:*:*:*pkg:maven/com.fasterxml.jackson.core/jackson-core@2.10.3 0Highest45
jackson-databind-2.10.3.jarcpe:2.3:a:fasterxml:jackson:2.10.3:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:2.10.3:*:*:*:*:*:*:*
pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.10.3 0Highest39
jakarta.activation-api-1.2.1.jarpkg:maven/jakarta.activation/jakarta.activation-api@1.2.1 032
jakarta.validation-api-2.0.2.jarpkg:maven/jakarta.validation/jakarta.validation-api@2.0.2 029
jakarta.xml.bind-api-2.3.2.jarpkg:maven/jakarta.xml.bind/jakarta.xml.bind-api@2.3.2 029
javassist-3.24.1-GA.jarpkg:maven/org.javassist/javassist@3.24.1-GA 026
javax.el-3.0.1-b11.jarpkg:maven/org.glassfish/javax.el@3.0.1-b11 040
javax.inject-1.jarpkg:maven/javax.inject/javax.inject@1 019
jboss-logging-3.3.2.Final.jarpkg:maven/org.jboss.logging/jboss-logging@3.3.2.Final 045
jcl-over-slf4j-1.7.6.jarpkg:maven/org.slf4j/jcl-over-slf4j@1.7.6 025
jcommander-1.48.jarpkg:maven/com.beust/jcommander@1.48 020
jcommander-1.72.jarpkg:maven/com.beust/jcommander@1.72 023
jquery-1.3.2.min.jspkg:javascript/jquery@1.3.2.minMEDIUM43
jquery-2.1.4.min.jspkg:javascript/jquery@2.1.4.minmedium33
jquery-ui-1.7.1.custom.min.js 00
jshint.conf.js 00
json-simple-3.0.2.jarpkg:maven/com.github.cliftonlabs/json-simple@3.0.2 023
juneau-marshall-8.1.3.jarpkg:maven/org.apache.juneau/juneau-marshall@8.1.3 032
junit-4.13.jarpkg:maven/junit/junit@4.13 028
log4j-core-2.13.1.jarcpe:2.3:a:apache:log4j:2.13.1:*:*:*:*:*:*:*pkg:maven/org.apache.logging.log4j/log4j-core@2.13.1 0Highest50
ognl-3.2.14.jarcpe:2.3:a:ognl_project:ognl:3.2.14:*:*:*:*:*:*:*pkg:maven/ognl/ognl@3.2.14 0Highest20
optiontransferselect.js 00
org.apache.felix.framework-6.0.3.jarpkg:maven/org.apache.felix/org.apache.felix.framework@6.0.3 039
org.apache.felix.main-6.0.3.jarpkg:maven/org.apache.felix/org.apache.felix.main@6.0.3 035
org.apache.felix.shell-1.4.3.jarpkg:maven/org.apache.felix/org.apache.felix.shell@1.4.3 035
org.apache.felix.shell.tui-1.4.1.jarpkg:maven/org.apache.felix/org.apache.felix.shell.tui@1.4.1 031
org.osgi.compendium-4.0.0.jarpkg:maven/org.osgi/org.osgi.compendium@4.0.0 015
org.osgi.core-4.3.1.jarpkg:maven/%0A%20%20%20%20org.osgi%0A%20%20/%0A%20%20%20%20org.osgi.core%0A%20%20@%0A%20%20%20%204.3.1%0A%20%20
pkg:maven/org.osgi/org.osgi.core@4.3.1
 028
oval-1.90.jarcpe:2.3:a:apache:groovy:1.90:*:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:1.90:*:*:*:*:*:*:*
cpe:2.3:a:jruby:jruby:1.90:*:*:*:*:*:*:*
cpe:2.3:a:xstream_project:xstream:1.90:*:*:*:*:*:*:*
pkg:maven/net.sf.oval/oval@1.90CRITICAL2Low45
plexus-container-default-1.0-alpha-10.jarpkg:maven/org.codehaus.plexus/plexus-container-default@1.0-alpha-10 026
plexus-utils-1.2.jarpkg:maven/org.codehaus.plexus/plexus-utils@1.2 026
portlet-api-2.0.jarpkg:maven/javax.portlet/portlet-api@2.0 021
prettify.js 00
shell.js 00
sitemesh-2.4.2.jarpkg:maven/opensymphony/sitemesh@2.4.2 027
slf4j-api-1.7.30.jarpkg:maven/org.slf4j/slf4j-api@1.7.30 029
slf4j-simple-1.7.30.jarpkg:maven/org.slf4j/slf4j-simple@1.7.30 029
snakeyaml-1.21.jarcpe:2.3:a:snakeyaml_project:snakeyaml:1.21:*:*:*:*:*:*:*pkg:maven/org.yaml/snakeyaml@1.21 0Highest26
spring-core-4.3.26.RELEASE.jarcpe:2.3:a:pivotal_software:spring_framework:4.3.26:release:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:4.3.26:release:*:*:*:*:*:*
cpe:2.3:a:vmware:springsource_spring_framework:4.3.26:release:*:*:*:*:*:*
pkg:maven/org.springframework/spring-core@4.3.26.RELEASE 0Highest28
stax2-api-4.2.jarpkg:maven/org.codehaus.woodstox/stax2-api@4.2 048
struts-annotations-1.0.7.jarpkg:maven/org.apache.struts/struts-annotations@1.0.7 031
struts2-core-2.6-SNAPSHOT.jarcpe:2.3:a:apache:struts:2.6:snapshot:*:*:*:*:*:*pkg:maven/org.apache.struts/struts2-core@2.6-20200419.094131-295
pkg:maven/org.apache.struts/struts2-core@2.6-SNAPSHOT
 0Highest38
struts2-tiles-plugin-2.6-SNAPSHOT.jarcpe:2.3:a:apache:struts:2.6:snapshot:*:*:*:*:*:*
cpe:2.3:a:apache:tiles:2.6:snapshot:*:*:*:*:*:*
pkg:maven/org.apache.struts/struts2-tiles-plugin@2.6-20200419.094552-294
pkg:maven/org.apache.struts/struts2-tiles-plugin@2.6-SNAPSHOT
 0Highest39
testng-6.9.10.jarpkg:maven/org.testng/testng@6.9.10 025
testng-6.9.10.jar: jquery-1.7.1.min.jspkg:javascript/jquery@1.7.1.minmedium43
testng-6.9.10.jar: testng-reports.js 00
testng-7.1.0.jarpkg:maven/org.testng/testng@7.1.0 017
testng-7.1.0.jar: jquery-3.4.1.min.jspkg:javascript/jquery@3.4.1.minmedium13
testng-7.1.0.jar: testng-reports.js 00
tiles-autotag-core-runtime-1.2.jarcpe:2.3:a:apache:tiles:1.2:*:*:*:*:*:*:*pkg:maven/org.apache.tiles/tiles-autotag-core-runtime@1.2 0Highest34
tiles-core-3.0.8.jarcpe:2.3:a:apache:tiles:3.0.8:*:*:*:*:*:*:*pkg:maven/org.apache.tiles/tiles-core@3.0.8 0Highest31
tiles-ognl-3.0.8.jarcpe:2.3:a:apache:tiles:3.0.8:*:*:*:*:*:*:*
cpe:2.3:a:ognl_project:ognl:3.0.8:*:*:*:*:*:*:*
pkg:maven/org.apache.tiles/tiles-ognl@3.0.8MEDIUM1Highest33
tiles-request-api-1.0.7.jarcpe:2.3:a:apache:tiles:1.0.7:*:*:*:*:*:*:*pkg:maven/org.apache.tiles/tiles-request-api@1.0.7 0Highest33
tomcat-juli-8.5.53.jarcpe:2.3:a:apache_software_foundation:tomcat:8.5.53:*:*:*:*:*:*:*pkg:maven/org.apache.tomcat/tomcat-juli@8.5.53 0Highest22
utils.js 00
validation-api-2.0.1.Final.jarpkg:maven/javax.validation/validation-api@2.0.1.Final 023
validation.js 00
validation.js 00
velocity-engine-core-2.2.jarpkg:maven/org.apache.velocity/velocity-engine-core@2.2 038
velocity-tools-generic-3.0.jarpkg:maven/org.apache.velocity.tools/velocity-tools-generic@3.0 031
velocity-tools-view-3.0.jarpkg:maven/org.apache.velocity.tools/velocity-tools-view@3.0 031
velocity-tools-view-jsp-3.0.jarpkg:maven/org.apache.velocity.tools/velocity-tools-view-jsp@3.0 031
webconsole.js 00
woodstox-core-6.1.1.jarpkg:maven/com.fasterxml.woodstox/woodstox-core@6.1.1 041
woodstox-core-6.1.1.jar (shaded: com.sun.xml.bind.jaxb:isorelax:20090621)pkg:maven/com.sun.xml.bind.jaxb/isorelax@20090621 012
woodstox-core-6.1.1.jar (shaded: net.java.dev.msv:xsdlib:2013.6.1)pkg:maven/net.java.dev.msv/xsdlib@2013.6.1 09
xmlpull-1.1.3.1.jarpkg:maven/xmlpull/xmlpull@1.1.3.1 017
xpp3_min-1.1.4c.jarpkg:maven/xpp3/xpp3_min@1.1.4c 023
xstream-1.4.11.1.jarcpe:2.3:a:xstream_project:xstream:1.4.11.1:*:*:*:*:*:*:*pkg:maven/com.thoughtworks.xstream/xstream@1.4.11.1 0Highest59

Dependencies

animal-sniffer-annotations-1.9.jar

File Path: /Users/lukaszlenart/.m2/repository/org/codehaus/mojo/animal-sniffer-annotations/1.9/animal-sniffer-annotations-1.9.jar
MD5: 41f47a4c81b5a9f76bc7f12af69e4fbe
SHA1: c29299253a087898aaff7f4eac57effa46b1910a
SHA256:cd96feeb47f34b2559704715db7b179a03a3721f9dc4092c345c718e29b42de4
Referenced In Projects/Scopes:

  • Struts 2 OSGi Demo Bundle:compile
  • Struts 2 OSGi Admin Bundle:compile
  • Struts 2 Assembly:compile
  • Struts 2 OSGi Plugin:compile

Identifiers

aopalliance-1.0.jar

Description:

AOP Alliance

License:

Public Domain
File Path: /Users/lukaszlenart/.m2/repository/aopalliance/aopalliance/1.0/aopalliance-1.0.jar
MD5: 04177054e180d09e3998808efa0401c7
SHA1: 0235ba8b489512805ac13a8f9ea77a1ca5ebe3e8
SHA256:0addec670fedcd3f113c5c8091d783280d23f75e3acb841b61a9cdb079376a08
Referenced In Projects/Scopes:
  • Struts 2 Assembly:compile
  • Struts 2 Core:compile

Identifiers

asm-3.3.1.jar

File Path: /Users/lukaszlenart/.m2/repository/asm/asm/3.3.1/asm-3.3.1.jar
MD5: 1ad1e8959324b0f680b8e62406955642
SHA1: 1d5f20b4ea675e6fab6ab79f1cd60ec268ddc015
SHA256:c2b39275f8e951bc74750080a1266cdabc39399bc5e13d642bf2d346449df7f3
Referenced In Projects/Scopes:

  • Struts 2 JUnit Plugin:compile
  • Struts 2 Rest Showcase Webapp:compile
  • Struts 2 OSGi Demo Bundle:compile
  • Struts 2 Velocity Plugin:compile
  • Struts 2 OSGi Admin Bundle:compile
  • Struts 2 Configuration Browser Plugin:compile
  • DEPRECATED: Struts 2 Embedded JSP Plugin:compile
  • Struts 2 Sitemesh Plugin:compile
  • Struts 2 Portlet Plugin:compile
  • Struts 2 Showcase Webapp:compile
  • Struts 2 Assembly:compile
  • Struts 2 Portlet Tiles Plugin:compile
  • Struts 2 OSGi Plugin:compile

Identifiers

asm-7.3.1.jar

Description:

ASM, a very small and fast Java bytecode manipulation framework

License:

BSD-3-Clause: https://asm.ow2.io/license.html
File Path: /Users/lukaszlenart/.m2/repository/org/ow2/asm/asm/7.3.1/asm-7.3.1.jar
MD5: 542c066ed00a4fa9857e9343e2c595b9
SHA1: 7ec32f922315924e82bf58b36ee1b673b2a9b820
SHA256:2f67e11ceec819ebd88ddee5300aba699b1cbab2e20c22e97cf027d3be93959b
Referenced In Projects/Scopes:
  • Struts 2 Convention Plugin:compile
  • Struts 2 Rest Showcase Webapp:compile
  • Struts 2 OSGi Demo Bundle:compile
  • Struts 2 Showcase Webapp:compile
  • Struts 2 Assembly:compile

Identifiers

asm-analysis-7.3.1.jar

Description:

Static code analysis API of ASM, a very small and fast Java bytecode manipulation framework

License:

BSD-3-Clause: https://asm.ow2.io/license.html
File Path: /Users/lukaszlenart/.m2/repository/org/ow2/asm/asm-analysis/7.3.1/asm-analysis-7.3.1.jar
MD5: b5b082ef17f6d6bb3d8ed9c129161bdb
SHA1: 045dfd299ea0c17d534499c4f06417ceccfa2d02
SHA256:46b8a8efd4b94facb5ab4b35afe30ee0546ae7a43d2c64e6def56c2f168fefa5
Referenced In Projects/Scopes:
  • Struts 2 Convention Plugin:compile
  • Struts 2 Rest Showcase Webapp:compile
  • Struts 2 OSGi Demo Bundle:compile
  • Struts 2 Showcase Webapp:compile
  • Struts 2 Assembly:compile

Identifiers

asm-commons-7.3.1.jar

Description:

Usefull class adapters based on ASM, a very small and fast Java bytecode manipulation framework

License:

BSD-3-Clause: https://asm.ow2.io/license.html
File Path: /Users/lukaszlenart/.m2/repository/org/ow2/asm/asm-commons/7.3.1/asm-commons-7.3.1.jar
MD5: be985ed0af52424f8f5d27ec71c249ab
SHA1: daaa79ef260eb67404b9a52bc319a024c7f49cfe
SHA256:87cd8bb3c6bf6bcbb33fca48060c5065f66ebf6a3d7de9bf18bff51bcf156ebc
Referenced In Projects/Scopes:
  • Struts 2 Convention Plugin:compile
  • Struts 2 Rest Showcase Webapp:compile
  • Struts 2 OSGi Demo Bundle:compile
  • Struts 2 Showcase Webapp:compile
  • Struts 2 Assembly:compile

Identifiers

asm-tree-7.3.1.jar

Description:

Tree API of ASM, a very small and fast Java bytecode manipulation framework

License:

BSD-3-Clause: https://asm.ow2.io/license.html
File Path: /Users/lukaszlenart/.m2/repository/org/ow2/asm/asm-tree/7.3.1/asm-tree-7.3.1.jar
MD5: 3ef0bd9837a905e0b2d443de9199a409
SHA1: 587ce54d243145b2e89598bfcea7823ded73be5d
SHA256:f91a4a8aa868c5c4665bb4fd134019a91f9f8b9216527fba295e3c8b5422b78b
Referenced In Projects/Scopes:
  • Struts 2 Convention Plugin:compile
  • Struts 2 Rest Showcase Webapp:compile
  • Struts 2 OSGi Demo Bundle:compile
  • Struts 2 Showcase Webapp:compile
  • Struts 2 Assembly:compile

Identifiers

aspectjweaver-1.8.9.jar

Description:

The AspectJ weaver introduces advices to java classes

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/legal/epl-v10.html
File Path: /Users/lukaszlenart/.m2/repository/org/aspectj/aspectjweaver/1.8.9/aspectjweaver-1.8.9.jar
MD5: 304a51bce49f52a26bb79f3fd0b58325
SHA1: db28774f477f07220eac18d5ec9c4e01f48589d7
SHA256:5e41d39eca300e2d8e6067f5660d70dcc66ec2da9cbd46a3d5985e609d1e6ecf
Referenced In Project/Scope:Struts 2 Core:compile

Identifiers

bootstrap.min.js

File Path: /Users/lukaszlenart/Projects/Apache/struts/apps/showcase/src/main/webapp/js/bootstrap.min.js
MD5: 8c237312864d2e4c4f03544cd4f9b195
SHA1: 253711c6d825de55a8360552573be950da180614
SHA256:d5fd173d00d9733900834e0e1083de86b532e048b15c0420ba5c2db0623644b8
Referenced In Project/Scope:Struts 2 Showcase Webapp

Identifiers

CVE-2018-14040  

In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha5:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta3:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha2:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha6:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions from (including) 4.0.0; versions up to (excluding) 4.1.2
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha4:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha3:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta2:*:*:*:*:*:*

CVE-2018-14041  

In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha5:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta3:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha2:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha6:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions from (including) 4.0.0; versions up to (excluding) 4.1.2
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha4:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha3:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta2:*:*:*:*:*:*

CVE-2018-14042  

In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha5:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta3:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha2:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha6:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions from (including) 4.0.0; versions up to (excluding) 4.1.2
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha4:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha3:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta2:*:*:*:*:*:*

CVE-2019-8331  

In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (including) 12.1.4
  • cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (including) 14.1.0
  • cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (including) 12.1.4
  • cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (including) 13.1.1
  • cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (including) 13.1.1
  • cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (including) 12.1.4
  • cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (including) 12.1.4
  • cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (including) 12.1.4
  • cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (including) 12.1.4
  • cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (including) 13.1.1
  • cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (including) 13.1.1
  • cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (including) 13.1.1
  • cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (including) 12.1.4
  • cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (including) 12.1.4
  • cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (including) 13.1.1
  • cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (including) 13.1.1
  • cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (including) 13.1.1
  • cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (including) 13.1.1
  • cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (including) 14.1.0
  • cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (including) 12.1.4
  • cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (including) 14.1.0
  • cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (including) 14.1.0
  • cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (including) 13.1.1
  • cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (including) 14.1.0
  • cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (including) 14.1.0
  • cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (including) 12.1.4
  • cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (including) 14.1.0
  • cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (including) 14.1.0
  • cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (including) 13.1.1
  • cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (including) 12.1.4
  • cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (including) 13.1.1
  • cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 13.0.0; versions up to (including) 13.1.1
  • cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (including) 14.1.0
  • cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (including) 12.1.4
  • cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (including) 14.1.0
  • cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (including) 14.1.0
  • cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (including) 14.1.0
  • cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* versions from (including) 14.0.0; versions up to (including) 14.1.0
  • cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.1
  • cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 12.1.0; versions up to (including) 12.1.4
  • cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions from (including) 4.3.0; versions up to (excluding) 4.3.1

bsh-2.0b4.jar

Description:

BeanShell

File Path: /Users/lukaszlenart/.m2/repository/org/beanshell/bsh/2.0b4/bsh-2.0b4.jar
MD5: a1c60aa83c9c9a6cb2391c1c1b85eb00
SHA1: a05f0a0feefa8d8467ac80e16e7de071489f0d9c
SHA256:91395c07885839a8c6986d5b7c577cd9bacf01bf129c89141f35e8ea858427b6
Referenced In Project/Scope:Struts 2 TestNG Plugin:compile

Identifiers

cglib-2.2.2.jar

Description:

Code generation library

License:

ASF 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/lukaszlenart/.m2/repository/cglib/cglib/2.2.2/cglib-2.2.2.jar
MD5: b3f681be48fce094cf01a045f5bdca6f
SHA1: a47a971686474124562bdd4a7ccbd8ac8c3e8b11
SHA256:a93e4485d274277177480c4afe6ddd8355cda1cacfe356c134e25d65193935fd
Referenced In Projects/Scopes:
  • Struts 2 JUnit Plugin:compile
  • Struts 2 Rest Showcase Webapp:compile
  • Struts 2 OSGi Demo Bundle:compile
  • Struts 2 Velocity Plugin:compile
  • Struts 2 OSGi Admin Bundle:compile
  • Struts 2 Configuration Browser Plugin:compile
  • DEPRECATED: Struts 2 Embedded JSP Plugin:compile
  • Struts 2 Sitemesh Plugin:compile
  • Struts 2 Portlet Plugin:compile
  • Struts 2 Showcase Webapp:compile
  • Struts 2 Assembly:compile
  • Struts 2 Portlet Tiles Plugin:compile
  • Struts 2 OSGi Plugin:compile

Identifiers

classmate-1.3.4.jar

Description:

Library for introspecting types with full generic information
        including resolving of field and method types.
    

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/lukaszlenart/.m2/repository/com/fasterxml/classmate/1.3.4/classmate-1.3.4.jar
MD5: 1e2e0fcc510753882683417e01895242
SHA1: 03d5f48f10bbe4eb7bd862f10c0583be2e0053c6
SHA256:c2bfcc21467351d0f9a1558822b72dbac2b21f6b9f700a44fc6b345491ef3c88
Referenced In Project/Scope:Struts 2 Showcase Webapp:compile

Identifiers

classworlds-1.1.jar

File Path: /Users/lukaszlenart/.m2/repository/classworlds/classworlds/1.1/classworlds-1.1.jar
MD5: c20629baa65f1f2948b37aa393b0310b
SHA1: 60c708f55deeb7c5dfce8a7886ef09cbc1388eca
SHA256:4e3e0ad158ec60917e0de544c550f31cd65d5a97c3af1c1968bf427e4a9df2e4
Referenced In Projects/Scopes:

  • Struts 2 Plexus Plugin:compile
  • Struts 2 Assembly:compile

Identifiers

commons-beanutils-1.9.4.jar

Description:

Apache Commons BeanUtils provides an easy-to-use but flexible wrapper around reflection and introspection.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/lukaszlenart/.m2/repository/commons-beanutils/commons-beanutils/1.9.4/commons-beanutils-1.9.4.jar
MD5: 07dc532ee316fe1f2f0323e9bd2f8df4
SHA1: d52b9abcd97f38c81342bb7e7ae1eee9b73cba51
SHA256:7d938c81789028045c08c065e94be75fc280527620d5bd62b519d5838532368a
Referenced In Projects/Scopes:
  • Struts 2 JUnit Plugin:compile
  • Struts 2 Rest Showcase Webapp:compile
  • Struts 2 OSGi Demo Bundle:compile
  • Struts 2 REST Plugin:compile
  • Struts 2 Velocity Plugin:compile
  • Struts 2 OSGi Admin Bundle:compile
  • Struts 2 Configuration Browser Plugin:compile
  • DEPRECATED: Struts 2 Embedded JSP Plugin:compile
  • Struts 2 Bean Validation Plugin:compile
  • Struts 2 Sitemesh Plugin:compile
  • Struts 2 Portlet Plugin:compile
  • Struts 2 Showcase Webapp:compile
  • Struts 2 Tiles Plugin:compile
  • Struts 2 Assembly:compile
  • Struts 2 Portlet Tiles Plugin:compile
  • Struts 2 OSGi Plugin:compile

Identifiers

commons-collections-3.2.2.jar

Description:

Types that extend and augment the Java Collections Framework.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/lukaszlenart/.m2/repository/commons-collections/commons-collections/3.2.2/commons-collections-3.2.2.jar
MD5: f54a8510f834a1a57166970bfc982e94
SHA1: 8ad72fe39fa8c91eaaf12aadb21e0c3661fe26d5
SHA256:eeeae917917144a68a741d4c0dff66aa5c5c5fd85593ff217bced3fc8ca783b8
Referenced In Projects/Scopes:
  • Struts 2 JUnit Plugin:compile
  • Struts 2 Rest Showcase Webapp:compile
  • Struts 2 OSGi Demo Bundle:compile
  • Struts 2 REST Plugin:compile
  • Struts 2 Velocity Plugin:compile
  • Struts 2 OSGi Admin Bundle:compile
  • Struts 2 Configuration Browser Plugin:compile
  • DEPRECATED: Struts 2 Embedded JSP Plugin:compile
  • Struts 2 Bean Validation Plugin:compile
  • Struts 2 Sitemesh Plugin:compile
  • Struts 2 Portlet Plugin:compile
  • Struts 2 Showcase Webapp:compile
  • Struts 2 Tiles Plugin:compile
  • Struts 2 Assembly:compile
  • Struts 2 Portlet Tiles Plugin:compile
  • Struts 2 OSGi Plugin:compile

Identifiers

commons-digester-2.1.jar

Description:

    The Digester package lets you configure an XML to Java object mapping module
    which triggers certain actions called rules whenever a particular 
    pattern of nested XML elements is recognized.
  

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/lukaszlenart/.m2/repository/commons-digester/commons-digester/2.1/commons-digester-2.1.jar
MD5: 528445033f22da28f5047b6abcd1c7c9
SHA1: 73a8001e7a54a255eef0f03521ec1805dc738ca0
SHA256:e0b2b980a84fc6533c5ce291f1917b32c507f62bcad64198fff44368c2196a3d
Referenced In Projects/Scopes:
  • Struts 2 OSGi Demo Bundle:compile
  • Struts 2 OSGi Admin Bundle:compile
  • Struts 2 Showcase Webapp:compile
  • Struts 2 Tiles Plugin:compile
  • Struts 2 Assembly:compile
  • Struts 2 Portlet Tiles Plugin:compile
  • Struts 2 OSGi Plugin:compile

Identifiers

commons-digester3-3.2.jar

Description:

    The Apache Commons Digester package lets you configure an XML to Java
    object mapping module which triggers certain actions called rules whenever
    a particular pattern of nested XML elements is recognized.
  

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/lukaszlenart/.m2/repository/org/apache/commons/commons-digester3/3.2/commons-digester3-3.2.jar
MD5: 41d2c62c7aedafa7a3627794abc83f71
SHA1: c3f68c5ff25ec5204470fd8fdf4cb8feff5e8a79
SHA256:1c150e3d2df4b4237b47e28fea2079fb0da324578d5cca6a5fed2e37a62082ec
Referenced In Projects/Scopes:
  • Struts 2 JUnit Plugin:compile
  • Struts 2 Rest Showcase Webapp:compile
  • Struts 2 OSGi Demo Bundle:compile
  • Struts 2 Velocity Plugin:compile
  • Struts 2 OSGi Admin Bundle:compile
  • Struts 2 Configuration Browser Plugin:compile
  • DEPRECATED: Struts 2 Embedded JSP Plugin:compile
  • Struts 2 Sitemesh Plugin:compile
  • Struts 2 Portlet Plugin:compile
  • Struts 2 Showcase Webapp:compile
  • Struts 2 Assembly:compile
  • Struts 2 Portlet Tiles Plugin:compile
  • Struts 2 OSGi Plugin:compile

Identifiers

commons-fileupload-1.4.jar

Description:

    The Apache Commons FileUpload component provides a simple yet flexible means of adding support for multipart
    file upload functionality to servlets and web applications.
  

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/lukaszlenart/.m2/repository/commons-fileupload/commons-fileupload/1.4/commons-fileupload-1.4.jar
MD5: 0c3b924dcaaa90c3fb93fe04ae96a35e
SHA1: f95188e3d372e20e7328706c37ef366e5d7859b0
SHA256:a4ec02336f49253ea50405698b79232b8c5cbf02cb60df3a674d77a749a1def7
Referenced In Projects/Scopes:
  • Struts 2 Pell Multipart Plugin:compile
  • Struts 2 Rest Showcase Webapp:compile
  • Struts 2 Webapps:compile
  • Struts 2 Plexus Plugin:compile
  • Struts 2 JSON Plugin:compile
  • DEPRECATED: Struts 2 Embedded JSP Plugin:compile
  • Struts 2 Bean Validation Plugin:compile
  • Struts 2 Java Templates Plugin:compile
  • Struts 2 Async Plugin:compile
  • Struts 2 Convention Plugin:compile
  • Struts 2 CDI Plugin:compile
  • Struts 2 Plugins:compile
  • Struts 2 Showcase Webapp:compile
  • Struts 2 Tiles Plugin:compile
  • Struts 2 Spring Plugin:compile
  • Struts 2 Assembly:compile
  • Struts 2 OSGi Plugin:compile
  • Struts 2 GXP Plugin:compile
  • Struts 2 OVal Plugin:compile
  • Struts 2 JUnit Plugin:compile
  • Struts 2 OSGi Bundles:compile
  • Struts 2 OSGi Demo Bundle:compile
  • Struts 2 REST Plugin:compile
  • Struts 2 Velocity Plugin:compile
  • Struts 2 OSGi Admin Bundle:compile
  • Struts 2 Portlet Mocks Plugin:compile
  • Struts 2 Configuration Browser Plugin:compile
  • Struts 2 Jasper Reports Plugin:compile
  • Struts 2 Sitemesh Plugin:compile
  • Struts 2 DWR Plugin:compile
  • Struts 2 TestNG Plugin:compile
  • Struts 2 JFreeChart Plugin:compile
  • Struts 2 Core:compile
  • Struts 2 Portlet Tiles Plugin:compile

Identifiers

commons-io-2.6.jar

Description:

The Apache Commons IO library contains utility classes, stream implementations, file filters,
file comparators, endian transformation classes, and much more.
  

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/lukaszlenart/.m2/repository/commons-io/commons-io/2.6/commons-io-2.6.jar
MD5: 467c2a1f64319c99b5faf03fc78572af
SHA1: 815893df5f31da2ece4040fe0a12fd44b577afaf
SHA256:f877d304660ac2a142f3865badfc971dec7ed73c747c7f8d5d2f5139ca736513
Referenced In Projects/Scopes:
  • Struts 2 Pell Multipart Plugin:compile
  • Struts 2 Rest Showcase Webapp:compile
  • Struts 2 Webapps:compile
  • Struts 2 Plexus Plugin:compile
  • Struts 2 JSON Plugin:compile
  • DEPRECATED: Struts 2 Embedded JSP Plugin:compile
  • Struts 2 Bean Validation Plugin:compile
  • Struts 2 Java Templates Plugin:compile
  • Struts 2 Async Plugin:compile
  • Struts 2 Convention Plugin:compile
  • Struts 2 CDI Plugin:compile
  • Struts 2 Portlet Plugin:compile
  • Struts 2 Plugins:compile
  • Struts 2 Showcase Webapp:compile
  • Struts 2 Tiles Plugin:compile
  • Struts 2 Spring Plugin:compile
  • Struts 2 Assembly:compile
  • Struts 2 OSGi Plugin:compile
  • Struts 2 GXP Plugin:compile
  • Struts 2 OVal Plugin:compile
  • Struts 2 JUnit Plugin:compile
  • Struts 2 OSGi Bundles:compile
  • Struts 2 OSGi Demo Bundle:compile
  • Struts 2 REST Plugin:compile
  • Struts 2 Velocity Plugin:compile
  • Struts 2 OSGi Admin Bundle:compile
  • Struts 2 Portlet Mocks Plugin:compile
  • Struts 2 Configuration Browser Plugin:compile
  • Struts 2 Jasper Reports Plugin:compile
  • Struts 2 Sitemesh Plugin:compile
  • Struts 2 DWR Plugin:compile
  • Struts 2 TestNG Plugin:compile
  • Struts 2 JFreeChart Plugin:compile
  • Struts 2 Core:compile
  • Struts 2 Portlet Tiles Plugin:compile

Identifiers

commons-jci-fam-1.1.jar

Description:

        Commons JCI FileAlterationMonitor (FAM) to monitor local filesystems and get notified about changes.
    

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/lukaszlenart/.m2/repository/org/apache/commons/commons-jci-fam/1.1/commons-jci-fam-1.1.jar
MD5: 97f78ec23facfb57a63b8355fd90054f
SHA1: 32ae39163b0d71ad2487f71acf107a7ac2c67e5c
SHA256:b16da511a42f7454c0d28ecb5464c1a84bc7a41339112220c601f4db4cfcc85b
Referenced In Project/Scope:Struts 2 Spring Plugin:compile

Identifiers

commons-lang3-3.10.jar

Description:

  Apache Commons Lang, a package of Java utility classes for the
  classes that are in java.lang's hierarchy, or are considered to be so
  standard as to justify existence in java.lang.
  

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/lukaszlenart/.m2/repository/org/apache/commons/commons-lang3/3.10/commons-lang3-3.10.jar
MD5: 238dcae7363dd86b2e515a2a29e8b4d9
SHA1: e155460aaf5b464062a09c3923f089ce99128a17
SHA256:28968ae55fff465494083aeba856f8824c34902329882bf61e77246a91e25aa9
Referenced In Projects/Scopes:
  • Struts 2 Pell Multipart Plugin:compile
  • Struts 2 Rest Showcase Webapp:compile
  • Struts 2 Webapps:compile
  • Struts 2 Plexus Plugin:compile
  • Struts 2 JSON Plugin:compile
  • DEPRECATED: Struts 2 Embedded JSP Plugin:compile
  • Struts 2 Bean Validation Plugin:compile
  • Struts 2 Java Templates Plugin:compile
  • Struts 2 Async Plugin:compile
  • Struts 2 Convention Plugin:compile
  • Struts 2 CDI Plugin:compile
  • Struts 2 Portlet Plugin:compile
  • Struts 2 Plugins:compile
  • Struts 2 Showcase Webapp:compile
  • Struts 2 Tiles Plugin:compile
  • Struts 2 Spring Plugin:compile
  • Struts 2 Assembly:compile
  • Struts 2 OSGi Plugin:compile
  • Struts 2 GXP Plugin:compile
  • Struts 2 OVal Plugin:compile
  • Struts 2 JUnit Plugin:compile
  • Struts 2 OSGi Bundles:compile
  • Struts 2 OSGi Demo Bundle:compile
  • Struts 2 REST Plugin:compile
  • Struts 2 Velocity Plugin:compile
  • Struts 2 OSGi Admin Bundle:compile
  • Struts 2 Portlet Mocks Plugin:compile
  • Struts 2 Configuration Browser Plugin:compile
  • Struts 2 Jasper Reports Plugin:compile
  • Struts 2 Sitemesh Plugin:compile
  • Struts 2 DWR Plugin:compile
  • Struts 2 TestNG Plugin:compile
  • Struts 2 JFreeChart Plugin:compile
  • Struts 2 Core:compile
  • Struts 2 Portlet Tiles Plugin:compile

Identifiers

commons-logging-1.2.jar

Description:

Apache Commons Logging is a thin adapter allowing configurable bridging to other,
    well known logging systems.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/lukaszlenart/.m2/repository/commons-logging/commons-logging/1.2/commons-logging-1.2.jar
MD5: 040b4b4d8eac886f6b4a2a3bd2f31b00
SHA1: 4bfc12adfe4842bf07b657f0369c4cb522955686
SHA256:daddea1ea0be0f56978ab3006b8ac92834afeefbd9b7e4e6316fca57df0fa636
Referenced In Projects/Scopes:
  • Struts 2 JUnit Plugin:compile
  • Struts 2 Rest Showcase Webapp:compile
  • Struts 2 OSGi Demo Bundle:compile
  • Struts 2 REST Plugin:compile
  • Struts 2 Velocity Plugin:compile
  • Struts 2 OSGi Admin Bundle:compile
  • Struts 2 Portlet Mocks Plugin:compile
  • Struts 2 Configuration Browser Plugin:compile
  • DEPRECATED: Struts 2 Embedded JSP Plugin:compile
  • Struts 2 Bean Validation Plugin:compile
  • Struts 2 Sitemesh Plugin:compile
  • Struts 2 Portlet Plugin:compile
  • Struts 2 TestNG Plugin:compile
  • Struts 2 Showcase Webapp:compile
  • Struts 2 Spring Plugin:compile
  • Struts 2 Assembly:compile
  • Struts 2 Core:compile
  • Struts 2 Portlet Tiles Plugin:compile
  • Struts 2 OSGi Plugin:compile

Identifiers

commons-text-1.8.jar

Description:

Apache Commons Text is a library focused on algorithms working on strings.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/lukaszlenart/.m2/repository/org/apache/commons/commons-text/1.8/commons-text-1.8.jar
MD5: f2243d67b348e7175f55902cdb7e54af
SHA1: 879a6bde4c0537a25504c72ec7a94ba4099f469c
SHA256:6fe7ad4ad5349d6b77e7a0e1c9f6037108a1ee48c42e7e6eb4b18f56d324f7b2
Referenced In Projects/Scopes:
  • Struts 2 Pell Multipart Plugin:compile
  • Struts 2 Rest Showcase Webapp:compile
  • Struts 2 Webapps:compile
  • Struts 2 Plexus Plugin:compile
  • Struts 2 JSON Plugin:compile
  • DEPRECATED: Struts 2 Embedded JSP Plugin:compile
  • Struts 2 Bean Validation Plugin:compile
  • Struts 2 Java Templates Plugin:compile
  • Struts 2 Async Plugin:compile
  • Struts 2 Convention Plugin:compile
  • Struts 2 CDI Plugin:compile
  • Struts 2 Portlet Plugin:compile
  • Struts 2 Plugins:compile
  • Struts 2 Showcase Webapp:compile
  • Struts 2 Tiles Plugin:compile
  • Struts 2 Spring Plugin:compile
  • Struts 2 Assembly:compile
  • Struts 2 OSGi Plugin:compile
  • Struts 2 GXP Plugin:compile
  • Struts 2 OVal Plugin:compile
  • Struts 2 JUnit Plugin:compile
  • Struts 2 OSGi Bundles:compile
  • Struts 2 OSGi Demo Bundle:compile
  • Struts 2 REST Plugin:compile
  • Struts 2 Velocity Plugin:compile
  • Struts 2 OSGi Admin Bundle:compile
  • Struts 2 Portlet Mocks Plugin:compile
  • Struts 2 Configuration Browser Plugin:compile
  • Struts 2 Jasper Reports Plugin:compile
  • Struts 2 Sitemesh Plugin:compile
  • Struts 2 DWR Plugin:compile
  • Struts 2 TestNG Plugin:compile
  • Struts 2 JFreeChart Plugin:compile
  • Struts 2 Core:compile
  • Struts 2 Portlet Tiles Plugin:compile

Identifiers

domTT.js

File Path: /Users/lukaszlenart/Projects/Apache/struts/core/src/main/resources/org/apache/struts2/static/domTT.js
MD5: 44ed51154c7fa928005f39bbbed7d01a
SHA1: 5584aa1028220f041ff7d89c48e9e8ffeaa05256
SHA256:60c72fad5a9688fc6a143176d84814b9ea2c4c9c882b4799921b950c415b961e
Referenced In Project/Scope:Struts 2 Core

Identifiers

  • None

dwr-3.0.2-RELEASE.jar

Description:

	DWR is easy Ajax for Java. It makes it simple to call Java code directly from Javascript.
	It gets rid of almost all the boiler plate code between the web browser and your Java code.
  

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/lukaszlenart/.m2/repository/org/directwebremoting/dwr/3.0.2-RELEASE/dwr-3.0.2-RELEASE.jar
MD5: 1979e53a374c6c69ba3d85e63a528eed
SHA1: 3b3fd5901f4304021074e6c12f3bebf870524ca8
SHA256:6d1604d83ae1be09bc88e812d17211eede300d819d4863ece42aa3fc933aa704
Referenced In Projects/Scopes:
  • Struts 2 DWR Plugin:compile
  • Struts 2 Showcase Webapp:compile
  • Struts 2 Assembly:compile

Identifiers

dwr-3.0.2-RELEASE.jar: DWRActionUtil.js

File Path: /Users/lukaszlenart/.m2/repository/org/directwebremoting/dwr/3.0.2-RELEASE/dwr-3.0.2-RELEASE.jar/org/directwebremoting/webwork/DWRActionUtil.js
MD5: aa24bc4053d338ca92b23d76161b9088
SHA1: 1a376c4c0d20b1ecbdbeaeba716ca8c08abe74b6
SHA256:d0515b81fa1aca04e1a76ac9fc02c7a67d8e92a49a99f86118097e633355036c
Referenced In Projects/Scopes:

  • Struts 2 DWR Plugin:compile
  • Struts 2 Showcase Webapp:compile
  • Struts 2 Assembly:compile

Identifiers

  • None

dwr-3.0.2-RELEASE.jar: dwr-bayeux.js

File Path: /Users/lukaszlenart/.m2/repository/org/directwebremoting/dwr/3.0.2-RELEASE/dwr-3.0.2-RELEASE.jar/org/directwebremoting/dwr-bayeux.js
MD5: 1d0218f8604405115d37b955561240aa
SHA1: eaabe3b2ef0a2cd47e845bbf416c2297da9f40c1
SHA256:4b39b2111b5f8c2c16f7b3b6438f22d42f88c7b643d4a106d7b06d1424121edc
Referenced In Projects/Scopes:

  • Struts 2 DWR Plugin:compile
  • Struts 2 Showcase Webapp:compile
  • Struts 2 Assembly:compile

Identifiers

  • None

dwr-3.0.2-RELEASE.jar: engine.js

File Path: /Users/lukaszlenart/.m2/repository/org/directwebremoting/dwr/3.0.2-RELEASE/dwr-3.0.2-RELEASE.jar/org/directwebremoting/engine.js
MD5: 880f6c8c33b796d048d932fa7b4f9e94
SHA1: 244eb828dcf0d621deb664b7f90963bc82a4fcfb
SHA256:9f71097605e6cae7b47a784c4c33e7c6b179e077cc1d450f09ac3082c186f27f
Referenced In Projects/Scopes:

  • Struts 2 DWR Plugin:compile
  • Struts 2 Showcase Webapp:compile
  • Struts 2 Assembly:compile

Identifiers

  • None

dwr-3.0.2-RELEASE.jar: util.js

File Path: /Users/lukaszlenart/.m2/repository/org/directwebremoting/dwr/3.0.2-RELEASE/dwr-3.0.2-RELEASE.jar/org/directwebremoting/ui/servlet/util.js
MD5: 2ed867dc9aafda518ac0302e88c33ab9
SHA1: 1c5a03a0b276cf94dc8dfd2ed884a2bdbe963abd
SHA256:e4888d93d1712843369add2382ef4aee36bff6e34edf0bf1609e64ddfc51dacb
Referenced In Projects/Scopes:

  • Struts 2 DWR Plugin:compile
  • Struts 2 Showcase Webapp:compile
  • Struts 2 Assembly:compile

Identifiers

  • None

freemarker-2.3.30.jar

Description:

    FreeMarker is a "template engine"; a generic tool to generate text output based on templates.
  

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/lukaszlenart/.m2/repository/org/freemarker/freemarker/2.3.30/freemarker-2.3.30.jar
MD5: e702848d716f17cd39fabfe2415e104e
SHA1: 86d70d335c7821178f62b554aa3a4bc538a94f1a
SHA256:6586433d90957c0b05a32bce07c71e8cebcea6afbea2e043bfe0c576c4d94338
Referenced In Projects/Scopes:
  • Struts 2 Pell Multipart Plugin:compile
  • Struts 2 Rest Showcase Webapp:compile
  • Struts 2 Webapps:compile
  • Struts 2 Plexus Plugin:compile
  • Struts 2 JSON Plugin:compile
  • DEPRECATED: Struts 2 Embedded JSP Plugin:compile
  • Struts 2 Bean Validation Plugin:compile
  • Struts 2 Java Templates Plugin:compile
  • Struts 2 Async Plugin:compile
  • Struts 2 Convention Plugin:compile
  • Struts 2 CDI Plugin:compile
  • Struts 2 Portlet Plugin:compile
  • Struts 2 Plugins:compile
  • Struts 2 Showcase Webapp:compile
  • Struts 2 Tiles Plugin:compile
  • Struts 2 Spring Plugin:compile
  • Struts 2 Assembly:compile
  • Struts 2 OSGi Plugin:compile
  • Struts 2 GXP Plugin:compile
  • Struts 2 OVal Plugin:compile
  • Struts 2 JUnit Plugin:compile
  • Struts 2 OSGi Bundles:compile
  • Struts 2 OSGi Demo Bundle:compile
  • Struts 2 REST Plugin:compile
  • Struts 2 Velocity Plugin:compile
  • Struts 2 OSGi Admin Bundle:compile
  • Struts 2 Portlet Mocks Plugin:compile
  • Struts 2 Configuration Browser Plugin:compile
  • Struts 2 Jasper Reports Plugin:compile
  • Struts 2 Sitemesh Plugin:compile
  • Struts 2 DWR Plugin:compile
  • Struts 2 TestNG Plugin:compile
  • Struts 2 JFreeChart Plugin:compile
  • Struts 2 Core:compile
  • Struts 2 Portlet Tiles Plugin:compile

Identifiers

google-collections-1.0.jar

Description:

Google Collections Library is a suite of new collections and collection-related goodness for Java 5.0

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/lukaszlenart/.m2/repository/com/google/collections/google-collections/1.0/google-collections-1.0.jar
MD5: 7c882c8d734e50112000e4a88e06c535
SHA1: 9ffe71ac6dcab6bc03ea13f5c2e7b2804e69b357
SHA256:81b8d638af0083c4b877099d56aa0fee714485cd2ace1b6a09cab867cadb375d
Referenced In Projects/Scopes:
  • Struts 2 Assembly:compile
  • Struts 2 GXP Plugin:compile

Identifiers

google-gxp-0.2.4-beta.jar

Description:

Google XML Pages (GXP) is a templating system used to generate XML/SGML markup (most often HTML).

File Path: /Users/lukaszlenart/.m2/repository/com/google/gxp/google-gxp/0.2.4-beta/google-gxp-0.2.4-beta.jar
MD5: 9ccdb925731dab69eec49b1881a0794a
SHA1: b80c7c780973ffd5eac63de301eb6a05035aeb46
SHA256:ba6be4e0203e8e303569f1dfaf4624b90f7cecbe44c1bb391cc94f3365b4ec33
Referenced In Projects/Scopes:

  • Struts 2 Assembly:compile
  • Struts 2 GXP Plugin:compile

Identifiers

guava-19.0.jar

Description:

    Guava is a suite of core and expanded libraries that include
    utility classes, google's collections, io classes, and much
    much more.

    Guava has only one code dependency - javax.annotation,
    per the JSR-305 spec.
  

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/lukaszlenart/.m2/repository/com/google/guava/guava/19.0/guava-19.0.jar
MD5: 43bfc49bdc7324f6daaa60c1ee9f3972
SHA1: 6ce200f6b23222af3d8abb6b6459e6c44f4bb0e9
SHA256:58d4cc2e05ebb012bbac568b032f75623be1cb6fb096f3c60c72a86f7f057de4
Referenced In Projects/Scopes:
  • Struts 2 Assembly:compile
  • Struts 2 Core:compile

Identifiers

CVE-2018-10237  

Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable.
CWE-502 Deserialization of Untrusted Data

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: MEDIUM (5.9)
  • Vector: /AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

guice-4.1.0-no_aop.jar

Description:

Guice is a lightweight dependency injection framework for Java 6 and above

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/lukaszlenart/.m2/repository/com/google/inject/guice/4.1.0/guice-4.1.0-no_aop.jar
MD5: 8cf17838fd9407bc2c8c39ddf027008f
SHA1: faf9ee8ac09eafd1128091426dd367a8c0085d55
SHA256:9264c6931c431e928dc64adc842584d5f57d17b2f3aff29221f2b3fdea673dad
Referenced In Projects/Scopes:
  • Struts 2 Assembly:compile
  • Struts 2 Core:compile

Identifiers

hamcrest-core-1.3.jar

Description:

    This is the core API of hamcrest matcher framework to be used by third-party framework providers. This includes the a foundation set of matcher implementations for common operations.
  

File Path: /Users/lukaszlenart/.m2/repository/org/hamcrest/hamcrest-core/1.3/hamcrest-core-1.3.jar
MD5: 6393363b47ddcbba82321110c3e07519
SHA1: 42a25dc3219429f0e5d060061f71acb49bf010a0
SHA256:66fdef91e9739348df7a096aa384a5685f4e875584cce89386a7a47251c4d8e9
Referenced In Projects/Scopes:

  • Struts 2 JUnit Plugin:compile
  • Struts 2 OSGi Bundles:compile
  • Struts 2 Portlet Plugin:compile
  • Struts 2 OSGi Demo Bundle:compile
  • Struts 2 OSGi Admin Bundle:compile
  • Struts 2 Assembly:compile
  • Struts 2 Core:compile

Identifiers

hibernate-validator-6.1.2.Final.jar

Description:

Hibernate's Jakarta Bean Validation reference implementation.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/lukaszlenart/.m2/repository/org/hibernate/validator/hibernate-validator/6.1.2.Final/hibernate-validator-6.1.2.Final.jar
MD5: a9ae13cc5273d0149573f9879d9555a4
SHA1: 7710ee9f1aa2210d401947d1298c8bdcbeff2f1e
SHA256:bafec3d83fa838d2b54fc0c9e54818218320175e6a3b48b0bf5169c4634ad222
Referenced In Project/Scope:Struts 2 Showcase Webapp:compile

Identifiers

inputtransferselect.js

File Path: /Users/lukaszlenart/Projects/Apache/struts/core/src/main/resources/org/apache/struts2/static/inputtransferselect.js
MD5: 2955e039eab5ef8216705c05d239f378
SHA1: 94316238b9eb45a97e2547fa66881cca27a5b6ee
SHA256:e5ef24f60cfb27a88880ee89ba6eb4664bbebe0c32d3dc1ce385cbe6d8b01194
Referenced In Project/Scope:Struts 2 Core

Identifiers

  • None

jackson-core-2.10.3.jar

Description:

Core Jackson processing abstractions (aka Streaming API), implementation for JSON

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/lukaszlenart/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.10.3/jackson-core-2.10.3.jar
MD5: 8f84e33a1c06b8fd16b4166b9fc8331b
SHA1: f7ee7b55c7d292ac72fbaa7648c089f069c938d2
SHA256:fb185f7e6ecba1e2b4803788d278faa023312ca6d3109b2fa146d9e0435a9494
Referenced In Projects/Scopes:
  • Struts 2 Rest Showcase Webapp:compile
  • Struts 2 REST Plugin:compile
  • Struts 2 Assembly:compile

Identifiers

jackson-databind-2.10.3.jar

Description:

General data-binding functionality for Jackson: works on core streaming API

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/lukaszlenart/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.3/jackson-databind-2.10.3.jar
MD5: f96c78787ea2830e8dfd3a5a66c4f664
SHA1: aae92628b5447fa25af79871ca98668da6edd439
SHA256:50eec40443f387be50a409186165298aaadbb6c4d4826d319720e245714600d2
Referenced In Projects/Scopes:
  • Struts 2 Rest Showcase Webapp:compile
  • Struts 2 REST Plugin:compile
  • Struts 2 Assembly:compile

Identifiers

jakarta.activation-api-1.2.1.jar

Description:

JavaBeans Activation Framework API jar

License:

http://www.eclipse.org/org/documents/edl-v10.php
File Path: /Users/lukaszlenart/.m2/repository/jakarta/activation/jakarta.activation-api/1.2.1/jakarta.activation-api-1.2.1.jar
MD5: 9b647398add993324d3d9e5effa6005a
SHA1: 562a587face36ec7eff2db7f2fc95425c6602bc1
SHA256:8b0a0f52fa8b05c5431921a063ed866efaa41dadf2e3a7ee3e1961f2b0d9645b
Referenced In Projects/Scopes:
  • Struts 2 Rest Showcase Webapp:compile
  • Struts 2 REST Plugin:compile

Identifiers

jakarta.validation-api-2.0.2.jar

Description:

        Jakarta Bean Validation API
    

License:

Apache License 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/lukaszlenart/.m2/repository/jakarta/validation/jakarta.validation-api/2.0.2/jakarta.validation-api-2.0.2.jar
MD5: 77501d529c1928c9bac2500cc9f93fb0
SHA1: 5eacc6522521f7eacb081f95cee1e231648461e7
SHA256:b42d42428f3d922c892a909fa043287d577c0c5b165ad9b7d568cebf87fc9ea4
Referenced In Project/Scope:Struts 2 Showcase Webapp:compile

Identifiers

jakarta.xml.bind-api-2.3.2.jar

Description:

JAXB (JSR 222) API

License:

http://www.eclipse.org/org/documents/edl-v10.php
File Path: /Users/lukaszlenart/.m2/repository/jakarta/xml/bind/jakarta.xml.bind-api/2.3.2/jakarta.xml.bind-api-2.3.2.jar
MD5: dabb40ba58199304c640b7bd8bb2fbac
SHA1: 8d49996a4338670764d7ca4b85a1c4ccf7fe665d
SHA256:69156304079bdeed9fc0ae3b39389f19b3cc4ba4443bc80508995394ead742ea
Referenced In Projects/Scopes:
  • Struts 2 Rest Showcase Webapp:compile
  • Struts 2 REST Plugin:compile

Identifiers

javassist-3.24.1-GA.jar

Description:

  	Javassist (JAVA programming ASSISTant) makes Java bytecode manipulation
    simple.  It is a class library for editing bytecodes in Java.
  

License:

MPL 1.1: http://www.mozilla.org/MPL/MPL-1.1.html
LGPL 2.1: http://www.gnu.org/licenses/lgpl-2.1.html
Apache License 2.0: http://www.apache.org/licenses/
File Path: /Users/lukaszlenart/.m2/repository/org/javassist/javassist/3.24.1-GA/javassist-3.24.1-GA.jar
MD5: 527cebd64b0f941d5058bae3d1726d06
SHA1: 921b466d6a14a8edbe25923c973fd767fc71c045
SHA256:5d57ea5b0ec8cb46143dfe521f888b208028be126f274cc4f852e641755f1553
Referenced In Projects/Scopes:
  • Struts 2 Pell Multipart Plugin:compile
  • Struts 2 Rest Showcase Webapp:compile
  • Struts 2 Webapps:compile
  • Struts 2 Plexus Plugin:compile
  • Struts 2 JSON Plugin:compile
  • DEPRECATED: Struts 2 Embedded JSP Plugin:compile
  • Struts 2 Bean Validation Plugin:compile
  • Struts 2 Java Templates Plugin:compile
  • Struts 2 Async Plugin:compile
  • Struts 2 Convention Plugin:compile
  • Struts 2 CDI Plugin:compile
  • Struts 2 Portlet Plugin:compile
  • Struts 2 Plugins:compile
  • Struts 2 Showcase Webapp:compile
  • Struts 2 Tiles Plugin:compile
  • Struts 2 Spring Plugin:compile
  • Struts 2 Assembly:compile
  • Struts 2 OSGi Plugin:compile
  • Struts 2 GXP Plugin:compile
  • Struts 2 OVal Plugin:compile
  • Struts 2 JUnit Plugin:compile
  • Struts 2 OSGi Bundles:compile
  • Struts 2 OSGi Demo Bundle:compile
  • Struts 2 REST Plugin:compile
  • Struts 2 Velocity Plugin:compile
  • Struts 2 OSGi Admin Bundle:compile
  • Struts 2 Portlet Mocks Plugin:compile
  • Struts 2 Configuration Browser Plugin:compile
  • Struts 2 Jasper Reports Plugin:compile
  • Struts 2 Sitemesh Plugin:compile
  • Struts 2 DWR Plugin:compile
  • Struts 2 TestNG Plugin:compile
  • Struts 2 JFreeChart Plugin:compile
  • Struts 2 Core:compile
  • Struts 2 Portlet Tiles Plugin:compile

Identifiers

javax.el-3.0.1-b11.jar

Description:

Expression Language 3.0 API and Implementation

License:

CDDL + GPLv2 with classpath exception: https://glassfish.dev.java.net/nonav/public/CDDL+GPL.html
File Path: /Users/lukaszlenart/.m2/repository/org/glassfish/javax.el/3.0.1-b11/javax.el-3.0.1-b11.jar
MD5: e854ef1c5ef4cd1c11a8b230040372f2
SHA1: cca8438407af01056d83830ba7392efc18544347
SHA256:2e95f03b75d2bb9fccf58dc1d28dd3b11d384fdc75a4654f64a2e27492acc2bc
Referenced In Project/Scope:Struts 2 Tiles Plugin:compile

Identifiers

javax.inject-1.jar

Description:

The javax.inject API

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/lukaszlenart/.m2/repository/javax/inject/javax.inject/1/javax.inject-1.jar
MD5: 289075e48b909e9e74e6c915b3631d2e
SHA1: 6975da39a7040257bd51d21a231b76c915872d38
SHA256:91c77044a50c481636c32d916fd89c9118a72195390452c81065080f957de7ff
Referenced In Projects/Scopes:
  • Struts 2 Assembly:compile
  • Struts 2 Core:compile

Identifiers

jboss-logging-3.3.2.Final.jar

Description:

The JBoss Logging Framework

License:

Apache License, version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/lukaszlenart/.m2/repository/org/jboss/logging/jboss-logging/3.3.2.Final/jboss-logging-3.3.2.Final.jar
MD5: c397132f958d7e8ac0d566b6723ca7ca
SHA1: 3789d00e859632e6c6206adc0c71625559e6e3b0
SHA256:cb914bfe888da7d9162e965ac8b0d6f28f2f32eca944a00fbbf6dd3cf1aacc13
Referenced In Project/Scope:Struts 2 Showcase Webapp:compile

Identifiers

jcl-over-slf4j-1.7.6.jar

Description:

JCL 1.1.1 implemented over SLF4J

File Path: /Users/lukaszlenart/.m2/repository/org/slf4j/jcl-over-slf4j/1.7.6/jcl-over-slf4j-1.7.6.jar
MD5: 0cebfe147c0ff0b38930db24e576bdd4
SHA1: ab1648fe1dd6f1e5c2ec6d12f394672bb8c1036a
SHA256:d52f5e9a861f4e124ec43d711b566b4c2afe6e0709b490497fb9ca33e1ca0ba5
Referenced In Projects/Scopes:

  • Struts 2 Showcase Webapp:compile
  • Struts 2 Tiles Plugin:compile
  • Struts 2 Assembly:compile
  • Struts 2 Portlet Tiles Plugin:compile

Identifiers

jcommander-1.48.jar

Description:

A Java framework to parse command line options with annotations.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/lukaszlenart/.m2/repository/com/beust/jcommander/1.48/jcommander-1.48.jar
MD5: 7a84fb4b01f46c904bd549e67e6c48a1
SHA1: bfcb96281ea3b59d626704f74bc6d625ff51cbce
SHA256:a7313fcfde070930e40ec79edf3c5948cf34e4f0d25cb3a09f9963d8bdd84113
Referenced In Project/Scope:Struts 2 TestNG Plugin:compile

Identifiers

jcommander-1.72.jar

Description:

Command line parsing

License:

Apache 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: /Users/lukaszlenart/.m2/repository/com/beust/jcommander/1.72/jcommander-1.72.jar
MD5: 9fde6bc0ba1032eceb7267fd1ad1657b
SHA1: 6375e521c1e11d6563d4f25a07ce124ccf8cd171
SHA256:e0de160b129b2414087e01fe845609cd55caec6820cfd4d0c90fabcc7bdb8c1e
Referenced In Projects/Scopes:
  • Struts 2 Assembly:compile
  • Struts 2 Core:compile

Identifiers

jquery-1.3.2.min.js

File Path: /Users/lukaszlenart/Projects/Apache/struts/bundles/admin/src/main/resources/static/js/jquery-1.3.2.min.js
MD5: bb381e2d19d8eace86b34d20759491a5
SHA1: 3dc9f7c2642efff4482e68c9d9df874bf98f5bcb
SHA256:c8370a2d050359e9d505acc411e6f457a49b21360a21e6cbc9229bad3a767899
Referenced In Project/Scope:Struts 2 OSGi Admin Bundle

Identifiers

CVE-2011-4969  

Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:jquery:jquery:1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (including) 1.6.2
  • cpe:2.3:a:jquery:jquery:1.6.1:*:*:*:*:*:*:*

CVE-2012-6708  

jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 1.9.0

CVE-2019-11358  

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.5.0; versions up to (excluding) 8.5.15
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.6.0; versions up to (excluding) 8.6.15
  • cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.66
  • cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.12.0; versions up to (excluding) 1.12.6
  • cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.11.0; versions up to (excluding) 1.11.9

Regex in its jQuery.htmlPrefilter sometimes may introduce XSS (RETIREJS)  

Regex in its jQuery.htmlPrefilter  sometimes may introduce XSS
Unscored:
  • Severity: medium

References:

jquery-2.1.4.min.js

File Path: /Users/lukaszlenart/Projects/Apache/struts/apps/showcase/src/main/webapp/js/jquery-2.1.4.min.js
MD5: f9c7afd05729f10f55b689f36bb20172
SHA1: 43dc554608df885a59ddeece1598c6ace434d747
SHA256:f16ab224bb962910558715c82f58c10c3ed20f153ddfaa199029f141b5b0255c
Referenced In Project/Scope:Struts 2 Showcase Webapp

Identifiers

CVE-2015-9251  

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:oracle:healthcare_foundation:7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_workforce_management_software:1.64.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:* versions from (including) 8.0.5; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:retail_workforce_management_software:1.60.9:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:endeca_information_discovery_studio:3.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:webcenter_sites:11.1.1.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.6
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:siebel_ui_framework:18.10:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_reporting_and_analytics:9.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.6
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:real-time_scheduler:2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_sales_audit:15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:* versions from (including) 4.3.0.1; versions up to (including) 4.3.0.4
  • cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:utilities_mobile_workforce_management:2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_cruise_fleet_management:9.0.11:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 3.0.0
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.0; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.1; versions up to (including) 17.12
  • cpe:2.3:a:oracle:siebel_ui_framework:18.11:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:retail_allocation:15.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_invoice_matching:15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:oss_support_tools:19.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:* versions up to (excluding) 7.2
  • cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:enterprise_operations_monitor:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_operations_monitor:3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:* versions up to (excluding) 7.0.0.1
  • cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:* versions up to (excluding) 6.1.0.4.0
  • cpe:2.3:a:oracle:jdeveloper:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 7.3.3; versions up to (including) 7.3.5
  • cpe:2.3:a:oracle:business_process_management_suite:11.1.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.1:*:*:*:*:*:*:*

CVE-2019-11358  

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.5.0; versions up to (excluding) 8.5.15
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.6.0; versions up to (excluding) 8.6.15
  • cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.66
  • cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.12.0; versions up to (excluding) 1.12.6
  • cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.11.0; versions up to (excluding) 1.11.9

Regex in its jQuery.htmlPrefilter sometimes may introduce XSS (RETIREJS)  

Regex in its jQuery.htmlPrefilter  sometimes may introduce XSS
Unscored:
  • Severity: medium

References:

jquery-ui-1.7.1.custom.min.js

File Path: /Users/lukaszlenart/Projects/Apache/struts/bundles/admin/src/main/resources/static/js/jquery-ui-1.7.1.custom.min.js
MD5: 5da7deb0932b5b5fe9c36e1bebcc6300
SHA1: 787cc9fd60ba3088b95f15e75d8803e490753db9
SHA256:2aa861bed5e622947c75e1736023f60a6072ac46e3cda1715335100e92ea79b0
Referenced In Project/Scope:Struts 2 OSGi Admin Bundle

Identifiers

  • None

jshint.conf.js

File Path: /Users/lukaszlenart/Projects/Apache/struts/core/src/main/resources/jshint.conf.js
MD5: 7b7c2d7894e972b45298ea8d533008d7
SHA1: 5a88e8d212d51cdc3ac0305978dfc483ce25fa25
SHA256:15942ecb04925afc65666d3d8f758ed0e65f90f7b5faec2b7381e29e397200c6
Referenced In Project/Scope:Struts 2 Core

Identifiers

  • None

json-simple-3.0.2.jar

Description:

Java 7+ toolkit to quickly develop RFC 4627 JSON compatible applications.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/lukaszlenart/.m2/repository/com/github/cliftonlabs/json-simple/3.0.2/json-simple-3.0.2.jar
MD5: 148c0d1bdc1bcb24394627d6930ee9ad
SHA1: 2337afdb06134a12fc0239299c3ceb2e9c209516
SHA256:fda65a9ad0e1ac0c88987106e89aa4d8b2a2495e7e042371efa83813f65b7295
Referenced In Projects/Scopes:
  • Struts 2 JUnit Plugin:compile
  • Struts 2 Rest Showcase Webapp:compile
  • Struts 2 OSGi Demo Bundle:compile
  • Struts 2 Velocity Plugin:compile
  • Struts 2 OSGi Admin Bundle:compile
  • Struts 2 Configuration Browser Plugin:compile
  • DEPRECATED: Struts 2 Embedded JSP Plugin:compile
  • Struts 2 Sitemesh Plugin:compile
  • Struts 2 Portlet Plugin:compile
  • Struts 2 Showcase Webapp:compile
  • Struts 2 Assembly:compile
  • Struts 2 Portlet Tiles Plugin:compile
  • Struts 2 OSGi Plugin:compile

Identifiers

juneau-marshall-8.1.3.jar

Description:

Apache Juneau Marshall API

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/lukaszlenart/.m2/repository/org/apache/juneau/juneau-marshall/8.1.3/juneau-marshall-8.1.3.jar
MD5: ea60a00e21ed59dd8ad7b2b9b919c8a8
SHA1: f1e06cee7b3da2ba627166690765b0d6e6a3c104
SHA256:d0c5dbf783581a767e857341daff6928d5a76a1627b7980a8b34622ee522995d
Referenced In Project/Scope:Struts 2 REST Plugin:compile

Identifiers

junit-4.13.jar

Description:

JUnit is a unit testing framework for Java, created by Erich Gamma and Kent Beck.

License:

Eclipse Public License 1.0: http://www.eclipse.org/legal/epl-v10.html
File Path: /Users/lukaszlenart/.m2/repository/junit/junit/4.13/junit-4.13.jar
MD5: 5da6445d7b80aba2623e73d4561dcfde
SHA1: e49ccba652b735c93bd6e6f59760d8254cf597dd
SHA256:4b8532f63bdc0e0661507f947eb324a954d1dbac631ad19c8aa9a00feed1d863
Referenced In Projects/Scopes:
  • Struts 2 JUnit Plugin:compile
  • Struts 2 OSGi Bundles:compile
  • Struts 2 Portlet Plugin:compile
  • Struts 2 OSGi Demo Bundle:compile
  • Struts 2 OSGi Admin Bundle:compile
  • Struts 2 Assembly:compile
  • Struts 2 Core:compile

Identifiers

log4j-core-2.13.1.jar

Description:

The Apache Log4j Implementation

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/lukaszlenart/.m2/repository/org/apache/logging/log4j/log4j-core/2.13.1/log4j-core-2.13.1.jar
MD5: d365e48221414f93feef093a1bf607ef
SHA1: 533f6ae0bb0ce091493f2eeab0c1df4327e46ef1
SHA256:88ebd503b35a0debe18c2707db9de33a8c6d96491270b7f02dd086b8072426b2
Referenced In Projects/Scopes:
  • Struts 2 Rest Showcase Webapp:compile
  • Struts 2 Showcase Webapp:compile

Identifiers

ognl-3.2.14.jar

Description:

OGNL - Object Graph Navigation Library

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/lukaszlenart/.m2/repository/ognl/ognl/3.2.14/ognl-3.2.14.jar
MD5: 0baa4d72fcb508e100c821518e5cdf19
SHA1: 18178dd7cfcb8b81c262c072b60a5bf701073917
SHA256:02da5bd743cbaab1ebb61a17844b122f52cc69d10b23a8e3356f55c1e6988e71
Referenced In Projects/Scopes:
  • Struts 2 Pell Multipart Plugin:compile
  • Struts 2 Rest Showcase Webapp:compile
  • Struts 2 Webapps:compile
  • Struts 2 Plexus Plugin:compile
  • Struts 2 JSON Plugin:compile
  • DEPRECATED: Struts 2 Embedded JSP Plugin:compile
  • Struts 2 Bean Validation Plugin:compile
  • Struts 2 Java Templates Plugin:compile
  • Struts 2 Async Plugin:compile
  • Struts 2 Convention Plugin:compile
  • Struts 2 CDI Plugin:compile
  • Struts 2 Portlet Plugin:compile
  • Struts 2 Plugins:compile
  • Struts 2 Showcase Webapp:compile
  • Struts 2 Tiles Plugin:compile
  • Struts 2 Spring Plugin:compile
  • Struts 2 Assembly:compile
  • Struts 2 OSGi Plugin:compile
  • Struts 2 GXP Plugin:compile
  • Struts 2 OVal Plugin:compile
  • Struts 2 JUnit Plugin:compile
  • Struts 2 OSGi Bundles:compile
  • Struts 2 OSGi Demo Bundle:compile
  • Struts 2 REST Plugin:compile
  • Struts 2 Velocity Plugin:compile
  • Struts 2 OSGi Admin Bundle:compile
  • Struts 2 Portlet Mocks Plugin:compile
  • Struts 2 Configuration Browser Plugin:compile
  • Struts 2 Jasper Reports Plugin:compile
  • Struts 2 Sitemesh Plugin:compile
  • Struts 2 DWR Plugin:compile
  • Struts 2 TestNG Plugin:compile
  • Struts 2 JFreeChart Plugin:compile
  • Struts 2 Core:compile
  • Struts 2 Portlet Tiles Plugin:compile

Identifiers

optiontransferselect.js

File Path: /Users/lukaszlenart/Projects/Apache/struts/core/src/main/resources/org/apache/struts2/static/optiontransferselect.js
MD5: f4194635b442cd6a9354132eb1f5c544
SHA1: 51fd3c3d66bed260a48bcc1bc9f56c799acab501
SHA256:2028278976d9adfaa90186556cca99bbd476df3818155161d877272b738cc762
Referenced In Project/Scope:Struts 2 Core

Identifiers

  • None

org.apache.felix.framework-6.0.3.jar

Description:

OSGi R7 framework implementation.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/lukaszlenart/.m2/repository/org/apache/felix/org.apache.felix.framework/6.0.3/org.apache.felix.framework-6.0.3.jar
MD5: e6fc3ecee260635dd538dca901a9d59c
SHA1: 18d02dd467607cb61a8cf77c1847a733a417da76
SHA256:817563ea7baae979e288f76c9d0531d90fd0f6ad287578d80adba81fd71469ac
Referenced In Projects/Scopes:
  • Struts 2 OSGi Demo Bundle:compile
  • Struts 2 OSGi Admin Bundle:compile
  • Struts 2 Assembly:compile
  • Struts 2 OSGi Plugin:compile

Identifiers

org.apache.felix.main-6.0.3.jar

Description:

OSGi R6 framework.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/lukaszlenart/.m2/repository/org/apache/felix/org.apache.felix.main/6.0.3/org.apache.felix.main-6.0.3.jar
MD5: 913efb471f201c4692c469ef13a2fe3b
SHA1: 9a6cbba44a72bb04411edf8b154c862e27209e8a
SHA256:9bfa481d52b1d7724bcdebfd8cca7b17d75b35ebc04aa44b705bf47fbd322f3f
Referenced In Projects/Scopes:
  • Struts 2 OSGi Demo Bundle:compile
  • Struts 2 OSGi Admin Bundle:compile
  • Struts 2 Assembly:compile
  • Struts 2 OSGi Plugin:compile

Identifiers

org.apache.felix.shell-1.4.3.jar

Description:

A simple OSGi command shell service.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/lukaszlenart/.m2/repository/org/apache/felix/org.apache.felix.shell/1.4.3/org.apache.felix.shell-1.4.3.jar
MD5: 96087ecf21dd1e9824193439fbe57dff
SHA1: 649b5b55c6c5388654eee75706f1258e1e307ddb
SHA256:c53e2f82de7c427b63dbbf911b8b890386f4ab1238d6cfe8945b10f01dd8aa04
Referenced In Projects/Scopes:
  • Struts 2 OSGi Demo Bundle:compile
  • Struts 2 OSGi Admin Bundle:compile
  • Struts 2 Assembly:compile
  • Struts 2 OSGi Plugin:compile

Identifiers

org.apache.felix.shell.tui-1.4.1.jar

Description:

A simple textual user interface for Felix' shell service.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/lukaszlenart/.m2/repository/org/apache/felix/org.apache.felix.shell.tui/1.4.1/org.apache.felix.shell.tui-1.4.1.jar
MD5: bf656be67e35a832a4d07cf88bfeef6b
SHA1: 7184b6c9089ffcfb0da269a2cd50ce386f5dc335
SHA256:87c42aea8a6b6e2fd7ece9eaea855f83c51eba76f6636a9602ca94b20045c69a
Referenced In Projects/Scopes:
  • Struts 2 OSGi Demo Bundle:compile
  • Struts 2 OSGi Admin Bundle:compile
  • Struts 2 Assembly:compile
  • Struts 2 OSGi Plugin:compile

Identifiers

org.osgi.compendium-4.0.0.jar

File Path: /Users/lukaszlenart/.m2/repository/org/osgi/org.osgi.compendium/4.0.0/org.osgi.compendium-4.0.0.jar
MD5: c8d708edb0a365a4a0ff63b9fcf74e38
SHA1: 70d04381dfa21ddb4f1fd82e1f62623632890b48
SHA256:ba23461e878cff259ef958f0b739e4f423fe1566ab1c02c21927991ecf95ad72
Referenced In Projects/Scopes:

  • Struts 2 OSGi Demo Bundle:compile
  • Struts 2 OSGi Admin Bundle:compile
  • Struts 2 Assembly:compile
  • Struts 2 OSGi Plugin:compile

Identifiers

org.osgi.core-4.3.1.jar

Description:

    OSGi Service Platform Release 4 Version 4.3, Core Interfaces
     and Classes for use in compiling bundles.
  

License:

        Apache License, Version 2.0
      : 
        http://opensource.org/licenses/apache2.0.php
      
File Path: /Users/lukaszlenart/.m2/repository/org/osgi/org.osgi.core/4.3.1/org.osgi.core-4.3.1.jar
MD5: 8053bbc1b55d51f5abae005625209d08
SHA1: 5458ffe2ba049e76c29f2df2dc3ffccddf8b839e
SHA256:10dad99322b2081015749e2d21538a4a9bc4cb3699d3b7b41ce452a544b09abe
Referenced In Projects/Scopes:
  • Struts 2 OSGi Demo Bundle:compile
  • Struts 2 OSGi Admin Bundle:compile
  • Struts 2 Assembly:compile
  • Struts 2 OSGi Plugin:compile

Identifiers

oval-1.90.jar

Description:

OVal is a pragmatic and extensible validation framework for any kind of Java objects (not only JavaBeans).

Constraints can be declared with annotations (@NotNull, @MaxLength), POJOs or XML.

Custom constraints can be expressed as custom Java classes or by using scripting languages such as JavaScript, Groovy, BeanShell, OGNL or MVEL.

Besides field/property validation OVal implements Programming by Contract features by utilizing AspectJ based aspects. This for example allows runtime validation of method arguments.

License:

Eclipse Public License 1.0: http://www.spdx.org/licenses/EPL-1.0
File Path: /Users/lukaszlenart/.m2/repository/net/sf/oval/oval/1.90/oval-1.90.jar
MD5: 356793921c338506b56bda9a113d2f4e
SHA1: 1827d5ad7c049ba0618c8c8f36ecced1db3e75b0
SHA256:b61418a77abb2c16dc2d7fc8146e50164a79415b22dc7e54553bd5376418b198
Referenced In Projects/Scopes:
  • Struts 2 Assembly:compile
  • Struts 2 OVal Plugin:compile

Identifiers

  • pkg:maven/net.sf.oval/oval@1.90  (Confidence:High)
  • cpe:2.3:a:apache:groovy:1.90:*:*:*:*:*:*:*  (Confidence:Low)  
  • cpe:2.3:a:apache:log4j:1.90:*:*:*:*:*:*:*  (Confidence:Low)  
  • cpe:2.3:a:jruby:jruby:1.90:*:*:*:*:*:*:*  (Confidence:Low)  
  • cpe:2.3:a:xstream_project:xstream:1.90:*:*:*:*:*:*:*  (Confidence:Low)  

CVE-2016-6497  

main/java/org/apache/directory/groovyldap/LDAP.java in the Groovy LDAP API in Apache allows attackers to conduct LDAP entry poisoning attacks by leveraging setting returnObjFlag to true for all search methods.
CWE-254 7PK - Security Features

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:N
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

Vulnerable Software & Versions:

CVE-2016-6814  

When an application with unsupported Codehaus versions of Groovy from 1.7.0 to 2.4.3, Apache Groovy 2.4.4 to 2.4.7 on classpath uses standard Java serialization mechanisms, e.g. to communicate between servers or to store local data, it was possible for an attacker to bake a special serialized object that will execute code directly when deserialized. All applications which rely on serialization and do not isolate the code which deserializes objects were subject to this vulnerability.
CWE-502 Deserialization of Untrusted Data

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

plexus-container-default-1.0-alpha-10.jar

File Path: /Users/lukaszlenart/.m2/repository/org/codehaus/plexus/plexus-container-default/1.0-alpha-10/plexus-container-default-1.0-alpha-10.jar
MD5: 110aaa0c629787cb95e1137bd7ad4b93
SHA1: 575e5663d175c8f112f654bc2f2a3db4077c74e0
SHA256:25b0e6c0c5b2b2b5be3d3d228020abd4fb5b438ddbf11c352674ba9637d576ad
Referenced In Projects/Scopes:

  • Struts 2 Plexus Plugin:compile
  • Struts 2 Assembly:compile

Identifiers

plexus-utils-1.2.jar

File Path: /Users/lukaszlenart/.m2/repository/org/codehaus/plexus/plexus-utils/1.2/plexus-utils-1.2.jar
MD5: 4e05dbd6dbfdf2e976921e80079f9d38
SHA1: 9756b92f7f380e4372d1e34f7d194bc0a5767849
SHA256:990608ac834a8762e9272c65404aeeee68325199b7eb10f63b22a06535fcb90c
Referenced In Projects/Scopes:

  • Struts 2 Plexus Plugin:compile
  • Struts 2 Assembly:compile

Identifiers

portlet-api-2.0.jar

Description:

The Java Portlet API version 2.0 developed by the Java Community Process JSR-286 Expert Group.

File Path: /Users/lukaszlenart/.m2/repository/javax/portlet/portlet-api/2.0/portlet-api-2.0.jar
MD5: 0ec08593cda1df33985391919996c740
SHA1: 1cd72f2a37fcf8ab9893a9468d7ba71c85fe2653
SHA256:c990cb5ece82f97e18847ab07fa1569d1dd5f80f166f27c979a075c60bb361d0
Referenced In Project/Scope:Struts 2 JUnit Plugin:compile

Identifiers

prettify.js

File Path: /Users/lukaszlenart/Projects/Apache/struts/apps/showcase/src/main/webapp/js/prettify.js
MD5: 709bfcc456c694bfe8ee86d184a1c360
SHA1: a4e5934397f97f79b8066984475c90af8a970a36
SHA256:e2e576e3bc607cd179ff511947010f645d3441a35313aec0dbd06c4437f83b77
Referenced In Project/Scope:Struts 2 Showcase Webapp

Identifiers

  • None

shell.js

File Path: /Users/lukaszlenart/Projects/Apache/struts/bundles/admin/src/main/resources/static/js/shell.js
MD5: ebed3f28e18db2fa1e37a1762758e020
SHA1: 23878d8bd360f9e2cda65720df197367b8a43b6d
SHA256:3c0007fc1d5003847131e9c18f976a79da5e01d7cda43839403d7dda067d500a
Referenced In Project/Scope:Struts 2 OSGi Admin Bundle

Identifiers

  • None

sitemesh-2.4.2.jar

Description:

SiteMesh is a web-page layout and decoration framework and web- application integration framework to aid in creating large sites consisting of many pages for which a consistent look/feel, navigation and layout scheme is required.

License:

The Apache Software License, Version 1.1: http://www.opensymphony.com/sitemesh/license.action
File Path: /Users/lukaszlenart/.m2/repository/opensymphony/sitemesh/2.4.2/sitemesh-2.4.2.jar
MD5: b9cd6bb5c6e34555ae430d9c2f2441ba
SHA1: 4cb3b08c96553b0f4595a80917838ca302f67f3f
SHA256:0d7933ae628a7198f8bb267e27f348f8cbe7c74083c25172dffaa0245b2bf056
Referenced In Projects/Scopes:
  • Struts 2 Showcase Webapp:compile
  • Struts 2 Assembly:compile
  • Struts 2 Sitemesh Plugin:compile

Identifiers

slf4j-api-1.7.30.jar

Description:

The slf4j API

File Path: /Users/lukaszlenart/.m2/repository/org/slf4j/slf4j-api/1.7.30/slf4j-api-1.7.30.jar
MD5: f8be00da99bc4ab64c79ab1e2be7cb7c
SHA1: b5a4b6d16ab13e34a88fae84c35cd5d68cac922c
SHA256:cdba07964d1bb40a0761485c6b1e8c2f8fd9eb1d19c53928ac0d7f9510105c57
Referenced In Projects/Scopes:

  • Struts 2 JUnit Plugin:compile
  • Struts 2 Rest Showcase Webapp:compile
  • Struts 2 OSGi Demo Bundle:compile
  • Struts 2 Velocity Plugin:compile
  • Struts 2 OSGi Admin Bundle:compile
  • Struts 2 Configuration Browser Plugin:compile
  • DEPRECATED: Struts 2 Embedded JSP Plugin:compile
  • Struts 2 Sitemesh Plugin:compile
  • Struts 2 Portlet Plugin:compile
  • Struts 2 Showcase Webapp:compile
  • Struts 2 Tiles Plugin:compile
  • Struts 2 Assembly:compile
  • Struts 2 Core:compile
  • Struts 2 Portlet Tiles Plugin:compile
  • Struts 2 OSGi Plugin:compile

Identifiers

slf4j-simple-1.7.30.jar

Description:

SLF4J Simple binding

File Path: /Users/lukaszlenart/.m2/repository/org/slf4j/slf4j-simple/1.7.30/slf4j-simple-1.7.30.jar
MD5: 6577a4799237b81bc9bdc153d6347c30
SHA1: e606eac955f55ecf1d8edcccba04eb8ac98088dd
SHA256:8b9279cbff6b9f88594efae3cf02039b6995030eec023ed43928748c41670fee
Referenced In Project/Scope:Struts 2 Core:compile

Identifiers

snakeyaml-1.21.jar

Description:

YAML 1.1 parser and emitter for Java

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/lukaszlenart/.m2/repository/org/yaml/snakeyaml/1.21/snakeyaml-1.21.jar
MD5: b16142890b39db3ff828085f56845b51
SHA1: 18775fdda48574784f40b47bf478ab0593f92e4d
SHA256:e43cb0683f70804b833dfaa5ac032ff14ba0c758d4a1e9eaeb6640515df83faf
Referenced In Projects/Scopes:
  • Struts 2 Assembly:compile
  • Struts 2 Core:compile

Identifiers

spring-core-4.3.26.RELEASE.jar

Description:

Spring Core

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /Users/lukaszlenart/.m2/repository/org/springframework/spring-core/4.3.26.RELEASE/spring-core-4.3.26.RELEASE.jar
MD5: ec39a4f76633c98bc4819e397355b8aa
SHA1: a8b090664504b833e2d5d1e6863138cee1239681
SHA256:70ae68ce99fdb11afaaac6487b39b59b7a8db6ecd5f8a2c01181b7b9c3b15a1d
Referenced In Projects/Scopes:
  • Struts 2 JUnit Plugin:compile
  • Struts 2 Portlet Plugin:compile
  • Struts 2 TestNG Plugin:compile
  • Struts 2 REST Plugin:compile
  • Struts 2 Portlet Mocks Plugin:compile
  • Struts 2 Showcase Webapp:compile
  • Struts 2 Spring Plugin:compile
  • Struts 2 Assembly:compile
  • Struts 2 Core:compile

Identifiers

stax2-api-4.2.jar

Description:

tax2 API is an extension to basic Stax 1.0 API that adds significant new functionality, such as full-featured bi-direction validation interface and high-performance Typed Access API.
  

License:

The BSD License: http://www.opensource.org/licenses/bsd-license.php
File Path: /Users/lukaszlenart/.m2/repository/org/codehaus/woodstox/stax2-api/4.2/stax2-api-4.2.jar
MD5: 5d22fe6dbb276d1fd6dab40c386a4f0a
SHA1: 13c2b30926bca0429c704c4b4ca0b5d0432b69cd
SHA256:badf6081a0bb526fd2c01951dfefad91b6846b6dd0eb0048587e30d1dd334e68
Referenced In Projects/Scopes:
  • Struts 2 Rest Showcase Webapp:compile
  • Struts 2 REST Plugin:compile

Identifiers

struts-annotations-1.0.7.jar

Description:

        struts-annotations adds annotations processor support for struts based annotated projects,
        such as TLD and documentation generation from annotated component classes as used in struts2
    

File Path: /Users/lukaszlenart/.m2/repository/org/apache/struts/struts-annotations/1.0.7/struts-annotations-1.0.7.jar
MD5: cde5d067c06bf2cd8fe0742d8c4d461e
SHA1: 3fe2a1266e5224b66ade1cc57b92b178023a4ae9
SHA256:f7dc6b8f8536bcf29bc1cbd58099c560f2313450340d2505686be214c5931cdd
Referenced In Project/Scope:Struts 2 Core:compile

Identifiers

struts2-core-2.6-SNAPSHOT.jar

Description:

Apache Struts 2

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/lukaszlenart/.m2/repository/org/apache/struts/struts2-core/2.6-SNAPSHOT/struts2-core-2.6-SNAPSHOT.jar
MD5: bdabb37e4b04f29f4ca390fa2aefce44
SHA1: 64a03701b6797529aaa7cb200f803b7b26c6bb3f
SHA256:e2932ae7ddfa0747221ea42a6d12263237248e3ab9c2ed12b162c13a06147183
Referenced In Projects/Scopes:
  • Struts 2 Pell Multipart Plugin:compile
  • Struts 2 Rest Showcase Webapp:compile
  • Struts 2 Webapps:compile
  • Struts 2 Plexus Plugin:compile
  • Struts 2 JSON Plugin:compile
  • DEPRECATED: Struts 2 Embedded JSP Plugin:compile
  • Struts 2 Bean Validation Plugin:compile
  • Struts 2 Java Templates Plugin:compile
  • Struts 2 Async Plugin:compile
  • Struts 2 Convention Plugin:compile
  • Struts 2 CDI Plugin:compile
  • Struts 2 Portlet Plugin:compile
  • Struts 2 Plugins:compile
  • Struts 2 Showcase Webapp:compile
  • Struts 2 Tiles Plugin:compile
  • Struts 2 Spring Plugin:compile
  • Struts 2 Assembly:compile
  • Struts 2 OSGi Plugin:compile
  • Struts 2 GXP Plugin:compile
  • Struts 2 OVal Plugin:compile
  • Struts 2 JUnit Plugin:compile
  • Struts 2 OSGi Bundles:compile
  • Struts 2 OSGi Demo Bundle:compile
  • Struts 2 REST Plugin:compile
  • Struts 2 Velocity Plugin:compile
  • Struts 2 OSGi Admin Bundle:compile
  • Struts 2 Portlet Mocks Plugin:compile
  • Struts 2 Configuration Browser Plugin:compile
  • Struts 2 Jasper Reports Plugin:compile
  • Struts 2 Sitemesh Plugin:compile
  • Struts 2 DWR Plugin:compile
  • Struts 2 TestNG Plugin:compile
  • Struts 2 JFreeChart Plugin:compile
  • Struts 2 Portlet Tiles Plugin:compile

Identifiers

struts2-tiles-plugin-2.6-SNAPSHOT.jar

Description:

Apache Struts 2

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/lukaszlenart/.m2/repository/org/apache/struts/struts2-tiles-plugin/2.6-SNAPSHOT/struts2-tiles-plugin-2.6-SNAPSHOT.jar
MD5: 0c238a18bdab872c5a7e411ed171d5e0
SHA1: d5c25e6adc63008d8c1e5c16031dcc18f66309bb
SHA256:3f0e78f14e25fbc7eef2ac66d70219b6b6bedd45feb36768a82ae1a33d05be6e
Referenced In Projects/Scopes:
  • Struts 2 Showcase Webapp:compile
  • Struts 2 Assembly:compile
  • Struts 2 Portlet Tiles Plugin:compile

Identifiers

testng-6.9.10.jar

Description:

Testing framework for Java

License:

Apache  Version 2.0, January 2004
File Path: /Users/lukaszlenart/.m2/repository/org/testng/testng/6.9.10/testng-6.9.10.jar
MD5: 83e26cb672a81f5bbda139436ef4d8d0
SHA1: 6feb3e964aeb7097aff30c372aac3ec0f8d87ede
SHA256:240ae7bbcf066aadff967b42a27a697693bf5a4e6a5ff4bf339b6bfe371288e4
Referenced In Project/Scope:Struts 2 TestNG Plugin:compile

Identifiers

testng-6.9.10.jar: jquery-1.7.1.min.js

File Path: /Users/lukaszlenart/.m2/repository/org/testng/testng/6.9.10/testng-6.9.10.jar/jquery-1.7.1.min.js
MD5: ddb84c1587287b2df08966081ef063bf
SHA1: 9eb9ac595e9b5544e2dc79fff7cd2d0b4b5ef71f
SHA256:88171413fc76dda23ab32baa17b11e4fff89141c633ece737852445f1ba6c1bd
Referenced In Project/Scope:Struts 2 TestNG Plugin:compile

Identifiers

CVE-2012-6708  

jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 1.9.0

CVE-2015-9251  

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:oracle:healthcare_foundation:7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_workforce_management_software:1.64.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:* versions from (including) 8.0.5; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:retail_workforce_management_software:1.60.9:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:endeca_information_discovery_studio:3.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:webcenter_sites:11.1.1.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.6
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:siebel_ui_framework:18.10:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_reporting_and_analytics:9.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.6
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:real-time_scheduler:2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_sales_audit:15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:* versions from (including) 4.3.0.1; versions up to (including) 4.3.0.4
  • cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:utilities_mobile_workforce_management:2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_cruise_fleet_management:9.0.11:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 3.0.0
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.0; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.1; versions up to (including) 17.12
  • cpe:2.3:a:oracle:siebel_ui_framework:18.11:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:retail_allocation:15.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_invoice_matching:15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:oss_support_tools:19.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:* versions up to (excluding) 7.2
  • cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:enterprise_operations_monitor:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_operations_monitor:3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:* versions up to (excluding) 7.0.0.1
  • cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:* versions up to (excluding) 6.1.0.4.0
  • cpe:2.3:a:oracle:jdeveloper:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 7.3.3; versions up to (including) 7.3.5
  • cpe:2.3:a:oracle:business_process_management_suite:11.1.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.1:*:*:*:*:*:*:*

CVE-2019-11358  

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.5.0; versions up to (excluding) 8.5.15
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.6.0; versions up to (excluding) 8.6.15
  • cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.66
  • cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.12.0; versions up to (excluding) 1.12.6
  • cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.11.0; versions up to (excluding) 1.11.9

Regex in its jQuery.htmlPrefilter sometimes may introduce XSS (RETIREJS)  

Regex in its jQuery.htmlPrefilter  sometimes may introduce XSS
Unscored:
  • Severity: medium

References:

testng-6.9.10.jar: testng-reports.js

File Path: /Users/lukaszlenart/.m2/repository/org/testng/testng/6.9.10/testng-6.9.10.jar/testng-reports.js
MD5: 4311beca6e78e253ebd35f4f8c46166d
SHA1: f40c090d15e2e6eb179b4eb3919c365afe882ade
SHA256:45616558165413f0bc3f315e6bd52f7f4238d384169b3355e2e0465a611642cb
Referenced In Project/Scope:Struts 2 TestNG Plugin:compile

Identifiers

  • None

testng-7.1.0.jar

Description:

Testing framework for Java

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/lukaszlenart/.m2/repository/org/testng/testng/7.1.0/testng-7.1.0.jar
MD5: 582b5096723374df7bb515d7906a0bb8
SHA1: b0bcea778fb2899aeb4014c558babea8833d180a
SHA256:e968e6cc3e925fe09b7b841d379e230dd9c56d6850ce18cf9a8e78ac0ce8e1b7
Referenced In Projects/Scopes:
  • Struts 2 Assembly:compile
  • Struts 2 Core:compile

Identifiers

testng-7.1.0.jar: jquery-3.4.1.min.js

File Path: /Users/lukaszlenart/.m2/repository/org/testng/testng/7.1.0/testng-7.1.0.jar/org/testng/jquery-3.4.1.min.js
MD5: a6b6350ee94a3ea74595c065cbf58af0
SHA1: b15f7cfa79519756dff1ad22553fd0ed09024343
SHA256:412b8ff9c5ab32b9019fcd84bcd4a54c0e265a14528474f4ee45b27a20abeaeb
Referenced In Projects/Scopes:

  • Struts 2 Assembly:compile
  • Struts 2 Core:compile

Identifiers

Regex in its jQuery.htmlPrefilter sometimes may introduce XSS (RETIREJS)  

Regex in its jQuery.htmlPrefilter  sometimes may introduce XSS
Unscored:
  • Severity: medium

References:

testng-7.1.0.jar: testng-reports.js

File Path: /Users/lukaszlenart/.m2/repository/org/testng/testng/7.1.0/testng-7.1.0.jar/org/testng/testng-reports.js
MD5: b92856a353b408d97321a1dd850347c2
SHA1: bf41ae73b80f698412d8aea58d3007ba9d8f589f
SHA256:e572aeb5fb24f8e1a5e1e2f65f1ae9d251bf17d7cca9dc311e8422451d96be96
Referenced In Projects/Scopes:

  • Struts 2 Assembly:compile
  • Struts 2 Core:compile

Identifiers

  • None

tiles-autotag-core-runtime-1.2.jar

Description:

Autotag: runtime core classes.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/lukaszlenart/.m2/repository/org/apache/tiles/tiles-autotag-core-runtime/1.2/tiles-autotag-core-runtime-1.2.jar
MD5: 425009289d5df24ff34eb0bab20a1c36
SHA1: 0100bd3cae1a5debf9afb4ef5c8b36c508d06326
SHA256:640f4b48de6f76b3518c3ee6a27c2ce3fc118aa285629cadba64ed7f3ef918e9
Referenced In Projects/Scopes:
  • Struts 2 Showcase Webapp:compile
  • Struts 2 Tiles Plugin:compile
  • Struts 2 Assembly:compile
  • Struts 2 Portlet Tiles Plugin:compile

Identifiers

tiles-core-3.0.8.jar

Description:

Tiles Core Library, including basic implementation of the APIs.
  

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/lukaszlenart/.m2/repository/org/apache/tiles/tiles-core/3.0.8/tiles-core-3.0.8.jar
MD5: f7de662825d6a98371d5fb14a49b569d
SHA1: 01f71d0545540ad4bd7b4d883b2ff763cffde237
SHA256:0d52520b84fc08511fd8dec23f9492ff1ccf2622509b2ee806122822d7c046e3
Referenced In Projects/Scopes:
  • Struts 2 Showcase Webapp:compile
  • Struts 2 Tiles Plugin:compile
  • Struts 2 Assembly:compile
  • Struts 2 Portlet Tiles Plugin:compile

Identifiers

tiles-ognl-3.0.8.jar

Description:

Tiles OGNL support: Classes and tag libraries to use OGNL as an expression language in attribute expressions.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/lukaszlenart/.m2/repository/org/apache/tiles/tiles-ognl/3.0.8/tiles-ognl-3.0.8.jar
MD5: c8a5d9619f2c1f30fd48c081ed505209
SHA1: 138753498a27322b35eedfa808428fb24a97c2c2
SHA256:0de367bdfd097a21ffc2ae5d3293ee3461b9ec9d6547ce1335a98216178f1530
Referenced In Projects/Scopes:
  • Struts 2 Showcase Webapp:compile
  • Struts 2 Tiles Plugin:compile
  • Struts 2 Assembly:compile
  • Struts 2 Portlet Tiles Plugin:compile

Identifiers

CVE-2016-3093  

Apache Struts 2.0.0 through 2.3.24.1 does not properly cache method references when used with OGNL before 3.0.12, which allows remote attackers to cause a denial of service (block access to a web site) via unspecified vectors.
CWE-20 Improper Input Validation

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: MEDIUM (5.3)
  • Vector: /AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

References:

Vulnerable Software & Versions: (show all)

tiles-request-api-1.0.7.jar

Description:

API for the Tiles Request framework.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/lukaszlenart/.m2/repository/org/apache/tiles/tiles-request-api/1.0.7/tiles-request-api-1.0.7.jar
MD5: 87f3c5e8b68b23b7544c0b9c996973c0
SHA1: c649a9be6df263c888a2195447cd602d530cc233
SHA256:b8745a4ff960bcca4ef16b0167b058604d4a394b69d7f685ed49d76670e0f6c8
Referenced In Projects/Scopes:
  • Struts 2 Showcase Webapp:compile
  • Struts 2 Tiles Plugin:compile
  • Struts 2 Assembly:compile
  • Struts 2 Portlet Tiles Plugin:compile

Identifiers

tomcat-juli-8.5.53.jar

Description:

Tomcat Core Logging Package

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/lukaszlenart/.m2/repository/org/apache/tomcat/tomcat-juli/8.5.53/tomcat-juli-8.5.53.jar
MD5: d8c9c3c93d8af3f95d71050151991077
SHA1: 057d37b5d7ed1270910ae59575b7c724bdf2d9f1
SHA256:7ffb67ed82900d591d9a476e761c2d6048325d7b03c626e2b8846ab714442740
Referenced In Projects/Scopes:
  • DEPRECATED: Struts 2 Embedded JSP Plugin:compile
  • Struts 2 Assembly:compile

Identifiers

utils.js

File Path: /Users/lukaszlenart/Projects/Apache/struts/core/src/main/resources/org/apache/struts2/static/utils.js
MD5: a1287feb0882f494dc6ebfbdcb2c8d6a
SHA1: 61201962d41fec8139c940c5a1468796d49a6139
SHA256:309abee1bddd03fe16c196e2cc00b58318ff707764824d9b71a38f667736720d
Referenced In Project/Scope:Struts 2 Core

Identifiers

  • None

validation-api-2.0.1.Final.jar

Description:

        Bean Validation API
    

License:

Apache License 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/lukaszlenart/.m2/repository/javax/validation/validation-api/2.0.1.Final/validation-api-2.0.1.Final.jar
MD5: 5d02c034034a7a16725ceff787e191d6
SHA1: cb855558e6271b1b32e716d24cb85c7f583ce09e
SHA256:9873b46df1833c9ee8f5bc1ff6853375115dadd8897bcb5a0dffb5848835ee6c
Referenced In Projects/Scopes:
  • Struts 2 Bean Validation Plugin:compile
  • Struts 2 Showcase Webapp:compile
  • Struts 2 Assembly:compile

Identifiers

validation.js

File Path: /Users/lukaszlenart/Projects/Apache/struts/core/src/main/resources/template/xhtml/validation.js
MD5: dea68bdb50b41aee5fc61170e3faf14e
SHA1: affda7d0fecb0d16b9ebfc119833ec50ee920b4b
SHA256:fdbcbc87e6495252ff1d697712e1604733d1cf6299b2f7075fdc27c2fa23687e
Referenced In Project/Scope:Struts 2 Core

Identifiers

  • None

validation.js

File Path: /Users/lukaszlenart/Projects/Apache/struts/core/src/main/resources/template/css_xhtml/validation.js
MD5: c66d23a2391879f74077a1af7888ede7
SHA1: c4c980b34207fbca373f2032c770371606220da2
SHA256:ec4dc0658f00c3a64e9a890565a3dfb71678babb484d2960c22f123c10f2c03c
Referenced In Project/Scope:Struts 2 Core

Identifiers

  • None

velocity-engine-core-2.2.jar

Description:

Apache Velocity is a general purpose template engine.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/lukaszlenart/.m2/repository/org/apache/velocity/velocity-engine-core/2.2/velocity-engine-core-2.2.jar
MD5: 64b4a875e0d57e57fbcae109cec75ebc
SHA1: 68d899cb70cd27d495562fa808feb2da4926d38f
SHA256:5167f8cf2dbc003b632a49b672161d8d96c8c6f03056d29bfd540a8a789d715e
Referenced In Projects/Scopes:
  • Struts 2 JUnit Plugin:compile
  • Struts 2 Rest Showcase Webapp:compile
  • Struts 2 OSGi Demo Bundle:compile
  • Struts 2 Velocity Plugin:compile
  • Struts 2 OSGi Admin Bundle:compile
  • Struts 2 Configuration Browser Plugin:compile
  • DEPRECATED: Struts 2 Embedded JSP Plugin:compile
  • Struts 2 Sitemesh Plugin:compile
  • Struts 2 Portlet Plugin:compile
  • Struts 2 Showcase Webapp:compile
  • Struts 2 Assembly:compile
  • Struts 2 Portlet Tiles Plugin:compile
  • Struts 2 OSGi Plugin:compile

Identifiers

velocity-tools-generic-3.0.jar

Description:

Generic tools that can be used in any context.

File Path: /Users/lukaszlenart/.m2/repository/org/apache/velocity/tools/velocity-tools-generic/3.0/velocity-tools-generic-3.0.jar
MD5: a8586c8959eccfa3714e198eb21678d3
SHA1: e789f6ec06f9a69ccb8956f407fb685b2938e74b
SHA256:42cb45fe33aead38218845cb350125c7dc9804c74a19cc388123276da0c07e5d
Referenced In Projects/Scopes:

  • Struts 2 JUnit Plugin:compile
  • Struts 2 Rest Showcase Webapp:compile
  • Struts 2 OSGi Demo Bundle:compile
  • Struts 2 Velocity Plugin:compile
  • Struts 2 OSGi Admin Bundle:compile
  • Struts 2 Configuration Browser Plugin:compile
  • DEPRECATED: Struts 2 Embedded JSP Plugin:compile
  • Struts 2 Sitemesh Plugin:compile
  • Struts 2 Portlet Plugin:compile
  • Struts 2 Showcase Webapp:compile
  • Struts 2 Assembly:compile
  • Struts 2 Portlet Tiles Plugin:compile
  • Struts 2 OSGi Plugin:compile

Identifiers

velocity-tools-view-3.0.jar

Description:

Tools to be used in a servlet context.

File Path: /Users/lukaszlenart/.m2/repository/org/apache/velocity/tools/velocity-tools-view/3.0/velocity-tools-view-3.0.jar
MD5: 997d1732d30fc50fc8879653d36a6e99
SHA1: 2f72ca8eb2bcb8af2c5fab826d64add20ab70a2e
SHA256:cc6e5effedb95345b842b16aa7eb6c2da8fa1b29d8df8dae17f56f143515fd07
Referenced In Projects/Scopes:

  • Struts 2 JUnit Plugin:compile
  • Struts 2 Rest Showcase Webapp:compile
  • Struts 2 OSGi Demo Bundle:compile
  • Struts 2 Velocity Plugin:compile
  • Struts 2 OSGi Admin Bundle:compile
  • Struts 2 Configuration Browser Plugin:compile
  • DEPRECATED: Struts 2 Embedded JSP Plugin:compile
  • Struts 2 Sitemesh Plugin:compile
  • Struts 2 Portlet Plugin:compile
  • Struts 2 Showcase Webapp:compile
  • Struts 2 Assembly:compile
  • Struts 2 Portlet Tiles Plugin:compile
  • Struts 2 OSGi Plugin:compile

Identifiers

velocity-tools-view-jsp-3.0.jar

Description:

Enables the use of Velocity under a JSP environment.

File Path: /Users/lukaszlenart/.m2/repository/org/apache/velocity/tools/velocity-tools-view-jsp/3.0/velocity-tools-view-jsp-3.0.jar
MD5: 87e4c90f6060422f92929fcf2aff8072
SHA1: 27f6a21c7973ffb75001b3e9ac4731facf5757b4
SHA256:fa4168347c48e3c47b6924c1a8eaaf1661fd3d49fc68d39978fa0fa0f739f43d
Referenced In Projects/Scopes:

  • Struts 2 JUnit Plugin:compile
  • Struts 2 Rest Showcase Webapp:compile
  • Struts 2 OSGi Demo Bundle:compile
  • Struts 2 Velocity Plugin:compile
  • Struts 2 OSGi Admin Bundle:compile
  • Struts 2 Configuration Browser Plugin:compile
  • DEPRECATED: Struts 2 Embedded JSP Plugin:compile
  • Struts 2 Sitemesh Plugin:compile
  • Struts 2 Portlet Plugin:compile
  • Struts 2 Showcase Webapp:compile
  • Struts 2 Assembly:compile
  • Struts 2 Portlet Tiles Plugin:compile
  • Struts 2 OSGi Plugin:compile

Identifiers

webconsole.js

File Path: /Users/lukaszlenart/Projects/Apache/struts/core/src/main/resources/org/apache/struts2/interceptor/debugging/webconsole.js
MD5: a7202aefd2637c63ee607db0a608c6de
SHA1: 5618fb1f032d4972287158e5754570992448695d
SHA256:9ab03200e9abb3ddb95ee83321b518d660ba0734683c3a6844c633a5c5dbabfd
Referenced In Project/Scope:Struts 2 Core

Identifiers

  • None

woodstox-core-6.1.1.jar

Description:

        Woodstox is a high-performance XML processor that
        implements Stax (JSR-173), SAX2 and Stax2 APIs
    

License:

The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Users/lukaszlenart/.m2/repository/com/fasterxml/woodstox/woodstox-core/6.1.1/woodstox-core-6.1.1.jar
MD5: 992e39013de489a1373f14b7e153f9da
SHA1: 989bb31963ed1758b95c7c4381a91592a9a8df61
SHA256:f250662a245570fdd49c6916c1c3cd3d6511a8e5cd0d7460e989844b1d66ed67
Referenced In Projects/Scopes:
  • Struts 2 Rest Showcase Webapp:compile
  • Struts 2 REST Plugin:compile

Identifiers

woodstox-core-6.1.1.jar (shaded: com.sun.xml.bind.jaxb:isorelax:20090621)

Description:

Unknown version of isorelax library used in JAXB project

File Path: /Users/lukaszlenart/.m2/repository/com/fasterxml/woodstox/woodstox-core/6.1.1/woodstox-core-6.1.1.jar/META-INF/maven/com.sun.xml.bind.jaxb/isorelax/pom.xml
MD5: 6fbb4bc95fbf2072bc6e3b790553fe81
SHA1: 314ec72948d5c1fc71d553cbbd7a130caa6f9f13
SHA256:cda6451d0231a973352b592ff950e39224ba6ba1a2f35eeab66511b5c225dff1
Referenced In Projects/Scopes:

  • Struts 2 Rest Showcase Webapp:compile
  • Struts 2 REST Plugin:compile

Identifiers

woodstox-core-6.1.1.jar (shaded: net.java.dev.msv:xsdlib:2013.6.1)

Description:

XML Schema datatypes library

File Path: /Users/lukaszlenart/.m2/repository/com/fasterxml/woodstox/woodstox-core/6.1.1/woodstox-core-6.1.1.jar/META-INF/maven/net.java.dev.msv/xsdlib/pom.xml
MD5: aaf872ed9d1aabee25e03c2a132ffd8e
SHA1: 47f218a999411ed028f089d59ebef8f14e0fe914
SHA256:d6e83c124436049d83238fc532a26c5d8ccd7e4ab10eba6d96043c850ac82f3c
Referenced In Projects/Scopes:

  • Struts 2 Rest Showcase Webapp:compile
  • Struts 2 REST Plugin:compile

Identifiers

xmlpull-1.1.3.1.jar

License:

Public Domain: http://www.xmlpull.org/v1/download/unpacked/LICENSE.txt
File Path: /Users/lukaszlenart/.m2/repository/xmlpull/xmlpull/1.1.3.1/xmlpull-1.1.3.1.jar
MD5: cc57dacc720eca721a50e78934b822d2
SHA1: 2b8e230d2ab644e4ecaa94db7cdedbc40c805dfa
SHA256:34e08ee62116071cbb69c0ed70d15a7a5b208d62798c59f2120bb8929324cb63
Referenced In Projects/Scopes:
  • Struts 2 Rest Showcase Webapp:compile
  • Struts 2 REST Plugin:compile
  • Struts 2 Assembly:compile
  • Struts 2 OVal Plugin:compile

Identifiers

xpp3_min-1.1.4c.jar

Description:

MXP1 is a stable XmlPull parsing engine that is based on ideas from XPP and in particular XPP2 but completely revised and rewritten to take the best advantage of latest JIT JVMs such as Hotspot in JDK 1.4+.

License:

Indiana University Extreme! Lab Software License, vesion 1.1.1: http://www.extreme.indiana.edu/viewcvs/~checkout~/XPP3/java/LICENSE.txt
Public Domain: http://creativecommons.org/licenses/publicdomain
File Path: /Users/lukaszlenart/.m2/repository/xpp3/xpp3_min/1.1.4c/xpp3_min-1.1.4c.jar
MD5: dcd95bcb84b09897b2b66d4684c040da
SHA1: 19d4e90b43059058f6e056f794f0ea4030d60b86
SHA256:bfc90e9e32d0eab1f397fb974b5f150a815188382ac41f372a7149d5bc178008
Referenced In Projects/Scopes:
  • Struts 2 Rest Showcase Webapp:compile
  • Struts 2 REST Plugin:compile
  • Struts 2 Assembly:compile
  • Struts 2 OVal Plugin:compile

Identifiers

xstream-1.4.11.1.jar

Description:

XStream is a serialization library from Java objects to XML and back.

License:

http://x-stream.github.io/license.html
File Path: /Users/lukaszlenart/.m2/repository/com/thoughtworks/xstream/xstream/1.4.11.1/xstream-1.4.11.1.jar
MD5: 0eb564c0c83b6d4fea7ff1a9cc5bc6bc
SHA1: 6c120c45a8c480bb2fea5b56502e3993ddd74fd2
SHA256:5e59757590948b5a08ec946f6eb69fb25927c465125370b1a7861261dafc6b36
Referenced In Projects/Scopes:
  • Struts 2 Rest Showcase Webapp:compile
  • Struts 2 REST Plugin:compile
  • Struts 2 Assembly:compile
  • Struts 2 OVal Plugin:compile

Identifiers



This report contains data retrieved from the National Vulnerability Database.
This report may contain data retrieved from the NPM Public Advisories.
This report may contain data retrieved from RetireJS.
This report may contain data retrieved from the Sonatype OSS Index.