Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies;
false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and
the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties,
implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided
is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever
arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
Scan Information (
show all ):
dependency-check version : 5.3.2Report Generated On : Mon, 20 Apr 2020 20:10:12 +0200Dependencies Scanned : 40 (33 unique)Vulnerable Dependencies : 2 Vulnerabilities Found : 2Vulnerabilities Suppressed : 6... NVD CVE Checked : 2020-04-20T20:09:46NVD CVE Modified : 2020-04-20T18:03:43VersionCheckOn : 2020-04-19T10:27:56Summary Display:
Showing Vulnerable Dependencies (click to show all) Dependencies Description:
AOP Alliance License:
Public Domain File Path: /Users/lukaszlenart/.m2/repository/aopalliance/aopalliance/1.0/aopalliance-1.0.jar
MD5: 04177054e180d09e3998808efa0401c7
SHA1: 0235ba8b489512805ac13a8f9ea77a1ca5ebe3e8
SHA256: 0addec670fedcd3f113c5c8091d783280d23f75e3acb841b61a9cdb079376a08
Referenced In Project/Scope: Struts 2 Core:compile
Evidence Type Source Name Value Confidence Vendor file name aopalliance High Vendor jar package name aopalliance Highest Vendor pom name AOP alliance High Vendor pom url http://aopalliance.sourceforge.net Highest Vendor jar package name aopalliance Low Vendor pom groupid aopalliance Highest Vendor jar package name aop Highest Vendor jar package name intercept Low Vendor pom artifactid aopalliance Low Product file name aopalliance High Product jar package name aopalliance Highest Product pom artifactid aopalliance Highest Product pom name AOP alliance High Product pom groupid aopalliance Highest Product jar package name aop Highest Product pom url http://aopalliance.sourceforge.net Medium Product jar package name intercept Low Version file version 1.0 High Version pom version 1.0 Highest
Description:
The AspectJ weaver introduces advices to java classes License:
Eclipse Public License - v 1.0: http://www.eclipse.org/legal/epl-v10.html File Path: /Users/lukaszlenart/.m2/repository/org/aspectj/aspectjweaver/1.8.9/aspectjweaver-1.8.9.jar
MD5: 304a51bce49f52a26bb79f3fd0b58325
SHA1: db28774f477f07220eac18d5ec9c4e01f48589d7
SHA256: 5e41d39eca300e2d8e6067f5660d70dcc66ec2da9cbd46a3d5985e609d1e6ecf
Referenced In Project/Scope: Struts 2 Core:compile
Evidence Type Source Name Value Confidence Vendor pom name AspectJ weaver High Vendor Manifest Implementation-Vendor aspectj.org High Vendor pom artifactid aspectjweaver Low Vendor jar package name weaver Highest Vendor Manifest specification-vendor aspectj.org Low Vendor pom groupid org.aspectj Highest Vendor Manifest name org/aspectj/weaver/ Medium Vendor jar package name aspectj Highest Vendor Manifest can-redefine-classes true Low Vendor jar package name org Highest Vendor pom url http://www.aspectj.org Highest Vendor file name aspectjweaver High Vendor pom groupid aspectj Highest Product pom name AspectJ weaver High Product jar package name weaver Highest Product pom url http://www.aspectj.org Medium Product Manifest Implementation-Title org.aspectj.weaver High Product Manifest specification-title AspectJ Weaver Classes Medium Product pom artifactid aspectjweaver Highest Product jar package name aspectj Highest Product Manifest name org/aspectj/weaver/ Medium Product Manifest can-redefine-classes true Low Product jar package name org Highest Product file name aspectjweaver High Product pom groupid aspectj Highest Version pom version 1.8.9 Highest Version Manifest Implementation-Version 1.8.9 High Version file version 1.8.9 High
Description:
The Apache Commons FileUpload component provides a simple yet flexible means of adding support for multipart
file upload functionality to servlets and web applications.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/lukaszlenart/.m2/repository/commons-fileupload/commons-fileupload/1.4/commons-fileupload-1.4.jar
MD5: 0c3b924dcaaa90c3fb93fe04ae96a35e
SHA1: f95188e3d372e20e7328706c37ef366e5d7859b0
SHA256: a4ec02336f49253ea50405698b79232b8c5cbf02cb60df3a674d77a749a1def7
Referenced In Project/Scope: Struts 2 Core:compile
Evidence Type Source Name Value Confidence Vendor Manifest bundle-docurl http://commons.apache.org/proper/commons-fileupload/ Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor jar package name apache Highest Vendor jar package name fileupload Highest Vendor pom url http://commons.apache.org/proper/commons-fileupload/ Highest Vendor pom groupid commons-fileupload Highest Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom artifactid commons-fileupload Low Vendor pom parent-groupid org.apache.commons Medium Vendor jar package name commons Highest Vendor Manifest implementation-url http://commons.apache.org/proper/commons-fileupload/ Low Vendor Manifest implementation-build UNKNOWN@r047f31576411beee69cf75584ae76531cc9ac753; 2018-12-24 07:06:18+0000 Low Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor pom name Apache Commons FileUpload High Vendor file name commons-fileupload High Vendor Manifest bundle-symbolicname org.apache.commons.commons-fileupload Medium Vendor pom parent-artifactid commons-parent Low Product Manifest specification-title Apache Commons FileUpload Medium Product Manifest bundle-docurl http://commons.apache.org/proper/commons-fileupload/ Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product jar package name apache Highest Product jar package name fileupload Highest Product Manifest Implementation-Title Apache Commons FileUpload High Product Manifest Bundle-Name Apache Commons FileUpload Medium Product pom groupid commons-fileupload Highest Product pom parent-groupid org.apache.commons Medium Product pom parent-artifactid commons-parent Medium Product jar package name commons Highest Product pom url http://commons.apache.org/proper/commons-fileupload/ Medium Product Manifest implementation-url http://commons.apache.org/proper/commons-fileupload/ Low Product pom artifactid commons-fileupload Highest Product Manifest implementation-build UNKNOWN@r047f31576411beee69cf75584ae76531cc9ac753; 2018-12-24 07:06:18+0000 Low Product pom name Apache Commons FileUpload High Product file name commons-fileupload High Product Manifest bundle-symbolicname org.apache.commons.commons-fileupload Medium Version pom parent-version 1.4 Low Version pom version 1.4 Highest Version file version 1.4 High Version Manifest Implementation-Version 1.4 High
Description:
The Apache Commons IO library contains utility classes, stream implementations, file filters,
file comparators, endian transformation classes, and much more.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/lukaszlenart/.m2/repository/commons-io/commons-io/2.6/commons-io-2.6.jar
MD5: 467c2a1f64319c99b5faf03fc78572af
SHA1: 815893df5f31da2ece4040fe0a12fd44b577afaf
SHA256: f877d304660ac2a142f3865badfc971dec7ed73c747c7f8d5d2f5139ca736513
Referenced In Project/Scope: Struts 2 Core:compile
Evidence Type Source Name Value Confidence Vendor Manifest bundle-symbolicname org.apache.commons.io Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor Manifest bundle-docurl http://commons.apache.org/proper/commons-io/ Low Vendor pom groupid commons-io Highest Vendor jar package name apache Highest Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom url http://commons.apache.org/proper/commons-io/ Highest Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Vendor Manifest implementation-url http://commons.apache.org/proper/commons-io/ Low Vendor file name commons-io High Vendor jar package name io Highest Vendor pom parent-groupid org.apache.commons Medium Vendor jar package name commons Highest Vendor pom name Apache Commons IO High Vendor Manifest automatic-module-name org.apache.commons.io Medium Vendor pom artifactid commons-io Low Vendor Manifest Implementation-Vendor-Id commons-io Medium Vendor pom parent-artifactid commons-parent Low Product Manifest Implementation-Title Apache Commons IO High Product Manifest bundle-symbolicname org.apache.commons.io Medium Product Manifest bundle-docurl http://commons.apache.org/proper/commons-io/ Low Product jar package name apache Highest Product Manifest specification-title Apache Commons IO Medium Product pom groupid commons-io Highest Product pom url http://commons.apache.org/proper/commons-io/ Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Product Manifest implementation-url http://commons.apache.org/proper/commons-io/ Low Product file name commons-io High Product jar package name io Highest Product pom parent-groupid org.apache.commons Medium Product pom parent-artifactid commons-parent Medium Product jar package name commons Highest Product pom name Apache Commons IO High Product pom artifactid commons-io Highest Product Manifest Bundle-Name Apache Commons IO Medium Product Manifest automatic-module-name org.apache.commons.io Medium Version pom version 2.6 Highest Version Manifest Implementation-Version 2.6 High Version pom parent-version 2.6 Low Version file version 2.6 High
Description:
Apache Commons Lang, a package of Java utility classes for the
classes that are in java.lang's hierarchy, or are considered to be so
standard as to justify existence in java.lang.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/lukaszlenart/.m2/repository/org/apache/commons/commons-lang3/3.10/commons-lang3-3.10.jar
MD5: 238dcae7363dd86b2e515a2a29e8b4d9
SHA1: e155460aaf5b464062a09c3923f089ce99128a17
SHA256: 28968ae55fff465494083aeba856f8824c34902329882bf61e77246a91e25aa9
Referenced In Project/Scope: Struts 2 Core:compile
Evidence Type Source Name Value Confidence Vendor Manifest automatic-module-name org.apache.commons.lang3 Medium Vendor pom name Apache Commons Lang High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor jar package name apache Highest Vendor pom artifactid commons-lang3 Low Vendor file name commons-lang3 High Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom url https://commons.apache.org/proper/commons-lang/ Highest Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor jar package name lang3 Highest Vendor pom parent-groupid org.apache.commons Medium Vendor jar package name commons Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://commons.apache.org/proper/commons-lang/ Low Vendor pom groupid apache.commons Highest Vendor pom groupid org.apache.commons Highest Vendor Manifest bundle-symbolicname org.apache.commons.lang3 Medium Vendor pom parent-artifactid commons-parent Low Product Manifest automatic-module-name org.apache.commons.lang3 Medium Product pom name Apache Commons Lang High Product jar package name apache Highest Product Manifest specification-title Apache Commons Lang Medium Product file name commons-lang3 High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product jar package name lang3 Highest Product pom artifactid commons-lang3 Highest Product pom parent-groupid org.apache.commons Medium Product pom parent-artifactid commons-parent Medium Product jar package name commons Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest Implementation-Title Apache Commons Lang High Product Manifest bundle-docurl https://commons.apache.org/proper/commons-lang/ Low Product pom groupid apache.commons Highest Product Manifest bundle-symbolicname org.apache.commons.lang3 Medium Product Manifest Bundle-Name Apache Commons Lang Medium Product pom url https://commons.apache.org/proper/commons-lang/ Medium Version file version 3.10 High Version pom version 3.10 Highest Version Manifest Implementation-Version 3.10 High Version pom parent-version 3.10 Low
Description:
Apache Commons Logging is a thin adapter allowing configurable bridging to other,
well known logging systems. License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/lukaszlenart/.m2/repository/commons-logging/commons-logging/1.2/commons-logging-1.2.jar
MD5: 040b4b4d8eac886f6b4a2a3bd2f31b00
SHA1: 4bfc12adfe4842bf07b657f0369c4cb522955686
SHA256: daddea1ea0be0f56978ab3006b8ac92834afeefbd9b7e4e6316fca57df0fa636
Referenced In Project/Scope: Struts 2 Core:compile
Evidence Type Source Name Value Confidence Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor jar package name apache Highest Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest bundle-docurl http://commons.apache.org/proper/commons-logging/ Low Vendor pom parent-groupid org.apache.commons Medium Vendor jar package name commons Highest Vendor jar package name logging Highest Vendor pom groupid commons-logging Highest Vendor Manifest bundle-symbolicname org.apache.commons.logging Medium Vendor pom artifactid commons-logging Low Vendor Manifest implementation-build tags/LOGGING_1_2_RC2@r1608092; 2014-07-05 20:11:44+0200 Low Vendor file name commons-logging High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor pom parent-artifactid commons-parent Low Vendor pom name Apache Commons Logging High Vendor pom url http://commons.apache.org/proper/commons-logging/ Highest Product Manifest Implementation-Title Apache Commons Logging High Product pom url http://commons.apache.org/proper/commons-logging/ Medium Product jar package name apache Highest Product pom artifactid commons-logging Highest Product Manifest bundle-docurl http://commons.apache.org/proper/commons-logging/ Low Product pom parent-groupid org.apache.commons Medium Product pom parent-artifactid commons-parent Medium Product jar package name commons Highest Product jar package name logging Highest Product Manifest specification-title Apache Commons Logging Medium Product pom groupid commons-logging Highest Product Manifest bundle-symbolicname org.apache.commons.logging Medium Product Manifest implementation-build tags/LOGGING_1_2_RC2@r1608092; 2014-07-05 20:11:44+0200 Low Product Manifest Bundle-Name Apache Commons Logging Medium Product file name commons-logging High Product pom name Apache Commons Logging High Version pom parent-version 1.2 Low Version pom version 1.2 Highest Version Manifest Implementation-Version 1.2 High Version file version 1.2 High
Description:
Apache Commons Text is a library focused on algorithms working on strings. License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/lukaszlenart/.m2/repository/org/apache/commons/commons-text/1.8/commons-text-1.8.jar
MD5: f2243d67b348e7175f55902cdb7e54af
SHA1: 879a6bde4c0537a25504c72ec7a94ba4099f469c
SHA256: 6fe7ad4ad5349d6b77e7a0e1c9f6037108a1ee48c42e7e6eb4b18f56d324f7b2
Referenced In Project/Scope: Struts 2 Core:compile
Evidence Type Source Name Value Confidence Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor jar package name apache Highest Vendor pom url https://commons.apache.org/proper/commons-text Highest Vendor Manifest bundle-docurl https://commons.apache.org/proper/commons-text Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor jar package name text Highest Vendor pom parent-groupid org.apache.commons Medium Vendor jar package name commons Highest Vendor pom groupid apache.commons Highest Vendor pom groupid org.apache.commons Highest Vendor file name commons-text High Vendor Manifest implementation-url https://commons.apache.org/proper/commons-text Low Vendor pom artifactid commons-text Low Vendor Manifest automatic-module-name org.apache.commons.text Medium Vendor pom name Apache Commons Text High Vendor Manifest bundle-symbolicname org.apache.commons.commons-text Medium Vendor Manifest Implementation-Vendor-Id org.apache.commons Medium Vendor pom parent-artifactid commons-parent Low Product Manifest Bundle-Name Apache Commons Text Medium Product jar package name apache Highest Product Manifest bundle-docurl https://commons.apache.org/proper/commons-text Low Product Manifest Implementation-Title Apache Commons Text High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product Manifest specification-title Apache Commons Text Medium Product jar package name text Highest Product pom parent-groupid org.apache.commons Medium Product pom parent-artifactid commons-parent Medium Product jar package name commons Highest Product pom groupid apache.commons Highest Product file name commons-text High Product Manifest implementation-url https://commons.apache.org/proper/commons-text Low Product pom artifactid commons-text Highest Product Manifest automatic-module-name org.apache.commons.text Medium Product pom name Apache Commons Text High Product pom url https://commons.apache.org/proper/commons-text Medium Product Manifest bundle-symbolicname org.apache.commons.commons-text Medium Version pom parent-version 1.8 Low Version Manifest Implementation-Version 1.8 High Version file version 1.8 High Version pom version 1.8 Highest
File Path: /Users/lukaszlenart/Projects/Apache/struts/core/src/main/resources/org/apache/struts2/static/domTT.jsMD5: 44ed51154c7fa928005f39bbbed7d01aSHA1: 5584aa1028220f041ff7d89c48e9e8ffeaa05256SHA256: 60c72fad5a9688fc6a143176d84814b9ea2c4c9c882b4799921b950c415b961eReferenced In Project/Scope: Struts 2 Core
Evidence Type Source Name Value Confidence
Description:
FreeMarker is a "template engine"; a generic tool to generate text output based on templates.
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/lukaszlenart/.m2/repository/org/freemarker/freemarker/2.3.30/freemarker-2.3.30.jar
MD5: e702848d716f17cd39fabfe2415e104e
SHA1: 86d70d335c7821178f62b554aa3a4bc538a94f1a
SHA256: 6586433d90957c0b05a32bce07c71e8cebcea6afbea2e043bfe0c576c4d94338
Referenced In Project/Scope: Struts 2 Core:compile
Evidence Type Source Name Value Confidence Vendor Manifest Implementation-Vendor freemarker.org High Vendor jar package name template Highest Vendor pom groupid org.freemarker Highest Vendor pom url https://freemarker.apache.org/ Highest Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.8, JavaSE-1.7, JavaSE-1.6, J2SE-1.5 Low Vendor pom name Apache FreeMarker High Vendor pom groupid freemarker Highest Vendor jar package name freemarker Highest Vendor pom parent-groupid org.apache Medium Vendor Manifest extension-name FreeMarker Medium Vendor pom parent-artifactid apache Low Vendor Manifest dstamp 20200216 Low Vendor pom artifactid freemarker Low Vendor Manifest today February 16 2020 Low Vendor pom organization name Apache Software Foundation High Vendor pom organization url http://apache.org Medium Vendor Manifest tstamp 1915 Low Vendor file name freemarker High Vendor Manifest bundle-symbolicname org.freemarker.freemarker Medium Vendor Manifest specification-vendor freemarker.org Low Product jar package name template Highest Product Manifest bundle-requiredexecutionenvironment JavaSE-1.8, JavaSE-1.7, JavaSE-1.6, J2SE-1.5 Low Product pom name Apache FreeMarker High Product pom groupid freemarker Highest Product pom artifactid freemarker Highest Product jar package name freemarker Highest Product Manifest Bundle-Name org.freemarker.freemarker Medium Product pom parent-groupid org.apache Medium Product pom url https://freemarker.apache.org/ Medium Product Manifest extension-name FreeMarker Medium Product pom organization url http://apache.org Low Product Manifest dstamp 20200216 Low Product pom organization name Apache Software Foundation Low Product Manifest today February 16 2020 Low Product Manifest specification-title FreeMarker Medium Product Manifest tstamp 1915 Low Product file name freemarker High Product Manifest bundle-symbolicname org.freemarker.freemarker Medium Product Manifest Implementation-Title FreeMarker High Product pom parent-artifactid apache Medium Version Manifest Implementation-Version 2.3.30 High Version pom version 2.3.30 Highest Version file version 2.3.30 High Version pom parent-version 2.3.30 Low
Description:
Guava is a suite of core and expanded libraries that include
utility classes, google's collections, io classes, and much
much more.
Guava has only one code dependency - javax.annotation,
per the JSR-305 spec.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/lukaszlenart/.m2/repository/com/google/guava/guava/19.0/guava-19.0.jar
MD5: 43bfc49bdc7324f6daaa60c1ee9f3972
SHA1: 6ce200f6b23222af3d8abb6b6459e6c44f4bb0e9
SHA256: 58d4cc2e05ebb012bbac568b032f75623be1cb6fb096f3c60c72a86f7f057de4
Referenced In Project/Scope: Struts 2 Core:compile
Evidence Type Source Name Value Confidence Vendor pom artifactid guava Low Vendor Manifest bundle-docurl https://guava-libraries.googlecode.com/ Low Vendor pom parent-artifactid guava-parent Low Vendor Manifest bundle-symbolicname com.google.guava Medium Vendor pom parent-groupid com.google.guava Medium Vendor pom name Guava: Google Core Libraries for Java High Vendor file name guava High Vendor jar package name google Highest Vendor pom groupid com.google.guava Highest Vendor pom groupid google.guava Highest Product pom parent-artifactid guava-parent Medium Product Manifest Bundle-Name Guava: Google Core Libraries for Java Medium Product pom artifactid guava Highest Product Manifest bundle-docurl https://guava-libraries.googlecode.com/ Low Product Manifest bundle-symbolicname com.google.guava Medium Product pom parent-groupid com.google.guava Medium Product pom name Guava: Google Core Libraries for Java High Product file name guava High Product jar package name google Highest Product pom groupid google.guava Highest Version file version 19.0 High Version pom version 19.0 Highest
Published Vulnerabilities CVE-2018-10237 suppress
Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable. CWE-502 Deserialization of Untrusted Data
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: MEDIUM (5.9) Vector: /AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions: (show all )
Description:
Guice is a lightweight dependency injection framework for Java 6 and above License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/lukaszlenart/.m2/repository/com/google/inject/guice/4.1.0/guice-4.1.0-no_aop.jar
MD5: 8cf17838fd9407bc2c8c39ddf027008f
SHA1: faf9ee8ac09eafd1128091426dd367a8c0085d55
SHA256: 9264c6931c431e928dc64adc842584d5f57d17b2f3aff29221f2b3fdea673dad
Referenced In Project/Scope: Struts 2 Core:compile
Evidence Type Source Name Value Confidence Vendor jar package name internal Low Vendor Manifest bundle-docurl https://github.com/google/guice Low Vendor Manifest eclipse-extensibleapi true Low Vendor Manifest bundle-copyright Copyright (C) 2006 Google Inc. Low Vendor file name guice High Vendor jar package name inject Highest Vendor Manifest bundle-symbolicname com.google.inject Medium Vendor pom groupid com.google.inject Highest Vendor jar package name inject Low Vendor jar package name google Low Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.6 Low Vendor jar package name google Highest Product jar package name internal Low Product Manifest bundle-docurl https://github.com/google/guice Low Product Manifest eclipse-extensibleapi true Low Product Manifest bundle-copyright Copyright (C) 2006 Google Inc. Low Product file name guice High Product jar package name guice Highest Product jar package name inject Highest Product Manifest bundle-symbolicname com.google.inject Medium Product jar package name inject Low Product jar package name dependency Highest Product pom artifactid guice Highest Product Manifest bundle-requiredexecutionenvironment JavaSE-1.6 Low Product jar package name google Highest Product Manifest Bundle-Name guice (no_aop) Medium Version file version 4.1.0 High Version pom version 4.1.0 Highest
Description:
This is the core API of hamcrest matcher framework to be used by third-party framework providers. This includes the a foundation set of matcher implementations for common operations.
File Path: /Users/lukaszlenart/.m2/repository/org/hamcrest/hamcrest-core/1.3/hamcrest-core-1.3.jarMD5: 6393363b47ddcbba82321110c3e07519SHA1: 42a25dc3219429f0e5d060061f71acb49bf010a0SHA256: 66fdef91e9739348df7a096aa384a5685f4e875584cce89386a7a47251c4d8e9Referenced In Project/Scope: Struts 2 Core:compile
Evidence Type Source Name Value Confidence Vendor jar package name hamcrest Highest Vendor pom groupid org.hamcrest Highest Vendor pom parent-groupid org.hamcrest Medium Vendor Manifest Implementation-Vendor hamcrest.org High Vendor pom parent-artifactid hamcrest-parent Low Vendor Manifest built-date 2012-07-09 19:49:34 Low Vendor pom groupid hamcrest Highest Vendor file name hamcrest-core High Vendor jar package name matcher Highest Vendor pom name Hamcrest Core High Vendor pom artifactid hamcrest-core Low Vendor jar package name core Highest Product Manifest Implementation-Title hamcrest-core High Product Manifest built-date 2012-07-09 19:49:34 Low Product pom groupid hamcrest Highest Product pom parent-artifactid hamcrest-parent Medium Product pom artifactid hamcrest-core Highest Product jar package name hamcrest Highest Product file name hamcrest-core High Product pom parent-groupid org.hamcrest Medium Product jar package name matcher Highest Product pom name Hamcrest Core High Product jar package name core Highest Version pom version 1.3 Highest Version Manifest Implementation-Version 1.3 High Version file version 1.3 High
File Path: /Users/lukaszlenart/Projects/Apache/struts/core/src/main/resources/org/apache/struts2/static/inputtransferselect.jsMD5: 2955e039eab5ef8216705c05d239f378SHA1: 94316238b9eb45a97e2547fa66881cca27a5b6eeSHA256: e5ef24f60cfb27a88880ee89ba6eb4664bbebe0c32d3dc1ce385cbe6d8b01194Referenced In Project/Scope: Struts 2 Core
Evidence Type Source Name Value Confidence
Description:
Javassist (JAVA programming ASSISTant) makes Java bytecode manipulation
simple. It is a class library for editing bytecodes in Java.
License:
MPL 1.1: http://www.mozilla.org/MPL/MPL-1.1.html
LGPL 2.1: http://www.gnu.org/licenses/lgpl-2.1.html
Apache License 2.0: http://www.apache.org/licenses/ File Path: /Users/lukaszlenart/.m2/repository/org/javassist/javassist/3.24.1-GA/javassist-3.24.1-GA.jar
MD5: 527cebd64b0f941d5058bae3d1726d06
SHA1: 921b466d6a14a8edbe25923c973fd767fc71c045
SHA256: 5d57ea5b0ec8cb46143dfe521f888b208028be126f274cc4f852e641755f1553
Referenced In Project/Scope: Struts 2 Core:compile
Evidence Type Source Name Value Confidence Vendor file name javassist High Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Vendor jar package name javassist Highest Vendor pom organization name Shigeru Chiba, www.javassist.org High Vendor pom artifactid javassist Low Vendor pom name Javassist High Vendor pom groupid org.javassist Highest Vendor pom url http://www.javassist.org/ Highest Vendor jar package name bytecode Highest Vendor Manifest specification-vendor Shigeru Chiba, www.javassist.org Low Vendor pom groupid javassist Highest Vendor Manifest bundle-symbolicname javassist Medium Product file name javassist High Product pom artifactid javassist Highest Product pom organization name Shigeru Chiba, www.javassist.org Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Product jar package name javassist Highest Product Manifest Bundle-Name Javassist Medium Product pom name Javassist High Product pom url http://www.javassist.org/ Medium Product Manifest specification-title Javassist Medium Product jar package name bytecode Highest Product pom groupid javassist Highest Product Manifest bundle-symbolicname javassist Medium Version Manifest specification-version 3.24.1-GA High Version pom version 3.24.1-GA Highest
Description:
The javax.inject API License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/lukaszlenart/.m2/repository/javax/inject/javax.inject/1/javax.inject-1.jar
MD5: 289075e48b909e9e74e6c915b3631d2e
SHA1: 6975da39a7040257bd51d21a231b76c915872d38
SHA256: 91c77044a50c481636c32d916fd89c9118a72195390452c81065080f957de7ff
Referenced In Project/Scope: Struts 2 Core:compile
Evidence Type Source Name Value Confidence Vendor pom url http://code.google.com/p/atinject/ Highest Vendor jar package name javax Highest Vendor jar package name inject Highest Vendor pom name javax.inject High Vendor jar package name javax Low Vendor pom artifactid javax.inject Low Vendor pom groupid javax.inject Highest Vendor file name javax.inject-1 High Vendor jar package name inject Low Product pom artifactid javax.inject Highest Product jar package name javax Highest Product jar package name inject Highest Product pom name javax.inject High Product pom url http://code.google.com/p/atinject/ Medium Product file name javax.inject-1 High Product pom groupid javax.inject Highest Product jar package name inject Low Version pom version 1 Highest Version file version 1 Medium
Description:
Command line parsing License:
Apache 2.0: http://www.apache.org/licenses/LICENSE-2.0 File Path: /Users/lukaszlenart/.m2/repository/com/beust/jcommander/1.72/jcommander-1.72.jar
MD5: 9fde6bc0ba1032eceb7267fd1ad1657b
SHA1: 6375e521c1e11d6563d4f25a07ce124ccf8cd171
SHA256: e0de160b129b2414087e01fe845609cd55caec6820cfd4d0c90fabcc7bdb8c1e
Referenced In Project/Scope: Struts 2 Core:compile
Evidence Type Source Name Value Confidence Vendor file name jcommander High Vendor pom groupid beust Highest Vendor pom name jcommander High Vendor jar package name beust Highest Vendor jar package name jcommander Highest Vendor Manifest bundle-symbolicname jcommander Medium Vendor pom artifactid jcommander Low Vendor pom url http://jcommander.org Highest Vendor pom groupid com.beust Highest Vendor Manifest build-date 2017-05-15 Low Product file name jcommander High Product pom groupid beust Highest Product pom name jcommander High Product jar package name beust Highest Product pom url http://jcommander.org Medium Product jar package name jcommander Highest Product Manifest bundle-symbolicname jcommander Medium Product Manifest Bundle-Name com.beust.jcommander Medium Product pom artifactid jcommander Highest Product Manifest build-date 2017-05-15 Low Version Manifest Bundle-Version 1.72 High Version file version 1.72 High Version pom version 1.72 Highest
File Path: /Users/lukaszlenart/Projects/Apache/struts/core/src/main/resources/jshint.conf.jsMD5: 7b7c2d7894e972b45298ea8d533008d7SHA1: 5a88e8d212d51cdc3ac0305978dfc483ce25fa25SHA256: 15942ecb04925afc65666d3d8f758ed0e65f90f7b5faec2b7381e29e397200c6Referenced In Project/Scope: Struts 2 Core
Evidence Type Source Name Value Confidence
Description:
JUnit is a unit testing framework for Java, created by Erich Gamma and Kent Beck. License:
Eclipse Public License 1.0: http://www.eclipse.org/legal/epl-v10.html File Path: /Users/lukaszlenart/.m2/repository/junit/junit/4.13/junit-4.13.jar
MD5: 5da6445d7b80aba2623e73d4561dcfde
SHA1: e49ccba652b735c93bd6e6f59760d8254cf597dd
SHA256: 4b8532f63bdc0e0661507f947eb324a954d1dbac631ad19c8aa9a00feed1d863
Referenced In Project/Scope: Struts 2 Core:compile
Evidence Type Source Name Value Confidence Vendor pom organization name JUnit High Vendor pom groupid junit Highest Vendor pom organization url http://www.junit.org Medium Vendor pom artifactid junit Low Vendor Manifest implementation-url http://junit.org Low Vendor file name junit High Vendor jar package name junit Highest Vendor pom url http://junit.org Highest Vendor Manifest Implementation-Vendor JUnit High Vendor Manifest Implementation-Vendor-Id junit Medium Vendor jar package name framework Highest Vendor Manifest automatic-module-name junit Medium Vendor pom name JUnit High Product pom groupid junit Highest Product Manifest implementation-url http://junit.org Low Product file name junit High Product pom organization url http://www.junit.org Low Product pom artifactid junit Highest Product Manifest Implementation-Title JUnit High Product jar package name junit Highest Product pom organization name JUnit Low Product pom url http://junit.org Medium Product jar package name framework Highest Product Manifest automatic-module-name junit Medium Product pom name JUnit High Version pom version 4.13 Highest Version file version 4.13 High Version Manifest Implementation-Version 4.13 High
Description:
The Apache Log4j API License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/lukaszlenart/.m2/repository/org/apache/logging/log4j/log4j-api/2.13.1/log4j-api-2.13.1.jar
MD5: 65795ba3dfef693a82bdfb369d030439
SHA1: cc670f92dc77bbf4540904c3fa211b997cba00d8
SHA256: 307fffc2623d010e3fe67d9f6b101c14bae33ec310e5f56960d491885fd59630
Referenced In Project/Scope: Struts 2 Core:compile
Evidence Type Source Name Value Confidence Vendor Manifest Implementation-Vendor-Id org.apache.logging.log4j Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor jar package name apache Highest Vendor pom groupid apache.logging.log4j Highest Vendor Manifest implementation-url https://logging.apache.org/log4j/2.x/log4j-api/ Low Vendor Manifest log4jreleasekey B3D8E1BA Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor pom parent-groupid org.apache.logging.log4j Medium Vendor Manifest log4jreleasemanager Ralph Goers Low Vendor pom groupid org.apache.logging.log4j Highest Vendor jar package name logging Highest Vendor file name log4j-api High Vendor Manifest bundle-docurl https://www.apache.org/ Low Vendor pom parent-artifactid log4j Low Vendor Manifest multi-release true Low Vendor pom name Apache Log4j API High Vendor jar package name org Highest Vendor Manifest bundle-symbolicname org.apache.logging.log4j.api Medium Vendor pom artifactid log4j-api Low Vendor jar package name log4j Highest Product Manifest Implementation-Title Apache Log4j API High Product jar package name apache Highest Product pom groupid apache.logging.log4j Highest Product Manifest specification-title Apache Log4j API Medium Product Manifest implementation-url https://logging.apache.org/log4j/2.x/log4j-api/ Low Product Manifest log4jreleasekey B3D8E1BA Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product pom parent-groupid org.apache.logging.log4j Medium Product Manifest log4jreleasemanager Ralph Goers Low Product jar package name logging Highest Product file name log4j-api High Product Manifest bundle-docurl https://www.apache.org/ Low Product Manifest multi-release true Low Product pom artifactid log4j-api Highest Product pom name Apache Log4j API High Product jar package name org Highest Product pom parent-artifactid log4j Medium Product Manifest Bundle-Name Apache Log4j API Medium Product Manifest bundle-symbolicname org.apache.logging.log4j.api Medium Product jar package name log4j Highest Version file version 2.13.1 High Version pom version 2.13.1 Highest Version Manifest Implementation-Version 2.13.1 High Version Manifest Bundle-Version 2.13.1 High Version Manifest log4jreleaseversion 2.13.1 Medium
Description:
OGNL - Object Graph Navigation Library License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/lukaszlenart/.m2/repository/ognl/ognl/3.2.14/ognl-3.2.14.jar
MD5: 0baa4d72fcb508e100c821518e5cdf19
SHA1: 18178dd7cfcb8b81c262c072b60a5bf701073917
SHA256: 02da5bd743cbaab1ebb61a17844b122f52cc69d10b23a8e3356f55c1e6988e71
Referenced In Project/Scope: Struts 2 Core:compile
Evidence Type Source Name Value Confidence Vendor pom artifactid ognl Low Vendor pom organization url http://www.opensymphony.com Medium Vendor pom name OGNL - Object Graph Navigation Library High Vendor pom organization name OpenSymphony High Vendor pom groupid ognl Highest Vendor file name ognl High Vendor Manifest automatic-module-name ognl Medium Vendor pom url jkuhnert/ognl/ Highest Vendor jar package name ognl Highest Product pom url jkuhnert/ognl/ High Product pom name OGNL - Object Graph Navigation Library High Product pom artifactid ognl Highest Product pom groupid ognl Highest Product file name ognl High Product Manifest automatic-module-name ognl Medium Product jar package name ognl Highest Product pom organization name OpenSymphony Low Product pom organization url http://www.opensymphony.com Low Version file version 3.2.14 High Version pom version 3.2.14 Highest
File Path: /Users/lukaszlenart/Projects/Apache/struts/core/src/main/resources/org/apache/struts2/static/optiontransferselect.jsMD5: f4194635b442cd6a9354132eb1f5c544SHA1: 51fd3c3d66bed260a48bcc1bc9f56c799acab501SHA256: 2028278976d9adfaa90186556cca99bbd476df3818155161d877272b738cc762Referenced In Project/Scope: Struts 2 Core
Evidence Type Source Name Value Confidence
Description:
The slf4j API File Path: /Users/lukaszlenart/.m2/repository/org/slf4j/slf4j-api/1.7.30/slf4j-api-1.7.30.jarMD5: f8be00da99bc4ab64c79ab1e2be7cb7cSHA1: b5a4b6d16ab13e34a88fae84c35cd5d68cac922cSHA256: cdba07964d1bb40a0761485c6b1e8c2f8fd9eb1d19c53928ac0d7f9510105c57Referenced In Project/Scope: Struts 2 Core:compile
Evidence Type Source Name Value Confidence Vendor Manifest automatic-module-name org.slf4j Medium Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor pom parent-artifactid slf4j-parent Low Vendor pom name SLF4J API Module High Vendor Manifest bundle-symbolicname slf4j.api Medium Vendor pom artifactid slf4j-api Low Vendor pom url http://www.slf4j.org Highest Vendor jar package name slf4j Highest Vendor file name slf4j-api High Vendor pom parent-groupid org.slf4j Medium Vendor pom groupid org.slf4j Highest Vendor pom groupid slf4j Highest Product pom url http://www.slf4j.org Medium Product Manifest automatic-module-name org.slf4j Medium Product Manifest Implementation-Title slf4j-api High Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product Manifest Bundle-Name slf4j-api Medium Product pom name SLF4J API Module High Product pom parent-artifactid slf4j-parent Medium Product Manifest bundle-symbolicname slf4j.api Medium Product jar package name slf4j Highest Product file name slf4j-api High Product pom parent-groupid org.slf4j Medium Product pom artifactid slf4j-api Highest Product pom groupid slf4j Highest Version pom version 1.7.30 Highest Version Manifest Implementation-Version 1.7.30 High Version Manifest Bundle-Version 1.7.30 High Version file version 1.7.30 High
Description:
SLF4J Simple binding File Path: /Users/lukaszlenart/.m2/repository/org/slf4j/slf4j-simple/1.7.30/slf4j-simple-1.7.30.jarMD5: 6577a4799237b81bc9bdc153d6347c30SHA1: e606eac955f55ecf1d8edcccba04eb8ac98088ddSHA256: 8b9279cbff6b9f88594efae3cf02039b6995030eec023ed43928748c41670feeReferenced In Project/Scope: Struts 2 Core:compile
Evidence Type Source Name Value Confidence Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor pom parent-artifactid slf4j-parent Low Vendor pom artifactid slf4j-simple Low Vendor Manifest automatic-module-name org.slf4j.simple Medium Vendor Manifest bundle-symbolicname slf4j.simple Medium Vendor pom url http://www.slf4j.org Highest Vendor jar package name slf4j Highest Vendor pom parent-groupid org.slf4j Medium Vendor pom groupid org.slf4j Highest Vendor file name slf4j-simple High Vendor pom name SLF4J Simple Binding High Vendor pom groupid slf4j Highest Product pom url http://www.slf4j.org Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product pom artifactid slf4j-simple Highest Product pom parent-artifactid slf4j-parent Medium Product Manifest Bundle-Name slf4j-simple Medium Product Manifest automatic-module-name org.slf4j.simple Medium Product Manifest bundle-symbolicname slf4j.simple Medium Product jar package name slf4j Highest Product pom parent-groupid org.slf4j Medium Product file name slf4j-simple High Product Manifest Implementation-Title slf4j-simple High Product pom name SLF4J Simple Binding High Product pom groupid slf4j Highest Version pom version 1.7.30 Highest Version Manifest Implementation-Version 1.7.30 High Version Manifest Bundle-Version 1.7.30 High Version file version 1.7.30 High
Description:
YAML 1.1 parser and emitter for Java License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/lukaszlenart/.m2/repository/org/yaml/snakeyaml/1.21/snakeyaml-1.21.jar
MD5: b16142890b39db3ff828085f56845b51
SHA1: 18775fdda48574784f40b47bf478ab0593f92e4d
SHA256: e43cb0683f70804b833dfaa5ac032ff14ba0c758d4a1e9eaeb6640515df83faf
Referenced In Project/Scope: Struts 2 Core:compile
Evidence Type Source Name Value Confidence Vendor Manifest bundle-symbolicname org.yaml.snakeyaml Medium Vendor pom url http://www.snakeyaml.org Highest Vendor pom name SnakeYAML High Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor pom artifactid snakeyaml Low Vendor pom groupid yaml Highest Vendor jar package name parser Highest Vendor jar package name emitter Highest Vendor file name snakeyaml High Vendor jar package name snakeyaml Highest Vendor jar package name yaml Highest Vendor pom groupid org.yaml Highest Product Manifest bundle-symbolicname org.yaml.snakeyaml Medium Product pom name SnakeYAML High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product pom groupid yaml Highest Product jar package name parser Highest Product pom artifactid snakeyaml Highest Product jar package name emitter Highest Product file name snakeyaml High Product jar package name snakeyaml Highest Product pom url http://www.snakeyaml.org Medium Product jar package name yaml Highest Product Manifest Bundle-Name SnakeYAML Medium Version pom version 1.21 Highest Version file version 1.21 High
Description:
Spring Core License:
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0 File Path: /Users/lukaszlenart/.m2/repository/org/springframework/spring-core/4.3.26.RELEASE/spring-core-4.3.26.RELEASE.jar
MD5: ec39a4f76633c98bc4819e397355b8aa
SHA1: a8b090664504b833e2d5d1e6863138cee1239681
SHA256: 70ae68ce99fdb11afaaac6487b39b59b7a8db6ecd5f8a2c01181b7b9c3b15a1d
Referenced In Project/Scope: Struts 2 Core:compile
Evidence Type Source Name Value Confidence Vendor pom groupid springframework Highest Vendor pom artifactid spring-core Low Vendor pom groupid org.springframework Highest Vendor pom organization name Spring IO High Vendor file name spring-core High Vendor pom organization url https://projects.spring.io/spring-framework Medium Vendor hint analyzer vendor vmware Highest Vendor jar package name io Highest Vendor hint analyzer vendor pivotal software Highest Vendor jar package name springframework Highest Vendor pom url spring-projects/spring-framework Highest Vendor pom name Spring Core High Vendor hint analyzer vendor SpringSource Highest Vendor jar package name core Highest Product pom groupid springframework Highest Product hint analyzer product springsource_spring_framework Highest Product file name spring-core High Product pom artifactid spring-core Highest Product jar package name io Highest Product pom organization name Spring IO Low Product Manifest Implementation-Title spring-core High Product jar package name springframework Highest Product pom organization url https://projects.spring.io/spring-framework Low Product pom url spring-projects/spring-framework High Product pom name Spring Core High Product jar package name core Highest Version pom version 4.3.26.RELEASE Highest Version Manifest Implementation-Version 4.3.26.RELEASE High
Related Dependencies spring-aop-4.3.26.RELEASE.jarFile Path: /Users/lukaszlenart/.m2/repository/org/springframework/spring-aop/4.3.26.RELEASE/spring-aop-4.3.26.RELEASE.jar MD5: a1f6737fa66b99284c5fb16b96696014 SHA1: 098f5eb6a6b3a2c2e6ee9eacd016a953c54fd3a3 SHA256: bd12ca116d9094efbd98ae1539b18014c7e48cf3ca2efc2022295ac1aeb5c15b pkg:maven/org.springframework/spring-aop@4.3.26.RELEASE spring-context-support-4.3.26.RELEASE.jarFile Path: /Users/lukaszlenart/.m2/repository/org/springframework/spring-context-support/4.3.26.RELEASE/spring-context-support-4.3.26.RELEASE.jar MD5: c6d18673bcb0f2f5eefa8410565269b0 SHA1: a730ce14c0c5fe6921f3783aa14613a9d4ebc2fc SHA256: f402af7dc51cac89a48f5ace9d7c34316292e28117c913671caa2d2beb781518 pkg:maven/org.springframework/spring-context-support@4.3.26.RELEASE spring-beans-4.3.26.RELEASE.jarFile Path: /Users/lukaszlenart/.m2/repository/org/springframework/spring-beans/4.3.26.RELEASE/spring-beans-4.3.26.RELEASE.jar MD5: 1510412e1af00c1beabe47f87e6c1777 SHA1: 536bb74d60a86882c58bd6f63a82e5760261c37f SHA256: fd7d135ee5dfa3d72ba4f195ba42127b84968c3bc12fb1a2496512778f5b3c77 pkg:maven/org.springframework/spring-beans@4.3.26.RELEASE spring-expression-4.3.26.RELEASE.jarFile Path: /Users/lukaszlenart/.m2/repository/org/springframework/spring-expression/4.3.26.RELEASE/spring-expression-4.3.26.RELEASE.jar MD5: 17f4d8bb75f966e57df82bd27396fc4a SHA1: 52e4f81cff6b604db4a0a664c452a9e222841f87 SHA256: 9d64c105349a571dc3c42057ba0bebc6da4fa1d58dce2faf8260aab7ed90a83e pkg:maven/org.springframework/spring-expression@4.3.26.RELEASE spring-web-4.3.26.RELEASE.jarFile Path: /Users/lukaszlenart/.m2/repository/org/springframework/spring-web/4.3.26.RELEASE/spring-web-4.3.26.RELEASE.jar MD5: 9d556ced11008277e89bf1a8c4ac8686 SHA1: 9c17e176b359da9e8b3eb69b97c0607aafe85543 SHA256: 8e37c8c6063c6436a582e344904cc5302d7b5459ea6c050afb04de88ca2039e3 pkg:maven/org.springframework/spring-web@4.3.26.RELEASE spring-context-4.3.26.RELEASE.jarFile Path: /Users/lukaszlenart/.m2/repository/org/springframework/spring-context/4.3.26.RELEASE/spring-context-4.3.26.RELEASE.jar MD5: 008d9631dcd62027c49715aea5de2476 SHA1: 7c91199fb7086d02febf7f6ec19c41644e4ca29a SHA256: d371617271d3567bad8ce52722ace120579698664be7f0809b14f1927398ebdc pkg:maven/org.springframework/spring-context@4.3.26.RELEASE spring-aspects-4.3.26.RELEASE.jarFile Path: /Users/lukaszlenart/.m2/repository/org/springframework/spring-aspects/4.3.26.RELEASE/spring-aspects-4.3.26.RELEASE.jar MD5: e2ae7614d84f301ce49e50a66c319167 SHA1: 71835425a87eacdd4f9b6c5afdd07013721fb385 SHA256: 713d3b7d098d9d257e4dc3722eb85c7154d4b49b7fafd97e1124b0688674069d pkg:maven/org.springframework/spring-aspects@4.3.26.RELEASE Description:
struts-annotations adds annotations processor support for struts based annotated projects,
such as TLD and documentation generation from annotated component classes as used in struts2
File Path: /Users/lukaszlenart/.m2/repository/org/apache/struts/struts-annotations/1.0.7/struts-annotations-1.0.7.jarMD5: cde5d067c06bf2cd8fe0742d8c4d461eSHA1: 3fe2a1266e5224b66ade1cc57b92b178023a4ae9SHA256: f7dc6b8f8536bcf29bc1cbd58099c560f2313450340d2505686be214c5931cddReferenced In Project/Scope: Struts 2 Core:compile
Evidence Type Source Name Value Confidence Vendor file name struts-annotations High Vendor pom groupid apache.struts Highest Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor jar package name apache Highest Vendor pom parent-artifactid struts-master Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom artifactid struts-annotations Low Vendor jar package name annotations Highest Vendor pom url http://struts.apache.org Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor jar package name struts Highest Vendor pom name Struts Annotations High Vendor pom groupid org.apache.struts Highest Vendor pom parent-groupid org.apache.struts Medium Product file name struts-annotations High Product pom groupid apache.struts Highest Product pom artifactid struts-annotations Highest Product jar package name apache Highest Product jar package name annotations Highest Product Manifest build-jdk-spec 1.8 Low Product jar package name struts Highest Product pom name Struts Annotations High Product Manifest specification-title Struts Annotations Medium Product pom url http://struts.apache.org Medium Product pom parent-groupid org.apache.struts Medium Product pom parent-artifactid struts-master Medium Product Manifest Implementation-Title Struts Annotations High Version file version 1.0.7 High Version Manifest Implementation-Version 1.0.7 High Version pom version 1.0.7 Highest Version pom parent-version 1.0.7 Low
Description:
Testing framework for Java License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/lukaszlenart/.m2/repository/org/testng/testng/7.1.0/testng-7.1.0.jar
MD5: 582b5096723374df7bb515d7906a0bb8
SHA1: b0bcea778fb2899aeb4014c558babea8833d180a
SHA256: e968e6cc3e925fe09b7b841d379e230dd9c56d6850ce18cf9a8e78ac0ce8e1b7
Referenced In Project/Scope: Struts 2 Core:compile
Evidence Type Source Name Value Confidence Vendor Manifest automatic-module-name org.testng Medium Vendor pom artifactid testng Low Vendor pom url https://testng.org Highest Vendor file name testng High Vendor jar package name testng Highest Vendor pom name testng High Vendor pom groupid testng Highest Vendor pom groupid org.testng Highest Product Manifest automatic-module-name org.testng Medium Product pom url https://testng.org Medium Product file name testng High Product jar package name testng Highest Product pom artifactid testng Highest Product pom name testng High Product pom groupid testng Highest Version file version 7.1.0 High Version pom version 7.1.0 Highest
File Path: /Users/lukaszlenart/.m2/repository/org/testng/testng/7.1.0/testng-7.1.0.jar/org/testng/jquery-3.4.1.min.jsMD5: a6b6350ee94a3ea74595c065cbf58af0SHA1: b15f7cfa79519756dff1ad22553fd0ed09024343SHA256: 412b8ff9c5ab32b9019fcd84bcd4a54c0e265a14528474f4ee45b27a20abeaebReferenced In Project/Scope: Struts 2 Core:compile
Evidence Type Source Name Value Confidence Vendor file name jquery High Product file name jquery High Version file version 3.4.1.min High
Published Vulnerabilities Regex in its jQuery.htmlPrefilter sometimes may introduce XSS (RETIREJS)suppress
Regex in its jQuery.htmlPrefilter sometimes may introduce XSS Unscored:
References:
File Path: /Users/lukaszlenart/.m2/repository/org/testng/testng/7.1.0/testng-7.1.0.jar/org/testng/testng-reports.jsMD5: b92856a353b408d97321a1dd850347c2SHA1: bf41ae73b80f698412d8aea58d3007ba9d8f589fSHA256: e572aeb5fb24f8e1a5e1e2f65f1ae9d251bf17d7cca9dc311e8422451d96be96Referenced In Project/Scope: Struts 2 Core:compile
Evidence Type Source Name Value Confidence
File Path: /Users/lukaszlenart/Projects/Apache/struts/core/src/main/resources/org/apache/struts2/static/utils.jsMD5: a1287feb0882f494dc6ebfbdcb2c8d6aSHA1: 61201962d41fec8139c940c5a1468796d49a6139SHA256: 309abee1bddd03fe16c196e2cc00b58318ff707764824d9b71a38f667736720dReferenced In Project/Scope: Struts 2 Core
Evidence Type Source Name Value Confidence
File Path: /Users/lukaszlenart/Projects/Apache/struts/core/src/main/resources/template/xhtml/validation.jsMD5: dea68bdb50b41aee5fc61170e3faf14eSHA1: affda7d0fecb0d16b9ebfc119833ec50ee920b4bSHA256: fdbcbc87e6495252ff1d697712e1604733d1cf6299b2f7075fdc27c2fa23687eReferenced In Project/Scope: Struts 2 Core
Evidence Type Source Name Value Confidence
File Path: /Users/lukaszlenart/Projects/Apache/struts/core/src/main/resources/template/css_xhtml/validation.jsMD5: c66d23a2391879f74077a1af7888ede7SHA1: c4c980b34207fbca373f2032c770371606220da2SHA256: ec4dc0658f00c3a64e9a890565a3dfb71678babb484d2960c22f123c10f2c03cReferenced In Project/Scope: Struts 2 Core
Evidence Type Source Name Value Confidence
File Path: /Users/lukaszlenart/Projects/Apache/struts/core/src/main/resources/org/apache/struts2/interceptor/debugging/webconsole.jsMD5: a7202aefd2637c63ee607db0a608c6deSHA1: 5618fb1f032d4972287158e5754570992448695dSHA256: 9ab03200e9abb3ddb95ee83321b518d660ba0734683c3a6844c633a5c5dbabfdReferenced In Project/Scope: Struts 2 Core
Evidence Type Source Name Value Confidence
Suppressed Vulnerabilities struts-annotations-1.0.7.jar Description:
struts-annotations adds annotations processor support for struts based annotated projects,
such as TLD and documentation generation from annotated component classes as used in struts2
File Path: /Users/lukaszlenart/.m2/repository/org/apache/struts/struts-annotations/1.0.7/struts-annotations-1.0.7.jarMD5: cde5d067c06bf2cd8fe0742d8c4d461eSHA1: 3fe2a1266e5224b66ade1cc57b92b178023a4ae9SHA256: f7dc6b8f8536bcf29bc1cbd58099c560f2313450340d2505686be214c5931cdd
Evidence Type Source Name Value Confidence Vendor file name struts-annotations High Vendor pom groupid apache.struts Highest Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor jar package name apache Highest Vendor pom parent-artifactid struts-master Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom artifactid struts-annotations Low Vendor jar package name annotations Highest Vendor pom url http://struts.apache.org Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor jar package name struts Highest Vendor pom name Struts Annotations High Vendor pom groupid org.apache.struts Highest Vendor pom parent-groupid org.apache.struts Medium Product file name struts-annotations High Product pom groupid apache.struts Highest Product pom artifactid struts-annotations Highest Product jar package name apache Highest Product jar package name annotations Highest Product Manifest build-jdk-spec 1.8 Low Product jar package name struts Highest Product pom name Struts Annotations High Product Manifest specification-title Struts Annotations Medium Product pom url http://struts.apache.org Medium Product pom parent-groupid org.apache.struts Medium Product pom parent-artifactid struts-master Medium Product Manifest Implementation-Title Struts Annotations High Version file version 1.0.7 High Version Manifest Implementation-Version 1.0.7 High Version pom version 1.0.7 Highest Version pom parent-version 1.0.7 Low
Suppressed Vulnerabilities CVE-2006-1546 suppressed
Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check. NVD-CWE-Other
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P References:
Vulnerable Software & Versions:
CVE-2006-1547 suppressed
ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils. NVD-CWE-Other
CVSSv2:
Base Score: HIGH (7.8) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:C References:
Vulnerable Software & Versions: (show all )
CVE-2006-1548 suppressed
Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message. NVD-CWE-Other
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N References:
Vulnerable Software & Versions:
CVE-2012-0394 suppressed
** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself." CWE-94 Improper Control of Generation of Code ('Code Injection')
CVSSv2:
Base Score: MEDIUM (6.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P References:
Vulnerable Software & Versions: (show all )
CVE-2013-2115 suppressed
Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966. CWE-94 Improper Control of Generation of Code ('Code Injection')
CVSSv2:
Base Score: HIGH (9.3) Vector: /AV:N/AC:M/Au:N/C:C/I:C/A:C References:
Vulnerable Software & Versions: (show all )
CVE-2015-2992 suppressed
Apache Struts before 2.3.20 has a cross-site scripting (XSS) vulnerability. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N CVSSv3:
MEDIUM (6.1) /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N References:
Vulnerable Software & Versions: