Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

How to read the report | Suppressing false positives | Getting Help: google group | github issues

Project: Struts 2 Sitemesh Plugin

org.apache.struts:struts2-sitemesh-plugin:2.5.20

Scan Information (show all):

Display: Showing Vulnerable Dependencies (click to show all)

DependencyCPECoordinatesHighest SeverityCVE CountCPE ConfidenceEvidence Count
sitemesh-2.4.2.jaropensymphony:sitemesh:2.4.2 023
velocity-1.7.jarorg.apache.velocity:velocity:1.7 030
commons-collections-3.2.2.jarcpe:/a:apache:commons_collections:3.2.2commons-collections:commons-collections:3.2.2 0Low37
commons-lang-2.4.jarcommons-lang:commons-lang:2.4 031
velocity-tools-2.0.jarorg.apache.velocity:velocity-tools:2.0 027
commons-beanutils-1.9.3.jarcpe:/a:apache:commons_beanutils:1.9.3commons-beanutils:commons-beanutils:1.9.3 0Low37
commons-digester-2.1.jarcommons-digester:commons-digester:2.1 031
commons-chain-1.1.jarcommons-chain:commons-chain:1.1 026
commons-logging-1.2.jarcommons-logging:commons-logging:1.2 033
commons-validator-1.6.jarcommons-validator:commons-validator:1.6 037
dom4j-1.1.jarcpe:/a:dom4j_project:dom4j:1.1dom4j:dom4j:1.1 0Low14
oro-2.0.8.jaroro:oro:2.0.8 011
sslext-1.2-0.jarsslext:sslext:1.2-0 017
struts-core-1.3.8.jarorg.apache.struts:struts-core:1.3.8 023
antlr-2.7.2.jarantlr:antlr:2.7.2 09
struts-taglib-1.3.8.jarcpe:/a:taglib:taglib:1.3.8org.apache.struts:struts-taglib:1.3.8 0Low23
struts-tiles-1.3.8.jarcpe:/a:apache:tiles:1.3.8org.apache.struts:struts-tiles:1.3.8 0Low23
struts2-core-2.5.20.jarcpe:/a:apache:struts:2.5.20org.apache.struts:struts2-core:2.5.20 0Low30
freemarker-2.3.28.jarorg.freemarker:freemarker:2.3.28 041
ognl-3.1.21.jarcpe:/a:ognl_project:ognl:3.1.21ognl:ognl:3.1.21 0Low19
javassist-3.20.0-GA.jarorg.javassist:javassist:3.20.0-GA 024
log4j-api-2.11.1.jarcpe:/a:apache:log4j:2.11.1org.apache.logging.log4j:log4j-api:2.11.1 0Low36
commons-fileupload-1.4.jarcpe:/a:apache:commons_fileupload:1.4commons-fileupload:commons-fileupload:1.4 0Low37
commons-io-2.6.jarcommons-io:commons-io:2.6 037
commons-lang3-3.8.1.jarorg.apache.commons:commons-lang3:3.8.1 038

Dependencies

sitemesh-2.4.2.jar

Description:

 SiteMesh is a web-page layout and decoration framework and web- application integration framework to aid in creating large sites consisting of many pages for which a consistent look/feel, navigation and layout scheme is required.

License:

The Apache Software License, Version 1.1: http://www.opensymphony.com/sitemesh/license.action
File Path: /home/jenkins/.m2/repository/opensymphony/sitemesh/2.4.2/sitemesh-2.4.2.jar
MD5: b9cd6bb5c6e34555ae430d9c2f2441ba
SHA1: 4cb3b08c96553b0f4595a80917838ca302f67f3f
SHA256:0d7933ae628a7198f8bb267e27f348f8cbe7c74083c25172dffaa0245b2bf056
Referenced In Project/Scope:Struts 2 Sitemesh Plugin:compile

Identifiers

  • maven: opensymphony:sitemesh:2.4.2  Confidence:Highest

velocity-1.7.jar

Description:

 Apache Velocity is a general purpose template engine.

File Path: /home/jenkins/.m2/repository/org/apache/velocity/velocity/1.7/velocity-1.7.jar
MD5: 3692dd72f8367cb35fb6280dc2916725
SHA1: 2ceb567b8f3f21118ecdec129fe1271dbc09aa7a
SHA256:ec92dae810034f4b46dbb16ef4364a4013b0efb24a8c5dd67435cae46a290d8e
Referenced In Project/Scope:Struts 2 Sitemesh Plugin:compile

Identifiers

  • maven: org.apache.velocity:velocity:1.7  Confidence:Highest

commons-collections-3.2.2.jar

Description:

 Types that extend and augment the Java Collections Framework.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/commons-collections/commons-collections/3.2.2/commons-collections-3.2.2.jar
MD5: f54a8510f834a1a57166970bfc982e94
SHA1: 8ad72fe39fa8c91eaaf12aadb21e0c3661fe26d5
SHA256:eeeae917917144a68a741d4c0dff66aa5c5c5fd85593ff217bced3fc8ca783b8
Referenced In Project/Scope:Struts 2 Sitemesh Plugin:compile

Identifiers

  • maven: commons-collections:commons-collections:3.2.2  Confidence:Highest
  • cpe: cpe:/a:apache:commons_collections:3.2.2  Confidence:Low  

commons-lang-2.4.jar

Description:

 
        Commons Lang, a package of Java utility classes for the
        classes that are in java.lang's hierarchy, or are considered to be so
        standard as to justify existence in java.lang.
    

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/commons-lang/commons-lang/2.4/commons-lang-2.4.jar
MD5: 237a8e845441bad2e535c57d985c8204
SHA1: 16313e02a793435009f1e458fa4af5d879f6fb11
SHA256:2c73b940c91250bc98346926270f13a6a10bb6e29d2c9316a70d134e382c873e
Referenced In Project/Scope:Struts 2 Sitemesh Plugin:compile

Identifiers

  • maven: commons-lang:commons-lang:2.4  Confidence:Highest

velocity-tools-2.0.jar

Description:

 
        VelocityTools is an integrated collection of Velocity subprojects
        with the common goal of creating tools and infrastructure to speed and ease
        development of both web and non-web applications using the Velocity template
        engine.
    

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/org/apache/velocity/velocity-tools/2.0/velocity-tools-2.0.jar
MD5: 51ed2c6c0103cf3fdbeb9aa5170f5288
SHA1: 69936384de86857018b023a8c56ae0635c56b6a0
SHA256:b174eb36bc48c25dce10571c7d3d5dca4e4c1b3e2e31a92b9ed68fe9dea688d9
Referenced In Project/Scope:Struts 2 Sitemesh Plugin:compile

Identifiers

  • maven: org.apache.velocity:velocity-tools:2.0  Confidence:Highest

commons-beanutils-1.9.3.jar

Description:

 Apache Commons BeanUtils provides an easy-to-use but flexible wrapper around reflection and introspection.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/commons-beanutils/commons-beanutils/1.9.3/commons-beanutils-1.9.3.jar
MD5: 4a105c9d029a7edc6f2b16567d37eab6
SHA1: c845703de334ddc6b4b3cd26835458cb1cba1f3d
SHA256:c058e39c7c64203d3a448f3adb588cb03d6378ed808485618f26e137f29dae73
Referenced In Project/Scope:Struts 2 Sitemesh Plugin:compile

Identifiers

  • cpe: cpe:/a:apache:commons_beanutils:1.9.3  Confidence:Low  
  • maven: commons-beanutils:commons-beanutils:1.9.3  Confidence:Highest

commons-digester-2.1.jar

Description:

 
    The Digester package lets you configure an XML to Java object mapping module
    which triggers certain actions called rules whenever a particular 
    pattern of nested XML elements is recognized.
  

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/commons-digester/commons-digester/2.1/commons-digester-2.1.jar
MD5: 528445033f22da28f5047b6abcd1c7c9
SHA1: 73a8001e7a54a255eef0f03521ec1805dc738ca0
SHA256:e0b2b980a84fc6533c5ce291f1917b32c507f62bcad64198fff44368c2196a3d
Referenced In Project/Scope:Struts 2 Sitemesh Plugin:compile

Identifiers

  • maven: commons-digester:commons-digester:2.1  Confidence:Highest

commons-chain-1.1.jar

Description:

 An implmentation of the GoF Chain of Responsibility pattern

License:

The Apache Software License, Version 2.0: /LICENSE.txt
File Path: /home/jenkins/.m2/repository/commons-chain/commons-chain/1.1/commons-chain-1.1.jar
MD5: d4ce482153073855e7c6453dc3c725cb
SHA1: 3038bd41dcdb2b63b8c6dcc8c15f0fdf3f389012
SHA256:e408f72da5ed4c5db6ae19e8c3b7ee36259c36c05f7a77f15509a014bfe7bcaa
Referenced In Project/Scope:Struts 2 Sitemesh Plugin:compile

Identifiers

  • maven: commons-chain:commons-chain:1.1  Confidence:Highest

commons-logging-1.2.jar

Description:

 Apache Commons Logging is a thin adapter allowing configurable bridging to other,
    well known logging systems.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/commons-logging/commons-logging/1.2/commons-logging-1.2.jar
MD5: 040b4b4d8eac886f6b4a2a3bd2f31b00
SHA1: 4bfc12adfe4842bf07b657f0369c4cb522955686
SHA256:daddea1ea0be0f56978ab3006b8ac92834afeefbd9b7e4e6316fca57df0fa636
Referenced In Project/Scope:Struts 2 Sitemesh Plugin:compile

Identifiers

  • maven: commons-logging:commons-logging:1.2  Confidence:Highest

commons-validator-1.6.jar

Description:

 
    Apache Commons Validator provides the building blocks for both client side validation and server side data validation.
    It may be used standalone or with a framework like Struts.
  

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/commons-validator/commons-validator/1.6/commons-validator-1.6.jar
MD5: 3fd5efd8dcdd601035c123638a897833
SHA1: e989d1e87cdd60575df0765ed5bac65c905d7908
SHA256:bd62795d7068a69cbea333f6dbf9c9c1a6ad7521443fb57202a44874f240ba25
Referenced In Project/Scope:Struts 2 Sitemesh Plugin:compile

Identifiers

  • maven: commons-validator:commons-validator:1.6  Confidence:Highest

dom4j-1.1.jar

File Path: /home/jenkins/.m2/repository/dom4j/dom4j/1.1/dom4j-1.1.jar
MD5: f1c39d0d2b2c6f5ffb0046841a34b5c9
SHA1: 0690b3108a502c8f033ea87e7278aec309ffa668
SHA256:50bd5c21b5fbd27b8bbb5f8050544b53f49a4480fd347ce9c46d55c706015156
Referenced In Project/Scope:Struts 2 Sitemesh Plugin:compile

Identifiers

  • cpe: cpe:/a:dom4j_project:dom4j:1.1  Confidence:Low  
  • maven: dom4j:dom4j:1.1  Confidence:Highest

oro-2.0.8.jar

File Path: /home/jenkins/.m2/repository/oro/oro/2.0.8/oro-2.0.8.jar
MD5: 42e940d5d2d822f4dc04c65053e630ab
SHA1: 5592374f834645c4ae250f4c9fbb314c9369d698
SHA256:e00ccdad5df7eb43fdee44232ef64602bf63807c2d133a7be83ba09fd49af26e
Referenced In Project/Scope:Struts 2 Sitemesh Plugin:compile

Identifiers

  • maven: oro:oro:2.0.8  Confidence:Highest

sslext-1.2-0.jar

License:

Apache Software License, Version 1.1: http://www.apache.org/licenses/LICENSE-1.1
File Path: /home/jenkins/.m2/repository/sslext/sslext/1.2-0/sslext-1.2-0.jar
MD5: fda7f2a2f7ac9b017a5de1a4742753fd
SHA1: c86a7db4ac0bc450e675f3d44b3d64cdc934361b
SHA256:4ec193f85bf3c5e84be4ef79fe1e8e71493b317858735cfe062c4c54f818c312
Referenced In Project/Scope:Struts 2 Sitemesh Plugin:compile

Identifiers

  • maven: sslext:sslext:1.2-0  Confidence:Highest

struts-core-1.3.8.jar

File Path: /home/jenkins/.m2/repository/org/apache/struts/struts-core/1.3.8/struts-core-1.3.8.jar
MD5: 868de456b4d4331d6dcc4e8d3bee884e
SHA1: 66178d4a9279ebb1cd1eb79c10dc204b4199f061
SHA256:a7881710517dd6a50fa81c04d494e1493ad326bcc1adf2eb9493e5eb9ca9e077
Referenced In Project/Scope:Struts 2 Sitemesh Plugin:compile

Identifiers

  • maven: org.apache.struts:struts-core:1.3.8  Confidence:Highest

antlr-2.7.2.jar

File Path: /home/jenkins/.m2/repository/antlr/antlr/2.7.2/antlr-2.7.2.jar
MD5: a73459120df5cadf75eaa98453433a01
SHA1: 546b5220622c4d9b2da45ad1899224b6ce1c8830
SHA256:2a53206963dfa78e33746b6f8367f7d9970fa36865a825d7bfbce1784dc0f4d4
Referenced In Project/Scope:Struts 2 Sitemesh Plugin:compile

Identifiers

  • maven: antlr:antlr:2.7.2  Confidence:Highest

struts-taglib-1.3.8.jar

File Path: /home/jenkins/.m2/repository/org/apache/struts/struts-taglib/1.3.8/struts-taglib-1.3.8.jar
MD5: 0effb2e71f676c25d76c3ae5dd6674f9
SHA1: e87e9817bdf03c2367fb5f6d5ead953db2df4c21
SHA256:0b54adf308e50d8fdb82066b058bfa57ee244d1cdcf4bf7b6c12fb11d91f44a5
Referenced In Project/Scope:Struts 2 Sitemesh Plugin:compile

Identifiers

  • maven: org.apache.struts:struts-taglib:1.3.8  Confidence:Highest
  • cpe: cpe:/a:taglib:taglib:1.3.8  Confidence:Low  

struts-tiles-1.3.8.jar

File Path: /home/jenkins/.m2/repository/org/apache/struts/struts-tiles/1.3.8/struts-tiles-1.3.8.jar
MD5: f41992ab2729b1cb9c6b4721465aa4e4
SHA1: 6d212f8ea5d908bc9906e669428b7694dff60785
SHA256:3d66e61734b2ddad6e4b34aaa2382480ad6061e59e5e178e346cc275c0429e57
Referenced In Project/Scope:Struts 2 Sitemesh Plugin:compile

Identifiers

  • cpe: cpe:/a:apache:tiles:1.3.8  Confidence:Low  
  • maven: org.apache.struts:struts-tiles:1.3.8  Confidence:Highest

struts2-core-2.5.20.jar

Description:

 Apache Struts 2

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/org/apache/struts/struts2-core/2.5.20/struts2-core-2.5.20.jar
MD5: 64726c87bf007321f041f04205e41f4c
SHA1: f717368bb7ccc86c75f3255d7120e688b90c11e4
SHA256:63f702c2463e6d8d3786d8763949120c148caf7239771211b92bdd6f3ada72f4
Referenced In Project/Scope:Struts 2 Sitemesh Plugin:compile

Identifiers

  • cpe: cpe:/a:apache:struts:2.5.20  Confidence:Low  
  • maven: org.apache.struts:struts2-core:2.5.20  Confidence:Highest

freemarker-2.3.28.jar

Description:

 
    FreeMarker is a "template engine"; a generic tool to generate text output based on templates.
  

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/org/freemarker/freemarker/2.3.28/freemarker-2.3.28.jar
MD5: c5e35d814518da7b0247d42311b8e296
SHA1: 7200064467a935052f99d114c2c05c3d189bc6d6
SHA256:de92d103d3a86c2287307218ff50dc1c941de283f7b9e1fb23e93fc7220838bf
Referenced In Project/Scope:Struts 2 Sitemesh Plugin:compile

Identifiers

  • maven: org.freemarker:freemarker:2.3.28  Confidence:Highest

ognl-3.1.21.jar

Description:

 OGNL - Object Graph Navigation Library

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/ognl/ognl/3.1.21/ognl-3.1.21.jar
MD5: 4cbfa8a6a74afe86c7d457c8e989400c
SHA1: d04408e84b7ed4b51133ff3a3992e79307ae0b00
SHA256:f3de3c73023be7521ffb07e578627144a663eabdfe166b15bbf23639d63ddc8d
Referenced In Project/Scope:Struts 2 Sitemesh Plugin:compile

Identifiers

  • maven: ognl:ognl:3.1.21  Confidence:Highest
  • cpe: cpe:/a:ognl_project:ognl:3.1.21  Confidence:Low  

javassist-3.20.0-GA.jar

Description:

 
  	Javassist (JAVA programming ASSISTant) makes Java bytecode manipulation
    simple.  It is a class library for editing bytecodes in Java.
  

License:

MPL 1.1: http://www.mozilla.org/MPL/MPL-1.1.html
LGPL 2.1: http://www.gnu.org/licenses/lgpl-2.1.html
Apache License 2.0: http://www.apache.org/licenses/
File Path: /home/jenkins/.m2/repository/org/javassist/javassist/3.20.0-GA/javassist-3.20.0-GA.jar
MD5: a89dd7907d76e061ec2c07e762a74256
SHA1: a9cbcdfb7e9f86fbc74d3afae65f2248bfbf82a0
SHA256:d7691062fb779c2381640c8f72acba2c23873b01c243866d41c15dc4c8848ea2
Referenced In Project/Scope:Struts 2 Sitemesh Plugin:compile

Identifiers

  • maven: org.javassist:javassist:3.20.0-GA  Confidence:Highest

log4j-api-2.11.1.jar

Description:

 The Apache Log4j API

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/org/apache/logging/log4j/log4j-api/2.11.1/log4j-api-2.11.1.jar
MD5: fc110208241ce5b48bd07464ecc7e137
SHA1: 268f0fe4df3eefe052b57c87ec48517d64fb2a10
SHA256:493b37b5a6c49c4f5fb609b966375e4dc1783df436587584ca1dc7e861d0742b
Referenced In Project/Scope:Struts 2 Sitemesh Plugin:compile

Identifiers

  • maven: org.apache.logging.log4j:log4j-api:2.11.1  Confidence:Highest
  • cpe: cpe:/a:apache:log4j:2.11.1  Confidence:Low  

commons-fileupload-1.4.jar

Description:

 
    The Apache Commons FileUpload component provides a simple yet flexible means of adding support for multipart
    file upload functionality to servlets and web applications.
  

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/commons-fileupload/commons-fileupload/1.4/commons-fileupload-1.4.jar
MD5: 0c3b924dcaaa90c3fb93fe04ae96a35e
SHA1: f95188e3d372e20e7328706c37ef366e5d7859b0
SHA256:a4ec02336f49253ea50405698b79232b8c5cbf02cb60df3a674d77a749a1def7
Referenced In Project/Scope:Struts 2 Sitemesh Plugin:compile

Identifiers

  • cpe: cpe:/a:apache:commons_fileupload:1.4  Confidence:Low  
  • maven: commons-fileupload:commons-fileupload:1.4  Confidence:Highest

commons-io-2.6.jar

Description:

 
The Apache Commons IO library contains utility classes, stream implementations, file filters,
file comparators, endian transformation classes, and much more.
  

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/commons-io/commons-io/2.6/commons-io-2.6.jar
MD5: 467c2a1f64319c99b5faf03fc78572af
SHA1: 815893df5f31da2ece4040fe0a12fd44b577afaf
SHA256:f877d304660ac2a142f3865badfc971dec7ed73c747c7f8d5d2f5139ca736513
Referenced In Project/Scope:Struts 2 Sitemesh Plugin:compile

Identifiers

  • maven: commons-io:commons-io:2.6  Confidence:Highest

commons-lang3-3.8.1.jar

Description:

 
  Apache Commons Lang, a package of Java utility classes for the
  classes that are in java.lang's hierarchy, or are considered to be so
  standard as to justify existence in java.lang.
  

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/jenkins/.m2/repository/org/apache/commons/commons-lang3/3.8.1/commons-lang3-3.8.1.jar
MD5: 540b1256d887a6993ecbef23371a3302
SHA1: 6505a72a097d9270f7a9e7bf42c4238283247755
SHA256:dac807f65b07698ff39b1b07bfef3d87ae3fd46d91bbf8a2bc02b2a831616f68
Referenced In Project/Scope:Struts 2 Sitemesh Plugin:compile

Identifiers

  • maven: org.apache.commons:commons-lang3:3.8.1  Confidence:Highest


This report contains data retrieved from the National Vulnerability Database.
This report may contain data retrieved from the NPM Public Advisories.