Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies;
false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and
the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties,
implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided
is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever
arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
Scan Information (
show all ):
dependency-check version : 3.1.2Report Generated On : Dec 4, 2018 at 10:59:45 +00:00Dependencies Scanned : 53 (33 unique)Vulnerable Dependencies : 6 Vulnerabilities Found : 25Vulnerabilities Suppressed : 0...
NVD CVE 2002 : 30/11/2018 09:08:39NVD CVE 2003 : 04/12/2018 09:10:59NVD CVE 2004 : 04/12/2018 09:10:14NVD CVE 2005 : 04/12/2018 09:16:07NVD CVE 2006 : 04/12/2018 09:06:14NVD CVE 2007 : 04/12/2018 09:02:21NVD CVE 2008 : 04/12/2018 08:58:32NVD CVE 2009 : 04/12/2018 08:54:22NVD CVE 2010 : 04/12/2018 08:50:56NVD CVE 2011 : 04/12/2018 09:16:39NVD CVE 2012 : 04/12/2018 08:52:10NVD CVE 2013 : 04/12/2018 08:52:08NVD CVE 2014 : 04/12/2018 08:52:09NVD CVE 2015 : 04/12/2018 08:52:09NVD CVE 2016 : 04/12/2018 08:52:10NVD CVE 2017 : 04/12/2018 08:19:41NVD CVE 2018 : 04/12/2018 08:52:09NVD CVE Checked : 04/12/2018 10:50:28NVD CVE Modified : 04/12/2018 06:01:55VersionCheckOn : 1543920628116
Display:
Showing Vulnerable Dependencies (click to show all)
Dependencies
Description: Spring Boot
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: /home/travis/.m2/repository/org/springframework/boot/spring-boot/2.0.1.RELEASE/spring-boot-2.0.1.RELEASE.jar
MD5: dc0f62283e9bfd0a0b3f7a7f4a8503af
SHA1: b8c5b14cbb0e52fdded8f98a8c1493cc74c7cf59
Referenced In Project/Scope:
spring-batch-support-samples-starter:compile
Evidence
Type Source Name Value Confidence Vendor pom url https://projects.spring.io/spring-boot/#/spring-boot-parent/spring-boot Highest Vendor pom description Spring Boot Medium Vendor pom name Spring Boot High Vendor pom organization url https://spring.io Medium Vendor pom artifactid spring-boot Low Vendor Manifest automatic-module-name spring.boot Medium Vendor file name spring-boot High Vendor central groupid org.springframework.boot Highest Vendor pom organization name Pivotal Software, Inc. High Vendor pom groupid org.springframework.boot Highest Vendor pom groupid springframework.boot Highest Vendor pom parent-artifactid spring-boot-parent Low Product pom description Spring Boot Medium Product pom name Spring Boot High Product pom parent-artifactid spring-boot-parent Medium Product Manifest automatic-module-name spring.boot Medium Product file name spring-boot High Product pom groupid springframework.boot Low Product central artifactid spring-boot Highest Product pom artifactid spring-boot Highest Product pom url https://projects.spring.io/spring-boot/#/spring-boot-parent/spring-boot Medium Product pom organization name Pivotal Software, Inc. Low Product pom parent-groupid org.springframework.boot Low Product pom organization url https://spring.io Low Product Manifest Implementation-Title Spring Boot High Version central version 2.0.1.RELEASE Highest Version Manifest Implementation-Version 2.0.1.RELEASE High Version pom version 2.0.1.RELEASE Highest
Related Dependencies
spring-boot-autoconfigure-2.0.1.RELEASE.jar
spring-boot-starter-2.0.1.RELEASE.jar
spring-boot-starter-tomcat-2.0.1.RELEASE.jar
spring-boot-starter-web-2.0.1.RELEASE.jar
spring-boot-starter-thymeleaf-2.0.1.RELEASE.jar
spring-boot-starter-json-2.0.1.RELEASE.jar
spring-boot-starter-logging-2.0.1.RELEASE.jar
Description: logback-core module
License:
http://www.eclipse.org/legal/epl-v10.html, http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html File Path: /home/travis/.m2/repository/ch/qos/logback/logback-core/1.2.3/logback-core-1.2.3.jar
MD5: 841fc80c6edff60d947a3872a2db4d45
SHA1: 864344400c3d4d92dfeb0a305dc87d953677c03c
Referenced In Project/Scope:
spring-batch-support-samples-starter:compile
Evidence
Type Source Name Value Confidence Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor Manifest originally-created-by Apache Maven Bundle Plugin Low Vendor pom groupid ch.qos.logback Highest Vendor pom artifactid logback-core Low Vendor manifest Bundle-Description logback-core module Medium Vendor file name logback-core High Vendor Manifest bundle-docurl http://www.qos.ch Low Vendor pom name Logback Core Module High Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.6 Low Vendor Manifest bundle-symbolicname ch.qos.logback.core Medium Vendor pom parent-artifactid logback-parent Low Vendor central groupid ch.qos.logback Highest Vendor pom description logback-core module Medium Product central artifactid logback-core Highest Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product Manifest originally-created-by Apache Maven Bundle Plugin Low Product pom artifactid logback-core Highest Product manifest Bundle-Description logback-core module Medium Product Manifest Bundle-Name Logback Core Module Medium Product file name logback-core High Product Manifest bundle-docurl http://www.qos.ch Low Product pom parent-artifactid logback-parent Medium Product pom name Logback Core Module High Product Manifest bundle-requiredexecutionenvironment JavaSE-1.6 Low Product Manifest bundle-symbolicname ch.qos.logback.core Medium Product pom groupid ch.qos.logback Low Product pom description logback-core module Medium Version pom version 1.2.3 Highest Version central version 1.2.3 Highest Version file version 1.2.3 Highest
Related Dependencies
logback-classic-1.2.3.jar
File Path: /home/travis/.m2/repository/ch/qos/logback/logback-classic/1.2.3/logback-classic-1.2.3.jar
SHA1: 7c4f3c474fb2c041d8028740440937705ebb473a
MD5: 64f7a68f931aed8e5ad8243470440f0b
maven: ch.qos.logback:logback-classic:1.2.3 ✓
Description: The Apache Log4j API
License:
https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/travis/.m2/repository/org/apache/logging/log4j/log4j-api/2.10.0/log4j-api-2.10.0.jar
MD5: b15b1def49daaf7e74fffcce9442ba98
SHA1: fec5797a55b786184a537abd39c3fa1449d752d6
Referenced In Project/Scope:
spring-batch-support-samples-starter:compile
Evidence
Type Source Name Value Confidence Vendor Manifest automatic-module-name Medium Vendor pom parent-groupid org.apache.logging.log4j Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Vendor central groupid org.apache.logging.log4j Highest Vendor pom groupid org.apache.logging.log4j Highest Vendor pom groupid apache.logging.log4j Highest Vendor Manifest bundle-symbolicname org.apache.logging.log4j.api Medium Vendor file name log4j-api High Vendor manifest Bundle-Description The Apache Log4j API Medium Vendor pom artifactid log4j-api Low Vendor Manifest bundle-docurl https://www.apache.org/ Low Vendor pom name Apache Log4j API High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor Manifest log4jreleasemanager Ralph Goers Low Vendor pom parent-artifactid log4j Low Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest implementation-url https://logging.apache.org/log4j/2.x/log4j-api/ Low Vendor pom description The Apache Log4j API Medium Product Manifest automatic-module-name Medium Product central artifactid log4j-api Highest Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Product pom parent-artifactid log4j Medium Product Manifest Bundle-Name Apache Log4j API Medium Product Manifest bundle-symbolicname org.apache.logging.log4j.api Medium Product file name log4j-api High Product manifest Bundle-Description The Apache Log4j API Medium Product Manifest specification-title Apache Log4j API Medium Product Manifest bundle-docurl https://www.apache.org/ Low Product pom name Apache Log4j API High Product pom groupid apache.logging.log4j Low Product Manifest log4jreleasemanager Ralph Goers Low Product pom parent-groupid org.apache.logging.log4j Low Product pom artifactid log4j-api Highest Product Manifest implementation-url https://logging.apache.org/log4j/2.x/log4j-api/ Low Product pom description The Apache Log4j API Medium Product Manifest Implementation-Title Apache Log4j API High Version pom version 2.10.0 Highest Version file version 2.10.0 Highest Version Manifest Implementation-Version 2.10.0 High Version central version 2.10.0 Highest
Description: The Apache Log4j binding between Log4j 2 API and SLF4J.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/travis/.m2/repository/org/apache/logging/log4j/log4j-to-slf4j/2.10.0/log4j-to-slf4j-2.10.0.jar
MD5: 7ac821f6ff3d7f9ed68ffe982a76b8c2
SHA1: f7e631ccf49cfc0aefa4a2a728da7d374c05bd3c
Referenced In Project/Scope:
spring-batch-support-samples-starter:compile
Evidence
Type Source Name Value Confidence Vendor pom parent-groupid org.apache.logging.log4j Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Vendor central groupid org.apache.logging.log4j Highest Vendor pom groupid org.apache.logging.log4j Highest Vendor pom groupid apache.logging.log4j Highest Vendor manifest Bundle-Description The Apache Log4j binding between Log4j 2 API and SLF4J. Medium Vendor file name log4j-to-slf4j High Vendor Manifest bundle-symbolicname org.apache.logging.log4j.to-slf4j Medium Vendor pom artifactid log4j-to-slf4j Low Vendor Manifest implementation-url https://logging.apache.org/log4j/2.x/log4j-to-slf4j/ Low Vendor Manifest automatic-module-name org.apache.logging.slf4j Medium Vendor Manifest bundle-docurl https://www.apache.org/ Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor Manifest log4jreleasemanager Ralph Goers Low Vendor pom parent-artifactid log4j Low Vendor pom name Apache Log4j to SLF4J Adapter High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom description The Apache Log4j binding between Log4j 2 API and SLF4J. Medium Product Manifest specification-title Apache Log4j to SLF4J Adapter Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Product pom parent-artifactid log4j Medium Product Manifest Bundle-Name Apache Log4j to SLF4J Adapter Medium Product manifest Bundle-Description The Apache Log4j binding between Log4j 2 API and SLF4J. Medium Product file name log4j-to-slf4j High Product Manifest bundle-symbolicname org.apache.logging.log4j.to-slf4j Medium Product Manifest implementation-url https://logging.apache.org/log4j/2.x/log4j-to-slf4j/ Low Product Manifest automatic-module-name org.apache.logging.slf4j Medium Product Manifest bundle-docurl https://www.apache.org/ Low Product central artifactid log4j-to-slf4j Highest Product pom groupid apache.logging.log4j Low Product Manifest log4jreleasemanager Ralph Goers Low Product pom parent-groupid org.apache.logging.log4j Low Product pom artifactid log4j-to-slf4j Highest Product pom name Apache Log4j to SLF4J Adapter High Product Manifest Implementation-Title Apache Log4j to SLF4J Adapter High Product pom description The Apache Log4j binding between Log4j 2 API and SLF4J. Medium Version pom version 2.10.0 Highest Version file version 2.10.0 Highest Version Manifest Implementation-Version 2.10.0 High Version central version 2.10.0 Highest
Description: JUL to SLF4J bridge
File Path: /home/travis/.m2/repository/org/slf4j/jul-to-slf4j/1.7.25/jul-to-slf4j-1.7.25.jarMD5: ab28124cb05fec600f2ffe37b94629e0SHA1: 0af5364cd6679bfffb114f0dec8a157aaa283b76
Referenced In Project/Scope:
spring-batch-support-samples-starter:compile
Evidence
Type Source Name Value Confidence Vendor manifest Bundle-Description JUL to SLF4J bridge Medium Vendor pom parent-artifactid slf4j-parent Low Vendor Manifest bundle-symbolicname jul.to.slf4j Medium Vendor pom url http://www.slf4j.org Highest Vendor central groupid org.slf4j Highest Vendor pom parent-groupid org.slf4j Medium Vendor pom name JUL to SLF4J bridge High Vendor pom artifactid jul-to-slf4j Low Vendor pom description JUL to SLF4J bridge Medium Vendor pom groupid org.slf4j Highest Vendor file name jul-to-slf4j High Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor pom groupid slf4j Highest Product manifest Bundle-Description JUL to SLF4J bridge Medium Product Manifest Bundle-Name jul-to-slf4j Medium Product Manifest bundle-symbolicname jul.to.slf4j Medium Product pom parent-artifactid slf4j-parent Medium Product pom groupid slf4j Low Product pom artifactid jul-to-slf4j Highest Product pom name JUL to SLF4J bridge High Product pom url http://www.slf4j.org Medium Product pom description JUL to SLF4J bridge Medium Product file name jul-to-slf4j High Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product pom parent-groupid org.slf4j Low Product central artifactid jul-to-slf4j Highest Version pom version 1.7.25 Highest Version central version 1.7.25 Highest Version file version 1.7.25 Highest Version Manifest Implementation-Version 1.7.25 High
Description: Common Annotations for the JavaTM Platform API
License:
CDDL + GPLv2 with classpath exception: https://github.com/javaee/javax.annotation/blob/master/LICENSE
File Path: /home/travis/.m2/repository/javax/annotation/javax.annotation-api/1.3.2/javax.annotation-api-1.3.2.jar
MD5: 2ab1973eefffaa2aeec47d50b9e40b9d
SHA1: 934c04d3cfef185a8008e7bf34331b79730a9d43
Referenced In Project/Scope:
spring-batch-support-samples-starter:compile
Evidence
Type Source Name Value Confidence Vendor manifest Bundle-Description Java(TM) Common Annotations 1.3 API Design Specification Medium Vendor pom name ${extension.name} API High Vendor central groupid javax.annotation Highest Vendor Manifest specification-vendor Oracle Corporation Low Vendor pom artifactid javax.annotation-api Low Vendor Manifest extension-name javax.annotation Medium Vendor pom parent-groupid net.java Medium Vendor Manifest Implementation-Vendor-Id org.glassfish Medium Vendor pom organization url https://javaee.github.io/glassfish Medium Vendor file name javax.annotation-api High Vendor pom organization name GlassFish Community High Vendor pom description Common Annotations for the JavaTM Platform API Medium Vendor Manifest Implementation-Vendor GlassFish Community High Vendor pom parent-artifactid jvnet-parent Low Vendor Manifest bundle-symbolicname javax.annotation-api Medium Vendor pom groupid javax.annotation Highest Vendor Manifest bundle-docurl https://javaee.github.io/glassfish Low Vendor Manifest automatic-module-name java.annotation Medium Vendor pom url http://jcp.org/en/jsr/detail?id=250 Highest Product pom artifactid javax.annotation-api Highest Product manifest Bundle-Description Java(TM) Common Annotations 1.3 API Design Specification Medium Product pom name ${extension.name} API High Product pom url http://jcp.org/en/jsr/detail?id=250 Medium Product Manifest Bundle-Name javax.annotation API Medium Product Manifest extension-name javax.annotation Medium Product pom parent-groupid net.java Low Product pom groupid javax.annotation Low Product pom parent-artifactid jvnet-parent Medium Product file name javax.annotation-api High Product pom description Common Annotations for the JavaTM Platform API Medium Product pom organization name GlassFish Community Low Product Manifest bundle-symbolicname javax.annotation-api Medium Product pom organization url https://javaee.github.io/glassfish Low Product Manifest bundle-docurl https://javaee.github.io/glassfish Low Product Manifest automatic-module-name java.annotation Medium Product central artifactid javax.annotation-api Highest Version Manifest Implementation-Version 1.3.2 High Version pom version 1.3.2 Highest Version central version 1.3.2 Highest Version file version 1.3.2 Highest
Description: YAML 1.1 parser and emitter for Java
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/travis/.m2/repository/org/yaml/snakeyaml/1.19/snakeyaml-1.19.jar
MD5: 95472b5a0ded8761545342a087e82117
SHA1: 2d998d3d674b172a588e54ab619854d073f555b5
Referenced In Project/Scope:
spring-batch-support-samples-starter:runtime
Evidence
Type Source Name Value Confidence Vendor pom groupid org.yaml Highest Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor central groupid org.yaml Highest Vendor pom url http://www.snakeyaml.org Highest Vendor pom groupid yaml Highest Vendor file name snakeyaml High Vendor pom description YAML 1.1 parser and emitter for Java Medium Vendor manifest Bundle-Description YAML 1.1 parser and emitter for Java Medium Vendor pom artifactid snakeyaml Low Vendor Manifest bundle-symbolicname org.yaml.snakeyaml Medium Vendor pom name SnakeYAML High Product Manifest Bundle-Name SnakeYAML Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product pom url http://www.snakeyaml.org Medium Product central artifactid snakeyaml Highest Product file name snakeyaml High Product pom groupid yaml Low Product pom description YAML 1.1 parser and emitter for Java Medium Product manifest Bundle-Description YAML 1.1 parser and emitter for Java Medium Product Manifest bundle-symbolicname org.yaml.snakeyaml Medium Product pom artifactid snakeyaml Highest Product pom name SnakeYAML High Version pom version 1.19 Highest Version file version 1.19 Highest Version central version 1.19 Highest
Description: Core Tomcat implementation
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/travis/.m2/repository/org/apache/tomcat/embed/tomcat-embed-core/8.5.29/tomcat-embed-core-8.5.29.jar
MD5: 73033b27fd1ce1875d83da62a9fdd7cc
SHA1: 51eac5adde4bc019261b787cb99e5548206908e6
Referenced In Project/Scope:
spring-batch-support-samples-starter:compile
Evidence
Type Source Name Value Confidence Vendor pom groupid apache.tomcat.embed Highest Vendor Manifest Implementation-Vendor Apache Software Foundation High Vendor pom artifactid tomcat-embed-core Low Vendor file name tomcat-embed-core High Vendor pom groupid org.apache.tomcat.embed Highest Vendor pom url http://tomcat.apache.org/ Highest Vendor pom description Core Tomcat implementation Medium Vendor central groupid org.apache.tomcat.embed Highest Vendor Manifest specification-vendor Apache Software Foundation Low Product pom groupid apache.tomcat.embed Low Product file name tomcat-embed-core High Product central artifactid tomcat-embed-core Highest Product Manifest specification-title Apache Tomcat Medium Product pom url http://tomcat.apache.org/ Medium Product pom description Core Tomcat implementation Medium Product pom artifactid tomcat-embed-core Highest Product Manifest Implementation-Title Apache Tomcat High Version file version 8.5.29 Highest Version pom version 8.5.29 Highest Version Manifest Implementation-Version 8.5.29 High Version central version 8.5.29 Highest
Related Dependencies
tomcat-embed-websocket-8.5.29.jar
File Path: /home/travis/.m2/repository/org/apache/tomcat/embed/tomcat-embed-websocket/8.5.29/tomcat-embed-websocket-8.5.29.jar
SHA1: 37786f4ca8a1597a91a0f437e659a76d1fcc5bf1
MD5: 71d21947758dd569b676b6880540a33b
cpe: cpe:/a:apache:tomcat:8.5.29
maven: org.apache.tomcat.embed:tomcat-embed-websocket:8.5.29 ✓
Published Vulnerabilities
CVE-2018-1336 suppress
Severity:
Medium
An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86.
Vulnerable Software & Versions: (show all )
CVE-2018-8014 suppress
Severity:
High
The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS filter will have configured it appropriately for their environment rather than using it in the default configuration. Therefore, it is expected that most users will not be impacted by this issue.
Vulnerable Software & Versions: (show all )
CVE-2018-8034 suppress
Severity:
Medium
The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88.
Vulnerable Software & Versions: (show all )
CVE-2018-8037 suppress
Severity:
Medium
If an async request was completed by the application at the same time as the container triggered the async timeout, a race condition existed that could result in a user seeing a response intended for a different user. An additional issue was present in the NIO and NIO2 connectors that did not correctly track the closure of the connection when an async request was completed by the application and timed out by the container at the same time. This could also result in a user seeing a response intended for another user. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.9 and 8.5.5 to 8.5.31.
Vulnerable Software & Versions: (show all )
Description: Core Tomcat implementation
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/travis/.m2/repository/org/apache/tomcat/embed/tomcat-embed-el/8.5.29/tomcat-embed-el-8.5.29.jar
MD5: 90ad99f3af6b4486e146395dece7171b
SHA1: 893fb2c87ec1aa248a7911d76c0c06b3fca6bc9b
Referenced In Project/Scope:
spring-batch-support-samples-starter:compile
Evidence
Type Source Name Value Confidence Vendor pom groupid apache.tomcat.embed Highest Vendor Manifest Implementation-Vendor Apache Software Foundation High Vendor file name tomcat-embed-el High Vendor pom artifactid tomcat-embed-el Low Vendor pom groupid org.apache.tomcat.embed Highest Vendor pom url http://tomcat.apache.org/ Highest Vendor pom description Core Tomcat implementation Medium Vendor central groupid org.apache.tomcat.embed Highest Vendor Manifest specification-vendor Apache Software Foundation Low Product file name tomcat-embed-el High Product pom groupid apache.tomcat.embed Low Product pom artifactid tomcat-embed-el Highest Product Manifest specification-title Apache Tomcat Medium Product pom url http://tomcat.apache.org/ Medium Product pom description Core Tomcat implementation Medium Product Manifest Implementation-Title Apache Tomcat High Product central artifactid tomcat-embed-el Highest Version file version 8.5.29 Highest Version pom version 8.5.29 Highest Version Manifest Implementation-Version 8.5.29 High Version central version 8.5.29 Highest
Description:
Bean Validation API
License:
Apache License 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/travis/.m2/repository/javax/validation/validation-api/2.0.1.Final/validation-api-2.0.1.Final.jar
MD5: 5d02c034034a7a16725ceff787e191d6
SHA1: cb855558e6271b1b32e716d24cb85c7f583ce09e
Referenced In Project/Scope:
spring-batch-support-samples-starter:compile
Evidence
Type Source Name Value Confidence Vendor manifest Bundle-Description Bean Validation API Medium Vendor pom artifactid validation-api Low Vendor Manifest bundle-symbolicname javax.validation.api Medium Vendor pom groupid javax.validation Highest Vendor file name validation-api High Vendor Manifest automatic-module-name java.validation Medium Vendor pom name Bean Validation API High Vendor pom description
Bean Validation API
Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor pom url http://beanvalidation.org Highest Vendor central groupid javax.validation Highest Product pom url http://beanvalidation.org Medium Product manifest Bundle-Description Bean Validation API Medium Product Manifest bundle-symbolicname javax.validation.api Medium Product file name validation-api High Product pom groupid javax.validation Low Product pom description
Bean Validation API
Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product pom artifactid validation-api Highest Product central artifactid validation-api Highest Product Manifest automatic-module-name java.validation Medium Product pom name Bean Validation API High Product Manifest Bundle-Name Bean Validation API Medium Version file version 2.0.1 Highest Version pom version 2.0.1.Final Highest Version central version 2.0.1.Final Highest
Description: The JBoss Logging Framework
License:
Apache License, version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/travis/.m2/repository/org/jboss/logging/jboss-logging/3.3.2.Final/jboss-logging-3.3.2.Final.jar
MD5: c397132f958d7e8ac0d566b6723ca7ca
SHA1: 3789d00e859632e6c6206adc0c71625559e6e3b0
Referenced In Project/Scope:
spring-batch-support-samples-starter:compile
Evidence
Type Source Name Value Confidence Vendor Manifest Implementation-Vendor JBoss by Red Hat High Vendor central groupid org.jboss.logging Highest Vendor file name jboss-logging High Vendor pom parent-artifactid jboss-parent Low Vendor Manifest os-name Linux Medium Vendor Manifest specification-vendor JBoss by Red Hat Low Vendor manifest Bundle-Description The JBoss Logging Framework Medium Vendor Manifest bundle-docurl http://www.jboss.org Low Vendor Manifest automatic-module-name org.jboss.logging Medium Vendor Manifest implementation-url http://www.jboss.org Low Vendor pom artifactid jboss-logging Low Vendor Manifest bundle-symbolicname org.jboss.logging.jboss-logging Medium Vendor Manifest Implementation-Vendor-Id org.jboss.logging Medium Vendor Manifest build-timestamp Wed, 14 Feb 2018 13:23:27 -0800 Low Vendor pom name JBoss Logging 3 High Vendor Manifest java-vendor Sun Microsystems Inc. Medium Vendor pom groupid jboss.logging Highest Vendor pom groupid org.jboss.logging Highest Vendor pom parent-groupid org.jboss Medium Vendor pom description The JBoss Logging Framework Medium Vendor pom url http://www.jboss.org Highest Product Manifest specification-title JBoss Logging 3 Medium Product file name jboss-logging High Product pom parent-groupid org.jboss Low Product Manifest os-name Linux Medium Product central artifactid jboss-logging Highest Product manifest Bundle-Description The JBoss Logging Framework Medium Product pom parent-artifactid jboss-parent Medium Product pom artifactid jboss-logging Highest Product Manifest bundle-docurl http://www.jboss.org Low Product Manifest automatic-module-name org.jboss.logging Medium Product Manifest implementation-url http://www.jboss.org Low Product Manifest bundle-symbolicname org.jboss.logging.jboss-logging Medium Product Manifest Bundle-Name JBoss Logging 3 Medium Product Manifest build-timestamp Wed, 14 Feb 2018 13:23:27 -0800 Low Product pom url http://www.jboss.org Medium Product pom groupid jboss.logging Low Product pom name JBoss Logging 3 High Product Manifest Implementation-Title JBoss Logging 3 High Product pom description The JBoss Logging Framework Medium Version central version 3.3.2.Final Highest Version file version 3.3.2 Highest Version pom version 3.3.2.Final Highest Version Manifest Implementation-Version 3.3.2.Final High
Description: Library for introspecting types with full generic information
including resolving of field and method types.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/travis/.m2/repository/com/fasterxml/classmate/1.3.4/classmate-1.3.4.jar
MD5: 1e2e0fcc510753882683417e01895242
SHA1: 03d5f48f10bbe4eb7bd862f10c0583be2e0053c6
Referenced In Project/Scope:
spring-batch-support-samples-starter:compile
Evidence
Type Source Name Value Confidence Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor pom description Library for introspecting types with full generic information including resolving of field and method types. Low Vendor Manifest Implementation-Vendor-Id com.fasterxml Medium Vendor pom organization url http://fasterxml.com Medium Vendor manifest Bundle-Description Library for introspecting types with full generic informationincluding resolving of field and method types. Low Vendor Manifest automatic-module-name com.fasterxml.classmate Medium Vendor Manifest Implementation-Vendor fasterxml.com High Vendor Manifest implementation-build-date 2017-09-09 21:47:22+0000 Low Vendor pom artifactid classmate Low Vendor Manifest bundle-docurl http://github.com/FasterXML/java-classmate Low Vendor pom groupid fasterxml Highest Vendor file name classmate High Vendor Manifest specification-vendor fasterxml.com Low Vendor pom organization name fasterxml.com High Vendor central groupid com.fasterxml Highest Vendor pom name ClassMate High Vendor pom parent-artifactid oss-parent Low Vendor Manifest bundle-symbolicname com.fasterxml.classmate Medium Vendor pom url http://github.com/FasterXML/java-classmate Highest Vendor pom groupid com.fasterxml Highest Vendor pom parent-groupid com.fasterxml Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product Manifest Implementation-Title ClassMate High Product pom description Library for introspecting types with full generic information including resolving of field and method types. Low Product Manifest Bundle-Name ClassMate Medium Product central artifactid classmate Highest Product manifest Bundle-Description Library for introspecting types with full generic informationincluding resolving of field and method types. Low Product Manifest automatic-module-name com.fasterxml.classmate Medium Product Manifest implementation-build-date 2017-09-09 21:47:22+0000 Low Product Manifest bundle-docurl http://github.com/FasterXML/java-classmate Low Product Manifest specification-title ClassMate Medium Product pom parent-artifactid oss-parent Medium Product file name classmate High Product pom parent-groupid com.fasterxml Low Product pom url http://github.com/FasterXML/java-classmate Medium Product pom name ClassMate High Product pom artifactid classmate Highest Product Manifest bundle-symbolicname com.fasterxml.classmate Medium Product pom organization name fasterxml.com Low Product pom organization url http://fasterxml.com Low Product pom groupid fasterxml Low Version Manifest Implementation-Version 1.3.4 High Version file version 1.3.4 Highest Version central version 1.3.4 Highest Version pom version 1.3.4 Highest
Description: Hibernate's Bean Validation (JSR-380) reference implementation.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/travis/.m2/repository/org/hibernate/validator/hibernate-validator/6.0.9.Final/hibernate-validator-6.0.9.Final.jar
MD5: 6250c442411c5d0c7ba6fe3ca9935ea7
SHA1: b149e4cce82379f11f6129eb3187ca8ae5404005
Referenced In Project/Scope:
spring-batch-support-samples-starter:compile
Evidence
Type Source Name Value Confidence Vendor pom parent-groupid org.hibernate.validator Medium Vendor central groupid org.hibernate.validator Highest Vendor Manifest Implementation-Vendor org.hibernate.validator High Vendor Manifest implementation-url http://hibernate.org/validator/ Low Vendor pom groupid org.hibernate.validator Highest Vendor pom groupid hibernate.validator Highest Vendor pom artifactid hibernate-validator Low Vendor pom name Hibernate Validator Engine High Vendor pom description Hibernate's Bean Validation (JSR-380) reference implementation. Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor pom parent-artifactid hibernate-validator-parent Low Vendor file name hibernate-validator High Vendor Manifest Implementation-Vendor-Id org.hibernate.validator Medium Vendor Manifest bundle-symbolicname org.hibernate.validator.hibernate-validator Medium Vendor manifest Bundle-Description Hibernate's Bean Validation (JSR-380) reference implementation. Medium Vendor Manifest automatic-module-name org.hibernate.validator Medium Product central artifactid hibernate-validator Highest Product pom parent-groupid org.hibernate.validator Low Product pom artifactid hibernate-validator Highest Product Manifest implementation-url http://hibernate.org/validator/ Low Product Manifest specification-title Bean Validation Medium Product Manifest Bundle-Name Hibernate Validator Engine Medium Product pom name Hibernate Validator Engine High Product pom description Hibernate's Bean Validation (JSR-380) reference implementation. Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product file name hibernate-validator High Product pom groupid hibernate.validator Low Product pom parent-artifactid hibernate-validator-parent Medium Product Manifest bundle-symbolicname org.hibernate.validator.hibernate-validator Medium Product manifest Bundle-Description Hibernate's Bean Validation (JSR-380) reference implementation. Medium Product Manifest automatic-module-name org.hibernate.validator Medium Product Manifest Implementation-Title hibernate-validator High Version file version 6.0.9 Highest Version central version 6.0.9.Final Highest Version Manifest Implementation-Version 6.0.9.Final High Version pom version 6.0.9.Final Highest
Description: Powerful, fast and easy to use HTML and XML parser for Java
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/travis/.m2/repository/org/attoparser/attoparser/2.0.4.RELEASE/attoparser-2.0.4.RELEASE.jar
MD5: a118b65bea8a616904bcc5d61523a325
SHA1: 5cf02c4d8303a81f0c80971bb1dcd40d3ba96009
Referenced In Project/Scope:
spring-batch-support-samples-starter:compile
Evidence
Type Source Name Value Confidence Vendor Manifest specification-vendor The ATTOPARSER team Low Vendor file name attoparser High Vendor Manifest bundle-docurl http://www.attoparser.org Low Vendor pom groupid attoparser Highest Vendor manifest Bundle-Description Powerful, fast and easy to use HTML and XML parser for Java Medium Vendor Manifest bundle-symbolicname org.attoparser Medium Vendor pom organization name The ATTOPARSER team High Vendor central groupid org.attoparser Highest Vendor pom name attoparser High Vendor Manifest Implementation-Vendor-Id org.attoparser Medium Vendor pom groupid org.attoparser Highest Vendor pom organization url http://www.attoparser.org Medium Vendor pom url http://www.attoparser.org Highest Vendor pom description Powerful, fast and easy to use HTML and XML parser for Java Medium Vendor Manifest Implementation-Vendor The ATTOPARSER team High Vendor pom artifactid attoparser Low Product pom groupid attoparser Low Product file name attoparser High Product Manifest bundle-docurl http://www.attoparser.org Low Product manifest Bundle-Description Powerful, fast and easy to use HTML and XML parser for Java Medium Product Manifest bundle-symbolicname org.attoparser Medium Product pom name attoparser High Product pom organization name The ATTOPARSER team Low Product pom artifactid attoparser Highest Product Manifest specification-title attoparser Medium Product Manifest Implementation-Title attoparser High Product pom organization url http://www.attoparser.org Low Product pom description Powerful, fast and easy to use HTML and XML parser for Java Medium Product Manifest Bundle-Name attoparser Medium Product central artifactid attoparser Highest Product pom url http://www.attoparser.org Medium Version pom version 2.0.4.RELEASE Highest Version Manifest Implementation-Version 2.0.4.RELEASE High Version central version 2.0.4.RELEASE Highest
Description: Advanced yet easy-to-use escape/unescape library for Java
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/travis/.m2/repository/org/unbescape/unbescape/1.1.5.RELEASE/unbescape-1.1.5.RELEASE.jar
MD5: 8333470953fa18854c437bc428c15491
SHA1: 46dc644ea9c234317d926ebac5bf5d8f114dc1ba
Referenced In Project/Scope:
spring-batch-support-samples-starter:compile
Evidence
Type Source Name Value Confidence Vendor pom name unbescape High Vendor pom url http://www.unbescape.org Highest Vendor central groupid org.unbescape Highest Vendor Manifest specification-vendor The UNBESCAPE team Low Vendor Manifest implementation-url http://www.unbescape.org Low Vendor pom description Advanced yet easy-to-use escape/unescape library for Java Medium Vendor pom organization url http://www.unbescape.org Medium Vendor file name unbescape High Vendor Manifest bundle-docurl http://www.unbescape.org Low Vendor pom groupid org.unbescape Highest Vendor Manifest Implementation-Vendor-Id org.unbescape Medium Vendor Manifest bundle-symbolicname org.unbescape Medium Vendor manifest Bundle-Description Advanced yet easy-to-use escape/unescape library for Java Medium Vendor pom artifactid unbescape Low Vendor pom groupid unbescape Highest Vendor Manifest Implementation-Vendor The UNBESCAPE team High Vendor pom organization name The UNBESCAPE team High Product pom name unbescape High Product Manifest implementation-url http://www.unbescape.org Low Product pom organization name The UNBESCAPE team Low Product pom description Advanced yet easy-to-use escape/unescape library for Java Medium Product pom url http://www.unbescape.org Medium Product pom groupid unbescape Low Product central artifactid unbescape Highest Product file name unbescape High Product Manifest specification-title unbescape Medium Product Manifest bundle-docurl http://www.unbescape.org Low Product Manifest Bundle-Name unbescape Medium Product pom organization url http://www.unbescape.org Low Product Manifest bundle-symbolicname org.unbescape Medium Product pom artifactid unbescape Highest Product manifest Bundle-Description Advanced yet easy-to-use escape/unescape library for Java Medium Product Manifest Implementation-Title unbescape High Version Manifest Implementation-Version 1.1.5.RELEASE High Version central version 1.1.5.RELEASE Highest Version pom version 1.1.5.RELEASE Highest
Description: Modern server-side Java template engine for both web and standalone environments
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/travis/.m2/repository/org/thymeleaf/thymeleaf/3.0.9.RELEASE/thymeleaf-3.0.9.RELEASE.jar
MD5: 8a29e6b7f4ddbb07d086b12e46c5c895
SHA1: 64185cca50ac808ad034841c84b4013f955465d2
Referenced In Project/Scope:
spring-batch-support-samples-starter:compile
Evidence
Type Source Name Value Confidence Vendor Manifest Implementation-Vendor The THYMELEAF team High Vendor pom groupid thymeleaf Highest Vendor Manifest Implementation-Vendor-Id org.thymeleaf Medium Vendor pom url http://www.thymeleaf.org Highest Vendor file name thymeleaf High Vendor pom organization url http://www.thymeleaf.org Medium Vendor pom artifactid thymeleaf Low Vendor Manifest specification-vendor The THYMELEAF team Low Vendor pom description Modern server-side Java template engine for both web and standalone environments Medium Vendor central groupid org.thymeleaf Highest Vendor pom name thymeleaf High Vendor pom organization name The THYMELEAF team High Vendor pom groupid org.thymeleaf Highest Product pom groupid thymeleaf Low Product Manifest specification-title thymeleaf Medium Product central artifactid thymeleaf Highest Product pom organization url http://www.thymeleaf.org Low Product file name thymeleaf High Product Manifest Implementation-Title thymeleaf High Product pom organization name The THYMELEAF team Low Product pom description Modern server-side Java template engine for both web and standalone environments Medium Product pom name thymeleaf High Product pom url http://www.thymeleaf.org Medium Product pom artifactid thymeleaf Highest Version Manifest Implementation-Version 3.0.9.RELEASE High Version central version 3.0.9.RELEASE Highest Version pom version 3.0.9.RELEASE Highest
Description: Modern server-side Java template engine for both web and standalone environments
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/travis/.m2/repository/org/thymeleaf/thymeleaf-spring5/3.0.9.RELEASE/thymeleaf-spring5-3.0.9.RELEASE.jar
MD5: a9f27c966c7e2fcbddb65ef0768297c8
SHA1: abf84efd83808a70d982d2790f7f3a7bd3a39cf4
Referenced In Project/Scope:
spring-batch-support-samples-starter:compile
Evidence
Type Source Name Value Confidence Vendor Manifest Implementation-Vendor The THYMELEAF team High Vendor pom groupid thymeleaf Highest Vendor Manifest Implementation-Vendor-Id org.thymeleaf Medium Vendor pom url http://www.thymeleaf.org Highest Vendor pom artifactid thymeleaf-spring5 Low Vendor pom organization url http://www.thymeleaf.org Medium Vendor pom name thymeleaf-spring5 High Vendor Manifest specification-vendor The THYMELEAF team Low Vendor file name thymeleaf-spring5 High Vendor pom description Modern server-side Java template engine for both web and standalone environments Medium Vendor central groupid org.thymeleaf Highest Vendor pom organization name The THYMELEAF team High Vendor pom groupid org.thymeleaf Highest Product Manifest Implementation-Title thymeleaf-spring5 High Product pom groupid thymeleaf Low Product central artifactid thymeleaf-spring5 Highest Product file name thymeleaf-spring5 High Product pom organization url http://www.thymeleaf.org Low Product pom artifactid thymeleaf-spring5 Highest Product Manifest specification-title thymeleaf-spring5 Medium Product pom organization name The THYMELEAF team Low Product pom description Modern server-side Java template engine for both web and standalone environments Medium Product pom name thymeleaf-spring5 High Product pom url http://www.thymeleaf.org Medium Version Manifest Implementation-Version 3.0.9.RELEASE High Version central version 3.0.9.RELEASE Highest Version pom version 3.0.9.RELEASE Highest
Description: Modern server-side Java template engine for both web and standalone environments
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/travis/.m2/repository/org/thymeleaf/extras/thymeleaf-extras-java8time/3.0.1.RELEASE/thymeleaf-extras-java8time-3.0.1.RELEASE.jar
MD5: f16d27b635e7cc63d2a3db9fb80bae86
SHA1: d23760d1e53cd70c489ef40dc94ee6bd2371cceb
Referenced In Project/Scope:
spring-batch-support-samples-starter:compile
Evidence
Type Source Name Value Confidence Vendor Manifest Implementation-Vendor-Id org.thymeleaf.extras Medium Vendor pom name thymeleaf-extras-java8time High Vendor Manifest Implementation-Vendor The THYMELEAF team High Vendor pom url http://www.thymeleaf.org Highest Vendor pom organization url http://www.thymeleaf.org Medium Vendor file name thymeleaf-extras-java8time High Vendor Manifest specification-vendor The THYMELEAF team Low Vendor pom artifactid thymeleaf-extras-java8time Low Vendor central groupid org.thymeleaf.extras Highest Vendor pom description Modern server-side Java template engine for both web and standalone environments Medium Vendor pom groupid org.thymeleaf.extras Highest Vendor pom organization name The THYMELEAF team High Vendor pom groupid thymeleaf.extras Highest Product pom artifactid thymeleaf-extras-java8time Highest Product pom name thymeleaf-extras-java8time High Product pom organization url http://www.thymeleaf.org Low Product central artifactid thymeleaf-extras-java8time Highest Product pom organization name The THYMELEAF team Low Product pom description Modern server-side Java template engine for both web and standalone environments Medium Product Manifest Implementation-Title thymeleaf-extras-java8time High Product file name thymeleaf-extras-java8time High Product Manifest specification-title thymeleaf-extras-java8time Medium Product pom groupid thymeleaf.extras Low Product pom url http://www.thymeleaf.org Medium Version Manifest Implementation-Version 3.0.1.RELEASE High Version central version 3.0.1.RELEASE Highest Version pom version 3.0.1.RELEASE Highest
Description: H2 Database Engine
License:
MPL 2.0 or EPL 1.0: http://h2database.com/html/license.html
File Path: /home/travis/.m2/repository/com/h2database/h2/1.4.197/h2-1.4.197.jar
MD5: f9893acfa22b7fe1492dd9c515af2e5b
SHA1: bb391050048ca8ae3e32451b5a3714ecd3596a46
Referenced In Project/Scope:
spring-batch-support-samples-starter:runtime
Evidence
Type Source Name Value Confidence Vendor pom artifactid h2 Low Vendor central groupid com.h2database Highest Vendor pom groupid com.h2database Highest Vendor Manifest implementation-url http://www.h2database.com Low Vendor pom url http://www.h2database.com Highest Vendor file name h2 High Vendor Manifest bundle-symbolicname org.h2 Medium Vendor pom description H2 Database Engine Medium Vendor Manifest provide-capability osgi.service;objectClass:List=org.osgi.service.jdbc.DataSourceFactory Low Vendor pom groupid h2database Highest Vendor pom name H2 Database Engine High Product Manifest Bundle-Name H2 Database Engine Medium Product pom url http://www.h2database.com Medium Product central artifactid h2 Highest Product file name h2 High Product Manifest bundle-symbolicname org.h2 Medium Product Manifest implementation-url http://www.h2database.com Low Product pom artifactid h2 Highest Product Manifest Implementation-Title H2 Database Engine High Product pom groupid h2database Low Product pom description H2 Database Engine Medium Product Manifest provide-capability osgi.service;objectClass:List=org.osgi.service.jdbc.DataSourceFactory Low Product pom name H2 Database Engine High Version file version 1.4.197 Highest Version pom version 1.4.197 Highest Version Manifest Implementation-Version 1.4.197 High Version central version 1.4.197 Highest
Published Vulnerabilities
CVE-2018-10054 suppress
Severity:
Medium
H2 1.4.197, as used in Datomic before 0.9.5697 and other products, allows remote code execution because CREATE ALIAS can execute arbitrary Java code.
Vulnerable Software & Versions:
CVE-2018-14335 suppress
Severity:
Medium
An issue was discovered in H2 1.4.197. Insecure handling of permissions in the backup function allows attackers to read sensitive files (outside of their permissions) via a symlink to a fake database file.
Vulnerable Software & Versions:
Description: The javax.inject API
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/travis/.m2/repository/javax/inject/javax.inject/1/javax.inject-1.jar
MD5: 289075e48b909e9e74e6c915b3631d2e
SHA1: 6975da39a7040257bd51d21a231b76c915872d38
Referenced In Project/Scope:
spring-batch-support-samples-starter:compile
Evidence
Type Source Name Value Confidence Vendor pom url http://code.google.com/p/atinject/ Highest Vendor pom artifactid javax.inject Low Vendor jar package name javax Low Vendor pom description The javax.inject API Medium Vendor jar package name inject Low Vendor central groupid javax.inject Highest Vendor pom groupid javax.inject Highest Vendor pom name javax.inject High Vendor file name javax.inject-1 High Product pom artifactid javax.inject Highest Product pom url http://code.google.com/p/atinject/ Medium Product pom description The javax.inject API Medium Product jar package name inject Low Product pom name javax.inject High Product central artifactid javax.inject Highest Product pom groupid javax.inject Low Product file name javax.inject-1 High Version file version 1 Medium Version central version 1 Highest Version pom version 1 Highest
Description: Small but useful library providing converter APIs and default implementations for easy and reliable conversion of objects.
License:
MIT License 2.0: https://opensource.org/licenses/MIT
File Path: /home/travis/.m2/repository/com/namics/oss/spring/convert/spring-convert/1.0.0/spring-convert-1.0.0.jar
MD5: 10c17115ecd2b1e025c12133bc950411
SHA1: d46474f177f582e40b2330a49f2fbe853df6a0b2
Referenced In Project/Scope:
spring-batch-support-samples-starter:compile
Evidence
Type Source Name Value Confidence Vendor pom artifactid spring-convert Low Vendor pom groupid com.namics.oss.spring.convert Highest Vendor hint analyzer vendor pivotal software Highest Vendor Manifest Implementation-Vendor Namics AG High Vendor central groupid com.namics.oss.spring.convert Highest Vendor pom organization name Namics AG High Vendor pom groupid namics.oss.spring.convert Highest Vendor Manifest implementation-url https://github.com/namics/spring-convert Low Vendor file name spring-convert High Vendor pom name ${project.artifactId} High Vendor pom url namics/spring-convert Highest Vendor pom organization url http://www.namics.com/ Medium Vendor Manifest build-timestamp 2017-11-13-UTC-14-30-36 Low Vendor Manifest Implementation-Vendor-Id com.namics.oss.spring.convert Medium Vendor pom description Small but useful library providing converter APIs and default implementations for easy and reliable conversion of objects. Low Product pom artifactid spring-convert Highest Product central artifactid spring-convert Highest Product Manifest implementation-url https://github.com/namics/spring-convert Low Product file name spring-convert High Product pom organization url http://www.namics.com/ Low Product pom name ${project.artifactId} High Product pom url namics/spring-convert High Product Manifest build-timestamp 2017-11-13-UTC-14-30-36 Low Product Manifest Implementation-Title spring-convert High Product pom groupid namics.oss.spring.convert Low Product pom organization name Namics AG Low Product pom description Small but useful library providing converter APIs and default implementations for easy and reliable conversion of objects. Low Version pom version 1.0.0 Highest Version central version 1.0.0 Highest Version Manifest Implementation-Version 1.0.0 High Version file version 1.0.0 Highest
Published Vulnerabilities
CVE-2016-9878 suppress
Severity:
Medium
An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.
Vulnerable Software & Versions: (show all )
CVE-2018-1270 suppress
Severity:
High
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.
Vulnerable Software & Versions: (show all )
CVE-2018-1271 suppress
Severity:
Medium
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack.
Vulnerable Software & Versions: (show all )
CVE-2018-1272 suppress
Severity:
Medium
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead privilege escalation, for example, if the part content represents a username or user roles.
Vulnerable Software & Versions: (show all )
File Path: /home/travis/.m2/repository/javax/batch/javax.batch-api/1.0/javax.batch-api-1.0.jarMD5: d2c9b38431c46dc26a9eb722a6ff8903SHA1: 65392d027a6eb369fd9fcd1b75cae150e25ac03c
Referenced In Project/Scope:
spring-batch-support-samples-starter:compile
Evidence
Type Source Name Value Confidence Vendor central groupid javax.batch Highest Vendor Manifest bundle-symbolicname javax.batch-api Medium Vendor pom artifactid javax.batch-api Low Vendor pom groupid javax.batch Highest Vendor pom parent-artifactid jbatch Low Vendor file name javax.batch-api High Vendor Manifest extension-name javax.batch Medium Product Manifest Bundle-Name javax.batch-api Medium Product Manifest bundle-symbolicname javax.batch-api Medium Product central artifactid javax.batch-api Highest Product file name javax.batch-api High Product pom groupid javax.batch Low Product pom artifactid javax.batch-api Highest Product Manifest extension-name javax.batch Medium Product pom parent-artifactid jbatch Medium Version central version 1.0 Highest Version file version 1.0 Highest Version Manifest Implementation-Version 1.0 High Version pom version 1.0 Highest
Description: A StAX implementation for JSON.
File Path: /home/travis/.m2/repository/org/codehaus/jettison/jettison/1.2/jettison-1.2.jarMD5: 4661a5152aa90f104948bdc78fdf255cSHA1: 0765a6181653f4b05c18c7a9e8f5c1f8269bf9b2
Referenced In Project/Scope:
spring-batch-support-samples-starter:compile
Evidence
Type Source Name Value Confidence Vendor file name jettison High Vendor pom groupid org.codehaus.jettison Highest Vendor Manifest bundle-symbolicname org.codehaus.jettison.jettison Medium Vendor pom name Jettison High Vendor pom groupid codehaus.jettison Highest Vendor pom artifactid jettison Low Vendor pom description A StAX implementation for JSON. Medium Vendor manifest Bundle-Description A StAX implementation for JSON. Medium Vendor central groupid org.codehaus.jettison Highest Product file name jettison High Product Manifest Implementation-Title Jettison High Product central artifactid jettison Highest Product pom artifactid jettison Highest Product Manifest bundle-symbolicname org.codehaus.jettison.jettison Medium Product pom groupid codehaus.jettison Low Product pom name Jettison High Product pom description A StAX implementation for JSON. Medium Product manifest Bundle-Description A StAX implementation for JSON. Medium Product Manifest Bundle-Name jettison Medium Version pom version 1.2 Highest Version file version 1.2 Highest Version central version 1.2 Highest Version Manifest Implementation-Version 1.2 High
Description: Spring Retry provides an abstraction around retrying failed operations, with an emphasis on declarative control of the process and policy-based bahaviour that is easy to extend and customize. For instance, you can configure a plain POJO operation to retry if it fails, based on the type of exception, and with a fixed or exponential backoff.
License:
Apache 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/travis/.m2/repository/org/springframework/retry/spring-retry/1.2.2.RELEASE/spring-retry-1.2.2.RELEASE.jar
MD5: a2f54e08d880787f26f1e595a3ccb20a
SHA1: 638928732585c450e461f0a132b6834ad7cf3af0
Referenced In Project/Scope:
spring-batch-support-samples-starter:compile
Evidence
Type Source Name Value Confidence Vendor jar package name retry Low Vendor jar package name springframework Low Vendor pom description Spring Retry provides an abstraction around retrying failed operations, with an emphasis on declarative control of the process and policy-based bahaviour that is easy to extend and customize. For instance, you can configure a plain POJO operation to retry if it fails, based on the type of exception, and with a fixed or exponential backoff. Low Vendor pom groupid org.springframework.retry Highest Vendor pom url http://www.springsource.org Highest Vendor pom artifactid spring-retry Low Vendor pom organization name SpringSource High Vendor central groupid org.springframework.retry Highest Vendor pom groupid springframework.retry Highest Vendor pom name Spring Retry High Vendor file name spring-retry High Vendor pom organization url http://www.springsource.com Medium Product pom organization name SpringSource Low Product jar package name retry Low Product pom artifactid spring-retry Highest Product pom organization url http://www.springsource.com Low Product pom url http://www.springsource.org Medium Product central artifactid spring-retry Highest Product pom description Spring Retry provides an abstraction around retrying failed operations, with an emphasis on declarative control of the process and policy-based bahaviour that is easy to extend and customize. For instance, you can configure a plain POJO operation to retry if it fails, based on the type of exception, and with a fixed or exponential backoff. Low Product pom groupid springframework.retry Low Product pom name Spring Retry High Product file name spring-retry High Version pom version 1.2.2.RELEASE Highest Version file name spring-retry Medium Version central version 1.2.2.RELEASE Highest Version file version 1.2.2 Highest
Description: Spring Batch Infrastructure
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/travis/.m2/repository/org/springframework/batch/spring-batch-infrastructure/4.0.1.RELEASE/spring-batch-infrastructure-4.0.1.RELEASE.jar
MD5: 4f0241db92db901e13e813bc82dec9e1
SHA1: e0f1d359cc3c91d8a0cb129f9dfed8fc018cfabd
Referenced In Project/Scope:
spring-batch-support-samples-starter:compile
Evidence
Type Source Name Value Confidence Vendor pom organization name Spring High Vendor pom groupid springframework.batch Highest Vendor hint analyzer vendor pivotal software Highest Vendor file name spring-batch-infrastructure High Vendor pom url http://projects.spring.io/spring-batch/ Highest Vendor pom name Spring Batch Infrastructure High Vendor pom groupid org.springframework.batch Highest Vendor pom description Spring Batch Infrastructure Medium Vendor pom artifactid spring-batch-infrastructure Low Vendor pom organization url http://spring.io Medium Vendor central groupid org.springframework.batch Highest Product pom organization url http://spring.io Low Product pom organization name Spring Low Product file name spring-batch-infrastructure High Product Manifest Implementation-Title spring-batch-infrastructure High Product pom url http://projects.spring.io/spring-batch/ Medium Product pom artifactid spring-batch-infrastructure Highest Product pom name Spring Batch Infrastructure High Product pom description Spring Batch Infrastructure Medium Product pom groupid springframework.batch Low Product central artifactid spring-batch-infrastructure Highest Version Manifest Implementation-Version 4.0.1.RELEASE High Version central version 4.0.1.RELEASE Highest Version pom version 4.0.1.RELEASE Highest
Published Vulnerabilities
CVE-2014-0225 suppress
Severity:
Medium
When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration. This enabled an XXE attack.
Vulnerable Software & Versions: (show all )
CVE-2014-3578 suppress
Severity:
Medium
Directory traversal vulnerability in Pivotal Spring Framework 3.x before 3.2.9 and 4.0 before 4.0.5 allows remote attackers to read arbitrary files via a crafted URL.
Vulnerable Software & Versions: (show all )
CVE-2014-3625 suppress
Severity:
Medium
Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling.
Vulnerable Software & Versions: (show all )
CVE-2015-5211 suppress
Severity:
High
Under some situations, the Spring Framework 4.2.0 to 4.2.1, 4.0.0 to 4.1.7, 3.2.0 to 3.2.14 and older unsupported versions is vulnerable to a Reflected File Download (RFD) attack. The attack involves a malicious user crafting a URL with a batch script extension that results in the response being downloaded rather than rendered and also includes some input reflected in the response.
Vulnerable Software & Versions: (show all )
CVE-2016-5007 suppress
Severity:
Medium
Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms, for example with regards to space trimming in path segments, can lead Spring Security to not recognize certain paths as not protected that are in fact mapped to Spring MVC controllers that should be protected. The problem is compounded by the fact that the Spring Framework provides richer features with regards to pattern matching as well as by the fact that pattern matching in each Spring Security and the Spring Framework can easily be customized creating additional differences.
Vulnerable Software & Versions: (show all )
CVE-2018-1270 suppress
Severity:
High
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.
Vulnerable Software & Versions: (show all )
CVE-2018-1271 suppress
Severity:
Medium
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack.
Vulnerable Software & Versions: (show all )
CVE-2018-1272 suppress
Severity:
Medium
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead privilege escalation, for example, if the part content represents a username or user roles.
Vulnerable Software & Versions: (show all )
Description: Spring Transaction
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: /home/travis/.m2/repository/org/springframework/spring-tx/5.0.5.RELEASE/spring-tx-5.0.5.RELEASE.jar
MD5: b30070684e5049de9a45c27ddc2cce86
SHA1: b772fbba533da282adc89f33e2619ee8a8bba601
Referenced In Project/Scope:
spring-batch-support-samples-starter:compile
Evidence
Type Source Name Value Confidence Vendor hint analyzer vendor pivotal software Highest Vendor Manifest automatic-module-name spring.tx Medium Vendor pom groupid springframework Highest Vendor hint analyzer vendor pivotal software High Vendor pom groupid org.springframework Highest Vendor pom organization name Spring IO High Vendor central groupid org.springframework Highest Vendor pom organization url http://projects.spring.io/spring-framework Medium Vendor file name spring-tx High Vendor pom name Spring Transaction High Vendor hint analyzer vendor SpringSource High Vendor hint analyzer vendor vmware High Vendor pom artifactid spring-tx Low Vendor pom url spring-projects/spring-framework Highest Vendor pom description Spring Transaction Medium Product Manifest automatic-module-name spring.tx Medium Product pom organization name Spring IO Low Product central artifactid spring-tx Highest Product pom groupid springframework Low Product Manifest Implementation-Title spring-tx High Product hint analyzer product springsource_spring_framework High Product pom artifactid spring-tx Highest Product pom organization url http://projects.spring.io/spring-framework Low Product file name spring-tx High Product pom url spring-projects/spring-framework High Product pom name Spring Transaction High Product pom description Spring Transaction Medium Version Manifest Implementation-Version 5.0.5.RELEASE High Version central version 5.0.5.RELEASE Highest Version pom version 5.0.5.RELEASE Highest
Related Dependencies
spring-jdbc-5.0.5.RELEASE.jar
File Path: /home/travis/.m2/repository/org/springframework/spring-jdbc/5.0.5.RELEASE/spring-jdbc-5.0.5.RELEASE.jar
SHA1: 456bc4d2281c37aa2f2206651a3048a1d3559d2a
MD5: 20baf804148676045ef08363d638a69a
cpe: cpe:/a:pivotal_software:spring_framework:5.0.5
maven: org.springframework:spring-jdbc:5.0.5.RELEASE ✓
spring-aop-5.0.5.RELEASE.jar
File Path: /home/travis/.m2/repository/org/springframework/spring-aop/5.0.5.RELEASE/spring-aop-5.0.5.RELEASE.jar
SHA1: b11b61b94d7fb752a1c9bf3461d655c3084fae47
MD5: cadac0a0a42d54e5a94ab13e9824ee73
cpe: cpe:/a:pivotal_software:spring_framework:5.0.5
maven: org.springframework:spring-aop:5.0.5.RELEASE ✓
spring-context-support-5.0.5.RELEASE.jar
File Path: /home/travis/.m2/repository/org/springframework/spring-context-support/5.0.5.RELEASE/spring-context-support-5.0.5.RELEASE.jar
SHA1: 109c6bf2e869f055728219b361c78102de434158
MD5: 71a328d065455ddc7cf24b37e13b0e5e
cpe: cpe:/a:pivotal_software:spring_framework:5.0.5
maven: org.springframework:spring-context-support:5.0.5.RELEASE ✓
spring-expression-5.0.5.RELEASE.jar
File Path: /home/travis/.m2/repository/org/springframework/spring-expression/5.0.5.RELEASE/spring-expression-5.0.5.RELEASE.jar
SHA1: fc6c7a95aeb7d00f4c65c338b08d97767eb0dd99
MD5: 9677c528a2215d259d6ff0d820d1b415
cpe: cpe:/a:pivotal_software:spring_framework:5.0.5
maven: org.springframework:spring-expression:5.0.5.RELEASE ✓
spring-webmvc-5.0.5.RELEASE.jar
File Path: /home/travis/.m2/repository/org/springframework/spring-webmvc/5.0.5.RELEASE/spring-webmvc-5.0.5.RELEASE.jar
SHA1: 0a7fd53c7ad06b0fa7dd4ff347de1b2dc508739e
MD5: 34339930599a55ee87ac9bfd08d1aca3
cpe: cpe:/a:pivotal_software:spring_framework:5.0.5
maven: org.springframework:spring-webmvc:5.0.5.RELEASE ✓
spring-context-5.0.5.RELEASE.jar
File Path: /home/travis/.m2/repository/org/springframework/spring-context/5.0.5.RELEASE/spring-context-5.0.5.RELEASE.jar
SHA1: 9cca4bf5acb693249a01c218f471c677b951d6e2
MD5: 0b5681097790036a3244012f825b60db
cpe: cpe:/a:pivotal_software:spring_framework:5.0.5
maven: org.springframework:spring-context:5.0.5.RELEASE ✓
spring-web-5.0.5.RELEASE.jar
File Path: /home/travis/.m2/repository/org/springframework/spring-web/5.0.5.RELEASE/spring-web-5.0.5.RELEASE.jar
SHA1: d51dbb5cabe72ae02e400577bac48f7fc94088de
MD5: de6aff2fbceef7fdcafe9e1cc1245c0a
cpe: cpe:/a:pivotal_software:spring_framework:5.0.5
maven: org.springframework:spring-web:5.0.5.RELEASE ✓
spring-beans-5.0.5.RELEASE.jar
File Path: /home/travis/.m2/repository/org/springframework/spring-beans/5.0.5.RELEASE/spring-beans-5.0.5.RELEASE.jar
SHA1: 984445863c0bbdaaf860615762d998b471a6bf92
MD5: 90a6ee8a8d1db99deed70a1ec2724fd7
cpe: cpe:/a:pivotal_software:spring_framework:5.0.5
maven: org.springframework:spring-beans:5.0.5.RELEASE ✓
Published Vulnerabilities
CVE-2018-11039 suppress
Severity:
Medium
Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack.
Vulnerable Software & Versions: (show all )
CVE-2018-11040 suppress
Severity:
Medium
Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. Both are not enabled by default in Spring Framework nor Spring Boot, however, when MappingJackson2JsonView is configured in an application, JSONP support is automatically ready to use through the "jsonp" and "callback" JSONP parameters, enabling cross-domain requests.
Vulnerable Software & Versions: (show all )
CVE-2018-1257 suppress
Severity:
Medium
Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack.
Vulnerable Software & Versions: (show all )
CVE-2018-1258 suppress
Severity:
Medium
Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.
Vulnerable Software & Versions:
Description: Spring Batch Core
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/travis/.m2/repository/org/springframework/batch/spring-batch-core/4.1.0.RC1/spring-batch-core-4.1.0.RC1.jar
MD5: f2c52831e19cf15eda15af3d095afbc9
SHA1: b552390988ca0a4975e7537ac0fafaf24c8f6ecd
Referenced In Project/Scope:
spring-batch-support-samples-starter:compile
Evidence
Type Source Name Value Confidence Vendor pom artifactid spring-batch-core Low Vendor pom organization name Spring High Vendor pom groupid springframework.batch Highest Vendor pom name Spring Batch Core High Vendor hint analyzer vendor pivotal software Highest Vendor pom url http://projects.spring.io/spring-batch/ Highest Vendor pom groupid org.springframework.batch Highest Vendor pom description Spring Batch Core Medium Vendor file name spring-batch-core High Vendor pom organization url http://spring.io Medium Product pom organization url http://spring.io Low Product pom name Spring Batch Core High Product pom organization name Spring Low Product pom url http://projects.spring.io/spring-batch/ Medium Product pom artifactid spring-batch-core Highest Product pom description Spring Batch Core Medium Product file name spring-batch-core High Product Manifest Implementation-Title spring-batch-core High Product pom groupid springframework.batch Low Version file version 4.1.0.rc1 Highest Version Manifest Implementation-Version 4.1.0.RC1 High Version pom version 4.1.0.RC1 Highest
cpe: cpe:/a:pivotal:spring_framework:4.1.0.rc1
Confidence :Low
suppress
maven: org.springframework.batch:spring-batch-core:4.1.0.RC1
Confidence :High
cpe: cpe:/a:pivotal_software:spring_framework:4.1.0.rc1
Confidence :Low
suppress
Published Vulnerabilities
CVE-2018-1270 suppress
Severity:
High
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.
Vulnerable Software & Versions: (show all )
CVE-2018-1271 suppress
Severity:
Medium
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack.
Vulnerable Software & Versions: (show all )
CVE-2018-1272 suppress
Severity:
Medium
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead privilege escalation, for example, if the part content represents a username or user roles.
Vulnerable Software & Versions: (show all )
File Path: /home/travis/.m2/repository/org/springframework/data/spring-data-commons/2.0.6.RELEASE/spring-data-commons-2.0.6.RELEASE.jarMD5: 13ff69d6655acfbd8dce2885c5ff3b4dSHA1: 4d65fdcbe258961e866f4f85c87c13193bbfd18c
Referenced In Project/Scope:
spring-batch-support-samples-starter:compile
Evidence
Type Source Name Value Confidence Vendor file name spring-data-commons High Vendor pom groupid org.springframework.data Highest Vendor pom parent-artifactid spring-data-parent Low Vendor pom groupid springframework.data Highest Vendor pom name Spring Data Core High Vendor central groupid org.springframework.data Highest Vendor Manifest automatic-module-name spring.data.commons Medium Vendor pom parent-groupid org.springframework.data.build Medium Vendor pom artifactid spring-data-commons Low Product file name spring-data-commons High Product pom groupid springframework.data Low Product pom parent-artifactid spring-data-parent Medium Product pom name Spring Data Core High Product central artifactid spring-data-commons Highest Product Manifest automatic-module-name spring.data.commons Medium Product Manifest Implementation-Title Spring Data Core High Product pom artifactid spring-data-commons Highest Product pom parent-groupid org.springframework.data.build Low Version Manifest Implementation-Version 2.0.6.RELEASE High Version central version 2.0.6.RELEASE Highest Version pom version 2.0.6.RELEASE Highest
Description: The slf4j API
File Path: /home/travis/.m2/repository/org/slf4j/slf4j-api/1.7.21/slf4j-api-1.7.21.jarMD5: c9be56284a92dcb2576679282eff80bfSHA1: 139535a69a4239db087de9bab0bee568bf8e0b70
Referenced In Project/Scope:
spring-batch-support-samples-starter:compile
Evidence
Type Source Name Value Confidence Vendor manifest Bundle-Description The slf4j API Medium Vendor pom artifactid slf4j-api Low Vendor pom parent-artifactid slf4j-parent Low Vendor pom name SLF4J API Module High Vendor pom url http://www.slf4j.org Highest Vendor central groupid org.slf4j Highest Vendor pom parent-groupid org.slf4j Medium Vendor pom description The slf4j API Medium Vendor Manifest bundle-symbolicname slf4j.api Medium Vendor pom groupid org.slf4j Highest Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor pom groupid slf4j Highest Vendor file name slf4j-api High Product manifest Bundle-Description The slf4j API Medium Product pom artifactid slf4j-api Highest Product pom name SLF4J API Module High Product Manifest Implementation-Title slf4j-api High Product pom parent-artifactid slf4j-parent Medium Product pom description The slf4j API Medium Product pom groupid slf4j Low Product pom url http://www.slf4j.org Medium Product Manifest bundle-symbolicname slf4j.api Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product central artifactid slf4j-api Highest Product pom parent-groupid org.slf4j Low Product Manifest Bundle-Name slf4j-api Medium Product file name slf4j-api High Version Manifest Implementation-Version 1.7.21 High Version pom version 1.7.21 Highest Version central version 1.7.21 Highest Version file version 1.7.21 Highest
Description: Date and time library to replace JDK date handling
License:
Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/travis/.m2/repository/joda-time/joda-time/2.9.4/joda-time-2.9.4.jar
MD5: e255d8f6e705d3e6918198bceb5458a0
SHA1: 1c295b462f16702ebe720bbb08f62e1ba80da41b
Referenced In Project/Scope:
spring-batch-support-samples-starter:compile
Evidence
Type Source Name Value Confidence Vendor pom url http://www.joda.org/joda-time/ Highest Vendor pom description Date and time library to replace JDK date handling Medium Vendor Manifest implementation-url http://www.joda.org/joda-time/ Low Vendor pom organization name Joda.org High Vendor Manifest Implementation-Vendor Joda.org High Vendor pom artifactid joda-time Low Vendor Manifest Implementation-Vendor-Id org.joda Medium Vendor file name joda-time High Vendor Manifest specification-vendor Joda.org Low Vendor Manifest bundle-docurl http://www.joda.org/joda-time/ Low Vendor pom groupid joda-time Highest Vendor Manifest extension-name joda-time Medium Vendor pom name Joda-Time High Vendor central groupid joda-time Highest Vendor Manifest bundle-symbolicname joda-time Medium Vendor pom organization url http://www.joda.org Medium Product pom artifactid joda-time Highest Product pom url http://www.joda.org/joda-time/ Medium Product central artifactid joda-time Highest Product pom description Date and time library to replace JDK date handling Medium Product Manifest Bundle-Name Joda-Time Medium Product Manifest implementation-url http://www.joda.org/joda-time/ Low Product pom organization url http://www.joda.org Low Product Manifest Implementation-Title org.joda.time High Product file name joda-time High Product Manifest specification-title Joda-Time Medium Product Manifest bundle-docurl http://www.joda.org/joda-time/ Low Product pom groupid joda-time Low Product Manifest extension-name joda-time Medium Product pom organization name Joda.org Low Product pom name Joda-Time High Product Manifest bundle-symbolicname joda-time Medium Version central version 2.9.4 Highest Version file version 2.9.4 Highest Version Manifest Implementation-Version 2.9.4 High Version pom version 2.9.4 Highest
Description: Core Jackson processing abstractions (aka Streaming API), implementation for JSON
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/travis/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.9.5/jackson-core-2.9.5.jar
MD5: ec59f24f7f8d9acf53301c562722adf2
SHA1: a22ac51016944b06fd9ffbc9541c6e7ce5eea117
Referenced In Project/Scope:
spring-batch-support-samples-starter:compile
Evidence
Type Source Name Value Confidence Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor file name jackson-core High Vendor pom name Jackson-core High Vendor Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-core Medium Vendor manifest Bundle-Description Core Jackson processing abstractions (aka Streaming API), implementation for JSON Medium Vendor Manifest automatic-module-name com.fasterxml.jackson.core Medium Vendor Manifest implementation-build-date 2018-03-26 15:03:46+0000 Low Vendor pom groupid com.fasterxml.jackson.core Highest Vendor pom groupid fasterxml.jackson.core Highest Vendor pom parent-groupid com.fasterxml.jackson Medium Vendor Manifest specification-vendor FasterXML Low Vendor Manifest Implementation-Vendor FasterXML High Vendor pom parent-artifactid jackson-base Low Vendor pom artifactid jackson-core Low Vendor central groupid com.fasterxml.jackson.core Highest Vendor pom description Core Jackson processing abstractions (aka Streaming API), implementation for JSON Medium Vendor pom url FasterXML/jackson-core Highest Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.core Medium Vendor Manifest bundle-docurl https://github.com/FasterXML/jackson-core Low Product Manifest specification-title Jackson-core Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product file name jackson-core High Product pom name Jackson-core High Product Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-core Medium Product manifest Bundle-Description Core Jackson processing abstractions (aka Streaming API), implementation for JSON Medium Product Manifest automatic-module-name com.fasterxml.jackson.core Medium Product Manifest Bundle-Name Jackson-core Medium Product central artifactid jackson-core Highest Product pom parent-artifactid jackson-base Medium Product pom groupid fasterxml.jackson.core Low Product pom parent-groupid com.fasterxml.jackson Low Product pom url FasterXML/jackson-core High Product Manifest implementation-build-date 2018-03-26 15:03:46+0000 Low Product Manifest Implementation-Title Jackson-core High Product pom artifactid jackson-core Highest Product pom description Core Jackson processing abstractions (aka Streaming API), implementation for JSON Medium Product Manifest bundle-docurl https://github.com/FasterXML/jackson-core Low Version central version 2.9.5 Highest Version file version 2.9.5 Highest Version Manifest Implementation-Version 2.9.5 High Version pom version 2.9.5 Highest
Related Dependencies
jackson-datatype-jdk8-2.9.5.jar
jackson-datatype-jsr310-2.9.5.jar
jackson-module-parameter-names-2.9.5.jar
Description: Core annotations used for value types, used by Jackson data binding package.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/travis/.m2/repository/com/fasterxml/jackson/core/jackson-annotations/2.9.0/jackson-annotations-2.9.0.jar
MD5: c09faa1b063681cf45706c6df50685b6
SHA1: 07c10d545325e3a6e72e06381afe469fd40eb701
Referenced In Project/Scope:
spring-batch-support-samples-starter:compile
Evidence
Type Source Name Value Confidence Vendor Manifest implementation-build-date 2017-07-30 03:53:23+0000 Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor pom artifactid jackson-annotations Low Vendor pom url http://github.com/FasterXML/jackson Highest Vendor pom description Core annotations used for value types, used by Jackson data binding package.
Medium Vendor pom name Jackson-annotations High Vendor pom groupid com.fasterxml.jackson.core Highest Vendor pom groupid fasterxml.jackson.core Highest Vendor pom parent-groupid com.fasterxml.jackson Medium Vendor Manifest specification-vendor FasterXML Low Vendor Manifest Implementation-Vendor FasterXML High Vendor file name jackson-annotations High Vendor central groupid com.fasterxml.jackson.core Highest Vendor pom parent-artifactid jackson-parent Low Vendor Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-annotations Medium Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.core Medium Vendor manifest Bundle-Description Core annotations used for value types, used by Jackson data binding package. Medium Vendor Manifest bundle-docurl http://github.com/FasterXML/jackson Low Product Manifest implementation-build-date 2017-07-30 03:53:23+0000 Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product pom description Core annotations used for value types, used by Jackson data binding package.
Medium Product pom groupid fasterxml.jackson.core Low Product pom parent-groupid com.fasterxml.jackson Low Product Manifest Bundle-Name Jackson-annotations Medium Product pom name Jackson-annotations High Product Manifest Implementation-Title Jackson-annotations High Product pom url http://github.com/FasterXML/jackson Medium Product file name jackson-annotations High Product pom parent-artifactid jackson-parent Medium Product central artifactid jackson-annotations Highest Product pom artifactid jackson-annotations Highest Product Manifest specification-title Jackson-annotations Medium Product Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-annotations Medium Product manifest Bundle-Description Core annotations used for value types, used by Jackson data binding package. Medium Product Manifest bundle-docurl http://github.com/FasterXML/jackson Low Version central version 2.9.0 Highest Version file version 2.9.0 Highest Version Manifest Implementation-Version 2.9.0 High Version pom version 2.9.0 Highest
Description: General data-binding functionality for Jackson: works on core streaming API
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/travis/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.9.5/jackson-databind-2.9.5.jar
MD5: 34b37affbf74f5d199be10622ddc83cd
SHA1: 3490508379d065fe3fcb80042b62f630f7588606
Referenced In Project/Scope:
spring-batch-support-samples-starter:compile
Evidence
Type Source Name Value Confidence Vendor Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-databind Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Vendor manifest Bundle-Description General data-binding functionality for Jackson: works on core streaming API Medium Vendor pom url http://github.com/FasterXML/jackson Highest Vendor pom groupid com.fasterxml.jackson.core Highest Vendor pom groupid fasterxml.jackson.core Highest Vendor pom parent-groupid com.fasterxml.jackson Medium Vendor Manifest specification-vendor FasterXML Low Vendor Manifest Implementation-Vendor FasterXML High Vendor pom parent-artifactid jackson-base Low Vendor pom name jackson-databind High Vendor Manifest automatic-module-name com.fasterxml.jackson.databind Medium Vendor pom description General data-binding functionality for Jackson: works on core streaming API Medium Vendor pom artifactid jackson-databind Low Vendor central groupid com.fasterxml.jackson.core Highest Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.core Medium Vendor file name jackson-databind High Vendor Manifest bundle-docurl http://github.com/FasterXML/jackson Low Vendor Manifest implementation-build-date 2018-03-26 15:13:41+0000 Low Product Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-databind Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Product Manifest specification-title jackson-databind Medium Product pom artifactid jackson-databind Highest Product manifest Bundle-Description General data-binding functionality for Jackson: works on core streaming API Medium Product Manifest Implementation-Title jackson-databind High Product pom parent-artifactid jackson-base Medium Product pom groupid fasterxml.jackson.core Low Product pom parent-groupid com.fasterxml.jackson Low Product Manifest Bundle-Name jackson-databind Medium Product central artifactid jackson-databind Highest Product pom name jackson-databind High Product Manifest automatic-module-name com.fasterxml.jackson.databind Medium Product pom url http://github.com/FasterXML/jackson Medium Product pom description General data-binding functionality for Jackson: works on core streaming API Medium Product file name jackson-databind High Product Manifest bundle-docurl http://github.com/FasterXML/jackson Low Product Manifest implementation-build-date 2018-03-26 15:13:41+0000 Low Version central version 2.9.5 Highest Version file version 2.9.5 Highest Version Manifest Implementation-Version 2.9.5 High Version pom version 2.9.5 Highest