Press CTR-C to copy XML [help]


Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

How to read the report | Suppressing false positives | Getting Help: github issues

 Sponsor

Project: waffle

com.github.waffle:waffle:3.5.2-SNAPSHOT

Scan Information (show all):

Summary

Display: Showing Vulnerable Dependencies (click to show all)

DependencyVulnerability IDsPackageHighest SeverityCVE CountConfidenceEvidence Count
ant-1.10.8.jarcpe:2.3:a:apache:ant:1.10.8:*:*:*:*:*:*:*pkg:maven/org.apache.ant/ant@1.10.8HIGH3Highest24
asm-9.7.1.jarpkg:maven/org.ow2.asm/asm@9.7.1 054
asm-commons-9.7.1.jarpkg:maven/org.ow2.asm/asm-commons@9.7.1 058
asm-tree-9.7.1.jarpkg:maven/org.ow2.asm/asm-tree@9.7.1 058
bcprov-jdk18on-1.79.jarcpe:2.3:a:bouncycastle:bouncy_castle_for_java:1.79:*:*:*:*:*:*:*pkg:maven/org.bouncycastle/bcprov-jdk18on@1.79 0Highest37
byte-buddy-1.15.11.jarpkg:maven/net.bytebuddy/byte-buddy@1.15.11 029
byte-buddy-agent-1.15.11.jarpkg:maven/net.bytebuddy/byte-buddy-agent@1.15.11 033
byte-buddy-agent-1.15.11.jar: attach_hotspot_windows.dll 02
byte-buddy-agent-1.15.11.jar: attach_hotspot_windows.dll 02
caffeine-2.9.3.jarpkg:maven/com.github.ben-manes.caffeine/caffeine@2.9.3 033
caffeine-3.1.8.jarpkg:maven/com.github.ben-manes.caffeine/caffeine@3.1.8 037
checker-qual-3.48.1.jarpkg:maven/org.checkerframework/checker-qual@3.48.1 044
checker-qual-3.48.3.jarpkg:maven/org.checkerframework/checker-qual@3.48.3 044
com.github.waffle.demo:waffle-filter:3.5.2-SNAPSHOTpkg:maven/com.github.waffle.demo/waffle-filter@3.5.2-SNAPSHOT 06
com.github.waffle.demo:waffle-form:3.5.2-SNAPSHOTpkg:maven/com.github.waffle.demo/waffle-form@3.5.2-SNAPSHOT 06
com.github.waffle.demo:waffle-jaas:3.5.2-SNAPSHOTpkg:maven/com.github.waffle.demo/waffle-jaas@3.5.2-SNAPSHOT 06
com.github.waffle.demo:waffle-mixed-post:3.5.2-SNAPSHOTpkg:maven/com.github.waffle.demo/waffle-mixed-post@3.5.2-SNAPSHOT 06
com.github.waffle.demo:waffle-mixed:3.5.2-SNAPSHOTpkg:maven/com.github.waffle.demo/waffle-mixed@3.5.2-SNAPSHOT 06
com.github.waffle.demo:waffle-negotiate:3.5.2-SNAPSHOTpkg:maven/com.github.waffle.demo/waffle-negotiate@3.5.2-SNAPSHOT 06
com.github.waffle.demo:waffle-spring-boot-filter2:3.5.2-SNAPSHOTpkg:maven/com.github.waffle.demo/waffle-spring-boot-filter2@3.5.2-SNAPSHOT 06
com.github.waffle.demo:waffle-spring-boot-filter3:3.5.2-SNAPSHOTpkg:maven/com.github.waffle.demo/waffle-spring-boot-filter3@3.5.2-SNAPSHOT 06
com.github.waffle.demo:waffle-spring-filter:3.5.2-SNAPSHOTpkg:maven/com.github.waffle.demo/waffle-spring-filter@3.5.2-SNAPSHOT 06
com.github.waffle.demo:waffle-spring-form:3.5.2-SNAPSHOTpkg:maven/com.github.waffle.demo/waffle-spring-form@3.5.2-SNAPSHOT 06
com.github.waffle:waffle-jetty-jakarta:3.5.2-SNAPSHOTcpe:2.3:a:jetty:jetty:3.5.2:snapshot:*:*:*:*:*:*pkg:maven/com.github.waffle/waffle-jetty-jakarta@3.5.2-SNAPSHOT 0Low6
com.github.waffle:waffle-jetty:3.5.2-SNAPSHOTcpe:2.3:a:jetty:jetty:3.5.2:snapshot:*:*:*:*:*:*pkg:maven/com.github.waffle/waffle-jetty@3.5.2-SNAPSHOT 0Low6
com.github.waffle:waffle-jna-jakarta:3.5.2-SNAPSHOTpkg:maven/com.github.waffle/waffle-jna-jakarta@3.5.2-SNAPSHOT 06
com.github.waffle:waffle-jna:3.5.2-SNAPSHOTpkg:maven/com.github.waffle/waffle-jna@3.5.2-SNAPSHOT 06
com.github.waffle:waffle-shiro:3.5.2-SNAPSHOTpkg:maven/com.github.waffle/waffle-shiro@3.5.2-SNAPSHOT 06
com.github.waffle:waffle-spring-boot-autoconfigure2:3.5.2-SNAPSHOTpkg:maven/com.github.waffle/waffle-spring-boot-autoconfigure2@3.5.2-SNAPSHOT 06
com.github.waffle:waffle-spring-boot-autoconfigure3:3.5.2-SNAPSHOTpkg:maven/com.github.waffle/waffle-spring-boot-autoconfigure3@3.5.2-SNAPSHOT 06
com.github.waffle:waffle-spring-boot-starter2:3.5.2-SNAPSHOTpkg:maven/com.github.waffle/waffle-spring-boot-starter2@3.5.2-SNAPSHOT 06
com.github.waffle:waffle-spring-boot-starter3:3.5.2-SNAPSHOTpkg:maven/com.github.waffle/waffle-spring-boot-starter3@3.5.2-SNAPSHOT 06
com.github.waffle:waffle-spring-security5:3.5.2-SNAPSHOTpkg:maven/com.github.waffle/waffle-spring-security5@3.5.2-SNAPSHOT 06
com.github.waffle:waffle-spring-security6:3.5.2-SNAPSHOTpkg:maven/com.github.waffle/waffle-spring-security6@3.5.2-SNAPSHOT 06
com.github.waffle:waffle-tomcat10:3.5.2-SNAPSHOTpkg:maven/com.github.waffle/waffle-tomcat10@3.5.2-SNAPSHOT 06
com.github.waffle:waffle-tomcat11:3.5.2-SNAPSHOTpkg:maven/com.github.waffle/waffle-tomcat11@3.5.2-SNAPSHOT 06
com.github.waffle:waffle-tomcat9:3.5.2-SNAPSHOTpkg:maven/com.github.waffle/waffle-tomcat9@3.5.2-SNAPSHOT 06
commons-beanutils-1.9.4.jarcpe:2.3:a:apache:commons_beanutils:1.9.4:*:*:*:*:*:*:*pkg:maven/commons-beanutils/commons-beanutils@1.9.4 0Highest168
ecj-3.40.0.jarpkg:maven/org.eclipse.jdt/ecj@3.40.0 036
encoder-1.3.1.jarpkg:maven/org.owasp.encoder/encoder@1.3.1 031
error_prone_annotations-2.36.0.jarpkg:maven/com.google.errorprone/error_prone_annotations@2.36.0 029
expressly-5.0.0.jarpkg:maven/org.glassfish.expressly/expressly@5.0.0 045
j2objc-annotations-3.0.0.jarpkg:maven/com.google.j2objc/j2objc-annotations@3.0.0 033
jackson-core-2.13.5.jarcpe:2.3:a:fasterxml:jackson-modules-java8:2.13.5:*:*:*:*:*:*:*pkg:maven/com.fasterxml.jackson.core/jackson-core@2.13.5 0Low47
jackson-core-2.18.2.jarcpe:2.3:a:fasterxml:jackson-modules-java8:2.18.2:*:*:*:*:*:*:*pkg:maven/com.fasterxml.jackson.core/jackson-core@2.18.2 0Low47
jackson-databind-2.13.5.jarcpe:2.3:a:fasterxml:jackson-databind:2.13.5:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-modules-java8:2.13.5:*:*:*:*:*:*:*		pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.5MEDIUM1Highest43
jackson-databind-2.18.2.jarcpe:2.3:a:fasterxml:jackson-databind:2.18.2:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-modules-java8:2.18.2:*:*:*:*:*:*:*		pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.18.2 0Highest41
jakarta.annotation-api-1.3.5.jarcpe:2.3:a:oracle:projects:1.3.5:*:*:*:*:*:*:*pkg:maven/jakarta.annotation/jakarta.annotation-api@1.3.5 0Low35
jakarta.annotation-api-2.1.1.jarcpe:2.3:a:oracle:projects:2.1.1:*:*:*:*:*:*:*pkg:maven/jakarta.annotation/jakarta.annotation-api@2.1.1 0Low42
jakarta.annotation-api-3.0.0.jarcpe:2.3:a:oracle:projects:3.0.0:*:*:*:*:*:*:*pkg:maven/jakarta.annotation/jakarta.annotation-api@3.0.0 0Low42
jakarta.el-3.0.4.jarcpe:2.3:a:eclipse:jakarta_expression_language:3.0.4:*:*:*:*:*:*:*pkg:maven/org.glassfish/jakarta.el@3.0.4 0Low46
jakarta.el-api-6.0.1.jarcpe:2.3:a:eclipse:jakarta_expression_language:6.0.1:*:*:*:*:*:*:*pkg:maven/jakarta.el/jakarta.el-api@6.0.1 0Low45
jakarta.servlet-api-4.0.2.jarcpe:2.3:a:oracle:java_se:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:projects:4.0.2:*:*:*:*:*:*:*		pkg:maven/jakarta.servlet/jakarta.servlet-api@4.0.2 0Medium41
jakarta.servlet-api-4.0.4.jarcpe:2.3:a:oracle:projects:4.0.4:*:*:*:*:*:*:*pkg:maven/jakarta.servlet/jakarta.servlet-api@4.0.4 0Low43
jakarta.servlet-api-6.0.0.jarcpe:2.3:a:oracle:projects:6.0.0:*:*:*:*:*:*:*pkg:maven/jakarta.servlet/jakarta.servlet-api@6.0.0 0Low44
jakarta.servlet-api-6.1.0.jarcpe:2.3:a:oracle:projects:6.1.0:*:*:*:*:*:*:*pkg:maven/jakarta.servlet/jakarta.servlet-api@6.1.0 0Low44
jakarta.servlet.jsp-2.3.6.jarcpe:2.3:a:web_project:web:2.3.6:*:*:*:*:*:*:*pkg:maven/org.glassfish.web/jakarta.servlet.jsp@2.3.6 0Highest47
jakarta.servlet.jsp-3.0.0.jarcpe:2.3:a:web_project:web:3.0.0:*:*:*:*:*:*:*pkg:maven/org.glassfish.web/jakarta.servlet.jsp@3.0.0 0Highest47
jakarta.servlet.jsp-api-4.0.0.jarpkg:maven/jakarta.servlet.jsp/jakarta.servlet.jsp-api@4.0.0 045
jakarta.servlet.jsp.jstl-1.2.6.jarcpe:2.3:a:oracle:jsp:1.2.6:*:*:*:*:*:*:*
cpe:2.3:a:web_project:web:1.2.6:*:*:*:*:*:*:*		pkg:maven/org.glassfish.web/jakarta.servlet.jsp.jstl@1.2.6 0Highest48
jakarta.servlet.jsp.jstl-3.0.1.jarcpe:2.3:a:web_project:web:3.0.1:*:*:*:*:*:*:*pkg:maven/org.glassfish.web/jakarta.servlet.jsp.jstl@3.0.1 0Highest47
jakarta.servlet.jsp.jstl-api-1.2.4.jarcpe:2.3:a:oracle:java_se:1.2.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jsp:1.2.4:*:*:*:*:*:*:*		pkg:maven/jakarta.servlet.jsp.jstl/jakarta.servlet.jsp.jstl-api@1.2.4 0Medium47
jcl-over-slf4j-2.0.16.jarpkg:maven/org.slf4j/jcl-over-slf4j@2.0.16 031
jdtcore-3.1.0.jarcpe:2.3:a:eclipse:org.eclipse.core.runtime:3.1.0:*:*:*:*:*:*:*pkg:maven/eclipse/jdtcore@3.1.0MEDIUM1Low27
jdtcore-3.1.0.jar: jdtCompilerAdapter.jar 07
jetty-ee-12.0.16.jarcpe:2.3:a:eclipse:jetty:12.0.16:*:*:*:*:*:*:*
cpe:2.3:a:jetty:jetty:12.0.16:*:*:*:*:*:*:*
cpe:2.3:a:mortbay_jetty:jetty:12.0.16:*:*:*:*:*:*:*		pkg:maven/org.eclipse.jetty/jetty-ee@12.0.16 0Highest33
jetty-server-12.0.16.jarcpe:2.3:a:eclipse:jetty:12.0.16:*:*:*:*:*:*:*
cpe:2.3:a:jetty:jetty:12.0.16:*:*:*:*:*:*:*
cpe:2.3:a:jetty:jetty_http_server:12.0.16:*:*:*:*:*:*:*
cpe:2.3:a:mortbay_jetty:jetty:12.0.16:*:*:*:*:*:*:*		pkg:maven/org.eclipse.jetty/jetty-server@12.0.16 0Highest33
jetty-servlet-api-4.0.6.jarpkg:maven/org.eclipse.jetty.toolchain/jetty-servlet-api@4.0.6 026
jna-5.16.0.jarcpe:2.3:a:oracle:java_se:5.16.0:*:*:*:*:*:*:*pkg:maven/net.java.dev.jna/jna@5.16.0 0Low48
jna-5.16.0.jar: jnidispatch.dll 02
jna-5.16.0.jar: jnidispatch.dll 02
jna-5.16.0.jar: jnidispatch.dll 02
jna-platform-5.16.0.jarpkg:maven/net.java.dev.jna/jna-platform@5.16.0 044
jsr305-3.0.2.jarpkg:maven/com.google.code.findbugs/jsr305@3.0.2 017
jul-to-slf4j-1.7.36.jarpkg:maven/org.slf4j/jul-to-slf4j@1.7.36 028
jul-to-slf4j-2.0.16.jarpkg:maven/org.slf4j/jul-to-slf4j@2.0.16 031
log4j-api-2.24.3.jarcpe:2.3:a:apache:log4j:2.24.3:*:*:*:*:*:*:*pkg:maven/org.apache.logging.log4j/log4j-api@2.24.3 0Highest41
log4j-to-slf4j-2.24.3.jarpkg:maven/org.apache.logging.log4j/log4j-to-slf4j@2.24.3 037
logback-classic-1.2.12.jarcpe:2.3:a:qos:logback:1.2.12:*:*:*:*:*:*:*pkg:maven/ch.qos.logback/logback-classic@1.2.12HIGH2Highest33
logback-classic-1.5.12.jarcpe:2.3:a:qos:logback:1.5.12:*:*:*:*:*:*:*pkg:maven/ch.qos.logback/logback-classic@1.5.12 0Highest38
logback-core-1.2.12.jarcpe:2.3:a:qos:logback:1.2.12:*:*:*:*:*:*:*pkg:maven/ch.qos.logback/logback-core@1.2.12HIGH4Highest33
logback-core-1.5.12.jarcpe:2.3:a:qos:logback:1.5.12:*:*:*:*:*:*:*pkg:maven/ch.qos.logback/logback-core@1.5.12MEDIUM2Highest39
logback-core-1.5.15.jarcpe:2.3:a:qos:logback:1.5.15:*:*:*:*:*:*:*pkg:maven/ch.qos.logback/logback-core@1.5.15 0Highest39
micrometer-commons-1.14.2.jarpkg:maven/io.micrometer/micrometer-commons@1.14.2 065
micrometer-observation-1.14.2.jarpkg:maven/io.micrometer/micrometer-observation@1.14.2 065
mockito-core-5.14.2.jarpkg:maven/org.mockito/mockito-core@5.14.2 043
objenesis-3.4.jarpkg:maven/org.objenesis/objenesis@3.4 027
shiro-core-2.0.2.jarcpe:2.3:a:apache:shiro:2.0.2:*:*:*:*:*:*:*pkg:maven/org.apache.shiro/shiro-core@2.0.2 0Highest130
shiro-web-2.0.2.jarcpe:2.3:a:apache:shiro:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:web_project:web:2.0.2:*:*:*:*:*:*:*		pkg:maven/org.apache.shiro/shiro-web@2.0.2 0Highest132
slf4j-api-1.7.36.jarpkg:maven/org.slf4j/slf4j-api@1.7.36 029
slf4j-api-2.0.15.jarpkg:maven/org.slf4j/slf4j-api@2.0.15 029
slf4j-api-2.0.16.jarpkg:maven/org.slf4j/slf4j-api@2.0.16 029
slf4j-simple-2.0.16.jarpkg:maven/org.slf4j/slf4j-simple@2.0.16 037
snakeyaml-1.30.jarcpe:2.3:a:snakeyaml_project:snakeyaml:1.30:*:*:*:*:*:*:*pkg:maven/org.yaml/snakeyaml@1.30CRITICAL7Highest44
snakeyaml-2.3.jarcpe:2.3:a:snakeyaml_project:snakeyaml:2.3:*:*:*:*:*:*:*pkg:maven/org.yaml/snakeyaml@2.3 0Highest42
spotbugs-annotations-4.8.6.jarpkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.6 053
spring-boot-2.7.18.jarcpe:2.3:a:vmware:spring_boot:2.7.18:*:*:*:*:*:*:*pkg:maven/org.springframework.boot/spring-boot@2.7.18 0Highest38
spring-boot-3.4.1.jarcpe:2.3:a:vmware:spring_boot:3.4.1:*:*:*:*:*:*:*pkg:maven/org.springframework.boot/spring-boot@3.4.1 0Highest38
spring-boot-starter-web-2.7.18.jarcpe:2.3:a:vmware:spring_boot:2.7.18:*:*:*:*:*:*:*
cpe:2.3:a:web_project:web:2.7.18:*:*:*:*:*:*:*		pkg:maven/org.springframework.boot/spring-boot-starter-web@2.7.18 0Highest36
spring-boot-starter-web-3.4.1.jarcpe:2.3:a:vmware:spring_boot:3.4.1:*:*:*:*:*:*:*
cpe:2.3:a:web_project:web:3.4.1:*:*:*:*:*:*:*		pkg:maven/org.springframework.boot/spring-boot-starter-web@3.4.1 0Highest36
spring-core-5.3.31.jarcpe:2.3:a:pivotal_software:spring_framework:5.3.31:*:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:5.3.31:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:5.3.31:*:*:*:*:*:*:*		pkg:maven/org.springframework/spring-core@5.3.31MEDIUM1Highest37
spring-core-5.3.39.jarcpe:2.3:a:pivotal_software:spring_framework:5.3.39:*:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:5.3.39:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:5.3.39:*:*:*:*:*:*:*		pkg:maven/org.springframework/spring-core@5.3.39MEDIUM1Highest37
spring-core-6.2.1.jarcpe:2.3:a:pivotal_software:spring_framework:6.2.1:*:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:6.2.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:6.2.1:*:*:*:*:*:*:*		pkg:maven/org.springframework/spring-core@6.2.1 0Highest41
spring-expression-5.3.31.jarcpe:2.3:a:pivotal_software:spring_framework:5.3.31:*:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:5.3.31:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:5.3.31:*:*:*:*:*:*:*		pkg:maven/org.springframework/spring-expression@5.3.31MEDIUM2Highest37
spring-security-core-5.8.16.jarcpe:2.3:a:pivotal_software:spring_security:5.8.16:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_security:5.8.16:*:*:*:*:*:*:*		pkg:maven/org.springframework.security/spring-security-core@5.8.16 0Highest38
spring-security-core-6.4.2.jarcpe:2.3:a:pivotal_software:spring_security:6.4.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_security:6.4.2:*:*:*:*:*:*:*		pkg:maven/org.springframework.security/spring-security-core@6.4.2 0Highest38
spring-security-crypto-5.7.11.jarcpe:2.3:a:pivotal_software:spring_security:5.7.11:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_security:5.7.11:*:*:*:*:*:*:*		pkg:maven/org.springframework.security/spring-security-crypto@5.7.11MEDIUM1Highest38
spring-security-crypto-5.8.16.jarcpe:2.3:a:pivotal_software:spring_security:5.8.16:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_security:5.8.16:*:*:*:*:*:*:*		pkg:maven/org.springframework.security/spring-security-crypto@5.8.16MEDIUM1Highest38
spring-security-web-5.8.16.jarcpe:2.3:a:pivotal_software:spring_security:5.8.16:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_security:5.8.16:*:*:*:*:*:*:*
cpe:2.3:a:web_project:web:5.8.16:*:*:*:*:*:*:*		pkg:maven/org.springframework.security/spring-security-web@5.8.16 0Highest38
spring-security-web-6.4.2.jarcpe:2.3:a:pivotal_software:spring_security:6.4.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_security:6.4.2:*:*:*:*:*:*:*
cpe:2.3:a:web_project:web:6.4.2:*:*:*:*:*:*:*		pkg:maven/org.springframework.security/spring-security-web@6.4.2 0Highest38
spring-security-web-6.4.2.jar: spring-security-webauthn.js 00
spring-web-5.3.31.jarcpe:2.3:a:pivotal_software:spring_framework:5.3.31:*:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:5.3.31:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:5.3.31:*:*:*:*:*:*:*
cpe:2.3:a:web_project:web:5.3.31:*:*:*:*:*:*:*		pkg:maven/org.springframework/spring-web@5.3.31CRITICAL6Highest35
spring-web-5.3.39.jarcpe:2.3:a:pivotal_software:spring_framework:5.3.39:*:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:5.3.39:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:5.3.39:*:*:*:*:*:*:*
cpe:2.3:a:web_project:web:5.3.39:*:*:*:*:*:*:*		pkg:maven/org.springframework/spring-web@5.3.39CRITICAL3Highest35
spring-web-6.2.1.jarcpe:2.3:a:pivotal_software:spring_framework:6.2.1:*:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:6.2.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:6.2.1:*:*:*:*:*:*:*
cpe:2.3:a:web_project:web:6.2.1:*:*:*:*:*:*:*		pkg:maven/org.springframework/spring-web@6.2.1 0Highest35
spring-webmvc-5.3.31.jarcpe:2.3:a:pivotal_software:spring_framework:5.3.31:*:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:5.3.31:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:5.3.31:*:*:*:*:*:*:*
cpe:2.3:a:web_project:web:5.3.31:*:*:*:*:*:*:*		pkg:maven/org.springframework/spring-webmvc@5.3.31HIGH2Highest37
tomcat-annotations-api-10.1.34.jarcpe:2.3:a:www-sql_project:www-sql:10.1.34:*:*:*:*:*:*:*pkg:maven/org.apache.tomcat/tomcat-annotations-api@10.1.34 0Low30
tomcat-annotations-api-11.0.2.jarcpe:2.3:a:www-sql_project:www-sql:11.0.2:*:*:*:*:*:*:*pkg:maven/org.apache.tomcat/tomcat-annotations-api@11.0.2 0Low30
tomcat-annotations-api-9.0.98.jarcpe:2.3:a:www-sql_project:www-sql:9.0.98:*:*:*:*:*:*:*pkg:maven/org.apache.tomcat/tomcat-annotations-api@9.0.98 0Low30
tomcat-api-11.0.2.jarcpe:2.3:a:apache:tomcat:11.0.2:*:*:*:*:*:*:*
cpe:2.3:a:apache_tomcat:apache_tomcat:11.0.2:*:*:*:*:*:*:*		pkg:maven/org.apache.tomcat/tomcat-api@11.0.2 0Highest24
tomcat-api-9.0.98.jarcpe:2.3:a:apache:tomcat:9.0.98:*:*:*:*:*:*:*
cpe:2.3:a:apache_tomcat:apache_tomcat:9.0.98:*:*:*:*:*:*:*		pkg:maven/org.apache.tomcat/tomcat-api@9.0.98 0Highest24
tomcat-catalina-10.1.34.jarcpe:2.3:a:apache:tomcat:10.1.34:*:*:*:*:*:*:*
cpe:2.3:a:apache_tomcat:apache_tomcat:10.1.34:*:*:*:*:*:*:*		pkg:maven/org.apache.tomcat/tomcat-catalina@10.1.34HIGH1Highest30
tomcat-catalina-11.0.2.jarcpe:2.3:a:apache:tomcat:11.0.2:*:*:*:*:*:*:*
cpe:2.3:a:apache_tomcat:apache_tomcat:11.0.2:*:*:*:*:*:*:*		pkg:maven/org.apache.tomcat/tomcat-catalina@11.0.2HIGH1Highest30
tomcat-catalina-9.0.98.jarcpe:2.3:a:apache:tomcat:9.0.98:*:*:*:*:*:*:*
cpe:2.3:a:apache_tomcat:apache_tomcat:9.0.98:*:*:*:*:*:*:*		pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.98HIGH1Highest30
tomcat-el-api-10.1.34.jarpkg:maven/org.apache.tomcat/tomcat-el-api@10.1.34 025
tomcat-el-api-11.0.2.jarpkg:maven/org.apache.tomcat/tomcat-el-api@11.0.2 025
tomcat-el-api-9.0.98.jarpkg:maven/org.apache.tomcat/tomcat-el-api@9.0.98 025
tomcat-embed-core-10.1.34.jarcpe:2.3:a:apache:tomcat:10.1.34:*:*:*:*:*:*:*
cpe:2.3:a:apache_tomcat:apache_tomcat:10.1.34:*:*:*:*:*:*:*		pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.34 0Highest63
tomcat-embed-core-9.0.83.jarcpe:2.3:a:apache:tomcat:9.0.83:*:*:*:*:*:*:*
cpe:2.3:a:apache_tomcat:apache_tomcat:9.0.83:*:*:*:*:*:*:*		pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.83 0Highest65
tomcat-embed-el-10.1.34.jarpkg:maven/org.apache.tomcat.embed/tomcat-embed-el@10.1.34 033
tomcat-embed-el-9.0.83.jarpkg:maven/org.apache.tomcat.embed/tomcat-embed-el@9.0.83 033
tomcat-jni-10.1.34.jarpkg:maven/org.apache.tomcat/tomcat-jni@10.1.34 026
tomcat-jni-11.0.2.jarpkg:maven/org.apache.tomcat/tomcat-jni@11.0.2 026
tomcat-jni-9.0.98.jarpkg:maven/org.apache.tomcat/tomcat-jni@9.0.98 026
tomcat-juli-10.1.34.jarpkg:maven/org.apache.tomcat/tomcat-juli@10.1.34 026
tomcat-juli-11.0.2.jarpkg:maven/org.apache.tomcat/tomcat-juli@11.0.2 026
tomcat-juli-9.0.98.jarpkg:maven/org.apache.tomcat/tomcat-juli@9.0.98 026
tomcat-servlet-api-10.1.34.jarpkg:maven/org.apache.tomcat/tomcat-servlet-api@10.1.34 039
tomcat-servlet-api-11.0.2.jarpkg:maven/org.apache.tomcat/tomcat-servlet-api@11.0.2 039
tomcat-servlet-api-9.0.98.jarpkg:maven/org.apache.tomcat/tomcat-servlet-api@9.0.98 039

Dependencies (vulnerable)

ant-1.10.8.jar

File Path: /home/runner/.m2/repository/org/apache/ant/ant/1.10.8/ant-1.10.8.jar
MD5: 4492182f592ad9779a5de60e3f0ea3c4
SHA1: ae148abb0532b685c5eeb22fdec9d124e89be5de
SHA256:b96b46fd2b4b00e42684c3085b0d16dde975e7b8e64822b0bf52edf5fd387d8d
Referenced In Project/Scope: waffle-jetty-jakarta:provided
ant-1.10.8.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.glassfish.web/jakarta.servlet.jsp@3.0.0

Identifiers

CVE-2020-11979  

As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process.
CWE-379 Creation of Temporary File in Directory with Insecure Permissions, NVD-CWE-Other

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2021-36373  

When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Apache Ant prior to 1.9.16 and 1.10.11 were affected.
CWE-130 Improper Handling of Length Parameter Inconsistency, NVD-CWE-Other

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2021-36374  

When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Commonly used derived formats from ZIP archives are for instance JAR files and many office files. Apache Ant prior to 1.9.16 and 1.10.11 were affected.
CWE-130 Improper Handling of Length Parameter Inconsistency, NVD-CWE-Other

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

asm-9.7.1.jar

Description:

ASM, a very small and fast Java bytecode manipulation framework

License:

BSD-3-Clause: https://asm.ow2.io/license.html
File Path: /home/runner/.m2/repository/org/ow2/asm/asm/9.7.1/asm-9.7.1.jar
MD5: e2cdd32d198ad31427d298eee9d39d8d
SHA1: f0ed132a49244b042cd0e15702ab9f2ce3cc8436
SHA256:8cadd43ac5eb6d09de05faecca38b917a040bb9139c7edeb4cc81c740b713281
Referenced In Projects/Scopes:
  • waffle-jetty:provided
  • waffle-jetty-jakarta:provided

asm-9.7.1.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/org.ow2.asm/asm-commons@9.7.1
  • pkg:maven/org.ow2.asm/asm-commons@9.7.1

Identifiers

asm-commons-9.7.1.jar

Description:

Usefull class adapters based on ASM, a very small and fast Java bytecode manipulation framework

License:

BSD-3-Clause: https://asm.ow2.io/license.html
File Path: /home/runner/.m2/repository/org/ow2/asm/asm-commons/9.7.1/asm-commons-9.7.1.jar
MD5: 8344aea3c8b7d707e9d35a62710e77c9
SHA1: 406c6a2225cfe1819f102a161e54cc16a5c24f75
SHA256:9a579b54d292ad9be171d4313fd4739c635592c2b5ac3a459bbd1049cddec6a0
Referenced In Projects/Scopes:
  • waffle-jetty:provided
  • waffle-jetty-jakarta:provided

asm-commons-9.7.1.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.waffle/waffle-jetty@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jetty-jakarta@3.5.2-SNAPSHOT

Identifiers

asm-tree-9.7.1.jar

Description:

Tree API of ASM, a very small and fast Java bytecode manipulation framework

License:

BSD-3-Clause: https://asm.ow2.io/license.html
File Path: /home/runner/.m2/repository/org/ow2/asm/asm-tree/9.7.1/asm-tree-9.7.1.jar
MD5: e85029f613b6469989cc7cf53fe06b74
SHA1: 3a53139787663b139de76b627fca0084ab60d32c
SHA256:9929881f59eb6b840e86d54570c77b59ce721d104e6dfd7a40978991c2d3b41f
Referenced In Projects/Scopes:
  • waffle-jetty:provided
  • waffle-jetty-jakarta:provided

asm-tree-9.7.1.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/org.ow2.asm/asm-commons@9.7.1
  • pkg:maven/org.ow2.asm/asm-commons@9.7.1

Identifiers

bcprov-jdk18on-1.79.jar

Description:

The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.8 and up.

License:

Bouncy Castle Licence: https://www.bouncycastle.org/licence.html
File Path: /home/runner/.m2/repository/org/bouncycastle/bcprov-jdk18on/1.79/bcprov-jdk18on-1.79.jar
MD5: a15076acd41c47c88b7c737dcc0bc4e1
SHA1: 4d8e2732bcee15f1db93df266c3f5b70ce5cac21
SHA256:0d81ecc3124536b539bce9aa3fe9621b7f84c9cee371b635a5b31c78b79ab1da
Referenced In Project/Scope: waffle-shiro:provided
bcprov-jdk18on-1.79.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.shiro/shiro-web@2.0.2

Identifiers

byte-buddy-1.15.11.jar

Description:

        Byte Buddy is a Java library for creating Java classes at run time.
        This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/net/bytebuddy/byte-buddy/1.15.11/byte-buddy-1.15.11.jar
MD5: 603bc53c7a294f23765bfb7e1820ad44
SHA1: f61886478e0f9ee4c21d09574736f0ff45e0a46c
SHA256:fa08998aae1e7bdae83bde0712c50e8444d71c0e0c196bb2247ade8d4ad0eb90
Referenced In Projects/Scopes:
  • waffle-mixed:compile
  • waffle-tests:compile
  • waffle-spring-boot-autoconfigure3:compile
  • waffle-bom:compile
  • waffle-spring-boot-starter2:compile
  • waffle-spring-boot-autoconfigure2:compile
  • waffle-spring-boot-starter3:compile
  • waffle-form:compile
  • waffle-tests-jakarta:compile
  • waffle-negotiate:compile
  • waffle-spring-boot-filter3:compile
  • waffle-spring-filter:compile
  • waffle-spring-boot-filter2:compile
  • waffle-mixed-post:compile
  • waffle-spring-security5:compile
  • waffle-tomcat11:compile
  • waffle-spring-security6:compile
  • waffle-tomcat10:compile
  • waffle-demo-parent:compile
  • waffle-shiro:compile
  • waffle:compile
  • waffle-spring-boot2:compile
  • waffle-spring-form:compile
  • waffle-spring-boot3:compile
  • waffle-distro:compile
  • waffle-jetty-jakarta:compile
  • waffle-jetty:compile
  • waffle-tomcat9:compile
  • waffle-jaas:compile
  • waffle-filter:compile

byte-buddy-1.15.11.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.waffle/waffle-spring-boot3@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-shiro@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-tomcat9@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-boot-autoconfigure2@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-boot-autoconfigure3@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-form@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-jaas@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-filter@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-distro@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-demo-parent@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-boot-starter3@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-mixed@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-tomcat10@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-spring-form@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-tomcat11@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-negotiate@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-spring-boot-filter2@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-tests@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jetty-jakarta@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security6@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-boot-starter2@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-spring-filter@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jetty@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-tests-jakarta@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-boot2@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-bom@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-spring-boot-filter3@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-mixed-post@3.5.2-SNAPSHOT

Identifiers

byte-buddy-agent-1.15.11.jar

Description:

The Byte Buddy agent offers convenience for attaching an agent to the local or a remote VM.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/net/bytebuddy/byte-buddy-agent/1.15.11/byte-buddy-agent-1.15.11.jar
MD5: 449a1534609bf3535d74cbb10b4ed074
SHA1: a38b16385e867f59a641330f0362ebe742788ed8
SHA256:316d2c0795c2a4d4c4756f2e6f9349837c7430ac34e0477ead874d05f5cc19e5
Referenced In Projects/Scopes:
  • waffle-mixed:compile
  • waffle-tests:compile
  • waffle-spring-boot-autoconfigure3:compile
  • waffle-bom:compile
  • waffle-spring-boot-starter2:compile
  • waffle-spring-boot-autoconfigure2:compile
  • waffle-spring-boot-starter3:compile
  • waffle-form:compile
  • waffle-tests-jakarta:compile
  • waffle-negotiate:compile
  • waffle-spring-boot-filter3:compile
  • waffle-spring-filter:compile
  • waffle-spring-boot-filter2:compile
  • waffle-mixed-post:compile
  • waffle-spring-security5:compile
  • waffle-tomcat11:compile
  • waffle-spring-security6:compile
  • waffle-tomcat10:compile
  • waffle-demo-parent:compile
  • waffle-shiro:compile
  • waffle:compile
  • waffle-spring-boot2:compile
  • waffle-spring-form:compile
  • waffle-spring-boot3:compile
  • waffle-distro:compile
  • waffle-jetty-jakarta:compile
  • waffle-jetty:compile
  • waffle-tomcat9:compile
  • waffle-jaas:compile
  • waffle-filter:compile

byte-buddy-agent-1.15.11.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.waffle/waffle-tomcat11@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-boot2@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-spring-boot-filter2@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-tests@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-mixed@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-form@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-boot3@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-filter@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-bom@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-negotiate@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-spring-form@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-distro@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-mixed-post@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-tests-jakarta@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-demo-parent@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-boot-starter2@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-boot-autoconfigure2@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security6@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-tomcat10@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-boot-starter3@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-spring-filter@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-shiro@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-spring-boot-filter3@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-boot-autoconfigure3@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jetty@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jetty-jakarta@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-jaas@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-tomcat9@3.5.2-SNAPSHOT

Identifiers

byte-buddy-agent-1.15.11.jar: attach_hotspot_windows.dll

File Path: /home/runner/.m2/repository/net/bytebuddy/byte-buddy-agent/1.15.11/byte-buddy-agent-1.15.11.jar/win32-x86-64/attach_hotspot_windows.dll
MD5: 053a783e5777c6a9867c27d51af89677
SHA1: 5ef4d98ae6a033a5707d0b5466e6138beb337e76
SHA256:16d424423f9b09accf132ad35dbeaa52ac9f6bd45bba1406b89df851f651db20
Referenced In Projects/Scopes:

  • waffle-mixed:compile
  • waffle-tests:compile
  • waffle-spring-boot-autoconfigure3:compile
  • waffle-bom:compile
  • waffle-spring-boot-starter2:compile
  • waffle-spring-boot-autoconfigure2:compile
  • waffle-spring-boot-starter3:compile
  • waffle-form:compile
  • waffle-tests-jakarta:compile
  • waffle-negotiate:compile
  • waffle-spring-boot-filter3:compile
  • waffle-spring-filter:compile
  • waffle-spring-boot-filter2:compile
  • waffle-mixed-post:compile
  • waffle-spring-security5:compile
  • waffle-tomcat11:compile
  • waffle-spring-security6:compile
  • waffle-tomcat10:compile
  • waffle-demo-parent:compile
  • waffle-shiro:compile
  • waffle:compile
  • waffle-spring-boot2:compile
  • waffle-spring-form:compile
  • waffle-spring-boot3:compile
  • waffle-distro:compile
  • waffle-jetty-jakarta:compile
  • waffle-jetty:compile
  • waffle-tomcat9:compile
  • waffle-jaas:compile
  • waffle-filter:compile

Identifiers

  • None

byte-buddy-agent-1.15.11.jar: attach_hotspot_windows.dll

File Path: /home/runner/.m2/repository/net/bytebuddy/byte-buddy-agent/1.15.11/byte-buddy-agent-1.15.11.jar/win32-x86/attach_hotspot_windows.dll
MD5: fbca33102ac97be0ed496c0f78e466b3
SHA1: c4df05146a86a6d073769bb697d550ef42518ed5
SHA256:810f94c4a2f5ca1a072c19859f7954fed9aa3a1dcb0d601e92d2338793202e72
Referenced In Projects/Scopes:

  • waffle-mixed:compile
  • waffle-tests:compile
  • waffle-spring-boot-autoconfigure3:compile
  • waffle-bom:compile
  • waffle-spring-boot-starter2:compile
  • waffle-spring-boot-autoconfigure2:compile
  • waffle-spring-boot-starter3:compile
  • waffle-form:compile
  • waffle-tests-jakarta:compile
  • waffle-negotiate:compile
  • waffle-spring-boot-filter3:compile
  • waffle-spring-filter:compile
  • waffle-spring-boot-filter2:compile
  • waffle-mixed-post:compile
  • waffle-spring-security5:compile
  • waffle-tomcat11:compile
  • waffle-spring-security6:compile
  • waffle-tomcat10:compile
  • waffle-demo-parent:compile
  • waffle-shiro:compile
  • waffle:compile
  • waffle-spring-boot2:compile
  • waffle-spring-form:compile
  • waffle-spring-boot3:compile
  • waffle-distro:compile
  • waffle-jetty-jakarta:compile
  • waffle-jetty:compile
  • waffle-tomcat9:compile
  • waffle-jaas:compile
  • waffle-filter:compile

Identifiers

  • None

caffeine-2.9.3.jar

Description:

A high performance caching library

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/github/ben-manes/caffeine/caffeine/2.9.3/caffeine-2.9.3.jar
MD5: e0b9c5ccd60a1b5403df1dfe6de37d8e
SHA1: b162491f768824d21487551873f9b3b374a7fe19
SHA256:1e0a7bbef1dd791653143f3f05d0e489934bf5481e58a87c9e619cd46b68729b
Referenced In Projects/Scopes:
  • waffle-spring-boot-starter2:compile
  • waffle-spring-boot-autoconfigure2:compile

caffeine-2.9.3.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.5.2-SNAPSHOT

Identifiers

caffeine-3.1.8.jar

Description:

A high performance caching library

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/github/ben-manes/caffeine/caffeine/3.1.8/caffeine-3.1.8.jar
MD5: b19301179903e8781776397d9923f7c8
SHA1: 24795585df8afaf70a2cd534786904ea5889c047
SHA256:7dd15f9df1be238ffaa367ce6f556737a88031de4294dad18eef57c474ddf1d3
Referenced In Projects/Scopes:
  • waffle-tests:compile
  • waffle-jna:compile
  • waffle-spring-boot-autoconfigure3:compile
  • waffle-mixed-post:provided
  • waffle-spring-boot-starter3:compile
  • waffle-form:compile
  • waffle-negotiate:provided
  • waffle-tests-jakarta:compile
  • waffle-spring-boot-filter3:compile
  • waffle-spring-filter:compile
  • waffle-spring-boot-filter2:compile
  • waffle-jna-jakarta:compile
  • waffle-spring-security5:compile
  • waffle-tomcat11:compile
  • waffle-spring-security6:compile
  • waffle-tomcat10:compile
  • waffle-shiro:compile
  • waffle-spring-form:compile
  • waffle-mixed:provided
  • waffle-distro:compile
  • waffle-jetty-jakarta:compile
  • waffle-jetty:compile
  • waffle-tomcat9:compile
  • waffle-jaas:compile
  • waffle-filter:compile

caffeine-3.1.8.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.waffle/waffle-jna-jakarta@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-negotiate@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna-jakarta@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna-jakarta@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-mixed-post@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-tomcat9@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna-jakarta@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security6@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-mixed@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security6@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna-jakarta@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna-jakarta@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-distro@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna-jakarta@3.5.2-SNAPSHOT

Identifiers

checker-qual-3.48.1.jar

Description:

checker-qual contains annotations (type qualifiers) that a programmerwrites to specify Java code for type-checking by the Checker Framework.

License:

The MIT License: http://opensource.org/licenses/MIT
File Path: /home/runner/.m2/repository/org/checkerframework/checker-qual/3.48.1/checker-qual-3.48.1.jar
MD5: 1594c16f661bec96488b56d4d5b56582
SHA1: 7d8cf1c00aec0042df92f8d71d7f15baaf9773f4
SHA256:21e8dfe8103e125d96a329653ca81e87ac430326dbdbf299cea3dc1ae3f039a2
Referenced In Projects/Scopes:
  • waffle-spring-form:compile
  • waffle-spring-boot-autoconfigure3:compile
  • waffle-spring-boot-starter2:compile
  • waffle-spring-boot-autoconfigure2:compile
  • waffle-spring-boot-starter3:compile
  • waffle-spring-filter:compile
  • waffle-filter:compile

checker-qual-3.48.1.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.hazendaz.jmockit/jmockit@1.55.0
  • pkg:maven/com.github.hazendaz.jmockit/jmockit@1.55.0
  • pkg:maven/com.github.hazendaz.jmockit/jmockit@1.55.0
  • pkg:maven/com.github.hazendaz.jmockit/jmockit@1.55.0
  • pkg:maven/com.github.hazendaz.jmockit/jmockit@1.55.0
  • pkg:maven/com.github.hazendaz.jmockit/jmockit@1.55.0
  • pkg:maven/com.github.hazendaz.jmockit/jmockit@1.55.0

Identifiers

checker-qual-3.48.3.jar

Description:

checker-qual contains annotations (type qualifiers) that a programmerwrites to specify Java code for type-checking by the Checker Framework.

License:

The MIT License: http://opensource.org/licenses/MIT
File Path: /home/runner/.m2/repository/org/checkerframework/checker-qual/3.48.3/checker-qual-3.48.3.jar
MD5: 9fe3deae54d20bd78960459c952ac7d4
SHA1: c48effe7d78de3cf5e8a98c614281ec6a2466a77
SHA256:443685b1b232803baaf803c15d6f5a425473c6f7b81c5f276dfcf93288e389a5
Referenced In Projects/Scopes:
  • waffle-tests:compile
  • waffle-jna:compile
  • waffle-jna-jakarta:compile
  • waffle-spring-security5:compile
  • waffle-tomcat11:compile
  • waffle-mixed-post:provided
  • waffle-spring-security6:compile
  • waffle-tomcat10:compile
  • waffle-shiro:compile
  • waffle-form:compile
  • waffle-mixed:provided
  • waffle-negotiate:provided
  • waffle-distro:compile
  • waffle-tests-jakarta:compile
  • waffle-spring-boot-filter3:compile
  • waffle-jetty-jakarta:compile
  • waffle-spring-boot-filter2:compile
  • waffle-jetty:compile
  • waffle-tomcat9:compile
  • waffle-jaas:compile

checker-qual-3.48.3.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.waffle/waffle-jna-jakarta@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna-jakarta@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna-jakarta@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna-jakarta@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-distro@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna-jakarta@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna-jakarta@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna-jakarta@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.5.2-SNAPSHOT

Identifiers

com.github.waffle.demo:waffle-filter:3.5.2-SNAPSHOT

Description:

Filter Demo for WAFFLE

License:

MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-demo/waffle-filter/pom.xml

Referenced In Project/Scope: waffle-distro
com.github.waffle.demo:waffle-filter:3.5.2-SNAPSHOT is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.5.2-SNAPSHOT

Identifiers

com.github.waffle.demo:waffle-form:3.5.2-SNAPSHOT

Description:

Form Demo for WAFFLE

License:

MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-demo/waffle-form/pom.xml

Referenced In Project/Scope: waffle-distro
com.github.waffle.demo:waffle-form:3.5.2-SNAPSHOT is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.5.2-SNAPSHOT

Identifiers

com.github.waffle.demo:waffle-jaas:3.5.2-SNAPSHOT

Description:

Jaas Demo for WAFFLE

License:

MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-demo/waffle-jaas/pom.xml

Referenced In Project/Scope: waffle-distro
com.github.waffle.demo:waffle-jaas:3.5.2-SNAPSHOT is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.5.2-SNAPSHOT

Identifiers

com.github.waffle.demo:waffle-mixed-post:3.5.2-SNAPSHOT

Description:

Mixed Post Demo for WAFFLE

License:

MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-demo/waffle-mixed-post/pom.xml

Referenced In Project/Scope: waffle-distro
com.github.waffle.demo:waffle-mixed-post:3.5.2-SNAPSHOT is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.5.2-SNAPSHOT

Identifiers

com.github.waffle.demo:waffle-mixed:3.5.2-SNAPSHOT

Description:

Mixed Demo for WAFFLE

License:

MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-demo/waffle-mixed/pom.xml

Referenced In Project/Scope: waffle-distro
com.github.waffle.demo:waffle-mixed:3.5.2-SNAPSHOT is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.5.2-SNAPSHOT

Identifiers

com.github.waffle.demo:waffle-negotiate:3.5.2-SNAPSHOT

Description:

Negotiate Demo for WAFFLE

License:

MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-demo/waffle-negotiate/pom.xml

Referenced In Project/Scope: waffle-distro
com.github.waffle.demo:waffle-negotiate:3.5.2-SNAPSHOT is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.5.2-SNAPSHOT

Identifiers

com.github.waffle.demo:waffle-spring-boot-filter2:3.5.2-SNAPSHOT

Description:

Spring Boot Filter 2 Demo for WAFFLE

License:

MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-demo/waffle-spring-boot-filter2/pom.xml

Referenced In Project/Scope: waffle-distro
com.github.waffle.demo:waffle-spring-boot-filter2:3.5.2-SNAPSHOT is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.5.2-SNAPSHOT

Identifiers

com.github.waffle.demo:waffle-spring-boot-filter3:3.5.2-SNAPSHOT

Description:

Spring Boot Filter 3 Demo for WAFFLE

License:

MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-demo/waffle-spring-boot-filter3/pom.xml

Referenced In Project/Scope: waffle-distro
com.github.waffle.demo:waffle-spring-boot-filter3:3.5.2-SNAPSHOT is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.5.2-SNAPSHOT

Identifiers

com.github.waffle.demo:waffle-spring-filter:3.5.2-SNAPSHOT

Description:

Spring Filter Demo for WAFFLE

License:

MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-demo/waffle-spring-filter/pom.xml

Referenced In Project/Scope: waffle-distro
com.github.waffle.demo:waffle-spring-filter:3.5.2-SNAPSHOT is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.5.2-SNAPSHOT

Identifiers

com.github.waffle.demo:waffle-spring-form:3.5.2-SNAPSHOT

Description:

Spring Form Demo for WAFFLE

License:

MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-demo/waffle-spring-form/pom.xml

Referenced In Project/Scope: waffle-distro
com.github.waffle.demo:waffle-spring-form:3.5.2-SNAPSHOT is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.5.2-SNAPSHOT

Identifiers

com.github.waffle:waffle-jetty-jakarta:3.5.2-SNAPSHOT

Description:

Jetty Jakarta integration for WAFFLE

License:

MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-jetty-jakarta/pom.xml

Referenced In Project/Scope: waffle-distro
com.github.waffle:waffle-jetty-jakarta:3.5.2-SNAPSHOT is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.5.2-SNAPSHOT

Identifiers

com.github.waffle:waffle-jetty:3.5.2-SNAPSHOT

Description:

Jetty integration for WAFFLE

License:

MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-jetty/pom.xml

Referenced In Project/Scope: waffle-distro
com.github.waffle:waffle-jetty:3.5.2-SNAPSHOT is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.5.2-SNAPSHOT

Identifiers

com.github.waffle:waffle-jna-jakarta:3.5.2-SNAPSHOT

Description:

WAFFLE JNA Jakarta Pakage implementation

License:

MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-jna-jakarta/pom.xml

Referenced In Projects/Scopes:
  • waffle-tomcat10
  • waffle-spring-boot-filter3
  • waffle-jetty-jakarta
  • waffle-tomcat11
  • waffle-spring-boot-starter3
  • waffle-spring-security6
  • waffle-distro
  • waffle-spring-boot-autoconfigure3
  • waffle-tests-jakarta

com.github.waffle:waffle-jna-jakarta:3.5.2-SNAPSHOT is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.waffle/waffle-tomcat11@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-boot-autoconfigure3@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-spring-boot-filter3@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-boot-starter3@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jetty-jakarta@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-distro@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security6@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-tests-jakarta@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-tomcat10@3.5.2-SNAPSHOT

Identifiers

com.github.waffle:waffle-jna:3.5.2-SNAPSHOT

Description:

WAFFLE JNA implementation

License:

MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-jna/pom.xml

Referenced In Projects/Scopes:
  • waffle-shiro
  • waffle-spring-boot-filter2
  • waffle-negotiate
  • waffle-mixed
  • waffle-tests
  • waffle-spring-boot-starter2
  • waffle-spring-boot-autoconfigure2
  • waffle-distro
  • waffle-spring-security5
  • waffle-tomcat9
  • waffle-form
  • waffle-jetty
  • waffle-filter
  • waffle-spring-filter
  • waffle-jaas
  • waffle-spring-form
  • waffle-mixed-post

com.github.waffle:waffle-jna:3.5.2-SNAPSHOT is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.waffle/waffle-spring-boot-autoconfigure2@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-shiro@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-tomcat9@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-form@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-mixed@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-boot-starter2@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-spring-boot-filter2@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jetty@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-mixed-post@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-filter@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-spring-filter@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-tests@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-distro@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-spring-form@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-negotiate@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-jaas@3.5.2-SNAPSHOT

Identifiers

com.github.waffle:waffle-shiro:3.5.2-SNAPSHOT

Description:

Shiro integration for WAFFLE

License:

MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-shiro/pom.xml

Referenced In Project/Scope: waffle-distro
com.github.waffle:waffle-shiro:3.5.2-SNAPSHOT is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.5.2-SNAPSHOT

Identifiers

com.github.waffle:waffle-spring-boot-autoconfigure2:3.5.2-SNAPSHOT

Description:

Spring Boot Autoconfigure for WAFFLE

License:

MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-spring-boot2/waffle-spring-boot-autoconfigure2/pom.xml

Referenced In Projects/Scopes:
  • waffle-spring-boot-filter2
  • waffle-spring-boot-starter2
  • waffle-distro

com.github.waffle:waffle-spring-boot-autoconfigure2:3.5.2-SNAPSHOT is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.waffle/waffle-distro@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-spring-boot-filter2@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-boot-starter2@3.5.2-SNAPSHOT

Identifiers

com.github.waffle:waffle-spring-boot-autoconfigure3:3.5.2-SNAPSHOT

Description:

Spring Boot Autoconfigure for WAFFLE

License:

MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-spring-boot3/waffle-spring-boot-autoconfigure3/pom.xml

Referenced In Projects/Scopes:
  • waffle-spring-boot-filter3
  • waffle-spring-boot-starter3
  • waffle-distro

com.github.waffle:waffle-spring-boot-autoconfigure3:3.5.2-SNAPSHOT is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.waffle.demo/waffle-spring-boot-filter3@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-distro@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-boot-starter3@3.5.2-SNAPSHOT

Identifiers

com.github.waffle:waffle-spring-boot-starter2:3.5.2-SNAPSHOT

Description:

Spring Boot Starter for WAFFLE

License:

MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-spring-boot2/waffle-spring-boot-starter2/pom.xml

Referenced In Projects/Scopes:
  • waffle-spring-boot-filter2
  • waffle-distro

com.github.waffle:waffle-spring-boot-starter2:3.5.2-SNAPSHOT is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.waffle.demo/waffle-spring-boot-filter2@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-distro@3.5.2-SNAPSHOT

Identifiers

com.github.waffle:waffle-spring-boot-starter3:3.5.2-SNAPSHOT

Description:

Spring Boot Starter for WAFFLE

License:

MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-spring-boot3/waffle-spring-boot-starter3/pom.xml

Referenced In Projects/Scopes:
  • waffle-spring-boot-filter3
  • waffle-distro

com.github.waffle:waffle-spring-boot-starter3:3.5.2-SNAPSHOT is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.waffle/waffle-distro@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-spring-boot-filter3@3.5.2-SNAPSHOT

Identifiers

com.github.waffle:waffle-spring-security5:3.5.2-SNAPSHOT

Description:

Spring Security 5 integration for WAFFLE

License:

MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-spring-security5/pom.xml

Referenced In Projects/Scopes:
  • waffle-spring-boot-filter2
  • waffle-spring-filter
  • waffle-spring-boot-starter2
  • waffle-spring-boot-autoconfigure2
  • waffle-distro
  • waffle-spring-form

com.github.waffle:waffle-spring-security5:3.5.2-SNAPSHOT is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.waffle/waffle-distro@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-boot-autoconfigure2@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-spring-boot-filter2@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-boot-starter2@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-spring-filter@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-spring-form@3.5.2-SNAPSHOT

Identifiers

com.github.waffle:waffle-spring-security6:3.5.2-SNAPSHOT

Description:

Spring Security 6 integration for WAFFLE

License:

MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-spring-security6/pom.xml

Referenced In Projects/Scopes:
  • waffle-spring-boot-filter3
  • waffle-spring-boot-starter3
  • waffle-distro
  • waffle-spring-boot-autoconfigure3

com.github.waffle:waffle-spring-security6:3.5.2-SNAPSHOT is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.waffle/waffle-distro@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-spring-boot-filter3@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-boot-autoconfigure3@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-boot-starter3@3.5.2-SNAPSHOT

Identifiers

com.github.waffle:waffle-tomcat10:3.5.2-SNAPSHOT

Description:

Tomcat 10 integration for WAFFLE

License:

MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-tomcat10/pom.xml

Referenced In Project/Scope: waffle-distro
com.github.waffle:waffle-tomcat10:3.5.2-SNAPSHOT is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.5.2-SNAPSHOT

Identifiers

com.github.waffle:waffle-tomcat11:3.5.2-SNAPSHOT

Description:

Tomcat 11 integration for WAFFLE

License:

MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-tomcat11/pom.xml

Referenced In Project/Scope: waffle-distro
com.github.waffle:waffle-tomcat11:3.5.2-SNAPSHOT is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.5.2-SNAPSHOT

Identifiers

com.github.waffle:waffle-tomcat9:3.5.2-SNAPSHOT

Description:

Tomcat 9 integration for WAFFLE

License:

MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-tomcat9/pom.xml

Referenced In Projects/Scopes:
  • waffle-filter
  • waffle-negotiate
  • waffle-mixed
  • waffle-distro
  • waffle-mixed-post

com.github.waffle:waffle-tomcat9:3.5.2-SNAPSHOT is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.waffle/waffle-distro@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-mixed-post@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-filter@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-mixed@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-negotiate@3.5.2-SNAPSHOT

Identifiers

commons-beanutils-1.9.4.jar

Description:

Apache Commons BeanUtils provides an easy-to-use but flexible wrapper around reflection and introspection.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/commons-beanutils/commons-beanutils/1.9.4/commons-beanutils-1.9.4.jar
MD5: 07dc532ee316fe1f2f0323e9bd2f8df4
SHA1: d52b9abcd97f38c81342bb7e7ae1eee9b73cba51
SHA256:7d938c81789028045c08c065e94be75fc280527620d5bd62b519d5838532368a
Referenced In Project/Scope: waffle-shiro:provided
commons-beanutils-1.9.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-shiro@3.5.2-SNAPSHOT

Identifiers

ecj-3.40.0.jar

Description:

Eclipse Compiler for Java(TM)

License:

Eclipse Public License - v 2.0: https://www.eclipse.org/legal/epl-2.0/
File Path: /home/runner/.m2/repository/org/eclipse/jdt/ecj/3.40.0/ecj-3.40.0.jar
MD5: 046151f4aec1539222b2d87b0ce1b3b9
SHA1: 5c26f6a20278196f8038a284d885c3796cd7d422
SHA256:05cc22a24e7982970f63a405fc6c820bc80b806f27f3c5a6236fc475f8f7152b
Referenced In Projects/Scopes:
  • waffle-jetty:provided
  • waffle-jetty-jakarta:provided

ecj-3.40.0.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.waffle/waffle-jetty@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jetty-jakarta@3.5.2-SNAPSHOT

Identifiers

encoder-1.3.1.jar

Description:

        The OWASP Encoders package is a collection of high-performance low-overhead
        contextual encoders, that when utilized correctly, is an effective tool in
        preventing Web Application security vulnerabilities such as Cross-Site
        Scripting.

License:

http://www.opensource.org/licenses/BSD-3-Clause
File Path: /home/runner/.m2/repository/org/owasp/encoder/encoder/1.3.1/encoder-1.3.1.jar
MD5: c826f7776c4d03adcbf1a2bceef84627
SHA1: 1ebf20e19ddc3fa952f4e2af220a20b085ce87ba
SHA256:c9c56c8970c7cb11b231913ba5190ce930f8fd4fac2bd918810642dc3848e757
Referenced In Project/Scope: waffle-shiro:provided
encoder-1.3.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.shiro/shiro-web@2.0.2

Identifiers

error_prone_annotations-2.36.0.jar

Description:

Error Prone is a static analysis tool for Java that catches common programming mistakes at compile-time.

License:

Apache 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/google/errorprone/error_prone_annotations/2.36.0/error_prone_annotations-2.36.0.jar
MD5: 0e48e5ba2cd0a8d8d09bad849b99f6a6
SHA1: 227d4d4957ccc3dc5761bd897e3a0ee587e750a7
SHA256:77440e270b0bc9a249903c5a076c36a722c4886ca4f42675f2903a1c53ed61a5
Referenced In Projects/Scopes:
  • waffle-jaas:provided
  • waffle-tomcat11:provided
  • waffle-jna:provided
  • waffle-spring-boot-filter3:provided
  • waffle-mixed-post:provided
  • waffle-jna-jakarta:provided
  • waffle-bom:provided
  • waffle-spring-security5:provided
  • waffle-shiro:provided
  • waffle-spring-boot2:provided
  • waffle-spring-boot-autoconfigure2:provided
  • waffle-negotiate:provided
  • waffle-distro:provided
  • waffle-jetty-jakarta:provided
  • waffle-spring-boot-filter2:provided
  • waffle-tests:provided
  • waffle-spring-boot3:provided
  • waffle-form:provided
  • waffle:provided
  • waffle-tests-jakarta:provided
  • waffle-spring-filter:provided
  • waffle-spring-form:provided
  • waffle-spring-security6:provided
  • waffle-tomcat9:provided
  • waffle-demo-parent:provided
  • waffle-spring-boot-autoconfigure3:provided
  • waffle-spring-boot-starter2:provided
  • waffle-jetty:provided
  • waffle-tomcat10:provided
  • waffle-spring-boot-starter3:provided
  • waffle-filter:provided
  • waffle-mixed:provided

error_prone_annotations-2.36.0.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.waffle/waffle-shiro@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-spring-form@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-mixed@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-jaas@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-boot-autoconfigure3@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-boot-autoconfigure2@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-spring-boot-filter2@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jetty@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-demo-parent@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-boot2@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-tomcat10@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-form@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-negotiate@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-boot3@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-mixed-post@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-tomcat9@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-spring-boot-filter3@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-distro@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-boot-starter2@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-spring-filter@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-boot-starter3@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-bom@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna-jakarta@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-tomcat11@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-filter@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-tests@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security6@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jetty-jakarta@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-tests-jakarta@3.5.2-SNAPSHOT

Identifiers

expressly-5.0.0.jar

Description:

Jakarta Expression Language Implementation

License:

https://www.eclipse.org/org/documents/epl-2.0/EPL-2.0.txt, https://www.gnu.org/software/classpath/license.html
File Path: /home/runner/.m2/repository/org/glassfish/expressly/expressly/5.0.0/expressly-5.0.0.jar
MD5: d4448c69fe69ebca37b2c76e62e385c3
SHA1: 78637fec7db6414c3ad32f3aa9e5d6610a299e5b
SHA256:b0c872737bb8381921b304d0952854666d1ba320b9b3c5bf4d70a09a86b61524
Referenced In Project/Scope: waffle-jetty-jakarta:provided
expressly-5.0.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-jetty-jakarta@3.5.2-SNAPSHOT

Identifiers

j2objc-annotations-3.0.0.jar

Description:

    A set of annotations that provide additional information to the J2ObjC
    translator to modify the result of translation.

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/google/j2objc/j2objc-annotations/3.0.0/j2objc-annotations-3.0.0.jar
MD5: f59529b29202a5baf37f491ea5ec8627
SHA1: 7399e65dd7e9ff3404f4535b2f017093bdb134c7
SHA256:88241573467ddca44ffd4d74aa04c2bbfd11bf7c17e0c342c94c9de7a70a7c64
Referenced In Projects/Scopes:
  • waffle-jaas:provided
  • waffle-tomcat11:provided
  • waffle-jna:provided
  • waffle-spring-boot-filter3:provided
  • waffle-mixed-post:provided
  • waffle-jna-jakarta:provided
  • waffle-bom:provided
  • waffle-spring-security5:provided
  • waffle-shiro:provided
  • waffle-spring-boot2:provided
  • waffle-spring-boot-autoconfigure2:provided
  • waffle-negotiate:provided
  • waffle-distro:provided
  • waffle-jetty-jakarta:provided
  • waffle-spring-boot-filter2:provided
  • waffle-tests:provided
  • waffle-spring-boot3:provided
  • waffle-form:provided
  • waffle:provided
  • waffle-tests-jakarta:provided
  • waffle-spring-filter:provided
  • waffle-spring-form:provided
  • waffle-spring-security6:provided
  • waffle-tomcat9:provided
  • waffle-demo-parent:provided
  • waffle-spring-boot-autoconfigure3:provided
  • waffle-spring-boot-starter2:provided
  • waffle-jetty:provided
  • waffle-tomcat10:provided
  • waffle-spring-boot-starter3:provided
  • waffle-filter:provided
  • waffle-mixed:provided

j2objc-annotations-3.0.0.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.waffle.demo/waffle-jaas@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-tomcat9@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-tomcat11@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-spring-boot-filter2@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-mixed@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-filter@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-spring-form@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-demo-parent@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-boot-starter3@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-tomcat10@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-boot2@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-spring-filter@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna-jakarta@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-spring-boot-filter3@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jetty-jakarta@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security6@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-tests@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-boot3@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jetty@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-negotiate@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-tests-jakarta@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-boot-autoconfigure2@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-distro@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-boot-autoconfigure3@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-form@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-bom@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-boot-starter2@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-mixed-post@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-shiro@3.5.2-SNAPSHOT

Identifiers

jackson-core-2.13.5.jar

Description:

Core Jackson processing abstractions (aka Streaming API), implementation for JSON

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.13.5/jackson-core-2.13.5.jar
MD5: 2272453c780d1383ecd2efde00c1a7a9
SHA1: 0d07c97d3de9ea658caf1ff1809fd9de930a286a
SHA256:48f36a025311d0464ad8dda4512a20c79e279a9550f63f3179d731d94482474b
Referenced In Projects/Scopes:
  • waffle-distro:runtime
  • waffle-spring-boot-autoconfigure2:compile
  • waffle-spring-boot-filter2:compile

jackson-core-2.13.5.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/org.springframework.boot/spring-boot-starter-web@2.7.18
  • pkg:maven/com.github.waffle.demo/waffle-spring-boot-filter2@3.5.2-SNAPSHOT
  • pkg:maven/org.springframework.boot/spring-boot-starter-web@2.7.18

Identifiers

jackson-core-2.18.2.jar

Description:

Core Jackson processing abstractions (aka Streaming API), implementation for JSON

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.18.2/jackson-core-2.18.2.jar
MD5: bf935e6eca3a57defa13918661905cb0
SHA1: fb64ccac5c27dca8819418eb4e443a9f496d9ee7
SHA256:d8054ae7c0d1c2d2f55d28e46026ebe5892881f3fab5f439233184381c3b4a1f
Referenced In Projects/Scopes:
  • waffle-spring-boot-autoconfigure3:compile
  • waffle-spring-boot-filter3:compile

jackson-core-2.18.2.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/org.springframework.boot/spring-boot-starter-web@3.4.1
  • pkg:maven/org.springframework.boot/spring-boot-starter-web@3.4.1

Identifiers

jackson-databind-2.13.5.jar

Description:

General data-binding functionality for Jackson: works on core streaming API

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.13.5/jackson-databind-2.13.5.jar
MD5: 1dbb98839964a6967a428d868b2d8714
SHA1: aa95e46dbc32454f3983221d420e78ef19ddf844
SHA256:5fedb24b2356491815d18267f65da9a21dd67413345ad7795f221afa25c78984
Referenced In Projects/Scopes:
  • waffle-distro:runtime
  • waffle-spring-boot-autoconfigure2:compile
  • waffle-spring-boot-filter2:compile

jackson-databind-2.13.5.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/org.springframework.boot/spring-boot-starter-web@2.7.18
  • pkg:maven/com.github.waffle.demo/waffle-spring-boot-filter2@3.5.2-SNAPSHOT
  • pkg:maven/org.springframework.boot/spring-boot-starter-web@2.7.18

Identifiers

CVE-2023-35116  

jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor's perspective is that this is not a valid vulnerability report, because the steps of constructing a cyclic data structure and trying to serialize it cannot be achieved by an external attacker.
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv3:
  • Base Score: MEDIUM (4.7)
  • Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:1.0/RC:R/MAV:A

References:

Vulnerable Software & Versions:

jackson-databind-2.18.2.jar

Description:

General data-binding functionality for Jackson: works on core streaming API

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.18.2/jackson-databind-2.18.2.jar
MD5: 1b56887bcd3eaea1ff710eb673e610b0
SHA1: deef8697b92141fb6caf7aa86966cff4eec9b04f
SHA256:4b364e6850dc89172fcf1d4dd26b8ff5488eda44ff4657e22dd265203dd5ab3c
Referenced In Projects/Scopes:
  • waffle-spring-boot-autoconfigure3:compile
  • waffle-spring-boot-filter3:compile

jackson-databind-2.18.2.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/org.springframework.boot/spring-boot-starter-web@3.4.1
  • pkg:maven/org.springframework.boot/spring-boot-starter-web@3.4.1

Identifiers

jakarta.annotation-api-1.3.5.jar

Description:

Jakarta Annotations API

License:

EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html
File Path: /home/runner/.m2/repository/jakarta/annotation/jakarta.annotation-api/1.3.5/jakarta.annotation-api-1.3.5.jar
MD5: 8b165cf58df5f8c2a222f637c0a07c97
SHA1: 59eb84ee0d616332ff44aba065f3888cf002cd2d
SHA256:85fb03fc054cdf4efca8efd9b6712bbb418e1ab98241c4539c8585bbc23e1b8a
Referenced In Projects/Scopes:
  • waffle-distro:runtime
  • waffle-spring-boot-starter2:compile
  • waffle-spring-boot-autoconfigure2:compile
  • waffle-spring-boot-filter2:compile

jakarta.annotation-api-1.3.5.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/org.springframework.boot/spring-boot-starter-web@2.7.18
  • pkg:maven/org.springframework.boot/spring-boot-starter@2.7.18
  • pkg:maven/com.github.waffle/waffle-spring-boot-starter2@3.5.2-SNAPSHOT
  • pkg:maven/org.springframework.boot/spring-boot-starter@2.7.18

Identifiers

jakarta.annotation-api-2.1.1.jar

Description:

Jakarta Annotations API

License:

EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html
File Path: /home/runner/.m2/repository/jakarta/annotation/jakarta.annotation-api/2.1.1/jakarta.annotation-api-2.1.1.jar
MD5: 5dac2f68e8288d0add4dc92cb161711d
SHA1: 48b9bda22b091b1f48b13af03fe36db3be6e1ae3
SHA256:5f65fdaf424eee2b55e1d882ba9bb376be93fb09b37b808be6e22e8851c909fe
Referenced In Projects/Scopes:
  • waffle-spring-boot-autoconfigure3:compile
  • waffle-spring-boot-filter3:compile
  • waffle-spring-boot-starter3:compile

jakarta.annotation-api-2.1.1.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/org.springframework.boot/spring-boot-starter@3.4.1
  • pkg:maven/org.springframework.boot/spring-boot-starter@3.4.1
  • pkg:maven/org.springframework.boot/spring-boot-starter-web@3.4.1

Identifiers

jakarta.annotation-api-3.0.0.jar

Description:

Jakarta Annotations API

License:

EPL 2.0: https://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html
File Path: /home/runner/.m2/repository/jakarta/annotation/jakarta.annotation-api/3.0.0/jakarta.annotation-api-3.0.0.jar
MD5: 7faffaab962918da4cf5ddfd76609dd2
SHA1: 54f928fadec906a99d558536756d171917b9d936
SHA256:b01f55552284cfb149411e64eabca75e942d26d2e1786b32914250e4330afaa2
Referenced In Projects/Scopes:
  • waffle-jetty:provided
  • waffle-jetty-jakarta:provided

jakarta.annotation-api-3.0.0.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.waffle/waffle-jetty@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jetty-jakarta@3.5.2-SNAPSHOT

Identifiers

jakarta.el-3.0.4.jar

Description:

        Jakarta Expression Language provides a specification document, API, reference implementation and TCK 
        that describes an expression language for Java applications.

License:

EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html
File Path: /home/runner/.m2/repository/org/glassfish/jakarta.el/3.0.4/jakarta.el-3.0.4.jar
MD5: a4ff0d711c405e054f8166c2ea893e0e
SHA1: f48473482c0e3e714f87186d9305bcae30b7f5cb
SHA256:3b8d4311b47fb47d168ad4338b6649a7cc21d5066b9765bd28ebca93148064be
Referenced In Project/Scope: waffle-jetty:provided
jakarta.el-3.0.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-jetty@3.5.2-SNAPSHOT

Identifiers

jakarta.el-api-6.0.1.jar

Description:

        Jakarta Expression Language defines an expression language for Java applications

License:

https://www.eclipse.org/org/documents/epl-2.0/EPL-2.0.txt, https://www.gnu.org/software/classpath/license.html
File Path: /home/runner/.m2/repository/jakarta/el/jakarta.el-api/6.0.1/jakarta.el-api-6.0.1.jar
MD5: a98f097e059552a75748fcdd067e5c16
SHA1: c7c4a2eb1e40e0ff45ab5e2e52bd77d8c7a75176
SHA256:7e84b5bed49de32b79cc5e85d90b6f5adb1a953ac67283adbb41c1e297f9c605
Referenced In Projects/Scopes:
  • waffle-jetty:provided
  • waffle-jetty-jakarta:provided

jakarta.el-api-6.0.1.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.waffle/waffle-jetty-jakarta@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jetty@3.5.2-SNAPSHOT

Identifiers

jakarta.servlet-api-4.0.2.jar

Description:

Java(TM) Servlet 4.0 API Design Specification

License:

EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html
File Path: /home/runner/.m2/repository/jakarta/servlet/jakarta.servlet-api/4.0.2/jakarta.servlet-api-4.0.2.jar
MD5: 75523dea16c815e4b111796ea1679b1b
SHA1: 60da427ed588aa0cf70cb6cb7209c31e83069364
SHA256:0cd32c92320ae92c8692ef326dfeef756e97760251fca0c45472f299f1c3c916
Referenced In Project/Scope: waffle-jetty:provided
jakarta.servlet-api-4.0.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.glassfish.web/jakarta.servlet.jsp.jstl@1.2.6

Identifiers

jakarta.servlet-api-4.0.4.jar

Description:

Jakarta Servlet 4.0

License:

EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html
File Path: /home/runner/.m2/repository/jakarta/servlet/jakarta.servlet-api/4.0.4/jakarta.servlet-api-4.0.4.jar
MD5: f5d1d7a29978e4ae0be5a456ee1c65c3
SHA1: b8a1142e04838fe54194049c6e7a18dae8f9b960
SHA256:586e27706c21258f5882f43be06904f49b02db9ac54e345d393fe4a32494d127
Referenced In Projects/Scopes:
  • waffle-jaas:provided
  • waffle-form:provided
  • waffle-spring-filter:provided
  • waffle-spring-form:provided
  • waffle-jna:provided
  • waffle-spring-boot-filter3:provided
  • waffle-demo-parent:provided
  • waffle-mixed-post:provided
  • waffle-spring-security5:provided
  • waffle-shiro:provided
  • waffle-filter:provided
  • waffle-mixed:provided
  • waffle-negotiate:provided
  • waffle-spring-boot-filter2:provided
  • waffle-tests:provided

jakarta.servlet-api-4.0.4.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.waffle.demo/waffle-filter@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-negotiate@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-tests@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-spring-boot-filter2@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-mixed@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-jaas@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-spring-boot-filter3@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-demo-parent@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-form@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-spring-filter@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-mixed-post@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-shiro@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-spring-form@3.5.2-SNAPSHOT

Identifiers

jakarta.servlet-api-6.0.0.jar

Description:

Jakarta Servlet 6.0

License:

EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html
File Path: /home/runner/.m2/repository/jakarta/servlet/jakarta.servlet-api/6.0.0/jakarta.servlet-api-6.0.0.jar
MD5: 4bcb3175ed9b7aa3f038d082879ec2a8
SHA1: abecc699286e65035ebba9844c03931357a6a963
SHA256:c034eb1afb158987dbb53a5fea0cadf611c8dae8daadd59c44d9d5ab70129cef
Referenced In Project/Scope: waffle-jetty-jakarta:provided
jakarta.servlet-api-6.0.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.eclipse.jetty.ee10/jetty-ee10-servlet@12.0.16

Identifiers

jakarta.servlet-api-6.1.0.jar

Description:

Jakarta Servlet 6.1

License:

EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html
File Path: /home/runner/.m2/repository/jakarta/servlet/jakarta.servlet-api/6.1.0/jakarta.servlet-api-6.1.0.jar
MD5: 314c930b3e40ac1abc3529c7c9942f09
SHA1: 1169a246913fe3823782af7943e7a103634867c5
SHA256:8a31f465f3593bf2351531a5c952014eb839da96a605b5825b93dd54714c48c4
Referenced In Projects/Scopes:
  • waffle-tests-jakarta:provided
  • waffle-spring-security6:provided
  • waffle-jna-jakarta:provided

jakarta.servlet-api-6.1.0.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.waffle/waffle-tests-jakarta@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security6@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna-jakarta@3.5.2-SNAPSHOT

Identifiers

jakarta.servlet.jsp-2.3.6.jar

Description:

JavaServer Pages API

License:

EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html
File Path: /home/runner/.m2/repository/org/glassfish/web/jakarta.servlet.jsp/2.3.6/jakarta.servlet.jsp-2.3.6.jar
MD5: 16d8baeceb5503f066c61582085c75cb
SHA1: 13192d5874b787c0ce0c70b35e95181e8b683a1c
SHA256:990af769158db75833fe8b4d1e56ea778246bc3c6522d434369f1a0bcebf8582
Referenced In Project/Scope: waffle-jetty:provided
jakarta.servlet.jsp-2.3.6.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-jetty@3.5.2-SNAPSHOT

Identifiers

jakarta.servlet.jsp-3.0.0.jar

Description:

JavaServer Pages API

License:

https://www.eclipse.org/org/documents/epl-2.0/EPL-2.0.txt, https://www.gnu.org/software/classpath/license.html
File Path: /home/runner/.m2/repository/org/glassfish/web/jakarta.servlet.jsp/3.0.0/jakarta.servlet.jsp-3.0.0.jar
MD5: fca522b72282d53d0819af32a5a2ec9c
SHA1: a1b306dd295439765d0fd2f9b00a48501c892b88
SHA256:7dde5d9789c030401c80bdfdbcc7a021665a451ba6f4ebdc033196cb7c8dee2a
Referenced In Project/Scope: waffle-jetty-jakarta:provided
jakarta.servlet.jsp-3.0.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-jetty-jakarta@3.5.2-SNAPSHOT

Identifiers

jakarta.servlet.jsp-api-4.0.0.jar

Description:

Jakarta Server Pages API

License:

https://www.eclipse.org/org/documents/epl-2.0/EPL-2.0.txt, https://www.gnu.org/software/classpath/license.html
File Path: /home/runner/.m2/repository/jakarta/servlet/jsp/jakarta.servlet.jsp-api/4.0.0/jakarta.servlet.jsp-api-4.0.0.jar
MD5: 6fddc938119e00e6f934c1b37120e338
SHA1: a8de3741b91ba7427306104979ab2f084e831438
SHA256:873b7d0c2b5734ef8847634299b67ce879080cdece8426147522c4db8e37c14e
Referenced In Projects/Scopes:
  • waffle-jetty:provided
  • waffle-jetty-jakarta:provided

jakarta.servlet.jsp-api-4.0.0.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.waffle/waffle-jetty-jakarta@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jetty@3.5.2-SNAPSHOT

Identifiers

jakarta.servlet.jsp.jstl-1.2.6.jar

Description:

JavaServer Pages(TM) Standard Tag Library API

License:

EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html
File Path: /home/runner/.m2/repository/org/glassfish/web/jakarta.servlet.jsp.jstl/1.2.6/jakarta.servlet.jsp.jstl-1.2.6.jar
MD5: 7058e8ed0b161b729e6134784750d22b
SHA1: f5a092de3b2b087c14ca4b8d6f2c77a1f6802828
SHA256:3b697c6cdf4d28de185e07d63f3682728b5a2b1dd229f5f9deb9b930d64b484a
Referenced In Project/Scope: waffle-jetty:provided
jakarta.servlet.jsp.jstl-1.2.6.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-jetty@3.5.2-SNAPSHOT

Identifiers

jakarta.servlet.jsp.jstl-3.0.1.jar

Description:

Jakarta Standard Tag Library Implementation

License:

EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html
File Path: /home/runner/.m2/repository/org/glassfish/web/jakarta.servlet.jsp.jstl/3.0.1/jakarta.servlet.jsp.jstl-3.0.1.jar
MD5: 3f6511c0066616415b9ed23a018b1cde
SHA1: 078909a1354585b2a7a2d3b4e348fceff8b6d180
SHA256:5cc6e60b9e74d38c25fe4f2d22dfd40577f5b8396bc885f7061cd2c525a43b86
Referenced In Project/Scope: waffle-jetty-jakarta:provided
jakarta.servlet.jsp.jstl-3.0.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-jetty-jakarta@3.5.2-SNAPSHOT

Identifiers

jakarta.servlet.jsp.jstl-api-1.2.4.jar

Description:

JavaServer Pages(TM) Standard Tag Library API

License:

EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html
File Path: /home/runner/.m2/repository/jakarta/servlet/jsp/jstl/jakarta.servlet.jsp.jstl-api/1.2.4/jakarta.servlet.jsp.jstl-api-1.2.4.jar
MD5: 5b4683c3a614b37a5de721817e792024
SHA1: 9d23cda192df1192894277fd9d0710abb61329af
SHA256:57122ab0151f82e716d825e65627e8064eb108dbeaafafa780687d61d5359454
Referenced In Project/Scope: waffle-jetty:provided
jakarta.servlet.jsp.jstl-api-1.2.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.glassfish.web/jakarta.servlet.jsp.jstl@1.2.6

Identifiers

jcl-over-slf4j-2.0.16.jar

Description:

JCL 1.2 implemented over SLF4J

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/slf4j/jcl-over-slf4j/2.0.16/jcl-over-slf4j-2.0.16.jar
MD5: c077b88c43f9d63f64f9880fdb457efb
SHA1: 9d08badad22f1ac07deac9188ade596472a2bfd9
SHA256:5744d62c5af556e839ab922c9fa3f737f0a5971e478ba68b2eb5256b2842ec78
Referenced In Projects/Scopes:
  • waffle-tests:compile
  • waffle-jna:compile
  • waffle-jna-jakarta:compile
  • waffle-tomcat11:compile
  • waffle-mixed-post:provided
  • waffle-tomcat10:compile
  • waffle-shiro:compile
  • waffle-form:compile
  • waffle-mixed:provided
  • waffle-negotiate:provided
  • waffle-distro:compile
  • waffle-tests-jakarta:compile
  • waffle-jetty-jakarta:compile
  • waffle-jetty:compile
  • waffle-tomcat9:compile
  • waffle-jaas:compile
  • waffle-filter:compile

jcl-over-slf4j-2.0.16.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.waffle/waffle-jna-jakarta@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna-jakarta@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna-jakarta@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna-jakarta@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-tomcat9@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna-jakarta@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-distro@3.5.2-SNAPSHOT

Identifiers

jdtcore-3.1.0.jar

File Path: /home/runner/.m2/repository/eclipse/jdtcore/3.1.0/jdtcore-3.1.0.jar
MD5: d1651bf9048165f304e7877f1eaad6dc
SHA1: c5e3e72ae7220118c3da808628ec7016d4d8aef2
SHA256:b163be93b2131f97dd23ee03c935b34f48c17e74d8f60b644747528ea024e88e
Referenced In Project/Scope: waffle-jetty-jakarta:provided
jdtcore-3.1.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.glassfish.web/jakarta.servlet.jsp@3.0.0

Identifiers

CVE-2023-4218  

In Eclipse IDE versions < 2023-09 (4.29) some files with xml content are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil project or update an open project with a vulnerable file (for example for review a foreign repository or patch).
CWE-611 Improper Restriction of XML External Entity Reference

CVSSv3:
  • Base Score: MEDIUM (5.0)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:1.3/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

jdtcore-3.1.0.jar: jdtCompilerAdapter.jar

File Path: /home/runner/.m2/repository/eclipse/jdtcore/3.1.0/jdtcore-3.1.0.jar/jdtCompilerAdapter.jar
MD5: e66287f3ce15029d202ffc9c2dc3aa77
SHA1: a9d9eb99b7920dd3ee24d601a26cd7e473b0bf6e
SHA256:c79595d136ba157fc63286bf29cee69f6ab09cf2b9005ce70ae7eb01431115d9
Referenced In Project/Scope: waffle-jetty-jakarta:provided

Identifiers

  • None

jetty-ee-12.0.16.jar

Description:

Jetty module for Core :: EE Common

License:

EPL-2.0 OR Apache-2.0
https://www.eclipse.org/legal/epl-2.0/, https://www.apache.org/licenses/LICENSE-2.0
File Path: /home/runner/.m2/repository/org/eclipse/jetty/jetty-ee/12.0.16/jetty-ee-12.0.16.jar
MD5: 72db9881287f6e4bafa12bd16bad37b8
SHA1: 14b177b6765e805ec33a122d865864bd585561eb
SHA256:1b795f43e0c28b4d6979572a1b0a719ed560052bea20a3e3dc52cc75e4561f7f
Referenced In Projects/Scopes:
  • waffle-jetty:provided
  • waffle-jetty-jakarta:provided

jetty-ee-12.0.16.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/org.eclipse.jetty.ee10/jetty-ee10-webapp@12.0.16
  • pkg:maven/org.eclipse.jetty.ee8/jetty-ee8-webapp@12.0.16

Identifiers

jetty-server-12.0.16.jar

Description:

The legacy jetty server artifact.

License:

EPL-2.0 OR Apache-2.0
https://www.eclipse.org/legal/epl-2.0/, https://www.apache.org/licenses/LICENSE-2.0
File Path: /home/runner/.m2/repository/org/eclipse/jetty/jetty-server/12.0.16/jetty-server-12.0.16.jar
MD5: 8bc8e31a2ebea7cb185fd188e5b4b5ca
SHA1: 3e3638b4bfbee04c27b3ae68e4949fc43b40a042
SHA256:9e3f17ca732154ee2c67cc2bc340f322b29335f74d65f7cc0104c2e9cdc6640e
Referenced In Projects/Scopes:
  • waffle-jetty:provided
  • waffle-jetty-jakarta:provided

jetty-server-12.0.16.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/org.eclipse.jetty.ee10/jetty-ee10-servlet@12.0.16
  • pkg:maven/org.eclipse.jetty.ee8/jetty-ee8-servlet@12.0.16

Identifiers

jetty-servlet-api-4.0.6.jar

Description:

Combined servlet api and schemas for use in JPMS and OSGi environments

License:

http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php
File Path: /home/runner/.m2/repository/org/eclipse/jetty/toolchain/jetty-servlet-api/4.0.6/jetty-servlet-api-4.0.6.jar
MD5: d63413e02885c25d0129e3d2936606f6
SHA1: 959c5d83d08f5cddf56caff749e48b735193191b
SHA256:d90bf1f8a9d2ba89f4510bb51e1516dcf94ef6dc034e00f233654abdd78f2210
Referenced In Project/Scope: waffle-jetty:provided
jetty-servlet-api-4.0.6.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.eclipse.jetty.ee8/jetty-ee8-apache-jsp@12.0.16

Identifiers

jna-5.16.0.jar

Description:

Java Native Access

License:

LGPL-2.1-or-later: https://www.gnu.org/licenses/old-licenses/lgpl-2.1
Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/net/java/dev/jna/jna/5.16.0/jna-5.16.0.jar
MD5: accc2e2b8676434a87f4f73fb4d90b44
SHA1: ebea09f91dc9f7048099f963fb8d6f919f0a4d9c
SHA256:3f5233589a799eb66dc2969afa3433fb56859d3d787c58b9bc7dd9e86f0a250c
Referenced In Projects/Scopes:
  • waffle-tests:compile
  • waffle-jna:compile
  • waffle-spring-boot-autoconfigure3:compile
  • waffle-bom:compile
  • waffle-spring-boot-starter2:compile
  • waffle-mixed-post:provided
  • waffle-spring-boot-autoconfigure2:compile
  • waffle-spring-boot-starter3:compile
  • waffle-form:compile
  • waffle-negotiate:provided
  • waffle-tests-jakarta:compile
  • waffle-spring-boot-filter3:compile
  • waffle-spring-filter:compile
  • waffle-spring-boot-filter2:compile
  • waffle-jna-jakarta:compile
  • waffle-spring-security5:compile
  • waffle-tomcat11:compile
  • waffle-spring-security6:compile
  • waffle-tomcat10:compile
  • waffle-shiro:compile
  • waffle-spring-form:compile
  • waffle-mixed:provided
  • waffle-distro:compile
  • waffle-jetty-jakarta:compile
  • waffle-jetty:compile
  • waffle-tomcat9:compile
  • waffle-jaas:compile
  • waffle-filter:compile

jna-5.16.0.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.waffle/waffle-jna@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna-jakarta@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security6@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna-jakarta@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna-jakarta@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-distro@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna-jakarta@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna-jakarta@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-tomcat9@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security6@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna-jakarta@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-bom@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna-jakarta@3.5.2-SNAPSHOT

Identifiers

jna-5.16.0.jar: jnidispatch.dll

File Path: /home/runner/.m2/repository/net/java/dev/jna/jna/5.16.0/jna-5.16.0.jar/com/sun/jna/win32-aarch64/jnidispatch.dll
MD5: 302945a811fd8e21bcdd5226c73b6f74
SHA1: 6b05e299ff2b3eb3b7b7aeac44263f715693607c
SHA256:b8f98be314234cf12b5b46c29652f70c0f6abb93ae19b63d3fe2692062aa699d
Referenced In Projects/Scopes:

  • waffle-tests:compile
  • waffle-jna:compile
  • waffle-spring-boot-autoconfigure3:compile
  • waffle-bom:compile
  • waffle-spring-boot-starter2:compile
  • waffle-mixed-post:provided
  • waffle-spring-boot-autoconfigure2:compile
  • waffle-spring-boot-starter3:compile
  • waffle-form:compile
  • waffle-negotiate:provided
  • waffle-tests-jakarta:compile
  • waffle-spring-boot-filter3:compile
  • waffle-spring-filter:compile
  • waffle-spring-boot-filter2:compile
  • waffle-jna-jakarta:compile
  • waffle-spring-security5:compile
  • waffle-tomcat11:compile
  • waffle-spring-security6:compile
  • waffle-tomcat10:compile
  • waffle-shiro:compile
  • waffle-spring-form:compile
  • waffle-mixed:provided
  • waffle-distro:compile
  • waffle-jetty-jakarta:compile
  • waffle-jetty:compile
  • waffle-tomcat9:compile
  • waffle-jaas:compile
  • waffle-filter:compile

Identifiers

  • None

jna-5.16.0.jar: jnidispatch.dll

File Path: /home/runner/.m2/repository/net/java/dev/jna/jna/5.16.0/jna-5.16.0.jar/com/sun/jna/win32-x86-64/jnidispatch.dll
MD5: 2d2475f1f026dd54e9f3e787ae4f81da
SHA1: 27ff882ac271db547aee520b38e3ba9aa91e136c
SHA256:5a7ff949f6d93d86491eb5b26b1cfc60051168a60622650224b89995ac420023
Referenced In Projects/Scopes:

  • waffle-tests:compile
  • waffle-jna:compile
  • waffle-spring-boot-autoconfigure3:compile
  • waffle-bom:compile
  • waffle-spring-boot-starter2:compile
  • waffle-mixed-post:provided
  • waffle-spring-boot-autoconfigure2:compile
  • waffle-spring-boot-starter3:compile
  • waffle-form:compile
  • waffle-negotiate:provided
  • waffle-tests-jakarta:compile
  • waffle-spring-boot-filter3:compile
  • waffle-spring-filter:compile
  • waffle-spring-boot-filter2:compile
  • waffle-jna-jakarta:compile
  • waffle-spring-security5:compile
  • waffle-tomcat11:compile
  • waffle-spring-security6:compile
  • waffle-tomcat10:compile
  • waffle-shiro:compile
  • waffle-spring-form:compile
  • waffle-mixed:provided
  • waffle-distro:compile
  • waffle-jetty-jakarta:compile
  • waffle-jetty:compile
  • waffle-tomcat9:compile
  • waffle-jaas:compile
  • waffle-filter:compile

Identifiers

  • None

jna-5.16.0.jar: jnidispatch.dll

File Path: /home/runner/.m2/repository/net/java/dev/jna/jna/5.16.0/jna-5.16.0.jar/com/sun/jna/win32-x86/jnidispatch.dll
MD5: 0caa1ef75a807f9dde05084fa2219a5c
SHA1: 2f5e1cd82cde192905c7510ce99037b67d980640
SHA256:752d597cee7e95cb517327146bf42f124c0d6c0bc48b3ecc3b1b3b0531a52f44
Referenced In Projects/Scopes:

  • waffle-tests:compile
  • waffle-jna:compile
  • waffle-spring-boot-autoconfigure3:compile
  • waffle-bom:compile
  • waffle-spring-boot-starter2:compile
  • waffle-mixed-post:provided
  • waffle-spring-boot-autoconfigure2:compile
  • waffle-spring-boot-starter3:compile
  • waffle-form:compile
  • waffle-negotiate:provided
  • waffle-tests-jakarta:compile
  • waffle-spring-boot-filter3:compile
  • waffle-spring-filter:compile
  • waffle-spring-boot-filter2:compile
  • waffle-jna-jakarta:compile
  • waffle-spring-security5:compile
  • waffle-tomcat11:compile
  • waffle-spring-security6:compile
  • waffle-tomcat10:compile
  • waffle-shiro:compile
  • waffle-spring-form:compile
  • waffle-mixed:provided
  • waffle-distro:compile
  • waffle-jetty-jakarta:compile
  • waffle-jetty:compile
  • waffle-tomcat9:compile
  • waffle-jaas:compile
  • waffle-filter:compile

Identifiers

  • None

jna-platform-5.16.0.jar

Description:

Java Native Access Platform

License:

LGPL-2.1-or-later: https://www.gnu.org/licenses/old-licenses/lgpl-2.1
Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/net/java/dev/jna/jna-platform/5.16.0/jna-platform-5.16.0.jar
MD5: 12ba6b7a7752ecf0a5baed725f3192c2
SHA1: b2a9065f97c166893d504b164706512338e3bbc2
SHA256:e5a79523964509757555782bb60283e4902611013f107e4600dc93298f73f382
Referenced In Projects/Scopes:
  • waffle-tests:compile
  • waffle-jna:compile
  • waffle-spring-boot-autoconfigure3:compile
  • waffle-bom:compile
  • waffle-spring-boot-starter2:compile
  • waffle-mixed-post:provided
  • waffle-spring-boot-autoconfigure2:compile
  • waffle-spring-boot-starter3:compile
  • waffle-form:compile
  • waffle-negotiate:provided
  • waffle-tests-jakarta:compile
  • waffle-spring-boot-filter3:compile
  • waffle-spring-filter:compile
  • waffle-spring-boot-filter2:compile
  • waffle-jna-jakarta:compile
  • waffle-spring-security5:compile
  • waffle-tomcat11:compile
  • waffle-spring-security6:compile
  • waffle-tomcat10:compile
  • waffle-shiro:compile
  • waffle-spring-form:compile
  • waffle-mixed:provided
  • waffle-distro:compile
  • waffle-jetty-jakarta:compile
  • waffle-jetty:compile
  • waffle-tomcat9:compile
  • waffle-jaas:compile
  • waffle-filter:compile

jna-platform-5.16.0.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.waffle/waffle-jna@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna-jakarta@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna-jakarta@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna-jakarta@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-bom@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna-jakarta@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-distro@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna-jakarta@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna-jakarta@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-tomcat9@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security6@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security6@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna-jakarta@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.5.2-SNAPSHOT

Identifiers

jsr305-3.0.2.jar

Description:

JSR305 Annotations for Findbugs

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar
MD5: dd83accb899363c32b07d7a1b2e4ce40
SHA1: 25ea2e8b0c338a877313bd4672d3fe056ea78f0d
SHA256:766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7
Referenced In Projects/Scopes:
  • waffle-jaas:provided
  • waffle-tomcat11:provided
  • waffle-jna:provided
  • waffle-spring-boot-filter3:provided
  • waffle-mixed-post:provided
  • waffle-jna-jakarta:provided
  • waffle-bom:provided
  • waffle-spring-security5:provided
  • waffle-shiro:provided
  • waffle-spring-boot2:provided
  • waffle-spring-boot-autoconfigure2:provided
  • waffle-negotiate:provided
  • waffle-distro:provided
  • waffle-jetty-jakarta:provided
  • waffle-spring-boot-filter2:provided
  • waffle-tests:provided
  • waffle-spring-boot3:provided
  • waffle-form:provided
  • waffle:provided
  • waffle-tests-jakarta:provided
  • waffle-spring-filter:provided
  • waffle-spring-form:provided
  • waffle-spring-security6:provided
  • waffle-tomcat9:provided
  • waffle-demo-parent:provided
  • waffle-spring-boot-autoconfigure3:provided
  • waffle-spring-boot-starter2:provided
  • waffle-jetty:provided
  • waffle-tomcat10:provided
  • waffle-spring-boot-starter3:provided
  • waffle-filter:provided
  • waffle-mixed:provided

jsr305-3.0.2.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.6
  • pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.6
  • pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.6
  • pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.6
  • pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.6
  • pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.6
  • pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.6
  • pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.6
  • pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.6
  • pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.6
  • pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.6
  • pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.6
  • pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.6
  • pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.6
  • pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.6
  • pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.6
  • pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.6
  • pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.6
  • pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.6
  • pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.6
  • pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.6
  • pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.6
  • pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.6
  • pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.6
  • pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.6
  • pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.6
  • pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.6
  • pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.6
  • pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.6
  • pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.6
  • pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.6
  • pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.6

Identifiers

jul-to-slf4j-1.7.36.jar

Description:

JUL to SLF4J bridge

File Path: /home/runner/.m2/repository/org/slf4j/jul-to-slf4j/1.7.36/jul-to-slf4j-1.7.36.jar
MD5: 2a3fe73e6cafe8f102facaf2dd65353f
SHA1: ed46d81cef9c412a88caef405b58f93a678ff2ca
SHA256:9e641fb142c5f0b0623d6222c09ea87523a41bf6bed48ac79940724010b989de
Referenced In Projects/Scopes:

  • waffle-distro:runtime
  • waffle-spring-boot-starter2:compile
  • waffle-spring-boot-autoconfigure2:compile
  • waffle-spring-boot-filter2:compile

jul-to-slf4j-1.7.36.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/org.springframework.boot/spring-boot-starter-web@2.7.18
  • pkg:maven/com.github.waffle/waffle-spring-boot-starter2@3.5.2-SNAPSHOT
  • pkg:maven/org.springframework.boot/spring-boot-starter@2.7.18
  • pkg:maven/org.springframework.boot/spring-boot-starter@2.7.18

Identifiers

jul-to-slf4j-2.0.16.jar

Description:

JUL to SLF4J bridge

License:

http://www.opensource.org/licenses/mit-license.php
File Path: /home/runner/.m2/repository/org/slf4j/jul-to-slf4j/2.0.16/jul-to-slf4j-2.0.16.jar
MD5: 410ad2f2230e0150216d86e12a4af995
SHA1: 6d57da3e961daac65bcca0dd3def6cd11e48a24a
SHA256:0f2ec396ea29c9a440890d1f09fdb82fdd574b47b298435764235451c193861d
Referenced In Projects/Scopes:
  • waffle-spring-boot-autoconfigure3:compile
  • waffle-spring-boot-filter3:compile
  • waffle-spring-boot-starter3:compile

jul-to-slf4j-2.0.16.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/org.springframework.boot/spring-boot-starter-web@3.4.1
  • pkg:maven/org.springframework.boot/spring-boot-starter@3.4.1
  • pkg:maven/org.springframework.boot/spring-boot-starter@3.4.1

Identifiers

log4j-api-2.24.3.jar

Description:

The logging API of the Log4j project.
    Library and application code can log through this API.
    It contains a simple built-in implementation (`SimpleLogger`) for trivial use cases.
    Production applications are recommended to use Log4j API in combination with a fully-fledged implementation, such as Log4j Core.

License:

Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/apache/logging/log4j/log4j-api/2.24.3/log4j-api-2.24.3.jar
MD5: d89516699543c5c21be87ee1760695f3
SHA1: b02c125db8b6d295adf72ae6e71af5d83bce2370
SHA256:5b4a0a0cd0e751ded431c162442bdbdd53328d1f8bb2bae5fc1bbeee0f66d80f
Referenced In Projects/Scopes:
  • waffle-spring-boot-autoconfigure3:compile
  • waffle-distro:runtime
  • waffle-spring-boot-starter2:compile
  • waffle-spring-boot-filter3:compile
  • waffle-spring-boot-autoconfigure2:compile
  • waffle-spring-boot-starter3:compile
  • waffle-spring-boot-filter2:compile

log4j-api-2.24.3.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/org.springframework.boot/spring-boot-starter@3.4.1
  • pkg:maven/org.springframework.boot/spring-boot-starter@2.7.18
  • pkg:maven/com.github.waffle/waffle-spring-boot-starter2@3.5.2-SNAPSHOT
  • pkg:maven/org.springframework.boot/spring-boot-starter@2.7.18
  • pkg:maven/org.springframework.boot/spring-boot-starter-web@3.4.1
  • pkg:maven/org.springframework.boot/spring-boot-starter-web@2.7.18
  • pkg:maven/org.springframework.boot/spring-boot-starter@3.4.1

Identifiers

log4j-to-slf4j-2.24.3.jar

Description:

Forwards the Log4j API calls to SLF4J.
    (Refer to the `log4j-slf4j[2]-impl` artifacts for forwarding SLF4J to the Log4j API.)

License:

Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/apache/logging/log4j/log4j-to-slf4j/2.24.3/log4j-to-slf4j-2.24.3.jar
MD5: 1f4b63f9c41f2f5179aa10b35d76e805
SHA1: da1143e2a2531ee1c2d90baa98eb50a28a39d5a7
SHA256:c7f2b0c612a4eb05b1587d1c880eb4cf5f4f53850676a8ede8da2b8fabb4f73f
Referenced In Projects/Scopes:
  • waffle-spring-boot-autoconfigure3:compile
  • waffle-distro:runtime
  • waffle-spring-boot-starter2:compile
  • waffle-spring-boot-filter3:compile
  • waffle-spring-boot-autoconfigure2:compile
  • waffle-spring-boot-starter3:compile
  • waffle-spring-boot-filter2:compile

log4j-to-slf4j-2.24.3.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/org.springframework.boot/spring-boot-starter@2.7.18
  • pkg:maven/com.github.waffle/waffle-spring-boot-starter2@3.5.2-SNAPSHOT
  • pkg:maven/org.springframework.boot/spring-boot-starter-web@3.4.1
  • pkg:maven/org.springframework.boot/spring-boot-starter@2.7.18
  • pkg:maven/org.springframework.boot/spring-boot-starter-web@2.7.18
  • pkg:maven/org.springframework.boot/spring-boot-starter@3.4.1
  • pkg:maven/org.springframework.boot/spring-boot-starter@3.4.1

Identifiers

logback-classic-1.2.12.jar

Description:

logback-classic module

License:

http://www.eclipse.org/legal/epl-v10.html, http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html
File Path: /home/runner/.m2/repository/ch/qos/logback/logback-classic/1.2.12/logback-classic-1.2.12.jar
MD5: a7ebf115c247690da5e5e64849da6f5f
SHA1: d4dee19148dccb177a0736eb2027bd195341da78
SHA256:f65352bf627177e414c956a977a5851e7125e9f3a2e1a7847b2fa78182dc49fe
Referenced In Projects/Scopes:
  • waffle-spring-boot-starter2:compile
  • waffle-spring-boot-autoconfigure2:compile

logback-classic-1.2.12.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/org.springframework.boot/spring-boot-starter-web@2.7.18
  • pkg:maven/org.springframework.boot/spring-boot-starter@2.7.18

Identifiers

CVE-2023-6378  

A serialization vulnerability in logback receiver component part of 
logback version 1.4.11 allows an attacker to mount a Denial-Of-Service 
attack by sending poisoned data.
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2023-6481  

A serialization vulnerability in logback receiver component part of 
logback version 1.4.13, 1.3.13 and 1.2.12 allows an attacker to mount a Denial-Of-Service 
attack by sending poisoned data.
NVD-CWE-noinfo

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

logback-classic-1.5.12.jar

Description:

logback-classic module

License:

http://www.eclipse.org/legal/epl-v10.html, http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html
File Path: /home/runner/.m2/repository/ch/qos/logback/logback-classic/1.5.12/logback-classic-1.5.12.jar
MD5: 5f752b29e5cf40b79a5bedef12cee8c3
SHA1: 3790d1a62e868f7915776dfb392bd9a29ce8d954
SHA256:ebe1a2ce1072b365090d58af40fcb7482d7864a31cd2b1c62c9b1d13f9a80c09
Referenced In Projects/Scopes:
  • waffle-spring-boot-autoconfigure3:compile
  • waffle-spring-boot-starter3:compile

logback-classic-1.5.12.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/org.springframework.boot/spring-boot-starter@3.4.1
  • pkg:maven/org.springframework.boot/spring-boot-starter-web@3.4.1

Identifiers

logback-core-1.2.12.jar

Description:

logback-core module

License:

http://www.eclipse.org/legal/epl-v10.html, http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html
File Path: /home/runner/.m2/repository/ch/qos/logback/logback-core/1.2.12/logback-core-1.2.12.jar
MD5: 879d60b3fa9c6617cee4e20f12f6a16e
SHA1: 1d8e51a698b138065d73baefb4f94531faa323cb
SHA256:0cba0755fbdc1793f60dc9d1ef22337737899f4f28b485c42bcadacb73664b34
Referenced In Projects/Scopes:
  • waffle-spring-boot-starter2:compile
  • waffle-spring-boot-autoconfigure2:compile
  • waffle-spring-boot-filter2:compile

logback-core-1.2.12.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/ch.qos.logback/logback-classic@1.5.15
  • pkg:maven/org.springframework.boot/spring-boot-starter-web@2.7.18
  • pkg:maven/org.springframework.boot/spring-boot-starter@2.7.18

Identifiers

CVE-2023-6378  

A serialization vulnerability in logback receiver component part of 
logback version 1.4.11 allows an attacker to mount a Denial-Of-Service 
attack by sending poisoned data.
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2023-6481  

A serialization vulnerability in logback receiver component part of 
logback version 1.4.13, 1.3.13 and 1.2.12 allows an attacker to mount a Denial-Of-Service 
attack by sending poisoned data.
NVD-CWE-noinfo

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2024-12798 (OSSINDEX)  

ACE vulnerability in JaninoEventEvaluator  by QOS.CH logback-core
      upto and including version 1.5.12 in Java applications allows
      attacker to execute arbitrary code by compromising an existing
      logback configuration file or by injecting an environment variable
      before program execution.





Malicious logback configuration files can allow the attacker to execute 
arbitrary code using the JaninoEventEvaluator extension.



A successful attack requires the user to have write access to a 
configuration file. Alternatively, the attacker could inject a malicious 
environment variable pointing to a malicious configuration file. In both 
cases, the attack requires existing privilege.
CWE-917 Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

CVSSv2:
  • Base Score: MEDIUM (5.900000095367432)
  • Vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:ch.qos.logback:logback-core:1.2.12:*:*:*:*:*:*:*

CVE-2024-12801 (OSSINDEX)  

Server-Side Request Forgery (SSRF) in SaxEventRecorder by QOS.CH logback version 1.5.12 on the Java platform, allows an attacker to 
forge requests by compromising logback configuration files in XML.



The attacks involves the modification of DOCTYPE declaration in  XML configuration files.

Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2024-12801 for details
CWE-918 Server-Side Request Forgery (SSRF)

CVSSv2:
  • Base Score: LOW (2.4000000953674316)
  • Vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:N/VA:L/SC:H/SI:H/SA:H

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:ch.qos.logback:logback-core:1.2.12:*:*:*:*:*:*:*

logback-core-1.5.12.jar

Description:

logback-core module

License:

http://www.eclipse.org/legal/epl-v10.html, http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html
File Path: /home/runner/.m2/repository/ch/qos/logback/logback-core/1.5.12/logback-core-1.5.12.jar
MD5: e381425e2c7eb1b0b0f3fa93f6c67355
SHA1: 65b1fa25fe8d8e4bdc140e79eb67ac6741f775e2
SHA256:3f35b41621c2cbf72a9d9f3ce2270ba2040e4808bd6befdd720866e926d3e84a
Referenced In Projects/Scopes:
  • waffle-spring-boot-autoconfigure3:compile
  • waffle-spring-boot-filter3:compile
  • waffle-spring-boot-starter3:compile

logback-core-1.5.12.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/org.springframework.boot/spring-boot-starter@3.4.1
  • pkg:maven/org.springframework.boot/spring-boot-starter-web@3.4.1
  • pkg:maven/ch.qos.logback/logback-classic@1.5.15

Identifiers

CVE-2024-12798 (OSSINDEX)  

ACE vulnerability in JaninoEventEvaluator  by QOS.CH logback-core
      upto and including version 1.5.12 in Java applications allows
      attacker to execute arbitrary code by compromising an existing
      logback configuration file or by injecting an environment variable
      before program execution.





Malicious logback configuration files can allow the attacker to execute 
arbitrary code using the JaninoEventEvaluator extension.



A successful attack requires the user to have write access to a 
configuration file. Alternatively, the attacker could inject a malicious 
environment variable pointing to a malicious configuration file. In both 
cases, the attack requires existing privilege.
CWE-917 Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

CVSSv2:
  • Base Score: MEDIUM (5.900000095367432)
  • Vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:ch.qos.logback:logback-core:1.5.12:*:*:*:*:*:*:*

CVE-2024-12801 (OSSINDEX)  

Server-Side Request Forgery (SSRF) in SaxEventRecorder by QOS.CH logback version 1.5.12 on the Java platform, allows an attacker to 
forge requests by compromising logback configuration files in XML.



The attacks involves the modification of DOCTYPE declaration in  XML configuration files.

Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2024-12801 for details
CWE-918 Server-Side Request Forgery (SSRF)

CVSSv2:
  • Base Score: LOW (2.4000000953674316)
  • Vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:N/VA:L/SC:H/SI:H/SA:H

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:ch.qos.logback:logback-core:1.5.12:*:*:*:*:*:*:*

logback-core-1.5.15.jar

Description:

logback-core module

License:

http://www.eclipse.org/legal/epl-v10.html, http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html
File Path: /home/runner/.m2/repository/ch/qos/logback/logback-core/1.5.15/logback-core-1.5.15.jar
MD5: 932d68eb5c938eee29ddd0f47c0cf31b
SHA1: 81633c8360b7e5b4edc52ca908bf14de0b73ef05
SHA256:695bc40dd790cb710575f768e37b8eb12f814d84b008011a2ef85d5daaafa745
Referenced In Projects/Scopes:
  • waffle-mixed:compile
  • waffle-spring-form:compile
  • waffle-form:compile
  • waffle-distro:runtime
  • waffle-mixed-post:compile
  • waffle-negotiate:compile
  • waffle-spring-filter:compile
  • waffle-jaas:compile
  • waffle-filter:compile
  • waffle-demo-parent:compile

logback-core-1.5.15.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/ch.qos.logback/logback-classic@1.5.15
  • pkg:maven/ch.qos.logback/logback-classic@1.5.15
  • pkg:maven/ch.qos.logback/logback-classic@1.5.15
  • pkg:maven/ch.qos.logback/logback-classic@1.5.15
  • pkg:maven/com.github.waffle/waffle-distro@3.5.2-SNAPSHOT
  • pkg:maven/ch.qos.logback/logback-classic@1.5.15
  • pkg:maven/ch.qos.logback/logback-classic@1.5.15
  • pkg:maven/ch.qos.logback/logback-classic@1.5.15
  • pkg:maven/ch.qos.logback/logback-classic@1.5.15
  • pkg:maven/ch.qos.logback/logback-classic@1.5.15

Identifiers

micrometer-commons-1.14.2.jar

Description:

Module containing common code

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/io/micrometer/micrometer-commons/1.14.2/micrometer-commons-1.14.2.jar
MD5: 534f518acc64c3bd5a9de436130f407b
SHA1: 69c454dbec59c7842cf59a534b7ec03618d75b91
SHA256:d1ff22870b51a59a1d3047580a99c703b165e01ae933c06b713ec9a1826cc753
Referenced In Projects/Scopes:
  • waffle-spring-boot-autoconfigure3:compile
  • waffle-spring-boot-filter3:compile
  • waffle-spring-security6:compile
  • waffle-spring-boot-starter3:compile

micrometer-commons-1.14.2.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.waffle/waffle-spring-security6@3.5.2-SNAPSHOT
  • pkg:maven/org.springframework/spring-context@6.2.1
  • pkg:maven/org.springframework.boot/spring-boot-starter-web@3.4.1
  • pkg:maven/com.github.waffle/waffle-spring-security6@3.5.2-SNAPSHOT

Identifiers

micrometer-observation-1.14.2.jar

Description:

Module containing Observation related code

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/io/micrometer/micrometer-observation/1.14.2/micrometer-observation-1.14.2.jar
MD5: b8dcb10fa3bdd5ca79dd8763102abdc4
SHA1: a9cad29cc04c0f7e30e3e58b454d4cd47ccc54bd
SHA256:7c639c9a028327f362360c3246e50613f8e120031575ceb557b2ba5feac917aa
Referenced In Projects/Scopes:
  • waffle-spring-boot-autoconfigure3:compile
  • waffle-spring-boot-filter3:compile
  • waffle-spring-security6:compile
  • waffle-spring-boot-starter3:compile

micrometer-observation-1.14.2.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/org.springframework/spring-context@6.2.1
  • pkg:maven/org.springframework.boot/spring-boot-starter-web@3.4.1
  • pkg:maven/com.github.waffle/waffle-spring-security6@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security6@3.5.2-SNAPSHOT

Identifiers

mockito-core-5.14.2.jar

Description:

Mockito mock objects library core API and implementation

License:

MIT: https://opensource.org/licenses/MIT
File Path: /home/runner/.m2/repository/org/mockito/mockito-core/5.14.2/mockito-core-5.14.2.jar
MD5: a83b48986315d582ed8797a1241aba9f
SHA1: f7bf936008d7664e2002c3faf0c02071c8d10e7c
SHA256:2296141c1e1f2e1ae35c08d36a9ab4563ecd66e03533fe82630a764e7aa49182
Referenced In Projects/Scopes:
  • waffle-tests:compile
  • waffle-tests-jakarta:compile

mockito-core-5.14.2.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.waffle/waffle-tests@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-tests-jakarta@3.5.2-SNAPSHOT

Identifiers

objenesis-3.4.jar

Description:

A library for instantiating Java objects

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/objenesis/objenesis/3.4/objenesis-3.4.jar
MD5: 51242320cb2bb25a3f36e2e21fa87de0
SHA1: 675cbe121a68019235d27f6c34b4f0ac30e07418
SHA256:95488102feaf2e2858adf6b299353677dac6c15294006f8ed1c5556f8e3cd251
Referenced In Projects/Scopes:
  • waffle-tests:compile
  • waffle-tests-jakarta:compile

objenesis-3.4.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.waffle/waffle-tests-jakarta@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-tests@3.5.2-SNAPSHOT

Identifiers

shiro-core-2.0.2.jar

Description:

Apache Shiro is a powerful and flexible open-source security framework that cleanly handles
        authentication, authorization, enterprise session management, single sign-on and cryptography services.

License:

Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/apache/shiro/shiro-core/2.0.2/shiro-core-2.0.2.jar
MD5: cc5334451e46a5d0318af0081de882af
SHA1: 80181cac7048ccce2fa79017cf567318eaa44821
SHA256:937e4ded196432ca1d11e044ac6f20fa0d44ccd17b01f760431f6651dec44d62
Referenced In Project/Scope: waffle-shiro:provided
shiro-core-2.0.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.shiro/shiro-web@2.0.2

Identifiers

shiro-web-2.0.2.jar

Description:

Apache Shiro is a powerful and flexible open-source security framework that cleanly handles
        authentication, authorization, enterprise session management, single sign-on and cryptography services.

License:

Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/apache/shiro/shiro-web/2.0.2/shiro-web-2.0.2.jar
MD5: 2988dcaf0f971b9856b6b8722c618287
SHA1: b72b0b77ef96b88fa78e751b894443ba23d417da
SHA256:ec4981bd78be16e64818e1fa3027c92b7e5eada982a569bd1251c74b44ecc715
Referenced In Project/Scope: waffle-shiro:provided
shiro-web-2.0.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-shiro@3.5.2-SNAPSHOT

Identifiers

slf4j-api-1.7.36.jar

Description:

The slf4j API

File Path: /home/runner/.m2/repository/org/slf4j/slf4j-api/1.7.36/slf4j-api-1.7.36.jar
MD5: 872da51f5de7f3923da4de871d57fd85
SHA1: 6c62681a2f655b49963a5983b8b0950a6120ae14
SHA256:d3ef575e3e4979678dc01bf1dcce51021493b4d11fb7f1be8ad982877c16a1c0
Referenced In Projects/Scopes:

  • waffle-spring-boot-starter2:compile
  • waffle-spring-boot-autoconfigure2:compile
  • waffle-spring-boot-filter2:compile

slf4j-api-1.7.36.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.waffle/waffle-jna@3.5.2-SNAPSHOT
  • pkg:maven/org.slf4j/slf4j-simple@1.7.36
  • pkg:maven/org.slf4j/slf4j-simple@1.7.36

Identifiers

slf4j-api-2.0.15.jar

Description:

The slf4j API

License:

http://www.opensource.org/licenses/mit-license.php
File Path: /home/runner/.m2/repository/org/slf4j/slf4j-api/2.0.15/slf4j-api-2.0.15.jar
MD5: 357e4a230bfd9a2c303f25a3f2ade4c2
SHA1: 35ed0d9a6b7c011bb8656087f79e371263b3b485
SHA256:5bfda32d723dde8ccef9db6bdc2537dabdb87321597c7e00e66a73a5777fbb24
Referenced In Projects/Scopes:
  • waffle-spring-form:compile
  • waffle-spring-filter:compile
  • waffle-filter:compile
  • waffle-demo-parent:compile

slf4j-api-2.0.15.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/ch.qos.logback/logback-classic@1.5.15
  • pkg:maven/ch.qos.logback/logback-classic@1.5.15
  • pkg:maven/ch.qos.logback/logback-classic@1.5.15
  • pkg:maven/ch.qos.logback/logback-classic@1.5.15

Identifiers

slf4j-api-2.0.16.jar

Description:

The slf4j API

License:

http://www.opensource.org/licenses/mit-license.php
File Path: /home/runner/.m2/repository/org/slf4j/slf4j-api/2.0.16/slf4j-api-2.0.16.jar
MD5: c8de8f5d740584cb24b5652cfba8b3c4
SHA1: 0172931663a09a1fa515567af5fbef00897d3c04
SHA256:a12578dde1ba00bd9b816d388a0b879928d00bab3c83c240f7013bf4196c579a
Referenced In Projects/Scopes:
  • waffle-mixed:compile
  • waffle-tests:compile
  • waffle-jna:compile
  • waffle-spring-boot-autoconfigure3:compile
  • waffle-jna-jakarta:compile
  • waffle-mixed-post:compile
  • waffle-spring-security5:compile
  • waffle-tomcat11:compile
  • waffle-spring-security6:compile
  • waffle-spring-boot-starter3:compile
  • waffle-tomcat10:compile
  • waffle-shiro:compile
  • waffle-form:compile
  • waffle-distro:compile
  • waffle-tests-jakarta:compile
  • waffle-negotiate:compile
  • waffle-spring-boot-filter3:compile
  • waffle-jetty-jakarta:compile
  • waffle-jetty:compile
  • waffle-tomcat9:compile
  • waffle-jaas:compile

slf4j-api-2.0.16.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.waffle/waffle-jna@3.5.2-SNAPSHOT
  • pkg:maven/org.slf4j/slf4j-simple@2.0.16
  • pkg:maven/com.github.waffle/waffle-jna@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna-jakarta@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna-jakarta@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna-jakarta@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-distro@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna-jakarta@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna-jakarta@3.5.2-SNAPSHOT
  • pkg:maven/org.slf4j/slf4j-simple@2.0.16
  • pkg:maven/com.github.waffle/waffle-jna@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna-jakarta@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna-jakarta@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.5.2-SNAPSHOT

Identifiers

slf4j-simple-2.0.16.jar

Description:

SLF4J Simple Provider

License:

http://www.opensource.org/licenses/mit-license.php
File Path: /home/runner/.m2/repository/org/slf4j/slf4j-simple/2.0.16/slf4j-simple-2.0.16.jar
MD5: 58c531dfe60020700c53c45fdf6234bf
SHA1: 56d3d8e59293543780ad35af4ee4a5d9c111a588
SHA256:effc32018658bea09d1e08c7d1060ccad46c086960f583d07dd7ffe9c1172a47
Referenced In Projects/Scopes:
  • waffle-jna:compile
  • waffle-jna-jakarta:compile

slf4j-simple-2.0.16.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.waffle/waffle-jna@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna-jakarta@3.5.2-SNAPSHOT

Identifiers

snakeyaml-1.30.jar

Description:

YAML 1.1 parser and emitter for Java

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar
MD5: ba063b8ef3a8bfd591a1b56451166b14
SHA1: 8fde7fe2586328ac3c68db92045e1c8759125000
SHA256:f43a4e40a946b8cdfd0321bc1c9a839bc3f119c57e4ca84fb87c367f51c8b2b3
Referenced In Projects/Scopes:
  • waffle-distro:runtime
  • waffle-spring-boot-starter2:compile
  • waffle-spring-boot-autoconfigure2:compile
  • waffle-spring-boot-filter2:compile

snakeyaml-1.30.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/org.springframework.boot/spring-boot-starter@2.7.18
  • pkg:maven/com.github.waffle/waffle-spring-boot-starter2@3.5.2-SNAPSHOT
  • pkg:maven/org.springframework.boot/spring-boot-starter-web@2.7.18
  • pkg:maven/org.springframework.boot/spring-boot-starter@2.7.18

Identifiers

CVE-2022-1471  

SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization. We recommend upgrading to version 2.0 and beyond.
CWE-502 Deserialization of Untrusted Data, CWE-20 Improper Input Validation

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions:

CVE-2022-25857  

The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.
CWE-776 Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions:

CVE-2022-38749  

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.
CWE-787 Out-of-bounds Write, CWE-121 Stack-based Buffer Overflow

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions:

CVE-2022-38751  

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.
CWE-787 Out-of-bounds Write, CWE-121 Stack-based Buffer Overflow

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions:

CVE-2022-38752  

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.
CWE-787 Out-of-bounds Write, CWE-121 Stack-based Buffer Overflow

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions:

CVE-2022-41854  

Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.
CWE-787 Out-of-bounds Write, CWE-121 Stack-based Buffer Overflow

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions:

CVE-2022-38750  

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.
CWE-787 Out-of-bounds Write, CWE-121 Stack-based Buffer Overflow

CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A

References:

Vulnerable Software & Versions:

snakeyaml-2.3.jar

Description:

YAML 1.1 parser and emitter for Java

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/yaml/snakeyaml/2.3/snakeyaml-2.3.jar
MD5: 2a1c2ee8923dcd6bd6d025751af5df37
SHA1: 936b36210e27320f920536f695cf1af210c44586
SHA256:63a76fe66b652360bd4c2c107e6f0258daa7d4bb492008ba8c26fcd230ff9146
Referenced In Projects/Scopes:
  • waffle-spring-boot-autoconfigure3:compile
  • waffle-spring-boot-filter3:compile
  • waffle-spring-boot-starter3:compile

snakeyaml-2.3.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/org.springframework.boot/spring-boot-starter-web@3.4.1
  • pkg:maven/org.springframework.boot/spring-boot-starter@3.4.1
  • pkg:maven/org.springframework.boot/spring-boot-starter@3.4.1

Identifiers

spotbugs-annotations-4.8.6.jar

Description:

Annotations the SpotBugs tool supports

License:

GNU LESSER GENERAL PUBLIC LICENSE, Version 2.1: https://www.gnu.org/licenses/old-licenses/lgpl-2.1.en.html
File Path: /home/runner/.m2/repository/com/github/spotbugs/spotbugs-annotations/4.8.6/spotbugs-annotations-4.8.6.jar
MD5: 0806b237c67c69869506ce3ced9a722f
SHA1: 1dcffed3e561ed32134a0dff4717f19bc2fdf4d8
SHA256:4548b74a815ed44f5480ca4f06204a8b00809dc7e5f6a825a9edf18f40377b65
Referenced In Projects/Scopes:
  • waffle-jaas:provided
  • waffle-tomcat11:provided
  • waffle-jna:provided
  • waffle-spring-boot-filter3:provided
  • waffle-mixed-post:provided
  • waffle-jna-jakarta:provided
  • waffle-bom:provided
  • waffle-spring-security5:provided
  • waffle-shiro:provided
  • waffle-spring-boot2:provided
  • waffle-spring-boot-autoconfigure2:provided
  • waffle-negotiate:provided
  • waffle-distro:provided
  • waffle-jetty-jakarta:provided
  • waffle-spring-boot-filter2:provided
  • waffle-tests:provided
  • waffle-spring-boot3:provided
  • waffle-form:provided
  • waffle:provided
  • waffle-tests-jakarta:provided
  • waffle-spring-filter:provided
  • waffle-spring-form:provided
  • waffle-spring-security6:provided
  • waffle-tomcat9:provided
  • waffle-demo-parent:provided
  • waffle-spring-boot-autoconfigure3:provided
  • waffle-spring-boot-starter2:provided
  • waffle-jetty:provided
  • waffle-tomcat10:provided
  • waffle-spring-boot-starter3:provided
  • waffle-filter:provided
  • waffle-mixed:provided

spotbugs-annotations-4.8.6.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.waffle/waffle-jetty@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-tests@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-spring-boot-filter3@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna-jakarta@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-tomcat10@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-tomcat9@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-demo-parent@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jetty-jakarta@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-negotiate@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-boot-starter3@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-form@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-boot2@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-tomcat11@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-spring-boot-filter2@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-boot-autoconfigure2@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-distro@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-boot-starter2@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-shiro@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security6@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-jaas@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-mixed-post@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-bom@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-spring-filter@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-spring-form@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-boot-autoconfigure3@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-mixed@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-boot3@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-filter@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-tests-jakarta@3.5.2-SNAPSHOT

Identifiers

spring-boot-2.7.18.jar

Description:

Spring Boot

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /home/runner/.m2/repository/org/springframework/boot/spring-boot/2.7.18/spring-boot-2.7.18.jar
MD5: 0941c83c25204150f8bd73ae66c63fd1
SHA1: f6dbdd8da7c2bded63dff9b1f48d01a4923f20a0
SHA256:530f4e0fdfeb3a0e2b3a369d15cdea38fbdc1696f8b030c35a6ad65c27524950
Referenced In Projects/Scopes:
  • waffle-distro:runtime
  • waffle-spring-boot-starter2:compile
  • waffle-spring-boot-autoconfigure2:compile
  • waffle-spring-boot-filter2:compile

spring-boot-2.7.18.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.waffle/waffle-spring-boot-autoconfigure2@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-boot-autoconfigure2@3.5.2-SNAPSHOT
  • pkg:maven/org.springframework.boot/spring-boot-starter@2.7.18
  • pkg:maven/com.github.waffle/waffle-spring-boot-autoconfigure2@3.5.2-SNAPSHOT

Identifiers

spring-boot-3.4.1.jar

Description:

Spring Boot

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /home/runner/.m2/repository/org/springframework/boot/spring-boot/3.4.1/spring-boot-3.4.1.jar
MD5: 4f7d4f6624312c1ae78bb8a1dd208c80
SHA1: 5fb9890a5eb7c4e86c8f5c0f6960b79240daf3d5
SHA256:3dffc999ac8eee6b51e8eb9a73c9f29f2a28b7f0f359d45b89aea486268190fa
Referenced In Projects/Scopes:
  • waffle-spring-boot-autoconfigure3:compile
  • waffle-spring-boot-filter3:compile
  • waffle-spring-boot-starter3:compile

spring-boot-3.4.1.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.waffle/waffle-spring-boot-autoconfigure3@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-boot-autoconfigure3@3.5.2-SNAPSHOT
  • pkg:maven/org.springframework.boot/spring-boot-starter@3.4.1

Identifiers

spring-boot-starter-web-2.7.18.jar

Description:

Starter for building web, including RESTful, applications using Spring MVC. Uses Tomcat as the default embedded container

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /home/runner/.m2/repository/org/springframework/boot/spring-boot-starter-web/2.7.18/spring-boot-starter-web-2.7.18.jar
MD5: e0bfe77aa7415f3b86d70d41cf425ccd
SHA1: 0dd62ea85098187b4604e78dc15a7ff87dba173d
SHA256:a74fab5f826b600e3c3f4cd7028c5c982b0bf1b849673629cbb758ae790a4c08
Referenced In Projects/Scopes:
  • waffle-distro:runtime
  • waffle-spring-boot-autoconfigure2:compile
  • waffle-spring-boot-filter2:compile

spring-boot-starter-web-2.7.18.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.waffle/waffle-spring-boot-autoconfigure2@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-spring-boot-filter2@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-spring-boot-filter2@3.5.2-SNAPSHOT

Identifiers

spring-boot-starter-web-3.4.1.jar

Description:

Starter for building web, including RESTful, applications using Spring MVC. Uses Tomcat as the default embedded container

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /home/runner/.m2/repository/org/springframework/boot/spring-boot-starter-web/3.4.1/spring-boot-starter-web-3.4.1.jar
MD5: 6bb883295af01365da52b519b931e1f9
SHA1: ff7227fc62338e0f6eba3f9f94c12eb952d4da95
SHA256:2a8d7c6079209b47f50b2901794988a1cd152aad59f06bd4c31e202ef908937f
Referenced In Projects/Scopes:
  • waffle-spring-boot-autoconfigure3:compile
  • waffle-spring-boot-filter3:compile

spring-boot-starter-web-3.4.1.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.waffle.demo/waffle-spring-boot-filter3@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-boot-autoconfigure3@3.5.2-SNAPSHOT

Identifiers

spring-core-5.3.31.jar

Description:

Spring Core

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /home/runner/.m2/repository/org/springframework/spring-core/5.3.31/spring-core-5.3.31.jar
MD5: a9ef5a29eaa89fe909a0c4ed870d90a1
SHA1: 368e76f732a3c331b970f69cafec1525d27b34d3
SHA256:7013ed3da15a8d4be797f5c310f9aa1b196b97f2313bc41e60ef3f5627224fe9
Referenced In Projects/Scopes:
  • waffle-spring-boot-starter2:compile
  • waffle-spring-boot-autoconfigure2:compile
  • waffle-spring-boot-filter2:compile

spring-core-5.3.31.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.5.2-SNAPSHOT
  • pkg:maven/org.springframework.boot/spring-boot-starter@2.7.18
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.5.2-SNAPSHOT

Identifiers

CVE-2024-38820  

The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected.
NVD-CWE-noinfo, CWE-178 Improper Handling of Case Sensitivity

CVSSv3:
  • Base Score: MEDIUM (5.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

spring-core-5.3.39.jar

Description:

Spring Core

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /home/runner/.m2/repository/org/springframework/spring-core/5.3.39/spring-core-5.3.39.jar
MD5: 632d2a8c30962a69273775968c052651
SHA1: d2bff2eedf27b51d6ef9a2fc892aaff5b7a768dd
SHA256:3a1ddcf05420a9181bd9cacb6062a3edc493e14d555961ad50e1a6360eb1e75f
Referenced In Projects/Scopes:
  • waffle-spring-form:compile
  • waffle-distro:runtime
  • waffle-spring-security5:compile
  • waffle-spring-filter:compile

spring-core-5.3.39.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.5.2-SNAPSHOT

Identifiers

CVE-2024-38820  

The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected.
NVD-CWE-noinfo, CWE-178 Improper Handling of Case Sensitivity

CVSSv3:
  • Base Score: MEDIUM (5.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

spring-core-6.2.1.jar

Description:

Spring Core

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /home/runner/.m2/repository/org/springframework/spring-core/6.2.1/spring-core-6.2.1.jar
MD5: 394df39af63d06af987c5629c15c3154
SHA1: f42e6b51d9c0c2fcf95df9e5848470d173adc9af
SHA256:67f0e17811dc8d5d6c3aed5540afaee02c83e3a8b3f9abbc510d4d95db5cc226
Referenced In Projects/Scopes:
  • waffle-spring-boot-autoconfigure3:compile
  • waffle-spring-boot-filter3:compile
  • waffle-spring-security6:compile
  • waffle-spring-boot-starter3:compile

spring-core-6.2.1.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.waffle/waffle-spring-security6@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security6@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security6@3.5.2-SNAPSHOT
  • pkg:maven/org.springframework.boot/spring-boot-starter@3.4.1

Identifiers

spring-expression-5.3.31.jar

Description:

Spring Expression Language (SpEL)

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /home/runner/.m2/repository/org/springframework/spring-expression/5.3.31/spring-expression-5.3.31.jar
MD5: 9e309bb1a738acbd0ac9c9fc58931fd3
SHA1: 55637af1b186d1008890980c2876c5fc83599756
SHA256:e027f122b8a4e3030339068220bed02d1c9d397eb5897f1e33ba2f63b22591ac
Referenced In Projects/Scopes:
  • waffle-spring-boot-starter2:compile
  • waffle-spring-boot-autoconfigure2:compile
  • waffle-spring-boot-filter2:compile

spring-expression-5.3.31.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-boot-starter2@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.5.2-SNAPSHOT

Identifiers

CVE-2024-38808 (OSSINDEX)  

In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language (SpEL) expression that may cause a denial of service (DoS) condition.

Specifically, an application is vulnerable when the following is true:

  *  The application evaluates user-supplied SpEL expressions.

Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2024-38808 for details
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv2:
  • Base Score: MEDIUM (5.300000190734863)
  • Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.springframework:spring-expression:5.3.31:*:*:*:*:*:*:*

CVE-2024-38820  

The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected.
NVD-CWE-noinfo, CWE-178 Improper Handling of Case Sensitivity

CVSSv3:
  • Base Score: MEDIUM (5.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

spring-security-core-5.8.16.jar

Description:

Spring Security

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /home/runner/.m2/repository/org/springframework/security/spring-security-core/5.8.16/spring-security-core-5.8.16.jar
MD5: c70ae997256d27ca6fb1c7a8b24e4248
SHA1: b3d21a1f967db39dabaca487ba3fe58972e6a9a5
SHA256:3be7d217048f5ea76fd6d0eddaa3169ad3bee0bba9c456e27670ec37ca33c3fd
Referenced In Projects/Scopes:
  • waffle-spring-form:compile
  • waffle-distro:runtime
  • waffle-spring-security5:compile
  • waffle-spring-boot-starter2:compile
  • waffle-spring-boot-autoconfigure2:compile
  • waffle-spring-filter:compile
  • waffle-spring-boot-filter2:compile

spring-security-core-5.8.16.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-boot-starter2@3.5.2-SNAPSHOT

Identifiers

spring-security-core-6.4.2.jar

Description:

Spring Security

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /home/runner/.m2/repository/org/springframework/security/spring-security-core/6.4.2/spring-security-core-6.4.2.jar
MD5: 495087db51c5f60a47680ffbbf2dcb65
SHA1: 51302b2af3f01eb79fdc7164a4cc3a3aa7e3b541
SHA256:6b8f4d017c6926d351710604f71f91e9b810b3c2b759ede76f606b4e1942cdcc
Referenced In Projects/Scopes:
  • waffle-spring-boot-autoconfigure3:compile
  • waffle-spring-boot-filter3:compile
  • waffle-spring-security6:compile
  • waffle-spring-boot-starter3:compile

spring-security-core-6.4.2.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.waffle/waffle-spring-boot-starter3@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security6@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security6@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security6@3.5.2-SNAPSHOT

Identifiers

spring-security-crypto-5.7.11.jar

Description:

Spring Security

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /home/runner/.m2/repository/org/springframework/security/spring-security-crypto/5.7.11/spring-security-crypto-5.7.11.jar
MD5: 29553faabff72c4261058e8ebf9e5210
SHA1: 3abf76cedbba13496108c89159451a65dfd544b5
SHA256:916b099504044134fa2d24bc61531819e3d720d17bfea2762c0defc1f7846d9b
Referenced In Projects/Scopes:
  • waffle-spring-boot-starter2:compile
  • waffle-spring-boot-autoconfigure2:compile

spring-security-crypto-5.7.11.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.5.2-SNAPSHOT

Identifiers

CVE-2020-5408 (OSSINDEX)  

Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor. A malicious user with access to the data that has been encrypted using such an encryptor may be able to derive the unencrypted values using a dictionary attack.

Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2020-5408 for details
CWE-329 Generation of Predictable IV with CBC Mode

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.springframework.security:spring-security-crypto:5.7.11:*:*:*:*:*:*:*

spring-security-crypto-5.8.16.jar

Description:

Spring Security

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /home/runner/.m2/repository/org/springframework/security/spring-security-crypto/5.8.16/spring-security-crypto-5.8.16.jar
MD5: 987ca02bb810d32c7d86968ff84e887c
SHA1: 340f3bb882bea8e9eafc66671d4c8e50f11867a7
SHA256:e47acdd647997efb36609698b64a2bec37fa119210f88fad813aa53610433cfd
Referenced In Projects/Scopes:
  • waffle-spring-form:compile
  • waffle-distro:runtime
  • waffle-spring-security5:compile
  • waffle-spring-filter:compile
  • waffle-spring-boot-filter2:compile

spring-security-crypto-5.8.16.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-boot-starter2@3.5.2-SNAPSHOT
  • pkg:maven/org.springframework.security/spring-security-core@5.8.16
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.5.2-SNAPSHOT

Identifiers

CVE-2020-5408 (OSSINDEX)  

Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor. A malicious user with access to the data that has been encrypted using such an encryptor may be able to derive the unencrypted values using a dictionary attack.

Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2020-5408 for details
CWE-329 Generation of Predictable IV with CBC Mode

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.springframework.security:spring-security-crypto:5.8.16:*:*:*:*:*:*:*

spring-security-web-5.8.16.jar

Description:

Spring Security

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /home/runner/.m2/repository/org/springframework/security/spring-security-web/5.8.16/spring-security-web-5.8.16.jar
MD5: 137862bb11c72092dd94d14d380fc784
SHA1: fade885f7f9df056dd5e3592d949e888cd82397d
SHA256:fe0843587f4dff188a1ecb822bf544c5f1c1ee46c757858a5a585039d8118304
Referenced In Projects/Scopes:
  • waffle-spring-form:compile
  • waffle-distro:runtime
  • waffle-spring-security5:compile
  • waffle-spring-boot-starter2:compile
  • waffle-spring-boot-autoconfigure2:compile
  • waffle-spring-filter:compile
  • waffle-spring-boot-filter2:compile

spring-security-web-5.8.16.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.5.2-SNAPSHOT
  • pkg:maven/org.springframework.boot/spring-boot-starter-security@2.7.18
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.5.2-SNAPSHOT

Identifiers

spring-security-web-6.4.2.jar

Description:

Spring Security

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /home/runner/.m2/repository/org/springframework/security/spring-security-web/6.4.2/spring-security-web-6.4.2.jar
MD5: aac3216773e5e76ace30f4c434f0163e
SHA1: 733a3bbbdca56225676fb7f4e3f317c2075fc383
SHA256:bc625e47c2cbcd55da04a6939d786da789cb270cd06d418c1adecca165e1e0ff
Referenced In Projects/Scopes:
  • waffle-spring-boot-autoconfigure3:compile
  • waffle-spring-boot-filter3:compile
  • waffle-spring-security6:compile
  • waffle-spring-boot-starter3:compile

spring-security-web-6.4.2.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/org.springframework.boot/spring-boot-starter-security@3.4.1
  • pkg:maven/com.github.waffle/waffle-spring-security6@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security6@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security6@3.5.2-SNAPSHOT

Identifiers

spring-security-web-6.4.2.jar: spring-security-webauthn.js

File Path: /home/runner/.m2/repository/org/springframework/security/spring-security-web/6.4.2/spring-security-web-6.4.2.jar/org/springframework/security/spring-security-webauthn.js
MD5: a1047a2317a49f0f2a7f25960435784d
SHA1: 27fb3541c8f1d2fbdeaeab2f5fdc6c5712afcf6f
SHA256:cc3fcb0966b1f9562ea3164ef59fad3131789744cdd598c18e3ddc74017f57a4
Referenced In Projects/Scopes:

  • waffle-spring-boot-autoconfigure3:compile
  • waffle-spring-boot-filter3:compile
  • waffle-spring-security6:compile
  • waffle-spring-boot-starter3:compile

Identifiers

  • None

spring-web-5.3.31.jar

Description:

Spring Web

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /home/runner/.m2/repository/org/springframework/spring-web/5.3.31/spring-web-5.3.31.jar
MD5: 4bef28044f222933ea2e45818c7f96a1
SHA1: 3bf73c385a1f2f4a0d482149d6a205e854cec497
SHA256:7b7b4db19acc8c0cdb0dea93a3aa4b1b706db4bcc7b77f677a0c56e86d379ac7
Referenced In Projects/Scopes:
  • waffle-spring-boot-starter2:compile
  • waffle-spring-boot-autoconfigure2:compile
  • waffle-spring-boot-filter2:compile

spring-web-5.3.31.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/org.springframework.boot/spring-boot-starter-web@2.7.18
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.5.2-SNAPSHOT

Identifiers

CVE-2016-1000027  

Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's position is that untrusted data is not an intended use case. The product's behavior will not be changed because some users rely on deserialization of trusted data.
CWE-502 Deserialization of Untrusted Data

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions:

CVE-2024-38809 (OSSINDEX)  

Applications that parse ETags from "If-Match" or "If-None-Match" request headers are vulnerable to DoS attack.

Users of affected versions should upgrade to the corresponding fixed version.

Users of older, unsupported versions could enforce a size limit on "If-Match" and "If-None-Match" headers, e.g. through a Filter.
CWE-400 Uncontrolled Resource Consumption

CVSSv2:
  • Base Score: HIGH (8.699999809265137)
  • Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.springframework:spring-web:5.3.31:*:*:*:*:*:*:*

CVE-2024-22243 (OSSINDEX)  

Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a  open redirect https://cwe.mitre.org/data/definitions/601.html  attack or to a SSRF attack if the URL is used after passing validation checks.


Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2024-22243 for details
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

CVSSv3:
  • Base Score: HIGH (8.100000381469727)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.springframework:spring-web:5.3.31:*:*:*:*:*:*:*

CVE-2024-22262 (OSSINDEX)  

Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a  open redirect https://cwe.mitre.org/data/definitions/601.html  attack or to a SSRF attack if the URL is used after passing validation checks.

This is the same as  CVE-2024-22259 https://spring.io/security/cve-2024-22259  and  CVE-2024-22243 https://spring.io/security/cve-2024-22243 , but with different input.
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

CVSSv3:
  • Base Score: HIGH (8.100000381469727)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.springframework:spring-web:5.3.31:*:*:*:*:*:*:*

CVE-2024-38828 (OSSINDEX)  

Spring MVC controller methods with an @RequestBody byte[] method parameter are vulnerable to a DoS attack.
CWE-400 Uncontrolled Resource Consumption

CVSSv2:
  • Base Score: MEDIUM (6.900000095367432)
  • Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.springframework:spring-web:5.3.31:*:*:*:*:*:*:*

CVE-2024-38820  

The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected.
NVD-CWE-noinfo, CWE-178 Improper Handling of Case Sensitivity

CVSSv3:
  • Base Score: MEDIUM (5.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

spring-web-5.3.39.jar

Description:

Spring Web

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /home/runner/.m2/repository/org/springframework/spring-web/5.3.39/spring-web-5.3.39.jar
MD5: 2b940bc714d6e29570b5dfa92755eefc
SHA1: 4ab03cd7376a6b3365d2798aac8d01dcd22c0174
SHA256:444f243b936119b5488029f2d9399a3980855c60b493b9e2811464c6433a2b71
Referenced In Projects/Scopes:
  • waffle-spring-form:compile
  • waffle-distro:runtime
  • waffle-spring-security5:compile
  • waffle-spring-filter:compile

spring-web-5.3.39.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.5.2-SNAPSHOT

Identifiers

CVE-2016-1000027  

Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's position is that untrusted data is not an intended use case. The product's behavior will not be changed because some users rely on deserialization of trusted data.
CWE-502 Deserialization of Untrusted Data

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions:

CVE-2024-38828 (OSSINDEX)  

Spring MVC controller methods with an @RequestBody byte[] method parameter are vulnerable to a DoS attack.
CWE-400 Uncontrolled Resource Consumption

CVSSv2:
  • Base Score: MEDIUM (6.900000095367432)
  • Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.springframework:spring-web:5.3.39:*:*:*:*:*:*:*

CVE-2024-38820  

The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected.
NVD-CWE-noinfo, CWE-178 Improper Handling of Case Sensitivity

CVSSv3:
  • Base Score: MEDIUM (5.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

spring-web-6.2.1.jar

Description:

Spring Web

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /home/runner/.m2/repository/org/springframework/spring-web/6.2.1/spring-web-6.2.1.jar
MD5: 66614877f218caec4797e7bd5559198f
SHA1: 877acb94c5b3a0c92e652b6bebdfdc7c60922ac8
SHA256:6bf5a036390de810a4e78a07a17051e7f222e802b2249bde18c05740504a7888
Referenced In Projects/Scopes:
  • waffle-spring-boot-autoconfigure3:compile
  • waffle-spring-boot-filter3:compile
  • waffle-spring-security6:compile
  • waffle-spring-boot-starter3:compile

spring-web-6.2.1.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.waffle/waffle-spring-security6@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security6@3.5.2-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security6@3.5.2-SNAPSHOT
  • pkg:maven/org.springframework.boot/spring-boot-starter-web@3.4.1

Identifiers

spring-webmvc-5.3.31.jar

Description:

Spring Web MVC

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /home/runner/.m2/repository/org/springframework/spring-webmvc/5.3.31/spring-webmvc-5.3.31.jar
MD5: 7401b647e906d3853ad02b62496cfadf
SHA1: 45754d056effe8257a012f6b98ed5454cf1e8960
SHA256:29c1b96c424dcb637fec2d1e6493b088d977e748a56da7f34e6a7c3c39d18c74
Referenced In Projects/Scopes:
  • waffle-distro:runtime
  • waffle-spring-boot-autoconfigure2:compile
  • waffle-spring-boot-filter2:compile

spring-webmvc-5.3.31.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.waffle.demo/waffle-spring-boot-filter2@3.5.2-SNAPSHOT
  • pkg:maven/org.springframework.boot/spring-boot-starter-web@2.7.18
  • pkg:maven/org.springframework.boot/spring-boot-starter-web@2.7.18

Identifiers

CVE-2024-38816 (OSSINDEX)  

Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application is running.

Specifically, an application is vulnerable when both of the following are true:

  *  the web application uses RouterFunctions to serve static resources
  *  resource handling is explicitly configured with a FileSystemResource location


However, malicious requests are blocked and rejected when any of the following is true:

  *  the  Spring Security HTTP Firewall https://docs.spring.io/spring-security/reference/servlet/exploits/firewall.html  is in use
  *  the application runs on Tomcat or Jetty
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv2:
  • Base Score: HIGH (8.199999809265137)
  • Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.springframework:spring-webmvc:5.3.31:*:*:*:*:*:*:*

CVE-2024-38820  

The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected.
NVD-CWE-noinfo, CWE-178 Improper Handling of Case Sensitivity

CVSSv3:
  • Base Score: MEDIUM (5.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

tomcat-annotations-api-10.1.34.jar

Description:

Annotations Package

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-annotations-api/10.1.34/tomcat-annotations-api-10.1.34.jar
MD5: fd4182a557eca3319be849dbb3c6fa38
SHA1: b072912234e5710fd5330ae980a624fc1d364540
SHA256:bdc6351ba265ee9037212cfcef31d0c74703a814d4f9c695f2010a1bd223dc27
Referenced In Project/Scope: waffle-tomcat10:provided
tomcat-annotations-api-10.1.34.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.tomcat/tomcat-catalina@10.1.34

Identifiers

tomcat-annotations-api-11.0.2.jar

Description:

Annotations Package

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-annotations-api/11.0.2/tomcat-annotations-api-11.0.2.jar
MD5: 0e2c7d9e8ca2cf85b219feeeb2d0a369
SHA1: d4a41ea79168ffb20b742c1553957fe06f69a179
SHA256:a373a2a65c7a9bd354ef3ea77cd2c0638e70ece09fa50352ad97b2a679ab7960
Referenced In Project/Scope: waffle-tomcat11:provided
tomcat-annotations-api-11.0.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.tomcat/tomcat-catalina@11.0.2

Identifiers

tomcat-annotations-api-9.0.98.jar

Description:

Annotations Package

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-annotations-api/9.0.98/tomcat-annotations-api-9.0.98.jar
MD5: bf3c4815991bb52f5b54d5ccc561a6aa
SHA1: c9e41dfed4acbcec727aa6a29932df413ba224b2
SHA256:a6451be75cbe373e79f30d626f199e77b70020bd164a23632e5f4f58eaffbaef
Referenced In Project/Scope: waffle-tomcat9:provided
tomcat-annotations-api-9.0.98.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.98

Identifiers

tomcat-api-11.0.2.jar

Description:

Definition of interfaces shared by Catalina and Jasper

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-api/11.0.2/tomcat-api-11.0.2.jar
MD5: 24dc08a9ebb57c31fae33912188fec97
SHA1: d9c128c27d82781786d4ac6990dbb676b9965e4a
SHA256:8b754515d5a097cf027747c601ed1e4ed1035c42fe9aeece9606071371a73c54
Referenced In Project/Scope: waffle-tomcat11:provided
tomcat-api-11.0.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-tomcat11@3.5.2-SNAPSHOT

Identifiers

tomcat-api-9.0.98.jar

Description:

Definition of interfaces shared by Catalina and Jasper

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-api/9.0.98/tomcat-api-9.0.98.jar
MD5: 40cbac18b278b92c5d6cfda3d7ebb571
SHA1: 65960a79df8b5964daff12236ec2ebb6f735ca73
SHA256:aceb51aa60ec00156a471010fe413ae3e517c3c04cd2515e1b629f744a12e7cd
Referenced In Project/Scope: waffle-tomcat9:provided
tomcat-api-9.0.98.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-tomcat9@3.5.2-SNAPSHOT

Identifiers

tomcat-catalina-10.1.34.jar

Description:

Tomcat Servlet Engine Core Classes and Standard implementations

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-catalina/10.1.34/tomcat-catalina-10.1.34.jar
MD5: 5d393079517c92b1a8a692a1d572bd20
SHA1: 7fe070d949d4487c90d48888f4dd014cfdcfb5de
SHA256:a7612bda58b671c9e57b7abfd547dc00063497c883a67dc99a5fd3d3d7ff5259
Referenced In Project/Scope: waffle-tomcat10:provided
tomcat-catalina-10.1.34.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-tomcat10@3.5.2-SNAPSHOT

Identifiers

CVE-2024-56337 (OSSINDEX)  

Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache Tomcat.

This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97.

The mitigation for CVE-2024-50379 was incomplete.

Users running Tomcat on a case insensitive file system with the default servlet write enabled (readonly initialisation 
parameter set to the non-default value of false) may need additional configuration to fully mitigate CVE-2024-50379 depending on which version of Java they are using with Tomcat:
- running on Java 8 or Java 11: the system property sun.io.useCanonCaches must be explicitly set to false (it defaults to true)
- running on Java 17: the system property sun.io.useCanonCaches, if set, must be set to false (it defaults to false)
- running on Java 21 onwards: no further configuration is required (the system property and the problematic cache have been removed)

Tomcat 11.0.3, 10.1.35 and 9.0.99 onwards will include checks that sun.io.useCanonCaches is set appropriately before allowing the default servlet to be write enabled on a case insensitive file system. Tomcat will also set sun.io.useCanonCaches to false by default where it can.

Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2024-56337 for details
CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition

CVSSv2:
  • Base Score: HIGH (7.199999809265137)
  • Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.apache.tomcat:tomcat-catalina:10.1.34:*:*:*:*:*:*:*

tomcat-catalina-11.0.2.jar

Description:

Tomcat Servlet Engine Core Classes and Standard implementations

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-catalina/11.0.2/tomcat-catalina-11.0.2.jar
MD5: a37c58287482a447a56a7d226a12ff18
SHA1: ec4f8431cbebbac1141546ae2e8788f7d0fbdc0a
SHA256:f46faafadce41e5e94466c8667d88b3a7c110a31b65cf01344560a694c1085a6
Referenced In Project/Scope: waffle-tomcat11:provided
tomcat-catalina-11.0.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-tomcat11@3.5.2-SNAPSHOT

Identifiers

CVE-2024-56337 (OSSINDEX)  

Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache Tomcat.

This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97.

The mitigation for CVE-2024-50379 was incomplete.

Users running Tomcat on a case insensitive file system with the default servlet write enabled (readonly initialisation 
parameter set to the non-default value of false) may need additional configuration to fully mitigate CVE-2024-50379 depending on which version of Java they are using with Tomcat:
- running on Java 8 or Java 11: the system property sun.io.useCanonCaches must be explicitly set to false (it defaults to true)
- running on Java 17: the system property sun.io.useCanonCaches, if set, must be set to false (it defaults to false)
- running on Java 21 onwards: no further configuration is required (the system property and the problematic cache have been removed)

Tomcat 11.0.3, 10.1.35 and 9.0.99 onwards will include checks that sun.io.useCanonCaches is set appropriately before allowing the default servlet to be write enabled on a case insensitive file system. Tomcat will also set sun.io.useCanonCaches to false by default where it can.

Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2024-56337 for details
CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition

CVSSv2:
  • Base Score: HIGH (7.199999809265137)
  • Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.apache.tomcat:tomcat-catalina:11.0.2:*:*:*:*:*:*:*

tomcat-catalina-9.0.98.jar

Description:

Tomcat Servlet Engine Core Classes and Standard implementations

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-catalina/9.0.98/tomcat-catalina-9.0.98.jar
MD5: 9294303ad3f4a038822729a2f1ae12ac
SHA1: cef7880f49e154aeaa30c4c2655d92a7cf17757b
SHA256:38940a585577dd145858648e849786602c847bac964569548319a3afe889dc87
Referenced In Project/Scope: waffle-tomcat9:provided
tomcat-catalina-9.0.98.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-tomcat9@3.5.2-SNAPSHOT

Identifiers

CVE-2024-56337 (OSSINDEX)  

Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache Tomcat.

This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97.

The mitigation for CVE-2024-50379 was incomplete.

Users running Tomcat on a case insensitive file system with the default servlet write enabled (readonly initialisation 
parameter set to the non-default value of false) may need additional configuration to fully mitigate CVE-2024-50379 depending on which version of Java they are using with Tomcat:
- running on Java 8 or Java 11: the system property sun.io.useCanonCaches must be explicitly set to false (it defaults to true)
- running on Java 17: the system property sun.io.useCanonCaches, if set, must be set to false (it defaults to false)
- running on Java 21 onwards: no further configuration is required (the system property and the problematic cache have been removed)

Tomcat 11.0.3, 10.1.35 and 9.0.99 onwards will include checks that sun.io.useCanonCaches is set appropriately before allowing the default servlet to be write enabled on a case insensitive file system. Tomcat will also set sun.io.useCanonCaches to false by default where it can.

Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2024-56337 for details
CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition

CVSSv2:
  • Base Score: HIGH (7.199999809265137)
  • Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.apache.tomcat:tomcat-catalina:9.0.98:*:*:*:*:*:*:*

tomcat-el-api-10.1.34.jar

Description:

Expression language package

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-el-api/10.1.34/tomcat-el-api-10.1.34.jar
MD5: 060c3608b462ea98a33d96f1a2cfef7c
SHA1: 0d4f6a9db064198f738d2304d6d0baf27c11c8a9
SHA256:d91a9cba4c12ecd33e3c76a3fbf616c761caad50561abeead8ff7dbbfd5753bb
Referenced In Project/Scope: waffle-tomcat10:provided
tomcat-el-api-10.1.34.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.tomcat/tomcat-catalina@10.1.34

Identifiers

tomcat-el-api-11.0.2.jar

Description:

Expression language package

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-el-api/11.0.2/tomcat-el-api-11.0.2.jar
MD5: 011a7ca61d6d95f5df696ab09c4dece7
SHA1: 6b0d129eae991dc23407f7ee3b90c6a99e57bc06
SHA256:1be12c5f311b3144e274e80738354200f629140e6a0ee2b10dd53aadd9435608
Referenced In Project/Scope: waffle-tomcat11:provided
tomcat-el-api-11.0.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.tomcat/tomcat-catalina@11.0.2

Identifiers

tomcat-el-api-9.0.98.jar

Description:

Expression language package

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-el-api/9.0.98/tomcat-el-api-9.0.98.jar
MD5: a7baef6aa4913919fea25872740bf7e2
SHA1: f25cdef5efa34399fe3afbe08d0e34a09bad4657
SHA256:ff543f3000f31ba32e31369fd9bb93dab7fcea2352a1388a3635149e40617cd0
Referenced In Project/Scope: waffle-tomcat9:provided
tomcat-el-api-9.0.98.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.98

Identifiers

tomcat-embed-core-10.1.34.jar

Description:

Core Tomcat implementation

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/apache/tomcat/embed/tomcat-embed-core/10.1.34/tomcat-embed-core-10.1.34.jar
MD5: 697a86b4e96b0e0bfc7790d4aad03fe7
SHA1: f610f84be607fbc82e393cc220f0ad45f92afc91
SHA256:5817bbb6c3a8d405a9f51ea0d402786114b4e8fd6d7ac4dd23ca34ac8d38a593
Referenced In Projects/Scopes:
  • waffle-spring-boot-autoconfigure3:compile
  • waffle-spring-boot-filter3:compile

tomcat-embed-core-10.1.34.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/org.springframework.boot/spring-boot-starter-web@3.4.1
  • pkg:maven/org.springframework.boot/spring-boot-starter-web@3.4.1

Identifiers

tomcat-embed-core-9.0.83.jar

Description:

Core Tomcat implementation

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/apache/tomcat/embed/tomcat-embed-core/9.0.83/tomcat-embed-core-9.0.83.jar
MD5: d4e2068023fe800fd22a9fe2529c290b
SHA1: d771e4343b0515c67dab2a09fe02f5d47550153f
SHA256:4ed404d5dea8652846f3c52c094764c2ec018f28a3561f1d27df700f7aa5b376
Referenced In Projects/Scopes:
  • waffle-distro:runtime
  • waffle-spring-boot-autoconfigure2:compile
  • waffle-spring-boot-filter2:compile

tomcat-embed-core-9.0.83.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/org.springframework.boot/spring-boot-starter-web@2.7.18
  • pkg:maven/org.springframework.boot/spring-boot-starter-web@2.7.18
  • pkg:maven/com.github.waffle.demo/waffle-spring-boot-filter2@3.5.2-SNAPSHOT

Identifiers

tomcat-embed-el-10.1.34.jar

Description:

Core Tomcat implementation

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/apache/tomcat/embed/tomcat-embed-el/10.1.34/tomcat-embed-el-10.1.34.jar
MD5: 0e6b9caed9d638343f532ccd365a9708
SHA1: d2b2daca3bc999c62e58ae36b45ba0582530fb25
SHA256:54f10ed773387621f5c4fb7e526c2d1674f5d72fc4d86ed87238a750b7fdbfa0
Referenced In Projects/Scopes:
  • waffle-spring-boot-autoconfigure3:compile
  • waffle-spring-boot-filter3:compile

tomcat-embed-el-10.1.34.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/org.springframework.boot/spring-boot-starter-web@3.4.1
  • pkg:maven/org.springframework.boot/spring-boot-starter-web@3.4.1

Identifiers

tomcat-embed-el-9.0.83.jar

Description:

Core Tomcat implementation

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/apache/tomcat/embed/tomcat-embed-el/9.0.83/tomcat-embed-el-9.0.83.jar
MD5: eabd7f3ade6cb0cf36f7b238897b8f1d
SHA1: b0cdada70099c25f45fceb48e1ebce60d138a5ce
SHA256:a82c4cf8cf9e88d6891cbb4cbcb9f85f788e147c464cbeba15a2c83276f3344c
Referenced In Projects/Scopes:
  • waffle-distro:runtime
  • waffle-spring-boot-autoconfigure2:compile
  • waffle-spring-boot-filter2:compile

tomcat-embed-el-9.0.83.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/org.springframework.boot/spring-boot-starter-web@2.7.18
  • pkg:maven/com.github.waffle.demo/waffle-spring-boot-filter2@3.5.2-SNAPSHOT
  • pkg:maven/org.springframework.boot/spring-boot-starter-web@2.7.18

Identifiers

tomcat-jni-10.1.34.jar

Description:

Interface code to the native connector

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-jni/10.1.34/tomcat-jni-10.1.34.jar
MD5: 4453b69aa8248f4430485b2d230e93c0
SHA1: 5148d4d8a3b0b82c733212462d10155bdb6ec25d
SHA256:4deedd83ee5962ed71a9b4c4e824cdea027d340cb402b7257bd3978ef6a5ef31
Referenced In Project/Scope: waffle-tomcat10:provided
tomcat-jni-10.1.34.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.tomcat/tomcat-catalina@10.1.34

Identifiers

tomcat-jni-11.0.2.jar

Description:

Interface code to the native connector

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-jni/11.0.2/tomcat-jni-11.0.2.jar
MD5: c274eeee3771f008210fa0e2116a229d
SHA1: 5a81d188f564af9b0a9ada4c9dff5a5253b198e5
SHA256:27e3c99a1dadd6a3ce10ed605505ac494ed218ef48faf874ff6815d4fe50ca95
Referenced In Project/Scope: waffle-tomcat11:provided
tomcat-jni-11.0.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.tomcat/tomcat-catalina@11.0.2

Identifiers

tomcat-jni-9.0.98.jar

Description:

Interface code to the native connector

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-jni/9.0.98/tomcat-jni-9.0.98.jar
MD5: fdac694b25c0fbf559a9b251f63073f4
SHA1: c5604e2970f218e18400487239fa65db36225510
SHA256:e084af31c187f37f7397c57d5c0e64e4d96daaaccd00ed0bb4904def4022ec34
Referenced In Project/Scope: waffle-tomcat9:provided
tomcat-jni-9.0.98.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.98

Identifiers

tomcat-juli-10.1.34.jar

Description:

Tomcat Core Logging Package

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-juli/10.1.34/tomcat-juli-10.1.34.jar
MD5: 1990cd30ff077a788979bf80623927e5
SHA1: 3e730bdbf592151765b48efe1f753ddd4de94601
SHA256:08179379975e14a7cf569ab89a5481dd821cd7097a5db680c950a8dd1844282b
Referenced In Project/Scope: waffle-tomcat10:provided
tomcat-juli-10.1.34.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-tomcat10@3.5.2-SNAPSHOT

Identifiers

tomcat-juli-11.0.2.jar

Description:

Tomcat Core Logging Package

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-juli/11.0.2/tomcat-juli-11.0.2.jar
MD5: 5613c9cb8b754b658416c09c64413cb2
SHA1: 475337d25ea6489771dd7e5a1421433cfe0d9cd8
SHA256:e791750d317ea3f05f108caaa4d15974cbb324f56ac06060971639853d476619
Referenced In Project/Scope: waffle-tomcat11:provided
tomcat-juli-11.0.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-tomcat11@3.5.2-SNAPSHOT

Identifiers

tomcat-juli-9.0.98.jar

Description:

Tomcat Core Logging Package

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-juli/9.0.98/tomcat-juli-9.0.98.jar
MD5: 445547c31e2e79558a4517c78eb4d789
SHA1: 5b1fff24037339fcf8045f87ff5694b04e79c472
SHA256:40994df9c4741eefe7f38701be3c59e563bff89f030ca68b625a57e8ce149092
Referenced In Project/Scope: waffle-tomcat9:provided
tomcat-juli-9.0.98.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-tomcat9@3.5.2-SNAPSHOT

Identifiers

tomcat-servlet-api-10.1.34.jar

Description:

jakarta.servlet package

License:

        Apache License, Version 2.0 and
        Common Development And Distribution License (CDDL) Version 1.0 and
        Eclipse Public License - v 2.0
      : 
        http://www.apache.org/licenses/LICENSE-2.0.txt and
        http://www.opensource.org/licenses/cddl1.txt and
        https://www.eclipse.org/org/documents/epl-2.0/EPL-2.0.txt
File Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-servlet-api/10.1.34/tomcat-servlet-api-10.1.34.jar
MD5: 1625f9a63c09c6047e10fb147a4e540b
SHA1: 680a730f85a503c6a18377b8ac0a83fc42db88be
SHA256:0846819339597d259b89c1a7ab27824027c5bbf38b576addc48060214f7d1f36
Referenced In Project/Scope: waffle-tomcat10:provided
tomcat-servlet-api-10.1.34.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-tomcat10@3.5.2-SNAPSHOT

Identifiers

tomcat-servlet-api-11.0.2.jar

Description:

jakarta.servlet package

License:

        Apache License, Version 2.0 and
        Common Development And Distribution License (CDDL) Version 1.0 and
        Eclipse Public License - v 2.0
      : 
        http://www.apache.org/licenses/LICENSE-2.0.txt and
        http://www.opensource.org/licenses/cddl1.txt and
        https://www.eclipse.org/org/documents/epl-2.0/EPL-2.0.txt
File Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-servlet-api/11.0.2/tomcat-servlet-api-11.0.2.jar
MD5: 2302cc92c356e61fa8323619908045b2
SHA1: daa0985300d5dc52d6ece0bafbb37459eb01c422
SHA256:3e2687986f2b8957fe4a3c9e29820a8f43cdcdfc67d0e5a54e9cee70b7e49319
Referenced In Project/Scope: waffle-tomcat11:provided
tomcat-servlet-api-11.0.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-tomcat11@3.5.2-SNAPSHOT

Identifiers

tomcat-servlet-api-9.0.98.jar

Description:

javax.servlet package

License:

        Apache License, Version 2.0 and
        Common Development And Distribution License (CDDL) Version 1.0
      : 
        http://www.apache.org/licenses/LICENSE-2.0.txt and
        http://www.opensource.org/licenses/cddl1.txt
File Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-servlet-api/9.0.98/tomcat-servlet-api-9.0.98.jar
MD5: 96fb550f5953f6b9401fde7d14f5683d
SHA1: a06c4f0ed3fddcdd1c634ebf472228706c29ea7f
SHA256:18085e7d8ad007c28bc50018437828fb6b88f65fabd774a1e4e6e8fbd2b7d757
Referenced In Project/Scope: waffle-tomcat9:provided
tomcat-servlet-api-9.0.98.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-tomcat9@3.5.2-SNAPSHOT

Identifiers



This report contains data retrieved from the National Vulnerability Database.
This report may contain data retrieved from the CISA Known Exploited Vulnerability Catalog.
This report may contain data retrieved from the Github Advisory Database (via NPM Audit API).
This report may contain data retrieved from RetireJS.
This report may contain data retrieved from the Sonatype OSS Index.