Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies;
false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and
the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties,
implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided
is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever
arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
Scan Information (
show all ):
dependency-check version : 9.0.9Report Generated On : Sun, 21 Jan 2024 09:39:58 GMTDependencies Scanned : 194 (119 unique)Vulnerable Dependencies : 9 Vulnerabilities Found : 29Vulnerabilities Suppressed : 0 ... NVD API Last Checked : 2024-01-21T09:39:41ZNVD API Last Modified : 2024-01-21T08:15:07ZSummary Display:
Showing Vulnerable Dependencies (click to show all) * indicates the dependency has a known exploited vulnerability
apache-jsp-10.0.19.jarDescription:
Jetty-specific ServletContainerInitializer for Jasper License:
https://www.eclipse.org/legal/epl-2.0/, https://www.apache.org/licenses/LICENSE-2.0 File Path: /home/runner/.m2/repository/org/eclipse/jetty/apache-jsp/10.0.19/apache-jsp-10.0.19.jar
MD5: f2c8f0dc627514318c6528139622e7d6
SHA1: 9055d4f466701d031359aef22f6cecac679e5ba3
SHA256: daf8c88e1dfa0ff68090beb6cea3dea4d56e20cdbe0f7f4e2546ef6716466247
Referenced In Project/Scope: waffle-jetty:provided
apache-jsp-10.0.19.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-jetty@3.3.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name apache-jsp High Vendor jar package name apache Highest Vendor jar package name eclipse Highest Vendor jar package name jetty Highest Vendor jar package name jsp Highest Vendor Manifest build-jdk-spec 21 Low Vendor Manifest bundle-copyright Copyright (c) 2008-2022 Mort Bay Consulting Pty Ltd and others. Low Vendor Manifest bundle-docurl https://eclipse.dev/jetty/ Low Vendor Manifest bundle-requiredexecutionenvironment JavaSE-11 Low Vendor Manifest bundle-symbolicname org.eclipse.jetty.apache-jsp Medium Vendor Manifest Implementation-Vendor Eclipse Jetty Project High Vendor Manifest provide-capability osgi.serviceloader;osgi.serviceloader="javax.servlet.ServletContainerInitializer",osgi.serviceloader;osgi.serviceloader="org.apache.juli.logging.Log" Low Vendor Manifest url https://eclipse.dev/jetty/ Low Vendor pom artifactid apache-jsp Highest Vendor pom artifactid apache-jsp Low Vendor pom groupid org.eclipse.jetty Highest Vendor pom name Jetty :: Apache JSP Implementation High Vendor pom parent-artifactid jetty-project Low Product file name apache-jsp High Product jar package name apache Highest Product jar package name eclipse Highest Product jar package name jetty Highest Product jar package name jsp Highest Product Manifest build-jdk-spec 21 Low Product Manifest bundle-copyright Copyright (c) 2008-2022 Mort Bay Consulting Pty Ltd and others. Low Product Manifest bundle-docurl https://eclipse.dev/jetty/ Low Product Manifest Bundle-Name Jetty :: Apache JSP Implementation Medium Product Manifest bundle-requiredexecutionenvironment JavaSE-11 Low Product Manifest bundle-symbolicname org.eclipse.jetty.apache-jsp Medium Product Manifest provide-capability osgi.serviceloader;osgi.serviceloader="javax.servlet.ServletContainerInitializer",osgi.serviceloader;osgi.serviceloader="org.apache.juli.logging.Log" Low Product Manifest url https://eclipse.dev/jetty/ Low Product pom artifactid apache-jsp Highest Product pom groupid org.eclipse.jetty Highest Product pom name Jetty :: Apache JSP Implementation High Product pom parent-artifactid jetty-project Medium Version file version 10.0.19 High Version Manifest Bundle-Version 10.0.19 High Version Manifest Implementation-Version 10.0.19 High Version pom version 10.0.19 Highest
asm-9.6.jarDescription:
ASM, a very small and fast Java bytecode manipulation framework License:
BSD-3-Clause: https://asm.ow2.io/license.html File Path: /home/runner/.m2/repository/org/ow2/asm/asm/9.6/asm-9.6.jar
MD5: 6f8bccf756f170d4185bb24c8c2d2020
SHA1: aa205cf0a06dbd8e04ece91c0b37c3f5d567546a
SHA256: 3c6fac2424db3d4a853b669f4e3d1d9c3c552235e19a319673f887083c2303a1
Referenced In Project/Scope: waffle-jetty:provided
asm-9.6.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.ow2.asm/asm-commons@9.6
Evidence Type Source Name Value Confidence Vendor file name asm High Vendor jar package name asm Highest Vendor jar package name objectweb Highest Vendor Manifest bundle-docurl http://asm.ow2.org Low Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor Manifest bundle-symbolicname org.objectweb.asm Medium Vendor pom artifactid asm Highest Vendor pom artifactid asm Low Vendor pom developer email ebruneton@free.fr Low Vendor pom developer email eu@javatx.org Low Vendor pom developer email forax@univ-mlv.fr Low Vendor pom developer id ebruneton Medium Vendor pom developer id eu Medium Vendor pom developer id forax Medium Vendor pom developer name Eric Bruneton Medium Vendor pom developer name Eugene Kuleshov Medium Vendor pom developer name Remi Forax Medium Vendor pom groupid org.ow2.asm Highest Vendor pom name asm High Vendor pom organization name OW2 High Vendor pom organization url http://www.ow2.org/ Medium Vendor pom parent-artifactid ow2 Low Vendor pom parent-groupid org.ow2 Medium Vendor pom url http://asm.ow2.io/ Highest Product file name asm High Product jar package name asm Highest Product jar package name objectweb Highest Product Manifest bundle-docurl http://asm.ow2.org Low Product Manifest Bundle-Name org.objectweb.asm Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product Manifest bundle-symbolicname org.objectweb.asm Medium Product Manifest Implementation-Title ASM, a very small and fast Java bytecode manipulation framework High Product pom artifactid asm Highest Product pom developer email ebruneton@free.fr Low Product pom developer email eu@javatx.org Low Product pom developer email forax@univ-mlv.fr Low Product pom developer id ebruneton Low Product pom developer id eu Low Product pom developer id forax Low Product pom developer name Eric Bruneton Low Product pom developer name Eugene Kuleshov Low Product pom developer name Remi Forax Low Product pom groupid org.ow2.asm Highest Product pom name asm High Product pom organization name OW2 Low Product pom organization url http://www.ow2.org/ Low Product pom parent-artifactid ow2 Medium Product pom parent-groupid org.ow2 Medium Product pom url http://asm.ow2.io/ Medium Version file version 9.6 High Version Manifest Bundle-Version 9.6 High Version Manifest Implementation-Version 9.6 High Version pom parent-version 9.6 Low Version pom version 9.6 Highest
asm-commons-9.6.jarDescription:
Usefull class adapters based on ASM, a very small and fast Java bytecode manipulation framework License:
BSD-3-Clause: https://asm.ow2.io/license.html File Path: /home/runner/.m2/repository/org/ow2/asm/asm-commons/9.6/asm-commons-9.6.jar
MD5: 9e317c75534bd1da8c00a67c618ab288
SHA1: f1a9e5508eff490744144565c47326c8648be309
SHA256: 7aefd0d5c0901701c69f7513feda765fb6be33af2ce7aa17c5781fc87657c511
Referenced In Project/Scope: waffle-jetty:provided
asm-commons-9.6.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-jetty@3.3.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name asm-commons High Vendor jar package name asm Highest Vendor jar package name commons Highest Vendor jar package name objectweb Highest Vendor Manifest bundle-docurl http://asm.ow2.org Low Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor Manifest bundle-symbolicname org.objectweb.asm.commons Medium Vendor Manifest module-requires org.objectweb.asm;transitive=true,org.objectweb.asm.tree;transitive=true Low Vendor pom artifactid asm-commons Highest Vendor pom artifactid asm-commons Low Vendor pom developer email ebruneton@free.fr Low Vendor pom developer email eu@javatx.org Low Vendor pom developer email forax@univ-mlv.fr Low Vendor pom developer id ebruneton Medium Vendor pom developer id eu Medium Vendor pom developer id forax Medium Vendor pom developer name Eric Bruneton Medium Vendor pom developer name Eugene Kuleshov Medium Vendor pom developer name Remi Forax Medium Vendor pom groupid org.ow2.asm Highest Vendor pom name asm-commons High Vendor pom organization name OW2 High Vendor pom organization url http://www.ow2.org/ Medium Vendor pom parent-artifactid ow2 Low Vendor pom parent-groupid org.ow2 Medium Vendor pom url http://asm.ow2.io/ Highest Product file name asm-commons High Product jar package name asm Highest Product jar package name commons Highest Product jar package name objectweb Highest Product Manifest bundle-docurl http://asm.ow2.org Low Product Manifest Bundle-Name org.objectweb.asm.commons Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product Manifest bundle-symbolicname org.objectweb.asm.commons Medium Product Manifest Implementation-Title Usefull class adapters based on ASM, a very small and fast Java bytecode manipulation framework High Product Manifest module-requires org.objectweb.asm;transitive=true,org.objectweb.asm.tree;transitive=true Low Product pom artifactid asm-commons Highest Product pom developer email ebruneton@free.fr Low Product pom developer email eu@javatx.org Low Product pom developer email forax@univ-mlv.fr Low Product pom developer id ebruneton Low Product pom developer id eu Low Product pom developer id forax Low Product pom developer name Eric Bruneton Low Product pom developer name Eugene Kuleshov Low Product pom developer name Remi Forax Low Product pom groupid org.ow2.asm Highest Product pom name asm-commons High Product pom organization name OW2 Low Product pom organization url http://www.ow2.org/ Low Product pom parent-artifactid ow2 Medium Product pom parent-groupid org.ow2 Medium Product pom url http://asm.ow2.io/ Medium Version file version 9.6 High Version Manifest Bundle-Version 9.6 High Version Manifest Implementation-Version 9.6 High Version pom parent-version 9.6 Low Version pom version 9.6 Highest
asm-tree-9.6.jarDescription:
Tree API of ASM, a very small and fast Java bytecode manipulation framework License:
BSD-3-Clause: https://asm.ow2.io/license.html File Path: /home/runner/.m2/repository/org/ow2/asm/asm-tree/9.6/asm-tree-9.6.jar
MD5: 6062608f1a98afe1e853d01fa1221a9e
SHA1: c0cdda9d211e965d2a4448aa3fd86110f2f8c2de
SHA256: c43ecf17b539c777e15da7b5b86553b377e2d39a683de6285567d5283888e7ef
Referenced In Project/Scope: waffle-jetty:provided
asm-tree-9.6.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.ow2.asm/asm-commons@9.6
Evidence Type Source Name Value Confidence Vendor file name asm-tree High Vendor jar package name asm Highest Vendor jar package name objectweb Highest Vendor jar package name tree Highest Vendor Manifest bundle-docurl http://asm.ow2.org Low Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor Manifest bundle-symbolicname org.objectweb.asm.tree Medium Vendor Manifest module-requires org.objectweb.asm;transitive=true Low Vendor pom artifactid asm-tree Highest Vendor pom artifactid asm-tree Low Vendor pom developer email ebruneton@free.fr Low Vendor pom developer email eu@javatx.org Low Vendor pom developer email forax@univ-mlv.fr Low Vendor pom developer id ebruneton Medium Vendor pom developer id eu Medium Vendor pom developer id forax Medium Vendor pom developer name Eric Bruneton Medium Vendor pom developer name Eugene Kuleshov Medium Vendor pom developer name Remi Forax Medium Vendor pom groupid org.ow2.asm Highest Vendor pom name asm-tree High Vendor pom organization name OW2 High Vendor pom organization url http://www.ow2.org/ Medium Vendor pom parent-artifactid ow2 Low Vendor pom parent-groupid org.ow2 Medium Vendor pom url http://asm.ow2.io/ Highest Product file name asm-tree High Product jar package name asm Highest Product jar package name objectweb Highest Product jar package name tree Highest Product Manifest bundle-docurl http://asm.ow2.org Low Product Manifest Bundle-Name org.objectweb.asm.tree Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product Manifest bundle-symbolicname org.objectweb.asm.tree Medium Product Manifest Implementation-Title Tree API of ASM, a very small and fast Java bytecode manipulation framework High Product Manifest module-requires org.objectweb.asm;transitive=true Low Product pom artifactid asm-tree Highest Product pom developer email ebruneton@free.fr Low Product pom developer email eu@javatx.org Low Product pom developer email forax@univ-mlv.fr Low Product pom developer id ebruneton Low Product pom developer id eu Low Product pom developer id forax Low Product pom developer name Eric Bruneton Low Product pom developer name Eugene Kuleshov Low Product pom developer name Remi Forax Low Product pom groupid org.ow2.asm Highest Product pom name asm-tree High Product pom organization name OW2 Low Product pom organization url http://www.ow2.org/ Low Product pom parent-artifactid ow2 Medium Product pom parent-groupid org.ow2 Medium Product pom url http://asm.ow2.io/ Medium Version file version 9.6 High Version Manifest Bundle-Version 9.6 High Version Manifest Implementation-Version 9.6 High Version pom parent-version 9.6 Low Version pom version 9.6 Highest
byte-buddy-1.14.11.jarDescription:
Byte Buddy is a Java library for creating Java classes at run time.
This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/net/bytebuddy/byte-buddy/1.14.11/byte-buddy-1.14.11.jar
MD5: c28e36075a114b176953fc10a5370be7
SHA1: 725602eb7c8c56b51b9c21f273f9df5c909d9e7d
SHA256: 62ae28187ed2b062813da6a9d567bfee733c341582699b62dd980230729a0313
Referenced In Projects/Scopes: waffle-mixed:compile waffle-tests:compile waffle-spring-boot-autoconfigure3:compile waffle-bom:compile waffle-spring-boot-starter2:compile waffle-spring-boot-autoconfigure2:compile waffle-spring-boot-starter3:compile waffle-form:compile waffle-tests-jakarta:compile waffle-negotiate:compile waffle-spring-boot-filter3:compile waffle-spring-filter:compile waffle-spring-boot-filter2:compile waffle-tomcat85:compile waffle-spring-security5:compile waffle-mixed-post:compile waffle-spring-security6:compile waffle-tomcat10:compile waffle-shiro:compile waffle-demo-parent:compile waffle:compile waffle-spring-boot2:compile waffle-spring-form:compile waffle-spring-boot3:compile waffle-distro:compile waffle-filter:compile waffle-jaas:compile waffle-jetty:compile waffle-tomcat9:compile byte-buddy-1.14.11.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle.demo/waffle-demo-parent@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-security6@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-tomcat10@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-boot2@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-shiro@3.3.1-SNAPSHOT pkg:maven/com.github.waffle.demo/waffle-spring-filter@3.3.1-SNAPSHOT pkg:maven/com.github.waffle.demo/waffle-negotiate@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-boot-autoconfigure3@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT pkg:maven/com.github.waffle.demo/waffle-spring-boot-filter3@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-tests-jakarta@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-tomcat9@3.3.1-SNAPSHOT pkg:maven/com.github.waffle.demo/waffle-spring-boot-filter2@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-bom@3.3.1-SNAPSHOT pkg:maven/com.github.waffle.demo/waffle-filter@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-tests@3.3.1-SNAPSHOT pkg:maven/com.github.waffle.demo/waffle-mixed-post@3.3.1-SNAPSHOT pkg:maven/com.github.waffle.demo/waffle-mixed@3.3.1-SNAPSHOT pkg:maven/com.github.waffle.demo/waffle-form@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-tomcat85@3.3.1-SNAPSHOT pkg:maven/com.github.waffle.demo/waffle-spring-form@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-boot-autoconfigure2@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jetty@3.3.1-SNAPSHOT pkg:maven/com.github.waffle.demo/waffle-jaas@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-boot3@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-boot-starter2@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-boot-starter3@3.3.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name byte-buddy High Vendor jar package name asm Highest Vendor jar package name build Highest Vendor jar package name bytebuddy Highest Vendor jar package name net Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-symbolicname net.bytebuddy.byte-buddy Medium Vendor Manifest multi-release true Low Vendor pom artifactid byte-buddy Highest Vendor pom artifactid byte-buddy Low Vendor pom groupid net.bytebuddy Highest Vendor pom name Byte Buddy (without dependencies) High Vendor pom parent-artifactid byte-buddy-parent Low Product file name byte-buddy High Product jar package name asm Highest Product jar package name build Highest Product jar package name bytebuddy Highest Product jar package name net Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest Bundle-Name Byte Buddy (without dependencies) Medium Product Manifest bundle-symbolicname net.bytebuddy.byte-buddy Medium Product Manifest multi-release true Low Product pom artifactid byte-buddy Highest Product pom groupid net.bytebuddy Highest Product pom name Byte Buddy (without dependencies) High Product pom parent-artifactid byte-buddy-parent Medium Version file version 1.14.11 High Version Manifest Bundle-Version 1.14.11 High Version pom version 1.14.11 Highest
byte-buddy-agent-1.14.11.jarDescription:
The Byte Buddy agent offers convenience for attaching an agent to the local or a remote VM. License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/net/bytebuddy/byte-buddy-agent/1.14.11/byte-buddy-agent-1.14.11.jar
MD5: 0de12734d808654692599b08ccd84020
SHA1: f9cb566608fbac6bc7bf54901a7aa11543a989ee
SHA256: 2f537a621a64fa7013d68c695a76a34ee8d79dad74e635caca16dd56257aeb80
Referenced In Projects/Scopes: waffle-mixed:compile waffle-tests:compile waffle-spring-boot-autoconfigure3:compile waffle-bom:compile waffle-spring-boot-starter2:compile waffle-spring-boot-autoconfigure2:compile waffle-spring-boot-starter3:compile waffle-form:compile waffle-tests-jakarta:compile waffle-negotiate:compile waffle-spring-boot-filter3:compile waffle-spring-filter:compile waffle-spring-boot-filter2:compile waffle-tomcat85:compile waffle-spring-security5:compile waffle-mixed-post:compile waffle-spring-security6:compile waffle-tomcat10:compile waffle-shiro:compile waffle-demo-parent:compile waffle:compile waffle-spring-boot2:compile waffle-spring-form:compile waffle-spring-boot3:compile waffle-distro:compile waffle-filter:compile waffle-jaas:compile waffle-jetty:compile waffle-tomcat9:compile byte-buddy-agent-1.14.11.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-spring-boot3@3.3.1-SNAPSHOT pkg:maven/com.github.waffle.demo/waffle-mixed-post@3.3.1-SNAPSHOT pkg:maven/com.github.waffle.demo/waffle-spring-boot-filter2@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-boot-autoconfigure3@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle@3.3.1-SNAPSHOT pkg:maven/com.github.waffle.demo/waffle-spring-filter@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-boot-starter3@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-bom@3.3.1-SNAPSHOT pkg:maven/com.github.waffle.demo/waffle-mixed@3.3.1-SNAPSHOT pkg:maven/com.github.waffle.demo/waffle-form@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jetty@3.3.1-SNAPSHOT pkg:maven/com.github.waffle.demo/waffle-jaas@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-shiro@3.3.1-SNAPSHOT pkg:maven/com.github.waffle.demo/waffle-demo-parent@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-boot-autoconfigure2@3.3.1-SNAPSHOT pkg:maven/com.github.waffle.demo/waffle-spring-boot-filter3@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT pkg:maven/com.github.waffle.demo/waffle-spring-form@3.3.1-SNAPSHOT pkg:maven/com.github.waffle.demo/waffle-negotiate@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-tomcat10@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-tests-jakarta@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-tomcat9@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-security6@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-tests@3.3.1-SNAPSHOT pkg:maven/com.github.waffle.demo/waffle-filter@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-tomcat85@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-boot-starter2@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-boot2@3.3.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name byte-buddy-agent High Vendor jar package name agent Highest Vendor jar package name bytebuddy Highest Vendor jar package name net Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-symbolicname net.bytebuddy.byte-buddy-agent Medium Vendor Manifest can-redefine-classes true Low Vendor Manifest can-retransform-classes true Low Vendor Manifest can-set-native-method-prefix true Low Vendor Manifest multi-release true Low Vendor pom artifactid byte-buddy-agent Highest Vendor pom artifactid byte-buddy-agent Low Vendor pom groupid net.bytebuddy Highest Vendor pom name Byte Buddy agent High Vendor pom parent-artifactid byte-buddy-parent Low Product file name byte-buddy-agent High Product jar package name agent Highest Product jar package name bytebuddy Highest Product jar package name net Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest Bundle-Name Byte Buddy agent Medium Product Manifest bundle-symbolicname net.bytebuddy.byte-buddy-agent Medium Product Manifest can-redefine-classes true Low Product Manifest can-retransform-classes true Low Product Manifest can-set-native-method-prefix true Low Product Manifest multi-release true Low Product pom artifactid byte-buddy-agent Highest Product pom groupid net.bytebuddy Highest Product pom name Byte Buddy agent High Product pom parent-artifactid byte-buddy-parent Medium Version file version 1.14.11 High Version Manifest Bundle-Version 1.14.11 High Version pom version 1.14.11 Highest
byte-buddy-agent-1.14.11.jar: attach_hotspot_windows.dllFile Path: /home/runner/.m2/repository/net/bytebuddy/byte-buddy-agent/1.14.11/byte-buddy-agent-1.14.11.jar/win32-x86-64/attach_hotspot_windows.dllMD5: 053a783e5777c6a9867c27d51af89677SHA1: 5ef4d98ae6a033a5707d0b5466e6138beb337e76SHA256: 16d424423f9b09accf132ad35dbeaa52ac9f6bd45bba1406b89df851f651db20Referenced In Projects/Scopes:
waffle-mixed:compile waffle-tests:compile waffle-spring-boot-autoconfigure3:compile waffle-bom:compile waffle-spring-boot-starter2:compile waffle-spring-boot-autoconfigure2:compile waffle-spring-boot-starter3:compile waffle-form:compile waffle-tests-jakarta:compile waffle-negotiate:compile waffle-spring-boot-filter3:compile waffle-spring-filter:compile waffle-spring-boot-filter2:compile waffle-tomcat85:compile waffle-spring-security5:compile waffle-mixed-post:compile waffle-spring-security6:compile waffle-tomcat10:compile waffle-shiro:compile waffle-demo-parent:compile waffle:compile waffle-spring-boot2:compile waffle-spring-form:compile waffle-spring-boot3:compile waffle-distro:compile waffle-filter:compile waffle-jaas:compile waffle-jetty:compile waffle-tomcat9:compile Evidence Type Source Name Value Confidence Vendor file name attach_hotspot_windows High Product file name attach_hotspot_windows High
byte-buddy-agent-1.14.11.jar: attach_hotspot_windows.dllFile Path: /home/runner/.m2/repository/net/bytebuddy/byte-buddy-agent/1.14.11/byte-buddy-agent-1.14.11.jar/win32-x86/attach_hotspot_windows.dllMD5: fbca33102ac97be0ed496c0f78e466b3SHA1: c4df05146a86a6d073769bb697d550ef42518ed5SHA256: 810f94c4a2f5ca1a072c19859f7954fed9aa3a1dcb0d601e92d2338793202e72Referenced In Projects/Scopes:
waffle-mixed:compile waffle-tests:compile waffle-spring-boot-autoconfigure3:compile waffle-bom:compile waffle-spring-boot-starter2:compile waffle-spring-boot-autoconfigure2:compile waffle-spring-boot-starter3:compile waffle-form:compile waffle-tests-jakarta:compile waffle-negotiate:compile waffle-spring-boot-filter3:compile waffle-spring-filter:compile waffle-spring-boot-filter2:compile waffle-tomcat85:compile waffle-spring-security5:compile waffle-mixed-post:compile waffle-spring-security6:compile waffle-tomcat10:compile waffle-shiro:compile waffle-demo-parent:compile waffle:compile waffle-spring-boot2:compile waffle-spring-form:compile waffle-spring-boot3:compile waffle-distro:compile waffle-filter:compile waffle-jaas:compile waffle-jetty:compile waffle-tomcat9:compile Evidence Type Source Name Value Confidence Vendor file name attach_hotspot_windows High Product file name attach_hotspot_windows High
caffeine-2.9.3.jarDescription:
A high performance caching library License:
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/com/github/ben-manes/caffeine/caffeine/2.9.3/caffeine-2.9.3.jar
MD5: e0b9c5ccd60a1b5403df1dfe6de37d8e
SHA1: b162491f768824d21487551873f9b3b374a7fe19
SHA256: 1e0a7bbef1dd791653143f3f05d0e489934bf5481e58a87c9e619cd46b68729b
Referenced In Projects/Scopes: waffle-spring-boot-starter2:compile waffle-spring-boot-autoconfigure2:compile caffeine-2.9.3.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name caffeine High Vendor jar package name benmanes Highest Vendor jar package name cache Highest Vendor jar package name caffeine Highest Vendor jar package name github Highest Vendor Manifest automatic-module-name com.github.benmanes.caffeine Medium Vendor Manifest bundle-symbolicname com.github.ben-manes.caffeine Medium Vendor pom artifactid caffeine Highest Vendor pom artifactid caffeine Low Vendor pom developer email ben.manes@gmail.com Low Vendor pom developer id ben-manes Medium Vendor pom developer name Ben Manes Medium Vendor pom groupid com.github.ben-manes.caffeine Highest Vendor pom name Caffeine cache High Vendor pom url ben-manes/caffeine Highest Product file name caffeine High Product jar package name benmanes Highest Product jar package name cache Highest Product jar package name caffeine Highest Product jar package name github Highest Product Manifest automatic-module-name com.github.benmanes.caffeine Medium Product Manifest Bundle-Name com.github.ben-manes.caffeine Medium Product Manifest bundle-symbolicname com.github.ben-manes.caffeine Medium Product pom artifactid caffeine Highest Product pom developer email ben.manes@gmail.com Low Product pom developer id ben-manes Low Product pom developer name Ben Manes Low Product pom groupid com.github.ben-manes.caffeine Highest Product pom name Caffeine cache High Product pom url ben-manes/caffeine High Version file version 2.9.3 High Version Manifest Bundle-Version 2.9.3 High Version pom version 2.9.3 Highest
caffeine-3.1.8.jarDescription:
A high performance caching library License:
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/com/github/ben-manes/caffeine/caffeine/3.1.8/caffeine-3.1.8.jar
MD5: b19301179903e8781776397d9923f7c8
SHA1: 24795585df8afaf70a2cd534786904ea5889c047
SHA256: 7dd15f9df1be238ffaa367ce6f556737a88031de4294dad18eef57c474ddf1d3
Referenced In Projects/Scopes: waffle-tests:compile waffle-jna:compile waffle-spring-boot-autoconfigure3:compile waffle-tomcat85:compile waffle-jna-jakarta:compile waffle-spring-security5:compile waffle-mixed-post:provided waffle-spring-security6:compile waffle-spring-boot-starter3:compile waffle-tomcat10:compile waffle-shiro:compile waffle-spring-form:compile waffle-form:compile waffle-mixed:provided waffle-negotiate:provided waffle-distro:compile waffle-tests-jakarta:compile waffle-spring-boot-filter3:compile waffle-spring-filter:compile waffle-filter:compile waffle-jaas:compile waffle-jetty:compile waffle-spring-boot-filter2:compile waffle-tomcat9:compile caffeine-3.1.8.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna-jakarta@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna-jakarta@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna-jakarta@3.3.1-SNAPSHOT pkg:maven/com.github.waffle.demo/waffle-negotiate@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna-jakarta@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-security6@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-tomcat85@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT pkg:maven/com.github.waffle.demo/waffle-mixed-post@3.3.1-SNAPSHOT pkg:maven/com.github.waffle.demo/waffle-mixed@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-security6@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna-jakarta@3.3.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name caffeine High Vendor jar package name benmanes Highest Vendor jar package name cache Highest Vendor jar package name caffeine Highest Vendor jar package name github Highest Vendor Manifest automatic-module-name com.github.benmanes.caffeine Medium Vendor Manifest build-jdk-spec 11 Low Vendor Manifest bundle-symbolicname com.github.ben-manes.caffeine Medium Vendor pom artifactid caffeine Highest Vendor pom artifactid caffeine Low Vendor pom developer email ben.manes@gmail.com Low Vendor pom developer id ben-manes Medium Vendor pom developer name Ben Manes Medium Vendor pom groupid com.github.ben-manes.caffeine Highest Vendor pom name Caffeine cache High Vendor pom url ben-manes/caffeine Highest Product file name caffeine High Product jar package name benmanes Highest Product jar package name cache Highest Product jar package name caffeine Highest Product jar package name github Highest Product Manifest automatic-module-name com.github.benmanes.caffeine Medium Product Manifest build-jdk-spec 11 Low Product Manifest Bundle-Name com.github.ben-manes.caffeine Medium Product Manifest bundle-symbolicname com.github.ben-manes.caffeine Medium Product Manifest Implementation-Title A high performance caching library High Product pom artifactid caffeine Highest Product pom developer email ben.manes@gmail.com Low Product pom developer id ben-manes Low Product pom developer name Ben Manes Low Product pom groupid com.github.ben-manes.caffeine Highest Product pom name Caffeine cache High Product pom url ben-manes/caffeine High Version file version 3.1.8 High Version Manifest Bundle-Version 3.1.8 High Version Manifest Implementation-Version 3.1.8 High Version pom version 3.1.8 Highest
checker-qual-3.42.0.jarDescription:
checker-qual contains annotations (type qualifiers) that a programmer
writes to specify Java code for type-checking by the Checker Framework.
License:
The MIT License: http://opensource.org/licenses/MIT File Path: /home/runner/.m2/repository/org/checkerframework/checker-qual/3.42.0/checker-qual-3.42.0.jar
MD5: 4c55448dcbfe9c3702f7758fc8fe0086
SHA1: 638ec33f363a94d41a4f03c3e7d3dcfba64e402d
SHA256: ccaedd33af0b7894d9f2f3b644f4d19e43928e32902e61ac4d10777830f5aac7
Referenced In Projects/Scopes: waffle-tests:compile waffle-jna:compile waffle-spring-boot-autoconfigure3:compile waffle-spring-boot-starter2:compile waffle-mixed-post:provided waffle-spring-boot-autoconfigure2:compile waffle-spring-boot-starter3:compile waffle-form:compile waffle-negotiate:provided waffle-tests-jakarta:compile waffle-spring-boot-filter3:compile waffle-spring-filter:compile waffle-spring-boot-filter2:compile waffle-tomcat85:compile waffle-jna-jakarta:compile waffle-spring-security5:compile waffle-spring-security6:compile waffle-tomcat10:compile waffle-shiro:compile waffle-spring-form:compile waffle-mixed:provided waffle-distro:compile waffle-filter:compile waffle-jaas:compile waffle-jetty:compile waffle-tomcat9:compile checker-qual-3.42.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-spring-security6@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-tomcat85@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna-jakarta@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna-jakarta@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna-jakarta@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna-jakarta@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna-jakarta@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-security6@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name checker-qual High Vendor jar package name checker Highest Vendor jar package name checkerframework Highest Vendor jar package name framework Highest Vendor jar package name qual Highest Vendor Manifest automatic-module-name org.checkerframework.checker.qual Medium Vendor Manifest bundle-symbolicname checker-qual Medium Vendor Manifest implementation-url https://checkerframework.org Low Vendor pom artifactid checker-qual Highest Vendor pom artifactid checker-qual Low Vendor pom developer email mernst@cs.washington.edu Low Vendor pom developer email smillst@cs.washington.edu Low Vendor pom developer id mernst Medium Vendor pom developer id smillst Medium Vendor pom developer name Michael Ernst Medium Vendor pom developer name Suzanne Millstein Medium Vendor pom developer org University of Washington Medium Vendor pom developer org URL https://www.cs.washington.edu/ Medium Vendor pom groupid org.checkerframework Highest Vendor pom name Checker Qual High Vendor pom url https://checkerframework.org/ Highest Product file name checker-qual High Product jar package name checker Highest Product jar package name checkerframework Highest Product jar package name framework Highest Product jar package name qual Highest Product Manifest automatic-module-name org.checkerframework.checker.qual Medium Product Manifest Bundle-Name checker-qual Medium Product Manifest bundle-symbolicname checker-qual Medium Product Manifest implementation-url https://checkerframework.org Low Product pom artifactid checker-qual Highest Product pom developer email mernst@cs.washington.edu Low Product pom developer email smillst@cs.washington.edu Low Product pom developer id mernst Low Product pom developer id smillst Low Product pom developer name Michael Ernst Low Product pom developer name Suzanne Millstein Low Product pom developer org University of Washington Low Product pom developer org URL https://www.cs.washington.edu/ Low Product pom groupid org.checkerframework Highest Product pom name Checker Qual High Product pom url https://checkerframework.org/ Medium Version file version 3.42.0 High Version Manifest Bundle-Version 3.42.0 High Version Manifest Implementation-Version 3.42.0 High Version pom version 3.42.0 Highest
com.github.waffle.demo:waffle-filter:3.3.1-SNAPSHOTDescription:
Filter Demo for WAFFLE License:
MIT https://raw.github.com/Waffle/waffle/master/LICENSE File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-demo/waffle-filter/pom.xml
Referenced In Project/Scope: waffle-distro
com.github.waffle.demo:waffle-filter:3.3.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid waffle-filter Low Vendor project groupid com.github.waffle.demo Highest Product file name pom High Product project artifactid waffle-filter Highest Product project groupid com.github.waffle.demo Low
com.github.waffle.demo:waffle-form:3.3.1-SNAPSHOTDescription:
Form Demo for WAFFLE License:
MIT https://raw.github.com/Waffle/waffle/master/LICENSE File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-demo/waffle-form/pom.xml
Referenced In Project/Scope: waffle-distro
com.github.waffle.demo:waffle-form:3.3.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid waffle-form Low Vendor project groupid com.github.waffle.demo Highest Product file name pom High Product project artifactid waffle-form Highest Product project groupid com.github.waffle.demo Low
com.github.waffle.demo:waffle-jaas:3.3.1-SNAPSHOTDescription:
Jaas Demo for WAFFLE License:
MIT https://raw.github.com/Waffle/waffle/master/LICENSE File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-demo/waffle-jaas/pom.xml
Referenced In Project/Scope: waffle-distro
com.github.waffle.demo:waffle-jaas:3.3.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid waffle-jaas Low Vendor project groupid com.github.waffle.demo Highest Product file name pom High Product project artifactid waffle-jaas Highest Product project groupid com.github.waffle.demo Low
com.github.waffle.demo:waffle-mixed-post:3.3.1-SNAPSHOTDescription:
Mixed Post Demo for WAFFLE License:
MIT https://raw.github.com/Waffle/waffle/master/LICENSE File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-demo/waffle-mixed-post/pom.xml
Referenced In Project/Scope: waffle-distro
com.github.waffle.demo:waffle-mixed-post:3.3.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid waffle-mixed-post Low Vendor project groupid com.github.waffle.demo Highest Product file name pom High Product project artifactid waffle-mixed-post Highest Product project groupid com.github.waffle.demo Low
com.github.waffle.demo:waffle-mixed:3.3.1-SNAPSHOTDescription:
Mixed Demo for WAFFLE License:
MIT https://raw.github.com/Waffle/waffle/master/LICENSE File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-demo/waffle-mixed/pom.xml
Referenced In Project/Scope: waffle-distro
com.github.waffle.demo:waffle-mixed:3.3.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid waffle-mixed Low Vendor project groupid com.github.waffle.demo Highest Product file name pom High Product project artifactid waffle-mixed Highest Product project groupid com.github.waffle.demo Low
com.github.waffle.demo:waffle-negotiate:3.3.1-SNAPSHOTDescription:
Negotiate Demo for WAFFLE License:
MIT https://raw.github.com/Waffle/waffle/master/LICENSE File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-demo/waffle-negotiate/pom.xml
Referenced In Project/Scope: waffle-distro
com.github.waffle.demo:waffle-negotiate:3.3.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid waffle-negotiate Low Vendor project groupid com.github.waffle.demo Highest Product file name pom High Product project artifactid waffle-negotiate Highest Product project groupid com.github.waffle.demo Low
com.github.waffle.demo:waffle-spring-boot-filter2:3.3.1-SNAPSHOTDescription:
Spring Boot Filter 2 Demo for WAFFLE License:
MIT https://raw.github.com/Waffle/waffle/master/LICENSE File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-demo/waffle-spring-boot-filter2/pom.xml
Referenced In Project/Scope: waffle-distro
com.github.waffle.demo:waffle-spring-boot-filter2:3.3.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid waffle-spring-boot-filter2 Low Vendor project groupid com.github.waffle.demo Highest Product file name pom High Product project artifactid waffle-spring-boot-filter2 Highest Product project groupid com.github.waffle.demo Low
com.github.waffle.demo:waffle-spring-boot-filter3:3.3.1-SNAPSHOTDescription:
Spring Boot Filter 3 Demo for WAFFLE License:
MIT https://raw.github.com/Waffle/waffle/master/LICENSE File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-demo/waffle-spring-boot-filter3/pom.xml
Referenced In Project/Scope: waffle-distro
com.github.waffle.demo:waffle-spring-boot-filter3:3.3.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid waffle-spring-boot-filter3 Low Vendor project groupid com.github.waffle.demo Highest Product file name pom High Product project artifactid waffle-spring-boot-filter3 Highest Product project groupid com.github.waffle.demo Low
com.github.waffle.demo:waffle-spring-filter:3.3.1-SNAPSHOTDescription:
Spring Filter Demo for WAFFLE License:
MIT https://raw.github.com/Waffle/waffle/master/LICENSE File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-demo/waffle-spring-filter/pom.xml
Referenced In Project/Scope: waffle-distro
com.github.waffle.demo:waffle-spring-filter:3.3.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid waffle-spring-filter Low Vendor project groupid com.github.waffle.demo Highest Product file name pom High Product project artifactid waffle-spring-filter Highest Product project groupid com.github.waffle.demo Low
com.github.waffle.demo:waffle-spring-form:3.3.1-SNAPSHOTDescription:
Spring Form Demo for WAFFLE License:
MIT https://raw.github.com/Waffle/waffle/master/LICENSE File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-demo/waffle-spring-form/pom.xml
Referenced In Project/Scope: waffle-distro
com.github.waffle.demo:waffle-spring-form:3.3.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid waffle-spring-form Low Vendor project groupid com.github.waffle.demo Highest Product file name pom High Product project artifactid waffle-spring-form Highest Product project groupid com.github.waffle.demo Low
com.github.waffle:waffle-jetty:3.3.1-SNAPSHOTDescription:
Jetty integration for WAFFLE License:
MIT https://raw.github.com/Waffle/waffle/master/LICENSE File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-jetty/pom.xml
Referenced In Project/Scope: waffle-distro
com.github.waffle:waffle-jetty:3.3.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid waffle-jetty Low Vendor project groupid com.github.waffle Highest Product file name pom High Product project artifactid waffle-jetty Highest Product project groupid com.github.waffle Low
com.github.waffle:waffle-jna-jakarta:3.3.1-SNAPSHOTDescription:
WAFFLE JNA Jakarta Pakage implementation License:
MIT https://raw.github.com/Waffle/waffle/master/LICENSE File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-jna-jakarta/pom.xml
Referenced In Projects/Scopes: waffle-tomcat10 waffle-spring-boot-filter3 waffle-spring-boot-starter3 waffle-distro waffle-spring-security6 waffle-spring-boot-autoconfigure3 waffle-tests-jakarta com.github.waffle:waffle-jna-jakarta:3.3.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-spring-boot-starter3@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-tests-jakarta@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-boot-autoconfigure3@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-security6@3.3.1-SNAPSHOT pkg:maven/com.github.waffle.demo/waffle-spring-boot-filter3@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-tomcat10@3.3.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid waffle-jna-jakarta Low Vendor project groupid com.github.waffle Highest Product file name pom High Product project artifactid waffle-jna-jakarta Highest Product project groupid com.github.waffle Low
com.github.waffle:waffle-jna:3.3.1-SNAPSHOTDescription:
WAFFLE JNA implementation License:
MIT https://raw.github.com/Waffle/waffle/master/LICENSE File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-jna/pom.xml
Referenced In Projects/Scopes: waffle-shiro waffle-spring-boot-filter2 waffle-negotiate waffle-mixed waffle-tests waffle-spring-boot-starter2 waffle-spring-boot-autoconfigure2 waffle-distro waffle-spring-security5 waffle-tomcat9 waffle-form waffle-spring-filter waffle-filter waffle-jetty waffle-tomcat85 waffle-jaas waffle-spring-form waffle-mixed-post com.github.waffle:waffle-jna:3.3.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-spring-boot-starter2@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-tests@3.3.1-SNAPSHOT pkg:maven/com.github.waffle.demo/waffle-mixed-post@3.3.1-SNAPSHOT pkg:maven/com.github.waffle.demo/waffle-mixed@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jetty@3.3.1-SNAPSHOT pkg:maven/com.github.waffle.demo/waffle-negotiate@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-boot-autoconfigure2@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-tomcat85@3.3.1-SNAPSHOT pkg:maven/com.github.waffle.demo/waffle-spring-boot-filter2@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT pkg:maven/com.github.waffle.demo/waffle-jaas@3.3.1-SNAPSHOT pkg:maven/com.github.waffle.demo/waffle-spring-filter@3.3.1-SNAPSHOT pkg:maven/com.github.waffle.demo/waffle-spring-form@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-shiro@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-tomcat9@3.3.1-SNAPSHOT pkg:maven/com.github.waffle.demo/waffle-form@3.3.1-SNAPSHOT pkg:maven/com.github.waffle.demo/waffle-filter@3.3.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid waffle-jna Low Vendor project groupid com.github.waffle Highest Product file name pom High Product project artifactid waffle-jna Highest Product project groupid com.github.waffle Low
com.github.waffle:waffle-shiro:3.3.1-SNAPSHOTDescription:
Shiro integration for WAFFLE License:
MIT https://raw.github.com/Waffle/waffle/master/LICENSE File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-shiro/pom.xml
Referenced In Project/Scope: waffle-distro
com.github.waffle:waffle-shiro:3.3.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid waffle-shiro Low Vendor project groupid com.github.waffle Highest Product file name pom High Product project artifactid waffle-shiro Highest Product project groupid com.github.waffle Low
com.github.waffle:waffle-spring-boot-autoconfigure2:3.3.1-SNAPSHOTDescription:
Spring Boot Autoconfigure for WAFFLE License:
MIT https://raw.github.com/Waffle/waffle/master/LICENSE File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-spring-boot2/waffle-spring-boot-autoconfigure2/pom.xml
Referenced In Projects/Scopes: waffle-spring-boot-filter2 waffle-spring-boot-starter2 waffle-distro com.github.waffle:waffle-spring-boot-autoconfigure2:3.3.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-boot-starter2@3.3.1-SNAPSHOT pkg:maven/com.github.waffle.demo/waffle-spring-boot-filter2@3.3.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid waffle-spring-boot-autoconfigure2 Low Vendor project groupid com.github.waffle Highest Product file name pom High Product project artifactid waffle-spring-boot-autoconfigure2 Highest Product project groupid com.github.waffle Low
com.github.waffle:waffle-spring-boot-autoconfigure3:3.3.1-SNAPSHOTDescription:
Spring Boot Autoconfigure for WAFFLE License:
MIT https://raw.github.com/Waffle/waffle/master/LICENSE File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-spring-boot3/waffle-spring-boot-autoconfigure3/pom.xml
Referenced In Projects/Scopes: waffle-spring-boot-filter3 waffle-spring-boot-starter3 waffle-distro com.github.waffle:waffle-spring-boot-autoconfigure3:3.3.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT pkg:maven/com.github.waffle.demo/waffle-spring-boot-filter3@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-boot-starter3@3.3.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid waffle-spring-boot-autoconfigure3 Low Vendor project groupid com.github.waffle Highest Product file name pom High Product project artifactid waffle-spring-boot-autoconfigure3 Highest Product project groupid com.github.waffle Low
com.github.waffle:waffle-spring-boot-starter2:3.3.1-SNAPSHOTDescription:
Spring Boot Starter for WAFFLE License:
MIT https://raw.github.com/Waffle/waffle/master/LICENSE File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-spring-boot2/waffle-spring-boot-starter2/pom.xml
Referenced In Projects/Scopes: waffle-spring-boot-filter2 waffle-distro com.github.waffle:waffle-spring-boot-starter2:3.3.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle.demo/waffle-spring-boot-filter2@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid waffle-spring-boot-starter2 Low Vendor project groupid com.github.waffle Highest Product file name pom High Product project artifactid waffle-spring-boot-starter2 Highest Product project groupid com.github.waffle Low
com.github.waffle:waffle-spring-boot-starter3:3.3.1-SNAPSHOTDescription:
Spring Boot Starter for WAFFLE License:
MIT https://raw.github.com/Waffle/waffle/master/LICENSE File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-spring-boot3/waffle-spring-boot-starter3/pom.xml
Referenced In Projects/Scopes: waffle-spring-boot-filter3 waffle-distro com.github.waffle:waffle-spring-boot-starter3:3.3.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle.demo/waffle-spring-boot-filter3@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid waffle-spring-boot-starter3 Low Vendor project groupid com.github.waffle Highest Product file name pom High Product project artifactid waffle-spring-boot-starter3 Highest Product project groupid com.github.waffle Low
com.github.waffle:waffle-spring-security5:3.3.1-SNAPSHOTDescription:
Spring Security 5 integration for WAFFLE License:
MIT https://raw.github.com/Waffle/waffle/master/LICENSE File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-spring-security5/pom.xml
Referenced In Projects/Scopes: waffle-spring-filter waffle-spring-boot-filter2 waffle-spring-boot-starter2 waffle-spring-boot-autoconfigure2 waffle-distro waffle-spring-form com.github.waffle:waffle-spring-security5:3.3.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle.demo/waffle-spring-form@3.3.1-SNAPSHOT pkg:maven/com.github.waffle.demo/waffle-spring-boot-filter2@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-boot-starter2@3.3.1-SNAPSHOT pkg:maven/com.github.waffle.demo/waffle-spring-filter@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-boot-autoconfigure2@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid waffle-spring-security5 Low Vendor project groupid com.github.waffle Highest Product file name pom High Product project artifactid waffle-spring-security5 Highest Product project groupid com.github.waffle Low
com.github.waffle:waffle-spring-security6:3.3.1-SNAPSHOTDescription:
Spring Security 6 integration for WAFFLE License:
MIT https://raw.github.com/Waffle/waffle/master/LICENSE File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-spring-security6/pom.xml
Referenced In Projects/Scopes: waffle-spring-boot-filter3 waffle-spring-boot-starter3 waffle-distro waffle-spring-boot-autoconfigure3 com.github.waffle:waffle-spring-security6:3.3.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-spring-boot-autoconfigure3@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-boot-starter3@3.3.1-SNAPSHOT pkg:maven/com.github.waffle.demo/waffle-spring-boot-filter3@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid waffle-spring-security6 Low Vendor project groupid com.github.waffle Highest Product file name pom High Product project artifactid waffle-spring-security6 Highest Product project groupid com.github.waffle Low
com.github.waffle:waffle-tomcat10:3.3.1-SNAPSHOTDescription:
Tomcat 10 integration for WAFFLE License:
MIT https://raw.github.com/Waffle/waffle/master/LICENSE File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-tomcat10/pom.xml
Referenced In Project/Scope: waffle-distro
com.github.waffle:waffle-tomcat10:3.3.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid waffle-tomcat10 Low Vendor project groupid com.github.waffle Highest Product file name pom High Product project artifactid waffle-tomcat10 Highest Product project groupid com.github.waffle Low
com.github.waffle:waffle-tomcat85:3.3.1-SNAPSHOTDescription:
Tomcat 8.5 integration for WAFFLE License:
MIT https://raw.github.com/Waffle/waffle/master/LICENSE File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-tomcat85/pom.xml
Referenced In Projects/Scopes: waffle-filter waffle-negotiate waffle-mixed waffle-distro waffle-mixed-post com.github.waffle:waffle-tomcat85:3.3.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle.demo/waffle-mixed@3.3.1-SNAPSHOT pkg:maven/com.github.waffle.demo/waffle-mixed-post@3.3.1-SNAPSHOT pkg:maven/com.github.waffle.demo/waffle-negotiate@3.3.1-SNAPSHOT pkg:maven/com.github.waffle.demo/waffle-filter@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid waffle-tomcat85 Low Vendor project groupid com.github.waffle Highest Product file name pom High Product project artifactid waffle-tomcat85 Highest Product project groupid com.github.waffle Low
com.github.waffle:waffle-tomcat9:3.3.1-SNAPSHOTDescription:
Tomcat 9 integration for WAFFLE License:
MIT https://raw.github.com/Waffle/waffle/master/LICENSE File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-tomcat9/pom.xml
Referenced In Project/Scope: waffle-distro
com.github.waffle:waffle-tomcat9:3.3.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid waffle-tomcat9 Low Vendor project groupid com.github.waffle Highest Product file name pom High Product project artifactid waffle-tomcat9 Highest Product project groupid com.github.waffle Low
commons-beanutils-1.9.4.jarDescription:
Apache Commons BeanUtils provides an easy-to-use but flexible wrapper around reflection and introspection. License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/commons-beanutils/commons-beanutils/1.9.4/commons-beanutils-1.9.4.jar
MD5: 07dc532ee316fe1f2f0323e9bd2f8df4
SHA1: d52b9abcd97f38c81342bb7e7ae1eee9b73cba51
SHA256: 7d938c81789028045c08c065e94be75fc280527620d5bd62b519d5838532368a
Referenced In Project/Scope: waffle-shiro:provided
commons-beanutils-1.9.4.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-shiro@3.3.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name commons-beanutils High Vendor jar package name apache Highest Vendor jar package name beanutils Highest Vendor jar package name commons Highest Vendor Manifest bundle-docurl https://commons.apache.org/proper/commons-beanutils/ Low Vendor Manifest bundle-symbolicname org.apache.commons.commons-beanutils Medium Vendor Manifest implementation-build UNKNOWN_BRANCH@r??????; 2019-07-28 22:14:44+0000 Low Vendor Manifest implementation-url https://commons.apache.org/proper/commons-beanutils/ Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-beanutils Highest Vendor pom artifactid commons-beanutils Low Vendor pom developer email britter@apache.org Low Vendor pom developer email chtompki@apache.org Low Vendor pom developer email craigmcc@apache.org Low Vendor pom developer email dion@apache.org Low Vendor pom developer email epugh@apache.org Low Vendor pom developer email geirm@apache.org Low Vendor pom developer email ggregory@apache.org Low Vendor pom developer email jcarman@apache.org Low Vendor pom developer email jconlon@apache.org Low Vendor pom developer email jstrachan@apache.org Low Vendor pom developer email morgand@apache.org Low Vendor pom developer email mvdb@apache.org Low Vendor pom developer email niallp@apache.org Low Vendor pom developer email rdonkin@apache.org Low Vendor pom developer email rwaldhoff@apache.org Low Vendor pom developer email sanders@apache.org Low Vendor pom developer email scolebourne@apache.org Low Vendor pom developer email skitching@apache.org Low Vendor pom developer email stain@apache.org Low Vendor pom developer email tobrien@apache.org Low Vendor pom developer email yoavs@apache.org Low Vendor pom developer id britter Medium Vendor pom developer id chtompki Medium Vendor pom developer id craigmcc Medium Vendor pom developer id dion Medium Vendor pom developer id epugh Medium Vendor pom developer id geirm Medium Vendor pom developer id ggregory Medium Vendor pom developer id jcarman Medium Vendor pom developer id jconlon Medium Vendor pom developer id jstrachan Medium Vendor pom developer id morgand Medium Vendor pom developer id mvdb Medium Vendor pom developer id niallp Medium Vendor pom developer id rdonkin Medium Vendor pom developer id rwaldhoff Medium Vendor pom developer id sanders Medium Vendor pom developer id scolebourne Medium Vendor pom developer id skitching Medium Vendor pom developer id stain Medium Vendor pom developer id tobrien Medium Vendor pom developer id yoavs Medium Vendor pom developer name Benedikt Ritter Medium Vendor pom developer name Craig McClanahan Medium Vendor pom developer name David Eric Pugh Medium Vendor pom developer name Dion Gillard Medium Vendor pom developer name Gary Gregory Medium Vendor pom developer name Geir Magnusson Jr. Medium Vendor pom developer name James Carman Medium Vendor pom developer name James Strachan Medium Vendor pom developer name John E. Conlon Medium Vendor pom developer name Martin van den Bemt Medium Vendor pom developer name Morgan James Delagrange Medium Vendor pom developer name Niall Pemberton Medium Vendor pom developer name Rob Tompkins Medium Vendor pom developer name Robert Burrell Donkin Medium Vendor pom developer name Rodney Waldhoff Medium Vendor pom developer name Scott Sanders Medium Vendor pom developer name Simon Kitching Medium Vendor pom developer name Stephen Colebourne Medium Vendor pom developer name Stian Soiland-Reyes Medium Vendor pom developer name Tim O'Brien Medium Vendor pom developer name Yoav Shapira Medium Vendor pom developer org The Apache Software Foundation Medium Vendor pom groupid commons-beanutils Highest Vendor pom name Apache Commons BeanUtils High Vendor pom parent-artifactid commons-parent Low Vendor pom parent-groupid org.apache.commons Medium Vendor pom url https://commons.apache.org/proper/commons-beanutils/ Highest Product file name commons-beanutils High Product jar package name apache Highest Product jar package name beanutils Highest Product jar package name commons Highest Product Manifest bundle-docurl https://commons.apache.org/proper/commons-beanutils/ Low Product Manifest Bundle-Name Apache Commons BeanUtils Medium Product Manifest bundle-symbolicname org.apache.commons.commons-beanutils Medium Product Manifest implementation-build UNKNOWN_BRANCH@r??????; 2019-07-28 22:14:44+0000 Low Product Manifest Implementation-Title Apache Commons BeanUtils High Product Manifest implementation-url https://commons.apache.org/proper/commons-beanutils/ Low Product Manifest specification-title Apache Commons BeanUtils Medium Product pom artifactid commons-beanutils Highest Product pom developer email britter@apache.org Low Product pom developer email chtompki@apache.org Low Product pom developer email craigmcc@apache.org Low Product pom developer email dion@apache.org Low Product pom developer email epugh@apache.org Low Product pom developer email geirm@apache.org Low Product pom developer email ggregory@apache.org Low Product pom developer email jcarman@apache.org Low Product pom developer email jconlon@apache.org Low Product pom developer email jstrachan@apache.org Low Product pom developer email morgand@apache.org Low Product pom developer email mvdb@apache.org Low Product pom developer email niallp@apache.org Low Product pom developer email rdonkin@apache.org Low Product pom developer email rwaldhoff@apache.org Low Product pom developer email sanders@apache.org Low Product pom developer email scolebourne@apache.org Low Product pom developer email skitching@apache.org Low Product pom developer email stain@apache.org Low Product pom developer email tobrien@apache.org Low Product pom developer email yoavs@apache.org Low Product pom developer id britter Low Product pom developer id chtompki Low Product pom developer id craigmcc Low Product pom developer id dion Low Product pom developer id epugh Low Product pom developer id geirm Low Product pom developer id ggregory Low Product pom developer id jcarman Low Product pom developer id jconlon Low Product pom developer id jstrachan Low Product pom developer id morgand Low Product pom developer id mvdb Low Product pom developer id niallp Low Product pom developer id rdonkin Low Product pom developer id rwaldhoff Low Product pom developer id sanders Low Product pom developer id scolebourne Low Product pom developer id skitching Low Product pom developer id stain Low Product pom developer id tobrien Low Product pom developer id yoavs Low Product pom developer name Benedikt Ritter Low Product pom developer name Craig McClanahan Low Product pom developer name David Eric Pugh Low Product pom developer name Dion Gillard Low Product pom developer name Gary Gregory Low Product pom developer name Geir Magnusson Jr. Low Product pom developer name James Carman Low Product pom developer name James Strachan Low Product pom developer name John E. Conlon Low Product pom developer name Martin van den Bemt Low Product pom developer name Morgan James Delagrange Low Product pom developer name Niall Pemberton Low Product pom developer name Rob Tompkins Low Product pom developer name Robert Burrell Donkin Low Product pom developer name Rodney Waldhoff Low Product pom developer name Scott Sanders Low Product pom developer name Simon Kitching Low Product pom developer name Stephen Colebourne Low Product pom developer name Stian Soiland-Reyes Low Product pom developer name Tim O'Brien Low Product pom developer name Yoav Shapira Low Product pom developer org The Apache Software Foundation Low Product pom groupid commons-beanutils Highest Product pom name Apache Commons BeanUtils High Product pom parent-artifactid commons-parent Medium Product pom parent-groupid org.apache.commons Medium Product pom url https://commons.apache.org/proper/commons-beanutils/ Medium Version file version 1.9.4 High Version Manifest Bundle-Version 1.9.4 High Version Manifest Implementation-Version 1.9.4 High Version pom parent-version 1.9.4 Low Version pom version 1.9.4 Highest
ecj-3.33.0.jarDescription:
Eclipse Compiler for Java(TM) License:
Eclipse Public License - v 2.0: https://www.eclipse.org/legal/epl-2.0/ File Path: /home/runner/.m2/repository/org/eclipse/jdt/ecj/3.33.0/ecj-3.33.0.jar
MD5: 8f97ca731449b0dd4cbf23aa34774c6f
SHA1: 4041d27ffea3c9351e3121f9bfe94dea4723d583
SHA256: f7686c4960cf70c2ebc5c500a73a8cfc04541b730c18f1c5c21329889b137f45
Referenced In Project/Scope: waffle-jetty:provided
ecj-3.33.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-jetty@3.3.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name ecj High Vendor jar package name compiler Highest Vendor jar package name core Highest Vendor jar package name eclipse Highest Vendor jar package name jdt Highest Vendor Manifest automatic-module-name org.eclipse.jdt.core.compiler.batch Medium Vendor Manifest build-jdk-spec 17 Low Vendor Manifest bundle-activationpolicy lazy Low Vendor Manifest bundle-requiredexecutionenvironment JavaSE-11 Low Vendor Manifest bundle-symbolicname org.eclipse.jdt.core.compiler.batch Medium Vendor pom artifactid ecj Highest Vendor pom artifactid ecj Low Vendor pom groupid org.eclipse.jdt Highest Vendor pom name Eclipse Compiler for Java(TM) High Vendor pom organization name Eclipse Foundation High Vendor pom organization url https://www.eclipse.org/ Medium Vendor pom url https://projects.eclipse.org/projects/eclipse.jdt Highest Product file name ecj High Product jar package name compiler Highest Product jar package name core Highest Product jar package name eclipse Highest Product jar package name jdt Highest Product Manifest automatic-module-name org.eclipse.jdt.core.compiler.batch Medium Product Manifest build-jdk-spec 17 Low Product Manifest bundle-activationpolicy lazy Low Product Manifest Bundle-Name Eclipse Compiler for Java(TM) Medium Product Manifest bundle-requiredexecutionenvironment JavaSE-11 Low Product Manifest bundle-symbolicname org.eclipse.jdt.core.compiler.batch Medium Product pom artifactid ecj Highest Product pom groupid org.eclipse.jdt Highest Product pom name Eclipse Compiler for Java(TM) High Product pom organization name Eclipse Foundation Low Product pom organization url https://www.eclipse.org/ Low Product pom url https://projects.eclipse.org/projects/eclipse.jdt Medium Version file version 3.33.0 High Version pom version 3.33.0 Highest
encoder-1.2.3.jarDescription:
The OWASP Encoders package is a collection of high-performance low-overhead
contextual encoders, that when utilized correctly, is an effective tool in
preventing Web Application security vulnerabilities such as Cross-Site
Scripting.
License:
http://www.opensource.org/licenses/BSD-3-Clause File Path: /home/runner/.m2/repository/org/owasp/encoder/encoder/1.2.3/encoder-1.2.3.jar
MD5: 541c66032b50af0c60c1723bdb900d11
SHA1: 35ae93be1524b161525da2c9a110019616f67548
SHA256: b09e2cd5c36a7127e091df9be628278b1166b40bc08b9de8196ccddb0cccd67f
Referenced In Project/Scope: waffle-shiro:provided
encoder-1.2.3.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shiro/shiro-web@1.13.0
Evidence Type Source Name Value Confidence Vendor file name encoder High Vendor jar package name encoder Highest Vendor jar package name encoders Highest Vendor jar package name owasp Highest Vendor Manifest bundle-docurl https://www.owasp.org/ Low Vendor Manifest bundle-symbolicname org.owasp.encoder Medium Vendor Manifest originally-created-by Apache Maven Bundle Plugin Low Vendor pom artifactid encoder Highest Vendor pom artifactid encoder Low Vendor pom groupid org.owasp.encoder Highest Vendor pom name Java Encoder High Vendor pom parent-artifactid encoder-parent Low Product file name encoder High Product jar package name encoder Highest Product jar package name encoders Highest Product jar package name owasp Highest Product Manifest bundle-docurl https://www.owasp.org/ Low Product Manifest Bundle-Name Java Encoder Medium Product Manifest bundle-symbolicname org.owasp.encoder Medium Product Manifest originally-created-by Apache Maven Bundle Plugin Low Product pom artifactid encoder Highest Product pom groupid org.owasp.encoder Highest Product pom name Java Encoder High Product pom parent-artifactid encoder-parent Medium Version file version 1.2.3 High Version Manifest Bundle-Version 1.2.3 High Version pom version 1.2.3 Highest
error_prone_annotations-2.24.1.jarDescription:
Error Prone is a static analysis tool for Java that catches common programming mistakes at compile-time. License:
Apache 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/com/google/errorprone/error_prone_annotations/2.24.1/error_prone_annotations-2.24.1.jar
MD5: 345bbebec9b3c68d2638c0f6809436dc
SHA1: 32b299e45105aa9b0df8279c74dc1edfcf313ff0
SHA256: 19fe2f7155d20ea093168527999da98108103ee546d1e8b726bc4b27c31a3c30
Referenced In Projects/Scopes: waffle-jaas:provided waffle-jna:provided waffle-spring-boot-filter3:provided waffle-mixed-post:provided waffle-jna-jakarta:provided waffle-spring-security5:provided waffle-bom:provided waffle-shiro:provided waffle-spring-boot2:provided waffle-spring-boot-autoconfigure2:provided waffle-negotiate:provided waffle-distro:provided waffle-tests:provided waffle-spring-boot-filter2:provided waffle-tomcat85:provided waffle-form:provided waffle-spring-boot3:provided waffle:provided waffle-spring-filter:provided waffle-tests-jakarta:provided waffle-spring-form:provided waffle-spring-security6:provided waffle-tomcat9:provided waffle-demo-parent:provided waffle-spring-boot-autoconfigure3:provided waffle-spring-boot-starter2:provided waffle-spring-boot-starter3:provided waffle-jetty:provided waffle-tomcat10:provided waffle-filter:provided waffle-mixed:provided error_prone_annotations-2.24.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle.demo/waffle-spring-form@3.3.1-SNAPSHOT pkg:maven/com.github.waffle.demo/waffle-spring-filter@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-security6@3.3.1-SNAPSHOT pkg:maven/com.github.waffle.demo/waffle-mixed-post@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna-jakarta@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-boot2@3.3.1-SNAPSHOT pkg:maven/com.github.waffle.demo/waffle-spring-boot-filter2@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-shiro@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jetty@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT pkg:maven/com.github.waffle.demo/waffle-negotiate@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-tomcat85@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-boot-autoconfigure3@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-tests-jakarta@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-tomcat9@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-boot3@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-boot-starter2@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-tests@3.3.1-SNAPSHOT pkg:maven/com.github.waffle.demo/waffle-mixed@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-boot-autoconfigure2@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-bom@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-boot-starter3@3.3.1-SNAPSHOT pkg:maven/com.github.waffle.demo/waffle-demo-parent@3.3.1-SNAPSHOT pkg:maven/com.github.waffle.demo/waffle-form@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-tomcat10@3.3.1-SNAPSHOT pkg:maven/com.github.waffle.demo/waffle-spring-boot-filter3@3.3.1-SNAPSHOT pkg:maven/com.github.waffle.demo/waffle-filter@3.3.1-SNAPSHOT pkg:maven/com.github.waffle.demo/waffle-jaas@3.3.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name error_prone_annotations High Vendor jar package name annotations Highest Vendor jar package name errorprone Highest Vendor jar package name google Highest Vendor Manifest automatic-module-name com.google.errorprone.annotations Medium Vendor Manifest build-jdk-spec 17 Low Vendor Manifest bundle-docurl https://errorprone.info/error_prone_annotations Low Vendor Manifest bundle-symbolicname com.google.errorprone.annotations Medium Vendor pom artifactid error_prone_annotations Highest Vendor pom artifactid error_prone_annotations Low Vendor pom groupid com.google.errorprone Highest Vendor pom name error-prone annotations High Vendor pom parent-artifactid error_prone_parent Low Product file name error_prone_annotations High Product jar package name annotations Highest Product jar package name errorprone Highest Product jar package name google Highest Product Manifest automatic-module-name com.google.errorprone.annotations Medium Product Manifest build-jdk-spec 17 Low Product Manifest bundle-docurl https://errorprone.info/error_prone_annotations Low Product Manifest Bundle-Name error-prone annotations Medium Product Manifest bundle-symbolicname com.google.errorprone.annotations Medium Product pom artifactid error_prone_annotations Highest Product pom groupid com.google.errorprone Highest Product pom name error-prone annotations High Product pom parent-artifactid error_prone_parent Medium Version file version 2.24.1 High Version Manifest Bundle-Version 2.24.1 High Version pom version 2.24.1 Highest
j2objc-annotations-2.8.jarDescription:
A set of annotations that provide additional information to the J2ObjC
translator to modify the result of translation.
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/com/google/j2objc/j2objc-annotations/2.8/j2objc-annotations-2.8.jar
MD5: c50af69b704dc91050efb98e0dff66d1
SHA1: c85270e307e7b822f1086b93689124b89768e273
SHA256: f02a95fa1a5e95edb3ed859fd0fb7df709d121a35290eff8b74dce2ab7f4d6ed
Referenced In Projects/Scopes: waffle-jaas:provided waffle-jna:provided waffle-spring-boot-filter3:provided waffle-mixed-post:provided waffle-jna-jakarta:provided waffle-spring-security5:provided waffle-bom:provided waffle-shiro:provided waffle-spring-boot2:provided waffle-spring-boot-autoconfigure2:provided waffle-negotiate:provided waffle-distro:provided waffle-tests:provided waffle-spring-boot-filter2:provided waffle-tomcat85:provided waffle-form:provided waffle-spring-boot3:provided waffle:provided waffle-spring-filter:provided waffle-tests-jakarta:provided waffle-spring-form:provided waffle-spring-security6:provided waffle-tomcat9:provided waffle-demo-parent:provided waffle-spring-boot-autoconfigure3:provided waffle-spring-boot-starter2:provided waffle-spring-boot-starter3:provided waffle-jetty:provided waffle-tomcat10:provided waffle-filter:provided waffle-mixed:provided j2objc-annotations-2.8.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle@3.3.1-SNAPSHOT pkg:maven/com.github.waffle.demo/waffle-spring-boot-filter3@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jetty@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-tomcat9@3.3.1-SNAPSHOT pkg:maven/com.github.waffle.demo/waffle-mixed-post@3.3.1-SNAPSHOT pkg:maven/com.github.waffle.demo/waffle-form@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-boot2@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-tests@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-boot-starter2@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-bom@3.3.1-SNAPSHOT pkg:maven/com.github.waffle.demo/waffle-spring-filter@3.3.1-SNAPSHOT pkg:maven/com.github.waffle.demo/waffle-filter@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-boot-starter3@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna-jakarta@3.3.1-SNAPSHOT pkg:maven/com.github.waffle.demo/waffle-negotiate@3.3.1-SNAPSHOT pkg:maven/com.github.waffle.demo/waffle-spring-boot-filter2@3.3.1-SNAPSHOT pkg:maven/com.github.waffle.demo/waffle-jaas@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-boot-autoconfigure2@3.3.1-SNAPSHOT pkg:maven/com.github.waffle.demo/waffle-spring-form@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT pkg:maven/com.github.waffle.demo/waffle-demo-parent@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-tomcat10@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-tomcat85@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-shiro@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-boot3@3.3.1-SNAPSHOT pkg:maven/com.github.waffle.demo/waffle-mixed@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-tests-jakarta@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-boot-autoconfigure3@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-security6@3.3.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name j2objc-annotations High Vendor jar package name annotations Highest Vendor jar package name annotations Low Vendor jar package name google Highest Vendor jar package name google Low Vendor jar package name j2objc Highest Vendor jar package name j2objc Low Vendor pom artifactid j2objc-annotations Highest Vendor pom artifactid j2objc-annotations Low Vendor pom groupid com.google.j2objc Highest Vendor pom name J2ObjC Annotations High Vendor pom url google/j2objc/ Highest Product file name j2objc-annotations High Product jar package name annotations Highest Product jar package name annotations Low Product jar package name google Highest Product jar package name j2objc Highest Product jar package name j2objc Low Product pom artifactid j2objc-annotations Highest Product pom groupid com.google.j2objc Highest Product pom name J2ObjC Annotations High Product pom url google/j2objc/ High Version file version 2.8 High Version pom version 2.8 Highest
jackson-core-2.13.5.jarDescription:
Core Jackson processing abstractions (aka Streaming API), implementation for JSON License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.13.5/jackson-core-2.13.5.jar
MD5: 2272453c780d1383ecd2efde00c1a7a9
SHA1: 0d07c97d3de9ea658caf1ff1809fd9de930a286a
SHA256: 48f36a025311d0464ad8dda4512a20c79e279a9550f63f3179d731d94482474b
Referenced In Projects/Scopes: waffle-distro:runtime waffle-spring-boot-autoconfigure2:compile waffle-spring-boot-filter2:compile jackson-core-2.13.5.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle.demo/waffle-spring-boot-filter2@3.3.1-SNAPSHOT pkg:maven/org.springframework.boot/spring-boot-starter-web@2.7.18 pkg:maven/org.springframework.boot/spring-boot-starter-web@2.7.18 Evidence Type Source Name Value Confidence Vendor file name jackson-core High Vendor jar package name base Highest Vendor jar package name core Highest Vendor jar package name fasterxml Highest Vendor jar package name jackson Highest Vendor jar package name json Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://github.com/FasterXML/jackson-core Low Vendor Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-core Medium Vendor Manifest implementation-build-date 2023-01-23 00:23:55+0000 Low Vendor Manifest Implementation-Vendor FasterXML High Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.core Medium Vendor Manifest multi-release true Low Vendor Manifest specification-vendor FasterXML Low Vendor pom artifactid jackson-core Highest Vendor pom artifactid jackson-core Low Vendor pom groupid com.fasterxml.jackson.core Highest Vendor pom name Jackson-core High Vendor pom parent-artifactid jackson-base Low Vendor pom parent-groupid com.fasterxml.jackson Medium Vendor pom url FasterXML/jackson-core Highest Product file name jackson-core High Product hint analyzer product java8 Highest Product hint analyzer product modules Highest Product jar package name base Highest Product jar package name core Highest Product jar package name fasterxml Highest Product jar package name jackson Highest Product jar package name json Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://github.com/FasterXML/jackson-core Low Product Manifest Bundle-Name Jackson-core Medium Product Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-core Medium Product Manifest implementation-build-date 2023-01-23 00:23:55+0000 Low Product Manifest Implementation-Title Jackson-core High Product Manifest multi-release true Low Product Manifest specification-title Jackson-core Medium Product pom artifactid jackson-core Highest Product pom groupid com.fasterxml.jackson.core Highest Product pom name Jackson-core High Product pom parent-artifactid jackson-base Medium Product pom parent-groupid com.fasterxml.jackson Medium Product pom url FasterXML/jackson-core High Version file version 2.13.5 High Version Manifest Bundle-Version 2.13.5 High Version Manifest Implementation-Version 2.13.5 High Version pom version 2.13.5 Highest
Related Dependencies jackson-annotations-2.13.5.jarFile Path: /home/runner/.m2/repository/com/fasterxml/jackson/core/jackson-annotations/2.13.5/jackson-annotations-2.13.5.jar MD5: 0b1245f3245cbfa53e61d9d366006041 SHA1: 136f77ab424f302c9e27230b4482e8000e142edf SHA256: 80aea8ed7232db5040ced4b3f982f29da95bb3d802343dbf6fd82ccd98c21c4f pkg:maven/com.fasterxml.jackson.core/jackson-annotations@2.13.5 jackson-datatype-jdk8-2.13.5.jarFile Path: /home/runner/.m2/repository/com/fasterxml/jackson/datatype/jackson-datatype-jdk8/2.13.5/jackson-datatype-jdk8-2.13.5.jar MD5: 3803e35b61c5812310fd093c398b43b6 SHA1: 1278f38160812811c56eb77f67213662ed1c7a2e SHA256: e58761751fea8a00dc626aae1c5f1be38c5cfd487aeb333d933a4ab5f5a73c55 pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-jdk8@2.13.5 jackson-datatype-jsr310-2.13.5.jarFile Path: /home/runner/.m2/repository/com/fasterxml/jackson/datatype/jackson-datatype-jsr310/2.13.5/jackson-datatype-jsr310-2.13.5.jar MD5: 712138e14895b15181e0b9af3292e222 SHA1: 8ba3b868e81d7fc6ead686bd2353859b111d9eaf SHA256: ef15ceddddc58dfbd686b6b7fd0853ed328ff08c628bd4a395734bec20ca857b pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-jsr310@2.13.5 jackson-module-parameter-names-2.13.5.jar jackson-core-2.15.3.jarDescription:
Core Jackson processing abstractions (aka Streaming API), implementation for JSON License:
The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.15.3/jackson-core-2.15.3.jar
MD5: c86c75392bf138d54d2a219bb1d0cbcd
SHA1: 60d600567c1862840397bf9ff5a92398edc5797b
SHA256: 51fab7aad51ed588482edc507fd542747936c5094d1ab76ed21ddb63b96b610d
Referenced In Projects/Scopes: waffle-spring-boot-autoconfigure3:compile waffle-spring-boot-filter3:compile jackson-core-2.15.3.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.springframework.boot/spring-boot-starter-web@3.2.2 pkg:maven/org.springframework.boot/spring-boot-starter-web@3.2.2 Evidence Type Source Name Value Confidence Vendor file name jackson-core High Vendor jar package name base Highest Vendor jar package name com Highest Vendor jar package name core Highest Vendor jar package name fasterxml Highest Vendor jar package name jackson Highest Vendor jar package name json Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://github.com/FasterXML/jackson-core Low Vendor Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-core Medium Vendor Manifest Implementation-Vendor FasterXML High Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.core Medium Vendor Manifest multi-release true Low Vendor Manifest specification-vendor FasterXML Low Vendor pom artifactid jackson-core Highest Vendor pom artifactid jackson-core Low Vendor pom groupid com.fasterxml.jackson.core Highest Vendor pom name Jackson-core High Vendor pom parent-artifactid jackson-base Low Vendor pom parent-groupid com.fasterxml.jackson Medium Vendor pom url FasterXML/jackson-core Highest Product file name jackson-core High Product hint analyzer product java8 Highest Product hint analyzer product modules Highest Product jar package name base Highest Product jar package name com Highest Product jar package name core Highest Product jar package name fasterxml Highest Product jar package name jackson Highest Product jar package name json Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://github.com/FasterXML/jackson-core Low Product Manifest Bundle-Name Jackson-core Medium Product Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-core Medium Product Manifest Implementation-Title Jackson-core High Product Manifest multi-release true Low Product Manifest specification-title Jackson-core Medium Product pom artifactid jackson-core Highest Product pom groupid com.fasterxml.jackson.core Highest Product pom name Jackson-core High Product pom parent-artifactid jackson-base Medium Product pom parent-groupid com.fasterxml.jackson Medium Product pom url FasterXML/jackson-core High Version file version 2.15.3 High Version Manifest Bundle-Version 2.15.3 High Version Manifest Implementation-Version 2.15.3 High Version pom version 2.15.3 Highest
Related Dependencies jackson-annotations-2.15.3.jarFile Path: /home/runner/.m2/repository/com/fasterxml/jackson/core/jackson-annotations/2.15.3/jackson-annotations-2.15.3.jar MD5: f478f693731e4a2f0f0d3c7bba119b32 SHA1: 79baf4e605eb3bbb60b1c475d44a7aecceea1d60 SHA256: aae865c3d88256d61b11523cb1e88bd48d5b9ad5855fa1fc859504fd2204708a pkg:maven/com.fasterxml.jackson.core/jackson-annotations@2.15.3 jackson-datatype-jdk8-2.15.3.jarFile Path: /home/runner/.m2/repository/com/fasterxml/jackson/datatype/jackson-datatype-jdk8/2.15.3/jackson-datatype-jdk8-2.15.3.jar MD5: 3b6579ff944e128c4eccb34e76ff67e0 SHA1: 80158cb020c7bd4e4ba94d8d752a65729dc943b2 SHA256: 29995d3677f72dde74bf32bbf268b96beb952492b742d93f4c70af6c44b2156e pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-jdk8@2.15.3 jackson-datatype-jsr310-2.15.3.jarFile Path: /home/runner/.m2/repository/com/fasterxml/jackson/datatype/jackson-datatype-jsr310/2.15.3/jackson-datatype-jsr310-2.15.3.jar MD5: acd8ae6da000eb831a69b4acdc182b7f SHA1: 4a20a0e104931bfa72f24ef358c2eb63f1ef2aaf SHA256: bea1d78009ebc4e5d54918a3f7aec5da9fbd09f662c191a217ffcf37e8527c5e pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-jsr310@2.15.3 jackson-module-parameter-names-2.15.3.jar jackson-databind-2.13.5.jarDescription:
General data-binding functionality for Jackson: works on core streaming API License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.13.5/jackson-databind-2.13.5.jar
MD5: 1dbb98839964a6967a428d868b2d8714
SHA1: aa95e46dbc32454f3983221d420e78ef19ddf844
SHA256: 5fedb24b2356491815d18267f65da9a21dd67413345ad7795f221afa25c78984
Referenced In Projects/Scopes: waffle-distro:runtime waffle-spring-boot-autoconfigure2:compile waffle-spring-boot-filter2:compile jackson-databind-2.13.5.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle.demo/waffle-spring-boot-filter2@3.3.1-SNAPSHOT pkg:maven/org.springframework.boot/spring-boot-starter-web@2.7.18 pkg:maven/org.springframework.boot/spring-boot-starter-web@2.7.18 Evidence Type Source Name Value Confidence Vendor file name jackson-databind High Vendor jar package name databind Highest Vendor jar package name fasterxml Highest Vendor jar package name jackson Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl http://github.com/FasterXML/jackson Low Vendor Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-databind Medium Vendor Manifest implementation-build-date 2023-01-23 00:47:48+0000 Low Vendor Manifest Implementation-Vendor FasterXML High Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.core Medium Vendor Manifest multi-release true Low Vendor Manifest specification-vendor FasterXML Low Vendor pom artifactid jackson-databind Highest Vendor pom artifactid jackson-databind Low Vendor pom groupid com.fasterxml.jackson.core Highest Vendor pom name jackson-databind High Vendor pom parent-artifactid jackson-base Low Vendor pom parent-groupid com.fasterxml.jackson Medium Vendor pom url http://github.com/FasterXML/jackson Highest Product file name jackson-databind High Product hint analyzer product java8 Highest Product hint analyzer product modules Highest Product jar package name databind Highest Product jar package name fasterxml Highest Product jar package name jackson Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl http://github.com/FasterXML/jackson Low Product Manifest Bundle-Name jackson-databind Medium Product Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-databind Medium Product Manifest implementation-build-date 2023-01-23 00:47:48+0000 Low Product Manifest Implementation-Title jackson-databind High Product Manifest multi-release true Low Product Manifest specification-title jackson-databind Medium Product pom artifactid jackson-databind Highest Product pom groupid com.fasterxml.jackson.core Highest Product pom name jackson-databind High Product pom parent-artifactid jackson-base Medium Product pom parent-groupid com.fasterxml.jackson Medium Product pom url http://github.com/FasterXML/jackson Medium Version file version 2.13.5 High Version Manifest Bundle-Version 2.13.5 High Version Manifest Implementation-Version 2.13.5 High Version pom version 2.13.5 Highest
CVE-2023-35116 suppress
jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor's perspective is that this is not a valid vulnerability report, because the steps of constructing a cyclic data structure and trying to serialize it cannot be achieved by an external attacker. CWE-770 Allocation of Resources Without Limits or Throttling
CVSSv3:
Base Score: MEDIUM (4.7) Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:1.0/RC:R/MAV:A References:
Vulnerable Software & Versions:
jackson-databind-2.15.3.jarDescription:
General data-binding functionality for Jackson: works on core streaming API License:
The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.15.3/jackson-databind-2.15.3.jar
MD5: 5f453c55f127690fa8491ce347aa055c
SHA1: a734bc2c47a9453c4efa772461a3aeb273c010d9
SHA256: c3c53333a2172a80678bda1803e39cff45bec6ae3e9c7d4f44a81ec4e2ab18dc
Referenced In Projects/Scopes: waffle-spring-boot-autoconfigure3:compile waffle-spring-boot-filter3:compile jackson-databind-2.15.3.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.springframework.boot/spring-boot-starter-web@3.2.2 pkg:maven/org.springframework.boot/spring-boot-starter-web@3.2.2 Evidence Type Source Name Value Confidence Vendor file name jackson-databind High Vendor jar package name databind Highest Vendor jar package name fasterxml Highest Vendor jar package name jackson Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://github.com/FasterXML/jackson Low Vendor Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-databind Medium Vendor Manifest Implementation-Vendor FasterXML High Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.core Medium Vendor Manifest multi-release true Low Vendor Manifest specification-vendor FasterXML Low Vendor pom artifactid jackson-databind Highest Vendor pom artifactid jackson-databind Low Vendor pom groupid com.fasterxml.jackson.core Highest Vendor pom name jackson-databind High Vendor pom parent-artifactid jackson-base Low Vendor pom parent-groupid com.fasterxml.jackson Medium Vendor pom url FasterXML/jackson Highest Product file name jackson-databind High Product hint analyzer product java8 Highest Product hint analyzer product modules Highest Product jar package name databind Highest Product jar package name fasterxml Highest Product jar package name jackson Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://github.com/FasterXML/jackson Low Product Manifest Bundle-Name jackson-databind Medium Product Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-databind Medium Product Manifest Implementation-Title jackson-databind High Product Manifest multi-release true Low Product Manifest specification-title jackson-databind Medium Product pom artifactid jackson-databind Highest Product pom groupid com.fasterxml.jackson.core Highest Product pom name jackson-databind High Product pom parent-artifactid jackson-base Medium Product pom parent-groupid com.fasterxml.jackson Medium Product pom url FasterXML/jackson High Version file version 2.15.3 High Version Manifest Bundle-Version 2.15.3 High Version Manifest Implementation-Version 2.15.3 High Version pom version 2.15.3 Highest
CVE-2023-35116 suppress
jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor's perspective is that this is not a valid vulnerability report, because the steps of constructing a cyclic data structure and trying to serialize it cannot be achieved by an external attacker. CWE-770 Allocation of Resources Without Limits or Throttling
CVSSv3:
Base Score: MEDIUM (4.7) Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:1.0/RC:R/MAV:A References:
Vulnerable Software & Versions:
jakarta.annotation-api-1.3.5.jarDescription:
Jakarta Annotations API License:
EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html File Path: /home/runner/.m2/repository/jakarta/annotation/jakarta.annotation-api/1.3.5/jakarta.annotation-api-1.3.5.jar
MD5: 8b165cf58df5f8c2a222f637c0a07c97
SHA1: 59eb84ee0d616332ff44aba065f3888cf002cd2d
SHA256: 85fb03fc054cdf4efca8efd9b6712bbb418e1ab98241c4539c8585bbc23e1b8a
Referenced In Projects/Scopes: waffle-jetty:provided waffle-distro:runtime waffle-spring-boot-starter2:compile waffle-spring-boot-autoconfigure2:compile waffle-spring-boot-filter2:compile jakarta.annotation-api-1.3.5.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.springframework.boot/spring-boot-starter-web@2.7.18 pkg:maven/com.github.waffle/waffle-spring-boot-starter2@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jetty@3.3.1-SNAPSHOT pkg:maven/org.springframework.boot/spring-boot-starter@2.7.18 pkg:maven/org.springframework.boot/spring-boot-starter@2.7.18 Evidence Type Source Name Value Confidence Vendor file name jakarta.annotation-api High Vendor jar package name annotation Highest Vendor Manifest automatic-module-name java.annotation Medium Vendor Manifest bundle-docurl https://www.eclipse.org Low Vendor Manifest bundle-symbolicname jakarta.annotation-api Medium Vendor Manifest extension-name jakarta.annotation Medium Vendor Manifest Implementation-Vendor Eclipse Foundation High Vendor Manifest Implementation-Vendor-Id org.glassfish Medium Vendor Manifest specification-vendor Eclipse Foundation Low Vendor pom artifactid jakarta.annotation-api Highest Vendor pom artifactid jakarta.annotation-api Low Vendor pom developer name Linda De Michiel Medium Vendor pom developer org Oracle Corp. Medium Vendor pom groupid jakarta.annotation Highest Vendor pom name Jakarta Annotations API High Vendor pom parent-artifactid ca-parent Low Vendor pom url https://projects.eclipse.org/projects/ee4j.ca Highest Product file name jakarta.annotation-api High Product jar package name annotation Highest Product Manifest automatic-module-name java.annotation Medium Product Manifest bundle-docurl https://www.eclipse.org Low Product Manifest Bundle-Name Jakarta Annotations API Medium Product Manifest bundle-symbolicname jakarta.annotation-api Medium Product Manifest extension-name jakarta.annotation Medium Product pom artifactid jakarta.annotation-api Highest Product pom developer name Linda De Michiel Low Product pom developer org Oracle Corp. Low Product pom groupid jakarta.annotation Highest Product pom name Jakarta Annotations API High Product pom parent-artifactid ca-parent Medium Product pom url https://projects.eclipse.org/projects/ee4j.ca Medium Version file version 1.3.5 High Version Manifest Bundle-Version 1.3.5 High Version Manifest Implementation-Version 1.3.5 High Version pom version 1.3.5 Highest
jakarta.annotation-api-2.1.1.jarDescription:
Jakarta Annotations API License:
EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html File Path: /home/runner/.m2/repository/jakarta/annotation/jakarta.annotation-api/2.1.1/jakarta.annotation-api-2.1.1.jar
MD5: 5dac2f68e8288d0add4dc92cb161711d
SHA1: 48b9bda22b091b1f48b13af03fe36db3be6e1ae3
SHA256: 5f65fdaf424eee2b55e1d882ba9bb376be93fb09b37b808be6e22e8851c909fe
Referenced In Projects/Scopes: waffle-spring-boot-autoconfigure3:compile waffle-spring-boot-filter3:compile waffle-spring-boot-starter3:compile jakarta.annotation-api-2.1.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.springframework.boot/spring-boot-starter@3.2.2 pkg:maven/org.springframework.boot/spring-boot-starter-web@3.2.2 pkg:maven/org.springframework.boot/spring-boot-starter@3.2.2 Evidence Type Source Name Value Confidence Vendor file name jakarta.annotation-api High Vendor jar package name annotation Highest Vendor jar package name jakarta Highest Vendor Manifest build-jdk-spec 11 Low Vendor Manifest bundle-docurl https://www.eclipse.org Low Vendor Manifest bundle-symbolicname jakarta.annotation-api Medium Vendor Manifest extension-name jakarta.annotation Medium Vendor Manifest Implementation-Vendor Eclipse Foundation High Vendor Manifest Implementation-Vendor-Id org.glassfish Medium Vendor Manifest specification-vendor Eclipse Foundation Low Vendor pom artifactid jakarta.annotation-api Highest Vendor pom artifactid jakarta.annotation-api Low Vendor pom developer name Dmitry Kornilov Medium Vendor pom developer name Linda De Michiel Medium Vendor pom developer org Oracle Corp. Medium Vendor pom groupid jakarta.annotation Highest Vendor pom name Jakarta Annotations API High Vendor pom parent-artifactid project Low Vendor pom parent-groupid org.eclipse.ee4j Medium Vendor pom url https://projects.eclipse.org/projects/ee4j.ca Highest Product file name jakarta.annotation-api High Product jar package name annotation Highest Product jar package name jakarta Highest Product Manifest build-jdk-spec 11 Low Product Manifest bundle-docurl https://www.eclipse.org Low Product Manifest Bundle-Name Jakarta Annotations API Medium Product Manifest bundle-symbolicname jakarta.annotation-api Medium Product Manifest extension-name jakarta.annotation Medium Product pom artifactid jakarta.annotation-api Highest Product pom developer name Dmitry Kornilov Low Product pom developer name Linda De Michiel Low Product pom developer org Oracle Corp. Low Product pom groupid jakarta.annotation Highest Product pom name Jakarta Annotations API High Product pom parent-artifactid project Medium Product pom parent-groupid org.eclipse.ee4j Medium Product pom url https://projects.eclipse.org/projects/ee4j.ca Medium Version file version 2.1.1 High Version Manifest Bundle-Version 2.1.1 High Version Manifest Implementation-Version 2.1.1 High Version pom parent-version 2.1.1 Low Version pom version 2.1.1 Highest
jakarta.el-3.0.4.jarDescription:
Jakarta Expression Language provides a specification document, API, reference implementation and TCK
that describes an expression language for Java applications.
License:
EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html File Path: /home/runner/.m2/repository/org/glassfish/jakarta.el/3.0.4/jakarta.el-3.0.4.jar
MD5: a4ff0d711c405e054f8166c2ea893e0e
SHA1: f48473482c0e3e714f87186d9305bcae30b7f5cb
SHA256: 3b8d4311b47fb47d168ad4338b6649a7cc21d5066b9765bd28ebca93148064be
Referenced In Project/Scope: waffle-jetty:provided
jakarta.el-3.0.4.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-jetty@3.3.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name jakarta.el High Vendor jar package name el Highest Vendor jar package name expression Highest Vendor jar package name javax Highest Vendor jar package name sun Highest Vendor jar (hint) package name oracle Highest Vendor Manifest bundle-docurl https://www.eclipse.org Low Vendor Manifest bundle-symbolicname com.sun.el.javax.el Medium Vendor Manifest extension-name javax.el Medium Vendor Manifest Implementation-Vendor Oracle Corporation High Vendor Manifest specification-vendor Oracle Corporation Low Vendor pom artifactid jakarta.el Highest Vendor pom artifactid jakarta.el Low Vendor pom developer id yaminikb Medium Vendor pom developer name Yamini K B Medium Vendor pom developer org Oracle Corporation Medium Vendor pom developer org URL http://www.oracle.com/ Medium Vendor pom groupid org.glassfish Highest Vendor pom name Jakarta Expression Language 3.0 High Vendor pom parent-artifactid project Low Vendor pom parent-groupid org.eclipse.ee4j Medium Vendor pom url https://projects.eclipse.org/projects/ee4j.el Highest Product file name jakarta.el High Product jar package name el Highest Product jar package name expression Highest Product jar package name javax Highest Product jar package name sun Highest Product Manifest bundle-docurl https://www.eclipse.org Low Product Manifest Bundle-Name Jakarta Expression Language 3.0 Medium Product Manifest bundle-symbolicname com.sun.el.javax.el Medium Product Manifest extension-name javax.el Medium Product pom artifactid jakarta.el Highest Product pom developer id yaminikb Low Product pom developer name Yamini K B Low Product pom developer org Oracle Corporation Low Product pom developer org URL http://www.oracle.com/ Low Product pom groupid org.glassfish Highest Product pom name Jakarta Expression Language 3.0 High Product pom parent-artifactid project Medium Product pom parent-groupid org.eclipse.ee4j Medium Product pom url https://projects.eclipse.org/projects/ee4j.el Medium Version file version 3.0.4 High Version Manifest Bundle-Version 3.0.4 High Version Manifest Implementation-Version 3.0.4 High Version pom parent-version 3.0.4 Low Version pom version 3.0.4 Highest
jakarta.el-api-3.0.3.jarDescription:
Jakarta Expression Language defines an expression language for Java applications
License:
EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html File Path: /home/runner/.m2/repository/jakarta/el/jakarta.el-api/3.0.3/jakarta.el-api-3.0.3.jar
MD5: 528ed6138395d22fb54912b2b889e88e
SHA1: f311ab94bb1d4380690a53d737226a6b879dd4f1
SHA256: 47ae0a91fb6dd32fdaa5d9bda63df043ac8148e00c297ccce8ab9c56b95cf261
Referenced In Project/Scope: waffle-jetty:provided
jakarta.el-api-3.0.3.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-jetty@3.3.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name jakarta.el-api High Vendor jar package name el Highest Vendor jar package name expression Highest Vendor jar package name javax Highest Vendor Manifest bundle-docurl https://www.eclipse.org Low Vendor Manifest bundle-symbolicname javax.el-api Medium Vendor Manifest extension-name javax.el Medium Vendor Manifest Implementation-Vendor Oracle Corporation High Vendor Manifest specification-vendor Oracle Corporation Low Vendor pom artifactid jakarta.el-api Highest Vendor pom artifactid jakarta.el-api Low Vendor pom developer id yaminikb Medium Vendor pom developer name Yamini K B Medium Vendor pom developer org Oracle Corporation Medium Vendor pom developer org URL http://www.oracle.com/ Medium Vendor pom groupid jakarta.el Highest Vendor pom name Jakarta Expression Language 3.0 API High Vendor pom parent-artifactid project Low Vendor pom parent-groupid org.eclipse.ee4j Medium Vendor pom url https://projects.eclipse.org/projects/ee4j.el Highest Product file name jakarta.el-api High Product jar package name el Highest Product jar package name expression Highest Product jar package name javax Highest Product Manifest bundle-docurl https://www.eclipse.org Low Product Manifest Bundle-Name Jakarta Expression Language 3.0 API Medium Product Manifest bundle-symbolicname javax.el-api Medium Product Manifest extension-name javax.el Medium Product pom artifactid jakarta.el-api Highest Product pom developer id yaminikb Low Product pom developer name Yamini K B Low Product pom developer org Oracle Corporation Low Product pom developer org URL http://www.oracle.com/ Low Product pom groupid jakarta.el Highest Product pom name Jakarta Expression Language 3.0 API High Product pom parent-artifactid project Medium Product pom parent-groupid org.eclipse.ee4j Medium Product pom url https://projects.eclipse.org/projects/ee4j.el Medium Version file version 3.0.3 High Version Manifest Bundle-Version 3.0.3 High Version Manifest Implementation-Version 3.0.3 High Version pom parent-version 3.0.3 Low Version pom version 3.0.3 Highest
jakarta.servlet-api-4.0.2.jarDescription:
Java(TM) Servlet 4.0 API Design Specification License:
EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html File Path: /home/runner/.m2/repository/jakarta/servlet/jakarta.servlet-api/4.0.2/jakarta.servlet-api-4.0.2.jar
MD5: 75523dea16c815e4b111796ea1679b1b
SHA1: 60da427ed588aa0cf70cb6cb7209c31e83069364
SHA256: 0cd32c92320ae92c8692ef326dfeef756e97760251fca0c45472f299f1c3c916
Referenced In Project/Scope: waffle-jetty:provided
jakarta.servlet-api-4.0.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.glassfish.web/jakarta.servlet.jsp.jstl@1.2.6
Evidence Type Source Name Value Confidence Vendor file name jakarta.servlet-api High Vendor jar package name javax Highest Vendor jar package name servlet Highest Vendor Manifest bundle-docurl https://www.eclipse.org Low Vendor Manifest bundle-symbolicname jakarta.servlet-api Medium Vendor Manifest extension-name javax.servlet Medium Vendor Manifest Implementation-Vendor Eclipse Foundation High Vendor Manifest Implementation-Vendor-Id org.glassfish Medium Vendor Manifest specification-vendor Oracle Corporation Low Vendor pom artifactid jakarta.servlet-api Highest Vendor pom artifactid jakarta.servlet-api Low Vendor pom developer id yaminikb Medium Vendor pom developer name Yamini K B Medium Vendor pom developer org Oracle Corporation Medium Vendor pom developer org URL http://www.oracle.com/ Medium Vendor pom groupid jakarta.servlet Highest Vendor pom name Java Servlet API High Vendor pom parent-artifactid project Low Vendor pom parent-groupid org.eclipse.ee4j Medium Vendor pom url https://projects.eclipse.org/projects/ee4j.servlet Highest Product file name jakarta.servlet-api High Product jar package name javax Highest Product jar package name servlet Highest Product Manifest bundle-docurl https://www.eclipse.org Low Product Manifest Bundle-Name Java Servlet API Medium Product Manifest bundle-symbolicname jakarta.servlet-api Medium Product Manifest extension-name javax.servlet Medium Product pom artifactid jakarta.servlet-api Highest Product pom developer id yaminikb Low Product pom developer name Yamini K B Low Product pom developer org Oracle Corporation Low Product pom developer org URL http://www.oracle.com/ Low Product pom groupid jakarta.servlet Highest Product pom name Java Servlet API High Product pom parent-artifactid project Medium Product pom parent-groupid org.eclipse.ee4j Medium Product pom url https://projects.eclipse.org/projects/ee4j.servlet Medium Version file version 4.0.2 High Version Manifest Implementation-Version 4.0.2 High Version pom parent-version 4.0.2 Low Version pom version 4.0.2 Highest
jakarta.servlet-api-4.0.4.jarDescription:
Jakarta Servlet 4.0 License:
EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html File Path: /home/runner/.m2/repository/jakarta/servlet/jakarta.servlet-api/4.0.4/jakarta.servlet-api-4.0.4.jar
MD5: f5d1d7a29978e4ae0be5a456ee1c65c3
SHA1: b8a1142e04838fe54194049c6e7a18dae8f9b960
SHA256: 586e27706c21258f5882f43be06904f49b02db9ac54e345d393fe4a32494d127
Referenced In Projects/Scopes: waffle-jaas:provided waffle-form:provided waffle-spring-filter:provided waffle-spring-form:provided waffle-jna:provided waffle-spring-boot-filter3:provided waffle-demo-parent:provided waffle-mixed-post:provided waffle-spring-security5:provided waffle-shiro:provided waffle-filter:provided waffle-mixed:provided waffle-negotiate:provided waffle-tests:provided waffle-spring-boot-filter2:provided jakarta.servlet-api-4.0.4.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle.demo/waffle-mixed@3.3.1-SNAPSHOT pkg:maven/com.github.waffle.demo/waffle-jaas@3.3.1-SNAPSHOT pkg:maven/com.github.waffle.demo/waffle-mixed-post@3.3.1-SNAPSHOT pkg:maven/com.github.waffle.demo/waffle-spring-boot-filter3@3.3.1-SNAPSHOT pkg:maven/com.github.waffle.demo/waffle-demo-parent@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-tests@3.3.1-SNAPSHOT pkg:maven/com.github.waffle.demo/waffle-spring-form@3.3.1-SNAPSHOT pkg:maven/com.github.waffle.demo/waffle-spring-filter@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-shiro@3.3.1-SNAPSHOT pkg:maven/com.github.waffle.demo/waffle-spring-boot-filter2@3.3.1-SNAPSHOT pkg:maven/com.github.waffle.demo/waffle-form@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT pkg:maven/com.github.waffle.demo/waffle-negotiate@3.3.1-SNAPSHOT pkg:maven/com.github.waffle.demo/waffle-filter@3.3.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name jakarta.servlet-api High Vendor jar package name javax Highest Vendor jar package name servlet Highest Vendor Manifest automatic-module-name java.servlet Medium Vendor Manifest bundle-docurl https://www.eclipse.org Low Vendor Manifest bundle-symbolicname jakarta.servlet-api Medium Vendor Manifest extension-name javax.servlet Medium Vendor Manifest Implementation-Vendor Eclipse Foundation High Vendor Manifest Implementation-Vendor-Id org.eclipse Medium Vendor Manifest specification-vendor Eclipse Foundation Low Vendor pom artifactid jakarta.servlet-api Highest Vendor pom artifactid jakarta.servlet-api Low Vendor pom developer id yaminikb Medium Vendor pom developer name Yamini K B Medium Vendor pom developer org Oracle Corporation Medium Vendor pom developer org URL http://www.oracle.com/ Medium Vendor pom groupid jakarta.servlet Highest Vendor pom name Jakarta Servlet High Vendor pom parent-artifactid project Low Vendor pom parent-groupid org.eclipse.ee4j Medium Vendor pom url https://projects.eclipse.org/projects/ee4j.servlet Highest Product file name jakarta.servlet-api High Product jar package name javax Highest Product jar package name servlet Highest Product Manifest automatic-module-name java.servlet Medium Product Manifest bundle-docurl https://www.eclipse.org Low Product Manifest Bundle-Name Jakarta Servlet Medium Product Manifest bundle-symbolicname jakarta.servlet-api Medium Product Manifest extension-name javax.servlet Medium Product pom artifactid jakarta.servlet-api Highest Product pom developer id yaminikb Low Product pom developer name Yamini K B Low Product pom developer org Oracle Corporation Low Product pom developer org URL http://www.oracle.com/ Low Product pom groupid jakarta.servlet Highest Product pom name Jakarta Servlet High Product pom parent-artifactid project Medium Product pom parent-groupid org.eclipse.ee4j Medium Product pom url https://projects.eclipse.org/projects/ee4j.servlet Medium Version file version 4.0.4 High Version Manifest Implementation-Version 4.0.4 High Version pom parent-version 4.0.4 Low Version pom version 4.0.4 Highest
jakarta.servlet-api-6.0.0.jarDescription:
Jakarta Servlet 6.0 License:
EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html File Path: /home/runner/.m2/repository/jakarta/servlet/jakarta.servlet-api/6.0.0/jakarta.servlet-api-6.0.0.jar
MD5: 4bcb3175ed9b7aa3f038d082879ec2a8
SHA1: abecc699286e65035ebba9844c03931357a6a963
SHA256: c034eb1afb158987dbb53a5fea0cadf611c8dae8daadd59c44d9d5ab70129cef
Referenced In Projects/Scopes: waffle-tests-jakarta:provided waffle-spring-security6:provided waffle-jna-jakarta:provided jakarta.servlet-api-6.0.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-spring-security6@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-tests-jakarta@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna-jakarta@3.3.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name jakarta.servlet-api High Vendor jar package name jakarta Highest Vendor jar package name servlet Highest Vendor Manifest build-jdk-spec 11 Low Vendor Manifest bundle-docurl https://www.eclipse.org Low Vendor Manifest bundle-symbolicname jakarta.servlet-api Medium Vendor Manifest extension-name jakarta.servlet Medium Vendor Manifest Implementation-Vendor Eclipse Foundation High Vendor Manifest Implementation-Vendor-Id org.eclipse Medium Vendor Manifest specification-vendor Eclipse Foundation Low Vendor pom artifactid jakarta.servlet-api Highest Vendor pom artifactid jakarta.servlet-api Low Vendor pom developer id yaminikb Medium Vendor pom developer name Yamini K B Medium Vendor pom developer org Oracle Corporation Medium Vendor pom developer org URL http://www.oracle.com/ Medium Vendor pom groupid jakarta.servlet Highest Vendor pom name Jakarta Servlet High Vendor pom parent-artifactid project Low Vendor pom parent-groupid org.eclipse.ee4j Medium Vendor pom url https://projects.eclipse.org/projects/ee4j.servlet Highest Product file name jakarta.servlet-api High Product jar package name jakarta Highest Product jar package name servlet Highest Product Manifest build-jdk-spec 11 Low Product Manifest bundle-docurl https://www.eclipse.org Low Product Manifest Bundle-Name Jakarta Servlet Medium Product Manifest bundle-symbolicname jakarta.servlet-api Medium Product Manifest extension-name jakarta.servlet Medium Product pom artifactid jakarta.servlet-api Highest Product pom developer id yaminikb Low Product pom developer name Yamini K B Low Product pom developer org Oracle Corporation Low Product pom developer org URL http://www.oracle.com/ Low Product pom groupid jakarta.servlet Highest Product pom name Jakarta Servlet High Product pom parent-artifactid project Medium Product pom parent-groupid org.eclipse.ee4j Medium Product pom url https://projects.eclipse.org/projects/ee4j.servlet Medium Version file version 6.0.0 High Version Manifest Bundle-Version 6.0.0 High Version Manifest Implementation-Version 6.0.0 High Version pom parent-version 6.0.0 Low Version pom version 6.0.0 Highest
jakarta.servlet.jsp-2.3.6.jarDescription:
JavaServer Pages API License:
EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html File Path: /home/runner/.m2/repository/org/glassfish/web/jakarta.servlet.jsp/2.3.6/jakarta.servlet.jsp-2.3.6.jar
MD5: 16d8baeceb5503f066c61582085c75cb
SHA1: 13192d5874b787c0ce0c70b35e95181e8b683a1c
SHA256: 990af769158db75833fe8b4d1e56ea778246bc3c6522d434369f1a0bcebf8582
Referenced In Project/Scope: waffle-jetty:provided
jakarta.servlet.jsp-2.3.6.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-jetty@3.3.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name jakarta.servlet.jsp High Vendor jar package name api Highest Vendor jar package name glassfish Highest Vendor jar package name jsp Highest Vendor jar package name servlet Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://www.eclipse.org Low Vendor Manifest bundle-symbolicname org.glassfish.web.jakarta.servlet.jsp Medium Vendor Manifest extension-name javax.servlet.jsp Medium Vendor Manifest Implementation-Vendor Eclipse Foundation High Vendor Manifest specification-vendor Eclipse Foundation Low Vendor pom artifactid jakarta.servlet.jsp Highest Vendor pom artifactid jakarta.servlet.jsp Low Vendor pom developer id yaminikb Medium Vendor pom developer name Yamini K B Medium Vendor pom developer org Oracle Corporation Medium Vendor pom developer org URL http://www.oracle.com Medium Vendor pom groupid org.glassfish.web Highest Vendor pom name JSP implementation High Vendor pom parent-artifactid project Low Vendor pom parent-groupid org.eclipse.ee4j Medium Vendor pom url https://projects.eclipse.org/projects/ee4j.jsp Highest Product file name jakarta.servlet.jsp High Product jar package name api Highest Product jar package name glassfish Highest Product jar package name jsp Highest Product jar package name servlet Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://www.eclipse.org Low Product Manifest Bundle-Name JSP implementation Medium Product Manifest bundle-symbolicname org.glassfish.web.jakarta.servlet.jsp Medium Product Manifest extension-name javax.servlet.jsp Medium Product pom artifactid jakarta.servlet.jsp Highest Product pom developer id yaminikb Low Product pom developer name Yamini K B Low Product pom developer org Oracle Corporation Low Product pom developer org URL http://www.oracle.com Low Product pom groupid org.glassfish.web Highest Product pom name JSP implementation High Product pom parent-artifactid project Medium Product pom parent-groupid org.eclipse.ee4j Medium Product pom url https://projects.eclipse.org/projects/ee4j.jsp Medium Version file version 2.3.6 High Version Manifest Bundle-Version 2.3.6 High Version Manifest Implementation-Version 2.3.6 High Version pom parent-version 2.3.6 Low Version pom version 2.3.6 Highest
jakarta.servlet.jsp-api-2.3.6.jarDescription:
Jakarta Server Pages API License:
EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html File Path: /home/runner/.m2/repository/jakarta/servlet/jsp/jakarta.servlet.jsp-api/2.3.6/jakarta.servlet.jsp-api-2.3.6.jar
MD5: 07e4d801fad7599ae858cb6b779b5168
SHA1: ee48550ece1af1e0d8bd4877dbc6da5c29c5496b
SHA256: e915fa9db7245592460dfaf1a2df9cdfe800cc3976562ed492870db56369dde9
Referenced In Project/Scope: waffle-jetty:provided
jakarta.servlet.jsp-api-2.3.6.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-jetty@3.3.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name jakarta.servlet.jsp-api High Vendor jar package name javax Highest Vendor jar package name jsp Highest Vendor jar package name servlet Highest Vendor Manifest bundle-docurl https://www.eclipse.org Low Vendor Manifest bundle-symbolicname javax.servlet.jsp-api Medium Vendor Manifest extension-name javax.servlet.jsp Medium Vendor Manifest Implementation-Vendor Eclipse Foundation High Vendor Manifest originally-created-by 1.7.0_80 (Oracle Corporation) Low Vendor Manifest specification-vendor Eclipse Foundation Low Vendor pom artifactid jakarta.servlet.jsp-api Highest Vendor pom artifactid jakarta.servlet.jsp-api Low Vendor pom developer id yaminikb Medium Vendor pom developer name Yamini K B Medium Vendor pom developer org Oracle Corporation Medium Vendor pom developer org URL http://www.oracle.com Medium Vendor pom groupid jakarta.servlet.jsp Highest Vendor pom name Jakarta Server Pages API High Vendor pom parent-artifactid project Low Vendor pom parent-groupid org.eclipse.ee4j Medium Vendor pom url https://projects.eclipse.org/projects/ee4j.jsp Highest Product file name jakarta.servlet.jsp-api High Product jar package name javax Highest Product jar package name jsp Highest Product jar package name servlet Highest Product Manifest bundle-docurl https://www.eclipse.org Low Product Manifest Bundle-Name Jakarta Server Pages API Medium Product Manifest bundle-symbolicname javax.servlet.jsp-api Medium Product Manifest extension-name javax.servlet.jsp Medium Product Manifest originally-created-by 1.7.0_80 (Oracle Corporation) Low Product pom artifactid jakarta.servlet.jsp-api Highest Product pom developer id yaminikb Low Product pom developer name Yamini K B Low Product pom developer org Oracle Corporation Low Product pom developer org URL http://www.oracle.com Low Product pom groupid jakarta.servlet.jsp Highest Product pom name Jakarta Server Pages API High Product pom parent-artifactid project Medium Product pom parent-groupid org.eclipse.ee4j Medium Product pom url https://projects.eclipse.org/projects/ee4j.jsp Medium Version file version 2.3.6 High Version Manifest Bundle-Version 2.3.6 High Version Manifest Implementation-Version 2.3.6 High Version pom parent-version 2.3.6 Low Version pom version 2.3.6 Highest
jakarta.servlet.jsp.jstl-1.2.6.jarDescription:
JavaServer Pages(TM) Standard Tag Library API License:
EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html File Path: /home/runner/.m2/repository/org/glassfish/web/jakarta.servlet.jsp.jstl/1.2.6/jakarta.servlet.jsp.jstl-1.2.6.jar
MD5: 7058e8ed0b161b729e6134784750d22b
SHA1: f5a092de3b2b087c14ca4b8d6f2c77a1f6802828
SHA256: 3b697c6cdf4d28de185e07d63f3682728b5a2b1dd229f5f9deb9b930d64b484a
Referenced In Project/Scope: waffle-jetty:provided
jakarta.servlet.jsp.jstl-1.2.6.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-jetty@3.3.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name jakarta.servlet.jsp.jstl High Vendor jar package name oracle Highest Vendor jar package name org Highest Vendor jar package name standard Highest Vendor jar package name tag Highest Vendor jar (hint) package name sun Highest Vendor Manifest bundle-docurl https://www.eclipse.org Low Vendor Manifest bundle-symbolicname org.glassfish.web.jakarta.servlet.jsp.jstl Medium Vendor Manifest extension-name javax.servlet.jsp.jstl Medium Vendor Manifest Implementation-Vendor Eclipse Foundation High Vendor Manifest originally-created-by 1.8.0_181 (Oracle Corporation) Low Vendor Manifest specification-vendor Eclipse Foundation Low Vendor pom artifactid jakarta.servlet.jsp.jstl Highest Vendor pom artifactid jakarta.servlet.jsp.jstl Low Vendor pom developer id yaminikb Medium Vendor pom developer name Yamini K B Medium Vendor pom developer org Oracle Corporation Medium Vendor pom developer org URL http://www.oracle.com/ Medium Vendor pom groupid org.glassfish.web Highest Vendor pom name JavaServer Pages (TM) TagLib Implementation High Vendor pom parent-artifactid project Low Vendor pom parent-groupid org.eclipse.ee4j Medium Vendor pom url https://projects.eclipse.org/projects/ee4j.jstl Highest Product file name jakarta.servlet.jsp.jstl High Product jar package name oracle Highest Product jar package name org Highest Product jar package name standard Highest Product jar package name tag Highest Product Manifest bundle-docurl https://www.eclipse.org Low Product Manifest Bundle-Name JavaServer Pages (TM) TagLib Implementation Medium Product Manifest bundle-symbolicname org.glassfish.web.jakarta.servlet.jsp.jstl Medium Product Manifest extension-name javax.servlet.jsp.jstl Medium Product Manifest originally-created-by 1.8.0_181 (Oracle Corporation) Low Product pom artifactid jakarta.servlet.jsp.jstl Highest Product pom developer id yaminikb Low Product pom developer name Yamini K B Low Product pom developer org Oracle Corporation Low Product pom developer org URL http://www.oracle.com/ Low Product pom groupid org.glassfish.web Highest Product pom name JavaServer Pages (TM) TagLib Implementation High Product pom parent-artifactid project Medium Product pom parent-groupid org.eclipse.ee4j Medium Product pom url https://projects.eclipse.org/projects/ee4j.jstl Medium Version file version 1.2.6 High Version Manifest Bundle-Version 1.2.6 High Version Manifest Implementation-Version 1.2.6 High Version pom parent-version 1.2.6 Low Version pom version 1.2.6 Highest
jakarta.servlet.jsp.jstl-api-1.2.4.jarDescription:
JavaServer Pages(TM) Standard Tag Library API License:
EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html File Path: /home/runner/.m2/repository/jakarta/servlet/jsp/jstl/jakarta.servlet.jsp.jstl-api/1.2.4/jakarta.servlet.jsp.jstl-api-1.2.4.jar
MD5: 5b4683c3a614b37a5de721817e792024
SHA1: 9d23cda192df1192894277fd9d0710abb61329af
SHA256: 57122ab0151f82e716d825e65627e8064eb108dbeaafafa780687d61d5359454
Referenced In Project/Scope: waffle-jetty:provided
jakarta.servlet.jsp.jstl-api-1.2.4.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.glassfish.web/jakarta.servlet.jsp.jstl@1.2.6
Evidence Type Source Name Value Confidence Vendor file name jakarta.servlet.jsp.jstl-api High Vendor jar package name javax Highest Vendor jar package name jsp Highest Vendor jar package name jstl Highest Vendor jar package name servlet Highest Vendor Manifest bundle-docurl https://www.eclipse.org Low Vendor Manifest bundle-symbolicname jakarta.servlet.jsp.jstl-api Medium Vendor Manifest extension-name javax.servlet.jsp.jstl Medium Vendor Manifest Implementation-Vendor Eclipse Foundation High Vendor Manifest originally-created-by 1.8.0_181 (Oracle Corporation) Low Vendor Manifest specification-vendor Eclipse Foundation Low Vendor pom artifactid jakarta.servlet.jsp.jstl-api Highest Vendor pom artifactid jakarta.servlet.jsp.jstl-api Low Vendor pom developer id yaminikb Medium Vendor pom developer name Yamini K B Medium Vendor pom developer org Oracle Corporation Medium Vendor pom developer org URL http://www.oracle.com/ Medium Vendor pom groupid jakarta.servlet.jsp.jstl Highest Vendor pom name JavaServer Pages(TM) Standard Tag Library API High Vendor pom parent-artifactid project Low Vendor pom parent-groupid org.eclipse.ee4j Medium Vendor pom url https://projects.eclipse.org/projects/ee4j.jstl Highest Product file name jakarta.servlet.jsp.jstl-api High Product jar package name javax Highest Product jar package name jsp Highest Product jar package name jstl Highest Product jar package name servlet Highest Product Manifest bundle-docurl https://www.eclipse.org Low Product Manifest Bundle-Name JavaServer Pages(TM) Standard Tag Library API Medium Product Manifest bundle-symbolicname jakarta.servlet.jsp.jstl-api Medium Product Manifest extension-name javax.servlet.jsp.jstl Medium Product Manifest originally-created-by 1.8.0_181 (Oracle Corporation) Low Product pom artifactid jakarta.servlet.jsp.jstl-api Highest Product pom developer id yaminikb Low Product pom developer name Yamini K B Low Product pom developer org Oracle Corporation Low Product pom developer org URL http://www.oracle.com/ Low Product pom groupid jakarta.servlet.jsp.jstl Highest Product pom name JavaServer Pages(TM) Standard Tag Library API High Product pom parent-artifactid project Medium Product pom parent-groupid org.eclipse.ee4j Medium Product pom url https://projects.eclipse.org/projects/ee4j.jstl Medium Version file version 1.2.4 High Version Manifest Bundle-Version 1.2.4 High Version Manifest Implementation-Version 1.2.4 High Version pom parent-version 1.2.4 Low Version pom version 1.2.4 Highest
jcl-over-slf4j-2.0.11.jarDescription:
JCL 1.2 implemented over SLF4J License:
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/slf4j/jcl-over-slf4j/2.0.11/jcl-over-slf4j-2.0.11.jar
MD5: 7ad2cbcec0efd8cfc8f3a6dfacfc5829
SHA1: f6226edb8c85f8c9f1f75ec4b0252c02f589478a
SHA256: 55e96f9830d732c81f0709e9090f308798381be7dc5aa67dd423c02831b5b4bb
Referenced In Projects/Scopes: waffle-tests:compile waffle-jna:compile waffle-tomcat85:compile waffle-jna-jakarta:compile waffle-mixed-post:provided waffle-tomcat10:compile waffle-shiro:compile waffle-form:compile waffle-mixed:provided waffle-negotiate:provided waffle-distro:compile waffle-tests-jakarta:compile waffle-filter:compile waffle-jaas:compile waffle-jetty:compile waffle-tomcat9:compile jcl-over-slf4j-2.0.11.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-tomcat85@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna-jakarta@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna-jakarta@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna-jakarta@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name jcl-over-slf4j High Vendor Manifest build-jdk-spec 21 Low Vendor Manifest bundle-docurl http://www.slf4j.org Low Vendor Manifest bundle-symbolicname jcl.over.slf4j Medium Vendor Manifest multi-release true Low Vendor Manifest originally-created-by Apache Maven Bundle Plugin 5.1.9 Low Vendor pom artifactid jcl-over-slf4j Highest Vendor pom artifactid jcl-over-slf4j Low Vendor pom groupid org.slf4j Highest Vendor pom name JCL 1.2 implemented over SLF4J High Vendor pom parent-artifactid slf4j-parent Low Vendor pom url http://www.slf4j.org Highest Product file name jcl-over-slf4j High Product jar package name 9 Highest Product jar package name apache Highest Product Manifest build-jdk-spec 21 Low Product Manifest bundle-docurl http://www.slf4j.org Low Product Manifest Bundle-Name JCL 1.2 implemented over SLF4J Medium Product Manifest bundle-symbolicname jcl.over.slf4j Medium Product Manifest Implementation-Title jcl-over-slf4j High Product Manifest multi-release true Low Product Manifest originally-created-by Apache Maven Bundle Plugin 5.1.9 Low Product pom artifactid jcl-over-slf4j Highest Product pom groupid org.slf4j Highest Product pom name JCL 1.2 implemented over SLF4J High Product pom parent-artifactid slf4j-parent Medium Product pom url http://www.slf4j.org Medium Version file version 2.0.11 High Version Manifest Bundle-Version 2.0.11 High Version Manifest Implementation-Version 2.0.11 High Version pom version 2.0.11 Highest
jetty-io-10.0.19.jarDescription:
Jetty module for Jetty :: IO Utility License:
https://www.eclipse.org/legal/epl-2.0/, https://www.apache.org/licenses/LICENSE-2.0 File Path: /home/runner/.m2/repository/org/eclipse/jetty/jetty-io/10.0.19/jetty-io-10.0.19.jar
MD5: 2a17076c238062f9d3ef947282347d3b
SHA1: 1a08ba2c33c92d7d1f2a9dd8b87653c237756921
SHA256: 4ec28fd3717eebfa3b3ac3d692d89889ac0a5282ba129b7d7ce4682abe778158
Referenced In Project/Scope: waffle-jetty:provided
jetty-io-10.0.19.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.eclipse.jetty/jetty-client@10.0.19
Evidence Type Source Name Value Confidence Vendor file name jetty-io High Vendor jar package name eclipse Highest Vendor jar package name io Highest Vendor jar package name jetty Highest Vendor Manifest build-jdk-spec 21 Low Vendor Manifest bundle-copyright Copyright (c) 2008-2022 Mort Bay Consulting Pty Ltd and others. Low Vendor Manifest bundle-docurl https://eclipse.dev/jetty/ Low Vendor Manifest bundle-requiredexecutionenvironment JavaSE-11 Low Vendor Manifest bundle-symbolicname org.eclipse.jetty.io Medium Vendor Manifest Implementation-Vendor Eclipse Jetty Project High Vendor Manifest url https://eclipse.dev/jetty/ Low Vendor pom artifactid jetty-io Highest Vendor pom artifactid jetty-io Low Vendor pom groupid org.eclipse.jetty Highest Vendor pom name Jetty :: IO Utility High Vendor pom parent-artifactid jetty-project Low Product file name jetty-io High Product jar package name eclipse Highest Product jar package name io Highest Product jar package name jetty Highest Product Manifest build-jdk-spec 21 Low Product Manifest bundle-copyright Copyright (c) 2008-2022 Mort Bay Consulting Pty Ltd and others. Low Product Manifest bundle-docurl https://eclipse.dev/jetty/ Low Product Manifest Bundle-Name Jetty :: IO Utility Medium Product Manifest bundle-requiredexecutionenvironment JavaSE-11 Low Product Manifest bundle-symbolicname org.eclipse.jetty.io Medium Product Manifest url https://eclipse.dev/jetty/ Low Product pom artifactid jetty-io Highest Product pom groupid org.eclipse.jetty Highest Product pom name Jetty :: IO Utility High Product pom parent-artifactid jetty-project Medium Version file version 10.0.19 High Version Manifest Bundle-Version 10.0.19 High Version Manifest Implementation-Version 10.0.19 High Version pom version 10.0.19 Highest
Related Dependencies jetty-alpn-client-10.0.19.jarFile Path: /home/runner/.m2/repository/org/eclipse/jetty/jetty-alpn-client/10.0.19/jetty-alpn-client-10.0.19.jar MD5: 84fa03e3cda0b23c47c31a7a5ad966f4 SHA1: f009439caf06a16969741872c3285a685376146a SHA256: b6dac3e6a91031a863729a1a192748a76eb6fe8be149dcc671c256d4d3aa0ce9 pkg:maven/org.eclipse.jetty/jetty-alpn-client@10.0.19 jetty-client-10.0.19.jarFile Path: /home/runner/.m2/repository/org/eclipse/jetty/jetty-client/10.0.19/jetty-client-10.0.19.jar MD5: e61a2bf5d15631707a087bebd9e011b9 SHA1: 51bebcfa208d70be6f0acc78e40c375f291ecb16 SHA256: 573ae5066c4ee736c48c39be17f223a495754b665e7ef4f6279970793e694b77 pkg:maven/org.eclipse.jetty/jetty-client@10.0.19 jetty-http-10.0.19.jarFile Path: /home/runner/.m2/repository/org/eclipse/jetty/jetty-http/10.0.19/jetty-http-10.0.19.jar MD5: 46050e53596e665639315e674229ac64 SHA1: 4f51263a15a9879a6e06f3804cdaaddc1ef3f5a6 SHA256: 57e8d13622dd106b10c7d9dc63cc66d169034a41f312c99e8f12a687607a249e pkg:maven/org.eclipse.jetty/jetty-http@10.0.19 jetty-security-10.0.19.jarFile Path: /home/runner/.m2/repository/org/eclipse/jetty/jetty-security/10.0.19/jetty-security-10.0.19.jar MD5: 685500bbb9acc92f28e3883031ee62aa SHA1: 21732e19ac8bca003e394de61b285f3e9a4c7412 SHA256: afe36bed980d72411863c195b1569f0bf9a52d5eae76e8b5014d6dbe0e9fcf2f pkg:maven/org.eclipse.jetty/jetty-security@10.0.19 jetty-servlet-10.0.19.jarFile Path: /home/runner/.m2/repository/org/eclipse/jetty/jetty-servlet/10.0.19/jetty-servlet-10.0.19.jar MD5: d35b2dd54ed127c2a4917c256e5c120a SHA1: c223bf2636827b3a97493894c250d29964e9b30f SHA256: 5c7836c3e0726ce2c0aabe1d00dc51247d9256348d1c79c7bd97592e8e07823b pkg:maven/org.eclipse.jetty/jetty-servlet@10.0.19 jetty-util-10.0.19.jarFile Path: /home/runner/.m2/repository/org/eclipse/jetty/jetty-util/10.0.19/jetty-util-10.0.19.jar MD5: 986a828d42347ddad51adcea821e948f SHA1: aef0b94fe37c6527406be19fe21c34c53bb165db SHA256: 4f34d2c7b8f506bce861ae313fa3a974711abc93164b7a3c6c98dafdb4dac124 pkg:maven/org.eclipse.jetty/jetty-util@10.0.19 jetty-webapp-10.0.19.jarFile Path: /home/runner/.m2/repository/org/eclipse/jetty/jetty-webapp/10.0.19/jetty-webapp-10.0.19.jar MD5: 49285a6056c772c94b124e7c655dfb3a SHA1: 678e6a936a4bb6aee18fed8bc84636d2801c3591 SHA256: b25c59dffd94789a2ace652aa2222f5946f40448f5e7b2a4f7fa2fe304988157 pkg:maven/org.eclipse.jetty/jetty-webapp@10.0.19 jetty-xml-10.0.19.jarFile Path: /home/runner/.m2/repository/org/eclipse/jetty/jetty-xml/10.0.19/jetty-xml-10.0.19.jar MD5: 5f1286cf7a272fd6bdd626173a4f06e9 SHA1: d7db8b4615623e08ec3a9fbb82e533b91cb8d2a9 SHA256: 7988ded72f89e8ea2130f4c506bc07517e873f3e3c0db88e298606f81236aa97 pkg:maven/org.eclipse.jetty/jetty-xml@10.0.19 jetty-server-10.0.19.jarDescription:
The core jetty server artifact. License:
https://www.eclipse.org/legal/epl-2.0/, https://www.apache.org/licenses/LICENSE-2.0 File Path: /home/runner/.m2/repository/org/eclipse/jetty/jetty-server/10.0.19/jetty-server-10.0.19.jar
MD5: 885901771fa61efe91135936572573e5
SHA1: 5a0f3f4118cd80cbdfa38f162e1ccd50afc8cae6
SHA256: f61b8eace7df3f9394db0e7e1e00f8db2fed4ecda57f269720b80f394ba9d46a
Referenced In Project/Scope: waffle-jetty:provided
jetty-server-10.0.19.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.eclipse.jetty/jetty-servlet@10.0.19
Evidence Type Source Name Value Confidence Vendor file name jetty-server High Vendor jar package name eclipse Highest Vendor jar package name jetty Highest Vendor jar package name server Highest Vendor Manifest build-jdk-spec 21 Low Vendor Manifest bundle-copyright Copyright (c) 2008-2022 Mort Bay Consulting Pty Ltd and others. Low Vendor Manifest bundle-docurl https://eclipse.dev/jetty/ Low Vendor Manifest bundle-requiredexecutionenvironment JavaSE-11 Low Vendor Manifest bundle-symbolicname org.eclipse.jetty.server Medium Vendor Manifest Implementation-Vendor Eclipse Jetty Project High Vendor Manifest url https://eclipse.dev/jetty/ Low Vendor pom artifactid jetty-server Highest Vendor pom artifactid jetty-server Low Vendor pom groupid org.eclipse.jetty Highest Vendor pom name Jetty :: Server Core High Vendor pom parent-artifactid jetty-project Low Product file name jetty-server High Product jar package name eclipse Highest Product jar package name jetty Highest Product jar package name server Highest Product Manifest build-jdk-spec 21 Low Product Manifest bundle-copyright Copyright (c) 2008-2022 Mort Bay Consulting Pty Ltd and others. Low Product Manifest bundle-docurl https://eclipse.dev/jetty/ Low Product Manifest Bundle-Name Jetty :: Server Core Medium Product Manifest bundle-requiredexecutionenvironment JavaSE-11 Low Product Manifest bundle-symbolicname org.eclipse.jetty.server Medium Product Manifest url https://eclipse.dev/jetty/ Low Product pom artifactid jetty-server Highest Product pom groupid org.eclipse.jetty Highest Product pom name Jetty :: Server Core High Product pom parent-artifactid jetty-project Medium Version file version 10.0.19 High Version Manifest Bundle-Version 10.0.19 High Version Manifest Implementation-Version 10.0.19 High Version pom version 10.0.19 Highest
jetty-servlet-api-4.0.6.jarDescription:
Combined servlet api and schemas for use in JPMS and OSGi environments License:
http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php File Path: /home/runner/.m2/repository/org/eclipse/jetty/toolchain/jetty-servlet-api/4.0.6/jetty-servlet-api-4.0.6.jar
MD5: d63413e02885c25d0129e3d2936606f6
SHA1: 959c5d83d08f5cddf56caff749e48b735193191b
SHA256: d90bf1f8a9d2ba89f4510bb51e1516dcf94ef6dc034e00f233654abdd78f2210
Referenced In Project/Scope: waffle-jetty:provided
jetty-servlet-api-4.0.6.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.eclipse.jetty/apache-jsp@10.0.19
Evidence Type Source Name Value Confidence Vendor file name jetty-servlet-api High Vendor jar package name servlet Highest Vendor Manifest build-jdk-spec 11 Low Vendor Manifest bundle-docurl https://eclipse.org/jetty Low Vendor Manifest bundle-requiredexecutionenvironment JavaSE-11 Low Vendor Manifest bundle-symbolicname org.eclipse.jetty.servlet-api Medium Vendor pom artifactid jetty-servlet-api Highest Vendor pom artifactid jetty-servlet-api Low Vendor pom groupid org.eclipse.jetty.toolchain Highest Vendor pom name Jetty :: Servlet API and Schemas for JPMS and OSGi High Vendor pom parent-artifactid jetty-toolchain Low Product file name jetty-servlet-api High Product jar package name servlet Highest Product Manifest build-jdk-spec 11 Low Product Manifest bundle-docurl https://eclipse.org/jetty Low Product Manifest Bundle-Name Eclipse Jetty Servlet API and Schemas for JPMS and OSGi Medium Product Manifest bundle-requiredexecutionenvironment JavaSE-11 Low Product Manifest bundle-symbolicname org.eclipse.jetty.servlet-api Medium Product pom artifactid jetty-servlet-api Highest Product pom groupid org.eclipse.jetty.toolchain Highest Product pom name Jetty :: Servlet API and Schemas for JPMS and OSGi High Product pom parent-artifactid jetty-toolchain Medium Version file version 4.0.6 High Version Manifest Bundle-Version 4.0.6 High Version pom parent-version 4.0.6 Low Version pom version 4.0.6 Highest
CVE-2017-7657 suppress
In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a smaller chunk size and content sent as chunk body could be interpreted as a pipelined request. If Jetty was deployed behind an intermediary that imposed some authorization and that intermediary allowed arbitrarily large chunks to be passed on unchanged, then this flaw could be used to bypass the authorization imposed by the intermediary as the fake pipelined request would not be interpreted by the intermediary as a request. CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling'), CWE-190 Integer Overflow or Wraparound
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2017-7658 suppress
In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length and a chunked encoding header, the content-length was ignored (as per RFC 2616). If an intermediary decided on the shorter length, but still passed on the longer body, then body content could be interpreted by Jetty as a pipelined request. If the intermediary was imposing authorization, the fake pipelined request would bypass that authorization. CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2009-5045 suppress
Dump Servlet information leak in jetty before 6.1.22. CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions:
CVE-2017-7656 suppress
In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), HTTP/0.9 is handled poorly. An HTTP/1 style request line (i.e. method space URI space version) that declares a version of HTTP/0.9 was accepted and treated as a 0.9 request. If deployed behind an intermediary that also accepted and passed through the 0.9 version (but did not act on it), then the response sent could be interpreted by the intermediary as HTTP/1 headers. This could be used to poison the cache if the server allowed the origin client to generate arbitrary content in the response. CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling'), NVD-CWE-noinfo
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2017-9735 suppress
Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords. CWE-203 Observable Discrepancy
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2022-2048 suppress
In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources left to process good requests. CWE-664 Improper Control of a Resource Through its Lifetime, NVD-CWE-Other, CWE-410 Insufficient Resource Pool
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2023-44487 suppress
CISA Known Exploited Vulnerability: Product: IETF HTTP/2 Name: HTTP/2 Rapid Reset Attack Vulnerability Date Added: 2023-10-10 Description: HTTP/2 contains a rapid reset vulnerability that allows for a distributed denial-of-service attack (DDoS). Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Due Date: 2023-10-31 Notes: https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CWE-400 Uncontrolled Resource Consumption
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
cve@mitre.org - EXPLOIT,THIRD_PARTY_ADVISORY cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING,PATCH,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,PATCH,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,PATCH,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,PATCH,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,PRESS/MEDIA_COVERAGE cve@mitre.org - ISSUE_TRACKING,THIRD_PARTY_ADVISORY cve@mitre.org - ISSUE_TRACKING,THIRD_PARTY_ADVISORY cve@mitre.org - ISSUE_TRACKING,THIRD_PARTY_ADVISORY cve@mitre.org - ISSUE_TRACKING,THIRD_PARTY_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - ISSUE_TRACKING,VENDOR_ADVISORY cve@mitre.org - MAILING_LIST cve@mitre.org - MAILING_LIST,PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,PATCH,VENDOR_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,VENDOR_ADVISORY cve@mitre.org - MAILING_LIST,VENDOR_ADVISORY cve@mitre.org - MITIGATION,PATCH,VENDOR_ADVISORY cve@mitre.org - MITIGATION,PATCH,VENDOR_ADVISORY cve@mitre.org - MITIGATION,VENDOR_ADVISORY cve@mitre.org - MITIGATION,VENDOR_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PATCH,VENDOR_ADVISORY cve@mitre.org - PRESS/MEDIA_COVERAGE cve@mitre.org - PRESS/MEDIA_COVERAGE,THIRD_PARTY_ADVISORY cve@mitre.org - PRESS/MEDIA_COVERAGE,THIRD_PARTY_ADVISORY cve@mitre.org - PRESS/MEDIA_COVERAGE,THIRD_PARTY_ADVISORY cve@mitre.org - PRESS/MEDIA_COVERAGE,THIRD_PARTY_ADVISORY cve@mitre.org - PRODUCT,RELEASE_NOTES,VENDOR_ADVISORY cve@mitre.org - PRODUCT,THIRD_PARTY_ADVISORY cve@mitre.org - PRODUCT,THIRD_PARTY_ADVISORY cve@mitre.org - PRODUCT,VENDOR_ADVISORY cve@mitre.org - RELEASE_NOTES,THIRD_PARTY_ADVISORY cve@mitre.org - RELEASE_NOTES,THIRD_PARTY_ADVISORY cve@mitre.org - RELEASE_NOTES,VENDOR_ADVISORY cve@mitre.org - RELEASE_NOTES,VENDOR_ADVISORY cve@mitre.org - TECHNICAL_DESCRIPTION,THIRD_PARTY_ADVISORY cve@mitre.org - TECHNICAL_DESCRIPTION,VENDOR_ADVISORY cve@mitre.org - TECHNICAL_DESCRIPTION,VENDOR_ADVISORY cve@mitre.org - TECHNICAL_DESCRIPTION,VENDOR_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY,US_GOVERNMENT_RESOURCE cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY cve@mitre.org - VENDOR_ADVISORY Vulnerable Software & Versions: (show all )
CVE-2020-27216 suppress
In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. CWE-378 Creation of Temporary File With Insecure Permissions, CWE-379 Creation of Temporary File in Directory with Insecure Permissions, NVD-CWE-Other
CVSSv2:
Base Score: MEDIUM (4.4) Vector: /AV:L/AC:M/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: HIGH (7.0) Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:1.0/RC:R/MAV:A References:
emo@eclipse.org - EXPLOIT,MITIGATION,THIRD_PARTY_ADVISORY emo@eclipse.org - EXPLOIT,PATCH,VENDOR_ADVISORY emo@eclipse.org - MAILING_LIST,THIRD_PARTY_ADVISORY emo@eclipse.org - NOT_APPLICABLE,THIRD_PARTY_ADVISORY emo@eclipse.org - PATCH,THIRD_PARTY_ADVISORY emo@eclipse.org - PATCH,THIRD_PARTY_ADVISORY emo@eclipse.org - PATCH,THIRD_PARTY_ADVISORY emo@eclipse.org - PATCH,THIRD_PARTY_ADVISORY emo@eclipse.org - THIRD_PARTY_ADVISORY emo@eclipse.org - THIRD_PARTY_ADVISORY Vulnerable Software & Versions: (show all )
CVE-2009-5046 suppress
JSP Dump and Session Dump Servlet XSS in jetty before 6.1.22. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions:
CVE-2021-28169 suppress
For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. NVD-CWE-Other, CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2023-26048 suppress
Jetty is a java based web server and servlet engine. In affected versions servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. This issue has been patched in versions 9.4.51, 10.0.14, and 11.0.14. Users are advised to upgrade. Users unable to upgrade may set the multipart parameter `maxRequestSize` which must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). CWE-400 Uncontrolled Resource Consumption, CWE-770 Allocation of Resources Without Limits or Throttling
CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2023-26049 suppress
Jetty is a java based web server and servlet engine. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE="b; JSESSIONID=1337; c=d"` will be parsed as one cookie, with the name DISPLAY_LANGUAGE and a value of b; JSESSIONID=1337; c=d instead of 3 separate cookies. This has security implications because if, say, JSESSIONID is an HttpOnly cookie, and the DISPLAY_LANGUAGE cookie value is rendered on the page, an attacker can smuggle the JSESSIONID cookie into the DISPLAY_LANGUAGE cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server or its logging system. This issue has been addressed in versions 9.4.51, 10.0.14, 11.0.14, and 12.0.0.beta0 and users are advised to upgrade. There are no known workarounds for this issue. NVD-CWE-noinfo, CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2021-34428 suppress
For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, if an exception is thrown from the SessionListener#sessionDestroyed() method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. CWE-613 Insufficient Session Expiration
CVSSv2:
Base Score: LOW (3.6) Vector: /AV:L/AC:L/Au:N/C:P/I:P/A:N CVSSv3:
Base Score: LOW (3.5) Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:0.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2022-2047 suppress
In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario. CWE-20 Improper Input Validation
CVSSv2:
Base Score: MEDIUM (4.0) Vector: /AV:N/AC:L/Au:S/C:N/I:P/A:N CVSSv3:
Base Score: LOW (2.7) Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N/E:1.2/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
jna-5.14.0.jarDescription:
Java Native Access License:
LGPL-2.1-or-later: https://www.gnu.org/licenses/old-licenses/lgpl-2.1
Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/net/java/dev/jna/jna/5.14.0/jna-5.14.0.jar
MD5: 8b3cc652920435ad9f801e6d9b2a3497
SHA1: 67bf3eaea4f0718cb376a181a629e5f88fa1c9dd
SHA256: 34ed1e1f27fa896bca50dbc4e99cf3732967cec387a7a0d5e3486c09673fe8c6
Referenced In Projects/Scopes: waffle-tests:compile waffle-jna:compile waffle-spring-boot-autoconfigure3:compile waffle-bom:compile waffle-spring-boot-starter2:compile waffle-mixed-post:provided waffle-spring-boot-autoconfigure2:compile waffle-spring-boot-starter3:compile waffle-form:compile waffle-negotiate:provided waffle-tests-jakarta:compile waffle-spring-boot-filter3:compile waffle-spring-filter:compile waffle-spring-boot-filter2:compile waffle-tomcat85:compile waffle-jna-jakarta:compile waffle-spring-security5:compile waffle-spring-security6:compile waffle-tomcat10:compile waffle-shiro:compile waffle-spring-form:compile waffle-mixed:provided waffle-distro:compile waffle-filter:compile waffle-jaas:compile waffle-jetty:compile waffle-tomcat9:compile jna-5.14.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna-jakarta@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna-jakarta@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-security6@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna-jakarta@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-tomcat85@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna-jakarta@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna-jakarta@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-bom@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-security6@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name jna High Vendor jar package name jna Highest Vendor jar package name native Highest Vendor jar package name sun Highest Vendor jar (hint) package name oracle Highest Vendor Manifest automatic-module-name com.sun.jna Medium Vendor Manifest bundle-activationpolicy lazy Low Vendor Manifest bundle-category jni Low Vendor Manifest bundle-nativecode com/sun/jna/win32-x86/jnidispatch.dll; processor=x86;osname=win32, com/sun/jna/win32-x86-64/jnidispatch.dll; processor=x86-64;osname=win32, com/sun/jna/win32-aarch64/jnidispatch.dll; processor=aarch64;osname=win32, com/sun/jna/win32-x86/jnidispatch.dll; processor=x86;osname=win, com/sun/jna/win32-x86-64/jnidispatch.dll; processor=x86-64;osname=win, com/sun/jna/win32-aarch64/jnidispatch.dll; processor=aarch64;osname=win, com/sun/jna/w32ce-arm/jnidispatch.dll; processor=arm;osname=wince, com/sun/jna/sunos-x86/libjnidispatch.so; processor=x86;osname=sunos, com/sun/jna/sunos-x86-64/libjnidispatch.so; processor=x86-64;osname=sunos, com/sun/jna/sunos-sparc/libjnidispatch.so; processor=sparc;osname=sunos, com/sun/jna/sunos-sparcv9/libjnidispatch.so; processor=sparcv9;osname=sunos, com/sun/jna/aix-ppc/libjnidispatch.a; processor=ppc;osname=aix, com/sun/jna/aix-ppc64/libjnidispatch.a; processor=ppc64;osname=aix, com/sun/jna/linux-ppc/libjnidispatch.so; processor=ppc;osname=linux, com/sun/jna/linux-ppc64/libjnidispatch.so; processor=ppc64;osname=linux, com/sun/jna/linux-ppc64le/libjnidispatch.so; processor=ppc64le;osname=linux, com/sun/jna/linux-x86/libjnidispatch.so; processor=x86;osname=linux, com/sun/jna/linux-x86-64/libjnidispatch.so; processor=x86-64;osname=linux, com/sun/jna/linux-arm/libjnidispatch.so; processor=arm;osname=linux, com/sun/jna/linux-arm/libjnidispatch.so; processor=arm_le;osname=linux, com/sun/jna/linux-armel/libjnidispatch.so; processor=armel;osname=linux, com/sun/jna/linux-aarch64/libjnidispatch.so; processor=aarch64;osname=linux, com/sun/jna/linux-ia64/libjnidispatch.so; processor=ia64;osname=linux, com/sun/jna/linux-sparcv9/libjnidispatch.so; processor=sparcv9;osname=linux, com/sun/jna/linux-mips64el/libjnidispatch.so; processor=mips64el;osname=linux, com/sun/jna/linux-s390x/libjnidispatch.so; processor=S390x;osname=linux, com/sun/jna/linux-loongarch64/libjnidispatch.so; processor=loongarch64;osname=linux, com/sun/jna/freebsd-x86/libjnidispatch.so; processor=x86;osname=freebsd, com/sun/jna/freebsd-x86-64/libjnidispatch.so; processor=x86-64;osname=freebsd, com/sun/jna/openbsd-x86/libjnidispatch.so; processor=x86;osname=openbsd, com/sun/jna/openbsd-x86-64/libjnidispatch.so; processor=x86-64;osname=openbsd, com/sun/jna/darwin-ppc/libjnidispatch.jnilib; osname=macosx;processor=ppc, com/sun/jna/darwin-ppc64/libjnidispatch.jnilib; osname=macosx;processor=ppc64, com/sun/jna/darwin-x86/libjnidispatch.jnilib; osname=macosx;processor=x86, com/sun/jna/darwin-x86-64/libjnidispatch.jnilib; osname=macosx;processor=x86-64, com/sun/jna/darwin-aarch64/libjnidispatch.jnilib; osname=macosx;processor=aarch64 Low Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.6 Low Vendor Manifest bundle-symbolicname com.sun.jna Medium Vendor Manifest Implementation-Vendor JNA Development Team High Vendor Manifest specification-vendor JNA Development Team Low Vendor pom artifactid jna Highest Vendor pom artifactid jna Low Vendor pom developer email mblaesing@doppel-helix.eu Low Vendor pom developer id twall Medium Vendor pom developer name Matthias Bläsing Medium Vendor pom developer name Timothy Wall Medium Vendor pom groupid net.java.dev.jna Highest Vendor pom name Java Native Access High Vendor pom url java-native-access/jna Highest Product file name jna High Product jar package name jna Highest Product jar package name library Highest Product jar package name native Highest Product jar package name sun Highest Product jar package name win32 Highest Product Manifest automatic-module-name com.sun.jna Medium Product Manifest bundle-activationpolicy lazy Low Product Manifest bundle-category jni Low Product Manifest Bundle-Name jna Medium Product Manifest bundle-nativecode com/sun/jna/win32-x86/jnidispatch.dll; processor=x86;osname=win32, com/sun/jna/win32-x86-64/jnidispatch.dll; processor=x86-64;osname=win32, com/sun/jna/win32-aarch64/jnidispatch.dll; processor=aarch64;osname=win32, com/sun/jna/win32-x86/jnidispatch.dll; processor=x86;osname=win, com/sun/jna/win32-x86-64/jnidispatch.dll; processor=x86-64;osname=win, com/sun/jna/win32-aarch64/jnidispatch.dll; processor=aarch64;osname=win, com/sun/jna/w32ce-arm/jnidispatch.dll; processor=arm;osname=wince, com/sun/jna/sunos-x86/libjnidispatch.so; processor=x86;osname=sunos, com/sun/jna/sunos-x86-64/libjnidispatch.so; processor=x86-64;osname=sunos, com/sun/jna/sunos-sparc/libjnidispatch.so; processor=sparc;osname=sunos, com/sun/jna/sunos-sparcv9/libjnidispatch.so; processor=sparcv9;osname=sunos, com/sun/jna/aix-ppc/libjnidispatch.a; processor=ppc;osname=aix, com/sun/jna/aix-ppc64/libjnidispatch.a; processor=ppc64;osname=aix, com/sun/jna/linux-ppc/libjnidispatch.so; processor=ppc;osname=linux, com/sun/jna/linux-ppc64/libjnidispatch.so; processor=ppc64;osname=linux, com/sun/jna/linux-ppc64le/libjnidispatch.so; processor=ppc64le;osname=linux, com/sun/jna/linux-x86/libjnidispatch.so; processor=x86;osname=linux, com/sun/jna/linux-x86-64/libjnidispatch.so; processor=x86-64;osname=linux, com/sun/jna/linux-arm/libjnidispatch.so; processor=arm;osname=linux, com/sun/jna/linux-arm/libjnidispatch.so; processor=arm_le;osname=linux, com/sun/jna/linux-armel/libjnidispatch.so; processor=armel;osname=linux, com/sun/jna/linux-aarch64/libjnidispatch.so; processor=aarch64;osname=linux, com/sun/jna/linux-ia64/libjnidispatch.so; processor=ia64;osname=linux, com/sun/jna/linux-sparcv9/libjnidispatch.so; processor=sparcv9;osname=linux, com/sun/jna/linux-mips64el/libjnidispatch.so; processor=mips64el;osname=linux, com/sun/jna/linux-s390x/libjnidispatch.so; processor=S390x;osname=linux, com/sun/jna/linux-loongarch64/libjnidispatch.so; processor=loongarch64;osname=linux, com/sun/jna/freebsd-x86/libjnidispatch.so; processor=x86;osname=freebsd, com/sun/jna/freebsd-x86-64/libjnidispatch.so; processor=x86-64;osname=freebsd, com/sun/jna/openbsd-x86/libjnidispatch.so; processor=x86;osname=openbsd, com/sun/jna/openbsd-x86-64/libjnidispatch.so; processor=x86-64;osname=openbsd, com/sun/jna/darwin-ppc/libjnidispatch.jnilib; osname=macosx;processor=ppc, com/sun/jna/darwin-ppc64/libjnidispatch.jnilib; osname=macosx;processor=ppc64, com/sun/jna/darwin-x86/libjnidispatch.jnilib; osname=macosx;processor=x86, com/sun/jna/darwin-x86-64/libjnidispatch.jnilib; osname=macosx;processor=x86-64, com/sun/jna/darwin-aarch64/libjnidispatch.jnilib; osname=macosx;processor=aarch64 Low Product Manifest bundle-requiredexecutionenvironment JavaSE-1.6 Low Product Manifest bundle-symbolicname com.sun.jna Medium Product Manifest Implementation-Title com.sun.jna High Product Manifest specification-title Java Native Access (JNA) Medium Product pom artifactid jna Highest Product pom developer email mblaesing@doppel-helix.eu Low Product pom developer id twall Low Product pom developer name Matthias Bläsing Low Product pom developer name Timothy Wall Low Product pom groupid net.java.dev.jna Highest Product pom name Java Native Access High Product pom url java-native-access/jna High Version file version 5.14.0 High Version Manifest Bundle-Version 5.14.0 High Version pom version 5.14.0 Highest
jna-5.14.0.jar: jnidispatch.dllFile Path: /home/runner/.m2/repository/net/java/dev/jna/jna/5.14.0/jna-5.14.0.jar/com/sun/jna/win32-aarch64/jnidispatch.dllMD5: f6bef568e690d361a5dcc165f5ad4b1fSHA1: 05638a4aaafa689a6c246530823afdc18d3fd438SHA256: b9d1479b9619b7ece4a36b6ae31365ffaf15a1355d4f6da02f8b5f09df2fa82fReferenced In Projects/Scopes:
waffle-tests:compile waffle-jna:compile waffle-spring-boot-autoconfigure3:compile waffle-bom:compile waffle-spring-boot-starter2:compile waffle-mixed-post:provided waffle-spring-boot-autoconfigure2:compile waffle-spring-boot-starter3:compile waffle-form:compile waffle-negotiate:provided waffle-tests-jakarta:compile waffle-spring-boot-filter3:compile waffle-spring-filter:compile waffle-spring-boot-filter2:compile waffle-tomcat85:compile waffle-jna-jakarta:compile waffle-spring-security5:compile waffle-spring-security6:compile waffle-tomcat10:compile waffle-shiro:compile waffle-spring-form:compile waffle-mixed:provided waffle-distro:compile waffle-filter:compile waffle-jaas:compile waffle-jetty:compile waffle-tomcat9:compile Evidence Type Source Name Value Confidence Vendor file name jnidispatch High Product file name jnidispatch High
jna-5.14.0.jar: jnidispatch.dllFile Path: /home/runner/.m2/repository/net/java/dev/jna/jna/5.14.0/jna-5.14.0.jar/com/sun/jna/win32-x86-64/jnidispatch.dllMD5: 719d6ba1946c25aa61ce82f90d77ffd5SHA1: 94d2191378cac5719daecc826fc116816284c406SHA256: 69c45175ecfd25af023f96ac0bb2c45e6a95e3ba8a5a50ee7969ccab14825c44Referenced In Projects/Scopes:
waffle-tests:compile waffle-jna:compile waffle-spring-boot-autoconfigure3:compile waffle-bom:compile waffle-spring-boot-starter2:compile waffle-mixed-post:provided waffle-spring-boot-autoconfigure2:compile waffle-spring-boot-starter3:compile waffle-form:compile waffle-negotiate:provided waffle-tests-jakarta:compile waffle-spring-boot-filter3:compile waffle-spring-filter:compile waffle-spring-boot-filter2:compile waffle-tomcat85:compile waffle-jna-jakarta:compile waffle-spring-security5:compile waffle-spring-security6:compile waffle-tomcat10:compile waffle-shiro:compile waffle-spring-form:compile waffle-mixed:provided waffle-distro:compile waffle-filter:compile waffle-jaas:compile waffle-jetty:compile waffle-tomcat9:compile Evidence Type Source Name Value Confidence Vendor file name jnidispatch High Product file name jnidispatch High
jna-5.14.0.jar: jnidispatch.dllFile Path: /home/runner/.m2/repository/net/java/dev/jna/jna/5.14.0/jna-5.14.0.jar/com/sun/jna/win32-x86/jnidispatch.dllMD5: e15183ef9c6c255b76fda73d01ca7ecbSHA1: f816f998c43204230d9ea3eecffb5f8372a32c2eSHA256: 38650a0612730c52580c9f32ff766b44b1c5a426d52e7dd7a53687bf3389ac2cReferenced In Projects/Scopes:
waffle-tests:compile waffle-jna:compile waffle-spring-boot-autoconfigure3:compile waffle-bom:compile waffle-spring-boot-starter2:compile waffle-mixed-post:provided waffle-spring-boot-autoconfigure2:compile waffle-spring-boot-starter3:compile waffle-form:compile waffle-negotiate:provided waffle-tests-jakarta:compile waffle-spring-boot-filter3:compile waffle-spring-filter:compile waffle-spring-boot-filter2:compile waffle-tomcat85:compile waffle-jna-jakarta:compile waffle-spring-security5:compile waffle-spring-security6:compile waffle-tomcat10:compile waffle-shiro:compile waffle-spring-form:compile waffle-mixed:provided waffle-distro:compile waffle-filter:compile waffle-jaas:compile waffle-jetty:compile waffle-tomcat9:compile Evidence Type Source Name Value Confidence Vendor file name jnidispatch High Product file name jnidispatch High
jna-platform-5.14.0.jarDescription:
Java Native Access Platform License:
LGPL-2.1-or-later: https://www.gnu.org/licenses/old-licenses/lgpl-2.1
Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/net/java/dev/jna/jna-platform/5.14.0/jna-platform-5.14.0.jar
MD5: 3bc3f09a698e6ad250dd093f64fbb8a7
SHA1: 28934d48aed814f11e4c584da55c49fa7032b31b
SHA256: ae4caceb3840730c2537f9b7fb55a01baba580286b4122951488bcee558c2449
Referenced In Projects/Scopes: waffle-tests:compile waffle-jna:compile waffle-spring-boot-autoconfigure3:compile waffle-bom:compile waffle-spring-boot-starter2:compile waffle-mixed-post:provided waffle-spring-boot-autoconfigure2:compile waffle-spring-boot-starter3:compile waffle-form:compile waffle-negotiate:provided waffle-tests-jakarta:compile waffle-spring-boot-filter3:compile waffle-spring-filter:compile waffle-spring-boot-filter2:compile waffle-tomcat85:compile waffle-jna-jakarta:compile waffle-spring-security5:compile waffle-spring-security6:compile waffle-tomcat10:compile waffle-shiro:compile waffle-spring-form:compile waffle-mixed:provided waffle-distro:compile waffle-filter:compile waffle-jaas:compile waffle-jetty:compile waffle-tomcat9:compile jna-platform-5.14.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-security6@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna-jakarta@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-security6@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-bom@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna-jakarta@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna-jakarta@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-tomcat85@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna-jakarta@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna-jakarta@3.3.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name jna-platform High Vendor jar package name jna Highest Vendor jar package name platform Highest Vendor jar package name sun Highest Vendor jar (hint) package name oracle Highest Vendor Manifest automatic-module-name com.sun.jna.platform Medium Vendor Manifest bundle-category jni Low Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.4 Low Vendor Manifest bundle-symbolicname com.sun.jna.platform Medium Vendor Manifest Implementation-Vendor JNA Development Team High Vendor Manifest require-bundle com.sun.jna;bundle-version="5.14.0" Low Vendor Manifest specification-vendor JNA Development Team Low Vendor pom artifactid jna-platform Highest Vendor pom artifactid jna-platform Low Vendor pom developer email mblaesing@doppel-helix.eu Low Vendor pom developer id twall Medium Vendor pom developer name Matthias Bläsing Medium Vendor pom developer name Timothy Wall Medium Vendor pom groupid net.java.dev.jna Highest Vendor pom name Java Native Access Platform High Vendor pom url java-native-access/jna Highest Product file name jna-platform High Product jar package name jna Highest Product jar package name platform Highest Product jar package name sun Highest Product Manifest automatic-module-name com.sun.jna.platform Medium Product Manifest bundle-category jni Low Product Manifest Bundle-Name jna-platform Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.4 Low Product Manifest bundle-symbolicname com.sun.jna.platform Medium Product Manifest Implementation-Title com.sun.jna High Product Manifest require-bundle com.sun.jna;bundle-version="5.14.0" Low Product Manifest specification-title Java Native Access (JNA) Medium Product pom artifactid jna-platform Highest Product pom developer email mblaesing@doppel-helix.eu Low Product pom developer id twall Low Product pom developer name Matthias Bläsing Low Product pom developer name Timothy Wall Low Product pom groupid net.java.dev.jna Highest Product pom name Java Native Access Platform High Product pom url java-native-access/jna High Version file version 5.14.0 High Version Manifest Bundle-Version 5.14.0 High Version pom version 5.14.0 Highest
jsr305-3.0.2.jarDescription:
JSR305 Annotations for Findbugs License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar
MD5: dd83accb899363c32b07d7a1b2e4ce40
SHA1: 25ea2e8b0c338a877313bd4672d3fe056ea78f0d
SHA256: 766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7
Referenced In Projects/Scopes: waffle-jaas:provided waffle-jna:provided waffle-spring-boot-filter3:provided waffle-mixed-post:provided waffle-jna-jakarta:provided waffle-spring-security5:provided waffle-bom:provided waffle-shiro:provided waffle-spring-boot2:provided waffle-spring-boot-autoconfigure2:provided waffle-negotiate:provided waffle-distro:provided waffle-tests:provided waffle-spring-boot-filter2:provided waffle-tomcat85:provided waffle-form:provided waffle-spring-boot3:provided waffle:provided waffle-spring-filter:provided waffle-tests-jakarta:provided waffle-spring-form:provided waffle-spring-security6:provided waffle-tomcat9:provided waffle-demo-parent:provided waffle-spring-boot-autoconfigure3:provided waffle-spring-boot-starter2:provided waffle-spring-boot-starter3:provided waffle-jetty:provided waffle-tomcat10:provided waffle-filter:provided waffle-mixed:provided jsr305-3.0.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.3 pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.3 pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.3 pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.3 pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.3 pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.3 pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.3 pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.3 pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.3 pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.3 pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.3 pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.3 pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.3 pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.3 pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.3 pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.3 pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.3 pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.3 pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.3 pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.3 pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.3 pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.3 pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.3 pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.3 pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.3 pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.3 pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.3 pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.3 pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.3 pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.3 pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.3 Evidence Type Source Name Value Confidence Vendor file name jsr305 High Vendor Manifest bundle-symbolicname org.jsr-305 Medium Vendor pom artifactid jsr305 Highest Vendor pom artifactid jsr305 Low Vendor pom groupid com.google.code.findbugs Highest Vendor pom name FindBugs-jsr305 High Vendor pom url http://findbugs.sourceforge.net/ Highest Product file name jsr305 High Product Manifest Bundle-Name FindBugs-jsr305 Medium Product Manifest bundle-symbolicname org.jsr-305 Medium Product pom artifactid jsr305 Highest Product pom groupid com.google.code.findbugs Highest Product pom name FindBugs-jsr305 High Product pom url http://findbugs.sourceforge.net/ Medium Version file version 3.0.2 High Version Manifest Bundle-Version 3.0.2 High Version pom version 3.0.2 Highest
jul-to-slf4j-1.7.36.jarDescription:
JUL to SLF4J bridge File Path: /home/runner/.m2/repository/org/slf4j/jul-to-slf4j/1.7.36/jul-to-slf4j-1.7.36.jarMD5: 2a3fe73e6cafe8f102facaf2dd65353fSHA1: ed46d81cef9c412a88caef405b58f93a678ff2caSHA256: 9e641fb142c5f0b0623d6222c09ea87523a41bf6bed48ac79940724010b989deReferenced In Projects/Scopes:
waffle-distro:runtime waffle-spring-boot-starter2:compile waffle-spring-boot-autoconfigure2:compile waffle-spring-boot-filter2:compile jul-to-slf4j-1.7.36.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.springframework.boot/spring-boot-starter@2.7.18 pkg:maven/com.github.waffle/waffle-spring-boot-starter2@3.3.1-SNAPSHOT pkg:maven/org.springframework.boot/spring-boot-starter-web@2.7.18 pkg:maven/org.springframework.boot/spring-boot-starter@2.7.18 Evidence Type Source Name Value Confidence Vendor file name jul-to-slf4j High Vendor jar package name bridge Highest Vendor jar package name slf4j Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor Manifest bundle-symbolicname jul.to.slf4j Medium Vendor pom artifactid jul-to-slf4j Highest Vendor pom artifactid jul-to-slf4j Low Vendor pom groupid org.slf4j Highest Vendor pom name JUL to SLF4J bridge High Vendor pom parent-artifactid slf4j-parent Low Vendor pom url http://www.slf4j.org Highest Product file name jul-to-slf4j High Product jar package name bridge Highest Product jar package name slf4j Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest Bundle-Name jul-to-slf4j Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product Manifest bundle-symbolicname jul.to.slf4j Medium Product pom artifactid jul-to-slf4j Highest Product pom groupid org.slf4j Highest Product pom name JUL to SLF4J bridge High Product pom parent-artifactid slf4j-parent Medium Product pom url http://www.slf4j.org Medium Version file version 1.7.36 High Version Manifest Bundle-Version 1.7.36 High Version Manifest Implementation-Version 1.7.36 High Version pom version 1.7.36 Highest
jul-to-slf4j-2.0.11.jarDescription:
JUL to SLF4J bridge License:
http://www.opensource.org/licenses/mit-license.php File Path: /home/runner/.m2/repository/org/slf4j/jul-to-slf4j/2.0.11/jul-to-slf4j-2.0.11.jar
MD5: 46568e80d6a97fd041864e033dfdf7d0
SHA1: 279356f8e873b1a26badd8bbb3284b5c3b22c770
SHA256: 67e605b1f3efd4efcb060e4c11a2e6d8d4dfd2262bba7916aeafa77eeb1bcf89
Referenced In Projects/Scopes: waffle-spring-boot-autoconfigure3:compile waffle-spring-boot-filter3:compile waffle-spring-boot-starter3:compile jul-to-slf4j-2.0.11.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.springframework.boot/spring-boot-starter@3.2.2 pkg:maven/org.springframework.boot/spring-boot-starter@3.2.2 pkg:maven/org.springframework.boot/spring-boot-starter-web@3.2.2 Evidence Type Source Name Value Confidence Vendor file name jul-to-slf4j High Vendor jar package name bridge Highest Vendor jar package name slf4j Highest Vendor Manifest build-jdk-spec 21 Low Vendor Manifest bundle-docurl http://www.slf4j.org Low Vendor Manifest bundle-symbolicname jul.to.slf4j Medium Vendor Manifest multi-release true Low Vendor pom artifactid jul-to-slf4j Highest Vendor pom artifactid jul-to-slf4j Low Vendor pom groupid org.slf4j Highest Vendor pom name JUL to SLF4J bridge High Vendor pom parent-artifactid slf4j-parent Low Vendor pom url http://www.slf4j.org Highest Product file name jul-to-slf4j High Product jar package name bridge Highest Product jar package name slf4j Highest Product Manifest build-jdk-spec 21 Low Product Manifest bundle-docurl http://www.slf4j.org Low Product Manifest Bundle-Name JUL to SLF4J bridge Medium Product Manifest bundle-symbolicname jul.to.slf4j Medium Product Manifest Implementation-Title jul-to-slf4j High Product Manifest multi-release true Low Product pom artifactid jul-to-slf4j Highest Product pom groupid org.slf4j Highest Product pom name JUL to SLF4J bridge High Product pom parent-artifactid slf4j-parent Medium Product pom url http://www.slf4j.org Medium Version file version 2.0.11 High Version Manifest Bundle-Version 2.0.11 High Version Manifest Implementation-Version 2.0.11 High Version pom version 2.0.11 Highest
log4j-api-2.22.1.jarDescription:
The Apache Log4j API License:
Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/apache/logging/log4j/log4j-api/2.22.1/log4j-api-2.22.1.jar
MD5: 27db0eb89ae965179480df00d8d1cf03
SHA1: bea6fede6328fabafd7e68363161a7ea6605abd1
SHA256: 5d7beae7ff15d8516d6517121d7f12a79a6ac180df64b5fcec55d5be21056e53
Referenced In Projects/Scopes: waffle-spring-boot-autoconfigure3:compile waffle-distro:runtime waffle-spring-boot-starter2:compile waffle-spring-boot-filter3:compile waffle-spring-boot-autoconfigure2:compile waffle-spring-boot-starter3:compile waffle-spring-boot-filter2:compile log4j-api-2.22.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-spring-boot-starter2@3.3.1-SNAPSHOT pkg:maven/org.springframework.boot/spring-boot-starter@3.2.2 pkg:maven/org.springframework.boot/spring-boot-starter-web@3.2.2 pkg:maven/org.springframework.boot/spring-boot-starter@3.2.2 pkg:maven/org.springframework.boot/spring-boot-starter@2.7.18 pkg:maven/org.springframework.boot/spring-boot-starter@2.7.18 pkg:maven/org.springframework.boot/spring-boot-starter-web@2.7.18 Evidence Type Source Name Value Confidence Vendor file name log4j-api High Vendor jar package name apache Highest Vendor jar package name log4j Highest Vendor jar package name logging Highest Vendor jar package name org Highest Vendor Manifest build-jdk-spec 17 Low Vendor Manifest bundle-activationpolicy lazy Low Vendor Manifest bundle-symbolicname org.apache.logging.log4j.api Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest multi-release true Low Vendor Manifest provide-capability osgi.service;objectClass:List="org.apache.logging.log4j.util.PropertySource";effective:=active,osgi.serviceloader;osgi.serviceloader="org.apache.logging.log4j.util.PropertySource";register:="org.apache.logging.log4j.util.EnvironmentPropertySource",osgi.serviceloader;osgi.serviceloader="org.apache.logging.log4j.util.PropertySource";register:="org.apache.logging.log4j.util.SystemPropertiesPropertySource" Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid log4j-api Highest Vendor pom artifactid log4j-api Low Vendor pom groupid org.apache.logging.log4j Highest Vendor pom name Apache Log4j API High Vendor pom parent-artifactid log4j Low Product file name log4j-api High Product jar package name apache Highest Product jar package name log4j Highest Product jar package name logging Highest Product jar package name org Highest Product jar package name util Highest Product Manifest build-jdk-spec 17 Low Product Manifest bundle-activationpolicy lazy Low Product Manifest Bundle-Name Apache Log4j API Medium Product Manifest bundle-symbolicname org.apache.logging.log4j.api Medium Product Manifest Implementation-Title Apache Log4j API High Product Manifest multi-release true Low Product Manifest provide-capability osgi.service;objectClass:List="org.apache.logging.log4j.util.PropertySource";effective:=active,osgi.serviceloader;osgi.serviceloader="org.apache.logging.log4j.util.PropertySource";register:="org.apache.logging.log4j.util.EnvironmentPropertySource",osgi.serviceloader;osgi.serviceloader="org.apache.logging.log4j.util.PropertySource";register:="org.apache.logging.log4j.util.SystemPropertiesPropertySource" Low Product Manifest specification-title Apache Log4j API Medium Product pom artifactid log4j-api Highest Product pom groupid org.apache.logging.log4j Highest Product pom name Apache Log4j API High Product pom parent-artifactid log4j Medium Version file version 2.22.1 High Version Manifest Bundle-Version 2.22.1 High Version Manifest Implementation-Version 2.22.1 High Version pom version 2.22.1 Highest
log4j-to-slf4j-2.22.1.jarDescription:
The Apache Log4j binding between Log4j 2 API and SLF4J. License:
Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/apache/logging/log4j/log4j-to-slf4j/2.22.1/log4j-to-slf4j-2.22.1.jar
MD5: 47f93f1b408eb462ca4d16b4797ed87e
SHA1: b5e67b6acac768bfec1d1d6991504f45453abcad
SHA256: 85a84842958e58dd8a89a3acf901a64b774704ce1511ece9f8eef70724884f92
Referenced In Projects/Scopes: waffle-spring-boot-autoconfigure3:compile waffle-distro:runtime waffle-spring-boot-starter2:compile waffle-spring-boot-filter3:compile waffle-spring-boot-autoconfigure2:compile waffle-spring-boot-starter3:compile waffle-spring-boot-filter2:compile log4j-to-slf4j-2.22.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.springframework.boot/spring-boot-starter-web@2.7.18 pkg:maven/org.springframework.boot/spring-boot-starter-web@3.2.2 pkg:maven/org.springframework.boot/spring-boot-starter@2.7.18 pkg:maven/org.springframework.boot/spring-boot-starter@2.7.18 pkg:maven/org.springframework.boot/spring-boot-starter@3.2.2 pkg:maven/com.github.waffle/waffle-spring-boot-starter2@3.3.1-SNAPSHOT pkg:maven/org.springframework.boot/spring-boot-starter@3.2.2 Evidence Type Source Name Value Confidence Vendor file name log4j-to-slf4j High Vendor jar package name apache Highest Vendor jar package name logging Highest Vendor jar package name slf4j Highest Vendor Manifest build-jdk-spec 17 Low Vendor Manifest bundle-activationpolicy lazy Low Vendor Manifest bundle-symbolicname org.apache.logging.log4j.to.slf4j Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest multi-release false Low Vendor Manifest provide-capability osgi.service;objectClass:List="org.apache.logging.log4j.spi.Provider";effective:=active,osgi.serviceloader;osgi.serviceloader="org.apache.logging.log4j.spi.Provider";register:="org.apache.logging.slf4j.SLF4JProvider" Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid log4j-to-slf4j Highest Vendor pom artifactid log4j-to-slf4j Low Vendor pom groupid org.apache.logging.log4j Highest Vendor pom name Apache Log4j to SLF4J Adapter High Vendor pom parent-artifactid log4j Low Product file name log4j-to-slf4j High Product jar package name apache Highest Product jar package name logging Highest Product jar package name slf4j Highest Product jar package name slf4jprovider Highest Product Manifest build-jdk-spec 17 Low Product Manifest bundle-activationpolicy lazy Low Product Manifest Bundle-Name Apache Log4j to SLF4J Adapter Medium Product Manifest bundle-symbolicname org.apache.logging.log4j.to.slf4j Medium Product Manifest Implementation-Title Apache Log4j to SLF4J Adapter High Product Manifest multi-release false Low Product Manifest provide-capability osgi.service;objectClass:List="org.apache.logging.log4j.spi.Provider";effective:=active,osgi.serviceloader;osgi.serviceloader="org.apache.logging.log4j.spi.Provider";register:="org.apache.logging.slf4j.SLF4JProvider" Low Product Manifest specification-title Apache Log4j to SLF4J Adapter Medium Product pom artifactid log4j-to-slf4j Highest Product pom groupid org.apache.logging.log4j Highest Product pom name Apache Log4j to SLF4J Adapter High Product pom parent-artifactid log4j Medium Version file version 2.22.1 High Version Manifest Bundle-Version 2.22.1 High Version Manifest Implementation-Version 2.22.1 High Version pom version 2.22.1 Highest
logback-core-1.2.12.jarDescription:
logback-core module License:
http://www.eclipse.org/legal/epl-v10.html, http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html File Path: /home/runner/.m2/repository/ch/qos/logback/logback-core/1.2.12/logback-core-1.2.12.jar
MD5: 879d60b3fa9c6617cee4e20f12f6a16e
SHA1: 1d8e51a698b138065d73baefb4f94531faa323cb
SHA256: 0cba0755fbdc1793f60dc9d1ef22337737899f4f28b485c42bcadacb73664b34
Referenced In Projects/Scopes: waffle-spring-boot-starter2:compile waffle-spring-boot-autoconfigure2:compile waffle-spring-boot-filter2:compile logback-core-1.2.12.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/ch.qos.logback/logback-classic@1.4.14 pkg:maven/org.springframework.boot/spring-boot-starter-web@2.7.18 pkg:maven/org.springframework.boot/spring-boot-starter@2.7.18 Evidence Type Source Name Value Confidence Vendor file name logback-core High Vendor jar package name ch Highest Vendor jar package name core Highest Vendor jar package name logback Highest Vendor jar package name qos Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl http://www.qos.ch Low Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.6 Low Vendor Manifest bundle-symbolicname ch.qos.logback.core Medium Vendor Manifest originally-created-by Apache Maven Bundle Plugin 5.1.4 Low Vendor pom artifactid logback-core Highest Vendor pom artifactid logback-core Low Vendor pom groupid ch.qos.logback Highest Vendor pom name Logback Core Module High Vendor pom parent-artifactid logback-parent Low Product file name logback-core High Product jar package name ch Highest Product jar package name core Highest Product jar package name logback Highest Product jar package name qos Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl http://www.qos.ch Low Product Manifest Bundle-Name Logback Core Module Medium Product Manifest bundle-requiredexecutionenvironment JavaSE-1.6 Low Product Manifest bundle-symbolicname ch.qos.logback.core Medium Product Manifest originally-created-by Apache Maven Bundle Plugin 5.1.4 Low Product pom artifactid logback-core Highest Product pom groupid ch.qos.logback Highest Product pom name Logback Core Module High Product pom parent-artifactid logback-parent Medium Version file version 1.2.12 High Version Manifest Bundle-Version 1.2.12 High Version pom version 1.2.12 Highest
Related Dependencies logback-classic-1.2.12.jarFile Path: /home/runner/.m2/repository/ch/qos/logback/logback-classic/1.2.12/logback-classic-1.2.12.jar MD5: a7ebf115c247690da5e5e64849da6f5f SHA1: d4dee19148dccb177a0736eb2027bd195341da78 SHA256: f65352bf627177e414c956a977a5851e7125e9f3a2e1a7847b2fa78182dc49fe pkg:maven/ch.qos.logback/logback-classic@1.2.12 CVE-2023-6378 suppress
A serialization vulnerability in logback receiver component part of
logback version 1.4.11 allows an attacker to mount a Denial-Of-Service
attack by sending poisoned data.
CWE-502 Deserialization of Untrusted Data
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2023-6481 suppress
A serialization vulnerability in logback receiver component part of
logback version 1.4.13,��1.3.13 and��1.2.12 allows an attacker to mount a Denial-Of-Service
attack by sending poisoned data.
NVD-CWE-noinfo
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
logback-core-1.4.14.jarDescription:
logback-core module License:
http://www.eclipse.org/legal/epl-v10.html, http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html File Path: /home/runner/.m2/repository/ch/qos/logback/logback-core/1.4.14/logback-core-1.4.14.jar
MD5: 7367629d307fa3d0b82d76b9d3f1d09a
SHA1: 4d3c2248219ac0effeb380ed4c5280a80bf395e8
SHA256: f8c2f05f42530b1852739507c1792f0080167850ed8f396444c6913d6617a293
Referenced In Projects/Scopes: waffle-mixed:compile waffle-spring-boot-autoconfigure3:compile waffle-mixed-post:compile waffle-spring-boot-starter3:compile waffle-demo-parent:compile waffle-spring-form:compile waffle-form:compile waffle-distro:runtime waffle-negotiate:compile waffle-spring-boot-filter3:compile waffle-spring-filter:compile waffle-filter:compile waffle-jaas:compile logback-core-1.4.14.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/ch.qos.logback/logback-classic@1.4.14 pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT pkg:maven/ch.qos.logback/logback-classic@1.4.14 pkg:maven/ch.qos.logback/logback-classic@1.4.14 pkg:maven/org.springframework.boot/spring-boot-starter@3.2.2 pkg:maven/ch.qos.logback/logback-classic@1.4.14 pkg:maven/ch.qos.logback/logback-classic@1.4.14 pkg:maven/ch.qos.logback/logback-classic@1.4.14 pkg:maven/ch.qos.logback/logback-classic@1.4.14 pkg:maven/ch.qos.logback/logback-classic@1.4.14 pkg:maven/ch.qos.logback/logback-classic@1.4.14 pkg:maven/ch.qos.logback/logback-classic@1.4.14 pkg:maven/org.springframework.boot/spring-boot-starter-web@3.2.2 Evidence Type Source Name Value Confidence Vendor file name logback-core High Vendor jar package name ch Highest Vendor jar package name core Highest Vendor jar package name logback Highest Vendor jar package name qos Highest Vendor Manifest build-jdk-spec 21 Low Vendor Manifest bundle-docurl http://www.qos.ch Low Vendor Manifest bundle-symbolicname ch.qos.logback.core Medium Vendor Manifest Implementation-Vendor QOS.ch High Vendor Manifest originally-created-by Apache Maven Bundle Plugin 5.1.8 Low Vendor Manifest specification-vendor QOS.ch Low Vendor pom artifactid logback-core Highest Vendor pom artifactid logback-core Low Vendor pom groupid ch.qos.logback Highest Vendor pom name Logback Core Module High Vendor pom parent-artifactid logback-parent Low Product file name logback-core High Product jar package name ch Highest Product jar package name core Highest Product jar package name logback Highest Product jar package name qos Highest Product Manifest build-jdk-spec 21 Low Product Manifest bundle-docurl http://www.qos.ch Low Product Manifest Bundle-Name Logback Core Module Medium Product Manifest bundle-symbolicname ch.qos.logback.core Medium Product Manifest Implementation-Title Logback Core Module High Product Manifest originally-created-by Apache Maven Bundle Plugin 5.1.8 Low Product Manifest specification-title Logback Core Module Medium Product pom artifactid logback-core Highest Product pom groupid ch.qos.logback Highest Product pom name Logback Core Module High Product pom parent-artifactid logback-parent Medium Version file version 1.4.14 High Version Manifest Bundle-Version 1.4.14 High Version Manifest Implementation-Version 1.4.14 High Version pom version 1.4.14 Highest
Related Dependencies logback-classic-1.4.14.jarFile Path: /home/runner/.m2/repository/ch/qos/logback/logback-classic/1.4.14/logback-classic-1.4.14.jar MD5: 204b49a7fa041b2b2c455193079dc1d2 SHA1: d98bc162275134cdf1518774da4a2a17ef6fb94d SHA256: 8e832f7263ca606ae36dabb2d8b24c2f43d82cf634e81dad9d1640fa6ee3c596 pkg:maven/ch.qos.logback/logback-classic@1.4.14 micrometer-commons-1.12.2.jarDescription:
Module containing common code License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/io/micrometer/micrometer-commons/1.12.2/micrometer-commons-1.12.2.jar
MD5: dc4744dd14f640a3e96181831a97cfa2
SHA1: b44127d8ec7b3ef11a01912d1e6474e1167f3929
SHA256: feea1eb8302809b7a2d142de1d0de67ef329e02d01c7e5c680a76d7fc3e9309b
Referenced In Projects/Scopes: waffle-spring-boot-autoconfigure3:compile waffle-spring-boot-filter3:compile waffle-spring-security6:compile waffle-spring-boot-starter3:compile micrometer-commons-1.12.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.springframework.boot/spring-boot-starter-web@3.2.2 pkg:maven/com.github.waffle/waffle-spring-security6@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-security6@3.3.1-SNAPSHOT pkg:maven/org.springframework/spring-context@6.1.3 Evidence Type Source Name Value Confidence Vendor file name micrometer-commons High Vendor jar package name common Highest Vendor jar package name io Highest Vendor jar package name micrometer Highest Vendor Manifest automatic-module-name micrometer.commons Medium Vendor Manifest branch HEAD Low Vendor Manifest build-date 2024-01-09_11:24:53 Low Vendor Manifest build-date-utc 2024-01-09T11:24:53.920577327Z Low Vendor Manifest build-host c81bfa96b7c8 Low Vendor Manifest build-job deploy Low Vendor Manifest build-number 28414 Low Vendor Manifest build-timezone Etc/UTC Low Vendor Manifest build-url https://circleci.com/gh/micrometer-metrics/micrometer/28414 Low Vendor Manifest built-os Linux Low Vendor Manifest built-status release Low Vendor Manifest bundle-symbolicname micrometer-commons Medium Vendor Manifest change 42ad04e Low Vendor Manifest full-change 42ad04e9861b62207b762dcc16dc808bf1c7e94a Low Vendor Manifest module-email tludwig@vmware.com Low Vendor Manifest module-origin micrometer-metrics/micrometer.git Low Vendor Manifest module-owner tludwig@vmware.com Low Vendor Manifest module-source /micrometer-commons Low Vendor pom artifactid micrometer-commons Highest Vendor pom artifactid micrometer-commons Low Vendor pom developer email tludwig@vmware.com Low Vendor pom developer id shakuzen Medium Vendor pom developer name Tommy Ludwig Medium Vendor pom groupid io.micrometer Highest Vendor pom name micrometer-commons High Vendor pom url micrometer-metrics/micrometer Highest Product file name micrometer-commons High Product jar package name common Highest Product jar package name io Highest Product jar package name micrometer Highest Product Manifest automatic-module-name micrometer.commons Medium Product Manifest branch HEAD Low Product Manifest build-date 2024-01-09_11:24:53 Low Product Manifest build-date-utc 2024-01-09T11:24:53.920577327Z Low Product Manifest build-host c81bfa96b7c8 Low Product Manifest build-job deploy Low Product Manifest build-number 28414 Low Product Manifest build-timezone Etc/UTC Low Product Manifest build-url https://circleci.com/gh/micrometer-metrics/micrometer/28414 Low Product Manifest built-os Linux Low Product Manifest built-status release Low Product Manifest Bundle-Name micrometer-commons Medium Product Manifest bundle-symbolicname micrometer-commons Medium Product Manifest change 42ad04e Low Product Manifest full-change 42ad04e9861b62207b762dcc16dc808bf1c7e94a Low Product Manifest Implementation-Title io.micrometer#micrometer-commons;1.12.2 High Product Manifest module-email tludwig@vmware.com Low Product Manifest module-origin micrometer-metrics/micrometer.git Low Product Manifest module-owner tludwig@vmware.com Low Product Manifest module-source /micrometer-commons Low Product pom artifactid micrometer-commons Highest Product pom developer email tludwig@vmware.com Low Product pom developer id shakuzen Low Product pom developer name Tommy Ludwig Low Product pom groupid io.micrometer Highest Product pom name micrometer-commons High Product pom url micrometer-metrics/micrometer High Version file version 1.12.2 High Version Manifest Bundle-Version 1.12.2 High Version Manifest Implementation-Version 1.12.2 High Version pom version 1.12.2 Highest
micrometer-observation-1.12.2.jarDescription:
Module containing Observation related code License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/io/micrometer/micrometer-observation/1.12.2/micrometer-observation-1.12.2.jar
MD5: 0cdc84d8f1e64ac7a8f9dee9b100f756
SHA1: e082b05a2527fc24ea6fbe4c4b7ae34653aace81
SHA256: 1b7765023228e62570b68f69b2e4b3b3bcc390832c71f50726ee336b34f96941
Referenced In Projects/Scopes: waffle-spring-boot-autoconfigure3:compile waffle-spring-boot-filter3:compile waffle-spring-security6:compile waffle-spring-boot-starter3:compile micrometer-observation-1.12.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.springframework.boot/spring-boot-starter-web@3.2.2 pkg:maven/com.github.waffle/waffle-spring-security6@3.3.1-SNAPSHOT pkg:maven/org.springframework/spring-context@6.1.3 pkg:maven/com.github.waffle/waffle-spring-security6@3.3.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name micrometer-observation High Vendor jar package name io Highest Vendor jar package name micrometer Highest Vendor jar package name observation Highest Vendor Manifest automatic-module-name micrometer.observation Medium Vendor Manifest branch HEAD Low Vendor Manifest build-date 2024-01-09_11:24:54 Low Vendor Manifest build-date-utc 2024-01-09T11:24:54.200523577Z Low Vendor Manifest build-host c81bfa96b7c8 Low Vendor Manifest build-job deploy Low Vendor Manifest build-number 28414 Low Vendor Manifest build-timezone Etc/UTC Low Vendor Manifest build-url https://circleci.com/gh/micrometer-metrics/micrometer/28414 Low Vendor Manifest built-os Linux Low Vendor Manifest built-status release Low Vendor Manifest bundle-symbolicname micrometer-observation Medium Vendor Manifest change 42ad04e Low Vendor Manifest full-change 42ad04e9861b62207b762dcc16dc808bf1c7e94a Low Vendor Manifest module-email tludwig@vmware.com Low Vendor Manifest module-origin micrometer-metrics/micrometer.git Low Vendor Manifest module-owner tludwig@vmware.com Low Vendor Manifest module-source /micrometer-observation Low Vendor pom artifactid micrometer-observation Highest Vendor pom artifactid micrometer-observation Low Vendor pom developer email tludwig@vmware.com Low Vendor pom developer id shakuzen Medium Vendor pom developer name Tommy Ludwig Medium Vendor pom groupid io.micrometer Highest Vendor pom name micrometer-observation High Vendor pom url micrometer-metrics/micrometer Highest Product file name micrometer-observation High Product jar package name io Highest Product jar package name micrometer Highest Product jar package name observation Highest Product Manifest automatic-module-name micrometer.observation Medium Product Manifest branch HEAD Low Product Manifest build-date 2024-01-09_11:24:54 Low Product Manifest build-date-utc 2024-01-09T11:24:54.200523577Z Low Product Manifest build-host c81bfa96b7c8 Low Product Manifest build-job deploy Low Product Manifest build-number 28414 Low Product Manifest build-timezone Etc/UTC Low Product Manifest build-url https://circleci.com/gh/micrometer-metrics/micrometer/28414 Low Product Manifest built-os Linux Low Product Manifest built-status release Low Product Manifest Bundle-Name micrometer-observation Medium Product Manifest bundle-symbolicname micrometer-observation Medium Product Manifest change 42ad04e Low Product Manifest full-change 42ad04e9861b62207b762dcc16dc808bf1c7e94a Low Product Manifest Implementation-Title io.micrometer#micrometer-observation;1.12.2 High Product Manifest module-email tludwig@vmware.com Low Product Manifest module-origin micrometer-metrics/micrometer.git Low Product Manifest module-owner tludwig@vmware.com Low Product Manifest module-source /micrometer-observation Low Product pom artifactid micrometer-observation Highest Product pom developer email tludwig@vmware.com Low Product pom developer id shakuzen Low Product pom developer name Tommy Ludwig Low Product pom groupid io.micrometer Highest Product pom name micrometer-observation High Product pom url micrometer-metrics/micrometer High Version file version 1.12.2 High Version Manifest Bundle-Version 1.12.2 High Version Manifest Implementation-Version 1.12.2 High Version pom version 1.12.2 Highest
mockito-core-5.9.0.jarDescription:
Mockito mock objects library core API and implementation License:
MIT: https://opensource.org/licenses/MIT File Path: /home/runner/.m2/repository/org/mockito/mockito-core/5.9.0/mockito-core-5.9.0.jar
MD5: 76dd8b99e2bd95bfb35d33a3b000043f
SHA1: faa88b96db3aeb96a93e83dec7491345bfbfc414
SHA256: bbad9185ed734965fac7e367f0e51596f69531e51d8b2cbcec1048dd6fb41f2c
Referenced In Projects/Scopes: waffle-tests:compile waffle-tests-jakarta:compile mockito-core-5.9.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-tests@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-tests-jakarta@3.3.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name mockito-core High Vendor jar package name and Highest Vendor jar package name api Highest Vendor jar package name mockito Highest Vendor Manifest automatic-module-name org.mockito Medium Vendor Manifest bundle-symbolicname org.mockito.mockito-core Medium Vendor pom artifactid mockito-core Highest Vendor pom artifactid mockito-core Low Vendor pom developer id bric3 Medium Vendor pom developer id mockitoguy Medium Vendor pom developer id raphw Medium Vendor pom developer id TimvdLippe Medium Vendor pom developer name Brice Dutheil Medium Vendor pom developer name Rafael Winterhalter Medium Vendor pom developer name Szczepan Faber Medium Vendor pom developer name Tim van der Lippe Medium Vendor pom groupid org.mockito Highest Vendor pom name mockito-core High Vendor pom url mockito/mockito Highest Product file name mockito-core High Product jar package name and Highest Product jar package name api Highest Product jar package name mockito Highest Product Manifest automatic-module-name org.mockito Medium Product Manifest Bundle-Name Mockito Mock Library for Java. Core bundle requires Byte Buddy and Objenesis. Medium Product Manifest bundle-symbolicname org.mockito.mockito-core Medium Product pom artifactid mockito-core Highest Product pom developer id bric3 Low Product pom developer id mockitoguy Low Product pom developer id raphw Low Product pom developer id TimvdLippe Low Product pom developer name Brice Dutheil Low Product pom developer name Rafael Winterhalter Low Product pom developer name Szczepan Faber Low Product pom developer name Tim van der Lippe Low Product pom groupid org.mockito Highest Product pom name mockito-core High Product pom url mockito/mockito High Version file version 5.9.0 High Version Manifest Bundle-Version 5.9.0 High Version pom version 5.9.0 Highest
objenesis-3.3.jarDescription:
A library for instantiating Java objects License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/objenesis/objenesis/3.3/objenesis-3.3.jar
MD5: ab0e0b2ab81affdd7f38bcc60fd85571
SHA1: 1049c09f1de4331e8193e579448d0916d75b7631
SHA256: 02dfd0b0439a5591e35b708ed2f5474eb0948f53abf74637e959b8e4ef69bfeb
Referenced In Projects/Scopes: waffle-tests:compile waffle-tests-jakarta:compile objenesis-3.3.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-tests-jakarta@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-tests@3.3.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name objenesis High Vendor jar package name objenesis Highest Vendor Manifest automatic-module-name org.objenesis Medium Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-symbolicname org.objenesis Medium Vendor Manifest Implementation-Vendor Joe Walnes, Henri Tremblay, Leonardo Mesquita High Vendor Manifest specification-vendor Joe Walnes, Henri Tremblay, Leonardo Mesquita Low Vendor pom artifactid objenesis Highest Vendor pom artifactid objenesis Low Vendor pom groupid org.objenesis Highest Vendor pom name Objenesis High Vendor pom parent-artifactid objenesis-parent Low Product file name objenesis High Product jar package name objenesis Highest Product Manifest automatic-module-name org.objenesis Medium Product Manifest build-jdk-spec 1.8 Low Product Manifest Bundle-Name Objenesis Medium Product Manifest bundle-symbolicname org.objenesis Medium Product Manifest Implementation-Title Objenesis High Product Manifest specification-title Objenesis Medium Product pom artifactid objenesis Highest Product pom groupid org.objenesis Highest Product pom name Objenesis High Product pom parent-artifactid objenesis-parent Medium Version file version 3.3 High Version Manifest Implementation-Version 3.3 High Version pom version 3.3 Highest
shiro-core-1.13.0.jarDescription:
Apache Shiro is a powerful and flexible open-source security framework that cleanly handles authentication, authorization, enterprise session management, single sign-on and cryptography services. License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/apache/shiro/shiro-core/1.13.0/shiro-core-1.13.0.jar
MD5: a733972e7a57893a222839e497102c76
SHA1: 7e542e3d614b197bf10005e98e19f9f19cb943e7
SHA256: ddb03b68cdc08792ec2a18f0ae6edb298ce94073a87862cb44b5db3fa40643ff
Referenced In Project/Scope: waffle-shiro:provided
shiro-core-1.13.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.shiro/shiro-web@1.13.0
Evidence Type Source Name Value Confidence Vendor file name shiro-core High Vendor jar package name apache Highest Vendor jar package name shiro Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://www.apache.org/ Low Vendor Manifest bundle-symbolicname org.apache.shiro.core Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid shiro-core Highest Vendor pom artifactid shiro-core Low Vendor pom groupid org.apache.shiro Highest Vendor pom name Apache Shiro :: Core High Vendor pom parent-artifactid shiro-root Low Product file name shiro-core High Product jar package name apache Highest Product jar package name session Highest Product jar package name shiro Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://www.apache.org/ Low Product Manifest Bundle-Name Apache Shiro :: Core Medium Product Manifest bundle-symbolicname org.apache.shiro.core Medium Product Manifest Implementation-Title Apache Shiro :: Core High Product Manifest specification-title Apache Shiro :: Core Medium Product pom artifactid shiro-core Highest Product pom groupid org.apache.shiro Highest Product pom name Apache Shiro :: Core High Product pom parent-artifactid shiro-root Medium Version file version 1.13.0 High Version Manifest Bundle-Version 1.13.0 High Version Manifest Implementation-Version 1.13.0 High Version pom version 1.13.0 Highest
Related Dependencies shiro-cache-1.13.0.jarFile Path: /home/runner/.m2/repository/org/apache/shiro/shiro-cache/1.13.0/shiro-cache-1.13.0.jar MD5: 805253e79f6614862daef0ecc44233aa SHA1: c411b286cbde76aa7dedbe5de8d438594dece977 SHA256: e409e36056060224dc1b0ad42959cd51c61ac3dbbb0558be26c39e387f85c5a3 pkg:maven/org.apache.shiro/shiro-cache@1.13.0 shiro-config-core-1.13.0.jarFile Path: /home/runner/.m2/repository/org/apache/shiro/shiro-config-core/1.13.0/shiro-config-core-1.13.0.jar MD5: 9cc49bc2d6dbd7e9c5dd376b82281fc3 SHA1: 436c450e532f78d490531c78605f3a65bc655d31 SHA256: 2f5cd02a5cf72a9d3e20417ad4b56ca692acfd1579f8c9bafe939e71e02888eb pkg:maven/org.apache.shiro/shiro-config-core@1.13.0 shiro-config-ogdl-1.13.0.jarFile Path: /home/runner/.m2/repository/org/apache/shiro/shiro-config-ogdl/1.13.0/shiro-config-ogdl-1.13.0.jar MD5: 7472e9cafceed2460662725dc098769e SHA1: 67e51dac44eb9cc232e2ba350a70e5d5f24493bf SHA256: f067d8775ebde81e55f78603c0d5b3a0d1ce493726d4eff325b7a848c7bbf6e3 pkg:maven/org.apache.shiro/shiro-config-ogdl@1.13.0 shiro-crypto-cipher-1.13.0.jarFile Path: /home/runner/.m2/repository/org/apache/shiro/shiro-crypto-cipher/1.13.0/shiro-crypto-cipher-1.13.0.jar MD5: 13ce62f9f481672d41fad2f1d54b861c SHA1: b5c359ef02e138c1631218c1a8419b1597a1e96f SHA256: aa30868a10055d5fe1e0d8dd8915f174532fabf6d00c810076da94a82deae75f pkg:maven/org.apache.shiro/shiro-crypto-cipher@1.13.0 shiro-crypto-core-1.13.0.jarFile Path: /home/runner/.m2/repository/org/apache/shiro/shiro-crypto-core/1.13.0/shiro-crypto-core-1.13.0.jar MD5: fcfbcb1cd55a6e62d014829066159220 SHA1: 66d95fdcdce43743dadfb1d83d062a8d5eee2f7e SHA256: f9a103b92c4261258b9ae9cfcd83af43c2500309b0689ec149a45565cf44342d pkg:maven/org.apache.shiro/shiro-crypto-core@1.13.0 shiro-crypto-hash-1.13.0.jarFile Path: /home/runner/.m2/repository/org/apache/shiro/shiro-crypto-hash/1.13.0/shiro-crypto-hash-1.13.0.jar MD5: a37b3458b1748ebf8739988e2f4c2f3e SHA1: 44afb22d9c1817b3ae23cb2fe3b45e75ae454272 SHA256: c06c9f2e37fb8838842853e47035fab0c064c3b144948e60bdcf96e694f286a3 pkg:maven/org.apache.shiro/shiro-crypto-hash@1.13.0 shiro-event-1.13.0.jarFile Path: /home/runner/.m2/repository/org/apache/shiro/shiro-event/1.13.0/shiro-event-1.13.0.jar MD5: 30ddb0ee4c62c72918ed39f200aeab37 SHA1: 0b881592f98c99fffd54b309db455b89690f8e99 SHA256: a4c6a9304ec16c948eec258fab577c13b446d1e82b6f49c41d40974b7fb191e9 pkg:maven/org.apache.shiro/shiro-event@1.13.0 shiro-lang-1.13.0.jarFile Path: /home/runner/.m2/repository/org/apache/shiro/shiro-lang/1.13.0/shiro-lang-1.13.0.jar MD5: 63fbaf2e3a2dd627b04d6f91331c9bc7 SHA1: 19a4aefea5f09d3271c2ca7bd943af1e71d7b53c SHA256: 8c3eb1676191db97311218d5cccead1cee0f0ecdb3467f1ac9e0c4449378c97d pkg:maven/org.apache.shiro/shiro-lang@1.13.0 shiro-web-1.13.0.jarDescription:
Apache Shiro is a powerful and flexible open-source security framework that cleanly handles authentication, authorization, enterprise session management, single sign-on and cryptography services. License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/apache/shiro/shiro-web/1.13.0/shiro-web-1.13.0.jar
MD5: 43b4223707b70e4762fb1c4e8c07008d
SHA1: 99a09dc19f37487639b5bab978953bc38963d6ea
SHA256: 8f2c2f7d4c141cd28a00edb30b3b62479fcdb2f70eeef710289b9c6138e4fc33
Referenced In Project/Scope: waffle-shiro:provided
shiro-web-1.13.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-shiro@3.3.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name shiro-web High Vendor jar package name apache Highest Vendor jar package name shiro Highest Vendor jar package name web Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://www.apache.org/ Low Vendor Manifest bundle-symbolicname org.apache.shiro.web Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid shiro-web Highest Vendor pom artifactid shiro-web Low Vendor pom groupid org.apache.shiro Highest Vendor pom name Apache Shiro :: Web High Vendor pom parent-artifactid shiro-root Low Product file name shiro-web High Product jar package name apache Highest Product jar package name session Highest Product jar package name shiro Highest Product jar package name web Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://www.apache.org/ Low Product Manifest Bundle-Name Apache Shiro :: Web Medium Product Manifest bundle-symbolicname org.apache.shiro.web Medium Product Manifest Implementation-Title Apache Shiro :: Web High Product Manifest specification-title Apache Shiro :: Web Medium Product pom artifactid shiro-web Highest Product pom groupid org.apache.shiro Highest Product pom name Apache Shiro :: Web High Product pom parent-artifactid shiro-root Medium Version file version 1.13.0 High Version Manifest Bundle-Version 1.13.0 High Version Manifest Implementation-Version 1.13.0 High Version pom version 1.13.0 Highest
slf4j-api-1.7.36.jarDescription:
The slf4j API File Path: /home/runner/.m2/repository/org/slf4j/slf4j-api/1.7.36/slf4j-api-1.7.36.jarMD5: 872da51f5de7f3923da4de871d57fd85SHA1: 6c62681a2f655b49963a5983b8b0950a6120ae14SHA256: d3ef575e3e4979678dc01bf1dcce51021493b4d11fb7f1be8ad982877c16a1c0Referenced In Projects/Scopes:
waffle-spring-boot-starter2:compile waffle-spring-boot-autoconfigure2:compile waffle-spring-boot-filter2:compile slf4j-api-1.7.36.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.slf4j/slf4j-simple@1.7.36 pkg:maven/org.slf4j/slf4j-simple@1.7.36 pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name slf4j-api High Vendor jar package name slf4j Highest Vendor Manifest automatic-module-name org.slf4j Medium Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor Manifest bundle-symbolicname slf4j.api Medium Vendor pom artifactid slf4j-api Highest Vendor pom artifactid slf4j-api Low Vendor pom groupid org.slf4j Highest Vendor pom name SLF4J API Module High Vendor pom parent-artifactid slf4j-parent Low Vendor pom url http://www.slf4j.org Highest Product file name slf4j-api High Product jar package name slf4j Highest Product Manifest automatic-module-name org.slf4j Medium Product Manifest build-jdk-spec 1.8 Low Product Manifest Bundle-Name slf4j-api Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product Manifest bundle-symbolicname slf4j.api Medium Product Manifest Implementation-Title slf4j-api High Product pom artifactid slf4j-api Highest Product pom groupid org.slf4j Highest Product pom name SLF4J API Module High Product pom parent-artifactid slf4j-parent Medium Product pom url http://www.slf4j.org Medium Version file version 1.7.36 High Version Manifest Bundle-Version 1.7.36 High Version Manifest Implementation-Version 1.7.36 High Version pom version 1.7.36 Highest
slf4j-api-2.0.11.jarDescription:
The slf4j API License:
http://www.opensource.org/licenses/mit-license.php File Path: /home/runner/.m2/repository/org/slf4j/slf4j-api/2.0.11/slf4j-api-2.0.11.jar
MD5: 90c46a2d4613049843c804867321e6a7
SHA1: ad96c3f8cf895e696dd35c2bc8e8ebe710be9e6d
SHA256: ce0e71d673acb9036bb55d0244b261cf033f8e4c1245f14f931dfb1937dd4c95
Referenced In Projects/Scopes: waffle-mixed:compile waffle-tests:compile waffle-jna:compile waffle-spring-boot-autoconfigure3:compile waffle-tomcat85:compile waffle-jna-jakarta:compile waffle-spring-security5:compile waffle-mixed-post:compile waffle-spring-security6:compile waffle-spring-boot-starter3:compile waffle-tomcat10:compile waffle-shiro:compile waffle-form:compile waffle-distro:compile waffle-tests-jakarta:compile waffle-negotiate:compile waffle-spring-boot-filter3:compile waffle-jaas:compile waffle-jetty:compile waffle-tomcat9:compile slf4j-api-2.0.11.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna-jakarta@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna-jakarta@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna-jakarta@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna-jakarta@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT pkg:maven/org.slf4j/slf4j-simple@2.0.11 pkg:maven/com.github.waffle/waffle-jna-jakarta@3.3.1-SNAPSHOT pkg:maven/org.slf4j/slf4j-simple@2.0.11 pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name slf4j-api High Vendor jar package name slf4j Highest Vendor Manifest build-jdk-spec 21 Low Vendor Manifest bundle-docurl http://www.slf4j.org Low Vendor Manifest bundle-symbolicname slf4j.api Medium Vendor Manifest multi-release true Low Vendor pom artifactid slf4j-api Highest Vendor pom artifactid slf4j-api Low Vendor pom groupid org.slf4j Highest Vendor pom name SLF4J API Module High Vendor pom parent-artifactid slf4j-parent Low Vendor pom url http://www.slf4j.org Highest Product file name slf4j-api High Product jar package name slf4j Highest Product Manifest build-jdk-spec 21 Low Product Manifest bundle-docurl http://www.slf4j.org Low Product Manifest Bundle-Name SLF4J API Module Medium Product Manifest bundle-symbolicname slf4j.api Medium Product Manifest Implementation-Title slf4j-api High Product Manifest multi-release true Low Product pom artifactid slf4j-api Highest Product pom groupid org.slf4j Highest Product pom name SLF4J API Module High Product pom parent-artifactid slf4j-parent Medium Product pom url http://www.slf4j.org Medium Version file version 2.0.11 High Version Manifest Bundle-Version 2.0.11 High Version Manifest Implementation-Version 2.0.11 High Version pom version 2.0.11 Highest
slf4j-api-2.0.7.jarDescription:
The slf4j API License:
http://www.opensource.org/licenses/mit-license.php File Path: /home/runner/.m2/repository/org/slf4j/slf4j-api/2.0.7/slf4j-api-2.0.7.jar
MD5: 403dffa46cdd2e3c82da19df4f394a4c
SHA1: 41eb7184ea9d556f23e18b5cb99cad1f8581fc00
SHA256: 5d6298b93a1905c32cda6478808ac14c2d4a47e91535e53c41f7feeb85d946f4
Referenced In Projects/Scopes: waffle-spring-form:compile waffle-spring-filter:compile waffle-filter:compile waffle-demo-parent:compile slf4j-api-2.0.7.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/ch.qos.logback/logback-classic@1.4.14 pkg:maven/ch.qos.logback/logback-classic@1.4.14 pkg:maven/ch.qos.logback/logback-classic@1.4.14 pkg:maven/ch.qos.logback/logback-classic@1.4.14 Evidence Type Source Name Value Confidence Vendor file name slf4j-api High Vendor jar package name slf4j Highest Vendor Manifest build-jdk-spec 19 Low Vendor Manifest bundle-docurl http://www.slf4j.org Low Vendor Manifest bundle-symbolicname slf4j.api Medium Vendor Manifest multi-release true Low Vendor Manifest originally-created-by Apache Maven Bundle Plugin 5.1.8 Low Vendor pom artifactid slf4j-api Highest Vendor pom artifactid slf4j-api Low Vendor pom groupid org.slf4j Highest Vendor pom name SLF4J API Module High Vendor pom parent-artifactid slf4j-parent Low Vendor pom url http://www.slf4j.org Highest Product file name slf4j-api High Product jar package name slf4j Highest Product Manifest build-jdk-spec 19 Low Product Manifest bundle-docurl http://www.slf4j.org Low Product Manifest Bundle-Name slf4j-api Medium Product Manifest bundle-symbolicname slf4j.api Medium Product Manifest Implementation-Title slf4j-api High Product Manifest multi-release true Low Product Manifest originally-created-by Apache Maven Bundle Plugin 5.1.8 Low Product pom artifactid slf4j-api Highest Product pom groupid org.slf4j Highest Product pom name SLF4J API Module High Product pom parent-artifactid slf4j-parent Medium Product pom url http://www.slf4j.org Medium Version file version 2.0.7 High Version Manifest Bundle-Version 2.0.7 High Version Manifest Implementation-Version 2.0.7 High Version pom version 2.0.7 Highest
slf4j-simple-2.0.11.jarDescription:
SLF4J Simple Provider License:
http://www.opensource.org/licenses/mit-license.php File Path: /home/runner/.m2/repository/org/slf4j/slf4j-simple/2.0.11/slf4j-simple-2.0.11.jar
MD5: 81b8dd6091b8617476556be6f4f9ab0b
SHA1: 267ded84c4845c513677e4f7ca6f03240be9ce3f
SHA256: bb3c7e2e144dcdf022fe17775286a3623e69d75b7f52d9b62451871d0c82a513
Referenced In Projects/Scopes: waffle-jna:compile waffle-jna-jakarta:compile slf4j-simple-2.0.11.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-jna-jakarta@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name slf4j-simple High Vendor jar package name simple Highest Vendor jar package name slf4j Highest Vendor Manifest build-jdk-spec 21 Low Vendor Manifest bundle-docurl http://www.slf4j.org Low Vendor Manifest bundle-symbolicname slf4j.simple Medium Vendor Manifest multi-release true Low Vendor Manifest originally-created-by Apache Maven Bundle Plugin 5.1.9 Low Vendor Manifest provide-capability osgi.service;objectClass:List="org.slf4j.spi.SLF4JServiceProvider";type=simple;effective:=active,osgi.serviceloader;osgi.serviceloader="org.slf4j.spi.SLF4JServiceProvider";register:="org.slf4j.simple.SimpleServiceProvider";type=simple Low Vendor pom artifactid slf4j-simple Highest Vendor pom artifactid slf4j-simple Low Vendor pom groupid org.slf4j Highest Vendor pom name SLF4J Simple Provider High Vendor pom parent-artifactid slf4j-parent Low Vendor pom url http://www.slf4j.org Highest Product file name slf4j-simple High Product jar package name 9 Highest Product jar package name simple Highest Product jar package name simpleserviceprovider Highest Product jar package name slf4j Highest Product Manifest build-jdk-spec 21 Low Product Manifest bundle-docurl http://www.slf4j.org Low Product Manifest Bundle-Name SLF4J Simple Provider Medium Product Manifest bundle-symbolicname slf4j.simple Medium Product Manifest Implementation-Title slf4j-simple High Product Manifest multi-release true Low Product Manifest originally-created-by Apache Maven Bundle Plugin 5.1.9 Low Product Manifest provide-capability osgi.service;objectClass:List="org.slf4j.spi.SLF4JServiceProvider";type=simple;effective:=active,osgi.serviceloader;osgi.serviceloader="org.slf4j.spi.SLF4JServiceProvider";register:="org.slf4j.simple.SimpleServiceProvider";type=simple Low Product pom artifactid slf4j-simple Highest Product pom groupid org.slf4j Highest Product pom name SLF4J Simple Provider High Product pom parent-artifactid slf4j-parent Medium Product pom url http://www.slf4j.org Medium Version file version 2.0.11 High Version Manifest Bundle-Version 2.0.11 High Version Manifest Implementation-Version 2.0.11 High Version pom version 2.0.11 Highest
snakeyaml-1.30.jarDescription:
YAML 1.1 parser and emitter for Java License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar
MD5: ba063b8ef3a8bfd591a1b56451166b14
SHA1: 8fde7fe2586328ac3c68db92045e1c8759125000
SHA256: f43a4e40a946b8cdfd0321bc1c9a839bc3f119c57e4ca84fb87c367f51c8b2b3
Referenced In Projects/Scopes: waffle-distro:runtime waffle-spring-boot-starter2:compile waffle-spring-boot-autoconfigure2:compile waffle-spring-boot-filter2:compile snakeyaml-1.30.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.springframework.boot/spring-boot-starter-web@2.7.18 pkg:maven/org.springframework.boot/spring-boot-starter@2.7.18 pkg:maven/com.github.waffle/waffle-spring-boot-starter2@3.3.1-SNAPSHOT pkg:maven/org.springframework.boot/spring-boot-starter@2.7.18 Evidence Type Source Name Value Confidence Vendor file name snakeyaml High Vendor jar package name emitter Highest Vendor jar package name parser Highest Vendor jar package name snakeyaml Highest Vendor jar package name yaml Highest Vendor Manifest automatic-module-name org.yaml.snakeyaml Medium Vendor Manifest bundle-symbolicname org.yaml.snakeyaml Medium Vendor pom artifactid snakeyaml Highest Vendor pom artifactid snakeyaml Low Vendor pom developer email alexander.maslov@gmail.com Low Vendor pom developer email jordanangold@gmail.com Low Vendor pom developer email public.somov@gmail.com Low Vendor pom developer id asomov Medium Vendor pom developer id Jordan Medium Vendor pom developer id maslovalex Medium Vendor pom developer name Alexander Maslov Medium Vendor pom developer name Andrey Somov Medium Vendor pom developer name Jordan Angold Medium Vendor pom groupid org.yaml Highest Vendor pom name SnakeYAML High Vendor pom url https://bitbucket.org/snakeyaml/snakeyaml Highest Product file name snakeyaml High Product jar package name emitter Highest Product jar package name parser Highest Product jar package name snakeyaml Highest Product jar package name yaml Highest Product Manifest automatic-module-name org.yaml.snakeyaml Medium Product Manifest Bundle-Name SnakeYAML Medium Product Manifest bundle-symbolicname org.yaml.snakeyaml Medium Product pom artifactid snakeyaml Highest Product pom developer email alexander.maslov@gmail.com Low Product pom developer email jordanangold@gmail.com Low Product pom developer email public.somov@gmail.com Low Product pom developer id asomov Low Product pom developer id Jordan Low Product pom developer id maslovalex Low Product pom developer name Alexander Maslov Low Product pom developer name Andrey Somov Low Product pom developer name Jordan Angold Low Product pom groupid org.yaml Highest Product pom name SnakeYAML High Product pom url https://bitbucket.org/snakeyaml/snakeyaml Medium Version file version 1.30 High Version pom version 1.30 Highest
CVE-2022-1471 suppress
SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization.��Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization. We recommend upgrading to version 2.0 and beyond.
CWE-502 Deserialization of Untrusted Data, CWE-20 Improper Input Validation
CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions:
CVE-2022-25857 suppress
The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections. CWE-776 Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions:
CVE-2022-38749 suppress
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. CWE-787 Out-of-bounds Write, CWE-121 Stack-based Buffer Overflow
CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions:
CVE-2022-38751 suppress
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. CWE-787 Out-of-bounds Write, CWE-121 Stack-based Buffer Overflow
CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions:
CVE-2022-38752 suppress
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow. CWE-787 Out-of-bounds Write, CWE-121 Stack-based Buffer Overflow
CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions:
CVE-2022-41854 suppress
Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack. CWE-787 Out-of-bounds Write, CWE-121 Stack-based Buffer Overflow
CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions:
CVE-2022-38750 suppress
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. CWE-787 Out-of-bounds Write, CWE-121 Stack-based Buffer Overflow
CVSSv3:
Base Score: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A References:
Vulnerable Software & Versions:
snakeyaml-2.2.jarDescription:
YAML 1.1 parser and emitter for Java License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/yaml/snakeyaml/2.2/snakeyaml-2.2.jar
MD5: d78aacf5f2de5b52f1a327470efd1ad7
SHA1: 3af797a25458550a16bf89acc8e4ab2b7f2bfce0
SHA256: 1467931448a0817696ae2805b7b8b20bfb082652bf9c4efaed528930dc49389b
Referenced In Projects/Scopes: waffle-spring-boot-autoconfigure3:compile waffle-spring-boot-filter3:compile waffle-spring-boot-starter3:compile snakeyaml-2.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.springframework.boot/spring-boot-starter@3.2.2 pkg:maven/org.springframework.boot/spring-boot-starter-web@3.2.2 pkg:maven/org.springframework.boot/spring-boot-starter@3.2.2 Evidence Type Source Name Value Confidence Vendor file name snakeyaml High Vendor jar package name emitter Highest Vendor jar package name org Highest Vendor jar package name parser Highest Vendor jar package name snakeyaml Highest Vendor jar package name yaml Highest Vendor Manifest build-jdk-spec 11 Low Vendor Manifest bundle-symbolicname org.yaml.snakeyaml Medium Vendor Manifest multi-release true Low Vendor pom artifactid snakeyaml Highest Vendor pom artifactid snakeyaml Low Vendor pom developer email alexander.maslov@gmail.com Low Vendor pom developer email public.somov@gmail.com Low Vendor pom developer id asomov Medium Vendor pom developer id maslovalex Medium Vendor pom developer name Alexander Maslov Medium Vendor pom developer name Andrey Somov Medium Vendor pom groupid org.yaml Highest Vendor pom name SnakeYAML High Vendor pom url https://bitbucket.org/snakeyaml/snakeyaml Highest Product file name snakeyaml High Product jar package name emitter Highest Product jar package name org Highest Product jar package name parser Highest Product jar package name snakeyaml Highest Product jar package name yaml Highest Product Manifest build-jdk-spec 11 Low Product Manifest Bundle-Name SnakeYAML Medium Product Manifest bundle-symbolicname org.yaml.snakeyaml Medium Product Manifest multi-release true Low Product pom artifactid snakeyaml Highest Product pom developer email alexander.maslov@gmail.com Low Product pom developer email public.somov@gmail.com Low Product pom developer id asomov Low Product pom developer id maslovalex Low Product pom developer name Alexander Maslov Low Product pom developer name Andrey Somov Low Product pom groupid org.yaml Highest Product pom name SnakeYAML High Product pom url https://bitbucket.org/snakeyaml/snakeyaml Medium Version file version 2.2 High Version pom version 2.2 Highest
spotbugs-annotations-4.8.3.jarDescription:
Annotations the SpotBugs tool supports License:
GNU LESSER GENERAL PUBLIC LICENSE, Version 2.1: https://www.gnu.org/licenses/old-licenses/lgpl-2.1.en.html File Path: /home/runner/.m2/repository/com/github/spotbugs/spotbugs-annotations/4.8.3/spotbugs-annotations-4.8.3.jar
MD5: cd5917b77643c3a7ba5420aea78f940c
SHA1: 05d2dc4ca5b632976371155252499819aea372ed
SHA256: e5d4f60be8e57595766ba7f1d4535dc46aebf98dae05e16372a4d4120d3ebb6b
Referenced In Projects/Scopes: waffle-jaas:provided waffle-jna:provided waffle-spring-boot-filter3:provided waffle-mixed-post:provided waffle-jna-jakarta:provided waffle-spring-security5:provided waffle-bom:provided waffle-shiro:provided waffle-spring-boot2:provided waffle-spring-boot-autoconfigure2:provided waffle-negotiate:provided waffle-distro:provided waffle-tests:provided waffle-spring-boot-filter2:provided waffle-tomcat85:provided waffle-form:provided waffle-spring-boot3:provided waffle:provided waffle-spring-filter:provided waffle-tests-jakarta:provided waffle-spring-form:provided waffle-spring-security6:provided waffle-tomcat9:provided waffle-demo-parent:provided waffle-spring-boot-autoconfigure3:provided waffle-spring-boot-starter2:provided waffle-spring-boot-starter3:provided waffle-jetty:provided waffle-tomcat10:provided waffle-filter:provided waffle-mixed:provided spotbugs-annotations-4.8.3.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-spring-boot-starter2@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-security6@3.3.1-SNAPSHOT pkg:maven/com.github.waffle.demo/waffle-spring-boot-filter2@3.3.1-SNAPSHOT pkg:maven/com.github.waffle.demo/waffle-mixed-post@3.3.1-SNAPSHOT pkg:maven/com.github.waffle.demo/waffle-spring-boot-filter3@3.3.1-SNAPSHOT pkg:maven/com.github.waffle.demo/waffle-spring-form@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-boot3@3.3.1-SNAPSHOT pkg:maven/com.github.waffle.demo/waffle-mixed@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-shiro@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna-jakarta@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-boot-autoconfigure2@3.3.1-SNAPSHOT pkg:maven/com.github.waffle.demo/waffle-jaas@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-boot-autoconfigure3@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jetty@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-boot-starter3@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-tests-jakarta@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT pkg:maven/com.github.waffle.demo/waffle-negotiate@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-tests@3.3.1-SNAPSHOT pkg:maven/com.github.waffle.demo/waffle-spring-filter@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-tomcat85@3.3.1-SNAPSHOT pkg:maven/com.github.waffle.demo/waffle-form@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-tomcat9@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-boot2@3.3.1-SNAPSHOT pkg:maven/com.github.waffle.demo/waffle-filter@3.3.1-SNAPSHOT pkg:maven/com.github.waffle.demo/waffle-demo-parent@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-bom@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-tomcat10@3.3.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name spotbugs-annotations High Vendor Manifest automatic-module-name com.github.spotbugs.annotations Medium Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor Manifest bundle-symbolicname spotbugs-annotations Medium Vendor pom artifactid spotbugs-annotations Highest Vendor pom artifactid spotbugs-annotations Low Vendor pom developer email andreas.sewe@codetrails.com Low Vendor pom developer email dbrosius@mebigfatguy.com Low Vendor pom developer email loskutov@gmx.de Low Vendor pom developer email skypencil@gmail.com Low Vendor pom developer id henrik242 Medium Vendor pom developer id iloveeclipse Medium Vendor pom developer id jsotuyod Medium Vendor pom developer id KengoTODA Medium Vendor pom developer id mebigfatguy Medium Vendor pom developer id sewe Medium Vendor pom developer id ThrawnCA Medium Vendor pom developer name Andreas Sewe Medium Vendor pom developer name Andrey Loskutov Medium Vendor pom developer name Dave Brosius Medium Vendor pom developer name Juan Martín Sotuyo Dodero Medium Vendor pom developer name Kengo TODA Medium Vendor pom groupid com.github.spotbugs Highest Vendor pom name SpotBugs Annotations High Vendor pom url https://spotbugs.github.io/ Highest Product file name spotbugs-annotations High Product Manifest automatic-module-name com.github.spotbugs.annotations Medium Product Manifest Bundle-Name spotbugs-annotations Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product Manifest bundle-symbolicname spotbugs-annotations Medium Product pom artifactid spotbugs-annotations Highest Product pom developer email andreas.sewe@codetrails.com Low Product pom developer email dbrosius@mebigfatguy.com Low Product pom developer email loskutov@gmx.de Low Product pom developer email skypencil@gmail.com Low Product pom developer id henrik242 Low Product pom developer id iloveeclipse Low Product pom developer id jsotuyod Low Product pom developer id KengoTODA Low Product pom developer id mebigfatguy Low Product pom developer id sewe Low Product pom developer id ThrawnCA Low Product pom developer name Andreas Sewe Low Product pom developer name Andrey Loskutov Low Product pom developer name Dave Brosius Low Product pom developer name Juan Martín Sotuyo Dodero Low Product pom developer name Kengo TODA Low Product pom groupid com.github.spotbugs Highest Product pom name SpotBugs Annotations High Product pom url https://spotbugs.github.io/ Medium Version file version 4.8.3 High Version Manifest Bundle-Version 4.8.3 High Version pom version 4.8.3 Highest
spring-boot-2.7.18.jarDescription:
Spring Boot License:
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0 File Path: /home/runner/.m2/repository/org/springframework/boot/spring-boot/2.7.18/spring-boot-2.7.18.jar
MD5: 0941c83c25204150f8bd73ae66c63fd1
SHA1: f6dbdd8da7c2bded63dff9b1f48d01a4923f20a0
SHA256: 530f4e0fdfeb3a0e2b3a369d15cdea38fbdc1696f8b030c35a6ad65c27524950
Referenced In Projects/Scopes: waffle-distro:runtime waffle-spring-boot-starter2:compile waffle-spring-boot-autoconfigure2:compile waffle-spring-boot-filter2:compile spring-boot-2.7.18.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-spring-boot-autoconfigure2@3.3.1-SNAPSHOT pkg:maven/org.springframework.boot/spring-boot-starter@2.7.18 pkg:maven/com.github.waffle/waffle-spring-boot-autoconfigure2@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-boot-autoconfigure2@3.3.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name spring-boot High Vendor hint analyzer vendor pivotal software Highest Vendor hint analyzer vendor SpringSource Highest Vendor hint analyzer vendor vmware Highest Vendor jar package name boot Highest Vendor jar package name springframework Highest Vendor Manifest automatic-module-name spring.boot Medium Vendor Manifest build-jdk-spec 1.8 Low Vendor pom artifactid spring-boot Highest Vendor pom artifactid spring-boot Low Vendor pom developer email ask@spring.io Low Vendor pom developer name Spring Medium Vendor pom developer org VMware, Inc. Medium Vendor pom developer org URL https://www.spring.io Medium Vendor pom groupid org.springframework.boot Highest Vendor pom name spring-boot High Vendor pom organization name VMware, Inc. High Vendor pom organization url https://spring.io Medium Vendor pom url https://spring.io/projects/spring-boot Highest Product file name spring-boot High Product jar package name boot Highest Product jar package name springframework Highest Product Manifest automatic-module-name spring.boot Medium Product Manifest build-jdk-spec 1.8 Low Product Manifest Implementation-Title Spring Boot High Product pom artifactid spring-boot Highest Product pom developer email ask@spring.io Low Product pom developer name Spring Low Product pom developer org VMware, Inc. Low Product pom developer org URL https://www.spring.io Low Product pom groupid org.springframework.boot Highest Product pom name spring-boot High Product pom organization name VMware, Inc. Low Product pom organization url https://spring.io Low Product pom url https://spring.io/projects/spring-boot Medium Version file version 2.7.18 High Version Manifest Implementation-Version 2.7.18 High Version pom version 2.7.18 Highest
Related Dependencies spring-boot-autoconfigure-2.7.18.jarFile Path: /home/runner/.m2/repository/org/springframework/boot/spring-boot-autoconfigure/2.7.18/spring-boot-autoconfigure-2.7.18.jar MD5: e127e4ed0469cc5442d3c8e5e42e7988 SHA1: 9cf147c6ca274c75b32556acdcba5a1de081ebcd SHA256: 1c4e0aadcb662b6149b536a2cf288003ffefe81a6cc69846e9f14976529a1b08 pkg:maven/org.springframework.boot/spring-boot-autoconfigure@2.7.18 spring-boot-configuration-processor-2.7.18.jarFile Path: /home/runner/.m2/repository/org/springframework/boot/spring-boot-configuration-processor/2.7.18/spring-boot-configuration-processor-2.7.18.jar MD5: 46f23c11c49166214396335e16ae3f45 SHA1: 899128018a7962b3e4be665910bae65dff08d1b0 SHA256: 79dc3480e94fe708b817097ee2745f8b1c19d650ce6ddd153c2f2ab068674dea pkg:maven/org.springframework.boot/spring-boot-configuration-processor@2.7.18 spring-boot-starter-2.7.18.jarFile Path: /home/runner/.m2/repository/org/springframework/boot/spring-boot-starter/2.7.18/spring-boot-starter-2.7.18.jar MD5: 03fc89fcd959a332de7cdc22e6bdc60d SHA1: e56b75105f9ace6df154fd47eeeeadc2f5791e56 SHA256: f67a5d913defa764295b6a0d8d13573624e437eb34e97d88c0e76bf181656071 pkg:maven/org.springframework.boot/spring-boot-starter@2.7.18 spring-boot-starter-json-2.7.18.jarFile Path: /home/runner/.m2/repository/org/springframework/boot/spring-boot-starter-json/2.7.18/spring-boot-starter-json-2.7.18.jar MD5: 4227a48b68fbd7fb37dd079ad3217226 SHA1: b6d9ed5cae0c1929a9e561bf4799a3dc93a10db1 SHA256: 084f592d522dfa36790fe08d4d0b9cebe6683638889834ed2f885f3c42fecbf6 pkg:maven/org.springframework.boot/spring-boot-starter-json@2.7.18 spring-boot-starter-logging-2.7.18.jarFile Path: /home/runner/.m2/repository/org/springframework/boot/spring-boot-starter-logging/2.7.18/spring-boot-starter-logging-2.7.18.jar MD5: b812106a59ea242570f1c55d71982495 SHA1: 19f7c255ba5255116f58c3bbaf52c7b88ea6af3e SHA256: 202c0894dbfdeff7be005597ff98288133a62fe7f5593be4938400482d19dcb7 pkg:maven/org.springframework.boot/spring-boot-starter-logging@2.7.18 spring-boot-starter-security-2.7.18.jarFile Path: /home/runner/.m2/repository/org/springframework/boot/spring-boot-starter-security/2.7.18/spring-boot-starter-security-2.7.18.jar MD5: f0461734fe73c8f250012d453cb4fb12 SHA1: 5d29a712fd0a5d7b77e348b660e2c0885b215bc4 SHA256: 075ee2311819e7076278f3f6321bca21447ee52db62ca000caf17132b37c986a pkg:maven/org.springframework.boot/spring-boot-starter-security@2.7.18 spring-boot-starter-tomcat-2.7.18.jarFile Path: /home/runner/.m2/repository/org/springframework/boot/spring-boot-starter-tomcat/2.7.18/spring-boot-starter-tomcat-2.7.18.jar MD5: c2080ad5020671b7884b9564006bd09c SHA1: c56e50e006448e75a8bde595dbc754ba294389af SHA256: e4a44478556749137f28001c35d897efff31f39161606589cc355dcbf797c6f0 pkg:maven/org.springframework.boot/spring-boot-starter-tomcat@2.7.18 spring-boot-3.2.2.jarDescription:
Spring Boot License:
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0 File Path: /home/runner/.m2/repository/org/springframework/boot/spring-boot/3.2.2/spring-boot-3.2.2.jar
MD5: 109bf8f30456d8147e458e66099b3dd1
SHA1: 09f274d1bd822c4c57bb5b37ecae2380b980f567
SHA256: c3019200b71836bc5a0607b10000a1b8542bc9e53006f97a0d79cc10754e5792
Referenced In Projects/Scopes: waffle-spring-boot-autoconfigure3:compile waffle-spring-boot-filter3:compile waffle-spring-boot-starter3:compile spring-boot-3.2.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-spring-boot-autoconfigure3@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-boot-autoconfigure3@3.3.1-SNAPSHOT pkg:maven/org.springframework.boot/spring-boot-starter@3.2.2 Evidence Type Source Name Value Confidence Vendor file name spring-boot High Vendor hint analyzer vendor pivotal software Highest Vendor hint analyzer vendor SpringSource Highest Vendor hint analyzer vendor vmware Highest Vendor jar package name boot Highest Vendor jar package name springframework Highest Vendor Manifest automatic-module-name spring.boot Medium Vendor Manifest build-jdk-spec 17 Low Vendor pom artifactid spring-boot Highest Vendor pom artifactid spring-boot Low Vendor pom developer email ask@spring.io Low Vendor pom developer name Spring Medium Vendor pom developer org VMware, Inc. Medium Vendor pom developer org URL https://www.spring.io Medium Vendor pom groupid org.springframework.boot Highest Vendor pom name spring-boot High Vendor pom organization name VMware, Inc. High Vendor pom organization url https://spring.io Medium Vendor pom url https://spring.io/projects/spring-boot Highest Product file name spring-boot High Product jar package name boot Highest Product jar package name springframework Highest Product Manifest automatic-module-name spring.boot Medium Product Manifest build-jdk-spec 17 Low Product Manifest Implementation-Title Spring Boot High Product pom artifactid spring-boot Highest Product pom developer email ask@spring.io Low Product pom developer name Spring Low Product pom developer org VMware, Inc. Low Product pom developer org URL https://www.spring.io Low Product pom groupid org.springframework.boot Highest Product pom name spring-boot High Product pom organization name VMware, Inc. Low Product pom organization url https://spring.io Low Product pom url https://spring.io/projects/spring-boot Medium Version file version 3.2.2 High Version Manifest Implementation-Version 3.2.2 High Version pom version 3.2.2 Highest
Related Dependencies spring-boot-autoconfigure-3.2.2.jarFile Path: /home/runner/.m2/repository/org/springframework/boot/spring-boot-autoconfigure/3.2.2/spring-boot-autoconfigure-3.2.2.jar MD5: 0048bc9b4be03d13bae3434137789060 SHA1: 5c407409f8d260a4bc6e173d16fc3b36e6adec21 SHA256: 78edfd15067b8eb6e23ee3ff7a610f3836849335db6cc51a6da2f9c12f564d30 pkg:maven/org.springframework.boot/spring-boot-autoconfigure@3.2.2 spring-boot-configuration-processor-3.2.2.jarFile Path: /home/runner/.m2/repository/org/springframework/boot/spring-boot-configuration-processor/3.2.2/spring-boot-configuration-processor-3.2.2.jar MD5: 8c367bef5c7cc4657d00f9c545190fce SHA1: cdf33f985035494cb3ea6f9e5d6589ba9fb58e91 SHA256: 896f570c5ff833f7aaa101d032016c395cfa3a72f66005fd6886c0f2159096b2 pkg:maven/org.springframework.boot/spring-boot-configuration-processor@3.2.2 spring-boot-starter-3.2.2.jarFile Path: /home/runner/.m2/repository/org/springframework/boot/spring-boot-starter/3.2.2/spring-boot-starter-3.2.2.jar MD5: 83b394eaeea9596494d485951c0aaee3 SHA1: dc04714f9295297f92fa8099eb51edc54dbe67db SHA256: 2e7b5a2f475f52f4cd5055a2ae6bae7a9c15e198b43f7e56a4b56df3941a837c pkg:maven/org.springframework.boot/spring-boot-starter@3.2.2 spring-boot-starter-json-3.2.2.jarFile Path: /home/runner/.m2/repository/org/springframework/boot/spring-boot-starter-json/3.2.2/spring-boot-starter-json-3.2.2.jar MD5: 9e387631386aeb60a238d4b2fda1c115 SHA1: 328f5ce9e10d5f90520e72a3ff8a2586b9e46b37 SHA256: a1a7672b83f280f069acee6e55101e10ebb943b929943c544993a2f799f9766a pkg:maven/org.springframework.boot/spring-boot-starter-json@3.2.2 spring-boot-starter-logging-3.2.2.jarFile Path: /home/runner/.m2/repository/org/springframework/boot/spring-boot-starter-logging/3.2.2/spring-boot-starter-logging-3.2.2.jar MD5: ebf21015ff9dbae5248b10ff71d84bf7 SHA1: 3347c3b1cec6cf2d5fa186d1e49d2f378a6b7cae SHA256: 04c8b031e033078d39260794f0286251188cdfd423deff3fafabc9ad0b8c2cdd pkg:maven/org.springframework.boot/spring-boot-starter-logging@3.2.2 spring-boot-starter-security-3.2.2.jarFile Path: /home/runner/.m2/repository/org/springframework/boot/spring-boot-starter-security/3.2.2/spring-boot-starter-security-3.2.2.jar MD5: f2a931f6117cca9a20d2f69cb63c410d SHA1: 79676d6fe68878890e26be10ecab126f472d7c0f SHA256: 843270547aa6aa87208237b6e2f0530eeb4c1332f9592bfb648c27f267ca1917 pkg:maven/org.springframework.boot/spring-boot-starter-security@3.2.2 spring-boot-starter-tomcat-3.2.2.jarFile Path: /home/runner/.m2/repository/org/springframework/boot/spring-boot-starter-tomcat/3.2.2/spring-boot-starter-tomcat-3.2.2.jar MD5: ba2334a6eac6a99fc7722983c1d221eb SHA1: e22a0ba37910731b382f3fe47ad36aed20fad24d SHA256: 23698c3aa0eec1ad50716b5c55711cbb97e1cf25b2b2777316a41448fa8a1889 pkg:maven/org.springframework.boot/spring-boot-starter-tomcat@3.2.2 spring-boot-starter-web-2.7.18.jarDescription:
Starter for building web, including RESTful, applications using Spring MVC. Uses Tomcat as the default embedded container License:
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0 File Path: /home/runner/.m2/repository/org/springframework/boot/spring-boot-starter-web/2.7.18/spring-boot-starter-web-2.7.18.jar
MD5: e0bfe77aa7415f3b86d70d41cf425ccd
SHA1: 0dd62ea85098187b4604e78dc15a7ff87dba173d
SHA256: a74fab5f826b600e3c3f4cd7028c5c982b0bf1b849673629cbb758ae790a4c08
Referenced In Projects/Scopes: waffle-distro:runtime waffle-spring-boot-autoconfigure2:compile waffle-spring-boot-filter2:compile spring-boot-starter-web-2.7.18.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-spring-boot-autoconfigure2@3.3.1-SNAPSHOT pkg:maven/com.github.waffle.demo/waffle-spring-boot-filter2@3.3.1-SNAPSHOT pkg:maven/com.github.waffle.demo/waffle-spring-boot-filter2@3.3.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name spring-boot-starter-web High Vendor hint analyzer vendor pivotal software Highest Vendor hint analyzer vendor SpringSource Highest Vendor hint analyzer vendor vmware Highest Vendor Manifest automatic-module-name spring.boot.starter.web Medium Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest spring-boot-jar-type dependencies-starter Low Vendor pom artifactid spring-boot-starter-web Highest Vendor pom artifactid spring-boot-starter-web Low Vendor pom developer email ask@spring.io Low Vendor pom developer name Spring Medium Vendor pom developer org VMware, Inc. Medium Vendor pom developer org URL https://www.spring.io Medium Vendor pom groupid org.springframework.boot Highest Vendor pom name spring-boot-starter-web High Vendor pom organization name VMware, Inc. High Vendor pom organization url https://spring.io Medium Vendor pom url https://spring.io/projects/spring-boot Highest Product file name spring-boot-starter-web High Product Manifest automatic-module-name spring.boot.starter.web Medium Product Manifest build-jdk-spec 1.8 Low Product Manifest Implementation-Title Starter for building web, including RESTful, applications using Spring MVC. Uses Tomcat as the default embedded container High Product Manifest spring-boot-jar-type dependencies-starter Low Product pom artifactid spring-boot-starter-web Highest Product pom developer email ask@spring.io Low Product pom developer name Spring Low Product pom developer org VMware, Inc. Low Product pom developer org URL https://www.spring.io Low Product pom groupid org.springframework.boot Highest Product pom name spring-boot-starter-web High Product pom organization name VMware, Inc. Low Product pom organization url https://spring.io Low Product pom url https://spring.io/projects/spring-boot Medium Version file version 2.7.18 High Version Manifest Implementation-Version 2.7.18 High Version pom version 2.7.18 Highest
spring-boot-starter-web-3.2.2.jarDescription:
Starter for building web, including RESTful, applications using Spring MVC. Uses Tomcat as the default embedded container License:
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0 File Path: /home/runner/.m2/repository/org/springframework/boot/spring-boot-starter-web/3.2.2/spring-boot-starter-web-3.2.2.jar
MD5: 8141b43d6918f4ed2d3fc17310f9b3a9
SHA1: b89d213d9f49c3e6247b2503ac7d94b0ac8260f6
SHA256: e3a1bb3427484eec50ff5f050a9d183b39fa5140fb5f2f6da2f8d971fd43a03b
Referenced In Projects/Scopes: waffle-spring-boot-autoconfigure3:compile waffle-spring-boot-filter3:compile spring-boot-starter-web-3.2.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle.demo/waffle-spring-boot-filter3@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-boot-autoconfigure3@3.3.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name spring-boot-starter-web High Vendor hint analyzer vendor pivotal software Highest Vendor hint analyzer vendor SpringSource Highest Vendor hint analyzer vendor vmware Highest Vendor Manifest automatic-module-name spring.boot.starter.web Medium Vendor Manifest build-jdk-spec 17 Low Vendor Manifest spring-boot-jar-type dependencies-starter Low Vendor pom artifactid spring-boot-starter-web Highest Vendor pom artifactid spring-boot-starter-web Low Vendor pom developer email ask@spring.io Low Vendor pom developer name Spring Medium Vendor pom developer org VMware, Inc. Medium Vendor pom developer org URL https://www.spring.io Medium Vendor pom groupid org.springframework.boot Highest Vendor pom name spring-boot-starter-web High Vendor pom organization name VMware, Inc. High Vendor pom organization url https://spring.io Medium Vendor pom url https://spring.io/projects/spring-boot Highest Product file name spring-boot-starter-web High Product Manifest automatic-module-name spring.boot.starter.web Medium Product Manifest build-jdk-spec 17 Low Product Manifest Implementation-Title Starter for building web, including RESTful, applications using Spring MVC. Uses Tomcat as the default embedded container High Product Manifest spring-boot-jar-type dependencies-starter Low Product pom artifactid spring-boot-starter-web Highest Product pom developer email ask@spring.io Low Product pom developer name Spring Low Product pom developer org VMware, Inc. Low Product pom developer org URL https://www.spring.io Low Product pom groupid org.springframework.boot Highest Product pom name spring-boot-starter-web High Product pom organization name VMware, Inc. Low Product pom organization url https://spring.io Low Product pom url https://spring.io/projects/spring-boot Medium Version file version 3.2.2 High Version Manifest Implementation-Version 3.2.2 High Version pom version 3.2.2 Highest
spring-core-5.3.31.jarDescription:
Spring Core License:
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0 File Path: /home/runner/.m2/repository/org/springframework/spring-core/5.3.31/spring-core-5.3.31.jar
MD5: a9ef5a29eaa89fe909a0c4ed870d90a1
SHA1: 368e76f732a3c331b970f69cafec1525d27b34d3
SHA256: 7013ed3da15a8d4be797f5c310f9aa1b196b97f2313bc41e60ef3f5627224fe9
Referenced In Projects/Scopes: waffle-spring-form:compile waffle-distro:runtime waffle-spring-security5:compile waffle-spring-boot-starter2:compile waffle-spring-boot-autoconfigure2:compile waffle-spring-filter:compile waffle-spring-boot-filter2:compile spring-core-5.3.31.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT pkg:maven/org.springframework.boot/spring-boot-starter@2.7.18 pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name spring-core High Vendor hint analyzer vendor pivotal software Highest Vendor hint analyzer vendor SpringSource Highest Vendor hint analyzer vendor vmware Highest Vendor jar package name core Highest Vendor jar package name io Highest Vendor jar package name springframework Highest Vendor Manifest automatic-module-name spring.core Medium Vendor pom artifactid spring-core Highest Vendor pom artifactid spring-core Low Vendor pom developer email jhoeller@pivotal.io Low Vendor pom developer id jhoeller Medium Vendor pom developer name Juergen Hoeller Medium Vendor pom groupid org.springframework Highest Vendor pom name Spring Core High Vendor pom organization name Spring IO High Vendor pom organization url https://spring.io/projects/spring-framework Medium Vendor pom url spring-projects/spring-framework Highest Product file name spring-core High Product hint analyzer product springsource_spring_framework Highest Product jar package name core Highest Product jar package name io Highest Product jar package name springframework Highest Product Manifest automatic-module-name spring.core Medium Product Manifest Implementation-Title spring-core High Product pom artifactid spring-core Highest Product pom developer email jhoeller@pivotal.io Low Product pom developer id jhoeller Low Product pom developer name Juergen Hoeller Low Product pom groupid org.springframework Highest Product pom name Spring Core High Product pom organization name Spring IO Low Product pom organization url https://spring.io/projects/spring-framework Low Product pom url spring-projects/spring-framework High Version file version 5.3.31 High Version Manifest Implementation-Version 5.3.31 High Version pom version 5.3.31 Highest
Related Dependencies spring-aop-5.3.31.jarFile Path: /home/runner/.m2/repository/org/springframework/spring-aop/5.3.31/spring-aop-5.3.31.jar MD5: 48143a3242d23f66736e34cf1b5ad632 SHA1: 3be929dbdb5f4516919ad09a3d3720d779bb65d9 SHA256: 3f0c666f317abaa845fc3a24fba219b1f469716bf309cccd755eecb8fee20430 pkg:maven/org.springframework/spring-aop@5.3.31 spring-beans-5.3.31.jarFile Path: /home/runner/.m2/repository/org/springframework/spring-beans/5.3.31/spring-beans-5.3.31.jar MD5: b5fe5c018f96edf76b7e92b34668fa44 SHA1: d27258849071b3b268ecc388eca35bbfcc586448 SHA256: a8d6d99003d0a28049cba4273afbcfc64e1107ee3c33f67935853e9711544aa7 pkg:maven/org.springframework/spring-beans@5.3.31 spring-context-5.3.31.jarFile Path: /home/runner/.m2/repository/org/springframework/spring-context/5.3.31/spring-context-5.3.31.jar MD5: 6aa19e7e6a87b4ac8b649057315b1dd1 SHA1: a2d6e76507f037ad835e8c2288dfedf28981999f SHA256: 38def055d1e22b5514b1cb19cef4474e5c1b0d2127c483e7d014bde87c4a4cf3 pkg:maven/org.springframework/spring-context@5.3.31 spring-expression-5.3.31.jarFile Path: /home/runner/.m2/repository/org/springframework/spring-expression/5.3.31/spring-expression-5.3.31.jar MD5: 9e309bb1a738acbd0ac9c9fc58931fd3 SHA1: 55637af1b186d1008890980c2876c5fc83599756 SHA256: e027f122b8a4e3030339068220bed02d1c9d397eb5897f1e33ba2f63b22591ac pkg:maven/org.springframework/spring-expression@5.3.31 spring-jcl-5.3.31.jarFile Path: /home/runner/.m2/repository/org/springframework/spring-jcl/5.3.31/spring-jcl-5.3.31.jar MD5: 4d281617e07553792218e37c47b8bd8c SHA1: e7ab9ee590a195415dd6b898440d776b4c8db78c SHA256: eee0df6a25a9c56d228ea86272546aa5a0656caf2f14e7b375417b066abbc0db pkg:maven/org.springframework/spring-jcl@5.3.31 spring-core-6.1.3.jarDescription:
Spring Core License:
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0 File Path: /home/runner/.m2/repository/org/springframework/spring-core/6.1.3/spring-core-6.1.3.jar
MD5: e7b5c956c8e58730ba7617978ac515d3
SHA1: a002e96e780954cc3ac4cd70fd3bb16accdc47ed
SHA256: f4448994a1eb4892b805020e7952aa96a8e3f101b7093a632635d2b0bab887eb
Referenced In Projects/Scopes: waffle-spring-boot-autoconfigure3:compile waffle-spring-boot-filter3:compile waffle-spring-security6:compile waffle-spring-boot-starter3:compile spring-core-6.1.3.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-spring-security6@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-security6@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-security6@3.3.1-SNAPSHOT pkg:maven/org.springframework.boot/spring-boot-starter@3.2.2 Evidence Type Source Name Value Confidence Vendor file name spring-core High Vendor hint analyzer vendor pivotal software Highest Vendor hint analyzer vendor SpringSource Highest Vendor hint analyzer vendor vmware Highest Vendor jar package name core Highest Vendor jar package name io Highest Vendor jar package name org Highest Vendor jar package name springframework Highest Vendor Manifest automatic-module-name spring.core Medium Vendor Manifest multi-release true Low Vendor pom artifactid spring-core Highest Vendor pom artifactid spring-core Low Vendor pom developer email jhoeller@pivotal.io Low Vendor pom developer id jhoeller Medium Vendor pom developer name Juergen Hoeller Medium Vendor pom groupid org.springframework Highest Vendor pom name Spring Core High Vendor pom organization name Spring IO High Vendor pom organization url https://spring.io/projects/spring-framework Medium Vendor pom url spring-projects/spring-framework Highest Product file name spring-core High Product hint analyzer product springsource_spring_framework Highest Product jar package name core Highest Product jar package name io Highest Product jar package name org Highest Product jar package name springframework Highest Product Manifest automatic-module-name spring.core Medium Product Manifest Implementation-Title spring-core High Product Manifest multi-release true Low Product pom artifactid spring-core Highest Product pom developer email jhoeller@pivotal.io Low Product pom developer id jhoeller Low Product pom developer name Juergen Hoeller Low Product pom groupid org.springframework Highest Product pom name Spring Core High Product pom organization name Spring IO Low Product pom organization url https://spring.io/projects/spring-framework Low Product pom url spring-projects/spring-framework High Version file version 6.1.3 High Version Manifest Implementation-Version 6.1.3 High Version pom version 6.1.3 Highest
Related Dependencies spring-aop-6.1.3.jarFile Path: /home/runner/.m2/repository/org/springframework/spring-aop/6.1.3/spring-aop-6.1.3.jar MD5: eb18b6e7bb86e33ae3466288c0165a77 SHA1: 4d9bd4bd9b8bedf9ef151b45c79766b336117b9a SHA256: dcf70db1323fd05f85c553db5955e840874e14dbb610b0498a6d2032fcab5f51 pkg:maven/org.springframework/spring-aop@6.1.3 spring-beans-6.1.3.jarFile Path: /home/runner/.m2/repository/org/springframework/spring-beans/6.1.3/spring-beans-6.1.3.jar MD5: e3d3205aa2364d58537151ff0e1be03e SHA1: c2df4210e796d3a27efc1f22621aa4e2c6cd985f SHA256: aa02cae7dbceb343bafb70f2a5b0140048b6ab6975afa9f9b7d777728901c91c pkg:maven/org.springframework/spring-beans@6.1.3 spring-context-6.1.3.jarFile Path: /home/runner/.m2/repository/org/springframework/spring-context/6.1.3/spring-context-6.1.3.jar MD5: e6e91b217f43b6055e3bfade221ea980 SHA1: 0c63f038933701058fd7578460c66dbe2d424915 SHA256: 48801f87034b107f66a199d946cf1f2d5c32b39d5345ca4f4bb26ac60159839e pkg:maven/org.springframework/spring-context@6.1.3 spring-expression-6.1.3.jarFile Path: /home/runner/.m2/repository/org/springframework/spring-expression/6.1.3/spring-expression-6.1.3.jar MD5: d53fccef6b40473cd5031523a5a59545 SHA1: 07c35fc3d7525a024fdde8a5d7597a6a8a4e59d7 SHA256: b5c64baaa7ac00daed97c0c1ef97e36669b29b6c3b20614d596b392f6953a0d9 pkg:maven/org.springframework/spring-expression@6.1.3 spring-jcl-6.1.3.jarFile Path: /home/runner/.m2/repository/org/springframework/spring-jcl/6.1.3/spring-jcl-6.1.3.jar MD5: 4a86c97f80ad09e1a7d6ff36528e4a21 SHA1: a715e091ee86243ee94534a03f3c26b4e48de31e SHA256: 9697ce9af92e2534754b37c2b78ca665e6951eb49e3894f33ddad29a046be642 pkg:maven/org.springframework/spring-jcl@6.1.3 spring-security-core-5.8.9.jarDescription:
Spring Security License:
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0 File Path: /home/runner/.m2/repository/org/springframework/security/spring-security-core/5.8.9/spring-security-core-5.8.9.jar
MD5: e1305efeecf85494a57af55a4381c94b
SHA1: c9e12dfc323b313cf1c75d89af65d408debce306
SHA256: 28af3791e44421b944053a4b17678b60f69bce2ed4cf1e502f86e3d5fb563f4f
Referenced In Projects/Scopes: waffle-spring-form:compile waffle-distro:runtime waffle-spring-security5:compile waffle-spring-boot-starter2:compile waffle-spring-boot-autoconfigure2:compile waffle-spring-filter:compile waffle-spring-boot-filter2:compile spring-security-core-5.8.9.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-boot-starter2@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name spring-security-core High Vendor hint analyzer vendor pivotal software Highest Vendor hint analyzer vendor SpringSource Highest Vendor hint analyzer vendor vmware Highest Vendor jar package name core Highest Vendor jar package name security Highest Vendor jar package name springframework Highest Vendor Manifest automatic-module-name spring.security.core Medium Vendor pom artifactid spring-security-core Highest Vendor pom artifactid spring-security-core Low Vendor pom developer email info@pivotal.io Low Vendor pom developer name Pivotal Medium Vendor pom developer org Pivotal Software, Inc. Medium Vendor pom developer org URL https://www.spring.io Medium Vendor pom groupid org.springframework.security Highest Vendor pom name spring-security-core High Vendor pom organization name Pivotal Software, Inc. High Vendor pom organization url https://spring.io Medium Vendor pom url https://spring.io/projects/spring-security Highest Product file name spring-security-core High Product jar package name core Highest Product jar package name security Highest Product jar package name springframework Highest Product Manifest automatic-module-name spring.security.core Medium Product Manifest Implementation-Title spring-security-core High Product pom artifactid spring-security-core Highest Product pom developer email info@pivotal.io Low Product pom developer name Pivotal Low Product pom developer org Pivotal Software, Inc. Low Product pom developer org URL https://www.spring.io Low Product pom groupid org.springframework.security Highest Product pom name spring-security-core High Product pom organization name Pivotal Software, Inc. Low Product pom organization url https://spring.io Low Product pom url https://spring.io/projects/spring-security Medium Version file version 5.8.9 High Version Manifest Implementation-Version 5.8.9 High Version pom version 5.8.9 Highest
Related Dependencies spring-security-config-5.8.9.jarFile Path: /home/runner/.m2/repository/org/springframework/security/spring-security-config/5.8.9/spring-security-config-5.8.9.jar MD5: 37027d16a5d71b625109bb828a9f4e61 SHA1: 16f14a8eb4fa6087cf2ac04e6176e1a91e983402 SHA256: 46a8716522ecefddc3a73610e775e841f0a032fd61161cd953677a2c2b55bf41 pkg:maven/org.springframework.security/spring-security-config@5.8.9 spring-security-core-6.2.1.jarDescription:
Spring Security License:
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0 File Path: /home/runner/.m2/repository/org/springframework/security/spring-security-core/6.2.1/spring-security-core-6.2.1.jar
MD5: 15ff5f2662bdc1b8936abfd2ef1ad070
SHA1: b4014a04f217f0f48d15bc7d53906b6911ad855f
SHA256: 7c3b0c20e19eaa47da2f1141c852e5de17a731436619e1e4ce0845e0775e4686
Referenced In Projects/Scopes: waffle-spring-boot-autoconfigure3:compile waffle-spring-boot-filter3:compile waffle-spring-security6:compile waffle-spring-boot-starter3:compile spring-security-core-6.2.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-spring-boot-starter3@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-security6@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-security6@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-security6@3.3.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name spring-security-core High Vendor hint analyzer vendor pivotal software Highest Vendor hint analyzer vendor SpringSource Highest Vendor hint analyzer vendor vmware Highest Vendor jar package name core Highest Vendor jar package name security Highest Vendor jar package name springframework Highest Vendor Manifest automatic-module-name spring.security.core Medium Vendor pom artifactid spring-security-core Highest Vendor pom artifactid spring-security-core Low Vendor pom developer email info@pivotal.io Low Vendor pom developer name Pivotal Medium Vendor pom developer org Pivotal Software, Inc. Medium Vendor pom developer org URL https://www.spring.io Medium Vendor pom groupid org.springframework.security Highest Vendor pom name spring-security-core High Vendor pom organization name Pivotal Software, Inc. High Vendor pom organization url https://spring.io Medium Vendor pom url https://spring.io/projects/spring-security Highest Product file name spring-security-core High Product jar package name core Highest Product jar package name security Highest Product jar package name springframework Highest Product Manifest automatic-module-name spring.security.core Medium Product Manifest Implementation-Title spring-security-core High Product pom artifactid spring-security-core Highest Product pom developer email info@pivotal.io Low Product pom developer name Pivotal Low Product pom developer org Pivotal Software, Inc. Low Product pom developer org URL https://www.spring.io Low Product pom groupid org.springframework.security Highest Product pom name spring-security-core High Product pom organization name Pivotal Software, Inc. Low Product pom organization url https://spring.io Low Product pom url https://spring.io/projects/spring-security Medium Version file version 6.2.1 High Version Manifest Implementation-Version 6.2.1 High Version pom version 6.2.1 Highest
Related Dependencies spring-security-config-6.2.1.jarFile Path: /home/runner/.m2/repository/org/springframework/security/spring-security-config/6.2.1/spring-security-config-6.2.1.jar MD5: 4d65ce9406de0a9c1a3d421e66e9855c SHA1: 119953fd2980d50e1119b913a8596e5e6bdc1295 SHA256: 361ec68075e9c8c508a7e81036de319a27ace3c2eba96dddcf85177744e6a282 pkg:maven/org.springframework.security/spring-security-config@6.2.1 spring-security-crypto-6.2.1.jarFile Path: /home/runner/.m2/repository/org/springframework/security/spring-security-crypto/6.2.1/spring-security-crypto-6.2.1.jar MD5: 3b76db12e0661ea929c45559e3612203 SHA1: d7c4f4e8fe5ae84dd1da76094ee8a0a7e214923d SHA256: 34e7e56af73caa4b1d71bc57a6006777fa1c5b590cea405bd962172cd42c47d4 pkg:maven/org.springframework.security/spring-security-crypto@6.2.1 spring-security-crypto-5.7.11.jarDescription:
Spring Security License:
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0 File Path: /home/runner/.m2/repository/org/springframework/security/spring-security-crypto/5.7.11/spring-security-crypto-5.7.11.jar
MD5: 29553faabff72c4261058e8ebf9e5210
SHA1: 3abf76cedbba13496108c89159451a65dfd544b5
SHA256: 916b099504044134fa2d24bc61531819e3d720d17bfea2762c0defc1f7846d9b
Referenced In Projects/Scopes: waffle-spring-boot-starter2:compile waffle-spring-boot-autoconfigure2:compile spring-security-crypto-5.7.11.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name spring-security-crypto High Vendor hint analyzer vendor pivotal software Highest Vendor hint analyzer vendor SpringSource Highest Vendor hint analyzer vendor vmware Highest Vendor jar package name crypto Highest Vendor jar package name security Highest Vendor jar package name springframework Highest Vendor Manifest automatic-module-name spring.security.crypto Medium Vendor pom artifactid spring-security-crypto Highest Vendor pom artifactid spring-security-crypto Low Vendor pom developer email info@pivotal.io Low Vendor pom developer name Pivotal Medium Vendor pom developer org Pivotal Software, Inc. Medium Vendor pom developer org URL https://www.spring.io Medium Vendor pom groupid org.springframework.security Highest Vendor pom name spring-security-crypto High Vendor pom organization name Pivotal Software, Inc. High Vendor pom organization url https://spring.io Medium Vendor pom url https://spring.io/projects/spring-security Highest Product file name spring-security-crypto High Product jar package name crypto Highest Product jar package name security Highest Product jar package name springframework Highest Product Manifest automatic-module-name spring.security.crypto Medium Product Manifest Implementation-Title spring-security-crypto High Product pom artifactid spring-security-crypto Highest Product pom developer email info@pivotal.io Low Product pom developer name Pivotal Low Product pom developer org Pivotal Software, Inc. Low Product pom developer org URL https://www.spring.io Low Product pom groupid org.springframework.security Highest Product pom name spring-security-crypto High Product pom organization name Pivotal Software, Inc. Low Product pom organization url https://spring.io Low Product pom url https://spring.io/projects/spring-security Medium Version file version 5.7.11 High Version Manifest Implementation-Version 5.7.11 High Version pom version 5.7.11 Highest
CVE-2020-5408 (OSSINDEX) suppress
Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor. A malicious user with access to the data that has been encrypted using such an encryptor may be able to derive the unencrypted values using a dictionary attack.
Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2020-5408 for details CWE-330 Use of Insufficiently Random Values
CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.springframework.security:spring-security-crypto:5.7.11:*:*:*:*:*:*:* spring-security-crypto-5.8.9.jarDescription:
Spring Security License:
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0 File Path: /home/runner/.m2/repository/org/springframework/security/spring-security-crypto/5.8.9/spring-security-crypto-5.8.9.jar
MD5: df0a5bacd5a2a65d432a165300482c61
SHA1: 62aa602e4f5ca8f9032ce8288a45d5b4010bb756
SHA256: f688df565d4afbb7554a72b0a17fba501b30cd74470a79eec2a6985ef9619691
Referenced In Projects/Scopes: waffle-spring-form:compile waffle-distro:runtime waffle-spring-security5:compile waffle-spring-filter:compile waffle-spring-boot-filter2:compile spring-security-crypto-5.8.9.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT pkg:maven/org.springframework.security/spring-security-core@5.8.9 pkg:maven/com.github.waffle/waffle-spring-boot-starter2@3.3.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name spring-security-crypto High Vendor hint analyzer vendor pivotal software Highest Vendor hint analyzer vendor SpringSource Highest Vendor hint analyzer vendor vmware Highest Vendor jar package name crypto Highest Vendor jar package name security Highest Vendor jar package name springframework Highest Vendor Manifest automatic-module-name spring.security.crypto Medium Vendor pom artifactid spring-security-crypto Highest Vendor pom artifactid spring-security-crypto Low Vendor pom developer email info@pivotal.io Low Vendor pom developer name Pivotal Medium Vendor pom developer org Pivotal Software, Inc. Medium Vendor pom developer org URL https://www.spring.io Medium Vendor pom groupid org.springframework.security Highest Vendor pom name spring-security-crypto High Vendor pom organization name Pivotal Software, Inc. High Vendor pom organization url https://spring.io Medium Vendor pom url https://spring.io/projects/spring-security Highest Product file name spring-security-crypto High Product jar package name crypto Highest Product jar package name security Highest Product jar package name springframework Highest Product Manifest automatic-module-name spring.security.crypto Medium Product Manifest Implementation-Title spring-security-crypto High Product pom artifactid spring-security-crypto Highest Product pom developer email info@pivotal.io Low Product pom developer name Pivotal Low Product pom developer org Pivotal Software, Inc. Low Product pom developer org URL https://www.spring.io Low Product pom groupid org.springframework.security Highest Product pom name spring-security-crypto High Product pom organization name Pivotal Software, Inc. Low Product pom organization url https://spring.io Low Product pom url https://spring.io/projects/spring-security Medium Version file version 5.8.9 High Version Manifest Implementation-Version 5.8.9 High Version pom version 5.8.9 Highest
CVE-2020-5408 (OSSINDEX) suppress
Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor. A malicious user with access to the data that has been encrypted using such an encryptor may be able to derive the unencrypted values using a dictionary attack.
Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2020-5408 for details CWE-330 Use of Insufficiently Random Values
CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.springframework.security:spring-security-crypto:5.8.9:*:*:*:*:*:*:* spring-security-web-5.8.9.jarDescription:
Spring Security License:
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0 File Path: /home/runner/.m2/repository/org/springframework/security/spring-security-web/5.8.9/spring-security-web-5.8.9.jar
MD5: 0f798cd04b98bd63b0ef16a3658e2623
SHA1: 241ebc4e7e14c56550ca58694d572fe11e103f59
SHA256: 91ba2f3bde1a07c1d33e5146aa9fbffeb43cbd5ab480db6fa8e84812a9e960ca
Referenced In Projects/Scopes: waffle-spring-form:compile waffle-distro:runtime waffle-spring-security5:compile waffle-spring-boot-starter2:compile waffle-spring-boot-autoconfigure2:compile waffle-spring-filter:compile waffle-spring-boot-filter2:compile spring-security-web-5.8.9.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT pkg:maven/org.springframework.boot/spring-boot-starter-security@2.7.18 pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name spring-security-web High Vendor hint analyzer vendor pivotal software Highest Vendor hint analyzer vendor SpringSource Highest Vendor hint analyzer vendor vmware Highest Vendor jar package name security Highest Vendor jar package name springframework Highest Vendor jar package name web Highest Vendor Manifest automatic-module-name spring.security.web Medium Vendor pom artifactid spring-security-web Highest Vendor pom artifactid spring-security-web Low Vendor pom developer email info@pivotal.io Low Vendor pom developer name Pivotal Medium Vendor pom developer org Pivotal Software, Inc. Medium Vendor pom developer org URL https://www.spring.io Medium Vendor pom groupid org.springframework.security Highest Vendor pom name spring-security-web High Vendor pom organization name Pivotal Software, Inc. High Vendor pom organization url https://spring.io Medium Vendor pom url https://spring.io/projects/spring-security Highest Product file name spring-security-web High Product jar package name security Highest Product jar package name springframework Highest Product jar package name web Highest Product Manifest automatic-module-name spring.security.web Medium Product Manifest Implementation-Title spring-security-web High Product pom artifactid spring-security-web Highest Product pom developer email info@pivotal.io Low Product pom developer name Pivotal Low Product pom developer org Pivotal Software, Inc. Low Product pom developer org URL https://www.spring.io Low Product pom groupid org.springframework.security Highest Product pom name spring-security-web High Product pom organization name Pivotal Software, Inc. Low Product pom organization url https://spring.io Low Product pom url https://spring.io/projects/spring-security Medium Version file version 5.8.9 High Version Manifest Implementation-Version 5.8.9 High Version pom version 5.8.9 Highest
spring-security-web-6.2.1.jarDescription:
Spring Security License:
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0 File Path: /home/runner/.m2/repository/org/springframework/security/spring-security-web/6.2.1/spring-security-web-6.2.1.jar
MD5: 9d7b5b036dabb2e28231f1977d9091e4
SHA1: 4b486977ab1bcdd5dcc6aa5d8a367f1c0814bf56
SHA256: 86f440ff943644b6de7a4771438a12b8f9d2751fa4ed633a6013965d2377ffc7
Referenced In Projects/Scopes: waffle-spring-boot-autoconfigure3:compile waffle-spring-boot-filter3:compile waffle-spring-security6:compile waffle-spring-boot-starter3:compile spring-security-web-6.2.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-spring-security6@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-security6@3.3.1-SNAPSHOT pkg:maven/org.springframework.boot/spring-boot-starter-security@3.2.2 pkg:maven/com.github.waffle/waffle-spring-security6@3.3.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name spring-security-web High Vendor hint analyzer vendor pivotal software Highest Vendor hint analyzer vendor SpringSource Highest Vendor hint analyzer vendor vmware Highest Vendor jar package name security Highest Vendor jar package name springframework Highest Vendor jar package name web Highest Vendor Manifest automatic-module-name spring.security.web Medium Vendor pom artifactid spring-security-web Highest Vendor pom artifactid spring-security-web Low Vendor pom developer email info@pivotal.io Low Vendor pom developer name Pivotal Medium Vendor pom developer org Pivotal Software, Inc. Medium Vendor pom developer org URL https://www.spring.io Medium Vendor pom groupid org.springframework.security Highest Vendor pom name spring-security-web High Vendor pom organization name Pivotal Software, Inc. High Vendor pom organization url https://spring.io Medium Vendor pom url https://spring.io/projects/spring-security Highest Product file name spring-security-web High Product jar package name security Highest Product jar package name springframework Highest Product jar package name web Highest Product Manifest automatic-module-name spring.security.web Medium Product Manifest Implementation-Title spring-security-web High Product pom artifactid spring-security-web Highest Product pom developer email info@pivotal.io Low Product pom developer name Pivotal Low Product pom developer org Pivotal Software, Inc. Low Product pom developer org URL https://www.spring.io Low Product pom groupid org.springframework.security Highest Product pom name spring-security-web High Product pom organization name Pivotal Software, Inc. Low Product pom organization url https://spring.io Low Product pom url https://spring.io/projects/spring-security Medium Version file version 6.2.1 High Version Manifest Implementation-Version 6.2.1 High Version pom version 6.2.1 Highest
spring-web-5.3.31.jarDescription:
Spring Web License:
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0 File Path: /home/runner/.m2/repository/org/springframework/spring-web/5.3.31/spring-web-5.3.31.jar
MD5: 4bef28044f222933ea2e45818c7f96a1
SHA1: 3bf73c385a1f2f4a0d482149d6a205e854cec497
SHA256: 7b7b4db19acc8c0cdb0dea93a3aa4b1b706db4bcc7b77f677a0c56e86d379ac7
Referenced In Projects/Scopes: waffle-spring-form:compile waffle-distro:runtime waffle-spring-security5:compile waffle-spring-boot-starter2:compile waffle-spring-boot-autoconfigure2:compile waffle-spring-filter:compile waffle-spring-boot-filter2:compile spring-web-5.3.31.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT pkg:maven/org.springframework.boot/spring-boot-starter-web@2.7.18 pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name spring-web High Vendor hint analyzer vendor pivotal software Highest Vendor hint analyzer vendor SpringSource Highest Vendor hint analyzer vendor vmware Highest Vendor jar package name springframework Highest Vendor jar package name web Highest Vendor Manifest automatic-module-name spring.web Medium Vendor pom artifactid spring-web Highest Vendor pom artifactid spring-web Low Vendor pom developer email jhoeller@pivotal.io Low Vendor pom developer id jhoeller Medium Vendor pom developer name Juergen Hoeller Medium Vendor pom groupid org.springframework Highest Vendor pom name Spring Web High Vendor pom organization name Spring IO High Vendor pom organization url https://spring.io/projects/spring-framework Medium Vendor pom url spring-projects/spring-framework Highest Product file name spring-web High Product hint analyzer product springsource_spring_framework Highest Product jar package name springframework Highest Product jar package name web Highest Product Manifest automatic-module-name spring.web Medium Product Manifest Implementation-Title spring-web High Product pom artifactid spring-web Highest Product pom developer email jhoeller@pivotal.io Low Product pom developer id jhoeller Low Product pom developer name Juergen Hoeller Low Product pom groupid org.springframework Highest Product pom name Spring Web High Product pom organization name Spring IO Low Product pom organization url https://spring.io/projects/spring-framework Low Product pom url spring-projects/spring-framework High Version file version 5.3.31 High Version Manifest Implementation-Version 5.3.31 High Version pom version 5.3.31 Highest
CVE-2016-1000027 suppress
Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's position is that untrusted data is not an intended use case. The product's behavior will not be changed because some users rely on deserialization of trusted data. CWE-502 Deserialization of Untrusted Data
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions:
spring-web-6.1.3.jarDescription:
Spring Web License:
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0 File Path: /home/runner/.m2/repository/org/springframework/spring-web/6.1.3/spring-web-6.1.3.jar
MD5: db6ad06e3a6786e1c67afaf7d9b1b8a7
SHA1: cc3459b4abd436331608ddb6424886875f7086ab
SHA256: 7c79d4815954d279a744e04892abb9e13ab730dc25db5813f0b1aef2c04bc818
Referenced In Projects/Scopes: waffle-spring-boot-autoconfigure3:compile waffle-spring-boot-filter3:compile waffle-spring-security6:compile waffle-spring-boot-starter3:compile spring-web-6.1.3.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.springframework.boot/spring-boot-starter-web@3.2.2 pkg:maven/com.github.waffle/waffle-spring-security6@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-security6@3.3.1-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-security6@3.3.1-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name spring-web High Vendor hint analyzer vendor pivotal software Highest Vendor hint analyzer vendor SpringSource Highest Vendor hint analyzer vendor vmware Highest Vendor jar package name springframework Highest Vendor jar package name web Highest Vendor Manifest automatic-module-name spring.web Medium Vendor pom artifactid spring-web Highest Vendor pom artifactid spring-web Low Vendor pom developer email jhoeller@pivotal.io Low Vendor pom developer id jhoeller Medium Vendor pom developer name Juergen Hoeller Medium Vendor pom groupid org.springframework Highest Vendor pom name Spring Web High Vendor pom organization name Spring IO High Vendor pom organization url https://spring.io/projects/spring-framework Medium Vendor pom url spring-projects/spring-framework Highest Product file name spring-web High Product hint analyzer product springsource_spring_framework Highest Product jar package name springframework Highest Product jar package name web Highest Product Manifest automatic-module-name spring.web Medium Product Manifest Implementation-Title spring-web High Product pom artifactid spring-web Highest Product pom developer email jhoeller@pivotal.io Low Product pom developer id jhoeller Low Product pom developer name Juergen Hoeller Low Product pom groupid org.springframework Highest Product pom name Spring Web High Product pom organization name Spring IO Low Product pom organization url https://spring.io/projects/spring-framework Low Product pom url spring-projects/spring-framework High Version file version 6.1.3 High Version Manifest Implementation-Version 6.1.3 High Version pom version 6.1.3 Highest
Related Dependencies spring-webmvc-6.1.3.jarFile Path: /home/runner/.m2/repository/org/springframework/spring-webmvc/6.1.3/spring-webmvc-6.1.3.jar MD5: bf83f8c32987c7f2f649a41561b8bb17 SHA1: f4738a57787add6567e0679eebb1b499a11019cc SHA256: b69fb21b86a689392636e0a48ed2fb9e9f9773affe30bb9219a45109c15c1aaf pkg:maven/org.springframework/spring-webmvc@6.1.3 spring-webmvc-5.3.31.jarDescription:
Spring Web MVC License:
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0 File Path: /home/runner/.m2/repository/org/springframework/spring-webmvc/5.3.31/spring-webmvc-5.3.31.jar
MD5: 7401b647e906d3853ad02b62496cfadf
SHA1: 45754d056effe8257a012f6b98ed5454cf1e8960
SHA256: 29c1b96c424dcb637fec2d1e6493b088d977e748a56da7f34e6a7c3c39d18c74
Referenced In Projects/Scopes: waffle-distro:runtime waffle-spring-boot-autoconfigure2:compile waffle-spring-boot-filter2:compile spring-webmvc-5.3.31.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.springframework.boot/spring-boot-starter-web@2.7.18 pkg:maven/com.github.waffle.demo/waffle-spring-boot-filter2@3.3.1-SNAPSHOT pkg:maven/org.springframework.boot/spring-boot-starter-web@2.7.18 Evidence Type Source Name Value Confidence Vendor file name spring-webmvc High Vendor hint analyzer vendor pivotal software Highest Vendor hint analyzer vendor SpringSource Highest Vendor hint analyzer vendor vmware Highest Vendor jar package name mvc Highest Vendor jar package name springframework Highest Vendor jar package name web Highest Vendor Manifest automatic-module-name spring.webmvc Medium Vendor pom artifactid spring-webmvc Highest Vendor pom artifactid spring-webmvc Low Vendor pom developer email jhoeller@pivotal.io Low Vendor pom developer id jhoeller Medium Vendor pom developer name Juergen Hoeller Medium Vendor pom groupid org.springframework Highest Vendor pom name Spring Web MVC High Vendor pom organization name Spring IO High Vendor pom organization url https://spring.io/projects/spring-framework Medium Vendor pom url spring-projects/spring-framework Highest Product file name spring-webmvc High Product hint analyzer product springsource_spring_framework Highest Product jar package name mvc Highest Product jar package name springframework Highest Product jar package name web Highest Product Manifest automatic-module-name spring.webmvc Medium Product Manifest Implementation-Title spring-webmvc High Product pom artifactid spring-webmvc Highest Product pom developer email jhoeller@pivotal.io Low Product pom developer id jhoeller Low Product pom developer name Juergen Hoeller Low Product pom groupid org.springframework Highest Product pom name Spring Web MVC High Product pom organization name Spring IO Low Product pom organization url https://spring.io/projects/spring-framework Low Product pom url spring-projects/spring-framework High Version file version 5.3.31 High Version Manifest Implementation-Version 5.3.31 High Version pom version 5.3.31 Highest
tomcat-annotations-api-10.1.18.jarDescription:
Annotations Package License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-annotations-api/10.1.18/tomcat-annotations-api-10.1.18.jar
MD5: 5c35b663bb56963ae10816c52eb7c2fe
SHA1: 40c86ddfc17e6388b3b798b634a2bd7ac3ecd579
SHA256: cf64d39da0fa13b25109acbb55eba91544dd73ee517b521e0e7b51ab04d0628c
Referenced In Project/Scope: waffle-tomcat10:provided
tomcat-annotations-api-10.1.18.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.tomcat/tomcat-catalina@10.1.18
Evidence Type Source Name Value Confidence Vendor file name tomcat-annotations-api High Vendor Manifest bundle-symbolicname org.apache.tomcat-annotations-api Medium Vendor Manifest provide-capability osgi.contract;osgi.contract=JakartaAnnotations;version:Version="2.1";uses:="jakarta.annotation,jakarta.annotation.security,jakarta.annotation.sql" Low Vendor manifest: jakarta/annotation/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: jakarta/annotation/security/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: jakarta/annotation/sql/ Implementation-Vendor Apache Software Foundation Medium Vendor pom artifactid tomcat-annotations-api Highest Vendor pom artifactid tomcat-annotations-api Low Vendor pom groupid org.apache.tomcat Highest Vendor pom url https://tomcat.apache.org/ Highest Product file name tomcat-annotations-api High Product jar package name annotation Highest Product jar package name jakarta Highest Product jar package name security Highest Product jar package name sql Highest Product Manifest Bundle-Name tomcat-annotations-api Medium Product Manifest bundle-symbolicname org.apache.tomcat-annotations-api Medium Product Manifest provide-capability osgi.contract;osgi.contract=JakartaAnnotations;version:Version="2.1";uses:="jakarta.annotation,jakarta.annotation.security,jakarta.annotation.sql" Low Product manifest: jakarta/annotation/ Implementation-Title jakarta.annotation Medium Product manifest: jakarta/annotation/ Specification-Title Jakarta Annotations Medium Product manifest: jakarta/annotation/security/ Implementation-Title jakarta.annotation Medium Product manifest: jakarta/annotation/security/ Specification-Title Jakarta Annotations Medium Product manifest: jakarta/annotation/sql/ Implementation-Title jakarta.annotation Medium Product manifest: jakarta/annotation/sql/ Specification-Title Jakarta Annotations Medium Product pom artifactid tomcat-annotations-api Highest Product pom groupid org.apache.tomcat Highest Product pom url https://tomcat.apache.org/ Medium Version file version 10.1.18 High Version Manifest Bundle-Version 10.1.18 High Version pom version 10.1.18 Highest
tomcat-annotations-api-8.5.98.jarDescription:
Annotations Package License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-annotations-api/8.5.98/tomcat-annotations-api-8.5.98.jar
MD5: f7ef9df111f937e1870a90a4bfa178bb
SHA1: 617d7865644c98b9355a29ca9904a435e830b18c
SHA256: df0fe2c6249f431b13df8fc4c0c547fea6c9bf4c6948e441957fa521b69a7f3a
Referenced In Project/Scope: waffle-tomcat85:provided
tomcat-annotations-api-8.5.98.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.tomcat/tomcat-catalina@8.5.98
Evidence Type Source Name Value Confidence Vendor file name tomcat-annotations-api High Vendor manifest: javax/annotation/ Implementation-Vendor Apache Software Foundation Medium Vendor pom artifactid tomcat-annotations-api Highest Vendor pom artifactid tomcat-annotations-api Low Vendor pom groupid org.apache.tomcat Highest Vendor pom url https://tomcat.apache.org/ Highest Product file name tomcat-annotations-api High Product jar package name annotation Highest Product jar package name javax Highest Product manifest: javax/annotation/ Implementation-Title javax.annotation Medium Product manifest: javax/annotation/ Specification-Title Common Annotations Medium Product pom artifactid tomcat-annotations-api Highest Product pom groupid org.apache.tomcat Highest Product pom url https://tomcat.apache.org/ Medium Version file version 8.5.98 High Version pom version 8.5.98 Highest
tomcat-annotations-api-9.0.85.jarDescription:
Annotations Package License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-annotations-api/9.0.85/tomcat-annotations-api-9.0.85.jar
MD5: 0eecaa7544c9a5f628cd5ad1afe78edb
SHA1: 19a061d219093b135487ca199e0f93de8df582d7
SHA256: f48d637bd18a32380db5234ad6a192c7562af39b43c7f923274b35b619b06c63
Referenced In Project/Scope: waffle-tomcat9:provided
tomcat-annotations-api-9.0.85.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.85
Evidence Type Source Name Value Confidence Vendor file name tomcat-annotations-api High Vendor Manifest bundle-symbolicname org.apache.tomcat-annotations-api Medium Vendor Manifest provide-capability osgi.contract;osgi.contract=JavaAnnotation;version:List="1.3,1.2,1.1,1";uses:="javax.annotation,javax.annotation.security,javax.annotation.sql" Low Vendor manifest: javax/annotation/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: javax/annotation/security/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: javax/annotation/sql/ Implementation-Vendor Apache Software Foundation Medium Vendor pom artifactid tomcat-annotations-api Highest Vendor pom artifactid tomcat-annotations-api Low Vendor pom groupid org.apache.tomcat Highest Vendor pom url https://tomcat.apache.org/ Highest Product file name tomcat-annotations-api High Product jar package name annotation Highest Product jar package name javax Highest Product jar package name security Highest Product jar package name sql Highest Product Manifest Bundle-Name tomcat-annotations-api Medium Product Manifest bundle-symbolicname org.apache.tomcat-annotations-api Medium Product Manifest provide-capability osgi.contract;osgi.contract=JavaAnnotation;version:List="1.3,1.2,1.1,1";uses:="javax.annotation,javax.annotation.security,javax.annotation.sql" Low Product manifest: javax/annotation/ Implementation-Title javax.annotation Medium Product manifest: javax/annotation/ Specification-Title Common Annotations Medium Product manifest: javax/annotation/security/ Implementation-Title javax.annotation Medium Product manifest: javax/annotation/security/ Specification-Title Common Annotations Medium Product manifest: javax/annotation/sql/ Implementation-Title javax.annotation Medium Product manifest: javax/annotation/sql/ Specification-Title Common Annotations Medium Product pom artifactid tomcat-annotations-api Highest Product pom groupid org.apache.tomcat Highest Product pom url https://tomcat.apache.org/ Medium Version file version 9.0.85 High Version Manifest Bundle-Version 9.0.85 High Version pom version 9.0.85 Highest
tomcat-api-8.5.98.jarDescription:
Definition of interfaces shared by Catalina and Jasper License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-api/8.5.98/tomcat-api-8.5.98.jar
MD5: 70c937f294d61828c8200d74f0065c8c
SHA1: faf1a5f14bf4970fd7fce9698523d96a1bddbeb4
SHA256: e375231182d2ae910dea93592114a1be6e69d8f666a4b1bb64ad870c0005c3b6
Referenced In Project/Scope: waffle-tomcat85:provided
tomcat-api-8.5.98.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-tomcat85@3.3.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name tomcat-api High Vendor jar package name apache Highest Vendor jar package name tomcat Highest Vendor Manifest Implementation-Vendor Apache Software Foundation High Vendor Manifest specification-vendor Apache Software Foundation Low Vendor pom artifactid tomcat-api Highest Vendor pom artifactid tomcat-api Low Vendor pom groupid org.apache.tomcat Highest Vendor pom url https://tomcat.apache.org/ Highest Product file name tomcat-api High Product jar package name apache Highest Product jar package name tomcat Highest Product Manifest Implementation-Title Apache Tomcat High Product Manifest specification-title Apache Tomcat Medium Product pom artifactid tomcat-api Highest Product pom groupid org.apache.tomcat Highest Product pom url https://tomcat.apache.org/ Medium Version file version 8.5.98 High Version Manifest Implementation-Version 8.5.98 High Version pom version 8.5.98 Highest
Related Dependencies tomcat-catalina-8.5.98.jarFile Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-catalina/8.5.98/tomcat-catalina-8.5.98.jar MD5: 2dc448ddcd4b27aeba32093338e0a007 SHA1: 9bd1d468b29834e33c06cf5778a863ac7e9d7076 SHA256: 934675a4b32ce7f29d0a8ad3f5ccaf7e11c3e1d9fabbe326acf042a197ca365c pkg:maven/org.apache.tomcat/tomcat-catalina@8.5.98 tomcat-coyote-8.5.98.jarFile Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-coyote/8.5.98/tomcat-coyote-8.5.98.jar MD5: 12066ad7b3a5d4f64a937f6139bf45c2 SHA1: dcc725d215e56324719ddab0b602a8c7703fe3a7 SHA256: 067954d921e350e469db9ce2798079f4aeba360a6cb52d9802ba06a0ae587e46 pkg:maven/org.apache.tomcat/tomcat-coyote@8.5.98 tomcat-jaspic-api-8.5.98.jarFile Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-jaspic-api/8.5.98/tomcat-jaspic-api-8.5.98.jar MD5: a01b4965f722983d17655350b46f46c5 SHA1: 7e8c0ea16e75242752af55d33bfb073dd7dec476 SHA256: b0cbee1fe34764682837c3520348ea5521104165630883100090548ab1c77de5 pkg:maven/org.apache.tomcat/tomcat-jaspic-api@8.5.98 tomcat-jsp-api-8.5.98.jarFile Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-jsp-api/8.5.98/tomcat-jsp-api-8.5.98.jar MD5: af813a91cd466e1f149994948087fe71 SHA1: 5a6cf572971b5cddcdcefbe838672c2bfeb5bebd SHA256: 6a16d14164c38b90bfffef4c463865d2aa191dfb85ac608a694ca52551231320 pkg:maven/org.apache.tomcat/tomcat-jsp-api@8.5.98 tomcat-util-8.5.98.jarFile Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-util/8.5.98/tomcat-util-8.5.98.jar MD5: 36b1458fe451228453f5748f0c5aaa2a SHA1: cf3c7380d7cb6af81659917e004694796b2fa017 SHA256: ed41d36ddc17983d727dacc17d7088ce811f355b828c2d15ff0af0564e0a7b50 pkg:maven/org.apache.tomcat/tomcat-util@8.5.98 tomcat-util-scan-8.5.98.jarFile Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-util-scan/8.5.98/tomcat-util-scan-8.5.98.jar MD5: 86719330a9491d48b28bbf689f95f828 SHA1: 6a396e350f57cb491a2a0cb773e60fab9414ff4d SHA256: 09b27d48b9fc1727930e37c41edbc2fc7f6f4e9d27f985df54fc470db9eb8ce0 pkg:maven/org.apache.tomcat/tomcat-util-scan@8.5.98 CVE-2020-8022 suppress
A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8 allows local attackers to escalate from group tomcat to root. This issue affects: SUSE Enterprise Storage 5 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP4 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 12-SP5 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 15-LTSS tomcat versions prior to 9.0.35-3.57.3. SUSE Linux Enterprise Server for SAP 12-SP2 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 12-SP3 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 15 tomcat versions prior to 9.0.35-3.57.3. SUSE OpenStack Cloud 7 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud 8 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud Crowbar 8 tomcat versions prior to 8.0.53-29.32.1. CWE-276 Incorrect Default Permissions
CVSSv2:
Base Score: HIGH (7.2) Vector: /AV:L/AC:L/Au:N/C:C/I:C/A:C CVSSv3:
Base Score: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:1.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
tomcat-api-9.0.85.jarDescription:
Definition of interfaces shared by Catalina and Jasper License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-api/9.0.85/tomcat-api-9.0.85.jar
MD5: 9b29280f0c7c1b29f5ed23aa223291c5
SHA1: 81ada7b39e1b59fc2d10194eb91d5266bb280aec
SHA256: c96b993e1433c116d3f01eac4cb8e3e00f23fcf98f913a673de07b4a4ca6403b
Referenced In Project/Scope: waffle-tomcat9:provided
tomcat-api-9.0.85.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-tomcat9@3.3.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name tomcat-api High Vendor jar package name apache Highest Vendor jar package name tomcat Highest Vendor Manifest bundle-symbolicname org.apache.tomcat-api Medium Vendor Manifest Implementation-Vendor Apache Software Foundation High Vendor Manifest specification-vendor Apache Software Foundation Low Vendor pom artifactid tomcat-api Highest Vendor pom artifactid tomcat-api Low Vendor pom groupid org.apache.tomcat Highest Vendor pom url https://tomcat.apache.org/ Highest Product file name tomcat-api High Product jar package name apache Highest Product jar package name tomcat Highest Product Manifest Bundle-Name tomcat-api Medium Product Manifest bundle-symbolicname org.apache.tomcat-api Medium Product Manifest Implementation-Title Apache Tomcat High Product Manifest specification-title Apache Tomcat Medium Product pom artifactid tomcat-api Highest Product pom groupid org.apache.tomcat Highest Product pom url https://tomcat.apache.org/ Medium Version file version 9.0.85 High Version Manifest Bundle-Version 9.0.85 High Version Manifest Implementation-Version 9.0.85 High Version pom version 9.0.85 Highest
Related Dependencies tomcat-catalina-9.0.85.jarFile Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-catalina/9.0.85/tomcat-catalina-9.0.85.jar MD5: 391dbef2793e8d38b1bb7c8963ea3696 SHA1: 629375aad4a15202608a644baf50f7036d3d226d SHA256: 59a3f7cfc0e9c054a22aea8f238f87045a28df9e9a7079d2ed77c2bbc76e799c pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.85 tomcat-coyote-9.0.85.jarFile Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-coyote/9.0.85/tomcat-coyote-9.0.85.jar MD5: e166f56d8e723d995dca91a98162c27b SHA1: 1a8e75a9e447729eb6e7b01d529480bf18ba36c0 SHA256: 3d2f4705e835805857487ecefb15a080c5baa4cb9efd413bdade1d0248823cd6 pkg:maven/org.apache.tomcat/tomcat-coyote@9.0.85 tomcat-jaspic-api-9.0.85.jarFile Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-jaspic-api/9.0.85/tomcat-jaspic-api-9.0.85.jar MD5: 80d0455be3db2ec5d2d1921dc27d9938 SHA1: baf220e93c69e1ff9cece94044ec727706e0fa2a SHA256: 97e7608b7be9a90f35fae30be343ddb68878abfdef08909f3501cf40c7e7cd94 pkg:maven/org.apache.tomcat/tomcat-jaspic-api@9.0.85 tomcat-jsp-api-9.0.85.jarFile Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-jsp-api/9.0.85/tomcat-jsp-api-9.0.85.jar MD5: 4732adc9dd593023d1ef6af6c94ccb40 SHA1: 2da040408836c42122600a6b568c6ec42b7945a0 SHA256: b51bc7c3c5515469c1b6c876b72293cd1026d3a9bd8cb9a822413e1e04e5d6b2 pkg:maven/org.apache.tomcat/tomcat-jsp-api@9.0.85 tomcat-util-9.0.85.jarFile Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-util/9.0.85/tomcat-util-9.0.85.jar MD5: 1a50f5d3baf258d9c5c9893bf34a512f SHA1: 795887bf1ea3fbd7bb990170429e31876a2969dd SHA256: 2cbd475ca43e7a7514cb96ed2094b2522c5fe0ecb69d229ef02b1cd735b2a176 pkg:maven/org.apache.tomcat/tomcat-util@9.0.85 tomcat-util-scan-9.0.85.jarFile Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-util-scan/9.0.85/tomcat-util-scan-9.0.85.jar MD5: 01552b385ed0d0c6b289ff27de04fa8a SHA1: 0e50b6dea16399e1d3351601de5e876649b7b3b6 SHA256: f43c80cba2567c3cfa0534f094945f231fa096dabab80ca192430df872edb89f pkg:maven/org.apache.tomcat/tomcat-util-scan@9.0.85 tomcat-el-api-10.1.18.jarDescription:
Expression language package License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-el-api/10.1.18/tomcat-el-api-10.1.18.jar
MD5: cf04f57f5bfe717706d289a71f399260
SHA1: 30de6dc9852e00b73d25c07f4459f73aef021507
SHA256: facd180727217ea8ff75b5305266b96c69de632cedfb6d72c5ae46faf014ff2d
Referenced In Project/Scope: waffle-tomcat10:provided
tomcat-el-api-10.1.18.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.tomcat/tomcat-catalina@10.1.18
Evidence Type Source Name Value Confidence Vendor file name tomcat-el-api High Vendor jar package name el Highest Vendor jar package name expression Highest Vendor Manifest bundle-symbolicname org.apache.tomcat-el-api Medium Vendor Manifest provide-capability osgi.contract;osgi.contract=JavaEL;version:Version="5.0";uses:="jakarta.el" Low Vendor manifest: jakarta/el/ Implementation-Vendor Apache Software Foundation Medium Vendor pom artifactid tomcat-el-api Highest Vendor pom artifactid tomcat-el-api Low Vendor pom groupid org.apache.tomcat Highest Vendor pom url https://tomcat.apache.org/ Highest Product file name tomcat-el-api High Product jar package name el Highest Product jar package name expression Highest Product jar package name jakarta Highest Product Manifest Bundle-Name tomcat-el-api Medium Product Manifest bundle-symbolicname org.apache.tomcat-el-api Medium Product Manifest provide-capability osgi.contract;osgi.contract=JavaEL;version:Version="5.0";uses:="jakarta.el" Low Product manifest: jakarta/el/ Implementation-Title jakarta.el Medium Product manifest: jakarta/el/ Specification-Title Jakarta Expression Language Medium Product pom artifactid tomcat-el-api Highest Product pom groupid org.apache.tomcat Highest Product pom url https://tomcat.apache.org/ Medium Version file version 10.1.18 High Version Manifest Bundle-Version 10.1.18 High Version pom version 10.1.18 Highest
tomcat-el-api-8.5.98.jarDescription:
Expression language package License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-el-api/8.5.98/tomcat-el-api-8.5.98.jar
MD5: 1866c63e4e46ef47e30990acac4f483c
SHA1: 76380303711453e3b05e3ea473facdd69da08fa9
SHA256: 6be669f25d05f7c3e50209e224081d2a2df8ae9a4f5d1c5a19d4daa55167ab98
Referenced In Project/Scope: waffle-tomcat85:provided
tomcat-el-api-8.5.98.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.tomcat/tomcat-catalina@8.5.98
Evidence Type Source Name Value Confidence Vendor file name tomcat-el-api High Vendor jar package name el Highest Vendor jar package name expression Highest Vendor manifest: javax/el/ Implementation-Vendor Apache Software Foundation Medium Vendor pom artifactid tomcat-el-api Highest Vendor pom artifactid tomcat-el-api Low Vendor pom groupid org.apache.tomcat Highest Vendor pom url https://tomcat.apache.org/ Highest Product file name tomcat-el-api High Product jar package name el Highest Product jar package name expression Highest Product jar package name javax Highest Product manifest: javax/el/ Implementation-Title javax.el Medium Product manifest: javax/el/ Specification-Title Expression Language Medium Product pom artifactid tomcat-el-api Highest Product pom groupid org.apache.tomcat Highest Product pom url https://tomcat.apache.org/ Medium Version file version 8.5.98 High Version pom version 8.5.98 Highest
tomcat-el-api-9.0.85.jarDescription:
Expression language package License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-el-api/9.0.85/tomcat-el-api-9.0.85.jar
MD5: 78cd0c8ea16535409ca06921e13d60c8
SHA1: b5d6802eeb8729da4d43ea4402b7da61a528b449
SHA256: a2681f07acdd9e8a6affd9eb38ddad8e2be18ad417588781438c5c8dad82bd5c
Referenced In Project/Scope: waffle-tomcat9:provided
tomcat-el-api-9.0.85.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.85
Evidence Type Source Name Value Confidence Vendor file name tomcat-el-api High Vendor jar package name el Highest Vendor jar package name expression Highest Vendor Manifest bundle-symbolicname org.apache.tomcat-el-api Medium Vendor Manifest provide-capability osgi.contract;osgi.contract=JavaEL;version:List="3.0,2.2,2.1";uses:="javax.el" Low Vendor manifest: javax/el/ Implementation-Vendor Apache Software Foundation Medium Vendor pom artifactid tomcat-el-api Highest Vendor pom artifactid tomcat-el-api Low Vendor pom groupid org.apache.tomcat Highest Vendor pom url https://tomcat.apache.org/ Highest Product file name tomcat-el-api High Product jar package name el Highest Product jar package name expression Highest Product jar package name javax Highest Product Manifest Bundle-Name tomcat-el-api Medium Product Manifest bundle-symbolicname org.apache.tomcat-el-api Medium Product Manifest provide-capability osgi.contract;osgi.contract=JavaEL;version:List="3.0,2.2,2.1";uses:="javax.el" Low Product manifest: javax/el/ Implementation-Title javax.el Medium Product manifest: javax/el/ Specification-Title Expression Language Medium Product pom artifactid tomcat-el-api Highest Product pom groupid org.apache.tomcat Highest Product pom url https://tomcat.apache.org/ Medium Version file version 9.0.85 High Version Manifest Bundle-Version 9.0.85 High Version pom version 9.0.85 Highest
tomcat-embed-core-10.1.18.jarDescription:
Core Tomcat implementation License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/apache/tomcat/embed/tomcat-embed-core/10.1.18/tomcat-embed-core-10.1.18.jar
MD5: adcbf0783a58388fc37a999b67549de4
SHA1: bff6c34649d1dd7b509e819794d73ba795947dcf
SHA256: 496a6ac8e0c410db54cf169f87016161dc9e6a5d509ba9af1f3ac0ce0b5b6a35
Referenced In Projects/Scopes: waffle-spring-boot-autoconfigure3:compile waffle-spring-boot-filter3:compile tomcat-embed-core-10.1.18.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.springframework.boot/spring-boot-starter-web@3.2.2 pkg:maven/org.springframework.boot/spring-boot-starter-web@3.2.2 Evidence Type Source Name Value Confidence Vendor file name tomcat-embed-core High Vendor jar package name apache Highest Vendor jar package name core Highest Vendor jar package name tomcat Highest Vendor Manifest bundle-symbolicname org.apache.tomcat-embed-core Medium Vendor Manifest Implementation-Vendor Apache Software Foundation High Vendor Manifest provide-capability osgi.contract;osgi.contract=JavaJASPIC;version:Version="3.0";uses:="jakarta.security.auth.message,jakarta.security.auth.message.callback,jakarta.security.auth.message.config,jakarta.security.auth.message.module",osgi.contract;osgi.contract=JavaServlet;version:Version="6.0";uses:="jakarta.servlet,jakarta.servlet.annotation,jakarta.servlet.descriptor,jakarta.servlet.http,jakarta.servlet.resources" Low Vendor Manifest specification-vendor Apache Software Foundation Low Vendor manifest: jakarta/security/auth/message/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: jakarta/security/auth/message/callback/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: jakarta/security/auth/message/config/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: jakarta/security/auth/message/module/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: jakarta/servlet/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: jakarta/servlet/annotation/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: jakarta/servlet/descriptor/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: jakarta/servlet/http/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: jakarta/servlet/resources/ Implementation-Vendor Apache Software Foundation Medium Vendor pom artifactid tomcat-embed-core Highest Vendor pom artifactid tomcat-embed-core Low Vendor pom groupid org.apache.tomcat.embed Highest Vendor pom url https://tomcat.apache.org/ Highest Product file name tomcat-embed-core High Product jar package name annotation Highest Product jar package name apache Highest Product jar package name auth Highest Product jar package name core Highest Product jar package name descriptor Highest Product jar package name http Highest Product jar package name jakarta Highest Product jar package name message Highest Product jar package name security Highest Product jar package name servlet Highest Product jar package name tomcat Highest Product Manifest Bundle-Name tomcat-embed-core Medium Product Manifest bundle-symbolicname org.apache.tomcat-embed-core Medium Product Manifest Implementation-Title Apache Tomcat High Product Manifest provide-capability osgi.contract;osgi.contract=JavaJASPIC;version:Version="3.0";uses:="jakarta.security.auth.message,jakarta.security.auth.message.callback,jakarta.security.auth.message.config,jakarta.security.auth.message.module",osgi.contract;osgi.contract=JavaServlet;version:Version="6.0";uses:="jakarta.servlet,jakarta.servlet.annotation,jakarta.servlet.descriptor,jakarta.servlet.http,jakarta.servlet.resources" Low Product Manifest specification-title Apache Tomcat Medium Product manifest: jakarta/security/auth/message/ Implementation-Title jakarta.security.auth.message Medium Product manifest: jakarta/security/auth/message/ Specification-Title Jakarta Authentication SPI for Containers Medium Product manifest: jakarta/security/auth/message/callback/ Implementation-Title jakarta.security.auth.message Medium Product manifest: jakarta/security/auth/message/callback/ Specification-Title Jakarta Authentication SPI for Containers Medium Product manifest: jakarta/security/auth/message/config/ Implementation-Title jakarta.security.auth.message Medium Product manifest: jakarta/security/auth/message/config/ Specification-Title Jakarta Authentication SPI for Containers Medium Product manifest: jakarta/security/auth/message/module/ Implementation-Title jakarta.security.auth.message Medium Product manifest: jakarta/security/auth/message/module/ Specification-Title Jakarta Authentication SPI for Containers Medium Product manifest: jakarta/servlet/ Implementation-Title jakarta.servlet Medium Product manifest: jakarta/servlet/ Specification-Title Jakarta Servlet Medium Product manifest: jakarta/servlet/annotation/ Implementation-Title jakarta.servlet Medium Product manifest: jakarta/servlet/annotation/ Specification-Title Jakarta Servlet Medium Product manifest: jakarta/servlet/descriptor/ Implementation-Title jakarta.servlet Medium Product manifest: jakarta/servlet/descriptor/ Specification-Title Jakarta Servlet Medium Product manifest: jakarta/servlet/http/ Implementation-Title jakarta.servlet Medium Product manifest: jakarta/servlet/http/ Specification-Title Jakarta Servlet Medium Product manifest: jakarta/servlet/resources/ Implementation-Title jakarta.servlet Medium Product manifest: jakarta/servlet/resources/ Specification-Title Jakarta Servlet Medium Product pom artifactid tomcat-embed-core Highest Product pom groupid org.apache.tomcat.embed Highest Product pom url https://tomcat.apache.org/ Medium Version file version 10.1.18 High Version Manifest Bundle-Version 10.1.18 High Version Manifest Implementation-Version 10.1.18 High Version pom version 10.1.18 Highest
Related Dependencies tomcat-api-10.1.18.jarFile Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-api/10.1.18/tomcat-api-10.1.18.jar MD5: bf0dd3f63082689025716d6f20b0a1a2 SHA1: 877ef3ec65097ff32a905bc19e103a1d03f8633a SHA256: 0afaf26bee274dc9af5416423e2abab5b83c4af48349e7ff285cab1a20af57de pkg:maven/org.apache.tomcat/tomcat-api@10.1.18 tomcat-catalina-10.1.18.jarFile Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-catalina/10.1.18/tomcat-catalina-10.1.18.jar MD5: 41c979f357ec58774e7aba3a86079443 SHA1: d5804970ec157272e7b4918d4a025e40d75999e3 SHA256: 499bafdd24e1c69eb295fcfab095dda984de2398af0b1a88366cbb1c8cd6b37a pkg:maven/org.apache.tomcat/tomcat-catalina@10.1.18 tomcat-coyote-10.1.18.jarFile Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-coyote/10.1.18/tomcat-coyote-10.1.18.jar MD5: 4ce28d4c10e2d59f685f5b014e34de23 SHA1: 95c781943a4e3b1ad99f484a11dc5816ac169d1f SHA256: ebfd81df83a2e825a008e8f164dba186f3cba8ad3d098714febc6d8b6d20919f pkg:maven/org.apache.tomcat/tomcat-coyote@10.1.18 tomcat-embed-websocket-10.1.18.jarFile Path: /home/runner/.m2/repository/org/apache/tomcat/embed/tomcat-embed-websocket/10.1.18/tomcat-embed-websocket-10.1.18.jar MD5: 711a8ff4c4aaacce5da1faaebec9dc74 SHA1: 83a3bc6898f2ceed2357ba231a5e83dc2016d454 SHA256: 0b54e6dcbd21f26d0c1db4466a811f39b04b3c76e811bfb80fe030b4738a4fc2 pkg:maven/org.apache.tomcat.embed/tomcat-embed-websocket@10.1.18 tomcat-jaspic-api-10.1.18.jarFile Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-jaspic-api/10.1.18/tomcat-jaspic-api-10.1.18.jar MD5: acd0eb2958749251cfcdc3fe3e61a83b SHA1: a853ec425f9e8fb0832a06985dfb5a6bd2aa7ca1 SHA256: 5f9bd861c97f3935b78c155caf1033fbf0f0437ba487b68330286aa0e1fbd547 pkg:maven/org.apache.tomcat/tomcat-jaspic-api@10.1.18 tomcat-jsp-api-10.1.18.jarFile Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-jsp-api/10.1.18/tomcat-jsp-api-10.1.18.jar MD5: 295682cad739641aa1d127892b8cdf29 SHA1: 1d07f9e7f067ebeb8b32e1420d959a6c9af0b5a3 SHA256: 26cc957990523bd2723c12e7d2470bae2b293b14479960b58f3c6968cde3d5ae pkg:maven/org.apache.tomcat/tomcat-jsp-api@10.1.18 tomcat-util-10.1.18.jarFile Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-util/10.1.18/tomcat-util-10.1.18.jar MD5: 0440e48a80bfa8da883e7642f51651ce SHA1: ebee9e077f15037656e32aa83b7f101613598350 SHA256: a92454008cd793b1a2a50100a3667a3a53ba8f3bb3cd6891674ad01c5b49c1a5 pkg:maven/org.apache.tomcat/tomcat-util@10.1.18 tomcat-util-scan-10.1.18.jarFile Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-util-scan/10.1.18/tomcat-util-scan-10.1.18.jar MD5: 4da9b91309256f1abde6e1b41db4d8fe SHA1: 1f997123acc9bcb1a89530b7f2f0e9d30acbf2a1 SHA256: 06ecd00e8f24ef5d7155a250f763157496a8f2f7156873f588e2f74a396bd306 pkg:maven/org.apache.tomcat/tomcat-util-scan@10.1.18 tomcat-embed-core-9.0.83.jarDescription:
Core Tomcat implementation License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/apache/tomcat/embed/tomcat-embed-core/9.0.83/tomcat-embed-core-9.0.83.jar
MD5: d4e2068023fe800fd22a9fe2529c290b
SHA1: d771e4343b0515c67dab2a09fe02f5d47550153f
SHA256: 4ed404d5dea8652846f3c52c094764c2ec018f28a3561f1d27df700f7aa5b376
Referenced In Projects/Scopes: waffle-distro:runtime waffle-spring-boot-autoconfigure2:compile waffle-spring-boot-filter2:compile tomcat-embed-core-9.0.83.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle.demo/waffle-spring-boot-filter2@3.3.1-SNAPSHOT pkg:maven/org.springframework.boot/spring-boot-starter-web@2.7.18 pkg:maven/org.springframework.boot/spring-boot-starter-web@2.7.18 Evidence Type Source Name Value Confidence Vendor file name tomcat-embed-core High Vendor jar package name apache Highest Vendor jar package name core Highest Vendor jar package name tomcat Highest Vendor Manifest bundle-symbolicname org.apache.tomcat-embed-core Medium Vendor Manifest Implementation-Vendor Apache Software Foundation High Vendor Manifest provide-capability osgi.contract;osgi.contract=JavaJASPIC;version:List="1.1,1";uses:="javax.security.auth.message,javax.security.auth.message.callback,javax.security.auth.message.config,javax.security.auth.message.module",osgi.contract;osgi.contract=JavaServlet;version:List="4.0,3.1,3,2.5";uses:="javax.servlet,javax.servlet.annotation,javax.servlet.descriptor,javax.servlet.http,javax.servlet.resources" Low Vendor Manifest specification-vendor Apache Software Foundation Low Vendor manifest: javax/security/auth/message/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: javax/security/auth/message/callback/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: javax/security/auth/message/config/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: javax/security/auth/message/module/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: javax/servlet/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: javax/servlet/annotation/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: javax/servlet/descriptor/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: javax/servlet/http/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: javax/servlet/resources/ Implementation-Vendor Apache Software Foundation Medium Vendor pom artifactid tomcat-embed-core Highest Vendor pom artifactid tomcat-embed-core Low Vendor pom groupid org.apache.tomcat.embed Highest Vendor pom url https://tomcat.apache.org/ Highest Product file name tomcat-embed-core High Product jar package name annotation Highest Product jar package name apache Highest Product jar package name auth Highest Product jar package name core Highest Product jar package name descriptor Highest Product jar package name http Highest Product jar package name java Highest Product jar package name javax Highest Product jar package name message Highest Product jar package name security Highest Product jar package name servlet Highest Product jar package name servlets Highest Product jar package name tomcat Highest Product Manifest Bundle-Name tomcat-embed-core Medium Product Manifest bundle-symbolicname org.apache.tomcat-embed-core Medium Product Manifest Implementation-Title Apache Tomcat High Product Manifest provide-capability osgi.contract;osgi.contract=JavaJASPIC;version:List="1.1,1";uses:="javax.security.auth.message,javax.security.auth.message.callback,javax.security.auth.message.config,javax.security.auth.message.module",osgi.contract;osgi.contract=JavaServlet;version:List="4.0,3.1,3,2.5";uses:="javax.servlet,javax.servlet.annotation,javax.servlet.descriptor,javax.servlet.http,javax.servlet.resources" Low Product Manifest specification-title Apache Tomcat Medium Product manifest: javax/security/auth/message/ Implementation-Title javax.security.auth.message Medium Product manifest: javax/security/auth/message/ Specification-Title Java Authentication SPI for Containers Medium Product manifest: javax/security/auth/message/callback/ Implementation-Title javax.security.auth.message Medium Product manifest: javax/security/auth/message/callback/ Specification-Title Java Authentication SPI for Containers Medium Product manifest: javax/security/auth/message/config/ Implementation-Title javax.security.auth.message Medium Product manifest: javax/security/auth/message/config/ Specification-Title Java Authentication SPI for Containers Medium Product manifest: javax/security/auth/message/module/ Implementation-Title javax.security.auth.message Medium Product manifest: javax/security/auth/message/module/ Specification-Title Java Authentication SPI for Containers Medium Product manifest: javax/servlet/ Implementation-Title javax.servlet Medium Product manifest: javax/servlet/ Specification-Title Java API for Servlets Medium Product manifest: javax/servlet/annotation/ Implementation-Title javax.servlet Medium Product manifest: javax/servlet/annotation/ Specification-Title Java API for Servlets Medium Product manifest: javax/servlet/descriptor/ Implementation-Title javax.servlet Medium Product manifest: javax/servlet/descriptor/ Specification-Title Java API for Servlets Medium Product manifest: javax/servlet/http/ Implementation-Title javax.servlet Medium Product manifest: javax/servlet/http/ Specification-Title Java API for Servlets Medium Product manifest: javax/servlet/resources/ Implementation-Title javax.servlet Medium Product manifest: javax/servlet/resources/ Specification-Title Java API for Servlets Medium Product pom artifactid tomcat-embed-core Highest Product pom groupid org.apache.tomcat.embed Highest Product pom url https://tomcat.apache.org/ Medium Version file version 9.0.83 High Version Manifest Bundle-Version 9.0.83 High Version Manifest Implementation-Version 9.0.83 High Version pom version 9.0.83 Highest
Related Dependencies tomcat-embed-websocket-9.0.83.jarFile Path: /home/runner/.m2/repository/org/apache/tomcat/embed/tomcat-embed-websocket/9.0.83/tomcat-embed-websocket-9.0.83.jar MD5: 3ba44fc9bf48656f448a565318ea8c46 SHA1: 9af4b7450296bb4eff93b2ee3e52ab69d07512e4 SHA256: b78130b05960761992787edf2cb4c0af18d1fe52b35119ad63712af137d7eb3e pkg:maven/org.apache.tomcat.embed/tomcat-embed-websocket@9.0.83 tomcat-embed-el-10.1.18.jarDescription:
Core Tomcat implementation License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/apache/tomcat/embed/tomcat-embed-el/10.1.18/tomcat-embed-el-10.1.18.jar
MD5: 2f2cd1dc00096f3a4ae47153777595bc
SHA1: b2c4dc05abd363c63b245523bb071727aa2f1046
SHA256: 2ca4d6bd5e1d60ce0846314112541da030634006855f6b1a871879ffe1a9ca86
Referenced In Projects/Scopes: waffle-spring-boot-autoconfigure3:compile waffle-spring-boot-filter3:compile tomcat-embed-el-10.1.18.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.springframework.boot/spring-boot-starter-web@3.2.2 pkg:maven/org.springframework.boot/spring-boot-starter-web@3.2.2 Evidence Type Source Name Value Confidence Vendor file name tomcat-embed-el High Vendor jar package name apache Highest Vendor jar package name el Highest Vendor Manifest bundle-symbolicname org.apache.tomcat-embed-jasper-el Medium Vendor Manifest Implementation-Vendor Apache Software Foundation High Vendor Manifest provide-capability osgi.contract;osgi.contract=JakartaExpressionLanguage;version:Version="5.0";uses:="jakarta.el",osgi.service;objectClass:List="jakarta.el.ExpressionFactory";effective:=active,osgi.serviceloader;osgi.serviceloader="jakarta.el.ExpressionFactory";register:="org.apache.el.ExpressionFactoryImpl" Low Vendor Manifest specification-vendor Apache Software Foundation Low Vendor manifest: jakarta/el/ Implementation-Vendor Apache Software Foundation Medium Vendor pom artifactid tomcat-embed-el Highest Vendor pom artifactid tomcat-embed-el Low Vendor pom groupid org.apache.tomcat.embed Highest Vendor pom url https://tomcat.apache.org/ Highest Product file name tomcat-embed-el High Product jar package name apache Highest Product jar package name el Highest Product jar package name expression Highest Product jar package name expressionfactory Highest Product jar package name expressionfactoryimpl Highest Product jar package name jakarta Highest Product Manifest Bundle-Name tomcat-embed-jasper-el Medium Product Manifest bundle-symbolicname org.apache.tomcat-embed-jasper-el Medium Product Manifest Implementation-Title Apache Tomcat High Product Manifest provide-capability osgi.contract;osgi.contract=JakartaExpressionLanguage;version:Version="5.0";uses:="jakarta.el",osgi.service;objectClass:List="jakarta.el.ExpressionFactory";effective:=active,osgi.serviceloader;osgi.serviceloader="jakarta.el.ExpressionFactory";register:="org.apache.el.ExpressionFactoryImpl" Low Product Manifest specification-title Apache Tomcat Medium Product manifest: jakarta/el/ Implementation-Title jakarta.annotation Medium Product manifest: jakarta/el/ Specification-Title Jakarta Expression Language Medium Product pom artifactid tomcat-embed-el Highest Product pom groupid org.apache.tomcat.embed Highest Product pom url https://tomcat.apache.org/ Medium Version file version 10.1.18 High Version Manifest Bundle-Version 10.1.18 High Version Manifest Implementation-Version 10.1.18 High Version pom version 10.1.18 Highest
tomcat-embed-el-9.0.83.jarDescription:
Core Tomcat implementation License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/apache/tomcat/embed/tomcat-embed-el/9.0.83/tomcat-embed-el-9.0.83.jar
MD5: eabd7f3ade6cb0cf36f7b238897b8f1d
SHA1: b0cdada70099c25f45fceb48e1ebce60d138a5ce
SHA256: a82c4cf8cf9e88d6891cbb4cbcb9f85f788e147c464cbeba15a2c83276f3344c
Referenced In Projects/Scopes: waffle-distro:runtime waffle-spring-boot-autoconfigure2:compile waffle-spring-boot-filter2:compile tomcat-embed-el-9.0.83.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle.demo/waffle-spring-boot-filter2@3.3.1-SNAPSHOT pkg:maven/org.springframework.boot/spring-boot-starter-web@2.7.18 pkg:maven/org.springframework.boot/spring-boot-starter-web@2.7.18 Evidence Type Source Name Value Confidence Vendor file name tomcat-embed-el High Vendor jar package name apache Highest Vendor jar package name el Highest Vendor Manifest bundle-symbolicname org.apache.tomcat-embed-jasper-el Medium Vendor Manifest Implementation-Vendor Apache Software Foundation High Vendor Manifest provide-capability osgi.contract;osgi.contract=JavaEL;version:List="3.0,2.2,2.1";uses:="javax.el",osgi.service;objectClass:List="javax.el.ExpressionFactory";effective:=active,osgi.serviceloader;osgi.serviceloader="javax.el.ExpressionFactory";register:="org.apache.el.ExpressionFactoryImpl" Low Vendor Manifest specification-vendor Apache Software Foundation Low Vendor manifest: javax/el/ Implementation-Vendor Apache Software Foundation Medium Vendor pom artifactid tomcat-embed-el Highest Vendor pom artifactid tomcat-embed-el Low Vendor pom groupid org.apache.tomcat.embed Highest Vendor pom url https://tomcat.apache.org/ Highest Product file name tomcat-embed-el High Product jar package name apache Highest Product jar package name el Highest Product jar package name expression Highest Product jar package name expressionfactory Highest Product jar package name expressionfactoryimpl Highest Product jar package name javax Highest Product Manifest Bundle-Name tomcat-embed-jasper-el Medium Product Manifest bundle-symbolicname org.apache.tomcat-embed-jasper-el Medium Product Manifest Implementation-Title Apache Tomcat High Product Manifest provide-capability osgi.contract;osgi.contract=JavaEL;version:List="3.0,2.2,2.1";uses:="javax.el",osgi.service;objectClass:List="javax.el.ExpressionFactory";effective:=active,osgi.serviceloader;osgi.serviceloader="javax.el.ExpressionFactory";register:="org.apache.el.ExpressionFactoryImpl" Low Product Manifest specification-title Apache Tomcat Medium Product manifest: javax/el/ Implementation-Title javax.el Medium Product manifest: javax/el/ Specification-Title Expression Language Medium Product pom artifactid tomcat-embed-el Highest Product pom groupid org.apache.tomcat.embed Highest Product pom url https://tomcat.apache.org/ Medium Version file version 9.0.83 High Version Manifest Bundle-Version 9.0.83 High Version Manifest Implementation-Version 9.0.83 High Version pom version 9.0.83 Highest
tomcat-jni-10.1.18.jarDescription:
Interface code to the native connector License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-jni/10.1.18/tomcat-jni-10.1.18.jar
MD5: 0a6811c4289b7b10418956f6504e2f10
SHA1: 6eed0d56075de03971e2b4e6819bb70916bc2bb9
SHA256: ce055759e392f9d0c2caf64281ad0e31842c545c08946deda27c86c93944aa6c
Referenced In Project/Scope: waffle-tomcat10:provided
tomcat-jni-10.1.18.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.tomcat/tomcat-catalina@10.1.18
Evidence Type Source Name Value Confidence Vendor file name tomcat-jni High Vendor jar package name apache Highest Vendor jar package name jni Highest Vendor jar package name tomcat Highest Vendor Manifest bundle-symbolicname org.apache.tomcat-jni Medium Vendor Manifest Implementation-Vendor Apache Software Foundation High Vendor Manifest specification-vendor Apache Software Foundation Low Vendor pom artifactid tomcat-jni Highest Vendor pom artifactid tomcat-jni Low Vendor pom groupid org.apache.tomcat Highest Vendor pom url https://tomcat.apache.org/ Highest Product file name tomcat-jni High Product jar package name apache Highest Product jar package name jni Highest Product jar package name tomcat Highest Product Manifest Bundle-Name tomcat-jni Medium Product Manifest bundle-symbolicname org.apache.tomcat-jni Medium Product Manifest Implementation-Title Apache Tomcat High Product Manifest specification-title Apache Tomcat Medium Product pom artifactid tomcat-jni Highest Product pom groupid org.apache.tomcat Highest Product pom url https://tomcat.apache.org/ Medium Version file version 10.1.18 High Version Manifest Bundle-Version 10.1.18 High Version Manifest Implementation-Version 10.1.18 High Version pom version 10.1.18 Highest
tomcat-jni-8.5.98.jarDescription:
Interface code to the native connector License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-jni/8.5.98/tomcat-jni-8.5.98.jar
MD5: 7d55ea61da9b8bc002a36f064b2fa68c
SHA1: be40f5a1483fb38d5ddef0962804846ebad972f6
SHA256: 2987a13949024acd07e4d763bf766d29f486fc0d43730a21040df199868c1c37
Referenced In Project/Scope: waffle-tomcat85:provided
tomcat-jni-8.5.98.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.tomcat/tomcat-catalina@8.5.98
Evidence Type Source Name Value Confidence Vendor file name tomcat-jni High Vendor jar package name apache Highest Vendor jar package name jni Highest Vendor jar package name tomcat Highest Vendor Manifest Implementation-Vendor Apache Software Foundation High Vendor Manifest specification-vendor Apache Software Foundation Low Vendor pom artifactid tomcat-jni Highest Vendor pom artifactid tomcat-jni Low Vendor pom groupid org.apache.tomcat Highest Vendor pom url https://tomcat.apache.org/ Highest Product file name tomcat-jni High Product jar package name apache Highest Product jar package name jni Highest Product jar package name tomcat Highest Product Manifest Implementation-Title Apache Tomcat High Product Manifest specification-title Apache Tomcat Medium Product pom artifactid tomcat-jni Highest Product pom groupid org.apache.tomcat Highest Product pom url https://tomcat.apache.org/ Medium Version file version 8.5.98 High Version Manifest Implementation-Version 8.5.98 High Version pom version 8.5.98 Highest
tomcat-jni-9.0.85.jarDescription:
Interface code to the native connector License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-jni/9.0.85/tomcat-jni-9.0.85.jar
MD5: 0ab5c120e355498e0e0277a4af55967d
SHA1: 1f6b23c20fc80927c46c9cff1c7ce1b133d5edbf
SHA256: 0f044db63b61e742bddf6878ee1850f06763b36f6090daa31f1c327616edcfe3
Referenced In Project/Scope: waffle-tomcat9:provided
tomcat-jni-9.0.85.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.85
Evidence Type Source Name Value Confidence Vendor file name tomcat-jni High Vendor jar package name apache Highest Vendor jar package name jni Highest Vendor jar package name tomcat Highest Vendor Manifest bundle-symbolicname org.apache.tomcat-jni Medium Vendor Manifest Implementation-Vendor Apache Software Foundation High Vendor Manifest specification-vendor Apache Software Foundation Low Vendor pom artifactid tomcat-jni Highest Vendor pom artifactid tomcat-jni Low Vendor pom groupid org.apache.tomcat Highest Vendor pom url https://tomcat.apache.org/ Highest Product file name tomcat-jni High Product jar package name apache Highest Product jar package name jni Highest Product jar package name tomcat Highest Product Manifest Bundle-Name tomcat-jni Medium Product Manifest bundle-symbolicname org.apache.tomcat-jni Medium Product Manifest Implementation-Title Apache Tomcat High Product Manifest specification-title Apache Tomcat Medium Product pom artifactid tomcat-jni Highest Product pom groupid org.apache.tomcat Highest Product pom url https://tomcat.apache.org/ Medium Version file version 9.0.85 High Version Manifest Bundle-Version 9.0.85 High Version Manifest Implementation-Version 9.0.85 High Version pom version 9.0.85 Highest
tomcat-juli-10.1.18.jarDescription:
Tomcat Core Logging Package License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-juli/10.1.18/tomcat-juli-10.1.18.jar
MD5: ac4f63832fd50480be15247abdade7c5
SHA1: b2ffe5e0e2ba632b1abb3bcfbd0fd3476dde4569
SHA256: 94a276c72877d77e5df884cd2133b1aac5b5143ec7b347197f5cfc737b42c165
Referenced In Project/Scope: waffle-tomcat10:provided
tomcat-juli-10.1.18.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-tomcat10@3.3.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name tomcat-juli High Vendor jar package name apache Highest Vendor jar package name juli Highest Vendor jar package name logging Highest Vendor Manifest bundle-symbolicname org.apache.tomcat-juli Medium Vendor Manifest Implementation-Vendor Apache Software Foundation High Vendor Manifest specification-vendor Apache Software Foundation Low Vendor pom artifactid tomcat-juli Highest Vendor pom artifactid tomcat-juli Low Vendor pom groupid org.apache.tomcat Highest Vendor pom url https://tomcat.apache.org/ Highest Product file name tomcat-juli High Product jar package name apache Highest Product jar package name juli Highest Product jar package name logging Highest Product Manifest Bundle-Name tomcat-juli Medium Product Manifest bundle-symbolicname org.apache.tomcat-juli Medium Product Manifest Implementation-Title Apache Tomcat High Product Manifest specification-title Apache Tomcat Medium Product pom artifactid tomcat-juli Highest Product pom groupid org.apache.tomcat Highest Product pom url https://tomcat.apache.org/ Medium Version file version 10.1.18 High Version Manifest Bundle-Version 10.1.18 High Version Manifest Implementation-Version 10.1.18 High Version pom version 10.1.18 Highest
tomcat-juli-8.5.98.jarDescription:
Tomcat Core Logging Package License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-juli/8.5.98/tomcat-juli-8.5.98.jar
MD5: ceb6f6a743fcaf73e1b9ffdf1deaf2be
SHA1: c81bf147dfcccd9fd8469ab82356ed2b507197e2
SHA256: b3d065395f750c7f3b1335fe2e824ced3717f56132cfbb64bba6616baba6bbc9
Referenced In Project/Scope: waffle-tomcat85:provided
tomcat-juli-8.5.98.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-tomcat85@3.3.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name tomcat-juli High Vendor jar package name apache Highest Vendor jar package name juli Highest Vendor jar package name logging Highest Vendor Manifest Implementation-Vendor Apache Software Foundation High Vendor Manifest specification-vendor Apache Software Foundation Low Vendor pom artifactid tomcat-juli Highest Vendor pom artifactid tomcat-juli Low Vendor pom groupid org.apache.tomcat Highest Vendor pom url https://tomcat.apache.org/ Highest Product file name tomcat-juli High Product jar package name apache Highest Product jar package name juli Highest Product jar package name logging Highest Product Manifest Implementation-Title Apache Tomcat High Product Manifest specification-title Apache Tomcat Medium Product pom artifactid tomcat-juli Highest Product pom groupid org.apache.tomcat Highest Product pom url https://tomcat.apache.org/ Medium Version file version 8.5.98 High Version Manifest Implementation-Version 8.5.98 High Version pom version 8.5.98 Highest
tomcat-juli-9.0.85.jarDescription:
Tomcat Core Logging Package License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-juli/9.0.85/tomcat-juli-9.0.85.jar
MD5: 8626783946f3263799989627fee43f10
SHA1: 7c9bbdb3d73bbef3adc60af042ec113f58c707e6
SHA256: bd16623d488be0f8b67b153db86dc406d77661305cbbf3c3e4faf8f9f96108df
Referenced In Project/Scope: waffle-tomcat9:provided
tomcat-juli-9.0.85.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-tomcat9@3.3.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name tomcat-juli High Vendor jar package name apache Highest Vendor jar package name juli Highest Vendor jar package name logging Highest Vendor Manifest bundle-symbolicname org.apache.tomcat-juli Medium Vendor Manifest Implementation-Vendor Apache Software Foundation High Vendor Manifest specification-vendor Apache Software Foundation Low Vendor pom artifactid tomcat-juli Highest Vendor pom artifactid tomcat-juli Low Vendor pom groupid org.apache.tomcat Highest Vendor pom url https://tomcat.apache.org/ Highest Product file name tomcat-juli High Product jar package name apache Highest Product jar package name juli Highest Product jar package name logging Highest Product Manifest Bundle-Name tomcat-juli Medium Product Manifest bundle-symbolicname org.apache.tomcat-juli Medium Product Manifest Implementation-Title Apache Tomcat High Product Manifest specification-title Apache Tomcat Medium Product pom artifactid tomcat-juli Highest Product pom groupid org.apache.tomcat Highest Product pom url https://tomcat.apache.org/ Medium Version file version 9.0.85 High Version Manifest Bundle-Version 9.0.85 High Version Manifest Implementation-Version 9.0.85 High Version pom version 9.0.85 Highest
tomcat-servlet-api-10.1.18.jarDescription:
jakarta.servlet package License:
Apache License, Version 2.0 and
Common Development And Distribution License (CDDL) Version 1.0 and
Eclipse Public License - v 2.0
:
http://www.apache.org/licenses/LICENSE-2.0.txt and
http://www.opensource.org/licenses/cddl1.txt and
https://www.eclipse.org/org/documents/epl-2.0/EPL-2.0.txt
File Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-servlet-api/10.1.18/tomcat-servlet-api-10.1.18.jar
MD5: 5adb4f961c93587480e6781f836c0ba2
SHA1: ecdd3bc9aefdf514b9a93b6511b86a2e504b080b
SHA256: 4eaa6c560046f5a970e2292ee689996ff3456081f458ec4b5284a1fdbbd10bc1
Referenced In Project/Scope: waffle-tomcat10:provided
tomcat-servlet-api-10.1.18.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-tomcat10@3.3.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name tomcat-servlet-api High Vendor jar package name jakarta Highest Vendor jar package name servlet Highest Vendor Manifest bundle-symbolicname org.apache.tomcat-servlet-api Medium Vendor Manifest provide-capability osgi.contract;osgi.contract=JakartaServlet;version:Version="6.0";uses:="jakarta.servlet,jakarta.servlet.annotation,jakarta.servlet.descriptor,jakarta.servlet.http,jakarta.servlet.resources" Low Vendor manifest: jakarta/servlet/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: jakarta/servlet/annotation/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: jakarta/servlet/descriptor/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: jakarta/servlet/http/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: jakarta/servlet/resources/ Implementation-Vendor Apache Software Foundation Medium Vendor pom artifactid tomcat-servlet-api Highest Vendor pom artifactid tomcat-servlet-api Low Vendor pom groupid org.apache.tomcat Highest Vendor pom url https://tomcat.apache.org/ Highest Product file name tomcat-servlet-api High Product jar package name annotation Highest Product jar package name descriptor Highest Product jar package name http Highest Product jar package name jakarta Highest Product jar package name servlet Highest Product Manifest Bundle-Name tomcat-servlet-api Medium Product Manifest bundle-symbolicname org.apache.tomcat-servlet-api Medium Product Manifest provide-capability osgi.contract;osgi.contract=JakartaServlet;version:Version="6.0";uses:="jakarta.servlet,jakarta.servlet.annotation,jakarta.servlet.descriptor,jakarta.servlet.http,jakarta.servlet.resources" Low Product manifest: jakarta/servlet/ Implementation-Title jakarta.servlet Medium Product manifest: jakarta/servlet/ Specification-Title Jakarta Servlet Medium Product manifest: jakarta/servlet/annotation/ Implementation-Title jakarta.servlet Medium Product manifest: jakarta/servlet/annotation/ Specification-Title Jakarta Servlet Medium Product manifest: jakarta/servlet/descriptor/ Implementation-Title jakarta.servlet Medium Product manifest: jakarta/servlet/descriptor/ Specification-Title Jakarta Servlet Medium Product manifest: jakarta/servlet/http/ Implementation-Title jakarta.servlet Medium Product manifest: jakarta/servlet/http/ Specification-Title Jakarta Servlet Medium Product manifest: jakarta/servlet/resources/ Implementation-Title jakarta.servlet Medium Product manifest: jakarta/servlet/resources/ Specification-Title Jakarta Servlet Medium Product pom artifactid tomcat-servlet-api Highest Product pom groupid org.apache.tomcat Highest Product pom url https://tomcat.apache.org/ Medium Version file version 10.1.18 High Version Manifest Bundle-Version 10.1.18 High Version pom version 10.1.18 Highest
tomcat-servlet-api-8.5.98.jarDescription:
javax.servlet package License:
Apache License, Version 2.0 and
Common Development And Distribution License (CDDL) Version 1.0
:
http://www.apache.org/licenses/LICENSE-2.0.txt and
http://www.opensource.org/licenses/cddl1.txt
File Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-servlet-api/8.5.98/tomcat-servlet-api-8.5.98.jar
MD5: f5c15dba0b063284e20cfd0c4991a1cf
SHA1: 82c59b360d67e3541af1bb566b3b019ff8865c5a
SHA256: f458c26bdb8ab3d50402129cae511f0e0079c649b0eeca2293ea46cc44afaec3
Referenced In Project/Scope: waffle-tomcat85:provided
tomcat-servlet-api-8.5.98.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-tomcat85@3.3.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name tomcat-servlet-api High Vendor jar package name javax Highest Vendor jar package name servlet Highest Vendor manifest: javax/servlet/ Implementation-Vendor Apache Software Foundation Medium Vendor pom artifactid tomcat-servlet-api Highest Vendor pom artifactid tomcat-servlet-api Low Vendor pom groupid org.apache.tomcat Highest Vendor pom url https://tomcat.apache.org/ Highest Product file name tomcat-servlet-api High Product jar package name javax Highest Product jar package name servlet Highest Product manifest: javax/servlet/ Implementation-Title javax.servlet Medium Product manifest: javax/servlet/ Specification-Title Java API for Servlets Medium Product pom artifactid tomcat-servlet-api Highest Product pom groupid org.apache.tomcat Highest Product pom url https://tomcat.apache.org/ Medium Version file version 8.5.98 High Version pom version 8.5.98 Highest
tomcat-servlet-api-9.0.85.jarDescription:
javax.servlet package License:
Apache License, Version 2.0 and
Common Development And Distribution License (CDDL) Version 1.0
:
http://www.apache.org/licenses/LICENSE-2.0.txt and
http://www.opensource.org/licenses/cddl1.txt
File Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-servlet-api/9.0.85/tomcat-servlet-api-9.0.85.jar
MD5: 72c86a829f0e13f2f06c89d0da97a1fd
SHA1: 50d3f334dae990164697b9a25838d3387f4e9e42
SHA256: b4ad01f167626f85c4c1090aaecf33bcc4ac52bf88371899b679b2ea5736b7e2
Referenced In Project/Scope: waffle-tomcat9:provided
tomcat-servlet-api-9.0.85.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-tomcat9@3.3.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name tomcat-servlet-api High Vendor jar package name javax Highest Vendor jar package name servlet Highest Vendor Manifest bundle-symbolicname org.apache.tomcat-servlet-api Medium Vendor Manifest provide-capability osgi.contract;osgi.contract=JavaServlet;version:List="4.0,3.1,3,2.5";uses:="javax.servlet,javax.servlet.annotation,javax.servlet.descriptor,javax.servlet.http,javax.servlet.resources" Low Vendor manifest: javax/servlet/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: javax/servlet/annotation/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: javax/servlet/descriptor/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: javax/servlet/http/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: javax/servlet/resources/ Implementation-Vendor Apache Software Foundation Medium Vendor pom artifactid tomcat-servlet-api Highest Vendor pom artifactid tomcat-servlet-api Low Vendor pom groupid org.apache.tomcat Highest Vendor pom url https://tomcat.apache.org/ Highest Product file name tomcat-servlet-api High Product jar package name annotation Highest Product jar package name descriptor Highest Product jar package name http Highest Product jar package name javax Highest Product jar package name servlet Highest Product Manifest Bundle-Name tomcat-servlet-api Medium Product Manifest bundle-symbolicname org.apache.tomcat-servlet-api Medium Product Manifest provide-capability osgi.contract;osgi.contract=JavaServlet;version:List="4.0,3.1,3,2.5";uses:="javax.servlet,javax.servlet.annotation,javax.servlet.descriptor,javax.servlet.http,javax.servlet.resources" Low Product manifest: javax/servlet/ Implementation-Title javax.servlet Medium Product manifest: javax/servlet/ Specification-Title Java API for Servlets Medium Product manifest: javax/servlet/annotation/ Implementation-Title javax.servlet Medium Product manifest: javax/servlet/annotation/ Specification-Title Java API for Servlets Medium Product manifest: javax/servlet/descriptor/ Implementation-Title javax.servlet Medium Product manifest: javax/servlet/descriptor/ Specification-Title Java API for Servlets Medium Product manifest: javax/servlet/http/ Implementation-Title javax.servlet Medium Product manifest: javax/servlet/http/ Specification-Title Java API for Servlets Medium Product manifest: javax/servlet/resources/ Implementation-Title javax.servlet Medium Product manifest: javax/servlet/resources/ Specification-Title Java API for Servlets Medium Product pom artifactid tomcat-servlet-api Highest Product pom groupid org.apache.tomcat Highest Product pom url https://tomcat.apache.org/ Medium Version file version 9.0.85 High Version Manifest Bundle-Version 9.0.85 High Version pom version 9.0.85 Highest