Press CTR-C to copy XML [help]


Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

How to read the report | Suppressing false positives | Getting Help: github issues

 Sponsor

Project: waffle

com.github.waffle:waffle:3.3.1-SNAPSHOT

Scan Information (show all):

Summary

Display: Showing Vulnerable Dependencies (click to show all)

DependencyVulnerability IDsPackageHighest SeverityCVE CountConfidenceEvidence Count
apache-jsp-10.0.19.jarcpe:2.3:a:eclipse:jetty:10.0.19:*:*:*:*:*:*:*
cpe:2.3:a:jetty:jetty:10.0.19:*:*:*:*:*:*:*
cpe:2.3:a:mortbay_jetty:jetty:10.0.19:*:*:*:*:*:*:*		pkg:maven/org.eclipse.jetty/apache-jsp@10.0.19 0Highest39
asm-9.6.jarpkg:maven/org.ow2.asm/asm@9.6 054
asm-commons-9.6.jarpkg:maven/org.ow2.asm/asm-commons@9.6 058
asm-tree-9.6.jarpkg:maven/org.ow2.asm/asm-tree@9.6 058
byte-buddy-1.14.11.jarpkg:maven/net.bytebuddy/byte-buddy@1.14.11 029
byte-buddy-agent-1.14.11.jarpkg:maven/net.bytebuddy/byte-buddy-agent@1.14.11 033
byte-buddy-agent-1.14.11.jar: attach_hotspot_windows.dll 02
byte-buddy-agent-1.14.11.jar: attach_hotspot_windows.dll 02
caffeine-2.9.3.jarpkg:maven/com.github.ben-manes.caffeine/caffeine@2.9.3 033
caffeine-3.1.8.jarpkg:maven/com.github.ben-manes.caffeine/caffeine@3.1.8 037
checker-qual-3.42.0.jarpkg:maven/org.checkerframework/checker-qual@3.42.0 046
com.github.waffle.demo:waffle-filter:3.3.1-SNAPSHOTpkg:maven/com.github.waffle.demo/waffle-filter@3.3.1-SNAPSHOT 06
com.github.waffle.demo:waffle-form:3.3.1-SNAPSHOTpkg:maven/com.github.waffle.demo/waffle-form@3.3.1-SNAPSHOT 06
com.github.waffle.demo:waffle-jaas:3.3.1-SNAPSHOTpkg:maven/com.github.waffle.demo/waffle-jaas@3.3.1-SNAPSHOT 06
com.github.waffle.demo:waffle-mixed-post:3.3.1-SNAPSHOTpkg:maven/com.github.waffle.demo/waffle-mixed-post@3.3.1-SNAPSHOT 06
com.github.waffle.demo:waffle-mixed:3.3.1-SNAPSHOTpkg:maven/com.github.waffle.demo/waffle-mixed@3.3.1-SNAPSHOT 06
com.github.waffle.demo:waffle-negotiate:3.3.1-SNAPSHOTpkg:maven/com.github.waffle.demo/waffle-negotiate@3.3.1-SNAPSHOT 06
com.github.waffle.demo:waffle-spring-boot-filter2:3.3.1-SNAPSHOTpkg:maven/com.github.waffle.demo/waffle-spring-boot-filter2@3.3.1-SNAPSHOT 06
com.github.waffle.demo:waffle-spring-boot-filter3:3.3.1-SNAPSHOTpkg:maven/com.github.waffle.demo/waffle-spring-boot-filter3@3.3.1-SNAPSHOT 06
com.github.waffle.demo:waffle-spring-filter:3.3.1-SNAPSHOTpkg:maven/com.github.waffle.demo/waffle-spring-filter@3.3.1-SNAPSHOT 06
com.github.waffle.demo:waffle-spring-form:3.3.1-SNAPSHOTpkg:maven/com.github.waffle.demo/waffle-spring-form@3.3.1-SNAPSHOT 06
com.github.waffle:waffle-jetty:3.3.1-SNAPSHOTcpe:2.3:a:jetty:jetty:3.3.1:snapshot:*:*:*:*:*:*pkg:maven/com.github.waffle/waffle-jetty@3.3.1-SNAPSHOT 0Low6
com.github.waffle:waffle-jna-jakarta:3.3.1-SNAPSHOTpkg:maven/com.github.waffle/waffle-jna-jakarta@3.3.1-SNAPSHOT 06
com.github.waffle:waffle-jna:3.3.1-SNAPSHOTpkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT 06
com.github.waffle:waffle-shiro:3.3.1-SNAPSHOTpkg:maven/com.github.waffle/waffle-shiro@3.3.1-SNAPSHOT 06
com.github.waffle:waffle-spring-boot-autoconfigure2:3.3.1-SNAPSHOTpkg:maven/com.github.waffle/waffle-spring-boot-autoconfigure2@3.3.1-SNAPSHOT 06
com.github.waffle:waffle-spring-boot-autoconfigure3:3.3.1-SNAPSHOTpkg:maven/com.github.waffle/waffle-spring-boot-autoconfigure3@3.3.1-SNAPSHOT 06
com.github.waffle:waffle-spring-boot-starter2:3.3.1-SNAPSHOTpkg:maven/com.github.waffle/waffle-spring-boot-starter2@3.3.1-SNAPSHOT 06
com.github.waffle:waffle-spring-boot-starter3:3.3.1-SNAPSHOTpkg:maven/com.github.waffle/waffle-spring-boot-starter3@3.3.1-SNAPSHOT 06
com.github.waffle:waffle-spring-security5:3.3.1-SNAPSHOTpkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT 06
com.github.waffle:waffle-spring-security6:3.3.1-SNAPSHOTpkg:maven/com.github.waffle/waffle-spring-security6@3.3.1-SNAPSHOT 06
com.github.waffle:waffle-tomcat10:3.3.1-SNAPSHOTpkg:maven/com.github.waffle/waffle-tomcat10@3.3.1-SNAPSHOT 06
com.github.waffle:waffle-tomcat85:3.3.1-SNAPSHOTpkg:maven/com.github.waffle/waffle-tomcat85@3.3.1-SNAPSHOT 06
com.github.waffle:waffle-tomcat9:3.3.1-SNAPSHOTpkg:maven/com.github.waffle/waffle-tomcat9@3.3.1-SNAPSHOT 06
commons-beanutils-1.9.4.jarcpe:2.3:a:apache:commons_beanutils:1.9.4:*:*:*:*:*:*:*pkg:maven/commons-beanutils/commons-beanutils@1.9.4 0Highest168
ecj-3.33.0.jarpkg:maven/org.eclipse.jdt/ecj@3.33.0 036
encoder-1.2.3.jarpkg:maven/org.owasp.encoder/encoder@1.2.3 027
error_prone_annotations-2.24.1.jarpkg:maven/com.google.errorprone/error_prone_annotations@2.24.1 029
j2objc-annotations-2.8.jarpkg:maven/com.google.j2objc/j2objc-annotations@2.8 024
jackson-core-2.13.5.jarcpe:2.3:a:fasterxml:jackson-modules-java8:2.13.5:*:*:*:*:*:*:*pkg:maven/com.fasterxml.jackson.core/jackson-core@2.13.5 0Low47
jackson-core-2.15.3.jarcpe:2.3:a:fasterxml:jackson-modules-java8:2.15.3:*:*:*:*:*:*:*pkg:maven/com.fasterxml.jackson.core/jackson-core@2.15.3 0Low47
jackson-databind-2.13.5.jarcpe:2.3:a:fasterxml:jackson-databind:2.13.5:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-modules-java8:2.13.5:*:*:*:*:*:*:*		pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.5MEDIUM1Highest43
jackson-databind-2.15.3.jarcpe:2.3:a:fasterxml:jackson-databind:2.15.3:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-modules-java8:2.15.3:*:*:*:*:*:*:*		pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.15.3MEDIUM1Highest41
jakarta.annotation-api-1.3.5.jarcpe:2.3:a:oracle:projects:1.3.5:*:*:*:*:*:*:*pkg:maven/jakarta.annotation/jakarta.annotation-api@1.3.5 0Low35
jakarta.annotation-api-2.1.1.jarcpe:2.3:a:oracle:projects:2.1.1:*:*:*:*:*:*:*pkg:maven/jakarta.annotation/jakarta.annotation-api@2.1.1 0Low42
jakarta.el-3.0.4.jarcpe:2.3:a:eclipse:glassfish:3.0.4:*:*:*:*:*:*:*
cpe:2.3:a:eclipse:jakarta_expression_language:3.0.4:*:*:*:*:*:*:*		pkg:maven/org.glassfish/jakarta.el@3.0.4 0Highest46
jakarta.el-api-3.0.3.jarcpe:2.3:a:eclipse:jakarta_expression_language:3.0.3:*:*:*:*:*:*:*pkg:maven/jakarta.el/jakarta.el-api@3.0.3 0Low43
jakarta.servlet-api-4.0.2.jarcpe:2.3:a:oracle:java_se:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:projects:4.0.2:*:*:*:*:*:*:*		pkg:maven/jakarta.servlet/jakarta.servlet-api@4.0.2 0Medium41
jakarta.servlet-api-4.0.4.jarcpe:2.3:a:oracle:projects:4.0.4:*:*:*:*:*:*:*pkg:maven/jakarta.servlet/jakarta.servlet-api@4.0.4 0Low43
jakarta.servlet-api-6.0.0.jarcpe:2.3:a:oracle:projects:6.0.0:*:*:*:*:*:*:*pkg:maven/jakarta.servlet/jakarta.servlet-api@6.0.0 0Low44
jakarta.servlet.jsp-2.3.6.jarcpe:2.3:a:eclipse:glassfish:2.3.6:*:*:*:*:*:*:*
cpe:2.3:a:web_project:web:2.3.6:*:*:*:*:*:*:*		pkg:maven/org.glassfish.web/jakarta.servlet.jsp@2.3.6 0Highest47
jakarta.servlet.jsp-api-2.3.6.jarcpe:2.3:a:oracle:jsp:2.3.6:*:*:*:*:*:*:*pkg:maven/jakarta.servlet.jsp/jakarta.servlet.jsp-api@2.3.6 0Medium45
jakarta.servlet.jsp.jstl-1.2.6.jarcpe:2.3:a:eclipse:glassfish:1.2.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jsp:1.2.6:*:*:*:*:*:*:*
cpe:2.3:a:web_project:web:1.2.6:*:*:*:*:*:*:*		pkg:maven/org.glassfish.web/jakarta.servlet.jsp.jstl@1.2.6 0Highest48
jakarta.servlet.jsp.jstl-api-1.2.4.jarcpe:2.3:a:oracle:java_se:1.2.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jsp:1.2.4:*:*:*:*:*:*:*		pkg:maven/jakarta.servlet.jsp.jstl/jakarta.servlet.jsp.jstl-api@1.2.4 0Medium47
jcl-over-slf4j-2.0.11.jarpkg:maven/org.slf4j/jcl-over-slf4j@2.0.11 031
jetty-io-10.0.19.jarcpe:2.3:a:eclipse:jetty:10.0.19:*:*:*:*:*:*:*
cpe:2.3:a:jetty:jetty:10.0.19:*:*:*:*:*:*:*
cpe:2.3:a:mortbay_jetty:jetty:10.0.19:*:*:*:*:*:*:*		pkg:maven/org.eclipse.jetty/jetty-io@10.0.19 0Highest35
jetty-server-10.0.19.jarcpe:2.3:a:eclipse:jetty:10.0.19:*:*:*:*:*:*:*
cpe:2.3:a:jetty:jetty:10.0.19:*:*:*:*:*:*:*
cpe:2.3:a:jetty:jetty_http_server:10.0.19:*:*:*:*:*:*:*
cpe:2.3:a:mortbay_jetty:jetty:10.0.19:*:*:*:*:*:*:*		pkg:maven/org.eclipse.jetty/jetty-server@10.0.19 0Highest35
jetty-servlet-api-4.0.6.jarcpe:2.3:a:eclipse:jetty:4.0.6:*:*:*:*:*:*:*
cpe:2.3:a:jetty:jetty:4.0.6:*:*:*:*:*:*:*		pkg:maven/org.eclipse.jetty.toolchain/jetty-servlet-api@4.0.6CRITICAL*14Highest26
jna-5.14.0.jarcpe:2.3:a:oracle:java_se:5.14.0:*:*:*:*:*:*:*pkg:maven/net.java.dev.jna/jna@5.14.0 0Low48
jna-5.14.0.jar: jnidispatch.dll 02
jna-5.14.0.jar: jnidispatch.dll 02
jna-5.14.0.jar: jnidispatch.dll 02
jna-platform-5.14.0.jarpkg:maven/net.java.dev.jna/jna-platform@5.14.0 044
jsr305-3.0.2.jarpkg:maven/com.google.code.findbugs/jsr305@3.0.2 017
jul-to-slf4j-1.7.36.jarpkg:maven/org.slf4j/jul-to-slf4j@1.7.36 028
jul-to-slf4j-2.0.11.jarpkg:maven/org.slf4j/jul-to-slf4j@2.0.11 031
log4j-api-2.22.1.jarcpe:2.3:a:apache:log4j:2.22.1:*:*:*:*:*:*:*pkg:maven/org.apache.logging.log4j/log4j-api@2.22.1 0Highest39
log4j-to-slf4j-2.22.1.jarpkg:maven/org.apache.logging.log4j/log4j-to-slf4j@2.22.1 037
logback-core-1.2.12.jarcpe:2.3:a:qos:logback:1.2.12:*:*:*:*:*:*:*pkg:maven/ch.qos.logback/logback-core@1.2.12HIGH2Highest33
logback-core-1.4.14.jarcpe:2.3:a:qos:logback:1.4.14:*:*:*:*:*:*:*pkg:maven/ch.qos.logback/logback-core@1.4.14 0Highest36
micrometer-commons-1.12.2.jarpkg:maven/io.micrometer/micrometer-commons@1.12.2 065
micrometer-observation-1.12.2.jarpkg:maven/io.micrometer/micrometer-observation@1.12.2 065
mockito-core-5.9.0.jarpkg:maven/org.mockito/mockito-core@5.9.0 041
objenesis-3.3.jarpkg:maven/org.objenesis/objenesis@3.3 027
shiro-core-1.13.0.jarcpe:2.3:a:apache:shiro:1.13.0:*:*:*:*:*:*:*pkg:maven/org.apache.shiro/shiro-core@1.13.0 0Highest31
shiro-web-1.13.0.jarcpe:2.3:a:apache:shiro:1.13.0:*:*:*:*:*:*:*
cpe:2.3:a:web_project:web:1.13.0:*:*:*:*:*:*:*		pkg:maven/org.apache.shiro/shiro-web@1.13.0 0Highest33
slf4j-api-1.7.36.jarpkg:maven/org.slf4j/slf4j-api@1.7.36 029
slf4j-api-2.0.11.jarpkg:maven/org.slf4j/slf4j-api@2.0.11 029
slf4j-api-2.0.7.jarpkg:maven/org.slf4j/slf4j-api@2.0.7 031
slf4j-simple-2.0.11.jarpkg:maven/org.slf4j/slf4j-simple@2.0.11 037
snakeyaml-1.30.jarcpe:2.3:a:snakeyaml_project:snakeyaml:1.30:*:*:*:*:*:*:*pkg:maven/org.yaml/snakeyaml@1.30CRITICAL7Highest44
snakeyaml-2.2.jarcpe:2.3:a:snakeyaml_project:snakeyaml:2.2:*:*:*:*:*:*:*pkg:maven/org.yaml/snakeyaml@2.2 0Highest42
spotbugs-annotations-4.8.3.jarpkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.3 053
spring-boot-2.7.18.jarcpe:2.3:a:vmware:spring_boot:2.7.18:*:*:*:*:*:*:*pkg:maven/org.springframework.boot/spring-boot@2.7.18 0Highest38
spring-boot-3.2.2.jarcpe:2.3:a:vmware:spring_boot:3.2.2:*:*:*:*:*:*:*pkg:maven/org.springframework.boot/spring-boot@3.2.2 0Highest38
spring-boot-starter-web-2.7.18.jarcpe:2.3:a:vmware:spring_boot:2.7.18:*:*:*:*:*:*:*
cpe:2.3:a:web_project:web:2.7.18:*:*:*:*:*:*:*		pkg:maven/org.springframework.boot/spring-boot-starter-web@2.7.18 0Highest36
spring-boot-starter-web-3.2.2.jarcpe:2.3:a:vmware:spring_boot:3.2.2:*:*:*:*:*:*:*
cpe:2.3:a:web_project:web:3.2.2:*:*:*:*:*:*:*		pkg:maven/org.springframework.boot/spring-boot-starter-web@3.2.2 0Highest36
spring-core-5.3.31.jarcpe:2.3:a:pivotal_software:spring_framework:5.3.31:*:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:5.3.31:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:5.3.31:*:*:*:*:*:*:*		pkg:maven/org.springframework/spring-core@5.3.31 0Highest37
spring-core-6.1.3.jarcpe:2.3:a:pivotal_software:spring_framework:6.1.3:*:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:6.1.3:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:6.1.3:*:*:*:*:*:*:*		pkg:maven/org.springframework/spring-core@6.1.3 0Highest41
spring-security-core-5.8.9.jarcpe:2.3:a:pivotal_software:spring_security:5.8.9:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_security:5.8.9:*:*:*:*:*:*:*		pkg:maven/org.springframework.security/spring-security-core@5.8.9 0Highest38
spring-security-core-6.2.1.jarcpe:2.3:a:pivotal_software:spring_security:6.2.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_security:6.2.1:*:*:*:*:*:*:*		pkg:maven/org.springframework.security/spring-security-core@6.2.1 0Highest38
spring-security-crypto-5.7.11.jarcpe:2.3:a:pivotal_software:spring_security:5.7.11:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_security:5.7.11:*:*:*:*:*:*:*		pkg:maven/org.springframework.security/spring-security-crypto@5.7.11MEDIUM1Highest38
spring-security-crypto-5.8.9.jarcpe:2.3:a:pivotal_software:spring_security:5.8.9:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_security:5.8.9:*:*:*:*:*:*:*		pkg:maven/org.springframework.security/spring-security-crypto@5.8.9MEDIUM1Highest38
spring-security-web-5.8.9.jarcpe:2.3:a:pivotal_software:spring_security:5.8.9:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_security:5.8.9:*:*:*:*:*:*:*
cpe:2.3:a:web_project:web:5.8.9:*:*:*:*:*:*:*		pkg:maven/org.springframework.security/spring-security-web@5.8.9 0Highest38
spring-security-web-6.2.1.jarcpe:2.3:a:pivotal_software:spring_security:6.2.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_security:6.2.1:*:*:*:*:*:*:*
cpe:2.3:a:web_project:web:6.2.1:*:*:*:*:*:*:*		pkg:maven/org.springframework.security/spring-security-web@6.2.1 0Highest38
spring-web-5.3.31.jarcpe:2.3:a:pivotal_software:spring_framework:5.3.31:*:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:5.3.31:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:5.3.31:*:*:*:*:*:*:*
cpe:2.3:a:web_project:web:5.3.31:*:*:*:*:*:*:*		pkg:maven/org.springframework/spring-web@5.3.31CRITICAL1Highest35
spring-web-6.1.3.jarcpe:2.3:a:pivotal_software:spring_framework:6.1.3:*:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:6.1.3:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:6.1.3:*:*:*:*:*:*:*
cpe:2.3:a:web_project:web:6.1.3:*:*:*:*:*:*:*		pkg:maven/org.springframework/spring-web@6.1.3 0Highest35
spring-webmvc-5.3.31.jarcpe:2.3:a:pivotal_software:spring_framework:5.3.31:*:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:5.3.31:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:5.3.31:*:*:*:*:*:*:*
cpe:2.3:a:web_project:web:5.3.31:*:*:*:*:*:*:*		pkg:maven/org.springframework/spring-webmvc@5.3.31 0Highest37
tomcat-annotations-api-10.1.18.jarcpe:2.3:a:www-sql_project:www-sql:10.1.18:*:*:*:*:*:*:*pkg:maven/org.apache.tomcat/tomcat-annotations-api@10.1.18 0Low30
tomcat-annotations-api-8.5.98.jarpkg:maven/org.apache.tomcat/tomcat-annotations-api@8.5.98 016
tomcat-annotations-api-9.0.85.jarcpe:2.3:a:www-sql_project:www-sql:9.0.85:*:*:*:*:*:*:*pkg:maven/org.apache.tomcat/tomcat-annotations-api@9.0.85 0Low30
tomcat-api-8.5.98.jarcpe:2.3:a:apache:tomcat:8.5.98:*:*:*:*:*:*:*
cpe:2.3:a:apache_tomcat:apache_tomcat:8.5.98:*:*:*:*:*:*:*		pkg:maven/org.apache.tomcat/tomcat-api@8.5.98HIGH1Highest20
tomcat-api-9.0.85.jarcpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*
cpe:2.3:a:apache_tomcat:apache_tomcat:9.0.85:*:*:*:*:*:*:*		pkg:maven/org.apache.tomcat/tomcat-api@9.0.85 0Highest24
tomcat-el-api-10.1.18.jarpkg:maven/org.apache.tomcat/tomcat-el-api@10.1.18 025
tomcat-el-api-8.5.98.jarpkg:maven/org.apache.tomcat/tomcat-el-api@8.5.98 019
tomcat-el-api-9.0.85.jarpkg:maven/org.apache.tomcat/tomcat-el-api@9.0.85 025
tomcat-embed-core-10.1.18.jarcpe:2.3:a:apache:tomcat:10.1.18:*:*:*:*:*:*:*
cpe:2.3:a:apache_tomcat:apache_tomcat:10.1.18:*:*:*:*:*:*:*		pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.18 0Highest63
tomcat-embed-core-9.0.83.jarcpe:2.3:a:apache:tomcat:9.0.83:*:*:*:*:*:*:*
cpe:2.3:a:apache_tomcat:apache_tomcat:9.0.83:*:*:*:*:*:*:*		pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.83 0Highest65
tomcat-embed-el-10.1.18.jarpkg:maven/org.apache.tomcat.embed/tomcat-embed-el@10.1.18 033
tomcat-embed-el-9.0.83.jarpkg:maven/org.apache.tomcat.embed/tomcat-embed-el@9.0.83 033
tomcat-jni-10.1.18.jarpkg:maven/org.apache.tomcat/tomcat-jni@10.1.18 026
tomcat-jni-8.5.98.jarpkg:maven/org.apache.tomcat/tomcat-jni@8.5.98 022
tomcat-jni-9.0.85.jarpkg:maven/org.apache.tomcat/tomcat-jni@9.0.85 026
tomcat-juli-10.1.18.jarpkg:maven/org.apache.tomcat/tomcat-juli@10.1.18 026
tomcat-juli-8.5.98.jarpkg:maven/org.apache.tomcat/tomcat-juli@8.5.98 022
tomcat-juli-9.0.85.jarpkg:maven/org.apache.tomcat/tomcat-juli@9.0.85 026
tomcat-servlet-api-10.1.18.jarpkg:maven/org.apache.tomcat/tomcat-servlet-api@10.1.18 039
tomcat-servlet-api-8.5.98.jarpkg:maven/org.apache.tomcat/tomcat-servlet-api@8.5.98 018
tomcat-servlet-api-9.0.85.jarpkg:maven/org.apache.tomcat/tomcat-servlet-api@9.0.85 039

* indicates the dependency has a known exploited vulnerability

Dependencies (vulnerable)

apache-jsp-10.0.19.jar

Description:

Jetty-specific ServletContainerInitializer for Jasper

License:

https://www.eclipse.org/legal/epl-2.0/, https://www.apache.org/licenses/LICENSE-2.0
File Path: /home/runner/.m2/repository/org/eclipse/jetty/apache-jsp/10.0.19/apache-jsp-10.0.19.jar
MD5: f2c8f0dc627514318c6528139622e7d6
SHA1: 9055d4f466701d031359aef22f6cecac679e5ba3
SHA256:daf8c88e1dfa0ff68090beb6cea3dea4d56e20cdbe0f7f4e2546ef6716466247
Referenced In Project/Scope: waffle-jetty:provided
apache-jsp-10.0.19.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-jetty@3.3.1-SNAPSHOT

Identifiers

asm-9.6.jar

Description:

ASM, a very small and fast Java bytecode manipulation framework

License:

BSD-3-Clause: https://asm.ow2.io/license.html
File Path: /home/runner/.m2/repository/org/ow2/asm/asm/9.6/asm-9.6.jar
MD5: 6f8bccf756f170d4185bb24c8c2d2020
SHA1: aa205cf0a06dbd8e04ece91c0b37c3f5d567546a
SHA256:3c6fac2424db3d4a853b669f4e3d1d9c3c552235e19a319673f887083c2303a1
Referenced In Project/Scope: waffle-jetty:provided
asm-9.6.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.ow2.asm/asm-commons@9.6

Identifiers

asm-commons-9.6.jar

Description:

Usefull class adapters based on ASM, a very small and fast Java bytecode manipulation framework

License:

BSD-3-Clause: https://asm.ow2.io/license.html
File Path: /home/runner/.m2/repository/org/ow2/asm/asm-commons/9.6/asm-commons-9.6.jar
MD5: 9e317c75534bd1da8c00a67c618ab288
SHA1: f1a9e5508eff490744144565c47326c8648be309
SHA256:7aefd0d5c0901701c69f7513feda765fb6be33af2ce7aa17c5781fc87657c511
Referenced In Project/Scope: waffle-jetty:provided
asm-commons-9.6.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-jetty@3.3.1-SNAPSHOT

Identifiers

asm-tree-9.6.jar

Description:

Tree API of ASM, a very small and fast Java bytecode manipulation framework

License:

BSD-3-Clause: https://asm.ow2.io/license.html
File Path: /home/runner/.m2/repository/org/ow2/asm/asm-tree/9.6/asm-tree-9.6.jar
MD5: 6062608f1a98afe1e853d01fa1221a9e
SHA1: c0cdda9d211e965d2a4448aa3fd86110f2f8c2de
SHA256:c43ecf17b539c777e15da7b5b86553b377e2d39a683de6285567d5283888e7ef
Referenced In Project/Scope: waffle-jetty:provided
asm-tree-9.6.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.ow2.asm/asm-commons@9.6

Identifiers

byte-buddy-1.14.11.jar

Description:

        Byte Buddy is a Java library for creating Java classes at run time.
        This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/net/bytebuddy/byte-buddy/1.14.11/byte-buddy-1.14.11.jar
MD5: c28e36075a114b176953fc10a5370be7
SHA1: 725602eb7c8c56b51b9c21f273f9df5c909d9e7d
SHA256:62ae28187ed2b062813da6a9d567bfee733c341582699b62dd980230729a0313
Referenced In Projects/Scopes:
  • waffle-mixed:compile
  • waffle-tests:compile
  • waffle-spring-boot-autoconfigure3:compile
  • waffle-bom:compile
  • waffle-spring-boot-starter2:compile
  • waffle-spring-boot-autoconfigure2:compile
  • waffle-spring-boot-starter3:compile
  • waffle-form:compile
  • waffle-tests-jakarta:compile
  • waffle-negotiate:compile
  • waffle-spring-boot-filter3:compile
  • waffle-spring-filter:compile
  • waffle-spring-boot-filter2:compile
  • waffle-tomcat85:compile
  • waffle-spring-security5:compile
  • waffle-mixed-post:compile
  • waffle-spring-security6:compile
  • waffle-tomcat10:compile
  • waffle-shiro:compile
  • waffle-demo-parent:compile
  • waffle:compile
  • waffle-spring-boot2:compile
  • waffle-spring-form:compile
  • waffle-spring-boot3:compile
  • waffle-distro:compile
  • waffle-filter:compile
  • waffle-jaas:compile
  • waffle-jetty:compile
  • waffle-tomcat9:compile

byte-buddy-1.14.11.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.waffle.demo/waffle-demo-parent@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security6@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-tomcat10@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-boot2@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-shiro@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-spring-filter@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-negotiate@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-boot-autoconfigure3@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-spring-boot-filter3@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-tests-jakarta@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-tomcat9@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-spring-boot-filter2@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-bom@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-filter@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-tests@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-mixed-post@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-mixed@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-form@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-tomcat85@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-spring-form@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-boot-autoconfigure2@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jetty@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-jaas@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-boot3@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-boot-starter2@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-boot-starter3@3.3.1-SNAPSHOT

Identifiers

byte-buddy-agent-1.14.11.jar

Description:

The Byte Buddy agent offers convenience for attaching an agent to the local or a remote VM.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/net/bytebuddy/byte-buddy-agent/1.14.11/byte-buddy-agent-1.14.11.jar
MD5: 0de12734d808654692599b08ccd84020
SHA1: f9cb566608fbac6bc7bf54901a7aa11543a989ee
SHA256:2f537a621a64fa7013d68c695a76a34ee8d79dad74e635caca16dd56257aeb80
Referenced In Projects/Scopes:
  • waffle-mixed:compile
  • waffle-tests:compile
  • waffle-spring-boot-autoconfigure3:compile
  • waffle-bom:compile
  • waffle-spring-boot-starter2:compile
  • waffle-spring-boot-autoconfigure2:compile
  • waffle-spring-boot-starter3:compile
  • waffle-form:compile
  • waffle-tests-jakarta:compile
  • waffle-negotiate:compile
  • waffle-spring-boot-filter3:compile
  • waffle-spring-filter:compile
  • waffle-spring-boot-filter2:compile
  • waffle-tomcat85:compile
  • waffle-spring-security5:compile
  • waffle-mixed-post:compile
  • waffle-spring-security6:compile
  • waffle-tomcat10:compile
  • waffle-shiro:compile
  • waffle-demo-parent:compile
  • waffle:compile
  • waffle-spring-boot2:compile
  • waffle-spring-form:compile
  • waffle-spring-boot3:compile
  • waffle-distro:compile
  • waffle-filter:compile
  • waffle-jaas:compile
  • waffle-jetty:compile
  • waffle-tomcat9:compile

byte-buddy-agent-1.14.11.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.waffle/waffle-spring-boot3@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-mixed-post@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-spring-boot-filter2@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-boot-autoconfigure3@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-spring-filter@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-boot-starter3@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-bom@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-mixed@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-form@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jetty@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-jaas@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-shiro@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-demo-parent@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-boot-autoconfigure2@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-spring-boot-filter3@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-spring-form@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-negotiate@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-tomcat10@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-tests-jakarta@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-tomcat9@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security6@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-tests@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-filter@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-tomcat85@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-boot-starter2@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-boot2@3.3.1-SNAPSHOT

Identifiers

byte-buddy-agent-1.14.11.jar: attach_hotspot_windows.dll

File Path: /home/runner/.m2/repository/net/bytebuddy/byte-buddy-agent/1.14.11/byte-buddy-agent-1.14.11.jar/win32-x86-64/attach_hotspot_windows.dll
MD5: 053a783e5777c6a9867c27d51af89677
SHA1: 5ef4d98ae6a033a5707d0b5466e6138beb337e76
SHA256:16d424423f9b09accf132ad35dbeaa52ac9f6bd45bba1406b89df851f651db20
Referenced In Projects/Scopes:

  • waffle-mixed:compile
  • waffle-tests:compile
  • waffle-spring-boot-autoconfigure3:compile
  • waffle-bom:compile
  • waffle-spring-boot-starter2:compile
  • waffle-spring-boot-autoconfigure2:compile
  • waffle-spring-boot-starter3:compile
  • waffle-form:compile
  • waffle-tests-jakarta:compile
  • waffle-negotiate:compile
  • waffle-spring-boot-filter3:compile
  • waffle-spring-filter:compile
  • waffle-spring-boot-filter2:compile
  • waffle-tomcat85:compile
  • waffle-spring-security5:compile
  • waffle-mixed-post:compile
  • waffle-spring-security6:compile
  • waffle-tomcat10:compile
  • waffle-shiro:compile
  • waffle-demo-parent:compile
  • waffle:compile
  • waffle-spring-boot2:compile
  • waffle-spring-form:compile
  • waffle-spring-boot3:compile
  • waffle-distro:compile
  • waffle-filter:compile
  • waffle-jaas:compile
  • waffle-jetty:compile
  • waffle-tomcat9:compile

Identifiers

  • None

byte-buddy-agent-1.14.11.jar: attach_hotspot_windows.dll

File Path: /home/runner/.m2/repository/net/bytebuddy/byte-buddy-agent/1.14.11/byte-buddy-agent-1.14.11.jar/win32-x86/attach_hotspot_windows.dll
MD5: fbca33102ac97be0ed496c0f78e466b3
SHA1: c4df05146a86a6d073769bb697d550ef42518ed5
SHA256:810f94c4a2f5ca1a072c19859f7954fed9aa3a1dcb0d601e92d2338793202e72
Referenced In Projects/Scopes:

  • waffle-mixed:compile
  • waffle-tests:compile
  • waffle-spring-boot-autoconfigure3:compile
  • waffle-bom:compile
  • waffle-spring-boot-starter2:compile
  • waffle-spring-boot-autoconfigure2:compile
  • waffle-spring-boot-starter3:compile
  • waffle-form:compile
  • waffle-tests-jakarta:compile
  • waffle-negotiate:compile
  • waffle-spring-boot-filter3:compile
  • waffle-spring-filter:compile
  • waffle-spring-boot-filter2:compile
  • waffle-tomcat85:compile
  • waffle-spring-security5:compile
  • waffle-mixed-post:compile
  • waffle-spring-security6:compile
  • waffle-tomcat10:compile
  • waffle-shiro:compile
  • waffle-demo-parent:compile
  • waffle:compile
  • waffle-spring-boot2:compile
  • waffle-spring-form:compile
  • waffle-spring-boot3:compile
  • waffle-distro:compile
  • waffle-filter:compile
  • waffle-jaas:compile
  • waffle-jetty:compile
  • waffle-tomcat9:compile

Identifiers

  • None

caffeine-2.9.3.jar

Description:

A high performance caching library

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/github/ben-manes/caffeine/caffeine/2.9.3/caffeine-2.9.3.jar
MD5: e0b9c5ccd60a1b5403df1dfe6de37d8e
SHA1: b162491f768824d21487551873f9b3b374a7fe19
SHA256:1e0a7bbef1dd791653143f3f05d0e489934bf5481e58a87c9e619cd46b68729b
Referenced In Projects/Scopes:
  • waffle-spring-boot-starter2:compile
  • waffle-spring-boot-autoconfigure2:compile

caffeine-2.9.3.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT

Identifiers

caffeine-3.1.8.jar

Description:

A high performance caching library

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/github/ben-manes/caffeine/caffeine/3.1.8/caffeine-3.1.8.jar
MD5: b19301179903e8781776397d9923f7c8
SHA1: 24795585df8afaf70a2cd534786904ea5889c047
SHA256:7dd15f9df1be238ffaa367ce6f556737a88031de4294dad18eef57c474ddf1d3
Referenced In Projects/Scopes:
  • waffle-tests:compile
  • waffle-jna:compile
  • waffle-spring-boot-autoconfigure3:compile
  • waffle-tomcat85:compile
  • waffle-jna-jakarta:compile
  • waffle-spring-security5:compile
  • waffle-mixed-post:provided
  • waffle-spring-security6:compile
  • waffle-spring-boot-starter3:compile
  • waffle-tomcat10:compile
  • waffle-shiro:compile
  • waffle-spring-form:compile
  • waffle-form:compile
  • waffle-mixed:provided
  • waffle-negotiate:provided
  • waffle-distro:compile
  • waffle-tests-jakarta:compile
  • waffle-spring-boot-filter3:compile
  • waffle-spring-filter:compile
  • waffle-filter:compile
  • waffle-jaas:compile
  • waffle-jetty:compile
  • waffle-spring-boot-filter2:compile
  • waffle-tomcat9:compile

caffeine-3.1.8.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna-jakarta@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna-jakarta@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna-jakarta@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-negotiate@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna-jakarta@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security6@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-tomcat85@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-mixed-post@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-mixed@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security6@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna-jakarta@3.3.1-SNAPSHOT

Identifiers

checker-qual-3.42.0.jar

Description:

checker-qual contains annotations (type qualifiers) that a programmer
writes to specify Java code for type-checking by the Checker Framework.

License:

The MIT License: http://opensource.org/licenses/MIT
File Path: /home/runner/.m2/repository/org/checkerframework/checker-qual/3.42.0/checker-qual-3.42.0.jar
MD5: 4c55448dcbfe9c3702f7758fc8fe0086
SHA1: 638ec33f363a94d41a4f03c3e7d3dcfba64e402d
SHA256:ccaedd33af0b7894d9f2f3b644f4d19e43928e32902e61ac4d10777830f5aac7
Referenced In Projects/Scopes:
  • waffle-tests:compile
  • waffle-jna:compile
  • waffle-spring-boot-autoconfigure3:compile
  • waffle-spring-boot-starter2:compile
  • waffle-mixed-post:provided
  • waffle-spring-boot-autoconfigure2:compile
  • waffle-spring-boot-starter3:compile
  • waffle-form:compile
  • waffle-negotiate:provided
  • waffle-tests-jakarta:compile
  • waffle-spring-boot-filter3:compile
  • waffle-spring-filter:compile
  • waffle-spring-boot-filter2:compile
  • waffle-tomcat85:compile
  • waffle-jna-jakarta:compile
  • waffle-spring-security5:compile
  • waffle-spring-security6:compile
  • waffle-tomcat10:compile
  • waffle-shiro:compile
  • waffle-spring-form:compile
  • waffle-mixed:provided
  • waffle-distro:compile
  • waffle-filter:compile
  • waffle-jaas:compile
  • waffle-jetty:compile
  • waffle-tomcat9:compile

checker-qual-3.42.0.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.waffle/waffle-spring-security6@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-tomcat85@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna-jakarta@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna-jakarta@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna-jakarta@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna-jakarta@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna-jakarta@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security6@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT

Identifiers

com.github.waffle.demo:waffle-filter:3.3.1-SNAPSHOT

Description:

Filter Demo for WAFFLE

License:

MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-demo/waffle-filter/pom.xml

Referenced In Project/Scope: waffle-distro
com.github.waffle.demo:waffle-filter:3.3.1-SNAPSHOT is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT

Identifiers

com.github.waffle.demo:waffle-form:3.3.1-SNAPSHOT

Description:

Form Demo for WAFFLE

License:

MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-demo/waffle-form/pom.xml

Referenced In Project/Scope: waffle-distro
com.github.waffle.demo:waffle-form:3.3.1-SNAPSHOT is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT

Identifiers

com.github.waffle.demo:waffle-jaas:3.3.1-SNAPSHOT

Description:

Jaas Demo for WAFFLE

License:

MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-demo/waffle-jaas/pom.xml

Referenced In Project/Scope: waffle-distro
com.github.waffle.demo:waffle-jaas:3.3.1-SNAPSHOT is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT

Identifiers

com.github.waffle.demo:waffle-mixed-post:3.3.1-SNAPSHOT

Description:

Mixed Post Demo for WAFFLE

License:

MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-demo/waffle-mixed-post/pom.xml

Referenced In Project/Scope: waffle-distro
com.github.waffle.demo:waffle-mixed-post:3.3.1-SNAPSHOT is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT

Identifiers

com.github.waffle.demo:waffle-mixed:3.3.1-SNAPSHOT

Description:

Mixed Demo for WAFFLE

License:

MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-demo/waffle-mixed/pom.xml

Referenced In Project/Scope: waffle-distro
com.github.waffle.demo:waffle-mixed:3.3.1-SNAPSHOT is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT

Identifiers

com.github.waffle.demo:waffle-negotiate:3.3.1-SNAPSHOT

Description:

Negotiate Demo for WAFFLE

License:

MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-demo/waffle-negotiate/pom.xml

Referenced In Project/Scope: waffle-distro
com.github.waffle.demo:waffle-negotiate:3.3.1-SNAPSHOT is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT

Identifiers

com.github.waffle.demo:waffle-spring-boot-filter2:3.3.1-SNAPSHOT

Description:

Spring Boot Filter 2 Demo for WAFFLE

License:

MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-demo/waffle-spring-boot-filter2/pom.xml

Referenced In Project/Scope: waffle-distro
com.github.waffle.demo:waffle-spring-boot-filter2:3.3.1-SNAPSHOT is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT

Identifiers

com.github.waffle.demo:waffle-spring-boot-filter3:3.3.1-SNAPSHOT

Description:

Spring Boot Filter 3 Demo for WAFFLE

License:

MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-demo/waffle-spring-boot-filter3/pom.xml

Referenced In Project/Scope: waffle-distro
com.github.waffle.demo:waffle-spring-boot-filter3:3.3.1-SNAPSHOT is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT

Identifiers

com.github.waffle.demo:waffle-spring-filter:3.3.1-SNAPSHOT

Description:

Spring Filter Demo for WAFFLE

License:

MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-demo/waffle-spring-filter/pom.xml

Referenced In Project/Scope: waffle-distro
com.github.waffle.demo:waffle-spring-filter:3.3.1-SNAPSHOT is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT

Identifiers

com.github.waffle.demo:waffle-spring-form:3.3.1-SNAPSHOT

Description:

Spring Form Demo for WAFFLE

License:

MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-demo/waffle-spring-form/pom.xml

Referenced In Project/Scope: waffle-distro
com.github.waffle.demo:waffle-spring-form:3.3.1-SNAPSHOT is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT

Identifiers

com.github.waffle:waffle-jetty:3.3.1-SNAPSHOT

Description:

Jetty integration for WAFFLE

License:

MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-jetty/pom.xml

Referenced In Project/Scope: waffle-distro
com.github.waffle:waffle-jetty:3.3.1-SNAPSHOT is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT

Identifiers

com.github.waffle:waffle-jna-jakarta:3.3.1-SNAPSHOT

Description:

WAFFLE JNA Jakarta Pakage implementation

License:

MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-jna-jakarta/pom.xml

Referenced In Projects/Scopes:
  • waffle-tomcat10
  • waffle-spring-boot-filter3
  • waffle-spring-boot-starter3
  • waffle-distro
  • waffle-spring-security6
  • waffle-spring-boot-autoconfigure3
  • waffle-tests-jakarta

com.github.waffle:waffle-jna-jakarta:3.3.1-SNAPSHOT is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.waffle/waffle-spring-boot-starter3@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-tests-jakarta@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-boot-autoconfigure3@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security6@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-spring-boot-filter3@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-tomcat10@3.3.1-SNAPSHOT

Identifiers

com.github.waffle:waffle-jna:3.3.1-SNAPSHOT

Description:

WAFFLE JNA implementation

License:

MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-jna/pom.xml

Referenced In Projects/Scopes:
  • waffle-shiro
  • waffle-spring-boot-filter2
  • waffle-negotiate
  • waffle-mixed
  • waffle-tests
  • waffle-spring-boot-starter2
  • waffle-spring-boot-autoconfigure2
  • waffle-distro
  • waffle-spring-security5
  • waffle-tomcat9
  • waffle-form
  • waffle-spring-filter
  • waffle-filter
  • waffle-jetty
  • waffle-tomcat85
  • waffle-jaas
  • waffle-spring-form
  • waffle-mixed-post

com.github.waffle:waffle-jna:3.3.1-SNAPSHOT is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.waffle/waffle-spring-boot-starter2@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-tests@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-mixed-post@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-mixed@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jetty@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-negotiate@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-boot-autoconfigure2@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-tomcat85@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-spring-boot-filter2@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-jaas@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-spring-filter@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-spring-form@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-shiro@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-tomcat9@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-form@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-filter@3.3.1-SNAPSHOT

Identifiers

com.github.waffle:waffle-shiro:3.3.1-SNAPSHOT

Description:

Shiro integration for WAFFLE

License:

MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-shiro/pom.xml

Referenced In Project/Scope: waffle-distro
com.github.waffle:waffle-shiro:3.3.1-SNAPSHOT is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT

Identifiers

com.github.waffle:waffle-spring-boot-autoconfigure2:3.3.1-SNAPSHOT

Description:

Spring Boot Autoconfigure for WAFFLE

License:

MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-spring-boot2/waffle-spring-boot-autoconfigure2/pom.xml

Referenced In Projects/Scopes:
  • waffle-spring-boot-filter2
  • waffle-spring-boot-starter2
  • waffle-distro

com.github.waffle:waffle-spring-boot-autoconfigure2:3.3.1-SNAPSHOT is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-boot-starter2@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-spring-boot-filter2@3.3.1-SNAPSHOT

Identifiers

com.github.waffle:waffle-spring-boot-autoconfigure3:3.3.1-SNAPSHOT

Description:

Spring Boot Autoconfigure for WAFFLE

License:

MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-spring-boot3/waffle-spring-boot-autoconfigure3/pom.xml

Referenced In Projects/Scopes:
  • waffle-spring-boot-filter3
  • waffle-spring-boot-starter3
  • waffle-distro

com.github.waffle:waffle-spring-boot-autoconfigure3:3.3.1-SNAPSHOT is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-spring-boot-filter3@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-boot-starter3@3.3.1-SNAPSHOT

Identifiers

com.github.waffle:waffle-spring-boot-starter2:3.3.1-SNAPSHOT

Description:

Spring Boot Starter for WAFFLE

License:

MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-spring-boot2/waffle-spring-boot-starter2/pom.xml

Referenced In Projects/Scopes:
  • waffle-spring-boot-filter2
  • waffle-distro

com.github.waffle:waffle-spring-boot-starter2:3.3.1-SNAPSHOT is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.waffle.demo/waffle-spring-boot-filter2@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT

Identifiers

com.github.waffle:waffle-spring-boot-starter3:3.3.1-SNAPSHOT

Description:

Spring Boot Starter for WAFFLE

License:

MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-spring-boot3/waffle-spring-boot-starter3/pom.xml

Referenced In Projects/Scopes:
  • waffle-spring-boot-filter3
  • waffle-distro

com.github.waffle:waffle-spring-boot-starter3:3.3.1-SNAPSHOT is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.waffle.demo/waffle-spring-boot-filter3@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT

Identifiers

com.github.waffle:waffle-spring-security5:3.3.1-SNAPSHOT

Description:

Spring Security 5 integration for WAFFLE

License:

MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-spring-security5/pom.xml

Referenced In Projects/Scopes:
  • waffle-spring-filter
  • waffle-spring-boot-filter2
  • waffle-spring-boot-starter2
  • waffle-spring-boot-autoconfigure2
  • waffle-distro
  • waffle-spring-form

com.github.waffle:waffle-spring-security5:3.3.1-SNAPSHOT is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.waffle.demo/waffle-spring-form@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-spring-boot-filter2@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-boot-starter2@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-spring-filter@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-boot-autoconfigure2@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT

Identifiers

com.github.waffle:waffle-spring-security6:3.3.1-SNAPSHOT

Description:

Spring Security 6 integration for WAFFLE

License:

MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-spring-security6/pom.xml

Referenced In Projects/Scopes:
  • waffle-spring-boot-filter3
  • waffle-spring-boot-starter3
  • waffle-distro
  • waffle-spring-boot-autoconfigure3

com.github.waffle:waffle-spring-security6:3.3.1-SNAPSHOT is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.waffle/waffle-spring-boot-autoconfigure3@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-boot-starter3@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-spring-boot-filter3@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT

Identifiers

com.github.waffle:waffle-tomcat10:3.3.1-SNAPSHOT

Description:

Tomcat 10 integration for WAFFLE

License:

MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-tomcat10/pom.xml

Referenced In Project/Scope: waffle-distro
com.github.waffle:waffle-tomcat10:3.3.1-SNAPSHOT is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT

Identifiers

com.github.waffle:waffle-tomcat85:3.3.1-SNAPSHOT

Description:

Tomcat 8.5 integration for WAFFLE

License:

MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-tomcat85/pom.xml

Referenced In Projects/Scopes:
  • waffle-filter
  • waffle-negotiate
  • waffle-mixed
  • waffle-distro
  • waffle-mixed-post

com.github.waffle:waffle-tomcat85:3.3.1-SNAPSHOT is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.waffle.demo/waffle-mixed@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-mixed-post@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-negotiate@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-filter@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT

Identifiers

com.github.waffle:waffle-tomcat9:3.3.1-SNAPSHOT

Description:

Tomcat 9 integration for WAFFLE

License:

MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-tomcat9/pom.xml

Referenced In Project/Scope: waffle-distro
com.github.waffle:waffle-tomcat9:3.3.1-SNAPSHOT is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT

Identifiers

commons-beanutils-1.9.4.jar

Description:

Apache Commons BeanUtils provides an easy-to-use but flexible wrapper around reflection and introspection.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/commons-beanutils/commons-beanutils/1.9.4/commons-beanutils-1.9.4.jar
MD5: 07dc532ee316fe1f2f0323e9bd2f8df4
SHA1: d52b9abcd97f38c81342bb7e7ae1eee9b73cba51
SHA256:7d938c81789028045c08c065e94be75fc280527620d5bd62b519d5838532368a
Referenced In Project/Scope: waffle-shiro:provided
commons-beanutils-1.9.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-shiro@3.3.1-SNAPSHOT

Identifiers

ecj-3.33.0.jar

Description:

Eclipse Compiler for Java(TM)

License:

Eclipse Public License - v 2.0: https://www.eclipse.org/legal/epl-2.0/
File Path: /home/runner/.m2/repository/org/eclipse/jdt/ecj/3.33.0/ecj-3.33.0.jar
MD5: 8f97ca731449b0dd4cbf23aa34774c6f
SHA1: 4041d27ffea3c9351e3121f9bfe94dea4723d583
SHA256:f7686c4960cf70c2ebc5c500a73a8cfc04541b730c18f1c5c21329889b137f45
Referenced In Project/Scope: waffle-jetty:provided
ecj-3.33.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-jetty@3.3.1-SNAPSHOT

Identifiers

encoder-1.2.3.jar

Description:

        The OWASP Encoders package is a collection of high-performance low-overhead
        contextual encoders, that when utilized correctly, is an effective tool in
        preventing Web Application security vulnerabilities such as Cross-Site
        Scripting.

License:

http://www.opensource.org/licenses/BSD-3-Clause
File Path: /home/runner/.m2/repository/org/owasp/encoder/encoder/1.2.3/encoder-1.2.3.jar
MD5: 541c66032b50af0c60c1723bdb900d11
SHA1: 35ae93be1524b161525da2c9a110019616f67548
SHA256:b09e2cd5c36a7127e091df9be628278b1166b40bc08b9de8196ccddb0cccd67f
Referenced In Project/Scope: waffle-shiro:provided
encoder-1.2.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.shiro/shiro-web@1.13.0

Identifiers

error_prone_annotations-2.24.1.jar

Description:

Error Prone is a static analysis tool for Java that catches common programming mistakes at compile-time.

License:

Apache 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/google/errorprone/error_prone_annotations/2.24.1/error_prone_annotations-2.24.1.jar
MD5: 345bbebec9b3c68d2638c0f6809436dc
SHA1: 32b299e45105aa9b0df8279c74dc1edfcf313ff0
SHA256:19fe2f7155d20ea093168527999da98108103ee546d1e8b726bc4b27c31a3c30
Referenced In Projects/Scopes:
  • waffle-jaas:provided
  • waffle-jna:provided
  • waffle-spring-boot-filter3:provided
  • waffle-mixed-post:provided
  • waffle-jna-jakarta:provided
  • waffle-spring-security5:provided
  • waffle-bom:provided
  • waffle-shiro:provided
  • waffle-spring-boot2:provided
  • waffle-spring-boot-autoconfigure2:provided
  • waffle-negotiate:provided
  • waffle-distro:provided
  • waffle-tests:provided
  • waffle-spring-boot-filter2:provided
  • waffle-tomcat85:provided
  • waffle-form:provided
  • waffle-spring-boot3:provided
  • waffle:provided
  • waffle-spring-filter:provided
  • waffle-tests-jakarta:provided
  • waffle-spring-form:provided
  • waffle-spring-security6:provided
  • waffle-tomcat9:provided
  • waffle-demo-parent:provided
  • waffle-spring-boot-autoconfigure3:provided
  • waffle-spring-boot-starter2:provided
  • waffle-spring-boot-starter3:provided
  • waffle-jetty:provided
  • waffle-tomcat10:provided
  • waffle-filter:provided
  • waffle-mixed:provided

error_prone_annotations-2.24.1.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.waffle.demo/waffle-spring-form@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-spring-filter@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security6@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-mixed-post@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna-jakarta@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-boot2@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-spring-boot-filter2@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-shiro@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jetty@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-negotiate@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-tomcat85@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-boot-autoconfigure3@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-tests-jakarta@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-tomcat9@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-boot3@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-boot-starter2@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-tests@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-mixed@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-boot-autoconfigure2@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-bom@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-boot-starter3@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-demo-parent@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-form@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-tomcat10@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-spring-boot-filter3@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-filter@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-jaas@3.3.1-SNAPSHOT

Identifiers

j2objc-annotations-2.8.jar

Description:

    A set of annotations that provide additional information to the J2ObjC
    translator to modify the result of translation.

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/google/j2objc/j2objc-annotations/2.8/j2objc-annotations-2.8.jar
MD5: c50af69b704dc91050efb98e0dff66d1
SHA1: c85270e307e7b822f1086b93689124b89768e273
SHA256:f02a95fa1a5e95edb3ed859fd0fb7df709d121a35290eff8b74dce2ab7f4d6ed
Referenced In Projects/Scopes:
  • waffle-jaas:provided
  • waffle-jna:provided
  • waffle-spring-boot-filter3:provided
  • waffle-mixed-post:provided
  • waffle-jna-jakarta:provided
  • waffle-spring-security5:provided
  • waffle-bom:provided
  • waffle-shiro:provided
  • waffle-spring-boot2:provided
  • waffle-spring-boot-autoconfigure2:provided
  • waffle-negotiate:provided
  • waffle-distro:provided
  • waffle-tests:provided
  • waffle-spring-boot-filter2:provided
  • waffle-tomcat85:provided
  • waffle-form:provided
  • waffle-spring-boot3:provided
  • waffle:provided
  • waffle-spring-filter:provided
  • waffle-tests-jakarta:provided
  • waffle-spring-form:provided
  • waffle-spring-security6:provided
  • waffle-tomcat9:provided
  • waffle-demo-parent:provided
  • waffle-spring-boot-autoconfigure3:provided
  • waffle-spring-boot-starter2:provided
  • waffle-spring-boot-starter3:provided
  • waffle-jetty:provided
  • waffle-tomcat10:provided
  • waffle-filter:provided
  • waffle-mixed:provided

j2objc-annotations-2.8.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.waffle/waffle@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-spring-boot-filter3@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jetty@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-tomcat9@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-mixed-post@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-form@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-boot2@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-tests@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-boot-starter2@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-bom@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-spring-filter@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-filter@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-boot-starter3@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna-jakarta@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-negotiate@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-spring-boot-filter2@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-jaas@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-boot-autoconfigure2@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-spring-form@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-demo-parent@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-tomcat10@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-tomcat85@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-shiro@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-boot3@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-mixed@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-tests-jakarta@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-boot-autoconfigure3@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security6@3.3.1-SNAPSHOT

Identifiers

jackson-core-2.13.5.jar

Description:

Core Jackson processing abstractions (aka Streaming API), implementation for JSON

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.13.5/jackson-core-2.13.5.jar
MD5: 2272453c780d1383ecd2efde00c1a7a9
SHA1: 0d07c97d3de9ea658caf1ff1809fd9de930a286a
SHA256:48f36a025311d0464ad8dda4512a20c79e279a9550f63f3179d731d94482474b
Referenced In Projects/Scopes:
  • waffle-distro:runtime
  • waffle-spring-boot-autoconfigure2:compile
  • waffle-spring-boot-filter2:compile

jackson-core-2.13.5.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.waffle.demo/waffle-spring-boot-filter2@3.3.1-SNAPSHOT
  • pkg:maven/org.springframework.boot/spring-boot-starter-web@2.7.18
  • pkg:maven/org.springframework.boot/spring-boot-starter-web@2.7.18

Identifiers

jackson-core-2.15.3.jar

Description:

Core Jackson processing abstractions (aka Streaming API), implementation for JSON

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.15.3/jackson-core-2.15.3.jar
MD5: c86c75392bf138d54d2a219bb1d0cbcd
SHA1: 60d600567c1862840397bf9ff5a92398edc5797b
SHA256:51fab7aad51ed588482edc507fd542747936c5094d1ab76ed21ddb63b96b610d
Referenced In Projects/Scopes:
  • waffle-spring-boot-autoconfigure3:compile
  • waffle-spring-boot-filter3:compile

jackson-core-2.15.3.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/org.springframework.boot/spring-boot-starter-web@3.2.2
  • pkg:maven/org.springframework.boot/spring-boot-starter-web@3.2.2

Identifiers

jackson-databind-2.13.5.jar

Description:

General data-binding functionality for Jackson: works on core streaming API

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.13.5/jackson-databind-2.13.5.jar
MD5: 1dbb98839964a6967a428d868b2d8714
SHA1: aa95e46dbc32454f3983221d420e78ef19ddf844
SHA256:5fedb24b2356491815d18267f65da9a21dd67413345ad7795f221afa25c78984
Referenced In Projects/Scopes:
  • waffle-distro:runtime
  • waffle-spring-boot-autoconfigure2:compile
  • waffle-spring-boot-filter2:compile

jackson-databind-2.13.5.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.waffle.demo/waffle-spring-boot-filter2@3.3.1-SNAPSHOT
  • pkg:maven/org.springframework.boot/spring-boot-starter-web@2.7.18
  • pkg:maven/org.springframework.boot/spring-boot-starter-web@2.7.18

Identifiers

CVE-2023-35116  

jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor's perspective is that this is not a valid vulnerability report, because the steps of constructing a cyclic data structure and trying to serialize it cannot be achieved by an external attacker.
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv3:
  • Base Score: MEDIUM (4.7)
  • Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:1.0/RC:R/MAV:A

References:

Vulnerable Software & Versions:

jackson-databind-2.15.3.jar

Description:

General data-binding functionality for Jackson: works on core streaming API

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.15.3/jackson-databind-2.15.3.jar
MD5: 5f453c55f127690fa8491ce347aa055c
SHA1: a734bc2c47a9453c4efa772461a3aeb273c010d9
SHA256:c3c53333a2172a80678bda1803e39cff45bec6ae3e9c7d4f44a81ec4e2ab18dc
Referenced In Projects/Scopes:
  • waffle-spring-boot-autoconfigure3:compile
  • waffle-spring-boot-filter3:compile

jackson-databind-2.15.3.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/org.springframework.boot/spring-boot-starter-web@3.2.2
  • pkg:maven/org.springframework.boot/spring-boot-starter-web@3.2.2

Identifiers

CVE-2023-35116  

jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor's perspective is that this is not a valid vulnerability report, because the steps of constructing a cyclic data structure and trying to serialize it cannot be achieved by an external attacker.
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv3:
  • Base Score: MEDIUM (4.7)
  • Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:1.0/RC:R/MAV:A

References:

Vulnerable Software & Versions:

jakarta.annotation-api-1.3.5.jar

Description:

Jakarta Annotations API

License:

EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html
File Path: /home/runner/.m2/repository/jakarta/annotation/jakarta.annotation-api/1.3.5/jakarta.annotation-api-1.3.5.jar
MD5: 8b165cf58df5f8c2a222f637c0a07c97
SHA1: 59eb84ee0d616332ff44aba065f3888cf002cd2d
SHA256:85fb03fc054cdf4efca8efd9b6712bbb418e1ab98241c4539c8585bbc23e1b8a
Referenced In Projects/Scopes:
  • waffle-jetty:provided
  • waffle-distro:runtime
  • waffle-spring-boot-starter2:compile
  • waffle-spring-boot-autoconfigure2:compile
  • waffle-spring-boot-filter2:compile

jakarta.annotation-api-1.3.5.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/org.springframework.boot/spring-boot-starter-web@2.7.18
  • pkg:maven/com.github.waffle/waffle-spring-boot-starter2@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jetty@3.3.1-SNAPSHOT
  • pkg:maven/org.springframework.boot/spring-boot-starter@2.7.18
  • pkg:maven/org.springframework.boot/spring-boot-starter@2.7.18

Identifiers

jakarta.annotation-api-2.1.1.jar

Description:

Jakarta Annotations API

License:

EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html
File Path: /home/runner/.m2/repository/jakarta/annotation/jakarta.annotation-api/2.1.1/jakarta.annotation-api-2.1.1.jar
MD5: 5dac2f68e8288d0add4dc92cb161711d
SHA1: 48b9bda22b091b1f48b13af03fe36db3be6e1ae3
SHA256:5f65fdaf424eee2b55e1d882ba9bb376be93fb09b37b808be6e22e8851c909fe
Referenced In Projects/Scopes:
  • waffle-spring-boot-autoconfigure3:compile
  • waffle-spring-boot-filter3:compile
  • waffle-spring-boot-starter3:compile

jakarta.annotation-api-2.1.1.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/org.springframework.boot/spring-boot-starter@3.2.2
  • pkg:maven/org.springframework.boot/spring-boot-starter-web@3.2.2
  • pkg:maven/org.springframework.boot/spring-boot-starter@3.2.2

Identifiers

jakarta.el-3.0.4.jar

Description:

        Jakarta Expression Language provides a specification document, API, reference implementation and TCK 
        that describes an expression language for Java applications.

License:

EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html
File Path: /home/runner/.m2/repository/org/glassfish/jakarta.el/3.0.4/jakarta.el-3.0.4.jar
MD5: a4ff0d711c405e054f8166c2ea893e0e
SHA1: f48473482c0e3e714f87186d9305bcae30b7f5cb
SHA256:3b8d4311b47fb47d168ad4338b6649a7cc21d5066b9765bd28ebca93148064be
Referenced In Project/Scope: waffle-jetty:provided
jakarta.el-3.0.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-jetty@3.3.1-SNAPSHOT

Identifiers

jakarta.el-api-3.0.3.jar

Description:

        Jakarta Expression Language defines an expression language for Java applications

License:

EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html
File Path: /home/runner/.m2/repository/jakarta/el/jakarta.el-api/3.0.3/jakarta.el-api-3.0.3.jar
MD5: 528ed6138395d22fb54912b2b889e88e
SHA1: f311ab94bb1d4380690a53d737226a6b879dd4f1
SHA256:47ae0a91fb6dd32fdaa5d9bda63df043ac8148e00c297ccce8ab9c56b95cf261
Referenced In Project/Scope: waffle-jetty:provided
jakarta.el-api-3.0.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-jetty@3.3.1-SNAPSHOT

Identifiers

jakarta.servlet-api-4.0.2.jar

Description:

Java(TM) Servlet 4.0 API Design Specification

License:

EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html
File Path: /home/runner/.m2/repository/jakarta/servlet/jakarta.servlet-api/4.0.2/jakarta.servlet-api-4.0.2.jar
MD5: 75523dea16c815e4b111796ea1679b1b
SHA1: 60da427ed588aa0cf70cb6cb7209c31e83069364
SHA256:0cd32c92320ae92c8692ef326dfeef756e97760251fca0c45472f299f1c3c916
Referenced In Project/Scope: waffle-jetty:provided
jakarta.servlet-api-4.0.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.glassfish.web/jakarta.servlet.jsp.jstl@1.2.6

Identifiers

jakarta.servlet-api-4.0.4.jar

Description:

Jakarta Servlet 4.0

License:

EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html
File Path: /home/runner/.m2/repository/jakarta/servlet/jakarta.servlet-api/4.0.4/jakarta.servlet-api-4.0.4.jar
MD5: f5d1d7a29978e4ae0be5a456ee1c65c3
SHA1: b8a1142e04838fe54194049c6e7a18dae8f9b960
SHA256:586e27706c21258f5882f43be06904f49b02db9ac54e345d393fe4a32494d127
Referenced In Projects/Scopes:
  • waffle-jaas:provided
  • waffle-form:provided
  • waffle-spring-filter:provided
  • waffle-spring-form:provided
  • waffle-jna:provided
  • waffle-spring-boot-filter3:provided
  • waffle-demo-parent:provided
  • waffle-mixed-post:provided
  • waffle-spring-security5:provided
  • waffle-shiro:provided
  • waffle-filter:provided
  • waffle-mixed:provided
  • waffle-negotiate:provided
  • waffle-tests:provided
  • waffle-spring-boot-filter2:provided

jakarta.servlet-api-4.0.4.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.waffle.demo/waffle-mixed@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-jaas@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-mixed-post@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-spring-boot-filter3@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-demo-parent@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-tests@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-spring-form@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-spring-filter@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-shiro@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-spring-boot-filter2@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-form@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-negotiate@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-filter@3.3.1-SNAPSHOT

Identifiers

jakarta.servlet-api-6.0.0.jar

Description:

Jakarta Servlet 6.0

License:

EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html
File Path: /home/runner/.m2/repository/jakarta/servlet/jakarta.servlet-api/6.0.0/jakarta.servlet-api-6.0.0.jar
MD5: 4bcb3175ed9b7aa3f038d082879ec2a8
SHA1: abecc699286e65035ebba9844c03931357a6a963
SHA256:c034eb1afb158987dbb53a5fea0cadf611c8dae8daadd59c44d9d5ab70129cef
Referenced In Projects/Scopes:
  • waffle-tests-jakarta:provided
  • waffle-spring-security6:provided
  • waffle-jna-jakarta:provided

jakarta.servlet-api-6.0.0.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.waffle/waffle-spring-security6@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-tests-jakarta@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna-jakarta@3.3.1-SNAPSHOT

Identifiers

jakarta.servlet.jsp-2.3.6.jar

Description:

JavaServer Pages API

License:

EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html
File Path: /home/runner/.m2/repository/org/glassfish/web/jakarta.servlet.jsp/2.3.6/jakarta.servlet.jsp-2.3.6.jar
MD5: 16d8baeceb5503f066c61582085c75cb
SHA1: 13192d5874b787c0ce0c70b35e95181e8b683a1c
SHA256:990af769158db75833fe8b4d1e56ea778246bc3c6522d434369f1a0bcebf8582
Referenced In Project/Scope: waffle-jetty:provided
jakarta.servlet.jsp-2.3.6.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-jetty@3.3.1-SNAPSHOT

Identifiers

jakarta.servlet.jsp-api-2.3.6.jar

Description:

Jakarta Server Pages API

License:

EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html
File Path: /home/runner/.m2/repository/jakarta/servlet/jsp/jakarta.servlet.jsp-api/2.3.6/jakarta.servlet.jsp-api-2.3.6.jar
MD5: 07e4d801fad7599ae858cb6b779b5168
SHA1: ee48550ece1af1e0d8bd4877dbc6da5c29c5496b
SHA256:e915fa9db7245592460dfaf1a2df9cdfe800cc3976562ed492870db56369dde9
Referenced In Project/Scope: waffle-jetty:provided
jakarta.servlet.jsp-api-2.3.6.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-jetty@3.3.1-SNAPSHOT

Identifiers

jakarta.servlet.jsp.jstl-1.2.6.jar

Description:

JavaServer Pages(TM) Standard Tag Library API

License:

EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html
File Path: /home/runner/.m2/repository/org/glassfish/web/jakarta.servlet.jsp.jstl/1.2.6/jakarta.servlet.jsp.jstl-1.2.6.jar
MD5: 7058e8ed0b161b729e6134784750d22b
SHA1: f5a092de3b2b087c14ca4b8d6f2c77a1f6802828
SHA256:3b697c6cdf4d28de185e07d63f3682728b5a2b1dd229f5f9deb9b930d64b484a
Referenced In Project/Scope: waffle-jetty:provided
jakarta.servlet.jsp.jstl-1.2.6.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-jetty@3.3.1-SNAPSHOT

Identifiers

jakarta.servlet.jsp.jstl-api-1.2.4.jar

Description:

JavaServer Pages(TM) Standard Tag Library API

License:

EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html
File Path: /home/runner/.m2/repository/jakarta/servlet/jsp/jstl/jakarta.servlet.jsp.jstl-api/1.2.4/jakarta.servlet.jsp.jstl-api-1.2.4.jar
MD5: 5b4683c3a614b37a5de721817e792024
SHA1: 9d23cda192df1192894277fd9d0710abb61329af
SHA256:57122ab0151f82e716d825e65627e8064eb108dbeaafafa780687d61d5359454
Referenced In Project/Scope: waffle-jetty:provided
jakarta.servlet.jsp.jstl-api-1.2.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.glassfish.web/jakarta.servlet.jsp.jstl@1.2.6

Identifiers

jcl-over-slf4j-2.0.11.jar

Description:

JCL 1.2 implemented over SLF4J

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/slf4j/jcl-over-slf4j/2.0.11/jcl-over-slf4j-2.0.11.jar
MD5: 7ad2cbcec0efd8cfc8f3a6dfacfc5829
SHA1: f6226edb8c85f8c9f1f75ec4b0252c02f589478a
SHA256:55e96f9830d732c81f0709e9090f308798381be7dc5aa67dd423c02831b5b4bb
Referenced In Projects/Scopes:
  • waffle-tests:compile
  • waffle-jna:compile
  • waffle-tomcat85:compile
  • waffle-jna-jakarta:compile
  • waffle-mixed-post:provided
  • waffle-tomcat10:compile
  • waffle-shiro:compile
  • waffle-form:compile
  • waffle-mixed:provided
  • waffle-negotiate:provided
  • waffle-distro:compile
  • waffle-tests-jakarta:compile
  • waffle-filter:compile
  • waffle-jaas:compile
  • waffle-jetty:compile
  • waffle-tomcat9:compile

jcl-over-slf4j-2.0.11.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-tomcat85@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna-jakarta@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna-jakarta@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna-jakarta@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT

Identifiers

jetty-io-10.0.19.jar

Description:

Jetty module for Jetty :: IO Utility

License:

https://www.eclipse.org/legal/epl-2.0/, https://www.apache.org/licenses/LICENSE-2.0
File Path: /home/runner/.m2/repository/org/eclipse/jetty/jetty-io/10.0.19/jetty-io-10.0.19.jar
MD5: 2a17076c238062f9d3ef947282347d3b
SHA1: 1a08ba2c33c92d7d1f2a9dd8b87653c237756921
SHA256:4ec28fd3717eebfa3b3ac3d692d89889ac0a5282ba129b7d7ce4682abe778158
Referenced In Project/Scope: waffle-jetty:provided
jetty-io-10.0.19.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.eclipse.jetty/jetty-client@10.0.19

Identifiers

jetty-server-10.0.19.jar

Description:

The core jetty server artifact.

License:

https://www.eclipse.org/legal/epl-2.0/, https://www.apache.org/licenses/LICENSE-2.0
File Path: /home/runner/.m2/repository/org/eclipse/jetty/jetty-server/10.0.19/jetty-server-10.0.19.jar
MD5: 885901771fa61efe91135936572573e5
SHA1: 5a0f3f4118cd80cbdfa38f162e1ccd50afc8cae6
SHA256:f61b8eace7df3f9394db0e7e1e00f8db2fed4ecda57f269720b80f394ba9d46a
Referenced In Project/Scope: waffle-jetty:provided
jetty-server-10.0.19.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.eclipse.jetty/jetty-servlet@10.0.19

Identifiers

jetty-servlet-api-4.0.6.jar

Description:

Combined servlet api and schemas for use in JPMS and OSGi environments

License:

http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php
File Path: /home/runner/.m2/repository/org/eclipse/jetty/toolchain/jetty-servlet-api/4.0.6/jetty-servlet-api-4.0.6.jar
MD5: d63413e02885c25d0129e3d2936606f6
SHA1: 959c5d83d08f5cddf56caff749e48b735193191b
SHA256:d90bf1f8a9d2ba89f4510bb51e1516dcf94ef6dc034e00f233654abdd78f2210
Referenced In Project/Scope: waffle-jetty:provided
jetty-servlet-api-4.0.6.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.eclipse.jetty/apache-jsp@10.0.19

Identifiers

CVE-2017-7657  

In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a smaller chunk size and content sent as chunk body could be interpreted as a pipelined request. If Jetty was deployed behind an intermediary that imposed some authorization and that intermediary allowed arbitrarily large chunks to be passed on unchanged, then this flaw could be used to bypass the authorization imposed by the intermediary as the fake pipelined request would not be interpreted by the intermediary as a request.
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling'), CWE-190 Integer Overflow or Wraparound

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2017-7658  

In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length and a chunked encoding header, the content-length was ignored (as per RFC 2616). If an intermediary decided on the shorter length, but still passed on the longer body, then body content could be interpreted by Jetty as a pipelined request. If the intermediary was imposing authorization, the fake pipelined request would bypass that authorization.
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2009-5045  

Dump Servlet information leak in jetty before 6.1.22.
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions:

CVE-2017-7656  

In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), HTTP/0.9 is handled poorly. An HTTP/1 style request line (i.e. method space URI space version) that declares a version of HTTP/0.9 was accepted and treated as a 0.9 request. If deployed behind an intermediary that also accepted and passed through the 0.9 version (but did not act on it), then the response sent could be interpreted by the intermediary as HTTP/1 headers. This could be used to poison the cache if the server allowed the origin client to generate arbitrary content in the response.
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling'), NVD-CWE-noinfo

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2017-9735  

Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords.
CWE-203 Observable Discrepancy

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2022-2048  

In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources left to process good requests.
CWE-664 Improper Control of a Resource Through its Lifetime, NVD-CWE-Other, CWE-410 Insufficient Resource Pool

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2023-44487  

CISA Known Exploited Vulnerability:
  • Product: IETF HTTP/2
  • Name: HTTP/2 Rapid Reset Attack Vulnerability
  • Date Added: 2023-10-10
  • Description: HTTP/2 contains a rapid reset vulnerability that allows for a distributed denial-of-service attack (DDoS).
  • Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Due Date: 2023-10-31
  • Notes: https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
CWE-400 Uncontrolled Resource Consumption

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2020-27216  

In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability.
CWE-378 Creation of Temporary File With Insecure Permissions, CWE-379 Creation of Temporary File in Directory with Insecure Permissions, NVD-CWE-Other

CVSSv2:
  • Base Score: MEDIUM (4.4)
  • Vector: /AV:L/AC:M/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: HIGH (7.0)
  • Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:1.0/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2009-5046  

JSP Dump and Session Dump Servlet XSS in jetty before 6.1.22.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions:

CVE-2021-28169  

For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application.
NVD-CWE-Other, CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSSv3:
  • Base Score: MEDIUM (5.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2023-26048  

Jetty is a java based web server and servlet engine. In affected versions servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. This issue has been patched in versions 9.4.51, 10.0.14, and 11.0.14. Users are advised to upgrade. Users unable to upgrade may set the multipart parameter `maxRequestSize` which must be set to a non-negative value, so the whole multipart content is limited (although still read into memory).
CWE-400 Uncontrolled Resource Consumption, CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv3:
  • Base Score: MEDIUM (5.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2023-26049  

Jetty is a java based web server and servlet engine. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE="b; JSESSIONID=1337; c=d"` will be parsed as one cookie, with the name DISPLAY_LANGUAGE and a value of b; JSESSIONID=1337; c=d instead of 3 separate cookies. This has security implications because if, say, JSESSIONID is an HttpOnly cookie, and the DISPLAY_LANGUAGE cookie value is rendered on the page, an attacker can smuggle the JSESSIONID cookie into the DISPLAY_LANGUAGE cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server or its logging system. This issue has been addressed in versions 9.4.51, 10.0.14, 11.0.14, and 12.0.0.beta0 and users are advised to upgrade. There are no known workarounds for this issue.
NVD-CWE-noinfo, CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

CVSSv3:
  • Base Score: MEDIUM (5.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2021-34428  

For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, if an exception is thrown from the SessionListener#sessionDestroyed() method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in.
CWE-613 Insufficient Session Expiration

CVSSv2:
  • Base Score: LOW (3.6)
  • Vector: /AV:L/AC:L/Au:N/C:P/I:P/A:N
CVSSv3:
  • Base Score: LOW (3.5)
  • Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:0.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2022-2047  

In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario.
CWE-20 Improper Input Validation

CVSSv2:
  • Base Score: MEDIUM (4.0)
  • Vector: /AV:N/AC:L/Au:S/C:N/I:P/A:N
CVSSv3:
  • Base Score: LOW (2.7)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N/E:1.2/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

jna-5.14.0.jar

Description:

Java Native Access

License:

LGPL-2.1-or-later: https://www.gnu.org/licenses/old-licenses/lgpl-2.1
Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/net/java/dev/jna/jna/5.14.0/jna-5.14.0.jar
MD5: 8b3cc652920435ad9f801e6d9b2a3497
SHA1: 67bf3eaea4f0718cb376a181a629e5f88fa1c9dd
SHA256:34ed1e1f27fa896bca50dbc4e99cf3732967cec387a7a0d5e3486c09673fe8c6
Referenced In Projects/Scopes:
  • waffle-tests:compile
  • waffle-jna:compile
  • waffle-spring-boot-autoconfigure3:compile
  • waffle-bom:compile
  • waffle-spring-boot-starter2:compile
  • waffle-mixed-post:provided
  • waffle-spring-boot-autoconfigure2:compile
  • waffle-spring-boot-starter3:compile
  • waffle-form:compile
  • waffle-negotiate:provided
  • waffle-tests-jakarta:compile
  • waffle-spring-boot-filter3:compile
  • waffle-spring-filter:compile
  • waffle-spring-boot-filter2:compile
  • waffle-tomcat85:compile
  • waffle-jna-jakarta:compile
  • waffle-spring-security5:compile
  • waffle-spring-security6:compile
  • waffle-tomcat10:compile
  • waffle-shiro:compile
  • waffle-spring-form:compile
  • waffle-mixed:provided
  • waffle-distro:compile
  • waffle-filter:compile
  • waffle-jaas:compile
  • waffle-jetty:compile
  • waffle-tomcat9:compile

jna-5.14.0.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna-jakarta@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna-jakarta@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security6@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna-jakarta@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-tomcat85@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna-jakarta@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna-jakarta@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-bom@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security6@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT

Identifiers

jna-5.14.0.jar: jnidispatch.dll

File Path: /home/runner/.m2/repository/net/java/dev/jna/jna/5.14.0/jna-5.14.0.jar/com/sun/jna/win32-aarch64/jnidispatch.dll
MD5: f6bef568e690d361a5dcc165f5ad4b1f
SHA1: 05638a4aaafa689a6c246530823afdc18d3fd438
SHA256:b9d1479b9619b7ece4a36b6ae31365ffaf15a1355d4f6da02f8b5f09df2fa82f
Referenced In Projects/Scopes:

  • waffle-tests:compile
  • waffle-jna:compile
  • waffle-spring-boot-autoconfigure3:compile
  • waffle-bom:compile
  • waffle-spring-boot-starter2:compile
  • waffle-mixed-post:provided
  • waffle-spring-boot-autoconfigure2:compile
  • waffle-spring-boot-starter3:compile
  • waffle-form:compile
  • waffle-negotiate:provided
  • waffle-tests-jakarta:compile
  • waffle-spring-boot-filter3:compile
  • waffle-spring-filter:compile
  • waffle-spring-boot-filter2:compile
  • waffle-tomcat85:compile
  • waffle-jna-jakarta:compile
  • waffle-spring-security5:compile
  • waffle-spring-security6:compile
  • waffle-tomcat10:compile
  • waffle-shiro:compile
  • waffle-spring-form:compile
  • waffle-mixed:provided
  • waffle-distro:compile
  • waffle-filter:compile
  • waffle-jaas:compile
  • waffle-jetty:compile
  • waffle-tomcat9:compile

Identifiers

  • None

jna-5.14.0.jar: jnidispatch.dll

File Path: /home/runner/.m2/repository/net/java/dev/jna/jna/5.14.0/jna-5.14.0.jar/com/sun/jna/win32-x86-64/jnidispatch.dll
MD5: 719d6ba1946c25aa61ce82f90d77ffd5
SHA1: 94d2191378cac5719daecc826fc116816284c406
SHA256:69c45175ecfd25af023f96ac0bb2c45e6a95e3ba8a5a50ee7969ccab14825c44
Referenced In Projects/Scopes:

  • waffle-tests:compile
  • waffle-jna:compile
  • waffle-spring-boot-autoconfigure3:compile
  • waffle-bom:compile
  • waffle-spring-boot-starter2:compile
  • waffle-mixed-post:provided
  • waffle-spring-boot-autoconfigure2:compile
  • waffle-spring-boot-starter3:compile
  • waffle-form:compile
  • waffle-negotiate:provided
  • waffle-tests-jakarta:compile
  • waffle-spring-boot-filter3:compile
  • waffle-spring-filter:compile
  • waffle-spring-boot-filter2:compile
  • waffle-tomcat85:compile
  • waffle-jna-jakarta:compile
  • waffle-spring-security5:compile
  • waffle-spring-security6:compile
  • waffle-tomcat10:compile
  • waffle-shiro:compile
  • waffle-spring-form:compile
  • waffle-mixed:provided
  • waffle-distro:compile
  • waffle-filter:compile
  • waffle-jaas:compile
  • waffle-jetty:compile
  • waffle-tomcat9:compile

Identifiers

  • None

jna-5.14.0.jar: jnidispatch.dll

File Path: /home/runner/.m2/repository/net/java/dev/jna/jna/5.14.0/jna-5.14.0.jar/com/sun/jna/win32-x86/jnidispatch.dll
MD5: e15183ef9c6c255b76fda73d01ca7ecb
SHA1: f816f998c43204230d9ea3eecffb5f8372a32c2e
SHA256:38650a0612730c52580c9f32ff766b44b1c5a426d52e7dd7a53687bf3389ac2c
Referenced In Projects/Scopes:

  • waffle-tests:compile
  • waffle-jna:compile
  • waffle-spring-boot-autoconfigure3:compile
  • waffle-bom:compile
  • waffle-spring-boot-starter2:compile
  • waffle-mixed-post:provided
  • waffle-spring-boot-autoconfigure2:compile
  • waffle-spring-boot-starter3:compile
  • waffle-form:compile
  • waffle-negotiate:provided
  • waffle-tests-jakarta:compile
  • waffle-spring-boot-filter3:compile
  • waffle-spring-filter:compile
  • waffle-spring-boot-filter2:compile
  • waffle-tomcat85:compile
  • waffle-jna-jakarta:compile
  • waffle-spring-security5:compile
  • waffle-spring-security6:compile
  • waffle-tomcat10:compile
  • waffle-shiro:compile
  • waffle-spring-form:compile
  • waffle-mixed:provided
  • waffle-distro:compile
  • waffle-filter:compile
  • waffle-jaas:compile
  • waffle-jetty:compile
  • waffle-tomcat9:compile

Identifiers

  • None

jna-platform-5.14.0.jar

Description:

Java Native Access Platform

License:

LGPL-2.1-or-later: https://www.gnu.org/licenses/old-licenses/lgpl-2.1
Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/net/java/dev/jna/jna-platform/5.14.0/jna-platform-5.14.0.jar
MD5: 3bc3f09a698e6ad250dd093f64fbb8a7
SHA1: 28934d48aed814f11e4c584da55c49fa7032b31b
SHA256:ae4caceb3840730c2537f9b7fb55a01baba580286b4122951488bcee558c2449
Referenced In Projects/Scopes:
  • waffle-tests:compile
  • waffle-jna:compile
  • waffle-spring-boot-autoconfigure3:compile
  • waffle-bom:compile
  • waffle-spring-boot-starter2:compile
  • waffle-mixed-post:provided
  • waffle-spring-boot-autoconfigure2:compile
  • waffle-spring-boot-starter3:compile
  • waffle-form:compile
  • waffle-negotiate:provided
  • waffle-tests-jakarta:compile
  • waffle-spring-boot-filter3:compile
  • waffle-spring-filter:compile
  • waffle-spring-boot-filter2:compile
  • waffle-tomcat85:compile
  • waffle-jna-jakarta:compile
  • waffle-spring-security5:compile
  • waffle-spring-security6:compile
  • waffle-tomcat10:compile
  • waffle-shiro:compile
  • waffle-spring-form:compile
  • waffle-mixed:provided
  • waffle-distro:compile
  • waffle-filter:compile
  • waffle-jaas:compile
  • waffle-jetty:compile
  • waffle-tomcat9:compile

jna-platform-5.14.0.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security6@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna-jakarta@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security6@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-bom@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna-jakarta@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna-jakarta@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-tomcat85@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna-jakarta@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna-jakarta@3.3.1-SNAPSHOT

Identifiers

jsr305-3.0.2.jar

Description:

JSR305 Annotations for Findbugs

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar
MD5: dd83accb899363c32b07d7a1b2e4ce40
SHA1: 25ea2e8b0c338a877313bd4672d3fe056ea78f0d
SHA256:766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7
Referenced In Projects/Scopes:
  • waffle-jaas:provided
  • waffle-jna:provided
  • waffle-spring-boot-filter3:provided
  • waffle-mixed-post:provided
  • waffle-jna-jakarta:provided
  • waffle-spring-security5:provided
  • waffle-bom:provided
  • waffle-shiro:provided
  • waffle-spring-boot2:provided
  • waffle-spring-boot-autoconfigure2:provided
  • waffle-negotiate:provided
  • waffle-distro:provided
  • waffle-tests:provided
  • waffle-spring-boot-filter2:provided
  • waffle-tomcat85:provided
  • waffle-form:provided
  • waffle-spring-boot3:provided
  • waffle:provided
  • waffle-spring-filter:provided
  • waffle-tests-jakarta:provided
  • waffle-spring-form:provided
  • waffle-spring-security6:provided
  • waffle-tomcat9:provided
  • waffle-demo-parent:provided
  • waffle-spring-boot-autoconfigure3:provided
  • waffle-spring-boot-starter2:provided
  • waffle-spring-boot-starter3:provided
  • waffle-jetty:provided
  • waffle-tomcat10:provided
  • waffle-filter:provided
  • waffle-mixed:provided

jsr305-3.0.2.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.3
  • pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.3
  • pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.3
  • pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.3
  • pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.3
  • pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.3
  • pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.3
  • pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.3
  • pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.3
  • pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.3
  • pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.3
  • pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.3
  • pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.3
  • pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.3
  • pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.3
  • pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.3
  • pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.3
  • pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.3
  • pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.3
  • pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.3
  • pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.3
  • pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.3
  • pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.3
  • pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.3
  • pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.3
  • pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.3
  • pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.3
  • pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.3
  • pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.3
  • pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.3
  • pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.3

Identifiers

jul-to-slf4j-1.7.36.jar

Description:

JUL to SLF4J bridge

File Path: /home/runner/.m2/repository/org/slf4j/jul-to-slf4j/1.7.36/jul-to-slf4j-1.7.36.jar
MD5: 2a3fe73e6cafe8f102facaf2dd65353f
SHA1: ed46d81cef9c412a88caef405b58f93a678ff2ca
SHA256:9e641fb142c5f0b0623d6222c09ea87523a41bf6bed48ac79940724010b989de
Referenced In Projects/Scopes:

  • waffle-distro:runtime
  • waffle-spring-boot-starter2:compile
  • waffle-spring-boot-autoconfigure2:compile
  • waffle-spring-boot-filter2:compile

jul-to-slf4j-1.7.36.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/org.springframework.boot/spring-boot-starter@2.7.18
  • pkg:maven/com.github.waffle/waffle-spring-boot-starter2@3.3.1-SNAPSHOT
  • pkg:maven/org.springframework.boot/spring-boot-starter-web@2.7.18
  • pkg:maven/org.springframework.boot/spring-boot-starter@2.7.18

Identifiers

jul-to-slf4j-2.0.11.jar

Description:

JUL to SLF4J bridge

License:

http://www.opensource.org/licenses/mit-license.php
File Path: /home/runner/.m2/repository/org/slf4j/jul-to-slf4j/2.0.11/jul-to-slf4j-2.0.11.jar
MD5: 46568e80d6a97fd041864e033dfdf7d0
SHA1: 279356f8e873b1a26badd8bbb3284b5c3b22c770
SHA256:67e605b1f3efd4efcb060e4c11a2e6d8d4dfd2262bba7916aeafa77eeb1bcf89
Referenced In Projects/Scopes:
  • waffle-spring-boot-autoconfigure3:compile
  • waffle-spring-boot-filter3:compile
  • waffle-spring-boot-starter3:compile

jul-to-slf4j-2.0.11.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/org.springframework.boot/spring-boot-starter@3.2.2
  • pkg:maven/org.springframework.boot/spring-boot-starter@3.2.2
  • pkg:maven/org.springframework.boot/spring-boot-starter-web@3.2.2

Identifiers

log4j-api-2.22.1.jar

Description:

The Apache Log4j API

License:

Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/apache/logging/log4j/log4j-api/2.22.1/log4j-api-2.22.1.jar
MD5: 27db0eb89ae965179480df00d8d1cf03
SHA1: bea6fede6328fabafd7e68363161a7ea6605abd1
SHA256:5d7beae7ff15d8516d6517121d7f12a79a6ac180df64b5fcec55d5be21056e53
Referenced In Projects/Scopes:
  • waffle-spring-boot-autoconfigure3:compile
  • waffle-distro:runtime
  • waffle-spring-boot-starter2:compile
  • waffle-spring-boot-filter3:compile
  • waffle-spring-boot-autoconfigure2:compile
  • waffle-spring-boot-starter3:compile
  • waffle-spring-boot-filter2:compile

log4j-api-2.22.1.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.waffle/waffle-spring-boot-starter2@3.3.1-SNAPSHOT
  • pkg:maven/org.springframework.boot/spring-boot-starter@3.2.2
  • pkg:maven/org.springframework.boot/spring-boot-starter-web@3.2.2
  • pkg:maven/org.springframework.boot/spring-boot-starter@3.2.2
  • pkg:maven/org.springframework.boot/spring-boot-starter@2.7.18
  • pkg:maven/org.springframework.boot/spring-boot-starter@2.7.18
  • pkg:maven/org.springframework.boot/spring-boot-starter-web@2.7.18

Identifiers

log4j-to-slf4j-2.22.1.jar

Description:

The Apache Log4j binding between Log4j 2 API and SLF4J.

License:

Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/apache/logging/log4j/log4j-to-slf4j/2.22.1/log4j-to-slf4j-2.22.1.jar
MD5: 47f93f1b408eb462ca4d16b4797ed87e
SHA1: b5e67b6acac768bfec1d1d6991504f45453abcad
SHA256:85a84842958e58dd8a89a3acf901a64b774704ce1511ece9f8eef70724884f92
Referenced In Projects/Scopes:
  • waffle-spring-boot-autoconfigure3:compile
  • waffle-distro:runtime
  • waffle-spring-boot-starter2:compile
  • waffle-spring-boot-filter3:compile
  • waffle-spring-boot-autoconfigure2:compile
  • waffle-spring-boot-starter3:compile
  • waffle-spring-boot-filter2:compile

log4j-to-slf4j-2.22.1.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/org.springframework.boot/spring-boot-starter-web@2.7.18
  • pkg:maven/org.springframework.boot/spring-boot-starter-web@3.2.2
  • pkg:maven/org.springframework.boot/spring-boot-starter@2.7.18
  • pkg:maven/org.springframework.boot/spring-boot-starter@2.7.18
  • pkg:maven/org.springframework.boot/spring-boot-starter@3.2.2
  • pkg:maven/com.github.waffle/waffle-spring-boot-starter2@3.3.1-SNAPSHOT
  • pkg:maven/org.springframework.boot/spring-boot-starter@3.2.2

Identifiers

logback-core-1.2.12.jar

Description:

logback-core module

License:

http://www.eclipse.org/legal/epl-v10.html, http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html
File Path: /home/runner/.m2/repository/ch/qos/logback/logback-core/1.2.12/logback-core-1.2.12.jar
MD5: 879d60b3fa9c6617cee4e20f12f6a16e
SHA1: 1d8e51a698b138065d73baefb4f94531faa323cb
SHA256:0cba0755fbdc1793f60dc9d1ef22337737899f4f28b485c42bcadacb73664b34
Referenced In Projects/Scopes:
  • waffle-spring-boot-starter2:compile
  • waffle-spring-boot-autoconfigure2:compile
  • waffle-spring-boot-filter2:compile

logback-core-1.2.12.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/ch.qos.logback/logback-classic@1.4.14
  • pkg:maven/org.springframework.boot/spring-boot-starter-web@2.7.18
  • pkg:maven/org.springframework.boot/spring-boot-starter@2.7.18

Identifiers

CVE-2023-6378  

A serialization vulnerability in logback receiver component part of 
logback version 1.4.11 allows an attacker to mount a Denial-Of-Service 
attack by sending poisoned data.
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2023-6481  

A serialization vulnerability in logback receiver component part of 
logback version 1.4.13,��1.3.13 and��1.2.12 allows an attacker to mount a Denial-Of-Service 
attack by sending poisoned data.
NVD-CWE-noinfo

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

logback-core-1.4.14.jar

Description:

logback-core module

License:

http://www.eclipse.org/legal/epl-v10.html, http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html
File Path: /home/runner/.m2/repository/ch/qos/logback/logback-core/1.4.14/logback-core-1.4.14.jar
MD5: 7367629d307fa3d0b82d76b9d3f1d09a
SHA1: 4d3c2248219ac0effeb380ed4c5280a80bf395e8
SHA256:f8c2f05f42530b1852739507c1792f0080167850ed8f396444c6913d6617a293
Referenced In Projects/Scopes:
  • waffle-mixed:compile
  • waffle-spring-boot-autoconfigure3:compile
  • waffle-mixed-post:compile
  • waffle-spring-boot-starter3:compile
  • waffle-demo-parent:compile
  • waffle-spring-form:compile
  • waffle-form:compile
  • waffle-distro:runtime
  • waffle-negotiate:compile
  • waffle-spring-boot-filter3:compile
  • waffle-spring-filter:compile
  • waffle-filter:compile
  • waffle-jaas:compile

logback-core-1.4.14.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/ch.qos.logback/logback-classic@1.4.14
  • pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT
  • pkg:maven/ch.qos.logback/logback-classic@1.4.14
  • pkg:maven/ch.qos.logback/logback-classic@1.4.14
  • pkg:maven/org.springframework.boot/spring-boot-starter@3.2.2
  • pkg:maven/ch.qos.logback/logback-classic@1.4.14
  • pkg:maven/ch.qos.logback/logback-classic@1.4.14
  • pkg:maven/ch.qos.logback/logback-classic@1.4.14
  • pkg:maven/ch.qos.logback/logback-classic@1.4.14
  • pkg:maven/ch.qos.logback/logback-classic@1.4.14
  • pkg:maven/ch.qos.logback/logback-classic@1.4.14
  • pkg:maven/ch.qos.logback/logback-classic@1.4.14
  • pkg:maven/org.springframework.boot/spring-boot-starter-web@3.2.2

Identifiers

micrometer-commons-1.12.2.jar

Description:

Module containing common code

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/io/micrometer/micrometer-commons/1.12.2/micrometer-commons-1.12.2.jar
MD5: dc4744dd14f640a3e96181831a97cfa2
SHA1: b44127d8ec7b3ef11a01912d1e6474e1167f3929
SHA256:feea1eb8302809b7a2d142de1d0de67ef329e02d01c7e5c680a76d7fc3e9309b
Referenced In Projects/Scopes:
  • waffle-spring-boot-autoconfigure3:compile
  • waffle-spring-boot-filter3:compile
  • waffle-spring-security6:compile
  • waffle-spring-boot-starter3:compile

micrometer-commons-1.12.2.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/org.springframework.boot/spring-boot-starter-web@3.2.2
  • pkg:maven/com.github.waffle/waffle-spring-security6@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security6@3.3.1-SNAPSHOT
  • pkg:maven/org.springframework/spring-context@6.1.3

Identifiers

micrometer-observation-1.12.2.jar

Description:

Module containing Observation related code

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/io/micrometer/micrometer-observation/1.12.2/micrometer-observation-1.12.2.jar
MD5: 0cdc84d8f1e64ac7a8f9dee9b100f756
SHA1: e082b05a2527fc24ea6fbe4c4b7ae34653aace81
SHA256:1b7765023228e62570b68f69b2e4b3b3bcc390832c71f50726ee336b34f96941
Referenced In Projects/Scopes:
  • waffle-spring-boot-autoconfigure3:compile
  • waffle-spring-boot-filter3:compile
  • waffle-spring-security6:compile
  • waffle-spring-boot-starter3:compile

micrometer-observation-1.12.2.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/org.springframework.boot/spring-boot-starter-web@3.2.2
  • pkg:maven/com.github.waffle/waffle-spring-security6@3.3.1-SNAPSHOT
  • pkg:maven/org.springframework/spring-context@6.1.3
  • pkg:maven/com.github.waffle/waffle-spring-security6@3.3.1-SNAPSHOT

Identifiers

mockito-core-5.9.0.jar

Description:

Mockito mock objects library core API and implementation

License:

MIT: https://opensource.org/licenses/MIT
File Path: /home/runner/.m2/repository/org/mockito/mockito-core/5.9.0/mockito-core-5.9.0.jar
MD5: 76dd8b99e2bd95bfb35d33a3b000043f
SHA1: faa88b96db3aeb96a93e83dec7491345bfbfc414
SHA256:bbad9185ed734965fac7e367f0e51596f69531e51d8b2cbcec1048dd6fb41f2c
Referenced In Projects/Scopes:
  • waffle-tests:compile
  • waffle-tests-jakarta:compile

mockito-core-5.9.0.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.waffle/waffle-tests@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-tests-jakarta@3.3.1-SNAPSHOT

Identifiers

objenesis-3.3.jar

Description:

A library for instantiating Java objects

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/objenesis/objenesis/3.3/objenesis-3.3.jar
MD5: ab0e0b2ab81affdd7f38bcc60fd85571
SHA1: 1049c09f1de4331e8193e579448d0916d75b7631
SHA256:02dfd0b0439a5591e35b708ed2f5474eb0948f53abf74637e959b8e4ef69bfeb
Referenced In Projects/Scopes:
  • waffle-tests:compile
  • waffle-tests-jakarta:compile

objenesis-3.3.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.waffle/waffle-tests-jakarta@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-tests@3.3.1-SNAPSHOT

Identifiers

shiro-core-1.13.0.jar

Description:

Apache Shiro is a powerful and flexible open-source security framework that cleanly handles        authentication, authorization, enterprise session management, single sign-on and cryptography services.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/apache/shiro/shiro-core/1.13.0/shiro-core-1.13.0.jar
MD5: a733972e7a57893a222839e497102c76
SHA1: 7e542e3d614b197bf10005e98e19f9f19cb943e7
SHA256:ddb03b68cdc08792ec2a18f0ae6edb298ce94073a87862cb44b5db3fa40643ff
Referenced In Project/Scope: waffle-shiro:provided
shiro-core-1.13.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.shiro/shiro-web@1.13.0

Identifiers

shiro-web-1.13.0.jar

Description:

Apache Shiro is a powerful and flexible open-source security framework that cleanly handles        authentication, authorization, enterprise session management, single sign-on and cryptography services.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/apache/shiro/shiro-web/1.13.0/shiro-web-1.13.0.jar
MD5: 43b4223707b70e4762fb1c4e8c07008d
SHA1: 99a09dc19f37487639b5bab978953bc38963d6ea
SHA256:8f2c2f7d4c141cd28a00edb30b3b62479fcdb2f70eeef710289b9c6138e4fc33
Referenced In Project/Scope: waffle-shiro:provided
shiro-web-1.13.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-shiro@3.3.1-SNAPSHOT

Identifiers

slf4j-api-1.7.36.jar

Description:

The slf4j API

File Path: /home/runner/.m2/repository/org/slf4j/slf4j-api/1.7.36/slf4j-api-1.7.36.jar
MD5: 872da51f5de7f3923da4de871d57fd85
SHA1: 6c62681a2f655b49963a5983b8b0950a6120ae14
SHA256:d3ef575e3e4979678dc01bf1dcce51021493b4d11fb7f1be8ad982877c16a1c0
Referenced In Projects/Scopes:

  • waffle-spring-boot-starter2:compile
  • waffle-spring-boot-autoconfigure2:compile
  • waffle-spring-boot-filter2:compile

slf4j-api-1.7.36.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/org.slf4j/slf4j-simple@1.7.36
  • pkg:maven/org.slf4j/slf4j-simple@1.7.36
  • pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT

Identifiers

slf4j-api-2.0.11.jar

Description:

The slf4j API

License:

http://www.opensource.org/licenses/mit-license.php
File Path: /home/runner/.m2/repository/org/slf4j/slf4j-api/2.0.11/slf4j-api-2.0.11.jar
MD5: 90c46a2d4613049843c804867321e6a7
SHA1: ad96c3f8cf895e696dd35c2bc8e8ebe710be9e6d
SHA256:ce0e71d673acb9036bb55d0244b261cf033f8e4c1245f14f931dfb1937dd4c95
Referenced In Projects/Scopes:
  • waffle-mixed:compile
  • waffle-tests:compile
  • waffle-jna:compile
  • waffle-spring-boot-autoconfigure3:compile
  • waffle-tomcat85:compile
  • waffle-jna-jakarta:compile
  • waffle-spring-security5:compile
  • waffle-mixed-post:compile
  • waffle-spring-security6:compile
  • waffle-spring-boot-starter3:compile
  • waffle-tomcat10:compile
  • waffle-shiro:compile
  • waffle-form:compile
  • waffle-distro:compile
  • waffle-tests-jakarta:compile
  • waffle-negotiate:compile
  • waffle-spring-boot-filter3:compile
  • waffle-jaas:compile
  • waffle-jetty:compile
  • waffle-tomcat9:compile

slf4j-api-2.0.11.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna-jakarta@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna-jakarta@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna-jakarta@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna-jakarta@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT
  • pkg:maven/org.slf4j/slf4j-simple@2.0.11
  • pkg:maven/com.github.waffle/waffle-jna-jakarta@3.3.1-SNAPSHOT
  • pkg:maven/org.slf4j/slf4j-simple@2.0.11
  • pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT

Identifiers

slf4j-api-2.0.7.jar

Description:

The slf4j API

License:

http://www.opensource.org/licenses/mit-license.php
File Path: /home/runner/.m2/repository/org/slf4j/slf4j-api/2.0.7/slf4j-api-2.0.7.jar
MD5: 403dffa46cdd2e3c82da19df4f394a4c
SHA1: 41eb7184ea9d556f23e18b5cb99cad1f8581fc00
SHA256:5d6298b93a1905c32cda6478808ac14c2d4a47e91535e53c41f7feeb85d946f4
Referenced In Projects/Scopes:
  • waffle-spring-form:compile
  • waffle-spring-filter:compile
  • waffle-filter:compile
  • waffle-demo-parent:compile

slf4j-api-2.0.7.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/ch.qos.logback/logback-classic@1.4.14
  • pkg:maven/ch.qos.logback/logback-classic@1.4.14
  • pkg:maven/ch.qos.logback/logback-classic@1.4.14
  • pkg:maven/ch.qos.logback/logback-classic@1.4.14

Identifiers

slf4j-simple-2.0.11.jar

Description:

SLF4J Simple Provider

License:

http://www.opensource.org/licenses/mit-license.php
File Path: /home/runner/.m2/repository/org/slf4j/slf4j-simple/2.0.11/slf4j-simple-2.0.11.jar
MD5: 81b8dd6091b8617476556be6f4f9ab0b
SHA1: 267ded84c4845c513677e4f7ca6f03240be9ce3f
SHA256:bb3c7e2e144dcdf022fe17775286a3623e69d75b7f52d9b62451871d0c82a513
Referenced In Projects/Scopes:
  • waffle-jna:compile
  • waffle-jna-jakarta:compile

slf4j-simple-2.0.11.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.waffle/waffle-jna-jakarta@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT

Identifiers

snakeyaml-1.30.jar

Description:

YAML 1.1 parser and emitter for Java

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar
MD5: ba063b8ef3a8bfd591a1b56451166b14
SHA1: 8fde7fe2586328ac3c68db92045e1c8759125000
SHA256:f43a4e40a946b8cdfd0321bc1c9a839bc3f119c57e4ca84fb87c367f51c8b2b3
Referenced In Projects/Scopes:
  • waffle-distro:runtime
  • waffle-spring-boot-starter2:compile
  • waffle-spring-boot-autoconfigure2:compile
  • waffle-spring-boot-filter2:compile

snakeyaml-1.30.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/org.springframework.boot/spring-boot-starter-web@2.7.18
  • pkg:maven/org.springframework.boot/spring-boot-starter@2.7.18
  • pkg:maven/com.github.waffle/waffle-spring-boot-starter2@3.3.1-SNAPSHOT
  • pkg:maven/org.springframework.boot/spring-boot-starter@2.7.18

Identifiers

CVE-2022-1471  

SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization.��Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization. We recommend upgrading to version 2.0 and beyond.
CWE-502 Deserialization of Untrusted Data, CWE-20 Improper Input Validation

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions:

CVE-2022-25857  

The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.
CWE-776 Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions:

CVE-2022-38749  

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.
CWE-787 Out-of-bounds Write, CWE-121 Stack-based Buffer Overflow

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions:

CVE-2022-38751  

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.
CWE-787 Out-of-bounds Write, CWE-121 Stack-based Buffer Overflow

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions:

CVE-2022-38752  

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.
CWE-787 Out-of-bounds Write, CWE-121 Stack-based Buffer Overflow

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions:

CVE-2022-41854  

Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.
CWE-787 Out-of-bounds Write, CWE-121 Stack-based Buffer Overflow

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions:

CVE-2022-38750  

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.
CWE-787 Out-of-bounds Write, CWE-121 Stack-based Buffer Overflow

CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A

References:

Vulnerable Software & Versions:

snakeyaml-2.2.jar

Description:

YAML 1.1 parser and emitter for Java

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/yaml/snakeyaml/2.2/snakeyaml-2.2.jar
MD5: d78aacf5f2de5b52f1a327470efd1ad7
SHA1: 3af797a25458550a16bf89acc8e4ab2b7f2bfce0
SHA256:1467931448a0817696ae2805b7b8b20bfb082652bf9c4efaed528930dc49389b
Referenced In Projects/Scopes:
  • waffle-spring-boot-autoconfigure3:compile
  • waffle-spring-boot-filter3:compile
  • waffle-spring-boot-starter3:compile

snakeyaml-2.2.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/org.springframework.boot/spring-boot-starter@3.2.2
  • pkg:maven/org.springframework.boot/spring-boot-starter-web@3.2.2
  • pkg:maven/org.springframework.boot/spring-boot-starter@3.2.2

Identifiers

spotbugs-annotations-4.8.3.jar

Description:

Annotations the SpotBugs tool supports

License:

GNU LESSER GENERAL PUBLIC LICENSE, Version 2.1: https://www.gnu.org/licenses/old-licenses/lgpl-2.1.en.html
File Path: /home/runner/.m2/repository/com/github/spotbugs/spotbugs-annotations/4.8.3/spotbugs-annotations-4.8.3.jar
MD5: cd5917b77643c3a7ba5420aea78f940c
SHA1: 05d2dc4ca5b632976371155252499819aea372ed
SHA256:e5d4f60be8e57595766ba7f1d4535dc46aebf98dae05e16372a4d4120d3ebb6b
Referenced In Projects/Scopes:
  • waffle-jaas:provided
  • waffle-jna:provided
  • waffle-spring-boot-filter3:provided
  • waffle-mixed-post:provided
  • waffle-jna-jakarta:provided
  • waffle-spring-security5:provided
  • waffle-bom:provided
  • waffle-shiro:provided
  • waffle-spring-boot2:provided
  • waffle-spring-boot-autoconfigure2:provided
  • waffle-negotiate:provided
  • waffle-distro:provided
  • waffle-tests:provided
  • waffle-spring-boot-filter2:provided
  • waffle-tomcat85:provided
  • waffle-form:provided
  • waffle-spring-boot3:provided
  • waffle:provided
  • waffle-spring-filter:provided
  • waffle-tests-jakarta:provided
  • waffle-spring-form:provided
  • waffle-spring-security6:provided
  • waffle-tomcat9:provided
  • waffle-demo-parent:provided
  • waffle-spring-boot-autoconfigure3:provided
  • waffle-spring-boot-starter2:provided
  • waffle-spring-boot-starter3:provided
  • waffle-jetty:provided
  • waffle-tomcat10:provided
  • waffle-filter:provided
  • waffle-mixed:provided

spotbugs-annotations-4.8.3.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.waffle/waffle-spring-boot-starter2@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security6@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-spring-boot-filter2@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-mixed-post@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-spring-boot-filter3@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-spring-form@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-boot3@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-mixed@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-shiro@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna-jakarta@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-boot-autoconfigure2@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-jaas@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-boot-autoconfigure3@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jetty@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-boot-starter3@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-tests-jakarta@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-negotiate@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-tests@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-spring-filter@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-tomcat85@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-form@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-tomcat9@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-boot2@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-filter@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-demo-parent@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-bom@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-tomcat10@3.3.1-SNAPSHOT

Identifiers

spring-boot-2.7.18.jar

Description:

Spring Boot

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /home/runner/.m2/repository/org/springframework/boot/spring-boot/2.7.18/spring-boot-2.7.18.jar
MD5: 0941c83c25204150f8bd73ae66c63fd1
SHA1: f6dbdd8da7c2bded63dff9b1f48d01a4923f20a0
SHA256:530f4e0fdfeb3a0e2b3a369d15cdea38fbdc1696f8b030c35a6ad65c27524950
Referenced In Projects/Scopes:
  • waffle-distro:runtime
  • waffle-spring-boot-starter2:compile
  • waffle-spring-boot-autoconfigure2:compile
  • waffle-spring-boot-filter2:compile

spring-boot-2.7.18.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.waffle/waffle-spring-boot-autoconfigure2@3.3.1-SNAPSHOT
  • pkg:maven/org.springframework.boot/spring-boot-starter@2.7.18
  • pkg:maven/com.github.waffle/waffle-spring-boot-autoconfigure2@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-boot-autoconfigure2@3.3.1-SNAPSHOT

Identifiers

spring-boot-3.2.2.jar

Description:

Spring Boot

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /home/runner/.m2/repository/org/springframework/boot/spring-boot/3.2.2/spring-boot-3.2.2.jar
MD5: 109bf8f30456d8147e458e66099b3dd1
SHA1: 09f274d1bd822c4c57bb5b37ecae2380b980f567
SHA256:c3019200b71836bc5a0607b10000a1b8542bc9e53006f97a0d79cc10754e5792
Referenced In Projects/Scopes:
  • waffle-spring-boot-autoconfigure3:compile
  • waffle-spring-boot-filter3:compile
  • waffle-spring-boot-starter3:compile

spring-boot-3.2.2.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.waffle/waffle-spring-boot-autoconfigure3@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-boot-autoconfigure3@3.3.1-SNAPSHOT
  • pkg:maven/org.springframework.boot/spring-boot-starter@3.2.2

Identifiers

spring-boot-starter-web-2.7.18.jar

Description:

Starter for building web, including RESTful, applications using Spring MVC. Uses Tomcat as the default embedded container

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /home/runner/.m2/repository/org/springframework/boot/spring-boot-starter-web/2.7.18/spring-boot-starter-web-2.7.18.jar
MD5: e0bfe77aa7415f3b86d70d41cf425ccd
SHA1: 0dd62ea85098187b4604e78dc15a7ff87dba173d
SHA256:a74fab5f826b600e3c3f4cd7028c5c982b0bf1b849673629cbb758ae790a4c08
Referenced In Projects/Scopes:
  • waffle-distro:runtime
  • waffle-spring-boot-autoconfigure2:compile
  • waffle-spring-boot-filter2:compile

spring-boot-starter-web-2.7.18.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.waffle/waffle-spring-boot-autoconfigure2@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-spring-boot-filter2@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle.demo/waffle-spring-boot-filter2@3.3.1-SNAPSHOT

Identifiers

spring-boot-starter-web-3.2.2.jar

Description:

Starter for building web, including RESTful, applications using Spring MVC. Uses Tomcat as the default embedded container

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /home/runner/.m2/repository/org/springframework/boot/spring-boot-starter-web/3.2.2/spring-boot-starter-web-3.2.2.jar
MD5: 8141b43d6918f4ed2d3fc17310f9b3a9
SHA1: b89d213d9f49c3e6247b2503ac7d94b0ac8260f6
SHA256:e3a1bb3427484eec50ff5f050a9d183b39fa5140fb5f2f6da2f8d971fd43a03b
Referenced In Projects/Scopes:
  • waffle-spring-boot-autoconfigure3:compile
  • waffle-spring-boot-filter3:compile

spring-boot-starter-web-3.2.2.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.waffle.demo/waffle-spring-boot-filter3@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-boot-autoconfigure3@3.3.1-SNAPSHOT

Identifiers

spring-core-5.3.31.jar

Description:

Spring Core

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /home/runner/.m2/repository/org/springframework/spring-core/5.3.31/spring-core-5.3.31.jar
MD5: a9ef5a29eaa89fe909a0c4ed870d90a1
SHA1: 368e76f732a3c331b970f69cafec1525d27b34d3
SHA256:7013ed3da15a8d4be797f5c310f9aa1b196b97f2313bc41e60ef3f5627224fe9
Referenced In Projects/Scopes:
  • waffle-spring-form:compile
  • waffle-distro:runtime
  • waffle-spring-security5:compile
  • waffle-spring-boot-starter2:compile
  • waffle-spring-boot-autoconfigure2:compile
  • waffle-spring-filter:compile
  • waffle-spring-boot-filter2:compile

spring-core-5.3.31.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT
  • pkg:maven/org.springframework.boot/spring-boot-starter@2.7.18
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT

Identifiers

spring-core-6.1.3.jar

Description:

Spring Core

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /home/runner/.m2/repository/org/springframework/spring-core/6.1.3/spring-core-6.1.3.jar
MD5: e7b5c956c8e58730ba7617978ac515d3
SHA1: a002e96e780954cc3ac4cd70fd3bb16accdc47ed
SHA256:f4448994a1eb4892b805020e7952aa96a8e3f101b7093a632635d2b0bab887eb
Referenced In Projects/Scopes:
  • waffle-spring-boot-autoconfigure3:compile
  • waffle-spring-boot-filter3:compile
  • waffle-spring-security6:compile
  • waffle-spring-boot-starter3:compile

spring-core-6.1.3.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.waffle/waffle-spring-security6@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security6@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security6@3.3.1-SNAPSHOT
  • pkg:maven/org.springframework.boot/spring-boot-starter@3.2.2

Identifiers

spring-security-core-5.8.9.jar

Description:

Spring Security

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /home/runner/.m2/repository/org/springframework/security/spring-security-core/5.8.9/spring-security-core-5.8.9.jar
MD5: e1305efeecf85494a57af55a4381c94b
SHA1: c9e12dfc323b313cf1c75d89af65d408debce306
SHA256:28af3791e44421b944053a4b17678b60f69bce2ed4cf1e502f86e3d5fb563f4f
Referenced In Projects/Scopes:
  • waffle-spring-form:compile
  • waffle-distro:runtime
  • waffle-spring-security5:compile
  • waffle-spring-boot-starter2:compile
  • waffle-spring-boot-autoconfigure2:compile
  • waffle-spring-filter:compile
  • waffle-spring-boot-filter2:compile

spring-security-core-5.8.9.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-boot-starter2@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT

Identifiers

spring-security-core-6.2.1.jar

Description:

Spring Security

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /home/runner/.m2/repository/org/springframework/security/spring-security-core/6.2.1/spring-security-core-6.2.1.jar
MD5: 15ff5f2662bdc1b8936abfd2ef1ad070
SHA1: b4014a04f217f0f48d15bc7d53906b6911ad855f
SHA256:7c3b0c20e19eaa47da2f1141c852e5de17a731436619e1e4ce0845e0775e4686
Referenced In Projects/Scopes:
  • waffle-spring-boot-autoconfigure3:compile
  • waffle-spring-boot-filter3:compile
  • waffle-spring-security6:compile
  • waffle-spring-boot-starter3:compile

spring-security-core-6.2.1.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.waffle/waffle-spring-boot-starter3@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security6@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security6@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security6@3.3.1-SNAPSHOT

Identifiers

spring-security-crypto-5.7.11.jar

Description:

Spring Security

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /home/runner/.m2/repository/org/springframework/security/spring-security-crypto/5.7.11/spring-security-crypto-5.7.11.jar
MD5: 29553faabff72c4261058e8ebf9e5210
SHA1: 3abf76cedbba13496108c89159451a65dfd544b5
SHA256:916b099504044134fa2d24bc61531819e3d720d17bfea2762c0defc1f7846d9b
Referenced In Projects/Scopes:
  • waffle-spring-boot-starter2:compile
  • waffle-spring-boot-autoconfigure2:compile

spring-security-crypto-5.7.11.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT

Identifiers

CVE-2020-5408 (OSSINDEX)  

Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor. A malicious user with access to the data that has been encrypted using such an encryptor may be able to derive the unencrypted values using a dictionary attack.

Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2020-5408 for details
CWE-330 Use of Insufficiently Random Values

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.springframework.security:spring-security-crypto:5.7.11:*:*:*:*:*:*:*

spring-security-crypto-5.8.9.jar

Description:

Spring Security

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /home/runner/.m2/repository/org/springframework/security/spring-security-crypto/5.8.9/spring-security-crypto-5.8.9.jar
MD5: df0a5bacd5a2a65d432a165300482c61
SHA1: 62aa602e4f5ca8f9032ce8288a45d5b4010bb756
SHA256:f688df565d4afbb7554a72b0a17fba501b30cd74470a79eec2a6985ef9619691
Referenced In Projects/Scopes:
  • waffle-spring-form:compile
  • waffle-distro:runtime
  • waffle-spring-security5:compile
  • waffle-spring-filter:compile
  • waffle-spring-boot-filter2:compile

spring-security-crypto-5.8.9.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT
  • pkg:maven/org.springframework.security/spring-security-core@5.8.9
  • pkg:maven/com.github.waffle/waffle-spring-boot-starter2@3.3.1-SNAPSHOT

Identifiers

CVE-2020-5408 (OSSINDEX)  

Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor. A malicious user with access to the data that has been encrypted using such an encryptor may be able to derive the unencrypted values using a dictionary attack.

Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2020-5408 for details
CWE-330 Use of Insufficiently Random Values

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.springframework.security:spring-security-crypto:5.8.9:*:*:*:*:*:*:*

spring-security-web-5.8.9.jar

Description:

Spring Security

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /home/runner/.m2/repository/org/springframework/security/spring-security-web/5.8.9/spring-security-web-5.8.9.jar
MD5: 0f798cd04b98bd63b0ef16a3658e2623
SHA1: 241ebc4e7e14c56550ca58694d572fe11e103f59
SHA256:91ba2f3bde1a07c1d33e5146aa9fbffeb43cbd5ab480db6fa8e84812a9e960ca
Referenced In Projects/Scopes:
  • waffle-spring-form:compile
  • waffle-distro:runtime
  • waffle-spring-security5:compile
  • waffle-spring-boot-starter2:compile
  • waffle-spring-boot-autoconfigure2:compile
  • waffle-spring-filter:compile
  • waffle-spring-boot-filter2:compile

spring-security-web-5.8.9.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT
  • pkg:maven/org.springframework.boot/spring-boot-starter-security@2.7.18
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT

Identifiers

spring-security-web-6.2.1.jar

Description:

Spring Security

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /home/runner/.m2/repository/org/springframework/security/spring-security-web/6.2.1/spring-security-web-6.2.1.jar
MD5: 9d7b5b036dabb2e28231f1977d9091e4
SHA1: 4b486977ab1bcdd5dcc6aa5d8a367f1c0814bf56
SHA256:86f440ff943644b6de7a4771438a12b8f9d2751fa4ed633a6013965d2377ffc7
Referenced In Projects/Scopes:
  • waffle-spring-boot-autoconfigure3:compile
  • waffle-spring-boot-filter3:compile
  • waffle-spring-security6:compile
  • waffle-spring-boot-starter3:compile

spring-security-web-6.2.1.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.waffle/waffle-spring-security6@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security6@3.3.1-SNAPSHOT
  • pkg:maven/org.springframework.boot/spring-boot-starter-security@3.2.2
  • pkg:maven/com.github.waffle/waffle-spring-security6@3.3.1-SNAPSHOT

Identifiers

spring-web-5.3.31.jar

Description:

Spring Web

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /home/runner/.m2/repository/org/springframework/spring-web/5.3.31/spring-web-5.3.31.jar
MD5: 4bef28044f222933ea2e45818c7f96a1
SHA1: 3bf73c385a1f2f4a0d482149d6a205e854cec497
SHA256:7b7b4db19acc8c0cdb0dea93a3aa4b1b706db4bcc7b77f677a0c56e86d379ac7
Referenced In Projects/Scopes:
  • waffle-spring-form:compile
  • waffle-distro:runtime
  • waffle-spring-security5:compile
  • waffle-spring-boot-starter2:compile
  • waffle-spring-boot-autoconfigure2:compile
  • waffle-spring-filter:compile
  • waffle-spring-boot-filter2:compile

spring-web-5.3.31.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT
  • pkg:maven/org.springframework.boot/spring-boot-starter-web@2.7.18
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT

Identifiers

CVE-2016-1000027  

Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's position is that untrusted data is not an intended use case. The product's behavior will not be changed because some users rely on deserialization of trusted data.
CWE-502 Deserialization of Untrusted Data

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions:

spring-web-6.1.3.jar

Description:

Spring Web

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /home/runner/.m2/repository/org/springframework/spring-web/6.1.3/spring-web-6.1.3.jar
MD5: db6ad06e3a6786e1c67afaf7d9b1b8a7
SHA1: cc3459b4abd436331608ddb6424886875f7086ab
SHA256:7c79d4815954d279a744e04892abb9e13ab730dc25db5813f0b1aef2c04bc818
Referenced In Projects/Scopes:
  • waffle-spring-boot-autoconfigure3:compile
  • waffle-spring-boot-filter3:compile
  • waffle-spring-security6:compile
  • waffle-spring-boot-starter3:compile

spring-web-6.1.3.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/org.springframework.boot/spring-boot-starter-web@3.2.2
  • pkg:maven/com.github.waffle/waffle-spring-security6@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security6@3.3.1-SNAPSHOT
  • pkg:maven/com.github.waffle/waffle-spring-security6@3.3.1-SNAPSHOT

Identifiers

spring-webmvc-5.3.31.jar

Description:

Spring Web MVC

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /home/runner/.m2/repository/org/springframework/spring-webmvc/5.3.31/spring-webmvc-5.3.31.jar
MD5: 7401b647e906d3853ad02b62496cfadf
SHA1: 45754d056effe8257a012f6b98ed5454cf1e8960
SHA256:29c1b96c424dcb637fec2d1e6493b088d977e748a56da7f34e6a7c3c39d18c74
Referenced In Projects/Scopes:
  • waffle-distro:runtime
  • waffle-spring-boot-autoconfigure2:compile
  • waffle-spring-boot-filter2:compile

spring-webmvc-5.3.31.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/org.springframework.boot/spring-boot-starter-web@2.7.18
  • pkg:maven/com.github.waffle.demo/waffle-spring-boot-filter2@3.3.1-SNAPSHOT
  • pkg:maven/org.springframework.boot/spring-boot-starter-web@2.7.18

Identifiers

tomcat-annotations-api-10.1.18.jar

Description:

Annotations Package

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-annotations-api/10.1.18/tomcat-annotations-api-10.1.18.jar
MD5: 5c35b663bb56963ae10816c52eb7c2fe
SHA1: 40c86ddfc17e6388b3b798b634a2bd7ac3ecd579
SHA256:cf64d39da0fa13b25109acbb55eba91544dd73ee517b521e0e7b51ab04d0628c
Referenced In Project/Scope: waffle-tomcat10:provided
tomcat-annotations-api-10.1.18.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.tomcat/tomcat-catalina@10.1.18

Identifiers

tomcat-annotations-api-8.5.98.jar

Description:

Annotations Package

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-annotations-api/8.5.98/tomcat-annotations-api-8.5.98.jar
MD5: f7ef9df111f937e1870a90a4bfa178bb
SHA1: 617d7865644c98b9355a29ca9904a435e830b18c
SHA256:df0fe2c6249f431b13df8fc4c0c547fea6c9bf4c6948e441957fa521b69a7f3a
Referenced In Project/Scope: waffle-tomcat85:provided
tomcat-annotations-api-8.5.98.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.tomcat/tomcat-catalina@8.5.98

Identifiers

tomcat-annotations-api-9.0.85.jar

Description:

Annotations Package

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-annotations-api/9.0.85/tomcat-annotations-api-9.0.85.jar
MD5: 0eecaa7544c9a5f628cd5ad1afe78edb
SHA1: 19a061d219093b135487ca199e0f93de8df582d7
SHA256:f48d637bd18a32380db5234ad6a192c7562af39b43c7f923274b35b619b06c63
Referenced In Project/Scope: waffle-tomcat9:provided
tomcat-annotations-api-9.0.85.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.85

Identifiers

tomcat-api-8.5.98.jar

Description:

Definition of interfaces shared by Catalina and Jasper

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-api/8.5.98/tomcat-api-8.5.98.jar
MD5: 70c937f294d61828c8200d74f0065c8c
SHA1: faf1a5f14bf4970fd7fce9698523d96a1bddbeb4
SHA256:e375231182d2ae910dea93592114a1be6e69d8f666a4b1bb64ad870c0005c3b6
Referenced In Project/Scope: waffle-tomcat85:provided
tomcat-api-8.5.98.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-tomcat85@3.3.1-SNAPSHOT

Identifiers

CVE-2020-8022  

A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8 allows local attackers to escalate from group tomcat to root. This issue affects: SUSE Enterprise Storage 5 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP4 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 12-SP5 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 15-LTSS tomcat versions prior to 9.0.35-3.57.3. SUSE Linux Enterprise Server for SAP 12-SP2 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 12-SP3 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 15 tomcat versions prior to 9.0.35-3.57.3. SUSE OpenStack Cloud 7 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud 8 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud Crowbar 8 tomcat versions prior to 8.0.53-29.32.1.
CWE-276 Incorrect Default Permissions

CVSSv2:
  • Base Score: HIGH (7.2)
  • Vector: /AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSSv3:
  • Base Score: HIGH (7.8)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:1.8/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

tomcat-api-9.0.85.jar

Description:

Definition of interfaces shared by Catalina and Jasper

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-api/9.0.85/tomcat-api-9.0.85.jar
MD5: 9b29280f0c7c1b29f5ed23aa223291c5
SHA1: 81ada7b39e1b59fc2d10194eb91d5266bb280aec
SHA256:c96b993e1433c116d3f01eac4cb8e3e00f23fcf98f913a673de07b4a4ca6403b
Referenced In Project/Scope: waffle-tomcat9:provided
tomcat-api-9.0.85.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-tomcat9@3.3.1-SNAPSHOT

Identifiers

tomcat-el-api-10.1.18.jar

Description:

Expression language package

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-el-api/10.1.18/tomcat-el-api-10.1.18.jar
MD5: cf04f57f5bfe717706d289a71f399260
SHA1: 30de6dc9852e00b73d25c07f4459f73aef021507
SHA256:facd180727217ea8ff75b5305266b96c69de632cedfb6d72c5ae46faf014ff2d
Referenced In Project/Scope: waffle-tomcat10:provided
tomcat-el-api-10.1.18.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.tomcat/tomcat-catalina@10.1.18

Identifiers

tomcat-el-api-8.5.98.jar

Description:

Expression language package

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-el-api/8.5.98/tomcat-el-api-8.5.98.jar
MD5: 1866c63e4e46ef47e30990acac4f483c
SHA1: 76380303711453e3b05e3ea473facdd69da08fa9
SHA256:6be669f25d05f7c3e50209e224081d2a2df8ae9a4f5d1c5a19d4daa55167ab98
Referenced In Project/Scope: waffle-tomcat85:provided
tomcat-el-api-8.5.98.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.tomcat/tomcat-catalina@8.5.98

Identifiers

tomcat-el-api-9.0.85.jar

Description:

Expression language package

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-el-api/9.0.85/tomcat-el-api-9.0.85.jar
MD5: 78cd0c8ea16535409ca06921e13d60c8
SHA1: b5d6802eeb8729da4d43ea4402b7da61a528b449
SHA256:a2681f07acdd9e8a6affd9eb38ddad8e2be18ad417588781438c5c8dad82bd5c
Referenced In Project/Scope: waffle-tomcat9:provided
tomcat-el-api-9.0.85.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.85

Identifiers

tomcat-embed-core-10.1.18.jar

Description:

Core Tomcat implementation

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/apache/tomcat/embed/tomcat-embed-core/10.1.18/tomcat-embed-core-10.1.18.jar
MD5: adcbf0783a58388fc37a999b67549de4
SHA1: bff6c34649d1dd7b509e819794d73ba795947dcf
SHA256:496a6ac8e0c410db54cf169f87016161dc9e6a5d509ba9af1f3ac0ce0b5b6a35
Referenced In Projects/Scopes:
  • waffle-spring-boot-autoconfigure3:compile
  • waffle-spring-boot-filter3:compile

tomcat-embed-core-10.1.18.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/org.springframework.boot/spring-boot-starter-web@3.2.2
  • pkg:maven/org.springframework.boot/spring-boot-starter-web@3.2.2

Identifiers

tomcat-embed-core-9.0.83.jar

Description:

Core Tomcat implementation

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/apache/tomcat/embed/tomcat-embed-core/9.0.83/tomcat-embed-core-9.0.83.jar
MD5: d4e2068023fe800fd22a9fe2529c290b
SHA1: d771e4343b0515c67dab2a09fe02f5d47550153f
SHA256:4ed404d5dea8652846f3c52c094764c2ec018f28a3561f1d27df700f7aa5b376
Referenced In Projects/Scopes:
  • waffle-distro:runtime
  • waffle-spring-boot-autoconfigure2:compile
  • waffle-spring-boot-filter2:compile

tomcat-embed-core-9.0.83.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.waffle.demo/waffle-spring-boot-filter2@3.3.1-SNAPSHOT
  • pkg:maven/org.springframework.boot/spring-boot-starter-web@2.7.18
  • pkg:maven/org.springframework.boot/spring-boot-starter-web@2.7.18

Identifiers

tomcat-embed-el-10.1.18.jar

Description:

Core Tomcat implementation

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/apache/tomcat/embed/tomcat-embed-el/10.1.18/tomcat-embed-el-10.1.18.jar
MD5: 2f2cd1dc00096f3a4ae47153777595bc
SHA1: b2c4dc05abd363c63b245523bb071727aa2f1046
SHA256:2ca4d6bd5e1d60ce0846314112541da030634006855f6b1a871879ffe1a9ca86
Referenced In Projects/Scopes:
  • waffle-spring-boot-autoconfigure3:compile
  • waffle-spring-boot-filter3:compile

tomcat-embed-el-10.1.18.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/org.springframework.boot/spring-boot-starter-web@3.2.2
  • pkg:maven/org.springframework.boot/spring-boot-starter-web@3.2.2

Identifiers

tomcat-embed-el-9.0.83.jar

Description:

Core Tomcat implementation

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/apache/tomcat/embed/tomcat-embed-el/9.0.83/tomcat-embed-el-9.0.83.jar
MD5: eabd7f3ade6cb0cf36f7b238897b8f1d
SHA1: b0cdada70099c25f45fceb48e1ebce60d138a5ce
SHA256:a82c4cf8cf9e88d6891cbb4cbcb9f85f788e147c464cbeba15a2c83276f3344c
Referenced In Projects/Scopes:
  • waffle-distro:runtime
  • waffle-spring-boot-autoconfigure2:compile
  • waffle-spring-boot-filter2:compile

tomcat-embed-el-9.0.83.jar is in the transitive dependency tree of the listed items.Included by:
  • pkg:maven/com.github.waffle.demo/waffle-spring-boot-filter2@3.3.1-SNAPSHOT
  • pkg:maven/org.springframework.boot/spring-boot-starter-web@2.7.18
  • pkg:maven/org.springframework.boot/spring-boot-starter-web@2.7.18

Identifiers

tomcat-jni-10.1.18.jar

Description:

Interface code to the native connector

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-jni/10.1.18/tomcat-jni-10.1.18.jar
MD5: 0a6811c4289b7b10418956f6504e2f10
SHA1: 6eed0d56075de03971e2b4e6819bb70916bc2bb9
SHA256:ce055759e392f9d0c2caf64281ad0e31842c545c08946deda27c86c93944aa6c
Referenced In Project/Scope: waffle-tomcat10:provided
tomcat-jni-10.1.18.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.tomcat/tomcat-catalina@10.1.18

Identifiers

tomcat-jni-8.5.98.jar

Description:

Interface code to the native connector

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-jni/8.5.98/tomcat-jni-8.5.98.jar
MD5: 7d55ea61da9b8bc002a36f064b2fa68c
SHA1: be40f5a1483fb38d5ddef0962804846ebad972f6
SHA256:2987a13949024acd07e4d763bf766d29f486fc0d43730a21040df199868c1c37
Referenced In Project/Scope: waffle-tomcat85:provided
tomcat-jni-8.5.98.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.tomcat/tomcat-catalina@8.5.98

Identifiers

tomcat-jni-9.0.85.jar

Description:

Interface code to the native connector

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-jni/9.0.85/tomcat-jni-9.0.85.jar
MD5: 0ab5c120e355498e0e0277a4af55967d
SHA1: 1f6b23c20fc80927c46c9cff1c7ce1b133d5edbf
SHA256:0f044db63b61e742bddf6878ee1850f06763b36f6090daa31f1c327616edcfe3
Referenced In Project/Scope: waffle-tomcat9:provided
tomcat-jni-9.0.85.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.85

Identifiers

tomcat-juli-10.1.18.jar

Description:

Tomcat Core Logging Package

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-juli/10.1.18/tomcat-juli-10.1.18.jar
MD5: ac4f63832fd50480be15247abdade7c5
SHA1: b2ffe5e0e2ba632b1abb3bcfbd0fd3476dde4569
SHA256:94a276c72877d77e5df884cd2133b1aac5b5143ec7b347197f5cfc737b42c165
Referenced In Project/Scope: waffle-tomcat10:provided
tomcat-juli-10.1.18.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-tomcat10@3.3.1-SNAPSHOT

Identifiers

tomcat-juli-8.5.98.jar

Description:

Tomcat Core Logging Package

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-juli/8.5.98/tomcat-juli-8.5.98.jar
MD5: ceb6f6a743fcaf73e1b9ffdf1deaf2be
SHA1: c81bf147dfcccd9fd8469ab82356ed2b507197e2
SHA256:b3d065395f750c7f3b1335fe2e824ced3717f56132cfbb64bba6616baba6bbc9
Referenced In Project/Scope: waffle-tomcat85:provided
tomcat-juli-8.5.98.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-tomcat85@3.3.1-SNAPSHOT

Identifiers

tomcat-juli-9.0.85.jar

Description:

Tomcat Core Logging Package

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-juli/9.0.85/tomcat-juli-9.0.85.jar
MD5: 8626783946f3263799989627fee43f10
SHA1: 7c9bbdb3d73bbef3adc60af042ec113f58c707e6
SHA256:bd16623d488be0f8b67b153db86dc406d77661305cbbf3c3e4faf8f9f96108df
Referenced In Project/Scope: waffle-tomcat9:provided
tomcat-juli-9.0.85.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-tomcat9@3.3.1-SNAPSHOT

Identifiers

tomcat-servlet-api-10.1.18.jar

Description:

jakarta.servlet package

License:

        Apache License, Version 2.0 and
        Common Development And Distribution License (CDDL) Version 1.0 and
        Eclipse Public License - v 2.0
      : 
        http://www.apache.org/licenses/LICENSE-2.0.txt and
        http://www.opensource.org/licenses/cddl1.txt and
        https://www.eclipse.org/org/documents/epl-2.0/EPL-2.0.txt
File Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-servlet-api/10.1.18/tomcat-servlet-api-10.1.18.jar
MD5: 5adb4f961c93587480e6781f836c0ba2
SHA1: ecdd3bc9aefdf514b9a93b6511b86a2e504b080b
SHA256:4eaa6c560046f5a970e2292ee689996ff3456081f458ec4b5284a1fdbbd10bc1
Referenced In Project/Scope: waffle-tomcat10:provided
tomcat-servlet-api-10.1.18.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-tomcat10@3.3.1-SNAPSHOT

Identifiers

tomcat-servlet-api-8.5.98.jar

Description:

javax.servlet package

License:

        Apache License, Version 2.0 and
        Common Development And Distribution License (CDDL) Version 1.0
      : 
        http://www.apache.org/licenses/LICENSE-2.0.txt and
        http://www.opensource.org/licenses/cddl1.txt
File Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-servlet-api/8.5.98/tomcat-servlet-api-8.5.98.jar
MD5: f5c15dba0b063284e20cfd0c4991a1cf
SHA1: 82c59b360d67e3541af1bb566b3b019ff8865c5a
SHA256:f458c26bdb8ab3d50402129cae511f0e0079c649b0eeca2293ea46cc44afaec3
Referenced In Project/Scope: waffle-tomcat85:provided
tomcat-servlet-api-8.5.98.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-tomcat85@3.3.1-SNAPSHOT

Identifiers

tomcat-servlet-api-9.0.85.jar

Description:

javax.servlet package

License:

        Apache License, Version 2.0 and
        Common Development And Distribution License (CDDL) Version 1.0
      : 
        http://www.apache.org/licenses/LICENSE-2.0.txt and
        http://www.opensource.org/licenses/cddl1.txt
File Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-servlet-api/9.0.85/tomcat-servlet-api-9.0.85.jar
MD5: 72c86a829f0e13f2f06c89d0da97a1fd
SHA1: 50d3f334dae990164697b9a25838d3387f4e9e42
SHA256:b4ad01f167626f85c4c1090aaecf33bcc4ac52bf88371899b679b2ea5736b7e2
Referenced In Project/Scope: waffle-tomcat9:provided
tomcat-servlet-api-9.0.85.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-tomcat9@3.3.1-SNAPSHOT

Identifiers



This report contains data retrieved from the National Vulnerability Database.
This report may contain data retrieved from the CISA Known Exploited Vulnerability Catalog.
This report may contain data retrieved from the Github Advisory Database (via NPM Audit API).
This report may contain data retrieved from RetireJS.
This report may contain data retrieved from the Sonatype OSS Index.