Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies;
false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and
the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties,
implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided
is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever
arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
Scan Information (
show all ):
dependency-check version : 12.2.0Report Generated On : Mon, 19 Jan 2026 20:38:26 GMTDependencies Scanned : 54 (34 unique)Vulnerable Dependencies : 2 Vulnerabilities Found : 3Vulnerabilities Suppressed : 0
...
NVD API Last Checked : 2026-01-19T20:29:50ZNVD API Last Modified : 2026-01-19T20:15:49Z
Summary
Summary of Vulnerable Dependencies (click to show all)
Description:
A high performance caching library
License:
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/github/ben-manes/caffeine/caffeine/3.2.3/caffeine-3.2.3.jar
MD5: 0258f45d43968523cc11beeb01b240f2
SHA1: c097f0f6d21a0e6db88ea55836e26419b30dfe19
SHA256: ca70c90a5d1ce1511880ce9c93d4ad22108f61111d3daf91eb52762b571bd179
Referenced In Project/Scope: waffle-demo-spring-boot-filter2:compile
caffeine-3.2.3.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-jna@3.6.0-SNAPSHOT
Evidence
Type Source Name Value Confidence Vendor file name caffeine High Vendor jar package name cache Highest Vendor jar package name caffeine Highest Vendor jar package name github Highest Vendor Manifest build-jdk-spec 11 Low Vendor Manifest bundle-symbolicname com.github.ben-manes.caffeine Medium Vendor pom artifactid caffeine Highest Vendor pom artifactid caffeine Low Vendor pom developer email ben.manes@gmail.com Low Vendor pom developer id ben-manes Medium Vendor pom developer name Ben Manes Medium Vendor pom groupid com.github.ben-manes.caffeine Highest Vendor pom name Caffeine cache High Vendor pom url ben-manes/caffeine Highest Product file name caffeine High Product jar package name cache Highest Product jar package name caffeine Highest Product jar package name github Highest Product Manifest build-jdk-spec 11 Low Product Manifest Bundle-Name com.github.ben-manes.caffeine Medium Product Manifest bundle-symbolicname com.github.ben-manes.caffeine Medium Product Manifest Implementation-Title A high performance caching library High Product pom artifactid caffeine Highest Product pom developer email ben.manes@gmail.com Low Product pom developer id ben-manes Low Product pom developer name Ben Manes Low Product pom groupid com.github.ben-manes.caffeine Highest Product pom name Caffeine cache High Product pom url ben-manes/caffeine High Version file version 3.2.3 High Version Manifest Bundle-Version 3.2.3 High Version Manifest Implementation-Version 3.2.3 High Version pom version 3.2.3 Highest
pkg:maven/com.github.ben-manes.caffeine/caffeine@3.2.3
(Confidence :High)
Description:
checker-qual contains annotations (type qualifiers) that a programmerwrites to specify Java code for type-checking by the Checker Framework.
License:
The MIT License: http://opensource.org/licenses/MIT
File Path: /home/runner/.m2/repository/org/checkerframework/checker-qual/3.53.0/checker-qual-3.53.0.jar
MD5: d1ee2a3366a19a8fff01208da2adb48e
SHA1: af1105964a03d7ed8aaf8ea2cb6ec0da7ec6c7a6
SHA256: 7ca002815d92fad79e966b375c2ee7b2b4bf953024bc9a5d5e0c59df13ff5af8
Referenced In Project/Scope: waffle-demo-spring-boot-filter2:compile
checker-qual-3.53.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-jna@3.6.0-SNAPSHOT
Evidence
Type Source Name Value Confidence Vendor file name checker-qual High Vendor jar package name checker Highest Vendor jar package name checkerframework Highest Vendor jar package name framework Highest Vendor jar package name qual Highest Vendor Manifest bundle-symbolicname checker-qual Medium Vendor Manifest implementation-url https://checkerframework.org Low Vendor pom artifactid checker-qual Highest Vendor pom artifactid checker-qual Low Vendor pom developer email mernst@cs.washington.edu Low Vendor pom developer email smillst@cs.washington.edu Low Vendor pom developer id mernst Medium Vendor pom developer id smillst Medium Vendor pom developer name Michael Ernst Medium Vendor pom developer name Suzanne Millstein Medium Vendor pom developer org University of Washington Medium Vendor pom developer org URL https://www.cs.washington.edu/ Medium Vendor pom groupid org.checkerframework Highest Vendor pom name Checker Qual High Vendor pom url https://checkerframework.org/ Highest Product file name checker-qual High Product jar package name checker Highest Product jar package name checkerframework Highest Product jar package name framework Highest Product jar package name qual Highest Product Manifest Bundle-Name checker-qual Medium Product Manifest bundle-symbolicname checker-qual Medium Product Manifest implementation-url https://checkerframework.org Low Product pom artifactid checker-qual Highest Product pom developer email mernst@cs.washington.edu Low Product pom developer email smillst@cs.washington.edu Low Product pom developer id mernst Low Product pom developer id smillst Low Product pom developer name Michael Ernst Low Product pom developer name Suzanne Millstein Low Product pom developer org University of Washington Low Product pom developer org URL https://www.cs.washington.edu/ Low Product pom groupid org.checkerframework Highest Product pom name Checker Qual High Product pom url https://checkerframework.org/ Medium Version file version 3.53.0 High Version Manifest Bundle-Version 3.53.0 High Version Manifest Implementation-Version 3.53.0 High Version pom version 3.53.0 Highest
pkg:maven/org.checkerframework/checker-qual@3.53.0
(Confidence :High)
Description:
WAFFLE JNA implementation
License:
MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-jna/pom.xml
Referenced In Project/Scope: waffle-demo-spring-boot-filter2
com.github.waffle:waffle-jna:3.6.0-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle.demo/waffle-demo-spring-boot-filter2@3.6.0-SNAPSHOT
Evidence
Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid waffle-jna Low Vendor project groupid com.github.waffle Highest Product file name pom High Product project artifactid waffle-jna Highest Product project groupid com.github.waffle Low
pkg:maven/com.github.waffle/waffle-jna@3.6.0-SNAPSHOT
(Confidence :Highest)
Description:
Spring Boot 2 Autoconfigure for WAFFLE
License:
MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-spring-boot2/waffle-spring-boot-autoconfigure2/pom.xml
Referenced In Project/Scope: waffle-demo-spring-boot-filter2
com.github.waffle:waffle-spring-boot-autoconfigure2:3.6.0-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle.demo/waffle-demo-spring-boot-filter2@3.6.0-SNAPSHOT
Evidence
Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid waffle-spring-boot-autoconfigure2 Low Vendor project groupid com.github.waffle Highest Product file name pom High Product project artifactid waffle-spring-boot-autoconfigure2 Highest Product project groupid com.github.waffle Low
pkg:maven/com.github.waffle/waffle-spring-boot-autoconfigure2@3.6.0-SNAPSHOT
(Confidence :Highest)
Description:
Spring Boot 2 Starter for WAFFLE
License:
MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-spring-boot2/waffle-spring-boot-starter2/pom.xml
Referenced In Project/Scope: waffle-demo-spring-boot-filter2
com.github.waffle:waffle-spring-boot-starter2:3.6.0-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle.demo/waffle-demo-spring-boot-filter2@3.6.0-SNAPSHOT
Evidence
Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid waffle-spring-boot-starter2 Low Vendor project groupid com.github.waffle Highest Product file name pom High Product project artifactid waffle-spring-boot-starter2 Highest Product project groupid com.github.waffle Low
pkg:maven/com.github.waffle/waffle-spring-boot-starter2@3.6.0-SNAPSHOT
(Confidence :Highest)
Description:
Spring Security 5 integration for WAFFLE
License:
MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-spring-security5/pom.xml
Referenced In Project/Scope: waffle-demo-spring-boot-filter2
com.github.waffle:waffle-spring-security5:3.6.0-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle.demo/waffle-demo-spring-boot-filter2@3.6.0-SNAPSHOT
Evidence
Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid waffle-spring-security5 Low Vendor project groupid com.github.waffle Highest Product file name pom High Product project artifactid waffle-spring-security5 Highest Product project groupid com.github.waffle Low
pkg:maven/com.github.waffle/waffle-spring-security5@3.6.0-SNAPSHOT
(Confidence :Highest)
Description:
Apache Commons Logging is a thin adapter allowing configurable bridging to other,
well-known logging systems.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/commons-logging/commons-logging/1.3.5/commons-logging-1.3.5.jar
MD5: 9ca067b073153c86c2da350c0f2cdf70
SHA1: a3fcc5d3c29b2b03433aa2d2f2d2c1b1638924a1
SHA256: 6d7a744e4027649fbb50895df9497d109f98c766a637062fe8d2eabbb3140ba4
Referenced In Project/Scope: waffle-demo-spring-boot-filter2:compile
commons-logging-1.3.5.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-spring-boot-starter2@3.6.0-SNAPSHOT
Evidence
Type Source Name Value Confidence Vendor file name commons-logging High Vendor jar package name apache Highest Vendor jar package name commons Highest Vendor jar package name logging Highest Vendor Manifest automatic-module-name org.apache.commons.logging Medium Vendor Manifest build-jdk-spec 21 Low Vendor Manifest bundle-docurl https://commons.apache.org/proper/commons-logging/ Low Vendor Manifest bundle-symbolicname org.apache.commons.commons-logging Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest multi-release true Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-logging Highest Vendor pom artifactid commons-logging Low Vendor pom developer email baliuka@apache.org Low Vendor pom developer email costin@apache.org Low Vendor pom developer email craigmcc@apache.org Low Vendor pom developer email dennisl@apache.org Low Vendor pom developer email donaldp@apache.org Low Vendor pom developer email ggregory at apache.org Low Vendor pom developer email morgand@apache.org Low Vendor pom developer email rdonkin@apache.org Low Vendor pom developer email rsitze@apache.org Low Vendor pom developer email rwaldhoff@apache.org Low Vendor pom developer email sanders@apache.org Low Vendor pom developer email skitching@apache.org Low Vendor pom developer email tn@apache.org Low Vendor pom developer id baliuka Medium Vendor pom developer id bstansberry Medium Vendor pom developer id costin Medium Vendor pom developer id craigmcc Medium Vendor pom developer id dennisl Medium Vendor pom developer id donaldp Medium Vendor pom developer id ggregory Medium Vendor pom developer id morgand Medium Vendor pom developer id rdonkin Medium Vendor pom developer id rsitze Medium Vendor pom developer id rwaldhoff Medium Vendor pom developer id sanders Medium Vendor pom developer id skitching Medium Vendor pom developer id tn Medium Vendor pom developer name Brian Stansberry Medium Vendor pom developer name Costin Manolache Medium Vendor pom developer name Craig McClanahan Medium Vendor pom developer name Dennis Lundberg Medium Vendor pom developer name Gary Gregory Medium Vendor pom developer name Juozas Baliuka Medium Vendor pom developer name Morgan Delagrange Medium Vendor pom developer name Peter Donald Medium Vendor pom developer name Richard Sitze Medium Vendor pom developer name Robert Burrell Donkin Medium Vendor pom developer name Rodney Waldhoff Medium Vendor pom developer name Scott Sanders Medium Vendor pom developer name Simon Kitching Medium Vendor pom developer name Thomas Neidhart Medium Vendor pom developer org Apache Medium Vendor pom developer org The Apache Software Foundation Medium Vendor pom developer org URL https://www.apache.org/ Medium Vendor pom groupid commons-logging Highest Vendor pom name Apache Commons Logging High Vendor pom parent-artifactid commons-parent Low Vendor pom parent-groupid org.apache.commons Medium Vendor pom url https://commons.apache.org/proper/commons-logging/ Highest Product file name commons-logging High Product jar package name apache Highest Product jar package name commons Highest Product jar package name logging Highest Product Manifest automatic-module-name org.apache.commons.logging Medium Product Manifest build-jdk-spec 21 Low Product Manifest bundle-docurl https://commons.apache.org/proper/commons-logging/ Low Product Manifest Bundle-Name Apache Commons Logging Medium Product Manifest bundle-symbolicname org.apache.commons.commons-logging Medium Product Manifest Implementation-Title Apache Commons Logging High Product Manifest multi-release true Low Product Manifest specification-title Apache Commons Logging Medium Product pom artifactid commons-logging Highest Product pom developer email baliuka@apache.org Low Product pom developer email costin@apache.org Low Product pom developer email craigmcc@apache.org Low Product pom developer email dennisl@apache.org Low Product pom developer email donaldp@apache.org Low Product pom developer email ggregory at apache.org Low Product pom developer email morgand@apache.org Low Product pom developer email rdonkin@apache.org Low Product pom developer email rsitze@apache.org Low Product pom developer email rwaldhoff@apache.org Low Product pom developer email sanders@apache.org Low Product pom developer email skitching@apache.org Low Product pom developer email tn@apache.org Low Product pom developer id baliuka Low Product pom developer id bstansberry Low Product pom developer id costin Low Product pom developer id craigmcc Low Product pom developer id dennisl Low Product pom developer id donaldp Low Product pom developer id ggregory Low Product pom developer id morgand Low Product pom developer id rdonkin Low Product pom developer id rsitze Low Product pom developer id rwaldhoff Low Product pom developer id sanders Low Product pom developer id skitching Low Product pom developer id tn Low Product pom developer name Brian Stansberry Low Product pom developer name Costin Manolache Low Product pom developer name Craig McClanahan Low Product pom developer name Dennis Lundberg Low Product pom developer name Gary Gregory Low Product pom developer name Juozas Baliuka Low Product pom developer name Morgan Delagrange Low Product pom developer name Peter Donald Low Product pom developer name Richard Sitze Low Product pom developer name Robert Burrell Donkin Low Product pom developer name Rodney Waldhoff Low Product pom developer name Scott Sanders Low Product pom developer name Simon Kitching Low Product pom developer name Thomas Neidhart Low Product pom developer org Apache Low Product pom developer org The Apache Software Foundation Low Product pom developer org URL https://www.apache.org/ Low Product pom groupid commons-logging Highest Product pom name Apache Commons Logging High Product pom parent-artifactid commons-parent Medium Product pom parent-groupid org.apache.commons Medium Product pom url https://commons.apache.org/proper/commons-logging/ Medium Version file version 1.3.5 High Version Manifest Bundle-Version 1.3.5 High Version Manifest Implementation-Version 1.3.5 High Version pom parent-version 1.3.5 Low Version pom version 1.3.5 Highest
pkg:maven/commons-logging/commons-logging@1.3.5
(Confidence :High)
Description:
Error Prone is a static analysis tool for Java that catches common programming mistakes at compile-time.
License:
Apache 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/google/errorprone/error_prone_annotations/2.46.0/error_prone_annotations-2.46.0.jar
MD5: d0dabea249c067d21d7eb997fbdf5c99
SHA1: 4ecb5d2392c38c46e6cb65e1bf60be708d97005d
SHA256: b67be81ff4b956401146e14eaf1526bc435a9480f2546e91eb45b796631a8a99
Referenced In Project/Scope: waffle-demo-spring-boot-filter2:provided
error_prone_annotations-2.46.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle.demo/waffle-demo-spring-boot-filter2@3.6.0-SNAPSHOT
Evidence
Type Source Name Value Confidence Vendor file name error_prone_annotations High Vendor jar package name annotations Highest Vendor jar package name errorprone Highest Vendor jar package name google Highest Vendor Manifest build-jdk-spec 21 Low Vendor Manifest bundle-docurl https://errorprone.info/error_prone_annotations Low Vendor Manifest bundle-symbolicname com.google.errorprone.annotations Medium Vendor Manifest multi-release true Low Vendor pom artifactid error_prone_annotations Highest Vendor pom artifactid error_prone_annotations Low Vendor pom groupid com.google.errorprone Highest Vendor pom name error-prone annotations High Vendor pom parent-artifactid error_prone_parent Low Product file name error_prone_annotations High Product jar package name annotations Highest Product jar package name errorprone Highest Product jar package name google Highest Product Manifest build-jdk-spec 21 Low Product Manifest bundle-docurl https://errorprone.info/error_prone_annotations Low Product Manifest Bundle-Name error-prone annotations Medium Product Manifest bundle-symbolicname com.google.errorprone.annotations Medium Product Manifest multi-release true Low Product pom artifactid error_prone_annotations Highest Product pom groupid com.google.errorprone Highest Product pom name error-prone annotations High Product pom parent-artifactid error_prone_parent Medium Version file version 2.46.0 High Version Manifest Bundle-Version 2.46.0 High Version pom version 2.46.0 Highest
pkg:maven/com.google.errorprone/error_prone_annotations@2.46.0
(Confidence :High)
Description:
A set of annotations that provide additional information to the J2ObjC
translator to modify the result of translation.
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/google/j2objc/j2objc-annotations/3.1/j2objc-annotations-3.1.jar
MD5: abe8bd3abff622b9a8b15c3a737aa741
SHA1: a892ca9507839bbdb900d64310ac98256cab992f
SHA256: 84d3a150518485f8140ea99b8a985656749629f6433c92b80c75b36aba3b099b
Referenced In Project/Scope: waffle-demo-spring-boot-filter2:provided
j2objc-annotations-3.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle.demo/waffle-demo-spring-boot-filter2@3.6.0-SNAPSHOT
Evidence
Type Source Name Value Confidence Vendor file name j2objc-annotations High Vendor jar package name annotations Highest Vendor jar package name google Highest Vendor jar package name j2objc Highest Vendor Manifest build-jdk-spec 22 Low Vendor Manifest multi-release true Low Vendor pom artifactid j2objc-annotations Highest Vendor pom artifactid j2objc-annotations Low Vendor pom developer email tball@google.com Low Vendor pom developer id tomball Medium Vendor pom developer name Tom Ball Medium Vendor pom developer org Google Medium Vendor pom developer org URL https://www.google.com Medium Vendor pom groupid com.google.j2objc Highest Vendor pom name J2ObjC Annotations High Vendor pom url google/j2objc/ Highest Product file name j2objc-annotations High Product jar package name annotations Highest Product jar package name google Highest Product jar package name j2objc Highest Product Manifest build-jdk-spec 22 Low Product Manifest multi-release true Low Product pom artifactid j2objc-annotations Highest Product pom developer email tball@google.com Low Product pom developer id tomball Low Product pom developer name Tom Ball Low Product pom developer org Google Low Product pom developer org URL https://www.google.com Low Product pom groupid com.google.j2objc Highest Product pom name J2ObjC Annotations High Product pom url google/j2objc/ High Version file version 3.1 High Version pom version 3.1 Highest
pkg:maven/com.google.j2objc/j2objc-annotations@3.1
(Confidence :High)
Description:
Core annotations used for value types, used by Jackson data binding package.
License:
The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/fasterxml/jackson/core/jackson-annotations/2.21/jackson-annotations-2.21.jar
MD5: e0d0c3e7300954f73e43c67d933aaea4
SHA1: b1bc1868bf02dc0bd6c7836257a036a331005309
SHA256: 53ca085f4a150f703f49e1aabd935bd03b43e1ea3d55d135438292af22cef56b
Referenced In Project/Scope: waffle-demo-spring-boot-filter2:compile
jackson-annotations-2.21.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.springframework.boot/spring-boot-starter-web@2.7.18
Evidence
Type Source Name Value Confidence Vendor file name jackson-annotations High Vendor jar package name fasterxml Highest Vendor jar package name jackson Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://github.com/FasterXML/jackson Low Vendor Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-annotations Medium Vendor Manifest Implementation-Vendor FasterXML High Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.core Medium Vendor Manifest specification-vendor FasterXML Low Vendor pom artifactid jackson-annotations Highest Vendor pom artifactid jackson-annotations Low Vendor pom groupid com.fasterxml.jackson.core Highest Vendor pom name Jackson-annotations High Vendor pom parent-artifactid jackson-parent Low Vendor pom parent-groupid com.fasterxml.jackson Medium Vendor pom url FasterXML/jackson Highest Product file name jackson-annotations High Product hint analyzer product java8 Highest Product hint analyzer product modules Highest Product jar package name fasterxml Highest Product jar package name jackson Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://github.com/FasterXML/jackson Low Product Manifest Bundle-Name Jackson-annotations Medium Product Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-annotations Medium Product Manifest Implementation-Title Jackson-annotations High Product Manifest specification-title Jackson-annotations Medium Product pom artifactid jackson-annotations Highest Product pom groupid com.fasterxml.jackson.core Highest Product pom name Jackson-annotations High Product pom parent-artifactid jackson-parent Medium Product pom parent-groupid com.fasterxml.jackson Medium Product pom url FasterXML/jackson High Version file version 2.21 High Version Manifest Implementation-Version 2.21 High Version pom version 2.21 Highest
pkg:maven/com.fasterxml.jackson.core/jackson-annotations@2.21
(Confidence :High)
cpe:2.3:a:fasterxml:jackson-modules-java8:2.21:*:*:*:*:*:*:*
(Confidence :Low)
suppress
Description:
Core Jackson processing abstractions (aka Streaming API), implementation for JSON
License:
The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.21.0/jackson-core-2.21.0.jar
MD5: eeaf6f2d71789f1c04ba944aeaa8e18e
SHA1: 1f7c3f82e6e2ef5def0a12d7dd754e26f0c0ae28
SHA256: e22604bcd9b24e462d5df102007cb06e1ed811e86f1ce6081ca62f385f2db87b
Referenced In Project/Scope: waffle-demo-spring-boot-filter2:compile
jackson-core-2.21.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.springframework.boot/spring-boot-starter-web@2.7.18
Evidence
Type Source Name Value Confidence Vendor file name jackson-core High Vendor jar package name base Highest Vendor jar package name com Highest Vendor jar package name core Highest Vendor jar package name fasterxml Highest Vendor jar package name jackson Highest Vendor jar package name json Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://github.com/FasterXML/jackson-core Low Vendor Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-core Medium Vendor Manifest Implementation-Vendor FasterXML High Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.core Medium Vendor Manifest multi-release true Low Vendor Manifest specification-vendor FasterXML Low Vendor pom artifactid jackson-core Highest Vendor pom artifactid jackson-core Low Vendor pom groupid com.fasterxml.jackson.core Highest Vendor pom name Jackson-core High Vendor pom parent-artifactid jackson-base Low Vendor pom parent-groupid com.fasterxml.jackson Medium Vendor pom url FasterXML/jackson-core Highest Product file name jackson-core High Product hint analyzer product java8 Highest Product hint analyzer product modules Highest Product jar package name base Highest Product jar package name com Highest Product jar package name core Highest Product jar package name fasterxml Highest Product jar package name jackson Highest Product jar package name json Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://github.com/FasterXML/jackson-core Low Product Manifest Bundle-Name Jackson-core Medium Product Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-core Medium Product Manifest Implementation-Title Jackson-core High Product Manifest multi-release true Low Product Manifest specification-title Jackson-core Medium Product pom artifactid jackson-core Highest Product pom groupid com.fasterxml.jackson.core Highest Product pom name Jackson-core High Product pom parent-artifactid jackson-base Medium Product pom parent-groupid com.fasterxml.jackson Medium Product pom url FasterXML/jackson-core High Version file version 2.21.0 High Version Manifest Bundle-Version 2.21.0 High Version Manifest Implementation-Version 2.21.0 High Version pom version 2.21.0 Highest
Related Dependencies
jackson-datatype-jdk8-2.21.0.jar
File Path: /home/runner/.m2/repository/com/fasterxml/jackson/datatype/jackson-datatype-jdk8/2.21.0/jackson-datatype-jdk8-2.21.0.jar
MD5: c51b64b76723fb0cfb7071404dd15205
SHA1: 2ec52647d5af910c27b34991b3127c34ae7319ca
SHA256: c80ea021476de24903da7a5596989b3b5469aac2a727348878d1079960d26700
pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-jdk8@2.21.0
jackson-datatype-jsr310-2.21.0.jar
File Path: /home/runner/.m2/repository/com/fasterxml/jackson/datatype/jackson-datatype-jsr310/2.21.0/jackson-datatype-jsr310-2.21.0.jar
MD5: 87cbf6f62ac03289225809efd6fb6698
SHA1: 019aeeb3523112059e0ee7a859d337c0842f10af
SHA256: b350169a3b2cc53d781541fe1bfbc0f00c978d185884da79b8330be8fb7aefeb
pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-jsr310@2.21.0
jackson-module-parameter-names-2.21.0.jar
File Path: /home/runner/.m2/repository/com/fasterxml/jackson/module/jackson-module-parameter-names/2.21.0/jackson-module-parameter-names-2.21.0.jar
MD5: 0d6824d21733600cecfb66c60cc07460
SHA1: e955528dc6ac6f35539ac7002b20204233dd4e27
SHA256: cd0be4c0b760cdebf96f6a02bda8fc31a93ac01c94b331bfbc440abb3ed6ff0e
pkg:maven/com.fasterxml.jackson.module/jackson-module-parameter-names@2.21.0
pkg:maven/com.fasterxml.jackson.core/jackson-core@2.21.0
(Confidence :High)
cpe:2.3:a:fasterxml:jackson-modules-java8:2.21.0:*:*:*:*:*:*:*
(Confidence :Low)
suppress
Description:
General data-binding functionality for Jackson: works on core streaming API
License:
The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.21.0/jackson-databind-2.21.0.jar
MD5: 6da51758193ce8b00c39e742010b6c45
SHA1: a6b96ee168ca8734a293b6dc70acd5d495119521
SHA256: 0057817ee40bc71544072dc2a3ba575ef91dce53a2d87489bde91c05f3a22621
Referenced In Project/Scope: waffle-demo-spring-boot-filter2:compile
jackson-databind-2.21.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.springframework.boot/spring-boot-starter-web@2.7.18
Evidence
Type Source Name Value Confidence Vendor file name jackson-databind High Vendor jar package name databind Highest Vendor jar package name fasterxml Highest Vendor jar package name jackson Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://github.com/FasterXML/jackson Low Vendor Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-databind Medium Vendor Manifest Implementation-Vendor FasterXML High Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.core Medium Vendor Manifest multi-release true Low Vendor Manifest specification-vendor FasterXML Low Vendor pom artifactid jackson-databind Highest Vendor pom artifactid jackson-databind Low Vendor pom groupid com.fasterxml.jackson.core Highest Vendor pom name jackson-databind High Vendor pom parent-artifactid jackson-base Low Vendor pom parent-groupid com.fasterxml.jackson Medium Vendor pom url FasterXML/jackson Highest Product file name jackson-databind High Product hint analyzer product java8 Highest Product hint analyzer product modules Highest Product jar package name databind Highest Product jar package name fasterxml Highest Product jar package name jackson Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://github.com/FasterXML/jackson Low Product Manifest Bundle-Name jackson-databind Medium Product Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-databind Medium Product Manifest Implementation-Title jackson-databind High Product Manifest multi-release true Low Product Manifest specification-title jackson-databind Medium Product pom artifactid jackson-databind Highest Product pom groupid com.fasterxml.jackson.core Highest Product pom name jackson-databind High Product pom parent-artifactid jackson-base Medium Product pom parent-groupid com.fasterxml.jackson Medium Product pom url FasterXML/jackson High Version file version 2.21.0 High Version Manifest Bundle-Version 2.21.0 High Version Manifest Implementation-Version 2.21.0 High Version pom version 2.21.0 Highest
Description:
Jakarta Annotations API
License:
EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html
File Path: /home/runner/.m2/repository/jakarta/annotation/jakarta.annotation-api/1.3.5/jakarta.annotation-api-1.3.5.jar
MD5: 8b165cf58df5f8c2a222f637c0a07c97
SHA1: 59eb84ee0d616332ff44aba065f3888cf002cd2d
SHA256: 85fb03fc054cdf4efca8efd9b6712bbb418e1ab98241c4539c8585bbc23e1b8a
Referenced In Project/Scope: waffle-demo-spring-boot-filter2:compile
jakarta.annotation-api-1.3.5.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.springframework.boot/spring-boot-starter@2.7.18
Evidence
Type Source Name Value Confidence Vendor file name jakarta.annotation-api High Vendor jar package name annotation Highest Vendor Manifest automatic-module-name java.annotation Medium Vendor Manifest bundle-docurl https://www.eclipse.org Low Vendor Manifest bundle-symbolicname jakarta.annotation-api Medium Vendor Manifest extension-name jakarta.annotation Medium Vendor Manifest Implementation-Vendor Eclipse Foundation High Vendor Manifest Implementation-Vendor-Id org.glassfish Medium Vendor Manifest specification-vendor Eclipse Foundation Low Vendor pom artifactid jakarta.annotation-api Highest Vendor pom artifactid jakarta.annotation-api Low Vendor pom developer name Linda De Michiel Medium Vendor pom developer org Oracle Corp. Medium Vendor pom groupid jakarta.annotation Highest Vendor pom name Jakarta Annotations API High Vendor pom parent-artifactid ca-parent Low Vendor pom url https://projects.eclipse.org/projects/ee4j.ca Highest Product file name jakarta.annotation-api High Product jar package name annotation Highest Product Manifest automatic-module-name java.annotation Medium Product Manifest bundle-docurl https://www.eclipse.org Low Product Manifest Bundle-Name Jakarta Annotations API Medium Product Manifest bundle-symbolicname jakarta.annotation-api Medium Product Manifest extension-name jakarta.annotation Medium Product pom artifactid jakarta.annotation-api Highest Product pom developer name Linda De Michiel Low Product pom developer org Oracle Corp. Low Product pom groupid jakarta.annotation Highest Product pom name Jakarta Annotations API High Product pom parent-artifactid ca-parent Medium Product pom url https://projects.eclipse.org/projects/ee4j.ca Medium Version file version 1.3.5 High Version Manifest Bundle-Version 1.3.5 High Version Manifest Implementation-Version 1.3.5 High Version pom version 1.3.5 Highest
pkg:maven/jakarta.annotation/jakarta.annotation-api@1.3.5
(Confidence :High)
cpe:2.3:a:oracle:projects:1.3.5:*:*:*:*:*:*:*
(Confidence :Low)
suppress
Description:
Jakarta Servlet 4.0
License:
EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html
File Path: /home/runner/.m2/repository/jakarta/servlet/jakarta.servlet-api/4.0.4/jakarta.servlet-api-4.0.4.jar
MD5: f5d1d7a29978e4ae0be5a456ee1c65c3
SHA1: b8a1142e04838fe54194049c6e7a18dae8f9b960
SHA256: 586e27706c21258f5882f43be06904f49b02db9ac54e345d393fe4a32494d127
Referenced In Project/Scope: waffle-demo-spring-boot-filter2:provided
jakarta.servlet-api-4.0.4.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle.demo/waffle-demo-spring-boot-filter2@3.6.0-SNAPSHOT
Evidence
Type Source Name Value Confidence Vendor file name jakarta.servlet-api High Vendor jar package name javax Highest Vendor jar package name servlet Highest Vendor Manifest automatic-module-name java.servlet Medium Vendor Manifest bundle-docurl https://www.eclipse.org Low Vendor Manifest bundle-symbolicname jakarta.servlet-api Medium Vendor Manifest extension-name javax.servlet Medium Vendor Manifest Implementation-Vendor Eclipse Foundation High Vendor Manifest Implementation-Vendor-Id org.eclipse Medium Vendor Manifest specification-vendor Eclipse Foundation Low Vendor pom artifactid jakarta.servlet-api Highest Vendor pom artifactid jakarta.servlet-api Low Vendor pom developer id yaminikb Medium Vendor pom developer name Yamini K B Medium Vendor pom developer org Oracle Corporation Medium Vendor pom developer org URL http://www.oracle.com/ Medium Vendor pom groupid jakarta.servlet Highest Vendor pom name Jakarta Servlet High Vendor pom parent-artifactid project Low Vendor pom parent-groupid org.eclipse.ee4j Medium Vendor pom url https://projects.eclipse.org/projects/ee4j.servlet Highest Product file name jakarta.servlet-api High Product jar package name javax Highest Product jar package name servlet Highest Product Manifest automatic-module-name java.servlet Medium Product Manifest bundle-docurl https://www.eclipse.org Low Product Manifest Bundle-Name Jakarta Servlet Medium Product Manifest bundle-symbolicname jakarta.servlet-api Medium Product Manifest extension-name javax.servlet Medium Product pom artifactid jakarta.servlet-api Highest Product pom developer id yaminikb Low Product pom developer name Yamini K B Low Product pom developer org Oracle Corporation Low Product pom developer org URL http://www.oracle.com/ Low Product pom groupid jakarta.servlet Highest Product pom name Jakarta Servlet High Product pom parent-artifactid project Medium Product pom parent-groupid org.eclipse.ee4j Medium Product pom url https://projects.eclipse.org/projects/ee4j.servlet Medium Version file version 4.0.4 High Version Manifest Implementation-Version 4.0.4 High Version pom parent-version 4.0.4 Low Version pom version 4.0.4 Highest
pkg:maven/jakarta.servlet/jakarta.servlet-api@4.0.4
(Confidence :High)
cpe:2.3:a:oracle:projects:4.0.4:*:*:*:*:*:*:*
(Confidence :Low)
suppress
Description:
Java Native Access
License:
LGPL-2.1-or-later: https://www.gnu.org/licenses/old-licenses/lgpl-2.1
Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/net/java/dev/jna/jna/5.18.1/jna-5.18.1.jar
MD5: cb531ec131e1c68c045b5d45fe5b9878
SHA1: b27ba04287cc4abe769642fe8318d39fc89bf937
SHA256: 260c4b1e22b1db9e110ee441c4f13ce115f841fa48c41d78750986214b395557
Referenced In Project/Scope: waffle-demo-spring-boot-filter2:compile
jna-5.18.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-jna@3.6.0-SNAPSHOT
Evidence
Type Source Name Value Confidence Vendor file name jna High Vendor jar package name jna Highest Vendor jar package name native Highest Vendor jar package name sun Highest Vendor jar (hint) package name oracle Highest Vendor Manifest automatic-module-name com.sun.jna Medium Vendor Manifest bundle-activationpolicy lazy Low Vendor Manifest bundle-category jni Low Vendor Manifest bundle-nativecode com/sun/jna/win32-x86/jnidispatch.dll; processor=x86;osname=win32, com/sun/jna/win32-x86-64/jnidispatch.dll; processor=x86-64;osname=win32, com/sun/jna/win32-aarch64/jnidispatch.dll; processor=aarch64;osname=win32, com/sun/jna/win32-x86/jnidispatch.dll; processor=x86;osname=win, com/sun/jna/win32-x86-64/jnidispatch.dll; processor=x86-64;osname=win, com/sun/jna/win32-aarch64/jnidispatch.dll; processor=aarch64;osname=win, com/sun/jna/w32ce-arm/jnidispatch.dll; processor=arm;osname=wince, com/sun/jna/sunos-x86/libjnidispatch.so; processor=x86;osname=sunos, com/sun/jna/sunos-x86-64/libjnidispatch.so; processor=x86-64;osname=sunos, com/sun/jna/sunos-sparc/libjnidispatch.so; processor=sparc;osname=sunos, com/sun/jna/sunos-sparcv9/libjnidispatch.so; processor=sparcv9;osname=sunos, com/sun/jna/aix-ppc/libjnidispatch.a; processor=ppc;osname=aix, com/sun/jna/aix-ppc64/libjnidispatch.a; processor=ppc64;osname=aix, com/sun/jna/linux-ppc/libjnidispatch.so; processor=ppc;osname=linux, com/sun/jna/linux-ppc64/libjnidispatch.so; processor=ppc64;osname=linux, com/sun/jna/linux-ppc64le/libjnidispatch.so; processor=ppc64le;osname=linux, com/sun/jna/linux-x86/libjnidispatch.so; processor=x86;osname=linux, com/sun/jna/linux-x86-64/libjnidispatch.so; processor=x86-64;osname=linux, com/sun/jna/linux-arm/libjnidispatch.so; processor=arm;osname=linux, com/sun/jna/linux-arm/libjnidispatch.so; processor=arm_le;osname=linux, com/sun/jna/linux-armel/libjnidispatch.so; processor=armel;osname=linux, com/sun/jna/linux-aarch64/libjnidispatch.so; processor=aarch64;osname=linux, com/sun/jna/linux-ia64/libjnidispatch.so; processor=ia64;osname=linux, com/sun/jna/linux-sparcv9/libjnidispatch.so; processor=sparcv9;osname=linux, com/sun/jna/linux-mips64el/libjnidispatch.so; processor=mips64el;osname=linux, com/sun/jna/linux-s390x/libjnidispatch.so; processor=S390x;osname=linux, com/sun/jna/linux-loongarch64/libjnidispatch.so; processor=loongarch64;osname=linux, com/sun/jna/linux-riscv64/libjnidispatch.so; processor=riscv64;osname=linux, com/sun/jna/dragonflybsd-x86-64/libjnidispatch.so; processor=x86-64;osname=dragonflybsd, com/sun/jna/freebsd-x86/libjnidispatch.so; processor=x86;osname=freebsd, com/sun/jna/freebsd-x86-64/libjnidispatch.so; processor=x86-64;osname=freebsd, com/sun/jna/freebsd-aarch64/libjnidispatch.so; processor=aarch64;osname=freebsd, com/sun/jna/freebsd-ppc64le/libjnidispatch.so; processor=ppc64le;osname=freebsd, com/sun/jna/freebsd-ppc64/libjnidispatch.so; processor=ppc64;osname=freebsd, com/sun/jna/openbsd-x86/libjnidispatch.so; processor=x86;osname=openbsd, com/sun/jna/openbsd-x86-64/libjnidispatch.so; processor=x86-64;osname=openbsd, com/sun/jna/darwin-ppc/libjnidispatch.jnilib; osname=macosx;processor=ppc, com/sun/jna/darwin-ppc64/libjnidispatch.jnilib; osname=macosx;processor=ppc64, com/sun/jna/darwin-x86/libjnidispatch.jnilib; osname=macosx;processor=x86, com/sun/jna/darwin-x86-64/libjnidispatch.jnilib; osname=macosx;processor=x86-64, com/sun/jna/darwin-aarch64/libjnidispatch.jnilib; osname=macosx;processor=aarch64 Low Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.6 Low Vendor Manifest bundle-symbolicname com.sun.jna Medium Vendor Manifest Implementation-Vendor JNA Development Team High Vendor Manifest specification-vendor JNA Development Team Low Vendor pom artifactid jna Highest Vendor pom artifactid jna Low Vendor pom developer email mblaesing@doppel-helix.eu Low Vendor pom developer id twall Medium Vendor pom developer name Matthias Bläsing Medium Vendor pom developer name Timothy Wall Medium Vendor pom groupid net.java.dev.jna Highest Vendor pom name Java Native Access High Vendor pom url java-native-access/jna Highest Product file name jna High Product jar package name jna Highest Product jar package name library Highest Product jar package name native Highest Product jar package name sun Highest Product jar package name win32 Highest Product Manifest automatic-module-name com.sun.jna Medium Product Manifest bundle-activationpolicy lazy Low Product Manifest bundle-category jni Low Product Manifest Bundle-Name jna Medium Product Manifest bundle-nativecode com/sun/jna/win32-x86/jnidispatch.dll; processor=x86;osname=win32, com/sun/jna/win32-x86-64/jnidispatch.dll; processor=x86-64;osname=win32, com/sun/jna/win32-aarch64/jnidispatch.dll; processor=aarch64;osname=win32, com/sun/jna/win32-x86/jnidispatch.dll; processor=x86;osname=win, com/sun/jna/win32-x86-64/jnidispatch.dll; processor=x86-64;osname=win, com/sun/jna/win32-aarch64/jnidispatch.dll; processor=aarch64;osname=win, com/sun/jna/w32ce-arm/jnidispatch.dll; processor=arm;osname=wince, com/sun/jna/sunos-x86/libjnidispatch.so; processor=x86;osname=sunos, com/sun/jna/sunos-x86-64/libjnidispatch.so; processor=x86-64;osname=sunos, com/sun/jna/sunos-sparc/libjnidispatch.so; processor=sparc;osname=sunos, com/sun/jna/sunos-sparcv9/libjnidispatch.so; processor=sparcv9;osname=sunos, com/sun/jna/aix-ppc/libjnidispatch.a; processor=ppc;osname=aix, com/sun/jna/aix-ppc64/libjnidispatch.a; processor=ppc64;osname=aix, com/sun/jna/linux-ppc/libjnidispatch.so; processor=ppc;osname=linux, com/sun/jna/linux-ppc64/libjnidispatch.so; processor=ppc64;osname=linux, com/sun/jna/linux-ppc64le/libjnidispatch.so; processor=ppc64le;osname=linux, com/sun/jna/linux-x86/libjnidispatch.so; processor=x86;osname=linux, com/sun/jna/linux-x86-64/libjnidispatch.so; processor=x86-64;osname=linux, com/sun/jna/linux-arm/libjnidispatch.so; processor=arm;osname=linux, com/sun/jna/linux-arm/libjnidispatch.so; processor=arm_le;osname=linux, com/sun/jna/linux-armel/libjnidispatch.so; processor=armel;osname=linux, com/sun/jna/linux-aarch64/libjnidispatch.so; processor=aarch64;osname=linux, com/sun/jna/linux-ia64/libjnidispatch.so; processor=ia64;osname=linux, com/sun/jna/linux-sparcv9/libjnidispatch.so; processor=sparcv9;osname=linux, com/sun/jna/linux-mips64el/libjnidispatch.so; processor=mips64el;osname=linux, com/sun/jna/linux-s390x/libjnidispatch.so; processor=S390x;osname=linux, com/sun/jna/linux-loongarch64/libjnidispatch.so; processor=loongarch64;osname=linux, com/sun/jna/linux-riscv64/libjnidispatch.so; processor=riscv64;osname=linux, com/sun/jna/dragonflybsd-x86-64/libjnidispatch.so; processor=x86-64;osname=dragonflybsd, com/sun/jna/freebsd-x86/libjnidispatch.so; processor=x86;osname=freebsd, com/sun/jna/freebsd-x86-64/libjnidispatch.so; processor=x86-64;osname=freebsd, com/sun/jna/freebsd-aarch64/libjnidispatch.so; processor=aarch64;osname=freebsd, com/sun/jna/freebsd-ppc64le/libjnidispatch.so; processor=ppc64le;osname=freebsd, com/sun/jna/freebsd-ppc64/libjnidispatch.so; processor=ppc64;osname=freebsd, com/sun/jna/openbsd-x86/libjnidispatch.so; processor=x86;osname=openbsd, com/sun/jna/openbsd-x86-64/libjnidispatch.so; processor=x86-64;osname=openbsd, com/sun/jna/darwin-ppc/libjnidispatch.jnilib; osname=macosx;processor=ppc, com/sun/jna/darwin-ppc64/libjnidispatch.jnilib; osname=macosx;processor=ppc64, com/sun/jna/darwin-x86/libjnidispatch.jnilib; osname=macosx;processor=x86, com/sun/jna/darwin-x86-64/libjnidispatch.jnilib; osname=macosx;processor=x86-64, com/sun/jna/darwin-aarch64/libjnidispatch.jnilib; osname=macosx;processor=aarch64 Low Product Manifest bundle-requiredexecutionenvironment JavaSE-1.6 Low Product Manifest bundle-symbolicname com.sun.jna Medium Product Manifest Implementation-Title com.sun.jna High Product Manifest specification-title Java Native Access (JNA) Medium Product pom artifactid jna Highest Product pom developer email mblaesing@doppel-helix.eu Low Product pom developer id twall Low Product pom developer name Matthias Bläsing Low Product pom developer name Timothy Wall Low Product pom groupid net.java.dev.jna Highest Product pom name Java Native Access High Product pom url java-native-access/jna High Version file version 5.18.1 High Version Manifest Bundle-Version 5.18.1 High Version pom version 5.18.1 Highest
pkg:maven/net.java.dev.jna/jna@5.18.1
(Confidence :High)
cpe:2.3:a:oracle:java_se:5.18.1:*:*:*:*:*:*:*
(Confidence :Low)
suppress
File Path: /home/runner/.m2/repository/net/java/dev/jna/jna/5.18.1/jna-5.18.1.jar/com/sun/jna/win32-aarch64/jnidispatch.dllMD5: 302945a811fd8e21bcdd5226c73b6f74SHA1: 6b05e299ff2b3eb3b7b7aeac44263f715693607cSHA256: b8f98be314234cf12b5b46c29652f70c0f6abb93ae19b63d3fe2692062aa699d
Referenced In Project/Scope: waffle-demo-spring-boot-filter2:compile
Evidence
Type Source Name Value Confidence Vendor file name jnidispatch High Product file name jnidispatch High
File Path: /home/runner/.m2/repository/net/java/dev/jna/jna/5.18.1/jna-5.18.1.jar/com/sun/jna/win32-x86-64/jnidispatch.dllMD5: 2d2475f1f026dd54e9f3e787ae4f81daSHA1: 27ff882ac271db547aee520b38e3ba9aa91e136cSHA256: 5a7ff949f6d93d86491eb5b26b1cfc60051168a60622650224b89995ac420023
Referenced In Project/Scope: waffle-demo-spring-boot-filter2:compile
Evidence
Type Source Name Value Confidence Vendor file name jnidispatch High Product file name jnidispatch High
File Path: /home/runner/.m2/repository/net/java/dev/jna/jna/5.18.1/jna-5.18.1.jar/com/sun/jna/win32-x86/jnidispatch.dllMD5: 0caa1ef75a807f9dde05084fa2219a5cSHA1: 2f5e1cd82cde192905c7510ce99037b67d980640SHA256: 752d597cee7e95cb517327146bf42f124c0d6c0bc48b3ecc3b1b3b0531a52f44
Referenced In Project/Scope: waffle-demo-spring-boot-filter2:compile
Evidence
Type Source Name Value Confidence Vendor file name jnidispatch High Product file name jnidispatch High
Description:
Java Native Access Platform
License:
LGPL-2.1-or-later: https://www.gnu.org/licenses/old-licenses/lgpl-2.1
Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/net/java/dev/jna/jna-platform/5.18.1/jna-platform-5.18.1.jar
MD5: a7af00779ec98bfe22dfb07b1532830d
SHA1: dd817f391efc492041c9ae91127527c13750a789
SHA256: ad14c1b1ec4f43d396231219dfa635ebf828f738eac9f890ea1bc07795892d9a
Referenced In Project/Scope: waffle-demo-spring-boot-filter2:compile
jna-platform-5.18.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-jna@3.6.0-SNAPSHOT
Evidence
Type Source Name Value Confidence Vendor file name jna-platform High Vendor jar package name jna Highest Vendor jar package name platform Highest Vendor jar package name sun Highest Vendor jar (hint) package name oracle Highest Vendor Manifest automatic-module-name com.sun.jna.platform Medium Vendor Manifest bundle-category jni Low Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.4 Low Vendor Manifest bundle-symbolicname com.sun.jna.platform Medium Vendor Manifest Implementation-Vendor JNA Development Team High Vendor Manifest specification-vendor JNA Development Team Low Vendor pom artifactid jna-platform Highest Vendor pom artifactid jna-platform Low Vendor pom developer email mblaesing@doppel-helix.eu Low Vendor pom developer id twall Medium Vendor pom developer name Matthias Bläsing Medium Vendor pom developer name Timothy Wall Medium Vendor pom groupid net.java.dev.jna Highest Vendor pom name Java Native Access Platform High Vendor pom url java-native-access/jna Highest Product file name jna-platform High Product jar package name jna Highest Product jar package name platform Highest Product jar package name sun Highest Product Manifest automatic-module-name com.sun.jna.platform Medium Product Manifest bundle-category jni Low Product Manifest Bundle-Name jna-platform Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.4 Low Product Manifest bundle-symbolicname com.sun.jna.platform Medium Product Manifest Implementation-Title com.sun.jna High Product Manifest specification-title Java Native Access (JNA) Medium Product pom artifactid jna-platform Highest Product pom developer email mblaesing@doppel-helix.eu Low Product pom developer id twall Low Product pom developer name Matthias Bläsing Low Product pom developer name Timothy Wall Low Product pom groupid net.java.dev.jna Highest Product pom name Java Native Access Platform High Product pom url java-native-access/jna High Version file version 5.18.1 High Version Manifest Bundle-Version 5.18.1 High Version pom version 5.18.1 Highest
pkg:maven/net.java.dev.jna/jna-platform@5.18.1
(Confidence :High)
Description:
An artifact of well-named and well-specified annotations to power static analysis checks
License:
The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/jspecify/jspecify/1.0.0/jspecify-1.0.0.jar
MD5: 9133aba420d0ca3b001dbb6ae9992cf6
SHA1: 7425a601c1c7ec76645a78d22b8c6a627edee507
SHA256: 1fad6e6be7557781e4d33729d49ae1cdc8fdda6fe477bb0cc68ce351eafdfbab
Referenced In Project/Scope: waffle-demo-spring-boot-filter2:compile
jspecify-1.0.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.junit.jupiter/junit-jupiter-engine@6.0.2
Evidence
Type Source Name Value Confidence Vendor file name jspecify High Vendor jar package name annotations Highest Vendor jar package name jspecify Highest Vendor Manifest bundle-docurl https://jspecify.dev/docs/start-here Low Vendor Manifest bundle-symbolicname org.jspecify.jspecify Medium Vendor Manifest multi-release true Low Vendor pom artifactid jspecify Highest Vendor pom artifactid jspecify Low Vendor pom developer email kevinb9n@gmail.com Low Vendor pom developer id kevinb9n Medium Vendor pom developer name Kevin Bourrillion Medium Vendor pom groupid org.jspecify Highest Vendor pom name JSpecify annotations High Vendor pom url http://jspecify.org/ Highest Product file name jspecify High Product jar package name annotations Highest Product jar package name jspecify Highest Product Manifest bundle-docurl https://jspecify.dev/docs/start-here Low Product Manifest Bundle-Name JSpecify annotations Medium Product Manifest bundle-symbolicname org.jspecify.jspecify Medium Product Manifest multi-release true Low Product pom artifactid jspecify Highest Product pom developer email kevinb9n@gmail.com Low Product pom developer id kevinb9n Low Product pom developer name Kevin Bourrillion Low Product pom groupid org.jspecify Highest Product pom name JSpecify annotations High Product pom url http://jspecify.org/ Medium Version file version 1.0.0 High Version Manifest Bundle-Version 1.0.0 High Version Manifest Implementation-Version 1.0.0 High Version pom version 1.0.0 Highest
pkg:maven/org.jspecify/jspecify@1.0.0
(Confidence :High)
Description:
JSR305 Annotations for Findbugs
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar
MD5: dd83accb899363c32b07d7a1b2e4ce40
SHA1: 25ea2e8b0c338a877313bd4672d3fe056ea78f0d
SHA256: 766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7
Referenced In Project/Scope: waffle-demo-spring-boot-filter2:provided
jsr305-3.0.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.spotbugs/spotbugs-annotations@4.9.8
Evidence
Type Source Name Value Confidence Vendor file name jsr305 High Vendor Manifest bundle-symbolicname org.jsr-305 Medium Vendor pom artifactid jsr305 Highest Vendor pom artifactid jsr305 Low Vendor pom groupid com.google.code.findbugs Highest Vendor pom name FindBugs-jsr305 High Vendor pom url http://findbugs.sourceforge.net/ Highest Product file name jsr305 High Product Manifest Bundle-Name FindBugs-jsr305 Medium Product Manifest bundle-symbolicname org.jsr-305 Medium Product pom artifactid jsr305 Highest Product pom groupid com.google.code.findbugs Highest Product pom name FindBugs-jsr305 High Product pom url http://findbugs.sourceforge.net/ Medium Version file version 3.0.2 High Version Manifest Bundle-Version 3.0.2 High Version pom version 3.0.2 Highest
pkg:maven/com.google.code.findbugs/jsr305@3.0.2
(Confidence :High)
Description:
JUL to SLF4J bridge
File Path: /home/runner/.m2/repository/org/slf4j/jul-to-slf4j/1.7.36/jul-to-slf4j-1.7.36.jarMD5: 2a3fe73e6cafe8f102facaf2dd65353fSHA1: ed46d81cef9c412a88caef405b58f93a678ff2caSHA256: 9e641fb142c5f0b0623d6222c09ea87523a41bf6bed48ac79940724010b989de
Referenced In Project/Scope: waffle-demo-spring-boot-filter2:compile
jul-to-slf4j-1.7.36.jar is in the transitive dependency tree of the listed items. Included by:
Evidence
Type Source Name Value Confidence Vendor file name jul-to-slf4j High Vendor jar package name bridge Highest Vendor jar package name slf4j Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor Manifest bundle-symbolicname jul.to.slf4j Medium Vendor pom artifactid jul-to-slf4j Highest Vendor pom artifactid jul-to-slf4j Low Vendor pom groupid org.slf4j Highest Vendor pom name JUL to SLF4J bridge High Vendor pom parent-artifactid slf4j-parent Low Vendor pom url http://www.slf4j.org Highest Product file name jul-to-slf4j High Product jar package name bridge Highest Product jar package name slf4j Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest Bundle-Name jul-to-slf4j Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product Manifest bundle-symbolicname jul.to.slf4j Medium Product pom artifactid jul-to-slf4j Highest Product pom groupid org.slf4j Highest Product pom name JUL to SLF4J bridge High Product pom parent-artifactid slf4j-parent Medium Product pom url http://www.slf4j.org Medium Version file version 1.7.36 High Version Manifest Bundle-Version 1.7.36 High Version Manifest Implementation-Version 1.7.36 High Version pom version 1.7.36 Highest
pkg:maven/org.slf4j/jul-to-slf4j@1.7.36
(Confidence :High)
Description:
The logging API of the Log4j project.
Library and application code can log through this API.
It contains a simple built-in implementation (`SimpleLogger`) for trivial use cases.
Production applications are recommended to use Log4j API in combination with a fully-fledged implementation, such as Log4j Core.
License:
Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/apache/logging/log4j/log4j-api/2.25.3/log4j-api-2.25.3.jar
MD5: 7061652b4274beeaa657ec908e83f491
SHA1: fb385330d89c2d61058ef649403f214633569205
SHA256: e886682920fa0fb9d6eb6395dcb4de088443f8646c89c5e5846e168e327f406f
Referenced In Project/Scope: waffle-demo-spring-boot-filter2:compile
log4j-api-2.25.3.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.springframework.boot/spring-boot-starter@2.7.18
Evidence
Type Source Name Value Confidence Vendor file name log4j-api High Vendor jar package name apache Highest Vendor jar package name log4j Highest Vendor jar package name logging Highest Vendor jar package name org Highest Vendor jar package name simple Highest Vendor Manifest build-jdk-spec 17 Low Vendor Manifest bundle-activationpolicy lazy Low Vendor Manifest bundle-symbolicname org.apache.logging.log4j.api Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest multi-release true Low Vendor Manifest provide-capability osgi.service;objectClass:List="org.apache.logging.log4j.util.PropertySource";effective:=active,osgi.serviceloader;osgi.serviceloader="org.apache.logging.log4j.util.PropertySource";register:="org.apache.logging.log4j.util.EnvironmentPropertySource",osgi.serviceloader;osgi.serviceloader="org.apache.logging.log4j.util.PropertySource";register:="org.apache.logging.log4j.util.SystemPropertiesPropertySource" Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid log4j-api Highest Vendor pom artifactid log4j-api Low Vendor pom groupid org.apache.logging.log4j Highest Vendor pom name Apache Log4j API High Vendor pom parent-artifactid log4j Low Vendor pom url https://logging.apache.org/log4j/2.x/ Highest Product file name log4j-api High Product jar package name apache Highest Product jar package name log4j Highest Product jar package name logging Highest Product jar package name org Highest Product jar package name simple Highest Product jar package name util Highest Product Manifest build-jdk-spec 17 Low Product Manifest bundle-activationpolicy lazy Low Product Manifest Bundle-Name Apache Log4j API Medium Product Manifest bundle-symbolicname org.apache.logging.log4j.api Medium Product Manifest Implementation-Title Apache Log4j API High Product Manifest multi-release true Low Product Manifest provide-capability osgi.service;objectClass:List="org.apache.logging.log4j.util.PropertySource";effective:=active,osgi.serviceloader;osgi.serviceloader="org.apache.logging.log4j.util.PropertySource";register:="org.apache.logging.log4j.util.EnvironmentPropertySource",osgi.serviceloader;osgi.serviceloader="org.apache.logging.log4j.util.PropertySource";register:="org.apache.logging.log4j.util.SystemPropertiesPropertySource" Low Product Manifest specification-title Apache Log4j API Medium Product pom artifactid log4j-api Highest Product pom groupid org.apache.logging.log4j Highest Product pom name Apache Log4j API High Product pom parent-artifactid log4j Medium Product pom url https://logging.apache.org/log4j/2.x/ Medium Version file version 2.25.3 High Version Manifest Bundle-Version 2.25.3 High Version Manifest Implementation-Version 2.25.3 High Version pom version 2.25.3 Highest
Description:
Forwards the Log4j API calls to SLF4J.
(Refer to the `log4j-slf4j[2]-impl` artifacts for forwarding SLF4J to the Log4j API.)
License:
Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/apache/logging/log4j/log4j-to-slf4j/2.25.3/log4j-to-slf4j-2.25.3.jar
MD5: f515a81b64474e5faf389ab8611e123a
SHA1: 30adfb40cca243ec88cf7ec1fddb411ab55faa4f
SHA256: 90a09280390c54a28ac1514ded7c5293f3fe62f4448bf371b4e2415272e67a3d
Referenced In Project/Scope: waffle-demo-spring-boot-filter2:compile
log4j-to-slf4j-2.25.3.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.springframework.boot/spring-boot-starter@2.7.18
Evidence
Type Source Name Value Confidence Vendor file name log4j-to-slf4j High Vendor jar package name apache Highest Vendor jar package name logging Highest Vendor jar package name slf4j Highest Vendor Manifest build-jdk-spec 17 Low Vendor Manifest bundle-activationpolicy lazy Low Vendor Manifest bundle-symbolicname org.apache.logging.log4j.to.slf4j Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest multi-release false Low Vendor Manifest provide-capability osgi.service;objectClass:List="org.apache.logging.log4j.spi.Provider";effective:=active,osgi.serviceloader;osgi.serviceloader="org.apache.logging.log4j.spi.Provider";register:="org.apache.logging.slf4j.SLF4JProvider" Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid log4j-to-slf4j Highest Vendor pom artifactid log4j-to-slf4j Low Vendor pom groupid org.apache.logging.log4j Highest Vendor pom name Log4j API to SLF4J Adapter High Vendor pom parent-artifactid log4j Low Vendor pom url https://logging.apache.org/log4j/2.x/ Highest Product file name log4j-to-slf4j High Product jar package name apache Highest Product jar package name logging Highest Product jar package name slf4j Highest Product jar package name slf4jprovider Highest Product Manifest build-jdk-spec 17 Low Product Manifest bundle-activationpolicy lazy Low Product Manifest Bundle-Name Log4j API to SLF4J Adapter Medium Product Manifest bundle-symbolicname org.apache.logging.log4j.to.slf4j Medium Product Manifest Implementation-Title Log4j API to SLF4J Adapter High Product Manifest multi-release false Low Product Manifest provide-capability osgi.service;objectClass:List="org.apache.logging.log4j.spi.Provider";effective:=active,osgi.serviceloader;osgi.serviceloader="org.apache.logging.log4j.spi.Provider";register:="org.apache.logging.slf4j.SLF4JProvider" Low Product Manifest specification-title Log4j API to SLF4J Adapter Medium Product pom artifactid log4j-to-slf4j Highest Product pom groupid org.apache.logging.log4j Highest Product pom name Log4j API to SLF4J Adapter High Product pom parent-artifactid log4j Medium Product pom url https://logging.apache.org/log4j/2.x/ Medium Version file version 2.25.3 High Version Manifest Bundle-Version 2.25.3 High Version Manifest Implementation-Version 2.25.3 High Version pom version 2.25.3 Highest
pkg:maven/org.apache.logging.log4j/log4j-to-slf4j@2.25.3
(Confidence :High)
Description:
logback-core module
License:
http://www.eclipse.org/legal/epl-v10.html, http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html File Path: /home/runner/.m2/repository/ch/qos/logback/logback-core/1.5.25/logback-core-1.5.25.jar
MD5: 6a1c2feb8e1ecb20417a4d0e74c9ad51
SHA1: 137f4ae0af7acaa0f9600a2ca18ddc9f3a0b899b
SHA256: aeb86d749936a960a1ec897aa821fe611ab6b105f1170ad334ae5eadc4bd689c
Referenced In Project/Scope: waffle-demo-spring-boot-filter2:compile
logback-core-1.5.25.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/ch.qos.logback/logback-classic@1.5.25
Evidence
Type Source Name Value Confidence Vendor file name logback-core High Vendor jar package name ch Highest Vendor jar package name core Highest Vendor jar package name logback Highest Vendor jar package name qos Highest Vendor Manifest build-jdk-spec 21 Low Vendor Manifest bundle-docurl http://www.qos.ch Low Vendor Manifest bundle-symbolicname ch.qos.logback.core Medium Vendor Manifest Implementation-Vendor QOS.ch High Vendor Manifest multi-release true Low Vendor Manifest originally-created-by Apache Maven Bundle Plugin 5.1.9 Low Vendor Manifest specification-vendor QOS.ch Low Vendor pom artifactid logback-core Highest Vendor pom artifactid logback-core Low Vendor pom groupid ch.qos.logback Highest Vendor pom name Logback Core Module High Vendor pom parent-artifactid logback-parent Low Product file name logback-core High Product jar package name 21 Highest Product jar package name ch Highest Product jar package name core Highest Product jar package name logback Highest Product jar package name qos Highest Product Manifest build-jdk-spec 21 Low Product Manifest bundle-docurl http://www.qos.ch Low Product Manifest Bundle-Name Logback Core Module Medium Product Manifest bundle-symbolicname ch.qos.logback.core Medium Product Manifest Implementation-Title Logback Core Module High Product Manifest multi-release true Low Product Manifest originally-created-by Apache Maven Bundle Plugin 5.1.9 Low Product Manifest specification-title Logback Core Module Medium Product pom artifactid logback-core Highest Product pom groupid ch.qos.logback Highest Product pom name Logback Core Module High Product pom parent-artifactid logback-parent Medium Version file version 1.5.25 High Version Manifest Bundle-Version 1.5.25 High Version Manifest Implementation-Version 1.5.25 High Version pom version 1.5.25 Highest
Related Dependencies
logback-classic-1.5.25.jar
File Path: /home/runner/.m2/repository/ch/qos/logback/logback-classic/1.5.25/logback-classic-1.5.25.jar
MD5: ecd0a349fd799f57f28e52c3f713d479
SHA1: 20c4bbe98fb58f50ee1ca6befd7e7731f13a19d3
SHA256: 93163d85a0972e3d4813385af2d037bc94eed0542c4d74abc131830c84af070e
pkg:maven/ch.qos.logback/logback-classic@1.5.25
Description:
The slf4j API
License:
https://opensource.org/license/mit File Path: /home/runner/.m2/repository/org/slf4j/slf4j-api/2.0.17/slf4j-api-2.0.17.jar
MD5: b6480d114a23683498ac3f746f959d2f
SHA1: d9e58ac9c7779ba3bf8142aff6c830617a7fe60f
SHA256: 7b751d952061954d5abfed7181c1f645d336091b679891591d63329c622eb832
Referenced In Project/Scope: waffle-demo-spring-boot-filter2:compile
slf4j-api-2.0.17.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-jna@3.6.0-SNAPSHOT
Evidence
Type Source Name Value Confidence Vendor file name slf4j-api High Vendor jar package name slf4j Highest Vendor Manifest build-jdk-spec 21 Low Vendor Manifest bundle-docurl http://www.slf4j.org Low Vendor Manifest bundle-symbolicname slf4j.api Medium Vendor Manifest multi-release true Low Vendor pom artifactid slf4j-api Highest Vendor pom artifactid slf4j-api Low Vendor pom groupid org.slf4j Highest Vendor pom name SLF4J API Module High Vendor pom parent-artifactid slf4j-parent Low Vendor pom url http://www.slf4j.org Highest Product file name slf4j-api High Product jar package name slf4j Highest Product Manifest build-jdk-spec 21 Low Product Manifest bundle-docurl http://www.slf4j.org Low Product Manifest Bundle-Name SLF4J API Module Medium Product Manifest bundle-symbolicname slf4j.api Medium Product Manifest Implementation-Title slf4j-api High Product Manifest multi-release true Low Product pom artifactid slf4j-api Highest Product pom groupid org.slf4j Highest Product pom name SLF4J API Module High Product pom parent-artifactid slf4j-parent Medium Product pom url http://www.slf4j.org Medium Version file version 2.0.17 High Version Manifest Bundle-Version 2.0.17 High Version Manifest Implementation-Version 2.0.17 High Version pom version 2.0.17 Highest
pkg:maven/org.slf4j/slf4j-api@2.0.17
(Confidence :High)
Description:
YAML 1.1 parser and emitter for Java
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/yaml/snakeyaml/2.5/snakeyaml-2.5.jar
MD5: 8d3b7581db5c7620db55183f33a4f2ad
SHA1: 2d53ddec134280cb384c1e35d094e5f71c1f2316
SHA256: e6682acf1ace77508ef13649cbf4f8d09d2cf5457bdb61d25ffb6ac0233d78dd
Referenced In Project/Scope: waffle-demo-spring-boot-filter2:compile
snakeyaml-2.5.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.springframework.boot/spring-boot-starter@2.7.18
Evidence
Type Source Name Value Confidence Vendor file name snakeyaml High Vendor jar package name emitter Highest Vendor jar package name org Highest Vendor jar package name parser Highest Vendor jar package name snakeyaml Highest Vendor jar package name yaml Highest Vendor Manifest build-jdk-spec 11 Low Vendor Manifest bundle-symbolicname org.yaml.snakeyaml Medium Vendor Manifest multi-release true Low Vendor pom artifactid snakeyaml Highest Vendor pom artifactid snakeyaml Low Vendor pom developer email alexander.maslov@gmail.com Low Vendor pom developer email public.somov@gmail.com Low Vendor pom developer id asomov Medium Vendor pom developer id maslovalex Medium Vendor pom developer name Alexander Maslov Medium Vendor pom developer name Andrey Somov Medium Vendor pom groupid org.yaml Highest Vendor pom name SnakeYAML High Vendor pom url https://bitbucket.org/snakeyaml/snakeyaml Highest Product file name snakeyaml High Product jar package name emitter Highest Product jar package name org Highest Product jar package name parser Highest Product jar package name snakeyaml Highest Product jar package name yaml Highest Product Manifest build-jdk-spec 11 Low Product Manifest Bundle-Name SnakeYAML Medium Product Manifest bundle-symbolicname org.yaml.snakeyaml Medium Product Manifest multi-release true Low Product pom artifactid snakeyaml Highest Product pom developer email alexander.maslov@gmail.com Low Product pom developer email public.somov@gmail.com Low Product pom developer id asomov Low Product pom developer id maslovalex Low Product pom developer name Alexander Maslov Low Product pom developer name Andrey Somov Low Product pom groupid org.yaml Highest Product pom name SnakeYAML High Product pom url https://bitbucket.org/snakeyaml/snakeyaml Medium Version file version 2.5 High Version pom version 2.5 Highest
Description:
Annotations the SpotBugs tool supports
License:
GNU LESSER GENERAL PUBLIC LICENSE, Version 2.1: https://www.gnu.org/licenses/old-licenses/lgpl-2.1.en.html
File Path: /home/runner/.m2/repository/com/github/spotbugs/spotbugs-annotations/4.9.8/spotbugs-annotations-4.9.8.jar
MD5: d4c2e7bd090be697ad409a4e75684a94
SHA1: ca4a2783a6123e67124fd7feb4caccd2e2ac9a73
SHA256: 6f69d6fe9c55a54dcb30e87d8fa2d5f52246af50d7a3445246d9539ef221be1c
Referenced In Project/Scope: waffle-demo-spring-boot-filter2:provided
spotbugs-annotations-4.9.8.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle.demo/waffle-demo-spring-boot-filter2@3.6.0-SNAPSHOT
Evidence
Type Source Name Value Confidence Vendor file name spotbugs-annotations High Vendor Manifest automatic-module-name com.github.spotbugs.annotations Medium Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.8 Low Vendor Manifest bundle-symbolicname spotbugs-annotations Medium Vendor pom artifactid spotbugs-annotations Highest Vendor pom artifactid spotbugs-annotations Low Vendor pom developer email andreas.sewe@codetrails.com Low Vendor pom developer email dbrosius@mebigfatguy.com Low Vendor pom developer email loskutov@gmx.de Low Vendor pom developer email skypencil@gmail.com Low Vendor pom developer id henrik242 Medium Vendor pom developer id iloveeclipse Medium Vendor pom developer id jsotuyod Medium Vendor pom developer id KengoTODA Medium Vendor pom developer id mebigfatguy Medium Vendor pom developer id sewe Medium Vendor pom developer id ThrawnCA Medium Vendor pom developer name Andreas Sewe Medium Vendor pom developer name Andrey Loskutov Medium Vendor pom developer name Dave Brosius Medium Vendor pom developer name Juan Martín Sotuyo Dodero Medium Vendor pom developer name Kengo TODA Medium Vendor pom groupid com.github.spotbugs Highest Vendor pom name SpotBugs Annotations High Vendor pom url https://spotbugs.github.io/ Highest Product file name spotbugs-annotations High Product Manifest automatic-module-name com.github.spotbugs.annotations Medium Product Manifest Bundle-Name spotbugs-annotations Medium Product Manifest bundle-requiredexecutionenvironment JavaSE-1.8 Low Product Manifest bundle-symbolicname spotbugs-annotations Medium Product pom artifactid spotbugs-annotations Highest Product pom developer email andreas.sewe@codetrails.com Low Product pom developer email dbrosius@mebigfatguy.com Low Product pom developer email loskutov@gmx.de Low Product pom developer email skypencil@gmail.com Low Product pom developer id henrik242 Low Product pom developer id iloveeclipse Low Product pom developer id jsotuyod Low Product pom developer id KengoTODA Low Product pom developer id mebigfatguy Low Product pom developer id sewe Low Product pom developer id ThrawnCA Low Product pom developer name Andreas Sewe Low Product pom developer name Andrey Loskutov Low Product pom developer name Dave Brosius Low Product pom developer name Juan Martín Sotuyo Dodero Low Product pom developer name Kengo TODA Low Product pom groupid com.github.spotbugs Highest Product pom name SpotBugs Annotations High Product pom url https://spotbugs.github.io/ Medium Version file version 4.9.8 High Version Manifest Bundle-Version 4.9.8 High Version pom version 4.9.8 Highest
pkg:maven/com.github.spotbugs/spotbugs-annotations@4.9.8
(Confidence :High)
Description:
Spring Boot
License:
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /home/runner/.m2/repository/org/springframework/boot/spring-boot/2.7.18/spring-boot-2.7.18.jar
MD5: 0941c83c25204150f8bd73ae66c63fd1
SHA1: f6dbdd8da7c2bded63dff9b1f48d01a4923f20a0
SHA256: 530f4e0fdfeb3a0e2b3a369d15cdea38fbdc1696f8b030c35a6ad65c27524950
Referenced In Project/Scope: waffle-demo-spring-boot-filter2:compile
spring-boot-2.7.18.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.springframework.boot/spring-boot-starter@2.7.18
Evidence
Type Source Name Value Confidence Vendor file name spring-boot High Vendor hint analyzer vendor pivotal software Highest Vendor hint analyzer vendor SpringSource Highest Vendor hint analyzer vendor vmware Highest Vendor jar package name boot Highest Vendor jar package name springframework Highest Vendor Manifest automatic-module-name spring.boot Medium Vendor Manifest build-jdk-spec 1.8 Low Vendor pom artifactid spring-boot Highest Vendor pom artifactid spring-boot Low Vendor pom developer email ask@spring.io Low Vendor pom developer name Spring Medium Vendor pom developer org VMware, Inc. Medium Vendor pom developer org URL https://www.spring.io Medium Vendor pom groupid org.springframework.boot Highest Vendor pom name spring-boot High Vendor pom organization name VMware, Inc. High Vendor pom organization url https://spring.io Medium Vendor pom url https://spring.io/projects/spring-boot Highest Product file name spring-boot High Product jar package name boot Highest Product jar package name springframework Highest Product Manifest automatic-module-name spring.boot Medium Product Manifest build-jdk-spec 1.8 Low Product Manifest Implementation-Title Spring Boot High Product pom artifactid spring-boot Highest Product pom developer email ask@spring.io Low Product pom developer name Spring Low Product pom developer org VMware, Inc. Low Product pom developer org URL https://www.spring.io Low Product pom groupid org.springframework.boot Highest Product pom name spring-boot High Product pom organization name VMware, Inc. Low Product pom organization url https://spring.io Low Product pom url https://spring.io/projects/spring-boot Medium Version file version 2.7.18 High Version Manifest Implementation-Version 2.7.18 High Version pom version 2.7.18 Highest
Related Dependencies
spring-boot-autoconfigure-2.7.18.jar
File Path: /home/runner/.m2/repository/org/springframework/boot/spring-boot-autoconfigure/2.7.18/spring-boot-autoconfigure-2.7.18.jar
MD5: e127e4ed0469cc5442d3c8e5e42e7988
SHA1: 9cf147c6ca274c75b32556acdcba5a1de081ebcd
SHA256: 1c4e0aadcb662b6149b536a2cf288003ffefe81a6cc69846e9f14976529a1b08
pkg:maven/org.springframework.boot/spring-boot-autoconfigure@2.7.18
spring-boot-starter-2.7.18.jar
File Path: /home/runner/.m2/repository/org/springframework/boot/spring-boot-starter/2.7.18/spring-boot-starter-2.7.18.jar
MD5: 03fc89fcd959a332de7cdc22e6bdc60d
SHA1: e56b75105f9ace6df154fd47eeeeadc2f5791e56
SHA256: f67a5d913defa764295b6a0d8d13573624e437eb34e97d88c0e76bf181656071
pkg:maven/org.springframework.boot/spring-boot-starter@2.7.18
spring-boot-starter-json-2.7.18.jar
File Path: /home/runner/.m2/repository/org/springframework/boot/spring-boot-starter-json/2.7.18/spring-boot-starter-json-2.7.18.jar
MD5: 4227a48b68fbd7fb37dd079ad3217226
SHA1: b6d9ed5cae0c1929a9e561bf4799a3dc93a10db1
SHA256: 084f592d522dfa36790fe08d4d0b9cebe6683638889834ed2f885f3c42fecbf6
pkg:maven/org.springframework.boot/spring-boot-starter-json@2.7.18
spring-boot-starter-logging-2.7.18.jar
File Path: /home/runner/.m2/repository/org/springframework/boot/spring-boot-starter-logging/2.7.18/spring-boot-starter-logging-2.7.18.jar
MD5: b812106a59ea242570f1c55d71982495
SHA1: 19f7c255ba5255116f58c3bbaf52c7b88ea6af3e
SHA256: 202c0894dbfdeff7be005597ff98288133a62fe7f5593be4938400482d19dcb7
pkg:maven/org.springframework.boot/spring-boot-starter-logging@2.7.18
spring-boot-starter-security-2.7.18.jar
File Path: /home/runner/.m2/repository/org/springframework/boot/spring-boot-starter-security/2.7.18/spring-boot-starter-security-2.7.18.jar
MD5: f0461734fe73c8f250012d453cb4fb12
SHA1: 5d29a712fd0a5d7b77e348b660e2c0885b215bc4
SHA256: 075ee2311819e7076278f3f6321bca21447ee52db62ca000caf17132b37c986a
pkg:maven/org.springframework.boot/spring-boot-starter-security@2.7.18
spring-boot-starter-tomcat-2.7.18.jar
File Path: /home/runner/.m2/repository/org/springframework/boot/spring-boot-starter-tomcat/2.7.18/spring-boot-starter-tomcat-2.7.18.jar
MD5: c2080ad5020671b7884b9564006bd09c
SHA1: c56e50e006448e75a8bde595dbc754ba294389af
SHA256: e4a44478556749137f28001c35d897efff31f39161606589cc355dcbf797c6f0
pkg:maven/org.springframework.boot/spring-boot-starter-tomcat@2.7.18
spring-boot-starter-web-2.7.18.jar
File Path: /home/runner/.m2/repository/org/springframework/boot/spring-boot-starter-web/2.7.18/spring-boot-starter-web-2.7.18.jar
MD5: e0bfe77aa7415f3b86d70d41cf425ccd
SHA1: 0dd62ea85098187b4604e78dc15a7ff87dba173d
SHA256: a74fab5f826b600e3c3f4cd7028c5c982b0bf1b849673629cbb758ae790a4c08
pkg:maven/org.springframework.boot/spring-boot-starter-web@2.7.18
Description:
Spring Core
License:
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /home/runner/.m2/repository/org/springframework/spring-core/5.3.39/spring-core-5.3.39.jar
MD5: 632d2a8c30962a69273775968c052651
SHA1: d2bff2eedf27b51d6ef9a2fc892aaff5b7a768dd
SHA256: 3a1ddcf05420a9181bd9cacb6062a3edc493e14d555961ad50e1a6360eb1e75f
Referenced In Project/Scope: waffle-demo-spring-boot-filter2:compile
spring-core-5.3.39.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.springframework.boot/spring-boot-starter@2.7.18
Evidence
Type Source Name Value Confidence Vendor file name spring-core High Vendor hint analyzer vendor pivotal software Highest Vendor hint analyzer vendor SpringSource Highest Vendor hint analyzer vendor vmware Highest Vendor jar package name core Highest Vendor jar package name io Highest Vendor jar package name springframework Highest Vendor Manifest automatic-module-name spring.core Medium Vendor pom artifactid spring-core Highest Vendor pom artifactid spring-core Low Vendor pom developer email jhoeller@pivotal.io Low Vendor pom developer id jhoeller Medium Vendor pom developer name Juergen Hoeller Medium Vendor pom groupid org.springframework Highest Vendor pom name Spring Core High Vendor pom organization name Spring IO High Vendor pom organization url https://spring.io/projects/spring-framework Medium Vendor pom url spring-projects/spring-framework Highest Product file name spring-core High Product hint analyzer product springsource_spring_framework Highest Product jar package name core Highest Product jar package name io Highest Product jar package name springframework Highest Product Manifest automatic-module-name spring.core Medium Product Manifest Implementation-Title spring-core High Product pom artifactid spring-core Highest Product pom developer email jhoeller@pivotal.io Low Product pom developer id jhoeller Low Product pom developer name Juergen Hoeller Low Product pom groupid org.springframework Highest Product pom name Spring Core High Product pom organization name Spring IO Low Product pom organization url https://spring.io/projects/spring-framework Low Product pom url spring-projects/spring-framework High Version file version 5.3.39 High Version Manifest Implementation-Version 5.3.39 High Version pom version 5.3.39 Highest
Related Dependencies
spring-aop-5.3.39.jar
File Path: /home/runner/.m2/repository/org/springframework/spring-aop/5.3.39/spring-aop-5.3.39.jar
MD5: 47ef8946ec3f2f76f83cda172b9fd964
SHA1: 3af1f0d73ec1e031c7083c848342989f413ca275
SHA256: aa706e4f749982c0bae5fa637433c44c24f0fff5d16dc41deea6d30c3dfa7c85
pkg:maven/org.springframework/spring-aop@5.3.39
spring-beans-5.3.39.jar
File Path: /home/runner/.m2/repository/org/springframework/spring-beans/5.3.39/spring-beans-5.3.39.jar
MD5: c2f99040fb8b0bc98515c87b968227d3
SHA1: 87770ce736cbd777c07866cbc8a06b879765e3c8
SHA256: b6697a5d8facb81aa75e5a46d959d4256da9ce3b40d33f3b5bbd42a8b1ed5722
pkg:maven/org.springframework/spring-beans@5.3.39
spring-context-5.3.39.jar
File Path: /home/runner/.m2/repository/org/springframework/spring-context/5.3.39/spring-context-5.3.39.jar
MD5: 167e95de6f9de58b1ffff09990237021
SHA1: 286538ca4b3890192d63c88fdd1616adde17dc0e
SHA256: 9e644fc33bece9a9cb82538167a1b9640ae7b7d80252e893d89b8926a2f81633
pkg:maven/org.springframework/spring-context@5.3.39
spring-expression-5.3.39.jar
File Path: /home/runner/.m2/repository/org/springframework/spring-expression/5.3.39/spring-expression-5.3.39.jar
MD5: 41198683f2d488b4b2038b7d8e4b6d81
SHA1: 25cf07399eb7ac3fc13888b20dc4d67124ec75bd
SHA256: d5337774d889fcdc9c08b0c8b8aaa1018d4c95b9b441db0118f7ae4d328f2810
pkg:maven/org.springframework/spring-expression@5.3.39
spring-webmvc-5.3.39.jar
File Path: /home/runner/.m2/repository/org/springframework/spring-webmvc/5.3.39/spring-webmvc-5.3.39.jar
MD5: 7f428d04938f7d65077db3e269ca0d78
SHA1: 89c465ff3d37629a60e1ad4886f61a09a459d639
SHA256: 1ad8a2ba468c07024ba63cb7681bb30a2ecf8d91124f00fdb4a3d184131b87ed
pkg:maven/org.springframework/spring-webmvc@5.3.39
CVE-2024-38820 suppress
The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected.
NVD-CWE-noinfo, CWE-178 Improper Handling of Case Sensitivity
CVSSv3:
Base Score: MEDIUM (5.3)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
Description:
Spring Security
License:
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /home/runner/.m2/repository/org/springframework/security/spring-security-core/5.8.16/spring-security-core-5.8.16.jar
MD5: c70ae997256d27ca6fb1c7a8b24e4248
SHA1: b3d21a1f967db39dabaca487ba3fe58972e6a9a5
SHA256: 3be7d217048f5ea76fd6d0eddaa3169ad3bee0bba9c456e27670ec37ca33c3fd
Referenced In Project/Scope: waffle-demo-spring-boot-filter2:compile
spring-security-core-5.8.16.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-spring-boot-starter2@3.6.0-SNAPSHOT
Evidence
Type Source Name Value Confidence Vendor file name spring-security-core High Vendor hint analyzer vendor pivotal software Highest Vendor hint analyzer vendor SpringSource Highest Vendor hint analyzer vendor vmware Highest Vendor jar package name core Highest Vendor jar package name security Highest Vendor jar package name springframework Highest Vendor Manifest automatic-module-name spring.security.core Medium Vendor pom artifactid spring-security-core Highest Vendor pom artifactid spring-security-core Low Vendor pom developer email info@pivotal.io Low Vendor pom developer name Pivotal Medium Vendor pom developer org Pivotal Software, Inc. Medium Vendor pom developer org URL https://www.spring.io Medium Vendor pom groupid org.springframework.security Highest Vendor pom name spring-security-core High Vendor pom organization name Pivotal Software, Inc. High Vendor pom organization url https://spring.io Medium Vendor pom url https://spring.io/projects/spring-security Highest Product file name spring-security-core High Product jar package name core Highest Product jar package name security Highest Product jar package name springframework Highest Product Manifest automatic-module-name spring.security.core Medium Product Manifest Implementation-Title spring-security-core High Product pom artifactid spring-security-core Highest Product pom developer email info@pivotal.io Low Product pom developer name Pivotal Low Product pom developer org Pivotal Software, Inc. Low Product pom developer org URL https://www.spring.io Low Product pom groupid org.springframework.security Highest Product pom name spring-security-core High Product pom organization name Pivotal Software, Inc. Low Product pom organization url https://spring.io Low Product pom url https://spring.io/projects/spring-security Medium Version file version 5.8.16 High Version Manifest Implementation-Version 5.8.16 High Version pom version 5.8.16 Highest
Related Dependencies
spring-security-config-5.8.16.jar
File Path: /home/runner/.m2/repository/org/springframework/security/spring-security-config/5.8.16/spring-security-config-5.8.16.jar
MD5: 1e386c77733c252f4b9a80904ccb1c00
SHA1: 73bff85307254de9f30514db587420110aee72ee
SHA256: fb7218cd28ca5f82bafd4cc038d1727fc99ccfb0f3b38a8fc0545a93e9b2f8b5
pkg:maven/org.springframework.security/spring-security-config@5.8.16
spring-security-crypto-5.8.16.jar
File Path: /home/runner/.m2/repository/org/springframework/security/spring-security-crypto/5.8.16/spring-security-crypto-5.8.16.jar
MD5: 987ca02bb810d32c7d86968ff84e887c
SHA1: 340f3bb882bea8e9eafc66671d4c8e50f11867a7
SHA256: e47acdd647997efb36609698b64a2bec37fa119210f88fad813aa53610433cfd
pkg:maven/org.springframework.security/spring-security-crypto@5.8.16
spring-security-web-5.8.16.jar
File Path: /home/runner/.m2/repository/org/springframework/security/spring-security-web/5.8.16/spring-security-web-5.8.16.jar
MD5: 137862bb11c72092dd94d14d380fc784
SHA1: fade885f7f9df056dd5e3592d949e888cd82397d
SHA256: fe0843587f4dff188a1ecb822bf544c5f1c1ee46c757858a5a585039d8118304
pkg:maven/org.springframework.security/spring-security-web@5.8.16
Description:
Spring Web
License:
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /home/runner/.m2/repository/org/springframework/spring-web/5.3.39/spring-web-5.3.39.jar
MD5: 2b940bc714d6e29570b5dfa92755eefc
SHA1: 4ab03cd7376a6b3365d2798aac8d01dcd22c0174
SHA256: 444f243b936119b5488029f2d9399a3980855c60b493b9e2811464c6433a2b71
Referenced In Project/Scope: waffle-demo-spring-boot-filter2:compile
spring-web-5.3.39.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.springframework.boot/spring-boot-starter-web@2.7.18
Evidence
Type Source Name Value Confidence Vendor file name spring-web High Vendor hint analyzer vendor pivotal software Highest Vendor hint analyzer vendor SpringSource Highest Vendor hint analyzer vendor vmware Highest Vendor jar package name springframework Highest Vendor jar package name web Highest Vendor Manifest automatic-module-name spring.web Medium Vendor pom artifactid spring-web Highest Vendor pom artifactid spring-web Low Vendor pom developer email jhoeller@pivotal.io Low Vendor pom developer id jhoeller Medium Vendor pom developer name Juergen Hoeller Medium Vendor pom groupid org.springframework Highest Vendor pom name Spring Web High Vendor pom organization name Spring IO High Vendor pom organization url https://spring.io/projects/spring-framework Medium Vendor pom url spring-projects/spring-framework Highest Product file name spring-web High Product hint analyzer product springsource_spring_framework Highest Product jar package name springframework Highest Product jar package name web Highest Product Manifest automatic-module-name spring.web Medium Product Manifest Implementation-Title spring-web High Product pom artifactid spring-web Highest Product pom developer email jhoeller@pivotal.io Low Product pom developer id jhoeller Low Product pom developer name Juergen Hoeller Low Product pom groupid org.springframework Highest Product pom name Spring Web High Product pom organization name Spring IO Low Product pom organization url https://spring.io/projects/spring-framework Low Product pom url spring-projects/spring-framework High Version file version 5.3.39 High Version Manifest Implementation-Version 5.3.39 High Version pom version 5.3.39 Highest
CVE-2016-1000027 suppress
Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's position is that untrusted data is not an intended use case. The product's behavior will not be changed because some users rely on deserialization of trusted data.
CWE-502 Deserialization of Untrusted Data
CVSSv3:
Base Score: CRITICAL (9.8)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
CVSSv2:
Base Score: HIGH (7.5)
Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P References:
af854a3a-2127-422b-91ae-364da2661108 - https://security.netapp.com/advisory/ntap-20230420-0009/
af854a3a-2127-422b-91ae-364da2661108 - BROKEN_LINK,EXPLOIT,THIRD_PARTY_ADVISORY
af854a3a-2127-422b-91ae-364da2661108 - EXPLOIT,THIRD_PARTY_ADVISORY
af854a3a-2127-422b-91ae-364da2661108 - ISSUE_TRACKING,THIRD_PARTY_ADVISORY
af854a3a-2127-422b-91ae-364da2661108 - ISSUE_TRACKING,THIRD_PARTY_ADVISORY
af854a3a-2127-422b-91ae-364da2661108 - ISSUE_TRACKING,THIRD_PARTY_ADVISORY
af854a3a-2127-422b-91ae-364da2661108 - ISSUE_TRACKING,THIRD_PARTY_ADVISORY
af854a3a-2127-422b-91ae-364da2661108 - RELEASE_NOTES,THIRD_PARTY_ADVISORY
af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY
cve@mitre.org - https://security.netapp.com/advisory/ntap-20230420-0009/
cve@mitre.org - BROKEN_LINK,EXPLOIT,THIRD_PARTY_ADVISORY
cve@mitre.org - EXPLOIT,THIRD_PARTY_ADVISORY
cve@mitre.org - ISSUE_TRACKING,THIRD_PARTY_ADVISORY
cve@mitre.org - ISSUE_TRACKING,THIRD_PARTY_ADVISORY
cve@mitre.org - ISSUE_TRACKING,THIRD_PARTY_ADVISORY
cve@mitre.org - ISSUE_TRACKING,THIRD_PARTY_ADVISORY
cve@mitre.org - RELEASE_NOTES,THIRD_PARTY_ADVISORY
cve@mitre.org - THIRD_PARTY_ADVISORY
Vulnerable Software & Versions:
CVE-2024-38820 suppress
The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected.
NVD-CWE-noinfo, CWE-178 Improper Handling of Case Sensitivity
CVSSv3:
Base Score: MEDIUM (5.3)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
Description:
Core Tomcat implementation
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/apache/tomcat/embed/tomcat-embed-core/9.0.113/tomcat-embed-core-9.0.113.jar
MD5: 7d9e5b10c51f00a2f6bb222a7db1c118
SHA1: b364692bca96817268b38f183fafd14dbd00950e
SHA256: fdd67f6953c538cebffaa27df6384f2c614bf9f5aca8947d52db38701bd13957
Referenced In Project/Scope: waffle-demo-spring-boot-filter2:compile
tomcat-embed-core-9.0.113.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.springframework.boot/spring-boot-starter-web@2.7.18
Evidence
Type Source Name Value Confidence Vendor file name tomcat-embed-core High Vendor jar package name apache Highest Vendor jar package name core Highest Vendor jar package name tomcat Highest Vendor Manifest bundle-symbolicname org.apache.tomcat-embed-core Medium Vendor Manifest Implementation-Vendor Apache Software Foundation High Vendor Manifest provide-capability osgi.contract;osgi.contract=JavaJASPIC;version:List="1.1,1";uses:="javax.security.auth.message,javax.security.auth.message.callback,javax.security.auth.message.config,javax.security.auth.message.module",osgi.contract;osgi.contract=JavaServlet;version:List="4.0,3.1,3,2.5";uses:="javax.servlet,javax.servlet.annotation,javax.servlet.descriptor,javax.servlet.http,javax.servlet.resources" Low Vendor Manifest specification-vendor Apache Software Foundation Low Vendor manifest: javax/security/auth/message/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: javax/security/auth/message/callback/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: javax/security/auth/message/config/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: javax/security/auth/message/module/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: javax/servlet/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: javax/servlet/annotation/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: javax/servlet/descriptor/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: javax/servlet/http/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: javax/servlet/resources/ Implementation-Vendor Apache Software Foundation Medium Vendor pom artifactid tomcat-embed-core Highest Vendor pom artifactid tomcat-embed-core Low Vendor pom groupid org.apache.tomcat.embed Highest Vendor pom url https://tomcat.apache.org/ Highest Product file name tomcat-embed-core High Product jar package name annotation Highest Product jar package name apache Highest Product jar package name auth Highest Product jar package name core Highest Product jar package name descriptor Highest Product jar package name http Highest Product jar package name java Highest Product jar package name javax Highest Product jar package name message Highest Product jar package name security Highest Product jar package name servlet Highest Product jar package name servlets Highest Product jar package name tomcat Highest Product Manifest Bundle-Name tomcat-embed-core Medium Product Manifest bundle-symbolicname org.apache.tomcat-embed-core Medium Product Manifest Implementation-Title Apache Tomcat High Product Manifest provide-capability osgi.contract;osgi.contract=JavaJASPIC;version:List="1.1,1";uses:="javax.security.auth.message,javax.security.auth.message.callback,javax.security.auth.message.config,javax.security.auth.message.module",osgi.contract;osgi.contract=JavaServlet;version:List="4.0,3.1,3,2.5";uses:="javax.servlet,javax.servlet.annotation,javax.servlet.descriptor,javax.servlet.http,javax.servlet.resources" Low Product Manifest specification-title Apache Tomcat Medium Product manifest: javax/security/auth/message/ Implementation-Title javax.security.auth.message Medium Product manifest: javax/security/auth/message/ Specification-Title Java Authentication SPI for Containers Medium Product manifest: javax/security/auth/message/callback/ Implementation-Title javax.security.auth.message Medium Product manifest: javax/security/auth/message/callback/ Specification-Title Java Authentication SPI for Containers Medium Product manifest: javax/security/auth/message/config/ Implementation-Title javax.security.auth.message Medium Product manifest: javax/security/auth/message/config/ Specification-Title Java Authentication SPI for Containers Medium Product manifest: javax/security/auth/message/module/ Implementation-Title javax.security.auth.message Medium Product manifest: javax/security/auth/message/module/ Specification-Title Java Authentication SPI for Containers Medium Product manifest: javax/servlet/ Implementation-Title javax.servlet Medium Product manifest: javax/servlet/ Specification-Title Java API for Servlets Medium Product manifest: javax/servlet/annotation/ Implementation-Title javax.servlet Medium Product manifest: javax/servlet/annotation/ Specification-Title Java API for Servlets Medium Product manifest: javax/servlet/descriptor/ Implementation-Title javax.servlet Medium Product manifest: javax/servlet/descriptor/ Specification-Title Java API for Servlets Medium Product manifest: javax/servlet/http/ Implementation-Title javax.servlet Medium Product manifest: javax/servlet/http/ Specification-Title Java API for Servlets Medium Product manifest: javax/servlet/resources/ Implementation-Title javax.servlet Medium Product manifest: javax/servlet/resources/ Specification-Title Java API for Servlets Medium Product pom artifactid tomcat-embed-core Highest Product pom groupid org.apache.tomcat.embed Highest Product pom url https://tomcat.apache.org/ Medium Version file version 9.0.113 High Version Manifest Bundle-Version 9.0.113 High Version Manifest Implementation-Version 9.0.113 High Version pom version 9.0.113 Highest
Related Dependencies
tomcat-embed-websocket-9.0.113.jar
File Path: /home/runner/.m2/repository/org/apache/tomcat/embed/tomcat-embed-websocket/9.0.113/tomcat-embed-websocket-9.0.113.jar
MD5: 07316451c7b5b9d7cd4cf8a9fcf31e80
SHA1: dd5cc7678e09b821963c1977426ddb306c99bd52
SHA256: 937173cc6d41b39d8fab7a3c2e3e536eb5f5e14de5fd8679588b49e0d6ff88bd
pkg:maven/org.apache.tomcat.embed/tomcat-embed-websocket@9.0.113
Description:
Core Tomcat implementation
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/apache/tomcat/embed/tomcat-embed-el/9.0.113/tomcat-embed-el-9.0.113.jar
MD5: 80b47fc18a1348ce8b6101db8493866f
SHA1: 8f4c51d31666de2539d2e4498a6494ecc50abc61
SHA256: a6761d2504837af3805c306938603cea6982fb11a80175ca039f86fb142243b1
Referenced In Project/Scope: waffle-demo-spring-boot-filter2:compile
tomcat-embed-el-9.0.113.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.springframework.boot/spring-boot-starter-web@2.7.18
Evidence
Type Source Name Value Confidence Vendor file name tomcat-embed-el High Vendor jar package name apache Highest Vendor jar package name el Highest Vendor Manifest bundle-symbolicname org.apache.tomcat-embed-jasper-el Medium Vendor Manifest Implementation-Vendor Apache Software Foundation High Vendor Manifest provide-capability osgi.contract;osgi.contract=JavaEL;version:List="3.0,2.2,2.1";uses:="javax.el",osgi.service;objectClass:List="javax.el.ExpressionFactory";effective:=active,osgi.serviceloader;osgi.serviceloader="javax.el.ExpressionFactory";register:="org.apache.el.ExpressionFactoryImpl" Low Vendor Manifest specification-vendor Apache Software Foundation Low Vendor manifest: javax/el/ Implementation-Vendor Apache Software Foundation Medium Vendor pom artifactid tomcat-embed-el Highest Vendor pom artifactid tomcat-embed-el Low Vendor pom groupid org.apache.tomcat.embed Highest Vendor pom url https://tomcat.apache.org/ Highest Product file name tomcat-embed-el High Product jar package name apache Highest Product jar package name el Highest Product jar package name expression Highest Product jar package name expressionfactory Highest Product jar package name expressionfactoryimpl Highest Product jar package name javax Highest Product Manifest Bundle-Name tomcat-embed-jasper-el Medium Product Manifest bundle-symbolicname org.apache.tomcat-embed-jasper-el Medium Product Manifest Implementation-Title Apache Tomcat High Product Manifest provide-capability osgi.contract;osgi.contract=JavaEL;version:List="3.0,2.2,2.1";uses:="javax.el",osgi.service;objectClass:List="javax.el.ExpressionFactory";effective:=active,osgi.serviceloader;osgi.serviceloader="javax.el.ExpressionFactory";register:="org.apache.el.ExpressionFactoryImpl" Low Product Manifest specification-title Apache Tomcat Medium Product manifest: javax/el/ Implementation-Title javax.el Medium Product manifest: javax/el/ Specification-Title Expression Language Medium Product pom artifactid tomcat-embed-el Highest Product pom groupid org.apache.tomcat.embed Highest Product pom url https://tomcat.apache.org/ Medium Version file version 9.0.113 High Version Manifest Bundle-Version 9.0.113 High Version Manifest Implementation-Version 9.0.113 High Version pom version 9.0.113 Highest
pkg:maven/org.apache.tomcat.embed/tomcat-embed-el@9.0.113
(Confidence :High)