Press CTR-C to copy XML [help]


Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

How to read the report | Suppressing false positives | Getting Help: github issues

 Sponsor

Project: waffle-distro

com.github.waffle:waffle-distro:3.5.2-SNAPSHOT

Scan Information (show all):

Summary

Display: Showing Vulnerable Dependencies (click to show all)

DependencyVulnerability IDsPackageHighest SeverityCVE CountConfidenceEvidence Count
byte-buddy-1.15.11.jarpkg:maven/net.bytebuddy/byte-buddy@1.15.11 029
byte-buddy-agent-1.15.11.jarpkg:maven/net.bytebuddy/byte-buddy-agent@1.15.11 033
byte-buddy-agent-1.15.11.jar: attach_hotspot_windows.dll 02
byte-buddy-agent-1.15.11.jar: attach_hotspot_windows.dll 02
caffeine-3.1.8.jarpkg:maven/com.github.ben-manes.caffeine/caffeine@3.1.8 037
checker-qual-3.48.3.jarpkg:maven/org.checkerframework/checker-qual@3.48.3 044
com.github.waffle.demo:waffle-filter:3.5.2-SNAPSHOTpkg:maven/com.github.waffle.demo/waffle-filter@3.5.2-SNAPSHOT 06
com.github.waffle.demo:waffle-form:3.5.2-SNAPSHOTpkg:maven/com.github.waffle.demo/waffle-form@3.5.2-SNAPSHOT 06
com.github.waffle.demo:waffle-jaas:3.5.2-SNAPSHOTpkg:maven/com.github.waffle.demo/waffle-jaas@3.5.2-SNAPSHOT 06
com.github.waffle.demo:waffle-mixed-post:3.5.2-SNAPSHOTpkg:maven/com.github.waffle.demo/waffle-mixed-post@3.5.2-SNAPSHOT 06
com.github.waffle.demo:waffle-mixed:3.5.2-SNAPSHOTpkg:maven/com.github.waffle.demo/waffle-mixed@3.5.2-SNAPSHOT 06
com.github.waffle.demo:waffle-negotiate:3.5.2-SNAPSHOTpkg:maven/com.github.waffle.demo/waffle-negotiate@3.5.2-SNAPSHOT 06
com.github.waffle.demo:waffle-spring-boot-filter2:3.5.2-SNAPSHOTpkg:maven/com.github.waffle.demo/waffle-spring-boot-filter2@3.5.2-SNAPSHOT 06
com.github.waffle.demo:waffle-spring-boot-filter3:3.5.2-SNAPSHOTpkg:maven/com.github.waffle.demo/waffle-spring-boot-filter3@3.5.2-SNAPSHOT 06
com.github.waffle.demo:waffle-spring-filter:3.5.2-SNAPSHOTpkg:maven/com.github.waffle.demo/waffle-spring-filter@3.5.2-SNAPSHOT 06
com.github.waffle.demo:waffle-spring-form:3.5.2-SNAPSHOTpkg:maven/com.github.waffle.demo/waffle-spring-form@3.5.2-SNAPSHOT 06
com.github.waffle:waffle-jetty-jakarta:3.5.2-SNAPSHOTcpe:2.3:a:jetty:jetty:3.5.2:snapshot:*:*:*:*:*:*pkg:maven/com.github.waffle/waffle-jetty-jakarta@3.5.2-SNAPSHOT 0Low6
com.github.waffle:waffle-jetty:3.5.2-SNAPSHOTcpe:2.3:a:jetty:jetty:3.5.2:snapshot:*:*:*:*:*:*pkg:maven/com.github.waffle/waffle-jetty@3.5.2-SNAPSHOT 0Low6
com.github.waffle:waffle-jna-jakarta:3.5.2-SNAPSHOTpkg:maven/com.github.waffle/waffle-jna-jakarta@3.5.2-SNAPSHOT 06
com.github.waffle:waffle-jna:3.5.2-SNAPSHOTpkg:maven/com.github.waffle/waffle-jna@3.5.2-SNAPSHOT 06
com.github.waffle:waffle-shiro:3.5.2-SNAPSHOTpkg:maven/com.github.waffle/waffle-shiro@3.5.2-SNAPSHOT 06
com.github.waffle:waffle-spring-boot-autoconfigure2:3.5.2-SNAPSHOTpkg:maven/com.github.waffle/waffle-spring-boot-autoconfigure2@3.5.2-SNAPSHOT 06
com.github.waffle:waffle-spring-boot-autoconfigure3:3.5.2-SNAPSHOTpkg:maven/com.github.waffle/waffle-spring-boot-autoconfigure3@3.5.2-SNAPSHOT 06
com.github.waffle:waffle-spring-boot-starter2:3.5.2-SNAPSHOTpkg:maven/com.github.waffle/waffle-spring-boot-starter2@3.5.2-SNAPSHOT 06
com.github.waffle:waffle-spring-boot-starter3:3.5.2-SNAPSHOTpkg:maven/com.github.waffle/waffle-spring-boot-starter3@3.5.2-SNAPSHOT 06
com.github.waffle:waffle-spring-security5:3.5.2-SNAPSHOTpkg:maven/com.github.waffle/waffle-spring-security5@3.5.2-SNAPSHOT 06
com.github.waffle:waffle-spring-security6:3.5.2-SNAPSHOTpkg:maven/com.github.waffle/waffle-spring-security6@3.5.2-SNAPSHOT 06
com.github.waffle:waffle-tomcat10:3.5.2-SNAPSHOTpkg:maven/com.github.waffle/waffle-tomcat10@3.5.2-SNAPSHOT 06
com.github.waffle:waffle-tomcat11:3.5.2-SNAPSHOTpkg:maven/com.github.waffle/waffle-tomcat11@3.5.2-SNAPSHOT 06
com.github.waffle:waffle-tomcat9:3.5.2-SNAPSHOTpkg:maven/com.github.waffle/waffle-tomcat9@3.5.2-SNAPSHOT 06
error_prone_annotations-2.36.0.jarpkg:maven/com.google.errorprone/error_prone_annotations@2.36.0 029
j2objc-annotations-3.0.0.jarpkg:maven/com.google.j2objc/j2objc-annotations@3.0.0 033
jackson-core-2.13.5.jarcpe:2.3:a:fasterxml:jackson-modules-java8:2.13.5:*:*:*:*:*:*:*pkg:maven/com.fasterxml.jackson.core/jackson-core@2.13.5 0Low47
jackson-databind-2.13.5.jarcpe:2.3:a:fasterxml:jackson-databind:2.13.5:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-modules-java8:2.13.5:*:*:*:*:*:*:*		pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.5MEDIUM1Highest43
jakarta.annotation-api-1.3.5.jarcpe:2.3:a:oracle:projects:1.3.5:*:*:*:*:*:*:*pkg:maven/jakarta.annotation/jakarta.annotation-api@1.3.5 0Low35
jcl-over-slf4j-2.0.16.jarpkg:maven/org.slf4j/jcl-over-slf4j@2.0.16 031
jna-5.16.0.jarcpe:2.3:a:oracle:java_se:5.16.0:*:*:*:*:*:*:*pkg:maven/net.java.dev.jna/jna@5.16.0 0Low48
jna-5.16.0.jar: jnidispatch.dll 02
jna-5.16.0.jar: jnidispatch.dll 02
jna-5.16.0.jar: jnidispatch.dll 02
jna-platform-5.16.0.jarpkg:maven/net.java.dev.jna/jna-platform@5.16.0 044
jsr305-3.0.2.jarpkg:maven/com.google.code.findbugs/jsr305@3.0.2 017
jul-to-slf4j-1.7.36.jarpkg:maven/org.slf4j/jul-to-slf4j@1.7.36 028
log4j-api-2.24.3.jarcpe:2.3:a:apache:log4j:2.24.3:*:*:*:*:*:*:*pkg:maven/org.apache.logging.log4j/log4j-api@2.24.3 0Highest41
log4j-to-slf4j-2.24.3.jarpkg:maven/org.apache.logging.log4j/log4j-to-slf4j@2.24.3 037
logback-core-1.5.15.jarcpe:2.3:a:qos:logback:1.5.15:*:*:*:*:*:*:*pkg:maven/ch.qos.logback/logback-core@1.5.15 0Highest39
slf4j-api-2.0.16.jarpkg:maven/org.slf4j/slf4j-api@2.0.16 029
snakeyaml-1.30.jarcpe:2.3:a:snakeyaml_project:snakeyaml:1.30:*:*:*:*:*:*:*pkg:maven/org.yaml/snakeyaml@1.30CRITICAL7Highest44
spotbugs-annotations-4.8.6.jarpkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.6 053
spring-boot-2.7.18.jarcpe:2.3:a:vmware:spring_boot:2.7.18:*:*:*:*:*:*:*pkg:maven/org.springframework.boot/spring-boot@2.7.18 0Highest38
spring-boot-starter-web-2.7.18.jarcpe:2.3:a:vmware:spring_boot:2.7.18:*:*:*:*:*:*:*
cpe:2.3:a:web_project:web:2.7.18:*:*:*:*:*:*:*		pkg:maven/org.springframework.boot/spring-boot-starter-web@2.7.18 0Highest36
spring-core-5.3.39.jarcpe:2.3:a:pivotal_software:spring_framework:5.3.39:*:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:5.3.39:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:5.3.39:*:*:*:*:*:*:*		pkg:maven/org.springframework/spring-core@5.3.39MEDIUM1Highest37
spring-security-core-5.8.16.jarcpe:2.3:a:pivotal_software:spring_security:5.8.16:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_security:5.8.16:*:*:*:*:*:*:*		pkg:maven/org.springframework.security/spring-security-core@5.8.16 0Highest38
spring-security-crypto-5.8.16.jarcpe:2.3:a:pivotal_software:spring_security:5.8.16:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_security:5.8.16:*:*:*:*:*:*:*		pkg:maven/org.springframework.security/spring-security-crypto@5.8.16MEDIUM1Highest38
spring-security-web-5.8.16.jarcpe:2.3:a:pivotal_software:spring_security:5.8.16:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_security:5.8.16:*:*:*:*:*:*:*
cpe:2.3:a:web_project:web:5.8.16:*:*:*:*:*:*:*		pkg:maven/org.springframework.security/spring-security-web@5.8.16 0Highest38
spring-web-5.3.39.jarcpe:2.3:a:pivotal_software:spring_framework:5.3.39:*:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:5.3.39:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:5.3.39:*:*:*:*:*:*:*
cpe:2.3:a:web_project:web:5.3.39:*:*:*:*:*:*:*		pkg:maven/org.springframework/spring-web@5.3.39CRITICAL3Highest35
spring-webmvc-5.3.31.jarcpe:2.3:a:pivotal_software:spring_framework:5.3.31:*:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:5.3.31:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:5.3.31:*:*:*:*:*:*:*
cpe:2.3:a:web_project:web:5.3.31:*:*:*:*:*:*:*		pkg:maven/org.springframework/spring-webmvc@5.3.31HIGH2Highest37
tomcat-embed-core-9.0.83.jarcpe:2.3:a:apache:tomcat:9.0.83:*:*:*:*:*:*:*
cpe:2.3:a:apache_tomcat:apache_tomcat:9.0.83:*:*:*:*:*:*:*		pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.83 0Highest65
tomcat-embed-el-9.0.83.jarpkg:maven/org.apache.tomcat.embed/tomcat-embed-el@9.0.83 033

Dependencies (vulnerable)

byte-buddy-1.15.11.jar

Description:

        Byte Buddy is a Java library for creating Java classes at run time.
        This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/net/bytebuddy/byte-buddy/1.15.11/byte-buddy-1.15.11.jar
MD5: 603bc53c7a294f23765bfb7e1820ad44
SHA1: f61886478e0f9ee4c21d09574736f0ff45e0a46c
SHA256:fa08998aae1e7bdae83bde0712c50e8444d71c0e0c196bb2247ade8d4ad0eb90
Referenced In Project/Scope: waffle-distro:compile
byte-buddy-1.15.11.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.5.2-SNAPSHOT

Identifiers

byte-buddy-agent-1.15.11.jar

Description:

The Byte Buddy agent offers convenience for attaching an agent to the local or a remote VM.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/net/bytebuddy/byte-buddy-agent/1.15.11/byte-buddy-agent-1.15.11.jar
MD5: 449a1534609bf3535d74cbb10b4ed074
SHA1: a38b16385e867f59a641330f0362ebe742788ed8
SHA256:316d2c0795c2a4d4c4756f2e6f9349837c7430ac34e0477ead874d05f5cc19e5
Referenced In Project/Scope: waffle-distro:compile
byte-buddy-agent-1.15.11.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.5.2-SNAPSHOT

Identifiers

byte-buddy-agent-1.15.11.jar: attach_hotspot_windows.dll

File Path: /home/runner/.m2/repository/net/bytebuddy/byte-buddy-agent/1.15.11/byte-buddy-agent-1.15.11.jar/win32-x86-64/attach_hotspot_windows.dll
MD5: 053a783e5777c6a9867c27d51af89677
SHA1: 5ef4d98ae6a033a5707d0b5466e6138beb337e76
SHA256:16d424423f9b09accf132ad35dbeaa52ac9f6bd45bba1406b89df851f651db20
Referenced In Project/Scope: waffle-distro:compile

Identifiers

  • None

byte-buddy-agent-1.15.11.jar: attach_hotspot_windows.dll

File Path: /home/runner/.m2/repository/net/bytebuddy/byte-buddy-agent/1.15.11/byte-buddy-agent-1.15.11.jar/win32-x86/attach_hotspot_windows.dll
MD5: fbca33102ac97be0ed496c0f78e466b3
SHA1: c4df05146a86a6d073769bb697d550ef42518ed5
SHA256:810f94c4a2f5ca1a072c19859f7954fed9aa3a1dcb0d601e92d2338793202e72
Referenced In Project/Scope: waffle-distro:compile

Identifiers

  • None

caffeine-3.1.8.jar

Description:

A high performance caching library

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/github/ben-manes/caffeine/caffeine/3.1.8/caffeine-3.1.8.jar
MD5: b19301179903e8781776397d9923f7c8
SHA1: 24795585df8afaf70a2cd534786904ea5889c047
SHA256:7dd15f9df1be238ffaa367ce6f556737a88031de4294dad18eef57c474ddf1d3
Referenced In Project/Scope: waffle-distro:compile
caffeine-3.1.8.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.5.2-SNAPSHOT

Identifiers

checker-qual-3.48.3.jar

Description:

checker-qual contains annotations (type qualifiers) that a programmerwrites to specify Java code for type-checking by the Checker Framework.

License:

The MIT License: http://opensource.org/licenses/MIT
File Path: /home/runner/.m2/repository/org/checkerframework/checker-qual/3.48.3/checker-qual-3.48.3.jar
MD5: 9fe3deae54d20bd78960459c952ac7d4
SHA1: c48effe7d78de3cf5e8a98c614281ec6a2466a77
SHA256:443685b1b232803baaf803c15d6f5a425473c6f7b81c5f276dfcf93288e389a5
Referenced In Project/Scope: waffle-distro:compile
checker-qual-3.48.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.5.2-SNAPSHOT

Identifiers

com.github.waffle.demo:waffle-filter:3.5.2-SNAPSHOT

Description:

Filter Demo for WAFFLE

License:

MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-demo/waffle-filter/pom.xml

Referenced In Project/Scope: waffle-distro
com.github.waffle.demo:waffle-filter:3.5.2-SNAPSHOT is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.5.2-SNAPSHOT

Identifiers

com.github.waffle.demo:waffle-form:3.5.2-SNAPSHOT

Description:

Form Demo for WAFFLE

License:

MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-demo/waffle-form/pom.xml

Referenced In Project/Scope: waffle-distro
com.github.waffle.demo:waffle-form:3.5.2-SNAPSHOT is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.5.2-SNAPSHOT

Identifiers

com.github.waffle.demo:waffle-jaas:3.5.2-SNAPSHOT

Description:

Jaas Demo for WAFFLE

License:

MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-demo/waffle-jaas/pom.xml

Referenced In Project/Scope: waffle-distro
com.github.waffle.demo:waffle-jaas:3.5.2-SNAPSHOT is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.5.2-SNAPSHOT

Identifiers

com.github.waffle.demo:waffle-mixed-post:3.5.2-SNAPSHOT

Description:

Mixed Post Demo for WAFFLE

License:

MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-demo/waffle-mixed-post/pom.xml

Referenced In Project/Scope: waffle-distro
com.github.waffle.demo:waffle-mixed-post:3.5.2-SNAPSHOT is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.5.2-SNAPSHOT

Identifiers

com.github.waffle.demo:waffle-mixed:3.5.2-SNAPSHOT

Description:

Mixed Demo for WAFFLE

License:

MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-demo/waffle-mixed/pom.xml

Referenced In Project/Scope: waffle-distro
com.github.waffle.demo:waffle-mixed:3.5.2-SNAPSHOT is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.5.2-SNAPSHOT

Identifiers

com.github.waffle.demo:waffle-negotiate:3.5.2-SNAPSHOT

Description:

Negotiate Demo for WAFFLE

License:

MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-demo/waffle-negotiate/pom.xml

Referenced In Project/Scope: waffle-distro
com.github.waffle.demo:waffle-negotiate:3.5.2-SNAPSHOT is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.5.2-SNAPSHOT

Identifiers

com.github.waffle.demo:waffle-spring-boot-filter2:3.5.2-SNAPSHOT

Description:

Spring Boot Filter 2 Demo for WAFFLE

License:

MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-demo/waffle-spring-boot-filter2/pom.xml

Referenced In Project/Scope: waffle-distro
com.github.waffle.demo:waffle-spring-boot-filter2:3.5.2-SNAPSHOT is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.5.2-SNAPSHOT

Identifiers

com.github.waffle.demo:waffle-spring-boot-filter3:3.5.2-SNAPSHOT

Description:

Spring Boot Filter 3 Demo for WAFFLE

License:

MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-demo/waffle-spring-boot-filter3/pom.xml

Referenced In Project/Scope: waffle-distro
com.github.waffle.demo:waffle-spring-boot-filter3:3.5.2-SNAPSHOT is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.5.2-SNAPSHOT

Identifiers

com.github.waffle.demo:waffle-spring-filter:3.5.2-SNAPSHOT

Description:

Spring Filter Demo for WAFFLE

License:

MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-demo/waffle-spring-filter/pom.xml

Referenced In Project/Scope: waffle-distro
com.github.waffle.demo:waffle-spring-filter:3.5.2-SNAPSHOT is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.5.2-SNAPSHOT

Identifiers

com.github.waffle.demo:waffle-spring-form:3.5.2-SNAPSHOT

Description:

Spring Form Demo for WAFFLE

License:

MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-demo/waffle-spring-form/pom.xml

Referenced In Project/Scope: waffle-distro
com.github.waffle.demo:waffle-spring-form:3.5.2-SNAPSHOT is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.5.2-SNAPSHOT

Identifiers

com.github.waffle:waffle-jetty-jakarta:3.5.2-SNAPSHOT

Description:

Jetty Jakarta integration for WAFFLE

License:

MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-jetty-jakarta/pom.xml

Referenced In Project/Scope: waffle-distro
com.github.waffle:waffle-jetty-jakarta:3.5.2-SNAPSHOT is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.5.2-SNAPSHOT

Identifiers

com.github.waffle:waffle-jetty:3.5.2-SNAPSHOT

Description:

Jetty integration for WAFFLE

License:

MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-jetty/pom.xml

Referenced In Project/Scope: waffle-distro
com.github.waffle:waffle-jetty:3.5.2-SNAPSHOT is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.5.2-SNAPSHOT

Identifiers

com.github.waffle:waffle-jna-jakarta:3.5.2-SNAPSHOT

Description:

WAFFLE JNA Jakarta Pakage implementation

License:

MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-jna-jakarta/pom.xml

Referenced In Project/Scope: waffle-distro
com.github.waffle:waffle-jna-jakarta:3.5.2-SNAPSHOT is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.5.2-SNAPSHOT

Identifiers

com.github.waffle:waffle-jna:3.5.2-SNAPSHOT

Description:

WAFFLE JNA implementation

License:

MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-jna/pom.xml

Referenced In Project/Scope: waffle-distro
com.github.waffle:waffle-jna:3.5.2-SNAPSHOT is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.5.2-SNAPSHOT

Identifiers

com.github.waffle:waffle-shiro:3.5.2-SNAPSHOT

Description:

Shiro integration for WAFFLE

License:

MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-shiro/pom.xml

Referenced In Project/Scope: waffle-distro
com.github.waffle:waffle-shiro:3.5.2-SNAPSHOT is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.5.2-SNAPSHOT

Identifiers

com.github.waffle:waffle-spring-boot-autoconfigure2:3.5.2-SNAPSHOT

Description:

Spring Boot Autoconfigure for WAFFLE

License:

MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-spring-boot2/waffle-spring-boot-autoconfigure2/pom.xml

Referenced In Project/Scope: waffle-distro
com.github.waffle:waffle-spring-boot-autoconfigure2:3.5.2-SNAPSHOT is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.5.2-SNAPSHOT

Identifiers

com.github.waffle:waffle-spring-boot-autoconfigure3:3.5.2-SNAPSHOT

Description:

Spring Boot Autoconfigure for WAFFLE

License:

MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-spring-boot3/waffle-spring-boot-autoconfigure3/pom.xml

Referenced In Project/Scope: waffle-distro
com.github.waffle:waffle-spring-boot-autoconfigure3:3.5.2-SNAPSHOT is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.5.2-SNAPSHOT

Identifiers

com.github.waffle:waffle-spring-boot-starter2:3.5.2-SNAPSHOT

Description:

Spring Boot Starter for WAFFLE

License:

MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-spring-boot2/waffle-spring-boot-starter2/pom.xml

Referenced In Project/Scope: waffle-distro
com.github.waffle:waffle-spring-boot-starter2:3.5.2-SNAPSHOT is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.5.2-SNAPSHOT

Identifiers

com.github.waffle:waffle-spring-boot-starter3:3.5.2-SNAPSHOT

Description:

Spring Boot Starter for WAFFLE

License:

MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-spring-boot3/waffle-spring-boot-starter3/pom.xml

Referenced In Project/Scope: waffle-distro
com.github.waffle:waffle-spring-boot-starter3:3.5.2-SNAPSHOT is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.5.2-SNAPSHOT

Identifiers

com.github.waffle:waffle-spring-security5:3.5.2-SNAPSHOT

Description:

Spring Security 5 integration for WAFFLE

License:

MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-spring-security5/pom.xml

Referenced In Project/Scope: waffle-distro
com.github.waffle:waffle-spring-security5:3.5.2-SNAPSHOT is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.5.2-SNAPSHOT

Identifiers

com.github.waffle:waffle-spring-security6:3.5.2-SNAPSHOT

Description:

Spring Security 6 integration for WAFFLE

License:

MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-spring-security6/pom.xml

Referenced In Project/Scope: waffle-distro
com.github.waffle:waffle-spring-security6:3.5.2-SNAPSHOT is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.5.2-SNAPSHOT

Identifiers

com.github.waffle:waffle-tomcat10:3.5.2-SNAPSHOT

Description:

Tomcat 10 integration for WAFFLE

License:

MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-tomcat10/pom.xml

Referenced In Project/Scope: waffle-distro
com.github.waffle:waffle-tomcat10:3.5.2-SNAPSHOT is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.5.2-SNAPSHOT

Identifiers

com.github.waffle:waffle-tomcat11:3.5.2-SNAPSHOT

Description:

Tomcat 11 integration for WAFFLE

License:

MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-tomcat11/pom.xml

Referenced In Project/Scope: waffle-distro
com.github.waffle:waffle-tomcat11:3.5.2-SNAPSHOT is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.5.2-SNAPSHOT

Identifiers

com.github.waffle:waffle-tomcat9:3.5.2-SNAPSHOT

Description:

Tomcat 9 integration for WAFFLE

License:

MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-tomcat9/pom.xml

Referenced In Project/Scope: waffle-distro
com.github.waffle:waffle-tomcat9:3.5.2-SNAPSHOT is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.5.2-SNAPSHOT

Identifiers

error_prone_annotations-2.36.0.jar

Description:

Error Prone is a static analysis tool for Java that catches common programming mistakes at compile-time.

License:

Apache 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/google/errorprone/error_prone_annotations/2.36.0/error_prone_annotations-2.36.0.jar
MD5: 0e48e5ba2cd0a8d8d09bad849b99f6a6
SHA1: 227d4d4957ccc3dc5761bd897e3a0ee587e750a7
SHA256:77440e270b0bc9a249903c5a076c36a722c4886ca4f42675f2903a1c53ed61a5
Referenced In Project/Scope: waffle-distro:provided
error_prone_annotations-2.36.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.5.2-SNAPSHOT

Identifiers

j2objc-annotations-3.0.0.jar

Description:

    A set of annotations that provide additional information to the J2ObjC
    translator to modify the result of translation.

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/google/j2objc/j2objc-annotations/3.0.0/j2objc-annotations-3.0.0.jar
MD5: f59529b29202a5baf37f491ea5ec8627
SHA1: 7399e65dd7e9ff3404f4535b2f017093bdb134c7
SHA256:88241573467ddca44ffd4d74aa04c2bbfd11bf7c17e0c342c94c9de7a70a7c64
Referenced In Project/Scope: waffle-distro:provided
j2objc-annotations-3.0.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.5.2-SNAPSHOT

Identifiers

jackson-core-2.13.5.jar

Description:

Core Jackson processing abstractions (aka Streaming API), implementation for JSON

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.13.5/jackson-core-2.13.5.jar
MD5: 2272453c780d1383ecd2efde00c1a7a9
SHA1: 0d07c97d3de9ea658caf1ff1809fd9de930a286a
SHA256:48f36a025311d0464ad8dda4512a20c79e279a9550f63f3179d731d94482474b
Referenced In Project/Scope: waffle-distro:runtime
jackson-core-2.13.5.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle.demo/waffle-spring-boot-filter2@3.5.2-SNAPSHOT

Identifiers

jackson-databind-2.13.5.jar

Description:

General data-binding functionality for Jackson: works on core streaming API

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.13.5/jackson-databind-2.13.5.jar
MD5: 1dbb98839964a6967a428d868b2d8714
SHA1: aa95e46dbc32454f3983221d420e78ef19ddf844
SHA256:5fedb24b2356491815d18267f65da9a21dd67413345ad7795f221afa25c78984
Referenced In Project/Scope: waffle-distro:runtime
jackson-databind-2.13.5.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle.demo/waffle-spring-boot-filter2@3.5.2-SNAPSHOT

Identifiers

CVE-2023-35116  

jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor's perspective is that this is not a valid vulnerability report, because the steps of constructing a cyclic data structure and trying to serialize it cannot be achieved by an external attacker.
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv3:
  • Base Score: MEDIUM (4.7)
  • Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:1.0/RC:R/MAV:A

References:

Vulnerable Software & Versions:

jakarta.annotation-api-1.3.5.jar

Description:

Jakarta Annotations API

License:

EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html
File Path: /home/runner/.m2/repository/jakarta/annotation/jakarta.annotation-api/1.3.5/jakarta.annotation-api-1.3.5.jar
MD5: 8b165cf58df5f8c2a222f637c0a07c97
SHA1: 59eb84ee0d616332ff44aba065f3888cf002cd2d
SHA256:85fb03fc054cdf4efca8efd9b6712bbb418e1ab98241c4539c8585bbc23e1b8a
Referenced In Project/Scope: waffle-distro:runtime
jakarta.annotation-api-1.3.5.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-spring-boot-starter2@3.5.2-SNAPSHOT

Identifiers

jcl-over-slf4j-2.0.16.jar

Description:

JCL 1.2 implemented over SLF4J

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/slf4j/jcl-over-slf4j/2.0.16/jcl-over-slf4j-2.0.16.jar
MD5: c077b88c43f9d63f64f9880fdb457efb
SHA1: 9d08badad22f1ac07deac9188ade596472a2bfd9
SHA256:5744d62c5af556e839ab922c9fa3f737f0a5971e478ba68b2eb5256b2842ec78
Referenced In Project/Scope: waffle-distro:compile
jcl-over-slf4j-2.0.16.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.5.2-SNAPSHOT

Identifiers

jna-5.16.0.jar

Description:

Java Native Access

License:

LGPL-2.1-or-later: https://www.gnu.org/licenses/old-licenses/lgpl-2.1
Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/net/java/dev/jna/jna/5.16.0/jna-5.16.0.jar
MD5: accc2e2b8676434a87f4f73fb4d90b44
SHA1: ebea09f91dc9f7048099f963fb8d6f919f0a4d9c
SHA256:3f5233589a799eb66dc2969afa3433fb56859d3d787c58b9bc7dd9e86f0a250c
Referenced In Project/Scope: waffle-distro:compile
jna-5.16.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.5.2-SNAPSHOT

Identifiers

jna-5.16.0.jar: jnidispatch.dll

File Path: /home/runner/.m2/repository/net/java/dev/jna/jna/5.16.0/jna-5.16.0.jar/com/sun/jna/win32-aarch64/jnidispatch.dll
MD5: 302945a811fd8e21bcdd5226c73b6f74
SHA1: 6b05e299ff2b3eb3b7b7aeac44263f715693607c
SHA256:b8f98be314234cf12b5b46c29652f70c0f6abb93ae19b63d3fe2692062aa699d
Referenced In Project/Scope: waffle-distro:compile

Identifiers

  • None

jna-5.16.0.jar: jnidispatch.dll

File Path: /home/runner/.m2/repository/net/java/dev/jna/jna/5.16.0/jna-5.16.0.jar/com/sun/jna/win32-x86-64/jnidispatch.dll
MD5: 2d2475f1f026dd54e9f3e787ae4f81da
SHA1: 27ff882ac271db547aee520b38e3ba9aa91e136c
SHA256:5a7ff949f6d93d86491eb5b26b1cfc60051168a60622650224b89995ac420023
Referenced In Project/Scope: waffle-distro:compile

Identifiers

  • None

jna-5.16.0.jar: jnidispatch.dll

File Path: /home/runner/.m2/repository/net/java/dev/jna/jna/5.16.0/jna-5.16.0.jar/com/sun/jna/win32-x86/jnidispatch.dll
MD5: 0caa1ef75a807f9dde05084fa2219a5c
SHA1: 2f5e1cd82cde192905c7510ce99037b67d980640
SHA256:752d597cee7e95cb517327146bf42f124c0d6c0bc48b3ecc3b1b3b0531a52f44
Referenced In Project/Scope: waffle-distro:compile

Identifiers

  • None

jna-platform-5.16.0.jar

Description:

Java Native Access Platform

License:

LGPL-2.1-or-later: https://www.gnu.org/licenses/old-licenses/lgpl-2.1
Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/net/java/dev/jna/jna-platform/5.16.0/jna-platform-5.16.0.jar
MD5: 12ba6b7a7752ecf0a5baed725f3192c2
SHA1: b2a9065f97c166893d504b164706512338e3bbc2
SHA256:e5a79523964509757555782bb60283e4902611013f107e4600dc93298f73f382
Referenced In Project/Scope: waffle-distro:compile
jna-platform-5.16.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.5.2-SNAPSHOT

Identifiers

jsr305-3.0.2.jar

Description:

JSR305 Annotations for Findbugs

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar
MD5: dd83accb899363c32b07d7a1b2e4ce40
SHA1: 25ea2e8b0c338a877313bd4672d3fe056ea78f0d
SHA256:766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7
Referenced In Project/Scope: waffle-distro:provided
jsr305-3.0.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.6

Identifiers

jul-to-slf4j-1.7.36.jar

Description:

JUL to SLF4J bridge

File Path: /home/runner/.m2/repository/org/slf4j/jul-to-slf4j/1.7.36/jul-to-slf4j-1.7.36.jar
MD5: 2a3fe73e6cafe8f102facaf2dd65353f
SHA1: ed46d81cef9c412a88caef405b58f93a678ff2ca
SHA256:9e641fb142c5f0b0623d6222c09ea87523a41bf6bed48ac79940724010b989de
Referenced In Project/Scope: waffle-distro:runtime
jul-to-slf4j-1.7.36.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-spring-boot-starter2@3.5.2-SNAPSHOT

Identifiers

log4j-api-2.24.3.jar

Description:

The logging API of the Log4j project.
    Library and application code can log through this API.
    It contains a simple built-in implementation (`SimpleLogger`) for trivial use cases.
    Production applications are recommended to use Log4j API in combination with a fully-fledged implementation, such as Log4j Core.

License:

Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/apache/logging/log4j/log4j-api/2.24.3/log4j-api-2.24.3.jar
MD5: d89516699543c5c21be87ee1760695f3
SHA1: b02c125db8b6d295adf72ae6e71af5d83bce2370
SHA256:5b4a0a0cd0e751ded431c162442bdbdd53328d1f8bb2bae5fc1bbeee0f66d80f
Referenced In Project/Scope: waffle-distro:runtime
log4j-api-2.24.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-spring-boot-starter2@3.5.2-SNAPSHOT

Identifiers

log4j-to-slf4j-2.24.3.jar

Description:

Forwards the Log4j API calls to SLF4J.
    (Refer to the `log4j-slf4j[2]-impl` artifacts for forwarding SLF4J to the Log4j API.)

License:

Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/apache/logging/log4j/log4j-to-slf4j/2.24.3/log4j-to-slf4j-2.24.3.jar
MD5: 1f4b63f9c41f2f5179aa10b35d76e805
SHA1: da1143e2a2531ee1c2d90baa98eb50a28a39d5a7
SHA256:c7f2b0c612a4eb05b1587d1c880eb4cf5f4f53850676a8ede8da2b8fabb4f73f
Referenced In Project/Scope: waffle-distro:runtime
log4j-to-slf4j-2.24.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-spring-boot-starter2@3.5.2-SNAPSHOT

Identifiers

logback-core-1.5.15.jar

Description:

logback-core module

License:

http://www.eclipse.org/legal/epl-v10.html, http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html
File Path: /home/runner/.m2/repository/ch/qos/logback/logback-core/1.5.15/logback-core-1.5.15.jar
MD5: 932d68eb5c938eee29ddd0f47c0cf31b
SHA1: 81633c8360b7e5b4edc52ca908bf14de0b73ef05
SHA256:695bc40dd790cb710575f768e37b8eb12f814d84b008011a2ef85d5daaafa745
Referenced In Project/Scope: waffle-distro:runtime
logback-core-1.5.15.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.5.2-SNAPSHOT

Identifiers

slf4j-api-2.0.16.jar

Description:

The slf4j API

License:

http://www.opensource.org/licenses/mit-license.php
File Path: /home/runner/.m2/repository/org/slf4j/slf4j-api/2.0.16/slf4j-api-2.0.16.jar
MD5: c8de8f5d740584cb24b5652cfba8b3c4
SHA1: 0172931663a09a1fa515567af5fbef00897d3c04
SHA256:a12578dde1ba00bd9b816d388a0b879928d00bab3c83c240f7013bf4196c579a
Referenced In Project/Scope: waffle-distro:compile
slf4j-api-2.0.16.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.5.2-SNAPSHOT

Identifiers

snakeyaml-1.30.jar

Description:

YAML 1.1 parser and emitter for Java

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar
MD5: ba063b8ef3a8bfd591a1b56451166b14
SHA1: 8fde7fe2586328ac3c68db92045e1c8759125000
SHA256:f43a4e40a946b8cdfd0321bc1c9a839bc3f119c57e4ca84fb87c367f51c8b2b3
Referenced In Project/Scope: waffle-distro:runtime
snakeyaml-1.30.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-spring-boot-starter2@3.5.2-SNAPSHOT

Identifiers

CVE-2022-1471  

SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization. We recommend upgrading to version 2.0 and beyond.
CWE-502 Deserialization of Untrusted Data, CWE-20 Improper Input Validation

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions:

CVE-2022-25857  

The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.
CWE-776 Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions:

CVE-2022-38749  

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.
CWE-787 Out-of-bounds Write, CWE-121 Stack-based Buffer Overflow

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions:

CVE-2022-38751  

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.
CWE-787 Out-of-bounds Write, CWE-121 Stack-based Buffer Overflow

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions:

CVE-2022-38752  

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.
CWE-787 Out-of-bounds Write, CWE-121 Stack-based Buffer Overflow

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions:

CVE-2022-41854  

Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.
CWE-787 Out-of-bounds Write, CWE-121 Stack-based Buffer Overflow

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions:

CVE-2022-38750  

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.
CWE-787 Out-of-bounds Write, CWE-121 Stack-based Buffer Overflow

CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A

References:

Vulnerable Software & Versions:

spotbugs-annotations-4.8.6.jar

Description:

Annotations the SpotBugs tool supports

License:

GNU LESSER GENERAL PUBLIC LICENSE, Version 2.1: https://www.gnu.org/licenses/old-licenses/lgpl-2.1.en.html
File Path: /home/runner/.m2/repository/com/github/spotbugs/spotbugs-annotations/4.8.6/spotbugs-annotations-4.8.6.jar
MD5: 0806b237c67c69869506ce3ced9a722f
SHA1: 1dcffed3e561ed32134a0dff4717f19bc2fdf4d8
SHA256:4548b74a815ed44f5480ca4f06204a8b00809dc7e5f6a825a9edf18f40377b65
Referenced In Project/Scope: waffle-distro:provided
spotbugs-annotations-4.8.6.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.5.2-SNAPSHOT

Identifiers

spring-boot-2.7.18.jar

Description:

Spring Boot

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /home/runner/.m2/repository/org/springframework/boot/spring-boot/2.7.18/spring-boot-2.7.18.jar
MD5: 0941c83c25204150f8bd73ae66c63fd1
SHA1: f6dbdd8da7c2bded63dff9b1f48d01a4923f20a0
SHA256:530f4e0fdfeb3a0e2b3a369d15cdea38fbdc1696f8b030c35a6ad65c27524950
Referenced In Project/Scope: waffle-distro:runtime
spring-boot-2.7.18.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-spring-boot-autoconfigure2@3.5.2-SNAPSHOT

Identifiers

spring-boot-starter-web-2.7.18.jar

Description:

Starter for building web, including RESTful, applications using Spring MVC. Uses Tomcat as the default embedded container

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /home/runner/.m2/repository/org/springframework/boot/spring-boot-starter-web/2.7.18/spring-boot-starter-web-2.7.18.jar
MD5: e0bfe77aa7415f3b86d70d41cf425ccd
SHA1: 0dd62ea85098187b4604e78dc15a7ff87dba173d
SHA256:a74fab5f826b600e3c3f4cd7028c5c982b0bf1b849673629cbb758ae790a4c08
Referenced In Project/Scope: waffle-distro:runtime
spring-boot-starter-web-2.7.18.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle.demo/waffle-spring-boot-filter2@3.5.2-SNAPSHOT

Identifiers

spring-core-5.3.39.jar

Description:

Spring Core

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /home/runner/.m2/repository/org/springframework/spring-core/5.3.39/spring-core-5.3.39.jar
MD5: 632d2a8c30962a69273775968c052651
SHA1: d2bff2eedf27b51d6ef9a2fc892aaff5b7a768dd
SHA256:3a1ddcf05420a9181bd9cacb6062a3edc493e14d555961ad50e1a6360eb1e75f
Referenced In Project/Scope: waffle-distro:runtime
spring-core-5.3.39.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-spring-security5@3.5.2-SNAPSHOT

Identifiers

CVE-2024-38820  

The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected.
NVD-CWE-noinfo, CWE-178 Improper Handling of Case Sensitivity

CVSSv3:
  • Base Score: MEDIUM (5.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

spring-security-core-5.8.16.jar

Description:

Spring Security

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /home/runner/.m2/repository/org/springframework/security/spring-security-core/5.8.16/spring-security-core-5.8.16.jar
MD5: c70ae997256d27ca6fb1c7a8b24e4248
SHA1: b3d21a1f967db39dabaca487ba3fe58972e6a9a5
SHA256:3be7d217048f5ea76fd6d0eddaa3169ad3bee0bba9c456e27670ec37ca33c3fd
Referenced In Project/Scope: waffle-distro:runtime
spring-security-core-5.8.16.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-spring-security5@3.5.2-SNAPSHOT

Identifiers

spring-security-crypto-5.8.16.jar

Description:

Spring Security

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /home/runner/.m2/repository/org/springframework/security/spring-security-crypto/5.8.16/spring-security-crypto-5.8.16.jar
MD5: 987ca02bb810d32c7d86968ff84e887c
SHA1: 340f3bb882bea8e9eafc66671d4c8e50f11867a7
SHA256:e47acdd647997efb36609698b64a2bec37fa119210f88fad813aa53610433cfd
Referenced In Project/Scope: waffle-distro:runtime
spring-security-crypto-5.8.16.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-spring-security5@3.5.2-SNAPSHOT

Identifiers

CVE-2020-5408 (OSSINDEX)  

Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor. A malicious user with access to the data that has been encrypted using such an encryptor may be able to derive the unencrypted values using a dictionary attack.

Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2020-5408 for details
CWE-329 Generation of Predictable IV with CBC Mode

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.springframework.security:spring-security-crypto:5.8.16:*:*:*:*:*:*:*

spring-security-web-5.8.16.jar

Description:

Spring Security

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /home/runner/.m2/repository/org/springframework/security/spring-security-web/5.8.16/spring-security-web-5.8.16.jar
MD5: 137862bb11c72092dd94d14d380fc784
SHA1: fade885f7f9df056dd5e3592d949e888cd82397d
SHA256:fe0843587f4dff188a1ecb822bf544c5f1c1ee46c757858a5a585039d8118304
Referenced In Project/Scope: waffle-distro:runtime
spring-security-web-5.8.16.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-spring-security5@3.5.2-SNAPSHOT

Identifiers

spring-web-5.3.39.jar

Description:

Spring Web

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /home/runner/.m2/repository/org/springframework/spring-web/5.3.39/spring-web-5.3.39.jar
MD5: 2b940bc714d6e29570b5dfa92755eefc
SHA1: 4ab03cd7376a6b3365d2798aac8d01dcd22c0174
SHA256:444f243b936119b5488029f2d9399a3980855c60b493b9e2811464c6433a2b71
Referenced In Project/Scope: waffle-distro:runtime
spring-web-5.3.39.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-spring-security5@3.5.2-SNAPSHOT

Identifiers

CVE-2016-1000027  

Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's position is that untrusted data is not an intended use case. The product's behavior will not be changed because some users rely on deserialization of trusted data.
CWE-502 Deserialization of Untrusted Data

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions:

CVE-2024-38828 (OSSINDEX)  

Spring MVC controller methods with an @RequestBody byte[] method parameter are vulnerable to a DoS attack.
CWE-400 Uncontrolled Resource Consumption

CVSSv2:
  • Base Score: MEDIUM (6.900000095367432)
  • Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.springframework:spring-web:5.3.39:*:*:*:*:*:*:*

CVE-2024-38820  

The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected.
NVD-CWE-noinfo, CWE-178 Improper Handling of Case Sensitivity

CVSSv3:
  • Base Score: MEDIUM (5.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

spring-webmvc-5.3.31.jar

Description:

Spring Web MVC

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /home/runner/.m2/repository/org/springframework/spring-webmvc/5.3.31/spring-webmvc-5.3.31.jar
MD5: 7401b647e906d3853ad02b62496cfadf
SHA1: 45754d056effe8257a012f6b98ed5454cf1e8960
SHA256:29c1b96c424dcb637fec2d1e6493b088d977e748a56da7f34e6a7c3c39d18c74
Referenced In Project/Scope: waffle-distro:runtime
spring-webmvc-5.3.31.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle.demo/waffle-spring-boot-filter2@3.5.2-SNAPSHOT

Identifiers

CVE-2024-38816 (OSSINDEX)  

Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application is running.

Specifically, an application is vulnerable when both of the following are true:

  *  the web application uses RouterFunctions to serve static resources
  *  resource handling is explicitly configured with a FileSystemResource location


However, malicious requests are blocked and rejected when any of the following is true:

  *  the  Spring Security HTTP Firewall https://docs.spring.io/spring-security/reference/servlet/exploits/firewall.html  is in use
  *  the application runs on Tomcat or Jetty
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv2:
  • Base Score: HIGH (8.199999809265137)
  • Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.springframework:spring-webmvc:5.3.31:*:*:*:*:*:*:*

CVE-2024-38820  

The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected.
NVD-CWE-noinfo, CWE-178 Improper Handling of Case Sensitivity

CVSSv3:
  • Base Score: MEDIUM (5.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

tomcat-embed-core-9.0.83.jar

Description:

Core Tomcat implementation

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/apache/tomcat/embed/tomcat-embed-core/9.0.83/tomcat-embed-core-9.0.83.jar
MD5: d4e2068023fe800fd22a9fe2529c290b
SHA1: d771e4343b0515c67dab2a09fe02f5d47550153f
SHA256:4ed404d5dea8652846f3c52c094764c2ec018f28a3561f1d27df700f7aa5b376
Referenced In Project/Scope: waffle-distro:runtime
tomcat-embed-core-9.0.83.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle.demo/waffle-spring-boot-filter2@3.5.2-SNAPSHOT

Identifiers

tomcat-embed-el-9.0.83.jar

Description:

Core Tomcat implementation

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/apache/tomcat/embed/tomcat-embed-el/9.0.83/tomcat-embed-el-9.0.83.jar
MD5: eabd7f3ade6cb0cf36f7b238897b8f1d
SHA1: b0cdada70099c25f45fceb48e1ebce60d138a5ce
SHA256:a82c4cf8cf9e88d6891cbb4cbcb9f85f788e147c464cbeba15a2c83276f3344c
Referenced In Project/Scope: waffle-distro:runtime
tomcat-embed-el-9.0.83.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle.demo/waffle-spring-boot-filter2@3.5.2-SNAPSHOT

Identifiers



This report contains data retrieved from the National Vulnerability Database.
This report may contain data retrieved from the CISA Known Exploited Vulnerability Catalog.
This report may contain data retrieved from the Github Advisory Database (via NPM Audit API).
This report may contain data retrieved from RetireJS.
This report may contain data retrieved from the Sonatype OSS Index.