Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

How to read the report | Suppressing false positives | Getting Help: github issues

 Sponsor

Project: waffle-distro

com.github.waffle:waffle-distro:3.3.1-SNAPSHOT

Scan Information (show all):

Summary

Display: Showing Vulnerable Dependencies (click to show all)

DependencyVulnerability IDsPackageHighest SeverityCVE CountConfidenceEvidence Count
byte-buddy-1.14.11.jarpkg:maven/net.bytebuddy/byte-buddy@1.14.11 029
byte-buddy-agent-1.14.11.jarpkg:maven/net.bytebuddy/byte-buddy-agent@1.14.11 033
byte-buddy-agent-1.14.11.jar: attach_hotspot_windows.dll 02
byte-buddy-agent-1.14.11.jar: attach_hotspot_windows.dll 02
caffeine-3.1.8.jarpkg:maven/com.github.ben-manes.caffeine/caffeine@3.1.8 037
checker-qual-3.42.0.jarpkg:maven/org.checkerframework/checker-qual@3.42.0 046
com.github.waffle.demo:waffle-filter:3.3.1-SNAPSHOTpkg:maven/com.github.waffle.demo/waffle-filter@3.3.1-SNAPSHOT 06
com.github.waffle.demo:waffle-form:3.3.1-SNAPSHOTpkg:maven/com.github.waffle.demo/waffle-form@3.3.1-SNAPSHOT 06
com.github.waffle.demo:waffle-jaas:3.3.1-SNAPSHOTpkg:maven/com.github.waffle.demo/waffle-jaas@3.3.1-SNAPSHOT 06
com.github.waffle.demo:waffle-mixed-post:3.3.1-SNAPSHOTpkg:maven/com.github.waffle.demo/waffle-mixed-post@3.3.1-SNAPSHOT 06
com.github.waffle.demo:waffle-mixed:3.3.1-SNAPSHOTpkg:maven/com.github.waffle.demo/waffle-mixed@3.3.1-SNAPSHOT 06
com.github.waffle.demo:waffle-negotiate:3.3.1-SNAPSHOTpkg:maven/com.github.waffle.demo/waffle-negotiate@3.3.1-SNAPSHOT 06
com.github.waffle.demo:waffle-spring-boot-filter2:3.3.1-SNAPSHOTpkg:maven/com.github.waffle.demo/waffle-spring-boot-filter2@3.3.1-SNAPSHOT 06
com.github.waffle.demo:waffle-spring-boot-filter3:3.3.1-SNAPSHOTpkg:maven/com.github.waffle.demo/waffle-spring-boot-filter3@3.3.1-SNAPSHOT 06
com.github.waffle.demo:waffle-spring-filter:3.3.1-SNAPSHOTpkg:maven/com.github.waffle.demo/waffle-spring-filter@3.3.1-SNAPSHOT 06
com.github.waffle.demo:waffle-spring-form:3.3.1-SNAPSHOTpkg:maven/com.github.waffle.demo/waffle-spring-form@3.3.1-SNAPSHOT 06
com.github.waffle:waffle-jetty:3.3.1-SNAPSHOTcpe:2.3:a:jetty:jetty:3.3.1:snapshot:*:*:*:*:*:*pkg:maven/com.github.waffle/waffle-jetty@3.3.1-SNAPSHOT 0Low6
com.github.waffle:waffle-jna-jakarta:3.3.1-SNAPSHOTpkg:maven/com.github.waffle/waffle-jna-jakarta@3.3.1-SNAPSHOT 06
com.github.waffle:waffle-jna:3.3.1-SNAPSHOTpkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT 06
com.github.waffle:waffle-shiro:3.3.1-SNAPSHOTpkg:maven/com.github.waffle/waffle-shiro@3.3.1-SNAPSHOT 06
com.github.waffle:waffle-spring-boot-autoconfigure2:3.3.1-SNAPSHOTpkg:maven/com.github.waffle/waffle-spring-boot-autoconfigure2@3.3.1-SNAPSHOT 06
com.github.waffle:waffle-spring-boot-autoconfigure3:3.3.1-SNAPSHOTpkg:maven/com.github.waffle/waffle-spring-boot-autoconfigure3@3.3.1-SNAPSHOT 06
com.github.waffle:waffle-spring-boot-starter2:3.3.1-SNAPSHOTpkg:maven/com.github.waffle/waffle-spring-boot-starter2@3.3.1-SNAPSHOT 06
com.github.waffle:waffle-spring-boot-starter3:3.3.1-SNAPSHOTpkg:maven/com.github.waffle/waffle-spring-boot-starter3@3.3.1-SNAPSHOT 06
com.github.waffle:waffle-spring-security5:3.3.1-SNAPSHOTpkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT 06
com.github.waffle:waffle-spring-security6:3.3.1-SNAPSHOTpkg:maven/com.github.waffle/waffle-spring-security6@3.3.1-SNAPSHOT 06
com.github.waffle:waffle-tomcat10:3.3.1-SNAPSHOTpkg:maven/com.github.waffle/waffle-tomcat10@3.3.1-SNAPSHOT 06
com.github.waffle:waffle-tomcat85:3.3.1-SNAPSHOTpkg:maven/com.github.waffle/waffle-tomcat85@3.3.1-SNAPSHOT 06
com.github.waffle:waffle-tomcat9:3.3.1-SNAPSHOTpkg:maven/com.github.waffle/waffle-tomcat9@3.3.1-SNAPSHOT 06
error_prone_annotations-2.24.1.jarpkg:maven/com.google.errorprone/error_prone_annotations@2.24.1 029
j2objc-annotations-2.8.jarpkg:maven/com.google.j2objc/j2objc-annotations@2.8 024
jackson-core-2.13.5.jarcpe:2.3:a:fasterxml:jackson-modules-java8:2.13.5:*:*:*:*:*:*:*pkg:maven/com.fasterxml.jackson.core/jackson-core@2.13.5 0Low47
jackson-databind-2.13.5.jarcpe:2.3:a:fasterxml:jackson-databind:2.13.5:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-modules-java8:2.13.5:*:*:*:*:*:*:*
pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.5MEDIUM1Highest43
jakarta.annotation-api-1.3.5.jarcpe:2.3:a:oracle:projects:1.3.5:*:*:*:*:*:*:*pkg:maven/jakarta.annotation/jakarta.annotation-api@1.3.5 0Low35
jcl-over-slf4j-2.0.11.jarpkg:maven/org.slf4j/jcl-over-slf4j@2.0.11 031
jna-5.14.0.jarcpe:2.3:a:oracle:java_se:5.14.0:*:*:*:*:*:*:*pkg:maven/net.java.dev.jna/jna@5.14.0 0Low48
jna-5.14.0.jar: jnidispatch.dll 02
jna-5.14.0.jar: jnidispatch.dll 02
jna-5.14.0.jar: jnidispatch.dll 02
jna-platform-5.14.0.jarpkg:maven/net.java.dev.jna/jna-platform@5.14.0 044
jsr305-3.0.2.jarpkg:maven/com.google.code.findbugs/jsr305@3.0.2 017
jul-to-slf4j-1.7.36.jarpkg:maven/org.slf4j/jul-to-slf4j@1.7.36 028
log4j-api-2.22.1.jarcpe:2.3:a:apache:log4j:2.22.1:*:*:*:*:*:*:*pkg:maven/org.apache.logging.log4j/log4j-api@2.22.1 0Highest39
log4j-to-slf4j-2.22.1.jarpkg:maven/org.apache.logging.log4j/log4j-to-slf4j@2.22.1 037
logback-core-1.4.14.jarcpe:2.3:a:qos:logback:1.4.14:*:*:*:*:*:*:*pkg:maven/ch.qos.logback/logback-core@1.4.14 0Highest36
slf4j-api-2.0.11.jarpkg:maven/org.slf4j/slf4j-api@2.0.11 029
snakeyaml-1.30.jarcpe:2.3:a:snakeyaml_project:snakeyaml:1.30:*:*:*:*:*:*:*pkg:maven/org.yaml/snakeyaml@1.30CRITICAL7Highest44
spotbugs-annotations-4.8.3.jarpkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.3 053
spring-boot-2.7.18.jarcpe:2.3:a:vmware:spring_boot:2.7.18:*:*:*:*:*:*:*pkg:maven/org.springframework.boot/spring-boot@2.7.18 0Highest38
spring-boot-starter-web-2.7.18.jarcpe:2.3:a:vmware:spring_boot:2.7.18:*:*:*:*:*:*:*
cpe:2.3:a:web_project:web:2.7.18:*:*:*:*:*:*:*
pkg:maven/org.springframework.boot/spring-boot-starter-web@2.7.18 0Highest36
spring-core-5.3.31.jarcpe:2.3:a:pivotal_software:spring_framework:5.3.31:*:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:5.3.31:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:5.3.31:*:*:*:*:*:*:*
pkg:maven/org.springframework/spring-core@5.3.31 0Highest37
spring-security-core-5.8.9.jarcpe:2.3:a:pivotal_software:spring_security:5.8.9:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_security:5.8.9:*:*:*:*:*:*:*
pkg:maven/org.springframework.security/spring-security-core@5.8.9 0Highest38
spring-security-crypto-5.8.9.jarcpe:2.3:a:pivotal_software:spring_security:5.8.9:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_security:5.8.9:*:*:*:*:*:*:*
pkg:maven/org.springframework.security/spring-security-crypto@5.8.9MEDIUM1Highest38
spring-security-web-5.8.9.jarcpe:2.3:a:pivotal_software:spring_security:5.8.9:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_security:5.8.9:*:*:*:*:*:*:*
cpe:2.3:a:web_project:web:5.8.9:*:*:*:*:*:*:*
pkg:maven/org.springframework.security/spring-security-web@5.8.9 0Highest38
spring-web-5.3.31.jarcpe:2.3:a:pivotal_software:spring_framework:5.3.31:*:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:5.3.31:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:5.3.31:*:*:*:*:*:*:*
cpe:2.3:a:web_project:web:5.3.31:*:*:*:*:*:*:*
pkg:maven/org.springframework/spring-web@5.3.31CRITICAL1Highest35
spring-webmvc-5.3.31.jarcpe:2.3:a:pivotal_software:spring_framework:5.3.31:*:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:5.3.31:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:5.3.31:*:*:*:*:*:*:*
cpe:2.3:a:web_project:web:5.3.31:*:*:*:*:*:*:*
pkg:maven/org.springframework/spring-webmvc@5.3.31 0Highest37
tomcat-embed-core-9.0.83.jarcpe:2.3:a:apache:tomcat:9.0.83:*:*:*:*:*:*:*
cpe:2.3:a:apache_tomcat:apache_tomcat:9.0.83:*:*:*:*:*:*:*
pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.83 0Highest65
tomcat-embed-el-9.0.83.jarpkg:maven/org.apache.tomcat.embed/tomcat-embed-el@9.0.83 033

Dependencies (vulnerable)

byte-buddy-1.14.11.jar

Description:

        Byte Buddy is a Java library for creating Java classes at run time.
        This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.
    

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/net/bytebuddy/byte-buddy/1.14.11/byte-buddy-1.14.11.jar
MD5: c28e36075a114b176953fc10a5370be7
SHA1: 725602eb7c8c56b51b9c21f273f9df5c909d9e7d
SHA256:62ae28187ed2b062813da6a9d567bfee733c341582699b62dd980230729a0313
Referenced In Project/Scope: waffle-distro:compile
byte-buddy-1.14.11.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT

Identifiers

byte-buddy-agent-1.14.11.jar

Description:

The Byte Buddy agent offers convenience for attaching an agent to the local or a remote VM.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/net/bytebuddy/byte-buddy-agent/1.14.11/byte-buddy-agent-1.14.11.jar
MD5: 0de12734d808654692599b08ccd84020
SHA1: f9cb566608fbac6bc7bf54901a7aa11543a989ee
SHA256:2f537a621a64fa7013d68c695a76a34ee8d79dad74e635caca16dd56257aeb80
Referenced In Project/Scope: waffle-distro:compile
byte-buddy-agent-1.14.11.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT

Identifiers

byte-buddy-agent-1.14.11.jar: attach_hotspot_windows.dll

File Path: /home/runner/.m2/repository/net/bytebuddy/byte-buddy-agent/1.14.11/byte-buddy-agent-1.14.11.jar/win32-x86-64/attach_hotspot_windows.dll
MD5: 053a783e5777c6a9867c27d51af89677
SHA1: 5ef4d98ae6a033a5707d0b5466e6138beb337e76
SHA256:16d424423f9b09accf132ad35dbeaa52ac9f6bd45bba1406b89df851f651db20
Referenced In Project/Scope: waffle-distro:compile

Identifiers

  • None

byte-buddy-agent-1.14.11.jar: attach_hotspot_windows.dll

File Path: /home/runner/.m2/repository/net/bytebuddy/byte-buddy-agent/1.14.11/byte-buddy-agent-1.14.11.jar/win32-x86/attach_hotspot_windows.dll
MD5: fbca33102ac97be0ed496c0f78e466b3
SHA1: c4df05146a86a6d073769bb697d550ef42518ed5
SHA256:810f94c4a2f5ca1a072c19859f7954fed9aa3a1dcb0d601e92d2338793202e72
Referenced In Project/Scope: waffle-distro:compile

Identifiers

  • None

caffeine-3.1.8.jar

Description:

A high performance caching library

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/github/ben-manes/caffeine/caffeine/3.1.8/caffeine-3.1.8.jar
MD5: b19301179903e8781776397d9923f7c8
SHA1: 24795585df8afaf70a2cd534786904ea5889c047
SHA256:7dd15f9df1be238ffaa367ce6f556737a88031de4294dad18eef57c474ddf1d3
Referenced In Project/Scope: waffle-distro:compile
caffeine-3.1.8.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT

Identifiers

checker-qual-3.42.0.jar

Description:

checker-qual contains annotations (type qualifiers) that a programmer
writes to specify Java code for type-checking by the Checker Framework.

License:

The MIT License: http://opensource.org/licenses/MIT
File Path: /home/runner/.m2/repository/org/checkerframework/checker-qual/3.42.0/checker-qual-3.42.0.jar
MD5: 4c55448dcbfe9c3702f7758fc8fe0086
SHA1: 638ec33f363a94d41a4f03c3e7d3dcfba64e402d
SHA256:ccaedd33af0b7894d9f2f3b644f4d19e43928e32902e61ac4d10777830f5aac7
Referenced In Project/Scope: waffle-distro:compile
checker-qual-3.42.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT

Identifiers

com.github.waffle.demo:waffle-filter:3.3.1-SNAPSHOT

Description:

Filter Demo for WAFFLE

License:

MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-demo/waffle-filter/pom.xml

Referenced In Project/Scope: waffle-distro
com.github.waffle.demo:waffle-filter:3.3.1-SNAPSHOT is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT

Identifiers

com.github.waffle.demo:waffle-form:3.3.1-SNAPSHOT

Description:

Form Demo for WAFFLE

License:

MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-demo/waffle-form/pom.xml

Referenced In Project/Scope: waffle-distro
com.github.waffle.demo:waffle-form:3.3.1-SNAPSHOT is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT

Identifiers

com.github.waffle.demo:waffle-jaas:3.3.1-SNAPSHOT

Description:

Jaas Demo for WAFFLE

License:

MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-demo/waffle-jaas/pom.xml

Referenced In Project/Scope: waffle-distro
com.github.waffle.demo:waffle-jaas:3.3.1-SNAPSHOT is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT

Identifiers

com.github.waffle.demo:waffle-mixed-post:3.3.1-SNAPSHOT

Description:

Mixed Post Demo for WAFFLE

License:

MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-demo/waffle-mixed-post/pom.xml

Referenced In Project/Scope: waffle-distro
com.github.waffle.demo:waffle-mixed-post:3.3.1-SNAPSHOT is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT

Identifiers

com.github.waffle.demo:waffle-mixed:3.3.1-SNAPSHOT

Description:

Mixed Demo for WAFFLE

License:

MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-demo/waffle-mixed/pom.xml

Referenced In Project/Scope: waffle-distro
com.github.waffle.demo:waffle-mixed:3.3.1-SNAPSHOT is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT

Identifiers

com.github.waffle.demo:waffle-negotiate:3.3.1-SNAPSHOT

Description:

Negotiate Demo for WAFFLE

License:

MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-demo/waffle-negotiate/pom.xml

Referenced In Project/Scope: waffle-distro
com.github.waffle.demo:waffle-negotiate:3.3.1-SNAPSHOT is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT

Identifiers

com.github.waffle.demo:waffle-spring-boot-filter2:3.3.1-SNAPSHOT

Description:

Spring Boot Filter 2 Demo for WAFFLE

License:

MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-demo/waffle-spring-boot-filter2/pom.xml

Referenced In Project/Scope: waffle-distro
com.github.waffle.demo:waffle-spring-boot-filter2:3.3.1-SNAPSHOT is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT

Identifiers

com.github.waffle.demo:waffle-spring-boot-filter3:3.3.1-SNAPSHOT

Description:

Spring Boot Filter 3 Demo for WAFFLE

License:

MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-demo/waffle-spring-boot-filter3/pom.xml

Referenced In Project/Scope: waffle-distro
com.github.waffle.demo:waffle-spring-boot-filter3:3.3.1-SNAPSHOT is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT

Identifiers

com.github.waffle.demo:waffle-spring-filter:3.3.1-SNAPSHOT

Description:

Spring Filter Demo for WAFFLE

License:

MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-demo/waffle-spring-filter/pom.xml

Referenced In Project/Scope: waffle-distro
com.github.waffle.demo:waffle-spring-filter:3.3.1-SNAPSHOT is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT

Identifiers

com.github.waffle.demo:waffle-spring-form:3.3.1-SNAPSHOT

Description:

Spring Form Demo for WAFFLE

License:

MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-demo/waffle-spring-form/pom.xml

Referenced In Project/Scope: waffle-distro
com.github.waffle.demo:waffle-spring-form:3.3.1-SNAPSHOT is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT

Identifiers

com.github.waffle:waffle-jetty:3.3.1-SNAPSHOT

Description:

Jetty integration for WAFFLE

License:

MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-jetty/pom.xml

Referenced In Project/Scope: waffle-distro
com.github.waffle:waffle-jetty:3.3.1-SNAPSHOT is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT

Identifiers

com.github.waffle:waffle-jna-jakarta:3.3.1-SNAPSHOT

Description:

WAFFLE JNA Jakarta Pakage implementation

License:

MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-jna-jakarta/pom.xml

Referenced In Project/Scope: waffle-distro
com.github.waffle:waffle-jna-jakarta:3.3.1-SNAPSHOT is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT

Identifiers

com.github.waffle:waffle-jna:3.3.1-SNAPSHOT

Description:

WAFFLE JNA implementation

License:

MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-jna/pom.xml

Referenced In Project/Scope: waffle-distro
com.github.waffle:waffle-jna:3.3.1-SNAPSHOT is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT

Identifiers

com.github.waffle:waffle-shiro:3.3.1-SNAPSHOT

Description:

Shiro integration for WAFFLE

License:

MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-shiro/pom.xml

Referenced In Project/Scope: waffle-distro
com.github.waffle:waffle-shiro:3.3.1-SNAPSHOT is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT

Identifiers

com.github.waffle:waffle-spring-boot-autoconfigure2:3.3.1-SNAPSHOT

Description:

Spring Boot Autoconfigure for WAFFLE

License:

MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-spring-boot2/waffle-spring-boot-autoconfigure2/pom.xml

Referenced In Project/Scope: waffle-distro
com.github.waffle:waffle-spring-boot-autoconfigure2:3.3.1-SNAPSHOT is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT

Identifiers

com.github.waffle:waffle-spring-boot-autoconfigure3:3.3.1-SNAPSHOT

Description:

Spring Boot Autoconfigure for WAFFLE

License:

MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-spring-boot3/waffle-spring-boot-autoconfigure3/pom.xml

Referenced In Project/Scope: waffle-distro
com.github.waffle:waffle-spring-boot-autoconfigure3:3.3.1-SNAPSHOT is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT

Identifiers

com.github.waffle:waffle-spring-boot-starter2:3.3.1-SNAPSHOT

Description:

Spring Boot Starter for WAFFLE

License:

MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-spring-boot2/waffle-spring-boot-starter2/pom.xml

Referenced In Project/Scope: waffle-distro
com.github.waffle:waffle-spring-boot-starter2:3.3.1-SNAPSHOT is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT

Identifiers

com.github.waffle:waffle-spring-boot-starter3:3.3.1-SNAPSHOT

Description:

Spring Boot Starter for WAFFLE

License:

MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-spring-boot3/waffle-spring-boot-starter3/pom.xml

Referenced In Project/Scope: waffle-distro
com.github.waffle:waffle-spring-boot-starter3:3.3.1-SNAPSHOT is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT

Identifiers

com.github.waffle:waffle-spring-security5:3.3.1-SNAPSHOT

Description:

Spring Security 5 integration for WAFFLE

License:

MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-spring-security5/pom.xml

Referenced In Project/Scope: waffle-distro
com.github.waffle:waffle-spring-security5:3.3.1-SNAPSHOT is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT

Identifiers

com.github.waffle:waffle-spring-security6:3.3.1-SNAPSHOT

Description:

Spring Security 6 integration for WAFFLE

License:

MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-spring-security6/pom.xml

Referenced In Project/Scope: waffle-distro
com.github.waffle:waffle-spring-security6:3.3.1-SNAPSHOT is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT

Identifiers

com.github.waffle:waffle-tomcat10:3.3.1-SNAPSHOT

Description:

Tomcat 10 integration for WAFFLE

License:

MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-tomcat10/pom.xml

Referenced In Project/Scope: waffle-distro
com.github.waffle:waffle-tomcat10:3.3.1-SNAPSHOT is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT

Identifiers

com.github.waffle:waffle-tomcat85:3.3.1-SNAPSHOT

Description:

Tomcat 8.5 integration for WAFFLE

License:

MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-tomcat85/pom.xml

Referenced In Project/Scope: waffle-distro
com.github.waffle:waffle-tomcat85:3.3.1-SNAPSHOT is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT

Identifiers

com.github.waffle:waffle-tomcat9:3.3.1-SNAPSHOT

Description:

Tomcat 9 integration for WAFFLE

License:

MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-tomcat9/pom.xml

Referenced In Project/Scope: waffle-distro
com.github.waffle:waffle-tomcat9:3.3.1-SNAPSHOT is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT

Identifiers

error_prone_annotations-2.24.1.jar

Description:

Error Prone is a static analysis tool for Java that catches common programming mistakes at compile-time.

License:

Apache 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/google/errorprone/error_prone_annotations/2.24.1/error_prone_annotations-2.24.1.jar
MD5: 345bbebec9b3c68d2638c0f6809436dc
SHA1: 32b299e45105aa9b0df8279c74dc1edfcf313ff0
SHA256:19fe2f7155d20ea093168527999da98108103ee546d1e8b726bc4b27c31a3c30
Referenced In Project/Scope: waffle-distro:provided
error_prone_annotations-2.24.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT

Identifiers

j2objc-annotations-2.8.jar

Description:

    A set of annotations that provide additional information to the J2ObjC
    translator to modify the result of translation.
  

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/google/j2objc/j2objc-annotations/2.8/j2objc-annotations-2.8.jar
MD5: c50af69b704dc91050efb98e0dff66d1
SHA1: c85270e307e7b822f1086b93689124b89768e273
SHA256:f02a95fa1a5e95edb3ed859fd0fb7df709d121a35290eff8b74dce2ab7f4d6ed
Referenced In Project/Scope: waffle-distro:provided
j2objc-annotations-2.8.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT

Identifiers

jackson-core-2.13.5.jar

Description:

Core Jackson processing abstractions (aka Streaming API), implementation for JSON

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.13.5/jackson-core-2.13.5.jar
MD5: 2272453c780d1383ecd2efde00c1a7a9
SHA1: 0d07c97d3de9ea658caf1ff1809fd9de930a286a
SHA256:48f36a025311d0464ad8dda4512a20c79e279a9550f63f3179d731d94482474b
Referenced In Project/Scope: waffle-distro:runtime
jackson-core-2.13.5.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle.demo/waffle-spring-boot-filter2@3.3.1-SNAPSHOT

Identifiers

jackson-databind-2.13.5.jar

Description:

General data-binding functionality for Jackson: works on core streaming API

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.13.5/jackson-databind-2.13.5.jar
MD5: 1dbb98839964a6967a428d868b2d8714
SHA1: aa95e46dbc32454f3983221d420e78ef19ddf844
SHA256:5fedb24b2356491815d18267f65da9a21dd67413345ad7795f221afa25c78984
Referenced In Project/Scope: waffle-distro:runtime
jackson-databind-2.13.5.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle.demo/waffle-spring-boot-filter2@3.3.1-SNAPSHOT

Identifiers

CVE-2023-35116  

jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor's perspective is that this is not a valid vulnerability report, because the steps of constructing a cyclic data structure and trying to serialize it cannot be achieved by an external attacker.
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv3:
  • Base Score: MEDIUM (4.7)
  • Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:1.0/RC:R/MAV:A

References:

Vulnerable Software & Versions:

jakarta.annotation-api-1.3.5.jar

Description:

Jakarta Annotations API

License:

EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html
File Path: /home/runner/.m2/repository/jakarta/annotation/jakarta.annotation-api/1.3.5/jakarta.annotation-api-1.3.5.jar
MD5: 8b165cf58df5f8c2a222f637c0a07c97
SHA1: 59eb84ee0d616332ff44aba065f3888cf002cd2d
SHA256:85fb03fc054cdf4efca8efd9b6712bbb418e1ab98241c4539c8585bbc23e1b8a
Referenced In Project/Scope: waffle-distro:runtime
jakarta.annotation-api-1.3.5.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-spring-boot-starter2@3.3.1-SNAPSHOT

Identifiers

jcl-over-slf4j-2.0.11.jar

Description:

JCL 1.2 implemented over SLF4J

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/slf4j/jcl-over-slf4j/2.0.11/jcl-over-slf4j-2.0.11.jar
MD5: 7ad2cbcec0efd8cfc8f3a6dfacfc5829
SHA1: f6226edb8c85f8c9f1f75ec4b0252c02f589478a
SHA256:55e96f9830d732c81f0709e9090f308798381be7dc5aa67dd423c02831b5b4bb
Referenced In Project/Scope: waffle-distro:compile
jcl-over-slf4j-2.0.11.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT

Identifiers

jna-5.14.0.jar

Description:

Java Native Access

License:

LGPL-2.1-or-later: https://www.gnu.org/licenses/old-licenses/lgpl-2.1
Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/net/java/dev/jna/jna/5.14.0/jna-5.14.0.jar
MD5: 8b3cc652920435ad9f801e6d9b2a3497
SHA1: 67bf3eaea4f0718cb376a181a629e5f88fa1c9dd
SHA256:34ed1e1f27fa896bca50dbc4e99cf3732967cec387a7a0d5e3486c09673fe8c6
Referenced In Project/Scope: waffle-distro:compile
jna-5.14.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT

Identifiers

jna-5.14.0.jar: jnidispatch.dll

File Path: /home/runner/.m2/repository/net/java/dev/jna/jna/5.14.0/jna-5.14.0.jar/com/sun/jna/win32-aarch64/jnidispatch.dll
MD5: f6bef568e690d361a5dcc165f5ad4b1f
SHA1: 05638a4aaafa689a6c246530823afdc18d3fd438
SHA256:b9d1479b9619b7ece4a36b6ae31365ffaf15a1355d4f6da02f8b5f09df2fa82f
Referenced In Project/Scope: waffle-distro:compile

Identifiers

  • None

jna-5.14.0.jar: jnidispatch.dll

File Path: /home/runner/.m2/repository/net/java/dev/jna/jna/5.14.0/jna-5.14.0.jar/com/sun/jna/win32-x86-64/jnidispatch.dll
MD5: 719d6ba1946c25aa61ce82f90d77ffd5
SHA1: 94d2191378cac5719daecc826fc116816284c406
SHA256:69c45175ecfd25af023f96ac0bb2c45e6a95e3ba8a5a50ee7969ccab14825c44
Referenced In Project/Scope: waffle-distro:compile

Identifiers

  • None

jna-5.14.0.jar: jnidispatch.dll

File Path: /home/runner/.m2/repository/net/java/dev/jna/jna/5.14.0/jna-5.14.0.jar/com/sun/jna/win32-x86/jnidispatch.dll
MD5: e15183ef9c6c255b76fda73d01ca7ecb
SHA1: f816f998c43204230d9ea3eecffb5f8372a32c2e
SHA256:38650a0612730c52580c9f32ff766b44b1c5a426d52e7dd7a53687bf3389ac2c
Referenced In Project/Scope: waffle-distro:compile

Identifiers

  • None

jna-platform-5.14.0.jar

Description:

Java Native Access Platform

License:

LGPL-2.1-or-later: https://www.gnu.org/licenses/old-licenses/lgpl-2.1
Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/net/java/dev/jna/jna-platform/5.14.0/jna-platform-5.14.0.jar
MD5: 3bc3f09a698e6ad250dd093f64fbb8a7
SHA1: 28934d48aed814f11e4c584da55c49fa7032b31b
SHA256:ae4caceb3840730c2537f9b7fb55a01baba580286b4122951488bcee558c2449
Referenced In Project/Scope: waffle-distro:compile
jna-platform-5.14.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT

Identifiers

jsr305-3.0.2.jar

Description:

JSR305 Annotations for Findbugs

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar
MD5: dd83accb899363c32b07d7a1b2e4ce40
SHA1: 25ea2e8b0c338a877313bd4672d3fe056ea78f0d
SHA256:766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7
Referenced In Project/Scope: waffle-distro:provided
jsr305-3.0.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.3

Identifiers

jul-to-slf4j-1.7.36.jar

Description:

JUL to SLF4J bridge

File Path: /home/runner/.m2/repository/org/slf4j/jul-to-slf4j/1.7.36/jul-to-slf4j-1.7.36.jar
MD5: 2a3fe73e6cafe8f102facaf2dd65353f
SHA1: ed46d81cef9c412a88caef405b58f93a678ff2ca
SHA256:9e641fb142c5f0b0623d6222c09ea87523a41bf6bed48ac79940724010b989de
Referenced In Project/Scope: waffle-distro:runtime
jul-to-slf4j-1.7.36.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-spring-boot-starter2@3.3.1-SNAPSHOT

Identifiers

log4j-api-2.22.1.jar

Description:

The Apache Log4j API

License:

Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/apache/logging/log4j/log4j-api/2.22.1/log4j-api-2.22.1.jar
MD5: 27db0eb89ae965179480df00d8d1cf03
SHA1: bea6fede6328fabafd7e68363161a7ea6605abd1
SHA256:5d7beae7ff15d8516d6517121d7f12a79a6ac180df64b5fcec55d5be21056e53
Referenced In Project/Scope: waffle-distro:runtime
log4j-api-2.22.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-spring-boot-starter2@3.3.1-SNAPSHOT

Identifiers

log4j-to-slf4j-2.22.1.jar

Description:

The Apache Log4j binding between Log4j 2 API and SLF4J.

License:

Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/apache/logging/log4j/log4j-to-slf4j/2.22.1/log4j-to-slf4j-2.22.1.jar
MD5: 47f93f1b408eb462ca4d16b4797ed87e
SHA1: b5e67b6acac768bfec1d1d6991504f45453abcad
SHA256:85a84842958e58dd8a89a3acf901a64b774704ce1511ece9f8eef70724884f92
Referenced In Project/Scope: waffle-distro:runtime
log4j-to-slf4j-2.22.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-spring-boot-starter2@3.3.1-SNAPSHOT

Identifiers

logback-core-1.4.14.jar

Description:

logback-core module

License:

http://www.eclipse.org/legal/epl-v10.html, http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html
File Path: /home/runner/.m2/repository/ch/qos/logback/logback-core/1.4.14/logback-core-1.4.14.jar
MD5: 7367629d307fa3d0b82d76b9d3f1d09a
SHA1: 4d3c2248219ac0effeb380ed4c5280a80bf395e8
SHA256:f8c2f05f42530b1852739507c1792f0080167850ed8f396444c6913d6617a293
Referenced In Project/Scope: waffle-distro:runtime
logback-core-1.4.14.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT

Identifiers

slf4j-api-2.0.11.jar

Description:

The slf4j API

License:

http://www.opensource.org/licenses/mit-license.php
File Path: /home/runner/.m2/repository/org/slf4j/slf4j-api/2.0.11/slf4j-api-2.0.11.jar
MD5: 90c46a2d4613049843c804867321e6a7
SHA1: ad96c3f8cf895e696dd35c2bc8e8ebe710be9e6d
SHA256:ce0e71d673acb9036bb55d0244b261cf033f8e4c1245f14f931dfb1937dd4c95
Referenced In Project/Scope: waffle-distro:compile
slf4j-api-2.0.11.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT

Identifiers

snakeyaml-1.30.jar

Description:

YAML 1.1 parser and emitter for Java

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar
MD5: ba063b8ef3a8bfd591a1b56451166b14
SHA1: 8fde7fe2586328ac3c68db92045e1c8759125000
SHA256:f43a4e40a946b8cdfd0321bc1c9a839bc3f119c57e4ca84fb87c367f51c8b2b3
Referenced In Project/Scope: waffle-distro:runtime
snakeyaml-1.30.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-spring-boot-starter2@3.3.1-SNAPSHOT

Identifiers

CVE-2022-1471  

SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization.��Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization. We recommend upgrading to version 2.0 and beyond.
CWE-502 Deserialization of Untrusted Data, CWE-20 Improper Input Validation

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions:

CVE-2022-25857  

The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.
CWE-776 Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions:

CVE-2022-38749  

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.
CWE-787 Out-of-bounds Write, CWE-121 Stack-based Buffer Overflow

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions:

CVE-2022-38751  

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.
CWE-787 Out-of-bounds Write, CWE-121 Stack-based Buffer Overflow

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions:

CVE-2022-38752  

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.
CWE-787 Out-of-bounds Write, CWE-121 Stack-based Buffer Overflow

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions:

CVE-2022-41854  

Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.
CWE-787 Out-of-bounds Write, CWE-121 Stack-based Buffer Overflow

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions:

CVE-2022-38750  

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.
CWE-787 Out-of-bounds Write, CWE-121 Stack-based Buffer Overflow

CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A

References:

Vulnerable Software & Versions:

spotbugs-annotations-4.8.3.jar

Description:

Annotations the SpotBugs tool supports

License:

GNU LESSER GENERAL PUBLIC LICENSE, Version 2.1: https://www.gnu.org/licenses/old-licenses/lgpl-2.1.en.html
File Path: /home/runner/.m2/repository/com/github/spotbugs/spotbugs-annotations/4.8.3/spotbugs-annotations-4.8.3.jar
MD5: cd5917b77643c3a7ba5420aea78f940c
SHA1: 05d2dc4ca5b632976371155252499819aea372ed
SHA256:e5d4f60be8e57595766ba7f1d4535dc46aebf98dae05e16372a4d4120d3ebb6b
Referenced In Project/Scope: waffle-distro:provided
spotbugs-annotations-4.8.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-distro@3.3.1-SNAPSHOT

Identifiers

spring-boot-2.7.18.jar

Description:

Spring Boot

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /home/runner/.m2/repository/org/springframework/boot/spring-boot/2.7.18/spring-boot-2.7.18.jar
MD5: 0941c83c25204150f8bd73ae66c63fd1
SHA1: f6dbdd8da7c2bded63dff9b1f48d01a4923f20a0
SHA256:530f4e0fdfeb3a0e2b3a369d15cdea38fbdc1696f8b030c35a6ad65c27524950
Referenced In Project/Scope: waffle-distro:runtime
spring-boot-2.7.18.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-spring-boot-autoconfigure2@3.3.1-SNAPSHOT

Identifiers

spring-boot-starter-web-2.7.18.jar

Description:

Starter for building web, including RESTful, applications using Spring MVC. Uses Tomcat as the default embedded container

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /home/runner/.m2/repository/org/springframework/boot/spring-boot-starter-web/2.7.18/spring-boot-starter-web-2.7.18.jar
MD5: e0bfe77aa7415f3b86d70d41cf425ccd
SHA1: 0dd62ea85098187b4604e78dc15a7ff87dba173d
SHA256:a74fab5f826b600e3c3f4cd7028c5c982b0bf1b849673629cbb758ae790a4c08
Referenced In Project/Scope: waffle-distro:runtime
spring-boot-starter-web-2.7.18.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle.demo/waffle-spring-boot-filter2@3.3.1-SNAPSHOT

Identifiers

spring-core-5.3.31.jar

Description:

Spring Core

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /home/runner/.m2/repository/org/springframework/spring-core/5.3.31/spring-core-5.3.31.jar
MD5: a9ef5a29eaa89fe909a0c4ed870d90a1
SHA1: 368e76f732a3c331b970f69cafec1525d27b34d3
SHA256:7013ed3da15a8d4be797f5c310f9aa1b196b97f2313bc41e60ef3f5627224fe9
Referenced In Project/Scope: waffle-distro:runtime
spring-core-5.3.31.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT

Identifiers

spring-security-core-5.8.9.jar

Description:

Spring Security

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /home/runner/.m2/repository/org/springframework/security/spring-security-core/5.8.9/spring-security-core-5.8.9.jar
MD5: e1305efeecf85494a57af55a4381c94b
SHA1: c9e12dfc323b313cf1c75d89af65d408debce306
SHA256:28af3791e44421b944053a4b17678b60f69bce2ed4cf1e502f86e3d5fb563f4f
Referenced In Project/Scope: waffle-distro:runtime
spring-security-core-5.8.9.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT

Identifiers

spring-security-crypto-5.8.9.jar

Description:

Spring Security

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /home/runner/.m2/repository/org/springframework/security/spring-security-crypto/5.8.9/spring-security-crypto-5.8.9.jar
MD5: df0a5bacd5a2a65d432a165300482c61
SHA1: 62aa602e4f5ca8f9032ce8288a45d5b4010bb756
SHA256:f688df565d4afbb7554a72b0a17fba501b30cd74470a79eec2a6985ef9619691
Referenced In Project/Scope: waffle-distro:runtime
spring-security-crypto-5.8.9.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT

Identifiers

CVE-2020-5408 (OSSINDEX)  

Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor. A malicious user with access to the data that has been encrypted using such an encryptor may be able to derive the unencrypted values using a dictionary attack.

Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2020-5408 for details
CWE-330 Use of Insufficiently Random Values

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.springframework.security:spring-security-crypto:5.8.9:*:*:*:*:*:*:*

spring-security-web-5.8.9.jar

Description:

Spring Security

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /home/runner/.m2/repository/org/springframework/security/spring-security-web/5.8.9/spring-security-web-5.8.9.jar
MD5: 0f798cd04b98bd63b0ef16a3658e2623
SHA1: 241ebc4e7e14c56550ca58694d572fe11e103f59
SHA256:91ba2f3bde1a07c1d33e5146aa9fbffeb43cbd5ab480db6fa8e84812a9e960ca
Referenced In Project/Scope: waffle-distro:runtime
spring-security-web-5.8.9.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT

Identifiers

spring-web-5.3.31.jar

Description:

Spring Web

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /home/runner/.m2/repository/org/springframework/spring-web/5.3.31/spring-web-5.3.31.jar
MD5: 4bef28044f222933ea2e45818c7f96a1
SHA1: 3bf73c385a1f2f4a0d482149d6a205e854cec497
SHA256:7b7b4db19acc8c0cdb0dea93a3aa4b1b706db4bcc7b77f677a0c56e86d379ac7
Referenced In Project/Scope: waffle-distro:runtime
spring-web-5.3.31.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT

Identifiers

CVE-2016-1000027  

Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's position is that untrusted data is not an intended use case. The product's behavior will not be changed because some users rely on deserialization of trusted data.
CWE-502 Deserialization of Untrusted Data

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions:

spring-webmvc-5.3.31.jar

Description:

Spring Web MVC

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /home/runner/.m2/repository/org/springframework/spring-webmvc/5.3.31/spring-webmvc-5.3.31.jar
MD5: 7401b647e906d3853ad02b62496cfadf
SHA1: 45754d056effe8257a012f6b98ed5454cf1e8960
SHA256:29c1b96c424dcb637fec2d1e6493b088d977e748a56da7f34e6a7c3c39d18c74
Referenced In Project/Scope: waffle-distro:runtime
spring-webmvc-5.3.31.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle.demo/waffle-spring-boot-filter2@3.3.1-SNAPSHOT

Identifiers

tomcat-embed-core-9.0.83.jar

Description:

Core Tomcat implementation

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/apache/tomcat/embed/tomcat-embed-core/9.0.83/tomcat-embed-core-9.0.83.jar
MD5: d4e2068023fe800fd22a9fe2529c290b
SHA1: d771e4343b0515c67dab2a09fe02f5d47550153f
SHA256:4ed404d5dea8652846f3c52c094764c2ec018f28a3561f1d27df700f7aa5b376
Referenced In Project/Scope: waffle-distro:runtime
tomcat-embed-core-9.0.83.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle.demo/waffle-spring-boot-filter2@3.3.1-SNAPSHOT

Identifiers

tomcat-embed-el-9.0.83.jar

Description:

Core Tomcat implementation

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/apache/tomcat/embed/tomcat-embed-el/9.0.83/tomcat-embed-el-9.0.83.jar
MD5: eabd7f3ade6cb0cf36f7b238897b8f1d
SHA1: b0cdada70099c25f45fceb48e1ebce60d138a5ce
SHA256:a82c4cf8cf9e88d6891cbb4cbcb9f85f788e147c464cbeba15a2c83276f3344c
Referenced In Project/Scope: waffle-distro:runtime
tomcat-embed-el-9.0.83.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle.demo/waffle-spring-boot-filter2@3.3.1-SNAPSHOT

Identifiers



This report contains data retrieved from the National Vulnerability Database.
This report may contain data retrieved from the CISA Known Exploited Vulnerability Catalog.
This report may contain data retrieved from the Github Advisory Database (via NPM Audit API).
This report may contain data retrieved from RetireJS.
This report may contain data retrieved from the Sonatype OSS Index.