Press CTR-C to copy XML [help]


Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

How to read the report | Suppressing false positives | Getting Help: github issues

 Sponsor

Project: waffle-jetty-jakarta

com.github.waffle:waffle-jetty-jakarta:3.5.2-SNAPSHOT

Scan Information (show all):

Summary

Display: Showing Vulnerable Dependencies (click to show all)

DependencyVulnerability IDsPackageHighest SeverityCVE CountConfidenceEvidence Count
ant-1.10.8.jarcpe:2.3:a:apache:ant:1.10.8:*:*:*:*:*:*:*pkg:maven/org.apache.ant/ant@1.10.8HIGH3Highest24
asm-9.7.1.jarpkg:maven/org.ow2.asm/asm@9.7.1 054
asm-commons-9.7.1.jarpkg:maven/org.ow2.asm/asm-commons@9.7.1 058
asm-tree-9.7.1.jarpkg:maven/org.ow2.asm/asm-tree@9.7.1 058
byte-buddy-1.15.11.jarpkg:maven/net.bytebuddy/byte-buddy@1.15.11 029
byte-buddy-agent-1.15.11.jarpkg:maven/net.bytebuddy/byte-buddy-agent@1.15.11 033
byte-buddy-agent-1.15.11.jar: attach_hotspot_windows.dll 02
byte-buddy-agent-1.15.11.jar: attach_hotspot_windows.dll 02
caffeine-3.1.8.jarpkg:maven/com.github.ben-manes.caffeine/caffeine@3.1.8 037
checker-qual-3.48.3.jarpkg:maven/org.checkerframework/checker-qual@3.48.3 044
com.github.waffle:waffle-jna-jakarta:3.5.2-SNAPSHOTpkg:maven/com.github.waffle/waffle-jna-jakarta@3.5.2-SNAPSHOT 06
ecj-3.40.0.jarpkg:maven/org.eclipse.jdt/ecj@3.40.0 036
error_prone_annotations-2.36.0.jarpkg:maven/com.google.errorprone/error_prone_annotations@2.36.0 029
expressly-5.0.0.jarpkg:maven/org.glassfish.expressly/expressly@5.0.0 045
j2objc-annotations-3.0.0.jarpkg:maven/com.google.j2objc/j2objc-annotations@3.0.0 033
jakarta.annotation-api-3.0.0.jarcpe:2.3:a:oracle:projects:3.0.0:*:*:*:*:*:*:*pkg:maven/jakarta.annotation/jakarta.annotation-api@3.0.0 0Low42
jakarta.el-api-6.0.1.jarcpe:2.3:a:eclipse:jakarta_expression_language:6.0.1:*:*:*:*:*:*:*pkg:maven/jakarta.el/jakarta.el-api@6.0.1 0Low45
jakarta.servlet-api-6.0.0.jarcpe:2.3:a:oracle:projects:6.0.0:*:*:*:*:*:*:*pkg:maven/jakarta.servlet/jakarta.servlet-api@6.0.0 0Low44
jakarta.servlet.jsp-3.0.0.jarcpe:2.3:a:web_project:web:3.0.0:*:*:*:*:*:*:*pkg:maven/org.glassfish.web/jakarta.servlet.jsp@3.0.0 0Highest47
jakarta.servlet.jsp-api-4.0.0.jarpkg:maven/jakarta.servlet.jsp/jakarta.servlet.jsp-api@4.0.0 045
jakarta.servlet.jsp.jstl-3.0.1.jarcpe:2.3:a:web_project:web:3.0.1:*:*:*:*:*:*:*pkg:maven/org.glassfish.web/jakarta.servlet.jsp.jstl@3.0.1 0Highest47
jcl-over-slf4j-2.0.16.jarpkg:maven/org.slf4j/jcl-over-slf4j@2.0.16 031
jdtcore-3.1.0.jarcpe:2.3:a:eclipse:org.eclipse.core.runtime:3.1.0:*:*:*:*:*:*:*pkg:maven/eclipse/jdtcore@3.1.0MEDIUM1Low27
jdtcore-3.1.0.jar: jdtCompilerAdapter.jar 07
jetty-ee-12.0.16.jarcpe:2.3:a:eclipse:jetty:12.0.16:*:*:*:*:*:*:*
cpe:2.3:a:jetty:jetty:12.0.16:*:*:*:*:*:*:*
cpe:2.3:a:mortbay_jetty:jetty:12.0.16:*:*:*:*:*:*:*		pkg:maven/org.eclipse.jetty/jetty-ee@12.0.16 0Highest33
jetty-server-12.0.16.jarcpe:2.3:a:eclipse:jetty:12.0.16:*:*:*:*:*:*:*
cpe:2.3:a:jetty:jetty:12.0.16:*:*:*:*:*:*:*
cpe:2.3:a:jetty:jetty_http_server:12.0.16:*:*:*:*:*:*:*
cpe:2.3:a:mortbay_jetty:jetty:12.0.16:*:*:*:*:*:*:*		pkg:maven/org.eclipse.jetty/jetty-server@12.0.16 0Highest33
jna-5.16.0.jarcpe:2.3:a:oracle:java_se:5.16.0:*:*:*:*:*:*:*pkg:maven/net.java.dev.jna/jna@5.16.0 0Low48
jna-5.16.0.jar: jnidispatch.dll 02
jna-5.16.0.jar: jnidispatch.dll 02
jna-5.16.0.jar: jnidispatch.dll 02
jna-platform-5.16.0.jarpkg:maven/net.java.dev.jna/jna-platform@5.16.0 044
jsr305-3.0.2.jarpkg:maven/com.google.code.findbugs/jsr305@3.0.2 017
slf4j-api-2.0.16.jarpkg:maven/org.slf4j/slf4j-api@2.0.16 029
spotbugs-annotations-4.8.6.jarpkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.6 053

Dependencies (vulnerable)

ant-1.10.8.jar

File Path: /home/runner/.m2/repository/org/apache/ant/ant/1.10.8/ant-1.10.8.jar
MD5: 4492182f592ad9779a5de60e3f0ea3c4
SHA1: ae148abb0532b685c5eeb22fdec9d124e89be5de
SHA256:b96b46fd2b4b00e42684c3085b0d16dde975e7b8e64822b0bf52edf5fd387d8d
Referenced In Project/Scope: waffle-jetty-jakarta:provided
ant-1.10.8.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.glassfish.web/jakarta.servlet.jsp@3.0.0

Identifiers

CVE-2020-11979  

As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process.
CWE-379 Creation of Temporary File in Directory with Insecure Permissions, NVD-CWE-Other

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2021-36373  

When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Apache Ant prior to 1.9.16 and 1.10.11 were affected.
CWE-130 Improper Handling of Length Parameter Inconsistency, NVD-CWE-Other

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2021-36374  

When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Commonly used derived formats from ZIP archives are for instance JAR files and many office files. Apache Ant prior to 1.9.16 and 1.10.11 were affected.
CWE-130 Improper Handling of Length Parameter Inconsistency, NVD-CWE-Other

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

asm-9.7.1.jar

Description:

ASM, a very small and fast Java bytecode manipulation framework

License:

BSD-3-Clause: https://asm.ow2.io/license.html
File Path: /home/runner/.m2/repository/org/ow2/asm/asm/9.7.1/asm-9.7.1.jar
MD5: e2cdd32d198ad31427d298eee9d39d8d
SHA1: f0ed132a49244b042cd0e15702ab9f2ce3cc8436
SHA256:8cadd43ac5eb6d09de05faecca38b917a040bb9139c7edeb4cc81c740b713281
Referenced In Project/Scope: waffle-jetty-jakarta:provided
asm-9.7.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.ow2.asm/asm-commons@9.7.1

Identifiers

asm-commons-9.7.1.jar

Description:

Usefull class adapters based on ASM, a very small and fast Java bytecode manipulation framework

License:

BSD-3-Clause: https://asm.ow2.io/license.html
File Path: /home/runner/.m2/repository/org/ow2/asm/asm-commons/9.7.1/asm-commons-9.7.1.jar
MD5: 8344aea3c8b7d707e9d35a62710e77c9
SHA1: 406c6a2225cfe1819f102a161e54cc16a5c24f75
SHA256:9a579b54d292ad9be171d4313fd4739c635592c2b5ac3a459bbd1049cddec6a0
Referenced In Project/Scope: waffle-jetty-jakarta:provided
asm-commons-9.7.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-jetty-jakarta@3.5.2-SNAPSHOT

Identifiers

asm-tree-9.7.1.jar

Description:

Tree API of ASM, a very small and fast Java bytecode manipulation framework

License:

BSD-3-Clause: https://asm.ow2.io/license.html
File Path: /home/runner/.m2/repository/org/ow2/asm/asm-tree/9.7.1/asm-tree-9.7.1.jar
MD5: e85029f613b6469989cc7cf53fe06b74
SHA1: 3a53139787663b139de76b627fca0084ab60d32c
SHA256:9929881f59eb6b840e86d54570c77b59ce721d104e6dfd7a40978991c2d3b41f
Referenced In Project/Scope: waffle-jetty-jakarta:provided
asm-tree-9.7.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.ow2.asm/asm-commons@9.7.1

Identifiers

byte-buddy-1.15.11.jar

Description:

        Byte Buddy is a Java library for creating Java classes at run time.
        This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/net/bytebuddy/byte-buddy/1.15.11/byte-buddy-1.15.11.jar
MD5: 603bc53c7a294f23765bfb7e1820ad44
SHA1: f61886478e0f9ee4c21d09574736f0ff45e0a46c
SHA256:fa08998aae1e7bdae83bde0712c50e8444d71c0e0c196bb2247ade8d4ad0eb90
Referenced In Project/Scope: waffle-jetty-jakarta:compile
byte-buddy-1.15.11.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-jetty-jakarta@3.5.2-SNAPSHOT

Identifiers

byte-buddy-agent-1.15.11.jar

Description:

The Byte Buddy agent offers convenience for attaching an agent to the local or a remote VM.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/net/bytebuddy/byte-buddy-agent/1.15.11/byte-buddy-agent-1.15.11.jar
MD5: 449a1534609bf3535d74cbb10b4ed074
SHA1: a38b16385e867f59a641330f0362ebe742788ed8
SHA256:316d2c0795c2a4d4c4756f2e6f9349837c7430ac34e0477ead874d05f5cc19e5
Referenced In Project/Scope: waffle-jetty-jakarta:compile
byte-buddy-agent-1.15.11.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-jetty-jakarta@3.5.2-SNAPSHOT

Identifiers

byte-buddy-agent-1.15.11.jar: attach_hotspot_windows.dll

File Path: /home/runner/.m2/repository/net/bytebuddy/byte-buddy-agent/1.15.11/byte-buddy-agent-1.15.11.jar/win32-x86-64/attach_hotspot_windows.dll
MD5: 053a783e5777c6a9867c27d51af89677
SHA1: 5ef4d98ae6a033a5707d0b5466e6138beb337e76
SHA256:16d424423f9b09accf132ad35dbeaa52ac9f6bd45bba1406b89df851f651db20
Referenced In Project/Scope: waffle-jetty-jakarta:compile

Identifiers

  • None

byte-buddy-agent-1.15.11.jar: attach_hotspot_windows.dll

File Path: /home/runner/.m2/repository/net/bytebuddy/byte-buddy-agent/1.15.11/byte-buddy-agent-1.15.11.jar/win32-x86/attach_hotspot_windows.dll
MD5: fbca33102ac97be0ed496c0f78e466b3
SHA1: c4df05146a86a6d073769bb697d550ef42518ed5
SHA256:810f94c4a2f5ca1a072c19859f7954fed9aa3a1dcb0d601e92d2338793202e72
Referenced In Project/Scope: waffle-jetty-jakarta:compile

Identifiers

  • None

caffeine-3.1.8.jar

Description:

A high performance caching library

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/github/ben-manes/caffeine/caffeine/3.1.8/caffeine-3.1.8.jar
MD5: b19301179903e8781776397d9923f7c8
SHA1: 24795585df8afaf70a2cd534786904ea5889c047
SHA256:7dd15f9df1be238ffaa367ce6f556737a88031de4294dad18eef57c474ddf1d3
Referenced In Project/Scope: waffle-jetty-jakarta:compile
caffeine-3.1.8.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-jna-jakarta@3.5.2-SNAPSHOT

Identifiers

checker-qual-3.48.3.jar

Description:

checker-qual contains annotations (type qualifiers) that a programmerwrites to specify Java code for type-checking by the Checker Framework.

License:

The MIT License: http://opensource.org/licenses/MIT
File Path: /home/runner/.m2/repository/org/checkerframework/checker-qual/3.48.3/checker-qual-3.48.3.jar
MD5: 9fe3deae54d20bd78960459c952ac7d4
SHA1: c48effe7d78de3cf5e8a98c614281ec6a2466a77
SHA256:443685b1b232803baaf803c15d6f5a425473c6f7b81c5f276dfcf93288e389a5
Referenced In Project/Scope: waffle-jetty-jakarta:compile
checker-qual-3.48.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-jna-jakarta@3.5.2-SNAPSHOT

Identifiers

com.github.waffle:waffle-jna-jakarta:3.5.2-SNAPSHOT

Description:

WAFFLE JNA Jakarta Pakage implementation

License:

MIT https://raw.github.com/Waffle/waffle/master/LICENSE
File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-jna-jakarta/pom.xml

Referenced In Project/Scope: waffle-jetty-jakarta
com.github.waffle:waffle-jna-jakarta:3.5.2-SNAPSHOT is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-jetty-jakarta@3.5.2-SNAPSHOT

Identifiers

ecj-3.40.0.jar

Description:

Eclipse Compiler for Java(TM)

License:

Eclipse Public License - v 2.0: https://www.eclipse.org/legal/epl-2.0/
File Path: /home/runner/.m2/repository/org/eclipse/jdt/ecj/3.40.0/ecj-3.40.0.jar
MD5: 046151f4aec1539222b2d87b0ce1b3b9
SHA1: 5c26f6a20278196f8038a284d885c3796cd7d422
SHA256:05cc22a24e7982970f63a405fc6c820bc80b806f27f3c5a6236fc475f8f7152b
Referenced In Project/Scope: waffle-jetty-jakarta:provided
ecj-3.40.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-jetty-jakarta@3.5.2-SNAPSHOT

Identifiers

error_prone_annotations-2.36.0.jar

Description:

Error Prone is a static analysis tool for Java that catches common programming mistakes at compile-time.

License:

Apache 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/google/errorprone/error_prone_annotations/2.36.0/error_prone_annotations-2.36.0.jar
MD5: 0e48e5ba2cd0a8d8d09bad849b99f6a6
SHA1: 227d4d4957ccc3dc5761bd897e3a0ee587e750a7
SHA256:77440e270b0bc9a249903c5a076c36a722c4886ca4f42675f2903a1c53ed61a5
Referenced In Project/Scope: waffle-jetty-jakarta:provided
error_prone_annotations-2.36.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-jetty-jakarta@3.5.2-SNAPSHOT

Identifiers

expressly-5.0.0.jar

Description:

Jakarta Expression Language Implementation

License:

https://www.eclipse.org/org/documents/epl-2.0/EPL-2.0.txt, https://www.gnu.org/software/classpath/license.html
File Path: /home/runner/.m2/repository/org/glassfish/expressly/expressly/5.0.0/expressly-5.0.0.jar
MD5: d4448c69fe69ebca37b2c76e62e385c3
SHA1: 78637fec7db6414c3ad32f3aa9e5d6610a299e5b
SHA256:b0c872737bb8381921b304d0952854666d1ba320b9b3c5bf4d70a09a86b61524
Referenced In Project/Scope: waffle-jetty-jakarta:provided
expressly-5.0.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-jetty-jakarta@3.5.2-SNAPSHOT

Identifiers

j2objc-annotations-3.0.0.jar

Description:

    A set of annotations that provide additional information to the J2ObjC
    translator to modify the result of translation.

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/google/j2objc/j2objc-annotations/3.0.0/j2objc-annotations-3.0.0.jar
MD5: f59529b29202a5baf37f491ea5ec8627
SHA1: 7399e65dd7e9ff3404f4535b2f017093bdb134c7
SHA256:88241573467ddca44ffd4d74aa04c2bbfd11bf7c17e0c342c94c9de7a70a7c64
Referenced In Project/Scope: waffle-jetty-jakarta:provided
j2objc-annotations-3.0.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-jetty-jakarta@3.5.2-SNAPSHOT

Identifiers

jakarta.annotation-api-3.0.0.jar

Description:

Jakarta Annotations API

License:

EPL 2.0: https://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html
File Path: /home/runner/.m2/repository/jakarta/annotation/jakarta.annotation-api/3.0.0/jakarta.annotation-api-3.0.0.jar
MD5: 7faffaab962918da4cf5ddfd76609dd2
SHA1: 54f928fadec906a99d558536756d171917b9d936
SHA256:b01f55552284cfb149411e64eabca75e942d26d2e1786b32914250e4330afaa2
Referenced In Project/Scope: waffle-jetty-jakarta:provided
jakarta.annotation-api-3.0.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-jetty-jakarta@3.5.2-SNAPSHOT

Identifiers

jakarta.el-api-6.0.1.jar

Description:

        Jakarta Expression Language defines an expression language for Java applications

License:

https://www.eclipse.org/org/documents/epl-2.0/EPL-2.0.txt, https://www.gnu.org/software/classpath/license.html
File Path: /home/runner/.m2/repository/jakarta/el/jakarta.el-api/6.0.1/jakarta.el-api-6.0.1.jar
MD5: a98f097e059552a75748fcdd067e5c16
SHA1: c7c4a2eb1e40e0ff45ab5e2e52bd77d8c7a75176
SHA256:7e84b5bed49de32b79cc5e85d90b6f5adb1a953ac67283adbb41c1e297f9c605
Referenced In Project/Scope: waffle-jetty-jakarta:provided
jakarta.el-api-6.0.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-jetty-jakarta@3.5.2-SNAPSHOT

Identifiers

jakarta.servlet-api-6.0.0.jar

Description:

Jakarta Servlet 6.0

License:

EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html
File Path: /home/runner/.m2/repository/jakarta/servlet/jakarta.servlet-api/6.0.0/jakarta.servlet-api-6.0.0.jar
MD5: 4bcb3175ed9b7aa3f038d082879ec2a8
SHA1: abecc699286e65035ebba9844c03931357a6a963
SHA256:c034eb1afb158987dbb53a5fea0cadf611c8dae8daadd59c44d9d5ab70129cef
Referenced In Project/Scope: waffle-jetty-jakarta:provided
jakarta.servlet-api-6.0.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.eclipse.jetty.ee10/jetty-ee10-servlet@12.0.16

Identifiers

jakarta.servlet.jsp-3.0.0.jar

Description:

JavaServer Pages API

License:

https://www.eclipse.org/org/documents/epl-2.0/EPL-2.0.txt, https://www.gnu.org/software/classpath/license.html
File Path: /home/runner/.m2/repository/org/glassfish/web/jakarta.servlet.jsp/3.0.0/jakarta.servlet.jsp-3.0.0.jar
MD5: fca522b72282d53d0819af32a5a2ec9c
SHA1: a1b306dd295439765d0fd2f9b00a48501c892b88
SHA256:7dde5d9789c030401c80bdfdbcc7a021665a451ba6f4ebdc033196cb7c8dee2a
Referenced In Project/Scope: waffle-jetty-jakarta:provided
jakarta.servlet.jsp-3.0.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-jetty-jakarta@3.5.2-SNAPSHOT

Identifiers

jakarta.servlet.jsp-api-4.0.0.jar

Description:

Jakarta Server Pages API

License:

https://www.eclipse.org/org/documents/epl-2.0/EPL-2.0.txt, https://www.gnu.org/software/classpath/license.html
File Path: /home/runner/.m2/repository/jakarta/servlet/jsp/jakarta.servlet.jsp-api/4.0.0/jakarta.servlet.jsp-api-4.0.0.jar
MD5: 6fddc938119e00e6f934c1b37120e338
SHA1: a8de3741b91ba7427306104979ab2f084e831438
SHA256:873b7d0c2b5734ef8847634299b67ce879080cdece8426147522c4db8e37c14e
Referenced In Project/Scope: waffle-jetty-jakarta:provided
jakarta.servlet.jsp-api-4.0.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-jetty-jakarta@3.5.2-SNAPSHOT

Identifiers

jakarta.servlet.jsp.jstl-3.0.1.jar

Description:

Jakarta Standard Tag Library Implementation

License:

EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html
File Path: /home/runner/.m2/repository/org/glassfish/web/jakarta.servlet.jsp.jstl/3.0.1/jakarta.servlet.jsp.jstl-3.0.1.jar
MD5: 3f6511c0066616415b9ed23a018b1cde
SHA1: 078909a1354585b2a7a2d3b4e348fceff8b6d180
SHA256:5cc6e60b9e74d38c25fe4f2d22dfd40577f5b8396bc885f7061cd2c525a43b86
Referenced In Project/Scope: waffle-jetty-jakarta:provided
jakarta.servlet.jsp.jstl-3.0.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-jetty-jakarta@3.5.2-SNAPSHOT

Identifiers

jcl-over-slf4j-2.0.16.jar

Description:

JCL 1.2 implemented over SLF4J

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/slf4j/jcl-over-slf4j/2.0.16/jcl-over-slf4j-2.0.16.jar
MD5: c077b88c43f9d63f64f9880fdb457efb
SHA1: 9d08badad22f1ac07deac9188ade596472a2bfd9
SHA256:5744d62c5af556e839ab922c9fa3f737f0a5971e478ba68b2eb5256b2842ec78
Referenced In Project/Scope: waffle-jetty-jakarta:compile
jcl-over-slf4j-2.0.16.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-jna-jakarta@3.5.2-SNAPSHOT

Identifiers

jdtcore-3.1.0.jar

File Path: /home/runner/.m2/repository/eclipse/jdtcore/3.1.0/jdtcore-3.1.0.jar
MD5: d1651bf9048165f304e7877f1eaad6dc
SHA1: c5e3e72ae7220118c3da808628ec7016d4d8aef2
SHA256:b163be93b2131f97dd23ee03c935b34f48c17e74d8f60b644747528ea024e88e
Referenced In Project/Scope: waffle-jetty-jakarta:provided
jdtcore-3.1.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.glassfish.web/jakarta.servlet.jsp@3.0.0

Identifiers

CVE-2023-4218  

In Eclipse IDE versions < 2023-09 (4.29) some files with xml content are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil project or update an open project with a vulnerable file (for example for review a foreign repository or patch).
CWE-611 Improper Restriction of XML External Entity Reference

CVSSv3:
  • Base Score: MEDIUM (5.0)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:1.3/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

jdtcore-3.1.0.jar: jdtCompilerAdapter.jar

File Path: /home/runner/.m2/repository/eclipse/jdtcore/3.1.0/jdtcore-3.1.0.jar/jdtCompilerAdapter.jar
MD5: e66287f3ce15029d202ffc9c2dc3aa77
SHA1: a9d9eb99b7920dd3ee24d601a26cd7e473b0bf6e
SHA256:c79595d136ba157fc63286bf29cee69f6ab09cf2b9005ce70ae7eb01431115d9
Referenced In Project/Scope: waffle-jetty-jakarta:provided

Identifiers

  • None

jetty-ee-12.0.16.jar

Description:

Jetty module for Core :: EE Common

License:

EPL-2.0 OR Apache-2.0
https://www.eclipse.org/legal/epl-2.0/, https://www.apache.org/licenses/LICENSE-2.0
File Path: /home/runner/.m2/repository/org/eclipse/jetty/jetty-ee/12.0.16/jetty-ee-12.0.16.jar
MD5: 72db9881287f6e4bafa12bd16bad37b8
SHA1: 14b177b6765e805ec33a122d865864bd585561eb
SHA256:1b795f43e0c28b4d6979572a1b0a719ed560052bea20a3e3dc52cc75e4561f7f
Referenced In Project/Scope: waffle-jetty-jakarta:provided
jetty-ee-12.0.16.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.eclipse.jetty.ee10/jetty-ee10-webapp@12.0.16

Identifiers

jetty-server-12.0.16.jar

Description:

The legacy jetty server artifact.

License:

EPL-2.0 OR Apache-2.0
https://www.eclipse.org/legal/epl-2.0/, https://www.apache.org/licenses/LICENSE-2.0
File Path: /home/runner/.m2/repository/org/eclipse/jetty/jetty-server/12.0.16/jetty-server-12.0.16.jar
MD5: 8bc8e31a2ebea7cb185fd188e5b4b5ca
SHA1: 3e3638b4bfbee04c27b3ae68e4949fc43b40a042
SHA256:9e3f17ca732154ee2c67cc2bc340f322b29335f74d65f7cc0104c2e9cdc6640e
Referenced In Project/Scope: waffle-jetty-jakarta:provided
jetty-server-12.0.16.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.eclipse.jetty.ee10/jetty-ee10-servlet@12.0.16

Identifiers

jna-5.16.0.jar

Description:

Java Native Access

License:

LGPL-2.1-or-later: https://www.gnu.org/licenses/old-licenses/lgpl-2.1
Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/net/java/dev/jna/jna/5.16.0/jna-5.16.0.jar
MD5: accc2e2b8676434a87f4f73fb4d90b44
SHA1: ebea09f91dc9f7048099f963fb8d6f919f0a4d9c
SHA256:3f5233589a799eb66dc2969afa3433fb56859d3d787c58b9bc7dd9e86f0a250c
Referenced In Project/Scope: waffle-jetty-jakarta:compile
jna-5.16.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-jna-jakarta@3.5.2-SNAPSHOT

Identifiers

jna-5.16.0.jar: jnidispatch.dll

File Path: /home/runner/.m2/repository/net/java/dev/jna/jna/5.16.0/jna-5.16.0.jar/com/sun/jna/win32-aarch64/jnidispatch.dll
MD5: 302945a811fd8e21bcdd5226c73b6f74
SHA1: 6b05e299ff2b3eb3b7b7aeac44263f715693607c
SHA256:b8f98be314234cf12b5b46c29652f70c0f6abb93ae19b63d3fe2692062aa699d
Referenced In Project/Scope: waffle-jetty-jakarta:compile

Identifiers

  • None

jna-5.16.0.jar: jnidispatch.dll

File Path: /home/runner/.m2/repository/net/java/dev/jna/jna/5.16.0/jna-5.16.0.jar/com/sun/jna/win32-x86-64/jnidispatch.dll
MD5: 2d2475f1f026dd54e9f3e787ae4f81da
SHA1: 27ff882ac271db547aee520b38e3ba9aa91e136c
SHA256:5a7ff949f6d93d86491eb5b26b1cfc60051168a60622650224b89995ac420023
Referenced In Project/Scope: waffle-jetty-jakarta:compile

Identifiers

  • None

jna-5.16.0.jar: jnidispatch.dll

File Path: /home/runner/.m2/repository/net/java/dev/jna/jna/5.16.0/jna-5.16.0.jar/com/sun/jna/win32-x86/jnidispatch.dll
MD5: 0caa1ef75a807f9dde05084fa2219a5c
SHA1: 2f5e1cd82cde192905c7510ce99037b67d980640
SHA256:752d597cee7e95cb517327146bf42f124c0d6c0bc48b3ecc3b1b3b0531a52f44
Referenced In Project/Scope: waffle-jetty-jakarta:compile

Identifiers

  • None

jna-platform-5.16.0.jar

Description:

Java Native Access Platform

License:

LGPL-2.1-or-later: https://www.gnu.org/licenses/old-licenses/lgpl-2.1
Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/net/java/dev/jna/jna-platform/5.16.0/jna-platform-5.16.0.jar
MD5: 12ba6b7a7752ecf0a5baed725f3192c2
SHA1: b2a9065f97c166893d504b164706512338e3bbc2
SHA256:e5a79523964509757555782bb60283e4902611013f107e4600dc93298f73f382
Referenced In Project/Scope: waffle-jetty-jakarta:compile
jna-platform-5.16.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-jna-jakarta@3.5.2-SNAPSHOT

Identifiers

jsr305-3.0.2.jar

Description:

JSR305 Annotations for Findbugs

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar
MD5: dd83accb899363c32b07d7a1b2e4ce40
SHA1: 25ea2e8b0c338a877313bd4672d3fe056ea78f0d
SHA256:766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7
Referenced In Project/Scope: waffle-jetty-jakarta:provided
jsr305-3.0.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.6

Identifiers

slf4j-api-2.0.16.jar

Description:

The slf4j API

License:

http://www.opensource.org/licenses/mit-license.php
File Path: /home/runner/.m2/repository/org/slf4j/slf4j-api/2.0.16/slf4j-api-2.0.16.jar
MD5: c8de8f5d740584cb24b5652cfba8b3c4
SHA1: 0172931663a09a1fa515567af5fbef00897d3c04
SHA256:a12578dde1ba00bd9b816d388a0b879928d00bab3c83c240f7013bf4196c579a
Referenced In Project/Scope: waffle-jetty-jakarta:compile
slf4j-api-2.0.16.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-jna-jakarta@3.5.2-SNAPSHOT

Identifiers

spotbugs-annotations-4.8.6.jar

Description:

Annotations the SpotBugs tool supports

License:

GNU LESSER GENERAL PUBLIC LICENSE, Version 2.1: https://www.gnu.org/licenses/old-licenses/lgpl-2.1.en.html
File Path: /home/runner/.m2/repository/com/github/spotbugs/spotbugs-annotations/4.8.6/spotbugs-annotations-4.8.6.jar
MD5: 0806b237c67c69869506ce3ced9a722f
SHA1: 1dcffed3e561ed32134a0dff4717f19bc2fdf4d8
SHA256:4548b74a815ed44f5480ca4f06204a8b00809dc7e5f6a825a9edf18f40377b65
Referenced In Project/Scope: waffle-jetty-jakarta:provided
spotbugs-annotations-4.8.6.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.waffle/waffle-jetty-jakarta@3.5.2-SNAPSHOT

Identifiers



This report contains data retrieved from the National Vulnerability Database.
This report may contain data retrieved from the CISA Known Exploited Vulnerability Catalog.
This report may contain data retrieved from the Github Advisory Database (via NPM Audit API).
This report may contain data retrieved from RetireJS.
This report may contain data retrieved from the Sonatype OSS Index.