Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies;
false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and
the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties,
implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided
is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever
arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
Scan Information (
show all ):
dependency-check version : 9.0.9Report Generated On : Sun, 21 Jan 2024 09:44:07 GMTDependencies Scanned : 29 (23 unique)Vulnerable Dependencies : 2 Vulnerabilities Found : 2Vulnerabilities Suppressed : 0 ... NVD API Last Checked : 2024-01-21T09:39:41ZNVD API Last Modified : 2024-01-21T08:15:07ZSummary Display:
Showing Vulnerable Dependencies (click to show all) Description:
Byte Buddy is a Java library for creating Java classes at run time.
This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/net/bytebuddy/byte-buddy/1.14.11/byte-buddy-1.14.11.jar
MD5: c28e36075a114b176953fc10a5370be7
SHA1: 725602eb7c8c56b51b9c21f273f9df5c909d9e7d
SHA256: 62ae28187ed2b062813da6a9d567bfee733c341582699b62dd980230729a0313
Referenced In Project/Scope: waffle-spring-security5:compile
byte-buddy-1.14.11.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name byte-buddy High Vendor jar package name asm Highest Vendor jar package name build Highest Vendor jar package name bytebuddy Highest Vendor jar package name net Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-symbolicname net.bytebuddy.byte-buddy Medium Vendor Manifest multi-release true Low Vendor pom artifactid byte-buddy Highest Vendor pom artifactid byte-buddy Low Vendor pom groupid net.bytebuddy Highest Vendor pom name Byte Buddy (without dependencies) High Vendor pom parent-artifactid byte-buddy-parent Low Product file name byte-buddy High Product jar package name asm Highest Product jar package name build Highest Product jar package name bytebuddy Highest Product jar package name net Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest Bundle-Name Byte Buddy (without dependencies) Medium Product Manifest bundle-symbolicname net.bytebuddy.byte-buddy Medium Product Manifest multi-release true Low Product pom artifactid byte-buddy Highest Product pom groupid net.bytebuddy Highest Product pom name Byte Buddy (without dependencies) High Product pom parent-artifactid byte-buddy-parent Medium Version file version 1.14.11 High Version Manifest Bundle-Version 1.14.11 High Version pom version 1.14.11 Highest
Description:
The Byte Buddy agent offers convenience for attaching an agent to the local or a remote VM. License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/net/bytebuddy/byte-buddy-agent/1.14.11/byte-buddy-agent-1.14.11.jar
MD5: 0de12734d808654692599b08ccd84020
SHA1: f9cb566608fbac6bc7bf54901a7aa11543a989ee
SHA256: 2f537a621a64fa7013d68c695a76a34ee8d79dad74e635caca16dd56257aeb80
Referenced In Project/Scope: waffle-spring-security5:compile
byte-buddy-agent-1.14.11.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name byte-buddy-agent High Vendor jar package name agent Highest Vendor jar package name bytebuddy Highest Vendor jar package name net Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-symbolicname net.bytebuddy.byte-buddy-agent Medium Vendor Manifest can-redefine-classes true Low Vendor Manifest can-retransform-classes true Low Vendor Manifest can-set-native-method-prefix true Low Vendor Manifest multi-release true Low Vendor pom artifactid byte-buddy-agent Highest Vendor pom artifactid byte-buddy-agent Low Vendor pom groupid net.bytebuddy Highest Vendor pom name Byte Buddy agent High Vendor pom parent-artifactid byte-buddy-parent Low Product file name byte-buddy-agent High Product jar package name agent Highest Product jar package name bytebuddy Highest Product jar package name net Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest Bundle-Name Byte Buddy agent Medium Product Manifest bundle-symbolicname net.bytebuddy.byte-buddy-agent Medium Product Manifest can-redefine-classes true Low Product Manifest can-retransform-classes true Low Product Manifest can-set-native-method-prefix true Low Product Manifest multi-release true Low Product pom artifactid byte-buddy-agent Highest Product pom groupid net.bytebuddy Highest Product pom name Byte Buddy agent High Product pom parent-artifactid byte-buddy-parent Medium Version file version 1.14.11 High Version Manifest Bundle-Version 1.14.11 High Version pom version 1.14.11 Highest
File Path: /home/runner/.m2/repository/net/bytebuddy/byte-buddy-agent/1.14.11/byte-buddy-agent-1.14.11.jar/win32-x86-64/attach_hotspot_windows.dllMD5: 053a783e5777c6a9867c27d51af89677SHA1: 5ef4d98ae6a033a5707d0b5466e6138beb337e76SHA256: 16d424423f9b09accf132ad35dbeaa52ac9f6bd45bba1406b89df851f651db20Referenced In Project/Scope: waffle-spring-security5:compile
Evidence Type Source Name Value Confidence Vendor file name attach_hotspot_windows High Product file name attach_hotspot_windows High
File Path: /home/runner/.m2/repository/net/bytebuddy/byte-buddy-agent/1.14.11/byte-buddy-agent-1.14.11.jar/win32-x86/attach_hotspot_windows.dllMD5: fbca33102ac97be0ed496c0f78e466b3SHA1: c4df05146a86a6d073769bb697d550ef42518ed5SHA256: 810f94c4a2f5ca1a072c19859f7954fed9aa3a1dcb0d601e92d2338793202e72Referenced In Project/Scope: waffle-spring-security5:compile
Evidence Type Source Name Value Confidence Vendor file name attach_hotspot_windows High Product file name attach_hotspot_windows High
Description:
A high performance caching library License:
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/com/github/ben-manes/caffeine/caffeine/3.1.8/caffeine-3.1.8.jar
MD5: b19301179903e8781776397d9923f7c8
SHA1: 24795585df8afaf70a2cd534786904ea5889c047
SHA256: 7dd15f9df1be238ffaa367ce6f556737a88031de4294dad18eef57c474ddf1d3
Referenced In Project/Scope: waffle-spring-security5:compile
caffeine-3.1.8.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name caffeine High Vendor jar package name benmanes Highest Vendor jar package name cache Highest Vendor jar package name caffeine Highest Vendor jar package name github Highest Vendor Manifest automatic-module-name com.github.benmanes.caffeine Medium Vendor Manifest build-jdk-spec 11 Low Vendor Manifest bundle-symbolicname com.github.ben-manes.caffeine Medium Vendor pom artifactid caffeine Highest Vendor pom artifactid caffeine Low Vendor pom developer email ben.manes@gmail.com Low Vendor pom developer id ben-manes Medium Vendor pom developer name Ben Manes Medium Vendor pom groupid com.github.ben-manes.caffeine Highest Vendor pom name Caffeine cache High Vendor pom url ben-manes/caffeine Highest Product file name caffeine High Product jar package name benmanes Highest Product jar package name cache Highest Product jar package name caffeine Highest Product jar package name github Highest Product Manifest automatic-module-name com.github.benmanes.caffeine Medium Product Manifest build-jdk-spec 11 Low Product Manifest Bundle-Name com.github.ben-manes.caffeine Medium Product Manifest bundle-symbolicname com.github.ben-manes.caffeine Medium Product Manifest Implementation-Title A high performance caching library High Product pom artifactid caffeine Highest Product pom developer email ben.manes@gmail.com Low Product pom developer id ben-manes Low Product pom developer name Ben Manes Low Product pom groupid com.github.ben-manes.caffeine Highest Product pom name Caffeine cache High Product pom url ben-manes/caffeine High Version file version 3.1.8 High Version Manifest Bundle-Version 3.1.8 High Version Manifest Implementation-Version 3.1.8 High Version pom version 3.1.8 Highest
Description:
checker-qual contains annotations (type qualifiers) that a programmer
writes to specify Java code for type-checking by the Checker Framework.
License:
The MIT License: http://opensource.org/licenses/MIT File Path: /home/runner/.m2/repository/org/checkerframework/checker-qual/3.42.0/checker-qual-3.42.0.jar
MD5: 4c55448dcbfe9c3702f7758fc8fe0086
SHA1: 638ec33f363a94d41a4f03c3e7d3dcfba64e402d
SHA256: ccaedd33af0b7894d9f2f3b644f4d19e43928e32902e61ac4d10777830f5aac7
Referenced In Project/Scope: waffle-spring-security5:compile
checker-qual-3.42.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name checker-qual High Vendor jar package name checker Highest Vendor jar package name checkerframework Highest Vendor jar package name framework Highest Vendor jar package name qual Highest Vendor Manifest automatic-module-name org.checkerframework.checker.qual Medium Vendor Manifest bundle-symbolicname checker-qual Medium Vendor Manifest implementation-url https://checkerframework.org Low Vendor pom artifactid checker-qual Highest Vendor pom artifactid checker-qual Low Vendor pom developer email mernst@cs.washington.edu Low Vendor pom developer email smillst@cs.washington.edu Low Vendor pom developer id mernst Medium Vendor pom developer id smillst Medium Vendor pom developer name Michael Ernst Medium Vendor pom developer name Suzanne Millstein Medium Vendor pom developer org University of Washington Medium Vendor pom developer org URL https://www.cs.washington.edu/ Medium Vendor pom groupid org.checkerframework Highest Vendor pom name Checker Qual High Vendor pom url https://checkerframework.org/ Highest Product file name checker-qual High Product jar package name checker Highest Product jar package name checkerframework Highest Product jar package name framework Highest Product jar package name qual Highest Product Manifest automatic-module-name org.checkerframework.checker.qual Medium Product Manifest Bundle-Name checker-qual Medium Product Manifest bundle-symbolicname checker-qual Medium Product Manifest implementation-url https://checkerframework.org Low Product pom artifactid checker-qual Highest Product pom developer email mernst@cs.washington.edu Low Product pom developer email smillst@cs.washington.edu Low Product pom developer id mernst Low Product pom developer id smillst Low Product pom developer name Michael Ernst Low Product pom developer name Suzanne Millstein Low Product pom developer org University of Washington Low Product pom developer org URL https://www.cs.washington.edu/ Low Product pom groupid org.checkerframework Highest Product pom name Checker Qual High Product pom url https://checkerframework.org/ Medium Version file version 3.42.0 High Version Manifest Bundle-Version 3.42.0 High Version Manifest Implementation-Version 3.42.0 High Version pom version 3.42.0 Highest
Description:
WAFFLE JNA implementation License:
MIT https://raw.github.com/Waffle/waffle/master/LICENSE File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-jna/pom.xml
Referenced In Project/Scope: waffle-spring-security5
com.github.waffle:waffle-jna:3.3.1-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid waffle-jna Low Vendor project groupid com.github.waffle Highest Product file name pom High Product project artifactid waffle-jna Highest Product project groupid com.github.waffle Low
Description:
Error Prone is a static analysis tool for Java that catches common programming mistakes at compile-time. License:
Apache 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/com/google/errorprone/error_prone_annotations/2.24.1/error_prone_annotations-2.24.1.jar
MD5: 345bbebec9b3c68d2638c0f6809436dc
SHA1: 32b299e45105aa9b0df8279c74dc1edfcf313ff0
SHA256: 19fe2f7155d20ea093168527999da98108103ee546d1e8b726bc4b27c31a3c30
Referenced In Project/Scope: waffle-spring-security5:provided
error_prone_annotations-2.24.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name error_prone_annotations High Vendor jar package name annotations Highest Vendor jar package name errorprone Highest Vendor jar package name google Highest Vendor Manifest automatic-module-name com.google.errorprone.annotations Medium Vendor Manifest build-jdk-spec 17 Low Vendor Manifest bundle-docurl https://errorprone.info/error_prone_annotations Low Vendor Manifest bundle-symbolicname com.google.errorprone.annotations Medium Vendor pom artifactid error_prone_annotations Highest Vendor pom artifactid error_prone_annotations Low Vendor pom groupid com.google.errorprone Highest Vendor pom name error-prone annotations High Vendor pom parent-artifactid error_prone_parent Low Product file name error_prone_annotations High Product jar package name annotations Highest Product jar package name errorprone Highest Product jar package name google Highest Product Manifest automatic-module-name com.google.errorprone.annotations Medium Product Manifest build-jdk-spec 17 Low Product Manifest bundle-docurl https://errorprone.info/error_prone_annotations Low Product Manifest Bundle-Name error-prone annotations Medium Product Manifest bundle-symbolicname com.google.errorprone.annotations Medium Product pom artifactid error_prone_annotations Highest Product pom groupid com.google.errorprone Highest Product pom name error-prone annotations High Product pom parent-artifactid error_prone_parent Medium Version file version 2.24.1 High Version Manifest Bundle-Version 2.24.1 High Version pom version 2.24.1 Highest
Description:
A set of annotations that provide additional information to the J2ObjC
translator to modify the result of translation.
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/com/google/j2objc/j2objc-annotations/2.8/j2objc-annotations-2.8.jar
MD5: c50af69b704dc91050efb98e0dff66d1
SHA1: c85270e307e7b822f1086b93689124b89768e273
SHA256: f02a95fa1a5e95edb3ed859fd0fb7df709d121a35290eff8b74dce2ab7f4d6ed
Referenced In Project/Scope: waffle-spring-security5:provided
j2objc-annotations-2.8.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name j2objc-annotations High Vendor jar package name annotations Highest Vendor jar package name annotations Low Vendor jar package name google Highest Vendor jar package name google Low Vendor jar package name j2objc Highest Vendor jar package name j2objc Low Vendor pom artifactid j2objc-annotations Highest Vendor pom artifactid j2objc-annotations Low Vendor pom groupid com.google.j2objc Highest Vendor pom name J2ObjC Annotations High Vendor pom url google/j2objc/ Highest Product file name j2objc-annotations High Product jar package name annotations Highest Product jar package name annotations Low Product jar package name google Highest Product jar package name j2objc Highest Product jar package name j2objc Low Product pom artifactid j2objc-annotations Highest Product pom groupid com.google.j2objc Highest Product pom name J2ObjC Annotations High Product pom url google/j2objc/ High Version file version 2.8 High Version pom version 2.8 Highest
Description:
Jakarta Servlet 4.0 License:
EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html File Path: /home/runner/.m2/repository/jakarta/servlet/jakarta.servlet-api/4.0.4/jakarta.servlet-api-4.0.4.jar
MD5: f5d1d7a29978e4ae0be5a456ee1c65c3
SHA1: b8a1142e04838fe54194049c6e7a18dae8f9b960
SHA256: 586e27706c21258f5882f43be06904f49b02db9ac54e345d393fe4a32494d127
Referenced In Project/Scope: waffle-spring-security5:provided
jakarta.servlet-api-4.0.4.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name jakarta.servlet-api High Vendor jar package name javax Highest Vendor jar package name servlet Highest Vendor Manifest automatic-module-name java.servlet Medium Vendor Manifest bundle-docurl https://www.eclipse.org Low Vendor Manifest bundle-symbolicname jakarta.servlet-api Medium Vendor Manifest extension-name javax.servlet Medium Vendor Manifest Implementation-Vendor Eclipse Foundation High Vendor Manifest Implementation-Vendor-Id org.eclipse Medium Vendor Manifest specification-vendor Eclipse Foundation Low Vendor pom artifactid jakarta.servlet-api Highest Vendor pom artifactid jakarta.servlet-api Low Vendor pom developer id yaminikb Medium Vendor pom developer name Yamini K B Medium Vendor pom developer org Oracle Corporation Medium Vendor pom developer org URL http://www.oracle.com/ Medium Vendor pom groupid jakarta.servlet Highest Vendor pom name Jakarta Servlet High Vendor pom parent-artifactid project Low Vendor pom parent-groupid org.eclipse.ee4j Medium Vendor pom url https://projects.eclipse.org/projects/ee4j.servlet Highest Product file name jakarta.servlet-api High Product jar package name javax Highest Product jar package name servlet Highest Product Manifest automatic-module-name java.servlet Medium Product Manifest bundle-docurl https://www.eclipse.org Low Product Manifest Bundle-Name Jakarta Servlet Medium Product Manifest bundle-symbolicname jakarta.servlet-api Medium Product Manifest extension-name javax.servlet Medium Product pom artifactid jakarta.servlet-api Highest Product pom developer id yaminikb Low Product pom developer name Yamini K B Low Product pom developer org Oracle Corporation Low Product pom developer org URL http://www.oracle.com/ Low Product pom groupid jakarta.servlet Highest Product pom name Jakarta Servlet High Product pom parent-artifactid project Medium Product pom parent-groupid org.eclipse.ee4j Medium Product pom url https://projects.eclipse.org/projects/ee4j.servlet Medium Version file version 4.0.4 High Version Manifest Implementation-Version 4.0.4 High Version pom parent-version 4.0.4 Low Version pom version 4.0.4 Highest
Description:
Java Native Access License:
LGPL-2.1-or-later: https://www.gnu.org/licenses/old-licenses/lgpl-2.1
Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/net/java/dev/jna/jna/5.14.0/jna-5.14.0.jar
MD5: 8b3cc652920435ad9f801e6d9b2a3497
SHA1: 67bf3eaea4f0718cb376a181a629e5f88fa1c9dd
SHA256: 34ed1e1f27fa896bca50dbc4e99cf3732967cec387a7a0d5e3486c09673fe8c6
Referenced In Project/Scope: waffle-spring-security5:compile
jna-5.14.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name jna High Vendor jar package name jna Highest Vendor jar package name native Highest Vendor jar package name sun Highest Vendor jar (hint) package name oracle Highest Vendor Manifest automatic-module-name com.sun.jna Medium Vendor Manifest bundle-activationpolicy lazy Low Vendor Manifest bundle-category jni Low Vendor Manifest bundle-nativecode com/sun/jna/win32-x86/jnidispatch.dll; processor=x86;osname=win32, com/sun/jna/win32-x86-64/jnidispatch.dll; processor=x86-64;osname=win32, com/sun/jna/win32-aarch64/jnidispatch.dll; processor=aarch64;osname=win32, com/sun/jna/win32-x86/jnidispatch.dll; processor=x86;osname=win, com/sun/jna/win32-x86-64/jnidispatch.dll; processor=x86-64;osname=win, com/sun/jna/win32-aarch64/jnidispatch.dll; processor=aarch64;osname=win, com/sun/jna/w32ce-arm/jnidispatch.dll; processor=arm;osname=wince, com/sun/jna/sunos-x86/libjnidispatch.so; processor=x86;osname=sunos, com/sun/jna/sunos-x86-64/libjnidispatch.so; processor=x86-64;osname=sunos, com/sun/jna/sunos-sparc/libjnidispatch.so; processor=sparc;osname=sunos, com/sun/jna/sunos-sparcv9/libjnidispatch.so; processor=sparcv9;osname=sunos, com/sun/jna/aix-ppc/libjnidispatch.a; processor=ppc;osname=aix, com/sun/jna/aix-ppc64/libjnidispatch.a; processor=ppc64;osname=aix, com/sun/jna/linux-ppc/libjnidispatch.so; processor=ppc;osname=linux, com/sun/jna/linux-ppc64/libjnidispatch.so; processor=ppc64;osname=linux, com/sun/jna/linux-ppc64le/libjnidispatch.so; processor=ppc64le;osname=linux, com/sun/jna/linux-x86/libjnidispatch.so; processor=x86;osname=linux, com/sun/jna/linux-x86-64/libjnidispatch.so; processor=x86-64;osname=linux, com/sun/jna/linux-arm/libjnidispatch.so; processor=arm;osname=linux, com/sun/jna/linux-arm/libjnidispatch.so; processor=arm_le;osname=linux, com/sun/jna/linux-armel/libjnidispatch.so; processor=armel;osname=linux, com/sun/jna/linux-aarch64/libjnidispatch.so; processor=aarch64;osname=linux, com/sun/jna/linux-ia64/libjnidispatch.so; processor=ia64;osname=linux, com/sun/jna/linux-sparcv9/libjnidispatch.so; processor=sparcv9;osname=linux, com/sun/jna/linux-mips64el/libjnidispatch.so; processor=mips64el;osname=linux, com/sun/jna/linux-s390x/libjnidispatch.so; processor=S390x;osname=linux, com/sun/jna/linux-loongarch64/libjnidispatch.so; processor=loongarch64;osname=linux, com/sun/jna/freebsd-x86/libjnidispatch.so; processor=x86;osname=freebsd, com/sun/jna/freebsd-x86-64/libjnidispatch.so; processor=x86-64;osname=freebsd, com/sun/jna/openbsd-x86/libjnidispatch.so; processor=x86;osname=openbsd, com/sun/jna/openbsd-x86-64/libjnidispatch.so; processor=x86-64;osname=openbsd, com/sun/jna/darwin-ppc/libjnidispatch.jnilib; osname=macosx;processor=ppc, com/sun/jna/darwin-ppc64/libjnidispatch.jnilib; osname=macosx;processor=ppc64, com/sun/jna/darwin-x86/libjnidispatch.jnilib; osname=macosx;processor=x86, com/sun/jna/darwin-x86-64/libjnidispatch.jnilib; osname=macosx;processor=x86-64, com/sun/jna/darwin-aarch64/libjnidispatch.jnilib; osname=macosx;processor=aarch64 Low Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.6 Low Vendor Manifest bundle-symbolicname com.sun.jna Medium Vendor Manifest Implementation-Vendor JNA Development Team High Vendor Manifest specification-vendor JNA Development Team Low Vendor pom artifactid jna Highest Vendor pom artifactid jna Low Vendor pom developer email mblaesing@doppel-helix.eu Low Vendor pom developer id twall Medium Vendor pom developer name Matthias Bläsing Medium Vendor pom developer name Timothy Wall Medium Vendor pom groupid net.java.dev.jna Highest Vendor pom name Java Native Access High Vendor pom url java-native-access/jna Highest Product file name jna High Product jar package name jna Highest Product jar package name library Highest Product jar package name native Highest Product jar package name sun Highest Product jar package name win32 Highest Product Manifest automatic-module-name com.sun.jna Medium Product Manifest bundle-activationpolicy lazy Low Product Manifest bundle-category jni Low Product Manifest Bundle-Name jna Medium Product Manifest bundle-nativecode com/sun/jna/win32-x86/jnidispatch.dll; processor=x86;osname=win32, com/sun/jna/win32-x86-64/jnidispatch.dll; processor=x86-64;osname=win32, com/sun/jna/win32-aarch64/jnidispatch.dll; processor=aarch64;osname=win32, com/sun/jna/win32-x86/jnidispatch.dll; processor=x86;osname=win, com/sun/jna/win32-x86-64/jnidispatch.dll; processor=x86-64;osname=win, com/sun/jna/win32-aarch64/jnidispatch.dll; processor=aarch64;osname=win, com/sun/jna/w32ce-arm/jnidispatch.dll; processor=arm;osname=wince, com/sun/jna/sunos-x86/libjnidispatch.so; processor=x86;osname=sunos, com/sun/jna/sunos-x86-64/libjnidispatch.so; processor=x86-64;osname=sunos, com/sun/jna/sunos-sparc/libjnidispatch.so; processor=sparc;osname=sunos, com/sun/jna/sunos-sparcv9/libjnidispatch.so; processor=sparcv9;osname=sunos, com/sun/jna/aix-ppc/libjnidispatch.a; processor=ppc;osname=aix, com/sun/jna/aix-ppc64/libjnidispatch.a; processor=ppc64;osname=aix, com/sun/jna/linux-ppc/libjnidispatch.so; processor=ppc;osname=linux, com/sun/jna/linux-ppc64/libjnidispatch.so; processor=ppc64;osname=linux, com/sun/jna/linux-ppc64le/libjnidispatch.so; processor=ppc64le;osname=linux, com/sun/jna/linux-x86/libjnidispatch.so; processor=x86;osname=linux, com/sun/jna/linux-x86-64/libjnidispatch.so; processor=x86-64;osname=linux, com/sun/jna/linux-arm/libjnidispatch.so; processor=arm;osname=linux, com/sun/jna/linux-arm/libjnidispatch.so; processor=arm_le;osname=linux, com/sun/jna/linux-armel/libjnidispatch.so; processor=armel;osname=linux, com/sun/jna/linux-aarch64/libjnidispatch.so; processor=aarch64;osname=linux, com/sun/jna/linux-ia64/libjnidispatch.so; processor=ia64;osname=linux, com/sun/jna/linux-sparcv9/libjnidispatch.so; processor=sparcv9;osname=linux, com/sun/jna/linux-mips64el/libjnidispatch.so; processor=mips64el;osname=linux, com/sun/jna/linux-s390x/libjnidispatch.so; processor=S390x;osname=linux, com/sun/jna/linux-loongarch64/libjnidispatch.so; processor=loongarch64;osname=linux, com/sun/jna/freebsd-x86/libjnidispatch.so; processor=x86;osname=freebsd, com/sun/jna/freebsd-x86-64/libjnidispatch.so; processor=x86-64;osname=freebsd, com/sun/jna/openbsd-x86/libjnidispatch.so; processor=x86;osname=openbsd, com/sun/jna/openbsd-x86-64/libjnidispatch.so; processor=x86-64;osname=openbsd, com/sun/jna/darwin-ppc/libjnidispatch.jnilib; osname=macosx;processor=ppc, com/sun/jna/darwin-ppc64/libjnidispatch.jnilib; osname=macosx;processor=ppc64, com/sun/jna/darwin-x86/libjnidispatch.jnilib; osname=macosx;processor=x86, com/sun/jna/darwin-x86-64/libjnidispatch.jnilib; osname=macosx;processor=x86-64, com/sun/jna/darwin-aarch64/libjnidispatch.jnilib; osname=macosx;processor=aarch64 Low Product Manifest bundle-requiredexecutionenvironment JavaSE-1.6 Low Product Manifest bundle-symbolicname com.sun.jna Medium Product Manifest Implementation-Title com.sun.jna High Product Manifest specification-title Java Native Access (JNA) Medium Product pom artifactid jna Highest Product pom developer email mblaesing@doppel-helix.eu Low Product pom developer id twall Low Product pom developer name Matthias Bläsing Low Product pom developer name Timothy Wall Low Product pom groupid net.java.dev.jna Highest Product pom name Java Native Access High Product pom url java-native-access/jna High Version file version 5.14.0 High Version Manifest Bundle-Version 5.14.0 High Version pom version 5.14.0 Highest
File Path: /home/runner/.m2/repository/net/java/dev/jna/jna/5.14.0/jna-5.14.0.jar/com/sun/jna/win32-aarch64/jnidispatch.dllMD5: f6bef568e690d361a5dcc165f5ad4b1fSHA1: 05638a4aaafa689a6c246530823afdc18d3fd438SHA256: b9d1479b9619b7ece4a36b6ae31365ffaf15a1355d4f6da02f8b5f09df2fa82fReferenced In Project/Scope: waffle-spring-security5:compile
Evidence Type Source Name Value Confidence Vendor file name jnidispatch High Product file name jnidispatch High
File Path: /home/runner/.m2/repository/net/java/dev/jna/jna/5.14.0/jna-5.14.0.jar/com/sun/jna/win32-x86-64/jnidispatch.dllMD5: 719d6ba1946c25aa61ce82f90d77ffd5SHA1: 94d2191378cac5719daecc826fc116816284c406SHA256: 69c45175ecfd25af023f96ac0bb2c45e6a95e3ba8a5a50ee7969ccab14825c44Referenced In Project/Scope: waffle-spring-security5:compile
Evidence Type Source Name Value Confidence Vendor file name jnidispatch High Product file name jnidispatch High
File Path: /home/runner/.m2/repository/net/java/dev/jna/jna/5.14.0/jna-5.14.0.jar/com/sun/jna/win32-x86/jnidispatch.dllMD5: e15183ef9c6c255b76fda73d01ca7ecbSHA1: f816f998c43204230d9ea3eecffb5f8372a32c2eSHA256: 38650a0612730c52580c9f32ff766b44b1c5a426d52e7dd7a53687bf3389ac2cReferenced In Project/Scope: waffle-spring-security5:compile
Evidence Type Source Name Value Confidence Vendor file name jnidispatch High Product file name jnidispatch High
Description:
Java Native Access Platform License:
LGPL-2.1-or-later: https://www.gnu.org/licenses/old-licenses/lgpl-2.1
Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/net/java/dev/jna/jna-platform/5.14.0/jna-platform-5.14.0.jar
MD5: 3bc3f09a698e6ad250dd093f64fbb8a7
SHA1: 28934d48aed814f11e4c584da55c49fa7032b31b
SHA256: ae4caceb3840730c2537f9b7fb55a01baba580286b4122951488bcee558c2449
Referenced In Project/Scope: waffle-spring-security5:compile
jna-platform-5.14.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name jna-platform High Vendor jar package name jna Highest Vendor jar package name platform Highest Vendor jar package name sun Highest Vendor jar (hint) package name oracle Highest Vendor Manifest automatic-module-name com.sun.jna.platform Medium Vendor Manifest bundle-category jni Low Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.4 Low Vendor Manifest bundle-symbolicname com.sun.jna.platform Medium Vendor Manifest Implementation-Vendor JNA Development Team High Vendor Manifest require-bundle com.sun.jna;bundle-version="5.14.0" Low Vendor Manifest specification-vendor JNA Development Team Low Vendor pom artifactid jna-platform Highest Vendor pom artifactid jna-platform Low Vendor pom developer email mblaesing@doppel-helix.eu Low Vendor pom developer id twall Medium Vendor pom developer name Matthias Bläsing Medium Vendor pom developer name Timothy Wall Medium Vendor pom groupid net.java.dev.jna Highest Vendor pom name Java Native Access Platform High Vendor pom url java-native-access/jna Highest Product file name jna-platform High Product jar package name jna Highest Product jar package name platform Highest Product jar package name sun Highest Product Manifest automatic-module-name com.sun.jna.platform Medium Product Manifest bundle-category jni Low Product Manifest Bundle-Name jna-platform Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.4 Low Product Manifest bundle-symbolicname com.sun.jna.platform Medium Product Manifest Implementation-Title com.sun.jna High Product Manifest require-bundle com.sun.jna;bundle-version="5.14.0" Low Product Manifest specification-title Java Native Access (JNA) Medium Product pom artifactid jna-platform Highest Product pom developer email mblaesing@doppel-helix.eu Low Product pom developer id twall Low Product pom developer name Matthias Bläsing Low Product pom developer name Timothy Wall Low Product pom groupid net.java.dev.jna Highest Product pom name Java Native Access Platform High Product pom url java-native-access/jna High Version file version 5.14.0 High Version Manifest Bundle-Version 5.14.0 High Version pom version 5.14.0 Highest
Description:
JSR305 Annotations for Findbugs License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar
MD5: dd83accb899363c32b07d7a1b2e4ce40
SHA1: 25ea2e8b0c338a877313bd4672d3fe056ea78f0d
SHA256: 766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7
Referenced In Project/Scope: waffle-spring-security5:provided
jsr305-3.0.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.3
Evidence Type Source Name Value Confidence Vendor file name jsr305 High Vendor Manifest bundle-symbolicname org.jsr-305 Medium Vendor pom artifactid jsr305 Highest Vendor pom artifactid jsr305 Low Vendor pom groupid com.google.code.findbugs Highest Vendor pom name FindBugs-jsr305 High Vendor pom url http://findbugs.sourceforge.net/ Highest Product file name jsr305 High Product Manifest Bundle-Name FindBugs-jsr305 Medium Product Manifest bundle-symbolicname org.jsr-305 Medium Product pom artifactid jsr305 Highest Product pom groupid com.google.code.findbugs Highest Product pom name FindBugs-jsr305 High Product pom url http://findbugs.sourceforge.net/ Medium Version file version 3.0.2 High Version Manifest Bundle-Version 3.0.2 High Version pom version 3.0.2 Highest
Description:
The slf4j API License:
http://www.opensource.org/licenses/mit-license.php File Path: /home/runner/.m2/repository/org/slf4j/slf4j-api/2.0.11/slf4j-api-2.0.11.jar
MD5: 90c46a2d4613049843c804867321e6a7
SHA1: ad96c3f8cf895e696dd35c2bc8e8ebe710be9e6d
SHA256: ce0e71d673acb9036bb55d0244b261cf033f8e4c1245f14f931dfb1937dd4c95
Referenced In Project/Scope: waffle-spring-security5:compile
slf4j-api-2.0.11.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-jna@3.3.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name slf4j-api High Vendor jar package name slf4j Highest Vendor Manifest build-jdk-spec 21 Low Vendor Manifest bundle-docurl http://www.slf4j.org Low Vendor Manifest bundle-symbolicname slf4j.api Medium Vendor Manifest multi-release true Low Vendor pom artifactid slf4j-api Highest Vendor pom artifactid slf4j-api Low Vendor pom groupid org.slf4j Highest Vendor pom name SLF4J API Module High Vendor pom parent-artifactid slf4j-parent Low Vendor pom url http://www.slf4j.org Highest Product file name slf4j-api High Product jar package name slf4j Highest Product Manifest build-jdk-spec 21 Low Product Manifest bundle-docurl http://www.slf4j.org Low Product Manifest Bundle-Name SLF4J API Module Medium Product Manifest bundle-symbolicname slf4j.api Medium Product Manifest Implementation-Title slf4j-api High Product Manifest multi-release true Low Product pom artifactid slf4j-api Highest Product pom groupid org.slf4j Highest Product pom name SLF4J API Module High Product pom parent-artifactid slf4j-parent Medium Product pom url http://www.slf4j.org Medium Version file version 2.0.11 High Version Manifest Bundle-Version 2.0.11 High Version Manifest Implementation-Version 2.0.11 High Version pom version 2.0.11 Highest
Description:
Annotations the SpotBugs tool supports License:
GNU LESSER GENERAL PUBLIC LICENSE, Version 2.1: https://www.gnu.org/licenses/old-licenses/lgpl-2.1.en.html File Path: /home/runner/.m2/repository/com/github/spotbugs/spotbugs-annotations/4.8.3/spotbugs-annotations-4.8.3.jar
MD5: cd5917b77643c3a7ba5420aea78f940c
SHA1: 05d2dc4ca5b632976371155252499819aea372ed
SHA256: e5d4f60be8e57595766ba7f1d4535dc46aebf98dae05e16372a4d4120d3ebb6b
Referenced In Project/Scope: waffle-spring-security5:provided
spotbugs-annotations-4.8.3.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name spotbugs-annotations High Vendor Manifest automatic-module-name com.github.spotbugs.annotations Medium Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor Manifest bundle-symbolicname spotbugs-annotations Medium Vendor pom artifactid spotbugs-annotations Highest Vendor pom artifactid spotbugs-annotations Low Vendor pom developer email andreas.sewe@codetrails.com Low Vendor pom developer email dbrosius@mebigfatguy.com Low Vendor pom developer email loskutov@gmx.de Low Vendor pom developer email skypencil@gmail.com Low Vendor pom developer id henrik242 Medium Vendor pom developer id iloveeclipse Medium Vendor pom developer id jsotuyod Medium Vendor pom developer id KengoTODA Medium Vendor pom developer id mebigfatguy Medium Vendor pom developer id sewe Medium Vendor pom developer id ThrawnCA Medium Vendor pom developer name Andreas Sewe Medium Vendor pom developer name Andrey Loskutov Medium Vendor pom developer name Dave Brosius Medium Vendor pom developer name Juan Martín Sotuyo Dodero Medium Vendor pom developer name Kengo TODA Medium Vendor pom groupid com.github.spotbugs Highest Vendor pom name SpotBugs Annotations High Vendor pom url https://spotbugs.github.io/ Highest Product file name spotbugs-annotations High Product Manifest automatic-module-name com.github.spotbugs.annotations Medium Product Manifest Bundle-Name spotbugs-annotations Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product Manifest bundle-symbolicname spotbugs-annotations Medium Product pom artifactid spotbugs-annotations Highest Product pom developer email andreas.sewe@codetrails.com Low Product pom developer email dbrosius@mebigfatguy.com Low Product pom developer email loskutov@gmx.de Low Product pom developer email skypencil@gmail.com Low Product pom developer id henrik242 Low Product pom developer id iloveeclipse Low Product pom developer id jsotuyod Low Product pom developer id KengoTODA Low Product pom developer id mebigfatguy Low Product pom developer id sewe Low Product pom developer id ThrawnCA Low Product pom developer name Andreas Sewe Low Product pom developer name Andrey Loskutov Low Product pom developer name Dave Brosius Low Product pom developer name Juan Martín Sotuyo Dodero Low Product pom developer name Kengo TODA Low Product pom groupid com.github.spotbugs Highest Product pom name SpotBugs Annotations High Product pom url https://spotbugs.github.io/ Medium Version file version 4.8.3 High Version Manifest Bundle-Version 4.8.3 High Version pom version 4.8.3 Highest
Description:
Spring Core License:
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0 File Path: /home/runner/.m2/repository/org/springframework/spring-core/5.3.31/spring-core-5.3.31.jar
MD5: a9ef5a29eaa89fe909a0c4ed870d90a1
SHA1: 368e76f732a3c331b970f69cafec1525d27b34d3
SHA256: 7013ed3da15a8d4be797f5c310f9aa1b196b97f2313bc41e60ef3f5627224fe9
Referenced In Project/Scope: waffle-spring-security5:compile
spring-core-5.3.31.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name spring-core High Vendor hint analyzer vendor pivotal software Highest Vendor hint analyzer vendor SpringSource Highest Vendor hint analyzer vendor vmware Highest Vendor jar package name core Highest Vendor jar package name io Highest Vendor jar package name springframework Highest Vendor Manifest automatic-module-name spring.core Medium Vendor pom artifactid spring-core Highest Vendor pom artifactid spring-core Low Vendor pom developer email jhoeller@pivotal.io Low Vendor pom developer id jhoeller Medium Vendor pom developer name Juergen Hoeller Medium Vendor pom groupid org.springframework Highest Vendor pom name Spring Core High Vendor pom organization name Spring IO High Vendor pom organization url https://spring.io/projects/spring-framework Medium Vendor pom url spring-projects/spring-framework Highest Product file name spring-core High Product hint analyzer product springsource_spring_framework Highest Product jar package name core Highest Product jar package name io Highest Product jar package name springframework Highest Product Manifest automatic-module-name spring.core Medium Product Manifest Implementation-Title spring-core High Product pom artifactid spring-core Highest Product pom developer email jhoeller@pivotal.io Low Product pom developer id jhoeller Low Product pom developer name Juergen Hoeller Low Product pom groupid org.springframework Highest Product pom name Spring Core High Product pom organization name Spring IO Low Product pom organization url https://spring.io/projects/spring-framework Low Product pom url spring-projects/spring-framework High Version file version 5.3.31 High Version Manifest Implementation-Version 5.3.31 High Version pom version 5.3.31 Highest
Related Dependencies spring-aop-5.3.31.jarFile Path: /home/runner/.m2/repository/org/springframework/spring-aop/5.3.31/spring-aop-5.3.31.jar MD5: 48143a3242d23f66736e34cf1b5ad632 SHA1: 3be929dbdb5f4516919ad09a3d3720d779bb65d9 SHA256: 3f0c666f317abaa845fc3a24fba219b1f469716bf309cccd755eecb8fee20430 pkg:maven/org.springframework/spring-aop@5.3.31 spring-beans-5.3.31.jarFile Path: /home/runner/.m2/repository/org/springframework/spring-beans/5.3.31/spring-beans-5.3.31.jar MD5: b5fe5c018f96edf76b7e92b34668fa44 SHA1: d27258849071b3b268ecc388eca35bbfcc586448 SHA256: a8d6d99003d0a28049cba4273afbcfc64e1107ee3c33f67935853e9711544aa7 pkg:maven/org.springframework/spring-beans@5.3.31 spring-context-5.3.31.jarFile Path: /home/runner/.m2/repository/org/springframework/spring-context/5.3.31/spring-context-5.3.31.jar MD5: 6aa19e7e6a87b4ac8b649057315b1dd1 SHA1: a2d6e76507f037ad835e8c2288dfedf28981999f SHA256: 38def055d1e22b5514b1cb19cef4474e5c1b0d2127c483e7d014bde87c4a4cf3 pkg:maven/org.springframework/spring-context@5.3.31 spring-expression-5.3.31.jarFile Path: /home/runner/.m2/repository/org/springframework/spring-expression/5.3.31/spring-expression-5.3.31.jar MD5: 9e309bb1a738acbd0ac9c9fc58931fd3 SHA1: 55637af1b186d1008890980c2876c5fc83599756 SHA256: e027f122b8a4e3030339068220bed02d1c9d397eb5897f1e33ba2f63b22591ac pkg:maven/org.springframework/spring-expression@5.3.31 spring-jcl-5.3.31.jarFile Path: /home/runner/.m2/repository/org/springframework/spring-jcl/5.3.31/spring-jcl-5.3.31.jar MD5: 4d281617e07553792218e37c47b8bd8c SHA1: e7ab9ee590a195415dd6b898440d776b4c8db78c SHA256: eee0df6a25a9c56d228ea86272546aa5a0656caf2f14e7b375417b066abbc0db pkg:maven/org.springframework/spring-jcl@5.3.31 Description:
Spring Security License:
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0 File Path: /home/runner/.m2/repository/org/springframework/security/spring-security-core/5.8.9/spring-security-core-5.8.9.jar
MD5: e1305efeecf85494a57af55a4381c94b
SHA1: c9e12dfc323b313cf1c75d89af65d408debce306
SHA256: 28af3791e44421b944053a4b17678b60f69bce2ed4cf1e502f86e3d5fb563f4f
Referenced In Project/Scope: waffle-spring-security5:compile
spring-security-core-5.8.9.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name spring-security-core High Vendor hint analyzer vendor pivotal software Highest Vendor hint analyzer vendor SpringSource Highest Vendor hint analyzer vendor vmware Highest Vendor jar package name core Highest Vendor jar package name security Highest Vendor jar package name springframework Highest Vendor Manifest automatic-module-name spring.security.core Medium Vendor pom artifactid spring-security-core Highest Vendor pom artifactid spring-security-core Low Vendor pom developer email info@pivotal.io Low Vendor pom developer name Pivotal Medium Vendor pom developer org Pivotal Software, Inc. Medium Vendor pom developer org URL https://www.spring.io Medium Vendor pom groupid org.springframework.security Highest Vendor pom name spring-security-core High Vendor pom organization name Pivotal Software, Inc. High Vendor pom organization url https://spring.io Medium Vendor pom url https://spring.io/projects/spring-security Highest Product file name spring-security-core High Product jar package name core Highest Product jar package name security Highest Product jar package name springframework Highest Product Manifest automatic-module-name spring.security.core Medium Product Manifest Implementation-Title spring-security-core High Product pom artifactid spring-security-core Highest Product pom developer email info@pivotal.io Low Product pom developer name Pivotal Low Product pom developer org Pivotal Software, Inc. Low Product pom developer org URL https://www.spring.io Low Product pom groupid org.springframework.security Highest Product pom name spring-security-core High Product pom organization name Pivotal Software, Inc. Low Product pom organization url https://spring.io Low Product pom url https://spring.io/projects/spring-security Medium Version file version 5.8.9 High Version Manifest Implementation-Version 5.8.9 High Version pom version 5.8.9 Highest
Related Dependencies spring-security-config-5.8.9.jarFile Path: /home/runner/.m2/repository/org/springframework/security/spring-security-config/5.8.9/spring-security-config-5.8.9.jar MD5: 37027d16a5d71b625109bb828a9f4e61 SHA1: 16f14a8eb4fa6087cf2ac04e6176e1a91e983402 SHA256: 46a8716522ecefddc3a73610e775e841f0a032fd61161cd953677a2c2b55bf41 pkg:maven/org.springframework.security/spring-security-config@5.8.9 Description:
Spring Security License:
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0 File Path: /home/runner/.m2/repository/org/springframework/security/spring-security-crypto/5.8.9/spring-security-crypto-5.8.9.jar
MD5: df0a5bacd5a2a65d432a165300482c61
SHA1: 62aa602e4f5ca8f9032ce8288a45d5b4010bb756
SHA256: f688df565d4afbb7554a72b0a17fba501b30cd74470a79eec2a6985ef9619691
Referenced In Project/Scope: waffle-spring-security5:compile
spring-security-crypto-5.8.9.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.springframework.security/spring-security-core@5.8.9
Evidence Type Source Name Value Confidence Vendor file name spring-security-crypto High Vendor hint analyzer vendor pivotal software Highest Vendor hint analyzer vendor SpringSource Highest Vendor hint analyzer vendor vmware Highest Vendor jar package name crypto Highest Vendor jar package name security Highest Vendor jar package name springframework Highest Vendor Manifest automatic-module-name spring.security.crypto Medium Vendor pom artifactid spring-security-crypto Highest Vendor pom artifactid spring-security-crypto Low Vendor pom developer email info@pivotal.io Low Vendor pom developer name Pivotal Medium Vendor pom developer org Pivotal Software, Inc. Medium Vendor pom developer org URL https://www.spring.io Medium Vendor pom groupid org.springframework.security Highest Vendor pom name spring-security-crypto High Vendor pom organization name Pivotal Software, Inc. High Vendor pom organization url https://spring.io Medium Vendor pom url https://spring.io/projects/spring-security Highest Product file name spring-security-crypto High Product jar package name crypto Highest Product jar package name security Highest Product jar package name springframework Highest Product Manifest automatic-module-name spring.security.crypto Medium Product Manifest Implementation-Title spring-security-crypto High Product pom artifactid spring-security-crypto Highest Product pom developer email info@pivotal.io Low Product pom developer name Pivotal Low Product pom developer org Pivotal Software, Inc. Low Product pom developer org URL https://www.spring.io Low Product pom groupid org.springframework.security Highest Product pom name spring-security-crypto High Product pom organization name Pivotal Software, Inc. Low Product pom organization url https://spring.io Low Product pom url https://spring.io/projects/spring-security Medium Version file version 5.8.9 High Version Manifest Implementation-Version 5.8.9 High Version pom version 5.8.9 Highest
CVE-2020-5408 (OSSINDEX)suppress
Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor. A malicious user with access to the data that has been encrypted using such an encryptor may be able to derive the unencrypted values using a dictionary attack.
Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2020-5408 for details CWE-330 Use of Insufficiently Random Values
CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.springframework.security:spring-security-crypto:5.8.9:*:*:*:*:*:*:* Description:
Spring Security License:
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0 File Path: /home/runner/.m2/repository/org/springframework/security/spring-security-web/5.8.9/spring-security-web-5.8.9.jar
MD5: 0f798cd04b98bd63b0ef16a3658e2623
SHA1: 241ebc4e7e14c56550ca58694d572fe11e103f59
SHA256: 91ba2f3bde1a07c1d33e5146aa9fbffeb43cbd5ab480db6fa8e84812a9e960ca
Referenced In Project/Scope: waffle-spring-security5:compile
spring-security-web-5.8.9.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name spring-security-web High Vendor hint analyzer vendor pivotal software Highest Vendor hint analyzer vendor SpringSource Highest Vendor hint analyzer vendor vmware Highest Vendor jar package name security Highest Vendor jar package name springframework Highest Vendor jar package name web Highest Vendor Manifest automatic-module-name spring.security.web Medium Vendor pom artifactid spring-security-web Highest Vendor pom artifactid spring-security-web Low Vendor pom developer email info@pivotal.io Low Vendor pom developer name Pivotal Medium Vendor pom developer org Pivotal Software, Inc. Medium Vendor pom developer org URL https://www.spring.io Medium Vendor pom groupid org.springframework.security Highest Vendor pom name spring-security-web High Vendor pom organization name Pivotal Software, Inc. High Vendor pom organization url https://spring.io Medium Vendor pom url https://spring.io/projects/spring-security Highest Product file name spring-security-web High Product jar package name security Highest Product jar package name springframework Highest Product jar package name web Highest Product Manifest automatic-module-name spring.security.web Medium Product Manifest Implementation-Title spring-security-web High Product pom artifactid spring-security-web Highest Product pom developer email info@pivotal.io Low Product pom developer name Pivotal Low Product pom developer org Pivotal Software, Inc. Low Product pom developer org URL https://www.spring.io Low Product pom groupid org.springframework.security Highest Product pom name spring-security-web High Product pom organization name Pivotal Software, Inc. Low Product pom organization url https://spring.io Low Product pom url https://spring.io/projects/spring-security Medium Version file version 5.8.9 High Version Manifest Implementation-Version 5.8.9 High Version pom version 5.8.9 Highest
Description:
Spring Web License:
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0 File Path: /home/runner/.m2/repository/org/springframework/spring-web/5.3.31/spring-web-5.3.31.jar
MD5: 4bef28044f222933ea2e45818c7f96a1
SHA1: 3bf73c385a1f2f4a0d482149d6a205e854cec497
SHA256: 7b7b4db19acc8c0cdb0dea93a3aa4b1b706db4bcc7b77f677a0c56e86d379ac7
Referenced In Project/Scope: waffle-spring-security5:compile
spring-web-5.3.31.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-spring-security5@3.3.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name spring-web High Vendor hint analyzer vendor pivotal software Highest Vendor hint analyzer vendor SpringSource Highest Vendor hint analyzer vendor vmware Highest Vendor jar package name springframework Highest Vendor jar package name web Highest Vendor Manifest automatic-module-name spring.web Medium Vendor pom artifactid spring-web Highest Vendor pom artifactid spring-web Low Vendor pom developer email jhoeller@pivotal.io Low Vendor pom developer id jhoeller Medium Vendor pom developer name Juergen Hoeller Medium Vendor pom groupid org.springframework Highest Vendor pom name Spring Web High Vendor pom organization name Spring IO High Vendor pom organization url https://spring.io/projects/spring-framework Medium Vendor pom url spring-projects/spring-framework Highest Product file name spring-web High Product hint analyzer product springsource_spring_framework Highest Product jar package name springframework Highest Product jar package name web Highest Product Manifest automatic-module-name spring.web Medium Product Manifest Implementation-Title spring-web High Product pom artifactid spring-web Highest Product pom developer email jhoeller@pivotal.io Low Product pom developer id jhoeller Low Product pom developer name Juergen Hoeller Low Product pom groupid org.springframework Highest Product pom name Spring Web High Product pom organization name Spring IO Low Product pom organization url https://spring.io/projects/spring-framework Low Product pom url spring-projects/spring-framework High Version file version 5.3.31 High Version Manifest Implementation-Version 5.3.31 High Version pom version 5.3.31 Highest
CVE-2016-1000027 suppress
Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's position is that untrusted data is not an intended use case. The product's behavior will not be changed because some users rely on deserialization of trusted data. CWE-502 Deserialization of Untrusted Data
CVSSv2:
Base Score: HIGH (7.5) Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P CVSSv3:
Base Score: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: