Dependency-Check Report

Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

Scan Information (show all):

dependency-check version: 12.2.0
Report Generated On: Mon, 19 Jan 2026 20:32:16 GMT
Dependencies Scanned: 26 (19 unique)
Vulnerable Dependencies: 2
Vulnerabilities Found: 3
Vulnerabilities Suppressed: 0
...
NVD API Last Checked: 2026-01-19T20:29:50Z
NVD API Last Modified: 2026-01-19T20:15:49Z

Summary

Summary of Vulnerable Dependencies (click to show all)

Dependency	Vulnerability IDs	Package	Highest Severity	CVE Count	Confidence	Evidence Count
caffeine-3.2.3.jar		pkg:maven/com.github.ben-manes.caffeine/caffeine@3.2.3		0		33
checker-qual-3.53.0.jar		pkg:maven/org.checkerframework/checker-qual@3.53.0		0		44
com.github.waffle:waffle-jna:3.6.0-SNAPSHOT		pkg:maven/com.github.waffle/waffle-jna@3.6.0-SNAPSHOT		0		6
commons-logging-1.3.5.jar		pkg:maven/commons-logging/commons-logging@1.3.5		0		129
error_prone_annotations-2.46.0.jar		pkg:maven/com.google.errorprone/error_prone_annotations@2.46.0		0		29
j2objc-annotations-3.1.jar		pkg:maven/com.google.j2objc/j2objc-annotations@3.1		0		33
jakarta.servlet-api-4.0.4.jar	cpe:2.3:a:oracle:projects:4.0.4:::::::*	pkg:maven/jakarta.servlet/jakarta.servlet-api@4.0.4		0	Low	43
jna-5.18.1.jar	cpe:2.3:a:oracle:java_se:5.18.1:::::::*	pkg:maven/net.java.dev.jna/jna@5.18.1		0	Low	48
jna-5.18.1.jar: jnidispatch.dll				0		2
jna-5.18.1.jar: jnidispatch.dll				0		2
jna-5.18.1.jar: jnidispatch.dll				0		2
jna-platform-5.18.1.jar		pkg:maven/net.java.dev.jna/jna-platform@5.18.1		0		42
jspecify-1.0.0.jar		pkg:maven/org.jspecify/jspecify@1.0.0		0		32
jsr305-3.0.2.jar		pkg:maven/com.google.code.findbugs/jsr305@3.0.2		0		17
slf4j-api-2.0.17.jar		pkg:maven/org.slf4j/slf4j-api@2.0.17		0		29
spotbugs-annotations-4.9.8.jar		pkg:maven/com.github.spotbugs/spotbugs-annotations@4.9.8		0		53
spring-core-5.3.39.jar	cpe:2.3:a:pivotal_software:spring_framework:5.3.39:::::::* cpe:2.3:a:springsource:spring_framework:5.3.39:::::::* cpe:2.3:a:vmware:spring_framework:5.3.39:::::::*	pkg:maven/org.springframework/spring-core@5.3.39	MEDIUM	1	Highest	37
spring-security-core-5.8.16.jar	cpe:2.3:a:pivotal_software:spring_security:5.8.16:::::::* cpe:2.3:a:vmware:spring_security:5.8.16:::::::*	pkg:maven/org.springframework.security/spring-security-core@5.8.16		0	Highest	38
spring-web-5.3.39.jar	cpe:2.3:a:pivotal_software:spring_framework:5.3.39:::::::* cpe:2.3:a:springsource:spring_framework:5.3.39:::::::* cpe:2.3:a:vmware:spring_framework:5.3.39:::::::*	pkg:maven/org.springframework/spring-web@5.3.39	CRITICAL	2	Highest	35

Dependencies (vulnerable)

caffeine-3.2.3.jar

Description:

A high performance caching library

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/runner/.m2/repository/com/github/ben-manes/caffeine/caffeine/3.2.3/caffeine-3.2.3.jar
MD5: 0258f45d43968523cc11beeb01b240f2
SHA1: c097f0f6d21a0e6db88ea55836e26419b30dfe19
SHA256:ca70c90a5d1ce1511880ce9c93d4ad22108f61111d3daf91eb52762b571bd179
Referenced In Project/Scope: waffle-spring-security5:compile
pkg:maven/com.github.waffle/waffle-jna@3.6.0-SNAPSHOT

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	caffeine	High
Vendor	jar	package name	cache	Highest
Vendor	jar	package name	caffeine	Highest
Vendor	jar	package name	github	Highest
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	Manifest	bundle-symbolicname	com.github.ben-manes.caffeine	Medium
Vendor	pom	artifactid	caffeine	Highest
Vendor	pom	artifactid	caffeine	Low
Vendor	pom	developer email	ben.manes@gmail.com	Low
Vendor	pom	developer id	ben-manes	Medium
Vendor	pom	developer name	Ben Manes	Medium
Vendor	pom	groupid	com.github.ben-manes.caffeine	Highest
Vendor	pom	name	Caffeine cache	High
Vendor	pom	url	ben-manes/caffeine	Highest
Product	file	name	caffeine	High
Product	jar	package name	cache	Highest
Product	jar	package name	caffeine	Highest
Product	jar	package name	github	Highest
Product	Manifest	build-jdk-spec	11	Low
Product	Manifest	Bundle-Name	com.github.ben-manes.caffeine	Medium
Product	Manifest	bundle-symbolicname	com.github.ben-manes.caffeine	Medium
Product	Manifest	Implementation-Title	A high performance caching library	High
Product	pom	artifactid	caffeine	Highest
Product	pom	developer email	ben.manes@gmail.com	Low
Product	pom	developer id	ben-manes	Low
Product	pom	developer name	Ben Manes	Low
Product	pom	groupid	com.github.ben-manes.caffeine	Highest
Product	pom	name	Caffeine cache	High
Product	pom	url	ben-manes/caffeine	High
Version	file	version	3.2.3	High
Version	Manifest	Bundle-Version	3.2.3	High
Version	Manifest	Implementation-Version	3.2.3	High
Version	pom	version	3.2.3	Highest

Identifiers

pkg:maven/com.github.ben-manes.caffeine/caffeine@3.2.3 (Confidence:High)

checker-qual-3.53.0.jar

Description:

checker-qual contains annotations (type qualifiers) that a programmerwrites to specify Java code for type-checking by the Checker Framework.

License:

The MIT License: http://opensource.org/licenses/MIT

File Path: /home/runner/.m2/repository/org/checkerframework/checker-qual/3.53.0/checker-qual-3.53.0.jar
MD5: d1ee2a3366a19a8fff01208da2adb48e
SHA1: af1105964a03d7ed8aaf8ea2cb6ec0da7ec6c7a6
SHA256:7ca002815d92fad79e966b375c2ee7b2b4bf953024bc9a5d5e0c59df13ff5af8
Referenced In Project/Scope: waffle-spring-security5:compile
pkg:maven/com.github.waffle/waffle-jna@3.6.0-SNAPSHOT

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	checker-qual	High
Vendor	jar	package name	checker	Highest
Vendor	jar	package name	checkerframework	Highest
Vendor	jar	package name	framework	Highest
Vendor	jar	package name	qual	Highest
Vendor	Manifest	bundle-symbolicname	checker-qual	Medium
Vendor	Manifest	implementation-url	https://checkerframework.org	Low
Vendor	pom	artifactid	checker-qual	Highest
Vendor	pom	artifactid	checker-qual	Low
Vendor	pom	developer email	mernst@cs.washington.edu	Low
Vendor	pom	developer email	smillst@cs.washington.edu	Low
Vendor	pom	developer id	mernst	Medium
Vendor	pom	developer id	smillst	Medium
Vendor	pom	developer name	Michael Ernst	Medium
Vendor	pom	developer name	Suzanne Millstein	Medium
Vendor	pom	developer org	University of Washington	Medium
Vendor	pom	developer org URL	https://www.cs.washington.edu/	Medium
Vendor	pom	groupid	org.checkerframework	Highest
Vendor	pom	name	Checker Qual	High
Vendor	pom	url	https://checkerframework.org/	Highest
Product	file	name	checker-qual	High
Product	jar	package name	checker	Highest
Product	jar	package name	checkerframework	Highest
Product	jar	package name	framework	Highest
Product	jar	package name	qual	Highest
Product	Manifest	Bundle-Name	checker-qual	Medium
Product	Manifest	bundle-symbolicname	checker-qual	Medium
Product	Manifest	implementation-url	https://checkerframework.org	Low
Product	pom	artifactid	checker-qual	Highest
Product	pom	developer email	mernst@cs.washington.edu	Low
Product	pom	developer email	smillst@cs.washington.edu	Low
Product	pom	developer id	mernst	Low
Product	pom	developer id	smillst	Low
Product	pom	developer name	Michael Ernst	Low
Product	pom	developer name	Suzanne Millstein	Low
Product	pom	developer org	University of Washington	Low
Product	pom	developer org URL	https://www.cs.washington.edu/	Low
Product	pom	groupid	org.checkerframework	Highest
Product	pom	name	Checker Qual	High
Product	pom	url	https://checkerframework.org/	Medium
Version	file	version	3.53.0	High
Version	Manifest	Bundle-Version	3.53.0	High
Version	Manifest	Implementation-Version	3.53.0	High
Version	pom	version	3.53.0	Highest

Identifiers

pkg:maven/org.checkerframework/checker-qual@3.53.0 (Confidence:High)

com.github.waffle:waffle-jna:3.6.0-SNAPSHOT

Description:

WAFFLE JNA implementation

License:

MIT https://raw.github.com/Waffle/waffle/master/LICENSE

File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-jna/pom.xml

Referenced In Project/Scope: waffle-spring-security5
pkg:maven/com.github.waffle/waffle-spring-security5@3.6.0-SNAPSHOT

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	pom	High
Vendor	project	artifactid	waffle-jna	Low
Vendor	project	groupid	com.github.waffle	Highest
Product	file	name	pom	High
Product	project	artifactid	waffle-jna	Highest
Product	project	groupid	com.github.waffle	Low

Identifiers

pkg:maven/com.github.waffle/waffle-jna@3.6.0-SNAPSHOT (Confidence:Highest)

commons-logging-1.3.5.jar

Description:

Apache Commons Logging is a thin adapter allowing configurable bridging to other,
    well-known logging systems.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/runner/.m2/repository/commons-logging/commons-logging/1.3.5/commons-logging-1.3.5.jar
MD5: 9ca067b073153c86c2da350c0f2cdf70
SHA1: a3fcc5d3c29b2b03433aa2d2f2d2c1b1638924a1
SHA256:6d7a744e4027649fbb50895df9497d109f98c766a637062fe8d2eabbb3140ba4
Referenced In Project/Scope: waffle-spring-security5:compile
pkg:maven/com.github.waffle/waffle-spring-security5@3.6.0-SNAPSHOT

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	commons-logging	High
Vendor	jar	package name	apache	Highest
Vendor	jar	package name	commons	Highest
Vendor	jar	package name	logging	Highest
Vendor	Manifest	automatic-module-name	org.apache.commons.logging	Medium
Vendor	Manifest	build-jdk-spec	21	Low
Vendor	Manifest	bundle-docurl	https://commons.apache.org/proper/commons-logging/	Low
Vendor	Manifest	bundle-symbolicname	org.apache.commons.commons-logging	Medium
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	Manifest	multi-release	true	Low
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	pom	artifactid	commons-logging	Highest
Vendor	pom	artifactid	commons-logging	Low
Vendor	pom	developer email	baliuka@apache.org	Low
Vendor	pom	developer email	costin@apache.org	Low
Vendor	pom	developer email	craigmcc@apache.org	Low
Vendor	pom	developer email	dennisl@apache.org	Low
Vendor	pom	developer email	donaldp@apache.org	Low
Vendor	pom	developer email	ggregory at apache.org	Low
Vendor	pom	developer email	morgand@apache.org	Low
Vendor	pom	developer email	rdonkin@apache.org	Low
Vendor	pom	developer email	rsitze@apache.org	Low
Vendor	pom	developer email	rwaldhoff@apache.org	Low
Vendor	pom	developer email	sanders@apache.org	Low
Vendor	pom	developer email	skitching@apache.org	Low
Vendor	pom	developer email	tn@apache.org	Low
Vendor	pom	developer id	baliuka	Medium
Vendor	pom	developer id	bstansberry	Medium
Vendor	pom	developer id	costin	Medium
Vendor	pom	developer id	craigmcc	Medium
Vendor	pom	developer id	dennisl	Medium
Vendor	pom	developer id	donaldp	Medium
Vendor	pom	developer id	ggregory	Medium
Vendor	pom	developer id	morgand	Medium
Vendor	pom	developer id	rdonkin	Medium
Vendor	pom	developer id	rsitze	Medium
Vendor	pom	developer id	rwaldhoff	Medium
Vendor	pom	developer id	sanders	Medium
Vendor	pom	developer id	skitching	Medium
Vendor	pom	developer id	tn	Medium
Vendor	pom	developer name	Brian Stansberry	Medium
Vendor	pom	developer name	Costin Manolache	Medium
Vendor	pom	developer name	Craig McClanahan	Medium
Vendor	pom	developer name	Dennis Lundberg	Medium
Vendor	pom	developer name	Gary Gregory	Medium
Vendor	pom	developer name	Juozas Baliuka	Medium
Vendor	pom	developer name	Morgan Delagrange	Medium
Vendor	pom	developer name	Peter Donald	Medium
Vendor	pom	developer name	Richard Sitze	Medium
Vendor	pom	developer name	Robert Burrell Donkin	Medium
Vendor	pom	developer name	Rodney Waldhoff	Medium
Vendor	pom	developer name	Scott Sanders	Medium
Vendor	pom	developer name	Simon Kitching	Medium
Vendor	pom	developer name	Thomas Neidhart	Medium
Vendor	pom	developer org	Apache	Medium
Vendor	pom	developer org	The Apache Software Foundation	Medium
Vendor	pom	developer org URL	https://www.apache.org/	Medium
Vendor	pom	groupid	commons-logging	Highest
Vendor	pom	name	Apache Commons Logging	High
Vendor	pom	parent-artifactid	commons-parent	Low
Vendor	pom	parent-groupid	org.apache.commons	Medium
Vendor	pom	url	https://commons.apache.org/proper/commons-logging/	Highest
Product	file	name	commons-logging	High
Product	jar	package name	apache	Highest
Product	jar	package name	commons	Highest
Product	jar	package name	logging	Highest
Product	Manifest	automatic-module-name	org.apache.commons.logging	Medium
Product	Manifest	build-jdk-spec	21	Low
Product	Manifest	bundle-docurl	https://commons.apache.org/proper/commons-logging/	Low
Product	Manifest	Bundle-Name	Apache Commons Logging	Medium
Product	Manifest	bundle-symbolicname	org.apache.commons.commons-logging	Medium
Product	Manifest	Implementation-Title	Apache Commons Logging	High
Product	Manifest	multi-release	true	Low
Product	Manifest	specification-title	Apache Commons Logging	Medium
Product	pom	artifactid	commons-logging	Highest
Product	pom	developer email	baliuka@apache.org	Low
Product	pom	developer email	costin@apache.org	Low
Product	pom	developer email	craigmcc@apache.org	Low
Product	pom	developer email	dennisl@apache.org	Low
Product	pom	developer email	donaldp@apache.org	Low
Product	pom	developer email	ggregory at apache.org	Low
Product	pom	developer email	morgand@apache.org	Low
Product	pom	developer email	rdonkin@apache.org	Low
Product	pom	developer email	rsitze@apache.org	Low
Product	pom	developer email	rwaldhoff@apache.org	Low
Product	pom	developer email	sanders@apache.org	Low
Product	pom	developer email	skitching@apache.org	Low
Product	pom	developer email	tn@apache.org	Low
Product	pom	developer id	baliuka	Low
Product	pom	developer id	bstansberry	Low
Product	pom	developer id	costin	Low
Product	pom	developer id	craigmcc	Low
Product	pom	developer id	dennisl	Low
Product	pom	developer id	donaldp	Low
Product	pom	developer id	ggregory	Low
Product	pom	developer id	morgand	Low
Product	pom	developer id	rdonkin	Low
Product	pom	developer id	rsitze	Low
Product	pom	developer id	rwaldhoff	Low
Product	pom	developer id	sanders	Low
Product	pom	developer id	skitching	Low
Product	pom	developer id	tn	Low
Product	pom	developer name	Brian Stansberry	Low
Product	pom	developer name	Costin Manolache	Low
Product	pom	developer name	Craig McClanahan	Low
Product	pom	developer name	Dennis Lundberg	Low
Product	pom	developer name	Gary Gregory	Low
Product	pom	developer name	Juozas Baliuka	Low
Product	pom	developer name	Morgan Delagrange	Low
Product	pom	developer name	Peter Donald	Low
Product	pom	developer name	Richard Sitze	Low
Product	pom	developer name	Robert Burrell Donkin	Low
Product	pom	developer name	Rodney Waldhoff	Low
Product	pom	developer name	Scott Sanders	Low
Product	pom	developer name	Simon Kitching	Low
Product	pom	developer name	Thomas Neidhart	Low
Product	pom	developer org	Apache	Low
Product	pom	developer org	The Apache Software Foundation	Low
Product	pom	developer org URL	https://www.apache.org/	Low
Product	pom	groupid	commons-logging	Highest
Product	pom	name	Apache Commons Logging	High
Product	pom	parent-artifactid	commons-parent	Medium
Product	pom	parent-groupid	org.apache.commons	Medium
Product	pom	url	https://commons.apache.org/proper/commons-logging/	Medium
Version	file	version	1.3.5	High
Version	Manifest	Bundle-Version	1.3.5	High
Version	Manifest	Implementation-Version	1.3.5	High
Version	pom	parent-version	1.3.5	Low
Version	pom	version	1.3.5	Highest

Identifiers

pkg:maven/commons-logging/commons-logging@1.3.5 (Confidence:High)

error_prone_annotations-2.46.0.jar

Description:

Error Prone is a static analysis tool for Java that catches common programming mistakes at compile-time.

License:

Apache 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/runner/.m2/repository/com/google/errorprone/error_prone_annotations/2.46.0/error_prone_annotations-2.46.0.jar
MD5: d0dabea249c067d21d7eb997fbdf5c99
SHA1: 4ecb5d2392c38c46e6cb65e1bf60be708d97005d
SHA256:b67be81ff4b956401146e14eaf1526bc435a9480f2546e91eb45b796631a8a99
Referenced In Project/Scope: waffle-spring-security5:provided
pkg:maven/com.github.waffle/waffle-spring-security5@3.6.0-SNAPSHOT

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	error_prone_annotations	High
Vendor	jar	package name	annotations	Highest
Vendor	jar	package name	errorprone	Highest
Vendor	jar	package name	google	Highest
Vendor	Manifest	build-jdk-spec	21	Low
Vendor	Manifest	bundle-docurl	https://errorprone.info/error_prone_annotations	Low
Vendor	Manifest	bundle-symbolicname	com.google.errorprone.annotations	Medium
Vendor	Manifest	multi-release	true	Low
Vendor	pom	artifactid	error_prone_annotations	Highest
Vendor	pom	artifactid	error_prone_annotations	Low
Vendor	pom	groupid	com.google.errorprone	Highest
Vendor	pom	name	error-prone annotations	High
Vendor	pom	parent-artifactid	error_prone_parent	Low
Product	file	name	error_prone_annotations	High
Product	jar	package name	annotations	Highest
Product	jar	package name	errorprone	Highest
Product	jar	package name	google	Highest
Product	Manifest	build-jdk-spec	21	Low
Product	Manifest	bundle-docurl	https://errorprone.info/error_prone_annotations	Low
Product	Manifest	Bundle-Name	error-prone annotations	Medium
Product	Manifest	bundle-symbolicname	com.google.errorprone.annotations	Medium
Product	Manifest	multi-release	true	Low
Product	pom	artifactid	error_prone_annotations	Highest
Product	pom	groupid	com.google.errorprone	Highest
Product	pom	name	error-prone annotations	High
Product	pom	parent-artifactid	error_prone_parent	Medium
Version	file	version	2.46.0	High
Version	Manifest	Bundle-Version	2.46.0	High
Version	pom	version	2.46.0	Highest

Identifiers

pkg:maven/com.google.errorprone/error_prone_annotations@2.46.0 (Confidence:High)

j2objc-annotations-3.1.jar

Description:

    A set of annotations that provide additional information to the J2ObjC
    translator to modify the result of translation.

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/runner/.m2/repository/com/google/j2objc/j2objc-annotations/3.1/j2objc-annotations-3.1.jar
MD5: abe8bd3abff622b9a8b15c3a737aa741
SHA1: a892ca9507839bbdb900d64310ac98256cab992f
SHA256:84d3a150518485f8140ea99b8a985656749629f6433c92b80c75b36aba3b099b
Referenced In Project/Scope: waffle-spring-security5:provided
pkg:maven/com.github.waffle/waffle-spring-security5@3.6.0-SNAPSHOT

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	j2objc-annotations	High
Vendor	jar	package name	annotations	Highest
Vendor	jar	package name	google	Highest
Vendor	jar	package name	j2objc	Highest
Vendor	Manifest	build-jdk-spec	22	Low
Vendor	Manifest	multi-release	true	Low
Vendor	pom	artifactid	j2objc-annotations	Highest
Vendor	pom	artifactid	j2objc-annotations	Low
Vendor	pom	developer email	tball@google.com	Low
Vendor	pom	developer id	tomball	Medium
Vendor	pom	developer name	Tom Ball	Medium
Vendor	pom	developer org	Google	Medium
Vendor	pom	developer org URL	https://www.google.com	Medium
Vendor	pom	groupid	com.google.j2objc	Highest
Vendor	pom	name	J2ObjC Annotations	High
Vendor	pom	url	google/j2objc/	Highest
Product	file	name	j2objc-annotations	High
Product	jar	package name	annotations	Highest
Product	jar	package name	google	Highest
Product	jar	package name	j2objc	Highest
Product	Manifest	build-jdk-spec	22	Low
Product	Manifest	multi-release	true	Low
Product	pom	artifactid	j2objc-annotations	Highest
Product	pom	developer email	tball@google.com	Low
Product	pom	developer id	tomball	Low
Product	pom	developer name	Tom Ball	Low
Product	pom	developer org	Google	Low
Product	pom	developer org URL	https://www.google.com	Low
Product	pom	groupid	com.google.j2objc	Highest
Product	pom	name	J2ObjC Annotations	High
Product	pom	url	google/j2objc/	High
Version	file	version	3.1	High
Version	pom	version	3.1	Highest

Identifiers

pkg:maven/com.google.j2objc/j2objc-annotations@3.1 (Confidence:High)

jakarta.servlet-api-4.0.4.jar

Description:

Jakarta Servlet 4.0

License:

EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html

File Path: /home/runner/.m2/repository/jakarta/servlet/jakarta.servlet-api/4.0.4/jakarta.servlet-api-4.0.4.jar
MD5: f5d1d7a29978e4ae0be5a456ee1c65c3
SHA1: b8a1142e04838fe54194049c6e7a18dae8f9b960
SHA256:586e27706c21258f5882f43be06904f49b02db9ac54e345d393fe4a32494d127
Referenced In Project/Scope: waffle-spring-security5:provided
pkg:maven/com.github.waffle/waffle-spring-security5@3.6.0-SNAPSHOT

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	jakarta.servlet-api	High
Vendor	jar	package name	javax	Highest
Vendor	jar	package name	servlet	Highest
Vendor	Manifest	automatic-module-name	java.servlet	Medium
Vendor	Manifest	bundle-docurl	https://www.eclipse.org	Low
Vendor	Manifest	bundle-symbolicname	jakarta.servlet-api	Medium
Vendor	Manifest	extension-name	javax.servlet	Medium
Vendor	Manifest	Implementation-Vendor	Eclipse Foundation	High
Vendor	Manifest	Implementation-Vendor-Id	org.eclipse	Medium
Vendor	Manifest	specification-vendor	Eclipse Foundation	Low
Vendor	pom	artifactid	jakarta.servlet-api	Highest
Vendor	pom	artifactid	jakarta.servlet-api	Low
Vendor	pom	developer id	yaminikb	Medium
Vendor	pom	developer name	Yamini K B	Medium
Vendor	pom	developer org	Oracle Corporation	Medium
Vendor	pom	developer org URL	http://www.oracle.com/	Medium
Vendor	pom	groupid	jakarta.servlet	Highest
Vendor	pom	name	Jakarta Servlet	High
Vendor	pom	parent-artifactid	project	Low
Vendor	pom	parent-groupid	org.eclipse.ee4j	Medium
Vendor	pom	url	https://projects.eclipse.org/projects/ee4j.servlet	Highest
Product	file	name	jakarta.servlet-api	High
Product	jar	package name	javax	Highest
Product	jar	package name	servlet	Highest
Product	Manifest	automatic-module-name	java.servlet	Medium
Product	Manifest	bundle-docurl	https://www.eclipse.org	Low
Product	Manifest	Bundle-Name	Jakarta Servlet	Medium
Product	Manifest	bundle-symbolicname	jakarta.servlet-api	Medium
Product	Manifest	extension-name	javax.servlet	Medium
Product	pom	artifactid	jakarta.servlet-api	Highest
Product	pom	developer id	yaminikb	Low
Product	pom	developer name	Yamini K B	Low
Product	pom	developer org	Oracle Corporation	Low
Product	pom	developer org URL	http://www.oracle.com/	Low
Product	pom	groupid	jakarta.servlet	Highest
Product	pom	name	Jakarta Servlet	High
Product	pom	parent-artifactid	project	Medium
Product	pom	parent-groupid	org.eclipse.ee4j	Medium
Product	pom	url	https://projects.eclipse.org/projects/ee4j.servlet	Medium
Version	file	version	4.0.4	High
Version	Manifest	Implementation-Version	4.0.4	High
Version	pom	parent-version	4.0.4	Low
Version	pom	version	4.0.4	Highest

Identifiers

pkg:maven/jakarta.servlet/jakarta.servlet-api@4.0.4 (Confidence:High)
cpe:2.3:a:oracle:projects:4.0.4:*:*:*:*:*:*:* (Confidence:Low)

jna-5.18.1.jar

Description:

Java Native Access

License:

LGPL-2.1-or-later: https://www.gnu.org/licenses/old-licenses/lgpl-2.1
Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/runner/.m2/repository/net/java/dev/jna/jna/5.18.1/jna-5.18.1.jar
MD5: cb531ec131e1c68c045b5d45fe5b9878
SHA1: b27ba04287cc4abe769642fe8318d39fc89bf937
SHA256:260c4b1e22b1db9e110ee441c4f13ce115f841fa48c41d78750986214b395557
Referenced In Project/Scope: waffle-spring-security5:compile
pkg:maven/com.github.waffle/waffle-jna@3.6.0-SNAPSHOT

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	jna	High
Vendor	jar	package name	jna	Highest
Vendor	jar	package name	native	Highest
Vendor	jar	package name	sun	Highest
Vendor	jar (hint)	package name	oracle	Highest
Vendor	Manifest	automatic-module-name	com.sun.jna	Medium
Vendor	Manifest	bundle-activationpolicy	lazy	Low
Vendor	Manifest	bundle-category	jni	Low
Vendor	Manifest	bundle-nativecode	com/sun/jna/win32-x86/jnidispatch.dll; processor=x86;osname=win32, com/sun/jna/win32-x86-64/jnidispatch.dll; processor=x86-64;osname=win32, com/sun/jna/win32-aarch64/jnidispatch.dll; processor=aarch64;osname=win32, com/sun/jna/win32-x86/jnidispatch.dll; processor=x86;osname=win, com/sun/jna/win32-x86-64/jnidispatch.dll; processor=x86-64;osname=win, com/sun/jna/win32-aarch64/jnidispatch.dll; processor=aarch64;osname=win, com/sun/jna/w32ce-arm/jnidispatch.dll; processor=arm;osname=wince, com/sun/jna/sunos-x86/libjnidispatch.so; processor=x86;osname=sunos, com/sun/jna/sunos-x86-64/libjnidispatch.so; processor=x86-64;osname=sunos, com/sun/jna/sunos-sparc/libjnidispatch.so; processor=sparc;osname=sunos, com/sun/jna/sunos-sparcv9/libjnidispatch.so; processor=sparcv9;osname=sunos, com/sun/jna/aix-ppc/libjnidispatch.a; processor=ppc;osname=aix, com/sun/jna/aix-ppc64/libjnidispatch.a; processor=ppc64;osname=aix, com/sun/jna/linux-ppc/libjnidispatch.so; processor=ppc;osname=linux, com/sun/jna/linux-ppc64/libjnidispatch.so; processor=ppc64;osname=linux, com/sun/jna/linux-ppc64le/libjnidispatch.so; processor=ppc64le;osname=linux, com/sun/jna/linux-x86/libjnidispatch.so; processor=x86;osname=linux, com/sun/jna/linux-x86-64/libjnidispatch.so; processor=x86-64;osname=linux, com/sun/jna/linux-arm/libjnidispatch.so; processor=arm;osname=linux, com/sun/jna/linux-arm/libjnidispatch.so; processor=arm_le;osname=linux, com/sun/jna/linux-armel/libjnidispatch.so; processor=armel;osname=linux, com/sun/jna/linux-aarch64/libjnidispatch.so; processor=aarch64;osname=linux, com/sun/jna/linux-ia64/libjnidispatch.so; processor=ia64;osname=linux, com/sun/jna/linux-sparcv9/libjnidispatch.so; processor=sparcv9;osname=linux, com/sun/jna/linux-mips64el/libjnidispatch.so; processor=mips64el;osname=linux, com/sun/jna/linux-s390x/libjnidispatch.so; processor=S390x;osname=linux, com/sun/jna/linux-loongarch64/libjnidispatch.so; processor=loongarch64;osname=linux, com/sun/jna/linux-riscv64/libjnidispatch.so; processor=riscv64;osname=linux, com/sun/jna/dragonflybsd-x86-64/libjnidispatch.so; processor=x86-64;osname=dragonflybsd, com/sun/jna/freebsd-x86/libjnidispatch.so; processor=x86;osname=freebsd, com/sun/jna/freebsd-x86-64/libjnidispatch.so; processor=x86-64;osname=freebsd, com/sun/jna/freebsd-aarch64/libjnidispatch.so; processor=aarch64;osname=freebsd, com/sun/jna/freebsd-ppc64le/libjnidispatch.so; processor=ppc64le;osname=freebsd, com/sun/jna/freebsd-ppc64/libjnidispatch.so; processor=ppc64;osname=freebsd, com/sun/jna/openbsd-x86/libjnidispatch.so; processor=x86;osname=openbsd, com/sun/jna/openbsd-x86-64/libjnidispatch.so; processor=x86-64;osname=openbsd, com/sun/jna/darwin-ppc/libjnidispatch.jnilib; osname=macosx;processor=ppc, com/sun/jna/darwin-ppc64/libjnidispatch.jnilib; osname=macosx;processor=ppc64, com/sun/jna/darwin-x86/libjnidispatch.jnilib; osname=macosx;processor=x86, com/sun/jna/darwin-x86-64/libjnidispatch.jnilib; osname=macosx;processor=x86-64, com/sun/jna/darwin-aarch64/libjnidispatch.jnilib; osname=macosx;processor=aarch64	Low
Vendor	Manifest	bundle-requiredexecutionenvironment	JavaSE-1.6	Low
Vendor	Manifest	bundle-symbolicname	com.sun.jna	Medium
Vendor	Manifest	Implementation-Vendor	JNA Development Team	High
Vendor	Manifest	specification-vendor	JNA Development Team	Low
Vendor	pom	artifactid	jna	Highest
Vendor	pom	artifactid	jna	Low
Vendor	pom	developer email	mblaesing@doppel-helix.eu	Low
Vendor	pom	developer id	twall	Medium
Vendor	pom	developer name	Matthias Bläsing	Medium
Vendor	pom	developer name	Timothy Wall	Medium
Vendor	pom	groupid	net.java.dev.jna	Highest
Vendor	pom	name	Java Native Access	High
Vendor	pom	url	java-native-access/jna	Highest
Product	file	name	jna	High
Product	jar	package name	jna	Highest
Product	jar	package name	library	Highest
Product	jar	package name	native	Highest
Product	jar	package name	sun	Highest
Product	jar	package name	win32	Highest
Product	Manifest	automatic-module-name	com.sun.jna	Medium
Product	Manifest	bundle-activationpolicy	lazy	Low
Product	Manifest	bundle-category	jni	Low
Product	Manifest	Bundle-Name	jna	Medium
Product	Manifest	bundle-nativecode	com/sun/jna/win32-x86/jnidispatch.dll; processor=x86;osname=win32, com/sun/jna/win32-x86-64/jnidispatch.dll; processor=x86-64;osname=win32, com/sun/jna/win32-aarch64/jnidispatch.dll; processor=aarch64;osname=win32, com/sun/jna/win32-x86/jnidispatch.dll; processor=x86;osname=win, com/sun/jna/win32-x86-64/jnidispatch.dll; processor=x86-64;osname=win, com/sun/jna/win32-aarch64/jnidispatch.dll; processor=aarch64;osname=win, com/sun/jna/w32ce-arm/jnidispatch.dll; processor=arm;osname=wince, com/sun/jna/sunos-x86/libjnidispatch.so; processor=x86;osname=sunos, com/sun/jna/sunos-x86-64/libjnidispatch.so; processor=x86-64;osname=sunos, com/sun/jna/sunos-sparc/libjnidispatch.so; processor=sparc;osname=sunos, com/sun/jna/sunos-sparcv9/libjnidispatch.so; processor=sparcv9;osname=sunos, com/sun/jna/aix-ppc/libjnidispatch.a; processor=ppc;osname=aix, com/sun/jna/aix-ppc64/libjnidispatch.a; processor=ppc64;osname=aix, com/sun/jna/linux-ppc/libjnidispatch.so; processor=ppc;osname=linux, com/sun/jna/linux-ppc64/libjnidispatch.so; processor=ppc64;osname=linux, com/sun/jna/linux-ppc64le/libjnidispatch.so; processor=ppc64le;osname=linux, com/sun/jna/linux-x86/libjnidispatch.so; processor=x86;osname=linux, com/sun/jna/linux-x86-64/libjnidispatch.so; processor=x86-64;osname=linux, com/sun/jna/linux-arm/libjnidispatch.so; processor=arm;osname=linux, com/sun/jna/linux-arm/libjnidispatch.so; processor=arm_le;osname=linux, com/sun/jna/linux-armel/libjnidispatch.so; processor=armel;osname=linux, com/sun/jna/linux-aarch64/libjnidispatch.so; processor=aarch64;osname=linux, com/sun/jna/linux-ia64/libjnidispatch.so; processor=ia64;osname=linux, com/sun/jna/linux-sparcv9/libjnidispatch.so; processor=sparcv9;osname=linux, com/sun/jna/linux-mips64el/libjnidispatch.so; processor=mips64el;osname=linux, com/sun/jna/linux-s390x/libjnidispatch.so; processor=S390x;osname=linux, com/sun/jna/linux-loongarch64/libjnidispatch.so; processor=loongarch64;osname=linux, com/sun/jna/linux-riscv64/libjnidispatch.so; processor=riscv64;osname=linux, com/sun/jna/dragonflybsd-x86-64/libjnidispatch.so; processor=x86-64;osname=dragonflybsd, com/sun/jna/freebsd-x86/libjnidispatch.so; processor=x86;osname=freebsd, com/sun/jna/freebsd-x86-64/libjnidispatch.so; processor=x86-64;osname=freebsd, com/sun/jna/freebsd-aarch64/libjnidispatch.so; processor=aarch64;osname=freebsd, com/sun/jna/freebsd-ppc64le/libjnidispatch.so; processor=ppc64le;osname=freebsd, com/sun/jna/freebsd-ppc64/libjnidispatch.so; processor=ppc64;osname=freebsd, com/sun/jna/openbsd-x86/libjnidispatch.so; processor=x86;osname=openbsd, com/sun/jna/openbsd-x86-64/libjnidispatch.so; processor=x86-64;osname=openbsd, com/sun/jna/darwin-ppc/libjnidispatch.jnilib; osname=macosx;processor=ppc, com/sun/jna/darwin-ppc64/libjnidispatch.jnilib; osname=macosx;processor=ppc64, com/sun/jna/darwin-x86/libjnidispatch.jnilib; osname=macosx;processor=x86, com/sun/jna/darwin-x86-64/libjnidispatch.jnilib; osname=macosx;processor=x86-64, com/sun/jna/darwin-aarch64/libjnidispatch.jnilib; osname=macosx;processor=aarch64	Low
Product	Manifest	bundle-requiredexecutionenvironment	JavaSE-1.6	Low
Product	Manifest	bundle-symbolicname	com.sun.jna	Medium
Product	Manifest	Implementation-Title	com.sun.jna	High
Product	Manifest	specification-title	Java Native Access (JNA)	Medium
Product	pom	artifactid	jna	Highest
Product	pom	developer email	mblaesing@doppel-helix.eu	Low
Product	pom	developer id	twall	Low
Product	pom	developer name	Matthias Bläsing	Low
Product	pom	developer name	Timothy Wall	Low
Product	pom	groupid	net.java.dev.jna	Highest
Product	pom	name	Java Native Access	High
Product	pom	url	java-native-access/jna	High
Version	file	version	5.18.1	High
Version	Manifest	Bundle-Version	5.18.1	High
Version	pom	version	5.18.1	Highest

Identifiers

pkg:maven/net.java.dev.jna/jna@5.18.1 (Confidence:High)
cpe:2.3:a:oracle:java_se:5.18.1:*:*:*:*:*:*:* (Confidence:Low)

jna-5.18.1.jar: jnidispatch.dll

File Path: /home/runner/.m2/repository/net/java/dev/jna/jna/5.18.1/jna-5.18.1.jar/com/sun/jna/win32-aarch64/jnidispatch.dll
MD5: 302945a811fd8e21bcdd5226c73b6f74
SHA1: 6b05e299ff2b3eb3b7b7aeac44263f715693607c
SHA256:b8f98be314234cf12b5b46c29652f70c0f6abb93ae19b63d3fe2692062aa699d
Referenced In Project/Scope: waffle-spring-security5:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	jnidispatch	High
Product	file	name	jnidispatch	High

Identifiers

None

jna-5.18.1.jar: jnidispatch.dll

File Path: /home/runner/.m2/repository/net/java/dev/jna/jna/5.18.1/jna-5.18.1.jar/com/sun/jna/win32-x86-64/jnidispatch.dll
MD5: 2d2475f1f026dd54e9f3e787ae4f81da
SHA1: 27ff882ac271db547aee520b38e3ba9aa91e136c
SHA256:5a7ff949f6d93d86491eb5b26b1cfc60051168a60622650224b89995ac420023
Referenced In Project/Scope: waffle-spring-security5:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	jnidispatch	High
Product	file	name	jnidispatch	High

Identifiers

None

jna-5.18.1.jar: jnidispatch.dll

File Path: /home/runner/.m2/repository/net/java/dev/jna/jna/5.18.1/jna-5.18.1.jar/com/sun/jna/win32-x86/jnidispatch.dll
MD5: 0caa1ef75a807f9dde05084fa2219a5c
SHA1: 2f5e1cd82cde192905c7510ce99037b67d980640
SHA256:752d597cee7e95cb517327146bf42f124c0d6c0bc48b3ecc3b1b3b0531a52f44
Referenced In Project/Scope: waffle-spring-security5:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	jnidispatch	High
Product	file	name	jnidispatch	High

Identifiers

None

jna-platform-5.18.1.jar

Description:

Java Native Access Platform

License:

LGPL-2.1-or-later: https://www.gnu.org/licenses/old-licenses/lgpl-2.1
Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/runner/.m2/repository/net/java/dev/jna/jna-platform/5.18.1/jna-platform-5.18.1.jar
MD5: a7af00779ec98bfe22dfb07b1532830d
SHA1: dd817f391efc492041c9ae91127527c13750a789
SHA256:ad14c1b1ec4f43d396231219dfa635ebf828f738eac9f890ea1bc07795892d9a
Referenced In Project/Scope: waffle-spring-security5:compile
pkg:maven/com.github.waffle/waffle-jna@3.6.0-SNAPSHOT

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	jna-platform	High
Vendor	jar	package name	jna	Highest
Vendor	jar	package name	platform	Highest
Vendor	jar	package name	sun	Highest
Vendor	jar (hint)	package name	oracle	Highest
Vendor	Manifest	automatic-module-name	com.sun.jna.platform	Medium
Vendor	Manifest	bundle-category	jni	Low
Vendor	Manifest	bundle-requiredexecutionenvironment	J2SE-1.4	Low
Vendor	Manifest	bundle-symbolicname	com.sun.jna.platform	Medium
Vendor	Manifest	Implementation-Vendor	JNA Development Team	High
Vendor	Manifest	specification-vendor	JNA Development Team	Low
Vendor	pom	artifactid	jna-platform	Highest
Vendor	pom	artifactid	jna-platform	Low
Vendor	pom	developer email	mblaesing@doppel-helix.eu	Low
Vendor	pom	developer id	twall	Medium
Vendor	pom	developer name	Matthias Bläsing	Medium
Vendor	pom	developer name	Timothy Wall	Medium
Vendor	pom	groupid	net.java.dev.jna	Highest
Vendor	pom	name	Java Native Access Platform	High
Vendor	pom	url	java-native-access/jna	Highest
Product	file	name	jna-platform	High
Product	jar	package name	jna	Highest
Product	jar	package name	platform	Highest
Product	jar	package name	sun	Highest
Product	Manifest	automatic-module-name	com.sun.jna.platform	Medium
Product	Manifest	bundle-category	jni	Low
Product	Manifest	Bundle-Name	jna-platform	Medium
Product	Manifest	bundle-requiredexecutionenvironment	J2SE-1.4	Low
Product	Manifest	bundle-symbolicname	com.sun.jna.platform	Medium
Product	Manifest	Implementation-Title	com.sun.jna	High
Product	Manifest	specification-title	Java Native Access (JNA)	Medium
Product	pom	artifactid	jna-platform	Highest
Product	pom	developer email	mblaesing@doppel-helix.eu	Low
Product	pom	developer id	twall	Low
Product	pom	developer name	Matthias Bläsing	Low
Product	pom	developer name	Timothy Wall	Low
Product	pom	groupid	net.java.dev.jna	Highest
Product	pom	name	Java Native Access Platform	High
Product	pom	url	java-native-access/jna	High
Version	file	version	5.18.1	High
Version	Manifest	Bundle-Version	5.18.1	High
Version	pom	version	5.18.1	Highest

Identifiers

pkg:maven/net.java.dev.jna/jna-platform@5.18.1 (Confidence:High)

jspecify-1.0.0.jar

Description:

An artifact of well-named and well-specified annotations to power static analysis checks

License:

The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/runner/.m2/repository/org/jspecify/jspecify/1.0.0/jspecify-1.0.0.jar
MD5: 9133aba420d0ca3b001dbb6ae9992cf6
SHA1: 7425a601c1c7ec76645a78d22b8c6a627edee507
SHA256:1fad6e6be7557781e4d33729d49ae1cdc8fdda6fe477bb0cc68ce351eafdfbab
Referenced In Project/Scope: waffle-spring-security5:compile
pkg:maven/org.junit.jupiter/junit-jupiter-engine@6.0.2

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	jspecify	High
Vendor	jar	package name	annotations	Highest
Vendor	jar	package name	jspecify	Highest
Vendor	Manifest	bundle-docurl	https://jspecify.dev/docs/start-here	Low
Vendor	Manifest	bundle-symbolicname	org.jspecify.jspecify	Medium
Vendor	Manifest	multi-release	true	Low
Vendor	pom	artifactid	jspecify	Highest
Vendor	pom	artifactid	jspecify	Low
Vendor	pom	developer email	kevinb9n@gmail.com	Low
Vendor	pom	developer id	kevinb9n	Medium
Vendor	pom	developer name	Kevin Bourrillion	Medium
Vendor	pom	groupid	org.jspecify	Highest
Vendor	pom	name	JSpecify annotations	High
Vendor	pom	url	http://jspecify.org/	Highest
Product	file	name	jspecify	High
Product	jar	package name	annotations	Highest
Product	jar	package name	jspecify	Highest
Product	Manifest	bundle-docurl	https://jspecify.dev/docs/start-here	Low
Product	Manifest	Bundle-Name	JSpecify annotations	Medium
Product	Manifest	bundle-symbolicname	org.jspecify.jspecify	Medium
Product	Manifest	multi-release	true	Low
Product	pom	artifactid	jspecify	Highest
Product	pom	developer email	kevinb9n@gmail.com	Low
Product	pom	developer id	kevinb9n	Low
Product	pom	developer name	Kevin Bourrillion	Low
Product	pom	groupid	org.jspecify	Highest
Product	pom	name	JSpecify annotations	High
Product	pom	url	http://jspecify.org/	Medium
Version	file	version	1.0.0	High
Version	Manifest	Bundle-Version	1.0.0	High
Version	Manifest	Implementation-Version	1.0.0	High
Version	pom	version	1.0.0	Highest

Identifiers

pkg:maven/org.jspecify/jspecify@1.0.0 (Confidence:High)

jsr305-3.0.2.jar

Description:

JSR305 Annotations for Findbugs

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/runner/.m2/repository/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar
MD5: dd83accb899363c32b07d7a1b2e4ce40
SHA1: 25ea2e8b0c338a877313bd4672d3fe056ea78f0d
SHA256:766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7
Referenced In Project/Scope: waffle-spring-security5:provided
pkg:maven/com.github.spotbugs/spotbugs-annotations@4.9.8

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	jsr305	High
Vendor	Manifest	bundle-symbolicname	org.jsr-305	Medium
Vendor	pom	artifactid	jsr305	Highest
Vendor	pom	artifactid	jsr305	Low
Vendor	pom	groupid	com.google.code.findbugs	Highest
Vendor	pom	name	FindBugs-jsr305	High
Vendor	pom	url	http://findbugs.sourceforge.net/	Highest
Product	file	name	jsr305	High
Product	Manifest	Bundle-Name	FindBugs-jsr305	Medium
Product	Manifest	bundle-symbolicname	org.jsr-305	Medium
Product	pom	artifactid	jsr305	Highest
Product	pom	groupid	com.google.code.findbugs	Highest
Product	pom	name	FindBugs-jsr305	High
Product	pom	url	http://findbugs.sourceforge.net/	Medium
Version	file	version	3.0.2	High
Version	Manifest	Bundle-Version	3.0.2	High
Version	pom	version	3.0.2	Highest

Identifiers

pkg:maven/com.google.code.findbugs/jsr305@3.0.2 (Confidence:High)

slf4j-api-2.0.17.jar

Description:

The slf4j API

License:

https://opensource.org/license/mit

File Path: /home/runner/.m2/repository/org/slf4j/slf4j-api/2.0.17/slf4j-api-2.0.17.jar
MD5: b6480d114a23683498ac3f746f959d2f
SHA1: d9e58ac9c7779ba3bf8142aff6c830617a7fe60f
SHA256:7b751d952061954d5abfed7181c1f645d336091b679891591d63329c622eb832
Referenced In Project/Scope: waffle-spring-security5:compile
pkg:maven/com.github.waffle/waffle-jna@3.6.0-SNAPSHOT

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	slf4j-api	High
Vendor	jar	package name	slf4j	Highest
Vendor	Manifest	build-jdk-spec	21	Low
Vendor	Manifest	bundle-docurl	http://www.slf4j.org	Low
Vendor	Manifest	bundle-symbolicname	slf4j.api	Medium
Vendor	Manifest	multi-release	true	Low
Vendor	pom	artifactid	slf4j-api	Highest
Vendor	pom	artifactid	slf4j-api	Low
Vendor	pom	groupid	org.slf4j	Highest
Vendor	pom	name	SLF4J API Module	High
Vendor	pom	parent-artifactid	slf4j-parent	Low
Vendor	pom	url	http://www.slf4j.org	Highest
Product	file	name	slf4j-api	High
Product	jar	package name	slf4j	Highest
Product	Manifest	build-jdk-spec	21	Low
Product	Manifest	bundle-docurl	http://www.slf4j.org	Low
Product	Manifest	Bundle-Name	SLF4J API Module	Medium
Product	Manifest	bundle-symbolicname	slf4j.api	Medium
Product	Manifest	Implementation-Title	slf4j-api	High
Product	Manifest	multi-release	true	Low
Product	pom	artifactid	slf4j-api	Highest
Product	pom	groupid	org.slf4j	Highest
Product	pom	name	SLF4J API Module	High
Product	pom	parent-artifactid	slf4j-parent	Medium
Product	pom	url	http://www.slf4j.org	Medium
Version	file	version	2.0.17	High
Version	Manifest	Bundle-Version	2.0.17	High
Version	Manifest	Implementation-Version	2.0.17	High
Version	pom	version	2.0.17	Highest

Identifiers

pkg:maven/org.slf4j/slf4j-api@2.0.17 (Confidence:High)

spotbugs-annotations-4.9.8.jar

Description:

Annotations the SpotBugs tool supports

License:

GNU LESSER GENERAL PUBLIC LICENSE, Version 2.1: https://www.gnu.org/licenses/old-licenses/lgpl-2.1.en.html

File Path: /home/runner/.m2/repository/com/github/spotbugs/spotbugs-annotations/4.9.8/spotbugs-annotations-4.9.8.jar
MD5: d4c2e7bd090be697ad409a4e75684a94
SHA1: ca4a2783a6123e67124fd7feb4caccd2e2ac9a73
SHA256:6f69d6fe9c55a54dcb30e87d8fa2d5f52246af50d7a3445246d9539ef221be1c
Referenced In Project/Scope: waffle-spring-security5:provided
pkg:maven/com.github.waffle/waffle-spring-security5@3.6.0-SNAPSHOT

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	spotbugs-annotations	High
Vendor	Manifest	automatic-module-name	com.github.spotbugs.annotations	Medium
Vendor	Manifest	bundle-requiredexecutionenvironment	JavaSE-1.8	Low
Vendor	Manifest	bundle-symbolicname	spotbugs-annotations	Medium
Vendor	pom	artifactid	spotbugs-annotations	Highest
Vendor	pom	artifactid	spotbugs-annotations	Low
Vendor	pom	developer email	andreas.sewe@codetrails.com	Low
Vendor	pom	developer email	dbrosius@mebigfatguy.com	Low
Vendor	pom	developer email	loskutov@gmx.de	Low
Vendor	pom	developer email	skypencil@gmail.com	Low
Vendor	pom	developer id	henrik242	Medium
Vendor	pom	developer id	iloveeclipse	Medium
Vendor	pom	developer id	jsotuyod	Medium
Vendor	pom	developer id	KengoTODA	Medium
Vendor	pom	developer id	mebigfatguy	Medium
Vendor	pom	developer id	sewe	Medium
Vendor	pom	developer id	ThrawnCA	Medium
Vendor	pom	developer name	Andreas Sewe	Medium
Vendor	pom	developer name	Andrey Loskutov	Medium
Vendor	pom	developer name	Dave Brosius	Medium
Vendor	pom	developer name	Juan Martín Sotuyo Dodero	Medium
Vendor	pom	developer name	Kengo TODA	Medium
Vendor	pom	groupid	com.github.spotbugs	Highest
Vendor	pom	name	SpotBugs Annotations	High
Vendor	pom	url	https://spotbugs.github.io/	Highest
Product	file	name	spotbugs-annotations	High
Product	Manifest	automatic-module-name	com.github.spotbugs.annotations	Medium
Product	Manifest	Bundle-Name	spotbugs-annotations	Medium
Product	Manifest	bundle-requiredexecutionenvironment	JavaSE-1.8	Low
Product	Manifest	bundle-symbolicname	spotbugs-annotations	Medium
Product	pom	artifactid	spotbugs-annotations	Highest
Product	pom	developer email	andreas.sewe@codetrails.com	Low
Product	pom	developer email	dbrosius@mebigfatguy.com	Low
Product	pom	developer email	loskutov@gmx.de	Low
Product	pom	developer email	skypencil@gmail.com	Low
Product	pom	developer id	henrik242	Low
Product	pom	developer id	iloveeclipse	Low
Product	pom	developer id	jsotuyod	Low
Product	pom	developer id	KengoTODA	Low
Product	pom	developer id	mebigfatguy	Low
Product	pom	developer id	sewe	Low
Product	pom	developer id	ThrawnCA	Low
Product	pom	developer name	Andreas Sewe	Low
Product	pom	developer name	Andrey Loskutov	Low
Product	pom	developer name	Dave Brosius	Low
Product	pom	developer name	Juan Martín Sotuyo Dodero	Low
Product	pom	developer name	Kengo TODA	Low
Product	pom	groupid	com.github.spotbugs	Highest
Product	pom	name	SpotBugs Annotations	High
Product	pom	url	https://spotbugs.github.io/	Medium
Version	file	version	4.9.8	High
Version	Manifest	Bundle-Version	4.9.8	High
Version	pom	version	4.9.8	Highest

Identifiers

pkg:maven/com.github.spotbugs/spotbugs-annotations@4.9.8 (Confidence:High)

spring-core-5.3.39.jar

Description:

Spring Core

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0

File Path: /home/runner/.m2/repository/org/springframework/spring-core/5.3.39/spring-core-5.3.39.jar
MD5: 632d2a8c30962a69273775968c052651
SHA1: d2bff2eedf27b51d6ef9a2fc892aaff5b7a768dd
SHA256:3a1ddcf05420a9181bd9cacb6062a3edc493e14d555961ad50e1a6360eb1e75f
Referenced In Project/Scope: waffle-spring-security5:compile
pkg:maven/com.github.waffle/waffle-spring-security5@3.6.0-SNAPSHOT

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	spring-core	High
Vendor	hint analyzer	vendor	pivotal software	Highest
Vendor	hint analyzer	vendor	SpringSource	Highest
Vendor	hint analyzer	vendor	vmware	Highest
Vendor	jar	package name	core	Highest
Vendor	jar	package name	io	Highest
Vendor	jar	package name	springframework	Highest
Vendor	Manifest	automatic-module-name	spring.core	Medium
Vendor	pom	artifactid	spring-core	Highest
Vendor	pom	artifactid	spring-core	Low
Vendor	pom	developer email	jhoeller@pivotal.io	Low
Vendor	pom	developer id	jhoeller	Medium
Vendor	pom	developer name	Juergen Hoeller	Medium
Vendor	pom	groupid	org.springframework	Highest
Vendor	pom	name	Spring Core	High
Vendor	pom	organization name	Spring IO	High
Vendor	pom	organization url	https://spring.io/projects/spring-framework	Medium
Vendor	pom	url	spring-projects/spring-framework	Highest
Product	file	name	spring-core	High
Product	hint analyzer	product	springsource_spring_framework	Highest
Product	jar	package name	core	Highest
Product	jar	package name	io	Highest
Product	jar	package name	springframework	Highest
Product	Manifest	automatic-module-name	spring.core	Medium
Product	Manifest	Implementation-Title	spring-core	High
Product	pom	artifactid	spring-core	Highest
Product	pom	developer email	jhoeller@pivotal.io	Low
Product	pom	developer id	jhoeller	Low
Product	pom	developer name	Juergen Hoeller	Low
Product	pom	groupid	org.springframework	Highest
Product	pom	name	Spring Core	High
Product	pom	organization name	Spring IO	Low
Product	pom	organization url	https://spring.io/projects/spring-framework	Low
Product	pom	url	spring-projects/spring-framework	High
Version	file	version	5.3.39	High
Version	Manifest	Implementation-Version	5.3.39	High
Version	pom	version	5.3.39	Highest

Related Dependencies

spring-aop-5.3.39.jar
- File Path: /home/runner/.m2/repository/org/springframework/spring-aop/5.3.39/spring-aop-5.3.39.jar
- MD5: 47ef8946ec3f2f76f83cda172b9fd964
- SHA1: 3af1f0d73ec1e031c7083c848342989f413ca275
- SHA256: aa706e4f749982c0bae5fa637433c44c24f0fff5d16dc41deea6d30c3dfa7c85
- pkg:maven/org.springframework/spring-aop@5.3.39
spring-beans-5.3.39.jar
- File Path: /home/runner/.m2/repository/org/springframework/spring-beans/5.3.39/spring-beans-5.3.39.jar
- MD5: c2f99040fb8b0bc98515c87b968227d3
- SHA1: 87770ce736cbd777c07866cbc8a06b879765e3c8
- SHA256: b6697a5d8facb81aa75e5a46d959d4256da9ce3b40d33f3b5bbd42a8b1ed5722
- pkg:maven/org.springframework/spring-beans@5.3.39
spring-context-5.3.39.jar
- File Path: /home/runner/.m2/repository/org/springframework/spring-context/5.3.39/spring-context-5.3.39.jar
- MD5: 167e95de6f9de58b1ffff09990237021
- SHA1: 286538ca4b3890192d63c88fdd1616adde17dc0e
- SHA256: 9e644fc33bece9a9cb82538167a1b9640ae7b7d80252e893d89b8926a2f81633
- pkg:maven/org.springframework/spring-context@5.3.39
spring-expression-5.3.39.jar
- File Path: /home/runner/.m2/repository/org/springframework/spring-expression/5.3.39/spring-expression-5.3.39.jar
- MD5: 41198683f2d488b4b2038b7d8e4b6d81
- SHA1: 25cf07399eb7ac3fc13888b20dc4d67124ec75bd
- SHA256: d5337774d889fcdc9c08b0c8b8aaa1018d4c95b9b441db0118f7ae4d328f2810
- pkg:maven/org.springframework/spring-expression@5.3.39

Identifiers

pkg:maven/org.springframework/spring-core@5.3.39 (Confidence:High)
cpe:2.3:a:pivotal_software:spring_framework:5.3.39:*:*:*:*:*:*:* (Confidence:Highest)
cpe:2.3:a:springsource:spring_framework:5.3.39:*:*:*:*:*:*:* (Confidence:Highest)
cpe:2.3:a:vmware:spring_framework:5.3.39:*:*:*:*:*:*:* (Confidence:Highest)

Published Vulnerabilities

CVE-2024-38820

The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected.

NVD-CWE-noinfo, CWE-178 Improper Handling of Case Sensitivity

CVSSv3:

Base Score: MEDIUM (5.3)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A

References:

af854a3a-2127-422b-91ae-364da2661108 - https://security.netapp.com/advisory/ntap-20241129-0003/
security@vmware.com - VENDOR_ADVISORY

Vulnerable Software & Versions: (show all)

spring-security-core-5.8.16.jar

Description:

Spring Security

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0

File Path: /home/runner/.m2/repository/org/springframework/security/spring-security-core/5.8.16/spring-security-core-5.8.16.jar
MD5: c70ae997256d27ca6fb1c7a8b24e4248
SHA1: b3d21a1f967db39dabaca487ba3fe58972e6a9a5
SHA256:3be7d217048f5ea76fd6d0eddaa3169ad3bee0bba9c456e27670ec37ca33c3fd
Referenced In Project/Scope: waffle-spring-security5:compile
pkg:maven/com.github.waffle/waffle-spring-security5@3.6.0-SNAPSHOT

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	spring-security-core	High
Vendor	hint analyzer	vendor	pivotal software	Highest
Vendor	hint analyzer	vendor	SpringSource	Highest
Vendor	hint analyzer	vendor	vmware	Highest
Vendor	jar	package name	core	Highest
Vendor	jar	package name	security	Highest
Vendor	jar	package name	springframework	Highest
Vendor	Manifest	automatic-module-name	spring.security.core	Medium
Vendor	pom	artifactid	spring-security-core	Highest
Vendor	pom	artifactid	spring-security-core	Low
Vendor	pom	developer email	info@pivotal.io	Low
Vendor	pom	developer name	Pivotal	Medium
Vendor	pom	developer org	Pivotal Software, Inc.	Medium
Vendor	pom	developer org URL	https://www.spring.io	Medium
Vendor	pom	groupid	org.springframework.security	Highest
Vendor	pom	name	spring-security-core	High
Vendor	pom	organization name	Pivotal Software, Inc.	High
Vendor	pom	organization url	https://spring.io	Medium
Vendor	pom	url	https://spring.io/projects/spring-security	Highest
Product	file	name	spring-security-core	High
Product	jar	package name	core	Highest
Product	jar	package name	security	Highest
Product	jar	package name	springframework	Highest
Product	Manifest	automatic-module-name	spring.security.core	Medium
Product	Manifest	Implementation-Title	spring-security-core	High
Product	pom	artifactid	spring-security-core	Highest
Product	pom	developer email	info@pivotal.io	Low
Product	pom	developer name	Pivotal	Low
Product	pom	developer org	Pivotal Software, Inc.	Low
Product	pom	developer org URL	https://www.spring.io	Low
Product	pom	groupid	org.springframework.security	Highest
Product	pom	name	spring-security-core	High
Product	pom	organization name	Pivotal Software, Inc.	Low
Product	pom	organization url	https://spring.io	Low
Product	pom	url	https://spring.io/projects/spring-security	Medium
Version	file	version	5.8.16	High
Version	Manifest	Implementation-Version	5.8.16	High
Version	pom	version	5.8.16	Highest

Related Dependencies

spring-security-config-5.8.16.jar
- File Path: /home/runner/.m2/repository/org/springframework/security/spring-security-config/5.8.16/spring-security-config-5.8.16.jar
- MD5: 1e386c77733c252f4b9a80904ccb1c00
- SHA1: 73bff85307254de9f30514db587420110aee72ee
- SHA256: fb7218cd28ca5f82bafd4cc038d1727fc99ccfb0f3b38a8fc0545a93e9b2f8b5
- pkg:maven/org.springframework.security/spring-security-config@5.8.16
spring-security-crypto-5.8.16.jar
- File Path: /home/runner/.m2/repository/org/springframework/security/spring-security-crypto/5.8.16/spring-security-crypto-5.8.16.jar
- MD5: 987ca02bb810d32c7d86968ff84e887c
- SHA1: 340f3bb882bea8e9eafc66671d4c8e50f11867a7
- SHA256: e47acdd647997efb36609698b64a2bec37fa119210f88fad813aa53610433cfd
- pkg:maven/org.springframework.security/spring-security-crypto@5.8.16
spring-security-web-5.8.16.jar
- File Path: /home/runner/.m2/repository/org/springframework/security/spring-security-web/5.8.16/spring-security-web-5.8.16.jar
- MD5: 137862bb11c72092dd94d14d380fc784
- SHA1: fade885f7f9df056dd5e3592d949e888cd82397d
- SHA256: fe0843587f4dff188a1ecb822bf544c5f1c1ee46c757858a5a585039d8118304
- pkg:maven/org.springframework.security/spring-security-web@5.8.16

Identifiers

pkg:maven/org.springframework.security/spring-security-core@5.8.16 (Confidence:High)
cpe:2.3:a:pivotal_software:spring_security:5.8.16:*:*:*:*:*:*:* (Confidence:Highest)
cpe:2.3:a:vmware:spring_security:5.8.16:*:*:*:*:*:*:* (Confidence:Highest)

spring-web-5.3.39.jar

Description:

Spring Web

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0

File Path: /home/runner/.m2/repository/org/springframework/spring-web/5.3.39/spring-web-5.3.39.jar
MD5: 2b940bc714d6e29570b5dfa92755eefc
SHA1: 4ab03cd7376a6b3365d2798aac8d01dcd22c0174
SHA256:444f243b936119b5488029f2d9399a3980855c60b493b9e2811464c6433a2b71
Referenced In Project/Scope: waffle-spring-security5:compile
pkg:maven/com.github.waffle/waffle-spring-security5@3.6.0-SNAPSHOT

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	spring-web	High
Vendor	hint analyzer	vendor	pivotal software	Highest
Vendor	hint analyzer	vendor	SpringSource	Highest
Vendor	hint analyzer	vendor	vmware	Highest
Vendor	jar	package name	springframework	Highest
Vendor	jar	package name	web	Highest
Vendor	Manifest	automatic-module-name	spring.web	Medium
Vendor	pom	artifactid	spring-web	Highest
Vendor	pom	artifactid	spring-web	Low
Vendor	pom	developer email	jhoeller@pivotal.io	Low
Vendor	pom	developer id	jhoeller	Medium
Vendor	pom	developer name	Juergen Hoeller	Medium
Vendor	pom	groupid	org.springframework	Highest
Vendor	pom	name	Spring Web	High
Vendor	pom	organization name	Spring IO	High
Vendor	pom	organization url	https://spring.io/projects/spring-framework	Medium
Vendor	pom	url	spring-projects/spring-framework	Highest
Product	file	name	spring-web	High
Product	hint analyzer	product	springsource_spring_framework	Highest
Product	jar	package name	springframework	Highest
Product	jar	package name	web	Highest
Product	Manifest	automatic-module-name	spring.web	Medium
Product	Manifest	Implementation-Title	spring-web	High
Product	pom	artifactid	spring-web	Highest
Product	pom	developer email	jhoeller@pivotal.io	Low
Product	pom	developer id	jhoeller	Low
Product	pom	developer name	Juergen Hoeller	Low
Product	pom	groupid	org.springframework	Highest
Product	pom	name	Spring Web	High
Product	pom	organization name	Spring IO	Low
Product	pom	organization url	https://spring.io/projects/spring-framework	Low
Product	pom	url	spring-projects/spring-framework	High
Version	file	version	5.3.39	High
Version	Manifest	Implementation-Version	5.3.39	High
Version	pom	version	5.3.39	Highest

Identifiers

pkg:maven/org.springframework/spring-web@5.3.39 (Confidence:High)
cpe:2.3:a:pivotal_software:spring_framework:5.3.39:*:*:*:*:*:*:* (Confidence:Highest)
cpe:2.3:a:springsource:spring_framework:5.3.39:*:*:*:*:*:*:* (Confidence:Highest)
cpe:2.3:a:vmware:spring_framework:5.3.39:*:*:*:*:*:*:* (Confidence:Highest)

Published Vulnerabilities

CVE-2016-1000027

Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's position is that untrusted data is not an intended use case. The product's behavior will not be changed because some users rely on deserialization of trusted data.

CWE-502 Deserialization of Untrusted Data

CVSSv3:

Base Score: CRITICAL (9.8)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A

CVSSv2:

Base Score: HIGH (7.5)
Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

af854a3a-2127-422b-91ae-364da2661108 - https://security.netapp.com/advisory/ntap-20230420-0009/
af854a3a-2127-422b-91ae-364da2661108 - BROKEN_LINK,EXPLOIT,THIRD_PARTY_ADVISORY
af854a3a-2127-422b-91ae-364da2661108 - EXPLOIT,THIRD_PARTY_ADVISORY
af854a3a-2127-422b-91ae-364da2661108 - ISSUE_TRACKING,THIRD_PARTY_ADVISORY
af854a3a-2127-422b-91ae-364da2661108 - ISSUE_TRACKING,THIRD_PARTY_ADVISORY
af854a3a-2127-422b-91ae-364da2661108 - ISSUE_TRACKING,THIRD_PARTY_ADVISORY
af854a3a-2127-422b-91ae-364da2661108 - ISSUE_TRACKING,THIRD_PARTY_ADVISORY
af854a3a-2127-422b-91ae-364da2661108 - RELEASE_NOTES,THIRD_PARTY_ADVISORY
af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY
cve@mitre.org - https://security.netapp.com/advisory/ntap-20230420-0009/
cve@mitre.org - BROKEN_LINK,EXPLOIT,THIRD_PARTY_ADVISORY
cve@mitre.org - EXPLOIT,THIRD_PARTY_ADVISORY
cve@mitre.org - ISSUE_TRACKING,THIRD_PARTY_ADVISORY
cve@mitre.org - ISSUE_TRACKING,THIRD_PARTY_ADVISORY
cve@mitre.org - ISSUE_TRACKING,THIRD_PARTY_ADVISORY
cve@mitre.org - ISSUE_TRACKING,THIRD_PARTY_ADVISORY
cve@mitre.org - RELEASE_NOTES,THIRD_PARTY_ADVISORY
cve@mitre.org - THIRD_PARTY_ADVISORY

Vulnerable Software & Versions:

cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:* versions up to (excluding) 6.0.0

CVE-2024-38820

The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected.

NVD-CWE-noinfo, CWE-178 Improper Handling of Case Sensitivity

CVSSv3:

Base Score: MEDIUM (5.3)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A

References:

af854a3a-2127-422b-91ae-364da2661108 - https://security.netapp.com/advisory/ntap-20241129-0003/
security@vmware.com - VENDOR_ADVISORY

Vulnerable Software & Versions: (show all)

How to read the report | Suppressing false positives | Getting Help: github issues

Project: waffle-spring-security5

com.github.waffle:waffle-spring-security5:3.6.0-SNAPSHOT

Summary

Dependencies (vulnerable)

caffeine-3.2.3.jar

Evidence

Identifiers

checker-qual-3.53.0.jar

Evidence

Identifiers

com.github.waffle:waffle-jna:3.6.0-SNAPSHOT

Evidence

Identifiers

commons-logging-1.3.5.jar

Evidence

Identifiers

error_prone_annotations-2.46.0.jar

Evidence

Identifiers

j2objc-annotations-3.1.jar

Evidence

Identifiers

jakarta.servlet-api-4.0.4.jar

Evidence

Identifiers

jna-5.18.1.jar

Evidence

Identifiers

jna-5.18.1.jar: jnidispatch.dll

Evidence

Identifiers

jna-5.18.1.jar: jnidispatch.dll

Evidence

Identifiers

jna-5.18.1.jar: jnidispatch.dll

Evidence

Identifiers

jna-platform-5.18.1.jar

Evidence

Identifiers

jspecify-1.0.0.jar

Evidence

Identifiers

jsr305-3.0.2.jar

Evidence

Identifiers

slf4j-api-2.0.17.jar

Evidence

Identifiers

spotbugs-annotations-4.9.8.jar

Evidence

Identifiers

spring-core-5.3.39.jar

Evidence

Related Dependencies

Identifiers

Published Vulnerabilities

spring-security-core-5.8.16.jar

Evidence

Related Dependencies

Identifiers

spring-web-5.3.39.jar

Evidence

Identifiers

Published Vulnerabilities