Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies;
false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and
the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties,
implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided
is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever
arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
Scan Information (
show all ):
dependency-check version : 11.1.1Report Generated On : Thu, 2 Jan 2025 01:32:29 GMTDependencies Scanned : 30 (25 unique)Vulnerable Dependencies : 1 Vulnerabilities Found : 1Vulnerabilities Suppressed : 0 ... NVD API Last Checked : 2025-01-02T01:18:14ZNVD API Last Modified : 2025-01-01T14:15:23ZSummary Display:
Showing Vulnerable Dependencies (click to show all) Description:
Byte Buddy is a Java library for creating Java classes at run time.
This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/net/bytebuddy/byte-buddy/1.15.11/byte-buddy-1.15.11.jar
MD5: 603bc53c7a294f23765bfb7e1820ad44
SHA1: f61886478e0f9ee4c21d09574736f0ff45e0a46c
SHA256: fa08998aae1e7bdae83bde0712c50e8444d71c0e0c196bb2247ade8d4ad0eb90
Referenced In Project/Scope: waffle-tomcat11:compile
byte-buddy-1.15.11.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-tomcat11@3.5.2-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name byte-buddy High Vendor jar package name asm Highest Vendor jar package name build Highest Vendor jar package name bytebuddy Highest Vendor jar package name net Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-symbolicname net.bytebuddy.byte-buddy Medium Vendor Manifest multi-release true Low Vendor pom artifactid byte-buddy Highest Vendor pom artifactid byte-buddy Low Vendor pom groupid net.bytebuddy Highest Vendor pom name Byte Buddy (without dependencies) High Vendor pom parent-artifactid byte-buddy-parent Low Product file name byte-buddy High Product jar package name asm Highest Product jar package name build Highest Product jar package name bytebuddy Highest Product jar package name net Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest Bundle-Name Byte Buddy (without dependencies) Medium Product Manifest bundle-symbolicname net.bytebuddy.byte-buddy Medium Product Manifest multi-release true Low Product pom artifactid byte-buddy Highest Product pom groupid net.bytebuddy Highest Product pom name Byte Buddy (without dependencies) High Product pom parent-artifactid byte-buddy-parent Medium Version file version 1.15.11 High Version Manifest Bundle-Version 1.15.11 High Version pom version 1.15.11 Highest
Description:
The Byte Buddy agent offers convenience for attaching an agent to the local or a remote VM. License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/net/bytebuddy/byte-buddy-agent/1.15.11/byte-buddy-agent-1.15.11.jar
MD5: 449a1534609bf3535d74cbb10b4ed074
SHA1: a38b16385e867f59a641330f0362ebe742788ed8
SHA256: 316d2c0795c2a4d4c4756f2e6f9349837c7430ac34e0477ead874d05f5cc19e5
Referenced In Project/Scope: waffle-tomcat11:compile
byte-buddy-agent-1.15.11.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-tomcat11@3.5.2-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name byte-buddy-agent High Vendor jar package name agent Highest Vendor jar package name bytebuddy Highest Vendor jar package name net Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-symbolicname net.bytebuddy.byte-buddy-agent Medium Vendor Manifest can-redefine-classes true Low Vendor Manifest can-retransform-classes true Low Vendor Manifest can-set-native-method-prefix true Low Vendor Manifest multi-release true Low Vendor pom artifactid byte-buddy-agent Highest Vendor pom artifactid byte-buddy-agent Low Vendor pom groupid net.bytebuddy Highest Vendor pom name Byte Buddy agent High Vendor pom parent-artifactid byte-buddy-parent Low Product file name byte-buddy-agent High Product jar package name agent Highest Product jar package name bytebuddy Highest Product jar package name net Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest Bundle-Name Byte Buddy agent Medium Product Manifest bundle-symbolicname net.bytebuddy.byte-buddy-agent Medium Product Manifest can-redefine-classes true Low Product Manifest can-retransform-classes true Low Product Manifest can-set-native-method-prefix true Low Product Manifest multi-release true Low Product pom artifactid byte-buddy-agent Highest Product pom groupid net.bytebuddy Highest Product pom name Byte Buddy agent High Product pom parent-artifactid byte-buddy-parent Medium Version file version 1.15.11 High Version Manifest Bundle-Version 1.15.11 High Version pom version 1.15.11 Highest
File Path: /home/runner/.m2/repository/net/bytebuddy/byte-buddy-agent/1.15.11/byte-buddy-agent-1.15.11.jar/win32-x86-64/attach_hotspot_windows.dllMD5: 053a783e5777c6a9867c27d51af89677SHA1: 5ef4d98ae6a033a5707d0b5466e6138beb337e76SHA256: 16d424423f9b09accf132ad35dbeaa52ac9f6bd45bba1406b89df851f651db20Referenced In Project/Scope: waffle-tomcat11:compile
Evidence Type Source Name Value Confidence Vendor file name attach_hotspot_windows High Product file name attach_hotspot_windows High
File Path: /home/runner/.m2/repository/net/bytebuddy/byte-buddy-agent/1.15.11/byte-buddy-agent-1.15.11.jar/win32-x86/attach_hotspot_windows.dllMD5: fbca33102ac97be0ed496c0f78e466b3SHA1: c4df05146a86a6d073769bb697d550ef42518ed5SHA256: 810f94c4a2f5ca1a072c19859f7954fed9aa3a1dcb0d601e92d2338793202e72Referenced In Project/Scope: waffle-tomcat11:compile
Evidence Type Source Name Value Confidence Vendor file name attach_hotspot_windows High Product file name attach_hotspot_windows High
Description:
A high performance caching library License:
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/com/github/ben-manes/caffeine/caffeine/3.1.8/caffeine-3.1.8.jar
MD5: b19301179903e8781776397d9923f7c8
SHA1: 24795585df8afaf70a2cd534786904ea5889c047
SHA256: 7dd15f9df1be238ffaa367ce6f556737a88031de4294dad18eef57c474ddf1d3
Referenced In Project/Scope: waffle-tomcat11:compile
caffeine-3.1.8.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-jna-jakarta@3.5.2-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name caffeine High Vendor jar package name benmanes Highest Vendor jar package name cache Highest Vendor jar package name caffeine Highest Vendor jar package name github Highest Vendor Manifest automatic-module-name com.github.benmanes.caffeine Medium Vendor Manifest build-jdk-spec 11 Low Vendor Manifest bundle-symbolicname com.github.ben-manes.caffeine Medium Vendor pom artifactid caffeine Highest Vendor pom artifactid caffeine Low Vendor pom developer email ben.manes@gmail.com Low Vendor pom developer id ben-manes Medium Vendor pom developer name Ben Manes Medium Vendor pom groupid com.github.ben-manes.caffeine Highest Vendor pom name Caffeine cache High Vendor pom url ben-manes/caffeine Highest Product file name caffeine High Product jar package name benmanes Highest Product jar package name cache Highest Product jar package name caffeine Highest Product jar package name github Highest Product Manifest automatic-module-name com.github.benmanes.caffeine Medium Product Manifest build-jdk-spec 11 Low Product Manifest Bundle-Name com.github.ben-manes.caffeine Medium Product Manifest bundle-symbolicname com.github.ben-manes.caffeine Medium Product Manifest Implementation-Title A high performance caching library High Product pom artifactid caffeine Highest Product pom developer email ben.manes@gmail.com Low Product pom developer id ben-manes Low Product pom developer name Ben Manes Low Product pom groupid com.github.ben-manes.caffeine Highest Product pom name Caffeine cache High Product pom url ben-manes/caffeine High Version file version 3.1.8 High Version Manifest Bundle-Version 3.1.8 High Version Manifest Implementation-Version 3.1.8 High Version pom version 3.1.8 Highest
Description:
checker-qual contains annotations (type qualifiers) that a programmerwrites to specify Java code for type-checking by the Checker Framework. License:
The MIT License: http://opensource.org/licenses/MIT File Path: /home/runner/.m2/repository/org/checkerframework/checker-qual/3.48.3/checker-qual-3.48.3.jar
MD5: 9fe3deae54d20bd78960459c952ac7d4
SHA1: c48effe7d78de3cf5e8a98c614281ec6a2466a77
SHA256: 443685b1b232803baaf803c15d6f5a425473c6f7b81c5f276dfcf93288e389a5
Referenced In Project/Scope: waffle-tomcat11:compile
checker-qual-3.48.3.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-jna-jakarta@3.5.2-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name checker-qual High Vendor jar package name checker Highest Vendor jar package name checkerframework Highest Vendor jar package name framework Highest Vendor jar package name qual Highest Vendor Manifest bundle-symbolicname checker-qual Medium Vendor Manifest implementation-url https://checkerframework.org Low Vendor pom artifactid checker-qual Highest Vendor pom artifactid checker-qual Low Vendor pom developer email mernst@cs.washington.edu Low Vendor pom developer email smillst@cs.washington.edu Low Vendor pom developer id mernst Medium Vendor pom developer id smillst Medium Vendor pom developer name Michael Ernst Medium Vendor pom developer name Suzanne Millstein Medium Vendor pom developer org University of Washington Medium Vendor pom developer org URL https://www.cs.washington.edu/ Medium Vendor pom groupid org.checkerframework Highest Vendor pom name Checker Qual High Vendor pom url https://checkerframework.org/ Highest Product file name checker-qual High Product jar package name checker Highest Product jar package name checkerframework Highest Product jar package name framework Highest Product jar package name qual Highest Product Manifest Bundle-Name checker-qual Medium Product Manifest bundle-symbolicname checker-qual Medium Product Manifest implementation-url https://checkerframework.org Low Product pom artifactid checker-qual Highest Product pom developer email mernst@cs.washington.edu Low Product pom developer email smillst@cs.washington.edu Low Product pom developer id mernst Low Product pom developer id smillst Low Product pom developer name Michael Ernst Low Product pom developer name Suzanne Millstein Low Product pom developer org University of Washington Low Product pom developer org URL https://www.cs.washington.edu/ Low Product pom groupid org.checkerframework Highest Product pom name Checker Qual High Product pom url https://checkerframework.org/ Medium Version file version 3.48.3 High Version Manifest Bundle-Version 3.48.3 High Version Manifest Implementation-Version 3.48.3 High Version pom version 3.48.3 Highest
Description:
WAFFLE JNA Jakarta Pakage implementation License:
MIT https://raw.github.com/Waffle/waffle/master/LICENSE File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-jna-jakarta/pom.xml
Referenced In Project/Scope: waffle-tomcat11
com.github.waffle:waffle-jna-jakarta:3.5.2-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-tomcat11@3.5.2-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid waffle-jna-jakarta Low Vendor project groupid com.github.waffle Highest Product file name pom High Product project artifactid waffle-jna-jakarta Highest Product project groupid com.github.waffle Low
Description:
Error Prone is a static analysis tool for Java that catches common programming mistakes at compile-time. License:
Apache 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/com/google/errorprone/error_prone_annotations/2.36.0/error_prone_annotations-2.36.0.jar
MD5: 0e48e5ba2cd0a8d8d09bad849b99f6a6
SHA1: 227d4d4957ccc3dc5761bd897e3a0ee587e750a7
SHA256: 77440e270b0bc9a249903c5a076c36a722c4886ca4f42675f2903a1c53ed61a5
Referenced In Project/Scope: waffle-tomcat11:provided
error_prone_annotations-2.36.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-tomcat11@3.5.2-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name error_prone_annotations High Vendor jar package name annotations Highest Vendor jar package name errorprone Highest Vendor jar package name google Highest Vendor Manifest build-jdk-spec 17 Low Vendor Manifest bundle-docurl https://errorprone.info/error_prone_annotations Low Vendor Manifest bundle-symbolicname com.google.errorprone.annotations Medium Vendor Manifest multi-release true Low Vendor pom artifactid error_prone_annotations Highest Vendor pom artifactid error_prone_annotations Low Vendor pom groupid com.google.errorprone Highest Vendor pom name error-prone annotations High Vendor pom parent-artifactid error_prone_parent Low Product file name error_prone_annotations High Product jar package name annotations Highest Product jar package name errorprone Highest Product jar package name google Highest Product Manifest build-jdk-spec 17 Low Product Manifest bundle-docurl https://errorprone.info/error_prone_annotations Low Product Manifest Bundle-Name error-prone annotations Medium Product Manifest bundle-symbolicname com.google.errorprone.annotations Medium Product Manifest multi-release true Low Product pom artifactid error_prone_annotations Highest Product pom groupid com.google.errorprone Highest Product pom name error-prone annotations High Product pom parent-artifactid error_prone_parent Medium Version file version 2.36.0 High Version Manifest Bundle-Version 2.36.0 High Version pom version 2.36.0 Highest
Description:
A set of annotations that provide additional information to the J2ObjC
translator to modify the result of translation.
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/com/google/j2objc/j2objc-annotations/3.0.0/j2objc-annotations-3.0.0.jar
MD5: f59529b29202a5baf37f491ea5ec8627
SHA1: 7399e65dd7e9ff3404f4535b2f017093bdb134c7
SHA256: 88241573467ddca44ffd4d74aa04c2bbfd11bf7c17e0c342c94c9de7a70a7c64
Referenced In Project/Scope: waffle-tomcat11:provided
j2objc-annotations-3.0.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-tomcat11@3.5.2-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name j2objc-annotations High Vendor jar package name annotations Highest Vendor jar package name google Highest Vendor jar package name j2objc Highest Vendor Manifest build-jdk-spec 11 Low Vendor Manifest multi-release true Low Vendor pom artifactid j2objc-annotations Highest Vendor pom artifactid j2objc-annotations Low Vendor pom developer email tball@google.com Low Vendor pom developer id tomball Medium Vendor pom developer name Tom Ball Medium Vendor pom developer org Google Medium Vendor pom developer org URL https://www.google.com Medium Vendor pom groupid com.google.j2objc Highest Vendor pom name J2ObjC Annotations High Vendor pom url google/j2objc/ Highest Product file name j2objc-annotations High Product jar package name annotations Highest Product jar package name google Highest Product jar package name j2objc Highest Product Manifest build-jdk-spec 11 Low Product Manifest multi-release true Low Product pom artifactid j2objc-annotations Highest Product pom developer email tball@google.com Low Product pom developer id tomball Low Product pom developer name Tom Ball Low Product pom developer org Google Low Product pom developer org URL https://www.google.com Low Product pom groupid com.google.j2objc Highest Product pom name J2ObjC Annotations High Product pom url google/j2objc/ High Version file version 3.0.0 High Version pom version 3.0.0 Highest
Description:
JCL 1.2 implemented over SLF4J License:
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/slf4j/jcl-over-slf4j/2.0.16/jcl-over-slf4j-2.0.16.jar
MD5: c077b88c43f9d63f64f9880fdb457efb
SHA1: 9d08badad22f1ac07deac9188ade596472a2bfd9
SHA256: 5744d62c5af556e839ab922c9fa3f737f0a5971e478ba68b2eb5256b2842ec78
Referenced In Project/Scope: waffle-tomcat11:compile
jcl-over-slf4j-2.0.16.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-jna-jakarta@3.5.2-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name jcl-over-slf4j High Vendor Manifest build-jdk-spec 21 Low Vendor Manifest bundle-docurl http://www.slf4j.org Low Vendor Manifest bundle-symbolicname jcl.over.slf4j Medium Vendor Manifest multi-release true Low Vendor Manifest originally-created-by Apache Maven Bundle Plugin 5.1.9 Low Vendor pom artifactid jcl-over-slf4j Highest Vendor pom artifactid jcl-over-slf4j Low Vendor pom groupid org.slf4j Highest Vendor pom name JCL 1.2 implemented over SLF4J High Vendor pom parent-artifactid slf4j-parent Low Vendor pom url http://www.slf4j.org Highest Product file name jcl-over-slf4j High Product jar package name 9 Highest Product jar package name apache Highest Product Manifest build-jdk-spec 21 Low Product Manifest bundle-docurl http://www.slf4j.org Low Product Manifest Bundle-Name JCL 1.2 implemented over SLF4J Medium Product Manifest bundle-symbolicname jcl.over.slf4j Medium Product Manifest Implementation-Title jcl-over-slf4j High Product Manifest multi-release true Low Product Manifest originally-created-by Apache Maven Bundle Plugin 5.1.9 Low Product pom artifactid jcl-over-slf4j Highest Product pom groupid org.slf4j Highest Product pom name JCL 1.2 implemented over SLF4J High Product pom parent-artifactid slf4j-parent Medium Product pom url http://www.slf4j.org Medium Version file version 2.0.16 High Version Manifest Bundle-Version 2.0.16 High Version Manifest Implementation-Version 2.0.16 High Version pom version 2.0.16 Highest
Description:
Java Native Access License:
LGPL-2.1-or-later: https://www.gnu.org/licenses/old-licenses/lgpl-2.1
Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/net/java/dev/jna/jna/5.16.0/jna-5.16.0.jar
MD5: accc2e2b8676434a87f4f73fb4d90b44
SHA1: ebea09f91dc9f7048099f963fb8d6f919f0a4d9c
SHA256: 3f5233589a799eb66dc2969afa3433fb56859d3d787c58b9bc7dd9e86f0a250c
Referenced In Project/Scope: waffle-tomcat11:compile
jna-5.16.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-jna-jakarta@3.5.2-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name jna High Vendor jar package name jna Highest Vendor jar package name native Highest Vendor jar package name sun Highest Vendor jar (hint) package name oracle Highest Vendor Manifest automatic-module-name com.sun.jna Medium Vendor Manifest bundle-activationpolicy lazy Low Vendor Manifest bundle-category jni Low Vendor Manifest bundle-nativecode com/sun/jna/win32-x86/jnidispatch.dll; processor=x86;osname=win32, com/sun/jna/win32-x86-64/jnidispatch.dll; processor=x86-64;osname=win32, com/sun/jna/win32-aarch64/jnidispatch.dll; processor=aarch64;osname=win32, com/sun/jna/win32-x86/jnidispatch.dll; processor=x86;osname=win, com/sun/jna/win32-x86-64/jnidispatch.dll; processor=x86-64;osname=win, com/sun/jna/win32-aarch64/jnidispatch.dll; processor=aarch64;osname=win, com/sun/jna/w32ce-arm/jnidispatch.dll; processor=arm;osname=wince, com/sun/jna/sunos-x86/libjnidispatch.so; processor=x86;osname=sunos, com/sun/jna/sunos-x86-64/libjnidispatch.so; processor=x86-64;osname=sunos, com/sun/jna/sunos-sparc/libjnidispatch.so; processor=sparc;osname=sunos, com/sun/jna/sunos-sparcv9/libjnidispatch.so; processor=sparcv9;osname=sunos, com/sun/jna/aix-ppc/libjnidispatch.a; processor=ppc;osname=aix, com/sun/jna/aix-ppc64/libjnidispatch.a; processor=ppc64;osname=aix, com/sun/jna/linux-ppc/libjnidispatch.so; processor=ppc;osname=linux, com/sun/jna/linux-ppc64/libjnidispatch.so; processor=ppc64;osname=linux, com/sun/jna/linux-ppc64le/libjnidispatch.so; processor=ppc64le;osname=linux, com/sun/jna/linux-x86/libjnidispatch.so; processor=x86;osname=linux, com/sun/jna/linux-x86-64/libjnidispatch.so; processor=x86-64;osname=linux, com/sun/jna/linux-arm/libjnidispatch.so; processor=arm;osname=linux, com/sun/jna/linux-arm/libjnidispatch.so; processor=arm_le;osname=linux, com/sun/jna/linux-armel/libjnidispatch.so; processor=armel;osname=linux, com/sun/jna/linux-aarch64/libjnidispatch.so; processor=aarch64;osname=linux, com/sun/jna/linux-ia64/libjnidispatch.so; processor=ia64;osname=linux, com/sun/jna/linux-sparcv9/libjnidispatch.so; processor=sparcv9;osname=linux, com/sun/jna/linux-mips64el/libjnidispatch.so; processor=mips64el;osname=linux, com/sun/jna/linux-s390x/libjnidispatch.so; processor=S390x;osname=linux, com/sun/jna/linux-loongarch64/libjnidispatch.so; processor=loongarch64;osname=linux, com/sun/jna/linux-riscv64/libjnidispatch.so; processor=riscv64;osname=linux, com/sun/jna/dragonflybsd-x86-64/libjnidispatch.so; processor=x86-64;osname=dragonflybsd, com/sun/jna/freebsd-x86/libjnidispatch.so; processor=x86;osname=freebsd, com/sun/jna/freebsd-x86-64/libjnidispatch.so; processor=x86-64;osname=freebsd, com/sun/jna/freebsd-aarch64/libjnidispatch.so; processor=aarch64;osname=freebsd, com/sun/jna/freebsd-ppc64le/libjnidispatch.so; processor=ppc64le;osname=freebsd, com/sun/jna/freebsd-ppc64/libjnidispatch.so; processor=ppc64;osname=freebsd, com/sun/jna/openbsd-x86/libjnidispatch.so; processor=x86;osname=openbsd, com/sun/jna/openbsd-x86-64/libjnidispatch.so; processor=x86-64;osname=openbsd, com/sun/jna/darwin-ppc/libjnidispatch.jnilib; osname=macosx;processor=ppc, com/sun/jna/darwin-ppc64/libjnidispatch.jnilib; osname=macosx;processor=ppc64, com/sun/jna/darwin-x86/libjnidispatch.jnilib; osname=macosx;processor=x86, com/sun/jna/darwin-x86-64/libjnidispatch.jnilib; osname=macosx;processor=x86-64, com/sun/jna/darwin-aarch64/libjnidispatch.jnilib; osname=macosx;processor=aarch64 Low Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.6 Low Vendor Manifest bundle-symbolicname com.sun.jna Medium Vendor Manifest Implementation-Vendor JNA Development Team High Vendor Manifest specification-vendor JNA Development Team Low Vendor pom artifactid jna Highest Vendor pom artifactid jna Low Vendor pom developer email mblaesing@doppel-helix.eu Low Vendor pom developer id twall Medium Vendor pom developer name Matthias Bläsing Medium Vendor pom developer name Timothy Wall Medium Vendor pom groupid net.java.dev.jna Highest Vendor pom name Java Native Access High Vendor pom url java-native-access/jna Highest Product file name jna High Product jar package name jna Highest Product jar package name library Highest Product jar package name native Highest Product jar package name sun Highest Product jar package name win32 Highest Product Manifest automatic-module-name com.sun.jna Medium Product Manifest bundle-activationpolicy lazy Low Product Manifest bundle-category jni Low Product Manifest Bundle-Name jna Medium Product Manifest bundle-nativecode com/sun/jna/win32-x86/jnidispatch.dll; processor=x86;osname=win32, com/sun/jna/win32-x86-64/jnidispatch.dll; processor=x86-64;osname=win32, com/sun/jna/win32-aarch64/jnidispatch.dll; processor=aarch64;osname=win32, com/sun/jna/win32-x86/jnidispatch.dll; processor=x86;osname=win, com/sun/jna/win32-x86-64/jnidispatch.dll; processor=x86-64;osname=win, com/sun/jna/win32-aarch64/jnidispatch.dll; processor=aarch64;osname=win, com/sun/jna/w32ce-arm/jnidispatch.dll; processor=arm;osname=wince, com/sun/jna/sunos-x86/libjnidispatch.so; processor=x86;osname=sunos, com/sun/jna/sunos-x86-64/libjnidispatch.so; processor=x86-64;osname=sunos, com/sun/jna/sunos-sparc/libjnidispatch.so; processor=sparc;osname=sunos, com/sun/jna/sunos-sparcv9/libjnidispatch.so; processor=sparcv9;osname=sunos, com/sun/jna/aix-ppc/libjnidispatch.a; processor=ppc;osname=aix, com/sun/jna/aix-ppc64/libjnidispatch.a; processor=ppc64;osname=aix, com/sun/jna/linux-ppc/libjnidispatch.so; processor=ppc;osname=linux, com/sun/jna/linux-ppc64/libjnidispatch.so; processor=ppc64;osname=linux, com/sun/jna/linux-ppc64le/libjnidispatch.so; processor=ppc64le;osname=linux, com/sun/jna/linux-x86/libjnidispatch.so; processor=x86;osname=linux, com/sun/jna/linux-x86-64/libjnidispatch.so; processor=x86-64;osname=linux, com/sun/jna/linux-arm/libjnidispatch.so; processor=arm;osname=linux, com/sun/jna/linux-arm/libjnidispatch.so; processor=arm_le;osname=linux, com/sun/jna/linux-armel/libjnidispatch.so; processor=armel;osname=linux, com/sun/jna/linux-aarch64/libjnidispatch.so; processor=aarch64;osname=linux, com/sun/jna/linux-ia64/libjnidispatch.so; processor=ia64;osname=linux, com/sun/jna/linux-sparcv9/libjnidispatch.so; processor=sparcv9;osname=linux, com/sun/jna/linux-mips64el/libjnidispatch.so; processor=mips64el;osname=linux, com/sun/jna/linux-s390x/libjnidispatch.so; processor=S390x;osname=linux, com/sun/jna/linux-loongarch64/libjnidispatch.so; processor=loongarch64;osname=linux, com/sun/jna/linux-riscv64/libjnidispatch.so; processor=riscv64;osname=linux, com/sun/jna/dragonflybsd-x86-64/libjnidispatch.so; processor=x86-64;osname=dragonflybsd, com/sun/jna/freebsd-x86/libjnidispatch.so; processor=x86;osname=freebsd, com/sun/jna/freebsd-x86-64/libjnidispatch.so; processor=x86-64;osname=freebsd, com/sun/jna/freebsd-aarch64/libjnidispatch.so; processor=aarch64;osname=freebsd, com/sun/jna/freebsd-ppc64le/libjnidispatch.so; processor=ppc64le;osname=freebsd, com/sun/jna/freebsd-ppc64/libjnidispatch.so; processor=ppc64;osname=freebsd, com/sun/jna/openbsd-x86/libjnidispatch.so; processor=x86;osname=openbsd, com/sun/jna/openbsd-x86-64/libjnidispatch.so; processor=x86-64;osname=openbsd, com/sun/jna/darwin-ppc/libjnidispatch.jnilib; osname=macosx;processor=ppc, com/sun/jna/darwin-ppc64/libjnidispatch.jnilib; osname=macosx;processor=ppc64, com/sun/jna/darwin-x86/libjnidispatch.jnilib; osname=macosx;processor=x86, com/sun/jna/darwin-x86-64/libjnidispatch.jnilib; osname=macosx;processor=x86-64, com/sun/jna/darwin-aarch64/libjnidispatch.jnilib; osname=macosx;processor=aarch64 Low Product Manifest bundle-requiredexecutionenvironment JavaSE-1.6 Low Product Manifest bundle-symbolicname com.sun.jna Medium Product Manifest Implementation-Title com.sun.jna High Product Manifest specification-title Java Native Access (JNA) Medium Product pom artifactid jna Highest Product pom developer email mblaesing@doppel-helix.eu Low Product pom developer id twall Low Product pom developer name Matthias Bläsing Low Product pom developer name Timothy Wall Low Product pom groupid net.java.dev.jna Highest Product pom name Java Native Access High Product pom url java-native-access/jna High Version file version 5.16.0 High Version Manifest Bundle-Version 5.16.0 High Version pom version 5.16.0 Highest
File Path: /home/runner/.m2/repository/net/java/dev/jna/jna/5.16.0/jna-5.16.0.jar/com/sun/jna/win32-aarch64/jnidispatch.dllMD5: 302945a811fd8e21bcdd5226c73b6f74SHA1: 6b05e299ff2b3eb3b7b7aeac44263f715693607cSHA256: b8f98be314234cf12b5b46c29652f70c0f6abb93ae19b63d3fe2692062aa699dReferenced In Project/Scope: waffle-tomcat11:compile
Evidence Type Source Name Value Confidence Vendor file name jnidispatch High Product file name jnidispatch High
File Path: /home/runner/.m2/repository/net/java/dev/jna/jna/5.16.0/jna-5.16.0.jar/com/sun/jna/win32-x86-64/jnidispatch.dllMD5: 2d2475f1f026dd54e9f3e787ae4f81daSHA1: 27ff882ac271db547aee520b38e3ba9aa91e136cSHA256: 5a7ff949f6d93d86491eb5b26b1cfc60051168a60622650224b89995ac420023Referenced In Project/Scope: waffle-tomcat11:compile
Evidence Type Source Name Value Confidence Vendor file name jnidispatch High Product file name jnidispatch High
File Path: /home/runner/.m2/repository/net/java/dev/jna/jna/5.16.0/jna-5.16.0.jar/com/sun/jna/win32-x86/jnidispatch.dllMD5: 0caa1ef75a807f9dde05084fa2219a5cSHA1: 2f5e1cd82cde192905c7510ce99037b67d980640SHA256: 752d597cee7e95cb517327146bf42f124c0d6c0bc48b3ecc3b1b3b0531a52f44Referenced In Project/Scope: waffle-tomcat11:compile
Evidence Type Source Name Value Confidence Vendor file name jnidispatch High Product file name jnidispatch High
Description:
Java Native Access Platform License:
LGPL-2.1-or-later: https://www.gnu.org/licenses/old-licenses/lgpl-2.1
Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/net/java/dev/jna/jna-platform/5.16.0/jna-platform-5.16.0.jar
MD5: 12ba6b7a7752ecf0a5baed725f3192c2
SHA1: b2a9065f97c166893d504b164706512338e3bbc2
SHA256: e5a79523964509757555782bb60283e4902611013f107e4600dc93298f73f382
Referenced In Project/Scope: waffle-tomcat11:compile
jna-platform-5.16.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-jna-jakarta@3.5.2-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name jna-platform High Vendor jar package name jna Highest Vendor jar package name platform Highest Vendor jar package name sun Highest Vendor jar (hint) package name oracle Highest Vendor Manifest automatic-module-name com.sun.jna.platform Medium Vendor Manifest bundle-category jni Low Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.4 Low Vendor Manifest bundle-symbolicname com.sun.jna.platform Medium Vendor Manifest Implementation-Vendor JNA Development Team High Vendor Manifest require-bundle com.sun.jna;bundle-version="5.16.0" Low Vendor Manifest specification-vendor JNA Development Team Low Vendor pom artifactid jna-platform Highest Vendor pom artifactid jna-platform Low Vendor pom developer email mblaesing@doppel-helix.eu Low Vendor pom developer id twall Medium Vendor pom developer name Matthias Bläsing Medium Vendor pom developer name Timothy Wall Medium Vendor pom groupid net.java.dev.jna Highest Vendor pom name Java Native Access Platform High Vendor pom url java-native-access/jna Highest Product file name jna-platform High Product jar package name jna Highest Product jar package name platform Highest Product jar package name sun Highest Product Manifest automatic-module-name com.sun.jna.platform Medium Product Manifest bundle-category jni Low Product Manifest Bundle-Name jna-platform Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.4 Low Product Manifest bundle-symbolicname com.sun.jna.platform Medium Product Manifest Implementation-Title com.sun.jna High Product Manifest require-bundle com.sun.jna;bundle-version="5.16.0" Low Product Manifest specification-title Java Native Access (JNA) Medium Product pom artifactid jna-platform Highest Product pom developer email mblaesing@doppel-helix.eu Low Product pom developer id twall Low Product pom developer name Matthias Bläsing Low Product pom developer name Timothy Wall Low Product pom groupid net.java.dev.jna Highest Product pom name Java Native Access Platform High Product pom url java-native-access/jna High Version file version 5.16.0 High Version Manifest Bundle-Version 5.16.0 High Version pom version 5.16.0 Highest
Description:
JSR305 Annotations for Findbugs License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar
MD5: dd83accb899363c32b07d7a1b2e4ce40
SHA1: 25ea2e8b0c338a877313bd4672d3fe056ea78f0d
SHA256: 766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7
Referenced In Project/Scope: waffle-tomcat11:provided
jsr305-3.0.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.6
Evidence Type Source Name Value Confidence Vendor file name jsr305 High Vendor Manifest bundle-symbolicname org.jsr-305 Medium Vendor pom artifactid jsr305 Highest Vendor pom artifactid jsr305 Low Vendor pom groupid com.google.code.findbugs Highest Vendor pom name FindBugs-jsr305 High Vendor pom url http://findbugs.sourceforge.net/ Highest Product file name jsr305 High Product Manifest Bundle-Name FindBugs-jsr305 Medium Product Manifest bundle-symbolicname org.jsr-305 Medium Product pom artifactid jsr305 Highest Product pom groupid com.google.code.findbugs Highest Product pom name FindBugs-jsr305 High Product pom url http://findbugs.sourceforge.net/ Medium Version file version 3.0.2 High Version Manifest Bundle-Version 3.0.2 High Version pom version 3.0.2 Highest
Description:
The slf4j API License:
http://www.opensource.org/licenses/mit-license.php File Path: /home/runner/.m2/repository/org/slf4j/slf4j-api/2.0.16/slf4j-api-2.0.16.jar
MD5: c8de8f5d740584cb24b5652cfba8b3c4
SHA1: 0172931663a09a1fa515567af5fbef00897d3c04
SHA256: a12578dde1ba00bd9b816d388a0b879928d00bab3c83c240f7013bf4196c579a
Referenced In Project/Scope: waffle-tomcat11:compile
slf4j-api-2.0.16.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-jna-jakarta@3.5.2-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name slf4j-api High Vendor jar package name slf4j Highest Vendor Manifest build-jdk-spec 21 Low Vendor Manifest bundle-docurl http://www.slf4j.org Low Vendor Manifest bundle-symbolicname slf4j.api Medium Vendor Manifest multi-release true Low Vendor pom artifactid slf4j-api Highest Vendor pom artifactid slf4j-api Low Vendor pom groupid org.slf4j Highest Vendor pom name SLF4J API Module High Vendor pom parent-artifactid slf4j-parent Low Vendor pom url http://www.slf4j.org Highest Product file name slf4j-api High Product jar package name slf4j Highest Product Manifest build-jdk-spec 21 Low Product Manifest bundle-docurl http://www.slf4j.org Low Product Manifest Bundle-Name SLF4J API Module Medium Product Manifest bundle-symbolicname slf4j.api Medium Product Manifest Implementation-Title slf4j-api High Product Manifest multi-release true Low Product pom artifactid slf4j-api Highest Product pom groupid org.slf4j Highest Product pom name SLF4J API Module High Product pom parent-artifactid slf4j-parent Medium Product pom url http://www.slf4j.org Medium Version file version 2.0.16 High Version Manifest Bundle-Version 2.0.16 High Version Manifest Implementation-Version 2.0.16 High Version pom version 2.0.16 Highest
Description:
Annotations the SpotBugs tool supports License:
GNU LESSER GENERAL PUBLIC LICENSE, Version 2.1: https://www.gnu.org/licenses/old-licenses/lgpl-2.1.en.html File Path: /home/runner/.m2/repository/com/github/spotbugs/spotbugs-annotations/4.8.6/spotbugs-annotations-4.8.6.jar
MD5: 0806b237c67c69869506ce3ced9a722f
SHA1: 1dcffed3e561ed32134a0dff4717f19bc2fdf4d8
SHA256: 4548b74a815ed44f5480ca4f06204a8b00809dc7e5f6a825a9edf18f40377b65
Referenced In Project/Scope: waffle-tomcat11:provided
spotbugs-annotations-4.8.6.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-tomcat11@3.5.2-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name spotbugs-annotations High Vendor Manifest automatic-module-name com.github.spotbugs.annotations Medium Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor Manifest bundle-symbolicname spotbugs-annotations Medium Vendor pom artifactid spotbugs-annotations Highest Vendor pom artifactid spotbugs-annotations Low Vendor pom developer email andreas.sewe@codetrails.com Low Vendor pom developer email dbrosius@mebigfatguy.com Low Vendor pom developer email loskutov@gmx.de Low Vendor pom developer email skypencil@gmail.com Low Vendor pom developer id henrik242 Medium Vendor pom developer id iloveeclipse Medium Vendor pom developer id jsotuyod Medium Vendor pom developer id KengoTODA Medium Vendor pom developer id mebigfatguy Medium Vendor pom developer id sewe Medium Vendor pom developer id ThrawnCA Medium Vendor pom developer name Andreas Sewe Medium Vendor pom developer name Andrey Loskutov Medium Vendor pom developer name Dave Brosius Medium Vendor pom developer name Juan Martín Sotuyo Dodero Medium Vendor pom developer name Kengo TODA Medium Vendor pom groupid com.github.spotbugs Highest Vendor pom name SpotBugs Annotations High Vendor pom url https://spotbugs.github.io/ Highest Product file name spotbugs-annotations High Product Manifest automatic-module-name com.github.spotbugs.annotations Medium Product Manifest Bundle-Name spotbugs-annotations Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product Manifest bundle-symbolicname spotbugs-annotations Medium Product pom artifactid spotbugs-annotations Highest Product pom developer email andreas.sewe@codetrails.com Low Product pom developer email dbrosius@mebigfatguy.com Low Product pom developer email loskutov@gmx.de Low Product pom developer email skypencil@gmail.com Low Product pom developer id henrik242 Low Product pom developer id iloveeclipse Low Product pom developer id jsotuyod Low Product pom developer id KengoTODA Low Product pom developer id mebigfatguy Low Product pom developer id sewe Low Product pom developer id ThrawnCA Low Product pom developer name Andreas Sewe Low Product pom developer name Andrey Loskutov Low Product pom developer name Dave Brosius Low Product pom developer name Juan Martín Sotuyo Dodero Low Product pom developer name Kengo TODA Low Product pom groupid com.github.spotbugs Highest Product pom name SpotBugs Annotations High Product pom url https://spotbugs.github.io/ Medium Version file version 4.8.6 High Version Manifest Bundle-Version 4.8.6 High Version pom version 4.8.6 Highest
Description:
Annotations Package License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-annotations-api/11.0.2/tomcat-annotations-api-11.0.2.jar
MD5: 0e2c7d9e8ca2cf85b219feeeb2d0a369
SHA1: d4a41ea79168ffb20b742c1553957fe06f69a179
SHA256: a373a2a65c7a9bd354ef3ea77cd2c0638e70ece09fa50352ad97b2a679ab7960
Referenced In Project/Scope: waffle-tomcat11:provided
tomcat-annotations-api-11.0.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.tomcat/tomcat-catalina@11.0.2
Evidence Type Source Name Value Confidence Vendor file name tomcat-annotations-api High Vendor Manifest bundle-symbolicname org.apache.tomcat-annotations-api Medium Vendor Manifest provide-capability osgi.contract;osgi.contract=JakartaAnnotations;version:Version="3.0";uses:="jakarta.annotation,jakarta.annotation.security,jakarta.annotation.sql" Low Vendor manifest: jakarta/annotation/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: jakarta/annotation/security/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: jakarta/annotation/sql/ Implementation-Vendor Apache Software Foundation Medium Vendor pom artifactid tomcat-annotations-api Highest Vendor pom artifactid tomcat-annotations-api Low Vendor pom groupid org.apache.tomcat Highest Vendor pom url https://tomcat.apache.org/ Highest Product file name tomcat-annotations-api High Product jar package name annotation Highest Product jar package name jakarta Highest Product jar package name security Highest Product jar package name sql Highest Product Manifest Bundle-Name tomcat-annotations-api Medium Product Manifest bundle-symbolicname org.apache.tomcat-annotations-api Medium Product Manifest provide-capability osgi.contract;osgi.contract=JakartaAnnotations;version:Version="3.0";uses:="jakarta.annotation,jakarta.annotation.security,jakarta.annotation.sql" Low Product manifest: jakarta/annotation/ Implementation-Title jakarta.annotation Medium Product manifest: jakarta/annotation/ Specification-Title Jakarta Annotations Medium Product manifest: jakarta/annotation/security/ Implementation-Title jakarta.annotation Medium Product manifest: jakarta/annotation/security/ Specification-Title Jakarta Annotations Medium Product manifest: jakarta/annotation/sql/ Implementation-Title jakarta.annotation Medium Product manifest: jakarta/annotation/sql/ Specification-Title Jakarta Annotations Medium Product pom artifactid tomcat-annotations-api Highest Product pom groupid org.apache.tomcat Highest Product pom url https://tomcat.apache.org/ Medium Version file version 11.0.2 High Version Manifest Bundle-Version 11.0.2 High Version pom version 11.0.2 Highest
Description:
Definition of interfaces shared by Catalina and Jasper License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-api/11.0.2/tomcat-api-11.0.2.jar
MD5: 24dc08a9ebb57c31fae33912188fec97
SHA1: d9c128c27d82781786d4ac6990dbb676b9965e4a
SHA256: 8b754515d5a097cf027747c601ed1e4ed1035c42fe9aeece9606071371a73c54
Referenced In Project/Scope: waffle-tomcat11:provided
tomcat-api-11.0.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-tomcat11@3.5.2-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name tomcat-api High Vendor jar package name apache Highest Vendor jar package name tomcat Highest Vendor Manifest bundle-symbolicname org.apache.tomcat-api Medium Vendor Manifest Implementation-Vendor Apache Software Foundation High Vendor Manifest specification-vendor Apache Software Foundation Low Vendor pom artifactid tomcat-api Highest Vendor pom artifactid tomcat-api Low Vendor pom groupid org.apache.tomcat Highest Vendor pom url https://tomcat.apache.org/ Highest Product file name tomcat-api High Product jar package name apache Highest Product jar package name tomcat Highest Product Manifest Bundle-Name tomcat-api Medium Product Manifest bundle-symbolicname org.apache.tomcat-api Medium Product Manifest Implementation-Title Apache Tomcat High Product Manifest specification-title Apache Tomcat Medium Product pom artifactid tomcat-api Highest Product pom groupid org.apache.tomcat Highest Product pom url https://tomcat.apache.org/ Medium Version file version 11.0.2 High Version Manifest Bundle-Version 11.0.2 High Version Manifest Implementation-Version 11.0.2 High Version pom version 11.0.2 Highest
Related Dependencies tomcat-coyote-11.0.2.jarFile Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-coyote/11.0.2/tomcat-coyote-11.0.2.jar MD5: b86425370d775832541b0f4ac83cc68d SHA1: 9966f6f166afd4746c1f35790ef9b6b3d4e6721f SHA256: 23b0973cad982376be6b4b297d3f85e2592ef5cf0ca730c5cc51e18ef0483ba8 pkg:maven/org.apache.tomcat/tomcat-coyote@11.0.2 tomcat-jaspic-api-11.0.2.jarFile Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-jaspic-api/11.0.2/tomcat-jaspic-api-11.0.2.jar MD5: 3dc2d2b7c2b732ac54f3ed7b85e31b04 SHA1: c87ec4b7a1563bba224e5caee5aceed5e60ec63a SHA256: e357236bb8bbd6a2d23342d9c46c0b390fde77dfe478a272a66655542018f365 pkg:maven/org.apache.tomcat/tomcat-jaspic-api@11.0.2 tomcat-jsp-api-11.0.2.jarFile Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-jsp-api/11.0.2/tomcat-jsp-api-11.0.2.jar MD5: c845d181072430dc05615982e0943d46 SHA1: e666dfc090de1475c269772f159a581daf127d6f SHA256: d3c6168593bb1b4b5d4b3445194a69408a9203fe5a11ba96e02077560e2edb55 pkg:maven/org.apache.tomcat/tomcat-jsp-api@11.0.2 tomcat-util-11.0.2.jarFile Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-util/11.0.2/tomcat-util-11.0.2.jar MD5: b16c5a2f8aedf699cbdb71c41be138a8 SHA1: 158bca536bb0609c2e7e23cb6a5de6b051fd76f8 SHA256: 3b4107c5d93d273b385f272a4e6cf232f00dce064daf95e25bc9c9bdb2a166fc pkg:maven/org.apache.tomcat/tomcat-util@11.0.2 tomcat-util-scan-11.0.2.jarFile Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-util-scan/11.0.2/tomcat-util-scan-11.0.2.jar MD5: 91ac02def1b37be804003e8012f3ebe6 SHA1: 320332902dbfc71a8a9d0cbdf075bccdbbae0486 SHA256: ee2253603feaaf5aaa84b70532fe6ba73dc2cddc3a3dfa1041835d8671cbd231 pkg:maven/org.apache.tomcat/tomcat-util-scan@11.0.2 Description:
Tomcat Servlet Engine Core Classes and Standard implementations License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-catalina/11.0.2/tomcat-catalina-11.0.2.jar
MD5: a37c58287482a447a56a7d226a12ff18
SHA1: ec4f8431cbebbac1141546ae2e8788f7d0fbdc0a
SHA256: f46faafadce41e5e94466c8667d88b3a7c110a31b65cf01344560a694c1085a6
Referenced In Project/Scope: waffle-tomcat11:provided
tomcat-catalina-11.0.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-tomcat11@3.5.2-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name tomcat-catalina High Vendor jar package name apache Highest Vendor jar package name catalina Highest Vendor jar package name core Highest Vendor jar package name engine Highest Vendor jar package name tomcat Highest Vendor Manifest bundle-symbolicname org.apache.tomcat-catalina Medium Vendor Manifest Implementation-Vendor Apache Software Foundation High Vendor Manifest specification-vendor Apache Software Foundation Low Vendor pom artifactid tomcat-catalina Highest Vendor pom artifactid tomcat-catalina Low Vendor pom groupid org.apache.tomcat Highest Vendor pom url https://tomcat.apache.org/ Highest Product file name tomcat-catalina High Product jar package name apache Highest Product jar package name catalina Highest Product jar package name core Highest Product jar package name engine Highest Product jar package name tomcat Highest Product Manifest Bundle-Name tomcat-catalina Medium Product Manifest bundle-symbolicname org.apache.tomcat-catalina Medium Product Manifest Implementation-Title Apache Tomcat High Product Manifest specification-title Apache Tomcat Medium Product pom artifactid tomcat-catalina Highest Product pom groupid org.apache.tomcat Highest Product pom url https://tomcat.apache.org/ Medium Version file version 11.0.2 High Version Manifest Bundle-Version 11.0.2 High Version Manifest Implementation-Version 11.0.2 High Version pom version 11.0.2 Highest
CVE-2024-56337 (OSSINDEX)suppress
Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache Tomcat.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97.
The mitigation for CVE-2024-50379 was incomplete.
Users running Tomcat on a case insensitive file system with the default servlet write enabled (readonly initialisation
parameter set to the non-default value of false) may need additional configuration to fully mitigate CVE-2024-50379 depending on which version of Java they are using with Tomcat:
- running on Java 8 or Java 11: the system property sun.io.useCanonCaches must be explicitly set to false (it defaults to true)
- running on Java 17: the system property sun.io.useCanonCaches, if set, must be set to false (it defaults to false)
- running on Java 21 onwards: no further configuration is required (the system property and the problematic cache have been removed)
Tomcat 11.0.3, 10.1.35 and 9.0.99 onwards will include checks that sun.io.useCanonCaches is set appropriately before allowing the default servlet to be write enabled on a case insensitive file system. Tomcat will also set sun.io.useCanonCaches to false by default where it can.
Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2024-56337 for details CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition
CVSSv2:
Base Score: HIGH (7.199999809265137) Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.apache.tomcat:tomcat-catalina:11.0.2:*:*:*:*:*:*:* Description:
Expression language package License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-el-api/11.0.2/tomcat-el-api-11.0.2.jar
MD5: 011a7ca61d6d95f5df696ab09c4dece7
SHA1: 6b0d129eae991dc23407f7ee3b90c6a99e57bc06
SHA256: 1be12c5f311b3144e274e80738354200f629140e6a0ee2b10dd53aadd9435608
Referenced In Project/Scope: waffle-tomcat11:provided
tomcat-el-api-11.0.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.tomcat/tomcat-catalina@11.0.2
Evidence Type Source Name Value Confidence Vendor file name tomcat-el-api High Vendor jar package name el Highest Vendor jar package name expression Highest Vendor Manifest bundle-symbolicname org.apache.tomcat-el-api Medium Vendor Manifest provide-capability osgi.contract;osgi.contract=JakartaExpressionLanguage;version:Version="6.0";uses:="jakarta.el" Low Vendor manifest: jakarta/el/ Implementation-Vendor Apache Software Foundation Medium Vendor pom artifactid tomcat-el-api Highest Vendor pom artifactid tomcat-el-api Low Vendor pom groupid org.apache.tomcat Highest Vendor pom url https://tomcat.apache.org/ Highest Product file name tomcat-el-api High Product jar package name el Highest Product jar package name expression Highest Product jar package name jakarta Highest Product Manifest Bundle-Name tomcat-el-api Medium Product Manifest bundle-symbolicname org.apache.tomcat-el-api Medium Product Manifest provide-capability osgi.contract;osgi.contract=JakartaExpressionLanguage;version:Version="6.0";uses:="jakarta.el" Low Product manifest: jakarta/el/ Implementation-Title jakarta.el Medium Product manifest: jakarta/el/ Specification-Title Jakarta Expression Language Medium Product pom artifactid tomcat-el-api Highest Product pom groupid org.apache.tomcat Highest Product pom url https://tomcat.apache.org/ Medium Version file version 11.0.2 High Version Manifest Bundle-Version 11.0.2 High Version pom version 11.0.2 Highest
Description:
Interface code to the native connector License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-jni/11.0.2/tomcat-jni-11.0.2.jar
MD5: c274eeee3771f008210fa0e2116a229d
SHA1: 5a81d188f564af9b0a9ada4c9dff5a5253b198e5
SHA256: 27e3c99a1dadd6a3ce10ed605505ac494ed218ef48faf874ff6815d4fe50ca95
Referenced In Project/Scope: waffle-tomcat11:provided
tomcat-jni-11.0.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.tomcat/tomcat-catalina@11.0.2
Evidence Type Source Name Value Confidence Vendor file name tomcat-jni High Vendor jar package name apache Highest Vendor jar package name jni Highest Vendor jar package name tomcat Highest Vendor Manifest bundle-symbolicname org.apache.tomcat-jni Medium Vendor Manifest Implementation-Vendor Apache Software Foundation High Vendor Manifest specification-vendor Apache Software Foundation Low Vendor pom artifactid tomcat-jni Highest Vendor pom artifactid tomcat-jni Low Vendor pom groupid org.apache.tomcat Highest Vendor pom url https://tomcat.apache.org/ Highest Product file name tomcat-jni High Product jar package name apache Highest Product jar package name jni Highest Product jar package name tomcat Highest Product Manifest Bundle-Name tomcat-jni Medium Product Manifest bundle-symbolicname org.apache.tomcat-jni Medium Product Manifest Implementation-Title Apache Tomcat High Product Manifest specification-title Apache Tomcat Medium Product pom artifactid tomcat-jni Highest Product pom groupid org.apache.tomcat Highest Product pom url https://tomcat.apache.org/ Medium Version file version 11.0.2 High Version Manifest Bundle-Version 11.0.2 High Version Manifest Implementation-Version 11.0.2 High Version pom version 11.0.2 Highest
Description:
Tomcat Core Logging Package License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-juli/11.0.2/tomcat-juli-11.0.2.jar
MD5: 5613c9cb8b754b658416c09c64413cb2
SHA1: 475337d25ea6489771dd7e5a1421433cfe0d9cd8
SHA256: e791750d317ea3f05f108caaa4d15974cbb324f56ac06060971639853d476619
Referenced In Project/Scope: waffle-tomcat11:provided
tomcat-juli-11.0.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-tomcat11@3.5.2-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name tomcat-juli High Vendor jar package name apache Highest Vendor jar package name juli Highest Vendor jar package name logging Highest Vendor Manifest bundle-symbolicname org.apache.tomcat-juli Medium Vendor Manifest Implementation-Vendor Apache Software Foundation High Vendor Manifest specification-vendor Apache Software Foundation Low Vendor pom artifactid tomcat-juli Highest Vendor pom artifactid tomcat-juli Low Vendor pom groupid org.apache.tomcat Highest Vendor pom url https://tomcat.apache.org/ Highest Product file name tomcat-juli High Product jar package name apache Highest Product jar package name juli Highest Product jar package name logging Highest Product Manifest Bundle-Name tomcat-juli Medium Product Manifest bundle-symbolicname org.apache.tomcat-juli Medium Product Manifest Implementation-Title Apache Tomcat High Product Manifest specification-title Apache Tomcat Medium Product pom artifactid tomcat-juli Highest Product pom groupid org.apache.tomcat Highest Product pom url https://tomcat.apache.org/ Medium Version file version 11.0.2 High Version Manifest Bundle-Version 11.0.2 High Version Manifest Implementation-Version 11.0.2 High Version pom version 11.0.2 Highest
Description:
jakarta.servlet package License:
Apache License, Version 2.0 and
Common Development And Distribution License (CDDL) Version 1.0 and
Eclipse Public License - v 2.0
:
http://www.apache.org/licenses/LICENSE-2.0.txt and
http://www.opensource.org/licenses/cddl1.txt and
https://www.eclipse.org/org/documents/epl-2.0/EPL-2.0.txt
File Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-servlet-api/11.0.2/tomcat-servlet-api-11.0.2.jar
MD5: 2302cc92c356e61fa8323619908045b2
SHA1: daa0985300d5dc52d6ece0bafbb37459eb01c422
SHA256: 3e2687986f2b8957fe4a3c9e29820a8f43cdcdfc67d0e5a54e9cee70b7e49319
Referenced In Project/Scope: waffle-tomcat11:provided
tomcat-servlet-api-11.0.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-tomcat11@3.5.2-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name tomcat-servlet-api High Vendor jar package name jakarta Highest Vendor jar package name servlet Highest Vendor Manifest bundle-symbolicname org.apache.tomcat-servlet-api Medium Vendor Manifest provide-capability osgi.contract;osgi.contract=JakartaServlet;version:Version="6.1";uses:="jakarta.servlet,jakarta.servlet.annotation,jakarta.servlet.descriptor,jakarta.servlet.http,jakarta.servlet.resources" Low Vendor manifest: jakarta/servlet/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: jakarta/servlet/annotation/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: jakarta/servlet/descriptor/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: jakarta/servlet/http/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: jakarta/servlet/resources/ Implementation-Vendor Apache Software Foundation Medium Vendor pom artifactid tomcat-servlet-api Highest Vendor pom artifactid tomcat-servlet-api Low Vendor pom groupid org.apache.tomcat Highest Vendor pom url https://tomcat.apache.org/ Highest Product file name tomcat-servlet-api High Product jar package name annotation Highest Product jar package name descriptor Highest Product jar package name http Highest Product jar package name jakarta Highest Product jar package name servlet Highest Product Manifest Bundle-Name tomcat-servlet-api Medium Product Manifest bundle-symbolicname org.apache.tomcat-servlet-api Medium Product Manifest provide-capability osgi.contract;osgi.contract=JakartaServlet;version:Version="6.1";uses:="jakarta.servlet,jakarta.servlet.annotation,jakarta.servlet.descriptor,jakarta.servlet.http,jakarta.servlet.resources" Low Product manifest: jakarta/servlet/ Implementation-Title jakarta.servlet Medium Product manifest: jakarta/servlet/ Specification-Title Jakarta Servlet Medium Product manifest: jakarta/servlet/annotation/ Implementation-Title jakarta.servlet Medium Product manifest: jakarta/servlet/annotation/ Specification-Title Jakarta Servlet Medium Product manifest: jakarta/servlet/descriptor/ Implementation-Title jakarta.servlet Medium Product manifest: jakarta/servlet/descriptor/ Specification-Title Jakarta Servlet Medium Product manifest: jakarta/servlet/http/ Implementation-Title jakarta.servlet Medium Product manifest: jakarta/servlet/http/ Specification-Title Jakarta Servlet Medium Product manifest: jakarta/servlet/resources/ Implementation-Title jakarta.servlet Medium Product manifest: jakarta/servlet/resources/ Specification-Title Jakarta Servlet Medium Product pom artifactid tomcat-servlet-api Highest Product pom groupid org.apache.tomcat Highest Product pom url https://tomcat.apache.org/ Medium Version file version 11.0.2 High Version Manifest Bundle-Version 11.0.2 High Version pom version 11.0.2 Highest