Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies;
false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and
the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties,
implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided
is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever
arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
Scan Information (
show all ):
dependency-check version : 11.1.1Report Generated On : Thu, 2 Jan 2025 01:19:56 GMTDependencies Scanned : 30 (25 unique)Vulnerable Dependencies : 1 Vulnerabilities Found : 1Vulnerabilities Suppressed : 0 ... NVD API Last Checked : 2025-01-02T01:18:14ZNVD API Last Modified : 2025-01-01T14:15:23ZSummary Display:
Showing Vulnerable Dependencies (click to show all) Description:
Byte Buddy is a Java library for creating Java classes at run time.
This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/net/bytebuddy/byte-buddy/1.15.11/byte-buddy-1.15.11.jar
MD5: 603bc53c7a294f23765bfb7e1820ad44
SHA1: f61886478e0f9ee4c21d09574736f0ff45e0a46c
SHA256: fa08998aae1e7bdae83bde0712c50e8444d71c0e0c196bb2247ade8d4ad0eb90
Referenced In Project/Scope: waffle-tomcat9:compile
byte-buddy-1.15.11.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-tomcat9@3.5.2-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name byte-buddy High Vendor jar package name asm Highest Vendor jar package name build Highest Vendor jar package name bytebuddy Highest Vendor jar package name net Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-symbolicname net.bytebuddy.byte-buddy Medium Vendor Manifest multi-release true Low Vendor pom artifactid byte-buddy Highest Vendor pom artifactid byte-buddy Low Vendor pom groupid net.bytebuddy Highest Vendor pom name Byte Buddy (without dependencies) High Vendor pom parent-artifactid byte-buddy-parent Low Product file name byte-buddy High Product jar package name asm Highest Product jar package name build Highest Product jar package name bytebuddy Highest Product jar package name net Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest Bundle-Name Byte Buddy (without dependencies) Medium Product Manifest bundle-symbolicname net.bytebuddy.byte-buddy Medium Product Manifest multi-release true Low Product pom artifactid byte-buddy Highest Product pom groupid net.bytebuddy Highest Product pom name Byte Buddy (without dependencies) High Product pom parent-artifactid byte-buddy-parent Medium Version file version 1.15.11 High Version Manifest Bundle-Version 1.15.11 High Version pom version 1.15.11 Highest
Description:
The Byte Buddy agent offers convenience for attaching an agent to the local or a remote VM. License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/net/bytebuddy/byte-buddy-agent/1.15.11/byte-buddy-agent-1.15.11.jar
MD5: 449a1534609bf3535d74cbb10b4ed074
SHA1: a38b16385e867f59a641330f0362ebe742788ed8
SHA256: 316d2c0795c2a4d4c4756f2e6f9349837c7430ac34e0477ead874d05f5cc19e5
Referenced In Project/Scope: waffle-tomcat9:compile
byte-buddy-agent-1.15.11.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-tomcat9@3.5.2-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name byte-buddy-agent High Vendor jar package name agent Highest Vendor jar package name bytebuddy Highest Vendor jar package name net Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-symbolicname net.bytebuddy.byte-buddy-agent Medium Vendor Manifest can-redefine-classes true Low Vendor Manifest can-retransform-classes true Low Vendor Manifest can-set-native-method-prefix true Low Vendor Manifest multi-release true Low Vendor pom artifactid byte-buddy-agent Highest Vendor pom artifactid byte-buddy-agent Low Vendor pom groupid net.bytebuddy Highest Vendor pom name Byte Buddy agent High Vendor pom parent-artifactid byte-buddy-parent Low Product file name byte-buddy-agent High Product jar package name agent Highest Product jar package name bytebuddy Highest Product jar package name net Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest Bundle-Name Byte Buddy agent Medium Product Manifest bundle-symbolicname net.bytebuddy.byte-buddy-agent Medium Product Manifest can-redefine-classes true Low Product Manifest can-retransform-classes true Low Product Manifest can-set-native-method-prefix true Low Product Manifest multi-release true Low Product pom artifactid byte-buddy-agent Highest Product pom groupid net.bytebuddy Highest Product pom name Byte Buddy agent High Product pom parent-artifactid byte-buddy-parent Medium Version file version 1.15.11 High Version Manifest Bundle-Version 1.15.11 High Version pom version 1.15.11 Highest
File Path: /home/runner/.m2/repository/net/bytebuddy/byte-buddy-agent/1.15.11/byte-buddy-agent-1.15.11.jar/win32-x86-64/attach_hotspot_windows.dllMD5: 053a783e5777c6a9867c27d51af89677SHA1: 5ef4d98ae6a033a5707d0b5466e6138beb337e76SHA256: 16d424423f9b09accf132ad35dbeaa52ac9f6bd45bba1406b89df851f651db20Referenced In Project/Scope: waffle-tomcat9:compile
Evidence Type Source Name Value Confidence Vendor file name attach_hotspot_windows High Product file name attach_hotspot_windows High
File Path: /home/runner/.m2/repository/net/bytebuddy/byte-buddy-agent/1.15.11/byte-buddy-agent-1.15.11.jar/win32-x86/attach_hotspot_windows.dllMD5: fbca33102ac97be0ed496c0f78e466b3SHA1: c4df05146a86a6d073769bb697d550ef42518ed5SHA256: 810f94c4a2f5ca1a072c19859f7954fed9aa3a1dcb0d601e92d2338793202e72Referenced In Project/Scope: waffle-tomcat9:compile
Evidence Type Source Name Value Confidence Vendor file name attach_hotspot_windows High Product file name attach_hotspot_windows High
Description:
A high performance caching library License:
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/com/github/ben-manes/caffeine/caffeine/3.1.8/caffeine-3.1.8.jar
MD5: b19301179903e8781776397d9923f7c8
SHA1: 24795585df8afaf70a2cd534786904ea5889c047
SHA256: 7dd15f9df1be238ffaa367ce6f556737a88031de4294dad18eef57c474ddf1d3
Referenced In Project/Scope: waffle-tomcat9:compile
caffeine-3.1.8.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-jna@3.5.2-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name caffeine High Vendor jar package name benmanes Highest Vendor jar package name cache Highest Vendor jar package name caffeine Highest Vendor jar package name github Highest Vendor Manifest automatic-module-name com.github.benmanes.caffeine Medium Vendor Manifest build-jdk-spec 11 Low Vendor Manifest bundle-symbolicname com.github.ben-manes.caffeine Medium Vendor pom artifactid caffeine Highest Vendor pom artifactid caffeine Low Vendor pom developer email ben.manes@gmail.com Low Vendor pom developer id ben-manes Medium Vendor pom developer name Ben Manes Medium Vendor pom groupid com.github.ben-manes.caffeine Highest Vendor pom name Caffeine cache High Vendor pom url ben-manes/caffeine Highest Product file name caffeine High Product jar package name benmanes Highest Product jar package name cache Highest Product jar package name caffeine Highest Product jar package name github Highest Product Manifest automatic-module-name com.github.benmanes.caffeine Medium Product Manifest build-jdk-spec 11 Low Product Manifest Bundle-Name com.github.ben-manes.caffeine Medium Product Manifest bundle-symbolicname com.github.ben-manes.caffeine Medium Product Manifest Implementation-Title A high performance caching library High Product pom artifactid caffeine Highest Product pom developer email ben.manes@gmail.com Low Product pom developer id ben-manes Low Product pom developer name Ben Manes Low Product pom groupid com.github.ben-manes.caffeine Highest Product pom name Caffeine cache High Product pom url ben-manes/caffeine High Version file version 3.1.8 High Version Manifest Bundle-Version 3.1.8 High Version Manifest Implementation-Version 3.1.8 High Version pom version 3.1.8 Highest
Description:
checker-qual contains annotations (type qualifiers) that a programmerwrites to specify Java code for type-checking by the Checker Framework. License:
The MIT License: http://opensource.org/licenses/MIT File Path: /home/runner/.m2/repository/org/checkerframework/checker-qual/3.48.3/checker-qual-3.48.3.jar
MD5: 9fe3deae54d20bd78960459c952ac7d4
SHA1: c48effe7d78de3cf5e8a98c614281ec6a2466a77
SHA256: 443685b1b232803baaf803c15d6f5a425473c6f7b81c5f276dfcf93288e389a5
Referenced In Project/Scope: waffle-tomcat9:compile
checker-qual-3.48.3.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-jna@3.5.2-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name checker-qual High Vendor jar package name checker Highest Vendor jar package name checkerframework Highest Vendor jar package name framework Highest Vendor jar package name qual Highest Vendor Manifest bundle-symbolicname checker-qual Medium Vendor Manifest implementation-url https://checkerframework.org Low Vendor pom artifactid checker-qual Highest Vendor pom artifactid checker-qual Low Vendor pom developer email mernst@cs.washington.edu Low Vendor pom developer email smillst@cs.washington.edu Low Vendor pom developer id mernst Medium Vendor pom developer id smillst Medium Vendor pom developer name Michael Ernst Medium Vendor pom developer name Suzanne Millstein Medium Vendor pom developer org University of Washington Medium Vendor pom developer org URL https://www.cs.washington.edu/ Medium Vendor pom groupid org.checkerframework Highest Vendor pom name Checker Qual High Vendor pom url https://checkerframework.org/ Highest Product file name checker-qual High Product jar package name checker Highest Product jar package name checkerframework Highest Product jar package name framework Highest Product jar package name qual Highest Product Manifest Bundle-Name checker-qual Medium Product Manifest bundle-symbolicname checker-qual Medium Product Manifest implementation-url https://checkerframework.org Low Product pom artifactid checker-qual Highest Product pom developer email mernst@cs.washington.edu Low Product pom developer email smillst@cs.washington.edu Low Product pom developer id mernst Low Product pom developer id smillst Low Product pom developer name Michael Ernst Low Product pom developer name Suzanne Millstein Low Product pom developer org University of Washington Low Product pom developer org URL https://www.cs.washington.edu/ Low Product pom groupid org.checkerframework Highest Product pom name Checker Qual High Product pom url https://checkerframework.org/ Medium Version file version 3.48.3 High Version Manifest Bundle-Version 3.48.3 High Version Manifest Implementation-Version 3.48.3 High Version pom version 3.48.3 Highest
Description:
WAFFLE JNA implementation License:
MIT https://raw.github.com/Waffle/waffle/master/LICENSE File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-jna/pom.xml
Referenced In Project/Scope: waffle-tomcat9
com.github.waffle:waffle-jna:3.5.2-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-tomcat9@3.5.2-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid waffle-jna Low Vendor project groupid com.github.waffle Highest Product file name pom High Product project artifactid waffle-jna Highest Product project groupid com.github.waffle Low
Description:
Error Prone is a static analysis tool for Java that catches common programming mistakes at compile-time. License:
Apache 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/com/google/errorprone/error_prone_annotations/2.36.0/error_prone_annotations-2.36.0.jar
MD5: 0e48e5ba2cd0a8d8d09bad849b99f6a6
SHA1: 227d4d4957ccc3dc5761bd897e3a0ee587e750a7
SHA256: 77440e270b0bc9a249903c5a076c36a722c4886ca4f42675f2903a1c53ed61a5
Referenced In Project/Scope: waffle-tomcat9:provided
error_prone_annotations-2.36.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-tomcat9@3.5.2-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name error_prone_annotations High Vendor jar package name annotations Highest Vendor jar package name errorprone Highest Vendor jar package name google Highest Vendor Manifest build-jdk-spec 17 Low Vendor Manifest bundle-docurl https://errorprone.info/error_prone_annotations Low Vendor Manifest bundle-symbolicname com.google.errorprone.annotations Medium Vendor Manifest multi-release true Low Vendor pom artifactid error_prone_annotations Highest Vendor pom artifactid error_prone_annotations Low Vendor pom groupid com.google.errorprone Highest Vendor pom name error-prone annotations High Vendor pom parent-artifactid error_prone_parent Low Product file name error_prone_annotations High Product jar package name annotations Highest Product jar package name errorprone Highest Product jar package name google Highest Product Manifest build-jdk-spec 17 Low Product Manifest bundle-docurl https://errorprone.info/error_prone_annotations Low Product Manifest Bundle-Name error-prone annotations Medium Product Manifest bundle-symbolicname com.google.errorprone.annotations Medium Product Manifest multi-release true Low Product pom artifactid error_prone_annotations Highest Product pom groupid com.google.errorprone Highest Product pom name error-prone annotations High Product pom parent-artifactid error_prone_parent Medium Version file version 2.36.0 High Version Manifest Bundle-Version 2.36.0 High Version pom version 2.36.0 Highest
Description:
A set of annotations that provide additional information to the J2ObjC
translator to modify the result of translation.
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/com/google/j2objc/j2objc-annotations/3.0.0/j2objc-annotations-3.0.0.jar
MD5: f59529b29202a5baf37f491ea5ec8627
SHA1: 7399e65dd7e9ff3404f4535b2f017093bdb134c7
SHA256: 88241573467ddca44ffd4d74aa04c2bbfd11bf7c17e0c342c94c9de7a70a7c64
Referenced In Project/Scope: waffle-tomcat9:provided
j2objc-annotations-3.0.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-tomcat9@3.5.2-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name j2objc-annotations High Vendor jar package name annotations Highest Vendor jar package name google Highest Vendor jar package name j2objc Highest Vendor Manifest build-jdk-spec 11 Low Vendor Manifest multi-release true Low Vendor pom artifactid j2objc-annotations Highest Vendor pom artifactid j2objc-annotations Low Vendor pom developer email tball@google.com Low Vendor pom developer id tomball Medium Vendor pom developer name Tom Ball Medium Vendor pom developer org Google Medium Vendor pom developer org URL https://www.google.com Medium Vendor pom groupid com.google.j2objc Highest Vendor pom name J2ObjC Annotations High Vendor pom url google/j2objc/ Highest Product file name j2objc-annotations High Product jar package name annotations Highest Product jar package name google Highest Product jar package name j2objc Highest Product Manifest build-jdk-spec 11 Low Product Manifest multi-release true Low Product pom artifactid j2objc-annotations Highest Product pom developer email tball@google.com Low Product pom developer id tomball Low Product pom developer name Tom Ball Low Product pom developer org Google Low Product pom developer org URL https://www.google.com Low Product pom groupid com.google.j2objc Highest Product pom name J2ObjC Annotations High Product pom url google/j2objc/ High Version file version 3.0.0 High Version pom version 3.0.0 Highest
Description:
JCL 1.2 implemented over SLF4J License:
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/slf4j/jcl-over-slf4j/2.0.16/jcl-over-slf4j-2.0.16.jar
MD5: c077b88c43f9d63f64f9880fdb457efb
SHA1: 9d08badad22f1ac07deac9188ade596472a2bfd9
SHA256: 5744d62c5af556e839ab922c9fa3f737f0a5971e478ba68b2eb5256b2842ec78
Referenced In Project/Scope: waffle-tomcat9:compile
jcl-over-slf4j-2.0.16.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-jna@3.5.2-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name jcl-over-slf4j High Vendor Manifest build-jdk-spec 21 Low Vendor Manifest bundle-docurl http://www.slf4j.org Low Vendor Manifest bundle-symbolicname jcl.over.slf4j Medium Vendor Manifest multi-release true Low Vendor Manifest originally-created-by Apache Maven Bundle Plugin 5.1.9 Low Vendor pom artifactid jcl-over-slf4j Highest Vendor pom artifactid jcl-over-slf4j Low Vendor pom groupid org.slf4j Highest Vendor pom name JCL 1.2 implemented over SLF4J High Vendor pom parent-artifactid slf4j-parent Low Vendor pom url http://www.slf4j.org Highest Product file name jcl-over-slf4j High Product jar package name 9 Highest Product jar package name apache Highest Product Manifest build-jdk-spec 21 Low Product Manifest bundle-docurl http://www.slf4j.org Low Product Manifest Bundle-Name JCL 1.2 implemented over SLF4J Medium Product Manifest bundle-symbolicname jcl.over.slf4j Medium Product Manifest Implementation-Title jcl-over-slf4j High Product Manifest multi-release true Low Product Manifest originally-created-by Apache Maven Bundle Plugin 5.1.9 Low Product pom artifactid jcl-over-slf4j Highest Product pom groupid org.slf4j Highest Product pom name JCL 1.2 implemented over SLF4J High Product pom parent-artifactid slf4j-parent Medium Product pom url http://www.slf4j.org Medium Version file version 2.0.16 High Version Manifest Bundle-Version 2.0.16 High Version Manifest Implementation-Version 2.0.16 High Version pom version 2.0.16 Highest
Description:
Java Native Access License:
LGPL-2.1-or-later: https://www.gnu.org/licenses/old-licenses/lgpl-2.1
Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/net/java/dev/jna/jna/5.16.0/jna-5.16.0.jar
MD5: accc2e2b8676434a87f4f73fb4d90b44
SHA1: ebea09f91dc9f7048099f963fb8d6f919f0a4d9c
SHA256: 3f5233589a799eb66dc2969afa3433fb56859d3d787c58b9bc7dd9e86f0a250c
Referenced In Project/Scope: waffle-tomcat9:compile
jna-5.16.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-jna@3.5.2-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name jna High Vendor jar package name jna Highest Vendor jar package name native Highest Vendor jar package name sun Highest Vendor jar (hint) package name oracle Highest Vendor Manifest automatic-module-name com.sun.jna Medium Vendor Manifest bundle-activationpolicy lazy Low Vendor Manifest bundle-category jni Low Vendor Manifest bundle-nativecode com/sun/jna/win32-x86/jnidispatch.dll; processor=x86;osname=win32, com/sun/jna/win32-x86-64/jnidispatch.dll; processor=x86-64;osname=win32, com/sun/jna/win32-aarch64/jnidispatch.dll; processor=aarch64;osname=win32, com/sun/jna/win32-x86/jnidispatch.dll; processor=x86;osname=win, com/sun/jna/win32-x86-64/jnidispatch.dll; processor=x86-64;osname=win, com/sun/jna/win32-aarch64/jnidispatch.dll; processor=aarch64;osname=win, com/sun/jna/w32ce-arm/jnidispatch.dll; processor=arm;osname=wince, com/sun/jna/sunos-x86/libjnidispatch.so; processor=x86;osname=sunos, com/sun/jna/sunos-x86-64/libjnidispatch.so; processor=x86-64;osname=sunos, com/sun/jna/sunos-sparc/libjnidispatch.so; processor=sparc;osname=sunos, com/sun/jna/sunos-sparcv9/libjnidispatch.so; processor=sparcv9;osname=sunos, com/sun/jna/aix-ppc/libjnidispatch.a; processor=ppc;osname=aix, com/sun/jna/aix-ppc64/libjnidispatch.a; processor=ppc64;osname=aix, com/sun/jna/linux-ppc/libjnidispatch.so; processor=ppc;osname=linux, com/sun/jna/linux-ppc64/libjnidispatch.so; processor=ppc64;osname=linux, com/sun/jna/linux-ppc64le/libjnidispatch.so; processor=ppc64le;osname=linux, com/sun/jna/linux-x86/libjnidispatch.so; processor=x86;osname=linux, com/sun/jna/linux-x86-64/libjnidispatch.so; processor=x86-64;osname=linux, com/sun/jna/linux-arm/libjnidispatch.so; processor=arm;osname=linux, com/sun/jna/linux-arm/libjnidispatch.so; processor=arm_le;osname=linux, com/sun/jna/linux-armel/libjnidispatch.so; processor=armel;osname=linux, com/sun/jna/linux-aarch64/libjnidispatch.so; processor=aarch64;osname=linux, com/sun/jna/linux-ia64/libjnidispatch.so; processor=ia64;osname=linux, com/sun/jna/linux-sparcv9/libjnidispatch.so; processor=sparcv9;osname=linux, com/sun/jna/linux-mips64el/libjnidispatch.so; processor=mips64el;osname=linux, com/sun/jna/linux-s390x/libjnidispatch.so; processor=S390x;osname=linux, com/sun/jna/linux-loongarch64/libjnidispatch.so; processor=loongarch64;osname=linux, com/sun/jna/linux-riscv64/libjnidispatch.so; processor=riscv64;osname=linux, com/sun/jna/dragonflybsd-x86-64/libjnidispatch.so; processor=x86-64;osname=dragonflybsd, com/sun/jna/freebsd-x86/libjnidispatch.so; processor=x86;osname=freebsd, com/sun/jna/freebsd-x86-64/libjnidispatch.so; processor=x86-64;osname=freebsd, com/sun/jna/freebsd-aarch64/libjnidispatch.so; processor=aarch64;osname=freebsd, com/sun/jna/freebsd-ppc64le/libjnidispatch.so; processor=ppc64le;osname=freebsd, com/sun/jna/freebsd-ppc64/libjnidispatch.so; processor=ppc64;osname=freebsd, com/sun/jna/openbsd-x86/libjnidispatch.so; processor=x86;osname=openbsd, com/sun/jna/openbsd-x86-64/libjnidispatch.so; processor=x86-64;osname=openbsd, com/sun/jna/darwin-ppc/libjnidispatch.jnilib; osname=macosx;processor=ppc, com/sun/jna/darwin-ppc64/libjnidispatch.jnilib; osname=macosx;processor=ppc64, com/sun/jna/darwin-x86/libjnidispatch.jnilib; osname=macosx;processor=x86, com/sun/jna/darwin-x86-64/libjnidispatch.jnilib; osname=macosx;processor=x86-64, com/sun/jna/darwin-aarch64/libjnidispatch.jnilib; osname=macosx;processor=aarch64 Low Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.6 Low Vendor Manifest bundle-symbolicname com.sun.jna Medium Vendor Manifest Implementation-Vendor JNA Development Team High Vendor Manifest specification-vendor JNA Development Team Low Vendor pom artifactid jna Highest Vendor pom artifactid jna Low Vendor pom developer email mblaesing@doppel-helix.eu Low Vendor pom developer id twall Medium Vendor pom developer name Matthias Bläsing Medium Vendor pom developer name Timothy Wall Medium Vendor pom groupid net.java.dev.jna Highest Vendor pom name Java Native Access High Vendor pom url java-native-access/jna Highest Product file name jna High Product jar package name jna Highest Product jar package name library Highest Product jar package name native Highest Product jar package name sun Highest Product jar package name win32 Highest Product Manifest automatic-module-name com.sun.jna Medium Product Manifest bundle-activationpolicy lazy Low Product Manifest bundle-category jni Low Product Manifest Bundle-Name jna Medium Product Manifest bundle-nativecode com/sun/jna/win32-x86/jnidispatch.dll; processor=x86;osname=win32, com/sun/jna/win32-x86-64/jnidispatch.dll; processor=x86-64;osname=win32, com/sun/jna/win32-aarch64/jnidispatch.dll; processor=aarch64;osname=win32, com/sun/jna/win32-x86/jnidispatch.dll; processor=x86;osname=win, com/sun/jna/win32-x86-64/jnidispatch.dll; processor=x86-64;osname=win, com/sun/jna/win32-aarch64/jnidispatch.dll; processor=aarch64;osname=win, com/sun/jna/w32ce-arm/jnidispatch.dll; processor=arm;osname=wince, com/sun/jna/sunos-x86/libjnidispatch.so; processor=x86;osname=sunos, com/sun/jna/sunos-x86-64/libjnidispatch.so; processor=x86-64;osname=sunos, com/sun/jna/sunos-sparc/libjnidispatch.so; processor=sparc;osname=sunos, com/sun/jna/sunos-sparcv9/libjnidispatch.so; processor=sparcv9;osname=sunos, com/sun/jna/aix-ppc/libjnidispatch.a; processor=ppc;osname=aix, com/sun/jna/aix-ppc64/libjnidispatch.a; processor=ppc64;osname=aix, com/sun/jna/linux-ppc/libjnidispatch.so; processor=ppc;osname=linux, com/sun/jna/linux-ppc64/libjnidispatch.so; processor=ppc64;osname=linux, com/sun/jna/linux-ppc64le/libjnidispatch.so; processor=ppc64le;osname=linux, com/sun/jna/linux-x86/libjnidispatch.so; processor=x86;osname=linux, com/sun/jna/linux-x86-64/libjnidispatch.so; processor=x86-64;osname=linux, com/sun/jna/linux-arm/libjnidispatch.so; processor=arm;osname=linux, com/sun/jna/linux-arm/libjnidispatch.so; processor=arm_le;osname=linux, com/sun/jna/linux-armel/libjnidispatch.so; processor=armel;osname=linux, com/sun/jna/linux-aarch64/libjnidispatch.so; processor=aarch64;osname=linux, com/sun/jna/linux-ia64/libjnidispatch.so; processor=ia64;osname=linux, com/sun/jna/linux-sparcv9/libjnidispatch.so; processor=sparcv9;osname=linux, com/sun/jna/linux-mips64el/libjnidispatch.so; processor=mips64el;osname=linux, com/sun/jna/linux-s390x/libjnidispatch.so; processor=S390x;osname=linux, com/sun/jna/linux-loongarch64/libjnidispatch.so; processor=loongarch64;osname=linux, com/sun/jna/linux-riscv64/libjnidispatch.so; processor=riscv64;osname=linux, com/sun/jna/dragonflybsd-x86-64/libjnidispatch.so; processor=x86-64;osname=dragonflybsd, com/sun/jna/freebsd-x86/libjnidispatch.so; processor=x86;osname=freebsd, com/sun/jna/freebsd-x86-64/libjnidispatch.so; processor=x86-64;osname=freebsd, com/sun/jna/freebsd-aarch64/libjnidispatch.so; processor=aarch64;osname=freebsd, com/sun/jna/freebsd-ppc64le/libjnidispatch.so; processor=ppc64le;osname=freebsd, com/sun/jna/freebsd-ppc64/libjnidispatch.so; processor=ppc64;osname=freebsd, com/sun/jna/openbsd-x86/libjnidispatch.so; processor=x86;osname=openbsd, com/sun/jna/openbsd-x86-64/libjnidispatch.so; processor=x86-64;osname=openbsd, com/sun/jna/darwin-ppc/libjnidispatch.jnilib; osname=macosx;processor=ppc, com/sun/jna/darwin-ppc64/libjnidispatch.jnilib; osname=macosx;processor=ppc64, com/sun/jna/darwin-x86/libjnidispatch.jnilib; osname=macosx;processor=x86, com/sun/jna/darwin-x86-64/libjnidispatch.jnilib; osname=macosx;processor=x86-64, com/sun/jna/darwin-aarch64/libjnidispatch.jnilib; osname=macosx;processor=aarch64 Low Product Manifest bundle-requiredexecutionenvironment JavaSE-1.6 Low Product Manifest bundle-symbolicname com.sun.jna Medium Product Manifest Implementation-Title com.sun.jna High Product Manifest specification-title Java Native Access (JNA) Medium Product pom artifactid jna Highest Product pom developer email mblaesing@doppel-helix.eu Low Product pom developer id twall Low Product pom developer name Matthias Bläsing Low Product pom developer name Timothy Wall Low Product pom groupid net.java.dev.jna Highest Product pom name Java Native Access High Product pom url java-native-access/jna High Version file version 5.16.0 High Version Manifest Bundle-Version 5.16.0 High Version pom version 5.16.0 Highest
File Path: /home/runner/.m2/repository/net/java/dev/jna/jna/5.16.0/jna-5.16.0.jar/com/sun/jna/win32-aarch64/jnidispatch.dllMD5: 302945a811fd8e21bcdd5226c73b6f74SHA1: 6b05e299ff2b3eb3b7b7aeac44263f715693607cSHA256: b8f98be314234cf12b5b46c29652f70c0f6abb93ae19b63d3fe2692062aa699dReferenced In Project/Scope: waffle-tomcat9:compile
Evidence Type Source Name Value Confidence Vendor file name jnidispatch High Product file name jnidispatch High
File Path: /home/runner/.m2/repository/net/java/dev/jna/jna/5.16.0/jna-5.16.0.jar/com/sun/jna/win32-x86-64/jnidispatch.dllMD5: 2d2475f1f026dd54e9f3e787ae4f81daSHA1: 27ff882ac271db547aee520b38e3ba9aa91e136cSHA256: 5a7ff949f6d93d86491eb5b26b1cfc60051168a60622650224b89995ac420023Referenced In Project/Scope: waffle-tomcat9:compile
Evidence Type Source Name Value Confidence Vendor file name jnidispatch High Product file name jnidispatch High
File Path: /home/runner/.m2/repository/net/java/dev/jna/jna/5.16.0/jna-5.16.0.jar/com/sun/jna/win32-x86/jnidispatch.dllMD5: 0caa1ef75a807f9dde05084fa2219a5cSHA1: 2f5e1cd82cde192905c7510ce99037b67d980640SHA256: 752d597cee7e95cb517327146bf42f124c0d6c0bc48b3ecc3b1b3b0531a52f44Referenced In Project/Scope: waffle-tomcat9:compile
Evidence Type Source Name Value Confidence Vendor file name jnidispatch High Product file name jnidispatch High
Description:
Java Native Access Platform License:
LGPL-2.1-or-later: https://www.gnu.org/licenses/old-licenses/lgpl-2.1
Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/net/java/dev/jna/jna-platform/5.16.0/jna-platform-5.16.0.jar
MD5: 12ba6b7a7752ecf0a5baed725f3192c2
SHA1: b2a9065f97c166893d504b164706512338e3bbc2
SHA256: e5a79523964509757555782bb60283e4902611013f107e4600dc93298f73f382
Referenced In Project/Scope: waffle-tomcat9:compile
jna-platform-5.16.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-jna@3.5.2-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name jna-platform High Vendor jar package name jna Highest Vendor jar package name platform Highest Vendor jar package name sun Highest Vendor jar (hint) package name oracle Highest Vendor Manifest automatic-module-name com.sun.jna.platform Medium Vendor Manifest bundle-category jni Low Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.4 Low Vendor Manifest bundle-symbolicname com.sun.jna.platform Medium Vendor Manifest Implementation-Vendor JNA Development Team High Vendor Manifest require-bundle com.sun.jna;bundle-version="5.16.0" Low Vendor Manifest specification-vendor JNA Development Team Low Vendor pom artifactid jna-platform Highest Vendor pom artifactid jna-platform Low Vendor pom developer email mblaesing@doppel-helix.eu Low Vendor pom developer id twall Medium Vendor pom developer name Matthias Bläsing Medium Vendor pom developer name Timothy Wall Medium Vendor pom groupid net.java.dev.jna Highest Vendor pom name Java Native Access Platform High Vendor pom url java-native-access/jna Highest Product file name jna-platform High Product jar package name jna Highest Product jar package name platform Highest Product jar package name sun Highest Product Manifest automatic-module-name com.sun.jna.platform Medium Product Manifest bundle-category jni Low Product Manifest Bundle-Name jna-platform Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.4 Low Product Manifest bundle-symbolicname com.sun.jna.platform Medium Product Manifest Implementation-Title com.sun.jna High Product Manifest require-bundle com.sun.jna;bundle-version="5.16.0" Low Product Manifest specification-title Java Native Access (JNA) Medium Product pom artifactid jna-platform Highest Product pom developer email mblaesing@doppel-helix.eu Low Product pom developer id twall Low Product pom developer name Matthias Bläsing Low Product pom developer name Timothy Wall Low Product pom groupid net.java.dev.jna Highest Product pom name Java Native Access Platform High Product pom url java-native-access/jna High Version file version 5.16.0 High Version Manifest Bundle-Version 5.16.0 High Version pom version 5.16.0 Highest
Description:
JSR305 Annotations for Findbugs License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar
MD5: dd83accb899363c32b07d7a1b2e4ce40
SHA1: 25ea2e8b0c338a877313bd4672d3fe056ea78f0d
SHA256: 766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7
Referenced In Project/Scope: waffle-tomcat9:provided
jsr305-3.0.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.6
Evidence Type Source Name Value Confidence Vendor file name jsr305 High Vendor Manifest bundle-symbolicname org.jsr-305 Medium Vendor pom artifactid jsr305 Highest Vendor pom artifactid jsr305 Low Vendor pom groupid com.google.code.findbugs Highest Vendor pom name FindBugs-jsr305 High Vendor pom url http://findbugs.sourceforge.net/ Highest Product file name jsr305 High Product Manifest Bundle-Name FindBugs-jsr305 Medium Product Manifest bundle-symbolicname org.jsr-305 Medium Product pom artifactid jsr305 Highest Product pom groupid com.google.code.findbugs Highest Product pom name FindBugs-jsr305 High Product pom url http://findbugs.sourceforge.net/ Medium Version file version 3.0.2 High Version Manifest Bundle-Version 3.0.2 High Version pom version 3.0.2 Highest
Description:
The slf4j API License:
http://www.opensource.org/licenses/mit-license.php File Path: /home/runner/.m2/repository/org/slf4j/slf4j-api/2.0.16/slf4j-api-2.0.16.jar
MD5: c8de8f5d740584cb24b5652cfba8b3c4
SHA1: 0172931663a09a1fa515567af5fbef00897d3c04
SHA256: a12578dde1ba00bd9b816d388a0b879928d00bab3c83c240f7013bf4196c579a
Referenced In Project/Scope: waffle-tomcat9:compile
slf4j-api-2.0.16.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-jna@3.5.2-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name slf4j-api High Vendor jar package name slf4j Highest Vendor Manifest build-jdk-spec 21 Low Vendor Manifest bundle-docurl http://www.slf4j.org Low Vendor Manifest bundle-symbolicname slf4j.api Medium Vendor Manifest multi-release true Low Vendor pom artifactid slf4j-api Highest Vendor pom artifactid slf4j-api Low Vendor pom groupid org.slf4j Highest Vendor pom name SLF4J API Module High Vendor pom parent-artifactid slf4j-parent Low Vendor pom url http://www.slf4j.org Highest Product file name slf4j-api High Product jar package name slf4j Highest Product Manifest build-jdk-spec 21 Low Product Manifest bundle-docurl http://www.slf4j.org Low Product Manifest Bundle-Name SLF4J API Module Medium Product Manifest bundle-symbolicname slf4j.api Medium Product Manifest Implementation-Title slf4j-api High Product Manifest multi-release true Low Product pom artifactid slf4j-api Highest Product pom groupid org.slf4j Highest Product pom name SLF4J API Module High Product pom parent-artifactid slf4j-parent Medium Product pom url http://www.slf4j.org Medium Version file version 2.0.16 High Version Manifest Bundle-Version 2.0.16 High Version Manifest Implementation-Version 2.0.16 High Version pom version 2.0.16 Highest
Description:
Annotations the SpotBugs tool supports License:
GNU LESSER GENERAL PUBLIC LICENSE, Version 2.1: https://www.gnu.org/licenses/old-licenses/lgpl-2.1.en.html File Path: /home/runner/.m2/repository/com/github/spotbugs/spotbugs-annotations/4.8.6/spotbugs-annotations-4.8.6.jar
MD5: 0806b237c67c69869506ce3ced9a722f
SHA1: 1dcffed3e561ed32134a0dff4717f19bc2fdf4d8
SHA256: 4548b74a815ed44f5480ca4f06204a8b00809dc7e5f6a825a9edf18f40377b65
Referenced In Project/Scope: waffle-tomcat9:provided
spotbugs-annotations-4.8.6.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-tomcat9@3.5.2-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name spotbugs-annotations High Vendor Manifest automatic-module-name com.github.spotbugs.annotations Medium Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor Manifest bundle-symbolicname spotbugs-annotations Medium Vendor pom artifactid spotbugs-annotations Highest Vendor pom artifactid spotbugs-annotations Low Vendor pom developer email andreas.sewe@codetrails.com Low Vendor pom developer email dbrosius@mebigfatguy.com Low Vendor pom developer email loskutov@gmx.de Low Vendor pom developer email skypencil@gmail.com Low Vendor pom developer id henrik242 Medium Vendor pom developer id iloveeclipse Medium Vendor pom developer id jsotuyod Medium Vendor pom developer id KengoTODA Medium Vendor pom developer id mebigfatguy Medium Vendor pom developer id sewe Medium Vendor pom developer id ThrawnCA Medium Vendor pom developer name Andreas Sewe Medium Vendor pom developer name Andrey Loskutov Medium Vendor pom developer name Dave Brosius Medium Vendor pom developer name Juan Martín Sotuyo Dodero Medium Vendor pom developer name Kengo TODA Medium Vendor pom groupid com.github.spotbugs Highest Vendor pom name SpotBugs Annotations High Vendor pom url https://spotbugs.github.io/ Highest Product file name spotbugs-annotations High Product Manifest automatic-module-name com.github.spotbugs.annotations Medium Product Manifest Bundle-Name spotbugs-annotations Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product Manifest bundle-symbolicname spotbugs-annotations Medium Product pom artifactid spotbugs-annotations Highest Product pom developer email andreas.sewe@codetrails.com Low Product pom developer email dbrosius@mebigfatguy.com Low Product pom developer email loskutov@gmx.de Low Product pom developer email skypencil@gmail.com Low Product pom developer id henrik242 Low Product pom developer id iloveeclipse Low Product pom developer id jsotuyod Low Product pom developer id KengoTODA Low Product pom developer id mebigfatguy Low Product pom developer id sewe Low Product pom developer id ThrawnCA Low Product pom developer name Andreas Sewe Low Product pom developer name Andrey Loskutov Low Product pom developer name Dave Brosius Low Product pom developer name Juan Martín Sotuyo Dodero Low Product pom developer name Kengo TODA Low Product pom groupid com.github.spotbugs Highest Product pom name SpotBugs Annotations High Product pom url https://spotbugs.github.io/ Medium Version file version 4.8.6 High Version Manifest Bundle-Version 4.8.6 High Version pom version 4.8.6 Highest
Description:
Annotations Package License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-annotations-api/9.0.98/tomcat-annotations-api-9.0.98.jar
MD5: bf3c4815991bb52f5b54d5ccc561a6aa
SHA1: c9e41dfed4acbcec727aa6a29932df413ba224b2
SHA256: a6451be75cbe373e79f30d626f199e77b70020bd164a23632e5f4f58eaffbaef
Referenced In Project/Scope: waffle-tomcat9:provided
tomcat-annotations-api-9.0.98.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.98
Evidence Type Source Name Value Confidence Vendor file name tomcat-annotations-api High Vendor Manifest bundle-symbolicname org.apache.tomcat-annotations-api Medium Vendor Manifest provide-capability osgi.contract;osgi.contract=JavaAnnotation;version:List="1.3,1.2,1.1,1";uses:="javax.annotation,javax.annotation.security,javax.annotation.sql" Low Vendor manifest: javax/annotation/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: javax/annotation/security/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: javax/annotation/sql/ Implementation-Vendor Apache Software Foundation Medium Vendor pom artifactid tomcat-annotations-api Highest Vendor pom artifactid tomcat-annotations-api Low Vendor pom groupid org.apache.tomcat Highest Vendor pom url https://tomcat.apache.org/ Highest Product file name tomcat-annotations-api High Product jar package name annotation Highest Product jar package name javax Highest Product jar package name security Highest Product jar package name sql Highest Product Manifest Bundle-Name tomcat-annotations-api Medium Product Manifest bundle-symbolicname org.apache.tomcat-annotations-api Medium Product Manifest provide-capability osgi.contract;osgi.contract=JavaAnnotation;version:List="1.3,1.2,1.1,1";uses:="javax.annotation,javax.annotation.security,javax.annotation.sql" Low Product manifest: javax/annotation/ Implementation-Title javax.annotation Medium Product manifest: javax/annotation/ Specification-Title Common Annotations Medium Product manifest: javax/annotation/security/ Implementation-Title javax.annotation Medium Product manifest: javax/annotation/security/ Specification-Title Common Annotations Medium Product manifest: javax/annotation/sql/ Implementation-Title javax.annotation Medium Product manifest: javax/annotation/sql/ Specification-Title Common Annotations Medium Product pom artifactid tomcat-annotations-api Highest Product pom groupid org.apache.tomcat Highest Product pom url https://tomcat.apache.org/ Medium Version file version 9.0.98 High Version Manifest Bundle-Version 9.0.98 High Version pom version 9.0.98 Highest
Description:
Definition of interfaces shared by Catalina and Jasper License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-api/9.0.98/tomcat-api-9.0.98.jar
MD5: 40cbac18b278b92c5d6cfda3d7ebb571
SHA1: 65960a79df8b5964daff12236ec2ebb6f735ca73
SHA256: aceb51aa60ec00156a471010fe413ae3e517c3c04cd2515e1b629f744a12e7cd
Referenced In Project/Scope: waffle-tomcat9:provided
tomcat-api-9.0.98.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-tomcat9@3.5.2-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name tomcat-api High Vendor jar package name apache Highest Vendor jar package name tomcat Highest Vendor Manifest bundle-symbolicname org.apache.tomcat-api Medium Vendor Manifest Implementation-Vendor Apache Software Foundation High Vendor Manifest specification-vendor Apache Software Foundation Low Vendor pom artifactid tomcat-api Highest Vendor pom artifactid tomcat-api Low Vendor pom groupid org.apache.tomcat Highest Vendor pom url https://tomcat.apache.org/ Highest Product file name tomcat-api High Product jar package name apache Highest Product jar package name tomcat Highest Product Manifest Bundle-Name tomcat-api Medium Product Manifest bundle-symbolicname org.apache.tomcat-api Medium Product Manifest Implementation-Title Apache Tomcat High Product Manifest specification-title Apache Tomcat Medium Product pom artifactid tomcat-api Highest Product pom groupid org.apache.tomcat Highest Product pom url https://tomcat.apache.org/ Medium Version file version 9.0.98 High Version Manifest Bundle-Version 9.0.98 High Version Manifest Implementation-Version 9.0.98 High Version pom version 9.0.98 Highest
Related Dependencies tomcat-coyote-9.0.98.jarFile Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-coyote/9.0.98/tomcat-coyote-9.0.98.jar MD5: d89bb99020c41375bd03044f229cd546 SHA1: e1ef3298a8ccc5a6ba763887d4af06d0b941a5e3 SHA256: 00cbadbf34e43bb6597dbdc68f007956df634c3e5318f5e5e0a3cd4bc298b6c1 pkg:maven/org.apache.tomcat/tomcat-coyote@9.0.98 tomcat-jaspic-api-9.0.98.jarFile Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-jaspic-api/9.0.98/tomcat-jaspic-api-9.0.98.jar MD5: 8430877501dc0297066e6bc4bd591b79 SHA1: dba5f253857ac78c7c662045e6ff928e4ed1164e SHA256: ed86720164028eab4bf0cc350199d441ef928943b68bb7f12a40671d285af3b9 pkg:maven/org.apache.tomcat/tomcat-jaspic-api@9.0.98 tomcat-jsp-api-9.0.98.jarFile Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-jsp-api/9.0.98/tomcat-jsp-api-9.0.98.jar MD5: b3fed7d9c9b8946e93a865a4c4887f57 SHA1: d8edc71b0f6e45881b6a85a2f40ad59ab5fc806b SHA256: e5b9202bdb53f1f36a1263a8697ca27e7aa2dfd5bca0e1e8c4f18f2e62e6f3fd pkg:maven/org.apache.tomcat/tomcat-jsp-api@9.0.98 tomcat-util-9.0.98.jarFile Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-util/9.0.98/tomcat-util-9.0.98.jar MD5: b5d2d8b86024c5170eb0bc04e7bfec33 SHA1: 197d106c0d9b399c6023fe20d3a8f764595ce064 SHA256: 53b1cc1957bf977a6c148d1616e2db98cf61fb457104e83a28c8c5b76317d810 pkg:maven/org.apache.tomcat/tomcat-util@9.0.98 tomcat-util-scan-9.0.98.jarFile Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-util-scan/9.0.98/tomcat-util-scan-9.0.98.jar MD5: 10547eacdd82d00c9aad55eb9892dfe3 SHA1: 9e7cbc6814ba43063d4049c9b3f68704f6aa83b5 SHA256: e913f286446c267c92923b1432f248a052cf3fef4138db05e0108795b8f2cf69 pkg:maven/org.apache.tomcat/tomcat-util-scan@9.0.98 Description:
Tomcat Servlet Engine Core Classes and Standard implementations License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-catalina/9.0.98/tomcat-catalina-9.0.98.jar
MD5: 9294303ad3f4a038822729a2f1ae12ac
SHA1: cef7880f49e154aeaa30c4c2655d92a7cf17757b
SHA256: 38940a585577dd145858648e849786602c847bac964569548319a3afe889dc87
Referenced In Project/Scope: waffle-tomcat9:provided
tomcat-catalina-9.0.98.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-tomcat9@3.5.2-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name tomcat-catalina High Vendor jar package name apache Highest Vendor jar package name catalina Highest Vendor jar package name core Highest Vendor jar package name engine Highest Vendor jar package name tomcat Highest Vendor Manifest bundle-symbolicname org.apache.tomcat-catalina Medium Vendor Manifest Implementation-Vendor Apache Software Foundation High Vendor Manifest specification-vendor Apache Software Foundation Low Vendor pom artifactid tomcat-catalina Highest Vendor pom artifactid tomcat-catalina Low Vendor pom groupid org.apache.tomcat Highest Vendor pom url https://tomcat.apache.org/ Highest Product file name tomcat-catalina High Product jar package name apache Highest Product jar package name catalina Highest Product jar package name core Highest Product jar package name engine Highest Product jar package name tomcat Highest Product Manifest Bundle-Name tomcat-catalina Medium Product Manifest bundle-symbolicname org.apache.tomcat-catalina Medium Product Manifest Implementation-Title Apache Tomcat High Product Manifest specification-title Apache Tomcat Medium Product pom artifactid tomcat-catalina Highest Product pom groupid org.apache.tomcat Highest Product pom url https://tomcat.apache.org/ Medium Version file version 9.0.98 High Version Manifest Bundle-Version 9.0.98 High Version Manifest Implementation-Version 9.0.98 High Version pom version 9.0.98 Highest
CVE-2024-56337 (OSSINDEX)suppress
Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache Tomcat.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97.
The mitigation for CVE-2024-50379 was incomplete.
Users running Tomcat on a case insensitive file system with the default servlet write enabled (readonly initialisation
parameter set to the non-default value of false) may need additional configuration to fully mitigate CVE-2024-50379 depending on which version of Java they are using with Tomcat:
- running on Java 8 or Java 11: the system property sun.io.useCanonCaches must be explicitly set to false (it defaults to true)
- running on Java 17: the system property sun.io.useCanonCaches, if set, must be set to false (it defaults to false)
- running on Java 21 onwards: no further configuration is required (the system property and the problematic cache have been removed)
Tomcat 11.0.3, 10.1.35 and 9.0.99 onwards will include checks that sun.io.useCanonCaches is set appropriately before allowing the default servlet to be write enabled on a case insensitive file system. Tomcat will also set sun.io.useCanonCaches to false by default where it can.
Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2024-56337 for details CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition
CVSSv2:
Base Score: HIGH (7.199999809265137) Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:org.apache.tomcat:tomcat-catalina:9.0.98:*:*:*:*:*:*:* Description:
Expression language package License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-el-api/9.0.98/tomcat-el-api-9.0.98.jar
MD5: a7baef6aa4913919fea25872740bf7e2
SHA1: f25cdef5efa34399fe3afbe08d0e34a09bad4657
SHA256: ff543f3000f31ba32e31369fd9bb93dab7fcea2352a1388a3635149e40617cd0
Referenced In Project/Scope: waffle-tomcat9:provided
tomcat-el-api-9.0.98.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.98
Evidence Type Source Name Value Confidence Vendor file name tomcat-el-api High Vendor jar package name el Highest Vendor jar package name expression Highest Vendor Manifest bundle-symbolicname org.apache.tomcat-el-api Medium Vendor Manifest provide-capability osgi.contract;osgi.contract=JavaEL;version:List="3.0,2.2,2.1";uses:="javax.el" Low Vendor manifest: javax/el/ Implementation-Vendor Apache Software Foundation Medium Vendor pom artifactid tomcat-el-api Highest Vendor pom artifactid tomcat-el-api Low Vendor pom groupid org.apache.tomcat Highest Vendor pom url https://tomcat.apache.org/ Highest Product file name tomcat-el-api High Product jar package name el Highest Product jar package name expression Highest Product jar package name javax Highest Product Manifest Bundle-Name tomcat-el-api Medium Product Manifest bundle-symbolicname org.apache.tomcat-el-api Medium Product Manifest provide-capability osgi.contract;osgi.contract=JavaEL;version:List="3.0,2.2,2.1";uses:="javax.el" Low Product manifest: javax/el/ Implementation-Title javax.el Medium Product manifest: javax/el/ Specification-Title Expression Language Medium Product pom artifactid tomcat-el-api Highest Product pom groupid org.apache.tomcat Highest Product pom url https://tomcat.apache.org/ Medium Version file version 9.0.98 High Version Manifest Bundle-Version 9.0.98 High Version pom version 9.0.98 Highest
Description:
Interface code to the native connector License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-jni/9.0.98/tomcat-jni-9.0.98.jar
MD5: fdac694b25c0fbf559a9b251f63073f4
SHA1: c5604e2970f218e18400487239fa65db36225510
SHA256: e084af31c187f37f7397c57d5c0e64e4d96daaaccd00ed0bb4904def4022ec34
Referenced In Project/Scope: waffle-tomcat9:provided
tomcat-jni-9.0.98.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.98
Evidence Type Source Name Value Confidence Vendor file name tomcat-jni High Vendor jar package name apache Highest Vendor jar package name jni Highest Vendor jar package name tomcat Highest Vendor Manifest bundle-symbolicname org.apache.tomcat-jni Medium Vendor Manifest Implementation-Vendor Apache Software Foundation High Vendor Manifest specification-vendor Apache Software Foundation Low Vendor pom artifactid tomcat-jni Highest Vendor pom artifactid tomcat-jni Low Vendor pom groupid org.apache.tomcat Highest Vendor pom url https://tomcat.apache.org/ Highest Product file name tomcat-jni High Product jar package name apache Highest Product jar package name jni Highest Product jar package name tomcat Highest Product Manifest Bundle-Name tomcat-jni Medium Product Manifest bundle-symbolicname org.apache.tomcat-jni Medium Product Manifest Implementation-Title Apache Tomcat High Product Manifest specification-title Apache Tomcat Medium Product pom artifactid tomcat-jni Highest Product pom groupid org.apache.tomcat Highest Product pom url https://tomcat.apache.org/ Medium Version file version 9.0.98 High Version Manifest Bundle-Version 9.0.98 High Version Manifest Implementation-Version 9.0.98 High Version pom version 9.0.98 Highest
Description:
Tomcat Core Logging Package License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-juli/9.0.98/tomcat-juli-9.0.98.jar
MD5: 445547c31e2e79558a4517c78eb4d789
SHA1: 5b1fff24037339fcf8045f87ff5694b04e79c472
SHA256: 40994df9c4741eefe7f38701be3c59e563bff89f030ca68b625a57e8ce149092
Referenced In Project/Scope: waffle-tomcat9:provided
tomcat-juli-9.0.98.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-tomcat9@3.5.2-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name tomcat-juli High Vendor jar package name apache Highest Vendor jar package name juli Highest Vendor jar package name logging Highest Vendor Manifest bundle-symbolicname org.apache.tomcat-juli Medium Vendor Manifest Implementation-Vendor Apache Software Foundation High Vendor Manifest specification-vendor Apache Software Foundation Low Vendor pom artifactid tomcat-juli Highest Vendor pom artifactid tomcat-juli Low Vendor pom groupid org.apache.tomcat Highest Vendor pom url https://tomcat.apache.org/ Highest Product file name tomcat-juli High Product jar package name apache Highest Product jar package name juli Highest Product jar package name logging Highest Product Manifest Bundle-Name tomcat-juli Medium Product Manifest bundle-symbolicname org.apache.tomcat-juli Medium Product Manifest Implementation-Title Apache Tomcat High Product Manifest specification-title Apache Tomcat Medium Product pom artifactid tomcat-juli Highest Product pom groupid org.apache.tomcat Highest Product pom url https://tomcat.apache.org/ Medium Version file version 9.0.98 High Version Manifest Bundle-Version 9.0.98 High Version Manifest Implementation-Version 9.0.98 High Version pom version 9.0.98 Highest
Description:
javax.servlet package License:
Apache License, Version 2.0 and
Common Development And Distribution License (CDDL) Version 1.0
:
http://www.apache.org/licenses/LICENSE-2.0.txt and
http://www.opensource.org/licenses/cddl1.txt
File Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-servlet-api/9.0.98/tomcat-servlet-api-9.0.98.jar
MD5: 96fb550f5953f6b9401fde7d14f5683d
SHA1: a06c4f0ed3fddcdd1c634ebf472228706c29ea7f
SHA256: 18085e7d8ad007c28bc50018437828fb6b88f65fabd774a1e4e6e8fbd2b7d757
Referenced In Project/Scope: waffle-tomcat9:provided
tomcat-servlet-api-9.0.98.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-tomcat9@3.5.2-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name tomcat-servlet-api High Vendor jar package name javax Highest Vendor jar package name servlet Highest Vendor Manifest bundle-symbolicname org.apache.tomcat-servlet-api Medium Vendor Manifest provide-capability osgi.contract;osgi.contract=JavaServlet;version:List="4.0,3.1,3,2.5";uses:="javax.servlet,javax.servlet.annotation,javax.servlet.descriptor,javax.servlet.http,javax.servlet.resources" Low Vendor manifest: javax/servlet/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: javax/servlet/annotation/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: javax/servlet/descriptor/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: javax/servlet/http/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: javax/servlet/resources/ Implementation-Vendor Apache Software Foundation Medium Vendor pom artifactid tomcat-servlet-api Highest Vendor pom artifactid tomcat-servlet-api Low Vendor pom groupid org.apache.tomcat Highest Vendor pom url https://tomcat.apache.org/ Highest Product file name tomcat-servlet-api High Product jar package name annotation Highest Product jar package name descriptor Highest Product jar package name http Highest Product jar package name javax Highest Product jar package name servlet Highest Product Manifest Bundle-Name tomcat-servlet-api Medium Product Manifest bundle-symbolicname org.apache.tomcat-servlet-api Medium Product Manifest provide-capability osgi.contract;osgi.contract=JavaServlet;version:List="4.0,3.1,3,2.5";uses:="javax.servlet,javax.servlet.annotation,javax.servlet.descriptor,javax.servlet.http,javax.servlet.resources" Low Product manifest: javax/servlet/ Implementation-Title javax.servlet Medium Product manifest: javax/servlet/ Specification-Title Java API for Servlets Medium Product manifest: javax/servlet/annotation/ Implementation-Title javax.servlet Medium Product manifest: javax/servlet/annotation/ Specification-Title Java API for Servlets Medium Product manifest: javax/servlet/descriptor/ Implementation-Title javax.servlet Medium Product manifest: javax/servlet/descriptor/ Specification-Title Java API for Servlets Medium Product manifest: javax/servlet/http/ Implementation-Title javax.servlet Medium Product manifest: javax/servlet/http/ Specification-Title Java API for Servlets Medium Product manifest: javax/servlet/resources/ Implementation-Title javax.servlet Medium Product manifest: javax/servlet/resources/ Specification-Title Java API for Servlets Medium Product pom artifactid tomcat-servlet-api Highest Product pom groupid org.apache.tomcat Highest Product pom url https://tomcat.apache.org/ Medium Version file version 9.0.98 High Version Manifest Bundle-Version 9.0.98 High Version pom version 9.0.98 Highest