Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies;
false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and
the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties,
implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided
is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever
arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
Scan Information (
show all ):
dependency-check version : 11.1.0Report Generated On : Wed, 28 Jan 2026 20:38:01 GMTDependencies Scanned : 282 (213 unique)Vulnerable Dependencies : 14 Vulnerabilities Found : 22Vulnerabilities Suppressed : 0 ... NVD API Last Checked : 2026-01-28T19:39:43ZNVD API Last Modified : 2026-01-28T19:35:13ZAnalysis Exceptions Failed to request component-reports exception : org.owasp.dependencycheck.analyzer.exception.AnalysisException: Failed to request component-reports
org.owasp.dependencycheck.analyzer.OssIndexAnalyzer.analyzeDependency(OssIndexAnalyzer.java:170) https://ossindex.sonatype.org/api/v3/component-report - Server status: 401 - Server reason: Unauthorized cause : org.owasp.dependencycheck.utils.DownloadFailedException: https://ossindex.sonatype.org/api/v3/component-report - Server status: 401 - Server reason: Unauthorized
org.owasp.dependencycheck.utils.Downloader.wrapAndThrowHttpResponseException(Downloader.java:346) status code: 401, reason phrase: Unauthorized cause : org.apache.hc.client5.http.HttpResponseException: status code: 401, reason phrase: Unauthorized
org.apache.hc.client5.http.impl.classic.AbstractHttpClientResponseHandler.handleResponse(AbstractHttpClientResponseHandler.java:69) Failed to request component-reports exception : org.owasp.dependencycheck.analyzer.exception.AnalysisException: Failed to request component-reports
org.owasp.dependencycheck.analyzer.OssIndexAnalyzer.analyzeDependency(OssIndexAnalyzer.java:170) https://ossindex.sonatype.org/api/v3/component-report - Server status: 401 - Server reason: Unauthorized cause : org.owasp.dependencycheck.utils.DownloadFailedException: https://ossindex.sonatype.org/api/v3/component-report - Server status: 401 - Server reason: Unauthorized
org.owasp.dependencycheck.utils.Downloader.wrapAndThrowHttpResponseException(Downloader.java:346) status code: 401, reason phrase: Unauthorized cause : org.apache.hc.client5.http.HttpResponseException: status code: 401, reason phrase: Unauthorized
org.apache.hc.client5.http.impl.classic.AbstractHttpClientResponseHandler.handleResponse(AbstractHttpClientResponseHandler.java:69) Failed to request component-reports exception : org.owasp.dependencycheck.analyzer.exception.AnalysisException: Failed to request component-reports
org.owasp.dependencycheck.analyzer.OssIndexAnalyzer.analyzeDependency(OssIndexAnalyzer.java:170) https://ossindex.sonatype.org/api/v3/component-report - Server status: 401 - Server reason: Unauthorized cause : org.owasp.dependencycheck.utils.DownloadFailedException: https://ossindex.sonatype.org/api/v3/component-report - Server status: 401 - Server reason: Unauthorized
org.owasp.dependencycheck.utils.Downloader.wrapAndThrowHttpResponseException(Downloader.java:346) status code: 401, reason phrase: Unauthorized cause : org.apache.hc.client5.http.HttpResponseException: status code: 401, reason phrase: Unauthorized
org.apache.hc.client5.http.impl.classic.AbstractHttpClientResponseHandler.handleResponse(AbstractHttpClientResponseHandler.java:69) Failed to request component-reports exception : org.owasp.dependencycheck.analyzer.exception.AnalysisException: Failed to request component-reports
org.owasp.dependencycheck.analyzer.OssIndexAnalyzer.analyzeDependency(OssIndexAnalyzer.java:170) https://ossindex.sonatype.org/api/v3/component-report - Server status: 401 - Server reason: Unauthorized cause : org.owasp.dependencycheck.utils.DownloadFailedException: https://ossindex.sonatype.org/api/v3/component-report - Server status: 401 - Server reason: Unauthorized
org.owasp.dependencycheck.utils.Downloader.wrapAndThrowHttpResponseException(Downloader.java:346) status code: 401, reason phrase: Unauthorized cause : org.apache.hc.client5.http.HttpResponseException: status code: 401, reason phrase: Unauthorized
org.apache.hc.client5.http.impl.classic.AbstractHttpClientResponseHandler.handleResponse(AbstractHttpClientResponseHandler.java:69) Failed to request component-reports exception : org.owasp.dependencycheck.analyzer.exception.AnalysisException: Failed to request component-reports
org.owasp.dependencycheck.analyzer.OssIndexAnalyzer.analyzeDependency(OssIndexAnalyzer.java:170) https://ossindex.sonatype.org/api/v3/component-report - Server status: 401 - Server reason: Unauthorized cause : org.owasp.dependencycheck.utils.DownloadFailedException: https://ossindex.sonatype.org/api/v3/component-report - Server status: 401 - Server reason: Unauthorized
org.owasp.dependencycheck.utils.Downloader.wrapAndThrowHttpResponseException(Downloader.java:346) status code: 401, reason phrase: Unauthorized cause : org.apache.hc.client5.http.HttpResponseException: status code: 401, reason phrase: Unauthorized
org.apache.hc.client5.http.impl.classic.AbstractHttpClientResponseHandler.handleResponse(AbstractHttpClientResponseHandler.java:69) Failed to request component-reports exception : org.owasp.dependencycheck.analyzer.exception.AnalysisException: Failed to request component-reports
org.owasp.dependencycheck.analyzer.OssIndexAnalyzer.analyzeDependency(OssIndexAnalyzer.java:170) https://ossindex.sonatype.org/api/v3/component-report - Server status: 401 - Server reason: Unauthorized cause : org.owasp.dependencycheck.utils.DownloadFailedException: https://ossindex.sonatype.org/api/v3/component-report - Server status: 401 - Server reason: Unauthorized
org.owasp.dependencycheck.utils.Downloader.wrapAndThrowHttpResponseException(Downloader.java:346) status code: 401, reason phrase: Unauthorized cause : org.apache.hc.client5.http.HttpResponseException: status code: 401, reason phrase: Unauthorized
org.apache.hc.client5.http.impl.classic.AbstractHttpClientResponseHandler.handleResponse(AbstractHttpClientResponseHandler.java:69) Failed to request component-reports exception : org.owasp.dependencycheck.analyzer.exception.AnalysisException: Failed to request component-reports
org.owasp.dependencycheck.analyzer.OssIndexAnalyzer.analyzeDependency(OssIndexAnalyzer.java:170) https://ossindex.sonatype.org/api/v3/component-report - Server status: 401 - Server reason: Unauthorized cause : org.owasp.dependencycheck.utils.DownloadFailedException: https://ossindex.sonatype.org/api/v3/component-report - Server status: 401 - Server reason: Unauthorized
org.owasp.dependencycheck.utils.Downloader.wrapAndThrowHttpResponseException(Downloader.java:346) status code: 401, reason phrase: Unauthorized cause : org.apache.hc.client5.http.HttpResponseException: status code: 401, reason phrase: Unauthorized
org.apache.hc.client5.http.impl.classic.AbstractHttpClientResponseHandler.handleResponse(AbstractHttpClientResponseHandler.java:69) Failed to request component-reports exception : org.owasp.dependencycheck.analyzer.exception.AnalysisException: Failed to request component-reports
org.owasp.dependencycheck.analyzer.OssIndexAnalyzer.analyzeDependency(OssIndexAnalyzer.java:170) https://ossindex.sonatype.org/api/v3/component-report - Server status: 401 - Server reason: Unauthorized cause : org.owasp.dependencycheck.utils.DownloadFailedException: https://ossindex.sonatype.org/api/v3/component-report - Server status: 401 - Server reason: Unauthorized
org.owasp.dependencycheck.utils.Downloader.wrapAndThrowHttpResponseException(Downloader.java:346) status code: 401, reason phrase: Unauthorized cause : org.apache.hc.client5.http.HttpResponseException: status code: 401, reason phrase: Unauthorized
org.apache.hc.client5.http.impl.classic.AbstractHttpClientResponseHandler.handleResponse(AbstractHttpClientResponseHandler.java:69) Failed to request component-reports exception : org.owasp.dependencycheck.analyzer.exception.AnalysisException: Failed to request component-reports
org.owasp.dependencycheck.analyzer.OssIndexAnalyzer.analyzeDependency(OssIndexAnalyzer.java:170) https://ossindex.sonatype.org/api/v3/component-report - Server status: 401 - Server reason: Unauthorized cause : org.owasp.dependencycheck.utils.DownloadFailedException: https://ossindex.sonatype.org/api/v3/component-report - Server status: 401 - Server reason: Unauthorized
org.owasp.dependencycheck.utils.Downloader.wrapAndThrowHttpResponseException(Downloader.java:346) status code: 401, reason phrase: Unauthorized cause : org.apache.hc.client5.http.HttpResponseException: status code: 401, reason phrase: Unauthorized
org.apache.hc.client5.http.impl.classic.AbstractHttpClientResponseHandler.handleResponse(AbstractHttpClientResponseHandler.java:69) OSS Index rate limit exceeded, disabling the analyzer exception : org.owasp.dependencycheck.analyzer.exception.AnalysisException: OSS Index rate limit exceeded, disabling the analyzer
org.owasp.dependencycheck.analyzer.OssIndexAnalyzer.analyzeDependency(OssIndexAnalyzer.java:151) Too many requests for https://ossindex.sonatype.org/api/v3/component-report HTTP status 429 cause : org.sonatype.ossindex.service.client.transport.Transport$TransportException: Too many requests for https://ossindex.sonatype.org/api/v3/component-report HTTP status 429
org.owasp.dependencycheck.data.ossindex.ODCConnectionTransport.post(ODCConnectionTransport.java:84) https://ossindex.sonatype.org/api/v3/component-report - Server status: 429 - Server reason: cause : org.owasp.dependencycheck.utils.TooManyRequestsException: https://ossindex.sonatype.org/api/v3/component-report - Server status: 429 - Server reason:
org.owasp.dependencycheck.utils.Downloader.wrapAndThrowHttpResponseException(Downloader.java:344) status code: 429 cause : org.apache.hc.client5.http.HttpResponseException: status code: 429
org.apache.hc.client5.http.impl.classic.AbstractHttpClientResponseHandler.handleResponse(AbstractHttpClientResponseHandler.java:69) OSS Index rate limit exceeded, disabling the analyzer exception : org.owasp.dependencycheck.analyzer.exception.AnalysisException: OSS Index rate limit exceeded, disabling the analyzer
org.owasp.dependencycheck.analyzer.OssIndexAnalyzer.analyzeDependency(OssIndexAnalyzer.java:151) Too many requests for https://ossindex.sonatype.org/api/v3/component-report HTTP status 429 cause : org.sonatype.ossindex.service.client.transport.Transport$TransportException: Too many requests for https://ossindex.sonatype.org/api/v3/component-report HTTP status 429
org.owasp.dependencycheck.data.ossindex.ODCConnectionTransport.post(ODCConnectionTransport.java:84) https://ossindex.sonatype.org/api/v3/component-report - Server status: 429 - Server reason: cause : org.owasp.dependencycheck.utils.TooManyRequestsException: https://ossindex.sonatype.org/api/v3/component-report - Server status: 429 - Server reason:
org.owasp.dependencycheck.utils.Downloader.wrapAndThrowHttpResponseException(Downloader.java:344) status code: 429 cause : org.apache.hc.client5.http.HttpResponseException: status code: 429
org.apache.hc.client5.http.impl.classic.AbstractHttpClientResponseHandler.handleResponse(AbstractHttpClientResponseHandler.java:69) OSS Index rate limit exceeded, disabling the analyzer exception : org.owasp.dependencycheck.analyzer.exception.AnalysisException: OSS Index rate limit exceeded, disabling the analyzer
org.owasp.dependencycheck.analyzer.OssIndexAnalyzer.analyzeDependency(OssIndexAnalyzer.java:151) Too many requests for https://ossindex.sonatype.org/api/v3/component-report HTTP status 429 cause : org.sonatype.ossindex.service.client.transport.Transport$TransportException: Too many requests for https://ossindex.sonatype.org/api/v3/component-report HTTP status 429
org.owasp.dependencycheck.data.ossindex.ODCConnectionTransport.post(ODCConnectionTransport.java:84) https://ossindex.sonatype.org/api/v3/component-report - Server status: 429 - Server reason: cause : org.owasp.dependencycheck.utils.TooManyRequestsException: https://ossindex.sonatype.org/api/v3/component-report - Server status: 429 - Server reason:
org.owasp.dependencycheck.utils.Downloader.wrapAndThrowHttpResponseException(Downloader.java:344) status code: 429 cause : org.apache.hc.client5.http.HttpResponseException: status code: 429
org.apache.hc.client5.http.impl.classic.AbstractHttpClientResponseHandler.handleResponse(AbstractHttpClientResponseHandler.java:69) OSS Index rate limit exceeded, disabling the analyzer exception : org.owasp.dependencycheck.analyzer.exception.AnalysisException: OSS Index rate limit exceeded, disabling the analyzer
org.owasp.dependencycheck.analyzer.OssIndexAnalyzer.analyzeDependency(OssIndexAnalyzer.java:151) Too many requests for https://ossindex.sonatype.org/api/v3/component-report HTTP status 429 cause : org.sonatype.ossindex.service.client.transport.Transport$TransportException: Too many requests for https://ossindex.sonatype.org/api/v3/component-report HTTP status 429
org.owasp.dependencycheck.data.ossindex.ODCConnectionTransport.post(ODCConnectionTransport.java:84) https://ossindex.sonatype.org/api/v3/component-report - Server status: 429 - Server reason: cause : org.owasp.dependencycheck.utils.TooManyRequestsException: https://ossindex.sonatype.org/api/v3/component-report - Server status: 429 - Server reason:
org.owasp.dependencycheck.utils.Downloader.wrapAndThrowHttpResponseException(Downloader.java:344) status code: 429 cause : org.apache.hc.client5.http.HttpResponseException: status code: 429
org.apache.hc.client5.http.impl.classic.AbstractHttpClientResponseHandler.handleResponse(AbstractHttpClientResponseHandler.java:69) OSS Index rate limit exceeded, disabling the analyzer exception : org.owasp.dependencycheck.analyzer.exception.AnalysisException: OSS Index rate limit exceeded, disabling the analyzer
org.owasp.dependencycheck.analyzer.OssIndexAnalyzer.analyzeDependency(OssIndexAnalyzer.java:151) Too many requests for https://ossindex.sonatype.org/api/v3/component-report HTTP status 429 cause : org.sonatype.ossindex.service.client.transport.Transport$TransportException: Too many requests for https://ossindex.sonatype.org/api/v3/component-report HTTP status 429
org.owasp.dependencycheck.data.ossindex.ODCConnectionTransport.post(ODCConnectionTransport.java:84) https://ossindex.sonatype.org/api/v3/component-report - Server status: 429 - Server reason: cause : org.owasp.dependencycheck.utils.TooManyRequestsException: https://ossindex.sonatype.org/api/v3/component-report - Server status: 429 - Server reason:
org.owasp.dependencycheck.utils.Downloader.wrapAndThrowHttpResponseException(Downloader.java:344) status code: 429 cause : org.apache.hc.client5.http.HttpResponseException: status code: 429
org.apache.hc.client5.http.impl.classic.AbstractHttpClientResponseHandler.handleResponse(AbstractHttpClientResponseHandler.java:69) OSS Index rate limit exceeded, disabling the analyzer exception : org.owasp.dependencycheck.analyzer.exception.AnalysisException: OSS Index rate limit exceeded, disabling the analyzer
org.owasp.dependencycheck.analyzer.OssIndexAnalyzer.analyzeDependency(OssIndexAnalyzer.java:151) Too many requests for https://ossindex.sonatype.org/api/v3/component-report HTTP status 429 cause : org.sonatype.ossindex.service.client.transport.Transport$TransportException: Too many requests for https://ossindex.sonatype.org/api/v3/component-report HTTP status 429
org.owasp.dependencycheck.data.ossindex.ODCConnectionTransport.post(ODCConnectionTransport.java:84) https://ossindex.sonatype.org/api/v3/component-report - Server status: 429 - Server reason: cause : org.owasp.dependencycheck.utils.TooManyRequestsException: https://ossindex.sonatype.org/api/v3/component-report - Server status: 429 - Server reason:
org.owasp.dependencycheck.utils.Downloader.wrapAndThrowHttpResponseException(Downloader.java:344) status code: 429 cause : org.apache.hc.client5.http.HttpResponseException: status code: 429
org.apache.hc.client5.http.impl.classic.AbstractHttpClientResponseHandler.handleResponse(AbstractHttpClientResponseHandler.java:69) OSS Index rate limit exceeded, disabling the analyzer exception : org.owasp.dependencycheck.analyzer.exception.AnalysisException: OSS Index rate limit exceeded, disabling the analyzer
org.owasp.dependencycheck.analyzer.OssIndexAnalyzer.analyzeDependency(OssIndexAnalyzer.java:151) Too many requests for https://ossindex.sonatype.org/api/v3/component-report HTTP status 429 cause : org.sonatype.ossindex.service.client.transport.Transport$TransportException: Too many requests for https://ossindex.sonatype.org/api/v3/component-report HTTP status 429
org.owasp.dependencycheck.data.ossindex.ODCConnectionTransport.post(ODCConnectionTransport.java:84) https://ossindex.sonatype.org/api/v3/component-report - Server status: 429 - Server reason: cause : org.owasp.dependencycheck.utils.TooManyRequestsException: https://ossindex.sonatype.org/api/v3/component-report - Server status: 429 - Server reason:
org.owasp.dependencycheck.utils.Downloader.wrapAndThrowHttpResponseException(Downloader.java:344) status code: 429 cause : org.apache.hc.client5.http.HttpResponseException: status code: 429
org.apache.hc.client5.http.impl.classic.AbstractHttpClientResponseHandler.handleResponse(AbstractHttpClientResponseHandler.java:69) OSS Index rate limit exceeded, disabling the analyzer exception : org.owasp.dependencycheck.analyzer.exception.AnalysisException: OSS Index rate limit exceeded, disabling the analyzer
org.owasp.dependencycheck.analyzer.OssIndexAnalyzer.analyzeDependency(OssIndexAnalyzer.java:151) Too many requests for https://ossindex.sonatype.org/api/v3/component-report HTTP status 429 cause : org.sonatype.ossindex.service.client.transport.Transport$TransportException: Too many requests for https://ossindex.sonatype.org/api/v3/component-report HTTP status 429
org.owasp.dependencycheck.data.ossindex.ODCConnectionTransport.post(ODCConnectionTransport.java:84) https://ossindex.sonatype.org/api/v3/component-report - Server status: 429 - Server reason: cause : org.owasp.dependencycheck.utils.TooManyRequestsException: https://ossindex.sonatype.org/api/v3/component-report - Server status: 429 - Server reason:
org.owasp.dependencycheck.utils.Downloader.wrapAndThrowHttpResponseException(Downloader.java:344) status code: 429 cause : org.apache.hc.client5.http.HttpResponseException: status code: 429
org.apache.hc.client5.http.impl.classic.AbstractHttpClientResponseHandler.handleResponse(AbstractHttpClientResponseHandler.java:69) OSS Index rate limit exceeded, disabling the analyzer exception : org.owasp.dependencycheck.analyzer.exception.AnalysisException: OSS Index rate limit exceeded, disabling the analyzer
org.owasp.dependencycheck.analyzer.OssIndexAnalyzer.analyzeDependency(OssIndexAnalyzer.java:151) Too many requests for https://ossindex.sonatype.org/api/v3/component-report HTTP status 429 cause : org.sonatype.ossindex.service.client.transport.Transport$TransportException: Too many requests for https://ossindex.sonatype.org/api/v3/component-report HTTP status 429
org.owasp.dependencycheck.data.ossindex.ODCConnectionTransport.post(ODCConnectionTransport.java:84) https://ossindex.sonatype.org/api/v3/component-report - Server status: 429 - Server reason: cause : org.owasp.dependencycheck.utils.TooManyRequestsException: https://ossindex.sonatype.org/api/v3/component-report - Server status: 429 - Server reason:
org.owasp.dependencycheck.utils.Downloader.wrapAndThrowHttpResponseException(Downloader.java:344) status code: 429 cause : org.apache.hc.client5.http.HttpResponseException: status code: 429
org.apache.hc.client5.http.impl.classic.AbstractHttpClientResponseHandler.handleResponse(AbstractHttpClientResponseHandler.java:69) OSS Index rate limit exceeded, disabling the analyzer exception : org.owasp.dependencycheck.analyzer.exception.AnalysisException: OSS Index rate limit exceeded, disabling the analyzer
org.owasp.dependencycheck.analyzer.OssIndexAnalyzer.analyzeDependency(OssIndexAnalyzer.java:151) Too many requests for https://ossindex.sonatype.org/api/v3/component-report HTTP status 429 cause : org.sonatype.ossindex.service.client.transport.Transport$TransportException: Too many requests for https://ossindex.sonatype.org/api/v3/component-report HTTP status 429
org.owasp.dependencycheck.data.ossindex.ODCConnectionTransport.post(ODCConnectionTransport.java:84) https://ossindex.sonatype.org/api/v3/component-report - Server status: 429 - Server reason: cause : org.owasp.dependencycheck.utils.TooManyRequestsException: https://ossindex.sonatype.org/api/v3/component-report - Server status: 429 - Server reason:
org.owasp.dependencycheck.utils.Downloader.wrapAndThrowHttpResponseException(Downloader.java:344) status code: 429 cause : org.apache.hc.client5.http.HttpResponseException: status code: 429
org.apache.hc.client5.http.impl.classic.AbstractHttpClientResponseHandler.handleResponse(AbstractHttpClientResponseHandler.java:69) OSS Index rate limit exceeded, disabling the analyzer exception : org.owasp.dependencycheck.analyzer.exception.AnalysisException: OSS Index rate limit exceeded, disabling the analyzer
org.owasp.dependencycheck.analyzer.OssIndexAnalyzer.analyzeDependency(OssIndexAnalyzer.java:151) Too many requests for https://ossindex.sonatype.org/api/v3/component-report HTTP status 429 cause : org.sonatype.ossindex.service.client.transport.Transport$TransportException: Too many requests for https://ossindex.sonatype.org/api/v3/component-report HTTP status 429
org.owasp.dependencycheck.data.ossindex.ODCConnectionTransport.post(ODCConnectionTransport.java:84) https://ossindex.sonatype.org/api/v3/component-report - Server status: 429 - Server reason: cause : org.owasp.dependencycheck.utils.TooManyRequestsException: https://ossindex.sonatype.org/api/v3/component-report - Server status: 429 - Server reason:
org.owasp.dependencycheck.utils.Downloader.wrapAndThrowHttpResponseException(Downloader.java:344) status code: 429 cause : org.apache.hc.client5.http.HttpResponseException: status code: 429
org.apache.hc.client5.http.impl.classic.AbstractHttpClientResponseHandler.handleResponse(AbstractHttpClientResponseHandler.java:69) OSS Index rate limit exceeded, disabling the analyzer exception : org.owasp.dependencycheck.analyzer.exception.AnalysisException: OSS Index rate limit exceeded, disabling the analyzer
org.owasp.dependencycheck.analyzer.OssIndexAnalyzer.analyzeDependency(OssIndexAnalyzer.java:151) Too many requests for https://ossindex.sonatype.org/api/v3/component-report HTTP status 429 cause : org.sonatype.ossindex.service.client.transport.Transport$TransportException: Too many requests for https://ossindex.sonatype.org/api/v3/component-report HTTP status 429
org.owasp.dependencycheck.data.ossindex.ODCConnectionTransport.post(ODCConnectionTransport.java:84) https://ossindex.sonatype.org/api/v3/component-report - Server status: 429 - Server reason: cause : org.owasp.dependencycheck.utils.TooManyRequestsException: https://ossindex.sonatype.org/api/v3/component-report - Server status: 429 - Server reason:
org.owasp.dependencycheck.utils.Downloader.wrapAndThrowHttpResponseException(Downloader.java:344) status code: 429 cause : org.apache.hc.client5.http.HttpResponseException: status code: 429
org.apache.hc.client5.http.impl.classic.AbstractHttpClientResponseHandler.handleResponse(AbstractHttpClientResponseHandler.java:69) OSS Index rate limit exceeded, disabling the analyzer exception : org.owasp.dependencycheck.analyzer.exception.AnalysisException: OSS Index rate limit exceeded, disabling the analyzer
org.owasp.dependencycheck.analyzer.OssIndexAnalyzer.analyzeDependency(OssIndexAnalyzer.java:151) Too many requests for https://ossindex.sonatype.org/api/v3/component-report HTTP status 429 cause : org.sonatype.ossindex.service.client.transport.Transport$TransportException: Too many requests for https://ossindex.sonatype.org/api/v3/component-report HTTP status 429
org.owasp.dependencycheck.data.ossindex.ODCConnectionTransport.post(ODCConnectionTransport.java:84) https://ossindex.sonatype.org/api/v3/component-report - Server status: 429 - Server reason: cause : org.owasp.dependencycheck.utils.TooManyRequestsException: https://ossindex.sonatype.org/api/v3/component-report - Server status: 429 - Server reason:
org.owasp.dependencycheck.utils.Downloader.wrapAndThrowHttpResponseException(Downloader.java:344) status code: 429 cause : org.apache.hc.client5.http.HttpResponseException: status code: 429
org.apache.hc.client5.http.impl.classic.AbstractHttpClientResponseHandler.handleResponse(AbstractHttpClientResponseHandler.java:69) OSS Index rate limit exceeded, disabling the analyzer exception : org.owasp.dependencycheck.analyzer.exception.AnalysisException: OSS Index rate limit exceeded, disabling the analyzer
org.owasp.dependencycheck.analyzer.OssIndexAnalyzer.analyzeDependency(OssIndexAnalyzer.java:151) Too many requests for https://ossindex.sonatype.org/api/v3/component-report HTTP status 429 cause : org.sonatype.ossindex.service.client.transport.Transport$TransportException: Too many requests for https://ossindex.sonatype.org/api/v3/component-report HTTP status 429
org.owasp.dependencycheck.data.ossindex.ODCConnectionTransport.post(ODCConnectionTransport.java:84) https://ossindex.sonatype.org/api/v3/component-report - Server status: 429 - Server reason: cause : org.owasp.dependencycheck.utils.TooManyRequestsException: https://ossindex.sonatype.org/api/v3/component-report - Server status: 429 - Server reason:
org.owasp.dependencycheck.utils.Downloader.wrapAndThrowHttpResponseException(Downloader.java:344) status code: 429 cause : org.apache.hc.client5.http.HttpResponseException: status code: 429
org.apache.hc.client5.http.impl.classic.AbstractHttpClientResponseHandler.handleResponse(AbstractHttpClientResponseHandler.java:69) OSS Index rate limit exceeded, disabling the analyzer exception : org.owasp.dependencycheck.analyzer.exception.AnalysisException: OSS Index rate limit exceeded, disabling the analyzer
org.owasp.dependencycheck.analyzer.OssIndexAnalyzer.analyzeDependency(OssIndexAnalyzer.java:151) Too many requests for https://ossindex.sonatype.org/api/v3/component-report HTTP status 429 cause : org.sonatype.ossindex.service.client.transport.Transport$TransportException: Too many requests for https://ossindex.sonatype.org/api/v3/component-report HTTP status 429
org.owasp.dependencycheck.data.ossindex.ODCConnectionTransport.post(ODCConnectionTransport.java:84) https://ossindex.sonatype.org/api/v3/component-report - Server status: 429 - Server reason: cause : org.owasp.dependencycheck.utils.TooManyRequestsException: https://ossindex.sonatype.org/api/v3/component-report - Server status: 429 - Server reason:
org.owasp.dependencycheck.utils.Downloader.wrapAndThrowHttpResponseException(Downloader.java:344) status code: 429 cause : org.apache.hc.client5.http.HttpResponseException: status code: 429
org.apache.hc.client5.http.impl.classic.AbstractHttpClientResponseHandler.handleResponse(AbstractHttpClientResponseHandler.java:69) OSS Index rate limit exceeded, disabling the analyzer exception : org.owasp.dependencycheck.analyzer.exception.AnalysisException: OSS Index rate limit exceeded, disabling the analyzer
org.owasp.dependencycheck.analyzer.OssIndexAnalyzer.analyzeDependency(OssIndexAnalyzer.java:151) Too many requests for https://ossindex.sonatype.org/api/v3/component-report HTTP status 429 cause : org.sonatype.ossindex.service.client.transport.Transport$TransportException: Too many requests for https://ossindex.sonatype.org/api/v3/component-report HTTP status 429
org.owasp.dependencycheck.data.ossindex.ODCConnectionTransport.post(ODCConnectionTransport.java:84) https://ossindex.sonatype.org/api/v3/component-report - Server status: 429 - Server reason: cause : org.owasp.dependencycheck.utils.TooManyRequestsException: https://ossindex.sonatype.org/api/v3/component-report - Server status: 429 - Server reason:
org.owasp.dependencycheck.utils.Downloader.wrapAndThrowHttpResponseException(Downloader.java:344) status code: 429 cause : org.apache.hc.client5.http.HttpResponseException: status code: 429
org.apache.hc.client5.http.impl.classic.AbstractHttpClientResponseHandler.handleResponse(AbstractHttpClientResponseHandler.java:69) Failed to request component-reports exception : org.owasp.dependencycheck.analyzer.exception.AnalysisException: Failed to request component-reports
org.owasp.dependencycheck.analyzer.OssIndexAnalyzer.analyzeDependency(OssIndexAnalyzer.java:170) https://ossindex.sonatype.org/api/v3/component-report - Server status: 401 - Server reason: Unauthorized cause : org.owasp.dependencycheck.utils.DownloadFailedException: https://ossindex.sonatype.org/api/v3/component-report - Server status: 401 - Server reason: Unauthorized
org.owasp.dependencycheck.utils.Downloader.wrapAndThrowHttpResponseException(Downloader.java:346) status code: 401, reason phrase: Unauthorized cause : org.apache.hc.client5.http.HttpResponseException: status code: 401, reason phrase: Unauthorized
org.apache.hc.client5.http.impl.classic.AbstractHttpClientResponseHandler.handleResponse(AbstractHttpClientResponseHandler.java:69) Failed to request component-reports exception : org.owasp.dependencycheck.analyzer.exception.AnalysisException: Failed to request component-reports
org.owasp.dependencycheck.analyzer.OssIndexAnalyzer.analyzeDependency(OssIndexAnalyzer.java:170) https://ossindex.sonatype.org/api/v3/component-report - Server status: 401 - Server reason: Unauthorized cause : org.owasp.dependencycheck.utils.DownloadFailedException: https://ossindex.sonatype.org/api/v3/component-report - Server status: 401 - Server reason: Unauthorized
org.owasp.dependencycheck.utils.Downloader.wrapAndThrowHttpResponseException(Downloader.java:346) status code: 401, reason phrase: Unauthorized cause : org.apache.hc.client5.http.HttpResponseException: status code: 401, reason phrase: Unauthorized
org.apache.hc.client5.http.impl.classic.AbstractHttpClientResponseHandler.handleResponse(AbstractHttpClientResponseHandler.java:69) Failed to request component-reports exception : org.owasp.dependencycheck.analyzer.exception.AnalysisException: Failed to request component-reports
org.owasp.dependencycheck.analyzer.OssIndexAnalyzer.analyzeDependency(OssIndexAnalyzer.java:170) https://ossindex.sonatype.org/api/v3/component-report - Server status: 401 - Server reason: Unauthorized cause : org.owasp.dependencycheck.utils.DownloadFailedException: https://ossindex.sonatype.org/api/v3/component-report - Server status: 401 - Server reason: Unauthorized
org.owasp.dependencycheck.utils.Downloader.wrapAndThrowHttpResponseException(Downloader.java:346) status code: 401, reason phrase: Unauthorized cause : org.apache.hc.client5.http.HttpResponseException: status code: 401, reason phrase: Unauthorized
org.apache.hc.client5.http.impl.classic.AbstractHttpClientResponseHandler.handleResponse(AbstractHttpClientResponseHandler.java:69) OSS Index rate limit exceeded, disabling the analyzer exception : org.owasp.dependencycheck.analyzer.exception.AnalysisException: OSS Index rate limit exceeded, disabling the analyzer
org.owasp.dependencycheck.analyzer.OssIndexAnalyzer.analyzeDependency(OssIndexAnalyzer.java:151) Too many requests for https://ossindex.sonatype.org/api/v3/component-report HTTP status 429 cause : org.sonatype.ossindex.service.client.transport.Transport$TransportException: Too many requests for https://ossindex.sonatype.org/api/v3/component-report HTTP status 429
org.owasp.dependencycheck.data.ossindex.ODCConnectionTransport.post(ODCConnectionTransport.java:84) https://ossindex.sonatype.org/api/v3/component-report - Server status: 429 - Server reason: cause : org.owasp.dependencycheck.utils.TooManyRequestsException: https://ossindex.sonatype.org/api/v3/component-report - Server status: 429 - Server reason:
org.owasp.dependencycheck.utils.Downloader.wrapAndThrowHttpResponseException(Downloader.java:344) status code: 429 cause : org.apache.hc.client5.http.HttpResponseException: status code: 429
org.apache.hc.client5.http.impl.classic.AbstractHttpClientResponseHandler.handleResponse(AbstractHttpClientResponseHandler.java:69) OSS Index rate limit exceeded, disabling the analyzer exception : org.owasp.dependencycheck.analyzer.exception.AnalysisException: OSS Index rate limit exceeded, disabling the analyzer
org.owasp.dependencycheck.analyzer.OssIndexAnalyzer.analyzeDependency(OssIndexAnalyzer.java:151) Too many requests for https://ossindex.sonatype.org/api/v3/component-report HTTP status 429 cause : org.sonatype.ossindex.service.client.transport.Transport$TransportException: Too many requests for https://ossindex.sonatype.org/api/v3/component-report HTTP status 429
org.owasp.dependencycheck.data.ossindex.ODCConnectionTransport.post(ODCConnectionTransport.java:84) https://ossindex.sonatype.org/api/v3/component-report - Server status: 429 - Server reason: cause : org.owasp.dependencycheck.utils.TooManyRequestsException: https://ossindex.sonatype.org/api/v3/component-report - Server status: 429 - Server reason:
org.owasp.dependencycheck.utils.Downloader.wrapAndThrowHttpResponseException(Downloader.java:344) status code: 429 cause : org.apache.hc.client5.http.HttpResponseException: status code: 429
org.apache.hc.client5.http.impl.classic.AbstractHttpClientResponseHandler.handleResponse(AbstractHttpClientResponseHandler.java:69) OSS Index rate limit exceeded, disabling the analyzer exception : org.owasp.dependencycheck.analyzer.exception.AnalysisException: OSS Index rate limit exceeded, disabling the analyzer
org.owasp.dependencycheck.analyzer.OssIndexAnalyzer.analyzeDependency(OssIndexAnalyzer.java:151) Too many requests for https://ossindex.sonatype.org/api/v3/component-report HTTP status 429 cause : org.sonatype.ossindex.service.client.transport.Transport$TransportException: Too many requests for https://ossindex.sonatype.org/api/v3/component-report HTTP status 429
org.owasp.dependencycheck.data.ossindex.ODCConnectionTransport.post(ODCConnectionTransport.java:84) https://ossindex.sonatype.org/api/v3/component-report - Server status: 429 - Server reason: cause : org.owasp.dependencycheck.utils.TooManyRequestsException: https://ossindex.sonatype.org/api/v3/component-report - Server status: 429 - Server reason:
org.owasp.dependencycheck.utils.Downloader.wrapAndThrowHttpResponseException(Downloader.java:344) status code: 429 cause : org.apache.hc.client5.http.HttpResponseException: status code: 429
org.apache.hc.client5.http.impl.classic.AbstractHttpClientResponseHandler.handleResponse(AbstractHttpClientResponseHandler.java:69) OSS Index rate limit exceeded, disabling the analyzer exception : org.owasp.dependencycheck.analyzer.exception.AnalysisException: OSS Index rate limit exceeded, disabling the analyzer
org.owasp.dependencycheck.analyzer.OssIndexAnalyzer.analyzeDependency(OssIndexAnalyzer.java:151) Too many requests for https://ossindex.sonatype.org/api/v3/component-report HTTP status 429 cause : org.sonatype.ossindex.service.client.transport.Transport$TransportException: Too many requests for https://ossindex.sonatype.org/api/v3/component-report HTTP status 429
org.owasp.dependencycheck.data.ossindex.ODCConnectionTransport.post(ODCConnectionTransport.java:84) https://ossindex.sonatype.org/api/v3/component-report - Server status: 429 - Server reason: cause : org.owasp.dependencycheck.utils.TooManyRequestsException: https://ossindex.sonatype.org/api/v3/component-report - Server status: 429 - Server reason:
org.owasp.dependencycheck.utils.Downloader.wrapAndThrowHttpResponseException(Downloader.java:344) status code: 429 cause : org.apache.hc.client5.http.HttpResponseException: status code: 429
org.apache.hc.client5.http.impl.classic.AbstractHttpClientResponseHandler.handleResponse(AbstractHttpClientResponseHandler.java:69) OSS Index rate limit exceeded, disabling the analyzer exception : org.owasp.dependencycheck.analyzer.exception.AnalysisException: OSS Index rate limit exceeded, disabling the analyzer
org.owasp.dependencycheck.analyzer.OssIndexAnalyzer.analyzeDependency(OssIndexAnalyzer.java:151) Too many requests for https://ossindex.sonatype.org/api/v3/component-report HTTP status 429 cause : org.sonatype.ossindex.service.client.transport.Transport$TransportException: Too many requests for https://ossindex.sonatype.org/api/v3/component-report HTTP status 429
org.owasp.dependencycheck.data.ossindex.ODCConnectionTransport.post(ODCConnectionTransport.java:84) https://ossindex.sonatype.org/api/v3/component-report - Server status: 429 - Server reason: cause : org.owasp.dependencycheck.utils.TooManyRequestsException: https://ossindex.sonatype.org/api/v3/component-report - Server status: 429 - Server reason:
org.owasp.dependencycheck.utils.Downloader.wrapAndThrowHttpResponseException(Downloader.java:344) status code: 429 cause : org.apache.hc.client5.http.HttpResponseException: status code: 429
org.apache.hc.client5.http.impl.classic.AbstractHttpClientResponseHandler.handleResponse(AbstractHttpClientResponseHandler.java:69) Summary Display:
Showing Vulnerable Dependencies (click to show all) * indicates the dependency has a known exploited vulnerability
Description:
Java reflect give poor performance on getter setter an constructor calls, accessors-smart use ASM to speed up those calls. License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/net/minidev/accessors-smart/2.4.9/accessors-smart-2.4.9.jar
MD5: 339685c20dcac95c4f5b59e70daadc0e
SHA1: 32e540749224c22c9b17de8137e916aae9057e22
SHA256: accdd5c7ac4c49b155890aaea1ffca2a9ccd5826b562dd95a99fc1887003e031
Referenced In Project/Scope: i2kfs:compile
accessors-smart-2.4.9.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.microsoft.azure/msal4j@1.22.0
Evidence Type Source Name Value Confidence Vendor file name accessors-smart High Vendor jar package name asm Highest Vendor jar package name minidev Highest Vendor jar package name net Highest Vendor Manifest bundle-docurl https://urielch.github.io/ Low Vendor Manifest bundle-symbolicname net.minidev.accessors-smart Medium Vendor pom artifactid accessors-smart Highest Vendor pom artifactid accessors-smart Low Vendor pom developer email shoothzj@gmail.com Low Vendor pom developer email uchemouni@gmail.com Low Vendor pom developer id Shoothzj Medium Vendor pom developer id uriel Medium Vendor pom developer name Uriel Chemouni Medium Vendor pom developer name ZhangJian He Medium Vendor pom groupid net.minidev Highest Vendor pom name ASM based accessors helper used by json-smart High Vendor pom organization name Chemouni Uriel High Vendor pom organization url https://urielch.github.io/ Medium Vendor pom url https://urielch.github.io/ Highest Product file name accessors-smart High Product jar package name asm Highest Product jar package name minidev Highest Product jar package name net Highest Product Manifest bundle-docurl https://urielch.github.io/ Low Product Manifest Bundle-Name accessors-smart Medium Product Manifest bundle-symbolicname net.minidev.accessors-smart Medium Product pom artifactid accessors-smart Highest Product pom developer email shoothzj@gmail.com Low Product pom developer email uchemouni@gmail.com Low Product pom developer id Shoothzj Low Product pom developer id uriel Low Product pom developer name Uriel Chemouni Low Product pom developer name ZhangJian He Low Product pom groupid net.minidev Highest Product pom name ASM based accessors helper used by json-smart High Product pom organization name Chemouni Uriel Low Product pom organization url https://urielch.github.io/ Low Product pom url https://urielch.github.io/ Medium Version file version 2.4.9 High Version Manifest Bundle-Version 2.4.9 High Version pom version 2.4.9 Highest
pkg:maven/net.minidev/accessors-smart@2.4.9 (Confidence :High) Description:
Compression algorithms License:
Apache License 2.0: https://www.apache.org/licenses/LICENSE-2.0.html File Path: /root/.m2/repository/io/airlift/aircompressor/2.0.2/aircompressor-2.0.2.jar
MD5: 86ebd034828b5af24292c985370c360a
SHA1: 527952aa21839e8664618e1fe73c5648173607ac
SHA256: 0c2a96bf86d5fb24ff7f20c92483c61391cb10d440a4bd278c77365a2b165698
Referenced In Project/Scope: i2kfs:compile
aircompressor-2.0.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/i2kconnect/i2kconfig@0.14.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name aircompressor High Vendor jar package name airlift Highest Vendor jar package name io Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest build-time 2024-08-16T21:57:06-0700 Low Vendor Manifest git-commit-id 36fe717d29ca455a268cdcd6ecf8b72e3f9bf211 Low Vendor pom artifactid aircompressor Highest Vendor pom artifactid aircompressor Low Vendor pom groupid io.airlift Highest Vendor pom name aircompressor High Vendor pom parent-artifactid airbase Low Vendor pom url airlift/aircompressor Highest Product file name aircompressor High Product jar package name airlift Highest Product jar package name io Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest build-time 2024-08-16T21:57:06-0700 Low Product Manifest git-commit-id 36fe717d29ca455a268cdcd6ecf8b72e3f9bf211 Low Product Manifest Implementation-Title aircompressor High Product Manifest specification-title aircompressor Medium Product pom artifactid aircompressor Highest Product pom groupid io.airlift Highest Product pom name aircompressor High Product pom parent-artifactid airbase Medium Product pom url airlift/aircompressor High Version file version 2.0.2 High Version Manifest Implementation-Version 2.0.2 High Version pom parent-version 2.0.2 Low Version pom version 2.0.2 Highest
pkg:maven/io.airlift/aircompressor@2.0.2 (Confidence :High) File Path: /root/.m2/repository/org/codehaus/mojo/animal-sniffer-annotations/1.23/animal-sniffer-annotations-1.23.jarMD5: 13729ebd1fbdddc25d7feb7694d3028dSHA1: 3c0daebd5f0e1ce72cc50c818321ac957aeb5d70SHA256: 9ffe526bf43a6348e9d8b33b9cd6f580a7f5eed0cf055913007eda263de974d0Referenced In Project/Scope: i2kfs:compileanimal-sniffer-annotations-1.23.jar is in the transitive dependency tree of the listed items. Included by:
Evidence Type Source Name Value Confidence Vendor file name animal-sniffer-annotations High Vendor jar package name codehaus Highest Vendor jar package name mojo Highest Vendor Manifest build-jdk-spec 17 Low Vendor pom artifactid animal-sniffer-annotations Highest Vendor pom artifactid animal-sniffer-annotations Low Vendor pom groupid org.codehaus.mojo Highest Vendor pom name Animal Sniffer Annotations High Vendor pom parent-artifactid animal-sniffer-parent Low Product file name animal-sniffer-annotations High Product jar package name codehaus Highest Product jar package name mojo Highest Product Manifest build-jdk-spec 17 Low Product pom artifactid animal-sniffer-annotations Highest Product pom groupid org.codehaus.mojo Highest Product pom name Animal Sniffer Annotations High Product pom parent-artifactid animal-sniffer-parent Medium Version file version 1.23 High Version pom version 1.23 Highest
pkg:maven/org.codehaus.mojo/animal-sniffer-annotations@1.23 (Confidence :High) Description:
A set of annotations used for code inspection support and code documentation. License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/org/jetbrains/annotations/13.0/annotations-13.0.jar
MD5: f4fb462172517b46b6cd90003508515a
SHA1: 919f0dfe192fb4e063e7dacadee7f8bb9a2672a9
SHA256: ace2a10dc8e2d5fd34925ecac03e4988b2c0f851650c94b8cef49ba1bd111478
Referenced In Project/Scope: i2kfs:runtime
annotations-13.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/i2kconnect/i2kconfig@0.14.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name annotations High Vendor jar package name annotations Highest Vendor jar package name annotations Low Vendor jar package name intellij Highest Vendor jar package name intellij Low Vendor jar package name jetbrains Highest Vendor jar package name lang Low Vendor pom artifactid annotations Highest Vendor pom artifactid annotations Low Vendor pom developer id JetBrains Medium Vendor pom developer name JetBrains Team Medium Vendor pom developer org JetBrains Medium Vendor pom developer org URL http://www.jetbrains.com Medium Vendor pom groupid org.jetbrains Highest Vendor pom name IntelliJ IDEA Annotations High Vendor pom url http://www.jetbrains.org Highest Product file name annotations High Product jar package name annotations Highest Product jar package name annotations Low Product jar package name intellij Highest Product jar package name jetbrains Highest Product jar package name lang Low Product pom artifactid annotations Highest Product pom developer id JetBrains Low Product pom developer name JetBrains Team Low Product pom developer org JetBrains Low Product pom developer org URL http://www.jetbrains.com Low Product pom groupid org.jetbrains Highest Product pom name IntelliJ IDEA Annotations High Product pom url http://www.jetbrains.org Medium Version file version 13.0 High Version pom version 13.0 Highest
pkg:maven/org.jetbrains/annotations@13.0 (Confidence :High) File Path: /root/.m2/repository/software/amazon/awssdk/annotations/2.20.150/annotations-2.20.150.jarMD5: 7eb7c8b44b4940d1abe51e2a6b919147SHA1: 357efe8ee311e3f317dbb0ae24da652688184527SHA256: e65f9f42cd6a4867141c08a2c0fa05265468f466ead43186e0b4e3c6052601a0Referenced In Project/Scope: i2kfs:compileannotations-2.20.150.jar is in the transitive dependency tree of the listed items. Included by:
Evidence Type Source Name Value Confidence Vendor file name annotations High Vendor jar package name amazon Highest Vendor jar package name annotations Highest Vendor jar package name awssdk Highest Vendor jar package name software Highest Vendor Manifest automatic-module-name software.amazon.awssdk.annotations Medium Vendor Manifest build-jdk-spec 1.8 Low Vendor pom artifactid annotations Highest Vendor pom artifactid annotations Low Vendor pom groupid software.amazon.awssdk Highest Vendor pom name AWS Java SDK :: Annotations High Vendor pom parent-artifactid core Low Product file name annotations High Product jar package name amazon Highest Product jar package name annotations Highest Product jar package name awssdk Highest Product jar package name software Highest Product Manifest automatic-module-name software.amazon.awssdk.annotations Medium Product Manifest build-jdk-spec 1.8 Low Product pom artifactid annotations Highest Product pom groupid software.amazon.awssdk Highest Product pom name AWS Java SDK :: Annotations High Product pom parent-artifactid core Medium Version file version 2.20.150 High Version pom version 2.20.150 Highest
Description:
A library jar that provides annotations for the Google Android Platform. License:
Apache 2.0: http://www.apache.org/licenses/LICENSE-2.0 File Path: /root/.m2/repository/com/google/android/annotations/4.1.1.4/annotations-4.1.1.4.jar
MD5: c2cdd26a6ae577f24775e8ce75da1fdc
SHA1: a1678ba907bf92691d879fef34e1a187038f9259
SHA256: ba734e1e84c09d615af6a09d33034b4f0442f8772dec120efb376d86a565ae15
Referenced In Project/Scope: i2kfs:runtime
annotations-4.1.1.4.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.grpc/grpc-core@1.65.1
Evidence Type Source Name Value Confidence Vendor file name annotations High Vendor jar package name android Highest Vendor jar package name android Low Vendor jar package name annotation Low Vendor pom artifactid annotations Highest Vendor pom artifactid annotations Low Vendor pom developer name The Android Open Source Projects Medium Vendor pom groupid com.google.android Highest Vendor pom name Google Android Annotations Library High Vendor pom url http://source.android.com/ Highest Product file name annotations High Product jar package name android Highest Product jar package name annotation Low Product pom artifactid annotations Highest Product pom developer name The Android Open Source Projects Low Product pom groupid com.google.android Highest Product pom name Google Android Annotations Library High Product pom url http://source.android.com/ Medium Version file version 4.1.1.4 High Version pom version 4.1.1.4 Highest
pkg:maven/com.google.android/annotations@4.1.1.4 (Confidence :High) File Path: /root/.m2/repository/software/amazon/awssdk/apache-client/2.20.150/apache-client-2.20.150.jarMD5: c8d1bff30e4b35d9bdf8a2166de332edSHA1: a01a517c12f875ec93f438a39f4c2df1c9c0982aSHA256: 56e017bcf0d8f40750f5de1f1df9d8db525594db0d50c8e5a5d01e6f03faffcfReferenced In Project/Scope: i2kfs:runtimeapache-client-2.20.150.jar is in the transitive dependency tree of the listed items. Included by:
Evidence Type Source Name Value Confidence Vendor file name apache-client High Vendor jar package name amazon Highest Vendor jar package name awssdk Highest Vendor jar package name http Highest Vendor jar package name software Highest Vendor Manifest automatic-module-name software.amazon.awssdk.http.apache Medium Vendor Manifest build-jdk-spec 1.8 Low Vendor pom artifactid apache-client Highest Vendor pom artifactid apache-client Low Vendor pom groupid software.amazon.awssdk Highest Vendor pom name AWS Java SDK :: HTTP Clients :: Apache High Vendor pom parent-artifactid http-clients Low Product file name apache-client High Product jar package name amazon Highest Product jar package name awssdk Highest Product jar package name http Highest Product jar package name software Highest Product Manifest automatic-module-name software.amazon.awssdk.http.apache Medium Product Manifest build-jdk-spec 1.8 Low Product pom artifactid apache-client Highest Product pom groupid software.amazon.awssdk Highest Product pom name AWS Java SDK :: HTTP Clients :: Apache High Product pom parent-artifactid http-clients Medium Version file version 2.20.150 High Version pom version 2.20.150 Highest
Description:
Common utilities for Google APIs in Java License:
BSD-3-Clause: https://github.com/googleapis/api-common-java/blob/main/LICENSE File Path: /root/.m2/repository/com/google/api/api-common/2.46.1/api-common-2.46.1.jar
MD5: 2836a4f0c2cc5378be49925ac1c6e1f8
SHA1: b38a684c734963a72c204aa208dd31018d79bf3a
SHA256: 8b11e1e1e42702cb80948e7ca62a9e06ddf82fe57a19cd68f9548eac80f39071
Referenced In Project/Scope: i2kfs:compile
api-common-2.46.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.google.cloud/google-cloud-nio@0.127.33
Evidence Type Source Name Value Confidence Vendor file name api-common High Vendor jar package name api Highest Vendor jar package name google Highest Vendor Manifest artifactid api-common Low Vendor Manifest automatic-module-name com.google.api.apicommon Medium Vendor Manifest build-jdk-spec 17 Low Vendor Manifest Implementation-Vendor Google LLC High Vendor Manifest specification-vendor Google LLC Low Vendor pom artifactid api-common Highest Vendor pom artifactid api-common Low Vendor pom developer email googleapis@googlegroups.com Low Vendor pom developer id GoogleAPIs Medium Vendor pom developer name GoogleAPIs Medium Vendor pom developer org Google LLC Medium Vendor pom developer org URL https://www.google.com Medium Vendor pom groupid com.google.api Highest Vendor pom name API Common High Vendor pom parent-artifactid gapic-generator-java-pom-parent Low Product file name api-common High Product jar package name api Highest Product jar package name google Highest Product Manifest artifactid api-common Low Product Manifest automatic-module-name com.google.api.apicommon Medium Product Manifest build-jdk-spec 17 Low Product Manifest Implementation-Title API Common High Product Manifest specification-title API Common Medium Product pom artifactid api-common Highest Product pom developer email googleapis@googlegroups.com Low Product pom developer id GoogleAPIs Low Product pom developer name GoogleAPIs Low Product pom developer org Google LLC Low Product pom developer org URL https://www.google.com Low Product pom groupid com.google.api Highest Product pom name API Common High Product pom parent-artifactid gapic-generator-java-pom-parent Medium Version file version 2.46.1 High Version Manifest Implementation-Version 2.46.1 High Version Manifest version 2.46.1 Medium Version pom parent-version 2.46.1 Low Version pom version 2.46.1 Highest
pkg:maven/com.google.api/api-common@2.46.1 (Confidence :High) Description:
The AWS SDK for Java - Arns module holds the classes that are related to AWS ARN
File Path: /root/.m2/repository/software/amazon/awssdk/arns/2.20.150/arns-2.20.150.jarMD5: ee2c63d4b1edfd61ec496262421332ffSHA1: bb3efb9dc7a53c1be3a7d7580a797b76a5666245SHA256: ce2b8248e2da08059238feceed479f9df36198ff049ee3a0ac645e5c59591b94Referenced In Project/Scope: i2kfs:runtimearns-2.20.150.jar is in the transitive dependency tree of the listed items. Included by:
Evidence Type Source Name Value Confidence Vendor file name arns High Vendor jar package name amazon Highest Vendor jar package name arns Highest Vendor jar package name awssdk Highest Vendor jar package name software Highest Vendor Manifest automatic-module-name software.amazon.awssdk.arns Medium Vendor Manifest build-jdk-spec 1.8 Low Vendor pom artifactid arns Highest Vendor pom artifactid arns Low Vendor pom groupid software.amazon.awssdk Highest Vendor pom name AWS Java SDK :: Arns High Vendor pom parent-artifactid core Low Vendor pom url https://aws.amazon.com/sdkforjava Highest Product file name arns High Product jar package name amazon Highest Product jar package name arns Highest Product jar package name awssdk Highest Product jar package name software Highest Product Manifest automatic-module-name software.amazon.awssdk.arns Medium Product Manifest build-jdk-spec 1.8 Low Product pom artifactid arns Highest Product pom groupid software.amazon.awssdk Highest Product pom name AWS Java SDK :: Arns High Product pom parent-artifactid core Medium Product pom url https://aws.amazon.com/sdkforjava Medium Version file version 2.20.150 High Version pom version 2.20.150 Highest
Description:
ASM, a very small and fast Java bytecode manipulation framework License:
BSD-3-Clause: https://asm.ow2.io/license.html File Path: /root/.m2/repository/org/ow2/asm/asm/9.8/asm-9.8.jar
MD5: f5adf3bfc54fb3d2cd8e3a1f275084bc
SHA1: dc19ecb3f7889b7860697215cae99c0f9b6f6b4b
SHA256: 876eab6a83daecad5ca67eb9fcabb063c97b5aeb8cf1fca7a989ecde17522051
Referenced In Project/Scope: i2kfs:compile
asm-9.8.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.tika/tika-parsers-standard-package@3.2.2
Evidence Type Source Name Value Confidence Vendor file name asm High Vendor jar package name asm Highest Vendor jar package name objectweb Highest Vendor Manifest bundle-docurl http://asm.ow2.org Low Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor Manifest bundle-symbolicname org.objectweb.asm Medium Vendor pom artifactid asm Highest Vendor pom artifactid asm Low Vendor pom developer email ebruneton@free.fr Low Vendor pom developer email eu@javatx.org Low Vendor pom developer email forax@univ-mlv.fr Low Vendor pom developer id ebruneton Medium Vendor pom developer id eu Medium Vendor pom developer id forax Medium Vendor pom developer name Eric Bruneton Medium Vendor pom developer name Eugene Kuleshov Medium Vendor pom developer name Remi Forax Medium Vendor pom groupid org.ow2.asm Highest Vendor pom name asm High Vendor pom organization name OW2 High Vendor pom organization url http://www.ow2.org/ Medium Vendor pom parent-artifactid ow2 Low Vendor pom parent-groupid org.ow2 Medium Vendor pom url http://asm.ow2.io/ Highest Product file name asm High Product jar package name asm Highest Product jar package name objectweb Highest Product Manifest bundle-docurl http://asm.ow2.org Low Product Manifest Bundle-Name org.objectweb.asm Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product Manifest bundle-symbolicname org.objectweb.asm Medium Product Manifest Implementation-Title ASM, a very small and fast Java bytecode manipulation framework High Product pom artifactid asm Highest Product pom developer email ebruneton@free.fr Low Product pom developer email eu@javatx.org Low Product pom developer email forax@univ-mlv.fr Low Product pom developer id ebruneton Low Product pom developer id eu Low Product pom developer id forax Low Product pom developer name Eric Bruneton Low Product pom developer name Eugene Kuleshov Low Product pom developer name Remi Forax Low Product pom groupid org.ow2.asm Highest Product pom name asm High Product pom organization name OW2 Low Product pom organization url http://www.ow2.org/ Low Product pom parent-artifactid ow2 Medium Product pom parent-groupid org.ow2 Medium Product pom url http://asm.ow2.io/ Medium Version file version 9.8 High Version Manifest Bundle-Version 9.8 High Version Manifest Implementation-Version 9.8 High Version pom parent-version 9.8 Low Version pom version 9.8 Highest
pkg:maven/org.ow2.asm/asm@9.8 (Confidence :High) Description:
The AWS SDK for Java - Auth module holds the classes that are used for authentication with AWS services
File Path: /root/.m2/repository/software/amazon/awssdk/auth/2.20.103/auth-2.20.103.jarMD5: cdb9e236d5fb7f34bde8bbe186af0028SHA1: 1267f1c9f9b627ca9413233c40cef25f93b2971fSHA256: 309d861ba5f07cefc79c858b89d8fd272dacc7cf605e8bdfa44fae8082cb56e4Referenced In Project/Scope: i2kfs:compileauth-2.20.103.jar is in the transitive dependency tree of the listed items. Included by:
Evidence Type Source Name Value Confidence Vendor file name auth High Vendor jar package name amazon Highest Vendor jar package name auth Highest Vendor jar package name awssdk Highest Vendor jar package name software Highest Vendor Manifest automatic-module-name software.amazon.awssdk.auth Medium Vendor Manifest build-jdk-spec 1.8 Low Vendor pom artifactid auth Highest Vendor pom artifactid auth Low Vendor pom groupid software.amazon.awssdk Highest Vendor pom name AWS Java SDK :: Auth High Vendor pom parent-artifactid core Low Vendor pom url https://aws.amazon.com/sdkforjava Highest Product file name auth High Product jar package name amazon Highest Product jar package name auth Highest Product jar package name awssdk Highest Product jar package name software Highest Product Manifest automatic-module-name software.amazon.awssdk.auth Medium Product Manifest build-jdk-spec 1.8 Low Product pom artifactid auth Highest Product pom groupid software.amazon.awssdk Highest Product pom name AWS Java SDK :: Auth High Product pom parent-artifactid core Medium Product pom url https://aws.amazon.com/sdkforjava Medium Version file version 2.20.103 High Version pom version 2.20.103 Highest
Description:
Immutable value-type code generation for Java 8+.
File Path: /root/.m2/repository/com/google/auto/value/auto-value-annotations/1.11.0/auto-value-annotations-1.11.0.jarMD5: 8fc3c2d0bbdef8927f08a5c7c829a768SHA1: f0d047931d07cfbc6fa4079854f181ff62891d6fSHA256: 5a055ce4255333b3346e1a8703da5bf8ff049532286fdcd31712d624abe111ddReferenced In Project/Scope: i2kfs:compileauto-value-annotations-1.11.0.jar is in the transitive dependency tree of the listed items. Included by:
Evidence Type Source Name Value Confidence Vendor file name auto-value-annotations High Vendor jar package name auto Highest Vendor jar package name autovalue Highest Vendor jar package name google Highest Vendor jar package name value Highest Vendor Manifest build-jdk-spec 11 Low Vendor pom artifactid auto-value-annotations Highest Vendor pom artifactid auto-value-annotations Low Vendor pom groupid com.google.auto.value Highest Vendor pom name AutoValue Annotations High Vendor pom parent-artifactid auto-value-parent Low Vendor pom url google/auto/tree/main/value Highest Product file name auto-value-annotations High Product jar package name auto Highest Product jar package name autovalue Highest Product jar package name google Highest Product jar package name value Highest Product Manifest build-jdk-spec 11 Low Product pom artifactid auto-value-annotations Highest Product pom groupid com.google.auto.value Highest Product pom name AutoValue Annotations High Product pom parent-artifactid auto-value-parent Medium Product pom url google/auto/tree/main/value High Version file version 1.11.0 High Version pom version 1.11.0 Highest
pkg:maven/com.google.auto.value/auto-value-annotations@1.11.0 (Confidence :High) Description:
The AWS SDK for Java - Core runtime module holds the classes that are used by the individual service
clients to interact with
Amazon Web Services. Users need to depend on aws-java-sdk artifact for accessing individual client classes.
File Path: /root/.m2/repository/software/amazon/awssdk/aws-core/2.20.150/aws-core-2.20.150.jarMD5: d16dceb4f1883b1444d115155044930aSHA1: 4d59d038a14aa6be6d82b56bb2a65ae21aad547fSHA256: 834c96d6ffd78c79cdffff187afd0be6b92f9c68d51b522f61c34793c6aef3b7Referenced In Project/Scope: i2kfs:runtimeaws-core-2.20.150.jar is in the transitive dependency tree of the listed items. Included by:
Evidence Type Source Name Value Confidence Vendor file name aws-core High Vendor jar package name amazon Highest Vendor jar package name awscore Highest Vendor jar package name awssdk Highest Vendor jar package name software Highest Vendor Manifest automatic-module-name software.amazon.awssdk.awscore Medium Vendor Manifest build-jdk-spec 1.8 Low Vendor pom artifactid aws-core Highest Vendor pom artifactid aws-core Low Vendor pom groupid software.amazon.awssdk Highest Vendor pom name AWS Java SDK :: AWS Core High Vendor pom parent-artifactid core Low Vendor pom url https://aws.amazon.com/sdkforjava Highest Product file name aws-core High Product jar package name amazon Highest Product jar package name awscore Highest Product jar package name awssdk Highest Product jar package name software Highest Product Manifest automatic-module-name software.amazon.awssdk.awscore Medium Product Manifest build-jdk-spec 1.8 Low Product pom artifactid aws-core Highest Product pom groupid software.amazon.awssdk Highest Product pom name AWS Java SDK :: AWS Core High Product pom parent-artifactid core Medium Product pom url https://aws.amazon.com/sdkforjava Medium Version file version 2.20.150 High Version pom version 2.20.150 Highest
Related Dependencies aws-query-protocol-2.20.150.jarFile Path: /root/.m2/repository/software/amazon/awssdk/aws-query-protocol/2.20.150/aws-query-protocol-2.20.150.jar MD5: f8866a20663b1126fbc68aab37e1521f SHA1: d423ff6aa3ac095eeeae6d8c9d7e74e228714d52 SHA256: f196a00a877b8097ec7b0ffa9bc76bda41c3f610ebd6666a62f164552741fc79 pkg:maven/software.amazon.awssdk/aws-query-protocol@2.20.150 aws-xml-protocol-2.20.150.jarFile Path: /root/.m2/repository/software/amazon/awssdk/aws-xml-protocol/2.20.150/aws-xml-protocol-2.20.150.jar MD5: 075c981fe3c0d7e27f0e8e65e9fb1f1d SHA1: 01c4dc14953273cff33dcc2a69c799a0a4f56443 SHA256: dbd116fc42c4919b833e995b3d9e02a275496640959187cf576f2cd0bb0b3365 pkg:maven/software.amazon.awssdk/aws-xml-protocol@2.20.150 Description:
Java bindings for the AWS SDK Common Runtime License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/software/amazon/awssdk/crt/aws-crt/0.27.1/aws-crt-0.27.1.jar
MD5: a2cfcb4400eddb784d98751fa0955dcd
SHA1: 8e7480d0ec2836c6251a3625f5c5736992b3e65b
SHA256: bfd40ad8170a8de5aa1a890990a3d540dc56a30fb0bd7cfbc6b240d87f0713fe
Referenced In Project/Scope: i2kfs:runtime
aws-crt-0.27.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/software.amazon.nio.s3/aws-java-nio-spi-for-s3@1.2.4
Evidence Type Source Name Value Confidence Vendor file name aws-crt High Vendor jar package name amazon Highest Vendor jar package name awssdk Highest Vendor jar package name crt Highest Vendor jar package name software Highest Vendor Manifest implementation-url https://github.com/awslabs/aws-crt-java Low Vendor Manifest Implementation-Vendor-Id software.amazon.awssdk.crt Medium Vendor pom artifactid aws-crt Highest Vendor pom artifactid aws-crt Low Vendor pom developer email aws-sdk-common-runtime@amazon.com Low Vendor pom developer name AWS SDK Common Runtime Team Medium Vendor pom developer org Amazon Web Services Medium Vendor pom developer org URL https://aws.amazon.com Medium Vendor pom groupid software.amazon.awssdk.crt Highest Vendor pom name : High Vendor pom url awslabs/aws-crt-java Highest Product file name aws-crt High Product jar package name amazon Highest Product jar package name awssdk Highest Product jar package name crt Highest Product jar package name software Highest Product Manifest Implementation-Title software.amazon.awssdk.crt:aws-crt High Product Manifest implementation-url https://github.com/awslabs/aws-crt-java Low Product Manifest specification-title software.amazon.awssdk.crt:aws-crt Medium Product pom artifactid aws-crt Highest Product pom developer email aws-sdk-common-runtime@amazon.com Low Product pom developer name AWS SDK Common Runtime Team Low Product pom developer org Amazon Web Services Low Product pom developer org URL https://aws.amazon.com Low Product pom groupid software.amazon.awssdk.crt Highest Product pom name : High Product pom url awslabs/aws-crt-java High Version file version 0.27.1 High Version Manifest Implementation-Version 0.27.1 High Version pom version 0.27.1 Highest
pkg:maven/software.amazon.awssdk.crt/aws-crt@0.27.1 (Confidence :High) cpe:2.3:a:amazon:amazon_web_services:0.27.1:*:*:*:*:*:*:* (Confidence :Low) suppress Description:
A Java NIO.2 service provider for S3, allowing Java NIO operations to be performed on paths using the `s3` scheme. This
package implements the service provider interface (SPI) defined for Java NIO.2 in JDK 1.7 providing "plug-in" non-blocking
access to S3 objects for Java applications using Java NIO.2 for file access. License:
The Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/software/amazon/nio/s3/aws-java-nio-spi-for-s3/1.2.4/aws-java-nio-spi-for-s3-1.2.4.jar
MD5: 63360b843a87cf22f201b060027ffd7c
SHA1: 7f220c592617e1991672a4663eb7942f3ea6d61e
SHA256: 1c9a6daba3e7d1a23f1264d1835c6fdc628febb01abee7e4955e40134e958843
Referenced In Project/Scope: i2kfs:compile
aws-java-nio-spi-for-s3-1.2.4.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/i2kconnect/i2kfs@1.5.0-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name aws-java-nio-spi-for-s3 High Vendor jar package name amazon Highest Vendor jar package name amazon Low Vendor jar package name nio Highest Vendor jar package name nio Low Vendor jar package name software Highest Vendor jar package name software Low Vendor jar package name spi Highest Vendor pom artifactid aws-java-nio-spi-for-s3 Highest Vendor pom artifactid aws-java-nio-spi-for-s3 Low Vendor pom developer email mrschre@amazon.com Low Vendor pom developer id markjschreiber Medium Vendor pom developer name Mark Schreiber Medium Vendor pom groupid software.amazon.nio.s3 Highest Vendor pom name AWS Java NIO SPI for S3 High Vendor pom url awslabs/aws-java-nio-spi-for-s3 Highest Product file name aws-java-nio-spi-for-s3 High Product jar package name amazon Highest Product jar package name amazon Low Product jar package name nio Highest Product jar package name nio Low Product jar package name software Highest Product jar package name spi Highest Product jar package name spi Low Product pom artifactid aws-java-nio-spi-for-s3 Highest Product pom developer email mrschre@amazon.com Low Product pom developer id markjschreiber Low Product pom developer name Mark Schreiber Low Product pom groupid software.amazon.nio.s3 Highest Product pom name AWS Java NIO SPI for S3 High Product pom url awslabs/aws-java-nio-spi-for-s3 High Version file version 1.2.4 High Version pom version 1.2.4 Highest
pkg:maven/software.amazon.nio.s3/aws-java-nio-spi-for-s3@1.2.4 (Confidence :High) Description:
This package contains core types for Azure Java clients. License:
The MIT License (MIT): http://opensource.org/licenses/MIT File Path: /root/.m2/repository/com/azure/azure-core/1.55.4/azure-core-1.55.4.jar
MD5: b41e52cdd3ae641f80489d841d2a8dde
SHA1: ae1c52fdacb93a921bc19358f1bd139d9b35d2cb
SHA256: 602cc6f8f9d11917c9102880c219c71a45a985c152ee92b794ef3655b1db3c62
Referenced In Project/Scope: i2kfs:compile
azure-core-1.55.4.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.azure/azure-storage-blob-nio@12.0.0-beta.30
Evidence Type Source Name Value Confidence Vendor file name azure-core High Vendor jar package name azure Highest Vendor jar package name client Highest Vendor jar package name core Highest Vendor Manifest build-jdk-spec 21 Low Vendor Manifest Implementation-Vendor Microsoft Corporation High Vendor pom artifactid azure-core Highest Vendor pom artifactid azure-core Low Vendor pom developer id microsoft Medium Vendor pom developer name Microsoft Medium Vendor pom groupid com.azure Highest Vendor pom name Microsoft Azure Java Core Library High Vendor pom parent-artifactid azure-client-sdk-parent Low Vendor pom url Azure/azure-sdk-for-java Highest Product file name azure-core High Product jar package name azure Highest Product jar package name client Highest Product jar package name core Highest Product Manifest build-jdk-spec 21 Low Product Manifest Implementation-Title Microsoft Azure Java Core Library High Product pom artifactid azure-core Highest Product pom developer id microsoft Low Product pom developer name Microsoft Low Product pom groupid com.azure Highest Product pom name Microsoft Azure Java Core Library High Product pom parent-artifactid azure-client-sdk-parent Medium Product pom url Azure/azure-sdk-for-java High Version file version 1.55.4 High Version Manifest Implementation-Version 1.55.4 High Version pom parent-version 1.55.4 Low Version pom version 1.55.4 Highest
pkg:maven/com.azure/azure-core@1.55.4 (Confidence :High) cpe:2.3:a:microsoft:azure_sdk_for_java:1.55.4:*:*:*:*:*:*:* (Confidence :Low) suppress Description:
This package contains the Netty HTTP client plugin for azure-core. License:
The MIT License (MIT): http://opensource.org/licenses/MIT File Path: /root/.m2/repository/com/azure/azure-core-http-netty/1.15.12/azure-core-http-netty-1.15.12.jar
MD5: 6d6e5a8429bc94f7ba93d366e1b8df96
SHA1: 6549545f3c3530687ac356e9be8ba44e00eb2dc1
SHA256: 0535e381bf2558f71dda8eb6dded58d423b420d790473ab78ec4f0b5bd1396ed
Referenced In Project/Scope: i2kfs:compile
azure-core-http-netty-1.15.12.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.azure/azure-storage-blob-nio@12.0.0-beta.30
Evidence Type Source Name Value Confidence Vendor file name azure-core-http-netty High Vendor jar package name azure Highest Vendor jar package name core Highest Vendor jar package name http Highest Vendor jar package name netty Highest Vendor Manifest build-jdk-spec 21 Low Vendor Manifest Implementation-Vendor Microsoft Corporation High Vendor pom artifactid azure-core-http-netty Highest Vendor pom artifactid azure-core-http-netty Low Vendor pom developer id microsoft Medium Vendor pom developer name Microsoft Medium Vendor pom groupid com.azure Highest Vendor pom name Microsoft Azure Netty HTTP Client Library High Vendor pom parent-artifactid azure-client-sdk-parent Low Vendor pom url Azure/azure-sdk-for-java Highest Product file name azure-core-http-netty High Product jar package name azure Highest Product jar package name core Highest Product jar package name http Highest Product jar package name netty Highest Product Manifest build-jdk-spec 21 Low Product Manifest Implementation-Title Microsoft Azure Netty HTTP Client Library High Product pom artifactid azure-core-http-netty Highest Product pom developer id microsoft Low Product pom developer name Microsoft Low Product pom groupid com.azure Highest Product pom name Microsoft Azure Netty HTTP Client Library High Product pom parent-artifactid azure-client-sdk-parent Medium Product pom url Azure/azure-sdk-for-java High Version file version 1.15.12 High Version Manifest Implementation-Version 1.15.12 High Version pom parent-version 1.15.12 Low Version pom version 1.15.12 Highest
pkg:maven/com.azure/azure-core-http-netty@1.15.12 (Confidence :High) cpe:2.3:a:microsoft:azure_sdk_for_java:1.15.12:*:*:*:*:*:*:* (Confidence :Low) suppress Description:
This module contains client library for Microsoft Azure Identity. File Path: /root/.m2/repository/com/azure/azure-identity/1.15.4/azure-identity-1.15.4.jarMD5: eb6ab16f30610e668a897af79866dff7SHA1: 134d5d4111d7fd65965592a5974920af983d32feSHA256: 3e7c4ca616570ad2a5886528c909d6888feb0fd8db637f19dadbc3f987cae2c0Referenced In Project/Scope: i2kfs:compileazure-identity-1.15.4.jar is in the transitive dependency tree of the listed items. Included by:
Evidence Type Source Name Value Confidence Vendor file name azure-identity High Vendor jar package name azure Highest Vendor jar package name identity Highest Vendor Manifest build-jdk-spec 21 Low Vendor Manifest Implementation-Vendor Microsoft Corporation High Vendor pom artifactid azure-identity Highest Vendor pom artifactid azure-identity Low Vendor pom groupid com.azure Highest Vendor pom name Microsoft Azure client library for Identity High Vendor pom parent-artifactid azure-client-sdk-parent Low Vendor pom url Azure/azure-sdk-for-java Highest Product file name azure-identity High Product jar package name azure Highest Product jar package name identity Highest Product Manifest build-jdk-spec 21 Low Product Manifest Implementation-Title Microsoft Azure client library for Identity High Product pom artifactid azure-identity Highest Product pom groupid com.azure Highest Product pom name Microsoft Azure client library for Identity High Product pom parent-artifactid azure-client-sdk-parent Medium Product pom url Azure/azure-sdk-for-java High Version file version 1.15.4 High Version Manifest Implementation-Version 1.15.4 High Version pom parent-version 1.15.4 Low Version pom version 1.15.4 Highest
pkg:maven/com.azure/azure-identity@1.15.4 (Confidence :High) cpe:2.3:a:microsoft:azure_identity_sdk:1.15.4:*:*:*:*:*:*:* (Confidence :Low) suppress cpe:2.3:a:microsoft:azure_sdk_for_java:1.15.4:*:*:*:*:*:*:* (Confidence :Low) suppress CVE-2023-36415 suppress
Azure Identity SDK Remote Code Execution Vulnerability CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection'), NVD-CWE-noinfo
CVSSv3:
Base Score: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:2.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
CVE-2024-35255 suppress
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVSSv3:
Base Score: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:1.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
Description:
This package provides interfaces for reading and writing JSON. License:
The MIT License (MIT): http://opensource.org/licenses/MIT File Path: /root/.m2/repository/com/azure/azure-json/1.4.0/azure-json-1.4.0.jar
MD5: 2d77c261ef8a9812efc15fcca22af984
SHA1: fcc1d354dbc3e0300e5276b1bf124d0247799cd8
SHA256: c50bc998cd1a6c689f8644b51c206217bf2da09d5b949e777490a60290cc3a0d
Referenced In Project/Scope: i2kfs:compile
azure-json-1.4.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.microsoft.azure/msal4j@1.22.0
Evidence Type Source Name Value Confidence Vendor file name azure-json High Vendor jar package name azure Highest Vendor jar package name json Highest Vendor Manifest build-jdk-spec 21 Low Vendor Manifest Implementation-Vendor Microsoft Corporation High Vendor pom artifactid azure-json Highest Vendor pom artifactid azure-json Low Vendor pom developer id microsoft Medium Vendor pom developer name Microsoft Medium Vendor pom groupid com.azure Highest Vendor pom name Microsoft Azure Java JSON Library High Vendor pom parent-artifactid azure-client-sdk-parent Low Vendor pom url Azure/azure-sdk-for-java Highest Product file name azure-json High Product jar package name azure Highest Product jar package name json Highest Product Manifest build-jdk-spec 21 Low Product Manifest Implementation-Title Microsoft Azure Java JSON Library High Product pom artifactid azure-json Highest Product pom developer id microsoft Low Product pom developer name Microsoft Low Product pom groupid com.azure Highest Product pom name Microsoft Azure Java JSON Library High Product pom parent-artifactid azure-client-sdk-parent Medium Product pom url Azure/azure-sdk-for-java High Version file version 1.4.0 High Version Manifest Implementation-Version 1.4.0 High Version pom parent-version 1.4.0 Low Version pom version 1.4.0 Highest
pkg:maven/com.azure/azure-json@1.4.0 (Confidence :High) cpe:2.3:a:microsoft:azure_sdk_for_java:1.4.0:*:*:*:*:*:*:* (Confidence :Low) suppress Description:
This module contains client library for Microsoft Azure KeyVault Secrets. File Path: /root/.m2/repository/com/azure/azure-security-keyvault-secrets/4.10.0/azure-security-keyvault-secrets-4.10.0.jarMD5: 4262569f8f89486c58a1403a33ab6adeSHA1: b1013e4439009f10d56c48f885277fa89b355cb4SHA256: 3af086efb972124e48fba8294beb9d0fa6f34aaa18ed1c9350e31eae2a55cf44Referenced In Project/Scope: i2kfs:compileazure-security-keyvault-secrets-4.10.0.jar is in the transitive dependency tree of the listed items. Included by:
Evidence Type Source Name Value Confidence Vendor file name azure-security-keyvault-secrets High Vendor jar package name azure Highest Vendor jar package name keyvault Highest Vendor jar package name secrets Highest Vendor jar package name security Highest Vendor Manifest build-jdk-spec 21 Low Vendor Manifest Implementation-Vendor Microsoft Corporation High Vendor pom artifactid azure-security-keyvault-secrets Highest Vendor pom artifactid azure-security-keyvault-secrets Low Vendor pom groupid com.azure Highest Vendor pom name Microsoft Azure client library for KeyVault Secrets High Vendor pom parent-artifactid azure-client-sdk-parent Low Vendor pom url Azure/azure-sdk-for-java Highest Product file name azure-security-keyvault-secrets High Product jar package name azure Highest Product jar package name keyvault Highest Product jar package name secrets Highest Product jar package name security Highest Product Manifest build-jdk-spec 21 Low Product Manifest Implementation-Title Microsoft Azure client library for KeyVault Secrets High Product pom artifactid azure-security-keyvault-secrets Highest Product pom groupid com.azure Highest Product pom name Microsoft Azure client library for KeyVault Secrets High Product pom parent-artifactid azure-client-sdk-parent Medium Product pom url Azure/azure-sdk-for-java High Version file version 4.10.0 High Version Manifest Implementation-Version 4.10.0 High Version pom parent-version 4.10.0 Low Version pom version 4.10.0 Highest
pkg:maven/com.azure/azure-security-keyvault-secrets@4.10.0 (Confidence :High) cpe:2.3:a:microsoft:azure_cli:4.10.0:*:*:*:*:*:*:* (Confidence :Low) suppress cpe:2.3:a:microsoft:azure_sdk_for_java:4.10.0:*:*:*:*:*:*:* (Confidence :Low) suppress Description:
This module contains client library for Microsoft Azure Blob Storage. File Path: /root/.m2/repository/com/azure/azure-storage-blob/12.30.0/azure-storage-blob-12.30.0.jarMD5: 4d296e90241f0068da102f4a740dd520SHA1: a187bbdf04d9d4c0144ef619ba02ce1cd07211acSHA256: 17d2e1cae298cf9727836265760817b4174fbb43a4eba88465c475d8e07e6379Referenced In Project/Scope: i2kfs:compileazure-storage-blob-12.30.0.jar is in the transitive dependency tree of the listed items. Included by:
Evidence Type Source Name Value Confidence Vendor file name azure-storage-blob High Vendor jar package name azure Highest Vendor jar package name blob Highest Vendor jar package name storage Highest Vendor Manifest build-jdk-spec 21 Low Vendor Manifest Implementation-Vendor Microsoft Corporation High Vendor pom artifactid azure-storage-blob Highest Vendor pom artifactid azure-storage-blob Low Vendor pom groupid com.azure Highest Vendor pom name Microsoft Azure client library for Blob Storage High Vendor pom parent-artifactid azure-client-sdk-parent Low Vendor pom url Azure/azure-sdk-for-java Highest Product file name azure-storage-blob High Product jar package name azure Highest Product jar package name blob Highest Product jar package name storage Highest Product Manifest build-jdk-spec 21 Low Product Manifest Implementation-Title Microsoft Azure client library for Blob Storage High Product pom artifactid azure-storage-blob Highest Product pom groupid com.azure Highest Product pom name Microsoft Azure client library for Blob Storage High Product pom parent-artifactid azure-client-sdk-parent Medium Product pom url Azure/azure-sdk-for-java High Version file version 12.30.0 High Version Manifest Implementation-Version 12.30.0 High Version pom parent-version 12.30.0 Low Version pom version 12.30.0 Highest
pkg:maven/com.azure/azure-storage-blob@12.30.0 (Confidence :High) cpe:2.3:a:microsoft:azure_sdk_for_java:12.30.0:*:*:*:*:*:*:* (Confidence :Low) suppress cpe:2.3:a:microsoft:azure_storage_blobs:12.30.0:*:*:*:*:*:*:* (Confidence :Low) suppress Description:
This module contains an implementation of Java's NIO interface on top of Azure Blob Storage. File Path: /root/.m2/repository/com/azure/azure-storage-blob-nio/12.0.0-beta.30/azure-storage-blob-nio-12.0.0-beta.30.jarMD5: 5ddef746f2ef82072b37d33ca9053a3fSHA1: 6b2f5248925e32ff9a25aa192e730b9b7e686793SHA256: b1bbb9432ce766fa750e4b98cfe859c1b71f576f12c3c44584271b197f49633eReferenced In Project/Scope: i2kfs:compileazure-storage-blob-nio-12.0.0-beta.30.jar is in the transitive dependency tree of the listed items. Included by:
Evidence Type Source Name Value Confidence Vendor file name azure-storage-blob-nio High Vendor jar package name azure Highest Vendor jar package name blob Highest Vendor jar package name nio Highest Vendor jar package name storage Highest Vendor Manifest build-jdk-spec 21 Low Vendor Manifest Implementation-Vendor Microsoft Corporation High Vendor pom artifactid azure-storage-blob-nio Highest Vendor pom artifactid azure-storage-blob-nio Low Vendor pom groupid com.azure Highest Vendor pom name Microsoft Azure implementation of NIO on top of Azure Blob Storage High Vendor pom parent-artifactid azure-client-sdk-parent Low Vendor pom url Azure/azure-sdk-for-java Highest Product file name azure-storage-blob-nio High Product jar package name azure Highest Product jar package name blob Highest Product jar package name nio Highest Product jar package name storage Highest Product Manifest build-jdk-spec 21 Low Product Manifest Implementation-Title Microsoft Azure implementation of NIO on top of Azure Blob Storage High Product pom artifactid azure-storage-blob-nio Highest Product pom groupid com.azure Highest Product pom name Microsoft Azure implementation of NIO on top of Azure Blob Storage High Product pom parent-artifactid azure-client-sdk-parent Medium Product pom url Azure/azure-sdk-for-java High Version Manifest Implementation-Version 12.0.0-beta.30 High Version pom parent-version 12.0.0-beta.30 Low Version pom version 12.0.0-beta.30 Highest
pkg:maven/com.azure/azure-storage-blob-nio@12.0.0-beta.30 (Confidence :High) cpe:2.3:a:microsoft:azure_sdk_for_java:12.0.0:beta:*:*:*:*:*:* (Confidence :Low) suppress cpe:2.3:a:microsoft:azure_storage_blobs:12.0.0:beta:*:*:*:*:*:* (Confidence :Low) suppress CVE-2022-30187 suppress
Azure Storage Library Information Disclosure Vulnerability CWE-327 Use of a Broken or Risky Cryptographic Algorithm
CVSSv2:
Base Score: LOW (1.9) Vector: /AV:L/AC:M/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: MEDIUM (4.7) Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:1.0/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
Description:
This module contains common code based for all Microsoft Azure Storage client libraries. File Path: /root/.m2/repository/com/azure/azure-storage-common/12.29.0/azure-storage-common-12.29.0.jarMD5: 0941a6e38c0b06d1dd1a0f62312f099cSHA1: 900fefe982179300c239fbe661e6135a760f5ee6SHA256: b7a108a5da8956fb8129933d31947a1a487fba9ce4579e834b0978b94a7bdb5cReferenced In Project/Scope: i2kfs:compileazure-storage-common-12.29.0.jar is in the transitive dependency tree of the listed items. Included by:
Evidence Type Source Name Value Confidence Vendor file name azure-storage-common High Vendor jar package name azure Highest Vendor jar package name common Highest Vendor jar package name storage Highest Vendor Manifest build-jdk-spec 21 Low Vendor Manifest Implementation-Vendor Microsoft Corporation High Vendor pom artifactid azure-storage-common Highest Vendor pom artifactid azure-storage-common Low Vendor pom groupid com.azure Highest Vendor pom name Microsoft Azure common module for Storage High Vendor pom parent-artifactid azure-client-sdk-parent Low Vendor pom url Azure/azure-sdk-for-java Highest Product file name azure-storage-common High Product jar package name azure Highest Product jar package name common Highest Product jar package name storage Highest Product Manifest build-jdk-spec 21 Low Product Manifest Implementation-Title Microsoft Azure common module for Storage High Product pom artifactid azure-storage-common Highest Product pom groupid com.azure Highest Product pom name Microsoft Azure common module for Storage High Product pom parent-artifactid azure-client-sdk-parent Medium Product pom url Azure/azure-sdk-for-java High Version file version 12.29.0 High Version Manifest Implementation-Version 12.29.0 High Version pom parent-version 12.29.0 Low Version pom version 12.29.0 Highest
pkg:maven/com.azure/azure-storage-common@12.29.0 (Confidence :High) cpe:2.3:a:microsoft:azure_sdk_for_java:12.29.0:*:*:*:*:*:*:* (Confidence :Low) suppress Description:
This module contains internal use only avro parser code based for Microsoft Azure Storage client libraries. File Path: /root/.m2/repository/com/azure/azure-storage-internal-avro/12.15.0/azure-storage-internal-avro-12.15.0.jarMD5: f40f2eaeb006d494e22cbe7c76e4609fSHA1: 4fa74c110d9d3ae61378b21ced799ee25813b4cdSHA256: 1e69a52ee3c13156faadef23fee83934213b327f32d1e8dd3f0106acd7c048d3Referenced In Project/Scope: i2kfs:compileazure-storage-internal-avro-12.15.0.jar is in the transitive dependency tree of the listed items. Included by:
Evidence Type Source Name Value Confidence Vendor file name azure-storage-internal-avro High Vendor jar package name avro Highest Vendor jar package name azure Highest Vendor jar package name internal Highest Vendor jar package name storage Highest Vendor Manifest build-jdk-spec 21 Low Vendor Manifest Implementation-Vendor Microsoft Corporation High Vendor pom artifactid azure-storage-internal-avro Highest Vendor pom artifactid azure-storage-internal-avro Low Vendor pom groupid com.azure Highest Vendor pom name Microsoft Azure internal Avro module for Storage High Vendor pom parent-artifactid azure-client-sdk-parent Low Vendor pom url Azure/azure-sdk-for-java Highest Product file name azure-storage-internal-avro High Product jar package name avro Highest Product jar package name azure Highest Product jar package name internal Highest Product jar package name storage Highest Product Manifest build-jdk-spec 21 Low Product Manifest Implementation-Title Microsoft Azure internal Avro module for Storage High Product pom artifactid azure-storage-internal-avro Highest Product pom groupid com.azure Highest Product pom name Microsoft Azure internal Avro module for Storage High Product pom parent-artifactid azure-client-sdk-parent Medium Product pom url Azure/azure-sdk-for-java High Version file version 12.15.0 High Version Manifest Implementation-Version 12.15.0 High Version pom parent-version 12.15.0 Low Version pom version 12.15.0 Highest
Description:
This package provides interfaces for reading and writing XML. License:
The MIT License (MIT): http://opensource.org/licenses/MIT File Path: /root/.m2/repository/com/azure/azure-xml/1.2.0/azure-xml-1.2.0.jar
MD5: 0a50063dac825ebff557aaecd7b8747d
SHA1: 05a811882dc4eba119c7d1f0fc65acf39eaf417c
SHA256: 69d9559c561d3125bfd2bf9b5248601e442902bc755d935dde3edba97dc0d931
Referenced In Project/Scope: i2kfs:compile
azure-xml-1.2.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.azure/azure-storage-blob-nio@12.0.0-beta.30
Evidence Type Source Name Value Confidence Vendor file name azure-xml High Vendor jar package name azure Highest Vendor jar package name xml Highest Vendor Manifest build-jdk-spec 21 Low Vendor Manifest Implementation-Vendor Microsoft Corporation High Vendor pom artifactid azure-xml Highest Vendor pom artifactid azure-xml Low Vendor pom developer id microsoft Medium Vendor pom developer name Microsoft Medium Vendor pom groupid com.azure Highest Vendor pom name Microsoft Azure Java XML Library High Vendor pom parent-artifactid azure-client-sdk-parent Low Vendor pom url Azure/azure-sdk-for-java Highest Product file name azure-xml High Product jar package name azure Highest Product jar package name xml Highest Product Manifest build-jdk-spec 21 Low Product Manifest Implementation-Title Microsoft Azure Java XML Library High Product pom artifactid azure-xml Highest Product pom developer id microsoft Low Product pom developer name Microsoft Low Product pom groupid com.azure Highest Product pom name Microsoft Azure Java XML Library High Product pom parent-artifactid azure-client-sdk-parent Medium Product pom url Azure/azure-sdk-for-java High Version file version 1.2.0 High Version Manifest Implementation-Version 1.2.0 High Version pom parent-version 1.2.0 Low Version pom version 1.2.0 Highest
pkg:maven/com.azure/azure-xml@1.2.0 (Confidence :High) cpe:2.3:a:xml_library_project:xml_library:1.2.0:*:*:*:*:*:*:* (Confidence :Low) suppress Description:
A high performance caching library License:
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/com/github/ben-manes/caffeine/caffeine/2.9.3/caffeine-2.9.3.jar
MD5: e0b9c5ccd60a1b5403df1dfe6de37d8e
SHA1: b162491f768824d21487551873f9b3b374a7fe19
SHA256: 1e0a7bbef1dd791653143f3f05d0e489934bf5481e58a87c9e619cd46b68729b
Referenced In Project/Scope: i2kfs:runtime
caffeine-2.9.3.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/software.amazon.nio.s3/aws-java-nio-spi-for-s3@1.2.4
Evidence Type Source Name Value Confidence Vendor file name caffeine High Vendor jar package name benmanes Highest Vendor jar package name cache Highest Vendor jar package name caffeine Highest Vendor jar package name github Highest Vendor Manifest automatic-module-name com.github.benmanes.caffeine Medium Vendor Manifest bundle-symbolicname com.github.ben-manes.caffeine Medium Vendor pom artifactid caffeine Highest Vendor pom artifactid caffeine Low Vendor pom developer email ben.manes@gmail.com Low Vendor pom developer id ben-manes Medium Vendor pom developer name Ben Manes Medium Vendor pom groupid com.github.ben-manes.caffeine Highest Vendor pom name Caffeine cache High Vendor pom url ben-manes/caffeine Highest Product file name caffeine High Product jar package name benmanes Highest Product jar package name cache Highest Product jar package name caffeine Highest Product jar package name github Highest Product Manifest automatic-module-name com.github.benmanes.caffeine Medium Product Manifest Bundle-Name com.github.ben-manes.caffeine Medium Product Manifest bundle-symbolicname com.github.ben-manes.caffeine Medium Product pom artifactid caffeine Highest Product pom developer email ben.manes@gmail.com Low Product pom developer id ben-manes Low Product pom developer name Ben Manes Low Product pom groupid com.github.ben-manes.caffeine Highest Product pom name Caffeine cache High Product pom url ben-manes/caffeine High Version file version 2.9.3 High Version Manifest Bundle-Version 2.9.3 High Version pom version 2.9.3 Highest
pkg:maven/com.github.ben-manes.caffeine/caffeine@2.9.3 (Confidence :High) Description:
checker-qual contains annotations (type qualifiers) that a programmer
writes to specify Java code for type-checking by the Checker Framework.
License:
The MIT License: http://opensource.org/licenses/MIT File Path: /root/.m2/repository/org/checkerframework/checker-qual/3.42.0/checker-qual-3.42.0.jar
MD5: 4c55448dcbfe9c3702f7758fc8fe0086
SHA1: 638ec33f363a94d41a4f03c3e7d3dcfba64e402d
SHA256: ccaedd33af0b7894d9f2f3b644f4d19e43928e32902e61ac4d10777830f5aac7
Referenced In Project/Scope: i2kfs:compile
checker-qual-3.42.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.google.guava/guava@33.2.1-jre
Evidence Type Source Name Value Confidence Vendor file name checker-qual High Vendor jar package name checker Highest Vendor jar package name checkerframework Highest Vendor jar package name framework Highest Vendor jar package name qual Highest Vendor Manifest automatic-module-name org.checkerframework.checker.qual Medium Vendor Manifest bundle-symbolicname checker-qual Medium Vendor Manifest implementation-url https://checkerframework.org Low Vendor pom artifactid checker-qual Highest Vendor pom artifactid checker-qual Low Vendor pom developer email mernst@cs.washington.edu Low Vendor pom developer email smillst@cs.washington.edu Low Vendor pom developer id mernst Medium Vendor pom developer id smillst Medium Vendor pom developer name Michael Ernst Medium Vendor pom developer name Suzanne Millstein Medium Vendor pom developer org University of Washington Medium Vendor pom developer org URL https://www.cs.washington.edu/ Medium Vendor pom groupid org.checkerframework Highest Vendor pom name Checker Qual High Vendor pom url https://checkerframework.org/ Highest Product file name checker-qual High Product jar package name checker Highest Product jar package name checkerframework Highest Product jar package name framework Highest Product jar package name qual Highest Product Manifest automatic-module-name org.checkerframework.checker.qual Medium Product Manifest Bundle-Name checker-qual Medium Product Manifest bundle-symbolicname checker-qual Medium Product Manifest implementation-url https://checkerframework.org Low Product pom artifactid checker-qual Highest Product pom developer email mernst@cs.washington.edu Low Product pom developer email smillst@cs.washington.edu Low Product pom developer id mernst Low Product pom developer id smillst Low Product pom developer name Michael Ernst Low Product pom developer name Suzanne Millstein Low Product pom developer org University of Washington Low Product pom developer org URL https://www.cs.washington.edu/ Low Product pom groupid org.checkerframework Highest Product pom name Checker Qual High Product pom url https://checkerframework.org/ Medium Version file version 3.42.0 High Version Manifest Bundle-Version 3.42.0 High Version Manifest Implementation-Version 3.42.0 High Version pom version 3.42.0 Highest
pkg:maven/org.checkerframework/checker-qual@3.42.0 (Confidence :High) Description:
JSON and JSON SMILE encoding, fast. License:
The MIT License: http://opensource.org/licenses/MIT File Path: /root/.m2/repository/cheshire/cheshire/5.10.2/cheshire-5.10.2.jar
MD5: 24181dc664a44bcc8876f99aead4b27a
SHA1: 0ec395e54a3de9b928df47c5b23cb7a7b24cd568
SHA256: f5f94a1a0993c7fcb25132b960015b170111bc06f2aae83a8a03a74b1a4ade1e
Referenced In Project/Scope: i2kfs:compile
cheshire-5.10.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/i2kconnect/i2kfs@1.5.0-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name cheshire High Vendor jar package name cheshire Highest Vendor Manifest leiningen-project-artifactid cheshire Low Vendor Manifest leiningen-project-groupid cheshire Low Vendor pom artifactid cheshire Highest Vendor pom artifactid cheshire Low Vendor pom groupid cheshire Highest Vendor pom name cheshire High Vendor pom url dakrone/cheshire Highest Product file name cheshire High Product jar package name cheshire Highest Product Manifest leiningen-project-artifactid cheshire Low Product Manifest leiningen-project-groupid cheshire Low Product pom artifactid cheshire Highest Product pom groupid cheshire Highest Product pom name cheshire High Product pom url dakrone/cheshire High Version file version 5.10.2 High Version Manifest leiningen-project-version 5.10.2 Medium Version pom version 5.10.2 Highest
pkg:maven/cheshire/cheshire@5.10.2 (Confidence :High) Description:
A really lightweight Clojure scheduler License:
Eclipse Public License: http://www.eclipse.org/legal/epl-v10.html File Path: /root/.m2/repository/jarohen/chime/0.3.3/chime-0.3.3.jar
MD5: cd29422a62b500326cc5a38b79cd3b49
SHA1: bf642c5c218b07595e01b51f2fb24fa191dfb6dd
SHA256: f7de13f5f27cbe6660fa61569fc7fc85e2c8db2502f9ff8c49de4fe4ead5ac7b
Referenced In Project/Scope: i2kfs:compile
chime-0.3.3.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/i2kconnect/i2kconfig@0.14.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name chime High Vendor Manifest leiningen-project-artifactid chime Low Vendor Manifest leiningen-project-groupid jarohen Low Vendor pom artifactid chime Highest Vendor pom artifactid chime Low Vendor pom groupid jarohen Highest Vendor pom name chime High Vendor pom url jarohen/chime Highest Product file name chime High Product Manifest leiningen-project-artifactid chime Low Product Manifest leiningen-project-groupid jarohen Low Product pom artifactid chime Highest Product pom groupid jarohen Highest Product pom name chime High Product pom url jarohen/chime High Version file version 0.3.3 High Version Manifest leiningen-project-version 0.3.3 Medium Version pom version 0.3.3 Highest
pkg:maven/jarohen/chime@0.3.3 (Confidence :High) Description:
A Clojure HTTP library wrapping the Apache HttpComponents client. License:
The MIT License: http://opensource.org/licenses/mit-license.php File Path: /root/.m2/repository/clj-http/clj-http/3.10.1/clj-http-3.10.1.jar
MD5: fa3d8092826157dacabe73e468db09ab
SHA1: c7630a909071158603f5ae5f4fc9878e5a8c3455
SHA256: dd25554196904ef1313ee5eb43491efa5e18411d4fc95eb7b981c950b110d08a
Referenced In Project/Scope: i2kfs:compile
clj-http-3.10.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/i2kconnect/i2kconfig@0.14.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name clj-http High Vendor Manifest leiningen-project-artifactid clj-http Low Vendor Manifest leiningen-project-groupid clj-http Low Vendor pom artifactid clj-http Highest Vendor pom artifactid clj-http Low Vendor pom groupid clj-http Highest Vendor pom name clj-http High Vendor pom url dakrone/clj-http/ Highest Product file name clj-http High Product Manifest leiningen-project-artifactid clj-http Low Product Manifest leiningen-project-groupid clj-http Low Product pom artifactid clj-http Highest Product pom groupid clj-http Highest Product pom name clj-http High Product pom url dakrone/clj-http/ High Version file version 3.10.1 High Version Manifest leiningen-project-version 3.10.1 Medium Version pom version 3.10.1 Highest
pkg:maven/clj-http/clj-http@3.10.1 (Confidence :High) Description:
A Clojure library designed to wrap OpenTelemetry Java API License:
EPL-2.0 OR GPL-2.0-or-later WITH Classpath-exception-2.0: https://www.eclipse.org/legal/epl-2.0/ File Path: /root/.m2/repository/org/clojars/ejschoen/clj-telemetry/0.3.1-SNAPSHOT/clj-telemetry-0.3.1-SNAPSHOT.jar
MD5: 04cc17447670cb488d3e78606c164cc4
SHA1: dda550953efb3e3a80a5337562f47a2bbbefbec5
SHA256: 01de5180fd9d078e6b1c3bc57973e14b90b18c37432f1d65d94fe04b1bdfc7c1
Referenced In Project/Scope: i2kfs:compile
clj-telemetry-0.3.1-SNAPSHOT.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/i2kconnect/i2kconfig@0.14.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name clj-telemetry High Vendor Manifest leiningen-project-artifactid clj-telemetry Low Vendor pom artifactid clj-telemetry Highest Vendor pom artifactid clj-telemetry Low Vendor pom groupid org.clojars.ejschoen Highest Vendor pom name clj-telemetry High Vendor pom url tendant/clj-telemetry Highest Product file name clj-telemetry High Product Manifest leiningen-project-artifactid clj-telemetry Low Product pom artifactid clj-telemetry Highest Product pom groupid org.clojars.ejschoen Highest Product pom name clj-telemetry High Product pom url tendant/clj-telemetry High Version Manifest leiningen-project-version 0.3.1-SNAPSHOT Medium Version pom version 0.3.1-SNAPSHOT Highest
pkg:maven/org.clojars.ejschoen/clj-telemetry@0.3.1-20250510.214819-2 (Confidence :Highest) pkg:maven/org.clojars.ejschoen/clj-telemetry@0.3.1-SNAPSHOT (Confidence :High) Description:
A date and time library for Clojure, wrapping Joda Time. License:
MIT License: http://www.opensource.org/licenses/mit-license.php File Path: /root/.m2/repository/clj-time/clj-time/0.15.2/clj-time-0.15.2.jar
MD5: 25759955ada60768e0e505134257fadd
SHA1: 53e2958483bfd4b3f02867557e717d1b0125a694
SHA256: f17dc6d8f9673df9187fcaad2d1852b5520ce13b86a4c1b49657389ddff18e50
Referenced In Project/Scope: i2kfs:compile
clj-time-0.15.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/i2kconnect/i2kfs@1.5.0-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name clj-time High Vendor Manifest leiningen-project-artifactid clj-time Low Vendor Manifest leiningen-project-groupid clj-time Low Vendor pom artifactid clj-time Highest Vendor pom artifactid clj-time Low Vendor pom groupid clj-time Highest Vendor pom name clj-time High Vendor pom url clj-time/clj-time Highest Product file name clj-time High Product Manifest leiningen-project-artifactid clj-time Low Product Manifest leiningen-project-groupid clj-time Low Product pom artifactid clj-time Highest Product pom groupid clj-time Highest Product pom name clj-time High Product pom url clj-time/clj-time High Version file version 0.15.2 High Version Manifest leiningen-project-version 0.15.2 Medium Version pom version 0.15.2 Highest
Description:
Efficient small collections. License:
MIT License: http://opensource.org/licenses/MIT File Path: /root/.m2/repository/clj-tuple/clj-tuple/0.2.2/clj-tuple-0.2.2.jar
MD5: 912f6b1840af00be7151d0d768f4a276
SHA1: b803b89f852fabc9b6844d6373b4534561f3de3b
SHA256: 58dbf73da8bce34dc498de6c347f872ef98f301a3a29dc95797d64f80e6b6b47
Referenced In Project/Scope: i2kfs:compile
clj-tuple-0.2.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/i2kconnect/i2kconfig@0.14.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name clj-tuple High Vendor jar package name clojure Low Vendor jar package name lang Low Vendor pom artifactid clj-tuple Highest Vendor pom artifactid clj-tuple Low Vendor pom groupid clj-tuple Highest Vendor pom name clj-tuple High Product file name clj-tuple High Product jar package name lang Low Product pom artifactid clj-tuple Highest Product pom groupid clj-tuple Highest Product pom name clj-tuple High Version file version 0.2.2 High Version pom version 0.2.2 Highest
pkg:maven/clj-tuple/clj-tuple@0.2.2 (Confidence :High) Description:
Simplified XPath from Clojure. License:
Eclipse Public License - v 1.0: http://www.eclipse.org/legal/epl-v10.html File Path: /root/.m2/repository/com/github/kyleburton/clj-xpath/1.4.13/clj-xpath-1.4.13.jar
MD5: f5b78997c119b94668d2e1814db000d9
SHA1: a101bd473ac576e2bb10a9b8bc9662bee881592d
SHA256: 44d1cd637a37329866695b21ebda400f463eee3da96b37ff0c1789e430e33fa6
Referenced In Project/Scope: i2kfs:compile
clj-xpath-1.4.13.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/i2kconnect/i2kfs@1.5.0-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name clj-xpath High Vendor Manifest leiningen-project-artifactid clj-xpath Low Vendor pom artifactid clj-xpath Highest Vendor pom artifactid clj-xpath Low Vendor pom groupid com.github.kyleburton Highest Vendor pom name clj-xpath High Vendor pom url http://github.com/kyleburton/clj-xpath Highest Product file name clj-xpath High Product Manifest leiningen-project-artifactid clj-xpath Low Product pom artifactid clj-xpath Highest Product pom groupid com.github.kyleburton Highest Product pom name clj-xpath High Product pom url http://github.com/kyleburton/clj-xpath Medium Version file version 1.4.13 High Version Manifest leiningen-project-version 1.4.13 Medium Version pom version 1.4.13 Highest
pkg:maven/com.github.kyleburton/clj-xpath@1.4.13 (Confidence :High) Description:
{{ mustache }} for Clojure[Script] License:
GNU Lesser General Public License 2.1: http://www.gnu.org/licenses/lgpl-2.1.txt File Path: /root/.m2/repository/cljstache/cljstache/2.0.6/cljstache-2.0.6.jar
MD5: 43ad41f10a0176bd2c82deba84526665
SHA1: e8e51626b45eb7db7497ac6887cf648c0e6f41d1
SHA256: e7ccdd2750cefad5b85b769cb488397e356a5868d2a69c647bdbdbfa062dd62a
Referenced In Project/Scope: i2kfs:compile
cljstache-2.0.6.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/i2kconnect/i2kfs@1.5.0-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name cljstache High Vendor Manifest leiningen-project-artifactid cljstache Low Vendor Manifest leiningen-project-groupid cljstache Low Vendor pom artifactid cljstache Highest Vendor pom artifactid cljstache Low Vendor pom groupid cljstache Highest Vendor pom name cljstache High Vendor pom url http://github.com/fotoetienne/cljstache Highest Product file name cljstache High Product Manifest leiningen-project-artifactid cljstache Low Product Manifest leiningen-project-groupid cljstache Low Product pom artifactid cljstache Highest Product pom groupid cljstache Highest Product pom name cljstache High Product pom url http://github.com/fotoetienne/cljstache Medium Version file version 2.0.6 High Version Manifest leiningen-project-version 2.0.6 Medium Version pom version 2.0.6 Highest
pkg:maven/cljstache/cljstache@2.0.6 (Confidence :High) Description:
Clojure core environment and runtime library. License:
Eclipse Public License 1.0: http://opensource.org/licenses/eclipse-1.0.php File Path: /root/.m2/repository/org/clojure/clojure/1.11.4/clojure-1.11.4.jar
MD5: 02d731228f3a1e5ece76052145d53008
SHA1: 60589f1fec2a0b96bbc00405b82525a9f81364fa
SHA256: fc7ff1b6610d0e3494a75cc11ef81810bda402ac157012fe4e3b899586cf4133
Referenced In Project/Scope: i2kfs:compile
clojure-1.11.4.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/i2kconnect/i2kfs@1.5.0-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name clojure High Vendor jar package name clojure Highest Vendor jar package name clojure Low Vendor jar package name core Highest Vendor pom artifactid clojure Highest Vendor pom artifactid clojure Low Vendor pom developer email richhickey@gmail.com Low Vendor pom developer name Rich Hickey Medium Vendor pom groupid org.clojure Highest Vendor pom name clojure High Vendor pom url http://clojure.org/ Highest Product file name clojure High Product jar package name clojure Highest Product jar package name core Highest Product pom artifactid clojure Highest Product pom developer email richhickey@gmail.com Low Product pom developer name Rich Hickey Low Product pom groupid org.clojure Highest Product pom name clojure High Product pom url http://clojure.org/ Medium Version file version 1.11.4 High Version pom version 1.11.4 Highest
Description:
A Clojure wrapper around the Lanterna terminal output library. License:
LGPL File Path: /root/.m2/repository/clojure-lanterna/clojure-lanterna/0.9.7/clojure-lanterna-0.9.7.jar
MD5: 353384804e0c634bbfe0a4554e881682
SHA1: 2573ddceb8c00a373524fbe37c1de43260516b03
SHA256: aefd8fa75078a7ae15763cd705d26c905ccfacaea055900bec97d60df1d08a45
Referenced In Project/Scope: i2kfs:compile
clojure-lanterna-0.9.7.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/i2kconnect/i2kfs@1.5.0-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name clojure-lanterna High Vendor pom artifactid clojure-lanterna Highest Vendor pom artifactid clojure-lanterna Low Vendor pom groupid clojure-lanterna Highest Vendor pom name clojure-lanterna High Vendor pom url http://sjl.bitbucket.org/clojure-lanterna/ Highest Product file name clojure-lanterna High Product pom artifactid clojure-lanterna Highest Product pom groupid clojure-lanterna Highest Product pom name clojure-lanterna High Product pom url http://sjl.bitbucket.org/clojure-lanterna/ Medium Version file version 0.9.7 High Version pom version 0.9.7 Highest
pkg:maven/clojure-lanterna/clojure-lanterna@0.9.7 (Confidence :High) File Path: /root/.m2/repository/cc/artifice/clojure-solr/4.9.0-SNAPSHOT/clojure-solr-4.9.0-SNAPSHOT-solr8.jarMD5: 58e1e4e1cbbd7ed0d740e42872ab4c09SHA1: 3a86589349ea82977511ab33480293599de2aad7SHA256: bc82382243d13971ba6c3bcba92d89f9eaab66e4beb9e73259c120c411068b2cReferenced In Project/Scope: i2kfs:compileclojure-solr-4.9.0-SNAPSHOT-solr8.jar is in the transitive dependency tree of the listed items. Included by:
Evidence Type Source Name Value Confidence Vendor file name clojure-solr High Vendor Manifest leiningen-project-artifactid clojure-solr Low Vendor pom artifactid clojure-solr Highest Vendor pom artifactid clojure-solr Low Vendor pom groupid cc.artifice Highest Vendor pom name clojure-solr High Product file name clojure-solr High Product Manifest leiningen-project-artifactid clojure-solr Low Product pom artifactid clojure-solr Highest Product pom groupid cc.artifice Highest Product pom name clojure-solr High Version Manifest leiningen-project-version 4.9.0-SNAPSHOT Medium Version pom version 4.9.0-SNAPSHOT Highest
pkg:maven/cc.artifice/clojure-solr@4.9.0-SNAPSHOT (Confidence :High) Description:
A HTTP route matching library License:
Eclipse Public License: http://www.eclipse.org/legal/epl-v10.html File Path: /root/.m2/repository/clout/clout/2.2.1/clout-2.2.1.jar
MD5: 49eb1d6c53db6ac5a5f4bd0e1bef44ae
SHA1: 60bc062f86d0179d007066b76473bbb3be72786b
SHA256: 9f3746c5139bef35099a33aeb833100a758e2572afd4233eca700cdd72d6870b
Referenced In Project/Scope: i2kfs:compile
clout-2.2.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/i2kconnect/i2kconfig@0.14.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name clout High Vendor pom artifactid clout Highest Vendor pom artifactid clout Low Vendor pom groupid clout Highest Vendor pom name clout High Vendor pom url weavejester/clout Highest Product file name clout High Product pom artifactid clout Highest Product pom groupid clout Highest Product pom name clout High Product pom url weavejester/clout High Version file version 2.2.1 High Version pom version 2.2.1 Highest
pkg:maven/clout/clout@2.2.1 (Confidence :High) Description:
The Apache Commons Codec package contains simple encoder and decoders for
various formats such as Base64 and Hexadecimal. In addition to these
widely used encoders and decoders, the codec package also maintains a
collection of phonetic encoding utilities.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/commons-codec/commons-codec/1.15/commons-codec-1.15.jar
MD5: 303baf002ce6d382198090aedd9d79a2
SHA1: 49d94806b6e3dc933dacbd8acb0fdbab8ebd1e5d
SHA256: b3e9f6d63a790109bf0d056611fbed1cf69055826defeb9894a71369d246ed63
Referenced In Project/Scope: i2kfs:compile
commons-codec-1.15.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/i2kconnect/i2kfs@1.5.0-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name commons-codec High Vendor jar package name apache Highest Vendor jar package name codec Highest Vendor jar package name commons Highest Vendor jar package name encoder Highest Vendor Manifest automatic-module-name org.apache.commons.codec Medium Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://commons.apache.org/proper/commons-codec/ Low Vendor Manifest bundle-symbolicname org.apache.commons.commons-codec Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-codec Highest Vendor pom artifactid commons-codec Low Vendor pom developer email bayard@apache.org Low Vendor pom developer email chtompki@apache.org Low Vendor pom developer email dgraham@apache.org Low Vendor pom developer email dlr@finemaltcoding.com Low Vendor pom developer email ggregory@apache.org Low Vendor pom developer email jon@collab.net Low Vendor pom developer email julius@apache.org Low Vendor pom developer email rwaldhoff@apache.org Low Vendor pom developer email sanders@totalsync.com Low Vendor pom developer email tn@apache.org Low Vendor pom developer email tobrien@apache.org Low Vendor pom developer id bayard Medium Vendor pom developer id chtompki Medium Vendor pom developer id dgraham Medium Vendor pom developer id dlr Medium Vendor pom developer id ggregory Medium Vendor pom developer id jon Medium Vendor pom developer id julius Medium Vendor pom developer id rwaldhoff Medium Vendor pom developer id sanders Medium Vendor pom developer id tn Medium Vendor pom developer id tobrien Medium Vendor pom developer name Daniel Rall Medium Vendor pom developer name David Graham Medium Vendor pom developer name Gary Gregory Medium Vendor pom developer name Henri Yandell Medium Vendor pom developer name Jon S. Stevens Medium Vendor pom developer name Julius Davies Medium Vendor pom developer name Rob Tompkins Medium Vendor pom developer name Rodney Waldhoff Medium Vendor pom developer name Scott Sanders Medium Vendor pom developer name Thomas Neidhart Medium Vendor pom developer name Tim OBrien Medium Vendor pom developer org URL http://juliusdavies.ca/ Medium Vendor pom groupid commons-codec Highest Vendor pom name Apache Commons Codec High Vendor pom parent-artifactid commons-parent Low Vendor pom parent-groupid org.apache.commons Medium Vendor pom url https://commons.apache.org/proper/commons-codec/ Highest Product file name commons-codec High Product jar package name apache Highest Product jar package name codec Highest Product jar package name commons Highest Product jar package name encoder Highest Product Manifest automatic-module-name org.apache.commons.codec Medium Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://commons.apache.org/proper/commons-codec/ Low Product Manifest Bundle-Name Apache Commons Codec Medium Product Manifest bundle-symbolicname org.apache.commons.commons-codec Medium Product Manifest Implementation-Title Apache Commons Codec High Product Manifest specification-title Apache Commons Codec Medium Product pom artifactid commons-codec Highest Product pom developer email bayard@apache.org Low Product pom developer email chtompki@apache.org Low Product pom developer email dgraham@apache.org Low Product pom developer email dlr@finemaltcoding.com Low Product pom developer email ggregory@apache.org Low Product pom developer email jon@collab.net Low Product pom developer email julius@apache.org Low Product pom developer email rwaldhoff@apache.org Low Product pom developer email sanders@totalsync.com Low Product pom developer email tn@apache.org Low Product pom developer email tobrien@apache.org Low Product pom developer id bayard Low Product pom developer id chtompki Low Product pom developer id dgraham Low Product pom developer id dlr Low Product pom developer id ggregory Low Product pom developer id jon Low Product pom developer id julius Low Product pom developer id rwaldhoff Low Product pom developer id sanders Low Product pom developer id tn Low Product pom developer id tobrien Low Product pom developer name Daniel Rall Low Product pom developer name David Graham Low Product pom developer name Gary Gregory Low Product pom developer name Henri Yandell Low Product pom developer name Jon S. Stevens Low Product pom developer name Julius Davies Low Product pom developer name Rob Tompkins Low Product pom developer name Rodney Waldhoff Low Product pom developer name Scott Sanders Low Product pom developer name Thomas Neidhart Low Product pom developer name Tim OBrien Low Product pom developer org URL http://juliusdavies.ca/ Low Product pom groupid commons-codec Highest Product pom name Apache Commons Codec High Product pom parent-artifactid commons-parent Medium Product pom parent-groupid org.apache.commons Medium Product pom url https://commons.apache.org/proper/commons-codec/ Medium Version file version 1.15 High Version Manifest Implementation-Version 1.15 High Version pom parent-version 1.15 Low Version pom version 1.15 Highest
pkg:maven/commons-codec/commons-codec@1.15 (Confidence :High) Description:
The Apache Commons FileUpload component provides a simple yet flexible means of adding support for multipart
file upload functionality to servlets and web applications.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/commons-fileupload/commons-fileupload/1.6.0/commons-fileupload-1.6.0.jar
MD5: c10bfd8952ec31282fffd3b2625d87ce
SHA1: 2392704cccb4632b3ccd9b8cfbe2943cca6fc455
SHA256: 9383272c93569afeabedb16923a94a6dc8a5bd7a2f9f83bf326af4ee68434629
Referenced In Project/Scope: i2kfs:compile
commons-fileupload-1.6.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/i2kconnect/i2kopenid@0.8.0-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name commons-fileupload High Vendor jar package name apache Highest Vendor jar package name commons Highest Vendor jar package name fileupload Highest Vendor Manifest build-jdk-spec 21 Low Vendor Manifest bundle-docurl https://commons.apache.org/proper/commons-fileupload/ Low Vendor Manifest bundle-symbolicname org.apache.commons.commons-fileupload Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest multi-release true Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-fileupload Highest Vendor pom artifactid commons-fileupload Low Vendor pom developer email chtompki@apache.org Low Vendor pom developer email dion@apache.org Low Vendor pom developer email dlr@finemaltcoding.com Low Vendor pom developer email ggregory at apache.org Low Vendor pom developer email jason@zenplex.com Low Vendor pom developer email jmcnally@collab.net Low Vendor pom developer email jochen.wiedmann@gmail.com Low Vendor pom developer email martinc@apache.org Low Vendor pom developer email rdonkin@apache.org Low Vendor pom developer email sean |at| seansullivan |dot| com Low Vendor pom developer email simonetripodi@apache.org Low Vendor pom developer id chtompki Medium Vendor pom developer id dion Medium Vendor pom developer id dlr Medium Vendor pom developer id ggregory Medium Vendor pom developer id jmcnally Medium Vendor pom developer id jochen Medium Vendor pom developer id jvanzyl Medium Vendor pom developer id martinc Medium Vendor pom developer id rdonkin Medium Vendor pom developer id simonetripodi Medium Vendor pom developer id sullis Medium Vendor pom developer name Daniel Rall Medium Vendor pom developer name dIon Gillard Medium Vendor pom developer name Gary Gregory Medium Vendor pom developer name Jason van Zyl Medium Vendor pom developer name Jochen Wiedmann Medium Vendor pom developer name John McNally Medium Vendor pom developer name Martin Cooper Medium Vendor pom developer name Rob Tompkins Medium Vendor pom developer name Robert Burrell Donkin Medium Vendor pom developer name Sean C. Sullivan Medium Vendor pom developer name Simone Tripodi Medium Vendor pom developer org Adobe Medium Vendor pom developer org CollabNet Medium Vendor pom developer org Multitask Consulting Medium Vendor pom developer org The Apache Software Foundation Medium Vendor pom developer org Yahoo! Medium Vendor pom developer org Zenplex Medium Vendor pom developer org URL https://www.apache.org/ Medium Vendor pom groupid commons-fileupload Highest Vendor pom name Apache Commons FileUpload High Vendor pom parent-artifactid commons-parent Low Vendor pom parent-groupid org.apache.commons Medium Vendor pom url https://commons.apache.org/proper/commons-fileupload/ Highest Product file name commons-fileupload High Product jar package name apache Highest Product jar package name commons Highest Product jar package name fileupload Highest Product Manifest build-jdk-spec 21 Low Product Manifest bundle-docurl https://commons.apache.org/proper/commons-fileupload/ Low Product Manifest Bundle-Name Apache Commons FileUpload Medium Product Manifest bundle-symbolicname org.apache.commons.commons-fileupload Medium Product Manifest Implementation-Title Apache Commons FileUpload High Product Manifest multi-release true Low Product Manifest specification-title Apache Commons FileUpload Medium Product pom artifactid commons-fileupload Highest Product pom developer email chtompki@apache.org Low Product pom developer email dion@apache.org Low Product pom developer email dlr@finemaltcoding.com Low Product pom developer email ggregory at apache.org Low Product pom developer email jason@zenplex.com Low Product pom developer email jmcnally@collab.net Low Product pom developer email jochen.wiedmann@gmail.com Low Product pom developer email martinc@apache.org Low Product pom developer email rdonkin@apache.org Low Product pom developer email sean |at| seansullivan |dot| com Low Product pom developer email simonetripodi@apache.org Low Product pom developer id chtompki Low Product pom developer id dion Low Product pom developer id dlr Low Product pom developer id ggregory Low Product pom developer id jmcnally Low Product pom developer id jochen Low Product pom developer id jvanzyl Low Product pom developer id martinc Low Product pom developer id rdonkin Low Product pom developer id simonetripodi Low Product pom developer id sullis Low Product pom developer name Daniel Rall Low Product pom developer name dIon Gillard Low Product pom developer name Gary Gregory Low Product pom developer name Jason van Zyl Low Product pom developer name Jochen Wiedmann Low Product pom developer name John McNally Low Product pom developer name Martin Cooper Low Product pom developer name Rob Tompkins Low Product pom developer name Robert Burrell Donkin Low Product pom developer name Sean C. Sullivan Low Product pom developer name Simone Tripodi Low Product pom developer org Adobe Low Product pom developer org CollabNet Low Product pom developer org Multitask Consulting Low Product pom developer org The Apache Software Foundation Low Product pom developer org Yahoo! Low Product pom developer org Zenplex Low Product pom developer org URL https://www.apache.org/ Low Product pom groupid commons-fileupload Highest Product pom name Apache Commons FileUpload High Product pom parent-artifactid commons-parent Medium Product pom parent-groupid org.apache.commons Medium Product pom url https://commons.apache.org/proper/commons-fileupload/ Medium Version file version 1.6.0 High Version Manifest Bundle-Version 1.6.0 High Version Manifest Implementation-Version 1.6.0 High Version pom parent-version 1.6.0 Low Version pom version 1.6.0 Highest
Description:
The Apache Commons IO library contains utility classes, stream implementations, file filters,
file comparators, endian transformation classes, and much more.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/commons-io/commons-io/2.19.0/commons-io-2.19.0.jar
MD5: 3d1fd45f9d2a247c1d05ab1e98c07160
SHA1: 1f8d4a99ba72b77aa69101175efc79b0c7dcdd7e
SHA256: 824268919b4b62f9f40f08c54381de5993b078f58667e332d17348ae019d72b9
Referenced In Project/Scope: i2kfs:compile
commons-io-2.19.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.apache.tika/tika-core@3.2.2
Evidence Type Source Name Value Confidence Vendor file name commons-io High Vendor jar package name apache Highest Vendor jar package name commons Highest Vendor jar package name file Highest Vendor jar package name io Highest Vendor Manifest automatic-module-name org.apache.commons.io Medium Vendor Manifest build-jdk-spec 21 Low Vendor Manifest bundle-docurl https://commons.apache.org/proper/commons-io/ Low Vendor Manifest bundle-symbolicname org.apache.commons.commons-io Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest multi-release true Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-io Highest Vendor pom artifactid commons-io Low Vendor pom developer email bayard@apache.org Low Vendor pom developer email dion@apache.org Low Vendor pom developer email ggregory at apache.org Low Vendor pom developer email jeremias@apache.org Low Vendor pom developer email jochen.wiedmann@gmail.com Low Vendor pom developer email krosenvold@apache.org Low Vendor pom developer email martinc@apache.org Low Vendor pom developer email matth@apache.org Low Vendor pom developer email nicolaken@apache.org Low Vendor pom developer email roxspring@apache.org Low Vendor pom developer email sanders@apache.org Low Vendor pom developer id bayard Medium Vendor pom developer id dion Medium Vendor pom developer id ggregory Medium Vendor pom developer id jeremias Medium Vendor pom developer id jochen Medium Vendor pom developer id jukka Medium Vendor pom developer id krosenvold Medium Vendor pom developer id martinc Medium Vendor pom developer id matth Medium Vendor pom developer id niallp Medium Vendor pom developer id nicolaken Medium Vendor pom developer id roxspring Medium Vendor pom developer id sanders Medium Vendor pom developer id scolebourne Medium Vendor pom developer name dIon Gillard Medium Vendor pom developer name Gary Gregory Medium Vendor pom developer name Henri Yandell Medium Vendor pom developer name Jeremias Maerki Medium Vendor pom developer name Jochen Wiedmann Medium Vendor pom developer name Jukka Zitting Medium Vendor pom developer name Kristian Rosenvold Medium Vendor pom developer name Martin Cooper Medium Vendor pom developer name Matthew Hawthorne Medium Vendor pom developer name Niall Pemberton Medium Vendor pom developer name Nicola Ken Barozzi Medium Vendor pom developer name Rob Oxspring Medium Vendor pom developer name Scott Sanders Medium Vendor pom developer name Stephen Colebourne Medium Vendor pom developer org The Apache Software Foundation Medium Vendor pom developer org URL https://www.apache.org/ Medium Vendor pom groupid commons-io Highest Vendor pom name Apache Commons IO High Vendor pom parent-artifactid commons-parent Low Vendor pom parent-groupid org.apache.commons Medium Vendor pom url https://commons.apache.org/proper/commons-io/ Highest Product file name commons-io High Product jar package name apache Highest Product jar package name commons Highest Product jar package name file Highest Product jar package name io Highest Product Manifest automatic-module-name org.apache.commons.io Medium Product Manifest build-jdk-spec 21 Low Product Manifest bundle-docurl https://commons.apache.org/proper/commons-io/ Low Product Manifest Bundle-Name Apache Commons IO Medium Product Manifest bundle-symbolicname org.apache.commons.commons-io Medium Product Manifest Implementation-Title Apache Commons IO High Product Manifest multi-release true Low Product Manifest specification-title Apache Commons IO Medium Product pom artifactid commons-io Highest Product pom developer email bayard@apache.org Low Product pom developer email dion@apache.org Low Product pom developer email ggregory at apache.org Low Product pom developer email jeremias@apache.org Low Product pom developer email jochen.wiedmann@gmail.com Low Product pom developer email krosenvold@apache.org Low Product pom developer email martinc@apache.org Low Product pom developer email matth@apache.org Low Product pom developer email nicolaken@apache.org Low Product pom developer email roxspring@apache.org Low Product pom developer email sanders@apache.org Low Product pom developer id bayard Low Product pom developer id dion Low Product pom developer id ggregory Low Product pom developer id jeremias Low Product pom developer id jochen Low Product pom developer id jukka Low Product pom developer id krosenvold Low Product pom developer id martinc Low Product pom developer id matth Low Product pom developer id niallp Low Product pom developer id nicolaken Low Product pom developer id roxspring Low Product pom developer id sanders Low Product pom developer id scolebourne Low Product pom developer name dIon Gillard Low Product pom developer name Gary Gregory Low Product pom developer name Henri Yandell Low Product pom developer name Jeremias Maerki Low Product pom developer name Jochen Wiedmann Low Product pom developer name Jukka Zitting Low Product pom developer name Kristian Rosenvold Low Product pom developer name Martin Cooper Low Product pom developer name Matthew Hawthorne Low Product pom developer name Niall Pemberton Low Product pom developer name Nicola Ken Barozzi Low Product pom developer name Rob Oxspring Low Product pom developer name Scott Sanders Low Product pom developer name Stephen Colebourne Low Product pom developer org The Apache Software Foundation Low Product pom developer org URL https://www.apache.org/ Low Product pom groupid commons-io Highest Product pom name Apache Commons IO High Product pom parent-artifactid commons-parent Medium Product pom parent-groupid org.apache.commons Medium Product pom url https://commons.apache.org/proper/commons-io/ Medium Version file version 2.19.0 High Version Manifest Bundle-Version 2.19.0 High Version Manifest Implementation-Version 2.19.0 High Version pom parent-version 2.19.0 Low Version pom version 2.19.0 Highest
Description:
Apache Commons Logging is a thin adapter allowing configurable bridging to other,
well known logging systems. License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/commons-logging/commons-logging/1.2/commons-logging-1.2.jar
MD5: 040b4b4d8eac886f6b4a2a3bd2f31b00
SHA1: 4bfc12adfe4842bf07b657f0369c4cb522955686
SHA256: daddea1ea0be0f56978ab3006b8ac92834afeefbd9b7e4e6316fca57df0fa636
Referenced In Project/Scope: i2kfs:compile
commons-logging-1.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/i2kconnect/i2kconfig@0.14.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name commons-logging High Vendor jar package name apache Highest Vendor jar package name commons Highest Vendor jar package name logging Highest Vendor Manifest bundle-docurl http://commons.apache.org/proper/commons-logging/ Low Vendor Manifest bundle-symbolicname org.apache.commons.logging Medium Vendor Manifest implementation-build tags/LOGGING_1_2_RC2@r1608092; 2014-07-05 20:11:44+0200 Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid commons-logging Highest Vendor pom artifactid commons-logging Low Vendor pom developer email baliuka@apache.org Low Vendor pom developer email costin@apache.org Low Vendor pom developer email craigmcc@apache.org Low Vendor pom developer email dennisl@apache.org Low Vendor pom developer email donaldp@apache.org Low Vendor pom developer email morgand@apache.org Low Vendor pom developer email rdonkin@apache.org Low Vendor pom developer email rsitze@apache.org Low Vendor pom developer email rwaldhoff@apache.org Low Vendor pom developer email sanders@apache.org Low Vendor pom developer email skitching@apache.org Low Vendor pom developer email tn@apache.org Low Vendor pom developer id baliuka Medium Vendor pom developer id bstansberry Medium Vendor pom developer id costin Medium Vendor pom developer id craigmcc Medium Vendor pom developer id dennisl Medium Vendor pom developer id donaldp Medium Vendor pom developer id morgand Medium Vendor pom developer id rdonkin Medium Vendor pom developer id rsitze Medium Vendor pom developer id rwaldhoff Medium Vendor pom developer id sanders Medium Vendor pom developer id skitching Medium Vendor pom developer id tn Medium Vendor pom developer name Brian Stansberry Medium Vendor pom developer name Costin Manolache Medium Vendor pom developer name Craig McClanahan Medium Vendor pom developer name Dennis Lundberg Medium Vendor pom developer name Juozas Baliuka Medium Vendor pom developer name Morgan Delagrange Medium Vendor pom developer name Peter Donald Medium Vendor pom developer name Richard Sitze Medium Vendor pom developer name Robert Burrell Donkin Medium Vendor pom developer name Rodney Waldhoff Medium Vendor pom developer name Scott Sanders Medium Vendor pom developer name Simon Kitching Medium Vendor pom developer name Thomas Neidhart Medium Vendor pom developer org Apache Medium Vendor pom developer org The Apache Software Foundation Medium Vendor pom groupid commons-logging Highest Vendor pom name Apache Commons Logging High Vendor pom parent-artifactid commons-parent Low Vendor pom parent-groupid org.apache.commons Medium Vendor pom url http://commons.apache.org/proper/commons-logging/ Highest Product file name commons-logging High Product jar package name apache Highest Product jar package name commons Highest Product jar package name logging Highest Product Manifest bundle-docurl http://commons.apache.org/proper/commons-logging/ Low Product Manifest Bundle-Name Apache Commons Logging Medium Product Manifest bundle-symbolicname org.apache.commons.logging Medium Product Manifest implementation-build tags/LOGGING_1_2_RC2@r1608092; 2014-07-05 20:11:44+0200 Low Product Manifest Implementation-Title Apache Commons Logging High Product Manifest specification-title Apache Commons Logging Medium Product pom artifactid commons-logging Highest Product pom developer email baliuka@apache.org Low Product pom developer email costin@apache.org Low Product pom developer email craigmcc@apache.org Low Product pom developer email dennisl@apache.org Low Product pom developer email donaldp@apache.org Low Product pom developer email morgand@apache.org Low Product pom developer email rdonkin@apache.org Low Product pom developer email rsitze@apache.org Low Product pom developer email rwaldhoff@apache.org Low Product pom developer email sanders@apache.org Low Product pom developer email skitching@apache.org Low Product pom developer email tn@apache.org Low Product pom developer id baliuka Low Product pom developer id bstansberry Low Product pom developer id costin Low Product pom developer id craigmcc Low Product pom developer id dennisl Low Product pom developer id donaldp Low Product pom developer id morgand Low Product pom developer id rdonkin Low Product pom developer id rsitze Low Product pom developer id rwaldhoff Low Product pom developer id sanders Low Product pom developer id skitching Low Product pom developer id tn Low Product pom developer name Brian Stansberry Low Product pom developer name Costin Manolache Low Product pom developer name Craig McClanahan Low Product pom developer name Dennis Lundberg Low Product pom developer name Juozas Baliuka Low Product pom developer name Morgan Delagrange Low Product pom developer name Peter Donald Low Product pom developer name Richard Sitze Low Product pom developer name Robert Burrell Donkin Low Product pom developer name Rodney Waldhoff Low Product pom developer name Scott Sanders Low Product pom developer name Simon Kitching Low Product pom developer name Thomas Neidhart Low Product pom developer org Apache Low Product pom developer org The Apache Software Foundation Low Product pom groupid commons-logging Highest Product pom name Apache Commons Logging High Product pom parent-artifactid commons-parent Medium Product pom parent-groupid org.apache.commons Medium Product pom url http://commons.apache.org/proper/commons-logging/ Medium Version file version 1.2 High Version Manifest Implementation-Version 1.2 High Version pom parent-version 1.2 Low Version pom version 1.2 Highest
pkg:maven/commons-logging/commons-logging@1.2 (Confidence :High) Description:
A concise routing library for Ring License:
Eclipse Public License: http://www.eclipse.org/legal/epl-v10.html File Path: /root/.m2/repository/compojure/compojure/1.7.1/compojure-1.7.1.jar
MD5: ed2d5500fa730882f4c8bc3a5d0469f8
SHA1: 4c699bdb030f430716f64efb99f7092ffa77178f
SHA256: 0ad60fbfffd6f5552a4b43690566000cfd9b6d7abd836d9ed39cd5826e087f29
Referenced In Project/Scope: i2kfs:compile
compojure-1.7.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/i2kconnect/i2kconfig@0.14.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name compojure High Vendor Manifest leiningen-project-artifactid compojure Low Vendor Manifest leiningen-project-groupid compojure Low Vendor pom artifactid compojure Highest Vendor pom artifactid compojure Low Vendor pom groupid compojure Highest Vendor pom name compojure High Vendor pom url weavejester/compojure Highest Product file name compojure High Product Manifest leiningen-project-artifactid compojure Low Product Manifest leiningen-project-groupid compojure Low Product pom artifactid compojure Highest Product pom groupid compojure Highest Product pom name compojure High Product pom url weavejester/compojure High Version file version 1.7.1 High Version Manifest leiningen-project-version 1.7.1 Medium Version pom version 1.7.1 Highest
pkg:maven/compojure/compojure@1.7.1 (Confidence :High) Description:
Conscrypt: OpenJdk UberJAR License:
Apache 2: https://www.apache.org/licenses/LICENSE-2.0 File Path: /root/.m2/repository/org/conscrypt/conscrypt-openjdk-uber/2.5.2/conscrypt-openjdk-uber-2.5.2.jar
MD5: 34c8ec40831d77372b2bea95139783b0
SHA1: d858f142ea189c62771c505a6548d8606ac098fe
SHA256: eaf537d98e033d0f0451cd1b8cc74e02d7b55ec882da63c88060d806ba89c348
Referenced In Project/Scope: i2kfs:compile
conscrypt-openjdk-uber-2.5.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.grpc/grpc-alts@1.65.1
Evidence Type Source Name Value Confidence Vendor file name conscrypt-openjdk-uber High Vendor jar package name conscrypt Highest Vendor Manifest automatic-module-name org.conscrypt Medium Vendor Manifest bundle-symbolicname org.conscrypt Medium Vendor Manifest source-compatibility 1.7 Low Vendor Manifest target-compatibility 1.7 Low Vendor pom artifactid conscrypt-openjdk-uber Highest Vendor pom artifactid conscrypt-openjdk-uber Low Vendor pom developer email conscrypt@googlegroups.com Low Vendor pom developer id conscrypt Medium Vendor pom developer name Conscrypt Contributors Medium Vendor pom developer org Google, Inc. Medium Vendor pom developer org URL https://www.google.com Medium Vendor pom groupid org.conscrypt Highest Vendor pom name org.conscrypt:conscrypt-openjdk-uber High Vendor pom url https://conscrypt.org/ Highest Product file name conscrypt-openjdk-uber High Product jar package name conscrypt Highest Product Manifest automatic-module-name org.conscrypt Medium Product Manifest Bundle-Name org.conscrypt Medium Product Manifest bundle-symbolicname org.conscrypt Medium Product Manifest Implementation-Title conscrypt-openjdk-uber High Product Manifest source-compatibility 1.7 Low Product Manifest target-compatibility 1.7 Low Product pom artifactid conscrypt-openjdk-uber Highest Product pom developer email conscrypt@googlegroups.com Low Product pom developer id conscrypt Low Product pom developer name Conscrypt Contributors Low Product pom developer org Google, Inc. Low Product pom developer org URL https://www.google.com Low Product pom groupid org.conscrypt Highest Product pom name org.conscrypt:conscrypt-openjdk-uber High Product pom url https://conscrypt.org/ Medium Version file version 2.5.2 High Version Manifest Bundle-Version 2.5.2 High Version Manifest Implementation-Version 2.5.2 High Version pom version 2.5.2 Highest
pkg:maven/org.conscrypt/conscrypt-openjdk-uber@2.5.2 (Confidence :High) Description:
Java library for Content (Media) Type representation License:
The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/com/nimbusds/content-type/2.3/content-type-2.3.jar
MD5: f0fc0d6be73e838863e2197c03a27c3f
SHA1: e3aa0be212d7a42839a8f3f506f5b990bcce0222
SHA256: 60349793e006fba96b532cb0c21e10e969fe0db8d87f91c3b9eaf82ba2998895
Referenced In Project/Scope: i2kfs:compile
content-type-2.3.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.microsoft.azure/msal4j@1.22.0
Evidence Type Source Name Value Confidence Vendor file name content-type High Vendor jar package name nimbusds Highest Vendor Manifest build-date ${timestamp} Low Vendor Manifest build-jdk-spec 11 Low Vendor Manifest build-number ${buildNumber} Low Vendor Manifest build-tag 2.3 Low Vendor Manifest bundle-docurl https://connect2id.com Low Vendor Manifest bundle-symbolicname com.nimbusds.content-type Medium Vendor Manifest implementation-url https://bitbucket.org/connect2id/nimbus-content-type Low Vendor Manifest Implementation-Vendor Connect2id Ltd. High Vendor Manifest Implementation-Vendor-Id com.nimbusds Medium Vendor Manifest specification-vendor Connect2id Ltd. Low Vendor pom artifactid content-type Highest Vendor pom artifactid content-type Low Vendor pom developer email vladimir@dzhuvinov.com Low Vendor pom developer id vdzhuvinov Medium Vendor pom developer name Vladimir Dzhuvinov Medium Vendor pom groupid com.nimbusds Highest Vendor pom name Nimbus Content Type High Vendor pom organization name Connect2id Ltd. High Vendor pom organization url https://connect2id.com Medium Vendor pom url https://bitbucket.org/connect2id/nimbus-content-type Highest Product file name content-type High Product jar package name nimbusds Highest Product Manifest build-date ${timestamp} Low Product Manifest build-jdk-spec 11 Low Product Manifest build-number ${buildNumber} Low Product Manifest build-tag 2.3 Low Product Manifest bundle-docurl https://connect2id.com Low Product Manifest Bundle-Name Nimbus Content Type Medium Product Manifest bundle-symbolicname com.nimbusds.content-type Medium Product Manifest Implementation-Title Nimbus Content Type High Product Manifest implementation-url https://bitbucket.org/connect2id/nimbus-content-type Low Product Manifest specification-title Nimbus Content Type Medium Product pom artifactid content-type Highest Product pom developer email vladimir@dzhuvinov.com Low Product pom developer id vdzhuvinov Low Product pom developer name Vladimir Dzhuvinov Low Product pom groupid com.nimbusds Highest Product pom name Nimbus Content Type High Product pom organization name Connect2id Ltd. Low Product pom organization url https://connect2id.com Low Product pom url https://bitbucket.org/connect2id/nimbus-content-type Medium Version file version 2.3 High Version Manifest build-tag 2.3 Low Version Manifest Implementation-Version 2.3 High Version pom version 2.3 Highest
pkg:maven/com.nimbusds/content-type@2.3 (Confidence :High) Description:
Facilities for async programming and communication in Clojure File Path: /root/.m2/repository/org/clojure/core.async/1.6.681/core.async-1.6.681.jarMD5: cd4c21ae75387435e5497ab10282afc3SHA1: 99ae66f06f681ab8af0e0ebd01355e5e635ce53cSHA256: 2e9160118c381d418ab1c4d330b6323ff76b7947e6e2d9b1cd1be950fd269d9fReferenced In Project/Scope: i2kfs:compilecore.async-1.6.681.jar is in the transitive dependency tree of the listed items. Included by:
Evidence Type Source Name Value Confidence Vendor file name core.async High Vendor pom artifactid core.async Highest Vendor pom artifactid core.async Low Vendor pom developer id richhickey Medium Vendor pom developer name Rich Hickey Medium Vendor pom groupid org.clojure Highest Vendor pom name core.async High Vendor pom parent-artifactid pom.contrib Low Vendor pom url clojure/core.async Highest Product file name core.async High Product pom artifactid core.async Highest Product pom developer id richhickey Low Product pom developer name Rich Hickey Low Product pom groupid org.clojure Highest Product pom name core.async High Product pom parent-artifactid pom.contrib Medium Product pom url clojure/core.async High Version file version 1.6.681 High Version pom parent-version 1.6.681 Low Version pom version 1.6.681 Highest
pkg:maven/org.clojure/core.async@1.6.681 (Confidence :High) Description:
Cache library for Clojure. License:
Eclipse Public License 1.0: https://opensource.org/license/epl-1-0/ File Path: /root/.m2/repository/org/clojure/core.cache/1.1.234/core.cache-1.1.234.jar
MD5: c74f1627e4c7bc82173ee885049ca95b
SHA1: 4efde969ef1c0659f7b0e6e28c85263d9af01299
SHA256: ba9071044edb7b009288b2c5f800a7dcd918b0f1725c5ba800469238df972f63
Referenced In Project/Scope: i2kfs:compile
core.cache-1.1.234.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/i2kconnect/i2kfs@1.5.0-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name core.cache High Vendor pom artifactid core.cache Highest Vendor pom artifactid core.cache Low Vendor pom developer id fogus Medium Vendor pom developer name Michael Fogus Medium Vendor pom groupid org.clojure Highest Vendor pom name core.cache High Vendor pom parent-artifactid pom.contrib Low Product file name core.cache High Product pom artifactid core.cache Highest Product pom developer id fogus Low Product pom developer name Michael Fogus Low Product pom groupid org.clojure Highest Product pom name core.cache High Product pom parent-artifactid pom.contrib Medium Version file version 1.1.234 High Version pom parent-version 1.1.234 Low Version pom version 1.1.234 Highest
pkg:maven/org.clojure/core.cache@1.1.234 (Confidence :High) File Path: /root/.m2/repository/org/clojure/core.incubator/0.1.4/core.incubator-0.1.4.jarMD5: def387a700db848460583ee891965b0eSHA1: 581cf888b6cae40e70aba286908917cc7a0443deSHA256: fa4bc86ddfae0e6d9b31c656b64fcc960bd937933d0011a7b820ba3b898bf863Referenced In Project/Scope: i2kfs:compilecore.incubator-0.1.4.jar is in the transitive dependency tree of the listed items. Included by:
Evidence Type Source Name Value Confidence Vendor file name core.incubator High Vendor pom artifactid core.incubator Highest Vendor pom artifactid core.incubator Low Vendor pom groupid org.clojure Highest Vendor pom name ${artifactId} High Vendor pom name core.incubator High Vendor pom parent-artifactid pom.contrib Low Product file name core.incubator High Product pom artifactid core.incubator Highest Product pom groupid org.clojure Highest Product pom name ${artifactId} High Product pom name core.incubator High Product pom parent-artifactid pom.contrib Medium Version file version 0.1.4 High Version pom parent-version 0.1.4 Low Version pom version 0.1.4 Highest
pkg:maven/org.clojure/core.incubator@0.1.4 (Confidence :High) Description:
A memoization library for Clojure License:
Eclipse Public License 1.0: http://opensource.org/licenses/eclipse-1.0.php File Path: /root/.m2/repository/org/clojure/core.memoize/1.0.236/core.memoize-1.0.236.jar
MD5: 338770ce969d097543d4b0db656d529d
SHA1: 56b14b1dfe3fe4ac638c191131124231f4417236
SHA256: 849cf738ff59ed74dcc6cc41c43b220ff4e4d35e06808b6bc1b17b9018265441
Referenced In Project/Scope: i2kfs:compile
core.memoize-1.0.236.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/i2kconnect/i2kconfig@0.14.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name core.memoize High Vendor pom artifactid core.memoize Highest Vendor pom artifactid core.memoize Low Vendor pom developer id fogus Medium Vendor pom developer name Fogus Medium Vendor pom groupid org.clojure Highest Vendor pom name core.memoize High Vendor pom parent-artifactid pom.contrib Low Product file name core.memoize High Product pom artifactid core.memoize Highest Product pom developer id fogus Low Product pom developer name Fogus Low Product pom groupid org.clojure Highest Product pom name core.memoize High Product pom parent-artifactid pom.contrib Medium Version file version 1.0.236 High Version pom parent-version 1.0.236 Low Version pom version 1.0.236 Highest
pkg:maven/org.clojure/core.memoize@1.0.236 (Confidence :High) Description:
Specs for clojure.core License:
Eclipse Public License 1.0: http://opensource.org/licenses/eclipse-1.0.php File Path: /root/.m2/repository/org/clojure/core.specs.alpha/0.2.62/core.specs.alpha-0.2.62.jar
MD5: b1e37e6e8efdade6b7c2a4dd17c0d437
SHA1: a2a7ea21a695561924bc8506f3feb5d8c8f894d5
SHA256: 06eea8c070bbe45c158567e443439681bc8c46e9123414f81bfa32ba42d6cbc8
Referenced In Project/Scope: i2kfs:compile
core.specs.alpha-0.2.62.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.clojure/clojure@1.11.4
Evidence Type Source Name Value Confidence Vendor file name core.specs.alpha High Vendor pom artifactid core.specs.alpha Highest Vendor pom artifactid core.specs.alpha Low Vendor pom developer id puredanger Medium Vendor pom developer name Alex Miller Medium Vendor pom groupid org.clojure Highest Vendor pom name core.specs.alpha High Vendor pom parent-artifactid pom.contrib Low Product file name core.specs.alpha High Product pom artifactid core.specs.alpha Highest Product pom developer id puredanger Low Product pom developer name Alex Miller Low Product pom groupid org.clojure Highest Product pom name core.specs.alpha High Product pom parent-artifactid pom.contrib Medium Version file version 0.2.62 High Version pom parent-version 0.2.62 Low Version pom version 0.2.62 Highest
pkg:maven/org.clojure/core.specs.alpha@0.2.62 (Confidence :High) cpe:2.3:a:alex_project:alex:0.2.62:*:*:*:*:*:*:* (Confidence :Low) suppress Description:
The AWS SDK for Java - AWS CRT Core holds common types that are built on the AWS Common Runtime
File Path: /root/.m2/repository/software/amazon/awssdk/crt-core/2.20.150/crt-core-2.20.150.jarMD5: 4d4ac4c42b79eab92afbc9c1c0ab6da2SHA1: 6592b4581ab55fef6a9fb7719f8c6bbaff6f2814SHA256: 1147a073b319f95ceb01f88caba877d2f45ce7cb616228dac8286774f510c8e5Referenced In Project/Scope: i2kfs:runtimecrt-core-2.20.150.jar is in the transitive dependency tree of the listed items. Included by:
Evidence Type Source Name Value Confidence Vendor file name crt-core High Vendor jar package name amazon Highest Vendor jar package name awssdk Highest Vendor jar package name crtcore Highest Vendor jar package name software Highest Vendor Manifest automatic-module-name software.amazon.awssdk.crtcore Medium Vendor Manifest build-jdk-spec 1.8 Low Vendor pom artifactid crt-core Highest Vendor pom artifactid crt-core Low Vendor pom groupid software.amazon.awssdk Highest Vendor pom name AWS Java SDK :: AWS CRT Core High Vendor pom parent-artifactid core Low Vendor pom url https://aws.amazon.com/sdkforjava Highest Product file name crt-core High Product jar package name amazon Highest Product jar package name awssdk Highest Product jar package name crtcore Highest Product jar package name software Highest Product Manifest automatic-module-name software.amazon.awssdk.crtcore Medium Product Manifest build-jdk-spec 1.8 Low Product pom artifactid crt-core Highest Product pom groupid software.amazon.awssdk Highest Product pom name AWS Java SDK :: AWS CRT Core High Product pom parent-artifactid core Medium Product pom url https://aws.amazon.com/sdkforjava Medium Version file version 2.20.150 High Version pom version 2.20.150 Highest
Description:
Securely check equality of strings or byte sequences License:
Eclipse Public License: http://www.eclipse.org/legal/epl-v10.html File Path: /root/.m2/repository/crypto-equality/crypto-equality/1.0.1/crypto-equality-1.0.1.jar
MD5: b232d0b9bcbd57abca37f31fadf0df0a
SHA1: 26f76ad46f4a9881992c158118419dd9e7846b52
SHA256: ee15cc0b76dcf73f8fc86d02e9effed7160a8a6b40b2f0e9de72e3dd25ed4bdf
Referenced In Project/Scope: i2kfs:compile
crypto-equality-1.0.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/i2kconnect/i2kconfig@0.14.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name crypto-equality High Vendor Manifest leiningen-project-artifactid crypto-equality Low Vendor Manifest leiningen-project-groupid crypto-equality Low Vendor pom artifactid crypto-equality Highest Vendor pom artifactid crypto-equality Low Vendor pom groupid crypto-equality Highest Vendor pom name crypto-equality High Vendor pom url weavejester/crypto-equality Highest Product file name crypto-equality High Product Manifest leiningen-project-artifactid crypto-equality Low Product Manifest leiningen-project-groupid crypto-equality Low Product pom artifactid crypto-equality Highest Product pom groupid crypto-equality Highest Product pom name crypto-equality High Product pom url weavejester/crypto-equality High Version file version 1.0.1 High Version Manifest leiningen-project-version 1.0.1 Medium Version pom version 1.0.1 Highest
pkg:maven/crypto-equality/crypto-equality@1.0.1 (Confidence :High) Description:
Library for generating secure random bytes and strings License:
Eclipse Public License: http://www.eclipse.org/legal/epl-v10.html File Path: /root/.m2/repository/crypto-random/crypto-random/1.2.1/crypto-random-1.2.1.jar
MD5: f28560cb445dd9c9c704e5863197b54c
SHA1: ded0350f88e6f0bcca276c73f3aaadde94dc09f3
SHA256: 5c128846d7b66d53c5e9726773b872f7e02844ff651a996a5e3452a1523ae52c
Referenced In Project/Scope: i2kfs:compile
crypto-random-1.2.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/i2kconnect/i2kconfig@0.14.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name crypto-random High Vendor Manifest leiningen-project-artifactid crypto-random Low Vendor Manifest leiningen-project-groupid crypto-random Low Vendor pom artifactid crypto-random Highest Vendor pom artifactid crypto-random Low Vendor pom groupid crypto-random Highest Vendor pom name crypto-random High Vendor pom url weavejester/crypto-random Highest Product file name crypto-random High Product Manifest leiningen-project-artifactid crypto-random Low Product Manifest leiningen-project-groupid crypto-random Low Product pom artifactid crypto-random Highest Product pom groupid crypto-random Highest Product pom name crypto-random High Product pom url weavejester/crypto-random High Version file version 1.2.1 High Version Manifest leiningen-project-version 1.2.1 Medium Version pom version 1.2.1 Highest
pkg:maven/crypto-random/crypto-random@1.2.1 (Confidence :High) File Path: /root/.m2/repository/org/clojure/data.codec/0.1.0/data.codec-0.1.0.jarMD5: 7c674e32c8c5b78be43fcaead5eecb9aSHA1: 7c1eb04238edd003bd2a89906003145a003ab5c3SHA256: 683d681950403c61c236354181eba1b5c8daf6c13581ea1389934a7d5eb28e07Referenced In Project/Scope: i2kfs:compiledata.codec-0.1.0.jar is in the transitive dependency tree of the listed items. Included by:
Evidence Type Source Name Value Confidence Vendor file name data.codec High Vendor pom artifactid data.codec Highest Vendor pom artifactid data.codec Low Vendor pom developer name Alex Taggart Medium Vendor pom groupid org.clojure Highest Vendor pom name ${project.artifactId} High Vendor pom parent-artifactid pom.contrib Low Product file name data.codec High Product pom artifactid data.codec Highest Product pom developer name Alex Taggart Low Product pom groupid org.clojure Highest Product pom name ${project.artifactId} High Product pom parent-artifactid pom.contrib Medium Version file version 0.1.0 High Version pom parent-version 0.1.0 Low Version pom version 0.1.0 Highest
pkg:maven/org.clojure/data.codec@0.1.0 (Confidence :High) cpe:2.3:a:alex_project:alex:0.1.0:*:*:*:*:*:*:* (Confidence :Low) suppress File Path: /root/.m2/repository/org/clojure/data.priority-map/0.0.10/data.priority-map-0.0.10.jarMD5: b264405d9c35d55e1437cdab0cae7bc7SHA1: 011faafbab24306e718164bb24b9ffae0ac92a83SHA256: 020ec04d04cea534d2935e960f17d49108b9550fd75f9b741acc6e3c3031a5a6Referenced In Project/Scope: i2kfs:compiledata.priority-map-0.0.10.jar is in the transitive dependency tree of the listed items. Included by:
Evidence Type Source Name Value Confidence Vendor file name data.priority-map High Vendor pom artifactid data.priority-map Highest Vendor pom artifactid data.priority-map Low Vendor pom developer name Mark Engelberg Medium Vendor pom groupid org.clojure Highest Vendor pom name data.priority-map High Vendor pom parent-artifactid pom.contrib Low Product file name data.priority-map High Product pom artifactid data.priority-map Highest Product pom developer name Mark Engelberg Low Product pom groupid org.clojure Highest Product pom name data.priority-map High Product pom parent-artifactid pom.contrib Medium Version file version 0.0.10 High Version pom parent-version 0.0.10 Low Version pom version 0.0.10 Highest
pkg:maven/org.clojure/data.priority-map@0.0.10 (Confidence :High) File Path: /root/.m2/repository/org/clojure/data.zip/0.1.2/data.zip-0.1.2.jarMD5: 90d127eae3040e04859a20b725c67d18SHA1: 540bc23613072823f68fafe62a4ce8ba6cf9e3e6SHA256: 4fe01bab5643892a3c4f9ef74600ef464212fa07b6d85390aee3c4dbb0d2e7c3Referenced In Project/Scope: i2kfs:compiledata.zip-0.1.2.jar is in the transitive dependency tree of the listed items. Included by:
Evidence Type Source Name Value Confidence Vendor file name data.zip High Vendor pom artifactid data.zip Highest Vendor pom artifactid data.zip Low Vendor pom developer name Chris Houser Medium Vendor pom groupid org.clojure Highest Vendor pom name ${artifactId} High Vendor pom name data.zip High Vendor pom parent-artifactid pom.contrib Low Product file name data.zip High Product pom artifactid data.zip Highest Product pom developer name Chris Houser Low Product pom groupid org.clojure Highest Product pom name ${artifactId} High Product pom name data.zip High Product pom parent-artifactid pom.contrib Medium Version file version 0.1.2 High Version pom version 0.1.2 Highest
pkg:maven/org.clojure/data.zip@0.1.2 (Confidence :High) Description:
Support library for Google Cloud Resource Detector License:
The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/com/google/cloud/opentelemetry/detector-resources-support/0.33.0/detector-resources-support-0.33.0.jar
MD5: c86b0b8da14c6907ac363cea25f48987
SHA1: a6ba22e47f6234179803b5bab5030ebede575b6e
SHA256: 94b0def27754083ceaa67b56a4d483d294e9f17066493df3ef7e81ec5c3bb2c0
Referenced In Project/Scope: i2kfs:runtime
detector-resources-support-0.33.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.google.cloud/google-cloud-nio@0.127.33
Evidence Type Source Name Value Confidence Vendor file name detector-resources-support High Vendor jar package name cloud Highest Vendor jar package name cloud Low Vendor jar package name google Highest Vendor jar package name google Low Vendor jar package name opentelemetry Highest Vendor jar package name opentelemetry Low Vendor pom artifactid detector-resources-support Highest Vendor pom artifactid detector-resources-support Low Vendor pom developer email opentelemetry-team@google.com Low Vendor pom developer id com.google.cloud.opentelemetry Medium Vendor pom developer name OpenTelemetry Operations Contributors Medium Vendor pom developer org Google Inc Medium Vendor pom developer org URL https://cloud.google.com/products/operations Medium Vendor pom groupid com.google.cloud.opentelemetry Highest Vendor pom name OpenTelemetry Operations Java High Vendor pom url GoogleCloudPlatform/opentelemetry-operations-java Highest Product file name detector-resources-support High Product jar package name cloud Highest Product jar package name cloud Low Product jar package name detection Low Product jar package name google Highest Product jar package name opentelemetry Highest Product jar package name opentelemetry Low Product pom artifactid detector-resources-support Highest Product pom developer email opentelemetry-team@google.com Low Product pom developer id com.google.cloud.opentelemetry Low Product pom developer name OpenTelemetry Operations Contributors Low Product pom developer org Google Inc Low Product pom developer org URL https://cloud.google.com/products/operations Low Product pom groupid com.google.cloud.opentelemetry Highest Product pom name OpenTelemetry Operations Java High Product pom url GoogleCloudPlatform/opentelemetry-operations-java High Version file version 0.33.0 High Version pom version 0.33.0 Highest
pkg:maven/com.google.cloud.opentelemetry/detector-resources-support@0.33.0 (Confidence :High) Description:
Core utils library for Clojure/Script License:
Eclipse Public License - v 1.0: https://www.eclipse.org/legal/epl-v10.html File Path: /root/.m2/repository/com/taoensso/encore/3.159.0/encore-3.159.0.jar
MD5: 5f49e91108bcb8c566238a4b06474891
SHA1: aeec0977f31edfd5b3bac9653c5c29246cf0f094
SHA256: 65929d5f5986355a44d3d89df1944f818865822284ff897870e72fbc573287bc
Referenced In Project/Scope: i2kfs:compile
encore-3.159.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.taoensso/timbre@6.7.1
Evidence Type Source Name Value Confidence Vendor file name encore High Vendor jar package name encore Highest Vendor jar package name taoensso Highest Vendor Manifest leiningen-project-artifactid encore Low Vendor pom artifactid encore Highest Vendor pom artifactid encore Low Vendor pom groupid com.taoensso Highest Vendor pom name encore High Vendor pom url https://www.taoensso.com/encore Highest Product file name encore High Product jar package name encore Highest Product jar package name taoensso Highest Product Manifest leiningen-project-artifactid encore Low Product pom artifactid encore Highest Product pom groupid com.taoensso Highest Product pom name encore High Product pom url https://www.taoensso.com/encore Medium Version file version 3.159.0 High Version Manifest leiningen-project-version 3.159.0 Medium Version pom version 3.159.0 Highest
pkg:maven/com.taoensso/encore@3.159.0 (Confidence :High) File Path: /root/.m2/repository/software/amazon/awssdk/endpoints-spi/2.20.150/endpoints-spi-2.20.150.jarMD5: 3d6a0133bb5767136e81c69ae171e589SHA1: cd154e36e6cdbf9a29de9286356d6256cfe8f911SHA256: c1fcef5f8eb3f4d4107cb702009161051067ecc52045fb4d26b11c373d6de71dReferenced In Project/Scope: i2kfs:compileendpoints-spi-2.20.150.jar is in the transitive dependency tree of the listed items. Included by:
Evidence Type Source Name Value Confidence Vendor file name endpoints-spi High Vendor jar package name amazon Highest Vendor jar package name awssdk Highest Vendor jar package name endpoints Highest Vendor jar package name software Highest Vendor Manifest automatic-module-name software.amazon.awssdk.endpoints Medium Vendor Manifest build-jdk-spec 1.8 Low Vendor pom artifactid endpoints-spi Highest Vendor pom artifactid endpoints-spi Low Vendor pom groupid software.amazon.awssdk Highest Vendor pom name AWS Java SDK :: Endpoints SPI High Vendor pom parent-artifactid core Low Product file name endpoints-spi High Product jar package name amazon Highest Product jar package name awssdk Highest Product jar package name endpoints Highest Product jar package name software Highest Product Manifest automatic-module-name software.amazon.awssdk.endpoints Medium Product Manifest build-jdk-spec 1.8 Low Product pom artifactid endpoints-spi Highest Product pom groupid software.amazon.awssdk Highest Product pom name AWS Java SDK :: Endpoints SPI High Product pom parent-artifactid core Medium Version file version 2.20.150 High Version pom version 2.20.150 Highest
Description:
Library for accessing environment variables License:
Eclipse Public License: http://www.eclipse.org/legal/epl-v10.html File Path: /root/.m2/repository/environ/environ/1.1.0/environ-1.1.0.jar
MD5: 85bd15e109079836fc6aa0b0decffa6b
SHA1: d62d1abbeba0196738d0fceee236ca620580d5e6
SHA256: ff16c2ab68e30fd764ca115acb751579f2910ef5237df87bbf9272fd97a64db9
Referenced In Project/Scope: i2kfs:compile
environ-1.1.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/i2kconnect/i2kconfig@0.14.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name environ High Vendor pom artifactid environ Highest Vendor pom artifactid environ Low Vendor pom groupid environ Highest Vendor pom name environ High Vendor pom url weavejester/environ Highest Product file name environ High Product pom artifactid environ Highest Product pom groupid environ Highest Product pom name environ High Product pom url weavejester/environ High Version file version 1.1.0 High Version pom version 1.1.0 Highest
pkg:maven/environ/environ@1.1.0 (Confidence :High) Description:
Error Prone is a static analysis tool for Java that catches common programming mistakes at compile-time. License:
Apache 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/com/google/errorprone/error_prone_annotations/2.26.1/error_prone_annotations-2.26.1.jar
MD5: 64c623e550068e3b2708e5d901865c56
SHA1: c1fde57694bdc14e8618899aaa6e857d9465d7de
SHA256: de25f2d9a2156529bd765f51d8efdfc0dfa7301e04efb9cc75b7f10cf5d0e0fb
Referenced In Project/Scope: i2kfs:compile
error_prone_annotations-2.26.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.google.guava/guava@33.2.1-jre
Evidence Type Source Name Value Confidence Vendor file name error_prone_annotations High Vendor jar package name annotations Highest Vendor jar package name errorprone Highest Vendor jar package name google Highest Vendor Manifest build-jdk-spec 17 Low Vendor Manifest bundle-docurl https://errorprone.info/error_prone_annotations Low Vendor Manifest bundle-symbolicname com.google.errorprone.annotations Medium Vendor Manifest multi-release true Low Vendor pom artifactid error_prone_annotations Highest Vendor pom artifactid error_prone_annotations Low Vendor pom groupid com.google.errorprone Highest Vendor pom name error-prone annotations High Vendor pom parent-artifactid error_prone_parent Low Product file name error_prone_annotations High Product jar package name annotations Highest Product jar package name errorprone Highest Product jar package name google Highest Product Manifest build-jdk-spec 17 Low Product Manifest bundle-docurl https://errorprone.info/error_prone_annotations Low Product Manifest Bundle-Name error-prone annotations Medium Product Manifest bundle-symbolicname com.google.errorprone.annotations Medium Product Manifest multi-release true Low Product pom artifactid error_prone_annotations Highest Product pom groupid com.google.errorprone Highest Product pom name error-prone annotations High Product pom parent-artifactid error_prone_parent Medium Version file version 2.26.1 High Version Manifest Bundle-Version 2.26.1 High Version pom version 2.26.1 Highest
pkg:maven/com.google.errorprone/error_prone_annotations@2.26.1 (Confidence :High) Description:
The AWS Event Stream decoder library. License:
Apache License, Version 2.0: https://aws.amazon.com/apache2.0 File Path: /root/.m2/repository/software/amazon/eventstream/eventstream/1.0.1/eventstream-1.0.1.jar
MD5: 864488626f50477cfd786d1c80e3b39e
SHA1: 6ff8649dffc5190366ada897ba8525a836297784
SHA256: 0c37d8e696117f02c302191b8110b0d0eb20fa412fce34c3a269ec73c16ce822
Referenced In Project/Scope: i2kfs:compile
eventstream-1.0.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/software.amazon.awssdk/auth@2.20.103
Evidence Type Source Name Value Confidence Vendor file name eventstream High Vendor jar package name amazon Highest Vendor jar package name eventstream Highest Vendor jar package name software Highest Vendor Manifest automatic-module-name software.amazon.eventstream Medium Vendor pom artifactid eventstream Highest Vendor pom artifactid eventstream Low Vendor pom developer id amazonwebservices Medium Vendor pom developer org Amazon Web Services Medium Vendor pom developer org URL https://aws.amazon.com Medium Vendor pom groupid software.amazon.eventstream Highest Vendor pom name AWS Event Stream High Vendor pom url awslabs/aws-eventstream-java Highest Product file name eventstream High Product jar package name amazon Highest Product jar package name eventstream Highest Product jar package name software Highest Product Manifest automatic-module-name software.amazon.eventstream Medium Product pom artifactid eventstream Highest Product pom developer id amazonwebservices Low Product pom developer org Amazon Web Services Low Product pom developer org URL https://aws.amazon.com Low Product pom groupid software.amazon.eventstream Highest Product pom name AWS Event Stream High Product pom url awslabs/aws-eventstream-java High Version file version 1.0.1 High Version pom version 1.0.1 Highest
pkg:maven/software.amazon.eventstream/eventstream@1.0.1 (Confidence :High) cpe:2.3:a:amazon:amazon_web_services:1.0.1:*:*:*:*:*:*:* (Confidence :Low) suppress Description:
testing framework File Path: /root/.m2/repository/expectations/expectations/2.0.13/expectations-2.0.13.jarMD5: 1b35b4e6c3ee907bc9b3e2086a84a205SHA1: f56ae18ec4da94bf2e380fa7d147d15e2d87a4a7SHA256: c57c8b61f6c91556108db2453781bb993b06aab3094422d381db3af851384ff3Referenced In Project/Scope: i2kfs:compileexpectations-2.0.13.jar is in the transitive dependency tree of the listed items. Included by:
Evidence Type Source Name Value Confidence Vendor file name expectations High Vendor jar package name expectations Highest Vendor jar package name expectations Low Vendor jar package name junit Low Vendor pom artifactid expectations Highest Vendor pom artifactid expectations Low Vendor pom groupid expectations Highest Vendor pom name expectations High Product file name expectations High Product jar package name expectations Highest Product jar package name junit Low Product pom artifactid expectations Highest Product pom groupid expectations Highest Product pom name expectations High Version file version 2.0.13 High Version pom version 2.0.13 Highest
pkg:maven/expectations/expectations@2.0.13 (Confidence :High) Description:
URI library that defines a UniformResourceIdentifier
protocol, and implements it on a custom Uri class, as well as
java.net.URI, java.net.URL, and java.lang.String. File Path: /root/.m2/repository/org/bovinegenius/exploding-fish/0.3.4/exploding-fish-0.3.4.jarMD5: b1d5fd85a4e9e99a0934fdd89ed96053SHA1: 7e1da5b9f72f92cf157d0c3595b25770acea383eSHA256: adc81d97c29b728116bb31073ef2d158f1a887d7f2c5cc2d62f2888dfe774a11Referenced In Project/Scope: i2kfs:compileexploding-fish-0.3.4.jar is in the transitive dependency tree of the listed items. Included by:
Evidence Type Source Name Value Confidence Vendor file name exploding-fish High Vendor pom artifactid exploding-fish Highest Vendor pom artifactid exploding-fish Low Vendor pom groupid org.bovinegenius Highest Vendor pom name exploding-fish High Product file name exploding-fish High Product pom artifactid exploding-fish Highest Product pom groupid org.bovinegenius Highest Product pom name exploding-fish High Version file version 0.3.4 High Version pom version 0.3.4 Highest
pkg:maven/org.bovinegenius/exploding-fish@0.3.4 (Confidence :High) Description:
Cloud Monitoring Exporter for OpenTelemetry License:
The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/com/google/cloud/opentelemetry/exporter-metrics/0.33.0/exporter-metrics-0.33.0.jar
MD5: 8e734c32c7919f9618ba979a9e30ff6c
SHA1: 6f0cd9f1481cf92e566478140aa4d26e159b5ad8
SHA256: 7a9ab87683a97357a95389ff3cec9684785648076f9b158d44da3becb93bb036
Referenced In Project/Scope: i2kfs:compile
exporter-metrics-0.33.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.google.cloud/google-cloud-nio@0.127.33
Evidence Type Source Name Value Confidence Vendor file name exporter-metrics High Vendor jar package name cloud Highest Vendor jar package name cloud Low Vendor jar package name google Highest Vendor jar package name google Low Vendor jar package name opentelemetry Highest Vendor jar package name opentelemetry Low Vendor pom artifactid exporter-metrics Highest Vendor pom artifactid exporter-metrics Low Vendor pom developer email opentelemetry-team@google.com Low Vendor pom developer id com.google.cloud.opentelemetry Medium Vendor pom developer name OpenTelemetry Operations Contributors Medium Vendor pom developer org Google Inc Medium Vendor pom developer org URL https://cloud.google.com/products/operations Medium Vendor pom groupid com.google.cloud.opentelemetry Highest Vendor pom name OpenTelemetry Operations Java High Vendor pom url GoogleCloudPlatform/opentelemetry-operations-java Highest Product file name exporter-metrics High Product jar package name cloud Highest Product jar package name cloud Low Product jar package name google Highest Product jar package name metric Low Product jar package name opentelemetry Highest Product jar package name opentelemetry Low Product pom artifactid exporter-metrics Highest Product pom developer email opentelemetry-team@google.com Low Product pom developer id com.google.cloud.opentelemetry Low Product pom developer name OpenTelemetry Operations Contributors Low Product pom developer org Google Inc Low Product pom developer org URL https://cloud.google.com/products/operations Low Product pom groupid com.google.cloud.opentelemetry Highest Product pom name OpenTelemetry Operations Java High Product pom url GoogleCloudPlatform/opentelemetry-operations-java High Version file version 0.33.0 High Version pom version 0.33.0 Highest
pkg:maven/com.google.cloud.opentelemetry/exporter-metrics@0.33.0 (Confidence :High) Description:
Contains
com.google.common.util.concurrent.internal.InternalFutureFailureAccess and
InternalFutures. Most users will never need to use this artifact. Its
classes are conceptually a part of Guava, but they're in this separate
artifact so that Android libraries can use them without pulling in all of
Guava (just as they can use ListenableFuture by depending on the
listenablefuture artifact).
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/com/google/guava/failureaccess/1.0.2/failureaccess-1.0.2.jar
MD5: 3f75955b49b6758fd6d1e1bd9bf777b3
SHA1: c4a06a64e650562f30b7bf9aaec1bfed43aca12b
SHA256: 8a8f81cf9b359e3f6dfa691a1e776985c061ef2f223c9b2c80753e1b458e8064
Referenced In Project/Scope: i2kfs:compile
failureaccess-1.0.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.google.guava/guava@33.2.1-jre
Evidence Type Source Name Value Confidence Vendor file name failureaccess High Vendor jar package name common Highest Vendor jar package name concurrent Highest Vendor jar package name google Highest Vendor jar package name util Highest Vendor Manifest automatic-module-name com.google.common.util.concurrent.internal Medium Vendor Manifest build-jdk-spec 11 Low Vendor Manifest bundle-docurl https://github.com/google/guava/ Low Vendor Manifest bundle-symbolicname com.google.guava.failureaccess Medium Vendor pom artifactid failureaccess Highest Vendor pom artifactid failureaccess Low Vendor pom groupid com.google.guava Highest Vendor pom name Guava InternalFutureFailureAccess and InternalFutures High Vendor pom parent-artifactid guava-parent Low Product file name failureaccess High Product jar package name common Highest Product jar package name concurrent Highest Product jar package name google Highest Product jar package name util Highest Product Manifest automatic-module-name com.google.common.util.concurrent.internal Medium Product Manifest build-jdk-spec 11 Low Product Manifest bundle-docurl https://github.com/google/guava/ Low Product Manifest Bundle-Name Guava InternalFutureFailureAccess and InternalFutures Medium Product Manifest bundle-symbolicname com.google.guava.failureaccess Medium Product pom artifactid failureaccess Highest Product pom groupid com.google.guava Highest Product pom name Guava InternalFutureFailureAccess and InternalFutures High Product pom parent-artifactid guava-parent Medium Version file version 1.0.2 High Version Manifest Bundle-Version 1.0.2 High Version pom parent-version 1.0.2 Low Version pom version 1.0.2 Highest
pkg:maven/com.google.guava/failureaccess@1.0.2 (Confidence :High) Description:
GRPC library for gapic-google-cloud-storage-v2 File Path: /root/.m2/repository/com/google/api/grpc/gapic-google-cloud-storage-v2/2.50.0/gapic-google-cloud-storage-v2-2.50.0.jarMD5: ad54b96facc9f3a8cd6e6811bd2d93d7SHA1: acb6581d2a02d447d53154adadbfbd06492a72b6SHA256: f8c3b6ef4bcc912078f32872931d13a345043de8283c45a552fa424a08e78b79Referenced In Project/Scope: i2kfs:compilegapic-google-cloud-storage-v2-2.50.0.jar is in the transitive dependency tree of the listed items. Included by:
Evidence Type Source Name Value Confidence Vendor file name gapic-google-cloud-storage-v2 High Vendor jar package name google Highest Vendor jar package name storage Highest Vendor jar package name v2 Highest Vendor Manifest artifactid gapic-google-cloud-storage-v2 Low Vendor Manifest build-jdk-spec 17 Low Vendor Manifest Implementation-Vendor Google LLC High Vendor Manifest specification-vendor Google LLC Low Vendor pom artifactid gapic-google-cloud-storage-v2 Highest Vendor pom artifactid gapic-google-cloud-storage-v2 Low Vendor pom groupid com.google.api.grpc Highest Vendor pom name gapic-google-cloud-storage-v2 High Vendor pom parent-artifactid google-cloud-storage-parent Low Vendor pom parent-groupid com.google.cloud Medium Product file name gapic-google-cloud-storage-v2 High Product jar package name google Highest Product jar package name storage Highest Product jar package name v2 Highest Product Manifest artifactid gapic-google-cloud-storage-v2 Low Product Manifest build-jdk-spec 17 Low Product Manifest Implementation-Title gapic-google-cloud-storage-v2 High Product Manifest specification-title gapic-google-cloud-storage-v2 Medium Product pom artifactid gapic-google-cloud-storage-v2 Highest Product pom groupid com.google.api.grpc Highest Product pom name gapic-google-cloud-storage-v2 High Product pom parent-artifactid google-cloud-storage-parent Medium Product pom parent-groupid com.google.cloud Medium Version file version 2.50.0 High Version Manifest Implementation-Version 2.50.0 High Version Manifest version 2.50.0 Medium Version pom version 2.50.0 Highest
pkg:maven/com.google.api.grpc/gapic-google-cloud-storage-v2@2.50.0 (Confidence :High) Description:
Google Api eXtensions for Java (Core) File Path: /root/.m2/repository/com/google/api/gax/2.63.1/gax-2.63.1.jarMD5: 090c7161572775d21ed2fcd307b93df9SHA1: 6c9a340608a63e24dc8acd8da84afd8ffecca4b7SHA256: 26752413f76b8391dacefff40db867c1d33d0bf63d32954de3e9bb74cdcb8568Referenced In Project/Scope: i2kfs:compilegax-2.63.1.jar is in the transitive dependency tree of the listed items. Included by:
Evidence Type Source Name Value Confidence Vendor file name gax High Vendor jar package name api Highest Vendor jar package name core Highest Vendor jar package name gax Highest Vendor jar package name google Highest Vendor Manifest artifactid gax Low Vendor Manifest build-jdk-spec 17 Low Vendor Manifest Implementation-Vendor Google LLC High Vendor Manifest specification-vendor Google LLC Low Vendor pom artifactid gax Highest Vendor pom artifactid gax Low Vendor pom groupid com.google.api Highest Vendor pom name GAX (Google Api eXtensions) for Java (Core) High Vendor pom parent-artifactid gax-parent Low Product file name gax High Product jar package name api Highest Product jar package name core Highest Product jar package name gax Highest Product jar package name google Highest Product Manifest artifactid gax Low Product Manifest build-jdk-spec 17 Low Product Manifest Implementation-Title GAX (Google Api eXtensions) for Java (Core) High Product Manifest specification-title GAX (Google Api eXtensions) for Java (Core) Medium Product pom artifactid gax Highest Product pom groupid com.google.api Highest Product pom name GAX (Google Api eXtensions) for Java (Core) High Product pom parent-artifactid gax-parent Medium Version file version 2.63.1 High Version Manifest Implementation-Version 2.63.1 High Version Manifest version 2.63.1 Medium Version pom version 2.63.1 Highest
pkg:maven/com.google.api/gax@2.63.1 (Confidence :High) Description:
Google Api eXtensions for Java (gRPC) File Path: /root/.m2/repository/com/google/api/gax-grpc/2.63.1/gax-grpc-2.63.1.jarMD5: 8a9000bd4fa96e117dba476647e3d84cSHA1: 3d20d2583fbb4ca5ca8023c614410f270a98b423SHA256: 4f85599524068dcd5431feda172916dfae622e1e605a07928533a69d912b367bReferenced In Project/Scope: i2kfs:compilegax-grpc-2.63.1.jar is in the transitive dependency tree of the listed items. Included by:
Evidence Type Source Name Value Confidence Vendor file name gax-grpc High Vendor jar package name api Highest Vendor jar package name gax Highest Vendor jar package name google Highest Vendor jar package name grpc Highest Vendor Manifest artifactid gax-grpc Low Vendor Manifest build-jdk-spec 17 Low Vendor Manifest Implementation-Vendor Google LLC High Vendor Manifest specification-vendor Google LLC Low Vendor pom artifactid gax-grpc Highest Vendor pom artifactid gax-grpc Low Vendor pom groupid com.google.api Highest Vendor pom name GAX (Google Api eXtensions) for Java (gRPC) High Vendor pom parent-artifactid gax-parent Low Product file name gax-grpc High Product jar package name api Highest Product jar package name gax Highest Product jar package name google Highest Product jar package name grpc Highest Product Manifest artifactid gax-grpc Low Product Manifest build-jdk-spec 17 Low Product Manifest Implementation-Title GAX (Google Api eXtensions) for Java (gRPC) High Product Manifest specification-title GAX (Google Api eXtensions) for Java (gRPC) Medium Product pom artifactid gax-grpc Highest Product pom groupid com.google.api Highest Product pom name GAX (Google Api eXtensions) for Java (gRPC) High Product pom parent-artifactid gax-parent Medium Version file version 2.63.1 High Version Manifest Implementation-Version 2.63.1 High Version Manifest version 2.63.1 Medium Version pom version 2.63.1 Highest
pkg:maven/com.google.api/gax-grpc@2.63.1 (Confidence :High) Description:
Google Api eXtensions for Java (HTTP JSON) File Path: /root/.m2/repository/com/google/api/gax-httpjson/2.63.1/gax-httpjson-2.63.1.jarMD5: 900a723769f8d9788ffeac79d5d5a64bSHA1: bf328f54f59e79b8e5d90901ca5298cdb0e5ffdcSHA256: 291e606f53ea021ff25b5747bc2e347b9f6e27285faa48239d6762fe2515b60dReferenced In Project/Scope: i2kfs:compilegax-httpjson-2.63.1.jar is in the transitive dependency tree of the listed items. Included by:
Evidence Type Source Name Value Confidence Vendor file name gax-httpjson High Vendor jar package name api Highest Vendor jar package name gax Highest Vendor jar package name google Highest Vendor jar package name httpjson Highest Vendor Manifest artifactid gax-httpjson Low Vendor Manifest build-jdk-spec 17 Low Vendor Manifest Implementation-Vendor Google LLC High Vendor Manifest specification-vendor Google LLC Low Vendor pom artifactid gax-httpjson Highest Vendor pom artifactid gax-httpjson Low Vendor pom groupid com.google.api Highest Vendor pom name GAX (Google Api eXtensions) for Java (HTTP JSON) High Vendor pom parent-artifactid gax-parent Low Product file name gax-httpjson High Product jar package name api Highest Product jar package name gax Highest Product jar package name google Highest Product jar package name httpjson Highest Product Manifest artifactid gax-httpjson Low Product Manifest build-jdk-spec 17 Low Product Manifest Implementation-Title GAX (Google Api eXtensions) for Java (HTTP JSON) High Product Manifest specification-title GAX (Google Api eXtensions) for Java (HTTP JSON) Medium Product pom artifactid gax-httpjson Highest Product pom groupid com.google.api Highest Product pom name GAX (Google Api eXtensions) for Java (HTTP JSON) High Product pom parent-artifactid gax-parent Medium Version file version 2.63.1 High Version Manifest Implementation-Version 2.63.1 High Version Manifest version 2.63.1 Medium Version pom version 2.63.1 Highest
pkg:maven/com.google.api/gax-httpjson@2.63.1 (Confidence :High) Description:
The Google API Client Library for Java provides functionality common to all Google APIs; for example HTTP transport, error handling, authentication, JSON parsing, media download/upload, and batching. License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/com/google/api-client/google-api-client/2.7.2/google-api-client-2.7.2.jar
MD5: 61aecfcdcacb154df31beaa7552774fe
SHA1: 495d58d6e31c2c5e24a707a50d6355ba92dd3d0c
SHA256: 63b754b7c4a92347c4992c42d295812f8d2ed6b9e8743edba4a8c98b92e9ca9b
Referenced In Project/Scope: i2kfs:compile
google-api-client-2.7.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.google.cloud/google-cloud-nio@0.127.33
Evidence Type Source Name Value Confidence Vendor file name google-api-client High Vendor jar package name api Highest Vendor jar package name client Highest Vendor jar package name google Highest Vendor jar package name googleapis Highest Vendor Manifest automatic-module-name google.api.client Medium Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://developers.google.com/api-client-library/java/ Low Vendor Manifest bundle-symbolicname com.google.api.client.googleapis Medium Vendor Manifest Implementation-Vendor Google High Vendor pom artifactid google-api-client Highest Vendor pom artifactid google-api-client Low Vendor pom groupid com.google.api-client Highest Vendor pom name Google APIs Client Library for Java High Vendor pom parent-artifactid google-api-client-parent Low Product file name google-api-client High Product jar package name api Highest Product jar package name client Highest Product jar package name google Highest Product jar package name googleapis Highest Product Manifest automatic-module-name google.api.client Medium Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://developers.google.com/api-client-library/java/ Low Product Manifest Bundle-Name Google APIs Client Library for Java Medium Product Manifest bundle-symbolicname com.google.api.client.googleapis Medium Product Manifest Implementation-Title Google APIs Client Library for Java High Product pom artifactid google-api-client Highest Product pom groupid com.google.api-client Highest Product pom name Google APIs Client Library for Java High Product pom parent-artifactid google-api-client-parent Medium Version file version 2.7.2 High Version Manifest Bundle-Version 2.7.2 High Version Manifest Implementation-Version 2.7.2 High Version pom version 2.7.2 Highest
pkg:maven/com.google.api-client/google-api-client@2.7.2 (Confidence :High) License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/com/google/apis/google-api-services-storage/v1-rev20250224-2.0.0/google-api-services-storage-v1-rev20250224-2.0.0.jar
MD5: 654ee6c1c41f361c9dd493a2b35c25d3
SHA1: b9d5cbf874ec62fe71322220437e2e405a35ab72
SHA256: c63c5e3c5544998c080424edb3aa9d2ba101774dad7c19ebb44e939e728b0b3e
Referenced In Project/Scope: i2kfs:compile
google-api-services-storage-v1-rev20250224-2.0.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.google.cloud/google-cloud-nio@0.127.33
Evidence Type Source Name Value Confidence Vendor file name google-api-services-storage-v1-rev20250224 High Vendor jar package name api Highest Vendor jar package name google Highest Vendor jar package name services Highest Vendor jar package name storage Highest Vendor Manifest automatic-module-name com.google.api.services.storage Medium Vendor Manifest build-jdk-spec 1.8 Low Vendor pom artifactid google-api-services-storage Highest Vendor pom artifactid google-api-services-storage Low Vendor pom groupid com.google.apis Highest Vendor pom name Cloud Storage JSON API v1-rev20250224-2.0.0 High Vendor pom organization name Google High Vendor pom organization url http://www.google.com/ Medium Product file name google-api-services-storage-v1-rev20250224 High Product jar package name api Highest Product jar package name google Highest Product jar package name services Highest Product jar package name storage Highest Product Manifest automatic-module-name com.google.api.services.storage Medium Product Manifest build-jdk-spec 1.8 Low Product pom artifactid google-api-services-storage Highest Product pom groupid com.google.apis Highest Product pom name Cloud Storage JSON API v1-rev20250224-2.0.0 High Product pom organization name Google Low Product pom organization url http://www.google.com/ Low Version pom version v1-rev20250224-2.0.0 Highest
pkg:maven/com.google.apis/google-api-services-storage@v1-rev20250224-2.0.0 (Confidence :High) File Path: /root/.m2/repository/com/google/auth/google-auth-library-credentials/1.22.0/google-auth-library-credentials-1.22.0.jarMD5: 60077e2f9944047aa797b9078f4c11c1SHA1: 014fe31f173c9073a3cb0cb9c7ec1d8624a8620cSHA256: 38440583cb93dda48f9359a32204208c5c207ef23d892ddd43c171db9c77b6abReferenced In Project/Scope: i2kfs:compilegoogle-auth-library-credentials-1.22.0.jar is in the transitive dependency tree of the listed items. Included by:
Evidence Type Source Name Value Confidence Vendor file name google-auth-library-credentials High Vendor jar package name auth Highest Vendor jar package name credentials Highest Vendor jar package name google Highest Vendor Manifest artifactid google-auth-library-credentials Low Vendor Manifest automatic-module-name com.google.auth Medium Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest Implementation-Vendor Google High Vendor Manifest specification-vendor Google Low Vendor pom artifactid google-auth-library-credentials Highest Vendor pom artifactid google-auth-library-credentials Low Vendor pom groupid com.google.auth Highest Vendor pom name Google Auth Library for Java - Credentials High Vendor pom parent-artifactid google-auth-library-parent Low Product file name google-auth-library-credentials High Product jar package name auth Highest Product jar package name credentials Highest Product jar package name google Highest Product Manifest artifactid google-auth-library-credentials Low Product Manifest automatic-module-name com.google.auth Medium Product Manifest build-jdk-spec 1.8 Low Product Manifest Implementation-Title Google Auth Library for Java - Credentials High Product Manifest specification-title Google Auth Library for Java - Credentials Medium Product pom artifactid google-auth-library-credentials Highest Product pom groupid com.google.auth Highest Product pom name Google Auth Library for Java - Credentials High Product pom parent-artifactid google-auth-library-parent Medium Version file version 1.22.0 High Version Manifest Implementation-Version 1.22.0 High Version Manifest version 1.22.0 Medium Version pom version 1.22.0 Highest
pkg:maven/com.google.auth/google-auth-library-credentials@1.22.0 (Confidence :High) File Path: /root/.m2/repository/com/google/auth/google-auth-library-oauth2-http/1.22.0/google-auth-library-oauth2-http-1.22.0.jarMD5: a6b95ec2085b76e10cc670ae48dad615SHA1: 87c7205e6fc550390c530ecef0d1c27bb8023efbSHA256: 579371e6d64cdc486127fb0d4c6e342221f96f47e2129db5839859ab2df92875Referenced In Project/Scope: i2kfs:compilegoogle-auth-library-oauth2-http-1.22.0.jar is in the transitive dependency tree of the listed items. Included by:
Evidence Type Source Name Value Confidence Vendor file name google-auth-library-oauth2-http High Vendor jar package name auth Highest Vendor jar package name google Highest Vendor jar package name http Highest Vendor jar package name oauth2 Highest Vendor Manifest artifactid google-auth-library-oauth2-http Low Vendor Manifest automatic-module-name com.google.auth.oauth2 Medium Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest Implementation-Vendor Google High Vendor Manifest specification-vendor Google Low Vendor pom artifactid google-auth-library-oauth2-http Highest Vendor pom artifactid google-auth-library-oauth2-http Low Vendor pom groupid com.google.auth Highest Vendor pom name Google Auth Library for Java - OAuth2 HTTP High Vendor pom parent-artifactid google-auth-library-parent Low Product file name google-auth-library-oauth2-http High Product jar package name auth Highest Product jar package name google Highest Product jar package name http Highest Product jar package name oauth2 Highest Product Manifest artifactid google-auth-library-oauth2-http Low Product Manifest automatic-module-name com.google.auth.oauth2 Medium Product Manifest build-jdk-spec 1.8 Low Product Manifest Implementation-Title Google Auth Library for Java - OAuth2 HTTP High Product Manifest specification-title Google Auth Library for Java - OAuth2 HTTP Medium Product pom artifactid google-auth-library-oauth2-http Highest Product pom groupid com.google.auth Highest Product pom name Google Auth Library for Java - OAuth2 HTTP High Product pom parent-artifactid google-auth-library-parent Medium Version file version 1.22.0 High Version Manifest Implementation-Version 1.22.0 High Version Manifest version 1.22.0 Medium Version pom version 1.22.0 Highest
pkg:maven/com.google.auth/google-auth-library-oauth2-http@1.22.0 (Confidence :High) Description:
Core module for the google-cloud.
File Path: /root/.m2/repository/com/google/cloud/google-cloud-core/2.53.1/google-cloud-core-2.53.1.jarMD5: de65c609e7e5c3d99d5b578b4100a8b6SHA1: 0a5ae947a3f0be54c1f7f99495c2aa858f034a20SHA256: 58e008f119a7aaf68d2d13f530e997db6797b7aaa70e08c563421627bed382b0Referenced In Project/Scope: i2kfs:compilegoogle-cloud-core-2.53.1.jar is in the transitive dependency tree of the listed items. Included by:
Evidence Type Source Name Value Confidence Vendor file name google-cloud-core High Vendor jar package name cloud Highest Vendor jar package name google Highest Vendor Manifest artifactid google-cloud-core Low Vendor Manifest build-jdk-spec 17 Low Vendor Manifest Implementation-Vendor Google LLC High Vendor Manifest specification-vendor Google LLC Low Vendor pom artifactid google-cloud-core Highest Vendor pom artifactid google-cloud-core Low Vendor pom groupid com.google.cloud Highest Vendor pom name Google Cloud Core High Vendor pom parent-artifactid google-cloud-core-parent Low Product file name google-cloud-core High Product jar package name cloud Highest Product jar package name google Highest Product Manifest artifactid google-cloud-core Low Product Manifest build-jdk-spec 17 Low Product Manifest Implementation-Title Google Cloud Core High Product Manifest specification-title Google Cloud Core Medium Product pom artifactid google-cloud-core Highest Product pom groupid com.google.cloud Highest Product pom name Google Cloud Core High Product pom parent-artifactid google-cloud-core-parent Medium Version file version 2.53.1 High Version Manifest Implementation-Version 2.53.1 High Version Manifest version 2.53.1 Medium Version pom version 2.53.1 Highest
pkg:maven/com.google.cloud/google-cloud-core@2.53.1 (Confidence :High) Description:
Core gRPC module for the google-cloud.
File Path: /root/.m2/repository/com/google/cloud/google-cloud-core-grpc/2.53.1/google-cloud-core-grpc-2.53.1.jarMD5: 08b87a8fed79dac48c47aa0b16330c5bSHA1: 500631dcfc781ec58434331d199fbff6de84e4feSHA256: 3f3a1d5417693b6082ce48e144af42606972c1b5e1488a91a159cb21c5fe46b8Referenced In Project/Scope: i2kfs:compilegoogle-cloud-core-grpc-2.53.1.jar is in the transitive dependency tree of the listed items. Included by:
Evidence Type Source Name Value Confidence Vendor file name google-cloud-core-grpc High Vendor jar package name cloud Highest Vendor jar package name google Highest Vendor jar package name grpc Highest Vendor Manifest artifactid google-cloud-core-grpc Low Vendor Manifest build-jdk-spec 17 Low Vendor Manifest Implementation-Vendor Google LLC High Vendor Manifest specification-vendor Google LLC Low Vendor pom artifactid google-cloud-core-grpc Highest Vendor pom artifactid google-cloud-core-grpc Low Vendor pom groupid com.google.cloud Highest Vendor pom name Google Cloud Core gRPC High Vendor pom parent-artifactid google-cloud-core-parent Low Product file name google-cloud-core-grpc High Product jar package name cloud Highest Product jar package name google Highest Product jar package name grpc Highest Product Manifest artifactid google-cloud-core-grpc Low Product Manifest build-jdk-spec 17 Low Product Manifest Implementation-Title Google Cloud Core gRPC High Product Manifest specification-title Google Cloud Core gRPC Medium Product pom artifactid google-cloud-core-grpc Highest Product pom groupid com.google.cloud Highest Product pom name Google Cloud Core gRPC High Product pom parent-artifactid google-cloud-core-parent Medium Version file version 2.53.1 High Version Manifest Implementation-Version 2.53.1 High Version Manifest version 2.53.1 Medium Version pom version 2.53.1 Highest
pkg:maven/com.google.cloud/google-cloud-core-grpc@2.53.1 (Confidence :High) Description:
Core http module for the google-cloud.
File Path: /root/.m2/repository/com/google/cloud/google-cloud-core-http/2.53.1/google-cloud-core-http-2.53.1.jarMD5: b08765b0932208c3761345124c4e48d1SHA1: 7704de1d390d2101a8547855ed755bbb2e2895c7SHA256: c9ec3820b8f17ca5005e608b9f002c049467ccc888c86a54f44ddf1eb5ae9506Referenced In Project/Scope: i2kfs:compilegoogle-cloud-core-http-2.53.1.jar is in the transitive dependency tree of the listed items. Included by:
Evidence Type Source Name Value Confidence Vendor file name google-cloud-core-http High Vendor jar package name cloud Highest Vendor jar package name google Highest Vendor jar package name http Highest Vendor Manifest artifactid google-cloud-core-http Low Vendor Manifest build-jdk-spec 17 Low Vendor Manifest Implementation-Vendor Google LLC High Vendor Manifest specification-vendor Google LLC Low Vendor pom artifactid google-cloud-core-http Highest Vendor pom artifactid google-cloud-core-http Low Vendor pom groupid com.google.cloud Highest Vendor pom name Google Cloud Core HTTP High Vendor pom parent-artifactid google-cloud-core-parent Low Product file name google-cloud-core-http High Product jar package name cloud Highest Product jar package name google Highest Product jar package name http Highest Product Manifest artifactid google-cloud-core-http Low Product Manifest build-jdk-spec 17 Low Product Manifest Implementation-Title Google Cloud Core HTTP High Product Manifest specification-title Google Cloud Core HTTP Medium Product pom artifactid google-cloud-core-http Highest Product pom groupid com.google.cloud Highest Product pom name Google Cloud Core HTTP High Product pom parent-artifactid google-cloud-core-parent Medium Version file version 2.53.1 High Version Manifest Implementation-Version 2.53.1 High Version Manifest version 2.53.1 Medium Version pom version 2.53.1 Highest
pkg:maven/com.google.cloud/google-cloud-core-http@2.53.1 (Confidence :High) Description:
Java idiomatic client for Stackdriver Monitoring License:
Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/com/google/cloud/google-cloud-monitoring/3.52.0/google-cloud-monitoring-3.52.0.jar
MD5: dfa4ade205ccba4ab1934af5154e5562
SHA1: 86d0cdb998c0313ce70ef3c38636d87c56fc4396
SHA256: 9727aa7d94d8dd036bffccf9abc5d18970b1e5e9827896f9907f7450ed10f5e6
Referenced In Project/Scope: i2kfs:compile
google-cloud-monitoring-3.52.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.google.cloud/google-cloud-nio@0.127.33
Evidence Type Source Name Value Confidence Vendor file name google-cloud-monitoring High Vendor jar package name cloud Highest Vendor jar package name google Highest Vendor jar package name monitoring Highest Vendor Manifest artifactid google-cloud-monitoring Low Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest Implementation-Vendor Google LLC High Vendor Manifest specification-vendor Google LLC Low Vendor pom artifactid google-cloud-monitoring Highest Vendor pom artifactid google-cloud-monitoring Low Vendor pom developer email suztomo@google.com Low Vendor pom developer id suztomo Medium Vendor pom developer name Tomo Suzuki Medium Vendor pom developer org Google Medium Vendor pom groupid com.google.cloud Highest Vendor pom name Google Cloud Monitoring High Vendor pom organization name Google LLC High Vendor pom url googleapis/google-cloud-java Highest Product file name google-cloud-monitoring High Product jar package name cloud Highest Product jar package name google Highest Product jar package name monitoring Highest Product Manifest artifactid google-cloud-monitoring Low Product Manifest build-jdk-spec 1.8 Low Product Manifest Implementation-Title Google Cloud Monitoring High Product Manifest specification-title Google Cloud Monitoring Medium Product pom artifactid google-cloud-monitoring Highest Product pom developer email suztomo@google.com Low Product pom developer id suztomo Low Product pom developer name Tomo Suzuki Low Product pom developer org Google Low Product pom groupid com.google.cloud Highest Product pom name Google Cloud Monitoring High Product pom organization name Google LLC Low Product pom url googleapis/google-cloud-java High Version file version 3.52.0 High Version Manifest Implementation-Version 3.52.0 High Version Manifest version 3.52.0 Medium Version pom version 3.52.0 Highest
pkg:maven/com.google.cloud/google-cloud-monitoring@3.52.0 (Confidence :High) Description:
FileSystemProvider for Java NIO to access Google Cloud Storage transparently.
File Path: /root/.m2/repository/com/google/cloud/google-cloud-nio/0.127.33/google-cloud-nio-0.127.33.jarMD5: 941ca1578c5aede9675d1556663287d3SHA1: 9584223fd55976efcbf9a7a7303265076bf4cb82SHA256: 1dd041526194bbf9b0d3396d9e984073fc00ba81fe2fef6129a69c5bf8d09602Referenced In Project/Scope: i2kfs:compilegoogle-cloud-nio-0.127.33.jar is in the transitive dependency tree of the listed items. Included by:
Evidence Type Source Name Value Confidence Vendor file name google-cloud-nio High Vendor jar package name cloud Highest Vendor jar package name google Highest Vendor jar package name storage Highest Vendor Manifest artifactid google-cloud-nio Low Vendor Manifest build-jdk-spec 17 Low Vendor Manifest Implementation-Vendor Google LLC High Vendor Manifest specification-vendor Google LLC Low Vendor pom artifactid google-cloud-nio Highest Vendor pom artifactid google-cloud-nio Low Vendor pom groupid com.google.cloud Highest Vendor pom name Google Cloud NIO High Vendor pom parent-artifactid google-cloud-nio-parent Low Vendor pom url googleapis/java-storage-nio Highest Product file name google-cloud-nio High Product jar package name cloud Highest Product jar package name google Highest Product jar package name storage Highest Product Manifest artifactid google-cloud-nio Low Product Manifest build-jdk-spec 17 Low Product Manifest Implementation-Title Google Cloud NIO High Product Manifest specification-title Google Cloud NIO Medium Product pom artifactid google-cloud-nio Highest Product pom groupid com.google.cloud Highest Product pom name Google Cloud NIO High Product pom parent-artifactid google-cloud-nio-parent Medium Product pom url googleapis/java-storage-nio High Version file version 0.127.33 High Version Manifest Implementation-Version 0.127.33 High Version Manifest version 0.127.33 Medium Version pom version 0.127.33 Highest
pkg:maven/com.google.cloud/google-cloud-nio@0.127.33 (Confidence :High) Description:
Java idiomatic client for Google Cloud Storage. License:
Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/com/google/cloud/google-cloud-storage/2.50.0/google-cloud-storage-2.50.0.jar
MD5: d04dc518b0944415333db75aa6cb85cf
SHA1: 82df5762d2400ff6f3a58f85f5ad90f90c2e4660
SHA256: 24b5289098fd7d3ffcb1f467339854855a2423d000d740dba7ba32521a533e31
Referenced In Project/Scope: i2kfs:compile
google-cloud-storage-2.50.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.google.cloud/google-cloud-nio@0.127.33
Evidence Type Source Name Value Confidence Vendor file name google-cloud-storage High Vendor jar package name cloud Highest Vendor jar package name google Highest Vendor jar package name storage Highest Vendor Manifest artifactid google-cloud-storage Low Vendor Manifest build-jdk-spec 17 Low Vendor Manifest Implementation-Vendor Google LLC High Vendor Manifest specification-vendor Google LLC Low Vendor pom artifactid google-cloud-storage Highest Vendor pom artifactid google-cloud-storage Low Vendor pom developer email chingor@google.com Low Vendor pom developer id chingor Medium Vendor pom developer name Jeff Ching Medium Vendor pom developer org Google Medium Vendor pom groupid com.google.cloud Highest Vendor pom name Google Cloud Storage High Vendor pom organization name Google LLC High Vendor pom url googleapis/java-storage Highest Product file name google-cloud-storage High Product jar package name cloud Highest Product jar package name google Highest Product jar package name storage Highest Product Manifest artifactid google-cloud-storage Low Product Manifest build-jdk-spec 17 Low Product Manifest Implementation-Title Google Cloud Storage High Product Manifest specification-title Google Cloud Storage Medium Product pom artifactid google-cloud-storage Highest Product pom developer email chingor@google.com Low Product pom developer id chingor Low Product pom developer name Jeff Ching Low Product pom developer org Google Low Product pom groupid com.google.cloud Highest Product pom name Google Cloud Storage High Product pom organization name Google LLC Low Product pom url googleapis/java-storage High Version file version 2.50.0 High Version Manifest Implementation-Version 2.50.0 High Version Manifest version 2.50.0 Medium Version pom version 2.50.0 Highest
pkg:maven/com.google.cloud/google-cloud-storage@2.50.0 (Confidence :High) Description:
Google HTTP Client Library for Java. Functionality that works on all supported Java platforms,
including Java 7 (or higher) desktop (SE) and web (EE), Android, and Google App Engine.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/com/google/http-client/google-http-client/1.46.3/google-http-client-1.46.3.jar
MD5: 4a4b2db23cfe0a077bcb62479dfe9c8b
SHA1: 486ca37492048ddd230f5fef65c9411d7b65fb67
SHA256: 2490a06e44b7f2adbcfe27e4099a576c0ee8d269437188d5391acd48c6d34310
Referenced In Project/Scope: i2kfs:compile
google-http-client-1.46.3.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.google.cloud/google-cloud-nio@0.127.33
Evidence Type Source Name Value Confidence Vendor file name google-http-client High Vendor jar package name api Highest Vendor jar package name client Highest Vendor jar package name google Highest Vendor jar package name http Highest Vendor Manifest automatic-module-name com.google.api.client Medium Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://www.google.com/ Low Vendor Manifest bundle-symbolicname com.google.http-client.google-http-client Medium Vendor Manifest Implementation-Vendor Google High Vendor pom artifactid google-http-client Highest Vendor pom artifactid google-http-client Low Vendor pom groupid com.google.http-client Highest Vendor pom name Google HTTP Client Library for Java High Vendor pom parent-artifactid google-http-client-parent Low Product file name google-http-client High Product jar package name api Highest Product jar package name client Highest Product jar package name google Highest Product jar package name http Highest Product Manifest automatic-module-name com.google.api.client Medium Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://www.google.com/ Low Product Manifest Bundle-Name Google HTTP Client Library for Java Medium Product Manifest bundle-symbolicname com.google.http-client.google-http-client Medium Product Manifest Implementation-Title Google HTTP Client Library for Java High Product pom artifactid google-http-client Highest Product pom groupid com.google.http-client Highest Product pom name Google HTTP Client Library for Java High Product pom parent-artifactid google-http-client-parent Medium Version file version 1.46.3 High Version Manifest Bundle-Version 1.46.3 High Version Manifest Implementation-Version 1.46.3 High Version pom version 1.46.3 Highest
pkg:maven/com.google.http-client/google-http-client@1.46.3 (Confidence :High) Description:
Google HTTP Client Library for Java License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/com/google/http-client/google-http-client-apache-v2/1.46.3/google-http-client-apache-v2-1.46.3.jar
MD5: 82d53821596ea0f3b55137d053a5513c
SHA1: 75999d18a007c3ef7a29637650423badc7aa3f41
SHA256: b463163a8e001194933740514233a2a002167c5eeefd70765450a5ab93bc3fb6
Referenced In Project/Scope: i2kfs:compile
google-http-client-apache-v2-1.46.3.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.google.cloud/google-cloud-nio@0.127.33
Evidence Type Source Name Value Confidence Vendor file name google-http-client-apache-v2 High Vendor jar package name api Highest Vendor jar package name client Highest Vendor jar package name google Highest Vendor jar package name http Highest Vendor Manifest automatic-module-name com.google.api.client.http.apache.v2 Medium Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://www.google.com/ Low Vendor Manifest bundle-symbolicname com.google.http-client.google-http-client-apache-v2 Medium Vendor pom artifactid google-http-client-apache-v2 Highest Vendor pom artifactid google-http-client-apache-v2 Low Vendor pom groupid com.google.http-client Highest Vendor pom name Apache HTTP transport v2 for the Google HTTP Client Library for Java. High Vendor pom parent-artifactid google-http-client-parent Low Product file name google-http-client-apache-v2 High Product jar package name api Highest Product jar package name client Highest Product jar package name google Highest Product jar package name http Highest Product Manifest automatic-module-name com.google.api.client.http.apache.v2 Medium Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://www.google.com/ Low Product Manifest Bundle-Name Apache HTTP transport v2 for the Google HTTP Client Library for Java. Medium Product Manifest bundle-symbolicname com.google.http-client.google-http-client-apache-v2 Medium Product pom artifactid google-http-client-apache-v2 Highest Product pom groupid com.google.http-client Highest Product pom name Apache HTTP transport v2 for the Google HTTP Client Library for Java. High Product pom parent-artifactid google-http-client-parent Medium Version file version 1.46.3 High Version Manifest Bundle-Version 1.46.3 High Version pom version 1.46.3 Highest
pkg:maven/com.google.http-client/google-http-client-apache-v2@1.46.3 (Confidence :High) File Path: /root/.m2/repository/com/google/http-client/google-http-client-appengine/1.46.3/google-http-client-appengine-1.46.3.jarMD5: af3a1e514710a5e4d6a32b0997915836SHA1: 92ada233b0a399eb836d0cc0490c592ce5c5f557SHA256: b0f48794b234439ad9e9b44f63874c78e8c553d03aa89f2864ca231e3c590b43Referenced In Project/Scope: i2kfs:compilegoogle-http-client-appengine-1.46.3.jar is in the transitive dependency tree of the listed items. Included by:
Evidence Type Source Name Value Confidence Vendor file name google-http-client-appengine High Vendor jar package name api Highest Vendor jar package name client Highest Vendor jar package name extensions Highest Vendor jar package name google Highest Vendor Manifest automatic-module-name com.google.api.client.extensions.appengine Medium Vendor Manifest build-jdk-spec 1.8 Low Vendor pom artifactid google-http-client-appengine Highest Vendor pom artifactid google-http-client-appengine Low Vendor pom groupid com.google.http-client Highest Vendor pom name Google App Engine extensions to the Google HTTP Client Library for Java. High Vendor pom parent-artifactid google-http-client-parent Low Product file name google-http-client-appengine High Product jar package name api Highest Product jar package name client Highest Product jar package name extensions Highest Product jar package name google Highest Product Manifest automatic-module-name com.google.api.client.extensions.appengine Medium Product Manifest build-jdk-spec 1.8 Low Product pom artifactid google-http-client-appengine Highest Product pom groupid com.google.http-client Highest Product pom name Google App Engine extensions to the Google HTTP Client Library for Java. High Product pom parent-artifactid google-http-client-parent Medium Version file version 1.46.3 High Version pom version 1.46.3 Highest
pkg:maven/com.google.http-client/google-http-client-appengine@1.46.3 (Confidence :High) File Path: /root/.m2/repository/com/google/http-client/google-http-client-gson/1.46.3/google-http-client-gson-1.46.3.jarMD5: c6b2babb866f84fb1cf387faaa5fcbd9SHA1: ca996d6b803d1eecb5d24f60c63687ced9b28088SHA256: 74eee65c563871659469eb85d703e5a7223427010ad545982fdc53d7db573266Referenced In Project/Scope: i2kfs:compilegoogle-http-client-gson-1.46.3.jar is in the transitive dependency tree of the listed items. Included by:
Evidence Type Source Name Value Confidence Vendor file name google-http-client-gson High Vendor jar package name api Highest Vendor jar package name client Highest Vendor jar package name google Highest Vendor jar package name json Highest Vendor Manifest automatic-module-name com.google.api.client.json.gson Medium Vendor Manifest build-jdk-spec 1.8 Low Vendor pom artifactid google-http-client-gson Highest Vendor pom artifactid google-http-client-gson Low Vendor pom groupid com.google.http-client Highest Vendor pom name GSON extensions to the Google HTTP Client Library for Java. High Vendor pom parent-artifactid google-http-client-parent Low Product file name google-http-client-gson High Product jar package name api Highest Product jar package name client Highest Product jar package name google Highest Product jar package name json Highest Product Manifest automatic-module-name com.google.api.client.json.gson Medium Product Manifest build-jdk-spec 1.8 Low Product pom artifactid google-http-client-gson Highest Product pom groupid com.google.http-client Highest Product pom name GSON extensions to the Google HTTP Client Library for Java. High Product pom parent-artifactid google-http-client-parent Medium Version file version 1.46.3 High Version pom version 1.46.3 Highest
pkg:maven/com.google.http-client/google-http-client-gson@1.46.3 (Confidence :High) File Path: /root/.m2/repository/com/google/http-client/google-http-client-jackson2/1.46.3/google-http-client-jackson2-1.46.3.jarMD5: 2aa3a6d4771e9564b2bc1d16c59db06dSHA1: eaace4e59d5055e709881042d167c227d1518445SHA256: 06368f5e3704fbe1d983736f802ed172fbc7d957a4f76b381fd0d8c8e92830e4Referenced In Project/Scope: i2kfs:compilegoogle-http-client-jackson2-1.46.3.jar is in the transitive dependency tree of the listed items. Included by:
Evidence Type Source Name Value Confidence Vendor file name google-http-client-jackson2 High Vendor jar package name api Highest Vendor jar package name client Highest Vendor jar package name google Highest Vendor jar package name json Highest Vendor Manifest automatic-module-name com.google.api.client.json.jackson2 Medium Vendor Manifest build-jdk-spec 1.8 Low Vendor pom artifactid google-http-client-jackson2 Highest Vendor pom artifactid google-http-client-jackson2 Low Vendor pom groupid com.google.http-client Highest Vendor pom name Jackson 2 extensions to the Google HTTP Client Library for Java. High Vendor pom parent-artifactid google-http-client-parent Low Product file name google-http-client-jackson2 High Product jar package name api Highest Product jar package name client Highest Product jar package name google Highest Product jar package name json Highest Product Manifest automatic-module-name com.google.api.client.json.jackson2 Medium Product Manifest build-jdk-spec 1.8 Low Product pom artifactid google-http-client-jackson2 Highest Product pom groupid com.google.http-client Highest Product pom name Jackson 2 extensions to the Google HTTP Client Library for Java. High Product pom parent-artifactid google-http-client-parent Medium Version file version 1.46.3 High Version pom version 1.46.3 Highest
pkg:maven/com.google.http-client/google-http-client-jackson2@1.46.3 (Confidence :High) Description:
Google OAuth Client Library for Java. Functionality that works on all supported Java platforms,
including Java 7 (or higher) desktop (SE) and web (EE), Android, and Google App Engine.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/com/google/oauth-client/google-oauth-client/1.37.0/google-oauth-client-1.37.0.jar
MD5: e8c25890aef2950bd390703efa55d1d4
SHA1: e96f14541c967098841fc546e746a171cba2f11a
SHA256: ea6402c6c9acfba158c64f080529e92492fa5d994cb7b1bb62e4cd9f125c04e0
Referenced In Project/Scope: i2kfs:compile
google-oauth-client-1.37.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.google.cloud/google-cloud-nio@0.127.33
Evidence Type Source Name Value Confidence Vendor file name google-oauth-client High Vendor jar package name api Highest Vendor jar package name auth Highest Vendor jar package name client Highest Vendor jar package name google Highest Vendor Manifest automatic-module-name com.google.api.client.auth Medium Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://www.google.com/ Low Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.7 Low Vendor Manifest bundle-symbolicname com.google.oauth-client Medium Vendor Manifest Implementation-Vendor Google High Vendor pom artifactid google-oauth-client Highest Vendor pom artifactid google-oauth-client Low Vendor pom groupid com.google.oauth-client Highest Vendor pom name Google OAuth Client Library for Java High Vendor pom parent-artifactid google-oauth-client-parent Low Product file name google-oauth-client High Product jar package name api Highest Product jar package name auth Highest Product jar package name client Highest Product jar package name google Highest Product Manifest automatic-module-name com.google.api.client.auth Medium Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://www.google.com/ Low Product Manifest Bundle-Name Google OAuth Client Library for Java Medium Product Manifest bundle-requiredexecutionenvironment JavaSE-1.7 Low Product Manifest bundle-symbolicname com.google.oauth-client Medium Product Manifest Implementation-Title Google OAuth Client Library for Java High Product pom artifactid google-oauth-client Highest Product pom groupid com.google.oauth-client Highest Product pom name Google OAuth Client Library for Java High Product pom parent-artifactid google-oauth-client-parent Medium Version file version 1.37.0 High Version Manifest Bundle-Version 1.37.0 High Version Manifest Implementation-Version 1.37.0 High Version pom version 1.37.0 Highest
pkg:maven/com.google.oauth-client/google-oauth-client@1.37.0 (Confidence :High) cpe:2.3:a:google:oauth_client_library_for_java:1.37.0:*:*:*:*:*:*:* (Confidence :Low) suppress Description:
gRPC: Core License:
Apache 2.0: https://opensource.org/licenses/Apache-2.0 File Path: /root/.m2/repository/io/grpc/grpc-core/1.65.1/grpc-core-1.65.1.jar
MD5: e7ee23633c0b3091cc42a1a3bd7b3c33
SHA1: 7b80ccb2678b7d3ff2ec90bbe4ffbb0ff956eb54
SHA256: 590d19ad387b5f288477fc4c5bc5be9adf4ac4eab51cb69e8b3211286127c061
Referenced In Project/Scope: i2kfs:compile
grpc-core-1.65.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/i2kconnect/i2kfs@1.5.0-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name grpc-core High Vendor jar package name grpc Highest Vendor jar package name internal Highest Vendor jar package name io Highest Vendor Manifest automatic-module-name io.grpc.internal Medium Vendor pom artifactid grpc-core Highest Vendor pom artifactid grpc-core Low Vendor pom developer email grpc-io@googlegroups.com Low Vendor pom developer id grpc.io Medium Vendor pom developer name gRPC Contributors Medium Vendor pom developer org gRPC Authors Medium Vendor pom developer org URL https://www.google.com Medium Vendor pom groupid io.grpc Highest Vendor pom name io.grpc:grpc-core High Vendor pom url grpc/grpc-java Highest Product file name grpc-core High Product jar package name grpc Highest Product jar package name internal Highest Product jar package name io Highest Product Manifest automatic-module-name io.grpc.internal Medium Product Manifest Implementation-Title jar High Product pom artifactid grpc-core Highest Product pom developer email grpc-io@googlegroups.com Low Product pom developer id grpc.io Low Product pom developer name gRPC Contributors Low Product pom developer org gRPC Authors Low Product pom developer org URL https://www.google.com Low Product pom groupid io.grpc Highest Product pom name io.grpc:grpc-core High Product pom url grpc/grpc-java High Version file version 1.65.1 High Version Manifest Implementation-Version 1.65.1 High Version pom version 1.65.1 Highest
Related Dependencies grpc-alts-1.65.1.jarFile Path: /root/.m2/repository/io/grpc/grpc-alts/1.65.1/grpc-alts-1.65.1.jar MD5: d11167bbf4d84a80288c4863bc52ae47 SHA1: 5e5f37b03451ecf79a003c21c620758005247eaf SHA256: 6c9be12ead71cb31c308453f4c3e2150ca1e38dcd9e4d2f61c6e484a9fbe6067 pkg:maven/io.grpc/grpc-alts@1.65.1 grpc-api-1.65.1.jarFile Path: /root/.m2/repository/io/grpc/grpc-api/1.65.1/grpc-api-1.65.1.jar MD5: 6284039ddd205419a594cba967637871 SHA1: 052a4193296c4471871b90dbbdaebb8e9bb87182 SHA256: 4fb6a4b2ed3744bd95c495fea42d9c6b8d4b6c26dd562376d5c62ec28d5db64f pkg:maven/io.grpc/grpc-api@1.65.1 grpc-auth-1.65.1.jarFile Path: /root/.m2/repository/io/grpc/grpc-auth/1.65.1/grpc-auth-1.65.1.jar MD5: 732c1259d082732bf5856cd21e3492db SHA1: 8824fde1fa75e8f86716e9f2f72d97cd87e0b3cd SHA256: 3522579d09378eb437f06a51e8cc82cdd6b4431f96fbff2e02615d2d1087bd92 pkg:maven/io.grpc/grpc-auth@1.65.1 grpc-context-1.65.1.jarFile Path: /root/.m2/repository/io/grpc/grpc-context/1.65.1/grpc-context-1.65.1.jar MD5: 25684b9bdc1768615654a96fd4bb1b68 SHA1: d65b37d9523f5ad0c8eda4cbf999fed4b933a594 SHA256: 1e8d6da14486585451f061a47d2e2435ec45506deb809b5029ccab9d4842c6ff pkg:maven/io.grpc/grpc-context@1.65.1 grpc-grpclb-1.65.1.jarFile Path: /root/.m2/repository/io/grpc/grpc-grpclb/1.65.1/grpc-grpclb-1.65.1.jar MD5: 8f44e8f45f4cabf9c64a005c3a0fa9ea SHA1: daa916d2d605d2bacbb1ecb047ebb12e6fd6d2f2 SHA256: 12119ec87ee25499ceef90e1a338d8cd47c3be6d2c0e3ed3ea1793ccb4cf5f4e pkg:maven/io.grpc/grpc-grpclb@1.65.1 grpc-netty-shaded-1.65.1.jarFile Path: /root/.m2/repository/io/grpc/grpc-netty-shaded/1.65.1/grpc-netty-shaded-1.65.1.jar MD5: 99db9adb158c3eb7ba26698c910a4593 SHA1: b66df7a116527604f1aa70ea588e94a762c7d531 SHA256: 8b92def82138515003218f0759babfc4d51b1bcea42dc9889f6e55ca7b2a6b63 pkg:maven/io.grpc/grpc-netty-shaded@1.65.1 grpc-stub-1.65.1.jarFile Path: /root/.m2/repository/io/grpc/grpc-stub/1.65.1/grpc-stub-1.65.1.jar MD5: 7dcc5aaac9ac8f30ef9414cc855603eb SHA1: 52f605e45be9c43079d8c8a6bc7142cab662ac62 SHA256: 2df07043e03ae03e06bca49fd9a55702adeaafb3bcec3068a8f6179efa68c9e1 pkg:maven/io.grpc/grpc-stub@1.65.1 grpc-util-1.65.1.jarFile Path: /root/.m2/repository/io/grpc/grpc-util/1.65.1/grpc-util-1.65.1.jar MD5: c02d760586706817597eea6366fafe9c SHA1: 54121cb0fd19af2f0e93321a5dc78d283ecefef8 SHA256: 7d2c4866515c6101598dd0c3d2e955707fb1126e51fd0eeb06daa98837f8dfbc pkg:maven/io.grpc/grpc-util@1.65.1 CVE-2024-11407 suppress
There exists a denial of service through Data corruption in gRPC-C++ - gRPC-C++ servers with transmit zero copy enabled through the channel arg GRPC_ARG_TCP_TX_ZEROCOPY_ENABLED can experience data corruption issues. The data sent by the application may be corrupted before transmission over the network thus leading the receiver to receive an incorrect set of bytes causing RPC requests to fail. We recommend upgrading past commit e9046b2bbebc0cb7f5dc42008f807f6c7e98e791 CWE-682 Incorrect Calculation, NVD-CWE-noinfo
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
cve-coordination@google.com - PATCH Vulnerable Software & Versions:
CVE-2024-7246 suppress
It's possible for a gRPC client communicating with a HTTP/2 proxy to poison the HPACK table between the proxy and the backend such that other clients see failed requests. It's also possible to use this vulnerability to leak other clients HTTP header keys, but not values.
This occurs because the error status for a misencoded header is not cleared between header reads, resulting in subsequent (incrementally indexed) added headers in the first request being poisoned until cleared from the HPACK table.
Please update to a fixed version of gRPC as soon as possible. This bug has been fixed in 1.58.3, 1.59.5, 1.60.2, 1.61.3, 1.62.3, 1.63.2, 1.64.3, 1.65.4. CWE-440 Expected Behavior Violation, NVD-CWE-noinfo
CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
Description:
GRPC library for grpc-google-cloud-storage-v2 File Path: /root/.m2/repository/com/google/api/grpc/grpc-google-cloud-storage-v2/2.50.0/grpc-google-cloud-storage-v2-2.50.0.jarMD5: 5fb108c76491e420469d70746f8e0cc3SHA1: 865c0bbd296a6ea2f3901493a0982891e4b1becbSHA256: 87172606916770e875fc97249976b8505c2edd134f6d4e8a8ca85a533d52ed28Referenced In Project/Scope: i2kfs:compilegrpc-google-cloud-storage-v2-2.50.0.jar is in the transitive dependency tree of the listed items. Included by:
Evidence Type Source Name Value Confidence Vendor file name grpc-google-cloud-storage-v2 High Vendor jar package name google Highest Vendor jar package name storage Highest Vendor jar package name v2 Highest Vendor Manifest artifactid grpc-google-cloud-storage-v2 Low Vendor Manifest build-jdk-spec 17 Low Vendor Manifest Implementation-Vendor Google LLC High Vendor Manifest specification-vendor Google LLC Low Vendor pom artifactid grpc-google-cloud-storage-v2 Highest Vendor pom artifactid grpc-google-cloud-storage-v2 Low Vendor pom groupid com.google.api.grpc Highest Vendor pom name grpc-google-cloud-storage-v2 High Vendor pom parent-artifactid google-cloud-storage-parent Low Vendor pom parent-groupid com.google.cloud Medium Product file name grpc-google-cloud-storage-v2 High Product jar package name google Highest Product jar package name storage Highest Product jar package name v2 Highest Product Manifest artifactid grpc-google-cloud-storage-v2 Low Product Manifest build-jdk-spec 17 Low Product Manifest Implementation-Title grpc-google-cloud-storage-v2 High Product Manifest specification-title grpc-google-cloud-storage-v2 Medium Product pom artifactid grpc-google-cloud-storage-v2 Highest Product pom groupid com.google.api.grpc Highest Product pom name grpc-google-cloud-storage-v2 High Product pom parent-artifactid google-cloud-storage-parent Medium Product pom parent-groupid com.google.cloud Medium Version file version 2.50.0 High Version Manifest Implementation-Version 2.50.0 High Version Manifest version 2.50.0 Medium Version pom version 2.50.0 Highest
pkg:maven/com.google.api.grpc/grpc-google-cloud-storage-v2@2.50.0 (Confidence :High) Description:
gRPC: OpenTelemetry License:
Apache 2.0: https://opensource.org/licenses/Apache-2.0 File Path: /root/.m2/repository/io/grpc/grpc-opentelemetry/1.70.0/grpc-opentelemetry-1.70.0.jar
MD5: 88b243103f12d411b5d5a4622fa08d5e
SHA1: b692288b050abe85373b475fc5dabb96ab6adb2c
SHA256: 7e8bf922182dc258b15987c360be2de1657d21132c22b76e8a8dbaffd659345a
Referenced In Project/Scope: i2kfs:compile
grpc-opentelemetry-1.70.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.google.cloud/google-cloud-nio@0.127.33
Evidence Type Source Name Value Confidence Vendor file name grpc-opentelemetry High Vendor jar package name grpc Highest Vendor jar package name io Highest Vendor jar package name opentelemetry Highest Vendor Manifest automatic-module-name io.grpc.opentelemetry Medium Vendor pom artifactid grpc-opentelemetry Highest Vendor pom artifactid grpc-opentelemetry Low Vendor pom developer email grpc-io@googlegroups.com Low Vendor pom developer id grpc.io Medium Vendor pom developer name gRPC Contributors Medium Vendor pom developer org gRPC Authors Medium Vendor pom developer org URL https://www.google.com Medium Vendor pom groupid io.grpc Highest Vendor pom name io.grpc:grpc-opentelemetry High Vendor pom url grpc/grpc-java Highest Product file name grpc-opentelemetry High Product jar package name grpc Highest Product jar package name io Highest Product jar package name opentelemetry Highest Product Manifest automatic-module-name io.grpc.opentelemetry Medium Product Manifest Implementation-Title jar High Product pom artifactid grpc-opentelemetry Highest Product pom developer email grpc-io@googlegroups.com Low Product pom developer id grpc.io Low Product pom developer name gRPC Contributors Low Product pom developer org gRPC Authors Low Product pom developer org URL https://www.google.com Low Product pom groupid io.grpc Highest Product pom name io.grpc:grpc-opentelemetry High Product pom url grpc/grpc-java High Version file version 1.70.0 High Version Manifest Implementation-Version 1.70.0 High Version pom version 1.70.0 Highest
Description:
gRPC: Protobuf License:
Apache 2.0: https://opensource.org/licenses/Apache-2.0 File Path: /root/.m2/repository/io/grpc/grpc-protobuf/1.65.1/grpc-protobuf-1.65.1.jar
MD5: 7e3dde7661cb221a815c000ea5266ef9
SHA1: 007e25214bd216bbf5c4f2092a984b6586759124
SHA256: dd5b390240b98daf040f28319711e964a810d7e7c200eb15d3525de51c927350
Referenced In Project/Scope: i2kfs:compile
grpc-protobuf-1.65.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/i2kconnect/i2kfs@1.5.0-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name grpc-protobuf High Vendor jar package name grpc Highest Vendor jar package name io Highest Vendor jar package name protobuf Highest Vendor Manifest automatic-module-name io.grpc.protobuf Medium Vendor pom artifactid grpc-protobuf Highest Vendor pom artifactid grpc-protobuf Low Vendor pom developer email grpc-io@googlegroups.com Low Vendor pom developer id grpc.io Medium Vendor pom developer name gRPC Contributors Medium Vendor pom developer org gRPC Authors Medium Vendor pom developer org URL https://www.google.com Medium Vendor pom groupid io.grpc Highest Vendor pom name io.grpc:grpc-protobuf High Vendor pom url grpc/grpc-java Highest Product file name grpc-protobuf High Product jar package name grpc Highest Product jar package name io Highest Product jar package name protobuf Highest Product Manifest automatic-module-name io.grpc.protobuf Medium Product Manifest Implementation-Title jar High Product pom artifactid grpc-protobuf Highest Product pom developer email grpc-io@googlegroups.com Low Product pom developer id grpc.io Low Product pom developer name gRPC Contributors Low Product pom developer org gRPC Authors Low Product pom developer org URL https://www.google.com Low Product pom groupid io.grpc Highest Product pom name io.grpc:grpc-protobuf High Product pom url grpc/grpc-java High Version file version 1.65.1 High Version Manifest Implementation-Version 1.65.1 High Version pom version 1.65.1 Highest
Related Dependencies grpc-protobuf-lite-1.65.1.jarFile Path: /root/.m2/repository/io/grpc/grpc-protobuf-lite/1.65.1/grpc-protobuf-lite-1.65.1.jar MD5: cbd25b07a68c3a9527d9c87f531d32b9 SHA1: f9427f4e41726d7510dc3b721cac62535eb6949c SHA256: 0debee5af442761318309bb24377c512c2228123396f9f4aafd36f1d198af4b2 pkg:maven/io.grpc/grpc-protobuf-lite@1.65.1 CVE-2024-11407 suppress
There exists a denial of service through Data corruption in gRPC-C++ - gRPC-C++ servers with transmit zero copy enabled through the channel arg GRPC_ARG_TCP_TX_ZEROCOPY_ENABLED can experience data corruption issues. The data sent by the application may be corrupted before transmission over the network thus leading the receiver to receive an incorrect set of bytes causing RPC requests to fail. We recommend upgrading past commit e9046b2bbebc0cb7f5dc42008f807f6c7e98e791 CWE-682 Incorrect Calculation, NVD-CWE-noinfo
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
cve-coordination@google.com - PATCH Vulnerable Software & Versions:
CVE-2024-7246 suppress
It's possible for a gRPC client communicating with a HTTP/2 proxy to poison the HPACK table between the proxy and the backend such that other clients see failed requests. It's also possible to use this vulnerability to leak other clients HTTP header keys, but not values.
This occurs because the error status for a misencoded header is not cleared between header reads, resulting in subsequent (incrementally indexed) added headers in the first request being poisoned until cleared from the HPACK table.
Please update to a fixed version of gRPC as soon as possible. This bug has been fixed in 1.58.3, 1.59.5, 1.60.2, 1.61.3, 1.62.3, 1.63.2, 1.64.3, 1.65.4. CWE-440 Expected Behavior Violation, NVD-CWE-noinfo
CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
Description:
gRPC: RouteLookupService Loadbalancing plugin License:
Apache 2.0: https://opensource.org/licenses/Apache-2.0 File Path: /root/.m2/repository/io/grpc/grpc-rls/1.70.0/grpc-rls-1.70.0.jar
MD5: 3f7fc1a9cc6795f882b42b57bdb099f0
SHA1: 25b806abdeddca44bde8767f3896f889024b0958
SHA256: 3f4d0d4bb59848b66422de34b6ce6a452f6526c7905b5d16ce437294c761bd6b
Referenced In Project/Scope: i2kfs:runtime
grpc-rls-1.70.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.google.cloud/google-cloud-nio@0.127.33
Evidence Type Source Name Value Confidence Vendor file name grpc-rls High Vendor jar package name grpc Highest Vendor jar package name io Highest Vendor jar package name rls Highest Vendor Manifest automatic-module-name io.grpc.rls Medium Vendor pom artifactid grpc-rls Highest Vendor pom artifactid grpc-rls Low Vendor pom developer email grpc-io@googlegroups.com Low Vendor pom developer id grpc.io Medium Vendor pom developer name gRPC Contributors Medium Vendor pom developer org gRPC Authors Medium Vendor pom developer org URL https://www.google.com Medium Vendor pom groupid io.grpc Highest Vendor pom name io.grpc:grpc-rls High Vendor pom url grpc/grpc-java Highest Product file name grpc-rls High Product jar package name grpc Highest Product jar package name io Highest Product jar package name rls Highest Product Manifest automatic-module-name io.grpc.rls Medium Product Manifest Implementation-Title jar High Product pom artifactid grpc-rls Highest Product pom developer email grpc-io@googlegroups.com Low Product pom developer id grpc.io Low Product pom developer name gRPC Contributors Low Product pom developer org gRPC Authors Low Product pom developer org URL https://www.google.com Low Product pom groupid io.grpc Highest Product pom name io.grpc:grpc-rls High Product pom url grpc/grpc-java High Version file version 1.70.0 High Version Manifest Implementation-Version 1.70.0 High Version pom version 1.70.0 Highest
Related Dependencies grpc-googleapis-1.70.0.jarFile Path: /root/.m2/repository/io/grpc/grpc-googleapis/1.70.0/grpc-googleapis-1.70.0.jar MD5: 043acf41aab6d3f0b3de4787a40c5686 SHA1: 9f1130a89891bc2158405b282a89feedd09c27bf SHA256: d4aa28e437d1a6d19dbf065093b0e34b04308962577e31ccb48f3ce7158d7b27 pkg:maven/io.grpc/grpc-googleapis@1.70.0 grpc-inprocess-1.70.0.jarFile Path: /root/.m2/repository/io/grpc/grpc-inprocess/1.70.0/grpc-inprocess-1.70.0.jar MD5: ac304e9a76b86a1a4404d6ca7a5b40de SHA1: 06df33f3da4603c6ae3cd7717cf14093b05d039b SHA256: d9410b06d39383980e1489785d9b347c868839764fb69e588327471d5b73e79f pkg:maven/io.grpc/grpc-inprocess@1.70.0 grpc-services-1.70.0.jarFile Path: /root/.m2/repository/io/grpc/grpc-services/1.70.0/grpc-services-1.70.0.jar MD5: 9c087b561daf9754a73f7cb5a9d6fdd2 SHA1: 8b5577bbae01737d51a0dfcba1da07bd4cf4ebc6 SHA256: 16207a71c2de10960fc0773136d6990609423a34ddf1babba4cf959196c96b74 pkg:maven/io.grpc/grpc-services@1.70.0 grpc-xds-1.70.0.jarFile Path: /root/.m2/repository/io/grpc/grpc-xds/1.70.0/grpc-xds-1.70.0.jar MD5: 1942ef06565bf7c972cc0eabbb250948 SHA1: e19bfdf3c327ca2d77a0b0b949ac324c425d6dca SHA256: 96faa7cf98a41e2e916a3eafad65b18089d5a0a7242d772f8d461e4a43738074 pkg:maven/io.grpc/grpc-xds@1.70.0 Description:
Gson JSON library License:
Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/com/google/code/gson/gson/2.10.1/gson-2.10.1.jar
MD5: df6097815738cb31fc56391553210843
SHA1: b3add478d4382b78ea20b1671390a858002feb6c
SHA256: 4241c14a7727c34feea6507ec801318a3d4a90f070e4525681079fb94ee4c593
Referenced In Project/Scope: i2kfs:compile
gson-2.10.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.grpc/grpc-core@1.65.1
Evidence Type Source Name Value Confidence Vendor file name gson High Vendor jar package name google Highest Vendor jar package name gson Highest Vendor Manifest build-jdk-spec 11 Low Vendor Manifest bundle-contactaddress https://github.com/google/gson Low Vendor Manifest bundle-developers google;organization=Google;organizationUrl="https://www.google.com" Low Vendor Manifest bundle-docurl https://github.com/google/gson/gson Low Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.7, JavaSE-1.8 Low Vendor Manifest bundle-symbolicname com.google.gson Medium Vendor Manifest multi-release true Low Vendor pom artifactid gson Highest Vendor pom artifactid gson Low Vendor pom groupid com.google.code.gson Highest Vendor pom name Gson High Vendor pom parent-artifactid gson-parent Low Product file name gson High Product jar package name google Highest Product jar package name gson Highest Product Manifest build-jdk-spec 11 Low Product Manifest bundle-contactaddress https://github.com/google/gson Low Product Manifest bundle-developers google;organization=Google;organizationUrl="https://www.google.com" Low Product Manifest bundle-docurl https://github.com/google/gson/gson Low Product Manifest Bundle-Name Gson Medium Product Manifest bundle-requiredexecutionenvironment JavaSE-1.7, JavaSE-1.8 Low Product Manifest bundle-symbolicname com.google.gson Medium Product Manifest multi-release true Low Product pom artifactid gson Highest Product pom groupid com.google.code.gson Highest Product pom name Gson High Product pom parent-artifactid gson-parent Medium Version file version 2.10.1 High Version Manifest Bundle-Version 2.10.1 High Version pom version 2.10.1 Highest
Description:
Guava is a suite of core and expanded libraries that include
utility classes, Google's collections, I/O classes, and
much more.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/com/google/guava/guava/33.2.1-jre/guava-33.2.1-jre.jar
MD5: 872309e5982530bdc7e68096c0d53cd2
SHA1: 818e780da2c66c63bbb6480fef1f3855eeafa3e4
SHA256: 452b2d9787b7d366fa8cf5ed9a1c40404542d05effa7a598da03bbbbb76d9f31
Referenced In Project/Scope: i2kfs:compile
guava-33.2.1-jre.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/i2kconnect/i2kfs@1.5.0-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name guava High Vendor jar package name common Highest Vendor jar package name google Highest Vendor Manifest automatic-module-name com.google.common Medium Vendor Manifest build-jdk-spec 11 Low Vendor Manifest bundle-docurl https://github.com/google/guava/ Low Vendor Manifest bundle-symbolicname com.google.guava Medium Vendor pom artifactid guava Highest Vendor pom artifactid guava Low Vendor pom groupid com.google.guava Highest Vendor pom name Guava: Google Core Libraries for Java High Vendor pom parent-artifactid guava-parent Low Vendor pom url google/guava Highest Product file name guava High Product jar package name common Highest Product jar package name google Highest Product Manifest automatic-module-name com.google.common Medium Product Manifest build-jdk-spec 11 Low Product Manifest bundle-docurl https://github.com/google/guava/ Low Product Manifest Bundle-Name Guava: Google Core Libraries for Java Medium Product Manifest bundle-symbolicname com.google.guava Medium Product pom artifactid guava Highest Product pom groupid com.google.guava Highest Product pom name Guava: Google Core Libraries for Java High Product pom parent-artifactid guava-parent Medium Product pom url google/guava High Version pom version 33.2.1-jre Highest
File Path: /root/.m2/repository/software/amazon/awssdk/http-client-spi/2.20.150/http-client-spi-2.20.150.jarMD5: e2bddc6955c097d2d66b0c4ba55b9799SHA1: ce7e80eeda6828c37d53fbcc045f31f8cc3c773cSHA256: 080e21073ecebe378284198dd7828d514adbc39832ff9f7d76a6be4835086b60Referenced In Project/Scope: i2kfs:compilehttp-client-spi-2.20.150.jar is in the transitive dependency tree of the listed items. Included by:
Evidence Type Source Name Value Confidence Vendor file name http-client-spi High Vendor jar package name amazon Highest Vendor jar package name awssdk Highest Vendor jar package name http Highest Vendor jar package name software Highest Vendor Manifest automatic-module-name software.amazon.awssdk.http Medium Vendor Manifest build-jdk-spec 1.8 Low Vendor pom artifactid http-client-spi Highest Vendor pom artifactid http-client-spi Low Vendor pom groupid software.amazon.awssdk Highest Vendor pom name AWS Java SDK :: HTTP Client Interface High Vendor pom parent-artifactid aws-sdk-java-pom Low Product file name http-client-spi High Product jar package name amazon Highest Product jar package name awssdk Highest Product jar package name http Highest Product jar package name software Highest Product Manifest automatic-module-name software.amazon.awssdk.http Medium Product Manifest build-jdk-spec 1.8 Low Product pom artifactid http-client-spi Highest Product pom groupid software.amazon.awssdk Highest Product pom name AWS Java SDK :: HTTP Client Interface High Product pom parent-artifactid aws-sdk-java-pom Medium Version file version 2.20.150 High Version pom version 2.20.150 Highest
Description:
High-performance event-driven HTTP client/server for Clojure License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.html File Path: /root/.m2/repository/http-kit/http-kit/2.4.0-alpha6/http-kit-2.4.0-alpha6.jar
MD5: e10575c1cd1b10743a64512967fff7c1
SHA1: 55b5a6a0f3daa865a82302c61603f52115838c6f
SHA256: 5f25e5aea6c3f8b70c7784b1f4af9aeef7abc6c22af99ccc519b1ceea893b883
Referenced In Project/Scope: i2kfs:compile
http-kit-2.4.0-alpha6.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/i2kconnect/i2kopenid@0.8.0-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name http-kit High Vendor jar package name client Highest Vendor jar package name server Highest Vendor Manifest leiningen-project-artifactid http-kit Low Vendor Manifest leiningen-project-groupid http-kit Low Vendor pom artifactid http-kit Highest Vendor pom artifactid http-kit Low Vendor pom groupid http-kit Highest Vendor pom name http-kit High Vendor pom url http://http-kit.org/ Highest Product file name http-kit High Product jar package name client Highest Product jar package name server Highest Product Manifest leiningen-project-artifactid http-kit Low Product Manifest leiningen-project-groupid http-kit Low Product pom artifactid http-kit Highest Product pom groupid http-kit Highest Product pom name http-kit High Product pom url http://http-kit.org/ Medium Version Manifest leiningen-project-version 2.4.0-alpha6 Medium Version pom version 2.4.0-alpha6 Highest
pkg:maven/http-kit/http-kit@2.4.0-alpha6 (Confidence :High) Description:
Apache HttpComponents AsyncClient
File Path: /root/.m2/repository/org/apache/httpcomponents/httpasyncclient/4.1.4/httpasyncclient-4.1.4.jarMD5: f29a16f1c28f5b3dd511cbd16d7fa422SHA1: f3a3240681faae3fa46b573a4c7e50cec9db0d86SHA256: 50e981a8e567a16ebdad104605b156540a863459fa127b8ba647f310dfc83ef8Referenced In Project/Scope: i2kfs:compilehttpasyncclient-4.1.4.jar is in the transitive dependency tree of the listed items. Included by:
Evidence Type Source Name Value Confidence Vendor file name httpasyncclient High Vendor jar package name apache Highest Vendor Manifest automatic-module-name org.apache.httpcomponents.httpasyncclient Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache.httpcomponents Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid httpasyncclient Highest Vendor pom artifactid httpasyncclient Low Vendor pom groupid org.apache.httpcomponents Highest Vendor pom name Apache HttpAsyncClient High Vendor pom parent-artifactid httpcomponents-asyncclient Low Vendor pom url http://hc.apache.org/httpcomponents-asyncclient Highest Product file name httpasyncclient High Product jar package name apache Highest Product Manifest automatic-module-name org.apache.httpcomponents.httpasyncclient Medium Product Manifest Implementation-Title Apache HttpAsyncClient High Product Manifest specification-title Apache HttpAsyncClient Medium Product pom artifactid httpasyncclient Highest Product pom groupid org.apache.httpcomponents Highest Product pom name Apache HttpAsyncClient High Product pom parent-artifactid httpcomponents-asyncclient Medium Product pom url http://hc.apache.org/httpcomponents-asyncclient Medium Version file version 4.1.4 High Version Manifest Implementation-Version 4.1.4 High Version pom version 4.1.4 Highest
Description:
Apache HttpComponents Client
File Path: /root/.m2/repository/org/apache/httpcomponents/httpclient/4.5.12/httpclient-4.5.12.jarMD5: 72002652711fe0fa3218d2bf20f47409SHA1: 4023a2a80b64c25926911faf350b50cd2a29220fSHA256: bc5f065aba5dd815ee559dd24d9bcb797fb102ff9cfa036f5091ebc529bd3b93Referenced In Project/Scope: i2kfs:compilehttpclient-4.5.12.jar is in the transitive dependency tree of the listed items. Included by:
Evidence Type Source Name Value Confidence Vendor file name httpclient High Vendor jar package name apache Highest Vendor jar package name client Highest Vendor jar package name httpclient Highest Vendor Manifest automatic-module-name org.apache.httpcomponents.httpclient Medium Vendor Manifest implementation-url http://hc.apache.org/httpcomponents-client Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache.httpcomponents Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid httpclient Highest Vendor pom artifactid httpclient Low Vendor pom groupid org.apache.httpcomponents Highest Vendor pom name Apache HttpClient High Vendor pom parent-artifactid httpcomponents-client Low Vendor pom url http://hc.apache.org/httpcomponents-client Highest Product file name httpclient High Product jar package name apache Highest Product jar package name client Highest Product jar package name http Highest Product jar package name httpclient Highest Product Manifest automatic-module-name org.apache.httpcomponents.httpclient Medium Product Manifest Implementation-Title Apache HttpClient High Product Manifest implementation-url http://hc.apache.org/httpcomponents-client Low Product Manifest specification-title Apache HttpClient Medium Product pom artifactid httpclient Highest Product pom groupid org.apache.httpcomponents Highest Product pom name Apache HttpClient High Product pom parent-artifactid httpcomponents-client Medium Product pom url http://hc.apache.org/httpcomponents-client Medium Version file version 4.5.12 High Version Manifest Implementation-Version 4.5.12 High Version pom version 4.5.12 Highest
CVE-2020-13956 suppress
Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution. NVD-CWE-noinfo
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A References:
af854a3a-2127-422b-91ae-364da2661108 - MAILING_LIST,VENDOR_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - PATCH,THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - PATCH,THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - PATCH,THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - PATCH,THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY security@apache.org - MAILING_LIST,VENDOR_ADVISORY security@apache.org - PATCH,THIRD_PARTY_ADVISORY security@apache.org - PATCH,THIRD_PARTY_ADVISORY security@apache.org - PATCH,THIRD_PARTY_ADVISORY security@apache.org - PATCH,THIRD_PARTY_ADVISORY security@apache.org - THIRD_PARTY_ADVISORY security@apache.org - THIRD_PARTY_ADVISORY Vulnerable Software & Versions: (show all )
Description:
Apache HttpComponents HttpClient - Cache
File Path: /root/.m2/repository/org/apache/httpcomponents/httpclient-cache/4.5.10/httpclient-cache-4.5.10.jarMD5: aecf4bf944d7c48b45969e5c42959386SHA1: b195778247a21e980cb9f80c41364dc0c38feaefSHA256: beff09f209510332d30f9444785a06755da2686d92338e37581cd62c5a2844bfReferenced In Project/Scope: i2kfs:compilehttpclient-cache-4.5.10.jar is in the transitive dependency tree of the listed items. Included by:
Evidence Type Source Name Value Confidence Vendor file name httpclient-cache High Vendor jar package name apache Highest Vendor jar package name cache Highest Vendor jar package name client Highest Vendor Manifest automatic-module-name org.apache.httpcomponents.httpclient.cache Medium Vendor Manifest implementation-url http://hc.apache.org/httpcomponents-client Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache.httpcomponents Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid httpclient-cache Highest Vendor pom artifactid httpclient-cache Low Vendor pom groupid org.apache.httpcomponents Highest Vendor pom name Apache HttpClient Cache High Vendor pom parent-artifactid httpcomponents-client Low Vendor pom url http://hc.apache.org/httpcomponents-client Highest Product file name httpclient-cache High Product jar package name apache Highest Product jar package name cache Highest Product jar package name client Highest Product jar package name http Highest Product Manifest automatic-module-name org.apache.httpcomponents.httpclient.cache Medium Product Manifest Implementation-Title Apache HttpClient Cache High Product Manifest implementation-url http://hc.apache.org/httpcomponents-client Low Product Manifest specification-title Apache HttpClient Cache Medium Product pom artifactid httpclient-cache Highest Product pom groupid org.apache.httpcomponents Highest Product pom name Apache HttpClient Cache High Product pom parent-artifactid httpcomponents-client Medium Product pom url http://hc.apache.org/httpcomponents-client Medium Version file version 4.5.10 High Version Manifest Implementation-Version 4.5.10 High Version pom version 4.5.10 Highest
CVE-2020-13956 suppress
Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution. NVD-CWE-noinfo
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A References:
af854a3a-2127-422b-91ae-364da2661108 - MAILING_LIST,VENDOR_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - PATCH,THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - PATCH,THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - PATCH,THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - PATCH,THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY security@apache.org - MAILING_LIST,VENDOR_ADVISORY security@apache.org - PATCH,THIRD_PARTY_ADVISORY security@apache.org - PATCH,THIRD_PARTY_ADVISORY security@apache.org - PATCH,THIRD_PARTY_ADVISORY security@apache.org - PATCH,THIRD_PARTY_ADVISORY security@apache.org - THIRD_PARTY_ADVISORY security@apache.org - THIRD_PARTY_ADVISORY Vulnerable Software & Versions: (show all )
Description:
Apache HttpComponents Core (blocking I/O)
File Path: /root/.m2/repository/org/apache/httpcomponents/httpcore/4.4.13/httpcore-4.4.13.jarMD5: e07a248f61c52776a2366c075dcd4963SHA1: 853b96d3afbb7bf8cc303fe27ee96836a10c1834SHA256: e06e89d40943245fcfa39ec537cdbfce3762aecde8f9c597780d2b00c2b43424Referenced In Project/Scope: i2kfs:compilehttpcore-4.4.13.jar is in the transitive dependency tree of the listed items. Included by:
Evidence Type Source Name Value Confidence Vendor file name httpcore High Vendor jar package name apache Highest Vendor Manifest automatic-module-name org.apache.httpcomponents.httpcore Medium Vendor Manifest implementation-build ${scmBranch}@r${buildNumber}; 2020-01-09 12:56:55+0000 Low Vendor Manifest implementation-url http://hc.apache.org/httpcomponents-core-ga Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor Manifest url http://hc.apache.org/httpcomponents-core-ga Low Vendor pom artifactid httpcore Highest Vendor pom artifactid httpcore Low Vendor pom groupid org.apache.httpcomponents Highest Vendor pom name Apache HttpCore High Vendor pom parent-artifactid httpcomponents-core Low Vendor pom url http://hc.apache.org/httpcomponents-core-ga Highest Product file name httpcore High Product jar package name apache Highest Product jar package name http Highest Product Manifest automatic-module-name org.apache.httpcomponents.httpcore Medium Product Manifest implementation-build ${scmBranch}@r${buildNumber}; 2020-01-09 12:56:55+0000 Low Product Manifest Implementation-Title HttpComponents Apache HttpCore High Product Manifest implementation-url http://hc.apache.org/httpcomponents-core-ga Low Product Manifest specification-title HttpComponents Apache HttpCore Medium Product Manifest url http://hc.apache.org/httpcomponents-core-ga Low Product pom artifactid httpcore Highest Product pom groupid org.apache.httpcomponents Highest Product pom name Apache HttpCore High Product pom parent-artifactid httpcomponents-core Medium Product pom url http://hc.apache.org/httpcomponents-core-ga Medium Version file version 4.4.13 High Version Manifest Implementation-Version 4.4.13 High Version pom version 4.4.13 Highest
pkg:maven/org.apache.httpcomponents/httpcore@4.4.13 (Confidence :High) Description:
Apache HttpComponents Core (non-blocking I/O)
File Path: /root/.m2/repository/org/apache/httpcomponents/httpcore-nio/4.4.10/httpcore-nio-4.4.10.jarMD5: b8ddfe970fc30e47d367b1bbded52317SHA1: 0486f90c2af9bb81c51e8fb905647267053d5441SHA256: debee7e9572c02a16ce0caa4f565a9eceb1290d33cd7a1e3297087bd467daff4Referenced In Project/Scope: i2kfs:compilehttpcore-nio-4.4.10.jar is in the transitive dependency tree of the listed items. Included by:
Evidence Type Source Name Value Confidence Vendor file name httpcore-nio High Vendor jar package name apache Highest Vendor jar package name nio Highest Vendor Manifest automatic-module-name org.apache.httpcomponents.httpcore-nio Medium Vendor Manifest implementation-url http://hc.apache.org/httpcomponents-core-ga Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache.httpcomponents Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid httpcore-nio Highest Vendor pom artifactid httpcore-nio Low Vendor pom groupid org.apache.httpcomponents Highest Vendor pom name Apache HttpCore NIO High Vendor pom parent-artifactid httpcomponents-core Low Vendor pom url http://hc.apache.org/httpcomponents-core-ga Highest Product file name httpcore-nio High Product jar package name apache Highest Product jar package name http Highest Product jar package name nio Highest Product Manifest automatic-module-name org.apache.httpcomponents.httpcore-nio Medium Product Manifest Implementation-Title Apache HttpCore NIO High Product Manifest implementation-url http://hc.apache.org/httpcomponents-core-ga Low Product Manifest specification-title Apache HttpCore NIO Medium Product pom artifactid httpcore-nio Highest Product pom groupid org.apache.httpcomponents Highest Product pom name Apache HttpCore NIO High Product pom parent-artifactid httpcomponents-core Medium Product pom url http://hc.apache.org/httpcomponents-core-ga Medium Version file version 4.4.10 High Version Manifest Implementation-Version 4.4.10 High Version pom version 4.4.10 Highest
pkg:maven/org.apache.httpcomponents/httpcore-nio@4.4.10 (Confidence :High) Description:
Apache HttpComponents HttpClient - MIME coded entities
File Path: /root/.m2/repository/org/apache/httpcomponents/httpmime/4.5.12/httpmime-4.5.12.jarMD5: f1becf6011c7af5582bcf54d1862d70fSHA1: dbc2fd394152477bb1d1774bdcdde195e8c3a4ffSHA256: 0cac77bd2f8cf326727f0516d6fcbe1aeddbab36e971a3da44ff47fa87b2eac4Referenced In Project/Scope: i2kfs:compilehttpmime-4.5.12.jar is in the transitive dependency tree of the listed items. Included by:
Evidence Type Source Name Value Confidence Vendor file name httpmime High Vendor jar package name apache Highest Vendor jar package name mime Highest Vendor Manifest automatic-module-name org.apache.httpcomponents.httpmime Medium Vendor Manifest implementation-url http://hc.apache.org/httpcomponents-client Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache.httpcomponents Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid httpmime Highest Vendor pom artifactid httpmime Low Vendor pom groupid org.apache.httpcomponents Highest Vendor pom name Apache HttpClient Mime High Vendor pom parent-artifactid httpcomponents-client Low Vendor pom url http://hc.apache.org/httpcomponents-client Highest Product file name httpmime High Product jar package name apache Highest Product jar package name http Highest Product jar package name mime Highest Product Manifest automatic-module-name org.apache.httpcomponents.httpmime Medium Product Manifest Implementation-Title Apache HttpClient Mime High Product Manifest implementation-url http://hc.apache.org/httpcomponents-client Low Product Manifest specification-title Apache HttpClient Mime Medium Product pom artifactid httpmime Highest Product pom groupid org.apache.httpcomponents Highest Product pom name Apache HttpClient Mime High Product pom parent-artifactid httpcomponents-client Medium Product pom url http://hc.apache.org/httpcomponents-client Medium Version file version 4.5.12 High Version Manifest Implementation-Version 4.5.12 High Version pom version 4.5.12 Highest
pkg:maven/org.apache.httpcomponents/httpmime@4.5.12 (Confidence :High) Description:
Utilities for configuring i2k Connect Platform applications: config files, resources, pom files, etc File Path: /root/.m2/repository/i2kconnect/i2kconfig/0.14.1-SNAPSHOT/i2kconfig-0.14.1-SNAPSHOT.jarMD5: 37793da75ae6981815c05a97e5d7f267SHA1: 6aad21eb88fe81726b1d28eac774cfad42a94626SHA256: 24e8c21b384ee12fa254545c9a0d15338aaba34b73361d293a739a944bbb623dReferenced In Project/Scope: i2kfs:compilei2kconfig-0.14.1-SNAPSHOT.jar is in the transitive dependency tree of the listed items. Included by:
Evidence Type Source Name Value Confidence Vendor file name i2kconfig High Vendor jar package name i2kconfig Highest Vendor Manifest leiningen-project-artifactid i2kconfig Low Vendor Manifest leiningen-project-groupid i2kconnect Low Vendor pom artifactid i2kconfig Highest Vendor pom artifactid i2kconfig Low Vendor pom groupid i2kconnect Highest Vendor pom name i2kconfig High Vendor pom url https://bitbucket.org/i2kconnect/i2kconfig.git Highest Product file name i2kconfig High Product jar package name i2kconfig Highest Product Manifest leiningen-project-artifactid i2kconfig Low Product Manifest leiningen-project-groupid i2kconnect Low Product pom artifactid i2kconfig Highest Product pom groupid i2kconnect Highest Product pom name i2kconfig High Product pom url https://bitbucket.org/i2kconnect/i2kconfig.git Medium Version Manifest leiningen-project-version 0.14.1-SNAPSHOT Medium Version pom version 0.14.1-SNAPSHOT Highest
pkg:maven/i2kconnect/i2kconfig@0.14.1-SNAPSHOT (Confidence :High) File Path: /root/.m2/repository/i2kconnect/i2kconfig/0.14.1-SNAPSHOT/i2kconfig-0.14.1-SNAPSHOT.jar/public/html/site/js/apache-maven-fluido-2.0.0-M9.min.jsMD5: be5ba68bba40fa71621af7a9efb84e5dSHA1: fbc6aa63310c5719c21d8633f9bfa72bdd1430fdSHA256: b966ba4111d9a237e4cf5c56203d1acc2f126199346170aef5f98310ce8d835eReferenced In Project/Scope: i2kfs:compile
Evidence Type Source Name Value Confidence Vendor file name jquery High Product file name jquery High Version file version 1.11.2 High
Related Dependencies i2kopenid-0.8.0-SNAPSHOT.jar: apache-maven-fluido-2.0.0-M9.min.jsFile Path: /root/.m2/repository/i2kconnect/i2kopenid/0.8.0-SNAPSHOT/i2kopenid-0.8.0-SNAPSHOT.jar/public/html/site/js/apache-maven-fluido-2.0.0-M9.min.js MD5: be5ba68bba40fa71621af7a9efb84e5d SHA1: fbc6aa63310c5719c21d8633f9bfa72bdd1430fd SHA256: b966ba4111d9a237e4cf5c56203d1acc2f126199346170aef5f98310ce8d835e pkg:javascript/jquery@1.11.2 pkg:javascript/jquery@1.11.2 (Confidence :Highest) CVE-2015-9251 suppress
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A References:
af854a3a-2127-422b-91ae-364da2661108 - ISSUE_TRACKING,PATCH,THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - ISSUE_TRACKING,PATCH,THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - PATCH af854a3a-2127-422b-91ae-364da2661108 - PATCH af854a3a-2127-422b-91ae-364da2661108 - PATCH af854a3a-2127-422b-91ae-364da2661108 - PATCH,THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - PATCH,THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - PATCH,THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY,US_GOVERNMENT_RESOURCE af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY,VDB_ENTRY cve@mitre.org - ISSUE_TRACKING,PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - ISSUE_TRACKING,PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH cve@mitre.org - PATCH cve@mitre.org - PATCH cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY,US_GOVERNMENT_RESOURCE cve@mitre.org - THIRD_PARTY_ADVISORY,VDB_ENTRY info - http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/ info - http://research.insecurelabs.org/jquery/test/ info - https://github.com/advisories/GHSA-rmxg-73gg-4p98 info - https://github.com/jquery/jquery/issues/2432 info - https://nvd.nist.gov/vuln/detail/CVE-2015-9251 Vulnerable Software & Versions (NVD):
cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 3.0.0 cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:business_process_management_suite:11.1.1.9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:* versions up to (excluding) 7.0.0.1 cpe:2.3:a:oracle:communications_interactive_session_recorder:6.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_interactive_session_recorder:6.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_interactive_session_recorder:6.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:* versions up to (excluding) 6.1.0.4.0 cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:* versions up to (excluding) 7.2 cpe:2.3:a:oracle:endeca_information_discovery_studio:3.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_operations_monitor:3.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_operations_monitor:4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 7.3.3; versions up to (including) 7.3.5 cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.0; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:* versions from (including) 8.0.5; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_liquidity_risk_management:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.6 cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.6 cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_cruise_fleet_management:9.0.11:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_reporting_and_analytics:9.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:oss_support_tools:19.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.1; versions up to (including) 17.12 cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:real-time_scheduler:2.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_allocation:15.0.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_invoice_matching:15.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_sales_audit:15.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_workforce_management_software:1.60.9:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_workforce_management_software:1.64.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:siebel_ui_framework:18.10:*:*:*:*:*:*:* cpe:2.3:a:oracle:siebel_ui_framework:18.11:*:*:*:*:*:*:* cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:* versions from (including) 4.3.0.1; versions up to (including) 4.3.0.4 cpe:2.3:a:oracle:utilities_mobile_workforce_management:2.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:webcenter_sites:11.1.1.8.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.3:*:*:*:*:*:*:* CVE-2019-11358 suppress
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype. CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A References:
af854a3a-2127-422b-91ae-364da2661108 - BROKEN_LINK,THIRD_PARTY_ADVISORY,VDB_ENTRY af854a3a-2127-422b-91ae-364da2661108 - EXPLOIT,THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - ISSUE_TRACKING af854a3a-2127-422b-91ae-364da2661108 - ISSUE_TRACKING af854a3a-2127-422b-91ae-364da2661108 - ISSUE_TRACKING af854a3a-2127-422b-91ae-364da2661108 - ISSUE_TRACKING af854a3a-2127-422b-91ae-364da2661108 - ISSUE_TRACKING af854a3a-2127-422b-91ae-364da2661108 - ISSUE_TRACKING af854a3a-2127-422b-91ae-364da2661108 - ISSUE_TRACKING af854a3a-2127-422b-91ae-364da2661108 - ISSUE_TRACKING af854a3a-2127-422b-91ae-364da2661108 - ISSUE_TRACKING af854a3a-2127-422b-91ae-364da2661108 - ISSUE_TRACKING af854a3a-2127-422b-91ae-364da2661108 - ISSUE_TRACKING af854a3a-2127-422b-91ae-364da2661108 - ISSUE_TRACKING af854a3a-2127-422b-91ae-364da2661108 - ISSUE_TRACKING af854a3a-2127-422b-91ae-364da2661108 - ISSUE_TRACKING af854a3a-2127-422b-91ae-364da2661108 - ISSUE_TRACKING af854a3a-2127-422b-91ae-364da2661108 - ISSUE_TRACKING af854a3a-2127-422b-91ae-364da2661108 - ISSUE_TRACKING af854a3a-2127-422b-91ae-364da2661108 - ISSUE_TRACKING af854a3a-2127-422b-91ae-364da2661108 - ISSUE_TRACKING af854a3a-2127-422b-91ae-364da2661108 - ISSUE_TRACKING,MAILING_LIST,THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - MAILING_LIST,PATCH,THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - MAILING_LIST,PATCH,THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - MAILING_LIST,PATCH,THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - MAILING_LIST,PATCH,THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - MAILING_LIST,THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - MAILING_LIST,THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - MAILING_LIST,THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - MAILING_LIST,THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - MAILING_LIST,THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - MAILING_LIST,THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - MAILING_LIST,THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - MAILING_LIST,THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - MAILING_LIST,THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - MAILING_LIST,THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - MAILING_LIST,THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - MAILING_LIST,THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - MAILING_LIST,THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - MAILING_LIST,THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - PATCH,THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - PATCH,THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - PATCH,THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - PATCH,THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - PATCH,THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - PATCH,THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - PATCH,THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - PATCH,THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - PATCH,THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - PATCH,THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - PATCH,THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - PATCH,THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - PATCH,THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - PATCH,THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - PATCH,THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - RELEASE_NOTES,VENDOR_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY,VDB_ENTRY af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY,VDB_ENTRY af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY,VDB_ENTRY cve@mitre.org - BROKEN_LINK,THIRD_PARTY_ADVISORY,VDB_ENTRY cve@mitre.org - EXPLOIT,THIRD_PARTY_ADVISORY cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING cve@mitre.org - ISSUE_TRACKING,MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - MAILING_LIST,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - PATCH,THIRD_PARTY_ADVISORY cve@mitre.org - RELEASE_NOTES,VENDOR_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY cve@mitre.org - THIRD_PARTY_ADVISORY,VDB_ENTRY cve@mitre.org - THIRD_PARTY_ADVISORY,VDB_ENTRY cve@mitre.org - THIRD_PARTY_ADVISORY,VDB_ENTRY info - https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/ info - https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b info - https://nvd.nist.gov/vuln/detail/CVE-2019-11358 Vulnerable Software & Versions (NVD):
cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.11.0; versions up to (excluding) 1.11.9 cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.12.0; versions up to (excluding) 1.12.6 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.66 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.5.0; versions up to (excluding) 8.5.15 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.6.0; versions up to (excluding) 8.6.15 cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:* versions from (including) 3.0.0; versions up to (including) 3.9.4 cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0 cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:* versions from (including) 3.0; versions up to (including) 3.1.3 cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:* cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* versions up to (excluding) 19.1 cpe:2.3:a:oracle:application_service_level_management:13.2.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_service_level_management:13.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_testing_suite:13.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_testing_suite:13.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_enterprise_collections:*:*:*:*:*:*:*:* versions from (including) 2.7.0; versions up to (including) 2.8.0 cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:* versions from (including) 2.4.0; versions up to (including) 2.10.0 cpe:2.3:a:oracle:bi_publisher:5.5.0.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:bi_publisher:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:big_data_discovery:1.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_application_session_controller:3.8m0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:* versions from (including) 16.1.0; versions up to (including) 16.4.0 cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_interactive_session_recorder:*:*:*:*:*:*:*:* versions from (including) 6.0; versions up to (including) 6.4 cpe:2.3:a:oracle:communications_operations_monitor:*:*:*:*:*:*:*:* versions from (including) 4.1; versions up to (including) 4.3 cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_operations_monitor:4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_operations_monitor:4.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_unified_inventory_management:7.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:diagnostic_assistant:2.12.36:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 7.3.3; versions up to (including) 7.3.5 cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.1.0 cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_asset_liability_management:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_balance_sheet_planning:8.0.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.8 cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.9 cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:* versions from (including) 8.0.5; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_data_integration_hub:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_enterprise_financial_performance_analytics:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_enterprise_financial_performance_analytics:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.0.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.4.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.5.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_profitability_management:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_de_nederlandsche_bank:8.0.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_us_federal_reserve:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_retail_customer_analytics:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.6 cpe:2.3:a:oracle:financial_services_retail_performance_analytics:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_retail_performance_analytics:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.4.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.4.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.2.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.3.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.3.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_simphony:*:*:*:*:*:*:*:* versions from (including) 19.1.0; versions up to (including) 19.1.2 cpe:2.3:a:oracle:hospitality_simphony:18.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_simphony:18.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:identity_manager:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_accounting_analyzer:8.0.9:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.0.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:insurance_ifrs_17_analyzer:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_ifrs_17_analyzer:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:* versions from (including) 5.0.0.0; versions up to (including) 5.6.0.0 cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_performance_insight:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper_and_adf:11.1.1.9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper_and_adf:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper_and_adf:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:knowledge:*:*:*:*:*:*:*:* versions from (including) 8.6.0; versions up to (including) 8.6.3 cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:* cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.15 cpe:2.3:a:oracle:policy_automation:10.4.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:policy_automation:12.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:policy_automation:12.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.15 cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 16.2.0; versions up to (including) 16.2.11 cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 17.12.0; versions up to (including) 17.12.7 cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 18.8.0; versions up to (including) 18.8.9 cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 19.12.0; versions up to (including) 19.12.4 cpe:2.3:a:oracle:primavera_gateway:15.2.18:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.7; versions up to (including) 17.12 cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:real-time_scheduler:*:*:*:*:*:*:*:* versions from (including) 2.3.0.1; versions up to (including) 2.3.0.3 cpe:2.3:a:oracle:rest_data_services:18c:*:*:*:-:*:*:* cpe:2.3:a:oracle:rest_data_services:19c:*:*:*:-:*:*:* cpe:2.3:a:oracle:rest_data_services:11.2.0.4:*:*:*:-:*:*:* cpe:2.3:a:oracle:rest_data_services:12.1.0.2:*:*:*:-:*:*:* cpe:2.3:a:oracle:rest_data_services:12.2.0.1:*:*:*:-:*:*:* cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_central_office:14.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_point-of-service:14.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:service_bus:11.1.1.9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:siebel_mobile_applications:*:*:*:*:*:*:*:* versions up to (including) 19.8 cpe:2.3:a:oracle:siebel_ui_framework:20.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:system_utilities:19.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:tape_library_acsls:8.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:tape_library_acsls:8.5.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:transportation_management:1.4.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:utilities_mobile_workforce_management:*:*:*:*:*:*:*:* versions from (including) 2.3.0.1; versions up to (including) 2.3.0.3 cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:cloudforms:4.7:*:*:*:*:*:*:* cpe:2.3:a:redhat:virtualization_manager:4.3:*:*:*:*:*:*:* CVE-2020-11022 suppress
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A References:
af854a3a-2127-422b-91ae-364da2661108 - BROKEN_LINK af854a3a-2127-422b-91ae-364da2661108 - BROKEN_LINK af854a3a-2127-422b-91ae-364da2661108 - BROKEN_LINK af854a3a-2127-422b-91ae-364da2661108 - EXPLOIT,THIRD_PARTY_ADVISORY,VDB_ENTRY af854a3a-2127-422b-91ae-364da2661108 - MAILING_LIST,THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - MITIGATION,THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - MITIGATION,VENDOR_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - PATCH,THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - PATCH,THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - PATCH,THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - PATCH,THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - PATCH,THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - PATCH,THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - RELEASE_NOTES,VENDOR_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY info - https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ security-advisories@github.com - BROKEN_LINK security-advisories@github.com - BROKEN_LINK security-advisories@github.com - BROKEN_LINK security-advisories@github.com - EXPLOIT,THIRD_PARTY_ADVISORY,VDB_ENTRY security-advisories@github.com - MAILING_LIST,THIRD_PARTY_ADVISORY security-advisories@github.com - MITIGATION,THIRD_PARTY_ADVISORY security-advisories@github.com - MITIGATION,VENDOR_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - RELEASE_NOTES,VENDOR_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY Vulnerable Software & Versions (NVD):
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.70 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.7.0; versions up to (excluding) 8.7.14 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.8.0; versions up to (excluding) 8.8.6 cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions from (including) 1.2; versions up to (excluding) 3.5.0 cpe:2.3:a:netapp:max_data:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:* versions from (including) 3.0; versions up to (including) 3.1.3 cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_supplier_collaboration_for_process:6.2.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:* versions from (including) 18.1; versions up to (including) 20.1 cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:* versions up to (excluding) 21.1.2 cpe:2.3:a:oracle:communications_application_session_controller:3.8m0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_diameter_signaling_router_idih\::*:*:*:*:*:*:*:* versions from (including) 8.0.0; versions up to (including) 8.2.2 cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:* versions from (including) 16.1.0; versions up to (including) 16.4.0 cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0 cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.6.0.0; versions up to (including) 8.1.0.0.0 cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8 cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_asset_liability_management:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_balance_sheet_planning:8.0.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8 cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8 cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0 cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.9 cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_data_integration_hub:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8 cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8 cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_profitability_management:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_profitability_management:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_profitability_management:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0 cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_us_federal_reserve:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.9 cpe:2.3:a:oracle:healthcare_foundation:7.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_simphony:*:*:*:*:*:*:*:* versions from (including) 19.1.0; versions up to (including) 19.1.2 cpe:2.3:a:oracle:hospitality_simphony:18.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_simphony:18.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_simphony:19.1.0-19.1.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_accounting_analyzer:8.0.9:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.0.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0 cpe:2.3:a:oracle:insurance_data_foundation:8.0.6-8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:* versions from (including) 5.0.0.0; versions up to (including) 5.6.0.0 cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:* cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.20 cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.20 cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:siebel_ui_framework:20.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:storagetek_acsls:8.5.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:* cpe:2.3:a:tenable:log_correlation_engine:*:*:*:*:*:*:*:* versions up to (excluding) 6.0.9 CVE-2020-11023 suppress
CISA Known Exploited Vulnerability: Product: JQuery JQuery Name: JQuery Cross-Site Scripting (XSS) Vulnerability Date Added: 2025-01-23 Description: JQuery contains a persistent cross-site scripting (XSS) vulnerability. When passing maliciously formed, untrusted input enclosed in HTML tags, JQuery's DOM manipulators can execute untrusted code in the context of the user's browser. Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Due Date: 2025-02-13 Notes: This vulnerability could affect an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6 ; https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ ; https://nvd.nist.gov/vuln/detail/CVE-2020-11023
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A References:
134c704f-9b21-4f2e-91b3-4a467353bcc0 - US_GOVERNMENT_RESOURCE af854a3a-2127-422b-91ae-364da2661108 - BROKEN_LINK af854a3a-2127-422b-91ae-364da2661108 - BROKEN_LINK af854a3a-2127-422b-91ae-364da2661108 - BROKEN_LINK,MAILING_LIST,THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - EXPLOIT,THIRD_PARTY_ADVISORY,VDB_ENTRY af854a3a-2127-422b-91ae-364da2661108 - ISSUE_TRACKING,MAILING_LIST af854a3a-2127-422b-91ae-364da2661108 - ISSUE_TRACKING,MAILING_LIST af854a3a-2127-422b-91ae-364da2661108 - ISSUE_TRACKING,MAILING_LIST af854a3a-2127-422b-91ae-364da2661108 - ISSUE_TRACKING,MAILING_LIST af854a3a-2127-422b-91ae-364da2661108 - ISSUE_TRACKING,MAILING_LIST af854a3a-2127-422b-91ae-364da2661108 - ISSUE_TRACKING,MAILING_LIST af854a3a-2127-422b-91ae-364da2661108 - ISSUE_TRACKING,MAILING_LIST af854a3a-2127-422b-91ae-364da2661108 - ISSUE_TRACKING,MAILING_LIST af854a3a-2127-422b-91ae-364da2661108 - ISSUE_TRACKING,MAILING_LIST af854a3a-2127-422b-91ae-364da2661108 - ISSUE_TRACKING,MAILING_LIST af854a3a-2127-422b-91ae-364da2661108 - ISSUE_TRACKING,MAILING_LIST af854a3a-2127-422b-91ae-364da2661108 - ISSUE_TRACKING,MAILING_LIST af854a3a-2127-422b-91ae-364da2661108 - ISSUE_TRACKING,MAILING_LIST af854a3a-2127-422b-91ae-364da2661108 - ISSUE_TRACKING,MAILING_LIST af854a3a-2127-422b-91ae-364da2661108 - ISSUE_TRACKING,MAILING_LIST af854a3a-2127-422b-91ae-364da2661108 - ISSUE_TRACKING,MAILING_LIST af854a3a-2127-422b-91ae-364da2661108 - ISSUE_TRACKING,MAILING_LIST af854a3a-2127-422b-91ae-364da2661108 - ISSUE_TRACKING,MAILING_LIST af854a3a-2127-422b-91ae-364da2661108 - ISSUE_TRACKING,MAILING_LIST af854a3a-2127-422b-91ae-364da2661108 - ISSUE_TRACKING,MAILING_LIST af854a3a-2127-422b-91ae-364da2661108 - ISSUE_TRACKING,MAILING_LIST af854a3a-2127-422b-91ae-364da2661108 - ISSUE_TRACKING,MAILING_LIST af854a3a-2127-422b-91ae-364da2661108 - ISSUE_TRACKING,MAILING_LIST af854a3a-2127-422b-91ae-364da2661108 - ISSUE_TRACKING,MAILING_LIST af854a3a-2127-422b-91ae-364da2661108 - ISSUE_TRACKING,MAILING_LIST af854a3a-2127-422b-91ae-364da2661108 - ISSUE_TRACKING,MAILING_LIST af854a3a-2127-422b-91ae-364da2661108 - ISSUE_TRACKING,MAILING_LIST af854a3a-2127-422b-91ae-364da2661108 - ISSUE_TRACKING,MAILING_LIST af854a3a-2127-422b-91ae-364da2661108 - ISSUE_TRACKING,MAILING_LIST af854a3a-2127-422b-91ae-364da2661108 - ISSUE_TRACKING,MAILING_LIST af854a3a-2127-422b-91ae-364da2661108 - ISSUE_TRACKING,MAILING_LIST af854a3a-2127-422b-91ae-364da2661108 - ISSUE_TRACKING,MAILING_LIST af854a3a-2127-422b-91ae-364da2661108 - ISSUE_TRACKING,MAILING_LIST af854a3a-2127-422b-91ae-364da2661108 - ISSUE_TRACKING,MAILING_LIST af854a3a-2127-422b-91ae-364da2661108 - ISSUE_TRACKING,MAILING_LIST af854a3a-2127-422b-91ae-364da2661108 - ISSUE_TRACKING,MAILING_LIST af854a3a-2127-422b-91ae-364da2661108 - ISSUE_TRACKING,MAILING_LIST af854a3a-2127-422b-91ae-364da2661108 - MAILING_LIST,THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - MAILING_LIST,THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - MAILING_LIST,THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - MAILING_LIST,THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - MAILING_LIST,THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - MAILING_LIST,THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - MAILING_LIST,THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - PATCH,THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - PATCH,THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - PATCH,THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - PATCH,THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - PATCH,THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - RELEASE_NOTES,VENDOR_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - RELEASE_NOTES,VENDOR_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - THIRD_PARTY_ADVISORY info - https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ security-advisories@github.com - BROKEN_LINK security-advisories@github.com - BROKEN_LINK security-advisories@github.com - BROKEN_LINK,MAILING_LIST,THIRD_PARTY_ADVISORY security-advisories@github.com - EXPLOIT,THIRD_PARTY_ADVISORY,VDB_ENTRY security-advisories@github.com - ISSUE_TRACKING,MAILING_LIST security-advisories@github.com - ISSUE_TRACKING,MAILING_LIST security-advisories@github.com - ISSUE_TRACKING,MAILING_LIST security-advisories@github.com - ISSUE_TRACKING,MAILING_LIST security-advisories@github.com - ISSUE_TRACKING,MAILING_LIST security-advisories@github.com - ISSUE_TRACKING,MAILING_LIST security-advisories@github.com - ISSUE_TRACKING,MAILING_LIST security-advisories@github.com - ISSUE_TRACKING,MAILING_LIST security-advisories@github.com - ISSUE_TRACKING,MAILING_LIST security-advisories@github.com - ISSUE_TRACKING,MAILING_LIST security-advisories@github.com - ISSUE_TRACKING,MAILING_LIST security-advisories@github.com - ISSUE_TRACKING,MAILING_LIST security-advisories@github.com - ISSUE_TRACKING,MAILING_LIST security-advisories@github.com - ISSUE_TRACKING,MAILING_LIST security-advisories@github.com - ISSUE_TRACKING,MAILING_LIST security-advisories@github.com - ISSUE_TRACKING,MAILING_LIST security-advisories@github.com - ISSUE_TRACKING,MAILING_LIST security-advisories@github.com - ISSUE_TRACKING,MAILING_LIST security-advisories@github.com - ISSUE_TRACKING,MAILING_LIST security-advisories@github.com - ISSUE_TRACKING,MAILING_LIST security-advisories@github.com - ISSUE_TRACKING,MAILING_LIST security-advisories@github.com - ISSUE_TRACKING,MAILING_LIST security-advisories@github.com - ISSUE_TRACKING,MAILING_LIST security-advisories@github.com - ISSUE_TRACKING,MAILING_LIST security-advisories@github.com - ISSUE_TRACKING,MAILING_LIST security-advisories@github.com - ISSUE_TRACKING,MAILING_LIST security-advisories@github.com - ISSUE_TRACKING,MAILING_LIST security-advisories@github.com - ISSUE_TRACKING,MAILING_LIST security-advisories@github.com - ISSUE_TRACKING,MAILING_LIST security-advisories@github.com - ISSUE_TRACKING,MAILING_LIST security-advisories@github.com - ISSUE_TRACKING,MAILING_LIST security-advisories@github.com - ISSUE_TRACKING,MAILING_LIST security-advisories@github.com - ISSUE_TRACKING,MAILING_LIST security-advisories@github.com - ISSUE_TRACKING,MAILING_LIST security-advisories@github.com - ISSUE_TRACKING,MAILING_LIST security-advisories@github.com - ISSUE_TRACKING,MAILING_LIST security-advisories@github.com - ISSUE_TRACKING,MAILING_LIST security-advisories@github.com - MAILING_LIST,THIRD_PARTY_ADVISORY security-advisories@github.com - MAILING_LIST,THIRD_PARTY_ADVISORY security-advisories@github.com - MAILING_LIST,THIRD_PARTY_ADVISORY security-advisories@github.com - MAILING_LIST,THIRD_PARTY_ADVISORY security-advisories@github.com - MAILING_LIST,THIRD_PARTY_ADVISORY security-advisories@github.com - MAILING_LIST,THIRD_PARTY_ADVISORY security-advisories@github.com - MAILING_LIST,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - RELEASE_NOTES,VENDOR_ADVISORY security-advisories@github.com - RELEASE_NOTES,VENDOR_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY security-advisories@github.com - THIRD_PARTY_ADVISORY Vulnerable Software & Versions (NVD):
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.70 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.7.0; versions up to (excluding) 8.7.14 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.8.0; versions up to (excluding) 8.8.6 cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions from (including) 1.0.3; versions up to (excluding) 3.5.0 cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:* cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vsphere:*:* cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:* cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:cloud_insights_storage_workload_security_agent:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:hci_baseboard_management_controller:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:max_data:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:* versions from (including) 3.0; versions up to (including) 3.1.3 cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:snapcenter_server:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* versions up to (excluding) 20.2 cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_enterprise_collections:*:*:*:*:*:*:*:* versions from (including) 2.7.0; versions up to (including) 2.8.0 cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:* versions from (including) 2.4.0; versions up to (including) 2.10.0 cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:* versions up to (excluding) 21.1.2 cpe:2.3:a:oracle:blockchain_platform:21.1.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:business_intelligence:5.9.0.0.0:*:*:*:enterprise:*:*:* cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:* versions from (including) 16.1.0; versions up to (including) 16.4.0 cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_interactive_session_recorder:*:*:*:*:*:*:*:* versions from (including) 6.1; versions up to (including) 6.4 cpe:2.3:a:oracle:communications_operations_monitor:*:*:*:*:*:*:*:* versions from (including) 4.1; versions up to (including) 4.3 cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_de_nederlandsche_bank:8.0.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:health_sciences_inform:6.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.3.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.3.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hyperion_financial_reporting:11.1.2.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:* versions up to (excluding) 9.2.5.0 cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:* versions up to (excluding) 9.2.5.0 cpe:2.3:a:oracle:oss_support_tools:*:*:*:*:*:*:*:* versions up to (excluding) 2.12.41 cpe:2.3:a:oracle:peoplesoft_enterprise_human_capital_management_resources:9.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 16.2; versions up to (including) 16.2.11 cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 17.12.0; versions up to (including) 17.12.7 cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 18.8.0; versions up to (including) 18.8.9 cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 19.12.0; versions up to (including) 19.12.4 cpe:2.3:a:oracle:rest_data_services:18c:*:*:*:-:*:*:* cpe:2.3:a:oracle:rest_data_services:19c:*:*:*:-:*:*:* cpe:2.3:a:oracle:rest_data_services:11.2.0.4:*:*:*:-:*:*:* cpe:2.3:a:oracle:rest_data_services:12.1.0.2:*:*:*:-:*:*:* cpe:2.3:a:oracle:rest_data_services:12.2.0.1:*:*:*:-:*:*:* cpe:2.3:a:oracle:siebel_mobile:*:*:*:*:*:*:*:* versions up to (including) 20.12 cpe:2.3:a:oracle:storagetek_acsls:8.5.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:* cpe:2.3:a:tenable:log_correlation_engine:*:*:*:*:*:*:*:* versions up to (excluding) 6.0.9 jquery issue: 11974 (RETIREJS)suppress
parseHTML() executes scripts in event handlers Unscored:
References:
jquery issue: 162 (RETIREJS)suppress
jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates Unscored:
References:
Description:
OpenID Connect logic for i2k Connect platform applications File Path: /root/.m2/repository/i2kconnect/i2kopenid/0.8.0-SNAPSHOT/i2kopenid-0.8.0-SNAPSHOT.jarMD5: 763c0a83775e193b897192d033e12981SHA1: a8b88ccb9e409cbc2d020c8913b3980706b29dc5SHA256: c02fdd6306780853a95fe9bbd481c5defeee656b48c4b03228b5201f42357990Referenced In Project/Scope: i2kfs:compilei2kopenid-0.8.0-SNAPSHOT.jar is in the transitive dependency tree of the listed items. Included by:
Evidence Type Source Name Value Confidence Vendor file name i2kopenid High Vendor jar package name i2kopenid Highest Vendor Manifest leiningen-project-artifactid i2kopenid Low Vendor Manifest leiningen-project-groupid i2kconnect Low Vendor pom artifactid i2kopenid Highest Vendor pom artifactid i2kopenid Low Vendor pom groupid i2kconnect Highest Vendor pom name i2kopenid High Vendor pom url https://www.i2kconnect.com Highest Product file name i2kopenid High Product jar package name i2kopenid Highest Product Manifest leiningen-project-artifactid i2kopenid Low Product Manifest leiningen-project-groupid i2kconnect Low Product pom artifactid i2kopenid Highest Product pom groupid i2kconnect Highest Product pom name i2kopenid High Product pom url https://www.i2kconnect.com Medium Version Manifest leiningen-project-version 0.8.0-SNAPSHOT Medium Version pom version 0.8.0-SNAPSHOT Highest
pkg:maven/i2kconnect/i2kopenid@0.8.0-SNAPSHOT (Confidence :High) Description:
A simple code completion library. License:
EPL-2.0 OR GPL-2.0-or-later WITH Classpath-exception-2.0: https://www.eclipse.org/legal/epl-2.0/ File Path: /root/.m2/repository/org/nrepl/incomplete/0.1.0/incomplete-0.1.0.jar
MD5: 9a36f0d5b3e0113049668276c02dfac7
SHA1: 3a70c27d4156d043e8da9b1482979612d4064a81
SHA256: 6de2f3f54063b4c8ba13adf10b621d3f89aec1317033648f2d24b3951077a2e3
Referenced In Project/Scope: i2kfs:compile
incomplete-0.1.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/i2kconnect/i2kfs@1.5.0-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name incomplete High Vendor Manifest leiningen-project-artifactid incomplete Low Vendor pom artifactid incomplete Highest Vendor pom artifactid incomplete Low Vendor pom groupid org.nrepl Highest Vendor pom name incomplete High Vendor pom url nrepl/incomplete Highest Product file name incomplete High Product Manifest leiningen-project-artifactid incomplete Low Product pom artifactid incomplete Highest Product pom groupid org.nrepl Highest Product pom name incomplete High Product pom url nrepl/incomplete High Version file version 0.1.0 High Version Manifest leiningen-project-version 0.1.0 Medium Version pom version 0.1.0 Highest
pkg:maven/org.nrepl/incomplete@0.1.0 (Confidence :High) Description:
Java API for handling configuration files in Windows .ini format. The library includes its own Map based API, Java Preferences API and Java Beans API for handling .ini files. Additionally, the library includes a feature rich (variable/macro substitution, multiply property values, etc) java.util.Properties replacement. License:
Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/org/ini4j/ini4j/0.5.4/ini4j-0.5.4.jar
MD5: b117a54eef58b4511aae3bb5882e0d8b
SHA1: 4a3ee4146a90c619b20977d65951825f5675b560
SHA256: aad60635eee567254ed29f18fb18c0f9e4c4dacf51c8229128203183bb35e2dd
Referenced In Project/Scope: i2kfs:compile
ini4j-0.5.4.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/i2kconnect/i2kconfig@0.14.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name ini4j High Vendor jar package name ini Highest Vendor jar package name ini4j Highest Vendor jar package name ini4j Low Vendor pom artifactid ini4j Highest Vendor pom artifactid ini4j Low Vendor pom developer email szkiba at SourceForge Low Vendor pom developer id ivan Medium Vendor pom developer name Ivan Szkiba Medium Vendor pom groupid org.ini4j Highest Vendor pom name ini4j High Vendor pom url http://www.ini4j.org Highest Product file name ini4j High Product jar package name ini Highest Product jar package name ini4j Highest Product pom artifactid ini4j Highest Product pom developer email szkiba at SourceForge Low Product pom developer id ivan Low Product pom developer name Ivan Szkiba Low Product pom groupid org.ini4j Highest Product pom name ini4j High Product pom url http://www.ini4j.org Medium Version file version 0.5.4 High Version pom version 0.5.4 Highest
Description:
Instaparse: No grammar left behind License:
Eclipse Public License: http://www.eclipse.org/legal/epl-v10.html File Path: /root/.m2/repository/instaparse/instaparse/1.4.8/instaparse-1.4.8.jar
MD5: 7a5a8dd4dff2cc7c9b7941ef4226a56c
SHA1: c09f4f3dfc85e7f29436dcc07037989b821883b8
SHA256: 7f716d38ac5c7ecaa604358d21b8cd094d981d57f0cbdba58644f63c0ea97c04
Referenced In Project/Scope: i2kfs:compile
instaparse-1.4.8.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/i2kconnect/i2kconfig@0.14.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name instaparse High Vendor pom artifactid instaparse Highest Vendor pom artifactid instaparse Low Vendor pom groupid instaparse Highest Vendor pom name instaparse High Vendor pom url Engelberg/instaparse Highest Product file name instaparse High Product pom artifactid instaparse Highest Product pom groupid instaparse Highest Product pom name instaparse High Product pom url Engelberg/instaparse High Version file version 1.4.8 High Version pom version 1.4.8 Highest
pkg:maven/instaparse/instaparse@1.4.8 (Confidence :High) Description:
A set of annotations that provide additional information to the J2ObjC
translator to modify the result of translation.
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/com/google/j2objc/j2objc-annotations/3.0.0/j2objc-annotations-3.0.0.jar
MD5: f59529b29202a5baf37f491ea5ec8627
SHA1: 7399e65dd7e9ff3404f4535b2f017093bdb134c7
SHA256: 88241573467ddca44ffd4d74aa04c2bbfd11bf7c17e0c342c94c9de7a70a7c64
Referenced In Project/Scope: i2kfs:compile
j2objc-annotations-3.0.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.google.guava/guava@33.2.1-jre
Evidence Type Source Name Value Confidence Vendor file name j2objc-annotations High Vendor jar package name annotations Highest Vendor jar package name google Highest Vendor jar package name j2objc Highest Vendor Manifest build-jdk-spec 11 Low Vendor Manifest multi-release true Low Vendor pom artifactid j2objc-annotations Highest Vendor pom artifactid j2objc-annotations Low Vendor pom developer email tball@google.com Low Vendor pom developer id tomball Medium Vendor pom developer name Tom Ball Medium Vendor pom developer org Google Medium Vendor pom developer org URL https://www.google.com Medium Vendor pom groupid com.google.j2objc Highest Vendor pom name J2ObjC Annotations High Vendor pom url google/j2objc/ Highest Product file name j2objc-annotations High Product jar package name annotations Highest Product jar package name google Highest Product jar package name j2objc Highest Product Manifest build-jdk-spec 11 Low Product Manifest multi-release true Low Product pom artifactid j2objc-annotations Highest Product pom developer email tball@google.com Low Product pom developer id tomball Low Product pom developer name Tom Ball Low Product pom developer org Google Low Product pom developer org URL https://www.google.com Low Product pom groupid com.google.j2objc Highest Product pom name J2ObjC Annotations High Product pom url google/j2objc/ High Version file version 3.0.0 High Version pom version 3.0.0 Highest
pkg:maven/com.google.j2objc/j2objc-annotations@3.0.0 (Confidence :High) Description:
Core Jackson processing abstractions (aka Streaming API), implementation for JSON License:
The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.18.1/jackson-core-2.18.1.jar
MD5: 74983885c7bd1f9aaa3935115fd1dd3f
SHA1: 9e2284c539e2dedd2aa1487c781e20a0f575d695
SHA256: ebe19596ad19f7a0514c8bb8f7b0acf85239a4eff5ae03229e9760d268d29c22
Referenced In Project/Scope: i2kfs:compile
jackson-core-2.18.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/cheshire/cheshire@5.10.2
Evidence Type Source Name Value Confidence Vendor file name jackson-core High Vendor jar package name base Highest Vendor jar package name com Highest Vendor jar package name core Highest Vendor jar package name fasterxml Highest Vendor jar package name jackson Highest Vendor jar package name json Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://github.com/FasterXML/jackson-core Low Vendor Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-core Medium Vendor Manifest Implementation-Vendor FasterXML High Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.core Medium Vendor Manifest multi-release true Low Vendor Manifest specification-vendor FasterXML Low Vendor pom artifactid jackson-core Highest Vendor pom artifactid jackson-core Low Vendor pom groupid com.fasterxml.jackson.core Highest Vendor pom name Jackson-core High Vendor pom parent-artifactid jackson-base Low Vendor pom parent-groupid com.fasterxml.jackson Medium Vendor pom url FasterXML/jackson-core Highest Product file name jackson-core High Product hint analyzer product java8 Highest Product hint analyzer product modules Highest Product jar package name base Highest Product jar package name com Highest Product jar package name core Highest Product jar package name fasterxml Highest Product jar package name jackson Highest Product jar package name json Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://github.com/FasterXML/jackson-core Low Product Manifest Bundle-Name Jackson-core Medium Product Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-core Medium Product Manifest Implementation-Title Jackson-core High Product Manifest multi-release true Low Product Manifest specification-title Jackson-core Medium Product pom artifactid jackson-core Highest Product pom groupid com.fasterxml.jackson.core Highest Product pom name Jackson-core High Product pom parent-artifactid jackson-base Medium Product pom parent-groupid com.fasterxml.jackson Medium Product pom url FasterXML/jackson-core High Version file version 2.18.1 High Version Manifest Bundle-Version 2.18.1 High Version Manifest Implementation-Version 2.18.1 High Version pom version 2.18.1 Highest
Related Dependencies jackson-annotations-2.18.1.jarFile Path: /root/.m2/repository/com/fasterxml/jackson/core/jackson-annotations/2.18.1/jackson-annotations-2.18.1.jar MD5: 0e6e6d0e87b374c710d29188c9c0c512 SHA1: 8f9aa97e7fb44d4bea829061625472b0f6199923 SHA256: b7f9df5dac9a85f47fdb2769455ee8ba9cf2fe9b7c4cf636e0aec83479d7882f pkg:maven/com.fasterxml.jackson.core/jackson-annotations@2.18.1 pkg:maven/com.fasterxml.jackson.core/jackson-core@2.18.1 (Confidence :High) cpe:2.3:a:fasterxml:jackson-modules-java8:2.18.1:*:*:*:*:*:*:* (Confidence :Low) suppress Description:
General data-binding functionality for Jackson: works on core streaming API License:
The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.18.1/jackson-databind-2.18.1.jar
MD5: 4d5e91d0c1171c388cb87ee034e08c1c
SHA1: 66547d0c6c2f9e022019499308f09bebbf30ab2e
SHA256: 711bc3bf86d31d02968b9279efb07a6ad60adfc0baa0e9fe66d71a0ac2556234
Referenced In Project/Scope: i2kfs:compile
jackson-databind-2.18.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.azure/azure-storage-blob-nio@12.0.0-beta.30
Evidence Type Source Name Value Confidence Vendor file name jackson-databind High Vendor jar package name databind Highest Vendor jar package name fasterxml Highest Vendor jar package name jackson Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://github.com/FasterXML/jackson Low Vendor Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-databind Medium Vendor Manifest Implementation-Vendor FasterXML High Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.core Medium Vendor Manifest multi-release true Low Vendor Manifest specification-vendor FasterXML Low Vendor pom artifactid jackson-databind Highest Vendor pom artifactid jackson-databind Low Vendor pom groupid com.fasterxml.jackson.core Highest Vendor pom name jackson-databind High Vendor pom parent-artifactid jackson-base Low Vendor pom parent-groupid com.fasterxml.jackson Medium Vendor pom url FasterXML/jackson Highest Product file name jackson-databind High Product hint analyzer product java8 Highest Product hint analyzer product modules Highest Product jar package name databind Highest Product jar package name fasterxml Highest Product jar package name jackson Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://github.com/FasterXML/jackson Low Product Manifest Bundle-Name jackson-databind Medium Product Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-databind Medium Product Manifest Implementation-Title jackson-databind High Product Manifest multi-release true Low Product Manifest specification-title jackson-databind Medium Product pom artifactid jackson-databind Highest Product pom groupid com.fasterxml.jackson.core Highest Product pom name jackson-databind High Product pom parent-artifactid jackson-base Medium Product pom parent-groupid com.fasterxml.jackson Medium Product pom url FasterXML/jackson High Version file version 2.18.1 High Version Manifest Bundle-Version 2.18.1 High Version Manifest Implementation-Version 2.18.1 High Version pom version 2.18.1 Highest
Description:
Support for reading and writing Concise Binary Object Representation
([CBOR](https://www.rfc-editor.org/info/rfc7049)
encoded data using Jackson abstractions (streaming API, data binding, tree model)
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/com/fasterxml/jackson/dataformat/jackson-dataformat-cbor/2.12.4/jackson-dataformat-cbor-2.12.4.jar
MD5: 069537a8f7fdd4eea63cb4ee30bbf746
SHA1: 9ac6412861f4b3e76bbe3fe1d86dac043f0de702
SHA256: c69172d90125e1d521e79014ce03ae7b255c228346b8074f2ba1b79783fec827
Referenced In Project/Scope: i2kfs:compile
jackson-dataformat-cbor-2.12.4.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/cheshire/cheshire@5.10.2
Evidence Type Source Name Value Confidence Vendor file name jackson-dataformat-cbor High Vendor jar package name cbor Highest Vendor jar package name dataformat Highest Vendor jar package name fasterxml Highest Vendor jar package name jackson Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl http://github.com/FasterXML/jackson-dataformats-binary Low Vendor Manifest bundle-symbolicname com.fasterxml.jackson.dataformat.jackson-dataformat-cbor Medium Vendor Manifest implementation-build-date 2021-07-06 20:55:05+0000 Low Vendor Manifest Implementation-Vendor FasterXML High Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.dataformat Medium Vendor Manifest specification-vendor FasterXML Low Vendor pom artifactid jackson-dataformat-cbor Highest Vendor pom artifactid jackson-dataformat-cbor Low Vendor pom groupid com.fasterxml.jackson.dataformat Highest Vendor pom name Jackson dataformat: CBOR High Vendor pom parent-artifactid jackson-dataformats-binary Low Vendor pom url http://github.com/FasterXML/jackson-dataformats-binary Highest Product file name jackson-dataformat-cbor High Product jar package name cbor Highest Product jar package name dataformat Highest Product jar package name fasterxml Highest Product jar package name jackson Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl http://github.com/FasterXML/jackson-dataformats-binary Low Product Manifest Bundle-Name Jackson dataformat: CBOR Medium Product Manifest bundle-symbolicname com.fasterxml.jackson.dataformat.jackson-dataformat-cbor Medium Product Manifest implementation-build-date 2021-07-06 20:55:05+0000 Low Product Manifest Implementation-Title Jackson dataformat: CBOR High Product Manifest specification-title Jackson dataformat: CBOR Medium Product pom artifactid jackson-dataformat-cbor Highest Product pom groupid com.fasterxml.jackson.dataformat Highest Product pom name Jackson dataformat: CBOR High Product pom parent-artifactid jackson-dataformats-binary Medium Product pom url http://github.com/FasterXML/jackson-dataformats-binary Medium Version file version 2.12.4 High Version Manifest Bundle-Version 2.12.4 High Version Manifest Implementation-Version 2.12.4 High Version pom version 2.12.4 Highest
Related Dependencies jackson-dataformat-smile-2.12.4.jarFile Path: /root/.m2/repository/com/fasterxml/jackson/dataformat/jackson-dataformat-smile/2.12.4/jackson-dataformat-smile-2.12.4.jar MD5: 182094abe042e27becddf0edc486abd6 SHA1: 8f664dc237efb7f85555f413bab88ea6d4d21b78 SHA256: afaf509ff67e99c7762a10b94cbf3989dc2bbf79be11b50c01cb60212f2ab29a pkg:maven/com.fasterxml.jackson.dataformat/jackson-dataformat-smile@2.12.4 pkg:maven/com.fasterxml.jackson.dataformat/jackson-dataformat-cbor@2.12.4 (Confidence :High) cpe:2.3:a:fasterxml:jackson-dataformats-binary:2.12.4:*:*:*:*:*:*:* (Confidence :Low) suppress Description:
Add-on module to support JSR-310 (Java 8 Date & Time API) data types. License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/com/fasterxml/jackson/datatype/jackson-datatype-jsr310/2.18.3/jackson-datatype-jsr310-2.18.3.jar
MD5: 5673e03531b3ade9e5eb2b83f68ee397
SHA1: cc57924cccf42fc852081c36215272f84ffcd991
SHA256: 2e1df2feb93683d379969ceaf78b76a0ac115c67d04671958fddf4eed6e6401d
Referenced In Project/Scope: i2kfs:compile
jackson-datatype-jsr310-2.18.3.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.azure/azure-storage-blob-nio@12.0.0-beta.30
Evidence Type Source Name Value Confidence Vendor file name jackson-datatype-jsr310 High Vendor jar package name datatype Highest Vendor jar package name fasterxml Highest Vendor jar package name jackson Highest Vendor jar package name jsr310 Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://github.com/FasterXML/jackson-modules-java8/jackson-datatype-jsr310 Low Vendor Manifest bundle-symbolicname com.fasterxml.jackson.datatype.jackson-datatype-jsr310 Medium Vendor Manifest Implementation-Vendor FasterXML High Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.datatype Medium Vendor Manifest multi-release true Low Vendor Manifest specification-vendor FasterXML Low Vendor pom artifactid jackson-datatype-jsr310 Highest Vendor pom artifactid jackson-datatype-jsr310 Low Vendor pom developer email nicholas@nicholaswilliams.net Low Vendor pom developer id beamerblvd Medium Vendor pom developer name Nick Williams Medium Vendor pom groupid com.fasterxml.jackson.datatype Highest Vendor pom name Jackson datatype: JSR310 High Vendor pom parent-artifactid jackson-modules-java8 Low Vendor pom parent-groupid com.fasterxml.jackson.module Medium Product file name jackson-datatype-jsr310 High Product jar package name datatype Highest Product jar package name fasterxml Highest Product jar package name jackson Highest Product jar package name jsr310 Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://github.com/FasterXML/jackson-modules-java8/jackson-datatype-jsr310 Low Product Manifest Bundle-Name Jackson datatype: JSR310 Medium Product Manifest bundle-symbolicname com.fasterxml.jackson.datatype.jackson-datatype-jsr310 Medium Product Manifest Implementation-Title Jackson datatype: JSR310 High Product Manifest multi-release true Low Product Manifest specification-title Jackson datatype: JSR310 Medium Product pom artifactid jackson-datatype-jsr310 Highest Product pom developer email nicholas@nicholaswilliams.net Low Product pom developer id beamerblvd Low Product pom developer name Nick Williams Low Product pom groupid com.fasterxml.jackson.datatype Highest Product pom name Jackson datatype: JSR310 High Product pom parent-artifactid jackson-modules-java8 Medium Product pom parent-groupid com.fasterxml.jackson.module Medium Version file version 2.18.3 High Version Manifest Bundle-Version 2.18.3 High Version Manifest Implementation-Version 2.18.3 High Version pom version 2.18.3 Highest
pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-jsr310@2.18.3 (Confidence :High) cpe:2.3:a:fasterxml:jackson-modules-java8:2.18.3:*:*:*:*:*:*:* (Confidence :Low) suppress Description:
Simple data-binding that builds directly on jackson-core (streaming),
has no other dependencies, and provides additional builder-style content generator
License:
The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/com/fasterxml/jackson/jr/jackson-jr-objects/2.16.1/jackson-jr-objects-2.16.1.jar
MD5: c37f58a1eba753680ecf8338a0a08319
SHA1: 3dbc347cab5f6d52ece1584524dcf1da59197cd2
SHA256: 2807c26f9e7e7848dad4376b38f272f39af044f930a03f27e9aa7bbde87500c8
Referenced In Project/Scope: i2kfs:runtime
jackson-jr-objects-2.16.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/i2kconnect/i2kconfig@0.14.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name jackson-jr-objects High Vendor jar package name fasterxml Highest Vendor jar package name jackson Highest Vendor jar package name jr Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://github.com/FasterXML/jackson-jr Low Vendor Manifest bundle-symbolicname com.fasterxml.jackson.jr.jackson-jr-objects Medium Vendor Manifest Implementation-Vendor FasterXML High Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.jr Medium Vendor Manifest multi-release true Low Vendor Manifest specification-vendor FasterXML Low Vendor pom artifactid jackson-jr-objects Highest Vendor pom artifactid jackson-jr-objects Low Vendor pom groupid com.fasterxml.jackson.jr Highest Vendor pom parent-artifactid jackson-jr-parent Low Vendor pom url FasterXML/jackson-jr Highest Product file name jackson-jr-objects High Product jar package name fasterxml Highest Product jar package name jackson Highest Product jar package name jr Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://github.com/FasterXML/jackson-jr Low Product Manifest Bundle-Name jackson-jr-objects Medium Product Manifest bundle-symbolicname com.fasterxml.jackson.jr.jackson-jr-objects Medium Product Manifest Implementation-Title jackson-jr-objects High Product Manifest multi-release true Low Product Manifest specification-title jackson-jr-objects Medium Product pom artifactid jackson-jr-objects Highest Product pom groupid com.fasterxml.jackson.jr Highest Product pom parent-artifactid jackson-jr-parent Medium Product pom url FasterXML/jackson-jr High Version file version 2.16.1 High Version Manifest Bundle-Version 2.16.1 High Version Manifest Implementation-Version 2.16.1 High Version pom version 2.16.1 Highest
pkg:maven/com.fasterxml.jackson.jr/jackson-jr-objects@2.16.1 (Confidence :High) Description:
Common Annotations for the JavaTM Platform API License:
CDDL + GPLv2 with classpath exception: https://github.com/javaee/javax.annotation/blob/master/LICENSE File Path: /root/.m2/repository/javax/annotation/javax.annotation-api/1.3.2/javax.annotation-api-1.3.2.jar
MD5: 2ab1973eefffaa2aeec47d50b9e40b9d
SHA1: 934c04d3cfef185a8008e7bf34331b79730a9d43
SHA256: e04ba5195bcd555dc95650f7cc614d151e4bcd52d29a10b8aa2197f3ab89ab9b
Referenced In Project/Scope: i2kfs:compile
javax.annotation-api-1.3.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.google.cloud/google-cloud-nio@0.127.33
Evidence Type Source Name Value Confidence Vendor file name javax.annotation-api High Vendor jar package name annotation Highest Vendor jar package name javax Highest Vendor Manifest automatic-module-name java.annotation Medium Vendor Manifest bundle-docurl https://javaee.github.io/glassfish Low Vendor Manifest bundle-symbolicname javax.annotation-api Medium Vendor Manifest extension-name javax.annotation Medium Vendor Manifest Implementation-Vendor GlassFish Community High Vendor Manifest Implementation-Vendor-Id org.glassfish Medium Vendor Manifest specification-vendor Oracle Corporation Low Vendor pom artifactid javax.annotation-api Highest Vendor pom artifactid javax.annotation-api Low Vendor pom developer id ldemichiel Medium Vendor pom developer name Linda De Michiel Medium Vendor pom developer org Oracle Corp. Medium Vendor pom groupid javax.annotation Highest Vendor pom name API High Vendor pom name ${extension.name} API High Vendor pom organization name GlassFish Community High Vendor pom organization url https://javaee.github.io/glassfish Medium Vendor pom parent-artifactid jvnet-parent Low Vendor pom parent-groupid net.java Medium Vendor pom url http://jcp.org/en/jsr/detail?id=250 Highest Product file name javax.annotation-api High Product jar package name annotation Highest Product jar package name javax Highest Product Manifest automatic-module-name java.annotation Medium Product Manifest bundle-docurl https://javaee.github.io/glassfish Low Product Manifest Bundle-Name javax.annotation API Medium Product Manifest bundle-symbolicname javax.annotation-api Medium Product Manifest extension-name javax.annotation Medium Product pom artifactid javax.annotation-api Highest Product pom developer id ldemichiel Low Product pom developer name Linda De Michiel Low Product pom developer org Oracle Corp. Low Product pom groupid javax.annotation Highest Product pom name API High Product pom name ${extension.name} API High Product pom organization name GlassFish Community Low Product pom organization url https://javaee.github.io/glassfish Low Product pom parent-artifactid jvnet-parent Medium Product pom parent-groupid net.java Medium Product pom url http://jcp.org/en/jsr/detail?id=250 Medium Version file version 1.3.2 High Version Manifest Bundle-Version 1.3.2 High Version Manifest Implementation-Version 1.3.2 High Version pom parent-version 1.3.2 Low Version pom version 1.3.2 Highest
pkg:maven/javax.annotation/javax.annotation-api@1.3.2 (Confidence :High) Description:
The javax.inject API License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/javax/inject/javax.inject/1/javax.inject-1.jar
MD5: 289075e48b909e9e74e6c915b3631d2e
SHA1: 6975da39a7040257bd51d21a231b76c915872d38
SHA256: 91c77044a50c481636c32d916fd89c9118a72195390452c81065080f957de7ff
Referenced In Project/Scope: i2kfs:compile
javax.inject-1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.google.cloud/google-cloud-nio@0.127.33
Evidence Type Source Name Value Confidence Vendor file name javax.inject-1 High Vendor jar package name inject Highest Vendor jar package name inject Low Vendor jar package name javax Highest Vendor jar package name javax Low Vendor pom artifactid javax.inject Highest Vendor pom artifactid javax.inject Low Vendor pom groupid javax.inject Highest Vendor pom name javax.inject High Vendor pom url http://code.google.com/p/atinject/ Highest Product file name javax.inject-1 High Product jar package name inject Highest Product jar package name inject Low Product jar package name javax Highest Product pom artifactid javax.inject Highest Product pom groupid javax.inject Highest Product pom name javax.inject High Product pom url http://code.google.com/p/atinject/ Medium Version file version 1 Medium Version pom version 1 Highest
pkg:maven/javax.inject/javax.inject@1 (Confidence :High) Description:
A clean room implementation of the JCIP Annotations based entirely on the specification provided by the javadocs.
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/com/github/stephenc/jcip/jcip-annotations/1.0-1/jcip-annotations-1.0-1.jar
MD5: d62dbfa8789378457ada685e2f614846
SHA1: ef31541dd28ae2cefdd17c7ebf352d93e9058c63
SHA256: 4fccff8382aafc589962c4edb262f6aa595e34f1e11e61057d1c6a96e8fc7323
Referenced In Project/Scope: i2kfs:compile
jcip-annotations-1.0-1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.microsoft.azure/msal4j@1.22.0
Evidence Type Source Name Value Confidence Vendor file name jcip-annotations High Vendor jar package name annotations Highest Vendor jar package name annotations Low Vendor jar package name jcip Highest Vendor jar package name jcip Low Vendor jar package name net Low Vendor pom artifactid jcip-annotations Highest Vendor pom artifactid jcip-annotations Low Vendor pom developer id stephenc Medium Vendor pom developer name Stephen Connolly Medium Vendor pom groupid com.github.stephenc.jcip Highest Vendor pom name JCIP Annotations under Apache License High Vendor pom url http://stephenc.github.com/jcip-annotations Highest Product file name jcip-annotations High Product jar package name annotations Highest Product jar package name annotations Low Product jar package name jcip Highest Product jar package name jcip Low Product pom artifactid jcip-annotations Highest Product pom developer id stephenc Low Product pom developer name Stephen Connolly Low Product pom groupid com.github.stephenc.jcip Highest Product pom name JCIP Annotations under Apache License High Product pom url http://stephenc.github.com/jcip-annotations Medium Version pom version 1.0-1 Highest
pkg:maven/com.github.stephenc.jcip/jcip-annotations@1.0-1 (Confidence :High) Description:
Java Native Access License:
LGPL-2.1-or-later: https://www.gnu.org/licenses/old-licenses/lgpl-2.1
Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/net/java/dev/jna/jna/5.13.0/jna-5.13.0.jar
MD5: bd2e5bc6b4b020c2d9a6e17a8e9bcef1
SHA1: 1200e7ebeedbe0d10062093f32925a912020e747
SHA256: 66d4f819a062a51a1d5627bffc23fac55d1677f0e0a1feba144aabdd670a64bb
Referenced In Project/Scope: i2kfs:compile
jna-5.13.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.peter-gergely-horvath/windpapi4j@1.1.0
Evidence Type Source Name Value Confidence Vendor file name jna High Vendor jar package name jna Highest Vendor jar package name native Highest Vendor jar package name sun Highest Vendor jar (hint) package name oracle Highest Vendor Manifest automatic-module-name com.sun.jna Medium Vendor Manifest bundle-activationpolicy lazy Low Vendor Manifest bundle-category jni Low Vendor Manifest bundle-nativecode com/sun/jna/win32-x86/jnidispatch.dll; processor=x86;osname=win32, com/sun/jna/win32-x86-64/jnidispatch.dll; processor=x86-64;osname=win32, com/sun/jna/win32-aarch64/jnidispatch.dll; processor=aarch64;osname=win32, com/sun/jna/win32-x86/jnidispatch.dll; processor=x86;osname=win, com/sun/jna/win32-x86-64/jnidispatch.dll; processor=x86-64;osname=win, com/sun/jna/win32-aarch64/jnidispatch.dll; processor=aarch64;osname=win, com/sun/jna/w32ce-arm/jnidispatch.dll; processor=arm;osname=wince, com/sun/jna/sunos-x86/libjnidispatch.so; processor=x86;osname=sunos, com/sun/jna/sunos-x86-64/libjnidispatch.so; processor=x86-64;osname=sunos, com/sun/jna/sunos-sparc/libjnidispatch.so; processor=sparc;osname=sunos, com/sun/jna/sunos-sparcv9/libjnidispatch.so; processor=sparcv9;osname=sunos, com/sun/jna/aix-ppc/libjnidispatch.a; processor=ppc;osname=aix, com/sun/jna/aix-ppc64/libjnidispatch.a; processor=ppc64;osname=aix, com/sun/jna/linux-ppc/libjnidispatch.so; processor=ppc;osname=linux, com/sun/jna/linux-ppc64/libjnidispatch.so; processor=ppc64;osname=linux, com/sun/jna/linux-ppc64le/libjnidispatch.so; processor=ppc64le;osname=linux, com/sun/jna/linux-x86/libjnidispatch.so; processor=x86;osname=linux, com/sun/jna/linux-x86-64/libjnidispatch.so; processor=x86-64;osname=linux, com/sun/jna/linux-arm/libjnidispatch.so; processor=arm;osname=linux, com/sun/jna/linux-arm/libjnidispatch.so; processor=arm_le;osname=linux, com/sun/jna/linux-armel/libjnidispatch.so; processor=armel;osname=linux, com/sun/jna/linux-aarch64/libjnidispatch.so; processor=aarch64;osname=linux, com/sun/jna/linux-ia64/libjnidispatch.so; processor=ia64;osname=linux, com/sun/jna/linux-sparcv9/libjnidispatch.so; processor=sparcv9;osname=linux, com/sun/jna/linux-mips64el/libjnidispatch.so; processor=mips64el;osname=linux, com/sun/jna/linux-s390x/libjnidispatch.so; processor=S390x;osname=linux, com/sun/jna/linux-loongarch64/libjnidispatch.so; processor=loongarch64;osname=linux, com/sun/jna/freebsd-x86/libjnidispatch.so; processor=x86;osname=freebsd, com/sun/jna/freebsd-x86-64/libjnidispatch.so; processor=x86-64;osname=freebsd, com/sun/jna/openbsd-x86/libjnidispatch.so; processor=x86;osname=openbsd, com/sun/jna/openbsd-x86-64/libjnidispatch.so; processor=x86-64;osname=openbsd, com/sun/jna/darwin-ppc/libjnidispatch.jnilib; osname=macosx;processor=ppc, com/sun/jna/darwin-ppc64/libjnidispatch.jnilib; osname=macosx;processor=ppc64, com/sun/jna/darwin-x86/libjnidispatch.jnilib; osname=macosx;processor=x86, com/sun/jna/darwin-x86-64/libjnidispatch.jnilib; osname=macosx;processor=x86-64, com/sun/jna/darwin-aarch64/libjnidispatch.jnilib; osname=macosx;processor=aarch64 Low Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.6 Low Vendor Manifest bundle-symbolicname com.sun.jna Medium Vendor Manifest Implementation-Vendor JNA Development Team High Vendor Manifest specification-vendor JNA Development Team Low Vendor pom artifactid jna Highest Vendor pom artifactid jna Low Vendor pom developer email mblaesing@doppel-helix.eu Low Vendor pom developer id twall Medium Vendor pom developer name Matthias Bläsing Medium Vendor pom developer name Timothy Wall Medium Vendor pom groupid net.java.dev.jna Highest Vendor pom name Java Native Access High Vendor pom url java-native-access/jna Highest Product file name jna High Product jar package name jna Highest Product jar package name library Highest Product jar package name native Highest Product jar package name sun Highest Product jar package name win32 Highest Product Manifest automatic-module-name com.sun.jna Medium Product Manifest bundle-activationpolicy lazy Low Product Manifest bundle-category jni Low Product Manifest Bundle-Name jna Medium Product Manifest bundle-nativecode com/sun/jna/win32-x86/jnidispatch.dll; processor=x86;osname=win32, com/sun/jna/win32-x86-64/jnidispatch.dll; processor=x86-64;osname=win32, com/sun/jna/win32-aarch64/jnidispatch.dll; processor=aarch64;osname=win32, com/sun/jna/win32-x86/jnidispatch.dll; processor=x86;osname=win, com/sun/jna/win32-x86-64/jnidispatch.dll; processor=x86-64;osname=win, com/sun/jna/win32-aarch64/jnidispatch.dll; processor=aarch64;osname=win, com/sun/jna/w32ce-arm/jnidispatch.dll; processor=arm;osname=wince, com/sun/jna/sunos-x86/libjnidispatch.so; processor=x86;osname=sunos, com/sun/jna/sunos-x86-64/libjnidispatch.so; processor=x86-64;osname=sunos, com/sun/jna/sunos-sparc/libjnidispatch.so; processor=sparc;osname=sunos, com/sun/jna/sunos-sparcv9/libjnidispatch.so; processor=sparcv9;osname=sunos, com/sun/jna/aix-ppc/libjnidispatch.a; processor=ppc;osname=aix, com/sun/jna/aix-ppc64/libjnidispatch.a; processor=ppc64;osname=aix, com/sun/jna/linux-ppc/libjnidispatch.so; processor=ppc;osname=linux, com/sun/jna/linux-ppc64/libjnidispatch.so; processor=ppc64;osname=linux, com/sun/jna/linux-ppc64le/libjnidispatch.so; processor=ppc64le;osname=linux, com/sun/jna/linux-x86/libjnidispatch.so; processor=x86;osname=linux, com/sun/jna/linux-x86-64/libjnidispatch.so; processor=x86-64;osname=linux, com/sun/jna/linux-arm/libjnidispatch.so; processor=arm;osname=linux, com/sun/jna/linux-arm/libjnidispatch.so; processor=arm_le;osname=linux, com/sun/jna/linux-armel/libjnidispatch.so; processor=armel;osname=linux, com/sun/jna/linux-aarch64/libjnidispatch.so; processor=aarch64;osname=linux, com/sun/jna/linux-ia64/libjnidispatch.so; processor=ia64;osname=linux, com/sun/jna/linux-sparcv9/libjnidispatch.so; processor=sparcv9;osname=linux, com/sun/jna/linux-mips64el/libjnidispatch.so; processor=mips64el;osname=linux, com/sun/jna/linux-s390x/libjnidispatch.so; processor=S390x;osname=linux, com/sun/jna/linux-loongarch64/libjnidispatch.so; processor=loongarch64;osname=linux, com/sun/jna/freebsd-x86/libjnidispatch.so; processor=x86;osname=freebsd, com/sun/jna/freebsd-x86-64/libjnidispatch.so; processor=x86-64;osname=freebsd, com/sun/jna/openbsd-x86/libjnidispatch.so; processor=x86;osname=openbsd, com/sun/jna/openbsd-x86-64/libjnidispatch.so; processor=x86-64;osname=openbsd, com/sun/jna/darwin-ppc/libjnidispatch.jnilib; osname=macosx;processor=ppc, com/sun/jna/darwin-ppc64/libjnidispatch.jnilib; osname=macosx;processor=ppc64, com/sun/jna/darwin-x86/libjnidispatch.jnilib; osname=macosx;processor=x86, com/sun/jna/darwin-x86-64/libjnidispatch.jnilib; osname=macosx;processor=x86-64, com/sun/jna/darwin-aarch64/libjnidispatch.jnilib; osname=macosx;processor=aarch64 Low Product Manifest bundle-requiredexecutionenvironment JavaSE-1.6 Low Product Manifest bundle-symbolicname com.sun.jna Medium Product Manifest Implementation-Title com.sun.jna High Product Manifest specification-title Java Native Access (JNA) Medium Product pom artifactid jna Highest Product pom developer email mblaesing@doppel-helix.eu Low Product pom developer id twall Low Product pom developer name Matthias Bläsing Low Product pom developer name Timothy Wall Low Product pom groupid net.java.dev.jna Highest Product pom name Java Native Access High Product pom url java-native-access/jna High Version file version 5.13.0 High Version Manifest Bundle-Version 5.13.0 High Version pom version 5.13.0 Highest
pkg:maven/net.java.dev.jna/jna@5.13.0 (Confidence :High) cpe:2.3:a:oracle:java_se:5.13.0:*:*:*:*:*:*:* (Confidence :Low) suppress Description:
Java Native Access Platform License:
LGPL-2.1-or-later: https://www.gnu.org/licenses/old-licenses/lgpl-2.1
Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/net/java/dev/jna/jna-platform/5.13.0/jna-platform-5.13.0.jar
MD5: 7cc7af47ad1f151faa57ef0624b2f271
SHA1: 88e9a306715e9379f3122415ef4ae759a352640d
SHA256: 474d7b88f6e97009b6ec1d98c3024dd95c23187c65dabfbc35331bcac3d173dd
Referenced In Project/Scope: i2kfs:compile
jna-platform-5.13.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.azure/azure-identity@1.15.4
Evidence Type Source Name Value Confidence Vendor file name jna-platform High Vendor jar package name jna Highest Vendor jar package name platform Highest Vendor jar package name sun Highest Vendor jar (hint) package name oracle Highest Vendor Manifest automatic-module-name com.sun.jna.platform Medium Vendor Manifest bundle-category jni Low Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.4 Low Vendor Manifest bundle-symbolicname com.sun.jna.platform Medium Vendor Manifest Implementation-Vendor JNA Development Team High Vendor Manifest require-bundle com.sun.jna;bundle-version="5.13.0" Low Vendor Manifest specification-vendor JNA Development Team Low Vendor pom artifactid jna-platform Highest Vendor pom artifactid jna-platform Low Vendor pom developer email mblaesing@doppel-helix.eu Low Vendor pom developer id twall Medium Vendor pom developer name Matthias Bläsing Medium Vendor pom developer name Timothy Wall Medium Vendor pom groupid net.java.dev.jna Highest Vendor pom name Java Native Access Platform High Vendor pom url java-native-access/jna Highest Product file name jna-platform High Product jar package name jna Highest Product jar package name platform Highest Product jar package name sun Highest Product Manifest automatic-module-name com.sun.jna.platform Medium Product Manifest bundle-category jni Low Product Manifest Bundle-Name jna-platform Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.4 Low Product Manifest bundle-symbolicname com.sun.jna.platform Medium Product Manifest Implementation-Title com.sun.jna.platform High Product Manifest require-bundle com.sun.jna;bundle-version="5.13.0" Low Product Manifest specification-title Java Native Access (JNA) Medium Product pom artifactid jna-platform Highest Product pom developer email mblaesing@doppel-helix.eu Low Product pom developer id twall Low Product pom developer name Matthias Bläsing Low Product pom developer name Timothy Wall Low Product pom groupid net.java.dev.jna Highest Product pom name Java Native Access Platform High Product pom url java-native-access/jna High Version file version 5.13.0 High Version Manifest Bundle-Version 5.13.0 High Version pom version 5.13.0 Highest
pkg:maven/net.java.dev.jna/jna-platform@5.13.0 (Confidence :High) Description:
Date and time library to replace JDK date handling License:
Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/joda-time/joda-time/2.10/joda-time-2.10.jar
MD5: 9bf3ad805b6ee8ac38fe45ce29f25e19
SHA1: f66c8125d1057ffce6c4e29e624cac863e110e2b
SHA256: c4d50dae4d58c3031475d64ae5eafade50f1861ca1553252aa7fd176d56e4eec
Referenced In Project/Scope: i2kfs:compile
joda-time-2.10.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/clj-time/clj-time@0.15.2
Evidence Type Source Name Value Confidence Vendor file name joda-time High Vendor jar package name joda Highest Vendor jar package name time Highest Vendor Manifest automatic-module-name org.joda.time Medium Vendor Manifest bundle-docurl http://www.joda.org/joda-time/ Low Vendor Manifest bundle-symbolicname joda-time Medium Vendor Manifest extension-name joda-time Medium Vendor Manifest implementation-url http://www.joda.org/joda-time/ Low Vendor Manifest Implementation-Vendor Joda.org High Vendor Manifest Implementation-Vendor-Id org.joda Medium Vendor Manifest specification-vendor Joda.org Low Vendor pom artifactid joda-time Highest Vendor pom artifactid joda-time Low Vendor pom developer id broneill Medium Vendor pom developer id jodastephen Medium Vendor pom developer name Brian S O'Neill Medium Vendor pom developer name Stephen Colebourne Medium Vendor pom groupid joda-time Highest Vendor pom name Joda-Time High Vendor pom organization name Joda.org High Vendor pom organization url http://www.joda.org Medium Vendor pom url http://www.joda.org/joda-time/ Highest Product file name joda-time High Product jar package name joda Highest Product jar package name time Highest Product Manifest automatic-module-name org.joda.time Medium Product Manifest bundle-docurl http://www.joda.org/joda-time/ Low Product Manifest Bundle-Name Joda-Time Medium Product Manifest bundle-symbolicname joda-time Medium Product Manifest extension-name joda-time Medium Product Manifest Implementation-Title org.joda.time High Product Manifest implementation-url http://www.joda.org/joda-time/ Low Product Manifest specification-title Joda-Time Medium Product pom artifactid joda-time Highest Product pom developer id broneill Low Product pom developer id jodastephen Low Product pom developer name Brian S O'Neill Low Product pom developer name Stephen Colebourne Low Product pom groupid joda-time Highest Product pom name Joda-Time High Product pom organization name Joda.org Low Product pom organization url http://www.joda.org Low Product pom url http://www.joda.org/joda-time/ Medium Version file version 2.10 High Version Manifest Bundle-Version 2.10 High Version Manifest Implementation-Version 2.10 High Version pom version 2.10 Highest
pkg:maven/joda-time/joda-time@2.10 (Confidence :High) Description:
The jose.4.j library is a robust and easy to use open source implementation of JSON Web Token (JWT) and the JOSE specification suite (JWS, JWE, and JWK).
It is written in Java and relies solely on the JCA APIs for cryptography.
Please see https://bitbucket.org/b_c/jose4j/wiki/Home for more info, examples, etc..
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/org/bitbucket/b_c/jose4j/0.9.5/jose4j-0.9.5.jar
MD5: fb939f8894b9509332ab43f40df3cc47
SHA1: e4ca26802488e6f16e24558d74ac8775a955fdd3
SHA256: 808fb3166f3e67dad9811c331029ab1681242fd52b735bc3f33f281167fcc72e
Referenced In Project/Scope: i2kfs:compile
jose4j-0.9.5.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/i2kconnect/i2kfs@1.5.0-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name jose4j High Vendor jar package name jca Highest Vendor jar package name jose4j Highest Vendor jar package name json Highest Vendor jar package name jwe Highest Vendor jar package name jwk Highest Vendor jar package name jws Highest Vendor jar package name jwt Highest Vendor jar package name use Highest Vendor Manifest automatic-module-name org.jose4j Medium Vendor Manifest bundle-symbolicname org.bitbucket.b_c.jose4j Medium Vendor pom artifactid jose4j Highest Vendor pom artifactid jose4j Low Vendor pom developer email brian.d.campbell@gmail.com Low Vendor pom developer name Brian Campbell Medium Vendor pom groupid org.bitbucket.b_c Highest Vendor pom name jose4j High Vendor pom url https://bitbucket.org/b_c/jose4j/ Highest Product file name jose4j High Product jar package name jca Highest Product jar package name jose4j Highest Product jar package name json Highest Product jar package name jwe Highest Product jar package name jwk Highest Product jar package name jws Highest Product jar package name jwt Highest Product jar package name use Highest Product Manifest automatic-module-name org.jose4j Medium Product Manifest Bundle-Name jose4j Medium Product Manifest bundle-symbolicname org.bitbucket.b_c.jose4j Medium Product pom artifactid jose4j Highest Product pom developer email brian.d.campbell@gmail.com Low Product pom developer name Brian Campbell Low Product pom groupid org.bitbucket.b_c Highest Product pom name jose4j High Product pom url https://bitbucket.org/b_c/jose4j/ Medium Version file version 0.9.5 High Version Manifest Bundle-Version 0.9.5 High Version pom version 0.9.5 Highest
Description:
JSON (JavaScript Object Notation) is a lightweight data-interchange format. It is easy for humans to read and write. It is easy for machines to parse and generate. It is based on a subset of the JavaScript Programming Language, Standard ECMA-262 3rd Edition - December 1999. JSON is a text format that is completely language independent but uses conventions that are familiar to programmers of the C-family of languages, including C, C++, C#, Java, JavaScript, Perl, Python, and many others. These properties make JSON an ideal data-interchange language. License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/net/minidev/json-smart/2.4.10/json-smart-2.4.10.jar
MD5: 36e22527b5f44ea6f0ff3086608cbf38
SHA1: 91cb329e9424bf32131eeb1ce2d17bf31b9899bc
SHA256: 70cab5e9488630dc631b1fc6e7fa550d95cddd19ba14db39ceca7cabfbd4e5ae
Referenced In Project/Scope: i2kfs:compile
json-smart-2.4.10.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.microsoft.azure/msal4j@1.22.0
Evidence Type Source Name Value Confidence Vendor file name json-smart High Vendor jar package name json Highest Vendor jar package name minidev Highest Vendor jar package name net Highest Vendor jar package name parser Highest Vendor Manifest build-jdk-spec 11 Low Vendor Manifest bundle-docurl https://urielch.github.io/ Low Vendor Manifest bundle-symbolicname net.minidev.json-smart Medium Vendor pom artifactid json-smart Highest Vendor pom artifactid json-smart Low Vendor pom developer email adoneitan@gmail.com Low Vendor pom developer email shoothzj@gmail.com Low Vendor pom developer email uchemouni@gmail.com Low Vendor pom developer id erav Medium Vendor pom developer id Shoothzj Medium Vendor pom developer id uriel Medium Vendor pom developer name Eitan Raviv Medium Vendor pom developer name Uriel Chemouni Medium Vendor pom developer name ZhangJian He Medium Vendor pom groupid net.minidev Highest Vendor pom name JSON Small and Fast Parser High Vendor pom organization name Chemouni Uriel High Vendor pom organization url https://urielch.github.io/ Medium Vendor pom url https://urielch.github.io/ Highest Product file name json-smart High Product jar package name json Highest Product jar package name minidev Highest Product jar package name net Highest Product jar package name parser Highest Product Manifest build-jdk-spec 11 Low Product Manifest bundle-docurl https://urielch.github.io/ Low Product Manifest Bundle-Name json-smart Medium Product Manifest bundle-symbolicname net.minidev.json-smart Medium Product pom artifactid json-smart Highest Product pom developer email adoneitan@gmail.com Low Product pom developer email shoothzj@gmail.com Low Product pom developer email uchemouni@gmail.com Low Product pom developer id erav Low Product pom developer id Shoothzj Low Product pom developer id uriel Low Product pom developer name Eitan Raviv Low Product pom developer name Uriel Chemouni Low Product pom developer name ZhangJian He Low Product pom groupid net.minidev Highest Product pom name JSON Small and Fast Parser High Product pom organization name Chemouni Uriel Low Product pom organization url https://urielch.github.io/ Low Product pom url https://urielch.github.io/ Medium Version file version 2.4.10 High Version Manifest Bundle-Version 2.4.10 High Version pom version 2.4.10 Highest
File Path: /root/.m2/repository/software/amazon/awssdk/json-utils/2.20.150/json-utils-2.20.150.jarMD5: 163c8634fecaf2cc026928f2abc2ab63SHA1: 293245c95438ce155ff4e2e412766c8341800957SHA256: 72734f799195bd9d1ce8cd9a58725e2fdec30efb4ec1b7e02c1745d2637c8229Referenced In Project/Scope: i2kfs:compilejson-utils-2.20.150.jar is in the transitive dependency tree of the listed items. Included by:
Evidence Type Source Name Value Confidence Vendor file name json-utils High Vendor jar package name amazon Highest Vendor jar package name awssdk Highest Vendor jar package name protocols Highest Vendor jar package name software Highest Vendor Manifest automatic-module-name software.amazon.awssdk.protocols.jsoncore Medium Vendor Manifest build-jdk-spec 1.8 Low Vendor pom artifactid json-utils Highest Vendor pom artifactid json-utils Low Vendor pom groupid software.amazon.awssdk Highest Vendor pom name AWS Java SDK :: Core :: Protocols :: Json Utils High Vendor pom parent-artifactid core Low Vendor pom url https://aws.amazon.com/sdkforjava Highest Product file name json-utils High Product jar package name amazon Highest Product jar package name awssdk Highest Product jar package name protocols Highest Product jar package name software Highest Product Manifest automatic-module-name software.amazon.awssdk.protocols.jsoncore Medium Product Manifest build-jdk-spec 1.8 Low Product pom artifactid json-utils Highest Product pom groupid software.amazon.awssdk Highest Product pom name AWS Java SDK :: Core :: Protocols :: Json Utils High Product pom parent-artifactid core Medium Product pom url https://aws.amazon.com/sdkforjava Medium Version file version 2.20.150 High Version pom version 2.20.150 Highest
Description:
jsoup is a Java library that simplifies working with real-world HTML and XML. It offers an easy-to-use API for URL fetching, data parsing, extraction, and manipulation using DOM API methods, CSS, and xpath selectors. jsoup implements the WHATWG HTML5 specification, and parses HTML to the same DOM as modern browsers. License:
The MIT License: https://jsoup.org/license File Path: /root/.m2/repository/org/jsoup/jsoup/1.21.2/jsoup-1.21.2.jar
MD5: fc16b1485a47b934cd7f4572dec1e7aa
SHA1: 55ba93337201b6f1208a6691f291ca2828860150
SHA256: f05496e255734759f0d4b5632da7b24f81313147c78c69e90ad045d096191344
Referenced In Project/Scope: i2kfs:compile
jsoup-1.21.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/i2kconnect/i2kfs@1.5.0-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name jsoup High Vendor jar package name jsoup Highest Vendor jar package name org Highest Vendor jar package name parser Highest Vendor Manifest build-jdk-spec 17 Low Vendor Manifest bundle-docurl https://jsoup.org/ Low Vendor Manifest bundle-symbolicname org.jsoup Medium Vendor Manifest Implementation-Vendor Jonathan Hedley High Vendor Manifest multi-release true Low Vendor Manifest originally-created-by Apache Maven Bundle Plugin 5.1.9 Low Vendor pom artifactid jsoup Highest Vendor pom artifactid jsoup Low Vendor pom developer email jonathan@hedley.net Low Vendor pom developer id jhy Medium Vendor pom developer name Jonathan Hedley Medium Vendor pom groupid org.jsoup Highest Vendor pom name jsoup Java HTML Parser High Vendor pom organization name Jonathan Hedley High Vendor pom organization url https://jhedley.com/ Medium Vendor pom url https://jsoup.org/ Highest Product file name jsoup High Product jar package name jsoup Highest Product jar package name org Highest Product jar package name parser Highest Product Manifest build-jdk-spec 17 Low Product Manifest bundle-docurl https://jsoup.org/ Low Product Manifest Bundle-Name jsoup Java HTML Parser Medium Product Manifest bundle-symbolicname org.jsoup Medium Product Manifest Implementation-Title jsoup Java HTML Parser High Product Manifest multi-release true Low Product Manifest originally-created-by Apache Maven Bundle Plugin 5.1.9 Low Product pom artifactid jsoup Highest Product pom developer email jonathan@hedley.net Low Product pom developer id jhy Low Product pom developer name Jonathan Hedley Low Product pom groupid org.jsoup Highest Product pom name jsoup Java HTML Parser High Product pom organization name Jonathan Hedley Low Product pom organization url https://jhedley.com/ Low Product pom url https://jsoup.org/ Medium Version file version 1.21.2 High Version Manifest Bundle-Version 1.21.2 High Version Manifest Implementation-Version 1.21.2 High Version pom version 1.21.2 Highest
Description:
JSR305 Annotations for Findbugs License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar
MD5: dd83accb899363c32b07d7a1b2e4ce40
SHA1: 25ea2e8b0c338a877313bd4672d3fe056ea78f0d
SHA256: 766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7
Referenced In Project/Scope: i2kfs:compile
jsr305-3.0.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.google.cloud/google-cloud-nio@0.127.33
Evidence Type Source Name Value Confidence Vendor file name jsr305 High Vendor Manifest bundle-symbolicname org.jsr-305 Medium Vendor pom artifactid jsr305 Highest Vendor pom artifactid jsr305 Low Vendor pom groupid com.google.code.findbugs Highest Vendor pom name FindBugs-jsr305 High Vendor pom url http://findbugs.sourceforge.net/ Highest Product file name jsr305 High Product Manifest Bundle-Name FindBugs-jsr305 Medium Product Manifest bundle-symbolicname org.jsr-305 Medium Product pom artifactid jsr305 Highest Product pom groupid com.google.code.findbugs Highest Product pom name FindBugs-jsr305 High Product pom url http://findbugs.sourceforge.net/ Medium Version file version 3.0.2 High Version Manifest Bundle-Version 3.0.2 High Version pom version 3.0.2 Highest
pkg:maven/com.google.code.findbugs/jsr305@3.0.2 (Confidence :High) Description:
JUnit is a regression testing framework written by Erich Gamma and Kent Beck. It is used by the developer who implements unit tests in Java.
License:
Common Public License Version 1.0: http://www.opensource.org/licenses/cpl1.0.txt File Path: /root/.m2/repository/junit/junit/4.8.1/junit-4.8.1.jar
MD5: fb44723f35c2f1af5c51eb729b502f0d
SHA1: f2975548f836416306ef1dee748d956f04733915
SHA256: efd8cf93b57d01e8f5fbefbe1f17ae39e6e22553615926e00a6eefc307da21e6
Referenced In Project/Scope: i2kfs:compile
junit-4.8.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/i2kconnect/i2kconfig@0.14.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name junit High Vendor jar package name framework Highest Vendor jar package name is Highest Vendor jar package name junit Highest Vendor jar package name junit Low Vendor pom artifactid junit Highest Vendor pom artifactid junit Low Vendor pom groupid junit Highest Vendor pom name JUnit High Vendor pom organization name JUnit High Vendor pom organization url http://www.junit.org Medium Vendor pom url http://junit.org Highest Product file name junit High Product jar package name framework Highest Product jar package name is Highest Product jar package name junit Highest Product pom artifactid junit Highest Product pom groupid junit Highest Product pom name JUnit High Product pom organization name JUnit Low Product pom organization url http://www.junit.org Low Product pom url http://junit.org Medium Version file version 4.8.1 High Version pom version 4.8.1 Highest
pkg:maven/junit/junit@4.8.1 (Confidence :High) cpe:2.3:a:junit:junit4:4.8.1:*:*:*:*:*:*:* (Confidence :Low) suppress CVE-2020-15250 suppress
In JUnit4 from version 4.7 and before 4.13.1, the test rule TemporaryFolder contains a local information disclosure vulnerability. On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability does not allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. This vulnerability impacts you if the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder, and the JUnit tests execute in an environment where the OS has other untrusted users. Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. For Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. For Java 1.6 and lower users: no patch is available, you must use the workaround below. If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. For more information, including an example of vulnerable code, see the referenced GitHub Security Advisory. CWE-732 Incorrect Permission Assignment for Critical Resource, CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CVSSv2:
Base Score: LOW (1.9) Vector: /AV:L/AC:M/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:1.8/RC:R/MAV:A References:
af854a3a-2127-422b-91ae-364da2661108 - EXPLOIT,THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - ISSUE_TRACKING,THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - MAILING_LIST,THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - PATCH,THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - PATCH,THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - RELEASE_NOTES,THIRD_PARTY_ADVISORY af854a3a-2127-422b-91ae-364da2661108 - VENDOR_ADVISORY security-advisories@github.com - EXPLOIT,THIRD_PARTY_ADVISORY security-advisories@github.com - ISSUE_TRACKING,THIRD_PARTY_ADVISORY security-advisories@github.com - MAILING_LIST,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - PATCH,THIRD_PARTY_ADVISORY security-advisories@github.com - RELEASE_NOTES,THIRD_PARTY_ADVISORY security-advisories@github.com - VENDOR_ADVISORY Vulnerable Software & Versions: (show all )
Description:
Kotlin Standard Library for JVM License:
The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/org/jetbrains/kotlin/kotlin-stdlib/1.8.21/kotlin-stdlib-1.8.21.jar
MD5: e4424cf44b4f8f7cd1517eafdda2f6a7
SHA1: 43d50ab85bc7587adfe3dda3dbe579e5f8d51265
SHA256: 042a1cd1ac976cdcfe5eb63f1d8e0b0b892c9248e15a69c8cfba495d546ea52a
Referenced In Project/Scope: i2kfs:runtime
kotlin-stdlib-1.8.21.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/i2kconnect/i2kconfig@0.14.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name kotlin-stdlib High Vendor jar package name jvm Highest Vendor jar package name kotlin Highest Vendor Manifest Implementation-Vendor JetBrains High Vendor Manifest kotlin-runtime-component Main Low Vendor Manifest multi-release true Low Vendor pom artifactid kotlin-stdlib Highest Vendor pom artifactid kotlin-stdlib Low Vendor pom developer name Kotlin Team Medium Vendor pom developer org JetBrains Medium Vendor pom developer org URL https://www.jetbrains.com Medium Vendor pom groupid org.jetbrains.kotlin Highest Vendor pom name Kotlin Stdlib High Vendor pom url https://kotlinlang.org/ Highest Product file name kotlin-stdlib High Product jar package name jvm Highest Product jar package name kotlin Highest Product Manifest Implementation-Title kotlin-stdlib High Product Manifest kotlin-runtime-component Main Low Product Manifest multi-release true Low Product pom artifactid kotlin-stdlib Highest Product pom developer name Kotlin Team Low Product pom developer org JetBrains Low Product pom developer org URL https://www.jetbrains.com Low Product pom groupid org.jetbrains.kotlin Highest Product pom name Kotlin Stdlib High Product pom url https://kotlinlang.org/ Medium Version file version 1.8.21 High Version pom version 1.8.21 Highest
Related Dependencies kotlin-stdlib-jdk7-1.8.21.jarFile Path: /root/.m2/repository/org/jetbrains/kotlin/kotlin-stdlib-jdk7/1.8.21/kotlin-stdlib-jdk7-1.8.21.jar MD5: 0735e3e69d099e8cc8fc03e45be84c46 SHA1: 7473b8cd3c0ef9932345baf569bc398e8a717046 SHA256: 33d148db0e11debd0d90677d28242bced907f9c77730000fd597867089039d86 pkg:maven/org.jetbrains.kotlin/kotlin-stdlib-jdk7@1.8.21 kotlin-stdlib-jdk8-1.8.21.jarFile Path: /root/.m2/repository/org/jetbrains/kotlin/kotlin-stdlib-jdk8/1.8.21/kotlin-stdlib-jdk8-1.8.21.jar MD5: 59e5a79996f1d856ddea6533a1080f86 SHA1: 67f57e154437cd9e6e9cf368394b95814836ff88 SHA256: 3db752a30074f06ee6c57984aa6f27da44f4d2bbc7f5442651f6988f1cb2b7d7 pkg:maven/org.jetbrains.kotlin/kotlin-stdlib-jdk8@1.8.21 Description:
Kotlin Common Standard Library License:
The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/org/jetbrains/kotlin/kotlin-stdlib-common/1.9.10/kotlin-stdlib-common-1.9.10.jar
MD5: de4024a53c843e959f2d50ecd1f0e951
SHA1: dafaf2c27f27c09220cee312df10917d9a5d97ce
SHA256: cde3341ba18a2ba262b0b7cf6c55b20c90e8d434e42c9a13e6a3f770db965a88
Referenced In Project/Scope: i2kfs:runtime
kotlin-stdlib-common-1.9.10.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/i2kconnect/i2kconfig@0.14.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name kotlin-stdlib-common High Vendor Manifest Implementation-Vendor JetBrains High Vendor Manifest kotlin-runtime-component Main Low Vendor pom artifactid kotlin-stdlib-common Highest Vendor pom artifactid kotlin-stdlib-common Low Vendor pom developer name Kotlin Team Medium Vendor pom developer org JetBrains Medium Vendor pom developer org URL https://www.jetbrains.com Medium Vendor pom groupid org.jetbrains.kotlin Highest Vendor pom name Kotlin Stdlib Common High Vendor pom url https://kotlinlang.org/ Highest Product file name kotlin-stdlib-common High Product Manifest Implementation-Title kotlin-stdlib-common High Product Manifest kotlin-runtime-component Main Low Product pom artifactid kotlin-stdlib-common Highest Product pom developer name Kotlin Team Low Product pom developer org JetBrains Low Product pom developer org URL https://www.jetbrains.com Low Product pom groupid org.jetbrains.kotlin Highest Product pom name Kotlin Stdlib Common High Product pom url https://kotlinlang.org/ Medium Version file version 1.9.10 High Version pom version 1.9.10 Highest
Description:
Java implementation of "Tags for Identifying Languages"
(RFC 5646).
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/com/nimbusds/lang-tag/1.4.3/lang-tag-1.4.3.jar
MD5: d7b05cf9de5adc3249d885d5e54e5c60
SHA1: 3352fdf0fe214122fb582def1b60ea8f5468cb3d
SHA256: ee2e5768ce28d1a3e45ff3075fa25df38d3353a1ca04e791f815bc5163d6cf0b
Referenced In Project/Scope: i2kfs:compile
lang-tag-1.4.3.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.microsoft.azure/msal4j@1.22.0
Evidence Type Source Name Value Confidence Vendor file name lang-tag High Vendor jar package name langtag Highest Vendor jar package name nimbusds Highest Vendor Manifest build-date ${timestamp} Low Vendor Manifest build-number ${buildNumber} Low Vendor Manifest build-tag 1.4.3 Low Vendor Manifest bundle-docurl http://connect2id.com/ Low Vendor Manifest bundle-symbolicname lang-tag Medium Vendor Manifest Implementation-Vendor Connect2id Ltd. High Vendor Manifest Implementation-Vendor-Id com.nimbusds Medium Vendor Manifest specification-vendor Connect2id Ltd. Low Vendor pom artifactid lang-tag Highest Vendor pom artifactid lang-tag Low Vendor pom developer email vladimir@dzhuvinov.com Low Vendor pom developer id vdzhuvinov Medium Vendor pom developer name Vladimir Dzhuvinov Medium Vendor pom groupid com.nimbusds Highest Vendor pom name Nimbus LangTag High Vendor pom organization name Connect2id Ltd. High Vendor pom organization url http://connect2id.com/ Medium Vendor pom url https://bitbucket.org/connect2id/nimbus-language-tags Highest Product file name lang-tag High Product jar package name langtag Highest Product jar package name nimbusds Highest Product Manifest build-date ${timestamp} Low Product Manifest build-number ${buildNumber} Low Product Manifest build-tag 1.4.3 Low Product Manifest bundle-docurl http://connect2id.com/ Low Product Manifest Bundle-Name Nimbus LangTag Medium Product Manifest bundle-symbolicname lang-tag Medium Product Manifest Implementation-Title Nimbus LangTag High Product Manifest specification-title Nimbus LangTag Medium Product pom artifactid lang-tag Highest Product pom developer email vladimir@dzhuvinov.com Low Product pom developer id vdzhuvinov Low Product pom developer name Vladimir Dzhuvinov Low Product pom groupid com.nimbusds Highest Product pom name Nimbus LangTag High Product pom organization name Connect2id Ltd. Low Product pom organization url http://connect2id.com/ Low Product pom url https://bitbucket.org/connect2id/nimbus-language-tags Medium Version file version 1.4.3 High Version Manifest build-tag 1.4.3 Low Version Manifest Bundle-Version 1.4.3 High Version Manifest Implementation-Version 1.4.3 High Version pom version 1.4.3 Highest
pkg:maven/com.nimbusds/lang-tag@1.4.3 (Confidence :High) Description:
Java library for creating text-based terminal GUIs License:
GNU Lesser General Public License: http://www.gnu.org/licenses/lgpl-3.0.txt File Path: /root/.m2/repository/com/googlecode/lanterna/lanterna/2.1.7/lanterna-2.1.7.jar
MD5: 88f0da4949db81bba19517face4412f3
SHA1: 6dfbedc5989c11f48341b8af166bbd828390145f
SHA256: 5ebdb85cd9eabd54ec19ff8ca0449cdb745959ce8d4c319259bb39ace4b78618
Referenced In Project/Scope: i2kfs:compile
lanterna-2.1.7.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/clojure-lanterna/clojure-lanterna@0.9.7
Evidence Type Source Name Value Confidence Vendor file name lanterna High Vendor jar package name googlecode Highest Vendor jar package name googlecode Low Vendor jar package name gui Low Vendor jar package name lanterna Highest Vendor jar package name lanterna Low Vendor jar package name terminal Highest Vendor jar package name text Highest Vendor pom artifactid lanterna Highest Vendor pom artifactid lanterna Low Vendor pom developer email mabe02@gmail.com Low Vendor pom developer id Martin Medium Vendor pom developer name Martin Berglund Medium Vendor pom groupid com.googlecode.lanterna Highest Vendor pom name Lanterna High Vendor pom url http://code.google.com/p/lanterna/ Highest Product file name lanterna High Product jar package name googlecode Highest Product jar package name gui Low Product jar package name lanterna Highest Product jar package name lanterna Low Product jar package name terminal Highest Product jar package name text Highest Product pom artifactid lanterna Highest Product pom developer email mabe02@gmail.com Low Product pom developer id Martin Low Product pom developer name Martin Berglund Low Product pom groupid com.googlecode.lanterna Highest Product pom name Lanterna High Product pom url http://code.google.com/p/lanterna/ Medium Version file version 2.1.7 High Version pom version 2.1.7 Highest
pkg:maven/com.googlecode.lanterna/lanterna@2.1.7 (Confidence :High) cpe:2.3:a:google:gmail:2.1.7:*:*:*:*:*:*:* (Confidence :Low) suppress Description:
An empty artifact that Guava depends on to signal that it is providing
ListenableFuture -- but is also available in a second "version" that
contains com.google.common.util.concurrent.ListenableFuture class, without
any other Guava classes. The idea is:
- If users want only ListenableFuture, they depend on listenablefuture-1.0.
- If users want all of Guava, they depend on guava, which, as of Guava
27.0, depends on
listenablefuture-9999.0-empty-to-avoid-conflict-with-guava. The 9999.0-...
version number is enough for some build systems (notably, Gradle) to select
that empty artifact over the "real" listenablefuture-1.0 -- avoiding a
conflict with the copy of ListenableFuture in guava itself. If users are
using an older version of Guava or a build system other than Gradle, they
may see class conflicts. If so, they can solve them by manually excluding
the listenablefuture artifact or manually forcing their build systems to
use 9999.0-....
File Path: /root/.m2/repository/com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jarMD5: d094c22570d65e132c19cea5d352e381SHA1: b421526c5f297295adef1c886e5246c39d4ac629SHA256: b372a037d4230aa57fbeffdef30fd6123f9c0c2db85d0aced00c91b974f33f99Referenced In Project/Scope: i2kfs:compilelistenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar is in the transitive dependency tree of the listed items. Included by:
Evidence Type Source Name Value Confidence Vendor file name listenablefuture High Vendor pom artifactid listenablefuture Highest Vendor pom artifactid listenablefuture Low Vendor pom groupid com.google.guava Highest Vendor pom name Guava ListenableFuture only High Vendor pom parent-artifactid guava-parent Low Product file name listenablefuture High Product pom artifactid listenablefuture Highest Product pom groupid com.google.guava Highest Product pom name Guava ListenableFuture only High Product pom parent-artifactid guava-parent Medium Version pom parent-version 9999.0-empty-to-avoid-conflict-with-guava Low Version pom version 9999.0-empty-to-avoid-conflict-with-guava Highest
pkg:maven/com.google.guava/listenablefuture@9999.0-empty-to-avoid-conflict-with-guava (Confidence :High) Description:
The Apache Log4j Implementation License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/org/apache/logging/log4j/log4j-core/2.17.1/log4j-core-2.17.1.jar
MD5: 8d2f5c52700336dae846b2c3ecde7a6e
SHA1: 779f60f3844dadc3ef597976fcb1e5127b1f343d
SHA256: c967f223487980b9364e94a7c7f9a8a01fd3ee7c19bdbf0b0f9f8cb8511f3d41
Referenced In Project/Scope: i2kfs:provided
log4j-core-2.17.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/i2kconnect/i2kfs@1.5.0-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name log4j-core High Vendor jar package name apache Highest Vendor jar package name core Highest Vendor jar package name log4j Highest Vendor jar package name logging Highest Vendor jar package name org Highest Vendor Manifest automatic-module-name org.apache.logging.log4j.core Medium Vendor Manifest bundle-docurl https://www.apache.org/ Low Vendor Manifest bundle-symbolicname org.apache.logging.log4j.core Medium Vendor Manifest implementation-url https://logging.apache.org/log4j/2.x/log4j-core/ Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest Implementation-Vendor-Id org.apache.logging.log4j Medium Vendor Manifest log4jreleasekey D7C92B70FA1C814D Low Vendor Manifest log4jreleasemanager Matt Sicker Low Vendor Manifest log4jsigningusername mattsicker@apache.org Medium Vendor Manifest multi-release true Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid log4j-core Highest Vendor pom artifactid log4j-core Low Vendor pom groupid org.apache.logging.log4j Highest Vendor pom name Apache Log4j Core High Vendor pom parent-artifactid log4j Low Product file name log4j-core High Product jar package name apache Highest Product jar package name core Highest Product jar package name log4j Highest Product jar package name logging Highest Product jar package name org Highest Product Manifest automatic-module-name org.apache.logging.log4j.core Medium Product Manifest bundle-docurl https://www.apache.org/ Low Product Manifest Bundle-Name Apache Log4j Core Medium Product Manifest bundle-symbolicname org.apache.logging.log4j.core Medium Product Manifest Implementation-Title Apache Log4j Core High Product Manifest implementation-url https://logging.apache.org/log4j/2.x/log4j-core/ Low Product Manifest log4jreleasekey D7C92B70FA1C814D Low Product Manifest log4jreleasemanager Matt Sicker Low Product Manifest log4jsigningusername mattsicker@apache.org Medium Product Manifest multi-release true Low Product Manifest specification-title Apache Log4j Core Medium Product pom artifactid log4j-core Highest Product pom groupid org.apache.logging.log4j Highest Product pom name Apache Log4j Core High Product pom parent-artifactid log4j Medium Version file version 2.17.1 High Version Manifest Bundle-Version 2.17.1 High Version Manifest Implementation-Version 2.17.1 High Version Manifest log4jreleaseversion 2.17.1 Medium Version pom version 2.17.1 Highest
Related Dependencies log4j-api-2.17.1.jarFile Path: /root/.m2/repository/org/apache/logging/log4j/log4j-api/2.17.1/log4j-api-2.17.1.jar MD5: dfd5f2d81aba31583ee87fe16c7b78f8 SHA1: d771af8e336e372fb5399c99edabe0919aeaf5b2 SHA256: b0d8a4c8ab4fb8b1888d0095822703b0e6d4793c419550203da9e69196161de4 pkg:maven/org.apache.logging.log4j/log4j-api@2.17.1 CVE-2025-68161 suppress
The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate, even when the verifyHostName https://logging.apache.org/log4j/2.x/manual/appenders/network.html#SslConfiguration-attr-verifyHostName configuration attribute or the log4j2.sslVerifyHostName https://logging.apache.org/log4j/2.x/manual/systemproperties.html#log4j2.sslVerifyHostName system property is set to true.
This issue may allow a man-in-the-middle attacker to intercept or redirect log traffic under the following conditions:
* The attacker is able to intercept or redirect network traffic between the client and the log receiver.
* The attacker can present a server certificate issued by a certification authority trusted by the Socket Appender’s configured trust store (or by the default Java trust store if no custom trust store is configured).
Users are advised to upgrade to Apache Log4j Core version 2.25.3, which addresses this issue.
As an alternative mitigation, the Socket Appender may be configured to use a private or restricted trust root to limit the set of trusted certificates. CWE-295 Improper Certificate Validation, CWE-297 Improper Validation of Certificate with Host Mismatch
CVSSv3:
Base Score: MEDIUM (4.8) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:2.2/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
Description:
Log4j implemented over SLF4J License:
Apache Software Licenses: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/org/slf4j/log4j-over-slf4j/2.0.16/log4j-over-slf4j-2.0.16.jar
MD5: 041115190b4840e3b0682a9bc3d3d3ee
SHA1: e904edf30a403602db79e190a34c1f17311f235a
SHA256: 0a4c4314b80d7b0ec733efb3cfbeb9005e7488e64132716396e33ef0ca1ac52d
Referenced In Project/Scope: i2kfs:compile
log4j-over-slf4j-2.0.16.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/i2kconnect/i2kfs@1.5.0-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name log4j-over-slf4j High Vendor jar package name log4j Highest Vendor Manifest build-jdk-spec 21 Low Vendor Manifest bundle-docurl http://www.slf4j.org Low Vendor Manifest bundle-symbolicname log4j.over.slf4j Medium Vendor Manifest multi-release true Low Vendor pom artifactid log4j-over-slf4j Highest Vendor pom artifactid log4j-over-slf4j Low Vendor pom groupid org.slf4j Highest Vendor pom name Log4j Implemented Over SLF4J High Vendor pom parent-artifactid slf4j-parent Low Vendor pom url http://www.slf4j.org Highest Product file name log4j-over-slf4j High Product jar package name log4j Highest Product Manifest build-jdk-spec 21 Low Product Manifest bundle-docurl http://www.slf4j.org Low Product Manifest Bundle-Name Log4j Implemented Over SLF4J Medium Product Manifest bundle-symbolicname log4j.over.slf4j Medium Product Manifest Implementation-Title log4j-over-slf4j High Product Manifest multi-release true Low Product pom artifactid log4j-over-slf4j Highest Product pom groupid org.slf4j Highest Product pom name Log4j Implemented Over SLF4J High Product pom parent-artifactid slf4j-parent Medium Product pom url http://www.slf4j.org Medium Version file version 2.0.16 High Version Manifest Bundle-Version 2.0.16 High Version Manifest Implementation-Version 2.0.16 High Version pom version 2.0.16 Highest
pkg:maven/org.slf4j/log4j-over-slf4j@2.0.16 (Confidence :High) Description:
A lightweight library of useful, mostly pure functions License:
Eclipse Public License: http://www.eclipse.org/legal/epl-v10.html File Path: /root/.m2/repository/medley/medley/1.4.0/medley-1.4.0.jar
MD5: 7d81b0b5b328f6100334682044582b68
SHA1: f5117fa4c15ff14c4a0ab7db414b0f102afb0b8a
SHA256: 4cf21169bbdcb46b99e77d409beeb7bfd1aa366088528757424cb997d496f355
Referenced In Project/Scope: i2kfs:compile
medley-1.4.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/i2kconnect/i2kconfig@0.14.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name medley High Vendor Manifest leiningen-project-artifactid medley Low Vendor Manifest leiningen-project-groupid medley Low Vendor pom artifactid medley Highest Vendor pom artifactid medley Low Vendor pom groupid medley Highest Vendor pom name medley High Vendor pom url weavejester/medley Highest Product file name medley High Product Manifest leiningen-project-artifactid medley Low Product Manifest leiningen-project-groupid medley Low Product pom artifactid medley Highest Product pom groupid medley Highest Product pom name medley High Product pom url weavejester/medley High Version file version 1.4.0 High Version Manifest leiningen-project-version 1.4.0 Medium Version pom version 1.4.0 Highest
pkg:maven/medley/medley@1.4.0 (Confidence :High) Description:
This is the base module for SDK metrics feature. It contains the interfaces used for metrics feature
that are used by other modules in the library.
File Path: /root/.m2/repository/software/amazon/awssdk/metrics-spi/2.20.150/metrics-spi-2.20.150.jarMD5: 6af6b9d572fb8289d51b692a4192f2f8SHA1: 863cbf4c4313e079e1bf68a05cf51e6700d96ac5SHA256: 2e59a932d54f6536f7849679eba627719e4f7926a1efc9d43b9ed9822bc4be83Referenced In Project/Scope: i2kfs:compilemetrics-spi-2.20.150.jar is in the transitive dependency tree of the listed items. Included by:
Evidence Type Source Name Value Confidence Vendor file name metrics-spi High Vendor jar package name amazon Highest Vendor jar package name awssdk Highest Vendor jar package name metrics Highest Vendor jar package name software Highest Vendor Manifest automatic-module-name software.amazon.awssdk.metrics Medium Vendor Manifest build-jdk-spec 1.8 Low Vendor pom artifactid metrics-spi Highest Vendor pom artifactid metrics-spi Low Vendor pom groupid software.amazon.awssdk Highest Vendor pom name AWS Java SDK :: Metrics SPI High Vendor pom parent-artifactid core Low Product file name metrics-spi High Product jar package name amazon Highest Product jar package name awssdk Highest Product jar package name metrics Highest Product jar package name software Highest Product Manifest automatic-module-name software.amazon.awssdk.metrics Medium Product Manifest build-jdk-spec 1.8 Low Product pom artifactid metrics-spi Highest Product pom groupid software.amazon.awssdk Highest Product pom name AWS Java SDK :: Metrics SPI High Product pom parent-artifactid core Medium Version file version 2.20.150 High Version pom version 2.20.150 Highest
Description:
Microsoft Authentication Library for Java gives you the ability to obtain tokens from Microsoft Entra (work and
school accounts, MSA) and Azure AD B2C, gaining access to Microsoft Cloud API and any other API secured by Microsoft
identities
License:
MIT License File Path: /root/.m2/repository/com/microsoft/azure/msal4j/1.22.0/msal4j-1.22.0.jar
MD5: fa330912b0df54a12095370a2c3d9cc8
SHA1: f8ae704ee28af7678e3f4ea21fc55660c1f116ab
SHA256: c70f36d6342c8914de95a63268f6789d88d8f6697e57e2e79a767041288af9d3
Referenced In Project/Scope: i2kfs:compile
msal4j-1.22.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/i2kconnect/i2kfs@1.5.0-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name msal4j High Vendor jar package name aad Highest Vendor jar package name microsoft Highest Vendor jar package name msal4j Highest Vendor Manifest automatic-module-name com.microsoft.aad.msal4j Medium Vendor Manifest bundle-developers msopentech;name="Microsoft Open Technologies, Inc." Low Vendor Manifest bundle-docurl https://github.com/AzureAD/microsoft-authentication-library-for-java Low Vendor Manifest bundle-symbolicname msal4j Medium Vendor Manifest Implementation-Vendor-Id com.microsoft.azure Medium Vendor pom artifactid msal4j Highest Vendor pom artifactid msal4j Low Vendor pom developer id msopentech Medium Vendor pom developer name Microsoft Open Technologies, Inc. Medium Vendor pom groupid com.microsoft.azure Highest Vendor pom name msal4j High Vendor pom url AzureAD/microsoft-authentication-library-for-java Highest Product file name msal4j High Product jar package name aad Highest Product jar package name microsoft Highest Product jar package name msal4j Highest Product Manifest automatic-module-name com.microsoft.aad.msal4j Medium Product Manifest bundle-developers msopentech;name="Microsoft Open Technologies, Inc." Low Product Manifest bundle-docurl https://github.com/AzureAD/microsoft-authentication-library-for-java Low Product Manifest Bundle-Name msal4j Medium Product Manifest bundle-symbolicname msal4j Medium Product Manifest Implementation-Title msal4j High Product Manifest specification-title msal4j Medium Product pom artifactid msal4j Highest Product pom developer id msopentech Low Product pom developer name Microsoft Open Technologies, Inc. Low Product pom groupid com.microsoft.azure Highest Product pom name msal4j High Product pom url AzureAD/microsoft-authentication-library-for-java High Version file version 1.22.0 High Version Manifest Bundle-Version 1.22.0 High Version Manifest Implementation-Version 1.22.0 High Version pom version 1.22.0 Highest
pkg:maven/com.microsoft.azure/msal4j@1.22.0 (Confidence :High) cpe:2.3:a:microsoft:authentication_library:1.22.0:*:*:*:*:*:*:* (Confidence :Low) suppress CVE-2024-35255 suppress
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVSSv3:
Base Score: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:1.8/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
Description:
Implementation of ITokenCacheAccessAspect interface defined in Java MSAL SDK (artifactId - msal4j)
for persistence of token cache in platform specific secret storage:
* Win - file encrypted with DPAPI
* Mac - key chain
* Linux - key ring
License:
MIT License File Path: /root/.m2/repository/com/microsoft/azure/msal4j-persistence-extension/1.3.0/msal4j-persistence-extension-1.3.0.jar
MD5: 7bc0a0a50fd149b732e1fbec92a4b0a3
SHA1: 8a8ef1517d27a5b4de1512ef94679bdb59f210b6
SHA256: dfc41c817fbfa76057af6ffe4379dbca6a5e16b8e87df8bdda23f371756c2d09
Referenced In Project/Scope: i2kfs:compile
msal4j-persistence-extension-1.3.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.azure/azure-identity@1.15.4
Evidence Type Source Name Value Confidence Vendor file name msal4j-persistence-extension High Vendor jar package name microsoft Highest Vendor jar package name persistence Highest Vendor Manifest Implementation-Vendor-Id com.microsoft.azure Medium Vendor pom artifactid msal4j-persistence-extension Highest Vendor pom artifactid msal4j-persistence-extension Low Vendor pom developer id ms Medium Vendor pom developer name Microsoft Corporation Medium Vendor pom groupid com.microsoft.azure Highest Vendor pom name msal4j-persistence-extension High Vendor pom url AzureAD/microsoft-authentication-library-for-java Highest Product file name msal4j-persistence-extension High Product jar package name microsoft Highest Product jar package name persistence Highest Product Manifest Implementation-Title msal4j-persistence-extension High Product Manifest specification-title msal4j-persistence-extension Medium Product pom artifactid msal4j-persistence-extension Highest Product pom developer id ms Low Product pom developer name Microsoft Corporation Low Product pom groupid com.microsoft.azure Highest Product pom name msal4j-persistence-extension High Product pom url AzureAD/microsoft-authentication-library-for-java High Version file version 1.3.0 High Version Manifest Implementation-Version 1.3.0 High Version pom version 1.3.0 Highest
pkg:maven/com.microsoft.azure/msal4j-persistence-extension@1.3.0 (Confidence :High) Description:
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers and clients. License:
https://www.apache.org/licenses/LICENSE-2.0 File Path: /root/.m2/repository/io/netty/netty-codec-memcache/4.1.128.Final/netty-codec-memcache-4.1.128.Final.jar
MD5: 502062f9a011954237cae06f2eb846eb
SHA1: 42052224875bcfb423a4fab6c533fac6b061b22a
SHA256: a476e82d64984f28bcb6c6b0b2a82f07fc8693117c113f4814cb3e8deebccc01
Referenced In Project/Scope: i2kfs:compile
netty-codec-memcache-4.1.128.Final.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.netty/netty-all@4.1.128.Final
Evidence Type Source Name Value Confidence Vendor file name netty-codec-memcache High Vendor jar package name codec Highest Vendor jar package name io Highest Vendor jar package name netty Highest Vendor Manifest automatic-module-name io.netty.codec.memcache Medium Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://netty.io/ Low Vendor Manifest bundle-symbolicname io.netty.codec-memcache Medium Vendor Manifest implementation-url https://netty.io/netty-codec-memcache/ Low Vendor Manifest Implementation-Vendor The Netty Project High Vendor Manifest Implementation-Vendor-Id io.netty Medium Vendor Manifest specification-vendor The Netty Project Low Vendor pom artifactid netty-codec-memcache Highest Vendor pom artifactid netty-codec-memcache Low Vendor pom groupid io.netty Highest Vendor pom name Netty/Codec/Memcache High Vendor pom parent-artifactid netty-parent Low Product file name netty-codec-memcache High Product jar package name codec Highest Product jar package name io Highest Product jar package name netty Highest Product Manifest automatic-module-name io.netty.codec.memcache Medium Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://netty.io/ Low Product Manifest Bundle-Name Netty/Codec/Memcache Medium Product Manifest bundle-symbolicname io.netty.codec-memcache Medium Product Manifest Implementation-Title Netty/Codec/Memcache High Product Manifest implementation-url https://netty.io/netty-codec-memcache/ Low Product Manifest specification-title Netty/Codec/Memcache Medium Product pom artifactid netty-codec-memcache Highest Product pom groupid io.netty Highest Product pom name Netty/Codec/Memcache High Product pom parent-artifactid netty-parent Medium Version Manifest Bundle-Version 4.1.128.Final High Version Manifest Implementation-Version 4.1.128.Final High Version pom version 4.1.128.Final Highest
CVE-2025-67735 suppress
Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.129.Final and 4.2.8.Final, the `io.netty.handler.codec.http.HttpRequestEncoder` has a CRLF injection with the request URI when constructing a request. This leads to request smuggling when `HttpRequestEncoder` is used without proper sanitization of the URI. Any application / framework using `HttpRequestEncoder` can be subject to be abused to perform request smuggling using CRLF injection. Versions 4.1.129.Final and 4.2.8.Final fix the issue. CWE-93 Improper Neutralization of CRLF Sequences ('CRLF Injection')
CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
Description:
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers and clients. License:
https://www.apache.org/licenses/LICENSE-2.0 File Path: /root/.m2/repository/io/netty/netty-codec-mqtt/4.1.128.Final/netty-codec-mqtt-4.1.128.Final.jar
MD5: 127cc0e26b72ddf556f91417485d08bb
SHA1: a1641ef674df6656a35a236cc643034c93cedfba
SHA256: e1381cc23ecb0590ccb7e9296e739f77b3d99f46e66a7ea81a5117bd64165a30
Referenced In Project/Scope: i2kfs:compile
netty-codec-mqtt-4.1.128.Final.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.netty/netty-all@4.1.128.Final
Evidence Type Source Name Value Confidence Vendor file name netty-codec-mqtt High Vendor jar package name codec Highest Vendor jar package name io Highest Vendor jar package name netty Highest Vendor Manifest automatic-module-name io.netty.codec.mqtt Medium Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://netty.io/ Low Vendor Manifest bundle-symbolicname io.netty.codec-mqtt Medium Vendor Manifest implementation-url https://netty.io/netty-codec-mqtt/ Low Vendor Manifest Implementation-Vendor The Netty Project High Vendor Manifest Implementation-Vendor-Id io.netty Medium Vendor Manifest specification-vendor The Netty Project Low Vendor pom artifactid netty-codec-mqtt Highest Vendor pom artifactid netty-codec-mqtt Low Vendor pom groupid io.netty Highest Vendor pom name Netty/Codec/MQTT High Vendor pom parent-artifactid netty-parent Low Product file name netty-codec-mqtt High Product jar package name codec Highest Product jar package name io Highest Product jar package name netty Highest Product Manifest automatic-module-name io.netty.codec.mqtt Medium Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://netty.io/ Low Product Manifest Bundle-Name Netty/Codec/MQTT Medium Product Manifest bundle-symbolicname io.netty.codec-mqtt Medium Product Manifest Implementation-Title Netty/Codec/MQTT High Product Manifest implementation-url https://netty.io/netty-codec-mqtt/ Low Product Manifest specification-title Netty/Codec/MQTT Medium Product pom artifactid netty-codec-mqtt Highest Product pom groupid io.netty Highest Product pom name Netty/Codec/MQTT High Product pom parent-artifactid netty-parent Medium Version Manifest Bundle-Version 4.1.128.Final High Version Manifest Implementation-Version 4.1.128.Final High Version pom version 4.1.128.Final Highest
CVE-2025-67735 suppress
Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.129.Final and 4.2.8.Final, the `io.netty.handler.codec.http.HttpRequestEncoder` has a CRLF injection with the request URI when constructing a request. This leads to request smuggling when `HttpRequestEncoder` is used without proper sanitization of the URI. Any application / framework using `HttpRequestEncoder` can be subject to be abused to perform request smuggling using CRLF injection. Versions 4.1.129.Final and 4.2.8.Final fix the issue. CWE-93 Improper Neutralization of CRLF Sequences ('CRLF Injection')
CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
Description:
Java Concurrency Tools Core Library License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/io/netty/netty-common/4.1.128.Final/netty-common-4.1.128.Final.jar/META-INF/maven/org.jctools/jctools-core/pom.xml
MD5: 5d5135397b920a7dcbca5c1fb0576cf2
SHA1: eaa05d6ad937464312a2681a3236c0e06602bbb7
SHA256: a69897b8ff0c2198b4b8cd7d4f93fde6d42b8e9dbfc95553585e27587b24e211
Referenced In Project/Scope: i2kfs:compile
Evidence Type Source Name Value Confidence Vendor pom artifactid jctools-core Low Vendor pom groupid org.jctools Highest Vendor pom name Java Concurrency Tools Core Library High Vendor pom url JCTools Highest Product pom artifactid jctools-core Highest Product pom groupid org.jctools Highest Product pom name Java Concurrency Tools Core Library High Product pom url JCTools High Version pom version 4.0.5 Highest
Related Dependencies opentelemetry-sdk-trace-1.47.0.jar (shaded: org.jctools:jctools-core:4.0.5)File Path: /root/.m2/repository/io/opentelemetry/opentelemetry-sdk-trace/1.47.0/opentelemetry-sdk-trace-1.47.0.jar/META-INF/maven/org.jctools/jctools-core/pom.xml MD5: 5d5135397b920a7dcbca5c1fb0576cf2 SHA1: eaa05d6ad937464312a2681a3236c0e06602bbb7 SHA256: a69897b8ff0c2198b4b8cd7d4f93fde6d42b8e9dbfc95553585e27587b24e211 pkg:maven/org.jctools/jctools-core@4.0.5 pkg:maven/org.jctools/jctools-core@4.0.5 (Confidence :High) File Path: /root/.m2/repository/software/amazon/awssdk/netty-nio-client/2.20.150/netty-nio-client-2.20.150.jarMD5: 49759c1cd00714bacf782c888f5bbfe4SHA1: a9fc1ca5fd05c06ab4a435926baf0337b83e0d73SHA256: cc6c7c79ef958584e0d49032a01f54e08bc8060714e38df6e7a35d5c6aee0444Referenced In Project/Scope: i2kfs:runtimenetty-nio-client-2.20.150.jar is in the transitive dependency tree of the listed items. Included by:
Evidence Type Source Name Value Confidence Vendor file name netty-nio-client High Vendor jar package name amazon Highest Vendor jar package name awssdk Highest Vendor jar package name http Highest Vendor jar package name software Highest Vendor Manifest automatic-module-name software.amazon.awssdk.http.nio.netty Medium Vendor Manifest build-jdk-spec 1.8 Low Vendor pom artifactid netty-nio-client Highest Vendor pom artifactid netty-nio-client Low Vendor pom groupid software.amazon.awssdk Highest Vendor pom name AWS Java SDK :: HTTP Clients :: Netty Non-Blocking I/O High Vendor pom parent-artifactid http-clients Low Product file name netty-nio-client High Product jar package name amazon Highest Product jar package name awssdk Highest Product jar package name http Highest Product jar package name software Highest Product Manifest automatic-module-name software.amazon.awssdk.http.nio.netty Medium Product Manifest build-jdk-spec 1.8 Low Product pom artifactid netty-nio-client Highest Product pom groupid software.amazon.awssdk Highest Product pom name AWS Java SDK :: HTTP Clients :: Netty Non-Blocking I/O High Product pom parent-artifactid http-clients Medium Version file version 2.20.150 High Version pom version 2.20.150 Highest
Description:
A Mavenized fork of Tomcat Native which incorporates various patches. This artifact is statically linked
to BoringSSL and Apache APR.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/io/netty/netty-tcnative-boringssl-static/2.0.70.Final/netty-tcnative-boringssl-static-2.0.70.Final-linux-aarch_64.jar
MD5: 05c6438938d82ac730299685facf1c92
SHA1: 7cc7d15769a4cb9a2f38d3e863cc55f28732d71f
SHA256: 523c43f67ad9040d70f9494fc28eebf711d8c54e2aa30e3fd1a199c38740f53b
Referenced In Project/Scope: i2kfs:compile
netty-tcnative-boringssl-static-2.0.70.Final-linux-aarch_64.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.azure/azure-storage-blob-nio@12.0.0-beta.30
Evidence Type Source Name Value Confidence Vendor file name netty-tcnative-boringssl-static High Vendor Manifest boringssl-branch chromium-stable Low Vendor Manifest boringssl-revision b8c97f5b4bc5d4758612a0430e5c2792d0f9ca7f Low Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://netty.io/ Low Vendor Manifest bundle-nativecode META-INF/native/libnetty_tcnative_linux_aarch_64.so;osname=linux;processor=x86_64 Low Vendor Manifest bundle-symbolicname io.netty.tcnative-boringssl-static Medium Vendor Manifest fragment-host io.netty.tcnative-classes Low Vendor Manifest implementation-url https://github.com/netty/netty-tcnative/netty-tcnative-boringssl-static/ Low Vendor Manifest Implementation-Vendor The Netty Project High Vendor Manifest Implementation-Vendor-Id io.netty Medium Vendor Manifest multi-release true Low Vendor Manifest specification-vendor The Netty Project Low Vendor pom artifactid netty-tcnative-boringssl-static Highest Vendor pom artifactid netty-tcnative-boringssl-static Low Vendor pom groupid io.netty Highest Vendor pom name Netty/TomcatNative [BoringSSL - Static] High Vendor pom parent-artifactid netty-tcnative-parent Low Product file name netty-tcnative-boringssl-static High Product jar package name meta-inf Highest Product Manifest boringssl-branch chromium-stable Low Product Manifest boringssl-revision b8c97f5b4bc5d4758612a0430e5c2792d0f9ca7f Low Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://netty.io/ Low Product Manifest Bundle-Name Netty/TomcatNative [BoringSSL - Static] Medium Product Manifest bundle-nativecode META-INF/native/libnetty_tcnative_linux_aarch_64.so;osname=linux;processor=x86_64 Low Product Manifest bundle-symbolicname io.netty.tcnative-boringssl-static Medium Product Manifest fragment-host io.netty.tcnative-classes Low Product Manifest Implementation-Title Netty/TomcatNative [BoringSSL - Static] High Product Manifest implementation-url https://github.com/netty/netty-tcnative/netty-tcnative-boringssl-static/ Low Product Manifest multi-release true Low Product Manifest specification-title Netty/TomcatNative [BoringSSL - Static] Medium Product pom artifactid netty-tcnative-boringssl-static Highest Product pom groupid io.netty Highest Product pom name Netty/TomcatNative [BoringSSL - Static] High Product pom parent-artifactid netty-tcnative-parent Medium Version Manifest Bundle-Version 2.0.70.Final High Version Manifest Implementation-Version 2.0.70.Final High Version pom version 2.0.70.Final Highest
pkg:maven/io.netty/netty-tcnative-boringssl-static@2.0.70.Final (Confidence :High) Description:
A Mavenized fork of Tomcat Native which incorporates various patches. This artifact is statically linked
to BoringSSL and Apache APR.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/io/netty/netty-tcnative-boringssl-static/2.0.70.Final/netty-tcnative-boringssl-static-2.0.70.Final-linux-x86_64.jar
MD5: 13d5beeacc488f3e3523798173e86c81
SHA1: 3b12b1baff8d672493256fd3eb034fd61125ca4c
SHA256: 3d773aac73fe40f5d04de37ce14a1f7abd27caf0b3bd8275884f5d2968b3e254
Referenced In Project/Scope: i2kfs:compile
netty-tcnative-boringssl-static-2.0.70.Final-linux-x86_64.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.azure/azure-storage-blob-nio@12.0.0-beta.30
Evidence Type Source Name Value Confidence Vendor file name netty-tcnative-boringssl-static High Vendor Manifest boringssl-branch chromium-stable Low Vendor Manifest boringssl-revision b8c97f5b4bc5d4758612a0430e5c2792d0f9ca7f Low Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://netty.io/ Low Vendor Manifest bundle-nativecode META-INF/native/libnetty_tcnative_linux_x86_64.so;osname=linux;processor=x86_64 Low Vendor Manifest bundle-symbolicname io.netty.tcnative-boringssl-static Medium Vendor Manifest fragment-host io.netty.tcnative-classes Low Vendor Manifest implementation-url https://github.com/netty/netty-tcnative/netty-tcnative-boringssl-static/ Low Vendor Manifest Implementation-Vendor The Netty Project High Vendor Manifest Implementation-Vendor-Id io.netty Medium Vendor Manifest multi-release true Low Vendor Manifest specification-vendor The Netty Project Low Vendor pom artifactid netty-tcnative-boringssl-static Highest Vendor pom artifactid netty-tcnative-boringssl-static Low Vendor pom groupid io.netty Highest Vendor pom name Netty/TomcatNative [BoringSSL - Static] High Vendor pom parent-artifactid netty-tcnative-parent Low Product file name netty-tcnative-boringssl-static High Product jar package name meta-inf Highest Product Manifest boringssl-branch chromium-stable Low Product Manifest boringssl-revision b8c97f5b4bc5d4758612a0430e5c2792d0f9ca7f Low Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://netty.io/ Low Product Manifest Bundle-Name Netty/TomcatNative [BoringSSL - Static] Medium Product Manifest bundle-nativecode META-INF/native/libnetty_tcnative_linux_x86_64.so;osname=linux;processor=x86_64 Low Product Manifest bundle-symbolicname io.netty.tcnative-boringssl-static Medium Product Manifest fragment-host io.netty.tcnative-classes Low Product Manifest Implementation-Title Netty/TomcatNative [BoringSSL - Static] High Product Manifest implementation-url https://github.com/netty/netty-tcnative/netty-tcnative-boringssl-static/ Low Product Manifest multi-release true Low Product Manifest specification-title Netty/TomcatNative [BoringSSL - Static] Medium Product pom artifactid netty-tcnative-boringssl-static Highest Product pom groupid io.netty Highest Product pom name Netty/TomcatNative [BoringSSL - Static] High Product pom parent-artifactid netty-tcnative-parent Medium Version Manifest Bundle-Version 2.0.70.Final High Version Manifest Implementation-Version 2.0.70.Final High Version pom version 2.0.70.Final Highest
pkg:maven/io.netty/netty-tcnative-boringssl-static@2.0.70.Final (Confidence :High) Description:
A Mavenized fork of Tomcat Native which incorporates various patches. This artifact is statically linked
to BoringSSL and Apache APR.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/io/netty/netty-tcnative-boringssl-static/2.0.70.Final/netty-tcnative-boringssl-static-2.0.70.Final-osx-aarch_64.jar
MD5: 61e9b4bb5cadfa742b6a598b10c0338a
SHA1: 2b94b79fee15810c9307a23afa7004c5ff979300
SHA256: 0454c53e65da6e253b2104d1ae26ecc79df4faf999e8924b659846b5bf41e996
Referenced In Project/Scope: i2kfs:compile
netty-tcnative-boringssl-static-2.0.70.Final-osx-aarch_64.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.azure/azure-storage-blob-nio@12.0.0-beta.30
Evidence Type Source Name Value Confidence Vendor file name netty-tcnative-boringssl-static High Vendor Manifest boringssl-branch chromium-stable Low Vendor Manifest boringssl-revision b8c97f5b4bc5d4758612a0430e5c2792d0f9ca7f Low Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://netty.io/ Low Vendor Manifest bundle-nativecode META-INF/native/libnetty_tcnative_osx_aarch_64.jnilib;osname=macosx;;processor=aarch64 Low Vendor Manifest bundle-symbolicname io.netty.tcnative-boringssl-static Medium Vendor Manifest fragment-host io.netty.tcnative-classes Low Vendor Manifest implementation-url https://github.com/netty/netty-tcnative/netty-tcnative-boringssl-static/ Low Vendor Manifest Implementation-Vendor The Netty Project High Vendor Manifest Implementation-Vendor-Id io.netty Medium Vendor Manifest multi-release true Low Vendor Manifest specification-vendor The Netty Project Low Vendor pom artifactid netty-tcnative-boringssl-static Highest Vendor pom artifactid netty-tcnative-boringssl-static Low Vendor pom groupid io.netty Highest Vendor pom name Netty/TomcatNative [BoringSSL - Static] High Vendor pom parent-artifactid netty-tcnative-parent Low Product file name netty-tcnative-boringssl-static High Product jar package name meta-inf Highest Product Manifest boringssl-branch chromium-stable Low Product Manifest boringssl-revision b8c97f5b4bc5d4758612a0430e5c2792d0f9ca7f Low Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://netty.io/ Low Product Manifest Bundle-Name Netty/TomcatNative [BoringSSL - Static] Medium Product Manifest bundle-nativecode META-INF/native/libnetty_tcnative_osx_aarch_64.jnilib;osname=macosx;;processor=aarch64 Low Product Manifest bundle-symbolicname io.netty.tcnative-boringssl-static Medium Product Manifest fragment-host io.netty.tcnative-classes Low Product Manifest Implementation-Title Netty/TomcatNative [BoringSSL - Static] High Product Manifest implementation-url https://github.com/netty/netty-tcnative/netty-tcnative-boringssl-static/ Low Product Manifest multi-release true Low Product Manifest specification-title Netty/TomcatNative [BoringSSL - Static] Medium Product pom artifactid netty-tcnative-boringssl-static Highest Product pom groupid io.netty Highest Product pom name Netty/TomcatNative [BoringSSL - Static] High Product pom parent-artifactid netty-tcnative-parent Medium Version Manifest Bundle-Version 2.0.70.Final High Version Manifest Implementation-Version 2.0.70.Final High Version pom version 2.0.70.Final Highest
pkg:maven/io.netty/netty-tcnative-boringssl-static@2.0.70.Final (Confidence :High) Description:
A Mavenized fork of Tomcat Native which incorporates various patches. This artifact is statically linked
to BoringSSL and Apache APR.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/io/netty/netty-tcnative-boringssl-static/2.0.70.Final/netty-tcnative-boringssl-static-2.0.70.Final-osx-x86_64.jar
MD5: 9c1bc63725e879206498d38ea9ffe36b
SHA1: b9573f41469f8de0a90c2326178c644139a9c906
SHA256: 9c6a23335f296689fb3538bc49e4e280ff163675212c6fe01c9cf2a9273ee19a
Referenced In Project/Scope: i2kfs:compile
netty-tcnative-boringssl-static-2.0.70.Final-osx-x86_64.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.azure/azure-storage-blob-nio@12.0.0-beta.30
Evidence Type Source Name Value Confidence Vendor file name netty-tcnative-boringssl-static High Vendor Manifest boringssl-branch chromium-stable Low Vendor Manifest boringssl-revision b8c97f5b4bc5d4758612a0430e5c2792d0f9ca7f Low Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://netty.io/ Low Vendor Manifest bundle-nativecode META-INF/native/libnetty_tcnative_osx_x86_64.jnilib;osname=macosx;;processor=x86_64 Low Vendor Manifest bundle-symbolicname io.netty.tcnative-boringssl-static Medium Vendor Manifest fragment-host io.netty.tcnative-classes Low Vendor Manifest implementation-url https://github.com/netty/netty-tcnative/netty-tcnative-boringssl-static/ Low Vendor Manifest Implementation-Vendor The Netty Project High Vendor Manifest Implementation-Vendor-Id io.netty Medium Vendor Manifest multi-release true Low Vendor Manifest specification-vendor The Netty Project Low Vendor pom artifactid netty-tcnative-boringssl-static Highest Vendor pom artifactid netty-tcnative-boringssl-static Low Vendor pom groupid io.netty Highest Vendor pom name Netty/TomcatNative [BoringSSL - Static] High Vendor pom parent-artifactid netty-tcnative-parent Low Product file name netty-tcnative-boringssl-static High Product jar package name meta-inf Highest Product Manifest boringssl-branch chromium-stable Low Product Manifest boringssl-revision b8c97f5b4bc5d4758612a0430e5c2792d0f9ca7f Low Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://netty.io/ Low Product Manifest Bundle-Name Netty/TomcatNative [BoringSSL - Static] Medium Product Manifest bundle-nativecode META-INF/native/libnetty_tcnative_osx_x86_64.jnilib;osname=macosx;;processor=x86_64 Low Product Manifest bundle-symbolicname io.netty.tcnative-boringssl-static Medium Product Manifest fragment-host io.netty.tcnative-classes Low Product Manifest Implementation-Title Netty/TomcatNative [BoringSSL - Static] High Product Manifest implementation-url https://github.com/netty/netty-tcnative/netty-tcnative-boringssl-static/ Low Product Manifest multi-release true Low Product Manifest specification-title Netty/TomcatNative [BoringSSL - Static] Medium Product pom artifactid netty-tcnative-boringssl-static Highest Product pom groupid io.netty Highest Product pom name Netty/TomcatNative [BoringSSL - Static] High Product pom parent-artifactid netty-tcnative-parent Medium Version Manifest Bundle-Version 2.0.70.Final High Version Manifest Implementation-Version 2.0.70.Final High Version pom version 2.0.70.Final Highest
pkg:maven/io.netty/netty-tcnative-boringssl-static@2.0.70.Final (Confidence :High) Description:
A Mavenized fork of Tomcat Native which incorporates various patches. This artifact is statically linked
to BoringSSL and Apache APR.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/io/netty/netty-tcnative-boringssl-static/2.0.70.Final/netty-tcnative-boringssl-static-2.0.70.Final-windows-x86_64.jar
MD5: bcc2055d0e13e91337df043519893fb4
SHA1: 0e1d5e83d6f78908008a4fb9881bc4352b4f710c
SHA256: b3e3e0559df29a5624bcf529cb8e2bd9375c6d68164dda338e841677586a14c4
Referenced In Project/Scope: i2kfs:compile
netty-tcnative-boringssl-static-2.0.70.Final-windows-x86_64.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.azure/azure-storage-blob-nio@12.0.0-beta.30
Evidence Type Source Name Value Confidence Vendor file name netty-tcnative-boringssl-static High Vendor Manifest boringssl-branch chromium-stable Low Vendor Manifest boringssl-revision b8c97f5b4bc5d4758612a0430e5c2792d0f9ca7f Low Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://netty.io/ Low Vendor Manifest bundle-nativecode META-INF/native/netty_tcnative_windows_x86_64.dll;osname=win32;processor=x86_64 Low Vendor Manifest bundle-symbolicname io.netty.tcnative-boringssl-static Medium Vendor Manifest fragment-host io.netty.tcnative-classes Low Vendor Manifest implementation-url https://github.com/netty/netty-tcnative/netty-tcnative-boringssl-static/ Low Vendor Manifest Implementation-Vendor The Netty Project High Vendor Manifest Implementation-Vendor-Id io.netty Medium Vendor Manifest multi-release true Low Vendor Manifest specification-vendor The Netty Project Low Vendor pom artifactid netty-tcnative-boringssl-static Highest Vendor pom artifactid netty-tcnative-boringssl-static Low Vendor pom groupid io.netty Highest Vendor pom name Netty/TomcatNative [BoringSSL - Static] High Vendor pom parent-artifactid netty-tcnative-parent Low Product file name netty-tcnative-boringssl-static High Product jar package name meta-inf Highest Product Manifest boringssl-branch chromium-stable Low Product Manifest boringssl-revision b8c97f5b4bc5d4758612a0430e5c2792d0f9ca7f Low Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://netty.io/ Low Product Manifest Bundle-Name Netty/TomcatNative [BoringSSL - Static] Medium Product Manifest bundle-nativecode META-INF/native/netty_tcnative_windows_x86_64.dll;osname=win32;processor=x86_64 Low Product Manifest bundle-symbolicname io.netty.tcnative-boringssl-static Medium Product Manifest fragment-host io.netty.tcnative-classes Low Product Manifest Implementation-Title Netty/TomcatNative [BoringSSL - Static] High Product Manifest implementation-url https://github.com/netty/netty-tcnative/netty-tcnative-boringssl-static/ Low Product Manifest multi-release true Low Product Manifest specification-title Netty/TomcatNative [BoringSSL - Static] Medium Product pom artifactid netty-tcnative-boringssl-static Highest Product pom groupid io.netty Highest Product pom name Netty/TomcatNative [BoringSSL - Static] High Product pom parent-artifactid netty-tcnative-parent Medium Version Manifest Bundle-Version 2.0.70.Final High Version Manifest Implementation-Version 2.0.70.Final High Version pom version 2.0.70.Final Highest
pkg:maven/io.netty/netty-tcnative-boringssl-static@2.0.70.Final (Confidence :High) Description:
A Mavenized fork of Tomcat Native which incorporates various patches. This artifact is statically linked
to BoringSSL and Apache APR. License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/io/netty/netty-tcnative-boringssl-static/2.0.70.Final/netty-tcnative-boringssl-static-2.0.70.Final.jar
MD5: a5194205760c824cbfa449639de7cd98
SHA1: d0525335b569b05cfbfb60ecbba6c811157cf035
SHA256: 3f7b4c3a51737965cd5b53777782c125784420458d96513cfac7412e4d1fa0c3
Referenced In Project/Scope: i2kfs:compile
netty-tcnative-boringssl-static-2.0.70.Final.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.azure/azure-storage-blob-nio@12.0.0-beta.30
Evidence Type Source Name Value Confidence Vendor file name netty-tcnative-boringssl-static High Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://netty.io/ Low Vendor Manifest bundle-symbolicname io.netty.tcnative-boringssl-static Medium Vendor Manifest fragment-host io.netty.tcnative-classes Low Vendor Manifest implementation-url https://github.com/netty/netty-tcnative/netty-tcnative-boringssl-static/ Low Vendor Manifest Implementation-Vendor The Netty Project High Vendor Manifest Implementation-Vendor-Id io.netty Medium Vendor Manifest multi-release true Low Vendor Manifest specification-vendor The Netty Project Low Vendor pom artifactid netty-tcnative-boringssl-static Highest Vendor pom artifactid netty-tcnative-boringssl-static Low Vendor pom developer email netty@googlegroups.com Low Vendor pom developer id netty.io Medium Vendor pom developer name The Netty Project Contributors Medium Vendor pom developer org The Netty Project Medium Vendor pom developer org URL https://netty.io/ Medium Vendor pom groupid io.netty Highest Vendor pom name Netty/TomcatNative [BoringSSL - Static] High Vendor pom url netty/netty-tcnative/netty-tcnative-boringssl-static/ Highest Product file name netty-tcnative-boringssl-static High Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://netty.io/ Low Product Manifest Bundle-Name Netty/TomcatNative [BoringSSL - Static] Medium Product Manifest bundle-symbolicname io.netty.tcnative-boringssl-static Medium Product Manifest fragment-host io.netty.tcnative-classes Low Product Manifest Implementation-Title Netty/TomcatNative [BoringSSL - Static] High Product Manifest implementation-url https://github.com/netty/netty-tcnative/netty-tcnative-boringssl-static/ Low Product Manifest multi-release true Low Product Manifest specification-title Netty/TomcatNative [BoringSSL - Static] Medium Product pom artifactid netty-tcnative-boringssl-static Highest Product pom developer email netty@googlegroups.com Low Product pom developer id netty.io Low Product pom developer name The Netty Project Contributors Low Product pom developer org The Netty Project Low Product pom developer org URL https://netty.io/ Low Product pom groupid io.netty Highest Product pom name Netty/TomcatNative [BoringSSL - Static] High Product pom url netty/netty-tcnative/netty-tcnative-boringssl-static/ High Version Manifest Bundle-Version 2.0.70.Final High Version Manifest Implementation-Version 2.0.70.Final High Version pom version 2.0.70.Final Highest
pkg:maven/io.netty/netty-tcnative-boringssl-static@2.0.70.Final (Confidence :High) Description:
A Mavenized fork of Tomcat Native which incorporates various patches. This artifact is dynamically linked
to OpenSSL and Apache APR.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/io/netty/netty-tcnative-classes/2.0.70.Final/netty-tcnative-classes-2.0.70.Final.jar
MD5: af67c685397310283abea146f6785896
SHA1: 5f75accc769e69f2e6c1e56ba3a08b6c4bcc25f8
SHA256: a79c1579313d4ad48a3ecc1d01a25da06d22d6449c3bcc369c2318749bcf55bc
Referenced In Project/Scope: i2kfs:compile
netty-tcnative-classes-2.0.70.Final.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.azure/azure-storage-blob-nio@12.0.0-beta.30
Evidence Type Source Name Value Confidence Vendor file name netty-tcnative-classes High Vendor jar package name io Highest Vendor jar package name netty Highest Vendor jar package name tcnative Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://netty.io/ Low Vendor Manifest bundle-symbolicname io.netty.tcnative-classes Medium Vendor Manifest implementation-url https://github.com/netty/netty-tcnative/netty-tcnative-classes/ Low Vendor Manifest Implementation-Vendor The Netty Project High Vendor Manifest Implementation-Vendor-Id io.netty Medium Vendor Manifest multi-release true Low Vendor Manifest specification-vendor The Netty Project Low Vendor pom artifactid netty-tcnative-classes Highest Vendor pom artifactid netty-tcnative-classes Low Vendor pom groupid io.netty Highest Vendor pom name Netty/TomcatNative [OpenSSL - Classes] High Vendor pom parent-artifactid netty-tcnative-parent Low Product file name netty-tcnative-classes High Product jar package name io Highest Product jar package name netty Highest Product jar package name tcnative Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://netty.io/ Low Product Manifest Bundle-Name Netty/TomcatNative [OpenSSL - Classes] Medium Product Manifest bundle-symbolicname io.netty.tcnative-classes Medium Product Manifest Implementation-Title Netty/TomcatNative [OpenSSL - Classes] High Product Manifest implementation-url https://github.com/netty/netty-tcnative/netty-tcnative-classes/ Low Product Manifest multi-release true Low Product Manifest specification-title Netty/TomcatNative [OpenSSL - Classes] Medium Product pom artifactid netty-tcnative-classes Highest Product pom groupid io.netty Highest Product pom name Netty/TomcatNative [OpenSSL - Classes] High Product pom parent-artifactid netty-tcnative-parent Medium Version Manifest Bundle-Version 2.0.70.Final High Version Manifest Implementation-Version 2.0.70.Final High Version pom version 2.0.70.Final Highest
pkg:maven/io.netty/netty-tcnative-classes@2.0.70.Final (Confidence :High) cpe:2.3:a:openssl:openssl:2.0.70:*:*:*:*:*:*:* (Confidence :Low) suppress Description:
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers and clients. License:
https://www.apache.org/licenses/LICENSE-2.0 File Path: /root/.m2/repository/io/netty/netty-transport/4.1.128.Final/netty-transport-4.1.128.Final.jar
MD5: 219dde353fda5293de1b63a89c2d155f
SHA1: 1342e97263b2e552f5d733a232a3e8d5dc15961a
SHA256: dc9107aae931cb5cf59471835358f68b4cb9548c9fb0a9fe06acf2a3d3d422f2
Referenced In Project/Scope: i2kfs:compile
netty-transport-4.1.128.Final.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.netty/netty-all@4.1.128.Final
Evidence Type Source Name Value Confidence Vendor file name netty-transport High Vendor jar package name io Highest Vendor jar package name netty Highest Vendor Manifest automatic-module-name io.netty.transport Medium Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://netty.io/ Low Vendor Manifest bundle-symbolicname io.netty.transport Medium Vendor Manifest implementation-url https://netty.io/netty-transport/ Low Vendor Manifest Implementation-Vendor The Netty Project High Vendor Manifest Implementation-Vendor-Id io.netty Medium Vendor Manifest specification-vendor The Netty Project Low Vendor pom artifactid netty-transport Highest Vendor pom artifactid netty-transport Low Vendor pom groupid io.netty Highest Vendor pom name Netty/Transport High Vendor pom parent-artifactid netty-parent Low Product file name netty-transport High Product jar package name io Highest Product jar package name netty Highest Product Manifest automatic-module-name io.netty.transport Medium Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://netty.io/ Low Product Manifest Bundle-Name Netty/Transport Medium Product Manifest bundle-symbolicname io.netty.transport Medium Product Manifest Implementation-Title Netty/Transport High Product Manifest implementation-url https://netty.io/netty-transport/ Low Product Manifest specification-title Netty/Transport Medium Product pom artifactid netty-transport Highest Product pom groupid io.netty Highest Product pom name Netty/Transport High Product pom parent-artifactid netty-parent Medium Version Manifest Bundle-Version 4.1.128.Final High Version Manifest Implementation-Version 4.1.128.Final High Version pom version 4.1.128.Final Highest
Related Dependencies CVE-2025-67735 suppress
Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.129.Final and 4.2.8.Final, the `io.netty.handler.codec.http.HttpRequestEncoder` has a CRLF injection with the request URI when constructing a request. This leads to request smuggling when `HttpRequestEncoder` is used without proper sanitization of the URI. Any application / framework using `HttpRequestEncoder` can be subject to be abused to perform request smuggling using CRLF injection. Versions 4.1.129.Final and 4.2.8.Final fix the issue. CWE-93 Improper Neutralization of CRLF Sequences ('CRLF Injection')
CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
License:
Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/com/nimbusds/nimbus-jose-jwt/9.40/nimbus-jose-jwt-9.40.jar/META-INF/maven/com.google.code.gson/gson/pom.xml
MD5: 890872d783f277381def435ef48ae9e2
SHA1: 55796dd7cc329027df79e96c4e6631e3c02c93c5
SHA256: c0e547bea998888e6e25c5886a90e762272bc88b5275343dd2c05ded6ca2e360
Referenced In Project/Scope: i2kfs:compile
Evidence Type Source Name Value Confidence Vendor pom artifactid gson Low Vendor pom groupid com.google.code.gson Highest Vendor pom name Gson High Vendor pom parent-artifactid gson-parent Low Product pom artifactid gson Highest Product pom groupid com.google.code.gson Highest Product pom name Gson High Product pom parent-artifactid gson-parent Medium Version pom version 2.11.0 Highest
Description:
Java library for Javascript Object Signing and Encryption (JOSE) and
JSON Web Tokens (JWT)
License:
The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/com/nimbusds/nimbus-jose-jwt/9.40/nimbus-jose-jwt-9.40.jar
MD5: 42ce81c8d034f163663d23e8bbc3638d
SHA1: 42b1dfa0360e4062951b070bac52dd8d96fd7b38
SHA256: 77128ed53756421bf59d2fc7f31554da29ea81cad8a5345977275adb7c5254c8
Referenced In Project/Scope: i2kfs:compile
nimbus-jose-jwt-9.40.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.microsoft.azure/msal4j@1.22.0
Evidence Type Source Name Value Confidence Vendor file name nimbus-jose-jwt High Vendor jar package name jose Highest Vendor jar package name jwt Highest Vendor jar package name nimbusds Highest Vendor Manifest build-date ${timestamp} Low Vendor Manifest build-jdk-spec 17 Low Vendor Manifest build-number ${buildNumber} Low Vendor Manifest build-tag 9.40 Low Vendor Manifest bundle-docurl https://connect2id.com Low Vendor Manifest bundle-symbolicname com.nimbusds.nimbus-jose-jwt Medium Vendor Manifest Implementation-Vendor Connect2id Ltd. High Vendor Manifest multi-release true Low Vendor Manifest specification-vendor Connect2id Ltd. Low Vendor pom artifactid nimbus-jose-jwt Highest Vendor pom artifactid nimbus-jose-jwt Low Vendor pom developer email vladimir@dzhuvinov.com Low Vendor pom developer id vdzhuvinov Medium Vendor pom developer name Vladimir Dzhuvinov Medium Vendor pom groupid com.nimbusds Highest Vendor pom name Nimbus JOSE+JWT High Vendor pom organization name Connect2id Ltd. High Vendor pom organization url https://connect2id.com Medium Vendor pom url https://bitbucket.org/connect2id/nimbus-jose-jwt Highest Product file name nimbus-jose-jwt High Product jar package name 9 Highest Product jar package name jose Highest Product jar package name jwt Highest Product jar package name nimbusds Highest Product Manifest build-date ${timestamp} Low Product Manifest build-jdk-spec 17 Low Product Manifest build-number ${buildNumber} Low Product Manifest build-tag 9.40 Low Product Manifest bundle-docurl https://connect2id.com Low Product Manifest Bundle-Name Nimbus JOSE+JWT Medium Product Manifest bundle-symbolicname com.nimbusds.nimbus-jose-jwt Medium Product Manifest Implementation-Title Nimbus JOSE+JWT High Product Manifest multi-release true Low Product Manifest specification-title Nimbus JOSE+JWT Medium Product pom artifactid nimbus-jose-jwt Highest Product pom developer email vladimir@dzhuvinov.com Low Product pom developer id vdzhuvinov Low Product pom developer name Vladimir Dzhuvinov Low Product pom groupid com.nimbusds Highest Product pom name Nimbus JOSE+JWT High Product pom organization name Connect2id Ltd. Low Product pom organization url https://connect2id.com Low Product pom url https://bitbucket.org/connect2id/nimbus-jose-jwt Medium Version file version 9.40 High Version Manifest build-tag 9.40 Low Version Manifest Implementation-Version 9.40 High Version pom version 9.40 Highest
Description:
Fast serialization library for Clojure License:
Eclipse Public License - v 1.0: https://www.eclipse.org/legal/epl-v10.html File Path: /root/.m2/repository/com/taoensso/nippy/3.6.0/nippy-3.6.0.jar
MD5: 63bb317512772a461d1ecba738627654
SHA1: 95f51a91cec89da115da326382ceb6ccfc240eb0
SHA256: 93676bf3f1c050ad65b3cf1e3f5a208d5a6c25cb57f45d9bd2a671dff5f1d2cb
Referenced In Project/Scope: i2kfs:compile
nippy-3.6.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/i2kconnect/i2kconfig@0.14.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name nippy High Vendor Manifest leiningen-project-artifactid nippy Low Vendor pom artifactid nippy Highest Vendor pom artifactid nippy Low Vendor pom groupid com.taoensso Highest Vendor pom name nippy High Vendor pom url https://www.taoensso.com/nippy Highest Product file name nippy High Product Manifest leiningen-project-artifactid nippy Low Product pom artifactid nippy Highest Product pom groupid com.taoensso Highest Product pom name nippy High Product pom url https://www.taoensso.com/nippy Medium Version file version 3.6.0 High Version Manifest leiningen-project-version 3.6.0 Medium Version pom version 3.6.0 Highest
Description:
nREPL is a Clojure *n*etwork REPL. License:
Eclipse Public License: http://www.eclipse.org/legal/epl-v10.html File Path: /root/.m2/repository/nrepl/nrepl/1.0.0/nrepl-1.0.0.jar
MD5: 3b80c95389f4eac7db14cd605085ea9d
SHA1: f47774c43493efdc879d36b95ebd67ea0d9c890a
SHA256: a30b9734ff2e639f365f0d7553b4877306f2a543cf021e299d15bf1eabd6a5bb
Referenced In Project/Scope: i2kfs:compile
nrepl-1.0.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/i2kconnect/i2kfs@1.5.0-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name nrepl High Vendor jar package name nrepl Highest Vendor Manifest leiningen-project-artifactid nrepl Low Vendor Manifest leiningen-project-groupid nrepl Low Vendor pom artifactid nrepl Highest Vendor pom artifactid nrepl Low Vendor pom groupid nrepl Highest Vendor pom name nrepl High Vendor pom url https://nrepl.org Highest Product file name nrepl High Product jar package name nrepl Highest Product Manifest leiningen-project-artifactid nrepl Low Product Manifest leiningen-project-groupid nrepl Low Product pom artifactid nrepl Highest Product pom groupid nrepl Highest Product pom name nrepl High Product pom url https://nrepl.org Medium Version file version 1.0.0 High Version Manifest leiningen-project-version 1.0.0 Medium Version pom version 1.0.0 Highest
pkg:maven/nrepl/nrepl@1.0.0 (Confidence :High) Description:
OAuth 2.0 SDK with OpenID Connection extensions for developing client
and server applications.
License:
Apache License, version 2.0: https://www.apache.org/licenses/LICENSE-2.0.html File Path: /root/.m2/repository/com/nimbusds/oauth2-oidc-sdk/11.23.1/oauth2-oidc-sdk-11.23.1.jar
MD5: 23640d70aa30f448060c229f6344d8e2
SHA1: 17facb3e3fa9e048f87b34c706e1163cad660e6d
SHA256: 170303aec2fd3974a14f1edc940e40d334b33fa2a9c3e206b9d2aa12d23d5428
Referenced In Project/Scope: i2kfs:compile
oauth2-oidc-sdk-11.23.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.microsoft.azure/msal4j@1.22.0
Evidence Type Source Name Value Confidence Vendor file name oauth2-oidc-sdk High Vendor jar package name client Highest Vendor jar package name connect Highest Vendor jar package name nimbusds Highest Vendor jar package name oauth2 Highest Vendor jar package name openid Highest Vendor jar package name sdk Highest Vendor Manifest build-date 20250226.102144.957 Low Vendor Manifest build-jdk-spec 17 Low Vendor Manifest build-number e47b0caef2f607e6620537077360f8e382dccb3b Low Vendor Manifest build-tag 11.23.1 Low Vendor Manifest bundle-developers vdzhuvinov;email="vd@connect2id.com";name="Vladimir Dzhuvinov" Low Vendor Manifest bundle-docurl https://bitbucket.org/connect2id/oauth-2.0-sdk-with-openid-connect-extensions Low Vendor Manifest bundle-symbolicname oauth2-oidc-sdk Medium Vendor Manifest Implementation-Vendor Connect2id Ltd. High Vendor Manifest specification-vendor Connect2id Ltd. Low Vendor pom artifactid oauth2-oidc-sdk Highest Vendor pom artifactid oauth2-oidc-sdk Low Vendor pom developer email vd@connect2id.com Low Vendor pom developer id vdzhuvinov Medium Vendor pom developer name Vladimir Dzhuvinov Medium Vendor pom groupid com.nimbusds Highest Vendor pom name OAuth 2.0 SDK with OpenID Connect extensions High Vendor pom organization name Connect2id Ltd. High Vendor pom organization url https://connect2id.com Medium Vendor pom url https://bitbucket.org/connect2id/oauth-2.0-sdk-with-openid-connect-extensions Highest Product file name oauth2-oidc-sdk High Product jar package name client Highest Product jar package name connect Highest Product jar package name nimbusds Highest Product jar package name oauth2 Highest Product jar package name openid Highest Product jar package name sdk Highest Product Manifest build-date 20250226.102144.957 Low Product Manifest build-jdk-spec 17 Low Product Manifest build-number e47b0caef2f607e6620537077360f8e382dccb3b Low Product Manifest build-tag 11.23.1 Low Product Manifest bundle-developers vdzhuvinov;email="vd@connect2id.com";name="Vladimir Dzhuvinov" Low Product Manifest bundle-docurl https://bitbucket.org/connect2id/oauth-2.0-sdk-with-openid-connect-extensions Low Product Manifest Bundle-Name OAuth 2.0 SDK with OpenID Connect extensions Medium Product Manifest bundle-symbolicname oauth2-oidc-sdk Medium Product Manifest Implementation-Title OAuth 2.0 SDK with OpenID Connect extensions High Product Manifest specification-title OAuth 2.0 SDK with OpenID Connect extensions Medium Product pom artifactid oauth2-oidc-sdk Highest Product pom developer email vd@connect2id.com Low Product pom developer id vdzhuvinov Low Product pom developer name Vladimir Dzhuvinov Low Product pom groupid com.nimbusds Highest Product pom name OAuth 2.0 SDK with OpenID Connect extensions High Product pom organization name Connect2id Ltd. Low Product pom organization url https://connect2id.com Low Product pom url https://bitbucket.org/connect2id/oauth-2.0-sdk-with-openid-connect-extensions Medium Version file version 11.23.1 High Version Manifest build-tag 11.23.1 Low Version Manifest Bundle-Version 11.23.1 High Version Manifest Implementation-Version 11.23.1 High Version pom version 11.23.1 Highest
pkg:maven/com.nimbusds/oauth2-oidc-sdk@11.23.1 (Confidence :High) Description:
Square’s meticulous HTTP client for Java and Kotlin. License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/com/squareup/okhttp3/okhttp/4.12.0/okhttp-4.12.0.jar
MD5: 6acba053af88fed87e710c6c29911d7c
SHA1: 2f4525d4a200e97e1b87449c2cd9bd2e25b7e8cd
SHA256: b1050081b14bb7a3a7e55a4d3ef01b5dcfabc453b4573a4fc019767191d5f4e0
Referenced In Project/Scope: i2kfs:runtime
okhttp-4.12.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/i2kconnect/i2kconfig@0.14.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name okhttp High Vendor jar package name http Highest Vendor jar package name okhttp Highest Vendor jar package name okhttp3 Highest Vendor Manifest automatic-module-name okhttp3 Medium Vendor pom artifactid okhttp Highest Vendor pom artifactid okhttp Low Vendor pom developer name Square, Inc. Medium Vendor pom groupid com.squareup.okhttp3 Highest Vendor pom name okhttp High Vendor pom url https://square.github.io/okhttp/ Highest Product file name okhttp High Product jar package name http Highest Product jar package name okhttp Highest Product jar package name okhttp3 Highest Product Manifest automatic-module-name okhttp3 Medium Product pom artifactid okhttp Highest Product pom developer name Square, Inc. Low Product pom groupid com.squareup.okhttp3 Highest Product pom name okhttp High Product pom url https://square.github.io/okhttp/ Medium Version file version 4.12.0 High Version pom version 4.12.0 Highest
Description:
A modern I/O library for Android, Java, and Kotlin Multiplatform. License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/com/squareup/okio/okio/3.6.0/okio-3.6.0.jar
MD5: 990f7b25bbd4fee8787ffabf89aa229f
SHA1: 8bf9683c80762d7dd47db12b68e99abea2a7ae05
SHA256: 8e63292e5c53bb93c4a6b0c213e79f15990fed250c1340f1c343880e1c9c39b5
Referenced In Project/Scope: i2kfs:runtime
okio-3.6.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/i2kconnect/i2kconfig@0.14.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name okio High Vendor pom artifactid okio Highest Vendor pom artifactid okio Low Vendor pom developer id square Medium Vendor pom developer name Square, Inc. Medium Vendor pom groupid com.squareup.okio Highest Vendor pom name okio High Vendor pom url square/okio/ Highest Product file name okio High Product pom artifactid okio Highest Product pom developer id square Low Product pom developer name Square, Inc. Low Product pom groupid com.squareup.okio Highest Product pom name okio High Product pom url square/okio/ High Version file version 3.6.0 High Version pom version 3.6.0 Highest
Related Dependencies okio-jvm-3.6.0.jarFile Path: /root/.m2/repository/com/squareup/okio/okio-jvm/3.6.0/okio-jvm-3.6.0.jar MD5: 26370180ff99a7e8a12dcaac2a70cc6e SHA1: 5600569133b7bdefe1daf9ec7f4abeb6d13e1786 SHA256: 67543f0736fc422ae927ed0e504b98bc5e269fda0d3500579337cb713da28412 pkg:maven/com.squareup.okio/okio-jvm@3.6.0 Description:
null License:
The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/io/opencensus/opencensus-api/0.31.1/opencensus-api-0.31.1.jar
MD5: a5e7092bb89baaaee424f5a7b20d1bad
SHA1: 66a60c7201c2b8b20ce495f0295b32bb0ccbbc57
SHA256: f1474d47f4b6b001558ad27b952e35eda5cc7146788877fc52938c6eba24b382
Referenced In Project/Scope: i2kfs:compile
opencensus-api-0.31.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.google.cloud/google-cloud-nio@0.127.33
Evidence Type Source Name Value Confidence Vendor file name opencensus-api High Vendor jar package name io Highest Vendor jar package name opencensus Highest Vendor Manifest source-compatibility 1.7 Low Vendor Manifest target-compatibility 1.7 Low Vendor pom artifactid opencensus-api Highest Vendor pom artifactid opencensus-api Low Vendor pom developer email census-developers@googlegroups.com Low Vendor pom developer id io.opencensus Medium Vendor pom developer name OpenCensus Contributors Medium Vendor pom developer org OpenCensus Authors Medium Vendor pom developer org URL https://www.opencensus.io Medium Vendor pom groupid io.opencensus Highest Vendor pom name OpenCensus High Vendor pom url census-instrumentation/opencensus-java Highest Product file name opencensus-api High Product jar package name io Highest Product jar package name opencensus Highest Product Manifest Implementation-Title opencensus-api High Product Manifest source-compatibility 1.7 Low Product Manifest target-compatibility 1.7 Low Product pom artifactid opencensus-api Highest Product pom developer email census-developers@googlegroups.com Low Product pom developer id io.opencensus Low Product pom developer name OpenCensus Contributors Low Product pom developer org OpenCensus Authors Low Product pom developer org URL https://www.opencensus.io Low Product pom groupid io.opencensus Highest Product pom name OpenCensus High Product pom url census-instrumentation/opencensus-java High Version file version 0.31.1 High Version Manifest Implementation-Version 0.31.1 High Version pom version 0.31.1 Highest
pkg:maven/io.opencensus/opencensus-api@0.31.1 (Confidence :High) Description:
null License:
The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/io/opencensus/opencensus-contrib-http-util/0.31.1/opencensus-contrib-http-util-0.31.1.jar
MD5: 9ecc9c428eb87dc734ae8d07b820ce26
SHA1: 3c13fc5715231fadb16a9b74a44d9d59c460cfa8
SHA256: 3ea995b55a4068be22989b70cc29a4d788c2d328d1d50613a7a9afd13fdd2d0a
Referenced In Project/Scope: i2kfs:compile
opencensus-contrib-http-util-0.31.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.google.cloud/google-cloud-nio@0.127.33
Evidence Type Source Name Value Confidence Vendor file name opencensus-contrib-http-util High Vendor jar package name contrib Highest Vendor jar package name http Highest Vendor jar package name io Highest Vendor jar package name opencensus Highest Vendor Manifest source-compatibility 1.7 Low Vendor Manifest target-compatibility 1.7 Low Vendor pom artifactid opencensus-contrib-http-util Highest Vendor pom artifactid opencensus-contrib-http-util Low Vendor pom developer email census-developers@googlegroups.com Low Vendor pom developer id io.opencensus Medium Vendor pom developer name OpenCensus Contributors Medium Vendor pom developer org OpenCensus Authors Medium Vendor pom developer org URL https://www.opencensus.io Medium Vendor pom groupid io.opencensus Highest Vendor pom name OpenCensus High Vendor pom url census-instrumentation/opencensus-java Highest Product file name opencensus-contrib-http-util High Product jar package name contrib Highest Product jar package name http Highest Product jar package name io Highest Product jar package name opencensus Highest Product Manifest Implementation-Title opencensus-contrib-http-util High Product Manifest source-compatibility 1.7 Low Product Manifest target-compatibility 1.7 Low Product pom artifactid opencensus-contrib-http-util Highest Product pom developer email census-developers@googlegroups.com Low Product pom developer id io.opencensus Low Product pom developer name OpenCensus Contributors Low Product pom developer org OpenCensus Authors Low Product pom developer org URL https://www.opencensus.io Low Product pom groupid io.opencensus Highest Product pom name OpenCensus High Product pom url census-instrumentation/opencensus-java High Version file version 0.31.1 High Version Manifest Implementation-Version 0.31.1 High Version pom version 0.31.1 Highest
pkg:maven/io.opencensus/opencensus-contrib-http-util@0.31.1 (Confidence :High) Description:
OpenTelemetry API License:
The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/io/opentelemetry/opentelemetry-api/1.47.0/opentelemetry-api-1.47.0.jar
MD5: 676c8858cb02e010a462787c743a3006
SHA1: 9de168f2c648c33b86136f51a4584bde9a705ff1
SHA256: 6566f1f1133d611ff4e8b8fdb8eb18577b970425620315363ee9be43843b14bf
Referenced In Project/Scope: i2kfs:compile
opentelemetry-api-1.47.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.google.cloud/google-cloud-nio@0.127.33
Evidence Type Source Name Value Confidence Vendor file name opentelemetry-api High Vendor jar package name api Highest Vendor jar package name io Highest Vendor jar package name opentelemetry Highest Vendor Manifest automatic-module-name io.opentelemetry.api Medium Vendor pom artifactid opentelemetry-api Highest Vendor pom artifactid opentelemetry-api Low Vendor pom developer id opentelemetry Medium Vendor pom developer name OpenTelemetry Medium Vendor pom groupid io.opentelemetry Highest Vendor pom name OpenTelemetry Java High Vendor pom url open-telemetry/opentelemetry-java Highest Product file name opentelemetry-api High Product jar package name api Highest Product jar package name io Highest Product jar package name opentelemetry Highest Product Manifest automatic-module-name io.opentelemetry.api Medium Product Manifest Implementation-Title all High Product pom artifactid opentelemetry-api Highest Product pom developer id opentelemetry Low Product pom developer name OpenTelemetry Low Product pom groupid io.opentelemetry Highest Product pom name OpenTelemetry Java High Product pom url open-telemetry/opentelemetry-java High Version file version 1.47.0 High Version Manifest Implementation-Version 1.47.0 High Version pom version 1.47.0 Highest
Related Dependencies opentelemetry-context-1.47.0.jarFile Path: /root/.m2/repository/io/opentelemetry/opentelemetry-context/1.47.0/opentelemetry-context-1.47.0.jar MD5: 1732aab63979541ea6f19116e4d64f34 SHA1: 86e49fe98ce06c279f7b9f028af8658cb7bc972a SHA256: 15b4fc4234e6dca6d54800d572694ecbd07ba52c15fc5b221b4da5517ce8d90d pkg:maven/io.opentelemetry/opentelemetry-context@1.47.0 opentelemetry-sdk-1.47.0.jarFile Path: /root/.m2/repository/io/opentelemetry/opentelemetry-sdk/1.47.0/opentelemetry-sdk-1.47.0.jar MD5: 533d4b3fbc5738334af2bf6fa429bbfc SHA1: dd575f250f89942b962374ac794e0dca27d00848 SHA256: 4a09eb2ee484769973e14218a34e6da54f35955aa02b26dc5238b0c2ed6a801d pkg:maven/io.opentelemetry/opentelemetry-sdk@1.47.0 opentelemetry-sdk-common-1.47.0.jarFile Path: /root/.m2/repository/io/opentelemetry/opentelemetry-sdk-common/1.47.0/opentelemetry-sdk-common-1.47.0.jar MD5: 7a5faca1982c9455c3ab5abef3d8fb83 SHA1: b8c1def83e2e3dd2ec2a9811a543a8a76f25328c SHA256: 7ce55666aca7f2e5697a57bd4133e4508a6dc5041685f2d1ef31bb156f32e3bd pkg:maven/io.opentelemetry/opentelemetry-sdk-common@1.47.0 opentelemetry-sdk-extension-autoconfigure-spi-1.47.0.jarFile Path: /root/.m2/repository/io/opentelemetry/opentelemetry-sdk-extension-autoconfigure-spi/1.47.0/opentelemetry-sdk-extension-autoconfigure-spi-1.47.0.jar MD5: 1a3fc9df7391def4707bd9f173bae98c SHA1: 36993ea9544a237812dd5b20a16d9adda123b2f1 SHA256: 94348d4263e2c59c7039630cad379d969b62644ed09b6178fa952988559b396a pkg:maven/io.opentelemetry/opentelemetry-sdk-extension-autoconfigure-spi@1.47.0 opentelemetry-sdk-logs-1.47.0.jarFile Path: /root/.m2/repository/io/opentelemetry/opentelemetry-sdk-logs/1.47.0/opentelemetry-sdk-logs-1.47.0.jar MD5: 2fe62c2af5b2d957593d61b4110259a8 SHA1: d4febf6ef5a24848af7375f60bc20a7ae9cda370 SHA256: 302491984b63eebaf4b58bd3ae19d223a55f79090a3e46b40507b49c3cbe9cc5 pkg:maven/io.opentelemetry/opentelemetry-sdk-logs@1.47.0 opentelemetry-sdk-metrics-1.47.0.jarFile Path: /root/.m2/repository/io/opentelemetry/opentelemetry-sdk-metrics/1.47.0/opentelemetry-sdk-metrics-1.47.0.jar MD5: 50850718e06436e7701d0c076ebd5269 SHA1: 97b52b5e2209fe205b59c0cc62c785389d6518f8 SHA256: 7d1442c5ca916ba2513005205d3b8b9bc5dca4e2a84867d0550602a0dfc0bba5 pkg:maven/io.opentelemetry/opentelemetry-sdk-metrics@1.47.0 opentelemetry-sdk-trace-1.47.0.jarFile Path: /root/.m2/repository/io/opentelemetry/opentelemetry-sdk-trace/1.47.0/opentelemetry-sdk-trace-1.47.0.jar MD5: dde5948d540469a2506436fb083a5398 SHA1: 64ee920e9b4682264989df332932b5edc8f47a1d SHA256: 03950efd5fa5a276769a593579d8f602742a5d52f9978569326d2a9f9e162546 pkg:maven/io.opentelemetry/opentelemetry-sdk-trace@1.47.0 Description:
OpenTelemetry API Incubator License:
The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/io/opentelemetry/opentelemetry-api-incubator/1.37.0-alpha/opentelemetry-api-incubator-1.37.0-alpha.jar
MD5: 0b7f37c6b47787977a67267226b8784e
SHA1: 2f0c0db3eaf152ee0478352847cb768a18191084
SHA256: 037cdd200d917190e6774029676017fa5ec27e5a5af938dcb97adc75132eda48
Referenced In Project/Scope: i2kfs:runtime
opentelemetry-api-incubator-1.37.0-alpha.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/i2kconnect/i2kconfig@0.14.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name opentelemetry-api-incubator High Vendor jar package name api Highest Vendor jar package name incubator Highest Vendor jar package name io Highest Vendor jar package name opentelemetry Highest Vendor Manifest automatic-module-name io.opentelemetry.api.incubator Medium Vendor pom artifactid opentelemetry-api-incubator Highest Vendor pom artifactid opentelemetry-api-incubator Low Vendor pom developer id opentelemetry Medium Vendor pom developer name OpenTelemetry Medium Vendor pom groupid io.opentelemetry Highest Vendor pom name OpenTelemetry Java High Vendor pom url open-telemetry/opentelemetry-java Highest Product file name opentelemetry-api-incubator High Product jar package name api Highest Product jar package name incubator Highest Product jar package name io Highest Product jar package name opentelemetry Highest Product Manifest automatic-module-name io.opentelemetry.api.incubator Medium Product Manifest Implementation-Title incubator High Product pom artifactid opentelemetry-api-incubator Highest Product pom developer id opentelemetry Low Product pom developer name OpenTelemetry Low Product pom groupid io.opentelemetry Highest Product pom name OpenTelemetry Java High Product pom url open-telemetry/opentelemetry-java High Version Manifest Implementation-Version 1.37.0-alpha High Version pom version 1.37.0-alpha Highest
Related Dependencies opentelemetry-gcp-resources-1.37.0-alpha.jarFile Path: /root/.m2/repository/io/opentelemetry/contrib/opentelemetry-gcp-resources/1.37.0-alpha/opentelemetry-gcp-resources-1.37.0-alpha.jar MD5: 26b0c19ea7d28baee1cf92b4fb21e1e0 SHA1: e2e4f1932bdc40aa9f38d746652712152e3f3fa1 SHA256: f7b6baddfbbe57f0e3e1e3cc08eb68bb61c29ef6c17898ce7ce35b1f3029d3e6 pkg:maven/io.opentelemetry.contrib/opentelemetry-gcp-resources@1.37.0-alpha Description:
OpenTelemetry Exporter Common License:
The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/io/opentelemetry/opentelemetry-exporter-common/1.34.1/opentelemetry-exporter-common-1.34.1.jar
MD5: 2b9c5eeadc21a5b978811fb45f119aec
SHA1: 19c9a3f52851a1333b648ed83c82d16eb4c64afd
SHA256: 73bb11e64d4bbcee10723fabc4374db5cdb5ce8bb7542173069f4bf960093d70
Referenced In Project/Scope: i2kfs:runtime
opentelemetry-exporter-common-1.34.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/i2kconnect/i2kconfig@0.14.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name opentelemetry-exporter-common High Vendor jar package name exporter Highest Vendor jar package name internal Highest Vendor jar package name io Highest Vendor jar package name opentelemetry Highest Vendor Manifest automatic-module-name io.opentelemetry.exporter.internal Medium Vendor pom artifactid opentelemetry-exporter-common Highest Vendor pom artifactid opentelemetry-exporter-common Low Vendor pom developer id opentelemetry Medium Vendor pom developer name OpenTelemetry Medium Vendor pom groupid io.opentelemetry Highest Vendor pom name OpenTelemetry Java High Vendor pom url open-telemetry/opentelemetry-java Highest Product file name opentelemetry-exporter-common High Product jar package name exporter Highest Product jar package name internal Highest Product jar package name io Highest Product jar package name opentelemetry Highest Product Manifest automatic-module-name io.opentelemetry.exporter.internal Medium Product Manifest Implementation-Title common High Product pom artifactid opentelemetry-exporter-common Highest Product pom developer id opentelemetry Low Product pom developer name OpenTelemetry Low Product pom groupid io.opentelemetry Highest Product pom name OpenTelemetry Java High Product pom url open-telemetry/opentelemetry-java High Version file version 1.34.1 High Version Manifest Implementation-Version 1.34.1 High Version pom version 1.34.1 Highest
Related Dependencies opentelemetry-exporter-jaeger-1.34.1.jarFile Path: /root/.m2/repository/io/opentelemetry/opentelemetry-exporter-jaeger/1.34.1/opentelemetry-exporter-jaeger-1.34.1.jar MD5: d4afa15da85d4c1e74f6bbf2890df63b SHA1: 3179ee9a99a34479ede33912f53249589db7fe57 SHA256: c2f26e12954e4cabe88dd7ff1c6276f410e1a054e2d53ba57cf64f8afb064ce1 pkg:maven/io.opentelemetry/opentelemetry-exporter-jaeger@1.34.1 opentelemetry-exporter-sender-okhttp-1.34.1.jarFile Path: /root/.m2/repository/io/opentelemetry/opentelemetry-exporter-sender-okhttp/1.34.1/opentelemetry-exporter-sender-okhttp-1.34.1.jar MD5: 4a24da0ebed74fbe4646a92afcad118f SHA1: 9f07e1764389e076a36fb7d9e5769e29f3dab950 SHA256: 4799d07bdbe89caa5df048e25b7aea623d29fd08399a544de25869f4fb87e312 pkg:maven/io.opentelemetry/opentelemetry-exporter-sender-okhttp@1.34.1 Description:
OpenTelemetry Protocol (OTLP) Exporters License:
The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/io/opentelemetry/opentelemetry-exporter-otlp/1.37.0/opentelemetry-exporter-otlp-1.37.0.jar
MD5: cb90c6f0a6979e84d1e4b932fadb0964
SHA1: c54e41827e2fbf089aaf6a2f7a4fca7795e8b9c1
SHA256: e0b6e35ca463ec1bfc6ec00cb2aba69c9d3b064ef5c93b8ac0858721712a989b
Referenced In Project/Scope: i2kfs:compile
opentelemetry-exporter-otlp-1.37.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/i2kconnect/i2kconfig@0.14.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name opentelemetry-exporter-otlp High Vendor jar package name exporter Highest Vendor jar package name io Highest Vendor jar package name opentelemetry Highest Vendor jar package name otlp Highest Vendor Manifest automatic-module-name io.opentelemetry.exporter.otlp Medium Vendor pom artifactid opentelemetry-exporter-otlp Highest Vendor pom artifactid opentelemetry-exporter-otlp Low Vendor pom developer id opentelemetry Medium Vendor pom developer name OpenTelemetry Medium Vendor pom groupid io.opentelemetry Highest Vendor pom name OpenTelemetry Java High Vendor pom url open-telemetry/opentelemetry-java Highest Product file name opentelemetry-exporter-otlp High Product jar package name exporter Highest Product jar package name io Highest Product jar package name opentelemetry Highest Product jar package name otlp Highest Product Manifest automatic-module-name io.opentelemetry.exporter.otlp Medium Product Manifest Implementation-Title all High Product pom artifactid opentelemetry-exporter-otlp Highest Product pom developer id opentelemetry Low Product pom developer name OpenTelemetry Low Product pom groupid io.opentelemetry Highest Product pom name OpenTelemetry Java High Product pom url open-telemetry/opentelemetry-java High Version file version 1.37.0 High Version Manifest Implementation-Version 1.37.0 High Version pom version 1.37.0 Highest
Related Dependencies opentelemetry-exporter-otlp-common-1.37.0.jarFile Path: /root/.m2/repository/io/opentelemetry/opentelemetry-exporter-otlp-common/1.37.0/opentelemetry-exporter-otlp-common-1.37.0.jar MD5: c6eebf0b12fd15a35152cccf47455aef SHA1: 444d869b5773695c6fb0192d77b1304361e6a765 SHA256: 228c79ae42e6c1eacfbc4b8b142a0c744ee8e2190d6bad076b71b2c53b0ffd89 pkg:maven/io.opentelemetry/opentelemetry-exporter-otlp-common@1.37.0 opentelemetry-exporter-zipkin-1.37.0.jarFile Path: /root/.m2/repository/io/opentelemetry/opentelemetry-exporter-zipkin/1.37.0/opentelemetry-exporter-zipkin-1.37.0.jar MD5: 85bbcf30434c340220d04885cc9585eb SHA1: d4aa3b20f16131fcfc94059692ee46c6edb30444 SHA256: 6ef2e520de2148d6dfcfd4cbb3b0ce849260d9eda74c5ec2bc78352e0ab33409 pkg:maven/io.opentelemetry/opentelemetry-exporter-zipkin@1.37.0 Description:
PerfMark API License:
Apache 2.0: https://opensource.org/licenses/Apache-2.0 File Path: /root/.m2/repository/io/perfmark/perfmark-api/0.26.0/perfmark-api-0.26.0.jar
MD5: e80301eb310a53b2047e30db7964bce1
SHA1: ef65452adaf20bf7d12ef55913aba24037b82738
SHA256: b7d23e93a34537ce332708269a0d1404788a5b5e1949e82f5535fce51b3ea95b
Referenced In Project/Scope: i2kfs:runtime
perfmark-api-0.26.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.grpc/grpc-core@1.65.1
Evidence Type Source Name Value Confidence Vendor file name perfmark-api High Vendor jar package name io Highest Vendor jar package name perfmark Highest Vendor Manifest automatic-module-name io.perfmark Medium Vendor Manifest carl-is-awesome true Low Vendor Manifest implementation-url https://www.perfmark.io/ Low Vendor Manifest Implementation-Vendor Carl Mastrangelo High Vendor pom artifactid perfmark-api Highest Vendor pom artifactid perfmark-api Low Vendor pom developer email carl@carlmastrangelo.com Low Vendor pom developer id carl-mastrangelo Medium Vendor pom developer name Carl Mastrangelo Medium Vendor pom groupid io.perfmark Highest Vendor pom name perfmark:perfmark-api High Vendor pom url perfmark/perfmark Highest Product file name perfmark-api High Product jar package name io Highest Product jar package name perfmark Highest Product Manifest automatic-module-name io.perfmark Medium Product Manifest carl-is-awesome true Low Product Manifest Implementation-Title PerfMark High Product Manifest implementation-url https://www.perfmark.io/ Low Product pom artifactid perfmark-api Highest Product pom developer email carl@carlmastrangelo.com Low Product pom developer id carl-mastrangelo Low Product pom developer name Carl Mastrangelo Low Product pom groupid io.perfmark Highest Product pom name perfmark:perfmark-api High Product pom url perfmark/perfmark High Version file version 0.26.0 High Version Manifest Implementation-Version 0.26.0 High Version pom version 0.26.0 Highest
pkg:maven/io.perfmark/perfmark-api@0.26.0 (Confidence :High) Description:
Some useful facades. License:
MIT License File Path: /root/.m2/repository/potemkin/potemkin/0.4.5/potemkin-0.4.5.jar
MD5: c831e846f82aa75ad34b58ac6d0f2a86
SHA1: 2f016529ef11e392896cb42365ce282e18fe7203
SHA256: 2b366c834d87cb6ea631ba68697bc374d0d1af81f6deb42c2840944da320bd99
Referenced In Project/Scope: i2kfs:compile
potemkin-0.4.5.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/i2kconnect/i2kconfig@0.14.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name potemkin High Vendor jar package name potemkin Highest Vendor jar package name potemkin Low Vendor pom artifactid potemkin Highest Vendor pom artifactid potemkin Low Vendor pom groupid potemkin Highest Vendor pom name potemkin High Product file name potemkin High Product jar package name potemkin Highest Product pom artifactid potemkin Highest Product pom groupid potemkin Highest Product pom name potemkin High Version file version 0.4.5 High Version pom version 0.4.5 Highest
pkg:maven/potemkin/potemkin@0.4.5 (Confidence :High) License:
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.html File Path: /root/.m2/repository/org/clj-commons/pretty/3.3.2/pretty-3.3.2.jar
MD5: 4d018fb62037475f92b9a7870b570344
SHA1: 8597ff5eb4650e4be066bff73eb3ac09149b3b82
SHA256: c7e7fd4a265f0289f7245cb1b1d2f045a649d2f99bee14538915fc71a4884548
Referenced In Project/Scope: i2kfs:compile
pretty-3.3.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.taoensso/timbre@6.7.1
Evidence Type Source Name Value Confidence Vendor file name pretty High Vendor Manifest build-jdk-spec 23 Low Vendor pom artifactid pretty Highest Vendor pom artifactid pretty Low Vendor pom groupid org.clj-commons Highest Vendor pom name pretty High Product file name pretty High Product Manifest build-jdk-spec 23 Low Product pom artifactid pretty Highest Product pom groupid org.clj-commons Highest Product pom name pretty High Version file version 3.3.2 High Version pom version 3.3.2 Highest
pkg:maven/org.clj-commons/pretty@3.3.2 (Confidence :High) Description:
Profile module allows loading information from AWS configuration and credentials files.
File Path: /root/.m2/repository/software/amazon/awssdk/profiles/2.20.150/profiles-2.20.150.jarMD5: b42c2fffec1c19a6bf8892e926af447eSHA1: 375d97245334523b7ec243994cf1c7d3384f33f1SHA256: bb051c9b15a2ac959d280fe22020c62244137b96cf3259f3895499bdce8cc920Referenced In Project/Scope: i2kfs:compileprofiles-2.20.150.jar is in the transitive dependency tree of the listed items. Included by:
Evidence Type Source Name Value Confidence Vendor file name profiles High Vendor jar package name amazon Highest Vendor jar package name awssdk Highest Vendor jar package name profiles Highest Vendor jar package name software Highest Vendor Manifest automatic-module-name software.amazon.awssdk.profiles Medium Vendor Manifest build-jdk-spec 1.8 Low Vendor pom artifactid profiles Highest Vendor pom artifactid profiles Low Vendor pom groupid software.amazon.awssdk Highest Vendor pom name AWS Java SDK :: Profiles High Vendor pom parent-artifactid core Low Vendor pom url https://aws.amazon.com/sdkforjava Highest Product file name profiles High Product jar package name amazon Highest Product jar package name awssdk Highest Product jar package name profiles Highest Product jar package name software Highest Product Manifest automatic-module-name software.amazon.awssdk.profiles Medium Product Manifest build-jdk-spec 1.8 Low Product pom artifactid profiles Highest Product pom groupid software.amazon.awssdk Highest Product pom name AWS Java SDK :: Profiles High Product pom parent-artifactid core Medium Product pom url https://aws.amazon.com/sdkforjava Medium Version file version 2.20.150 High Version pom version 2.20.150 Highest
Description:
A functional progress bar for the command line License:
Eclipse Public License: http://www.eclipse.org/legal/epl-v10.html File Path: /root/.m2/repository/progrock/progrock/0.1.2/progrock-0.1.2.jar
MD5: c09bc325d172b9d3bdf1e4599752197a
SHA1: 37ca2fe2cc448d497cecd4806665f2a0e3efb8e3
SHA256: 0259feb5b02476eb300b7d64e543eb54ce4ac3dcae5398310f1642768fd53f2a
Referenced In Project/Scope: i2kfs:compile
progrock-0.1.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/i2kconnect/i2kfs@1.5.0-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name progrock High Vendor pom artifactid progrock Highest Vendor pom artifactid progrock Low Vendor pom groupid progrock Highest Vendor pom name progrock High Vendor pom url weavejester/progrock Highest Product file name progrock High Product pom artifactid progrock Highest Product pom groupid progrock Highest Product pom name progrock High Product pom url weavejester/progrock High Version file version 0.1.2 High Version pom version 0.1.2 Highest
pkg:maven/progrock/progrock@0.1.2 (Confidence :High) Description:
load, coerce, and validate property files File Path: /root/.m2/repository/cc/artifice/propertea/1.4.1/propertea-1.4.1.jarMD5: 36d222af19eee4e18bc5b4eee996370fSHA1: ae62d3d59cffb02ef0de4354d0a190ce595a6cafSHA256: 52b18662a417fe7cd4f5f4e5efadc58a658f21eb7ab6cf9860b16f126f6a49ffReferenced In Project/Scope: i2kfs:compilepropertea-1.4.1.jar is in the transitive dependency tree of the listed items. Included by:
Evidence Type Source Name Value Confidence Vendor file name propertea High Vendor pom artifactid propertea Highest Vendor pom artifactid propertea Low Vendor pom groupid cc.artifice Highest Vendor pom name propertea High Product file name propertea High Product pom artifactid propertea Highest Product pom groupid cc.artifice Highest Product pom name propertea High Version file version 1.4.1 High Version pom version 1.4.1 Highest
pkg:maven/cc.artifice/propertea@1.4.1 (Confidence :High) Description:
PROTO library for proto-google-cloud-monitoring-v3 License:
Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/com/google/api/grpc/proto-google-cloud-monitoring-v3/3.52.0/proto-google-cloud-monitoring-v3-3.52.0.jar
MD5: 775fcbc679423bb98823d37f047f987b
SHA1: f2edbef9dbe715c4451d90698bd4e7a3edc4d58e
SHA256: 8238b3216aa59ffeed9a157833d7fcc844a7dc9f101b23d728f1cdec6c5c3ba2
Referenced In Project/Scope: i2kfs:compile
proto-google-cloud-monitoring-v3-3.52.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.google.cloud/google-cloud-nio@0.127.33
Evidence Type Source Name Value Confidence Vendor file name proto-google-cloud-monitoring-v3 High Vendor jar package name google Highest Vendor jar package name monitoring Highest Vendor jar package name v3 Highest Vendor Manifest artifactid proto-google-cloud-monitoring-v3 Low Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest Implementation-Vendor Google LLC High Vendor Manifest specification-vendor Google LLC Low Vendor pom artifactid proto-google-cloud-monitoring-v3 Highest Vendor pom artifactid proto-google-cloud-monitoring-v3 Low Vendor pom developer email suztomo@google.com Low Vendor pom developer id suztomo Medium Vendor pom developer name Tomo Suzuki Medium Vendor pom developer org Google Medium Vendor pom groupid com.google.api.grpc Highest Vendor pom name proto-google-cloud-monitoring-v3 High Vendor pom organization name Google LLC High Vendor pom url googleapis/google-cloud-java Highest Product file name proto-google-cloud-monitoring-v3 High Product jar package name google Highest Product jar package name monitoring Highest Product jar package name v3 Highest Product Manifest artifactid proto-google-cloud-monitoring-v3 Low Product Manifest build-jdk-spec 1.8 Low Product Manifest Implementation-Title proto-google-cloud-monitoring-v3 High Product Manifest specification-title proto-google-cloud-monitoring-v3 Medium Product pom artifactid proto-google-cloud-monitoring-v3 Highest Product pom developer email suztomo@google.com Low Product pom developer id suztomo Low Product pom developer name Tomo Suzuki Low Product pom developer org Google Low Product pom groupid com.google.api.grpc Highest Product pom name proto-google-cloud-monitoring-v3 High Product pom organization name Google LLC Low Product pom url googleapis/google-cloud-java High Version file version 3.52.0 High Version Manifest Implementation-Version 3.52.0 High Version Manifest version 3.52.0 Medium Version pom version 3.52.0 Highest
pkg:maven/com.google.api.grpc/proto-google-cloud-monitoring-v3@3.52.0 (Confidence :High) Description:
PROTO library for proto-google-cloud-storage-v2 File Path: /root/.m2/repository/com/google/api/grpc/proto-google-cloud-storage-v2/2.50.0/proto-google-cloud-storage-v2-2.50.0.jarMD5: dfb9d537fee70cd116b5c66651c38f6cSHA1: 7d6f8ccdc81ed1b633d3914450e0ada737d6dfc7SHA256: 0b326af2e1828b582a973b026059da6bc1fc6cbb47254c2223873c9cd97cd6a8Referenced In Project/Scope: i2kfs:compileproto-google-cloud-storage-v2-2.50.0.jar is in the transitive dependency tree of the listed items. Included by:
Evidence Type Source Name Value Confidence Vendor file name proto-google-cloud-storage-v2 High Vendor jar package name google Highest Vendor jar package name storage Highest Vendor jar package name v2 Highest Vendor Manifest artifactid proto-google-cloud-storage-v2 Low Vendor Manifest build-jdk-spec 17 Low Vendor Manifest Implementation-Vendor Google LLC High Vendor Manifest specification-vendor Google LLC Low Vendor pom artifactid proto-google-cloud-storage-v2 Highest Vendor pom artifactid proto-google-cloud-storage-v2 Low Vendor pom groupid com.google.api.grpc Highest Vendor pom name proto-google-cloud-storage-v2 High Vendor pom parent-artifactid google-cloud-storage-parent Low Vendor pom parent-groupid com.google.cloud Medium Product file name proto-google-cloud-storage-v2 High Product jar package name google Highest Product jar package name storage Highest Product jar package name v2 Highest Product Manifest artifactid proto-google-cloud-storage-v2 Low Product Manifest build-jdk-spec 17 Low Product Manifest Implementation-Title proto-google-cloud-storage-v2 High Product Manifest specification-title proto-google-cloud-storage-v2 Medium Product pom artifactid proto-google-cloud-storage-v2 Highest Product pom groupid com.google.api.grpc Highest Product pom name proto-google-cloud-storage-v2 High Product pom parent-artifactid google-cloud-storage-parent Medium Product pom parent-groupid com.google.cloud Medium Version file version 2.50.0 High Version Manifest Implementation-Version 2.50.0 High Version Manifest version 2.50.0 Medium Version pom version 2.50.0 Highest
pkg:maven/com.google.api.grpc/proto-google-cloud-storage-v2@2.50.0 (Confidence :High) Description:
PROTO library for proto-google-common-protos License:
Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/com/google/api/grpc/proto-google-common-protos/2.29.0/proto-google-common-protos-2.29.0.jar
MD5: c45ebcf545545422127310fa6feda22d
SHA1: eb1cf1cf4c12d5eb9cef958dfd76af4101c55a62
SHA256: ee9c751f06b112e92b37f75e4f73a17d03ef2c3302c6e8d986adbcc721b63cb0
Referenced In Project/Scope: i2kfs:compile
proto-google-common-protos-2.29.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.grpc/grpc-protobuf@1.65.1
Evidence Type Source Name Value Confidence Vendor file name proto-google-common-protos High Vendor jar package name api Highest Vendor jar package name google Highest Vendor Manifest artifactid proto-google-common-protos Low Vendor Manifest build-jdk-spec 17 Low Vendor Manifest Implementation-Vendor Google LLC High Vendor Manifest specification-vendor Google LLC Low Vendor pom artifactid proto-google-common-protos Highest Vendor pom artifactid proto-google-common-protos Low Vendor pom developer email chingor@google.com Low Vendor pom developer id chingor Medium Vendor pom developer name Jeff Ching Medium Vendor pom developer org Google Medium Vendor pom groupid com.google.api.grpc Highest Vendor pom name proto-google-common-protos High Vendor pom organization name Google LLC High Vendor pom url googleapis/sdk-platform-java Highest Product file name proto-google-common-protos High Product jar package name api Highest Product jar package name google Highest Product Manifest artifactid proto-google-common-protos Low Product Manifest build-jdk-spec 17 Low Product Manifest Implementation-Title proto-google-common-protos High Product Manifest specification-title proto-google-common-protos Medium Product pom artifactid proto-google-common-protos Highest Product pom developer email chingor@google.com Low Product pom developer id chingor Low Product pom developer name Jeff Ching Low Product pom developer org Google Low Product pom groupid com.google.api.grpc Highest Product pom name proto-google-common-protos High Product pom organization name Google LLC Low Product pom url googleapis/sdk-platform-java High Version file version 2.29.0 High Version Manifest Implementation-Version 2.29.0 High Version Manifest version 2.29.0 Medium Version pom version 2.29.0 Highest
pkg:maven/com.google.api.grpc/proto-google-common-protos@2.29.0 (Confidence :High) Description:
PROTO library for proto-google-iam-v1 License:
Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/com/google/api/grpc/proto-google-iam-v1/1.49.1/proto-google-iam-v1-1.49.1.jar
MD5: 585659b0ac767b67cae94a489cba046c
SHA1: 3340df39c56ae913b068f17818bf016a4b4c4177
SHA256: 138efca2acdd71bca4133731a7f8e619c8fa6a8585901abf2e2a35700353ca74
Referenced In Project/Scope: i2kfs:compile
proto-google-iam-v1-1.49.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.google.cloud/google-cloud-nio@0.127.33
Evidence Type Source Name Value Confidence Vendor file name proto-google-iam-v1 High Vendor jar package name google Highest Vendor jar package name iam Highest Vendor jar package name v1 Highest Vendor Manifest artifactid proto-google-iam-v1 Low Vendor Manifest build-jdk-spec 17 Low Vendor Manifest Implementation-Vendor Google LLC High Vendor Manifest specification-vendor Google LLC Low Vendor pom artifactid proto-google-iam-v1 Highest Vendor pom artifactid proto-google-iam-v1 Low Vendor pom developer email chingor@google.com Low Vendor pom developer id chingor Medium Vendor pom developer name Jeff Ching Medium Vendor pom developer org Google Medium Vendor pom groupid com.google.api.grpc Highest Vendor pom name proto-google-iam-v1 High Vendor pom organization name Google LLC High Vendor pom url googleapis/sdk-platform-java Highest Product file name proto-google-iam-v1 High Product jar package name google Highest Product jar package name iam Highest Product jar package name v1 Highest Product Manifest artifactid proto-google-iam-v1 Low Product Manifest build-jdk-spec 17 Low Product Manifest Implementation-Title proto-google-iam-v1 High Product Manifest specification-title proto-google-iam-v1 Medium Product pom artifactid proto-google-iam-v1 Highest Product pom developer email chingor@google.com Low Product pom developer id chingor Low Product pom developer name Jeff Ching Low Product pom developer org Google Low Product pom groupid com.google.api.grpc Highest Product pom name proto-google-iam-v1 High Product pom organization name Google LLC Low Product pom url googleapis/sdk-platform-java High Version file version 1.49.1 High Version Manifest Implementation-Version 1.49.1 High Version Manifest version 1.49.1 Medium Version pom version 1.49.1 Highest
pkg:maven/com.google.api.grpc/proto-google-iam-v1@1.49.1 (Confidence :High) Description:
Core Protocol Buffers library. Protocol Buffers are a way of encoding structured data in an
efficient yet extensible format.
License:
https://opensource.org/licenses/BSD-3-Clause File Path: /root/.m2/repository/com/google/protobuf/protobuf-java/3.25.6/protobuf-java-3.25.6.jar
MD5: 8deb2ece322807e85581a958310d16a4
SHA1: ad9a225cd612320937d5138d425c7aacaf49f2ca
SHA256: 54943917af39f58303cab7d05f6cdf60d937c8304f49560b596bc1491ec83e8b
Referenced In Project/Scope: i2kfs:compile
protobuf-java-3.25.6.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.grpc/grpc-alts@1.65.1
Evidence Type Source Name Value Confidence Vendor file name protobuf-java High Vendor jar package name google Highest Vendor jar package name protobuf Highest Vendor Manifest automatic-module-name com.google.protobuf Medium Vendor Manifest bundle-docurl https://developers.google.com/protocol-buffers/ Low Vendor Manifest bundle-symbolicname com.google.protobuf Medium Vendor Manifest target-label //java/core:lite_runtime_only Low Vendor pom artifactid protobuf-java Highest Vendor pom artifactid protobuf-java Low Vendor pom groupid com.google.protobuf Highest Vendor pom name Protocol Buffers [Core] High Vendor pom parent-artifactid protobuf-parent Low Product file name protobuf-java High Product jar package name google Highest Product jar package name protobuf Highest Product Manifest automatic-module-name com.google.protobuf Medium Product Manifest bundle-docurl https://developers.google.com/protocol-buffers/ Low Product Manifest Bundle-Name Protocol Buffers [Core] Medium Product Manifest bundle-symbolicname com.google.protobuf Medium Product Manifest target-label //java/core:lite_runtime_only Low Product pom artifactid protobuf-java Highest Product pom groupid com.google.protobuf Highest Product pom name Protocol Buffers [Core] High Product pom parent-artifactid protobuf-parent Medium Version file version 3.25.6 High Version Manifest Bundle-Version 3.25.6 High Version pom version 3.25.6 Highest
Description:
Utilities for Protocol Buffers License:
https://opensource.org/licenses/BSD-3-Clause File Path: /root/.m2/repository/com/google/protobuf/protobuf-java-util/3.25.1/protobuf-java-util-3.25.1.jar
MD5: 2567520fb98822477fb87e0c2257a97d
SHA1: 52ef56370091e0088ca1a8bca39cd03c6becc2dc
SHA256: faf398ad0fe8c5a7d867f76d322e2e71bb31898fe86ec3223f787a6ed6fb4622
Referenced In Project/Scope: i2kfs:compile
protobuf-java-util-3.25.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/io.grpc/grpc-grpclb@1.65.1
Evidence Type Source Name Value Confidence Vendor file name protobuf-java-util High Vendor jar package name google Highest Vendor jar package name protobuf Highest Vendor jar package name util Highest Vendor Manifest bundle-docurl https://developers.google.com/protocol-buffers/ Low Vendor Manifest bundle-symbolicname com.google.protobuf.util Medium Vendor pom artifactid protobuf-java-util Highest Vendor pom artifactid protobuf-java-util Low Vendor pom groupid com.google.protobuf Highest Vendor pom name Protocol Buffers [Util] High Vendor pom parent-artifactid protobuf-parent Low Product file name protobuf-java-util High Product jar package name google Highest Product jar package name protobuf Highest Product jar package name util Highest Product Manifest bundle-docurl https://developers.google.com/protocol-buffers/ Low Product Manifest Bundle-Name Protocol Buffers [Util] Medium Product Manifest bundle-symbolicname com.google.protobuf.util Medium Product pom artifactid protobuf-java-util Highest Product pom groupid com.google.protobuf Highest Product pom name Protocol Buffers [Util] High Product pom parent-artifactid protobuf-parent Medium Version file version 3.25.1 High Version Manifest Bundle-Version 3.25.1 High Version pom version 3.25.1 Highest
CVE-2024-7254 suppress
Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing nested groups as unknown fields with DiscardUnknownFieldsParser or Java Protobuf Lite parser, or against Protobuf map fields, creates unbounded recursions that can be abused by an attacker. CWE-400 Uncontrolled Resource Consumption, CWE-787 Out-of-bounds Write, CWE-674 Uncontrolled Recursion
CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A References:
Vulnerable Software & Versions: (show all )
Description:
The AWS SDK for Java - module holds the core protocol classes
File Path: /root/.m2/repository/software/amazon/awssdk/protocol-core/2.20.150/protocol-core-2.20.150.jarMD5: e3b3f9769813a60b36631a8f4a5ce438SHA1: 3ec1fbe7b9a73ad7b3a792064e5917dd88272987SHA256: c886747031de9de5fec72e1de7b9622b762b3f737169d7dd4fec41b296e6656aReferenced In Project/Scope: i2kfs:runtimeprotocol-core-2.20.150.jar is in the transitive dependency tree of the listed items. Included by:
Evidence Type Source Name Value Confidence Vendor file name protocol-core High Vendor jar package name amazon Highest Vendor jar package name awssdk Highest Vendor jar package name protocols Highest Vendor jar package name software Highest Vendor Manifest automatic-module-name software.amazon.awssdk.protocols.core Medium Vendor Manifest build-jdk-spec 1.8 Low Vendor pom artifactid protocol-core Highest Vendor pom artifactid protocol-core Low Vendor pom groupid software.amazon.awssdk Highest Vendor pom name AWS Java SDK :: Core :: Protocols :: Protocol Core High Vendor pom parent-artifactid protocols Low Vendor pom url https://aws.amazon.com/sdkforjava Highest Product file name protocol-core High Product jar package name amazon Highest Product jar package name awssdk Highest Product jar package name protocols Highest Product jar package name software Highest Product Manifest automatic-module-name software.amazon.awssdk.protocols.core Medium Product Manifest build-jdk-spec 1.8 Low Product pom artifactid protocol-core Highest Product pom groupid software.amazon.awssdk Highest Product pom name AWS Java SDK :: Core :: Protocols :: Protocol Core High Product pom parent-artifactid protocols Medium Product pom url https://aws.amazon.com/sdkforjava Medium Version file version 2.20.150 High Version pom version 2.20.150 Highest
Description:
Linear time regular expressions for Java License:
Go License: https://golang.org/LICENSE File Path: /root/.m2/repository/com/google/re2j/re2j/1.7/re2j-1.7.jar
MD5: deb6ffa7ed6d2cc06e6ac1182755c735
SHA1: 2949632c1b4acce0d7784f28e3152e9cf3c2ec7a
SHA256: 4f657af51ab8bb0909bcc3eb40862d26125af8cbcf92aaaba595fed77f947bc0
Referenced In Project/Scope: i2kfs:runtime
re2j-1.7.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.google.cloud/google-cloud-nio@0.127.33
Evidence Type Source Name Value Confidence Vendor file name re2j High Vendor jar package name google Highest Vendor jar package name google Low Vendor jar package name re2 Highest Vendor jar package name re2j Highest Vendor jar package name re2j Low Vendor pom artifactid re2j Highest Vendor pom artifactid re2j Low Vendor pom developer email re2j-discuss@googlegroups.com Low Vendor pom developer id dev Medium Vendor pom developer name The RE2/J Contributors Medium Vendor pom groupid com.google.re2j Highest Vendor pom name RE2/J High Vendor pom url http://github.com/google/re2j Highest Product file name re2j High Product jar package name google Highest Product jar package name re2 Highest Product jar package name re2j Highest Product jar package name re2j Low Product pom artifactid re2j Highest Product pom developer email re2j-discuss@googlegroups.com Low Product pom developer id dev Low Product pom developer name The RE2/J Contributors Low Product pom groupid com.google.re2j Highest Product pom name RE2/J High Product pom url http://github.com/google/re2j Medium Version file version 1.7 High Version pom version 1.7 Highest
pkg:maven/com.google.re2j/re2j@1.7 (Confidence :High) Description:
A Protocol for Asynchronous Non-Blocking Data Sequence License:
MIT-0: https://spdx.org/licenses/MIT-0.html File Path: /root/.m2/repository/org/reactivestreams/reactive-streams/1.0.4/reactive-streams-1.0.4.jar
MD5: eda7978509c32d99166745cc144c99cd
SHA1: 3864a1320d97d7b045f729a326e1e077661f31b7
SHA256: f75ca597789b3dac58f61857b9ac2e1034a68fa672db35055a8fb4509e325f28
Referenced In Project/Scope: i2kfs:compile
reactive-streams-1.0.4.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/software.amazon.awssdk/auth@2.20.103
Evidence Type Source Name Value Confidence Vendor file name reactive-streams High Vendor jar package name reactivestreams Highest Vendor Manifest automatic-module-name org.reactivestreams Medium Vendor Manifest bundle-docurl http://reactive-streams.org Low Vendor Manifest bundle-symbolicname reactive-streams Medium Vendor pom artifactid reactive-streams Highest Vendor pom artifactid reactive-streams Low Vendor pom developer id reactive-streams-sig Medium Vendor pom developer name Reactive Streams SIG Medium Vendor pom groupid org.reactivestreams Highest Vendor pom name reactive-streams High Vendor pom url http://www.reactive-streams.org/ Highest Product file name reactive-streams High Product jar package name reactivestreams Highest Product Manifest automatic-module-name org.reactivestreams Medium Product Manifest bundle-docurl http://reactive-streams.org Low Product Manifest Bundle-Name reactive-streams-jvm Medium Product Manifest bundle-symbolicname reactive-streams Medium Product pom artifactid reactive-streams Highest Product pom developer id reactive-streams-sig Low Product pom developer name Reactive Streams SIG Low Product pom groupid org.reactivestreams Highest Product pom name reactive-streams High Product pom url http://www.reactive-streams.org/ Medium Version file version 1.0.4 High Version Manifest Bundle-Version 1.0.4 High Version pom version 1.0.4 Highest
pkg:maven/org.reactivestreams/reactive-streams@1.0.4 (Confidence :High) Description:
Non-Blocking Reactive Foundation for the JVM License:
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/io/projectreactor/reactor-core/3.4.41/reactor-core-3.4.41.jar
MD5: 69de578ed53528d5d2092568dcd8436a
SHA1: 251308e6bd658515b35e91ec702fc52e7b62916f
SHA256: 27ffc421736b78481e815c407acc8a169a417d2bea6ed79bf56eb2a32d80ade8
Referenced In Project/Scope: i2kfs:compile
reactor-core-3.4.41.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.azure/azure-storage-blob-nio@12.0.0-beta.30
Evidence Type Source Name Value Confidence Vendor file name reactor-core High Vendor jar package name core Highest Vendor jar package name reactor Highest Vendor Manifest automatic-module-name reactor.core Medium Vendor Manifest bundle-symbolicname io.projectreactor.reactor-core Medium Vendor pom artifactid reactor-core Highest Vendor pom artifactid reactor-core Low Vendor pom developer email odokuka@vmware.com Low Vendor pom developer email sbasle@vmware.com Low Vendor pom developer id odokuka Medium Vendor pom developer id simonbasle Medium Vendor pom developer name Oleh Dokuka Medium Vendor pom developer name Simon Baslé Medium Vendor pom groupid io.projectreactor Highest Vendor pom name Non-Blocking Reactive Foundation for the JVM High Vendor pom organization name reactor High Vendor pom organization url reactor Medium Vendor pom url reactor/reactor-core Highest Product file name reactor-core High Product jar package name core Highest Product jar package name reactor Highest Product Manifest automatic-module-name reactor.core Medium Product Manifest Bundle-Name reactor-core Medium Product Manifest bundle-symbolicname io.projectreactor.reactor-core Medium Product Manifest Implementation-Title reactor-core High Product pom artifactid reactor-core Highest Product pom developer email odokuka@vmware.com Low Product pom developer email sbasle@vmware.com Low Product pom developer id odokuka Low Product pom developer id simonbasle Low Product pom developer name Oleh Dokuka Low Product pom developer name Simon Baslé Low Product pom groupid io.projectreactor Highest Product pom name Non-Blocking Reactive Foundation for the JVM High Product pom organization name reactor Low Product pom url reactor High Product pom url reactor/reactor-core High Version file version 3.4.41 High Version Manifest Implementation-Version 3.4.41 High Version pom version 3.4.41 Highest
pkg:maven/io.projectreactor/reactor-core@3.4.41 (Confidence :High) Description:
Core functionality for the Reactor Netty library License:
The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/io/projectreactor/netty/reactor-netty-core/1.0.48/reactor-netty-core-1.0.48.jar
MD5: 79b205b04af24acd5e1b5e2769db981f
SHA1: 110272aba6040142a8d3e9d53e18d4cdf615768f
SHA256: 29b20a42d039de5cd92ab77f5079d2bf66ea7af86b5627aab610dec152dc9268
Referenced In Project/Scope: i2kfs:compile
reactor-netty-core-1.0.48.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.azure/azure-storage-blob-nio@12.0.0-beta.30
Evidence Type Source Name Value Confidence Vendor file name reactor-netty-core High Vendor hint analyzer vendor pivotal Highest Vendor jar package name netty Highest Vendor jar package name reactor Highest Vendor Manifest automatic-module-name reactor.netty.core Medium Vendor Manifest bundle-symbolicname io.projectreactor.netty.reactor-netty-core Medium Vendor pom artifactid reactor-netty-core Highest Vendor pom artifactid reactor-netty-core Low Vendor pom developer email sbasle@vmware.com Low Vendor pom developer email violetag@vmware.com Low Vendor pom developer id simonbasle Medium Vendor pom developer id violetagg Medium Vendor pom developer name Simon Baslé Medium Vendor pom developer name Violeta Georgieva Medium Vendor pom groupid io.projectreactor.netty Highest Vendor pom name Core functionality for the Reactor Netty library High Vendor pom organization name reactor High Vendor pom organization url reactor Medium Vendor pom url reactor/reactor-netty Highest Product file name reactor-netty-core High Product jar package name netty Highest Product jar package name reactor Highest Product Manifest automatic-module-name reactor.netty.core Medium Product Manifest Bundle-Name reactor-netty-core Medium Product Manifest bundle-symbolicname io.projectreactor.netty.reactor-netty-core Medium Product Manifest Implementation-Title reactor-netty-core High Product pom artifactid reactor-netty-core Highest Product pom developer email sbasle@vmware.com Low Product pom developer email violetag@vmware.com Low Product pom developer id simonbasle Low Product pom developer id violetagg Low Product pom developer name Simon Baslé Low Product pom developer name Violeta Georgieva Low Product pom groupid io.projectreactor.netty Highest Product pom name Core functionality for the Reactor Netty library High Product pom organization name reactor Low Product pom url reactor High Product pom url reactor/reactor-netty High Version file version 1.0.48 High Version Manifest Implementation-Version 1.0.48 High Version pom version 1.0.48 Highest
Related Dependencies reactor-netty-http-1.0.48.jarFile Path: /root/.m2/repository/io/projectreactor/netty/reactor-netty-http/1.0.48/reactor-netty-http-1.0.48.jar MD5: 8a6dd8dc8a656d15e3f56f5aff8936bd SHA1: f64eb4fcb0ea24a99e50f08f0df4c67dbd16eb89 SHA256: dcc612f4f98978815a293b3941ac286583eb7476129cabf0dbc24c660f74575e pkg:maven/io.projectreactor.netty/reactor-netty-http@1.0.48 File Path: /root/.m2/repository/software/amazon/awssdk/regions/2.20.150/regions-2.20.150.jarMD5: 5f1d9e9100c92f72c603e459943cd015SHA1: d8cdc49ee5960bb35e6eff1b2b6f19076887ba8eSHA256: 16167c2524f7e16077ee95a219ef37d40628d74e64076be28722e819ebc12bc2Referenced In Project/Scope: i2kfs:compileregions-2.20.150.jar is in the transitive dependency tree of the listed items. Included by:
Evidence Type Source Name Value Confidence Vendor file name regions High Vendor jar package name amazon Highest Vendor jar package name awssdk Highest Vendor jar package name regions Highest Vendor jar package name software Highest Vendor Manifest automatic-module-name software.amazon.awssdk.regions Medium Vendor Manifest build-jdk-spec 1.8 Low Vendor pom artifactid regions Highest Vendor pom artifactid regions Low Vendor pom groupid software.amazon.awssdk Highest Vendor pom name AWS Java SDK :: Regions High Vendor pom parent-artifactid core Low Product file name regions High Product jar package name amazon Highest Product jar package name awssdk Highest Product jar package name regions Highest Product jar package name software Highest Product Manifest automatic-module-name software.amazon.awssdk.regions Medium Product Manifest build-jdk-spec 1.8 Low Product pom artifactid regions Highest Product pom groupid software.amazon.awssdk Highest Product pom name AWS Java SDK :: Regions High Product pom parent-artifactid core Medium Version file version 2.20.150 High Version pom version 2.20.150 Highest
Description:
code-walking without caveats License:
MIT License: http://opensource.org/licenses/MIT File Path: /root/.m2/repository/riddley/riddley/0.1.12/riddley-0.1.12.jar
MD5: c13a93e1a748f6d0b775e576e523cb42
SHA1: 033bd1610a8ef50a6347cd571eaef76182ca50b0
SHA256: 398f61fa4825b8f86c916ae580c7e133b7c477d0b72a7d3b298d381032740bae
Referenced In Project/Scope: i2kfs:compile
riddley-0.1.12.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/i2kconnect/i2kconfig@0.14.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name riddley High Vendor jar package name riddley Highest Vendor jar package name riddley Low Vendor pom artifactid riddley Highest Vendor pom artifactid riddley Low Vendor pom groupid riddley Highest Vendor pom name riddley High Product file name riddley High Product jar package name riddley Highest Product jar package name util Low Product pom artifactid riddley Highest Product pom groupid riddley Highest Product pom name riddley High Version file version 0.1.12 High Version pom version 0.1.12 Highest
pkg:maven/riddley/riddley@0.1.12 (Confidence :High) Description:
Library for encoding and decoding data License:
The MIT License: http://opensource.org/licenses/MIT File Path: /root/.m2/repository/ring/ring-codec/1.2.0/ring-codec-1.2.0.jar
MD5: 14a337ca3678838d54a8b15dd62b81e8
SHA1: fbcc4a141c638a3bd386df8ed04c05d0481be209
SHA256: 6fd8ad050062055b57b738110671f68f435774443d1826e62f4ec64d2c4565c2
Referenced In Project/Scope: i2kfs:compile
ring-codec-1.2.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/i2kconnect/i2kopenid@0.8.0-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name ring-codec High Vendor Manifest leiningen-project-artifactid ring-codec Low Vendor Manifest leiningen-project-groupid ring Low Vendor pom artifactid ring-codec Highest Vendor pom artifactid ring-codec Low Vendor pom groupid ring Highest Vendor pom name ring-codec High Vendor pom url ring-clojure/ring-codec Highest Product file name ring-codec High Product Manifest leiningen-project-artifactid ring-codec Low Product Manifest leiningen-project-groupid ring Low Product pom artifactid ring-codec Highest Product pom groupid ring Highest Product pom name ring-codec High Product pom url ring-clojure/ring-codec High Version file version 1.2.0 High Version Manifest leiningen-project-version 1.2.0 Medium Version pom version 1.2.0 Highest
pkg:maven/ring/ring-codec@1.2.0 (Confidence :High) Description:
Ring core libraries. License:
The MIT License: http://opensource.org/licenses/MIT File Path: /root/.m2/repository/ring/ring-core/1.13.0/ring-core-1.13.0.jar
MD5: 8a96c0f79be95fdb5fd03fd6c222d234
SHA1: 743d4df19d134aaa567ac3edf566c04cf307b769
SHA256: ab20c8cf482f9913b611c87cc669f0b0e35007eb767c308ba58440974e8b811d
Referenced In Project/Scope: i2kfs:compile
ring-core-1.13.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/i2kconnect/i2kconfig@0.14.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name ring-core High Vendor Manifest leiningen-project-artifactid ring-core Low Vendor Manifest leiningen-project-groupid ring Low Vendor pom artifactid ring-core Highest Vendor pom artifactid ring-core Low Vendor pom groupid ring Highest Vendor pom name ring-core High Vendor pom url ring-clojure/ring Highest Product file name ring-core High Product Manifest leiningen-project-artifactid ring-core Low Product Manifest leiningen-project-groupid ring Low Product pom artifactid ring-core Highest Product pom groupid ring Highest Product pom name ring-core High Product pom url ring-clojure/ring High Version file version 1.13.0 High Version Manifest leiningen-project-version 1.13.0 Medium Version pom version 1.13.0 Highest
pkg:maven/ring/ring-core@1.13.0 (Confidence :High) Description:
Ring core protocols. License:
The MIT License: http://opensource.org/licenses/MIT File Path: /root/.m2/repository/org/ring-clojure/ring-core-protocols/1.13.0/ring-core-protocols-1.13.0.jar
MD5: c012c4cd65dbe48ab6f727596b8cb0e2
SHA1: 3a72bf2b6177907b6c18cd0f4ac0b956dc6381ac
SHA256: 0ae0d9e54f5c436c67effe0fd3da70b07d83aefa0f999dc061c7532e4ec4eb5c
Referenced In Project/Scope: i2kfs:compile
ring-core-protocols-1.13.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/i2kconnect/i2kconfig@0.14.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name ring-core-protocols High Vendor Manifest leiningen-project-artifactid ring-core-protocols Low Vendor Manifest leiningen-project-groupid org.ring-clojure Low Vendor pom artifactid ring-core-protocols Highest Vendor pom artifactid ring-core-protocols Low Vendor pom groupid org.ring-clojure Highest Vendor pom name ring-core-protocols High Vendor pom url ring-clojure/ring Highest Product file name ring-core-protocols High Product Manifest leiningen-project-artifactid ring-core-protocols Low Product Manifest leiningen-project-groupid org.ring-clojure Low Product pom artifactid ring-core-protocols Highest Product pom groupid org.ring-clojure Highest Product pom name ring-core-protocols High Product pom url ring-clojure/ring High Version file version 1.13.0 High Version Manifest leiningen-project-version 1.13.0 Medium Version pom version 1.13.0 Highest
pkg:maven/org.ring-clojure/ring-core-protocols@1.13.0 (Confidence :High) Description:
Correlation ID tracing for distributed systems using ring and clj-http License:
Eclipse Public License: http://www.eclipse.org/legal/epl-v10.html File Path: /root/.m2/repository/org/clojars/ejschoen/ring-correlation-id/0.7.0-SNAPSHOT/ring-correlation-id-0.7.0-SNAPSHOT.jar
MD5: b2a9a5851c4c272f22d0a5da42d6f9ad
SHA1: dc93fdb4438a98517eb3b188a7e393421ffb1e69
SHA256: 706944803ac1d5832d968e2f716d9ee259f356c04242d35cafa94ce83af9cc3d
Referenced In Project/Scope: i2kfs:compile
ring-correlation-id-0.7.0-SNAPSHOT.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/i2kconnect/i2kconfig@0.14.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name ring-correlation-id High Vendor Manifest leiningen-project-artifactid ring-correlation-id Low Vendor pom artifactid ring-correlation-id Highest Vendor pom artifactid ring-correlation-id Low Vendor pom groupid org.clojars.ejschoen Highest Vendor pom name ring-correlation-id High Vendor pom url ejschoen/ring-correlation-id.git Highest Product file name ring-correlation-id High Product Manifest leiningen-project-artifactid ring-correlation-id Low Product pom artifactid ring-correlation-id Highest Product pom groupid org.clojars.ejschoen Highest Product pom name ring-correlation-id High Product pom url ejschoen/ring-correlation-id.git High Version Manifest leiningen-project-version 0.7.0-SNAPSHOT Medium Version pom version 0.7.0-SNAPSHOT Highest
pkg:maven/org.clojars.ejschoen/ring-correlation-id@0.7.0-SNAPSHOT (Confidence :High) Description:
Ring protocols for websockets. License:
The MIT License: http://opensource.org/licenses/MIT File Path: /root/.m2/repository/org/ring-clojure/ring-websocket-protocols/1.13.0/ring-websocket-protocols-1.13.0.jar
MD5: a79ad4b5ad686cb28024563b4508697e
SHA1: 7fe69df15983c8ee5a30b030316be3d24b58daa7
SHA256: 973b0503e711f26c538c9cd160ad97638df3f65d3c0e8f7085d28a2610f997c8
Referenced In Project/Scope: i2kfs:compile
ring-websocket-protocols-1.13.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/i2kconnect/i2kconfig@0.14.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name ring-websocket-protocols High Vendor Manifest leiningen-project-artifactid ring-websocket-protocols Low Vendor Manifest leiningen-project-groupid org.ring-clojure Low Vendor pom artifactid ring-websocket-protocols Highest Vendor pom artifactid ring-websocket-protocols Low Vendor pom groupid org.ring-clojure Highest Vendor pom name ring-websocket-protocols High Vendor pom url ring-clojure/ring Highest Product file name ring-websocket-protocols High Product Manifest leiningen-project-artifactid ring-websocket-protocols Low Product Manifest leiningen-project-groupid org.ring-clojure Low Product pom artifactid ring-websocket-protocols Highest Product pom groupid org.ring-clojure Highest Product pom name ring-websocket-protocols High Product pom url ring-clojure/ring High Version file version 1.13.0 High Version Manifest leiningen-project-version 1.13.0 Medium Version pom version 1.13.0 Highest
pkg:maven/org.ring-clojure/ring-websocket-protocols@1.13.0 (Confidence :High) Description:
Reactive Extensions for Java License:
The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/io/reactivex/rxjava3/rxjava/3.1.7/rxjava-3.1.7.jar
MD5: 4c0bcec355ccb18d3cf71cecfd2c6b88
SHA1: 3b2593157a6e7b50cd812a126e6859c5654e6666
SHA256: 11b9128e1c5b3955cf596afaf5bbbd1e16ea27872cb5399cbeed3e11418b7966
Referenced In Project/Scope: i2kfs:runtime
rxjava-3.1.7.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/software.amazon.nio.s3/aws-java-nio-spi-for-s3@1.2.4
Evidence Type Source Name Value Confidence Vendor file name rxjava High Vendor jar package name io Highest Vendor jar package name reactivex Highest Vendor jar package name rxjava3 Highest Vendor Manifest bundle-docurl https://github.com/ReactiveX/RxJava Low Vendor Manifest bundle-symbolicname io.reactivex.rxjava3.rxjava Medium Vendor Manifest eclipse-extensibleapi true Low Vendor Manifest multi-release true Low Vendor pom artifactid rxjava Highest Vendor pom artifactid rxjava Low Vendor pom developer id akarnokd Medium Vendor pom developer name David Karnok Medium Vendor pom groupid io.reactivex.rxjava3 Highest Vendor pom name RxJava High Vendor pom url ReactiveX/RxJava Highest Product file name rxjava High Product jar package name io Highest Product jar package name reactivex Highest Product jar package name rxjava3 Highest Product Manifest bundle-docurl https://github.com/ReactiveX/RxJava Low Product Manifest Bundle-Name rxjava Medium Product Manifest bundle-symbolicname io.reactivex.rxjava3.rxjava Medium Product Manifest eclipse-extensibleapi true Low Product Manifest multi-release true Low Product pom artifactid rxjava Highest Product pom developer id akarnokd Low Product pom developer name David Karnok Low Product pom groupid io.reactivex.rxjava3 Highest Product pom name RxJava High Product pom url ReactiveX/RxJava High Version file version 3.1.7 High Version Manifest Bundle-Version 3.1.7 High Version pom version 3.1.7 Highest
pkg:maven/io.reactivex.rxjava3/rxjava@3.1.7 (Confidence :High) Description:
The AWS Java SDK for Amazon S3 module holds the client classes that are used for communicating with
Amazon Simple Storage Service
File Path: /root/.m2/repository/software/amazon/awssdk/s3/2.20.150/s3-2.20.150.jarMD5: 89127952b3c9ef48ac83a9264bc3148bSHA1: b346c23cc44b1a77997eb0119902f9f5ecf0becbSHA256: db1d3ad532062d26b3489d571d0c94769aaae0d1fefee31e37f9320293e903c3Referenced In Project/Scope: i2kfs:runtimes3-2.20.150.jar is in the transitive dependency tree of the listed items. Included by:
Evidence Type Source Name Value Confidence Vendor file name s3 High Vendor jar package name amazon Highest Vendor jar package name awssdk Highest Vendor jar package name services Highest Vendor jar package name software Highest Vendor Manifest automatic-module-name software.amazon.awssdk.services.s3 Medium Vendor Manifest build-jdk-spec 1.8 Low Vendor pom artifactid s3 Highest Vendor pom artifactid s3 Low Vendor pom groupid software.amazon.awssdk Highest Vendor pom name AWS Java SDK :: Services :: Amazon S3 High Vendor pom parent-artifactid services Low Vendor pom url https://aws.amazon.com/sdkforjava Highest Product file name s3 High Product jar package name amazon Highest Product jar package name awssdk Highest Product jar package name services Highest Product jar package name software Highest Product Manifest automatic-module-name software.amazon.awssdk.services.s3 Medium Product Manifest build-jdk-spec 1.8 Low Product pom artifactid s3 Highest Product pom groupid software.amazon.awssdk Highest Product pom name AWS Java SDK :: Services :: Amazon S3 High Product pom parent-artifactid services Medium Product pom url https://aws.amazon.com/sdkforjava Medium Version file version 2.20.150 High Version pom version 2.20.150 Highest
Related Dependencies s3-transfer-manager-2.20.150.jarFile Path: /root/.m2/repository/software/amazon/awssdk/s3-transfer-manager/2.20.150/s3-transfer-manager-2.20.150.jar MD5: b0a81a16f57bd364d13c1a2598e66ddb SHA1: 2314dfd934e27bb289b599158758222011858b07 SHA256: e3f79b1e2ccb10b6341aee270dcd8008689a72a86d76d0853f06cd8fb3f35c8c pkg:maven/software.amazon.awssdk/s3-transfer-manager@2.20.150 Description:
Clojure(Script) library for declarative data description and validation License:
Eclipse Public License: http://www.eclipse.org/legal/epl-v10.html File Path: /root/.m2/repository/prismatic/schema/1.1.10/schema-1.1.10.jar
MD5: 16433de40e6f0bd652472c53dfbb3397
SHA1: 2b33fb9857a79ff7a842d43319211a4a3f169e65
SHA256: 2d5b499c3642a3328451afadcf03974cc40fb1beff3d8fc80368f6bec28ffac2
Referenced In Project/Scope: i2kfs:compile
schema-1.1.10.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/i2kconnect/i2kconfig@0.14.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name schema High Vendor pom artifactid schema Highest Vendor pom artifactid schema Low Vendor pom groupid prismatic Highest Vendor pom name schema High Vendor pom url http://github.com/plumatic/schema Highest Product file name schema High Product pom artifactid schema Highest Product pom groupid prismatic Highest Product pom name schema High Product pom url http://github.com/plumatic/schema Medium Version file version 1.1.10 High Version pom version 1.1.10 Highest
pkg:maven/prismatic/schema@1.1.10 (Confidence :High) Description:
The AWS SDK for Java - SDK Core runtime module holds the classes that are used by the individual service
clients to interact with
Amazon Web Services. Users need to depend on aws-java-sdk artifact for accessing individual client classes.
File Path: /root/.m2/repository/software/amazon/awssdk/sdk-core/2.20.150/sdk-core-2.20.150.jarMD5: cc1b885c44b0f5710e3e4daed0ad79d3SHA1: d7d4a8ac8dc22f41ac828d9fd702ff01203bacc8SHA256: 1624b88e71f34251435796fc052431e111e9c5846b5095492c81142d652744b8Referenced In Project/Scope: i2kfs:compilesdk-core-2.20.150.jar is in the transitive dependency tree of the listed items. Included by:
Evidence Type Source Name Value Confidence Vendor file name sdk-core High Vendor jar package name amazon Highest Vendor jar package name awssdk Highest Vendor jar package name core Highest Vendor jar package name software Highest Vendor Manifest automatic-module-name software.amazon.awssdk.core Medium Vendor Manifest build-jdk-spec 1.8 Low Vendor pom artifactid sdk-core Highest Vendor pom artifactid sdk-core Low Vendor pom groupid software.amazon.awssdk Highest Vendor pom name AWS Java SDK :: SDK Core High Vendor pom parent-artifactid core Low Vendor pom url https://aws.amazon.com/sdkforjava Highest Product file name sdk-core High Product jar package name amazon Highest Product jar package name awssdk Highest Product jar package name core Highest Product jar package name software Highest Product Manifest automatic-module-name software.amazon.awssdk.core Medium Product Manifest build-jdk-spec 1.8 Low Product pom artifactid sdk-core Highest Product pom groupid software.amazon.awssdk Highest Product pom name AWS Java SDK :: SDK Core High Product pom parent-artifactid core Medium Product pom url https://aws.amazon.com/sdkforjava Medium Version file version 2.20.150 High Version pom version 2.20.150 Highest
Description:
Resource helper utilites for GCP within OpenTelemetry License:
The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/com/google/cloud/opentelemetry/shared-resourcemapping/0.33.0/shared-resourcemapping-0.33.0.jar
MD5: b4136087a114cf56ef45fd56429073e0
SHA1: 9c4f5ed770ccf34c3e78adadd979227fb9105de3
SHA256: eea9a3e11db783626cc15dd1835c1ed09f53b70a1fca8c58bf723ce813e9f843
Referenced In Project/Scope: i2kfs:runtime
shared-resourcemapping-0.33.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.google.cloud/google-cloud-nio@0.127.33
Evidence Type Source Name Value Confidence Vendor file name shared-resourcemapping High Vendor jar package name cloud Highest Vendor jar package name cloud Low Vendor jar package name google Highest Vendor jar package name google Low Vendor jar package name opentelemetry Highest Vendor jar package name opentelemetry Low Vendor jar package name resource Highest Vendor pom artifactid shared-resourcemapping Highest Vendor pom artifactid shared-resourcemapping Low Vendor pom developer email opentelemetry-team@google.com Low Vendor pom developer id com.google.cloud.opentelemetry Medium Vendor pom developer name OpenTelemetry Operations Contributors Medium Vendor pom developer org Google Inc Medium Vendor pom developer org URL https://cloud.google.com/products/operations Medium Vendor pom groupid com.google.cloud.opentelemetry Highest Vendor pom name OpenTelemetry Operations Java High Vendor pom url GoogleCloudPlatform/opentelemetry-operations-java Highest Product file name shared-resourcemapping High Product jar package name cloud Highest Product jar package name cloud Low Product jar package name google Highest Product jar package name opentelemetry Highest Product jar package name opentelemetry Low Product jar package name resource Highest Product jar package name shadow Low Product pom artifactid shared-resourcemapping Highest Product pom developer email opentelemetry-team@google.com Low Product pom developer id com.google.cloud.opentelemetry Low Product pom developer name OpenTelemetry Operations Contributors Low Product pom developer org Google Inc Low Product pom developer org URL https://cloud.google.com/products/operations Low Product pom groupid com.google.cloud.opentelemetry Highest Product pom name OpenTelemetry Operations Java High Product pom url GoogleCloudPlatform/opentelemetry-operations-java High Version file version 0.33.0 High Version pom version 0.33.0 Highest
pkg:maven/com.google.cloud.opentelemetry/shared-resourcemapping@0.33.0 (Confidence :High) Description:
The slf4j API License:
http://www.opensource.org/licenses/mit-license.php File Path: /root/.m2/repository/org/slf4j/slf4j-api/2.0.16/slf4j-api-2.0.16.jar
MD5: c8de8f5d740584cb24b5652cfba8b3c4
SHA1: 0172931663a09a1fa515567af5fbef00897d3c04
SHA256: a12578dde1ba00bd9b816d388a0b879928d00bab3c83c240f7013bf4196c579a
Referenced In Project/Scope: i2kfs:compile
slf4j-api-2.0.16.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/i2kconnect/i2kfs@1.5.0-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name slf4j-api High Vendor jar package name slf4j Highest Vendor Manifest build-jdk-spec 21 Low Vendor Manifest bundle-docurl http://www.slf4j.org Low Vendor Manifest bundle-symbolicname slf4j.api Medium Vendor Manifest multi-release true Low Vendor pom artifactid slf4j-api Highest Vendor pom artifactid slf4j-api Low Vendor pom groupid org.slf4j Highest Vendor pom name SLF4J API Module High Vendor pom parent-artifactid slf4j-parent Low Vendor pom url http://www.slf4j.org Highest Product file name slf4j-api High Product jar package name slf4j Highest Product Manifest build-jdk-spec 21 Low Product Manifest bundle-docurl http://www.slf4j.org Low Product Manifest Bundle-Name SLF4J API Module Medium Product Manifest bundle-symbolicname slf4j.api Medium Product Manifest Implementation-Title slf4j-api High Product Manifest multi-release true Low Product pom artifactid slf4j-api Highest Product pom groupid org.slf4j Highest Product pom name SLF4J API Module High Product pom parent-artifactid slf4j-parent Medium Product pom url http://www.slf4j.org Medium Version file version 2.0.16 High Version Manifest Bundle-Version 2.0.16 High Version Manifest Implementation-Version 2.0.16 High Version pom version 2.0.16 Highest
pkg:maven/org.slf4j/slf4j-api@2.0.16 (Confidence :High) Description:
Enhanced throw, try, leveraging Clojure's capabilities License:
Eclipse Public License 1.0: https://www.eclipse.org/legal/epl-v10.html File Path: /root/.m2/repository/slingshot/slingshot/0.12.2/slingshot-0.12.2.jar
MD5: 4793bec2229ccc655d62fcc5b47cbd77
SHA1: be4aed05849752f9ac5d09691755dec3dd8ed5f3
SHA256: a68ac22bf2ea3cd54ce34db70fd69844d631ef549f6450c278c30e6f79df63f3
Referenced In Project/Scope: i2kfs:compile
slingshot-0.12.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/i2kconnect/i2kconfig@0.14.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name slingshot High Vendor pom artifactid slingshot Highest Vendor pom artifactid slingshot Low Vendor pom groupid slingshot Highest Vendor pom name slingshot High Vendor pom url scgilardi/slingshot Highest Product file name slingshot High Product pom artifactid slingshot Highest Product pom groupid slingshot Highest Product pom name slingshot High Product pom url scgilardi/slingshot High Version file version 0.12.2 High Version pom version 0.12.2 Highest
pkg:maven/slingshot/slingshot@0.12.2 (Confidence :High) Description:
Specification of data and functions License:
Eclipse Public License 1.0: http://opensource.org/licenses/eclipse-1.0.php File Path: /root/.m2/repository/org/clojure/spec.alpha/0.3.218/spec.alpha-0.3.218.jar
MD5: ecdbb58e7a95163c1369ef9fa054013d
SHA1: a7dad492f8d6cf657d82dcd6b31bda0899f1ac0e
SHA256: 67ec898eb55c66a957a55279dd85d1376bb994bd87668b2b0de1eb3b97e8aae0
Referenced In Project/Scope: i2kfs:compile
spec.alpha-0.3.218.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.clojure/clojure@1.11.4
Evidence Type Source Name Value Confidence Vendor file name spec.alpha High Vendor jar package name alpha Highest Vendor jar package name clojure Highest Vendor jar package name clojure Low Vendor jar package name spec Highest Vendor jar package name spec Low Vendor pom artifactid spec.alpha Highest Vendor pom artifactid spec.alpha Low Vendor pom developer id richhickey Medium Vendor pom developer name Rich Hickey Medium Vendor pom groupid org.clojure Highest Vendor pom name spec.alpha High Vendor pom parent-artifactid pom.contrib Low Product file name spec.alpha High Product jar package name alpha Highest Product jar package name clojure Highest Product jar package name spec Highest Product jar package name spec Low Product pom artifactid spec.alpha Highest Product pom developer id richhickey Low Product pom developer name Rich Hickey Low Product pom groupid org.clojure Highest Product pom name spec.alpha High Product pom parent-artifactid pom.contrib Medium Version file version 0.3.218 High Version pom parent-version 0.3.218 Low Version pom version 0.3.218 Highest
pkg:maven/org.clojure/spec.alpha@0.3.218 (Confidence :High) File Path: /root/.m2/repository/software/amazon/awssdk/third-party-jackson-core/2.20.150/third-party-jackson-core-2.20.150.jarMD5: 986420fea1e47133c3013ceb6a84bcacSHA1: 24561b68499f14fc3188f1b7ba50362e2798374eSHA256: 0d975f804962205d48fe84c86fded7d6bcaff67216709a4bc55eadb8390782c5Referenced In Project/Scope: i2kfs:compilethird-party-jackson-core-2.20.150.jar is in the transitive dependency tree of the listed items. Included by:
Evidence Type Source Name Value Confidence Vendor file name third-party-jackson-core High Vendor jar package name amazon Highest Vendor jar package name awssdk Highest Vendor jar package name software Highest Vendor jar package name thirdparty Highest Vendor Manifest automatic-module-name software.amazon.awssdk.thirdparty.jackson.core Medium Vendor pom artifactid third-party-jackson-core Highest Vendor pom artifactid third-party-jackson-core Low Vendor pom groupid software.amazon.awssdk Highest Vendor pom name AWS Java SDK :: Third Party :: Jackson-core High Vendor pom parent-artifactid third-party Low Vendor pom url https://aws.amazon.com/sdkforjava Highest Product file name third-party-jackson-core High Product jar package name amazon Highest Product jar package name awssdk Highest Product jar package name software Highest Product jar package name thirdparty Highest Product Manifest automatic-module-name software.amazon.awssdk.thirdparty.jackson.core Medium Product pom artifactid third-party-jackson-core Highest Product pom groupid software.amazon.awssdk Highest Product pom name AWS Java SDK :: Third Party :: Jackson-core High Product pom parent-artifactid third-party Medium Product pom url https://aws.amazon.com/sdkforjava Medium Version file version 2.20.150 High Version pom version 2.20.150 Highest
Description:
Backport of JSR-310 from JDK 8 to JDK 7 and JDK 6. NOT an implementation of the JSR. License:
BSD-3-Clause: https://raw.githubusercontent.com/ThreeTen/threetenbp/main/LICENSE.txt File Path: /root/.m2/repository/org/threeten/threetenbp/1.7.0/threetenbp-1.7.0.jar
MD5: 46702bfa3577c1a9fd1aeeb8a2bababc
SHA1: 8703e893440e550295aa358281db468625bc9a05
SHA256: 857917d2319a4e92dc1c5e3aeb75a0dac84445ed315e7ac3d82bb8d2b298977f
Referenced In Project/Scope: i2kfs:compile
threetenbp-1.7.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.google.cloud/google-cloud-nio@0.127.33
Evidence Type Source Name Value Confidence Vendor file name threetenbp High Vendor jar package name bp Highest Vendor jar package name threeten Highest Vendor Manifest automatic-module-name org.threeten.bp Medium Vendor Manifest build-jdk-spec 11 Low Vendor Manifest bundle-docurl https://www.threeten.org Low Vendor Manifest bundle-symbolicname org.threeten.bp Medium Vendor Manifest Implementation-Vendor ThreeTen.org High Vendor Manifest specification-vendor ThreeTen.org Low Vendor pom artifactid threetenbp Highest Vendor pom artifactid threetenbp Low Vendor pom developer id jodastephen Medium Vendor pom developer name Stephen Colebourne Medium Vendor pom groupid org.threeten Highest Vendor pom name ThreeTen backport High Vendor pom organization name ThreeTen.org High Vendor pom organization url https://www.threeten.org Medium Vendor pom url https://www.threeten.org/threetenbp Highest Product file name threetenbp High Product jar package name bp Highest Product jar package name threeten Highest Product Manifest automatic-module-name org.threeten.bp Medium Product Manifest build-jdk-spec 11 Low Product Manifest bundle-docurl https://www.threeten.org Low Product Manifest Bundle-Name ThreeTen backport Medium Product Manifest bundle-symbolicname org.threeten.bp Medium Product Manifest Implementation-Title ThreeTen backport High Product Manifest specification-title ThreeTen backport Medium Product pom artifactid threetenbp Highest Product pom developer id jodastephen Low Product pom developer name Stephen Colebourne Low Product pom groupid org.threeten Highest Product pom name ThreeTen backport High Product pom organization name ThreeTen.org Low Product pom organization url https://www.threeten.org Low Product pom url https://www.threeten.org/threetenbp Medium Version file version 1.7.0 High Version Manifest Bundle-Version 1.7.0 High Version Manifest Implementation-Version 1.7.0 High Version pom version 1.7.0 Highest
pkg:maven/org.threeten/threetenbp@1.7.0 (Confidence :High) cpe:2.3:a:threeten:threeten_backport:1.7.0:*:*:*:*:*:*:* (Confidence :Low) suppress Description:
Stream-to-stream JSON string encoding License:
Eclipse Public License: http://www.eclipse.org/legal/epl-v10.html File Path: /root/.m2/repository/tigris/tigris/0.1.2/tigris-0.1.2.jar
MD5: 5f33b5d6ca167cc92fb782b7d876262c
SHA1: a122db758561d995a83cbb40f252b64d8b0f506e
SHA256: 49aa648edb6c14e57095a11b391eaee606578323fb79755f92331ac6300f97a0
Referenced In Project/Scope: i2kfs:compile
tigris-0.1.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/cheshire/cheshire@5.10.2
Evidence Type Source Name Value Confidence Vendor file name tigris High Vendor jar package name tigris Highest Vendor jar package name tigris Low Vendor jar package name writequit Low Vendor pom artifactid tigris Highest Vendor pom artifactid tigris Low Vendor pom groupid tigris Highest Vendor pom name tigris High Vendor pom url dakrone/tigris Highest Product file name tigris High Product jar package name jsonstringescapinginputstream Low Product jar package name tigris Highest Product jar package name tigris Low Product pom artifactid tigris Highest Product pom groupid tigris Highest Product pom name tigris High Product pom url dakrone/tigris High Version file version 0.1.2 High Version pom version 0.1.2 Highest
pkg:maven/tigris/tigris@0.1.2 (Confidence :High) Description:
Pure Clojure/Script logging library License:
Eclipse Public License - v 1.0: https://www.eclipse.org/legal/epl-v10.html File Path: /root/.m2/repository/com/taoensso/timbre/6.7.1/timbre-6.7.1.jar
MD5: e06f54c8f5fbb99da2155f054391ac1b
SHA1: 86b3dfdd8f39f59d10b07ef17a545cd853179a23
SHA256: 5f735aa872690297cc4c9d6628c9883f0a2f790dd332db89130ba5cfab968651
Referenced In Project/Scope: i2kfs:compile
timbre-6.7.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/i2kconnect/i2kfs@1.5.0-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name timbre High Vendor Manifest leiningen-project-artifactid timbre Low Vendor pom artifactid timbre Highest Vendor pom artifactid timbre Low Vendor pom groupid com.taoensso Highest Vendor pom name timbre High Vendor pom url https://www.taoensso.com/timbre Highest Product file name timbre High Product Manifest leiningen-project-artifactid timbre Low Product pom artifactid timbre Highest Product pom groupid com.taoensso Highest Product pom name timbre High Product pom url https://www.taoensso.com/timbre Medium Version file version 6.7.1 High Version Manifest leiningen-project-version 6.7.1 Medium Version pom version 6.7.1 Highest
pkg:maven/com.taoensso/timbre@6.7.1 (Confidence :High) Description:
Timbre backend/provider for SLF4J API v2 License:
Eclipse Public License - v 1.0: https://www.eclipse.org/legal/epl-v10.html File Path: /root/.m2/repository/com/taoensso/timbre-slf4j/6.7.0/timbre-slf4j-6.7.0.jar
MD5: d78bed9cdd1666f447c0aa2cacf41397
SHA1: 6419fb465d61655d6fe36f1f12822416931ddbba
SHA256: 0ce73a5704ea3d7de309ae5d3cac72ba49afd56ac3ef2feda6de808fd6343621
Referenced In Project/Scope: i2kfs:compile
timbre-slf4j-6.7.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/i2kconnect/i2kfs@1.5.0-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name timbre-slf4j High Vendor jar package name slf4j Highest Vendor jar package name taoensso Highest Vendor jar package name timbre Highest Vendor Manifest leiningen-project-artifactid timbre-slf4j Low Vendor pom artifactid timbre-slf4j Highest Vendor pom artifactid timbre-slf4j Low Vendor pom groupid com.taoensso Highest Vendor pom name timbre-slf4j High Vendor pom url https://www.taoensso.com/timbre Highest Product file name timbre-slf4j High Product jar package name slf4j Highest Product jar package name taoensso Highest Product jar package name timbre Highest Product Manifest leiningen-project-artifactid timbre-slf4j Low Product pom artifactid timbre-slf4j Highest Product pom groupid com.taoensso Highest Product pom name timbre-slf4j High Product pom url https://www.taoensso.com/timbre Medium Version file version 6.7.0 High Version Manifest leiningen-project-version 6.7.0 Medium Version pom version 6.7.0 Highest
pkg:maven/com.taoensso/timbre-slf4j@6.7.0 (Confidence :High) Description:
An analyzer for Clojure code, written in Clojure and producing AST in EDN File Path: /root/.m2/repository/org/clojure/tools.analyzer/1.1.1/tools.analyzer-1.1.1.jarMD5: 503187a6e4780e300faaf27d0a59eef4SHA1: 0a167e7bafea9a0caf789e8837f807f97bc8caa4SHA256: eba167fca1179fb156a8e38bdc2e9d49dff491e5150965b54839b952fceed060Referenced In Project/Scope: i2kfs:compiletools.analyzer-1.1.1.jar is in the transitive dependency tree of the listed items. Included by:
Evidence Type Source Name Value Confidence Vendor file name tools.analyzer High Vendor pom artifactid tools.analyzer Highest Vendor pom artifactid tools.analyzer Low Vendor pom developer id bronsa Medium Vendor pom developer name Nicola Mometto Medium Vendor pom groupid org.clojure Highest Vendor pom name tools.analyzer High Vendor pom parent-artifactid pom.contrib Low Product file name tools.analyzer High Product pom artifactid tools.analyzer Highest Product pom developer id bronsa Low Product pom developer name Nicola Mometto Low Product pom groupid org.clojure Highest Product pom name tools.analyzer High Product pom parent-artifactid pom.contrib Medium Version file version 1.1.1 High Version pom parent-version 1.1.1 Low Version pom version 1.1.1 Highest
pkg:maven/org.clojure/tools.analyzer@1.1.1 (Confidence :High) Description:
Additional jvm-specific passes for tools.analyzer File Path: /root/.m2/repository/org/clojure/tools.analyzer.jvm/1.2.3/tools.analyzer.jvm-1.2.3.jarMD5: bbbea9f2e9799e4223eb314dbde358c7SHA1: 5ea70a6c4cb1c36b30b05a4fa7d00adbc30fa260SHA256: 86332ef629ede50e1ad910dfb835e4cf3427073cfab2907e52b9ab2fb2f61416Referenced In Project/Scope: i2kfs:compiletools.analyzer.jvm-1.2.3.jar is in the transitive dependency tree of the listed items. Included by:
Evidence Type Source Name Value Confidence Vendor file name tools.analyzer.jvm High Vendor pom artifactid tools.analyzer.jvm Highest Vendor pom artifactid tools.analyzer.jvm Low Vendor pom developer id bronsa Medium Vendor pom developer name Nicola Mometto Medium Vendor pom groupid org.clojure Highest Vendor pom name tools.analyzer.jvm High Vendor pom parent-artifactid pom.contrib Low Product file name tools.analyzer.jvm High Product pom artifactid tools.analyzer.jvm Highest Product pom developer id bronsa Low Product pom developer name Nicola Mometto Low Product pom groupid org.clojure Highest Product pom name tools.analyzer.jvm High Product pom parent-artifactid pom.contrib Medium Version file version 1.2.3 High Version pom parent-version 1.2.3 Low Version pom version 1.2.3 Highest
pkg:maven/org.clojure/tools.analyzer.jvm@1.2.3 (Confidence :High) File Path: /root/.m2/repository/org/clojure/tools.cli/0.4.2/tools.cli-0.4.2.jarMD5: 0508a12881aa87b3983ac6a38bb7c5d8SHA1: aae75024c0e174bcebd8fefc635b576e5be386e9SHA256: 66b2bb352275c94b9b759217de2f11d2a3862b96d09e9d2d189a9b4326c098e7Referenced In Project/Scope: i2kfs:compiletools.cli-0.4.2.jar is in the transitive dependency tree of the listed items. Included by:
Evidence Type Source Name Value Confidence Vendor file name tools.cli High Vendor pom artifactid tools.cli Highest Vendor pom artifactid tools.cli Low Vendor pom developer name Gareth Jones Medium Vendor pom developer name Sean Corfield Medium Vendor pom developer name Sung Pae Medium Vendor pom groupid org.clojure Highest Vendor pom name tools.cli High Vendor pom parent-artifactid pom.contrib Low Product file name tools.cli High Product pom artifactid tools.cli Highest Product pom developer name Gareth Jones Low Product pom developer name Sean Corfield Low Product pom developer name Sung Pae Low Product pom groupid org.clojure Highest Product pom name tools.cli High Product pom parent-artifactid pom.contrib Medium Version file version 0.4.2 High Version pom parent-version 0.4.2 Low Version pom version 0.4.2 Highest
pkg:maven/org.clojure/tools.cli@0.4.2 (Confidence :High) File Path: /root/.m2/repository/org/clojure/tools.logging/0.4.1/tools.logging-0.4.1.jarMD5: fa10087f7236e1a40aac0c4d63d4bdb8SHA1: 991bebc6e3633b85091ae929d62c116a2584aee7SHA256: 4aee0d54467ce1bd578180499767cc6570e164bf1f5e1c3ed01ef4d75ae83a00Referenced In Project/Scope: i2kfs:compiletools.logging-0.4.1.jar is in the transitive dependency tree of the listed items. Included by:
Evidence Type Source Name Value Confidence Vendor file name tools.logging High Vendor pom artifactid tools.logging Highest Vendor pom artifactid tools.logging Low Vendor pom developer name Alex Taggart Medium Vendor pom groupid org.clojure Highest Vendor pom name tools.logging High Vendor pom parent-artifactid pom.contrib Low Product file name tools.logging High Product pom artifactid tools.logging Highest Product pom developer name Alex Taggart Low Product pom groupid org.clojure Highest Product pom name tools.logging High Product pom parent-artifactid pom.contrib Medium Version file version 0.4.1 High Version pom parent-version 0.4.1 Low Version pom version 0.4.1 Highest
pkg:maven/org.clojure/tools.logging@0.4.1 (Confidence :High) cpe:2.3:a:alex_project:alex:0.4.1:*:*:*:*:*:*:* (Confidence :Low) suppress File Path: /root/.m2/repository/org/clojure/tools.macro/0.1.5/tools.macro-0.1.5.jarMD5: a583c644fc49dcafe3edb9909cf8df95SHA1: 925e200c906052e462e34a2c7e78a48ffec1dec4SHA256: 2714d7294c90f9268eeef3728fe4d98ebfaaedf240a02374daef2b8558448248Referenced In Project/Scope: i2kfs:compiletools.macro-0.1.5.jar is in the transitive dependency tree of the listed items. Included by:
Evidence Type Source Name Value Confidence Vendor file name tools.macro High Vendor pom artifactid tools.macro Highest Vendor pom artifactid tools.macro Low Vendor pom developer name Konrad Hinsen Medium Vendor pom developer name Stuart Halloway Medium Vendor pom groupid org.clojure Highest Vendor pom name ${artifactId} High Vendor pom name tools.macro High Vendor pom parent-artifactid pom.contrib Low Product file name tools.macro High Product pom artifactid tools.macro Highest Product pom developer name Konrad Hinsen Low Product pom developer name Stuart Halloway Low Product pom groupid org.clojure Highest Product pom name ${artifactId} High Product pom name tools.macro High Product pom parent-artifactid pom.contrib Medium Version file version 0.1.5 High Version pom parent-version 0.1.5 Low Version pom version 0.1.5 Highest
pkg:maven/org.clojure/tools.macro@0.1.5 (Confidence :High) Description:
A Clojure reader in Clojure License:
Eclipse Public License 1.0: https://opensource.org/license/epl-1-0/ File Path: /root/.m2/repository/org/clojure/tools.reader/1.4.2/tools.reader-1.4.2.jar
MD5: a5d9105334797b9c1bdfcc7c1f24665e
SHA1: 5900b6ac80d561cd2e71f19dc878aba03fa977ef
SHA256: 5dc0702625e3d829a4a957355c7cbf966cd4470086494eb6169e6ca86543e881
Referenced In Project/Scope: i2kfs:compile
tools.reader-1.4.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/i2kconnect/i2kfs@1.5.0-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name tools.reader High Vendor pom artifactid tools.reader Highest Vendor pom artifactid tools.reader Low Vendor pom developer id Bronsa Medium Vendor pom developer name Nicola Mometto Medium Vendor pom groupid org.clojure Highest Vendor pom name tools.reader High Vendor pom parent-artifactid pom.contrib Low Vendor pom url clojure/tools.reader Highest Product file name tools.reader High Product pom artifactid tools.reader Highest Product pom developer id Bronsa Low Product pom developer name Nicola Mometto Low Product pom groupid org.clojure Highest Product pom name tools.reader High Product pom parent-artifactid pom.contrib Medium Product pom url clojure/tools.reader High Version file version 1.4.2 High Version pom parent-version 1.4.2 Low Version pom version 1.4.2 Highest
pkg:maven/org.clojure/tools.reader@1.4.2 (Confidence :High) Description:
Micro toolkit for Clojure/Script errors. License:
Eclipse Public License - v 1.0: https://www.eclipse.org/legal/epl-v10.html File Path: /root/.m2/repository/com/taoensso/truss/2.3.0/truss-2.3.0.jar
MD5: 6152bdc2b7af135dc64990783213ba7a
SHA1: f6ee83fd5648411486353c236c909f238bb06e6c
SHA256: bc551ce3c8fb21608084733139e169a92c597b1783d48fb84a73d54f13141c7c
Referenced In Project/Scope: i2kfs:compile
truss-2.3.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.taoensso/timbre@6.7.1
Evidence Type Source Name Value Confidence Vendor file name truss High Vendor Manifest leiningen-project-artifactid truss Low Vendor pom artifactid truss Highest Vendor pom artifactid truss Low Vendor pom groupid com.taoensso Highest Vendor pom name truss High Vendor pom url https://www.taoensso.com/truss Highest Product file name truss High Product Manifest leiningen-project-artifactid truss Low Product pom artifactid truss Highest Product pom groupid com.taoensso Highest Product pom name truss High Product pom url https://www.taoensso.com/truss Medium Version file version 2.3.0 High Version Manifest leiningen-project-version 2.3.0 Medium Version pom version 2.3.0 Highest
pkg:maven/com.taoensso/truss@2.3.0 (Confidence :High) Description:
Simple performance monitoring library for Clojure/Script License:
Eclipse Public License - v 1.0: https://www.eclipse.org/legal/epl-v10.html File Path: /root/.m2/repository/com/taoensso/tufte/3.0.1/tufte-3.0.1.jar
MD5: 562d4c35dc1794e20e6348412170fc06
SHA1: 39e729330c137a063a9c757f5eb3a17d33bc0e81
SHA256: db77b5b11db8ac6101b2fe8ce1dbd5163b974f4b38bddff359250b9624a76f16
Referenced In Project/Scope: i2kfs:compile
tufte-3.0.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/i2kconnect/i2kopenid@0.8.0-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name tufte High Vendor Manifest leiningen-project-artifactid tufte Low Vendor pom artifactid tufte Highest Vendor pom artifactid tufte Low Vendor pom groupid com.taoensso Highest Vendor pom name tufte High Vendor pom url taoensso/tufte Highest Product file name tufte High Product Manifest leiningen-project-artifactid tufte Low Product pom artifactid tufte Highest Product pom groupid com.taoensso Highest Product pom name tufte High Product pom url taoensso/tufte High Version file version 3.0.1 High Version Manifest leiningen-project-version 3.0.1 Medium Version pom version 3.0.1 Highest
pkg:maven/com.taoensso/tufte@3.0.1 (Confidence :High) File Path: /root/.m2/repository/software/amazon/awssdk/utils/2.20.150/utils-2.20.150.jarMD5: 1f3c595e538c7922121ccc9c96af4d9bSHA1: df0509f49760b7e4645105caeca5ae46b5468a55SHA256: 9bf5b6e2f3bcfb4df12cc313c351c83afa1ea93f4cfd95b59cff2333db921c05Referenced In Project/Scope: i2kfs:compileutils-2.20.150.jar is in the transitive dependency tree of the listed items. Included by:
Evidence Type Source Name Value Confidence Vendor file name utils High Vendor jar package name amazon Highest Vendor jar package name awssdk Highest Vendor jar package name software Highest Vendor jar package name utils Highest Vendor Manifest automatic-module-name software.amazon.awssdk.utils Medium Vendor Manifest build-jdk-spec 1.8 Low Vendor pom artifactid utils Highest Vendor pom artifactid utils Low Vendor pom groupid software.amazon.awssdk Highest Vendor pom name AWS Java SDK :: Utilities High Vendor pom parent-artifactid aws-sdk-java-pom Low Product file name utils High Product jar package name amazon Highest Product jar package name awssdk Highest Product jar package name software Highest Product jar package name utils Highest Product Manifest automatic-module-name software.amazon.awssdk.utils Medium Product Manifest build-jdk-spec 1.8 Low Product pom artifactid utils Highest Product pom groupid software.amazon.awssdk Highest Product pom name AWS Java SDK :: Utilities High Product pom parent-artifactid aws-sdk-java-pom Medium Version file version 2.20.150 High Version pom version 2.20.150 Highest
Description:
WinDPAPI4J is a Java Native Access(JNA)- based wrapper
for Microsoft Windows Data Protection API (DPAPI)
CryptProtectData and CryptUnprotectData methods.
License:
LGPL-3.0: https://opensource.org/licenses/LGPL-3.0 File Path: /root/.m2/repository/com/github/peter-gergely-horvath/windpapi4j/1.1.0/windpapi4j-1.1.0.jar
MD5: b2ec35a19ba36ac32aed9ba5de1b19bd
SHA1: 7b24737770959b57e457b23b883bff05c9ed0ec8
SHA256: 87934ed08c5c165f70156223b334c448dc37efe631cd838669123380feb8bd79
Referenced In Project/Scope: i2kfs:compile
windpapi4j-1.1.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/i2kconnect/i2kfs@1.5.0-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name windpapi4j High Vendor jar package name github Highest Vendor jar package name windpapi4j Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor pom artifactid windpapi4j Highest Vendor pom artifactid windpapi4j Low Vendor pom developer id peter-gergely-horvath Medium Vendor pom developer name Peter G. Horvath Medium Vendor pom groupid com.github.peter-gergely-horvath Highest Vendor pom name WinDPAPI4J: A Windows DPAPI Wrapper for Java High Vendor pom url peter-gergely-horvath/windpapi4j Highest Product file name windpapi4j High Product jar package name github Highest Product jar package name windpapi4j Highest Product Manifest build-jdk-spec 1.8 Low Product pom artifactid windpapi4j Highest Product pom developer id peter-gergely-horvath Low Product pom developer name Peter G. Horvath Low Product pom groupid com.github.peter-gergely-horvath Highest Product pom name WinDPAPI4J: A Windows DPAPI Wrapper for Java High Product pom url peter-gergely-horvath/windpapi4j High Version file version 1.1.0 High Version pom version 1.1.0 Highest
pkg:maven/com.github.peter-gergely-horvath/windpapi4j@1.1.0 (Confidence :High) Description:
XZ data compression License:
0BSD File Path: /root/.m2/repository/org/tukaani/xz/1.10/xz-1.10.jar
MD5: 56e3fd256e5423a74393bd5eaa5302bb
SHA1: 1be8166f89e035a56c6bfc67dbc423996fe577e2
SHA256: 95c63c1a55b22dd6453890a419cc1a640f790bbf7d8ae82db1e30aefefb08888
Referenced In Project/Scope: i2kfs:compile
xz-1.10.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/i2kconnect/i2kconfig@0.14.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name xz High Vendor jar package name org Highest Vendor jar package name tukaani Highest Vendor jar package name xz Highest Vendor Manifest build-jdk-spec 21 Low Vendor Manifest bundle-copyright The XZ for Java authors and contributors Low Vendor Manifest bundle-docurl https://tukaani.org/xz/xz-javadoc/ Low Vendor Manifest bundle-symbolicname org.tukaani.xz Medium Vendor Manifest implementation-url https://tukaani.org/xz/java.html Low Vendor Manifest multi-release true Low Vendor pom artifactid xz Highest Vendor pom artifactid xz Low Vendor pom developer email lasse.collin@tukaani.org Low Vendor pom developer name Lasse Collin Medium Vendor pom groupid org.tukaani Highest Vendor pom name XZ for Java High Vendor pom url https://tukaani.org/xz/java.html Highest Product file name xz High Product jar package name org Highest Product jar package name tukaani Highest Product jar package name xz Highest Product Manifest build-jdk-spec 21 Low Product Manifest bundle-copyright The XZ for Java authors and contributors Low Product Manifest bundle-docurl https://tukaani.org/xz/xz-javadoc/ Low Product Manifest Bundle-Name XZ data compression Medium Product Manifest bundle-symbolicname org.tukaani.xz Medium Product Manifest Implementation-Title XZ data compression High Product Manifest implementation-url https://tukaani.org/xz/java.html Low Product Manifest multi-release true Low Product pom artifactid xz Highest Product pom developer email lasse.collin@tukaani.org Low Product pom developer name Lasse Collin Low Product pom groupid org.tukaani Highest Product pom name XZ for Java High Product pom url https://tukaani.org/xz/java.html Medium Version file version 1.10 High Version Manifest Bundle-Version 1.10 High Version Manifest Implementation-Version 1.10 High Version pom version 1.10 Highest
pkg:maven/org.tukaani/xz@1.10 (Confidence :High) Description:
Zipkin (Parent) License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/io/zipkin/zipkin2/zipkin/2.27.1/zipkin-2.27.1.jar
MD5: 54846e186402b398fe57424b523033d9
SHA1: 74b5227ae2fe515217107fd228707e4d960ec3ec
SHA256: 44722e8540c25cde3dc2aac2625adddb590b34778fdd85f455f96c5e11eb03df
Referenced In Project/Scope: i2kfs:compile
zipkin-2.27.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/i2kconnect/i2kconfig@0.14.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name zipkin High Vendor jar package name zipkin2 Highest Vendor Manifest automatic-module-name zipkin2 Medium Vendor Manifest build-jdk-spec 11 Low Vendor Manifest bundle-docurl http://zipkin.io/ Low Vendor Manifest bundle-symbolicname io.zipkin.zipkin2.zipkin Medium Vendor pom artifactid zipkin Highest Vendor pom artifactid zipkin Low Vendor pom groupid io.zipkin.zipkin2 Highest Vendor pom name Zipkin Core Library High Vendor pom parent-artifactid zipkin-parent Low Vendor pom parent-groupid io.zipkin Medium Product file name zipkin High Product jar package name zipkin2 Highest Product Manifest automatic-module-name zipkin2 Medium Product Manifest build-jdk-spec 11 Low Product Manifest bundle-docurl http://zipkin.io/ Low Product Manifest Bundle-Name Zipkin Core Library Medium Product Manifest bundle-symbolicname io.zipkin.zipkin2.zipkin Medium Product pom artifactid zipkin Highest Product pom groupid io.zipkin.zipkin2 Highest Product pom name Zipkin Core Library High Product pom parent-artifactid zipkin-parent Medium Product pom parent-groupid io.zipkin Medium Version file version 2.27.1 High Version Manifest Bundle-Version 2.27.1 High Version pom version 2.27.1 Highest
pkg:maven/io.zipkin.zipkin2/zipkin@2.27.1 (Confidence :High) Description:
Zipkin Reporter (Parent) License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/io/zipkin/reporter2/zipkin-reporter/3.3.0/zipkin-reporter-3.3.0.jar
MD5: 4881a4ea28dfd9e01e033a28164a1041
SHA1: f411ca1b401b91fe0f0f22e4c16f164a12a39143
SHA256: a86c76d2bb0b331aacd360e0a4987f734851cc63df42bc1634c118a04b21bdff
Referenced In Project/Scope: i2kfs:compile
zipkin-reporter-3.3.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/i2kconnect/i2kconfig@0.14.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name zipkin-reporter High Vendor jar package name reporter Highest Vendor jar package name zipkin2 Highest Vendor Manifest automatic-module-name zipkin2.reporter Medium Vendor Manifest build-jdk-spec 11 Low Vendor Manifest bundle-docurl https://zipkin.io/ Low Vendor Manifest bundle-symbolicname io.zipkin.reporter2.zipkin-reporter Medium Vendor pom artifactid zipkin-reporter Highest Vendor pom artifactid zipkin-reporter Low Vendor pom groupid io.zipkin.reporter2 Highest Vendor pom name Zipkin Reporter: Core High Vendor pom parent-artifactid zipkin-reporter-parent Low Product file name zipkin-reporter High Product jar package name reporter Highest Product jar package name zipkin2 Highest Product Manifest automatic-module-name zipkin2.reporter Medium Product Manifest build-jdk-spec 11 Low Product Manifest bundle-docurl https://zipkin.io/ Low Product Manifest Bundle-Name Zipkin Reporter: Core Medium Product Manifest bundle-symbolicname io.zipkin.reporter2.zipkin-reporter Medium Product pom artifactid zipkin-reporter Highest Product pom groupid io.zipkin.reporter2 Highest Product pom name Zipkin Reporter: Core High Product pom parent-artifactid zipkin-reporter-parent Medium Version file version 3.3.0 High Version Manifest Bundle-Version 3.3.0 High Version pom version 3.3.0 Highest
pkg:maven/io.zipkin.reporter2/zipkin-reporter@3.3.0 (Confidence :High) Description:
Zipkin Reporter (Parent) License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /root/.m2/repository/io/zipkin/reporter2/zipkin-sender-okhttp3/3.3.0/zipkin-sender-okhttp3-3.3.0.jar
MD5: aa10cf7b9279167e28966a29b2585332
SHA1: 9d4a3ad6a0e7a28f7f0934c70a85212bcf1ce188
SHA256: 428ab0edbaf87010c8b7c59ec1d790e1b1f81625739ceef5a0d65b04935bdbcb
Referenced In Project/Scope: i2kfs:runtime
zipkin-sender-okhttp3-3.3.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/i2kconnect/i2kconfig@0.14.1-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name zipkin-sender-okhttp3 High Vendor jar package name okhttp3 Highest Vendor jar package name reporter Highest Vendor jar package name zipkin2 Highest Vendor Manifest automatic-module-name zipkin2.reporter.okhttp3 Medium Vendor Manifest build-jdk-spec 11 Low Vendor Manifest bundle-docurl https://zipkin.io/ Low Vendor Manifest bundle-symbolicname io.zipkin.reporter2.zipkin-sender-okhttp3 Medium Vendor pom artifactid zipkin-sender-okhttp3 Highest Vendor pom artifactid zipkin-sender-okhttp3 Low Vendor pom groupid io.zipkin.reporter2 Highest Vendor pom name Zipkin Sender: OkHttp 3 High Vendor pom parent-artifactid zipkin-reporter-parent Low Product file name zipkin-sender-okhttp3 High Product jar package name okhttp3 Highest Product jar package name reporter Highest Product jar package name zipkin2 Highest Product Manifest automatic-module-name zipkin2.reporter.okhttp3 Medium Product Manifest build-jdk-spec 11 Low Product Manifest bundle-docurl https://zipkin.io/ Low Product Manifest Bundle-Name Zipkin Sender: OkHttp 3 Medium Product Manifest bundle-symbolicname io.zipkin.reporter2.zipkin-sender-okhttp3 Medium Product pom artifactid zipkin-sender-okhttp3 Highest Product pom groupid io.zipkin.reporter2 Highest Product pom name Zipkin Sender: OkHttp 3 High Product pom parent-artifactid zipkin-reporter-parent Medium Version file version 3.3.0 High Version Manifest Bundle-Version 3.3.0 High Version pom version 3.3.0 Highest
pkg:maven/io.zipkin.reporter2/zipkin-sender-okhttp3@3.3.0 (Confidence :High)