Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies;
false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and
the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties,
implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided
is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever
arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
Scan Information (
show all ):
dependency-check version : 6.1.6Report Generated On : Fri, 19 Nov 2021 08:42:05 GMTDependencies Scanned : 30 (29 unique)Vulnerable Dependencies : 5 Vulnerabilities Found : 6Vulnerabilities Suppressed : 0... NVD CVE Checked : 2021-11-19T08:37:57NVD CVE Modified : 2021-11-19T06:00:02VersionCheckOn : 2021-11-19T08:37:57Summary Display:
Showing Vulnerable Dependencies (click to show all) Dependencies Description:
Types that extend and augment the Java Collections Framework. License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/commons-collections/commons-collections/3.2.2/commons-collections-3.2.2.jar
MD5: f54a8510f834a1a57166970bfc982e94
SHA1: 8ad72fe39fa8c91eaaf12aadb21e0c3661fe26d5
SHA256: eeeae917917144a68a741d4c0dff66aa5c5c5fd85593ff217bced3fc8ca783b8
Referenced In Project/Scope: Link Handler:compile
Evidence Type Source Name Value Confidence Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.3))" Low Vendor Manifest bundle-docurl http://commons.apache.org/collections/ Low Vendor pom parent-groupid org.apache.commons Medium Vendor pom url http://commons.apache.org/collections/ Highest Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest implementation-build tags/COLLECTIONS_3_2_2_RC3@r1714131; 2015-11-13 00:09:45+0100 Low Vendor jar package name commons Highest Vendor jar package name collections Highest Vendor jar package name apache Highest Vendor file name commons-collections High Vendor Manifest implementation-url http://commons.apache.org/collections/ Low Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor pom name Apache Commons Collections High Vendor Manifest bundle-symbolicname org.apache.commons.collections Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom groupid commons-collections Highest Vendor pom artifactid commons-collections Low Vendor pom parent-artifactid commons-parent Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.3))" Low Product Manifest bundle-docurl http://commons.apache.org/collections/ Low Product pom parent-groupid org.apache.commons Medium Product pom artifactid commons-collections Highest Product Manifest Implementation-Title Apache Commons Collections High Product Manifest implementation-build tags/COLLECTIONS_3_2_2_RC3@r1714131; 2015-11-13 00:09:45+0100 Low Product Manifest Bundle-Name Apache Commons Collections Medium Product jar package name commons Highest Product jar package name collections Highest Product pom url http://commons.apache.org/collections/ Medium Product jar package name apache Highest Product file name commons-collections High Product Manifest implementation-url http://commons.apache.org/collections/ Low Product pom parent-artifactid commons-parent Medium Product Manifest specification-title Apache Commons Collections Medium Product pom name Apache Commons Collections High Product Manifest bundle-symbolicname org.apache.commons.collections Medium Product pom groupid commons-collections Highest Version pom version 3.2.2 Highest Version file version 3.2.2 High Version Manifest Bundle-Version 3.2.2 High Version pom parent-version 3.2.2 Low Version Manifest Implementation-Version 3.2.2 High
Description:
The Apache Commons IO library contains utility classes, stream implementations, file filters,
file comparators, endian transformation classes, and much more.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/commons-io/commons-io/2.5/commons-io-2.5.jar
MD5: e2d74794fba570ec2115fb9d5b05dc9b
SHA1: 2852e6e05fbb95076fc091f6d1780f1f8fe35e0f
SHA256: a10418348d234968600ccb1d988efcbbd08716e1d96936ccc1880e7d22513474
Referenced In Project/Scope: Link Handler:compile
Evidence Type Source Name Value Confidence Vendor pom url http://commons.apache.org/proper/commons-io/ Highest Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor Manifest bundle-docurl http://commons.apache.org/proper/commons-io/ Low Vendor file name commons-io High Vendor pom parent-groupid org.apache.commons Medium Vendor Manifest implementation-build tags/commons-io-2.5@r1739098; 2016-04-14 09:19:54-0400 Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest implementation-url http://commons.apache.org/proper/commons-io/ Low Vendor pom name Apache Commons IO High Vendor jar package name commons Highest Vendor Manifest bundle-symbolicname org.apache.commons.io Medium Vendor jar package name apache Highest Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor pom groupid commons-io Highest Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor jar package name io Highest Vendor pom artifactid commons-io Low Vendor pom parent-artifactid commons-parent Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product Manifest bundle-docurl http://commons.apache.org/proper/commons-io/ Low Product file name commons-io High Product pom parent-groupid org.apache.commons Medium Product pom artifactid commons-io Highest Product Manifest implementation-build tags/commons-io-2.5@r1739098; 2016-04-14 09:19:54-0400 Low Product Manifest implementation-url http://commons.apache.org/proper/commons-io/ Low Product pom name Apache Commons IO High Product Manifest specification-title Apache Commons IO Medium Product jar package name commons Highest Product Manifest bundle-symbolicname org.apache.commons.io Medium Product Manifest Implementation-Title Apache Commons IO High Product jar package name apache Highest Product pom parent-artifactid commons-parent Medium Product pom groupid commons-io Highest Product jar package name io Highest Product Manifest Bundle-Name Apache Commons IO Medium Product pom url http://commons.apache.org/proper/commons-io/ Medium Version pom parent-version 2.5 Low Version Manifest Implementation-Version 2.5 High Version pom version 2.5 Highest Version file version 2.5 High
Published Vulnerabilities CVE-2021-29425 suppress
In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value. CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N References:
Vulnerable Software & Versions: (show all )
Description:
Apache Commons Lang, a package of Java utility classes for the
classes that are in java.lang's hierarchy, or are considered to be so
standard as to justify existence in java.lang.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/apache/commons/commons-lang3/3.6/commons-lang3-3.6.jar
MD5: 5d18f68b5122fd398c118df53ab4cf55
SHA1: 9d28a6b23650e8a7e9063c04588ace6cf7012c17
SHA256: 89c27f03fff18d0b06e7afd7ef25e209766df95b6c1269d6c3ebbdea48d5f284
Referenced In Project/Scope: Link Handler:compile
Evidence Type Source Name Value Confidence Vendor pom parent-groupid org.apache.commons Medium Vendor pom artifactid commons-lang3 Low Vendor Manifest bundle-docurl http://commons.apache.org/proper/commons-lang/ Low Vendor pom url http://commons.apache.org/proper/commons-lang/ Highest Vendor Manifest bundle-symbolicname org.apache.commons.lang3 Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor file name commons-lang3 High Vendor jar package name lang3 Highest Vendor jar package name commons Highest Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Vendor Manifest automatic-module-name org.apache.commons.lang3 Medium Vendor jar package name apache Highest Vendor pom name Apache Commons Lang High Vendor Manifest implementation-url http://commons.apache.org/proper/commons-lang/ Low Vendor pom groupid apache.commons Highest Vendor Manifest Implementation-Vendor-Id org.apache.commons Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom groupid org.apache.commons Highest Vendor pom parent-artifactid commons-parent Low Product pom parent-groupid org.apache.commons Medium Product Manifest bundle-docurl http://commons.apache.org/proper/commons-lang/ Low Product Manifest bundle-symbolicname org.apache.commons.lang3 Medium Product Manifest Implementation-Title Apache Commons Lang High Product Manifest specification-title Apache Commons Lang Medium Product file name commons-lang3 High Product jar package name lang3 Highest Product jar package name commons Highest Product pom artifactid commons-lang3 Highest Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Product Manifest automatic-module-name org.apache.commons.lang3 Medium Product jar package name apache Highest Product pom name Apache Commons Lang High Product Manifest implementation-url http://commons.apache.org/proper/commons-lang/ Low Product Manifest Bundle-Name Apache Commons Lang Medium Product pom groupid apache.commons Highest Product pom parent-artifactid commons-parent Medium Product pom url http://commons.apache.org/proper/commons-lang/ Medium Version file version 3.6 High Version pom version 3.6 Highest Version Manifest Implementation-Version 3.6 High Version pom parent-version 3.6 Low
Description:
Guava is a suite of core and expanded libraries that include
utility classes, google's collections, io classes, and much
much more.
Guava has two code dependencies - javax.annotation
per the JSR-305 spec and javax.inject per the JSR-330 spec.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/com/google/guava/guava/15.0/guava-15.0.jar
MD5: 2c10bb2ca3ac8b55b0e77e54a7eb3744
SHA1: ed727a8d9f247e2050281cb083f1c77b09dcb5cd
SHA256: 7a34575770eebc60a5476616e3676a6cb6f2975c78c415e2a6014ac724ba5783
Referenced In Project/Scope: Link Handler:compile
Evidence Type Source Name Value Confidence Vendor jar package name google Highest Vendor pom artifactid guava Low Vendor pom parent-artifactid guava-parent Low Vendor pom groupid com.google.guava Highest Vendor pom groupid google.guava Highest Vendor file name guava High Vendor pom name Guava: Google Core Libraries for Java High Vendor Manifest bundle-symbolicname com.google.guava Medium Vendor pom parent-groupid com.google.guava Medium Product jar package name google Highest Product pom artifactid guava Highest Product pom groupid google.guava Highest Product file name guava High Product Manifest Bundle-Name Guava: Google Core Libraries for Java Medium Product pom parent-artifactid guava-parent Medium Product pom name Guava: Google Core Libraries for Java High Product Manifest bundle-symbolicname com.google.guava Medium Product pom parent-groupid com.google.guava Medium Version pom version 15.0 Highest Version file version 15.0 High
Published Vulnerabilities CVE-2018-10237 suppress
Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable. CWE-770 Allocation of Resources Without Limits or Throttling
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H References:
CONFIRM - https://groups.google.com/d/topic/guava-announce/xqWALw4W1vs/discussion MISC - https://www.oracle.com/security-alerts/cpujan2021.html MISC - https://www.oracle.com/security-alerts/cpujul2020.html MISC - https://www.oracle.com/security-alerts/cpuoct2021.html MLIST - [activemq-gitbox] 20190530 [GitHub] [activemq-artemis] brusdev opened a new pull request #2687: ARTEMIS-2359 Upgrade to Guava 24.1 MLIST - [activemq-issues] 20190516 [jira] [Created] (AMQ-7208) Security Issue related to Guava 18.0 MLIST - [activemq-issues] 20190820 [jira] [Created] (AMQ-7279) Security Vulnerabilities in Libraries - jackson-databind-2.9.8.jar, tomcat-servlet-api-8.0.53.jar, tomcat-websocket-api-8.0.53.jar, zookeeper-3.4.6.jar, guava-18.0.jar, jetty-all-9.2.26.v20180806.jar, scala-library-2.11.0.jar MLIST - [arrow-github] 20210610 [GitHub] [arrow] projjal opened a new pull request #10501: ARROW-13032: Update guava version MLIST - [cassandra-commits] 20190612 [jira] [Assigned] (CASSANDRA-14760) CVE-2018-10237 Security vulnerability in 3.11.3 MLIST - [cxf-dev] 20200206 [GitHub] [cxf] davidkarlsen opened a new pull request #638: upgrade guava, CVE-2018-10237 MLIST - [cxf-dev] 20200206 [GitHub] [cxf] reta commented on a change in pull request #638: upgrade guava, CVE-2018-10237 MLIST - [cxf-dev] 20200211 [GitHub] [cxf] coheigea commented on a change in pull request #638: upgrade guava, CVE-2018-10237 MLIST - [cxf-dev] 20200420 [GitHub] [cxf] andrei-ivanov commented on a change in pull request #638: upgrade guava, CVE-2018-10237 MLIST - [cxf-dev] 20200420 [GitHub] [cxf] coheigea commented on a change in pull request #638: upgrade guava, CVE-2018-10237 MLIST - [cxf-dev] 20200420 [GitHub] [cxf] reta commented on a change in pull request #638: upgrade guava, CVE-2018-10237 MLIST - [drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities MLIST - [drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities MLIST - [drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities MLIST - [flink-dev] 20200806 Dependency vulnerabilities with Apache Flink 1.10.1 version MLIST - [flink-dev] 20200806 [jira] [Created] (FLINK-18841) CVE-2018-10237 and CWE-400 occurred in flink dependency MLIST - [flink-issues] 20200806 [jira] [Created] (FLINK-18841) CVE-2018-10237 and CWE-400 occurred in flink dependency MLIST - [flink-issues] 20200814 [jira] [Commented] (FLINK-18841) CVE-2018-10237 and CWE-400 occurred in flink dependency MLIST - [flink-issues] 20210212 [jira] [Closed] (FLINK-18841) CVE-2018-10237 and CWE-400 occurred in flink dependency MLIST - [flink-user] 20200806 Dependency vulnerabilities with Apache Flink 1.10.1 version MLIST - [hadoop-common-dev] 20190401 Update guava to 27.0-jre in hadoop-project MLIST - [hadoop-common-dev] 20200623 Update guava to 27.0-jre in hadoop branch-2.10 MLIST - [hadoop-hdfs-dev] 20190401 Update guava to 27.0-jre in hadoop-project MLIST - [kafka-users] 20200413 CVEs for the dependency software guava and rocksdbjni of Kafka MLIST - [lucene-issues] 20201022 [jira] [Created] (SOLR-14960) Solr-clustering is bringing in CVE-2018-10237 vulnerable guava MLIST - [lucene-issues] 20201022 [jira] [Resolved] (SOLR-14960) Solr-clustering is bringing in CVE-2018-10237 vulnerable guava MLIST - [lucene-issues] 20201022 [jira] [Updated] (SOLR-14960) Solr-clustering is bringing in CVE-2018-10237 vulnerable guava MLIST - [maven-issues] 20210122 [GitHub] [maven-indexer] akurtakov opened a new pull request #75: Remove guava dependency from indexer-core MLIST - [pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1 MLIST - [pulsar-commits] 20210406 [GitHub] [pulsar] lhotari opened a new pull request #10149: Upgrade jclouds to 2.3.0 to fix security vulnerabilities MLIST - [samza-commits] 20210310 [GitHub] [samza] Telesia opened a new pull request #1471: SAMZA-2630: Upgrade dependencies for security fixes MLIST - [storm-issues] 20210315 [jira] [Created] (STORM-3754) Upgrade Guava version because of security vulnerability MLIST - [syncope-dev] 20200423 Re: Time to cut 2.1.6 / 2.0.15? N/A - N/A OSSINDEX - [CVE-2018-10237] Deserialization of Untrusted Data REDHAT - RHSA-2018:2423 REDHAT - RHSA-2018:2424 REDHAT - RHSA-2018:2425 REDHAT - RHSA-2018:2428 REDHAT - RHSA-2018:2598 REDHAT - RHSA-2018:2643 REDHAT - RHSA-2018:2740 REDHAT - RHSA-2018:2741 REDHAT - RHSA-2018:2742 REDHAT - RHSA-2018:2743 REDHAT - RHSA-2018:2927 REDHAT - RHSA-2019:2858 REDHAT - RHSA-2019:3149 SECTRACK - 1041707 Vulnerable Software & Versions: (show all )
CVE-2020-8908 suppress
A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in question has been marked @Deprecated in versions 30.0 and later and should not be used. For Android developers, we recommend choosing a temporary directory API provided by Android, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime's java.io.tmpdir system property to point to a location whose permissions are appropriately configured. CWE-732 Incorrect Permission Assignment for Critical Resource
CVSSv2:
Base Score: LOW (2.1) Vector: /AV:L/AC:L/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: LOW (3.3) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N References:
Vulnerable Software & Versions: (show all )
Description:
Functionality shared by the handler implementations. License:
"The Apache Software License, Version 2.0";link="http://www.apache.org/licenses/LICENSE-2.0.txt" File Path: /home/runner/.m2/repository/io/wcm/io.wcm.handler.commons/1.4.0/io.wcm.handler.commons-1.4.0.jar
MD5: 22d3937da67bf428d8fafec31bb66666
SHA1: 3d49669d3abe379dad3cd42dee94f1c2ed81cd92
SHA256: b9aff5dff0d2226cb4ce008b286a08d6f2f7684c97f4ab7bdf6e5df228fc4af9
Referenced In Project/Scope: Link Handler:compile
Evidence Type Source Name Value Confidence Vendor pom name Handler Commons High Vendor file name io.wcm.handler.commons High Vendor jar package name handler Highest Vendor Manifest service-component OSGI-INF/io.wcm.handler.commons.servlets.impl.HtxPageExtensionMapper.xml Low Vendor pom url ${site.url}/${site.url.module.prefix}/ Highest Vendor jar package name wcm Highest Vendor Manifest build-jdk-spec 11 Low Vendor pom artifactid io.wcm.handler.commons Low Vendor Manifest bundle-docurl https://wcm.io/handler/commons/ Low Vendor jar package name commons Highest Vendor pom groupid io.wcm Highest Vendor Manifest require-capability osgi.extender;filter:="(&(osgi.extender=osgi.component)(version>=1.4.0)(!(version>=2.0.0)))",osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor pom parent-artifactid io.wcm.handler.parent Low Vendor Manifest bundle-symbolicname io.wcm.handler.commons Medium Vendor jar package name io Highest Vendor Manifest provide-capability osgi.service;objectClass:List="javax.servlet.Servlet";uses:="javax.servlet" Low Product pom name Handler Commons High Product file name io.wcm.handler.commons High Product jar package name handler Highest Product Manifest service-component OSGI-INF/io.wcm.handler.commons.servlets.impl.HtxPageExtensionMapper.xml Low Product jar package name wcm Highest Product Manifest build-jdk-spec 11 Low Product pom parent-artifactid io.wcm.handler.parent Medium Product Manifest bundle-docurl https://wcm.io/handler/commons/ Low Product Manifest Bundle-Name wcm.io Handler Commons Medium Product jar package name commons Highest Product pom groupid io.wcm Highest Product Manifest require-capability osgi.extender;filter:="(&(osgi.extender=osgi.component)(version>=1.4.0)(!(version>=2.0.0)))",osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product pom url ${site.url}/${site.url.module.prefix}/ Medium Product Manifest bundle-symbolicname io.wcm.handler.commons Medium Product jar package name io Highest Product Manifest provide-capability osgi.service;objectClass:List="javax.servlet.Servlet";uses:="javax.servlet" Low Product pom artifactid io.wcm.handler.commons Highest Version Manifest Bundle-Version 1.4.0 High Version pom version 1.4.0 Highest Version file version 1.4.0 High
Description:
Media resolving, processing and markup generation. License:
"The Apache Software License, Version 2.0";link="http://www.apache.org/licenses/LICENSE-2.0.txt" File Path: /home/runner/.m2/repository/io/wcm/io.wcm.handler.media/1.13.2/io.wcm.handler.media-1.13.2.jar
MD5: 434473b6ca4f1022863a1788efbacfae
SHA1: 56f73ab89900a21b07097c28f1d900f8169b02a9
SHA256: 2d788352849a6056b53bb073833c0598cfa5f56b1b82012792f640afc9f2f5f2
Referenced In Project/Scope: Link Handler:compile
Evidence Type Source Name Value Confidence Vendor jar package name handler Highest Vendor Manifest sling-initial-content SLING-INF/app-root;overwrite:=true;ignoreImportProviders:=xml;path:=/apps/wcm-io/handler/media Low Vendor pom artifactid io.wcm.handler.media Low Vendor pom url ${site.url}/${site.url.module.prefix}/ Highest Vendor Manifest require-capability osgi.service;filter:="(objectClass=com.adobe.granite.workflow.collection.ResourceCollectionManager)";effective:=active,osgi.service;filter:="(objectClass=com.day.cq.dam.api.handler.store.AssetStore)";effective:=active,osgi.service;filter:="(objectClass=com.day.cq.dam.api.s7dam.utils.PublishUtils)";effective:=active,osgi.service;filter:="(objectClass=io.wcm.handler.media.spi.MediaFormatProvider)";effective:=active;resolution:=optional;cardinality:=multiple,osgi.service;filter:="(objectClass=io.wcm.handler.mediasource.dam.impl.metadata.AssetSynchonizationService)";effective:=active,osgi.service;filter:="(objectClass=io.wcm.sling.commons.caservice.ContextAwareServiceResolver)";effective:=active,osgi.service;filter:="(objectClass=org.apache.sling.api.resource.ResourceResolverFactory)";effective:=active,osgi.service;filter:="(objectClass=org.apache.sling.featureflags.Features)";effective:=active,osgi.service;filter:="(objectClass=org.apache.sling.settings.SlingSettingsService)";effective:=active,osgi.extender;filter:="(&(osgi.extender=osgi.component)(version>=1.4.0)(!(version>=2.0.0)))",osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor Manifest sling-namespaces wcmio=http://wcm.io/ns Medium Vendor Manifest bundle-symbolicname io.wcm.handler.media Medium Vendor jar package name media Highest Vendor jar package name wcm Highest Vendor Manifest build-jdk-spec 11 Low Vendor Manifest provide-capability osgi.service;objectClass:List="com.adobe.granite.workflow.exec.WorkflowProcess";uses:="com.adobe.granite.workflow.exec",osgi.service;objectClass:List="io.wcm.handler.media.format.MediaFormatProviderManager";uses:="io.wcm.handler.media.format",osgi.service;objectClass:List="io.wcm.handler.media.spi.MediaHandlerConfig";uses:="io.wcm.handler.media.spi",osgi.service;objectClass:List="io.wcm.handler.mediasource.dam.impl.dynamicmedia.DynamicMediaSupportService";uses:="io.wcm.handler.mediasource.dam.impl.dynamicmedia",osgi.service;objectClass:List="io.wcm.handler.mediasource.dam.impl.metadata.AssetSynchonizationService";uses:="io.wcm.handler.mediasource.dam.impl.metadata",osgi.service;objectClass:List="javax.servlet.Filter";uses:="javax.servlet",osgi.service;objectClass:List="javax.servlet.Servlet";uses:="javax.servlet",osgi.service;objectClass:List="org.apache.sling.api.adapter.AdapterFactory";uses:="org.apache.sling.api.adapter",osgi.service;objectClass:List="org.apache.sling.spi.resource.provider.ResourceProvider";uses:="org.apache.sling.spi.resource.provider",osgi.service;objectClass:List="org.osgi.service.event.EventHandler";uses:="org.osgi.service.event" Low Vendor pom name Media Handler High Vendor Manifest bundle-docurl https://wcm.io/handler/media/ Low Vendor pom groupid io.wcm Highest Vendor pom parent-artifactid io.wcm.handler.parent Low Vendor jar package name io Highest Vendor Manifest service-component OSGI-INF/io.wcm.handler.media.format.impl.DefaultMediaFormatListProvider.xml,OSGI-INF/io.wcm.handler.media.format.impl.MediaFormatProviderManagerImpl.xml,OSGI-INF/com.day.cq.dam.core.impl.servlet.DamContentDispositionFilter.xml,OSGI-INF/io.wcm.handler.media.impl.DefaultMediaHandlerConfig.xml,OSGI-INF/io.wcm.handler.media.impl.DummyImageServlet.xml,OSGI-INF/io.wcm.handler.media.impl.ImageFileServlet.xml,OSGI-INF/io.wcm.handler.media.impl.InlineImageAuthorPreviewServlet.xml,OSGI-INF/io.wcm.handler.media.impl.MediaFileServlet.xml,OSGI-INF/io.wcm.handler.media.impl.MediaFormatValidateServlet.xml,OSGI-INF/io.wcm.handler.media.impl.MediaHandlerConfigAdapterFactory.xml,OSGI-INF/io.wcm.handler.media.impl.ipeconfig.IPEConfigResourceProvider.xml,OSGI-INF/io.wcm.handler.mediasource.dam.impl.dynamicmedia.DynamicMediaSupportServiceImpl.xml,OSGI-INF/io.wcm.handler.mediasource.dam.impl.metadata.AssetSynchonizationService.xml,OSGI-INF/io.wcm.handler.mediasource.dam.impl.metadata.RenditionMetadataListenerService.xml,OSGI-INF/io.wcm.handler.mediasource.dam.impl.metadata.RenditionMetadataWorkflowProcess.xml Low Vendor file name io.wcm.handler.media High Product jar package name handler Highest Product Manifest sling-initial-content SLING-INF/app-root;overwrite:=true;ignoreImportProviders:=xml;path:=/apps/wcm-io/handler/media Low Product Manifest Bundle-Name wcm.io Media Handler Medium Product Manifest require-capability osgi.service;filter:="(objectClass=com.adobe.granite.workflow.collection.ResourceCollectionManager)";effective:=active,osgi.service;filter:="(objectClass=com.day.cq.dam.api.handler.store.AssetStore)";effective:=active,osgi.service;filter:="(objectClass=com.day.cq.dam.api.s7dam.utils.PublishUtils)";effective:=active,osgi.service;filter:="(objectClass=io.wcm.handler.media.spi.MediaFormatProvider)";effective:=active;resolution:=optional;cardinality:=multiple,osgi.service;filter:="(objectClass=io.wcm.handler.mediasource.dam.impl.metadata.AssetSynchonizationService)";effective:=active,osgi.service;filter:="(objectClass=io.wcm.sling.commons.caservice.ContextAwareServiceResolver)";effective:=active,osgi.service;filter:="(objectClass=org.apache.sling.api.resource.ResourceResolverFactory)";effective:=active,osgi.service;filter:="(objectClass=org.apache.sling.featureflags.Features)";effective:=active,osgi.service;filter:="(objectClass=org.apache.sling.settings.SlingSettingsService)";effective:=active,osgi.extender;filter:="(&(osgi.extender=osgi.component)(version>=1.4.0)(!(version>=2.0.0)))",osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product Manifest sling-namespaces wcmio=http://wcm.io/ns Medium Product jar package name media Highest Product Manifest bundle-symbolicname io.wcm.handler.media Medium Product jar package name wcm Highest Product Manifest build-jdk-spec 11 Low Product pom parent-artifactid io.wcm.handler.parent Medium Product Manifest provide-capability osgi.service;objectClass:List="com.adobe.granite.workflow.exec.WorkflowProcess";uses:="com.adobe.granite.workflow.exec",osgi.service;objectClass:List="io.wcm.handler.media.format.MediaFormatProviderManager";uses:="io.wcm.handler.media.format",osgi.service;objectClass:List="io.wcm.handler.media.spi.MediaHandlerConfig";uses:="io.wcm.handler.media.spi",osgi.service;objectClass:List="io.wcm.handler.mediasource.dam.impl.dynamicmedia.DynamicMediaSupportService";uses:="io.wcm.handler.mediasource.dam.impl.dynamicmedia",osgi.service;objectClass:List="io.wcm.handler.mediasource.dam.impl.metadata.AssetSynchonizationService";uses:="io.wcm.handler.mediasource.dam.impl.metadata",osgi.service;objectClass:List="javax.servlet.Filter";uses:="javax.servlet",osgi.service;objectClass:List="javax.servlet.Servlet";uses:="javax.servlet",osgi.service;objectClass:List="org.apache.sling.api.adapter.AdapterFactory";uses:="org.apache.sling.api.adapter",osgi.service;objectClass:List="org.apache.sling.spi.resource.provider.ResourceProvider";uses:="org.apache.sling.spi.resource.provider",osgi.service;objectClass:List="org.osgi.service.event.EventHandler";uses:="org.osgi.service.event" Low Product pom name Media Handler High Product Manifest bundle-docurl https://wcm.io/handler/media/ Low Product pom artifactid io.wcm.handler.media Highest Product pom groupid io.wcm Highest Product pom url ${site.url}/${site.url.module.prefix}/ Medium Product jar package name io Highest Product Manifest service-component OSGI-INF/io.wcm.handler.media.format.impl.DefaultMediaFormatListProvider.xml,OSGI-INF/io.wcm.handler.media.format.impl.MediaFormatProviderManagerImpl.xml,OSGI-INF/com.day.cq.dam.core.impl.servlet.DamContentDispositionFilter.xml,OSGI-INF/io.wcm.handler.media.impl.DefaultMediaHandlerConfig.xml,OSGI-INF/io.wcm.handler.media.impl.DummyImageServlet.xml,OSGI-INF/io.wcm.handler.media.impl.ImageFileServlet.xml,OSGI-INF/io.wcm.handler.media.impl.InlineImageAuthorPreviewServlet.xml,OSGI-INF/io.wcm.handler.media.impl.MediaFileServlet.xml,OSGI-INF/io.wcm.handler.media.impl.MediaFormatValidateServlet.xml,OSGI-INF/io.wcm.handler.media.impl.MediaHandlerConfigAdapterFactory.xml,OSGI-INF/io.wcm.handler.media.impl.ipeconfig.IPEConfigResourceProvider.xml,OSGI-INF/io.wcm.handler.mediasource.dam.impl.dynamicmedia.DynamicMediaSupportServiceImpl.xml,OSGI-INF/io.wcm.handler.mediasource.dam.impl.metadata.AssetSynchonizationService.xml,OSGI-INF/io.wcm.handler.mediasource.dam.impl.metadata.RenditionMetadataListenerService.xml,OSGI-INF/io.wcm.handler.mediasource.dam.impl.metadata.RenditionMetadataWorkflowProcess.xml Low Product file name io.wcm.handler.media High Product jar package name mediasource Highest Version pom version 1.13.2 Highest Version file version 1.13.2 High Version Manifest Bundle-Version 1.13.2 High Version pom parent-version 1.13.2 Low
File Path: /home/runner/.m2/repository/io/wcm/io.wcm.handler.media/1.13.2/io.wcm.handler.media-1.13.2.jar/SLING-INF/app-root/clientlibs/authoring/dialog/js/fileupload.jsMD5: 228b2fffc6abfcdd799e78898e1f99f0SHA1: fb786d6d24f5a9e073922bf44124c2d220f26eb4SHA256: ce8922cde6eb4f852d6303d70d68ee5465eb8fca64ca98a4eb5f394c67c68565Referenced In Project/Scope: Link Handler:compile
Evidence Type Source Name Value Confidence
File Path: /home/runner/.m2/repository/io/wcm/io.wcm.handler.media/1.13.2/io.wcm.handler.media-1.13.2.jar/SLING-INF/app-root/clientlibs/authoring/dialog/js/mediaFormatValidate.jsMD5: d651e04f32fb3bb0fced07ed1a2005fcSHA1: dea24b24548036a6996bc1136ca199801bf77f61SHA256: f717ede12e856a344c5aecd4dc56da7f369a0f109f74bdf2f372b5b18131583fReferenced In Project/Scope: Link Handler:compile
Evidence Type Source Name Value Confidence
File Path: /home/runner/.m2/repository/io/wcm/io.wcm.handler.media/1.13.2/io.wcm.handler.media-1.13.2.jar/SLING-INF/app-root/clientlibs/authoring/dialog/js/namespace.jsMD5: 1ee97355e0dea2b938d18b793ee3afcbSHA1: db8dcc1d4119b2318d6e9b82a535acd358623efbSHA256: f394f7656cfdb529859443f44bde815af90197ff886a25b09e35a840fc505f9aReferenced In Project/Scope: Link Handler:compile
Evidence Type Source Name Value Confidence
File Path: /home/runner/.m2/repository/io/wcm/io.wcm.handler.media/1.13.2/io.wcm.handler.media-1.13.2.jar/SLING-INF/app-root/clientlibs/authoring/dialog/js/pathfield.jsMD5: d8bdda5721510948d2a115432a45a19aSHA1: 592bba9dae3da6ab12020e0c2b3173446e3b5ac6SHA256: 20a9cbff936311f0e1cb5b3d1ad385508bab22788cdc15c9e94338f26fe8a236Referenced In Project/Scope: Link Handler:compile
Evidence Type Source Name Value Confidence
File Path: /home/runner/.m2/repository/io/wcm/io.wcm.handler.media/1.13.2/io.wcm.handler.media-1.13.2.jar/SLING-INF/app-root/clientlibs/authoring/dialog/js/validation.jsMD5: c8ce854cad6f2376a0cf0e04bd298808SHA1: 60e641d95e570022dd82aaa25fa8ff8922cebdbfSHA256: 98755c24e6772dfdc4cf8e8ff5e51e0ef98008371b715ae4677dd1df1dae2138Referenced In Project/Scope: Link Handler:compile
Evidence Type Source Name Value Confidence
Description:
URL resolving and processing. License:
"The Apache Software License, Version 2.0";link="http://www.apache.org/licenses/LICENSE-2.0.txt" File Path: /home/runner/.m2/repository/io/wcm/io.wcm.handler.url/1.5.0/io.wcm.handler.url-1.5.0.jar
MD5: 71c8fbc9068e8fa2365c2897687dd9a1
SHA1: 411ab342f4196616d1971183da506dd0219379b4
SHA256: 29f0d878ab856a4e8117527e32f86c00a67fb5014ca58faac6fa8d75ef1bf68a
Referenced In Project/Scope: Link Handler:compile
Evidence Type Source Name Value Confidence Vendor jar package name handler Highest Vendor pom artifactid io.wcm.handler.url Low Vendor pom url ${site.url}/${site.url.module.prefix}/ Highest Vendor jar package name wcm Highest Vendor Manifest build-jdk-spec 11 Low Vendor Manifest provide-capability osgi.service;objectClass:List="io.wcm.handler.url.SiteRootDetector";uses:="io.wcm.handler.url",osgi.service;objectClass:List="io.wcm.handler.url.impl.clientlib.ClientlibProxyRewriter";uses:="io.wcm.handler.url.impl.clientlib",osgi.service;objectClass:List="io.wcm.handler.url.spi.UrlHandlerConfig";uses:="io.wcm.handler.url.spi",osgi.service;objectClass:List="org.apache.sling.api.adapter.AdapterFactory";uses:="org.apache.sling.api.adapter",osgi.service;objectClass:List="org.apache.sling.rewriter.TransformerFactory";uses:="org.apache.sling.rewriter" Low Vendor Manifest bundle-symbolicname io.wcm.handler.url Medium Vendor Manifest require-capability osgi.service;filter:="(objectClass=io.wcm.handler.url.SiteRootDetector)";effective:=active,osgi.service;filter:="(objectClass=io.wcm.sling.commons.caservice.ContextAwareServiceResolver)";effective:=active,osgi.service;filter:="(objectClass=org.apache.sling.api.resource.ResourceResolverFactory)";effective:=active,osgi.service;filter:="(objectClass=org.apache.sling.caconfig.resource.ConfigurationResourceResolver)";effective:=active,osgi.extender;filter:="(&(osgi.extender=osgi.component)(version>=1.4.0)(!(version>=2.0.0)))",osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor Manifest service-component OSGI-INF/io.wcm.handler.url.impl.DefaultUrlHandlerConfig.xml,OSGI-INF/io.wcm.handler.url.impl.SiteRootDetectorImpl.xml,OSGI-INF/io.wcm.handler.url.impl.UrlHandlerAdapterFactory.xml,OSGI-INF/io.wcm.handler.url.impl.clientlib.ClientlibProxyRewriterImpl.xml,OSGI-INF/io.wcm.handler.url.rewriter.impl.UrlExternalizerTransformerFactory.xml Low Vendor pom groupid io.wcm Highest Vendor Manifest bundle-docurl https://wcm.io/handler/url/ Low Vendor pom parent-artifactid io.wcm.handler.parent Low Vendor jar package name io Highest Vendor jar package name url Highest Vendor file name io.wcm.handler.url High Vendor Manifest sling-initial-content SLING-INF/app-root;overwrite:=true;ignoreImportProviders:=xml;path:=/apps/wcm-io/handler/url Low Vendor pom name URL Handler High Product jar package name handler Highest Product Manifest Bundle-Name wcm.io URL Handler Medium Product jar package name wcm Highest Product Manifest build-jdk-spec 11 Low Product pom artifactid io.wcm.handler.url Highest Product pom parent-artifactid io.wcm.handler.parent Medium Product Manifest provide-capability osgi.service;objectClass:List="io.wcm.handler.url.SiteRootDetector";uses:="io.wcm.handler.url",osgi.service;objectClass:List="io.wcm.handler.url.impl.clientlib.ClientlibProxyRewriter";uses:="io.wcm.handler.url.impl.clientlib",osgi.service;objectClass:List="io.wcm.handler.url.spi.UrlHandlerConfig";uses:="io.wcm.handler.url.spi",osgi.service;objectClass:List="org.apache.sling.api.adapter.AdapterFactory";uses:="org.apache.sling.api.adapter",osgi.service;objectClass:List="org.apache.sling.rewriter.TransformerFactory";uses:="org.apache.sling.rewriter" Low Product Manifest bundle-symbolicname io.wcm.handler.url Medium Product Manifest require-capability osgi.service;filter:="(objectClass=io.wcm.handler.url.SiteRootDetector)";effective:=active,osgi.service;filter:="(objectClass=io.wcm.sling.commons.caservice.ContextAwareServiceResolver)";effective:=active,osgi.service;filter:="(objectClass=org.apache.sling.api.resource.ResourceResolverFactory)";effective:=active,osgi.service;filter:="(objectClass=org.apache.sling.caconfig.resource.ConfigurationResourceResolver)";effective:=active,osgi.extender;filter:="(&(osgi.extender=osgi.component)(version>=1.4.0)(!(version>=2.0.0)))",osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product Manifest service-component OSGI-INF/io.wcm.handler.url.impl.DefaultUrlHandlerConfig.xml,OSGI-INF/io.wcm.handler.url.impl.SiteRootDetectorImpl.xml,OSGI-INF/io.wcm.handler.url.impl.UrlHandlerAdapterFactory.xml,OSGI-INF/io.wcm.handler.url.impl.clientlib.ClientlibProxyRewriterImpl.xml,OSGI-INF/io.wcm.handler.url.rewriter.impl.UrlExternalizerTransformerFactory.xml Low Product pom groupid io.wcm Highest Product Manifest bundle-docurl https://wcm.io/handler/url/ Low Product pom url ${site.url}/${site.url.module.prefix}/ Medium Product jar package name url Highest Product jar package name io Highest Product file name io.wcm.handler.url High Product Manifest sling-initial-content SLING-INF/app-root;overwrite:=true;ignoreImportProviders:=xml;path:=/apps/wcm-io/handler/url Low Product pom name URL Handler High Version Manifest Bundle-Version 1.5.0 High Version pom parent-version 1.5.0 Low Version pom version 1.5.0 Highest Version file version 1.5.0 High
Description:
Common Sling utility and helper functions. License:
"The Apache Software License, Version 2.0";link="http://www.apache.org/licenses/LICENSE-2.0.txt" File Path: /home/runner/.m2/repository/io/wcm/io.wcm.sling.commons/1.4.0/io.wcm.sling.commons-1.4.0.jar
MD5: d62de019c010f8bc770e3779c2ef9b77
SHA1: 57bab1d2edf776d551f5c994b705add0fda569b7
SHA256: a6fcc35671f64d43f0a4253340e01655694a8e7fa60aed781410e9440dc053b2
Referenced In Project/Scope: Link Handler:compile
Evidence Type Source Name Value Confidence Vendor Manifest provide-capability osgi.service;objectClass:List="io.wcm.sling.commons.caservice.ContextAwareServiceResolver";uses:="io.wcm.sling.commons.caservice",osgi.service;objectClass:List="io.wcm.sling.commons.request.RequestContext,javax.servlet.Filter";uses:="io.wcm.sling.commons.request,javax.servlet",osgi.service;objectClass:List="org.apache.felix.inventory.InventoryPrinter";uses:="org.apache.felix.inventory" Low Vendor pom url ${site.url}/${site.url.module.prefix}/ Highest Vendor Manifest bundle-symbolicname io.wcm.sling.commons Medium Vendor jar package name wcm Highest Vendor Manifest build-jdk-spec 11 Low Vendor Manifest require-capability osgi.service;filter:="(objectClass=io.wcm.sling.commons.caservice.ContextAwareServiceResolver)";effective:=active,osgi.service;filter:="(objectClass=io.wcm.sling.commons.caservice.PathPreprocessor)";effective:=active;resolution:=optional,osgi.extender;filter:="(&(osgi.extender=osgi.component)(version>=1.4.0)(!(version>=2.0.0)))",osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor jar package name sling Highest Vendor file name io.wcm.sling.commons High Vendor jar package name commons Highest Vendor pom name Sling Commons High Vendor pom groupid io.wcm Highest Vendor Manifest service-component OSGI-INF/io.wcm.sling.commons.caservice.impl.ContextAwareServiceInventoryPrinter.xml,OSGI-INF/io.wcm.sling.commons.caservice.impl.ContextAwareServiceResolverImpl.xml,OSGI-INF/io.wcm.sling.commons.request.impl.RequestContextFilterImpl.xml Low Vendor pom artifactid io.wcm.sling.commons Low Vendor Manifest bundle-docurl https://wcm.io/sling/commons/ Low Vendor jar package name io Highest Vendor pom parent-artifactid io.wcm.sling.parent Low Product Manifest provide-capability osgi.service;objectClass:List="io.wcm.sling.commons.caservice.ContextAwareServiceResolver";uses:="io.wcm.sling.commons.caservice",osgi.service;objectClass:List="io.wcm.sling.commons.request.RequestContext,javax.servlet.Filter";uses:="io.wcm.sling.commons.request,javax.servlet",osgi.service;objectClass:List="org.apache.felix.inventory.InventoryPrinter";uses:="org.apache.felix.inventory" Low Product Manifest bundle-symbolicname io.wcm.sling.commons Medium Product jar package name wcm Highest Product Manifest build-jdk-spec 11 Low Product pom artifactid io.wcm.sling.commons Highest Product Manifest require-capability osgi.service;filter:="(objectClass=io.wcm.sling.commons.caservice.ContextAwareServiceResolver)";effective:=active,osgi.service;filter:="(objectClass=io.wcm.sling.commons.caservice.PathPreprocessor)";effective:=active;resolution:=optional,osgi.extender;filter:="(&(osgi.extender=osgi.component)(version>=1.4.0)(!(version>=2.0.0)))",osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product Manifest Bundle-Name wcm.io Sling Commons Medium Product jar package name sling Highest Product file name io.wcm.sling.commons High Product jar package name commons Highest Product pom name Sling Commons High Product pom parent-artifactid io.wcm.sling.parent Medium Product pom groupid io.wcm Highest Product Manifest service-component OSGI-INF/io.wcm.sling.commons.caservice.impl.ContextAwareServiceInventoryPrinter.xml,OSGI-INF/io.wcm.sling.commons.caservice.impl.ContextAwareServiceResolverImpl.xml,OSGI-INF/io.wcm.sling.commons.request.impl.RequestContextFilterImpl.xml Low Product pom url ${site.url}/${site.url.module.prefix}/ Medium Product Manifest bundle-docurl https://wcm.io/sling/commons/ Low Product jar package name io Highest Version Manifest Bundle-Version 1.4.0 High Version pom version 1.4.0 Highest Version file version 1.4.0 High
Description:
AEM Object Injector for Sling Models. License:
"The Apache Software License, Version 2.0";link="http://www.apache.org/licenses/LICENSE-2.0.txt" File Path: /home/runner/.m2/repository/io/wcm/io.wcm.sling.models/1.6.0/io.wcm.sling.models-1.6.0.jar
MD5: 11233d382ac989a7c00b69fe6191d0cc
SHA1: 06a9483c7502638bc25552917a20cdfb904c34bb
SHA256: eb19e7903e1cb3c9d98f9d70d68b0687c82923b70a3d6f84f435b358223c64fa
Referenced In Project/Scope: Link Handler:compile
Evidence Type Source Name Value Confidence Vendor Manifest service-component OSGI-INF/io.wcm.sling.models.injectors.impl.AemObjectInjector.xml,OSGI-INF/io.wcm.sling.models.injectors.impl.ModelsImplConfiguration.xml,OSGI-INF/io.wcm.sling.models.injectors.impl.SlingObjectOverlayInjector.xml Low Vendor Manifest provide-capability osgi.service;objectClass:List="io.wcm.sling.models.injectors.impl.ModelsImplConfiguration";uses:="io.wcm.sling.models.injectors.impl",osgi.service;objectClass:List="org.apache.sling.models.spi.Injector,org.apache.sling.models.spi.injectorspecific.StaticInjectAnnotationProcessorFactory";uses:="org.apache.sling.models.spi,org.apache.sling.models.spi.injectorspecific" Low Vendor Manifest bundle-symbolicname io.wcm.sling.models Medium Vendor pom url ${site.url}/${site.url.module.prefix}/ Highest Vendor jar package name models Highest Vendor pom name AEM Sling Models Extensions High Vendor jar package name wcm Highest Vendor Manifest build-jdk-spec 11 Low Vendor Manifest bundle-docurl https://wcm.io/sling/models/ Low Vendor jar package name sling Highest Vendor pom groupid io.wcm Highest Vendor Manifest require-capability osgi.service;filter:="(objectClass=io.wcm.sling.commons.request.RequestContext)";effective:=active,osgi.service;filter:="(objectClass=io.wcm.sling.models.injectors.impl.ModelsImplConfiguration)";effective:=active,osgi.extender;filter:="(&(osgi.extender=osgi.component)(version>=1.4.0)(!(version>=2.0.0)))",osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor file name io.wcm.sling.models High Vendor jar package name io Highest Vendor pom parent-artifactid io.wcm.sling.parent Low Vendor pom artifactid io.wcm.sling.models Low Product pom artifactid io.wcm.sling.models Highest Product Manifest service-component OSGI-INF/io.wcm.sling.models.injectors.impl.AemObjectInjector.xml,OSGI-INF/io.wcm.sling.models.injectors.impl.ModelsImplConfiguration.xml,OSGI-INF/io.wcm.sling.models.injectors.impl.SlingObjectOverlayInjector.xml Low Product Manifest provide-capability osgi.service;objectClass:List="io.wcm.sling.models.injectors.impl.ModelsImplConfiguration";uses:="io.wcm.sling.models.injectors.impl",osgi.service;objectClass:List="org.apache.sling.models.spi.Injector,org.apache.sling.models.spi.injectorspecific.StaticInjectAnnotationProcessorFactory";uses:="org.apache.sling.models.spi,org.apache.sling.models.spi.injectorspecific" Low Product Manifest bundle-symbolicname io.wcm.sling.models Medium Product jar package name models Highest Product pom name AEM Sling Models Extensions High Product jar package name wcm Highest Product Manifest build-jdk-spec 11 Low Product Manifest bundle-docurl https://wcm.io/sling/models/ Low Product jar package name sling Highest Product pom parent-artifactid io.wcm.sling.parent Medium Product pom groupid io.wcm Highest Product Manifest require-capability osgi.service;filter:="(objectClass=io.wcm.sling.commons.request.RequestContext)";effective:=active,osgi.service;filter:="(objectClass=io.wcm.sling.models.injectors.impl.ModelsImplConfiguration)";effective:=active,osgi.extender;filter:="(&(osgi.extender=osgi.component)(version>=1.4.0)(!(version>=2.0.0)))",osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product file name io.wcm.sling.models High Product pom url ${site.url}/${site.url.module.prefix}/ Medium Product Manifest Bundle-Name wcm.io AEM Sling Models Extensions Medium Product jar package name io Highest Version pom version 1.6.0 Highest Version file version 1.6.0 High Version pom parent-version 1.6.0 Low Version Manifest Bundle-Version 1.6.0 High
Description:
Common WCM utility and helper functions. License:
"The Apache Software License, Version 2.0";link="http://www.apache.org/licenses/LICENSE-2.0.txt" File Path: /home/runner/.m2/repository/io/wcm/io.wcm.wcm.commons/1.9.0/io.wcm.wcm.commons-1.9.0.jar
MD5: 04799632ef83b8d9295c7328d5c0b247
SHA1: 15b79398cd63bbc02ff54a04a98cc04cc0b04d1c
SHA256: 98b6e6915fbba4d4642bbf6500d590c430765a1e28279e86fb63546b24a97e98
Referenced In Project/Scope: Link Handler:compile
Evidence Type Source Name Value Confidence Vendor Manifest bundle-symbolicname io.wcm.wcm.commons Medium Vendor pom url ${site.url}/${site.url.module.prefix}/ Highest Vendor Manifest require-capability osgi.service;filter:="(objectClass=org.apache.sling.api.resource.ResourceResolverFactory)";effective:=active,osgi.service;filter:="(objectClass=org.osgi.service.cm.ConfigurationAdmin)";effective:=active,osgi.extender;filter:="(&(osgi.extender=osgi.component)(version>=1.4.0)(!(version>=2.0.0)))",osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor Manifest sling-namespaces wcmio=http://wcm.io/ns Medium Vendor jar package name wcm Highest Vendor Manifest build-jdk-spec 11 Low Vendor file name io.wcm.wcm.commons High Vendor pom name WCM Commons High Vendor Manifest sling-initial-content SLING-INF/app-root;overwrite:=true;ignoreImportProviders:=xml;path:=/apps/wcm-io/wcm/commons Low Vendor jar package name commons Highest Vendor Manifest provide-capability osgi.service;objectClass:List="io.wcm.sling.commons.caservice.PathPreprocessor";uses:="io.wcm.sling.commons.caservice",osgi.service;objectClass:List="io.wcm.wcm.commons.bundleinfo.BundleInfoService";uses:="io.wcm.wcm.commons.bundleinfo",osgi.service;objectClass:List="io.wcm.wcm.commons.component.ComponentPropertyResolverFactory";uses:="io.wcm.wcm.commons.component",osgi.service;objectClass:List="io.wcm.wcm.commons.instancetype.InstanceTypeService";uses:="io.wcm.wcm.commons.instancetype" Low Vendor pom groupid io.wcm Highest Vendor Manifest service-component OSGI-INF/io.wcm.wcm.commons.bundleinfo.impl.BundleInfoServiceImpl.xml,OSGI-INF/io.wcm.wcm.commons.caservice.impl.WcmPathPreprocessor.xml,OSGI-INF/io.wcm.wcm.commons.component.impl.ComponentPropertyResolverFactoryImpl.xml,OSGI-INF/io.wcm.wcm.commons.instancetype.impl.InstanceTypeServiceImpl.xml Low Vendor pom artifactid io.wcm.wcm.commons Low Vendor jar package name io Highest Vendor Manifest bundle-docurl https://wcm.io/wcm/commons/ Low Vendor pom parent-artifactid io.wcm.wcm.parent Low Product Manifest bundle-symbolicname io.wcm.wcm.commons Medium Product pom parent-artifactid io.wcm.wcm.parent Medium Product Manifest require-capability osgi.service;filter:="(objectClass=org.apache.sling.api.resource.ResourceResolverFactory)";effective:=active,osgi.service;filter:="(objectClass=org.osgi.service.cm.ConfigurationAdmin)";effective:=active,osgi.extender;filter:="(&(osgi.extender=osgi.component)(version>=1.4.0)(!(version>=2.0.0)))",osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product Manifest sling-namespaces wcmio=http://wcm.io/ns Medium Product jar package name wcm Highest Product Manifest build-jdk-spec 11 Low Product file name io.wcm.wcm.commons High Product pom name WCM Commons High Product Manifest sling-initial-content SLING-INF/app-root;overwrite:=true;ignoreImportProviders:=xml;path:=/apps/wcm-io/wcm/commons Low Product Manifest Bundle-Name wcm.io WCM Commons Medium Product jar package name commons Highest Product Manifest provide-capability osgi.service;objectClass:List="io.wcm.sling.commons.caservice.PathPreprocessor";uses:="io.wcm.sling.commons.caservice",osgi.service;objectClass:List="io.wcm.wcm.commons.bundleinfo.BundleInfoService";uses:="io.wcm.wcm.commons.bundleinfo",osgi.service;objectClass:List="io.wcm.wcm.commons.component.ComponentPropertyResolverFactory";uses:="io.wcm.wcm.commons.component",osgi.service;objectClass:List="io.wcm.wcm.commons.instancetype.InstanceTypeService";uses:="io.wcm.wcm.commons.instancetype" Low Product Manifest service-component OSGI-INF/io.wcm.wcm.commons.bundleinfo.impl.BundleInfoServiceImpl.xml,OSGI-INF/io.wcm.wcm.commons.caservice.impl.WcmPathPreprocessor.xml,OSGI-INF/io.wcm.wcm.commons.component.impl.ComponentPropertyResolverFactoryImpl.xml,OSGI-INF/io.wcm.wcm.commons.instancetype.impl.InstanceTypeServiceImpl.xml Low Product pom groupid io.wcm Highest Product pom artifactid io.wcm.wcm.commons Highest Product pom url ${site.url}/${site.url.module.prefix}/ Medium Product jar package name io Highest Product Manifest bundle-docurl https://wcm.io/wcm/commons/ Low Version pom parent-version 1.9.0 Low Version pom version 1.9.0 Highest Version file version 1.9.0 High Version Manifest Bundle-Version 1.9.0 High
Description:
Granite UI Components for AEM Touch UI. License:
"The Apache Software License, Version 2.0";link="http://www.apache.org/licenses/LICENSE-2.0.txt" File Path: /home/runner/.m2/repository/io/wcm/io.wcm.wcm.ui.granite/1.8.0/io.wcm.wcm.ui.granite-1.8.0.jar
MD5: 6af6dbee86e9885d22ea6b5827397a8c
SHA1: 93944ff43600dd24d7257e13de9261e2973c3050
SHA256: e99d87ce7340396d8ebb6c68ed9d12119be6d398030f944249cbfa3fdb9eb006
Referenced In Project/Scope: Link Handler:compile
Evidence Type Source Name Value Confidence Vendor jar package name ui Highest Vendor Manifest bundle-docurl https://wcm.io/wcm/ui/granite/ Low Vendor pom url ${site.url}/${site.url.module.prefix}/ Highest Vendor Manifest require-capability osgi.service;filter:="(objectClass=com.adobe.granite.ui.components.ExpressionResolver)";effective:=active,osgi.service;filter:="(objectClass=com.day.cq.commons.predicate.PredicateProvider)";effective:=active,osgi.extender;filter:="(&(osgi.extender=osgi.component)(version>=1.4.0)(!(version>=2.0.0)))",osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor Manifest provide-capability osgi.service;objectClass:List="com.day.cq.wcm.emulator.EmulatorProvider";uses:="com.day.cq.wcm.emulator",osgi.service;objectClass:List="javax.servlet.Servlet";uses:="javax.servlet" Low Vendor jar package name wcm Highest Vendor Manifest build-jdk-spec 11 Low Vendor Manifest service-component OSGI-INF/io.wcm.wcm.ui.granite.emulator.impl.EmulatorProviderImpl.xml,OSGI-INF/io.wcm.wcm.ui.granite.pathfield.impl.PathFieldChildrenDatasourceServlet.xml Low Vendor pom name WCM Granite UI Extensions High Vendor file name io.wcm.wcm.ui.granite High Vendor pom groupid io.wcm Highest Vendor Manifest sling-initial-content SLING-INF/app-root;overwrite:=true;ignoreImportProviders:=xml;path:=/apps/wcm-io/wcm/ui/granite Low Vendor pom artifactid io.wcm.wcm.ui.granite Low Vendor jar package name io Highest Vendor pom parent-artifactid io.wcm.wcm.parent Low Vendor Manifest bundle-symbolicname io.wcm.wcm.ui.granite Medium Product pom artifactid io.wcm.wcm.ui.granite Highest Product pom parent-artifactid io.wcm.wcm.parent Medium Product Manifest Bundle-Name wcm.io WCM Granite UI Extensions Medium Product jar package name ui Highest Product Manifest bundle-docurl https://wcm.io/wcm/ui/granite/ Low Product Manifest require-capability osgi.service;filter:="(objectClass=com.adobe.granite.ui.components.ExpressionResolver)";effective:=active,osgi.service;filter:="(objectClass=com.day.cq.commons.predicate.PredicateProvider)";effective:=active,osgi.extender;filter:="(&(osgi.extender=osgi.component)(version>=1.4.0)(!(version>=2.0.0)))",osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product Manifest provide-capability osgi.service;objectClass:List="com.day.cq.wcm.emulator.EmulatorProvider";uses:="com.day.cq.wcm.emulator",osgi.service;objectClass:List="javax.servlet.Servlet";uses:="javax.servlet" Low Product jar package name wcm Highest Product Manifest build-jdk-spec 11 Low Product Manifest service-component OSGI-INF/io.wcm.wcm.ui.granite.emulator.impl.EmulatorProviderImpl.xml,OSGI-INF/io.wcm.wcm.ui.granite.pathfield.impl.PathFieldChildrenDatasourceServlet.xml Low Product pom name WCM Granite UI Extensions High Product file name io.wcm.wcm.ui.granite High Product pom groupid io.wcm Highest Product Manifest sling-initial-content SLING-INF/app-root;overwrite:=true;ignoreImportProviders:=xml;path:=/apps/wcm-io/wcm/ui/granite Low Product pom url ${site.url}/${site.url.module.prefix}/ Medium Product jar package name io Highest Product Manifest bundle-symbolicname io.wcm.wcm.ui.granite Medium Version pom parent-version 1.8.0 Low Version Manifest Bundle-Version 1.8.0 High Version pom version 1.8.0 Highest Version file version 1.8.0 High
File Path: /home/runner/.m2/repository/io/wcm/io.wcm.wcm.ui.granite/1.8.0/io.wcm.wcm.ui.granite-1.8.0.jar/SLING-INF/app-root/clientlibs/io.wcm.ui.granite.showhidedialogfields/js/showhide.jsMD5: 8dac12e53129a74b52cfad2a9b0e3da6SHA1: e7462e84281e399c1603d2f27ae18307568f0020SHA256: 15a10493faebc8f947792f91bdc29ae5af34e7e45fa318a851144982510be626Referenced In Project/Scope: Link Handler:compile
Evidence Type Source Name Value Confidence
File Path: /home/runner/.m2/repository/io/wcm/io.wcm.wcm.ui.granite/1.8.0/io.wcm.wcm.ui.granite-1.8.0.jar/SLING-INF/app-root/clientlibs/io.wcm.ui.granite.validation/js/validation.jsMD5: edad5110d166c768cd7f0fd2b4013d3bSHA1: 6a28b836ec56eff5783abf566825e876cf45b8a2SHA256: e2fc0a071a292fb9b3a9c9ce4d99081930519bbb6193d01ecd6f7e6418322364Referenced In Project/Scope: Link Handler:compile
Evidence Type Source Name Value Confidence
Description:
Core annotations used for value types, used by Jackson data binding package.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/com/fasterxml/jackson/core/jackson-annotations/2.8.4/jackson-annotations-2.8.4.jar
MD5: a6fb4d7dc1d1438e4053c6fa0459047a
SHA1: de3570327cf8d1d4f37920535c51a1f74225a6de
SHA256: 78a271fbb0899e2767231dcca81d4df4e346117441dbcafe983c173466baa5cb
Referenced In Project/Scope: Link Handler:compile
Evidence Type Source Name Value Confidence Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor pom groupid fasterxml.jackson.core Highest Vendor Manifest Implementation-Vendor FasterXML High Vendor pom parent-groupid com.fasterxml.jackson Medium Vendor pom groupid com.fasterxml.jackson.core Highest Vendor jar package name fasterxml Highest Vendor pom artifactid jackson-annotations Low Vendor pom parent-artifactid jackson-parent Low Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.core Medium Vendor Manifest bundle-docurl http://github.com/FasterXML/jackson Low Vendor pom url http://github.com/FasterXML/jackson Highest Vendor jar package name jackson Highest Vendor Manifest specification-vendor FasterXML Low Vendor Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-annotations Medium Vendor file name jackson-annotations High Vendor Manifest implementation-build-date 2016-10-14 03:45:33+0000 Low Vendor pom name Jackson-annotations High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product pom groupid fasterxml.jackson.core Highest Product pom parent-groupid com.fasterxml.jackson Medium Product pom parent-artifactid jackson-parent Medium Product hint analyzer product modules Highest Product hint analyzer product java8 Highest Product jar package name fasterxml Highest Product pom url http://github.com/FasterXML/jackson Medium Product Manifest bundle-docurl http://github.com/FasterXML/jackson Low Product jar package name jackson Highest Product Manifest Implementation-Title Jackson-annotations High Product Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-annotations Medium Product Manifest Bundle-Name Jackson-annotations Medium Product file name jackson-annotations High Product pom artifactid jackson-annotations Highest Product Manifest implementation-build-date 2016-10-14 03:45:33+0000 Low Product pom name Jackson-annotations High Product Manifest specification-title Jackson-annotations Medium Version pom parent-version 2.8.4 Low Version Manifest Implementation-Version 2.8.4 High Version Manifest Bundle-Version 2.8.4 High Version pom version 2.8.4 Highest Version file version 2.8.4 High
Published Vulnerabilities CVE-2018-1000873 suppress
Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Modules-Java8 that can result in Causes a denial-of-service (DoS). This attack appear to be exploitable via The victim deserializes malicious input, specifically very large values in the nanoseconds field of a time value. This vulnerability appears to have been fixed in 2.9.8. CWE-20 Improper Input Validation
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions: (show all )
Description:
Java(TM) Servlet 3.1 API Design Specification License:
CDDL + GPLv2 with classpath exception: https://glassfish.dev.java.net/nonav/public/CDDL+GPL.html File Path: /home/runner/.m2/repository/javax/servlet/javax.servlet-api/3.1.0/javax.servlet-api-3.1.0.jar
MD5: 79de69e9f5ed8c7fcb8342585732bbf7
SHA1: 3cd63d075497751784b2fa84be59432f4905bf7c
SHA256: af456b2dd41c4e82cf54f3e743bc678973d9fe35bd4d3071fa05c7e5333b8482
Referenced In Project/Scope: Link Handler:compile
Evidence Type Source Name Value Confidence Vendor pom groupid javax.servlet Highest Vendor pom organization name GlassFish Community High Vendor Manifest bundle-docurl https://glassfish.dev.java.net Low Vendor pom parent-groupid net.java Medium Vendor jar package name servlet Highest Vendor pom url http://servlet-spec.java.net Highest Vendor Manifest Implementation-Vendor-Id org.glassfish Medium Vendor file name javax.servlet-api High Vendor pom name Java Servlet API High Vendor Manifest extension-name javax.servlet Medium Vendor pom organization url https://glassfish.dev.java.net Medium Vendor jar package name javax Highest Vendor pom artifactid javax.servlet-api Low Vendor pom parent-artifactid jvnet-parent Low Vendor Manifest bundle-symbolicname javax.servlet-api Medium Vendor Manifest specification-vendor Oracle Corporation Low Vendor Manifest Implementation-Vendor GlassFish Community High Product pom artifactid javax.servlet-api Highest Product pom groupid javax.servlet Highest Product Manifest bundle-docurl https://glassfish.dev.java.net Low Product pom parent-groupid net.java Medium Product jar package name servlet Highest Product pom url http://servlet-spec.java.net Medium Product pom organization name GlassFish Community Low Product file name javax.servlet-api High Product pom name Java Servlet API High Product Manifest extension-name javax.servlet Medium Product pom organization url https://glassfish.dev.java.net Low Product jar package name javax Highest Product Manifest bundle-symbolicname javax.servlet-api Medium Product Manifest Bundle-Name Java Servlet API Medium Product pom parent-artifactid jvnet-parent Medium Version Manifest Implementation-Version 3.1.0 High Version pom parent-version 3.1.0 Low Version pom version 3.1.0 Highest Version file version 3.1.0 High Version Manifest Bundle-Version 3.1.0 High
Description:
The Content Repository API for JavaTM Technology Version 2.0 is specified by JSR-283.
This module contains the complete API as specified.
License:
Day Specification License: http://www.day.com/dam/day/downloads/jsr283/day-spec-license.htm
Day Specification License addendum: http://www.day.com/content/dam/day/downloads/jsr283/LICENSE.txt File Path: /home/runner/.m2/repository/javax/jcr/jcr/2.0/jcr-2.0.jar
MD5: ede5e78b16c8ed298ce0b6d296584ebd
SHA1: 08297216bcfe4aea369ed6ee0d1718133f752e97
SHA256: cbf083bc58cb88a0c19112187a4c52d3115f525b5bb7f2913635f5679e6e9743
Referenced In Project/Scope: Link Handler:compile
Evidence Type Source Name Value Confidence Vendor file name jcr High Vendor Manifest bundle-category jcr Low Vendor pom groupid javax.jcr Highest Vendor jar package name jcr Highest Vendor pom organization name Day Software High Vendor pom name Content Repository for JavaTM Technology API High Vendor jar package name version Highest Vendor Manifest bundle-symbolicname javax.jcr Medium Vendor Manifest bundle-docurl http://www.jcp.org/en/jsr/detail?id=283 Low Vendor pom url http://www.jcp.org/en/jsr/detail?id=283 Highest Vendor jar package name javax Highest Vendor pom organization url http://www.day.com Medium Vendor pom artifactid jcr Low Vendor jar package name repository Highest Product file name jcr High Product Manifest bundle-category jcr Low Product jar package name jcr Highest Product pom groupid javax.jcr Highest Product pom artifactid jcr Highest Product pom organization url http://www.day.com Low Product pom url http://www.jcp.org/en/jsr/detail?id=283 Medium Product pom name Content Repository for JavaTM Technology API High Product jar package name version Highest Product Manifest bundle-symbolicname javax.jcr Medium Product Manifest bundle-docurl http://www.jcp.org/en/jsr/detail?id=283 Low Product jar package name javax Highest Product Manifest Bundle-Name Content Repository for JavaTM Technology API Medium Product jar package name repository Highest Product pom organization name Day Software Low Version pom version 2.0 Highest Version file version 2.0 High Version Manifest Bundle-Version 2.0 High
Description:
A complete, Java-based solution for accessing, manipulating,
and outputting XML data
License:
Similar to Apache License but with the acknowledgment clause removed: https://raw.github.com/hunterhacker/jdom/master/LICENSE.txt File Path: /home/runner/.m2/repository/org/jdom/jdom2/2.0.6/jdom2-2.0.6.jar
MD5: 86a30c9b1ddc08ca155747890db423b7
SHA1: 6f14738ec2e9dd0011e343717fa624a10f8aab64
SHA256: 1345f11ba606d15603d6740551a8c21947c0215640770ec67271fe78bea97cf5
Referenced In Project/Scope: Link Handler:compile
Evidence Type Source Name Value Confidence Vendor pom groupid org.jdom Highest Vendor pom groupid jdom Highest Vendor file name jdom2 High Vendor manifest: org/jdom2/adapters/ Implementation-Vendor jdom.org Medium Vendor manifest: org/jdom2/xpath/ Implementation-Vendor jdom.org Medium Vendor jar package name jdom2 Highest Vendor pom organization url http://www.jdom.org Medium Vendor manifest: org/jdom2/input/ Implementation-Vendor jdom.org Medium Vendor pom name JDOM High Vendor manifest: org/jdom2/transform/ Implementation-Vendor jdom.org Medium Vendor pom organization name JDOM High Vendor pom url http://www.jdom.org Highest Vendor manifest: org/jdom2/filter/ Implementation-Vendor jdom.org Medium Vendor manifest: org/jdom2/ Implementation-Vendor jdom.org Medium Vendor manifest: org/jdom2/output/ Implementation-Vendor jdom.org Medium Vendor pom artifactid jdom2 Low Product manifest: org/jdom2/filter/ Implementation-Title org.jdom2.filter Medium Product manifest: org/jdom2/input/ Implementation-Title org.jdom2.input Medium Product manifest: org/jdom2/ Specification-Title JDOM Classes Medium Product pom url http://www.jdom.org Medium Product jar package name adapters Highest Product file name jdom2 High Product jar package name filter Highest Product manifest: org/jdom2/input/ Specification-Title JDOM Input Classes Medium Product manifest: org/jdom2/output/ Specification-Title JDOM Output Classes Medium Product manifest: org/jdom2/adapters/ Implementation-Title org.jdom2.adapters Medium Product pom organization url http://www.jdom.org Low Product manifest: org/jdom2/filter/ Specification-Title JDOM Filter Classes Medium Product manifest: org/jdom2/transform/ Implementation-Title org.jdom2.transform Medium Product jar package name transform Highest Product manifest: org/jdom2/xpath/ Implementation-Title org.jdom2.xpath Medium Product manifest: org/jdom2/ Implementation-Title org.jdom2 Medium Product pom groupid jdom Highest Product jar package name jdom2 Highest Product pom artifactid jdom2 Highest Product pom name JDOM High Product manifest: org/jdom2/xpath/ Specification-Title JDOM XPath Classes Medium Product manifest: org/jdom2/output/ Implementation-Title org.jdom2.output Medium Product manifest: org/jdom2/transform/ Specification-Title JDOM Transformation Classes Medium Product jar package name input Highest Product pom organization name JDOM Low Product jar package name output Highest Product jar package name xpath Highest Product manifest: org/jdom2/adapters/ Specification-Title JDOM Adapter Classes Medium Version pom version 2.0.6 Highest Version file version 2.0.6 High Version manifest: org/jdom2/filter/ Implementation-Version 2.0.6 Medium Version manifest: org/jdom2/adapters/ Implementation-Version 2.0.6 Medium Version manifest: org/jdom2/ Implementation-Version 2.0.6 Medium Version manifest: org/jdom2/input/ Implementation-Version 2.0.6 Medium Version manifest: org/jdom2/xpath/ Implementation-Version 2.0.6 Medium Version manifest: org/jdom2/output/ Implementation-Version 2.0.6 Medium Version manifest: org/jdom2/transform/ Implementation-Version 2.0.6 Medium
Related Dependencies io.wcm.handler.commons-1.4.0.jar: jdom2-2.0.6.jarFile Path: /home/runner/.m2/repository/io/wcm/io.wcm.handler.commons/1.4.0/io.wcm.handler.commons-1.4.0.jar/jdom2-2.0.6.jar MD5: 86a30c9b1ddc08ca155747890db423b7 SHA1: 6f14738ec2e9dd0011e343717fa624a10f8aab64 SHA256: 1345f11ba606d15603d6740551a8c21947c0215640770ec67271fe78bea97cf5 Published Vulnerabilities CVE-2021-33813 suppress
An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request. CWE-611 Improper Restriction of XML External Entity Reference ('XXE')
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions: (show all )
File Path: /home/runner/.m2/repository/javax/servlet/jsp/jsp-api/2.1/jsp-api-2.1.jarMD5: b8a34113a3a1ce29c8c60d7141f5a704SHA1: 63f943103f250ef1f3a4d5e94d145a0f961f5316SHA256: 545f4e7dc678ffb4cf8bd0fd40b4a4470a409a787c0ea7d0ad2f08d56112987bReferenced In Project/Scope: Link Handler:compile
Evidence Type Source Name Value Confidence Vendor Manifest specification-vendor Sun Microsystems, Inc. Low Vendor Manifest extension-name javax.servlet.jsp Medium Vendor pom groupid javax.servlet.jsp Highest Vendor jar package name javax Highest Vendor jar package name servlet Highest Vendor file name jsp-api High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest Implementation-Vendor Sun Microsystems, Inc. High Vendor jar package name jsp Highest Vendor pom artifactid jsp-api Low Product Manifest extension-name javax.servlet.jsp Medium Product Manifest specification-title JavaServer Pages(TM) Specification Medium Product pom groupid javax.servlet.jsp Highest Product pom artifactid jsp-api Highest Product jar package name javax Highest Product jar package name servlet Highest Product file name jsp-api High Product jar package name jsp Highest Version pom version 2.1 Highest Version file version 2.1 High Version Manifest Implementation-Version 2.1 High
Description:
Apache Sling Context-Aware Configuration API License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/apache/sling/org.apache.sling.caconfig.api/1.1.0/org.apache.sling.caconfig.api-1.1.0.jar
MD5: 231c80a8f980016d79f32ee99ad9e920
SHA1: 4a8674192c5da0d03d090e4dade5055b84aa0885
SHA256: dda109a6b232a7f92c042b5e15e7b381f27eebe3ce526aaed496892288516a4b
Referenced In Project/Scope: Link Handler:compile
Evidence Type Source Name Value Confidence Vendor pom groupid org.apache.sling Highest Vendor pom name Apache Sling Context-Aware Configuration API High Vendor pom artifactid apache.sling.caconfig.api Low Vendor Manifest bundle-docurl http://sling.apache.org Low Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.7 Low Vendor Manifest bundle-symbolicname org.apache.sling.caconfig.api Medium Vendor jar package name sling Highest Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Vendor jar package name apache Highest Vendor pom parent-artifactid sling Low Vendor jar package name caconfig Highest Vendor pom parent-groupid org.apache.sling Medium Vendor Manifest bundle-category sling Low Vendor pom groupid apache.sling Highest Vendor file name org.apache.sling.caconfig.api High Product pom name Apache Sling Context-Aware Configuration API High Product Manifest bundle-docurl http://sling.apache.org Low Product pom artifactid org.apache.sling.caconfig.api Highest Product Manifest bundle-requiredexecutionenvironment JavaSE-1.7 Low Product Manifest Bundle-Name Apache Sling Context-Aware Configuration API Medium Product Manifest bundle-symbolicname org.apache.sling.caconfig.api Medium Product jar package name sling Highest Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Product jar package name apache Highest Product jar package name caconfig Highest Product pom parent-groupid org.apache.sling Medium Product Manifest bundle-category sling Low Product pom groupid apache.sling Highest Product pom parent-artifactid sling Medium Product file name org.apache.sling.caconfig.api High Product pom artifactid apache.sling.caconfig.api Highest Version pom version 1.1.0 Highest Version file version 1.1.0 High Version pom parent-version 1.1.0 Low Version Manifest Bundle-Version 1.1.0 High
Published Vulnerabilities CVE-2015-2944 suppress
Multiple cross-site scripting (XSS) vulnerabilities in Apache Sling API before 2.2.2 and Apache Sling Servlets Post before 2.1.2 allow remote attackers to inject arbitrary web script or HTML via the URI, related to (1) org/apache/sling/api/servlets/HtmlResponse and (2) org/apache/sling/servlets/post/HtmlResponse. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N References:
Vulnerable Software & Versions: (show all )
Description:
OSGi Companion Code for org.osgi.framework Version 1.8.0. License:
Apache License, Version 2.0: http://opensource.org/licenses/apache2.0.php File Path: /home/runner/.m2/repository/org/osgi/org.osgi.framework/1.8.0/org.osgi.framework-1.8.0.jar
MD5: 1a40fb57099ef5530d25bc9600d509b1
SHA1: b54d03f9621136b7d9d93b5017b0a4fa490e78b0
SHA256: ec194b7871af27681716ff05259319a5c3c9b9727e8000e9e832499b93484b4e
Referenced In Project/Scope: Link Handler:compile
Evidence Type Source Name Value Confidence Vendor Manifest bundle-copyright Copyright (c) OSGi Alliance (2000, 2015). All Rights Reserved. Low Vendor pom groupid org.osgi Highest Vendor Manifest bundle-docurl http://www.osgi.org/ Low Vendor pom url http://www.osgi.org/ Highest Vendor Manifest git-descriptor hudson-build.cmpn-793 Low Vendor pom name org.osgi:org.osgi.framework High Vendor pom groupid osgi Highest Vendor file name org.osgi.framework High Vendor Manifest bundle-developers osgi; email=info@osgi.org; name="OSGi Alliance"; organization="OSGi Alliance" Low Vendor jar package name version Highest Vendor jar package name framework Highest Vendor pom organization name OSGi Alliance High Vendor pom organization url http://www.osgi.org/ Medium Vendor pom artifactid osgi.framework Low Vendor Manifest bundle-symbolicname org.osgi.framework Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low Vendor jar package name osgi Highest Vendor Manifest git-sha b0858c3b90a73ecc81055c7565fbbcbd4f76674e Low Product Manifest bundle-copyright Copyright (c) OSGi Alliance (2000, 2015). All Rights Reserved. Low Product Manifest bundle-docurl http://www.osgi.org/ Low Product jar package name filter Highest Product Manifest git-descriptor hudson-build.cmpn-793 Low Product pom name org.osgi:org.osgi.framework High Product pom groupid osgi Highest Product file name org.osgi.framework High Product pom organization url http://www.osgi.org/ Low Product jar package name version Highest Product Manifest bundle-developers osgi; email=info@osgi.org; name="OSGi Alliance"; organization="OSGi Alliance" Low Product pom url http://www.osgi.org/ Medium Product jar package name framework Highest Product pom artifactid org.osgi.framework Highest Product pom organization name OSGi Alliance Low Product Manifest bundle-symbolicname org.osgi.framework Medium Product Manifest Bundle-Name org.osgi:org.osgi.framework Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low Product pom artifactid osgi.framework Highest Product jar package name osgi Highest Product Manifest git-sha b0858c3b90a73ecc81055c7565fbbcbd4f76674e Low Version pom version 1.8.0 Highest Version file version 1.8.0 High
Description:
OSGi Companion Code for org.osgi.service.cm Version 1.6.0 License:
Apache-2.0: http://www.apache.org/licenses/LICENSE-2.0 File Path: /home/runner/.m2/repository/org/osgi/org.osgi.service.cm/1.6.0/org.osgi.service.cm-1.6.0.jar
MD5: b0756197dc4ce853b05e686ec0df8dbf
SHA1: f0c01d6da3799107b17f894ae7920cfd6fa69da6
SHA256: c1768352603abdeb18ca160ac8c712768f88d2e418fe4c5cf50845e783154233
Referenced In Project/Scope: Link Handler:compile
Evidence Type Source Name Value Confidence Vendor Manifest bundle-copyright Copyright (c) OSGi Alliance (2000, 2018). All Rights Reserved. Low Vendor pom groupid org.osgi Highest Vendor pom name org.osgi:org.osgi.service.cm High Vendor jar package name service Highest Vendor pom groupid osgi Highest Vendor file name org.osgi.service.cm High Vendor Manifest git-descriptor hudson-build.core-1432 Low Vendor Manifest bundle-symbolicname org.osgi.service.cm Medium Vendor jar package name cm Highest Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Vendor Manifest git-sha ac877b9fdaa36e26adb939cf9dd425e77243f449 Low Vendor Manifest bundle-docurl https://www.osgi.org/ Low Vendor pom organization name OSGi Alliance High Vendor pom url https://www.osgi.org/ Highest Vendor pom artifactid osgi.service.cm Low Vendor jar package name osgi Highest Vendor pom organization url https://www.osgi.org/ Medium Vendor Manifest bundle-developers osgi; email=info@osgi.org; name="OSGi Alliance"; organization="OSGi Alliance"; organizationUrl=https://www.osgi.org/ Low Product Manifest bundle-copyright Copyright (c) OSGi Alliance (2000, 2018). All Rights Reserved. Low Product pom name org.osgi:org.osgi.service.cm High Product pom organization url https://www.osgi.org/ Low Product jar package name service Highest Product pom artifactid osgi.service.cm Highest Product pom groupid osgi Highest Product Manifest Bundle-Name org.osgi:org.osgi.service.cm Medium Product file name org.osgi.service.cm High Product Manifest git-descriptor hudson-build.core-1432 Low Product Manifest bundle-symbolicname org.osgi.service.cm Medium Product jar package name cm Highest Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Product Manifest git-sha ac877b9fdaa36e26adb939cf9dd425e77243f449 Low Product Manifest bundle-docurl https://www.osgi.org/ Low Product pom organization name OSGi Alliance Low Product pom artifactid org.osgi.service.cm Highest Product pom url https://www.osgi.org/ Medium Product jar package name osgi Highest Product Manifest bundle-developers osgi; email=info@osgi.org; name="OSGi Alliance"; organization="OSGi Alliance"; organizationUrl=https://www.osgi.org/ Low Version pom version 1.6.0 Highest Version file version 1.6.0 High
Description:
OSGi Companion Code for org.osgi.util.tracker Version 1.5.1. License:
Apache License, Version 2.0: http://opensource.org/licenses/apache2.0.php File Path: /home/runner/.m2/repository/org/osgi/org.osgi.util.tracker/1.5.1/org.osgi.util.tracker-1.5.1.jar
MD5: fd34c8f47613e751a25aa7e627c7cc85
SHA1: 18c3821aa2e98b3e5aacf73b3833347a894a5053
SHA256: 5efad34ab9a7753dcde1415b62e6e21e4dec83dfad5a570df485c1b931c1ebed
Referenced In Project/Scope: Link Handler:compile
Evidence Type Source Name Value Confidence Vendor jar package name tracker Highest Vendor Manifest bundle-copyright Copyright (c) OSGi Alliance (2000, 2015). All Rights Reserved. Low Vendor pom groupid org.osgi Highest Vendor Manifest bundle-docurl http://www.osgi.org/ Low Vendor pom url http://www.osgi.org/ Highest Vendor pom artifactid osgi.util.tracker Low Vendor Manifest git-descriptor hudson-build.cmpn-793 Low Vendor pom groupid osgi Highest Vendor Manifest bundle-symbolicname org.osgi.util.tracker Medium Vendor pom name org.osgi:org.osgi.util.tracker High Vendor jar package name util Highest Vendor Manifest bundle-developers osgi; email=info@osgi.org; name="OSGi Alliance"; organization="OSGi Alliance" Low Vendor file name org.osgi.util.tracker High Vendor pom organization name OSGi Alliance High Vendor pom organization url http://www.osgi.org/ Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low Vendor jar package name osgi Highest Vendor Manifest git-sha b0858c3b90a73ecc81055c7565fbbcbd4f76674e Low Product jar package name tracker Highest Product Manifest bundle-copyright Copyright (c) OSGi Alliance (2000, 2015). All Rights Reserved. Low Product Manifest bundle-docurl http://www.osgi.org/ Low Product Manifest git-descriptor hudson-build.cmpn-793 Low Product pom groupid osgi Highest Product Manifest bundle-symbolicname org.osgi.util.tracker Medium Product pom organization url http://www.osgi.org/ Low Product pom name org.osgi:org.osgi.util.tracker High Product jar package name util Highest Product Manifest bundle-developers osgi; email=info@osgi.org; name="OSGi Alliance"; organization="OSGi Alliance" Low Product Manifest Bundle-Name org.osgi:org.osgi.util.tracker Medium Product pom url http://www.osgi.org/ Medium Product file name org.osgi.util.tracker High Product pom artifactid org.osgi.util.tracker Highest Product pom organization name OSGi Alliance Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low Product pom artifactid osgi.util.tracker Highest Product jar package name osgi Highest Product Manifest git-sha b0858c3b90a73ecc81055c7565fbbcbd4f76674e Low Version file version 1.5.1 High Version pom version 1.5.1 Highest
Description:
The slf4j API File Path: /home/runner/.m2/repository/org/slf4j/slf4j-api/1.7.25/slf4j-api-1.7.25.jarMD5: caafe376afb7086dcbee79f780394ca3SHA1: da76ca59f6a57ee3102f8f9bd9cee742973efa8aSHA256: 18c4a0095d5c1da6b817592e767bb23d29dd2f560ad74df75ff3961dbde25b79Referenced In Project/Scope: Link Handler:compile
Evidence Type Source Name Value Confidence Vendor jar package name slf4j Highest Vendor pom groupid org.slf4j Highest Vendor pom url http://www.slf4j.org Highest Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor pom artifactid slf4j-api Low Vendor pom parent-artifactid slf4j-parent Low Vendor pom parent-groupid org.slf4j Medium Vendor Manifest bundle-symbolicname slf4j.api Medium Vendor pom name SLF4J API Module High Vendor pom groupid slf4j Highest Vendor file name slf4j-api High Product pom artifactid slf4j-api Highest Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product pom parent-groupid org.slf4j Medium Product Manifest bundle-symbolicname slf4j.api Medium Product pom parent-artifactid slf4j-parent Medium Product pom groupid slf4j Highest Product pom url http://www.slf4j.org Medium Product jar package name slf4j Highest Product Manifest Bundle-Name slf4j-api Medium Product pom name SLF4J API Module High Product file name slf4j-api High Product Manifest Implementation-Title slf4j-api High Version pom version 1.7.25 Highest Version file version 1.7.25 High Version Manifest Bundle-Version 1.7.25 High Version Manifest Implementation-Version 1.7.25 High
File Path: /home/runner/work/wcm-io-handler/wcm-io-handler/link/src/main/webapp/app-root/clientlibs/authoring/dialog/js/validation.jsMD5: 60adc20bbff1f3503d5409665d6030daSHA1: 764dc6c771d6625870dbddac32074e63856a2cbfSHA256: d3ee0e4b2c43d5e45e65906a2086759ec22d282baa35e16bab6dc2e1ae971300Referenced In Project/Scope: Link Handler
Evidence Type Source Name Value Confidence