Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies;
false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and
the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties,
implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided
is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever
arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
Scan Information (
show all ):
dependency-check version : 6.1.6Report Generated On : Mon, 29 Nov 2021 19:04:00 GMTDependencies Scanned : 52 (51 unique)Vulnerable Dependencies : 8 Vulnerabilities Found : 12Vulnerabilities Suppressed : 0... NVD CVE Checked : 2021-11-29T19:03:50NVD CVE Modified : 2021-11-29T17:00:01VersionCheckOn : 2021-11-29T19:03:50Summary Display:
Showing Vulnerable Dependencies (click to show all) Dependencies commons-collections-3.2.2.jarDescription:
Types that extend and augment the Java Collections Framework. License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/commons-collections/commons-collections/3.2.2/commons-collections-3.2.2.jar
MD5: f54a8510f834a1a57166970bfc982e94
SHA1: 8ad72fe39fa8c91eaaf12aadb21e0c3661fe26d5
SHA256: eeeae917917144a68a741d4c0dff66aa5c5c5fd85593ff217bced3fc8ca783b8
Referenced In Project/Scope: Sample Application:compile
Evidence Type Source Name Value Confidence Vendor jar package name collections Highest Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.3))" Low Vendor pom parent-groupid org.apache.commons Medium Vendor pom name Apache Commons Collections High Vendor Manifest implementation-url http://commons.apache.org/collections/ Low Vendor jar package name apache Highest Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor jar package name commons Highest Vendor Manifest bundle-symbolicname org.apache.commons.collections Medium Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor file name commons-collections High Vendor pom groupid commons-collections Highest Vendor Manifest implementation-build tags/COLLECTIONS_3_2_2_RC3@r1714131; 2015-11-13 00:09:45+0100 Low Vendor pom parent-artifactid commons-parent Low Vendor pom url http://commons.apache.org/collections/ Highest Vendor pom artifactid commons-collections Low Vendor Manifest bundle-docurl http://commons.apache.org/collections/ Low Vendor Manifest specification-vendor The Apache Software Foundation Low Product jar package name collections Highest Product Manifest specification-title Apache Commons Collections Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.3))" Low Product pom parent-groupid org.apache.commons Medium Product pom name Apache Commons Collections High Product Manifest implementation-url http://commons.apache.org/collections/ Low Product jar package name apache Highest Product jar package name commons Highest Product Manifest bundle-symbolicname org.apache.commons.collections Medium Product file name commons-collections High Product pom groupid commons-collections Highest Product Manifest implementation-build tags/COLLECTIONS_3_2_2_RC3@r1714131; 2015-11-13 00:09:45+0100 Low Product pom url http://commons.apache.org/collections/ Medium Product pom parent-artifactid commons-parent Medium Product Manifest Bundle-Name Apache Commons Collections Medium Product Manifest bundle-docurl http://commons.apache.org/collections/ Low Product Manifest Implementation-Title Apache Commons Collections High Product pom artifactid commons-collections Highest Version pom parent-version 3.2.2 Low Version Manifest Implementation-Version 3.2.2 High Version Manifest Bundle-Version 3.2.2 High Version pom version 3.2.2 Highest Version file version 3.2.2 High
commons-io-2.5.jarDescription:
The Apache Commons IO library contains utility classes, stream implementations, file filters,
file comparators, endian transformation classes, and much more.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/commons-io/commons-io/2.5/commons-io-2.5.jar
MD5: e2d74794fba570ec2115fb9d5b05dc9b
SHA1: 2852e6e05fbb95076fc091f6d1780f1f8fe35e0f
SHA256: a10418348d234968600ccb1d988efcbbd08716e1d96936ccc1880e7d22513474
Referenced In Project/Scope: Sample Application:compile
Evidence Type Source Name Value Confidence Vendor Manifest implementation-build tags/commons-io-2.5@r1739098; 2016-04-14 09:19:54-0400 Low Vendor jar package name io Highest Vendor pom artifactid commons-io Low Vendor Manifest implementation-url http://commons.apache.org/proper/commons-io/ Low Vendor pom parent-groupid org.apache.commons Medium Vendor jar package name apache Highest Vendor Manifest bundle-docurl http://commons.apache.org/proper/commons-io/ Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom url http://commons.apache.org/proper/commons-io/ Highest Vendor file name commons-io High Vendor Manifest bundle-symbolicname org.apache.commons.io Medium Vendor jar package name commons Highest Vendor pom groupid commons-io Highest Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor pom parent-artifactid commons-parent Low Vendor pom name Apache Commons IO High Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor Manifest specification-vendor The Apache Software Foundation Low Product Manifest implementation-build tags/commons-io-2.5@r1739098; 2016-04-14 09:19:54-0400 Low Product jar package name io Highest Product pom artifactid commons-io Highest Product Manifest implementation-url http://commons.apache.org/proper/commons-io/ Low Product pom parent-groupid org.apache.commons Medium Product jar package name apache Highest Product Manifest bundle-docurl http://commons.apache.org/proper/commons-io/ Low Product pom url http://commons.apache.org/proper/commons-io/ Medium Product file name commons-io High Product Manifest bundle-symbolicname org.apache.commons.io Medium Product jar package name commons Highest Product Manifest Implementation-Title Apache Commons IO High Product pom groupid commons-io Highest Product Manifest Bundle-Name Apache Commons IO Medium Product pom name Apache Commons IO High Product pom parent-artifactid commons-parent Medium Product Manifest specification-title Apache Commons IO Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Version pom version 2.5 Highest Version pom parent-version 2.5 Low Version file version 2.5 High Version Manifest Implementation-Version 2.5 High
Published Vulnerabilities CVE-2021-29425 suppress
In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value. CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N References:
Vulnerable Software & Versions: (show all )
commons-lang3-3.6.jarDescription:
Apache Commons Lang, a package of Java utility classes for the
classes that are in java.lang's hierarchy, or are considered to be so
standard as to justify existence in java.lang.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/apache/commons/commons-lang3/3.6/commons-lang3-3.6.jar
MD5: 5d18f68b5122fd398c118df53ab4cf55
SHA1: 9d28a6b23650e8a7e9063c04588ace6cf7012c17
SHA256: 89c27f03fff18d0b06e7afd7ef25e209766df95b6c1269d6c3ebbdea48d5f284
Referenced In Project/Scope: Sample Application:compile
Evidence Type Source Name Value Confidence Vendor pom groupid apache.commons Highest Vendor pom name Apache Commons Lang High Vendor Manifest bundle-symbolicname org.apache.commons.lang3 Medium Vendor pom parent-groupid org.apache.commons Medium Vendor jar package name lang3 Highest Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Vendor pom groupid org.apache.commons Highest Vendor jar package name apache Highest Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor jar package name commons Highest Vendor Manifest bundle-docurl http://commons.apache.org/proper/commons-lang/ Low Vendor pom parent-artifactid commons-parent Low Vendor Manifest implementation-url http://commons.apache.org/proper/commons-lang/ Low Vendor pom url http://commons.apache.org/proper/commons-lang/ Highest Vendor Manifest Implementation-Vendor-Id org.apache.commons Medium Vendor Manifest automatic-module-name org.apache.commons.lang3 Medium Vendor file name commons-lang3 High Vendor pom artifactid commons-lang3 Low Vendor Manifest specification-vendor The Apache Software Foundation Low Product Manifest specification-title Apache Commons Lang Medium Product pom groupid apache.commons Highest Product pom name Apache Commons Lang High Product pom artifactid commons-lang3 Highest Product Manifest Bundle-Name Apache Commons Lang Medium Product Manifest bundle-symbolicname org.apache.commons.lang3 Medium Product pom parent-groupid org.apache.commons Medium Product jar package name lang3 Highest Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Product jar package name apache Highest Product jar package name commons Highest Product Manifest bundle-docurl http://commons.apache.org/proper/commons-lang/ Low Product Manifest implementation-url http://commons.apache.org/proper/commons-lang/ Low Product Manifest Implementation-Title Apache Commons Lang High Product pom parent-artifactid commons-parent Medium Product pom url http://commons.apache.org/proper/commons-lang/ Medium Product Manifest automatic-module-name org.apache.commons.lang3 Medium Product file name commons-lang3 High Version pom parent-version 3.6 Low Version pom version 3.6 Highest Version Manifest Implementation-Version 3.6 High Version file version 3.6 High
debug.jsFile Path: /home/runner/work/wcm-io-samples/wcm-io-samples/bundles/clientlibs/src/main/webapp/clientlibs-root/wcm-io-samples.app/js/debug.jsMD5: ba81c12c018e5bb323a15915f6eeb933SHA1: 226be4359090f5638abc1e9c425435b0fd084178SHA256: 67b11366521819521642e0c00a332b54bccad86a427ec4c9291490b95b0c3253Referenced In Project/Scope: Sample Application Clientlibs
Evidence Type Source Name Value Confidence
guava-15.0.jarDescription:
Guava is a suite of core and expanded libraries that include
utility classes, google's collections, io classes, and much
much more.
Guava has two code dependencies - javax.annotation
per the JSR-305 spec and javax.inject per the JSR-330 spec.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/com/google/guava/guava/15.0/guava-15.0.jar
MD5: 2c10bb2ca3ac8b55b0e77e54a7eb3744
SHA1: ed727a8d9f247e2050281cb083f1c77b09dcb5cd
SHA256: 7a34575770eebc60a5476616e3676a6cb6f2975c78c415e2a6014ac724ba5783
Referenced In Project/Scope: Sample Application:compile
Evidence Type Source Name Value Confidence Vendor pom name Guava: Google Core Libraries for Java High Vendor pom groupid com.google.guava Highest Vendor file name guava High Vendor pom parent-artifactid guava-parent Low Vendor pom groupid google.guava Highest Vendor Manifest bundle-symbolicname com.google.guava Medium Vendor pom parent-groupid com.google.guava Medium Vendor jar package name google Highest Vendor pom artifactid guava Low Product pom name Guava: Google Core Libraries for Java High Product pom artifactid guava Highest Product pom parent-artifactid guava-parent Medium Product file name guava High Product Manifest Bundle-Name Guava: Google Core Libraries for Java Medium Product pom groupid google.guava Highest Product Manifest bundle-symbolicname com.google.guava Medium Product pom parent-groupid com.google.guava Medium Product jar package name google Highest Version file version 15.0 High Version pom version 15.0 Highest
Published Vulnerabilities CVE-2018-10237 suppress
Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable. CWE-770 Allocation of Resources Without Limits or Throttling
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H References:
CONFIRM - https://groups.google.com/d/topic/guava-announce/xqWALw4W1vs/discussion MISC - https://www.oracle.com/security-alerts/cpujan2021.html MISC - https://www.oracle.com/security-alerts/cpujul2020.html MISC - https://www.oracle.com/security-alerts/cpuoct2021.html MLIST - [activemq-gitbox] 20190530 [GitHub] [activemq-artemis] brusdev opened a new pull request #2687: ARTEMIS-2359 Upgrade to Guava 24.1 MLIST - [activemq-issues] 20190516 [jira] [Created] (AMQ-7208) Security Issue related to Guava 18.0 MLIST - [activemq-issues] 20190820 [jira] [Created] (AMQ-7279) Security Vulnerabilities in Libraries - jackson-databind-2.9.8.jar, tomcat-servlet-api-8.0.53.jar, tomcat-websocket-api-8.0.53.jar, zookeeper-3.4.6.jar, guava-18.0.jar, jetty-all-9.2.26.v20180806.jar, scala-library-2.11.0.jar MLIST - [arrow-github] 20210610 [GitHub] [arrow] projjal opened a new pull request #10501: ARROW-13032: Update guava version MLIST - [cassandra-commits] 20190612 [jira] [Assigned] (CASSANDRA-14760) CVE-2018-10237 Security vulnerability in 3.11.3 MLIST - [cxf-dev] 20200206 [GitHub] [cxf] davidkarlsen opened a new pull request #638: upgrade guava, CVE-2018-10237 MLIST - [cxf-dev] 20200206 [GitHub] [cxf] reta commented on a change in pull request #638: upgrade guava, CVE-2018-10237 MLIST - [cxf-dev] 20200211 [GitHub] [cxf] coheigea commented on a change in pull request #638: upgrade guava, CVE-2018-10237 MLIST - [cxf-dev] 20200420 [GitHub] [cxf] andrei-ivanov commented on a change in pull request #638: upgrade guava, CVE-2018-10237 MLIST - [cxf-dev] 20200420 [GitHub] [cxf] coheigea commented on a change in pull request #638: upgrade guava, CVE-2018-10237 MLIST - [cxf-dev] 20200420 [GitHub] [cxf] reta commented on a change in pull request #638: upgrade guava, CVE-2018-10237 MLIST - [drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities MLIST - [drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities MLIST - [drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities MLIST - [flink-dev] 20200806 Dependency vulnerabilities with Apache Flink 1.10.1 version MLIST - [flink-dev] 20200806 [jira] [Created] (FLINK-18841) CVE-2018-10237 and CWE-400 occurred in flink dependency MLIST - [flink-issues] 20200806 [jira] [Created] (FLINK-18841) CVE-2018-10237 and CWE-400 occurred in flink dependency MLIST - [flink-issues] 20200814 [jira] [Commented] (FLINK-18841) CVE-2018-10237 and CWE-400 occurred in flink dependency MLIST - [flink-issues] 20210212 [jira] [Closed] (FLINK-18841) CVE-2018-10237 and CWE-400 occurred in flink dependency MLIST - [flink-user] 20200806 Dependency vulnerabilities with Apache Flink 1.10.1 version MLIST - [hadoop-common-dev] 20190401 Update guava to 27.0-jre in hadoop-project MLIST - [hadoop-common-dev] 20200623 Update guava to 27.0-jre in hadoop branch-2.10 MLIST - [hadoop-hdfs-dev] 20190401 Update guava to 27.0-jre in hadoop-project MLIST - [kafka-users] 20200413 CVEs for the dependency software guava and rocksdbjni of Kafka MLIST - [lucene-issues] 20201022 [jira] [Created] (SOLR-14960) Solr-clustering is bringing in CVE-2018-10237 vulnerable guava MLIST - [lucene-issues] 20201022 [jira] [Resolved] (SOLR-14960) Solr-clustering is bringing in CVE-2018-10237 vulnerable guava MLIST - [lucene-issues] 20201022 [jira] [Updated] (SOLR-14960) Solr-clustering is bringing in CVE-2018-10237 vulnerable guava MLIST - [maven-issues] 20210122 [GitHub] [maven-indexer] akurtakov opened a new pull request #75: Remove guava dependency from indexer-core MLIST - [pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1 MLIST - [pulsar-commits] 20210406 [GitHub] [pulsar] lhotari opened a new pull request #10149: Upgrade jclouds to 2.3.0 to fix security vulnerabilities MLIST - [samza-commits] 20210310 [GitHub] [samza] Telesia opened a new pull request #1471: SAMZA-2630: Upgrade dependencies for security fixes MLIST - [storm-issues] 20210315 [jira] [Created] (STORM-3754) Upgrade Guava version because of security vulnerability MLIST - [syncope-dev] 20200423 Re: Time to cut 2.1.6 / 2.0.15? N/A - N/A OSSINDEX - [CVE-2018-10237] Deserialization of Untrusted Data REDHAT - RHSA-2018:2423 REDHAT - RHSA-2018:2424 REDHAT - RHSA-2018:2425 REDHAT - RHSA-2018:2428 REDHAT - RHSA-2018:2598 REDHAT - RHSA-2018:2643 REDHAT - RHSA-2018:2740 REDHAT - RHSA-2018:2741 REDHAT - RHSA-2018:2742 REDHAT - RHSA-2018:2743 REDHAT - RHSA-2018:2927 REDHAT - RHSA-2019:2858 REDHAT - RHSA-2019:3149 SECTRACK - 1041707 Vulnerable Software & Versions: (show all )
CVE-2020-8908 suppress
A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in question has been marked @Deprecated in versions 30.0 and later and should not be used. For Android developers, we recommend choosing a temporary directory API provided by Android, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime's java.io.tmpdir system property to point to a location whose permissions are appropriately configured. CWE-732 Incorrect Permission Assignment for Critical Resource
CVSSv2:
Base Score: LOW (2.1) Vector: /AV:L/AC:L/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: LOW (3.3) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N References:
Vulnerable Software & Versions: (show all )
init.jsFile Path: /home/runner/work/wcm-io-samples/wcm-io-samples/bundles/clientlibs/src/main/webapp/clientlibs-root/wcm-io-samples.app/js/init.jsMD5: 2e2f40942a176d1ddb961719f8b01cd4SHA1: 81ed74ae523be13b6757bad99a0137457623ab15SHA256: 1b328f8b1e66d52c5c118adeba291635b4f108bc4673f63bdaae398dd388c02aReferenced In Project/Scope: Sample Application Clientlibs
Evidence Type Source Name Value Confidence
io.wcm.devops.conga.definitions.aem-1.11.2.jarDescription:
wcm.io DevOps CONfiguration GenerAtor Roles and Templates for Adobe Experience Manager (AEM). File Path: /home/runner/.m2/repository/io/wcm/devops/conga/definitions/io.wcm.devops.conga.definitions.aem/1.11.2/io.wcm.devops.conga.definitions.aem-1.11.2.jarMD5: a20ec6d0e8f05d875be65ed9b3188fd2SHA1: 6c82534d0d4bca05a2f996c1240d7b956ee1b40bSHA256: 11a2c3862939d47b743c427b82a23e8196753b1fdda169e6b2908f69ee501f1bReferenced In Project/Scope: io.wcm.samples.config-definition:compile
Evidence Type Source Name Value Confidence Vendor Manifest build-jdk-spec 11 Low Vendor pom name CONGA AEM Definitions High Vendor pom groupid io.wcm.devops.conga.definitions Highest Vendor pom parent-artifactid io.wcm.devops.conga.definitions.aem.parent Low Vendor file name io.wcm.devops.conga.definitions.aem High Vendor pom artifactid io.wcm.devops.conga.definitions.aem Low Product pom artifactid io.wcm.devops.conga.definitions.aem Highest Product Manifest build-jdk-spec 11 Low Product pom name CONGA AEM Definitions High Product pom groupid io.wcm.devops.conga.definitions Highest Product file name io.wcm.devops.conga.definitions.aem High Product pom parent-artifactid io.wcm.devops.conga.definitions.aem.parent Medium Version file version 1.11.2 High Version pom version 1.11.2 Highest
Published Vulnerabilities CVE-2007-1462 suppress
The luci server component in conga preserves the password between page loads for the Add System/Cluster task flow by storing the password in the Value attribute of a password entry field, which allows attackers to steal the password by performing a "view source" or other operation to obtain the web page. NOTE: there are limited circumstances under which such an attack is feasible. NVD-CWE-Other
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N References:
Vulnerable Software & Versions:
io.wcm.handler.commons-1.4.2.jarDescription:
Functionality shared by the handler implementations. License:
"The Apache Software License, Version 2.0";link="http://www.apache.org/licenses/LICENSE-2.0.txt" File Path: /home/runner/.m2/repository/io/wcm/io.wcm.handler.commons/1.4.2/io.wcm.handler.commons-1.4.2.jar
MD5: 8ffd12a76c573346ddd628231db01ceb
SHA1: e3cad3d019378c29cbe536d882b1aebe661acb2d
SHA256: bd719ea504437744b3fa694451ebc4ab9f0eb2078ba64f6939d405ed3f45d19d
Referenced In Project/Scope: Sample Application:compile
Evidence Type Source Name Value Confidence Vendor pom groupid io.wcm Highest Vendor jar package name io Highest Vendor pom parent-artifactid io.wcm.handler.parent Low Vendor pom url ${site.url}/${site.url.module.prefix}/ Highest Vendor pom artifactid io.wcm.handler.commons Low Vendor jar package name commons Highest Vendor Manifest bundle-docurl https://wcm.io/handler/commons/ Low Vendor Manifest bundle-symbolicname io.wcm.handler.commons Medium Vendor Manifest build-jdk-spec 11 Low Vendor Manifest require-capability osgi.extender;filter:="(&(osgi.extender=osgi.component)(version>=1.4.0)(!(version>=2.0.0)))",osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor Manifest provide-capability osgi.service;objectClass:List="javax.servlet.Servlet";uses:="javax.servlet" Low Vendor jar package name wcm Highest Vendor Manifest service-component OSGI-INF/io.wcm.handler.commons.servlets.impl.HtxPageExtensionMapper.xml Low Vendor jar package name handler Highest Vendor file name io.wcm.handler.commons High Vendor pom name Handler Commons High Product pom groupid io.wcm Highest Product jar package name io Highest Product pom url ${site.url}/${site.url.module.prefix}/ Medium Product jar package name commons Highest Product Manifest bundle-docurl https://wcm.io/handler/commons/ Low Product pom artifactid io.wcm.handler.commons Highest Product Manifest bundle-symbolicname io.wcm.handler.commons Medium Product Manifest build-jdk-spec 11 Low Product Manifest require-capability osgi.extender;filter:="(&(osgi.extender=osgi.component)(version>=1.4.0)(!(version>=2.0.0)))",osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product Manifest provide-capability osgi.service;objectClass:List="javax.servlet.Servlet";uses:="javax.servlet" Low Product jar package name wcm Highest Product Manifest Bundle-Name wcm.io Handler Commons Medium Product Manifest service-component OSGI-INF/io.wcm.handler.commons.servlets.impl.HtxPageExtensionMapper.xml Low Product pom parent-artifactid io.wcm.handler.parent Medium Product jar package name handler Highest Product file name io.wcm.handler.commons High Product pom name Handler Commons High Version Manifest Bundle-Version 1.4.2 High Version pom parent-version 1.4.2 Low Version file version 1.4.2 High Version pom version 1.4.2 Highest
io.wcm.handler.link-1.8.0.jarDescription:
Link resolving, processing and markup generation. License:
"The Apache Software License, Version 2.0";link="http://www.apache.org/licenses/LICENSE-2.0.txt" File Path: /home/runner/.m2/repository/io/wcm/io.wcm.handler.link/1.8.0/io.wcm.handler.link-1.8.0.jar
MD5: 69f8ba7e065f321d9ef02010e60ed079
SHA1: c05d30bafda035e78f8f0d2794232b377c85b0c4
SHA256: b602e80a8649ce67c0517a0ed7f0da13c06bccf95c82e838f680cf5253d85564
Referenced In Project/Scope: Sample Application:compile
Evidence Type Source Name Value Confidence Vendor pom groupid io.wcm Highest Vendor jar package name io Highest Vendor Manifest service-component OSGI-INF/io.wcm.handler.link.impl.DefaultLinkHandlerConfig.xml,OSGI-INF/io.wcm.handler.link.impl.ImageMapLinkResolverImpl.xml,OSGI-INF/io.wcm.handler.link.impl.LinkHandlerConfigAdapterFactory.xml Low Vendor Manifest bundle-symbolicname io.wcm.handler.link Medium Vendor Manifest bundle-docurl https://wcm.io/handler/link/ Low Vendor pom parent-artifactid io.wcm.handler.parent Low Vendor pom url ${site.url}/${site.url.module.prefix}/ Highest Vendor file name io.wcm.handler.link High Vendor Manifest require-capability osgi.service;filter:="(objectClass=io.wcm.sling.commons.caservice.ContextAwareServiceResolver)";effective:=active,osgi.extender;filter:="(&(osgi.extender=osgi.component)(version>=1.4.0)(!(version>=2.0.0)))",osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor Manifest provide-capability osgi.service;objectClass:List="io.wcm.handler.link.spi.LinkHandlerConfig";uses:="io.wcm.handler.link.spi",osgi.service;objectClass:List="io.wcm.handler.media.spi.ImageMapLinkResolver";uses:="io.wcm.handler.media.spi",osgi.service;objectClass:List="org.apache.sling.api.adapter.AdapterFactory";uses:="org.apache.sling.api.adapter" Low Vendor Manifest build-jdk-spec 11 Low Vendor Manifest sling-initial-content SLING-INF/app-root;overwrite:=true;ignoreImportProviders:=xml;path:=/apps/wcm-io/handler/link Low Vendor pom artifactid io.wcm.handler.link Low Vendor jar package name link Highest Vendor jar package name wcm Highest Vendor jar package name handler Highest Vendor pom name Link Handler High Product pom groupid io.wcm Highest Product jar package name io Highest Product Manifest service-component OSGI-INF/io.wcm.handler.link.impl.DefaultLinkHandlerConfig.xml,OSGI-INF/io.wcm.handler.link.impl.ImageMapLinkResolverImpl.xml,OSGI-INF/io.wcm.handler.link.impl.LinkHandlerConfigAdapterFactory.xml Low Product Manifest bundle-symbolicname io.wcm.handler.link Medium Product Manifest bundle-docurl https://wcm.io/handler/link/ Low Product pom url ${site.url}/${site.url.module.prefix}/ Medium Product file name io.wcm.handler.link High Product Manifest require-capability osgi.service;filter:="(objectClass=io.wcm.sling.commons.caservice.ContextAwareServiceResolver)";effective:=active,osgi.extender;filter:="(&(osgi.extender=osgi.component)(version>=1.4.0)(!(version>=2.0.0)))",osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product Manifest provide-capability osgi.service;objectClass:List="io.wcm.handler.link.spi.LinkHandlerConfig";uses:="io.wcm.handler.link.spi",osgi.service;objectClass:List="io.wcm.handler.media.spi.ImageMapLinkResolver";uses:="io.wcm.handler.media.spi",osgi.service;objectClass:List="org.apache.sling.api.adapter.AdapterFactory";uses:="org.apache.sling.api.adapter" Low Product Manifest build-jdk-spec 11 Low Product Manifest Bundle-Name wcm.io Link Handler Medium Product pom artifactid io.wcm.handler.link Highest Product Manifest sling-initial-content SLING-INF/app-root;overwrite:=true;ignoreImportProviders:=xml;path:=/apps/wcm-io/handler/link Low Product jar package name link Highest Product jar package name wcm Highest Product pom parent-artifactid io.wcm.handler.parent Medium Product jar package name handler Highest Product pom name Link Handler High Version pom version 1.8.0 Highest Version file version 1.8.0 High Version pom parent-version 1.8.0 Low Version Manifest Bundle-Version 1.8.0 High
io.wcm.handler.link-1.8.0.jar: validation.jsFile Path: /home/runner/.m2/repository/io/wcm/io.wcm.handler.link/1.8.0/io.wcm.handler.link-1.8.0.jar/SLING-INF/app-root/clientlibs/authoring/dialog/js/validation.jsMD5: 60adc20bbff1f3503d5409665d6030daSHA1: 764dc6c771d6625870dbddac32074e63856a2cbfSHA256: d3ee0e4b2c43d5e45e65906a2086759ec22d282baa35e16bab6dc2e1ae971300Referenced In Project/Scope: Sample Application:compile
Evidence Type Source Name Value Confidence
io.wcm.handler.media-1.13.8.jarDescription:
Media resolving, processing and markup generation. License:
"The Apache Software License, Version 2.0";link="http://www.apache.org/licenses/LICENSE-2.0.txt" File Path: /home/runner/.m2/repository/io/wcm/io.wcm.handler.media/1.13.8/io.wcm.handler.media-1.13.8.jar
MD5: d83ff469b5447561eefb8d91c1202c12
SHA1: 74053d03e7da4121637eafca2fdb478416fab842
SHA256: a1b60e6bbf905e98bc8a656f71f9c3d15e06a4928d611765363e49fef9dec0a5
Referenced In Project/Scope: Sample Application:compile
Evidence Type Source Name Value Confidence Vendor pom groupid io.wcm Highest Vendor jar package name io Highest Vendor Manifest require-capability osgi.service;filter:="(objectClass=com.adobe.granite.workflow.collection.ResourceCollectionManager)";effective:=active,osgi.service;filter:="(objectClass=com.day.cq.dam.api.handler.store.AssetStore)";effective:=active,osgi.service;filter:="(objectClass=com.day.cq.dam.api.s7dam.utils.PublishUtils)";effective:=active,osgi.service;filter:="(objectClass=io.wcm.handler.media.spi.MediaFormatProvider)";effective:=active;resolution:=optional;cardinality:=multiple,osgi.service;filter:="(objectClass=io.wcm.handler.mediasource.dam.impl.metadata.AssetSynchonizationService)";effective:=active,osgi.service;filter:="(objectClass=io.wcm.sling.commons.caservice.ContextAwareServiceResolver)";effective:=active,osgi.service;filter:="(objectClass=io.wcm.wcm.commons.instancetype.InstanceTypeService)";effective:=active,osgi.service;filter:="(objectClass=org.apache.sling.api.resource.ResourceResolverFactory)";effective:=active,osgi.service;filter:="(objectClass=org.apache.sling.featureflags.Features)";effective:=active,osgi.extender;filter:="(&(osgi.extender=osgi.component)(version>=1.4.0)(!(version>=2.0.0)))",osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor Manifest bundle-symbolicname io.wcm.handler.media Medium Vendor Manifest service-component OSGI-INF/io.wcm.handler.media.format.impl.DefaultMediaFormatListProvider.xml,OSGI-INF/io.wcm.handler.media.format.impl.MediaFormatProviderManagerImpl.xml,OSGI-INF/com.day.cq.dam.core.impl.servlet.DamContentDispositionFilter.xml,OSGI-INF/io.wcm.handler.media.impl.DefaultMediaHandlerConfig.xml,OSGI-INF/io.wcm.handler.media.impl.DummyImageServlet.xml,OSGI-INF/io.wcm.handler.media.impl.ImageFileServlet.xml,OSGI-INF/io.wcm.handler.media.impl.InlineImageAuthorPreviewServlet.xml,OSGI-INF/io.wcm.handler.media.impl.MediaFileServlet.xml,OSGI-INF/io.wcm.handler.media.impl.MediaFormatValidateServlet.xml,OSGI-INF/io.wcm.handler.media.impl.MediaHandlerConfigAdapterFactory.xml,OSGI-INF/io.wcm.handler.media.impl.ipeconfig.IPEConfigResourceProvider.xml,OSGI-INF/io.wcm.handler.mediasource.dam.impl.dynamicmedia.DynamicMediaSupportServiceImpl.xml,OSGI-INF/io.wcm.handler.mediasource.dam.impl.metadata.AssetSynchonizationService.xml,OSGI-INF/io.wcm.handler.mediasource.dam.impl.metadata.RenditionMetadataListenerService.xml,OSGI-INF/io.wcm.handler.mediasource.dam.impl.metadata.RenditionMetadataWorkflowProcess.xml Low Vendor pom parent-artifactid io.wcm.handler.parent Low Vendor pom name Media Handler High Vendor Manifest sling-namespaces wcmio=http://wcm.io/ns Medium Vendor pom url ${site.url}/${site.url.module.prefix}/ Highest Vendor file name io.wcm.handler.media High Vendor Manifest bundle-docurl https://wcm.io/handler/media/ Low Vendor pom artifactid io.wcm.handler.media Low Vendor Manifest build-jdk-spec 11 Low Vendor jar package name wcm Highest Vendor Manifest provide-capability osgi.service;objectClass:List="com.adobe.granite.workflow.exec.WorkflowProcess";uses:="com.adobe.granite.workflow.exec",osgi.service;objectClass:List="io.wcm.handler.media.format.MediaFormatProviderManager";uses:="io.wcm.handler.media.format",osgi.service;objectClass:List="io.wcm.handler.media.spi.MediaHandlerConfig";uses:="io.wcm.handler.media.spi",osgi.service;objectClass:List="io.wcm.handler.mediasource.dam.impl.dynamicmedia.DynamicMediaSupportService";uses:="io.wcm.handler.mediasource.dam.impl.dynamicmedia",osgi.service;objectClass:List="io.wcm.handler.mediasource.dam.impl.metadata.AssetSynchonizationService";uses:="io.wcm.handler.mediasource.dam.impl.metadata",osgi.service;objectClass:List="javax.servlet.Filter";uses:="javax.servlet",osgi.service;objectClass:List="javax.servlet.Servlet";uses:="javax.servlet",osgi.service;objectClass:List="org.apache.sling.api.adapter.AdapterFactory";uses:="org.apache.sling.api.adapter",osgi.service;objectClass:List="org.apache.sling.spi.resource.provider.ResourceProvider";uses:="org.apache.sling.spi.resource.provider",osgi.service;objectClass:List="org.osgi.service.event.EventHandler";uses:="org.osgi.service.event" Low Vendor jar package name handler Highest Vendor Manifest sling-initial-content SLING-INF/app-root;overwrite:=true;ignoreImportProviders:=xml;path:=/apps/wcm-io/handler/media Low Vendor jar package name media Highest Product pom groupid io.wcm Highest Product jar package name io Highest Product Manifest require-capability osgi.service;filter:="(objectClass=com.adobe.granite.workflow.collection.ResourceCollectionManager)";effective:=active,osgi.service;filter:="(objectClass=com.day.cq.dam.api.handler.store.AssetStore)";effective:=active,osgi.service;filter:="(objectClass=com.day.cq.dam.api.s7dam.utils.PublishUtils)";effective:=active,osgi.service;filter:="(objectClass=io.wcm.handler.media.spi.MediaFormatProvider)";effective:=active;resolution:=optional;cardinality:=multiple,osgi.service;filter:="(objectClass=io.wcm.handler.mediasource.dam.impl.metadata.AssetSynchonizationService)";effective:=active,osgi.service;filter:="(objectClass=io.wcm.sling.commons.caservice.ContextAwareServiceResolver)";effective:=active,osgi.service;filter:="(objectClass=io.wcm.wcm.commons.instancetype.InstanceTypeService)";effective:=active,osgi.service;filter:="(objectClass=org.apache.sling.api.resource.ResourceResolverFactory)";effective:=active,osgi.service;filter:="(objectClass=org.apache.sling.featureflags.Features)";effective:=active,osgi.extender;filter:="(&(osgi.extender=osgi.component)(version>=1.4.0)(!(version>=2.0.0)))",osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product Manifest bundle-symbolicname io.wcm.handler.media Medium Product Manifest service-component OSGI-INF/io.wcm.handler.media.format.impl.DefaultMediaFormatListProvider.xml,OSGI-INF/io.wcm.handler.media.format.impl.MediaFormatProviderManagerImpl.xml,OSGI-INF/com.day.cq.dam.core.impl.servlet.DamContentDispositionFilter.xml,OSGI-INF/io.wcm.handler.media.impl.DefaultMediaHandlerConfig.xml,OSGI-INF/io.wcm.handler.media.impl.DummyImageServlet.xml,OSGI-INF/io.wcm.handler.media.impl.ImageFileServlet.xml,OSGI-INF/io.wcm.handler.media.impl.InlineImageAuthorPreviewServlet.xml,OSGI-INF/io.wcm.handler.media.impl.MediaFileServlet.xml,OSGI-INF/io.wcm.handler.media.impl.MediaFormatValidateServlet.xml,OSGI-INF/io.wcm.handler.media.impl.MediaHandlerConfigAdapterFactory.xml,OSGI-INF/io.wcm.handler.media.impl.ipeconfig.IPEConfigResourceProvider.xml,OSGI-INF/io.wcm.handler.mediasource.dam.impl.dynamicmedia.DynamicMediaSupportServiceImpl.xml,OSGI-INF/io.wcm.handler.mediasource.dam.impl.metadata.AssetSynchonizationService.xml,OSGI-INF/io.wcm.handler.mediasource.dam.impl.metadata.RenditionMetadataListenerService.xml,OSGI-INF/io.wcm.handler.mediasource.dam.impl.metadata.RenditionMetadataWorkflowProcess.xml Low Product pom name Media Handler High Product Manifest sling-namespaces wcmio=http://wcm.io/ns Medium Product pom url ${site.url}/${site.url.module.prefix}/ Medium Product file name io.wcm.handler.media High Product Manifest bundle-docurl https://wcm.io/handler/media/ Low Product Manifest build-jdk-spec 11 Low Product jar package name mediasource Highest Product jar package name wcm Highest Product Manifest provide-capability osgi.service;objectClass:List="com.adobe.granite.workflow.exec.WorkflowProcess";uses:="com.adobe.granite.workflow.exec",osgi.service;objectClass:List="io.wcm.handler.media.format.MediaFormatProviderManager";uses:="io.wcm.handler.media.format",osgi.service;objectClass:List="io.wcm.handler.media.spi.MediaHandlerConfig";uses:="io.wcm.handler.media.spi",osgi.service;objectClass:List="io.wcm.handler.mediasource.dam.impl.dynamicmedia.DynamicMediaSupportService";uses:="io.wcm.handler.mediasource.dam.impl.dynamicmedia",osgi.service;objectClass:List="io.wcm.handler.mediasource.dam.impl.metadata.AssetSynchonizationService";uses:="io.wcm.handler.mediasource.dam.impl.metadata",osgi.service;objectClass:List="javax.servlet.Filter";uses:="javax.servlet",osgi.service;objectClass:List="javax.servlet.Servlet";uses:="javax.servlet",osgi.service;objectClass:List="org.apache.sling.api.adapter.AdapterFactory";uses:="org.apache.sling.api.adapter",osgi.service;objectClass:List="org.apache.sling.spi.resource.provider.ResourceProvider";uses:="org.apache.sling.spi.resource.provider",osgi.service;objectClass:List="org.osgi.service.event.EventHandler";uses:="org.osgi.service.event" Low Product Manifest Bundle-Name wcm.io Media Handler Medium Product pom artifactid io.wcm.handler.media Highest Product pom parent-artifactid io.wcm.handler.parent Medium Product jar package name handler Highest Product Manifest sling-initial-content SLING-INF/app-root;overwrite:=true;ignoreImportProviders:=xml;path:=/apps/wcm-io/handler/media Low Product jar package name media Highest Version Manifest Bundle-Version 1.13.8 High Version pom parent-version 1.13.8 Low Version file version 1.13.8 High Version pom version 1.13.8 Highest
io.wcm.handler.media-1.13.8.jar: fileupload.jsFile Path: /home/runner/.m2/repository/io/wcm/io.wcm.handler.media/1.13.8/io.wcm.handler.media-1.13.8.jar/SLING-INF/app-root/clientlibs/authoring/dialog/js/fileupload.jsMD5: 228b2fffc6abfcdd799e78898e1f99f0SHA1: fb786d6d24f5a9e073922bf44124c2d220f26eb4SHA256: ce8922cde6eb4f852d6303d70d68ee5465eb8fca64ca98a4eb5f394c67c68565Referenced In Project/Scope: Sample Application:compile
Evidence Type Source Name Value Confidence
io.wcm.handler.media-1.13.8.jar: mediaFormatValidate.jsFile Path: /home/runner/.m2/repository/io/wcm/io.wcm.handler.media/1.13.8/io.wcm.handler.media-1.13.8.jar/SLING-INF/app-root/clientlibs/authoring/dialog/js/mediaFormatValidate.jsMD5: d651e04f32fb3bb0fced07ed1a2005fcSHA1: dea24b24548036a6996bc1136ca199801bf77f61SHA256: f717ede12e856a344c5aecd4dc56da7f369a0f109f74bdf2f372b5b18131583fReferenced In Project/Scope: Sample Application:compile
Evidence Type Source Name Value Confidence
io.wcm.handler.media-1.13.8.jar: namespace.jsFile Path: /home/runner/.m2/repository/io/wcm/io.wcm.handler.media/1.13.8/io.wcm.handler.media-1.13.8.jar/SLING-INF/app-root/clientlibs/authoring/dialog/js/namespace.jsMD5: 1ee97355e0dea2b938d18b793ee3afcbSHA1: db8dcc1d4119b2318d6e9b82a535acd358623efbSHA256: f394f7656cfdb529859443f44bde815af90197ff886a25b09e35a840fc505f9aReferenced In Project/Scope: Sample Application:compile
Evidence Type Source Name Value Confidence
io.wcm.handler.media-1.13.8.jar: pathfield.jsFile Path: /home/runner/.m2/repository/io/wcm/io.wcm.handler.media/1.13.8/io.wcm.handler.media-1.13.8.jar/SLING-INF/app-root/clientlibs/authoring/dialog/js/pathfield.jsMD5: d8bdda5721510948d2a115432a45a19aSHA1: 592bba9dae3da6ab12020e0c2b3173446e3b5ac6SHA256: 20a9cbff936311f0e1cb5b3d1ad385508bab22788cdc15c9e94338f26fe8a236Referenced In Project/Scope: Sample Application:compile
Evidence Type Source Name Value Confidence
io.wcm.handler.media-1.13.8.jar: validation.jsFile Path: /home/runner/.m2/repository/io/wcm/io.wcm.handler.media/1.13.8/io.wcm.handler.media-1.13.8.jar/SLING-INF/app-root/clientlibs/authoring/dialog/js/validation.jsMD5: c8ce854cad6f2376a0cf0e04bd298808SHA1: 60e641d95e570022dd82aaa25fa8ff8922cebdbfSHA256: 98755c24e6772dfdc4cf8e8ff5e51e0ef98008371b715ae4677dd1df1dae2138Referenced In Project/Scope: Sample Application:compile
Evidence Type Source Name Value Confidence
io.wcm.handler.richtext-1.5.6.jarDescription:
Rich text processing and markup generation. License:
"The Apache Software License, Version 2.0";link="http://www.apache.org/licenses/LICENSE-2.0.txt" File Path: /home/runner/.m2/repository/io/wcm/io.wcm.handler.richtext/1.5.6/io.wcm.handler.richtext-1.5.6.jar
MD5: f3b5a60cb0b65cfc50fb5a566260815e
SHA1: e46a81b65646869eafd2deb4bfa5be91a63f3773
SHA256: 937a6eee2964d9eaf857bcd46ad1c7d23d708e28f8294c5e65ae6452b5aefc7b
Referenced In Project/Scope: Sample Application:compile
Evidence Type Source Name Value Confidence Vendor pom groupid io.wcm Highest Vendor file name io.wcm.handler.richtext High Vendor jar package name io Highest Vendor jar package name richtext Highest Vendor Manifest bundle-symbolicname io.wcm.handler.richtext Medium Vendor Manifest sling-initial-content SLING-INF/app-root;overwrite:=true;ignoreImportProviders:=xml;path:=/apps/wcm-io/handler/richtext Low Vendor pom parent-artifactid io.wcm.handler.parent Low Vendor pom url ${site.url}/${site.url.module.prefix}/ Highest Vendor Manifest build-jdk-spec 11 Low Vendor Manifest require-capability osgi.extender;filter:="(&(osgi.extender=osgi.component)(version>=1.4.0)(!(version>=2.0.0)))",osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor pom name RichText Handler High Vendor jar package name wcm Highest Vendor Manifest provide-capability osgi.service;objectClass:List="io.wcm.handler.richtext.spi.RichTextHandlerConfig";uses:="io.wcm.handler.richtext.spi",osgi.service;objectClass:List="javax.servlet.Servlet";uses:="javax.servlet" Low Vendor Manifest service-component OSGI-INF/io.wcm.handler.richtext.impl.DefaultRichTextHandlerConfig.xml,OSGI-INF/io.wcm.handler.richtext.impl.RTELinkPluginConfig.xml Low Vendor jar package name handler Highest Vendor Manifest bundle-docurl https://wcm.io/handler/richtext/ Low Vendor pom artifactid io.wcm.handler.richtext Low Product file name io.wcm.handler.richtext High Product Manifest Bundle-Name wcm.io RichText Handler Medium Product pom groupid io.wcm Highest Product jar package name io Highest Product jar package name richtext Highest Product Manifest bundle-symbolicname io.wcm.handler.richtext Medium Product Manifest sling-initial-content SLING-INF/app-root;overwrite:=true;ignoreImportProviders:=xml;path:=/apps/wcm-io/handler/richtext Low Product pom url ${site.url}/${site.url.module.prefix}/ Medium Product Manifest build-jdk-spec 11 Low Product Manifest require-capability osgi.extender;filter:="(&(osgi.extender=osgi.component)(version>=1.4.0)(!(version>=2.0.0)))",osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product pom name RichText Handler High Product jar package name wcm Highest Product Manifest provide-capability osgi.service;objectClass:List="io.wcm.handler.richtext.spi.RichTextHandlerConfig";uses:="io.wcm.handler.richtext.spi",osgi.service;objectClass:List="javax.servlet.Servlet";uses:="javax.servlet" Low Product pom artifactid io.wcm.handler.richtext Highest Product Manifest service-component OSGI-INF/io.wcm.handler.richtext.impl.DefaultRichTextHandlerConfig.xml,OSGI-INF/io.wcm.handler.richtext.impl.RTELinkPluginConfig.xml Low Product pom parent-artifactid io.wcm.handler.parent Medium Product jar package name handler Highest Product Manifest bundle-docurl https://wcm.io/handler/richtext/ Low Version Manifest Bundle-Version 1.5.6 High Version file version 1.5.6 High Version pom parent-version 1.5.6 Low Version pom version 1.5.6 Highest
io.wcm.handler.richtext-1.5.6.jar: linkDialog.jsFile Path: /home/runner/.m2/repository/io/wcm/io.wcm.handler.richtext/1.5.6/io.wcm.handler.richtext-1.5.6.jar/SLING-INF/app-root/clientlibs/rte.plugins/js/linkDialog.jsMD5: a5d161dd46013eff503a9142dbc9947fSHA1: ee3e66102ffac63119e74771225b2687af524147SHA256: 0e922cbcc77457105439b4471939362247eeafce5e00c2d48238715092b8e629Referenced In Project/Scope: Sample Application:compile
Evidence Type Source Name Value Confidence
io.wcm.handler.richtext-1.5.6.jar: linkPlugin.jsFile Path: /home/runner/.m2/repository/io/wcm/io.wcm.handler.richtext/1.5.6/io.wcm.handler.richtext-1.5.6.jar/SLING-INF/app-root/clientlibs/rte.plugins/js/linkPlugin.jsMD5: 172b7860a2b277ba036e1a92025f5816SHA1: 7c180adb3baf031623bd716eb43977ed251bad28SHA256: d6c5b8a6897e43a4bb58273e693c329f831e0246ccae033877fd2708a65c13f2Referenced In Project/Scope: Sample Application:compile
Evidence Type Source Name Value Confidence
io.wcm.handler.richtext-1.5.6.jar: namespace.jsFile Path: /home/runner/.m2/repository/io/wcm/io.wcm.handler.richtext/1.5.6/io.wcm.handler.richtext-1.5.6.jar/SLING-INF/app-root/clientlibs/rte.plugins/js/namespace.jsMD5: 7ae55c6778a3c26445a0098fcefde074SHA1: fa7930101777f1f655cbbf99d6b2ec186260a462SHA256: 5eb6414d882dde4e5e49e64b15bf011d0e19f8fb09b8e3216c5211b01c836ff1Referenced In Project/Scope: Sample Application:compile
Evidence Type Source Name Value Confidence
io.wcm.handler.url-1.6.0.jarDescription:
URL resolving and processing. License:
"The Apache Software License, Version 2.0";link="http://www.apache.org/licenses/LICENSE-2.0.txt" File Path: /home/runner/.m2/repository/io/wcm/io.wcm.handler.url/1.6.0/io.wcm.handler.url-1.6.0.jar
MD5: d6e4d166536812e383832fc1b6dee4d3
SHA1: 834b061d39aa3c7b5519e478f42b037f157f34f3
SHA256: 71aca33969fc6201aff3615bd0faba06e6c3ae75b5078be495b3b8e7ca88157c
Referenced In Project/Scope: Sample Application:compile
Evidence Type Source Name Value Confidence Vendor pom groupid io.wcm Highest Vendor pom artifactid io.wcm.handler.url Low Vendor jar package name io Highest Vendor Manifest sling-initial-content SLING-INF/app-root;overwrite:=true;ignoreImportProviders:=xml;path:=/apps/wcm-io/handler/url Low Vendor Manifest bundle-docurl https://wcm.io/handler/url/ Low Vendor pom parent-artifactid io.wcm.handler.parent Low Vendor pom url ${site.url}/${site.url.module.prefix}/ Highest Vendor Manifest require-capability osgi.service;filter:="(objectClass=io.wcm.handler.url.SiteRootDetector)";effective:=active,osgi.service;filter:="(objectClass=io.wcm.sling.commons.caservice.ContextAwareServiceResolver)";effective:=active,osgi.service;filter:="(objectClass=org.apache.sling.api.resource.ResourceResolverFactory)";effective:=active,osgi.service;filter:="(objectClass=org.apache.sling.caconfig.resource.ConfigurationResourceResolver)";effective:=active,osgi.extender;filter:="(&(osgi.extender=osgi.component)(version>=1.4.0)(!(version>=2.0.0)))",osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor Manifest provide-capability osgi.service;objectClass:List="io.wcm.handler.url.SiteRootDetector";uses:="io.wcm.handler.url",osgi.service;objectClass:List="io.wcm.handler.url.impl.clientlib.ClientlibProxyRewriter";uses:="io.wcm.handler.url.impl.clientlib",osgi.service;objectClass:List="io.wcm.handler.url.spi.UrlHandlerConfig";uses:="io.wcm.handler.url.spi",osgi.service;objectClass:List="org.apache.sling.api.adapter.AdapterFactory";uses:="org.apache.sling.api.adapter",osgi.service;objectClass:List="org.apache.sling.rewriter.TransformerFactory";uses:="org.apache.sling.rewriter" Low Vendor pom name URL Handler High Vendor jar package name url Highest Vendor Manifest build-jdk-spec 11 Low Vendor Manifest service-component OSGI-INF/io.wcm.handler.url.impl.DefaultUrlHandlerConfig.xml,OSGI-INF/io.wcm.handler.url.impl.SiteRootDetectorImpl.xml,OSGI-INF/io.wcm.handler.url.impl.UrlHandlerAdapterFactory.xml,OSGI-INF/io.wcm.handler.url.impl.clientlib.ClientlibProxyRewriterImpl.xml,OSGI-INF/io.wcm.handler.url.rewriter.impl.UrlExternalizerTransformerFactory.xml Low Vendor jar package name wcm Highest Vendor file name io.wcm.handler.url High Vendor jar package name handler Highest Vendor Manifest bundle-symbolicname io.wcm.handler.url Medium Product pom groupid io.wcm Highest Product jar package name io Highest Product pom artifactid io.wcm.handler.url Highest Product Manifest sling-initial-content SLING-INF/app-root;overwrite:=true;ignoreImportProviders:=xml;path:=/apps/wcm-io/handler/url Low Product Manifest bundle-docurl https://wcm.io/handler/url/ Low Product pom url ${site.url}/${site.url.module.prefix}/ Medium Product Manifest require-capability osgi.service;filter:="(objectClass=io.wcm.handler.url.SiteRootDetector)";effective:=active,osgi.service;filter:="(objectClass=io.wcm.sling.commons.caservice.ContextAwareServiceResolver)";effective:=active,osgi.service;filter:="(objectClass=org.apache.sling.api.resource.ResourceResolverFactory)";effective:=active,osgi.service;filter:="(objectClass=org.apache.sling.caconfig.resource.ConfigurationResourceResolver)";effective:=active,osgi.extender;filter:="(&(osgi.extender=osgi.component)(version>=1.4.0)(!(version>=2.0.0)))",osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product Manifest provide-capability osgi.service;objectClass:List="io.wcm.handler.url.SiteRootDetector";uses:="io.wcm.handler.url",osgi.service;objectClass:List="io.wcm.handler.url.impl.clientlib.ClientlibProxyRewriter";uses:="io.wcm.handler.url.impl.clientlib",osgi.service;objectClass:List="io.wcm.handler.url.spi.UrlHandlerConfig";uses:="io.wcm.handler.url.spi",osgi.service;objectClass:List="org.apache.sling.api.adapter.AdapterFactory";uses:="org.apache.sling.api.adapter",osgi.service;objectClass:List="org.apache.sling.rewriter.TransformerFactory";uses:="org.apache.sling.rewriter" Low Product pom name URL Handler High Product Manifest Bundle-Name wcm.io URL Handler Medium Product jar package name url Highest Product Manifest build-jdk-spec 11 Low Product Manifest service-component OSGI-INF/io.wcm.handler.url.impl.DefaultUrlHandlerConfig.xml,OSGI-INF/io.wcm.handler.url.impl.SiteRootDetectorImpl.xml,OSGI-INF/io.wcm.handler.url.impl.UrlHandlerAdapterFactory.xml,OSGI-INF/io.wcm.handler.url.impl.clientlib.ClientlibProxyRewriterImpl.xml,OSGI-INF/io.wcm.handler.url.rewriter.impl.UrlExternalizerTransformerFactory.xml Low Product jar package name wcm Highest Product file name io.wcm.handler.url High Product pom parent-artifactid io.wcm.handler.parent Medium Product jar package name handler Highest Product Manifest bundle-symbolicname io.wcm.handler.url Medium Version pom parent-version 1.6.0 Low Version pom version 1.6.0 Highest Version Manifest Bundle-Version 1.6.0 High Version file version 1.6.0 High
io.wcm.samples:io.wcm.samples.complete:1.3.1-SNAPSHOTDescription:
AEM content package with all sample application bundles and dependencies. License:
The Apache Software License, Version 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/wcm-io-samples/wcm-io-samples/content-packages/complete/pom.xml
Evidence Type Source Name Value Confidence Vendor project artifactid io.wcm.samples.complete Low Vendor project groupid io.wcm.samples Highest Vendor file name pom High Product project artifactid io.wcm.samples.complete Highest Product project groupid io.wcm.samples Low Product file name pom High
io.wcm.samples:io.wcm.samples.sample-content:1.3.1-SNAPSHOTDescription:
AEM Application sample content License:
The Apache Software License, Version 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/work/wcm-io-samples/wcm-io-samples/content-packages/sample-content/pom.xml
Evidence Type Source Name Value Confidence Vendor project artifactid io.wcm.samples.sample-content Low Vendor project groupid io.wcm.samples Highest Vendor file name pom High Product project groupid io.wcm.samples Low Product file name pom High Product project artifactid io.wcm.samples.sample-content Highest
io.wcm.sling.commons-1.4.0.jarDescription:
Common Sling utility and helper functions. License:
"The Apache Software License, Version 2.0";link="http://www.apache.org/licenses/LICENSE-2.0.txt" File Path: /home/runner/.m2/repository/io/wcm/io.wcm.sling.commons/1.4.0/io.wcm.sling.commons-1.4.0.jar
MD5: d62de019c010f8bc770e3779c2ef9b77
SHA1: 57bab1d2edf776d551f5c994b705add0fda569b7
SHA256: a6fcc35671f64d43f0a4253340e01655694a8e7fa60aed781410e9440dc053b2
Referenced In Project/Scope: Sample Application:compile
Evidence Type Source Name Value Confidence Vendor pom groupid io.wcm Highest Vendor Manifest bundle-symbolicname io.wcm.sling.commons Medium Vendor jar package name io Highest Vendor file name io.wcm.sling.commons High Vendor pom parent-artifactid io.wcm.sling.parent Low Vendor pom url ${site.url}/${site.url.module.prefix}/ Highest Vendor jar package name commons Highest Vendor jar package name sling Highest Vendor pom name Sling Commons High Vendor Manifest service-component OSGI-INF/io.wcm.sling.commons.caservice.impl.ContextAwareServiceInventoryPrinter.xml,OSGI-INF/io.wcm.sling.commons.caservice.impl.ContextAwareServiceResolverImpl.xml,OSGI-INF/io.wcm.sling.commons.request.impl.RequestContextFilterImpl.xml Low Vendor Manifest build-jdk-spec 11 Low Vendor Manifest require-capability osgi.service;filter:="(objectClass=io.wcm.sling.commons.caservice.ContextAwareServiceResolver)";effective:=active,osgi.service;filter:="(objectClass=io.wcm.sling.commons.caservice.PathPreprocessor)";effective:=active;resolution:=optional,osgi.extender;filter:="(&(osgi.extender=osgi.component)(version>=1.4.0)(!(version>=2.0.0)))",osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor pom artifactid io.wcm.sling.commons Low Vendor jar package name wcm Highest Vendor Manifest bundle-docurl https://wcm.io/sling/commons/ Low Vendor Manifest provide-capability osgi.service;objectClass:List="io.wcm.sling.commons.caservice.ContextAwareServiceResolver";uses:="io.wcm.sling.commons.caservice",osgi.service;objectClass:List="io.wcm.sling.commons.request.RequestContext,javax.servlet.Filter";uses:="io.wcm.sling.commons.request,javax.servlet",osgi.service;objectClass:List="org.apache.felix.inventory.InventoryPrinter";uses:="org.apache.felix.inventory" Low Product Manifest bundle-symbolicname io.wcm.sling.commons Medium Product pom groupid io.wcm Highest Product jar package name io Highest Product file name io.wcm.sling.commons High Product pom url ${site.url}/${site.url.module.prefix}/ Medium Product jar package name commons Highest Product jar package name sling Highest Product pom name Sling Commons High Product Manifest service-component OSGI-INF/io.wcm.sling.commons.caservice.impl.ContextAwareServiceInventoryPrinter.xml,OSGI-INF/io.wcm.sling.commons.caservice.impl.ContextAwareServiceResolverImpl.xml,OSGI-INF/io.wcm.sling.commons.request.impl.RequestContextFilterImpl.xml Low Product Manifest build-jdk-spec 11 Low Product Manifest require-capability osgi.service;filter:="(objectClass=io.wcm.sling.commons.caservice.ContextAwareServiceResolver)";effective:=active,osgi.service;filter:="(objectClass=io.wcm.sling.commons.caservice.PathPreprocessor)";effective:=active;resolution:=optional,osgi.extender;filter:="(&(osgi.extender=osgi.component)(version>=1.4.0)(!(version>=2.0.0)))",osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product jar package name wcm Highest Product Manifest bundle-docurl https://wcm.io/sling/commons/ Low Product pom parent-artifactid io.wcm.sling.parent Medium Product Manifest provide-capability osgi.service;objectClass:List="io.wcm.sling.commons.caservice.ContextAwareServiceResolver";uses:="io.wcm.sling.commons.caservice",osgi.service;objectClass:List="io.wcm.sling.commons.request.RequestContext,javax.servlet.Filter";uses:="io.wcm.sling.commons.request,javax.servlet",osgi.service;objectClass:List="org.apache.felix.inventory.InventoryPrinter";uses:="org.apache.felix.inventory" Low Product pom artifactid io.wcm.sling.commons Highest Product Manifest Bundle-Name wcm.io Sling Commons Medium Version Manifest Bundle-Version 1.4.0 High Version file version 1.4.0 High Version pom version 1.4.0 Highest
io.wcm.sling.models-1.6.0.jarDescription:
AEM Object Injector for Sling Models. License:
"The Apache Software License, Version 2.0";link="http://www.apache.org/licenses/LICENSE-2.0.txt" File Path: /home/runner/.m2/repository/io/wcm/io.wcm.sling.models/1.6.0/io.wcm.sling.models-1.6.0.jar
MD5: 11233d382ac989a7c00b69fe6191d0cc
SHA1: 06a9483c7502638bc25552917a20cdfb904c34bb
SHA256: eb19e7903e1cb3c9d98f9d70d68b0687c82923b70a3d6f84f435b358223c64fa
Referenced In Project/Scope: Sample Application:compile
Evidence Type Source Name Value Confidence Vendor pom groupid io.wcm Highest Vendor jar package name io Highest Vendor Manifest provide-capability osgi.service;objectClass:List="io.wcm.sling.models.injectors.impl.ModelsImplConfiguration";uses:="io.wcm.sling.models.injectors.impl",osgi.service;objectClass:List="org.apache.sling.models.spi.Injector,org.apache.sling.models.spi.injectorspecific.StaticInjectAnnotationProcessorFactory";uses:="org.apache.sling.models.spi,org.apache.sling.models.spi.injectorspecific" Low Vendor pom parent-artifactid io.wcm.sling.parent Low Vendor pom url ${site.url}/${site.url.module.prefix}/ Highest Vendor file name io.wcm.sling.models High Vendor jar package name sling Highest Vendor pom name AEM Sling Models Extensions High Vendor Manifest service-component OSGI-INF/io.wcm.sling.models.injectors.impl.AemObjectInjector.xml,OSGI-INF/io.wcm.sling.models.injectors.impl.ModelsImplConfiguration.xml,OSGI-INF/io.wcm.sling.models.injectors.impl.SlingObjectOverlayInjector.xml Low Vendor Manifest build-jdk-spec 11 Low Vendor pom artifactid io.wcm.sling.models Low Vendor Manifest require-capability osgi.service;filter:="(objectClass=io.wcm.sling.commons.request.RequestContext)";effective:=active,osgi.service;filter:="(objectClass=io.wcm.sling.models.injectors.impl.ModelsImplConfiguration)";effective:=active,osgi.extender;filter:="(&(osgi.extender=osgi.component)(version>=1.4.0)(!(version>=2.0.0)))",osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor jar package name wcm Highest Vendor jar package name models Highest Vendor Manifest bundle-symbolicname io.wcm.sling.models Medium Vendor Manifest bundle-docurl https://wcm.io/sling/models/ Low Product pom groupid io.wcm Highest Product jar package name io Highest Product Manifest provide-capability osgi.service;objectClass:List="io.wcm.sling.models.injectors.impl.ModelsImplConfiguration";uses:="io.wcm.sling.models.injectors.impl",osgi.service;objectClass:List="org.apache.sling.models.spi.Injector,org.apache.sling.models.spi.injectorspecific.StaticInjectAnnotationProcessorFactory";uses:="org.apache.sling.models.spi,org.apache.sling.models.spi.injectorspecific" Low Product pom url ${site.url}/${site.url.module.prefix}/ Medium Product file name io.wcm.sling.models High Product jar package name sling Highest Product Manifest Bundle-Name wcm.io AEM Sling Models Extensions Medium Product pom name AEM Sling Models Extensions High Product Manifest service-component OSGI-INF/io.wcm.sling.models.injectors.impl.AemObjectInjector.xml,OSGI-INF/io.wcm.sling.models.injectors.impl.ModelsImplConfiguration.xml,OSGI-INF/io.wcm.sling.models.injectors.impl.SlingObjectOverlayInjector.xml Low Product Manifest build-jdk-spec 11 Low Product pom artifactid io.wcm.sling.models Highest Product Manifest require-capability osgi.service;filter:="(objectClass=io.wcm.sling.commons.request.RequestContext)";effective:=active,osgi.service;filter:="(objectClass=io.wcm.sling.models.injectors.impl.ModelsImplConfiguration)";effective:=active,osgi.extender;filter:="(&(osgi.extender=osgi.component)(version>=1.4.0)(!(version>=2.0.0)))",osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product jar package name wcm Highest Product jar package name models Highest Product Manifest bundle-symbolicname io.wcm.sling.models Medium Product pom parent-artifactid io.wcm.sling.parent Medium Product Manifest bundle-docurl https://wcm.io/sling/models/ Low Version pom parent-version 1.6.0 Low Version pom version 1.6.0 Highest Version Manifest Bundle-Version 1.6.0 High Version file version 1.6.0 High
io.wcm.wcm.commons-1.9.0.jarDescription:
Common WCM utility and helper functions. License:
"The Apache Software License, Version 2.0";link="http://www.apache.org/licenses/LICENSE-2.0.txt" File Path: /home/runner/.m2/repository/io/wcm/io.wcm.wcm.commons/1.9.0/io.wcm.wcm.commons-1.9.0.jar
MD5: 04799632ef83b8d9295c7328d5c0b247
SHA1: 15b79398cd63bbc02ff54a04a98cc04cc0b04d1c
SHA256: 98b6e6915fbba4d4642bbf6500d590c430765a1e28279e86fb63546b24a97e98
Referenced In Project/Scope: Sample Application:compile
Evidence Type Source Name Value Confidence Vendor pom groupid io.wcm Highest Vendor jar package name io Highest Vendor Manifest require-capability osgi.service;filter:="(objectClass=org.apache.sling.api.resource.ResourceResolverFactory)";effective:=active,osgi.service;filter:="(objectClass=org.osgi.service.cm.ConfigurationAdmin)";effective:=active,osgi.extender;filter:="(&(osgi.extender=osgi.component)(version>=1.4.0)(!(version>=2.0.0)))",osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor Manifest sling-namespaces wcmio=http://wcm.io/ns Medium Vendor pom url ${site.url}/${site.url.module.prefix}/ Highest Vendor Manifest provide-capability osgi.service;objectClass:List="io.wcm.sling.commons.caservice.PathPreprocessor";uses:="io.wcm.sling.commons.caservice",osgi.service;objectClass:List="io.wcm.wcm.commons.bundleinfo.BundleInfoService";uses:="io.wcm.wcm.commons.bundleinfo",osgi.service;objectClass:List="io.wcm.wcm.commons.component.ComponentPropertyResolverFactory";uses:="io.wcm.wcm.commons.component",osgi.service;objectClass:List="io.wcm.wcm.commons.instancetype.InstanceTypeService";uses:="io.wcm.wcm.commons.instancetype" Low Vendor file name io.wcm.wcm.commons High Vendor jar package name commons Highest Vendor Manifest bundle-symbolicname io.wcm.wcm.commons Medium Vendor Manifest build-jdk-spec 11 Low Vendor pom artifactid io.wcm.wcm.commons Low Vendor jar package name wcm Highest Vendor pom parent-artifactid io.wcm.wcm.parent Low Vendor Manifest bundle-docurl https://wcm.io/wcm/commons/ Low Vendor Manifest service-component OSGI-INF/io.wcm.wcm.commons.bundleinfo.impl.BundleInfoServiceImpl.xml,OSGI-INF/io.wcm.wcm.commons.caservice.impl.WcmPathPreprocessor.xml,OSGI-INF/io.wcm.wcm.commons.component.impl.ComponentPropertyResolverFactoryImpl.xml,OSGI-INF/io.wcm.wcm.commons.instancetype.impl.InstanceTypeServiceImpl.xml Low Vendor Manifest sling-initial-content SLING-INF/app-root;overwrite:=true;ignoreImportProviders:=xml;path:=/apps/wcm-io/wcm/commons Low Vendor pom name WCM Commons High Product pom groupid io.wcm Highest Product jar package name io Highest Product Manifest require-capability osgi.service;filter:="(objectClass=org.apache.sling.api.resource.ResourceResolverFactory)";effective:=active,osgi.service;filter:="(objectClass=org.osgi.service.cm.ConfigurationAdmin)";effective:=active,osgi.extender;filter:="(&(osgi.extender=osgi.component)(version>=1.4.0)(!(version>=2.0.0)))",osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product Manifest sling-namespaces wcmio=http://wcm.io/ns Medium Product pom url ${site.url}/${site.url.module.prefix}/ Medium Product Manifest provide-capability osgi.service;objectClass:List="io.wcm.sling.commons.caservice.PathPreprocessor";uses:="io.wcm.sling.commons.caservice",osgi.service;objectClass:List="io.wcm.wcm.commons.bundleinfo.BundleInfoService";uses:="io.wcm.wcm.commons.bundleinfo",osgi.service;objectClass:List="io.wcm.wcm.commons.component.ComponentPropertyResolverFactory";uses:="io.wcm.wcm.commons.component",osgi.service;objectClass:List="io.wcm.wcm.commons.instancetype.InstanceTypeService";uses:="io.wcm.wcm.commons.instancetype" Low Product pom parent-artifactid io.wcm.wcm.parent Medium Product file name io.wcm.wcm.commons High Product jar package name commons Highest Product Manifest bundle-symbolicname io.wcm.wcm.commons Medium Product Manifest build-jdk-spec 11 Low Product pom artifactid io.wcm.wcm.commons Highest Product Manifest Bundle-Name wcm.io WCM Commons Medium Product jar package name wcm Highest Product Manifest bundle-docurl https://wcm.io/wcm/commons/ Low Product Manifest service-component OSGI-INF/io.wcm.wcm.commons.bundleinfo.impl.BundleInfoServiceImpl.xml,OSGI-INF/io.wcm.wcm.commons.caservice.impl.WcmPathPreprocessor.xml,OSGI-INF/io.wcm.wcm.commons.component.impl.ComponentPropertyResolverFactoryImpl.xml,OSGI-INF/io.wcm.wcm.commons.instancetype.impl.InstanceTypeServiceImpl.xml Low Product Manifest sling-initial-content SLING-INF/app-root;overwrite:=true;ignoreImportProviders:=xml;path:=/apps/wcm-io/wcm/commons Low Product pom name WCM Commons High Version Manifest Bundle-Version 1.9.0 High Version pom version 1.9.0 Highest Version file version 1.9.0 High Version pom parent-version 1.9.0 Low
io.wcm.wcm.parsys-1.6.8.jarDescription:
AEM paragraph system based on path configuration in page components. License:
"The Apache Software License, Version 2.0";link="http://www.apache.org/licenses/LICENSE-2.0.txt" File Path: /home/runner/.m2/repository/io/wcm/io.wcm.wcm.parsys/1.6.8/io.wcm.wcm.parsys-1.6.8.jar
MD5: 2c33fb0139df609f7ce86fc3fcd21c5e
SHA1: 1c1f8f415dea9665a67b48dd955ab95ff4466933
SHA256: be068edb32c1b3474c0657fa4be34370591f4b6043f6752a1a99a998f6a4f03d
Referenced In Project/Scope: Sample Application:compile
Evidence Type Source Name Value Confidence Vendor pom groupid io.wcm Highest Vendor jar package name io Highest Vendor Manifest sling-namespaces wcmio=http://wcm.io/ns Medium Vendor pom url ${site.url}/${site.url.module.prefix}/ Highest Vendor Manifest sling-initial-content SLING-INF/app-root;overwrite:=true;ignoreImportProviders:=xml;path:=/apps/wcm-io/wcm/parsys Low Vendor file name io.wcm.wcm.parsys High Vendor Manifest service-component OSGI-INF/io.wcm.wcm.parsys.componentinfo.impl.AllowedComponentsProviderImpl.xml,OSGI-INF/io.wcm.wcm.parsys.componentinfo.impl.OsgiParsysConfigProvider.xml,OSGI-INF/io.wcm.wcm.parsys.componentinfo.impl.ParsysComponentsServlet.xml,OSGI-INF/io.wcm.wcm.parsys.componentinfo.impl.ParsysConfigManagerImpl.xml Low Vendor Manifest bundle-symbolicname io.wcm.wcm.parsys Medium Vendor Manifest require-capability osgi.service;filter:="(objectClass=io.wcm.wcm.commons.instancetype.InstanceTypeService)";effective:=active,osgi.service;filter:="(objectClass=io.wcm.wcm.parsys.componentinfo.AllowedComponentsProvider)";effective:=active,osgi.service;filter:="(objectClass=io.wcm.wcm.parsys.componentinfo.ParsysConfig)";effective:=active;resolution:=optional;cardinality:=multiple,osgi.service;filter:="(objectClass=io.wcm.wcm.parsys.componentinfo.ParsysConfigManager)";effective:=active,osgi.extender;filter:="(&(osgi.extender=osgi.component)(version>=1.4.0)(!(version>=2.0.0)))",osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor Manifest bundle-docurl https://wcm.io/wcm/parsys/ Low Vendor Manifest build-jdk-spec 11 Low Vendor pom name WCM Parsys High Vendor jar package name wcm Highest Vendor jar package name parsys Highest Vendor pom parent-artifactid io.wcm.wcm.parent Low Vendor Manifest provide-capability osgi.service;objectClass:List="io.wcm.wcm.parsys.componentinfo.AllowedComponentsProvider";uses:="io.wcm.wcm.parsys.componentinfo",osgi.service;objectClass:List="io.wcm.wcm.parsys.componentinfo.ParsysConfig";uses:="io.wcm.wcm.parsys.componentinfo",osgi.service;objectClass:List="io.wcm.wcm.parsys.componentinfo.ParsysConfigManager";uses:="io.wcm.wcm.parsys.componentinfo",osgi.service;objectClass:List="javax.servlet.Servlet";uses:="javax.servlet" Low Vendor pom artifactid io.wcm.wcm.parsys Low Product pom groupid io.wcm Highest Product jar package name io Highest Product Manifest sling-namespaces wcmio=http://wcm.io/ns Medium Product pom url ${site.url}/${site.url.module.prefix}/ Medium Product Manifest sling-initial-content SLING-INF/app-root;overwrite:=true;ignoreImportProviders:=xml;path:=/apps/wcm-io/wcm/parsys Low Product pom parent-artifactid io.wcm.wcm.parent Medium Product pom artifactid io.wcm.wcm.parsys Highest Product file name io.wcm.wcm.parsys High Product Manifest service-component OSGI-INF/io.wcm.wcm.parsys.componentinfo.impl.AllowedComponentsProviderImpl.xml,OSGI-INF/io.wcm.wcm.parsys.componentinfo.impl.OsgiParsysConfigProvider.xml,OSGI-INF/io.wcm.wcm.parsys.componentinfo.impl.ParsysComponentsServlet.xml,OSGI-INF/io.wcm.wcm.parsys.componentinfo.impl.ParsysConfigManagerImpl.xml Low Product Manifest bundle-symbolicname io.wcm.wcm.parsys Medium Product Manifest require-capability osgi.service;filter:="(objectClass=io.wcm.wcm.commons.instancetype.InstanceTypeService)";effective:=active,osgi.service;filter:="(objectClass=io.wcm.wcm.parsys.componentinfo.AllowedComponentsProvider)";effective:=active,osgi.service;filter:="(objectClass=io.wcm.wcm.parsys.componentinfo.ParsysConfig)";effective:=active;resolution:=optional;cardinality:=multiple,osgi.service;filter:="(objectClass=io.wcm.wcm.parsys.componentinfo.ParsysConfigManager)";effective:=active,osgi.extender;filter:="(&(osgi.extender=osgi.component)(version>=1.4.0)(!(version>=2.0.0)))",osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product Manifest bundle-docurl https://wcm.io/wcm/parsys/ Low Product Manifest build-jdk-spec 11 Low Product pom name WCM Parsys High Product jar package name wcm Highest Product Manifest Bundle-Name wcm.io WCM Parsys Medium Product jar package name parsys Highest Product Manifest provide-capability osgi.service;objectClass:List="io.wcm.wcm.parsys.componentinfo.AllowedComponentsProvider";uses:="io.wcm.wcm.parsys.componentinfo",osgi.service;objectClass:List="io.wcm.wcm.parsys.componentinfo.ParsysConfig";uses:="io.wcm.wcm.parsys.componentinfo",osgi.service;objectClass:List="io.wcm.wcm.parsys.componentinfo.ParsysConfigManager";uses:="io.wcm.wcm.parsys.componentinfo",osgi.service;objectClass:List="javax.servlet.Servlet";uses:="javax.servlet" Low Version file version 1.6.8 High Version pom parent-version 1.6.8 Low Version pom version 1.6.8 Highest Version Manifest Bundle-Version 1.6.8 High
io.wcm.wcm.parsys-1.6.8.jar: global.jsFile Path: /home/runner/.m2/repository/io/wcm/io.wcm.wcm.parsys/1.6.8/io.wcm.wcm.parsys-1.6.8.jar/SLING-INF/app-root/clientlibs/parsys.authoring.extjs/js/global.jsMD5: 22feaf33437d9e430f52783d78d6e0b8SHA1: a20eaf7409e454e272d9c5f479e4f390624b357aSHA256: c49ee76262198f98d7fca0cbbddafddbf1ce6d5c9a60f27fce502769727bc751Referenced In Project/Scope: Sample Application:compile
Evidence Type Source Name Value Confidence
io.wcm.wcm.parsys-1.6.8.jar: listeners.jsFile Path: /home/runner/.m2/repository/io/wcm/io.wcm.wcm.parsys/1.6.8/io.wcm.wcm.parsys-1.6.8.jar/SLING-INF/app-root/clientlibs/parsys.authoring.extjs/js/listeners.jsMD5: 488bae73886146c70d2a7cd80ca60ae2SHA1: 78fcd85d02a91ecc361a25b9fedf345713d8435aSHA256: 1b60000d8e4f83e3bea702a16140f4b52552861b83f5bf39d3f2a284f9ea8478Referenced In Project/Scope: Sample Application:compile
Evidence Type Source Name Value Confidence
io.wcm.wcm.parsys-1.6.8.jar: listeners.jsFile Path: /home/runner/.m2/repository/io/wcm/io.wcm.wcm.parsys/1.6.8/io.wcm.wcm.parsys-1.6.8.jar/SLING-INF/app-root/clientlibs/parsys.authoring/js/listeners.jsMD5: 80b40f8bb89bcffed757d9181e1443b9SHA1: d24bef4f3db66c83d8dbac68374e0587e1bb827dSHA256: c6ad9d747dcca0325f932a092bbb0c5e2012f7581d65226e1c82d41a793c74fcReferenced In Project/Scope: Sample Application:compile
Evidence Type Source Name Value Confidence
io.wcm.wcm.ui.clientlibs-1.2.2.jarDescription:
Extensions for AEM HTML client libraries. License:
"The Apache Software License, Version 2.0";link="http://www.apache.org/licenses/LICENSE-2.0.txt" File Path: /home/runner/.m2/repository/io/wcm/io.wcm.wcm.ui.clientlibs/1.2.2/io.wcm.wcm.ui.clientlibs-1.2.2.jar
MD5: 8de1d1110240c27385107d2bb60f67fb
SHA1: d492fb524149a6516713f30fb302cf657f41bdea
SHA256: 0cbf9502d4e3271f2517e8e40bfb425b1a4598c3794321cdf082fe8db5ee1b76
Referenced In Project/Scope: Sample Application:compile
Evidence Type Source Name Value Confidence Vendor pom groupid io.wcm Highest Vendor jar package name io Highest Vendor pom url ${site.url}/${site.url.module.prefix}/ Highest Vendor Manifest sling-initial-content SLING-INF/app-root;overwrite:=true;ignoreImportProviders:=xml;path:=/apps/wcm-io/wcm/ui/clientlibs Low Vendor pom artifactid io.wcm.wcm.ui.clientlibs Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor Manifest build-jdk-spec 11 Low Vendor jar package name ui Highest Vendor file name io.wcm.wcm.ui.clientlibs High Vendor jar package name wcm Highest Vendor pom name WCM Clientlibs UI Extensions High Vendor pom parent-artifactid io.wcm.wcm.parent Low Vendor Manifest bundle-symbolicname io.wcm.wcm.ui.clientlibs Medium Vendor Manifest bundle-docurl https://wcm.io/wcm/ui/clientlibs/ Low Product pom groupid io.wcm Highest Product jar package name io Highest Product pom url ${site.url}/${site.url.module.prefix}/ Medium Product pom parent-artifactid io.wcm.wcm.parent Medium Product Manifest sling-initial-content SLING-INF/app-root;overwrite:=true;ignoreImportProviders:=xml;path:=/apps/wcm-io/wcm/ui/clientlibs Low Product Manifest Bundle-Name wcm.io WCM Clientlibs UI Extensions Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product Manifest build-jdk-spec 11 Low Product jar package name ui Highest Product pom artifactid io.wcm.wcm.ui.clientlibs Highest Product file name io.wcm.wcm.ui.clientlibs High Product jar package name wcm Highest Product pom name WCM Clientlibs UI Extensions High Product Manifest bundle-symbolicname io.wcm.wcm.ui.clientlibs Medium Product Manifest bundle-docurl https://wcm.io/wcm/ui/clientlibs/ Low Version pom version 1.2.2 Highest Version pom parent-version 1.2.2 Low Version Manifest Bundle-Version 1.2.2 High Version file version 1.2.2 High
io.wcm.wcm.ui.granite-1.8.2.jarDescription:
Granite UI Components for AEM Touch UI. License:
"The Apache Software License, Version 2.0";link="http://www.apache.org/licenses/LICENSE-2.0.txt" File Path: /home/runner/.m2/repository/io/wcm/io.wcm.wcm.ui.granite/1.8.2/io.wcm.wcm.ui.granite-1.8.2.jar
MD5: bc05a55d23d26cca2c907988bb1556d1
SHA1: 99daf61c8f79d00e6a75176a1ad0b510f0b19624
SHA256: 8bca56150fc251039af47d803932875dbb8c5396d628ee61bebfb8aa1bab193d
Referenced In Project/Scope: Sample Application:compile
Evidence Type Source Name Value Confidence Vendor pom groupid io.wcm Highest Vendor jar package name io Highest Vendor Manifest bundle-docurl https://wcm.io/wcm/ui/granite/ Low Vendor pom url ${site.url}/${site.url.module.prefix}/ Highest Vendor Manifest require-capability osgi.service;filter:="(objectClass=com.adobe.granite.ui.components.ExpressionResolver)";effective:=active,osgi.service;filter:="(objectClass=com.day.cq.commons.predicate.PredicateProvider)";effective:=active,osgi.extender;filter:="(&(osgi.extender=osgi.component)(version>=1.4.0)(!(version>=2.0.0)))",osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor Manifest sling-initial-content SLING-INF/app-root;overwrite:=true;ignoreImportProviders:=xml;path:=/apps/wcm-io/wcm/ui/granite Low Vendor Manifest bundle-symbolicname io.wcm.wcm.ui.granite Medium Vendor Manifest build-jdk-spec 11 Low Vendor jar package name ui Highest Vendor Manifest provide-capability osgi.service;objectClass:List="com.day.cq.wcm.emulator.EmulatorProvider";uses:="com.day.cq.wcm.emulator",osgi.service;objectClass:List="javax.servlet.Servlet";uses:="javax.servlet" Low Vendor file name io.wcm.wcm.ui.granite High Vendor jar package name wcm Highest Vendor Manifest service-component OSGI-INF/io.wcm.wcm.ui.granite.emulator.impl.EmulatorProviderImpl.xml,OSGI-INF/io.wcm.wcm.ui.granite.pathfield.impl.PathFieldChildrenDatasourceServlet.xml Low Vendor pom parent-artifactid io.wcm.wcm.parent Low Vendor pom name WCM Granite UI Extensions High Vendor pom artifactid io.wcm.wcm.ui.granite Low Product pom groupid io.wcm Highest Product jar package name io Highest Product Manifest bundle-docurl https://wcm.io/wcm/ui/granite/ Low Product Manifest Bundle-Name wcm.io WCM Granite UI Extensions Medium Product pom url ${site.url}/${site.url.module.prefix}/ Medium Product Manifest require-capability osgi.service;filter:="(objectClass=com.adobe.granite.ui.components.ExpressionResolver)";effective:=active,osgi.service;filter:="(objectClass=com.day.cq.commons.predicate.PredicateProvider)";effective:=active,osgi.extender;filter:="(&(osgi.extender=osgi.component)(version>=1.4.0)(!(version>=2.0.0)))",osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product pom parent-artifactid io.wcm.wcm.parent Medium Product Manifest sling-initial-content SLING-INF/app-root;overwrite:=true;ignoreImportProviders:=xml;path:=/apps/wcm-io/wcm/ui/granite Low Product pom artifactid io.wcm.wcm.ui.granite Highest Product Manifest bundle-symbolicname io.wcm.wcm.ui.granite Medium Product Manifest build-jdk-spec 11 Low Product jar package name ui Highest Product Manifest provide-capability osgi.service;objectClass:List="com.day.cq.wcm.emulator.EmulatorProvider";uses:="com.day.cq.wcm.emulator",osgi.service;objectClass:List="javax.servlet.Servlet";uses:="javax.servlet" Low Product file name io.wcm.wcm.ui.granite High Product jar package name wcm Highest Product Manifest service-component OSGI-INF/io.wcm.wcm.ui.granite.emulator.impl.EmulatorProviderImpl.xml,OSGI-INF/io.wcm.wcm.ui.granite.pathfield.impl.PathFieldChildrenDatasourceServlet.xml Low Product pom name WCM Granite UI Extensions High Version file version 1.8.2 High Version pom parent-version 1.8.2 Low Version Manifest Bundle-Version 1.8.2 High Version pom version 1.8.2 Highest
io.wcm.wcm.ui.granite-1.8.2.jar: showhide.jsFile Path: /home/runner/.m2/repository/io/wcm/io.wcm.wcm.ui.granite/1.8.2/io.wcm.wcm.ui.granite-1.8.2.jar/SLING-INF/app-root/clientlibs/io.wcm.ui.granite.showhidedialogfields/js/showhide.jsMD5: b062f9782dd8dcf34c6ac6d7b4c9b1f8SHA1: 2640429ce3328de4e4c04b1f5feb59a701ce47aeSHA256: bda2ce9fcee197f710ac87daf2838121c69743d5a49cd843f32ecb590f6e4926Referenced In Project/Scope: Sample Application:compile
Evidence Type Source Name Value Confidence
io.wcm.wcm.ui.granite-1.8.2.jar: validation.jsFile Path: /home/runner/.m2/repository/io/wcm/io.wcm.wcm.ui.granite/1.8.2/io.wcm.wcm.ui.granite-1.8.2.jar/SLING-INF/app-root/clientlibs/io.wcm.ui.granite.validation/js/validation.jsMD5: edad5110d166c768cd7f0fd2b4013d3bSHA1: 6a28b836ec56eff5783abf566825e876cf45b8a2SHA256: e2fc0a071a292fb9b3a9c9ce4d99081930519bbb6193d01ecd6f7e6418322364Referenced In Project/Scope: Sample Application:compile
Evidence Type Source Name Value Confidence
jackson-annotations-2.8.4.jarDescription:
Core annotations used for value types, used by Jackson data binding package.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/com/fasterxml/jackson/core/jackson-annotations/2.8.4/jackson-annotations-2.8.4.jar
MD5: a6fb4d7dc1d1438e4053c6fa0459047a
SHA1: de3570327cf8d1d4f37920535c51a1f74225a6de
SHA256: 78a271fbb0899e2767231dcca81d4df4e346117441dbcafe983c173466baa5cb
Referenced In Project/Scope: Sample Application:compile
Evidence Type Source Name Value Confidence Vendor Manifest implementation-build-date 2016-10-14 03:45:33+0000 Low Vendor Manifest specification-vendor FasterXML Low Vendor pom groupid com.fasterxml.jackson.core Highest Vendor Manifest bundle-docurl http://github.com/FasterXML/jackson Low Vendor Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-annotations Medium Vendor pom parent-artifactid jackson-parent Low Vendor pom name Jackson-annotations High Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.core Medium Vendor pom groupid fasterxml.jackson.core Highest Vendor pom parent-groupid com.fasterxml.jackson Medium Vendor pom artifactid jackson-annotations Low Vendor file name jackson-annotations High Vendor Manifest Implementation-Vendor FasterXML High Vendor pom url http://github.com/FasterXML/jackson Highest Vendor jar package name fasterxml Highest Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor jar package name jackson Highest Product Manifest implementation-build-date 2016-10-14 03:45:33+0000 Low Product hint analyzer product java8 Highest Product Manifest bundle-docurl http://github.com/FasterXML/jackson Low Product pom parent-artifactid jackson-parent Medium Product Manifest specification-title Jackson-annotations Medium Product Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-annotations Medium Product pom name Jackson-annotations High Product pom artifactid jackson-annotations Highest Product Manifest Bundle-Name Jackson-annotations Medium Product pom groupid fasterxml.jackson.core Highest Product pom parent-groupid com.fasterxml.jackson Medium Product hint analyzer product modules Highest Product file name jackson-annotations High Product pom url http://github.com/FasterXML/jackson Medium Product jar package name fasterxml Highest Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product Manifest Implementation-Title Jackson-annotations High Product jar package name jackson Highest Version Manifest Implementation-Version 2.8.4 High Version pom parent-version 2.8.4 Low Version file version 2.8.4 High Version pom version 2.8.4 Highest Version Manifest Bundle-Version 2.8.4 High
Published Vulnerabilities CVE-2018-1000873 suppress
Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Modules-Java8 that can result in Causes a denial-of-service (DoS). This attack appear to be exploitable via The victim deserializes malicious input, specifically very large values in the nanoseconds field of a time value. This vulnerability appears to have been fixed in 2.9.8. CWE-20 Improper Input Validation
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions: (show all )
javax.servlet-api-3.1.0.jarDescription:
Java(TM) Servlet 3.1 API Design Specification License:
CDDL + GPLv2 with classpath exception: https://glassfish.dev.java.net/nonav/public/CDDL+GPL.html File Path: /home/runner/.m2/repository/javax/servlet/javax.servlet-api/3.1.0/javax.servlet-api-3.1.0.jar
MD5: 79de69e9f5ed8c7fcb8342585732bbf7
SHA1: 3cd63d075497751784b2fa84be59432f4905bf7c
SHA256: af456b2dd41c4e82cf54f3e743bc678973d9fe35bd4d3071fa05c7e5333b8482
Referenced In Project/Scope: Sample Application:compile
Evidence Type Source Name Value Confidence Vendor Manifest specification-vendor Oracle Corporation Low Vendor pom parent-groupid net.java Medium Vendor Manifest bundle-docurl https://glassfish.dev.java.net Low Vendor pom groupid javax.servlet Highest Vendor jar package name servlet Highest Vendor Manifest extension-name javax.servlet Medium Vendor pom organization url https://glassfish.dev.java.net Medium Vendor Manifest bundle-symbolicname javax.servlet-api Medium Vendor pom organization name GlassFish Community High Vendor file name javax.servlet-api High Vendor Manifest Implementation-Vendor GlassFish Community High Vendor pom url http://servlet-spec.java.net Highest Vendor jar package name javax Highest Vendor pom artifactid javax.servlet-api Low Vendor pom name Java Servlet API High Vendor pom parent-artifactid jvnet-parent Low Vendor Manifest Implementation-Vendor-Id org.glassfish Medium Product pom parent-groupid net.java Medium Product Manifest bundle-docurl https://glassfish.dev.java.net Low Product pom artifactid javax.servlet-api Highest Product jar package name servlet Highest Product Manifest extension-name javax.servlet Medium Product pom groupid javax.servlet Highest Product pom organization name GlassFish Community Low Product Manifest bundle-symbolicname javax.servlet-api Medium Product pom parent-artifactid jvnet-parent Medium Product Manifest Bundle-Name Java Servlet API Medium Product pom url http://servlet-spec.java.net Medium Product file name javax.servlet-api High Product pom organization url https://glassfish.dev.java.net Low Product jar package name javax Highest Product pom name Java Servlet API High Version pom version 3.1.0 Highest Version pom parent-version 3.1.0 Low Version Manifest Bundle-Version 3.1.0 High Version Manifest Implementation-Version 3.1.0 High Version file version 3.1.0 High
jcr-2.0.jarDescription:
The Content Repository API for JavaTM Technology Version 2.0 is specified by JSR-283.
This module contains the complete API as specified.
License:
Day Specification License: http://www.day.com/dam/day/downloads/jsr283/day-spec-license.htm
Day Specification License addendum: http://www.day.com/content/dam/day/downloads/jsr283/LICENSE.txt File Path: /home/runner/.m2/repository/javax/jcr/jcr/2.0/jcr-2.0.jar
MD5: ede5e78b16c8ed298ce0b6d296584ebd
SHA1: 08297216bcfe4aea369ed6ee0d1718133f752e97
SHA256: cbf083bc58cb88a0c19112187a4c52d3115f525b5bb7f2913635f5679e6e9743
Referenced In Project/Scope: Sample Application:compile
Evidence Type Source Name Value Confidence Vendor pom artifactid jcr Low Vendor pom name Content Repository for JavaTM Technology API High Vendor pom organization name Day Software High Vendor jar package name jcr Highest Vendor jar package name version Highest Vendor file name jcr High Vendor Manifest bundle-symbolicname javax.jcr Medium Vendor jar package name repository Highest Vendor pom organization url http://www.day.com Medium Vendor pom groupid javax.jcr Highest Vendor Manifest bundle-docurl http://www.jcp.org/en/jsr/detail?id=283 Low Vendor jar package name javax Highest Vendor Manifest bundle-category jcr Low Vendor pom url http://www.jcp.org/en/jsr/detail?id=283 Highest Product pom name Content Repository for JavaTM Technology API High Product jar package name jcr Highest Product jar package name version Highest Product file name jcr High Product jar package name repository Highest Product Manifest bundle-symbolicname javax.jcr Medium Product Manifest Bundle-Name Content Repository for JavaTM Technology API Medium Product pom groupid javax.jcr Highest Product pom organization url http://www.day.com Low Product Manifest bundle-docurl http://www.jcp.org/en/jsr/detail?id=283 Low Product jar package name javax Highest Product Manifest bundle-category jcr Low Product pom organization name Day Software Low Product pom url http://www.jcp.org/en/jsr/detail?id=283 Medium Product pom artifactid jcr Highest Version Manifest Bundle-Version 2.0 High Version pom version 2.0 Highest Version file version 2.0 High
jdom2-2.0.6.jarDescription:
A complete, Java-based solution for accessing, manipulating,
and outputting XML data
License:
Similar to Apache License but with the acknowledgment clause removed: https://raw.github.com/hunterhacker/jdom/master/LICENSE.txt File Path: /home/runner/.m2/repository/org/jdom/jdom2/2.0.6/jdom2-2.0.6.jar
MD5: 86a30c9b1ddc08ca155747890db423b7
SHA1: 6f14738ec2e9dd0011e343717fa624a10f8aab64
SHA256: 1345f11ba606d15603d6740551a8c21947c0215640770ec67271fe78bea97cf5
Referenced In Project/Scope: Sample Application:compile
Evidence Type Source Name Value Confidence Vendor manifest: org/jdom2/xpath/ Implementation-Vendor jdom.org Medium Vendor pom artifactid jdom2 Low Vendor manifest: org/jdom2/input/ Implementation-Vendor jdom.org Medium Vendor pom organization name JDOM High Vendor manifest: org/jdom2/filter/ Implementation-Vendor jdom.org Medium Vendor jar package name jdom2 Highest Vendor manifest: org/jdom2/adapters/ Implementation-Vendor jdom.org Medium Vendor pom name JDOM High Vendor pom url http://www.jdom.org Highest Vendor pom groupid org.jdom Highest Vendor file name jdom2 High Vendor manifest: org/jdom2/output/ Implementation-Vendor jdom.org Medium Vendor pom organization url http://www.jdom.org Medium Vendor manifest: org/jdom2/ Implementation-Vendor jdom.org Medium Vendor pom groupid jdom Highest Vendor manifest: org/jdom2/transform/ Implementation-Vendor jdom.org Medium Product manifest: org/jdom2/output/ Specification-Title JDOM Output Classes Medium Product jar package name filter Highest Product manifest: org/jdom2/input/ Specification-Title JDOM Input Classes Medium Product jar package name output Highest Product pom name JDOM High Product manifest: org/jdom2/input/ Implementation-Title org.jdom2.input Medium Product manifest: org/jdom2/filter/ Implementation-Title org.jdom2.filter Medium Product file name jdom2 High Product jar package name transform Highest Product manifest: org/jdom2/transform/ Specification-Title JDOM Transformation Classes Medium Product manifest: org/jdom2/adapters/ Specification-Title JDOM Adapter Classes Medium Product pom groupid jdom Highest Product manifest: org/jdom2/xpath/ Specification-Title JDOM XPath Classes Medium Product pom artifactid jdom2 Highest Product jar package name jdom2 Highest Product pom organization name JDOM Low Product jar package name xpath Highest Product jar package name input Highest Product manifest: org/jdom2/xpath/ Implementation-Title org.jdom2.xpath Medium Product pom organization url http://www.jdom.org Low Product jar package name adapters Highest Product manifest: org/jdom2/ Implementation-Title org.jdom2 Medium Product manifest: org/jdom2/ Specification-Title JDOM Classes Medium Product manifest: org/jdom2/transform/ Implementation-Title org.jdom2.transform Medium Product pom url http://www.jdom.org Medium Product manifest: org/jdom2/adapters/ Implementation-Title org.jdom2.adapters Medium Product manifest: org/jdom2/output/ Implementation-Title org.jdom2.output Medium Product manifest: org/jdom2/filter/ Specification-Title JDOM Filter Classes Medium Version manifest: org/jdom2/output/ Implementation-Version 2.0.6 Medium Version manifest: org/jdom2/input/ Implementation-Version 2.0.6 Medium Version manifest: org/jdom2/ Implementation-Version 2.0.6 Medium Version manifest: org/jdom2/xpath/ Implementation-Version 2.0.6 Medium Version manifest: org/jdom2/filter/ Implementation-Version 2.0.6 Medium Version manifest: org/jdom2/adapters/ Implementation-Version 2.0.6 Medium Version pom version 2.0.6 Highest Version file version 2.0.6 High Version manifest: org/jdom2/transform/ Implementation-Version 2.0.6 Medium
Related Dependencies io.wcm.handler.commons-1.4.2.jar: jdom2-2.0.6.jarFile Path: /home/runner/.m2/repository/io/wcm/io.wcm.handler.commons/1.4.2/io.wcm.handler.commons-1.4.2.jar/jdom2-2.0.6.jar MD5: 86a30c9b1ddc08ca155747890db423b7 SHA1: 6f14738ec2e9dd0011e343717fa624a10f8aab64 SHA256: 1345f11ba606d15603d6740551a8c21947c0215640770ec67271fe78bea97cf5 Published Vulnerabilities CVE-2021-33813 suppress
An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request. CWE-611 Improper Restriction of XML External Entity Reference ('XXE')
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions: (show all )
jquery-1.11.1.min.jsFile Path: /home/runner/work/wcm-io-samples/wcm-io-samples/bundles/clientlibs/src/main/webapp/clientlibs-root/wcm-io-samples.lib/js/jquery-1.11.1.min.jsMD5: 8101d596b2b8fa35fe3a634ea342d7c3SHA1: d6c1f41972de07b09bfa63d2e50f9ab41ec372bdSHA256: 540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441Referenced In Project/Scope: Sample Application Clientlibs
Evidence Type Source Name Value Confidence Vendor file name jquery High Product file name jquery High Version file version 1.11.1.min High
Published Vulnerabilities CVE-2015-9251 suppress
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:oracle:retail_workforce_management_software:1.60.9:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:* versions from (including) 8.0.5; versions up to (including) 8.0.7 cpe:2.3:a:oracle:siebel_ui_framework:18.10:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:* versions up to (excluding) 7.0.0.1 cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_workforce_management_software:1.64.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.7 cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:business_process_management_suite:11.1.1.9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:* versions from (including) 4.3.0.1; versions up to (including) 4.3.0.4 cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.0; versions up to (including) 8.0.7 cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:real-time_scheduler:2.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_invoice_matching:15.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.1; versions up to (including) 17.12 cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_management:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.6 cpe:2.3:a:oracle:webcenter_sites:11.1.1.8.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:* versions up to (excluding) 7.2 cpe:2.3:a:oracle:endeca_information_discovery_studio:3.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_allocation:15.0.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.5:*:*:*:*:*:*:* cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 3.0.0 cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 7.3.3; versions up to (including) 7.3.5 cpe:2.3:a:oracle:weblogic_server:12.2.1.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_cruise_fleet_management:9.0.11:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_interactive_session_recorder:6.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_operations_monitor:3.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:* versions up to (excluding) 6.1.0.4.0 cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_sales_audit:15.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_operations_monitor:4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:siebel_ui_framework:18.11:*:*:*:*:*:*:* cpe:2.3:a:oracle:utilities_mobile_workforce_management:2.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.6 cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_reporting_and_analytics:9.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_interactive_session_recorder:6.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_interactive_session_recorder:6.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:oss_support_tools:19.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.2:*:*:*:*:*:*:* CVE-2019-11358 suppress
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:* versions from (including) 8.0.5; versions up to (including) 8.0.7 cpe:2.3:a:oracle:application_service_level_management:13.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:real-time_scheduler:*:*:*:*:*:*:*:* versions from (including) 2.3.0.1; versions up to (including) 2.3.0.3 cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.4.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:policy_automation:10.4.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_operations_monitor:4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_unified_inventory_management:7.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.4.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.7 cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:cloudforms:4.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_de_nederlandsche_bank:8.0.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:policy_automation:12.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:knowledge:*:*:*:*:*:*:*:* versions from (including) 8.6.0; versions up to (including) 8.6.3 cpe:2.3:a:oracle:rest_data_services:12.2.0.1:*:*:*:-:*:*:* cpe:2.3:a:oracle:financial_services_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.8 cpe:2.3:a:oracle:healthcare_foundation:7.2.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.5.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper_and_adf:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_enterprise_financial_performance_analytics:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.7; versions up to (including) 17.12 cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 19.12.0; versions up to (including) 19.12.4 cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:virtualization_manager:4.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_ifrs_17_analyzer:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_retail_customer_analytics:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.6 cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.11.0; versions up to (excluding) 1.11.9 cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:transportation_management:1.4.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:diagnostic_assistant:2.12.36:*:*:*:*:*:*:* cpe:2.3:a:oracle:service_bus:11.1.1.9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.1.0 cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.0.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper_and_adf:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_service_level_management:13.2.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_central_office:14.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.0.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_retail_performance_analytics:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_testing_suite:13.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:utilities_mobile_workforce_management:*:*:*:*:*:*:*:* versions from (including) 2.3.0.1; versions up to (including) 2.3.0.3 cpe:2.3:a:oracle:banking_enterprise_collections:*:*:*:*:*:*:*:* versions from (including) 2.7.0; versions up to (including) 2.8.0 cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_us_federal_reserve:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:* cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.12.0; versions up to (excluding) 1.12.6 cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:siebel_mobile_applications:*:*:*:*:*:*:*:* versions up to (including) 19.8 cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:* cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.5.0; versions up to (excluding) 8.5.15 cpe:2.3:a:oracle:insurance_accounting_analyzer:8.0.9:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_asset_liability_management:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_gateway:15.2.18:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_point-of-service:14.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_balance_sheet_planning:8.0.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.3.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:bi_publisher:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:bi_publisher:5.5.0.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* versions up to (excluding) 19.1 cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:tape_library_acsls:8.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_simphony:18.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_operations_monitor:*:*:*:*:*:*:*:* versions from (including) 4.1; versions up to (including) 4.3 cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:system_utilities:19.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 16.2.0; versions up to (including) 16.2.11 cpe:2.3:a:oracle:insurance_ifrs_17_analyzer:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_enterprise_financial_performance_analytics:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:policy_automation:12.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 18.8.0; versions up to (including) 18.8.9 cpe:2.3:a:oracle:communications_interactive_session_recorder:*:*:*:*:*:*:*:* versions from (including) 6.0; versions up to (including) 6.4 cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:rest_data_services:12.1.0.2:*:*:*:-:*:*:* cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:* cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:* versions from (including) 3.0.0; versions up to (including) 3.9.4 cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 7.3.3; versions up to (including) 7.3.5 cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:* versions from (including) 2.4.0; versions up to (including) 2.10.0 cpe:2.3:a:oracle:tape_library_acsls:8.5.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.9 cpe:2.3:a:oracle:rest_data_services:19c:*:*:*:-:*:*:* cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.66 cpe:2.3:a:oracle:application_testing_suite:13.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.4.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.15 cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:identity_manager:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:big_data_discovery:1.6:*:*:*:*:*:*:* cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:* versions from (including) 3.0; versions up to (including) 3.1.3 cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:rest_data_services:18c:*:*:*:-:*:*:* cpe:2.3:a:oracle:hospitality_simphony:18.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_application_session_controller:3.8m0:*:*:*:*:*:*:* cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper_and_adf:11.1.1.9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_profitability_management:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:* versions from (including) 5.0.0.0; versions up to (including) 5.6.0.0 cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_retail_performance_analytics:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.15 cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:* cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0 cpe:2.3:a:oracle:communications_operations_monitor:4.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:rest_data_services:11.2.0.4:*:*:*:-:*:*:* cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 17.12.0; versions up to (including) 17.12.7 cpe:2.3:a:oracle:healthcare_translational_research:3.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_performance_insight:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_data_integration_hub:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:* cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.6.0; versions up to (excluding) 8.6.15 cpe:2.3:a:oracle:healthcare_translational_research:3.3.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:siebel_ui_framework:20.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_simphony:*:*:*:*:*:*:*:* versions from (including) 19.1.0; versions up to (including) 19.1.2 cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:* CVE-2020-11022 suppress
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0 cpe:2.3:a:oracle:financial_services_profitability_management:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.20 cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.20 cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_profitability_management:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:* cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.70 cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.9 cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8 cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_us_federal_reserve:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.9 cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8 cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.6.0.0; versions up to (including) 8.1.0.0.0 cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:* cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:* versions from (including) 3.0; versions up to (including) 3.1.3 cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.0.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_simphony:18.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8 cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0 cpe:2.3:a:oracle:communications_application_session_controller:3.8m0:*:*:*:*:*:*:* cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:netapp:max_data:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_profitability_management:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:* versions from (including) 5.0.0.0; versions up to (including) 5.6.0.0 cpe:2.3:a:oracle:insurance_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0 cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_accounting_analyzer:8.0.9:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_asset_liability_management:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8 cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.7.0; versions up to (excluding) 8.7.14 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.8.0; versions up to (excluding) 8.8.6 cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_balance_sheet_planning:8.0.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:* cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions from (including) 1.2; versions up to (excluding) 3.5.0 cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8 cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_diameter_signaling_router_idih\::*:*:*:*:*:*:*:* versions from (including) 8.0.0; versions up to (including) 8.2.2 cpe:2.3:a:oracle:hospitality_simphony:18.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_data_integration_hub:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:siebel_ui_framework:20.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_simphony:*:*:*:*:*:*:*:* versions from (including) 19.1.0; versions up to (including) 19.1.2 cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:* CVE-2020-11023 suppress
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N CVSSv3:
Base Score: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N References:
Vulnerable Software & Versions (NVD):
cpe:2.3:a:oracle:rest_data_services:18c:*:*:*:-:*:*:* cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:* cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_enterprise_collections:*:*:*:*:*:*:*:* versions from (including) 2.7.0; versions up to (including) 2.8.0 cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_interactive_session_recorder:*:*:*:*:*:*:*:* versions from (including) 6.1; versions up to (including) 6.4 cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 18.8.0; versions up to (including) 18.8.9 cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 16.2; versions up to (including) 16.2.11 cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:netapp:max_data:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_de_nederlandsche_bank:8.0.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:rest_data_services:12.2.0.1:*:*:*:-:*:*:* cpe:2.3:a:oracle:siebel_mobile:*:*:*:*:*:*:*:* versions up to (including) 20.12 cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:* versions up to (excluding) 9.2.5.0 cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions from (including) 1.0.3; versions up to (excluding) 3.5.0 cpe:2.3:a:oracle:rest_data_services:12.1.0.2:*:*:*:-:*:*:* cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:* versions up to (excluding) 9.2.5.0 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.70 cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 19.12.0; versions up to (including) 19.12.4 cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:* cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.7.0; versions up to (excluding) 8.7.14 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.8.0; versions up to (excluding) 8.8.6 cpe:2.3:a:oracle:hyperion_financial_reporting:11.1.2.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:rest_data_services:11.2.0.4:*:*:*:-:*:*:* cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:* versions from (including) 2.4.0; versions up to (including) 2.10.0 cpe:2.3:a:oracle:healthcare_translational_research:3.3.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:rest_data_services:19c:*:*:*:-:*:*:* cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 17.12.0; versions up to (including) 17.12.7 cpe:2.3:a:oracle:healthcare_translational_research:3.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_human_capital_management_resources:9.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3.1:*:*:*:*:*:*:* cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_translational_research:3.3.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:netapp:snapcenter_server:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_operations_monitor:*:*:*:*:*:*:*:* versions from (including) 4.1; versions up to (including) 4.3 cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* versions up to (excluding) 20.2 cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:* cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:* versions from (including) 3.0; versions up to (including) 3.1.3 jsp-api-2.1.jarFile Path: /home/runner/.m2/repository/javax/servlet/jsp/jsp-api/2.1/jsp-api-2.1.jarMD5: b8a34113a3a1ce29c8c60d7141f5a704SHA1: 63f943103f250ef1f3a4d5e94d145a0f961f5316SHA256: 545f4e7dc678ffb4cf8bd0fd40b4a4470a409a787c0ea7d0ad2f08d56112987bReferenced In Project/Scope: Sample Application:compile
Evidence Type Source Name Value Confidence Vendor jar package name jsp Highest Vendor pom artifactid jsp-api Low Vendor Manifest specification-vendor Sun Microsystems, Inc. Low Vendor file name jsp-api High Vendor jar package name javax Highest Vendor jar package name servlet Highest Vendor Manifest extension-name javax.servlet.jsp Medium Vendor pom groupid javax.servlet.jsp Highest Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest Implementation-Vendor Sun Microsystems, Inc. High Product jar package name jsp Highest Product pom artifactid jsp-api Highest Product file name jsp-api High Product Manifest specification-title JavaServer Pages(TM) Specification Medium Product jar package name javax Highest Product jar package name servlet Highest Product Manifest extension-name javax.servlet.jsp Medium Product pom groupid javax.servlet.jsp Highest Version Manifest Implementation-Version 2.1 High Version file version 2.1 High Version pom version 2.1 Highest
listeners.jsFile Path: /home/runner/work/wcm-io-samples/wcm-io-samples/bundles/core/src/main/webapp/app-root/clientlibs/sampleApp.authoring/js/listeners.jsMD5: 79c4ccb8dc2c5d7f0a212f3e7b22b363SHA1: 4de9e9e95eac41adfe6611cec884a21c13041d97SHA256: 30f1bd9be1c95267b2ea4840c48997389c587d0d7b709bef7a638ce2394146fbReferenced In Project/Scope: Sample Application
Evidence Type Source Name Value Confidence
navmenu.jsFile Path: /home/runner/work/wcm-io-samples/wcm-io-samples/bundles/clientlibs/src/main/webapp/clientlibs-root/wcm-io-samples.app/js/navmenu.jsMD5: 3fef5970b7487fb4e4bb4cfed31e7defSHA1: cdab1c2f503bb40a71c49ea154d9ab713ddac93dSHA256: 0ad8eaf75828f9671a49538314d20c1cbf8bb1de7b992f588a6d1eb794895747Referenced In Project/Scope: Sample Application Clientlibs
Evidence Type Source Name Value Confidence
navtabs.jsFile Path: /home/runner/work/wcm-io-samples/wcm-io-samples/bundles/clientlibs/src/main/webapp/clientlibs-root/wcm-io-samples.app/js/navtabs.jsMD5: 4182c277ecdbc8293b5c4a188c3593b5SHA1: b53a697fcafb71f2e6fe38df9d5a133dff8430a4SHA256: 64b3497682ff3b33ab563cbd97990eabb69bf65182325578eae80ea71a5b1d4aReferenced In Project/Scope: Sample Application Clientlibs
Evidence Type Source Name Value Confidence
org.apache.sling.caconfig.api-1.2.0.jarDescription:
Apache Sling Context-Aware Configuration API License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/apache/sling/org.apache.sling.caconfig.api/1.2.0/org.apache.sling.caconfig.api-1.2.0.jar
MD5: 3b596fcbc8994dc7be16fd4129ed9a62
SHA1: 2170f558665e5207fec5443cd8c48473fd97e0ab
SHA256: 9d7b17bac8f056625368f75fb091d17d2f39f1afe64d5e6b7ee49959a1bdefe7
Referenced In Project/Scope: Sample Application:compile
Evidence Type Source Name Value Confidence Vendor pom parent-groupid org.apache.sling Medium Vendor Manifest bundle-docurl http://sling.apache.org Low Vendor pom artifactid apache.sling.caconfig.api Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Vendor file name org.apache.sling.caconfig.api High Vendor jar package name apache Highest Vendor jar package name sling Highest Vendor Manifest bundle-category sling Low Vendor pom groupid apache.sling Highest Vendor jar package name caconfig Highest Vendor pom name Apache Sling Context-Aware Configuration API High Vendor pom groupid org.apache.sling Highest Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.7 Low Vendor pom parent-artifactid sling Low Vendor Manifest bundle-symbolicname org.apache.sling.caconfig.api Medium Product pom artifactid org.apache.sling.caconfig.api Highest Product pom artifactid apache.sling.caconfig.api Highest Product pom parent-groupid org.apache.sling Medium Product Manifest bundle-docurl http://sling.apache.org Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Product file name org.apache.sling.caconfig.api High Product jar package name apache Highest Product jar package name sling Highest Product pom parent-artifactid sling Medium Product Manifest bundle-category sling Low Product pom groupid apache.sling Highest Product jar package name caconfig Highest Product pom name Apache Sling Context-Aware Configuration API High Product Manifest bundle-requiredexecutionenvironment JavaSE-1.7 Low Product Manifest bundle-symbolicname org.apache.sling.caconfig.api Medium Product Manifest Bundle-Name Apache Sling Context-Aware Configuration API Medium Version Manifest Bundle-Version 1.2.0 High Version pom version 1.2.0 Highest Version file version 1.2.0 High Version pom parent-version 1.2.0 Low
Published Vulnerabilities CVE-2015-2944 suppress
Multiple cross-site scripting (XSS) vulnerabilities in Apache Sling API before 2.2.2 and Apache Sling Servlets Post before 2.1.2 allow remote attackers to inject arbitrary web script or HTML via the URI, related to (1) org/apache/sling/api/servlets/HtmlResponse and (2) org/apache/sling/servlets/post/HtmlResponse. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N References:
Vulnerable Software & Versions: (show all )
org.apache.sling.caconfig.spi-1.3.4.jarDescription:
Apache Sling Context-Aware Configuration SPI License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/apache/sling/org.apache.sling.caconfig.spi/1.3.4/org.apache.sling.caconfig.spi-1.3.4.jar
MD5: 1f407cb8ceef28e50e00e371252f9b9b
SHA1: 2b20d364304f38df04f5ec4f48c9901669e49ed5
SHA256: be1787ab74970ebbd83063b019f7a1c9172890636f1fa599607e72230f8e46d6
Referenced In Project/Scope: Sample Application:compile
Evidence Type Source Name Value Confidence Vendor pom parent-groupid org.apache.sling Medium Vendor Manifest bundle-docurl http://sling.apache.org Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Vendor Manifest bundle-symbolicname org.apache.sling.caconfig.spi Medium Vendor jar package name apache Highest Vendor jar package name sling Highest Vendor Manifest bundle-category sling Low Vendor pom groupid apache.sling Highest Vendor jar package name caconfig Highest Vendor pom groupid org.apache.sling Highest Vendor jar package name spi Highest Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.7 Low Vendor pom artifactid apache.sling.caconfig.spi Low Vendor pom name Apache Sling Context-Aware Configuration SPI High Vendor file name org.apache.sling.caconfig.spi High Vendor pom parent-artifactid sling Low Product pom parent-groupid org.apache.sling Medium Product Manifest bundle-docurl http://sling.apache.org Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Product Manifest bundle-symbolicname org.apache.sling.caconfig.spi Medium Product jar package name apache Highest Product jar package name sling Highest Product Manifest Bundle-Name Apache Sling Context-Aware Configuration SPI Medium Product pom parent-artifactid sling Medium Product Manifest bundle-category sling Low Product pom groupid apache.sling Highest Product pom artifactid org.apache.sling.caconfig.spi Highest Product jar package name caconfig Highest Product jar package name spi Highest Product Manifest bundle-requiredexecutionenvironment JavaSE-1.7 Low Product pom name Apache Sling Context-Aware Configuration SPI High Product file name org.apache.sling.caconfig.spi High Product pom artifactid apache.sling.caconfig.spi Highest Version pom parent-version 1.3.4 Low Version Manifest Bundle-Version 1.3.4 High Version pom version 1.3.4 Highest Version file version 1.3.4 High
org.apache.sling.models.api-1.3.6.jarDescription:
Apache Sling Models API License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/apache/sling/org.apache.sling.models.api/1.3.6/org.apache.sling.models.api-1.3.6.jar
MD5: 59179c4aab457dd92425da52343cf61b
SHA1: 1e7fb10171d2d79c765865bebbb0e62c7558330e
SHA256: 1fb928c890952b309a94559e76e28862c7ffe9de36e455ed2af5763595d4c926
Referenced In Project/Scope: Sample Application:compile
Evidence Type Source Name Value Confidence Vendor pom parent-groupid org.apache.sling Medium Vendor Manifest bundle-docurl http://sling.apache.org Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Vendor jar package name apache Highest Vendor pom artifactid apache.sling.models.api Low Vendor jar package name sling Highest Vendor Manifest bundle-symbolicname org.apache.sling.models.api Medium Vendor Manifest bundle-category sling Low Vendor pom groupid apache.sling Highest Vendor pom groupid org.apache.sling Highest Vendor jar package name models Highest Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.7 Low Vendor file name org.apache.sling.models.api High Vendor pom parent-artifactid sling Low Vendor pom name Apache Sling Models API High Product pom artifactid org.apache.sling.models.api Highest Product pom parent-groupid org.apache.sling Medium Product Manifest bundle-docurl http://sling.apache.org Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Product jar package name apache Highest Product Manifest Bundle-Name Apache Sling Models API Medium Product jar package name sling Highest Product Manifest bundle-symbolicname org.apache.sling.models.api Medium Product pom parent-artifactid sling Medium Product Manifest bundle-category sling Low Product pom groupid apache.sling Highest Product jar package name models Highest Product Manifest bundle-requiredexecutionenvironment JavaSE-1.7 Low Product pom artifactid apache.sling.models.api Highest Product file name org.apache.sling.models.api High Product pom name Apache Sling Models API High Version Manifest Bundle-Version 1.3.6 High Version pom version 1.3.6 Highest Version file version 1.3.6 High Version pom parent-version 1.3.6 Low
Published Vulnerabilities CVE-2015-2944 suppress
Multiple cross-site scripting (XSS) vulnerabilities in Apache Sling API before 2.2.2 and Apache Sling Servlets Post before 2.1.2 allow remote attackers to inject arbitrary web script or HTML via the URI, related to (1) org/apache/sling/api/servlets/HtmlResponse and (2) org/apache/sling/servlets/post/HtmlResponse. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N References:
Vulnerable Software & Versions: (show all )
org.osgi.framework-1.8.0.jarDescription:
OSGi Companion Code for org.osgi.framework Version 1.8.0. License:
Apache License, Version 2.0: http://opensource.org/licenses/apache2.0.php File Path: /home/runner/.m2/repository/org/osgi/org.osgi.framework/1.8.0/org.osgi.framework-1.8.0.jar
MD5: 1a40fb57099ef5530d25bc9600d509b1
SHA1: b54d03f9621136b7d9d93b5017b0a4fa490e78b0
SHA256: ec194b7871af27681716ff05259319a5c3c9b9727e8000e9e832499b93484b4e
Referenced In Project/Scope: Sample Application:compile
Evidence Type Source Name Value Confidence Vendor jar package name osgi Highest Vendor file name org.osgi.framework High Vendor Manifest bundle-symbolicname org.osgi.framework Medium Vendor jar package name framework Highest Vendor Manifest bundle-copyright Copyright (c) OSGi Alliance (2000, 2015). All Rights Reserved. Low Vendor pom organization url http://www.osgi.org/ Medium Vendor Manifest git-descriptor hudson-build.cmpn-793 Low Vendor jar package name version Highest Vendor pom url http://www.osgi.org/ Highest Vendor pom groupid org.osgi Highest Vendor pom name org.osgi:org.osgi.framework High Vendor pom groupid osgi Highest Vendor Manifest git-sha b0858c3b90a73ecc81055c7565fbbcbd4f76674e Low Vendor pom artifactid osgi.framework Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low Vendor Manifest bundle-developers osgi; email=info@osgi.org; name="OSGi Alliance"; organization="OSGi Alliance" Low Vendor pom organization name OSGi Alliance High Vendor Manifest bundle-docurl http://www.osgi.org/ Low Product jar package name osgi Highest Product file name org.osgi.framework High Product jar package name framework Highest Product Manifest bundle-symbolicname org.osgi.framework Medium Product jar package name filter Highest Product pom organization url http://www.osgi.org/ Low Product pom artifactid org.osgi.framework Highest Product Manifest bundle-copyright Copyright (c) OSGi Alliance (2000, 2015). All Rights Reserved. Low Product Manifest git-descriptor hudson-build.cmpn-793 Low Product jar package name version Highest Product pom name org.osgi:org.osgi.framework High Product pom groupid osgi Highest Product Manifest git-sha b0858c3b90a73ecc81055c7565fbbcbd4f76674e Low Product pom artifactid osgi.framework Highest Product pom url http://www.osgi.org/ Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low Product Manifest bundle-developers osgi; email=info@osgi.org; name="OSGi Alliance"; organization="OSGi Alliance" Low Product Manifest Bundle-Name org.osgi:org.osgi.framework Medium Product Manifest bundle-docurl http://www.osgi.org/ Low Product pom organization name OSGi Alliance Low Version pom version 1.8.0 Highest Version file version 1.8.0 High
org.osgi.service.cm-1.6.0.jarDescription:
OSGi Companion Code for org.osgi.service.cm Version 1.6.0 License:
Apache-2.0: http://www.apache.org/licenses/LICENSE-2.0 File Path: /home/runner/.m2/repository/org/osgi/org.osgi.service.cm/1.6.0/org.osgi.service.cm-1.6.0.jar
MD5: b0756197dc4ce853b05e686ec0df8dbf
SHA1: f0c01d6da3799107b17f894ae7920cfd6fa69da6
SHA256: c1768352603abdeb18ca160ac8c712768f88d2e418fe4c5cf50845e783154233
Referenced In Project/Scope: Sample Application:compile
Evidence Type Source Name Value Confidence Vendor jar package name osgi Highest Vendor pom artifactid osgi.service.cm Low Vendor pom url https://www.osgi.org/ Highest Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Vendor jar package name service Highest Vendor pom organization url https://www.osgi.org/ Medium Vendor jar package name cm Highest Vendor pom groupid org.osgi Highest Vendor Manifest bundle-symbolicname org.osgi.service.cm Medium Vendor Manifest git-sha ac877b9fdaa36e26adb939cf9dd425e77243f449 Low Vendor Manifest git-descriptor hudson-build.core-1432 Low Vendor pom groupid osgi Highest Vendor Manifest bundle-docurl https://www.osgi.org/ Low Vendor pom name org.osgi:org.osgi.service.cm High Vendor pom organization name OSGi Alliance High Vendor file name org.osgi.service.cm High Vendor Manifest bundle-developers osgi; email=info@osgi.org; name="OSGi Alliance"; organization="OSGi Alliance"; organizationUrl=https://www.osgi.org/ Low Vendor Manifest bundle-copyright Copyright (c) OSGi Alliance (2000, 2018). All Rights Reserved. Low Product pom artifactid org.osgi.service.cm Highest Product jar package name osgi Highest Product pom url https://www.osgi.org/ Medium Product pom artifactid osgi.service.cm Highest Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Product jar package name service Highest Product jar package name cm Highest Product Manifest bundle-symbolicname org.osgi.service.cm Medium Product Manifest git-sha ac877b9fdaa36e26adb939cf9dd425e77243f449 Low Product Manifest git-descriptor hudson-build.core-1432 Low Product Manifest Bundle-Name org.osgi:org.osgi.service.cm Medium Product pom groupid osgi Highest Product Manifest bundle-docurl https://www.osgi.org/ Low Product pom name org.osgi:org.osgi.service.cm High Product pom organization url https://www.osgi.org/ Low Product file name org.osgi.service.cm High Product Manifest bundle-developers osgi; email=info@osgi.org; name="OSGi Alliance"; organization="OSGi Alliance"; organizationUrl=https://www.osgi.org/ Low Product pom organization name OSGi Alliance Low Product Manifest bundle-copyright Copyright (c) OSGi Alliance (2000, 2018). All Rights Reserved. Low Version pom version 1.6.0 Highest Version file version 1.6.0 High
org.osgi.util.tracker-1.5.1.jarDescription:
OSGi Companion Code for org.osgi.util.tracker Version 1.5.1. License:
Apache License, Version 2.0: http://opensource.org/licenses/apache2.0.php File Path: /home/runner/.m2/repository/org/osgi/org.osgi.util.tracker/1.5.1/org.osgi.util.tracker-1.5.1.jar
MD5: fd34c8f47613e751a25aa7e627c7cc85
SHA1: 18c3821aa2e98b3e5aacf73b3833347a894a5053
SHA256: 5efad34ab9a7753dcde1415b62e6e21e4dec83dfad5a570df485c1b931c1ebed
Referenced In Project/Scope: Sample Application:compile
Evidence Type Source Name Value Confidence Vendor file name org.osgi.util.tracker High Vendor Manifest bundle-symbolicname org.osgi.util.tracker Medium Vendor jar package name osgi Highest Vendor Manifest bundle-copyright Copyright (c) OSGi Alliance (2000, 2015). All Rights Reserved. Low Vendor pom organization url http://www.osgi.org/ Medium Vendor pom name org.osgi:org.osgi.util.tracker High Vendor Manifest git-descriptor hudson-build.cmpn-793 Low Vendor pom url http://www.osgi.org/ Highest Vendor pom groupid org.osgi Highest Vendor pom groupid osgi Highest Vendor Manifest git-sha b0858c3b90a73ecc81055c7565fbbcbd4f76674e Low Vendor jar package name util Highest Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low Vendor Manifest bundle-developers osgi; email=info@osgi.org; name="OSGi Alliance"; organization="OSGi Alliance" Low Vendor pom organization name OSGi Alliance High Vendor Manifest bundle-docurl http://www.osgi.org/ Low Vendor jar package name tracker Highest Vendor pom artifactid osgi.util.tracker Low Product file name org.osgi.util.tracker High Product jar package name osgi Highest Product Manifest bundle-symbolicname org.osgi.util.tracker Medium Product pom organization url http://www.osgi.org/ Low Product Manifest bundle-copyright Copyright (c) OSGi Alliance (2000, 2015). All Rights Reserved. Low Product pom artifactid osgi.util.tracker Highest Product pom name org.osgi:org.osgi.util.tracker High Product Manifest Bundle-Name org.osgi:org.osgi.util.tracker Medium Product Manifest git-descriptor hudson-build.cmpn-793 Low Product pom groupid osgi Highest Product Manifest git-sha b0858c3b90a73ecc81055c7565fbbcbd4f76674e Low Product jar package name util Highest Product pom url http://www.osgi.org/ Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low Product Manifest bundle-developers osgi; email=info@osgi.org; name="OSGi Alliance"; organization="OSGi Alliance" Low Product pom artifactid org.osgi.util.tracker Highest Product Manifest bundle-docurl http://www.osgi.org/ Low Product jar package name tracker Highest Product pom organization name OSGi Alliance Low Version pom version 1.5.1 Highest Version file version 1.5.1 High
slf4j-api-1.7.25.jarDescription:
The slf4j API File Path: /home/runner/.m2/repository/org/slf4j/slf4j-api/1.7.25/slf4j-api-1.7.25.jarMD5: caafe376afb7086dcbee79f780394ca3SHA1: da76ca59f6a57ee3102f8f9bd9cee742973efa8aSHA256: 18c4a0095d5c1da6b817592e767bb23d29dd2f560ad74df75ff3961dbde25b79Referenced In Project/Scope: Sample Application:compile
Evidence Type Source Name Value Confidence Vendor pom parent-groupid org.slf4j Medium Vendor pom parent-artifactid slf4j-parent Low Vendor pom groupid slf4j Highest Vendor jar package name slf4j Highest Vendor Manifest bundle-symbolicname slf4j.api Medium Vendor file name slf4j-api High Vendor pom url http://www.slf4j.org Highest Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor pom groupid org.slf4j Highest Vendor pom artifactid slf4j-api Low Vendor pom name SLF4J API Module High Product pom parent-groupid org.slf4j Medium Product jar package name slf4j Highest Product Manifest bundle-symbolicname slf4j.api Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product Manifest Implementation-Title slf4j-api High Product Manifest Bundle-Name slf4j-api Medium Product pom name SLF4J API Module High Product pom artifactid slf4j-api Highest Product pom groupid slf4j Highest Product file name slf4j-api High Product pom url http://www.slf4j.org Medium Product pom parent-artifactid slf4j-parent Medium Version file version 1.7.25 High Version pom version 1.7.25 Highest Version Manifest Implementation-Version 1.7.25 High Version Manifest Bundle-Version 1.7.25 High
teaserbar.jsFile Path: /home/runner/work/wcm-io-samples/wcm-io-samples/bundles/clientlibs/src/main/webapp/clientlibs-root/wcm-io-samples.app/js/teaserbar.jsMD5: c37960085a9cd29b0d5d93848f716e16SHA1: b5edad4131950639b8e6df9696d7269dcac7c09cSHA256: e0b7851503da3359c94d2319f7c26b2241b61fa50b1e7dff71eacdba5690d1ceReferenced In Project/Scope: Sample Application Clientlibs
Evidence Type Source Name Value Confidence