Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies;
false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and
the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties,
implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided
is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever
arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
Scan Information (
show all ):
dependency-check version : 6.1.6Report Generated On : Fri, 19 Nov 2021 15:20:32 GMTDependencies Scanned : 11 (11 unique)Vulnerable Dependencies : 1 Vulnerabilities Found : 2Vulnerabilities Suppressed : 0... NVD CVE Checked : 2021-11-19T15:16:19NVD CVE Modified : 2021-11-19T15:00:02VersionCheckOn : 2021-11-19T15:16:19Summary Display:
Showing Vulnerable Dependencies (click to show all) Dependencies commons-lang3-3.6.jarDescription:
Apache Commons Lang, a package of Java utility classes for the
classes that are in java.lang's hierarchy, or are considered to be so
standard as to justify existence in java.lang.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/apache/commons/commons-lang3/3.6/commons-lang3-3.6.jar
MD5: 5d18f68b5122fd398c118df53ab4cf55
SHA1: 9d28a6b23650e8a7e9063c04588ace6cf7012c17
SHA256: 89c27f03fff18d0b06e7afd7ef25e209766df95b6c1269d6c3ebbdea48d5f284
Referenced In Project/Scope: WCM Mock Helper:compile
Evidence Type Source Name Value Confidence Vendor pom url http://commons.apache.org/proper/commons-lang/ Highest Vendor Manifest implementation-url http://commons.apache.org/proper/commons-lang/ Low Vendor pom parent-groupid org.apache.commons Medium Vendor jar package name apache Highest Vendor jar package name lang3 Highest Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Vendor jar package name commons Highest Vendor Manifest bundle-docurl http://commons.apache.org/proper/commons-lang/ Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom groupid org.apache.commons Highest Vendor Manifest automatic-module-name org.apache.commons.lang3 Medium Vendor pom groupid apache.commons Highest Vendor pom name Apache Commons Lang High Vendor pom artifactid commons-lang3 Low Vendor Manifest Implementation-Vendor-Id org.apache.commons Medium Vendor Manifest bundle-symbolicname org.apache.commons.lang3 Medium Vendor file name commons-lang3 High Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom parent-artifactid commons-parent Low Product Manifest Implementation-Title Apache Commons Lang High Product Manifest implementation-url http://commons.apache.org/proper/commons-lang/ Low Product pom parent-groupid org.apache.commons Medium Product jar package name apache Highest Product Manifest specification-title Apache Commons Lang Medium Product jar package name lang3 Highest Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Product pom parent-artifactid commons-parent Medium Product pom url http://commons.apache.org/proper/commons-lang/ Medium Product pom artifactid commons-lang3 Highest Product jar package name commons Highest Product Manifest bundle-docurl http://commons.apache.org/proper/commons-lang/ Low Product Manifest automatic-module-name org.apache.commons.lang3 Medium Product pom groupid apache.commons Highest Product pom name Apache Commons Lang High Product Manifest bundle-symbolicname org.apache.commons.lang3 Medium Product Manifest Bundle-Name Apache Commons Lang Medium Product file name commons-lang3 High Version pom parent-version 3.6 Low Version Manifest Implementation-Version 3.6 High Version file version 3.6 High Version pom version 3.6 Highest
guava-15.0.jarDescription:
Guava is a suite of core and expanded libraries that include
utility classes, google's collections, io classes, and much
much more.
Guava has two code dependencies - javax.annotation
per the JSR-305 spec and javax.inject per the JSR-330 spec.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/com/google/guava/guava/15.0/guava-15.0.jar
MD5: 2c10bb2ca3ac8b55b0e77e54a7eb3744
SHA1: ed727a8d9f247e2050281cb083f1c77b09dcb5cd
SHA256: 7a34575770eebc60a5476616e3676a6cb6f2975c78c415e2a6014ac724ba5783
Referenced In Project/Scope: WCM Mock Helper:compile
Evidence Type Source Name Value Confidence Vendor pom name Guava: Google Core Libraries for Java High Vendor Manifest bundle-symbolicname com.google.guava Medium Vendor pom parent-groupid com.google.guava Medium Vendor pom groupid com.google.guava Highest Vendor pom artifactid guava Low Vendor pom parent-artifactid guava-parent Low Vendor jar package name google Highest Vendor file name guava High Vendor pom groupid google.guava Highest Product pom name Guava: Google Core Libraries for Java High Product Manifest bundle-symbolicname com.google.guava Medium Product pom parent-groupid com.google.guava Medium Product pom parent-artifactid guava-parent Medium Product pom artifactid guava Highest Product Manifest Bundle-Name Guava: Google Core Libraries for Java Medium Product jar package name google Highest Product file name guava High Product pom groupid google.guava Highest Version pom version 15.0 Highest Version file version 15.0 High
Published Vulnerabilities CVE-2018-10237 suppress
Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable. CWE-770 Allocation of Resources Without Limits or Throttling
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H References:
CONFIRM - https://groups.google.com/d/topic/guava-announce/xqWALw4W1vs/discussion MISC - https://www.oracle.com/security-alerts/cpujan2021.html MISC - https://www.oracle.com/security-alerts/cpujul2020.html MISC - https://www.oracle.com/security-alerts/cpuoct2021.html MLIST - [activemq-gitbox] 20190530 [GitHub] [activemq-artemis] brusdev opened a new pull request #2687: ARTEMIS-2359 Upgrade to Guava 24.1 MLIST - [activemq-issues] 20190516 [jira] [Created] (AMQ-7208) Security Issue related to Guava 18.0 MLIST - [activemq-issues] 20190820 [jira] [Created] (AMQ-7279) Security Vulnerabilities in Libraries - jackson-databind-2.9.8.jar, tomcat-servlet-api-8.0.53.jar, tomcat-websocket-api-8.0.53.jar, zookeeper-3.4.6.jar, guava-18.0.jar, jetty-all-9.2.26.v20180806.jar, scala-library-2.11.0.jar MLIST - [arrow-github] 20210610 [GitHub] [arrow] projjal opened a new pull request #10501: ARROW-13032: Update guava version MLIST - [cassandra-commits] 20190612 [jira] [Assigned] (CASSANDRA-14760) CVE-2018-10237 Security vulnerability in 3.11.3 MLIST - [cxf-dev] 20200206 [GitHub] [cxf] davidkarlsen opened a new pull request #638: upgrade guava, CVE-2018-10237 MLIST - [cxf-dev] 20200206 [GitHub] [cxf] reta commented on a change in pull request #638: upgrade guava, CVE-2018-10237 MLIST - [cxf-dev] 20200211 [GitHub] [cxf] coheigea commented on a change in pull request #638: upgrade guava, CVE-2018-10237 MLIST - [cxf-dev] 20200420 [GitHub] [cxf] andrei-ivanov commented on a change in pull request #638: upgrade guava, CVE-2018-10237 MLIST - [cxf-dev] 20200420 [GitHub] [cxf] coheigea commented on a change in pull request #638: upgrade guava, CVE-2018-10237 MLIST - [cxf-dev] 20200420 [GitHub] [cxf] reta commented on a change in pull request #638: upgrade guava, CVE-2018-10237 MLIST - [drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities MLIST - [drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities MLIST - [drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities MLIST - [flink-dev] 20200806 Dependency vulnerabilities with Apache Flink 1.10.1 version MLIST - [flink-dev] 20200806 [jira] [Created] (FLINK-18841) CVE-2018-10237 and CWE-400 occurred in flink dependency MLIST - [flink-issues] 20200806 [jira] [Created] (FLINK-18841) CVE-2018-10237 and CWE-400 occurred in flink dependency MLIST - [flink-issues] 20200814 [jira] [Commented] (FLINK-18841) CVE-2018-10237 and CWE-400 occurred in flink dependency MLIST - [flink-issues] 20210212 [jira] [Closed] (FLINK-18841) CVE-2018-10237 and CWE-400 occurred in flink dependency MLIST - [flink-user] 20200806 Dependency vulnerabilities with Apache Flink 1.10.1 version MLIST - [hadoop-common-dev] 20190401 Update guava to 27.0-jre in hadoop-project MLIST - [hadoop-common-dev] 20200623 Update guava to 27.0-jre in hadoop branch-2.10 MLIST - [hadoop-hdfs-dev] 20190401 Update guava to 27.0-jre in hadoop-project MLIST - [kafka-users] 20200413 CVEs for the dependency software guava and rocksdbjni of Kafka MLIST - [lucene-issues] 20201022 [jira] [Created] (SOLR-14960) Solr-clustering is bringing in CVE-2018-10237 vulnerable guava MLIST - [lucene-issues] 20201022 [jira] [Resolved] (SOLR-14960) Solr-clustering is bringing in CVE-2018-10237 vulnerable guava MLIST - [lucene-issues] 20201022 [jira] [Updated] (SOLR-14960) Solr-clustering is bringing in CVE-2018-10237 vulnerable guava MLIST - [maven-issues] 20210122 [GitHub] [maven-indexer] akurtakov opened a new pull request #75: Remove guava dependency from indexer-core MLIST - [pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1 MLIST - [pulsar-commits] 20210406 [GitHub] [pulsar] lhotari opened a new pull request #10149: Upgrade jclouds to 2.3.0 to fix security vulnerabilities MLIST - [samza-commits] 20210310 [GitHub] [samza] Telesia opened a new pull request #1471: SAMZA-2630: Upgrade dependencies for security fixes MLIST - [storm-issues] 20210315 [jira] [Created] (STORM-3754) Upgrade Guava version because of security vulnerability MLIST - [syncope-dev] 20200423 Re: Time to cut 2.1.6 / 2.0.15? N/A - N/A OSSINDEX - [CVE-2018-10237] Deserialization of Untrusted Data REDHAT - RHSA-2018:2423 REDHAT - RHSA-2018:2424 REDHAT - RHSA-2018:2425 REDHAT - RHSA-2018:2428 REDHAT - RHSA-2018:2598 REDHAT - RHSA-2018:2643 REDHAT - RHSA-2018:2740 REDHAT - RHSA-2018:2741 REDHAT - RHSA-2018:2742 REDHAT - RHSA-2018:2743 REDHAT - RHSA-2018:2927 REDHAT - RHSA-2019:2858 REDHAT - RHSA-2019:3149 SECTRACK - 1041707 Vulnerable Software & Versions: (show all )
CVE-2020-8908 suppress
A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in question has been marked @Deprecated in versions 30.0 and later and should not be used. For Android developers, we recommend choosing a temporary directory API provided by Android, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime's java.io.tmpdir system property to point to a location whose permissions are appropriately configured. CWE-732 Incorrect Permission Assignment for Critical Resource
CVSSv2:
Base Score: LOW (2.1) Vector: /AV:L/AC:L/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: LOW (3.3) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N References:
Vulnerable Software & Versions: (show all )
io.wcm.sling.commons-1.4.0.jarDescription:
Common Sling utility and helper functions. License:
"The Apache Software License, Version 2.0";link="http://www.apache.org/licenses/LICENSE-2.0.txt" File Path: /home/runner/.m2/repository/io/wcm/io.wcm.sling.commons/1.4.0/io.wcm.sling.commons-1.4.0.jar
MD5: d62de019c010f8bc770e3779c2ef9b77
SHA1: 57bab1d2edf776d551f5c994b705add0fda569b7
SHA256: a6fcc35671f64d43f0a4253340e01655694a8e7fa60aed781410e9440dc053b2
Referenced In Project/Scope: WCM Mock Helper:compile
Evidence Type Source Name Value Confidence Vendor Manifest service-component OSGI-INF/io.wcm.sling.commons.caservice.impl.ContextAwareServiceInventoryPrinter.xml,OSGI-INF/io.wcm.sling.commons.caservice.impl.ContextAwareServiceResolverImpl.xml,OSGI-INF/io.wcm.sling.commons.request.impl.RequestContextFilterImpl.xml Low Vendor Manifest build-jdk-spec 11 Low Vendor jar package name wcm Highest Vendor pom artifactid io.wcm.sling.commons Low Vendor Manifest bundle-symbolicname io.wcm.sling.commons Medium Vendor jar package name sling Highest Vendor jar package name io Highest Vendor jar package name commons Highest Vendor Manifest require-capability osgi.service;filter:="(objectClass=io.wcm.sling.commons.caservice.ContextAwareServiceResolver)";effective:=active,osgi.service;filter:="(objectClass=io.wcm.sling.commons.caservice.PathPreprocessor)";effective:=active;resolution:=optional,osgi.extender;filter:="(&(osgi.extender=osgi.component)(version>=1.4.0)(!(version>=2.0.0)))",osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor pom groupid io.wcm Highest Vendor file name io.wcm.sling.commons High Vendor Manifest provide-capability osgi.service;objectClass:List="io.wcm.sling.commons.caservice.ContextAwareServiceResolver";uses:="io.wcm.sling.commons.caservice",osgi.service;objectClass:List="io.wcm.sling.commons.request.RequestContext,javax.servlet.Filter";uses:="io.wcm.sling.commons.request,javax.servlet",osgi.service;objectClass:List="org.apache.felix.inventory.InventoryPrinter";uses:="org.apache.felix.inventory" Low Vendor pom name Sling Commons High Vendor pom url ${site.url}/${site.url.module.prefix}/ Highest Vendor Manifest bundle-docurl https://wcm.io/sling/commons/ Low Vendor pom parent-artifactid io.wcm.sling.parent Low Product Manifest service-component OSGI-INF/io.wcm.sling.commons.caservice.impl.ContextAwareServiceInventoryPrinter.xml,OSGI-INF/io.wcm.sling.commons.caservice.impl.ContextAwareServiceResolverImpl.xml,OSGI-INF/io.wcm.sling.commons.request.impl.RequestContextFilterImpl.xml Low Product Manifest build-jdk-spec 11 Low Product jar package name wcm Highest Product Manifest bundle-symbolicname io.wcm.sling.commons Medium Product jar package name sling Highest Product pom url ${site.url}/${site.url.module.prefix}/ Medium Product jar package name io Highest Product jar package name commons Highest Product Manifest require-capability osgi.service;filter:="(objectClass=io.wcm.sling.commons.caservice.ContextAwareServiceResolver)";effective:=active,osgi.service;filter:="(objectClass=io.wcm.sling.commons.caservice.PathPreprocessor)";effective:=active;resolution:=optional,osgi.extender;filter:="(&(osgi.extender=osgi.component)(version>=1.4.0)(!(version>=2.0.0)))",osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product pom groupid io.wcm Highest Product file name io.wcm.sling.commons High Product Manifest provide-capability osgi.service;objectClass:List="io.wcm.sling.commons.caservice.ContextAwareServiceResolver";uses:="io.wcm.sling.commons.caservice",osgi.service;objectClass:List="io.wcm.sling.commons.request.RequestContext,javax.servlet.Filter";uses:="io.wcm.sling.commons.request,javax.servlet",osgi.service;objectClass:List="org.apache.felix.inventory.InventoryPrinter";uses:="org.apache.felix.inventory" Low Product pom parent-artifactid io.wcm.sling.parent Medium Product pom name Sling Commons High Product Manifest bundle-docurl https://wcm.io/sling/commons/ Low Product Manifest Bundle-Name wcm.io Sling Commons Medium Product pom artifactid io.wcm.sling.commons Highest Version Manifest Bundle-Version 1.4.0 High Version file version 1.4.0 High Version pom version 1.4.0 Highest
io.wcm.sling.models-1.6.0.jarDescription:
AEM Object Injector for Sling Models. License:
"The Apache Software License, Version 2.0";link="http://www.apache.org/licenses/LICENSE-2.0.txt" File Path: /home/runner/.m2/repository/io/wcm/io.wcm.sling.models/1.6.0/io.wcm.sling.models-1.6.0.jar
MD5: 11233d382ac989a7c00b69fe6191d0cc
SHA1: 06a9483c7502638bc25552917a20cdfb904c34bb
SHA256: eb19e7903e1cb3c9d98f9d70d68b0687c82923b70a3d6f84f435b358223c64fa
Referenced In Project/Scope: WCM Mock Helper:compile
Evidence Type Source Name Value Confidence Vendor Manifest build-jdk-spec 11 Low Vendor Manifest bundle-symbolicname io.wcm.sling.models Medium Vendor jar package name wcm Highest Vendor jar package name models Highest Vendor Manifest require-capability osgi.service;filter:="(objectClass=io.wcm.sling.commons.request.RequestContext)";effective:=active,osgi.service;filter:="(objectClass=io.wcm.sling.models.injectors.impl.ModelsImplConfiguration)";effective:=active,osgi.extender;filter:="(&(osgi.extender=osgi.component)(version>=1.4.0)(!(version>=2.0.0)))",osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor jar package name sling Highest Vendor Manifest service-component OSGI-INF/io.wcm.sling.models.injectors.impl.AemObjectInjector.xml,OSGI-INF/io.wcm.sling.models.injectors.impl.ModelsImplConfiguration.xml,OSGI-INF/io.wcm.sling.models.injectors.impl.SlingObjectOverlayInjector.xml Low Vendor jar package name io Highest Vendor pom groupid io.wcm Highest Vendor Manifest provide-capability osgi.service;objectClass:List="io.wcm.sling.models.injectors.impl.ModelsImplConfiguration";uses:="io.wcm.sling.models.injectors.impl",osgi.service;objectClass:List="org.apache.sling.models.spi.Injector,org.apache.sling.models.spi.injectorspecific.StaticInjectAnnotationProcessorFactory";uses:="org.apache.sling.models.spi,org.apache.sling.models.spi.injectorspecific" Low Vendor pom url ${site.url}/${site.url.module.prefix}/ Highest Vendor file name io.wcm.sling.models High Vendor pom name AEM Sling Models Extensions High Vendor pom parent-artifactid io.wcm.sling.parent Low Vendor Manifest bundle-docurl https://wcm.io/sling/models/ Low Vendor pom artifactid io.wcm.sling.models Low Product Manifest build-jdk-spec 11 Low Product Manifest bundle-symbolicname io.wcm.sling.models Medium Product jar package name wcm Highest Product pom artifactid io.wcm.sling.models Highest Product jar package name models Highest Product Manifest require-capability osgi.service;filter:="(objectClass=io.wcm.sling.commons.request.RequestContext)";effective:=active,osgi.service;filter:="(objectClass=io.wcm.sling.models.injectors.impl.ModelsImplConfiguration)";effective:=active,osgi.extender;filter:="(&(osgi.extender=osgi.component)(version>=1.4.0)(!(version>=2.0.0)))",osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product jar package name sling Highest Product Manifest Bundle-Name wcm.io AEM Sling Models Extensions Medium Product pom url ${site.url}/${site.url.module.prefix}/ Medium Product Manifest service-component OSGI-INF/io.wcm.sling.models.injectors.impl.AemObjectInjector.xml,OSGI-INF/io.wcm.sling.models.injectors.impl.ModelsImplConfiguration.xml,OSGI-INF/io.wcm.sling.models.injectors.impl.SlingObjectOverlayInjector.xml Low Product jar package name io Highest Product pom groupid io.wcm Highest Product pom parent-artifactid io.wcm.sling.parent Medium Product Manifest provide-capability osgi.service;objectClass:List="io.wcm.sling.models.injectors.impl.ModelsImplConfiguration";uses:="io.wcm.sling.models.injectors.impl",osgi.service;objectClass:List="org.apache.sling.models.spi.Injector,org.apache.sling.models.spi.injectorspecific.StaticInjectAnnotationProcessorFactory";uses:="org.apache.sling.models.spi,org.apache.sling.models.spi.injectorspecific" Low Product file name io.wcm.sling.models High Product pom name AEM Sling Models Extensions High Product Manifest bundle-docurl https://wcm.io/sling/models/ Low Version pom parent-version 1.6.0 Low Version Manifest Bundle-Version 1.6.0 High Version file version 1.6.0 High Version pom version 1.6.0 Highest
io.wcm.wcm.commons-1.9.0.jarDescription:
Common WCM utility and helper functions. License:
"The Apache Software License, Version 2.0";link="http://www.apache.org/licenses/LICENSE-2.0.txt" File Path: /home/runner/.m2/repository/io/wcm/io.wcm.wcm.commons/1.9.0/io.wcm.wcm.commons-1.9.0.jar
MD5: 04799632ef83b8d9295c7328d5c0b247
SHA1: 15b79398cd63bbc02ff54a04a98cc04cc0b04d1c
SHA256: 98b6e6915fbba4d4642bbf6500d590c430765a1e28279e86fb63546b24a97e98
Referenced In Project/Scope: WCM Mock Helper:compile
Evidence Type Source Name Value Confidence Vendor Manifest bundle-symbolicname io.wcm.wcm.commons Medium Vendor Manifest build-jdk-spec 11 Low Vendor pom artifactid io.wcm.wcm.commons Low Vendor jar package name wcm Highest Vendor Manifest service-component OSGI-INF/io.wcm.wcm.commons.bundleinfo.impl.BundleInfoServiceImpl.xml,OSGI-INF/io.wcm.wcm.commons.caservice.impl.WcmPathPreprocessor.xml,OSGI-INF/io.wcm.wcm.commons.component.impl.ComponentPropertyResolverFactoryImpl.xml,OSGI-INF/io.wcm.wcm.commons.instancetype.impl.InstanceTypeServiceImpl.xml Low Vendor jar package name io Highest Vendor jar package name commons Highest Vendor pom groupid io.wcm Highest Vendor pom url ${site.url}/${site.url.module.prefix}/ Highest Vendor Manifest require-capability osgi.service;filter:="(objectClass=org.apache.sling.api.resource.ResourceResolverFactory)";effective:=active,osgi.service;filter:="(objectClass=org.osgi.service.cm.ConfigurationAdmin)";effective:=active,osgi.extender;filter:="(&(osgi.extender=osgi.component)(version>=1.4.0)(!(version>=2.0.0)))",osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor pom name WCM Commons High Vendor file name io.wcm.wcm.commons High Vendor Manifest bundle-docurl https://wcm.io/wcm/commons/ Low Vendor Manifest sling-namespaces wcmio=http://wcm.io/ns Medium Vendor Manifest sling-initial-content SLING-INF/app-root;overwrite:=true;ignoreImportProviders:=xml;path:=/apps/wcm-io/wcm/commons Low Vendor pom parent-artifactid io.wcm.wcm.parent Low Vendor Manifest provide-capability osgi.service;objectClass:List="io.wcm.sling.commons.caservice.PathPreprocessor";uses:="io.wcm.sling.commons.caservice",osgi.service;objectClass:List="io.wcm.wcm.commons.bundleinfo.BundleInfoService";uses:="io.wcm.wcm.commons.bundleinfo",osgi.service;objectClass:List="io.wcm.wcm.commons.component.ComponentPropertyResolverFactory";uses:="io.wcm.wcm.commons.component",osgi.service;objectClass:List="io.wcm.wcm.commons.instancetype.InstanceTypeService";uses:="io.wcm.wcm.commons.instancetype" Low Product Manifest bundle-symbolicname io.wcm.wcm.commons Medium Product Manifest build-jdk-spec 11 Low Product pom parent-artifactid io.wcm.wcm.parent Medium Product pom artifactid io.wcm.wcm.commons Highest Product jar package name wcm Highest Product Manifest service-component OSGI-INF/io.wcm.wcm.commons.bundleinfo.impl.BundleInfoServiceImpl.xml,OSGI-INF/io.wcm.wcm.commons.caservice.impl.WcmPathPreprocessor.xml,OSGI-INF/io.wcm.wcm.commons.component.impl.ComponentPropertyResolverFactoryImpl.xml,OSGI-INF/io.wcm.wcm.commons.instancetype.impl.InstanceTypeServiceImpl.xml Low Product pom url ${site.url}/${site.url.module.prefix}/ Medium Product jar package name io Highest Product jar package name commons Highest Product Manifest Bundle-Name wcm.io WCM Commons Medium Product pom groupid io.wcm Highest Product Manifest require-capability osgi.service;filter:="(objectClass=org.apache.sling.api.resource.ResourceResolverFactory)";effective:=active,osgi.service;filter:="(objectClass=org.osgi.service.cm.ConfigurationAdmin)";effective:=active,osgi.extender;filter:="(&(osgi.extender=osgi.component)(version>=1.4.0)(!(version>=2.0.0)))",osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product pom name WCM Commons High Product file name io.wcm.wcm.commons High Product Manifest bundle-docurl https://wcm.io/wcm/commons/ Low Product Manifest sling-namespaces wcmio=http://wcm.io/ns Medium Product Manifest sling-initial-content SLING-INF/app-root;overwrite:=true;ignoreImportProviders:=xml;path:=/apps/wcm-io/wcm/commons Low Product Manifest provide-capability osgi.service;objectClass:List="io.wcm.sling.commons.caservice.PathPreprocessor";uses:="io.wcm.sling.commons.caservice",osgi.service;objectClass:List="io.wcm.wcm.commons.bundleinfo.BundleInfoService";uses:="io.wcm.wcm.commons.bundleinfo",osgi.service;objectClass:List="io.wcm.wcm.commons.component.ComponentPropertyResolverFactory";uses:="io.wcm.wcm.commons.component",osgi.service;objectClass:List="io.wcm.wcm.commons.instancetype.InstanceTypeService";uses:="io.wcm.wcm.commons.instancetype" Low Version pom parent-version 1.9.0 Low Version Manifest Bundle-Version 1.9.0 High Version file version 1.9.0 High Version pom version 1.9.0 Highest
javax.servlet-api-3.1.0.jarDescription:
Java(TM) Servlet 3.1 API Design Specification License:
CDDL + GPLv2 with classpath exception: https://glassfish.dev.java.net/nonav/public/CDDL+GPL.html File Path: /home/runner/.m2/repository/javax/servlet/javax.servlet-api/3.1.0/javax.servlet-api-3.1.0.jar
MD5: 79de69e9f5ed8c7fcb8342585732bbf7
SHA1: 3cd63d075497751784b2fa84be59432f4905bf7c
SHA256: af456b2dd41c4e82cf54f3e743bc678973d9fe35bd4d3071fa05c7e5333b8482
Referenced In Project/Scope: WCM Mock Helper:compile
Evidence Type Source Name Value Confidence Vendor Manifest Implementation-Vendor GlassFish Community High Vendor file name javax.servlet-api High Vendor pom url http://servlet-spec.java.net Highest Vendor jar package name javax Highest Vendor pom parent-artifactid jvnet-parent Low Vendor pom organization name GlassFish Community High Vendor Manifest bundle-symbolicname javax.servlet-api Medium Vendor pom groupid javax.servlet Highest Vendor pom parent-groupid net.java Medium Vendor Manifest extension-name javax.servlet Medium Vendor pom organization url https://glassfish.dev.java.net Medium Vendor Manifest specification-vendor Oracle Corporation Low Vendor Manifest Implementation-Vendor-Id org.glassfish Medium Vendor Manifest bundle-docurl https://glassfish.dev.java.net Low Vendor jar package name servlet Highest Vendor pom artifactid javax.servlet-api Low Vendor pom name Java Servlet API High Product file name javax.servlet-api High Product jar package name javax Highest Product Manifest bundle-symbolicname javax.servlet-api Medium Product pom organization name GlassFish Community Low Product pom artifactid javax.servlet-api Highest Product pom groupid javax.servlet Highest Product pom parent-groupid net.java Medium Product Manifest extension-name javax.servlet Medium Product pom parent-artifactid jvnet-parent Medium Product Manifest Bundle-Name Java Servlet API Medium Product Manifest bundle-docurl https://glassfish.dev.java.net Low Product jar package name servlet Highest Product pom organization url https://glassfish.dev.java.net Low Product pom name Java Servlet API High Product pom url http://servlet-spec.java.net Medium Version pom version 3.1.0 Highest Version file version 3.1.0 High Version pom parent-version 3.1.0 Low Version Manifest Implementation-Version 3.1.0 High Version Manifest Bundle-Version 3.1.0 High
jsp-api-2.1.jarFile Path: /home/runner/.m2/repository/javax/servlet/jsp/jsp-api/2.1/jsp-api-2.1.jarMD5: b8a34113a3a1ce29c8c60d7141f5a704SHA1: 63f943103f250ef1f3a4d5e94d145a0f961f5316SHA256: 545f4e7dc678ffb4cf8bd0fd40b4a4470a409a787c0ea7d0ad2f08d56112987bReferenced In Project/Scope: WCM Mock Helper:compile
Evidence Type Source Name Value Confidence Vendor Manifest Implementation-Vendor Sun Microsystems, Inc. High Vendor jar package name jsp Highest Vendor jar package name javax Highest Vendor jar package name servlet Highest Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest specification-vendor Sun Microsystems, Inc. Low Vendor file name jsp-api High Vendor pom groupid javax.servlet.jsp Highest Vendor Manifest extension-name javax.servlet.jsp Medium Vendor pom artifactid jsp-api Low Product jar package name jsp Highest Product pom artifactid jsp-api Highest Product jar package name javax Highest Product Manifest specification-title JavaServer Pages(TM) Specification Medium Product jar package name servlet Highest Product file name jsp-api High Product Manifest extension-name javax.servlet.jsp Medium Product pom groupid javax.servlet.jsp Highest Version Manifest Implementation-Version 2.1 High Version pom version 2.1 Highest Version file version 2.1 High
org.osgi.framework-1.8.0.jarDescription:
OSGi Companion Code for org.osgi.framework Version 1.8.0. License:
Apache License, Version 2.0: http://opensource.org/licenses/apache2.0.php File Path: /home/runner/.m2/repository/org/osgi/org.osgi.framework/1.8.0/org.osgi.framework-1.8.0.jar
MD5: 1a40fb57099ef5530d25bc9600d509b1
SHA1: b54d03f9621136b7d9d93b5017b0a4fa490e78b0
SHA256: ec194b7871af27681716ff05259319a5c3c9b9727e8000e9e832499b93484b4e
Referenced In Project/Scope: WCM Mock Helper:compile
Evidence Type Source Name Value Confidence Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low Vendor pom name org.osgi:org.osgi.framework High Vendor pom groupid osgi Highest Vendor pom artifactid osgi.framework Low Vendor jar package name version Highest Vendor Manifest bundle-symbolicname org.osgi.framework Medium Vendor Manifest bundle-copyright Copyright (c) OSGi Alliance (2000, 2015). All Rights Reserved. Low Vendor Manifest bundle-developers osgi; email=info@osgi.org; name="OSGi Alliance"; organization="OSGi Alliance" Low Vendor pom organization name OSGi Alliance High Vendor pom groupid org.osgi Highest Vendor pom url http://www.osgi.org/ Highest Vendor jar package name osgi Highest Vendor file name org.osgi.framework High Vendor pom organization url http://www.osgi.org/ Medium Vendor Manifest git-descriptor hudson-build.cmpn-793 Low Vendor jar package name framework Highest Vendor Manifest bundle-docurl http://www.osgi.org/ Low Vendor Manifest git-sha b0858c3b90a73ecc81055c7565fbbcbd4f76674e Low Product pom artifactid osgi.framework Highest Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low Product pom name org.osgi:org.osgi.framework High Product pom artifactid org.osgi.framework Highest Product pom groupid osgi Highest Product jar package name version Highest Product Manifest Bundle-Name org.osgi:org.osgi.framework Medium Product Manifest bundle-symbolicname org.osgi.framework Medium Product Manifest bundle-copyright Copyright (c) OSGi Alliance (2000, 2015). All Rights Reserved. Low Product Manifest bundle-developers osgi; email=info@osgi.org; name="OSGi Alliance"; organization="OSGi Alliance" Low Product pom organization url http://www.osgi.org/ Low Product jar package name osgi Highest Product file name org.osgi.framework High Product pom url http://www.osgi.org/ Medium Product jar package name filter Highest Product Manifest git-descriptor hudson-build.cmpn-793 Low Product pom organization name OSGi Alliance Low Product jar package name framework Highest Product Manifest bundle-docurl http://www.osgi.org/ Low Product Manifest git-sha b0858c3b90a73ecc81055c7565fbbcbd4f76674e Low Version pom version 1.8.0 Highest Version file version 1.8.0 High
org.osgi.service.cm-1.6.0.jarDescription:
OSGi Companion Code for org.osgi.service.cm Version 1.6.0 License:
Apache-2.0: http://www.apache.org/licenses/LICENSE-2.0 File Path: /home/runner/.m2/repository/org/osgi/org.osgi.service.cm/1.6.0/org.osgi.service.cm-1.6.0.jar
MD5: b0756197dc4ce853b05e686ec0df8dbf
SHA1: f0c01d6da3799107b17f894ae7920cfd6fa69da6
SHA256: c1768352603abdeb18ca160ac8c712768f88d2e418fe4c5cf50845e783154233
Referenced In Project/Scope: WCM Mock Helper:compile
Evidence Type Source Name Value Confidence Vendor Manifest git-descriptor hudson-build.core-1432 Low Vendor Manifest bundle-docurl https://www.osgi.org/ Low Vendor Manifest git-sha ac877b9fdaa36e26adb939cf9dd425e77243f449 Low Vendor pom groupid osgi Highest Vendor pom name org.osgi:org.osgi.service.cm High Vendor jar package name cm Highest Vendor pom organization name OSGi Alliance High Vendor pom groupid org.osgi Highest Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Vendor pom url https://www.osgi.org/ Highest Vendor pom organization url https://www.osgi.org/ Medium Vendor jar package name osgi Highest Vendor pom artifactid osgi.service.cm Low Vendor Manifest bundle-symbolicname org.osgi.service.cm Medium Vendor file name org.osgi.service.cm High Vendor jar package name service Highest Vendor Manifest bundle-copyright Copyright (c) OSGi Alliance (2000, 2018). All Rights Reserved. Low Vendor Manifest bundle-developers osgi; email=info@osgi.org; name="OSGi Alliance"; organization="OSGi Alliance"; organizationUrl=https://www.osgi.org/ Low Product Manifest git-descriptor hudson-build.core-1432 Low Product Manifest bundle-docurl https://www.osgi.org/ Low Product Manifest git-sha ac877b9fdaa36e26adb939cf9dd425e77243f449 Low Product pom groupid osgi Highest Product pom name org.osgi:org.osgi.service.cm High Product jar package name cm Highest Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Product pom artifactid org.osgi.service.cm Highest Product pom url https://www.osgi.org/ Medium Product jar package name osgi Highest Product pom artifactid osgi.service.cm Highest Product Manifest bundle-symbolicname org.osgi.service.cm Medium Product file name org.osgi.service.cm High Product jar package name service Highest Product pom organization name OSGi Alliance Low Product pom organization url https://www.osgi.org/ Low Product Manifest bundle-copyright Copyright (c) OSGi Alliance (2000, 2018). All Rights Reserved. Low Product Manifest Bundle-Name org.osgi:org.osgi.service.cm Medium Product Manifest bundle-developers osgi; email=info@osgi.org; name="OSGi Alliance"; organization="OSGi Alliance"; organizationUrl=https://www.osgi.org/ Low Version file version 1.6.0 High Version pom version 1.6.0 Highest
org.osgi.util.tracker-1.5.1.jarDescription:
OSGi Companion Code for org.osgi.util.tracker Version 1.5.1. License:
Apache License, Version 2.0: http://opensource.org/licenses/apache2.0.php File Path: /home/runner/.m2/repository/org/osgi/org.osgi.util.tracker/1.5.1/org.osgi.util.tracker-1.5.1.jar
MD5: fd34c8f47613e751a25aa7e627c7cc85
SHA1: 18c3821aa2e98b3e5aacf73b3833347a894a5053
SHA256: 5efad34ab9a7753dcde1415b62e6e21e4dec83dfad5a570df485c1b931c1ebed
Referenced In Project/Scope: WCM Mock Helper:compile
Evidence Type Source Name Value Confidence Vendor jar package name util Highest Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low Vendor pom artifactid osgi.util.tracker Low Vendor pom groupid osgi Highest Vendor Manifest bundle-copyright Copyright (c) OSGi Alliance (2000, 2015). All Rights Reserved. Low Vendor Manifest bundle-developers osgi; email=info@osgi.org; name="OSGi Alliance"; organization="OSGi Alliance" Low Vendor pom organization name OSGi Alliance High Vendor pom groupid org.osgi Highest Vendor pom url http://www.osgi.org/ Highest Vendor file name org.osgi.util.tracker High Vendor jar package name osgi Highest Vendor pom organization url http://www.osgi.org/ Medium Vendor Manifest git-descriptor hudson-build.cmpn-793 Low Vendor jar package name tracker Highest Vendor pom name org.osgi:org.osgi.util.tracker High Vendor Manifest bundle-docurl http://www.osgi.org/ Low Vendor Manifest bundle-symbolicname org.osgi.util.tracker Medium Vendor Manifest git-sha b0858c3b90a73ecc81055c7565fbbcbd4f76674e Low Product jar package name util Highest Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low Product pom artifactid org.osgi.util.tracker Highest Product pom groupid osgi Highest Product Manifest bundle-copyright Copyright (c) OSGi Alliance (2000, 2015). All Rights Reserved. Low Product Manifest bundle-developers osgi; email=info@osgi.org; name="OSGi Alliance"; organization="OSGi Alliance" Low Product pom organization url http://www.osgi.org/ Low Product pom artifactid osgi.util.tracker Highest Product file name org.osgi.util.tracker High Product jar package name osgi Highest Product Manifest Bundle-Name org.osgi:org.osgi.util.tracker Medium Product pom url http://www.osgi.org/ Medium Product Manifest git-descriptor hudson-build.cmpn-793 Low Product pom organization name OSGi Alliance Low Product jar package name tracker Highest Product pom name org.osgi:org.osgi.util.tracker High Product Manifest bundle-docurl http://www.osgi.org/ Low Product Manifest bundle-symbolicname org.osgi.util.tracker Medium Product Manifest git-sha b0858c3b90a73ecc81055c7565fbbcbd4f76674e Low Version file version 1.5.1 High Version pom version 1.5.1 Highest
slf4j-api-1.7.25.jarDescription:
The slf4j API File Path: /home/runner/.m2/repository/org/slf4j/slf4j-api/1.7.25/slf4j-api-1.7.25.jarMD5: caafe376afb7086dcbee79f780394ca3SHA1: da76ca59f6a57ee3102f8f9bd9cee742973efa8aSHA256: 18c4a0095d5c1da6b817592e767bb23d29dd2f560ad74df75ff3961dbde25b79Referenced In Project/Scope: WCM Mock Helper:compile
Evidence Type Source Name Value Confidence Vendor pom parent-artifactid slf4j-parent Low Vendor pom name SLF4J API Module High Vendor pom artifactid slf4j-api Low Vendor pom url http://www.slf4j.org Highest Vendor jar package name slf4j Highest Vendor Manifest bundle-symbolicname slf4j.api Medium Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor pom groupid org.slf4j Highest Vendor pom parent-groupid org.slf4j Medium Vendor file name slf4j-api High Vendor pom groupid slf4j Highest Product Manifest bundle-symbolicname slf4j.api Medium Product Manifest Implementation-Title slf4j-api High Product file name slf4j-api High Product Manifest Bundle-Name slf4j-api Medium Product pom name SLF4J API Module High Product jar package name slf4j Highest Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product pom artifactid slf4j-api Highest Product pom parent-artifactid slf4j-parent Medium Product pom parent-groupid org.slf4j Medium Product pom groupid slf4j Highest Product pom url http://www.slf4j.org Medium Version Manifest Bundle-Version 1.7.25 High Version Manifest Implementation-Version 1.7.25 High Version pom version 1.7.25 Highest Version file version 1.7.25 High