Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies;
false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and
the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties,
implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided
is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever
arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
Scan Information (
show all ):
dependency-check version : 6.1.6Report Generated On : Mon, 6 Dec 2021 15:04:38 GMTDependencies Scanned : 24 (21 unique)Vulnerable Dependencies : 2 Vulnerabilities Found : 2Vulnerabilities Suppressed : 0... NVD CVE Checked : 2021-12-06T15:04:04NVD CVE Modified : 2021-12-06T13:00:01VersionCheckOn : 2021-12-06T15:04:04Summary Display:
Showing Vulnerable Dependencies (click to show all) Dependencies commons-codec-1.10.jarDescription:
The Apache Commons Codec package contains simple encoder and decoders for
various formats such as Base64 and Hexadecimal. In addition to these
widely used encoders and decoders, the codec package also maintains a
collection of phonetic encoding utilities.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/commons-codec/commons-codec/1.10/commons-codec-1.10.jar
MD5: 353cf6a2bdba09595ccfa073b78c7fcb
SHA1: 4b95f4897fa13f2cd904aee711aeafc0c5295cd8
SHA256: 4241dfa94e711d435f29a4604a3e2de5c4aa3c165e23bd066be6fc1fc4309569
Referenced In Project/Scope: CRX Package Manager Helper:compile
Evidence Type Source Name Value Confidence Vendor jar package name apache Highest Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor file name commons-codec High Vendor jar package name commons Highest Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor Manifest implementation-build trunk@r1637108; 2014-11-06 14:14:12+0000 Low Vendor pom groupid commons-codec Highest Vendor pom artifactid commons-codec Low Vendor Manifest bundle-docurl http://commons.apache.org/proper/commons-codec/ Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom parent-groupid org.apache.commons Medium Vendor Manifest bundle-symbolicname org.apache.commons.codec Medium Vendor pom parent-artifactid commons-parent Low Vendor jar package name codec Highest Vendor pom url http://commons.apache.org/proper/commons-codec/ Highest Vendor jar package name encoder Highest Vendor pom name Apache Commons Codec High Vendor Manifest Implementation-Vendor-Id org.apache Medium Product jar package name apache Highest Product file name commons-codec High Product jar package name commons Highest Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product Manifest implementation-build trunk@r1637108; 2014-11-06 14:14:12+0000 Low Product pom groupid commons-codec Highest Product Manifest bundle-docurl http://commons.apache.org/proper/commons-codec/ Low Product pom parent-groupid org.apache.commons Medium Product Manifest Implementation-Title Apache Commons Codec High Product Manifest bundle-symbolicname org.apache.commons.codec Medium Product Manifest specification-title Apache Commons Codec Medium Product pom artifactid commons-codec Highest Product jar package name codec Highest Product pom parent-artifactid commons-parent Medium Product jar package name encoder Highest Product pom name Apache Commons Codec High Product pom url http://commons.apache.org/proper/commons-codec/ Medium Product Manifest Bundle-Name Apache Commons Codec Medium Version pom version 1.10 Highest Version Manifest Implementation-Version 1.10 High Version pom parent-version 1.10 Low Version file version 1.10 High
commons-compress-1.21.jarDescription:
Apache Commons Compress software defines an API for working with
compression and archive formats. These include: bzip2, gzip, pack200,
lzma, xz, Snappy, traditional Unix Compress, DEFLATE, DEFLATE64, LZ4,
Brotli, Zstandard and ar, cpio, jar, tar, zip, dump, 7z, arj.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/apache/commons/commons-compress/1.21/commons-compress-1.21.jar
MD5: 2a713d10331bc4e13459a3dc0463f16f
SHA1: 4ec95b60d4e86b5c95a0e919cb172a0af98011ef
SHA256: 6aecfd5459728a595601cfa07258d131972ffc39b492eb48bdd596577a2f244a
Referenced In Project/Scope: CRX Package Manager Helper:compile
Evidence Type Source Name Value Confidence Vendor Manifest bundle-docurl https://commons.apache.org/proper/commons-compress/ Low Vendor jar package name apache Highest Vendor pom name Apache Commons Compress High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor jar package name commons Highest Vendor pom url https://commons.apache.org/proper/commons-compress/ Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom parent-groupid org.apache.commons Medium Vendor jar package name compress Highest Vendor pom artifactid commons-compress Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor pom parent-artifactid commons-parent Low Vendor pom groupid org.apache.commons Highest Vendor file name commons-compress High Vendor Manifest implementation-build UNKNOWN@r60e3d9f6bef1e431f8738e881c051d706f81e6cf; 2021-07-09 16:56:00+0000 Low Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest automatic-module-name org.apache.commons.compress Medium Vendor Manifest bundle-symbolicname org.apache.commons.commons-compress Medium Vendor Manifest extension-name org.apache.commons.compress Medium Vendor pom groupid apache.commons Highest Product Manifest bundle-docurl https://commons.apache.org/proper/commons-compress/ Low Product jar package name apache Highest Product pom name Apache Commons Compress High Product pom artifactid commons-compress Highest Product jar package name commons Highest Product Manifest build-jdk-spec 1.8 Low Product pom parent-groupid org.apache.commons Medium Product jar package name compress Highest Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product file name commons-compress High Product Manifest Bundle-Name Apache Commons Compress Medium Product Manifest Implementation-Title Apache Commons Compress High Product pom parent-artifactid commons-parent Medium Product pom url https://commons.apache.org/proper/commons-compress/ Medium Product Manifest specification-title Apache Commons Compress Medium Product Manifest implementation-build UNKNOWN@r60e3d9f6bef1e431f8738e881c051d706f81e6cf; 2021-07-09 16:56:00+0000 Low Product Manifest automatic-module-name org.apache.commons.compress Medium Product Manifest bundle-symbolicname org.apache.commons.commons-compress Medium Product Manifest extension-name org.apache.commons.compress Medium Product pom groupid apache.commons Highest Version pom version 1.21 Highest Version Manifest Implementation-Version 1.21 High Version pom parent-version 1.21 Low Version file version 1.21 High
commons-io-2.5.jarDescription:
The Apache Commons IO library contains utility classes, stream implementations, file filters,
file comparators, endian transformation classes, and much more.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/commons-io/commons-io/2.5/commons-io-2.5.jar
MD5: e2d74794fba570ec2115fb9d5b05dc9b
SHA1: 2852e6e05fbb95076fc091f6d1780f1f8fe35e0f
SHA256: a10418348d234968600ccb1d988efcbbd08716e1d96936ccc1880e7d22513474
Referenced In Project/Scope: CRX Package Manager Helper:compile
Evidence Type Source Name Value Confidence Vendor pom groupid commons-io Highest Vendor jar package name apache Highest Vendor file name commons-io High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor Manifest implementation-build tags/commons-io-2.5@r1739098; 2016-04-14 09:19:54-0400 Low Vendor pom name Apache Commons IO High Vendor jar package name commons Highest Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom artifactid commons-io Low Vendor pom parent-groupid org.apache.commons Medium Vendor jar package name io Highest Vendor Manifest implementation-url http://commons.apache.org/proper/commons-io/ Low Vendor pom url http://commons.apache.org/proper/commons-io/ Highest Vendor pom parent-artifactid commons-parent Low Vendor Manifest bundle-symbolicname org.apache.commons.io Medium Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest bundle-docurl http://commons.apache.org/proper/commons-io/ Low Product jar package name apache Highest Product pom groupid commons-io Highest Product file name commons-io High Product pom url http://commons.apache.org/proper/commons-io/ Medium Product Manifest implementation-build tags/commons-io-2.5@r1739098; 2016-04-14 09:19:54-0400 Low Product pom name Apache Commons IO High Product jar package name commons Highest Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product pom parent-groupid org.apache.commons Medium Product jar package name io Highest Product Manifest specification-title Apache Commons IO Medium Product pom artifactid commons-io Highest Product Manifest implementation-url http://commons.apache.org/proper/commons-io/ Low Product Manifest Implementation-Title Apache Commons IO High Product pom parent-artifactid commons-parent Medium Product Manifest bundle-symbolicname org.apache.commons.io Medium Product Manifest bundle-docurl http://commons.apache.org/proper/commons-io/ Low Product Manifest Bundle-Name Apache Commons IO Medium Version file version 2.5 High Version pom parent-version 2.5 Low Version pom version 2.5 Highest Version Manifest Implementation-Version 2.5 High
Published Vulnerabilities CVE-2021-29425 suppress
In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value. CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSSv2:
Base Score: MEDIUM (5.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N CVSSv3:
Base Score: MEDIUM (4.8) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N References:
Vulnerable Software & Versions: (show all )
commons-lang3-3.6.jarDescription:
Apache Commons Lang, a package of Java utility classes for the
classes that are in java.lang's hierarchy, or are considered to be so
standard as to justify existence in java.lang.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/apache/commons/commons-lang3/3.6/commons-lang3-3.6.jar
MD5: 5d18f68b5122fd398c118df53ab4cf55
SHA1: 9d28a6b23650e8a7e9063c04588ace6cf7012c17
SHA256: 89c27f03fff18d0b06e7afd7ef25e209766df95b6c1269d6c3ebbdea48d5f284
Referenced In Project/Scope: CRX Package Manager Helper:compile
Evidence Type Source Name Value Confidence Vendor jar package name apache Highest Vendor Manifest automatic-module-name org.apache.commons.lang3 Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor Manifest bundle-docurl http://commons.apache.org/proper/commons-lang/ Low Vendor pom url http://commons.apache.org/proper/commons-lang/ Highest Vendor jar package name commons Highest Vendor Manifest bundle-symbolicname org.apache.commons.lang3 Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom parent-groupid org.apache.commons Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Vendor pom artifactid commons-lang3 Low Vendor jar package name lang3 Highest Vendor pom parent-artifactid commons-parent Low Vendor pom groupid org.apache.commons Highest Vendor Manifest implementation-url http://commons.apache.org/proper/commons-lang/ Low Vendor Manifest Implementation-Vendor-Id org.apache.commons Medium Vendor file name commons-lang3 High Vendor pom name Apache Commons Lang High Vendor pom groupid apache.commons Highest Product jar package name apache Highest Product Manifest Bundle-Name Apache Commons Lang Medium Product Manifest automatic-module-name org.apache.commons.lang3 Medium Product Manifest bundle-docurl http://commons.apache.org/proper/commons-lang/ Low Product jar package name commons Highest Product Manifest bundle-symbolicname org.apache.commons.lang3 Medium Product pom artifactid commons-lang3 Highest Product pom parent-groupid org.apache.commons Medium Product Manifest Implementation-Title Apache Commons Lang High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Product Manifest specification-title Apache Commons Lang Medium Product jar package name lang3 Highest Product Manifest implementation-url http://commons.apache.org/proper/commons-lang/ Low Product pom parent-artifactid commons-parent Medium Product pom url http://commons.apache.org/proper/commons-lang/ Medium Product file name commons-lang3 High Product pom name Apache Commons Lang High Product pom groupid apache.commons Highest Version pom parent-version 3.6 Low Version file version 3.6 High Version Manifest Implementation-Version 3.6 High Version pom version 3.6 Highest
commons-logging-1.2.jarDescription:
Apache Commons Logging is a thin adapter allowing configurable bridging to other,
well known logging systems. License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/commons-logging/commons-logging/1.2/commons-logging-1.2.jar
MD5: 040b4b4d8eac886f6b4a2a3bd2f31b00
SHA1: 4bfc12adfe4842bf07b657f0369c4cb522955686
SHA256: daddea1ea0be0f56978ab3006b8ac92834afeefbd9b7e4e6316fca57df0fa636
Referenced In Project/Scope: CRX Package Manager Helper:compile
Evidence Type Source Name Value Confidence Vendor pom name Apache Commons Logging High Vendor jar package name apache Highest Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor jar package name commons Highest Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom parent-groupid org.apache.commons Medium Vendor jar package name logging Highest Vendor Manifest bundle-docurl http://commons.apache.org/proper/commons-logging/ Low Vendor pom artifactid commons-logging Low Vendor Manifest bundle-symbolicname org.apache.commons.logging Medium Vendor pom parent-artifactid commons-parent Low Vendor pom url http://commons.apache.org/proper/commons-logging/ Highest Vendor pom groupid commons-logging Highest Vendor Manifest implementation-build tags/LOGGING_1_2_RC2@r1608092; 2014-07-05 20:11:44+0200 Low Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor file name commons-logging High Product pom name Apache Commons Logging High Product jar package name apache Highest Product jar package name commons Highest Product Manifest specification-title Apache Commons Logging Medium Product pom artifactid commons-logging Highest Product pom parent-groupid org.apache.commons Medium Product jar package name logging Highest Product Manifest Bundle-Name Apache Commons Logging Medium Product Manifest bundle-docurl http://commons.apache.org/proper/commons-logging/ Low Product pom url http://commons.apache.org/proper/commons-logging/ Medium Product Manifest bundle-symbolicname org.apache.commons.logging Medium Product Manifest Implementation-Title Apache Commons Logging High Product pom parent-artifactid commons-parent Medium Product pom groupid commons-logging Highest Product Manifest implementation-build tags/LOGGING_1_2_RC2@r1608092; 2014-07-05 20:11:44+0200 Low Product file name commons-logging High Version file version 1.2 High Version pom parent-version 1.2 Low Version pom version 1.2 Highest Version Manifest Implementation-Version 1.2 High
httpclient-4.5.13.jarDescription:
Apache HttpComponents Client
File Path: /home/runner/.m2/repository/org/apache/httpcomponents/httpclient/4.5.13/httpclient-4.5.13.jarMD5: 40d6b9075fbd28fa10292a45a0db9457SHA1: e5f6cae5ca7ecaac1ec2827a9e2d65ae2869cadaSHA256: 6fe9026a566c6a5001608cf3fc32196641f6c1e5e1986d1037ccdbd5f31ef743Referenced In Project/Scope: CRX Package Manager Helper:compile
Evidence Type Source Name Value Confidence Vendor jar package name apache Highest Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom parent-artifactid httpcomponents-client Low Vendor file name httpclient High Vendor pom groupid apache.httpcomponents Highest Vendor pom name Apache HttpClient High Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor jar package name client Highest Vendor Manifest Implementation-Vendor-Id org.apache.httpcomponents Medium Vendor pom url http://hc.apache.org/httpcomponents-client Highest Vendor jar package name httpclient Highest Vendor Manifest automatic-module-name org.apache.httpcomponents.httpclient Medium Vendor pom groupid org.apache.httpcomponents Highest Vendor pom parent-groupid org.apache.httpcomponents Medium Vendor pom artifactid httpclient Low Vendor Manifest implementation-url http://hc.apache.org/httpcomponents-client Low Product pom url http://hc.apache.org/httpcomponents-client Medium Product jar package name apache Highest Product file name httpclient High Product pom groupid apache.httpcomponents Highest Product pom name Apache HttpClient High Product jar package name client Highest Product pom artifactid httpclient Highest Product jar package name httpclient Highest Product Manifest automatic-module-name org.apache.httpcomponents.httpclient Medium Product Manifest specification-title Apache HttpClient Medium Product pom parent-artifactid httpcomponents-client Medium Product Manifest Implementation-Title Apache HttpClient High Product pom parent-groupid org.apache.httpcomponents Medium Product Manifest implementation-url http://hc.apache.org/httpcomponents-client Low Product jar package name http Highest Version Manifest Implementation-Version 4.5.13 High Version pom version 4.5.13 Highest Version file version 4.5.13 High
httpcore-4.4.14.jarDescription:
Apache HttpComponents Core (blocking I/O)
File Path: /home/runner/.m2/repository/org/apache/httpcomponents/httpcore/4.4.14/httpcore-4.4.14.jarMD5: 2b3991eda121042765a5ee299556c200SHA1: 9dd1a631c082d92ecd4bd8fd4cf55026c720a8c1SHA256: f956209e450cb1d0c51776dfbd23e53e9dd8db9a1298ed62b70bf0944ba63b28Referenced In Project/Scope: CRX Package Manager Helper:compile
Evidence Type Source Name Value Confidence Vendor jar package name apache Highest Vendor Manifest implementation-url http://hc.apache.org/httpcomponents-core-ga Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom parent-artifactid httpcomponents-core Low Vendor pom groupid apache.httpcomponents Highest Vendor pom name Apache HttpCore High Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest automatic-module-name org.apache.httpcomponents.httpcore Medium Vendor pom artifactid httpcore Low Vendor pom url http://hc.apache.org/httpcomponents-core-ga Highest Vendor Manifest implementation-build ${scmBranch}@r${buildNumber}; 2020-11-26 19:07:01+0000 Low Vendor file name httpcore High Vendor pom groupid org.apache.httpcomponents Highest Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor pom parent-groupid org.apache.httpcomponents Medium Vendor Manifest url http://hc.apache.org/httpcomponents-core-ga Low Product pom url http://hc.apache.org/httpcomponents-core-ga Medium Product jar package name apache Highest Product Manifest implementation-url http://hc.apache.org/httpcomponents-core-ga Low Product Manifest specification-title HttpComponents Apache HttpCore Medium Product pom groupid apache.httpcomponents Highest Product pom name Apache HttpCore High Product pom artifactid httpcore Highest Product Manifest automatic-module-name org.apache.httpcomponents.httpcore Medium Product Manifest implementation-build ${scmBranch}@r${buildNumber}; 2020-11-26 19:07:01+0000 Low Product file name httpcore High Product Manifest Implementation-Title HttpComponents Apache HttpCore High Product pom parent-artifactid httpcomponents-core Medium Product pom parent-groupid org.apache.httpcomponents Medium Product Manifest url http://hc.apache.org/httpcomponents-core-ga Low Product jar package name http Highest Version file version 4.4.14 High Version pom version 4.4.14 Highest Version Manifest Implementation-Version 4.4.14 High
httpmime-4.5.13.jarDescription:
Apache HttpComponents HttpClient - MIME coded entities
File Path: /home/runner/.m2/repository/org/apache/httpcomponents/httpmime/4.5.13/httpmime-4.5.13.jarMD5: 3f0c1ef2c9dc47b62b780192f54b0c18SHA1: efc110bad4a0d45cda7858e6beee1d8a8313da5aSHA256: 06e754d99245b98dcc2860dcb43d20e737d650da2bf2077a105f68accbd5c5ccReferenced In Project/Scope: CRX Package Manager Helper:compile
Evidence Type Source Name Value Confidence Vendor Manifest automatic-module-name org.apache.httpcomponents.httpmime Medium Vendor jar package name apache Highest Vendor file name httpmime High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom parent-artifactid httpcomponents-client Low Vendor jar package name mime Highest Vendor pom groupid apache.httpcomponents Highest Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom name Apache HttpClient Mime High Vendor pom artifactid httpmime Low Vendor Manifest Implementation-Vendor-Id org.apache.httpcomponents Medium Vendor pom url http://hc.apache.org/httpcomponents-client Highest Vendor pom groupid org.apache.httpcomponents Highest Vendor pom parent-groupid org.apache.httpcomponents Medium Vendor Manifest implementation-url http://hc.apache.org/httpcomponents-client Low Product Manifest automatic-module-name org.apache.httpcomponents.httpmime Medium Product pom url http://hc.apache.org/httpcomponents-client Medium Product jar package name apache Highest Product file name httpmime High Product jar package name mime Highest Product pom groupid apache.httpcomponents Highest Product pom name Apache HttpClient Mime High Product pom artifactid httpmime Highest Product Manifest Implementation-Title Apache HttpClient Mime High Product pom parent-artifactid httpcomponents-client Medium Product pom parent-groupid org.apache.httpcomponents Medium Product Manifest specification-title Apache HttpClient Mime Medium Product Manifest implementation-url http://hc.apache.org/httpcomponents-client Low Product jar package name http Highest Version Manifest Implementation-Version 4.5.13 High Version pom version 4.5.13 Highest Version file version 4.5.13 High
jackrabbit-api-2.19.3.jarDescription:
Jackrabbit-specific extensions to the JCR API License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/apache/jackrabbit/jackrabbit-api/2.19.3/jackrabbit-api-2.19.3.jar
MD5: 70fa2dc7695900e62e96aea2792f3a3a
SHA1: 8503de04a71ea05b680692d47bfe8a185ec5f4d0
SHA256: 045be6c97e17c771bbe885d6d0308722bb540b5bf693322a96aadb976de7aa5a
Referenced In Project/Scope: CRX Package Manager Helper:compile
Evidence Type Source Name Value Confidence Vendor jar package name jackrabbit Highest Vendor jar package name apache Highest Vendor pom groupid org.apache.jackrabbit Highest Vendor pom artifactid jackrabbit-api Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor Manifest bundle-docurl http://jackrabbit.apache.org Low Vendor pom parent-groupid org.apache.jackrabbit Medium Vendor pom name Apache Jackrabbit API High Vendor pom groupid apache.jackrabbit Highest Vendor Manifest bundle-symbolicname org.apache.jackrabbit.jackrabbit-api Medium Vendor jar package name api Highest Vendor file name jackrabbit-api High Vendor pom parent-artifactid jackrabbit-parent Low Product jar package name jackrabbit Highest Product jar package name apache Highest Product Manifest Bundle-Name Apache Jackrabbit API Medium Product pom artifactid jackrabbit-api Highest Product pom parent-artifactid jackrabbit-parent Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product Manifest bundle-docurl http://jackrabbit.apache.org Low Product pom parent-groupid org.apache.jackrabbit Medium Product pom name Apache Jackrabbit API High Product pom groupid apache.jackrabbit Highest Product Manifest bundle-symbolicname org.apache.jackrabbit.jackrabbit-api Medium Product jar package name api Highest Product file name jackrabbit-api High Version pom version 2.19.3 Highest Version Manifest Bundle-Version 2.19.3 High Version file version 2.19.3 High
Related Dependencies jackrabbit-jcr-commons-2.19.3.jarFile Path: /home/runner/.m2/repository/org/apache/jackrabbit/jackrabbit-jcr-commons/2.19.3/jackrabbit-jcr-commons-2.19.3.jar MD5: 3236148da9598a0b316192554aa4ed3e SHA1: 36f2ceb4dbcab8e1e188174361cab2908483e642 SHA256: da14b6310c764b81e608361c92e1eba67913684376cd5378b24e2cdbd5d44446 pkg:maven/org.apache.jackrabbit/jackrabbit-jcr-commons@2.19.3 jaxen-1.1.6.jarDescription:
Jaxen is a universal Java XPath engine. License:
http://jaxen.codehaus.org/license.html File Path: /home/runner/.m2/repository/jaxen/jaxen/1.1.6/jaxen-1.1.6.jar
MD5: a140517286b56eea981e188dcc3a13f6
SHA1: 3f8c36d9a0578e8e98f030c662b69888b1430ac0
SHA256: 5ac9c74bbb3964b34a886ba6b1b6c0b0dc3ebeebc1dc4a44942a76634490b3eb
Referenced In Project/Scope: CRX Package Manager Helper:compile
Evidence Type Source Name Value Confidence Vendor file name jaxen High Vendor Manifest bundle-symbolicname jaxen Medium Vendor Manifest bundle-docurl http://codehaus.org Low Vendor pom name jaxen High Vendor pom url http://jaxen.codehaus.org/ Highest Vendor jar package name jaxen Highest Vendor jar package name xpath Highest Vendor pom organization url http://codehaus.org Medium Vendor pom artifactid jaxen Low Vendor pom organization name Codehaus High Vendor pom groupid jaxen Highest Product Manifest bundle-symbolicname jaxen Medium Product pom url http://jaxen.codehaus.org/ Medium Product pom name jaxen High Product jar package name jaxen Highest Product jar package name xpath Highest Product pom organization url http://codehaus.org Low Product pom groupid jaxen Highest Product Manifest Bundle-Name jaxen Medium Product file name jaxen High Product Manifest bundle-docurl http://codehaus.org Low Product pom organization name Codehaus Low Product pom artifactid jaxen Highest Version pom version 1.1.6 Highest Version Manifest Bundle-Version 1.1.6 High Version file version 1.1.6 High
jcr-2.0.jarDescription:
The Content Repository API for JavaTM Technology Version 2.0 is specified by JSR-283.
This module contains the complete API as specified.
License:
Day Specification License: http://www.day.com/dam/day/downloads/jsr283/day-spec-license.htm
Day Specification License addendum: http://www.day.com/content/dam/day/downloads/jsr283/LICENSE.txt File Path: /home/runner/.m2/repository/javax/jcr/jcr/2.0/jcr-2.0.jar
MD5: ede5e78b16c8ed298ce0b6d296584ebd
SHA1: 08297216bcfe4aea369ed6ee0d1718133f752e97
SHA256: cbf083bc58cb88a0c19112187a4c52d3115f525b5bb7f2913635f5679e6e9743
Referenced In Project/Scope: CRX Package Manager Helper:compile
Evidence Type Source Name Value Confidence Vendor file name jcr High Vendor jar package name javax Highest Vendor pom groupid javax.jcr Highest Vendor pom artifactid jcr Low Vendor jar package name repository Highest Vendor jar package name version Highest Vendor Manifest bundle-category jcr Low Vendor Manifest bundle-docurl http://www.jcp.org/en/jsr/detail?id=283 Low Vendor pom organization name Day Software High Vendor pom organization url http://www.day.com Medium Vendor pom name Content Repository for JavaTM Technology API High Vendor pom url http://www.jcp.org/en/jsr/detail?id=283 Highest Vendor Manifest bundle-symbolicname javax.jcr Medium Vendor jar package name jcr Highest Product file name jcr High Product jar package name javax Highest Product pom groupid javax.jcr Highest Product jar package name repository Highest Product jar package name version Highest Product Manifest bundle-category jcr Low Product Manifest bundle-docurl http://www.jcp.org/en/jsr/detail?id=283 Low Product pom url http://www.jcp.org/en/jsr/detail?id=283 Medium Product pom artifactid jcr Highest Product pom organization url http://www.day.com Low Product pom organization name Day Software Low Product pom name Content Repository for JavaTM Technology API High Product Manifest bundle-symbolicname javax.jcr Medium Product jar package name jcr Highest Product Manifest Bundle-Name Content Repository for JavaTM Technology API Medium Version pom version 2.0 Highest Version Manifest Bundle-Version 2.0 High Version file version 2.0 High
jdom2-2.0.6.jarDescription:
A complete, Java-based solution for accessing, manipulating,
and outputting XML data
License:
Similar to Apache License but with the acknowledgment clause removed: https://raw.github.com/hunterhacker/jdom/master/LICENSE.txt File Path: /home/runner/.m2/repository/org/jdom/jdom2/2.0.6/jdom2-2.0.6.jar
MD5: 86a30c9b1ddc08ca155747890db423b7
SHA1: 6f14738ec2e9dd0011e343717fa624a10f8aab64
SHA256: 1345f11ba606d15603d6740551a8c21947c0215640770ec67271fe78bea97cf5
Referenced In Project/Scope: CRX Package Manager Helper:compile
Evidence Type Source Name Value Confidence Vendor pom artifactid jdom2 Low Vendor manifest: org/jdom2/filter/ Implementation-Vendor jdom.org Medium Vendor pom url http://www.jdom.org Highest Vendor file name jdom2 High Vendor manifest: org/jdom2/ Implementation-Vendor jdom.org Medium Vendor manifest: org/jdom2/xpath/ Implementation-Vendor jdom.org Medium Vendor manifest: org/jdom2/adapters/ Implementation-Vendor jdom.org Medium Vendor manifest: org/jdom2/input/ Implementation-Vendor jdom.org Medium Vendor pom groupid jdom Highest Vendor pom organization name JDOM High Vendor manifest: org/jdom2/transform/ Implementation-Vendor jdom.org Medium Vendor pom organization url http://www.jdom.org Medium Vendor pom name JDOM High Vendor manifest: org/jdom2/output/ Implementation-Vendor jdom.org Medium Vendor pom groupid org.jdom Highest Vendor jar package name jdom2 Highest Product file name jdom2 High Product manifest: org/jdom2/output/ Specification-Title JDOM Output Classes Medium Product manifest: org/jdom2/transform/ Specification-Title JDOM Transformation Classes Medium Product jar package name transform Highest Product jar package name output Highest Product manifest: org/jdom2/filter/ Specification-Title JDOM Filter Classes Medium Product pom groupid jdom Highest Product manifest: org/jdom2/ Implementation-Title org.jdom2 Medium Product pom url http://www.jdom.org Medium Product manifest: org/jdom2/adapters/ Implementation-Title org.jdom2.adapters Medium Product manifest: org/jdom2/ Specification-Title JDOM Classes Medium Product pom name JDOM High Product jar package name adapters Highest Product manifest: org/jdom2/adapters/ Specification-Title JDOM Adapter Classes Medium Product jar package name jdom2 Highest Product pom organization name JDOM Low Product manifest: org/jdom2/xpath/ Specification-Title JDOM XPath Classes Medium Product manifest: org/jdom2/output/ Implementation-Title org.jdom2.output Medium Product jar package name input Highest Product jar package name xpath Highest Product manifest: org/jdom2/transform/ Implementation-Title org.jdom2.transform Medium Product pom artifactid jdom2 Highest Product manifest: org/jdom2/input/ Specification-Title JDOM Input Classes Medium Product manifest: org/jdom2/input/ Implementation-Title org.jdom2.input Medium Product pom organization url http://www.jdom.org Low Product manifest: org/jdom2/xpath/ Implementation-Title org.jdom2.xpath Medium Product jar package name filter Highest Product manifest: org/jdom2/filter/ Implementation-Title org.jdom2.filter Medium Version pom version 2.0.6 Highest Version manifest: org/jdom2/input/ Implementation-Version 2.0.6 Medium Version manifest: org/jdom2/filter/ Implementation-Version 2.0.6 Medium Version manifest: org/jdom2/adapters/ Implementation-Version 2.0.6 Medium Version manifest: org/jdom2/ Implementation-Version 2.0.6 Medium Version manifest: org/jdom2/xpath/ Implementation-Version 2.0.6 Medium Version manifest: org/jdom2/output/ Implementation-Version 2.0.6 Medium Version manifest: org/jdom2/transform/ Implementation-Version 2.0.6 Medium Version file version 2.0.6 High
Published Vulnerabilities CVE-2021-33813 suppress
An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request. CWE-611 Improper Restriction of XML External Entity Reference ('XXE')
CVSSv2:
Base Score: MEDIUM (5.0) Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H References:
Vulnerable Software & Versions: (show all )
json-20140107.jarDescription:
JSON is a light-weight, language independent, data interchange format.
See http://www.JSON.org/
The files in this package implement JSON encoders/decoders in Java.
It also includes the capability to convert between JSON and XML, HTTP
headers, Cookies, and CDL.
This is a reference implementation. There is a large number of JSON packages
in Java. Perhaps someday the Java community will standardize on one. Until
then, choose carefully.
The license includes this restriction: "The software shall be used for good,
not evil." If your conscience cannot live with that, then choose a different
package.
The package compiles on Java 1.2 thru Java 1.4.
License:
The JSON License: http://json.org/license.html File Path: /home/runner/.m2/repository/org/json/json/20140107/json-20140107.jar
MD5: 8ca2437d3dbbaa2e76195adedfd901f4
SHA1: d1ffca6e2482b002702c6a576166fd685e3370e3
SHA256: 8e5aa0a368bee60347b5a4ad861d9f68c7793f60deeea89efd449eb70d5ae622
Referenced In Project/Scope: CRX Package Manager Helper:compile
Evidence Type Source Name Value Confidence Vendor jar package name cdl Highest Vendor pom name JSON in Java High Vendor pom groupid org.json Highest Vendor jar package name json Highest Vendor pom url douglascrockford/JSON-java Highest Vendor pom artifactid json Low Vendor jar package name json Low Vendor file name json-20140107 High Vendor jar package name xml Highest Vendor pom groupid json Highest Vendor jar package name http Highest Product jar package name cdl Highest Product pom name JSON in Java High Product pom url douglascrockford/JSON-java High Product jar package name json Highest Product pom artifactid json Highest Product file name json-20140107 High Product jar package name xml Highest Product pom groupid json Highest Product jar package name http Highest Version file version 20140107 Medium Version pom version 20140107 Highest
maven-artifact-3.8.1.jarFile Path: /home/runner/.m2/repository/org/apache/maven/maven-artifact/3.8.1/maven-artifact-3.8.1.jarMD5: 6f07d7c18fb630df205d8175fe37b74eSHA1: 114a2dd16c4c568bf0ca57719b83f2685dcc5734SHA256: 9dbd3db15ac4816471e72981cb06ef90f3ffa8be6628dddf7135f7bd69bee0c0Referenced In Project/Scope: CRX Package Manager Helper:compile
Evidence Type Source Name Value Confidence Vendor jar package name apache Highest Vendor pom parent-artifactid maven Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor Manifest build-jdk-spec 1.8 Low Vendor pom name Maven Artifact High Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor jar package name maven Highest Vendor pom groupid apache.maven Highest Vendor jar package name artifact Highest Vendor pom groupid org.apache.maven Highest Vendor pom artifactid maven-artifact Low Vendor file name maven-artifact High Vendor pom parent-groupid org.apache.maven Medium Product jar package name apache Highest Product Manifest build-jdk-spec 1.8 Low Product pom name Maven Artifact High Product jar package name maven Highest Product Manifest specification-title Maven Artifact Medium Product pom groupid apache.maven Highest Product pom artifactid maven-artifact Highest Product jar package name artifact Highest Product Manifest Implementation-Title Maven Artifact High Product file name maven-artifact High Product pom parent-groupid org.apache.maven Medium Product pom parent-artifactid maven Medium Version file version 3.8.1 High Version Manifest Implementation-Version 3.8.1 High Version pom version 3.8.1 Highest
org.apache.jackrabbit.vault-3.5.6.jarDescription:
The core classes of Apache Jackrabbit FileVault License:
"Apache License, Version 2.0";link="https://www.apache.org/licenses/LICENSE-2.0.txt" File Path: /home/runner/.m2/repository/org/apache/jackrabbit/vault/org.apache.jackrabbit.vault/3.5.6/org.apache.jackrabbit.vault-3.5.6.jar
MD5: 7311cb5a35268eb640213d16658cefa1
SHA1: 936eb3333d7389aa59b635669ad8867643c9eda2
SHA256: 961bb956259edfc3cb08766d88e1508573613b6f085e5b98cb7710caf49df761
Referenced In Project/Scope: CRX Package Manager Helper:compile
Evidence Type Source Name Value Confidence Vendor jar package name jackrabbit Highest Vendor jar package name apache Highest Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor Manifest bundle-symbolicname org.apache.jackrabbit.vault Medium Vendor pom parent-groupid org.apache.jackrabbit.vault Medium Vendor pom groupid org.apache.jackrabbit.vault Highest Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest require-capability osgi.service;filter:="(objectClass=org.apache.jackrabbit.vault.packaging.events.PackageEventListener)";effective:=active;resolution:=optional;cardinality:=multiple,osgi.service;filter:="(objectClass=org.apache.jackrabbit.vault.packaging.events.impl.PackageEventDispatcher)";effective:=active,osgi.service;filter:="(objectClass=org.apache.jackrabbit.vault.packaging.registry.PackageRegistry)";effective:=active;resolution:=optional;cardinality:=multiple,osgi.service;filter:="(objectClass=org.apache.sling.jcr.api.SlingRepository)";effective:=active;resolution:=optional,osgi.extender;filter:="(&(osgi.extender=osgi.component)(version>=1.4.0)(!(version>=2.0.0)))",osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor pom groupid apache.jackrabbit.vault Highest Vendor pom parent-artifactid parent Low Vendor Manifest bundle-docurl https://jackrabbit.apache.org/filevault/ Low Vendor Manifest service-component OSGI-INF/org.apache.jackrabbit.vault.packaging.events.impl.PackageEventDispatcherImpl.xml,OSGI-INF/org.apache.jackrabbit.vault.packaging.impl.ActivityLog.xml,OSGI-INF/org.apache.jackrabbit.vault.packaging.impl.PackageManagerMBeanImpl.xml,OSGI-INF/org.apache.jackrabbit.vault.packaging.impl.PackagingImpl.xml,OSGI-INF/org.apache.jackrabbit.vault.packaging.registry.impl.FSPackageRegistry.xml Low Vendor Manifest build-jdk-spec 11 Low Vendor pom name Apache Jackrabbit FileVault Core Bundle High Vendor Manifest provide-capability osgi.service;objectClass:List="javax.management.DynamicMBean";uses:="javax.management",osgi.service;objectClass:List="org.apache.jackrabbit.vault.packaging.Packaging";uses:="org.apache.jackrabbit.vault.packaging",osgi.service;objectClass:List="org.apache.jackrabbit.vault.packaging.events.PackageEventListener";uses:="org.apache.jackrabbit.vault.packaging.events",osgi.service;objectClass:List="org.apache.jackrabbit.vault.packaging.events.impl.PackageEventDispatcher";uses:="org.apache.jackrabbit.vault.packaging.events.impl",osgi.service;objectClass:List="org.apache.jackrabbit.vault.packaging.registry.PackageRegistry";uses:="org.apache.jackrabbit.vault.packaging.registry" Low Vendor Manifest bundle-category jackrabbit Low Vendor file name org.apache.jackrabbit.vault High Vendor jar package name vault Highest Vendor pom artifactid apache.jackrabbit.vault Low Product jar package name apache Highest Product pom parent-artifactid parent Medium Product pom artifactid apache.jackrabbit.vault Highest Product pom groupid apache.jackrabbit.vault Highest Product jar package name xml Highest Product Manifest bundle-docurl https://jackrabbit.apache.org/filevault/ Low Product Manifest service-component OSGI-INF/org.apache.jackrabbit.vault.packaging.events.impl.PackageEventDispatcherImpl.xml,OSGI-INF/org.apache.jackrabbit.vault.packaging.impl.ActivityLog.xml,OSGI-INF/org.apache.jackrabbit.vault.packaging.impl.PackageManagerMBeanImpl.xml,OSGI-INF/org.apache.jackrabbit.vault.packaging.impl.PackagingImpl.xml,OSGI-INF/org.apache.jackrabbit.vault.packaging.registry.impl.FSPackageRegistry.xml Low Product pom artifactid org.apache.jackrabbit.vault Highest Product pom name Apache Jackrabbit FileVault Core Bundle High Product Manifest provide-capability osgi.service;objectClass:List="javax.management.DynamicMBean";uses:="javax.management",osgi.service;objectClass:List="org.apache.jackrabbit.vault.packaging.Packaging";uses:="org.apache.jackrabbit.vault.packaging",osgi.service;objectClass:List="org.apache.jackrabbit.vault.packaging.events.PackageEventListener";uses:="org.apache.jackrabbit.vault.packaging.events",osgi.service;objectClass:List="org.apache.jackrabbit.vault.packaging.events.impl.PackageEventDispatcher";uses:="org.apache.jackrabbit.vault.packaging.events.impl",osgi.service;objectClass:List="org.apache.jackrabbit.vault.packaging.registry.PackageRegistry";uses:="org.apache.jackrabbit.vault.packaging.registry" Low Product file name org.apache.jackrabbit.vault High Product jar package name vault Highest Product Manifest Bundle-Name Apache Jackrabbit FileVault Core Bundle Medium Product jar package name jackrabbit Highest Product Manifest specification-title Apache Jackrabbit FileVault Core Bundle Medium Product Manifest bundle-symbolicname org.apache.jackrabbit.vault Medium Product pom parent-groupid org.apache.jackrabbit.vault Medium Product jar package name osgi Highest Product Manifest require-capability osgi.service;filter:="(objectClass=org.apache.jackrabbit.vault.packaging.events.PackageEventListener)";effective:=active;resolution:=optional;cardinality:=multiple,osgi.service;filter:="(objectClass=org.apache.jackrabbit.vault.packaging.events.impl.PackageEventDispatcher)";effective:=active,osgi.service;filter:="(objectClass=org.apache.jackrabbit.vault.packaging.registry.PackageRegistry)";effective:=active;resolution:=optional;cardinality:=multiple,osgi.service;filter:="(objectClass=org.apache.sling.jcr.api.SlingRepository)";effective:=active;resolution:=optional,osgi.extender;filter:="(&(osgi.extender=osgi.component)(version>=1.4.0)(!(version>=2.0.0)))",osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product jar package name packaging Highest Product Manifest Implementation-Title Apache Jackrabbit FileVault Core Bundle High Product Manifest build-jdk-spec 11 Low Product Manifest bundle-category jackrabbit Low Product jar package name api Highest Version Manifest Implementation-Version 3.5.6 High Version file version 3.5.6 High Version pom version 3.5.6 Highest Version Manifest Bundle-Version 3.5.6 High
plexus-utils-3.2.1.jarDescription:
A collection of various utility classes to ease working with strings, files, command lines, XML and
more.
File Path: /home/runner/.m2/repository/org/codehaus/plexus/plexus-utils/3.2.1/plexus-utils-3.2.1.jarMD5: a1b7cb2baeae4bb4c3a016417d5d3cb0SHA1: 13b015768e0d04849d2794e4c47eb02d01a0de32SHA256: 8d07b497bb8deb167ee5329cae87ef2043833bf52e4f15a5a9379cec447a5b2bReferenced In Project/Scope: CRX Package Manager Helper:compile
Evidence Type Source Name Value Confidence Vendor jar package name codehaus Low Vendor jar package name plexus Low Vendor pom parent-groupid org.codehaus.plexus Medium Vendor pom artifactid plexus-utils Low Vendor jar package name xml Highest Vendor pom groupid org.codehaus.plexus Highest Vendor jar package name util Low Vendor pom groupid codehaus.plexus Highest Vendor jar package name plexus Highest Vendor jar package name codehaus Highest Vendor pom name Plexus Common Utilities High Vendor pom parent-artifactid plexus Low Vendor file name plexus-utils High Product jar package name plexus Low Product jar package name util Low Product pom groupid codehaus.plexus Highest Product jar package name plexus Highest Product jar package name codehaus Highest Product pom name Plexus Common Utilities High Product pom artifactid plexus-utils Highest Product pom parent-artifactid plexus Medium Product pom parent-groupid org.codehaus.plexus Medium Product jar package name xml Highest Product file name plexus-utils High Version file version 3.2.1 High Version pom parent-version 3.2.1 Low Version pom version 3.2.1 Highest
stax2-api-4.2.jarDescription:
tax2 API is an extension to basic Stax 1.0 API that adds significant new functionality, such as full-featured bi-direction validation interface and high-performance Typed Access API.
License:
The BSD License: http://www.opensource.org/licenses/bsd-license.php File Path: /home/runner/.m2/repository/org/codehaus/woodstox/stax2-api/4.2/stax2-api-4.2.jar
MD5: 5d22fe6dbb276d1fd6dab40c386a4f0a
SHA1: 13c2b30926bca0429c704c4b4ca0b5d0432b69cd
SHA256: badf6081a0bb526fd2c01951dfefad91b6846b6dd0eb0048587e30d1dd334e68
Referenced In Project/Scope: CRX Package Manager Helper:compile
Evidence Type Source Name Value Confidence Vendor Manifest specification-vendor fasterxml.com Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor jar package name typed Highest Vendor Manifest bundle-symbolicname stax2-api Medium Vendor Manifest bundle-docurl http://github.com/FasterXML/stax2-api Low Vendor Manifest Implementation-Vendor fasterxml.com High Vendor pom organization url http://fasterxml.com Medium Vendor pom name Stax2 API High Vendor pom url http://github.com/FasterXML/stax2-api Highest Vendor jar package name stax2 Highest Vendor Manifest implementation-build-date 2019-03-13 04:03:16+0000 Low Vendor pom parent-groupid com.fasterxml Medium Vendor pom groupid org.codehaus.woodstox Highest Vendor pom organization name fasterxml.com High Vendor jar package name codehaus Highest Vendor pom artifactid stax2-api Low Vendor Manifest Implementation-Vendor-Id org.codehaus.woodstox Medium Vendor jar package name validation Highest Vendor pom parent-artifactid oss-parent Low Vendor file name stax2-api High Vendor Manifest automatic-module-name org.codehaus.stax2 Medium Vendor pom groupid codehaus.woodstox Highest Product pom organization url http://fasterxml.com Low Product pom artifactid stax2-api Highest Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product jar package name typed Highest Product Manifest bundle-symbolicname stax2-api Medium Product Manifest bundle-docurl http://github.com/FasterXML/stax2-api Low Product pom name Stax2 API High Product jar package name stax2 Highest Product Manifest specification-title Stax2 API Medium Product jar package name osgi Highest Product Manifest implementation-build-date 2019-03-13 04:03:16+0000 Low Product pom parent-groupid com.fasterxml Medium Product pom url http://github.com/FasterXML/stax2-api Medium Product pom parent-artifactid oss-parent Medium Product Manifest Bundle-Name Stax2 API Medium Product jar package name codehaus Highest Product pom organization name fasterxml.com Low Product jar package name validation Highest Product file name stax2-api High Product Manifest Implementation-Title Stax2 API High Product Manifest automatic-module-name org.codehaus.stax2 Medium Product pom groupid codehaus.woodstox Highest Version pom version 4.2 Highest Version file version 4.2 High Version Manifest Implementation-Version 4.2 High Version pom parent-version 4.2 Low
txw2-2.3.2.jarDescription:
TXW is a library that allows you to write XML documents.
File Path: /home/runner/.m2/repository/org/glassfish/jaxb/txw2/2.3.2/txw2-2.3.2.jarMD5: 3f278f148c5d27dc608c25cb7d093b94SHA1: ce5be7da2e442c25ec14c766cb60cb802741727bSHA256: 4a6a9f483388d461b81aa9a28c685b8b74c0597993bf1884b04eddbca95f48feReferenced In Project/Scope: CRX Package Manager Helper:compile
Evidence Type Source Name Value Confidence Vendor jar package name txw2 Highest Vendor pom groupid org.glassfish.jaxb Highest Vendor Manifest git-revision ae93d95 Low Vendor pom parent-artifactid jaxb-txw-parent Low Vendor pom name TXW2 Runtime High Vendor file name txw2 High Vendor jar package name sun Highest Vendor jar package name xml Highest Vendor pom groupid glassfish.jaxb Highest Vendor Manifest Implementation-Vendor-Id com.oracle Medium Vendor pom artifactid txw2 Low Vendor pom parent-groupid com.sun.xml.bind.mvn Medium Vendor Manifest (hint) Implementation-Vendor sun High Vendor Manifest Implementation-Vendor Oracle High Vendor jar (hint) package name oracle Highest Vendor jar package name txw Highest Product pom artifactid txw2 Highest Product jar package name txw2 Highest Product Manifest specification-title Java Architecture for XML Binding Medium Product Manifest git-revision ae93d95 Low Product pom name TXW2 Runtime High Product file name txw2 High Product jar package name xml Highest Product jar package name sun Highest Product pom groupid glassfish.jaxb Highest Product pom parent-artifactid jaxb-txw-parent Medium Product pom parent-groupid com.sun.xml.bind.mvn Medium Product Manifest Implementation-Title TXW Runtime High Product jar package name txw Highest Version pom version 2.3.2 Highest Version Manifest Implementation-Version 2.3.2 High Version Manifest build-id 2.3.2 Medium Version file version 2.3.2 High Version Manifest major-version 2.3.2 Medium
woodstox-core-6.1.1.jarDescription:
Woodstox is a high-performance XML processor that
implements Stax (JSR-173), SAX2 and Stax2 APIs
License:
The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/com/fasterxml/woodstox/woodstox-core/6.1.1/woodstox-core-6.1.1.jar
MD5: 992e39013de489a1373f14b7e153f9da
SHA1: 989bb31963ed1758b95c7c4381a91592a9a8df61
SHA256: f250662a245570fdd49c6916c1c3cd3d6511a8e5cd0d7460e989844b1d66ed67
Referenced In Project/Scope: CRX Package Manager Helper:compile
Evidence Type Source Name Value Confidence Vendor Manifest specification-vendor FasterXML Low Vendor Manifest Implementation-Vendor FasterXML High Vendor pom name Woodstox High Vendor pom url FasterXML/woodstox Highest Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor pom organization url http://fasterxml.com Medium Vendor Manifest bundle-docurl https://github.com/FasterXML/woodstox Low Vendor pom groupid com.fasterxml.woodstox Highest Vendor pom parent-groupid com.fasterxml Medium Vendor file name woodstox-core High Vendor Manifest bundle-symbolicname com.fasterxml.woodstox.woodstox-core Medium Vendor pom artifactid woodstox-core Low Vendor pom organization name FasterXML High Vendor jar package name stax Highest Vendor pom parent-artifactid oss-parent Low Vendor Manifest implementation-build-date 2020-02-28 02:50:45+0000 Low Vendor pom groupid fasterxml.woodstox Highest Vendor Manifest Implementation-Vendor-Id com.fasterxml.woodstox Medium Product pom organization url http://fasterxml.com Low Product pom name Woodstox High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product Manifest bundle-docurl https://github.com/FasterXML/woodstox Low Product jar package name osgi Highest Product pom parent-groupid com.fasterxml Medium Product pom url FasterXML/woodstox High Product pom parent-artifactid oss-parent Medium Product pom artifactid woodstox-core Highest Product file name woodstox-core High Product Manifest Bundle-Name Woodstox Medium Product pom organization name FasterXML Low Product Manifest bundle-symbolicname com.fasterxml.woodstox.woodstox-core Medium Product jar package name stax Highest Product Manifest specification-title Woodstox Medium Product Manifest implementation-build-date 2020-02-28 02:50:45+0000 Low Product Manifest Implementation-Title Woodstox High Product pom groupid fasterxml.woodstox Highest Version Manifest Implementation-Version 6.1.1 High Version Manifest Bundle-Version 6.1.1 High Version pom version 6.1.1 Highest Version pom parent-version 6.1.1 Low Version file version 6.1.1 High
woodstox-core-6.1.1.jar (shaded: com.sun.xml.bind.jaxb:isorelax:20090621)Description:
Unknown version of isorelax library used in JAXB project File Path: /home/runner/.m2/repository/com/fasterxml/woodstox/woodstox-core/6.1.1/woodstox-core-6.1.1.jar/META-INF/maven/com.sun.xml.bind.jaxb/isorelax/pom.xmlMD5: 6fbb4bc95fbf2072bc6e3b790553fe81SHA1: 314ec72948d5c1fc71d553cbbd7a130caa6f9f13SHA256: cda6451d0231a973352b592ff950e39224ba6ba1a2f35eeab66511b5c225dff1Referenced In Project/Scope: CRX Package Manager Helper:compile
Evidence Type Source Name Value Confidence Vendor pom groupid sun.xml.bind.jaxb Highest Vendor pom artifactid isorelax Low Vendor pom name JAXB isorelax library High Vendor pom parent-groupid net.java Medium Vendor pom parent-artifactid jvnet-parent Low Product pom groupid sun.xml.bind.jaxb Highest Product pom name JAXB isorelax library High Product pom parent-groupid net.java Medium Product pom artifactid isorelax Highest Product pom parent-artifactid jvnet-parent Medium Version pom parent-version 20090621 Low Version pom version 20090621 Highest
Related Dependencies org.apache.jackrabbit.vault-3.5.6.jar (shaded: com.sun.xml.bind.jaxb:isorelax:20090621)File Path: /home/runner/.m2/repository/org/apache/jackrabbit/vault/org.apache.jackrabbit.vault/3.5.6/org.apache.jackrabbit.vault-3.5.6.jar/META-INF/maven/com.sun.xml.bind.jaxb/isorelax/pom.xml MD5: 6fbb4bc95fbf2072bc6e3b790553fe81 SHA1: 314ec72948d5c1fc71d553cbbd7a130caa6f9f13 SHA256: cda6451d0231a973352b592ff950e39224ba6ba1a2f35eeab66511b5c225dff1 pkg:maven/com.sun.xml.bind.jaxb/isorelax@20090621 woodstox-core-6.1.1.jar (shaded: net.java.dev.msv:xsdlib:2013.6.1)Description:
XML Schema datatypes library File Path: /home/runner/.m2/repository/com/fasterxml/woodstox/woodstox-core/6.1.1/woodstox-core-6.1.1.jar/META-INF/maven/net.java.dev.msv/xsdlib/pom.xmlMD5: aaf872ed9d1aabee25e03c2a132ffd8eSHA1: 47f218a999411ed028f089d59ebef8f14e0fe914SHA256: d6e83c124436049d83238fc532a26c5d8ccd7e4ab10eba6d96043c850ac82f3cReferenced In Project/Scope: CRX Package Manager Helper:compile
Evidence Type Source Name Value Confidence Vendor pom parent-artifactid msv Low Vendor pom name MSV XML Schema Library High Vendor pom artifactid xsdlib Low Vendor pom groupid net.java.dev.msv Highest Product pom name MSV XML Schema Library High Product pom parent-artifactid msv Medium Product pom artifactid xsdlib Highest Product pom groupid net.java.dev.msv Highest Version pom version 2013.6.1 Highest
Related Dependencies org.apache.jackrabbit.vault-3.5.6.jar (shaded: net.java.dev.msv:xsdlib:2013.6.1)File Path: /home/runner/.m2/repository/org/apache/jackrabbit/vault/org.apache.jackrabbit.vault/3.5.6/org.apache.jackrabbit.vault-3.5.6.jar/META-INF/maven/net.java.dev.msv/xsdlib/pom.xml MD5: aaf872ed9d1aabee25e03c2a132ffd8e SHA1: 47f218a999411ed028f089d59ebef8f14e0fe914 SHA256: d6e83c124436049d83238fc532a26c5d8ccd7e4ab10eba6d96043c850ac82f3c pkg:maven/net.java.dev.msv/xsdlib@2013.6.1