Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies;
false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and
the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties,
implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided
is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever
arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
Scan Information (
show all ):
dependency-check version : 6.1.6Report Generated On : Tue, 23 Nov 2021 19:41:03 GMTDependencies Scanned : 10 (10 unique)Vulnerable Dependencies : 1 Vulnerabilities Found : 2Vulnerabilities Suppressed : 0... NVD CVE Checked : 2021-11-23T19:40:53NVD CVE Modified : 2021-11-23T19:00:02VersionCheckOn : 2021-11-23T19:40:53Summary Display:
Showing Vulnerable Dependencies (click to show all) Dependencies Description:
Apache Commons Lang, a package of Java utility classes for the
classes that are in java.lang's hierarchy, or are considered to be so
standard as to justify existence in java.lang.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/apache/commons/commons-lang3/3.6/commons-lang3-3.6.jar
MD5: 5d18f68b5122fd398c118df53ab4cf55
SHA1: 9d28a6b23650e8a7e9063c04588ace6cf7012c17
SHA256: 89c27f03fff18d0b06e7afd7ef25e209766df95b6c1269d6c3ebbdea48d5f284
Referenced In Project/Scope: WCM Commons:compile
Evidence Type Source Name Value Confidence Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor jar package name commons Highest Vendor jar package name lang3 Highest Vendor Manifest automatic-module-name org.apache.commons.lang3 Medium Vendor jar package name apache Highest Vendor Manifest bundle-docurl http://commons.apache.org/proper/commons-lang/ Low Vendor Manifest bundle-symbolicname org.apache.commons.lang3 Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Vendor pom parent-groupid org.apache.commons Medium Vendor file name commons-lang3 High Vendor pom groupid apache.commons Highest Vendor pom groupid org.apache.commons Highest Vendor pom artifactid commons-lang3 Low Vendor pom name Apache Commons Lang High Vendor Manifest implementation-url http://commons.apache.org/proper/commons-lang/ Low Vendor pom parent-artifactid commons-parent Low Vendor Manifest Implementation-Vendor-Id org.apache.commons Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom url http://commons.apache.org/proper/commons-lang/ Highest Product jar package name commons Highest Product jar package name lang3 Highest Product Manifest Bundle-Name Apache Commons Lang Medium Product Manifest automatic-module-name org.apache.commons.lang3 Medium Product jar package name apache Highest Product Manifest bundle-docurl http://commons.apache.org/proper/commons-lang/ Low Product pom artifactid commons-lang3 Highest Product Manifest bundle-symbolicname org.apache.commons.lang3 Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Product pom parent-groupid org.apache.commons Medium Product file name commons-lang3 High Product pom groupid apache.commons Highest Product pom name Apache Commons Lang High Product Manifest specification-title Apache Commons Lang Medium Product Manifest implementation-url http://commons.apache.org/proper/commons-lang/ Low Product pom parent-artifactid commons-parent Medium Product pom url http://commons.apache.org/proper/commons-lang/ Medium Product Manifest Implementation-Title Apache Commons Lang High Version pom version 3.6 Highest Version file version 3.6 High Version pom parent-version 3.6 Low Version Manifest Implementation-Version 3.6 High
Description:
Guava is a suite of core and expanded libraries that include
utility classes, google's collections, io classes, and much
much more.
Guava has two code dependencies - javax.annotation
per the JSR-305 spec and javax.inject per the JSR-330 spec.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/com/google/guava/guava/15.0/guava-15.0.jar
MD5: 2c10bb2ca3ac8b55b0e77e54a7eb3744
SHA1: ed727a8d9f247e2050281cb083f1c77b09dcb5cd
SHA256: 7a34575770eebc60a5476616e3676a6cb6f2975c78c415e2a6014ac724ba5783
Referenced In Project/Scope: WCM Commons:compile
Evidence Type Source Name Value Confidence Vendor jar package name google Highest Vendor pom artifactid guava Low Vendor pom groupid com.google.guava Highest Vendor file name guava High Vendor Manifest bundle-symbolicname com.google.guava Medium Vendor pom parent-groupid com.google.guava Medium Vendor pom groupid google.guava Highest Vendor pom name Guava: Google Core Libraries for Java High Vendor pom parent-artifactid guava-parent Low Product jar package name google Highest Product Manifest Bundle-Name Guava: Google Core Libraries for Java Medium Product pom artifactid guava Highest Product file name guava High Product Manifest bundle-symbolicname com.google.guava Medium Product pom parent-groupid com.google.guava Medium Product pom groupid google.guava Highest Product pom parent-artifactid guava-parent Medium Product pom name Guava: Google Core Libraries for Java High Version pom version 15.0 Highest Version file version 15.0 High
Published Vulnerabilities CVE-2018-10237 suppress
Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable. CWE-770 Allocation of Resources Without Limits or Throttling
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H References:
CONFIRM - https://groups.google.com/d/topic/guava-announce/xqWALw4W1vs/discussion MISC - https://www.oracle.com/security-alerts/cpujan2021.html MISC - https://www.oracle.com/security-alerts/cpujul2020.html MISC - https://www.oracle.com/security-alerts/cpuoct2021.html MLIST - [activemq-gitbox] 20190530 [GitHub] [activemq-artemis] brusdev opened a new pull request #2687: ARTEMIS-2359 Upgrade to Guava 24.1 MLIST - [activemq-issues] 20190516 [jira] [Created] (AMQ-7208) Security Issue related to Guava 18.0 MLIST - [activemq-issues] 20190820 [jira] [Created] (AMQ-7279) Security Vulnerabilities in Libraries - jackson-databind-2.9.8.jar, tomcat-servlet-api-8.0.53.jar, tomcat-websocket-api-8.0.53.jar, zookeeper-3.4.6.jar, guava-18.0.jar, jetty-all-9.2.26.v20180806.jar, scala-library-2.11.0.jar MLIST - [arrow-github] 20210610 [GitHub] [arrow] projjal opened a new pull request #10501: ARROW-13032: Update guava version MLIST - [cassandra-commits] 20190612 [jira] [Assigned] (CASSANDRA-14760) CVE-2018-10237 Security vulnerability in 3.11.3 MLIST - [cxf-dev] 20200206 [GitHub] [cxf] davidkarlsen opened a new pull request #638: upgrade guava, CVE-2018-10237 MLIST - [cxf-dev] 20200206 [GitHub] [cxf] reta commented on a change in pull request #638: upgrade guava, CVE-2018-10237 MLIST - [cxf-dev] 20200211 [GitHub] [cxf] coheigea commented on a change in pull request #638: upgrade guava, CVE-2018-10237 MLIST - [cxf-dev] 20200420 [GitHub] [cxf] andrei-ivanov commented on a change in pull request #638: upgrade guava, CVE-2018-10237 MLIST - [cxf-dev] 20200420 [GitHub] [cxf] coheigea commented on a change in pull request #638: upgrade guava, CVE-2018-10237 MLIST - [cxf-dev] 20200420 [GitHub] [cxf] reta commented on a change in pull request #638: upgrade guava, CVE-2018-10237 MLIST - [drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities MLIST - [drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities MLIST - [drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities MLIST - [flink-dev] 20200806 Dependency vulnerabilities with Apache Flink 1.10.1 version MLIST - [flink-dev] 20200806 [jira] [Created] (FLINK-18841) CVE-2018-10237 and CWE-400 occurred in flink dependency MLIST - [flink-issues] 20200806 [jira] [Created] (FLINK-18841) CVE-2018-10237 and CWE-400 occurred in flink dependency MLIST - [flink-issues] 20200814 [jira] [Commented] (FLINK-18841) CVE-2018-10237 and CWE-400 occurred in flink dependency MLIST - [flink-issues] 20210212 [jira] [Closed] (FLINK-18841) CVE-2018-10237 and CWE-400 occurred in flink dependency MLIST - [flink-user] 20200806 Dependency vulnerabilities with Apache Flink 1.10.1 version MLIST - [hadoop-common-dev] 20190401 Update guava to 27.0-jre in hadoop-project MLIST - [hadoop-common-dev] 20200623 Update guava to 27.0-jre in hadoop branch-2.10 MLIST - [hadoop-hdfs-dev] 20190401 Update guava to 27.0-jre in hadoop-project MLIST - [kafka-users] 20200413 CVEs for the dependency software guava and rocksdbjni of Kafka MLIST - [lucene-issues] 20201022 [jira] [Created] (SOLR-14960) Solr-clustering is bringing in CVE-2018-10237 vulnerable guava MLIST - [lucene-issues] 20201022 [jira] [Resolved] (SOLR-14960) Solr-clustering is bringing in CVE-2018-10237 vulnerable guava MLIST - [lucene-issues] 20201022 [jira] [Updated] (SOLR-14960) Solr-clustering is bringing in CVE-2018-10237 vulnerable guava MLIST - [maven-issues] 20210122 [GitHub] [maven-indexer] akurtakov opened a new pull request #75: Remove guava dependency from indexer-core MLIST - [pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1 MLIST - [pulsar-commits] 20210406 [GitHub] [pulsar] lhotari opened a new pull request #10149: Upgrade jclouds to 2.3.0 to fix security vulnerabilities MLIST - [samza-commits] 20210310 [GitHub] [samza] Telesia opened a new pull request #1471: SAMZA-2630: Upgrade dependencies for security fixes MLIST - [storm-issues] 20210315 [jira] [Created] (STORM-3754) Upgrade Guava version because of security vulnerability MLIST - [syncope-dev] 20200423 Re: Time to cut 2.1.6 / 2.0.15? N/A - N/A OSSINDEX - [CVE-2018-10237] Deserialization of Untrusted Data REDHAT - RHSA-2018:2423 REDHAT - RHSA-2018:2424 REDHAT - RHSA-2018:2425 REDHAT - RHSA-2018:2428 REDHAT - RHSA-2018:2598 REDHAT - RHSA-2018:2643 REDHAT - RHSA-2018:2740 REDHAT - RHSA-2018:2741 REDHAT - RHSA-2018:2742 REDHAT - RHSA-2018:2743 REDHAT - RHSA-2018:2927 REDHAT - RHSA-2019:2858 REDHAT - RHSA-2019:3149 SECTRACK - 1041707 Vulnerable Software & Versions: (show all )
CVE-2020-8908 suppress
A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in question has been marked @Deprecated in versions 30.0 and later and should not be used. For Android developers, we recommend choosing a temporary directory API provided by Android, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime's java.io.tmpdir system property to point to a location whose permissions are appropriately configured. CWE-732 Incorrect Permission Assignment for Critical Resource
CVSSv2:
Base Score: LOW (2.1) Vector: /AV:L/AC:L/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: LOW (3.3) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N References:
Vulnerable Software & Versions: (show all )
Description:
Common Sling utility and helper functions. License:
"The Apache Software License, Version 2.0";link="http://www.apache.org/licenses/LICENSE-2.0.txt" File Path: /home/runner/.m2/repository/io/wcm/io.wcm.sling.commons/1.4.0/io.wcm.sling.commons-1.4.0.jar
MD5: d62de019c010f8bc770e3779c2ef9b77
SHA1: 57bab1d2edf776d551f5c994b705add0fda569b7
SHA256: a6fcc35671f64d43f0a4253340e01655694a8e7fa60aed781410e9440dc053b2
Referenced In Project/Scope: WCM Commons:compile
Evidence Type Source Name Value Confidence Vendor jar package name sling Highest Vendor jar package name commons Highest Vendor jar package name io Highest Vendor pom groupid io.wcm Highest Vendor jar package name wcm Highest Vendor Manifest provide-capability osgi.service;objectClass:List="io.wcm.sling.commons.caservice.ContextAwareServiceResolver";uses:="io.wcm.sling.commons.caservice",osgi.service;objectClass:List="io.wcm.sling.commons.request.RequestContext,javax.servlet.Filter";uses:="io.wcm.sling.commons.request,javax.servlet",osgi.service;objectClass:List="org.apache.felix.inventory.InventoryPrinter";uses:="org.apache.felix.inventory" Low Vendor Manifest bundle-symbolicname io.wcm.sling.commons Medium Vendor Manifest service-component OSGI-INF/io.wcm.sling.commons.caservice.impl.ContextAwareServiceInventoryPrinter.xml,OSGI-INF/io.wcm.sling.commons.caservice.impl.ContextAwareServiceResolverImpl.xml,OSGI-INF/io.wcm.sling.commons.request.impl.RequestContextFilterImpl.xml Low Vendor Manifest build-jdk-spec 11 Low Vendor Manifest require-capability osgi.service;filter:="(objectClass=io.wcm.sling.commons.caservice.ContextAwareServiceResolver)";effective:=active,osgi.service;filter:="(objectClass=io.wcm.sling.commons.caservice.PathPreprocessor)";effective:=active;resolution:=optional,osgi.extender;filter:="(&(osgi.extender=osgi.component)(version>=1.4.0)(!(version>=2.0.0)))",osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor Manifest bundle-docurl https://wcm.io/sling/commons/ Low Vendor pom parent-artifactid io.wcm.sling.parent Low Vendor pom url ${site.url}/${site.url.module.prefix}/ Highest Vendor pom artifactid io.wcm.sling.commons Low Vendor file name io.wcm.sling.commons High Vendor pom name Sling Commons High Product pom parent-artifactid io.wcm.sling.parent Medium Product jar package name sling Highest Product jar package name commons Highest Product pom url ${site.url}/${site.url.module.prefix}/ Medium Product jar package name io Highest Product jar package name wcm Highest Product pom groupid io.wcm Highest Product Manifest provide-capability osgi.service;objectClass:List="io.wcm.sling.commons.caservice.ContextAwareServiceResolver";uses:="io.wcm.sling.commons.caservice",osgi.service;objectClass:List="io.wcm.sling.commons.request.RequestContext,javax.servlet.Filter";uses:="io.wcm.sling.commons.request,javax.servlet",osgi.service;objectClass:List="org.apache.felix.inventory.InventoryPrinter";uses:="org.apache.felix.inventory" Low Product Manifest bundle-symbolicname io.wcm.sling.commons Medium Product Manifest Bundle-Name wcm.io Sling Commons Medium Product Manifest service-component OSGI-INF/io.wcm.sling.commons.caservice.impl.ContextAwareServiceInventoryPrinter.xml,OSGI-INF/io.wcm.sling.commons.caservice.impl.ContextAwareServiceResolverImpl.xml,OSGI-INF/io.wcm.sling.commons.request.impl.RequestContextFilterImpl.xml Low Product Manifest build-jdk-spec 11 Low Product Manifest require-capability osgi.service;filter:="(objectClass=io.wcm.sling.commons.caservice.ContextAwareServiceResolver)";effective:=active,osgi.service;filter:="(objectClass=io.wcm.sling.commons.caservice.PathPreprocessor)";effective:=active;resolution:=optional,osgi.extender;filter:="(&(osgi.extender=osgi.component)(version>=1.4.0)(!(version>=2.0.0)))",osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product Manifest bundle-docurl https://wcm.io/sling/commons/ Low Product pom artifactid io.wcm.sling.commons Highest Product file name io.wcm.sling.commons High Product pom name Sling Commons High Version pom version 1.4.0 Highest Version file version 1.4.0 High Version Manifest Bundle-Version 1.4.0 High
Description:
AEM Object Injector for Sling Models. License:
"The Apache Software License, Version 2.0";link="http://www.apache.org/licenses/LICENSE-2.0.txt" File Path: /home/runner/.m2/repository/io/wcm/io.wcm.sling.models/1.6.0/io.wcm.sling.models-1.6.0.jar
MD5: 11233d382ac989a7c00b69fe6191d0cc
SHA1: 06a9483c7502638bc25552917a20cdfb904c34bb
SHA256: eb19e7903e1cb3c9d98f9d70d68b0687c82923b70a3d6f84f435b358223c64fa
Referenced In Project/Scope: WCM Commons:compile
Evidence Type Source Name Value Confidence Vendor jar package name sling Highest Vendor jar package name io Highest Vendor pom groupid io.wcm Highest Vendor jar package name wcm Highest Vendor Manifest build-jdk-spec 11 Low Vendor pom name AEM Sling Models Extensions High Vendor Manifest bundle-symbolicname io.wcm.sling.models Medium Vendor pom artifactid io.wcm.sling.models Low Vendor Manifest bundle-docurl https://wcm.io/sling/models/ Low Vendor jar package name models Highest Vendor pom parent-artifactid io.wcm.sling.parent Low Vendor file name io.wcm.sling.models High Vendor Manifest service-component OSGI-INF/io.wcm.sling.models.injectors.impl.AemObjectInjector.xml,OSGI-INF/io.wcm.sling.models.injectors.impl.ModelsImplConfiguration.xml,OSGI-INF/io.wcm.sling.models.injectors.impl.SlingObjectOverlayInjector.xml Low Vendor pom url ${site.url}/${site.url.module.prefix}/ Highest Vendor Manifest require-capability osgi.service;filter:="(objectClass=io.wcm.sling.commons.request.RequestContext)";effective:=active,osgi.service;filter:="(objectClass=io.wcm.sling.models.injectors.impl.ModelsImplConfiguration)";effective:=active,osgi.extender;filter:="(&(osgi.extender=osgi.component)(version>=1.4.0)(!(version>=2.0.0)))",osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor Manifest provide-capability osgi.service;objectClass:List="io.wcm.sling.models.injectors.impl.ModelsImplConfiguration";uses:="io.wcm.sling.models.injectors.impl",osgi.service;objectClass:List="org.apache.sling.models.spi.Injector,org.apache.sling.models.spi.injectorspecific.StaticInjectAnnotationProcessorFactory";uses:="org.apache.sling.models.spi,org.apache.sling.models.spi.injectorspecific" Low Product pom parent-artifactid io.wcm.sling.parent Medium Product jar package name sling Highest Product pom url ${site.url}/${site.url.module.prefix}/ Medium Product jar package name io Highest Product jar package name wcm Highest Product pom groupid io.wcm Highest Product Manifest build-jdk-spec 11 Low Product Manifest Bundle-Name wcm.io AEM Sling Models Extensions Medium Product pom name AEM Sling Models Extensions High Product Manifest bundle-symbolicname io.wcm.sling.models Medium Product Manifest bundle-docurl https://wcm.io/sling/models/ Low Product jar package name models Highest Product file name io.wcm.sling.models High Product Manifest service-component OSGI-INF/io.wcm.sling.models.injectors.impl.AemObjectInjector.xml,OSGI-INF/io.wcm.sling.models.injectors.impl.ModelsImplConfiguration.xml,OSGI-INF/io.wcm.sling.models.injectors.impl.SlingObjectOverlayInjector.xml Low Product pom artifactid io.wcm.sling.models Highest Product Manifest require-capability osgi.service;filter:="(objectClass=io.wcm.sling.commons.request.RequestContext)";effective:=active,osgi.service;filter:="(objectClass=io.wcm.sling.models.injectors.impl.ModelsImplConfiguration)";effective:=active,osgi.extender;filter:="(&(osgi.extender=osgi.component)(version>=1.4.0)(!(version>=2.0.0)))",osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product Manifest provide-capability osgi.service;objectClass:List="io.wcm.sling.models.injectors.impl.ModelsImplConfiguration";uses:="io.wcm.sling.models.injectors.impl",osgi.service;objectClass:List="org.apache.sling.models.spi.Injector,org.apache.sling.models.spi.injectorspecific.StaticInjectAnnotationProcessorFactory";uses:="org.apache.sling.models.spi,org.apache.sling.models.spi.injectorspecific" Low Version file version 1.6.0 High Version pom version 1.6.0 Highest Version pom parent-version 1.6.0 Low Version Manifest Bundle-Version 1.6.0 High
Description:
Java(TM) Servlet 3.1 API Design Specification License:
CDDL + GPLv2 with classpath exception: https://glassfish.dev.java.net/nonav/public/CDDL+GPL.html File Path: /home/runner/.m2/repository/javax/servlet/javax.servlet-api/3.1.0/javax.servlet-api-3.1.0.jar
MD5: 79de69e9f5ed8c7fcb8342585732bbf7
SHA1: 3cd63d075497751784b2fa84be59432f4905bf7c
SHA256: af456b2dd41c4e82cf54f3e743bc678973d9fe35bd4d3071fa05c7e5333b8482
Referenced In Project/Scope: WCM Commons:compile
Evidence Type Source Name Value Confidence Vendor Manifest specification-vendor Oracle Corporation Low Vendor Manifest bundle-docurl https://glassfish.dev.java.net Low Vendor jar package name javax Highest Vendor Manifest extension-name javax.servlet Medium Vendor pom organization url https://glassfish.dev.java.net Medium Vendor Manifest Implementation-Vendor-Id org.glassfish Medium Vendor pom artifactid javax.servlet-api Low Vendor file name javax.servlet-api High Vendor pom url http://servlet-spec.java.net Highest Vendor pom parent-artifactid jvnet-parent Low Vendor Manifest bundle-symbolicname javax.servlet-api Medium Vendor jar package name servlet Highest Vendor pom name Java Servlet API High Vendor pom groupid javax.servlet Highest Vendor pom parent-groupid net.java Medium Vendor Manifest Implementation-Vendor GlassFish Community High Vendor pom organization name GlassFish Community High Product Manifest bundle-docurl https://glassfish.dev.java.net Low Product jar package name javax Highest Product Manifest extension-name javax.servlet Medium Product pom organization url https://glassfish.dev.java.net Low Product file name javax.servlet-api High Product jar package name servlet Highest Product Manifest bundle-symbolicname javax.servlet-api Medium Product pom name Java Servlet API High Product pom url http://servlet-spec.java.net Medium Product pom groupid javax.servlet Highest Product pom artifactid javax.servlet-api Highest Product pom organization name GlassFish Community Low Product Manifest Bundle-Name Java Servlet API Medium Product pom parent-groupid net.java Medium Product pom parent-artifactid jvnet-parent Medium Version Manifest Implementation-Version 3.1.0 High Version Manifest Bundle-Version 3.1.0 High Version pom version 3.1.0 Highest Version file version 3.1.0 High Version pom parent-version 3.1.0 Low
File Path: /home/runner/.m2/repository/javax/servlet/jsp/jsp-api/2.1/jsp-api-2.1.jarMD5: b8a34113a3a1ce29c8c60d7141f5a704SHA1: 63f943103f250ef1f3a4d5e94d145a0f961f5316SHA256: 545f4e7dc678ffb4cf8bd0fd40b4a4470a409a787c0ea7d0ad2f08d56112987bReferenced In Project/Scope: WCM Commons:compile
Evidence Type Source Name Value Confidence Vendor pom groupid javax.servlet.jsp Highest Vendor jar package name servlet Highest Vendor jar package name javax Highest Vendor file name jsp-api High Vendor pom artifactid jsp-api Low Vendor Manifest Implementation-Vendor Sun Microsystems, Inc. High Vendor Manifest specification-vendor Sun Microsystems, Inc. Low Vendor Manifest extension-name javax.servlet.jsp Medium Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor jar package name jsp Highest Product pom groupid javax.servlet.jsp Highest Product jar package name servlet Highest Product jar package name javax Highest Product file name jsp-api High Product pom artifactid jsp-api Highest Product Manifest extension-name javax.servlet.jsp Medium Product Manifest specification-title JavaServer Pages(TM) Specification Medium Product jar package name jsp Highest Version Manifest Implementation-Version 2.1 High Version pom version 2.1 Highest Version file version 2.1 High
Description:
OSGi Companion Code for org.osgi.framework Version 1.8.0. License:
Apache License, Version 2.0: http://opensource.org/licenses/apache2.0.php File Path: /home/runner/.m2/repository/org/osgi/org.osgi.framework/1.8.0/org.osgi.framework-1.8.0.jar
MD5: 1a40fb57099ef5530d25bc9600d509b1
SHA1: b54d03f9621136b7d9d93b5017b0a4fa490e78b0
SHA256: ec194b7871af27681716ff05259319a5c3c9b9727e8000e9e832499b93484b4e
Referenced In Project/Scope: WCM Commons:compile
Evidence Type Source Name Value Confidence Vendor pom organization url http://www.osgi.org/ Medium Vendor jar package name version Highest Vendor jar package name osgi Highest Vendor pom organization name OSGi Alliance High Vendor file name org.osgi.framework High Vendor Manifest bundle-symbolicname org.osgi.framework Medium Vendor jar package name framework Highest Vendor Manifest bundle-docurl http://www.osgi.org/ Low Vendor Manifest bundle-developers osgi; email=info@osgi.org; name="OSGi Alliance"; organization="OSGi Alliance" Low Vendor Manifest bundle-copyright Copyright (c) OSGi Alliance (2000, 2015). All Rights Reserved. Low Vendor pom artifactid osgi.framework Low Vendor pom groupid org.osgi Highest Vendor pom url http://www.osgi.org/ Highest Vendor pom name org.osgi:org.osgi.framework High Vendor Manifest git-sha b0858c3b90a73ecc81055c7565fbbcbd4f76674e Low Vendor pom groupid osgi Highest Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low Vendor Manifest git-descriptor hudson-build.cmpn-793 Low Product pom artifactid org.osgi.framework Highest Product jar package name version Highest Product jar package name osgi Highest Product file name org.osgi.framework High Product Manifest bundle-symbolicname org.osgi.framework Medium Product jar package name framework Highest Product Manifest bundle-docurl http://www.osgi.org/ Low Product pom artifactid osgi.framework Highest Product jar package name filter Highest Product Manifest bundle-developers osgi; email=info@osgi.org; name="OSGi Alliance"; organization="OSGi Alliance" Low Product pom organization url http://www.osgi.org/ Low Product Manifest bundle-copyright Copyright (c) OSGi Alliance (2000, 2015). All Rights Reserved. Low Product pom organization name OSGi Alliance Low Product pom name org.osgi:org.osgi.framework High Product Manifest git-sha b0858c3b90a73ecc81055c7565fbbcbd4f76674e Low Product Manifest Bundle-Name org.osgi:org.osgi.framework Medium Product pom groupid osgi Highest Product pom url http://www.osgi.org/ Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low Product Manifest git-descriptor hudson-build.cmpn-793 Low Version file version 1.8.0 High Version pom version 1.8.0 Highest
Description:
OSGi Companion Code for org.osgi.service.cm Version 1.6.0 License:
Apache-2.0: http://www.apache.org/licenses/LICENSE-2.0 File Path: /home/runner/.m2/repository/org/osgi/org.osgi.service.cm/1.6.0/org.osgi.service.cm-1.6.0.jar
MD5: b0756197dc4ce853b05e686ec0df8dbf
SHA1: f0c01d6da3799107b17f894ae7920cfd6fa69da6
SHA256: c1768352603abdeb18ca160ac8c712768f88d2e418fe4c5cf50845e783154233
Referenced In Project/Scope: WCM Commons:compile
Evidence Type Source Name Value Confidence Vendor jar package name osgi Highest Vendor pom organization name OSGi Alliance High Vendor pom url https://www.osgi.org/ Highest Vendor pom artifactid osgi.service.cm Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Vendor Manifest bundle-copyright Copyright (c) OSGi Alliance (2000, 2018). All Rights Reserved. Low Vendor file name org.osgi.service.cm High Vendor jar package name cm Highest Vendor pom groupid org.osgi Highest Vendor Manifest git-descriptor hudson-build.core-1432 Low Vendor jar package name service Highest Vendor Manifest git-sha ac877b9fdaa36e26adb939cf9dd425e77243f449 Low Vendor pom name org.osgi:org.osgi.service.cm High Vendor Manifest bundle-developers osgi; email=info@osgi.org; name="OSGi Alliance"; organization="OSGi Alliance"; organizationUrl=https://www.osgi.org/ Low Vendor pom groupid osgi Highest Vendor pom organization url https://www.osgi.org/ Medium Vendor Manifest bundle-docurl https://www.osgi.org/ Low Vendor Manifest bundle-symbolicname org.osgi.service.cm Medium Product pom artifactid org.osgi.service.cm Highest Product jar package name osgi Highest Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Product Manifest Bundle-Name org.osgi:org.osgi.service.cm Medium Product pom organization url https://www.osgi.org/ Low Product Manifest bundle-copyright Copyright (c) OSGi Alliance (2000, 2018). All Rights Reserved. Low Product file name org.osgi.service.cm High Product jar package name cm Highest Product pom organization name OSGi Alliance Low Product Manifest git-descriptor hudson-build.core-1432 Low Product jar package name service Highest Product Manifest git-sha ac877b9fdaa36e26adb939cf9dd425e77243f449 Low Product pom name org.osgi:org.osgi.service.cm High Product Manifest bundle-developers osgi; email=info@osgi.org; name="OSGi Alliance"; organization="OSGi Alliance"; organizationUrl=https://www.osgi.org/ Low Product pom artifactid osgi.service.cm Highest Product pom groupid osgi Highest Product pom url https://www.osgi.org/ Medium Product Manifest bundle-docurl https://www.osgi.org/ Low Product Manifest bundle-symbolicname org.osgi.service.cm Medium Version file version 1.6.0 High Version pom version 1.6.0 Highest
Description:
OSGi Companion Code for org.osgi.util.tracker Version 1.5.1. License:
Apache License, Version 2.0: http://opensource.org/licenses/apache2.0.php File Path: /home/runner/.m2/repository/org/osgi/org.osgi.util.tracker/1.5.1/org.osgi.util.tracker-1.5.1.jar
MD5: fd34c8f47613e751a25aa7e627c7cc85
SHA1: 18c3821aa2e98b3e5aacf73b3833347a894a5053
SHA256: 5efad34ab9a7753dcde1415b62e6e21e4dec83dfad5a570df485c1b931c1ebed
Referenced In Project/Scope: WCM Commons:compile
Evidence Type Source Name Value Confidence Vendor pom organization url http://www.osgi.org/ Medium Vendor jar package name osgi Highest Vendor pom organization name OSGi Alliance High Vendor Manifest bundle-symbolicname org.osgi.util.tracker Medium Vendor file name org.osgi.util.tracker High Vendor jar package name util Highest Vendor Manifest bundle-docurl http://www.osgi.org/ Low Vendor Manifest bundle-developers osgi; email=info@osgi.org; name="OSGi Alliance"; organization="OSGi Alliance" Low Vendor Manifest bundle-copyright Copyright (c) OSGi Alliance (2000, 2015). All Rights Reserved. Low Vendor pom artifactid osgi.util.tracker Low Vendor pom groupid org.osgi Highest Vendor pom url http://www.osgi.org/ Highest Vendor jar package name tracker Highest Vendor Manifest git-sha b0858c3b90a73ecc81055c7565fbbcbd4f76674e Low Vendor pom name org.osgi:org.osgi.util.tracker High Vendor pom groupid osgi Highest Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low Vendor Manifest git-descriptor hudson-build.cmpn-793 Low Product pom artifactid org.osgi.util.tracker Highest Product jar package name osgi Highest Product Manifest bundle-symbolicname org.osgi.util.tracker Medium Product file name org.osgi.util.tracker High Product jar package name util Highest Product Manifest bundle-docurl http://www.osgi.org/ Low Product pom artifactid osgi.util.tracker Highest Product Manifest bundle-developers osgi; email=info@osgi.org; name="OSGi Alliance"; organization="OSGi Alliance" Low Product pom organization url http://www.osgi.org/ Low Product Manifest bundle-copyright Copyright (c) OSGi Alliance (2000, 2015). All Rights Reserved. Low Product pom organization name OSGi Alliance Low Product jar package name tracker Highest Product Manifest git-sha b0858c3b90a73ecc81055c7565fbbcbd4f76674e Low Product pom name org.osgi:org.osgi.util.tracker High Product pom groupid osgi Highest Product pom url http://www.osgi.org/ Medium Product Manifest Bundle-Name org.osgi:org.osgi.util.tracker Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low Product Manifest git-descriptor hudson-build.cmpn-793 Low Version pom version 1.5.1 Highest Version file version 1.5.1 High
Description:
The slf4j API File Path: /home/runner/.m2/repository/org/slf4j/slf4j-api/1.7.25/slf4j-api-1.7.25.jarMD5: caafe376afb7086dcbee79f780394ca3SHA1: da76ca59f6a57ee3102f8f9bd9cee742973efa8aSHA256: 18c4a0095d5c1da6b817592e767bb23d29dd2f560ad74df75ff3961dbde25b79Referenced In Project/Scope: WCM Commons:compile
Evidence Type Source Name Value Confidence Vendor jar package name slf4j Highest Vendor Manifest bundle-symbolicname slf4j.api Medium Vendor pom url http://www.slf4j.org Highest Vendor pom groupid slf4j Highest Vendor pom parent-groupid org.slf4j Medium Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor file name slf4j-api High Vendor pom artifactid slf4j-api Low Vendor pom name SLF4J API Module High Vendor pom groupid org.slf4j Highest Vendor pom parent-artifactid slf4j-parent Low Product pom url http://www.slf4j.org Medium Product jar package name slf4j Highest Product Manifest Implementation-Title slf4j-api High Product Manifest bundle-symbolicname slf4j.api Medium Product pom parent-groupid org.slf4j Medium Product pom parent-artifactid slf4j-parent Medium Product pom groupid slf4j Highest Product pom artifactid slf4j-api Highest Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product file name slf4j-api High Product Manifest Bundle-Name slf4j-api Medium Product pom name SLF4J API Module High Version file version 1.7.25 High Version pom version 1.7.25 Highest Version Manifest Implementation-Version 1.7.25 High Version Manifest Bundle-Version 1.7.25 High