Press CTR-C to copy XML [help]


Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

How to read the report | Suppressing false positives | Getting Help: github issues

 Sponsor

Project: WCM Core Components

io.wcm:io.wcm.wcm.core.components.root:1.9.3-2.17.12-SNAPSHOT

Scan Information (show all):

Summary

Display: Showing Vulnerable Dependencies (click to show all)

DependencyVulnerability IDsPackageHighest SeverityCVE CountConfidenceEvidence Count
commons-codec-1.10.jarpkg:maven/commons-codec/commons-codec@1.10 040
commons-collections-3.2.2.jarcpe:2.3:a:apache:commons_collections:3.2.2:*:*:*:*:*:*:*pkg:maven/commons-collections/commons-collections@3.2.2 0Highest41
commons-io-2.5.jarcpe:2.3:a:apache:commons_io:2.5:*:*:*:*:*:*:*pkg:maven/commons-io/commons-io@2.5MEDIUM1Highest40
commons-lang3-3.6.jarpkg:maven/org.apache.commons/commons-lang3@3.6 041
core.wcm.components.core-2.17.12.jarcpe:2.3:a:adobe:adobe_consulting_services_commons:2.17.12:*:*:*:*:*:*:*pkg:maven/com.adobe.cq/core.wcm.components.core@2.17.12MEDIUM1Low35
guava-15.0.jarcpe:2.3:a:google:guava:15.0:*:*:*:*:*:*:*pkg:maven/com.google.guava/guava@15.0MEDIUM2Highest20
image.js 00
io.wcm.caconfig.editor-1.8.6.jarcpe:2.3:a:list_site_pro:list_site_pro:1.8.6:*:*:*:*:*:*:*pkg:maven/io.wcm/io.wcm.caconfig.editor@1.8.6 0Low39
io.wcm.caconfig.editor-1.8.6.jar: add-collection-item.controller.js 00
io.wcm.caconfig.editor-1.8.6.jar: add-config.controller.js 00
io.wcm.caconfig.editor-1.8.6.jar: angular-route.min.js 00
io.wcm.caconfig.editor-1.8.6.jar: angular.min.js 00
io.wcm.caconfig.editor-1.8.6.jar: app.module.js 00
io.wcm.caconfig.editor-1.8.6.jar: bindonce.min.js 00
io.wcm.caconfig.editor-1.8.6.jar: config-cache.service.js 00
io.wcm.caconfig.editor-1.8.6.jar: config-table.directive.js 00
io.wcm.caconfig.editor-1.8.6.jar: config.service.js 00
io.wcm.caconfig.editor-1.8.6.jar: current-config.service.js 00
io.wcm.caconfig.editor-1.8.6.jar: data-helper.service.js 00
io.wcm.caconfig.editor-1.8.6.jar: data.service.js 00
io.wcm.caconfig.editor-1.8.6.jar: delete-config.controller.js 00
io.wcm.caconfig.editor-1.8.6.jar: description-popup.directive.js 00
io.wcm.caconfig.editor-1.8.6.jar: detail.controller.js 00
io.wcm.caconfig.editor-1.8.6.jar: editor.module.js 00
io.wcm.caconfig.editor-1.8.6.jar: editor.routes.js 00
io.wcm.caconfig.editor-1.8.6.jar: error.controller.js 00
io.wcm.caconfig.editor-1.8.6.jar: info.controller.js 00
io.wcm.caconfig.editor-1.8.6.jar: modal.service.js 00
io.wcm.caconfig.editor-1.8.6.jar: modals.module.js 00
io.wcm.caconfig.editor-1.8.6.jar: multifield.directive.js 00
io.wcm.caconfig.editor-1.8.6.jar: overview.controller.js 00
io.wcm.caconfig.editor-1.8.6.jar: pathbrowser.directive.js 00
io.wcm.caconfig.editor-1.8.6.jar: property-dropdown.directive.js 00
io.wcm.caconfig.editor-1.8.6.jar: property-edit-link.directive.js 00
io.wcm.caconfig.editor-1.8.6.jar: property-input-checkbox.directive.js 00
io.wcm.caconfig.editor-1.8.6.jar: property-input-text.directive.js 00
io.wcm.caconfig.editor-1.8.6.jar: property-input-textarea.directive.js 00
io.wcm.caconfig.editor-1.8.6.jar: property-row-preview.directive.js 00
io.wcm.caconfig.editor-1.8.6.jar: property-row.directive.js 00
io.wcm.caconfig.editor-1.8.6.jar: publish.service.js 00
io.wcm.caconfig.editor-1.8.6.jar: save-config.controller.js 00
io.wcm.caconfig.editor-1.8.6.jar: templates.module.js 00
io.wcm.caconfig.editor-1.8.6.jar: ui.service.js 00
io.wcm.caconfig.editor-1.8.6.jar: utilities.module.js 00
io.wcm.caconfig.editor-1.8.6.jar: widgets.constants.js 00
io.wcm.caconfig.editor-1.8.6.jar: widgets.module.js 00
io.wcm.caconfig.extensions-1.8.8.jarcpe:2.3:a:list_site_pro:list_site_pro:1.8.8:*:*:*:*:*:*:*pkg:maven/io.wcm/io.wcm.caconfig.extensions@1.8.8 0Low37
io.wcm.handler.commons-1.4.0.jarpkg:maven/io.wcm/io.wcm.handler.commons@1.4.0 036
io.wcm.handler.commons-1.4.2.jarpkg:maven/io.wcm/io.wcm.handler.commons@1.4.2 037
io.wcm.handler.link-1.7.4.jarcpe:2.3:a:config-handler_project:config-handler:1.7.4:*:*:*:*:*:*:*pkg:maven/io.wcm/io.wcm.handler.link@1.7.4 0Low39
io.wcm.handler.link-1.7.4.jar: validation.js 00
io.wcm.handler.link-1.8.0.jarcpe:2.3:a:config-handler_project:config-handler:1.8.0:*:*:*:*:*:*:*pkg:maven/io.wcm/io.wcm.handler.link@1.8.0 0Low39
io.wcm.handler.media-1.13.6.jarcpe:2.3:a:config-handler_project:config-handler:1.13.6:*:*:*:*:*:*:*pkg:maven/io.wcm/io.wcm.handler.media@1.13.6 0Low42
io.wcm.handler.media-1.13.6.jar: fileupload.js 00
io.wcm.handler.media-1.13.6.jar: mediaFormatValidate.js 00
io.wcm.handler.media-1.13.6.jar: namespace.js 00
io.wcm.handler.media-1.13.6.jar: pathfield.js 00
io.wcm.handler.media-1.13.6.jar: validation.js 00
io.wcm.handler.media-1.13.8.jarcpe:2.3:a:config-handler_project:config-handler:1.13.8:*:*:*:*:*:*:*pkg:maven/io.wcm/io.wcm.handler.media@1.13.8 0Low42
io.wcm.handler.richtext-1.5.0.jarcpe:2.3:a:config-handler_project:config-handler:1.5.0:*:*:*:*:*:*:*pkg:maven/io.wcm/io.wcm.handler.richtext@1.5.0 0Low39
io.wcm.handler.richtext-1.5.0.jar: linkDialog.js 00
io.wcm.handler.richtext-1.5.0.jar: linkPlugin.js 00
io.wcm.handler.richtext-1.5.0.jar: namespace.js 00
io.wcm.handler.richtext-1.5.6.jarcpe:2.3:a:config-handler_project:config-handler:1.5.6:*:*:*:*:*:*:*pkg:maven/io.wcm/io.wcm.handler.richtext@1.5.6 0Low39
io.wcm.handler.url-1.5.4.jarcpe:2.3:a:config-handler_project:config-handler:1.5.4:*:*:*:*:*:*:*pkg:maven/io.wcm/io.wcm.handler.url@1.5.4 0Low39
io.wcm.handler.url-1.6.0.jarcpe:2.3:a:config-handler_project:config-handler:1.6.0:*:*:*:*:*:*:*pkg:maven/io.wcm/io.wcm.handler.url@1.6.0 0Low39
io.wcm.samples:io.wcm.wcm.core.components.examples-core:1.9.3-2.17.12-SNAPSHOTpkg:maven/io.wcm.samples/io.wcm.wcm.core.components.examples-core@1.9.3-2.17.12-SNAPSHOT 06
io.wcm.sling.commons-1.4.0.jarcpe:2.3:a:list_site_pro:list_site_pro:1.4.0:*:*:*:*:*:*:*pkg:maven/io.wcm/io.wcm.sling.commons@1.4.0 0Low36
io.wcm.sling.models-1.6.0.jarcpe:2.3:a:list_site_pro:list_site_pro:1.6.0:*:*:*:*:*:*:*pkg:maven/io.wcm/io.wcm.sling.models@1.6.0 0Low37
io.wcm.wcm.commons-1.9.0.jarcpe:2.3:a:list_site_pro:list_site_pro:1.9.0:*:*:*:*:*:*:*pkg:maven/io.wcm/io.wcm.wcm.commons@1.9.0 0Low39
io.wcm.wcm.ui.granite-1.8.0.jarcpe:2.3:a:list_site_pro:list_site_pro:1.8.0:*:*:*:*:*:*:*pkg:maven/io.wcm/io.wcm.wcm.ui.granite@1.8.0 0Low37
io.wcm.wcm.ui.granite-1.8.0.jar: showhide.js 00
io.wcm.wcm.ui.granite-1.8.0.jar: validation.js 00
io.wcm.wcm.ui.granite-1.8.2.jarcpe:2.3:a:list_site_pro:list_site_pro:1.8.2:*:*:*:*:*:*:*pkg:maven/io.wcm/io.wcm.wcm.ui.granite@1.8.2 0Low37
io.wcm.wcm.ui.granite-1.8.2.jar: showhide.js 00
io.wcm:io.wcm.wcm.core.components:1.9.3-2.17.12-SNAPSHOTpkg:maven/io.wcm/io.wcm.wcm.core.components@1.9.3-2.17.12-SNAPSHOT 06
jackson-core-2.9.5.jarcpe:2.3:a:fasterxml:jackson-modules-java8:2.9.5:*:*:*:*:*:*:*pkg:maven/com.fasterxml.jackson.core/jackson-core@2.9.5MEDIUM1Low49
jackson-databind-2.9.5.jarcpe:2.3:a:fasterxml:jackson-databind:2.9.5:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-modules-java8:2.9.5:*:*:*:*:*:*:*		pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.5CRITICAL60Highest43
javax.servlet-api-3.1.0.jarcpe:2.3:a:oracle:java_se:3.1.0:*:*:*:*:*:*:*pkg:maven/javax.servlet/javax.servlet-api@3.1.0 0Low37
jcr-2.0.jarpkg:maven/javax.jcr/jcr@2.0 032
jdom2-2.0.6.jarcpe:2.3:a:jdom:jdom:2.0.6:*:*:*:*:*:*:*pkg:maven/org.jdom/jdom2@2.0.6HIGH1Highest53
jsp-api-2.1.jarpkg:maven/javax.servlet.jsp/jsp-api@2.1 021
org.apache.sling.caconfig.api-1.1.0.jarcpe:2.3:a:apache:sling:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:sling_api:1.1.0:*:*:*:*:*:*:*		pkg:maven/org.apache.sling/org.apache.sling.caconfig.api@1.1.0MEDIUM1Highest35
org.osgi.dto-1.0.0.jarpkg:maven/org.osgi/org.osgi.dto@1.0.0 037
org.osgi.framework-1.8.0.jarpkg:maven/org.osgi/org.osgi.framework@1.8.0 040
org.osgi.service.cm-1.6.0.jarpkg:maven/org.osgi/org.osgi.service.cm@1.6.0 039
org.osgi.service.component-1.4.0.jarcpe:2.3:a:all-for-one:all_for_one:1.4.0:*:*:*:*:*:*:*pkg:maven/org.osgi/org.osgi.service.component@1.4.0 0Low39
org.osgi.util.tracker-1.5.1.jarpkg:maven/org.osgi/org.osgi.util.tracker@1.5.1 039
slf4j-api-1.7.25.jarpkg:maven/org.slf4j/slf4j-api@1.7.25 027

Dependencies

commons-codec-1.10.jar

Description:

     The Apache Commons Codec package contains simple encoder and decoders for
     various formats such as Base64 and Hexadecimal.  In addition to these
     widely used encoders and decoders, the codec package also maintains a
     collection of phonetic encoding utilities.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/commons-codec/commons-codec/1.10/commons-codec-1.10.jar
MD5: 353cf6a2bdba09595ccfa073b78c7fcb
SHA1: 4b95f4897fa13f2cd904aee711aeafc0c5295cd8
SHA256:4241dfa94e711d435f29a4604a3e2de5c4aa3c165e23bd066be6fc1fc4309569
Referenced In Projects/Scopes:
  • WCM Core Components:compile
  • WCM Core Components Examples:compile
  • WCM Core Components Examples Core:compile

Identifiers

commons-collections-3.2.2.jar

Description:

Types that extend and augment the Java Collections Framework.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/commons-collections/commons-collections/3.2.2/commons-collections-3.2.2.jar
MD5: f54a8510f834a1a57166970bfc982e94
SHA1: 8ad72fe39fa8c91eaaf12aadb21e0c3661fe26d5
SHA256:eeeae917917144a68a741d4c0dff66aa5c5c5fd85593ff217bced3fc8ca783b8
Referenced In Projects/Scopes:
  • WCM Core Components:compile
  • WCM Core Components Examples:compile
  • WCM Core Components Examples Core:compile

Identifiers

commons-io-2.5.jar

Description:

The Apache Commons IO library contains utility classes, stream implementations, file filters, 
file comparators, endian transformation classes, and much more.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/commons-io/commons-io/2.5/commons-io-2.5.jar
MD5: e2d74794fba570ec2115fb9d5b05dc9b
SHA1: 2852e6e05fbb95076fc091f6d1780f1f8fe35e0f
SHA256:a10418348d234968600ccb1d988efcbbd08716e1d96936ccc1880e7d22513474
Referenced In Projects/Scopes:
  • WCM Core Components:compile
  • WCM Core Components Examples:compile
  • WCM Core Components Examples Core:compile

Identifiers

CVE-2021-29425  

In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value.
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSSv3:
  • Base Score: MEDIUM (5.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

commons-lang3-3.6.jar

Description:

  Apache Commons Lang, a package of Java utility classes for the
  classes that are in java.lang's hierarchy, or are considered to be so
  standard as to justify existence in java.lang.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/apache/commons/commons-lang3/3.6/commons-lang3-3.6.jar
MD5: 5d18f68b5122fd398c118df53ab4cf55
SHA1: 9d28a6b23650e8a7e9063c04588ace6cf7012c17
SHA256:89c27f03fff18d0b06e7afd7ef25e209766df95b6c1269d6c3ebbdea48d5f284
Referenced In Projects/Scopes:
  • WCM Core Components:compile
  • WCM Core Components Examples:compile
  • WCM Core Components Examples Core:compile

Identifiers

core.wcm.components.core-2.17.12.jar

Description:

A set of standardized components for AEM 6.3+ that can be used to speed up development of websites.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/adobe/cq/core.wcm.components.core/2.17.12/core.wcm.components.core-2.17.12.jar
MD5: de9bc1c8c33d6a512b6a1eac6d8fc06b
SHA1: bf72fe73d77d56fd25406704a578ff7ca4f6d93b
SHA256:9c88b7d6deff21a177344f697b1644f8e2306e1c43948aae11a052138906ba64
Referenced In Projects/Scopes:
  • WCM Core Components:compile
  • WCM Core Components Examples:compile
  • WCM Core Components Examples Core:compile

Identifiers

CVE-2021-21043  

ACS Commons version 4.9.2 (and earlier) suffers from a Reflected Cross-site Scripting (XSS) vulnerability in version-compare and page-compare due to invalid JCR characters that are not handled correctly. An attacker could potentially exploit this vulnerability to inject malicious JavaScript content into vulnerable form fields and execute it within the context of the victim's browser. Exploitation of this issue requires user interaction in order to be successful.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions:

guava-15.0.jar

Description:

    Guava is a suite of core and expanded libraries that include
    utility classes, google's collections, io classes, and much
    much more.

    Guava has two code dependencies - javax.annotation
    per the JSR-305 spec and javax.inject per the JSR-330 spec.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/google/guava/guava/15.0/guava-15.0.jar
MD5: 2c10bb2ca3ac8b55b0e77e54a7eb3744
SHA1: ed727a8d9f247e2050281cb083f1c77b09dcb5cd
SHA256:7a34575770eebc60a5476616e3676a6cb6f2975c78c415e2a6014ac724ba5783
Referenced In Projects/Scopes:
  • WCM Core Components:compile
  • WCM Core Components Examples:compile
  • WCM Core Components Examples Core:compile

Identifiers

CVE-2018-10237  

Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable.
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: MEDIUM (5.9)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2020-8908  

A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in question has been marked @Deprecated in versions 30.0 and later and should not be used. For Android developers, we recommend choosing a temporary directory API provided by Android, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime's java.io.tmpdir system property to point to a location whose permissions are appropriately configured.
CWE-732 Incorrect Permission Assignment for Critical Resource

CVSSv2:
  • Base Score: LOW (2.1)
  • Vector: /AV:L/AC:L/Au:N/C:P/I:N/A:N
CVSSv3:
  • Base Score: LOW (3.3)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

image.js

File Path: /home/runner/work/wcm-io-wcm-core-components/wcm-io-wcm-core-components/bundles/core/src/main/webapp/app-root/components/image/v2/image/clientlibs/editor/js/image.js
MD5: 685273406512e4ae15dcff5fea8104d0
SHA1: a20f85801a9e30712af8bca2d3f3335a42fb463f
SHA256:28345e7fa30cab12e6e74a94c39cb19eaf5c39ac326409c187acde8d8c26cd7d
Referenced In Project/Scope:WCM Core Components

Identifiers

  • None

io.wcm.caconfig.editor-1.8.6.jar

Description:

Context-Aware Configuration Editor Template for AEM.

License:

"The Apache Software License, Version 2.0";link="http://www.apache.org/licenses/LICENSE-2.0.txt"
File Path: /home/runner/.m2/repository/io/wcm/io.wcm.caconfig.editor/1.8.6/io.wcm.caconfig.editor-1.8.6.jar
MD5: ae09011d8c43f2f46ecd390a03c369aa
SHA1: 145b0902955cd0ba8d0ea810527e24c99e1d99c7
SHA256:53d8d51d39d2b790f2aaa64a9bbc86df5374af041d3777dfc662e4707b82de73
Referenced In Project/Scope:WCM Core Components Examples:compile

Identifiers

io.wcm.caconfig.editor-1.8.6.jar: add-collection-item.controller.js

File Path: /home/runner/.m2/repository/io/wcm/io.wcm.caconfig.editor/1.8.6/io.wcm.caconfig.editor-1.8.6.jar/SLING-INF/app-root/clientlibs/io.wcm.caconfig.editor/js/modals/add-collection-item.controller.js
MD5: 4db9edbec7c16f5d9be03342212e5f0b
SHA1: a64aaff5fa45b5aa0374f4ab96c37d19a19dc698
SHA256:61b71fc2b7072578118c42e935f8264396c86f3470c8b95d295f3d1fd5a0be95
Referenced In Project/Scope:WCM Core Components Examples:compile

Identifiers

  • None

io.wcm.caconfig.editor-1.8.6.jar: add-config.controller.js

File Path: /home/runner/.m2/repository/io/wcm/io.wcm.caconfig.editor/1.8.6/io.wcm.caconfig.editor-1.8.6.jar/SLING-INF/app-root/clientlibs/io.wcm.caconfig.editor/js/modals/add-config.controller.js
MD5: 7765b5e81c3532b3ae25050579324667
SHA1: 94a60cb40eca160f525e30c2bfee8929eda63bb7
SHA256:c5fb1aaf0b35b19d3bd72c8f25a7e45983024f14d4a23fcde9875271245f8322
Referenced In Project/Scope:WCM Core Components Examples:compile

Identifiers

  • None

io.wcm.caconfig.editor-1.8.6.jar: angular-route.min.js

File Path: /home/runner/.m2/repository/io/wcm/io.wcm.caconfig.editor/1.8.6/io.wcm.caconfig.editor-1.8.6.jar/SLING-INF/app-root/clientlibs/io.wcm.caconfig.editor.angularjs/js/angular-route.min.js
MD5: 8310df74d8455b6adf0f2f2585a99ccb
SHA1: 176ca624e8d59ffb46b2691cab020c8134c50e4a
SHA256:ee8c45446af4470831a701cf9a3e800be16ce80dc317dfdabb30a0de8d7e94f9
Referenced In Project/Scope:WCM Core Components Examples:compile

Identifiers

  • None

io.wcm.caconfig.editor-1.8.6.jar: angular.min.js

File Path: /home/runner/.m2/repository/io/wcm/io.wcm.caconfig.editor/1.8.6/io.wcm.caconfig.editor-1.8.6.jar/SLING-INF/app-root/clientlibs/io.wcm.caconfig.editor.angularjs/js/angular.min.js
MD5: f6be7dc0dca4488dcf62c978ca101fd8
SHA1: 8e557d253c8d3d4a9b5d9e691a73b95a0206f43a
SHA256:7b529d2fb970c54dff4ebd5e71a41e7a8cdbc8410876be674bdf21079134132b
Referenced In Project/Scope:WCM Core Components Examples:compile

Identifiers

  • None

io.wcm.caconfig.editor-1.8.6.jar: app.module.js

File Path: /home/runner/.m2/repository/io/wcm/io.wcm.caconfig.editor/1.8.6/io.wcm.caconfig.editor-1.8.6.jar/SLING-INF/app-root/clientlibs/io.wcm.caconfig.editor/js/app.module.js
MD5: e0e27e0d461f47724ebc493d943579e1
SHA1: 6cf114b35e1c512d524bc4f107b34fa1233406b5
SHA256:46f6d84b4652c59d0d328987de6cc4b64f8e1216968c4e62d338214f7e5309c2
Referenced In Project/Scope:WCM Core Components Examples:compile

Identifiers

  • None

io.wcm.caconfig.editor-1.8.6.jar: bindonce.min.js

File Path: /home/runner/.m2/repository/io/wcm/io.wcm.caconfig.editor/1.8.6/io.wcm.caconfig.editor-1.8.6.jar/SLING-INF/app-root/clientlibs/io.wcm.caconfig.editor.angularjs/js/bindonce.min.js
MD5: 2b592ca21f055145c3ce7729771ab35b
SHA1: 8471ba6859a2753a1be9d7f17c41068509d781e2
SHA256:2f90ba6c6abda41fd1ceb7f23781109b439d67edda37e8893a632f4a35054afb
Referenced In Project/Scope:WCM Core Components Examples:compile

Identifiers

  • None

io.wcm.caconfig.editor-1.8.6.jar: config-cache.service.js

File Path: /home/runner/.m2/repository/io/wcm/io.wcm.caconfig.editor/1.8.6/io.wcm.caconfig.editor-1.8.6.jar/SLING-INF/app-root/clientlibs/io.wcm.caconfig.editor/js/editor/config-cache.service.js
MD5: a50cce76430c266461658e824426d180
SHA1: 8c250379c38947b6886517c9df853bb1e04c81ba
SHA256:0a2924043fb2e77912025f0543901bd903ea1bbf9d3e34b79c1319a00e0caa9d
Referenced In Project/Scope:WCM Core Components Examples:compile

Identifiers

  • None

io.wcm.caconfig.editor-1.8.6.jar: config-table.directive.js

File Path: /home/runner/.m2/repository/io/wcm/io.wcm.caconfig.editor/1.8.6/io.wcm.caconfig.editor-1.8.6.jar/SLING-INF/app-root/clientlibs/io.wcm.caconfig.editor/js/widgets/config-table.directive.js
MD5: 7f635e4741f90e564bd1883b09836f3b
SHA1: c3c0bca5f07ba44a7572ab1a0a69f7f953c66b3a
SHA256:c20ce6f15f2ce78d98aa1576a744741c406fe03fb3720ba817408ae9a75fb9f5
Referenced In Project/Scope:WCM Core Components Examples:compile

Identifiers

  • None

io.wcm.caconfig.editor-1.8.6.jar: config.service.js

File Path: /home/runner/.m2/repository/io/wcm/io.wcm.caconfig.editor/1.8.6/io.wcm.caconfig.editor-1.8.6.jar/SLING-INF/app-root/clientlibs/io.wcm.caconfig.editor/js/editor/config.service.js
MD5: 3161c1a0ba0ccf7199a326437e5fb00d
SHA1: 9f639aac223bce002a0ef55c0543bca308bf63ec
SHA256:2cf8794f27f331024f8f78e50cb86668c88de8ae3d29e2393e86fae3f6ed5d60
Referenced In Project/Scope:WCM Core Components Examples:compile

Identifiers

  • None

io.wcm.caconfig.editor-1.8.6.jar: current-config.service.js

File Path: /home/runner/.m2/repository/io/wcm/io.wcm.caconfig.editor/1.8.6/io.wcm.caconfig.editor-1.8.6.jar/SLING-INF/app-root/clientlibs/io.wcm.caconfig.editor/js/editor/current-config.service.js
MD5: a4dc0579f54d43cdf4044f0f665c3556
SHA1: 9cf76ad26f772b596fde9b5d999efab3ec2b21cf
SHA256:a6b94854a3881902aaa997a63c8c31a9d07825f5536f8e604162a9e2fbe8f5b7
Referenced In Project/Scope:WCM Core Components Examples:compile

Identifiers

  • None

io.wcm.caconfig.editor-1.8.6.jar: data-helper.service.js

File Path: /home/runner/.m2/repository/io/wcm/io.wcm.caconfig.editor/1.8.6/io.wcm.caconfig.editor-1.8.6.jar/SLING-INF/app-root/clientlibs/io.wcm.caconfig.editor/js/editor/data-helper.service.js
MD5: 9afe58cf8599ef45bc9c3b1b71a3c861
SHA1: 70e15807207bf051fa0ea4ec7f34fe2b5c3cc3cc
SHA256:10fe479aaae23ba472628c86bddeca3311f09e07304b0901ca483440bea4954a
Referenced In Project/Scope:WCM Core Components Examples:compile

Identifiers

  • None

io.wcm.caconfig.editor-1.8.6.jar: data.service.js

File Path: /home/runner/.m2/repository/io/wcm/io.wcm.caconfig.editor/1.8.6/io.wcm.caconfig.editor-1.8.6.jar/SLING-INF/app-root/clientlibs/io.wcm.caconfig.editor/js/editor/data.service.js
MD5: 14a8f06a7dbb11e0076b43cf34a67e54
SHA1: 64a827f0a91508f737eae86c5c0261877712a256
SHA256:19a3c08b43cd55cd28e906ad2cfdbc290754e4ae6e378ecd591a94b5238ef90c
Referenced In Project/Scope:WCM Core Components Examples:compile

Identifiers

  • None

io.wcm.caconfig.editor-1.8.6.jar: delete-config.controller.js

File Path: /home/runner/.m2/repository/io/wcm/io.wcm.caconfig.editor/1.8.6/io.wcm.caconfig.editor-1.8.6.jar/SLING-INF/app-root/clientlibs/io.wcm.caconfig.editor/js/modals/delete-config.controller.js
MD5: 56f1e314c3c2269761cca619f9494ba4
SHA1: e5563df4e84bd5fc0770da1236adb6968e87af03
SHA256:2fa9e7a5b0eaee68b02cd2471d68e92ec5af5391adadb9a03f6684207431e6c9
Referenced In Project/Scope:WCM Core Components Examples:compile

Identifiers

  • None

io.wcm.caconfig.editor-1.8.6.jar: description-popup.directive.js

File Path: /home/runner/.m2/repository/io/wcm/io.wcm.caconfig.editor/1.8.6/io.wcm.caconfig.editor-1.8.6.jar/SLING-INF/app-root/clientlibs/io.wcm.caconfig.editor/js/widgets/description-popup.directive.js
MD5: abe86d1159d9d1e99bb973c35cd87900
SHA1: b7b43dd6bacd6dbfeef67dde70ee1d236b96fece
SHA256:55591827ce0326d476ae41aafd3a711cb0b20f1aa7f1a3faca52ae5e6c041993
Referenced In Project/Scope:WCM Core Components Examples:compile

Identifiers

  • None

io.wcm.caconfig.editor-1.8.6.jar: detail.controller.js

File Path: /home/runner/.m2/repository/io/wcm/io.wcm.caconfig.editor/1.8.6/io.wcm.caconfig.editor-1.8.6.jar/SLING-INF/app-root/clientlibs/io.wcm.caconfig.editor/js/editor/detail.controller.js
MD5: 9406a0d7c35361f037f72b5c4884b4a0
SHA1: 60217aa2b7fd08c64834aa9196020750542d4a45
SHA256:e63fa9a0c33cf974d0a87d4f89693a3650f6c49300a4b589aa18545621e3f2a4
Referenced In Project/Scope:WCM Core Components Examples:compile

Identifiers

  • None

io.wcm.caconfig.editor-1.8.6.jar: editor.module.js

File Path: /home/runner/.m2/repository/io/wcm/io.wcm.caconfig.editor/1.8.6/io.wcm.caconfig.editor-1.8.6.jar/SLING-INF/app-root/clientlibs/io.wcm.caconfig.editor/js/editor/editor.module.js
MD5: 1afe7cbd62ce171c8f514463e5e513eb
SHA1: 8619b73191de25242c0d776ceef47126e3ed1ea5
SHA256:05ddfe8df1e4a97159293461fc859a3f3c642248aaf5db1aab538b1f8c1f36e7
Referenced In Project/Scope:WCM Core Components Examples:compile

Identifiers

  • None

io.wcm.caconfig.editor-1.8.6.jar: editor.routes.js

File Path: /home/runner/.m2/repository/io/wcm/io.wcm.caconfig.editor/1.8.6/io.wcm.caconfig.editor-1.8.6.jar/SLING-INF/app-root/clientlibs/io.wcm.caconfig.editor/js/editor/editor.routes.js
MD5: b5567b4ed0978b9604a5ba730dc9280a
SHA1: 8b0e3ab28ae211d95af3610091751fef97d91b4c
SHA256:b05747ab45880af89349ec568e62103870ca8c2cc0f1b7012f7aa6bdc34265e3
Referenced In Project/Scope:WCM Core Components Examples:compile

Identifiers

  • None

io.wcm.caconfig.editor-1.8.6.jar: error.controller.js

File Path: /home/runner/.m2/repository/io/wcm/io.wcm.caconfig.editor/1.8.6/io.wcm.caconfig.editor-1.8.6.jar/SLING-INF/app-root/clientlibs/io.wcm.caconfig.editor/js/modals/error.controller.js
MD5: 77160daf2028f0a0b0ec24887d8b0643
SHA1: 247d67cc74cac53848b085bd38fcedcf57d5afa5
SHA256:105a02d1fefc617dab67a7d36e149f5a953e12ed0e3d0ea73c3baad0c1068a86
Referenced In Project/Scope:WCM Core Components Examples:compile

Identifiers

  • None

io.wcm.caconfig.editor-1.8.6.jar: info.controller.js

File Path: /home/runner/.m2/repository/io/wcm/io.wcm.caconfig.editor/1.8.6/io.wcm.caconfig.editor-1.8.6.jar/SLING-INF/app-root/clientlibs/io.wcm.caconfig.editor/js/modals/info.controller.js
MD5: 47fb14341fe2df3f3be95f5629a973ab
SHA1: 8bb8d6ba454e458ac9c6f8572ba22f1eb3f022b1
SHA256:83b2ef90615be12e02b6c04414d40b35dd091215b319f94660d12df8d3241d64
Referenced In Project/Scope:WCM Core Components Examples:compile

Identifiers

  • None

io.wcm.caconfig.editor-1.8.6.jar: modal.service.js

File Path: /home/runner/.m2/repository/io/wcm/io.wcm.caconfig.editor/1.8.6/io.wcm.caconfig.editor-1.8.6.jar/SLING-INF/app-root/clientlibs/io.wcm.caconfig.editor/js/modals/modal.service.js
MD5: ff8b9ecf133338f27b02beb32494a03a
SHA1: bef5966724d5afaf72d3a8cc7820cbeb6a757ac3
SHA256:695928ba56886a18eecb6dc35bd86de765fa25b5e62316d5163d016355006783
Referenced In Project/Scope:WCM Core Components Examples:compile

Identifiers

  • None

io.wcm.caconfig.editor-1.8.6.jar: modals.module.js

File Path: /home/runner/.m2/repository/io/wcm/io.wcm.caconfig.editor/1.8.6/io.wcm.caconfig.editor-1.8.6.jar/SLING-INF/app-root/clientlibs/io.wcm.caconfig.editor/js/modals/modals.module.js
MD5: 6ec21e404c0adb718b8a2e8ba3690748
SHA1: 7312c00e85a1daafa3d86db7c7d089feecd4c784
SHA256:e97a95067bb83075790c5c8ed7ffe47ba81bcbde6477e5ba198792cfd15d8d37
Referenced In Project/Scope:WCM Core Components Examples:compile

Identifiers

  • None

io.wcm.caconfig.editor-1.8.6.jar: multifield.directive.js

File Path: /home/runner/.m2/repository/io/wcm/io.wcm.caconfig.editor/1.8.6/io.wcm.caconfig.editor-1.8.6.jar/SLING-INF/app-root/clientlibs/io.wcm.caconfig.editor/js/widgets/multifield.directive.js
MD5: 1a2d32f9fb9f81c69ece3b126c8cb63f
SHA1: 29625414a710160bc4db8009663ff0829c411288
SHA256:fe06bfd7ef25a0c8c8771a99d652663ce9bd77ac119c91467e44842e809c68dc
Referenced In Project/Scope:WCM Core Components Examples:compile

Identifiers

  • None

io.wcm.caconfig.editor-1.8.6.jar: overview.controller.js

File Path: /home/runner/.m2/repository/io/wcm/io.wcm.caconfig.editor/1.8.6/io.wcm.caconfig.editor-1.8.6.jar/SLING-INF/app-root/clientlibs/io.wcm.caconfig.editor/js/editor/overview.controller.js
MD5: f9f4a7752a086be8437aa8d70cbe2f1e
SHA1: 5d3c7d28b67734120fd95871e344c48badc30705
SHA256:9e580622d8d9cb33cdb5dffaf78aaf571266a2b3669c64a47d92644e5929854f
Referenced In Project/Scope:WCM Core Components Examples:compile

Identifiers

  • None

io.wcm.caconfig.editor-1.8.6.jar: pathbrowser.directive.js

File Path: /home/runner/.m2/repository/io/wcm/io.wcm.caconfig.editor/1.8.6/io.wcm.caconfig.editor-1.8.6.jar/SLING-INF/app-root/clientlibs/io.wcm.caconfig.editor/js/widgets/pathbrowser.directive.js
MD5: 2f5474c091ee4bc676e258d95e640903
SHA1: 3259144427a9ace04f487bbf63ae8afac29f0bbf
SHA256:70fe3aac5de45bf8e0b6fd6cc0b50cbb5067c113c47ffadff99e4e435b4f9baa
Referenced In Project/Scope:WCM Core Components Examples:compile

Identifiers

  • None

io.wcm.caconfig.editor-1.8.6.jar: property-dropdown.directive.js

File Path: /home/runner/.m2/repository/io/wcm/io.wcm.caconfig.editor/1.8.6/io.wcm.caconfig.editor-1.8.6.jar/SLING-INF/app-root/clientlibs/io.wcm.caconfig.editor/js/widgets/property-dropdown.directive.js
MD5: 60278dcaf3d2d522abb2fb274eeae0ec
SHA1: 96f36dbc9a4a09aa2193c694eb05ca57294a149a
SHA256:4d5f70cd90848fe9e151b5e94c8b8f947be16e29ff1b78c06a92591101e80260
Referenced In Project/Scope:WCM Core Components Examples:compile

Identifiers

  • None

io.wcm.caconfig.editor-1.8.6.jar: property-edit-link.directive.js

File Path: /home/runner/.m2/repository/io/wcm/io.wcm.caconfig.editor/1.8.6/io.wcm.caconfig.editor-1.8.6.jar/SLING-INF/app-root/clientlibs/io.wcm.caconfig.editor/js/widgets/property-edit-link.directive.js
MD5: 2d86e929b380f9d0ce28893424bae76a
SHA1: e19a7f2aba2334ad1166a61408aa7c7794955709
SHA256:ebd2efef0c518c609b2f044bc2429c07392ee0ea224a6ce8ad00ca3f0d0f93f2
Referenced In Project/Scope:WCM Core Components Examples:compile

Identifiers

  • None

io.wcm.caconfig.editor-1.8.6.jar: property-input-checkbox.directive.js

File Path: /home/runner/.m2/repository/io/wcm/io.wcm.caconfig.editor/1.8.6/io.wcm.caconfig.editor-1.8.6.jar/SLING-INF/app-root/clientlibs/io.wcm.caconfig.editor/js/widgets/property-input-checkbox.directive.js
MD5: ee24ed0b2da3091d1d19c47119becd5e
SHA1: 43553259eca8ca36f558c48c57321e4e94415069
SHA256:59747146050d71e5a0093e3a6f4c2999065b4dc0f30169063dc76370350428c6
Referenced In Project/Scope:WCM Core Components Examples:compile

Identifiers

  • None

io.wcm.caconfig.editor-1.8.6.jar: property-input-text.directive.js

File Path: /home/runner/.m2/repository/io/wcm/io.wcm.caconfig.editor/1.8.6/io.wcm.caconfig.editor-1.8.6.jar/SLING-INF/app-root/clientlibs/io.wcm.caconfig.editor/js/widgets/property-input-text.directive.js
MD5: 77aa3d9e5e3bc0fe12ba5733e7bd41e7
SHA1: 774de8059700971bbc36f1f93d67625dfaf2a051
SHA256:b35c1a3ad20c06b75651fed91c54601d0d00bdb9b75bcfce31acfd60121f6685
Referenced In Project/Scope:WCM Core Components Examples:compile

Identifiers

  • None

io.wcm.caconfig.editor-1.8.6.jar: property-input-textarea.directive.js

File Path: /home/runner/.m2/repository/io/wcm/io.wcm.caconfig.editor/1.8.6/io.wcm.caconfig.editor-1.8.6.jar/SLING-INF/app-root/clientlibs/io.wcm.caconfig.editor/js/widgets/property-input-textarea.directive.js
MD5: aa0ee96aa21f20e9c6dc1bf66d932e79
SHA1: d6de051754a24bc7cb0ed3c7ef81319b4f85ca33
SHA256:d391920715604d5895d78fc3a19a6cd61209694b864cb8c51e5215899657c9b7
Referenced In Project/Scope:WCM Core Components Examples:compile

Identifiers

  • None

io.wcm.caconfig.editor-1.8.6.jar: property-row-preview.directive.js

File Path: /home/runner/.m2/repository/io/wcm/io.wcm.caconfig.editor/1.8.6/io.wcm.caconfig.editor-1.8.6.jar/SLING-INF/app-root/clientlibs/io.wcm.caconfig.editor/js/widgets/property-row-preview.directive.js
MD5: f76441a180754b61fd7c12a3eba0b96b
SHA1: 6b6c209e51e3013c1dc501f42988a2a3d51bb4aa
SHA256:cb4c0e5fc08af3e773be9c67066dd1087ee0ec2e1118a525145cc95548ec3543
Referenced In Project/Scope:WCM Core Components Examples:compile

Identifiers

  • None

io.wcm.caconfig.editor-1.8.6.jar: property-row.directive.js

File Path: /home/runner/.m2/repository/io/wcm/io.wcm.caconfig.editor/1.8.6/io.wcm.caconfig.editor-1.8.6.jar/SLING-INF/app-root/clientlibs/io.wcm.caconfig.editor/js/widgets/property-row.directive.js
MD5: 88143e9829a374616d1c25e1dbf098f1
SHA1: db6a47aadca2d0f2d6fa9f108eda3d6d0b9b9e64
SHA256:7c3a3229411b34cbca7d1eb2e4198d4723d2d9d2b72e0ce0c83974a938849302
Referenced In Project/Scope:WCM Core Components Examples:compile

Identifiers

  • None

io.wcm.caconfig.editor-1.8.6.jar: publish.service.js

File Path: /home/runner/.m2/repository/io/wcm/io.wcm.caconfig.editor/1.8.6/io.wcm.caconfig.editor-1.8.6.jar/SLING-INF/app-root/clientlibs/io.wcm.caconfig.editor/js/editor/publish.service.js
MD5: 628e06fae98608129772d806cfdd077a
SHA1: aa7e8bea77684f6bb7c611fdfc93214cea26a114
SHA256:b50dc43baca8c7ea6729242018a767f0703a1bdd8d20eabce1d0ba2bc8fd6f83
Referenced In Project/Scope:WCM Core Components Examples:compile

Identifiers

  • None

io.wcm.caconfig.editor-1.8.6.jar: save-config.controller.js

File Path: /home/runner/.m2/repository/io/wcm/io.wcm.caconfig.editor/1.8.6/io.wcm.caconfig.editor-1.8.6.jar/SLING-INF/app-root/clientlibs/io.wcm.caconfig.editor/js/modals/save-config.controller.js
MD5: d941f4e5081a6e049c40c1795fc41b22
SHA1: e14bbc8644e06558a025e28db6651bdd9033a04a
SHA256:fc62fbefaa5553d002242218b99467dcb0e847bede81a3aca0f7ba868fd1bac4
Referenced In Project/Scope:WCM Core Components Examples:compile

Identifiers

  • None

io.wcm.caconfig.editor-1.8.6.jar: templates.module.js

File Path: /home/runner/.m2/repository/io/wcm/io.wcm.caconfig.editor/1.8.6/io.wcm.caconfig.editor-1.8.6.jar/SLING-INF/app-root/clientlibs/io.wcm.caconfig.editor/js/templates.module.js
MD5: fbebb23683a3d6ce1e9141935daf5285
SHA1: ead39a4057a8ef79898c4b470a536845a187f75b
SHA256:e1ab55162a4d1b4bd481186a8570b6d6371d4dd5f6ee605e7cfa003f841160c7
Referenced In Project/Scope:WCM Core Components Examples:compile

Identifiers

  • None

io.wcm.caconfig.editor-1.8.6.jar: ui.service.js

File Path: /home/runner/.m2/repository/io/wcm/io.wcm.caconfig.editor/1.8.6/io.wcm.caconfig.editor-1.8.6.jar/SLING-INF/app-root/clientlibs/io.wcm.caconfig.editor/js/ui.service.js
MD5: 893eb285d518797d5928fc86a876d345
SHA1: fdab2e638b75c4b4d5da92a132ce18ae9ba39509
SHA256:87f4dcf1e66ee94cd53504d72af7786e855d5aa91cebf3b77fd251a933990b3d
Referenced In Project/Scope:WCM Core Components Examples:compile

Identifiers

  • None

io.wcm.caconfig.editor-1.8.6.jar: utilities.module.js

File Path: /home/runner/.m2/repository/io/wcm/io.wcm.caconfig.editor/1.8.6/io.wcm.caconfig.editor-1.8.6.jar/SLING-INF/app-root/clientlibs/io.wcm.caconfig.editor/js/utilities.module.js
MD5: fbaebe33ecf34d2afffbab54f21a1d28
SHA1: 65276876d986476c472b5f67b852c92d1b258b78
SHA256:4f6445e7765298c2ae6e9a494075f2b0a2e582719b2f5e7cf1d1dc9e835bf92e
Referenced In Project/Scope:WCM Core Components Examples:compile

Identifiers

  • None

io.wcm.caconfig.editor-1.8.6.jar: widgets.constants.js

File Path: /home/runner/.m2/repository/io/wcm/io.wcm.caconfig.editor/1.8.6/io.wcm.caconfig.editor-1.8.6.jar/SLING-INF/app-root/clientlibs/io.wcm.caconfig.editor/js/widgets/widgets.constants.js
MD5: 5f91e5ab435af756c9024aecdb7383d8
SHA1: 23c01c5e96863616044fc9d5bbe1be0698eca70b
SHA256:28289e932fe69b7ee73fe4373d9e74acbaf90e11f424938ff09400d52c447ca0
Referenced In Project/Scope:WCM Core Components Examples:compile

Identifiers

  • None

io.wcm.caconfig.editor-1.8.6.jar: widgets.module.js

File Path: /home/runner/.m2/repository/io/wcm/io.wcm.caconfig.editor/1.8.6/io.wcm.caconfig.editor-1.8.6.jar/SLING-INF/app-root/clientlibs/io.wcm.caconfig.editor/js/widgets/widgets.module.js
MD5: 8bfa929c504a471e23709e95058d8558
SHA1: 0e71a669e9ce6de71c2773f89b7aa1f38bd386fe
SHA256:a71a524d756581a937800fb69c425a3f42e498dd1c8cb07ed5fd195e2f0f318f
Referenced In Project/Scope:WCM Core Components Examples:compile

Identifiers

  • None

io.wcm.caconfig.extensions-1.8.8.jar

Description:

AEM-specific extensions for Apache Sling Context-Aware Configuration.

License:

"The Apache Software License, Version 2.0";link="http://www.apache.org/licenses/LICENSE-2.0.txt"
File Path: /home/runner/.m2/repository/io/wcm/io.wcm.caconfig.extensions/1.8.8/io.wcm.caconfig.extensions-1.8.8.jar
MD5: 2504e30f65f8535e2540005109bfd784
SHA1: 0e951223b1e4e98ff6b88a8e2207f1f27ca43944
SHA256:96f21d098664a2650a0aa4afef736b5d336e0a3722e61451a25aaddcb5f02697
Referenced In Project/Scope:WCM Core Components Examples:compile

Identifiers

io.wcm.handler.commons-1.4.0.jar

Description:

Functionality shared by the handler implementations.

License:

"The Apache Software License, Version 2.0";link="http://www.apache.org/licenses/LICENSE-2.0.txt"
File Path: /home/runner/.m2/repository/io/wcm/io.wcm.handler.commons/1.4.0/io.wcm.handler.commons-1.4.0.jar
MD5: 22d3937da67bf428d8fafec31bb66666
SHA1: 3d49669d3abe379dad3cd42dee94f1c2ed81cd92
SHA256:b9aff5dff0d2226cb4ce008b286a08d6f2f7684c97f4ab7bdf6e5df228fc4af9
Referenced In Projects/Scopes:
  • WCM Core Components:compile
  • WCM Core Components Examples Core:compile

Identifiers

io.wcm.handler.commons-1.4.2.jar

Description:

Functionality shared by the handler implementations.

License:

"The Apache Software License, Version 2.0";link="http://www.apache.org/licenses/LICENSE-2.0.txt"
File Path: /home/runner/.m2/repository/io/wcm/io.wcm.handler.commons/1.4.2/io.wcm.handler.commons-1.4.2.jar
MD5: 8ffd12a76c573346ddd628231db01ceb
SHA1: e3cad3d019378c29cbe536d882b1aebe661acb2d
SHA256:bd719ea504437744b3fa694451ebc4ab9f0eb2078ba64f6939d405ed3f45d19d
Referenced In Project/Scope:WCM Core Components Examples:compile

Identifiers

io.wcm.handler.link-1.7.4.jar

Description:

Link resolving, processing and markup generation.

License:

"The Apache Software License, Version 2.0";link="http://www.apache.org/licenses/LICENSE-2.0.txt"
File Path: /home/runner/.m2/repository/io/wcm/io.wcm.handler.link/1.7.4/io.wcm.handler.link-1.7.4.jar
MD5: 78d1eaaac5efd93913322bf10d291eae
SHA1: 728e927cb246afbf0268bff4be7aa7685277c43c
SHA256:acb99975de7cbca73515aa46e791b54203405d0b26cf983fc22aaeed99946742
Referenced In Projects/Scopes:
  • WCM Core Components:compile
  • WCM Core Components Examples Core:compile

Identifiers

io.wcm.handler.link-1.7.4.jar: validation.js

File Path: /home/runner/.m2/repository/io/wcm/io.wcm.handler.link/1.7.4/io.wcm.handler.link-1.7.4.jar/SLING-INF/app-root/clientlibs/authoring/dialog/js/validation.js
MD5: 60adc20bbff1f3503d5409665d6030da
SHA1: 764dc6c771d6625870dbddac32074e63856a2cbf
SHA256:d3ee0e4b2c43d5e45e65906a2086759ec22d282baa35e16bab6dc2e1ae971300
Referenced In Projects/Scopes:

  • WCM Core Components:compile
  • WCM Core Components Examples:compile
  • WCM Core Components Examples Core:compile

Identifiers

  • None

io.wcm.handler.link-1.8.0.jar

Description:

Link resolving, processing and markup generation.

License:

"The Apache Software License, Version 2.0";link="http://www.apache.org/licenses/LICENSE-2.0.txt"
File Path: /home/runner/.m2/repository/io/wcm/io.wcm.handler.link/1.8.0/io.wcm.handler.link-1.8.0.jar
MD5: 69f8ba7e065f321d9ef02010e60ed079
SHA1: c05d30bafda035e78f8f0d2794232b377c85b0c4
SHA256:b602e80a8649ce67c0517a0ed7f0da13c06bccf95c82e838f680cf5253d85564
Referenced In Project/Scope:WCM Core Components Examples:compile

Identifiers

io.wcm.handler.media-1.13.6.jar

Description:

Media resolving, processing and markup generation.

License:

"The Apache Software License, Version 2.0";link="http://www.apache.org/licenses/LICENSE-2.0.txt"
File Path: /home/runner/.m2/repository/io/wcm/io.wcm.handler.media/1.13.6/io.wcm.handler.media-1.13.6.jar
MD5: 1ba93aebca72e8554655fb519188853e
SHA1: de91242c7a2cc471be76738728c570fdf1c14426
SHA256:158c7c8f53304c7882c625fefa410682fd77a153fdc88bf9f97c3ad52fb7dfc6
Referenced In Projects/Scopes:
  • WCM Core Components:compile
  • WCM Core Components Examples Core:compile

Identifiers

io.wcm.handler.media-1.13.6.jar: fileupload.js

File Path: /home/runner/.m2/repository/io/wcm/io.wcm.handler.media/1.13.6/io.wcm.handler.media-1.13.6.jar/SLING-INF/app-root/clientlibs/authoring/dialog/js/fileupload.js
MD5: 228b2fffc6abfcdd799e78898e1f99f0
SHA1: fb786d6d24f5a9e073922bf44124c2d220f26eb4
SHA256:ce8922cde6eb4f852d6303d70d68ee5465eb8fca64ca98a4eb5f394c67c68565
Referenced In Projects/Scopes:

  • WCM Core Components:compile
  • WCM Core Components Examples:compile
  • WCM Core Components Examples Core:compile

Identifiers

  • None

io.wcm.handler.media-1.13.6.jar: mediaFormatValidate.js

File Path: /home/runner/.m2/repository/io/wcm/io.wcm.handler.media/1.13.6/io.wcm.handler.media-1.13.6.jar/SLING-INF/app-root/clientlibs/authoring/dialog/js/mediaFormatValidate.js
MD5: d651e04f32fb3bb0fced07ed1a2005fc
SHA1: dea24b24548036a6996bc1136ca199801bf77f61
SHA256:f717ede12e856a344c5aecd4dc56da7f369a0f109f74bdf2f372b5b18131583f
Referenced In Projects/Scopes:

  • WCM Core Components:compile
  • WCM Core Components Examples:compile
  • WCM Core Components Examples Core:compile

Identifiers

  • None

io.wcm.handler.media-1.13.6.jar: namespace.js

File Path: /home/runner/.m2/repository/io/wcm/io.wcm.handler.media/1.13.6/io.wcm.handler.media-1.13.6.jar/SLING-INF/app-root/clientlibs/authoring/dialog/js/namespace.js
MD5: 1ee97355e0dea2b938d18b793ee3afcb
SHA1: db8dcc1d4119b2318d6e9b82a535acd358623efb
SHA256:f394f7656cfdb529859443f44bde815af90197ff886a25b09e35a840fc505f9a
Referenced In Projects/Scopes:

  • WCM Core Components:compile
  • WCM Core Components Examples:compile
  • WCM Core Components Examples Core:compile

Identifiers

  • None

io.wcm.handler.media-1.13.6.jar: pathfield.js

File Path: /home/runner/.m2/repository/io/wcm/io.wcm.handler.media/1.13.6/io.wcm.handler.media-1.13.6.jar/SLING-INF/app-root/clientlibs/authoring/dialog/js/pathfield.js
MD5: d8bdda5721510948d2a115432a45a19a
SHA1: 592bba9dae3da6ab12020e0c2b3173446e3b5ac6
SHA256:20a9cbff936311f0e1cb5b3d1ad385508bab22788cdc15c9e94338f26fe8a236
Referenced In Projects/Scopes:

  • WCM Core Components:compile
  • WCM Core Components Examples:compile
  • WCM Core Components Examples Core:compile

Identifiers

  • None

io.wcm.handler.media-1.13.6.jar: validation.js

File Path: /home/runner/.m2/repository/io/wcm/io.wcm.handler.media/1.13.6/io.wcm.handler.media-1.13.6.jar/SLING-INF/app-root/clientlibs/authoring/dialog/js/validation.js
MD5: c8ce854cad6f2376a0cf0e04bd298808
SHA1: 60e641d95e570022dd82aaa25fa8ff8922cebdbf
SHA256:98755c24e6772dfdc4cf8e8ff5e51e0ef98008371b715ae4677dd1df1dae2138
Referenced In Projects/Scopes:

  • WCM Core Components:compile
  • WCM Core Components Examples:compile
  • WCM Core Components Examples Core:compile

Identifiers

  • None

io.wcm.handler.media-1.13.8.jar

Description:

Media resolving, processing and markup generation.

License:

"The Apache Software License, Version 2.0";link="http://www.apache.org/licenses/LICENSE-2.0.txt"
File Path: /home/runner/.m2/repository/io/wcm/io.wcm.handler.media/1.13.8/io.wcm.handler.media-1.13.8.jar
MD5: d83ff469b5447561eefb8d91c1202c12
SHA1: 74053d03e7da4121637eafca2fdb478416fab842
SHA256:a1b60e6bbf905e98bc8a656f71f9c3d15e06a4928d611765363e49fef9dec0a5
Referenced In Project/Scope:WCM Core Components Examples:compile

Identifiers

io.wcm.handler.richtext-1.5.0.jar

Description:

Rich text processing and markup generation.

License:

"The Apache Software License, Version 2.0";link="http://www.apache.org/licenses/LICENSE-2.0.txt"
File Path: /home/runner/.m2/repository/io/wcm/io.wcm.handler.richtext/1.5.0/io.wcm.handler.richtext-1.5.0.jar
MD5: 331dd7a157dda6b868474c3596ef3d24
SHA1: b3a6d4fe949c0e1a27ac6200f4200f4b4767f2df
SHA256:6120fe27bd3c33bdc0f8aaa79fbc96f27cea681d14b7486ded3505488dbcda48
Referenced In Projects/Scopes:
  • WCM Core Components:compile
  • WCM Core Components Examples Core:compile

Identifiers

io.wcm.handler.richtext-1.5.0.jar: linkDialog.js

File Path: /home/runner/.m2/repository/io/wcm/io.wcm.handler.richtext/1.5.0/io.wcm.handler.richtext-1.5.0.jar/SLING-INF/app-root/clientlibs/rte.plugins/js/linkDialog.js
MD5: a5d161dd46013eff503a9142dbc9947f
SHA1: ee3e66102ffac63119e74771225b2687af524147
SHA256:0e922cbcc77457105439b4471939362247eeafce5e00c2d48238715092b8e629
Referenced In Projects/Scopes:

  • WCM Core Components:compile
  • WCM Core Components Examples:compile
  • WCM Core Components Examples Core:compile

Identifiers

  • None

io.wcm.handler.richtext-1.5.0.jar: linkPlugin.js

File Path: /home/runner/.m2/repository/io/wcm/io.wcm.handler.richtext/1.5.0/io.wcm.handler.richtext-1.5.0.jar/SLING-INF/app-root/clientlibs/rte.plugins/js/linkPlugin.js
MD5: 172b7860a2b277ba036e1a92025f5816
SHA1: 7c180adb3baf031623bd716eb43977ed251bad28
SHA256:d6c5b8a6897e43a4bb58273e693c329f831e0246ccae033877fd2708a65c13f2
Referenced In Projects/Scopes:

  • WCM Core Components:compile
  • WCM Core Components Examples:compile
  • WCM Core Components Examples Core:compile

Identifiers

  • None

io.wcm.handler.richtext-1.5.0.jar: namespace.js

File Path: /home/runner/.m2/repository/io/wcm/io.wcm.handler.richtext/1.5.0/io.wcm.handler.richtext-1.5.0.jar/SLING-INF/app-root/clientlibs/rte.plugins/js/namespace.js
MD5: 7ae55c6778a3c26445a0098fcefde074
SHA1: fa7930101777f1f655cbbf99d6b2ec186260a462
SHA256:5eb6414d882dde4e5e49e64b15bf011d0e19f8fb09b8e3216c5211b01c836ff1
Referenced In Projects/Scopes:

  • WCM Core Components:compile
  • WCM Core Components Examples:compile
  • WCM Core Components Examples Core:compile

Identifiers

  • None

io.wcm.handler.richtext-1.5.6.jar

Description:

Rich text processing and markup generation.

License:

"The Apache Software License, Version 2.0";link="http://www.apache.org/licenses/LICENSE-2.0.txt"
File Path: /home/runner/.m2/repository/io/wcm/io.wcm.handler.richtext/1.5.6/io.wcm.handler.richtext-1.5.6.jar
MD5: f3b5a60cb0b65cfc50fb5a566260815e
SHA1: e46a81b65646869eafd2deb4bfa5be91a63f3773
SHA256:937a6eee2964d9eaf857bcd46ad1c7d23d708e28f8294c5e65ae6452b5aefc7b
Referenced In Project/Scope:WCM Core Components Examples:compile

Identifiers

io.wcm.handler.url-1.5.4.jar

Description:

URL resolving and processing.

License:

"The Apache Software License, Version 2.0";link="http://www.apache.org/licenses/LICENSE-2.0.txt"
File Path: /home/runner/.m2/repository/io/wcm/io.wcm.handler.url/1.5.4/io.wcm.handler.url-1.5.4.jar
MD5: 135b4a98e9c6ff743ec382c731a690ed
SHA1: 1bad50fefa3fb74bfd712bce8b9e961fa447cdc8
SHA256:eb7cd0213b60a1a4e6264b973f613df84a259d42399c40d422820675a8de9d11
Referenced In Projects/Scopes:
  • WCM Core Components:compile
  • WCM Core Components Examples Core:compile

Identifiers

io.wcm.handler.url-1.6.0.jar

Description:

URL resolving and processing.

License:

"The Apache Software License, Version 2.0";link="http://www.apache.org/licenses/LICENSE-2.0.txt"
File Path: /home/runner/.m2/repository/io/wcm/io.wcm.handler.url/1.6.0/io.wcm.handler.url-1.6.0.jar
MD5: d6e4d166536812e383832fc1b6dee4d3
SHA1: 834b061d39aa3c7b5519e478f42b037f157f34f3
SHA256:71aca33969fc6201aff3615bd0faba06e6c3ae75b5078be495b3b8e7ca88157c
Referenced In Project/Scope:WCM Core Components Examples:compile

Identifiers

io.wcm.samples:io.wcm.wcm.core.components.examples-core:1.9.3-2.17.12-SNAPSHOT

Description:

Examples for wcm.io WCM Core Components.

License:

The Apache Software License, Version 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/work/wcm-io-wcm-core-components/wcm-io-wcm-core-components/examples/bundles/examples-core/pom.xml

Identifiers

io.wcm.sling.commons-1.4.0.jar

Description:

Common Sling utility and helper functions.

License:

"The Apache Software License, Version 2.0";link="http://www.apache.org/licenses/LICENSE-2.0.txt"
File Path: /home/runner/.m2/repository/io/wcm/io.wcm.sling.commons/1.4.0/io.wcm.sling.commons-1.4.0.jar
MD5: d62de019c010f8bc770e3779c2ef9b77
SHA1: 57bab1d2edf776d551f5c994b705add0fda569b7
SHA256:a6fcc35671f64d43f0a4253340e01655694a8e7fa60aed781410e9440dc053b2
Referenced In Projects/Scopes:
  • WCM Core Components:compile
  • WCM Core Components Examples:compile
  • WCM Core Components Examples Core:compile

Identifiers

io.wcm.sling.models-1.6.0.jar

Description:

AEM Object Injector for Sling Models.

License:

"The Apache Software License, Version 2.0";link="http://www.apache.org/licenses/LICENSE-2.0.txt"
File Path: /home/runner/.m2/repository/io/wcm/io.wcm.sling.models/1.6.0/io.wcm.sling.models-1.6.0.jar
MD5: 11233d382ac989a7c00b69fe6191d0cc
SHA1: 06a9483c7502638bc25552917a20cdfb904c34bb
SHA256:eb19e7903e1cb3c9d98f9d70d68b0687c82923b70a3d6f84f435b358223c64fa
Referenced In Projects/Scopes:
  • WCM Core Components:compile
  • WCM Core Components Examples:compile
  • WCM Core Components Examples Core:compile

Identifiers

io.wcm.wcm.commons-1.9.0.jar

Description:

Common WCM utility and helper functions.

License:

"The Apache Software License, Version 2.0";link="http://www.apache.org/licenses/LICENSE-2.0.txt"
File Path: /home/runner/.m2/repository/io/wcm/io.wcm.wcm.commons/1.9.0/io.wcm.wcm.commons-1.9.0.jar
MD5: 04799632ef83b8d9295c7328d5c0b247
SHA1: 15b79398cd63bbc02ff54a04a98cc04cc0b04d1c
SHA256:98b6e6915fbba4d4642bbf6500d590c430765a1e28279e86fb63546b24a97e98
Referenced In Projects/Scopes:
  • WCM Core Components:compile
  • WCM Core Components Examples:compile
  • WCM Core Components Examples Core:compile

Identifiers

io.wcm.wcm.ui.granite-1.8.0.jar

Description:

Granite UI Components for AEM Touch UI.

License:

"The Apache Software License, Version 2.0";link="http://www.apache.org/licenses/LICENSE-2.0.txt"
File Path: /home/runner/.m2/repository/io/wcm/io.wcm.wcm.ui.granite/1.8.0/io.wcm.wcm.ui.granite-1.8.0.jar
MD5: 6af6dbee86e9885d22ea6b5827397a8c
SHA1: 93944ff43600dd24d7257e13de9261e2973c3050
SHA256:e99d87ce7340396d8ebb6c68ed9d12119be6d398030f944249cbfa3fdb9eb006
Referenced In Projects/Scopes:
  • WCM Core Components:compile
  • WCM Core Components Examples Core:compile

Identifiers

io.wcm.wcm.ui.granite-1.8.0.jar: showhide.js

File Path: /home/runner/.m2/repository/io/wcm/io.wcm.wcm.ui.granite/1.8.0/io.wcm.wcm.ui.granite-1.8.0.jar/SLING-INF/app-root/clientlibs/io.wcm.ui.granite.showhidedialogfields/js/showhide.js
MD5: 8dac12e53129a74b52cfad2a9b0e3da6
SHA1: e7462e84281e399c1603d2f27ae18307568f0020
SHA256:15a10493faebc8f947792f91bdc29ae5af34e7e45fa318a851144982510be626
Referenced In Projects/Scopes:

  • WCM Core Components:compile
  • WCM Core Components Examples Core:compile

Identifiers

  • None

io.wcm.wcm.ui.granite-1.8.0.jar: validation.js

File Path: /home/runner/.m2/repository/io/wcm/io.wcm.wcm.ui.granite/1.8.0/io.wcm.wcm.ui.granite-1.8.0.jar/SLING-INF/app-root/clientlibs/io.wcm.ui.granite.validation/js/validation.js
MD5: edad5110d166c768cd7f0fd2b4013d3b
SHA1: 6a28b836ec56eff5783abf566825e876cf45b8a2
SHA256:e2fc0a071a292fb9b3a9c9ce4d99081930519bbb6193d01ecd6f7e6418322364
Referenced In Projects/Scopes:

  • WCM Core Components:compile
  • WCM Core Components Examples:compile
  • WCM Core Components Examples Core:compile

Identifiers

  • None

io.wcm.wcm.ui.granite-1.8.2.jar

Description:

Granite UI Components for AEM Touch UI.

License:

"The Apache Software License, Version 2.0";link="http://www.apache.org/licenses/LICENSE-2.0.txt"
File Path: /home/runner/.m2/repository/io/wcm/io.wcm.wcm.ui.granite/1.8.2/io.wcm.wcm.ui.granite-1.8.2.jar
MD5: bc05a55d23d26cca2c907988bb1556d1
SHA1: 99daf61c8f79d00e6a75176a1ad0b510f0b19624
SHA256:8bca56150fc251039af47d803932875dbb8c5396d628ee61bebfb8aa1bab193d
Referenced In Project/Scope:WCM Core Components Examples:compile

Identifiers

io.wcm.wcm.ui.granite-1.8.2.jar: showhide.js

File Path: /home/runner/.m2/repository/io/wcm/io.wcm.wcm.ui.granite/1.8.2/io.wcm.wcm.ui.granite-1.8.2.jar/SLING-INF/app-root/clientlibs/io.wcm.ui.granite.showhidedialogfields/js/showhide.js
MD5: b062f9782dd8dcf34c6ac6d7b4c9b1f8
SHA1: 2640429ce3328de4e4c04b1f5feb59a701ce47ae
SHA256:bda2ce9fcee197f710ac87daf2838121c69743d5a49cd843f32ecb590f6e4926
Referenced In Project/Scope:WCM Core Components Examples:compile

Identifiers

  • None

io.wcm:io.wcm.wcm.core.components:1.9.3-2.17.12-SNAPSHOT

Description:

Enhances AEM WCM Core Components with wcm.io functionality.

License:

The Apache Software License, Version 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/work/wcm-io-wcm-core-components/wcm-io-wcm-core-components/bundles/core/pom.xml

Identifiers

jackson-core-2.9.5.jar

Description:

Core Jackson processing abstractions (aka Streaming API), implementation for JSON

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.9.5/jackson-core-2.9.5.jar
MD5: ec59f24f7f8d9acf53301c562722adf2
SHA1: a22ac51016944b06fd9ffbc9541c6e7ce5eea117
SHA256:a2bebaa325ad25455b02149c67e6052367a7d7fc1ce77de000eed284a5214eac
Referenced In Projects/Scopes:
  • WCM Core Components:compile
  • WCM Core Components Examples:compile
  • WCM Core Components Examples Core:compile

Identifiers

CVE-2018-1000873  

Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Modules-Java8 that can result in Causes a denial-of-service (DoS). This attack appear to be exploitable via The victim deserializes malicious input, specifically very large values in the nanoseconds field of a time value. This vulnerability appears to have been fixed in 2.9.8.
CWE-20 Improper Input Validation

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

jackson-databind-2.9.5.jar

Description:

General data-binding functionality for Jackson: works on core streaming API

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.9.5/jackson-databind-2.9.5.jar
MD5: 34b37affbf74f5d199be10622ddc83cd
SHA1: 3490508379d065fe3fcb80042b62f630f7588606
SHA256:0fb4e079c118e752cc94c15ad22e6782b0dfc5dc09145f4813fb39d82e686047
Referenced In Projects/Scopes:
  • WCM Core Components:compile
  • WCM Core Components Examples:compile
  • WCM Core Components Examples Core:compile

Identifiers

CVE-2018-1000873  

Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Modules-Java8 that can result in Causes a denial-of-service (DoS). This attack appear to be exploitable via The victim deserializes malicious input, specifically very large values in the nanoseconds field of a time value. This vulnerability appears to have been fixed in 2.9.8.
CWE-20 Improper Input Validation

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2018-11307 (OSSINDEX)  

An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5. Use of Jackson default typing along with a gadget class from iBatis allows exfiltration of content. Fixed in 2.7.9.4, 2.8.11.2, and 2.9.6.
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:com.fasterxml.jackson.core:jackson-databind:2.9.5:*:*:*:*:*:*:*

CVE-2018-12022  

An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db jar (for database access for the Jodd framework) in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload.
CWE-502 Deserialization of Untrusted Data

CVSSv2:
  • Base Score: MEDIUM (5.1)
  • Vector: /AV:N/AC:H/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2018-12023  

An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Oracle JDBC jar in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload.
CWE-502 Deserialization of Untrusted Data

CVSSv2:
  • Base Score: MEDIUM (5.1)
  • Vector: /AV:N/AC:H/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2018-14718  

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization.
CWE-502 Deserialization of Untrusted Data

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2018-14719  

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization.
CWE-502 Deserialization of Untrusted Data

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2018-14720  

FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization.
CWE-611 Improper Restriction of XML External Entity Reference ('XXE'), CWE-502 Deserialization of Untrusted Data

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2018-14721  

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization.
CWE-918 Server-Side Request Forgery (SSRF)

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: CRITICAL (10.0)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2018-19360  

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization.
CWE-502 Deserialization of Untrusted Data

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2018-19361  

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization.
CWE-502 Deserialization of Untrusted Data

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2018-19362  

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization.
CWE-502 Deserialization of Untrusted Data

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2019-12086  

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint, the service has the mysql-connector-java jar (8.0.14 or earlier) in the classpath, and an attacker can host a crafted MySQL server reachable by the victim, an attacker can send a crafted JSON message that allows them to read arbitrary local files on the server. This occurs because of missing com.mysql.cj.jdbc.admin.MiniAdmin validation.
CWE-502 Deserialization of Untrusted Data

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2019-12384  

FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. Depending on the classpath content, remote code execution may be possible.
CWE-502 Deserialization of Untrusted Data

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSSv3:
  • Base Score: MEDIUM (5.9)
  • Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2019-12814  

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has JDOM 1.x or 2.x jar in the classpath, an attacker can send a specifically crafted JSON message that allows them to read arbitrary local files on the server.
CWE-502 Deserialization of Untrusted Data

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSSv3:
  • Base Score: MEDIUM (5.9)
  • Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2019-14379  

SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution.
CWE-915 Improperly Controlled Modification of Dynamically-Determined Object Attributes

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2019-14439  

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the logback jar in the classpath.
CWE-502 Deserialization of Untrusted Data

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2019-14540  

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.
CWE-502 Deserialization of Untrusted Data

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2019-14892  

A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code.
CWE-502 Deserialization of Untrusted Data

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2019-14893  

A flaw was discovered in FasterXML jackson-databind in all versions before 2.9.10 and 2.10.0, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.
CWE-502 Deserialization of Untrusted Data

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2019-16335  

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540.
CWE-502 Deserialization of Untrusted Data

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2019-16942  

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.
CWE-502 Deserialization of Untrusted Data

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2019-16943  

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.
CWE-502 Deserialization of Untrusted Data

CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2019-17267  

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup.
CWE-502 Deserialization of Untrusted Data

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2019-17531  

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.
CWE-502 Deserialization of Untrusted Data

CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2019-20330  

FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.
CWE-502 Deserialization of Untrusted Data

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2020-10672  

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).
NVD-CWE-Other

CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: HIGH (8.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2020-10673  

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).
NVD-CWE-Other

CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: HIGH (8.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2020-10968  

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).
CWE-502 Deserialization of Untrusted Data

CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: HIGH (8.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2020-10969  

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.
CWE-502 Deserialization of Untrusted Data

CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: HIGH (8.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2020-11111  

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).
CWE-502 Deserialization of Untrusted Data

CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: HIGH (8.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2020-11112  

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).
CWE-502 Deserialization of Untrusted Data

CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: HIGH (8.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2020-11113  

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).
CWE-502 Deserialization of Untrusted Data

CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: HIGH (8.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2020-11619  

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).
CWE-502 Deserialization of Untrusted Data

CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: HIGH (8.1)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2020-11620  

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).
CWE-502 Deserialization of Untrusted Data

CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: HIGH (8.1)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2020-14060  

FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).
CWE-502 Deserialization of Untrusted Data

CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: HIGH (8.1)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2020-14061  

FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).
CWE-502 Deserialization of Untrusted Data

CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: HIGH (8.1)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2020-14062  

FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).
CWE-502 Deserialization of Untrusted Data

CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: HIGH (8.1)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2020-14195  

FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).
CWE-502 Deserialization of Untrusted Data

CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: HIGH (8.1)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2020-24616  

FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).
CWE-502 Deserialization of Untrusted Data

CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: HIGH (8.1)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2020-24750  

FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.
CWE-502 Deserialization of Untrusted Data

CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: HIGH (8.1)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2020-25649  

A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.
CWE-611 Improper Restriction of XML External Entity Reference ('XXE')

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2020-35490  

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.
CWE-502 Deserialization of Untrusted Data

CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: HIGH (8.1)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2020-35491  

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.
CWE-502 Deserialization of Untrusted Data

CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: HIGH (8.1)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2020-35728  

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).
CWE-502 Deserialization of Untrusted Data

CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: HIGH (8.1)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2020-36179  

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS.
CWE-502 Deserialization of Untrusted Data

CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: HIGH (8.1)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2020-36180  

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.
CWE-502 Deserialization of Untrusted Data

CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: HIGH (8.1)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2020-36181  

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS.
CWE-502 Deserialization of Untrusted Data

CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: HIGH (8.1)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2020-36182  

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.
CWE-502 Deserialization of Untrusted Data

CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: HIGH (8.1)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2020-36183  

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.
CWE-502 Deserialization of Untrusted Data

CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: HIGH (8.1)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2020-36184  

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.
CWE-502 Deserialization of Untrusted Data

CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: HIGH (8.1)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2020-36185  

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource.
CWE-502 Deserialization of Untrusted Data

CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: HIGH (8.1)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2020-36186  

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource.
CWE-502 Deserialization of Untrusted Data

CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: HIGH (8.1)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2020-36187  

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.
CWE-502 Deserialization of Untrusted Data

CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: HIGH (8.1)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2020-36188  

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource.
CWE-502 Deserialization of Untrusted Data

CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: HIGH (8.1)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2020-36189  

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.
CWE-502 Deserialization of Untrusted Data

CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: HIGH (8.1)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2020-8840  

FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.
CWE-502 Deserialization of Untrusted Data

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2020-9546  

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).
CWE-502 Deserialization of Untrusted Data

CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2020-9547  

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig (aka ibatis-sqlmap).
CWE-502 Deserialization of Untrusted Data

CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2020-9548  

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).
CWE-502 Deserialization of Untrusted Data

CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2021-20190  

A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CWE-502 Deserialization of Untrusted Data

CVSSv2:
  • Base Score: HIGH (8.3)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:C
CVSSv3:
  • Base Score: HIGH (8.1)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

javax.servlet-api-3.1.0.jar

Description:

Java(TM) Servlet 3.1 API Design Specification

License:

CDDL + GPLv2 with classpath exception: https://glassfish.dev.java.net/nonav/public/CDDL+GPL.html
File Path: /home/runner/.m2/repository/javax/servlet/javax.servlet-api/3.1.0/javax.servlet-api-3.1.0.jar
MD5: 79de69e9f5ed8c7fcb8342585732bbf7
SHA1: 3cd63d075497751784b2fa84be59432f4905bf7c
SHA256:af456b2dd41c4e82cf54f3e743bc678973d9fe35bd4d3071fa05c7e5333b8482
Referenced In Projects/Scopes:
  • WCM Core Components:compile
  • WCM Core Components Examples:compile
  • WCM Core Components Examples Core:compile

Identifiers

jcr-2.0.jar

Description:

        The Content Repository API for JavaTM Technology Version 2.0 is specified by JSR-283.
        This module contains the complete API as specified.

License:

Day Specification License: http://www.day.com/dam/day/downloads/jsr283/day-spec-license.htm
Day Specification License addendum: http://www.day.com/content/dam/day/downloads/jsr283/LICENSE.txt
File Path: /home/runner/.m2/repository/javax/jcr/jcr/2.0/jcr-2.0.jar
MD5: ede5e78b16c8ed298ce0b6d296584ebd
SHA1: 08297216bcfe4aea369ed6ee0d1718133f752e97
SHA256:cbf083bc58cb88a0c19112187a4c52d3115f525b5bb7f2913635f5679e6e9743
Referenced In Projects/Scopes:
  • WCM Core Components:compile
  • WCM Core Components Examples:compile
  • WCM Core Components Examples Core:compile

Identifiers

jdom2-2.0.6.jar

Description:

		A complete, Java-based solution for accessing, manipulating, 
		and outputting XML data

License:

Similar to Apache License but with the acknowledgment clause removed: https://raw.github.com/hunterhacker/jdom/master/LICENSE.txt
File Path: /home/runner/.m2/repository/org/jdom/jdom2/2.0.6/jdom2-2.0.6.jar
MD5: 86a30c9b1ddc08ca155747890db423b7
SHA1: 6f14738ec2e9dd0011e343717fa624a10f8aab64
SHA256:1345f11ba606d15603d6740551a8c21947c0215640770ec67271fe78bea97cf5
Referenced In Projects/Scopes:
  • WCM Core Components:compile
  • WCM Core Components Examples:compile
  • WCM Core Components Examples Core:compile

Identifiers

CVE-2021-33813  

An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request.
CWE-611 Improper Restriction of XML External Entity Reference ('XXE')

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

jsp-api-2.1.jar

File Path: /home/runner/.m2/repository/javax/servlet/jsp/jsp-api/2.1/jsp-api-2.1.jar
MD5: b8a34113a3a1ce29c8c60d7141f5a704
SHA1: 63f943103f250ef1f3a4d5e94d145a0f961f5316
SHA256:545f4e7dc678ffb4cf8bd0fd40b4a4470a409a787c0ea7d0ad2f08d56112987b
Referenced In Projects/Scopes:

  • WCM Core Components:compile
  • WCM Core Components Examples:compile
  • WCM Core Components Examples Core:compile

Identifiers

org.apache.sling.caconfig.api-1.1.0.jar

Description:

Apache Sling Context-Aware Configuration API

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/apache/sling/org.apache.sling.caconfig.api/1.1.0/org.apache.sling.caconfig.api-1.1.0.jar
MD5: 231c80a8f980016d79f32ee99ad9e920
SHA1: 4a8674192c5da0d03d090e4dade5055b84aa0885
SHA256:dda109a6b232a7f92c042b5e15e7b381f27eebe3ce526aaed496892288516a4b
Referenced In Projects/Scopes:
  • WCM Core Components:compile
  • WCM Core Components Examples:compile
  • WCM Core Components Examples Core:compile

Identifiers

CVE-2015-2944  

Multiple cross-site scripting (XSS) vulnerabilities in Apache Sling API before 2.2.2 and Apache Sling Servlets Post before 2.1.2 allow remote attackers to inject arbitrary web script or HTML via the URI, related to (1) org/apache/sling/api/servlets/HtmlResponse and (2) org/apache/sling/servlets/post/HtmlResponse.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions: (show all)

org.osgi.dto-1.0.0.jar

Description:

OSGi Companion Code for org.osgi.dto Version 1.0.0.

License:

Apache License, Version 2.0: http://opensource.org/licenses/apache2.0.php
File Path: /home/runner/.m2/repository/org/osgi/org.osgi.dto/1.0.0/org.osgi.dto-1.0.0.jar
MD5: c2bce9030f4b5a2d3c489dfc11fee529
SHA1: 1d01eb8c487477f929127d4a88fbfe97af0379a4
SHA256:cb75f3c7e48e5a31a31df22e26873346f5bf659e2dcab2369e031e4850d2ff43
Referenced In Project/Scope:WCM Core Components Examples:compile

Identifiers

org.osgi.framework-1.8.0.jar

Description:

OSGi Companion Code for org.osgi.framework Version 1.8.0.

License:

Apache License, Version 2.0: http://opensource.org/licenses/apache2.0.php
File Path: /home/runner/.m2/repository/org/osgi/org.osgi.framework/1.8.0/org.osgi.framework-1.8.0.jar
MD5: 1a40fb57099ef5530d25bc9600d509b1
SHA1: b54d03f9621136b7d9d93b5017b0a4fa490e78b0
SHA256:ec194b7871af27681716ff05259319a5c3c9b9727e8000e9e832499b93484b4e
Referenced In Projects/Scopes:
  • WCM Core Components:compile
  • WCM Core Components Examples:compile
  • WCM Core Components Examples Core:compile

Identifiers

org.osgi.service.cm-1.6.0.jar

Description:

OSGi Companion Code for org.osgi.service.cm Version 1.6.0

License:

Apache-2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: /home/runner/.m2/repository/org/osgi/org.osgi.service.cm/1.6.0/org.osgi.service.cm-1.6.0.jar
MD5: b0756197dc4ce853b05e686ec0df8dbf
SHA1: f0c01d6da3799107b17f894ae7920cfd6fa69da6
SHA256:c1768352603abdeb18ca160ac8c712768f88d2e418fe4c5cf50845e783154233
Referenced In Projects/Scopes:
  • WCM Core Components:compile
  • WCM Core Components Examples:compile
  • WCM Core Components Examples Core:compile

Identifiers

org.osgi.service.component-1.4.0.jar

Description:

OSGi Companion Code for org.osgi.service.component Version 1.4.0

License:

Apache-2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: /home/runner/.m2/repository/org/osgi/org.osgi.service.component/1.4.0/org.osgi.service.component-1.4.0.jar
MD5: 83d6179ca4179b2569ce68a510325e8a
SHA1: 4934dce3e552c172283a4962929c39f9075f4393
SHA256:607b85148c03e9385b91dd355200aeda3cbfaa6374edba737a9460aac5d576e1
Referenced In Project/Scope:WCM Core Components Examples:compile

Identifiers

org.osgi.util.tracker-1.5.1.jar

Description:

OSGi Companion Code for org.osgi.util.tracker Version 1.5.1.

License:

Apache License, Version 2.0: http://opensource.org/licenses/apache2.0.php
File Path: /home/runner/.m2/repository/org/osgi/org.osgi.util.tracker/1.5.1/org.osgi.util.tracker-1.5.1.jar
MD5: fd34c8f47613e751a25aa7e627c7cc85
SHA1: 18c3821aa2e98b3e5aacf73b3833347a894a5053
SHA256:5efad34ab9a7753dcde1415b62e6e21e4dec83dfad5a570df485c1b931c1ebed
Referenced In Projects/Scopes:
  • WCM Core Components:compile
  • WCM Core Components Examples:compile
  • WCM Core Components Examples Core:compile

Identifiers

slf4j-api-1.7.25.jar

Description:

The slf4j API

File Path: /home/runner/.m2/repository/org/slf4j/slf4j-api/1.7.25/slf4j-api-1.7.25.jar
MD5: caafe376afb7086dcbee79f780394ca3
SHA1: da76ca59f6a57ee3102f8f9bd9cee742973efa8a
SHA256:18c4a0095d5c1da6b817592e767bb23d29dd2f560ad74df75ff3961dbde25b79
Referenced In Projects/Scopes:

  • WCM Core Components:compile
  • WCM Core Components Examples:compile
  • WCM Core Components Examples Core:compile

Identifiers



This report contains data retrieved from the National Vulnerability Database.
This report may contain data retrieved from the NPM Public Advisories.
This report may contain data retrieved from RetireJS.
This report may contain data retrieved from the Sonatype OSS Index.