Press CTR-C to copy XML [help]


Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

How to read the report | Suppressing false positives | Getting Help: github issues

 Sponsor

Project: Simplicite Platform

com.simplicite:simplicite:5.3.35

Scan Information (show all):

Summary

Display: Showing Vulnerable Dependencies (click to show all)

DependencyVulnerability IDsPackageHighest SeverityCVE CountConfidenceEvidence Count
@fullcalendar/bootstrap:5.11.4pkg:npm/%40fullcalendar%2Fbootstrap@5.11.4 010
@fullcalendar/core:5.11.4pkg:npm/%40fullcalendar%2Fcore@5.11.4 010
@fullcalendar/daygrid:5.11.4pkg:npm/%40fullcalendar%2Fdaygrid@5.11.4 010
@fullcalendar/google-calendar:5.11.4pkg:npm/%40fullcalendar%2Fgoogle-calendar@5.11.4 010
@fullcalendar/interaction:5.11.4pkg:npm/%40fullcalendar%2Finteraction@5.11.4 010
@fullcalendar/list:5.11.4pkg:npm/%40fullcalendar%2Flist@5.11.4 010
@fullcalendar/luxon:5.11.4pkg:npm/%40fullcalendar%2Fluxon@5.11.4 010
@fullcalendar/moment-timezone:5.11.4pkg:npm/%40fullcalendar%2Fmoment-timezone@5.11.4 010
@fullcalendar/moment:5.11.4pkg:npm/%40fullcalendar%2Fmoment@5.11.4 010
@fullcalendar/rrule:5.11.4pkg:npm/%40fullcalendar%2Frrule@5.11.4 010
@fullcalendar/timegrid:5.11.4pkg:npm/%40fullcalendar%2Ftimegrid@5.11.4 010
HikariCP-5.0.1.jarpkg:maven/com.zaxxer/HikariCP@5.0.1 038
JavaEWAH-1.1.13.jarpkg:maven/com.googlecode.javaewah/JavaEWAH@1.1.13 033
SparseBitSet-1.2.jarcpe:2.3:a:bit_project:bit:1.2:*:*:*:*:*:*:*pkg:maven/com.zaxxer/SparseBitSet@1.2 0Low27
accessors-smart-2.4.9.jarpkg:maven/net.minidev/accessors-smart@2.4.9 041
ace-builds:1.18.0pkg:npm/ace-builds@1.18.0 08
ace-diff:3.0.3pkg:npm/ace-diff@3.0.3 08
angus-activation-2.0.0.jarcpe:2.3:a:service_project:service:2.0.0:*:*:*:*:*:*:*pkg:maven/org.eclipse.angus/angus-activation@2.0.0 0Low37
animal-sniffer-annotations-1.21.jarpkg:maven/org.codehaus.mojo/animal-sniffer-annotations@1.21 019
annotations-4.1.1.4.jarpkg:maven/com.google.android/annotations@4.1.1.4 020
ant-1.10.13.jarcpe:2.3:a:apache:ant:1.10.13:*:*:*:*:*:*:*pkg:maven/org.apache.ant/ant@1.10.13 0Highest24
antlr-2.7.7.jarpkg:maven/antlr/antlr@2.7.7 024
antlr-runtime-3.5.2.jarcpe:2.3:a:temporal:temporal:3.5.2:*:*:*:*:*:*:*pkg:maven/org.antlr/antlr-runtime@3.5.2 0Low39
aopalliance-1.0.jarpkg:maven/aopalliance/aopalliance@1.0 020
aopalliance-repackaged-2.6.1.jarpkg:maven/org.glassfish.hk2.external/aopalliance-repackaged@2.6.1 025
apache-mime4j-core-0.8.9.jarpkg:maven/org.apache.james/apache-mime4j-core@0.8.9MEDIUM134
apache-mime4j-dom-0.8.9.jarpkg:maven/org.apache.james/apache-mime4j-dom@0.8.9 034
api-common-2.1.5.jarpkg:maven/com.google.api/api-common@2.1.5 029
asm-9.4.jarpkg:maven/org.ow2.asm/asm@9.4 053
auto-value-annotations-1.9.jarpkg:maven/com.google.auto.value/auto-value-annotations@1.9 025
autolink-0.10.0.jarpkg:maven/org.nibor.autolink/autolink@0.10.0 023
avalon-framework-impl-4.2.0.jarpkg:maven/avalon-framework/avalon-framework-impl@4.2.0 021
aws-s3-2.5.0.jarcpe:2.3:a:apache:jclouds:2.5.0:*:*:*:*:*:*:*pkg:maven/org.apache.jclouds.provider/aws-s3@2.5.0 0Highest33
azureblob-2.5.0.jarcpe:2.3:a:apache:jclouds:2.5.0:*:*:*:*:*:*:*pkg:maven/org.apache.jclouds.provider/azureblob@2.5.0 0Highest35
barcode4j-2.1.jarcpe:2.3:a:web_project:web:2.1:*:*:*:*:*:*:*pkg:maven/net.sf.barcode4j/barcode4j@2.1 0Low50
bcmail-jdk18on-1.73.jarcpe:2.3:a:bouncycastle:bouncy_castle_for_java:1.73:*:*:*:*:*:*:*
cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle:1.73:*:*:*:*:*:*:*		pkg:maven/org.bouncycastle/bcmail-jdk18on@1.73 0Low52
bcpg-jdk18on-1.73.jarcpe:2.3:a:bouncycastle:bouncy_castle_for_java:1.73:*:*:*:*:*:*:*
cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle:1.73:*:*:*:*:*:*:*
cpe:2.3:a:openpgp:openpgp:1.73:*:*:*:*:*:*:*		pkg:maven/org.bouncycastle/bcpg-jdk18on@1.73 0Low54
bcpkix-jdk18on-1.73.jarcpe:2.3:a:bouncycastle:bouncy_castle_for_java:1.73:*:*:*:*:*:*:*
cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle:1.73:*:*:*:*:*:*:*		pkg:maven/org.bouncycastle/bcpkix-jdk18on@1.73 0Low66
bcprov-ext-jdk18on-1.73.jarcpe:2.3:a:bouncycastle:bouncy_castle_for_java:1.73:*:*:*:*:*:*:*
cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle:1.73:*:*:*:*:*:*:*		pkg:maven/org.bouncycastle/bcprov-ext-jdk18on@1.73HIGH4Low58
bcprov-jdk15on-1.69.jarcpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.69:*:*:*:*:*:*:*
cpe:2.3:a:bouncycastle:bouncy_castle_crypto_package:1.69:*:*:*:*:*:*:*
cpe:2.3:a:bouncycastle:bouncy_castle_for_java:1.69:*:*:*:*:*:*:*
cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle:1.69:*:*:*:*:*:*:*
cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.69:*:*:*:*:*:*:*
cpe:2.3:a:bouncycastle:the_bouncy_castle_crypto_package_for_java:1.69:*:*:*:*:*:*:*		pkg:maven/org.bouncycastle/bcprov-jdk15on@1.69HIGH4Low60
bcprov-jdk18on-1.73.jarcpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.73:*:*:*:*:*:*:*
cpe:2.3:a:bouncycastle:bouncy_castle_crypto_package:1.73:*:*:*:*:*:*:*
cpe:2.3:a:bouncycastle:bouncy_castle_for_java:1.73:*:*:*:*:*:*:*
cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle:1.73:*:*:*:*:*:*:*
cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.73:*:*:*:*:*:*:*
cpe:2.3:a:bouncycastle:the_bouncy_castle_crypto_package_for_java:1.73:*:*:*:*:*:*:*		pkg:maven/org.bouncycastle/bcprov-jdk18on@1.73HIGH4Low60
bcutil-jdk18on-1.73.jarcpe:2.3:a:bouncycastle:bouncy_castle_for_java:1.73:*:*:*:*:*:*:*
cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle:1.73:*:*:*:*:*:*:*		pkg:maven/org.bouncycastle/bcutil-jdk18on@1.73 0Low50
bootbox:6.0.0pkg:npm/bootbox@6.0.0MEDIUM16
bootstrap:5.2.3cpe:2.3:a:getbootstrap:bootstrap:5.2.3:*:*:*:*:*:*:*pkg:npm/bootstrap@5.2.3 0Highest8
bson-3.12.13.jarcpe:2.3:a:mongodb:bson:3.12.13:*:*:*:*:*:*:*pkg:maven/org.mongodb/bson@3.12.13 0Highest26
byte-buddy-1.14.4.jarpkg:maven/net.bytebuddy/byte-buddy@1.14.4 029
byte-buddy-agent-1.14.4.jarpkg:maven/net.bytebuddy/byte-buddy-agent@1.14.4 033
byte-buddy-agent-1.14.4.jar: attach_hotspot_windows.dll 02
byte-buddy-agent-1.14.4.jar: attach_hotspot_windows.dll 02
c3p0-0.9.5.5.jarcpe:2.3:a:mchange:c3p0:0.9.5.5:*:*:*:*:*:*:*pkg:maven/com.mchange/c3p0@0.9.5.5 0Highest31
cache-api-1.1.0.jarpkg:maven/javax.cache/cache-api@1.1.0 023
caffeine-3.1.6.jarpkg:maven/com.github.ben-manes.caffeine/caffeine@3.1.6 037
chart.js:3.9.1cpe:2.3:a:chartjs:chart.js:3.9.1:*:*:*:*:*:*:*pkg:npm/chart.js@3.9.1 0Highest7
chartjs-adapter-moment:1.0.1pkg:npm/chartjs-adapter-moment@1.0.1 06
checker-compat-qual-2.5.5.jarpkg:maven/org.checkerframework/checker-compat-qual@2.5.5 052
checker-qual-3.33.0.jarpkg:maven/org.checkerframework/checker-qual@3.33.0 046
codemodel-3.0.2.jarcpe:2.3:a:eclipse:glassfish:3.0.2:*:*:*:*:*:*:*pkg:maven/org.glassfish.jaxb/codemodel@3.0.2 0Highest36
commonmark-0.21.0.jarpkg:maven/org.commonmark/commonmark@0.21.0 023
commonmark-ext-autolink-0.21.0.jarpkg:maven/org.commonmark/commonmark-ext-autolink@0.21.0 023
commonmark-ext-gfm-strikethrough-0.21.0.jarpkg:maven/org.commonmark/commonmark-ext-gfm-strikethrough@0.21.0 025
commonmark-ext-gfm-tables-0.21.0.jarpkg:maven/org.commonmark/commonmark-ext-gfm-tables@0.21.0 025
commonmark-ext-heading-anchor-0.21.0.jarpkg:maven/org.commonmark/commonmark-ext-heading-anchor@0.21.0 025
commonmark-ext-image-attributes-0.21.0.jarpkg:maven/org.commonmark/commonmark-ext-image-attributes@0.21.0 025
commonmark-ext-ins-0.21.0.jarpkg:maven/org.commonmark/commonmark-ext-ins@0.21.0 023
commonmark-ext-task-list-items-0.21.0.jarpkg:maven/org.commonmark/commonmark-ext-task-list-items@0.21.0 025
commonmark-ext-yaml-front-matter-0.21.0.jarpkg:maven/org.commonmark/commonmark-ext-yaml-front-matter@0.21.0 025
commons-beanutils-1.9.4.jarcpe:2.3:a:apache:commons_beanutils:1.9.4:*:*:*:*:*:*:*pkg:maven/commons-beanutils/commons-beanutils@1.9.4 0Highest168
commons-cli-1.5.0.jarpkg:maven/commons-cli/commons-cli@1.5.0 0102
commons-codec-1.15.jarpkg:maven/commons-codec/commons-codec@1.15 0108
commons-collections-3.2.2.jarcpe:2.3:a:apache:commons_collections:3.2.2:*:*:*:*:*:*:*pkg:maven/commons-collections/commons-collections@3.2.2 0Highest84
commons-collections4-4.4.jarcpe:2.3:a:apache:commons_collections:4.4:*:*:*:*:*:*:*pkg:maven/org.apache.commons/commons-collections4@4.4 0Highest105
commons-compress-1.23.0.jarcpe:2.3:a:apache:commons_compress:1.23.0:*:*:*:*:*:*:*pkg:maven/org.apache.commons/commons-compress@1.23.0MEDIUM3Highest108
commons-csv-1.10.0.jarpkg:maven/org.apache.commons/commons-csv@1.10.0 085
commons-digester-2.1.jarpkg:maven/commons-digester/commons-digester@2.1 098
commons-discovery-0.5.jarcpe:2.3:a:spirit-project:spirit:0.5:*:*:*:*:*:*:*pkg:maven/commons-discovery/commons-discovery@0.5MEDIUM1Low86
commons-email-1.5.jarcpe:2.3:a:apache:commons_email:1.5:*:*:*:*:*:*:*pkg:maven/org.apache.commons/commons-email@1.5 0Highest137
commons-exec-1.3.jarpkg:maven/org.apache.commons/commons-exec@1.3 059
commons-fileupload-1.5.jarcpe:2.3:a:apache:commons_fileupload:1.5:*:*:*:*:*:*:*pkg:maven/commons-fileupload/commons-fileupload@1.5 0Highest115
commons-imaging-1.0-alpha3.jarcpe:2.3:a:apache:commons_imaging:1.0:pha3:*:*:*:*:*:*pkg:maven/org.apache.commons/commons-imaging@1.0-alpha3 0Highest67
commons-io-2.11.0.jarcpe:2.3:a:apache:commons_io:2.11.0:*:*:*:*:*:*:*pkg:maven/commons-io/commons-io@2.11.0 0Highest123
commons-lang-2.6.jarpkg:maven/commons-lang/commons-lang@2.6 0122
commons-lang3-3.12.0.jarpkg:maven/org.apache.commons/commons-lang3@3.12.0 0139
commons-logging-1.2.jarpkg:maven/commons-logging/commons-logging@1.2 0117
commons-math3-3.6.1.jarpkg:maven/org.apache.commons/commons-math3@3.6.1 0134
commons-net-3.9.0.jarcpe:2.3:a:apache:commons_net:3.9.0:*:*:*:*:*:*:*pkg:maven/commons-net/commons-net@3.9.0 0Highest105
commons-pool2-2.11.1.jarpkg:maven/org.apache.commons/commons-pool2@2.11.1 090
commons-text-1.10.0.jarcpe:2.3:a:apache:commons_text:1.10.0:*:*:*:*:*:*:*pkg:maven/org.apache.commons/commons-text@1.10.0 0Highest71
commons-validator-1.7.jarpkg:maven/commons-validator/commons-validator@1.7 0125
commons-vfs2-2.9.0.jarpkg:maven/org.apache.commons/commons-vfs2@2.9.0 039
conscrypt-openjdk-uber-2.5.1.jarpkg:maven/org.conscrypt/conscrypt-openjdk-uber@2.5.1 037
conscrypt-openjdk-uber-2.5.1.jar: conscrypt_openjdk_jni-windows-x86.dll 04
conscrypt-openjdk-uber-2.5.1.jar: conscrypt_openjdk_jni-windows-x86_64.dll 02
core-3.0.1.jarpkg:maven/com.google.zxing/core@3.0.1 020
curvesapi-1.07.jarpkg:maven/com.github.virtuald/curvesapi@1.07 023
dd-plist-1.26.jarcpe:2.3:a:dd-plist_project:dd-plist:1.26:*:*:*:*:*:*:*pkg:maven/com.googlecode.plist/dd-plist@1.26 0Highest31
dec-0.1.2.jarpkg:maven/org.brotli/dec@0.1.2 023
derby-10.16.1.1.jarcpe:2.3:a:apache:derby:10.16.1.1:*:*:*:*:*:*:*pkg:maven/org.apache.derby/derby@10.16.1.1CRITICAL1Highest28
derbyshared-10.16.1.1.jarcpe:2.3:a:apache:derby:10.16.1.1:*:*:*:*:*:*:*pkg:maven/org.apache.derby/derbyshared@10.16.1.1CRITICAL1Highest27
diffutils-1.3.0.jarcpe:2.3:a:utils_project:utils:1.3.0:*:*:*:*:*:*:*pkg:maven/com.googlecode.java-diff-utils/diffutils@1.3.0 0Highest19
docusign-esign-java-3.18.0.jarpkg:maven/com.docusign/docusign-esign-java@3.18.0 034
docx4j-ImportXHTML-8.3.2.jarpkg:maven/org.docx4j/docx4j-ImportXHTML@8.3.2 029
docx4j-JAXB-ReferenceImpl-11.4.5.jarpkg:maven/org.docx4j/docx4j-JAXB-ReferenceImpl@11.4.5 029
docx4j-core-11.4.5.jarpkg:maven/org.docx4j/docx4j-core@11.4.5 035
docx4j-openxml-objects-11.4.5.jarpkg:maven/org.docx4j/docx4j-openxml-objects@11.4.5 029
docx4j-openxml-objects-pml-11.4.5.jarpkg:maven/org.docx4j/docx4j-openxml-objects-pml@11.4.5 027
docx4j-openxml-objects-sml-11.4.5.jarpkg:maven/org.docx4j/docx4j-openxml-objects-sml@11.4.5 027
dtd-parser-1.4.5.jarpkg:maven/com.sun.xml.dtd-parser/dtd-parser@1.4.5 038
eddsa-0.3.0.jarcpe:2.3:a:4d:4d:0.3.0:*:*:*:*:*:*:*pkg:maven/net.i2p.crypto/eddsa@0.3.0 0Low33
ehcache-3.10.8.jar (shaded: org.ehcache.modules:ehcache-107:3.10.8)pkg:maven/org.ehcache.modules/ehcache-107@3.10.8 021
ehcache-3.10.8.jar (shaded: org.ehcache.modules:ehcache-api:3.10.8)pkg:maven/org.ehcache.modules/ehcache-api@3.10.8 021
ehcache-3.10.8.jar (shaded: org.ehcache.modules:ehcache-core:3.10.8)pkg:maven/org.ehcache.modules/ehcache-core@3.10.8 021
ehcache-3.10.8.jar (shaded: org.ehcache.modules:ehcache-impl:3.10.8)pkg:maven/org.ehcache.modules/ehcache-impl@3.10.8 021
ehcache-3.10.8.jar (shaded: org.ehcache.modules:ehcache-xml-spi:3.10.8)pkg:maven/org.ehcache.modules/ehcache-xml-spi@3.10.8 021
ehcache-3.10.8.jar (shaded: org.ehcache.modules:ehcache-xml:3.10.8)pkg:maven/org.ehcache.modules/ehcache-xml@3.10.8 021
ehcache-3.10.8.jar (shaded: org.ehcache:sizeof:0.4.3)pkg:maven/org.ehcache/sizeof@0.4.3 013
ehcache-3.10.8.jar (shaded: org.terracotta:offheap-store:2.5.3)pkg:maven/org.terracotta/offheap-store@2.5.3 017
ehcache-3.10.8.jar (shaded: org.terracotta:statistics:2.1.2)pkg:maven/org.terracotta/statistics@2.1.2 025
ehcache-3.10.8.jar (shaded: org.terracotta:terracotta-utilities-tools:0.0.15)pkg:maven/org.terracotta/terracotta-utilities-tools@0.0.15 019
ehcache-3.10.8.jarcpe:2.3:a:service_project:service:3.10.8:*:*:*:*:*:*:*pkg:maven/org.ehcache/ehcache@3.10.8 0Low54
ehcache-3.10.8.jar: sizeof-agent.jar 08
error_prone_annotations-2.11.0.jarpkg:maven/com.google.errorprone/error_prone_annotations@2.11.0 023
failureaccess-1.0.1.jarpkg:maven/com.google.guava/failureaccess@1.0.1 028
fast-and-simple-minify-1.0.jarpkg:maven/ch.simschla/fast-and-simple-minify@1.0 028
firebase-admin-8.1.0.jarpkg:maven/com.google.firebase/firebase-admin@8.1.0 034
fontbox-2.0.28.jarpkg:maven/org.apache.pdfbox/fontbox@2.0.28 035
fuzzywuzzy-1.4.0.jar (shaded: me.xdrop:diffutils:1.3)pkg:maven/me.xdrop/diffutils@1.3 07
fuzzywuzzy-1.4.0.jar (shaded: me.xdrop:fuzzywuzzy-build:1.4.0)pkg:maven/me.xdrop/fuzzywuzzy-build@1.4.0 011
fuzzywuzzy-1.4.0.jarpkg:maven/me.xdrop/fuzzywuzzy@1.4.0 025
gax-2.15.0.jarpkg:maven/com.google.api/gax@2.15.0 034
gax-grpc-2.13.0.jarcpe:2.3:a:grpc:grpc:2.13.0:*:*:*:*:*:*:*pkg:maven/com.google.api/gax-grpc@2.13.0 0Highest36
gax-httpjson-0.98.0.jarpkg:maven/com.google.api/gax-httpjson@0.98.0 036
google-api-client-1.34.0.jarpkg:maven/com.google.api-client/google-api-client@1.34.0 034
google-api-client-gson-1.34.0.jarpkg:maven/com.google.api-client/google-api-client-gson@1.34.0 034
google-api-services-calendar-v3-rev20220401-1.32.1.jarpkg:maven/com.google.apis/google-api-services-calendar@v3-rev20220401-1.32.1 026
google-api-services-drive-v3-rev20220214-1.32.1.jarcpe:2.3:a:google:drive:v3.rev20220214.1.32.1:*:*:*:*:*:*:*pkg:maven/com.google.apis/google-api-services-drive@v3-rev20220214-1.32.1 0Highest26
google-api-services-gmail-v1-rev20220404-1.32.1.jarcpe:2.3:a:google:gmail:v1.rev20220404.1.32.1:*:*:*:*:*:*:*pkg:maven/com.google.apis/google-api-services-gmail@v1-rev20220404-1.32.1 0Highest26
google-api-services-plus-v1-rev20190328-1.30.10.jarpkg:maven/com.google.apis/google-api-services-plus@v1-rev20190328-1.30.10 026
google-api-services-sheets-v4-rev20220322-1.32.1.jarpkg:maven/com.google.apis/google-api-services-sheets@v4-rev20220322-1.32.1 026
google-api-services-storage-v1-rev20220401-1.32.1.jarpkg:maven/com.google.apis/google-api-services-storage@v1-rev20220401-1.32.1 026
google-api-services-translate-v2-rev20170525-1.30.1.jarpkg:maven/com.google.apis/google-api-services-translate@v2-rev20170525-1.30.1 026
google-api-services-youtube-v3-rev20220409-1.32.1.jarpkg:maven/com.google.apis/google-api-services-youtube@v3-rev20220409-1.32.1 026
google-auth-library-credentials-1.6.0.jarpkg:maven/com.google.auth/google-auth-library-credentials@1.6.0 023
google-auth-library-oauth2-http-1.6.0.jarpkg:maven/com.google.auth/google-auth-library-oauth2-http@1.6.0 025
google-cloud-core-2.5.11.jarpkg:maven/com.google.cloud/google-cloud-core@2.5.11 029
google-cloud-core-grpc-2.5.11.jarcpe:2.3:a:grpc:grpc:2.5.11:*:*:*:*:*:*:*pkg:maven/com.google.cloud/google-cloud-core-grpc@2.5.11 0Highest31
google-cloud-core-http-2.5.11.jarpkg:maven/com.google.cloud/google-cloud-core-http@2.5.11 031
google-cloud-firestore-2.6.1.jarpkg:maven/com.google.cloud/google-cloud-firestore@2.6.1 099
google-cloud-pubsub-1.116.3.jarpkg:maven/com.google.cloud/google-cloud-pubsub@1.116.3 039
google-cloud-storage-2.5.0.jarcpe:2.3:a:apache:jclouds:2.5.0:*:*:*:*:*:*:*pkg:maven/org.apache.jclouds.provider/google-cloud-storage@2.5.0 0Highest29
google-cloud-storage-2.6.0.jarpkg:maven/com.google.cloud/google-cloud-storage@2.6.0 039
google-http-client-1.41.7.jarpkg:maven/com.google.http-client/google-http-client@1.41.7 034
google-http-client-apache-v2-1.41.7.jarpkg:maven/com.google.http-client/google-http-client-apache-v2@1.41.7 031
google-http-client-appengine-1.41.7.jarpkg:maven/com.google.http-client/google-http-client-appengine@1.41.7 025
google-http-client-gson-1.41.7.jarpkg:maven/com.google.http-client/google-http-client-gson@1.41.7 025
google-http-client-jackson-1.29.2.jarcpe:2.3:a:apache:httpclient:1.29.2:*:*:*:*:*:*:*pkg:maven/com.google.http-client/google-http-client-jackson@1.29.2MEDIUM1Low31
google-http-client-jackson2-1.41.7.jarpkg:maven/com.google.http-client/google-http-client-jackson2@1.41.7 025
google-java-format-1.16.0.jarpkg:maven/com.google.googlejavaformat/google-java-format@1.16.0 033
google-oauth-client-1.33.2.jarcpe:2.3:a:google:oauth_client_library_for_java:1.33.2:*:*:*:*:*:*:*pkg:maven/com.google.oauth-client/google-oauth-client@1.33.2HIGH1Low36
googlecloud-2.5.0.jarcpe:2.3:a:apache:jclouds:2.5.0:*:*:*:*:*:*:*pkg:maven/org.apache.jclouds.common/googlecloud@2.5.0 0Highest31
graphics2d-0.32.jarpkg:maven/de.rototor.pdfbox/graphics2d@0.32 025
graphql-java-20.2.jar (shaded: com.google.guava:guava:31.0.1-jre)cpe:2.3:a:google:guava:31.0.1:*:*:*:*:*:*:*pkg:maven/com.google.guava/guava@31.0.1-jreHIGH2Highest11
graphql-java-20.2.jar (shaded: org.antlr:antlr4-runtime:4.9.3)pkg:maven/org.antlr/antlr4-runtime@4.9.3 09
graphql-java-20.2.jarcpe:2.3:a:graphql-java:graphql-java:20.2:*:*:*:*:*:*:*
cpe:2.3:a:graphql-java_project:graphql-java:20.2:*:*:*:*:*:*:*		pkg:maven/com.graphql-java/graphql-java@20.2 0Highest26
grpc-core-1.45.0.jarcpe:2.3:a:grpc:grpc:1.45.0:*:*:*:*:*:*:*pkg:maven/io.grpc/grpc-core@1.45.0HIGH*4Highest29
grpc-netty-shaded-1.45.0.jar: io_grpc_netty_shaded_netty_tcnative_windows_x86_64.dll 02
grpc-protobuf-1.45.0.jarcpe:2.3:a:grpc:grpc:1.45.0:*:*:*:*:*:*:*
cpe:2.3:a:protobuf:protobuf:1.45.0:*:*:*:*:*:*:*		pkg:maven/io.grpc/grpc-protobuf@1.45.0HIGH*4Highest31
gson-2.8.9.jarcpe:2.3:a:google:gson:2.8.9:*:*:*:*:*:*:*pkg:maven/com.google.code.gson/gson@2.8.9 0Highest29
guava-31.1-jre.jarcpe:2.3:a:google:guava:31.1:*:*:*:*:*:*:*pkg:maven/com.google.guava/guava@31.1-jreHIGH2Highest25
guice-5.0.1.jarpkg:maven/com.google.inject/guice@5.0.1 034
guice-assistedinject-5.0.1.jarpkg:maven/com.google.inject.extensions/guice-assistedinject@5.0.1 031
h2-2.1.214.jarcpe:2.3:a:h2database:h2:2.1.214:*:*:*:*:*:*:*pkg:maven/com.h2database/h2@2.1.214HIGH2Highest44
h2-2.1.214.jar: data.zip: table.js 00
h2-2.1.214.jar: data.zip: tree.js 00
hadoop-hdfs-client-3.3.1.jarcpe:2.3:a:apache:hadoop:3.3.1:*:*:*:*:*:*:*pkg:maven/org.apache.hadoop/hadoop-hdfs-client@3.3.1CRITICAL6Highest27
hamcrest-core-1.3.jarpkg:maven/org.hamcrest/hamcrest-core@1.3 024
highlight.js:11.7.0cpe:2.3:a:highlightjs:highlight.js:11.7.0:*:*:*:*:*:*:*pkg:npm/highlight.js@11.7.0 0Highest8
hk2-api-2.6.1.jarpkg:maven/org.glassfish.hk2/hk2-api@2.6.1 025
hk2-locator-2.6.1.jarcpe:2.3:a:service_project:service:2.6.1:*:*:*:*:*:*:*pkg:maven/org.glassfish.hk2/hk2-locator@2.6.1 0Low21
hk2-utils-2.6.1.jarcpe:2.3:a:utils_project:utils:2.6.1:*:*:*:*:*:*:*pkg:maven/org.glassfish.hk2/hk2-utils@2.6.1 0Highest27
hsqldb-2.7.1.jarcpe:2.3:a:hsqldb:hypersql_database:2.7.1:*:*:*:*:*:*:*pkg:maven/org.hsqldb/hsqldb@2.7.1 0Low47
html5-qrcode:2.3.8pkg:npm/html5-qrcode@2.3.8 08
httpasyncclient-4.1.5.jarcpe:2.3:a:apache:httpasyncclient:4.1.5:*:*:*:*:*:*:*pkg:maven/org.apache.httpcomponents/httpasyncclient@4.1.5 0Highest28
httpclient-4.5.14.jarcpe:2.3:a:apache:httpclient:4.5.14:*:*:*:*:*:*:*pkg:maven/org.apache.httpcomponents/httpclient@4.5.14 0Highest32
httpcore-4.4.16.jarpkg:maven/org.apache.httpcomponents/httpcore@4.4.16 032
httpcore-nio-4.4.16.jarpkg:maven/org.apache.httpcomponents/httpcore-nio@4.4.16 030
httpmime-4.5.14.jarpkg:maven/org.apache.httpcomponents/httpmime@4.5.14 030
icu4j-73.1.jarcpe:2.3:a:icu-project:international_components_for_unicode:73.1:*:*:*:*:*:*:*
cpe:2.3:a:unicode:international_components_for_unicode:73.1:*:*:*:*:*:*:*		pkg:maven/com.ibm.icu/icu4j@73.1 0Low79
istack-commons-runtime-4.0.1.jarpkg:maven/com.sun.istack/istack-commons-runtime@4.0.1 033
istack-commons-tools-4.0.1.jarpkg:maven/com.sun.istack/istack-commons-tools@4.0.1 035
itext-2.1.7.jarpkg:maven/com.lowagie/itext@2.1.7HIGH146
itext-rtf-2.1.7.jarpkg:maven/com.lowagie/itext-rtf@2.1.7 046
j2objc-annotations-1.3.jarpkg:maven/com.google.j2objc/j2objc-annotations@1.3 024
jackcess-4.0.5.jarpkg:maven/com.healthmarketscience.jackcess/jackcess@4.0.5 042
jackcess-encrypt-4.0.2.jarpkg:maven/com.healthmarketscience.jackcess/jackcess-encrypt@4.0.2 038
jackson-core-2.14.2.jarcpe:2.3:a:fasterxml:jackson-modules-java8:2.14.2:*:*:*:*:*:*:*pkg:maven/com.fasterxml.jackson.core/jackson-core@2.14.2 0Low45
jackson-core-asl-1.9.13.jarpkg:maven/org.codehaus.jackson/jackson-core-asl@1.9.13 038
jackson-databind-2.14.2.jarcpe:2.3:a:fasterxml:jackson-databind:2.14.2:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-modules-java8:2.14.2:*:*:*:*:*:*:*		pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.14.2MEDIUM1Highest41
jackson-dataformat-csv-2.14.2.jarcpe:2.3:a:fasterxml:jackson-dataformat-xml:2.14.2:*:*:*:*:*:*:*pkg:maven/com.fasterxml.jackson.dataformat/jackson-dataformat-csv@2.14.2 0Highest39
jackson-datatype-guava-2.14.2.jarpkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-guava@2.14.2 039
jackson-datatype-joda-2.14.2.jarpkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-joda@2.14.2 041
jackson-jaxrs-base-2.14.2.jarpkg:maven/com.fasterxml.jackson.jaxrs/jackson-jaxrs-base@2.14.2 037
jackson-jaxrs-json-provider-2.14.2.jarpkg:maven/com.fasterxml.jackson.jaxrs/jackson-jaxrs-json-provider@2.14.2 037
jackson-jaxrs-xml-provider-2.14.2.jarpkg:maven/com.fasterxml.jackson.jaxrs/jackson-jaxrs-xml-provider@2.14.2 037
jackson-module-jaxb-annotations-2.14.2.jarpkg:maven/com.fasterxml.jackson.module/jackson-module-jaxb-annotations@2.14.2 039
jai-imageio-core-1.4.0.jarpkg:maven/com.github.jai-imageio/jai-imageio-core@1.4.0 042
jakarta.activation-1.2.2.jarpkg:maven/com.sun.activation/jakarta.activation@1.2.2 033
jakarta.activation-api-2.1.1.jarpkg:maven/jakarta.activation/jakarta.activation-api@2.1.1 045
jakarta.annotation-api-1.3.5.jarcpe:2.3:a:oracle:projects:1.3.5:*:*:*:*:*:*:*pkg:maven/jakarta.annotation/jakarta.annotation-api@1.3.5 0Low35
jakarta.inject-2.6.1.jarpkg:maven/org.glassfish.hk2.external/jakarta.inject@2.6.1 027
jakarta.jms-api-2.0.3.jarpkg:maven/jakarta.jms/jakarta.jms-api@2.0.3 033
jakarta.mail-2.0.1.jar (shaded: jakarta.mail:jakarta.mail-api:2.1.1)pkg:maven/jakarta.mail/jakarta.mail-api@2.1.1 012
jakarta.mail-2.0.1.jar (shaded: org.eclipse.angus:angus-core:2.0.1)pkg:maven/org.eclipse.angus/angus-core@2.0.1 09
jakarta.mail-2.0.1.jar (shaded: org.eclipse.angus:angus-mail:2.0.1)pkg:maven/org.eclipse.angus/angus-mail@2.0.1 09
jakarta.mail-2.0.1.jar (shaded: org.eclipse.angus:imap:2.0.1)pkg:maven/org.eclipse.angus/imap@2.0.1 09
jakarta.mail-2.0.1.jar (shaded: org.eclipse.angus:logging-mailhandler:2.0.1)pkg:maven/org.eclipse.angus/logging-mailhandler@2.0.1 09
jakarta.mail-2.0.1.jar (shaded: org.eclipse.angus:pop3:2.0.1)pkg:maven/org.eclipse.angus/pop3@2.0.1 09
jakarta.mail-2.0.1.jar (shaded: org.eclipse.angus:smtp:2.0.1)pkg:maven/org.eclipse.angus/smtp@2.0.1 09
jakarta.mail-2.0.1.jarcpe:2.3:a:service_project:service:2.0.1:*:*:*:*:*:*:*pkg:maven/org.eclipse.angus/jakarta.mail@2.0.1 0Low36
jakarta.validation-api-2.0.2.jarpkg:maven/jakarta.validation/jakarta.validation-api@2.0.2 056
jakarta.ws.rs-api-2.1.6.jarcpe:2.3:a:web_project:web:2.1.6:*:*:*:*:*:*:*pkg:maven/jakarta.ws.rs/jakarta.ws.rs-api@2.1.6 0Low43
jakarta.xml.bind-api-4.0.0.jarpkg:maven/jakarta.xml.bind/jakarta.xml.bind-api@4.0.0 031
java-dataloader-3.2.0.jarpkg:maven/com.graphql-java/java-dataloader@3.2.0 031
java-jwt-4.4.0.jarpkg:maven/com.auth0/java-jwt@4.4.0 039
java-libpst-0.9.3.jarpkg:maven/com.pff/java-libpst@0.9.3 020
java-saml-2.9.0.jarpkg:maven/com.onelogin/java-saml@2.9.0 018
java-saml-core-2.9.0.jarpkg:maven/com.onelogin/java-saml-core@2.9.0 017
javase-3.0.1.jarpkg:maven/com.google.zxing/javase@3.0.1 023
javassist-3.22.0-CR2.jarpkg:maven/org.javassist/javassist@3.22.0-CR2 056
javax.activation-api-1.2.0.jarpkg:maven/javax.activation/javax.activation-api@1.2.0 039
javax.annotation-api-1.3.2.jarpkg:maven/javax.annotation/javax.annotation-api@1.3.2 048
javax.ejb-api-3.2.2.jarpkg:maven/javax.ejb/javax.ejb-api@3.2.2 046
javax.inject-1.jarpkg:maven/javax.inject/javax.inject@1 020
javax.jms-api-2.0.1.jarcpe:2.3:a:oracle:projects:2.0.1:*:*:*:*:*:*:*pkg:maven/javax.jms/javax.jms-api@2.0.1 0Low34
javax.servlet-api-4.0.1.jarcpe:2.3:a:oracle:java_se:4.0.1:*:*:*:*:*:*:*pkg:maven/javax.servlet/javax.servlet-api@4.0.1 0Medium48
javax.servlet.jsp-api-2.3.3.jarcpe:2.3:a:oracle:java_se:2.3.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jsp:2.3.3:*:*:*:*:*:*:*		pkg:maven/javax.servlet.jsp/javax.servlet.jsp-api@2.3.3 0High46
javax.transaction-api-1.3.jarpkg:maven/javax.transaction/javax.transaction-api@1.3 048
javax.websocket-api-1.1.jarpkg:maven/javax.websocket/javax.websocket-api@1.1 030
javax.ws.rs-api-2.0.1.jarpkg:maven/javax.ws.rs/javax.ws.rs-api@2.0.1 057
jawk-1.02.jarpkg:maven/org.jawk/jawk@1.02 012
jaxb-api-2.3.1.jarpkg:maven/javax.xml.bind/jaxb-api@2.3.1 035
jaxb-core-3.0.2.jarcpe:2.3:a:eclipse:glassfish:3.0.2:*:*:*:*:*:*:*pkg:maven/org.glassfish.jaxb/jaxb-core@3.0.2 0Highest45
jaxb-impl-2.3.3.jar (shaded: com.sun.istack:istack-commons-runtime:3.0.11)pkg:maven/com.sun.istack/istack-commons-runtime@3.0.11 09
jaxb-impl-2.3.3.jar (shaded: org.glassfish.jaxb:jaxb-runtime:2.3.3)pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.3 011
jaxb-impl-2.3.3.jar (shaded: org.glassfish.jaxb:txw2:2.3.3)pkg:maven/org.glassfish.jaxb/txw2@2.3.3 011
jaxb-impl-2.3.3.jarpkg:maven/com.sun.xml.bind/jaxb-impl@2.3.3 041
jaxb-svg11-11.4.0.jarpkg:maven/org.plutext/jaxb-svg11@11.4.0 033
jbig2-imageio-3.0.4.jarcpe:2.3:a:apache:pdfbox:3.0.4:*:*:*:*:*:*:*pkg:maven/org.apache.pdfbox/jbig2-imageio@3.0.4 0Highest130
jcl-over-slf4j-1.7.36.jarpkg:maven/org.slf4j/jcl-over-slf4j@1.7.36 033
jclouds-core-2.5.0.jarcpe:2.3:a:apache:jclouds:2.5.0:*:*:*:*:*:*:*pkg:maven/org.apache.jclouds/jclouds-core@2.5.0 0Highest27
jdom2-2.0.6.1.jarcpe:2.3:a:jdom:jdom:2.0.6.1:*:*:*:*:*:*:*pkg:maven/org.jdom/jdom2@2.0.6.1 0Highest60
jedis-4.3.1.jarpkg:maven/redis.clients/jedis@4.3.1 025
jempbox-1.8.17.jarcpe:2.3:a:apache:pdfbox:1.8.17:*:*:*:*:*:*:*pkg:maven/org.apache.pdfbox/jempbox@1.8.17 0Highest31
jersey-common-2.29.1.jarcpe:2.3:a:jersey_project:jersey:2.29.1:*:*:*:*:*:*:*pkg:maven/org.glassfish.jersey.core/jersey-common@2.29.1MEDIUM1Highest29
jersey-hk2-2.29.1.jarcpe:2.3:a:jersey_project:jersey:2.29.1:*:*:*:*:*:*:*pkg:maven/org.glassfish.jersey.inject/jersey-hk2@2.29.1 0Highest27
jfreechart-1.5.4.jarcpe:2.3:a:time_project:time:1.5.4:*:*:*:*:*:*:*pkg:maven/org.jfree/jfreechart@1.5.4HIGH3Low37
jhighlight-1.1.0.jarpkg:maven/org.codelibs/jhighlight@1.1.0 021
jjwt-api-0.11.2.jarpkg:maven/io.jsonwebtoken/jjwt-api@0.11.2 031
jjwt-impl-0.11.2.jarpkg:maven/io.jsonwebtoken/jjwt-impl@0.11.2 035
jjwt-jackson-0.11.2.jarpkg:maven/io.jsonwebtoken/jjwt-jackson@0.11.2 035
jlessc-1.10.jarpkg:maven/de.inetsoftware/jlessc@1.10 033
jlessc-ant-1.10.jarpkg:maven/com.simplicite.ant/jlessc-ant@1.10
pkg:maven/com.simplicite/jlessc-ant@1.10		 028
jmatio-1.5.jarpkg:maven/org.tallison/jmatio@1.5 026
jmustache-1.15.jarpkg:maven/com.samskivert/jmustache@1.15 028
joda-time-2.12.4.jarpkg:maven/joda-time/joda-time@2.12.4 047
jose4j-0.9.3.jarcpe:2.3:a:jose4j_project:jose4j:0.9.3:*:*:*:*:*:*:*pkg:maven/org.bitbucket.b_c/jose4j@0.9.3HIGH1Highest39
jquery:3.6.4cpe:2.3:a:jquery:jquery:3.6.4:*:*:*:*:*:*:*pkg:npm/jquery@3.6.4 0Highest9
js-beautify:1.14.7cpe:2.3:a:js-beautify_project:js-beautify:1.14.7:*:*:*:*:*:*:*pkg:npm/js-beautify@1.14.7 0Highest8
jshint:2.13.6pkg:npm/jshint@2.13.6 010
json-20231013.jarcpe:2.3:a:json-java_project:json-java:*:*:*:*:*:*:*:*pkg:maven/org.json/json@20231013HIGH2Highest32
json-path-2.8.0.jarcpe:2.3:a:json-path:jayway_jsonpath:2.8.0:*:*:*:*:*:*:*pkg:maven/com.jayway.jsonpath/json-path@2.8.0MEDIUM1Highest32
json-simple-1.1.1.jarpkg:maven/com.googlecode.json-simple/json-simple@1.1.1 025
json-smart-2.4.10.jarcpe:2.3:a:json-smart_project:json-smart:2.4.10:*:*:*:*:*:*:*
cpe:2.3:a:json-smart_project:json-smart-v2:2.4.10:*:*:*:*:*:*:*		pkg:maven/net.minidev/json-smart@2.4.10 0Highest51
jsoup-1.16.1.jarcpe:2.3:a:jsoup:jsoup:1.16.1:*:*:*:*:*:*:*pkg:maven/org.jsoup/jsoup@1.16.1 0Highest40
jsr305-3.0.2.jarpkg:maven/com.google.code.findbugs/jsr305@3.0.2 017
jszip-utils:0.1.0pkg:npm/jszip-utils@0.1.0 06
jszip:3.10.1cpe:2.3:a:jszip_project:jszip:3.10.1:*:*:*:*:*:*:*pkg:npm/jszip@3.10.1 0Highest6
jtidy-r938.jarcpe:2.3:a:jtidy_project:jtidy:r938:*:*:*:*:*:*:*pkg:maven/net.sf.jtidy/jtidy@r938HIGH1Highest53
jul-to-slf4j-1.7.36.jarpkg:maven/org.slf4j/jul-to-slf4j@1.7.36 028
junit-4.13.2.jarcpe:2.3:a:junit:junit4:4.13.2:*:*:*:*:*:*:*pkg:maven/junit/junit@4.13.2 0Low53
juniversalchardet-2.4.0.jarpkg:maven/com.github.albfernandez/juniversalchardet@2.4.0 029
junrar-7.5.4.jarcpe:2.3:a:junrar_project:junrar:7.5.4:*:*:*:*:*:*:*pkg:maven/com.github.junrar/junrar@7.5.4 0Highest24
jwarc-0.21.0.jarcpe:2.3:a:alex_project:alex:0.21.0:*:*:*:*:*:*:*pkg:maven/org.netpreserve/jwarc@0.21.0 0Low27
jwarc-0.21.0.jar: inject.js 00
jwarc-0.21.0.jar: sw.js 00
kafka-clients-3.5.1.jarcpe:2.3:a:apache:kafka:3.5.1:*:*:*:*:*:*:*pkg:maven/org.apache.kafka/kafka-clients@3.5.1MEDIUM1Highest24
leaflet.markercluster:1.5.3pkg:npm/leaflet.markercluster@1.5.3 05
leaflet:1.9.3pkg:npm/leaflet@1.9.3 06
libphonenumber-8.13.11.jarpkg:maven/com.googlecode.libphonenumber/libphonenumber@8.13.11 022
listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jarpkg:maven/com.google.guava/listenablefuture@9999.0-empty-to-avoid-conflict-with-guava 013
log4j-core-2.21.0.jarcpe:2.3:a:apache:log4j:2.21.0:*:*:*:*:*:*:*pkg:maven/org.apache.logging.log4j/log4j-core@2.21.0 0Highest33
log4j-slf4j-impl-2.21.0.jarpkg:maven/org.apache.logging.log4j/log4j-slf4j-impl@2.21.0 029
lucene-core-9.5.0.jarpkg:maven/org.apache.lucene/lucene-core@9.5.0 030
lz4-java-1.8.0.jarpkg:maven/org.lz4/lz4-java@1.8.0 037
marked:4.3.0cpe:2.3:a:marked_project:marked:4.3.0:*:*:*:*:*:*:*pkg:npm/marked@4.3.0 0Highest8
mbassador-1.3.2.jarpkg:maven/net.engio/mbassador@1.3.2 029
mchange-commons-java-0.2.19.jarpkg:maven/com.mchange/mchange-commons-java@0.2.19 029
metadata-extractor-2.18.0.jarcpe:2.3:a:metadata-extractor_project:metadata-extractor:2.18.0:*:*:*:*:*:*:*pkg:maven/com.drewnoakes/metadata-extractor@2.18.0 0Highest33
migbase64-2.2.jarpkg:maven/com.brsanthu/migbase64@2.2 038
mimepull-1.9.11.jarpkg:maven/org.jvnet.mimepull/mimepull@1.9.11 037
mockito-core-5.3.0.jarpkg:maven/org.mockito/mockito-core@5.3.0 041
moment-timezone:0.5.43pkg:npm/moment-timezone@0.5.43 08
moment:2.29.4cpe:2.3:a:momentjs:moment:2.29.4:*:*:*:*:*:*:*pkg:npm/moment@2.29.4 0Highest8
mongodb-driver-core-3.12.13.jarcpe:2.3:a:mongodb:java_driver:3.12.13:*:*:*:*:*:*:*pkg:maven/org.mongodb/mongodb-driver-core@3.12.13 0Low28
mssql-jdbc-12.6.1.jre11.jarcpe:2.3:a:www-sql_project:www-sql:12.6.1.jre11:*:*:*:*:*:*:*pkg:maven/com.microsoft.sqlserver/mssql-jdbc@12.6.1
pkg:maven/com.microsoft.sqlserver/mssql-jdbc@12.6.1.jre11		 0Highest38
mustache:4.2.0pkg:npm/mustache@4.2.0 07
mysql-connector-j-8.3.0.jarcpe:2.3:a:mysql:mysql:8.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_connector\/j:8.3.0:*:*:*:*:*:*:*		pkg:maven/com.mysql/mysql-connector-j@8.3.0 0Highest52
netty-codec-http-4.1.91.Final.jarcpe:2.3:a:netty:netty:4.1.91:*:*:*:*:*:*:*pkg:maven/io.netty/netty-codec-http@4.1.91.FinalHIGH*3Highest34
netty-codec-mqtt-4.1.91.Final.jarcpe:2.3:a:mqtt:mqtt:4.1.91:*:*:*:*:*:*:*
cpe:2.3:a:netty:netty:4.1.91:*:*:*:*:*:*:*		pkg:maven/io.netty/netty-codec-mqtt@4.1.91.FinalHIGH*2Highest34
netty-common-4.1.91.Final.jar (shaded: org.jctools:jctools-core:3.1.0)pkg:maven/org.jctools/jctools-core@3.1.0 09
netty-transport-4.1.91.Final.jarcpe:2.3:a:netty:netty:4.1.91:*:*:*:*:*:*:*pkg:maven/io.netty/netty-transport@4.1.91.FinalHIGH*2Highest32
netty-transport-native-kqueue-4.1.75.Final-osx-x86_64.jarcpe:2.3:a:netty:netty:4.1.75:*:*:*:*:*:*:*pkg:maven/io.netty/netty-transport-native-kqueue@4.1.75.FinalHIGH*4Highest30
oauth-2.5.0.jarcpe:2.3:a:apache:jclouds:2.5.0:*:*:*:*:*:*:*pkg:maven/org.apache.jclouds.api/oauth@2.5.0 0Highest31
objenesis-3.3.jarpkg:maven/org.objenesis/objenesis@3.3 027
ojdbc11-23.3.0.23.09.jarcpe:2.3:a:oracle:jdbc:23.3.0.23.09:*:*:*:*:*:*:*pkg:maven/com.oracle.database.jdbc/ojdbc11@23.3.0.23.09 0Highest33
okhttp-2.7.5.jarcpe:2.3:a:squareup:okhttp:2.7.5:*:*:*:*:*:*:*pkg:maven/com.squareup.okhttp/okhttp@2.7.5HIGH2Highest22
okio-1.6.0.jarcpe:2.3:a:squareup:okio:1.6.0:*:*:*:*:*:*:*pkg:maven/com.squareup.okio/okio@1.6.0HIGH1Highest16
opencensus-api-0.31.0.jarpkg:maven/io.opencensus/opencensus-api@0.31.0 033
opencensus-contrib-grpc-util-0.28.0.jarpkg:maven/io.opencensus/opencensus-contrib-grpc-util@0.28.0 037
opencensus-contrib-http-util-0.31.0.jarpkg:maven/io.opencensus/opencensus-contrib-http-util@0.31.0 037
opencensus-proto-0.2.0.jarpkg:maven/io.opencensus/opencensus-proto@0.2.0 035
opencsv-5.7.1.jarpkg:maven/com.opencsv/opencsv@5.7.1 035
openhtmltopdf-core-1.0.10.jarpkg:maven/com.openhtmltopdf/openhtmltopdf-core@1.0.10 025
openhtmltopdf-pdfbox-1.0.10.jarcpe:2.3:a:apache:pdfbox:1.0.10:*:*:*:*:*:*:*pkg:maven/com.openhtmltopdf/openhtmltopdf-pdfbox@1.0.10 0High21
openstack-keystone-2.5.0.jarcpe:2.3:a:apache:jclouds:2.5.0:*:*:*:*:*:*:*
cpe:2.3:a:openstack:keystone:2.5.0:*:*:*:*:*:*:*
cpe:2.3:a:openstack:openstack:2.5.0:*:*:*:*:*:*:*		pkg:maven/org.apache.jclouds.api/openstack-keystone@2.5.0HIGH7Highest33
openstack-swift-2.5.0.jarcpe:2.3:a:apache:jclouds:2.5.0:*:*:*:*:*:*:*
cpe:2.3:a:openstack:openstack:2.5.0:*:*:*:*:*:*:*
cpe:2.3:a:openstack:swift:2.5.0:*:*:*:*:*:*:*		pkg:maven/org.apache.jclouds.api/openstack-swift@2.5.0CRITICAL4Highest33
org.apache.oltu.oauth2.client-1.0.2.jarpkg:maven/org.apache.oltu.oauth2/org.apache.oltu.oauth2.client@1.0.2 032
org.apache.oltu.oauth2.common-1.0.2.jarpkg:maven/org.apache.oltu.oauth2/org.apache.oltu.oauth2.common@1.0.2 032
org.eclipse.jgit.http.server-6.5.0.202303070854-r.jarcpe:2.3:a:eclipse:jgit:6.5.0:202303070854:*:*:*:*:*:*pkg:maven/org.eclipse.jgit/org.eclipse.jgit.http.server@6.5.0.202303070854-rHIGH1Highest40
org.eclipse.paho.client.mqttv3-1.2.5.jarcpe:2.3:a:eclipse:paho_java_client:1.2.5:*:*:*:*:*:*:*pkg:maven/org.eclipse.paho/org.eclipse.paho.client.mqttv3@1.2.5 0Low32
osgi-resource-locator-1.0.3.jarcpe:2.3:a:eclipse:glassfish:1.0.3:*:*:*:*:*:*:*pkg:maven/org.glassfish.hk2/osgi-resource-locator@1.0.3 0Medium34
package.json 00
parso-2.0.14.jarcpe:2.3:a:parso_project:parso:2.0.14:*:*:*:*:*:*:*pkg:maven/com.epam/parso@2.0.14 0Highest34
pdfbox-2.0.28.jarcpe:2.3:a:apache:pdfbox:2.0.28:*:*:*:*:*:*:*pkg:maven/org.apache.pdfbox/pdfbox@2.0.28 0Highest33
perfmark-api-0.23.0.jarpkg:maven/io.perfmark/perfmark-api@0.23.0 026
poi-5.2.3.jarcpe:2.3:a:apache:poi:5.2.3:*:*:*:*:*:*:*pkg:maven/org.apache.poi/poi@5.2.3 0Highest35
postgresql-42.7.3.jarcpe:2.3:a:postgresql:postgresql_jdbc_driver:42.7.3:*:*:*:*:*:*:*pkg:maven/org.postgresql/postgresql@42.7.3 0Low68
preflight-2.0.28.jarcpe:2.3:a:apache:pdfbox:2.0.28:*:*:*:*:*:*:*pkg:maven/org.apache.pdfbox/preflight@2.0.28 0Highest35
proto-google-cloud-firestore-bundle-v1-2.6.1.jarpkg:maven/com.google.cloud/proto-google-cloud-firestore-bundle-v1@2.6.1 099
proto-google-cloud-firestore-v1-2.6.1.jarpkg:maven/com.google.api.grpc/proto-google-cloud-firestore-v1@2.6.1 099
proto-google-cloud-pubsub-v1-1.98.3.jarpkg:maven/com.google.api.grpc/proto-google-cloud-pubsub-v1@1.98.3 039
proto-google-common-protos-2.8.0.jarpkg:maven/com.google.api.grpc/proto-google-common-protos@2.8.0 037
proto-google-iam-v1-1.2.10.jarpkg:maven/com.google.api.grpc/proto-google-iam-v1@1.2.10 039
protobuf-java-3.22.3.jarcpe:2.3:a:google:protobuf-java:3.22.3:*:*:*:*:*:*:*
cpe:2.3:a:protobuf:protobuf:3.22.3:*:*:*:*:*:*:*		pkg:maven/com.google.protobuf/protobuf-java@3.22.3 0Highest19
proton-j-0.33.10.jarcpe:2.3:a:apache:qpid:0.33.10:*:*:*:*:*:*:*
cpe:2.3:a:apache:qpid_proton:0.33.10:*:*:*:*:*:*:*
cpe:2.3:a:apache:qpid_proton-j:0.33.10:*:*:*:*:*:*:*
cpe:2.3:a:proton_project:proton:0.33.10:*:*:*:*:*:*:*		pkg:maven/org.apache.qpid/proton-j@0.33.10 0Highest28
qdox-1.12.jarpkg:maven/com.thoughtworks.qdox/qdox@1.12 050
qpid-jms-client-1.6.0.jarcpe:2.3:a:apache:qpid:1.6.0:*:*:*:*:*:*:*pkg:maven/org.apache.qpid/qpid-jms-client@1.6.0 0Highest25
qrgen-1.4.jarpkg:maven/net.glxn/qrgen@1.4 030
quartz-2.3.2.jarcpe:2.3:a:softwareag:quartz:2.3.2:*:*:*:*:*:*:*pkg:maven/org.quartz-scheduler/quartz@2.3.2CRITICAL1Highest33
re2j-1.5.jarpkg:maven/com.google.re2j/re2j@1.5 028
reactive-streams-1.0.3.jarpkg:maven/org.reactivestreams/reactive-streams@1.0.3 027
relaxng-datatype-3.0.2.jarpkg:maven/com.sun.xml.bind.external/relaxng-datatype@3.0.2 036
rhino-1.7.13.jarpkg:maven/org.mozilla/rhino@1.7.13 031
rhino-1.7.13.jar: test.js 00
rhino-js-engine-1.7.10.jarpkg:maven/cat.inspiracio/rhino-js-engine@1.7.10 032
rhino-js-engine-1.7.10.jar: toplevel.js 00
rngom-3.0.2.jarpkg:maven/com.sun.xml.bind.external/rngom@3.0.2 038
rome-1.18.0.jarpkg:maven/com.rometools/rome@1.18.0 032
rome-utils-1.18.0.jarcpe:2.3:a:utils_project:utils:1.18.0:*:*:*:*:*:*:*pkg:maven/com.rometools/rome-utils@1.18.0 0Highest21
s3-2.5.0.jarcpe:2.3:a:apache:jclouds:2.5.0:*:*:*:*:*:*:*pkg:maven/org.apache.jclouds.api/s3@2.5.0 0Highest31
select2-theme-bootstrap4:1.0.2pkg:npm/select2-theme-bootstrap4@1.0.2 08
select2:4.0.13cpe:2.3:a:select2:select2:4.0.13:*:*:*:*:*:*:*pkg:npm/select2@4.0.13 0Highest9
semver4j-5.2.2.jarpkg:maven/org.semver4j/semver4j@5.2.2 023
serializer-2.7.3.jarpkg:maven/xalan/serializer@2.7.3 022
signature_pad:4.1.5pkg:npm/signature_pad@4.1.5 09
simplicite-bootstrap-datetimepicker:1.1.0pkg:npm/simplicite-bootstrap-datetimepicker@1.1.0 07
simplicite:3.0.1pkg:npm/simplicite@3.0.1 08
slf4j-api-1.7.36.jarpkg:maven/org.slf4j/slf4j-api@1.7.36 029
snakeyaml-2.0.jarcpe:2.3:a:snakeyaml_project:snakeyaml:2.0:*:*:*:*:*:*:*pkg:maven/org.yaml/snakeyaml@2.0 0Highest42
snappy-java-1.1.10.1.jarcpe:2.3:a:xerial:snappy-java:1.1.10.1:*:*:*:*:*:*:*pkg:maven/org.xerial.snappy/snappy-java@1.1.10.1HIGH1Highest44
snappy-java-1.1.10.1.jar: snappyjava.dll 02
snappy-java-1.1.10.1.jar: snappyjava.dll 02
spectrum-colorpicker:1.8.1pkg:npm/spectrum-colorpicker@1.8.1 09
sqlite-jdbc-3.45.2.0.jarcpe:2.3:a:sqlite_jdbc_project:sqlite_jdbc:3.45.2.0:*:*:*:*:*:*:*pkg:maven/org.xerial/sqlite-jdbc@3.45.2.0 0Highest38
sqlite-jdbc-3.45.2.0.jar: sqlitejdbc.dll 02
sqlite-jdbc-3.45.2.0.jar: sqlitejdbc.dll 02
sqlite-jdbc-3.45.2.0.jar: sqlitejdbc.dll 02
sqlite-jdbc-3.45.2.0.jar: sqlitejdbc.dll 02
sshd-core-2.9.2.jarcpe:2.3:a:apache:sshd:2.9.2:*:*:*:*:*:*:*pkg:maven/org.apache.sshd/sshd-core@2.9.2MEDIUM2Highest26
stax2-api-4.2.1.jarpkg:maven/org.codehaus.woodstox/stax2-api@4.2.1 052
stringtemplate-3.2.1.jarcpe:2.3:a:temporal:temporal:3.2.1:*:*:*:*:*:*:*pkg:maven/org.antlr/stringtemplate@3.2.1 0Low38
stripe-java-20.113.0.jarcpe:2.3:a:stripe:stripe:20.113.0:*:*:*:*:*:*:*pkg:maven/com.stripe/stripe-java@20.113.0 0Highest32
sts-2.5.0.jarcpe:2.3:a:apache:jclouds:2.5.0:*:*:*:*:*:*:*pkg:maven/org.apache.jclouds.api/sts@2.5.0 0Highest31
swagger-annotations-1.5.18.jarpkg:maven/io.swagger/swagger-annotations@1.5.18 029
swagger-core-2.2.9.jarcpe:2.3:a:http-swagger_project:http-swagger:2.2.9:*:*:*:*:*:*:*pkg:maven/io.swagger.core.v3/swagger-core@2.2.9 0Low38
swagger-ui-dist:4.18.2pkg:npm/swagger-ui-dist@4.18.2 04
tagsoup-1.2.1.jarpkg:maven/org.ccil.cowan.tagsoup/tagsoup@1.2.1 024
threeten-extra-1.7.2.jarpkg:maven/org.threeten/threeten-extra@1.7.2 038
threetenbp-1.6.8.jarpkg:maven/org.threeten/threetenbp@1.6.8MEDIUM240
tika-core-2.7.0.jarcpe:2.3:a:apache:tika:2.7.0:*:*:*:*:*:*:*pkg:maven/org.apache.tika/tika-core@2.7.0 0Highest40
tika-parsers-standard-package-2.7.0.jar (shaded: org.apache.tika:tika-parser-cad-module:2.7.0)cpe:2.3:a:apache:tika:2.7.0:*:*:*:*:*:*:*pkg:maven/org.apache.tika/tika-parser-cad-module@2.7.0 0Highest9
tinymce-i18n:23.10.9pkg:npm/tinymce-i18n@23.10.9 06
tinymce:6.7.2cpe:2.3:a:tiny:tinymce:6.7.2:*:*:*:*:*:*:*
cpe:2.3:a:tinymce:tinymce:6.7.2:*:*:*:*:*:*:*		pkg:npm/tinymce@6.7.2MEDIUM3Highest8
totp-1.7.1.jarcpe:2.3:a:time_project:time:1.7.1:*:*:*:*:*:*:*pkg:maven/dev.samstevens.totp/totp@1.7.1 0Low26
twilio-8.29.0.jarpkg:maven/com.twilio.sdk/twilio@8.29.0 028
txw2-3.0.2.jarcpe:2.3:a:eclipse:glassfish:3.0.2:*:*:*:*:*:*:*pkg:maven/org.glassfish.jaxb/txw2@3.0.2 0Highest35
unirest-java-3.14.2.jarpkg:maven/com.konghq/unirest-java@3.14.2 018
vorbis-java-core-0.8.jarpkg:maven/org.gagravarr/vorbis-java-core@0.8 022
vorbis-java-tika-0.8.jarpkg:maven/org.gagravarr/vorbis-java-tika@0.8 022
vue:3.4.21pkg:npm/vue@3.4.21 08
wmf2svg-0.9.8.jarpkg:maven/net.arnx/wmf2svg@0.9.8 031
woodstox-core-6.5.0.jar (shaded: com.sun.xml.bind.jaxb:isorelax:20090621)pkg:maven/com.sun.xml.bind.jaxb/isorelax@20090621 012
woodstox-core-6.5.0.jar (shaded: net.java.dev.msv:xsdlib:2013.6.1)cpe:2.3:a:xml_library_project:xml_library:2013.6.1:*:*:*:*:*:*:*pkg:maven/net.java.dev.msv/xsdlib@2013.6.1 0Low9
woodstox-core-6.5.0.jarcpe:2.3:a:fasterxml:woodstox:6.5.0:*:*:*:*:*:*:*pkg:maven/com.fasterxml.woodstox/woodstox-core@6.5.0 0Highest56
xalan-2.7.3.jar (shaded: org.apache.bcel:bcel:6.7.0)cpe:2.3:a:apache:commons_bcel:6.7.0:*:*:*:*:*:*:*pkg:maven/org.apache.bcel/bcel@6.7.0 0Low52
xalan-2.7.3.jarcpe:2.3:a:apache:xalan-java:2.7.3:*:*:*:*:*:*:*pkg:maven/xalan/xalan@2.7.3 0Low46
xalan-interpretive-11.0.0.jarpkg:maven/org.docx4j.org.apache/xalan-interpretive@11.0.0 042
xalan-serializer-11.0.0.jarpkg:maven/org.docx4j.org.apache/xalan-serializer@11.0.0 041
xercesImpl-2.12.2.jarcpe:2.3:a:apache:xerces-j:2.12.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:xerces2_java:2.12.2:*:*:*:*:*:*:*		pkg:maven/xerces/xercesImpl@2.12.2MEDIUM1Low84
xmlbeans-5.1.1.jarcpe:2.3:a:apache:xmlbeans:5.1.1:*:*:*:*:*:*:*pkg:maven/org.apache.xmlbeans/xmlbeans@5.1.1 0Highest37
xmlgraphics-commons-2.7.jarcpe:2.3:a:apache:xmlgraphics_commons:2.7:*:*:*:*:*:*:*pkg:maven/org.apache.xmlgraphics/xmlgraphics-commons@2.7 0Highest29
xmlsec-3.0.2.jarcpe:2.3:a:apache:santuario_xml_security_for_java:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:xml_security_for_java:3.0.2:*:*:*:*:*:*:*		pkg:maven/org.apache.santuario/xmlsec@3.0.2MEDIUM1Low48
xmpbox-2.0.28.jarcpe:2.3:a:apache:pdfbox:2.0.28:*:*:*:*:*:*:*pkg:maven/org.apache.pdfbox/xmpbox@2.0.28 0Highest33
xmpcore-6.1.11.jarpkg:maven/com.adobe.xmp/xmpcore@6.1.11 031
xsom-3.0.2.jarcpe:2.3:a:eclipse:glassfish:3.0.2:*:*:*:*:*:*:*pkg:maven/org.glassfish.jaxb/xsom@3.0.2 0Highest36
xterm-js:4.9.0cpe:2.3:a:xtermjs:xterm.js:4.9.0:*:*:*:*:*:*:*pkg:npm/xterm-js@4.9.0HIGH1Highest5
xz-1.9.jarcpe:2.3:a:tukaani:xz:1.9:*:*:*:*:*:*:*pkg:maven/org.tukaani/xz@1.9 0Highest33
zstd-jni-1.5.5-1.jarpkg:maven/com.github.luben/zstd-jni@1.5.5-1 043
zstd-jni-1.5.5-1.jar: libzstd-jni-1.5.5-1.dll 04
zstd-jni-1.5.5-1.jar: libzstd-jni-1.5.5-1.dll 04

* indicates the dependency has a known exploited vulnerability

Dependencies

@fullcalendar/bootstrap:5.11.4

Description:

Bootstrap 4 theming for your calendar

License:

MIT
File Path: /var/simplicite/simplicite-5.3/package.json?/@fullcalendar/bootstrap:5.11.4

Referenced In Project/Scope: simplicite-js:5.3.35

Identifiers

@fullcalendar/core:5.11.4

Description:

Provides core functionality, including the Calendar class

License:

MIT
File Path: /var/simplicite/simplicite-5.3/package.json?/@fullcalendar/core:5.11.4

Referenced In Project/Scope: simplicite-js:5.3.35

Identifiers

@fullcalendar/daygrid:5.11.4

Description:

Display events on Month view or DayGrid view

License:

MIT
File Path: /var/simplicite/simplicite-5.3/package.json?/@fullcalendar/daygrid:5.11.4

Referenced In Project/Scope: simplicite-js:5.3.35

Identifiers

@fullcalendar/google-calendar:5.11.4

Description:

Fetch events from a public Google Calendar feed

License:

MIT
File Path: /var/simplicite/simplicite-5.3/package.json?/@fullcalendar/google-calendar:5.11.4

Referenced In Project/Scope: simplicite-js:5.3.35

Identifiers

@fullcalendar/interaction:5.11.4

Description:

Provides functionality for event drag-n-drop, resizing, dateClick, and selectable actions

License:

MIT
File Path: /var/simplicite/simplicite-5.3/package.json?/@fullcalendar/interaction:5.11.4

Referenced In Project/Scope: simplicite-js:5.3.35

Identifiers

@fullcalendar/list:5.11.4

Description:

View your events as a bulleted list

License:

MIT
File Path: /var/simplicite/simplicite-5.3/package.json?/@fullcalendar/list:5.11.4

Referenced In Project/Scope: simplicite-js:5.3.35

Identifiers

@fullcalendar/luxon:5.11.4

Description:

A connector to the Luxon 1 date library

License:

MIT
File Path: /var/simplicite/simplicite-5.3/package.json?/@fullcalendar/luxon:5.11.4

Referenced In Project/Scope: simplicite-js:5.3.35

Identifiers

@fullcalendar/moment-timezone:5.11.4

Description:

A connector to the moment-timezone library

License:

MIT
File Path: /var/simplicite/simplicite-5.3/package.json?/@fullcalendar/moment-timezone:5.11.4

Referenced In Project/Scope: simplicite-js:5.3.35

Identifiers

@fullcalendar/moment:5.11.4

Description:

A connector to the MomentJS date library

License:

MIT
File Path: /var/simplicite/simplicite-5.3/package.json?/@fullcalendar/moment:5.11.4

Referenced In Project/Scope: simplicite-js:5.3.35

Identifiers

@fullcalendar/rrule:5.11.4

Description:

A connector to the RRule library, for recurring events

License:

MIT
File Path: /var/simplicite/simplicite-5.3/package.json?/@fullcalendar/rrule:5.11.4

Referenced In Project/Scope: simplicite-js:5.3.35

Identifiers

@fullcalendar/timegrid:5.11.4

Description:

Display your events on a grid of time slots

License:

MIT
File Path: /var/simplicite/simplicite-5.3/package.json?/@fullcalendar/timegrid:5.11.4

Referenced In Project/Scope: simplicite-js:5.3.35

Identifiers

HikariCP-5.0.1.jar

Description:

Ultimate JDBC Connection Pool

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/zaxxer/HikariCP/5.0.1/HikariCP-5.0.1.jar
MD5: 3bc96d2ce8285470da11ec41bff6129f
SHA1: a74c7f0a37046846e88d54f7cb6ea6d565c65f9c
SHA256:26d492397e6775b4296737a8919bf04047afe5827fdd2c08b4557595436b3a2b
Referenced In Project/Scope: Simplicite Platform:compile
HikariCP-5.0.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

JavaEWAH-1.1.13.jar

Description:

The bit array data structure is implemented in Java as the BitSet class. Unfortunately, this fails to scale without compression.
  JavaEWAH is a word-aligned compressed variant of the Java bitset class. It uses a 64-bit run-length encoding (RLE) compression scheme.
  The goal of word-aligned compression is not to achieve the best compression, but rather to improve query processing time. Hence, we try to save CPU cycles, maybe at the expense of storage. However, the EWAH scheme we implemented is always more efficient storage-wise than an uncompressed bitmap (implemented in Java as the BitSet class). Unlike some alternatives, javaewah does not rely on a patented scheme.

License:

Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/googlecode/javaewah/JavaEWAH/1.1.13/JavaEWAH-1.1.13.jar
MD5: a1eb305e5cc5bba238d4360e3139abb4
SHA1: 32cd724a42dc73f99ca08453d11a4bb83e0034c7
SHA256:4c0fda2b1d317750d7ea324e36c70b2bc48310c0aaae67b98df0915d696d7111
Referenced In Project/Scope: Simplicite Platform:compile
JavaEWAH-1.1.13.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.eclipse.jgit/org.eclipse.jgit@6.5.0.202303070854-r

Identifiers

SparseBitSet-1.2.jar

Description:

An efficient sparse bitset implementation for Java

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/zaxxer/SparseBitSet/1.2/SparseBitSet-1.2.jar
MD5: 1c6032441aec11b523e1a7bfa96d60cf
SHA1: 8467c813d442837fcaeddbc42cf5c5359fab4933
SHA256:91e6b318c901a0f2dd1f6ce781d62474435ae627d22fbac9b21bbc39ffd804b6
Referenced In Project/Scope: Simplicite Platform:compile
SparseBitSet-1.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.poi/poi@5.2.3

Identifiers

accessors-smart-2.4.9.jar

Description:

Java reflect give poor performance on getter setter an constructor calls, accessors-smart use ASM to speed up those calls.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/net/minidev/accessors-smart/2.4.9/accessors-smart-2.4.9.jar
MD5: 339685c20dcac95c4f5b59e70daadc0e
SHA1: 32e540749224c22c9b17de8137e916aae9057e22
SHA256:accdd5c7ac4c49b155890aaea1ffca2a9ccd5826b562dd95a99fc1887003e031
Referenced In Project/Scope: Simplicite Platform:runtime
accessors-smart-2.4.9.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.jayway.jsonpath/json-path@2.8.0

Identifiers

ace-builds:1.18.0

Description:

Ace (Ajax.org Cloud9 Editor)

License:

BSD-3-Clause
File Path: /var/simplicite/simplicite-5.3/package.json?/ace-builds:1.18.0

Referenced In Project/Scope: simplicite-js:5.3.35

Identifiers

ace-diff:3.0.3

Description:

A diff/merging wrapper for Ace Editor built on google-diff-match-patch

License:

MIT
File Path: /var/simplicite/simplicite-5.3/package.json?/ace-diff:3.0.3

Referenced In Project/Scope: simplicite-js:5.3.35

Identifiers

angus-activation-2.0.0.jar

Description:

 Implementation

License:

http://www.eclipse.org/org/documents/edl-v10.php
File Path: /var/simplicite/.m2/repository/org/eclipse/angus/angus-activation/2.0.0/angus-activation-2.0.0.jar
MD5: 834539f269d476663784d8571048f3c4
SHA1: 72369f4e2314d38de2dcbb277141ef0226f73151
SHA256:3a12d321a0f35aa9458ff9b6ee93a3de76b78e3f18b077c81721473d83079147
Referenced In Project/Scope: Simplicite Platform:runtime
angus-activation-2.0.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.eclipse.angus/jakarta.mail@2.0.1

Identifiers

animal-sniffer-annotations-1.21.jar

File Path: /var/simplicite/.m2/repository/org/codehaus/mojo/animal-sniffer-annotations/1.21/animal-sniffer-annotations-1.21.jar
MD5: 8e018b5f98c87e95dc13662c05a3b447
SHA1: 419a9acd297cb6fe6f91b982d909f2c20e9fa5c0
SHA256:2f25841c937e24959a57b630e2c4b8525b3d0f536f2e511c9b2bed30b1651d54
Referenced In Project/Scope: Simplicite Platform:runtime
animal-sniffer-annotations-1.21.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.google.cloud/google-cloud-pubsub@1.116.3

Identifiers

annotations-4.1.1.4.jar

Description:

A library jar that provides annotations for the Google Android Platform.

License:

Apache 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: /var/simplicite/.m2/repository/com/google/android/annotations/4.1.1.4/annotations-4.1.1.4.jar
MD5: c2cdd26a6ae577f24775e8ce75da1fdc
SHA1: a1678ba907bf92691d879fef34e1a187038f9259
SHA256:ba734e1e84c09d615af6a09d33034b4f0442f8772dec120efb376d86a565ae15
Referenced In Project/Scope: Simplicite Platform:runtime
annotations-4.1.1.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.google.cloud/google-cloud-pubsub@1.116.3

Identifiers

ant-1.10.13.jar

File Path: /var/simplicite/.m2/repository/org/apache/ant/ant/1.10.13/ant-1.10.13.jar
MD5: 0781dacdb3a7af3a1c1f6d5187438da4
SHA1: 85fd5990a27ddafe8af3f7a6d7132d2c29a22a7c
SHA256:befbfc79e744e9892cfa7db96df3b6e82dc17d2571af42aa427976fc22299838
Referenced In Project/Scope: Simplicite Platform:compile
ant-1.10.13.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

antlr-2.7.7.jar

Description:

    A framework for constructing recognizers, compilers,
    and translators from grammatical descriptions containing
    Java, C#, C++, or Python actions.

License:

BSD License: http://www.antlr.org/license.html
File Path: /var/simplicite/.m2/repository/antlr/antlr/2.7.7/antlr-2.7.7.jar
MD5: f8f1352c52a4c6a500b597596501fc64
SHA1: 83cd2cd674a217ade95a4bb83a8a14f351f48bd0
SHA256:88fbda4b912596b9f56e8e12e580cc954bacfb51776ecfddd3e18fc1cf56dc4c
Referenced In Project/Scope: Simplicite Platform:compile
antlr-2.7.7.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.docx4j/docx4j-core@11.4.5

Identifiers

antlr-runtime-3.5.2.jar

Description:

A framework for constructing recognizers, compilers, and translators from grammatical descriptions containing Java, C#, C++, or Python actions.

File Path: /var/simplicite/.m2/repository/org/antlr/antlr-runtime/3.5.2/antlr-runtime-3.5.2.jar
MD5: 1fbbae2cb72530207c20b797bdabd029
SHA1: cd9cd41361c155f3af0f653009dcecb08d8b4afd
SHA256:ce3fc8ecb10f39e9a3cddcbb2ce350d272d9cd3d0b1e18e6fe73c3b9389c8734
Referenced In Project/Scope: Simplicite Platform:compile
antlr-runtime-3.5.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.docx4j/docx4j-core@11.4.5

Identifiers

aopalliance-1.0.jar

Description:

AOP Alliance

License:

Public Domain
File Path: /var/simplicite/.m2/repository/aopalliance/aopalliance/1.0/aopalliance-1.0.jar
MD5: 04177054e180d09e3998808efa0401c7
SHA1: 0235ba8b489512805ac13a8f9ea77a1ca5ebe3e8
SHA256:0addec670fedcd3f113c5c8091d783280d23f75e3acb841b61a9cdb079376a08
Referenced In Project/Scope: Simplicite Platform:compile
aopalliance-1.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.jclouds/jclouds-core@2.5.0

Identifiers

aopalliance-repackaged-2.6.1.jar

Description:

Dependency Injection Kernel

License:

http://www.eclipse.org/legal/epl-2.0, https://www.gnu.org/software/classpath/license.html
File Path: /var/simplicite/.m2/repository/org/glassfish/hk2/external/aopalliance-repackaged/2.6.1/aopalliance-repackaged-2.6.1.jar
MD5: 0237846ebdaa7db36b356044a373ffba
SHA1: b2eb0a83bcbb44cc5d25f8b18f23be116313a638
SHA256:bad77f9278d753406360af9e4747bd9b3161554ea9cd3d62411a0ae1f2c141fd
Referenced In Project/Scope: Simplicite Platform:provided
aopalliance-repackaged-2.6.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.docusign/docusign-esign-java@3.18.0

Identifiers

apache-mime4j-core-0.8.9.jar

Description:

Java stream based MIME message parser

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/james/apache-mime4j-core/0.8.9/apache-mime4j-core-0.8.9.jar
MD5: 83d942785627f7538d44b360a13ad824
SHA1: 718755ac63359ab202911caf76cf79d9d44f8e17
SHA256:901486a66c0eeee9d6bd63b1eaa195e164100cf415b0122388813d484947801f
Referenced In Project/Scope: Simplicite Platform:compile
apache-mime4j-core-0.8.9.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

CVE-2024-21742 (OSSINDEX)  

Improper input validation allows for header injection in MIME4J library when using MIME4J DOM for composing message.
This can be exploited by an attacker to add unintended headers to MIME messages.
CWE-20 Improper Input Validation

CVSSv2:
  • Base Score: MEDIUM (5.3)
  • Vector: /AV:N/AC:L/Au:/C:N/I:L/A:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.apache.james:apache-mime4j-core:0.8.9:*:*:*:*:*:*:*

apache-mime4j-dom-0.8.9.jar

Description:

Java MIME Document Object Model

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/james/apache-mime4j-dom/0.8.9/apache-mime4j-dom-0.8.9.jar
MD5: 72175c47d8dd8d678f3433fc88dc3cd7
SHA1: cf9daba1dd95aa3c32a05fbfb5edf5f078a0465a
SHA256:726d04098a6317cf175b3708a736ed4ecbc09cf7673784eaf1f4251f030d2433
Referenced In Project/Scope: Simplicite Platform:compile
apache-mime4j-dom-0.8.9.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

api-common-2.1.5.jar

Description:

Common utilities for Google APIs in Java

License:

BSD: https://github.com/googleapis/api-common-java/blob/master/LICENSE
File Path: /var/simplicite/.m2/repository/com/google/api/api-common/2.1.5/api-common-2.1.5.jar
MD5: 06217329f446606a8009b22ff2a1727e
SHA1: 856fe2e1cafce0314ba0916affb5744d5b6e7425
SHA256:661307a5436fcbfcbc1b5c98aba9067bddfed5fff1b07330a056f84779b703c0
Referenced In Project/Scope: Simplicite Platform:compile
api-common-2.1.5.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.google.cloud/google-cloud-storage@2.6.0

Identifiers

asm-9.4.jar

Description:

ASM, a very small and fast Java bytecode manipulation framework

License:

BSD-3-Clause: https://asm.ow2.io/license.html
File Path: /var/simplicite/.m2/repository/org/ow2/asm/asm/9.4/asm-9.4.jar
MD5: ffa64f03a23a4823d98703e6ce6ff397
SHA1: b4e0e2d2e023aa317b7cfcfc916377ea348e07d1
SHA256:39d0e2b3dc45af65a09b097945750a94a126e052e124f93468443a1d0e15f381
Referenced In Project/Scope: Simplicite Platform:compile
asm-9.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.tika/tika-parsers-standard-package@2.7.0

Identifiers

auto-value-annotations-1.9.jar

Description:

    Immutable value-type code generation for Java 1.7+.

File Path: /var/simplicite/.m2/repository/com/google/auto/value/auto-value-annotations/1.9/auto-value-annotations-1.9.jar
MD5: 86f1f5d71eceea4eb4e3ad0505e8b22c
SHA1: 25a0fcef915f663679fcdb447541c5d86a9be4ba
SHA256:fa5469f4c44ee598a2d8f033ab0a9dcbc6498a0c5e0c998dfa0c2adf51358044
Referenced In Project/Scope: Simplicite Platform:compile
auto-value-annotations-1.9.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.google.cloud/google-cloud-storage@2.6.0

Identifiers

autolink-0.10.0.jar

Description:

        Java library to extract links (URLs, email addresses) from plain text;
        fast, small and smart about recognizing where links end

License:

MIT License: http://www.opensource.org/licenses/mit-license.php
File Path: /var/simplicite/.m2/repository/org/nibor/autolink/autolink/0.10.0/autolink-0.10.0.jar
MD5: be771f6d4d82b9098596afa30b4f48ea
SHA1: 6579ea7079be461e5ffa99f33222a632711cc671
SHA256:302b30160968415ee6cd1907987138c7575a6315f9b6ef13b9fe3abc87367857
Referenced In Project/Scope: Simplicite Platform:compile
autolink-0.10.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.commonmark/commonmark-ext-autolink@0.21.0

Identifiers

avalon-framework-impl-4.2.0.jar

File Path: /var/simplicite/.m2/repository/avalon-framework/avalon-framework-impl/4.2.0/avalon-framework-impl-4.2.0.jar
MD5: 5c1f8f5c8c6c043538fc4ea038c2aaf6
SHA1: 4da1db18947eb6950abb7ad79253011b9aec0e48
SHA256:ed42c573cab460ca634b5c64a3b40ed1d67d6ee47fe25f87947370bede6af814
Referenced In Project/Scope: Simplicite Platform:compile
avalon-framework-impl-4.2.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.sf.barcode4j/barcode4j@2.1

Identifiers

aws-s3-2.5.0.jar

Description:

Simple Storage Service (S3) implementation targeted to Amazon Web Services

File Path: /var/simplicite/.m2/repository/org/apache/jclouds/provider/aws-s3/2.5.0/aws-s3-2.5.0.jar
MD5: 167cb45c01df725ad27b3a8138951cc8
SHA1: 034fcf2ec0a9897bb7fcdeabc2a9d8673395a6a1
SHA256:166aeb5c25a235f63323ebc2edec912f2060f2199edd82f19f355bd014f79710
Referenced In Project/Scope: Simplicite Platform:compile
aws-s3-2.5.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

azureblob-2.5.0.jar

Description:

jclouds components to access Azure Blob Service

File Path: /var/simplicite/.m2/repository/org/apache/jclouds/provider/azureblob/2.5.0/azureblob-2.5.0.jar
MD5: d3e3160cb1cdc5825d454505c429999d
SHA1: ce68d3bce0bc135ec7d958980b3e30267ad805b6
SHA256:c21dd6a733163ed9c2f9f487ea02a723a20526de33e87cd5b3d328833b476cd0
Referenced In Project/Scope: Simplicite Platform:compile
azureblob-2.5.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

barcode4j-2.1.jar

Description:

Barcode4J is a flexible generator for barcodes written in Java.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/net/sf/barcode4j/barcode4j/2.1/barcode4j-2.1.jar
MD5: 4fc30cdb7b1abaf1ce08f26b0666e351
SHA1: 4b38b2219c0d522fcea8238493f2ea3e238ef529
SHA256:eb7252cc41a1539bcd018348e9f60e0942872bdaa49c58051e656a6be94969fb
Referenced In Project/Scope: Simplicite Platform:compile
barcode4j-2.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

bcmail-jdk18on-1.73.jar

Description:

The Bouncy Castle Java S/MIME APIs for handling S/MIME protocols. This jar contains S/MIME APIs for JDK 1.8 and up. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs. The JavaMail API and the Java activation framework will also be needed.

License:

Bouncy Castle Licence: https://www.bouncycastle.org/licence.html
File Path: /var/simplicite/.m2/repository/org/bouncycastle/bcmail-jdk18on/1.73/bcmail-jdk18on-1.73.jar
MD5: d0f7939c8a9b3f7d90bfa8060318843e
SHA1: 2c132108f42d6fe499938440b5da9c65da06033b
SHA256:d94dc99d55152cab2bb5496601902cd7db06dfd960450d27b67118102f91f7e1
Referenced In Project/Scope: Simplicite Platform:compile
bcmail-jdk18on-1.73.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

  • pkg:maven/org.bouncycastle/bcmail-jdk18on@1.73  (Confidence:High)
  • cpe:2.3:a:bouncycastle:bouncy_castle_for_java:1.73:*:*:*:*:*:*:*  (Confidence:Low)  
  • cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle:1.73:*:*:*:*:*:*:*  (Confidence:Low)  

bcpg-jdk18on-1.73.jar

Description:

The Bouncy Castle Java API for handling the OpenPGP protocol. This jar contains the OpenPGP API for JDK 1.8 and up. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs.

License:

Bouncy Castle Licence: https://www.bouncycastle.org/licence.html
Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /var/simplicite/.m2/repository/org/bouncycastle/bcpg-jdk18on/1.73/bcpg-jdk18on-1.73.jar
MD5: 0e3aaf2b2fae29065f9098fd24b63899
SHA1: 2838f8c35e6e716349ce780c9c88271cab32065d
SHA256:dd6efbd826f0d3aed3a1193acf1d81dd6044c585b90ddf88adca4e1fb41a0984
Referenced In Project/Scope: Simplicite Platform:compile
bcpg-jdk18on-1.73.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

  • pkg:maven/org.bouncycastle/bcpg-jdk18on@1.73  (Confidence:High)
  • cpe:2.3:a:bouncycastle:bouncy_castle_for_java:1.73:*:*:*:*:*:*:*  (Confidence:Low)  
  • cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle:1.73:*:*:*:*:*:*:*  (Confidence:Low)  
  • cpe:2.3:a:openpgp:openpgp:1.73:*:*:*:*:*:*:*  (Confidence:Low)  

bcpkix-jdk18on-1.73.jar

Description:

The Bouncy Castle Java APIs for CMS, PKCS, EAC, TSP, CMP, CRMF, OCSP, and certificate generation. This jar contains APIs for JDK 1.8 and up. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs.

License:

Bouncy Castle Licence: https://www.bouncycastle.org/licence.html
File Path: /var/simplicite/.m2/repository/org/bouncycastle/bcpkix-jdk18on/1.73/bcpkix-jdk18on-1.73.jar
MD5: 18315c3729fc76e2217efffd1f618e64
SHA1: fd41dae0f564a93888ed5ade426281de94824717
SHA256:9487164ba018f2211fcc0f989d6f4ea25b7d48fc6031501c3c7e3a17b164d860
Referenced In Project/Scope: Simplicite Platform:compile
bcpkix-jdk18on-1.73.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

  • pkg:maven/org.bouncycastle/bcpkix-jdk18on@1.73  (Confidence:High)
  • cpe:2.3:a:bouncycastle:bouncy_castle_for_java:1.73:*:*:*:*:*:*:*  (Confidence:Low)  
  • cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle:1.73:*:*:*:*:*:*:*  (Confidence:Low)  

bcprov-ext-jdk18on-1.73.jar

Description:

The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.8 and up. Note: this package includes the NTRU encryption algorithms.

License:

Bouncy Castle Licence: https://www.bouncycastle.org/licence.html
File Path: /var/simplicite/.m2/repository/org/bouncycastle/bcprov-ext-jdk18on/1.73/bcprov-ext-jdk18on-1.73.jar
MD5: e0e7191a082e33ca6fe4af159fbd5bff
SHA1: faec66c90751bf9e97f4ae148955e377021982f2
SHA256:f137490b4d8fa5aeaca5683bca391f7c91eb2085b625c28dde1a3e18506d7034
Referenced In Project/Scope: Simplicite Platform:compile
bcprov-ext-jdk18on-1.73.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

  • pkg:maven/org.bouncycastle/bcprov-ext-jdk18on@1.73  (Confidence:High)
  • cpe:2.3:a:bouncycastle:bouncy_castle_for_java:1.73:*:*:*:*:*:*:*  (Confidence:Low)  
  • cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle:1.73:*:*:*:*:*:*:*  (Confidence:Low)  

CVE-2024-29857 (OSSINDEX)  

bouncycastle - Denial of Service (DoS)
CWE-400 Uncontrolled Resource Consumption

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:/C:N/I:N/A:H

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.bouncycastle:bcprov-ext-jdk18on:1.73:*:*:*:*:*:*:*

CVE-2024-30171 (OSSINDEX)  

bouncycastle - Timing Attack
CWE-208 Observable Timing Discrepancy

CVSSv2:
  • Base Score: MEDIUM (5.9)
  • Vector: /AV:N/AC:H/Au:/C:H/I:N/A:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.bouncycastle:bcprov-ext-jdk18on:1.73:*:*:*:*:*:*:*

CVE-2024-30172 (OSSINDEX)  

Bouncy Castle - Infinite Loop
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

CVSSv2:
  • Base Score: MEDIUM (5.9)
  • Vector: /AV:N/AC:H/Au:/C:N/I:N/A:H

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.bouncycastle:bcprov-ext-jdk18on:1.73:*:*:*:*:*:*:*

CVE-2023-33201 (OSSINDEX)  

Bouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability. The vulnerability only affects applications that use an LDAP CertStore from Bouncy Castle to validate X.509 certificates. During the certificate validation process, Bouncy Castle inserts the certificate's Subject Name into an LDAP search filter without any escaping, which leads to an LDAP injection vulnerability.
CWE-295 Improper Certificate Validation

CVSSv2:
  • Base Score: MEDIUM (5.3)
  • Vector: /AV:N/AC:L/Au:/C:L/I:N/A:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.bouncycastle:bcprov-ext-jdk18on:1.73:*:*:*:*:*:*:*

bcprov-jdk15on-1.69.jar

Description:

The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.5 and up.

License:

Bouncy Castle Licence: https://www.bouncycastle.org/licence.html
File Path: /var/simplicite/.m2/repository/org/bouncycastle/bcprov-jdk15on/1.69/bcprov-jdk15on-1.69.jar
MD5: 76388cd78560913812a26f6f44651f53
SHA1: 91e1628251cf3ca90093ce9d0fe67e5b7dab3850
SHA256:e469bd39f936999f256002631003ff022a22951da9d5bd9789c7abfa9763a292
Referenced In Project/Scope: Simplicite Platform:runtime
bcprov-jdk15on-1.69.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.docusign/docusign-esign-java@3.18.0

Identifiers

  • pkg:maven/org.bouncycastle/bcprov-jdk15on@1.69  (Confidence:High)
  • cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.69:*:*:*:*:*:*:*  (Confidence:Low)  
  • cpe:2.3:a:bouncycastle:bouncy_castle_crypto_package:1.69:*:*:*:*:*:*:*  (Confidence:Low)  
  • cpe:2.3:a:bouncycastle:bouncy_castle_for_java:1.69:*:*:*:*:*:*:*  (Confidence:Low)  
  • cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle:1.69:*:*:*:*:*:*:*  (Confidence:Low)  
  • cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.69:*:*:*:*:*:*:*  (Confidence:Low)  
  • cpe:2.3:a:bouncycastle:the_bouncy_castle_crypto_package_for_java:1.69:*:*:*:*:*:*:*  (Confidence:Low)  

CVE-2024-29857 (OSSINDEX)  

bouncycastle - Denial of Service (DoS)
CWE-400 Uncontrolled Resource Consumption

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:/C:N/I:N/A:H

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.bouncycastle:bcprov-jdk15on:1.69:*:*:*:*:*:*:*

CVE-2024-30171 (OSSINDEX)  

bouncycastle - Timing Attack
CWE-208 Observable Timing Discrepancy

CVSSv2:
  • Base Score: MEDIUM (5.9)
  • Vector: /AV:N/AC:H/Au:/C:H/I:N/A:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.bouncycastle:bcprov-jdk15on:1.69:*:*:*:*:*:*:*

CVE-2023-33202  

Bouncy Castle for Java before 1.73 contains a potential Denial of Service (DoS) issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams containing X.509 certificates, PKCS8 encoded keys, and PKCS7 objects. Parsing a file that has crafted ASN.1 data through the PEMParser causes an OutOfMemoryError, which can enable a denial of service attack. (For users of the FIPS Java API: BC-FJA 1.0.2.3 and earlier are affected; BC-FJA 1.0.2.4 is fixed.)
CWE-400 Uncontrolled Resource Consumption

CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

CVE-2023-33201 (OSSINDEX)  

Bouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability. The vulnerability only affects applications that use an LDAP CertStore from Bouncy Castle to validate X.509 certificates. During the certificate validation process, Bouncy Castle inserts the certificate's Subject Name into an LDAP search filter without any escaping, which leads to an LDAP injection vulnerability.
CWE-295 Improper Certificate Validation

CVSSv2:
  • Base Score: MEDIUM (5.3)
  • Vector: /AV:N/AC:L/Au:/C:L/I:N/A:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.bouncycastle:bcprov-jdk15on:1.69:*:*:*:*:*:*:*

bcprov-jdk18on-1.73.jar

Description:

The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.8 and up.

License:

Bouncy Castle Licence: https://www.bouncycastle.org/licence.html
File Path: /var/simplicite/.m2/repository/org/bouncycastle/bcprov-jdk18on/1.73/bcprov-jdk18on-1.73.jar
MD5: db1309ef2297987495d57456a66fe137
SHA1: 4bd3de48e5153059fe3f80cbcf86ea221795ee55
SHA256:ad3ae628f4459a8fecb5c1a142b5525ce5118817414f97efd92f5448a69180ff
Referenced In Project/Scope: Simplicite Platform:compile
bcprov-jdk18on-1.73.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

  • pkg:maven/org.bouncycastle/bcprov-jdk18on@1.73  (Confidence:High)
  • cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.73:*:*:*:*:*:*:*  (Confidence:Low)  
  • cpe:2.3:a:bouncycastle:bouncy_castle_crypto_package:1.73:*:*:*:*:*:*:*  (Confidence:Low)  
  • cpe:2.3:a:bouncycastle:bouncy_castle_for_java:1.73:*:*:*:*:*:*:*  (Confidence:Low)  
  • cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle:1.73:*:*:*:*:*:*:*  (Confidence:Low)  
  • cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.73:*:*:*:*:*:*:*  (Confidence:Low)  
  • cpe:2.3:a:bouncycastle:the_bouncy_castle_crypto_package_for_java:1.73:*:*:*:*:*:*:*  (Confidence:Low)  

CVE-2024-29857 (OSSINDEX)  

bouncycastle - Denial of Service (DoS)
CWE-400 Uncontrolled Resource Consumption

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:/C:N/I:N/A:H

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.bouncycastle:bcprov-jdk18on:1.73:*:*:*:*:*:*:*

CVE-2024-30171 (OSSINDEX)  

bouncycastle - Timing Attack
CWE-208 Observable Timing Discrepancy

CVSSv2:
  • Base Score: MEDIUM (5.9)
  • Vector: /AV:N/AC:H/Au:/C:H/I:N/A:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.bouncycastle:bcprov-jdk18on:1.73:*:*:*:*:*:*:*

CVE-2024-30172 (OSSINDEX)  

Bouncy Castle - Infinite Loop
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

CVSSv2:
  • Base Score: MEDIUM (5.9)
  • Vector: /AV:N/AC:H/Au:/C:N/I:N/A:H

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.bouncycastle:bcprov-jdk18on:1.73:*:*:*:*:*:*:*

CVE-2023-33201 (OSSINDEX)  

Bouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability. The vulnerability only affects applications that use an LDAP CertStore from Bouncy Castle to validate X.509 certificates. During the certificate validation process, Bouncy Castle inserts the certificate's Subject Name into an LDAP search filter without any escaping, which leads to an LDAP injection vulnerability.
CWE-295 Improper Certificate Validation

CVSSv2:
  • Base Score: MEDIUM (5.3)
  • Vector: /AV:N/AC:L/Au:/C:L/I:N/A:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.bouncycastle:bcprov-jdk18on:1.73:*:*:*:*:*:*:*

bcutil-jdk18on-1.73.jar

Description:

The Bouncy Castle Java APIs for ASN.1 extension and utility APIs used to support bcpkix and bctls. This jar contains APIs for JDK 1.8 and up.

License:

Bouncy Castle Licence: https://www.bouncycastle.org/licence.html
File Path: /var/simplicite/.m2/repository/org/bouncycastle/bcutil-jdk18on/1.73/bcutil-jdk18on-1.73.jar
MD5: e535f6c495b9197e287f68375b0508f1
SHA1: 073a680acd04b249a6773f49200092cadb670bf0
SHA256:0b70292c36cfe08ac00a71f5cc5af4c412ceedbc8c0f0a22995dbacfaf25dd42
Referenced In Project/Scope: Simplicite Platform:compile
bcutil-jdk18on-1.73.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.bouncycastle/bcpkix-jdk18on@1.73

Identifiers

  • pkg:maven/org.bouncycastle/bcutil-jdk18on@1.73  (Confidence:High)
  • cpe:2.3:a:bouncycastle:bouncy_castle_for_java:1.73:*:*:*:*:*:*:*  (Confidence:Low)  
  • cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle:1.73:*:*:*:*:*:*:*  (Confidence:Low)  

bootbox:6.0.0

Description:

Wrappers for JavaScript alert(), confirm(), prompt(), and other flexible dialogs using the Bootstrap framework

License:

MIT
File Path: /var/simplicite/simplicite-5.3/package.json?/bootbox:6.0.0

Referenced In Project/Scope: simplicite-js:5.3.35

Identifiers

CVE-2023-46998 (OSSINDEX)  

Cross Site Scripting vulnerability in BootBox Bootbox.js v.3.2 through 6.0 allows a remote attacker to execute arbitrary code via a crafted payload to alert(), confirm(), prompt() functions.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (6.1)
  • Vector: /AV:N/AC:L/Au:/C:L/I:L/A:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:*:bootbox:6.0.0:*:*:*:*:*:*:*

bootstrap:5.2.3

Description:

The most popular front-end framework for developing responsive, mobile first projects on the web.

License:

MIT
File Path: /var/simplicite/simplicite-5.3/package.json?/bootstrap:5.2.3

Referenced In Project/Scope: simplicite-js:5.3.35

Identifiers

bson-3.12.13.jar

Description:

The BSON library

License:

The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/mongodb/bson/3.12.13/bson-3.12.13.jar
MD5: 8372c7e19dfc5164761daaeca1557548
SHA1: 49dc931b5629509b06a9f696f8036d258adc90ef
SHA256:d1837cb8c051e4212f95adba227f566b752fe0f14e51717b5d60b4ed77b8803e
Referenced In Project/Scope: Simplicite Platform:compile
bson-3.12.13.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.mongodb/mongodb-driver@3.12.13

Identifiers

byte-buddy-1.14.4.jar

Description:

        Byte Buddy is a Java library for creating Java classes at run time.
        This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/net/bytebuddy/byte-buddy/1.14.4/byte-buddy-1.14.4.jar
MD5: 21117c3c69db9aa3080d611640a27bb9
SHA1: 20498aaec9b00a5cfdb831e7bf68feafa833ce4b
SHA256:7ae2b39ac230be9e3e09ce020406c017ff8ceba06eaf078c62a88c218a0ff2b4
Referenced In Project/Scope: Simplicite Platform:compile
byte-buddy-1.14.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.mockito/mockito-core@5.3.0

Identifiers

byte-buddy-agent-1.14.4.jar

Description:

The Byte Buddy agent offers convenience for attaching an agent to the local or a remote VM.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/net/bytebuddy/byte-buddy-agent/1.14.4/byte-buddy-agent-1.14.4.jar
MD5: f9b055b741a5a0539d86a4f984ac9a68
SHA1: 3bf5ac1104554908cc623e40e58a00be37c35f36
SHA256:fbd1ab3db43c6c78b8804908cb95b656517f5c82e7fde8d255d8bdceef412d70
Referenced In Project/Scope: Simplicite Platform:compile
byte-buddy-agent-1.14.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.mockito/mockito-core@5.3.0

Identifiers

byte-buddy-agent-1.14.4.jar: attach_hotspot_windows.dll

File Path: /var/simplicite/.m2/repository/net/bytebuddy/byte-buddy-agent/1.14.4/byte-buddy-agent-1.14.4.jar/win32-x86-64/attach_hotspot_windows.dll
MD5: 053a783e5777c6a9867c27d51af89677
SHA1: 5ef4d98ae6a033a5707d0b5466e6138beb337e76
SHA256:16d424423f9b09accf132ad35dbeaa52ac9f6bd45bba1406b89df851f651db20
Referenced In Project/Scope: Simplicite Platform:compile

Identifiers

  • None

byte-buddy-agent-1.14.4.jar: attach_hotspot_windows.dll

File Path: /var/simplicite/.m2/repository/net/bytebuddy/byte-buddy-agent/1.14.4/byte-buddy-agent-1.14.4.jar/win32-x86/attach_hotspot_windows.dll
MD5: fbca33102ac97be0ed496c0f78e466b3
SHA1: c4df05146a86a6d073769bb697d550ef42518ed5
SHA256:810f94c4a2f5ca1a072c19859f7954fed9aa3a1dcb0d601e92d2338793202e72
Referenced In Project/Scope: Simplicite Platform:compile

Identifiers

  • None

c3p0-0.9.5.5.jar

Description:

a JDBC Connection pooling / Statement caching library

License:

GNU Lesser General Public License, Version 2.1: http://www.gnu.org/licenses/lgpl-2.1.html
Eclipse Public License, Version 1.0: http://www.eclipse.org/org/documents/epl-v10.php
File Path: /var/simplicite/.m2/repository/com/mchange/c3p0/0.9.5.5/c3p0-0.9.5.5.jar
MD5: 9fc982b4b179e44cec986ea86fe1bff7
SHA1: 37dfc3021e5589d65ff2ae0becf811510b87ab01
SHA256:96cec5ddfe2f08b8407125d8228eb0392121e1bf2239ca621bb19228b67f741a
Referenced In Project/Scope: Simplicite Platform:compile
c3p0-0.9.5.5.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

cache-api-1.1.0.jar

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/javax/cache/cache-api/1.1.0/cache-api-1.1.0.jar
MD5: ac907ad12e9a7ac5d41abf703855002f
SHA1: 77bdcff7814076dfa61611b0db88487c515150b6
SHA256:6c980ad1ae4a6dda3bdb62986c3ef5b41ccf766e12353587ee4e4307e27e155a
Referenced In Project/Scope: Simplicite Platform:compile
cache-api-1.1.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.ehcache/ehcache@3.10.8

Identifiers

caffeine-3.1.6.jar

Description:

A high performance caching library

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/github/ben-manes/caffeine/caffeine/3.1.6/caffeine-3.1.6.jar
MD5: 7661b25999918646ec802846cc4c16bc
SHA1: 3646a0d1b1abe6a31f72f2237d9004d10a5be91d
SHA256:0311f9d5d9750aa2a1c11cbdba5a5cb7fec91c8870d6f179f324b3f5295b87dd
Referenced In Project/Scope: Simplicite Platform:compile
caffeine-3.1.6.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

chart.js:3.9.1

Description:

Simple HTML5 charts using the canvas element.

License:

MIT
File Path: /var/simplicite/simplicite-5.3/package.json?/chart.js:3.9.1

Referenced In Project/Scope: simplicite-js:5.3.35

Identifiers

chartjs-adapter-moment:1.0.1

Description:

Chart.js adapter to use Moment.js for time functionalities

License:

MIT
File Path: /var/simplicite/simplicite-5.3/package.json?/chartjs-adapter-moment:1.0.1

Referenced In Project/Scope: simplicite-js:5.3.35

Identifiers

checker-compat-qual-2.5.5.jar

Description:

        Checker Qual is the set of annotations (qualifiers) and supporting classes
        used by the Checker Framework to type check Java source code.  Please
        see artifact:
        org.checkerframework:checker

License:

GNU General Public License, version 2 (GPL2), with the classpath exception: http://www.gnu.org/software/classpath/license.html
The MIT License: http://opensource.org/licenses/MIT
File Path: /var/simplicite/.m2/repository/org/checkerframework/checker-compat-qual/2.5.5/checker-compat-qual-2.5.5.jar
MD5: b7a5c96547fb3fb6869f5f76bcd19b15
SHA1: 435dc33e3019c9f019e15f01aa111de9d6b2b79c
SHA256:11d134b245e9cacc474514d2d66b5b8618f8039a1465cdc55bbc0b34e0008b7a
Referenced In Project/Scope: Simplicite Platform:compile
checker-compat-qual-2.5.5.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.google.firebase/firebase-admin@8.1.0

Identifiers

checker-qual-3.33.0.jar

Description:

checker-qual contains annotations (type qualifiers) that a programmer
writes to specify Java code for type-checking by the Checker Framework.

License:

The MIT License: http://opensource.org/licenses/MIT
File Path: /var/simplicite/.m2/repository/org/checkerframework/checker-qual/3.33.0/checker-qual-3.33.0.jar
MD5: fc9418b779d9d57dcd52197006cbdb9b
SHA1: de2b60b62da487644fc11f734e73c8b0b431238f
SHA256:e316255bbfcd9fe50d165314b85abb2b33cb2a66a93c491db648e498a82c2de1
Referenced In Project/Scope: Simplicite Platform:compile
checker-qual-3.33.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

codemodel-3.0.2.jar

Description:

The core functionality of the CodeModel java source code generation library

License:

http://www.eclipse.org/org/documents/edl-v10.php
File Path: /var/simplicite/.m2/repository/org/glassfish/jaxb/codemodel/3.0.2/codemodel-3.0.2.jar
MD5: b0847dc199eb2cd4ee6e8d3627eedaa7
SHA1: 0b7caeacad98da5c40de8650317cfa573b0674c7
SHA256:693c03822476403b9fcb6578cf6b07b20c7f9d0d36a2d27cccf0c08dc587ee27
Referenced In Project/Scope: Simplicite Platform:compile
codemodel-3.0.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.glassfish.jaxb/jaxb-xjc@3.0.2

Identifiers

commonmark-0.21.0.jar

Description:

Core of commonmark-java (implementation of CommonMark for parsing markdown and rendering to HTML)

File Path: /var/simplicite/.m2/repository/org/commonmark/commonmark/0.21.0/commonmark-0.21.0.jar
MD5: c0c0bf595a23b868d229b5f5806b0646
SHA1: c98f0473b17c87fe4fa2fc62a7c6523a2fe018f0
SHA256:81084a7035046fe306f0dbf16ef57a68d08ee5c97004ea867e62b5db46e98afb
Referenced In Project/Scope: Simplicite Platform:compile
commonmark-0.21.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

commonmark-ext-autolink-0.21.0.jar

Description:

commonmark-java extension for turning plain URLs and email addresses into links

File Path: /var/simplicite/.m2/repository/org/commonmark/commonmark-ext-autolink/0.21.0/commonmark-ext-autolink-0.21.0.jar
MD5: eafd2cf973eb3d6b88cfbf825f53353b
SHA1: 55c0312cf443fa3d5af0daeeeca00d6deee3cf90
SHA256:3cd57d5d1dbde724e6700c53a590534bb24f3e2695ff3505eba32dc4c7781ba9
Referenced In Project/Scope: Simplicite Platform:compile
commonmark-ext-autolink-0.21.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

commonmark-ext-gfm-strikethrough-0.21.0.jar

Description:

commonmark-java extension for GFM strikethrough using ~~ (GitHub Flavored Markdown)

File Path: /var/simplicite/.m2/repository/org/commonmark/commonmark-ext-gfm-strikethrough/0.21.0/commonmark-ext-gfm-strikethrough-0.21.0.jar
MD5: 0d67b70370ae58992db317e6f59c4b6c
SHA1: 953f4b71e133a98fcca93f3c3f4e58b895b76d1f
SHA256:b5ed6fa18214e588e502385d95e878a8150f122c7a874a75a389682837b906f8
Referenced In Project/Scope: Simplicite Platform:compile
commonmark-ext-gfm-strikethrough-0.21.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

commonmark-ext-gfm-tables-0.21.0.jar

Description:

commonmark-java extension for GFM tables using "|" pipes (GitHub Flavored Markdown)

File Path: /var/simplicite/.m2/repository/org/commonmark/commonmark-ext-gfm-tables/0.21.0/commonmark-ext-gfm-tables-0.21.0.jar
MD5: 94435093a666e5b7c26b3fa497a314c8
SHA1: fb7d65fa89a4cfcd2f51535d2549b570cf1dbd1a
SHA256:fc05fe991f2254ab0c8f6ccb9f0b6ec1c2b6df350389ed3e411ac6f52e7a75e5
Referenced In Project/Scope: Simplicite Platform:compile
commonmark-ext-gfm-tables-0.21.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

commonmark-ext-heading-anchor-0.21.0.jar

Description:

commonmark-java extension for adding unique id attributes to header tags

File Path: /var/simplicite/.m2/repository/org/commonmark/commonmark-ext-heading-anchor/0.21.0/commonmark-ext-heading-anchor-0.21.0.jar
MD5: c50cfa7efc450625f763d7840db083cc
SHA1: 92529c00bb762aa3ab83ba3cd50dceb5e5e9f8e4
SHA256:e4d53590e0eefe2987786b5b5a9145c0a66c64f570eb4955b52b0255ee333e16
Referenced In Project/Scope: Simplicite Platform:compile
commonmark-ext-heading-anchor-0.21.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

commonmark-ext-image-attributes-0.21.0.jar

Description:

commonmark-java extension for adding attributes to images

File Path: /var/simplicite/.m2/repository/org/commonmark/commonmark-ext-image-attributes/0.21.0/commonmark-ext-image-attributes-0.21.0.jar
MD5: b31855c624f339806124fc055f8ddcd0
SHA1: a4ea23623ed6e7546425077f5161af209d302a7f
SHA256:6caf48abe76f66b857577b1c006ec31e2b56f73e321779d233f035fa2cddde1f
Referenced In Project/Scope: Simplicite Platform:compile
commonmark-ext-image-attributes-0.21.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

commonmark-ext-ins-0.21.0.jar

Description:

commonmark-java extension for using ++

File Path: /var/simplicite/.m2/repository/org/commonmark/commonmark-ext-ins/0.21.0/commonmark-ext-ins-0.21.0.jar
MD5: 9e05ae2e9e40e7cf30f3b90f7c437439
SHA1: 5d2126c4af5e25a0ac67aa7cd0892a562c4bfd9e
SHA256:3b544e076d3cf2259f008b168ffe6bdff4fb2871537c56f3b2a1cf3a93c84250
Referenced In Project/Scope: Simplicite Platform:compile
commonmark-ext-ins-0.21.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

commonmark-ext-task-list-items-0.21.0.jar

Description:

commonmark-java extension for task list items

File Path: /var/simplicite/.m2/repository/org/commonmark/commonmark-ext-task-list-items/0.21.0/commonmark-ext-task-list-items-0.21.0.jar
MD5: e03887a06f645da25e87f8f0c953365e
SHA1: 3aafb756507be546e1aa1f6f8ee6c0f1e71ebf4a
SHA256:53a3c76cf56947af1f6882a9a1ce962f3b338ca952d83dd402b7f5711c14bee0
Referenced In Project/Scope: Simplicite Platform:compile
commonmark-ext-task-list-items-0.21.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

commonmark-ext-yaml-front-matter-0.21.0.jar

Description:

commonmark-java extension for YAML front matter

File Path: /var/simplicite/.m2/repository/org/commonmark/commonmark-ext-yaml-front-matter/0.21.0/commonmark-ext-yaml-front-matter-0.21.0.jar
MD5: a59fa78ad0444d1bb245d35b103a3f0a
SHA1: d99588df09445d3e70627dffdb02da4338851ff2
SHA256:0683332fd8ef7aafdf28de2658fa4200e5c9a9e219c331bfde3f501854b8f798
Referenced In Project/Scope: Simplicite Platform:compile
commonmark-ext-yaml-front-matter-0.21.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

commons-beanutils-1.9.4.jar

Description:

Apache Commons BeanUtils provides an easy-to-use but flexible wrapper around reflection and introspection.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/commons-beanutils/commons-beanutils/1.9.4/commons-beanutils-1.9.4.jar
MD5: 07dc532ee316fe1f2f0323e9bd2f8df4
SHA1: d52b9abcd97f38c81342bb7e7ae1eee9b73cba51
SHA256:7d938c81789028045c08c065e94be75fc280527620d5bd62b519d5838532368a
Referenced In Project/Scope: Simplicite Platform:compile
commons-beanutils-1.9.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

commons-cli-1.5.0.jar

Description:

    Apache Commons CLI provides a simple API for presenting, processing and validating a Command Line Interface.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/commons-cli/commons-cli/1.5.0/commons-cli-1.5.0.jar
MD5: 6c3b2052160144196118b1f019504388
SHA1: dc98be5d5390230684a092589d70ea76a147925c
SHA256:bc8bb01fc0fad250385706e20f927ddcff6173f6339b387dc879237752567ac6
Referenced In Project/Scope: Simplicite Platform:compile
commons-cli-1.5.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

commons-codec-1.15.jar

Description:

     The Apache Commons Codec package contains simple encoder and decoders for
     various formats such as Base64 and Hexadecimal.  In addition to these
     widely used encoders and decoders, the codec package also maintains a
     collection of phonetic encoding utilities.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/commons-codec/commons-codec/1.15/commons-codec-1.15.jar
MD5: 303baf002ce6d382198090aedd9d79a2
SHA1: 49d94806b6e3dc933dacbd8acb0fdbab8ebd1e5d
SHA256:b3e9f6d63a790109bf0d056611fbed1cf69055826defeb9894a71369d246ed63
Referenced In Project/Scope: Simplicite Platform:compile
commons-codec-1.15.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

commons-collections-3.2.2.jar

Description:

Types that extend and augment the Java Collections Framework.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/commons-collections/commons-collections/3.2.2/commons-collections-3.2.2.jar
MD5: f54a8510f834a1a57166970bfc982e94
SHA1: 8ad72fe39fa8c91eaaf12aadb21e0c3661fe26d5
SHA256:eeeae917917144a68a741d4c0dff66aa5c5c5fd85593ff217bced3fc8ca783b8
Referenced In Project/Scope: Simplicite Platform:compile
commons-collections-3.2.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

commons-collections4-4.4.jar

Description:

The Apache Commons Collections package contains types that extend and augment the Java Collections Framework.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/commons/commons-collections4/4.4/commons-collections4-4.4.jar
MD5: 4a37023740719b391f10030362c86be6
SHA1: 62ebe7544cb7164d87e0637a2a6a2bdc981395e8
SHA256:1df8b9430b5c8ed143d7815e403e33ef5371b2400aadbe9bda0883762e0846d1
Referenced In Project/Scope: Simplicite Platform:compile
commons-collections4-4.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

commons-compress-1.23.0.jar

Description:

Apache Commons Compress software defines an API for working with
compression and archive formats.  These include: bzip2, gzip, pack200,
lzma, xz, Snappy, traditional Unix Compress, DEFLATE, DEFLATE64, LZ4,
Brotli, Zstandard and ar, cpio, jar, tar, zip, dump, 7z, arj.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/commons/commons-compress/1.23.0/commons-compress-1.23.0.jar
MD5: 96b88349958aeaa15cdf6e5e877bdced
SHA1: 4af2060ea9b0c8b74f1854c6cafe4d43cfc161fc
SHA256:c267f17160e9ef662b4d78b7f29dca7c82b15c5cff2cb6a9865ef4ab3dd5b787
Referenced In Project/Scope: Simplicite Platform:compile
commons-compress-1.23.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

CVE-2023-42503  

Improper Input Validation, Uncontrolled Resource Consumption vulnerability in Apache Commons Compress in TAR parsing.This issue affects Apache Commons Compress: from 1.22 before 1.24.0.

Users are recommended to upgrade to version 1.24.0, which fixes the issue.

A third party can create a malformed TAR file by manipulating file modification times headers, which when parsed with Apache Commons Compress, will cause a denial of service issue via CPU consumption.

In version 1.22 of Apache Commons Compress, support was added for file modification times with higher precision (issue # COMPRESS-612 [1]). The format for the PAX extended headers carrying this data consists of two numbers separated by a period [2], indicating seconds and subsecond precision (for example “1647221103.5998539”). The impacted fields are “atime”, “ctime”, “mtime” and “LIBARCHIVE.creationtime”. No input validation is performed prior to the parsing of header values.

Parsing of these numbers uses the BigDecimal [3] class from the JDK which has a publicly known algorithmic complexity issue when doing operations on large numbers, causing denial of service (see issue # JDK-6560193 [4]). A third party can manipulate file time headers in a TAR file by placing a number with a very long fraction (300,000 digits) or a number with exponent notation (such as “9e9999999”) within a file modification time header, and the parsing of files with these headers will take hours instead of seconds, leading to a denial of service via exhaustion of CPU resources. This issue is similar to CVE-2012-2098 [5].

[1]:  https://issues.apache.org/jira/browse/COMPRESS-612 
[2]:  https://pubs.opengroup.org/onlinepubs/9699919799/utilities/pax.html#tag_20_92_13_05 
[3]:  https://docs.oracle.com/javase/8/docs/api/java/math/BigDecimal.html 
[4]:  https://bugs.openjdk.org/browse/JDK-6560193 
[5]:  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2098 

Only applications using CompressorStreamFactory class (with auto-detection of file types), TarArchiveInputStream and TarFile classes to parse TAR files are impacted. Since this code was introduced in v1.22, only that version and later versions are impacted.
NVD-CWE-noinfo

CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

CVE-2024-25710  

Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.3 through 1.25.0.

Users are recommended to upgrade to version 1.26.0 which fixes the issue.
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

CVE-2024-26308  

Allocation of Resources Without Limits or Throttling vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.21 before 1.26.

Users are recommended to upgrade to version 1.26, which fixes the issue.
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

commons-csv-1.10.0.jar

Description:

The Apache Commons CSV library provides a simple interface for reading and writing CSV files of various types.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/commons/commons-csv/1.10.0/commons-csv-1.10.0.jar
MD5: 9b3be74e726a151524bf31ec293ff285
SHA1: 8669bee353424c3223c93723291b5c3753260c1c
SHA256:2d06e6a07a636baf777ad8e659256f2119109dde23551c9b80c5422d424b808c
Referenced In Project/Scope: Simplicite Platform:compile
commons-csv-1.10.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

commons-digester-2.1.jar

Description:

    The Digester package lets you configure an XML to Java object mapping module
    which triggers certain actions called rules whenever a particular 
    pattern of nested XML elements is recognized.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/commons-digester/commons-digester/2.1/commons-digester-2.1.jar
MD5: 528445033f22da28f5047b6abcd1c7c9
SHA1: 73a8001e7a54a255eef0f03521ec1805dc738ca0
SHA256:e0b2b980a84fc6533c5ce291f1917b32c507f62bcad64198fff44368c2196a3d
Referenced In Project/Scope: Simplicite Platform:compile
commons-digester-2.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/commons-validator/commons-validator@1.7

Identifiers

commons-discovery-0.5.jar

Description:

The Apache Commons Discovery component is about discovering, or finding,
  implementations for pluggable interfaces.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/commons-discovery/commons-discovery/0.5/commons-discovery-0.5.jar
MD5: b35120680c3a22cec7a037fce196cd97
SHA1: 3a8ac816bbe02d2f88523ef22cbf2c4abd71d6a8
SHA256:e5b7d58ae62e5b309d5c0ffa5a5b1d9d1e0f0c4c3cc18d1fe3103fd29f90149d
Referenced In Project/Scope: Simplicite Platform:compile
commons-discovery-0.5.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

CVE-2022-0869  

Multiple Open Redirect in GitHub repository nitely/spirit prior to 0.12.3.
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

CVSSv2:
  • Base Score: MEDIUM (5.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions:

commons-email-1.5.jar

Description:

        Apache Commons Email aims to provide an API for sending email. It is built on top of
        the JavaMail API, which it aims to simplify.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/commons/commons-email/1.5/commons-email-1.5.jar
MD5: e72657496d31f152aa26d4122e0850d9
SHA1: e8e677c6362eba14ff3c476ba63ccb83132dbd52
SHA256:ee8479906abb2c355a46a0a9845cfa1803bcc3c520a34baea4a6cf4e1f0f0cc1
Referenced In Project/Scope: Simplicite Platform:compile
commons-email-1.5.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

commons-exec-1.3.jar

Description:

Apache Commons Exec is a library to reliably execute external processes from within the JVM.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/commons/commons-exec/1.3/commons-exec-1.3.jar
MD5: 8bb8fa2edfd60d5c7ed6bf9923d14aa8
SHA1: 8dfb9facd0830a27b1b5f29f84593f0aeee7773b
SHA256:cb49812dc1bfb0ea4f20f398bcae1a88c6406e213e67f7524fb10d4f8ad9347b
Referenced In Project/Scope: Simplicite Platform:compile
commons-exec-1.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

commons-fileupload-1.5.jar

Description:

    The Apache Commons FileUpload component provides a simple yet flexible means of adding support for multipart
    file upload functionality to servlets and web applications.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/commons-fileupload/commons-fileupload/1.5/commons-fileupload-1.5.jar
MD5: e57ac8a1a6412886a133a2fa08b89735
SHA1: ad4ad2ab2961b4e1891472bd1a33fabefb0385f3
SHA256:51f7b3dcb4e50c7662994da2f47231519ff99707a5c7fb7b05f4c4d3a1728c14
Referenced In Project/Scope: Simplicite Platform:compile
commons-fileupload-1.5.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

commons-imaging-1.0-alpha3.jar

Description:

Apache Commons Imaging (previously Sanselan) is a pure-Java image library.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/commons/commons-imaging/1.0-alpha3/commons-imaging-1.0-alpha3.jar
MD5: c08d610dd64f970d286444654733a38f
SHA1: 6c753938422d5810ab815a24337d062bf4e22614
SHA256:3c5efe8c6654eae6384f0c2e382fafec1f164be527117803d869f8df27b84853
Referenced In Project/Scope: Simplicite Platform:compile
commons-imaging-1.0-alpha3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

commons-io-2.11.0.jar

Description:

The Apache Commons IO library contains utility classes, stream implementations, file filters,
file comparators, endian transformation classes, and much more.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/commons-io/commons-io/2.11.0/commons-io-2.11.0.jar
MD5: 3b4b7ccfaeceeac240b804839ee1a1ca
SHA1: a2503f302b11ebde7ebc3df41daebe0e4eea3689
SHA256:961b2f6d87dbacc5d54abf45ab7a6e2495f89b75598962d8c723cea9bc210908
Referenced In Project/Scope: Simplicite Platform:compile
commons-io-2.11.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

commons-lang-2.6.jar

Description:

        Commons Lang, a package of Java utility classes for the
        classes that are in java.lang's hierarchy, or are considered to be so
        standard as to justify existence in java.lang.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/commons-lang/commons-lang/2.6/commons-lang-2.6.jar
MD5: 4d5c1693079575b362edf41500630bbd
SHA1: 0ce1edb914c94ebc388f086c6827e8bdeec71ac2
SHA256:50f11b09f877c294d56f24463f47d28f929cf5044f648661c0f0cfbae9a2f49c
Referenced In Project/Scope: Simplicite Platform:compile
commons-lang-2.6.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

commons-lang3-3.12.0.jar

Description:

  Apache Commons Lang, a package of Java utility classes for the
  classes that are in java.lang's hierarchy, or are considered to be so
  standard as to justify existence in java.lang.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/commons/commons-lang3/3.12.0/commons-lang3-3.12.0.jar
MD5: 19fe50567358922bdad277959ea69545
SHA1: c6842c86792ff03b9f1d1fe2aab8dc23aa6c6f0e
SHA256:d919d904486c037f8d193412da0c92e22a9fa24230b9d67a57855c5c31c7e94e
Referenced In Project/Scope: Simplicite Platform:compile
commons-lang3-3.12.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

commons-logging-1.2.jar

Description:

Apache Commons Logging is a thin adapter allowing configurable bridging to other,
    well known logging systems.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/commons-logging/commons-logging/1.2/commons-logging-1.2.jar
MD5: 040b4b4d8eac886f6b4a2a3bd2f31b00
SHA1: 4bfc12adfe4842bf07b657f0369c4cb522955686
SHA256:daddea1ea0be0f56978ab3006b8ac92834afeefbd9b7e4e6316fca57df0fa636
Referenced In Project/Scope: Simplicite Platform:compile
commons-logging-1.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

commons-math3-3.6.1.jar

Description:

The Apache Commons Math project is a library of lightweight, self-contained mathematics and statistics components addressing the most common practical problems not immediately available in the Java programming language or commons-lang.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/commons/commons-math3/3.6.1/commons-math3-3.6.1.jar
MD5: 5b730d97e4e6368069de1983937c508e
SHA1: e4ba98f1d4b3c80ec46392f25e094a6a2e58fcbf
SHA256:1e56d7b058d28b65abd256b8458e3885b674c1d588fa43cd7d1cbb9c7ef2b308
Referenced In Project/Scope: Simplicite Platform:compile
commons-math3-3.6.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

commons-net-3.9.0.jar

Description:

Apache Commons Net library contains a collection of network utilities and protocol implementations.
Supported protocols include: Echo, Finger, FTP, NNTP, NTP, POP3(S), SMTP(S), Telnet, Whois

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/commons-net/commons-net/3.9.0/commons-net-3.9.0.jar
MD5: 5254d7c277c30a378518e99b9d1d3522
SHA1: 5a4e26802e0a5a42938f987976b55dae4a6cc636
SHA256:e3c1566f821b84489308cd933f57e8c00dd8714dc96b898bef844386510d3461
Referenced In Project/Scope: Simplicite Platform:compile
commons-net-3.9.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

commons-pool2-2.11.1.jar

Description:

The Apache Commons Object Pooling Library.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/commons/commons-pool2/2.11.1/commons-pool2-2.11.1.jar
MD5: 2210a041929e7c94485d5402458340b9
SHA1: 8970fd110c965f285ed4c6e40be7630c62db6f68
SHA256:ea0505ee7515e58b1ac0e686e4d1a5d9f7d808e251a61bc371aa0595b9963f83
Referenced In Project/Scope: Simplicite Platform:compile
commons-pool2-2.11.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

commons-text-1.10.0.jar

Description:

Apache Commons Text is a library focused on algorithms working on strings.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/commons/commons-text/1.10.0/commons-text-1.10.0.jar
MD5: 4afc9bfa2d31dbf7330c98fcc954b892
SHA1: 3363381aef8cef2dbc1023b3e3a9433b08b64e01
SHA256:770cd903fa7b604d1f7ef7ba17f84108667294b2b478be8ed1af3bffb4ae0018
Referenced In Project/Scope: Simplicite Platform:compile
commons-text-1.10.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

commons-validator-1.7.jar

Description:

    Apache Commons Validator provides the building blocks for both client side validation and server side data validation.
    It may be used standalone or with a framework like Struts.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/commons-validator/commons-validator/1.7/commons-validator-1.7.jar
MD5: 4b6f22de69432bc03254b47310d59651
SHA1: 76069c915de3787f3ddd8726a56f47a95bfcbb0e
SHA256:4d74f4ce4fb68b2617edad086df6defdf9338467d2377d2c62e69038e1c4f02f
Referenced In Project/Scope: Simplicite Platform:compile
commons-validator-1.7.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

commons-vfs2-2.9.0.jar

Description:

Apache Commons VFS is a Virtual File System library.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/commons/commons-vfs2/2.9.0/commons-vfs2-2.9.0.jar
MD5: beba9c4909dd2799ee95c8e0c280dbf2
SHA1: 48115c2fb1c5f0a2498a4365162d6b69adec73f3
SHA256:266f96b77aa18773191f6992fc7910999bf8ee8a244ec67a3398b486eb726a7f
Referenced In Project/Scope: Simplicite Platform:compile
commons-vfs2-2.9.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

conscrypt-openjdk-uber-2.5.1.jar

Description:

Conscrypt: OpenJdk UberJAR

License:

Apache 2: https://www.apache.org/licenses/LICENSE-2.0
File Path: /var/simplicite/.m2/repository/org/conscrypt/conscrypt-openjdk-uber/2.5.1/conscrypt-openjdk-uber-2.5.1.jar
MD5: ee6de6e578762d474b2ca5418e16815b
SHA1: 3658b276ab54bd600f754b3c8cf4b7cd77fc61e6
SHA256:01f9c742cb592a151e2e62bd5397a8980628a967001fcdacd4aa4744678685f3
Referenced In Project/Scope: Simplicite Platform:compile
conscrypt-openjdk-uber-2.5.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.google.cloud/google-cloud-pubsub@1.116.3

Identifiers

conscrypt-openjdk-uber-2.5.1.jar: conscrypt_openjdk_jni-windows-x86.dll

File Path: /var/simplicite/.m2/repository/org/conscrypt/conscrypt-openjdk-uber/2.5.1/conscrypt-openjdk-uber-2.5.1.jar/META-INF/native/conscrypt_openjdk_jni-windows-x86.dll
MD5: 1837b5f2ee4d31f4c34e2c1afa2e5788
SHA1: 7a2afc78dd37293c450301307f1bad4dcf88192f
SHA256:71599c8027fe32c3688ec00945b170300792f6965089d0e321356084bb7ce0aa
Referenced In Project/Scope: Simplicite Platform:compile

Identifiers

  • None

conscrypt-openjdk-uber-2.5.1.jar: conscrypt_openjdk_jni-windows-x86_64.dll

File Path: /var/simplicite/.m2/repository/org/conscrypt/conscrypt-openjdk-uber/2.5.1/conscrypt-openjdk-uber-2.5.1.jar/META-INF/native/conscrypt_openjdk_jni-windows-x86_64.dll
MD5: 26cd5423ca8df336f97ac6f82a1248fe
SHA1: f1b981e0caeac000a74ad069665beae9e831dcf2
SHA256:e9337a1b2050da01d1626deefbbed517e312ab4acb8e1d8a214ee362fbae891a
Referenced In Project/Scope: Simplicite Platform:compile

Identifiers

  • None

core-3.0.1.jar

Description:

Core barcode encoding/decoding library

File Path: /var/simplicite/.m2/repository/com/google/zxing/core/3.0.1/core-3.0.1.jar
MD5: 0a0184c3f92492f721d8631d6f5237de
SHA1: 9ebf6cd580d67601fbf88fd007aab4703b19e4c2
SHA256:38c49045765281e4c170062fa3f48e4e988629bf985cab850c7497be5eaa72a1
Referenced In Project/Scope: Simplicite Platform:compile
core-3.0.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

curvesapi-1.07.jar

Description:

Implementation of various mathematical curves that define themselves over a set of control points. The API is written in Java. The curves supported are: Bezier, B-Spline, Cardinal Spline, Catmull-Rom Spline, Lagrange, Natural Cubic Spline, and NURBS.

License:

BSD License: http://opensource.org/licenses/BSD-3-Clause
File Path: /var/simplicite/.m2/repository/com/github/virtuald/curvesapi/1.07/curvesapi-1.07.jar
MD5: 79e44d3a323887fba21a34202b8eb1f9
SHA1: 863654849995f9d4f0ed2ed1a3870da3a108473c
SHA256:b31539cdcf189d9e68a1f6998cba09ea912f99f5f24bcd0650212b1af9d355a2
Referenced In Project/Scope: Simplicite Platform:compile
curvesapi-1.07.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.poi/poi-ooxml@5.2.3

Identifiers

dd-plist-1.26.jar

Description:

        This library enables Java applications to work with property lists in various formats.
        Supported formats for reading and writing are OS X/iOS binary and XML property lists.
        ASCII property lists are also supported.
        The library also provides access to basic functions of NeXTSTEP/Cocoa classes like
        NSDictionary, NSArray, etc.

License:

MIT License: http://opensource.org/licenses/mit
File Path: /var/simplicite/.m2/repository/com/googlecode/plist/dd-plist/1.26/dd-plist-1.26.jar
MD5: b356133a97e00058c0a58c2cdae3adc7
SHA1: 7238f5f9a0864534e03c2e84d02bac839ff7ad04
SHA256:c9afbab5bd05774073702c8a5fa905eb7048c595dc93712d197b7f6017e0652c
Referenced In Project/Scope: Simplicite Platform:compile
dd-plist-1.26.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.tika/tika-parsers-standard-package@2.7.0

Identifiers

dec-0.1.2.jar

Description:

Brotli is a generic-purpose lossless compression algorithm.

License:

http://www.opensource.org/licenses/mit-license.php
File Path: /var/simplicite/.m2/repository/org/brotli/dec/0.1.2/dec-0.1.2.jar
MD5: 4b1cd14cf29733941cc536b27e6aedfa
SHA1: 0c26a897ae0d524809eef1c786cc6183b4ddcc3b
SHA256:615c0c3efef990d77831104475fba6a1f7971388691d4bad1471ad84101f6d52
Referenced In Project/Scope: Simplicite Platform:compile
dec-0.1.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.tika/tika-parsers-standard-package@2.7.0

Identifiers

derby-10.16.1.1.jar

Description:

Contains the core Apache Derby database engine, which also includes the embedded JDBC driver.

File Path: /var/simplicite/.m2/repository/org/apache/derby/derby/10.16.1.1/derby-10.16.1.1.jar
MD5: d9c38ece80f4ec0756f54b06716a3dd6
SHA1: f9ca2054b3e33ec3f3f19df4a7490352d82de54a
SHA256:ede804cb04e871d7c52d2414e952ab939f9ef243abb7bd0ce7dbeb6e1e28bd0b
Referenced In Project/Scope: Simplicite Platform:runtime
derby-10.16.1.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

CVE-2022-46337  

A cleverly devised username might bypass LDAP authentication checks. In 
LDAP-authenticated Derby installations, this could let an attacker fill 
up the disk by creating junk Derby databases. In LDAP-authenticated 
Derby installations, this could also allow the attacker to execute 
malware which was visible to and executable by the account which booted 
the Derby server. In LDAP-protected databases which weren't also 
protected by SQL GRANT/REVOKE authorization, this vulnerability could 
also let an attacker view and corrupt sensitive data and run sensitive 
database functions and procedures.

Mitigation:

Users should upgrade to Java 21 and Derby 10.17.1.0.

Alternatively, users who wish to remain on older Java versions should 
build their own Derby distribution from one of the release families to 
which the fix was backported: 10.16, 10.15, and 10.14. Those are the 
releases which correspond, respectively, with Java LTS versions 17, 11, 
and 8.
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions:

derbyshared-10.16.1.1.jar

Description:

The code which is shared across all Derby configurations.

File Path: /var/simplicite/.m2/repository/org/apache/derby/derbyshared/10.16.1.1/derbyshared-10.16.1.1.jar
MD5: e423cba3150f195debaf7ff0d307ecf6
SHA1: 77a3ec6b9791c7c29c76148c5d56fc1f3f12d638
SHA256:27d4be683a45f6c15940167277ce39bb7e26b9f6dc0bc05efbcf813cac5d2b8f
Referenced In Project/Scope: Simplicite Platform:runtime
derbyshared-10.16.1.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.derby/derby@10.16.1.1

Identifiers

CVE-2022-46337  

A cleverly devised username might bypass LDAP authentication checks. In 
LDAP-authenticated Derby installations, this could let an attacker fill 
up the disk by creating junk Derby databases. In LDAP-authenticated 
Derby installations, this could also allow the attacker to execute 
malware which was visible to and executable by the account which booted 
the Derby server. In LDAP-protected databases which weren't also 
protected by SQL GRANT/REVOKE authorization, this vulnerability could 
also let an attacker view and corrupt sensitive data and run sensitive 
database functions and procedures.

Mitigation:

Users should upgrade to Java 21 and Derby 10.17.1.0.

Alternatively, users who wish to remain on older Java versions should 
build their own Derby distribution from one of the release families to 
which the fix was backported: 10.16, 10.15, and 10.14. Those are the 
releases which correspond, respectively, with Java LTS versions 17, 11, 
and 8.
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions:

diffutils-1.3.0.jar

Description:

The DiffUtils library for computing diffs, applying patches, generationg side-by-side view in Java.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/googlecode/java-diff-utils/diffutils/1.3.0/diffutils-1.3.0.jar
MD5: 638158a6bca62926aa9986c92ccb15e0
SHA1: 7e060dd5b19431e6d198e91ff670644372f60fbd
SHA256:61ba4dc49adca95243beaa0569adc2a23aedb5292ae78aa01186fa782ebdc5c2
Referenced In Project/Scope: Simplicite Platform:compile
diffutils-1.3.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

docusign-esign-java-3.18.0.jar

Description:

The official DocuSign eSignature JAVA client is based on version 2 of the DocuSign REST API and provides libraries for JAVA application integration. It is recommended that you use this version of the library for new development.

License:

DocuSign Java Client License: https://raw.githubusercontent.com/docusign/docusign-java-client/master/LICENSE
File Path: /var/simplicite/.m2/repository/com/docusign/docusign-esign-java/3.18.0/docusign-esign-java-3.18.0.jar
MD5: c3c384f1190191a3d9a0ce40193f35ff
SHA1: 6043723f03da3f87687862b73672b291ce82a4fb
SHA256:527fc5e55aaf26b29ce352dc365842ef0e1cb14f4390e9e5bddf0a3d8d9e414d
Referenced In Project/Scope: Simplicite Platform:provided
docusign-esign-java-3.18.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

docx4j-ImportXHTML-8.3.2.jar

Description:

		docx4j-ImportXHTML converts XHTML to OpenXML WordML (docx) using docx4j

License:

LGPL v2.1: http://www.gnu.org/licenses/lgpl-2.1.html
File Path: /var/simplicite/.m2/repository/org/docx4j/docx4j-ImportXHTML/8.3.2/docx4j-ImportXHTML-8.3.2.jar
MD5: 2c6531eb94c2969d71b3c3744fc75c69
SHA1: 113efc586391d974898dd09f37b9b76f50fd3638
SHA256:1c6f1601f9426f29aaf234367481f3256dc9e5c87c8b0bfa0e8196f63ba1ade9
Referenced In Project/Scope: Simplicite Platform:compile
docx4j-ImportXHTML-8.3.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

docx4j-JAXB-ReferenceImpl-11.4.5.jar

Description:

config specifying that docx4j should use the JAXB reference impls

License:

Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/docx4j/docx4j-JAXB-ReferenceImpl/11.4.5/docx4j-JAXB-ReferenceImpl-11.4.5.jar
MD5: 8b974156d419b92d10c40fa38581a626
SHA1: 8c9b799fc45fd405320a1396287f3e479b136888
SHA256:05257ec7f81b2aea030730b957b1846cfc1960a34b2ca08e6b3c24b6f81f89a2
Referenced In Project/Scope: Simplicite Platform:compile
docx4j-JAXB-ReferenceImpl-11.4.5.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

docx4j-core-11.4.5.jar

Description:

docx4j is a library which helps you to work with the Office Open
		XML file format as used in docx
		documents, pptx presentations, and xlsx spreadsheets.

License:

Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/docx4j/docx4j-core/11.4.5/docx4j-core-11.4.5.jar
MD5: 161fbd4db24b8117b87da402a9148a7a
SHA1: e200f41cc2ea6c4ee00eae7221875eee57b4bdca
SHA256:b461962741202b91b3c2efc59bdc315f0bbec26c92aa1845d31c1f615a28b397
Referenced In Project/Scope: Simplicite Platform:compile
docx4j-core-11.4.5.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

docx4j-openxml-objects-11.4.5.jar

Description:

Our JAXB representation of OpenXML, except for pml and sml (handled separately)

License:

Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/docx4j/docx4j-openxml-objects/11.4.5/docx4j-openxml-objects-11.4.5.jar
MD5: 6b3eb97c6283d409742ef2a71ea25b9f
SHA1: 55865b71097573ad25073abcaff856d95998438b
SHA256:225a5b92fa238ba02a3aa95e5a1ed9dacd2d0c276c539057c9896feadf0f9c17
Referenced In Project/Scope: Simplicite Platform:compile
docx4j-openxml-objects-11.4.5.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.docx4j/docx4j-core@11.4.5

Identifiers

docx4j-openxml-objects-pml-11.4.5.jar

Description:

Our JAXB representation of OpenXML Presentation Markup Language (pml)

License:

Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/docx4j/docx4j-openxml-objects-pml/11.4.5/docx4j-openxml-objects-pml-11.4.5.jar
MD5: 09bb93a665dcb40be7266554bba38649
SHA1: 28182f81e9bf7451056b2c65677a18833953eba7
SHA256:a8514ccfeb3ed7facaa3a18161d5d8586fca646ace312eaa865f8c8838557695
Referenced In Project/Scope: Simplicite Platform:compile
docx4j-openxml-objects-pml-11.4.5.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.docx4j/docx4j-core@11.4.5

Identifiers

docx4j-openxml-objects-sml-11.4.5.jar

Description:

Our JAXB representation of OpenXML Spreadsheet Markup Language (sml)

License:

Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/docx4j/docx4j-openxml-objects-sml/11.4.5/docx4j-openxml-objects-sml-11.4.5.jar
MD5: 2b94fa75cbb00dc8178e7822b91f1ad0
SHA1: 8b3408067219980d4172f6838ac4cb952579e7d3
SHA256:6413dc125deda7b56c87b8cf0a9fcfafa2df54215cbe447f3b49f4a9607b4d45
Referenced In Project/Scope: Simplicite Platform:compile
docx4j-openxml-objects-sml-11.4.5.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.docx4j/docx4j-core@11.4.5

Identifiers

dtd-parser-1.4.5.jar

Description:

SAX-like API for parsing XML DTDs.

License:

Eclipse Distribution License - v 1.0: http://www.eclipse.org/org/documents/edl-v10.php
File Path: /var/simplicite/.m2/repository/com/sun/xml/dtd-parser/dtd-parser/1.4.5/dtd-parser-1.4.5.jar
MD5: b27b38e842491770c5a1953dc86468d1
SHA1: bd01768721835f13a6da58f6edea5f8c57ee7b3c
SHA256:a4cd6addced42e2f870dcca1716f459da51f06f2fe49430d2d128f147c8e929d
Referenced In Project/Scope: Simplicite Platform:compile
dtd-parser-1.4.5.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.glassfish.jaxb/jaxb-xjc@3.0.2

Identifiers

eddsa-0.3.0.jar

Description:

Implementation of EdDSA in Java

License:

CC0 1.0 Universal: https://creativecommons.org/publicdomain/zero/1.0/
File Path: /var/simplicite/.m2/repository/net/i2p/crypto/eddsa/0.3.0/eddsa-0.3.0.jar
MD5: ee7de3b6f19de76a06e465efc978f669
SHA1: 1901c8d4d8bffb7d79027686cfb91e704217c3e1
SHA256:4dda1120db856640dbec04140ed23242215a075fe127bdefa0dcfa29fb31267d
Referenced In Project/Scope: Simplicite Platform:compile
eddsa-0.3.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.eclipse.jgit/org.eclipse.jgit.ssh.apache@6.5.0.202303070854-r

Identifiers

ehcache-3.10.8.jar (shaded: org.ehcache.modules:ehcache-107:3.10.8)

Description:

The JSR-107 compatibility module of Ehcache 3

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/ehcache/ehcache/3.10.8/ehcache-3.10.8.jar/META-INF/maven/org.ehcache.modules/ehcache-107/pom.xml
MD5: cbb6582f7bae2d80eba99428ba1fa879
SHA1: 93ece0b8696af1b39d5a59f4ac001ff67ade031b
SHA256:881431ccba0094c52fde3d05f6800c5fa488f21ce8e0c253b3080868822362cb
Referenced In Project/Scope: Simplicite Platform:compile

Identifiers

ehcache-3.10.8.jar (shaded: org.ehcache.modules:ehcache-api:3.10.8)

Description:

The API module of Ehcache 3

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/ehcache/ehcache/3.10.8/ehcache-3.10.8.jar/META-INF/maven/org.ehcache.modules/ehcache-api/pom.xml
MD5: 684f68673f7e1877dd8710c9c20b66a8
SHA1: 5cb0644b5714e1cd3b9ed067db5b74c1d2f90405
SHA256:8cb81dbe787af826481c2a79ad85bef6e46cf429a982a765581142a823db54e5
Referenced In Project/Scope: Simplicite Platform:compile

Identifiers

ehcache-3.10.8.jar (shaded: org.ehcache.modules:ehcache-core:3.10.8)

Description:

The Core module of Ehcache 3

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/ehcache/ehcache/3.10.8/ehcache-3.10.8.jar/META-INF/maven/org.ehcache.modules/ehcache-core/pom.xml
MD5: 81e4d90adf09bff8de32a927f13fa7dd
SHA1: 1603c939dbc836b9a67ba29c8e3f5bde24a35345
SHA256:d26e487336af1baa60250c41d3f30d6f62fed549c8f282ecccdbb9a905f00a3f
Referenced In Project/Scope: Simplicite Platform:compile

Identifiers

ehcache-3.10.8.jar (shaded: org.ehcache.modules:ehcache-impl:3.10.8)

Description:

The implementation module of Ehcache 3

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/ehcache/ehcache/3.10.8/ehcache-3.10.8.jar/META-INF/maven/org.ehcache.modules/ehcache-impl/pom.xml
MD5: 68666160c19c3a231099a0d5d61f364f
SHA1: 99176e4618d2a09bbef35ab175273edf50b72f3c
SHA256:9ccbc05db652fe94233c346648fb06d503bfbf27f13aaaec4be87752b14f1d9c
Referenced In Project/Scope: Simplicite Platform:compile

Identifiers

ehcache-3.10.8.jar (shaded: org.ehcache.modules:ehcache-xml-spi:3.10.8)

Description:

This module contains the XML parsing SPI for Ehcache 3. This allows Ehcache extension services to provide XML configuration capabilities.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/ehcache/ehcache/3.10.8/ehcache-3.10.8.jar/META-INF/maven/org.ehcache.modules/ehcache-xml-spi/pom.xml
MD5: d692ac727407f129dc07ce98a6c309b2
SHA1: 35f69aaa6f9b7b413aa6c12c969f0e91ba1ffb1f
SHA256:aecb4a20f1ce69a777649b65343557329e031641481841a233973d857d2ba32d
Referenced In Project/Scope: Simplicite Platform:compile

Identifiers

ehcache-3.10.8.jar (shaded: org.ehcache.modules:ehcache-xml:3.10.8)

Description:

The module containing all XML parsing logic Ehcache 3

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/ehcache/ehcache/3.10.8/ehcache-3.10.8.jar/META-INF/maven/org.ehcache.modules/ehcache-xml/pom.xml
MD5: c0cfdd21ebfc0207a9516d08ab7e2858
SHA1: 0cec45ad454b3eb0d5cd4a5f4fffd71b1e462e31
SHA256:bd6c0ce56beca6eb6b0b6a55fcf3c86a652b8ddc0bb2cf390c8c3f3e660603fe
Referenced In Project/Scope: Simplicite Platform:compile

Identifiers

ehcache-3.10.8.jar (shaded: org.ehcache:sizeof:0.4.3)

Description:

SizeOf engine, extracted from Ehcache

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/ehcache/ehcache/3.10.8/ehcache-3.10.8.jar/META-INF/maven/org.ehcache/sizeof/pom.xml
MD5: c0ad3baef0ef03d4ca849743f1f26b70
SHA1: 8589b7bd18f4b3e12cd222a44bdcbbada5363da8
SHA256:9c03a981dbff96ff6b7d74dffb5e8a9a46bb66e06ba98d18f6b8ff4472bd0709
Referenced In Project/Scope: Simplicite Platform:compile

Identifiers

ehcache-3.10.8.jar (shaded: org.terracotta:offheap-store:2.5.3)

Description:

A library that offers data structures allocated off the java heap.

License:

The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/ehcache/ehcache/3.10.8/ehcache-3.10.8.jar/META-INF/maven/org.terracotta/offheap-store/pom.xml
MD5: f5ad26371f4a3b04c5b8a0a089639d87
SHA1: 1979a0cbe0be10a6d5215bb9cbbb5635b9314924
SHA256:d8ae272530d98560cf81066b0409bcba2648a2528c00bd0147253695bb5f0949
Referenced In Project/Scope: Simplicite Platform:compile

Identifiers

ehcache-3.10.8.jar (shaded: org.terracotta:statistics:2.1.2)

Description:

A statistics framework used inside Ehcache and the Terracotta products

License:

The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/ehcache/ehcache/3.10.8/ehcache-3.10.8.jar/META-INF/maven/org.terracotta/statistics/pom.xml
MD5: 9df3f5a18142de19c1c7f379885a4391
SHA1: 305a0214578ebf1c14e8d78adce1a5af028c8132
SHA256:25c36806fdcd2ab5e4c1c1c5625bc4f966c10a4a93ab3dd321aa82b3f9e43081
Referenced In Project/Scope: Simplicite Platform:compile

Identifiers

ehcache-3.10.8.jar (shaded: org.terracotta:terracotta-utilities-tools:0.0.15)

Description:

Utility classes/methods for common Java tasks

License:

The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/ehcache/ehcache/3.10.8/ehcache-3.10.8.jar/META-INF/maven/org.terracotta/terracotta-utilities-tools/pom.xml
MD5: e4749433aaf243a0fbc14ddad08bbe55
SHA1: 9b7960438f39f7be178e17bba391f38c7b38c860
SHA256:144603b5fb19b5900a9a28a3a5d7a74f4deeddbdc34d1de8a716f79f91854ada
Referenced In Project/Scope: Simplicite Platform:compile

Identifiers

ehcache-3.10.8.jar

Description:

End-user ehcache3 jar artifact

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/ehcache/ehcache/3.10.8/ehcache-3.10.8.jar
MD5: 35f94bd99bae66088df39d8a45e73468
SHA1: f0d50ede46609db78413ca7f4250d348a597b101
SHA256:bed87f71d8cd25a8a4ef65f274cc58301f28929a01417d0bee8d73953dc30bac
Referenced In Project/Scope: Simplicite Platform:compile
ehcache-3.10.8.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

ehcache-3.10.8.jar: sizeof-agent.jar

File Path: /var/simplicite/.m2/repository/org/ehcache/ehcache/3.10.8/ehcache-3.10.8.jar/org/ehcache/sizeof/impl/sizeof-agent.jar
MD5: 532dbbf741bfb7f531938786bc0bb970
SHA1: 4e5d8c485b09104825c0d8ec635f775ab522be06
SHA256:60e093acb08d3bc30235ef15941380195cbb85b1ec8b4afd672249f9c530e356
Referenced In Project/Scope: Simplicite Platform:compile

Identifiers

  • None

error_prone_annotations-2.11.0.jar

License:

Apache 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/google/errorprone/error_prone_annotations/2.11.0/error_prone_annotations-2.11.0.jar
MD5: 656ad66261b7e7ea472ed0ffeea773ea
SHA1: c5a0ace696d3f8b1c1d8cc036d8c03cc0cbe6b69
SHA256:721cb91842b46fa056847d104d5225c8b8e1e8b62263b993051e1e5a0137b7ec
Referenced In Project/Scope: Simplicite Platform:compile
error_prone_annotations-2.11.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.google.protobuf/protobuf-java-util@3.22.3

Identifiers

failureaccess-1.0.1.jar

Description:

    Contains
    com.google.common.util.concurrent.internal.InternalFutureFailureAccess and
    InternalFutures. Most users will never need to use this artifact. Its
    classes is conceptually a part of Guava, but they're in this separate
    artifact so that Android libraries can use them without pulling in all of
    Guava (just as they can use ListenableFuture by depending on the
    listenablefuture artifact).

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.jar
MD5: 091883993ef5bfa91da01dcc8fc52236
SHA1: 1dcf1de382a0bf95a3d8b0849546c88bac1292c9
SHA256:a171ee4c734dd2da837e4b16be9df4661afab72a41adaf31eb84dfdaf936ca26
Referenced In Project/Scope: Simplicite Platform:compile
failureaccess-1.0.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.google.guava/guava@31.1-jre

Identifiers

fast-and-simple-minify-1.0.jar

Description:

fast-and-simple-minify is a combined java-port of the JSMin and CSSMin utility with some additional features

License:

The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/ch/simschla/fast-and-simple-minify/1.0/fast-and-simple-minify-1.0.jar
MD5: 762fd1d990bb4e97a7581d2cd3255fc1
SHA1: ade6ae013ee38869b79eeb0661203451ddc16f46
SHA256:86e94527a0705c1ac20ff2b80e7d673975cc92f988210cc440f5bd1bb44087b5
Referenced In Project/Scope: Simplicite Platform:compile
fast-and-simple-minify-1.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

firebase-admin-8.1.0.jar

Description:

        This is the official Firebase Admin Java SDK. Build extraordinary native JVM apps in
        minutes with Firebase. The Firebase platform can power your app’s backend, user
        authentication, static hosting, and more.

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/google/firebase/firebase-admin/8.1.0/firebase-admin-8.1.0.jar
MD5: a7ae72f3d751b128bb3ef418f43f88bb
SHA1: 59a89fa404b2575d8f85187e07c0675aa55ee7a1
SHA256:9c04c105ff5eb4847956dd01959194785600e1c074f5764ab23855385e7de2ab
Referenced In Project/Scope: Simplicite Platform:compile
firebase-admin-8.1.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

fontbox-2.0.28.jar

Description:

    The Apache FontBox library is an open source Java tool to obtain low level information
    from font files. FontBox is a subproject of Apache PDFBox.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/pdfbox/fontbox/2.0.28/fontbox-2.0.28.jar
MD5: b63595ca4f3f2d2d1fb11af4dbce2da3
SHA1: cae8486c676f4119140a06dbec5f97bbae68c34b
SHA256:a915e4f01ff5b829a95231f6befd92401c319c09669e2d4fa0336441655e7395
Referenced In Project/Scope: Simplicite Platform:compile
fontbox-2.0.28.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

fuzzywuzzy-1.4.0.jar (shaded: me.xdrop:diffutils:1.3)

File Path: /var/simplicite/.m2/repository/me/xdrop/fuzzywuzzy/1.4.0/fuzzywuzzy-1.4.0.jar/META-INF/maven/me.xdrop/diffutils/pom.xml
MD5: 9d75ff06b99ebf130bb19c8e085714b2
SHA1: edcb90cdd072a9291d9580eb01656c925a73cdad
SHA256:8f44a4acb88339f7d9d858d504a8f88d268e4fc6094d0e55f8918227b87709bf
Referenced In Project/Scope: Simplicite Platform:compile

Identifiers

fuzzywuzzy-1.4.0.jar (shaded: me.xdrop:fuzzywuzzy-build:1.4.0)

Description:

Fuzzy string matching algorithm for Java

License:

GPL 2: https://www.gnu.org/licenses/old-licenses/gpl-2.0.html
File Path: /var/simplicite/.m2/repository/me/xdrop/fuzzywuzzy/1.4.0/fuzzywuzzy-1.4.0.jar/META-INF/maven/me.xdrop/fuzzywuzzy-build/pom.xml
MD5: e9fb268512b5315f56dee46872cd2c61
SHA1: c0374bdabe5a0d4c565da24af7f80250eedc865a
SHA256:dda03d552c25e71e5b8983f9c956ead1f7fd3cc2c73c7d195856758baa8a399e
Referenced In Project/Scope: Simplicite Platform:compile

Identifiers

fuzzywuzzy-1.4.0.jar

Description:

Fuzzy string searching implementation of the well-known fuzzywuzzy algorithm in Java

License:

GPL 2: https://www.gnu.org/licenses/old-licenses/gpl-2.0.html
File Path: /var/simplicite/.m2/repository/me/xdrop/fuzzywuzzy/1.4.0/fuzzywuzzy-1.4.0.jar
MD5: d46388ab184ae8849720ac3a46500cec
SHA1: 9ab5d0aa1c87892e7c4c53d74d1e008c1724cf1a
SHA256:23a2dd1f54b910675944f4c8d4845d7eaf1b780dd0ea89763733fd0b43a8258a
Referenced In Project/Scope: Simplicite Platform:compile
fuzzywuzzy-1.4.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

gax-2.15.0.jar

Description:

Google Api eXtensions for Java

License:

BSD: https://github.com/googleapis/gax-java/blob/master/LICENSE
File Path: /var/simplicite/.m2/repository/com/google/api/gax/2.15.0/gax-2.15.0.jar
MD5: d95902048cd9d6636c52fce6a686f4d9
SHA1: 1d18d34c1078fbbfa8d5d811fec4b62907680454
SHA256:f5327f3e7b20658c70cff0f8883214a1e6fa760c8603a921c65435c471cd75dc
Referenced In Project/Scope: Simplicite Platform:compile
gax-2.15.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

gax-grpc-2.13.0.jar

Description:

Google Api eXtensions for Java

License:

BSD: https://github.com/googleapis/gax-java/blob/master/LICENSE
File Path: /var/simplicite/.m2/repository/com/google/api/gax-grpc/2.13.0/gax-grpc-2.13.0.jar
MD5: 734375102eaba670909a390bdbd69ab0
SHA1: 01915297b70aedea567acaf14d83dc09d0ee219c
SHA256:64d0cfd0f201771e03964794bb23c404bfa18ab826a513a46084d2ad44164920
Referenced In Project/Scope: Simplicite Platform:compile
gax-grpc-2.13.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.google.cloud/google-cloud-core-grpc@2.5.11

Identifiers

gax-httpjson-0.98.0.jar

Description:

Google Api eXtensions for Java

License:

BSD: https://github.com/googleapis/gax-java/blob/master/LICENSE
File Path: /var/simplicite/.m2/repository/com/google/api/gax-httpjson/0.98.0/gax-httpjson-0.98.0.jar
MD5: b3e6ac8369b7b5cb45efd46f3274b264
SHA1: da6e7b07fadb96c9e8367f5d552e179f19a4c8ee
SHA256:7d457615da8c9eb25c12ac5b88f7a4deb9efa450a48bcfb9221e0b48a5d66a25
Referenced In Project/Scope: Simplicite Platform:compile
gax-httpjson-0.98.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.google.cloud/google-cloud-storage@2.6.0

Identifiers

google-api-client-1.34.0.jar

Description:

The Google API Client Library for Java provides functionality common to all Google APIs; for example HTTP transport, error handling, authentication, JSON parsing, media download/upload, and batching.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/google/api-client/google-api-client/1.34.0/google-api-client-1.34.0.jar
MD5: 97cece4852c70e99f9bfc328857a07f8
SHA1: af2586412cabeee49c9db6d736e75b745bc467f8
SHA256:40cfc42643746f8ca3c42911e17c4048dc080a2f12a79c927297b50665de7140
Referenced In Project/Scope: Simplicite Platform:compile
google-api-client-1.34.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

google-api-client-gson-1.34.0.jar

Description:

GSON extensions to the Google APIs Client Library for Java

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/google/api-client/google-api-client-gson/1.34.0/google-api-client-gson-1.34.0.jar
MD5: 042340dc1ead04fab95d97c3c860ec70
SHA1: 7695fdff82a3789440eede8d08abf5b05757ea23
SHA256:f6e24bfc740257d881b0d51d39ea0d37507d0d137d46c1262cafc7f828b1acec
Referenced In Project/Scope: Simplicite Platform:compile
google-api-client-gson-1.34.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

google-api-services-calendar-v3-rev20220401-1.32.1.jar

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/google/apis/google-api-services-calendar/v3-rev20220401-1.32.1/google-api-services-calendar-v3-rev20220401-1.32.1.jar
MD5: 909e665933f86895283a9bbb620f3e8c
SHA1: 244f4c0b61bac10d219a74b1486d548c5cb82d00
SHA256:9d849ca8d9676bab638e334ded8f78dd6913899983f9594bb1c7c8d5d8f935ac
Referenced In Project/Scope: Simplicite Platform:compile
google-api-services-calendar-v3-rev20220401-1.32.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

google-api-services-drive-v3-rev20220214-1.32.1.jar

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/google/apis/google-api-services-drive/v3-rev20220214-1.32.1/google-api-services-drive-v3-rev20220214-1.32.1.jar
MD5: 4746592e2ef038cc189aa4495e7578e7
SHA1: d75dce3c12fcb57b827b4bd498b82f341bee9678
SHA256:abe79a0b774039effc86853a713a9d08e5a4aa1e5509da4ff83421318b93fa22
Referenced In Project/Scope: Simplicite Platform:compile
google-api-services-drive-v3-rev20220214-1.32.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

google-api-services-gmail-v1-rev20220404-1.32.1.jar

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/google/apis/google-api-services-gmail/v1-rev20220404-1.32.1/google-api-services-gmail-v1-rev20220404-1.32.1.jar
MD5: bd7510a07ad51edde75524527db3ddd6
SHA1: 72590768b2919e970f303c6c7c5a92cb0df1beb7
SHA256:206acb87dfe2d7a3a50cf8578189aea08f931178d56790719afe1a08962d9f49
Referenced In Project/Scope: Simplicite Platform:compile
google-api-services-gmail-v1-rev20220404-1.32.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

google-api-services-plus-v1-rev20190328-1.30.10.jar

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/google/apis/google-api-services-plus/v1-rev20190328-1.30.10/google-api-services-plus-v1-rev20190328-1.30.10.jar
MD5: 27f1e9ce42ebc0956aeac57c24de46b3
SHA1: 5134f9422badf1c956d5c922aad72c6eebeea6a3
SHA256:8df825f167faac9115d3d6efa92f3a901b7901c4564d5a7e4f2ea1c0de1ddf2e
Referenced In Project/Scope: Simplicite Platform:compile
google-api-services-plus-v1-rev20190328-1.30.10.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

google-api-services-sheets-v4-rev20220322-1.32.1.jar

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/google/apis/google-api-services-sheets/v4-rev20220322-1.32.1/google-api-services-sheets-v4-rev20220322-1.32.1.jar
MD5: 6f5268c6a17fbe7eeb4d96ef1839c0d0
SHA1: d7792b47af586f7592f12779aceec023e622ebc6
SHA256:265943438a0a054aca2e33b9d5fa40982c488e93598562cb8200601876309ddd
Referenced In Project/Scope: Simplicite Platform:compile
google-api-services-sheets-v4-rev20220322-1.32.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

google-api-services-storage-v1-rev20220401-1.32.1.jar

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/google/apis/google-api-services-storage/v1-rev20220401-1.32.1/google-api-services-storage-v1-rev20220401-1.32.1.jar
MD5: 2b5a333c86aeb8743296fd475f71fac1
SHA1: 46090b46cb68583e6ded641ac040bd225a77d91d
SHA256:77c95d246331b386f932c5d6cf4de2fa4397fd7b2cc284fa490deed35d1e4ecc
Referenced In Project/Scope: Simplicite Platform:compile
google-api-services-storage-v1-rev20220401-1.32.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

google-api-services-translate-v2-rev20170525-1.30.1.jar

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/google/apis/google-api-services-translate/v2-rev20170525-1.30.1/google-api-services-translate-v2-rev20170525-1.30.1.jar
MD5: 49b810431970d3585119ebae4d372955
SHA1: d190fa670e88901a2e5247ea394f7ae2cc394c15
SHA256:ae3b32be4e5a9450a36f8fed26ea5f26bc624ec15fb4a0f1160c6c8cf0e35559
Referenced In Project/Scope: Simplicite Platform:compile
google-api-services-translate-v2-rev20170525-1.30.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

google-api-services-youtube-v3-rev20220409-1.32.1.jar

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/google/apis/google-api-services-youtube/v3-rev20220409-1.32.1/google-api-services-youtube-v3-rev20220409-1.32.1.jar
MD5: 4197d21a1f91f5c541058000a6e0eece
SHA1: cdac512c0f6b566dfbf1a40083459f97d4d65add
SHA256:1128fc16b7ef1162b54d8024a361d70ee638616538a7842c43a3bd0b4348dff8
Referenced In Project/Scope: Simplicite Platform:compile
google-api-services-youtube-v3-rev20220409-1.32.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

google-auth-library-credentials-1.6.0.jar

File Path: /var/simplicite/.m2/repository/com/google/auth/google-auth-library-credentials/1.6.0/google-auth-library-credentials-1.6.0.jar
MD5: abb88d44906035ae9872f13498de2f7f
SHA1: 1d550774693a2cfd4ccd76ebbb543f6d260112a5
SHA256:153fa3cdc153ac3ee25649e8037aeda4438256153d35acf3c27e83e4ee6165a4
Referenced In Project/Scope: Simplicite Platform:compile
google-auth-library-credentials-1.6.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.google.cloud/google-cloud-storage@2.6.0

Identifiers

google-auth-library-oauth2-http-1.6.0.jar

File Path: /var/simplicite/.m2/repository/com/google/auth/google-auth-library-oauth2-http/1.6.0/google-auth-library-oauth2-http-1.6.0.jar
MD5: 71f2ad57719226b15aa1ec7dd41adac0
SHA1: 3c89549f06eff1cbb0f104d934e18e9e9f6bf03c
SHA256:2220f02fcfc480e3798bab43b2618d158319f9fcb357c9eb04b4a68117699808
Referenced In Project/Scope: Simplicite Platform:compile
google-auth-library-oauth2-http-1.6.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.google.cloud/google-cloud-storage@2.6.0

Identifiers

google-cloud-core-2.5.11.jar

Description:

    Core module for the google-cloud.

File Path: /var/simplicite/.m2/repository/com/google/cloud/google-cloud-core/2.5.11/google-cloud-core-2.5.11.jar
MD5: ef53d5ab76a9c251f40a94176ab2dc01
SHA1: fcc270ef721413b74f02121eb2d02014d86589ea
SHA256:84adb59d6845f759cd4ba56526ac1bb206499db42bc71516d394022a20760227
Referenced In Project/Scope: Simplicite Platform:compile
google-cloud-core-2.5.11.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

google-cloud-core-grpc-2.5.11.jar

Description:

    Core gRPC module for the google-cloud.

File Path: /var/simplicite/.m2/repository/com/google/cloud/google-cloud-core-grpc/2.5.11/google-cloud-core-grpc-2.5.11.jar
MD5: 553fa504b92e8c0dc482e72c5b60bceb
SHA1: 5928af7dd3741a9a9ee18ad365da6e760a42d718
SHA256:cf0855c9869d315470822b7ece41a4f88aa16c6d286877eeb1ca5032969ea69f
Referenced In Project/Scope: Simplicite Platform:compile
google-cloud-core-grpc-2.5.11.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

google-cloud-core-http-2.5.11.jar

Description:

    Core http module for the google-cloud.

File Path: /var/simplicite/.m2/repository/com/google/cloud/google-cloud-core-http/2.5.11/google-cloud-core-http-2.5.11.jar
MD5: 0c7096abd415111053a1c7681d33e8a8
SHA1: 28573e313516c3c849eb3451a58382bf24c6f536
SHA256:67d67273abee2b22ae65ccf275a586b4f81cf72bbe59f126b9f2a7216161418e
Referenced In Project/Scope: Simplicite Platform:compile
google-cloud-core-http-2.5.11.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

google-cloud-firestore-2.6.1.jar

Description:

Java idiomatic client for Google Cloud Firestore.

License:

Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/google/cloud/google-cloud-firestore/2.6.1/google-cloud-firestore-2.6.1.jar
MD5: 089a4baeb81874c4461546f51f17fc9f
SHA1: fea3ad6874eb21a0cec7e7b27d5608fbcbce2f03
SHA256:bdc1d50e2f40c1fc9ded4af406e2813e4fa0e8b17d42335dd0e52c45b205b937
Referenced In Project/Scope: Simplicite Platform:compile
google-cloud-firestore-2.6.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.google.firebase/firebase-admin@8.1.0

Identifiers

google-cloud-pubsub-1.116.3.jar

Description:

Java idiomatic client for Google Cloud Pub/Sub

License:

Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/google/cloud/google-cloud-pubsub/1.116.3/google-cloud-pubsub-1.116.3.jar
MD5: f5b01b9ad0fb43c61bd2aff6e227a057
SHA1: 83a215450446c12695d05b19c3f34b6501fd3cea
SHA256:7f5eb57a387f3c8a2d29e02766551a707193170e0e0b08fd2883c2ea4d2a86f9
Referenced In Project/Scope: Simplicite Platform:compile
google-cloud-pubsub-1.116.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

google-cloud-storage-2.5.0.jar

Description:

jclouds components to access Google Cloud Storage

File Path: /var/simplicite/.m2/repository/org/apache/jclouds/provider/google-cloud-storage/2.5.0/google-cloud-storage-2.5.0.jar
MD5: 03f653712bb4467c86a7b260569c05a7
SHA1: 238426244adf2d93fc8e10630081d0495982c20e
SHA256:3bd85e2941ba93c3ac0cf0a72cf6589aa1b7dc422404a8f8cd57a0e8931d51ec
Referenced In Project/Scope: Simplicite Platform:compile
google-cloud-storage-2.5.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

google-cloud-storage-2.6.0.jar

Description:

Java idiomatic client for Google Cloud Storage.

License:

Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/google/cloud/google-cloud-storage/2.6.0/google-cloud-storage-2.6.0.jar
MD5: 3e7307600fe5dd2b3318c150380ddc63
SHA1: 904bbef7eb6d5838656d14df16cd98556767190e
SHA256:4bea9595223e471f3b14b7e3c3311d047002f91da64252cb54121b870cea4721
Referenced In Project/Scope: Simplicite Platform:compile
google-cloud-storage-2.6.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

google-http-client-1.41.7.jar

Description:

    Google HTTP Client Library for Java. Functionality that works on all supported Java platforms,
    including Java 7 (or higher) desktop (SE) and web (EE), Android, and Google App Engine.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/google/http-client/google-http-client/1.41.7/google-http-client-1.41.7.jar
MD5: f1565870d16fa93572973b94dd14e10a
SHA1: 5dc1bd22256ef86fb3e0a6012248f5afefbd4c70
SHA256:d5dca91ea46de8214d8390eba6210cadecf794a421328c28f9b16a24b35dff85
Referenced In Project/Scope: Simplicite Platform:compile
google-http-client-1.41.7.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

google-http-client-apache-v2-1.41.7.jar

Description:

Google HTTP Client Library for Java

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/google/http-client/google-http-client-apache-v2/1.41.7/google-http-client-apache-v2-1.41.7.jar
MD5: 4fe68cc57103d67605fa20c0991ba4c6
SHA1: 04ec0f67dd7576f6f049ae36dc58e48b9dfba8e3
SHA256:0b5b547429f6d1b958896dd74358bc46578ec70e590b8eaa667c24b6794ef0dc
Referenced In Project/Scope: Simplicite Platform:compile
google-http-client-apache-v2-1.41.7.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

google-http-client-appengine-1.41.7.jar

File Path: /var/simplicite/.m2/repository/com/google/http-client/google-http-client-appengine/1.41.7/google-http-client-appengine-1.41.7.jar
MD5: b2033529bf22d76d0fc17fe08eee8b90
SHA1: 35ed01ddfbafdc71ec4f87afd099615ac8b0d133
SHA256:5bfdffab461844efa3cb53eb23cc93f1ef201a687d676d0c909c76442edc31b4
Referenced In Project/Scope: Simplicite Platform:compile
google-http-client-appengine-1.41.7.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

google-http-client-gson-1.41.7.jar

File Path: /var/simplicite/.m2/repository/com/google/http-client/google-http-client-gson/1.41.7/google-http-client-gson-1.41.7.jar
MD5: b9d3db357f7cc6b40aa48d7511a0dcd9
SHA1: b9f1a51801a7b3428341fbe2bd7daee9fb8397de
SHA256:52aef2ed4b4b722028f88ab050da1daf2df1ba0c88b8ee8c8bbcdc9a6eb7d44f
Referenced In Project/Scope: Simplicite Platform:compile
google-http-client-gson-1.41.7.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

google-http-client-jackson-1.29.2.jar

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/google/http-client/google-http-client-jackson/1.29.2/google-http-client-jackson-1.29.2.jar
MD5: 72ad680f4cd70758086ec12492544fcd
SHA1: 98ba3a73bbfcabbaa1105fc013305d319f6ebf32
SHA256:54478a70cc90eb7fd7e6ab89a447a41fb1f4f98201bf4d5418d4647751538552
Referenced In Project/Scope: Simplicite Platform:compile
google-http-client-jackson-1.29.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

CVE-2020-13956  

Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.
NVD-CWE-noinfo

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (5.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References:

Vulnerable Software & Versions: (show all)

google-http-client-jackson2-1.41.7.jar

File Path: /var/simplicite/.m2/repository/com/google/http-client/google-http-client-jackson2/1.41.7/google-http-client-jackson2-1.41.7.jar
MD5: 515d50b3039f39f8860e092ca6c7b77c
SHA1: d53e4635bdf4bca37315c6883c1c4fbb09952345
SHA256:a2bcc81d6403a093bca7c09f7fb8bc9f684b892c9a167576a0febe0039ff74bb
Referenced In Project/Scope: Simplicite Platform:compile
google-http-client-jackson2-1.41.7.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

google-java-format-1.16.0.jar

Description:

    A Java source code formatter that follows Google Java Style.

File Path: /var/simplicite/.m2/repository/com/google/googlejavaformat/google-java-format/1.16.0/google-java-format-1.16.0.jar
MD5: 505664004942c7f223f4567d8448d210
SHA1: ac8e55ff8dce2cd11bdd08bf95cf9a2cb4af5296
SHA256:0cff5d0230ba20d538f3f70b2aa68bd33f9fdc69768cde07337c563c23eb7c43
Referenced In Project/Scope: Simplicite Platform:compile
google-java-format-1.16.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

google-oauth-client-1.33.2.jar

Description:

    Google OAuth Client Library for Java. Functionality that works on all supported Java platforms,
    including Java 7 (or higher) desktop (SE) and web (EE), Android, and Google App Engine.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/google/oauth-client/google-oauth-client/1.33.2/google-oauth-client-1.33.2.jar
MD5: b9105d8c558c291400501e78198313f1
SHA1: 2810fb515fe110295dc6867fc9f70c401b66daf3
SHA256:77909da172c0eec5ee3f3b76080fed9d6ee5b5299ccc8158bc1e5b05f5a87206
Referenced In Project/Scope: Simplicite Platform:compile
google-oauth-client-1.33.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

CVE-2021-22573  

The vulnerability is that IDToken verifier does not verify if token is properly signed. Signature verification makes sure that the token's payload comes from valid provider, not from someone else. An attacker can provide a compromised token with custom payload. The token will pass the validation on the client side. We recommend upgrading to version 1.33.3 or above
CWE-347 Improper Verification of Cryptographic Signature

CVSSv2:
  • Base Score: LOW (3.5)
  • Vector: /AV:N/AC:M/Au:S/C:N/I:P/A:N
CVSSv3:
  • Base Score: HIGH (7.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

References:

Vulnerable Software & Versions:

googlecloud-2.5.0.jar

Description:

jclouds components common to Google Cloud products

File Path: /var/simplicite/.m2/repository/org/apache/jclouds/common/googlecloud/2.5.0/googlecloud-2.5.0.jar
MD5: c03a5f456b2ad70c5f38f91e78f76b5d
SHA1: 3204bf6ddff8af8b88fcd15e73ae900649a54a41
SHA256:d7763a59548304658bca0e73b73e95e546643002ab040e62bbde351329657872
Referenced In Project/Scope: Simplicite Platform:compile
googlecloud-2.5.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.jclouds.provider/google-cloud-storage@2.5.0

Identifiers

graphics2d-0.32.jar

Description:

Graphics2D Bridge for Apache PDFBox

File Path: /var/simplicite/.m2/repository/de/rototor/pdfbox/graphics2d/0.32/graphics2d-0.32.jar
MD5: 164b89cef806e962457f2dda37915993
SHA1: d8892871a9a1446e94f25eb625a7eec3bfa31b15
SHA256:37f8f387395f96c214ac44f7475c7a2e1f832dfc1de289a3610e0ffbf728f679
Referenced In Project/Scope: Simplicite Platform:compile
graphics2d-0.32.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.openhtmltopdf/openhtmltopdf-pdfbox@1.0.10

Identifiers

graphql-java-20.2.jar (shaded: com.google.guava:guava:31.0.1-jre)

Description:

    Guava is a suite of core and expanded libraries that include
    utility classes, Google's collections, I/O classes, and
    much more.

File Path: /var/simplicite/.m2/repository/com/graphql-java/graphql-java/20.2/graphql-java-20.2.jar/META-INF/maven/com.google.guava/guava/pom.xml
MD5: 7b626959454a65ef1f2d7c63c866aa22
SHA1: d0ec1628dcc04e4835721416103672384ea3136f
SHA256:2be566920c21c60c5ccaf2827867caff766646e2113b7fcc3ee9c24a40b2f396
Referenced In Project/Scope: Simplicite Platform:compile

Identifiers

CVE-2023-2976  

Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class.

Even though the security vulnerability is fixed in version 32.0.0, we recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.
CWE-552 Files or Directories Accessible to External Parties

CVSSv3:
  • Base Score: HIGH (7.1)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

References:

Vulnerable Software & Versions:

CVE-2020-8908  

A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in question has been marked @Deprecated in versions 30.0 and later and should not be used. For Android developers, we recommend choosing a temporary directory API provided by Android, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime's java.io.tmpdir system property to point to a location whose permissions are appropriately configured.
CWE-732 Incorrect Permission Assignment for Critical Resource

CVSSv2:
  • Base Score: LOW (2.1)
  • Vector: /AV:L/AC:L/Au:N/C:P/I:N/A:N
CVSSv3:
  • Base Score: LOW (3.3)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

graphql-java-20.2.jar (shaded: org.antlr:antlr4-runtime:4.9.3)

Description:

The ANTLR 4 Runtime

File Path: /var/simplicite/.m2/repository/com/graphql-java/graphql-java/20.2/graphql-java-20.2.jar/META-INF/maven/org.antlr/antlr4-runtime/pom.xml
MD5: 60e00b56e1ccc29d9ff97820575191fa
SHA1: 7ed961275fcdee7e2b69a66bf1ae6c4f9f5a1ab8
SHA256:4f7e44e4ea0629fa3a759b1116feb9fb28814e95f791e1eeedd20c12889d7aa4
Referenced In Project/Scope: Simplicite Platform:compile

Identifiers

graphql-java-20.2.jar

Description:

GraphqL Java

License:

MIT: https://github.com/graphql-java/graphql-java/blob/master/LICENSE.md
File Path: /var/simplicite/.m2/repository/com/graphql-java/graphql-java/20.2/graphql-java-20.2.jar
MD5: 4aa9caaa0a0f5204eb913eb0f2e60d5c
SHA1: e1c82dba7f2e1c08d3b7759ba3a30aafab046b00
SHA256:98c63c1bf51876f84a3770573279be4f98bbfc2c86d6b4819c327fa1cbd2b137
Referenced In Project/Scope: Simplicite Platform:compile
graphql-java-20.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

grpc-core-1.45.0.jar

Description:

gRPC: Core

License:

Apache 2.0: https://opensource.org/licenses/Apache-2.0
File Path: /var/simplicite/.m2/repository/io/grpc/grpc-core/1.45.0/grpc-core-1.45.0.jar
MD5: d0f155af1a1a2a1ac5d18157272cbebd
SHA1: 2a731bd622605bc9cca31aa493a29d7d322daa02
SHA256:1cef554c91dc00ca90824dbdd9242836c043da0a7c8cb3d8db8eb35ed460cfa1
Referenced In Project/Scope: Simplicite Platform:compile
grpc-core-1.45.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.google.cloud/google-cloud-core-grpc@2.5.11

Identifiers

CVE-2023-33953  

gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/ Three vectors were found that allow the following DOS attacks:

- Unbounded memory buffering in the HPACK parser
- Unbounded CPU consumption in the HPACK parser

The unbounded CPU consumption is down to a copy that occurred per-input-block in the parser, and because that could be unbounded due to the memory copy bug we end up with an O(n^2) parsing loop, with n selected by the client.

The unbounded memory buffering bugs:

- The header size limit check was behind the string reading code, so we needed to first buffer up to a 4 gigabyte string before rejecting it as longer than 8 or 16kb.
- HPACK varints have an encoding quirk whereby an infinite number of 0’s can be added at the start of an integer. gRPC’s hpack parser needed to read all of them before concluding a parse.
- gRPC’s metadata overflow check was performed per frame, so that the following sequence of frames could cause infinite buffering: HEADERS: containing a: 1 CONTINUATION: containing a: 2 CONTINUATION: containing a: 3 etc…
CWE-834 Excessive Iteration, CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2023-44487  

CISA Known Exploited Vulnerability:
  • Product: IETF HTTP/2
  • Name: HTTP/2 Rapid Reset Attack Vulnerability
  • Date Added: 2023-10-10
  • Description: HTTP/2 contains a rapid reset vulnerability that allows for a distributed denial-of-service attack (DDoS).
  • Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Due Date: 2023-10-31
  • Notes: https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
CWE-400 Uncontrolled Resource Consumption

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2023-4785  

Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms (ex. Linux) allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are affected, but gRPC Java, and Go are NOT affected. 
NVD-CWE-noinfo

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2023-32732  

gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for `-bin` suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recommend upgrading beyond the commit in  https://github.com/grpc/grpc/pull/32309 https://www.google.com/url
NVD-CWE-Other

CVSSv3:
  • Base Score: MEDIUM (5.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

References:

Vulnerable Software & Versions:

grpc-netty-shaded-1.45.0.jar: io_grpc_netty_shaded_netty_tcnative_windows_x86_64.dll

File Path: /var/simplicite/.m2/repository/io/grpc/grpc-netty-shaded/1.45.0/grpc-netty-shaded-1.45.0.jar/META-INF/native/io_grpc_netty_shaded_netty_tcnative_windows_x86_64.dll
MD5: cf415e2c5db7f0ac32eba388b82d979f
SHA1: c9084fe2903344f372bc38f630ec8f6b6cdd9c3f
SHA256:55ee25d20cd77516f3ae02b262132cc8ab09cbe8b8986a9a32c650d9891cb794
Referenced In Project/Scope: Simplicite Platform:compile

Identifiers

  • None

grpc-protobuf-1.45.0.jar

Description:

gRPC: Protobuf

License:

Apache 2.0: https://opensource.org/licenses/Apache-2.0
File Path: /var/simplicite/.m2/repository/io/grpc/grpc-protobuf/1.45.0/grpc-protobuf-1.45.0.jar
MD5: a0197dc2f2b294eac3c7c9be1620b232
SHA1: f41a3849091a95af98d009294cd8572b3d152a43
SHA256:6a8598808439045f3801d4a7df045dbcb7ca672e6131f866765d9f6b373889e1
Referenced In Project/Scope: Simplicite Platform:compile
grpc-protobuf-1.45.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.google.cloud/google-cloud-pubsub@1.116.3

Identifiers

CVE-2023-33953  

gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/ Three vectors were found that allow the following DOS attacks:

- Unbounded memory buffering in the HPACK parser
- Unbounded CPU consumption in the HPACK parser

The unbounded CPU consumption is down to a copy that occurred per-input-block in the parser, and because that could be unbounded due to the memory copy bug we end up with an O(n^2) parsing loop, with n selected by the client.

The unbounded memory buffering bugs:

- The header size limit check was behind the string reading code, so we needed to first buffer up to a 4 gigabyte string before rejecting it as longer than 8 or 16kb.
- HPACK varints have an encoding quirk whereby an infinite number of 0’s can be added at the start of an integer. gRPC’s hpack parser needed to read all of them before concluding a parse.
- gRPC’s metadata overflow check was performed per frame, so that the following sequence of frames could cause infinite buffering: HEADERS: containing a: 1 CONTINUATION: containing a: 2 CONTINUATION: containing a: 3 etc…
CWE-834 Excessive Iteration, CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2023-44487  

CISA Known Exploited Vulnerability:
  • Product: IETF HTTP/2
  • Name: HTTP/2 Rapid Reset Attack Vulnerability
  • Date Added: 2023-10-10
  • Description: HTTP/2 contains a rapid reset vulnerability that allows for a distributed denial-of-service attack (DDoS).
  • Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Due Date: 2023-10-31
  • Notes: https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
CWE-400 Uncontrolled Resource Consumption

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2023-4785  

Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms (ex. Linux) allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are affected, but gRPC Java, and Go are NOT affected. 
NVD-CWE-noinfo

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2023-32732  

gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for `-bin` suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recommend upgrading beyond the commit in  https://github.com/grpc/grpc/pull/32309 https://www.google.com/url
NVD-CWE-Other

CVSSv3:
  • Base Score: MEDIUM (5.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

References:

Vulnerable Software & Versions:

gson-2.8.9.jar

Description:

Gson JSON library

License:

Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/google/code/gson/gson/2.8.9/gson-2.8.9.jar
MD5: e67627f67e03301092dc7de0a2d7cef8
SHA1: 8a432c1d6825781e21a02db2e2c33c5fde2833b9
SHA256:d3999291855de495c94c743761b8ab5176cfeabe281a5ab0d8e8d45326fd703e
Referenced In Project/Scope: Simplicite Platform:compile
gson-2.8.9.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

guava-31.1-jre.jar

Description:

    Guava is a suite of core and expanded libraries that include
    utility classes, Google's collections, I/O classes, and
    much more.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/google/guava/guava/31.1-jre/guava-31.1-jre.jar
MD5: e37782d974104aa3b0a7bee9927c8042
SHA1: 60458f877d055d0c9114d9e1a2efb737b4bc282c
SHA256:a42edc9cab792e39fe39bb94f3fca655ed157ff87a8af78e1d6ba5b07c4a00ab
Referenced In Project/Scope: Simplicite Platform:compile
guava-31.1-jre.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

CVE-2023-2976  

Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class.

Even though the security vulnerability is fixed in version 32.0.0, we recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.
CWE-552 Files or Directories Accessible to External Parties

CVSSv3:
  • Base Score: HIGH (7.1)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

References:

Vulnerable Software & Versions:

CVE-2020-8908  

A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in question has been marked @Deprecated in versions 30.0 and later and should not be used. For Android developers, we recommend choosing a temporary directory API provided by Android, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime's java.io.tmpdir system property to point to a location whose permissions are appropriately configured.
CWE-732 Incorrect Permission Assignment for Critical Resource

CVSSv2:
  • Base Score: LOW (2.1)
  • Vector: /AV:L/AC:L/Au:N/C:P/I:N/A:N
CVSSv3:
  • Base Score: LOW (3.3)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

guice-5.0.1.jar

Description:

Guice is a lightweight dependency injection framework for Java 6 and above

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/google/inject/guice/5.0.1/guice-5.0.1.jar
MD5: 60f6ba2a7fc44fcfe9119bc76314e7d6
SHA1: 0dae7556b441cada2b4f0a2314eb68e1ff423429
SHA256:3bae18be3e0f0940375d1ebdd2f3b84d87ae16026ae663b2f5d4667fe5b04036
Referenced In Project/Scope: Simplicite Platform:compile
guice-5.0.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.jclouds/jclouds-core@2.5.0

Identifiers

guice-assistedinject-5.0.1.jar

Description:

Guice is a lightweight dependency injection framework for Java 6 and above

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/google/inject/extensions/guice-assistedinject/5.0.1/guice-assistedinject-5.0.1.jar
MD5: 7a1c06b3b07048d2bb5ded4863cfcd71
SHA1: 62e02f2aceb7d90ba354584dacc018c1e94ff01c
SHA256:aa2c6504d7e89debad51f5001113a972eceebdbb4637e72c0e26284be5574966
Referenced In Project/Scope: Simplicite Platform:compile
guice-assistedinject-5.0.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.jclouds/jclouds-core@2.5.0

Identifiers

h2-2.1.214.jar

Description:

H2 Database Engine

License:

MPL 2.0: https://www.mozilla.org/en-US/MPL/2.0/
EPL 1.0: https://opensource.org/licenses/eclipse-1.0.php
File Path: /var/simplicite/.m2/repository/com/h2database/h2/2.1.214/h2-2.1.214.jar
MD5: 93628fb706e682dd989f697394039025
SHA1: d5c2005c9e3279201e12d4776c948578b16bf8b2
SHA256:d623cdc0f61d218cf549a8d09f1c391ff91096116b22e2475475fce4fbe72bd0
Referenced In Project/Scope: Simplicite Platform:runtime
h2-2.1.214.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

CVE-2022-45868  

The web-based admin console in H2 Database Engine before 2.2.220 can be started via the CLI with the argument -webAdminPassword, which allows the user to specify the password in cleartext for the web admin console. Consequently, a local user (or an attacker that has obtained local access through some means) would be able to discover the password by listing processes and their arguments. NOTE: the vendor states "This is not a vulnerability of H2 Console ... Passwords should never be passed on the command line and every qualified DBA or system administrator is expected to know that." Nonetheless, the issue was fixed in 2.2.220.
CWE-312 Cleartext Storage of Sensitive Information

CVSSv3:
  • Base Score: HIGH (7.8)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions:

CVE-2018-14335 (OSSINDEX)  

h2database - Improper Link Resolution Before File Access

The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
CWE-59 Improper Link Resolution Before File Access ('Link Following')

CVSSv2:
  • Base Score: MEDIUM (6.0)
  • Vector: /AV:L/AC:L/Au:/C:H/I:N/A:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:com.h2database:h2:2.1.214:*:*:*:*:*:*:*

h2-2.1.214.jar: data.zip: table.js

File Path: /var/simplicite/.m2/repository/com/h2database/h2/2.1.214/h2-2.1.214.jar/org/h2/util/data.zip/org/h2/server/web/res/table.js
MD5: 1c37e9e03787c821410ce684efa8feb7
SHA1: 3377bc4afb4fa0aeaa4fff9098ebb4446fa5be99
SHA256:07e1b3fc6feb8a8713b6659fc047cd9177d85b22f4bb0fa857be1c81786db701
Referenced In Project/Scope: Simplicite Platform:runtime

Identifiers

  • None

h2-2.1.214.jar: data.zip: tree.js

File Path: /var/simplicite/.m2/repository/com/h2database/h2/2.1.214/h2-2.1.214.jar/org/h2/util/data.zip/org/h2/server/web/res/tree.js
MD5: 4303428a5a49c1ae6c87a5dde9b4c9c3
SHA1: 9bca06117ddee5657dbe89eea197372128fe56e9
SHA256:1d5c4ba3b1a5dfcfe250fba716b55a9a7d0ffe624fc480713ff782c4d671836f
Referenced In Project/Scope: Simplicite Platform:runtime

Identifiers

  • None

hadoop-hdfs-client-3.3.1.jar

Description:

Apache Hadoop HDFS Client

File Path: /var/simplicite/.m2/repository/org/apache/hadoop/hadoop-hdfs-client/3.3.1/hadoop-hdfs-client-3.3.1.jar
MD5: df16b76d5b2b4c33561e94ae47827637
SHA1: 5ad71520a3632a9b5b2c65f9f53d1c9d80544ee0
SHA256:23e86d658b016394c263f80b8e318f232167a8862a07a3d50e5369175f3e8a58
Referenced In Project/Scope: Simplicite Platform:compile
hadoop-hdfs-client-3.3.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.commons/commons-vfs2@2.9.0

Identifiers

CVE-2021-37404  

There is a potential heap buffer overflow in Apache Hadoop libhdfs native code. Opening a file path provided by user without validation may result in a denial of service or arbitrary code execution. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher.
CWE-787 Out-of-bounds Write

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2022-25168  

Apache Hadoop's FileUtil.unTar(File, File) API does not escape the input file name before being passed to the shell. An attacker can inject arbitrary commands. This is only used in Hadoop 3.3 InMemoryAliasMap.completeBootstrapTransfer, which is only ever run by a local user. It has been used in Hadoop 2.x for yarn localization, which does enable remote code execution. It is used in Apache Spark, from the SQL command ADD ARCHIVE. As the ADD ARCHIVE command adds new binaries to the classpath, being able to execute shell scripts does not confer new permissions to the caller. SPARK-38305. "Check existence of file before untarring/zipping", which is included in 3.3.0, 3.1.4, 3.2.2, prevents shell commands being executed, regardless of which version of the hadoop libraries are in use. Users should upgrade to Apache Hadoop 2.10.2, 3.2.4, 3.3.3 or upper (including HADOOP-18136).
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2022-26612  

In Apache Hadoop, The unTar function uses unTarUsingJava function on Windows and the built-in tar utility on Unix and other OSes. As a result, a TAR entry may create a symlink under the expected extraction directory which points to an external directory. A subsequent TAR entry may extract an arbitrary file into the external directory using the symlink name. This however would be caught by the same targetDirPath check on Unix because of the getCanonicalPath call. However on Windows, getCanonicalPath doesn't resolve symbolic links, which bypasses the check. unpackEntries during TAR extraction follows symbolic links which allows writing outside expected base directory on Windows. This was addressed in Apache Hadoop 3.2.3
CWE-59 Improper Link Resolution Before File Access ('Link Following')

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2021-25642  

ZKConfigurationStore which is optionally used by CapacityScheduler of Apache Hadoop YARN deserializes data obtained from ZooKeeper without validation. An attacker having access to ZooKeeper can run arbitrary commands as YARN user by exploiting this. Users should upgrade to Apache Hadoop 2.10.2, 3.2.4, 3.3.4 or later (containing YARN-11126) if ZKConfigurationStore is used.
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: HIGH (8.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2021-33036  

In Apache Hadoop 2.2.0 to 2.10.1, 3.0.0-alpha1 to 3.1.4, 3.2.0 to 3.2.2, and 3.3.0 to 3.3.1, a user who can escalate to yarn user can possibly run arbitrary commands as root user. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher.
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv2:
  • Base Score: HIGH (9.0)
  • Vector: /AV:N/AC:L/Au:S/C:C/I:C/A:C
CVSSv3:
  • Base Score: HIGH (8.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2023-26031  

Relative library resolution in linux container-executor binary in Apache Hadoop 3.3.1-3.3.4 on Linux allows local user to gain root privileges. If the YARN cluster is accepting work from remote (authenticated) users, this MAY permit remote users to gain root privileges.

Hadoop 3.3.0 updated the " YARN Secure Containers https://hadoop.apache.org/docs/stable/hadoop-yarn/hadoop-yarn-site/SecureContainer.html " to add a feature for executing user-submitted applications in isolated linux containers.

The native binary HADOOP_HOME/bin/container-executor is used to launch these containers; it must be owned by root and have the suid bit set in order for the YARN processes to run the containers as the specific users submitting the jobs.

The patch " YARN-10495 https://issues.apache.org/jira/browse/YARN-10495 . make the rpath of container-executor configurable" modified the library loading path for loading .so files from "$ORIGIN/" to ""$ORIGIN/:../lib/native/". This is the a path through which libcrypto.so is located. Thus it is is possible for a user with reduced privileges to install a malicious libcrypto library into a path to which they have write access, invoke the container-executor command, and have their modified library executed as root.
If the YARN cluster is accepting work from remote (authenticated) users, and these users' submitted job are executed in the physical host, rather than a container, then the CVE permits remote users to gain root privileges.

The fix for the vulnerability is to revert the change, which is done in  YARN-11441 https://issues.apache.org/jira/browse/YARN-11441 , "Revert YARN-10495". This patch is in hadoop-3.3.5.

To determine whether a version of container-executor is vulnerable, use the readelf command. If the RUNPATH or RPATH value contains the relative path "./lib/native/" then it  is at risk

$ readelf -d container-executor|grep 'RUNPATH\|RPATH' 
0x000000000000001d (RUNPATH)            Library runpath: [$ORIGIN/:../lib/native/]

If it does not, then it is safe:

$ readelf -d container-executor|grep 'RUNPATH\|RPATH' 
0x000000000000001d (RUNPATH)            Library runpath: [$ORIGIN/]

For an at-risk version of container-executor to enable privilege escalation, the owner must be root and the suid bit must be set

$ ls -laF /opt/hadoop/bin/container-executor
---Sr-s---. 1 root hadoop 802968 May 9 20:21 /opt/hadoop/bin/container-executor

A safe installation lacks the suid bit; ideally is also not owned by root.

$ ls -laF /opt/hadoop/bin/container-executor
-rwxr-xr-x. 1 yarn hadoop 802968 May 9 20:21 /opt/hadoop/bin/container-executor

This configuration does not support Yarn Secure Containers, but all other hadoop services, including YARN job execution outside secure containers continue to work.
CWE-426 Untrusted Search Path

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions:

hamcrest-core-1.3.jar

Description:

    This is the core API of hamcrest matcher framework to be used by third-party framework providers. This includes the a foundation set of matcher implementations for common operations.

File Path: /var/simplicite/.m2/repository/org/hamcrest/hamcrest-core/1.3/hamcrest-core-1.3.jar
MD5: 6393363b47ddcbba82321110c3e07519
SHA1: 42a25dc3219429f0e5d060061f71acb49bf010a0
SHA256:66fdef91e9739348df7a096aa384a5685f4e875584cce89386a7a47251c4d8e9
Referenced In Project/Scope: Simplicite Platform:compile
hamcrest-core-1.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/junit/junit@4.13.2

Identifiers

highlight.js:11.7.0

Description:

Syntax highlighting with language autodetection.

License:

BSD-3-Clause
File Path: /var/simplicite/simplicite-5.3/package.json?/highlight.js:11.7.0

Referenced In Project/Scope: simplicite-js:5.3.35

Identifiers

hk2-api-2.6.1.jar

Description:

${project.name}

License:

http://www.eclipse.org/legal/epl-2.0, https://www.gnu.org/software/classpath/license.html
File Path: /var/simplicite/.m2/repository/org/glassfish/hk2/hk2-api/2.6.1/hk2-api-2.6.1.jar
MD5: 23e8c18dae0c7b776bed756763d5153f
SHA1: 114bd7afb4a1bd9993527f52a08a252b5d2acac5
SHA256:c2cb80a01e58440ae57d5ee59af4d4d94e5180e04aff112b0cb611c07d61e773
Referenced In Project/Scope: Simplicite Platform:provided
hk2-api-2.6.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.docusign/docusign-esign-java@3.18.0

Identifiers

hk2-locator-2.6.1.jar

Description:

${project.name}

License:

http://www.eclipse.org/legal/epl-2.0, https://www.gnu.org/software/classpath/license.html
File Path: /var/simplicite/.m2/repository/org/glassfish/hk2/hk2-locator/2.6.1/hk2-locator-2.6.1.jar
MD5: dfd358720393d83b01747928db6e3912
SHA1: 9dedf9d2022e38ec0743ed44c1ac94ad6149acdd
SHA256:febc668deb9f2000c76bd4918d8086c0a4c74d07bd0c60486b72c6bd38b62874
Referenced In Project/Scope: Simplicite Platform:provided
hk2-locator-2.6.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.docusign/docusign-esign-java@3.18.0

Identifiers

hk2-utils-2.6.1.jar

Description:

${project.name}

License:

http://www.eclipse.org/legal/epl-2.0, https://www.gnu.org/software/classpath/license.html
File Path: /var/simplicite/.m2/repository/org/glassfish/hk2/hk2-utils/2.6.1/hk2-utils-2.6.1.jar
MD5: 75ccb55538a77bf878996497ffeb86f3
SHA1: 396513aa96c1d5a10aa4f75c4dcbf259a698d62d
SHA256:30727f79086452fdefdab08451d982c2082aa239d9f75cdeb1ba271e3c887036
Referenced In Project/Scope: Simplicite Platform:provided
hk2-utils-2.6.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.docusign/docusign-esign-java@3.18.0

Identifiers

hsqldb-2.7.1.jar

Description:

HSQLDB - Lightweight 100% Java SQL Database Engine

License:

HSQLDB License, a BSD open source license: http://hsqldb.org/web/hsqlLicense.html
File Path: /var/simplicite/.m2/repository/org/hsqldb/hsqldb/2.7.1/hsqldb-2.7.1.jar
MD5: cc960ec33d04364a280ea9eba088300e
SHA1: 9ffb617125371538a32eb9ba1cb2fa743b2c993b
SHA256:bca5532a4c58babf9fcebf20d03f086f5ba24b076c3aaf8838a16512235e53ca
Referenced In Project/Scope: Simplicite Platform:runtime
hsqldb-2.7.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

html5-qrcode:2.3.8

Description:

A cross platform HTML5 QR Code & bar code scanner

License:

Apache-2.0
File Path: /var/simplicite/simplicite-5.3/package.json?/html5-qrcode:2.3.8

Referenced In Project/Scope: simplicite-js:5.3.35

Identifiers

httpasyncclient-4.1.5.jar

Description:

   Apache HttpComponents AsyncClient

File Path: /var/simplicite/.m2/repository/org/apache/httpcomponents/httpasyncclient/4.1.5/httpasyncclient-4.1.5.jar
MD5: 5346c547bfd0da64eb3dc54be9380d65
SHA1: cd18227f1eb8e9a263286c1d7362ceb24f6f9b32
SHA256:0c1877489a9d1ba4fa50f6cfcab11d1123618858cb31d56afaab5afdd5064d99
Referenced In Project/Scope: Simplicite Platform:compile
httpasyncclient-4.1.5.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

httpclient-4.5.14.jar

Description:

   Apache HttpComponents Client

File Path: /var/simplicite/.m2/repository/org/apache/httpcomponents/httpclient/4.5.14/httpclient-4.5.14.jar
MD5: 2cb357c4b763f47e58af6cad47df6ba3
SHA1: 1194890e6f56ec29177673f2f12d0b8e627dec98
SHA256:c8bc7e1c51a6d4ce72f40d2ebbabf1c4b68bfe76e732104b04381b493478e9d6
Referenced In Project/Scope: Simplicite Platform:compile
httpclient-4.5.14.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

httpcore-4.4.16.jar

Description:

   Apache HttpComponents Core (blocking I/O)

File Path: /var/simplicite/.m2/repository/org/apache/httpcomponents/httpcore/4.4.16/httpcore-4.4.16.jar
MD5: 28d2cd9bf8789fd2ec774fb88436ebd1
SHA1: 51cf043c87253c9f58b539c9f7e44c8894223850
SHA256:6c9b3dd142a09dc468e23ad39aad6f75a0f2b85125104469f026e52a474e464f
Referenced In Project/Scope: Simplicite Platform:compile
httpcore-4.4.16.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

httpcore-nio-4.4.16.jar

Description:

   Apache HttpComponents Core (non-blocking I/O)

File Path: /var/simplicite/.m2/repository/org/apache/httpcomponents/httpcore-nio/4.4.16/httpcore-nio-4.4.16.jar
MD5: 597c450f3401e98103e835824ab43e77
SHA1: cd21c80a9956be48c4c1cfd2f594ba02857d0927
SHA256:4018736ede2d321034e8517ea90baefb31831a8608afccc446d8a699fb1d00d4
Referenced In Project/Scope: Simplicite Platform:compile
httpcore-nio-4.4.16.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

httpmime-4.5.14.jar

Description:

   Apache HttpComponents HttpClient - MIME coded entities

File Path: /var/simplicite/.m2/repository/org/apache/httpcomponents/httpmime/4.5.14/httpmime-4.5.14.jar
MD5: 714c4ae31c40e6633c0bcaa4e6264153
SHA1: 6662758a1f1cb1149cf916bdac28332e0902ec44
SHA256:d401243d5c6eae928a37121b6e819158c8c32ea0584793e7285bb489ab2a3d17
Referenced In Project/Scope: Simplicite Platform:compile
httpmime-4.5.14.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

icu4j-73.1.jar

Description:

    International Component for Unicode for Java (ICU4J) is a mature, widely used Java library
    providing Unicode and Globalization support

License:

Unicode/ICU License: https://raw.githubusercontent.com/unicode-org/icu/main/icu4c/LICENSE
File Path: /var/simplicite/.m2/repository/com/ibm/icu/icu4j/73.1/icu4j-73.1.jar
MD5: 8cff87c6f90429f12167511ac2226fcf
SHA1: 693cf05bf78b603515a10653098fbb9a10fbb7e3
SHA256:e51fda26a50667aa6e5e7c752301203867dc36bbf82cb9f8f1008aded3798a5e
Referenced In Project/Scope: Simplicite Platform:compile
icu4j-73.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

  • pkg:maven/com.ibm.icu/icu4j@73.1  (Confidence:High)
  • cpe:2.3:a:icu-project:international_components_for_unicode:73.1:*:*:*:*:*:*:*  (Confidence:Low)  
  • cpe:2.3:a:unicode:international_components_for_unicode:73.1:*:*:*:*:*:*:*  (Confidence:Low)  

istack-commons-runtime-4.0.1.jar

Description:

istack common utility code

License:

http://www.eclipse.org/org/documents/edl-v10.php
File Path: /var/simplicite/.m2/repository/com/sun/istack/istack-commons-runtime/4.0.1/istack-commons-runtime-4.0.1.jar
MD5: 0c1301f11d943a0bec02efc57c101409
SHA1: 4e25c41d338aad4a2c92d0020c9ae0335fad5099
SHA256:9f91115f449384886f572bd62c8812ee1004273d4b5c85cac65179ad4c16990f
Referenced In Project/Scope: Simplicite Platform:compile
istack-commons-runtime-4.0.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.glassfish.jaxb/jaxb-runtime@3.0.2

Identifiers

istack-commons-tools-4.0.1.jar

Description:

istack common utility code

License:

http://www.eclipse.org/org/documents/edl-v10.php
File Path: /var/simplicite/.m2/repository/com/sun/istack/istack-commons-tools/4.0.1/istack-commons-tools-4.0.1.jar
MD5: 4c9517048b1b9581ab5ed307341855ee
SHA1: 8e3afa2de93ef0daba1f244b8dc77fb4dfb0a14e
SHA256:34486ea03e8229667d712e112e164adeed7534ca81718bb0e653072b7eb60786
Referenced In Project/Scope: Simplicite Platform:compile
istack-commons-tools-4.0.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.glassfish.jaxb/jaxb-xjc@3.0.2

Identifiers

itext-2.1.7.jar

Description:

iText, a free Java-PDF library

License:

Mozilla Public License: http://www.mozilla.org/MPL/MPL-1.1.html
File Path: /var/simplicite/.m2/repository/com/lowagie/itext/2.1.7/itext-2.1.7.jar
MD5: 7587a618197a065eac4a453d173d4ed6
SHA1: 892bfb3e97074a61123b3b2d7caa2db112750864
SHA256:7d82c6b097a31cdf5a6d49a327bf582fdec7304da69308f9f6abf54aa9fd9055
Referenced In Project/Scope: Simplicite Platform:compile
itext-2.1.7.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

CVE-2017-9096 (OSSINDEX)  

The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML external entity (XXE) attacks via a crafted PDF.
CWE-611 Improper Restriction of XML External Entity Reference

CVSSv3:
  • Base Score: HIGH (8.8)
  • Vector: CVSS:/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:com.lowagie:itext:2.1.7:*:*:*:*:*:*:*

itext-rtf-2.1.7.jar

Description:

iText, a free Java-PDF library (rtf package)

License:

Mozilla Public License: http://www.mozilla.org/MPL/MPL-1.1.html
File Path: /var/simplicite/.m2/repository/com/lowagie/itext-rtf/2.1.7/itext-rtf-2.1.7.jar
MD5: f95d38da50192bc9e3876e3a987f02c1
SHA1: ed1cbe69ff69c6e6fa7645f51c8d25894a177e7b
SHA256:49d3b9df20ccc6565c91b8b18c638ecb018fd528b6eb64991d6d8ba73975c135
Referenced In Project/Scope: Simplicite Platform:compile
itext-rtf-2.1.7.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

j2objc-annotations-1.3.jar

Description:

    A set of annotations that provide additional information to the J2ObjC
    translator to modify the result of translation.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/google/j2objc/j2objc-annotations/1.3/j2objc-annotations-1.3.jar
MD5: 5fa4ec4ec0c5aa70af8a7d4922df1931
SHA1: ba035118bc8bac37d7eff77700720999acd9986d
SHA256:21af30c92267bd6122c0e0b4d20cccb6641a37eaf956c6540ec471d584e64a7b
Referenced In Project/Scope: Simplicite Platform:compile
j2objc-annotations-1.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.google.protobuf/protobuf-java-util@3.22.3

Identifiers

jackcess-4.0.5.jar

Description:

A pure Java library for reading from and writing to MS Access databases.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/healthmarketscience/jackcess/jackcess/4.0.5/jackcess-4.0.5.jar
MD5: eadf0d092b2958de153901d0fe70eb61
SHA1: 78e71fb55d742715b7a2dc8e0a6c2dce218c8e17
SHA256:909289f4c955378449685bd3e8468837dd751bd8d9338bf830ae1741c6a4afb2
Referenced In Project/Scope: Simplicite Platform:compile
jackcess-4.0.5.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.tika/tika-parsers-standard-package@2.7.0

Identifiers

jackcess-encrypt-4.0.2.jar

Description:

An add-on to the Jackcess library for handling encryption in MS Access files.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/healthmarketscience/jackcess/jackcess-encrypt/4.0.2/jackcess-encrypt-4.0.2.jar
MD5: 17f18ad7b3779c672e0178afacee1acd
SHA1: e8efcbe171ac131ec32b20478d8381227e3e8d17
SHA256:7fdf5f09895038b1b2acb44294d0c1ffbcd0b9454964f6dc7171b6930bb085c4
Referenced In Project/Scope: Simplicite Platform:compile
jackcess-encrypt-4.0.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.tika/tika-parsers-standard-package@2.7.0

Identifiers

jackson-core-2.14.2.jar

Description:

Core Jackson processing abstractions (aka Streaming API), implementation for JSON

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.14.2/jackson-core-2.14.2.jar
MD5: 6ee422ee4c481b2d5aacb2b5e36a7dc0
SHA1: f804090e6399ce0cf78242db086017512dd71fcc
SHA256:b5d37a77c88277b97e3593c8740925216c06df8e4172bbde058528df04ad3e7a
Referenced In Project/Scope: Simplicite Platform:compile
jackson-core-2.14.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

jackson-core-asl-1.9.13.jar

Description:

Jackson is a high-performance JSON processor (parser, generator)

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/codehaus/jackson/jackson-core-asl/1.9.13/jackson-core-asl-1.9.13.jar
MD5: 319c49a4304e3fa9fe3cd8dcfc009d37
SHA1: 3c304d70f42f832e0a86d45bd437f692129299a4
SHA256:440a9cb5ca95b215f953d3a20a6b1a10da1f09b529a9ddea5f8a4905ddab4f5a
Referenced In Project/Scope: Simplicite Platform:compile
jackson-core-asl-1.9.13.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.google.http-client/google-http-client-jackson@1.29.2

Identifiers

jackson-databind-2.14.2.jar

Description:

General data-binding functionality for Jackson: works on core streaming API

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.14.2/jackson-databind-2.14.2.jar
MD5: c1b12dd14734cd1986132bf55042dd7e
SHA1: 01e71fddbc80bb86f71a6345ac1e8ab8a00e7134
SHA256:501d3abce4d18dcc381058ec593c5b94477906bba6efbac14dae40a642f77424
Referenced In Project/Scope: Simplicite Platform:compile
jackson-databind-2.14.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

CVE-2023-35116  

jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor's perspective is that this is not a valid vulnerability report, because the steps of constructing a cyclic data structure and trying to serialize it cannot be achieved by an external attacker.
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv3:
  • Base Score: MEDIUM (4.7)
  • Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

jackson-dataformat-csv-2.14.2.jar

Description:

Support for reading and writing CSV-encoded data via Jackson
abstractions.

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/fasterxml/jackson/dataformat/jackson-dataformat-csv/2.14.2/jackson-dataformat-csv-2.14.2.jar
MD5: af8b9f8638c2fcfabf09e7ee166888eb
SHA1: c6201b16c9317197e97368e6c3f696da399d5b0f
SHA256:47f12d1019ba18181148041f08e4d413c83f8b6fbb2a6b222f263e566737d292
Referenced In Project/Scope: Simplicite Platform:compile
jackson-dataformat-csv-2.14.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

jackson-datatype-guava-2.14.2.jar

Description:

Add-on datatype-support module for Jackson (https://github.com/FasterXML/jackson) that handles
Guava (https://github.com/google/guava) types (currently mostly just collection ones)

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/fasterxml/jackson/datatype/jackson-datatype-guava/2.14.2/jackson-datatype-guava-2.14.2.jar
MD5: 7613626f1c5f0c49814a9c54500f1217
SHA1: 1c340b714727513933a29b4f191e4cf5180e5946
SHA256:07cbb8b8a354dfc067fedf66e19226a7a8a6f56e46d2b78b85cbac5149aba71d
Referenced In Project/Scope: Simplicite Platform:compile
jackson-datatype-guava-2.14.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

jackson-datatype-joda-2.14.2.jar

Description:

Add-on module for Jackson (https://github.com/FasterXML/jackson) to support Joda (https://www.joda.org/joda-time/) data types.

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/fasterxml/jackson/datatype/jackson-datatype-joda/2.14.2/jackson-datatype-joda-2.14.2.jar
MD5: aca7435b74c198ed1bf956a77aa99787
SHA1: ccdff9be351b308089411070395abf08374702ba
SHA256:ab3433a5f984544f48e938600ae9fa65f29ee1a8c50618938cd172da58f89507
Referenced In Project/Scope: Simplicite Platform:compile
jackson-datatype-joda-2.14.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

jackson-jaxrs-base-2.14.2.jar

Description:

Pile of code that is shared by all Jackson-based JAX-RS
providers.

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/fasterxml/jackson/jaxrs/jackson-jaxrs-base/2.14.2/jackson-jaxrs-base-2.14.2.jar
MD5: b89c32604e673885c3e8eb46b24262b1
SHA1: 03006ab2f6786b419893cae56b9f6ec58d1e8aec
SHA256:cc0689c44be8d235a643ab58b5d4fb638c8753ce5f8560c13c6fa5f14ac20b55
Referenced In Project/Scope: Simplicite Platform:compile
jackson-jaxrs-base-2.14.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

jackson-jaxrs-json-provider-2.14.2.jar

Description:

Functionality to handle JSON input/output for JAX-RS implementations (like Jersey and RESTeasy) using standard Jackson data binding.

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/fasterxml/jackson/jaxrs/jackson-jaxrs-json-provider/2.14.2/jackson-jaxrs-json-provider-2.14.2.jar
MD5: 4c435f3fc9dbb44d75151d6264d1917b
SHA1: 949391a8e576cb38783f5d31675a2ea70c8753fa
SHA256:37e2ef9926b41724a1d725f962404e1ed8cac916aa0d466dbcbc7ea61a6881be
Referenced In Project/Scope: Simplicite Platform:compile
jackson-jaxrs-json-provider-2.14.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

jackson-jaxrs-xml-provider-2.14.2.jar

Description:

Functionality to handle XML input/output for JAX-RS implementations (like Jersey and RESTeasy) using standard Jackson data binding.

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/fasterxml/jackson/jaxrs/jackson-jaxrs-xml-provider/2.14.2/jackson-jaxrs-xml-provider-2.14.2.jar
MD5: 7b6caa305f2fb9d74794f9de6ef759ee
SHA1: a80e14f7170cc2a3ae030b5eca55a8131cb9c5c6
SHA256:e8fe10ca4cb7ddec3d9176de720933c9173388a3166bfafec50493977988fb15
Referenced In Project/Scope: Simplicite Platform:compile
jackson-jaxrs-xml-provider-2.14.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

jackson-module-jaxb-annotations-2.14.2.jar

Description:

Support for using JAXB annotations as an alternative to "native" Jackson annotations,
for configuring data-binding.

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/fasterxml/jackson/module/jackson-module-jaxb-annotations/2.14.2/jackson-module-jaxb-annotations-2.14.2.jar
MD5: 9558568d00a9abb34728e05d9ebc4e0c
SHA1: f7a5457c02d83103710973a4ffdce430ccdc1fd2
SHA256:3cc848dc4c370a76d8a36351505bd36fb025588d1ebbb00061af7f5d414b84fe
Referenced In Project/Scope: Simplicite Platform:compile
jackson-module-jaxb-annotations-2.14.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

jai-imageio-core-1.4.0.jar

Description:

    Java Advanced Imaging Image I/O Tools API core, but without the classes 
    involved with javax.media.jai dependencies, JPEG2000 or 
    codecLibJIIO, meaning that this library can be distributed under the 
    modified BSD license and should be GPL compatible.

License:

BSD 3-clause License w/nuclear disclaimer: LICENSE.txt
File Path: /var/simplicite/.m2/repository/com/github/jai-imageio/jai-imageio-core/1.4.0/jai-imageio-core-1.4.0.jar
MD5: 6978d733bfb55c0a82639f724fe5f3bb
SHA1: fb6d79b929556362a241b2f65a04e538062f0077
SHA256:8ad3c68e9efffb10ac87ff8bc589adf64b04a729c5194c079efd0643607fd72a
Referenced In Project/Scope: Simplicite Platform:compile
jai-imageio-core-1.4.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.tika/tika-parsers-standard-package@2.7.0

Identifiers

jakarta.activation-1.2.2.jar

Description:

Jakarta Activation

License:

http://www.eclipse.org/org/documents/edl-v10.php
File Path: /var/simplicite/.m2/repository/com/sun/activation/jakarta.activation/1.2.2/jakarta.activation-1.2.2.jar
MD5: 0b8bee3bf29b9a015f8b992035581a7c
SHA1: 74548703f9851017ce2f556066659438019e7eb5
SHA256:02156773e4ae9d048d14a56ad35d644bee9f1052a791d072df3ded3c656e6e1a
Referenced In Project/Scope: Simplicite Platform:runtime
jakarta.activation-1.2.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.jclouds/jclouds-core@2.5.0

Identifiers

jakarta.activation-api-2.1.1.jar

Description:

  Specification

License:

EDL 1.0: http://www.eclipse.org/org/documents/edl-v10.php
File Path: /var/simplicite/.m2/repository/jakarta/activation/jakarta.activation-api/2.1.1/jakarta.activation-api-2.1.1.jar
MD5: 6f9bbce7c06f8805baa3fa87ebe3059f
SHA1: 88c774ab863a21fb2fc4219af95379fafe499a31
SHA256:33bae3f0f12dbb5a7afc81d802a130359cdb44bbc7fb4b213f49b349d0491a04
Referenced In Project/Scope: Simplicite Platform:compile
jakarta.activation-api-2.1.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.eclipse.angus/jakarta.mail@2.0.1

Identifiers

jakarta.annotation-api-1.3.5.jar

Description:

Jakarta Annotations API

License:

EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html
File Path: /var/simplicite/.m2/repository/jakarta/annotation/jakarta.annotation-api/1.3.5/jakarta.annotation-api-1.3.5.jar
MD5: 8b165cf58df5f8c2a222f637c0a07c97
SHA1: 59eb84ee0d616332ff44aba065f3888cf002cd2d
SHA256:85fb03fc054cdf4efca8efd9b6712bbb418e1ab98241c4539c8585bbc23e1b8a
Referenced In Project/Scope: Simplicite Platform:provided
jakarta.annotation-api-1.3.5.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.docusign/docusign-esign-java@3.18.0

Identifiers

jakarta.inject-2.6.1.jar

Description:

Injection API (JSR 330) version  repackaged as OSGi bundle

License:

http://www.eclipse.org/legal/epl-2.0, https://www.gnu.org/software/classpath/license.html
File Path: /var/simplicite/.m2/repository/org/glassfish/hk2/external/jakarta.inject/2.6.1/jakarta.inject-2.6.1.jar
MD5: 4d7c80a1e3cd54531af03bef4537f7af
SHA1: 8096ebf722902e75fbd4f532a751e514f02e1eb7
SHA256:5e88c123b3e41bca788b2683118867d9b6dec714247ea91c588aed46a36ee24f
Referenced In Project/Scope: Simplicite Platform:provided
jakarta.inject-2.6.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.docusign/docusign-esign-java@3.18.0

Identifiers

jakarta.jms-api-2.0.3.jar

Description:

        Jakarta Messaging describes a means for Java applications to create, send, 
        and receive messages via loosely coupled, reliable asynchronous communication services.

License:

Eclipse Public License 2.0: https://projects.eclipse.org/license/epl-2.0
GNU General Public License, version 2 with the GNU Classpath Exception: https://projects.eclipse.org/license/secondary-gpl-2.0-cp
File Path: /var/simplicite/.m2/repository/jakarta/jms/jakarta.jms-api/2.0.3/jakarta.jms-api-2.0.3.jar
MD5: 569d6b710a850e4198e0e56c5a337e3d
SHA1: c3267a1a8129ba26e1093e7b51ae296891c5fa17
SHA256:5940937cb1095764a0039dae147395e37528a0575e2366f4dd20713b7785044a
Referenced In Project/Scope: Simplicite Platform:compile
jakarta.jms-api-2.0.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.qpid/qpid-jms-client@1.6.0

Identifiers

jakarta.mail-2.0.1.jar (shaded: jakarta.mail:jakarta.mail-api:2.1.1)

Description:

  Specification API

License:

EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html
EDL 1.0: http://www.eclipse.org/org/documents/edl-v10.php
File Path: /var/simplicite/.m2/repository/org/eclipse/angus/jakarta.mail/2.0.1/jakarta.mail-2.0.1.jar/META-INF/maven/jakarta.mail/jakarta.mail-api/pom.xml
MD5: d21d37995229b12e9ababa1ca9944266
SHA1: 67d5e982ab8805c51bad3ea210f0f253f9c52510
SHA256:2c0a59ed129e12ceda0e4888a213dfb1a06d85919afcecc0cc1c0a3d436a22a0
Referenced In Project/Scope: Simplicite Platform:compile

Identifiers

jakarta.mail-2.0.1.jar (shaded: org.eclipse.angus:angus-core:2.0.1)

File Path: /var/simplicite/.m2/repository/org/eclipse/angus/jakarta.mail/2.0.1/jakarta.mail-2.0.1.jar/META-INF/maven/org.eclipse.angus/angus-core/pom.xml
MD5: f360e369882e5a0e72c9b8478bb3b89d
SHA1: 441ce7c16adde6d27b18f8483bed824de1345ce4
SHA256:d14626b21a4173d2cf26168a89f01cd4bb3b49e67077abc6c97a122fc68b061b
Referenced In Project/Scope: Simplicite Platform:compile

Identifiers

jakarta.mail-2.0.1.jar (shaded: org.eclipse.angus:angus-mail:2.0.1)

File Path: /var/simplicite/.m2/repository/org/eclipse/angus/jakarta.mail/2.0.1/jakarta.mail-2.0.1.jar/META-INF/maven/org.eclipse.angus/angus-mail/pom.xml
MD5: b7ad7d3776c286c0cd623b1fb59916e3
SHA1: 70dce92d47c6ca353fc2968261e19cf21ad0e4e1
SHA256:c1ed53bca7ed7030bed1a04e2440e6d5fe2cc4bb2cb95ace2178e7ae851051d8
Referenced In Project/Scope: Simplicite Platform:compile

Identifiers

jakarta.mail-2.0.1.jar (shaded: org.eclipse.angus:imap:2.0.1)

File Path: /var/simplicite/.m2/repository/org/eclipse/angus/jakarta.mail/2.0.1/jakarta.mail-2.0.1.jar/META-INF/maven/org.eclipse.angus/imap/pom.xml
MD5: 05102a237edc3b98999ac6d990ccd6bf
SHA1: a5b9f48971acc1e6469b3d3c6370f9557d517aa0
SHA256:b62ab94e0e77f341653b9546a8ff7e0e42b21bd6668f64762d9bdaf2bf257f48
Referenced In Project/Scope: Simplicite Platform:compile

Identifiers

jakarta.mail-2.0.1.jar (shaded: org.eclipse.angus:logging-mailhandler:2.0.1)

File Path: /var/simplicite/.m2/repository/org/eclipse/angus/jakarta.mail/2.0.1/jakarta.mail-2.0.1.jar/META-INF/maven/org.eclipse.angus/logging-mailhandler/pom.xml
MD5: dbfd0bb62cf7c3787e593b49829a3188
SHA1: a3c463c283bff762d132f742266fb6daf9b01d55
SHA256:de393af2c75ed62b8d6975886623dbb880d59df5d587f90d309ce82ad16f82c9
Referenced In Project/Scope: Simplicite Platform:compile

Identifiers

jakarta.mail-2.0.1.jar (shaded: org.eclipse.angus:pop3:2.0.1)

File Path: /var/simplicite/.m2/repository/org/eclipse/angus/jakarta.mail/2.0.1/jakarta.mail-2.0.1.jar/META-INF/maven/org.eclipse.angus/pop3/pom.xml
MD5: 0e0c10ef42056448a3c9d56722891b2d
SHA1: c414da9569662c1e964978805045429ea5f0ab51
SHA256:698d9c6b990f311a8bdea17624d307da6356227d95203a5d00a7513327c223d7
Referenced In Project/Scope: Simplicite Platform:compile

Identifiers

jakarta.mail-2.0.1.jar (shaded: org.eclipse.angus:smtp:2.0.1)

File Path: /var/simplicite/.m2/repository/org/eclipse/angus/jakarta.mail/2.0.1/jakarta.mail-2.0.1.jar/META-INF/maven/org.eclipse.angus/smtp/pom.xml
MD5: 5c13f420e93a799e77a06a61c9c1dac3
SHA1: 45d00fe1ee33ac6dee9cabda854da88c99232bd2
SHA256:b88a786ecae5834454ffe1c0ffa067f636bc37ae602e13b221c9f01838d06fff
Referenced In Project/Scope: Simplicite Platform:compile

Identifiers

jakarta.mail-2.0.1.jar

Description:

Angus Mail default provider

License:

http://www.eclipse.org/legal/epl-2.0, https://www.gnu.org/software/classpath/license.html, http://www.eclipse.org/org/documents/edl-v10.php
File Path: /var/simplicite/.m2/repository/org/eclipse/angus/jakarta.mail/2.0.1/jakarta.mail-2.0.1.jar
MD5: 28fb723728e893da37c47887f2e8d773
SHA1: ac4bbca7361f10fe4073630765b40182c7e57872
SHA256:c99782e5613dc39d7d68fc1ab419892e1f0fd4bd09447a69e85f82eb0dd9a498
Referenced In Project/Scope: Simplicite Platform:compile
jakarta.mail-2.0.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

jakarta.validation-api-2.0.2.jar

Description:

        Jakarta Bean Validation API

License:

Apache License 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/jakarta/validation/jakarta.validation-api/2.0.2/jakarta.validation-api-2.0.2.jar
MD5: 77501d529c1928c9bac2500cc9f93fb0
SHA1: 5eacc6522521f7eacb081f95cee1e231648461e7
SHA256:b42d42428f3d922c892a909fa043287d577c0c5b165ad9b7d568cebf87fc9ea4
Referenced In Project/Scope: Simplicite Platform:compile
jakarta.validation-api-2.0.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/io.swagger.core.v3/swagger-core@2.2.9

Identifiers

jakarta.ws.rs-api-2.1.6.jar

Description:

Jakarta RESTful Web Services API

License:

EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html
File Path: /var/simplicite/.m2/repository/jakarta/ws/rs/jakarta.ws.rs-api/2.1.6/jakarta.ws.rs-api-2.1.6.jar
MD5: c3892382aeb5c54085b22b1890511d29
SHA1: 1dcb770bce80a490dff49729b99c7a60e9ecb122
SHA256:4cea299c846c8a6e6470cbfc2f7c391bc29b9caa2f9264ac1064ba91691f4adf
Referenced In Project/Scope: Simplicite Platform:provided
jakarta.ws.rs-api-2.1.6.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.docusign/docusign-esign-java@3.18.0

Identifiers

jakarta.xml.bind-api-4.0.0.jar

Description:

Jakarta XML Binding API 4.0 Design Specification

License:

http://www.eclipse.org/org/documents/edl-v10.php
File Path: /var/simplicite/.m2/repository/jakarta/xml/bind/jakarta.xml.bind-api/4.0.0/jakarta.xml.bind-api-4.0.0.jar
MD5: b5132a66e2d3a60904f8035a1f8a34a8
SHA1: bbb399208d288b15ec101fa4fcfc4bd77cedc97a
SHA256:57e3796ad5753640088f5f9d3c53c183f2c250b7dad90529ea3e19a5515aa122
Referenced In Project/Scope: Simplicite Platform:compile
jakarta.xml.bind-api-4.0.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

java-dataloader-3.2.0.jar

Description:

A pure Java 8 port of Facebook Dataloader

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/graphql-java/java-dataloader/3.2.0/java-dataloader-3.2.0.jar
MD5: 2558e982381ac391c975246c0c13074b
SHA1: f45c53595cab4c23e35526cc122e2bd159a50516
SHA256:b9c7d32aef05a2e33dc07c5ce45b713c405b61c6264cb0ed48aac003add3eaa4
Referenced In Project/Scope: Simplicite Platform:compile
java-dataloader-3.2.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.graphql-java/graphql-java@20.2

Identifiers

java-jwt-4.4.0.jar

Description:

Java implementation of JSON Web Token (JWT)

License:

The MIT License (MIT): https://raw.githubusercontent.com/auth0/java-jwt/master/LICENSE
File Path: /var/simplicite/.m2/repository/com/auth0/java-jwt/4.4.0/java-jwt-4.4.0.jar
MD5: 7fe567995099e1ee3f45adbc2f3c18c5
SHA1: 0e02407d19971bfa241441212901dd327a37722b
SHA256:173aab2a30727e5586e13055fb6c4e27112453f5d8cf1136b3369c674cbe011f
Referenced In Project/Scope: Simplicite Platform:compile
java-jwt-4.4.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

java-libpst-0.9.3.jar

Description:

A library to read PST files with java, without need for external libraries.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/pff/java-libpst/0.9.3/java-libpst-0.9.3.jar
MD5: 26a2227892a5859875c3bf2bdf88bc9e
SHA1: 928a6698850cd89577d28201ff1ac443bb339d2b
SHA256:039cd61635ded94dba67f909d3b1763e13f9c23d02f9750eb6259af10e1dabdb
Referenced In Project/Scope: Simplicite Platform:compile
java-libpst-0.9.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.tika/tika-parsers-standard-package@2.7.0

Identifiers

java-saml-2.9.0.jar

File Path: /var/simplicite/.m2/repository/com/onelogin/java-saml/2.9.0/java-saml-2.9.0.jar
MD5: 78ab152c7a2de7cdc9fed73452641129
SHA1: a9b09c16748a57cfab9d7899ca8cfd360c8197fb
SHA256:f2e36902c9a3a1f255a010f79286f3f858031839a817f4ff594068a89171cfc1
Referenced In Project/Scope: Simplicite Platform:compile
java-saml-2.9.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

java-saml-core-2.9.0.jar

File Path: /var/simplicite/.m2/repository/com/onelogin/java-saml-core/2.9.0/java-saml-core-2.9.0.jar
MD5: a9e33a00ac2b9b5ccbaa104a5ca6aec4
SHA1: 843b0064044bbd68162fcd57373c98e1a4dd64a5
SHA256:41735e2063f1c511d342aab613b2144efb758e2364ecd9193b7639274a280f24
Referenced In Project/Scope: Simplicite Platform:compile
java-saml-core-2.9.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.onelogin/java-saml@2.9.0

Identifiers

javase-3.0.1.jar

Description:

Java SE-specific extensions to core ZXing library

File Path: /var/simplicite/.m2/repository/com/google/zxing/javase/3.0.1/javase-3.0.1.jar
MD5: 04258960339322ce4fb90718899ff4c9
SHA1: 06fa0ae253f5bb2943fb64100c936d6a142832c2
SHA256:83c1e61db240c81b9b9628ea8dd63944cacf2b4f3578b4f3f4d3104506e4d0a4
Referenced In Project/Scope: Simplicite Platform:compile
javase-3.0.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

javassist-3.22.0-CR2.jar

Description:

  	Javassist (JAVA programming ASSISTant) makes Java bytecode manipulation
    simple.  It is a class library for editing bytecodes in Java.

License:

MPL 1.1: http://www.mozilla.org/MPL/MPL-1.1.html
LGPL 2.1: http://www.gnu.org/licenses/lgpl-2.1.html
Apache License 2.0: http://www.apache.org/licenses/
File Path: /var/simplicite/.m2/repository/org/javassist/javassist/3.22.0-CR2/javassist-3.22.0-CR2.jar
MD5: 2c48278c202227d8f3b8382965d41c0f
SHA1: 44eaf0990dea92f4bca4b9931b2239c0e8756ee7
SHA256:230267ffd7bfe404c1b87faf215dd012f607ba3151bd7099562c305c09de6a7a
Referenced In Project/Scope: Simplicite Platform:provided
javassist-3.22.0-CR2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.docusign/docusign-esign-java@3.18.0

Identifiers

javax.activation-api-1.2.0.jar

Description:

JavaBeans Activation Framework API jar

License:

https://github.com/javaee/activation/blob/master/LICENSE.txt
File Path: /var/simplicite/.m2/repository/javax/activation/javax.activation-api/1.2.0/javax.activation-api-1.2.0.jar
MD5: 5e50e56bcf4a3ef3bc758f69f7643c3b
SHA1: 85262acf3ca9816f9537ca47d5adeabaead7cb16
SHA256:43fdef0b5b6ceb31b0424b208b930c74ab58fac2ceeb7b3f6fd3aeb8b5ca4393
Referenced In Project/Scope: Simplicite Platform:compile
javax.activation-api-1.2.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

javax.annotation-api-1.3.2.jar

Description:

Common Annotations for the JavaTM Platform API

License:

CDDL + GPLv2 with classpath exception: https://github.com/javaee/javax.annotation/blob/master/LICENSE
File Path: /var/simplicite/.m2/repository/javax/annotation/javax.annotation-api/1.3.2/javax.annotation-api-1.3.2.jar
MD5: 2ab1973eefffaa2aeec47d50b9e40b9d
SHA1: 934c04d3cfef185a8008e7bf34331b79730a9d43
SHA256:e04ba5195bcd555dc95650f7cc614d151e4bcd52d29a10b8aa2197f3ab89ab9b
Referenced In Project/Scope: Simplicite Platform:provided
javax.annotation-api-1.3.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

javax.ejb-api-3.2.2.jar

Description:

Project GlassFish Enterprise JavaBean API

License:

CDDL + GPLv2 with classpath exception: https://oss.oracle.com/licenses/CDDL+GPL-1.1
File Path: /var/simplicite/.m2/repository/javax/ejb/javax.ejb-api/3.2.2/javax.ejb-api-3.2.2.jar
MD5: f7a1ffa8ec359720a01dd09f79f042c3
SHA1: 8921a3e3cb30fe5966531ad53902eef19303123b
SHA256:13ff874c58c32b649077dab6ab23bc93938610adc99e90d63933f6f074805b72
Referenced In Project/Scope: Simplicite Platform:provided
javax.ejb-api-3.2.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

javax.inject-1.jar

Description:

The javax.inject API

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/javax/inject/javax.inject/1/javax.inject-1.jar
MD5: 289075e48b909e9e74e6c915b3631d2e
SHA1: 6975da39a7040257bd51d21a231b76c915872d38
SHA256:91c77044a50c481636c32d916fd89c9118a72195390452c81065080f957de7ff
Referenced In Project/Scope: Simplicite Platform:compile
javax.inject-1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.jclouds/jclouds-core@2.5.0

Identifiers

javax.jms-api-2.0.1.jar

Description:

Java(TM) Message Service Specification

License:

CDDL + GPLv2 with classpath exception: https://glassfish.java.net/nonav/public/CDDL+GPL_1_1.html
File Path: /var/simplicite/.m2/repository/javax/jms/javax.jms-api/2.0.1/javax.jms-api-2.0.1.jar
MD5: d69d2e02910e97b2478c0105e9b2caab
SHA1: 5faaa3864ff6025ce69809b60d65bda3e358610c
SHA256:aa4a16fac46d949b17b32091036e4d1e3c812ef3b4bd184ec838efffb53ba4f8
Referenced In Project/Scope: Simplicite Platform:compile
javax.jms-api-2.0.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

javax.servlet-api-4.0.1.jar

Description:

Java(TM) Servlet 4.0 API Design Specification

License:

CDDL + GPLv2 with classpath exception: https://oss.oracle.com/licenses/CDDL+GPL-1.1
File Path: /var/simplicite/.m2/repository/javax/servlet/javax.servlet-api/4.0.1/javax.servlet-api-4.0.1.jar
MD5: b80414033bf3397de334b95e892a2f44
SHA1: a27082684a2ff0bf397666c3943496c44541d1ca
SHA256:83a03dd877d3674576f0da7b90755c8524af099ccf0607fc61aa971535ad7c60
Referenced In Project/Scope: Simplicite Platform:provided
javax.servlet-api-4.0.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

javax.servlet.jsp-api-2.3.3.jar

Description:

Java.net - The Source for Java Technology Collaboration

License:

CDDL + GPLv2 with classpath exception: ://oss.oracle.com/licenses/CDDL+GPL-1.1
File Path: /var/simplicite/.m2/repository/javax/servlet/jsp/javax.servlet.jsp-api/2.3.3/javax.servlet.jsp-api-2.3.3.jar
MD5: f6676a5961328c41c5e722da5e48d047
SHA1: 81191ab80e342912dc9cea735c30ff4eddc64de3
SHA256:409a534d275ef0958a2c1692472da30e3706bfe6933d56c039376f53f13689b7
Referenced In Project/Scope: Simplicite Platform:provided
javax.servlet.jsp-api-2.3.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

javax.transaction-api-1.3.jar

Description:

Project GlassFish Java Transaction API

License:

CDDL + GPLv2 with classpath exception: https://github.com/javaee/javax.transaction/blob/master/LICENSE
File Path: /var/simplicite/.m2/repository/javax/transaction/javax.transaction-api/1.3/javax.transaction-api-1.3.jar
MD5: 6e9cb1684621821248b6823143ae26c0
SHA1: e006adf5cf3cca2181d16bd640ecb80148ec0fce
SHA256:603df5e4fc1eeae8f5e5d363a8be6c1fa47d0df1df8739a05cbcb9fafd6df2da
Referenced In Project/Scope: Simplicite Platform:provided
javax.transaction-api-1.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

javax.websocket-api-1.1.jar

Description:

JSR 356: Java API for WebSocket

License:

https://glassfish.java.net/public/CDDL+GPL_1_1.html
File Path: /var/simplicite/.m2/repository/javax/websocket/javax.websocket-api/1.1/javax.websocket-api-1.1.jar
MD5: be29e11a4a15742aa6fb418fa46345e3
SHA1: eeeb68631711256418dfbb47b11c731b6c8f6235
SHA256:a260973517bf6411d659b588a719aa27e7e4e47dfbd510fceb5bf1023a2c45e4
Referenced In Project/Scope: Simplicite Platform:provided
javax.websocket-api-1.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

javax.ws.rs-api-2.0.1.jar

Description:

Java API for RESTful Web Services (JAX-RS)

License:

CDDL 1.1: http://glassfish.java.net/public/CDDL+GPL_1_1.html
GPL2 w/ CPE: http://glassfish.java.net/public/CDDL+GPL_1_1.html
File Path: /var/simplicite/.m2/repository/javax/ws/rs/javax.ws.rs-api/2.0.1/javax.ws.rs-api-2.0.1.jar
MD5: edcd111cf4d3ba8ac8e1f326efc37a17
SHA1: 104e9c2b5583cfcfeac0402316221648d6d8ea6b
SHA256:38607d626f2288d8fbc1b1f8a62c369e63806d9a313ac7cbc5f9d6c94f4b466d
Referenced In Project/Scope: Simplicite Platform:compile
javax.ws.rs-api-2.0.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.jclouds/jclouds-core@2.5.0

Identifiers

jawk-1.02.jar

Description:

POM was created from install:install-file

File Path: /var/simplicite/.m2/repository/org/jawk/jawk/1.02/jawk-1.02.jar
MD5: cd04ea3460d71a03ca5f4232c9ee5f0c
SHA1: 7bdd8bb1a1b9adff9b471cc041cba83ef3a2abe6
SHA256:2773c7f47b2ee8f483d6cb30f799c31f81645d23f49910e58ef4cccb2ffe1c7b
Referenced In Project/Scope: Simplicite Platform:compile
jawk-1.02.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

jaxb-api-2.3.1.jar

Description:

JAXB (JSR 222) API

License:

https://oss.oracle.com/licenses/CDDL+GPL-1.1, https://oss.oracle.com/licenses/CDDL+GPL-1.1
File Path: /var/simplicite/.m2/repository/javax/xml/bind/jaxb-api/2.3.1/jaxb-api-2.3.1.jar
MD5: bcf270d320f645ad19f5edb60091e87f
SHA1: 8531ad5ac454cc2deb9d4d32c40c4d7451939b5d
SHA256:88b955a0df57880a26a74708bc34f74dcaf8ebf4e78843a28b50eae945732b06
Referenced In Project/Scope: Simplicite Platform:compile
jaxb-api-2.3.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

jaxb-core-3.0.2.jar

Description:

JAXB Core module. Contains sources required by XJC, JXC and Runtime modules.

License:

http://www.eclipse.org/org/documents/edl-v10.php
File Path: /var/simplicite/.m2/repository/org/glassfish/jaxb/jaxb-core/3.0.2/jaxb-core-3.0.2.jar
MD5: d97e45fa20c174781424552e4283e460
SHA1: e83d0b0005525ddd8b8642bd0bb02227fcf871f1
SHA256:f9a360b939597643b2676e35fc497afb561d20e8a513128a5c0070366db11bbd
Referenced In Project/Scope: Simplicite Platform:compile
jaxb-core-3.0.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.glassfish.jaxb/jaxb-runtime@3.0.2

Identifiers

jaxb-impl-2.3.3.jar (shaded: com.sun.istack:istack-commons-runtime:3.0.11)

File Path: /var/simplicite/.m2/repository/com/sun/xml/bind/jaxb-impl/2.3.3/jaxb-impl-2.3.3.jar/META-INF/maven/com.sun.istack/istack-commons-runtime/pom.xml
MD5: 2cf61b2d9ed8b708932ba4d2bdd53025
SHA1: 1c4b0f15c5b1aeb7ba30ba0f6a21c10ee112d2b2
SHA256:ae1c070432a8cc35b92960758175014e991193af982e0ad083e40885611d7e94
Referenced In Project/Scope: Simplicite Platform:compile

Identifiers

jaxb-impl-2.3.3.jar (shaded: org.glassfish.jaxb:jaxb-runtime:2.3.3)

Description:

JAXB (JSR 222) Reference Implementation

File Path: /var/simplicite/.m2/repository/com/sun/xml/bind/jaxb-impl/2.3.3/jaxb-impl-2.3.3.jar/META-INF/maven/org.glassfish.jaxb/jaxb-runtime/pom.xml
MD5: 7612c04cd616dd6d2a471427a3b87518
SHA1: 2efabedb3f95d04c4b1aa6c71beb16d6d1283f95
SHA256:92dfe5a3925a9194f0a348ca7a4d5ae7dc64fca79ceab5bcd04ef947f42f36f4
Referenced In Project/Scope: Simplicite Platform:compile

Identifiers

jaxb-impl-2.3.3.jar (shaded: org.glassfish.jaxb:txw2:2.3.3)

Description:

        TXW is a library that allows you to write XML documents.

File Path: /var/simplicite/.m2/repository/com/sun/xml/bind/jaxb-impl/2.3.3/jaxb-impl-2.3.3.jar/META-INF/maven/org.glassfish.jaxb/txw2/pom.xml
MD5: d500c9f1fa5827030d0ecee5e5b8122b
SHA1: 69002631b1dd2c1205c099feaca71689090e3fa1
SHA256:578621ff5ae4feaf6e41c3e0575ba67db3aa57aeb70ed68611795cddfb4b577f
Referenced In Project/Scope: Simplicite Platform:compile

Identifiers

jaxb-impl-2.3.3.jar

Description:

Old JAXB Runtime module. Contains sources required for runtime processing.

License:

http://www.eclipse.org/org/documents/edl-v10.php
File Path: /var/simplicite/.m2/repository/com/sun/xml/bind/jaxb-impl/2.3.3/jaxb-impl-2.3.3.jar
MD5: 8f59ab4ced2bb2e3a732e924852fac98
SHA1: 3758e8c1664979749e647a9ca8c7ea1cd83c9b1e
SHA256:e5178d0c7948247f75a13c689bf36f4d5d4910a121f712aa3b20ae94377069d8
Referenced In Project/Scope: Simplicite Platform:compile
jaxb-impl-2.3.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.jclouds/jclouds-core@2.5.0

Identifiers

jaxb-svg11-11.4.0.jar

Description:

JAXB classes modelling SVG 1.1

License:

Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/plutext/jaxb-svg11/11.4.0/jaxb-svg11-11.4.0.jar
MD5: f48497d2e66ef552a508709b19f3edb9
SHA1: 1213219395e7b6c3ab6affdc7b343ded7a044140
SHA256:1ee69b8ee0a3d0d931b71b9f5475724b0cce1a181070890ed1b53fc09199a3ed
Referenced In Project/Scope: Simplicite Platform:compile
jaxb-svg11-11.4.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.docx4j/docx4j-core@11.4.5

Identifiers

jbig2-imageio-3.0.4.jar

Description:

	Java Image I/O plugin for reading JBIG2-compressed image data. 
	Formerly known as the levigo JBig2 ImageIO plugin (com.levigo.jbig2:levigo-jbig2-imageio).

File Path: /var/simplicite/.m2/repository/org/apache/pdfbox/jbig2-imageio/3.0.4/jbig2-imageio-3.0.4.jar
MD5: c51f45dc3d29bbf716774f9ff9e95ad6
SHA1: ad09a9bb94ea791ea81fb6c5bc2b13dd77872598
SHA256:29cb2951622f10acf61fd0656c4e6fa5562194a9095f7a1d26aa426e2f6b17eb
Referenced In Project/Scope: Simplicite Platform:compile
jbig2-imageio-3.0.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

jcl-over-slf4j-1.7.36.jar

Description:

JCL 1.2 implemented over SLF4J

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/slf4j/jcl-over-slf4j/1.7.36/jcl-over-slf4j-1.7.36.jar
MD5: 8065610cde33ed9fd5d34367912c1938
SHA1: d877e195a05aca4a2f1ad2ff14bfec1393af4b5e
SHA256:ab57ca8fd223772c17365d121f59e94ecbf0ae59d08c03a3cb5b81071c019195
Referenced In Project/Scope: Simplicite Platform:compile
jcl-over-slf4j-1.7.36.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

jclouds-core-2.5.0.jar

Description:

Core components to access jclouds services

File Path: /var/simplicite/.m2/repository/org/apache/jclouds/jclouds-core/2.5.0/jclouds-core-2.5.0.jar
MD5: 6ded54a675394e6616b0903cef2f010c
SHA1: 5049a87e66c154e69f666e6d1a70e2ab925e53a8
SHA256:c899f7b6cf7ae7cc18b32d82f2cdd6f487e46143a11572f1f1e6f19d839f9ca2
Referenced In Project/Scope: Simplicite Platform:compile
jclouds-core-2.5.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

jdom2-2.0.6.1.jar

Description:

		A complete, Java-based solution for accessing, manipulating, 
		and outputting XML data

License:

Similar to Apache License but with the acknowledgment clause removed: https://raw.github.com/hunterhacker/jdom/master/LICENSE.txt
File Path: /var/simplicite/.m2/repository/org/jdom/jdom2/2.0.6.1/jdom2-2.0.6.1.jar
MD5: 5be72710c66f3c9ba71f8009e92597d1
SHA1: dc15dff8f701b227ee523eeb7a17f77c10eafe2f
SHA256:0b20f45e3a0fd8f0d12cdc5316b06776e902b1365db00118876f9175c60f302c
Referenced In Project/Scope: Simplicite Platform:compile
jdom2-2.0.6.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.tika/tika-parsers-standard-package@2.7.0

Identifiers

jedis-4.3.1.jar

Description:

Jedis is a blazingly small and sane Redis java client.

License:

MIT: http://github.com/redis/jedis/raw/master/LICENSE.txt
File Path: /var/simplicite/.m2/repository/redis/clients/jedis/4.3.1/jedis-4.3.1.jar
MD5: eaca03c5afc8b8513ce2f2e8d68be4b0
SHA1: c780769bddbb1dbba2441c89af68e9fa126a32cb
SHA256:597894244e42e1b3171470e9294781824dbf617949e77aa0230eaa3ec4772db4
Referenced In Project/Scope: Simplicite Platform:compile
jedis-4.3.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

jempbox-1.8.17.jar

Description:

    The Apache JempBox library is an open source Java tool that implements Adobe's XMP(TM)
    specification. JempBox is a subproject of Apache PDFBox.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/pdfbox/jempbox/1.8.17/jempbox-1.8.17.jar
MD5: d207dd1ac7a64b3c425a97a9638dd03b
SHA1: 388997fbd1b57f8e424c4447e3fc8ce5dd2fc665
SHA256:ded9c81038dd1bbcba18f07e1028d70c9ceaf0b48ac56cea8ab6ec2c255fc1b3
Referenced In Project/Scope: Simplicite Platform:compile
jempbox-1.8.17.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

jersey-common-2.29.1.jar

Description:

Jersey core common packages

License:

EPL 2.0: http://www.eclipse.org/legal/epl-2.0
The GNU General Public License (GPL), Version 2, With Classpath Exception: https://www.gnu.org/software/classpath/license.html
Apache License, 2.0: http://www.apache.org/licenses/LICENSE-2.0.html
Public Domain: https://creativecommons.org/publicdomain/zero/1.0/
File Path: /var/simplicite/.m2/repository/org/glassfish/jersey/core/jersey-common/2.29.1/jersey-common-2.29.1.jar
MD5: acb846e05010206d0673977940da9bee
SHA1: ea60b9ace56f1ae758c2eebbb48e8387d959102f
SHA256:923c7b4af55430c80ce33e39731d6f7b1db6746e8aa6d4009eeb154a3e1e0f32
Referenced In Project/Scope: Simplicite Platform:provided
jersey-common-2.29.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.docusign/docusign-esign-java@3.18.0

Identifiers

CVE-2021-28168 (OSSINDEX)  

Eclipse Jersey 2.28 to 2.33 and Eclipse Jersey 3.0.0 to 3.0.1 contains a local information disclosure vulnerability. This is due to the use of the File.createTempFile which creates a file inside of the system temporary directory with the permissions: -rw-r--r--. Thus the contents of this file are viewable by all other users locally on the system. As such, if the contents written is security sensitive, it can be disclosed to other local users.
CWE-378 Creation of Temporary File With Insecure Permissions

CVSSv2:
  • Base Score: MEDIUM (5.5)
  • Vector: /AV:L/AC:L/Au:/C:H/I:N/A:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.glassfish.jersey.core:jersey-common:2.29.1:*:*:*:*:*:*:*

jersey-hk2-2.29.1.jar

Description:

HK2 InjectionManager implementation

License:

http://www.eclipse.org/legal/epl-2.0, https://www.gnu.org/software/classpath/license.html, http://www.eclipse.org/org/documents/edl-v10.php, https://opensource.org/licenses/BSD-2-Clause, http://www.apache.org/licenses/LICENSE-2.0.html, https://creativecommons.org/publicdomain/zero/1.0/, http://asm.objectweb.org/license.html, jquery.org/license, http://www.opensource.org/licenses/mit-license.php, https://www.w3.org/Consortium/Legal/copyright-documents-19990405
File Path: /var/simplicite/.m2/repository/org/glassfish/jersey/inject/jersey-hk2/2.29.1/jersey-hk2-2.29.1.jar
MD5: 39f12392bc8a0ab2b7801dd73056034a
SHA1: 54b316e9f91ac9de1e6900aeb63457505862a296
SHA256:eb74851a7fa38003877ec90dd413c404c862bd3e313b0ab884c74bf16fc76579
Referenced In Project/Scope: Simplicite Platform:provided
jersey-hk2-2.29.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.docusign/docusign-esign-java@3.18.0

Identifiers

jfreechart-1.5.4.jar

Description:

        JFreeChart is a class library, written in Java, for generating charts. 
        Utilising the Java2D API, it supports a wide range of chart types including
        bar charts, pie charts, line charts, XY-plots, time series plots, Sankey charts
        and more.

License:

GNU Lesser General Public Licence: http://www.gnu.org/licenses/lgpl.txt
File Path: /var/simplicite/.m2/repository/org/jfree/jfreechart/1.5.4/jfreechart-1.5.4.jar
MD5: 36e760314d688997c7e5ad135a3efc44
SHA1: 9a5edddb05a3ca4fbc0628c594e6641a6f36a3b4
SHA256:cd0649b04b64f2638b55c7c3ac24788ff064b777bbbaf1b952f82ee078ed8b81
Referenced In Project/Scope: Simplicite Platform:compile
jfreechart-1.5.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

CVE-2023-52070 (OSSINDEX)  

JFreeChart v1.5.4 was discovered to be vulnerable to ArrayIndexOutOfBounds via the 'setSeriesNeedle(int index, int type)' method. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification.
CWE-129 Improper Validation of Array Index

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:/C:N/I:N/A:H

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.jfree:jfreechart:1.5.4:*:*:*:*:*:*:*

CVE-2024-22949 (OSSINDEX)  

JFreeChart v1.5.4 was discovered to contain a NullPointerException via the component /chart/annotations/CategoryLineAnnotation. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification.
CWE-476 NULL Pointer Dereference

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:/C:N/I:N/A:H

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.jfree:jfreechart:1.5.4:*:*:*:*:*:*:*

CVE-2024-23076 (OSSINDEX)  

JFreeChart v1.5.4 was discovered to contain a NullPointerException via the component /labels/BubbleXYItemLabelGenerator.java. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification.
CWE-476 NULL Pointer Dereference

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:/C:N/I:N/A:H

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.jfree:jfreechart:1.5.4:*:*:*:*:*:*:*

jhighlight-1.1.0.jar

Description:

    JHighlight is an embeddable pure Java syntax highlighting
    library that supports Java, HTML, XHTML, XML and LZX
    languages and outputs to XHTML.
    
    It also supports RIFE templates tags and highlights them
    clearly so that you can easily identify the difference
    between your RIFE markup and the actual marked up source.

License:

CDDL, v1.0: http://www.opensource.org/licenses/cddl1.php
LGPL, v2.1 or later: http://www.opensource.org/licenses/lgpl-license.php
File Path: /var/simplicite/.m2/repository/org/codelibs/jhighlight/1.1.0/jhighlight-1.1.0.jar
MD5: 849a2714c0bcd777a51c79ecf333e4f0
SHA1: 8ae20cc1eadb26bbc721611d509b808bf41d1a14
SHA256:2f7d5c92db46e76a7564dd98d4d00b822d808e21b01a2c9b60e8249c41351ed1
Referenced In Project/Scope: Simplicite Platform:compile
jhighlight-1.1.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.tika/tika-parsers-standard-package@2.7.0

Identifiers

jjwt-api-0.11.2.jar

Description:

JSON Web Token support for the JVM and Android

License:

http://www.apache.org/licenses/LICENSE-2.0
File Path: /var/simplicite/.m2/repository/io/jsonwebtoken/jjwt-api/0.11.2/jjwt-api-0.11.2.jar
MD5: 19d7722419b64944d28b7432e596c94c
SHA1: 57c34dce3e88f2972c5c5465b6291acfb5628084
SHA256:fa340e4c0b81f24c4c0f943c4454343efe9e055f648c600f2b3b637763cf6f28
Referenced In Project/Scope: Simplicite Platform:compile
jjwt-api-0.11.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.twilio.sdk/twilio@8.29.0

Identifiers

jjwt-impl-0.11.2.jar

Description:

JSON Web Token support for the JVM and Android

License:

http://www.apache.org/licenses/LICENSE-2.0
File Path: /var/simplicite/.m2/repository/io/jsonwebtoken/jjwt-impl/0.11.2/jjwt-impl-0.11.2.jar
MD5: c467a0094bd3764d749b249b009de656
SHA1: 8fd8acf9d3cb9a2db05bfa484c2a1408cc3507f9
SHA256:cf5896bdb086df7e7451ffde5f5691fb6ae7ec6bffa4e82071d3c5a426b11995
Referenced In Project/Scope: Simplicite Platform:runtime
jjwt-impl-0.11.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.twilio.sdk/twilio@8.29.0

Identifiers

jjwt-jackson-0.11.2.jar

Description:

JSON Web Token support for the JVM and Android

License:

http://www.apache.org/licenses/LICENSE-2.0
File Path: /var/simplicite/.m2/repository/io/jsonwebtoken/jjwt-jackson/0.11.2/jjwt-jackson-0.11.2.jar
MD5: 8f35ab366b0ba25447629d0a60264b82
SHA1: bff0b63d4cbace7b38551a70350875e69201ffeb
SHA256:6c200dcf0df3fa3c6ea31dab95a4154708d2c5d01dd1c4d7974fcfe651bee45d
Referenced In Project/Scope: Simplicite Platform:compile
jjwt-jackson-0.11.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.twilio.sdk/twilio@8.29.0

Identifiers

jlessc-1.10.jar

Description:

A Less CSS compiler written completely in Java (pure Java).

License:

MIT License: http://www.opensource.org/licenses/mit-license.php
File Path: /var/simplicite/.m2/repository/de/inetsoftware/jlessc/1.10/jlessc-1.10.jar
MD5: bd2d9f6be54058c2e109ebdbce16b3d8
SHA1: be040c43e8d0b032e58706646bdf44e7e4062ec7
SHA256:7d2012d7ca2f529843dcc9db701e3e59d0cbf590fd48c8a6153d2bfa6968018e
Referenced In Project/Scope: Simplicite Platform:compile
jlessc-1.10.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

jlessc-ant-1.10.jar

Description:

Simple Apache Ant task for JLessC

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/simplicite/ant/jlessc-ant/1.10/jlessc-ant-1.10.jar
MD5: face16e0be54ff562cef7ba12707377f
SHA1: 58e69a229c0390095331edf520c4d547700d18a1
SHA256:094c7c03c77c421e5f6fe750ab11f4162e75487862038dc19b2342e7ebeb56c7
Referenced In Project/Scope: Simplicite Platform:compile
jlessc-ant-1.10.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

jmatio-1.5.jar

Description:

Matlab's MAT-file I/O API in JAVA. Supports Matlab 5 MAT-flie format reading and writing. Written in pure JAVA.

License:

BSD: http://www.linfo.org/bsdlicense.html
File Path: /var/simplicite/.m2/repository/org/tallison/jmatio/1.5/jmatio-1.5.jar
MD5: 6eccf45b3a4bb3dd0518afcf37b8ed35
SHA1: 517d932cc87a3b564f3f7a07ac347b725b619ab4
SHA256:70db8cf9a1818072f290fd464f14a8369c9c58993e6640128a6e8a6379d67ac7
Referenced In Project/Scope: Simplicite Platform:compile
jmatio-1.5.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.tika/tika-parsers-standard-package@2.7.0

Identifiers

jmustache-1.15.jar

Description:

A Java implementation of the Mustache templating language.

License:

The (New) BSD License: http://www.opensource.org/licenses/bsd-license.php
File Path: /var/simplicite/.m2/repository/com/samskivert/jmustache/1.15/jmustache-1.15.jar
MD5: 0b166350b8b372d5caae4f0b692e016f
SHA1: 7b3b15951d13b774c76db2f4e14d977952f8b4d8
SHA256:1aeb96b9dc17bc29540b8c3342e8e91ee974d5c604165ecd469dd76b041c250c
Referenced In Project/Scope: Simplicite Platform:compile
jmustache-1.15.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

joda-time-2.12.4.jar

Description:

Date and time library to replace JDK date handling

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/joda-time/joda-time/2.12.4/joda-time-2.12.4.jar
MD5: 40bc7039a3bec98a3b06434712a8b50c
SHA1: 41cd821f32bd91b228da19eba162ae75d6404219
SHA256:4d9c2adf2f2d63d4d80f010b30728595e1d71ec996c2234137133f7d6d36e9ad
Referenced In Project/Scope: Simplicite Platform:compile
joda-time-2.12.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

jose4j-0.9.3.jar

Description:

     The jose.4.j library is a robust and easy to use open source implementation of JSON Web Token (JWT) and the JOSE specification suite (JWS, JWE, and JWK).
     It is written in Java and relies solely on the JCA APIs for cryptography.
     Please see https://bitbucket.org/b_c/jose4j/wiki/Home for more info, examples, etc..

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/bitbucket/b_c/jose4j/0.9.3/jose4j-0.9.3.jar
MD5: 583d1968840e8e5f83840c2b20f7eacc
SHA1: 9670e11587194cb6b1b2edcaa688a3fab85b4148
SHA256:6265ad3e28a8b02ac3a9f98b9efced79671df8e0a556e9851ad65ffbea51a12a
Referenced In Project/Scope: Simplicite Platform:compile
jose4j-0.9.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

CVE-2023-51775 (OSSINDEX)  

The jose4j component before 0.9.4 for Java allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.

Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2023-51775 for details
CWE-400 Uncontrolled Resource Consumption

CVSSv2:
  • Base Score: HIGH (8.6)
  • Vector: /AV:N/AC:L/Au:/C:N/I:N/A:H

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.bitbucket.b_c:jose4j:0.9.3:*:*:*:*:*:*:*

jquery:3.6.4

Description:

JavaScript library for DOM operations

License:

MIT
File Path: /var/simplicite/simplicite-5.3/package.json?/jquery:3.6.4

Referenced In Project/Scope: simplicite-js:5.3.35

Identifiers

js-beautify:1.14.7

Description:

beautifier.io for node

License:

MIT
File Path: /var/simplicite/simplicite-5.3/package.json?/js-beautify:1.14.7

Referenced In Project/Scope: simplicite-js:5.3.35

Identifiers

jshint:2.13.6

Description:

Static analysis tool for JavaScript

License:

MIT
File Path: /var/simplicite/simplicite-5.3/package.json?/jshint:2.13.6

Referenced In Project/Scope: simplicite-js:5.3.35

Identifiers

json-20231013.jar

Description:

        JSON is a light-weight, language independent, data interchange format.
        See http://www.JSON.org/

        The files in this package implement JSON encoders/decoders in Java.
        It also includes the capability to convert between JSON and XML, HTTP
        headers, Cookies, and CDL.

        This is a reference implementation. There are a large number of JSON packages
        in Java. Perhaps someday the Java community will standardize on one. Until
        then, choose carefully.

License:

Public Domain: https://github.com/stleary/JSON-java/blob/master/LICENSE
File Path: /var/simplicite/.m2/repository/org/json/json/20231013/json-20231013.jar
MD5: 1a0702c57783ce9e948252c34644f328
SHA1: e22e0c040fe16f04ffdb85d851d77b07fc05ea52
SHA256:0f18192df289114e17aa1a0d0a7f8372cc9f5c7e4f7e39adcf8906fe714fa7d3
Referenced In Project/Scope: Simplicite Platform:compile
json-20231013.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

CVE-2022-45688  

A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data.
CWE-787 Out-of-bounds Write

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2023-5072  

Denial of Service  in JSON-Java versions up to and including 20230618.  A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used. 
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

json-path-2.8.0.jar

Description:

A library to query and verify JSON

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/jayway/jsonpath/json-path/2.8.0/json-path-2.8.0.jar
MD5: 501b9f34e6a05c20dd74e6b40e066617
SHA1: b4ab3b7a9e425655a0ca65487bbbd6d7ddb75160
SHA256:9601707e95cd79fb98570a01ea8cfb857b5cde948744d6e0edf733c11002c95b
Referenced In Project/Scope: Simplicite Platform:compile
json-path-2.8.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

CVE-2023-51074  

json-path v2.8.0 was discovered to contain a stack overflow via the Criteria.parse() method.
NVD-CWE-Other

CVSSv3:
  • Base Score: MEDIUM (5.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

References:

Vulnerable Software & Versions:

json-simple-1.1.1.jar

Description:

A simple Java toolkit for JSON

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/googlecode/json-simple/json-simple/1.1.1/json-simple-1.1.1.jar
MD5: 5cc2c478d73e8454b4c369cee66c5bc7
SHA1: c9ad4a0850ab676c5c64461a05ca524cdfff59f1
SHA256:4e69696892b88b41c55d49ab2fdcc21eead92bf54acc588c0050596c3b75199c
Referenced In Project/Scope: Simplicite Platform:compile
json-simple-1.1.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

json-smart-2.4.10.jar

Description:

JSON (JavaScript Object Notation) is a lightweight data-interchange format. It is easy for humans to read and write. It is easy for machines to parse and generate. It is based on a subset of the JavaScript Programming Language, Standard ECMA-262 3rd Edition - December 1999. JSON is a text format that is completely language independent but uses conventions that are familiar to programmers of the C-family of languages, including C, C++, C#, Java, JavaScript, Perl, Python, and many others. These properties make JSON an ideal data-interchange language.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/net/minidev/json-smart/2.4.10/json-smart-2.4.10.jar
MD5: 36e22527b5f44ea6f0ff3086608cbf38
SHA1: 91cb329e9424bf32131eeb1ce2d17bf31b9899bc
SHA256:70cab5e9488630dc631b1fc6e7fa550d95cddd19ba14db39ceca7cabfbd4e5ae
Referenced In Project/Scope: Simplicite Platform:runtime
json-smart-2.4.10.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.jayway.jsonpath/json-path@2.8.0

Identifiers

jsoup-1.16.1.jar

Description:

jsoup is a Java library for working with real-world HTML. It provides a very convenient API for fetching URLs and extracting and manipulating data, using the best of HTML5 DOM methods and CSS selectors. jsoup implements the WHATWG HTML5 specification, and parses HTML to the same DOM as modern browsers do.

License:

The MIT License: https://jsoup.org/license
File Path: /var/simplicite/.m2/repository/org/jsoup/jsoup/1.16.1/jsoup-1.16.1.jar
MD5: ed35af29909c856c8ee4c4001d660e0f
SHA1: ae551410a16433984cd4a8603622fafa9d8299f0
SHA256:1f115726540ddf71958c14bc517ebfc49cf481e91cd917b0face84f01272e901
Referenced In Project/Scope: Simplicite Platform:compile
jsoup-1.16.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

jsr305-3.0.2.jar

Description:

JSR305 Annotations for Findbugs

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar
MD5: dd83accb899363c32b07d7a1b2e4ce40
SHA1: 25ea2e8b0c338a877313bd4672d3fe056ea78f0d
SHA256:766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7
Referenced In Project/Scope: Simplicite Platform:compile
jsr305-3.0.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.google.protobuf/protobuf-java-util@3.22.3

Identifiers

jszip-utils:0.1.0

Description:

A collection of cross-browser utilities to go along with JSZip.

License:

(MIT OR GPL-3.0)
File Path: /var/simplicite/simplicite-5.3/package.json?/jszip-utils:0.1.0

Referenced In Project/Scope: simplicite-js:5.3.35

Identifiers

jszip:3.10.1

Description:

Create, read and edit .zip files with JavaScript http://stuartk.com/jszip

License:

(MIT OR GPL-3.0-or-later)
File Path: /var/simplicite/simplicite-5.3/package.json?/jszip:3.10.1

Referenced In Project/Scope: simplicite-js:5.3.35

Identifiers

jtidy-r938.jar

Description:

    JTidy is a Java port of HTML Tidy, a HTML syntax checker and pretty printer. Like its non-Java cousin, JTidy can be
    used as a tool for cleaning up malformed and faulty HTML. In addition, JTidy provides a DOM interface to the
    document that is being processed, which effectively makes you able to use JTidy as a DOM parser for real-world HTML.

License:

Java HTML Tidy License: http://jtidy.svn.sourceforge.net/viewvc/jtidy/trunk/jtidy/LICENSE.txt?revision=95
File Path: /var/simplicite/.m2/repository/net/sf/jtidy/jtidy/r938/jtidy-r938.jar
MD5: 6a9121561b8f98c0a8fb9b6e57f50e6b
SHA1: ab08d87a225a715a69107732b67f21e1da930349
SHA256:6fc03e51e73fa884f06e7eae0761e045e56fdeb4e146a4d952e3023cc9e3fb43
Referenced In Project/Scope: Simplicite Platform:compile
jtidy-r938.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

CVE-2023-34623  

An issue was discovered jtidy thru r938 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.
CWE-787 Out-of-bounds Write

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

jul-to-slf4j-1.7.36.jar

Description:

JUL to SLF4J bridge

File Path: /var/simplicite/.m2/repository/org/slf4j/jul-to-slf4j/1.7.36/jul-to-slf4j-1.7.36.jar
MD5: 2a3fe73e6cafe8f102facaf2dd65353f
SHA1: ed46d81cef9c412a88caef405b58f93a678ff2ca
SHA256:9e641fb142c5f0b0623d6222c09ea87523a41bf6bed48ac79940724010b989de
Referenced In Project/Scope: Simplicite Platform:compile
jul-to-slf4j-1.7.36.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

junit-4.13.2.jar

Description:

JUnit is a unit testing framework for Java, created by Erich Gamma and Kent Beck.

License:

Eclipse Public License 1.0: http://www.eclipse.org/legal/epl-v10.html
File Path: /var/simplicite/.m2/repository/junit/junit/4.13.2/junit-4.13.2.jar
MD5: d98a9a02a99a9acd22d7653cbcc1f31f
SHA1: 8ac9e16d933b6fb43bc7f576336b8f4d7eb5ba12
SHA256:8e495b634469d64fb8acfa3495a065cbacc8a0fff55ce1e31007be4c16dc57d3
Referenced In Project/Scope: Simplicite Platform:compile
junit-4.13.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

juniversalchardet-2.4.0.jar

Description:

JUniversalChardet is a Java encoding detector library

License:

Mozilla Public License Version 1.1: https://www.mozilla.org/en-US/MPL/1.1/
GENERAL PUBLIC LICENSE, version 3 (GPL-3.0): http://www.gnu.org/licenses/gpl.txt
GNU LESSER GENERAL PUBLIC LICENSE, version 3 (LGPL-3.0): http://www.gnu.org/licenses/lgpl.txt
File Path: /var/simplicite/.m2/repository/com/github/albfernandez/juniversalchardet/2.4.0/juniversalchardet-2.4.0.jar
MD5: f69e5002bd3d45adcd82fc5c85811779
SHA1: 2c4171a0accd36c11c5097ac1fe804dbbbfcd158
SHA256:2e6492c9ce13b0ace01e8d326fb789cbb02f5fd95edea1fc5bd5b922d172764d
Referenced In Project/Scope: Simplicite Platform:compile
juniversalchardet-2.4.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.tika/tika-parsers-standard-package@2.7.0

Identifiers

junrar-7.5.4.jar

Description:

property 'description'

License:

UnRar License: https://github.com/junrar/junrar/blob/master/LICENSE
File Path: /var/simplicite/.m2/repository/com/github/junrar/junrar/7.5.4/junrar-7.5.4.jar
MD5: 0156bc08ec804838f37efe3a2f78fd27
SHA1: 81a664ca66186506fb5683e8a1eee4cad40ce2cc
SHA256:c5944987cd070d13a9fbd515262f4ba263c72e6dd3f986a4d7f10eae1b6eb0ce
Referenced In Project/Scope: Simplicite Platform:compile
junrar-7.5.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.tika/tika-parsers-standard-package@2.7.0

Identifiers

jwarc-0.21.0.jar

Description:

Java library for reading and writing WARC files with a typed API

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/netpreserve/jwarc/0.21.0/jwarc-0.21.0.jar
MD5: bab9cb56440e033d32677af01d8b2b61
SHA1: 1b333e2f0607ef78b43b47b2594fcac8196255d2
SHA256:0fd69cf59fe158a649255055bd3a524025f300a9f7f8d01ef4f3e215deb88b55
Referenced In Project/Scope: Simplicite Platform:compile
jwarc-0.21.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.tika/tika-parsers-standard-package@2.7.0

Identifiers

jwarc-0.21.0.jar: inject.js

File Path: /var/simplicite/.m2/repository/org/netpreserve/jwarc/0.21.0/jwarc-0.21.0.jar/org/netpreserve/jwarc/net/inject.js
MD5: 9efdc4d2327e178002840feac7aa8794
SHA1: 9d1c76df7f79508c7e4e836ab1cb1720ee649a3f
SHA256:84813162af36c02535e9bfde8d8abac7a64eefd55c5df2ec61e633a7dcf6293a
Referenced In Project/Scope: Simplicite Platform:compile

Identifiers

  • None

jwarc-0.21.0.jar: sw.js

File Path: /var/simplicite/.m2/repository/org/netpreserve/jwarc/0.21.0/jwarc-0.21.0.jar/org/netpreserve/jwarc/net/sw.js
MD5: bd5029dc252d30d90cfd4db995307f21
SHA1: 2dffd77bf4df182d28687a19be947e665692a9c8
SHA256:fe4a46fb7e957d0be26d5879bef74787f7cfb17ec441a38281c01611fc2809e7
Referenced In Project/Scope: Simplicite Platform:compile

Identifiers

  • None

kafka-clients-3.5.1.jar

License:

The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/kafka/kafka-clients/3.5.1/kafka-clients-3.5.1.jar
MD5: 9bf0422d3b4b856abe5dafe46c760a06
SHA1: 2675a2dc48735f75d0694ca8bd8d4d3cb3737c17
SHA256:e017aa068e5ad50c4c187b5e61a3dc24a60fba711f9ced15bcc09f5b3eaf3c64
Referenced In Project/Scope: Simplicite Platform:compile
kafka-clients-3.5.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

CVE-2024-27309 (OSSINDEX)  

While an Apache Kafka cluster is being migrated from ZooKeeper mode to KRaft mode, in some cases ACLs will not be correctly enforced.

Two preconditions are needed to trigger the bug:
1. The administrator decides to remove an ACL
2. The resource associated with the removed ACL continues to have two or more other ACLs associated with it after the removal.

When those two preconditions are met, Kafka will treat the resource as if it had only one ACL associated with it after the removal, rather than the two or more that would be correct.

The incorrect condition is cleared by removing all brokers in ZK mode, or by adding a new ACL to the affected resource. Once the migration is completed, there is no metadata loss (the ACLs all remain).

The full impact depends on the ACLs in use. If only ALLOW ACLs were configured during the migration, the impact would be limited to availability impact. if DENY ACLs were configured, the impact could include confidentiality and integrity impact depending on the ACLs configured, as the DENY ACLs might be ignored due to this vulnerability during the migration period.
CWE-863 Incorrect Authorization

CVSSv2:
  • Base Score: MEDIUM (6.4)
  • Vector: /AV:N/AC:L/Au:/C:L/I:L/A:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.apache.kafka:kafka-clients:3.5.1:*:*:*:*:*:*:*

leaflet.markercluster:1.5.3

Description:

Provides Beautiful Animated Marker Clustering functionality for Leaflet

License:

MIT
File Path: /var/simplicite/simplicite-5.3/package.json?/leaflet.markercluster:1.5.3

Referenced In Project/Scope: simplicite-js:5.3.35

Identifiers

leaflet:1.9.3

Description:

JavaScript library for mobile-friendly interactive maps

License:

BSD-2-Clause
File Path: /var/simplicite/simplicite-5.3/package.json?/leaflet:1.9.3

Referenced In Project/Scope: simplicite-js:5.3.35

Identifiers

libphonenumber-8.13.11.jar

Description:

Google's common Java library for parsing, formatting, storing and validating international phone numbers.    Optimized for running on smartphones.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/googlecode/libphonenumber/libphonenumber/8.13.11/libphonenumber-8.13.11.jar
MD5: 74766b6af48a07383f5a734f6a8ef7ce
SHA1: eeb12d123d4e8b6035240cc47ee776b16c878502
SHA256:71c810c10d20ce34b8b40793c62c0461644d3fe9d79e685e60825fca0abcde63
Referenced In Project/Scope: Simplicite Platform:compile
libphonenumber-8.13.11.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar

Description:

    An empty artifact that Guava depends on to signal that it is providing
    ListenableFuture -- but is also available in a second "version" that
    contains com.google.common.util.concurrent.ListenableFuture class, without
    any other Guava classes. The idea is:

    - If users want only ListenableFuture, they depend on listenablefuture-1.0.

    - If users want all of Guava, they depend on guava, which, as of Guava
    27.0, depends on
    listenablefuture-9999.0-empty-to-avoid-conflict-with-guava. The 9999.0-...
    version number is enough for some build systems (notably, Gradle) to select
    that empty artifact over the "real" listenablefuture-1.0 -- avoiding a
    conflict with the copy of ListenableFuture in guava itself. If users are
    using an older version of Guava or a build system other than Gradle, they
    may see class conflicts. If so, they can solve them by manually excluding
    the listenablefuture artifact or manually forcing their build systems to
    use 9999.0-....

File Path: /var/simplicite/.m2/repository/com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar
MD5: d094c22570d65e132c19cea5d352e381
SHA1: b421526c5f297295adef1c886e5246c39d4ac629
SHA256:b372a037d4230aa57fbeffdef30fd6123f9c0c2db85d0aced00c91b974f33f99
Referenced In Project/Scope: Simplicite Platform:compile
listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.google.guava/guava@31.1-jre

Identifiers

log4j-core-2.21.0.jar

Description:

The Apache Log4j Implementation

License:

Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/logging/log4j/log4j-core/2.21.0/log4j-core-2.21.0.jar
MD5: 1024daad23bbd97c630e8df1f73cb026
SHA1: 122e1a9e0603cc9eae07b0846a6ff01f2454bc49
SHA256:d0f77cecddc269169bef40873e53a9610ba38ca1c4a1cff32f306b3a7ea8a7ea
Referenced In Project/Scope: Simplicite Platform:compile
log4j-core-2.21.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

log4j-slf4j-impl-2.21.0.jar

Description:

The Apache Log4j SLF4J API binding to Log4j 2 Core

License:

Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/logging/log4j/log4j-slf4j-impl/2.21.0/log4j-slf4j-impl-2.21.0.jar
MD5: 47d164b1dd03d48270be71ce4a7a6ec4
SHA1: 911fdb5b1a1df36719c579ecc6f2957b88bce1ab
SHA256:58b357b8aa7893cbedd97201ebbffba6360d87bef586cf6a5a0c3517d5d75257
Referenced In Project/Scope: Simplicite Platform:compile
log4j-slf4j-impl-2.21.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

lucene-core-9.5.0.jar

Description:

Apache Lucene (module: core)

License:

Apache 2: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/lucene/lucene-core/9.5.0/lucene-core-9.5.0.jar
MD5: 610bb59c63e6c456d4a8e66c7868f5b6
SHA1: bba4ba5d30e71a5f0017e45e8469db8cff8ad102
SHA256:b1f37bf3573d8221d659ad97a239fcdbd49809937564d49d2ccf5c3dc26ba0ea
Referenced In Project/Scope: Simplicite Platform:compile
lucene-core-9.5.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

lz4-java-1.8.0.jar

Description:

Java ports and bindings of the LZ4 compression algorithm and the xxHash hashing algorithm

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/lz4/lz4-java/1.8.0/lz4-java-1.8.0.jar
MD5: 936a927700aa8fc3b75d21d7571171f6
SHA1: 4b986a99445e49ea5fbf5d149c4b63f6ed6c6780
SHA256:d74a3334fb35195009b338a951f918203d6bbca3d1d359033dc33edd1cadc9ef
Referenced In Project/Scope: Simplicite Platform:runtime
lz4-java-1.8.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.kafka/kafka-clients@3.5.1

Identifiers

marked:4.3.0

Description:

A markdown parser built for speed

License:

MIT
File Path: /var/simplicite/simplicite-5.3/package.json?/marked:4.3.0

Referenced In Project/Scope: simplicite-js:5.3.35

Identifiers

mbassador-1.3.2.jar

Description:

        Mbassador is a fast and flexible event bus system following the publish subscribe pattern.
        It is designed for ease of use and aims to be feature rich and extensible while preserving resource efficiency
        and performance.
        It provides non-blocking iterators and minimal write contention with low memory footprint.

        Some features:
        declarative handler definition via annotations,
        sync and/or async event delivery,
        weak or strong references,
        configurable event filters,

License:

MIT license: http://www.opensource.org/licenses/mit-license.php
File Path: /var/simplicite/.m2/repository/net/engio/mbassador/1.3.2/mbassador-1.3.2.jar
MD5: 6844d9220e623fa491776e38a61f29a2
SHA1: 4ebb2c5f853bf8a5f87147b186a9758d2e2ec0af
SHA256:469e2e9c68271eadaff12483bbb1abc640ea9973af7fa0519250e04f503aca67
Referenced In Project/Scope: Simplicite Platform:compile
mbassador-1.3.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.docx4j/docx4j-core@11.4.5

Identifiers

mchange-commons-java-0.2.19.jar

Description:

mchange-commons-java

License:

GNU Lesser General Public License, Version 2.1: http://www.gnu.org/licenses/lgpl-2.1.html
Eclipse Public License, Version 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: /var/simplicite/.m2/repository/com/mchange/mchange-commons-java/0.2.19/mchange-commons-java-0.2.19.jar
MD5: 795d7e75026388f4d90aa9719666e5db
SHA1: 7a4bee38ea02bd7dee776869b19fb3f6861d6acf
SHA256:03761838ba2a7c9cce56ba84781633f107c8befb4e3607b336ee3010f915165d
Referenced In Project/Scope: Simplicite Platform:compile
mchange-commons-java-0.2.19.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.mchange/c3p0@0.9.5.5

Identifiers

metadata-extractor-2.18.0.jar

Description:

Java library for extracting EXIF, IPTC, XMP, ICC and other metadata from image and video files.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/drewnoakes/metadata-extractor/2.18.0/metadata-extractor-2.18.0.jar
MD5: b6794ef7c38ce80abca173119a7a4ebd
SHA1: fa9fd43a28b10333108c603819810d5176d2b092
SHA256:4789361fd0638bdb241554b7a0ccae205ed239697e2b70fa9cadaded6984b565
Referenced In Project/Scope: Simplicite Platform:compile
metadata-extractor-2.18.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.tika/tika-parsers-standard-package@2.7.0

Identifiers

migbase64-2.2.jar

Description:

MiGBase64 is a very fast and small Base64 Codec written in Java

License:

Prior BSD License: http://en.wikipedia.org/wiki/BSD_licenses
File Path: /var/simplicite/.m2/repository/com/brsanthu/migbase64/2.2/migbase64-2.2.jar
MD5: da3ef3a9a9fa358ed789b37a3c780727
SHA1: bcc14967d516e93c527897a6c531ba76b5751faa
SHA256:07224584b6227efbb815e96e3153945786e2a6b1a934620b6130331c2351c129
Referenced In Project/Scope: Simplicite Platform:provided
migbase64-2.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.docusign/docusign-esign-java@3.18.0

Identifiers

mimepull-1.9.11.jar

Description:

Provides a streaming API to access attachments parts in a MIME message.

License:

Eclipse Distribution License - v 1.0: http://www.eclipse.org/org/documents/edl-v10.php
File Path: /var/simplicite/.m2/repository/org/jvnet/mimepull/mimepull/1.9.11/mimepull-1.9.11.jar
MD5: 14d04d21f1d41b42438f4be94f6e6057
SHA1: d1cd7921d4c6c77938cefbb16d4f646c74278718
SHA256:58a29baedb4d7affdcc35624f3fd0674b6de3fbb188afb8515ae1b52ffedaf69
Referenced In Project/Scope: Simplicite Platform:provided
mimepull-1.9.11.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.docusign/docusign-esign-java@3.18.0

Identifiers

mockito-core-5.3.0.jar

Description:

Mockito mock objects library core API and implementation

License:

The MIT License: https://github.com/mockito/mockito/blob/main/LICENSE
File Path: /var/simplicite/.m2/repository/org/mockito/mockito-core/5.3.0/mockito-core-5.3.0.jar
MD5: 9b5f92b71745d6bc0bfb9001eb46ee9d
SHA1: a8169e15cb4016bd35594134c84f62b773e3391d
SHA256:e3e4884f165f76cbe2782f5ac4a9e6b78c8e63fa73c83bd5aee4919f54ff9ba5
Referenced In Project/Scope: Simplicite Platform:compile
mockito-core-5.3.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

moment-timezone:0.5.43

Description:

Parse and display moments in any timezone.

License:

MIT
File Path: /var/simplicite/simplicite-5.3/package.json?/moment-timezone:0.5.43

Referenced In Project/Scope: simplicite-js:5.3.35

Identifiers

moment:2.29.4

Description:

Parse, validate, manipulate, and display dates

License:

MIT
File Path: /var/simplicite/simplicite-5.3/package.json?/moment:2.29.4

Referenced In Project/Scope: simplicite-js:5.3.35

Identifiers

mongodb-driver-core-3.12.13.jar

Description:

The Java operations layer for the MongoDB Java Driver.
 Third parties can wrap this layer to provide custom higher-level APIs

License:

The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/mongodb/mongodb-driver-core/3.12.13/mongodb-driver-core-3.12.13.jar
MD5: 46e83d86c3ec88fc25c43de8f0c58b80
SHA1: dfcff66c1c9e35ae30e8ba5f440c45dac1ffe71c
SHA256:594a01898cf59edea763817b98c627931883d7a95c7b43ae15829a388c0e938c
Referenced In Project/Scope: Simplicite Platform:compile
mongodb-driver-core-3.12.13.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.mongodb/mongodb-driver@3.12.13

Identifiers

mssql-jdbc-12.6.1.jre11.jar

Description:

		Microsoft JDBC Driver for SQL Server.

License:

MIT License: http://www.opensource.org/licenses/mit-license.php
File Path: /var/simplicite/.m2/repository/com/microsoft/sqlserver/mssql-jdbc/12.6.1.jre11/mssql-jdbc-12.6.1.jre11.jar
MD5: 29f9dc1ea8d8d5fddce00028bf2129c8
SHA1: 243d5f31442b851e930e664e85547fd8658007ac
SHA256:3b1a70145dbaff98daa70022791e15becfb2b9534cc9e8cfaa1bdba6a3edeb8e
Referenced In Project/Scope: Simplicite Platform:runtime
mssql-jdbc-12.6.1.jre11.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

mustache:4.2.0

Description:

Logic-less {{mustache}} templates with JavaScript

License:

MIT
File Path: /var/simplicite/simplicite-5.3/package.json?/mustache:4.2.0

Referenced In Project/Scope: simplicite-js:5.3.35

Identifiers

mysql-connector-j-8.3.0.jar

Description:

JDBC Type 4 driver for MySQL.

License:

The GNU General Public License, v2 with Universal FOSS Exception, v1.0
File Path: /var/simplicite/.m2/repository/com/mysql/mysql-connector-j/8.3.0/mysql-connector-j-8.3.0.jar
MD5: 48d9e8892746315faf8023c1b26fd8bb
SHA1: 1cc7fa5d61f4bbc113531a4ba6d85d41cf3d57e1
SHA256:94e7fa815370cdcefed915db7f53f88445fac110f8c3818392b992ec9ee6d295
Referenced In Project/Scope: Simplicite Platform:runtime
mysql-connector-j-8.3.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

netty-codec-http-4.1.91.Final.jar

Description:

Netty is an asynchronous event-driven network application framework for    rapid development of maintainable high performance protocol servers and    clients.

License:

https://www.apache.org/licenses/LICENSE-2.0
File Path: /var/simplicite/.m2/repository/io/netty/netty-codec-http/4.1.91.Final/netty-codec-http-4.1.91.Final.jar
MD5: 3cbdc6f7f8adc40cc3e827c8776e0898
SHA1: 4519d2ff470941f0086214b19c9acf992868112f
SHA256:e1806a0df6e5cdda968ebe34496b8287e100d29e0e3b6c6b8b9c3d462b16162a
Referenced In Project/Scope: Simplicite Platform:compile
netty-codec-http-4.1.91.Final.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

CVE-2023-44487  

CISA Known Exploited Vulnerability:
  • Product: IETF HTTP/2
  • Name: HTTP/2 Rapid Reset Attack Vulnerability
  • Date Added: 2023-10-10
  • Description: HTTP/2 contains a rapid reset vulnerability that allows for a distributed denial-of-service attack (DDoS).
  • Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Due Date: 2023-10-31
  • Notes: https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
CWE-400 Uncontrolled Resource Consumption

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2023-34462  

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `SniHandler` can allocate up to 16MB of heap for each channel during the TLS handshake. When the handler or the channel does not have an idle timeout, it can be used to make a TCP server using the `SniHandler` to allocate 16MB of heap. The `SniHandler` class is a handler that waits for the TLS handshake to configure a `SslHandler` according to the indicated server name by the `ClientHello` record. For this matter it allocates a `ByteBuf` using the value defined in the `ClientHello` record. Normally the value of the packet should be smaller than the handshake packet but there are not checks done here and the way the code is written, it is possible to craft a packet that makes the `SslClientHelloHandler`. This vulnerability has been fixed in version 4.1.94.Final.
CWE-400 Uncontrolled Resource Consumption

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

CVE-2024-29025 (OSSINDEX)  

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `HttpPostRequestDecoder` can be tricked to accumulate data. While the decoder can store items on the disk if configured so, there are no limits to the number of fields the form can have, an attacher can send a chunked post consisting of many small fields that will be accumulated in the `bodyListHttpData` list. The decoder cumulates bytes in the `undecodedChunk` buffer until it can decode a field, this field can cumulate data without limits. This vulnerability is fixed in 4.1.108.Final.

Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2024-29025 for details
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv2:
  • Base Score: MEDIUM (5.3)
  • Vector: /AV:N/AC:L/Au:/C:N/I:N/A:L

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:io.netty:netty-codec-http:4.1.91.Final:*:*:*:*:*:*:*

netty-codec-mqtt-4.1.91.Final.jar

Description:

Netty is an asynchronous event-driven network application framework for    rapid development of maintainable high performance protocol servers and    clients.

License:

https://www.apache.org/licenses/LICENSE-2.0
File Path: /var/simplicite/.m2/repository/io/netty/netty-codec-mqtt/4.1.91.Final/netty-codec-mqtt-4.1.91.Final.jar
MD5: 89c344802e865356426229228e9c72a6
SHA1: 33cad42e1894592436bdb588585a42d1bd2d35c3
SHA256:1e6fa3d295869f815127465c57bb00c2b858b753e6f1c37a813437943bfe32bf
Referenced In Project/Scope: Simplicite Platform:compile
netty-codec-mqtt-4.1.91.Final.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

CVE-2023-44487  

CISA Known Exploited Vulnerability:
  • Product: IETF HTTP/2
  • Name: HTTP/2 Rapid Reset Attack Vulnerability
  • Date Added: 2023-10-10
  • Description: HTTP/2 contains a rapid reset vulnerability that allows for a distributed denial-of-service attack (DDoS).
  • Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Due Date: 2023-10-31
  • Notes: https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
CWE-400 Uncontrolled Resource Consumption

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2023-34462  

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `SniHandler` can allocate up to 16MB of heap for each channel during the TLS handshake. When the handler or the channel does not have an idle timeout, it can be used to make a TCP server using the `SniHandler` to allocate 16MB of heap. The `SniHandler` class is a handler that waits for the TLS handshake to configure a `SslHandler` according to the indicated server name by the `ClientHello` record. For this matter it allocates a `ByteBuf` using the value defined in the `ClientHello` record. Normally the value of the packet should be smaller than the handshake packet but there are not checks done here and the way the code is written, it is possible to craft a packet that makes the `SslClientHelloHandler`. This vulnerability has been fixed in version 4.1.94.Final.
CWE-400 Uncontrolled Resource Consumption

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

netty-common-4.1.91.Final.jar (shaded: org.jctools:jctools-core:3.1.0)

Description:

Java Concurrency Tools Core Library

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/io/netty/netty-common/4.1.91.Final/netty-common-4.1.91.Final.jar/META-INF/maven/org.jctools/jctools-core/pom.xml
MD5: 08e7326c64d7fd6ae4ea32e7eb4e5b79
SHA1: 9deceaba814dea198202b04fe0eec0d2dbf69ea9
SHA256:acaf1b4c366f6794a734288a2c003f16af90a9c479cf4d7daade689764e4fb47
Referenced In Project/Scope: Simplicite Platform:compile

Identifiers

netty-transport-4.1.91.Final.jar

Description:

Netty is an asynchronous event-driven network application framework for    rapid development of maintainable high performance protocol servers and    clients.

License:

https://www.apache.org/licenses/LICENSE-2.0
File Path: /var/simplicite/.m2/repository/io/netty/netty-transport/4.1.91.Final/netty-transport-4.1.91.Final.jar
MD5: e0b07b66d2b0fa29393108d8a75a1555
SHA1: c2f6bd7143194ca842b535546a405c06aa993934
SHA256:9cb5f94745be48c56bce3f3e3729188b62470a3f810ab215d59d567695b2fe10
Referenced In Project/Scope: Simplicite Platform:compile
netty-transport-4.1.91.Final.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

CVE-2023-44487  

CISA Known Exploited Vulnerability:
  • Product: IETF HTTP/2
  • Name: HTTP/2 Rapid Reset Attack Vulnerability
  • Date Added: 2023-10-10
  • Description: HTTP/2 contains a rapid reset vulnerability that allows for a distributed denial-of-service attack (DDoS).
  • Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Due Date: 2023-10-31
  • Notes: https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
CWE-400 Uncontrolled Resource Consumption

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2023-34462  

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `SniHandler` can allocate up to 16MB of heap for each channel during the TLS handshake. When the handler or the channel does not have an idle timeout, it can be used to make a TCP server using the `SniHandler` to allocate 16MB of heap. The `SniHandler` class is a handler that waits for the TLS handshake to configure a `SslHandler` according to the indicated server name by the `ClientHello` record. For this matter it allocates a `ByteBuf` using the value defined in the `ClientHello` record. Normally the value of the packet should be smaller than the handshake packet but there are not checks done here and the way the code is written, it is possible to craft a packet that makes the `SslClientHelloHandler`. This vulnerability has been fixed in version 4.1.94.Final.
CWE-400 Uncontrolled Resource Consumption

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

netty-transport-native-kqueue-4.1.75.Final-osx-x86_64.jar

Description:

Netty is an asynchronous event-driven network application framework for    rapid development of maintainable high performance protocol servers and    clients.

License:

https://www.apache.org/licenses/LICENSE-2.0
File Path: /var/simplicite/.m2/repository/io/netty/netty-transport-native-kqueue/4.1.75.Final/netty-transport-native-kqueue-4.1.75.Final-osx-x86_64.jar
MD5: aae2eb19eca60717834d6bf87bb2aa99
SHA1: dd6d79e4604c6c33fe03b5fc98a526b592760982
SHA256:e7ad1930187e9ec4d78a36f3d782484087e7592894d566a8438cf882b041108a
Referenced In Project/Scope: Simplicite Platform:compile
netty-transport-native-kqueue-4.1.75.Final-osx-x86_64.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.qpid/qpid-jms-client@1.6.0

Identifiers

CVE-2022-41881  

Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version 4.1.86.Final. There is no workaround, except using a custom HaProxyMessageDecoder.
CWE-674 Uncontrolled Recursion

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

CVE-2023-44487  

CISA Known Exploited Vulnerability:
  • Product: IETF HTTP/2
  • Name: HTTP/2 Rapid Reset Attack Vulnerability
  • Date Added: 2023-10-10
  • Description: HTTP/2 contains a rapid reset vulnerability that allows for a distributed denial-of-service attack (DDoS).
  • Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Due Date: 2023-10-31
  • Notes: https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
CWE-400 Uncontrolled Resource Consumption

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2023-34462  

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `SniHandler` can allocate up to 16MB of heap for each channel during the TLS handshake. When the handler or the channel does not have an idle timeout, it can be used to make a TCP server using the `SniHandler` to allocate 16MB of heap. The `SniHandler` class is a handler that waits for the TLS handshake to configure a `SslHandler` according to the indicated server name by the `ClientHello` record. For this matter it allocates a `ByteBuf` using the value defined in the `ClientHello` record. Normally the value of the packet should be smaller than the handshake packet but there are not checks done here and the way the code is written, it is possible to craft a packet that makes the `SslClientHelloHandler`. This vulnerability has been fixed in version 4.1.94.Final.
CWE-400 Uncontrolled Resource Consumption

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

CVE-2022-24823  

Netty is an open-source, asynchronous event-driven network application framework. The package `io.netty:netty-codec-http` prior to version 4.1.77.Final contains an insufficient fix for CVE-2021-21290. When Netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. This only impacts applications running on Java version 6 and lower. Additionally, this vulnerability impacts code running on Unix-like systems, and very old versions of Mac OSX and Windows as they all share the system temporary directory between all users. Version 4.1.77.Final contains a patch for this vulnerability. As a workaround, specify one's own `java.io.tmpdir` when starting the JVM or use DefaultHttpDataFactory.setBaseDir(...) to set the directory to something that is only readable by the current user.
CWE-378 Creation of Temporary File With Insecure Permissions, CWE-379 Creation of Temporary File in Directory with Insecure Permissions, CWE-668 Exposure of Resource to Wrong Sphere

CVSSv2:
  • Base Score: LOW (1.9)
  • Vector: /AV:L/AC:M/Au:N/C:P/I:N/A:N
CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

oauth-2.5.0.jar

Description:

jclouds components to access OAuth

File Path: /var/simplicite/.m2/repository/org/apache/jclouds/api/oauth/2.5.0/oauth-2.5.0.jar
MD5: 236fb76e5003c949c59bf2023590ce95
SHA1: c030a5e65c8124c0217f2d3a3dd21ce0e7bac0d3
SHA256:161c1f8ab317c0dbabd7b61928059bb4d2fc8e4af24d7923a335f4c5ee6356a1
Referenced In Project/Scope: Simplicite Platform:compile
oauth-2.5.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.jclouds.provider/azureblob@2.5.0

Identifiers

objenesis-3.3.jar

Description:

A library for instantiating Java objects

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/objenesis/objenesis/3.3/objenesis-3.3.jar
MD5: ab0e0b2ab81affdd7f38bcc60fd85571
SHA1: 1049c09f1de4331e8193e579448d0916d75b7631
SHA256:02dfd0b0439a5591e35b708ed2f5474eb0948f53abf74637e959b8e4ef69bfeb
Referenced In Project/Scope: Simplicite Platform:runtime
objenesis-3.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.mockito/mockito-core@5.3.0

Identifiers

ojdbc11-23.3.0.23.09.jar

Description:

 Oracle JDBC Driver compatible with JDK11, JDK12, JDK13, JDK14 and JDK15

License:

Oracle Free Use Terms and Conditions (FUTC): https://www.oracle.com/downloads/licenses/oracle-free-license.html
File Path: /var/simplicite/.m2/repository/com/oracle/database/jdbc/ojdbc11/23.3.0.23.09/ojdbc11-23.3.0.23.09.jar
MD5: 2fe50e29ebea91610e6fa001ab8045c3
SHA1: 405bcbc8d8dab59f562125fa1d2b7e06d21649f3
SHA256:5ffffe668e713f0fa3ea37096d40704181b005b79c24fe34f20364c918c411b0
Referenced In Project/Scope: Simplicite Platform:runtime
ojdbc11-23.3.0.23.09.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

okhttp-2.7.5.jar

File Path: /var/simplicite/.m2/repository/com/squareup/okhttp/okhttp/2.7.5/okhttp-2.7.5.jar
MD5: 1943a0ecbb1c503874c8c483284377e4
SHA1: 7a15a7db50f86c4b64aa3367424a60e3a325b8f1
SHA256:88ac9fd1bb51f82bcc664cc1eb9c225c90dc4389d660231b4cc737bebfe7d0aa
Referenced In Project/Scope: Simplicite Platform:compile
okhttp-2.7.5.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.commons/commons-vfs2@2.9.0

Identifiers

CVE-2021-0341 (OSSINDEX)  

In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-171980069
CWE-295 Improper Certificate Validation

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:/C:H/I:N/A:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:com.squareup.okhttp:okhttp:2.7.5:*:*:*:*:*:*:*

CVE-2023-0833  

A flaw was found in Red Hat's AMQ-Streams, which ships a version of the OKHttp component with an information disclosure flaw via an exception triggered by a header containing an illegal value. This issue could allow an authenticated attacker to access information outside of their regular permissions.
CWE-209 Generation of Error Message Containing Sensitive Information

CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

okio-1.6.0.jar

File Path: /var/simplicite/.m2/repository/com/squareup/okio/okio/1.6.0/okio-1.6.0.jar
MD5: 164d1c28c323cf6e2a917d60374c5718
SHA1: 98476622f10715998eacf9240d6b479f12c66143
SHA256:114bdc1f47338a68bcbc95abf2f5cdc72beeec91812f2fcd7b521c1937876266
Referenced In Project/Scope: Simplicite Platform:compile
okio-1.6.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.commons/commons-vfs2@2.9.0

Identifiers

CVE-2023-3635  

GzipSource does not handle an exception that might be raised when parsing a malformed gzip buffer. This may lead to denial of service of the Okio client when handling a crafted GZIP archive, by using the GzipSource class.
CWE-681 Incorrect Conversion between Numeric Types

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

opencensus-api-0.31.0.jar

Description:

null

License:

The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/io/opencensus/opencensus-api/0.31.0/opencensus-api-0.31.0.jar
MD5: 50e88661f64eae6c4cc60f13af908d59
SHA1: 6634f10ecd5eb3ac248f3ed5ee727c9a28c841bd
SHA256:702ba55d78f39d55195dcf041fdfaab7a7490a9ac45013542487ed9e4d3a4d23
Referenced In Project/Scope: Simplicite Platform:compile
opencensus-api-0.31.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.google.http-client/google-http-client@1.41.7

Identifiers

opencensus-contrib-grpc-util-0.28.0.jar

Description:

null

License:

The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/io/opencensus/opencensus-contrib-grpc-util/0.28.0/opencensus-contrib-grpc-util-0.28.0.jar
MD5: 686921311cfe29a47147d1f48eb737ff
SHA1: e70da9aae4aedd13383d4201bcb794b62d9e7d5f
SHA256:b9168346e6af6593300a1bc27ef74254aa1f24019885938dd8fb852b877d55f0
Referenced In Project/Scope: Simplicite Platform:compile
opencensus-contrib-grpc-util-0.28.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.google.firebase/firebase-admin@8.1.0

Identifiers

opencensus-contrib-http-util-0.31.0.jar

Description:

null

License:

The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/io/opencensus/opencensus-contrib-http-util/0.31.0/opencensus-contrib-http-util-0.31.0.jar
MD5: 8bc249e1fde8c8c71ff4a8e937738910
SHA1: 3c8c3ead38d762d7f50c5571b05baf724474c5a5
SHA256:bcc6cd79b00c2c2aa59fc2a02d40941083005850ebb52d97d63908d36e77afd3
Referenced In Project/Scope: Simplicite Platform:compile
opencensus-contrib-http-util-0.31.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.google.http-client/google-http-client@1.41.7

Identifiers

opencensus-proto-0.2.0.jar

Description:

Opencensus Proto

License:

The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/io/opencensus/opencensus-proto/0.2.0/opencensus-proto-0.2.0.jar
MD5: be8bc8ae28e0809dbcd67b3320ced49a
SHA1: c05b6b32b69d5d9144087ea0ebc6fab183fb9151
SHA256:0c192d451e9dd74e98721b27d02f0e2b6bca44b51563b5dabf2e211f7a3ebf13
Referenced In Project/Scope: Simplicite Platform:runtime
opencensus-proto-0.2.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.google.cloud/google-cloud-pubsub@1.116.3

Identifiers

opencsv-5.7.1.jar

Description:

A simple library for reading and writing CSV in Java

License:

Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/opencsv/opencsv/5.7.1/opencsv-5.7.1.jar
MD5: b402eabb88aca7b196dc3089e109f6b3
SHA1: d707c095bc8c7c22fb3e377de774458a76229da4
SHA256:d05a7bd25fd62bf27803d71b80f98ad2d929420072648c09a26d45344d25d6b8
Referenced In Project/Scope: Simplicite Platform:compile
opencsv-5.7.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

openhtmltopdf-core-1.0.10.jar

Description:

Open HTML to PDF is a CSS 2.1 renderer written in Java.  This artifact contains the core rendering and layout code.

License:

GNU Lesser General Public License (LGPL), version 2.1 or later: http://www.gnu.org/licenses/lgpl.html
File Path: /var/simplicite/.m2/repository/com/openhtmltopdf/openhtmltopdf-core/1.0.10/openhtmltopdf-core-1.0.10.jar
MD5: 3a71c751b039576e64db702941185600
SHA1: cab5dcb31834bd86ffb1b1f82811a37fcea63cd2
SHA256:3e6fd2250d833d500b7cd48b7a896700d0c33bd9f77a219e820493b01566eda3
Referenced In Project/Scope: Simplicite Platform:compile
openhtmltopdf-core-1.0.10.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.openhtmltopdf/openhtmltopdf-pdfbox@1.0.10

Identifiers

openhtmltopdf-pdfbox-1.0.10.jar

Description:

Openhtmltopdf is a CSS 2.1 renderer written in Java. This artifact supports PDF output with Apache PDF-BOX 2.

License:

GNU Lesser General Public License (LGPL), version 2.1 or later: http://www.gnu.org/licenses/lgpl.html
File Path: /var/simplicite/.m2/repository/com/openhtmltopdf/openhtmltopdf-pdfbox/1.0.10/openhtmltopdf-pdfbox-1.0.10.jar
MD5: 1a0db19be8e308ae5326833e7e08b674
SHA1: 4041442fda47e760985cea8005d51a830031420f
SHA256:7de90df1b3ecf84e6f0daf808d724c11142007a2f22bff1936479bf17251d31a
Referenced In Project/Scope: Simplicite Platform:compile
openhtmltopdf-pdfbox-1.0.10.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

openstack-keystone-2.5.0.jar

Description:

jclouds components to access an implementation of OpenStack Keystone

File Path: /var/simplicite/.m2/repository/org/apache/jclouds/api/openstack-keystone/2.5.0/openstack-keystone-2.5.0.jar
MD5: ac2441c823ea61f9fde668aa3061273d
SHA1: a7e89bd278fa8be9fa604dda66d1606de5530797
SHA256:3041d4f13447002f98ce0da52208b456ccf382c12cf7d6036268caea704879e5
Referenced In Project/Scope: Simplicite Platform:compile
openstack-keystone-2.5.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.jclouds.api/openstack-swift@2.5.0

Identifiers

CVE-2020-12689  

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any user authenticated within a limited scope (trust/oauth/application credential) can create an EC2 credential with an escalated permission, such as obtaining admin while the user is on a limited viewer role. This potentially allows a malicious user to act as the admin on a project another user has the admin role on, which can effectively grant that user global admin privileges.
CWE-269 Improper Privilege Management

CVSSv2:
  • Base Score: MEDIUM (6.5)
  • Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSSv3:
  • Base Score: HIGH (8.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2020-12690  

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The list of roles provided for an OAuth1 access token is silently ignored. Thus, when an access token is used to request a keystone token, the keystone token contains every role assignment the creator had for the project. This results in the provided keystone token having more role assignments than the creator intended, possibly giving unintended escalated access.
CWE-613 Insufficient Session Expiration

CVSSv2:
  • Base Score: MEDIUM (6.5)
  • Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSSv3:
  • Base Score: HIGH (8.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2020-12691  

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any authenticated user can create an EC2 credential for themselves for a project that they have a specified role on, and then perform an update to the credential user and project, allowing them to masquerade as another user. This potentially allows a malicious user to act as the admin on a project another user has the admin role on, which can effectively grant that user global admin privileges.
CWE-863 Incorrect Authorization

CVSSv2:
  • Base Score: MEDIUM (6.5)
  • Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSSv3:
  • Base Score: HIGH (8.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2021-3563  

A flaw was found in openstack-keystone. Only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integrity.
CWE-863 Incorrect Authorization

CVSSv3:
  • Base Score: HIGH (7.4)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2020-12692  

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The EC2 API doesn't have a signature TTL check for AWS Signature V4. An attacker can sniff the Authorization header, and then use it to reissue an OpenStack token an unlimited number of times.
CWE-347 Improper Verification of Cryptographic Signature, CWE-294 Authentication Bypass by Capture-replay

CVSSv2:
  • Base Score: MEDIUM (5.5)
  • Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:N
CVSSv3:
  • Base Score: MEDIUM (5.4)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2018-14432  

In the Federation component of OpenStack Keystone before 11.0.4, 12.0.0, and 13.0.0, an authenticated "GET /v3/OS-FEDERATION/projects" request may bypass intended access restrictions on listing projects. An authenticated user may discover projects they have no authority to access, leaking all projects in the deployment and their attributes. Only Keystone with the /v3/OS-FEDERATION endpoint enabled via policy.json is affected.
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

CVSSv2:
  • Base Score: LOW (3.5)
  • Vector: /AV:N/AC:M/Au:S/C:P/I:N/A:N
CVSSv3:
  • Base Score: MEDIUM (5.3)
  • Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2018-20170  

OpenStack Keystone through 14.0.1 has a user enumeration vulnerability because invalid usernames have much faster responses than valid ones for a POST /v3/auth/tokens request. NOTE: the vendor's position is that this is a hardening opportunity, and not necessarily an issue that should have an OpenStack Security Advisory
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSSv3:
  • Base Score: MEDIUM (5.3)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References:

Vulnerable Software & Versions:

openstack-swift-2.5.0.jar

Description:

jclouds components to access an implementation of OpenStack Swift

File Path: /var/simplicite/.m2/repository/org/apache/jclouds/api/openstack-swift/2.5.0/openstack-swift-2.5.0.jar
MD5: 95e15a325c61c9b2f65f2066876d8190
SHA1: d99d0eab2e01d69d8a326fc152427fbd759af88a
SHA256:5dd32409f975a1a146450a8e181fb73fb2a502dab2b17a42fd03e88c6186d6e8
Referenced In Project/Scope: Simplicite Platform:compile
openstack-swift-2.5.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

CVE-2017-16613  

An issue was discovered in middleware.py in OpenStack Swauth through 1.2.0 when used with OpenStack Swift through 2.15.1. The Swift object store and proxy server are saving (unhashed) tokens retrieved from the Swauth middleware authentication mechanism to a log file as part of a GET URI. This allows attackers to bypass authentication by inserting a token into an X-Auth-Token header of a new request. NOTE: github.com/openstack/swauth URLs do not mean that Swauth is maintained by an official OpenStack project team.
CWE-287 Improper Authentication

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2016-0738  

OpenStack Object Storage (Swift) before 2.3.1 (Kilo), 2.4.x, and 2.5.x before 2.5.1 (Liberty) do not properly close server connections, which allows remote attackers to cause a denial of service (proxy-server resource consumption) via a series of interrupted requests to a Large Object URL.
CWE-399 Resource Management Errors

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2022-47950  

An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x before 2.29.2, and 2.30.0. By supplying crafted XML files, an authenticated user may coerce the S3 API into returning arbitrary file contents from the host server, resulting in unauthorized read access to potentially sensitive data. This impacts both s3api deployments (Rocky or later), and swift3 deployments (Queens and earlier, no longer actively developed).
CWE-552 Files or Directories Accessible to External Parties

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2017-8761  

In OpenStack Swift through 2.10.1, 2.11.0 through 2.13.0, and 2.14.0, the proxy-server logs full tempurl paths, potentially leaking reusable tempurl signatures to anyone with read access to these logs. All Swift deployments using the tempurl middleware are affected.
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

CVSSv2:
  • Base Score: MEDIUM (4.0)
  • Vector: /AV:N/AC:L/Au:S/C:P/I:N/A:N
CVSSv3:
  • Base Score: MEDIUM (4.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

org.apache.oltu.oauth2.client-1.0.2.jar

Description:

Apache Oltu is an OAuth protocol implementation in Java.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/oltu/oauth2/org.apache.oltu.oauth2.client/1.0.2/org.apache.oltu.oauth2.client-1.0.2.jar
MD5: 433638a5fab67c3a8f111d58c1fec0a0
SHA1: b34e09d1cb84c4b63cedb65c5346ac44eecc22c5
SHA256:ebbe0095c829ecbbb29b5ab572277ff11b9e3969114e6f1bac5d23a8c97e7708
Referenced In Project/Scope: Simplicite Platform:compile
org.apache.oltu.oauth2.client-1.0.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

org.apache.oltu.oauth2.common-1.0.2.jar

Description:

OAuth 2.0 library - Common

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/oltu/oauth2/org.apache.oltu.oauth2.common/1.0.2/org.apache.oltu.oauth2.common-1.0.2.jar
MD5: 48d5e8f17d2f292b32788d2b98b1aebd
SHA1: a82fff95276f4c6feadc7993670e659076e43260
SHA256:5e7ce01db88b361543e75644269c9447a059a5fecc23a15f3546eff8680ec968
Referenced In Project/Scope: Simplicite Platform:compile
org.apache.oltu.oauth2.common-1.0.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.oltu.oauth2/org.apache.oltu.oauth2.client@1.0.2

Identifiers

org.eclipse.jgit.http.server-6.5.0.202303070854-r.jar

Description:

    Git aware HTTP server implementation.

File Path: /var/simplicite/.m2/repository/org/eclipse/jgit/org.eclipse.jgit.http.server/6.5.0.202303070854-r/org.eclipse.jgit.http.server-6.5.0.202303070854-r.jar
MD5: e6521dfe42dc7a28ca9c1a4026553e2b
SHA1: 319c816f09029062c3b67201b67c203331d9e215
SHA256:b1d0a1c001b78cd30c479ebbd0d177f9ef5468f6a7fd51462bde8227f4a3ebe8
Referenced In Project/Scope: Simplicite Platform:compile
org.eclipse.jgit.http.server-6.5.0.202303070854-r.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

CVE-2023-4759  

Arbitrary File Overwrite in Eclipse JGit <= 6.6.0

In Eclipse JGit, all versions <= 6.6.0.202305301015-r, a symbolic link present in a specially crafted git repository can be used to write a file to locations outside the working tree when this repository is cloned with JGit to a case-insensitive filesystem, or when a checkout from a clone of such a repository is performed on a case-insensitive filesystem.

This can happen on checkout (DirCacheCheckout), merge (ResolveMerger via its WorkingTreeUpdater), pull (PullCommand using merge), and when applying a patch (PatchApplier). This can be exploited for remote code execution (RCE), for instance if the file written outside the working tree is a git filter that gets executed on a subsequent git command.

The issue occurs only on case-insensitive filesystems, like the default filesystems on Windows and macOS. The user performing the clone or checkout must have the rights to create symbolic links for the problem to occur, and symbolic links must be enabled in the git configuration.

Setting git configuration option core.symlinks = false before checking out avoids the problem.

The issue was fixed in Eclipse JGit version 6.6.1.202309021850-r and 6.7.0.202309050840-r, available via  Maven Central https://repo1.maven.org/maven2/org/eclipse/jgit/  and  repo.eclipse.org https://repo.eclipse.org/content/repositories/jgit-releases/ . A backport is available in 5.13.3 starting from  5.13.3.202401111512-r.


The JGit maintainers would like to thank RyotaK for finding and reporting this issue.
CWE-59 Improper Link Resolution Before File Access ('Link Following'), CWE-178 Improper Handling of Case Sensitivity

CVSSv3:
  • Base Score: HIGH (8.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

org.eclipse.paho.client.mqttv3-1.2.5.jar

File Path: /var/simplicite/.m2/repository/org/eclipse/paho/org.eclipse.paho.client.mqttv3/1.2.5/org.eclipse.paho.client.mqttv3-1.2.5.jar
MD5: eb09d20835460ad2de7b6d46e77ad113
SHA1: 1546cfc794449c39ad569853843a930104fdc297
SHA256:59914287adac506a28d5e8172eed262a22605f3df4d426b9d92f41dae2448185
Referenced In Project/Scope: Simplicite Platform:compile
org.eclipse.paho.client.mqttv3-1.2.5.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

osgi-resource-locator-1.0.3.jar

Description:

Used by various API providers that rely on META-INF/services mechanism to locate providers.

License:

EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html
File Path: /var/simplicite/.m2/repository/org/glassfish/hk2/osgi-resource-locator/1.0.3/osgi-resource-locator-1.0.3.jar
MD5: e7e82b82118c5387ae45f7bf3892909b
SHA1: de3b21279df7e755e38275137539be5e2c80dd58
SHA256:aab5d7849f7cfcda2cc7c541ba1bd365151d42276f151c825387245dfde3dd74
Referenced In Project/Scope: Simplicite Platform:provided
osgi-resource-locator-1.0.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.docusign/docusign-esign-java@3.18.0

Identifiers

package.json

File Path: /var/simplicite/simplicite-5.3/package.json
MD5: 1ab7de2cf32e679c002d7ca315c6a2f1
SHA1: 4b4fd34e1cd5d7464e0ad80dd284cabdb67c7217
SHA256:831ee288f25a02dc2545c809b626a995e822a49e38528c2de6697b22f23116b1
Referenced In Project/Scope: Simplicite Platform

Identifiers

  • None

parso-2.0.14.jar

Description:

Parso is a lightweight Java library designed to read SAS7BDAT datasets. The Parso interfaces
        are analogous to libraries designed to read table-storing files, for example, CSVReader library.
        Despite its small size, the Parso library is the only full-featured open-source solution to process SAS7BDAT
        datasets, both uncompressed, CHAR-compressed and BIN-compressed. It is effective in processing clinical and
        statistical data often stored in SAS7BDAT format. Parso allows converting data into CSV format.

License:

Apache License v2: http://www.apache.org/licenses/LICENSE-2.0.html
File Path: /var/simplicite/.m2/repository/com/epam/parso/2.0.14/parso-2.0.14.jar
MD5: bcc5179208e31ecddd8ec1cd2f5fca10
SHA1: a02ea1b198c410a105d261efd2d7043739aecd8e
SHA256:3b7e7a32915e04caed5dba31be1430aa57b4f9fa2b3d0ab0ed29067510d16575
Referenced In Project/Scope: Simplicite Platform:compile
parso-2.0.14.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.tika/tika-parsers-standard-package@2.7.0

Identifiers

pdfbox-2.0.28.jar

Description:

        The Apache PDFBox library is an open source Java tool for working with PDF documents.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/pdfbox/pdfbox/2.0.28/pdfbox-2.0.28.jar
MD5: f753bbff315de41ed2a5799f83eb9208
SHA1: 82a36bf73db57414b3fb2fc2962859ed453b51bc
SHA256:1f7af8587265e418abaa60a37ad6b09cb537549c35fe90c1c5b4cd70bf903dd3
Referenced In Project/Scope: Simplicite Platform:compile
pdfbox-2.0.28.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

perfmark-api-0.23.0.jar

Description:

PerfMark API

License:

Apache 2.0: https://opensource.org/licenses/Apache-2.0
File Path: /var/simplicite/.m2/repository/io/perfmark/perfmark-api/0.23.0/perfmark-api-0.23.0.jar
MD5: 571d67b7639e3aa95e6f2b887ca53357
SHA1: 0b813b7539fae6550541da8caafd6add86d4e22f
SHA256:c705b5c10c18ff3032b9e81742bc2f6b0e5607f6a6dfc0c8ad0cff75d4913042
Referenced In Project/Scope: Simplicite Platform:runtime
perfmark-api-0.23.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.google.cloud/google-cloud-pubsub@1.116.3

Identifiers

poi-5.2.3.jar

Description:

Apache POI - Java API To Access Microsoft Format Files

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/poi/poi/5.2.3/poi-5.2.3.jar
MD5: d4b21c2109d83abb8e93ba4bcfbdeb3a
SHA1: 2fb22ae74ad5aea6af1a9c64b9542f2ccf348604
SHA256:1d4c81a283e127693db89e85df45119d9d312d5686d2439b5be9445c2c649155
Referenced In Project/Scope: Simplicite Platform:compile
poi-5.2.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

postgresql-42.7.3.jar

Description:

PostgreSQL JDBC Driver Postgresql

License:

BSD-2-Clause: https://jdbc.postgresql.org/about/license.html
File Path: /var/simplicite/.m2/repository/org/postgresql/postgresql/42.7.3/postgresql-42.7.3.jar
MD5: f52f459fe317bf7e22327b72b381fc8a
SHA1: 24f3e9f7231428cd20eb4dde00dd3fce44e05464
SHA256:a2644cbfba1baa145ff7e8c8ef582a6eed7a7ec4ca792f7f054122bdec756268
Referenced In Project/Scope: Simplicite Platform:runtime
postgresql-42.7.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

preflight-2.0.28.jar

Description:

      The Apache Preflight library is an open source Java tool that implements 
      a parser compliant with the ISO-19005 (PDF/A) specification. Preflight is a 
      subproject of Apache PDFBox.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/pdfbox/preflight/2.0.28/preflight-2.0.28.jar
MD5: 43291329b987a50931a9d01ad3cd2a01
SHA1: cf6f7697203310c985abccb5bd24ab3058aa14e3
SHA256:7bfb1ba168e7871898d95237d8b9afc4567c73f5a0a3816f5d4460af52f413b3
Referenced In Project/Scope: Simplicite Platform:compile
preflight-2.0.28.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

proto-google-cloud-firestore-bundle-v1-2.6.1.jar

Description:

PROTO library for proto-google-cloud-firestore-bundle-v1

License:

Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/google/cloud/proto-google-cloud-firestore-bundle-v1/2.6.1/proto-google-cloud-firestore-bundle-v1-2.6.1.jar
MD5: 4a591fdc3bcf11a83dfa5bfc65226ee2
SHA1: 006216edf565c63f10a84c24da880c05ab7de176
SHA256:d2fb95180c4a310b5f99c2fb4da35d093a5570fe6ad027a25f8f062ffef9b28a
Referenced In Project/Scope: Simplicite Platform:compile
proto-google-cloud-firestore-bundle-v1-2.6.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.google.firebase/firebase-admin@8.1.0

Identifiers

proto-google-cloud-firestore-v1-2.6.1.jar

Description:

PROTO library for proto-google-cloud-firestore-v1

License:

Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/google/api/grpc/proto-google-cloud-firestore-v1/2.6.1/proto-google-cloud-firestore-v1-2.6.1.jar
MD5: 571f1da3a245ddae2d5c196f6ae90152
SHA1: dd2336241c125e9247e133eb322a49d0cd29a35d
SHA256:908bc1b9b565c67a6dd80afcb57d9d4926fc240aa31b2a800e1337fbd72d8b66
Referenced In Project/Scope: Simplicite Platform:compile
proto-google-cloud-firestore-v1-2.6.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.google.firebase/firebase-admin@8.1.0

Identifiers

proto-google-cloud-pubsub-v1-1.98.3.jar

Description:

PROTO library for proto-google-cloud-pubsub-v1

License:

Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/google/api/grpc/proto-google-cloud-pubsub-v1/1.98.3/proto-google-cloud-pubsub-v1-1.98.3.jar
MD5: f5a4e7c3d33a9a1f8062d0646c21bfe0
SHA1: a751cb465bdd8d45d6c716f0a2de8bc91045b3dc
SHA256:68275d03751afcefdfdd2cfdea9a856b25b7ce0ab972cda686ffe77d7d38d8be
Referenced In Project/Scope: Simplicite Platform:compile
proto-google-cloud-pubsub-v1-1.98.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.google.cloud/google-cloud-pubsub@1.116.3

Identifiers

proto-google-common-protos-2.8.0.jar

Description:

PROTO library for proto-google-common-protos

License:

Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/google/api/grpc/proto-google-common-protos/2.8.0/proto-google-common-protos-2.8.0.jar
MD5: 101d534c41a4f2a4e0851344a06837b5
SHA1: 8adcbc3c5c3b1b7af1cf1e8a25af26a516d62a4c
SHA256:2d74ed7623ba43211529a5701cd7c6e87cb66d5f94508b4dc0f35c789ef75d00
Referenced In Project/Scope: Simplicite Platform:compile
proto-google-common-protos-2.8.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.google.cloud/google-cloud-storage@2.6.0

Identifiers

proto-google-iam-v1-1.2.10.jar

Description:

PROTO library for proto-google-iam-v1

License:

Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/google/api/grpc/proto-google-iam-v1/1.2.10/proto-google-iam-v1-1.2.10.jar
MD5: b83b79a6f77007595bcefb69c3b4ce82
SHA1: 28feb1cf90b8e9d06c8c5deec5d888baae2ca793
SHA256:ca0f22c250c2e06dab35d8fbec216dda37119fadb36adc1373a81725aa6376bf
Referenced In Project/Scope: Simplicite Platform:compile
proto-google-iam-v1-1.2.10.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.google.cloud/google-cloud-storage@2.6.0

Identifiers

protobuf-java-3.22.3.jar

Description:

    Core Protocol Buffers library. Protocol Buffers are a way of encoding structured data in an
    efficient yet extensible format.

File Path: /var/simplicite/.m2/repository/com/google/protobuf/protobuf-java/3.22.3/protobuf-java-3.22.3.jar
MD5: e39845796ebd9fdb1b0f30ffef7ec2ee
SHA1: fdee98b8f6abab73f146a4edb4c09e56f8278d03
SHA256:59d388ea6a2d2d76ae8efff7fd4d0c60c6f0f464c3d3ab9be8e5add092975708
Referenced In Project/Scope: Simplicite Platform:compile
protobuf-java-3.22.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

proton-j-0.33.10.jar

Description:

Proton is a library for speaking AMQP.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/qpid/proton-j/0.33.10/proton-j-0.33.10.jar
MD5: 55d0529cb097f647e53cff7a4189b128
SHA1: fb31048dec7642e31982a46500acb211f52f6314
SHA256:1fcddf5c76e70eff331900443c51e1a2c8d313b5ffc70611995fadfb6c36d96a
Referenced In Project/Scope: Simplicite Platform:compile
proton-j-0.33.10.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.qpid/qpid-jms-client@1.6.0

Identifiers

qdox-1.12.jar

Description:

    QDox is a high speed, small footprint parser for extracting class/interface/method definitions from source files
    complete with JavaDoc @tags. It is designed to be used by active code generators or documentation tools.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/thoughtworks/qdox/qdox/1.12/qdox-1.12.jar
MD5: b8d83192c2f42a04f40bef4e24a8d7c5
SHA1: 466993f8362511ecc42e6508d3db1880bfcd5c56
SHA256:f9d7ad96f70d69e9c06c10e515b878f33810f1ad677cce9f6ae6772778d570ab
Referenced In Project/Scope: Simplicite Platform:compile
qdox-1.12.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.docx4j/docx4j-core@11.4.5

Identifiers

qpid-jms-client-1.6.0.jar

Description:

The core JMS Client implementation

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/qpid/qpid-jms-client/1.6.0/qpid-jms-client-1.6.0.jar
MD5: 6c7e1362ff56676442f54c905a3a40cf
SHA1: 8a27823f8dcd722f97936ba955973c37eb0b728c
SHA256:199766dc07d9826d71bbe717457baaedd26c2393a9ba9798f75bb32de0a66f9f
Referenced In Project/Scope: Simplicite Platform:compile
qpid-jms-client-1.6.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

qrgen-1.4.jar

Description:

a simple QRCode generation api for java built on top ZXING

License:

Apache License v2: http://www.apache.org/licenses/LICENSE-2.0.html
File Path: /var/simplicite/.m2/repository/net/glxn/qrgen/1.4/qrgen-1.4.jar
MD5: 22aedd5cea2b5d4edc650ab1e08a1ff9
SHA1: fbb2465ec16db786a164e66f2a1e67e2e9254303
SHA256:4985f423c0ced38a1b60ac0f2b76e9a260fe54a276ed313c362ae85fdbe39c35
Referenced In Project/Scope: Simplicite Platform:compile
qrgen-1.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

quartz-2.3.2.jar

Description:

Enterprise Job Scheduler

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
Apache Software License, Version 2.0
File Path: /var/simplicite/.m2/repository/org/quartz-scheduler/quartz/2.3.2/quartz-2.3.2.jar
MD5: d7299dbaec0e0ed7af281b07cc40c8c1
SHA1: 18a6d6b5a40b77bd060b34cb9f2acadc4bae7c8a
SHA256:639c6a675bc472e1568df9d8c954ff702da6f83ed27da0ff9a7bd12ed73b8bf0
Referenced In Project/Scope: Simplicite Platform:compile
quartz-2.3.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

CVE-2023-39017  

quartz-jobs 2.3.2 and below was discovered to contain a code injection vulnerability in the component org.quartz.jobs.ee.jms.SendQueueMessageJob.execute. This vulnerability is exploited via passing an unchecked argument. NOTE: this is disputed by multiple parties because it is not plausible that untrusted user input would reach the code location where injection must occur.
CWE-94 Improper Control of Generation of Code ('Code Injection')

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions:

re2j-1.5.jar

Description:

Linear time regular expressions for Java

License:

Go License: https://golang.org/LICENSE
File Path: /var/simplicite/.m2/repository/com/google/re2j/re2j/1.5/re2j-1.5.jar
MD5: d72a422e39af34e96259bf152b1c99dc
SHA1: 2ddd41c99436fa2b3cd9d26880541d7f3349828a
SHA256:c062f67e5b11c66650e45c0f420b1d5768e8b8009b0b3b5daf9bcc5880a7894c
Referenced In Project/Scope: Simplicite Platform:runtime
re2j-1.5.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.google.cloud/google-cloud-pubsub@1.116.3

Identifiers

reactive-streams-1.0.3.jar

Description:

A Protocol for Asynchronous Non-Blocking Data Sequence

License:

CC0: http://creativecommons.org/publicdomain/zero/1.0/
File Path: /var/simplicite/.m2/repository/org/reactivestreams/reactive-streams/1.0.3/reactive-streams-1.0.3.jar
MD5: 69122b098fff1c6b1bf2cd3b355e7e03
SHA1: d9fb7a7926ffa635b3dcaa5049fb2bfa25b3e7d0
SHA256:1dee0481072d19c929b623e155e14d2f6085dc011529a0a0dbefc84cf571d865
Referenced In Project/Scope: Simplicite Platform:compile
reactive-streams-1.0.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.graphql-java/graphql-java@20.2

Identifiers

relaxng-datatype-3.0.2.jar

Description:

RelaxNG Datatype library.

License:

http://www.eclipse.org/org/documents/edl-v10.php
File Path: /var/simplicite/.m2/repository/com/sun/xml/bind/external/relaxng-datatype/3.0.2/relaxng-datatype-3.0.2.jar
MD5: d958357b53f3548859b2d6dbe196a314
SHA1: 221ee282707d196f927a5e0bb0c3129f4ef36575
SHA256:c18b270f140f15eac8cbbedd46cc77727e02f7685a2e2db7ec122049990d166b
Referenced In Project/Scope: Simplicite Platform:compile
relaxng-datatype-3.0.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.glassfish.jaxb/jaxb-xjc@3.0.2

Identifiers

rhino-1.7.13.jar

Description:

    Rhino is an open-source implementation of JavaScript written entirely in Java.
    It is typically embedded into Java applications to provide scripting to end users.

License:

Mozilla Public License, Version 2.0: http://www.mozilla.org/MPL/2.0/index.txt
File Path: /var/simplicite/.m2/repository/org/mozilla/rhino/1.7.13/rhino-1.7.13.jar
MD5: 17d7bed97d9c03a77578ec16e26bfc2f
SHA1: e6b2e12dc79fbdc58d8bf62a583705a551ec37d6
SHA256:931dda33789d8e004ff5b5478ee3d6d224305de330c48266df7c3e49d52fc606
Referenced In Project/Scope: Simplicite Platform:compile
rhino-1.7.13.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

rhino-1.7.13.jar: test.js

File Path: /var/simplicite/.m2/repository/org/mozilla/rhino/1.7.13/rhino-1.7.13.jar/org/mozilla/javascript/tools/debugger/test.js
MD5: 3f4137118304ccd25816067cf8d1edd6
SHA1: d3c7ae4c10cb6c7ac191cb65a39e53ba6a4e6cfb
SHA256:950d2db0a646488500b58ba76a02c33501a048708c083e3b743b73b16e105331
Referenced In Project/Scope: Simplicite Platform:compile

Identifiers

  • None

rhino-js-engine-1.7.10.jar

Description:

A js-engine.jar that provides a script engine "rhino" with old Rhino JavaScript.

The source code for js-engine comes from https://java.net/projects/Scripting.

The Rhino engine itself is pulled by maven. Its source is at https://github.com/mozilla/rhino.

License:

The BSD 3-Clause License: https://opensource.org/licenses/BSD-3-Clause
File Path: /var/simplicite/.m2/repository/cat/inspiracio/rhino-js-engine/1.7.10/rhino-js-engine-1.7.10.jar
MD5: 5543d39bea21e5c9515e8d967a61e1b1
SHA1: 09cc9336acf7bd2f370ae812d5713e90463edc33
SHA256:b47d73c223c86fd3f70470a9a8269626dbb6e9cb0195d062ba53171a2df7ff44
Referenced In Project/Scope: Simplicite Platform:compile
rhino-js-engine-1.7.10.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

rhino-js-engine-1.7.10.jar: toplevel.js

File Path: /var/simplicite/.m2/repository/cat/inspiracio/rhino-js-engine/1.7.10/rhino-js-engine-1.7.10.jar/META-INF/toplevel.js
MD5: 491854ddbf3787e63aec2d77d4aad938
SHA1: 0cc36fe5c5269749b8d94252d7490d2d82bda8ed
SHA256:511041250766b0811a7767801a1bec1be89a5bddbbe9e455ad7ea2057ba473f7
Referenced In Project/Scope: Simplicite Platform:compile

Identifiers

  • None

rngom-3.0.2.jar

Description:

        RNGOM is a RelaxNG Object model library (XSOM for RelaxNG).

License:

http://www.eclipse.org/org/documents/edl-v10.php
File Path: /var/simplicite/.m2/repository/com/sun/xml/bind/external/rngom/3.0.2/rngom-3.0.2.jar
MD5: 9da4e8789a42db6267e4aa4fcdc4d8e2
SHA1: 6ab744428cf27988de4a2bcae7e7adef2941e174
SHA256:aa8eb8ced381576753dd0071657962b8d8e60e63276309a66f54cf9f8a3cd313
Referenced In Project/Scope: Simplicite Platform:compile
rngom-3.0.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.glassfish.jaxb/jaxb-xjc@3.0.2

Identifiers

rome-1.18.0.jar

Description:

All Roads Lead to ROME. ROME is a set of Atom/RSS Java utilities that make it
        easy to work in Java with most syndication formats. Today it accepts all flavors of RSS
        (0.90, 0.91, 0.92, 0.93, 0.94, 1.0 and 2.0), Atom 0.3 and Atom 1.0 feeds. Rome includes
        a set of parsers and generators for the various flavors of feeds, as well as converters
        to convert from one format to another. The parsers can give you back Java objects that
        are either specific for the format you want to work with, or a generic normalized
        SyndFeed object that lets you work on with the data without bothering about the
        underlying format.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/rometools/rome/1.18.0/rome-1.18.0.jar
MD5: 9cbf294bc581c22fe9b36c5ccdbf566c
SHA1: bdc2933175bb9d92b41e4ace771f645f524d75d3
SHA256:2776a17a8923e2f31a8d694cd1e265a0e03c9b67e3f9404937dac854fb60d11c
Referenced In Project/Scope: Simplicite Platform:compile
rome-1.18.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.tika/tika-parsers-standard-package@2.7.0

Identifiers

rome-utils-1.18.0.jar

Description:

Utility classes for ROME projects

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/rometools/rome-utils/1.18.0/rome-utils-1.18.0.jar
MD5: 6c6b80de1688370a8584c7a4e3a9e8b5
SHA1: 3dc676ae59ab0be7ccd2bd6d2214779b97eec7db
SHA256:8445ad8e4539e074e8dd5865c2da8582071d593d9aef55267803c7fdcc095c19
Referenced In Project/Scope: Simplicite Platform:compile
rome-utils-1.18.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.tika/tika-parsers-standard-package@2.7.0

Identifiers

s3-2.5.0.jar

Description:

jclouds components to access an implementation of S3

File Path: /var/simplicite/.m2/repository/org/apache/jclouds/api/s3/2.5.0/s3-2.5.0.jar
MD5: e1a1429f317d4d51a541aa8d3c0e31ca
SHA1: 08f413ddb4531368996b0664755513654417e95e
SHA256:093c48e6a029625da456670f28570abeb921b3a2bdcec5d49bdc2419b3c07ad8
Referenced In Project/Scope: Simplicite Platform:compile
s3-2.5.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.jclouds.provider/aws-s3@2.5.0

Identifiers

select2-theme-bootstrap4:1.0.2

Description:

A theme for Select2 v4 and Bootstrap 4.

License:

MIT
File Path: /var/simplicite/simplicite-5.3/package.json?/select2-theme-bootstrap4:1.0.2

Referenced In Project/Scope: simplicite-js:5.3.35

Identifiers

select2:4.0.13

Description:

Select2 is a jQuery based replacement for select boxes. It supports searching, remote data sets, and infinite scrolling of results.

License:

MIT
File Path: /var/simplicite/simplicite-5.3/package.json?/select2:4.0.13

Referenced In Project/Scope: simplicite-js:5.3.35

Identifiers

semver4j-5.2.2.jar

Description:

Semantic versioning for Java apps.

License:

The MIT License: https://opensource.org/licenses/MIT
File Path: /var/simplicite/.m2/repository/org/semver4j/semver4j/5.2.2/semver4j-5.2.2.jar
MD5: ee5a611d94c969ecc43ddac13424cf04
SHA1: 758cda82b388ce468c8d9880eaf6925155e5336c
SHA256:cd2856162bdebcd13d4e278fca170b58caa982393e7c674a4cedab17b163eefe
Referenced In Project/Scope: Simplicite Platform:compile
semver4j-5.2.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

serializer-2.7.3.jar

File Path: /var/simplicite/.m2/repository/xalan/serializer/2.7.3/serializer-2.7.3.jar
MD5: 21697a2d50f03bfd93ccf7636f8118d3
SHA1: 1aa6259987888f49fdbebb1aa1a88e0f54a44f6f
SHA256:5f6804bacdfdb3ccc52d2538536fab8986696d61559b081054a420c653806667
Referenced In Project/Scope: Simplicite Platform:compile
serializer-2.7.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

signature_pad:4.1.5

Description:

Library for drawing smooth signatures.

License:

MIT
File Path: /var/simplicite/simplicite-5.3/package.json?/signature_pad:4.1.5

Referenced In Project/Scope: simplicite-js:5.3.35

Identifiers

simplicite-bootstrap-datetimepicker:1.1.0

Description:

Bootstrap date and time picker adapted and refactored for Bootstrap 4 and 5 from archived https://github.com/smalot/bootstrap-datetimepicker

License:

Apache-2.0
File Path: /var/simplicite/simplicite-5.3/package.json?/simplicite-bootstrap-datetimepicker:1.1.0

Referenced In Project/Scope: simplicite-js:5.3.35

Identifiers

simplicite:3.0.1

Description:

Simplicite(R) platform Javascript API (for node.js and browser)

License:

Apache-2.0
File Path: /var/simplicite/simplicite-5.3/package.json?/simplicite:3.0.1

Referenced In Project/Scope: simplicite-js:5.3.35

Identifiers

slf4j-api-1.7.36.jar

Description:

The slf4j API

File Path: /var/simplicite/.m2/repository/org/slf4j/slf4j-api/1.7.36/slf4j-api-1.7.36.jar
MD5: 872da51f5de7f3923da4de871d57fd85
SHA1: 6c62681a2f655b49963a5983b8b0950a6120ae14
SHA256:d3ef575e3e4979678dc01bf1dcce51021493b4d11fb7f1be8ad982877c16a1c0
Referenced In Project/Scope: Simplicite Platform:compile
slf4j-api-1.7.36.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

snakeyaml-2.0.jar

Description:

YAML 1.1 parser and emitter for Java

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/yaml/snakeyaml/2.0/snakeyaml-2.0.jar
MD5: caf24b81b9d57e6d4f68b1ccd36e00a3
SHA1: 3aab2116756442bf0d4cd1c089b24d34c3baa253
SHA256:880c9d896e4b74a06c549c15ca496450165d6909fa15d7e662bee8f6a66d7afa
Referenced In Project/Scope: Simplicite Platform:compile
snakeyaml-2.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

snappy-java-1.1.10.1.jar

Description:

snappy-java: A fast compression/decompression library

License:

Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.html
File Path: /var/simplicite/.m2/repository/org/xerial/snappy/snappy-java/1.1.10.1/snappy-java-1.1.10.1.jar
MD5: 8c279ac12dc8872fed3ecafce26a2299
SHA1: 4a1e1a22cba39145dfa20f2fef4e1ca38c8e02a1
SHA256:5a6224cb7f946f5a7db9c77e86af6ccd43ba5ae38b1a15bea23113cc83f8fabd
Referenced In Project/Scope: Simplicite Platform:runtime
snappy-java-1.1.10.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.kafka/kafka-clients@3.5.1

Identifiers

CVE-2023-43642  

snappy-java is a Java port of the snappy, a fast C++ compresser/decompresser developed by Google. The SnappyInputStream was found to be vulnerable to Denial of Service (DoS) attacks when decompressing data with a too large chunk size. Due to missing upper bound check on chunk length, an unrecoverable fatal error can occur. All versions of snappy-java including the latest released version 1.1.10.3 are vulnerable to this issue. A fix has been introduced in commit `9f8c3cf74` which will be included in the 1.1.10.4 release. Users are advised to upgrade. Users unable to upgrade should only accept compressed data from trusted sources.
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

snappy-java-1.1.10.1.jar: snappyjava.dll

File Path: /var/simplicite/.m2/repository/org/xerial/snappy/snappy-java/1.1.10.1/snappy-java-1.1.10.1.jar/org/xerial/snappy/native/Windows/x86/snappyjava.dll
MD5: ea2287ee0802e59bd07a1d1b0d580312
SHA1: e0ebe2c2e94a3634b880e682ef6088b350b6bd26
SHA256:3c983e7f9a413406c596faefbc82e87ed7186be6fab6bf60ba14c86a6aff29ce
Referenced In Project/Scope: Simplicite Platform:runtime

Identifiers

  • None

snappy-java-1.1.10.1.jar: snappyjava.dll

File Path: /var/simplicite/.m2/repository/org/xerial/snappy/snappy-java/1.1.10.1/snappy-java-1.1.10.1.jar/org/xerial/snappy/native/Windows/x86_64/snappyjava.dll
MD5: e2ded456e502ada53597a388bacec11e
SHA1: 96285359d550cf740df40ee982f001347f7846e5
SHA256:bb008f456c733630d5d14a853a40434775bc5dfc7ccdc15f7566218bca1a9ec2
Referenced In Project/Scope: Simplicite Platform:runtime

Identifiers

  • None

spectrum-colorpicker:1.8.1

Description:

Spectrum: the no hassle jQuery colorpicker

License:

MIT
File Path: /var/simplicite/simplicite-5.3/package.json?/spectrum-colorpicker:1.8.1

Referenced In Project/Scope: simplicite-js:5.3.35

Identifiers

sqlite-jdbc-3.45.2.0.jar

Description:

SQLite JDBC library

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/xerial/sqlite-jdbc/3.45.2.0/sqlite-jdbc-3.45.2.0.jar
MD5: efdfd6b90be9db7bb0998339aec16310
SHA1: 2ba1408717e5aaf85d59f65b313553fa8955fa37
SHA256:a817162384b7d9d98fd616ca880bcbf2528cf29e31393666d2df85b307b03764
Referenced In Project/Scope: Simplicite Platform:runtime
sqlite-jdbc-3.45.2.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

sqlite-jdbc-3.45.2.0.jar: sqlitejdbc.dll

File Path: /var/simplicite/.m2/repository/org/xerial/sqlite-jdbc/3.45.2.0/sqlite-jdbc-3.45.2.0.jar/org/sqlite/native/Windows/aarch64/sqlitejdbc.dll
MD5: 195cc7c808a9da8f98f0546923f7cead
SHA1: f7114920cc6ed4c77e3a8d6cd1436a2a5902f896
SHA256:895f5459a217e41ec0bb349cd80f0e632370f55d2de2f4aca484c0cd5a28773e
Referenced In Project/Scope: Simplicite Platform:runtime

Identifiers

  • None

sqlite-jdbc-3.45.2.0.jar: sqlitejdbc.dll

File Path: /var/simplicite/.m2/repository/org/xerial/sqlite-jdbc/3.45.2.0/sqlite-jdbc-3.45.2.0.jar/org/sqlite/native/Windows/armv7/sqlitejdbc.dll
MD5: b65a5bc02a7e87de6957d395620639d7
SHA1: 48afdecb4ef57e3b37034b7581f0abbffeaffab2
SHA256:7f836c3d39ba6ecf403ca94d972e777207cb99db886734c25bd30e7a31279722
Referenced In Project/Scope: Simplicite Platform:runtime

Identifiers

  • None

sqlite-jdbc-3.45.2.0.jar: sqlitejdbc.dll

File Path: /var/simplicite/.m2/repository/org/xerial/sqlite-jdbc/3.45.2.0/sqlite-jdbc-3.45.2.0.jar/org/sqlite/native/Windows/x86/sqlitejdbc.dll
MD5: 28133326ed56bc1494a2db197ad0035a
SHA1: 57910cbc8a57acb273e43d0274503b19d1f7a174
SHA256:1a6e130ef863ab4b9743e43f6b7d671b267d975176f27317b318597368eee974
Referenced In Project/Scope: Simplicite Platform:runtime

Identifiers

  • None

sqlite-jdbc-3.45.2.0.jar: sqlitejdbc.dll

File Path: /var/simplicite/.m2/repository/org/xerial/sqlite-jdbc/3.45.2.0/sqlite-jdbc-3.45.2.0.jar/org/sqlite/native/Windows/x86_64/sqlitejdbc.dll
MD5: 3574d0ac9ab8511158b90657994eebf5
SHA1: 67d715e4f8da321125ab38cffa8323c8341717f4
SHA256:535c51e5a4e9baccf417cc25601fa9daa5c49087bd9fc1dfb39b1d73beba4c3a
Referenced In Project/Scope: Simplicite Platform:runtime

Identifiers

  • None

sshd-core-2.9.2.jar

File Path: /var/simplicite/.m2/repository/org/apache/sshd/sshd-core/2.9.2/sshd-core-2.9.2.jar
MD5: 69fe5bc6fbbe4b9dbafaf7e3880fb2e5
SHA1: cca012d0214f0540dc00903b8f5f731280ca6dfc
SHA256:b4b66fe8c65af57895eabc1aab6b3104922e1dbca7b2525e32a8ca5b7312848e
Referenced In Project/Scope: Simplicite Platform:compile
sshd-core-2.9.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.eclipse.jgit/org.eclipse.jgit.ssh.apache@6.5.0.202303070854-r

Identifiers

CVE-2023-48795  

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.
CWE-354 Improper Validation of Integrity Check Value

CVSSv3:
  • Base Score: MEDIUM (5.9)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2023-35887  

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache MINA.

In SFTP servers implemented using Apache MINA SSHD that use a RootedFileSystem, logged users may be able to discover "exists/does not exist" information about items outside the rooted tree via paths including parent navigation ("..") beyond the root, or involving symlinks.

This issue affects Apache MINA: from 1.0 before 2.10. Users are recommended to upgrade to 2.10
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv3:
  • Base Score: MEDIUM (4.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

References:

Vulnerable Software & Versions:

stax2-api-4.2.1.jar

Description:

tax2 API is an extension to basic Stax 1.0 API that adds significant new functionality, such as full-featured bi-direction validation interface and high-performance Typed Access API.

License:

The BSD License: http://www.opensource.org/licenses/bsd-license.php
File Path: /var/simplicite/.m2/repository/org/codehaus/woodstox/stax2-api/4.2.1/stax2-api-4.2.1.jar
MD5: af8377bc7882332e22456616a9f164f6
SHA1: a3f7325c52240418c2ba257b103c3c550e140c83
SHA256:678567e48b51a42c65c699f266539ad3d676d4b1a5b0ad7d89ece8b9d5772579
Referenced In Project/Scope: Simplicite Platform:compile
stax2-api-4.2.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.fasterxml.jackson.jaxrs/jackson-jaxrs-xml-provider@2.14.2

Identifiers

stringtemplate-3.2.1.jar

Description:

StringTemplate is a java template engine for generating source code,
web pages, emails, or any other formatted text output.

StringTemplate is particularly good at multi-targeted code generators,
multiple site skins, and internationalization/localization. 

It evolved over years of effort developing jGuru.com. 

StringTemplate also generates the stringtemplate website: http://www.stringtemplate.org
and powers the ANTLR v3 code generator. Its distinguishing characteristic 
is that unlike other engines, it strictly enforces model-view separation.

Strict separation makes websites and code generators more flexible
and maintainable; it also provides an excellent defense against malicious
template authors.

There are currently about 600 StringTemplate source downloads a month.

License:

BSD licence: http://antlr.org/license.html
File Path: /var/simplicite/.m2/repository/org/antlr/stringtemplate/3.2.1/stringtemplate-3.2.1.jar
MD5: b58ca53e518a92a1991eb63b61917582
SHA1: 59ec8083721eae215c6f3caee944c410d2be34de
SHA256:f66ce72e965e5301cb0f020e54d2ba6ad76feb91b3cbfc30dbbf00c06a6df6d7
Referenced In Project/Scope: Simplicite Platform:compile
stringtemplate-3.2.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.docx4j/docx4j-core@11.4.5

Identifiers

stripe-java-20.113.0.jar

Description:

Stripe Java Bindings

License:

The MIT License: https://opensource.org/licenses/MIT
File Path: /var/simplicite/.m2/repository/com/stripe/stripe-java/20.113.0/stripe-java-20.113.0.jar
MD5: 9467d476f66d58e983cdba0d3b727140
SHA1: 5bded4cb65c6c183155656a1ab9dad614158651d
SHA256:100504363b2aec82aba439a63331c01fb8b16c0822c74911f11d69c9c5d16835
Referenced In Project/Scope: Simplicite Platform:compile
stripe-java-20.113.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

sts-2.5.0.jar

Description:

jclouds components to access an implementation of Security Token Service (STS)

File Path: /var/simplicite/.m2/repository/org/apache/jclouds/api/sts/2.5.0/sts-2.5.0.jar
MD5: e804f69c3d8e458f60545fe77c329d7f
SHA1: 3113119daf110ef9f93459b5e391c6fd97efa401
SHA256:6b4bf88b47798c4cf3087d2f57911abb9d3d48e273078996023ed34ff3bec77a
Referenced In Project/Scope: Simplicite Platform:compile
sts-2.5.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.jclouds.provider/aws-s3@2.5.0

Identifiers

swagger-annotations-1.5.18.jar

License:

http://www.apache.org/licenses/LICENSE-2.0.html
File Path: /var/simplicite/.m2/repository/io/swagger/swagger-annotations/1.5.18/swagger-annotations-1.5.18.jar
MD5: e55d57705e9f1a040015cf2fe2e8120b
SHA1: f386aa7dc018534e6e05c40fff292e6cd9b9d8f8
SHA256:0f4ca703a5e26ca949aee8f9ee88b2aa7f12b45d6a2e7dd9d343407f97205157
Referenced In Project/Scope: Simplicite Platform:provided
swagger-annotations-1.5.18.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.docusign/docusign-esign-java@3.18.0

Identifiers

swagger-core-2.2.9.jar

Description:

swagger-core

License:

"Apache License 2.0";link="http://www.apache.org/licenses/LICENSE-2.0.html"
File Path: /var/simplicite/.m2/repository/io/swagger/core/v3/swagger-core/2.2.9/swagger-core-2.2.9.jar
MD5: 16ceed74eab126e884eaee7368897b66
SHA1: b49209fa7b6924426fae10a8e682cd2123d3cd24
SHA256:cd1ac5852c10e4c578f20d636d98cabb0f62fa8985384b24c258f6970153f127
Referenced In Project/Scope: Simplicite Platform:compile
swagger-core-2.2.9.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

swagger-ui-dist:4.18.2

License:

Apache-2.0
File Path: /var/simplicite/simplicite-5.3/package.json?/swagger-ui-dist:4.18.2

Referenced In Project/Scope: simplicite-js:5.3.35

Identifiers

tagsoup-1.2.1.jar

Description:

TagSoup is a SAX-compliant parser written in Java that, instead of parsing well-formed or valid XML, parses HTML as it is found in the wild: poor, nasty and brutish, though quite often far from short. TagSoup is designed for people who have to process this stuff using some semblance of a rational application design. By providing a SAX interface, it allows standard XML tools to be applied to even the worst HTML. TagSoup also includes a command-line processor that reads HTML files and can generate either clean HTML or well-formed XML that is a close approximation to XHTML.

License:

Apache License 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/ccil/cowan/tagsoup/tagsoup/1.2.1/tagsoup-1.2.1.jar
MD5: ae73a52cdcbec10cd61d9ef22fab5936
SHA1: 5584627487e984c03456266d3f8802eb85a9ce97
SHA256:ac97f7b4b1d8e9337edfa0e34044f8d0efe7223f6ad8f3a85d54cc1018ea2e04
Referenced In Project/Scope: Simplicite Platform:compile
tagsoup-1.2.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.tika/tika-parsers-standard-package@2.7.0

Identifiers

threeten-extra-1.7.2.jar

Description:

Additional functionality that enhances JSR-310 dates and times in Java SE 8 and later

License:

BSD 3-clause: https://raw.githubusercontent.com/ThreeTen/threeten-extra/main/LICENSE.txt
File Path: /var/simplicite/.m2/repository/org/threeten/threeten-extra/1.7.2/threeten-extra-1.7.2.jar
MD5: a9733b6dc9a835fd4f9a6f32e2ed48ac
SHA1: b2e5f470c6c97fee4c05c03eb9c546695a7784c2
SHA256:a1045fe98171dd84c79682b412dbfdd7e4dd72415ecdee14135f726e11604e80
Referenced In Project/Scope: Simplicite Platform:compile
threeten-extra-1.7.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

threetenbp-1.6.8.jar

Description:

Backport of JSR-310 from JDK 8 to JDK 7 and JDK 6. NOT an implementation of the JSR.

License:

BSD-3-Clause: https://raw.githubusercontent.com/ThreeTen/threetenbp/main/LICENSE.txt
File Path: /var/simplicite/.m2/repository/org/threeten/threetenbp/1.6.8/threetenbp-1.6.8.jar
MD5: 4ade1f9a3c1d8e5b00021536fa34a48c
SHA1: 4c65b7b43f3fe31350f74cb7d0b2461e111e8dd0
SHA256:e4b1eb3d90c38a54c7f3384fda957e0b5bf0b41b40672a44ae8b03cb6c87ce06
Referenced In Project/Scope: Simplicite Platform:compile
threetenbp-1.6.8.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

CVE-2024-23082 (OSSINDEX)  

ThreeTen Backport v1.6.8 was discovered to contain an integer overflow via the component org.threeten.bp.format.DateTimeFormatter::parse(CharSequence, ParsePosition). NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification.
CWE-190 Integer Overflow or Wraparound

CVSSv2:
  • Base Score: MEDIUM (5.3)
  • Vector: /AV:N/AC:L/Au:/C:N/I:N/A:L

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.threeten:threetenbp:1.6.8:*:*:*:*:*:*:*

CVE-2024-23081 (OSSINDEX)  

ThreeTen Backport v1.6.8 was discovered to contain a NullPointerException via the component org.threeten.bp.LocalDate::compareTo(ChronoLocalDate). NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification.
CWE-476 NULL Pointer Dereference

CVSSv2:
  • Base Score: LOW (3.7)
  • Vector: /AV:N/AC:H/Au:/C:N/I:N/A:L

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.threeten:threetenbp:1.6.8:*:*:*:*:*:*:*

tika-core-2.7.0.jar

Description:

This is the core Apache Tika™ toolkit library from which all other modules inherit functionality. It
    also
    includes the core facades for the Tika API.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/tika/tika-core/2.7.0/tika-core-2.7.0.jar
MD5: 42b3dd0d4679ec6bafd848b6c0cb3035
SHA1: e9e8f1a7dc833e633fb2c717e8fa811e3e9dbf4a
SHA256:2603961edec8bcee014d2c360e5a9a0cdbf10aa8e6e95cf67abe190c837bb054
Referenced In Project/Scope: Simplicite Platform:compile
tika-core-2.7.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

tika-parsers-standard-package-2.7.0.jar (shaded: org.apache.tika:tika-parser-cad-module:2.7.0)

File Path: /var/simplicite/.m2/repository/org/apache/tika/tika-parsers-standard-package/2.7.0/tika-parsers-standard-package-2.7.0.jar/META-INF/maven/org.apache.tika/tika-parser-cad-module/pom.xml
MD5: e4686bf8d17d6bf26e93d54414982136
SHA1: c7417d8a53c0488cc2a97e7f4f3603653ad91a3b
SHA256:1cc90b5671eda9dbf4b4a414a21c54f0569c609afa50fe1815dcc8a52783f984
Referenced In Project/Scope: Simplicite Platform:compile

Identifiers

tinymce-i18n:23.10.9

Description:

Languages for TinyMCE 4, 5 and 6

License:

MIT
File Path: /var/simplicite/simplicite-5.3/package.json?/tinymce-i18n:23.10.9

Referenced In Project/Scope: simplicite-js:5.3.35

Identifiers

tinymce:6.7.2

Description:

Web based JavaScript HTML WYSIWYG editor control.

License:

MIT
File Path: /var/simplicite/simplicite-5.3/package.json?/tinymce:6.7.2

Referenced In Project/Scope: simplicite-js:5.3.35

Identifiers

CVE-2023-48219  

TinyMCE is an open source rich text editor. A mutation cross-site scripting (mXSS) vulnerability was discovered in TinyMCE’s core undo/redo functionality and other APIs and plugins. Text nodes within specific parents are not escaped upon serialization according to the HTML standard. If such text nodes contain a special character reserved as an internal marker, they can be combined with other HTML patterns to form malicious snippets. These snippets pass the initial sanitisation layer when the content is parsed into the editor body, but can trigger XSS when the special internal marker is removed from the content and re-parsed. his vulnerability has been patched in TinyMCE versions 6.7.3 and 5.10.9. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2024-29203 (OSSINDEX)  

TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s content insertion code.  This allowed `iframe` elements containing malicious code to execute when inserted into the editor.  These `iframe` elements are restricted in their permissions by same-origin browser protections, but could still trigger operations such as downloading of malicious assets. This vulnerability is fixed in 6.8.1.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:L/Au:/C:L/I:N/A:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:*:tinymce:6.7.2:*:*:*:*:*:*:*

CVE-2024-29881 (OSSINDEX)  

TinyMCE is an open source rich text editor.  A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s content loading and content inserting code. A SVG image could be loaded though an `object` or `embed` element and that image could potentially contain a XSS payload. This vulnerability is fixed in 6.8.1 and 7.0.0.

Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2024-29881 for details
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:L/Au:/C:L/I:N/A:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:*:tinymce:6.7.2:*:*:*:*:*:*:*

totp-1.7.1.jar

Description:

A library to help implement time-based one time passwords to enable MFA.

File Path: /var/simplicite/.m2/repository/dev/samstevens/totp/totp/1.7.1/totp-1.7.1.jar
MD5: ceaed46be1e655c451d11cc5cb33e4ff
SHA1: c2bcced6c255d48223f5626c4db9af9aa9d43c35
SHA256:f02b3fcab62298907d655acc54c0dc85f7103dc26cee95eed44ebe6fc2af3415
Referenced In Project/Scope: Simplicite Platform:compile
totp-1.7.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

twilio-8.29.0.jar

Description:

Twilio Java Helper Library

License:

MIT License: http://www.opensource.org/licenses/mit-license.php
File Path: /var/simplicite/.m2/repository/com/twilio/sdk/twilio/8.29.0/twilio-8.29.0.jar
MD5: 8153724055c8a5036a8e787449ea9d8b
SHA1: 32e5f2a20dada9cd3544f855ae4d1f11bf70924b
SHA256:4a340a5d85a16189b03d7420552a6649ead93a1278d2e6175425a64cdbd8b75e
Referenced In Project/Scope: Simplicite Platform:compile
twilio-8.29.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

txw2-3.0.2.jar

Description:

        TXW is a library that allows you to write XML documents.

File Path: /var/simplicite/.m2/repository/org/glassfish/jaxb/txw2/3.0.2/txw2-3.0.2.jar
MD5: 1e918807b59e37de5c379d0720a1c335
SHA1: 8c448a44cdcdbb5dd48ff2eb88cab858ed52cf91
SHA256:b4bcf94fb0a759456e2521724513baec94b78e93127544af162e3cff08d93343
Referenced In Project/Scope: Simplicite Platform:compile
txw2-3.0.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.glassfish.jaxb/jaxb-runtime@3.0.2

Identifiers

unirest-java-3.14.2.jar

Description:

Simplified, lightweight HTTP client library.

File Path: /var/simplicite/.m2/repository/com/konghq/unirest-java/3.14.2/unirest-java-3.14.2.jar
MD5: 68e701e21ea22313fa93b506db1c57df
SHA1: 0e7693bc22f364014d9164519fb057a7d86af9a7
SHA256:1df56813f4410de105265f91cb37be4cc9c1dc32902b18b8b8b7bf069ef2f2a7
Referenced In Project/Scope: Simplicite Platform:compile
unirest-java-3.14.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

vorbis-java-core-0.8.jar

File Path: /var/simplicite/.m2/repository/org/gagravarr/vorbis-java-core/0.8/vorbis-java-core-0.8.jar
MD5: 71b623b57f56daf112bddb3337ee896d
SHA1: 7e9937c2575cda2e3fc116415117c74f23e43fa6
SHA256:879bb0c8923fea686609e207fd9050ab246e001868341c725929405e755cf68e
Referenced In Project/Scope: Simplicite Platform:compile
vorbis-java-core-0.8.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.tika/tika-parsers-standard-package@2.7.0

Identifiers

vorbis-java-tika-0.8.jar

File Path: /var/simplicite/.m2/repository/org/gagravarr/vorbis-java-tika/0.8/vorbis-java-tika-0.8.jar
MD5: 85c7b34d5f94e66bf0c79f5d673db750
SHA1: 4ddbb27ac5884a0f0398a63d46a89d3bc87dc457
SHA256:a1b62281a99aec10dc69db1d2f8250952dca5841eedf1167b6b6f9585e2d0d26
Referenced In Project/Scope: Simplicite Platform:compile
vorbis-java-tika-0.8.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.tika/tika-parsers-standard-package@2.7.0

Identifiers

vue:3.4.21

Description:

The progressive JavaScript framework for building modern web UI.

License:

MIT
File Path: /var/simplicite/simplicite-5.3/package.json?/vue:3.4.21

Referenced In Project/Scope: simplicite-js:5.3.35

Identifiers

wmf2svg-0.9.8.jar

Description:

WMF to SVG Converting Tool & Library

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/net/arnx/wmf2svg/0.9.8/wmf2svg-0.9.8.jar
MD5: 34b920f0aa840b1792702d253c2c58b7
SHA1: 365614a3ee72ec475d9032f906d37b753fbe2bfa
SHA256:c7f136558140c3fbe9410199ca509895faad4fa79bdc185e72a868f1c2819b4a
Referenced In Project/Scope: Simplicite Platform:compile
wmf2svg-0.9.8.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.docx4j/docx4j-core@11.4.5

Identifiers

woodstox-core-6.5.0.jar (shaded: com.sun.xml.bind.jaxb:isorelax:20090621)

Description:

Unknown version of isorelax library used in JAXB project

File Path: /var/simplicite/.m2/repository/com/fasterxml/woodstox/woodstox-core/6.5.0/woodstox-core-6.5.0.jar/META-INF/maven/com.sun.xml.bind.jaxb/isorelax/pom.xml
MD5: 6fbb4bc95fbf2072bc6e3b790553fe81
SHA1: 314ec72948d5c1fc71d553cbbd7a130caa6f9f13
SHA256:cda6451d0231a973352b592ff950e39224ba6ba1a2f35eeab66511b5c225dff1
Referenced In Project/Scope: Simplicite Platform:compile

Identifiers

woodstox-core-6.5.0.jar (shaded: net.java.dev.msv:xsdlib:2013.6.1)

Description:

XML Schema datatypes library

File Path: /var/simplicite/.m2/repository/com/fasterxml/woodstox/woodstox-core/6.5.0/woodstox-core-6.5.0.jar/META-INF/maven/net.java.dev.msv/xsdlib/pom.xml
MD5: aaf872ed9d1aabee25e03c2a132ffd8e
SHA1: 47f218a999411ed028f089d59ebef8f14e0fe914
SHA256:d6e83c124436049d83238fc532a26c5d8ccd7e4ab10eba6d96043c850ac82f3c
Referenced In Project/Scope: Simplicite Platform:compile

Identifiers

woodstox-core-6.5.0.jar

Description:

Woodstox is a high-performance XML processor that implements Stax (JSR-173),
SAX2 and Stax2 APIs

License:

The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/fasterxml/woodstox/woodstox-core/6.5.0/woodstox-core-6.5.0.jar
MD5: 7faa8bf352ed3d280244cbc43f55c658
SHA1: cafa8aac5ddf104d28f172f19294d88d5e8c24c0
SHA256:21ad5f842f5332e0e2b56631178df45a8d205921d8370e2d5f557dc7f76cf4e2
Referenced In Project/Scope: Simplicite Platform:compile
woodstox-core-6.5.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.fasterxml.jackson.jaxrs/jackson-jaxrs-xml-provider@2.14.2

Identifiers

xalan-2.7.3.jar (shaded: org.apache.bcel:bcel:6.7.0)

Description:

Apache Commons Bytecode Engineering Library

File Path: /var/simplicite/.m2/repository/xalan/xalan/2.7.3/xalan-2.7.3.jar/META-INF/maven/org.apache.bcel/bcel/pom.xml
MD5: d295c30370ff8cf96227ecff62fcb78d
SHA1: 38983d16d320ff710f8898e2dd342299d76939a7
SHA256:b0a59c14c26bdb4c7a5a2b13b8dcbd9acebf55e67fe91497140d8894de2fdeae
Referenced In Project/Scope: Simplicite Platform:compile

Identifiers

xalan-2.7.3.jar

File Path: /var/simplicite/.m2/repository/xalan/xalan/2.7.3/xalan-2.7.3.jar
MD5: e384223db0825925765f2bf66839d26d
SHA1: 5095bedf29e73756fb5729f2241fd5ffa33d87e0
SHA256:febd48bb133a96c447282213951a6b74ea7fb45c0d896121296c014316bda6b0
Referenced In Project/Scope: Simplicite Platform:compile
xalan-2.7.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

xalan-interpretive-11.0.0.jar

Description:

xalan-interpretive

License:

Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/docx4j/org/apache/xalan-interpretive/11.0.0/xalan-interpretive-11.0.0.jar
MD5: fc5a8e36ca1cbe5eb05dbf328e058403
SHA1: 7494b62aced4c3d0ffa259e59c435dc9bd7f07b3
SHA256:badfeb922041262d667363e05bd1cea3947f2ad63dc0f586582ef20ab5a52456
Referenced In Project/Scope: Simplicite Platform:compile
xalan-interpretive-11.0.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.docx4j/docx4j-core@11.4.5

Identifiers

xalan-serializer-11.0.0.jar

Description:

xalan-serializer

License:

Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/docx4j/org/apache/xalan-serializer/11.0.0/xalan-serializer-11.0.0.jar
MD5: f21112d50f8c5e067bcb388697cb6af1
SHA1: 7a6b5802bdba3d3b12e935b8a0ae2e020d839cfd
SHA256:ee20541b9180bbd4dc4d55b825e397aefc1545d11d819e4d488012fa76a4b6dc
Referenced In Project/Scope: Simplicite Platform:compile
xalan-serializer-11.0.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.docx4j/docx4j-core@11.4.5

Identifiers

xercesImpl-2.12.2.jar

Description:

      Xerces2 provides high performance, fully compliant XML parsers in the Apache Xerces family. This new version of Xerces continues to build upon the Xerces Native Interface (XNI), a complete framework for building parser components and configurations that is extremely modular and easy to program.

      The Apache Xerces2 parser is the reference implementation of XNI but other parser components, configurations, and parsers can be written using the Xerces Native Interface. For complete design and implementation documents, refer to the XNI Manual.

      Xerces2 provides fully conforming XML Schema 1.0 and 1.1 processors. An experimental implementation of the "XML Schema Definition Language (XSD): Component Designators (SCD) Candidate Recommendation (January 2010)" is also provided for evaluation. For more information, refer to the XML Schema page.

      Xerces2 also provides a complete implementation of the Document Object Model Level 3 Core and Load/Save W3C Recommendations and provides a complete implementation of the XML Inclusions (XInclude) W3C Recommendation. It also provides support for OASIS XML Catalogs v1.1.

      Xerces2 is able to parse documents written according to the XML 1.1 Recommendation, except that it does not yet provide an option to enable normalization checking as described in section 2.13 of this specification. It also handles namespaces according to the XML Namespaces 1.1 Recommendation, and will correctly serialize XML 1.1 documents if the DOM level 3 load/save APIs are in use.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/xerces/xercesImpl/2.12.2/xercesImpl-2.12.2.jar
MD5: 40e4f2d5aacfbf51a9a1572d77a0e5e9
SHA1: f051f988aa2c9b4d25d05f95742ab0cc3ed789e2
SHA256:6fc991829af1708d15aea50c66f0beadcd2cfeb6968e0b2f55c1b0909883fe16
Referenced In Project/Scope: Simplicite Platform:compile
xercesImpl-2.12.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

  • pkg:maven/xerces/xercesImpl@2.12.2  (Confidence:High)
  • cpe:2.3:a:apache:xerces-j:2.12.2:*:*:*:*:*:*:*  (Confidence:Low)  
  • cpe:2.3:a:apache:xerces2_java:2.12.2:*:*:*:*:*:*:*  (Confidence:Low)  

CVE-2017-10355 (OSSINDEX)  

sonatype-2017-0348 - xerces:xercesImpl - Denial of Service (DoS)

The software contains multiple threads or executable segments that are waiting for each other to release a necessary lock, resulting in deadlock.
CWE-833 Deadlock

CVSSv3:
  • Base Score: MEDIUM (5.9)
  • Vector: CVSS:/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:xerces:xercesImpl:2.12.2:*:*:*:*:*:*:*

xmlbeans-5.1.1.jar

Description:

XmlBeans main jar

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/xmlbeans/xmlbeans/5.1.1/xmlbeans-5.1.1.jar
MD5: 6f137af5334fbd77a2d64f5de8bf6ff6
SHA1: 48a369df0eccb509d46203104e4df9cb00f0f68b
SHA256:5f484a78bed71cbffe3709678b6bdd3463781a7c61c6d9872330aecbf150762a
Referenced In Project/Scope: Simplicite Platform:compile
xmlbeans-5.1.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.poi/poi-ooxml@5.2.3

Identifiers

xmlgraphics-commons-2.7.jar

Description:

    Apache XML Graphics Commons is a library that consists of several reusable 
    components used by Apache Batik and Apache FOP. Many of these components 
    can easily be used separately outside the domains of SVG and XSL-FO.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/xmlgraphics/xmlgraphics-commons/2.7/xmlgraphics-commons-2.7.jar
MD5: ec712218e2391e64672fd8ed1e9e1d71
SHA1: 336ddd6d0a244cdebf26a298fb7c3a5fd45449db
SHA256:1fe37a1927bdd699730f0ad39f50a699c9ab4dff0ad047dff1e846cb120ae2b1
Referenced In Project/Scope: Simplicite Platform:compile
xmlgraphics-commons-2.7.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.docx4j/docx4j-core@11.4.5

Identifiers

xmlsec-3.0.2.jar

Description:

        Apache XML Security for Java supports XML-Signature Syntax and Processing,
        W3C Recommendation 12 February 2002, and XML Encryption Syntax and
        Processing, W3C Recommendation 10 December 2002. As of version 1.4,
        the library supports the standard Java API JSR-105: XML Digital Signature APIs.

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/santuario/xmlsec/3.0.2/xmlsec-3.0.2.jar
MD5: d2abbf133d39a5224417c17ab685224e
SHA1: 9bb2f2603902354290c9d5277f67d50444fd8777
SHA256:c802caa2065117eb8e901c3bedfaefebc058badce5c5a76f2d983d9e123e443a
Referenced In Project/Scope: Simplicite Platform:compile
xmlsec-3.0.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

  • pkg:maven/org.apache.santuario/xmlsec@3.0.2  (Confidence:High)
  • cpe:2.3:a:apache:santuario_xml_security_for_java:3.0.2:*:*:*:*:*:*:*  (Confidence:Low)  
  • cpe:2.3:a:apache:xml_security_for_java:3.0.2:*:*:*:*:*:*:*  (Confidence:Low)  

CVE-2023-44483  

All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled. Users are recommended to upgrade to version 2.2.6, 2.3.4, or 3.0.3, which fixes this issue.
CWE-532 Insertion of Sensitive Information into Log File

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

xmpbox-2.0.28.jar

Description:

    The Apache XmpBox library is an open source Java tool that implements Adobe's XMP(TM)
    specification. It can be used to parse, validate and create xmp contents.
    It is mainly used by subproject preflight of Apache PDFBox. 
    XmpBox is a subproject of Apache PDFBox.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/pdfbox/xmpbox/2.0.28/xmpbox-2.0.28.jar
MD5: a3caad97b0bd417cd3ac6697927bf43a
SHA1: 354f7150598c7a64a2180ff58860a4dfe6e61033
SHA256:5569da68395e1600367288a1431daf48e44b7d1b4eae046eefe180d4b42e1fa4
Referenced In Project/Scope: Simplicite Platform:compile
xmpbox-2.0.28.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35

Identifiers

xmpcore-6.1.11.jar

Description:

The Adobe XMP Core library

License:

The BSD 3-Clause License (BSD3): https://opensource.org/licenses/BSD-3-Clause
File Path: /var/simplicite/.m2/repository/com/adobe/xmp/xmpcore/6.1.11/xmpcore-6.1.11.jar
MD5: 37892425fcfeffe88554b3d66dd084ca
SHA1: 852f14101381e527e6d43339d7db1698c970436c
SHA256:8f7033c579b99fa0d9d6ddcb9448875b5e4b577c350002278ce46997d678b737
Referenced In Project/Scope: Simplicite Platform:compile
xmpcore-6.1.11.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.tika/tika-parsers-standard-package@2.7.0

Identifiers

xsom-3.0.2.jar

Description:

XML Schema Object Model (XSOM) is a Java library that allows applications to easily parse XML Schema
        documents and inspect information in them. It is expected to be useful for applications that need to take XML
        Schema as an input.

License:

Eclipse Distribution License - v 1.0: http://www.eclipse.org/org/documents/edl-v10.php
File Path: /var/simplicite/.m2/repository/org/glassfish/jaxb/xsom/3.0.2/xsom-3.0.2.jar
MD5: 1c642bce44a0bc2b45390c08ce7a6493
SHA1: 032f936578ef5755aaab9627023168a635c3e1c3
SHA256:45706323354a606323ff1130cb575e44c6d4d7aac4439564174d7ccace6cc90a
Referenced In Project/Scope: Simplicite Platform:compile
xsom-3.0.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.glassfish.jaxb/jaxb-xjc@3.0.2

Identifiers

xterm-js:4.9.0

Description:

Full xterm terminal, in your browser

License:

MIT
File Path: /var/simplicite/simplicite-5.3/package.json?/xterm-js:4.9.0

Referenced In Project/Scope: simplicite-js:5.3.35

Identifiers

CVE-2019-0542  

A remote code execution vulnerability exists in Xterm.js when the component mishandles special characters, aka "Xterm Remote Code Execution Vulnerability." This affects xterm.js.
CWE-94 Improper Control of Generation of Code ('Code Injection')

CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: HIGH (8.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

xz-1.9.jar

Description:

XZ data compression

License:

Public Domain
File Path: /var/simplicite/.m2/repository/org/tukaani/xz/1.9/xz-1.9.jar
MD5: 57c2fbfeb55e307ccae52e5322082e02
SHA1: 1ea4bec1a921180164852c65006d928617bd2caf
SHA256:211b306cfc44f8f96df3a0a3ddaf75ba8c5289eed77d60d72f889bb855f535e5
Referenced In Project/Scope: Simplicite Platform:compile
xz-1.9.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.tika/tika-parsers-standard-package@2.7.0

Identifiers

zstd-jni-1.5.5-1.jar

Description:

JNI bindings for Zstd native library that provides fast and high compression lossless algorithm for Java and all JVM languages.

License:

BSD 2-Clause License: https://opensource.org/licenses/BSD-2-Clause
File Path: /var/simplicite/.m2/repository/com/github/luben/zstd-jni/1.5.5-1/zstd-jni-1.5.5-1.jar
MD5: 16ede3375b6c900abafd95b600b512b9
SHA1: fda1d6278299af27484e1cc3c79a060e41b7ef7e
SHA256:f779fcd068ad91ac77aa0239104bd42793b0dce807fb1d73b51c635e0ea1e293
Referenced In Project/Scope: Simplicite Platform:runtime
zstd-jni-1.5.5-1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.kafka/kafka-clients@3.5.1

Identifiers

zstd-jni-1.5.5-1.jar: libzstd-jni-1.5.5-1.dll

File Path: /var/simplicite/.m2/repository/com/github/luben/zstd-jni/1.5.5-1/zstd-jni-1.5.5-1.jar/win/amd64/libzstd-jni-1.5.5-1.dll
MD5: ff3464c6fc76323116a1ac6be739cb0c
SHA1: eb36af7de802e21c7a02b6051f0148d827ce95a8
SHA256:baae78a7ea7b9d8ee066125496cbc9563bc8bc45f7bd851c1901d84ac924b3be
Referenced In Project/Scope: Simplicite Platform:runtime

Identifiers

  • None

zstd-jni-1.5.5-1.jar: libzstd-jni-1.5.5-1.dll

File Path: /var/simplicite/.m2/repository/com/github/luben/zstd-jni/1.5.5-1/zstd-jni-1.5.5-1.jar/win/x86/libzstd-jni-1.5.5-1.dll
MD5: 8b10e36d615f0c6d0fa280837273cb6f
SHA1: c72b2dffc18b73c8a13dcf954c09032982cf7e0e
SHA256:07949da0fe10bcdd1ae823f3ff5e80f478217eaca4043daffc1b4ffce90588a2
Referenced In Project/Scope: Simplicite Platform:runtime

Identifiers

  • None


This report contains data retrieved from the National Vulnerability Database.
This report may contain data retrieved from the CISA Known Exploited Vulnerability Catalog.
This report may contain data retrieved from the Github Advisory Database (via NPM Audit API).
This report may contain data retrieved from RetireJS.
This report may contain data retrieved from the Sonatype OSS Index.