Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies;
false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and
the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties,
implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided
is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever
arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/zaxxer/HikariCP/5.0.1/HikariCP-5.0.1.jar MD5: 3bc96d2ce8285470da11ec41bff6129f SHA1: a74c7f0a37046846e88d54f7cb6ea6d565c65f9c SHA256:26d492397e6775b4296737a8919bf04047afe5827fdd2c08b4557595436b3a2b Referenced In Project/Scope: Simplicite Platform:compile HikariCP-5.0.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
The bit array data structure is implemented in Java as the BitSet class. Unfortunately, this fails to scale without compression.
JavaEWAH is a word-aligned compressed variant of the Java bitset class. It uses a 64-bit run-length encoding (RLE) compression scheme.
The goal of word-aligned compression is not to achieve the best compression, but rather to improve query processing time. Hence, we try to save CPU cycles, maybe at the expense of storage. However, the EWAH scheme we implemented is always more efficient storage-wise than an uncompressed bitmap (implemented in Java as the BitSet class). Unlike some alternatives, javaewah does not rely on a patented scheme.
File Path: /var/simplicite/.m2/repository/com/googlecode/javaewah/JavaEWAH/1.1.13/JavaEWAH-1.1.13.jar MD5: a1eb305e5cc5bba238d4360e3139abb4 SHA1: 32cd724a42dc73f99ca08453d11a4bb83e0034c7 SHA256:4c0fda2b1d317750d7ea324e36c70b2bc48310c0aaae67b98df0915d696d7111 Referenced In Project/Scope: Simplicite Platform:compile JavaEWAH-1.1.13.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.eclipse.jgit/org.eclipse.jgit@6.5.0.202303070854-r
An efficient sparse bitset implementation for Java
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/zaxxer/SparseBitSet/1.2/SparseBitSet-1.2.jar MD5: 1c6032441aec11b523e1a7bfa96d60cf SHA1: 8467c813d442837fcaeddbc42cf5c5359fab4933 SHA256:91e6b318c901a0f2dd1f6ce781d62474435ae627d22fbac9b21bbc39ffd804b6 Referenced In Project/Scope: Simplicite Platform:compile SparseBitSet-1.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.poi/poi@5.2.3
Java reflect give poor performance on getter setter an constructor calls, accessors-smart use ASM to speed up those calls.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/net/minidev/accessors-smart/2.4.9/accessors-smart-2.4.9.jar MD5: 339685c20dcac95c4f5b59e70daadc0e SHA1: 32e540749224c22c9b17de8137e916aae9057e22 SHA256:accdd5c7ac4c49b155890aaea1ffca2a9ccd5826b562dd95a99fc1887003e031 Referenced In Project/Scope: Simplicite Platform:runtime accessors-smart-2.4.9.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.jayway.jsonpath/json-path@2.8.0
File Path: /var/simplicite/.m2/repository/org/eclipse/angus/angus-activation/2.0.0/angus-activation-2.0.0.jar MD5: 834539f269d476663784d8571048f3c4 SHA1: 72369f4e2314d38de2dcbb277141ef0226f73151 SHA256:3a12d321a0f35aa9458ff9b6ee93a3de76b78e3f18b077c81721473d83079147 Referenced In Project/Scope: Simplicite Platform:runtime angus-activation-2.0.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.eclipse.angus/jakarta.mail@2.0.1
File Path: /var/simplicite/.m2/repository/org/codehaus/mojo/animal-sniffer-annotations/1.21/animal-sniffer-annotations-1.21.jar MD5: 8e018b5f98c87e95dc13662c05a3b447 SHA1: 419a9acd297cb6fe6f91b982d909f2c20e9fa5c0 SHA256:2f25841c937e24959a57b630e2c4b8525b3d0f536f2e511c9b2bed30b1651d54 Referenced In Project/Scope: Simplicite Platform:runtime animal-sniffer-annotations-1.21.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.google.cloud/google-cloud-pubsub@1.116.3
File Path: /var/simplicite/.m2/repository/com/google/android/annotations/4.1.1.4/annotations-4.1.1.4.jar MD5: c2cdd26a6ae577f24775e8ce75da1fdc SHA1: a1678ba907bf92691d879fef34e1a187038f9259 SHA256:ba734e1e84c09d615af6a09d33034b4f0442f8772dec120efb376d86a565ae15 Referenced In Project/Scope: Simplicite Platform:runtime annotations-4.1.1.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.google.cloud/google-cloud-pubsub@1.116.3
File Path: /var/simplicite/.m2/repository/org/apache/ant/ant/1.10.13/ant-1.10.13.jar MD5: 0781dacdb3a7af3a1c1f6d5187438da4 SHA1: 85fd5990a27ddafe8af3f7a6d7132d2c29a22a7c SHA256:befbfc79e744e9892cfa7db96df3b6e82dc17d2571af42aa427976fc22299838 Referenced In Project/Scope: Simplicite Platform:compile ant-1.10.13.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
A framework for constructing recognizers, compilers,
and translators from grammatical descriptions containing
Java, C#, C++, or Python actions.
License:
BSD License: http://www.antlr.org/license.html
File Path: /var/simplicite/.m2/repository/antlr/antlr/2.7.7/antlr-2.7.7.jar MD5: f8f1352c52a4c6a500b597596501fc64 SHA1: 83cd2cd674a217ade95a4bb83a8a14f351f48bd0 SHA256:88fbda4b912596b9f56e8e12e580cc954bacfb51776ecfddd3e18fc1cf56dc4c Referenced In Project/Scope: Simplicite Platform:compile antlr-2.7.7.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.docx4j/docx4j-core@11.4.5
A framework for constructing recognizers, compilers, and translators from grammatical descriptions containing Java, C#, C++, or Python actions.
File Path: /var/simplicite/.m2/repository/org/antlr/antlr-runtime/3.5.2/antlr-runtime-3.5.2.jar MD5: 1fbbae2cb72530207c20b797bdabd029 SHA1: cd9cd41361c155f3af0f653009dcecb08d8b4afd SHA256:ce3fc8ecb10f39e9a3cddcbb2ce350d272d9cd3d0b1e18e6fe73c3b9389c8734 Referenced In Project/Scope: Simplicite Platform:compile antlr-runtime-3.5.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.docx4j/docx4j-core@11.4.5
File Path: /var/simplicite/.m2/repository/aopalliance/aopalliance/1.0/aopalliance-1.0.jar MD5: 04177054e180d09e3998808efa0401c7 SHA1: 0235ba8b489512805ac13a8f9ea77a1ca5ebe3e8 SHA256:0addec670fedcd3f113c5c8091d783280d23f75e3acb841b61a9cdb079376a08 Referenced In Project/Scope: Simplicite Platform:compile aopalliance-1.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.jclouds/jclouds-core@2.5.0
File Path: /var/simplicite/.m2/repository/org/glassfish/hk2/external/aopalliance-repackaged/2.6.1/aopalliance-repackaged-2.6.1.jar MD5: 0237846ebdaa7db36b356044a373ffba SHA1: b2eb0a83bcbb44cc5d25f8b18f23be116313a638 SHA256:bad77f9278d753406360af9e4747bd9b3161554ea9cd3d62411a0ae1f2c141fd Referenced In Project/Scope: Simplicite Platform:provided aopalliance-repackaged-2.6.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.docusign/docusign-esign-java@3.18.0
Evidence
Type
Source
Name
Value
Confidence
Vendor
file
name
aopalliance-repackaged
High
Vendor
jar
package name
aopalliance
Highest
Vendor
Manifest
bundle-docurl
http://www.oracle.com
Low
Vendor
Manifest
bundle-symbolicname
org.glassfish.hk2.external.aopalliance-repackaged
Medium
Vendor
pom
artifactid
aopalliance-repackaged
Highest
Vendor
pom
artifactid
aopalliance-repackaged
Low
Vendor
pom
groupid
org.glassfish.hk2.external
Highest
Vendor
pom
name
aopalliance version repackaged as a module
High
Vendor
pom
name
aopalliance version ${aopalliance.version} repackaged as a module
High
Vendor
pom
parent-artifactid
external
Low
Vendor
pom
parent-groupid
org.glassfish.hk2
Medium
Product
file
name
aopalliance-repackaged
High
Product
jar
package name
aopalliance
Highest
Product
Manifest
bundle-docurl
http://www.oracle.com
Low
Product
Manifest
Bundle-Name
aopalliance version 1.0 repackaged as a module
Medium
Product
Manifest
bundle-symbolicname
org.glassfish.hk2.external.aopalliance-repackaged
Medium
Product
pom
artifactid
aopalliance-repackaged
Highest
Product
pom
groupid
org.glassfish.hk2.external
Highest
Product
pom
name
aopalliance version repackaged as a module
High
Product
pom
name
aopalliance version ${aopalliance.version} repackaged as a module
File Path: /var/simplicite/.m2/repository/org/apache/james/apache-mime4j-core/0.8.9/apache-mime4j-core-0.8.9.jar MD5: 83d942785627f7538d44b360a13ad824 SHA1: 718755ac63359ab202911caf76cf79d9d44f8e17 SHA256:901486a66c0eeee9d6bd63b1eaa195e164100cf415b0122388813d484947801f Referenced In Project/Scope: Simplicite Platform:compile apache-mime4j-core-0.8.9.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
Improper input validation allows for header injection in MIME4J library when using MIME4J DOM for composing message.
This can be exploited by an attacker to add unintended headers to MIME messages.
File Path: /var/simplicite/.m2/repository/org/apache/james/apache-mime4j-dom/0.8.9/apache-mime4j-dom-0.8.9.jar MD5: 72175c47d8dd8d678f3433fc88dc3cd7 SHA1: cf9daba1dd95aa3c32a05fbfb5edf5f078a0465a SHA256:726d04098a6317cf175b3708a736ed4ecbc09cf7673784eaf1f4251f030d2433 Referenced In Project/Scope: Simplicite Platform:compile apache-mime4j-dom-0.8.9.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
File Path: /var/simplicite/.m2/repository/com/google/api/api-common/2.1.5/api-common-2.1.5.jar MD5: 06217329f446606a8009b22ff2a1727e SHA1: 856fe2e1cafce0314ba0916affb5744d5b6e7425 SHA256:661307a5436fcbfcbc1b5c98aba9067bddfed5fff1b07330a056f84779b703c0 Referenced In Project/Scope: Simplicite Platform:compile api-common-2.1.5.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.google.cloud/google-cloud-storage@2.6.0
ASM, a very small and fast Java bytecode manipulation framework
License:
BSD-3-Clause: https://asm.ow2.io/license.html
File Path: /var/simplicite/.m2/repository/org/ow2/asm/asm/9.4/asm-9.4.jar MD5: ffa64f03a23a4823d98703e6ce6ff397 SHA1: b4e0e2d2e023aa317b7cfcfc916377ea348e07d1 SHA256:39d0e2b3dc45af65a09b097945750a94a126e052e124f93468443a1d0e15f381 Referenced In Project/Scope: Simplicite Platform:compile asm-9.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.tika/tika-parsers-standard-package@2.7.0
Evidence
Type
Source
Name
Value
Confidence
Vendor
file
name
asm
High
Vendor
jar
package name
asm
Highest
Vendor
jar
package name
objectweb
Highest
Vendor
Manifest
bundle-docurl
http://asm.ow2.org
Low
Vendor
Manifest
bundle-requiredexecutionenvironment
J2SE-1.5
Low
Vendor
Manifest
bundle-symbolicname
org.objectweb.asm
Medium
Vendor
pom
artifactid
asm
Highest
Vendor
pom
artifactid
asm
Low
Vendor
pom
developer email
ebruneton@free.fr
Low
Vendor
pom
developer email
eu@javatx.org
Low
Vendor
pom
developer email
forax@univ-mlv.fr
Low
Vendor
pom
developer id
ebruneton
Medium
Vendor
pom
developer id
eu
Medium
Vendor
pom
developer id
forax
Medium
Vendor
pom
developer name
Eric Bruneton
Medium
Vendor
pom
developer name
Eugene Kuleshov
Medium
Vendor
pom
developer name
Remi Forax
Medium
Vendor
pom
groupid
org.ow2.asm
Highest
Vendor
pom
name
asm
High
Vendor
pom
organization name
OW2
High
Vendor
pom
organization url
http://www.ow2.org/
Medium
Vendor
pom
parent-artifactid
ow2
Low
Vendor
pom
parent-groupid
org.ow2
Medium
Vendor
pom
url
http://asm.ow2.io/
Highest
Product
file
name
asm
High
Product
jar
package name
asm
Highest
Product
jar
package name
objectweb
Highest
Product
Manifest
bundle-docurl
http://asm.ow2.org
Low
Product
Manifest
Bundle-Name
org.objectweb.asm
Medium
Product
Manifest
bundle-requiredexecutionenvironment
J2SE-1.5
Low
Product
Manifest
bundle-symbolicname
org.objectweb.asm
Medium
Product
Manifest
Implementation-Title
ASM, a very small and fast Java bytecode manipulation framework
Immutable value-type code generation for Java 1.7+.
File Path: /var/simplicite/.m2/repository/com/google/auto/value/auto-value-annotations/1.9/auto-value-annotations-1.9.jar MD5: 86f1f5d71eceea4eb4e3ad0505e8b22c SHA1: 25a0fcef915f663679fcdb447541c5d86a9be4ba SHA256:fa5469f4c44ee598a2d8f033ab0a9dcbc6498a0c5e0c998dfa0c2adf51358044 Referenced In Project/Scope: Simplicite Platform:compile auto-value-annotations-1.9.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.google.cloud/google-cloud-storage@2.6.0
Java library to extract links (URLs, email addresses) from plain text;
fast, small and smart about recognizing where links end
License:
MIT License: http://www.opensource.org/licenses/mit-license.php
File Path: /var/simplicite/.m2/repository/org/nibor/autolink/autolink/0.10.0/autolink-0.10.0.jar MD5: be771f6d4d82b9098596afa30b4f48ea SHA1: 6579ea7079be461e5ffa99f33222a632711cc671 SHA256:302b30160968415ee6cd1907987138c7575a6315f9b6ef13b9fe3abc87367857 Referenced In Project/Scope: Simplicite Platform:compile autolink-0.10.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.commonmark/commonmark-ext-autolink@0.21.0
File Path: /var/simplicite/.m2/repository/avalon-framework/avalon-framework-impl/4.2.0/avalon-framework-impl-4.2.0.jar MD5: 5c1f8f5c8c6c043538fc4ea038c2aaf6 SHA1: 4da1db18947eb6950abb7ad79253011b9aec0e48 SHA256:ed42c573cab460ca634b5c64a3b40ed1d67d6ee47fe25f87947370bede6af814 Referenced In Project/Scope: Simplicite Platform:compile avalon-framework-impl-4.2.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.sf.barcode4j/barcode4j@2.1
Simple Storage Service (S3) implementation targeted to Amazon Web Services
File Path: /var/simplicite/.m2/repository/org/apache/jclouds/provider/aws-s3/2.5.0/aws-s3-2.5.0.jar MD5: 167cb45c01df725ad27b3a8138951cc8 SHA1: 034fcf2ec0a9897bb7fcdeabc2a9d8673395a6a1 SHA256:166aeb5c25a235f63323ebc2edec912f2060f2199edd82f19f355bd014f79710 Referenced In Project/Scope: Simplicite Platform:compile aws-s3-2.5.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
Evidence
Type
Source
Name
Value
Confidence
Vendor
file
name
aws-s3
High
Vendor
jar
package name
aws
Highest
Vendor
jar
package name
jclouds
Highest
Vendor
jar
package name
s3
Highest
Vendor
Manifest
bundle-symbolicname
aws-s3
Medium
Vendor
Manifest
implementation-url
https://jclouds.apache.org/aws-s3/
Low
Vendor
Manifest
Implementation-Vendor
jclouds
High
Vendor
Manifest
Implementation-Vendor-Id
org.apache.jclouds
Medium
Vendor
Manifest
specification-vendor
jclouds
Low
Vendor
pom
artifactid
aws-s3
Highest
Vendor
pom
artifactid
aws-s3
Low
Vendor
pom
groupid
org.apache.jclouds.provider
Highest
Vendor
pom
name
jclouds Amazon Simple Storage Service (S3) provider
High
Vendor
pom
parent-artifactid
jclouds-project
Low
Vendor
pom
parent-groupid
org.apache.jclouds
Medium
Product
file
name
aws-s3
High
Product
jar
package name
aws
Highest
Product
jar
package name
jclouds
Highest
Product
jar
package name
s3
Highest
Product
Manifest
Bundle-Name
jclouds Amazon Simple Storage Service (S3) provider
Medium
Product
Manifest
bundle-symbolicname
aws-s3
Medium
Product
Manifest
Implementation-Title
jclouds Amazon Simple Storage Service (S3) provider
High
Product
Manifest
implementation-url
https://jclouds.apache.org/aws-s3/
Low
Product
Manifest
specification-title
jclouds jclouds Amazon Simple Storage Service (S3) provider
Medium
Product
pom
artifactid
aws-s3
Highest
Product
pom
groupid
org.apache.jclouds.provider
Highest
Product
pom
name
jclouds Amazon Simple Storage Service (S3) provider
File Path: /var/simplicite/.m2/repository/org/apache/jclouds/provider/azureblob/2.5.0/azureblob-2.5.0.jar MD5: d3e3160cb1cdc5825d454505c429999d SHA1: ce68d3bce0bc135ec7d958980b3e30267ad805b6 SHA256:c21dd6a733163ed9c2f9f487ea02a723a20526de33e87cd5b3d328833b476cd0 Referenced In Project/Scope: Simplicite Platform:compile azureblob-2.5.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
Barcode4J is a flexible generator for barcodes written in Java.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/net/sf/barcode4j/barcode4j/2.1/barcode4j-2.1.jar MD5: 4fc30cdb7b1abaf1ce08f26b0666e351 SHA1: 4b38b2219c0d522fcea8238493f2ea3e238ef529 SHA256:eb7252cc41a1539bcd018348e9f60e0942872bdaa49c58051e656a6be94969fb Referenced In Project/Scope: Simplicite Platform:compile barcode4j-2.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
The Bouncy Castle Java S/MIME APIs for handling S/MIME protocols. This jar contains S/MIME APIs for JDK 1.8 and up. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs. The JavaMail API and the Java activation framework will also be needed.
File Path: /var/simplicite/.m2/repository/org/bouncycastle/bcmail-jdk18on/1.73/bcmail-jdk18on-1.73.jar MD5: d0f7939c8a9b3f7d90bfa8060318843e SHA1: 2c132108f42d6fe499938440b5da9c65da06033b SHA256:d94dc99d55152cab2bb5496601902cd7db06dfd960450d27b67118102f91f7e1 Referenced In Project/Scope: Simplicite Platform:compile bcmail-jdk18on-1.73.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
The Bouncy Castle Java API for handling the OpenPGP protocol. This jar contains the OpenPGP API for JDK 1.8 and up. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs.
License:
Bouncy Castle Licence: https://www.bouncycastle.org/licence.html
Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /var/simplicite/.m2/repository/org/bouncycastle/bcpg-jdk18on/1.73/bcpg-jdk18on-1.73.jar MD5: 0e3aaf2b2fae29065f9098fd24b63899 SHA1: 2838f8c35e6e716349ce780c9c88271cab32065d SHA256:dd6efbd826f0d3aed3a1193acf1d81dd6044c585b90ddf88adca4e1fb41a0984 Referenced In Project/Scope: Simplicite Platform:compile bcpg-jdk18on-1.73.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
The Bouncy Castle Java APIs for CMS, PKCS, EAC, TSP, CMP, CRMF, OCSP, and certificate generation. This jar contains APIs for JDK 1.8 and up. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs.
File Path: /var/simplicite/.m2/repository/org/bouncycastle/bcpkix-jdk18on/1.73/bcpkix-jdk18on-1.73.jar MD5: 18315c3729fc76e2217efffd1f618e64 SHA1: fd41dae0f564a93888ed5ade426281de94824717 SHA256:9487164ba018f2211fcc0f989d6f4ea25b7d48fc6031501c3c7e3a17b164d860 Referenced In Project/Scope: Simplicite Platform:compile bcpkix-jdk18on-1.73.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.8 and up. Note: this package includes the NTRU encryption algorithms.
File Path: /var/simplicite/.m2/repository/org/bouncycastle/bcprov-ext-jdk18on/1.73/bcprov-ext-jdk18on-1.73.jar MD5: e0e7191a082e33ca6fe4af159fbd5bff SHA1: faec66c90751bf9e97f4ae148955e377021982f2 SHA256:f137490b4d8fa5aeaca5683bca391f7c91eb2085b625c28dde1a3e18506d7034 Referenced In Project/Scope: Simplicite Platform:compile bcprov-ext-jdk18on-1.73.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
Bouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability. The vulnerability only affects applications that use an LDAP CertStore from Bouncy Castle to validate X.509 certificates. During the certificate validation process, Bouncy Castle inserts the certificate's Subject Name into an LDAP search filter without any escaping, which leads to an LDAP injection vulnerability.
The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.5 and up.
File Path: /var/simplicite/.m2/repository/org/bouncycastle/bcprov-jdk15on/1.69/bcprov-jdk15on-1.69.jar MD5: 76388cd78560913812a26f6f44651f53 SHA1: 91e1628251cf3ca90093ce9d0fe67e5b7dab3850 SHA256:e469bd39f936999f256002631003ff022a22951da9d5bd9789c7abfa9763a292 Referenced In Project/Scope: Simplicite Platform:runtime bcprov-jdk15on-1.69.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.docusign/docusign-esign-java@3.18.0
Bouncy Castle for Java before 1.73 contains a potential Denial of Service (DoS) issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams containing X.509 certificates, PKCS8 encoded keys, and PKCS7 objects. Parsing a file that has crafted ASN.1 data through the PEMParser causes an OutOfMemoryError, which can enable a denial of service attack. (For users of the FIPS Java API: BC-FJA 1.0.2.3 and earlier are affected; BC-FJA 1.0.2.4 is fixed.)
Bouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability. The vulnerability only affects applications that use an LDAP CertStore from Bouncy Castle to validate X.509 certificates. During the certificate validation process, Bouncy Castle inserts the certificate's Subject Name into an LDAP search filter without any escaping, which leads to an LDAP injection vulnerability.
The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.8 and up.
File Path: /var/simplicite/.m2/repository/org/bouncycastle/bcprov-jdk18on/1.73/bcprov-jdk18on-1.73.jar MD5: db1309ef2297987495d57456a66fe137 SHA1: 4bd3de48e5153059fe3f80cbcf86ea221795ee55 SHA256:ad3ae628f4459a8fecb5c1a142b5525ce5118817414f97efd92f5448a69180ff Referenced In Project/Scope: Simplicite Platform:compile bcprov-jdk18on-1.73.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
Bouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability. The vulnerability only affects applications that use an LDAP CertStore from Bouncy Castle to validate X.509 certificates. During the certificate validation process, Bouncy Castle inserts the certificate's Subject Name into an LDAP search filter without any escaping, which leads to an LDAP injection vulnerability.
File Path: /var/simplicite/.m2/repository/org/bouncycastle/bcutil-jdk18on/1.73/bcutil-jdk18on-1.73.jar MD5: e535f6c495b9197e287f68375b0508f1 SHA1: 073a680acd04b249a6773f49200092cadb670bf0 SHA256:0b70292c36cfe08ac00a71f5cc5af4c412ceedbc8c0f0a22995dbacfaf25dd42 Referenced In Project/Scope: Simplicite Platform:compile bcutil-jdk18on-1.73.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.bouncycastle/bcpkix-jdk18on@1.73
Cross Site Scripting vulnerability in BootBox Bootbox.js v.3.2 through 6.0 allows a remote attacker to execute arbitrary code via a crafted payload to alert(), confirm(), prompt() functions.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/mongodb/bson/3.12.13/bson-3.12.13.jar MD5: 8372c7e19dfc5164761daaeca1557548 SHA1: 49dc931b5629509b06a9f696f8036d258adc90ef SHA256:d1837cb8c051e4212f95adba227f566b752fe0f14e51717b5d60b4ed77b8803e Referenced In Project/Scope: Simplicite Platform:compile bson-3.12.13.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.mongodb/mongodb-driver@3.12.13
Byte Buddy is a Java library for creating Java classes at run time.
This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.
File Path: /var/simplicite/.m2/repository/net/bytebuddy/byte-buddy/1.14.4/byte-buddy-1.14.4.jar MD5: 21117c3c69db9aa3080d611640a27bb9 SHA1: 20498aaec9b00a5cfdb831e7bf68feafa833ce4b SHA256:7ae2b39ac230be9e3e09ce020406c017ff8ceba06eaf078c62a88c218a0ff2b4 Referenced In Project/Scope: Simplicite Platform:compile byte-buddy-1.14.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.mockito/mockito-core@5.3.0
File Path: /var/simplicite/.m2/repository/net/bytebuddy/byte-buddy-agent/1.14.4/byte-buddy-agent-1.14.4.jar MD5: f9b055b741a5a0539d86a4f984ac9a68 SHA1: 3bf5ac1104554908cc623e40e58a00be37c35f36 SHA256:fbd1ab3db43c6c78b8804908cb95b656517f5c82e7fde8d255d8bdceef412d70 Referenced In Project/Scope: Simplicite Platform:compile byte-buddy-agent-1.14.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.mockito/mockito-core@5.3.0
a JDBC Connection pooling / Statement caching library
License:
GNU Lesser General Public License, Version 2.1: http://www.gnu.org/licenses/lgpl-2.1.html
Eclipse Public License, Version 1.0: http://www.eclipse.org/org/documents/epl-v10.php
File Path: /var/simplicite/.m2/repository/com/mchange/c3p0/0.9.5.5/c3p0-0.9.5.5.jar MD5: 9fc982b4b179e44cec986ea86fe1bff7 SHA1: 37dfc3021e5589d65ff2ae0becf811510b87ab01 SHA256:96cec5ddfe2f08b8407125d8228eb0392121e1bf2239ca621bb19228b67f741a Referenced In Project/Scope: Simplicite Platform:compile c3p0-0.9.5.5.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/javax/cache/cache-api/1.1.0/cache-api-1.1.0.jar MD5: ac907ad12e9a7ac5d41abf703855002f SHA1: 77bdcff7814076dfa61611b0db88487c515150b6 SHA256:6c980ad1ae4a6dda3bdb62986c3ef5b41ccf766e12353587ee4e4307e27e155a Referenced In Project/Scope: Simplicite Platform:compile cache-api-1.1.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.ehcache/ehcache@3.10.8
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/github/ben-manes/caffeine/caffeine/3.1.6/caffeine-3.1.6.jar MD5: 7661b25999918646ec802846cc4c16bc SHA1: 3646a0d1b1abe6a31f72f2237d9004d10a5be91d SHA256:0311f9d5d9750aa2a1c11cbdba5a5cb7fec91c8870d6f179f324b3f5295b87dd Referenced In Project/Scope: Simplicite Platform:compile caffeine-3.1.6.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
Checker Qual is the set of annotations (qualifiers) and supporting classes
used by the Checker Framework to type check Java source code. Please
see artifact:
org.checkerframework:checker
License:
GNU General Public License, version 2 (GPL2), with the classpath exception: http://www.gnu.org/software/classpath/license.html
The MIT License: http://opensource.org/licenses/MIT
File Path: /var/simplicite/.m2/repository/org/checkerframework/checker-compat-qual/2.5.5/checker-compat-qual-2.5.5.jar MD5: b7a5c96547fb3fb6869f5f76bcd19b15 SHA1: 435dc33e3019c9f019e15f01aa111de9d6b2b79c SHA256:11d134b245e9cacc474514d2d66b5b8618f8039a1465cdc55bbc0b34e0008b7a Referenced In Project/Scope: Simplicite Platform:compile checker-compat-qual-2.5.5.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.google.firebase/firebase-admin@8.1.0
checker-qual contains annotations (type qualifiers) that a programmer
writes to specify Java code for type-checking by the Checker Framework.
License:
The MIT License: http://opensource.org/licenses/MIT
File Path: /var/simplicite/.m2/repository/org/checkerframework/checker-qual/3.33.0/checker-qual-3.33.0.jar MD5: fc9418b779d9d57dcd52197006cbdb9b SHA1: de2b60b62da487644fc11f734e73c8b0b431238f SHA256:e316255bbfcd9fe50d165314b85abb2b33cb2a66a93c491db648e498a82c2de1 Referenced In Project/Scope: Simplicite Platform:compile checker-qual-3.33.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
File Path: /var/simplicite/.m2/repository/org/glassfish/jaxb/codemodel/3.0.2/codemodel-3.0.2.jar MD5: b0847dc199eb2cd4ee6e8d3627eedaa7 SHA1: 0b7caeacad98da5c40de8650317cfa573b0674c7 SHA256:693c03822476403b9fcb6578cf6b07b20c7f9d0d36a2d27cccf0c08dc587ee27 Referenced In Project/Scope: Simplicite Platform:compile codemodel-3.0.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.glassfish.jaxb/jaxb-xjc@3.0.2
Core of commonmark-java (implementation of CommonMark for parsing markdown and rendering to HTML)
File Path: /var/simplicite/.m2/repository/org/commonmark/commonmark/0.21.0/commonmark-0.21.0.jar MD5: c0c0bf595a23b868d229b5f5806b0646 SHA1: c98f0473b17c87fe4fa2fc62a7c6523a2fe018f0 SHA256:81084a7035046fe306f0dbf16ef57a68d08ee5c97004ea867e62b5db46e98afb Referenced In Project/Scope: Simplicite Platform:compile commonmark-0.21.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
commonmark-java extension for turning plain URLs and email addresses into links
File Path: /var/simplicite/.m2/repository/org/commonmark/commonmark-ext-autolink/0.21.0/commonmark-ext-autolink-0.21.0.jar MD5: eafd2cf973eb3d6b88cfbf825f53353b SHA1: 55c0312cf443fa3d5af0daeeeca00d6deee3cf90 SHA256:3cd57d5d1dbde724e6700c53a590534bb24f3e2695ff3505eba32dc4c7781ba9 Referenced In Project/Scope: Simplicite Platform:compile commonmark-ext-autolink-0.21.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
commonmark-java extension for GFM strikethrough using ~~ (GitHub Flavored Markdown)
File Path: /var/simplicite/.m2/repository/org/commonmark/commonmark-ext-gfm-strikethrough/0.21.0/commonmark-ext-gfm-strikethrough-0.21.0.jar MD5: 0d67b70370ae58992db317e6f59c4b6c SHA1: 953f4b71e133a98fcca93f3c3f4e58b895b76d1f SHA256:b5ed6fa18214e588e502385d95e878a8150f122c7a874a75a389682837b906f8 Referenced In Project/Scope: Simplicite Platform:compile commonmark-ext-gfm-strikethrough-0.21.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
commonmark-java extension for GFM tables using "|" pipes (GitHub Flavored Markdown)
File Path: /var/simplicite/.m2/repository/org/commonmark/commonmark-ext-gfm-tables/0.21.0/commonmark-ext-gfm-tables-0.21.0.jar MD5: 94435093a666e5b7c26b3fa497a314c8 SHA1: fb7d65fa89a4cfcd2f51535d2549b570cf1dbd1a SHA256:fc05fe991f2254ab0c8f6ccb9f0b6ec1c2b6df350389ed3e411ac6f52e7a75e5 Referenced In Project/Scope: Simplicite Platform:compile commonmark-ext-gfm-tables-0.21.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
commonmark-java extension for adding unique id attributes to header tags
File Path: /var/simplicite/.m2/repository/org/commonmark/commonmark-ext-heading-anchor/0.21.0/commonmark-ext-heading-anchor-0.21.0.jar MD5: c50cfa7efc450625f763d7840db083cc SHA1: 92529c00bb762aa3ab83ba3cd50dceb5e5e9f8e4 SHA256:e4d53590e0eefe2987786b5b5a9145c0a66c64f570eb4955b52b0255ee333e16 Referenced In Project/Scope: Simplicite Platform:compile commonmark-ext-heading-anchor-0.21.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
Evidence
Type
Source
Name
Value
Confidence
Vendor
file
name
commonmark-ext-heading-anchor
High
Vendor
jar
package name
anchor
Highest
Vendor
jar
package name
commonmark
Highest
Vendor
jar
package name
ext
Highest
Vendor
jar
package name
heading
Highest
Vendor
Manifest
automatic-module-name
org.commonmark.ext.heading.anchor
Medium
Vendor
Manifest
build-jdk-spec
1.8
Low
Vendor
pom
artifactid
commonmark-ext-heading-anchor
Highest
Vendor
pom
artifactid
commonmark-ext-heading-anchor
Low
Vendor
pom
groupid
org.commonmark
Highest
Vendor
pom
name
commonmark-java extension for adding id attributes to h tags
High
Vendor
pom
parent-artifactid
commonmark-parent
Low
Product
file
name
commonmark-ext-heading-anchor
High
Product
jar
package name
anchor
Highest
Product
jar
package name
commonmark
Highest
Product
jar
package name
ext
Highest
Product
jar
package name
heading
Highest
Product
Manifest
automatic-module-name
org.commonmark.ext.heading.anchor
Medium
Product
Manifest
build-jdk-spec
1.8
Low
Product
pom
artifactid
commonmark-ext-heading-anchor
Highest
Product
pom
groupid
org.commonmark
Highest
Product
pom
name
commonmark-java extension for adding id attributes to h tags
commonmark-java extension for adding attributes to images
File Path: /var/simplicite/.m2/repository/org/commonmark/commonmark-ext-image-attributes/0.21.0/commonmark-ext-image-attributes-0.21.0.jar MD5: b31855c624f339806124fc055f8ddcd0 SHA1: a4ea23623ed6e7546425077f5161af209d302a7f SHA256:6caf48abe76f66b857577b1c006ec31e2b56f73e321779d233f035fa2cddde1f Referenced In Project/Scope: Simplicite Platform:compile commonmark-ext-image-attributes-0.21.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
File Path: /var/simplicite/.m2/repository/org/commonmark/commonmark-ext-ins/0.21.0/commonmark-ext-ins-0.21.0.jar MD5: 9e05ae2e9e40e7cf30f3b90f7c437439 SHA1: 5d2126c4af5e25a0ac67aa7cd0892a562c4bfd9e SHA256:3b544e076d3cf2259f008b168ffe6bdff4fb2871537c56f3b2a1cf3a93c84250 Referenced In Project/Scope: Simplicite Platform:compile commonmark-ext-ins-0.21.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
File Path: /var/simplicite/.m2/repository/org/commonmark/commonmark-ext-task-list-items/0.21.0/commonmark-ext-task-list-items-0.21.0.jar MD5: e03887a06f645da25e87f8f0c953365e SHA1: 3aafb756507be546e1aa1f6f8ee6c0f1e71ebf4a SHA256:53a3c76cf56947af1f6882a9a1ce962f3b338ca952d83dd402b7f5711c14bee0 Referenced In Project/Scope: Simplicite Platform:compile commonmark-ext-task-list-items-0.21.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
File Path: /var/simplicite/.m2/repository/org/commonmark/commonmark-ext-yaml-front-matter/0.21.0/commonmark-ext-yaml-front-matter-0.21.0.jar MD5: a59fa78ad0444d1bb245d35b103a3f0a SHA1: d99588df09445d3e70627dffdb02da4338851ff2 SHA256:0683332fd8ef7aafdf28de2658fa4200e5c9a9e219c331bfde3f501854b8f798 Referenced In Project/Scope: Simplicite Platform:compile commonmark-ext-yaml-front-matter-0.21.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
File Path: /var/simplicite/.m2/repository/commons-beanutils/commons-beanutils/1.9.4/commons-beanutils-1.9.4.jar MD5: 07dc532ee316fe1f2f0323e9bd2f8df4 SHA1: d52b9abcd97f38c81342bb7e7ae1eee9b73cba51 SHA256:7d938c81789028045c08c065e94be75fc280527620d5bd62b519d5838532368a Referenced In Project/Scope: Simplicite Platform:compile commons-beanutils-1.9.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
File Path: /var/simplicite/.m2/repository/commons-cli/commons-cli/1.5.0/commons-cli-1.5.0.jar MD5: 6c3b2052160144196118b1f019504388 SHA1: dc98be5d5390230684a092589d70ea76a147925c SHA256:bc8bb01fc0fad250385706e20f927ddcff6173f6339b387dc879237752567ac6 Referenced In Project/Scope: Simplicite Platform:compile commons-cli-1.5.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
The Apache Commons Codec package contains simple encoder and decoders for
various formats such as Base64 and Hexadecimal. In addition to these
widely used encoders and decoders, the codec package also maintains a
collection of phonetic encoding utilities.
File Path: /var/simplicite/.m2/repository/commons-codec/commons-codec/1.15/commons-codec-1.15.jar MD5: 303baf002ce6d382198090aedd9d79a2 SHA1: 49d94806b6e3dc933dacbd8acb0fdbab8ebd1e5d SHA256:b3e9f6d63a790109bf0d056611fbed1cf69055826defeb9894a71369d246ed63 Referenced In Project/Scope: Simplicite Platform:compile commons-codec-1.15.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
File Path: /var/simplicite/.m2/repository/commons-collections/commons-collections/3.2.2/commons-collections-3.2.2.jar MD5: f54a8510f834a1a57166970bfc982e94 SHA1: 8ad72fe39fa8c91eaaf12aadb21e0c3661fe26d5 SHA256:eeeae917917144a68a741d4c0dff66aa5c5c5fd85593ff217bced3fc8ca783b8 Referenced In Project/Scope: Simplicite Platform:compile commons-collections-3.2.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
File Path: /var/simplicite/.m2/repository/org/apache/commons/commons-collections4/4.4/commons-collections4-4.4.jar MD5: 4a37023740719b391f10030362c86be6 SHA1: 62ebe7544cb7164d87e0637a2a6a2bdc981395e8 SHA256:1df8b9430b5c8ed143d7815e403e33ef5371b2400aadbe9bda0883762e0846d1 Referenced In Project/Scope: Simplicite Platform:compile commons-collections4-4.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
Apache Commons Compress software defines an API for working with
compression and archive formats. These include: bzip2, gzip, pack200,
lzma, xz, Snappy, traditional Unix Compress, DEFLATE, DEFLATE64, LZ4,
Brotli, Zstandard and ar, cpio, jar, tar, zip, dump, 7z, arj.
File Path: /var/simplicite/.m2/repository/org/apache/commons/commons-compress/1.23.0/commons-compress-1.23.0.jar MD5: 96b88349958aeaa15cdf6e5e877bdced SHA1: 4af2060ea9b0c8b74f1854c6cafe4d43cfc161fc SHA256:c267f17160e9ef662b4d78b7f29dca7c82b15c5cff2cb6a9865ef4ab3dd5b787 Referenced In Project/Scope: Simplicite Platform:compile commons-compress-1.23.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
Improper Input Validation, Uncontrolled Resource Consumption vulnerability in Apache Commons Compress in TAR parsing.This issue affects Apache Commons Compress: from 1.22 before 1.24.0.
Users are recommended to upgrade to version 1.24.0, which fixes the issue.
A third party can create a malformed TAR file by manipulating file modification times headers, which when parsed with Apache Commons Compress, will cause a denial of service issue via CPU consumption.
In version 1.22 of Apache Commons Compress, support was added for file modification times with higher precision (issue # COMPRESS-612 [1]). The format for the PAX extended headers carrying this data consists of two numbers separated by a period [2], indicating seconds and subsecond precision (for example “1647221103.5998539”). The impacted fields are “atime”, “ctime”, “mtime” and “LIBARCHIVE.creationtime”. No input validation is performed prior to the parsing of header values.
Parsing of these numbers uses the BigDecimal [3] class from the JDK which has a publicly known algorithmic complexity issue when doing operations on large numbers, causing denial of service (see issue # JDK-6560193 [4]). A third party can manipulate file time headers in a TAR file by placing a number with a very long fraction (300,000 digits) or a number with exponent notation (such as “9e9999999”) within a file modification time header, and the parsing of files with these headers will take hours instead of seconds, leading to a denial of service via exhaustion of CPU resources. This issue is similar to CVE-2012-2098 [5].
[1]: https://issues.apache.org/jira/browse/COMPRESS-612
[2]: https://pubs.opengroup.org/onlinepubs/9699919799/utilities/pax.html#tag_20_92_13_05
[3]: https://docs.oracle.com/javase/8/docs/api/java/math/BigDecimal.html
[4]: https://bugs.openjdk.org/browse/JDK-6560193
[5]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2098
Only applications using CompressorStreamFactory class (with auto-detection of file types), TarArchiveInputStream and TarFile classes to parse TAR files are impacted. Since this code was introduced in v1.22, only that version and later versions are impacted.
Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.3 through 1.25.0.
Users are recommended to upgrade to version 1.26.0 which fixes the issue.
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')
Allocation of Resources Without Limits or Throttling vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.21 before 1.26.
Users are recommended to upgrade to version 1.26, which fixes the issue.
CWE-770 Allocation of Resources Without Limits or Throttling
File Path: /var/simplicite/.m2/repository/org/apache/commons/commons-csv/1.10.0/commons-csv-1.10.0.jar MD5: 9b3be74e726a151524bf31ec293ff285 SHA1: 8669bee353424c3223c93723291b5c3753260c1c SHA256:2d06e6a07a636baf777ad8e659256f2119109dde23551c9b80c5422d424b808c Referenced In Project/Scope: Simplicite Platform:compile commons-csv-1.10.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
The Digester package lets you configure an XML to Java object mapping module
which triggers certain actions called rules whenever a particular
pattern of nested XML elements is recognized.
File Path: /var/simplicite/.m2/repository/commons-digester/commons-digester/2.1/commons-digester-2.1.jar MD5: 528445033f22da28f5047b6abcd1c7c9 SHA1: 73a8001e7a54a255eef0f03521ec1805dc738ca0 SHA256:e0b2b980a84fc6533c5ce291f1917b32c507f62bcad64198fff44368c2196a3d Referenced In Project/Scope: Simplicite Platform:compile commons-digester-2.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/commons-validator/commons-validator@1.7
File Path: /var/simplicite/.m2/repository/commons-discovery/commons-discovery/0.5/commons-discovery-0.5.jar MD5: b35120680c3a22cec7a037fce196cd97 SHA1: 3a8ac816bbe02d2f88523ef22cbf2c4abd71d6a8 SHA256:e5b7d58ae62e5b309d5c0ffa5a5b1d9d1e0f0c4c3cc18d1fe3103fd29f90149d Referenced In Project/Scope: Simplicite Platform:compile commons-discovery-0.5.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
File Path: /var/simplicite/.m2/repository/org/apache/commons/commons-email/1.5/commons-email-1.5.jar MD5: e72657496d31f152aa26d4122e0850d9 SHA1: e8e677c6362eba14ff3c476ba63ccb83132dbd52 SHA256:ee8479906abb2c355a46a0a9845cfa1803bcc3c520a34baea4a6cf4e1f0f0cc1 Referenced In Project/Scope: Simplicite Platform:compile commons-email-1.5.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
File Path: /var/simplicite/.m2/repository/org/apache/commons/commons-exec/1.3/commons-exec-1.3.jar MD5: 8bb8fa2edfd60d5c7ed6bf9923d14aa8 SHA1: 8dfb9facd0830a27b1b5f29f84593f0aeee7773b SHA256:cb49812dc1bfb0ea4f20f398bcae1a88c6406e213e67f7524fb10d4f8ad9347b Referenced In Project/Scope: Simplicite Platform:compile commons-exec-1.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
The Apache Commons FileUpload component provides a simple yet flexible means of adding support for multipart
file upload functionality to servlets and web applications.
File Path: /var/simplicite/.m2/repository/commons-fileupload/commons-fileupload/1.5/commons-fileupload-1.5.jar MD5: e57ac8a1a6412886a133a2fa08b89735 SHA1: ad4ad2ab2961b4e1891472bd1a33fabefb0385f3 SHA256:51f7b3dcb4e50c7662994da2f47231519ff99707a5c7fb7b05f4c4d3a1728c14 Referenced In Project/Scope: Simplicite Platform:compile commons-fileupload-1.5.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
File Path: /var/simplicite/.m2/repository/org/apache/commons/commons-imaging/1.0-alpha3/commons-imaging-1.0-alpha3.jar MD5: c08d610dd64f970d286444654733a38f SHA1: 6c753938422d5810ab815a24337d062bf4e22614 SHA256:3c5efe8c6654eae6384f0c2e382fafec1f164be527117803d869f8df27b84853 Referenced In Project/Scope: Simplicite Platform:compile commons-imaging-1.0-alpha3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
The Apache Commons IO library contains utility classes, stream implementations, file filters,
file comparators, endian transformation classes, and much more.
File Path: /var/simplicite/.m2/repository/commons-io/commons-io/2.11.0/commons-io-2.11.0.jar MD5: 3b4b7ccfaeceeac240b804839ee1a1ca SHA1: a2503f302b11ebde7ebc3df41daebe0e4eea3689 SHA256:961b2f6d87dbacc5d54abf45ab7a6e2495f89b75598962d8c723cea9bc210908 Referenced In Project/Scope: Simplicite Platform:compile commons-io-2.11.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
Commons Lang, a package of Java utility classes for the
classes that are in java.lang's hierarchy, or are considered to be so
standard as to justify existence in java.lang.
File Path: /var/simplicite/.m2/repository/commons-lang/commons-lang/2.6/commons-lang-2.6.jar MD5: 4d5c1693079575b362edf41500630bbd SHA1: 0ce1edb914c94ebc388f086c6827e8bdeec71ac2 SHA256:50f11b09f877c294d56f24463f47d28f929cf5044f648661c0f0cfbae9a2f49c Referenced In Project/Scope: Simplicite Platform:compile commons-lang-2.6.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
Apache Commons Lang, a package of Java utility classes for the
classes that are in java.lang's hierarchy, or are considered to be so
standard as to justify existence in java.lang.
File Path: /var/simplicite/.m2/repository/org/apache/commons/commons-lang3/3.12.0/commons-lang3-3.12.0.jar MD5: 19fe50567358922bdad277959ea69545 SHA1: c6842c86792ff03b9f1d1fe2aab8dc23aa6c6f0e SHA256:d919d904486c037f8d193412da0c92e22a9fa24230b9d67a57855c5c31c7e94e Referenced In Project/Scope: Simplicite Platform:compile commons-lang3-3.12.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
File Path: /var/simplicite/.m2/repository/commons-logging/commons-logging/1.2/commons-logging-1.2.jar MD5: 040b4b4d8eac886f6b4a2a3bd2f31b00 SHA1: 4bfc12adfe4842bf07b657f0369c4cb522955686 SHA256:daddea1ea0be0f56978ab3006b8ac92834afeefbd9b7e4e6316fca57df0fa636 Referenced In Project/Scope: Simplicite Platform:compile commons-logging-1.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
The Apache Commons Math project is a library of lightweight, self-contained mathematics and statistics components addressing the most common practical problems not immediately available in the Java programming language or commons-lang.
File Path: /var/simplicite/.m2/repository/org/apache/commons/commons-math3/3.6.1/commons-math3-3.6.1.jar MD5: 5b730d97e4e6368069de1983937c508e SHA1: e4ba98f1d4b3c80ec46392f25e094a6a2e58fcbf SHA256:1e56d7b058d28b65abd256b8458e3885b674c1d588fa43cd7d1cbb9c7ef2b308 Referenced In Project/Scope: Simplicite Platform:compile commons-math3-3.6.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
File Path: /var/simplicite/.m2/repository/commons-net/commons-net/3.9.0/commons-net-3.9.0.jar MD5: 5254d7c277c30a378518e99b9d1d3522 SHA1: 5a4e26802e0a5a42938f987976b55dae4a6cc636 SHA256:e3c1566f821b84489308cd933f57e8c00dd8714dc96b898bef844386510d3461 Referenced In Project/Scope: Simplicite Platform:compile commons-net-3.9.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
File Path: /var/simplicite/.m2/repository/org/apache/commons/commons-pool2/2.11.1/commons-pool2-2.11.1.jar MD5: 2210a041929e7c94485d5402458340b9 SHA1: 8970fd110c965f285ed4c6e40be7630c62db6f68 SHA256:ea0505ee7515e58b1ac0e686e4d1a5d9f7d808e251a61bc371aa0595b9963f83 Referenced In Project/Scope: Simplicite Platform:compile commons-pool2-2.11.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
File Path: /var/simplicite/.m2/repository/org/apache/commons/commons-text/1.10.0/commons-text-1.10.0.jar MD5: 4afc9bfa2d31dbf7330c98fcc954b892 SHA1: 3363381aef8cef2dbc1023b3e3a9433b08b64e01 SHA256:770cd903fa7b604d1f7ef7ba17f84108667294b2b478be8ed1af3bffb4ae0018 Referenced In Project/Scope: Simplicite Platform:compile commons-text-1.10.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
Apache Commons Validator provides the building blocks for both client side validation and server side data validation.
It may be used standalone or with a framework like Struts.
File Path: /var/simplicite/.m2/repository/commons-validator/commons-validator/1.7/commons-validator-1.7.jar MD5: 4b6f22de69432bc03254b47310d59651 SHA1: 76069c915de3787f3ddd8726a56f47a95bfcbb0e SHA256:4d74f4ce4fb68b2617edad086df6defdf9338467d2377d2c62e69038e1c4f02f Referenced In Project/Scope: Simplicite Platform:compile commons-validator-1.7.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
File Path: /var/simplicite/.m2/repository/org/apache/commons/commons-vfs2/2.9.0/commons-vfs2-2.9.0.jar MD5: beba9c4909dd2799ee95c8e0c280dbf2 SHA1: 48115c2fb1c5f0a2498a4365162d6b69adec73f3 SHA256:266f96b77aa18773191f6992fc7910999bf8ee8a244ec67a3398b486eb726a7f Referenced In Project/Scope: Simplicite Platform:compile commons-vfs2-2.9.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
File Path: /var/simplicite/.m2/repository/org/conscrypt/conscrypt-openjdk-uber/2.5.1/conscrypt-openjdk-uber-2.5.1.jar MD5: ee6de6e578762d474b2ca5418e16815b SHA1: 3658b276ab54bd600f754b3c8cf4b7cd77fc61e6 SHA256:01f9c742cb592a151e2e62bd5397a8980628a967001fcdacd4aa4744678685f3 Referenced In Project/Scope: Simplicite Platform:compile conscrypt-openjdk-uber-2.5.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.google.cloud/google-cloud-pubsub@1.116.3
File Path: /var/simplicite/.m2/repository/com/google/zxing/core/3.0.1/core-3.0.1.jar MD5: 0a0184c3f92492f721d8631d6f5237de SHA1: 9ebf6cd580d67601fbf88fd007aab4703b19e4c2 SHA256:38c49045765281e4c170062fa3f48e4e988629bf985cab850c7497be5eaa72a1 Referenced In Project/Scope: Simplicite Platform:compile core-3.0.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
Implementation of various mathematical curves that define themselves over a set of control points. The API is written in Java. The curves supported are: Bezier, B-Spline, Cardinal Spline, Catmull-Rom Spline, Lagrange, Natural Cubic Spline, and NURBS.
File Path: /var/simplicite/.m2/repository/com/github/virtuald/curvesapi/1.07/curvesapi-1.07.jar MD5: 79e44d3a323887fba21a34202b8eb1f9 SHA1: 863654849995f9d4f0ed2ed1a3870da3a108473c SHA256:b31539cdcf189d9e68a1f6998cba09ea912f99f5f24bcd0650212b1af9d355a2 Referenced In Project/Scope: Simplicite Platform:compile curvesapi-1.07.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.poi/poi-ooxml@5.2.3
This library enables Java applications to work with property lists in various formats.
Supported formats for reading and writing are OS X/iOS binary and XML property lists.
ASCII property lists are also supported.
The library also provides access to basic functions of NeXTSTEP/Cocoa classes like
NSDictionary, NSArray, etc.
License:
MIT License: http://opensource.org/licenses/mit
File Path: /var/simplicite/.m2/repository/com/googlecode/plist/dd-plist/1.26/dd-plist-1.26.jar MD5: b356133a97e00058c0a58c2cdae3adc7 SHA1: 7238f5f9a0864534e03c2e84d02bac839ff7ad04 SHA256:c9afbab5bd05774073702c8a5fa905eb7048c595dc93712d197b7f6017e0652c Referenced In Project/Scope: Simplicite Platform:compile dd-plist-1.26.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.tika/tika-parsers-standard-package@2.7.0
File Path: /var/simplicite/.m2/repository/org/brotli/dec/0.1.2/dec-0.1.2.jar MD5: 4b1cd14cf29733941cc536b27e6aedfa SHA1: 0c26a897ae0d524809eef1c786cc6183b4ddcc3b SHA256:615c0c3efef990d77831104475fba6a1f7971388691d4bad1471ad84101f6d52 Referenced In Project/Scope: Simplicite Platform:compile dec-0.1.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.tika/tika-parsers-standard-package@2.7.0
Contains the core Apache Derby database engine, which also includes the embedded JDBC driver.
File Path: /var/simplicite/.m2/repository/org/apache/derby/derby/10.16.1.1/derby-10.16.1.1.jar MD5: d9c38ece80f4ec0756f54b06716a3dd6 SHA1: f9ca2054b3e33ec3f3f19df4a7490352d82de54a SHA256:ede804cb04e871d7c52d2414e952ab939f9ef243abb7bd0ce7dbeb6e1e28bd0b Referenced In Project/Scope: Simplicite Platform:runtime derby-10.16.1.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
Evidence
Type
Source
Name
Value
Confidence
Vendor
file
name
derby
High
Vendor
jar
package name
apache
Highest
Vendor
jar
package name
database
Highest
Vendor
jar
package name
derby
Highest
Vendor
jar
package name
engine
Highest
Vendor
jar
package name
jdbc
Highest
Vendor
Manifest
bundle-symbolicname
derby
Medium
Vendor
pom
artifactid
derby
Highest
Vendor
pom
artifactid
derby
Low
Vendor
pom
groupid
org.apache.derby
Highest
Vendor
pom
name
Apache Derby Database Engine and Embedded JDBC Driver
High
Vendor
pom
parent-artifactid
derby-project
Low
Vendor
pom
url
http://db.apache.org/derby/
Highest
Product
file
name
derby
High
Product
jar
package name
apache
Highest
Product
jar
package name
database
Highest
Product
jar
package name
derby
Highest
Product
jar
package name
engine
Highest
Product
jar
package name
jdbc
Highest
Product
Manifest
Bundle-Name
Apache Derby 10.16
Medium
Product
Manifest
bundle-symbolicname
derby
Medium
Product
pom
artifactid
derby
Highest
Product
pom
groupid
org.apache.derby
Highest
Product
pom
name
Apache Derby Database Engine and Embedded JDBC Driver
A cleverly devised username might bypass LDAP authentication checks. In
LDAP-authenticated Derby installations, this could let an attacker fill
up the disk by creating junk Derby databases. In LDAP-authenticated
Derby installations, this could also allow the attacker to execute
malware which was visible to and executable by the account which booted
the Derby server. In LDAP-protected databases which weren't also
protected by SQL GRANT/REVOKE authorization, this vulnerability could
also let an attacker view and corrupt sensitive data and run sensitive
database functions and procedures.
Mitigation:
Users should upgrade to Java 21 and Derby 10.17.1.0.
Alternatively, users who wish to remain on older Java versions should
build their own Derby distribution from one of the release families to
which the fix was backported: 10.16, 10.15, and 10.14. Those are the
releases which correspond, respectively, with Java LTS versions 17, 11,
and 8.
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
The code which is shared across all Derby configurations.
File Path: /var/simplicite/.m2/repository/org/apache/derby/derbyshared/10.16.1.1/derbyshared-10.16.1.1.jar MD5: e423cba3150f195debaf7ff0d307ecf6 SHA1: 77a3ec6b9791c7c29c76148c5d56fc1f3f12d638 SHA256:27d4be683a45f6c15940167277ce39bb7e26b9f6dc0bc05efbcf813cac5d2b8f Referenced In Project/Scope: Simplicite Platform:runtime derbyshared-10.16.1.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.derby/derby@10.16.1.1
A cleverly devised username might bypass LDAP authentication checks. In
LDAP-authenticated Derby installations, this could let an attacker fill
up the disk by creating junk Derby databases. In LDAP-authenticated
Derby installations, this could also allow the attacker to execute
malware which was visible to and executable by the account which booted
the Derby server. In LDAP-protected databases which weren't also
protected by SQL GRANT/REVOKE authorization, this vulnerability could
also let an attacker view and corrupt sensitive data and run sensitive
database functions and procedures.
Mitigation:
Users should upgrade to Java 21 and Derby 10.17.1.0.
Alternatively, users who wish to remain on older Java versions should
build their own Derby distribution from one of the release families to
which the fix was backported: 10.16, 10.15, and 10.14. Those are the
releases which correspond, respectively, with Java LTS versions 17, 11,
and 8.
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
The DiffUtils library for computing diffs, applying patches, generationg side-by-side view in Java.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/googlecode/java-diff-utils/diffutils/1.3.0/diffutils-1.3.0.jar MD5: 638158a6bca62926aa9986c92ccb15e0 SHA1: 7e060dd5b19431e6d198e91ff670644372f60fbd SHA256:61ba4dc49adca95243beaa0569adc2a23aedb5292ae78aa01186fa782ebdc5c2 Referenced In Project/Scope: Simplicite Platform:compile diffutils-1.3.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
The official DocuSign eSignature JAVA client is based on version 2 of the DocuSign REST API and provides libraries for JAVA application integration. It is recommended that you use this version of the library for new development.
File Path: /var/simplicite/.m2/repository/com/docusign/docusign-esign-java/3.18.0/docusign-esign-java-3.18.0.jar MD5: c3c384f1190191a3d9a0ce40193f35ff SHA1: 6043723f03da3f87687862b73672b291ce82a4fb SHA256:527fc5e55aaf26b29ce352dc365842ef0e1cb14f4390e9e5bddf0a3d8d9e414d Referenced In Project/Scope: Simplicite Platform:provided docusign-esign-java-3.18.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
File Path: /var/simplicite/.m2/repository/org/docx4j/docx4j-ImportXHTML/8.3.2/docx4j-ImportXHTML-8.3.2.jar MD5: 2c6531eb94c2969d71b3c3744fc75c69 SHA1: 113efc586391d974898dd09f37b9b76f50fd3638 SHA256:1c6f1601f9426f29aaf234367481f3256dc9e5c87c8b0bfa0e8196f63ba1ade9 Referenced In Project/Scope: Simplicite Platform:compile docx4j-ImportXHTML-8.3.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
File Path: /var/simplicite/.m2/repository/org/docx4j/docx4j-JAXB-ReferenceImpl/11.4.5/docx4j-JAXB-ReferenceImpl-11.4.5.jar MD5: 8b974156d419b92d10c40fa38581a626 SHA1: 8c9b799fc45fd405320a1396287f3e479b136888 SHA256:05257ec7f81b2aea030730b957b1846cfc1960a34b2ca08e6b3c24b6f81f89a2 Referenced In Project/Scope: Simplicite Platform:compile docx4j-JAXB-ReferenceImpl-11.4.5.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
File Path: /var/simplicite/.m2/repository/org/docx4j/docx4j-core/11.4.5/docx4j-core-11.4.5.jar MD5: 161fbd4db24b8117b87da402a9148a7a SHA1: e200f41cc2ea6c4ee00eae7221875eee57b4bdca SHA256:b461962741202b91b3c2efc59bdc315f0bbec26c92aa1845d31c1f615a28b397 Referenced In Project/Scope: Simplicite Platform:compile docx4j-core-11.4.5.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
File Path: /var/simplicite/.m2/repository/org/docx4j/docx4j-openxml-objects/11.4.5/docx4j-openxml-objects-11.4.5.jar MD5: 6b3eb97c6283d409742ef2a71ea25b9f SHA1: 55865b71097573ad25073abcaff856d95998438b SHA256:225a5b92fa238ba02a3aa95e5a1ed9dacd2d0c276c539057c9896feadf0f9c17 Referenced In Project/Scope: Simplicite Platform:compile docx4j-openxml-objects-11.4.5.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.docx4j/docx4j-core@11.4.5
File Path: /var/simplicite/.m2/repository/org/docx4j/docx4j-openxml-objects-pml/11.4.5/docx4j-openxml-objects-pml-11.4.5.jar MD5: 09bb93a665dcb40be7266554bba38649 SHA1: 28182f81e9bf7451056b2c65677a18833953eba7 SHA256:a8514ccfeb3ed7facaa3a18161d5d8586fca646ace312eaa865f8c8838557695 Referenced In Project/Scope: Simplicite Platform:compile docx4j-openxml-objects-pml-11.4.5.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.docx4j/docx4j-core@11.4.5
File Path: /var/simplicite/.m2/repository/org/docx4j/docx4j-openxml-objects-sml/11.4.5/docx4j-openxml-objects-sml-11.4.5.jar MD5: 2b94fa75cbb00dc8178e7822b91f1ad0 SHA1: 8b3408067219980d4172f6838ac4cb952579e7d3 SHA256:6413dc125deda7b56c87b8cf0a9fcfafa2df54215cbe447f3b49f4a9607b4d45 Referenced In Project/Scope: Simplicite Platform:compile docx4j-openxml-objects-sml-11.4.5.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.docx4j/docx4j-core@11.4.5
Eclipse Distribution License - v 1.0: http://www.eclipse.org/org/documents/edl-v10.php
File Path: /var/simplicite/.m2/repository/com/sun/xml/dtd-parser/dtd-parser/1.4.5/dtd-parser-1.4.5.jar MD5: b27b38e842491770c5a1953dc86468d1 SHA1: bd01768721835f13a6da58f6edea5f8c57ee7b3c SHA256:a4cd6addced42e2f870dcca1716f459da51f06f2fe49430d2d128f147c8e929d Referenced In Project/Scope: Simplicite Platform:compile dtd-parser-1.4.5.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.glassfish.jaxb/jaxb-xjc@3.0.2
File Path: /var/simplicite/.m2/repository/net/i2p/crypto/eddsa/0.3.0/eddsa-0.3.0.jar MD5: ee7de3b6f19de76a06e465efc978f669 SHA1: 1901c8d4d8bffb7d79027686cfb91e704217c3e1 SHA256:4dda1120db856640dbec04140ed23242215a075fe127bdefa0dcfa29fb31267d Referenced In Project/Scope: Simplicite Platform:compile eddsa-0.3.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.eclipse.jgit/org.eclipse.jgit.ssh.apache@6.5.0.202303070854-r
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/ehcache/ehcache/3.10.8/ehcache-3.10.8.jar MD5: 35f94bd99bae66088df39d8a45e73468 SHA1: f0d50ede46609db78413ca7f4250d348a597b101 SHA256:bed87f71d8cd25a8a4ef65f274cc58301f28929a01417d0bee8d73953dc30bac Referenced In Project/Scope: Simplicite Platform:compile ehcache-3.10.8.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
File Path: /var/simplicite/.m2/repository/com/google/errorprone/error_prone_annotations/2.11.0/error_prone_annotations-2.11.0.jar MD5: 656ad66261b7e7ea472ed0ffeea773ea SHA1: c5a0ace696d3f8b1c1d8cc036d8c03cc0cbe6b69 SHA256:721cb91842b46fa056847d104d5225c8b8e1e8b62263b993051e1e5a0137b7ec Referenced In Project/Scope: Simplicite Platform:compile error_prone_annotations-2.11.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.google.protobuf/protobuf-java-util@3.22.3
Contains
com.google.common.util.concurrent.internal.InternalFutureFailureAccess and
InternalFutures. Most users will never need to use this artifact. Its
classes is conceptually a part of Guava, but they're in this separate
artifact so that Android libraries can use them without pulling in all of
Guava (just as they can use ListenableFuture by depending on the
listenablefuture artifact).
File Path: /var/simplicite/.m2/repository/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.jar MD5: 091883993ef5bfa91da01dcc8fc52236 SHA1: 1dcf1de382a0bf95a3d8b0849546c88bac1292c9 SHA256:a171ee4c734dd2da837e4b16be9df4661afab72a41adaf31eb84dfdaf936ca26 Referenced In Project/Scope: Simplicite Platform:compile failureaccess-1.0.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.google.guava/guava@31.1-jre
Evidence
Type
Source
Name
Value
Confidence
Vendor
file
name
failureaccess
High
Vendor
jar
package name
common
Highest
Vendor
jar
package name
concurrent
Highest
Vendor
jar
package name
google
Highest
Vendor
jar
package name
util
Highest
Vendor
Manifest
bundle-docurl
https://github.com/google/guava/
Low
Vendor
Manifest
bundle-symbolicname
com.google.guava.failureaccess
Medium
Vendor
pom
artifactid
failureaccess
Highest
Vendor
pom
artifactid
failureaccess
Low
Vendor
pom
groupid
com.google.guava
Highest
Vendor
pom
name
Guava InternalFutureFailureAccess and InternalFutures
High
Vendor
pom
parent-artifactid
guava-parent
Low
Product
file
name
failureaccess
High
Product
jar
package name
common
Highest
Product
jar
package name
concurrent
Highest
Product
jar
package name
google
Highest
Product
jar
package name
util
Highest
Product
Manifest
bundle-docurl
https://github.com/google/guava/
Low
Product
Manifest
Bundle-Name
Guava InternalFutureFailureAccess and InternalFutures
Medium
Product
Manifest
bundle-symbolicname
com.google.guava.failureaccess
Medium
Product
pom
artifactid
failureaccess
Highest
Product
pom
groupid
com.google.guava
Highest
Product
pom
name
Guava InternalFutureFailureAccess and InternalFutures
fast-and-simple-minify is a combined java-port of the JSMin and CSSMin utility with some additional features
License:
The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/ch/simschla/fast-and-simple-minify/1.0/fast-and-simple-minify-1.0.jar MD5: 762fd1d990bb4e97a7581d2cd3255fc1 SHA1: ade6ae013ee38869b79eeb0661203451ddc16f46 SHA256:86e94527a0705c1ac20ff2b80e7d673975cc92f988210cc440f5bd1bb44087b5 Referenced In Project/Scope: Simplicite Platform:compile fast-and-simple-minify-1.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
This is the official Firebase Admin Java SDK. Build extraordinary native JVM apps in
minutes with Firebase. The Firebase platform can power your app’s backend, user
authentication, static hosting, and more.
License:
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/google/firebase/firebase-admin/8.1.0/firebase-admin-8.1.0.jar MD5: a7ae72f3d751b128bb3ef418f43f88bb SHA1: 59a89fa404b2575d8f85187e07c0675aa55ee7a1 SHA256:9c04c105ff5eb4847956dd01959194785600e1c074f5764ab23855385e7de2ab Referenced In Project/Scope: Simplicite Platform:compile firebase-admin-8.1.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
File Path: /var/simplicite/.m2/repository/org/apache/pdfbox/fontbox/2.0.28/fontbox-2.0.28.jar MD5: b63595ca4f3f2d2d1fb11af4dbce2da3 SHA1: cae8486c676f4119140a06dbec5f97bbae68c34b SHA256:a915e4f01ff5b829a95231f6befd92401c319c09669e2d4fa0336441655e7395 Referenced In Project/Scope: Simplicite Platform:compile fontbox-2.0.28.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
File Path: /var/simplicite/.m2/repository/me/xdrop/fuzzywuzzy/1.4.0/fuzzywuzzy-1.4.0.jar MD5: d46388ab184ae8849720ac3a46500cec SHA1: 9ab5d0aa1c87892e7c4c53d74d1e008c1724cf1a SHA256:23a2dd1f54b910675944f4c8d4845d7eaf1b780dd0ea89763733fd0b43a8258a Referenced In Project/Scope: Simplicite Platform:compile fuzzywuzzy-1.4.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
File Path: /var/simplicite/.m2/repository/com/google/api/gax/2.15.0/gax-2.15.0.jar MD5: d95902048cd9d6636c52fce6a686f4d9 SHA1: 1d18d34c1078fbbfa8d5d811fec4b62907680454 SHA256:f5327f3e7b20658c70cff0f8883214a1e6fa760c8603a921c65435c471cd75dc Referenced In Project/Scope: Simplicite Platform:compile gax-2.15.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
File Path: /var/simplicite/.m2/repository/com/google/api/gax-grpc/2.13.0/gax-grpc-2.13.0.jar MD5: 734375102eaba670909a390bdbd69ab0 SHA1: 01915297b70aedea567acaf14d83dc09d0ee219c SHA256:64d0cfd0f201771e03964794bb23c404bfa18ab826a513a46084d2ad44164920 Referenced In Project/Scope: Simplicite Platform:compile gax-grpc-2.13.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.google.cloud/google-cloud-core-grpc@2.5.11
File Path: /var/simplicite/.m2/repository/com/google/api/gax-httpjson/0.98.0/gax-httpjson-0.98.0.jar MD5: b3e6ac8369b7b5cb45efd46f3274b264 SHA1: da6e7b07fadb96c9e8367f5d552e179f19a4c8ee SHA256:7d457615da8c9eb25c12ac5b88f7a4deb9efa450a48bcfb9221e0b48a5d66a25 Referenced In Project/Scope: Simplicite Platform:compile gax-httpjson-0.98.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.google.cloud/google-cloud-storage@2.6.0
The Google API Client Library for Java provides functionality common to all Google APIs; for example HTTP transport, error handling, authentication, JSON parsing, media download/upload, and batching.
File Path: /var/simplicite/.m2/repository/com/google/api-client/google-api-client/1.34.0/google-api-client-1.34.0.jar MD5: 97cece4852c70e99f9bfc328857a07f8 SHA1: af2586412cabeee49c9db6d736e75b745bc467f8 SHA256:40cfc42643746f8ca3c42911e17c4048dc080a2f12a79c927297b50665de7140 Referenced In Project/Scope: Simplicite Platform:compile google-api-client-1.34.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
File Path: /var/simplicite/.m2/repository/com/google/api-client/google-api-client-gson/1.34.0/google-api-client-gson-1.34.0.jar MD5: 042340dc1ead04fab95d97c3c860ec70 SHA1: 7695fdff82a3789440eede8d08abf5b05757ea23 SHA256:f6e24bfc740257d881b0d51d39ea0d37507d0d137d46c1262cafc7f828b1acec Referenced In Project/Scope: Simplicite Platform:compile google-api-client-gson-1.34.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/google/apis/google-api-services-calendar/v3-rev20220401-1.32.1/google-api-services-calendar-v3-rev20220401-1.32.1.jar MD5: 909e665933f86895283a9bbb620f3e8c SHA1: 244f4c0b61bac10d219a74b1486d548c5cb82d00 SHA256:9d849ca8d9676bab638e334ded8f78dd6913899983f9594bb1c7c8d5d8f935ac Referenced In Project/Scope: Simplicite Platform:compile google-api-services-calendar-v3-rev20220401-1.32.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/google/apis/google-api-services-drive/v3-rev20220214-1.32.1/google-api-services-drive-v3-rev20220214-1.32.1.jar MD5: 4746592e2ef038cc189aa4495e7578e7 SHA1: d75dce3c12fcb57b827b4bd498b82f341bee9678 SHA256:abe79a0b774039effc86853a713a9d08e5a4aa1e5509da4ff83421318b93fa22 Referenced In Project/Scope: Simplicite Platform:compile google-api-services-drive-v3-rev20220214-1.32.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/google/apis/google-api-services-gmail/v1-rev20220404-1.32.1/google-api-services-gmail-v1-rev20220404-1.32.1.jar MD5: bd7510a07ad51edde75524527db3ddd6 SHA1: 72590768b2919e970f303c6c7c5a92cb0df1beb7 SHA256:206acb87dfe2d7a3a50cf8578189aea08f931178d56790719afe1a08962d9f49 Referenced In Project/Scope: Simplicite Platform:compile google-api-services-gmail-v1-rev20220404-1.32.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/google/apis/google-api-services-plus/v1-rev20190328-1.30.10/google-api-services-plus-v1-rev20190328-1.30.10.jar MD5: 27f1e9ce42ebc0956aeac57c24de46b3 SHA1: 5134f9422badf1c956d5c922aad72c6eebeea6a3 SHA256:8df825f167faac9115d3d6efa92f3a901b7901c4564d5a7e4f2ea1c0de1ddf2e Referenced In Project/Scope: Simplicite Platform:compile google-api-services-plus-v1-rev20190328-1.30.10.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/google/apis/google-api-services-sheets/v4-rev20220322-1.32.1/google-api-services-sheets-v4-rev20220322-1.32.1.jar MD5: 6f5268c6a17fbe7eeb4d96ef1839c0d0 SHA1: d7792b47af586f7592f12779aceec023e622ebc6 SHA256:265943438a0a054aca2e33b9d5fa40982c488e93598562cb8200601876309ddd Referenced In Project/Scope: Simplicite Platform:compile google-api-services-sheets-v4-rev20220322-1.32.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/google/apis/google-api-services-storage/v1-rev20220401-1.32.1/google-api-services-storage-v1-rev20220401-1.32.1.jar MD5: 2b5a333c86aeb8743296fd475f71fac1 SHA1: 46090b46cb68583e6ded641ac040bd225a77d91d SHA256:77c95d246331b386f932c5d6cf4de2fa4397fd7b2cc284fa490deed35d1e4ecc Referenced In Project/Scope: Simplicite Platform:compile google-api-services-storage-v1-rev20220401-1.32.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/google/apis/google-api-services-translate/v2-rev20170525-1.30.1/google-api-services-translate-v2-rev20170525-1.30.1.jar MD5: 49b810431970d3585119ebae4d372955 SHA1: d190fa670e88901a2e5247ea394f7ae2cc394c15 SHA256:ae3b32be4e5a9450a36f8fed26ea5f26bc624ec15fb4a0f1160c6c8cf0e35559 Referenced In Project/Scope: Simplicite Platform:compile google-api-services-translate-v2-rev20170525-1.30.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
Evidence
Type
Source
Name
Value
Confidence
Vendor
file
name
google-api-services-translate-v2-rev20170525
High
Vendor
jar
package name
api
Highest
Vendor
jar
package name
google
Highest
Vendor
jar
package name
services
Highest
Vendor
jar
package name
translate
Highest
Vendor
Manifest
automatic-module-name
com.google.api.services.translate
Medium
Vendor
Manifest
build-jdk-spec
1.8
Low
Vendor
pom
artifactid
google-api-services-translate
Highest
Vendor
pom
artifactid
google-api-services-translate
Low
Vendor
pom
groupid
com.google.apis
Highest
Vendor
pom
name
Google Cloud Translation API v2-rev20170525-1.30.1
High
Vendor
pom
organization name
Google
High
Vendor
pom
organization url
http://www.google.com/
Medium
Product
file
name
google-api-services-translate-v2-rev20170525
High
Product
jar
package name
api
Highest
Product
jar
package name
google
Highest
Product
jar
package name
services
Highest
Product
jar
package name
translate
Highest
Product
Manifest
automatic-module-name
com.google.api.services.translate
Medium
Product
Manifest
build-jdk-spec
1.8
Low
Product
pom
artifactid
google-api-services-translate
Highest
Product
pom
groupid
com.google.apis
Highest
Product
pom
name
Google Cloud Translation API v2-rev20170525-1.30.1
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/google/apis/google-api-services-youtube/v3-rev20220409-1.32.1/google-api-services-youtube-v3-rev20220409-1.32.1.jar MD5: 4197d21a1f91f5c541058000a6e0eece SHA1: cdac512c0f6b566dfbf1a40083459f97d4d65add SHA256:1128fc16b7ef1162b54d8024a361d70ee638616538a7842c43a3bd0b4348dff8 Referenced In Project/Scope: Simplicite Platform:compile google-api-services-youtube-v3-rev20220409-1.32.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
File Path: /var/simplicite/.m2/repository/com/google/auth/google-auth-library-credentials/1.6.0/google-auth-library-credentials-1.6.0.jar MD5: abb88d44906035ae9872f13498de2f7f SHA1: 1d550774693a2cfd4ccd76ebbb543f6d260112a5 SHA256:153fa3cdc153ac3ee25649e8037aeda4438256153d35acf3c27e83e4ee6165a4 Referenced In Project/Scope: Simplicite Platform:compile google-auth-library-credentials-1.6.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.google.cloud/google-cloud-storage@2.6.0
File Path: /var/simplicite/.m2/repository/com/google/auth/google-auth-library-oauth2-http/1.6.0/google-auth-library-oauth2-http-1.6.0.jar MD5: 71f2ad57719226b15aa1ec7dd41adac0 SHA1: 3c89549f06eff1cbb0f104d934e18e9e9f6bf03c SHA256:2220f02fcfc480e3798bab43b2618d158319f9fcb357c9eb04b4a68117699808 Referenced In Project/Scope: Simplicite Platform:compile google-auth-library-oauth2-http-1.6.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.google.cloud/google-cloud-storage@2.6.0
File Path: /var/simplicite/.m2/repository/com/google/cloud/google-cloud-core/2.5.11/google-cloud-core-2.5.11.jar MD5: ef53d5ab76a9c251f40a94176ab2dc01 SHA1: fcc270ef721413b74f02121eb2d02014d86589ea SHA256:84adb59d6845f759cd4ba56526ac1bb206499db42bc71516d394022a20760227 Referenced In Project/Scope: Simplicite Platform:compile google-cloud-core-2.5.11.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
File Path: /var/simplicite/.m2/repository/com/google/cloud/google-cloud-core-grpc/2.5.11/google-cloud-core-grpc-2.5.11.jar MD5: 553fa504b92e8c0dc482e72c5b60bceb SHA1: 5928af7dd3741a9a9ee18ad365da6e760a42d718 SHA256:cf0855c9869d315470822b7ece41a4f88aa16c6d286877eeb1ca5032969ea69f Referenced In Project/Scope: Simplicite Platform:compile google-cloud-core-grpc-2.5.11.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
File Path: /var/simplicite/.m2/repository/com/google/cloud/google-cloud-core-http/2.5.11/google-cloud-core-http-2.5.11.jar MD5: 0c7096abd415111053a1c7681d33e8a8 SHA1: 28573e313516c3c849eb3451a58382bf24c6f536 SHA256:67d67273abee2b22ae65ccf275a586b4f81cf72bbe59f126b9f2a7216161418e Referenced In Project/Scope: Simplicite Platform:compile google-cloud-core-http-2.5.11.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
File Path: /var/simplicite/.m2/repository/com/google/cloud/google-cloud-firestore/2.6.1/google-cloud-firestore-2.6.1.jar MD5: 089a4baeb81874c4461546f51f17fc9f SHA1: fea3ad6874eb21a0cec7e7b27d5608fbcbce2f03 SHA256:bdc1d50e2f40c1fc9ded4af406e2813e4fa0e8b17d42335dd0e52c45b205b937 Referenced In Project/Scope: Simplicite Platform:compile google-cloud-firestore-2.6.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.google.firebase/firebase-admin@8.1.0
File Path: /var/simplicite/.m2/repository/com/google/cloud/google-cloud-pubsub/1.116.3/google-cloud-pubsub-1.116.3.jar MD5: f5b01b9ad0fb43c61bd2aff6e227a057 SHA1: 83a215450446c12695d05b19c3f34b6501fd3cea SHA256:7f5eb57a387f3c8a2d29e02766551a707193170e0e0b08fd2883c2ea4d2a86f9 Referenced In Project/Scope: Simplicite Platform:compile google-cloud-pubsub-1.116.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
File Path: /var/simplicite/.m2/repository/org/apache/jclouds/provider/google-cloud-storage/2.5.0/google-cloud-storage-2.5.0.jar MD5: 03f653712bb4467c86a7b260569c05a7 SHA1: 238426244adf2d93fc8e10630081d0495982c20e SHA256:3bd85e2941ba93c3ac0cf0a72cf6589aa1b7dc422404a8f8cd57a0e8931d51ec Referenced In Project/Scope: Simplicite Platform:compile google-cloud-storage-2.5.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
File Path: /var/simplicite/.m2/repository/com/google/cloud/google-cloud-storage/2.6.0/google-cloud-storage-2.6.0.jar MD5: 3e7307600fe5dd2b3318c150380ddc63 SHA1: 904bbef7eb6d5838656d14df16cd98556767190e SHA256:4bea9595223e471f3b14b7e3c3311d047002f91da64252cb54121b870cea4721 Referenced In Project/Scope: Simplicite Platform:compile google-cloud-storage-2.6.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
Google HTTP Client Library for Java. Functionality that works on all supported Java platforms,
including Java 7 (or higher) desktop (SE) and web (EE), Android, and Google App Engine.
File Path: /var/simplicite/.m2/repository/com/google/http-client/google-http-client/1.41.7/google-http-client-1.41.7.jar MD5: f1565870d16fa93572973b94dd14e10a SHA1: 5dc1bd22256ef86fb3e0a6012248f5afefbd4c70 SHA256:d5dca91ea46de8214d8390eba6210cadecf794a421328c28f9b16a24b35dff85 Referenced In Project/Scope: Simplicite Platform:compile google-http-client-1.41.7.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
File Path: /var/simplicite/.m2/repository/com/google/http-client/google-http-client-apache-v2/1.41.7/google-http-client-apache-v2-1.41.7.jar MD5: 4fe68cc57103d67605fa20c0991ba4c6 SHA1: 04ec0f67dd7576f6f049ae36dc58e48b9dfba8e3 SHA256:0b5b547429f6d1b958896dd74358bc46578ec70e590b8eaa667c24b6794ef0dc Referenced In Project/Scope: Simplicite Platform:compile google-http-client-apache-v2-1.41.7.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
File Path: /var/simplicite/.m2/repository/com/google/http-client/google-http-client-appengine/1.41.7/google-http-client-appengine-1.41.7.jar MD5: b2033529bf22d76d0fc17fe08eee8b90 SHA1: 35ed01ddfbafdc71ec4f87afd099615ac8b0d133 SHA256:5bfdffab461844efa3cb53eb23cc93f1ef201a687d676d0c909c76442edc31b4 Referenced In Project/Scope: Simplicite Platform:compile google-http-client-appengine-1.41.7.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
Evidence
Type
Source
Name
Value
Confidence
Vendor
file
name
google-http-client-appengine
High
Vendor
jar
package name
api
Highest
Vendor
jar
package name
client
Highest
Vendor
jar
package name
extensions
Highest
Vendor
jar
package name
google
Highest
Vendor
Manifest
automatic-module-name
com.google.api.client.extensions.appengine
Medium
Vendor
Manifest
build-jdk-spec
1.8
Low
Vendor
pom
artifactid
google-http-client-appengine
Highest
Vendor
pom
artifactid
google-http-client-appengine
Low
Vendor
pom
groupid
com.google.http-client
Highest
Vendor
pom
name
Google App Engine extensions to the Google HTTP Client Library for Java.
High
Vendor
pom
parent-artifactid
google-http-client-parent
Low
Product
file
name
google-http-client-appengine
High
Product
jar
package name
api
Highest
Product
jar
package name
client
Highest
Product
jar
package name
extensions
Highest
Product
jar
package name
google
Highest
Product
Manifest
automatic-module-name
com.google.api.client.extensions.appengine
Medium
Product
Manifest
build-jdk-spec
1.8
Low
Product
pom
artifactid
google-http-client-appengine
Highest
Product
pom
groupid
com.google.http-client
Highest
Product
pom
name
Google App Engine extensions to the Google HTTP Client Library for Java.
File Path: /var/simplicite/.m2/repository/com/google/http-client/google-http-client-gson/1.41.7/google-http-client-gson-1.41.7.jar MD5: b9d3db357f7cc6b40aa48d7511a0dcd9 SHA1: b9f1a51801a7b3428341fbe2bd7daee9fb8397de SHA256:52aef2ed4b4b722028f88ab050da1daf2df1ba0c88b8ee8c8bbcdc9a6eb7d44f Referenced In Project/Scope: Simplicite Platform:compile google-http-client-gson-1.41.7.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
Evidence
Type
Source
Name
Value
Confidence
Vendor
file
name
google-http-client-gson
High
Vendor
jar
package name
api
Highest
Vendor
jar
package name
client
Highest
Vendor
jar
package name
google
Highest
Vendor
jar
package name
json
Highest
Vendor
Manifest
automatic-module-name
com.google.api.client.json.gson
Medium
Vendor
Manifest
build-jdk-spec
1.8
Low
Vendor
pom
artifactid
google-http-client-gson
Highest
Vendor
pom
artifactid
google-http-client-gson
Low
Vendor
pom
groupid
com.google.http-client
Highest
Vendor
pom
name
GSON extensions to the Google HTTP Client Library for Java.
High
Vendor
pom
parent-artifactid
google-http-client-parent
Low
Product
file
name
google-http-client-gson
High
Product
jar
package name
api
Highest
Product
jar
package name
client
Highest
Product
jar
package name
google
Highest
Product
jar
package name
json
Highest
Product
Manifest
automatic-module-name
com.google.api.client.json.gson
Medium
Product
Manifest
build-jdk-spec
1.8
Low
Product
pom
artifactid
google-http-client-gson
Highest
Product
pom
groupid
com.google.http-client
Highest
Product
pom
name
GSON extensions to the Google HTTP Client Library for Java.
File Path: /var/simplicite/.m2/repository/com/google/http-client/google-http-client-jackson/1.29.2/google-http-client-jackson-1.29.2.jar MD5: 72ad680f4cd70758086ec12492544fcd SHA1: 98ba3a73bbfcabbaa1105fc013305d319f6ebf32 SHA256:54478a70cc90eb7fd7e6ab89a447a41fb1f4f98201bf4d5418d4647751538552 Referenced In Project/Scope: Simplicite Platform:compile google-http-client-jackson-1.29.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
Evidence
Type
Source
Name
Value
Confidence
Vendor
file
name
google-http-client-jackson
High
Vendor
jar
package name
api
Highest
Vendor
jar
package name
client
Highest
Vendor
jar
package name
google
Highest
Vendor
jar
package name
json
Highest
Vendor
Manifest
automatic-module-name
com.google.api.client.json.jackson
Medium
Vendor
Manifest
bundle-docurl
http://www.google.com/
Low
Vendor
Manifest
bundle-symbolicname
com.google.http-client.google-http-client-jackson
Medium
Vendor
Manifest
originally-created-by
Apache Maven Bundle Plugin
Low
Vendor
pom
artifactid
google-http-client-jackson
Highest
Vendor
pom
artifactid
google-http-client-jackson
Low
Vendor
pom
groupid
com.google.http-client
Highest
Vendor
pom
name
Jackson extensions to the Google HTTP Client Library for Java.
High
Vendor
pom
parent-artifactid
google-http-client-parent
Low
Product
file
name
google-http-client-jackson
High
Product
jar
package name
api
Highest
Product
jar
package name
client
Highest
Product
jar
package name
google
Highest
Product
jar
package name
json
Highest
Product
Manifest
automatic-module-name
com.google.api.client.json.jackson
Medium
Product
Manifest
bundle-docurl
http://www.google.com/
Low
Product
Manifest
Bundle-Name
Jackson extensions to the Google HTTP Client Library for Java.
Medium
Product
Manifest
bundle-symbolicname
com.google.http-client.google-http-client-jackson
Medium
Product
Manifest
originally-created-by
Apache Maven Bundle Plugin
Low
Product
pom
artifactid
google-http-client-jackson
Highest
Product
pom
groupid
com.google.http-client
Highest
Product
pom
name
Jackson extensions to the Google HTTP Client Library for Java.
Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.
File Path: /var/simplicite/.m2/repository/com/google/http-client/google-http-client-jackson2/1.41.7/google-http-client-jackson2-1.41.7.jar MD5: 515d50b3039f39f8860e092ca6c7b77c SHA1: d53e4635bdf4bca37315c6883c1c4fbb09952345 SHA256:a2bcc81d6403a093bca7c09f7fb8bc9f684b892c9a167576a0febe0039ff74bb Referenced In Project/Scope: Simplicite Platform:compile google-http-client-jackson2-1.41.7.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
Evidence
Type
Source
Name
Value
Confidence
Vendor
file
name
google-http-client-jackson2
High
Vendor
jar
package name
api
Highest
Vendor
jar
package name
client
Highest
Vendor
jar
package name
google
Highest
Vendor
jar
package name
json
Highest
Vendor
Manifest
automatic-module-name
com.google.api.client.json.jackson2
Medium
Vendor
Manifest
build-jdk-spec
1.8
Low
Vendor
pom
artifactid
google-http-client-jackson2
Highest
Vendor
pom
artifactid
google-http-client-jackson2
Low
Vendor
pom
groupid
com.google.http-client
Highest
Vendor
pom
name
Jackson 2 extensions to the Google HTTP Client Library for Java.
High
Vendor
pom
parent-artifactid
google-http-client-parent
Low
Product
file
name
google-http-client-jackson2
High
Product
jar
package name
api
Highest
Product
jar
package name
client
Highest
Product
jar
package name
google
Highest
Product
jar
package name
json
Highest
Product
Manifest
automatic-module-name
com.google.api.client.json.jackson2
Medium
Product
Manifest
build-jdk-spec
1.8
Low
Product
pom
artifactid
google-http-client-jackson2
Highest
Product
pom
groupid
com.google.http-client
Highest
Product
pom
name
Jackson 2 extensions to the Google HTTP Client Library for Java.
A Java source code formatter that follows Google Java Style.
File Path: /var/simplicite/.m2/repository/com/google/googlejavaformat/google-java-format/1.16.0/google-java-format-1.16.0.jar MD5: 505664004942c7f223f4567d8448d210 SHA1: ac8e55ff8dce2cd11bdd08bf95cf9a2cb4af5296 SHA256:0cff5d0230ba20d538f3f70b2aa68bd33f9fdc69768cde07337c563c23eb7c43 Referenced In Project/Scope: Simplicite Platform:compile google-java-format-1.16.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
Google OAuth Client Library for Java. Functionality that works on all supported Java platforms,
including Java 7 (or higher) desktop (SE) and web (EE), Android, and Google App Engine.
File Path: /var/simplicite/.m2/repository/com/google/oauth-client/google-oauth-client/1.33.2/google-oauth-client-1.33.2.jar MD5: b9105d8c558c291400501e78198313f1 SHA1: 2810fb515fe110295dc6867fc9f70c401b66daf3 SHA256:77909da172c0eec5ee3f3b76080fed9d6ee5b5299ccc8158bc1e5b05f5a87206 Referenced In Project/Scope: Simplicite Platform:compile google-oauth-client-1.33.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
The vulnerability is that IDToken verifier does not verify if token is properly signed. Signature verification makes sure that the token's payload comes from valid provider, not from someone else. An attacker can provide a compromised token with custom payload. The token will pass the validation on the client side. We recommend upgrading to version 1.33.3 or above
CWE-347 Improper Verification of Cryptographic Signature
jclouds components common to Google Cloud products
File Path: /var/simplicite/.m2/repository/org/apache/jclouds/common/googlecloud/2.5.0/googlecloud-2.5.0.jar MD5: c03a5f456b2ad70c5f38f91e78f76b5d SHA1: 3204bf6ddff8af8b88fcd15e73ae900649a54a41 SHA256:d7763a59548304658bca0e73b73e95e546643002ab040e62bbde351329657872 Referenced In Project/Scope: Simplicite Platform:compile googlecloud-2.5.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.jclouds.provider/google-cloud-storage@2.5.0
File Path: /var/simplicite/.m2/repository/de/rototor/pdfbox/graphics2d/0.32/graphics2d-0.32.jar MD5: 164b89cef806e962457f2dda37915993 SHA1: d8892871a9a1446e94f25eb625a7eec3bfa31b15 SHA256:37f8f387395f96c214ac44f7475c7a2e1f832dfc1de289a3610e0ffbf728f679 Referenced In Project/Scope: Simplicite Platform:compile graphics2d-0.32.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.openhtmltopdf/openhtmltopdf-pdfbox@1.0.10
Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class.
Even though the security vulnerability is fixed in version 32.0.0, we recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.
CWE-552 Files or Directories Accessible to External Parties
A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in question has been marked @Deprecated in versions 30.0 and later and should not be used. For Android developers, we recommend choosing a temporary directory API provided by Android, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime's java.io.tmpdir system property to point to a location whose permissions are appropriately configured.
CWE-732 Incorrect Permission Assignment for Critical Resource
File Path: /var/simplicite/.m2/repository/com/graphql-java/graphql-java/20.2/graphql-java-20.2.jar MD5: 4aa9caaa0a0f5204eb913eb0f2e60d5c SHA1: e1c82dba7f2e1c08d3b7759ba3a30aafab046b00 SHA256:98c63c1bf51876f84a3770573279be4f98bbfc2c86d6b4819c327fa1cbd2b137 Referenced In Project/Scope: Simplicite Platform:compile graphql-java-20.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
File Path: /var/simplicite/.m2/repository/io/grpc/grpc-core/1.45.0/grpc-core-1.45.0.jar MD5: d0f155af1a1a2a1ac5d18157272cbebd SHA1: 2a731bd622605bc9cca31aa493a29d7d322daa02 SHA256:1cef554c91dc00ca90824dbdd9242836c043da0a7c8cb3d8db8eb35ed460cfa1 Referenced In Project/Scope: Simplicite Platform:compile grpc-core-1.45.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.google.cloud/google-cloud-core-grpc@2.5.11
gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/ Three vectors were found that allow the following DOS attacks:
- Unbounded memory buffering in the HPACK parser
- Unbounded CPU consumption in the HPACK parser
The unbounded CPU consumption is down to a copy that occurred per-input-block in the parser, and because that could be unbounded due to the memory copy bug we end up with an O(n^2) parsing loop, with n selected by the client.
The unbounded memory buffering bugs:
- The header size limit check was behind the string reading code, so we needed to first buffer up to a 4 gigabyte string before rejecting it as longer than 8 or 16kb.
- HPACK varints have an encoding quirk whereby an infinite number of 0’s can be added at the start of an integer. gRPC’s hpack parser needed to read all of them before concluding a parse.
- gRPC’s metadata overflow check was performed per frame, so that the following sequence of frames could cause infinite buffering: HEADERS: containing a: 1 CONTINUATION: containing a: 2 CONTINUATION: containing a: 3 etc…
CWE-834 Excessive Iteration, CWE-770 Allocation of Resources Without Limits or Throttling
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms (ex. Linux) allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are affected, but gRPC Java, and Go are NOT affected.
gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for `-bin` suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recommend upgrading beyond the commit in https://github.com/grpc/grpc/pull/32309 https://www.google.com/url
File Path: /var/simplicite/.m2/repository/io/grpc/grpc-protobuf/1.45.0/grpc-protobuf-1.45.0.jar MD5: a0197dc2f2b294eac3c7c9be1620b232 SHA1: f41a3849091a95af98d009294cd8572b3d152a43 SHA256:6a8598808439045f3801d4a7df045dbcb7ca672e6131f866765d9f6b373889e1 Referenced In Project/Scope: Simplicite Platform:compile grpc-protobuf-1.45.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.google.cloud/google-cloud-pubsub@1.116.3
gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/ Three vectors were found that allow the following DOS attacks:
- Unbounded memory buffering in the HPACK parser
- Unbounded CPU consumption in the HPACK parser
The unbounded CPU consumption is down to a copy that occurred per-input-block in the parser, and because that could be unbounded due to the memory copy bug we end up with an O(n^2) parsing loop, with n selected by the client.
The unbounded memory buffering bugs:
- The header size limit check was behind the string reading code, so we needed to first buffer up to a 4 gigabyte string before rejecting it as longer than 8 or 16kb.
- HPACK varints have an encoding quirk whereby an infinite number of 0’s can be added at the start of an integer. gRPC’s hpack parser needed to read all of them before concluding a parse.
- gRPC’s metadata overflow check was performed per frame, so that the following sequence of frames could cause infinite buffering: HEADERS: containing a: 1 CONTINUATION: containing a: 2 CONTINUATION: containing a: 3 etc…
CWE-834 Excessive Iteration, CWE-770 Allocation of Resources Without Limits or Throttling
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms (ex. Linux) allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are affected, but gRPC Java, and Go are NOT affected.
gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for `-bin` suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recommend upgrading beyond the commit in https://github.com/grpc/grpc/pull/32309 https://www.google.com/url
File Path: /var/simplicite/.m2/repository/com/google/code/gson/gson/2.8.9/gson-2.8.9.jar MD5: e67627f67e03301092dc7de0a2d7cef8 SHA1: 8a432c1d6825781e21a02db2e2c33c5fde2833b9 SHA256:d3999291855de495c94c743761b8ab5176cfeabe281a5ab0d8e8d45326fd703e Referenced In Project/Scope: Simplicite Platform:compile gson-2.8.9.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
File Path: /var/simplicite/.m2/repository/com/google/guava/guava/31.1-jre/guava-31.1-jre.jar MD5: e37782d974104aa3b0a7bee9927c8042 SHA1: 60458f877d055d0c9114d9e1a2efb737b4bc282c SHA256:a42edc9cab792e39fe39bb94f3fca655ed157ff87a8af78e1d6ba5b07c4a00ab Referenced In Project/Scope: Simplicite Platform:compile guava-31.1-jre.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class.
Even though the security vulnerability is fixed in version 32.0.0, we recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.
CWE-552 Files or Directories Accessible to External Parties
A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in question has been marked @Deprecated in versions 30.0 and later and should not be used. For Android developers, we recommend choosing a temporary directory API provided by Android, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime's java.io.tmpdir system property to point to a location whose permissions are appropriately configured.
CWE-732 Incorrect Permission Assignment for Critical Resource
File Path: /var/simplicite/.m2/repository/com/google/inject/guice/5.0.1/guice-5.0.1.jar MD5: 60f6ba2a7fc44fcfe9119bc76314e7d6 SHA1: 0dae7556b441cada2b4f0a2314eb68e1ff423429 SHA256:3bae18be3e0f0940375d1ebdd2f3b84d87ae16026ae663b2f5d4667fe5b04036 Referenced In Project/Scope: Simplicite Platform:compile guice-5.0.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.jclouds/jclouds-core@2.5.0
File Path: /var/simplicite/.m2/repository/com/google/inject/extensions/guice-assistedinject/5.0.1/guice-assistedinject-5.0.1.jar MD5: 7a1c06b3b07048d2bb5ded4863cfcd71 SHA1: 62e02f2aceb7d90ba354584dacc018c1e94ff01c SHA256:aa2c6504d7e89debad51f5001113a972eceebdbb4637e72c0e26284be5574966 Referenced In Project/Scope: Simplicite Platform:compile guice-assistedinject-5.0.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.jclouds/jclouds-core@2.5.0
File Path: /var/simplicite/.m2/repository/com/h2database/h2/2.1.214/h2-2.1.214.jar MD5: 93628fb706e682dd989f697394039025 SHA1: d5c2005c9e3279201e12d4776c948578b16bf8b2 SHA256:d623cdc0f61d218cf549a8d09f1c391ff91096116b22e2475475fce4fbe72bd0 Referenced In Project/Scope: Simplicite Platform:runtime h2-2.1.214.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
The web-based admin console in H2 Database Engine before 2.2.220 can be started via the CLI with the argument -webAdminPassword, which allows the user to specify the password in cleartext for the web admin console. Consequently, a local user (or an attacker that has obtained local access through some means) would be able to discover the password by listing processes and their arguments. NOTE: the vendor states "This is not a vulnerability of H2 Console ... Passwords should never be passed on the command line and every qualified DBA or system administrator is expected to know that." Nonetheless, the issue was fixed in 2.2.220.
CWE-312 Cleartext Storage of Sensitive Information
h2database - Improper Link Resolution Before File Access
The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
CWE-59 Improper Link Resolution Before File Access ('Link Following')
File Path: /var/simplicite/.m2/repository/org/apache/hadoop/hadoop-hdfs-client/3.3.1/hadoop-hdfs-client-3.3.1.jar MD5: df16b76d5b2b4c33561e94ae47827637 SHA1: 5ad71520a3632a9b5b2c65f9f53d1c9d80544ee0 SHA256:23e86d658b016394c263f80b8e318f232167a8862a07a3d50e5369175f3e8a58 Referenced In Project/Scope: Simplicite Platform:compile hadoop-hdfs-client-3.3.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.commons/commons-vfs2@2.9.0
There is a potential heap buffer overflow in Apache Hadoop libhdfs native code. Opening a file path provided by user without validation may result in a denial of service or arbitrary code execution. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher.
Apache Hadoop's FileUtil.unTar(File, File) API does not escape the input file name before being passed to the shell. An attacker can inject arbitrary commands. This is only used in Hadoop 3.3 InMemoryAliasMap.completeBootstrapTransfer, which is only ever run by a local user. It has been used in Hadoop 2.x for yarn localization, which does enable remote code execution. It is used in Apache Spark, from the SQL command ADD ARCHIVE. As the ADD ARCHIVE command adds new binaries to the classpath, being able to execute shell scripts does not confer new permissions to the caller. SPARK-38305. "Check existence of file before untarring/zipping", which is included in 3.3.0, 3.1.4, 3.2.2, prevents shell commands being executed, regardless of which version of the hadoop libraries are in use. Users should upgrade to Apache Hadoop 2.10.2, 3.2.4, 3.3.3 or upper (including HADOOP-18136).
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
In Apache Hadoop, The unTar function uses unTarUsingJava function on Windows and the built-in tar utility on Unix and other OSes. As a result, a TAR entry may create a symlink under the expected extraction directory which points to an external directory. A subsequent TAR entry may extract an arbitrary file into the external directory using the symlink name. This however would be caught by the same targetDirPath check on Unix because of the getCanonicalPath call. However on Windows, getCanonicalPath doesn't resolve symbolic links, which bypasses the check. unpackEntries during TAR extraction follows symbolic links which allows writing outside expected base directory on Windows. This was addressed in Apache Hadoop 3.2.3
CWE-59 Improper Link Resolution Before File Access ('Link Following')
ZKConfigurationStore which is optionally used by CapacityScheduler of Apache Hadoop YARN deserializes data obtained from ZooKeeper without validation. An attacker having access to ZooKeeper can run arbitrary commands as YARN user by exploiting this. Users should upgrade to Apache Hadoop 2.10.2, 3.2.4, 3.3.4 or later (containing YARN-11126) if ZKConfigurationStore is used.
In Apache Hadoop 2.2.0 to 2.10.1, 3.0.0-alpha1 to 3.1.4, 3.2.0 to 3.2.2, and 3.3.0 to 3.3.1, a user who can escalate to yarn user can possibly run arbitrary commands as root user. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher.
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Relative library resolution in linux container-executor binary in Apache Hadoop 3.3.1-3.3.4 on Linux allows local user to gain root privileges. If the YARN cluster is accepting work from remote (authenticated) users, this MAY permit remote users to gain root privileges.
Hadoop 3.3.0 updated the " YARN Secure Containers https://hadoop.apache.org/docs/stable/hadoop-yarn/hadoop-yarn-site/SecureContainer.html " to add a feature for executing user-submitted applications in isolated linux containers.
The native binary HADOOP_HOME/bin/container-executor is used to launch these containers; it must be owned by root and have the suid bit set in order for the YARN processes to run the containers as the specific users submitting the jobs.
The patch " YARN-10495 https://issues.apache.org/jira/browse/YARN-10495 . make the rpath of container-executor configurable" modified the library loading path for loading .so files from "$ORIGIN/" to ""$ORIGIN/:../lib/native/". This is the a path through which libcrypto.so is located. Thus it is is possible for a user with reduced privileges to install a malicious libcrypto library into a path to which they have write access, invoke the container-executor command, and have their modified library executed as root.
If the YARN cluster is accepting work from remote (authenticated) users, and these users' submitted job are executed in the physical host, rather than a container, then the CVE permits remote users to gain root privileges.
The fix for the vulnerability is to revert the change, which is done in YARN-11441 https://issues.apache.org/jira/browse/YARN-11441 , "Revert YARN-10495". This patch is in hadoop-3.3.5.
To determine whether a version of container-executor is vulnerable, use the readelf command. If the RUNPATH or RPATH value contains the relative path "./lib/native/" then it is at risk
$ readelf -d container-executor|grep 'RUNPATH\|RPATH'
0x000000000000001d (RUNPATH) Library runpath: [$ORIGIN/:../lib/native/]
If it does not, then it is safe:
$ readelf -d container-executor|grep 'RUNPATH\|RPATH'
0x000000000000001d (RUNPATH) Library runpath: [$ORIGIN/]
For an at-risk version of container-executor to enable privilege escalation, the owner must be root and the suid bit must be set
$ ls -laF /opt/hadoop/bin/container-executor
---Sr-s---. 1 root hadoop 802968 May 9 20:21 /opt/hadoop/bin/container-executor
A safe installation lacks the suid bit; ideally is also not owned by root.
$ ls -laF /opt/hadoop/bin/container-executor
-rwxr-xr-x. 1 yarn hadoop 802968 May 9 20:21 /opt/hadoop/bin/container-executor
This configuration does not support Yarn Secure Containers, but all other hadoop services, including YARN job execution outside secure containers continue to work.
This is the core API of hamcrest matcher framework to be used by third-party framework providers. This includes the a foundation set of matcher implementations for common operations.
File Path: /var/simplicite/.m2/repository/org/hamcrest/hamcrest-core/1.3/hamcrest-core-1.3.jar MD5: 6393363b47ddcbba82321110c3e07519 SHA1: 42a25dc3219429f0e5d060061f71acb49bf010a0 SHA256:66fdef91e9739348df7a096aa384a5685f4e875584cce89386a7a47251c4d8e9 Referenced In Project/Scope: Simplicite Platform:compile hamcrest-core-1.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/junit/junit@4.13.2
File Path: /var/simplicite/.m2/repository/org/glassfish/hk2/hk2-api/2.6.1/hk2-api-2.6.1.jar MD5: 23e8c18dae0c7b776bed756763d5153f SHA1: 114bd7afb4a1bd9993527f52a08a252b5d2acac5 SHA256:c2cb80a01e58440ae57d5ee59af4d4d94e5180e04aff112b0cb611c07d61e773 Referenced In Project/Scope: Simplicite Platform:provided hk2-api-2.6.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.docusign/docusign-esign-java@3.18.0
File Path: /var/simplicite/.m2/repository/org/glassfish/hk2/hk2-locator/2.6.1/hk2-locator-2.6.1.jar MD5: dfd358720393d83b01747928db6e3912 SHA1: 9dedf9d2022e38ec0743ed44c1ac94ad6149acdd SHA256:febc668deb9f2000c76bd4918d8086c0a4c74d07bd0c60486b72c6bd38b62874 Referenced In Project/Scope: Simplicite Platform:provided hk2-locator-2.6.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.docusign/docusign-esign-java@3.18.0
File Path: /var/simplicite/.m2/repository/org/glassfish/hk2/hk2-utils/2.6.1/hk2-utils-2.6.1.jar MD5: 75ccb55538a77bf878996497ffeb86f3 SHA1: 396513aa96c1d5a10aa4f75c4dcbf259a698d62d SHA256:30727f79086452fdefdab08451d982c2082aa239d9f75cdeb1ba271e3c887036 Referenced In Project/Scope: Simplicite Platform:provided hk2-utils-2.6.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.docusign/docusign-esign-java@3.18.0
HSQLDB License, a BSD open source license: http://hsqldb.org/web/hsqlLicense.html
File Path: /var/simplicite/.m2/repository/org/hsqldb/hsqldb/2.7.1/hsqldb-2.7.1.jar MD5: cc960ec33d04364a280ea9eba088300e SHA1: 9ffb617125371538a32eb9ba1cb2fa743b2c993b SHA256:bca5532a4c58babf9fcebf20d03f086f5ba24b076c3aaf8838a16512235e53ca Referenced In Project/Scope: Simplicite Platform:runtime hsqldb-2.7.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
File Path: /var/simplicite/.m2/repository/org/apache/httpcomponents/httpasyncclient/4.1.5/httpasyncclient-4.1.5.jar MD5: 5346c547bfd0da64eb3dc54be9380d65 SHA1: cd18227f1eb8e9a263286c1d7362ceb24f6f9b32 SHA256:0c1877489a9d1ba4fa50f6cfcab11d1123618858cb31d56afaab5afdd5064d99 Referenced In Project/Scope: Simplicite Platform:compile httpasyncclient-4.1.5.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
File Path: /var/simplicite/.m2/repository/org/apache/httpcomponents/httpclient/4.5.14/httpclient-4.5.14.jar MD5: 2cb357c4b763f47e58af6cad47df6ba3 SHA1: 1194890e6f56ec29177673f2f12d0b8e627dec98 SHA256:c8bc7e1c51a6d4ce72f40d2ebbabf1c4b68bfe76e732104b04381b493478e9d6 Referenced In Project/Scope: Simplicite Platform:compile httpclient-4.5.14.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
File Path: /var/simplicite/.m2/repository/org/apache/httpcomponents/httpcore/4.4.16/httpcore-4.4.16.jar MD5: 28d2cd9bf8789fd2ec774fb88436ebd1 SHA1: 51cf043c87253c9f58b539c9f7e44c8894223850 SHA256:6c9b3dd142a09dc468e23ad39aad6f75a0f2b85125104469f026e52a474e464f Referenced In Project/Scope: Simplicite Platform:compile httpcore-4.4.16.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
File Path: /var/simplicite/.m2/repository/org/apache/httpcomponents/httpcore-nio/4.4.16/httpcore-nio-4.4.16.jar MD5: 597c450f3401e98103e835824ab43e77 SHA1: cd21c80a9956be48c4c1cfd2f594ba02857d0927 SHA256:4018736ede2d321034e8517ea90baefb31831a8608afccc446d8a699fb1d00d4 Referenced In Project/Scope: Simplicite Platform:compile httpcore-nio-4.4.16.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
File Path: /var/simplicite/.m2/repository/org/apache/httpcomponents/httpmime/4.5.14/httpmime-4.5.14.jar MD5: 714c4ae31c40e6633c0bcaa4e6264153 SHA1: 6662758a1f1cb1149cf916bdac28332e0902ec44 SHA256:d401243d5c6eae928a37121b6e819158c8c32ea0584793e7285bb489ab2a3d17 Referenced In Project/Scope: Simplicite Platform:compile httpmime-4.5.14.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
File Path: /var/simplicite/.m2/repository/com/ibm/icu/icu4j/73.1/icu4j-73.1.jar MD5: 8cff87c6f90429f12167511ac2226fcf SHA1: 693cf05bf78b603515a10653098fbb9a10fbb7e3 SHA256:e51fda26a50667aa6e5e7c752301203867dc36bbf82cb9f8f1008aded3798a5e Referenced In Project/Scope: Simplicite Platform:compile icu4j-73.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
File Path: /var/simplicite/.m2/repository/com/sun/istack/istack-commons-runtime/4.0.1/istack-commons-runtime-4.0.1.jar MD5: 0c1301f11d943a0bec02efc57c101409 SHA1: 4e25c41d338aad4a2c92d0020c9ae0335fad5099 SHA256:9f91115f449384886f572bd62c8812ee1004273d4b5c85cac65179ad4c16990f Referenced In Project/Scope: Simplicite Platform:compile istack-commons-runtime-4.0.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.glassfish.jaxb/jaxb-runtime@3.0.2
File Path: /var/simplicite/.m2/repository/com/sun/istack/istack-commons-tools/4.0.1/istack-commons-tools-4.0.1.jar MD5: 4c9517048b1b9581ab5ed307341855ee SHA1: 8e3afa2de93ef0daba1f244b8dc77fb4dfb0a14e SHA256:34486ea03e8229667d712e112e164adeed7534ca81718bb0e653072b7eb60786 Referenced In Project/Scope: Simplicite Platform:compile istack-commons-tools-4.0.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.glassfish.jaxb/jaxb-xjc@3.0.2
Mozilla Public License: http://www.mozilla.org/MPL/MPL-1.1.html
File Path: /var/simplicite/.m2/repository/com/lowagie/itext/2.1.7/itext-2.1.7.jar MD5: 7587a618197a065eac4a453d173d4ed6 SHA1: 892bfb3e97074a61123b3b2d7caa2db112750864 SHA256:7d82c6b097a31cdf5a6d49a327bf582fdec7304da69308f9f6abf54aa9fd9055 Referenced In Project/Scope: Simplicite Platform:compile itext-2.1.7.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML external entity (XXE) attacks via a crafted PDF.
CWE-611 Improper Restriction of XML External Entity Reference
Mozilla Public License: http://www.mozilla.org/MPL/MPL-1.1.html
File Path: /var/simplicite/.m2/repository/com/lowagie/itext-rtf/2.1.7/itext-rtf-2.1.7.jar MD5: f95d38da50192bc9e3876e3a987f02c1 SHA1: ed1cbe69ff69c6e6fa7645f51c8d25894a177e7b SHA256:49d3b9df20ccc6565c91b8b18c638ecb018fd528b6eb64991d6d8ba73975c135 Referenced In Project/Scope: Simplicite Platform:compile itext-rtf-2.1.7.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
A set of annotations that provide additional information to the J2ObjC
translator to modify the result of translation.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/google/j2objc/j2objc-annotations/1.3/j2objc-annotations-1.3.jar MD5: 5fa4ec4ec0c5aa70af8a7d4922df1931 SHA1: ba035118bc8bac37d7eff77700720999acd9986d SHA256:21af30c92267bd6122c0e0b4d20cccb6641a37eaf956c6540ec471d584e64a7b Referenced In Project/Scope: Simplicite Platform:compile j2objc-annotations-1.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.google.protobuf/protobuf-java-util@3.22.3
File Path: /var/simplicite/.m2/repository/com/healthmarketscience/jackcess/jackcess/4.0.5/jackcess-4.0.5.jar MD5: eadf0d092b2958de153901d0fe70eb61 SHA1: 78e71fb55d742715b7a2dc8e0a6c2dce218c8e17 SHA256:909289f4c955378449685bd3e8468837dd751bd8d9338bf830ae1741c6a4afb2 Referenced In Project/Scope: Simplicite Platform:compile jackcess-4.0.5.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.tika/tika-parsers-standard-package@2.7.0
File Path: /var/simplicite/.m2/repository/com/healthmarketscience/jackcess/jackcess-encrypt/4.0.2/jackcess-encrypt-4.0.2.jar MD5: 17f18ad7b3779c672e0178afacee1acd SHA1: e8efcbe171ac131ec32b20478d8381227e3e8d17 SHA256:7fdf5f09895038b1b2acb44294d0c1ffbcd0b9454964f6dc7171b6930bb085c4 Referenced In Project/Scope: Simplicite Platform:compile jackcess-encrypt-4.0.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.tika/tika-parsers-standard-package@2.7.0
Core Jackson processing abstractions (aka Streaming API), implementation for JSON
License:
The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.14.2/jackson-core-2.14.2.jar MD5: 6ee422ee4c481b2d5aacb2b5e36a7dc0 SHA1: f804090e6399ce0cf78242db086017512dd71fcc SHA256:b5d37a77c88277b97e3593c8740925216c06df8e4172bbde058528df04ad3e7a Referenced In Project/Scope: Simplicite Platform:compile jackson-core-2.14.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
Jackson is a high-performance JSON processor (parser, generator)
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/codehaus/jackson/jackson-core-asl/1.9.13/jackson-core-asl-1.9.13.jar MD5: 319c49a4304e3fa9fe3cd8dcfc009d37 SHA1: 3c304d70f42f832e0a86d45bd437f692129299a4 SHA256:440a9cb5ca95b215f953d3a20a6b1a10da1f09b529a9ddea5f8a4905ddab4f5a Referenced In Project/Scope: Simplicite Platform:compile jackson-core-asl-1.9.13.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.google.http-client/google-http-client-jackson@1.29.2
General data-binding functionality for Jackson: works on core streaming API
License:
The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.14.2/jackson-databind-2.14.2.jar MD5: c1b12dd14734cd1986132bf55042dd7e SHA1: 01e71fddbc80bb86f71a6345ac1e8ab8a00e7134 SHA256:501d3abce4d18dcc381058ec593c5b94477906bba6efbac14dae40a642f77424 Referenced In Project/Scope: Simplicite Platform:compile jackson-databind-2.14.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor's perspective is that this is not a valid vulnerability report, because the steps of constructing a cyclic data structure and trying to serialize it cannot be achieved by an external attacker.
CWE-770 Allocation of Resources Without Limits or Throttling
Support for reading and writing CSV-encoded data via Jackson
abstractions.
License:
The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/fasterxml/jackson/dataformat/jackson-dataformat-csv/2.14.2/jackson-dataformat-csv-2.14.2.jar MD5: af8b9f8638c2fcfabf09e7ee166888eb SHA1: c6201b16c9317197e97368e6c3f696da399d5b0f SHA256:47f12d1019ba18181148041f08e4d413c83f8b6fbb2a6b222f263e566737d292 Referenced In Project/Scope: Simplicite Platform:compile jackson-dataformat-csv-2.14.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
Add-on datatype-support module for Jackson (https://github.com/FasterXML/jackson) that handles
Guava (https://github.com/google/guava) types (currently mostly just collection ones)
License:
The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/fasterxml/jackson/datatype/jackson-datatype-guava/2.14.2/jackson-datatype-guava-2.14.2.jar MD5: 7613626f1c5f0c49814a9c54500f1217 SHA1: 1c340b714727513933a29b4f191e4cf5180e5946 SHA256:07cbb8b8a354dfc067fedf66e19226a7a8a6f56e46d2b78b85cbac5149aba71d Referenced In Project/Scope: Simplicite Platform:compile jackson-datatype-guava-2.14.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
Add-on module for Jackson (https://github.com/FasterXML/jackson) to support Joda (https://www.joda.org/joda-time/) data types.
License:
The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/fasterxml/jackson/datatype/jackson-datatype-joda/2.14.2/jackson-datatype-joda-2.14.2.jar MD5: aca7435b74c198ed1bf956a77aa99787 SHA1: ccdff9be351b308089411070395abf08374702ba SHA256:ab3433a5f984544f48e938600ae9fa65f29ee1a8c50618938cd172da58f89507 Referenced In Project/Scope: Simplicite Platform:compile jackson-datatype-joda-2.14.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
Pile of code that is shared by all Jackson-based JAX-RS
providers.
License:
The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/fasterxml/jackson/jaxrs/jackson-jaxrs-base/2.14.2/jackson-jaxrs-base-2.14.2.jar MD5: b89c32604e673885c3e8eb46b24262b1 SHA1: 03006ab2f6786b419893cae56b9f6ec58d1e8aec SHA256:cc0689c44be8d235a643ab58b5d4fb638c8753ce5f8560c13c6fa5f14ac20b55 Referenced In Project/Scope: Simplicite Platform:compile jackson-jaxrs-base-2.14.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
Functionality to handle JSON input/output for JAX-RS implementations (like Jersey and RESTeasy) using standard Jackson data binding.
License:
The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/fasterxml/jackson/jaxrs/jackson-jaxrs-json-provider/2.14.2/jackson-jaxrs-json-provider-2.14.2.jar MD5: 4c435f3fc9dbb44d75151d6264d1917b SHA1: 949391a8e576cb38783f5d31675a2ea70c8753fa SHA256:37e2ef9926b41724a1d725f962404e1ed8cac916aa0d466dbcbc7ea61a6881be Referenced In Project/Scope: Simplicite Platform:compile jackson-jaxrs-json-provider-2.14.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
Functionality to handle XML input/output for JAX-RS implementations (like Jersey and RESTeasy) using standard Jackson data binding.
License:
The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/fasterxml/jackson/jaxrs/jackson-jaxrs-xml-provider/2.14.2/jackson-jaxrs-xml-provider-2.14.2.jar MD5: 7b6caa305f2fb9d74794f9de6ef759ee SHA1: a80e14f7170cc2a3ae030b5eca55a8131cb9c5c6 SHA256:e8fe10ca4cb7ddec3d9176de720933c9173388a3166bfafec50493977988fb15 Referenced In Project/Scope: Simplicite Platform:compile jackson-jaxrs-xml-provider-2.14.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
Support for using JAXB annotations as an alternative to "native" Jackson annotations,
for configuring data-binding.
License:
The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/fasterxml/jackson/module/jackson-module-jaxb-annotations/2.14.2/jackson-module-jaxb-annotations-2.14.2.jar MD5: 9558568d00a9abb34728e05d9ebc4e0c SHA1: f7a5457c02d83103710973a4ffdce430ccdc1fd2 SHA256:3cc848dc4c370a76d8a36351505bd36fb025588d1ebbb00061af7f5d414b84fe Referenced In Project/Scope: Simplicite Platform:compile jackson-module-jaxb-annotations-2.14.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
Java Advanced Imaging Image I/O Tools API core, but without the classes
involved with javax.media.jai dependencies, JPEG2000 or
codecLibJIIO, meaning that this library can be distributed under the
modified BSD license and should be GPL compatible.
File Path: /var/simplicite/.m2/repository/com/github/jai-imageio/jai-imageio-core/1.4.0/jai-imageio-core-1.4.0.jar MD5: 6978d733bfb55c0a82639f724fe5f3bb SHA1: fb6d79b929556362a241b2f65a04e538062f0077 SHA256:8ad3c68e9efffb10ac87ff8bc589adf64b04a729c5194c079efd0643607fd72a Referenced In Project/Scope: Simplicite Platform:compile jai-imageio-core-1.4.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.tika/tika-parsers-standard-package@2.7.0
Evidence
Type
Source
Name
Value
Confidence
Vendor
file
name
jai-imageio-core
High
Vendor
jar
package name
github
Highest
Vendor
Manifest
bundle-docurl
https://github.com/jai-imageio/
Low
Vendor
Manifest
bundle-symbolicname
jai-imageio-core
Medium
Vendor
Manifest
extension-name
com.github.jai-imageio-jai-imageio-core
Medium
Vendor
Manifest
Implementation-Vendor
https://github.com/jai-imageio/ jai-imageio GitHub group
High
Vendor
Manifest
specification-vendor
Sun Microsystems, Inc.
Low
Vendor
Manifest
url
https://github.com/jai-imageio/jai-imageio-core
Low
Vendor
pom
artifactid
jai-imageio-core
Highest
Vendor
pom
artifactid
jai-imageio-core
Low
Vendor
pom
developer email
stian@s11.no
Low
Vendor
pom
developer name
Stian Soiland-Reyes
Medium
Vendor
pom
developer org
s11
Medium
Vendor
pom
developer org URL
http://s11.no/
Medium
Vendor
pom
groupid
com.github.jai-imageio
Highest
Vendor
pom
name
Java Advanced Imaging Image I/O Tools API core (standalone)
High
Vendor
pom
organization name
jai-imageio GitHub group
High
Vendor
pom
organization url
jai-imageio/
Medium
Vendor
pom
url
jai-imageio/jai-imageio-core
Highest
Product
file
name
jai-imageio-core
High
Product
jar
package name
github
Highest
Product
Manifest
bundle-docurl
https://github.com/jai-imageio/
Low
Product
Manifest
Bundle-Name
Java Advanced Imaging Image I/O Tools API core (standalone)
Medium
Product
Manifest
bundle-symbolicname
jai-imageio-core
Medium
Product
Manifest
extension-name
com.github.jai-imageio-jai-imageio-core
Medium
Product
Manifest
Implementation-Title
Java Advanced Imaging Image I/O Tools API core (standalone)
High
Product
Manifest
specification-title
Java Advanced Imaging
Medium
Product
Manifest
url
https://github.com/jai-imageio/jai-imageio-core
Low
Product
pom
artifactid
jai-imageio-core
Highest
Product
pom
developer email
stian@s11.no
Low
Product
pom
developer name
Stian Soiland-Reyes
Low
Product
pom
developer org
s11
Low
Product
pom
developer org URL
http://s11.no/
Low
Product
pom
groupid
com.github.jai-imageio
Highest
Product
pom
name
Java Advanced Imaging Image I/O Tools API core (standalone)
File Path: /var/simplicite/.m2/repository/com/sun/activation/jakarta.activation/1.2.2/jakarta.activation-1.2.2.jar MD5: 0b8bee3bf29b9a015f8b992035581a7c SHA1: 74548703f9851017ce2f556066659438019e7eb5 SHA256:02156773e4ae9d048d14a56ad35d644bee9f1052a791d072df3ded3c656e6e1a Referenced In Project/Scope: Simplicite Platform:runtime jakarta.activation-1.2.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.jclouds/jclouds-core@2.5.0
File Path: /var/simplicite/.m2/repository/jakarta/activation/jakarta.activation-api/2.1.1/jakarta.activation-api-2.1.1.jar MD5: 6f9bbce7c06f8805baa3fa87ebe3059f SHA1: 88c774ab863a21fb2fc4219af95379fafe499a31 SHA256:33bae3f0f12dbb5a7afc81d802a130359cdb44bbc7fb4b213f49b349d0491a04 Referenced In Project/Scope: Simplicite Platform:compile jakarta.activation-api-2.1.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.eclipse.angus/jakarta.mail@2.0.1
File Path: /var/simplicite/.m2/repository/jakarta/annotation/jakarta.annotation-api/1.3.5/jakarta.annotation-api-1.3.5.jar MD5: 8b165cf58df5f8c2a222f637c0a07c97 SHA1: 59eb84ee0d616332ff44aba065f3888cf002cd2d SHA256:85fb03fc054cdf4efca8efd9b6712bbb418e1ab98241c4539c8585bbc23e1b8a Referenced In Project/Scope: Simplicite Platform:provided jakarta.annotation-api-1.3.5.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.docusign/docusign-esign-java@3.18.0
File Path: /var/simplicite/.m2/repository/org/glassfish/hk2/external/jakarta.inject/2.6.1/jakarta.inject-2.6.1.jar MD5: 4d7c80a1e3cd54531af03bef4537f7af SHA1: 8096ebf722902e75fbd4f532a751e514f02e1eb7 SHA256:5e88c123b3e41bca788b2683118867d9b6dec714247ea91c588aed46a36ee24f Referenced In Project/Scope: Simplicite Platform:provided jakarta.inject-2.6.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.docusign/docusign-esign-java@3.18.0
Evidence
Type
Source
Name
Value
Confidence
Vendor
file
name
jakarta.inject
High
Vendor
jar
package name
inject
Highest
Vendor
jar
package name
javax
Highest
Vendor
Manifest
bundle-docurl
http://www.oracle.com
Low
Vendor
Manifest
bundle-symbolicname
org.glassfish.hk2.external.jakarta.inject
Medium
Vendor
pom
artifactid
jakarta.inject
Highest
Vendor
pom
artifactid
jakarta.inject
Low
Vendor
pom
groupid
org.glassfish.hk2.external
Highest
Vendor
pom
name
javax.inject: as OSGi bundle
High
Vendor
pom
name
javax.inject:${javax-inject.version} as OSGi bundle
High
Vendor
pom
parent-artifactid
external
Low
Vendor
pom
parent-groupid
org.glassfish.hk2
Medium
Product
file
name
jakarta.inject
High
Product
jar
package name
inject
Highest
Product
jar
package name
javax
Highest
Product
Manifest
bundle-docurl
http://www.oracle.com
Low
Product
Manifest
Bundle-Name
javax.inject:1 as OSGi bundle
Medium
Product
Manifest
bundle-symbolicname
org.glassfish.hk2.external.jakarta.inject
Medium
Product
pom
artifactid
jakarta.inject
Highest
Product
pom
groupid
org.glassfish.hk2.external
Highest
Product
pom
name
javax.inject: as OSGi bundle
High
Product
pom
name
javax.inject:${javax-inject.version} as OSGi bundle
Jakarta Messaging describes a means for Java applications to create, send,
and receive messages via loosely coupled, reliable asynchronous communication services.
License:
Eclipse Public License 2.0: https://projects.eclipse.org/license/epl-2.0
GNU General Public License, version 2 with the GNU Classpath Exception: https://projects.eclipse.org/license/secondary-gpl-2.0-cp
File Path: /var/simplicite/.m2/repository/jakarta/jms/jakarta.jms-api/2.0.3/jakarta.jms-api-2.0.3.jar MD5: 569d6b710a850e4198e0e56c5a337e3d SHA1: c3267a1a8129ba26e1093e7b51ae296891c5fa17 SHA256:5940937cb1095764a0039dae147395e37528a0575e2366f4dd20713b7785044a Referenced In Project/Scope: Simplicite Platform:compile jakarta.jms-api-2.0.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.qpid/qpid-jms-client@1.6.0
File Path: /var/simplicite/.m2/repository/org/eclipse/angus/jakarta.mail/2.0.1/jakarta.mail-2.0.1.jar MD5: 28fb723728e893da37c47887f2e8d773 SHA1: ac4bbca7361f10fe4073630765b40182c7e57872 SHA256:c99782e5613dc39d7d68fc1ab419892e1f0fd4bd09447a69e85f82eb0dd9a498 Referenced In Project/Scope: Simplicite Platform:compile jakarta.mail-2.0.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
File Path: /var/simplicite/.m2/repository/jakarta/validation/jakarta.validation-api/2.0.2/jakarta.validation-api-2.0.2.jar MD5: 77501d529c1928c9bac2500cc9f93fb0 SHA1: 5eacc6522521f7eacb081f95cee1e231648461e7 SHA256:b42d42428f3d922c892a909fa043287d577c0c5b165ad9b7d568cebf87fc9ea4 Referenced In Project/Scope: Simplicite Platform:compile jakarta.validation-api-2.0.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/io.swagger.core.v3/swagger-core@2.2.9
File Path: /var/simplicite/.m2/repository/jakarta/ws/rs/jakarta.ws.rs-api/2.1.6/jakarta.ws.rs-api-2.1.6.jar MD5: c3892382aeb5c54085b22b1890511d29 SHA1: 1dcb770bce80a490dff49729b99c7a60e9ecb122 SHA256:4cea299c846c8a6e6470cbfc2f7c391bc29b9caa2f9264ac1064ba91691f4adf Referenced In Project/Scope: Simplicite Platform:provided jakarta.ws.rs-api-2.1.6.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.docusign/docusign-esign-java@3.18.0
File Path: /var/simplicite/.m2/repository/jakarta/xml/bind/jakarta.xml.bind-api/4.0.0/jakarta.xml.bind-api-4.0.0.jar MD5: b5132a66e2d3a60904f8035a1f8a34a8 SHA1: bbb399208d288b15ec101fa4fcfc4bd77cedc97a SHA256:57e3796ad5753640088f5f9d3c53c183f2c250b7dad90529ea3e19a5515aa122 Referenced In Project/Scope: Simplicite Platform:compile jakarta.xml.bind-api-4.0.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/graphql-java/java-dataloader/3.2.0/java-dataloader-3.2.0.jar MD5: 2558e982381ac391c975246c0c13074b SHA1: f45c53595cab4c23e35526cc122e2bd159a50516 SHA256:b9c7d32aef05a2e33dc07c5ce45b713c405b61c6264cb0ed48aac003add3eaa4 Referenced In Project/Scope: Simplicite Platform:compile java-dataloader-3.2.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.graphql-java/graphql-java@20.2
The MIT License (MIT): https://raw.githubusercontent.com/auth0/java-jwt/master/LICENSE
File Path: /var/simplicite/.m2/repository/com/auth0/java-jwt/4.4.0/java-jwt-4.4.0.jar MD5: 7fe567995099e1ee3f45adbc2f3c18c5 SHA1: 0e02407d19971bfa241441212901dd327a37722b SHA256:173aab2a30727e5586e13055fb6c4e27112453f5d8cf1136b3369c674cbe011f Referenced In Project/Scope: Simplicite Platform:compile java-jwt-4.4.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
A library to read PST files with java, without need for external libraries.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/pff/java-libpst/0.9.3/java-libpst-0.9.3.jar MD5: 26a2227892a5859875c3bf2bdf88bc9e SHA1: 928a6698850cd89577d28201ff1ac443bb339d2b SHA256:039cd61635ded94dba67f909d3b1763e13f9c23d02f9750eb6259af10e1dabdb Referenced In Project/Scope: Simplicite Platform:compile java-libpst-0.9.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.tika/tika-parsers-standard-package@2.7.0
File Path: /var/simplicite/.m2/repository/com/onelogin/java-saml/2.9.0/java-saml-2.9.0.jar MD5: 78ab152c7a2de7cdc9fed73452641129 SHA1: a9b09c16748a57cfab9d7899ca8cfd360c8197fb SHA256:f2e36902c9a3a1f255a010f79286f3f858031839a817f4ff594068a89171cfc1 Referenced In Project/Scope: Simplicite Platform:compile java-saml-2.9.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
File Path: /var/simplicite/.m2/repository/com/onelogin/java-saml-core/2.9.0/java-saml-core-2.9.0.jar MD5: a9e33a00ac2b9b5ccbaa104a5ca6aec4 SHA1: 843b0064044bbd68162fcd57373c98e1a4dd64a5 SHA256:41735e2063f1c511d342aab613b2144efb758e2364ecd9193b7639274a280f24 Referenced In Project/Scope: Simplicite Platform:compile java-saml-core-2.9.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.onelogin/java-saml@2.9.0
File Path: /var/simplicite/.m2/repository/com/google/zxing/javase/3.0.1/javase-3.0.1.jar MD5: 04258960339322ce4fb90718899ff4c9 SHA1: 06fa0ae253f5bb2943fb64100c936d6a142832c2 SHA256:83c1e61db240c81b9b9628ea8dd63944cacf2b4f3578b4f3f4d3104506e4d0a4 Referenced In Project/Scope: Simplicite Platform:compile javase-3.0.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
File Path: /var/simplicite/.m2/repository/org/javassist/javassist/3.22.0-CR2/javassist-3.22.0-CR2.jar MD5: 2c48278c202227d8f3b8382965d41c0f SHA1: 44eaf0990dea92f4bca4b9931b2239c0e8756ee7 SHA256:230267ffd7bfe404c1b87faf215dd012f607ba3151bd7099562c305c09de6a7a Referenced In Project/Scope: Simplicite Platform:provided javassist-3.22.0-CR2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.docusign/docusign-esign-java@3.18.0
File Path: /var/simplicite/.m2/repository/javax/activation/javax.activation-api/1.2.0/javax.activation-api-1.2.0.jar MD5: 5e50e56bcf4a3ef3bc758f69f7643c3b SHA1: 85262acf3ca9816f9537ca47d5adeabaead7cb16 SHA256:43fdef0b5b6ceb31b0424b208b930c74ab58fac2ceeb7b3f6fd3aeb8b5ca4393 Referenced In Project/Scope: Simplicite Platform:compile javax.activation-api-1.2.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
CDDL + GPLv2 with classpath exception: https://github.com/javaee/javax.annotation/blob/master/LICENSE
File Path: /var/simplicite/.m2/repository/javax/annotation/javax.annotation-api/1.3.2/javax.annotation-api-1.3.2.jar MD5: 2ab1973eefffaa2aeec47d50b9e40b9d SHA1: 934c04d3cfef185a8008e7bf34331b79730a9d43 SHA256:e04ba5195bcd555dc95650f7cc614d151e4bcd52d29a10b8aa2197f3ab89ab9b Referenced In Project/Scope: Simplicite Platform:provided javax.annotation-api-1.3.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
CDDL + GPLv2 with classpath exception: https://oss.oracle.com/licenses/CDDL+GPL-1.1
File Path: /var/simplicite/.m2/repository/javax/ejb/javax.ejb-api/3.2.2/javax.ejb-api-3.2.2.jar MD5: f7a1ffa8ec359720a01dd09f79f042c3 SHA1: 8921a3e3cb30fe5966531ad53902eef19303123b SHA256:13ff874c58c32b649077dab6ab23bc93938610adc99e90d63933f6f074805b72 Referenced In Project/Scope: Simplicite Platform:provided javax.ejb-api-3.2.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/javax/inject/javax.inject/1/javax.inject-1.jar MD5: 289075e48b909e9e74e6c915b3631d2e SHA1: 6975da39a7040257bd51d21a231b76c915872d38 SHA256:91c77044a50c481636c32d916fd89c9118a72195390452c81065080f957de7ff Referenced In Project/Scope: Simplicite Platform:compile javax.inject-1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.jclouds/jclouds-core@2.5.0
CDDL + GPLv2 with classpath exception: https://glassfish.java.net/nonav/public/CDDL+GPL_1_1.html
File Path: /var/simplicite/.m2/repository/javax/jms/javax.jms-api/2.0.1/javax.jms-api-2.0.1.jar MD5: d69d2e02910e97b2478c0105e9b2caab SHA1: 5faaa3864ff6025ce69809b60d65bda3e358610c SHA256:aa4a16fac46d949b17b32091036e4d1e3c812ef3b4bd184ec838efffb53ba4f8 Referenced In Project/Scope: Simplicite Platform:compile javax.jms-api-2.0.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
CDDL + GPLv2 with classpath exception: https://oss.oracle.com/licenses/CDDL+GPL-1.1
File Path: /var/simplicite/.m2/repository/javax/servlet/javax.servlet-api/4.0.1/javax.servlet-api-4.0.1.jar MD5: b80414033bf3397de334b95e892a2f44 SHA1: a27082684a2ff0bf397666c3943496c44541d1ca SHA256:83a03dd877d3674576f0da7b90755c8524af099ccf0607fc61aa971535ad7c60 Referenced In Project/Scope: Simplicite Platform:provided javax.servlet-api-4.0.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
Java.net - The Source for Java Technology Collaboration
License:
CDDL + GPLv2 with classpath exception: ://oss.oracle.com/licenses/CDDL+GPL-1.1
File Path: /var/simplicite/.m2/repository/javax/servlet/jsp/javax.servlet.jsp-api/2.3.3/javax.servlet.jsp-api-2.3.3.jar MD5: f6676a5961328c41c5e722da5e48d047 SHA1: 81191ab80e342912dc9cea735c30ff4eddc64de3 SHA256:409a534d275ef0958a2c1692472da30e3706bfe6933d56c039376f53f13689b7 Referenced In Project/Scope: Simplicite Platform:provided javax.servlet.jsp-api-2.3.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
CDDL + GPLv2 with classpath exception: https://github.com/javaee/javax.transaction/blob/master/LICENSE
File Path: /var/simplicite/.m2/repository/javax/transaction/javax.transaction-api/1.3/javax.transaction-api-1.3.jar MD5: 6e9cb1684621821248b6823143ae26c0 SHA1: e006adf5cf3cca2181d16bd640ecb80148ec0fce SHA256:603df5e4fc1eeae8f5e5d363a8be6c1fa47d0df1df8739a05cbcb9fafd6df2da Referenced In Project/Scope: Simplicite Platform:provided javax.transaction-api-1.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
File Path: /var/simplicite/.m2/repository/javax/websocket/javax.websocket-api/1.1/javax.websocket-api-1.1.jar MD5: be29e11a4a15742aa6fb418fa46345e3 SHA1: eeeb68631711256418dfbb47b11c731b6c8f6235 SHA256:a260973517bf6411d659b588a719aa27e7e4e47dfbd510fceb5bf1023a2c45e4 Referenced In Project/Scope: Simplicite Platform:provided javax.websocket-api-1.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
File Path: /var/simplicite/.m2/repository/javax/ws/rs/javax.ws.rs-api/2.0.1/javax.ws.rs-api-2.0.1.jar MD5: edcd111cf4d3ba8ac8e1f326efc37a17 SHA1: 104e9c2b5583cfcfeac0402316221648d6d8ea6b SHA256:38607d626f2288d8fbc1b1f8a62c369e63806d9a313ac7cbc5f9d6c94f4b466d Referenced In Project/Scope: Simplicite Platform:compile javax.ws.rs-api-2.0.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.jclouds/jclouds-core@2.5.0
File Path: /var/simplicite/.m2/repository/org/jawk/jawk/1.02/jawk-1.02.jar MD5: cd04ea3460d71a03ca5f4232c9ee5f0c SHA1: 7bdd8bb1a1b9adff9b471cc041cba83ef3a2abe6 SHA256:2773c7f47b2ee8f483d6cb30f799c31f81645d23f49910e58ef4cccb2ffe1c7b Referenced In Project/Scope: Simplicite Platform:compile jawk-1.02.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
File Path: /var/simplicite/.m2/repository/javax/xml/bind/jaxb-api/2.3.1/jaxb-api-2.3.1.jar MD5: bcf270d320f645ad19f5edb60091e87f SHA1: 8531ad5ac454cc2deb9d4d32c40c4d7451939b5d SHA256:88b955a0df57880a26a74708bc34f74dcaf8ebf4e78843a28b50eae945732b06 Referenced In Project/Scope: Simplicite Platform:compile jaxb-api-2.3.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
File Path: /var/simplicite/.m2/repository/org/glassfish/jaxb/jaxb-core/3.0.2/jaxb-core-3.0.2.jar MD5: d97e45fa20c174781424552e4283e460 SHA1: e83d0b0005525ddd8b8642bd0bb02227fcf871f1 SHA256:f9a360b939597643b2676e35fc497afb561d20e8a513128a5c0070366db11bbd Referenced In Project/Scope: Simplicite Platform:compile jaxb-core-3.0.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.glassfish.jaxb/jaxb-runtime@3.0.2
File Path: /var/simplicite/.m2/repository/com/sun/xml/bind/jaxb-impl/2.3.3/jaxb-impl-2.3.3.jar MD5: 8f59ab4ced2bb2e3a732e924852fac98 SHA1: 3758e8c1664979749e647a9ca8c7ea1cd83c9b1e SHA256:e5178d0c7948247f75a13c689bf36f4d5d4910a121f712aa3b20ae94377069d8 Referenced In Project/Scope: Simplicite Platform:compile jaxb-impl-2.3.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.jclouds/jclouds-core@2.5.0
File Path: /var/simplicite/.m2/repository/org/plutext/jaxb-svg11/11.4.0/jaxb-svg11-11.4.0.jar MD5: f48497d2e66ef552a508709b19f3edb9 SHA1: 1213219395e7b6c3ab6affdc7b343ded7a044140 SHA256:1ee69b8ee0a3d0d931b71b9f5475724b0cce1a181070890ed1b53fc09199a3ed Referenced In Project/Scope: Simplicite Platform:compile jaxb-svg11-11.4.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.docx4j/docx4j-core@11.4.5
Java Image I/O plugin for reading JBIG2-compressed image data.
Formerly known as the levigo JBig2 ImageIO plugin (com.levigo.jbig2:levigo-jbig2-imageio).
File Path: /var/simplicite/.m2/repository/org/apache/pdfbox/jbig2-imageio/3.0.4/jbig2-imageio-3.0.4.jar MD5: c51f45dc3d29bbf716774f9ff9e95ad6 SHA1: ad09a9bb94ea791ea81fb6c5bc2b13dd77872598 SHA256:29cb2951622f10acf61fd0656c4e6fa5562194a9095f7a1d26aa426e2f6b17eb Referenced In Project/Scope: Simplicite Platform:compile jbig2-imageio-3.0.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/slf4j/jcl-over-slf4j/1.7.36/jcl-over-slf4j-1.7.36.jar MD5: 8065610cde33ed9fd5d34367912c1938 SHA1: d877e195a05aca4a2f1ad2ff14bfec1393af4b5e SHA256:ab57ca8fd223772c17365d121f59e94ecbf0ae59d08c03a3cb5b81071c019195 Referenced In Project/Scope: Simplicite Platform:compile jcl-over-slf4j-1.7.36.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
File Path: /var/simplicite/.m2/repository/org/apache/jclouds/jclouds-core/2.5.0/jclouds-core-2.5.0.jar MD5: 6ded54a675394e6616b0903cef2f010c SHA1: 5049a87e66c154e69f666e6d1a70e2ab925e53a8 SHA256:c899f7b6cf7ae7cc18b32d82f2cdd6f487e46143a11572f1f1e6f19d839f9ca2 Referenced In Project/Scope: Simplicite Platform:compile jclouds-core-2.5.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
A complete, Java-based solution for accessing, manipulating,
and outputting XML data
License:
Similar to Apache License but with the acknowledgment clause removed: https://raw.github.com/hunterhacker/jdom/master/LICENSE.txt
File Path: /var/simplicite/.m2/repository/org/jdom/jdom2/2.0.6.1/jdom2-2.0.6.1.jar MD5: 5be72710c66f3c9ba71f8009e92597d1 SHA1: dc15dff8f701b227ee523eeb7a17f77c10eafe2f SHA256:0b20f45e3a0fd8f0d12cdc5316b06776e902b1365db00118876f9175c60f302c Referenced In Project/Scope: Simplicite Platform:compile jdom2-2.0.6.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.tika/tika-parsers-standard-package@2.7.0
File Path: /var/simplicite/.m2/repository/redis/clients/jedis/4.3.1/jedis-4.3.1.jar MD5: eaca03c5afc8b8513ce2f2e8d68be4b0 SHA1: c780769bddbb1dbba2441c89af68e9fa126a32cb SHA256:597894244e42e1b3171470e9294781824dbf617949e77aa0230eaa3ec4772db4 Referenced In Project/Scope: Simplicite Platform:compile jedis-4.3.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
File Path: /var/simplicite/.m2/repository/org/apache/pdfbox/jempbox/1.8.17/jempbox-1.8.17.jar MD5: d207dd1ac7a64b3c425a97a9638dd03b SHA1: 388997fbd1b57f8e424c4447e3fc8ce5dd2fc665 SHA256:ded9c81038dd1bbcba18f07e1028d70c9ceaf0b48ac56cea8ab6ec2c255fc1b3 Referenced In Project/Scope: Simplicite Platform:compile jempbox-1.8.17.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
EPL 2.0: http://www.eclipse.org/legal/epl-2.0
The GNU General Public License (GPL), Version 2, With Classpath Exception: https://www.gnu.org/software/classpath/license.html
Apache License, 2.0: http://www.apache.org/licenses/LICENSE-2.0.html
Public Domain: https://creativecommons.org/publicdomain/zero/1.0/
File Path: /var/simplicite/.m2/repository/org/glassfish/jersey/core/jersey-common/2.29.1/jersey-common-2.29.1.jar MD5: acb846e05010206d0673977940da9bee SHA1: ea60b9ace56f1ae758c2eebbb48e8387d959102f SHA256:923c7b4af55430c80ce33e39731d6f7b1db6746e8aa6d4009eeb154a3e1e0f32 Referenced In Project/Scope: Simplicite Platform:provided jersey-common-2.29.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.docusign/docusign-esign-java@3.18.0
Eclipse Jersey 2.28 to 2.33 and Eclipse Jersey 3.0.0 to 3.0.1 contains a local information disclosure vulnerability. This is due to the use of the File.createTempFile which creates a file inside of the system temporary directory with the permissions: -rw-r--r--. Thus the contents of this file are viewable by all other users locally on the system. As such, if the contents written is security sensitive, it can be disclosed to other local users.
CWE-378 Creation of Temporary File With Insecure Permissions
File Path: /var/simplicite/.m2/repository/org/glassfish/jersey/inject/jersey-hk2/2.29.1/jersey-hk2-2.29.1.jar MD5: 39f12392bc8a0ab2b7801dd73056034a SHA1: 54b316e9f91ac9de1e6900aeb63457505862a296 SHA256:eb74851a7fa38003877ec90dd413c404c862bd3e313b0ab884c74bf16fc76579 Referenced In Project/Scope: Simplicite Platform:provided jersey-hk2-2.29.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.docusign/docusign-esign-java@3.18.0
JFreeChart is a class library, written in Java, for generating charts.
Utilising the Java2D API, it supports a wide range of chart types including
bar charts, pie charts, line charts, XY-plots, time series plots, Sankey charts
and more.
License:
GNU Lesser General Public Licence: http://www.gnu.org/licenses/lgpl.txt
File Path: /var/simplicite/.m2/repository/org/jfree/jfreechart/1.5.4/jfreechart-1.5.4.jar MD5: 36e760314d688997c7e5ad135a3efc44 SHA1: 9a5edddb05a3ca4fbc0628c594e6641a6f36a3b4 SHA256:cd0649b04b64f2638b55c7c3ac24788ff064b777bbbaf1b952f82ee078ed8b81 Referenced In Project/Scope: Simplicite Platform:compile jfreechart-1.5.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
JFreeChart v1.5.4 was discovered to be vulnerable to ArrayIndexOutOfBounds via the 'setSeriesNeedle(int index, int type)' method. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification.
JFreeChart v1.5.4 was discovered to contain a NullPointerException via the component /chart/annotations/CategoryLineAnnotation. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification.
JFreeChart v1.5.4 was discovered to contain a NullPointerException via the component /labels/BubbleXYItemLabelGenerator.java. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification.
JHighlight is an embeddable pure Java syntax highlighting
library that supports Java, HTML, XHTML, XML and LZX
languages and outputs to XHTML.
It also supports RIFE templates tags and highlights them
clearly so that you can easily identify the difference
between your RIFE markup and the actual marked up source.
License:
CDDL, v1.0: http://www.opensource.org/licenses/cddl1.php
LGPL, v2.1 or later: http://www.opensource.org/licenses/lgpl-license.php
File Path: /var/simplicite/.m2/repository/org/codelibs/jhighlight/1.1.0/jhighlight-1.1.0.jar MD5: 849a2714c0bcd777a51c79ecf333e4f0 SHA1: 8ae20cc1eadb26bbc721611d509b808bf41d1a14 SHA256:2f7d5c92db46e76a7564dd98d4d00b822d808e21b01a2c9b60e8249c41351ed1 Referenced In Project/Scope: Simplicite Platform:compile jhighlight-1.1.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.tika/tika-parsers-standard-package@2.7.0
File Path: /var/simplicite/.m2/repository/io/jsonwebtoken/jjwt-api/0.11.2/jjwt-api-0.11.2.jar MD5: 19d7722419b64944d28b7432e596c94c SHA1: 57c34dce3e88f2972c5c5465b6291acfb5628084 SHA256:fa340e4c0b81f24c4c0f943c4454343efe9e055f648c600f2b3b637763cf6f28 Referenced In Project/Scope: Simplicite Platform:compile jjwt-api-0.11.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.twilio.sdk/twilio@8.29.0
File Path: /var/simplicite/.m2/repository/io/jsonwebtoken/jjwt-impl/0.11.2/jjwt-impl-0.11.2.jar MD5: c467a0094bd3764d749b249b009de656 SHA1: 8fd8acf9d3cb9a2db05bfa484c2a1408cc3507f9 SHA256:cf5896bdb086df7e7451ffde5f5691fb6ae7ec6bffa4e82071d3c5a426b11995 Referenced In Project/Scope: Simplicite Platform:runtime jjwt-impl-0.11.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.twilio.sdk/twilio@8.29.0
File Path: /var/simplicite/.m2/repository/io/jsonwebtoken/jjwt-jackson/0.11.2/jjwt-jackson-0.11.2.jar MD5: 8f35ab366b0ba25447629d0a60264b82 SHA1: bff0b63d4cbace7b38551a70350875e69201ffeb SHA256:6c200dcf0df3fa3c6ea31dab95a4154708d2c5d01dd1c4d7974fcfe651bee45d Referenced In Project/Scope: Simplicite Platform:compile jjwt-jackson-0.11.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.twilio.sdk/twilio@8.29.0
A Less CSS compiler written completely in Java (pure Java).
License:
MIT License: http://www.opensource.org/licenses/mit-license.php
File Path: /var/simplicite/.m2/repository/de/inetsoftware/jlessc/1.10/jlessc-1.10.jar MD5: bd2d9f6be54058c2e109ebdbce16b3d8 SHA1: be040c43e8d0b032e58706646bdf44e7e4062ec7 SHA256:7d2012d7ca2f529843dcc9db701e3e59d0cbf590fd48c8a6153d2bfa6968018e Referenced In Project/Scope: Simplicite Platform:compile jlessc-1.10.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/simplicite/ant/jlessc-ant/1.10/jlessc-ant-1.10.jar MD5: face16e0be54ff562cef7ba12707377f SHA1: 58e69a229c0390095331edf520c4d547700d18a1 SHA256:094c7c03c77c421e5f6fe750ab11f4162e75487862038dc19b2342e7ebeb56c7 Referenced In Project/Scope: Simplicite Platform:compile jlessc-ant-1.10.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
Matlab's MAT-file I/O API in JAVA. Supports Matlab 5 MAT-flie format reading and writing. Written in pure JAVA.
License:
BSD: http://www.linfo.org/bsdlicense.html
File Path: /var/simplicite/.m2/repository/org/tallison/jmatio/1.5/jmatio-1.5.jar MD5: 6eccf45b3a4bb3dd0518afcf37b8ed35 SHA1: 517d932cc87a3b564f3f7a07ac347b725b619ab4 SHA256:70db8cf9a1818072f290fd464f14a8369c9c58993e6640128a6e8a6379d67ac7 Referenced In Project/Scope: Simplicite Platform:compile jmatio-1.5.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.tika/tika-parsers-standard-package@2.7.0
A Java implementation of the Mustache templating language.
License:
The (New) BSD License: http://www.opensource.org/licenses/bsd-license.php
File Path: /var/simplicite/.m2/repository/com/samskivert/jmustache/1.15/jmustache-1.15.jar MD5: 0b166350b8b372d5caae4f0b692e016f SHA1: 7b3b15951d13b774c76db2f4e14d977952f8b4d8 SHA256:1aeb96b9dc17bc29540b8c3342e8e91ee974d5c604165ecd469dd76b041c250c Referenced In Project/Scope: Simplicite Platform:compile jmustache-1.15.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
Date and time library to replace JDK date handling
License:
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/joda-time/joda-time/2.12.4/joda-time-2.12.4.jar MD5: 40bc7039a3bec98a3b06434712a8b50c SHA1: 41cd821f32bd91b228da19eba162ae75d6404219 SHA256:4d9c2adf2f2d63d4d80f010b30728595e1d71ec996c2234137133f7d6d36e9ad Referenced In Project/Scope: Simplicite Platform:compile joda-time-2.12.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
The jose.4.j library is a robust and easy to use open source implementation of JSON Web Token (JWT) and the JOSE specification suite (JWS, JWE, and JWK).
It is written in Java and relies solely on the JCA APIs for cryptography.
Please see https://bitbucket.org/b_c/jose4j/wiki/Home for more info, examples, etc..
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/bitbucket/b_c/jose4j/0.9.3/jose4j-0.9.3.jar MD5: 583d1968840e8e5f83840c2b20f7eacc SHA1: 9670e11587194cb6b1b2edcaa688a3fab85b4148 SHA256:6265ad3e28a8b02ac3a9f98b9efced79671df8e0a556e9851ad65ffbea51a12a Referenced In Project/Scope: Simplicite Platform:compile jose4j-0.9.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
The jose4j component before 0.9.4 for Java allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.
Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2023-51775 for details
JSON is a light-weight, language independent, data interchange format.
See http://www.JSON.org/
The files in this package implement JSON encoders/decoders in Java.
It also includes the capability to convert between JSON and XML, HTTP
headers, Cookies, and CDL.
This is a reference implementation. There are a large number of JSON packages
in Java. Perhaps someday the Java community will standardize on one. Until
then, choose carefully.
License:
Public Domain: https://github.com/stleary/JSON-java/blob/master/LICENSE
File Path: /var/simplicite/.m2/repository/org/json/json/20231013/json-20231013.jar MD5: 1a0702c57783ce9e948252c34644f328 SHA1: e22e0c040fe16f04ffdb85d851d77b07fc05ea52 SHA256:0f18192df289114e17aa1a0d0a7f8372cc9f5c7e4f7e39adcf8906fe714fa7d3 Referenced In Project/Scope: Simplicite Platform:compile json-20231013.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data.
Denial of Service in JSON-Java versions up to and including 20230618. A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.
CWE-770 Allocation of Resources Without Limits or Throttling
The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/jayway/jsonpath/json-path/2.8.0/json-path-2.8.0.jar MD5: 501b9f34e6a05c20dd74e6b40e066617 SHA1: b4ab3b7a9e425655a0ca65487bbbd6d7ddb75160 SHA256:9601707e95cd79fb98570a01ea8cfb857b5cde948744d6e0edf733c11002c95b Referenced In Project/Scope: Simplicite Platform:compile json-path-2.8.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/googlecode/json-simple/json-simple/1.1.1/json-simple-1.1.1.jar MD5: 5cc2c478d73e8454b4c369cee66c5bc7 SHA1: c9ad4a0850ab676c5c64461a05ca524cdfff59f1 SHA256:4e69696892b88b41c55d49ab2fdcc21eead92bf54acc588c0050596c3b75199c Referenced In Project/Scope: Simplicite Platform:compile json-simple-1.1.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
JSON (JavaScript Object Notation) is a lightweight data-interchange format. It is easy for humans to read and write. It is easy for machines to parse and generate. It is based on a subset of the JavaScript Programming Language, Standard ECMA-262 3rd Edition - December 1999. JSON is a text format that is completely language independent but uses conventions that are familiar to programmers of the C-family of languages, including C, C++, C#, Java, JavaScript, Perl, Python, and many others. These properties make JSON an ideal data-interchange language.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/net/minidev/json-smart/2.4.10/json-smart-2.4.10.jar MD5: 36e22527b5f44ea6f0ff3086608cbf38 SHA1: 91cb329e9424bf32131eeb1ce2d17bf31b9899bc SHA256:70cab5e9488630dc631b1fc6e7fa550d95cddd19ba14db39ceca7cabfbd4e5ae Referenced In Project/Scope: Simplicite Platform:runtime json-smart-2.4.10.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.jayway.jsonpath/json-path@2.8.0
jsoup is a Java library for working with real-world HTML. It provides a very convenient API for fetching URLs and extracting and manipulating data, using the best of HTML5 DOM methods and CSS selectors. jsoup implements the WHATWG HTML5 specification, and parses HTML to the same DOM as modern browsers do.
License:
The MIT License: https://jsoup.org/license
File Path: /var/simplicite/.m2/repository/org/jsoup/jsoup/1.16.1/jsoup-1.16.1.jar MD5: ed35af29909c856c8ee4c4001d660e0f SHA1: ae551410a16433984cd4a8603622fafa9d8299f0 SHA256:1f115726540ddf71958c14bc517ebfc49cf481e91cd917b0face84f01272e901 Referenced In Project/Scope: Simplicite Platform:compile jsoup-1.16.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar MD5: dd83accb899363c32b07d7a1b2e4ce40 SHA1: 25ea2e8b0c338a877313bd4672d3fe056ea78f0d SHA256:766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7 Referenced In Project/Scope: Simplicite Platform:compile jsr305-3.0.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.google.protobuf/protobuf-java-util@3.22.3
JTidy is a Java port of HTML Tidy, a HTML syntax checker and pretty printer. Like its non-Java cousin, JTidy can be
used as a tool for cleaning up malformed and faulty HTML. In addition, JTidy provides a DOM interface to the
document that is being processed, which effectively makes you able to use JTidy as a DOM parser for real-world HTML.
License:
Java HTML Tidy License: http://jtidy.svn.sourceforge.net/viewvc/jtidy/trunk/jtidy/LICENSE.txt?revision=95
File Path: /var/simplicite/.m2/repository/net/sf/jtidy/jtidy/r938/jtidy-r938.jar MD5: 6a9121561b8f98c0a8fb9b6e57f50e6b SHA1: ab08d87a225a715a69107732b67f21e1da930349 SHA256:6fc03e51e73fa884f06e7eae0761e045e56fdeb4e146a4d952e3023cc9e3fb43 Referenced In Project/Scope: Simplicite Platform:compile jtidy-r938.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
An issue was discovered jtidy thru r938 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.
File Path: /var/simplicite/.m2/repository/org/slf4j/jul-to-slf4j/1.7.36/jul-to-slf4j-1.7.36.jar MD5: 2a3fe73e6cafe8f102facaf2dd65353f SHA1: ed46d81cef9c412a88caef405b58f93a678ff2ca SHA256:9e641fb142c5f0b0623d6222c09ea87523a41bf6bed48ac79940724010b989de Referenced In Project/Scope: Simplicite Platform:compile jul-to-slf4j-1.7.36.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
JUnit is a unit testing framework for Java, created by Erich Gamma and Kent Beck.
License:
Eclipse Public License 1.0: http://www.eclipse.org/legal/epl-v10.html
File Path: /var/simplicite/.m2/repository/junit/junit/4.13.2/junit-4.13.2.jar MD5: d98a9a02a99a9acd22d7653cbcc1f31f SHA1: 8ac9e16d933b6fb43bc7f576336b8f4d7eb5ba12 SHA256:8e495b634469d64fb8acfa3495a065cbacc8a0fff55ce1e31007be4c16dc57d3 Referenced In Project/Scope: Simplicite Platform:compile junit-4.13.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
JUniversalChardet is a Java encoding detector library
License:
Mozilla Public License Version 1.1: https://www.mozilla.org/en-US/MPL/1.1/
GENERAL PUBLIC LICENSE, version 3 (GPL-3.0): http://www.gnu.org/licenses/gpl.txt
GNU LESSER GENERAL PUBLIC LICENSE, version 3 (LGPL-3.0): http://www.gnu.org/licenses/lgpl.txt
File Path: /var/simplicite/.m2/repository/com/github/albfernandez/juniversalchardet/2.4.0/juniversalchardet-2.4.0.jar MD5: f69e5002bd3d45adcd82fc5c85811779 SHA1: 2c4171a0accd36c11c5097ac1fe804dbbbfcd158 SHA256:2e6492c9ce13b0ace01e8d326fb789cbb02f5fd95edea1fc5bd5b922d172764d Referenced In Project/Scope: Simplicite Platform:compile juniversalchardet-2.4.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.tika/tika-parsers-standard-package@2.7.0
File Path: /var/simplicite/.m2/repository/com/github/junrar/junrar/7.5.4/junrar-7.5.4.jar MD5: 0156bc08ec804838f37efe3a2f78fd27 SHA1: 81a664ca66186506fb5683e8a1eee4cad40ce2cc SHA256:c5944987cd070d13a9fbd515262f4ba263c72e6dd3f986a4d7f10eae1b6eb0ce Referenced In Project/Scope: Simplicite Platform:compile junrar-7.5.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.tika/tika-parsers-standard-package@2.7.0
Java library for reading and writing WARC files with a typed API
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/netpreserve/jwarc/0.21.0/jwarc-0.21.0.jar MD5: bab9cb56440e033d32677af01d8b2b61 SHA1: 1b333e2f0607ef78b43b47b2594fcac8196255d2 SHA256:0fd69cf59fe158a649255055bd3a524025f300a9f7f8d01ef4f3e215deb88b55 Referenced In Project/Scope: Simplicite Platform:compile jwarc-0.21.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.tika/tika-parsers-standard-package@2.7.0
The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/kafka/kafka-clients/3.5.1/kafka-clients-3.5.1.jar MD5: 9bf0422d3b4b856abe5dafe46c760a06 SHA1: 2675a2dc48735f75d0694ca8bd8d4d3cb3737c17 SHA256:e017aa068e5ad50c4c187b5e61a3dc24a60fba711f9ced15bcc09f5b3eaf3c64 Referenced In Project/Scope: Simplicite Platform:compile kafka-clients-3.5.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
While an Apache Kafka cluster is being migrated from ZooKeeper mode to KRaft mode, in some cases ACLs will not be correctly enforced.
Two preconditions are needed to trigger the bug:
1. The administrator decides to remove an ACL
2. The resource associated with the removed ACL continues to have two or more other ACLs associated with it after the removal.
When those two preconditions are met, Kafka will treat the resource as if it had only one ACL associated with it after the removal, rather than the two or more that would be correct.
The incorrect condition is cleared by removing all brokers in ZK mode, or by adding a new ACL to the affected resource. Once the migration is completed, there is no metadata loss (the ACLs all remain).
The full impact depends on the ACLs in use. If only ALLOW ACLs were configured during the migration, the impact would be limited to availability impact. if DENY ACLs were configured, the impact could include confidentiality and integrity impact depending on the ACLs configured, as the DENY ACLs might be ignored due to this vulnerability during the migration period.
File Path: /var/simplicite/.m2/repository/com/googlecode/libphonenumber/libphonenumber/8.13.11/libphonenumber-8.13.11.jar MD5: 74766b6af48a07383f5a734f6a8ef7ce SHA1: eeb12d123d4e8b6035240cc47ee776b16c878502 SHA256:71c810c10d20ce34b8b40793c62c0461644d3fe9d79e685e60825fca0abcde63 Referenced In Project/Scope: Simplicite Platform:compile libphonenumber-8.13.11.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
An empty artifact that Guava depends on to signal that it is providing
ListenableFuture -- but is also available in a second "version" that
contains com.google.common.util.concurrent.ListenableFuture class, without
any other Guava classes. The idea is:
- If users want only ListenableFuture, they depend on listenablefuture-1.0.
- If users want all of Guava, they depend on guava, which, as of Guava
27.0, depends on
listenablefuture-9999.0-empty-to-avoid-conflict-with-guava. The 9999.0-...
version number is enough for some build systems (notably, Gradle) to select
that empty artifact over the "real" listenablefuture-1.0 -- avoiding a
conflict with the copy of ListenableFuture in guava itself. If users are
using an older version of Guava or a build system other than Gradle, they
may see class conflicts. If so, they can solve them by manually excluding
the listenablefuture artifact or manually forcing their build systems to
use 9999.0-....
File Path: /var/simplicite/.m2/repository/com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar MD5: d094c22570d65e132c19cea5d352e381 SHA1: b421526c5f297295adef1c886e5246c39d4ac629 SHA256:b372a037d4230aa57fbeffdef30fd6123f9c0c2db85d0aced00c91b974f33f99 Referenced In Project/Scope: Simplicite Platform:compile listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.google.guava/guava@31.1-jre
File Path: /var/simplicite/.m2/repository/org/apache/logging/log4j/log4j-core/2.21.0/log4j-core-2.21.0.jar MD5: 1024daad23bbd97c630e8df1f73cb026 SHA1: 122e1a9e0603cc9eae07b0846a6ff01f2454bc49 SHA256:d0f77cecddc269169bef40873e53a9610ba38ca1c4a1cff32f306b3a7ea8a7ea Referenced In Project/Scope: Simplicite Platform:compile log4j-core-2.21.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
File Path: /var/simplicite/.m2/repository/org/apache/logging/log4j/log4j-slf4j-impl/2.21.0/log4j-slf4j-impl-2.21.0.jar MD5: 47d164b1dd03d48270be71ce4a7a6ec4 SHA1: 911fdb5b1a1df36719c579ecc6f2957b88bce1ab SHA256:58b357b8aa7893cbedd97201ebbffba6360d87bef586cf6a5a0c3517d5d75257 Referenced In Project/Scope: Simplicite Platform:compile log4j-slf4j-impl-2.21.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
File Path: /var/simplicite/.m2/repository/org/apache/lucene/lucene-core/9.5.0/lucene-core-9.5.0.jar MD5: 610bb59c63e6c456d4a8e66c7868f5b6 SHA1: bba4ba5d30e71a5f0017e45e8469db8cff8ad102 SHA256:b1f37bf3573d8221d659ad97a239fcdbd49809937564d49d2ccf5c3dc26ba0ea Referenced In Project/Scope: Simplicite Platform:compile lucene-core-9.5.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
Java ports and bindings of the LZ4 compression algorithm and the xxHash hashing algorithm
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/lz4/lz4-java/1.8.0/lz4-java-1.8.0.jar MD5: 936a927700aa8fc3b75d21d7571171f6 SHA1: 4b986a99445e49ea5fbf5d149c4b63f6ed6c6780 SHA256:d74a3334fb35195009b338a951f918203d6bbca3d1d359033dc33edd1cadc9ef Referenced In Project/Scope: Simplicite Platform:runtime lz4-java-1.8.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.kafka/kafka-clients@3.5.1
Mbassador is a fast and flexible event bus system following the publish subscribe pattern.
It is designed for ease of use and aims to be feature rich and extensible while preserving resource efficiency
and performance.
It provides non-blocking iterators and minimal write contention with low memory footprint.
Some features:
declarative handler definition via annotations,
sync and/or async event delivery,
weak or strong references,
configurable event filters,
License:
MIT license: http://www.opensource.org/licenses/mit-license.php
File Path: /var/simplicite/.m2/repository/net/engio/mbassador/1.3.2/mbassador-1.3.2.jar MD5: 6844d9220e623fa491776e38a61f29a2 SHA1: 4ebb2c5f853bf8a5f87147b186a9758d2e2ec0af SHA256:469e2e9c68271eadaff12483bbb1abc640ea9973af7fa0519250e04f503aca67 Referenced In Project/Scope: Simplicite Platform:compile mbassador-1.3.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.docx4j/docx4j-core@11.4.5
GNU Lesser General Public License, Version 2.1: http://www.gnu.org/licenses/lgpl-2.1.html
Eclipse Public License, Version 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: /var/simplicite/.m2/repository/com/mchange/mchange-commons-java/0.2.19/mchange-commons-java-0.2.19.jar MD5: 795d7e75026388f4d90aa9719666e5db SHA1: 7a4bee38ea02bd7dee776869b19fb3f6861d6acf SHA256:03761838ba2a7c9cce56ba84781633f107c8befb4e3607b336ee3010f915165d Referenced In Project/Scope: Simplicite Platform:compile mchange-commons-java-0.2.19.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.mchange/c3p0@0.9.5.5
Java library for extracting EXIF, IPTC, XMP, ICC and other metadata from image and video files.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/drewnoakes/metadata-extractor/2.18.0/metadata-extractor-2.18.0.jar MD5: b6794ef7c38ce80abca173119a7a4ebd SHA1: fa9fd43a28b10333108c603819810d5176d2b092 SHA256:4789361fd0638bdb241554b7a0ccae205ed239697e2b70fa9cadaded6984b565 Referenced In Project/Scope: Simplicite Platform:compile metadata-extractor-2.18.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.tika/tika-parsers-standard-package@2.7.0
File Path: /var/simplicite/.m2/repository/com/brsanthu/migbase64/2.2/migbase64-2.2.jar MD5: da3ef3a9a9fa358ed789b37a3c780727 SHA1: bcc14967d516e93c527897a6c531ba76b5751faa SHA256:07224584b6227efbb815e96e3153945786e2a6b1a934620b6130331c2351c129 Referenced In Project/Scope: Simplicite Platform:provided migbase64-2.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.docusign/docusign-esign-java@3.18.0
Provides a streaming API to access attachments parts in a MIME message.
License:
Eclipse Distribution License - v 1.0: http://www.eclipse.org/org/documents/edl-v10.php
File Path: /var/simplicite/.m2/repository/org/jvnet/mimepull/mimepull/1.9.11/mimepull-1.9.11.jar MD5: 14d04d21f1d41b42438f4be94f6e6057 SHA1: d1cd7921d4c6c77938cefbb16d4f646c74278718 SHA256:58a29baedb4d7affdcc35624f3fd0674b6de3fbb188afb8515ae1b52ffedaf69 Referenced In Project/Scope: Simplicite Platform:provided mimepull-1.9.11.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.docusign/docusign-esign-java@3.18.0
Mockito mock objects library core API and implementation
License:
The MIT License: https://github.com/mockito/mockito/blob/main/LICENSE
File Path: /var/simplicite/.m2/repository/org/mockito/mockito-core/5.3.0/mockito-core-5.3.0.jar MD5: 9b5f92b71745d6bc0bfb9001eb46ee9d SHA1: a8169e15cb4016bd35594134c84f62b773e3391d SHA256:e3e4884f165f76cbe2782f5ac4a9e6b78c8e63fa73c83bd5aee4919f54ff9ba5 Referenced In Project/Scope: Simplicite Platform:compile mockito-core-5.3.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
Evidence
Type
Source
Name
Value
Confidence
Vendor
file
name
mockito-core
High
Vendor
jar
package name
and
Highest
Vendor
jar
package name
api
Highest
Vendor
jar
package name
mockito
Highest
Vendor
Manifest
automatic-module-name
org.mockito
Medium
Vendor
Manifest
bundle-symbolicname
org.mockito.mockito-core
Medium
Vendor
pom
artifactid
mockito-core
Highest
Vendor
pom
artifactid
mockito-core
Low
Vendor
pom
developer id
bric3
Medium
Vendor
pom
developer id
mockitoguy
Medium
Vendor
pom
developer id
raphw
Medium
Vendor
pom
developer id
TimvdLippe
Medium
Vendor
pom
developer name
Brice Dutheil
Medium
Vendor
pom
developer name
Rafael Winterhalter
Medium
Vendor
pom
developer name
Szczepan Faber
Medium
Vendor
pom
developer name
Tim van der Lippe
Medium
Vendor
pom
groupid
org.mockito
Highest
Vendor
pom
name
mockito-core
High
Vendor
pom
url
mockito/mockito
Highest
Product
file
name
mockito-core
High
Product
jar
package name
and
Highest
Product
jar
package name
api
Highest
Product
jar
package name
mockito
Highest
Product
Manifest
automatic-module-name
org.mockito
Medium
Product
Manifest
Bundle-Name
Mockito Mock Library for Java. Core bundle requires Byte Buddy and Objenesis.
The Java operations layer for the MongoDB Java Driver.
Third parties can wrap this layer to provide custom higher-level APIs
License:
The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/mongodb/mongodb-driver-core/3.12.13/mongodb-driver-core-3.12.13.jar MD5: 46e83d86c3ec88fc25c43de8f0c58b80 SHA1: dfcff66c1c9e35ae30e8ba5f440c45dac1ffe71c SHA256:594a01898cf59edea763817b98c627931883d7a95c7b43ae15829a388c0e938c Referenced In Project/Scope: Simplicite Platform:compile mongodb-driver-core-3.12.13.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.mongodb/mongodb-driver@3.12.13
MIT License: http://www.opensource.org/licenses/mit-license.php
File Path: /var/simplicite/.m2/repository/com/microsoft/sqlserver/mssql-jdbc/12.6.1.jre11/mssql-jdbc-12.6.1.jre11.jar MD5: 29f9dc1ea8d8d5fddce00028bf2129c8 SHA1: 243d5f31442b851e930e664e85547fd8658007ac SHA256:3b1a70145dbaff98daa70022791e15becfb2b9534cc9e8cfaa1bdba6a3edeb8e Referenced In Project/Scope: Simplicite Platform:runtime mssql-jdbc-12.6.1.jre11.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
The GNU General Public License, v2 with Universal FOSS Exception, v1.0
File Path: /var/simplicite/.m2/repository/com/mysql/mysql-connector-j/8.3.0/mysql-connector-j-8.3.0.jar MD5: 48d9e8892746315faf8023c1b26fd8bb SHA1: 1cc7fa5d61f4bbc113531a4ba6d85d41cf3d57e1 SHA256:94e7fa815370cdcefed915db7f53f88445fac110f8c3818392b992ec9ee6d295 Referenced In Project/Scope: Simplicite Platform:runtime mysql-connector-j-8.3.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
Evidence
Type
Source
Name
Value
Confidence
Vendor
file
name
mysql-connector-j
High
Vendor
hint analyzer
vendor
oracle
Highest
Vendor
hint analyzer (hint)
vendor
sun
Highest
Vendor
jar
package name
cj
Highest
Vendor
jar
package name
driver
Highest
Vendor
jar
package name
jdbc
Highest
Vendor
jar
package name
mysql
Highest
Vendor
jar
package name
type
Highest
Vendor
Manifest
bundle-symbolicname
com.mysql.cj
Medium
Vendor
Manifest
Implementation-Vendor
Oracle
High
Vendor
Manifest
Implementation-Vendor-Id
com.mysql
Medium
Vendor
Manifest
specification-vendor
Oracle Corporation
Low
Vendor
Manifest (hint)
Implementation-Vendor
sun
High
Vendor
pom
artifactid
mysql-connector-j
Highest
Vendor
pom
artifactid
mysql-connector-j
Low
Vendor
pom
developer email
filipe.silva@oracle.com
Low
Vendor
pom
developer name
Filipe Silva
Medium
Vendor
pom
developer org
Oracle Corporation
Medium
Vendor
pom
developer org URL
https://www.oracle.com/
Medium
Vendor
pom
groupid
com.mysql
Highest
Vendor
pom
name
MySQL Connector/J
High
Vendor
pom
organization name
Oracle Corporation
High
Vendor
pom
organization url
https://www.oracle.com/
Medium
Vendor
pom
url
http://dev.mysql.com/doc/connector-j/en/
Highest
Product
file
name
mysql-connector-j
High
Product
hint analyzer
product
mysql_connector/j
Highest
Product
hint analyzer
product
mysql_connector_j
Highest
Product
hint analyzer
product
mysql_connectors
Highest
Product
jar
package name
cj
Highest
Product
jar
package name
driver
Highest
Product
jar
package name
jdbc
Highest
Product
jar
package name
mysql
Highest
Product
jar
package name
type
Highest
Product
jar
package name
xdevapi
Highest
Product
Manifest
Bundle-Name
Oracle Corporation's JDBC and XDevAPI Driver for MySQL
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers and clients.
File Path: /var/simplicite/.m2/repository/io/netty/netty-codec-http/4.1.91.Final/netty-codec-http-4.1.91.Final.jar MD5: 3cbdc6f7f8adc40cc3e827c8776e0898 SHA1: 4519d2ff470941f0086214b19c9acf992868112f SHA256:e1806a0df6e5cdda968ebe34496b8287e100d29e0e3b6c6b8b9c3d462b16162a Referenced In Project/Scope: Simplicite Platform:compile netty-codec-http-4.1.91.Final.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `SniHandler` can allocate up to 16MB of heap for each channel during the TLS handshake. When the handler or the channel does not have an idle timeout, it can be used to make a TCP server using the `SniHandler` to allocate 16MB of heap. The `SniHandler` class is a handler that waits for the TLS handshake to configure a `SslHandler` according to the indicated server name by the `ClientHello` record. For this matter it allocates a `ByteBuf` using the value defined in the `ClientHello` record. Normally the value of the packet should be smaller than the handshake packet but there are not checks done here and the way the code is written, it is possible to craft a packet that makes the `SslClientHelloHandler`. This vulnerability has been fixed in version 4.1.94.Final.
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `HttpPostRequestDecoder` can be tricked to accumulate data. While the decoder can store items on the disk if configured so, there are no limits to the number of fields the form can have, an attacher can send a chunked post consisting of many small fields that will be accumulated in the `bodyListHttpData` list. The decoder cumulates bytes in the `undecodedChunk` buffer until it can decode a field, this field can cumulate data without limits. This vulnerability is fixed in 4.1.108.Final.
Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2024-29025 for details
CWE-770 Allocation of Resources Without Limits or Throttling
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers and clients.
File Path: /var/simplicite/.m2/repository/io/netty/netty-codec-mqtt/4.1.91.Final/netty-codec-mqtt-4.1.91.Final.jar MD5: 89c344802e865356426229228e9c72a6 SHA1: 33cad42e1894592436bdb588585a42d1bd2d35c3 SHA256:1e6fa3d295869f815127465c57bb00c2b858b753e6f1c37a813437943bfe32bf Referenced In Project/Scope: Simplicite Platform:compile netty-codec-mqtt-4.1.91.Final.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `SniHandler` can allocate up to 16MB of heap for each channel during the TLS handshake. When the handler or the channel does not have an idle timeout, it can be used to make a TCP server using the `SniHandler` to allocate 16MB of heap. The `SniHandler` class is a handler that waits for the TLS handshake to configure a `SslHandler` according to the indicated server name by the `ClientHello` record. For this matter it allocates a `ByteBuf` using the value defined in the `ClientHello` record. Normally the value of the packet should be smaller than the handshake packet but there are not checks done here and the way the code is written, it is possible to craft a packet that makes the `SslClientHelloHandler`. This vulnerability has been fixed in version 4.1.94.Final.
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers and clients.
File Path: /var/simplicite/.m2/repository/io/netty/netty-transport/4.1.91.Final/netty-transport-4.1.91.Final.jar MD5: e0b07b66d2b0fa29393108d8a75a1555 SHA1: c2f6bd7143194ca842b535546a405c06aa993934 SHA256:9cb5f94745be48c56bce3f3e3729188b62470a3f810ab215d59d567695b2fe10 Referenced In Project/Scope: Simplicite Platform:compile netty-transport-4.1.91.Final.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `SniHandler` can allocate up to 16MB of heap for each channel during the TLS handshake. When the handler or the channel does not have an idle timeout, it can be used to make a TCP server using the `SniHandler` to allocate 16MB of heap. The `SniHandler` class is a handler that waits for the TLS handshake to configure a `SslHandler` according to the indicated server name by the `ClientHello` record. For this matter it allocates a `ByteBuf` using the value defined in the `ClientHello` record. Normally the value of the packet should be smaller than the handshake packet but there are not checks done here and the way the code is written, it is possible to craft a packet that makes the `SslClientHelloHandler`. This vulnerability has been fixed in version 4.1.94.Final.
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers and clients.
File Path: /var/simplicite/.m2/repository/io/netty/netty-transport-native-kqueue/4.1.75.Final/netty-transport-native-kqueue-4.1.75.Final-osx-x86_64.jar MD5: aae2eb19eca60717834d6bf87bb2aa99 SHA1: dd6d79e4604c6c33fe03b5fc98a526b592760982 SHA256:e7ad1930187e9ec4d78a36f3d782484087e7592894d566a8438cf882b041108a Referenced In Project/Scope: Simplicite Platform:compile netty-transport-native-kqueue-4.1.75.Final-osx-x86_64.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.qpid/qpid-jms-client@1.6.0
Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version 4.1.86.Final. There is no workaround, except using a custom HaProxyMessageDecoder.
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `SniHandler` can allocate up to 16MB of heap for each channel during the TLS handshake. When the handler or the channel does not have an idle timeout, it can be used to make a TCP server using the `SniHandler` to allocate 16MB of heap. The `SniHandler` class is a handler that waits for the TLS handshake to configure a `SslHandler` according to the indicated server name by the `ClientHello` record. For this matter it allocates a `ByteBuf` using the value defined in the `ClientHello` record. Normally the value of the packet should be smaller than the handshake packet but there are not checks done here and the way the code is written, it is possible to craft a packet that makes the `SslClientHelloHandler`. This vulnerability has been fixed in version 4.1.94.Final.
Netty is an open-source, asynchronous event-driven network application framework. The package `io.netty:netty-codec-http` prior to version 4.1.77.Final contains an insufficient fix for CVE-2021-21290. When Netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. This only impacts applications running on Java version 6 and lower. Additionally, this vulnerability impacts code running on Unix-like systems, and very old versions of Mac OSX and Windows as they all share the system temporary directory between all users. Version 4.1.77.Final contains a patch for this vulnerability. As a workaround, specify one's own `java.io.tmpdir` when starting the JVM or use DefaultHttpDataFactory.setBaseDir(...) to set the directory to something that is only readable by the current user.
CWE-378 Creation of Temporary File With Insecure Permissions, CWE-379 Creation of Temporary File in Directory with Insecure Permissions, CWE-668 Exposure of Resource to Wrong Sphere
File Path: /var/simplicite/.m2/repository/org/apache/jclouds/api/oauth/2.5.0/oauth-2.5.0.jar MD5: 236fb76e5003c949c59bf2023590ce95 SHA1: c030a5e65c8124c0217f2d3a3dd21ce0e7bac0d3 SHA256:161c1f8ab317c0dbabd7b61928059bb4d2fc8e4af24d7923a335f4c5ee6356a1 Referenced In Project/Scope: Simplicite Platform:compile oauth-2.5.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.jclouds.provider/azureblob@2.5.0
File Path: /var/simplicite/.m2/repository/org/objenesis/objenesis/3.3/objenesis-3.3.jar MD5: ab0e0b2ab81affdd7f38bcc60fd85571 SHA1: 1049c09f1de4331e8193e579448d0916d75b7631 SHA256:02dfd0b0439a5591e35b708ed2f5474eb0948f53abf74637e959b8e4ef69bfeb Referenced In Project/Scope: Simplicite Platform:runtime objenesis-3.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.mockito/mockito-core@5.3.0
Oracle JDBC Driver compatible with JDK11, JDK12, JDK13, JDK14 and JDK15
License:
Oracle Free Use Terms and Conditions (FUTC): https://www.oracle.com/downloads/licenses/oracle-free-license.html
File Path: /var/simplicite/.m2/repository/com/oracle/database/jdbc/ojdbc11/23.3.0.23.09/ojdbc11-23.3.0.23.09.jar MD5: 2fe50e29ebea91610e6fa001ab8045c3 SHA1: 405bcbc8d8dab59f562125fa1d2b7e06d21649f3 SHA256:5ffffe668e713f0fa3ea37096d40704181b005b79c24fe34f20364c918c411b0 Referenced In Project/Scope: Simplicite Platform:runtime ojdbc11-23.3.0.23.09.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
File Path: /var/simplicite/.m2/repository/com/squareup/okhttp/okhttp/2.7.5/okhttp-2.7.5.jar MD5: 1943a0ecbb1c503874c8c483284377e4 SHA1: 7a15a7db50f86c4b64aa3367424a60e3a325b8f1 SHA256:88ac9fd1bb51f82bcc664cc1eb9c225c90dc4389d660231b4cc737bebfe7d0aa Referenced In Project/Scope: Simplicite Platform:compile okhttp-2.7.5.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.commons/commons-vfs2@2.9.0
In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-171980069
A flaw was found in Red Hat's AMQ-Streams, which ships a version of the OKHttp component with an information disclosure flaw via an exception triggered by a header containing an illegal value. This issue could allow an authenticated attacker to access information outside of their regular permissions.
CWE-209 Generation of Error Message Containing Sensitive Information
File Path: /var/simplicite/.m2/repository/com/squareup/okio/okio/1.6.0/okio-1.6.0.jar MD5: 164d1c28c323cf6e2a917d60374c5718 SHA1: 98476622f10715998eacf9240d6b479f12c66143 SHA256:114bdc1f47338a68bcbc95abf2f5cdc72beeec91812f2fcd7b521c1937876266 Referenced In Project/Scope: Simplicite Platform:compile okio-1.6.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.commons/commons-vfs2@2.9.0
GzipSource does not handle an exception that might be raised when parsing a malformed gzip buffer. This may lead to denial of service of the Okio client when handling a crafted GZIP archive, by using the GzipSource class.
CWE-681 Incorrect Conversion between Numeric Types
The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/io/opencensus/opencensus-api/0.31.0/opencensus-api-0.31.0.jar MD5: 50e88661f64eae6c4cc60f13af908d59 SHA1: 6634f10ecd5eb3ac248f3ed5ee727c9a28c841bd SHA256:702ba55d78f39d55195dcf041fdfaab7a7490a9ac45013542487ed9e4d3a4d23 Referenced In Project/Scope: Simplicite Platform:compile opencensus-api-0.31.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.google.http-client/google-http-client@1.41.7
The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/io/opencensus/opencensus-contrib-grpc-util/0.28.0/opencensus-contrib-grpc-util-0.28.0.jar MD5: 686921311cfe29a47147d1f48eb737ff SHA1: e70da9aae4aedd13383d4201bcb794b62d9e7d5f SHA256:b9168346e6af6593300a1bc27ef74254aa1f24019885938dd8fb852b877d55f0 Referenced In Project/Scope: Simplicite Platform:compile opencensus-contrib-grpc-util-0.28.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.google.firebase/firebase-admin@8.1.0
The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/io/opencensus/opencensus-contrib-http-util/0.31.0/opencensus-contrib-http-util-0.31.0.jar MD5: 8bc249e1fde8c8c71ff4a8e937738910 SHA1: 3c8c3ead38d762d7f50c5571b05baf724474c5a5 SHA256:bcc6cd79b00c2c2aa59fc2a02d40941083005850ebb52d97d63908d36e77afd3 Referenced In Project/Scope: Simplicite Platform:compile opencensus-contrib-http-util-0.31.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.google.http-client/google-http-client@1.41.7
The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/io/opencensus/opencensus-proto/0.2.0/opencensus-proto-0.2.0.jar MD5: be8bc8ae28e0809dbcd67b3320ced49a SHA1: c05b6b32b69d5d9144087ea0ebc6fab183fb9151 SHA256:0c192d451e9dd74e98721b27d02f0e2b6bca44b51563b5dabf2e211f7a3ebf13 Referenced In Project/Scope: Simplicite Platform:runtime opencensus-proto-0.2.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.google.cloud/google-cloud-pubsub@1.116.3
File Path: /var/simplicite/.m2/repository/com/opencsv/opencsv/5.7.1/opencsv-5.7.1.jar MD5: b402eabb88aca7b196dc3089e109f6b3 SHA1: d707c095bc8c7c22fb3e377de774458a76229da4 SHA256:d05a7bd25fd62bf27803d71b80f98ad2d929420072648c09a26d45344d25d6b8 Referenced In Project/Scope: Simplicite Platform:compile opencsv-5.7.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
Open HTML to PDF is a CSS 2.1 renderer written in Java. This artifact contains the core rendering and layout code.
License:
GNU Lesser General Public License (LGPL), version 2.1 or later: http://www.gnu.org/licenses/lgpl.html
File Path: /var/simplicite/.m2/repository/com/openhtmltopdf/openhtmltopdf-core/1.0.10/openhtmltopdf-core-1.0.10.jar MD5: 3a71c751b039576e64db702941185600 SHA1: cab5dcb31834bd86ffb1b1f82811a37fcea63cd2 SHA256:3e6fd2250d833d500b7cd48b7a896700d0c33bd9f77a219e820493b01566eda3 Referenced In Project/Scope: Simplicite Platform:compile openhtmltopdf-core-1.0.10.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.openhtmltopdf/openhtmltopdf-pdfbox@1.0.10
Openhtmltopdf is a CSS 2.1 renderer written in Java. This artifact supports PDF output with Apache PDF-BOX 2.
License:
GNU Lesser General Public License (LGPL), version 2.1 or later: http://www.gnu.org/licenses/lgpl.html
File Path: /var/simplicite/.m2/repository/com/openhtmltopdf/openhtmltopdf-pdfbox/1.0.10/openhtmltopdf-pdfbox-1.0.10.jar MD5: 1a0db19be8e308ae5326833e7e08b674 SHA1: 4041442fda47e760985cea8005d51a830031420f SHA256:7de90df1b3ecf84e6f0daf808d724c11142007a2f22bff1936479bf17251d31a Referenced In Project/Scope: Simplicite Platform:compile openhtmltopdf-pdfbox-1.0.10.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
jclouds components to access an implementation of OpenStack Keystone
File Path: /var/simplicite/.m2/repository/org/apache/jclouds/api/openstack-keystone/2.5.0/openstack-keystone-2.5.0.jar MD5: ac2441c823ea61f9fde668aa3061273d SHA1: a7e89bd278fa8be9fa604dda66d1606de5530797 SHA256:3041d4f13447002f98ce0da52208b456ccf382c12cf7d6036268caea704879e5 Referenced In Project/Scope: Simplicite Platform:compile openstack-keystone-2.5.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.jclouds.api/openstack-swift@2.5.0
An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any user authenticated within a limited scope (trust/oauth/application credential) can create an EC2 credential with an escalated permission, such as obtaining admin while the user is on a limited viewer role. This potentially allows a malicious user to act as the admin on a project another user has the admin role on, which can effectively grant that user global admin privileges.
An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The list of roles provided for an OAuth1 access token is silently ignored. Thus, when an access token is used to request a keystone token, the keystone token contains every role assignment the creator had for the project. This results in the provided keystone token having more role assignments than the creator intended, possibly giving unintended escalated access.
An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any authenticated user can create an EC2 credential for themselves for a project that they have a specified role on, and then perform an update to the credential user and project, allowing them to masquerade as another user. This potentially allows a malicious user to act as the admin on a project another user has the admin role on, which can effectively grant that user global admin privileges.
A flaw was found in openstack-keystone. Only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integrity.
An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The EC2 API doesn't have a signature TTL check for AWS Signature V4. An attacker can sniff the Authorization header, and then use it to reissue an OpenStack token an unlimited number of times.
CWE-347 Improper Verification of Cryptographic Signature, CWE-294 Authentication Bypass by Capture-replay
In the Federation component of OpenStack Keystone before 11.0.4, 12.0.0, and 13.0.0, an authenticated "GET /v3/OS-FEDERATION/projects" request may bypass intended access restrictions on listing projects. An authenticated user may discover projects they have no authority to access, leaking all projects in the deployment and their attributes. Only Keystone with the /v3/OS-FEDERATION endpoint enabled via policy.json is affected.
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
OpenStack Keystone through 14.0.1 has a user enumeration vulnerability because invalid usernames have much faster responses than valid ones for a POST /v3/auth/tokens request. NOTE: the vendor's position is that this is a hardening opportunity, and not necessarily an issue that should have an OpenStack Security Advisory
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
jclouds components to access an implementation of OpenStack Swift
File Path: /var/simplicite/.m2/repository/org/apache/jclouds/api/openstack-swift/2.5.0/openstack-swift-2.5.0.jar MD5: 95e15a325c61c9b2f65f2066876d8190 SHA1: d99d0eab2e01d69d8a326fc152427fbd759af88a SHA256:5dd32409f975a1a146450a8e181fb73fb2a502dab2b17a42fd03e88c6186d6e8 Referenced In Project/Scope: Simplicite Platform:compile openstack-swift-2.5.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
An issue was discovered in middleware.py in OpenStack Swauth through 1.2.0 when used with OpenStack Swift through 2.15.1. The Swift object store and proxy server are saving (unhashed) tokens retrieved from the Swauth middleware authentication mechanism to a log file as part of a GET URI. This allows attackers to bypass authentication by inserting a token into an X-Auth-Token header of a new request. NOTE: github.com/openstack/swauth URLs do not mean that Swauth is maintained by an official OpenStack project team.
OpenStack Object Storage (Swift) before 2.3.1 (Kilo), 2.4.x, and 2.5.x before 2.5.1 (Liberty) do not properly close server connections, which allows remote attackers to cause a denial of service (proxy-server resource consumption) via a series of interrupted requests to a Large Object URL.
An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x before 2.29.2, and 2.30.0. By supplying crafted XML files, an authenticated user may coerce the S3 API into returning arbitrary file contents from the host server, resulting in unauthorized read access to potentially sensitive data. This impacts both s3api deployments (Rocky or later), and swift3 deployments (Queens and earlier, no longer actively developed).
CWE-552 Files or Directories Accessible to External Parties
In OpenStack Swift through 2.10.1, 2.11.0 through 2.13.0, and 2.14.0, the proxy-server logs full tempurl paths, potentially leaking reusable tempurl signatures to anyone with read access to these logs. All Swift deployments using the tempurl middleware are affected.
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
File Path: /var/simplicite/.m2/repository/org/apache/oltu/oauth2/org.apache.oltu.oauth2.client/1.0.2/org.apache.oltu.oauth2.client-1.0.2.jar MD5: 433638a5fab67c3a8f111d58c1fec0a0 SHA1: b34e09d1cb84c4b63cedb65c5346ac44eecc22c5 SHA256:ebbe0095c829ecbbb29b5ab572277ff11b9e3969114e6f1bac5d23a8c97e7708 Referenced In Project/Scope: Simplicite Platform:compile org.apache.oltu.oauth2.client-1.0.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
File Path: /var/simplicite/.m2/repository/org/apache/oltu/oauth2/org.apache.oltu.oauth2.common/1.0.2/org.apache.oltu.oauth2.common-1.0.2.jar MD5: 48d5e8f17d2f292b32788d2b98b1aebd SHA1: a82fff95276f4c6feadc7993670e659076e43260 SHA256:5e7ce01db88b361543e75644269c9447a059a5fecc23a15f3546eff8680ec968 Referenced In Project/Scope: Simplicite Platform:compile org.apache.oltu.oauth2.common-1.0.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.oltu.oauth2/org.apache.oltu.oauth2.client@1.0.2
File Path: /var/simplicite/.m2/repository/org/eclipse/jgit/org.eclipse.jgit.http.server/6.5.0.202303070854-r/org.eclipse.jgit.http.server-6.5.0.202303070854-r.jar MD5: e6521dfe42dc7a28ca9c1a4026553e2b SHA1: 319c816f09029062c3b67201b67c203331d9e215 SHA256:b1d0a1c001b78cd30c479ebbd0d177f9ef5468f6a7fd51462bde8227f4a3ebe8 Referenced In Project/Scope: Simplicite Platform:compile org.eclipse.jgit.http.server-6.5.0.202303070854-r.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
Arbitrary File Overwrite in Eclipse JGit <= 6.6.0
In Eclipse JGit, all versions <= 6.6.0.202305301015-r, a symbolic link present in a specially crafted git repository can be used to write a file to locations outside the working tree when this repository is cloned with JGit to a case-insensitive filesystem, or when a checkout from a clone of such a repository is performed on a case-insensitive filesystem.
This can happen on checkout (DirCacheCheckout), merge (ResolveMerger via its WorkingTreeUpdater), pull (PullCommand using merge), and when applying a patch (PatchApplier). This can be exploited for remote code execution (RCE), for instance if the file written outside the working tree is a git filter that gets executed on a subsequent git command.
The issue occurs only on case-insensitive filesystems, like the default filesystems on Windows and macOS. The user performing the clone or checkout must have the rights to create symbolic links for the problem to occur, and symbolic links must be enabled in the git configuration.
Setting git configuration option core.symlinks = false before checking out avoids the problem.
The issue was fixed in Eclipse JGit version 6.6.1.202309021850-r and 6.7.0.202309050840-r, available via Maven Central https://repo1.maven.org/maven2/org/eclipse/jgit/ and repo.eclipse.org https://repo.eclipse.org/content/repositories/jgit-releases/ . A backport is available in 5.13.3 starting from 5.13.3.202401111512-r.
The JGit maintainers would like to thank RyotaK for finding and reporting this issue.
CWE-59 Improper Link Resolution Before File Access ('Link Following'), CWE-178 Improper Handling of Case Sensitivity
File Path: /var/simplicite/.m2/repository/org/eclipse/paho/org.eclipse.paho.client.mqttv3/1.2.5/org.eclipse.paho.client.mqttv3-1.2.5.jar MD5: eb09d20835460ad2de7b6d46e77ad113 SHA1: 1546cfc794449c39ad569853843a930104fdc297 SHA256:59914287adac506a28d5e8172eed262a22605f3df4d426b9d92f41dae2448185 Referenced In Project/Scope: Simplicite Platform:compile org.eclipse.paho.client.mqttv3-1.2.5.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
File Path: /var/simplicite/.m2/repository/org/glassfish/hk2/osgi-resource-locator/1.0.3/osgi-resource-locator-1.0.3.jar MD5: e7e82b82118c5387ae45f7bf3892909b SHA1: de3b21279df7e755e38275137539be5e2c80dd58 SHA256:aab5d7849f7cfcda2cc7c541ba1bd365151d42276f151c825387245dfde3dd74 Referenced In Project/Scope: Simplicite Platform:provided osgi-resource-locator-1.0.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.docusign/docusign-esign-java@3.18.0
Parso is a lightweight Java library designed to read SAS7BDAT datasets. The Parso interfaces
are analogous to libraries designed to read table-storing files, for example, CSVReader library.
Despite its small size, the Parso library is the only full-featured open-source solution to process SAS7BDAT
datasets, both uncompressed, CHAR-compressed and BIN-compressed. It is effective in processing clinical and
statistical data often stored in SAS7BDAT format. Parso allows converting data into CSV format.
File Path: /var/simplicite/.m2/repository/com/epam/parso/2.0.14/parso-2.0.14.jar MD5: bcc5179208e31ecddd8ec1cd2f5fca10 SHA1: a02ea1b198c410a105d261efd2d7043739aecd8e SHA256:3b7e7a32915e04caed5dba31be1430aa57b4f9fa2b3d0ab0ed29067510d16575 Referenced In Project/Scope: Simplicite Platform:compile parso-2.0.14.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.tika/tika-parsers-standard-package@2.7.0
File Path: /var/simplicite/.m2/repository/org/apache/pdfbox/pdfbox/2.0.28/pdfbox-2.0.28.jar MD5: f753bbff315de41ed2a5799f83eb9208 SHA1: 82a36bf73db57414b3fb2fc2962859ed453b51bc SHA256:1f7af8587265e418abaa60a37ad6b09cb537549c35fe90c1c5b4cd70bf903dd3 Referenced In Project/Scope: Simplicite Platform:compile pdfbox-2.0.28.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
File Path: /var/simplicite/.m2/repository/io/perfmark/perfmark-api/0.23.0/perfmark-api-0.23.0.jar MD5: 571d67b7639e3aa95e6f2b887ca53357 SHA1: 0b813b7539fae6550541da8caafd6add86d4e22f SHA256:c705b5c10c18ff3032b9e81742bc2f6b0e5607f6a6dfc0c8ad0cff75d4913042 Referenced In Project/Scope: Simplicite Platform:runtime perfmark-api-0.23.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.google.cloud/google-cloud-pubsub@1.116.3
Apache POI - Java API To Access Microsoft Format Files
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/poi/poi/5.2.3/poi-5.2.3.jar MD5: d4b21c2109d83abb8e93ba4bcfbdeb3a SHA1: 2fb22ae74ad5aea6af1a9c64b9542f2ccf348604 SHA256:1d4c81a283e127693db89e85df45119d9d312d5686d2439b5be9445c2c649155 Referenced In Project/Scope: Simplicite Platform:compile poi-5.2.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
File Path: /var/simplicite/.m2/repository/org/postgresql/postgresql/42.7.3/postgresql-42.7.3.jar MD5: f52f459fe317bf7e22327b72b381fc8a SHA1: 24f3e9f7231428cd20eb4dde00dd3fce44e05464 SHA256:a2644cbfba1baa145ff7e8c8ef582a6eed7a7ec4ca792f7f054122bdec756268 Referenced In Project/Scope: Simplicite Platform:runtime postgresql-42.7.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
Evidence
Type
Source
Name
Value
Confidence
Vendor
file
name
postgresql
High
Vendor
jar
package name
driver
Highest
Vendor
jar
package name
jdbc
Highest
Vendor
jar
package name
postgresql
Highest
Vendor
Manifest
automatic-module-name
org.postgresql.jdbc
Medium
Vendor
Manifest
bundle-copyright
Copyright (c) 2003-2020, PostgreSQL Global Development Group
The Apache Preflight library is an open source Java tool that implements
a parser compliant with the ISO-19005 (PDF/A) specification. Preflight is a
subproject of Apache PDFBox.
File Path: /var/simplicite/.m2/repository/org/apache/pdfbox/preflight/2.0.28/preflight-2.0.28.jar MD5: 43291329b987a50931a9d01ad3cd2a01 SHA1: cf6f7697203310c985abccb5bd24ab3058aa14e3 SHA256:7bfb1ba168e7871898d95237d8b9afc4567c73f5a0a3816f5d4460af52f413b3 Referenced In Project/Scope: Simplicite Platform:compile preflight-2.0.28.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
File Path: /var/simplicite/.m2/repository/com/google/cloud/proto-google-cloud-firestore-bundle-v1/2.6.1/proto-google-cloud-firestore-bundle-v1-2.6.1.jar MD5: 4a591fdc3bcf11a83dfa5bfc65226ee2 SHA1: 006216edf565c63f10a84c24da880c05ab7de176 SHA256:d2fb95180c4a310b5f99c2fb4da35d093a5570fe6ad027a25f8f062ffef9b28a Referenced In Project/Scope: Simplicite Platform:compile proto-google-cloud-firestore-bundle-v1-2.6.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.google.firebase/firebase-admin@8.1.0
File Path: /var/simplicite/.m2/repository/com/google/api/grpc/proto-google-cloud-firestore-v1/2.6.1/proto-google-cloud-firestore-v1-2.6.1.jar MD5: 571f1da3a245ddae2d5c196f6ae90152 SHA1: dd2336241c125e9247e133eb322a49d0cd29a35d SHA256:908bc1b9b565c67a6dd80afcb57d9d4926fc240aa31b2a800e1337fbd72d8b66 Referenced In Project/Scope: Simplicite Platform:compile proto-google-cloud-firestore-v1-2.6.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.google.firebase/firebase-admin@8.1.0
File Path: /var/simplicite/.m2/repository/com/google/api/grpc/proto-google-cloud-pubsub-v1/1.98.3/proto-google-cloud-pubsub-v1-1.98.3.jar MD5: f5a4e7c3d33a9a1f8062d0646c21bfe0 SHA1: a751cb465bdd8d45d6c716f0a2de8bc91045b3dc SHA256:68275d03751afcefdfdd2cfdea9a856b25b7ce0ab972cda686ffe77d7d38d8be Referenced In Project/Scope: Simplicite Platform:compile proto-google-cloud-pubsub-v1-1.98.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.google.cloud/google-cloud-pubsub@1.116.3
File Path: /var/simplicite/.m2/repository/com/google/api/grpc/proto-google-common-protos/2.8.0/proto-google-common-protos-2.8.0.jar MD5: 101d534c41a4f2a4e0851344a06837b5 SHA1: 8adcbc3c5c3b1b7af1cf1e8a25af26a516d62a4c SHA256:2d74ed7623ba43211529a5701cd7c6e87cb66d5f94508b4dc0f35c789ef75d00 Referenced In Project/Scope: Simplicite Platform:compile proto-google-common-protos-2.8.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.google.cloud/google-cloud-storage@2.6.0
File Path: /var/simplicite/.m2/repository/com/google/api/grpc/proto-google-iam-v1/1.2.10/proto-google-iam-v1-1.2.10.jar MD5: b83b79a6f77007595bcefb69c3b4ce82 SHA1: 28feb1cf90b8e9d06c8c5deec5d888baae2ca793 SHA256:ca0f22c250c2e06dab35d8fbec216dda37119fadb36adc1373a81725aa6376bf Referenced In Project/Scope: Simplicite Platform:compile proto-google-iam-v1-1.2.10.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.google.cloud/google-cloud-storage@2.6.0
Core Protocol Buffers library. Protocol Buffers are a way of encoding structured data in an
efficient yet extensible format.
File Path: /var/simplicite/.m2/repository/com/google/protobuf/protobuf-java/3.22.3/protobuf-java-3.22.3.jar MD5: e39845796ebd9fdb1b0f30ffef7ec2ee SHA1: fdee98b8f6abab73f146a4edb4c09e56f8278d03 SHA256:59d388ea6a2d2d76ae8efff7fd4d0c60c6f0f464c3d3ab9be8e5add092975708 Referenced In Project/Scope: Simplicite Platform:compile protobuf-java-3.22.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
File Path: /var/simplicite/.m2/repository/org/apache/qpid/proton-j/0.33.10/proton-j-0.33.10.jar MD5: 55d0529cb097f647e53cff7a4189b128 SHA1: fb31048dec7642e31982a46500acb211f52f6314 SHA256:1fcddf5c76e70eff331900443c51e1a2c8d313b5ffc70611995fadfb6c36d96a Referenced In Project/Scope: Simplicite Platform:compile proton-j-0.33.10.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.qpid/qpid-jms-client@1.6.0
QDox is a high speed, small footprint parser for extracting class/interface/method definitions from source files
complete with JavaDoc @tags. It is designed to be used by active code generators or documentation tools.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/thoughtworks/qdox/qdox/1.12/qdox-1.12.jar MD5: b8d83192c2f42a04f40bef4e24a8d7c5 SHA1: 466993f8362511ecc42e6508d3db1880bfcd5c56 SHA256:f9d7ad96f70d69e9c06c10e515b878f33810f1ad677cce9f6ae6772778d570ab Referenced In Project/Scope: Simplicite Platform:compile qdox-1.12.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.docx4j/docx4j-core@11.4.5
File Path: /var/simplicite/.m2/repository/org/apache/qpid/qpid-jms-client/1.6.0/qpid-jms-client-1.6.0.jar MD5: 6c7e1362ff56676442f54c905a3a40cf SHA1: 8a27823f8dcd722f97936ba955973c37eb0b728c SHA256:199766dc07d9826d71bbe717457baaedd26c2393a9ba9798f75bb32de0a66f9f Referenced In Project/Scope: Simplicite Platform:compile qpid-jms-client-1.6.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
File Path: /var/simplicite/.m2/repository/net/glxn/qrgen/1.4/qrgen-1.4.jar MD5: 22aedd5cea2b5d4edc650ab1e08a1ff9 SHA1: fbb2465ec16db786a164e66f2a1e67e2e9254303 SHA256:4985f423c0ced38a1b60ac0f2b76e9a260fe54a276ed313c362ae85fdbe39c35 Referenced In Project/Scope: Simplicite Platform:compile qrgen-1.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
http://www.apache.org/licenses/LICENSE-2.0.txt
Apache Software License, Version 2.0
File Path: /var/simplicite/.m2/repository/org/quartz-scheduler/quartz/2.3.2/quartz-2.3.2.jar MD5: d7299dbaec0e0ed7af281b07cc40c8c1 SHA1: 18a6d6b5a40b77bd060b34cb9f2acadc4bae7c8a SHA256:639c6a675bc472e1568df9d8c954ff702da6f83ed27da0ff9a7bd12ed73b8bf0 Referenced In Project/Scope: Simplicite Platform:compile quartz-2.3.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
quartz-jobs 2.3.2 and below was discovered to contain a code injection vulnerability in the component org.quartz.jobs.ee.jms.SendQueueMessageJob.execute. This vulnerability is exploited via passing an unchecked argument. NOTE: this is disputed by multiple parties because it is not plausible that untrusted user input would reach the code location where injection must occur.
CWE-94 Improper Control of Generation of Code ('Code Injection')
File Path: /var/simplicite/.m2/repository/com/google/re2j/re2j/1.5/re2j-1.5.jar MD5: d72a422e39af34e96259bf152b1c99dc SHA1: 2ddd41c99436fa2b3cd9d26880541d7f3349828a SHA256:c062f67e5b11c66650e45c0f420b1d5768e8b8009b0b3b5daf9bcc5880a7894c Referenced In Project/Scope: Simplicite Platform:runtime re2j-1.5.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.google.cloud/google-cloud-pubsub@1.116.3
File Path: /var/simplicite/.m2/repository/org/reactivestreams/reactive-streams/1.0.3/reactive-streams-1.0.3.jar MD5: 69122b098fff1c6b1bf2cd3b355e7e03 SHA1: d9fb7a7926ffa635b3dcaa5049fb2bfa25b3e7d0 SHA256:1dee0481072d19c929b623e155e14d2f6085dc011529a0a0dbefc84cf571d865 Referenced In Project/Scope: Simplicite Platform:compile reactive-streams-1.0.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.graphql-java/graphql-java@20.2
File Path: /var/simplicite/.m2/repository/com/sun/xml/bind/external/relaxng-datatype/3.0.2/relaxng-datatype-3.0.2.jar MD5: d958357b53f3548859b2d6dbe196a314 SHA1: 221ee282707d196f927a5e0bb0c3129f4ef36575 SHA256:c18b270f140f15eac8cbbedd46cc77727e02f7685a2e2db7ec122049990d166b Referenced In Project/Scope: Simplicite Platform:compile relaxng-datatype-3.0.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.glassfish.jaxb/jaxb-xjc@3.0.2
Rhino is an open-source implementation of JavaScript written entirely in Java.
It is typically embedded into Java applications to provide scripting to end users.
License:
Mozilla Public License, Version 2.0: http://www.mozilla.org/MPL/2.0/index.txt
File Path: /var/simplicite/.m2/repository/org/mozilla/rhino/1.7.13/rhino-1.7.13.jar MD5: 17d7bed97d9c03a77578ec16e26bfc2f SHA1: e6b2e12dc79fbdc58d8bf62a583705a551ec37d6 SHA256:931dda33789d8e004ff5b5478ee3d6d224305de330c48266df7c3e49d52fc606 Referenced In Project/Scope: Simplicite Platform:compile rhino-1.7.13.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
A js-engine.jar that provides a script engine "rhino" with old Rhino JavaScript.
The source code for js-engine comes from https://java.net/projects/Scripting.
The Rhino engine itself is pulled by maven. Its source is at https://github.com/mozilla/rhino.
License:
The BSD 3-Clause License: https://opensource.org/licenses/BSD-3-Clause
File Path: /var/simplicite/.m2/repository/cat/inspiracio/rhino-js-engine/1.7.10/rhino-js-engine-1.7.10.jar MD5: 5543d39bea21e5c9515e8d967a61e1b1 SHA1: 09cc9336acf7bd2f370ae812d5713e90463edc33 SHA256:b47d73c223c86fd3f70470a9a8269626dbb6e9cb0195d062ba53171a2df7ff44 Referenced In Project/Scope: Simplicite Platform:compile rhino-js-engine-1.7.10.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
File Path: /var/simplicite/.m2/repository/com/sun/xml/bind/external/rngom/3.0.2/rngom-3.0.2.jar MD5: 9da4e8789a42db6267e4aa4fcdc4d8e2 SHA1: 6ab744428cf27988de4a2bcae7e7adef2941e174 SHA256:aa8eb8ced381576753dd0071657962b8d8e60e63276309a66f54cf9f8a3cd313 Referenced In Project/Scope: Simplicite Platform:compile rngom-3.0.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.glassfish.jaxb/jaxb-xjc@3.0.2
All Roads Lead to ROME. ROME is a set of Atom/RSS Java utilities that make it
easy to work in Java with most syndication formats. Today it accepts all flavors of RSS
(0.90, 0.91, 0.92, 0.93, 0.94, 1.0 and 2.0), Atom 0.3 and Atom 1.0 feeds. Rome includes
a set of parsers and generators for the various flavors of feeds, as well as converters
to convert from one format to another. The parsers can give you back Java objects that
are either specific for the format you want to work with, or a generic normalized
SyndFeed object that lets you work on with the data without bothering about the
underlying format.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/rometools/rome/1.18.0/rome-1.18.0.jar MD5: 9cbf294bc581c22fe9b36c5ccdbf566c SHA1: bdc2933175bb9d92b41e4ace771f645f524d75d3 SHA256:2776a17a8923e2f31a8d694cd1e265a0e03c9b67e3f9404937dac854fb60d11c Referenced In Project/Scope: Simplicite Platform:compile rome-1.18.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.tika/tika-parsers-standard-package@2.7.0
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/rometools/rome-utils/1.18.0/rome-utils-1.18.0.jar MD5: 6c6b80de1688370a8584c7a4e3a9e8b5 SHA1: 3dc676ae59ab0be7ccd2bd6d2214779b97eec7db SHA256:8445ad8e4539e074e8dd5865c2da8582071d593d9aef55267803c7fdcc095c19 Referenced In Project/Scope: Simplicite Platform:compile rome-utils-1.18.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.tika/tika-parsers-standard-package@2.7.0
jclouds components to access an implementation of S3
File Path: /var/simplicite/.m2/repository/org/apache/jclouds/api/s3/2.5.0/s3-2.5.0.jar MD5: e1a1429f317d4d51a541aa8d3c0e31ca SHA1: 08f413ddb4531368996b0664755513654417e95e SHA256:093c48e6a029625da456670f28570abeb921b3a2bdcec5d49bdc2419b3c07ad8 Referenced In Project/Scope: Simplicite Platform:compile s3-2.5.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.jclouds.provider/aws-s3@2.5.0
The MIT License: https://opensource.org/licenses/MIT
File Path: /var/simplicite/.m2/repository/org/semver4j/semver4j/5.2.2/semver4j-5.2.2.jar MD5: ee5a611d94c969ecc43ddac13424cf04 SHA1: 758cda82b388ce468c8d9880eaf6925155e5336c SHA256:cd2856162bdebcd13d4e278fca170b58caa982393e7c674a4cedab17b163eefe Referenced In Project/Scope: Simplicite Platform:compile semver4j-5.2.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
File Path: /var/simplicite/.m2/repository/xalan/serializer/2.7.3/serializer-2.7.3.jar MD5: 21697a2d50f03bfd93ccf7636f8118d3 SHA1: 1aa6259987888f49fdbebb1aa1a88e0f54a44f6f SHA256:5f6804bacdfdb3ccc52d2538536fab8986696d61559b081054a420c653806667 Referenced In Project/Scope: Simplicite Platform:compile serializer-2.7.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
Evidence
Type
Source
Name
Value
Confidence
Vendor
file
name
serializer
High
Vendor
jar
package name
apache
Highest
Vendor
jar
package name
serializer
Highest
Vendor
manifest: org/apache/xml/serializer/
Implementation-Vendor
Apache Software Foundation
Medium
Vendor
manifest: org/apache/xml/serializer/utils/
Implementation-Vendor
Apache Software Foundation
Medium
Vendor
pom
artifactid
serializer
Highest
Vendor
pom
artifactid
serializer
Low
Vendor
pom
groupid
xalan
Highest
Product
file
name
serializer
High
Product
jar
package name
apache
Highest
Product
jar
package name
serializer
Highest
Product
jar
package name
utils
Highest
Product
jar
package name
xml
Highest
Product
manifest: org/apache/xml/serializer/
Implementation-Title
org.apache.xml.serializer
Medium
Product
manifest: org/apache/xml/serializer/
Specification-Title
XSL Transformations (XSLT), at http://www.w3.org/TR/xslt
File Path: /var/simplicite/.m2/repository/org/slf4j/slf4j-api/1.7.36/slf4j-api-1.7.36.jar MD5: 872da51f5de7f3923da4de871d57fd85 SHA1: 6c62681a2f655b49963a5983b8b0950a6120ae14 SHA256:d3ef575e3e4979678dc01bf1dcce51021493b4d11fb7f1be8ad982877c16a1c0 Referenced In Project/Scope: Simplicite Platform:compile slf4j-api-1.7.36.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/yaml/snakeyaml/2.0/snakeyaml-2.0.jar MD5: caf24b81b9d57e6d4f68b1ccd36e00a3 SHA1: 3aab2116756442bf0d4cd1c089b24d34c3baa253 SHA256:880c9d896e4b74a06c549c15ca496450165d6909fa15d7e662bee8f6a66d7afa Referenced In Project/Scope: Simplicite Platform:compile snakeyaml-2.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
File Path: /var/simplicite/.m2/repository/org/xerial/snappy/snappy-java/1.1.10.1/snappy-java-1.1.10.1.jar MD5: 8c279ac12dc8872fed3ecafce26a2299 SHA1: 4a1e1a22cba39145dfa20f2fef4e1ca38c8e02a1 SHA256:5a6224cb7f946f5a7db9c77e86af6ccd43ba5ae38b1a15bea23113cc83f8fabd Referenced In Project/Scope: Simplicite Platform:runtime snappy-java-1.1.10.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.kafka/kafka-clients@3.5.1
snappy-java is a Java port of the snappy, a fast C++ compresser/decompresser developed by Google. The SnappyInputStream was found to be vulnerable to Denial of Service (DoS) attacks when decompressing data with a too large chunk size. Due to missing upper bound check on chunk length, an unrecoverable fatal error can occur. All versions of snappy-java including the latest released version 1.1.10.3 are vulnerable to this issue. A fix has been introduced in commit `9f8c3cf74` which will be included in the 1.1.10.4 release. Users are advised to upgrade. Users unable to upgrade should only accept compressed data from trusted sources.
CWE-770 Allocation of Resources Without Limits or Throttling
The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/xerial/sqlite-jdbc/3.45.2.0/sqlite-jdbc-3.45.2.0.jar MD5: efdfd6b90be9db7bb0998339aec16310 SHA1: 2ba1408717e5aaf85d59f65b313553fa8955fa37 SHA256:a817162384b7d9d98fd616ca880bcbf2528cf29e31393666d2df85b307b03764 Referenced In Project/Scope: Simplicite Platform:runtime sqlite-jdbc-3.45.2.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
File Path: /var/simplicite/.m2/repository/org/apache/sshd/sshd-core/2.9.2/sshd-core-2.9.2.jar MD5: 69fe5bc6fbbe4b9dbafaf7e3880fb2e5 SHA1: cca012d0214f0540dc00903b8f5f731280ca6dfc SHA256:b4b66fe8c65af57895eabc1aab6b3104922e1dbca7b2525e32a8ca5b7312848e Referenced In Project/Scope: Simplicite Platform:compile sshd-core-2.9.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.eclipse.jgit/org.eclipse.jgit.ssh.apache@6.5.0.202303070854-r
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.
CWE-354 Improper Validation of Integrity Check Value
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache MINA.
In SFTP servers implemented using Apache MINA SSHD that use a RootedFileSystem, logged users may be able to discover "exists/does not exist" information about items outside the rooted tree via paths including parent navigation ("..") beyond the root, or involving symlinks.
This issue affects Apache MINA: from 1.0 before 2.10. Users are recommended to upgrade to 2.10
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
tax2 API is an extension to basic Stax 1.0 API that adds significant new functionality, such as full-featured bi-direction validation interface and high-performance Typed Access API.
License:
The BSD License: http://www.opensource.org/licenses/bsd-license.php
File Path: /var/simplicite/.m2/repository/org/codehaus/woodstox/stax2-api/4.2.1/stax2-api-4.2.1.jar MD5: af8377bc7882332e22456616a9f164f6 SHA1: a3f7325c52240418c2ba257b103c3c550e140c83 SHA256:678567e48b51a42c65c699f266539ad3d676d4b1a5b0ad7d89ece8b9d5772579 Referenced In Project/Scope: Simplicite Platform:compile stax2-api-4.2.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.fasterxml.jackson.jaxrs/jackson-jaxrs-xml-provider@2.14.2
StringTemplate is a java template engine for generating source code,
web pages, emails, or any other formatted text output.
StringTemplate is particularly good at multi-targeted code generators,
multiple site skins, and internationalization/localization.
It evolved over years of effort developing jGuru.com.
StringTemplate also generates the stringtemplate website: http://www.stringtemplate.org
and powers the ANTLR v3 code generator. Its distinguishing characteristic
is that unlike other engines, it strictly enforces model-view separation.
Strict separation makes websites and code generators more flexible
and maintainable; it also provides an excellent defense against malicious
template authors.
There are currently about 600 StringTemplate source downloads a month.
License:
BSD licence: http://antlr.org/license.html
File Path: /var/simplicite/.m2/repository/org/antlr/stringtemplate/3.2.1/stringtemplate-3.2.1.jar MD5: b58ca53e518a92a1991eb63b61917582 SHA1: 59ec8083721eae215c6f3caee944c410d2be34de SHA256:f66ce72e965e5301cb0f020e54d2ba6ad76feb91b3cbfc30dbbf00c06a6df6d7 Referenced In Project/Scope: Simplicite Platform:compile stringtemplate-3.2.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.docx4j/docx4j-core@11.4.5
The MIT License: https://opensource.org/licenses/MIT
File Path: /var/simplicite/.m2/repository/com/stripe/stripe-java/20.113.0/stripe-java-20.113.0.jar MD5: 9467d476f66d58e983cdba0d3b727140 SHA1: 5bded4cb65c6c183155656a1ab9dad614158651d SHA256:100504363b2aec82aba439a63331c01fb8b16c0822c74911f11d69c9c5d16835 Referenced In Project/Scope: Simplicite Platform:compile stripe-java-20.113.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
jclouds components to access an implementation of Security Token Service (STS)
File Path: /var/simplicite/.m2/repository/org/apache/jclouds/api/sts/2.5.0/sts-2.5.0.jar MD5: e804f69c3d8e458f60545fe77c329d7f SHA1: 3113119daf110ef9f93459b5e391c6fd97efa401 SHA256:6b4bf88b47798c4cf3087d2f57911abb9d3d48e273078996023ed34ff3bec77a Referenced In Project/Scope: Simplicite Platform:compile sts-2.5.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.jclouds.provider/aws-s3@2.5.0
File Path: /var/simplicite/.m2/repository/io/swagger/swagger-annotations/1.5.18/swagger-annotations-1.5.18.jar MD5: e55d57705e9f1a040015cf2fe2e8120b SHA1: f386aa7dc018534e6e05c40fff292e6cd9b9d8f8 SHA256:0f4ca703a5e26ca949aee8f9ee88b2aa7f12b45d6a2e7dd9d343407f97205157 Referenced In Project/Scope: Simplicite Platform:provided swagger-annotations-1.5.18.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.docusign/docusign-esign-java@3.18.0
File Path: /var/simplicite/.m2/repository/io/swagger/core/v3/swagger-core/2.2.9/swagger-core-2.2.9.jar MD5: 16ceed74eab126e884eaee7368897b66 SHA1: b49209fa7b6924426fae10a8e682cd2123d3cd24 SHA256:cd1ac5852c10e4c578f20d636d98cabb0f62fa8985384b24c258f6970153f127 Referenced In Project/Scope: Simplicite Platform:compile swagger-core-2.2.9.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
TagSoup is a SAX-compliant parser written in Java that, instead of parsing well-formed or valid XML, parses HTML as it is found in the wild: poor, nasty and brutish, though quite often far from short. TagSoup is designed for people who have to process this stuff using some semblance of a rational application design. By providing a SAX interface, it allows standard XML tools to be applied to even the worst HTML. TagSoup also includes a command-line processor that reads HTML files and can generate either clean HTML or well-formed XML that is a close approximation to XHTML.
File Path: /var/simplicite/.m2/repository/org/ccil/cowan/tagsoup/tagsoup/1.2.1/tagsoup-1.2.1.jar MD5: ae73a52cdcbec10cd61d9ef22fab5936 SHA1: 5584627487e984c03456266d3f8802eb85a9ce97 SHA256:ac97f7b4b1d8e9337edfa0e34044f8d0efe7223f6ad8f3a85d54cc1018ea2e04 Referenced In Project/Scope: Simplicite Platform:compile tagsoup-1.2.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.tika/tika-parsers-standard-package@2.7.0
File Path: /var/simplicite/.m2/repository/org/threeten/threeten-extra/1.7.2/threeten-extra-1.7.2.jar MD5: a9733b6dc9a835fd4f9a6f32e2ed48ac SHA1: b2e5f470c6c97fee4c05c03eb9c546695a7784c2 SHA256:a1045fe98171dd84c79682b412dbfdd7e4dd72415ecdee14135f726e11604e80 Referenced In Project/Scope: Simplicite Platform:compile threeten-extra-1.7.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
File Path: /var/simplicite/.m2/repository/org/threeten/threetenbp/1.6.8/threetenbp-1.6.8.jar MD5: 4ade1f9a3c1d8e5b00021536fa34a48c SHA1: 4c65b7b43f3fe31350f74cb7d0b2461e111e8dd0 SHA256:e4b1eb3d90c38a54c7f3384fda957e0b5bf0b41b40672a44ae8b03cb6c87ce06 Referenced In Project/Scope: Simplicite Platform:compile threetenbp-1.6.8.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
ThreeTen Backport v1.6.8 was discovered to contain an integer overflow via the component org.threeten.bp.format.DateTimeFormatter::parse(CharSequence, ParsePosition). NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification.
ThreeTen Backport v1.6.8 was discovered to contain a NullPointerException via the component org.threeten.bp.LocalDate::compareTo(ChronoLocalDate). NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification.
File Path: /var/simplicite/.m2/repository/org/apache/tika/tika-core/2.7.0/tika-core-2.7.0.jar MD5: 42b3dd0d4679ec6bafd848b6c0cb3035 SHA1: e9e8f1a7dc833e633fb2c717e8fa811e3e9dbf4a SHA256:2603961edec8bcee014d2c360e5a9a0cdbf10aa8e6e95cf67abe190c837bb054 Referenced In Project/Scope: Simplicite Platform:compile tika-core-2.7.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
TinyMCE is an open source rich text editor. A mutation cross-site scripting (mXSS) vulnerability was discovered in TinyMCE’s core undo/redo functionality and other APIs and plugins. Text nodes within specific parents are not escaped upon serialization according to the HTML standard. If such text nodes contain a special character reserved as an internal marker, they can be combined with other HTML patterns to form malicious snippets. These snippets pass the initial sanitisation layer when the content is parsed into the editor body, but can trigger XSS when the special internal marker is removed from the content and re-parsed. his vulnerability has been patched in TinyMCE versions 6.7.3 and 5.10.9. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s content insertion code. This allowed `iframe` elements containing malicious code to execute when inserted into the editor. These `iframe` elements are restricted in their permissions by same-origin browser protections, but could still trigger operations such as downloading of malicious assets. This vulnerability is fixed in 6.8.1.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s content loading and content inserting code. A SVG image could be loaded though an `object` or `embed` element and that image could potentially contain a XSS payload. This vulnerability is fixed in 6.8.1 and 7.0.0.
Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2024-29881 for details
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
A library to help implement time-based one time passwords to enable MFA.
File Path: /var/simplicite/.m2/repository/dev/samstevens/totp/totp/1.7.1/totp-1.7.1.jar MD5: ceaed46be1e655c451d11cc5cb33e4ff SHA1: c2bcced6c255d48223f5626c4db9af9aa9d43c35 SHA256:f02b3fcab62298907d655acc54c0dc85f7103dc26cee95eed44ebe6fc2af3415 Referenced In Project/Scope: Simplicite Platform:compile totp-1.7.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
MIT License: http://www.opensource.org/licenses/mit-license.php
File Path: /var/simplicite/.m2/repository/com/twilio/sdk/twilio/8.29.0/twilio-8.29.0.jar MD5: 8153724055c8a5036a8e787449ea9d8b SHA1: 32e5f2a20dada9cd3544f855ae4d1f11bf70924b SHA256:4a340a5d85a16189b03d7420552a6649ead93a1278d2e6175425a64cdbd8b75e Referenced In Project/Scope: Simplicite Platform:compile twilio-8.29.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
TXW is a library that allows you to write XML documents.
File Path: /var/simplicite/.m2/repository/org/glassfish/jaxb/txw2/3.0.2/txw2-3.0.2.jar MD5: 1e918807b59e37de5c379d0720a1c335 SHA1: 8c448a44cdcdbb5dd48ff2eb88cab858ed52cf91 SHA256:b4bcf94fb0a759456e2521724513baec94b78e93127544af162e3cff08d93343 Referenced In Project/Scope: Simplicite Platform:compile txw2-3.0.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.glassfish.jaxb/jaxb-runtime@3.0.2
File Path: /var/simplicite/.m2/repository/com/konghq/unirest-java/3.14.2/unirest-java-3.14.2.jar MD5: 68e701e21ea22313fa93b506db1c57df SHA1: 0e7693bc22f364014d9164519fb057a7d86af9a7 SHA256:1df56813f4410de105265f91cb37be4cc9c1dc32902b18b8b8b7bf069ef2f2a7 Referenced In Project/Scope: Simplicite Platform:compile unirest-java-3.14.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
File Path: /var/simplicite/.m2/repository/org/gagravarr/vorbis-java-core/0.8/vorbis-java-core-0.8.jar MD5: 71b623b57f56daf112bddb3337ee896d SHA1: 7e9937c2575cda2e3fc116415117c74f23e43fa6 SHA256:879bb0c8923fea686609e207fd9050ab246e001868341c725929405e755cf68e Referenced In Project/Scope: Simplicite Platform:compile vorbis-java-core-0.8.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.tika/tika-parsers-standard-package@2.7.0
File Path: /var/simplicite/.m2/repository/org/gagravarr/vorbis-java-tika/0.8/vorbis-java-tika-0.8.jar MD5: 85c7b34d5f94e66bf0c79f5d673db750 SHA1: 4ddbb27ac5884a0f0398a63d46a89d3bc87dc457 SHA256:a1b62281a99aec10dc69db1d2f8250952dca5841eedf1167b6b6f9585e2d0d26 Referenced In Project/Scope: Simplicite Platform:compile vorbis-java-tika-0.8.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.tika/tika-parsers-standard-package@2.7.0
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/net/arnx/wmf2svg/0.9.8/wmf2svg-0.9.8.jar MD5: 34b920f0aa840b1792702d253c2c58b7 SHA1: 365614a3ee72ec475d9032f906d37b753fbe2bfa SHA256:c7f136558140c3fbe9410199ca509895faad4fa79bdc185e72a868f1c2819b4a Referenced In Project/Scope: Simplicite Platform:compile wmf2svg-0.9.8.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.docx4j/docx4j-core@11.4.5
Woodstox is a high-performance XML processor that implements Stax (JSR-173),
SAX2 and Stax2 APIs
License:
The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/com/fasterxml/woodstox/woodstox-core/6.5.0/woodstox-core-6.5.0.jar MD5: 7faa8bf352ed3d280244cbc43f55c658 SHA1: cafa8aac5ddf104d28f172f19294d88d5e8c24c0 SHA256:21ad5f842f5332e0e2b56631178df45a8d205921d8370e2d5f557dc7f76cf4e2 Referenced In Project/Scope: Simplicite Platform:compile woodstox-core-6.5.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.fasterxml.jackson.jaxrs/jackson-jaxrs-xml-provider@2.14.2
File Path: /var/simplicite/.m2/repository/xalan/xalan/2.7.3/xalan-2.7.3.jar MD5: e384223db0825925765f2bf66839d26d SHA1: 5095bedf29e73756fb5729f2241fd5ffa33d87e0 SHA256:febd48bb133a96c447282213951a6b74ea7fb45c0d896121296c014316bda6b0 Referenced In Project/Scope: Simplicite Platform:compile xalan-2.7.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
File Path: /var/simplicite/.m2/repository/org/docx4j/org/apache/xalan-interpretive/11.0.0/xalan-interpretive-11.0.0.jar MD5: fc5a8e36ca1cbe5eb05dbf328e058403 SHA1: 7494b62aced4c3d0ffa259e59c435dc9bd7f07b3 SHA256:badfeb922041262d667363e05bd1cea3947f2ad63dc0f586582ef20ab5a52456 Referenced In Project/Scope: Simplicite Platform:compile xalan-interpretive-11.0.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.docx4j/docx4j-core@11.4.5
File Path: /var/simplicite/.m2/repository/org/docx4j/org/apache/xalan-serializer/11.0.0/xalan-serializer-11.0.0.jar MD5: f21112d50f8c5e067bcb388697cb6af1 SHA1: 7a6b5802bdba3d3b12e935b8a0ae2e020d839cfd SHA256:ee20541b9180bbd4dc4d55b825e397aefc1545d11d819e4d488012fa76a4b6dc Referenced In Project/Scope: Simplicite Platform:compile xalan-serializer-11.0.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.docx4j/docx4j-core@11.4.5
Xerces2 provides high performance, fully compliant XML parsers in the Apache Xerces family. This new version of Xerces continues to build upon the Xerces Native Interface (XNI), a complete framework for building parser components and configurations that is extremely modular and easy to program.
The Apache Xerces2 parser is the reference implementation of XNI but other parser components, configurations, and parsers can be written using the Xerces Native Interface. For complete design and implementation documents, refer to the XNI Manual.
Xerces2 provides fully conforming XML Schema 1.0 and 1.1 processors. An experimental implementation of the "XML Schema Definition Language (XSD): Component Designators (SCD) Candidate Recommendation (January 2010)" is also provided for evaluation. For more information, refer to the XML Schema page.
Xerces2 also provides a complete implementation of the Document Object Model Level 3 Core and Load/Save W3C Recommendations and provides a complete implementation of the XML Inclusions (XInclude) W3C Recommendation. It also provides support for OASIS XML Catalogs v1.1.
Xerces2 is able to parse documents written according to the XML 1.1 Recommendation, except that it does not yet provide an option to enable normalization checking as described in section 2.13 of this specification. It also handles namespaces according to the XML Namespaces 1.1 Recommendation, and will correctly serialize XML 1.1 documents if the DOM level 3 load/save APIs are in use.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/xerces/xercesImpl/2.12.2/xercesImpl-2.12.2.jar MD5: 40e4f2d5aacfbf51a9a1572d77a0e5e9 SHA1: f051f988aa2c9b4d25d05f95742ab0cc3ed789e2 SHA256:6fc991829af1708d15aea50c66f0beadcd2cfeb6968e0b2f55c1b0909883fe16 Referenced In Project/Scope: Simplicite Platform:compile xercesImpl-2.12.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
sonatype-2017-0348 - xerces:xercesImpl - Denial of Service (DoS)
The software contains multiple threads or executable segments that are waiting for each other to release a necessary lock, resulting in deadlock.
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/xmlbeans/xmlbeans/5.1.1/xmlbeans-5.1.1.jar MD5: 6f137af5334fbd77a2d64f5de8bf6ff6 SHA1: 48a369df0eccb509d46203104e4df9cb00f0f68b SHA256:5f484a78bed71cbffe3709678b6bdd3463781a7c61c6d9872330aecbf150762a Referenced In Project/Scope: Simplicite Platform:compile xmlbeans-5.1.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.poi/poi-ooxml@5.2.3
Apache XML Graphics Commons is a library that consists of several reusable
components used by Apache Batik and Apache FOP. Many of these components
can easily be used separately outside the domains of SVG and XSL-FO.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/xmlgraphics/xmlgraphics-commons/2.7/xmlgraphics-commons-2.7.jar MD5: ec712218e2391e64672fd8ed1e9e1d71 SHA1: 336ddd6d0a244cdebf26a298fb7c3a5fd45449db SHA256:1fe37a1927bdd699730f0ad39f50a699c9ab4dff0ad047dff1e846cb120ae2b1 Referenced In Project/Scope: Simplicite Platform:compile xmlgraphics-commons-2.7.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.docx4j/docx4j-core@11.4.5
Evidence
Type
Source
Name
Value
Confidence
Vendor
file
name
xmlgraphics-commons
High
Vendor
jar
package name
apache
Highest
Vendor
jar
package name
xmlgraphics
Highest
Vendor
Manifest
Implementation-Vendor
The Apache Software Foundation (http://xmlgraphics.apache.org/)
Apache XML Security for Java supports XML-Signature Syntax and Processing,
W3C Recommendation 12 February 2002, and XML Encryption Syntax and
Processing, W3C Recommendation 10 December 2002. As of version 1.4,
the library supports the standard Java API JSR-105: XML Digital Signature APIs.
License:
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /var/simplicite/.m2/repository/org/apache/santuario/xmlsec/3.0.2/xmlsec-3.0.2.jar MD5: d2abbf133d39a5224417c17ab685224e SHA1: 9bb2f2603902354290c9d5277f67d50444fd8777 SHA256:c802caa2065117eb8e901c3bedfaefebc058badce5c5a76f2d983d9e123e443a Referenced In Project/Scope: Simplicite Platform:compile xmlsec-3.0.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled. Users are recommended to upgrade to version 2.2.6, 2.3.4, or 3.0.3, which fixes this issue.
CWE-532 Insertion of Sensitive Information into Log File
The Apache XmpBox library is an open source Java tool that implements Adobe's XMP(TM)
specification. It can be used to parse, validate and create xmp contents.
It is mainly used by subproject preflight of Apache PDFBox.
XmpBox is a subproject of Apache PDFBox.
File Path: /var/simplicite/.m2/repository/org/apache/pdfbox/xmpbox/2.0.28/xmpbox-2.0.28.jar MD5: a3caad97b0bd417cd3ac6697927bf43a SHA1: 354f7150598c7a64a2180ff58860a4dfe6e61033 SHA256:5569da68395e1600367288a1431daf48e44b7d1b4eae046eefe180d4b42e1fa4 Referenced In Project/Scope: Simplicite Platform:compile xmpbox-2.0.28.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.simplicite/simplicite@5.3.35
The BSD 3-Clause License (BSD3): https://opensource.org/licenses/BSD-3-Clause
File Path: /var/simplicite/.m2/repository/com/adobe/xmp/xmpcore/6.1.11/xmpcore-6.1.11.jar MD5: 37892425fcfeffe88554b3d66dd084ca SHA1: 852f14101381e527e6d43339d7db1698c970436c SHA256:8f7033c579b99fa0d9d6ddcb9448875b5e4b577c350002278ce46997d678b737 Referenced In Project/Scope: Simplicite Platform:compile xmpcore-6.1.11.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.tika/tika-parsers-standard-package@2.7.0
XML Schema Object Model (XSOM) is a Java library that allows applications to easily parse XML Schema
documents and inspect information in them. It is expected to be useful for applications that need to take XML
Schema as an input.
License:
Eclipse Distribution License - v 1.0: http://www.eclipse.org/org/documents/edl-v10.php
File Path: /var/simplicite/.m2/repository/org/glassfish/jaxb/xsom/3.0.2/xsom-3.0.2.jar MD5: 1c642bce44a0bc2b45390c08ce7a6493 SHA1: 032f936578ef5755aaab9627023168a635c3e1c3 SHA256:45706323354a606323ff1130cb575e44c6d4d7aac4439564174d7ccace6cc90a Referenced In Project/Scope: Simplicite Platform:compile xsom-3.0.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.glassfish.jaxb/jaxb-xjc@3.0.2
A remote code execution vulnerability exists in Xterm.js when the component mishandles special characters, aka "Xterm Remote Code Execution Vulnerability." This affects xterm.js.
CWE-94 Improper Control of Generation of Code ('Code Injection')
File Path: /var/simplicite/.m2/repository/org/tukaani/xz/1.9/xz-1.9.jar MD5: 57c2fbfeb55e307ccae52e5322082e02 SHA1: 1ea4bec1a921180164852c65006d928617bd2caf SHA256:211b306cfc44f8f96df3a0a3ddaf75ba8c5289eed77d60d72f889bb855f535e5 Referenced In Project/Scope: Simplicite Platform:compile xz-1.9.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.tika/tika-parsers-standard-package@2.7.0
File Path: /var/simplicite/.m2/repository/com/github/luben/zstd-jni/1.5.5-1/zstd-jni-1.5.5-1.jar MD5: 16ede3375b6c900abafd95b600b512b9 SHA1: fda1d6278299af27484e1cc3c79a060e41b7ef7e SHA256:f779fcd068ad91ac77aa0239104bd42793b0dce807fb1d73b51c635e0ea1e293 Referenced In Project/Scope: Simplicite Platform:runtime zstd-jni-1.5.5-1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.kafka/kafka-clients@3.5.1