Press CTR-C to copy XML [help]


Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

How to read the report | Suppressing false positives | Getting Help: github issues

Project: misis-backend

Scan Information (show all):

Summary

Summary of Vulnerable Dependencies (click to show all)

DependencyVulnerability IDsPackageHighest SeverityCVE CountConfidenceEvidence Count
accordion.module.js 00
accordion.module.min.js 00
accordion.nomodule.js 00
accordion.nomodule.min.js 00
aesh-2.8.2.jarpkg:maven/org.aesh/aesh@2.8.2 031
aether-api-1.0.0.v20140518.jarpkg:maven/org.eclipse.aether/aether-api@1.0.0.v20140518 026
aether-util-1.0.0.v20140518.jarpkg:maven/org.eclipse.aether/aether-util@1.0.0.v20140518 028
analytics.module.js 00
analytics.module.min.js 00
analytics.nomodule.js 00
analytics.nomodule.min.js 00
analyzer-3.0.7.jarpkg:maven/fr.gouv.misis/analyzer@3.0.7 018
analyzer-3.0.7.jar 010
annotations-26.0.2.jarpkg:maven/org.jetbrains/annotations@26.0.2 026
aopalliance-1.0.jarpkg:maven/aopalliance/aopalliance@1.0 019
apiguardian-api-1.1.2.jarpkg:maven/org.apiguardian/apiguardian-api@1.1.2 039
asm-9.6.jarpkg:maven/org.ow2.asm/asm@9.6 053
asm-9.7.1.jarpkg:maven/org.ow2.asm/asm@9.7.1 053
asm-9.8.jarpkg:maven/org.ow2.asm/asm@9.8 053
asm-9.9.jarpkg:maven/org.ow2.asm/asm@9.9 053
asm-analysis-9.9.jarpkg:maven/org.ow2.asm/asm-analysis@9.9 059
asm-commons-9.8.jarpkg:maven/org.ow2.asm/asm-commons@9.8 057
asm-commons-9.9.jarpkg:maven/org.ow2.asm/asm-commons@9.9 057
asm-tree-9.8.jarpkg:maven/org.ow2.asm/asm-tree@9.8 057
asm-tree-9.9.jarpkg:maven/org.ow2.asm/asm-tree@9.9 057
asm-util-9.9.jarpkg:maven/org.ow2.asm/asm-util@9.9 057
assertj-core-3.25.3.jarpkg:maven/org.assertj/assertj-core@3.25.3 066
auto-value-annotations-1.9.jarpkg:maven/com.google.auto.value/auto-value-annotations@1.9 024
breadcrumb.module.js 00
breadcrumb.module.min.js 00
breadcrumb.nomodule.js 00
breadcrumb.nomodule.min.js 00
button.module.js 00
button.module.min.js 00
button.nomodule.js 00
button.nomodule.min.js 00
byte-buddy-agent-1.17.7.jarpkg:maven/net.bytebuddy/byte-buddy-agent@1.17.7 032
byte-buddy-agent-1.17.7.jar: attach_hotspot_windows.dll 02
byte-buddy-agent-1.17.7.jar: attach_hotspot_windows.dll 02
camel-quarkus-core-deployment-3.30.0.jarcpe:2.3:a:apache:camel:3.30.0:*:*:*:*:*:*:*pkg:maven/org.apache.camel.quarkus/camel-quarkus-core-deployment@3.30.0 0Highest27
camel-quarkus-core-deployment-3.30.0.jar: qwc-camel-core-blocked-exchanges.js 00
camel-quarkus-core-deployment-3.30.0.jar: qwc-camel-core-browse.js 00
camel-quarkus-core-deployment-3.30.0.jar: qwc-camel-core-context.js 00
camel-quarkus-core-deployment-3.30.0.jar: qwc-camel-core-events.js 00
camel-quarkus-core-deployment-3.30.0.jar: qwc-camel-core-inflight-exchanges.js 00
camel-quarkus-core-deployment-3.30.0.jar: qwc-camel-core-rest.js 00
camel-quarkus-core-deployment-3.30.0.jar: qwc-camel-core-routes.js 00
camel-quarkus-core-deployment-3.30.0.jar: qwc-camel-core-variables.js 00
camel-quarkus-core-deployment-3.30.0.jar: qwc-camel-core.js 00
card.module.js 00
card.module.min.js 00
card.nomodule.js 00
card.nomodule.min.js 00
com.aayushatharva.brotli4j.brotli4j-1.16.0.jar 012
com.aayushatharva.brotli4j.native-linux-x86_64-1.16.0.jar 09
com.aayushatharva.brotli4j.service-1.16.0.jarcpe:2.3:a:service_project:service:1.16.0:*:*:*:*:*:*:* 0Low9
com.cronutils.cron-utils-9.2.1.jarcpe:2.3:a:cron-utils_project:cron-utils:9.2.1:*:*:*:*:*:*:* 0Low20
com.fasterxml.classmate-1.7.1.jar 024
com.fasterxml.jackson.core.jackson-annotations-2.20.jar 025
com.fasterxml.jackson.core.jackson-core-2.20.1.jar 032
com.fasterxml.jackson.core.jackson-databind-2.20.1.jarcpe:2.3:a:fasterxml:jackson-databind:2.20.1:*:*:*:*:*:*:* 0Highest29
com.fasterxml.jackson.dataformat.jackson-dataformat-yaml-2.20.1.jarcpe:2.3:a:fasterxml:jackson-dataformat-xml:2.20.1:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-dataformats-text:2.20.1:*:*:*:*:*:*:*		 0Highest32
com.fasterxml.jackson.datatype.jackson-datatype-jdk8-2.20.1.jarcpe:2.3:a:fasterxml:jackson-modules-java8:2.20.1:*:*:*:*:*:*:* 0Highest32
com.fasterxml.jackson.datatype.jackson-datatype-jsr310-2.20.1.jarcpe:2.3:a:fasterxml:jackson-modules-java8:2.20.1:*:*:*:*:*:*:* 0Highest32
com.github.ben-manes.caffeine.caffeine-3.2.3.jar 020
com.google.auto.service.auto-service-annotations-1.1.1.jarcpe:2.3:a:service_project:service:1.1.1:*:*:*:*:*:*:* 0Low21
com.google.errorprone.error_prone_annotations-2.44.0.jar 028
com.google.guava.failureaccess-1.0.1.jarcpe:2.3:a:google:guava:1.0.1:*:*:*:*:*:*:*HIGH2Low22
com.google.guava.guava-33.5.0-jre.jarcpe:2.3:a:google:guava:33.5.0:*:*:*:*:*:*:* 0Low21
com.google.j2objc.j2objc-annotations-2.8.jar 09
com.opencsv.opencsv-5.11.2.jar 018
com.rabbitmq.amqp-client-5.20.0.jarcpe:2.3:a:vmware:rabbitmq:5.20.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:rabbitmq_java_client:5.20.0:*:*:*:*:*:*:*		 0High27
com.sun.istack.istack-commons-runtime-4.1.2.jar 024
common-java5-3.2.2.jarpkg:maven/org.apache.maven.surefire/common-java5@3.2.2 025
common-java5-3.2.3.jarpkg:maven/org.apache.maven.surefire/common-java5@3.2.3 025
commonmark-0.27.0.jarpkg:maven/org.commonmark/commonmark@0.27.0 026
commons-cli-1.11.0.jarpkg:maven/commons-cli/commons-cli@1.11.0 0101
commons-codec-1.20.0.jarpkg:maven/commons-codec/commons-codec@1.20.0 0120
commons-compress-1.21.jarcpe:2.3:a:apache:commons_compress:1.21:*:*:*:*:*:*:*pkg:maven/org.apache.commons/commons-compress@1.21MEDIUM2Highest104
commons-compress-1.27.1.jarcpe:2.3:a:apache:commons_compress:1.27.1:*:*:*:*:*:*:*pkg:maven/org.apache.commons/commons-compress@1.27.1 0Highest108
commons-compress-1.28.0.jarcpe:2.3:a:apache:commons_compress:1.28.0:*:*:*:*:*:*:*pkg:maven/org.apache.commons/commons-compress@1.28.0 0Highest107
commons-io-2.11.0.jarcpe:2.3:a:apache:commons_io:2.11.0:*:*:*:*:*:*:*pkg:maven/commons-io/commons-io@2.11.0MEDIUM1Highest122
commons-io-2.12.0.jarcpe:2.3:a:apache:commons_io:2.12.0:*:*:*:*:*:*:*pkg:maven/commons-io/commons-io@2.12.0MEDIUM1Highest122
commons-io-2.15.0.jarcpe:2.3:a:apache:commons_io:2.15.0:*:*:*:*:*:*:*pkg:maven/commons-io/commons-io@2.15.0 0Highest124
commons-io-2.18.0.jarcpe:2.3:a:apache:commons_io:2.18.0:*:*:*:*:*:*:*pkg:maven/commons-io/commons-io@2.18.0 0Highest124
commons-io-2.21.0.jarcpe:2.3:a:apache:commons_io:2.21.0:*:*:*:*:*:*:*pkg:maven/commons-io/commons-io@2.21.0 0Highest126
commons-io-2.6.jarcpe:2.3:a:apache:commons_io:2.6:*:*:*:*:*:*:*pkg:maven/commons-io/commons-io@2.6MEDIUM2Highest116
commons-lang3-3.12.0.jarcpe:2.3:a:apache:commons_lang:3.12.0:*:*:*:*:*:*:*pkg:maven/org.apache.commons/commons-lang3@3.12.0MEDIUM1Highest138
commons-lang3-3.19.0.jarcpe:2.3:a:apache:commons_lang:3.19.0:*:*:*:*:*:*:*pkg:maven/org.apache.commons/commons-lang3@3.19.0 0Highest144
component.module.js 00
component.module.min.js 00
component.nomodule.js 00
component.nomodule.min.js 00
core-3.0.7.jarpkg:maven/fr.gouv.misis/core@3.0.7 018
core.module.js 00
core.module.min.js 00
core.nomodule.js 00
core.nomodule.min.js 00
cyclonedx-core-java-11.0.1.jarcpe:2.3:a:alex_project:alex:11.0.1:*:*:*:*:*:*:*pkg:maven/org.cyclonedx/cyclonedx-core-java@11.0.1 0Low38
database-commons-1.21.3.jarpkg:maven/org.testcontainers/database-commons@1.21.3 023
display.module.js 00
display.module.min.js 00
display.nomodule.js 00
display.nomodule.min.js 00
docker-java-api-3.4.2.jarpkg:maven/com.github.docker-java/docker-java-api@3.4.2 022
docker-java-transport-3.4.2.jarpkg:maven/com.github.docker-java/docker-java-transport@3.4.2 022
docker-java-transport-zerodep-3.4.2.jar (shaded: com.github.docker-java:docker-java-transport-httpclient5:3.4.2)pkg:maven/com.github.docker-java/docker-java-transport-httpclient5@3.4.2 011
docker-java-transport-zerodep-3.4.2.jar (shaded: commons-codec:commons-codec:1.13)pkg:maven/commons-codec/commons-codec@1.13 082
docker-java-transport-zerodep-3.4.2.jar (shaded: org.apache.httpcomponents.client5:httpclient5:5.0.3)cpe:2.3:a:apache:httpclient:5.0.3:*:*:*:*:*:*:*pkg:maven/org.apache.httpcomponents.client5/httpclient5@5.0.3 0Highest11
docker-java-transport-zerodep-3.4.2.jar (shaded: org.apache.httpcomponents.core5:httpcore5-h2:5.0.2)pkg:maven/org.apache.httpcomponents.core5/httpcore5-h2@5.0.2 011
docker-java-transport-zerodep-3.4.2.jar (shaded: org.apache.httpcomponents.core5:httpcore5:5.0.2)pkg:maven/org.apache.httpcomponents.core5/httpcore5@5.0.2 011
docker-java-transport-zerodep-3.4.2.jarpkg:maven/com.github.docker-java/docker-java-transport-zerodep@3.4.2 022
doxia-sink-api-1.0.jarpkg:maven/org.apache.maven.doxia/doxia-sink-api@1.0 026
dsfr.module.js 00
dsfr.module.min.js 00
dsfr.nomodule.js 00
dsfr.nomodule.min.js 00
duct-tape-1.0.8.jarpkg:maven/org.rnorth.duct-tape/duct-tape@1.0.8 027
file-management-3.1.0.jarpkg:maven/org.apache.maven.shared/file-management@3.1.0 026
freemarker-2.3.34.jarpkg:maven/org.freemarker/freemarker@2.3.34 040
generated-bytecode.jar 05
generated-bytecode.jar 05
gizmo-1.9.0.jarpkg:maven/io.quarkus.gizmo/gizmo@1.9.0 031
gizmo2-2.0.0.Beta10.jarpkg:maven/io.quarkus.gizmo/gizmo2@2.0.0.Beta10 032
google-auth-library-credentials-1.10.0.jarpkg:maven/com.google.auth/google-auth-library-credentials@1.10.0 022
google-auth-library-oauth2-http-1.10.0.jarpkg:maven/com.google.auth/google-auth-library-oauth2-http@1.10.0 024
google-http-client-1.47.1.jarpkg:maven/com.google.http-client/google-http-client@1.47.1 035
google-http-client-apache-v2-1.47.1.jarpkg:maven/com.google.http-client/google-http-client-apache-v2@1.47.1 032
google-http-client-gson-1.47.1.jarpkg:maven/com.google.http-client/google-http-client-gson@1.47.1 024
groovy-4.0.22.jarcpe:2.3:a:apache:groovy:4.0.22:*:*:*:*:*:*:*pkg:maven/org.apache.groovy/groovy@4.0.22 0Highest288
groovy-json-4.0.22.jarcpe:2.3:a:google:gmail:4.0.22:*:*:*:*:*:*:*pkg:maven/org.apache.groovy/groovy-json@4.0.22 0Low290
grpc-api-1.76.0.jarcpe:2.3:a:grpc:grpc:1.76.0:*:*:*:*:*:*:*pkg:maven/io.grpc/grpc-api@1.76.0 0Highest30
gson-2.13.2.jarcpe:2.3:a:google:gson:2.13.2:*:*:*:*:*:*:*pkg:maven/com.google.code.gson/gson@2.13.2 0Highest30
guice-5.1.0-classes.jar 033
h2-2.4.240.jarcpe:2.3:a:h2database:h2:2.4.240:*:*:*:*:*:*:*pkg:maven/com.h2database/h2@2.4.240 0Highest43
h2-2.4.240.jar: data.zip: table.js 00
h2-2.4.240.jar: data.zip: tree.js 00
hamcrest-2.2.jarpkg:maven/org.hamcrest/hamcrest@2.2 039
header.module.js 00
header.module.min.js 00
header.nomodule.js 00
header.nomodule.min.js 00
hibernate-tools-language-7.1.11.Final.jarpkg:maven/org.hibernate.tool/hibernate-tools-language@7.1.11.Final 051
httpclient-4.5.14.jarcpe:2.3:a:apache:httpclient:4.5.14:*:*:*:*:*:*:*pkg:maven/org.apache.httpcomponents/httpclient@4.5.14 0Highest31
httpcore-4.4.16.jarpkg:maven/org.apache.httpcomponents/httpcore@4.4.16 031
httpmime-4.5.14.jarpkg:maven/org.apache.httpcomponents/httpmime@4.5.14 029
io.agroal.agroal-api-2.8.jar 033
io.agroal.agroal-narayana-2.8.jarcpe:2.3:a:redhat:integration:2.8:*:*:*:*:*:*:* 0High33
io.agroal.agroal-pool-2.8.jarcpe:2.3:a:linux-loader_project:linux-loader:2.8:*:*:*:*:*:*:* 0Medium35
io.netty.netty-transport-4.1.130.Final.jarcpe:2.3:a:netty:netty:4.1.130:*:*:*:*:*:*:* 0Highest29
io.netty.netty-transport-native-unix-common-4.1.130.Final.jarcpe:2.3:a:netty:netty:4.1.130:*:*:*:*:*:*:* 0Highest32
io.opentelemetry.instrumentation.opentelemetry-instrumentation-api-2.21.0.jarcpe:2.3:a:opentelemetry:opentelemetry:2.21.0:*:*:*:*:*:*:* 0Highest24
io.opentelemetry.instrumentation.opentelemetry-instrumentation-api-incubator-2.21.0-alpha.jarcpe:2.3:a:opentelemetry:opentelemetry:2.21.0:alpha:*:*:*:*:*:* 0Highest24
io.opentelemetry.opentelemetry-api-1.55.0.jarcpe:2.3:a:opentelemetry:opentelemetry:1.55.0:*:*:*:*:*:*:* 0Highest18
io.opentelemetry.opentelemetry-api-incubator-1.55.0-alpha.jarcpe:2.3:a:opentelemetry:opentelemetry:1.55.0:alpha:*:*:*:*:*:* 0Highest21
io.opentelemetry.opentelemetry-common-1.55.0.jarcpe:2.3:a:opentelemetry:opentelemetry:1.55.0:*:*:*:*:*:*:* 0Highest18
io.opentelemetry.semconv.opentelemetry-semconv-1.37.0.jarcpe:2.3:a:opentelemetry:opentelemetry:1.37.0:*:*:*:*:*:*:* 0Highest18
io.opentelemetry.semconv.opentelemetry-semconv-incubating-1.37.0-alpha.jarcpe:2.3:a:opentelemetry:opentelemetry:1.37.0:alpha:*:*:*:*:*:* 0Highest21
io.quarkus.arc.arc-3.30.6.jarcpe:2.3:a:arc_project:arc:3.30.6:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:3.30.6:*:*:*:*:*:*:*		 0High21
io.quarkus.quarkus-arc-3.30.6.jarcpe:2.3:a:arc_project:arc:3.30.6:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:3.30.6:*:*:*:*:*:*:*		 0High23
io.quarkus.quarkus-bootstrap-runner-3.30.6.jarcpe:2.3:a:quarkus:quarkus:3.30.6:*:*:*:*:*:*:* 0High23
io.quarkus.quarkus-classloader-commons-3.30.6.jarcpe:2.3:a:quarkus:quarkus:3.30.6:*:*:*:*:*:*:* 0High21
io.quarkus.quarkus-container-image-jib-3.30.6.jarcpe:2.3:a:jib_project:jib:3.30.6:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:3.30.6:*:*:*:*:*:*:*		 0High14
io.quarkus.quarkus-core-3.30.6.jarcpe:2.3:a:quarkus:quarkus:3.30.6:*:*:*:*:*:*:* 0High21
io.quarkus.quarkus-fs-util-1.2.0.jarcpe:2.3:a:quarkus:quarkus:1.2.0:*:*:*:*:*:*:*CRITICAL43High23
io.quarkus.quarkus-hibernate-orm-3.30.6.jarcpe:2.3:a:hibernate:hibernate_orm:3.30.6:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:3.30.6:*:*:*:*:*:*:*		HIGH2High23
io.quarkus.quarkus-hibernate-orm-panache-3.30.6.jarcpe:2.3:a:hibernate:hibernate_orm:3.30.6:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:3.30.6:*:*:*:*:*:*:*		HIGH2High23
io.quarkus.quarkus-hibernate-validator-3.30.6.jarcpe:2.3:a:hibernate:hibernate-validator:3.30.6:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:3.30.6:*:*:*:*:*:*:*
cpe:2.3:a:validator:validator:3.30.6:*:*:*:*:*:*:*		MEDIUM2High23
io.quarkus.quarkus-jaxb-3.30.6.jarcpe:2.3:a:quarkus:quarkus:3.30.6:*:*:*:*:*:*:* 0High23
io.quarkus.quarkus-jdbc-postgresql-3.30.6.jarcpe:2.3:a:postgresql:postgresql:3.30.6:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:3.30.6:*:*:*:*:*:*:*		CRITICAL35High23
io.quarkus.quarkus-liquibase-3.30.6.jarcpe:2.3:a:liquibase:liquibase:3.30.6:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:3.30.6:*:*:*:*:*:*:*		CRITICAL1High23
io.quarkus.quarkus-mutiny-3.30.6.jarcpe:2.3:a:mutiny:mutiny:3.30.6:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:3.30.6:*:*:*:*:*:*:*		CRITICAL3High23
io.quarkus.quarkus-mutiny-reactive-streams-operators-3.30.6.jarcpe:2.3:a:mutiny:mutiny:3.30.6:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:3.30.6:*:*:*:*:*:*:*		CRITICAL3High14
io.quarkus.quarkus-netty-3.30.6.jarcpe:2.3:a:netty:netty:3.30.6:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:3.30.6:*:*:*:*:*:*:*		CRITICAL*20High23
io.quarkus.quarkus-spring-boot-orm-api-3.4.jarcpe:2.3:a:quarkus:quarkus:3.4:*:*:*:*:*:*:*CRITICAL2Low7
io.quarkus.quarkus-spring-core-api-6.2.SP1.jarcpe:2.3:a:quarkus:quarkus:6.2.sp1:*:*:*:*:*:*:* 0Low10
io.quarkus.quarkus-spring-data-jpa-api-3.5.jarcpe:2.3:a:quarkus:quarkus:3.5:*:*:*:*:*:*:*CRITICAL2Low13
io.quarkus.quarkus-swagger-ui-3.30.6.jarcpe:2.3:a:http-swagger_project:http-swagger:3.30.6:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:3.30.6:*:*:*:*:*:*:*		 0High22
io.quarkus.security.quarkus-security-2.2.1.jarcpe:2.3:a:quarkus:quarkus:2.2.1:*:*:*:*:*:*:*CRITICAL24Highest26
io.quarkus.vertx.utils.quarkus-vertx-utils-3.30.6.jarcpe:2.3:a:quarkus:quarkus:3.30.6:*:*:*:*:*:*:*
cpe:2.3:a:utils_project:utils:3.30.6:*:*:*:*:*:*:*		MEDIUM1High22
io.smallrye.certs.smallrye-private-key-pem-parser-0.9.2.jar 018
io.smallrye.common.smallrye-common-annotation-2.14.0.jar 019
io.smallrye.common.smallrye-common-classloader-2.14.0.jar 020
io.smallrye.common.smallrye-common-constraint-2.14.0.jar 019
io.smallrye.common.smallrye-common-cpu-2.14.0.jar 020
io.smallrye.common.smallrye-common-expression-2.14.0.jar 019
io.smallrye.common.smallrye-common-function-2.14.0.jar 019
io.smallrye.common.smallrye-common-io-2.14.0.jar 019
io.smallrye.common.smallrye-common-net-2.14.0.jar 020
io.smallrye.common.smallrye-common-os-2.14.0.jar 020
io.smallrye.common.smallrye-common-ref-2.14.0.jar 019
io.smallrye.common.smallrye-common-vertx-context-2.14.0.jar 019
io.smallrye.config.smallrye-config-3.14.1.jar 019
io.smallrye.config.smallrye-config-common-3.14.1.jar 020
io.smallrye.config.smallrye-config-core-3.14.1.jar 018
io.smallrye.config.smallrye-config-validator-3.14.1.jarcpe:2.3:a:validator:validator:3.14.1:*:*:*:*:*:*:*MEDIUM1High20
io.smallrye.jandex-3.5.2.jar 018
io.smallrye.reactive.mutiny-3.1.0.jarcpe:2.3:a:mutiny:mutiny:3.1.0:*:*:*:*:*:*:*CRITICAL3High22
io.smallrye.reactive.mutiny-reactive-streams-operators-3.1.0.jarcpe:2.3:a:mutiny:mutiny:3.1.0:*:*:*:*:*:*:*CRITICAL3High23
io.smallrye.reactive.mutiny-smallrye-context-propagation-3.1.0.jarcpe:2.3:a:mutiny:mutiny:3.1.0:*:*:*:*:*:*:*CRITICAL3Highest28
io.smallrye.reactive.mutiny-zero-1.1.1.jarcpe:2.3:a:mutiny:mutiny:1.1.1:*:*:*:*:*:*:*CRITICAL3High19
io.smallrye.reactive.mutiny-zero-flow-adapters-1.1.1.jarcpe:2.3:a:mutiny:mutiny:1.1.1:*:*:*:*:*:*:*CRITICAL3High22
io.smallrye.reactive.smallrye-mutiny-vertx-core-3.21.3.jarcpe:2.3:a:mutiny:mutiny:3.21.3:*:*:*:*:*:*:*CRITICAL3Highest30
io.smallrye.reactive.smallrye-mutiny-vertx-web-3.21.3.jarcpe:2.3:a:mutiny:mutiny:3.21.3:*:*:*:*:*:*:*CRITICAL3Highest26
io.smallrye.reactive.smallrye-reactive-converter-api-3.0.3.jar 027
io.smallrye.reactive.smallrye-reactive-converter-mutiny-3.0.3.jarcpe:2.3:a:mutiny:mutiny:3.0.3:*:*:*:*:*:*:*CRITICAL3High27
io.smallrye.reactive.smallrye-reactive-messaging-api-4.31.0.jar 023
io.smallrye.reactive.smallrye-reactive-messaging-health-4.31.0.jar 023
io.smallrye.reactive.smallrye-reactive-messaging-otel-4.31.0.jar 023
io.smallrye.reactive.smallrye-reactive-messaging-provider-4.31.0.jar 023
io.smallrye.reactive.smallrye-reactive-messaging-rabbitmq-4.31.0.jar 023
io.smallrye.reactive.vertx-mutiny-generator-3.21.3.jarcpe:2.3:a:mutiny:mutiny:3.21.3:*:*:*:*:*:*:*CRITICAL3High23
io.smallrye.smallrye-context-propagation-2.3.0.jar 018
io.smallrye.smallrye-context-propagation-api-2.3.0.jar 019
io.smallrye.smallrye-context-propagation-jta-2.3.0.jar 019
io.smallrye.smallrye-context-propagation-storage-2.3.0.jar 019
io.smallrye.smallrye-fault-tolerance-vertx-6.9.3.jar 018
io.smallrye.smallrye-jwt-4.6.2.jar 019
io.smallrye.smallrye-jwt-build-4.6.2.jar 020
io.smallrye.smallrye-jwt-common-4.6.2.jar 019
io.smallrye.smallrye-open-api-core-4.2.3.jar 018
io.smallrye.smallrye-open-api-model-4.2.3.jar 020
io.vertx.vertx-codegen-4.5.23.jar 017
io.vertx.vertx-core-4.5.23.jarcpe:2.3:a:eclipse:vert.x:4.5.23:*:*:*:*:*:*:* 0High27
io.vertx.vertx-uri-template-4.5.23.jarcpe:2.3:a:eclipse:vert.x:4.5.23:*:*:*:*:*:*:* 0High26
io.vertx.vertx-web-4.5.23.jarcpe:2.3:a:eclipse:vert.x:4.5.23:*:*:*:*:*:*:*
cpe:2.3:a:eclipse:vert.x-web:4.5.23:*:*:*:*:*:*:*		 0High26
io.vertx.vertx-web-client-4.5.23.jarcpe:2.3:a:eclipse:vert.x:4.5.23:*:*:*:*:*:*:*
cpe:2.3:a:eclipse:vert.x-web:4.5.23:*:*:*:*:*:*:*		 0High26
itu-1.14.0.jarcpe:2.3:a:time_project:time:1.14.0:*:*:*:*:*:*:*pkg:maven/com.ethlo.time/itu@1.14.0 0Highest28
jackson-dataformat-xml-2.20.1.jarcpe:2.3:a:fasterxml:jackson-dataformat-xml:2.20.1:*:*:*:*:*:*:*pkg:maven/com.fasterxml.jackson.dataformat/jackson-dataformat-xml@2.20.1 0Highest40
jackson-module-parameter-names-2.20.1.jarcpe:2.3:a:fasterxml:jackson-modules-java8:2.20.1:*:*:*:*:*:*:*pkg:maven/com.fasterxml.jackson.module/jackson-module-parameter-names@2.20.1 0Low34
jacoco-maven-plugin-0.8.13.jarpkg:maven/org.jacoco/jacoco-maven-plugin@0.8.13 020
jakarta.activation.jakarta.activation-api-2.1.4.jar 026
jakarta.annotation.jakarta.annotation-api-3.0.0.jar 023
jakarta.el.jakarta.el-api-6.0.1.jarcpe:2.3:a:eclipse:jakarta_expression_language:6.0.1:*:*:*:*:*:*:* 0High23
jakarta.enterprise.jakarta.enterprise.cdi-api-4.1.0.jar 024
jakarta.enterprise.jakarta.enterprise.lang-model-4.1.0.jar 027
jakarta.inject.jakarta.inject-api-2.0.1.jar 021
jakarta.interceptor.jakarta.interceptor-api-2.2.0.jar 024
jakarta.json.jakarta.json-api-2.1.3.jar 023
jakarta.persistence.jakarta.persistence-api-3.2.0.jar 021
jakarta.resource.jakarta.resource-api-2.1.0.jar 023
jakarta.transaction.jakarta.transaction-api-2.0.1.jar 025
jakarta.validation.jakarta.validation-api-3.1.1.jar 020
jakarta.ws.rs.jakarta.ws.rs-api-3.1.0.jar 023
jakarta.xml.bind.jakarta.xml.bind-api-4.0.4.jar 025
jandex-3.3.1.jarpkg:maven/io.smallrye/jandex@3.3.1 022
jandex-gizmo2-3.5.2.jarpkg:maven/io.smallrye/jandex-gizmo2@3.5.2 023
jandex-maven-plugin-3.3.1.jarpkg:maven/io.smallrye/jandex-maven-plugin@3.3.1 023
jansi-2.4.0.jarpkg:maven/org.fusesource.jansi/jansi@2.4.0 047
java-properties-0.0.7.jarpkg:maven/org.codejive/java-properties@0.0.7 027
javax.annotation-api-1.3.2.jarpkg:maven/javax.annotation/javax.annotation-api@1.3.2 047
javax.inject-1.jarpkg:maven/javax.inject/javax.inject@1 019
jdbc-1.21.3.jarpkg:maven/org.testcontainers/jdbc@1.21.3 025
jdk-classfile-backport-25.1.jarpkg:maven/io.github.dmlloyd/jdk-classfile-backport@25.1 030
jdom2-2.0.6.1.jarcpe:2.3:a:jdom:jdom:2.0.6.1:*:*:*:*:*:*:*pkg:maven/org.jdom/jdom2@2.0.6.1 0Highest59
jib-build-plan-0.4.0.jarpkg:maven/com.google.cloud.tools/jib-build-plan@0.4.0 061
jib-core-0.27.3.jarcpe:2.3:a:jib_project:jib:0.27.3:*:*:*:*:*:*:*pkg:maven/com.google.cloud.tools/jib-core@0.27.3 0Highest61
jna-5.8.0.jarcpe:2.3:a:oracle:java_se:5.8.0:*:*:*:*:*:*:*pkg:maven/net.java.dev.jna/jna@5.8.0 0Low47
jna-5.8.0.jar: jnidispatch.dll 02
jna-5.8.0.jar: jnidispatch.dll 02
jna-5.8.0.jar: jnidispatch.dll 02
json-path-5.5.6.jarpkg:maven/io.rest-assured/json-path@5.5.6 026
json-schema-validator-1.5.9.jarcpe:2.3:a:json-schema_project:json-schema:1.5.9:*:*:*:*:*:*:*pkg:maven/com.networknt/json-schema-validator@1.5.9 0Highest30
jsoup-1.17.2.jarcpe:2.3:a:jsoup:jsoup:1.17.2:*:*:*:*:*:*:*pkg:maven/org.jsoup/jsoup@1.17.2 0Highest44
junit-jupiter-5.13.4.jarpkg:maven/org.junit.jupiter/junit-jupiter@5.13.4 069
junit-jupiter-api-5.13.4.jarpkg:maven/org.junit.jupiter/junit-jupiter-api@5.13.4 075
junit-jupiter-engine-5.13.4.jarpkg:maven/org.junit.jupiter/junit-jupiter-engine@5.13.4 077
junit-jupiter-params-5.13.4.jarpkg:maven/org.junit.jupiter/junit-jupiter-params@5.13.4 075
junit-platform-engine-1.13.4.jarcpe:2.3:a:fan_platform_project:fan_platform:1.13.4:*:*:*:*:*:*:*pkg:maven/org.junit.platform/junit-platform-engine@1.13.4 0Low75
junit-platform-engine-1.9.3.jarcpe:2.3:a:fan_platform_project:fan_platform:1.9.3:*:*:*:*:*:*:*pkg:maven/org.junit.platform/junit-platform-engine@1.9.3 0Low75
keycloak-client-common-synced-26.0.7.jarcpe:2.3:a:keycloak:keycloak:26.0.7:*:*:*:*:*:*:*
cpe:2.3:a:redhat:keycloak:26.0.7:*:*:*:*:*:*:*		pkg:maven/org.keycloak/keycloak-client-common-synced@26.0.7 0Highest32
legacy.nomodule.js 00
legacy.nomodule.min.js 00
lombok-1.18.42.jarpkg:maven/org.projectlombok/lombok@1.18.42 035
lombok-1.18.42.jar: mavenEcjBootstrapAgent.jar 07
mapstruct-processor-1.6.3.jarpkg:maven/org.mapstruct/mapstruct-processor@1.6.3 039
maven-antrun-plugin-3.1.0.jarcpe:2.3:a:apache:ant:3.1.0:*:*:*:*:*:*:*pkg:maven/org.apache.maven.plugins/maven-antrun-plugin@3.1.0 0Highest30
maven-api-meta-4.0.0-alpha-7.jarpkg:maven/org.apache.maven/maven-api-meta@4.0.0-alpha-7 026
maven-api-xml-4.0.0-alpha-7.jarpkg:maven/org.apache.maven/maven-api-xml@4.0.0-alpha-7 026
maven-archiver-3.6.0.jarpkg:maven/org.apache.maven/maven-archiver@3.6.0 028
maven-artifact-3.9.12.jarpkg:maven/org.apache.maven/maven-artifact@3.9.12 025
maven-assembly-plugin-3.6.0.jarpkg:maven/org.apache.maven.plugins/maven-assembly-plugin@3.6.0 028
maven-builder-support-3.9.12.jarpkg:maven/org.apache.maven/maven-builder-support@3.9.12 023
maven-clean-plugin-3.2.0.jarpkg:maven/org.apache.maven.plugins/maven-clean-plugin@3.2.0 028
maven-common-artifact-filters-3.1.1.jarpkg:maven/org.apache.maven.shared/maven-common-artifact-filters@3.1.1 028
maven-compiler-plugin-3.14.0.jarpkg:maven/org.apache.maven.plugins/maven-compiler-plugin@3.14.0 030
maven-core-3.9.12.jarcpe:2.3:a:apache:maven:3.9.12:*:*:*:*:*:*:*pkg:maven/org.apache.maven/maven-core@3.9.12 0Highest23
maven-dependency-plugin-3.6.1.jarpkg:maven/org.apache.maven.plugins/maven-dependency-plugin@3.6.1 028
maven-deploy-plugin-3.1.1.jarpkg:maven/org.apache.maven.plugins/maven-deploy-plugin@3.1.1 028
maven-embedder-3.9.12.jarpkg:maven/org.apache.maven/maven-embedder@3.9.12 027
maven-filtering-3.3.1.jarpkg:maven/org.apache.maven.shared/maven-filtering@3.3.1 028
maven-help-plugin-3.5.1.jarpkg:maven/org.apache.maven.plugins/maven-help-plugin@3.5.1 028
maven-install-plugin-3.1.1.jarpkg:maven/org.apache.maven.plugins/maven-install-plugin@3.1.1 028
maven-jar-plugin-3.3.0.jarpkg:maven/org.apache.maven.plugins/maven-jar-plugin@3.3.0 028
maven-model-3.9.12.jarpkg:maven/org.apache.maven/maven-model@3.9.12 025
maven-model-builder-3.9.12.jarpkg:maven/org.apache.maven/maven-model-builder@3.9.12 031
maven-model-helper-37.jarcpe:2.3:a:redhat:fabric8-maven:37:*:*:*:*:*:*:*pkg:maven/io.fabric8/maven-model-helper@37 0Highest29
maven-plugin-api-3.9.12.jarpkg:maven/org.apache.maven/maven-plugin-api@3.9.12 025
maven-plugin-tools-generators-3.13.1.jarpkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-generators@3.13.1 027
maven-release-plugin-3.0.1.jarpkg:maven/org.apache.maven.plugins/maven-release-plugin@3.0.1 029
maven-reporting-api-3.0.jarpkg:maven/org.apache.maven.reporting/maven-reporting-api@3.0 033
maven-reporting-api-4.0.0.jarpkg:maven/org.apache.maven.reporting/maven-reporting-api@4.0.0 028
maven-repository-metadata-3.9.12.jarpkg:maven/org.apache.maven/maven-repository-metadata@3.9.12 025
maven-resolver-api-1.9.25.jarpkg:maven/org.apache.maven.resolver/maven-resolver-api@1.9.25 033
maven-resolver-connector-basic-1.9.25.jarpkg:maven/org.apache.maven.resolver/maven-resolver-connector-basic@1.9.25 033
maven-resolver-impl-1.9.25.jarpkg:maven/org.apache.maven.resolver/maven-resolver-impl@1.9.25 031
maven-resolver-named-locks-1.9.25.jarpkg:maven/org.apache.maven.resolver/maven-resolver-named-locks@1.9.25 032
maven-resolver-provider-3.9.12.jarpkg:maven/org.apache.maven/maven-resolver-provider@3.9.12 025
maven-resolver-spi-1.9.25.jarpkg:maven/org.apache.maven.resolver/maven-resolver-spi@1.9.25 031
maven-resolver-transport-http-1.9.23.jarpkg:maven/org.apache.maven.resolver/maven-resolver-transport-http@1.9.23 033
maven-resolver-transport-wagon-1.9.25.jarcpe:2.3:a:apache:maven_wagon:1.9.25:*:*:*:*:*:*:*pkg:maven/org.apache.maven.resolver/maven-resolver-transport-wagon@1.9.25 0Highest33
maven-resolver-util-1.9.25.jarpkg:maven/org.apache.maven.resolver/maven-resolver-util@1.9.25 035
maven-resources-plugin-3.3.1.jarpkg:maven/org.apache.maven.plugins/maven-resources-plugin@3.3.1 028
maven-settings-3.9.12.jarpkg:maven/org.apache.maven/maven-settings@3.9.12 025
maven-settings-builder-3.9.12.jarpkg:maven/org.apache.maven/maven-settings-builder@3.9.12 025
maven-shared-incremental-1.1.jarpkg:maven/org.apache.maven.shared/maven-shared-incremental@1.1 027
maven-shared-utils-3.3.4.jarcpe:2.3:a:apache:maven_shared_utils:3.3.4:*:*:*:*:*:*:*
cpe:2.3:a:utils_project:utils:3.3.4:*:*:*:*:*:*:*		pkg:maven/org.apache.maven.shared/maven-shared-utils@3.3.4 0Highest28
maven-shared-utils-3.4.2.jarcpe:2.3:a:apache:maven_shared_utils:3.4.2:*:*:*:*:*:*:*
cpe:2.3:a:utils_project:utils:3.4.2:*:*:*:*:*:*:*		pkg:maven/org.apache.maven.shared/maven-shared-utils@3.4.2 0Highest28
maven-site-plugin-3.12.1.jarpkg:maven/org.apache.maven.plugins/maven-site-plugin@3.12.1 028
maven-surefire-common-3.2.2.jarpkg:maven/org.apache.maven.surefire/maven-surefire-common@3.2.2 025
maven-surefire-common-3.2.3.jarpkg:maven/org.apache.maven.surefire/maven-surefire-common@3.2.3 025
maven-surefire-plugin-3.2.2.jarpkg:maven/org.apache.maven.plugins/maven-surefire-plugin@3.2.2 031
maven-surefire-plugin-3.2.3.jarpkg:maven/org.apache.maven.plugins/maven-surefire-plugin@3.2.3 031
maven-wrapper.jarpkg:maven/org.apache.maven.wrapper/maven-wrapper@3.2.0 024
maven-xml-impl-4.0.0-alpha-7.jarpkg:maven/org.apache.maven/maven-xml-impl@4.0.0-alpha-7 024
mockito-core-5.20.0.jarpkg:maven/org.mockito/mockito-core@5.20.0 040
mockito-junit-jupiter-5.20.0.jarpkg:maven/org.mockito/mockito-junit-jupiter@5.20.0 038
modal.module.js 00
modal.module.min.js 00
modal.nomodule.js 00
modal.nomodule.min.js 00
mojo-executor-2.4.0.jarpkg:maven/org.twdata.maven/mojo-executor@2.4.0 021
mxparser-1.2.2.jarpkg:maven/io.github.x-stream/mxparser@1.2.2 057
nativeimage-23.1.2.jarcpe:2.3:a:sun:sdk:23.1.2:*:*:*:*:*:*:*pkg:maven/org.graalvm.sdk/nativeimage@23.1.2 0Highest30
navigation.module.js 00
navigation.module.min.js 00
navigation.nomodule.js 00
navigation.nomodule.min.js 00
net.bytebuddy.byte-buddy-1.17.6.jar 023
objenesis-3.3.jarpkg:maven/org.objenesis/objenesis@3.3 026
opencensus-api-0.31.1.jarpkg:maven/io.opencensus/opencensus-api@0.31.1 032
opencensus-contrib-http-util-0.31.1.jarpkg:maven/io.opencensus/opencensus-contrib-http-util@0.31.1 036
opentelemetry-sdk-1.55.0.jarcpe:2.3:a:opentelemetry:opentelemetry:1.55.0:*:*:*:*:*:*:*pkg:maven/io.opentelemetry/opentelemetry-sdk@1.55.0 0Highest26
opentest4j-1.2.0.jarpkg:maven/org.opentest4j/opentest4j@1.2.0 059
opentest4j-1.3.0.jarpkg:maven/org.opentest4j/opentest4j@1.3.0 059
org.antlr.antlr4-runtime-4.13.2.jar 024
org.apache.camel.camel-api-4.16.0.jar (shaded: org.apache.camel:camel-api:4.16.0)cpe:2.3:a:apache:camel:4.16.0:*:*:*:*:*:*:*pkg:maven/org.apache.camel/camel-api@4.16.0MEDIUM1Highest9
org.apache.camel.camel-base-4.16.0.jar (shaded: org.apache.camel:camel-base:4.16.0)cpe:2.3:a:apache:camel:4.16.0:*:*:*:*:*:*:*pkg:maven/org.apache.camel/camel-base@4.16.0MEDIUM1Highest9
org.apache.camel.camel-base-engine-4.16.0.jar (shaded: org.apache.camel:camel-base-engine:4.16.0)cpe:2.3:a:apache:camel:4.16.0:*:*:*:*:*:*:*pkg:maven/org.apache.camel/camel-base-engine@4.16.0MEDIUM1Highest9
org.apache.camel.camel-componentdsl-4.16.0.jar (shaded: org.apache.camel:camel-componentdsl:4.16.0)cpe:2.3:a:apache:camel:4.16.0:*:*:*:*:*:*:*pkg:maven/org.apache.camel/camel-componentdsl@4.16.0MEDIUM1Highest9
org.apache.camel.camel-core-catalog-4.16.0.jar (shaded: org.apache.camel:camel-core-catalog:4.16.0)cpe:2.3:a:apache:camel:4.16.0:*:*:*:*:*:*:*pkg:maven/org.apache.camel/camel-core-catalog@4.16.0MEDIUM1Highest9
org.apache.camel.camel-core-engine-4.16.0.jarcpe:2.3:a:apache:camel:4.16.0:*:*:*:*:*:*:*MEDIUM1Highest15
org.apache.camel.camel-core-languages-4.16.0.jar (shaded: org.apache.camel:camel-core-languages:4.16.0)cpe:2.3:a:apache:camel:4.16.0:*:*:*:*:*:*:*pkg:maven/org.apache.camel/camel-core-languages@4.16.0MEDIUM1Highest9
org.apache.camel.camel-core-model-4.16.0.jar (shaded: org.apache.camel:camel-core-model:4.16.0)cpe:2.3:a:apache:camel:4.16.0:*:*:*:*:*:*:*pkg:maven/org.apache.camel/camel-core-model@4.16.0MEDIUM1Highest9
org.apache.camel.camel-core-model-4.16.0.jarcpe:2.3:a:apache:camel:4.16.0:*:*:*:*:*:*:*MEDIUM1Highest16
org.apache.camel.camel-core-processor-4.16.0.jar (shaded: org.apache.camel:camel-core-processor:4.16.0)cpe:2.3:a:apache:camel:4.16.0:*:*:*:*:*:*:*pkg:maven/org.apache.camel/camel-core-processor@4.16.0MEDIUM1Highest9
org.apache.camel.camel-core-reifier-4.16.0.jar (shaded: org.apache.camel:camel-core-reifier:4.16.0)cpe:2.3:a:apache:camel:4.16.0:*:*:*:*:*:*:*pkg:maven/org.apache.camel/camel-core-reifier@4.16.0MEDIUM1Highest9
org.apache.camel.camel-endpointdsl-4.16.0.jar (shaded: org.apache.camel:camel-endpointdsl:4.16.0)cpe:2.3:a:apache:camel:4.16.0:*:*:*:*:*:*:*pkg:maven/org.apache.camel/camel-endpointdsl@4.16.0MEDIUM1Highest9
org.apache.camel.camel-main-4.16.0.jar (shaded: org.apache.camel:camel-main:4.16.0)cpe:2.3:a:apache:camel:4.16.0:*:*:*:*:*:*:*pkg:maven/org.apache.camel/camel-main@4.16.0MEDIUM1Highest9
org.apache.camel.camel-management-api-4.16.0.jar (shaded: org.apache.camel:camel-management-api:4.16.0)cpe:2.3:a:apache:camel:4.16.0:*:*:*:*:*:*:*pkg:maven/org.apache.camel/camel-management-api@4.16.0MEDIUM1Highest9
org.apache.camel.camel-mapstruct-4.16.0.jar (shaded: org.apache.camel:camel-mapstruct:4.16.0)cpe:2.3:a:apache:camel:4.16.0:*:*:*:*:*:*:*pkg:maven/org.apache.camel/camel-mapstruct@4.16.0MEDIUM1Highest9
org.apache.camel.camel-microprofile-config-4.16.0.jar (shaded: org.apache.camel:camel-microprofile-config:4.16.0)cpe:2.3:a:apache:camel:4.16.0:*:*:*:*:*:*:*pkg:maven/org.apache.camel/camel-microprofile-config@4.16.0MEDIUM1Highest9
org.apache.camel.camel-support-4.16.0.jar (shaded: org.apache.camel:camel-support:4.16.0)cpe:2.3:a:apache:camel:4.16.0:*:*:*:*:*:*:*pkg:maven/org.apache.camel/camel-support@4.16.0MEDIUM1Highest9
org.apache.camel.camel-tooling-model-4.16.0.jar (shaded: org.apache.camel:camel-tooling-model:4.16.0)cpe:2.3:a:apache:camel:4.16.0:*:*:*:*:*:*:*pkg:maven/org.apache.camel/camel-tooling-model@4.16.0MEDIUM1Highest9
org.apache.camel.camel-util-4.17.0.jarcpe:2.3:a:apache:camel:4.17.0:*:*:*:*:*:*:* 0Highest19
org.apache.camel.camel-util-json-4.16.0.jar (shaded: org.apache.camel:camel-util-json:4.16.0)cpe:2.3:a:apache:camel:4.16.0:*:*:*:*:*:*:*pkg:maven/org.apache.camel/camel-util-json@4.16.0MEDIUM1Highest9
org.apache.camel.camel-xml-jaxp-util-4.16.0.jar (shaded: org.apache.camel:camel-xml-jaxp-util:4.16.0)cpe:2.3:a:apache:camel:4.16.0:*:*:*:*:*:*:*pkg:maven/org.apache.camel/camel-xml-jaxp-util@4.16.0MEDIUM1Highest9
org.apache.camel.quarkus.camel-quarkus-core-3.30.0.jarcpe:2.3:a:apache:camel:3.30.0:*:*:*:*:*:*:* 0Highest20
org.apache.camel.quarkus.camel-quarkus-mapstruct-3.30.0.jar (shaded: org.apache.camel.quarkus:camel-quarkus-mapstruct:3.30.0)cpe:2.3:a:apache:camel:3.30.0:*:*:*:*:*:*:*pkg:maven/org.apache.camel.quarkus/camel-quarkus-mapstruct@3.30.0 0Highest9
org.apache.camel.quarkus.camel-quarkus-mapstruct-3.30.0.jarcpe:2.3:a:apache:camel:3.30.0:*:*:*:*:*:*:* 0Highest19
org.apache.commons.commons-collections4-4.5.0.jarcpe:2.3:a:apache:commons_collections:4.5.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:commons_net:4.5.0:*:*:*:*:*:*:*		 0Highest30
org.apache.commons.commons-exec-1.5.0.jarcpe:2.3:a:apache:commons_net:1.5.0:*:*:*:*:*:*:*MEDIUM1Highest29
org.apache.commons.commons-lang3-3.17.0.jarcpe:2.3:a:apache:commons_lang:3.17.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:commons_net:3.17.0:*:*:*:*:*:*:*		MEDIUM1Highest30
org.apache.commons.commons-text-1.14.0.jarcpe:2.3:a:apache:commons_net:1.14.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:commons_text:1.14.0:*:*:*:*:*:*:*		MEDIUM1Highest30
org.bitbucket.b_c.jose4j-0.9.6.jarcpe:2.3:a:jose4j_project:jose4j:0.9.6:*:*:*:*:*:*:* 0Low20
org.crac.crac-1.5.0.jar 016
org.eclipse.angus.angus-activation-2.0.3.jarcpe:2.3:a:eclipse:angus_mail:2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:eclipse:eclipse_ide:2.1:*:*:*:*:*:*:*		MEDIUM4High34
org.eclipse.microprofile.config.microprofile-config-api-3.1.jarcpe:2.3:a:payara:payara:3.1:*:*:*:*:*:*:*HIGH2Low29
org.eclipse.microprofile.context-propagation.microprofile-context-propagation-api-1.3.jar 025
org.eclipse.microprofile.health.microprofile-health-api-4.0.1.jar 027
org.eclipse.microprofile.jwt.microprofile-jwt-auth-api-2.1.jarcpe:2.3:a:payara:payara:2.1:*:*:*:*:*:*:*HIGH2Low31
org.eclipse.microprofile.openapi.microprofile-openapi-api-4.1.1.jar 027
org.eclipse.microprofile.reactive-streams-operators.microprofile-reactive-streams-operators-api-3.0.1.jar 030
org.eclipse.microprofile.reactive-streams-operators.microprofile-reactive-streams-operators-core-3.0.1.jar 030
org.eclipse.parsson.parsson-1.1.7.jarcpe:2.3:a:eclipse:eclipse_ide:1.1.7:*:*:*:*:*:*:*
cpe:2.3:a:eclipse:parsson:1.1.7:*:*:*:*:*:*:*		MEDIUM3Low26
org.eclipse.sisu.inject-0.9.0.M3.jarpkg:maven/org.eclipse.sisu/org.eclipse.sisu.inject@0.9.0.M3 032
org.eclipse.sisu.inject-0.9.0.M4.jarpkg:maven/org.eclipse.sisu/org.eclipse.sisu.inject@0.9.0.M4 034
org.eclipse.sisu.plexus-0.9.0.M3.jarpkg:maven/org.eclipse.sisu/org.eclipse.sisu.plexus@0.9.0.M3 027
org.eclipse.sisu.plexus-0.9.0.M4.jarpkg:maven/org.eclipse.sisu/org.eclipse.sisu.plexus@0.9.0.M4 029
org.glassfish.expressly.expressly-6.0.0.jarcpe:2.3:a:eclipse:glassfish:6.0.0:*:*:*:*:*:*:*CRITICAL4Low26
org.glassfish.jaxb.jaxb-core-4.0.6.jarcpe:2.3:a:eclipse:glassfish:4.0.6:*:*:*:*:*:*:*MEDIUM1Low35
org.glassfish.jaxb.txw2-4.0.6.jarcpe:2.3:a:eclipse:glassfish:4.0.6:*:*:*:*:*:*:*MEDIUM1Low21
org.hibernate.models.hibernate-models-1.0.1.jar 015
org.hibernate.orm.hibernate-core-7.1.11.Final.jarcpe:2.3:a:hibernate:hibernate_orm:7.1.11:*:*:*:*:*:*:* 0Highest21
org.hibernate.orm.hibernate-graalvm-7.1.11.Final.jarcpe:2.3:a:hibernate:hibernate_orm:7.1.11:*:*:*:*:*:*:* 0Highest27
org.hibernate.quarkus-local-cache-0.3.1.jarcpe:2.3:a:quarkus:quarkus:0.3.1:*:*:*:*:*:*:*CRITICAL43High19
org.hibernate.validator.hibernate-validator-9.1.0.Final.jarcpe:2.3:a:hibernate:hibernate-validator:9.1.0:*:*:*:*:*:*:*
cpe:2.3:a:validator:validator:9.1.0:*:*:*:*:*:*:*		MEDIUM1Highest25
org.jacoco.agent-0.8.13-runtime.jar (shaded: org.jacoco:org.jacoco.agent.rt:0.8.13)pkg:maven/org.jacoco/org.jacoco.agent.rt@0.8.13 09
org.jacoco.agent-0.8.13-runtime.jar 024
org.jacoco.agent-0.8.14-runtime.jar (shaded: org.jacoco:org.jacoco.agent.rt:0.8.14)pkg:maven/org.jacoco/org.jacoco.agent.rt@0.8.14 09
org.jacoco.agent-0.8.14-runtime.jar 024
org.jacoco.agent-0.8.14.jarpkg:maven/org.jacoco/org.jacoco.agent@0.8.14 027
org.jacoco.core-0.8.13.jarpkg:maven/org.jacoco/org.jacoco.core@0.8.13 027
org.jacoco.core-0.8.14.jarpkg:maven/org.jacoco/org.jacoco.core@0.8.14 027
org.jacoco.report-0.8.13.jarpkg:maven/org.jacoco/org.jacoco.report@0.8.13 027
org.jacoco.report-0.8.14.jarpkg:maven/org.jacoco/org.jacoco.report@0.8.14 027
org.jboss.invocation.jboss-invocation-2.0.0.Final.jar 023
org.jboss.jboss-transaction-spi-8.0.0.Final.jar 022
org.jboss.logging.commons-logging-jboss-logging-1.0.0.Final.jar 025
org.jboss.logging.jboss-logging-3.6.1.Final.jar 033
org.jboss.logmanager.jboss-logmanager-3.1.2.Final.jar 025
org.jboss.narayana.jta.narayana-jta-7.3.3.Final.jar (shaded: org.jboss.narayana.arjunacore:arjuna:7.3.3.Final)pkg:maven/org.jboss.narayana.arjunacore/arjuna@7.3.3.Final 09
org.jboss.narayana.jta.narayana-jta-7.3.3.Final.jar (shaded: org.jboss.narayana.arjunacore:txoj:7.3.3.Final)pkg:maven/org.jboss.narayana.arjunacore/txoj@7.3.3.Final 09
org.jboss.narayana.jta.narayana-jta-7.3.3.Final.jar (shaded: org.jboss.narayana.jta:cdi:7.3.3.Final)pkg:maven/org.jboss.narayana.jta/cdi@7.3.3.Final 09
org.jboss.narayana.jta.narayana-jta-7.3.3.Final.jar (shaded: org.jboss.narayana.jta:jdbc:7.3.3.Final)pkg:maven/org.jboss.narayana.jta/jdbc@7.3.3.Final 09
org.jboss.narayana.jta.narayana-jta-7.3.3.Final.jar (shaded: org.jboss.narayana.jta:jms:7.3.3.Final)pkg:maven/org.jboss.narayana.jta/jms@7.3.3.Final 09
org.jboss.narayana.jta.narayana-jta-7.3.3.Final.jar (shaded: org.jboss.narayana.jta:jta:7.3.3.Final)pkg:maven/org.jboss.narayana.jta/jta@7.3.3.Final 09
org.jboss.narayana.jta.narayana-jta-7.3.3.Final.jar (shaded: org.jboss.narayana:common:7.3.3.Final)pkg:maven/org.jboss.narayana/common@7.3.3.Final 09
org.jboss.narayana.jta.narayana-jta-7.3.3.Final.jar 030
org.jboss.narayana.jts.narayana-jts-integration-7.3.3.Final.jar 020
org.jboss.slf4j.slf4j-jboss-logmanager-2.0.2.Final.jar 017
org.jboss.threads.jboss-threads-3.9.2.jar 022
org.jctools.jctools-core-4.0.5.jar 016
org.jspecify.jspecify-1.0.0.jar 017
org.liquibase.liquibase-core-4.33.0.jarcpe:2.3:a:liquibase:liquibase:4.33.0:*:*:*:*:*:*:* 0Low128
org.mapstruct.mapstruct-1.6.3.jar 017
org.osgi.osgi.core-6.0.0.jar 016
org.postgresql.postgresql-42.7.8.jarcpe:2.3:a:postgresql:postgresql:42.7.8:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.7.8:*:*:*:*:*:*:*		 0Highest29
org.reactivestreams.reactive-streams-1.0.4.jar 015
org.seleniumhq.selenium.selenium-chromium-driver-4.35.0.jarcpe:2.3:a:chromium:chromium:4.35.0:*:*:*:*:*:*:*
cpe:2.3:a:chromium_project:chromium:4.35.0:*:*:*:*:*:*:*
cpe:2.3:a:selenium:selenium:4.35.0:*:*:*:*:*:*:*		HIGH4Low9
org.seleniumhq.selenium.selenium-manager-4.35.0.jar: selenium-manager.exe 02
org.seleniumhq.selenium.selenium-os-4.35.0.jarcpe:2.3:a:selenium:selenium:4.35.0:*:*:*:*:*:*:* 0Low9
org.seleniumhq.selenium.selenium-remote-driver-4.35.0.jar: bidi-mutation-listener.js 00
org.seleniumhq.selenium.selenium-remote-driver-4.35.0.jar: getAttribute.js 00
org.seleniumhq.selenium.selenium-remote-driver-4.35.0.jar: isDisplayed.js 00
org.seleniumhq.selenium.selenium-remote-driver-4.35.0.jar: mutation-listener.js 00
org.seleniumhq.selenium.selenium-support-4.35.0.jar: findElements.js 00
org.slf4j.slf4j-api-2.0.17.jar 017
org.wildfly.common.wildfly-common-2.0.1.jarcpe:2.3:a:redhat:wildfly:2.0.1:*:*:*:*:*:*:*HIGH11Highest18
org.yaml.snakeyaml-2.5.jarcpe:2.3:a:snakeyaml_project:snakeyaml:2.5:*:*:*:*:*:*:* 0Low24
packageurl-java-1.5.0.jarpkg:maven/com.github.package-url/packageurl-java@1.5.0 026
password.module.js 00
password.module.min.js 00
password.nomodule.js 00
password.nomodule.min.js 00
patch.module.js 00
patch.module.min.js 00
patch.nomodule.js 00
patch.nomodule.min.js 00
plexus-archiver-4.4.0.jarcpe:2.3:a:codehaus-plexus:plexus-archiver:4.4.0:*:*:*:*:*:*:*pkg:maven/org.codehaus.plexus/plexus-archiver@4.4.0CRITICAL1Highest21
plexus-build-api-0.0.7.jarpkg:maven/org.sonatype.plexus/plexus-build-api@0.0.7 025
plexus-cipher-2.0.jarpkg:maven/org.codehaus.plexus/plexus-cipher@2.0 019
plexus-classworlds-2.6.0.jarpkg:maven/org.codehaus.plexus/plexus-classworlds@2.6.0 025
plexus-compiler-api-2.15.0.jarpkg:maven/org.codehaus.plexus/plexus-compiler-api@2.15.0 025
plexus-compiler-javac-2.15.0.jarpkg:maven/org.codehaus.plexus/plexus-compiler-javac@2.15.0 027
plexus-compiler-manager-2.15.0.jarpkg:maven/org.codehaus.plexus/plexus-compiler-manager@2.15.0 027
plexus-component-annotations-2.1.0.jarpkg:maven/org.codehaus.plexus/plexus-component-annotations@2.1.0 026
plexus-interactivity-api-1.3.jarpkg:maven/org.codehaus.plexus/plexus-interactivity-api@1.3 020
plexus-interpolation-1.26.jarpkg:maven/org.codehaus.plexus/plexus-interpolation@1.26 024
plexus-io-3.4.0.jarpkg:maven/org.codehaus.plexus/plexus-io@3.4.0 023
plexus-java-1.2.0.jarpkg:maven/org.codehaus.plexus/plexus-java@1.2.0 026
plexus-java-1.4.0.jarpkg:maven/org.codehaus.plexus/plexus-java@1.4.0 031
plexus-sec-dispatcher-2.0.jarcpe:2.3:a:sec_project:sec:2.0:*:*:*:*:*:*:*pkg:maven/org.codehaus.plexus/plexus-sec-dispatcher@2.0 0Highest19
plexus-utils-3.0.24.jarcpe:2.3:a:codehaus-plexus:plexus-utils:3.0.24:*:*:*:*:*:*:*pkg:maven/org.codehaus.plexus/plexus-utils@3.0.24 0Highest24
plexus-utils-3.4.2.jarcpe:2.3:a:codehaus-plexus:plexus-utils:3.4.2:*:*:*:*:*:*:*pkg:maven/org.codehaus.plexus/plexus-utils@3.4.2 0Highest25
plexus-utils-3.5.1.jarcpe:2.3:a:codehaus-plexus:plexus-utils:3.5.1:*:*:*:*:*:*:*pkg:maven/org.codehaus.plexus/plexus-utils@3.5.1 0Highest26
plexus-utils-4.0.1.jarcpe:2.3:a:codehaus-plexus:plexus-utils:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:utils_project:utils:4.0.1:*:*:*:*:*:*:*		pkg:maven/org.codehaus.plexus/plexus-utils@4.0.1 0Highest30
plexus-utils-4.0.2.jarcpe:2.3:a:codehaus-plexus:plexus-utils:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:utils_project:utils:4.0.2:*:*:*:*:*:*:*		pkg:maven/org.codehaus.plexus/plexus-utils@4.0.2 0Highest218
plexus-xml-3.0.1.jarpkg:maven/org.codehaus.plexus/plexus-xml@3.0.1 028
plexus-xml-4.0.2.jarpkg:maven/org.codehaus.plexus/plexus-xml@4.0.2 023
postgresql-1.21.3.jarcpe:2.3:a:www-sql_project:www-sql:1.21.3:*:*:*:*:*:*:*pkg:maven/org.testcontainers/postgresql@1.21.3 0High23
prettify.js 00
qdox-2.0.3.jarpkg:maven/com.thoughtworks.qdox/qdox@2.0.3 048
qdox-2.2.0.jarpkg:maven/com.thoughtworks.qdox/qdox@2.2.0 046
quarkus-agroal-deployment-3.30.6.jar: qwc-agroal-datasource.js 00
quarkus-arc-deployment-3.30.6.jar: qwc-arc-bean-graph.js 00
quarkus-arc-deployment-3.30.6.jar: qwc-arc-beans.js 00
quarkus-arc-deployment-3.30.6.jar: qwc-arc-decorators.js 00
quarkus-arc-deployment-3.30.6.jar: qwc-arc-fired-events.js 00
quarkus-arc-deployment-3.30.6.jar: qwc-arc-interceptors.js 00
quarkus-arc-deployment-3.30.6.jar: qwc-arc-invocation-trees.js 00
quarkus-arc-deployment-3.30.6.jar: qwc-arc-observers.js 00
quarkus-arc-deployment-3.30.6.jar: qwc-arc-removed-components.js 00
quarkus-arc-dev-3.30.6.jarcpe:2.3:a:arc_project:arc:3.30.6:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:3.30.6:*:*:*:*:*:*:*		pkg:maven/io.quarkus/quarkus-arc-dev@3.30.6 0Highest31
quarkus-container-image-deployment-3.30.6.jar: qwc-container-image-build.js 00
quarkus-datasource-deployment-3.30.6.jar: qwc-datasources-reset.js 00
quarkus-devservices-keycloak-3.30.6.jarcpe:2.3:a:keycloak:keycloak:3.30.6:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:3.30.6:*:*:*:*:*:*:*		pkg:maven/io.quarkus/quarkus-devservices-keycloak@3.30.6 0Highest31
quarkus-devservices-postgresql-3.30.6.jarcpe:2.3:a:postgresql:postgresql:3.30.6:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:3.30.6:*:*:*:*:*:*:*		pkg:maven/io.quarkus/quarkus-devservices-postgresql@3.30.6CRITICAL35Highest31
quarkus-devtools-base-codestarts-3.30.6.jar: gradle-wrapper.jar 08
quarkus-hibernate-orm-deployment-3.30.6.jar: hibernate-orm-entity-types.js 00
quarkus-hibernate-orm-deployment-3.30.6.jar: hibernate-orm-hql-console.js 00
quarkus-hibernate-orm-deployment-3.30.6.jar: hibernate-orm-named-queries.js 00
quarkus-hibernate-orm-deployment-3.30.6.jar: hibernate-orm-persistence-units.js 00
quarkus-hibernate-validator-spi-3.30.6.jarcpe:2.3:a:hibernate:hibernate-validator:3.30.6:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:3.30.6:*:*:*:*:*:*:*
cpe:2.3:a:validator:validator:3.30.6:*:*:*:*:*:*:*		pkg:maven/io.quarkus/quarkus-hibernate-validator-spi@3.30.6MEDIUM2Highest31
quarkus-junit4-mock-3.30.6.jarcpe:2.3:a:junit:junit4:3.30.6:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:3.30.6:*:*:*:*:*:*:*		pkg:maven/io.quarkus/quarkus-junit4-mock@3.30.6 0Highest25
quarkus-liquibase-deployment-3.30.6.jar: qwc-liquibase-datasources.js 00
quarkus-maven-plugin-3.30.6.jar: jansi.dll 02
quarkus-maven-plugin-3.30.6.jar: jansi.dll 02
quarkus-messaging-deployment-3.30.6.jar: qwc-smallrye-reactive-messaging-channels.js 00
quarkus-messaging-rabbitmq-deployment-3.30.6.jar: qwc-rabbitmq-card.js 00
quarkus-oidc-deployment-3.30.6.jar: qwc-oidc-provider.js 00
quarkus-project-core-extension-codestarts-3.30.6.jar: gradle-wrapper.jar 08
quarkus-rest-deployment-3.30.6.jar: qwc-resteasy-reactive-card.js 00
quarkus-rest-deployment-3.30.6.jar: qwc-resteasy-reactive-endpoint-scores.js 00
quarkus-rest-deployment-3.30.6.jar: qwc-resteasy-reactive-endpoints.js 00
quarkus-rest-deployment-3.30.6.jar: qwc-resteasy-reactive-exception-mappers.js 00
quarkus-rest-deployment-3.30.6.jar: qwc-resteasy-reactive-parameter-converter-providers.js 00
quarkus-rest-server-spi-deployment-3.30.6.jarcpe:2.3:a:quarkus:quarkus:3.30.6:*:*:*:*:*:*:*pkg:maven/io.quarkus/quarkus-rest-server-spi-deployment@3.30.6 0Highest27
quarkus-run.jarcpe:2.3:a:quarkus:quarkus:3.0.7:*:*:*:*:*:*:*CRITICAL4High6
quarkus-run.jarcpe:2.3:a:quarkus:quarkus:3.0.7:*:*:*:*:*:*:*CRITICAL4High6
quarkus-scheduler-deployment-3.30.6.jar: qwc-scheduler-cron-builder.js 00
quarkus-scheduler-deployment-3.30.6.jar: qwc-scheduler-log.js 00
quarkus-scheduler-deployment-3.30.6.jar: qwc-scheduler-scheduled-methods.js 00
quarkus-smallrye-openapi-deployment-3.30.6.jar: qwc-openapi-generate-client.js 00
quarkus-spring-data-commons-api-3.5.jarpkg:maven/io.quarkus/quarkus-spring-data-commons-api@3.5 016
qute-core-3.30.6.jarcpe:2.3:a:quarkus:quarkus:3.30.6:*:*:*:*:*:*:*pkg:maven/io.quarkus.qute/qute-core@3.30.6 0Highest29
rabbitmq-1.21.3.jarpkg:maven/org.testcontainers/rabbitmq@1.21.3 023
range.module.js 00
range.module.min.js 00
range.nomodule.js 00
range.nomodule.min.js 00
readline-2.6.jar (shaded: org.aesh:terminal-api:2.6)pkg:maven/org.aesh/terminal-api@2.6 021
readline-2.6.jarpkg:maven/org.aesh/readline@2.6 043
rest-assured-5.5.6.jarpkg:maven/io.rest-assured/rest-assured@5.5.6 022
rest-assured-common-5.5.6.jarpkg:maven/io.rest-assured/rest-assured-common@5.5.6 024
resteasy-reactive-3.30.6.jarcpe:2.3:a:quarkus:quarkus:3.30.6:*:*:*:*:*:*:*pkg:maven/io.quarkus.resteasy.reactive/resteasy-reactive@3.30.6 0Highest29
scheme.module.js 00
scheme.module.min.js 00
segmented.module.js 00
segmented.module.min.js 00
segmented.nomodule.js 00
segmented.nomodule.min.js 00
selenium-support-4.35.0.jarcpe:2.3:a:selenium:selenium:4.35.0:*:*:*:*:*:*:*pkg:maven/org.seleniumhq.selenium/selenium-support@4.35.0 0Highest46
sidemenu.module.js 00
sidemenu.module.min.js 00
sidemenu.nomodule.js 00
sidemenu.nomodule.min.js 00
slf4j-api-1.7.36.jarpkg:maven/org.slf4j/slf4j-api@1.7.36 028
smallrye-beanbag-1.5.3.jarpkg:maven/io.smallrye.beanbag/smallrye-beanbag@1.5.3 027
smallrye-beanbag-maven-1.5.3.jarpkg:maven/io.smallrye.beanbag/smallrye-beanbag-maven@1.5.3 027
smallrye-beanbag-sisu-1.5.3.jarpkg:maven/io.smallrye.beanbag/smallrye-beanbag-sisu@1.5.3 027
smallrye-common-process-2.14.0.jarpkg:maven/io.smallrye.common/smallrye-common-process@2.14.0 027
smallrye-common-resource-2.14.0.jarpkg:maven/io.smallrye.common/smallrye-common-resource@2.14.0 027
smallrye-common-version-2.14.0.jarpkg:maven/io.smallrye.common/smallrye-common-version@2.14.0 027
smallrye-mutiny-vertx-auth-common-3.21.3.jarpkg:maven/io.smallrye.reactive/smallrye-mutiny-vertx-auth-common@3.21.3 029
smallrye-mutiny-vertx-bridge-common-3.21.3.jarpkg:maven/io.smallrye.reactive/smallrye-mutiny-vertx-bridge-common@3.21.3 029
smallrye-mutiny-vertx-rabbitmq-client-3.21.3.jarpkg:maven/io.smallrye.reactive/smallrye-mutiny-vertx-rabbitmq-client@3.21.3 031
smallrye-mutiny-vertx-runtime-3.21.3.jarpkg:maven/io.smallrye.reactive/smallrye-mutiny-vertx-runtime@3.21.3 031
smallrye-mutiny-vertx-uri-template-3.21.3.jarpkg:maven/io.smallrye.reactive/smallrye-mutiny-vertx-uri-template@3.21.3 029
smallrye-mutiny-vertx-web-client-3.21.3.jarcpe:2.3:a:xweb:xweb:3.21.3:*:*:*:*:*:*:*pkg:maven/io.smallrye.reactive/smallrye-mutiny-vertx-web-client@3.21.3 0Low29
smallrye-open-api-jaxrs-4.2.3.jarpkg:maven/io.smallrye/smallrye-open-api-jaxrs@4.2.3 027
smallrye-open-api-spring-4.2.3.jarpkg:maven/io.smallrye/smallrye-open-api-spring@4.2.3 027
smallrye-open-api-ui-4.2.3.jarpkg:maven/io.smallrye/smallrye-open-api-ui@4.2.3 027
smallrye-open-api-ui-4.2.3.jar: swagger-ui-bundle.js 00
smallrye-open-api-ui-4.2.3.jar: swagger-ui-standalone-preset.js 00
smallrye-open-api-vertx-4.2.3.jarpkg:maven/io.smallrye/smallrye-open-api-vertx@4.2.3 027
snappy-0.4.jarcpe:2.3:a:dain:snappy:0.4:*:*:*:*:*:*:*pkg:maven/org.iq80.snappy/snappy@0.4MEDIUM1Highest31
sort.js 00
stax2-api-4.2.2.jarpkg:maven/org.codehaus.woodstox/stax2-api@4.2.2 051
surefire-api-3.2.2.jarpkg:maven/org.apache.maven.surefire/surefire-api@3.2.2 027
surefire-api-3.2.3.jarpkg:maven/org.apache.maven.surefire/surefire-api@3.2.3 027
surefire-booter-3.2.2.jarpkg:maven/org.apache.maven.surefire/surefire-booter@3.2.2 027
surefire-booter-3.2.3.jarpkg:maven/org.apache.maven.surefire/surefire-booter@3.2.3 027
surefire-extensions-api-3.2.2.jarpkg:maven/org.apache.maven.surefire/surefire-extensions-api@3.2.2 027
surefire-extensions-api-3.2.3.jarpkg:maven/org.apache.maven.surefire/surefire-extensions-api@3.2.3 027
surefire-extensions-spi-3.2.2.jarpkg:maven/org.apache.maven.surefire/surefire-extensions-spi@3.2.2 027
surefire-extensions-spi-3.2.3.jarpkg:maven/org.apache.maven.surefire/surefire-extensions-spi@3.2.3 027
surefire-junit-platform-3.2.2.jarpkg:maven/org.apache.maven.surefire/surefire-junit-platform@3.2.2 025
surefire-junit-platform-3.2.3.jarpkg:maven/org.apache.maven.surefire/surefire-junit-platform@3.2.3 025
surefire-logger-api-3.2.2.jarpkg:maven/org.apache.maven.surefire/surefire-logger-api@3.2.2 031
surefire-logger-api-3.2.3.jarpkg:maven/org.apache.maven.surefire/surefire-logger-api@3.2.3 031
surefire-shared-utils-3.2.2.jar (shaded: org.apache.commons:commons-compress:1.23.0)cpe:2.3:a:apache:commons_compress:1.23.0:*:*:*:*:*:*:*pkg:maven/org.apache.commons/commons-compress@1.23.0MEDIUM3Highest76
surefire-shared-utils-3.2.2.jarcpe:2.3:a:apache:maven_shared_utils:3.2.2:*:*:*:*:*:*:*pkg:maven/org.apache.maven.surefire/surefire-shared-utils@3.2.2CRITICAL1Highest27
surefire-shared-utils-3.2.3.jar (shaded: org.apache.commons:commons-compress:1.25.0)cpe:2.3:a:apache:commons_compress:1.25.0:*:*:*:*:*:*:*pkg:maven/org.apache.commons/commons-compress@1.25.0MEDIUM2Highest76
surefire-shared-utils-3.2.3.jar (shaded: org.apache.commons:commons-lang3:3.14.0)cpe:2.3:a:apache:commons_lang:3.14.0:*:*:*:*:*:*:*pkg:maven/org.apache.commons/commons-lang3@3.14.0MEDIUM1Highest118
surefire-shared-utils-3.2.3.jarcpe:2.3:a:apache:maven_shared_utils:3.2.3:*:*:*:*:*:*:*pkg:maven/org.apache.maven.surefire/surefire-shared-utils@3.2.3CRITICAL1Highest27
tab.module.js 00
tab.module.min.js 00
tab.nomodule.js 00
tab.nomodule.min.js 00
table.module.js 00
table.module.min.js 00
table.nomodule.js 00
table.nomodule.min.js 00
tag.module.js 00
tag.module.min.js 00
tag.nomodule.js 00
tag.nomodule.min.js 00
tagsoup-1.2.1.jarpkg:maven/org.ccil.cowan.tagsoup/tagsoup@1.2.1 023
testcontainers-1.21.3.jarpkg:maven/org.testcontainers/testcontainers@1.21.3 027
tests-3.0.7.jarpkg:maven/fr.numeco/tests@3.0.7 014
tile.module.js 00
tile.module.min.js 00
tile.nomodule.js 00
tile.nomodule.min.js 00
toggle.module.js 00
toggle.module.min.js 00
toggle.nomodule.js 00
toggle.nomodule.min.js 00
tooltip.module.js 00
tooltip.module.min.js 00
tooltip.nomodule.js 00
tooltip.nomodule.min.js 00
transcription.module.js 00
transcription.module.min.js 00
transcription.nomodule.js 00
transcription.nomodule.min.js 00
transformed-bytecode.jar 08
transformed-bytecode.jar 08
vertx-web-common-4.5.23.jarcpe:2.3:a:eclipse:vert.x:4.5.23:*:*:*:*:*:*:*
cpe:2.3:a:eclipse:vert.x-web:4.5.23:*:*:*:*:*:*:*		pkg:maven/io.vertx/vertx-web-common@4.5.23 0High30
wagon-file-3.5.3.jarcpe:2.3:a:apache:maven_wagon:3.5.3:*:*:*:*:*:*:*pkg:maven/org.apache.maven.wagon/wagon-file@3.5.3 0Highest27
webapp-3.0.7.jar 09
webapp-3.0.7.jarpkg:maven/fr.gouv.misis/webapp@3.0.7 016
woodstox-core-7.1.1.jar (shaded: com.sun.xml.bind.jaxb:isorelax:20090621)pkg:maven/com.sun.xml.bind.jaxb/isorelax@20090621 012
woodstox-core-7.1.1.jar (shaded: net.java.dev.msv:xsdlib:2022.7)cpe:2.3:a:xml_library_project:xml_library:2022.7:*:*:*:*:*:*:*pkg:maven/net.java.dev.msv/xsdlib@2022.7 0Low9
woodstox-core-7.1.1.jarcpe:2.3:a:fasterxml:woodstox:7.1.1:*:*:*:*:*:*:*pkg:maven/com.fasterxml.woodstox/woodstox-core@7.1.1 0Highest55
word-23.1.2.jarpkg:maven/org.graalvm.sdk/word@23.1.2 027
xml-path-5.5.6.jarpkg:maven/io.rest-assured/xml-path@5.5.6 024
xmlpull-1.1.3.1.jarpkg:maven/xmlpull/xmlpull@1.1.3.1 017
xstream-1.4.20.jarcpe:2.3:a:xstream:xstream:1.4.20:*:*:*:*:*:*:*pkg:maven/com.thoughtworks.xstream/xstream@1.4.20 0Highest54
xz-1.9.jarpkg:maven/org.tukaani/xz@1.9 032

* indicates the dependency has a known exploited vulnerability

Dependencies (vulnerable)

accordion.module.js

File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/component/accordion/accordion.module.js
MD5: cd9dc460ce0b9a4301c68736b4b09895
SHA1: 3e501278557bbc564f22982bd0c805083780f0e7
SHA256:32bcd5ec5cca4bc35f7b8efb90de6ff866709094924f3635d70780500fb2cdf1

Identifiers

  • None

accordion.module.min.js

File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/component/accordion/accordion.module.min.js
MD5: 9d8b3360f5dfcab3cab1fc14d162b58e
SHA1: f6f302e2b04c3c10ceb2e154d4bed8ec3cf03d97
SHA256:7455f8683a795460da575b4d060276ce10e88bc49f02b16216b39ee888ecaef6

Identifiers

  • None

accordion.nomodule.js

File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/component/accordion/accordion.nomodule.js
MD5: a2ba4e1ddf1aded869edb00f0e580964
SHA1: 2715fccb41f825f76979d2873c9df6337823f2d9
SHA256:f9df85d6e98d056ee5b9966a5cdc3ce0827b512adaaa442e9a472ab751b4f31b

Identifiers

  • None

accordion.nomodule.min.js

File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/component/accordion/accordion.nomodule.min.js
MD5: a7776a5898396866ed300375f22aa870
SHA1: a9cd8c5246df275caa18398a32a34d95c3f6c1bf
SHA256:853e254857d18c135c0eaf060e21f24750cce4a1c2b1cd28a641a95eb2e5f14b

Identifiers

  • None

aesh-2.8.2.jar

Description:

Æsh (Another Extendable SHell)

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/aesh/aesh/2.8.2/aesh-2.8.2.jar
MD5: 21ea647cd351585c6c633c25dea02983
SHA1: b3da34498cb59529b5e39e4092dc435d1da9d83f
SHA256:8c1e17fd1ab9d3a736bdee7fbd649e174f7dc26c1ceeac6e9ea596a9d63fcffd

Identifiers

  • pkg:maven/org.aesh/aesh@2.8.2  (Confidence:High)

aether-api-1.0.0.v20140518.jar

Description:

    The application programming interface for the repository system.

License:

http://www.eclipse.org/legal/epl-v10.html
File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/eclipse/aether/aether-api/1.0.0.v20140518/aether-api-1.0.0.v20140518.jar
MD5: b05ef5410dad83a4e9ba50e08e0dbbf4
SHA1: be68e917f454dcd841865ad7cf9b7615b26a51f7
SHA256:84b98521684ab22f9528470fa6d8ab68a230e1b211623c989ba7016c306eb773

Identifiers

  • pkg:maven/org.eclipse.aether/aether-api@1.0.0.v20140518  (Confidence:High)

aether-util-1.0.0.v20140518.jar

Description:

    A collection of utility classes to ease usage of the repository system.

License:

http://www.eclipse.org/legal/epl-v10.html
File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/eclipse/aether/aether-util/1.0.0.v20140518/aether-util-1.0.0.v20140518.jar
MD5: 08495ee7ecf90f0b528e7d65471532af
SHA1: 7df5ba98ce8b78985d75fdd8c2981fe69234ef85
SHA256:aff0951639837c4e3a4699a421fa79f410032f603f5c6a5bba435e98531f3984

Identifiers

  • pkg:maven/org.eclipse.aether/aether-util@1.0.0.v20140518  (Confidence:High)

analytics.module.js

File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/analytics/analytics.module.js
MD5: 81317dd36704b0f335d8bdc1c1183fcd
SHA1: 144d3b8ea24f38f253ad360bbdff3d9d5c7a59d3
SHA256:1a0708341244e7e5e47fe5786a37226715e35c73e5447dbbabc8a4f972f2e48d

Identifiers

  • None

analytics.module.min.js

File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/analytics/analytics.module.min.js
MD5: e96ff264cd094f8f7885e241959b0edd
SHA1: a2f242c130dbebd6d21fd057eeaf13138f920785
SHA256:2227a6199078f6049bd4928caf40d340331a2aa598bf99afb7e1b6d92e2021a8

Identifiers

  • None

analytics.nomodule.js

File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/analytics/analytics.nomodule.js
MD5: e4726e6d2e7b05750c1f7e8ac1ce58cc
SHA1: 99d43910acf714da21e5ee91d5fa4ebfa7e166a0
SHA256:589a2d56477f2bb7debd104be24548fedf022cd6609f33aa2271ba0280649d5c

Identifiers

  • None

analytics.nomodule.min.js

File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/analytics/analytics.nomodule.min.js
MD5: 19d8562d51e4b7d1c9aab6fac7def375
SHA1: 367fdac2f1cebd61dbaade497678b232d1396274
SHA256:461573fb1056cd8a804d77b2a57e4a0a5e78cd21117aeb70ff145a3d2f2ce65d

Identifiers

  • None

analyzer-3.0.7.jar

File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/analyzer-3.0.7.jar
MD5: f7c853589a4ed4f7c83946028ff0dd80
SHA1: db13787b2136f05b5258e3f690e5f0e8edc07834
SHA256:a838c466f1519bb59fe90fe0d6f69605e32569e4293ef3c190bef86dd585ff47

Identifiers

  • pkg:maven/fr.gouv.misis/analyzer@3.0.7  (Confidence:High)

analyzer-3.0.7.jar

File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/app/analyzer-3.0.7.jar
MD5: 679981326231a5219338be90312737b7
SHA1: d5e1afca671163e2cd296134abf34182a08ecfc2
SHA256:98067b95296c46be1f5d205b03648e36b45fe9ced533442f0413aed6022e1c16

Identifiers

  • None

annotations-26.0.2.jar

Description:

A set of annotations used for code inspection support and code documentation.

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/jetbrains/annotations/26.0.2/annotations-26.0.2.jar
MD5: ef0e782af9ee48fac1156485366d7cc9
SHA1: c7ce3cdeda3d18909368dfe5977332dfad326c6d
SHA256:2037be378980d3ba9333e97955f3b2cde392aa124d04ca73ce2eee6657199297

Identifiers

  • pkg:maven/org.jetbrains/annotations@26.0.2  (Confidence:High)

aopalliance-1.0.jar

Description:

AOP Alliance

License:

Public Domain
File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/aopalliance/aopalliance/1.0/aopalliance-1.0.jar
MD5: 04177054e180d09e3998808efa0401c7
SHA1: 0235ba8b489512805ac13a8f9ea77a1ca5ebe3e8
SHA256:0addec670fedcd3f113c5c8091d783280d23f75e3acb841b61a9cdb079376a08

Identifiers

  • pkg:maven/aopalliance/aopalliance@1.0  (Confidence:High)

apiguardian-api-1.1.2.jar

Description:

@API Guardian

License:

The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/apiguardian/apiguardian-api/1.1.2/apiguardian-api-1.1.2.jar
MD5: 8c7de3f82037fa4a2e8be2a2f13092af
SHA1: a231e0d844d2721b0fa1b238006d15c6ded6842a
SHA256:b509448ac506d607319f182537f0b35d71007582ec741832a1f111e5b5b70b38

Identifiers

  • pkg:maven/org.apiguardian/apiguardian-api@1.1.2  (Confidence:High)

asm-9.6.jar

Description:

ASM, a very small and fast Java bytecode manipulation framework

License:

BSD-3-Clause: https://asm.ow2.io/license.html
File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/ow2/asm/asm/9.6/asm-9.6.jar
MD5: 6f8bccf756f170d4185bb24c8c2d2020
SHA1: aa205cf0a06dbd8e04ece91c0b37c3f5d567546a
SHA256:3c6fac2424db3d4a853b669f4e3d1d9c3c552235e19a319673f887083c2303a1

Identifiers

  • pkg:maven/org.ow2.asm/asm@9.6  (Confidence:High)

asm-9.7.1.jar

Description:

ASM, a very small and fast Java bytecode manipulation framework

License:

BSD-3-Clause: https://asm.ow2.io/license.html
File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/ow2/asm/asm/9.7.1/asm-9.7.1.jar
MD5: e2cdd32d198ad31427d298eee9d39d8d
SHA1: f0ed132a49244b042cd0e15702ab9f2ce3cc8436
SHA256:8cadd43ac5eb6d09de05faecca38b917a040bb9139c7edeb4cc81c740b713281

Identifiers

  • pkg:maven/org.ow2.asm/asm@9.7.1  (Confidence:High)

asm-9.8.jar

Description:

ASM, a very small and fast Java bytecode manipulation framework

License:

BSD-3-Clause: https://asm.ow2.io/license.html
File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/ow2/asm/asm/9.8/asm-9.8.jar
MD5: f5adf3bfc54fb3d2cd8e3a1f275084bc
SHA1: dc19ecb3f7889b7860697215cae99c0f9b6f6b4b
SHA256:876eab6a83daecad5ca67eb9fcabb063c97b5aeb8cf1fca7a989ecde17522051

Identifiers

  • pkg:maven/org.ow2.asm/asm@9.8  (Confidence:High)

asm-9.9.jar

Description:

ASM, a very small and fast Java bytecode manipulation framework

License:

BSD-3-Clause: https://asm.ow2.io/license.html
File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/ow2/asm/asm/9.9/asm-9.9.jar
MD5: 6d1dd0482c03a6dc1807d9d004456021
SHA1: c29635c8a7afa03d74b33c1884df8abb2b3f3dcc
SHA256:03d99a74ad1ee5c71334ef67437f4ef4fe3488caa7c96d8645abc73c8e2017d4

Identifiers

  • pkg:maven/org.ow2.asm/asm@9.9  (Confidence:High)

asm-analysis-9.9.jar

Description:

Static code analysis API of ASM, a very small and fast Java bytecode manipulation framework

License:

BSD-3-Clause: https://asm.ow2.io/license.html
File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/ow2/asm/asm-analysis/9.9/asm-analysis-9.9.jar
MD5: f07383cfbd50f097558341a03b8871e1
SHA1: 0bf4fa6e66638851c1cd22c2caea0c3ee5d5f437
SHA256:6a15d28e8bd29ba4fd5bca4baf9b50e8fba2d7b51fbf78cfa0c875a7214c678b

Identifiers

  • pkg:maven/org.ow2.asm/asm-analysis@9.9  (Confidence:High)

asm-commons-9.8.jar

Description:

Usefull class adapters based on ASM, a very small and fast Java bytecode manipulation framework

License:

BSD-3-Clause: https://asm.ow2.io/license.html
File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/ow2/asm/asm-commons/9.8/asm-commons-9.8.jar
MD5: c8c3d9ccf240144e74d94ff658b024c9
SHA1: 36e4d212970388e5bd2c5180292012502df461bb
SHA256:3301a1c1cb4c59fcc5292648dac1d7c5aed4c0f067dfbe88873b8cdfe77404f4

Identifiers

  • pkg:maven/org.ow2.asm/asm-commons@9.8  (Confidence:High)

asm-commons-9.9.jar

Description:

Usefull class adapters based on ASM, a very small and fast Java bytecode manipulation framework

License:

BSD-3-Clause: https://asm.ow2.io/license.html
File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/ow2/asm/asm-commons/9.9/asm-commons-9.9.jar
MD5: 8103b3de8f48fb4c7f97efdaa46ce809
SHA1: db9165a3bf908ded6b08612d583a15d1d0c7bda0
SHA256:db2f6f26150bbe7c126606b4a1151836bcc22a1e05a423b3585698bece995ff8

Identifiers

  • pkg:maven/org.ow2.asm/asm-commons@9.9  (Confidence:High)

asm-tree-9.8.jar

Description:

Tree API of ASM, a very small and fast Java bytecode manipulation framework

License:

BSD-3-Clause: https://asm.ow2.io/license.html
File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/ow2/asm/asm-tree/9.8/asm-tree-9.8.jar
MD5: 4ab1aaec43c77a2d9b56e6d6d496f705
SHA1: 018419ca5b77a2f81097c741e7872e6ab8d2f40d
SHA256:14b7880cb7c85eed101e2710432fc3ffb83275532a6a894dc4c4095d49ad59f1

Identifiers

  • pkg:maven/org.ow2.asm/asm-tree@9.8  (Confidence:High)

asm-tree-9.9.jar

Description:

Tree API of ASM, a very small and fast Java bytecode manipulation framework

License:

BSD-3-Clause: https://asm.ow2.io/license.html
File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/ow2/asm/asm-tree/9.9/asm-tree-9.9.jar
MD5: 912eeaba1a63d574ffc66c651c7c6725
SHA1: f8de6eead6d24dd0f45bd065bbe112b2cda6ea21
SHA256:42178f3775c9c63f9e5e1446747d29b4eca4d91bd6e75e5c43cfa372a47d38c6

Identifiers

  • pkg:maven/org.ow2.asm/asm-tree@9.9  (Confidence:High)

asm-util-9.9.jar

Description:

Utilities for ASM, a very small and fast Java bytecode manipulation framework

License:

BSD-3-Clause: https://asm.ow2.io/license.html
File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/ow2/asm/asm-util/9.9/asm-util-9.9.jar
MD5: ef5e90e736cd09bc407c1d46a3faba0f
SHA1: 42fdfc0508b43807c8078d6e82ecff2ce2112ae8
SHA256:3842e13cfe324ee9ab7cdc4914be9943541ead397c17e26daf0b8a755bede717

Identifiers

  • pkg:maven/org.ow2.asm/asm-util@9.9  (Confidence:High)

assertj-core-3.25.3.jar

Description:

Rich and fluent assertions for testing in Java

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/assertj/assertj-core/3.25.3/assertj-core-3.25.3.jar
MD5: 88258246abdcbf7298b7c3401273e15b
SHA1: 792b270e73aa1cfc28fa135be0b95e69ea451432
SHA256:7fbdffa1996d43cc08e2576e01008b07e57bbad2b4741aa6c3ab73ce8511130e

Identifiers

  • pkg:maven/org.assertj/assertj-core@3.25.3  (Confidence:High)

auto-value-annotations-1.9.jar

Description:

    Immutable value-type code generation for Java 1.7+.

File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/com/google/auto/value/auto-value-annotations/1.9/auto-value-annotations-1.9.jar
MD5: 86f1f5d71eceea4eb4e3ad0505e8b22c
SHA1: 25a0fcef915f663679fcdb447541c5d86a9be4ba
SHA256:fa5469f4c44ee598a2d8f033ab0a9dcbc6498a0c5e0c998dfa0c2adf51358044

Identifiers

  • pkg:maven/com.google.auto.value/auto-value-annotations@1.9  (Confidence:High)

breadcrumb.module.js

File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/component/breadcrumb/breadcrumb.module.js
MD5: 81abd56fd01367d90023d5404429f74d
SHA1: 94ca5085adef108725777be33d59ff71b39fbd51
SHA256:97593e77d53ccd014fde3cb1f86a1fafd2bf407de0c919bff58b437af0c72d5c

Identifiers

  • None

breadcrumb.module.min.js

File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/component/breadcrumb/breadcrumb.module.min.js
MD5: 558df019402f41b7ae4a07c847a925f6
SHA1: 1d3fc5aea859324fc28ccf38a4055e2141ca79d3
SHA256:a9dcd870582730dd6124fb3df360f1c3182cd626e0577d6375ab7612ab6c35ff

Identifiers

  • None

breadcrumb.nomodule.js

File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/component/breadcrumb/breadcrumb.nomodule.js
MD5: a01dde0bb0a237651c724eea56ca1d80
SHA1: 71a303f47a820d2a21dee9eee78c62725097edeb
SHA256:27e8b1bc75bdf456bec03539adca0a586dc0841187a5fd3f6f66a5c661825558

Identifiers

  • None

breadcrumb.nomodule.min.js

File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/component/breadcrumb/breadcrumb.nomodule.min.js
MD5: 8de073c76554863925c9cca277c4d50f
SHA1: ea551aa41da081bb1ecde109b99b222e15ecbd7b
SHA256:558600af72146626607abedae9e162e83643cd8a0c9191f5977b33f577f995ee

Identifiers

  • None

button.module.js

File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/component/button/button.module.js
MD5: 6b9ab44370787fbe3d6237e4f55a6c57
SHA1: 95d4e8d33e16d5e9924187ed54e575d3858a8e94
SHA256:51b052656842ef3a5f0b92891ac1f7222e950a8652c48cf094c73f2e68049313

Identifiers

  • None

button.module.min.js

File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/component/button/button.module.min.js
MD5: 8d96f771898c4ff532224ea61e35b5a6
SHA1: 602f5fcc2e8cbb9ef7d87f59d6f48c583c2ff0f5
SHA256:6253f92abfa11553c2a9e0cfc107b6c8f4ef9f6955df67e474ddf964f85e67d7

Identifiers

  • None

button.nomodule.js

File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/component/button/button.nomodule.js
MD5: b0b4a259b71e96245fcde148a2975998
SHA1: fca865e6a00045e596d5a478c294cc47accbca95
SHA256:983ce443f4b8d62abf85dfe0d5d3f4e12c86763d6862017362f7b938132c63ac

Identifiers

  • None

button.nomodule.min.js

File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/component/button/button.nomodule.min.js
MD5: ce5eb555f9026ac0ca6213f7e7f7395a
SHA1: 98da99b183eadcfa44acbcb89ad92bb6d8aea723
SHA256:a6e5cff90dc9b3236f22104b84fa20972f4c729878fdb8f4e27c7b9af0fa9daa

Identifiers

  • None

byte-buddy-agent-1.17.7.jar

Description:

The Byte Buddy agent offers convenience for attaching an agent to the local or a remote VM.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/net/bytebuddy/byte-buddy-agent/1.17.7/byte-buddy-agent-1.17.7.jar
MD5: d805e73391e6fc6d3de5af86e31ae0f7
SHA1: fbf3d6d649ed37fc9e9c59480a05be0a26e3c2da
SHA256:a9ba887dca252ad61b7d5153294f34e6f3bdf4b2736b04373d13615a695fc0ff

Identifiers

  • pkg:maven/net.bytebuddy/byte-buddy-agent@1.17.7  (Confidence:High)

byte-buddy-agent-1.17.7.jar: attach_hotspot_windows.dll

File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/net/bytebuddy/byte-buddy-agent/1.17.7/byte-buddy-agent-1.17.7.jar/win32-x86-64/attach_hotspot_windows.dll
MD5: 053a783e5777c6a9867c27d51af89677
SHA1: 5ef4d98ae6a033a5707d0b5466e6138beb337e76
SHA256:16d424423f9b09accf132ad35dbeaa52ac9f6bd45bba1406b89df851f651db20

Identifiers

  • None

byte-buddy-agent-1.17.7.jar: attach_hotspot_windows.dll

File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/net/bytebuddy/byte-buddy-agent/1.17.7/byte-buddy-agent-1.17.7.jar/win32-x86/attach_hotspot_windows.dll
MD5: fbca33102ac97be0ed496c0f78e466b3
SHA1: c4df05146a86a6d073769bb697d550ef42518ed5
SHA256:810f94c4a2f5ca1a072c19859f7954fed9aa3a1dcb0d601e92d2338793202e72

Identifiers

  • None

camel-quarkus-core-deployment-3.30.0.jar

File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/apache/camel/quarkus/camel-quarkus-core-deployment/3.30.0/camel-quarkus-core-deployment-3.30.0.jar
MD5: 61d4815732be0e379f96203d44368d72
SHA1: 87f097c0b269e1e217da619c9b5a08a82f2b0763
SHA256:cc612accbb03e5efd7194d5409ea39e8b013d7853ba07986c773da098e688553

Identifiers

camel-quarkus-core-deployment-3.30.0.jar: qwc-camel-core-blocked-exchanges.js

File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/apache/camel/quarkus/camel-quarkus-core-deployment/3.30.0/camel-quarkus-core-deployment-3.30.0.jar/dev-ui/qwc-camel-core-blocked-exchanges.js
MD5: 7735987a20cf551108276b98a58641ed
SHA1: 034265f60de8a9b7e76d06fb4e70821944850dbd
SHA256:9d262a08ada1ceb8ad59ce11d435e058a134e2eeb8ba2f0310c8d83d92c0a227

Identifiers

  • None

camel-quarkus-core-deployment-3.30.0.jar: qwc-camel-core-browse.js

File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/apache/camel/quarkus/camel-quarkus-core-deployment/3.30.0/camel-quarkus-core-deployment-3.30.0.jar/dev-ui/qwc-camel-core-browse.js
MD5: f7762a9fb455dcd00e9196027e97b043
SHA1: 27a2f757571fb21ad1b0b2d38b806d2178496594
SHA256:c8c03c301269ccd3890951821e8fc56397e6b27afd950098d46824e2d5992d39

Identifiers

  • None

camel-quarkus-core-deployment-3.30.0.jar: qwc-camel-core-context.js

File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/apache/camel/quarkus/camel-quarkus-core-deployment/3.30.0/camel-quarkus-core-deployment-3.30.0.jar/dev-ui/qwc-camel-core-context.js
MD5: dd03e36a591c654b85d7384e135120fe
SHA1: b6c4923a793161d2b3e6f443d7c6656195c45897
SHA256:7cee74af02c1d4207242b742ff09c8b834a561d2aabe123615170eaa62fce7d9

Identifiers

  • None

camel-quarkus-core-deployment-3.30.0.jar: qwc-camel-core-events.js

File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/apache/camel/quarkus/camel-quarkus-core-deployment/3.30.0/camel-quarkus-core-deployment-3.30.0.jar/dev-ui/qwc-camel-core-events.js
MD5: 5af416800d95b9d71c4b3fc72bafbf9f
SHA1: c7b75b8b3a7d4b2ec720bebbb4c75449be74b6ec
SHA256:b78e066ef255f858e7f9af5d6d19b4fe440c262867dccfa97a1d7dcb55ae707c

Identifiers

  • None

camel-quarkus-core-deployment-3.30.0.jar: qwc-camel-core-inflight-exchanges.js

File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/apache/camel/quarkus/camel-quarkus-core-deployment/3.30.0/camel-quarkus-core-deployment-3.30.0.jar/dev-ui/qwc-camel-core-inflight-exchanges.js
MD5: 36c6865e077e752e3f24e87db3f56a6d
SHA1: 7cff185e1d7bdb27eca86af48b39fcfb5b0de329
SHA256:32b7efc104d9b55629b778b4b963fd1e41a16d3e0d8774908380ebbb52b2f950

Identifiers

  • None

camel-quarkus-core-deployment-3.30.0.jar: qwc-camel-core-rest.js

File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/apache/camel/quarkus/camel-quarkus-core-deployment/3.30.0/camel-quarkus-core-deployment-3.30.0.jar/dev-ui/qwc-camel-core-rest.js
MD5: 27b23f870f9cbbe38ee2d2e356eb0da5
SHA1: ab6d493d8c7e97a3affa95ecc65dcc95cf3132f4
SHA256:06fdbf586c711eae80ce890ddc242c873ef6178a5f58392e7029fb0ed2b7d48a

Identifiers

  • None

camel-quarkus-core-deployment-3.30.0.jar: qwc-camel-core-routes.js

File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/apache/camel/quarkus/camel-quarkus-core-deployment/3.30.0/camel-quarkus-core-deployment-3.30.0.jar/dev-ui/qwc-camel-core-routes.js
MD5: 3cbe87042385fee5040af0f88dc588b2
SHA1: 592c6f7c306b519d06750487cdcdb93e8c95f55a
SHA256:e469bea62383394dbb36f91b34344b65c4971528611a1b475b966512b42e034d

Identifiers

  • None

camel-quarkus-core-deployment-3.30.0.jar: qwc-camel-core-variables.js

File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/apache/camel/quarkus/camel-quarkus-core-deployment/3.30.0/camel-quarkus-core-deployment-3.30.0.jar/dev-ui/qwc-camel-core-variables.js
MD5: 59cf5346d672d7aa87f5a8158ada279a
SHA1: d357d1c72cdb7c1fd841c09521b601cfaba10756
SHA256:8e29d924d8cc979b507b3a88435437fdc0e4136c8969f5f61468043a0e15de2a

Identifiers

  • None

camel-quarkus-core-deployment-3.30.0.jar: qwc-camel-core.js

File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/apache/camel/quarkus/camel-quarkus-core-deployment/3.30.0/camel-quarkus-core-deployment-3.30.0.jar/dev-ui/qwc-camel-core.js
MD5: 5fe80dc193b98a399ca4cb40d2d623a0
SHA1: 93ed169a8058a54c502846aa9fb2c573c5e47830
SHA256:73b0f0aa97f8eae490d35e2266115437110e34f70cfbd94bcbb7aa0bf84da960

Identifiers

  • None

card.module.js

File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/component/card/card.module.js
MD5: 0f3ce1f30fd59508b37e5fbf5b339154
SHA1: 394abdebb735ceb8aecb70c18075d1f0b7b36e13
SHA256:6eaf93371268b9c4836d94d730cc945f51c9e95a22e10c94bf0c73f1778cefad

Identifiers

  • None

card.module.min.js

File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/component/card/card.module.min.js
MD5: 124a934285dcadfc7cfe7ae20150798f
SHA1: aab5a2633491d8e1cc523d5ebcd2b40f898e7980
SHA256:f2d01b86afdedd3b696cb28bd04fdd39da9f99e3bada8a5fbb32403e955c6b86

Identifiers

  • None

card.nomodule.js

File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/component/card/card.nomodule.js
MD5: 2ca09e772d5e7dc95cd6fba1330f5b15
SHA1: de01e48e50f479a20931ec638dbab09271d20ba2
SHA256:71d9d86acb4ba321cb010485d68043fc0a1dff0ce0bf9564ea7369cd9da8f41c

Identifiers

  • None

card.nomodule.min.js

File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/component/card/card.nomodule.min.js
MD5: 6ed3e0e0ad1abfa7919970672ad4fe37
SHA1: 404d02c2b32c7a841652621f62849e4881230d59
SHA256:c541fb9c3de051a9f89b6476a79c11e68ea08b704e030dc1fdf6bb10483d7f03

Identifiers

  • None

com.aayushatharva.brotli4j.brotli4j-1.16.0.jar

File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/com.aayushatharva.brotli4j.brotli4j-1.16.0.jar
MD5: 5b8de53b9758ec92871b52f31554cd0f
SHA1: 990e983bb462867d036c7c243c6566f65fdca68f
SHA256:285a0b96150649db6fd9d8a0a22ea98fc2b8a558fc924b21836a59550975485e

Identifiers

  • None

com.aayushatharva.brotli4j.native-linux-x86_64-1.16.0.jar

File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/com.aayushatharva.brotli4j.native-linux-x86_64-1.16.0.jar
MD5: e302ee0b9c6fb3dc910e24e8b5095ce2
SHA1: e72d451319f3b95879f47db7eeea7f720cb84d62
SHA256:b6933c389857e1a7f400455096cec01ee76be73d51a9fb1164d2700d3d31054d

Identifiers

  • None

com.aayushatharva.brotli4j.service-1.16.0.jar

File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/com.aayushatharva.brotli4j.service-1.16.0.jar
MD5: 0a3db781b3b2a0463d1a0c44d7085f19
SHA1: bd45e3f5a7165e190ea759abf220ce87d5f59103
SHA256:8e233823936a60d00b9d4434e733bd60aeaaac1c149ae5d9c9e7a49caecafa2d

Identifiers

  • cpe:2.3:a:service_project:service:1.16.0:*:*:*:*:*:*:*  (Confidence:Low)  

com.cronutils.cron-utils-9.2.1.jar

Description:

A Java library to parse, migrate and validate crons as well as describe them in human readable        language

License:

http://www.apache.org/licenses/LICENSE-2.0.html
File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/com.cronutils.cron-utils-9.2.1.jar
MD5: 4c27537eecc6fa37ed5740b5383643c8
SHA1: 5d3738bc7a2eaa45a94a76c6e87af54a95414637
SHA256:02af0e8b2fe93c9fa6eecf97b53b39faae14c5b996356edb132e9fe620013744

Identifiers

  • cpe:2.3:a:cron-utils_project:cron-utils:9.2.1:*:*:*:*:*:*:*  (Confidence:Low)  

com.fasterxml.classmate-1.7.1.jar

Description:

Library for introspecting types with full generic informationincluding resolving of field and method types.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/com.fasterxml.classmate-1.7.1.jar
MD5: e64a0680ebc8facde9b4cc431cbc248c
SHA1: e803194e4362a2c0585087c5f315682897d12f00
SHA256:cc3299e5df4fc24180e69477c890d07d38db79dd2decc0ef20e74a986897c0a1

Identifiers

  • None

com.fasterxml.jackson.core.jackson-annotations-2.20.jar

Description:

Core annotations used for value types, used by Jackson data binding package.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/com.fasterxml.jackson.core.jackson-annotations-2.20.jar
MD5: b901def3c20752817f27130e4b8d6640
SHA1: 6a5e7291ea3f2b590a7ce400adb7b3aea4d7e12c
SHA256:959a2ffb2d591436f51f183c6a521fc89347912f711bf0cae008cdf045d95319

Identifiers

  • None

com.fasterxml.jackson.core.jackson-core-2.20.1.jar

Description:

Core Jackson processing abstractions (aka Streaming API), implementation for JSON

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/com.fasterxml.jackson.core.jackson-core-2.20.1.jar
MD5: 889b2c417b61c9f4f460b06957147234
SHA1: 5734323adfece72111769b0ae38a6cf803e3d178
SHA256:ffab4d957daa2796cf24cb66d0b78a7090f1bcbe17c3a4578f09affaaf137089

Identifiers

  • None

com.fasterxml.jackson.core.jackson-databind-2.20.1.jar

Description:

General data-binding functionality for Jackson: works on core streaming API

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/com.fasterxml.jackson.core.jackson-databind-2.20.1.jar
MD5: 49d7b7226df5ed4a036e48997a03d066
SHA1: 9586a7fe0e1775de0e54237fa6a2c8455c93ac06
SHA256:34bbeb4526fff4f8565b12106bf85a6afcbae858966d489b54214ac46b2e26e8

Identifiers

com.fasterxml.jackson.dataformat.jackson-dataformat-yaml-2.20.1.jar

Description:

Support for reading and writing YAML-encoded data via Jackson abstractions.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/com.fasterxml.jackson.dataformat.jackson-dataformat-yaml-2.20.1.jar
MD5: 66dc3c5f31150557109b14182ed7ed8a
SHA1: e6da043059c9ec631a3429ded461d5d92f240c3f
SHA256:030f1d91f7df278e86e1ba3e129fb520871ac16ce53017c735f708823be970db

Identifiers

com.fasterxml.jackson.datatype.jackson-datatype-jdk8-2.20.1.jar

Description:

Add-on module for Jackson (https://github.com/FasterXML/jackson) to supportJDK 8 data types.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/com.fasterxml.jackson.datatype.jackson-datatype-jdk8-2.20.1.jar
MD5: 9360afe5a78d29ce5510f670b3286e77
SHA1: 6a8bbc260ba834f67220117d9f08510d69c4a3f0
SHA256:6821cdd695e95c4e6853ec855a7432c71f2f4be318b3ca190fbbf8a2e5f981f2

Identifiers

com.fasterxml.jackson.datatype.jackson-datatype-jsr310-2.20.1.jar

Description:

Add-on module to support JSR-310 (Java 8 Date & Time API) data types.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /builds/pub/numeco/misis/misis-backend/webapp/target/quarkus-app/lib/main/com.fasterxml.jackson.datatype.jackson-datatype-jsr310-2.20.1.jar
MD5: 1ebd4e254f641f0cadf0ffdc1f662fea
SHA1: 7ad06a455afc4a38412d5dab127191bdc3d90faf
SHA256:692be83c7e2eebb53b995c11d813c603a7d716d60c9d2d4fb9486ecb105f9291

Identifiers

com.github.ben-manes.caffeine.caffeine-3.2.3.jar

Description:

A high performance caching library

License:

https://www.apache.org/licenses/LICENSE-2.0
File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/com.github.ben-manes.caffeine.caffeine-3.2.3.jar
MD5: 0258f45d43968523cc11beeb01b240f2
SHA1: c097f0f6d21a0e6db88ea55836e26419b30dfe19
SHA256:ca70c90a5d1ce1511880ce9c93d4ad22108f61111d3daf91eb52762b571bd179

Identifiers

  • None

com.google.auto.service.auto-service-annotations-1.1.1.jar

File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/com.google.auto.service.auto-service-annotations-1.1.1.jar
MD5: 418feb19f713c38641702c09b9033436
SHA1: da12a15cd058ba90a0ff55357fb521161af4736d
SHA256:16a76dd00a2650568447f5d6e3a9e2c809d9a42367d56b45215cfb89731f4d24

Identifiers

  • cpe:2.3:a:service_project:service:1.1.1:*:*:*:*:*:*:*  (Confidence:Low)  

com.google.errorprone.error_prone_annotations-2.44.0.jar

Description:

Error Prone is a static analysis tool for Java that catches common programming mistakes at compile-time.

License:

"Apache 2.0";link="http://www.apache.org/licenses/LICENSE-2.0.txt"
File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/com.google.errorprone.error_prone_annotations-2.44.0.jar
MD5: 11d0ff18fb88d4e4c48a4347e9e4a1e0
SHA1: bbbf88e1d12da9c6f7f204ca78a55446654ce7e1
SHA256:bcf738a525e546c926a233d0a169cf7eafcf703fe81ac9d6994f7244eda29052

Identifiers

  • None

com.google.guava.failureaccess-1.0.1.jar

Description:

Contains    com.google.common.util.concurrent.internal.InternalFutureFailureAccess and    InternalFutures. Most users will never need to use this artifact. Its    classes is conceptually a part of Guava, but they're in this separate    artifact so that Android libraries can use them without pulling in all of    Guava (just as they can use ListenableFuture by depending on the    listenablefuture artifact).

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/com.google.guava.failureaccess-1.0.1.jar
MD5: 091883993ef5bfa91da01dcc8fc52236
SHA1: 1dcf1de382a0bf95a3d8b0849546c88bac1292c9
SHA256:a171ee4c734dd2da837e4b16be9df4661afab72a41adaf31eb84dfdaf936ca26

Identifiers

  • cpe:2.3:a:google:guava:1.0.1:*:*:*:*:*:*:*  (Confidence:Low)  

CVE-2023-2976  

Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class.

Even though the security vulnerability is fixed in version 32.0.0, we recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.
CWE-552 Files or Directories Accessible to External Parties

CVSSv3:
  • Base Score: HIGH (7.1)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:1.8/RC:R/MAV:A

References:

Vulnerable Software & Versions:

CVE-2020-8908  

A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in question has been marked @Deprecated in versions 30.0 and later and should not be used. For Android developers, we recommend choosing a temporary directory API provided by Android, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime's java.io.tmpdir system property to point to a location whose permissions are appropriately configured.
CWE-378 Creation of Temporary File With Insecure Permissions, CWE-732 Incorrect Permission Assignment for Critical Resource

CVSSv3:
  • Base Score: LOW (3.3)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:1.8/RC:R/MAV:A
CVSSv2:
  • Base Score: LOW (2.1)
  • Vector: /AV:L/AC:L/Au:N/C:P/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

com.google.guava.guava-33.5.0-jre.jar

Description:

Guava is a suite of core and expanded libraries that include    utility classes, Google's collections, I/O classes, and    much more.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/com.google.guava.guava-33.5.0-jre.jar
MD5: d9fbf39a41a5bab891348f07668e18c5
SHA1: 8699de25f2f979108d6c1b804a7ba38cda1116bc
SHA256:1e301f0c52ac248b0b14fdc3d12283c77252d4d6f48521d572e7d8c4c2cc4ac7

Identifiers

  • cpe:2.3:a:google:guava:33.5.0:*:*:*:*:*:*:*  (Confidence:Low)  

com.google.j2objc.j2objc-annotations-2.8.jar

File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/com.google.j2objc.j2objc-annotations-2.8.jar
MD5: c50af69b704dc91050efb98e0dff66d1
SHA1: c85270e307e7b822f1086b93689124b89768e273
SHA256:f02a95fa1a5e95edb3ed859fd0fb7df709d121a35290eff8b74dce2ab7f4d6ed

Identifiers

  • None

com.opencsv.opencsv-5.11.2.jar

Description:

A simple library for reading and writing CSV in Java

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /builds/pub/numeco/misis/misis-backend/webapp/target/quarkus-app/lib/main/com.opencsv.opencsv-5.11.2.jar
MD5: 5773da53f17d87117a11df60f4328983
SHA1: 40b776b96a8f81cf675d5384ca6440c20e6e258a
SHA256:690daad9014f23afd3ab6f1b0c45a5e0b738ac37a8d2e810e196193aab521245

Identifiers

  • None

com.rabbitmq.amqp-client-5.20.0.jar

Description:

The RabbitMQ Java client library allows Java applications to interface with RabbitMQ.

License:

https://www.apache.org/licenses/LICENSE-2.0.html, https://www.gnu.org/licenses/gpl-2.0.txt, https://www.mozilla.org/en-US/MPL/2.0/
File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/com.rabbitmq.amqp-client-5.20.0.jar
MD5: c03b89b9df5ce7c5a43090ce6146a04c
SHA1: e8b2cbfe10d9cdcdc29961943b1c6c40f42e2f32
SHA256:420e085cad65b0b4889def4a5704ae7dfe467b1bedb9fee709b17c154207843b

Identifiers

com.sun.istack.istack-commons-runtime-4.1.2.jar

Description:

istack common utility code

License:

http://www.eclipse.org/org/documents/edl-v10.php
File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/com.sun.istack.istack-commons-runtime-4.1.2.jar
MD5: 535154ef647af2a52478c4debec93659
SHA1: 18ec117c85f3ba0ac65409136afa8e42bc74e739
SHA256:7fd6792361f4dd00f8c56af4a20cecc0066deea4a8f3dec38348af23fc2296ee

Identifiers

  • None

common-java5-3.2.2.jar

Description:

Shared Java 5 code for all providers.

File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/apache/maven/surefire/common-java5/3.2.2/common-java5-3.2.2.jar
MD5: 62ce140ee0cb1d7c6d392729e619c34b
SHA1: c43a047cf985b82b3ff9b765183d8a52cfa5794f
SHA256:97ad4c16be3dbc34d0f5658c690eeadce27bf177518a46ee0fe8452ed7d6836e

Identifiers

  • pkg:maven/org.apache.maven.surefire/common-java5@3.2.2  (Confidence:High)

common-java5-3.2.3.jar

Description:

Shared Java 5 code for all providers.

File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/apache/maven/surefire/common-java5/3.2.3/common-java5-3.2.3.jar
MD5: e93bbea13dcefd6781dc22cfccdd6735
SHA1: dd489494cee969cb1ca49d0adcde8108d35c6b6f
SHA256:ef1b816fce727e2cca7e712cca42db16c23691dd25176e9239da67d8193ba44a

Identifiers

  • pkg:maven/org.apache.maven.surefire/common-java5@3.2.3  (Confidence:High)

commonmark-0.27.0.jar

Description:

Core of commonmark-java (a library for parsing Markdown to an AST, modifying the AST and rendering it to HTML or Markdown)

License:

BSD-2-Clause: https://opensource.org/licenses/BSD-2-Clause
File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/commonmark/commonmark/0.27.0/commonmark-0.27.0.jar
MD5: c2435aad1f45b476322b324707e7f58a
SHA1: e1a4f968d70eefba0db19bcb534742b33812c96a
SHA256:7a5a1a6e848e729fd7f85309f39e777af949848a914e559caeb7f64baef6e63e

Identifiers

  • pkg:maven/org.commonmark/commonmark@0.27.0  (Confidence:High)

commons-cli-1.11.0.jar

Description:

    Apache Commons CLI provides a simple API for presenting, processing, and validating a Command Line Interface.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/commons-cli/commons-cli/1.11.0/commons-cli-1.11.0.jar
MD5: e689f5e4947368dd0233fc28f613f561
SHA1: a461452d3e31bebf2706323f8738ec44b19c96e1
SHA256:8f7f8605d68e15bf32db61ec94eac6fdafc51b1bdbe1e0e0802b57d23f387792

Identifiers

  • pkg:maven/commons-cli/commons-cli@1.11.0  (Confidence:High)

commons-codec-1.20.0.jar

Description:

     The Apache Commons Codec component contains encoders and decoders for
     formats such as Base16, Base32, Base64, digest, and Hexadecimal. In addition to these
     widely used encoders and decoders, the codec package also maintains a
     collection of phonetic encoding utilities.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/commons-codec/commons-codec/1.20.0/commons-codec-1.20.0.jar
MD5: 3fb10a4c7cc664241cc4ca8a0e10b0b8
SHA1: 6a671d1c456a875ff61abec63216f754078bb0ed
SHA256:6af66595f9f6a7bb58ce66518d6888d40b547c366d2262f06676eee19528ff66

Identifiers

  • pkg:maven/commons-codec/commons-codec@1.20.0  (Confidence:High)

commons-compress-1.21.jar

Description:

Apache Commons Compress software defines an API for working with
compression and archive formats.  These include: bzip2, gzip, pack200,
lzma, xz, Snappy, traditional Unix Compress, DEFLATE, DEFLATE64, LZ4,
Brotli, Zstandard and ar, cpio, jar, tar, zip, dump, 7z, arj.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/apache/commons/commons-compress/1.21/commons-compress-1.21.jar
MD5: 2a713d10331bc4e13459a3dc0463f16f
SHA1: 4ec95b60d4e86b5c95a0e919cb172a0af98011ef
SHA256:6aecfd5459728a595601cfa07258d131972ffc39b492eb48bdd596577a2f244a

Identifiers

CVE-2024-25710  

Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.3 through 1.25.0.

Users are recommended to upgrade to version 1.26.0 which fixes the issue.
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A

References:

Vulnerable Software & Versions:

CVE-2024-26308  

Allocation of Resources Without Limits or Throttling vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.21 before 1.26.

Users are recommended to upgrade to version 1.26, which fixes the issue.
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A

References:

Vulnerable Software & Versions:

commons-compress-1.27.1.jar

Description:

Apache Commons Compress defines an API for working with
compression and archive formats. These include bzip2, gzip, pack200,
LZMA, XZ, Snappy, traditional Unix Compress, DEFLATE, DEFLATE64, LZ4,
Brotli, Zstandard and ar, cpio, jar, tar, zip, dump, 7z, arj.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/apache/commons/commons-compress/1.27.1/commons-compress-1.27.1.jar
MD5: 1db4bd87b0082044c6e7a6af0b977a3e
SHA1: a19151084758e2fbb6b41eddaa88e7b8ff4e6599
SHA256:293d80f54b536b74095dcd7ea3cf0a29bbfc3402519281332495f4420d370d16

Identifiers

commons-compress-1.28.0.jar

Description:

Apache Commons Compress defines an API for working with
compression and archive formats. These include bzip2, gzip, pack200,
LZMA, XZ, Snappy, traditional Unix Compress, DEFLATE, DEFLATE64, LZ4,
Brotli, Zstandard and ar, cpio, jar, tar, zip, dump, 7z, arj.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/apache/commons/commons-compress/1.28.0/commons-compress-1.28.0.jar
MD5: f33efe616d561f8281ef7bf9f2576ad0
SHA1: e482f2c7a88dac3c497e96aa420b6a769f59c8d7
SHA256:e1522945218456f3649a39bc4afd70ce4bd466221519dba7d378f2141a4642ca

Identifiers

commons-io-2.11.0.jar

Description:

The Apache Commons IO library contains utility classes, stream implementations, file filters,
file comparators, endian transformation classes, and much more.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/commons-io/commons-io/2.11.0/commons-io-2.11.0.jar
MD5: 3b4b7ccfaeceeac240b804839ee1a1ca
SHA1: a2503f302b11ebde7ebc3df41daebe0e4eea3689
SHA256:961b2f6d87dbacc5d54abf45ab7a6e2495f89b75598962d8c723cea9bc210908

Identifiers

CVE-2024-47554  

Uncontrolled Resource Consumption vulnerability in Apache Commons IO.

The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input.


This issue affects Apache Commons IO: from 2.0 before 2.14.0.

Users are recommended to upgrade to version 2.14.0 or later, which fixes the issue.
CWE-400 Uncontrolled Resource Consumption

CVSSv3:
  • Base Score: MEDIUM (4.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

commons-io-2.12.0.jar

Description:

The Apache Commons IO library contains utility classes, stream implementations, file filters,
file comparators, endian transformation classes, and much more.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/commons-io/commons-io/2.12.0/commons-io-2.12.0.jar
MD5: 7abdf3e1c7bb44ae120be4b7dc1995f0
SHA1: e5e3eb2ff05b494287f51476bc715161412c525f
SHA256:74bd60c8eebd3d43f77a66c69c86540c257a3a098172f8b1d7fcdc9ed3e139ea

Identifiers

CVE-2024-47554  

Uncontrolled Resource Consumption vulnerability in Apache Commons IO.

The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input.


This issue affects Apache Commons IO: from 2.0 before 2.14.0.

Users are recommended to upgrade to version 2.14.0 or later, which fixes the issue.
CWE-400 Uncontrolled Resource Consumption

CVSSv3:
  • Base Score: MEDIUM (4.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

commons-io-2.15.0.jar

Description:

The Apache Commons IO library contains utility classes, stream implementations, file filters,
file comparators, endian transformation classes, and much more.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/commons-io/commons-io/2.15.0/commons-io-2.15.0.jar
MD5: 125a9d3dc2477b10cc6fa6e89c699e81
SHA1: 5c3c2db10f6f797430a7f9c696b4d1273768c924
SHA256:a328dad730921d197b6a9b195dffa00e41c974c2dac8fe37e84d31706bca7792

Identifiers

commons-io-2.18.0.jar

Description:

The Apache Commons IO library contains utility classes, stream implementations, file filters,
file comparators, endian transformation classes, and much more.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/commons-io/commons-io/2.18.0/commons-io-2.18.0.jar
MD5: 8cce74ccf461cd6502ae04c908eca917
SHA1: 44084ef756763795b31c578403dd028ff4a22950
SHA256:f3ca0f8d63c40e23a56d54101c60d5edee136b42d84bfb85bc7963093109cf8b

Identifiers

commons-io-2.21.0.jar

Description:

The Apache Commons IO library contains utility classes, stream implementations, file filters,
file comparators, endian transformation classes, and much more.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/commons-io/commons-io/2.21.0/commons-io-2.21.0.jar
MD5: bc7e020873f086ede85f97bd9f013215
SHA1: 52a6f68fe5afe335cde95461dd5c3412f04996f7
SHA256:7d643a2afea8b058b762aa6fb90e5b256f6c729739f8b3784c3370ddc609e88d

Identifiers

commons-io-2.6.jar

Description:

The Apache Commons IO library contains utility classes, stream implementations, file filters,
file comparators, endian transformation classes, and much more.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/commons-io/commons-io/2.6/commons-io-2.6.jar
MD5: 467c2a1f64319c99b5faf03fc78572af
SHA1: 815893df5f31da2ece4040fe0a12fd44b577afaf
SHA256:f877d304660ac2a142f3865badfc971dec7ed73c747c7f8d5d2f5139ca736513

Identifiers

CVE-2021-29425  

In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value.
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), CWE-20 Improper Input Validation

CVSSv3:
  • Base Score: MEDIUM (4.8)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:2.2/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (5.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2024-47554  

Uncontrolled Resource Consumption vulnerability in Apache Commons IO.

The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input.


This issue affects Apache Commons IO: from 2.0 before 2.14.0.

Users are recommended to upgrade to version 2.14.0 or later, which fixes the issue.
CWE-400 Uncontrolled Resource Consumption

CVSSv3:
  • Base Score: MEDIUM (4.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

commons-lang3-3.12.0.jar

Description:

  Apache Commons Lang, a package of Java utility classes for the
  classes that are in java.lang's hierarchy, or are considered to be so
  standard as to justify existence in java.lang.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/apache/commons/commons-lang3/3.12.0/commons-lang3-3.12.0.jar
MD5: 19fe50567358922bdad277959ea69545
SHA1: c6842c86792ff03b9f1d1fe2aab8dc23aa6c6f0e
SHA256:d919d904486c037f8d193412da0c92e22a9fa24230b9d67a57855c5c31c7e94e

Identifiers

CVE-2025-48924  

Uncontrolled Recursion vulnerability in Apache Commons Lang.

This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0.

The methods ClassUtils.getClass(...) can throw StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a 
StackOverflowError could cause an application to stop.

Users are recommended to upgrade to version 3.18.0, which fixes the issue.
CWE-674 Uncontrolled Recursion

CVSSv3:
  • Base Score: MEDIUM (5.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

commons-lang3-3.19.0.jar

Description:

  Apache Commons Lang, a package of Java utility classes for the
  classes that are in java.lang's hierarchy, or are considered to be so
  standard as to justify existence in java.lang.

  The code is tested using the latest revision of the JDK for supported
  LTS releases: 8, 11, 17 and 21 currently.
  See https://github.com/apache/commons-lang/blob/master/.github/workflows/maven.yml
  
  Please ensure your build environment is up-to-date and kindly report any build issues.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/apache/commons/commons-lang3/3.19.0/commons-lang3-3.19.0.jar
MD5: 2ac2db154e365d55d167ec1215125a3a
SHA1: d6524b169a6574cd253760c472d419b47bfd37e6
SHA256:32733ab4bc90b45b63eb72677d886961003fd4ed113e07b1028f9877cb2ac735

Identifiers

component.module.js

File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/component/component.module.js
MD5: 1c5af2930fb40cdd6240ad53c2b4d7a0
SHA1: d8e78d92618739ba682806312be1ae669092770c
SHA256:433d065544036de36c88aff714bf12740fe1fa991eea66584fa6281433abfe74

Identifiers

  • None

component.module.min.js

File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/component/component.module.min.js
MD5: 24ba171a94af062cc6daa20da3af60bb
SHA1: 035b0215d5e9481f9bbfd30b1001360b839e9735
SHA256:c3510209013cf4d0e96a008aedfcee262addcf7b4cd07941211452633cbb35a4

Identifiers

  • None

component.nomodule.js

File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/component/component.nomodule.js
MD5: 0ad2529bd9e3aec48bec141648993e0e
SHA1: dc909eaaa9af1a2d898e5984cf45a34fc6eb5645
SHA256:eedb70631d3fb7d5ca1fdd4538bed96977efef93fe7da5978a1f3a73e5071be0

Identifiers

  • None

component.nomodule.min.js

File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/component/component.nomodule.min.js
MD5: 6b9595aed1d4a293cbb4a5365f8c8796
SHA1: bc8ba652e2c0d03957f270315d76e7bd955d78a1
SHA256:39d179c9bad6c165a1e78bc358e72ecc8c196ae680c744801d65d6dc0f469490

Identifiers

  • None

core-3.0.7.jar

File Path: /builds/pub/numeco/misis/misis-backend/core/target/core-3.0.7.jar
MD5: 62455d7c00a89537ab05c8f3440e569b
SHA1: d7266e1d17503c59a7d744f12a0be25fed5542af
SHA256:c8d1cbca6c85fbed6077997f766bf2f02b4a2be8e77a0fa7660290debdb969af

Identifiers

  • pkg:maven/fr.gouv.misis/core@3.0.7  (Confidence:High)

core.module.js

File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/core/core.module.js
MD5: ad2cb38d7acb6a5e46ed6f2a8b164901
SHA1: 31f71c2d104bea5dfd4b929ff1871689f0626393
SHA256:eda94a60818ede7b9ec708e12ff86830a6ac7404703b226e4c2ddc8d585040ef

Identifiers

  • None

core.module.min.js

File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/core/core.module.min.js
MD5: af1c1f6b68313df3f7f3bae406c966be
SHA1: 4fa7807733a6c4b5b3f60761816760bcb2a181d9
SHA256:087cccc2ed8f813c06c595140bd3e5dae5f961652240738e35b26005dff475ea

Identifiers

  • None

core.nomodule.js

File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/core/core.nomodule.js
MD5: 231f33a5e803cd2b1ff2f28965c17a7e
SHA1: d104cdcc4c0034e9eb23fd6c8ee16d8e495af48f
SHA256:10e056aea891cc0d817563fc3bbba014b6a9de7319b94f07cbdb5b4aa002343e

Identifiers

  • None

core.nomodule.min.js

File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/core/core.nomodule.min.js
MD5: 4ce0ae3e18cdf9997c74ec8c5c0ed089
SHA1: 12b735e98ed5997b4713e151fbf233f21acb84a8
SHA256:cb5182e9d18ede040c3ea0570b6c52acaa79dca33f3563ed45ebf0375a09223b

Identifiers

  • None

cyclonedx-core-java-11.0.1.jar

Description:

The CycloneDX core module provides a model representation of the BOM along with utilities to assist in creating, parsing, and validating BOMs.

License:

Apache-2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/cyclonedx/cyclonedx-core-java/11.0.1/cyclonedx-core-java-11.0.1.jar
MD5: 2939896ee374a5f6d45ca70157e58113
SHA1: c5e6a5bdd203c23063db37d5db69bfd5e037d5d2
SHA256:989348cc6d385629a3ccb735d450b0f0f022167cb702c2fcb0e6f2bdd989dde7

Identifiers

  • pkg:maven/org.cyclonedx/cyclonedx-core-java@11.0.1  (Confidence:High)
  • cpe:2.3:a:alex_project:alex:11.0.1:*:*:*:*:*:*:*  (Confidence:Low)  

database-commons-1.21.3.jar

Description:

Isolated container management for Java code testing

License:

MIT: http://opensource.org/licenses/MIT
File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/testcontainers/database-commons/1.21.3/database-commons-1.21.3.jar
MD5: 697b592202716f05fd3db6ab5000313c
SHA1: 5c5a96de87527f78e1c5d9b82e9f265c89075883
SHA256:61ad1b495dafa49b71f8de36082bc5baceb92dd00c62b941f467de419ac7548d

Identifiers

  • pkg:maven/org.testcontainers/database-commons@1.21.3  (Confidence:High)

display.module.js

File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/component/display/display.module.js
MD5: a1b933248db77a72363d2a88403d68d5
SHA1: 79dbb5b8abbff4ed0a7984687e7ae9b7bf3463fb
SHA256:3f25c62b51b6df1e6a1cf8fac02f9eeaa67467b6efb1a1b8a22b383c52afef7f

Identifiers

  • None

display.module.min.js

File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/component/display/display.module.min.js
MD5: 34225197c6c9bd2d30448709ac7e6748
SHA1: a315d7ff90339de06d5ae2294f2447cb7104e260
SHA256:b7619623571a883cd4a04780643b247290a8246c0e2406ad7cef488c259690fd

Identifiers

  • None

display.nomodule.js

File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/component/display/display.nomodule.js
MD5: fdf772346a22f6abcaa267b906c3dc2b
SHA1: 855e5af3afe4223399f76fe25a033ec918e5202f
SHA256:84538c40b9f6985939fbeede8c9dbd87e81a37bdc501aa28a0d893d3ca569d5f

Identifiers

  • None

display.nomodule.min.js

File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/component/display/display.nomodule.min.js
MD5: 7ac03fc1fe35e4d048f458046d64a08c
SHA1: adfaded4f635283733b9e06cb6f8ea66276f18a5
SHA256:756236836e867e5c2422455379560405927a1b159632360ef48c72dc092a85ce

Identifiers

  • None

docker-java-api-3.4.2.jar

Description:

Java API Client for Docker

File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/com/github/docker-java/docker-java-api/3.4.2/docker-java-api-3.4.2.jar
MD5: c68fca0735d2481b0fafc3dae09ab21b
SHA1: 90aef34aa23575de51923c83771fbe378b2eb4e5
SHA256:6789d68f95904cf274a6410fdfcc5530976bc94197c856909459bb8c64db557b

Identifiers

  • pkg:maven/com.github.docker-java/docker-java-api@3.4.2  (Confidence:High)

docker-java-transport-3.4.2.jar

Description:

Java API Client for Docker

File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/com/github/docker-java/docker-java-transport/3.4.2/docker-java-transport-3.4.2.jar
MD5: d56715a3bfdd8cf854809d369742e467
SHA1: e70abb944ff1fe7c25fbcdecd31c732772a07a6e
SHA256:bc9981224fdc2d4726566fc723470601ceb14378265c865b4c203146a4e39765

Identifiers

  • pkg:maven/com.github.docker-java/docker-java-transport@3.4.2  (Confidence:High)

docker-java-transport-zerodep-3.4.2.jar (shaded: com.github.docker-java:docker-java-transport-httpclient5:3.4.2)

Description:

Java API Client for Docker

File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/com/github/docker-java/docker-java-transport-zerodep/3.4.2/docker-java-transport-zerodep-3.4.2.jar/META-INF/maven/com.github.docker-java/docker-java-transport-httpclient5/pom.xml
MD5: e78f5ecc64e3a6cb30e029a384f28c90
SHA1: c6dc09835e90a45eb03aa7a9af355bcedb2713c6
SHA256:773bf7f5b0d6fe0464c8c4daf68745efbfb2bedbd187b6af7169e411ca10cdcd

Identifiers

  • pkg:maven/com.github.docker-java/docker-java-transport-httpclient5@3.4.2  (Confidence:High)

docker-java-transport-zerodep-3.4.2.jar (shaded: commons-codec:commons-codec:1.13)

Description:

     The Apache Commons Codec package contains simple encoder and decoders for
     various formats such as Base64 and Hexadecimal.  In addition to these
     widely used encoders and decoders, the codec package also maintains a
     collection of phonetic encoding utilities.

File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/com/github/docker-java/docker-java-transport-zerodep/3.4.2/docker-java-transport-zerodep-3.4.2.jar/META-INF/maven/commons-codec/commons-codec/pom.xml
MD5: 2c1614eab362ed2249c8f4fdeee086a1
SHA1: d3c2c675df030573f0d8b0e475e00d3a0f5235a4
SHA256:c2e2a902d38230cf3031d0b434d5de2614fa0ff26d384b6d282aab56c7d3fc69

Identifiers

  • pkg:maven/commons-codec/commons-codec@1.13  (Confidence:High)

docker-java-transport-zerodep-3.4.2.jar (shaded: org.apache.httpcomponents.client5:httpclient5:5.0.3)

Description:

Apache HttpComponents Client

File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/com/github/docker-java/docker-java-transport-zerodep/3.4.2/docker-java-transport-zerodep-3.4.2.jar/META-INF/maven/org.apache.httpcomponents.client5/httpclient5/pom.xml
MD5: c94b77faf91a9f7f024f9a6a967be728
SHA1: a12213238a7ca3964cb5cd99b5281759f0ba131e
SHA256:d5fbcfdb6ce40a1978cbc58882aa68de19003d60a392582c9bf1ede53a91dd9d

Identifiers

docker-java-transport-zerodep-3.4.2.jar (shaded: org.apache.httpcomponents.core5:httpcore5-h2:5.0.2)

Description:

Apache HttpComponents HTTP/2 Core Components

File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/com/github/docker-java/docker-java-transport-zerodep/3.4.2/docker-java-transport-zerodep-3.4.2.jar/META-INF/maven/org.apache.httpcomponents.core5/httpcore5-h2/pom.xml
MD5: d4c87e7b260bcbec7ef2f1a2db63a7fa
SHA1: 5386c5d3b3084e16dde704f62cb1c9bf01abab0d
SHA256:f2707a828006f8970fc07d80247bbaa0059e8d8c1b8d0c57be44db8ed51c9766

Identifiers

  • pkg:maven/org.apache.httpcomponents.core5/httpcore5-h2@5.0.2  (Confidence:High)

docker-java-transport-zerodep-3.4.2.jar (shaded: org.apache.httpcomponents.core5:httpcore5:5.0.2)

Description:

Apache HttpComponents HTTP/1.1 core components

File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/com/github/docker-java/docker-java-transport-zerodep/3.4.2/docker-java-transport-zerodep-3.4.2.jar/META-INF/maven/org.apache.httpcomponents.core5/httpcore5/pom.xml
MD5: f43777cdf47a449ea3affab520e15896
SHA1: 95e749187b7b3a50390fa239185b50cf8669d743
SHA256:8da9695a3afcef528f3dc79fc9a34f4a72c870e7c702a9a42ac7dc8beb912f2f

Identifiers

  • pkg:maven/org.apache.httpcomponents.core5/httpcore5@5.0.2  (Confidence:High)

docker-java-transport-zerodep-3.4.2.jar

Description:

Java API Client for Docker

File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/com/github/docker-java/docker-java-transport-zerodep/3.4.2/docker-java-transport-zerodep-3.4.2.jar
MD5: 1e5e8b565518b6544fe62aecbbcf580e
SHA1: 784b535b8e294e699032abead0687b6773761e34
SHA256:582b772e0c52fa9d24710617ef610655465edd9a2930b0db75fc8667d6a8d02b

Identifiers

  • pkg:maven/com.github.docker-java/docker-java-transport-zerodep@3.4.2  (Confidence:High)

doxia-sink-api-1.0.jar

Description:

Doxia Sink API.

File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/apache/maven/doxia/doxia-sink-api/1.0/doxia-sink-api-1.0.jar
MD5: 04067d1b5c9ac4447fd376632b13fba0
SHA1: 13f502f2fb1d4e2db6f19352c85b83277084bb98
SHA256:1cd68e9b4cf427a2b6b9a943a9bef6da879d25702334ea5addb0d153bb8f8911

Identifiers

  • pkg:maven/org.apache.maven.doxia/doxia-sink-api@1.0  (Confidence:High)

dsfr.module.js

File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/dsfr.module.js
MD5: a09259695e47bd2d64ec218c319648df
SHA1: 06f68f0f5afd43aab7b92fd0f57254ecb79b798b
SHA256:13ec028be35b98d46f4f15413070340a6a999331e2fe3dfe29e7ce19f01107a6

Identifiers

  • None

dsfr.module.min.js

File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/dsfr/dsfr.module.min.js
MD5: c39f3bbf2f0ba94255f3af82f192a8d7
SHA1: df99ebb14023cf310e8fc7846eee66aba6e6a76f
SHA256:ee6948420b883371725d6b424e1cd3fddc7524643ff6d6f9919ab5e58797d058

Identifiers

  • None

dsfr.nomodule.js

File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/dsfr.nomodule.js
MD5: 29f3cad3c418c5eac097e79568323601
SHA1: 01262d8d58acd6e71a29c228f1bade712ded2b7b
SHA256:586164e3a862fd1a94618e10441fa76d7ee187a2e462c44809eb4a00a4fe3cde

Identifiers

  • None

dsfr.nomodule.min.js

File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/dsfr/dsfr.nomodule.min.js
MD5: a77da9a6186851e378a7cdfe5a5b07fc
SHA1: 508906aa8f581926cf95fb0a4d136bd64a1f043e
SHA256:1b52d96bc7c831ea333f9adb43dd80a37596da42a74af1b0d56f1afd0a985446

Identifiers

  • None

duct-tape-1.0.8.jar

Description:

        General purpose resilience utilities for Java 8 (circuit breakers, timeouts, rate limiters, and handlers for unreliable or inconsistent results)

License:

MIT: http://opensource.org/licenses/MIT
File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/rnorth/duct-tape/duct-tape/1.0.8/duct-tape-1.0.8.jar
MD5: af347a22d19d632616d7a3fb63024218
SHA1: 92edc22a9ab2f3e17c9bf700aaee377d50e8b530
SHA256:31cef12ddec979d1f86d7cf708c41a17da523d05c685fd6642e9d0b2addb7240

Identifiers

  • pkg:maven/org.rnorth.duct-tape/duct-tape@1.0.8  (Confidence:High)

file-management-3.1.0.jar

Description:

API to collect files from a given directory using several include/exclude rules.

File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/apache/maven/shared/file-management/3.1.0/file-management-3.1.0.jar
MD5: 94be12af3d234da86b130cb297234bef
SHA1: f87a3a54c856714e4157b9ce7a5ff6ffc310d447
SHA256:2e8cb2d546a01c2259cb17f1e06732db3d14b079d19622bf8400c82cb1ee6b96

Identifiers

  • pkg:maven/org.apache.maven.shared/file-management@3.1.0  (Confidence:High)

freemarker-2.3.34.jar

Description:

    FreeMarker is a "template engine"; a generic tool to generate text output based on templates.

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/freemarker/freemarker/2.3.34/freemarker-2.3.34.jar
MD5: 1704fd3c579385ca5fd0ebcdf50df73c
SHA1: c2fa47a1c3b6dcdfca90e952e51211967a4baa54
SHA256:9a9fb91cd64199232eb1ca9766148a5d30ef8944be5fac051018f96c70c8f6a3

Identifiers

  • pkg:maven/org.freemarker/freemarker@2.3.34  (Confidence:High)

generated-bytecode.jar

File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/quarkus/generated-bytecode.jar
MD5: b6c4d3a122a5060307932327b4658074
SHA1: c66021e0a09be46f95207b624cfe1ef523b6ae9c
SHA256:3413663ad02af42f0ceda0eb8f0786b85f9019b3f44a241dc60d4f68d68f1a7e

Identifiers

  • None

generated-bytecode.jar

File Path: /builds/pub/numeco/misis/misis-backend/webapp/target/quarkus-app/quarkus/generated-bytecode.jar
MD5: c9b6b945f874b635b14a35c494e4168c
SHA1: 6eb6fa1d18f5441d6edaf949ee0f8205b20fb773
SHA256:c5f3e5850f0cf4b2d3e0d3a01a93c0cf33ca582178a43e56c2068f9161dfd1c8

Identifiers

  • None

gizmo-1.9.0.jar

Description:

        A bytecode generation library.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/io/quarkus/gizmo/gizmo/1.9.0/gizmo-1.9.0.jar
MD5: 2babcc5a125fabca13d5d698792a3e52
SHA1: aee1682be59ead4282ef547839d05b855175f0c2
SHA256:6d463d670ea45cb9a8241e99dd02c7e422d9982a2ff6e8623d338ac2a6c892b1

Identifiers

  • pkg:maven/io.quarkus.gizmo/gizmo@1.9.0  (Confidence:High)

gizmo2-2.0.0.Beta10.jar

Description:

A bytecode generation convenience library

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/io/quarkus/gizmo/gizmo2/2.0.0.Beta10/gizmo2-2.0.0.Beta10.jar
MD5: c5935f1cd67508a5a3f4fe7df3cf0bf3
SHA1: 2430d5034a1d59b12f66e80df782a5ceee90c664
SHA256:288c4c2255268d9ac374fe582fd840a8361fd1c4414b2bd266cc9fb60b0a1538

Identifiers

  • pkg:maven/io.quarkus.gizmo/gizmo2@2.0.0.Beta10  (Confidence:High)

google-auth-library-credentials-1.10.0.jar

File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/com/google/auth/google-auth-library-credentials/1.10.0/google-auth-library-credentials-1.10.0.jar
MD5: c41dbaccb8d4c155ae8e2961ad22f26a
SHA1: ca4b2f754fa3abfcb57a3f8e56b153a2277d00b2
SHA256:7ba26f607ab1b2dffb0d4d8b2c7efe1ab6cb3ff5d5a7991cee6e6e484d0c7b9c

Identifiers

  • pkg:maven/com.google.auth/google-auth-library-credentials@1.10.0  (Confidence:High)

google-auth-library-oauth2-http-1.10.0.jar

File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/com/google/auth/google-auth-library-oauth2-http/1.10.0/google-auth-library-oauth2-http-1.10.0.jar
MD5: 3059c63004e1344eb648bb8fc0d5e1f0
SHA1: 4eb85f801b8424f9ba440a8520023e390135658c
SHA256:99463bcfee2925c9198d2788d9e639511db95640ad7335f3f760af3fba617e28

Identifiers

  • pkg:maven/com.google.auth/google-auth-library-oauth2-http@1.10.0  (Confidence:High)

google-http-client-1.47.1.jar

Description:

    Google HTTP Client Library for Java. Functionality that works on all supported Java platforms,
    including Java 7 (or higher) desktop (SE) and web (EE), Android, and Google App Engine.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/com/google/http-client/google-http-client/1.47.1/google-http-client-1.47.1.jar
MD5: 9e817392d5af0068fc9d95af610dfdea
SHA1: eabad78d440226732a453d6a300663a9770f5b7e
SHA256:22447fde9f2e33e27a23a25953b1c622ead6c055c761fde6ca50573c9473457a

Identifiers

  • pkg:maven/com.google.http-client/google-http-client@1.47.1  (Confidence:High)

google-http-client-apache-v2-1.47.1.jar

Description:

Google HTTP Client Library for Java

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/com/google/http-client/google-http-client-apache-v2/1.47.1/google-http-client-apache-v2-1.47.1.jar
MD5: a4aeac848b1f21a2c22349114b31916f
SHA1: c2d3b75281146585f984b338bd81ce2b1ec8be32
SHA256:e6a8be28ce3b8dd4296ac05770d9e532727272f2666a4a3d25639cc8e11157d5

Identifiers

  • pkg:maven/com.google.http-client/google-http-client-apache-v2@1.47.1  (Confidence:High)

google-http-client-gson-1.47.1.jar

File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/com/google/http-client/google-http-client-gson/1.47.1/google-http-client-gson-1.47.1.jar
MD5: 4f8c574f2c7d9ae7ddd8873febf1ff79
SHA1: 04331c43544544d60df28055c295949e22ba60a4
SHA256:64ac2b1313dca6b6fc9bd14128ab186528fe992b094f5371fa7f828eed8903bd

Identifiers

  • pkg:maven/com.google.http-client/google-http-client-gson@1.47.1  (Confidence:High)

groovy-4.0.22.jar

Description:

Groovy: A powerful multi-faceted language for the JVM

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/apache/groovy/groovy/4.0.22/groovy-4.0.22.jar
MD5: b527c6bfa1af469f1a4374e9fc6de4bf
SHA1: a04df669ad2778678072315bc92f10f03362e7d7
SHA256:f9d8bd4d65852c18194e353c77f3d2c23e0013856951c5430ba56972d2f67a1e

Identifiers

groovy-json-4.0.22.jar

Description:

Groovy: A powerful multi-faceted language for the JVM

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/apache/groovy/groovy-json/4.0.22/groovy-json-4.0.22.jar
MD5: 86f2d4325465f5b747d6c2cd159b36c0
SHA1: 5c8edac1ee596375a3d28fc2c0e844ee067f6b6b
SHA256:aba93254d9293881282bd639b7b3db8bdcb5bf6cca4cac0df7a0bd193743f652

Identifiers

  • pkg:maven/org.apache.groovy/groovy-json@4.0.22  (Confidence:High)
  • cpe:2.3:a:google:gmail:4.0.22:*:*:*:*:*:*:*  (Confidence:Low)  

grpc-api-1.76.0.jar

Description:

gRPC: API

License:

Apache 2.0: https://opensource.org/licenses/Apache-2.0
File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/io/grpc/grpc-api/1.76.0/grpc-api-1.76.0.jar
MD5: fcf50d9eecdc3c7c9916288bace923eb
SHA1: f213e3ee49b82497dfc0f5eb30bac62d917f1a52
SHA256:13ce42c59871a04a7340f01e1dbd879fefa04811878cfd68864596321f555ed3

Identifiers

gson-2.13.2.jar

Description:

Gson JSON library

License:

Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/com/google/code/gson/gson/2.13.2/gson-2.13.2.jar
MD5: a2c47e14ce5e956105458fe455f5d542
SHA1: 48b8230771e573b54ce6e867a9001e75977fe78e
SHA256:dd0ce1b55a3ed2080cb70f9c655850cda86c206862310009dcb5e5c95265a5e0

Identifiers

guice-5.1.0-classes.jar

Description:

Guice is a lightweight dependency injection framework for Java 6 and above

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/com/google/inject/guice/5.1.0/guice-5.1.0-classes.jar
MD5: d4d4d9bf878b98862116e8ccc0a5c34e
SHA1: e7ba4c25bec3761840f67c73f166c0d509d01d1d
SHA256:142ad4475e19524d2fe3ac995b3f7cbc962fc726f2edb9dbdccc61feab9b2bf9

Identifiers

  • None

h2-2.4.240.jar

Description:

H2 Database Engine

License:

MPL 2.0: https://www.mozilla.org/en-US/MPL/2.0/
EPL 1.0: https://opensource.org/licenses/eclipse-1.0.php
File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/com/h2database/h2/2.4.240/h2-2.4.240.jar
MD5: fb14a47b07dfd4381a608d3adb89dc25
SHA1: 686180ad33981ad943fdc0ab381e619b2c2fdfe5
SHA256:29b70e427cc1c40cdc376283adbb0cc62853073797bb5fe5761f81fe73d57ce0

Identifiers

h2-2.4.240.jar: data.zip: table.js

File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/com/h2database/h2/2.4.240/h2-2.4.240.jar/org/h2/util/data.zip/org/h2/server/web/res/table.js
MD5: ca07fc6140e278428c7704453d30bed5
SHA1: 8044d5d7aecfa0cd1cbb897af398492ac5c8af7e
SHA256:968e1c570a30b2383db9fc67150ac924df171fe587c44996bdd08f2f14b7a017

Identifiers

  • None

h2-2.4.240.jar: data.zip: tree.js

File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/com/h2database/h2/2.4.240/h2-2.4.240.jar/org/h2/util/data.zip/org/h2/server/web/res/tree.js
MD5: c2620dfa674439d78be770a2588a3e56
SHA1: 0c6bc6d3eb88131d071938de4e5514e1f182e1f9
SHA256:9f933afa133f72bd51e7904e54792418ed1595e35005e48b72af1f7fbccd8963

Identifiers

  • None

hamcrest-2.2.jar

Description:

Core API and libraries of hamcrest matcher framework.

License:

BSD License 3: http://opensource.org/licenses/BSD-3-Clause
File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/hamcrest/hamcrest/2.2/hamcrest-2.2.jar
MD5: 10b47e837f271d0662f28780e60388e8
SHA1: 1820c0968dba3a11a1b30669bb1f01978a91dedc
SHA256:5e62846a89f05cd78cd9c1a553f340d002458380c320455dd1f8fc5497a8a1c1

Identifiers

  • pkg:maven/org.hamcrest/hamcrest@2.2  (Confidence:High)

header.module.js

File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/component/header/header.module.js
MD5: 5e9489a41e0b79619ae72f50357e3ae2
SHA1: cf72159214fe605c19a4165ecbe5885501830c07
SHA256:b9a9d3803448b78145f6ca5eac84acebc21b77390f1ab0336112983a8eeec2c3

Identifiers

  • None

header.module.min.js

File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/component/header/header.module.min.js
MD5: aa88d45c5a84929f7b1fe933066061b8
SHA1: aba5c6f9719c590891f640d61c7af347d3cdce86
SHA256:78012f5ac77137d41e9a409fbce3812732a5e6b5aa849f2571eee3e1bb7e2fc0

Identifiers

  • None

header.nomodule.js

File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/component/header/header.nomodule.js
MD5: 4ff79a609bdb2ade06d7dbab7d6034cd
SHA1: 0e0ac1af1a6f9a72fd6dabfb5ea7bc1148ee5be7
SHA256:f8fe70d88052f130b949066f58ddac727439dd301968e78519d007e9efd35228

Identifiers

  • None

header.nomodule.min.js

File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/component/header/header.nomodule.min.js
MD5: 5a000208c7118d1c68098a8b7df8bf0c
SHA1: 55216448204b4d5c97cc62f1067bbee9609166e5
SHA256:4a5643c34911d5be09b655f03c0930e7f8b6f7e256f5ff5d6aa55aba9776195d

Identifiers

  • None

hibernate-tools-language-7.1.11.Final.jar

Description:

Tools to aid Hibernate developers through natural language,
        leveraging LLMs and generative AI functionalities.

License:

Apache License, version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/hibernate/tool/hibernate-tools-language/7.1.11.Final/hibernate-tools-language-7.1.11.Final.jar
MD5: dd0f421351b87511a1c2318f5457ef1b
SHA1: 4b5ef05b17da896385d066198bccbd4381048f8d
SHA256:5d5e946148c4a2c7a8eca06e653ab2fd1452f627d5c9a22fcc5c65b2418be5b3

Identifiers

  • pkg:maven/org.hibernate.tool/hibernate-tools-language@7.1.11.Final  (Confidence:High)

httpclient-4.5.14.jar

Description:

   Apache HttpComponents Client

File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/apache/httpcomponents/httpclient/4.5.14/httpclient-4.5.14.jar
MD5: 2cb357c4b763f47e58af6cad47df6ba3
SHA1: 1194890e6f56ec29177673f2f12d0b8e627dec98
SHA256:c8bc7e1c51a6d4ce72f40d2ebbabf1c4b68bfe76e732104b04381b493478e9d6

Identifiers

httpcore-4.4.16.jar

Description:

   Apache HttpComponents Core (blocking I/O)

File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/apache/httpcomponents/httpcore/4.4.16/httpcore-4.4.16.jar
MD5: 28d2cd9bf8789fd2ec774fb88436ebd1
SHA1: 51cf043c87253c9f58b539c9f7e44c8894223850
SHA256:6c9b3dd142a09dc468e23ad39aad6f75a0f2b85125104469f026e52a474e464f

Identifiers

  • pkg:maven/org.apache.httpcomponents/httpcore@4.4.16  (Confidence:High)

httpmime-4.5.14.jar

Description:

   Apache HttpComponents HttpClient - MIME coded entities

File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/apache/httpcomponents/httpmime/4.5.14/httpmime-4.5.14.jar
MD5: 714c4ae31c40e6633c0bcaa4e6264153
SHA1: 6662758a1f1cb1149cf916bdac28332e0902ec44
SHA256:d401243d5c6eae928a37121b6e819158c8c32ea0584793e7285bb489ab2a3d17

Identifiers

  • pkg:maven/org.apache.httpcomponents/httpmime@4.5.14  (Confidence:High)

io.agroal.agroal-api-2.8.jar

Description:

The natural database connection pool

License:

http://www.apache.org/licenses/LICENSE-2.0.html
File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/io.agroal.agroal-api-2.8.jar
MD5: cb4604e9d4935a3b54ed0b085c6f4c46
SHA1: 772047422d66760beaf8d95cfc9657855b1809e2
SHA256:e5500e8fd736e749ec0373e8af3f2d2af8c37cf0d9eb73a35290b2dd2156421a

Identifiers

  • None

io.agroal.agroal-narayana-2.8.jar

Description:

The natural database connection pool

License:

http://www.apache.org/licenses/LICENSE-2.0.html
File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/io.agroal.agroal-narayana-2.8.jar
MD5: 12a438414e751b3bf1c6d96ba51e6041
SHA1: c89aa19b6436fec7d1b6d8545d3629b2800a3470
SHA256:0e7e658707a9bc3f857defc1005f649abbf010d54697ec7c66d7d43f39c3fe23

Identifiers

io.agroal.agroal-pool-2.8.jar

Description:

The natural database connection pool

License:

http://www.apache.org/licenses/LICENSE-2.0.html
File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/io.agroal.agroal-pool-2.8.jar
MD5: 15c8d88ab71718e5258e62cb0f91e48a
SHA1: 1a04e038f13cc0fc6c64941721e81b6983625af0
SHA256:2964854555dab2c32b745b383ac13400396f827f35b2f12a2c984afacfe7523e

Identifiers

io.netty.netty-transport-4.1.130.Final.jar

Description:

Netty is an asynchronous event-driven network application framework for    rapid development of maintainable high performance protocol servers and    clients.

License:

https://www.apache.org/licenses/LICENSE-2.0
File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/io.netty.netty-transport-4.1.130.Final.jar
MD5: 0a9e8d9d92e5f8ed9e3b008f06db40d7
SHA1: 3a25cd7a1c057ed9a1606caa4b693f9c8b5c4b53
SHA256:1bf573266d271f856705a9984d25449c56a1d73c02a16af12033ceccfe555dbb

Identifiers

io.netty.netty-transport-native-unix-common-4.1.130.Final.jar

Description:

Static library which contains common unix utilities.

License:

https://www.apache.org/licenses/LICENSE-2.0
File Path: /builds/pub/numeco/misis/misis-backend/webapp/target/quarkus-app/lib/main/io.netty.netty-transport-native-unix-common-4.1.130.Final.jar
MD5: 388abb78bf16bcf6f1bb1a3731b13703
SHA1: a29adec03f7dbefdab3b21523a15c35e794f3154
SHA256:cf5efc4168597d7cd14695b469418cac2a1134533f9a0c82ef0538d796fd39e1

Identifiers

io.opentelemetry.instrumentation.opentelemetry-instrumentation-api-2.21.0.jar

File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/io.opentelemetry.instrumentation.opentelemetry-instrumentation-api-2.21.0.jar
MD5: 3c3fb5472064c8bcd96db0ba1a4d7d96
SHA1: 095c1dd19f9cb95e2ea5fafa00ceec362f19cd3a
SHA256:2e07a33e29ebf63a4f2f25e46fe73d531beb552230b299888f9970c33b816a8f

Identifiers

io.opentelemetry.instrumentation.opentelemetry-instrumentation-api-incubator-2.21.0-alpha.jar

File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/io.opentelemetry.instrumentation.opentelemetry-instrumentation-api-incubator-2.21.0-alpha.jar
MD5: ff6e136fcf85cb1ffc12202b96127127
SHA1: 4e9011f1c6387c20b49f23cb4b075d1484f64d03
SHA256:29a21d5a5be749907de3e2202d6028e4722be18a85e434862085bf5dd1884f27

Identifiers

io.opentelemetry.opentelemetry-api-1.55.0.jar

File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/io.opentelemetry.opentelemetry-api-1.55.0.jar
MD5: 49d78a9675d767d602fd6ef1e2ad45cd
SHA1: a71c43562e4d55c75997ccaa0c0513e5f881b703
SHA256:387b4bf98631fc2ede9470879a8ff28dd8c5cb2d3dcf5b6ef77f5ee2bdb7b4f1

Identifiers

io.opentelemetry.opentelemetry-api-incubator-1.55.0-alpha.jar

File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/io.opentelemetry.opentelemetry-api-incubator-1.55.0-alpha.jar
MD5: ec570ebde29cda09d9833706bbdf17b4
SHA1: 11a0532d53e3d2cb44d1ce1cf9c61a15986526f9
SHA256:f7e8a9985491b3b5adf2ec198cdcd3fc9f51940f0f16baa25802c2d03ca51668

Identifiers

io.opentelemetry.opentelemetry-common-1.55.0.jar

File Path: /builds/pub/numeco/misis/misis-backend/webapp/target/quarkus-app/lib/main/io.opentelemetry.opentelemetry-common-1.55.0.jar
MD5: 0176d68f570c526d6257bb57603fc777
SHA1: a979f45396c5332f43b9198ebf3eb52f5451e83f
SHA256:fca14bb87309d1193347d179b91c63045fa05a856f1fbeec6ef61c4a7f81b227

Identifiers

io.opentelemetry.semconv.opentelemetry-semconv-1.37.0.jar

File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/io.opentelemetry.semconv.opentelemetry-semconv-1.37.0.jar
MD5: cf5af7a7b155e0322071a76209aec9c6
SHA1: c6f9a930842c93c08fd87349db3defcbc228e925
SHA256:693ad6f04f29b4b593a04adef5f575d28b3a91ea3449ab5b1e1e2e5c6efc6cdc

Identifiers

io.opentelemetry.semconv.opentelemetry-semconv-incubating-1.37.0-alpha.jar

File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/io.opentelemetry.semconv.opentelemetry-semconv-incubating-1.37.0-alpha.jar
MD5: 3fb5625f6cb38a2ccb7ef43e6c850e77
SHA1: 3ac6c12a55b25cea4cb9ddab3f8187bd8175c5db
SHA256:0ce785cab9b23fd3d64bab3c86d7c60572325df85184b759d6069ca9f316fc09

Identifiers

io.quarkus.arc.arc-3.30.6.jar

License:

Apache License 2.0
File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/io.quarkus.arc.arc-3.30.6.jar
MD5: 7d2bb1947201e639b513cfc7e5fca644
SHA1: b644118078600efca5b22108e290ed6e20a95059
SHA256:0bf95869f29d1a8920a0e1f162b7019941c1154904cb44b6e60b530560292177

Identifiers

io.quarkus.quarkus-arc-3.30.6.jar

License:

Apache License 2.0
File Path: /builds/pub/numeco/misis/misis-backend/webapp/target/quarkus-app/lib/main/io.quarkus.quarkus-arc-3.30.6.jar
MD5: 1a86d01b638e20641471b59618970d02
SHA1: fd21d510f788c22bbc9758c85eba41f990d5c9bc
SHA256:4c4520041d7f0676f43084d84f0b8cb3d7d094bb4a6fcca9cf626456a01f56aa

Identifiers

io.quarkus.quarkus-bootstrap-runner-3.30.6.jar

License:

Apache License 2.0
File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/boot/io.quarkus.quarkus-bootstrap-runner-3.30.6.jar
MD5: 0ee3ae3f2d8d42ce12bd952306d6c757
SHA1: f09f83be756656aaf86badb78d6cbe5b3d710d85
SHA256:a762c1c83bb9d21ab967b89d581ec5cd5bbddda0529ef97ac76b37f10b741d36

Identifiers

io.quarkus.quarkus-classloader-commons-3.30.6.jar

License:

Apache License 2.0
File Path: /builds/pub/numeco/misis/misis-backend/webapp/target/quarkus-app/lib/boot/io.quarkus.quarkus-classloader-commons-3.30.6.jar
MD5: 87c70d85bf8d1533d03fc1a507ec8b3c
SHA1: 1d0a94683ee209584b49abdbbfb3be0dcc411607
SHA256:847fa06fccc8443075c9bb223ac474253260bb06c173d90e629bbd3361b00c55

Identifiers

io.quarkus.quarkus-container-image-jib-3.30.6.jar

License:

Apache License 2.0
File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/io.quarkus.quarkus-container-image-jib-3.30.6.jar
MD5: a97b9a0cd25c536ac3b95f377240bd3f
SHA1: ef9bc72af1ebc42e78169a96465aefb361b00d1d
SHA256:0010757c8c86d6e6bb31bedc1793ea13f9b8e1ba168cb44b248cb35a4fee17ec

Identifiers

io.quarkus.quarkus-core-3.30.6.jar

License:

Apache License 2.0
File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/io.quarkus.quarkus-core-3.30.6.jar
MD5: 36e4013f1439c7e0ff77b3f1e5a0d6e7
SHA1: f74c846903fe65b034b4d20a986ce81dbca8ff7d
SHA256:1fe86dc63702be41fcfdf53262495fbf30aa00b46f0b3f7cd288671578e418c9

Identifiers

io.quarkus.quarkus-fs-util-1.2.0.jar

File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/io.quarkus.quarkus-fs-util-1.2.0.jar
MD5: 22005094fe4e648430b36888b9283e80
SHA1: 9d80184036981d6c6174e18a416a295ed0be8b09
SHA256:2237355335bb23abfcb0750bd34a1ba2d66fa95a28c6c0cde39f7145664b83e0

Identifiers

CVE-2022-21724  

pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pgjdbc instantiates plugin instances based on class names provided via `authenticationPluginClassName`, `sslhostnameverifier`, `socketFactory`, `sslfactory`, `sslpasswordcallback` connection properties. However, the driver did not verify if the class implements the expected interface before instantiating the class. This can lead to code execution loaded via arbitrary classes. Users using plugins are advised to upgrade. There are no known workarounds for this issue.
CWE-665 Improper Initialization

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2022-4116  

A vulnerability was found in quarkus. This security flaw happens in Dev UI Config Editor which is vulnerable to drive-by localhost attacks leading to remote code execution.
NVD-CWE-noinfo

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2023-6267  

A flaw was found in the json payload. If annotation based security is used to secure a REST resource, the JSON body that the resource may consume is being processed (deserialized) prior to the security constraints being evaluated and applied. This does not happen with configuration based security.
CWE-755 Improper Handling of Exceptional Conditions

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2021-26291  

Apache Maven will follow repositories that are defined in a dependency’s Project Object Model (pom) which may be surprising to some users, resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend to be that repository. Maven is changing the default behavior in 3.8.1+ to no longer follow http (non-SSL) repository references by default. More details available in the referenced urls. If you are currently using a repository manager to govern the repositories used by your builds, you are unaffected by the risks present in the legacy behavior, and are unaffected by this vulnerability and change to default behavior. See this link for more information about repository management: https://maven.apache.org/repository-management.html
CWE-346 Origin Validation Error

CVSSv3:
  • Base Score: CRITICAL (9.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (6.4)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2023-6394  

A flaw was found in Quarkus. This issue occurs when receiving a request over websocket with no role-based permission specified on the GraphQL operation, Quarkus processes the request without authentication despite the endpoint being secured. This can allow an attacker to access information and functionality outside of normal granted API permissions.
CWE-862 Missing Authorization

CVSSv3:
  • Base Score: CRITICAL (9.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2024-12225  

A vulnerability was found in Quarkus in the quarkus-security-webauthn module. The Quarkus WebAuthn module publishes default REST endpoints for registering and logging users in while allowing developers to provide custom REST endpoints. When developers provide custom REST endpoints, the default endpoints remain accessible, potentially allowing attackers to obtain a login cookie that has no corresponding user in the Quarkus application or, depending on how the application is written, could correspond to an existing user that has no relation with the current attacker, allowing anyone to log in as an existing user by just knowing that user's user name.
CWE-288 Authentication Bypass Using an Alternate Path or Channel

CVSSv3:
  • Base Score: CRITICAL (9.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions:

CVE-2020-1714  

A flaw was found in Keycloak before version 11.0.0, where the code base contains usages of ObjectInputStream without type checks. This flaw allows an attacker to inject arbitrarily serialized Java Objects, which would then get deserialized in a privileged context and potentially lead to remote code execution.
CWE-20 Improper Input Validation

CVSSv3:
  • Base Score: HIGH (8.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (6.5)
  • Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2022-0981  

A flaw was found in Quarkus. The state and potentially associated permissions can leak from one web request to another in RestEasy Reactive. This flaw allows a low-privileged user to perform operations on the database with a different set of privileges than intended.
CWE-863 Incorrect Authorization

CVSSv3:
  • Base Score: HIGH (8.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (6.5)
  • Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P

References:

Vulnerable Software & Versions:

CVE-2023-4853  

A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. This issue could allow an attacker to bypass the security policy altogether, resulting in unauthorized endpoint access and possibly a denial of service.
CWE-148 Improper Neutralization of Input Leaders, CWE-863 Incorrect Authorization

CVSSv3:
  • Base Score: HIGH (8.1)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2021-29428  

In Gradle before version 7.0, on Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. Gradle builds could be vulnerable to a local privilege escalation from an attacker quickly deleting and recreating files in the system temporary directory. This vulnerability impacted builds using precompiled script plugins written in Kotlin DSL and tests for Gradle plugins written using ProjectBuilder or TestKit. If you are on Windows or modern versions of macOS, you are not vulnerable. If you are on a Unix-like operating system with the "sticky" bit set on your system temporary directory, you are not vulnerable. The problem has been patched and released with Gradle 7.0. As a workaround, on Unix-like operating systems, ensure that the "sticky" bit is set. This only allows the original user (or root) to delete a file. If you are unable to change the permissions of the system temporary directory, you can move the Java temporary directory by setting the System Property `java.io.tmpdir`. The new path needs to limit permissions to the build user only. For additional details refer to the referenced GitHub Security Advisory.
CWE-378 Creation of Temporary File With Insecure Permissions, CWE-379 Creation of Temporary File in Directory with Insecure Permissions

CVSSv3:
  • Base Score: HIGH (7.8)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:1.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.4)
  • Vector: /AV:L/AC:M/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2020-13692  

PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE.
CWE-611 Improper Restriction of XML External Entity Reference

CVSSv3:
  • Base Score: HIGH (7.7)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H/E:2.2/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2017-18640  

The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564.
CWE-776 Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2020-25649  

A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.
CWE-611 Improper Restriction of XML External Entity Reference

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2020-28491  

This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception.
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2021-37136  

The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack
CWE-400 Uncontrolled Resource Consumption

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2021-37137  

The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well. This vulnerability can be triggered by supplying malicious input that decompresses to a very big size (via a network stream or a file) or by sending a huge skippable chunk.
CWE-400 Uncontrolled Resource Consumption

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2021-37714  

jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck (loop indefinitely until cancelled), to complete more slowly than usual, or to throw an unexpected exception. This effect may support a denial of service attack. The issue is patched in version 1.14.2. There are a few available workarounds. Users may rate limit input parsing, limit the size of inputs based on system resources, and/or implement thread watchdogs to cap and timeout parse runtimes.
CWE-248 Uncaught Exception, CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2022-42003  

In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2022-42004  

In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2023-1584  

A flaw was found in Quarkus. Quarkus OIDC can leak both ID and access tokens in the authorization code flow when an insecure HTTP protocol is used, which can allow attackers to access sensitive user data directly from the ID token or by using the access token to access user data from OIDC provider services. Please note that passwords are not stored in access tokens.
NVD-CWE-noinfo, CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions:

CVE-2020-25638  

A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CVSSv3:
  • Base Score: HIGH (7.4)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:2.2/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (5.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2021-29427  

In Gradle from version 5.1 and before version 7.0 there is a vulnerability which can lead to information disclosure and/or dependency poisoning. Repository content filtering is a security control Gradle introduced to help users specify what repositories are used to resolve specific dependencies. This feature was introduced in the wake of the "A Confusing Dependency" blog post. In some cases, Gradle may ignore content filters and search all repositories for dependencies. This only occurs when repository content filtering is used from within a `pluginManagement` block in a settings file. This may change how dependencies are resolved for Gradle plugins and build scripts. For builds that are vulnerable, there are two risks: 1) Information disclosure: Gradle could make dependency requests to repositories outside your organization and leak internal package identifiers. 2) Dependency poisoning/Dependency confusion: Gradle could download a malicious binary from a repository outside your organization due to name squatting. For a full example and more details refer to the referenced GitHub Security Advisory. The problem has been patched and released with Gradle 7.0. Users relying on this feature should upgrade their build as soon as possible. As a workaround, users may use a company repository which has the right rules for fetching packages from public repositories, or use project level repository content filtering, inside `buildscript.repositories`. This option is available since Gradle 5.1 when the feature was introduced.
CWE-829 Inclusion of Functionality from Untrusted Control Sphere

CVSSv3:
  • Base Score: HIGH (7.2)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:1.2/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (6.0)
  • Vector: /AV:N/AC:M/Au:S/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2021-20328  

Specific versions of the Java driver that support client-side field level encryption (CSFLE) fail to perform correct host name verification on the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffic between the Java driver and the KMS service rendering Field Level Encryption ineffective. This issue was discovered during internal testing and affects all versions of the Java driver that support CSFLE. The Java async, Scala, and reactive streams drivers are not impacted. This vulnerability does not impact driver traffic payloads with CSFLE-supported key services originating from applications residing inside the AWS, GCP, and Azure network fabrics due to compensating controls in these environments. This issue does not impact driver workloads that don’t use Field Level Encryption.
CWE-295 Improper Certificate Validation

CVSSv3:
  • Base Score: MEDIUM (6.8)
  • Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:1.6/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:A/AC:M/Au:N/C:P/I:P/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2022-21363  

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).
NVD-CWE-noinfo

CVSSv3:
  • Base Score: MEDIUM (6.6)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:0.7/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (6.0)
  • Vector: /AV:N/AC:M/Au:S/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2019-14900  

A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.0)
  • Vector: /AV:N/AC:L/Au:S/C:P/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2021-43797  

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Netty prior to version 4.1.71.Final skips control chars when they are present at the beginning / end of the header name. It should instead fail fast as these are not allowed by the spec and could lead to HTTP request smuggling. Failing to do the validation might cause netty to "sanitize" header names before it forward these to another remote system when used as proxy. This remote system can't see the invalid usage anymore, and therefore does not do the validation itself. Users should upgrade to version 4.1.71.Final.
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2023-0044  

If the Quarkus Form Authentication session cookie Path attribute is set to `/` then a cross-site attack may be initiated which might lead to the Information Disclosure. This attack can be prevented with the Quarkus CSRF Prevention feature.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2021-21295  

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.60.Final there is a vulnerability that enables request smuggling. If a Content-Length header is present in the original HTTP/2 request, the field is not validated by `Http2MultiplexHandler` as it is propagated up. This is fine as long as the request is not proxied through as HTTP/1.1. If the request comes in as an HTTP/2 stream, gets converted into the HTTP/1.1 domain objects (`HttpRequest`, `HttpContent`, etc.) via `Http2StreamFrameToHttpObjectCodec `and then sent up to the child channel's pipeline and proxied through a remote peer as HTTP/1.1 this may result in request smuggling. In a proxy case, users may assume the content-length is validated somehow, which is not the case. If the request is forwarded to a backend channel that is a HTTP/1.1 connection, the Content-Length now has meaning and needs to be checked. An attacker can smuggle requests inside the body as it gets downgraded from HTTP/2 to HTTP/1.1. For an example attack refer to the linked GitHub Advisory. Users are only affected if all of this is true: `HTTP2MultiplexCodec` or `Http2FrameCodec` is used, `Http2StreamFrameToHttpObjectCodec` is used to convert to HTTP/1.1 objects, and these HTTP/1.1 objects are forwarded to another remote peer. This has been patched in 4.1.60.Final As a workaround, the user can do the validation by themselves by implementing a custom `ChannelInboundHandler` that is put in the `ChannelPipeline` behind `Http2StreamFrameToHttpObjectCodec`.
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

CVSSv3:
  • Base Score: MEDIUM (5.9)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:2.2/RC:R/MAV:A
CVSSv2:
  • Base Score: LOW (2.6)
  • Vector: /AV:N/AC:H/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2021-21409  

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.61.Final there is a vulnerability that enables request smuggling. The content-length header is not correctly validated if the request only uses a single Http2HeaderFrame with the endStream set to to true. This could lead to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. This is a followup of GHSA-wm47-8v5p-wjpj/CVE-2021-21295 which did miss to fix this one case. This was fixed as part of 4.1.61.Final.
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

CVSSv3:
  • Base Score: MEDIUM (5.9)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:2.2/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2021-2471  

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Connectors accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. CVSS 3.1 Base Score 5.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H).
NVD-CWE-noinfo

CVSSv3:
  • Base Score: MEDIUM (5.9)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H/E:0.7/RC:R/MAV:A
CVSSv2:
  • Base Score: HIGH (7.9)
  • Vector: /AV:N/AC:M/Au:S/C:C/I:N/A:C

References:

Vulnerable Software & Versions: (show all)

CVE-2021-38153  

Some components in Apache Kafka use `Arrays.equals` to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful. Users should upgrade to 2.8.1 or higher, or 3.0.0 or higher where this vulnerability has been fixed. The affected versions include Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, 2.2.2, 2.3.0, 2.3.1, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.6.0, 2.6.1, 2.6.2, 2.7.0, 2.7.1, and 2.8.0.
CWE-203 Observable Discrepancy

CVSSv3:
  • Base Score: MEDIUM (5.9)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:2.2/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2021-21290  

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty before version 4.1.59.Final there is a vulnerability on Unix-like systems involving an insecure temp file. When netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure. Of note, this does not impact modern MacOS Operating Systems. The method "File.createTempFile" on unix-like systems creates a random file, but, by default will create this file with the permissions "-rw-r--r--". Thus, if sensitive information is written to this file, other local users can read this information. This is the case in netty's "AbstractDiskHttpData" is vulnerable. This has been fixed in version 4.1.59.Final. As a workaround, one may specify your own "java.io.tmpdir" when you start the JVM or use "DefaultHttpDataFactory.setBaseDir(...)" to set the directory to something that is only readable by the current user.
CWE-378 Creation of Temporary File With Insecure Permissions, CWE-379 Creation of Temporary File in Directory with Insecure Permissions, CWE-668 Exposure of Resource to Wrong Sphere

CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:1.8/RC:R/MAV:A
CVSSv2:
  • Base Score: LOW (1.9)
  • Vector: /AV:L/AC:M/Au:N/C:P/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2021-29429  

In Gradle before version 7.0, files created with open permissions in the system temporary directory can allow an attacker to access information downloaded by Gradle. Some builds could be vulnerable to a local information disclosure. Remote files accessed through TextResourceFactory are downloaded into the system temporary directory first. Sensitive information contained in these files can be exposed to other local users on the same system. If you do not use the `TextResourceFactory` API, you are not vulnerable. As of Gradle 7.0, uses of the system temporary directory have been moved to the Gradle User Home directory. By default, this directory is restricted to the user running the build. As a workaround, set a more restrictive umask that removes read access to other users. When files are created in the system temporary directory, they will not be accessible to other users. If you are unable to change your system's umask, you can move the Java temporary directory by setting the System Property `java.io.tmpdir`. The new path needs to limit permissions to the build user only.
CWE-377 Insecure Temporary File

CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:1.8/RC:R/MAV:A
CVSSv2:
  • Base Score: LOW (1.9)
  • Vector: /AV:L/AC:M/Au:N/C:P/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2020-1728  

A vulnerability was found in all versions of Keycloak where, the pages on the Admin Console area of the application are completely missing general HTTP security headers in HTTP-responses. This does not directly lead to a security issue, yet it might aid attackers in their efforts to exploit other problems. The flaws unnecessarily make the servers more prone to Clickjacking, channel downgrade attacks and other similar client-based attack vectors.
CWE-358 Improperly Implemented Security Check for Standard, CWE-1021 Improper Restriction of Rendered UI Layers or Frames

CVSSv3:
  • Base Score: MEDIUM (5.4)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (5.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2020-10693  

A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.
CWE-20 Improper Input Validation

CVSSv3:
  • Base Score: MEDIUM (5.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2020-13956  

Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.
NVD-CWE-noinfo

CVSSv3:
  • Base Score: MEDIUM (5.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2020-25633  

A flaw was found in RESTEasy client in all versions of RESTEasy up to 4.5.6.Final. It may allow client users to obtain the server's potentially sensitive information when the server got WebApplicationException from the RESTEasy client call. The highest threat from this vulnerability is to data confidentiality.
CWE-209 Generation of Error Message Containing Sensitive Information

CVSSv3:
  • Base Score: MEDIUM (5.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2021-20289  

A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value. The highest threat from this vulnerability is to data confidentiality.
CWE-209 Generation of Error Message Containing Sensitive Information

CVSSv3:
  • Base Score: MEDIUM (5.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2021-28170  

In the Jakarta Expression Language implementation 3.0.3 and earlier, a bug in the ELParserTokenManager enables invalid EL expressions to be evaluated as if they were valid.
CWE-20 Improper Input Validation, CWE-917 Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

CVSSv3:
  • Base Score: MEDIUM (5.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2021-3642  

A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where ScramServer may be susceptible to Timing Attack if enabled. The highest threat of this vulnerability is confidentiality.
CWE-203 Observable Discrepancy

CVSSv3:
  • Base Score: MEDIUM (5.3)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:1.6/RC:R/MAV:A
CVSSv2:
  • Base Score: LOW (3.5)
  • Vector: /AV:N/AC:M/Au:S/C:P/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2020-25724  

A flaw was found in RESTEasy, where an incorrect response to an HTTP request is provided. This flaw allows an attacker to gain access to privileged information. The highest threat from this vulnerability is to confidentiality and integrity. Versions before resteasy 2.0.0.Alpha3 are affected.
CWE-567 Unsynchronized Access to Shared Data in a Multithreaded Context

CVSSv3:
  • Base Score: MEDIUM (4.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.0)
  • Vector: /AV:N/AC:L/Au:S/C:P/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2020-8908  

A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in question has been marked @Deprecated in versions 30.0 and later and should not be used. For Android developers, we recommend choosing a temporary directory API provided by Android, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime's java.io.tmpdir system property to point to a location whose permissions are appropriately configured.
CWE-378 Creation of Temporary File With Insecure Permissions, CWE-732 Incorrect Permission Assignment for Critical Resource

CVSSv3:
  • Base Score: LOW (3.3)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:1.8/RC:R/MAV:A
CVSSv2:
  • Base Score: LOW (2.1)
  • Vector: /AV:L/AC:L/Au:N/C:P/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2023-0481  

In RestEasy Reactive implementation of Quarkus the insecure File.createTempFile() is used in the FileBodyHandler class which creates temp files with insecure permissions that could be read by a local user.
CWE-378 Creation of Temporary File With Insecure Permissions, CWE-668 Exposure of Resource to Wrong Sphere

CVSSv3:
  • Base Score: LOW (3.3)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:1.8/RC:R/MAV:A

References:

Vulnerable Software & Versions:

io.quarkus.quarkus-hibernate-orm-3.30.6.jar

License:

Apache License 2.0
File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/io.quarkus.quarkus-hibernate-orm-3.30.6.jar
MD5: cceca7e1228581bdb9313b52541b9561
SHA1: 16fefa2f60687f3c2eed3565cedcce5839a21aec
SHA256:ac9de9795ebac95348cb4d06a6c3e1515f44c8bd131bdcf90a1500d15fcc27f0

Identifiers

CVE-2020-25638  

A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CVSSv3:
  • Base Score: HIGH (7.4)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:2.2/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (5.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2019-14900  

A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.0)
  • Vector: /AV:N/AC:L/Au:S/C:P/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

io.quarkus.quarkus-hibernate-orm-panache-3.30.6.jar

License:

Apache License 2.0
File Path: /builds/pub/numeco/misis/misis-backend/webapp/target/quarkus-app/lib/main/io.quarkus.quarkus-hibernate-orm-panache-3.30.6.jar
MD5: 2c73b0cd67e9e766b88c178054a2bdc4
SHA1: f85012539e3bbe821945123f1b88c0c23246eca6
SHA256:f3b0990ad3fe9f1735fe004fc66998c0fcdc3ebdd1ab11a2554fb7ca8dbce175

Identifiers

CVE-2020-25638  

A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CVSSv3:
  • Base Score: HIGH (7.4)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:2.2/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (5.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2019-14900  

A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.0)
  • Vector: /AV:N/AC:L/Au:S/C:P/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

io.quarkus.quarkus-hibernate-validator-3.30.6.jar

License:

Apache License 2.0
File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/io.quarkus.quarkus-hibernate-validator-3.30.6.jar
MD5: 0fe0ce7b9bae21f8671b7640228d7eda
SHA1: c2e9cc4d6ff8c4a37120741b2d4c4bff45ad63ff
SHA256:b9b641579c84be47a1cef39051ba0fe98cedfae969f868e989f64e8c96211ca1

Identifiers

CVE-2025-15104  

Nu Html Checker (validator.nu) contains a restriction bypass that allows remote attackers to make the server perform arbitrary HTTP/HTTPS requests to internal resources, including localhost services. While the validator implements hostname-based protections to block direct access to localhost and 127.0.0.1, these controls can be bypassed using DNS rebinding techniques or domains that resolve to loopback addresses.This issue affects The Nu Html Checker (vnu): latest (commit 23f090a11bab8d0d4e698f1ffc197a4fe226a9cd).
CWE-918 Server-Side Request Forgery (SSRF)

CVSSv4:
  • Base Score: MEDIUM (6.9)
  • Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:N/V:X/RE:X/U:X
CVSSv3:
  • Base Score: MEDIUM (5.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions:

CVE-2023-1932  

A flaw was found in hibernate-validator's 'isValid' method in the org.hibernate.validator.internal.constraintvalidators.hv.SafeHtmlValidator class, which can be bypassed by omitting the tag ending in a less-than character. Browsers may render an invalid html, allowing HTML injection or Cross-Site-Scripting (XSS) attacks.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

io.quarkus.quarkus-jaxb-3.30.6.jar

License:

Apache License 2.0
File Path: /builds/pub/numeco/misis/misis-backend/webapp/target/quarkus-app/lib/main/io.quarkus.quarkus-jaxb-3.30.6.jar
MD5: fcbfed55a660a6fdb2acb6156f3c6858
SHA1: c1ed5de66c9d5b1fd2eba1cd7b9bed72e809f6bc
SHA256:cbb59d173be0598b84fdb8a2b07f069acee5e832bb0f041ce7b10ae2ba70fa54

Identifiers

io.quarkus.quarkus-jdbc-postgresql-3.30.6.jar

License:

Apache License 2.0
File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/io.quarkus.quarkus-jdbc-postgresql-3.30.6.jar
MD5: cbbdcdc8abb9fe432a665831f3244322
SHA1: 39d2c606b913f1cc292906d259d11c5dc8d8f1ca
SHA256:52ddb2c5a7f17c7f0f6b58fc554af4c077665cf7281dba3bd0be2507ee5c3882

Identifiers

CVE-2015-0244  

PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 does not properly handle errors while reading a protocol message, which allows remote attackers to conduct SQL injection attacks via crafted binary data in a parameter and causing an error, which triggers the loss of synchronization and part of the protocol message to be treated as a new message, as demonstrated by causing a timeout or query cancellation.
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2015-3166  

The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 does not properly handle system-call errors, which allows attackers to obtain sensitive information or have other unspecified impact via unknown vectors, as demonstrated by an out-of-memory error.
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2019-10211  

Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via bundled OpenSSL executing code from unprotected directory.
CWE-94 Improper Control of Generation of Code ('Code Injection'), NVD-CWE-noinfo

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2018-1115  

postgresql before versions 10.4, 9.6.9 is vulnerable in the adminpack extension, the pg_catalog.pg_logfile_rotate() function doesn't follow the same ACLs than pg_rorate_logfile. If the adminpack is added to a database, an attacker able to connect to it could exploit this to force log rotation.
CWE-732 Incorrect Permission Assignment for Critical Resource

CVSSv3:
  • Base Score: CRITICAL (9.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (6.4)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2015-0241  

The to_char function in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a (1) large number of digits when processing a numeric formatting template, which triggers a buffer over-read, or (2) crafted timestamp formatting template, which triggers a buffer overflow.
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVSSv3:
  • Base Score: HIGH (8.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (6.5)
  • Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2015-0242  

Stack-based buffer overflow in the *printf function implementations in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1, when running on a Windows system, allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a floating point number with a large precision, as demonstrated by using the to_char function.
CWE-787 Out-of-bounds Write

CVSSv3:
  • Base Score: HIGH (8.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (6.5)
  • Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2015-0243  

Multiple buffer overflows in contrib/pgcrypto in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVSSv3:
  • Base Score: HIGH (8.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (6.5)
  • Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2019-10127  

A vulnerability was found in postgresql versions 11.x prior to 11.3. The Windows installer for BigSQL-supplied PostgreSQL does not lock down the ACL of the binary installation directory or the ACL of the data directory; it keeps the inherited ACL. In the default configuration, an attacker having both an unprivileged Windows account and an unprivileged PostgreSQL account can cause the PostgreSQL service account to execute arbitrary code. An attacker having only the unprivileged Windows account can read arbitrary data directory files, essentially bypassing database-imposed read access limitations. An attacker having only the unprivileged Windows account can also delete certain data directory files.
CWE-284 Improper Access Control

CVSSv3:
  • Base Score: HIGH (8.8)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:2.0/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:L/AC:L/Au:S/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2020-25695  

A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CVSSv3:
  • Base Score: HIGH (8.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (6.5)
  • Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2016-5423  

PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 allow remote authenticated users to cause a denial of service (NULL pointer dereference and server crash), obtain sensitive memory information, or possibly execute arbitrary code via (1) a CASE expression within the test value subexpression of another CASE or (2) inlining of an SQL function that implements the equality operator used for a CASE expression involving values of different types.
CWE-476 NULL Pointer Dereference

CVSSv3:
  • Base Score: HIGH (8.3)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (6.5)
  • Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2016-7048  

The interactive installer in PostgreSQL before 9.3.15, 9.4.x before 9.4.10, and 9.5.x before 9.5.5 might allow remote attackers to execute arbitrary code by leveraging use of HTTP to download software.
CWE-284 Improper Access Control

CVSSv3:
  • Base Score: HIGH (8.1)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A
CVSSv2:
  • Base Score: HIGH (9.3)
  • Vector: /AV:N/AC:M/Au:N/C:C/I:C/A:C

References:

Vulnerable Software & Versions: (show all)

CVE-2020-25694  

A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If a client application that creates additional database connections only reuses the basic connection parameters while dropping security-relevant parameters, an opportunity for a man-in-the-middle attack, or the ability to observe clear-text transmissions, could exist. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CWE-327 Use of a Broken or Risky Cryptographic Algorithm

CVSSv3:
  • Base Score: HIGH (8.1)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2021-23214  

When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption.
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CVSSv3:
  • Base Score: HIGH (8.1)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (5.1)
  • Vector: /AV:N/AC:H/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2019-10128  

A vulnerability was found in postgresql versions 11.x prior to 11.3. The Windows installer for EnterpriseDB-supplied PostgreSQL does not lock down the ACL of the binary installation directory or the ACL of the data directory; it keeps the inherited ACL. In the default configuration, this allows a local attacker to read arbitrary data directory files, essentially bypassing database-imposed read access limitations. In plausible non-default configurations, an attacker having both an unprivileged Windows account and an unprivileged PostgreSQL account can cause the PostgreSQL service account to execute arbitrary code.
CWE-284 Improper Access Control

CVSSv3:
  • Base Score: HIGH (7.8)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:1.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.1)
  • Vector: /AV:L/AC:M/Au:S/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2015-3167  

contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 uses different error responses when an incorrect key is used, which makes it easier for attackers to obtain the key via a brute force attack.
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2016-0768  

PostgreSQL PL/Java after 9.0 does not honor access controls on large objects.
CWE-284 Improper Access Control

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N

References:

Vulnerable Software & Versions:

CVE-2016-0773  

PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 allows remote attackers to cause a denial of service (infinite loop or buffer overflow and crash) via a large Unicode character range in a regular expression.
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2017-7484  

It was found that some selectivity estimation functions in PostgreSQL before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3 did not check user privileges before providing information from pg_statistic, possibly leaking information. An unprivileged attacker could use this flaw to steal some information from tables they are otherwise not allowed to access.
CWE-285 Improper Authorization, CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2016-5424  

PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 might allow remote authenticated users with the CREATEDB or CREATEROLE role to gain superuser privileges via a (1) " (double quote), (2) \ (backslash), (3) carriage return, or (4) newline character in a (a) database or (b) role name that is mishandled during an administrative operation.
CWE-94 Improper Control of Generation of Code ('Code Injection')

CVSSv3:
  • Base Score: HIGH (7.1)
  • Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:1.2/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.6)
  • Vector: /AV:N/AC:H/Au:S/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2017-14798  

A race condition in the postgresql init script could be used by attackers able to access the postgresql account to escalate their privileges to root.
CWE-61 UNIX Symbolic Link (Symlink) Following, CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CVSSv3:
  • Base Score: HIGH (7.0)
  • Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:1.0/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (6.9)
  • Vector: /AV:L/AC:M/Au:N/C:C/I:C/A:C

References:

    Vulnerable Software & Versions:

    CVE-2019-10210  

    Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via superuser writing password to unprotected temporary file.
    CWE-522 Insufficiently Protected Credentials

    CVSSv3:
    • Base Score: HIGH (7.0)
    • Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:1.0/RC:R/MAV:A
    CVSSv2:
    • Base Score: LOW (1.9)
    • Vector: /AV:L/AC:M/Au:N/C:P/I:N/A:N

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2014-0061  

    The validator functions for the procedural languages (PLs) in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to gain privileges via a function that is (1) defined in another language or (2) not allowed to be directly called by the user due to permissions.
    CWE-264 Permissions, Privileges, and Access Controls

    CVSSv2:
    • Base Score: MEDIUM (6.5)
    • Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2014-0063  

    Multiple stack-based buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via vectors related to an incorrect MAXDATELEN constant and datetime values involving (1) intervals, (2) timestamps, or (3) timezones, a different vulnerability than CVE-2014-0065.
    CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

    CVSSv2:
    • Base Score: MEDIUM (6.5)
    • Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2014-0064  

    Multiple integer overflows in the path_in and other unspecified functions in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact and attack vectors, which trigger a buffer overflow.  NOTE: this identifier has been SPLIT due to different affected versions; use CVE-2014-2669 for the hstore vector.
    CWE-189 Numeric Errors

    CVSSv2:
    • Base Score: MEDIUM (6.5)
    • Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2014-0065  

    Multiple buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact and attack vectors, a different vulnerability than CVE-2014-0063.
    CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

    CVSSv2:
    • Base Score: MEDIUM (6.5)
    • Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2015-5288  

    The crypt function in contrib/pgcrypto in PostgreSQL before 9.0.23, 9.1.x before 9.1.19, 9.2.x before 9.2.14, 9.3.x before 9.3.10, and 9.4.x before 9.4.5 allows attackers to cause a denial of service (server crash) or read arbitrary server memory via a "too-short" salt.
    CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

    CVSSv2:
    • Base Score: MEDIUM (6.4)
    • Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:P

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2007-2138  

    Untrusted search path vulnerability in PostgreSQL before 7.3.19, 7.4.x before 7.4.17, 8.0.x before 8.0.13, 8.1.x before 8.1.9, and 8.2.x before 8.2.4 allows remote authenticated users, when permitted to call a SECURITY DEFINER function, to gain the privileges of the function owner, related to "search_path settings."
    CWE-264 Permissions, Privileges, and Access Controls

    CVSSv2:
    • Base Score: MEDIUM (6.0)
    • Vector: /AV:N/AC:M/Au:S/C:P/I:P/A:P

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2014-0062  

    Race condition in the (1) CREATE INDEX and (2) unspecified ALTER TABLE commands in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allows remote authenticated users to create an unauthorized index or read portions of unauthorized tables by creating or deleting a table with the same name during the timing window.
    CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

    CVSSv2:
    • Base Score: MEDIUM (4.9)
    • Vector: /AV:N/AC:M/Au:S/C:P/I:P/A:N

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2014-0067  

    The "make check" command for the test suites in PostgreSQL 9.3.3 and earlier does not properly invoke initdb to specify the authentication requirements for a database cluster to be used for the tests, which allows local users to gain privileges by leveraging access to this cluster.
    CWE-264 Permissions, Privileges, and Access Controls

    CVSSv2:
    • Base Score: MEDIUM (4.6)
    • Vector: /AV:L/AC:L/Au:N/C:P/I:P/A:P

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2014-8161  

    PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to obtain sensitive column values by triggering constraint violation and then reading the error message.
    CWE-209 Generation of Error Message Containing Sensitive Information

    CVSSv3:
    • Base Score: MEDIUM (4.3)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:2.8/RC:R/MAV:A
    CVSSv2:
    • Base Score: MEDIUM (4.0)
    • Vector: /AV:N/AC:L/Au:S/C:P/I:N/A:N

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2015-3165  

    Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service (crash) by closing an SSL session at a time when the authentication timeout will expire during the session shutdown sequence.
    NVD-CWE-Other

    CVSSv2:
    • Base Score: MEDIUM (4.3)
    • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2021-3393  

    An information leak was discovered in postgresql in versions before 13.2, before 12.6 and before 11.11. A user having UPDATE permission but not SELECT permission to a particular column could craft queries which, under some circumstances, might disclose values from that column in error messages. An attacker could use this flaw to obtain information stored in a column they are allowed to write but not read.
    CWE-209 Generation of Error Message Containing Sensitive Information

    CVSSv3:
    • Base Score: MEDIUM (4.3)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:2.8/RC:R/MAV:A
    CVSSv2:
    • Base Score: LOW (3.5)
    • Vector: /AV:N/AC:M/Au:S/C:P/I:N/A:N

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2014-0060  

    PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly enforce the ADMIN OPTION restriction, which allows remote authenticated members of a role to add or remove arbitrary users to that role by calling the SET ROLE command before the associated GRANT command.
    CWE-264 Permissions, Privileges, and Access Controls

    CVSSv2:
    • Base Score: MEDIUM (4.0)
    • Vector: /AV:N/AC:L/Au:S/C:N/I:P/A:N

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2014-0066  

    The chkpass extension in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly check the return value of the crypt library function, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors.
    CWE-20 Improper Input Validation

    CVSSv2:
    • Base Score: MEDIUM (4.0)
    • Vector: /AV:N/AC:L/Au:S/C:N/I:N/A:P

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2010-0733  

    Integer overflow in src/backend/executor/nodeHash.c in PostgreSQL 8.4.1 and earlier, and 8.5 through 8.5alpha2, allows remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with many LEFT JOIN clauses, related to certain hashtable size calculations.
    CWE-189 Numeric Errors

    CVSSv2:
    • Base Score: LOW (3.5)
    • Vector: /AV:N/AC:M/Au:S/C:N/I:N/A:P

    References:
    • af854a3a-2127-422b-91ae-364da2661108 - PATCH
    • secalert@redhat.com - PATCH

    Vulnerable Software & Versions: (show all)

    io.quarkus.quarkus-liquibase-3.30.6.jar

    License:

    Apache License 2.0
    File Path: /builds/pub/numeco/misis/misis-backend/webapp/target/quarkus-app/lib/main/io.quarkus.quarkus-liquibase-3.30.6.jar
    MD5: 3ea4ce87175a63a83d539e6e8bbec868
    SHA1: d3b799ef4639cdda4ceacc9b611d1c0c16140806
    SHA256:cb65b6c419ae31b33533474e26d4033431c84f2fcd6c44a01602cfa41bee3fb3

    Identifiers

    CVE-2022-0839  

    Improper Restriction of XML External Entity Reference in GitHub repository liquibase/liquibase prior to 4.8.0.
    CWE-611 Improper Restriction of XML External Entity Reference

    CVSSv3:
    • Base Score: CRITICAL (9.8)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
    CVSSv2:
    • Base Score: HIGH (7.5)
    • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

    References:

    Vulnerable Software & Versions: (show all)

    io.quarkus.quarkus-mutiny-3.30.6.jar

    License:

    Apache License 2.0
    File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/io.quarkus.quarkus-mutiny-3.30.6.jar
    MD5: c74c53390dd8237a4b46711f6f8f439d
    SHA1: 7ad923f9d5a1f9a8cd32fc88b2c27e4708e2ba86
    SHA256:f97153ec08c818b7307ec33d16cf4d92df76364228c78fe0365b29d6ea999fb3

    Identifiers

    CVE-2022-37832  

    Mutiny 7.2.0-10788 suffers from Hardcoded root password.
    CWE-798 Use of Hard-coded Credentials

    CVSSv3:
    • Base Score: CRITICAL (9.8)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A

    References:

    Vulnerable Software & Versions:

    CVE-2018-15529  

    A command injection vulnerability in maintenance.cgi in Mutiny "Monitoring Appliance" before 6.1.0-5263 allows authenticated users, with access to the admin interface, to inject arbitrary commands within the filename of a system upgrade upload.
    CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

    CVSSv3:
    • Base Score: HIGH (8.8)
    • Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:2.8/RC:R/MAV:A
    CVSSv2:
    • Base Score: MEDIUM (6.5)
    • Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P

    References:

    Vulnerable Software & Versions:

    CVE-2013-0136  

    Multiple directory traversal vulnerabilities in the EditDocument servlet in the Frontend in Mutiny before 5.0-1.11 allow remote authenticated users to upload and execute arbitrary programs, read arbitrary files, or cause a denial of service (file deletion or renaming) via (1) the uploadPath parameter in an UPLOAD operation; the paths[] parameter in a (2) DELETE, (3) CUT, or (4) COPY operation; or the newPath parameter in a (5) CUT or (6) COPY operation.
    CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

    CVSSv2:
    • Base Score: HIGH (8.5)
    • Vector: /AV:N/AC:M/Au:S/C:C/I:C/A:C

    References:

    Vulnerable Software & Versions: (show all)

    io.quarkus.quarkus-mutiny-reactive-streams-operators-3.30.6.jar

    License:

    Apache License 2.0
    File Path: /builds/pub/numeco/misis/misis-backend/webapp/target/quarkus-app/lib/main/io.quarkus.quarkus-mutiny-reactive-streams-operators-3.30.6.jar
    MD5: aa1ec3e405fd22a2ee124c97a9794eb0
    SHA1: 69340b5aca2e12660d07e1881d290f0f776776c6
    SHA256:1f5fcfe8db3ca487835c03bc7b812c2c52b0f935648826b985dfda4b7cd86459

    Identifiers

    CVE-2022-37832  

    Mutiny 7.2.0-10788 suffers from Hardcoded root password.
    CWE-798 Use of Hard-coded Credentials

    CVSSv3:
    • Base Score: CRITICAL (9.8)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A

    References:

    Vulnerable Software & Versions:

    CVE-2018-15529  

    A command injection vulnerability in maintenance.cgi in Mutiny "Monitoring Appliance" before 6.1.0-5263 allows authenticated users, with access to the admin interface, to inject arbitrary commands within the filename of a system upgrade upload.
    CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

    CVSSv3:
    • Base Score: HIGH (8.8)
    • Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:2.8/RC:R/MAV:A
    CVSSv2:
    • Base Score: MEDIUM (6.5)
    • Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P

    References:

    Vulnerable Software & Versions:

    CVE-2013-0136  

    Multiple directory traversal vulnerabilities in the EditDocument servlet in the Frontend in Mutiny before 5.0-1.11 allow remote authenticated users to upload and execute arbitrary programs, read arbitrary files, or cause a denial of service (file deletion or renaming) via (1) the uploadPath parameter in an UPLOAD operation; the paths[] parameter in a (2) DELETE, (3) CUT, or (4) COPY operation; or the newPath parameter in a (5) CUT or (6) COPY operation.
    CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

    CVSSv2:
    • Base Score: HIGH (8.5)
    • Vector: /AV:N/AC:M/Au:S/C:C/I:C/A:C

    References:

    Vulnerable Software & Versions: (show all)

    io.quarkus.quarkus-netty-3.30.6.jar

    License:

    Apache License 2.0
    File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/io.quarkus.quarkus-netty-3.30.6.jar
    MD5: be5f795a5dc49219012ebe4167ed38e5
    SHA1: 1475255e8f4573361d1b9aa4cf93bd9a57a4570a
    SHA256:4731eb231441a79371aec695eb42c758cc2b16291314402454bc43b766919abb

    Identifiers

    CVE-2019-20444  

    HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold."
    CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

    CVSSv3:
    • Base Score: CRITICAL (9.1)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:3.9/RC:R/MAV:A
    CVSSv2:
    • Base Score: MEDIUM (6.4)
    • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:N

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2019-20445  

    HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header.
    CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

    CVSSv3:
    • Base Score: CRITICAL (9.1)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:3.9/RC:R/MAV:A
    CVSSv2:
    • Base Score: MEDIUM (6.4)
    • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:N

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2025-55163  

    Netty is an asynchronous, event-driven network application framework. Prior to versions 4.1.124.Final and 4.2.4.Final, Netty is vulnerable to MadeYouReset DDoS. This is a logical vulnerability in the HTTP/2 protocol, that uses malformed HTTP/2 control frames in order to break the max concurrent streams limit - which results in resource exhaustion and distributed denial of service. This issue has been patched in versions 4.1.124.Final and 4.2.4.Final.
    CWE-770 Allocation of Resources Without Limits or Throttling

    CVSSv4:
    • Base Score: HIGH (8.2)
    • Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:N/V:X/RE:X/U:X
    CVSSv3:
    • Base Score: HIGH (7.5)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2019-16869  

    Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers (such as a "Transfer-Encoding : chunked" line), which leads to HTTP request smuggling.
    CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

    CVSSv3:
    • Base Score: HIGH (7.5)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:3.9/RC:R/MAV:A
    CVSSv2:
    • Base Score: MEDIUM (5.0)
    • Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2021-37136  

    The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack
    CWE-400 Uncontrolled Resource Consumption

    CVSSv3:
    • Base Score: HIGH (7.5)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A
    CVSSv2:
    • Base Score: MEDIUM (5.0)
    • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2021-37137  

    The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well. This vulnerability can be triggered by supplying malicious input that decompresses to a very big size (via a network stream or a file) or by sending a huge skippable chunk.
    CWE-400 Uncontrolled Resource Consumption

    CVSSv3:
    • Base Score: HIGH (7.5)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A
    CVSSv2:
    • Base Score: MEDIUM (5.0)
    • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2022-41881  

    Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version 4.1.86.Final. There is no workaround, except using a custom HaProxyMessageDecoder.
    CWE-674 Uncontrolled Recursion

    CVSSv3:
    • Base Score: HIGH (7.5)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

    References:

    Vulnerable Software & Versions:

    CVE-2023-44487  

    CISA Known Exploited Vulnerability:
    • Product: IETF HTTP/2
    • Name: HTTP/2 Rapid Reset Attack Vulnerability
    • Date Added: 2023-10-10
    • Description: HTTP/2 contains a rapid reset vulnerability that allows for a distributed denial-of-service attack (DDoS).
    • Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
    • Due Date: 2023-10-31
    • Notes: This vulnerability affects a common open-source component, third-party library, or protocol used by different products. For more information, please see: HTTP/2 Rapid Reset Vulnerability, CVE-2023-44487 | CISA: https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487; https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/; https://nvd.nist.gov/vuln/detail/CVE-2023-44487

    The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
    CWE-400 Uncontrolled Resource Consumption, NVD-CWE-noinfo

    CVSSv3:
    • Base Score: HIGH (7.5)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2025-58057  

    Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In netty-codec-compression versions 4.1.124.Final and below, and netty-codec versions 4.2.4.Final and below, when supplied with specially crafted input, BrotliDecoder and certain other decompression decoders will allocate a large number of reachable byte buffers, which can lead to denial of service. BrotliDecoder.decompress has no limit in how often it calls pull, decompressing data 64K bytes at a time. The buffers are saved in the output list, and remain reachable until OOM is hit. This is fixed in versions 4.1.125.Final of netty-codec and 4.2.5.Final of netty-codec-compression.
    CWE-409 Improper Handling of Highly Compressed Data (Data Amplification)

    CVSSv4:
    • Base Score: MEDIUM (6.9)
    • Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:N/V:X/RE:X/U:X
    CVSSv3:
    • Base Score: HIGH (7.5)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2021-43797  

    Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Netty prior to version 4.1.71.Final skips control chars when they are present at the beginning / end of the header name. It should instead fail fast as these are not allowed by the spec and could lead to HTTP request smuggling. Failing to do the validation might cause netty to "sanitize" header names before it forward these to another remote system when used as proxy. This remote system can't see the invalid usage anymore, and therefore does not do the validation itself. Users should upgrade to version 4.1.71.Final.
    CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

    CVSSv3:
    • Base Score: MEDIUM (6.5)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:2.8/RC:R/MAV:A
    CVSSv2:
    • Base Score: MEDIUM (4.3)
    • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2023-34462  

    Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `SniHandler` can allocate up to 16MB of heap for each channel during the TLS handshake. When the handler or the channel does not have an idle timeout, it can be used to make a TCP server using the `SniHandler` to allocate 16MB of heap. The `SniHandler` class is a handler that waits for the TLS handshake to configure a `SslHandler` according to the indicated server name by the `ClientHello` record. For this matter it allocates a `ByteBuf` using the value defined in the `ClientHello` record. Normally the value of the packet should be smaller than the handshake packet but there are not checks done here and the way the code is written, it is possible to craft a packet that makes the `SslClientHelloHandler`. This vulnerability has been fixed in version 4.1.94.Final.
    CWE-400 Uncontrolled Resource Consumption, CWE-770 Allocation of Resources Without Limits or Throttling

    CVSSv3:
    • Base Score: MEDIUM (6.5)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A

    References:

    Vulnerable Software & Versions:

    CVE-2025-67735  

    Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.129.Final and 4.2.8.Final, the `io.netty.handler.codec.http.HttpRequestEncoder` has a CRLF injection with the request URI when constructing a request. This leads to request smuggling when `HttpRequestEncoder` is used without proper sanitization of the URI. Any application / framework using `HttpRequestEncoder` can be subject to be abused to perform request smuggling using CRLF injection. Versions 4.1.129.Final and 4.2.8.Final fix the issue.
    CWE-93 Improper Neutralization of CRLF Sequences ('CRLF Injection')

    CVSSv3:
    • Base Score: MEDIUM (6.5)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:3.9/RC:R/MAV:A

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2021-21295  

    Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.60.Final there is a vulnerability that enables request smuggling. If a Content-Length header is present in the original HTTP/2 request, the field is not validated by `Http2MultiplexHandler` as it is propagated up. This is fine as long as the request is not proxied through as HTTP/1.1. If the request comes in as an HTTP/2 stream, gets converted into the HTTP/1.1 domain objects (`HttpRequest`, `HttpContent`, etc.) via `Http2StreamFrameToHttpObjectCodec `and then sent up to the child channel's pipeline and proxied through a remote peer as HTTP/1.1 this may result in request smuggling. In a proxy case, users may assume the content-length is validated somehow, which is not the case. If the request is forwarded to a backend channel that is a HTTP/1.1 connection, the Content-Length now has meaning and needs to be checked. An attacker can smuggle requests inside the body as it gets downgraded from HTTP/2 to HTTP/1.1. For an example attack refer to the linked GitHub Advisory. Users are only affected if all of this is true: `HTTP2MultiplexCodec` or `Http2FrameCodec` is used, `Http2StreamFrameToHttpObjectCodec` is used to convert to HTTP/1.1 objects, and these HTTP/1.1 objects are forwarded to another remote peer. This has been patched in 4.1.60.Final As a workaround, the user can do the validation by themselves by implementing a custom `ChannelInboundHandler` that is put in the `ChannelPipeline` behind `Http2StreamFrameToHttpObjectCodec`.
    CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

    CVSSv3:
    • Base Score: MEDIUM (5.9)
    • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:2.2/RC:R/MAV:A
    CVSSv2:
    • Base Score: LOW (2.6)
    • Vector: /AV:N/AC:H/Au:N/C:N/I:P/A:N

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2021-21409  

    Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.61.Final there is a vulnerability that enables request smuggling. The content-length header is not correctly validated if the request only uses a single Http2HeaderFrame with the endStream set to to true. This could lead to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. This is a followup of GHSA-wm47-8v5p-wjpj/CVE-2021-21295 which did miss to fix this one case. This was fixed as part of 4.1.61.Final.
    CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

    CVSSv3:
    • Base Score: MEDIUM (5.9)
    • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:2.2/RC:R/MAV:A
    CVSSv2:
    • Base Score: MEDIUM (4.3)
    • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2021-21290  

    Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty before version 4.1.59.Final there is a vulnerability on Unix-like systems involving an insecure temp file. When netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure. Of note, this does not impact modern MacOS Operating Systems. The method "File.createTempFile" on unix-like systems creates a random file, but, by default will create this file with the permissions "-rw-r--r--". Thus, if sensitive information is written to this file, other local users can read this information. This is the case in netty's "AbstractDiskHttpData" is vulnerable. This has been fixed in version 4.1.59.Final. As a workaround, one may specify your own "java.io.tmpdir" when you start the JVM or use "DefaultHttpDataFactory.setBaseDir(...)" to set the directory to something that is only readable by the current user.
    CWE-378 Creation of Temporary File With Insecure Permissions, CWE-379 Creation of Temporary File in Directory with Insecure Permissions, CWE-668 Exposure of Resource to Wrong Sphere

    CVSSv3:
    • Base Score: MEDIUM (5.5)
    • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:1.8/RC:R/MAV:A
    CVSSv2:
    • Base Score: LOW (1.9)
    • Vector: /AV:L/AC:M/Au:N/C:P/I:N/A:N

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2022-24823  

    Netty is an open-source, asynchronous event-driven network application framework. The package `io.netty:netty-codec-http` prior to version 4.1.77.Final contains an insufficient fix for CVE-2021-21290. When Netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. This only impacts applications running on Java version 6 and lower. Additionally, this vulnerability impacts code running on Unix-like systems, and very old versions of Mac OSX and Windows as they all share the system temporary directory between all users. Version 4.1.77.Final contains a patch for this vulnerability. As a workaround, specify one's own `java.io.tmpdir` when starting the JVM or use DefaultHttpDataFactory.setBaseDir(...) to set the directory to something that is only readable by the current user.
    CWE-378 Creation of Temporary File With Insecure Permissions, CWE-379 Creation of Temporary File in Directory with Insecure Permissions, CWE-668 Exposure of Resource to Wrong Sphere

    CVSSv3:
    • Base Score: MEDIUM (5.5)
    • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:1.8/RC:R/MAV:A
    CVSSv2:
    • Base Score: LOW (1.9)
    • Vector: /AV:L/AC:M/Au:N/C:P/I:N/A:N

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2024-47535  

    Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application, Netty attempts to load a file that does not exist. If an attacker creates such a large file, the Netty application crashes. This vulnerability is fixed in 4.1.115.
    CWE-400 Uncontrolled Resource Consumption

    CVSSv3:
    • Base Score: MEDIUM (5.5)
    • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A

    References:

    Vulnerable Software & Versions:

    CVE-2025-25193  

    Netty, an asynchronous, event-driven network application framework, has a vulnerability in versions up to and including 4.1.118.Final. An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application, Netty attempts to load a file that does not exist. If an attacker creates such a large file, the Netty application crash. A similar issue was previously reported as CVE-2024-47535. This issue was fixed, but the fix was incomplete in that null-bytes were not counted against the input limit. Commit d1fbda62d3a47835d3fb35db8bd42ecc205a5386 contains an updated fix.
    CWE-400 Uncontrolled Resource Consumption

    CVSSv3:
    • Base Score: MEDIUM (5.5)
    • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A

    References:

    Vulnerable Software & Versions:

    CVE-2024-29025  

    Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `HttpPostRequestDecoder` can be tricked to accumulate data. While the decoder can store items on the disk if configured so, there are no limits to the number of fields the form can have, an attacher can send a chunked post consisting of many small fields that will be accumulated in the `bodyListHttpData` list. The decoder cumulates bytes in the `undecodedChunk` buffer until it can decode a field, this field can cumulate data without limits. This vulnerability is fixed in 4.1.108.Final.
    CWE-770 Allocation of Resources Without Limits or Throttling

    CVSSv3:
    • Base Score: MEDIUM (5.3)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:3.9/RC:R/MAV:A

    References:

    Vulnerable Software & Versions:

    CVE-2025-58056  

    Netty is an asynchronous event-driven network application framework for development of maintainable high performance protocol servers and clients. In versions 4.1.124.Final, and 4.2.0.Alpha3 through 4.2.4.Final, Netty incorrectly accepts standalone newline characters (LF) as a chunk-size line terminator, regardless of a preceding carriage return (CR), instead of requiring CRLF per HTTP/1.1 standards. When combined with reverse proxies that parse LF differently (treating it as part of the chunk extension), attackers can craft requests that the proxy sees as one request but Netty processes as two, enabling request smuggling attacks. This is fixed in versions 4.1.125.Final and 4.2.5.Final.
    CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

    CVSSv4:
    • Base Score: LOW (2.9)
    • Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:N/V:X/RE:X/U:X
    CVSSv3:
    • Base Score: HIGH (7.5)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:3.9/RC:R/MAV:A

    References:

    Vulnerable Software & Versions: (show all)

    io.quarkus.quarkus-spring-boot-orm-api-3.4.jar

    File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/io.quarkus.quarkus-spring-boot-orm-api-3.4.jar
    MD5: 5d74a221a73191bba2b4b2f47e2704b1
    SHA1: 7782f51796074d5e458a7aa20c7dcd95281351a0
    SHA256:30b6f1fe6982527060a50ac56cb8b6438e49172c644417833812070c8a794a6d

    Identifiers

    • cpe:2.3:a:quarkus:quarkus:3.4:*:*:*:*:*:*:*  (Confidence:Low)  

    CVE-2023-6394  

    A flaw was found in Quarkus. This issue occurs when receiving a request over websocket with no role-based permission specified on the GraphQL operation, Quarkus processes the request without authentication despite the endpoint being secured. This can allow an attacker to access information and functionality outside of normal granted API permissions.
    CWE-862 Missing Authorization

    CVSSv3:
    • Base Score: CRITICAL (9.1)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:3.9/RC:R/MAV:A

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2024-12225  

    A vulnerability was found in Quarkus in the quarkus-security-webauthn module. The Quarkus WebAuthn module publishes default REST endpoints for registering and logging users in while allowing developers to provide custom REST endpoints. When developers provide custom REST endpoints, the default endpoints remain accessible, potentially allowing attackers to obtain a login cookie that has no corresponding user in the Quarkus application or, depending on how the application is written, could correspond to an existing user that has no relation with the current attacker, allowing anyone to log in as an existing user by just knowing that user's user name.
    CWE-288 Authentication Bypass Using an Alternate Path or Channel

    CVSSv3:
    • Base Score: CRITICAL (9.1)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:3.9/RC:R/MAV:A

    References:

    Vulnerable Software & Versions:

    io.quarkus.quarkus-spring-core-api-6.2.SP1.jar

    File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/io.quarkus.quarkus-spring-core-api-6.2.SP1.jar
    MD5: 25dc1b379a6de376c7659ef9d061e857
    SHA1: 40188dd302df5fa23d0e19dfd68b0bacb36faac3
    SHA256:4fba49a4891d3133aa5032ade616ea65d96e99fee5bb225f4ee0c131a1f7fb75

    Identifiers

    • cpe:2.3:a:quarkus:quarkus:6.2.sp1:*:*:*:*:*:*:*  (Confidence:Low)  

    io.quarkus.quarkus-spring-data-jpa-api-3.5.jar

    File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/io.quarkus.quarkus-spring-data-jpa-api-3.5.jar
    MD5: da133718d5470ec68d206526ace04cff
    SHA1: 7609a2c678612606b8b4245912f4c23ce8a9df5b
    SHA256:eea1d1f67f62d80eeb1d1ad848b8635734913754df233b1ec89d7b6c6431b58d

    Identifiers

    • cpe:2.3:a:quarkus:quarkus:3.5:*:*:*:*:*:*:*  (Confidence:Low)  

    CVE-2023-6394  

    A flaw was found in Quarkus. This issue occurs when receiving a request over websocket with no role-based permission specified on the GraphQL operation, Quarkus processes the request without authentication despite the endpoint being secured. This can allow an attacker to access information and functionality outside of normal granted API permissions.
    CWE-862 Missing Authorization

    CVSSv3:
    • Base Score: CRITICAL (9.1)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:3.9/RC:R/MAV:A

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2024-12225  

    A vulnerability was found in Quarkus in the quarkus-security-webauthn module. The Quarkus WebAuthn module publishes default REST endpoints for registering and logging users in while allowing developers to provide custom REST endpoints. When developers provide custom REST endpoints, the default endpoints remain accessible, potentially allowing attackers to obtain a login cookie that has no corresponding user in the Quarkus application or, depending on how the application is written, could correspond to an existing user that has no relation with the current attacker, allowing anyone to log in as an existing user by just knowing that user's user name.
    CWE-288 Authentication Bypass Using an Alternate Path or Channel

    CVSSv3:
    • Base Score: CRITICAL (9.1)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:3.9/RC:R/MAV:A

    References:

    Vulnerable Software & Versions:

    io.quarkus.quarkus-swagger-ui-3.30.6.jar

    License:

    Apache License 2.0
    File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/io.quarkus.quarkus-swagger-ui-3.30.6.jar
    MD5: b0ec18ade1bc0ea63808d49d90239f8e
    SHA1: 29e02d81660b510f9c76a41970d47aece5fb8879
    SHA256:8133515e8eb921cd369231095fa12c143b7a526de583b6fe87d83540176c13d0

    Identifiers

    io.quarkus.security.quarkus-security-2.2.1.jar

    File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/io.quarkus.security.quarkus-security-2.2.1.jar
    MD5: 944193acec94a6890e628cb7dc7b87d9
    SHA1: 02879402ad326511ed8a65a6378731b4e45d12e4
    SHA256:b5020f6fcc506d2db71c17ac6854cc3a9078c0b73952918048d1f2cbb4a7d8f8

    Identifiers

    CVE-2022-21724  

    pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pgjdbc instantiates plugin instances based on class names provided via `authenticationPluginClassName`, `sslhostnameverifier`, `socketFactory`, `sslfactory`, `sslpasswordcallback` connection properties. However, the driver did not verify if the class implements the expected interface before instantiating the class. This can lead to code execution loaded via arbitrary classes. Users using plugins are advised to upgrade. There are no known workarounds for this issue.
    CWE-665 Improper Initialization

    CVSSv3:
    • Base Score: CRITICAL (9.8)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
    CVSSv2:
    • Base Score: HIGH (7.5)
    • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2022-4116  

    A vulnerability was found in quarkus. This security flaw happens in Dev UI Config Editor which is vulnerable to drive-by localhost attacks leading to remote code execution.
    NVD-CWE-noinfo

    CVSSv3:
    • Base Score: CRITICAL (9.8)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2023-6267  

    A flaw was found in the json payload. If annotation based security is used to secure a REST resource, the JSON body that the resource may consume is being processed (deserialized) prior to the security constraints being evaluated and applied. This does not happen with configuration based security.
    CWE-755 Improper Handling of Exceptional Conditions

    CVSSv3:
    • Base Score: CRITICAL (9.8)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2023-6394  

    A flaw was found in Quarkus. This issue occurs when receiving a request over websocket with no role-based permission specified on the GraphQL operation, Quarkus processes the request without authentication despite the endpoint being secured. This can allow an attacker to access information and functionality outside of normal granted API permissions.
    CWE-862 Missing Authorization

    CVSSv3:
    • Base Score: CRITICAL (9.1)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:3.9/RC:R/MAV:A

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2024-12225  

    A vulnerability was found in Quarkus in the quarkus-security-webauthn module. The Quarkus WebAuthn module publishes default REST endpoints for registering and logging users in while allowing developers to provide custom REST endpoints. When developers provide custom REST endpoints, the default endpoints remain accessible, potentially allowing attackers to obtain a login cookie that has no corresponding user in the Quarkus application or, depending on how the application is written, could correspond to an existing user that has no relation with the current attacker, allowing anyone to log in as an existing user by just knowing that user's user name.
    CWE-288 Authentication Bypass Using an Alternate Path or Channel

    CVSSv3:
    • Base Score: CRITICAL (9.1)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:3.9/RC:R/MAV:A

    References:

    Vulnerable Software & Versions:

    CVE-2022-0981  

    A flaw was found in Quarkus. The state and potentially associated permissions can leak from one web request to another in RestEasy Reactive. This flaw allows a low-privileged user to perform operations on the database with a different set of privileges than intended.
    CWE-863 Incorrect Authorization

    CVSSv3:
    • Base Score: HIGH (8.8)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:2.8/RC:R/MAV:A
    CVSSv2:
    • Base Score: MEDIUM (6.5)
    • Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P

    References:

    Vulnerable Software & Versions:

    CVE-2023-4853  

    A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. This issue could allow an attacker to bypass the security policy altogether, resulting in unauthorized endpoint access and possibly a denial of service.
    CWE-148 Improper Neutralization of Input Leaders, CWE-863 Incorrect Authorization

    CVSSv3:
    • Base Score: HIGH (8.1)
    • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2021-29428  

    In Gradle before version 7.0, on Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. Gradle builds could be vulnerable to a local privilege escalation from an attacker quickly deleting and recreating files in the system temporary directory. This vulnerability impacted builds using precompiled script plugins written in Kotlin DSL and tests for Gradle plugins written using ProjectBuilder or TestKit. If you are on Windows or modern versions of macOS, you are not vulnerable. If you are on a Unix-like operating system with the "sticky" bit set on your system temporary directory, you are not vulnerable. The problem has been patched and released with Gradle 7.0. As a workaround, on Unix-like operating systems, ensure that the "sticky" bit is set. This only allows the original user (or root) to delete a file. If you are unable to change the permissions of the system temporary directory, you can move the Java temporary directory by setting the System Property `java.io.tmpdir`. The new path needs to limit permissions to the build user only. For additional details refer to the referenced GitHub Security Advisory.
    CWE-378 Creation of Temporary File With Insecure Permissions, CWE-379 Creation of Temporary File in Directory with Insecure Permissions

    CVSSv3:
    • Base Score: HIGH (7.8)
    • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:1.8/RC:R/MAV:A
    CVSSv2:
    • Base Score: MEDIUM (4.4)
    • Vector: /AV:L/AC:M/Au:N/C:P/I:P/A:P

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2021-37136  

    The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack
    CWE-400 Uncontrolled Resource Consumption

    CVSSv3:
    • Base Score: HIGH (7.5)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A
    CVSSv2:
    • Base Score: MEDIUM (5.0)
    • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2021-37137  

    The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well. This vulnerability can be triggered by supplying malicious input that decompresses to a very big size (via a network stream or a file) or by sending a huge skippable chunk.
    CWE-400 Uncontrolled Resource Consumption

    CVSSv3:
    • Base Score: HIGH (7.5)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A
    CVSSv2:
    • Base Score: MEDIUM (5.0)
    • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2021-37714  

    jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck (loop indefinitely until cancelled), to complete more slowly than usual, or to throw an unexpected exception. This effect may support a denial of service attack. The issue is patched in version 1.14.2. There are a few available workarounds. Users may rate limit input parsing, limit the size of inputs based on system resources, and/or implement thread watchdogs to cap and timeout parse runtimes.
    CWE-248 Uncaught Exception, CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

    CVSSv3:
    • Base Score: HIGH (7.5)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A
    CVSSv2:
    • Base Score: MEDIUM (5.0)
    • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2022-4147  

    Quarkus CORS filter allows simple GET and POST requests with invalid Origin to proceed. Simple GET or POST requests made with XMLHttpRequest are the ones which have no event listeners registered on the object returned by the XMLHttpRequest upload property and have no ReadableStream object used in the request.
    CWE-1026

    CVSSv3:
    • Base Score: HIGH (7.5)
    • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:1.6/RC:R/MAV:A

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2022-42003  

    In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.
    CWE-502 Deserialization of Untrusted Data

    CVSSv3:
    • Base Score: HIGH (7.5)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2022-42004  

    In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.
    CWE-502 Deserialization of Untrusted Data

    CVSSv3:
    • Base Score: HIGH (7.5)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2023-1584  

    A flaw was found in Quarkus. Quarkus OIDC can leak both ID and access tokens in the authorization code flow when an insecure HTTP protocol is used, which can allow attackers to access sensitive user data directly from the ID token or by using the access token to access user data from OIDC provider services. Please note that passwords are not stored in access tokens.
    NVD-CWE-noinfo, CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

    CVSSv3:
    • Base Score: HIGH (7.5)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A

    References:

    Vulnerable Software & Versions:

    CVE-2021-29427  

    In Gradle from version 5.1 and before version 7.0 there is a vulnerability which can lead to information disclosure and/or dependency poisoning. Repository content filtering is a security control Gradle introduced to help users specify what repositories are used to resolve specific dependencies. This feature was introduced in the wake of the "A Confusing Dependency" blog post. In some cases, Gradle may ignore content filters and search all repositories for dependencies. This only occurs when repository content filtering is used from within a `pluginManagement` block in a settings file. This may change how dependencies are resolved for Gradle plugins and build scripts. For builds that are vulnerable, there are two risks: 1) Information disclosure: Gradle could make dependency requests to repositories outside your organization and leak internal package identifiers. 2) Dependency poisoning/Dependency confusion: Gradle could download a malicious binary from a repository outside your organization due to name squatting. For a full example and more details refer to the referenced GitHub Security Advisory. The problem has been patched and released with Gradle 7.0. Users relying on this feature should upgrade their build as soon as possible. As a workaround, users may use a company repository which has the right rules for fetching packages from public repositories, or use project level repository content filtering, inside `buildscript.repositories`. This option is available since Gradle 5.1 when the feature was introduced.
    CWE-829 Inclusion of Functionality from Untrusted Control Sphere

    CVSSv3:
    • Base Score: HIGH (7.2)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:1.2/RC:R/MAV:A
    CVSSv2:
    • Base Score: MEDIUM (6.0)
    • Vector: /AV:N/AC:M/Au:S/C:P/I:P/A:P

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2022-21363  

    Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).
    NVD-CWE-noinfo

    CVSSv3:
    • Base Score: MEDIUM (6.6)
    • Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:0.7/RC:R/MAV:A
    CVSSv2:
    • Base Score: MEDIUM (6.0)
    • Vector: /AV:N/AC:M/Au:S/C:P/I:P/A:P

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2021-43797  

    Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Netty prior to version 4.1.71.Final skips control chars when they are present at the beginning / end of the header name. It should instead fail fast as these are not allowed by the spec and could lead to HTTP request smuggling. Failing to do the validation might cause netty to "sanitize" header names before it forward these to another remote system when used as proxy. This remote system can't see the invalid usage anymore, and therefore does not do the validation itself. Users should upgrade to version 4.1.71.Final.
    CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

    CVSSv3:
    • Base Score: MEDIUM (6.5)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:2.8/RC:R/MAV:A
    CVSSv2:
    • Base Score: MEDIUM (4.3)
    • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2023-0044  

    If the Quarkus Form Authentication session cookie Path attribute is set to `/` then a cross-site attack may be initiated which might lead to the Information Disclosure. This attack can be prevented with the Quarkus CSRF Prevention feature.
    CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

    CVSSv3:
    • Base Score: MEDIUM (6.1)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2021-2471  

    Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Connectors accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. CVSS 3.1 Base Score 5.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H).
    NVD-CWE-noinfo

    CVSSv3:
    • Base Score: MEDIUM (5.9)
    • Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H/E:0.7/RC:R/MAV:A
    CVSSv2:
    • Base Score: HIGH (7.9)
    • Vector: /AV:N/AC:M/Au:S/C:C/I:N/A:C

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2021-38153  

    Some components in Apache Kafka use `Arrays.equals` to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful. Users should upgrade to 2.8.1 or higher, or 3.0.0 or higher where this vulnerability has been fixed. The affected versions include Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, 2.2.2, 2.3.0, 2.3.1, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.6.0, 2.6.1, 2.6.2, 2.7.0, 2.7.1, and 2.8.0.
    CWE-203 Observable Discrepancy

    CVSSv3:
    • Base Score: MEDIUM (5.9)
    • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:2.2/RC:R/MAV:A
    CVSSv2:
    • Base Score: MEDIUM (4.3)
    • Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2021-29429  

    In Gradle before version 7.0, files created with open permissions in the system temporary directory can allow an attacker to access information downloaded by Gradle. Some builds could be vulnerable to a local information disclosure. Remote files accessed through TextResourceFactory are downloaded into the system temporary directory first. Sensitive information contained in these files can be exposed to other local users on the same system. If you do not use the `TextResourceFactory` API, you are not vulnerable. As of Gradle 7.0, uses of the system temporary directory have been moved to the Gradle User Home directory. By default, this directory is restricted to the user running the build. As a workaround, set a more restrictive umask that removes read access to other users. When files are created in the system temporary directory, they will not be accessible to other users. If you are unable to change your system's umask, you can move the Java temporary directory by setting the System Property `java.io.tmpdir`. The new path needs to limit permissions to the build user only.
    CWE-377 Insecure Temporary File

    CVSSv3:
    • Base Score: MEDIUM (5.5)
    • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:1.8/RC:R/MAV:A
    CVSSv2:
    • Base Score: LOW (1.9)
    • Vector: /AV:L/AC:M/Au:N/C:P/I:N/A:N

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2021-28170  

    In the Jakarta Expression Language implementation 3.0.3 and earlier, a bug in the ELParserTokenManager enables invalid EL expressions to be evaluated as if they were valid.
    CWE-20 Improper Input Validation, CWE-917 Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

    CVSSv3:
    • Base Score: MEDIUM (5.3)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A
    CVSSv2:
    • Base Score: MEDIUM (5.0)
    • Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2023-0481  

    In RestEasy Reactive implementation of Quarkus the insecure File.createTempFile() is used in the FileBodyHandler class which creates temp files with insecure permissions that could be read by a local user.
    CWE-378 Creation of Temporary File With Insecure Permissions, CWE-668 Exposure of Resource to Wrong Sphere

    CVSSv3:
    • Base Score: LOW (3.3)
    • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:1.8/RC:R/MAV:A

    References:

    Vulnerable Software & Versions:

    io.quarkus.vertx.utils.quarkus-vertx-utils-3.30.6.jar

    License:

    Apache License 2.0
    File Path: /builds/pub/numeco/misis/misis-backend/webapp/target/quarkus-app/lib/main/io.quarkus.vertx.utils.quarkus-vertx-utils-3.30.6.jar
    MD5: e277f9cdd80923b7ce733c5ac228d2d7
    SHA1: 201510a9d3fafcc654326547132921e28b625b9a
    SHA256:65801709ad8e18294556021948994cb9b9468f23dfda861750d367ff64f04ac1

    Identifiers

    CVE-2021-4277  

    A vulnerability, which was classified as problematic, has been found in fredsmith utils. This issue affects some unknown processing of the file screenshot_sync of the component Filename Handler. The manipulation leads to predictable from observable state. The name of the patch is dbab1b66955eeb3d76b34612b358307f5c4e3944. It is recommended to apply a patch to fix this issue. The identifier VDB-216749 was assigned to this vulnerability.
    CWE-341 Predictable from Observable State, CWE-330 Use of Insufficiently Random Values

    CVSSv3:
    • Base Score: MEDIUM (5.3)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:3.9/RC:R/MAV:A

    References:

    Vulnerable Software & Versions:

    io.smallrye.certs.smallrye-private-key-pem-parser-0.9.2.jar

    File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/io.smallrye.certs.smallrye-private-key-pem-parser-0.9.2.jar
    MD5: eada66bbc084df9d8ab9747b826d6f7d
    SHA1: fffc0c86069623b021d8d2d222d09db52ae81994
    SHA256:4ba98e92ed203593d87e384a1e09fa96c18c90173a6170fea71cf23a1c9c5286

    Identifiers

    • None

    io.smallrye.common.smallrye-common-annotation-2.14.0.jar

    File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/io.smallrye.common.smallrye-common-annotation-2.14.0.jar
    MD5: 6c13aca299ec50b0b72f1347058878a6
    SHA1: 5a2d58a31f47fa47a685238132bf20c6c085d5d7
    SHA256:3c7fdeac90ed7acf97b03eb63d8e3286e9f0fa66c8450613d3453645725db010

    Identifiers

    • None

    io.smallrye.common.smallrye-common-classloader-2.14.0.jar

    File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/io.smallrye.common.smallrye-common-classloader-2.14.0.jar
    MD5: 653284d41f4aead4069a70aa6e795817
    SHA1: ce5b85b059c257e4640752a4fea5f27ce64fc2be
    SHA256:59194c310c755b75f84059c4923f9a3ef42cac6af568e35b2cc0b8c08d84adbc

    Identifiers

    • None

    io.smallrye.common.smallrye-common-constraint-2.14.0.jar

    File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/boot/io.smallrye.common.smallrye-common-constraint-2.14.0.jar
    MD5: 5ec5cba75d9736ba6df20ca4d74a006b
    SHA1: 72145a1dc9b65e805dc82740f20a43817d4b21f0
    SHA256:10bb72443594c780a80e011c7b5a1ca246e13860447cce278b6ebc448baddfce

    Identifiers

    • None

    io.smallrye.common.smallrye-common-cpu-2.14.0.jar

    File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/boot/io.smallrye.common.smallrye-common-cpu-2.14.0.jar
    MD5: 05ae6cbeaf4411b7292a5836e5b9f9bb
    SHA1: a9d8c180721ca52f7bfd5ec1115d017fb1c5ce76
    SHA256:1ee21c46d9c0b8cbdd1e489683fbd9976c0dce93b8e5a5af0543997577eb9969

    Identifiers

    • None

    io.smallrye.common.smallrye-common-expression-2.14.0.jar

    File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/boot/io.smallrye.common.smallrye-common-expression-2.14.0.jar
    MD5: 2808b062995dccdc2d16766a01c09182
    SHA1: c890291cf7b9d7703d685f9d643e1cf4b9a8a1f3
    SHA256:a17c1b4bf2366e2bc98cda96f4d0d5acc0c2cdbfa4341a592254ffb63cbb5253

    Identifiers

    • None

    io.smallrye.common.smallrye-common-function-2.14.0.jar

    File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/boot/io.smallrye.common.smallrye-common-function-2.14.0.jar
    MD5: b8bbb6957d14860c46ca002ffdffe7de
    SHA1: e2ea1d1c5baf4794133b4ff06712096149527329
    SHA256:f0e0c6c213c40665b3c29cede733f668f37e38aa5f3ab4335c55191fdc0c359d

    Identifiers

    • None

    io.smallrye.common.smallrye-common-io-2.14.0.jar

    File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/boot/io.smallrye.common.smallrye-common-io-2.14.0.jar
    MD5: 890a846ea80f0195a7362a6753ddb7dc
    SHA1: ed4683202fb7d4307f010e0a4d6fce2642dea03a
    SHA256:59e28aecccf6271dfbb3bde464cf91f89396ea1892f5ee18087b00baf1d3cec2

    Identifiers

    • None

    io.smallrye.common.smallrye-common-net-2.14.0.jar

    File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/boot/io.smallrye.common.smallrye-common-net-2.14.0.jar
    MD5: bf88f1b55ab7c679b101d6fae249eef7
    SHA1: 5f226a9edddd47b22205d153999f9fbada1d1c44
    SHA256:e82e4184532b5e2ac59b5ebb4ba2b14e31ca8164b4060dd8fd4315648ca09d22

    Identifiers

    • None

    io.smallrye.common.smallrye-common-os-2.14.0.jar

    File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/boot/io.smallrye.common.smallrye-common-os-2.14.0.jar
    MD5: a4f54058f329623dca36cffa3b34194e
    SHA1: 133f05bd41f41deb1ec863413d37c368978d43f4
    SHA256:7f8b361b789ad1ec6066fe0bad7f6f75a1052d8eeb98535a6228bb92396380bc

    Identifiers

    • None

    io.smallrye.common.smallrye-common-ref-2.14.0.jar

    File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/boot/io.smallrye.common.smallrye-common-ref-2.14.0.jar
    MD5: ac2dc1ab64fe765d4e6aab724006f192
    SHA1: 77dc7cb1142cad32ab33987171d9b26e928d92fe
    SHA256:11cc65375d0ce0214c0a056a4964fc4791df4c4624747e45eca57d006deb502f

    Identifiers

    • None

    io.smallrye.common.smallrye-common-vertx-context-2.14.0.jar

    File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/io.smallrye.common.smallrye-common-vertx-context-2.14.0.jar
    MD5: 345274175735c5f264f45086293f13b8
    SHA1: 7d3982095d43fef84df5d7fd46dc7ee86786027f
    SHA256:1fe19e794110f8c97efa248744612f6aed8d5013715964da52b40e102384793f

    Identifiers

    • None

    io.smallrye.config.smallrye-config-3.14.1.jar

    File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/io.smallrye.config.smallrye-config-3.14.1.jar
    MD5: a91df3ce94d76628067db3e6e6520103
    SHA1: 278cdd1de27726b1a802b56c42763fefe97977ca
    SHA256:dd1ebce3833a36330ea914b2cc17180de32281fd42782cec47a3276986f24ffe

    Identifiers

    • None

    io.smallrye.config.smallrye-config-common-3.14.1.jar

    File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/io.smallrye.config.smallrye-config-common-3.14.1.jar
    MD5: 3ecc60c7386819db10598fe018f223c9
    SHA1: 798e7d35f313ef80e34adecdf08b1debb8e5c7c7
    SHA256:df0f9a960b45ccf7599a376cceaf557ac3e13eabf54e12c07dcdb6a9cf7166d2

    Identifiers

    • None

    io.smallrye.config.smallrye-config-core-3.14.1.jar

    File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/io.smallrye.config.smallrye-config-core-3.14.1.jar
    MD5: 09fe61a586970ffae935effe9fae4fa5
    SHA1: afbddf21eab5f4972a59590fc1d769337465ce1a
    SHA256:b5d16df55956c38820f332e9bb93593e9c6988880cd234ae91c288410e383d39

    Identifiers

    • None

    io.smallrye.config.smallrye-config-validator-3.14.1.jar

    File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/io.smallrye.config.smallrye-config-validator-3.14.1.jar
    MD5: 409df1c5b4292a8829b51f0b07739d95
    SHA1: 96821ca6b9afb7979b44cf562792c75d64ef6896
    SHA256:98fbc702b99cc7a4956a41a47f4cfd97d5ca1a88037570680740bd2bcff1f944

    Identifiers

    CVE-2025-15104  

    Nu Html Checker (validator.nu) contains a restriction bypass that allows remote attackers to make the server perform arbitrary HTTP/HTTPS requests to internal resources, including localhost services. While the validator implements hostname-based protections to block direct access to localhost and 127.0.0.1, these controls can be bypassed using DNS rebinding techniques or domains that resolve to loopback addresses.This issue affects The Nu Html Checker (vnu): latest (commit 23f090a11bab8d0d4e698f1ffc197a4fe226a9cd).
    CWE-918 Server-Side Request Forgery (SSRF)

    CVSSv4:
    • Base Score: MEDIUM (6.9)
    • Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:N/V:X/RE:X/U:X
    CVSSv3:
    • Base Score: MEDIUM (5.3)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:3.9/RC:R/MAV:A

    References:

    Vulnerable Software & Versions:

    io.smallrye.jandex-3.5.2.jar

    Description:

    SmallRye Build Parent POM

    License:

    https://www.apache.org/licenses/LICENSE-2.0.txt
    File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/io.smallrye.jandex-3.5.2.jar
    MD5: 9b42b4d771cef1420c53a011e7ce1e7e
    SHA1: 2e59141aa1fc93306265ea29337c09f68138d969
    SHA256:bc7b27d6215a1f205ff6312594132f1bff9b8450009b59790e17e23982d8d9c0

    Identifiers

    • None

    io.smallrye.reactive.mutiny-3.1.0.jar

    File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/io.smallrye.reactive.mutiny-3.1.0.jar
    MD5: 2d84bdc850e8981446053036beb193b4
    SHA1: 4d089347cab12207bc62417df901fa40341f341c
    SHA256:314bd5942c8a238d19edd000325b12cda54916a409f2c3af5c4e9e49c3a08db3

    Identifiers

    CVE-2022-37832  

    Mutiny 7.2.0-10788 suffers from Hardcoded root password.
    CWE-798 Use of Hard-coded Credentials

    CVSSv3:
    • Base Score: CRITICAL (9.8)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A

    References:

    Vulnerable Software & Versions:

    CVE-2018-15529  

    A command injection vulnerability in maintenance.cgi in Mutiny "Monitoring Appliance" before 6.1.0-5263 allows authenticated users, with access to the admin interface, to inject arbitrary commands within the filename of a system upgrade upload.
    CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

    CVSSv3:
    • Base Score: HIGH (8.8)
    • Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:2.8/RC:R/MAV:A
    CVSSv2:
    • Base Score: MEDIUM (6.5)
    • Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P

    References:

    Vulnerable Software & Versions:

    CVE-2013-0136  

    Multiple directory traversal vulnerabilities in the EditDocument servlet in the Frontend in Mutiny before 5.0-1.11 allow remote authenticated users to upload and execute arbitrary programs, read arbitrary files, or cause a denial of service (file deletion or renaming) via (1) the uploadPath parameter in an UPLOAD operation; the paths[] parameter in a (2) DELETE, (3) CUT, or (4) COPY operation; or the newPath parameter in a (5) CUT or (6) COPY operation.
    CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

    CVSSv2:
    • Base Score: HIGH (8.5)
    • Vector: /AV:N/AC:M/Au:S/C:C/I:C/A:C

    References:

    Vulnerable Software & Versions: (show all)

    io.smallrye.reactive.mutiny-reactive-streams-operators-3.1.0.jar

    File Path: /builds/pub/numeco/misis/misis-backend/webapp/target/quarkus-app/lib/main/io.smallrye.reactive.mutiny-reactive-streams-operators-3.1.0.jar
    MD5: f243d78b4020bd189bf755bf3d8f7d68
    SHA1: ee5a9abe9d7c9d0f70d09c0961350c5e360f9779
    SHA256:56b298b1bccb87332c59a4bebd373491f268cb7ce209fe13b81a35911c877008

    Identifiers

    CVE-2022-37832  

    Mutiny 7.2.0-10788 suffers from Hardcoded root password.
    CWE-798 Use of Hard-coded Credentials

    CVSSv3:
    • Base Score: CRITICAL (9.8)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A

    References:

    Vulnerable Software & Versions:

    CVE-2018-15529  

    A command injection vulnerability in maintenance.cgi in Mutiny "Monitoring Appliance" before 6.1.0-5263 allows authenticated users, with access to the admin interface, to inject arbitrary commands within the filename of a system upgrade upload.
    CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

    CVSSv3:
    • Base Score: HIGH (8.8)
    • Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:2.8/RC:R/MAV:A
    CVSSv2:
    • Base Score: MEDIUM (6.5)
    • Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P

    References:

    Vulnerable Software & Versions:

    CVE-2013-0136  

    Multiple directory traversal vulnerabilities in the EditDocument servlet in the Frontend in Mutiny before 5.0-1.11 allow remote authenticated users to upload and execute arbitrary programs, read arbitrary files, or cause a denial of service (file deletion or renaming) via (1) the uploadPath parameter in an UPLOAD operation; the paths[] parameter in a (2) DELETE, (3) CUT, or (4) COPY operation; or the newPath parameter in a (5) CUT or (6) COPY operation.
    CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

    CVSSv2:
    • Base Score: HIGH (8.5)
    • Vector: /AV:N/AC:M/Au:S/C:C/I:C/A:C

    References:

    Vulnerable Software & Versions: (show all)

    io.smallrye.reactive.mutiny-smallrye-context-propagation-3.1.0.jar

    File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/io.smallrye.reactive.mutiny-smallrye-context-propagation-3.1.0.jar
    MD5: 796cd463f2e9ffcdd3c75a696ca65033
    SHA1: 0dca030f0c51f4626b608f97655001b91cadbe5d
    SHA256:3d4c64d04a993ba19bf69a408f4851aa9cce1b01080939891a83996b12c1b4ac

    Identifiers

    CVE-2022-37832  

    Mutiny 7.2.0-10788 suffers from Hardcoded root password.
    CWE-798 Use of Hard-coded Credentials

    CVSSv3:
    • Base Score: CRITICAL (9.8)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A

    References:

    Vulnerable Software & Versions:

    CVE-2018-15529  

    A command injection vulnerability in maintenance.cgi in Mutiny "Monitoring Appliance" before 6.1.0-5263 allows authenticated users, with access to the admin interface, to inject arbitrary commands within the filename of a system upgrade upload.
    CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

    CVSSv3:
    • Base Score: HIGH (8.8)
    • Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:2.8/RC:R/MAV:A
    CVSSv2:
    • Base Score: MEDIUM (6.5)
    • Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P

    References:

    Vulnerable Software & Versions:

    CVE-2013-0136  

    Multiple directory traversal vulnerabilities in the EditDocument servlet in the Frontend in Mutiny before 5.0-1.11 allow remote authenticated users to upload and execute arbitrary programs, read arbitrary files, or cause a denial of service (file deletion or renaming) via (1) the uploadPath parameter in an UPLOAD operation; the paths[] parameter in a (2) DELETE, (3) CUT, or (4) COPY operation; or the newPath parameter in a (5) CUT or (6) COPY operation.
    CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

    CVSSv2:
    • Base Score: HIGH (8.5)
    • Vector: /AV:N/AC:M/Au:S/C:C/I:C/A:C

    References:

    Vulnerable Software & Versions: (show all)

    io.smallrye.reactive.mutiny-zero-1.1.1.jar

    File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/io.smallrye.reactive.mutiny-zero-1.1.1.jar
    MD5: 79002b47fccb84b304b2cb3a6866d30b
    SHA1: 73cc6067cc49cf8a351733f64ac093b7e019438e
    SHA256:2ba037374ea75e29921726d34a2ac426b88bd425a9e646802f905c117457a7a8

    Identifiers

    CVE-2022-37832  

    Mutiny 7.2.0-10788 suffers from Hardcoded root password.
    CWE-798 Use of Hard-coded Credentials

    CVSSv3:
    • Base Score: CRITICAL (9.8)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A

    References:

    Vulnerable Software & Versions:

    CVE-2018-15529  

    A command injection vulnerability in maintenance.cgi in Mutiny "Monitoring Appliance" before 6.1.0-5263 allows authenticated users, with access to the admin interface, to inject arbitrary commands within the filename of a system upgrade upload.
    CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

    CVSSv3:
    • Base Score: HIGH (8.8)
    • Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:2.8/RC:R/MAV:A
    CVSSv2:
    • Base Score: MEDIUM (6.5)
    • Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P

    References:

    Vulnerable Software & Versions:

    CVE-2013-0136  

    Multiple directory traversal vulnerabilities in the EditDocument servlet in the Frontend in Mutiny before 5.0-1.11 allow remote authenticated users to upload and execute arbitrary programs, read arbitrary files, or cause a denial of service (file deletion or renaming) via (1) the uploadPath parameter in an UPLOAD operation; the paths[] parameter in a (2) DELETE, (3) CUT, or (4) COPY operation; or the newPath parameter in a (5) CUT or (6) COPY operation.
    CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

    CVSSv2:
    • Base Score: HIGH (8.5)
    • Vector: /AV:N/AC:M/Au:S/C:C/I:C/A:C

    References:

    Vulnerable Software & Versions: (show all)

    io.smallrye.reactive.mutiny-zero-flow-adapters-1.1.1.jar

    File Path: /builds/pub/numeco/misis/misis-backend/webapp/target/quarkus-app/lib/main/io.smallrye.reactive.mutiny-zero-flow-adapters-1.1.1.jar
    MD5: 7d0609ddc6c96af1f9db3d89bd8b5e63
    SHA1: b83c3d76c803b6362eb264c728ba95a30a72855d
    SHA256:7e2576e235bcd277c52d67e11d70d1922040bc1b769883d985d68c60597a1ab2

    Identifiers

    CVE-2022-37832  

    Mutiny 7.2.0-10788 suffers from Hardcoded root password.
    CWE-798 Use of Hard-coded Credentials

    CVSSv3:
    • Base Score: CRITICAL (9.8)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A

    References:

    Vulnerable Software & Versions:

    CVE-2018-15529  

    A command injection vulnerability in maintenance.cgi in Mutiny "Monitoring Appliance" before 6.1.0-5263 allows authenticated users, with access to the admin interface, to inject arbitrary commands within the filename of a system upgrade upload.
    CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

    CVSSv3:
    • Base Score: HIGH (8.8)
    • Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:2.8/RC:R/MAV:A
    CVSSv2:
    • Base Score: MEDIUM (6.5)
    • Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P

    References:

    Vulnerable Software & Versions:

    CVE-2013-0136  

    Multiple directory traversal vulnerabilities in the EditDocument servlet in the Frontend in Mutiny before 5.0-1.11 allow remote authenticated users to upload and execute arbitrary programs, read arbitrary files, or cause a denial of service (file deletion or renaming) via (1) the uploadPath parameter in an UPLOAD operation; the paths[] parameter in a (2) DELETE, (3) CUT, or (4) COPY operation; or the newPath parameter in a (5) CUT or (6) COPY operation.
    CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

    CVSSv2:
    • Base Score: HIGH (8.5)
    • Vector: /AV:N/AC:M/Au:S/C:C/I:C/A:C

    References:

    Vulnerable Software & Versions: (show all)

    io.smallrye.reactive.smallrye-mutiny-vertx-core-3.21.3.jar

    File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/io.smallrye.reactive.smallrye-mutiny-vertx-core-3.21.3.jar
    MD5: 87a71ec3819c68e8da0e7aa4e0769301
    SHA1: 1dc6919d982c70bd2a64a3df2e523e024dbb9c58
    SHA256:53606c52da6c1b937b244532b1d8c40ae13ae0a78df1cb3808fcf6f7032c8616

    Identifiers

    CVE-2022-37832  

    Mutiny 7.2.0-10788 suffers from Hardcoded root password.
    CWE-798 Use of Hard-coded Credentials

    CVSSv3:
    • Base Score: CRITICAL (9.8)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A

    References:

    Vulnerable Software & Versions:

    CVE-2018-15529  

    A command injection vulnerability in maintenance.cgi in Mutiny "Monitoring Appliance" before 6.1.0-5263 allows authenticated users, with access to the admin interface, to inject arbitrary commands within the filename of a system upgrade upload.
    CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

    CVSSv3:
    • Base Score: HIGH (8.8)
    • Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:2.8/RC:R/MAV:A
    CVSSv2:
    • Base Score: MEDIUM (6.5)
    • Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P

    References:

    Vulnerable Software & Versions:

    CVE-2013-0136  

    Multiple directory traversal vulnerabilities in the EditDocument servlet in the Frontend in Mutiny before 5.0-1.11 allow remote authenticated users to upload and execute arbitrary programs, read arbitrary files, or cause a denial of service (file deletion or renaming) via (1) the uploadPath parameter in an UPLOAD operation; the paths[] parameter in a (2) DELETE, (3) CUT, or (4) COPY operation; or the newPath parameter in a (5) CUT or (6) COPY operation.
    CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

    CVSSv2:
    • Base Score: HIGH (8.5)
    • Vector: /AV:N/AC:M/Au:S/C:C/I:C/A:C

    References:

    Vulnerable Software & Versions: (show all)

    io.smallrye.reactive.smallrye-mutiny-vertx-web-3.21.3.jar

    File Path: /builds/pub/numeco/misis/misis-backend/webapp/target/quarkus-app/lib/main/io.smallrye.reactive.smallrye-mutiny-vertx-web-3.21.3.jar
    MD5: 435ab21d8323db7d8ae10ce7843c5839
    SHA1: 864472ea946d6b0b9b06bbfa7d58d34bab42318d
    SHA256:eb7152d5e737b920c03e8b2cfe1e5f2a15ac6b2eb6e65e284e1514844cc65973

    Identifiers

    CVE-2022-37832  

    Mutiny 7.2.0-10788 suffers from Hardcoded root password.
    CWE-798 Use of Hard-coded Credentials

    CVSSv3:
    • Base Score: CRITICAL (9.8)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A

    References:

    Vulnerable Software & Versions:

    CVE-2018-15529  

    A command injection vulnerability in maintenance.cgi in Mutiny "Monitoring Appliance" before 6.1.0-5263 allows authenticated users, with access to the admin interface, to inject arbitrary commands within the filename of a system upgrade upload.
    CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

    CVSSv3:
    • Base Score: HIGH (8.8)
    • Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:2.8/RC:R/MAV:A
    CVSSv2:
    • Base Score: MEDIUM (6.5)
    • Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P

    References:

    Vulnerable Software & Versions:

    CVE-2013-0136  

    Multiple directory traversal vulnerabilities in the EditDocument servlet in the Frontend in Mutiny before 5.0-1.11 allow remote authenticated users to upload and execute arbitrary programs, read arbitrary files, or cause a denial of service (file deletion or renaming) via (1) the uploadPath parameter in an UPLOAD operation; the paths[] parameter in a (2) DELETE, (3) CUT, or (4) COPY operation; or the newPath parameter in a (5) CUT or (6) COPY operation.
    CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

    CVSSv2:
    • Base Score: HIGH (8.5)
    • Vector: /AV:N/AC:M/Au:S/C:C/I:C/A:C

    References:

    Vulnerable Software & Versions: (show all)

    io.smallrye.reactive.smallrye-reactive-converter-api-3.0.3.jar

    File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/io.smallrye.reactive.smallrye-reactive-converter-api-3.0.3.jar
    MD5: 825d89264db4250072a5aec0d2ff5f98
    SHA1: d36f3eb155b6f7296f447f1d82249d07c3c2ea91
    SHA256:8f47b3cbdef72c5875836011beb02f485918febbb73c15d51738c566eb669253

    Identifiers

    • None

    io.smallrye.reactive.smallrye-reactive-converter-mutiny-3.0.3.jar

    File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/io.smallrye.reactive.smallrye-reactive-converter-mutiny-3.0.3.jar
    MD5: 035cb1d3ba2b64b2b7d8e1f1cf5ed5cf
    SHA1: b0f37e345418b2d6d5e9f4b468be9d659c7391d7
    SHA256:5255e5e77d38b0bc166511c3ce7af3a97cf1edeaa19d2946102f929d99273111

    Identifiers

    CVE-2022-37832  

    Mutiny 7.2.0-10788 suffers from Hardcoded root password.
    CWE-798 Use of Hard-coded Credentials

    CVSSv3:
    • Base Score: CRITICAL (9.8)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A

    References:

    Vulnerable Software & Versions:

    CVE-2018-15529  

    A command injection vulnerability in maintenance.cgi in Mutiny "Monitoring Appliance" before 6.1.0-5263 allows authenticated users, with access to the admin interface, to inject arbitrary commands within the filename of a system upgrade upload.
    CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

    CVSSv3:
    • Base Score: HIGH (8.8)
    • Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:2.8/RC:R/MAV:A
    CVSSv2:
    • Base Score: MEDIUM (6.5)
    • Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P

    References:

    Vulnerable Software & Versions:

    CVE-2013-0136  

    Multiple directory traversal vulnerabilities in the EditDocument servlet in the Frontend in Mutiny before 5.0-1.11 allow remote authenticated users to upload and execute arbitrary programs, read arbitrary files, or cause a denial of service (file deletion or renaming) via (1) the uploadPath parameter in an UPLOAD operation; the paths[] parameter in a (2) DELETE, (3) CUT, or (4) COPY operation; or the newPath parameter in a (5) CUT or (6) COPY operation.
    CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

    CVSSv2:
    • Base Score: HIGH (8.5)
    • Vector: /AV:N/AC:M/Au:S/C:C/I:C/A:C

    References:

    Vulnerable Software & Versions: (show all)

    io.smallrye.reactive.smallrye-reactive-messaging-api-4.31.0.jar

    File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/io.smallrye.reactive.smallrye-reactive-messaging-api-4.31.0.jar
    MD5: c3bd114097f73e866e495d2ff1b469ff
    SHA1: 396d33d12894fafeae52e31c3b6315e5440529c0
    SHA256:f7843fc783d252ea517a35028e7ba39aa343c71c7035ea8e82e9cda77a97c965

    Identifiers

    • None

    io.smallrye.reactive.smallrye-reactive-messaging-health-4.31.0.jar

    File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/io.smallrye.reactive.smallrye-reactive-messaging-health-4.31.0.jar
    MD5: bb61815b8fc1e08c4373733107b6e1cd
    SHA1: 626a6e1b0a506cd9b69b8c7d42594f9d2fdd949a
    SHA256:db7cdf1bcb10456252f19671e2d7c67c5f4e6d59302b3a384c52e77f92db2f40

    Identifiers

    • None

    io.smallrye.reactive.smallrye-reactive-messaging-otel-4.31.0.jar

    File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/io.smallrye.reactive.smallrye-reactive-messaging-otel-4.31.0.jar
    MD5: 22d59c91049adbea0056eaa2321c98b1
    SHA1: f47c5e9cef49812beab0314cb7ea1f836f8ad33f
    SHA256:6e30fc940ff2e2fa8ff86cde99130e007fed6b3fa43ad8a51a3a3314bc9e76f8

    Identifiers

    • None

    io.smallrye.reactive.smallrye-reactive-messaging-provider-4.31.0.jar

    File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/io.smallrye.reactive.smallrye-reactive-messaging-provider-4.31.0.jar
    MD5: 4c6c3eacf455bd762bcae7b45b300461
    SHA1: c0cd08c871461c33753b9610e135ac1462acadff
    SHA256:af688a218296a6ccd3aae5681cf05367fdd744a869bd55669eb7306a0ecb84c1

    Identifiers

    • None

    io.smallrye.reactive.smallrye-reactive-messaging-rabbitmq-4.31.0.jar

    File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/io.smallrye.reactive.smallrye-reactive-messaging-rabbitmq-4.31.0.jar
    MD5: 8c54ca15fdf5ddf162bd2000db3c817e
    SHA1: 78ee63a9510484093ff333ed9c1a70ab67169c51
    SHA256:6d9b00b67a6a593e12b7b50c91fa607b6d02b76af5d8f3b0bfc95705226bd1b8

    Identifiers

    • None

    io.smallrye.reactive.vertx-mutiny-generator-3.21.3.jar

    File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/io.smallrye.reactive.vertx-mutiny-generator-3.21.3.jar
    MD5: 3cba529be09860afdb7ea3aeb124b601
    SHA1: 208f61c2efd4f889f2fa1025f1ac1682b28aed44
    SHA256:aa53ff28bd9caf0c7c32c8ebffe025a01d9f5c18b0e74be569060d7978e1f187

    Identifiers

    CVE-2022-37832  

    Mutiny 7.2.0-10788 suffers from Hardcoded root password.
    CWE-798 Use of Hard-coded Credentials

    CVSSv3:
    • Base Score: CRITICAL (9.8)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A

    References:

    Vulnerable Software & Versions:

    CVE-2018-15529  

    A command injection vulnerability in maintenance.cgi in Mutiny "Monitoring Appliance" before 6.1.0-5263 allows authenticated users, with access to the admin interface, to inject arbitrary commands within the filename of a system upgrade upload.
    CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

    CVSSv3:
    • Base Score: HIGH (8.8)
    • Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:2.8/RC:R/MAV:A
    CVSSv2:
    • Base Score: MEDIUM (6.5)
    • Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P

    References:

    Vulnerable Software & Versions:

    CVE-2013-0136  

    Multiple directory traversal vulnerabilities in the EditDocument servlet in the Frontend in Mutiny before 5.0-1.11 allow remote authenticated users to upload and execute arbitrary programs, read arbitrary files, or cause a denial of service (file deletion or renaming) via (1) the uploadPath parameter in an UPLOAD operation; the paths[] parameter in a (2) DELETE, (3) CUT, or (4) COPY operation; or the newPath parameter in a (5) CUT or (6) COPY operation.
    CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

    CVSSv2:
    • Base Score: HIGH (8.5)
    • Vector: /AV:N/AC:M/Au:S/C:C/I:C/A:C

    References:

    Vulnerable Software & Versions: (show all)

    io.smallrye.smallrye-context-propagation-2.3.0.jar

    File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/io.smallrye.smallrye-context-propagation-2.3.0.jar
    MD5: 4ef0c3de062c91bb65d918cb8bd06c8b
    SHA1: dbbccd372f334e1deaa0b09832f0ddb278076a27
    SHA256:bc7d83a626d92d223c9f479c24c80e09df4c801781134ace9d826803b8f8eaff

    Identifiers

    • None

    io.smallrye.smallrye-context-propagation-api-2.3.0.jar

    File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/io.smallrye.smallrye-context-propagation-api-2.3.0.jar
    MD5: 4e1a2ef26afd73836da63cfebe546127
    SHA1: 668aff0e6b34b361f871a82e97c0be8f1c86b2e7
    SHA256:da0bc273588cefb478e98c4e137f65cc394a54253e35684d5d917060fdc4147c

    Identifiers

    • None

    io.smallrye.smallrye-context-propagation-jta-2.3.0.jar

    File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/io.smallrye.smallrye-context-propagation-jta-2.3.0.jar
    MD5: d9ac65d67968915aa014694610db19e0
    SHA1: 4814d716333865d02ef811f4543c7dce3c7c4461
    SHA256:40fdf6411e8cd7cdb493d1fdcf884d9304b72db58bc4efd077dfc960f8f1684a

    Identifiers

    • None

    io.smallrye.smallrye-context-propagation-storage-2.3.0.jar

    File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/io.smallrye.smallrye-context-propagation-storage-2.3.0.jar
    MD5: 893f9bf2b4dafa45cdb5fbbb56022f8e
    SHA1: 3b9e4ee4f440f4a1a34ad44882afe9ac8eff521a
    SHA256:0fb685500b833b819c934147f0d2f0ab00397df196442aa3fa0b1a6d962dedd0

    Identifiers

    • None

    io.smallrye.smallrye-fault-tolerance-vertx-6.9.3.jar

    File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/io.smallrye.smallrye-fault-tolerance-vertx-6.9.3.jar
    MD5: b010d72377f058f7e87a6c846422ea80
    SHA1: 37d7933fd9a763c8903347826bee526d9aa7f39b
    SHA256:41087ca2ccf9c0f258df3639f6e4f959b7911596d0f175ee94278d59bc4884a0

    Identifiers

    • None

    io.smallrye.smallrye-jwt-4.6.2.jar

    File Path: /builds/pub/numeco/misis/misis-backend/webapp/target/quarkus-app/lib/main/io.smallrye.smallrye-jwt-4.6.2.jar
    MD5: 9e7f91c5a6a5137b4a4aa6ccc5b0707c
    SHA1: 4660d56a93b32e3c8fc7bc9e23111396178ffca7
    SHA256:37e7fedccd0b86b1347213d50f9f084f2060ddf1d939156771f95061c71cc115

    Identifiers

    • None

    io.smallrye.smallrye-jwt-build-4.6.2.jar

    File Path: /builds/pub/numeco/misis/misis-backend/webapp/target/quarkus-app/lib/main/io.smallrye.smallrye-jwt-build-4.6.2.jar
    MD5: 0b03f75a78fd04a0109b0b3725006649
    SHA1: 99618086e5f4f1e4d4375f3365ba3ea529507028
    SHA256:310ce632b19ab52bf4c8e213f25987a134ac2396d078d1f546a3cf3c09db3e84

    Identifiers

    • None

    io.smallrye.smallrye-jwt-common-4.6.2.jar

    File Path: /builds/pub/numeco/misis/misis-backend/webapp/target/quarkus-app/lib/main/io.smallrye.smallrye-jwt-common-4.6.2.jar
    MD5: 22655f52b4438fef42cc906683f47bc9
    SHA1: cfaa0245f68eee96c8b1fc608e11f5ce03d47841
    SHA256:df1d4b6b4b8daf88ff9d2318c43b48a8876a2f0aa57fc578b5ee772df21296bf

    Identifiers

    • None

    io.smallrye.smallrye-open-api-core-4.2.3.jar

    File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/io.smallrye.smallrye-open-api-core-4.2.3.jar
    MD5: bafa9c188e07f117aa45bbf6d5662281
    SHA1: a018f7ff45d3c90bd728f09167dd2184ced8e209
    SHA256:f2bfb7e12046123e91ccb3927ebe4873956ce14596e04c29c2cb808e5a216d9e

    Identifiers

    • None

    io.smallrye.smallrye-open-api-model-4.2.3.jar

    File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/io.smallrye.smallrye-open-api-model-4.2.3.jar
    MD5: b293460a7faa594ac2d5f9e82d44a247
    SHA1: be7ab33ee89bd40965d90f76d74ebeaae4090df8
    SHA256:1e1e0bc7ea5593c3218943b734a114acfc09f604ff309606de167f6b902d6b3c

    Identifiers

    • None

    io.vertx.vertx-codegen-4.5.23.jar

    File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/io.vertx.vertx-codegen-4.5.23.jar
    MD5: 40e06a88fc3bbaca9a6afbc42b076864
    SHA1: d0efbf69dc108cbfe980f83d2a11c3ff3b841203
    SHA256:4ddef372bba04e0191c99f3956c63bfaccc5cf4a129669c4e99f9b02632988a6

    Identifiers

    • None

    io.vertx.vertx-core-4.5.23.jar

    File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/io.vertx.vertx-core-4.5.23.jar
    MD5: bf80e0d53392e4c257b3364832d20116
    SHA1: f83109594d263d5dc3b8e2d49649a8e13769e28e
    SHA256:d119aba508e88e1a54bd449baf27d5b229cf3025fa9ca92f9fb84c3a63c1143b

    Identifiers

    io.vertx.vertx-uri-template-4.5.23.jar

    File Path: /builds/pub/numeco/misis/misis-backend/webapp/target/quarkus-app/lib/main/io.vertx.vertx-uri-template-4.5.23.jar
    MD5: bd636053bc2925804841b11961ec7d33
    SHA1: e09ad88bf3c6d11e95f89fff273fc075bf45c384
    SHA256:fbbdc0e3067dd68d194e8d81b0e5d94ab8cd15a93718c9961e9612554816466f

    Identifiers

    io.vertx.vertx-web-4.5.23.jar

    File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/io.vertx.vertx-web-4.5.23.jar
    MD5: c0fef503b7ac301588460530af20b605
    SHA1: 0d11afd9769f71e5718ee3082a088e46cf1b1a20
    SHA256:4e3fa04ff835aa8dfe8e6b9fdf6bce9c76eaf762b3b8f63a31c2c252816a22a4

    Identifiers

    io.vertx.vertx-web-client-4.5.23.jar

    File Path: /builds/pub/numeco/misis/misis-backend/webapp/target/quarkus-app/lib/main/io.vertx.vertx-web-client-4.5.23.jar
    MD5: 71c2810b3f3299bfedad743035c1a2af
    SHA1: 80f09036dea414dcfa03f41a5b6b5778f3a82325
    SHA256:6e7b26669708107f96f8d0356971e06867e30e0a3a7d1f6467b7382b588ddfc9

    Identifiers

    itu-1.14.0.jar

    Description:

    Extremely fast date-time parser and formatter - RFC 3339 (ISO 8601 profile) and W3C format

    License:

    Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
    File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/com/ethlo/time/itu/1.14.0/itu-1.14.0.jar
    MD5: e537d0a2bc8066726f7e4654c253cf84
    SHA1: c0f9f9d4f4404787e992ab3af5ae95f2fad79e47
    SHA256:5cf40ab0cc77828ab2b875b1f3ecd71c8295d7721933476abc2e08fddcea164a

    Identifiers

    jackson-dataformat-xml-2.20.1.jar

    Description:

    Data format extension for Jackson to offer
alternative support for serializing POJOs as XML and deserializing XML as POJOs.

    License:

    http://www.apache.org/licenses/LICENSE-2.0.txt
    File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/com/fasterxml/jackson/dataformat/jackson-dataformat-xml/2.20.1/jackson-dataformat-xml-2.20.1.jar
    MD5: 55a13effaac5ed19e8393cba5e05f195
    SHA1: 3a8e1f06f8bdfd9f2c29f1b2bdad970b02dff4c9
    SHA256:190ad4eba35d89dba3517da279e0690681c4745174b94b09ea78f81ceae140f0

    Identifiers

    jackson-module-parameter-names-2.20.1.jar

    Description:

    Add-on module for Jackson (https://github.com/FasterXML/jackson) to support
introspection of method/constructor parameter names, without having to add explicit property name annotation.

    License:

    http://www.apache.org/licenses/LICENSE-2.0.txt
    File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/com/fasterxml/jackson/module/jackson-module-parameter-names/2.20.1/jackson-module-parameter-names-2.20.1.jar
    MD5: 4670f258db373db07ab0c552696c4aa2
    SHA1: 4214b732f1bd4e640e8e51ab6c5a73f6a418aaeb
    SHA256:3b7e3702fce28ff4819bc5d3f18ff513c3cd32eda46e74cf3328142dea882aa9

    Identifiers

    • pkg:maven/com.fasterxml.jackson.module/jackson-module-parameter-names@2.20.1  (Confidence:High)
    • cpe:2.3:a:fasterxml:jackson-modules-java8:2.20.1:*:*:*:*:*:*:*  (Confidence:Low)  

    jacoco-maven-plugin-0.8.13.jar

    Description:

    The JaCoCo Maven Plugin provides the JaCoCo runtime agent to your tests and allows basic report creation.

    File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/jacoco/jacoco-maven-plugin/0.8.13/jacoco-maven-plugin-0.8.13.jar
    MD5: b88d7622d5fe551c17efe93f5380007b
    SHA1: 4c2dd426a24fcb4f2e7413eefb45a5b7b4278def
    SHA256:73aa57883c00d0ec952a44e01dbe086efab0dc4098edfea9aaf927a9444d6636

    Identifiers

    • pkg:maven/org.jacoco/jacoco-maven-plugin@0.8.13  (Confidence:High)

    jakarta.activation.jakarta.activation-api-2.1.4.jar

    Description:

    Jakarta Activation API 2.1 Specification

    License:

    http://www.eclipse.org/org/documents/edl-v10.php
    File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/jakarta.activation.jakarta.activation-api-2.1.4.jar
    MD5: bc1602eee7bc61a0b86f14bbbb0cc794
    SHA1: 9e5c2a0d75dde71a0bedc4dbdbe47b78a5dc50f8
    SHA256:c9db52100ce6c8aac95cc39075f95720d2e561b11f8051b81c121ad4effd7004

    Identifiers

    • None

    jakarta.annotation.jakarta.annotation-api-3.0.0.jar

    Description:

    Jakarta Annotations API

    License:

    https://www.eclipse.org/legal/epl-2.0, https://www.gnu.org/software/classpath/license.html
    File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/jakarta.annotation.jakarta.annotation-api-3.0.0.jar
    MD5: 7faffaab962918da4cf5ddfd76609dd2
    SHA1: 54f928fadec906a99d558536756d171917b9d936
    SHA256:b01f55552284cfb149411e64eabca75e942d26d2e1786b32914250e4330afaa2

    Identifiers

    • None

    jakarta.el.jakarta.el-api-6.0.1.jar

    Description:

    Jakarta Expression Language 6.0

    License:

    https://www.eclipse.org/org/documents/epl-2.0/EPL-2.0.txt, https://www.gnu.org/software/classpath/license.html
    File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/jakarta.el.jakarta.el-api-6.0.1.jar
    MD5: a98f097e059552a75748fcdd067e5c16
    SHA1: c7c4a2eb1e40e0ff45ab5e2e52bd77d8c7a75176
    SHA256:7e84b5bed49de32b79cc5e85d90b6f5adb1a953ac67283adbb41c1e297f9c605

    Identifiers

    jakarta.enterprise.jakarta.enterprise.cdi-api-4.1.0.jar

    Description:

    APIs for CDI (Contexts and Dependency Injection for Java)

    License:

    https://www.apache.org/licenses/LICENSE-2.0
    File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/jakarta.enterprise.jakarta.enterprise.cdi-api-4.1.0.jar
    MD5: f72ee39b19274ffe26cac952acae6dc3
    SHA1: fed9518709d33252bfe0817fe61ad4dfd1b2e848
    SHA256:c42c808f17925129a0800f618febe050d966e181a4c7384c8a5e7a0283d68699

    Identifiers

    • None

    jakarta.enterprise.jakarta.enterprise.lang-model-4.1.0.jar

    Description:

    Build Compatible (Reflection-Free) Java Language Model for CDI

    License:

    https://apache.org/licenses/LICENSE-2.0.txt
    File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/jakarta.enterprise.jakarta.enterprise.lang-model-4.1.0.jar
    MD5: fd9efbe0808984a89690e04ea28cd368
    SHA1: 9270ae3df4239d4f337215403ebc9801fe659a2b
    SHA256:bb56f571f60d2862b2387d5468fe8f5540f8094727283ed991f89082708095ee

    Identifiers

    • None

    jakarta.inject.jakarta.inject-api-2.0.1.jar

    Description:

    Jakarta Dependency Injection

    License:

    http://www.apache.org/licenses/LICENSE-2.0.txt
    File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/jakarta.inject.jakarta.inject-api-2.0.1.jar
    MD5: 72003bf6efcc8455d414bbd7da86c11c
    SHA1: 4c28afe1991a941d7702fe1362c365f0a8641d1e
    SHA256:f7dc98062fccf14126abb751b64fab12c312566e8cbdc8483598bffcea93af7c

    Identifiers

    • None

    jakarta.interceptor.jakarta.interceptor-api-2.2.0.jar

    Description:

    Jakarta Interceptors 2.2 Specification

    License:

    http://www.eclipse.org/legal/epl-2.0, https://www.gnu.org/software/classpath/license.html
    File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/jakarta.interceptor.jakarta.interceptor-api-2.2.0.jar
    MD5: ef5c0cb454edafbd9e5b3cb0f728f61f
    SHA1: ed3605f9c5428d45549d4720235f3e943339f39a
    SHA256:d240d72b4dd38a2e431c804079810010cb97903678fa5f987fb7434878b04398

    Identifiers

    • None

    jakarta.json.jakarta.json-api-2.1.3.jar

    Description:

    Jakarta JSON Processing API 2.1

    License:

    https://projects.eclipse.org/license/epl-2.0, https://projects.eclipse.org/license/secondary-gpl-2.0-cp
    File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/jakarta.json.jakarta.json-api-2.1.3.jar
    MD5: 596997520702889d4afef9cffbd4b71a
    SHA1: 4febd83e1d9d1561d078af460ecd19532383735c
    SHA256:bc934142805ea1d794f1440563965a3861a2a9fb7414ecd3fe44f26500734414

    Identifiers

    • None

    jakarta.persistence.jakarta.persistence-api-3.2.0.jar

    Description:

    Jakarta Persistence 3.2 API jar

    License:

    http://www.eclipse.org/legal/epl-2.0, http://www.eclipse.org/org/documents/edl-v10.php
    File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/jakarta.persistence.jakarta.persistence-api-3.2.0.jar
    MD5: 79acec18d202797dcba1fff596a47684
    SHA1: bb75a113f3fa191c2c7ee7b206d8e674251b3129
    SHA256:be8a26b0e75c84c1b7600f759256fbc68d60333d89ec0ce3f784fc3ffa09aa8c

    Identifiers

    • None

    jakarta.resource.jakarta.resource-api-2.1.0.jar

    Description:

    Jakarta Connectors 2.1 Specification

    License:

    http://www.eclipse.org/legal/epl-2.0, https://www.gnu.org/software/classpath/license.html
    File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/jakarta.resource.jakarta.resource-api-2.1.0.jar
    MD5: d1bc3f1bcfb4be1a9d810195eba05927
    SHA1: d98f0ac826cdc85f80061c21bc061841ac6d374c
    SHA256:4d26ad86a5f72cd2f9c4a31cc4524f7bf3ec0ff74416f081f8642b7ce8041067

    Identifiers

    • None

    jakarta.transaction.jakarta.transaction-api-2.0.1.jar

    Description:

    Jakarta(TM) Transactions 2.0 API Design Specification

    License:

    http://www.eclipse.org/legal/epl-2.0, https://www.gnu.org/software/classpath/license.html
    File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/jakarta.transaction.jakarta.transaction-api-2.0.1.jar
    MD5: 5315974a3935e342b40849478e1c9966
    SHA1: 51a520e3fae406abb84e2e1148e6746ce3f80a1a
    SHA256:50c0a7c760c13ae6c042acf182b28f0047413db95b4636fb8879bcffab5ba875

    Identifiers

    • None

    jakarta.validation.jakarta.validation-api-3.1.1.jar

    Description:

    Jakarta Validation API

    License:

    http://www.apache.org/licenses/LICENSE-2.0.txt
    File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/jakarta.validation.jakarta.validation-api-3.1.1.jar
    MD5: 93ce96e77734f4280157edeffcae44e8
    SHA1: ec8622148afc5564235d17af80ea80288d0e7f92
    SHA256:63ce00156388c365f3ac1be71fcfaf114682fc0c452020b5df6e7ec236e142ab

    Identifiers

    • None

    jakarta.ws.rs.jakarta.ws.rs-api-3.1.0.jar

    Description:

    Jakarta RESTful Web Services API (JAX-RS)

    License:

    http://www.eclipse.org/legal/epl-2.0, https://www.gnu.org/software/classpath/license.html
    File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/jakarta.ws.rs.jakarta.ws.rs-api-3.1.0.jar
    MD5: 6ce4c6749e048456b2c452c1091689ca
    SHA1: 15ce10d249a38865b58fc39521f10f29ab0e3363
    SHA256:6b3b3628b8b4aedda0d24c3354335e985497d8ef3c510b8f3028e920d5b8663d

    Identifiers

    • None

    jakarta.xml.bind.jakarta.xml.bind-api-4.0.4.jar

    Description:

    Jakarta XML Binding API 4.0 Design Specification

    License:

    http://www.eclipse.org/org/documents/edl-v10.php
    File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/jakarta.xml.bind.jakarta.xml.bind-api-4.0.4.jar
    MD5: 6dd465a232e545193ab8ab77cc4fbdb9
    SHA1: d6d2327f3817d9a33a3b6b8f2e15a96bc2e7afdc
    SHA256:c507ca69a8c6dd11bf4afeec9e0d412c4fa3933fffb0a84680ea5727e8472124

    Identifiers

    • None

    jandex-3.3.1.jar

    Description:

    SmallRye Build Parent POM

    License:

    https://www.apache.org/licenses/LICENSE-2.0.txt
    File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/io/smallrye/jandex/3.3.1/jandex-3.3.1.jar
    MD5: d9c0812db44cdbffce4d4f35356547b9
    SHA1: cea8c28faa729cbc00a6d397cf28f12ae9a577f0
    SHA256:01301f7118eac2b8731c292d58e73f6f96e57b1c89c00aa82e96cd8facd29898

    Identifiers

    • pkg:maven/io.smallrye/jandex@3.3.1  (Confidence:High)

    jandex-gizmo2-3.5.2.jar

    File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/io/smallrye/jandex-gizmo2/3.5.2/jandex-gizmo2-3.5.2.jar
    MD5: 9f82f047d4e16cf1f3cb3485c9825ae3
    SHA1: dff50a3fff893da7c7e433daeb7e0e048ca5c961
    SHA256:8b83c031f4d597956ae94834bd779a423f50b115aa51882d8c332f5675272376

    Identifiers

    • pkg:maven/io.smallrye/jandex-gizmo2@3.5.2  (Confidence:High)

    jandex-maven-plugin-3.3.1.jar

    File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/io/smallrye/jandex-maven-plugin/3.3.1/jandex-maven-plugin-3.3.1.jar
    MD5: 64d5804802af17b798c266d5b8b816b8
    SHA1: 7e7c6430fcb95af2061ec08f1b7d2362b8b23579
    SHA256:716cc7565ac6f056cbe74d05e3409b7e2bc95e4758b504ddaf71d0c93268efff

    Identifiers

    • pkg:maven/io.smallrye/jandex-maven-plugin@3.3.1  (Confidence:High)

    jansi-2.4.0.jar

    Description:

    Jansi is a java library for generating and interpreting ANSI escape sequences.

    License:

    The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
    File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/fusesource/jansi/jansi/2.4.0/jansi-2.4.0.jar
    MD5: bb0f7e4e04a71518dfe5b4ec102aa61f
    SHA1: 321c614f85f1dea6bb08c1817c60d53b7f3552fd
    SHA256:6cd91991323dd7b2fb28ca93d7ac12af5a86a2f53279e2b35827b30313fd0b9f

    Identifiers

    • pkg:maven/org.fusesource.jansi/jansi@2.4.0  (Confidence:High)

    java-properties-0.0.7.jar

    Description:

    A simple Java Properties parser that retains the exact format of the input file, including any comments

    License:

    The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
    File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/codejive/java-properties/0.0.7/java-properties-0.0.7.jar
    MD5: 0ca54f73f449df958cc7e75a3d86e595
    SHA1: c3daffce710cde2591a936e7d9a4028eb7b803c7
    SHA256:0b89124daefd48fe8c0f43449be3a98ba609b460f018a80c704c74544f62286a

    Identifiers

    • pkg:maven/org.codejive/java-properties@0.0.7  (Confidence:High)

    javax.annotation-api-1.3.2.jar

    Description:

    Common Annotations for the JavaTM Platform API

    License:

    CDDL + GPLv2 with classpath exception: https://github.com/javaee/javax.annotation/blob/master/LICENSE
    File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/javax/annotation/javax.annotation-api/1.3.2/javax.annotation-api-1.3.2.jar
    MD5: 2ab1973eefffaa2aeec47d50b9e40b9d
    SHA1: 934c04d3cfef185a8008e7bf34331b79730a9d43
    SHA256:e04ba5195bcd555dc95650f7cc614d151e4bcd52d29a10b8aa2197f3ab89ab9b

    Identifiers

    • pkg:maven/javax.annotation/javax.annotation-api@1.3.2  (Confidence:High)

    javax.inject-1.jar

    Description:

    The javax.inject API

    License:

    The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
    File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/javax/inject/javax.inject/1/javax.inject-1.jar
    MD5: 289075e48b909e9e74e6c915b3631d2e
    SHA1: 6975da39a7040257bd51d21a231b76c915872d38
    SHA256:91c77044a50c481636c32d916fd89c9118a72195390452c81065080f957de7ff

    Identifiers

    • pkg:maven/javax.inject/javax.inject@1  (Confidence:High)

    jdbc-1.21.3.jar

    Description:

    Isolated container management for Java code testing

    License:

    MIT: http://opensource.org/licenses/MIT
    File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/testcontainers/jdbc/1.21.3/jdbc-1.21.3.jar
    MD5: d7236e530d2db9f67bdf81fed07b474c
    SHA1: add1cf7b1c8f0ec3a3189793e90a7a967000cf95
    SHA256:8162137442982ef42a70a86fd50362d48d2a2366bf13787f98696735aecf7a57

    Identifiers

    • pkg:maven/org.testcontainers/jdbc@1.21.3  (Confidence:High)

    jdk-classfile-backport-25.1.jar

    Description:

    An unofficial backport of the JDK Classfile API to Java 17

    License:

    GNU General Public License, version 2, with the Classpath Exception: http://openjdk.java.net/legal/gplv2+ce.html
    File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/io/github/dmlloyd/jdk-classfile-backport/25.1/jdk-classfile-backport-25.1.jar
    MD5: 702df1fba3112d187310a54faa8da542
    SHA1: 78f035319ccbc5c1d2c65fe2854290e0f15a8fb1
    SHA256:2156731c92362678945300ed39b7bf954c8338ecd1f5880995cfbd95d46dbbfe

    Identifiers

    • pkg:maven/io.github.dmlloyd/jdk-classfile-backport@25.1  (Confidence:High)

    jdom2-2.0.6.1.jar

    Description:

    		A complete, Java-based solution for accessing, manipulating, 
		and outputting XML data

    License:

    Similar to Apache License but with the acknowledgment clause removed: https://raw.github.com/hunterhacker/jdom/master/LICENSE.txt
    File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/jdom/jdom2/2.0.6.1/jdom2-2.0.6.1.jar
    MD5: 5be72710c66f3c9ba71f8009e92597d1
    SHA1: dc15dff8f701b227ee523eeb7a17f77c10eafe2f
    SHA256:0b20f45e3a0fd8f0d12cdc5316b06776e902b1365db00118876f9175c60f302c

    Identifiers

    jib-build-plan-0.4.0.jar

    Description:

    Jib Container Build Plan API

    License:

    The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
    File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/com/google/cloud/tools/jib-build-plan/0.4.0/jib-build-plan-0.4.0.jar
    MD5: 2db509a6a4956ce9c88f4b7993aa5fe5
    SHA1: b16394e7eda9aeff338841c6dc47ed5a8a9d8120
    SHA256:9b74d6be551b8bf079d711148769150d566512db5a50b1e9c7c445c69c08d182

    Identifiers

    • pkg:maven/com.google.cloud.tools/jib-build-plan@0.4.0  (Confidence:High)

    jib-core-0.27.3.jar

    Description:

    Build container images.

    License:

    The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
    File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/com/google/cloud/tools/jib-core/0.27.3/jib-core-0.27.3.jar
    MD5: aab99306ed92805afd7617a892186419
    SHA1: 5916b17257df977aea79fd934b9f62a5d16e396c
    SHA256:27ba15f857b60d505e9604104412c4b832b01353c6a8289d7851801e3b4f6b5f

    Identifiers

    jna-5.8.0.jar

    Description:

    Java Native Access

    License:

    LGPL, version 2.1: http://www.gnu.org/licenses/licenses.html
Apache License v2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
    File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/net/java/dev/jna/jna/5.8.0/jna-5.8.0.jar
    MD5: 3e1988240662c4f068e8ff5df505f6a0
    SHA1: 3551d8d827e54858214107541d3aff9c615cb615
    SHA256:930273cc1c492f25661ea62413a6da3fd7f6e01bf1c4dcc0817fc8696a7b07ac

    Identifiers

    • pkg:maven/net.java.dev.jna/jna@5.8.0  (Confidence:High)
    • cpe:2.3:a:oracle:java_se:5.8.0:*:*:*:*:*:*:*  (Confidence:Low)  

    jna-5.8.0.jar: jnidispatch.dll

    File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/net/java/dev/jna/jna/5.8.0/jna-5.8.0.jar/com/sun/jna/win32-aarch64/jnidispatch.dll
    MD5: bf93f6b98af1987a7536d69202e0dda9
    SHA1: d8b5600b6c8254afd68068f130bc6f75c62f0a7a
    SHA256:749e807fa10407e43cf2cf98e885e5ef76a95751c143c0c3326ad1366f3e9179

    Identifiers

    • None

    jna-5.8.0.jar: jnidispatch.dll

    File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/net/java/dev/jna/jna/5.8.0/jna-5.8.0.jar/com/sun/jna/win32-x86-64/jnidispatch.dll
    MD5: a004906b9067501293107be3a92c3401
    SHA1: ed9f50de6051aaa1f26e61c64a5c6b0eba407d93
    SHA256:76f19b52423774932831dcba0596989ec56213f9b217a0432fbc122f99704a2a

    Identifiers

    • None

    jna-5.8.0.jar: jnidispatch.dll

    File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/net/java/dev/jna/jna/5.8.0/jna-5.8.0.jar/com/sun/jna/win32-x86/jnidispatch.dll
    MD5: 7668f8f21cba1d0d7e2cc39379b8a3c3
    SHA1: 332887373846943f479dac9fabfd42fbe58d723a
    SHA256:39bab69f5ead37326cb4c032c621dbddbc5093932871f2010120819a4100abdf

    Identifiers

    • None

    json-path-5.5.6.jar

    Description:

    Java DSL for easy testing of REST services

    License:

    https://www.apache.org/licenses/LICENSE-2.0.html
    File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/io/rest-assured/json-path/5.5.6/json-path-5.5.6.jar
    MD5: 4ddeef986a004b50b948ac68109c53b3
    SHA1: 2735e5e64a86338f6823664737a087cf5c63f278
    SHA256:46f7c91ce540d33ceda741ad5db6eb5ee2d0ad000dbb8eb9837b2f5c1c2d3a46

    Identifiers

    • pkg:maven/io.rest-assured/json-path@5.5.6  (Confidence:High)

    json-schema-validator-1.5.9.jar

    Description:

    A json schema validator that supports draft v4, v6, v7, v2019-09 and v2020-12

    License:

    Apache License Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
    File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/com/networknt/json-schema-validator/1.5.9/json-schema-validator-1.5.9.jar
    MD5: 84622292ac5001bac8f16dc5002a8b94
    SHA1: 6a2f9fe324b9dc8d8e0c3d7b435f7ae99595a556
    SHA256:e0b8baeb78fd1ba027454ee3974d8a02f54447eaa510d3052820a7d2160d9ae4

    Identifiers

    jsoup-1.17.2.jar

    Description:

    jsoup is a Java library that simplifies working with real-world HTML and XML. It offers an easy-to-use API for URL fetching, data parsing, extraction, and manipulation using DOM API methods, CSS, and xpath selectors. jsoup implements the WHATWG HTML5 specification, and parses HTML to the same DOM as modern browsers.

    License:

    The MIT License: https://jsoup.org/license
    File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/jsoup/jsoup/1.17.2/jsoup-1.17.2.jar
    MD5: d9dd58c3f8a09f45e57d85e78993be6e
    SHA1: 1e75b08d7019546a954f1e359477f916f537a34d
    SHA256:f60b33b38e9d7ac93eaaa68a6c70f706bb99036494b2e2add2bfee11d09ac6f5

    Identifiers

    junit-jupiter-5.13.4.jar

    Description:

    Module "junit-jupiter" of JUnit 5.

    License:

    Eclipse Public License v2.0: https://www.eclipse.org/legal/epl-v20.html
    File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/junit/jupiter/junit-jupiter/5.13.4/junit-jupiter-5.13.4.jar
    MD5: 3f4e38bdbea73c98a50f08b7c6e33426
    SHA1: 93547b3eca48a61f65f735c1898d3ec196e34149
    SHA256:b960f79217dd01c863031b678f07df4730bbf1eac650c74ad6b0c61faad78379

    Identifiers

    • pkg:maven/org.junit.jupiter/junit-jupiter@5.13.4  (Confidence:High)

    junit-jupiter-api-5.13.4.jar

    Description:

    Module "junit-jupiter-api" of JUnit 5.

    License:

    Eclipse Public License v2.0: https://www.eclipse.org/legal/epl-v20.html
    File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/junit/jupiter/junit-jupiter-api/5.13.4/junit-jupiter-api-5.13.4.jar
    MD5: d9981621212d598a4ba380342094c92f
    SHA1: 2817f736551fe4949b79924715ef6f594ee072f4
    SHA256:d1bb81abfd9e03418306b4e6a3390c8db52c58372e749c2980ac29f0c08278f1

    Identifiers

    • pkg:maven/org.junit.jupiter/junit-jupiter-api@5.13.4  (Confidence:High)

    junit-jupiter-engine-5.13.4.jar

    Description:

    Module "junit-jupiter-engine" of JUnit 5.

    License:

    Eclipse Public License v2.0: https://www.eclipse.org/legal/epl-v20.html
    File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/junit/jupiter/junit-jupiter-engine/5.13.4/junit-jupiter-engine-5.13.4.jar
    MD5: 3416ff6cff3dd4ea789b92338a49b9b2
    SHA1: d29fc8b6a28d21b8741f299ae4deb3e3aa68b2e8
    SHA256:027404a92fe618b72465792a257951495c503a7d5751e2791e0f51c87f67f5bc

    Identifiers

    • pkg:maven/org.junit.jupiter/junit-jupiter-engine@5.13.4  (Confidence:High)

    junit-jupiter-params-5.13.4.jar

    Description:

    Module "junit-jupiter-params" of JUnit 5.

    License:

    Eclipse Public License v2.0: https://www.eclipse.org/legal/epl-v20.html
    File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/junit/jupiter/junit-jupiter-params/5.13.4/junit-jupiter-params-5.13.4.jar
    MD5: a1db21cc54b627a085918626a3908c9e
    SHA1: 0c8930eb7fcfbed0b191703ab53f48475a75bd17
    SHA256:3a8c6365716dbb698c0d49a05456c1e1ad05c406613c550f9dd50037872efc41

    Identifiers

    • pkg:maven/org.junit.jupiter/junit-jupiter-params@5.13.4  (Confidence:High)

    junit-platform-engine-1.13.4.jar

    Description:

    Module "junit-platform-engine" of JUnit 5.

    License:

    Eclipse Public License v2.0: https://www.eclipse.org/legal/epl-v20.html
    File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/junit/platform/junit-platform-engine/1.13.4/junit-platform-engine-1.13.4.jar
    MD5: 736aa9e83f7ba2b54adb5f86821fd4dd
    SHA1: cdd49063ae6e25494d1a9a08f4a9ab5de2b73bcb
    SHA256:390c5f77b84283a64b644f88251b397e0b0debb80bdcc50f899881aecff43a5a

    Identifiers

    • pkg:maven/org.junit.platform/junit-platform-engine@1.13.4  (Confidence:High)
    • cpe:2.3:a:fan_platform_project:fan_platform:1.13.4:*:*:*:*:*:*:*  (Confidence:Low)  

    junit-platform-engine-1.9.3.jar

    Description:

    Module "junit-platform-engine" of JUnit 5.

    License:

    Eclipse Public License v2.0: https://www.eclipse.org/legal/epl-v20.html
    File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/junit/platform/junit-platform-engine/1.9.3/junit-platform-engine-1.9.3.jar
    MD5: 97839fdbdebfeabba70719f4d81d88c4
    SHA1: 8616734a190f8d307376aeb7353dba0a2c037a09
    SHA256:0c39553d9a03510757227f5a1c6cc6530287b1a321ed6258450664874aa2a16a

    Identifiers

    • pkg:maven/org.junit.platform/junit-platform-engine@1.9.3  (Confidence:High)
    • cpe:2.3:a:fan_platform_project:fan_platform:1.9.3:*:*:*:*:*:*:*  (Confidence:Low)  

    keycloak-client-common-synced-26.0.7.jar

    Description:

    Keycloak Client Common Synced

    File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/keycloak/keycloak-client-common-synced/26.0.7/keycloak-client-common-synced-26.0.7.jar
    MD5: 99422f2b1b494b85d4a232098639ae6f
    SHA1: ee4998aa57c2e49c450308b3859c64c535a47179
    SHA256:b4b1e29b62504bf1822a9885f88061efa4d31af49d86012ac43add69819daf51

    Identifiers

    legacy.nomodule.js

    File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/legacy/legacy.nomodule.js
    MD5: 9361539a28868f7d0b2c550cc62a7a59
    SHA1: 719fa6978e60cdbebb6060b7a8fc3bcaf2eee883
    SHA256:d5da0303995acf3a35202bc13ffc94758a26ae71a01d14065746bb490868308a

    Identifiers

    • None

    legacy.nomodule.min.js

    File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/legacy/legacy.nomodule.min.js
    MD5: 5a67d58bbb647d58fbc1e2d46a119b3a
    SHA1: 47ab7dc2bc9d08a4c41b4b00de171b842b1d7247
    SHA256:936ff3368a427cbc6887879100925204f54f5cdf0d28ced1ccb41e4e6d5cf383

    Identifiers

    • None

    lombok-1.18.42.jar

    Description:

    Spice up your java: Automatic Resource Management, automatic generation of getters, setters, equals, hashCode and toString, and more!

    License:

    The MIT License: https://projectlombok.org/LICENSE
    File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/projectlombok/lombok/1.18.42/lombok-1.18.42.jar
    MD5: f29149836e0187fb9fd95d82dc718d36
    SHA1: 8365263844ebb62398e0dc33057ba10ba472d3b8
    SHA256:3488a4e9994c26596baaceebee58cad36a50e3bdaec5be72b5834d3c3b560306

    Identifiers

    • pkg:maven/org.projectlombok/lombok@1.18.42  (Confidence:High)

    lombok-1.18.42.jar: mavenEcjBootstrapAgent.jar

    File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/projectlombok/lombok/1.18.42/lombok-1.18.42.jar/lombok/launch/mavenEcjBootstrapAgent.jar
    MD5: 885d5d6be90a5dcd4b82cdf741e3f31a
    SHA1: e1f7f1779f40157fd0b984c1bc32a0cb45cae66e
    SHA256:74a80a6ee84e5c6fe497dfcc46a46dbe30578525e747eb531e918ee0750c8da9

    Identifiers

    • None

    mapstruct-processor-1.6.3.jar

    Description:

    An annotation processor for generating type-safe bean mappers

    License:

    The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
    File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/mapstruct/mapstruct-processor/1.6.3/mapstruct-processor-1.6.3.jar
    MD5: 6a092af2c0e165e8cb8997b9123393cb
    SHA1: 52e345c907fbf173b376586c7f8b131d53fa5867
    SHA256:0305b6e2eee678974cde0c4e87e09d66926290b640173ec3ca5a81dedbc56bff

    Identifiers

    • pkg:maven/org.mapstruct/mapstruct-processor@1.6.3  (Confidence:High)

    maven-antrun-plugin-3.1.0.jar

    Description:

    Runs Ant scripts embedded in the POM

    File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/apache/maven/plugins/maven-antrun-plugin/3.1.0/maven-antrun-plugin-3.1.0.jar
    MD5: 2c07943675c06289f5ba11db82c2c24d
    SHA1: d4c0e1e9e814f5a705b81f8117d9753719d670c7
    SHA256:8ae8f570b8f4ea46fa7f3df27f22ce4c6b6c1f387a6eaeefae6c896aebae1455

    Identifiers

    maven-api-meta-4.0.0-alpha-7.jar

    Description:

    Java annotations for Maven 4 Immutable API.

    File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/apache/maven/maven-api-meta/4.0.0-alpha-7/maven-api-meta-4.0.0-alpha-7.jar
    MD5: 0571b58631234946491bc5f7a91d8c74
    SHA1: db4b391f5341ef940fb3a79060865b7edda6c6d5
    SHA256:c4f6f3868f5b280cc7e268f0f95e1bb1d2a824afe92a8029e861be7ec48b1272

    Identifiers

    • pkg:maven/org.apache.maven/maven-api-meta@4.0.0-alpha-7  (Confidence:High)

    maven-api-xml-4.0.0-alpha-7.jar

    Description:

    Maven 4 API immutable XML helper.

    File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/apache/maven/maven-api-xml/4.0.0-alpha-7/maven-api-xml-4.0.0-alpha-7.jar
    MD5: eaa62eb9c8cf3e767bdc81991079aae6
    SHA1: ae85bf0c76a6b868058af3e0ec89c78d9acd4eff
    SHA256:3388f4d0465f5a7e9a6264baf506da1b052c51f7cc10b7ce73f09723e6cf1d92

    Identifiers

    • pkg:maven/org.apache.maven/maven-api-xml@4.0.0-alpha-7  (Confidence:High)

    maven-archiver-3.6.0.jar

    Description:

    Provides utility methods for creating JARs and other archive files from a Maven project.

    File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/apache/maven/maven-archiver/3.6.0/maven-archiver-3.6.0.jar
    MD5: b12cc59931ba53459a09e12db692b55d
    SHA1: 0a7cc4e331cd64ad9cfd049b661e89b3065ce1b8
    SHA256:020221526ffc406d04c2ba5913a4201c55635a620302bdecc7de400e3681a754

    Identifiers

    • pkg:maven/org.apache.maven/maven-archiver@3.6.0  (Confidence:High)

    maven-artifact-3.9.12.jar

    File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/apache/maven/maven-artifact/3.9.12/maven-artifact-3.9.12.jar
    MD5: d834fe188642d22ce7318e6af0a605dd
    SHA1: 39acdd4ad6b74b1c001ae7c0858482a11d0ead59
    SHA256:4361cecd7e863c0992a6c901202afbb6db2a06b4f9a5e4b22481d4d39bcf137c

    Identifiers

    • pkg:maven/org.apache.maven/maven-artifact@3.9.12  (Confidence:High)

    maven-assembly-plugin-3.6.0.jar

    Description:

    A Maven plugin to create archives of your project's sources, classes, dependencies etc. from flexible assembly descriptors.

    File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/apache/maven/plugins/maven-assembly-plugin/3.6.0/maven-assembly-plugin-3.6.0.jar
    MD5: 719c7e8e641afa114e9078ef2420045b
    SHA1: 5398ecbe94c874042cb5f6f683e723306f51a625
    SHA256:53c887c082345b07dfe486b08cc805126c62fe863a027ce696db60428f4ab47c

    Identifiers

    • pkg:maven/org.apache.maven.plugins/maven-assembly-plugin@3.6.0  (Confidence:High)

    maven-builder-support-3.9.12.jar

    Description:

    Support for descriptor builders (model, setting, toolchains)

    File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/apache/maven/maven-builder-support/3.9.12/maven-builder-support-3.9.12.jar
    MD5: 6afaba813236d781c7b3865f9fab3a44
    SHA1: fe2fe54522eb2f77bd9b30cefc959d728d3f8105
    SHA256:22a0345c7a90dbe7758209d52135967daa8aae6543c7016cb635891b0eceeed4

    Identifiers

    • pkg:maven/org.apache.maven/maven-builder-support@3.9.12  (Confidence:High)

    maven-clean-plugin-3.2.0.jar

    Description:

        The Maven Clean Plugin is a plugin that removes files generated at build-time in a project's directory.

    File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/apache/maven/plugins/maven-clean-plugin/3.2.0/maven-clean-plugin-3.2.0.jar
    MD5: 001d7cf439e67c15577412c936111278
    SHA1: 556f5c71be8788c70a94a43d66af7fe35acee21f
    SHA256:b657bef2e1eb11e029a70cd688bde6adad29e4e99dacb18516bf651ecca32435

    Identifiers

    • pkg:maven/org.apache.maven.plugins/maven-clean-plugin@3.2.0  (Confidence:High)

    maven-common-artifact-filters-3.1.1.jar

    Description:

    A collection of ready-made filters to control inclusion/exclusion of artifacts during dependency resolution.

    File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/apache/maven/shared/maven-common-artifact-filters/3.1.1/maven-common-artifact-filters-3.1.1.jar
    MD5: bbafdd6747cc103b96bbff6dc06f9124
    SHA1: 044f7d167891f281160764ef1a687dcf487d3a2c
    SHA256:4a8eea7663992e49206d9f928138f334a835ad3fbbc40929342ef007ccf5471b

    Identifiers

    • pkg:maven/org.apache.maven.shared/maven-common-artifact-filters@3.1.1  (Confidence:High)

    maven-compiler-plugin-3.14.0.jar

    Description:

    The Compiler Plugin is used to compile the sources of your project.

    File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/apache/maven/plugins/maven-compiler-plugin/3.14.0/maven-compiler-plugin-3.14.0.jar
    MD5: d126f464338b2ff99b825de0f4a4a2fa
    SHA1: 8da644b4b26eb34e626ad9482a884a89e6657901
    SHA256:e55fe35b95cf499e5092f146c6613984cff896a8947c2f347ab88270f11acb76

    Identifiers

    • pkg:maven/org.apache.maven.plugins/maven-compiler-plugin@3.14.0  (Confidence:High)

    maven-core-3.9.12.jar

    Description:

    Maven Core classes.

    File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/apache/maven/maven-core/3.9.12/maven-core-3.9.12.jar
    MD5: 5988619119b33562228343c4ded75b9e
    SHA1: a349a9dadebca9f2a2d1f99876f651a02961a366
    SHA256:1ee217c759a895771a07a2018c026bba01373305d9bad0099f06dbbdbcf2c332

    Identifiers

    maven-dependency-plugin-3.6.1.jar

    Description:

    Provides utility goals to work with dependencies like copying, unpacking, analyzing, resolving and many more.

    File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/apache/maven/plugins/maven-dependency-plugin/3.6.1/maven-dependency-plugin-3.6.1.jar
    MD5: 69dc0f7f4ec84a2940916509d5c3480d
    SHA1: 7d6cba536d202a0680cf674ff7fda94dc40f3a5e
    SHA256:da6a0ed58ab849b0de0fd9a676b17726a3cdb0e87e86a4a90b5287878912279a

    Identifiers

    • pkg:maven/org.apache.maven.plugins/maven-dependency-plugin@3.6.1  (Confidence:High)

    maven-deploy-plugin-3.1.1.jar

    Description:

    Uploads the project artifacts to the internal remote repository.

    File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/apache/maven/plugins/maven-deploy-plugin/3.1.1/maven-deploy-plugin-3.1.1.jar
    MD5: ff117d599c98db969f3d75a816cbc26f
    SHA1: 05fe43502757269d4934cbda35e5e74399187286
    SHA256:c7c973af372dadb83c41e760a86af98b6291150ecdd235319c2a3635b85383ff

    Identifiers

    • pkg:maven/org.apache.maven.plugins/maven-deploy-plugin@3.1.1  (Confidence:High)

    maven-embedder-3.9.12.jar

    Description:

    Maven embeddable component, with CLI and logging support.

    File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/apache/maven/maven-embedder/3.9.12/maven-embedder-3.9.12.jar
    MD5: b270f033fb844a10af9c6528e3b352d7
    SHA1: dea388fd5b198516175443c098ea1e8d6c2d8bb5
    SHA256:8cd71547431f8a908345869c5884ddae51cf3acba8d4592ea19d3b844563d345

    Identifiers

    • pkg:maven/org.apache.maven/maven-embedder@3.9.12  (Confidence:High)

    maven-filtering-3.3.1.jar

    Description:

    A component to assist in filtering of resource files with properties from a Maven project.

    File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/apache/maven/shared/maven-filtering/3.3.1/maven-filtering-3.3.1.jar
    MD5: 81f9ea936b2b3c12899901fe0999348b
    SHA1: 7b613072bcce1d949b6d82f714af08b4535aae2b
    SHA256:b12663187d9ffc6a1ee76139c0ef497fe9400efbe2ebe01616fe2703656fb4f0

    Identifiers

    • pkg:maven/org.apache.maven.shared/maven-filtering@3.3.1  (Confidence:High)

    maven-help-plugin-3.5.1.jar

    Description:

    The Maven Help plugin provides goals aimed at helping to make sense out of
    the build environment. It includes the ability to view the effective
    POM and settings files, after inheritance and active profiles
    have been applied, as well as a describe a particular plugin goal to give usage information.

    File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/apache/maven/plugins/maven-help-plugin/3.5.1/maven-help-plugin-3.5.1.jar
    MD5: 0916cef032bdc95cdecc1f507ccf13ce
    SHA1: 3a6e526788e0564766f44d31b677648a7d9207ef
    SHA256:db1296f90c93cd1ac763f8262674dc376cf7670166dc2c270a498b1141a51865

    Identifiers

    • pkg:maven/org.apache.maven.plugins/maven-help-plugin@3.5.1  (Confidence:High)

    maven-install-plugin-3.1.1.jar

    Description:

    Copies the project artifacts to the user's local repository.

    File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/apache/maven/plugins/maven-install-plugin/3.1.1/maven-install-plugin-3.1.1.jar
    MD5: 82c003d21a28f7ae89e89f2bff8bbb3a
    SHA1: 011abc20d7e1ee82e6cb55e2a03f405cd97325b6
    SHA256:6bf2f4a06369f599818c5cee1d5ed957b7caf4aa0003b9867ad5525f8bca8086

    Identifiers

    • pkg:maven/org.apache.maven.plugins/maven-install-plugin@3.1.1  (Confidence:High)

    maven-jar-plugin-3.3.0.jar

    Description:

    Builds a Java Archive (JAR) file from the compiled project classes and resources.

    File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/apache/maven/plugins/maven-jar-plugin/3.3.0/maven-jar-plugin-3.3.0.jar
    MD5: 86757837fbad6c11499131998fd31e01
    SHA1: 21829ae5feec95ae6fec425f2d85bbbfe49880c4
    SHA256:17edc5d0289dc0a9b61bd5db15fdb5804b5fb73d7dbe458771e33fbc1d51fa94

    Identifiers

    • pkg:maven/org.apache.maven.plugins/maven-jar-plugin@3.3.0  (Confidence:High)

    maven-model-3.9.12.jar

    Description:

    Model for Maven POM (Project Object Model)

    File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/apache/maven/maven-model/3.9.12/maven-model-3.9.12.jar
    MD5: 2eca810310f90f79e048265eb29165b9
    SHA1: 6f91cb0e47b7fc6db492ed307b0c91b38bfce924
    SHA256:d443a20cb801a7f116e10a80dd1ebf7aaae7182880d1097e0681d498c45e168b

    Identifiers

    • pkg:maven/org.apache.maven/maven-model@3.9.12  (Confidence:High)

    maven-model-builder-3.9.12.jar

    Description:

    The effective model builder, with inheritance, profile activation, interpolation, ...

    File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/apache/maven/maven-model-builder/3.9.12/maven-model-builder-3.9.12.jar
    MD5: 8d8d8278aeb6a462ce3421a5d1b7d7d5
    SHA1: c1a74479d447e70d98ed5f03f6b32d54818ca046
    SHA256:1cb12b9e51b9855599dd1d02e77f08ff88772e9d4b4a7c4ee1e5d7a4f2b9b9ea

    Identifiers

    • pkg:maven/org.apache.maven/maven-model-builder@3.9.12  (Confidence:High)

    maven-model-helper-37.jar

    File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/io/fabric8/maven-model-helper/37/maven-model-helper-37.jar
    MD5: ba228c5d8c44211e1455465fb4ae42cc
    SHA1: 050eb2d61bf9dfc2d5cd288cb12a7d774bf3212e
    SHA256:b071da0e5c7197e7010e0deb63fb6a1a0d32fc1e003ebdbfc311ac5193773a0f

    Identifiers

    maven-plugin-api-3.9.12.jar

    Description:

    The API for plugins - Mojos - development.

    File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/apache/maven/maven-plugin-api/3.9.12/maven-plugin-api-3.9.12.jar
    MD5: 8fcc7f1f1457476e6c0d6c7746bd0960
    SHA1: 2c2d5180b3dae0e6f91575fc2507429727e01cc9
    SHA256:104a1e073e5484eae2eac594c6e49b59bdd1103fe480ceb9a3468cd427449570

    Identifiers

    • pkg:maven/org.apache.maven/maven-plugin-api@3.9.12  (Confidence:High)

    maven-plugin-tools-generators-3.13.1.jar

    Description:

    The Maven Plugin Tools Generators provide content generation (XML descriptor, documentation, help goal) from
    plugin descriptor extracted from plugin sources.

    File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/apache/maven/plugin-tools/maven-plugin-tools-generators/3.13.1/maven-plugin-tools-generators-3.13.1.jar
    MD5: 9800815e852aae8f276ddbad618b31a0
    SHA1: 482ce5970ee727317a9272b7ac0603e4bc728bae
    SHA256:a201ac701319c9ce54bd85c7c8e877e867495cd5f509f26ae5f2b408eafbf68f

    Identifiers

    • pkg:maven/org.apache.maven.plugin-tools/maven-plugin-tools-generators@3.13.1  (Confidence:High)

    maven-release-plugin-3.0.1.jar

    Description:

    This plugin is used to release a project with Maven, saving a lot of repetitive, manual work.

    File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/apache/maven/plugins/maven-release-plugin/3.0.1/maven-release-plugin-3.0.1.jar
    MD5: 4835b0d2d8f25f3d880eaaad639b371b
    SHA1: 53c2004bcf1569cfe6bfbcb12c422c3f760c3a22
    SHA256:01c2906ddcc673cad8eac7af423dba9932f07c48d1decd13229a5ea9273f9fc6

    Identifiers

    • pkg:maven/org.apache.maven.plugins/maven-release-plugin@3.0.1  (Confidence:High)

    maven-reporting-api-3.0.jar

    Description:

    API to manage report generation.

    File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/apache/maven/reporting/maven-reporting-api/3.0/maven-reporting-api-3.0.jar
    MD5: 48cd00abc388c5156879b335e869adab
    SHA1: b2541dd07d08cd5eff9bd4554a2ad6a4198e2dfe
    SHA256:498949e5576b022559d1622e534c18e052f94dec883924b67e0a4e8676c07b17

    Identifiers

    • pkg:maven/org.apache.maven.reporting/maven-reporting-api@3.0  (Confidence:High)

    maven-reporting-api-4.0.0.jar

    Description:

    API to manage report generation.

    File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/apache/maven/reporting/maven-reporting-api/4.0.0/maven-reporting-api-4.0.0.jar
    MD5: 9c49fcb81d69bb5ec513d624c181fc05
    SHA1: d3ad7e3d03463b5bd77e7d3ce94539cc723c8dfb
    SHA256:cb2cbde3c9c7288f7398a250dcf3c90cf92714cff301f22b298e1091b5def33c

    Identifiers

    • pkg:maven/org.apache.maven.reporting/maven-reporting-api@4.0.0  (Confidence:High)

    maven-repository-metadata-3.9.12.jar

    Description:

    Per-directory local and remote repository metadata.

    File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/apache/maven/maven-repository-metadata/3.9.12/maven-repository-metadata-3.9.12.jar
    MD5: 6099a10e5063820edf75037e3e777863
    SHA1: 3ecfc216f9a56f15c6bd6b3e22567b0b6cb2183e
    SHA256:b3688646dde74429e2e04ba4d7e1482f720bd68ab53824990089d0d8c821f1da

    Identifiers

    • pkg:maven/org.apache.maven/maven-repository-metadata@3.9.12  (Confidence:High)

    maven-resolver-api-1.9.25.jar

    Description:

    The application programming interface for the repository system.

    License:

    "Apache-2.0";link="https://www.apache.org/licenses/LICENSE-2.0.txt"
    File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/apache/maven/resolver/maven-resolver-api/1.9.25/maven-resolver-api-1.9.25.jar
    MD5: 11a370687a765c2c2288bcff6f4f73cb
    SHA1: 8b670256b812a45b1ca9ae1bbf7f1c0d00a9d4e4
    SHA256:f414e7f40aff338cef65f836aabf6cd9a9e2a0f1bfa88589315beb0ac2f498c5

    Identifiers

    • pkg:maven/org.apache.maven.resolver/maven-resolver-api@1.9.25  (Confidence:High)

    maven-resolver-connector-basic-1.9.25.jar

    Description:

    A repository connector implementation for repositories using URI-based layouts.

    License:

    "Apache-2.0";link="https://www.apache.org/licenses/LICENSE-2.0.txt"
    File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/apache/maven/resolver/maven-resolver-connector-basic/1.9.25/maven-resolver-connector-basic-1.9.25.jar
    MD5: 491deb147e1f47d54f17a40ae47dbacc
    SHA1: 6dcd7e2076baecbcfa77e781112bd110ea379d07
    SHA256:23639c6186c9f06477a166e72df4556f1172ace1eddae5e7a04a009fbcabfdf0

    Identifiers

    • pkg:maven/org.apache.maven.resolver/maven-resolver-connector-basic@1.9.25  (Confidence:High)

    maven-resolver-impl-1.9.25.jar

    Description:

    An implementation of the repository system.

    License:

    "Apache-2.0";link="https://www.apache.org/licenses/LICENSE-2.0.txt"
    File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/apache/maven/resolver/maven-resolver-impl/1.9.25/maven-resolver-impl-1.9.25.jar
    MD5: 4792489c7592c08bebd235a7f2a3d4a1
    SHA1: cc1bde9b56a2e95a181207958dcf40715dc71ab3
    SHA256:8d28766de3a000efa3662d5f67e428ca225498a89001195f7b3c55ea7a8bc56d

    Identifiers

    • pkg:maven/org.apache.maven.resolver/maven-resolver-impl@1.9.25  (Confidence:High)

    maven-resolver-named-locks-1.9.25.jar

    Description:

    A synchronization utility implementation using Named locks.

    License:

    "Apache-2.0";link="https://www.apache.org/licenses/LICENSE-2.0.txt"
    File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/apache/maven/resolver/maven-resolver-named-locks/1.9.25/maven-resolver-named-locks-1.9.25.jar
    MD5: d14b4f832e13dc00cfa3e5e36a60f666
    SHA1: fb1c8c95f17c816c3ceb8692aa84cbb068df5d94
    SHA256:e9fc779106713c33b4b5a7ed85e4273cfd7b9a96df7cf678eb0ac588f72669e3

    Identifiers

    • pkg:maven/org.apache.maven.resolver/maven-resolver-named-locks@1.9.25  (Confidence:High)

    maven-resolver-provider-3.9.12.jar

    Description:

    Extensions to Maven Resolver for utilizing Maven POM and repository metadata.

    File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/apache/maven/maven-resolver-provider/3.9.12/maven-resolver-provider-3.9.12.jar
    MD5: f7b422b347c8009da8335e848b00b800
    SHA1: 44963f45b78f89a8479705493c48e01fc54ff9d6
    SHA256:79be07f591709b41d35e3ede06244a3447330fad469499fd5decb7606be01005

    Identifiers

    • pkg:maven/org.apache.maven/maven-resolver-provider@3.9.12  (Confidence:High)

    maven-resolver-spi-1.9.25.jar

    Description:

    The service provider interface for repository system implementations and repository connectors.

    License:

    "Apache-2.0";link="https://www.apache.org/licenses/LICENSE-2.0.txt"
    File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/apache/maven/resolver/maven-resolver-spi/1.9.25/maven-resolver-spi-1.9.25.jar
    MD5: 49f5e30b9862b489b9e8066c9744869a
    SHA1: f81237d0140f9222cf4437c44756a53368a2d152
    SHA256:781fafec23ea24f2624f3e3b48c674912f4bb1a1009a051df194307ed380280e

    Identifiers

    • pkg:maven/org.apache.maven.resolver/maven-resolver-spi@1.9.25  (Confidence:High)

    maven-resolver-transport-http-1.9.23.jar

    Description:

    A transport implementation for repositories using http:// and https:// URLs.

    License:

    "Apache-2.0";link="https://www.apache.org/licenses/LICENSE-2.0.txt"
    File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/apache/maven/resolver/maven-resolver-transport-http/1.9.23/maven-resolver-transport-http-1.9.23.jar
    MD5: 016925c46ade15fe641bf329b72fc03f
    SHA1: 38ed4a6a80408e6e186cfc5d94d080b5b5148099
    SHA256:7c4d762c4c604db5c8a9eeadd5c98b8f2e03556b853b48aa3346eb8cef67b54d

    Identifiers

    • pkg:maven/org.apache.maven.resolver/maven-resolver-transport-http@1.9.23  (Confidence:High)

    maven-resolver-transport-wagon-1.9.25.jar

    Description:

    A transport implementation based on Maven Wagon.

    License:

    "Apache-2.0";link="https://www.apache.org/licenses/LICENSE-2.0.txt"
    File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/apache/maven/resolver/maven-resolver-transport-wagon/1.9.25/maven-resolver-transport-wagon-1.9.25.jar
    MD5: ed17496e7eb59c3782a9f441eb70e87e
    SHA1: 9b5af36b4bafbec8f71430b6bb3a4802a9ebbf65
    SHA256:73425c699e593cbb5b51dc01efc8cd334bdf793bb3c4070d48f32a72e99b61ed

    Identifiers

    maven-resolver-util-1.9.25.jar

    Description:

    A collection of utility classes to ease usage of the repository system.

    License:

    "Apache-2.0";link="https://www.apache.org/licenses/LICENSE-2.0.txt"
    File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/apache/maven/resolver/maven-resolver-util/1.9.25/maven-resolver-util-1.9.25.jar
    MD5: 8c4a25d08ba8ba18a9f93a821d518273
    SHA1: f755f6816d8fd63b09b8f2c9e1eaaa1f60c179e8
    SHA256:e31330fdb29045f3087b4985cb488a5b5ebbcbd7d879fda14e6ed4dd61b1fdf7

    Identifiers

    • pkg:maven/org.apache.maven.resolver/maven-resolver-util@1.9.25  (Confidence:High)

    maven-resources-plugin-3.3.1.jar

    Description:

    The Resources Plugin handles the copying of project resources to the output
    directory. There are two different kinds of resources: main resources and test resources. The
    difference is that the main resources are the resources associated with the main
    source code while the test resources are associated with the test source code.
    Thus, this allows the separation of resources for the main source code and its
    unit tests.

    File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/apache/maven/plugins/maven-resources-plugin/3.3.1/maven-resources-plugin-3.3.1.jar
    MD5: 2161e818c9c8bec0ad7e16caba1f5a55
    SHA1: 5a0e59faaaec9485868660696dd0808f483917d0
    SHA256:eb4069c7fe50a313b3f5295ccd214f30402f63971c26f443f7f3e798be8cc2a7

    Identifiers

    • pkg:maven/org.apache.maven.plugins/maven-resources-plugin@3.3.1  (Confidence:High)

    maven-settings-3.9.12.jar

    Description:

    Maven Settings model.

    File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/apache/maven/maven-settings/3.9.12/maven-settings-3.9.12.jar
    MD5: c36d21412549711847bf183674c8d2ee
    SHA1: ca072f2b90a59d36d8218dd4e1460722db6e2322
    SHA256:eabb1adfa3ce3c9217318b6d289de20259ee42d7290660ed4358eecd56b5664f

    Identifiers

    • pkg:maven/org.apache.maven/maven-settings@3.9.12  (Confidence:High)

    maven-settings-builder-3.9.12.jar

    Description:

    The effective settings builder, with inheritance and password decryption.

    File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/apache/maven/maven-settings-builder/3.9.12/maven-settings-builder-3.9.12.jar
    MD5: d9dad42925db531f32bcc320783e7322
    SHA1: 1ddd0b8da05d120768142176476a06f489cea11c
    SHA256:92d137e366a4b4549eda848b52d968ef076ce24b9fb2db1b7a3083b9cc896eb1

    Identifiers

    • pkg:maven/org.apache.maven/maven-settings-builder@3.9.12  (Confidence:High)

    maven-shared-incremental-1.1.jar

    Description:

        Various utility classes and plexus components for supporting 
    incremental build functionality in maven plugins.

    File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/apache/maven/shared/maven-shared-incremental/1.1/maven-shared-incremental-1.1.jar
    MD5: 8a48e08aa027a7ac33fcc85054512021
    SHA1: 9d017a7584086755445c0a260dd9a1e9eae161a5
    SHA256:61988e54486a5dc38f06c70fdae5b108556c63bd433697b9f4305fcdb30fa40e

    Identifiers

    • pkg:maven/org.apache.maven.shared/maven-shared-incremental@1.1  (Confidence:High)

    maven-shared-utils-3.3.4.jar

    Description:

    Shared utilities for use by Maven core and plugins

    File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/apache/maven/shared/maven-shared-utils/3.3.4/maven-shared-utils-3.3.4.jar
    MD5: 908f2a0107ff330ac9b856356a0acaef
    SHA1: f87a61adb1e12a00dcc6cc6005a51e693aa7c4ac
    SHA256:7925d9c5a0e2040d24b8fae3f612eb399cbffe5838b33ba368777dc7bddf6dda

    Identifiers

    maven-shared-utils-3.4.2.jar

    Description:

    Shared utilities for use by Maven core and plugins

    File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/apache/maven/shared/maven-shared-utils/3.4.2/maven-shared-utils-3.4.2.jar
    MD5: 53a038f77a81cb5816ad2b1c7daa8711
    SHA1: bfa28296272a5915b08de9f11f34a94b0a818fd0
    SHA256:b613357e1bad4dfc1dead801691c9460f9585fe7c6b466bc25186212d7d18487

    Identifiers

    maven-site-plugin-3.12.1.jar

    Description:

    The Maven Site Plugin is a plugin that generates a site for the current project.

    File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/apache/maven/plugins/maven-site-plugin/3.12.1/maven-site-plugin-3.12.1.jar
    MD5: 61c90676990821dfc5caacb5e18586ee
    SHA1: 60f12a786e1ef2c344b239228ff815f4f63c2644
    SHA256:f7bd8e943977ca85022e1252d52575b769d12d49565375550251d2f471aa350c

    Identifiers

    • pkg:maven/org.apache.maven.plugins/maven-site-plugin@3.12.1  (Confidence:High)

    maven-surefire-common-3.2.2.jar

    Description:

    API used in Surefire and Failsafe MOJO.

    File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/apache/maven/surefire/maven-surefire-common/3.2.2/maven-surefire-common-3.2.2.jar
    MD5: 5af1a9b35a6662d16964ef7df7cc7b7a
    SHA1: f76740de8cbb4578348ff441e05b92112053f4df
    SHA256:be29879c7fd69d1ae225dce241524992046b270d84cf125bb372ebf62cf8762d

    Identifiers

    • pkg:maven/org.apache.maven.surefire/maven-surefire-common@3.2.2  (Confidence:High)

    maven-surefire-common-3.2.3.jar

    Description:

    API used in Surefire and Failsafe MOJO.

    File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/apache/maven/surefire/maven-surefire-common/3.2.3/maven-surefire-common-3.2.3.jar
    MD5: 8d4cb30aff4cfa5ae7eb05554797d03c
    SHA1: d2b1afbe237f80314f0610dae71ac7628e6699b3
    SHA256:286535a6c799516033535892613a89a32e3cb1e2b7076726a61451b222aac4e3

    Identifiers

    • pkg:maven/org.apache.maven.surefire/maven-surefire-common@3.2.3  (Confidence:High)

    maven-surefire-plugin-3.2.2.jar

    Description:

    Maven Surefire MOJO in maven-surefire-plugin.

    File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/apache/maven/plugins/maven-surefire-plugin/3.2.2/maven-surefire-plugin-3.2.2.jar
    MD5: 4fd8ea1ba31b9b25e196e7ad1c88a8ef
    SHA1: 11d4e9b45ce0953096896475ab212a605a63854e
    SHA256:fc1e5c8d637337551dac8c47a6f7a89a0e912b34d9dca781463c54ff89c51504

    Identifiers

    • pkg:maven/org.apache.maven.plugins/maven-surefire-plugin@3.2.2  (Confidence:High)

    maven-surefire-plugin-3.2.3.jar

    Description:

    Maven Surefire MOJO in maven-surefire-plugin.

    File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/apache/maven/plugins/maven-surefire-plugin/3.2.3/maven-surefire-plugin-3.2.3.jar
    MD5: 712aed086ad83fbbd1086e75b9bb0a73
    SHA1: 6bdd6a313718aebbbc297deba8930cf828427864
    SHA256:b395caef49297e4f5316ae442b6490f0f4dd3f51c81a1ebcc191441dc5e3d16e

    Identifiers

    • pkg:maven/org.apache.maven.plugins/maven-surefire-plugin@3.2.3  (Confidence:High)

    maven-wrapper.jar

    Description:

    Maven Wrapper Jar download, installs and launches installed target Maven distribution as part of Maven Wrapper scripts run.

    File Path: /builds/pub/numeco/misis/misis-backend/.mvn/wrapper/maven-wrapper.jar
    MD5: 6058337c6ed4603858c3b72f754efa9b
    SHA1: daa475c180514b4f190714f7a4df4ce4ec7b772d
    SHA256:e63a53cfb9c4d291ebe3c2b0edacb7622bbc480326beaa5a0456e412f52f066a

    Identifiers

    • pkg:maven/org.apache.maven.wrapper/maven-wrapper@3.2.0  (Confidence:High)

    maven-xml-impl-4.0.0-alpha-7.jar

    Description:

    Provides the implementation classes for the Maven API XML

    File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/apache/maven/maven-xml-impl/4.0.0-alpha-7/maven-xml-impl-4.0.0-alpha-7.jar
    MD5: ec115686a695a77105dcca8dfd5d40b4
    SHA1: 06678934d540a73916c58993f09495d53aac1291
    SHA256:c89323b70dd491a3ef21432dba4cad2b74e26caaafd77178b0f15313fe0bd5f0

    Identifiers

    • pkg:maven/org.apache.maven/maven-xml-impl@4.0.0-alpha-7  (Confidence:High)

    mockito-core-5.20.0.jar

    Description:

    Mockito mock objects library core API and implementation

    License:

    MIT: https://opensource.org/licenses/MIT
    File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/mockito/mockito-core/5.20.0/mockito-core-5.20.0.jar
    MD5: 05f1af408a8a9599b65453c3c3082f6e
    SHA1: a32f446f38acf636363c5693db6498047731b9e0
    SHA256:d1a96d252128d3a4247cfd8a2e76412efa3cc103977be17933c942117a24f374

    Identifiers

    • pkg:maven/org.mockito/mockito-core@5.20.0  (Confidence:High)

    mockito-junit-jupiter-5.20.0.jar

    Description:

    Mockito JUnit 5 support

    License:

    MIT: https://opensource.org/licenses/MIT
    File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/mockito/mockito-junit-jupiter/5.20.0/mockito-junit-jupiter-5.20.0.jar
    MD5: 34ac767475d435d77ed12d40847fd4a2
    SHA1: 58ed6603af5f8f53886d49be00264a3fdd1278d5
    SHA256:fd6c703c2b00b914f3adbc27b18077a708f3d6992f19242c444e737c6cce024e

    Identifiers

    • pkg:maven/org.mockito/mockito-junit-jupiter@5.20.0  (Confidence:High)

    modal.module.js

    File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/component/modal/modal.module.js
    MD5: 5874142d9289911ba4deb3c6ca639d83
    SHA1: b603a6a49d3edc52afac2e6ead54e42bac0075eb
    SHA256:8ec34dfcd327e972fa50a079882f63dbbd285a464f73de6ebf2e30c2ee0b0100

    Identifiers

    • None

    modal.module.min.js

    File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/component/modal/modal.module.min.js
    MD5: 9e568d506474bc6e1631fc11f5afc324
    SHA1: 3f0cb4c6de99c1dcbb93f7d899445fe79c73ec91
    SHA256:0db8472eaea8656a4200b281b636221e9e95897da12a115e9d93bf7f1093052d

    Identifiers

    • None

    modal.nomodule.js

    File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/component/modal/modal.nomodule.js
    MD5: a3b481766f92594533eae843f05ccf91
    SHA1: e7ee1be86960ee9b158a9f0431b6875368f04db1
    SHA256:552c2b668a0f66c07fc3fce37f5cc6a6c7f25fd2e4efe153831444d74fe55666

    Identifiers

    • None

    modal.nomodule.min.js

    File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/component/modal/modal.nomodule.min.js
    MD5: 15b7b33d1fca3bb795c8a83fc6da623e
    SHA1: 3b4b79b6d36215e2de78fb1673f08f56354d8602
    SHA256:7309e087664b68717981b771255ff1a64c596fa4ad93214114dad437026922b2

    Identifiers

    • None

    mojo-executor-2.4.0.jar

    File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/twdata/maven/mojo-executor/2.4.0/mojo-executor-2.4.0.jar
    MD5: ba2b0edcf5cfc3b5c2ba166aecc6c27c
    SHA1: 64f0498596a62e2917519268183e06b08ca3e4e1
    SHA256:7be7713cfd9f0e9fab9acbe2538bf06186ea6ae0cc80b324afdb3861aaf18889

    Identifiers

    • pkg:maven/org.twdata.maven/mojo-executor@2.4.0  (Confidence:High)

    mxparser-1.2.2.jar

    Description:

        MXParser is a fork of xpp3_min 1.1.7 containing only the parser with merged changes of the Plexus fork.

    License:

    Indiana University Extreme! Lab Software License: https://raw.githubusercontent.com/x-stream/mxparser/master/LICENSE.txt
    File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/io/github/x-stream/mxparser/1.2.2/mxparser-1.2.2.jar
    MD5: 9d7e42409dfdcee9bd17903015bdeae2
    SHA1: 476fb3b3bb3716cad797cd054ce45f89445794e9
    SHA256:aeeee23a3303d811bca8790ea7f25b534314861c03cff36dafdcc2180969eb97

    Identifiers

    • pkg:maven/io.github.x-stream/mxparser@1.2.2  (Confidence:High)

    nativeimage-23.1.2.jar

    Description:

    A framework that allows to customize native image generation.

    License:

    Universal Permissive License, Version 1.0: http://opensource.org/licenses/UPL
    File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/graalvm/sdk/nativeimage/23.1.2/nativeimage-23.1.2.jar
    MD5: bd492b0ac8b2711d5e59ec24467fb2f7
    SHA1: f5e116ec7e2f59c6975229aa762b7a07598e77a0
    SHA256:b20c00823c194cadcafc8e853b96a5754e641b467dc56634e738d756b308ad9a

    Identifiers

    navigation.module.js

    File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/component/navigation/navigation.module.js
    MD5: 31b789b22d9661d7e6e08d907f72e8a7
    SHA1: cdbc912ce5e7cc33b0c59e2adcb1c02775b1743a
    SHA256:6b85d74cde05b6cbdb685f30ffeb0f2f926599fe54eb67d7a8a851aaefb15713

    Identifiers

    • None

    navigation.module.min.js

    File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/component/navigation/navigation.module.min.js
    MD5: 1db8d2a46b86a1b6875504ede01cbfaf
    SHA1: a6265ca6a82afbf2e507a7b19b67c8650ef3361b
    SHA256:1181819e7395c16c14d96d46fdde5f8b15d544638750a9ab5efc1b228197c4d6

    Identifiers

    • None

    navigation.nomodule.js

    File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/component/navigation/navigation.nomodule.js
    MD5: 74f3ef0259f99df98c136eaab4bf48e3
    SHA1: f9f8703e3a384100d90cc2ff17c6f7f8440a8c8e
    SHA256:f25cc9c06161b9b0c0fa8152e25277913060764d309b7b2de35eec7f04568158

    Identifiers

    • None

    navigation.nomodule.min.js

    File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/component/navigation/navigation.nomodule.min.js
    MD5: b1d9282f5a6bb93cd99e7fd8ebd8633c
    SHA1: d15d35a7f70a0b0bc57106bfd1cbb814526a8dc8
    SHA256:18a8ab74dc07b60cb40d57b5aa6a672ae00a22c476c46eeb771bd20e477d5c4d

    Identifiers

    • None

    net.bytebuddy.byte-buddy-1.17.6.jar

    Description:

    Byte Buddy is a Java library for creating Java classes at run time.        This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.

    License:

    https://www.apache.org/licenses/LICENSE-2.0.txt
    File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/net.bytebuddy.byte-buddy-1.17.6.jar
    MD5: 8fc1457d342211ca6b76691d09fe982f
    SHA1: 8c70cbc6950b2ae5291a98d5003e06406d633803
    SHA256:d26382a839cb26d5c62a0b0f04715bcef55a531f96ac6ce40de452a1c0539e70

    Identifiers

    • None

    objenesis-3.3.jar

    Description:

    A library for instantiating Java objects

    License:

    http://www.apache.org/licenses/LICENSE-2.0.txt
    File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/objenesis/objenesis/3.3/objenesis-3.3.jar
    MD5: ab0e0b2ab81affdd7f38bcc60fd85571
    SHA1: 1049c09f1de4331e8193e579448d0916d75b7631
    SHA256:02dfd0b0439a5591e35b708ed2f5474eb0948f53abf74637e959b8e4ef69bfeb

    Identifiers

    • pkg:maven/org.objenesis/objenesis@3.3  (Confidence:High)

    opencensus-api-0.31.1.jar

    Description:

    null

    License:

    The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
    File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/io/opencensus/opencensus-api/0.31.1/opencensus-api-0.31.1.jar
    MD5: a5e7092bb89baaaee424f5a7b20d1bad
    SHA1: 66a60c7201c2b8b20ce495f0295b32bb0ccbbc57
    SHA256:f1474d47f4b6b001558ad27b952e35eda5cc7146788877fc52938c6eba24b382

    Identifiers

    • pkg:maven/io.opencensus/opencensus-api@0.31.1  (Confidence:High)

    opencensus-contrib-http-util-0.31.1.jar

    Description:

    null

    License:

    The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
    File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/io/opencensus/opencensus-contrib-http-util/0.31.1/opencensus-contrib-http-util-0.31.1.jar
    MD5: 9ecc9c428eb87dc734ae8d07b820ce26
    SHA1: 3c13fc5715231fadb16a9b74a44d9d59c460cfa8
    SHA256:3ea995b55a4068be22989b70cc29a4d788c2d328d1d50613a7a9afd13fdd2d0a

    Identifiers

    • pkg:maven/io.opencensus/opencensus-contrib-http-util@0.31.1  (Confidence:High)

    opentelemetry-sdk-1.55.0.jar

    Description:

    OpenTelemetry SDK

    License:

    The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
    File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/io/opentelemetry/opentelemetry-sdk/1.55.0/opentelemetry-sdk-1.55.0.jar
    MD5: 1c5e0a162ef1b99da83cc1a0324c8127
    SHA1: 457309ce1ed276bd9b1f4029c97c22721f58f346
    SHA256:d63231ea6fd33e0457c776a9aa8ae7ba778379b03119228ec56a5c8c16f9480e

    Identifiers

    opentest4j-1.2.0.jar

    Description:

    Open Test Alliance for the JVM

    License:

    The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
    File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/opentest4j/opentest4j/1.2.0/opentest4j-1.2.0.jar
    MD5: 45c9a837c21f68e8c93e85b121e2fb90
    SHA1: 28c11eb91f9b6d8e200631d46e20a7f407f2a046
    SHA256:58812de60898d976fb81ef3b62da05c6604c18fd4a249f5044282479fc286af2

    Identifiers

    • pkg:maven/org.opentest4j/opentest4j@1.2.0  (Confidence:High)

    opentest4j-1.3.0.jar

    Description:

    Open Test Alliance for the JVM

    License:

    The Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
    File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/opentest4j/opentest4j/1.3.0/opentest4j-1.3.0.jar
    MD5: 03c404f727531f3fd3b4c73997899327
    SHA1: 152ea56b3a72f655d4fd677fc0ef2596c3dd5e6e
    SHA256:48e2df636cab6563ced64dcdff8abb2355627cb236ef0bf37598682ddf742f1b

    Identifiers

    • pkg:maven/org.opentest4j/opentest4j@1.3.0  (Confidence:High)

    org.antlr.antlr4-runtime-4.13.2.jar

    Description:

    The ANTLR 4 Runtime

    License:

    https://www.antlr.org/license.html
    File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/org.antlr.antlr4-runtime-4.13.2.jar
    MD5: eecf1908f0cfff10f8bb82878b5ca401
    SHA1: fc3db6d844df652a3d5db31c87fa12757f13691d
    SHA256:dd3e8a13a2d669bf84fb8d834de35ce4875f27157698d206241ec8488aadcaf7

    Identifiers

    • None

    org.apache.camel.camel-api-4.16.0.jar (shaded: org.apache.camel:camel-api:4.16.0)

    Description:

    The Camel API

    License:

    Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
    File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/org.apache.camel.camel-api-4.16.0.jar/META-INF/maven/org.apache.camel/camel-api/pom.xml
    MD5: b8559fefb3d61f7240361cb07c5bd632
    SHA1: 4398efe9b9674fa57143a1fb8f7cf69b135e1e7f
    SHA256:8c23c50b4a609f9eafa867d9aaea9f428ac14ae4bed3eadb850debb7b8a5eb0a

    Identifiers

    CVE-2025-66169  

    Cypher Injection vulnerability in Apache Camel camel-neo4j component.

This issue affects Apache Camel: from 4.10.0 before 4.10.8, from 4.14.0 before 4.14.3, from 4.15.0 before 4.17.0

Users are recommended to upgrade to version 4.10.8 for 4.10.x LTS and 4.14.3 for 4.14.x LTS and 4.17.0.
    CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

    CVSSv3:
    • Base Score: MEDIUM (5.3)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A

    References:

    Vulnerable Software & Versions: (show all)

    org.apache.camel.camel-base-4.16.0.jar (shaded: org.apache.camel:camel-base:4.16.0)

    Description:

    The Base Camel Framework

    License:

    Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
    File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/org.apache.camel.camel-base-4.16.0.jar/META-INF/maven/org.apache.camel/camel-base/pom.xml
    MD5: eaa68109dd3afd1221b2a1df06e7d9ab
    SHA1: c439401e7c34e54bb4f0f294430f35a90f9836ee
    SHA256:f0100ecd9c631a6794135db3dea0ea033ba089791759718c44f03ee6cd365160

    Identifiers

    CVE-2025-66169  

    Cypher Injection vulnerability in Apache Camel camel-neo4j component.

This issue affects Apache Camel: from 4.10.0 before 4.10.8, from 4.14.0 before 4.14.3, from 4.15.0 before 4.17.0

Users are recommended to upgrade to version 4.10.8 for 4.10.x LTS and 4.14.3 for 4.14.x LTS and 4.17.0.
    CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

    CVSSv3:
    • Base Score: MEDIUM (5.3)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A

    References:

    Vulnerable Software & Versions: (show all)

    org.apache.camel.camel-base-engine-4.16.0.jar (shaded: org.apache.camel:camel-base-engine:4.16.0)

    Description:

    The Base Engine Camel Framework

    License:

    Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
    File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/org.apache.camel.camel-base-engine-4.16.0.jar/META-INF/maven/org.apache.camel/camel-base-engine/pom.xml
    MD5: e60bc48f016a9c862a4c724a62744431
    SHA1: c5282e19ecea31c83efc087a48b8d8b137400760
    SHA256:b07cbad0126cc2508bf51dce43d56d6128a12ea0318a4af06a5acc87a79b4344

    Identifiers

    CVE-2025-66169  

    Cypher Injection vulnerability in Apache Camel camel-neo4j component.

This issue affects Apache Camel: from 4.10.0 before 4.10.8, from 4.14.0 before 4.14.3, from 4.15.0 before 4.17.0

Users are recommended to upgrade to version 4.10.8 for 4.10.x LTS and 4.14.3 for 4.14.x LTS and 4.17.0.
    CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

    CVSSv3:
    • Base Score: MEDIUM (5.3)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A

    References:

    Vulnerable Software & Versions: (show all)

    org.apache.camel.camel-componentdsl-4.16.0.jar (shaded: org.apache.camel:camel-componentdsl:4.16.0)

    Description:

    The Camel Component DSL

    License:

    Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
    File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/org.apache.camel.camel-componentdsl-4.16.0.jar/META-INF/maven/org.apache.camel/camel-componentdsl/pom.xml
    MD5: 81cbc74d3000ac07ec19019ee79ded43
    SHA1: 289c25af37043368645b8f94bef61aa96006d80d
    SHA256:0e57d7033209f0974fc4fc69560ce957ac783bdfd56c426953a7b1fb60c4a518

    Identifiers

    CVE-2025-66169  

    Cypher Injection vulnerability in Apache Camel camel-neo4j component.

This issue affects Apache Camel: from 4.10.0 before 4.10.8, from 4.14.0 before 4.14.3, from 4.15.0 before 4.17.0

Users are recommended to upgrade to version 4.10.8 for 4.10.x LTS and 4.14.3 for 4.14.x LTS and 4.17.0.
    CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

    CVSSv3:
    • Base Score: MEDIUM (5.3)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A

    References:

    Vulnerable Software & Versions: (show all)

    org.apache.camel.camel-core-catalog-4.16.0.jar (shaded: org.apache.camel:camel-core-catalog:4.16.0)

    Description:

    The Camel Core Catalog

    License:

    Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
    File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/org.apache.camel.camel-core-catalog-4.16.0.jar/META-INF/maven/org.apache.camel/camel-core-catalog/pom.xml
    MD5: f8c1f74ce5e59f414c763e7f13251d67
    SHA1: 5dad93df999e49b440413e09fa4d76518df7e9e8
    SHA256:1cb1bf15015fc7fb667d3c656ac8b0315d3a9fb9f87fe35d8314e292526f319d

    Identifiers

    CVE-2025-66169  

    Cypher Injection vulnerability in Apache Camel camel-neo4j component.

This issue affects Apache Camel: from 4.10.0 before 4.10.8, from 4.14.0 before 4.14.3, from 4.15.0 before 4.17.0

Users are recommended to upgrade to version 4.10.8 for 4.10.x LTS and 4.14.3 for 4.14.x LTS and 4.17.0.
    CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

    CVSSv3:
    • Base Score: MEDIUM (5.3)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A

    References:

    Vulnerable Software & Versions: (show all)

    org.apache.camel.camel-core-engine-4.16.0.jar

    File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/org.apache.camel.camel-core-engine-4.16.0.jar
    MD5: b9d717c0d1fb31854058e553d6da4fcc
    SHA1: 47fc90a9555ecbc98b20f41704f51b5abe3ac62c
    SHA256:377a95fe31dd96aa0541b059c380177d0cc464019baf5e6e7647e40b9b380c3b

    Identifiers

    CVE-2025-66169  

    Cypher Injection vulnerability in Apache Camel camel-neo4j component.

This issue affects Apache Camel: from 4.10.0 before 4.10.8, from 4.14.0 before 4.14.3, from 4.15.0 before 4.17.0

Users are recommended to upgrade to version 4.10.8 for 4.10.x LTS and 4.14.3 for 4.14.x LTS and 4.17.0.
    CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

    CVSSv3:
    • Base Score: MEDIUM (5.3)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A

    References:

    Vulnerable Software & Versions: (show all)

    org.apache.camel.camel-core-languages-4.16.0.jar (shaded: org.apache.camel:camel-core-languages:4.16.0)

    Description:

    Camel Core Languages

    License:

    Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
    File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/org.apache.camel.camel-core-languages-4.16.0.jar/META-INF/maven/org.apache.camel/camel-core-languages/pom.xml
    MD5: 6695f48602ba77a1dddd9cc69c284409
    SHA1: 07b854d4736adfd96fbfdd8f5ae00d7fbd26a382
    SHA256:e81f88f095874a6b9c48656763ee01ef0eee0ca40e7a2c04519907aaa40c3a36

    Identifiers

    CVE-2025-66169  

    Cypher Injection vulnerability in Apache Camel camel-neo4j component.

This issue affects Apache Camel: from 4.10.0 before 4.10.8, from 4.14.0 before 4.14.3, from 4.15.0 before 4.17.0

Users are recommended to upgrade to version 4.10.8 for 4.10.x LTS and 4.14.3 for 4.14.x LTS and 4.17.0.
    CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

    CVSSv3:
    • Base Score: MEDIUM (5.3)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A

    References:

    Vulnerable Software & Versions: (show all)

    org.apache.camel.camel-core-model-4.16.0.jar (shaded: org.apache.camel:camel-core-model:4.16.0)

    Description:

    Camel model

    License:

    Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
    File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/org.apache.camel.camel-core-model-4.16.0.jar/META-INF/maven/org.apache.camel/camel-core-model/pom.xml
    MD5: 6e656068f50855ac4e28dde86f9444d4
    SHA1: 2070c7b69c08f54c97c8873c1f7b9f9b60aa9fa8
    SHA256:5a17861ebf44c6c9375e70471996e1ab49becb5d25a7b7492ae38cce08ee4100

    Identifiers

    CVE-2025-66169  

    Cypher Injection vulnerability in Apache Camel camel-neo4j component.

This issue affects Apache Camel: from 4.10.0 before 4.10.8, from 4.14.0 before 4.14.3, from 4.15.0 before 4.17.0

Users are recommended to upgrade to version 4.10.8 for 4.10.x LTS and 4.14.3 for 4.14.x LTS and 4.17.0.
    CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

    CVSSv3:
    • Base Score: MEDIUM (5.3)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A

    References:

    Vulnerable Software & Versions: (show all)

    org.apache.camel.camel-core-model-4.16.0.jar

    File Path: /builds/pub/numeco/misis/misis-backend/webapp/target/quarkus-app/lib/main/org.apache.camel.camel-core-model-4.16.0.jar
    MD5: 9b2306c6feb4c5a0bd89412b9097e426
    SHA1: 56dd95d102c749883955dbdcbbfb03c794cac709
    SHA256:d2c14e1709572fcf588c07f79fe176d144defd6d4f3661da8d4527b62fded8be

    Identifiers

    CVE-2025-66169  

    Cypher Injection vulnerability in Apache Camel camel-neo4j component.

This issue affects Apache Camel: from 4.10.0 before 4.10.8, from 4.14.0 before 4.14.3, from 4.15.0 before 4.17.0

Users are recommended to upgrade to version 4.10.8 for 4.10.x LTS and 4.14.3 for 4.14.x LTS and 4.17.0.
    CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

    CVSSv3:
    • Base Score: MEDIUM (5.3)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A

    References:

    Vulnerable Software & Versions: (show all)

    org.apache.camel.camel-core-processor-4.16.0.jar (shaded: org.apache.camel:camel-core-processor:4.16.0)

    Description:

    Camel core processors

    License:

    Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
    File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/org.apache.camel.camel-core-processor-4.16.0.jar/META-INF/maven/org.apache.camel/camel-core-processor/pom.xml
    MD5: 4fbefd9c591ce477c41497cddd53043e
    SHA1: 26d344b1d0e5db5a56c067ee2796ca1c626d82c4
    SHA256:4b4487d2976eaa9ce6ac662f1efad485746a6f613b677b0c484c1a6eb7da448e

    Identifiers

    CVE-2025-66169  

    Cypher Injection vulnerability in Apache Camel camel-neo4j component.

This issue affects Apache Camel: from 4.10.0 before 4.10.8, from 4.14.0 before 4.14.3, from 4.15.0 before 4.17.0

Users are recommended to upgrade to version 4.10.8 for 4.10.x LTS and 4.14.3 for 4.14.x LTS and 4.17.0.
    CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

    CVSSv3:
    • Base Score: MEDIUM (5.3)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A

    References:

    Vulnerable Software & Versions: (show all)

    org.apache.camel.camel-core-reifier-4.16.0.jar (shaded: org.apache.camel:camel-core-reifier:4.16.0)

    Description:

    Camel model to processor reifiers

    License:

    Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
    File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/org.apache.camel.camel-core-reifier-4.16.0.jar/META-INF/maven/org.apache.camel/camel-core-reifier/pom.xml
    MD5: 8618604cdf3596c727bb23d3218d8b19
    SHA1: 2844e79fd00c59b6559180e7345cc8c491b9a618
    SHA256:8c0dca36a833bb831671a69a5f953749b08ce088384c754a0919a1ed4d6e3508

    Identifiers

    CVE-2025-66169  

    Cypher Injection vulnerability in Apache Camel camel-neo4j component.

This issue affects Apache Camel: from 4.10.0 before 4.10.8, from 4.14.0 before 4.14.3, from 4.15.0 before 4.17.0

Users are recommended to upgrade to version 4.10.8 for 4.10.x LTS and 4.14.3 for 4.14.x LTS and 4.17.0.
    CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

    CVSSv3:
    • Base Score: MEDIUM (5.3)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A

    References:

    Vulnerable Software & Versions: (show all)

    org.apache.camel.camel-endpointdsl-4.16.0.jar (shaded: org.apache.camel:camel-endpointdsl:4.16.0)

    Description:

    The Camel Endpoint DSL

    License:

    Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
    File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/org.apache.camel.camel-endpointdsl-4.16.0.jar/META-INF/maven/org.apache.camel/camel-endpointdsl/pom.xml
    MD5: ccb04b7c58ece53530fa409e119f2019
    SHA1: 112f4c4ebb0bb6ee373594a1015905ec508b0e08
    SHA256:aafba87114c916d4f439ccdc7aafb1b702640685bcbe0373eabc073a8965eb42

    Identifiers

    CVE-2025-66169  

    Cypher Injection vulnerability in Apache Camel camel-neo4j component.

This issue affects Apache Camel: from 4.10.0 before 4.10.8, from 4.14.0 before 4.14.3, from 4.15.0 before 4.17.0

Users are recommended to upgrade to version 4.10.8 for 4.10.x LTS and 4.14.3 for 4.14.x LTS and 4.17.0.
    CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

    CVSSv3:
    • Base Score: MEDIUM (5.3)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A

    References:

    Vulnerable Software & Versions: (show all)

    org.apache.camel.camel-main-4.16.0.jar (shaded: org.apache.camel:camel-main:4.16.0)

    Description:

    Camel Main

    License:

    Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
    File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/org.apache.camel.camel-main-4.16.0.jar/META-INF/maven/org.apache.camel/camel-main/pom.xml
    MD5: 0e2e28e553ca8a070dfed6290e999d06
    SHA1: 4af7b0e70fd192695deac476f80ea1556e5d154c
    SHA256:a2e298075ea8cbb7e6dfc3830baa455b6df5ed3e2bf2f64a88de2bc504bb8055

    Identifiers

    CVE-2025-66169  

    Cypher Injection vulnerability in Apache Camel camel-neo4j component.

This issue affects Apache Camel: from 4.10.0 before 4.10.8, from 4.14.0 before 4.14.3, from 4.15.0 before 4.17.0

Users are recommended to upgrade to version 4.10.8 for 4.10.x LTS and 4.14.3 for 4.14.x LTS and 4.17.0.
    CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

    CVSSv3:
    • Base Score: MEDIUM (5.3)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A

    References:

    Vulnerable Software & Versions: (show all)

    org.apache.camel.camel-management-api-4.16.0.jar (shaded: org.apache.camel:camel-management-api:4.16.0)

    Description:

    The Camel Management API

    License:

    Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
    File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/org.apache.camel.camel-management-api-4.16.0.jar/META-INF/maven/org.apache.camel/camel-management-api/pom.xml
    MD5: 2a457c37600b4b09e7d2e3b1cc1421a1
    SHA1: 3a6b9430b009a470f1266ddb9051c9a2676f2ed5
    SHA256:a7218c10828aa08bb3d91da0c396d355470820f8344fe2a9371b4c274a60a0e0

    Identifiers

    CVE-2025-66169  

    Cypher Injection vulnerability in Apache Camel camel-neo4j component.

This issue affects Apache Camel: from 4.10.0 before 4.10.8, from 4.14.0 before 4.14.3, from 4.15.0 before 4.17.0

Users are recommended to upgrade to version 4.10.8 for 4.10.x LTS and 4.14.3 for 4.14.x LTS and 4.17.0.
    CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

    CVSSv3:
    • Base Score: MEDIUM (5.3)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A

    References:

    Vulnerable Software & Versions: (show all)

    org.apache.camel.camel-mapstruct-4.16.0.jar (shaded: org.apache.camel:camel-mapstruct:4.16.0)

    Description:

    Type Conversion using Mapstruct

    License:

    Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
    File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/org.apache.camel.camel-mapstruct-4.16.0.jar/META-INF/maven/org.apache.camel/camel-mapstruct/pom.xml
    MD5: 0164270459c774cac392c5b4b15282f5
    SHA1: 8802cba6cbd9fbf08529ec3e6d3c60185ace4f3d
    SHA256:e09033778bd870a5157abc58bba01005a39f825fa897deb46eaed62510e6649b

    Identifiers

    CVE-2025-66169  

    Cypher Injection vulnerability in Apache Camel camel-neo4j component.

This issue affects Apache Camel: from 4.10.0 before 4.10.8, from 4.14.0 before 4.14.3, from 4.15.0 before 4.17.0

Users are recommended to upgrade to version 4.10.8 for 4.10.x LTS and 4.14.3 for 4.14.x LTS and 4.17.0.
    CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

    CVSSv3:
    • Base Score: MEDIUM (5.3)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A

    References:

    Vulnerable Software & Versions: (show all)

    org.apache.camel.camel-microprofile-config-4.16.0.jar (shaded: org.apache.camel:camel-microprofile-config:4.16.0)

    Description:

    Bridging Eclipse MicroProfile Config with Camel properties

    License:

    Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
    File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/org.apache.camel.camel-microprofile-config-4.16.0.jar/META-INF/maven/org.apache.camel/camel-microprofile-config/pom.xml
    MD5: 1077fc45a7424bc1972df6cdafeb046b
    SHA1: a5a1daeef5bd01f095e232bc134277329dc1bfef
    SHA256:e5aba8d2e71c539f0e0d8e1fc08c70d4d225f8184182a4513b0c87c8a594cec1

    Identifiers

    CVE-2025-66169  

    Cypher Injection vulnerability in Apache Camel camel-neo4j component.

This issue affects Apache Camel: from 4.10.0 before 4.10.8, from 4.14.0 before 4.14.3, from 4.15.0 before 4.17.0

Users are recommended to upgrade to version 4.10.8 for 4.10.x LTS and 4.14.3 for 4.14.x LTS and 4.17.0.
    CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

    CVSSv3:
    • Base Score: MEDIUM (5.3)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A

    References:

    Vulnerable Software & Versions: (show all)

    org.apache.camel.camel-support-4.16.0.jar (shaded: org.apache.camel:camel-support:4.16.0)

    Description:

    The Camel Support

    License:

    Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
    File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/org.apache.camel.camel-support-4.16.0.jar/META-INF/maven/org.apache.camel/camel-support/pom.xml
    MD5: 7e97ef689926c32a0e7935d6371ccdc9
    SHA1: e180b8060d0ee762045763f9897958951e2aba65
    SHA256:cb1b0491718251d56c5f44d1e71f4dbd0a9a8d96cf25626ece1be36b828f62ec

    Identifiers

    CVE-2025-66169  

    Cypher Injection vulnerability in Apache Camel camel-neo4j component.

This issue affects Apache Camel: from 4.10.0 before 4.10.8, from 4.14.0 before 4.14.3, from 4.15.0 before 4.17.0

Users are recommended to upgrade to version 4.10.8 for 4.10.x LTS and 4.14.3 for 4.14.x LTS and 4.17.0.
    CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

    CVSSv3:
    • Base Score: MEDIUM (5.3)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A

    References:

    Vulnerable Software & Versions: (show all)

    org.apache.camel.camel-tooling-model-4.16.0.jar (shaded: org.apache.camel:camel-tooling-model:4.16.0)

    Description:

    Tooling Model

    License:

    Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
    File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/org.apache.camel.camel-tooling-model-4.16.0.jar/META-INF/maven/org.apache.camel/camel-tooling-model/pom.xml
    MD5: 2ec32fbabaecec395ae8fc17a51f64d2
    SHA1: fd53719aef43b256896f155c30a2690433edebb9
    SHA256:852d375cfdf8e8b2c00337681092a52036f844f5b962d3ceab4a3b6a9368b0ae

    Identifiers

    CVE-2025-66169  

    Cypher Injection vulnerability in Apache Camel camel-neo4j component.

This issue affects Apache Camel: from 4.10.0 before 4.10.8, from 4.14.0 before 4.14.3, from 4.15.0 before 4.17.0

Users are recommended to upgrade to version 4.10.8 for 4.10.x LTS and 4.14.3 for 4.14.x LTS and 4.17.0.
    CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

    CVSSv3:
    • Base Score: MEDIUM (5.3)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A

    References:

    Vulnerable Software & Versions: (show all)

    org.apache.camel.camel-util-4.17.0.jar

    File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/org.apache.camel.camel-util-4.17.0.jar
    MD5: 7a8f182f2de653a5a2c1b9cc4e77a317
    SHA1: ef1cf9fbf3d316ffecb5229ac6047aaae181b4e5
    SHA256:8834943ad996d92bbb855e371b3c1d2d298e16b26d1c65330f73f0029d042225

    Identifiers

    org.apache.camel.camel-util-json-4.16.0.jar (shaded: org.apache.camel:camel-util-json:4.16.0)

    Description:

    A json simple parser that preserves the ordering in Map as read from JSon source

    License:

    Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
    File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/org.apache.camel.camel-util-json-4.16.0.jar/META-INF/maven/org.apache.camel/camel-util-json/pom.xml
    MD5: e65f74805242e551da9e88188fbc80fc
    SHA1: 477204676f3d1b88ac92f1215ed6847aa9a03a2e
    SHA256:e0f8b89603896244c7720a7ed62ac74e46fdffe67d4721d6c051c114c392546d

    Identifiers

    CVE-2025-66169  

    Cypher Injection vulnerability in Apache Camel camel-neo4j component.

This issue affects Apache Camel: from 4.10.0 before 4.10.8, from 4.14.0 before 4.14.3, from 4.15.0 before 4.17.0

Users are recommended to upgrade to version 4.10.8 for 4.10.x LTS and 4.14.3 for 4.14.x LTS and 4.17.0.
    CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

    CVSSv3:
    • Base Score: MEDIUM (5.3)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A

    References:

    Vulnerable Software & Versions: (show all)

    org.apache.camel.camel-xml-jaxp-util-4.16.0.jar (shaded: org.apache.camel:camel-xml-jaxp-util:4.16.0)

    Description:

    Camel XML JAXP Util

    License:

    Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
    File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/org.apache.camel.camel-xml-jaxp-util-4.16.0.jar/META-INF/maven/org.apache.camel/camel-xml-jaxp-util/pom.xml
    MD5: 5172f3565ac6f23cf5fcdee13b3f23a4
    SHA1: 617ffec3395bd6b46d006146a8379f5e5ca1af1d
    SHA256:dcfb73cc69f86d84a01d847b0a4d392b9f42458d2a00b6377a4eebc40ce510d9

    Identifiers

    CVE-2025-66169  

    Cypher Injection vulnerability in Apache Camel camel-neo4j component.

This issue affects Apache Camel: from 4.10.0 before 4.10.8, from 4.14.0 before 4.14.3, from 4.15.0 before 4.17.0

Users are recommended to upgrade to version 4.10.8 for 4.10.x LTS and 4.14.3 for 4.14.x LTS and 4.17.0.
    CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

    CVSSv3:
    • Base Score: MEDIUM (5.3)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A

    References:

    Vulnerable Software & Versions: (show all)

    org.apache.camel.quarkus.camel-quarkus-core-3.30.0.jar

    File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/org.apache.camel.quarkus.camel-quarkus-core-3.30.0.jar
    MD5: ad1624277e76740f54250074d7410d60
    SHA1: 840327cb6e6cb86811874aa2c1482b048d56f43e
    SHA256:ae20161e8b0f785b2249c2492ae0c8b599106f73b526c43dc321f580ee9af661

    Identifiers

    org.apache.camel.quarkus.camel-quarkus-mapstruct-3.30.0.jar (shaded: org.apache.camel.quarkus:camel-quarkus-mapstruct:3.30.0)

    Description:

    Type Conversion using Mapstruct

    File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/org.apache.camel.quarkus.camel-quarkus-mapstruct-3.30.0.jar/META-INF/maven/org.apache.camel.quarkus/camel-quarkus-mapstruct/pom.xml
    MD5: 320be069ad2833a65f3aebae78a4622d
    SHA1: 7bebec08f44742772f070069e7c44641604b9527
    SHA256:7a1c6b8fefde26927bf13381741f6d881be2eb53631bc848f858a33319fb6a8e

    Identifiers

    org.apache.camel.quarkus.camel-quarkus-mapstruct-3.30.0.jar

    File Path: /builds/pub/numeco/misis/misis-backend/webapp/target/quarkus-app/lib/main/org.apache.camel.quarkus.camel-quarkus-mapstruct-3.30.0.jar
    MD5: e18edae76dc98448742539aa8215bc24
    SHA1: d44c16ad408779bcaf43e48ff01e427ca13ecfa1
    SHA256:847fbd4fc58a2021c63dd5ddc6381d883d180a03919f184e6731a2c78cdc6080

    Identifiers

    org.apache.commons.commons-collections4-4.5.0.jar

    Description:

    The Apache Commons Collections package contains types that extend and augment the Java Collections Framework.

    License:

    https://www.apache.org/licenses/LICENSE-2.0.txt
    File Path: /builds/pub/numeco/misis/misis-backend/webapp/target/quarkus-app/lib/main/org.apache.commons.commons-collections4-4.5.0.jar
    MD5: d564105594035b363b193d8ce3c18b98
    SHA1: e5cf89f0c6e132fc970bd9a465fdcb8dbe94f75a
    SHA256:00f93263c267be201b8ae521b44a7137271b16688435340bf629db1bac0a5845

    Identifiers

    org.apache.commons.commons-exec-1.5.0.jar

    Description:

    Apache Commons Exec is a library to reliably execute external processes from within the JVM.

    License:

    https://www.apache.org/licenses/LICENSE-2.0.txt
    File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/org.apache.commons.commons-exec-1.5.0.jar
    MD5: 9de95ba7000a7ea8643981e4fe87b01e
    SHA1: d83ddeb0b9e0f3011a6902984551fc2d3aa1fe7c
    SHA256:d52d35801747902527826cca30734034e65baa7f36836cc0facf67131025f703

    Identifiers

    CVE-2021-37533  

    Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711.
    CWE-20 Improper Input Validation

    CVSSv3:
    • Base Score: MEDIUM (6.5)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:2.8/RC:R/MAV:A

    References:

    Vulnerable Software & Versions:

    org.apache.commons.commons-lang3-3.17.0.jar

    Description:

    Apache Commons Lang, a package of Java utility classes for the  classes that are in java.lang's hierarchy, or are considered to be so  standard as to justify existence in java.lang.  The code is tested using the latest revision of the JDK for supported  LTS releases: 8, 11, 17 and 21 currently.  See https://github.com/apache/commons-lang/blob/master/.github/workflows/maven.yml    Please ensure your build environment is up-to-date and kindly report any build issues.

    License:

    https://www.apache.org/licenses/LICENSE-2.0.txt
    File Path: /builds/pub/numeco/misis/misis-backend/webapp/target/quarkus-app/lib/main/org.apache.commons.commons-lang3-3.17.0.jar
    MD5: 7730df72b7fdff4a3a32d89a314f826a
    SHA1: b17d2136f0460dcc0d2016ceefca8723bdf4ee70
    SHA256:6ee731df5c8e5a2976a1ca023b6bb320ea8d3539fbe64c8a1d5cb765127c33b4

    Identifiers

    CVE-2025-48924  

    Uncontrolled Recursion vulnerability in Apache Commons Lang.

This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0.

The methods ClassUtils.getClass(...) can throw StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a 
StackOverflowError could cause an application to stop.

Users are recommended to upgrade to version 3.18.0, which fixes the issue.
    CWE-674 Uncontrolled Recursion

    CVSSv3:
    • Base Score: MEDIUM (5.3)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:3.9/RC:R/MAV:A

    References:

    Vulnerable Software & Versions: (show all)

    org.apache.commons.commons-text-1.14.0.jar

    Description:

    Apache Commons Text is a set of utility functions and reusable components for processing    and manipulating text in a Java environment.

    License:

    https://www.apache.org/licenses/LICENSE-2.0.txt
    File Path: /builds/pub/numeco/misis/misis-backend/webapp/target/quarkus-app/lib/main/org.apache.commons.commons-text-1.14.0.jar
    MD5: 54960a12a82d52df3d5548d6934d87b2
    SHA1: adcb0d4c67eabc79682604b47eb852aaff21138a
    SHA256:121fce2282910c8f0c3ba793a5436b31beb710423cbe2d574a3fb7a73c508e92

    Identifiers

    CVE-2021-37533  

    Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711.
    CWE-20 Improper Input Validation

    CVSSv3:
    • Base Score: MEDIUM (6.5)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:2.8/RC:R/MAV:A

    References:

    Vulnerable Software & Versions:

    org.bitbucket.b_c.jose4j-0.9.6.jar

    Description:

    The jose.4.j library is a robust and easy to use open source implementation of JSON Web Token (JWT) and the JOSE specification suite (JWS, JWE, and JWK).     It is written in Java and relies solely on the JCA APIs for cryptography.     Please see https://bitbucket.org/b_c/jose4j/wiki/Home for more info, examples, etc..

    License:

    http://www.apache.org/licenses/LICENSE-2.0.txt
    File Path: /builds/pub/numeco/misis/misis-backend/webapp/target/quarkus-app/lib/main/org.bitbucket.b_c.jose4j-0.9.6.jar
    MD5: f57cb91efc5beaa940029f5515a888c2
    SHA1: 357a3836bb5da16f314f3a1e954518e5468cd915
    SHA256:7314af50cde9c99e8eaf43eee617a23edcc6bb43036221064355094999d837ef

    Identifiers

    • cpe:2.3:a:jose4j_project:jose4j:0.9.6:*:*:*:*:*:*:*  (Confidence:Low)  

    org.crac.crac-1.5.0.jar

    Description:

    A wrapper for OpenJDK CRaC API to build and run on any JDK

    License:

    BSD-2-Clause;link="https://opensource.org/licenses/BSD-2-Clause"
    File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/boot/org.crac.crac-1.5.0.jar
    MD5: 1f2036c6092e74113d21a0387eddbcfd
    SHA1: 558290505b200b22bcd2396362877beae37f45b6
    SHA256:f4426e1641c8f0fa2f025a4cd7c40c285abaf265930e6717adfcaef03d034850

    Identifiers

    • None

    org.eclipse.angus.angus-activation-2.0.3.jar

    Description:

    Angus Activation Registries Implementation

    License:

    http://www.eclipse.org/org/documents/edl-v10.php
    File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/org.eclipse.angus.angus-activation-2.0.3.jar
    MD5: ad20392145690b36b4f950fe31a31a2a
    SHA1: 7f80607ea5014fef0b1779e6c33d63a88a45a563
    SHA256:a6bd35c538cf90fff941ad6258c40c08fca0b5c9c3f536c657114f27ce0527a7

    Identifiers

    CVE-2025-7962  

    In Jakarta Mail 2.0.2 it is possible to preform a SMTP Injection by utilizing the \r and \n UTF-8 characters to separate different messages.
    CWE-147 Improper Neutralization of Input Terminators

    CVSSv4:
    • Base Score: MEDIUM (6.0)
    • Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:N/V:X/RE:X/U:X
    CVSSv3:
    • Base Score: HIGH (7.5)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:3.9/RC:R/MAV:A

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2023-4218  

    In Eclipse IDE versions < 2023-09 (4.29) some files with xml content are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil project or update an open project with a vulnerable file (for example for review a foreign repository or patch).
    CWE-611 Improper Restriction of XML External Entity Reference

    CVSSv3:
    • Base Score: MEDIUM (5.0)
    • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:1.3/RC:R/MAV:A

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2008-7271  

    Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE, possibly 3.3.2, allow remote attackers to inject arbitrary web script or HTML via (1) the searchWord parameter to help/advanced/searchView.jsp or (2) the workingSet parameter in an add action to help/advanced/workingSetManager.jsp, a different issue than CVE-2010-4647.
    CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

    CVSSv2:
    • Base Score: MEDIUM (4.3)
    • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2010-4647  

    Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE before 3.6.2 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) help/index.jsp or (2) help/advanced/content.jsp.
    CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

    CVSSv2:
    • Base Score: MEDIUM (4.3)
    • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

    References:
    • af854a3a-2127-422b-91ae-364da2661108 - EXPLOIT
    • af854a3a-2127-422b-91ae-364da2661108 - EXPLOIT
    • secalert@redhat.com - EXPLOIT
    • secalert@redhat.com - EXPLOIT

    Vulnerable Software & Versions: (show all)

    org.eclipse.microprofile.config.microprofile-config-api-3.1.jar

    Description:

    MicroProfile Config :: API

    License:

    "Apache License, Version 2.0";link="https://www.apache.org/licenses/LICENSE-2.0.txt"
    File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/org.eclipse.microprofile.config.microprofile-config-api-3.1.jar
    MD5: eafb265a1776be25ab19d4f7834c6ec8
    SHA1: cef8b70598a93582a4084fe67f4686eb399e70fd
    SHA256:dee277f81e1edfeafd5e43589441ecdf434500fe4a31d035e74b8e6d8e7bfd91

    Identifiers

    • cpe:2.3:a:payara:payara:3.1:*:*:*:*:*:*:*  (Confidence:Low)  

    CVE-2022-37422  

    Payara through 5.2022.2 allows directory traversal without authentication. This affects Payara Server, Payara Micro, and Payara Server Embedded.
    CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

    CVSSv3:
    • Base Score: HIGH (7.5)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2022-45129  

    Payara before 2022-11-04, when deployed to the root context, allows attackers to visit META-INF and WEB-INF, a different vulnerability than CVE-2022-37422. This affects Payara Platform Community before 4.1.2.191.38, 5.x before 5.2022.4, and 6.x before 6.2022.1, and Payara Platform Enterprise before 5.45.0.
    CWE-552 Files or Directories Accessible to External Parties

    CVSSv3:
    • Base Score: HIGH (7.5)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A

    References:

    Vulnerable Software & Versions: (show all)

    org.eclipse.microprofile.context-propagation.microprofile-context-propagation-api-1.3.jar

    Description:

    "MicroProfile Context Propagation :: API"

    License:

    "Apache License, Version 2.0";link="https://www.apache.org/licenses/LICENSE-2.0.txt";description="A business-friendly OSS license"
    File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/org.eclipse.microprofile.context-propagation.microprofile-context-propagation-api-1.3.jar
    MD5: 14c55bb802683e780087d97fb9b92de1
    SHA1: aab6a415754137629e725a9927702a5cd68038c2
    SHA256:69ccc04487e87779d4970aa50c673cc34a9df080c1c0e8d8eab2e8b46f825cf4

    Identifiers

    • None

    org.eclipse.microprofile.health.microprofile-health-api-4.0.1.jar

    Description:

    MicroProfile Health :: API

    License:

    Apache License, Version 2.0
    File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/org.eclipse.microprofile.health.microprofile-health-api-4.0.1.jar
    MD5: 1d023ee3b9b8545318fdeebe98d66d74
    SHA1: 395ea08f4f636696fb23b84a18ba81430cfebe7c
    SHA256:b89ca4b6c4f7a044250d31c0673f6bc221e40fd669fc5871dbad5e5a0769ca47

    Identifiers

    • None

    org.eclipse.microprofile.jwt.microprofile-jwt-auth-api-2.1.jar

    Description:

    MicroProfile Parent POM

    License:

    Apache License, Version 2.0
    File Path: /builds/pub/numeco/misis/misis-backend/webapp/target/quarkus-app/lib/main/org.eclipse.microprofile.jwt.microprofile-jwt-auth-api-2.1.jar
    MD5: eae8e3df5ec1c2ef20161232279b42ab
    SHA1: 895da00d45d76ffcdaf5e3a45987a1b286e22a58
    SHA256:e81a237ecb81e4f360ed5e7928d42bf3eedd1d73fe3a343d65ed1578f5169bad

    Identifiers

    • cpe:2.3:a:payara:payara:2.1:*:*:*:*:*:*:*  (Confidence:Low)  

    CVE-2022-37422  

    Payara through 5.2022.2 allows directory traversal without authentication. This affects Payara Server, Payara Micro, and Payara Server Embedded.
    CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

    CVSSv3:
    • Base Score: HIGH (7.5)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2022-45129  

    Payara before 2022-11-04, when deployed to the root context, allows attackers to visit META-INF and WEB-INF, a different vulnerability than CVE-2022-37422. This affects Payara Platform Community before 4.1.2.191.38, 5.x before 5.2022.4, and 6.x before 6.2022.1, and Payara Platform Enterprise before 5.45.0.
    CWE-552 Files or Directories Accessible to External Parties

    CVSSv3:
    • Base Score: HIGH (7.5)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A

    References:

    Vulnerable Software & Versions: (show all)

    org.eclipse.microprofile.openapi.microprofile-openapi-api-4.1.1.jar

    Description:

    MicroProfile OpenAPI :: API

    License:

    Apache License, Version 2.0
    File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/org.eclipse.microprofile.openapi.microprofile-openapi-api-4.1.1.jar
    MD5: 00eafb191dca101c9674638209b2627f
    SHA1: b5c2ba3a39e2f20f347754325b3136f6703a23fd
    SHA256:1e333f5bd206245e7a4d0a3dd5f2bab1820fc3b950b77e96008fcdb7b77d9150

    Identifiers

    • None

    org.eclipse.microprofile.reactive-streams-operators.microprofile-reactive-streams-operators-api-3.0.1.jar

    Description:

    Eclipse MicroProfile Reactive Streams Operators :: API

    License:

    Apache License, Version 2.0
    File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/org.eclipse.microprofile.reactive-streams-operators.microprofile-reactive-streams-operators-api-3.0.1.jar
    MD5: 5faf3b618f3dbf5df1af27629d77d28b
    SHA1: 2eff9f75a4188f3289714a98b93c2d9a68f0fd6b
    SHA256:2eb30081f2674e674c6587592747a81a4d92d2da1a735be5f645901de60f9f8d

    Identifiers

    • None

    org.eclipse.microprofile.reactive-streams-operators.microprofile-reactive-streams-operators-core-3.0.1.jar

    Description:

    MicroProfile Reactive Streams Operators :: Core Implementation

    License:

    Apache License, Version 2.0
    File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/org.eclipse.microprofile.reactive-streams-operators.microprofile-reactive-streams-operators-core-3.0.1.jar
    MD5: 2d5566170cd86acda4806d3a9d5498c7
    SHA1: aed680b9237e81d375f449a7ee816f38c9159f6a
    SHA256:276810a28dcab1ae1b929f0ade42581d6553847fc42acbf9b5d89904cf9c2f4a

    Identifiers

    • None

    org.eclipse.parsson.parsson-1.1.7.jar

    Description:

    Jakarta JSON Processing provider

    License:

    https://projects.eclipse.org/license/epl-2.0, https://projects.eclipse.org/license/secondary-gpl-2.0-cp
    File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/org.eclipse.parsson.parsson-1.1.7.jar
    MD5: 2aeb1c0343fb4bcb8a0e4cf9ec063950
    SHA1: f5825abecd373006262dd319d7df8c5cdbd140ca
    SHA256:c21db018f8ac6cf79893f1af77f1cd337937bd12ae6fa3d4b10f5a00819ee56c

    Identifiers

    • cpe:2.3:a:eclipse:eclipse_ide:1.1.7:*:*:*:*:*:*:*  (Confidence:Low)  
    • cpe:2.3:a:eclipse:parsson:1.1.7:*:*:*:*:*:*:*  (Confidence:Low)  

    CVE-2023-4218  

    In Eclipse IDE versions < 2023-09 (4.29) some files with xml content are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil project or update an open project with a vulnerable file (for example for review a foreign repository or patch).
    CWE-611 Improper Restriction of XML External Entity Reference

    CVSSv3:
    • Base Score: MEDIUM (5.0)
    • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:1.3/RC:R/MAV:A

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2008-7271  

    Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE, possibly 3.3.2, allow remote attackers to inject arbitrary web script or HTML via (1) the searchWord parameter to help/advanced/searchView.jsp or (2) the workingSet parameter in an add action to help/advanced/workingSetManager.jsp, a different issue than CVE-2010-4647.
    CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

    CVSSv2:
    • Base Score: MEDIUM (4.3)
    • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2010-4647  

    Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE before 3.6.2 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) help/index.jsp or (2) help/advanced/content.jsp.
    CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

    CVSSv2:
    • Base Score: MEDIUM (4.3)
    • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

    References:
    • af854a3a-2127-422b-91ae-364da2661108 - EXPLOIT
    • af854a3a-2127-422b-91ae-364da2661108 - EXPLOIT
    • secalert@redhat.com - EXPLOIT
    • secalert@redhat.com - EXPLOIT

    Vulnerable Software & Versions: (show all)

    org.eclipse.sisu.inject-0.9.0.M3.jar

    Description:

    JSR330-based container; supports classpath scanning, auto-binding, and dynamic auto-wiring

    License:

    "Eclipse Public License, Version 2.0";link="https://www.eclipse.org/legal/epl-v20.html"
    File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/eclipse/sisu/org.eclipse.sisu.inject/0.9.0.M3/org.eclipse.sisu.inject-0.9.0.M3.jar
    MD5: 643a13084e0ac59cdda06319e1b348ea
    SHA1: 3665002ba4d16dfa779ef658a63d0608c4bd898b
    SHA256:15335c4dcf082f599fb8eddcfb58d6a7e9a9c97de2883c257089a479b9b24522

    Identifiers

    • pkg:maven/org.eclipse.sisu/org.eclipse.sisu.inject@0.9.0.M3  (Confidence:High)

    org.eclipse.sisu.inject-0.9.0.M4.jar

    Description:

    JSR330-based container; supports classpath scanning, auto-binding, and dynamic auto-wiring

    License:

    "Eclipse Public License, Version 2.0";link="https://www.eclipse.org/legal/epl-v20.html"
    File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/eclipse/sisu/org.eclipse.sisu.inject/0.9.0.M4/org.eclipse.sisu.inject-0.9.0.M4.jar
    MD5: ee95c1a11ba4ca38368d71ef05676cfc
    SHA1: a062d8e12dc62e698c9f943a3fce94e366b4e220
    SHA256:1cbd7a965a5e2a9ea823bab311962a4e5aa5c240705bdbad5a52b40ffdfa1004

    Identifiers

    • pkg:maven/org.eclipse.sisu/org.eclipse.sisu.inject@0.9.0.M4  (Confidence:High)

    org.eclipse.sisu.plexus-0.9.0.M3.jar

    Description:

    Plexus-JSR330 adapter; adds Plexus support to the Sisu-Inject container

    License:

    "Eclipse Public License, Version 2.0";link="https://www.eclipse.org/legal/epl-v20.html"
    File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/eclipse/sisu/org.eclipse.sisu.plexus/0.9.0.M3/org.eclipse.sisu.plexus-0.9.0.M3.jar
    MD5: 964e7bc9837b270566f18b87af65f5d7
    SHA1: b493c7abcc6e04fa0a6a20d489a3db0395c76f70
    SHA256:c99674d3773e26154885661711f0b6d63aa5008f5cc99227a236756d4ad9de5e

    Identifiers

    • pkg:maven/org.eclipse.sisu/org.eclipse.sisu.plexus@0.9.0.M3  (Confidence:High)

    org.eclipse.sisu.plexus-0.9.0.M4.jar

    Description:

    Plexus-JSR330 adapter; adds Plexus support to the Sisu-Inject container

    License:

    "Eclipse Public License, Version 2.0";link="https://www.eclipse.org/legal/epl-v20.html"
    File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/eclipse/sisu/org.eclipse.sisu.plexus/0.9.0.M4/org.eclipse.sisu.plexus-0.9.0.M4.jar
    MD5: 51eea54bbc85323fc68f6a79f9b8f179
    SHA1: 478f7935e88cd9da7ef01f509e4853e80ede9034
    SHA256:b90579bc652eac7331436e0a25533fce14130b9c6e015f2dd3a3d4bb07e942b7

    Identifiers

    • pkg:maven/org.eclipse.sisu/org.eclipse.sisu.plexus@0.9.0.M4  (Confidence:High)

    org.glassfish.expressly.expressly-6.0.0.jar

    Description:

    Jakarta Expression Language Implementation

    License:

    https://www.eclipse.org/org/documents/epl-2.0/EPL-2.0.txt, https://www.gnu.org/software/classpath/license.html
    File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/org.glassfish.expressly.expressly-6.0.0.jar
    MD5: e19bad48904a955072a576f0efea554b
    SHA1: 0524fa43fa48fc68fb62604cf14ce71b31caf7c0
    SHA256:86ee67c7040278bac5204b571f738b8b859f014ceb5f896bd935bacbdaf33cb9

    Identifiers

    CVE-2023-5763  

    In Eclipse Glassfish 5 or 6, running with old versions of JDK (lower than 6u211, or < 7u201, or < 8u191), allows remote attackers to load malicious code on the server via access to insecure ORB listeners.
    CWE-20 Improper Input Validation, CWE-913 Improper Control of Dynamically-Managed Code Resources

    CVSSv3:
    • Base Score: CRITICAL (9.8)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A

    References:

    Vulnerable Software & Versions:

    CVE-2022-2712  

    In Eclipse GlassFish versions 5.1.0 to 6.2.5, there is a vulnerability in relative path traversal because it does not filter request path starting with './'. Successful exploitation could allow an remote unauthenticated attacker to access critical data, such as configuration files and deployed application source code.
    CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

    CVSSv3:
    • Base Score: HIGH (7.5)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A

    References:

      Vulnerable Software & Versions:

      CVE-2024-9329  

      In Eclipse Glassfish versions before 7.0.17, The Host HTTP parameter could cause the web application to redirect to the specified URL, when the requested endpoint is '/management/domain'. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.
      CWE-601 URL Redirection to Untrusted Site ('Open Redirect'), CWE-233 Improper Handling of Parameters

      CVSSv4:
      • Base Score: MEDIUM (6.9)
      • Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:N/V:X/RE:X/U:X
      CVSSv3:
      • Base Score: MEDIUM (6.1)
      • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

      References:

      Vulnerable Software & Versions:

      CVE-2024-8646  

      In Eclipse Glassfish versions prior to 7.0.10, a URL redirection vulnerability to untrusted sites existed.
This vulnerability is caused by the vulnerability (CVE-2023-41080) in the Apache code included in GlassFish.
This vulnerability only affects applications that are explicitly deployed to the root context ('/').
      CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

      CVSSv3:
      • Base Score: MEDIUM (6.1)
      • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

      References:

      Vulnerable Software & Versions:

      org.glassfish.jaxb.jaxb-core-4.0.6.jar

      Description:

      JAXB Core module. Contains sources required by XJC, JXC and Runtime modules.

      License:

      http://www.eclipse.org/org/documents/edl-v10.php
      File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/org.glassfish.jaxb.jaxb-core-4.0.6.jar
      MD5: e36c915cf47342b4fe31ffba3407b928
      SHA1: 8e61282303777fc98a00cc3affd0560d68748a75
      SHA256:ebbd274207b4860d0dc6e2d44d6dbdb5945cede01222d2e50661d45f5d46c0f7

      Identifiers

      • cpe:2.3:a:eclipse:glassfish:4.0.6:*:*:*:*:*:*:*  (Confidence:Low)  

      CVE-2024-9329  

      In Eclipse Glassfish versions before 7.0.17, The Host HTTP parameter could cause the web application to redirect to the specified URL, when the requested endpoint is '/management/domain'. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.
      CWE-601 URL Redirection to Untrusted Site ('Open Redirect'), CWE-233 Improper Handling of Parameters

      CVSSv4:
      • Base Score: MEDIUM (6.9)
      • Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:N/V:X/RE:X/U:X
      CVSSv3:
      • Base Score: MEDIUM (6.1)
      • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

      References:

      Vulnerable Software & Versions:

      org.glassfish.jaxb.txw2-4.0.6.jar

      File Path: /builds/pub/numeco/misis/misis-backend/webapp/target/quarkus-app/lib/main/org.glassfish.jaxb.txw2-4.0.6.jar
      MD5: 0bf7070aee3bb53640d2ea6441e059fb
      SHA1: 4f4cd53b5ff9a2c5aa1211f15ed2569c57dfb044
      SHA256:fcc749785412ef3806fde1ce70f93ef5a0065dcc47fe449bc871db0795cb11af

      Identifiers

      • cpe:2.3:a:eclipse:glassfish:4.0.6:*:*:*:*:*:*:*  (Confidence:Low)  

      CVE-2024-9329  

      In Eclipse Glassfish versions before 7.0.17, The Host HTTP parameter could cause the web application to redirect to the specified URL, when the requested endpoint is '/management/domain'. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.
      CWE-601 URL Redirection to Untrusted Site ('Open Redirect'), CWE-233 Improper Handling of Parameters

      CVSSv4:
      • Base Score: MEDIUM (6.9)
      • Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:N/V:X/RE:X/U:X
      CVSSv3:
      • Base Score: MEDIUM (6.1)
      • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

      References:

      Vulnerable Software & Versions:

      org.hibernate.models.hibernate-models-1.0.1.jar

      File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/org.hibernate.models.hibernate-models-1.0.1.jar
      MD5: 911e7ad11382712f0869328465937718
      SHA1: 3158c5f9309494b905de62c72f6f02d108aea651
      SHA256:bdb42c4979001742ebc098f3b206dd1057dc93be55c50a31c3f027d3eed06412

      Identifiers

      • None

      org.hibernate.orm.hibernate-core-7.1.11.Final.jar

      File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/org.hibernate.orm.hibernate-core-7.1.11.Final.jar
      MD5: 4e165c298d5f880836185259ce51e942
      SHA1: 1b07cd175f8999792e1a46f3bba7464164f4dfbe
      SHA256:de30f99eecedaecc8e3370f418c54b77bb5d2c0862d32d2e1bc4db8a52852eff

      Identifiers

      org.hibernate.orm.hibernate-graalvm-7.1.11.Final.jar

      File Path: /builds/pub/numeco/misis/misis-backend/webapp/target/quarkus-app/lib/main/org.hibernate.orm.hibernate-graalvm-7.1.11.Final.jar
      MD5: 67ce5aa9bd09085f058149dc4641fadf
      SHA1: f3f7eade70c3914a60b3c74a4d53e770e3cacfa3
      SHA256:eeea166a729c82365ecd12259796a14b239286a4833e5a9626a93d48d5096574

      Identifiers

      org.hibernate.quarkus-local-cache-0.3.1.jar

      File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/org.hibernate.quarkus-local-cache-0.3.1.jar
      MD5: 8e6b3de7a260ef80f279033127757ebd
      SHA1: a0e9b53ad67b9735cdc320ca1428688d5f777d1d
      SHA256:a8feb703499dfaf129a364c84e1fb5f6c9738b96b6ac3e59dfc4697652a23d0b

      Identifiers

      CVE-2022-21724  

      pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pgjdbc instantiates plugin instances based on class names provided via `authenticationPluginClassName`, `sslhostnameverifier`, `socketFactory`, `sslfactory`, `sslpasswordcallback` connection properties. However, the driver did not verify if the class implements the expected interface before instantiating the class. This can lead to code execution loaded via arbitrary classes. Users using plugins are advised to upgrade. There are no known workarounds for this issue.
      CWE-665 Improper Initialization

      CVSSv3:
      • Base Score: CRITICAL (9.8)
      • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
      CVSSv2:
      • Base Score: HIGH (7.5)
      • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2022-4116  

      A vulnerability was found in quarkus. This security flaw happens in Dev UI Config Editor which is vulnerable to drive-by localhost attacks leading to remote code execution.
      NVD-CWE-noinfo

      CVSSv3:
      • Base Score: CRITICAL (9.8)
      • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2023-6267  

      A flaw was found in the json payload. If annotation based security is used to secure a REST resource, the JSON body that the resource may consume is being processed (deserialized) prior to the security constraints being evaluated and applied. This does not happen with configuration based security.
      CWE-755 Improper Handling of Exceptional Conditions

      CVSSv3:
      • Base Score: CRITICAL (9.8)
      • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2021-26291  

      Apache Maven will follow repositories that are defined in a dependency’s Project Object Model (pom) which may be surprising to some users, resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend to be that repository. Maven is changing the default behavior in 3.8.1+ to no longer follow http (non-SSL) repository references by default. More details available in the referenced urls. If you are currently using a repository manager to govern the repositories used by your builds, you are unaffected by the risks present in the legacy behavior, and are unaffected by this vulnerability and change to default behavior. See this link for more information about repository management: https://maven.apache.org/repository-management.html
      CWE-346 Origin Validation Error

      CVSSv3:
      • Base Score: CRITICAL (9.1)
      • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:3.9/RC:R/MAV:A
      CVSSv2:
      • Base Score: MEDIUM (6.4)
      • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:N

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2023-6394  

      A flaw was found in Quarkus. This issue occurs when receiving a request over websocket with no role-based permission specified on the GraphQL operation, Quarkus processes the request without authentication despite the endpoint being secured. This can allow an attacker to access information and functionality outside of normal granted API permissions.
      CWE-862 Missing Authorization

      CVSSv3:
      • Base Score: CRITICAL (9.1)
      • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:3.9/RC:R/MAV:A

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2024-12225  

      A vulnerability was found in Quarkus in the quarkus-security-webauthn module. The Quarkus WebAuthn module publishes default REST endpoints for registering and logging users in while allowing developers to provide custom REST endpoints. When developers provide custom REST endpoints, the default endpoints remain accessible, potentially allowing attackers to obtain a login cookie that has no corresponding user in the Quarkus application or, depending on how the application is written, could correspond to an existing user that has no relation with the current attacker, allowing anyone to log in as an existing user by just knowing that user's user name.
      CWE-288 Authentication Bypass Using an Alternate Path or Channel

      CVSSv3:
      • Base Score: CRITICAL (9.1)
      • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:3.9/RC:R/MAV:A

      References:

      Vulnerable Software & Versions:

      CVE-2020-1714  

      A flaw was found in Keycloak before version 11.0.0, where the code base contains usages of ObjectInputStream without type checks. This flaw allows an attacker to inject arbitrarily serialized Java Objects, which would then get deserialized in a privileged context and potentially lead to remote code execution.
      CWE-20 Improper Input Validation

      CVSSv3:
      • Base Score: HIGH (8.8)
      • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:2.8/RC:R/MAV:A
      CVSSv2:
      • Base Score: MEDIUM (6.5)
      • Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2022-0981  

      A flaw was found in Quarkus. The state and potentially associated permissions can leak from one web request to another in RestEasy Reactive. This flaw allows a low-privileged user to perform operations on the database with a different set of privileges than intended.
      CWE-863 Incorrect Authorization

      CVSSv3:
      • Base Score: HIGH (8.8)
      • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:2.8/RC:R/MAV:A
      CVSSv2:
      • Base Score: MEDIUM (6.5)
      • Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P

      References:

      Vulnerable Software & Versions:

      CVE-2023-4853  

      A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. This issue could allow an attacker to bypass the security policy altogether, resulting in unauthorized endpoint access and possibly a denial of service.
      CWE-148 Improper Neutralization of Input Leaders, CWE-863 Incorrect Authorization

      CVSSv3:
      • Base Score: HIGH (8.1)
      • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2021-29428  

      In Gradle before version 7.0, on Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. Gradle builds could be vulnerable to a local privilege escalation from an attacker quickly deleting and recreating files in the system temporary directory. This vulnerability impacted builds using precompiled script plugins written in Kotlin DSL and tests for Gradle plugins written using ProjectBuilder or TestKit. If you are on Windows or modern versions of macOS, you are not vulnerable. If you are on a Unix-like operating system with the "sticky" bit set on your system temporary directory, you are not vulnerable. The problem has been patched and released with Gradle 7.0. As a workaround, on Unix-like operating systems, ensure that the "sticky" bit is set. This only allows the original user (or root) to delete a file. If you are unable to change the permissions of the system temporary directory, you can move the Java temporary directory by setting the System Property `java.io.tmpdir`. The new path needs to limit permissions to the build user only. For additional details refer to the referenced GitHub Security Advisory.
      CWE-378 Creation of Temporary File With Insecure Permissions, CWE-379 Creation of Temporary File in Directory with Insecure Permissions

      CVSSv3:
      • Base Score: HIGH (7.8)
      • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:1.8/RC:R/MAV:A
      CVSSv2:
      • Base Score: MEDIUM (4.4)
      • Vector: /AV:L/AC:M/Au:N/C:P/I:P/A:P

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2020-13692  

      PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE.
      CWE-611 Improper Restriction of XML External Entity Reference

      CVSSv3:
      • Base Score: HIGH (7.7)
      • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H/E:2.2/RC:R/MAV:A
      CVSSv2:
      • Base Score: MEDIUM (6.8)
      • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2017-18640  

      The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564.
      CWE-776 Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

      CVSSv3:
      • Base Score: HIGH (7.5)
      • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A
      CVSSv2:
      • Base Score: MEDIUM (5.0)
      • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2020-25649  

      A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.
      CWE-611 Improper Restriction of XML External Entity Reference

      CVSSv3:
      • Base Score: HIGH (7.5)
      • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:3.9/RC:R/MAV:A
      CVSSv2:
      • Base Score: MEDIUM (5.0)
      • Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2020-28491  

      This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception.
      CWE-770 Allocation of Resources Without Limits or Throttling

      CVSSv3:
      • Base Score: HIGH (7.5)
      • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A
      CVSSv2:
      • Base Score: MEDIUM (5.0)
      • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2021-37136  

      The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack
      CWE-400 Uncontrolled Resource Consumption

      CVSSv3:
      • Base Score: HIGH (7.5)
      • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A
      CVSSv2:
      • Base Score: MEDIUM (5.0)
      • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2021-37137  

      The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well. This vulnerability can be triggered by supplying malicious input that decompresses to a very big size (via a network stream or a file) or by sending a huge skippable chunk.
      CWE-400 Uncontrolled Resource Consumption

      CVSSv3:
      • Base Score: HIGH (7.5)
      • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A
      CVSSv2:
      • Base Score: MEDIUM (5.0)
      • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2021-37714  

      jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck (loop indefinitely until cancelled), to complete more slowly than usual, or to throw an unexpected exception. This effect may support a denial of service attack. The issue is patched in version 1.14.2. There are a few available workarounds. Users may rate limit input parsing, limit the size of inputs based on system resources, and/or implement thread watchdogs to cap and timeout parse runtimes.
      CWE-248 Uncaught Exception, CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

      CVSSv3:
      • Base Score: HIGH (7.5)
      • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A
      CVSSv2:
      • Base Score: MEDIUM (5.0)
      • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2022-42003  

      In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.
      CWE-502 Deserialization of Untrusted Data

      CVSSv3:
      • Base Score: HIGH (7.5)
      • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2022-42004  

      In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.
      CWE-502 Deserialization of Untrusted Data

      CVSSv3:
      • Base Score: HIGH (7.5)
      • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2023-1584  

      A flaw was found in Quarkus. Quarkus OIDC can leak both ID and access tokens in the authorization code flow when an insecure HTTP protocol is used, which can allow attackers to access sensitive user data directly from the ID token or by using the access token to access user data from OIDC provider services. Please note that passwords are not stored in access tokens.
      NVD-CWE-noinfo, CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

      CVSSv3:
      • Base Score: HIGH (7.5)
      • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A

      References:

      Vulnerable Software & Versions:

      CVE-2020-25638  

      A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.
      CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

      CVSSv3:
      • Base Score: HIGH (7.4)
      • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:2.2/RC:R/MAV:A
      CVSSv2:
      • Base Score: MEDIUM (5.8)
      • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2021-29427  

      In Gradle from version 5.1 and before version 7.0 there is a vulnerability which can lead to information disclosure and/or dependency poisoning. Repository content filtering is a security control Gradle introduced to help users specify what repositories are used to resolve specific dependencies. This feature was introduced in the wake of the "A Confusing Dependency" blog post. In some cases, Gradle may ignore content filters and search all repositories for dependencies. This only occurs when repository content filtering is used from within a `pluginManagement` block in a settings file. This may change how dependencies are resolved for Gradle plugins and build scripts. For builds that are vulnerable, there are two risks: 1) Information disclosure: Gradle could make dependency requests to repositories outside your organization and leak internal package identifiers. 2) Dependency poisoning/Dependency confusion: Gradle could download a malicious binary from a repository outside your organization due to name squatting. For a full example and more details refer to the referenced GitHub Security Advisory. The problem has been patched and released with Gradle 7.0. Users relying on this feature should upgrade their build as soon as possible. As a workaround, users may use a company repository which has the right rules for fetching packages from public repositories, or use project level repository content filtering, inside `buildscript.repositories`. This option is available since Gradle 5.1 when the feature was introduced.
      CWE-829 Inclusion of Functionality from Untrusted Control Sphere

      CVSSv3:
      • Base Score: HIGH (7.2)
      • Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:1.2/RC:R/MAV:A
      CVSSv2:
      • Base Score: MEDIUM (6.0)
      • Vector: /AV:N/AC:M/Au:S/C:P/I:P/A:P

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2021-20328  

      Specific versions of the Java driver that support client-side field level encryption (CSFLE) fail to perform correct host name verification on the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffic between the Java driver and the KMS service rendering Field Level Encryption ineffective. This issue was discovered during internal testing and affects all versions of the Java driver that support CSFLE. The Java async, Scala, and reactive streams drivers are not impacted. This vulnerability does not impact driver traffic payloads with CSFLE-supported key services originating from applications residing inside the AWS, GCP, and Azure network fabrics due to compensating controls in these environments. This issue does not impact driver workloads that don’t use Field Level Encryption.
      CWE-295 Improper Certificate Validation

      CVSSv3:
      • Base Score: MEDIUM (6.8)
      • Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:1.6/RC:R/MAV:A
      CVSSv2:
      • Base Score: MEDIUM (4.3)
      • Vector: /AV:A/AC:M/Au:N/C:P/I:P/A:N

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2022-21363  

      Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).
      NVD-CWE-noinfo

      CVSSv3:
      • Base Score: MEDIUM (6.6)
      • Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:0.7/RC:R/MAV:A
      CVSSv2:
      • Base Score: MEDIUM (6.0)
      • Vector: /AV:N/AC:M/Au:S/C:P/I:P/A:P

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2019-14900  

      A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.
      CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

      CVSSv3:
      • Base Score: MEDIUM (6.5)
      • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:2.8/RC:R/MAV:A
      CVSSv2:
      • Base Score: MEDIUM (4.0)
      • Vector: /AV:N/AC:L/Au:S/C:P/I:N/A:N

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2021-43797  

      Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Netty prior to version 4.1.71.Final skips control chars when they are present at the beginning / end of the header name. It should instead fail fast as these are not allowed by the spec and could lead to HTTP request smuggling. Failing to do the validation might cause netty to "sanitize" header names before it forward these to another remote system when used as proxy. This remote system can't see the invalid usage anymore, and therefore does not do the validation itself. Users should upgrade to version 4.1.71.Final.
      CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

      CVSSv3:
      • Base Score: MEDIUM (6.5)
      • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:2.8/RC:R/MAV:A
      CVSSv2:
      • Base Score: MEDIUM (4.3)
      • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2023-0044  

      If the Quarkus Form Authentication session cookie Path attribute is set to `/` then a cross-site attack may be initiated which might lead to the Information Disclosure. This attack can be prevented with the Quarkus CSRF Prevention feature.
      CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

      CVSSv3:
      • Base Score: MEDIUM (6.1)
      • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2021-21295  

      Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.60.Final there is a vulnerability that enables request smuggling. If a Content-Length header is present in the original HTTP/2 request, the field is not validated by `Http2MultiplexHandler` as it is propagated up. This is fine as long as the request is not proxied through as HTTP/1.1. If the request comes in as an HTTP/2 stream, gets converted into the HTTP/1.1 domain objects (`HttpRequest`, `HttpContent`, etc.) via `Http2StreamFrameToHttpObjectCodec `and then sent up to the child channel's pipeline and proxied through a remote peer as HTTP/1.1 this may result in request smuggling. In a proxy case, users may assume the content-length is validated somehow, which is not the case. If the request is forwarded to a backend channel that is a HTTP/1.1 connection, the Content-Length now has meaning and needs to be checked. An attacker can smuggle requests inside the body as it gets downgraded from HTTP/2 to HTTP/1.1. For an example attack refer to the linked GitHub Advisory. Users are only affected if all of this is true: `HTTP2MultiplexCodec` or `Http2FrameCodec` is used, `Http2StreamFrameToHttpObjectCodec` is used to convert to HTTP/1.1 objects, and these HTTP/1.1 objects are forwarded to another remote peer. This has been patched in 4.1.60.Final As a workaround, the user can do the validation by themselves by implementing a custom `ChannelInboundHandler` that is put in the `ChannelPipeline` behind `Http2StreamFrameToHttpObjectCodec`.
      CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

      CVSSv3:
      • Base Score: MEDIUM (5.9)
      • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:2.2/RC:R/MAV:A
      CVSSv2:
      • Base Score: LOW (2.6)
      • Vector: /AV:N/AC:H/Au:N/C:N/I:P/A:N

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2021-21409  

      Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.61.Final there is a vulnerability that enables request smuggling. The content-length header is not correctly validated if the request only uses a single Http2HeaderFrame with the endStream set to to true. This could lead to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. This is a followup of GHSA-wm47-8v5p-wjpj/CVE-2021-21295 which did miss to fix this one case. This was fixed as part of 4.1.61.Final.
      CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

      CVSSv3:
      • Base Score: MEDIUM (5.9)
      • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:2.2/RC:R/MAV:A
      CVSSv2:
      • Base Score: MEDIUM (4.3)
      • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2021-2471  

      Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Connectors accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. CVSS 3.1 Base Score 5.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H).
      NVD-CWE-noinfo

      CVSSv3:
      • Base Score: MEDIUM (5.9)
      • Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H/E:0.7/RC:R/MAV:A
      CVSSv2:
      • Base Score: HIGH (7.9)
      • Vector: /AV:N/AC:M/Au:S/C:C/I:N/A:C

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2021-38153  

      Some components in Apache Kafka use `Arrays.equals` to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful. Users should upgrade to 2.8.1 or higher, or 3.0.0 or higher where this vulnerability has been fixed. The affected versions include Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, 2.2.2, 2.3.0, 2.3.1, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.6.0, 2.6.1, 2.6.2, 2.7.0, 2.7.1, and 2.8.0.
      CWE-203 Observable Discrepancy

      CVSSv3:
      • Base Score: MEDIUM (5.9)
      • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:2.2/RC:R/MAV:A
      CVSSv2:
      • Base Score: MEDIUM (4.3)
      • Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2021-21290  

      Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty before version 4.1.59.Final there is a vulnerability on Unix-like systems involving an insecure temp file. When netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure. Of note, this does not impact modern MacOS Operating Systems. The method "File.createTempFile" on unix-like systems creates a random file, but, by default will create this file with the permissions "-rw-r--r--". Thus, if sensitive information is written to this file, other local users can read this information. This is the case in netty's "AbstractDiskHttpData" is vulnerable. This has been fixed in version 4.1.59.Final. As a workaround, one may specify your own "java.io.tmpdir" when you start the JVM or use "DefaultHttpDataFactory.setBaseDir(...)" to set the directory to something that is only readable by the current user.
      CWE-378 Creation of Temporary File With Insecure Permissions, CWE-379 Creation of Temporary File in Directory with Insecure Permissions, CWE-668 Exposure of Resource to Wrong Sphere

      CVSSv3:
      • Base Score: MEDIUM (5.5)
      • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:1.8/RC:R/MAV:A
      CVSSv2:
      • Base Score: LOW (1.9)
      • Vector: /AV:L/AC:M/Au:N/C:P/I:N/A:N

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2021-29429  

      In Gradle before version 7.0, files created with open permissions in the system temporary directory can allow an attacker to access information downloaded by Gradle. Some builds could be vulnerable to a local information disclosure. Remote files accessed through TextResourceFactory are downloaded into the system temporary directory first. Sensitive information contained in these files can be exposed to other local users on the same system. If you do not use the `TextResourceFactory` API, you are not vulnerable. As of Gradle 7.0, uses of the system temporary directory have been moved to the Gradle User Home directory. By default, this directory is restricted to the user running the build. As a workaround, set a more restrictive umask that removes read access to other users. When files are created in the system temporary directory, they will not be accessible to other users. If you are unable to change your system's umask, you can move the Java temporary directory by setting the System Property `java.io.tmpdir`. The new path needs to limit permissions to the build user only.
      CWE-377 Insecure Temporary File

      CVSSv3:
      • Base Score: MEDIUM (5.5)
      • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:1.8/RC:R/MAV:A
      CVSSv2:
      • Base Score: LOW (1.9)
      • Vector: /AV:L/AC:M/Au:N/C:P/I:N/A:N

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2020-1728  

      A vulnerability was found in all versions of Keycloak where, the pages on the Admin Console area of the application are completely missing general HTTP security headers in HTTP-responses. This does not directly lead to a security issue, yet it might aid attackers in their efforts to exploit other problems. The flaws unnecessarily make the servers more prone to Clickjacking, channel downgrade attacks and other similar client-based attack vectors.
      CWE-358 Improperly Implemented Security Check for Standard, CWE-1021 Improper Restriction of Rendered UI Layers or Frames

      CVSSv3:
      • Base Score: MEDIUM (5.4)
      • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:2.8/RC:R/MAV:A
      CVSSv2:
      • Base Score: MEDIUM (5.8)
      • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2020-10693  

      A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.
      CWE-20 Improper Input Validation

      CVSSv3:
      • Base Score: MEDIUM (5.3)
      • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A
      CVSSv2:
      • Base Score: MEDIUM (5.0)
      • Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2020-13956  

      Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.
      NVD-CWE-noinfo

      CVSSv3:
      • Base Score: MEDIUM (5.3)
      • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A
      CVSSv2:
      • Base Score: MEDIUM (5.0)
      • Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2020-25633  

      A flaw was found in RESTEasy client in all versions of RESTEasy up to 4.5.6.Final. It may allow client users to obtain the server's potentially sensitive information when the server got WebApplicationException from the RESTEasy client call. The highest threat from this vulnerability is to data confidentiality.
      CWE-209 Generation of Error Message Containing Sensitive Information

      CVSSv3:
      • Base Score: MEDIUM (5.3)
      • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:3.9/RC:R/MAV:A
      CVSSv2:
      • Base Score: MEDIUM (5.0)
      • Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2021-20289  

      A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value. The highest threat from this vulnerability is to data confidentiality.
      CWE-209 Generation of Error Message Containing Sensitive Information

      CVSSv3:
      • Base Score: MEDIUM (5.3)
      • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:3.9/RC:R/MAV:A
      CVSSv2:
      • Base Score: MEDIUM (5.0)
      • Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2021-28170  

      In the Jakarta Expression Language implementation 3.0.3 and earlier, a bug in the ELParserTokenManager enables invalid EL expressions to be evaluated as if they were valid.
      CWE-20 Improper Input Validation, CWE-917 Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

      CVSSv3:
      • Base Score: MEDIUM (5.3)
      • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A
      CVSSv2:
      • Base Score: MEDIUM (5.0)
      • Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2021-3642  

      A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where ScramServer may be susceptible to Timing Attack if enabled. The highest threat of this vulnerability is confidentiality.
      CWE-203 Observable Discrepancy

      CVSSv3:
      • Base Score: MEDIUM (5.3)
      • Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:1.6/RC:R/MAV:A
      CVSSv2:
      • Base Score: LOW (3.5)
      • Vector: /AV:N/AC:M/Au:S/C:P/I:N/A:N

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2020-25724  

      A flaw was found in RESTEasy, where an incorrect response to an HTTP request is provided. This flaw allows an attacker to gain access to privileged information. The highest threat from this vulnerability is to confidentiality and integrity. Versions before resteasy 2.0.0.Alpha3 are affected.
      CWE-567 Unsynchronized Access to Shared Data in a Multithreaded Context

      CVSSv3:
      • Base Score: MEDIUM (4.3)
      • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:2.8/RC:R/MAV:A
      CVSSv2:
      • Base Score: MEDIUM (4.0)
      • Vector: /AV:N/AC:L/Au:S/C:P/I:N/A:N

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2020-8908  

      A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in question has been marked @Deprecated in versions 30.0 and later and should not be used. For Android developers, we recommend choosing a temporary directory API provided by Android, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime's java.io.tmpdir system property to point to a location whose permissions are appropriately configured.
      CWE-378 Creation of Temporary File With Insecure Permissions, CWE-732 Incorrect Permission Assignment for Critical Resource

      CVSSv3:
      • Base Score: LOW (3.3)
      • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:1.8/RC:R/MAV:A
      CVSSv2:
      • Base Score: LOW (2.1)
      • Vector: /AV:L/AC:L/Au:N/C:P/I:N/A:N

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2023-0481  

      In RestEasy Reactive implementation of Quarkus the insecure File.createTempFile() is used in the FileBodyHandler class which creates temp files with insecure permissions that could be read by a local user.
      CWE-378 Creation of Temporary File With Insecure Permissions, CWE-668 Exposure of Resource to Wrong Sphere

      CVSSv3:
      • Base Score: LOW (3.3)
      • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:1.8/RC:R/MAV:A

      References:

      Vulnerable Software & Versions:

      org.hibernate.validator.hibernate-validator-9.1.0.Final.jar

      Description:

      Hibernate's Jakarta Validation reference implementation.

      License:

      http://www.apache.org/licenses/LICENSE-2.0.txt
      File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/org.hibernate.validator.hibernate-validator-9.1.0.Final.jar
      MD5: 003c10d00a9700ff8e80098eda4dcb0e
      SHA1: 53505ad984428ab42b4a4f3456aab9ec343bf2f2
      SHA256:4dea20c780d12e8ad6e1fe7d695460af74f8668df9eb58910991919194412188

      Identifiers

      CVE-2025-15104  

      Nu Html Checker (validator.nu) contains a restriction bypass that allows remote attackers to make the server perform arbitrary HTTP/HTTPS requests to internal resources, including localhost services. While the validator implements hostname-based protections to block direct access to localhost and 127.0.0.1, these controls can be bypassed using DNS rebinding techniques or domains that resolve to loopback addresses.This issue affects The Nu Html Checker (vnu): latest (commit 23f090a11bab8d0d4e698f1ffc197a4fe226a9cd).
      CWE-918 Server-Side Request Forgery (SSRF)

      CVSSv4:
      • Base Score: MEDIUM (6.9)
      • Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:N/V:X/RE:X/U:X
      CVSSv3:
      • Base Score: MEDIUM (5.3)
      • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:3.9/RC:R/MAV:A

      References:

      Vulnerable Software & Versions:

      org.jacoco.agent-0.8.13-runtime.jar (shaded: org.jacoco:org.jacoco.agent.rt:0.8.13)

      Description:

      JaCoCo Java Agent

      File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/jacoco/org.jacoco.agent/0.8.13/org.jacoco.agent-0.8.13-runtime.jar/META-INF/maven/org.jacoco/org.jacoco.agent.rt/pom.xml
      MD5: f605822110446edb8421c5db2d25ac37
      SHA1: e6061cd2c843a09e2491363afc7e7e0c72174c3c
      SHA256:1b58aae6bd8c906f23b9915fd046ab04f38ff25072f21e885bf0fe3fe020b1c4

      Identifiers

      • pkg:maven/org.jacoco/org.jacoco.agent.rt@0.8.13  (Confidence:High)

      org.jacoco.agent-0.8.13-runtime.jar

      File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/jacoco/org.jacoco.agent/0.8.13/org.jacoco.agent-0.8.13-runtime.jar
      MD5: e5abff18b16682ea4ff4e93b893089da
      SHA1: 850ba9544f357712728f89fe3e1fd51b265a0192
      SHA256:47e700ccb0fdb9e27c5241353f8161938f4e53c3561dd35e063c5fe88dc3349b

      Identifiers

      • None

      org.jacoco.agent-0.8.14-runtime.jar (shaded: org.jacoco:org.jacoco.agent.rt:0.8.14)

      Description:

      JaCoCo Java Agent

      File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/jacoco/org.jacoco.agent/0.8.14/org.jacoco.agent-0.8.14-runtime.jar/META-INF/maven/org.jacoco/org.jacoco.agent.rt/pom.xml
      MD5: 8926b54ca2e7cf401672ea548a772642
      SHA1: a6b7b25d0d1cc2a8d8b7d1a02cc13a4b63614836
      SHA256:820171ee970faf8a3ffd92a07ab360cf0ea65e98977d063f35a5990fe9e5781d

      Identifiers

      • pkg:maven/org.jacoco/org.jacoco.agent.rt@0.8.14  (Confidence:High)

      org.jacoco.agent-0.8.14-runtime.jar

      File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/jacoco/org.jacoco.agent/0.8.14/org.jacoco.agent-0.8.14-runtime.jar
      MD5: 0fc2cdf54086905065f5700cb9250a4a
      SHA1: 4bb9b49d4e6c5b042fc7e6b4f1e3e808f7441dde
      SHA256:3fb76eea65f81bd9415202bab34b6571728841dff1ab8e6bbe81adc2e299face

      Identifiers

      • None

      org.jacoco.agent-0.8.14.jar

      Description:

      JaCoCo Agent

      License:

      https://www.eclipse.org/legal/epl-2.0/
      File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/jacoco/org.jacoco.agent/0.8.14/org.jacoco.agent-0.8.14.jar
      MD5: 80ca49511ad2aaadecb86b631b400f10
      SHA1: bca1f6d49506da3eb9d0d3b9acbcfdd1fb22c14e
      SHA256:20be9853385bdfc65a5929643412d09243d14514304b89ba23a265158cc8792b

      Identifiers

      • pkg:maven/org.jacoco/org.jacoco.agent@0.8.14  (Confidence:High)

      org.jacoco.core-0.8.13.jar

      Description:

      JaCoCo Core

      License:

      https://www.eclipse.org/legal/epl-2.0/
      File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/jacoco/org.jacoco.core/0.8.13/org.jacoco.core-0.8.13.jar
      MD5: a744ac46e98efe9ef72e0a2116748b04
      SHA1: 4424d689f0738cd4445e948270e3f2f2d0e5cdb8
      SHA256:514c23df6cfd015d7d83c10a792e35ab68a7b7e82f3d6a3a4481762c132e33a9

      Identifiers

      • pkg:maven/org.jacoco/org.jacoco.core@0.8.13  (Confidence:High)

      org.jacoco.core-0.8.14.jar

      Description:

      JaCoCo Core

      License:

      https://www.eclipse.org/legal/epl-2.0/
      File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/jacoco/org.jacoco.core/0.8.14/org.jacoco.core-0.8.14.jar
      MD5: 07f7ab938a007b6146aede8407c2b117
      SHA1: 5d317827447ab203bb90ecc7597850baae9c8565
      SHA256:28abbf0eea5a08e4f24097f2fbac663ca17c341c25c3a04d90d6cd325943c995

      Identifiers

      • pkg:maven/org.jacoco/org.jacoco.core@0.8.14  (Confidence:High)

      org.jacoco.report-0.8.13.jar

      Description:

      JaCoCo Report

      License:

      https://www.eclipse.org/legal/epl-2.0/
      File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/jacoco/org.jacoco.report/0.8.13/org.jacoco.report-0.8.13.jar
      MD5: e7b18fffabb0ddd7502fd4b76c6e0b00
      SHA1: 44d475e169049322b081db376933bad859ec6526
      SHA256:8133280a0aa44358be9d136b52370342f455ccb944aae07438220a77662578a2

      Identifiers

      • pkg:maven/org.jacoco/org.jacoco.report@0.8.13  (Confidence:High)

      org.jacoco.report-0.8.14.jar

      Description:

      JaCoCo Report

      License:

      https://www.eclipse.org/legal/epl-2.0/
      File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/jacoco/org.jacoco.report/0.8.14/org.jacoco.report-0.8.14.jar
      MD5: 00cef8f0702d2c26201078f566552014
      SHA1: d25b1c200c0c6e82baac3c0ddb8b9e38f13a5f6c
      SHA256:a3e2026060ab8b8d5c650706406234bb4c033dfd5376afeb8b1666e8ed27c453

      Identifiers

      • pkg:maven/org.jacoco/org.jacoco.report@0.8.14  (Confidence:High)

      org.jboss.invocation.jboss-invocation-2.0.0.Final.jar

      File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/org.jboss.invocation.jboss-invocation-2.0.0.Final.jar
      MD5: fd328a02b76b46dbcf681a6dacd9f708
      SHA1: a23df3678b4797bffaecff4be013fd9971d0f3a2
      SHA256:ef9beb3bff85930710b367b6f84d40bf72128898ca6ccdf3775537793b74b067

      Identifiers

      • None

      org.jboss.jboss-transaction-spi-8.0.0.Final.jar

      File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/org.jboss.jboss-transaction-spi-8.0.0.Final.jar
      MD5: 218b5e634dfb78d592e2702e8f214dc0
      SHA1: c9ac775a105f4f7326c3b3052aee9c5ab1b29403
      SHA256:07e4e62ceae075a8c11a715d89b19992c879f505b48be6b2727f5be798562ae1

      Identifiers

      • None

      org.jboss.logging.commons-logging-jboss-logging-1.0.0.Final.jar

      File Path: /builds/pub/numeco/misis/misis-backend/webapp/target/quarkus-app/lib/main/org.jboss.logging.commons-logging-jboss-logging-1.0.0.Final.jar
      MD5: 46328c16f47be35563b73425d456445a
      SHA1: 27a4e823d661bde67ec103bba2baf33cddde6e75
      SHA256:f12176263ea25f4e78bb4fa4b36d335a29738dde6a8123e1b6da89a655d150ff

      Identifiers

      • None

      org.jboss.logging.jboss-logging-3.6.1.Final.jar

      Description:

      The JBoss Logging Framework

      License:

      https://repository.jboss.org/licenses/apache-2.0.txt
      File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/boot/org.jboss.logging.jboss-logging-3.6.1.Final.jar
      MD5: acab989faf62db02c092448e95614fab
      SHA1: 886afbb445b4016a37c8960a7aef6ebd769ce7e5
      SHA256:5e08a4b092dc85b337f0910a740571d8720cfa565fabd880a8caf94a657ca416

      Identifiers

      • None

      org.jboss.logmanager.jboss-logmanager-3.1.2.Final.jar

      File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/boot/org.jboss.logmanager.jboss-logmanager-3.1.2.Final.jar
      MD5: d68145d81ecd36ebea08b242072d45ec
      SHA1: 1bef088e3f640c3b1013308ec4d9e44b3371d373
      SHA256:c1e7de682a4871a8e4eefb26adaf0fcc63cd0913543c50aa6b7f46fa5ec151fe

      Identifiers

      • None

      org.jboss.narayana.jta.narayana-jta-7.3.3.Final.jar (shaded: org.jboss.narayana.arjunacore:arjuna:7.3.3.Final)

      Description:

      Narayana: ArjunaCore Arjuna

      File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/org.jboss.narayana.jta.narayana-jta-7.3.3.Final.jar/META-INF/maven/org.jboss.narayana.arjunacore/arjuna/pom.xml
      MD5: 064a90cfd5ca4251b852e2e1b4751877
      SHA1: 1e96b78a76696bb1cb85bab2d64f5dbc18ad8cab
      SHA256:9bf72be0cc673822ca9c89244c9f97b2e975d8b5a3583c74381b61671a743c95

      Identifiers

      • pkg:maven/org.jboss.narayana.arjunacore/arjuna@7.3.3.Final  (Confidence:High)

      org.jboss.narayana.jta.narayana-jta-7.3.3.Final.jar (shaded: org.jboss.narayana.arjunacore:txoj:7.3.3.Final)

      Description:

      ArjunaCore txoj module

      File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/org.jboss.narayana.jta.narayana-jta-7.3.3.Final.jar/META-INF/maven/org.jboss.narayana.arjunacore/txoj/pom.xml
      MD5: d77b153702af9d2c50e5b38a2b464658
      SHA1: da5e57bae12d6e94afbf9904fad76664d667cef5
      SHA256:3ceebfb28c8565104afeb85aa0c9b72a7be9b6d78c701563ae350828096d30bb

      Identifiers

      • pkg:maven/org.jboss.narayana.arjunacore/txoj@7.3.3.Final  (Confidence:High)

      org.jboss.narayana.jta.narayana-jta-7.3.3.Final.jar (shaded: org.jboss.narayana.jta:cdi:7.3.3.Final)

      Description:

      Narayana: ArjunaJTA cdi

      File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/org.jboss.narayana.jta.narayana-jta-7.3.3.Final.jar/META-INF/maven/org.jboss.narayana.jta/cdi/pom.xml
      MD5: 8f78f9fb9affd1e7a999dfc79d1b3415
      SHA1: e0771e5a9825e52ed5e06fbd38fd338a7cac1598
      SHA256:abe7251b35f65035d415a941b76eadecfb6a7f9f1230c480058dec631b9df383

      Identifiers

      • pkg:maven/org.jboss.narayana.jta/cdi@7.3.3.Final  (Confidence:High)

      org.jboss.narayana.jta.narayana-jta-7.3.3.Final.jar (shaded: org.jboss.narayana.jta:jdbc:7.3.3.Final)

      Description:

      transactional driver

      File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/org.jboss.narayana.jta.narayana-jta-7.3.3.Final.jar/META-INF/maven/org.jboss.narayana.jta/jdbc/pom.xml
      MD5: 9e0a88821a262c977645905a726c7286
      SHA1: fbc69107e75aa54eb13184a6dc7da4e19254e4f8
      SHA256:e13b1934a386dfcc388e97d14d124d3af35d4985b2fff04dbda7eb10c5bb3d17

      Identifiers

      • pkg:maven/org.jboss.narayana.jta/jdbc@7.3.3.Final  (Confidence:High)

      org.jboss.narayana.jta.narayana-jta-7.3.3.Final.jar (shaded: org.jboss.narayana.jta:jms:7.3.3.Final)

      Description:

      Narayana JMS integration

      File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/org.jboss.narayana.jta.narayana-jta-7.3.3.Final.jar/META-INF/maven/org.jboss.narayana.jta/jms/pom.xml
      MD5: 91ea859a5111414ab39d66e94871b235
      SHA1: 565dc4d70fb38176b0cea7abaa12acd66e569d0e
      SHA256:fa08ee50fb5df16b0226f6cf12165d9c3408a877a8ac0b5d5c1472b27c56e6d1

      Identifiers

      • pkg:maven/org.jboss.narayana.jta/jms@7.3.3.Final  (Confidence:High)

      org.jboss.narayana.jta.narayana-jta-7.3.3.Final.jar (shaded: org.jboss.narayana.jta:jta:7.3.3.Final)

      Description:

      Narayana: ArjunaJTA jta

      File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/org.jboss.narayana.jta.narayana-jta-7.3.3.Final.jar/META-INF/maven/org.jboss.narayana.jta/jta/pom.xml
      MD5: 8e54521c85a762177fe85b1a5c310f04
      SHA1: fffb5c1ec10004ca1b1441da45c2ce747b6e808f
      SHA256:e6c61905a17bdfffa9e106fa3d928f457e26c452bca656498bfa10a9ccf52634

      Identifiers

      • pkg:maven/org.jboss.narayana.jta/jta@7.3.3.Final  (Confidence:High)

      org.jboss.narayana.jta.narayana-jta-7.3.3.Final.jar (shaded: org.jboss.narayana:common:7.3.3.Final)

      Description:

      Narayana: common

      File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/org.jboss.narayana.jta.narayana-jta-7.3.3.Final.jar/META-INF/maven/org.jboss.narayana/common/pom.xml
      MD5: b0ac38474588a0ec9e0763d59b9b8f3e
      SHA1: fd685d705ec1fb7f15a6ccb9de07d7f2db1546a6
      SHA256:3baf78cab75b7ddbbbcf33c6572014e40ac95767e60ce7fef1bebd07cf9f564b

      Identifiers

      • pkg:maven/org.jboss.narayana/common@7.3.3.Final  (Confidence:High)

      org.jboss.narayana.jta.narayana-jta-7.3.3.Final.jar

      File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/org.jboss.narayana.jta.narayana-jta-7.3.3.Final.jar
      MD5: a38ef210988d306eaea5697851cc65d1
      SHA1: 76a860759a6d214607db279e0b68c6dd3a014a5a
      SHA256:02acd3d1c8adbf558cba4ab10e816097fa783e1b0f77eef1ce05321e03b4b1dd

      Identifiers

      • None

      org.jboss.narayana.jts.narayana-jts-integration-7.3.3.Final.jar

      File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/org.jboss.narayana.jts.narayana-jts-integration-7.3.3.Final.jar
      MD5: a5a2a8a183396137a8b1552fa77bd780
      SHA1: eeb902438907920d3527b39a39d7ce3ca86d7d23
      SHA256:5a88eead14ad4cd2a2142fe7ab618cda20450de1f7d6e9c4092395fcdde478f5

      Identifiers

      • None

      org.jboss.slf4j.slf4j-jboss-logmanager-2.0.2.Final.jar

      File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/org.jboss.slf4j.slf4j-jboss-logmanager-2.0.2.Final.jar
      MD5: 7f67c53f6697f3968f0faeff408bf72f
      SHA1: 00ca0dfff7058ba18aa4244a0234c45919f01243
      SHA256:ba469a975e9d1e79f34a8baa1a0afa8b01bbd8cf080537c0e0899476d31db84b

      Identifiers

      • None

      org.jboss.threads.jboss-threads-3.9.2.jar

      File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/org.jboss.threads.jboss-threads-3.9.2.jar
      MD5: a439cbe3b888adf97682853c2aceddd6
      SHA1: ee52e069cee3c892de572b0011d80c9c9bd81fd4
      SHA256:ac0fd044686122014143267d3688245852ca07c6c4474320c9172062a5af6634

      Identifiers

      • None

      org.jctools.jctools-core-4.0.5.jar

      Description:

      Java Concurrency Tools Core Library

      License:

      http://www.apache.org/licenses/LICENSE-2.0.txt
      File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/org.jctools.jctools-core-4.0.5.jar
      MD5: 4ec497e79923de658526ef2dcb61a641
      SHA1: 9ab38ca19877236986db4894ef1400a7ca23db80
      SHA256:d65e5f38bcd0984e26f87187687f1f70dd52740c4d5e046f8d104e01ab5db95f

      Identifiers

      • None

      org.jspecify.jspecify-1.0.0.jar

      Description:

      An artifact of well-specified annotations to power static analysis checks and JVM language interop.

      License:

      https://www.apache.org/licenses/LICENSE-2.0
      File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/org.jspecify.jspecify-1.0.0.jar
      MD5: 9133aba420d0ca3b001dbb6ae9992cf6
      SHA1: 7425a601c1c7ec76645a78d22b8c6a627edee507
      SHA256:1fad6e6be7557781e4d33729d49ae1cdc8fdda6fe477bb0cc68ce351eafdfbab

      Identifiers

      • None

      org.liquibase.liquibase-core-4.33.0.jar

      License:

      http://www.apache.org/licenses/LICENSE-2.0
      File Path: /builds/pub/numeco/misis/misis-backend/webapp/target/quarkus-app/lib/main/org.liquibase.liquibase-core-4.33.0.jar
      MD5: 6f6da4d8541e70a3b0a6d84d6bda5908
      SHA1: 25b69ed7cc15e3c5de424ca9f32375f1815dd4e8
      SHA256:729691fdd26761f6264e4332a6a657e907c626863da8b4a0bf3bd22dbeebdc6b

      Identifiers

      • cpe:2.3:a:liquibase:liquibase:4.33.0:*:*:*:*:*:*:*  (Confidence:Low)  

      org.mapstruct.mapstruct-1.6.3.jar

      Description:

      An annotation processor for generating type-safe bean mappers

      License:

      http://www.apache.org/licenses/LICENSE-2.0.txt
      File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/org.mapstruct.mapstruct-1.6.3.jar
      MD5: 3662b4f7a5abfb4f233e6b0dba5d3070
      SHA1: 416a2155212286d6a1c4cb3bb553c7dfd6a1a092
      SHA256:00b52467f31d482f8673b0b74306f4be0a305cdce31e587bc1b3d7bf779f1dbf

      Identifiers

      • None

      org.osgi.osgi.core-6.0.0.jar

      Description:

      OSGi Core Release 6, Interfaces and Classes for use in compiling bundles.

      License:

      http://opensource.org/licenses/apache2.0.php; link="http://www.apache.org/licenses/LICENSE-2.0"; description="Apache License, Version 2.0"
      File Path: /builds/pub/numeco/misis/misis-backend/webapp/target/quarkus-app/lib/main/org.osgi.osgi.core-6.0.0.jar
      MD5: cae291c61fe8b7a4476d713550c7ff49
      SHA1: 0c49acdc9ac62cf69ee49cb6f1905b4fdb79ea5c
      SHA256:1c1bb435eb34cbf1f743653da38f604d45d53fbc95979053768cd3fc293cb931

      Identifiers

      • None

      org.postgresql.postgresql-42.7.8.jar

      Description:

      Java JDBC driver for PostgreSQL database

      License:

      BSD-2-Clause
      File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/org.postgresql.postgresql-42.7.8.jar
      MD5: d5626352279a40e69e863fcff564e2f1
      SHA1: 81b840fbfe0a6c0b7aa14c6bd4856108d36ed780
      SHA256:2a32a9dcbc42d67a50ad3a0de5efd102c8d2be46720045f2cbd6689f160ab7c7

      Identifiers

      org.reactivestreams.reactive-streams-1.0.4.jar

      Description:

      Reactive Streams API

      File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/org.reactivestreams.reactive-streams-1.0.4.jar
      MD5: eda7978509c32d99166745cc144c99cd
      SHA1: 3864a1320d97d7b045f729a326e1e077661f31b7
      SHA256:f75ca597789b3dac58f61857b9ac2e1034a68fa672db35055a8fb4509e325f28

      Identifiers

      • None

      org.seleniumhq.selenium.selenium-chromium-driver-4.35.0.jar

      File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/org.seleniumhq.selenium.selenium-chromium-driver-4.35.0.jar
      MD5: dff95e882aba3a88f68ee13c97de3a85
      SHA1: 8b7fd718ba9c2a74dfe9ed6a4a1008e65e4fc6f6
      SHA256:de4239ff9e7e22261c7c16b3a60b5afac8754a0c0ea35d8d2b3cc209508dc616

      Identifiers

      • cpe:2.3:a:chromium:chromium:4.35.0:*:*:*:*:*:*:*  (Confidence:Low)  
      • cpe:2.3:a:chromium_project:chromium:4.35.0:*:*:*:*:*:*:*  (Confidence:Low)  
      • cpe:2.3:a:selenium:selenium:4.35.0:*:*:*:*:*:*:*  (Confidence:Low)  

      CVE-2011-1797  

      WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.
      CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

      CVSSv2:
      • Base Score: HIGH (9.3)
      • Vector: /AV:N/AC:M/Au:N/C:C/I:C/A:C

      References:

        Vulnerable Software & Versions: (show all)

        CVE-2017-7000  

        An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
        CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

        CVSSv3:
        • Base Score: HIGH (8.8)
        • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:2.8/RC:R/MAV:A
        CVSSv2:
        • Base Score: MEDIUM (6.8)
        • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

        References:

        Vulnerable Software & Versions:

        CVE-2015-1205  

        Multiple unspecified vulnerabilities in Google Chrome before 40.0.2214.91 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
        NVD-CWE-noinfo

        CVSSv2:
        • Base Score: HIGH (7.5)
        • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

        References:

          Vulnerable Software & Versions: (show all)

          CVE-2015-1346  

          Multiple unspecified vulnerabilities in Google V8 before 3.30.33.15, as used in Google Chrome before 40.0.2214.91, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
          NVD-CWE-noinfo

          CVSSv2:
          • Base Score: HIGH (7.5)
          • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

          References:

          Vulnerable Software & Versions: (show all)

          org.seleniumhq.selenium.selenium-manager-4.35.0.jar: selenium-manager.exe

          File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/org.seleniumhq.selenium.selenium-manager-4.35.0.jar/org/openqa/selenium/manager/windows/selenium-manager.exe
          MD5: 89e93dd126c7e0792ea6722761ca7f0f
          SHA1: d466ccb34c533229ad1f9ae57e6ccc89e71ee1fc
          SHA256:eb6e3b19bb70c3fee7fdb332153d7c7c523034044059900e80b663b8817e720c

          Identifiers

          • None

          org.seleniumhq.selenium.selenium-os-4.35.0.jar

          File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/org.seleniumhq.selenium.selenium-os-4.35.0.jar
          MD5: 4f5cb00e405dd8f2bc02202bec09426b
          SHA1: 50ca14dd91a917fdcd508974ed4fc85b7440b07c
          SHA256:cb6b750851e04025d8c3f07b434395176355959ce31e32a95c1ecd2dc6e04ae7

          Identifiers

          • cpe:2.3:a:selenium:selenium:4.35.0:*:*:*:*:*:*:*  (Confidence:Low)  

          org.seleniumhq.selenium.selenium-remote-driver-4.35.0.jar: bidi-mutation-listener.js

          File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/org.seleniumhq.selenium.selenium-remote-driver-4.35.0.jar/org/openqa/selenium/remote/bidi-mutation-listener.js
          MD5: 7bacd2c61d7926322f2b53fa7441cff8
          SHA1: fb21cdb0722173264770c5576d576edb51655767
          SHA256:15f2cb88147c33b65cc5f81fac99c7629711a90aa2a8e7785f70f69792237967

          Identifiers

          • None

          org.seleniumhq.selenium.selenium-remote-driver-4.35.0.jar: getAttribute.js

          File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/org.seleniumhq.selenium.selenium-remote-driver-4.35.0.jar/org/openqa/selenium/remote/getAttribute.js
          MD5: 232e1624f3d4f2a8f9487a81b9901103
          SHA1: 527dc161296244e355a5e0f9b1b0218b1f285fc2
          SHA256:76674bf5db7e04c72b97ab441c5790cb9b46682fc9dd6109a38342b9be96f274

          Identifiers

          • None

          org.seleniumhq.selenium.selenium-remote-driver-4.35.0.jar: isDisplayed.js

          File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/org.seleniumhq.selenium.selenium-remote-driver-4.35.0.jar/org/openqa/selenium/remote/isDisplayed.js
          MD5: 727e11fb186de471c2bbea2999d5ff91
          SHA1: 7264278c39f16c6881a477b4a1f22bbfae3ac960
          SHA256:ae26018c01cd27448b250f8e55a094cbfcd2e2cbbe171c78aaa906e1b5c3ed7c

          Identifiers

          • None

          org.seleniumhq.selenium.selenium-remote-driver-4.35.0.jar: mutation-listener.js

          File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/org.seleniumhq.selenium.selenium-remote-driver-4.35.0.jar/org/openqa/selenium/devtools/mutation-listener.js
          MD5: 81f59e36bde07e051c3cb92a4986b327
          SHA1: 676e0a28a5a1353e89469acaad1b08adc62c795d
          SHA256:2c2083c9a49f65c510d68d3620a57d4dfedc8dc0fcc32524c1ccb11c6329ea07

          Identifiers

          • None

          org.seleniumhq.selenium.selenium-support-4.35.0.jar: findElements.js

          File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/org.seleniumhq.selenium.selenium-support-4.35.0.jar/org/openqa/selenium/support/locators/findElements.js
          MD5: 414fb857f6ff729f9336da3fc3981621
          SHA1: 9d0511915a5cadb261832d87085cebb37b0478f0
          SHA256:adc9a973afd2dbc0b24176272096f71fe2a37551ef3262d3973dfd5bc098022b

          Identifiers

          • None

          org.slf4j.slf4j-api-2.0.17.jar

          Description:

          The slf4j API

          License:

          https://opensource.org/license/mit
          File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/org.slf4j.slf4j-api-2.0.17.jar
          MD5: b6480d114a23683498ac3f746f959d2f
          SHA1: d9e58ac9c7779ba3bf8142aff6c830617a7fe60f
          SHA256:7b751d952061954d5abfed7181c1f645d336091b679891591d63329c622eb832

          Identifiers

          • None

          org.wildfly.common.wildfly-common-2.0.1.jar

          File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/org.wildfly.common.wildfly-common-2.0.1.jar
          MD5: b0b9f3faf5b8394fc73e507e0ff4dbbc
          SHA1: 5db5c5f2d04a1c0a3f7fe678030d3ec3760f81a3
          SHA256:fa4a710db7ae3e598a5f41639eb54e9f7b09de5fd0f58f56bd6070f21d956374

          Identifiers

          CVE-2020-10718  

          A flaw was found in Wildfly before wildfly-embedded-13.0.0.Final, where the embedded managed process API has an exposed setting of the Thread Context Classloader (TCCL). This setting is exposed as a public method, which can bypass the security manager. The highest threat from this vulnerability is to confidentiality.
          NVD-CWE-Other

          CVSSv3:
          • Base Score: HIGH (7.5)
          • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A
          CVSSv2:
          • Base Score: MEDIUM (5.0)
          • Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N

          References:

          Vulnerable Software & Versions: (show all)

          CVE-2020-10740  

          A vulnerability was found in Wildfly in versions before 20.0.0.Final, where a remote deserialization attack is possible in the Enterprise Application Beans(EJB) due to lack of validation/filtering capabilities in wildfly.
          CWE-502 Deserialization of Untrusted Data

          CVSSv3:
          • Base Score: HIGH (7.5)
          • Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:1.6/RC:R/MAV:A
          CVSSv2:
          • Base Score: MEDIUM (6.0)
          • Vector: /AV:N/AC:M/Au:S/C:P/I:P/A:P

          References:

          Vulnerable Software & Versions:

          CVE-2022-1278  

          A flaw was found in WildFly, where an attacker can see deployment names, endpoints, and any other data the trace payload may contain.
          CWE-1188 Insecure Default Initialization of Resource

          CVSSv3:
          • Base Score: HIGH (7.5)
          • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A

          References:

          Vulnerable Software & Versions: (show all)

          CVE-2020-25689  

          A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, generating new connections which are not properly closed while not able to connect to domain-controller. This flaw allows an attacker to cause an Out of memory (OOM) issue, leading to a denial of service. The highest threat from this vulnerability is to system availability.
          CWE-401 Missing Release of Memory after Effective Lifetime

          CVSSv3:
          • Base Score: MEDIUM (6.5)
          • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A
          CVSSv2:
          • Base Score: MEDIUM (6.8)
          • Vector: /AV:N/AC:L/Au:S/C:N/I:N/A:C

          References:

          Vulnerable Software & Versions: (show all)

          CVE-2025-23367  

          A flaw was found in the Wildfly Server Role Based Access Control (RBAC) provider. When authorization to control management operations is secured using the Role Based Access Control provider, a user without the required privileges can suspend or resume the server. A user with a Monitor or Auditor role is supposed to have only read access permissions and should not be able to suspend the server. 
The vulnerability is caused by the Suspend and Resume handlers not performing authorization checks to validate whether the current user has the required permissions to proceed with the action.
          CWE-284 Improper Access Control, NVD-CWE-noinfo

          CVSSv3:
          • Base Score: MEDIUM (6.5)
          • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A

          References:

          Vulnerable Software & Versions: (show all)

          CVE-2018-14627  

          The IIOP OpenJDK Subsystem in WildFly before version 14.0.0 does not honour configuration when SSL transport is required. Servers before this version that are configured with the following setting allow clients to create plaintext connections: <transport-config confidentiality="required" trust-in-target="supported"/>
          CWE-319 Cleartext Transmission of Sensitive Information

          CVSSv3:
          • Base Score: MEDIUM (5.9)
          • Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:2.2/RC:R/MAV:A
          CVSSv2:
          • Base Score: MEDIUM (4.3)
          • Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N

          References:

          Vulnerable Software & Versions:

          CVE-2020-1719  

          A flaw was found in wildfly. The EJBContext principle is not popped back after invoking another EJB using a different Security Domain. The highest threat from this vulnerability is to data confidentiality and integrity. Versions before wildfly 20.0.0.Final are affected.
          CWE-270 Privilege Context Switching Error

          CVSSv3:
          • Base Score: MEDIUM (5.4)
          • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:2.8/RC:R/MAV:A
          CVSSv2:
          • Base Score: MEDIUM (5.5)
          • Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:N

          References:

          Vulnerable Software & Versions:

          CVE-2020-25640  

          A flaw was discovered in WildFly before 21.0.0.Final where, Resource adapter logs plain text JMS password at warning level on connection error, inserting sensitive information in the log file.
          CWE-532 Insertion of Sensitive Information into Log File, CWE-209 Generation of Error Message Containing Sensitive Information

          CVSSv3:
          • Base Score: MEDIUM (5.3)
          • Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:1.6/RC:R/MAV:A
          CVSSv2:
          • Base Score: LOW (3.5)
          • Vector: /AV:N/AC:M/Au:S/C:P/I:N/A:N

          References:

          Vulnerable Software & Versions:

          CVE-2021-3536  

          A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin console, it is possible to add a payload in the name field, leading to XSS. This affects Confidentiality and Integrity.
          CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

          CVSSv3:
          • Base Score: MEDIUM (4.8)
          • Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N/E:1.7/RC:R/MAV:A
          CVSSv2:
          • Base Score: LOW (3.5)
          • Vector: /AV:N/AC:M/Au:S/C:N/I:P/A:N

          References:

          Vulnerable Software & Versions: (show all)

          CVE-2019-3805  

          A flaw was discovered in wildfly versions up to 16.0.0.Final that would allow local users who are able to execute init.d script to terminate arbitrary processes on the system. An attacker could exploit this by modifying the PID file in /var/run/jboss-eap/ allowing the init.d script to terminate any process as root.
          CWE-269 Improper Privilege Management, CWE-364 Signal Handler Race Condition

          CVSSv3:
          • Base Score: MEDIUM (4.7)
          • Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:1.0/RC:R/MAV:A
          CVSSv2:
          • Base Score: MEDIUM (4.7)
          • Vector: /AV:L/AC:M/Au:N/C:N/I:N/A:C

          References:

          Vulnerable Software & Versions: (show all)

          CVE-2021-3503  

          A flaw was found in Wildfly where insufficient RBAC restrictions may lead to expose metrics data. The highest threat from this vulnerability is to the confidentiality.
          NVD-CWE-noinfo, CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

          CVSSv3:
          • Base Score: MEDIUM (4.3)
          • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:2.8/RC:R/MAV:A
          CVSSv2:
          • Base Score: MEDIUM (4.0)
          • Vector: /AV:N/AC:L/Au:S/C:P/I:N/A:N

          References:

          Vulnerable Software & Versions:

          org.yaml.snakeyaml-2.5.jar

          Description:

          YAML 1.1 parser and emitter for Java

          License:

          http://www.apache.org/licenses/LICENSE-2.0.txt
          File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/lib/main/org.yaml.snakeyaml-2.5.jar
          MD5: 8d3b7581db5c7620db55183f33a4f2ad
          SHA1: 2d53ddec134280cb384c1e35d094e5f71c1f2316
          SHA256:e6682acf1ace77508ef13649cbf4f8d09d2cf5457bdb61d25ffb6ac0233d78dd

          Identifiers

          • cpe:2.3:a:snakeyaml_project:snakeyaml:2.5:*:*:*:*:*:*:*  (Confidence:Low)  

          packageurl-java-1.5.0.jar

          Description:

          The official Java implementation of the PackageURL specification. PackageURL (purl) is a minimal
        specification for describing a package via a "mostly universal" URL.

          License:

          MIT: https://opensource.org/licenses/MIT
          File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/com/github/package-url/packageurl-java/1.5.0/packageurl-java-1.5.0.jar
          MD5: 90856d8bb5b17e08fdf03b6a2f93b81c
          SHA1: e6bf530f52feab911f4032604ca0b8216f7ff337
          SHA256:e45551727707acc0c56ac62d56964332ea0f138d6cc3656d988b9369150f5247

          Identifiers

          • pkg:maven/com.github.package-url/packageurl-java@1.5.0  (Confidence:High)

          password.module.js

          File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/component/password/password.module.js
          MD5: 157c15d8a5715ec79759fe71fbafacc4
          SHA1: f4102745ad1d0e169512a85a4d0efaf970840a6f
          SHA256:8036d9010f8023b9404e55bc11743fc85113916a75f97d93a7e1c640fe4fd707

          Identifiers

          • None

          password.module.min.js

          File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/component/password/password.module.min.js
          MD5: 35b140d16e946e810022dc6a91be510b
          SHA1: 521fbacc87fb381dbccad68d2287f5a4c0ea6fdf
          SHA256:af7eac27a15c3c497910da7c18856d96544b1f7c2342e5f6d9b29461077791ce

          Identifiers

          • None

          password.nomodule.js

          File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/component/password/password.nomodule.js
          MD5: 8c19df4a179023b3942ac931ca6e7613
          SHA1: 726e97684e8f23b769c8c7cf761016516ac06f1c
          SHA256:48e2a5a6a74983ba87a3aac0d6dbd1f0e16370486aeb5f9538edff57ae131b32

          Identifiers

          • None

          password.nomodule.min.js

          File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/component/password/password.nomodule.min.js
          MD5: 70885f88c465e7371e8aca0f721224a4
          SHA1: 29aab4e9b1000b9437f981f63daab698d16bf876
          SHA256:c16cb07de0ef607ff937bc51cee017aca96be99e744b9cf6e543d0107594475c

          Identifiers

          • None

          patch.module.js

          File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/patch/patch.module.js
          MD5: 18e4e7f59999c2b3024530d012c1bd7e
          SHA1: fc0067ea5d543dfd30790f965fe76ac7a8d8d4cb
          SHA256:729385a8afa8897d516d187bd27a76131fd46dc410a8ce7bde4885c5ae2b039e

          Identifiers

          • None

          patch.module.min.js

          File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/patch/patch.module.min.js
          MD5: 2c5726ee2cf598f9743e8d289dca8445
          SHA1: bea9aa29eac44254ff41b68014652d7c19313ea3
          SHA256:d12ff8e50cf0cd44080c3b0c3f7dac06c2ceaae919dc99e49cd7cf7407da799c

          Identifiers

          • None

          patch.nomodule.js

          File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/patch/patch.nomodule.js
          MD5: feeaa98f3e6a1915eab991dbff486a17
          SHA1: 30ce1990694d3f7154da06b182df951c61447542
          SHA256:a4cbf55f0d870d2470de49bb186b14c43a2aa5ab8b2f33fbe47431ccc19be9a9

          Identifiers

          • None

          patch.nomodule.min.js

          File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/patch/patch.nomodule.min.js
          MD5: 0ceae623ae794ba5fed88487f14016ff
          SHA1: 97c4f05021a1d99193164e58179165d6db871add
          SHA256:43e0af7c1541efe1ecbc02876066319fa77900aa7b0d82bf41ab2bd3bb35b97e

          Identifiers

          • None

          plexus-archiver-4.4.0.jar

          File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/codehaus/plexus/plexus-archiver/4.4.0/plexus-archiver-4.4.0.jar
          MD5: 31d86104d3613dab27830f45c9ee9819
          SHA1: beb1a3813167d15684d6516a272a1ca499cb8b60
          SHA256:43c75ef577d610ab77ec2894acbde0c72604416ba8ba8b49e9a740d045a40250

          Identifiers

          CVE-2023-37460  

          Plexis Archiver is a collection of Plexus components to create archives or extract archives to a directory with a unified `Archiver`/`UnArchiver` API. Prior to version 4.8.0, using AbstractUnArchiver for extracting an archive might lead to an arbitrary file creation and possibly remote code execution. When extracting an archive with an entry that already exists in the destination directory as a symbolic link whose target does not exist - the `resolveFile()` function will return the symlink's source instead of its target, which will pass the verification that ensures the file will not be extracted outside of the destination directory. Later `Files.newOutputStream()`, that follows symlinks by default,  will actually write the entry's content to the symlink's target. Whoever uses plexus archiver to extract an untrusted archive is vulnerable to an arbitrary file creation and possibly remote code execution. Version 4.8.0 contains a patch for this issue.
          CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), CWE-61 UNIX Symbolic Link (Symlink) Following

          CVSSv3:
          • Base Score: CRITICAL (9.8)
          • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A

          References:

          Vulnerable Software & Versions:

          plexus-build-api-0.0.7.jar

          File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/sonatype/plexus/plexus-build-api/0.0.7/plexus-build-api-0.0.7.jar
          MD5: 49f0f8c6bdf2687e358870a4fc1559c6
          SHA1: e6ba5cd4bfd8de00235af936e7f63eb24ed436e6
          SHA256:934171640fbd3d2495c50b79b0d9adb11e2c83e65bad157df8fe34bcac0ff798

          Identifiers

          • pkg:maven/org.sonatype.plexus/plexus-build-api@0.0.7  (Confidence:High)

          plexus-cipher-2.0.jar

          File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/codehaus/plexus/plexus-cipher/2.0/plexus-cipher-2.0.jar
          MD5: 55d612839faf248cbe3e273969c002c2
          SHA1: 425ea8e534716b4bff1ea90f39bd76be951d651b
          SHA256:9a7f1b5c5a9effd61eadfd8731452a2f76a8e79111fac391ef75ea801bea203a

          Identifiers

          • pkg:maven/org.codehaus.plexus/plexus-cipher@2.0  (Confidence:High)

          plexus-classworlds-2.6.0.jar

          Description:

          A class loader framework

          License:

          http://www.apache.org/licenses/LICENSE-2.0.txt
          File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/codehaus/plexus/plexus-classworlds/2.6.0/plexus-classworlds-2.6.0.jar
          MD5: 67e722b27e3a33b33c1b263b99dd7c43
          SHA1: 8587e80fcb38e70b70fae8d5914b6376bfad6259
          SHA256:52f77c5ec49f787c9c417ebed5d6efd9922f44a202f217376e4f94c0d74f3549

          Identifiers

          • pkg:maven/org.codehaus.plexus/plexus-classworlds@2.6.0  (Confidence:High)

          plexus-compiler-api-2.15.0.jar

          Description:

          Plexus Compilers component's API to manipulate compilers.

          File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/codehaus/plexus/plexus-compiler-api/2.15.0/plexus-compiler-api-2.15.0.jar
          MD5: 6e3034fd2c3748665a2f460bc6ae6919
          SHA1: 1bd59395d358ca695fddc7b9dc594483f4140601
          SHA256:d31d744eb69f77dffd3722dca4094758e0f90e79918a7b3b9fdc37ce49b60342

          Identifiers

          • pkg:maven/org.codehaus.plexus/plexus-compiler-api@2.15.0  (Confidence:High)

          plexus-compiler-javac-2.15.0.jar

          Description:

          Javac Compiler support for Plexus Compiler component.

          File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/codehaus/plexus/plexus-compiler-javac/2.15.0/plexus-compiler-javac-2.15.0.jar
          MD5: 5def81afaf940f3ca616d2503d23c76b
          SHA1: 48069fe3c512b09e8aa32d77929c190a6faba790
          SHA256:89603334988453b9cf4d7ec404d4b54f140de28b678d6a8e8edc448240dd0e90

          Identifiers

          • pkg:maven/org.codehaus.plexus/plexus-compiler-javac@2.15.0  (Confidence:High)

          plexus-compiler-manager-2.15.0.jar

          File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/codehaus/plexus/plexus-compiler-manager/2.15.0/plexus-compiler-manager-2.15.0.jar
          MD5: 17484af69415a6b302a3899d56173c45
          SHA1: 4c6d2fc56063e2c62b953a2da9ad60c19097474d
          SHA256:c13b12c32a18b00e457de9b93cfc3d5593bfa1fb992b2c46a3498be1a77c4889

          Identifiers

          • pkg:maven/org.codehaus.plexus/plexus-compiler-manager@2.15.0  (Confidence:High)

          plexus-component-annotations-2.1.0.jar

          Description:

              Plexus Component "Java 5" Annotations, to describe plexus components properties in java sources with
    standard annotations instead of javadoc annotations.

          File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/codehaus/plexus/plexus-component-annotations/2.1.0/plexus-component-annotations-2.1.0.jar
          MD5: 141fd7a2ae613cb17d25ecd54b43eb3f
          SHA1: 2f2147a6cc6a119a1b51a96f31d45c557f6244b9
          SHA256:bde3617ce9b5bcf9584126046080043af6a4b3baea40a3b153f02e7bbc32acac

          Identifiers

          • pkg:maven/org.codehaus.plexus/plexus-component-annotations@2.1.0  (Confidence:High)

          plexus-interactivity-api-1.3.jar

          File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/codehaus/plexus/plexus-interactivity-api/1.3/plexus-interactivity-api-1.3.jar
          MD5: 1c388abeb295c9959ff55292cb8e98c4
          SHA1: e60b726018558aeb86ca9a0299ec952f2d927b65
          SHA256:c26de0f7a578a82f8116aced2c3c62f5e06dc1815a8fe22b1af0c1467f2edb25

          Identifiers

          • pkg:maven/org.codehaus.plexus/plexus-interactivity-api@1.3  (Confidence:High)

          plexus-interpolation-1.26.jar

          Description:

          The Plexus project provides a full software stack for creating and executing software projects.

          License:

          http://www.apache.org/licenses/LICENSE-2.0.txt
          File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/codehaus/plexus/plexus-interpolation/1.26/plexus-interpolation-1.26.jar
          MD5: 1049ae9f5cd8cf618abf5bc5805e6b94
          SHA1: 25b919c664b79795ccde0ede5cee0fd68b544197
          SHA256:b3b5412ce17889103ea564bcdfcf9fb3dfa540344ffeac6b538a73c9d7182662

          Identifiers

          • pkg:maven/org.codehaus.plexus/plexus-interpolation@1.26  (Confidence:High)

          plexus-io-3.4.0.jar

          File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/codehaus/plexus/plexus-io/3.4.0/plexus-io-3.4.0.jar
          MD5: 9d53b13ce81b2aa1544963a08d56cc1e
          SHA1: de55d9e6f1fd3cadc483f7a8a893b72e2b75403b
          SHA256:cd4da2ffd9adddfa30878350878286a5cfb332f7aeb08a39f24465c55e0cfb38

          Identifiers

          • pkg:maven/org.codehaus.plexus/plexus-io@3.4.0  (Confidence:High)

          plexus-java-1.2.0.jar

          File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/codehaus/plexus/plexus-java/1.2.0/plexus-java-1.2.0.jar
          MD5: fc0976d9a939e5afe5c543f72438f290
          SHA1: 3f161764aac786d64c4cac26511215369250d4fd
          SHA256:4d2d63cdcad46feba432110ef64bcdc8f8fad48538fda5cd2253686b45a94304

          Identifiers

          • pkg:maven/org.codehaus.plexus/plexus-java@1.2.0  (Confidence:High)

          plexus-java-1.4.0.jar

          File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/codehaus/plexus/plexus-java/1.4.0/plexus-java-1.4.0.jar
          MD5: 365258bc1e631844c54f5386e4ea8c2b
          SHA1: 85efa6e13ef450deb94f6cb0a812a4e7acf74009
          SHA256:e295f379d7885edec5d9501ee0a9152300359167f875dc7c483305c9799d70d0

          Identifiers

          • pkg:maven/org.codehaus.plexus/plexus-java@1.4.0  (Confidence:High)

          plexus-sec-dispatcher-2.0.jar

          File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/codehaus/plexus/plexus-sec-dispatcher/2.0/plexus-sec-dispatcher-2.0.jar
          MD5: e68635a721630177ac70173e441336b6
          SHA1: f89c5080614ffd0764e49861895dbedde1b47237
          SHA256:873139960c4c780176dda580b003a2c4bf82188bdce5bb99234e224ef7acfceb

          Identifiers

          plexus-utils-3.0.24.jar

          Description:

          A collection of various utility classes to ease working with strings, files, command lines, XML and
    more.

          File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/codehaus/plexus/plexus-utils/3.0.24/plexus-utils-3.0.24.jar
          MD5: fbefd8983c6bb4928c27c680463ff355
          SHA1: b4ac9780b37cb1b736eae9fbcef27609b7c911ef
          SHA256:83ee748b12d06afb0ad4050a591132b3e8025fbb1990f1ed002e8b73293e69b4

          Identifiers

          plexus-utils-3.4.2.jar

          Description:

          A collection of various utility classes to ease working with strings, files, command lines, XML and
    more.

          File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/codehaus/plexus/plexus-utils/3.4.2/plexus-utils-3.4.2.jar
          MD5: c1c94fdc23c54654c59909136b85cf5f
          SHA1: 82445e007f9009ac5ba6ae5d6b6898c4ce54dcf6
          SHA256:f957f13604ea1686de805801862f339dbbb6eab9a66f9cc7e4a5c5b27e4fcecc

          Identifiers

          plexus-utils-3.5.1.jar

          Description:

          A collection of various utility classes to ease working with strings, files, command lines, XML and
    more.

          File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/codehaus/plexus/plexus-utils/3.5.1/plexus-utils-3.5.1.jar
          MD5: cdec471a77f52e687d0df4c43f392a71
          SHA1: c6bfb17c97ecc8863e88778ea301be742c62b06d
          SHA256:86e0255d4c879c61b4833ed7f13124e8bb679df47debb127326e7db7dd49a07b

          Identifiers

          plexus-utils-4.0.1.jar

          Description:

          A collection of various utility classes to ease working with strings, files, command lines and
    more.

          File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/codehaus/plexus/plexus-utils/4.0.1/plexus-utils-4.0.1.jar
          MD5: 0fa4c6aabfa676c4a1a1bf0c7473f684
          SHA1: 2162c639aa9b081ef2a0be9d41643513e284bf99
          SHA256:96b9cc44439191d2d0635974e2d44e768736b4fb2abcb65f94cd95e41912fa8b

          Identifiers

          plexus-utils-4.0.2.jar

          Description:

          A collection of various utility classes to ease working with strings, files, command lines and
    more.

          License:

          Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
          File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/codehaus/plexus/plexus-utils/4.0.2/plexus-utils-4.0.2.jar
          MD5: 4cfdd73e436702d319d551a44fcea500
          SHA1: 9526a9548b302572f23337fcc217fb4cc713b9c3
          SHA256:8957274e75fe2c278b1428dd16a0daeee1dd38152cb6eff816177ac28fccb697

          Identifiers

          plexus-xml-3.0.1.jar

          Description:

          A collection of various utility classes to ease working with XML in Maven 3.

          File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/codehaus/plexus/plexus-xml/3.0.1/plexus-xml-3.0.1.jar
          MD5: cd868918ebc742350840124ea4422ab0
          SHA1: b0e73c21402f03c2765674b8dede21673b3288cf
          SHA256:c1a510a87a62bd2d74ac1472dd31c3f9e9b0b8b8568f37d77c0f135415bebd05

          Identifiers

          • pkg:maven/org.codehaus.plexus/plexus-xml@3.0.1  (Confidence:High)

          plexus-xml-4.0.2.jar

          Description:

          A collection of various utility classes to ease working with XML.

          File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/codehaus/plexus/plexus-xml/4.0.2/plexus-xml-4.0.2.jar
          MD5: b3b3361793dd7ece137750fabb1dc4b5
          SHA1: 5a4af48449edfd559edf6a52be3ae1e632d1ff3c
          SHA256:e55f26425ad1ce948e4fca7b0fde5ecc9b0ba90d326c6ecc25a8e0e56ccfb6fd

          Identifiers

          • pkg:maven/org.codehaus.plexus/plexus-xml@4.0.2  (Confidence:High)

          postgresql-1.21.3.jar

          Description:

          Isolated container management for Java code testing

          License:

          MIT: http://opensource.org/licenses/MIT
          File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/testcontainers/postgresql/1.21.3/postgresql-1.21.3.jar
          MD5: 080a2eee3872efcbd7e201a775554fde
          SHA1: db5a90e4999db85e0c22fc8503075c0af7c3c644
          SHA256:cbcc9e5b40a5d1c4203e6fcda7a578c607d47f4197bf489d5e0d0e7e844f44fc

          Identifiers

          prettify.js

          File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/jacoco-report/jacoco-resources/prettify.js
          MD5: 4b337aaa3c606cfc1a6ff1986db2c8cb
          SHA1: 290093755739da933c180ae7e7ebf283724dad1d
          SHA256:743c6c4cab9499cd0bfe18a5a62281eccce843f47ec75eedb32eeb29c755aa68

          Identifiers

          • None

          qdox-2.0.3.jar

          Description:

              QDox is a high speed, small footprint parser for extracting class/interface/method definitions from source files
    complete with JavaDoc @tags. It is designed to be used by active code generators or documentation tools.

          License:

          The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
          File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/com/thoughtworks/qdox/qdox/2.0.3/qdox-2.0.3.jar
          MD5: 1a599568ea16556d01a008d9e062ac89
          SHA1: d70143d2a58e7b16a8ec73a495508d43a085d83b
          SHA256:ff70c10165714fe9546c418a65d74ecd5d57623ba408cecde9428f0a609b5d1c

          Identifiers

          • pkg:maven/com.thoughtworks.qdox/qdox@2.0.3  (Confidence:High)

          qdox-2.2.0.jar

          Description:

              QDox is a high speed, small footprint parser for extracting class/interface/method definitions from source files
    complete with JavaDoc @tags. It is designed to be used by active code generators or documentation tools.

          License:

          The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
          File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/com/thoughtworks/qdox/qdox/2.2.0/qdox-2.2.0.jar
          MD5: 1585e7fc441f9d256cdd965718836152
          SHA1: 39651eb3ce73d6e506490ea352e1e13eab6b55e8
          SHA256:c260c3230b2340af97d54bf01f7f67ebc57c901922736c881bb11cb981302be2

          Identifiers

          • pkg:maven/com.thoughtworks.qdox/qdox@2.2.0  (Confidence:High)

          quarkus-agroal-deployment-3.30.6.jar: qwc-agroal-datasource.js

          File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/io/quarkus/quarkus-agroal-deployment/3.30.6/quarkus-agroal-deployment-3.30.6.jar/dev-ui/qwc-agroal-datasource.js
          MD5: 009047e55c30127b12a94af2229173ab
          SHA1: 5dc54b72c8c8f4dca4f2cc3bce506bfab7f01707
          SHA256:dd8973d49e9c530d574b0164a5f71914b36cd11e7deb1e7a7b05e02eb6297ab7

          Identifiers

          • None

          quarkus-arc-deployment-3.30.6.jar: qwc-arc-bean-graph.js

          File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/io/quarkus/quarkus-arc-deployment/3.30.6/quarkus-arc-deployment-3.30.6.jar/dev-ui/qwc-arc-bean-graph.js
          MD5: c9e6db609eacbbddc722ceabfa29bae6
          SHA1: d0c1a5d1ee2f652784a2528709cb4684531a120e
          SHA256:091f37876637d71a879e81a86108f15116c845c779a46a824f9901b11d4cb8e7

          Identifiers

          • None

          quarkus-arc-deployment-3.30.6.jar: qwc-arc-beans.js

          File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/io/quarkus/quarkus-arc-deployment/3.30.6/quarkus-arc-deployment-3.30.6.jar/dev-ui/qwc-arc-beans.js
          MD5: 8c114dd2077b862c5fd0869865a6a74b
          SHA1: 1d751ce83e65678229b580a2137e04635e09be00
          SHA256:ff91e4100e476e889cc2959fae3a13724e75864c5ebcc9f587c52365a17741c1

          Identifiers

          • None

          quarkus-arc-deployment-3.30.6.jar: qwc-arc-decorators.js

          File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/io/quarkus/quarkus-arc-deployment/3.30.6/quarkus-arc-deployment-3.30.6.jar/dev-ui/qwc-arc-decorators.js
          MD5: 8e249bb483e9ed9dacbd0ac09b06ba8e
          SHA1: 7c45d6ab15708c9e662e052460d5076031c2e36d
          SHA256:a3710bf6217dd4bc3229d1b71d77f0d9244fe3816024a2fcbd7b8e426d2c6c69

          Identifiers

          • None

          quarkus-arc-deployment-3.30.6.jar: qwc-arc-fired-events.js

          File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/io/quarkus/quarkus-arc-deployment/3.30.6/quarkus-arc-deployment-3.30.6.jar/dev-ui/qwc-arc-fired-events.js
          MD5: 396c7dbc25f000a01fa3675528cb8e20
          SHA1: 0ad1e62a7d1d2a0edda71d8944f2ce056432760b
          SHA256:1ad96c3b0c963a23e72af43155f5d9285d85f81a382b0ba1761959f34b4fb3d1

          Identifiers

          • None

          quarkus-arc-deployment-3.30.6.jar: qwc-arc-interceptors.js

          File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/io/quarkus/quarkus-arc-deployment/3.30.6/quarkus-arc-deployment-3.30.6.jar/dev-ui/qwc-arc-interceptors.js
          MD5: f2bc57b1b0b28fcdb6bb1ddea4ce4c87
          SHA1: dbe166bd840a7de390ff0370961386c63541b75b
          SHA256:29f74fd5479dfab448dd7bf8b6ef010f1ef4c71675be64730c5f22635db7662c

          Identifiers

          • None

          quarkus-arc-deployment-3.30.6.jar: qwc-arc-invocation-trees.js

          File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/io/quarkus/quarkus-arc-deployment/3.30.6/quarkus-arc-deployment-3.30.6.jar/dev-ui/qwc-arc-invocation-trees.js
          MD5: 1ab5c76aa17b6f1ef9ee4ba4fb502908
          SHA1: 4c252712a227eed6a75084114e9ad739583f19f2
          SHA256:0d9ce23d7475180e455188f44c36c7da9724090d6aded89a61074df6d486c195

          Identifiers

          • None

          quarkus-arc-deployment-3.30.6.jar: qwc-arc-observers.js

          File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/io/quarkus/quarkus-arc-deployment/3.30.6/quarkus-arc-deployment-3.30.6.jar/dev-ui/qwc-arc-observers.js
          MD5: 94ca62e780dbfe46eeae19678e13966d
          SHA1: eb020be57b868757bf4618def16731407c395465
          SHA256:def457f2e2791b05b0abdb3cb85667834463849d77d46f83fd7c2bc43e3f29bf

          Identifiers

          • None

          quarkus-arc-deployment-3.30.6.jar: qwc-arc-removed-components.js

          File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/io/quarkus/quarkus-arc-deployment/3.30.6/quarkus-arc-deployment-3.30.6.jar/dev-ui/qwc-arc-removed-components.js
          MD5: 2ad8dff203ff526dc96d1f4b9552810a
          SHA1: 7567807968faef410652d9d4c8f1a4dceeeb5016
          SHA256:ce3a22776c1e30a945d34547a0e91d4480e7a7fcc0dfe08ad16acd3f4d607b2a

          Identifiers

          • None

          quarkus-arc-dev-3.30.6.jar

          Description:

          Build time CDI dependency injection - Dev mode only

          License:

          Apache License 2.0
          File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/io/quarkus/quarkus-arc-dev/3.30.6/quarkus-arc-dev-3.30.6.jar
          MD5: 2e3f7aa88371add821178b6d55e0f529
          SHA1: 6f070be9465fcf6496f80accbb622bd0dbf83877
          SHA256:01e5ea60062d7e1be6dd43f24e95902970e4ae16f586e05e63bbdf337a054fc1

          Identifiers

          quarkus-container-image-deployment-3.30.6.jar: qwc-container-image-build.js

          File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/io/quarkus/quarkus-container-image-deployment/3.30.6/quarkus-container-image-deployment-3.30.6.jar/dev-ui/qwc-container-image-build.js
          MD5: e04515564dd31c6ab40909c683872b5c
          SHA1: b555e9d6e8de8d1c0272d29cc001b7ab9deff44a
          SHA256:31597f38c2619913392148790ef7fae2e2efb0ba86fe441f8abcd7dc23443750

          Identifiers

          • None

          quarkus-datasource-deployment-3.30.6.jar: qwc-datasources-reset.js

          File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/io/quarkus/quarkus-datasource-deployment/3.30.6/quarkus-datasource-deployment-3.30.6.jar/dev-ui/qwc-datasources-reset.js
          MD5: ecd12861dcd8cfd038377dbcff6e5976
          SHA1: b7fbfca17e3e65b8ce8696c702a02730ec0e4471
          SHA256:80500db4acf496fcf8e2e26da5b96623d83fb2a38ee6b15f296f1d573b573496

          Identifiers

          • None

          quarkus-devservices-keycloak-3.30.6.jar

          License:

          Apache License 2.0
          File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/io/quarkus/quarkus-devservices-keycloak/3.30.6/quarkus-devservices-keycloak-3.30.6.jar
          MD5: e58ae7abcef3521c9f2ac6381e3bf00f
          SHA1: 8bcd30db6257e845fe7fc3df382cebfebdf0fb21
          SHA256:a1dceacd10f34dd59c4db299c205b90f6e1fafc42c267e8b812d15523c5e8894

          Identifiers

          quarkus-devservices-postgresql-3.30.6.jar

          License:

          Apache License 2.0
          File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/io/quarkus/quarkus-devservices-postgresql/3.30.6/quarkus-devservices-postgresql-3.30.6.jar
          MD5: 13b7f4cc5b1a1fe49833b9d040ee4d16
          SHA1: c158ef5df5ea3828baaddb99460f20a3b415af62
          SHA256:c0783d9d335e3d91c75015747ca2a42446c2b0391abc609383e95c2f9b7e6674

          Identifiers

          CVE-2015-0244  

          PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 does not properly handle errors while reading a protocol message, which allows remote attackers to conduct SQL injection attacks via crafted binary data in a parameter and causing an error, which triggers the loss of synchronization and part of the protocol message to be treated as a new message, as demonstrated by causing a timeout or query cancellation.
          CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

          CVSSv3:
          • Base Score: CRITICAL (9.8)
          • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
          CVSSv2:
          • Base Score: HIGH (7.5)
          • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

          References:

          Vulnerable Software & Versions: (show all)

          CVE-2015-3166  

          The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 does not properly handle system-call errors, which allows attackers to obtain sensitive information or have other unspecified impact via unknown vectors, as demonstrated by an out-of-memory error.
          CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

          CVSSv3:
          • Base Score: CRITICAL (9.8)
          • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
          CVSSv2:
          • Base Score: HIGH (7.5)
          • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

          References:

          Vulnerable Software & Versions: (show all)

          CVE-2019-10211  

          Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via bundled OpenSSL executing code from unprotected directory.
          CWE-94 Improper Control of Generation of Code ('Code Injection'), NVD-CWE-noinfo

          CVSSv3:
          • Base Score: CRITICAL (9.8)
          • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
          CVSSv2:
          • Base Score: HIGH (7.5)
          • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

          References:

          Vulnerable Software & Versions: (show all)

          CVE-2018-1115  

          postgresql before versions 10.4, 9.6.9 is vulnerable in the adminpack extension, the pg_catalog.pg_logfile_rotate() function doesn't follow the same ACLs than pg_rorate_logfile. If the adminpack is added to a database, an attacker able to connect to it could exploit this to force log rotation.
          CWE-732 Incorrect Permission Assignment for Critical Resource

          CVSSv3:
          • Base Score: CRITICAL (9.1)
          • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H/E:3.9/RC:R/MAV:A
          CVSSv2:
          • Base Score: MEDIUM (6.4)
          • Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:P

          References:

          Vulnerable Software & Versions: (show all)

          CVE-2015-0241  

          The to_char function in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a (1) large number of digits when processing a numeric formatting template, which triggers a buffer over-read, or (2) crafted timestamp formatting template, which triggers a buffer overflow.
          CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

          CVSSv3:
          • Base Score: HIGH (8.8)
          • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:2.8/RC:R/MAV:A
          CVSSv2:
          • Base Score: MEDIUM (6.5)
          • Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P

          References:

          Vulnerable Software & Versions: (show all)

          CVE-2015-0242  

          Stack-based buffer overflow in the *printf function implementations in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1, when running on a Windows system, allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a floating point number with a large precision, as demonstrated by using the to_char function.
          CWE-787 Out-of-bounds Write

          CVSSv3:
          • Base Score: HIGH (8.8)
          • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:2.8/RC:R/MAV:A
          CVSSv2:
          • Base Score: MEDIUM (6.5)
          • Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P

          References:

          Vulnerable Software & Versions: (show all)

          CVE-2015-0243  

          Multiple buffer overflows in contrib/pgcrypto in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.
          CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

          CVSSv3:
          • Base Score: HIGH (8.8)
          • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:2.8/RC:R/MAV:A
          CVSSv2:
          • Base Score: MEDIUM (6.5)
          • Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P

          References:

          Vulnerable Software & Versions: (show all)

          CVE-2019-10127  

          A vulnerability was found in postgresql versions 11.x prior to 11.3. The Windows installer for BigSQL-supplied PostgreSQL does not lock down the ACL of the binary installation directory or the ACL of the data directory; it keeps the inherited ACL. In the default configuration, an attacker having both an unprivileged Windows account and an unprivileged PostgreSQL account can cause the PostgreSQL service account to execute arbitrary code. An attacker having only the unprivileged Windows account can read arbitrary data directory files, essentially bypassing database-imposed read access limitations. An attacker having only the unprivileged Windows account can also delete certain data directory files.
          CWE-284 Improper Access Control

          CVSSv3:
          • Base Score: HIGH (8.8)
          • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:2.0/RC:R/MAV:A
          CVSSv2:
          • Base Score: MEDIUM (4.3)
          • Vector: /AV:L/AC:L/Au:S/C:P/I:P/A:P

          References:

          Vulnerable Software & Versions: (show all)

          CVE-2020-25695  

          A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
          CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

          CVSSv3:
          • Base Score: HIGH (8.8)
          • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:2.8/RC:R/MAV:A
          CVSSv2:
          • Base Score: MEDIUM (6.5)
          • Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P

          References:

          Vulnerable Software & Versions: (show all)

          CVE-2016-5423  

          PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 allow remote authenticated users to cause a denial of service (NULL pointer dereference and server crash), obtain sensitive memory information, or possibly execute arbitrary code via (1) a CASE expression within the test value subexpression of another CASE or (2) inlining of an SQL function that implements the equality operator used for a CASE expression involving values of different types.
          CWE-476 NULL Pointer Dereference

          CVSSv3:
          • Base Score: HIGH (8.3)
          • Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H/E:2.8/RC:R/MAV:A
          CVSSv2:
          • Base Score: MEDIUM (6.5)
          • Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P

          References:

          Vulnerable Software & Versions: (show all)

          CVE-2016-7048  

          The interactive installer in PostgreSQL before 9.3.15, 9.4.x before 9.4.10, and 9.5.x before 9.5.5 might allow remote attackers to execute arbitrary code by leveraging use of HTTP to download software.
          CWE-284 Improper Access Control

          CVSSv3:
          • Base Score: HIGH (8.1)
          • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A
          CVSSv2:
          • Base Score: HIGH (9.3)
          • Vector: /AV:N/AC:M/Au:N/C:C/I:C/A:C

          References:

          Vulnerable Software & Versions: (show all)

          CVE-2020-25694  

          A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If a client application that creates additional database connections only reuses the basic connection parameters while dropping security-relevant parameters, an opportunity for a man-in-the-middle attack, or the ability to observe clear-text transmissions, could exist. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
          CWE-327 Use of a Broken or Risky Cryptographic Algorithm

          CVSSv3:
          • Base Score: HIGH (8.1)
          • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A
          CVSSv2:
          • Base Score: MEDIUM (6.8)
          • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

          References:

          Vulnerable Software & Versions: (show all)

          CVE-2021-23214  

          When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption.
          CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

          CVSSv3:
          • Base Score: HIGH (8.1)
          • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A
          CVSSv2:
          • Base Score: MEDIUM (5.1)
          • Vector: /AV:N/AC:H/Au:N/C:P/I:P/A:P

          References:

          Vulnerable Software & Versions: (show all)

          CVE-2019-10128  

          A vulnerability was found in postgresql versions 11.x prior to 11.3. The Windows installer for EnterpriseDB-supplied PostgreSQL does not lock down the ACL of the binary installation directory or the ACL of the data directory; it keeps the inherited ACL. In the default configuration, this allows a local attacker to read arbitrary data directory files, essentially bypassing database-imposed read access limitations. In plausible non-default configurations, an attacker having both an unprivileged Windows account and an unprivileged PostgreSQL account can cause the PostgreSQL service account to execute arbitrary code.
          CWE-284 Improper Access Control

          CVSSv3:
          • Base Score: HIGH (7.8)
          • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:1.8/RC:R/MAV:A
          CVSSv2:
          • Base Score: MEDIUM (4.1)
          • Vector: /AV:L/AC:M/Au:S/C:P/I:P/A:P

          References:

          Vulnerable Software & Versions: (show all)

          CVE-2015-3167  

          contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 uses different error responses when an incorrect key is used, which makes it easier for attackers to obtain the key via a brute force attack.
          CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

          CVSSv3:
          • Base Score: HIGH (7.5)
          • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A
          CVSSv2:
          • Base Score: MEDIUM (5.0)
          • Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N

          References:

          Vulnerable Software & Versions: (show all)

          CVE-2016-0768  

          PostgreSQL PL/Java after 9.0 does not honor access controls on large objects.
          CWE-284 Improper Access Control

          CVSSv3:
          • Base Score: HIGH (7.5)
          • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A
          CVSSv2:
          • Base Score: MEDIUM (5.0)
          • Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N

          References:

          Vulnerable Software & Versions:

          CVE-2016-0773  

          PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 allows remote attackers to cause a denial of service (infinite loop or buffer overflow and crash) via a large Unicode character range in a regular expression.
          CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

          CVSSv3:
          • Base Score: HIGH (7.5)
          • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A
          CVSSv2:
          • Base Score: MEDIUM (5.0)
          • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

          References:

          Vulnerable Software & Versions: (show all)

          CVE-2017-7484  

          It was found that some selectivity estimation functions in PostgreSQL before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3 did not check user privileges before providing information from pg_statistic, possibly leaking information. An unprivileged attacker could use this flaw to steal some information from tables they are otherwise not allowed to access.
          CWE-285 Improper Authorization, CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

          CVSSv3:
          • Base Score: HIGH (7.5)
          • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A
          CVSSv2:
          • Base Score: MEDIUM (5.0)
          • Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N

          References:

          Vulnerable Software & Versions: (show all)

          CVE-2016-5424  

          PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 might allow remote authenticated users with the CREATEDB or CREATEROLE role to gain superuser privileges via a (1) " (double quote), (2) \ (backslash), (3) carriage return, or (4) newline character in a (a) database or (b) role name that is mishandled during an administrative operation.
          CWE-94 Improper Control of Generation of Code ('Code Injection')

          CVSSv3:
          • Base Score: HIGH (7.1)
          • Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:1.2/RC:R/MAV:A
          CVSSv2:
          • Base Score: MEDIUM (4.6)
          • Vector: /AV:N/AC:H/Au:S/C:P/I:P/A:P

          References:

          Vulnerable Software & Versions: (show all)

          CVE-2017-14798  

          A race condition in the postgresql init script could be used by attackers able to access the postgresql account to escalate their privileges to root.
          CWE-61 UNIX Symbolic Link (Symlink) Following, CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

          CVSSv3:
          • Base Score: HIGH (7.0)
          • Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:1.0/RC:R/MAV:A
          CVSSv2:
          • Base Score: MEDIUM (6.9)
          • Vector: /AV:L/AC:M/Au:N/C:C/I:C/A:C

          References:

            Vulnerable Software & Versions:

            CVE-2019-10210  

            Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via superuser writing password to unprotected temporary file.
            CWE-522 Insufficiently Protected Credentials

            CVSSv3:
            • Base Score: HIGH (7.0)
            • Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:1.0/RC:R/MAV:A
            CVSSv2:
            • Base Score: LOW (1.9)
            • Vector: /AV:L/AC:M/Au:N/C:P/I:N/A:N

            References:

            Vulnerable Software & Versions: (show all)

            CVE-2014-0061  

            The validator functions for the procedural languages (PLs) in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to gain privileges via a function that is (1) defined in another language or (2) not allowed to be directly called by the user due to permissions.
            CWE-264 Permissions, Privileges, and Access Controls

            CVSSv2:
            • Base Score: MEDIUM (6.5)
            • Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P

            References:

            Vulnerable Software & Versions: (show all)

            CVE-2014-0063  

            Multiple stack-based buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via vectors related to an incorrect MAXDATELEN constant and datetime values involving (1) intervals, (2) timestamps, or (3) timezones, a different vulnerability than CVE-2014-0065.
            CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

            CVSSv2:
            • Base Score: MEDIUM (6.5)
            • Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P

            References:

            Vulnerable Software & Versions: (show all)

            CVE-2014-0064  

            Multiple integer overflows in the path_in and other unspecified functions in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact and attack vectors, which trigger a buffer overflow.  NOTE: this identifier has been SPLIT due to different affected versions; use CVE-2014-2669 for the hstore vector.
            CWE-189 Numeric Errors

            CVSSv2:
            • Base Score: MEDIUM (6.5)
            • Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P

            References:

            Vulnerable Software & Versions: (show all)

            CVE-2014-0065  

            Multiple buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact and attack vectors, a different vulnerability than CVE-2014-0063.
            CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

            CVSSv2:
            • Base Score: MEDIUM (6.5)
            • Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P

            References:

            Vulnerable Software & Versions: (show all)

            CVE-2015-5288  

            The crypt function in contrib/pgcrypto in PostgreSQL before 9.0.23, 9.1.x before 9.1.19, 9.2.x before 9.2.14, 9.3.x before 9.3.10, and 9.4.x before 9.4.5 allows attackers to cause a denial of service (server crash) or read arbitrary server memory via a "too-short" salt.
            CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

            CVSSv2:
            • Base Score: MEDIUM (6.4)
            • Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:P

            References:

            Vulnerable Software & Versions: (show all)

            CVE-2007-2138  

            Untrusted search path vulnerability in PostgreSQL before 7.3.19, 7.4.x before 7.4.17, 8.0.x before 8.0.13, 8.1.x before 8.1.9, and 8.2.x before 8.2.4 allows remote authenticated users, when permitted to call a SECURITY DEFINER function, to gain the privileges of the function owner, related to "search_path settings."
            CWE-264 Permissions, Privileges, and Access Controls

            CVSSv2:
            • Base Score: MEDIUM (6.0)
            • Vector: /AV:N/AC:M/Au:S/C:P/I:P/A:P

            References:

            Vulnerable Software & Versions: (show all)

            CVE-2014-0062  

            Race condition in the (1) CREATE INDEX and (2) unspecified ALTER TABLE commands in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allows remote authenticated users to create an unauthorized index or read portions of unauthorized tables by creating or deleting a table with the same name during the timing window.
            CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

            CVSSv2:
            • Base Score: MEDIUM (4.9)
            • Vector: /AV:N/AC:M/Au:S/C:P/I:P/A:N

            References:

            Vulnerable Software & Versions: (show all)

            CVE-2014-0067  

            The "make check" command for the test suites in PostgreSQL 9.3.3 and earlier does not properly invoke initdb to specify the authentication requirements for a database cluster to be used for the tests, which allows local users to gain privileges by leveraging access to this cluster.
            CWE-264 Permissions, Privileges, and Access Controls

            CVSSv2:
            • Base Score: MEDIUM (4.6)
            • Vector: /AV:L/AC:L/Au:N/C:P/I:P/A:P

            References:

            Vulnerable Software & Versions: (show all)

            CVE-2014-8161  

            PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to obtain sensitive column values by triggering constraint violation and then reading the error message.
            CWE-209 Generation of Error Message Containing Sensitive Information

            CVSSv3:
            • Base Score: MEDIUM (4.3)
            • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:2.8/RC:R/MAV:A
            CVSSv2:
            • Base Score: MEDIUM (4.0)
            • Vector: /AV:N/AC:L/Au:S/C:P/I:N/A:N

            References:

            Vulnerable Software & Versions: (show all)

            CVE-2015-3165  

            Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service (crash) by closing an SSL session at a time when the authentication timeout will expire during the session shutdown sequence.
            NVD-CWE-Other

            CVSSv2:
            • Base Score: MEDIUM (4.3)
            • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P

            References:

            Vulnerable Software & Versions: (show all)

            CVE-2021-3393  

            An information leak was discovered in postgresql in versions before 13.2, before 12.6 and before 11.11. A user having UPDATE permission but not SELECT permission to a particular column could craft queries which, under some circumstances, might disclose values from that column in error messages. An attacker could use this flaw to obtain information stored in a column they are allowed to write but not read.
            CWE-209 Generation of Error Message Containing Sensitive Information

            CVSSv3:
            • Base Score: MEDIUM (4.3)
            • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:2.8/RC:R/MAV:A
            CVSSv2:
            • Base Score: LOW (3.5)
            • Vector: /AV:N/AC:M/Au:S/C:P/I:N/A:N

            References:

            Vulnerable Software & Versions: (show all)

            CVE-2014-0060  

            PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly enforce the ADMIN OPTION restriction, which allows remote authenticated members of a role to add or remove arbitrary users to that role by calling the SET ROLE command before the associated GRANT command.
            CWE-264 Permissions, Privileges, and Access Controls

            CVSSv2:
            • Base Score: MEDIUM (4.0)
            • Vector: /AV:N/AC:L/Au:S/C:N/I:P/A:N

            References:

            Vulnerable Software & Versions: (show all)

            CVE-2014-0066  

            The chkpass extension in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly check the return value of the crypt library function, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors.
            CWE-20 Improper Input Validation

            CVSSv2:
            • Base Score: MEDIUM (4.0)
            • Vector: /AV:N/AC:L/Au:S/C:N/I:N/A:P

            References:

            Vulnerable Software & Versions: (show all)

            CVE-2010-0733  

            Integer overflow in src/backend/executor/nodeHash.c in PostgreSQL 8.4.1 and earlier, and 8.5 through 8.5alpha2, allows remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with many LEFT JOIN clauses, related to certain hashtable size calculations.
            CWE-189 Numeric Errors

            CVSSv2:
            • Base Score: LOW (3.5)
            • Vector: /AV:N/AC:M/Au:S/C:N/I:N/A:P

            References:
            • af854a3a-2127-422b-91ae-364da2661108 - PATCH
            • secalert@redhat.com - PATCH

            Vulnerable Software & Versions: (show all)

            quarkus-devtools-base-codestarts-3.30.6.jar: gradle-wrapper.jar

            License:

            Apache-2.0
            File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/io/quarkus/quarkus-devtools-base-codestarts/3.30.6/quarkus-devtools-base-codestarts-3.30.6.jar/codestarts/quarkus/tooling/gradle-wrapper/base/gradle/wrapper/gradle-wrapper.jar
            MD5: 00fbfe071a292b2cf0bf1613035eef10
            SHA1: 9b90d32f1e62028b17ed508b43a9f7056bc0356b
            SHA256:76805e32c009c0cf0dd5d206bddc9fb22ea42e84db904b764f3047de095493f3

            Identifiers

            • None

            quarkus-hibernate-orm-deployment-3.30.6.jar: hibernate-orm-entity-types.js

            File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/io/quarkus/quarkus-hibernate-orm-deployment/3.30.6/quarkus-hibernate-orm-deployment-3.30.6.jar/dev-ui/hibernate-orm-entity-types.js
            MD5: c674265941c7833d6ef596b56ef6a45d
            SHA1: 98a40b1c5a61662828f73cf4a2ad693ebf185a7e
            SHA256:eeea3cb65fc4547c2220108360ba03e112a9f4ec59e4eb7c4d4c6aa02fb5d256

            Identifiers

            • None

            quarkus-hibernate-orm-deployment-3.30.6.jar: hibernate-orm-hql-console.js

            File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/io/quarkus/quarkus-hibernate-orm-deployment/3.30.6/quarkus-hibernate-orm-deployment-3.30.6.jar/dev-ui/hibernate-orm-hql-console.js
            MD5: 6adb88dae1cbdeb43b27f30d5c8d3442
            SHA1: 29b08f2fdc5796227a8f6df8baca41c50c14d158
            SHA256:79ada30980cbda16a6dae82d77bb77575d5af08021622a50fcf00b91b4c9fdc6

            Identifiers

            • None

            quarkus-hibernate-orm-deployment-3.30.6.jar: hibernate-orm-named-queries.js

            File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/io/quarkus/quarkus-hibernate-orm-deployment/3.30.6/quarkus-hibernate-orm-deployment-3.30.6.jar/dev-ui/hibernate-orm-named-queries.js
            MD5: 81385953d36c911ed7ac84f4e9d66b5e
            SHA1: 855037e167664eaa19955134e25562a099db6e7c
            SHA256:bf6320c27c0719524b6c41396b5848666b1f0b3fb6a3bf99130a1738f1175828

            Identifiers

            • None

            quarkus-hibernate-orm-deployment-3.30.6.jar: hibernate-orm-persistence-units.js

            File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/io/quarkus/quarkus-hibernate-orm-deployment/3.30.6/quarkus-hibernate-orm-deployment-3.30.6.jar/dev-ui/hibernate-orm-persistence-units.js
            MD5: 7f03fd2f08e1026f76f1b5d78f014cc5
            SHA1: aeedc32b1236e09ce898f603dce60d97de85d35f
            SHA256:9724a82876404afd57e6229ade31a4f2d26ce930e2d80723461160d048559980

            Identifiers

            • None

            quarkus-hibernate-validator-spi-3.30.6.jar

            Description:

            Artifact that provides BuildItems specific to Hibernate Validator

            License:

            Apache License 2.0
            File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/io/quarkus/quarkus-hibernate-validator-spi/3.30.6/quarkus-hibernate-validator-spi-3.30.6.jar
            MD5: b53d11964f0ec87c4eeeea51f06ef422
            SHA1: 68c9320571c1f332e8bc220f1ba9d5982f493bf2
            SHA256:40387b8f4eefaac785bba6bae6b9b6e331b1c6a57fa847c37a6322206ef0d2da

            Identifiers

            CVE-2025-15104  

            Nu Html Checker (validator.nu) contains a restriction bypass that allows remote attackers to make the server perform arbitrary HTTP/HTTPS requests to internal resources, including localhost services. While the validator implements hostname-based protections to block direct access to localhost and 127.0.0.1, these controls can be bypassed using DNS rebinding techniques or domains that resolve to loopback addresses.This issue affects The Nu Html Checker (vnu): latest (commit 23f090a11bab8d0d4e698f1ffc197a4fe226a9cd).
            CWE-918 Server-Side Request Forgery (SSRF)

            CVSSv4:
            • Base Score: MEDIUM (6.9)
            • Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:N/V:X/RE:X/U:X
            CVSSv3:
            • Base Score: MEDIUM (5.3)
            • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:3.9/RC:R/MAV:A

            References:

            Vulnerable Software & Versions:

            CVE-2023-1932  

            A flaw was found in hibernate-validator's 'isValid' method in the org.hibernate.validator.internal.constraintvalidators.hv.SafeHtmlValidator class, which can be bypassed by omitting the tag ending in a less-than character. Browsers may render an invalid html, allowing HTML injection or Cross-Site-Scripting (XSS) attacks.
            CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

            CVSSv3:
            • Base Score: MEDIUM (6.1)
            • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

            References:

            Vulnerable Software & Versions: (show all)

            quarkus-junit4-mock-3.30.6.jar

            Description:

            Module with some empty JUnit4 classes to allow Testcontainers
    to run without needing to include JUnit4 on the class path

            License:

            Apache License 2.0
            File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/io/quarkus/quarkus-junit4-mock/3.30.6/quarkus-junit4-mock-3.30.6.jar
            MD5: b6428a75121d27b4cfe14f6f9edaef2c
            SHA1: 370ddbbc9c892c4f29b2f5a4b526f5a60c936530
            SHA256:ad32fc7eda137ec070a0aee7937ae2758ef6978aef664346af2baf5a44ca9158

            Identifiers

            quarkus-liquibase-deployment-3.30.6.jar: qwc-liquibase-datasources.js

            File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/io/quarkus/quarkus-liquibase-deployment/3.30.6/quarkus-liquibase-deployment-3.30.6.jar/dev-ui/qwc-liquibase-datasources.js
            MD5: 3754b824efb276eda9a4a068480f3c0b
            SHA1: dffce7d45456d475d3d56052e962be8cbc061124
            SHA256:6f32ffd4167c445b2f6a710f91fdbe3f729aa90e1c406a47a70b9a769887ced2

            Identifiers

            • None

            quarkus-maven-plugin-3.30.6.jar: jansi.dll

            File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/io/quarkus/quarkus-maven-plugin/3.30.6/quarkus-maven-plugin-3.30.6.jar/org/fusesource/jansi/internal/native/Windows/x86/jansi.dll
            MD5: 0e396db1f1371448be55ad0b1542dc0b
            SHA1: 492bd09333e536e51d17caffcf6b7b56c4afcdbf
            SHA256:1d6314da4b3a7a5e9dded6b0cc1b83f15f8f603897ae00cfe98ef171285620f3

            Identifiers

            • None

            quarkus-maven-plugin-3.30.6.jar: jansi.dll

            File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/io/quarkus/quarkus-maven-plugin/3.30.6/quarkus-maven-plugin-3.30.6.jar/org/fusesource/jansi/internal/native/Windows/x86_64/jansi.dll
            MD5: a7a3efd305c910cd0850f24f17acec86
            SHA1: 6303f154edeaa18a7aeb3997e9ef3634e5ee1171
            SHA256:d23fc9293b68781d43314403048d6dc655fa4620b6b4db3dcd345c52c332a2f4

            Identifiers

            • None

            quarkus-messaging-deployment-3.30.6.jar: qwc-smallrye-reactive-messaging-channels.js

            File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/io/quarkus/quarkus-messaging-deployment/3.30.6/quarkus-messaging-deployment-3.30.6.jar/dev-ui/qwc-smallrye-reactive-messaging-channels.js
            MD5: e338726277b448c2a7ac2dc63eed6266
            SHA1: 2bf15556ef5f10207609e92d5a21352ccd4713bb
            SHA256:6780b8b0013e2cc55d309751cf56378374578044e1a2b64045f4cde896934a75

            Identifiers

            • None

            quarkus-messaging-rabbitmq-deployment-3.30.6.jar: qwc-rabbitmq-card.js

            File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/io/quarkus/quarkus-messaging-rabbitmq-deployment/3.30.6/quarkus-messaging-rabbitmq-deployment-3.30.6.jar/dev-ui/qwc-rabbitmq-card.js
            MD5: fba02c564e9c3c0cd5e61dc55ea49ef6
            SHA1: a1d9c645ff93333ad901322955825a4f2b3f8323
            SHA256:07832c137d3a96d1618f94e2075b571ca21659d129158d73710ce269e8001651

            Identifiers

            • None

            quarkus-oidc-deployment-3.30.6.jar: qwc-oidc-provider.js

            File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/io/quarkus/quarkus-oidc-deployment/3.30.6/quarkus-oidc-deployment-3.30.6.jar/dev-ui/qwc-oidc-provider.js
            MD5: 7099f8f0577bbf8c136e2f47dcf0f6e1
            SHA1: dfa4c7ab0677faa55d9660ad11d95f5dba1a1493
            SHA256:12917bca94abf97e5bf3e0972e3ccdd3101da393de31542fee11b524b1f08acc

            Identifiers

            • None

            quarkus-project-core-extension-codestarts-3.30.6.jar: gradle-wrapper.jar

            File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/io/quarkus/quarkus-project-core-extension-codestarts/3.30.6/quarkus-project-core-extension-codestarts-3.30.6.jar/codestarts/quarkus/tooling/gradle-wrapper/base/gradle/wrapper/gradle-wrapper.jar
            MD5: 365e8981fbb8626c5235f955b3b92f0f
            SHA1: 44f8eda0fb915aa0ab56996d808baafa6d3f107a
            SHA256:ed2c26eba7cfb93cc2b7785d05e534f07b5b48b5e7fc941921cd098628abca58

            Identifiers

            • None

            quarkus-rest-deployment-3.30.6.jar: qwc-resteasy-reactive-card.js

            File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/io/quarkus/quarkus-rest-deployment/3.30.6/quarkus-rest-deployment-3.30.6.jar/dev-ui/qwc-resteasy-reactive-card.js
            MD5: be27014ecb3622cb42d1daae868c1948
            SHA1: f0d1746bb205c24ade7664035aa4b8ec8958e883
            SHA256:ee7f2f1d99e5b6b604c056bd28900ae02a8e948035dc97c5196f2ecd81d38e45

            Identifiers

            • None

            quarkus-rest-deployment-3.30.6.jar: qwc-resteasy-reactive-endpoint-scores.js

            File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/io/quarkus/quarkus-rest-deployment/3.30.6/quarkus-rest-deployment-3.30.6.jar/dev-ui/qwc-resteasy-reactive-endpoint-scores.js
            MD5: 171671fe81691f337249d38c506bb199
            SHA1: 68d590b02e11b7f1073d7bc18ceb208c2da4bf91
            SHA256:9df44d006f19b996682afba09cb59e74941e78a62aef5e950f0fdd998db1ad09

            Identifiers

            • None

            quarkus-rest-deployment-3.30.6.jar: qwc-resteasy-reactive-endpoints.js

            File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/io/quarkus/quarkus-rest-deployment/3.30.6/quarkus-rest-deployment-3.30.6.jar/dev-ui/qwc-resteasy-reactive-endpoints.js
            MD5: 9b53d1d657b4b5eecc50bcdbfe36b0a8
            SHA1: 811d633f6a27ca106f7b7a7fb988ae6b28a38ab6
            SHA256:977fcb123eb2023136565d5466b0cd01ed8d8e912e31ddc52ad9494e6bd029f3

            Identifiers

            • None

            quarkus-rest-deployment-3.30.6.jar: qwc-resteasy-reactive-exception-mappers.js

            File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/io/quarkus/quarkus-rest-deployment/3.30.6/quarkus-rest-deployment-3.30.6.jar/dev-ui/qwc-resteasy-reactive-exception-mappers.js
            MD5: 6c8215b3931c2ec3e35098e7e6b1e1be
            SHA1: 8c22904f74f1c0655ed0157ec9c3e917205f6711
            SHA256:8925c6a983513819194c532bc07aed722dc1946f178047c7e07f2c5ce603da71

            Identifiers

            • None

            quarkus-rest-deployment-3.30.6.jar: qwc-resteasy-reactive-parameter-converter-providers.js

            File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/io/quarkus/quarkus-rest-deployment/3.30.6/quarkus-rest-deployment-3.30.6.jar/dev-ui/qwc-resteasy-reactive-parameter-converter-providers.js
            MD5: 85525a2623ef16c4d0cfccc94bdfdadd
            SHA1: fce705af9afc128663999e755c9acc4bfb98d56d
            SHA256:d04e54fd74661f35da230eb166c76c9637a20d902a74378bd5f5c183d0901698

            Identifiers

            • None

            quarkus-rest-server-spi-deployment-3.30.6.jar

            License:

            Apache License 2.0
            File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/io/quarkus/quarkus-rest-server-spi-deployment/3.30.6/quarkus-rest-server-spi-deployment-3.30.6.jar
            MD5: 735631729b4bd3e7fccd86c7a2690717
            SHA1: 3b00c1f6bb795d6119880fd2df45461d9c24c603
            SHA256:ea48e3af7d33110f279258ca51417f953155f7b2d2b3bc770f166239852b0846

            Identifiers

            quarkus-run.jar

            File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/quarkus-run.jar
            MD5: cd8b534ef7528656a9fe51deb0150604
            SHA1: 30e1deb64d2dc1636b6ebac1c9c7ff069034f4db
            SHA256:283f4770b2f9d5c8cac08d8827145eda1372204ba87dcd86d84806a95f100066

            Identifiers

            CVE-2023-6267  

            A flaw was found in the json payload. If annotation based security is used to secure a REST resource, the JSON body that the resource may consume is being processed (deserialized) prior to the security constraints being evaluated and applied. This does not happen with configuration based security.
            CWE-755 Improper Handling of Exceptional Conditions

            CVSSv3:
            • Base Score: CRITICAL (9.8)
            • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A

            References:

            Vulnerable Software & Versions: (show all)

            CVE-2023-6394  

            A flaw was found in Quarkus. This issue occurs when receiving a request over websocket with no role-based permission specified on the GraphQL operation, Quarkus processes the request without authentication despite the endpoint being secured. This can allow an attacker to access information and functionality outside of normal granted API permissions.
            CWE-862 Missing Authorization

            CVSSv3:
            • Base Score: CRITICAL (9.1)
            • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:3.9/RC:R/MAV:A

            References:

            Vulnerable Software & Versions: (show all)

            CVE-2024-12225  

            A vulnerability was found in Quarkus in the quarkus-security-webauthn module. The Quarkus WebAuthn module publishes default REST endpoints for registering and logging users in while allowing developers to provide custom REST endpoints. When developers provide custom REST endpoints, the default endpoints remain accessible, potentially allowing attackers to obtain a login cookie that has no corresponding user in the Quarkus application or, depending on how the application is written, could correspond to an existing user that has no relation with the current attacker, allowing anyone to log in as an existing user by just knowing that user's user name.
            CWE-288 Authentication Bypass Using an Alternate Path or Channel

            CVSSv3:
            • Base Score: CRITICAL (9.1)
            • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:3.9/RC:R/MAV:A

            References:

            Vulnerable Software & Versions:

            CVE-2023-5720  

            A flaw was found in Quarkus, where it does not properly sanitize artifacts created using the Gradle plugin, allowing certain build system information to remain. This flaw allows an attacker to access potentially sensitive information from the build system within the application.
            CWE-526 Cleartext Storage of Sensitive Information in an Environment Variable, NVD-CWE-noinfo

            CVSSv3:
            • Base Score: HIGH (7.5)
            • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A

            References:

            Vulnerable Software & Versions: (show all)

            quarkus-run.jar

            File Path: /builds/pub/numeco/misis/misis-backend/webapp/target/quarkus-app/quarkus-run.jar
            MD5: 4e2e79b68507f84660df774bd54bebc2
            SHA1: 5aa87b2bf929b975b4d25e69b3a47172ecf8b9d9
            SHA256:f98b0f96514c55422e5814defdf939ef39fae1930f6b0504c157a67a0c2de3ec

            Identifiers

            CVE-2023-6267  

            A flaw was found in the json payload. If annotation based security is used to secure a REST resource, the JSON body that the resource may consume is being processed (deserialized) prior to the security constraints being evaluated and applied. This does not happen with configuration based security.
            CWE-755 Improper Handling of Exceptional Conditions

            CVSSv3:
            • Base Score: CRITICAL (9.8)
            • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A

            References:

            Vulnerable Software & Versions: (show all)

            CVE-2023-6394  

            A flaw was found in Quarkus. This issue occurs when receiving a request over websocket with no role-based permission specified on the GraphQL operation, Quarkus processes the request without authentication despite the endpoint being secured. This can allow an attacker to access information and functionality outside of normal granted API permissions.
            CWE-862 Missing Authorization

            CVSSv3:
            • Base Score: CRITICAL (9.1)
            • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:3.9/RC:R/MAV:A

            References:

            Vulnerable Software & Versions: (show all)

            CVE-2024-12225  

            A vulnerability was found in Quarkus in the quarkus-security-webauthn module. The Quarkus WebAuthn module publishes default REST endpoints for registering and logging users in while allowing developers to provide custom REST endpoints. When developers provide custom REST endpoints, the default endpoints remain accessible, potentially allowing attackers to obtain a login cookie that has no corresponding user in the Quarkus application or, depending on how the application is written, could correspond to an existing user that has no relation with the current attacker, allowing anyone to log in as an existing user by just knowing that user's user name.
            CWE-288 Authentication Bypass Using an Alternate Path or Channel

            CVSSv3:
            • Base Score: CRITICAL (9.1)
            • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:3.9/RC:R/MAV:A

            References:

            Vulnerable Software & Versions:

            CVE-2023-5720  

            A flaw was found in Quarkus, where it does not properly sanitize artifacts created using the Gradle plugin, allowing certain build system information to remain. This flaw allows an attacker to access potentially sensitive information from the build system within the application.
            CWE-526 Cleartext Storage of Sensitive Information in an Environment Variable, NVD-CWE-noinfo

            CVSSv3:
            • Base Score: HIGH (7.5)
            • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A

            References:

            Vulnerable Software & Versions: (show all)

            quarkus-scheduler-deployment-3.30.6.jar: qwc-scheduler-cron-builder.js

            File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/io/quarkus/quarkus-scheduler-deployment/3.30.6/quarkus-scheduler-deployment-3.30.6.jar/dev-ui/qwc-scheduler-cron-builder.js
            MD5: 8f320e5fd8f351fbec644d6d2a6333f6
            SHA1: 0ba5bc860d85a5bebad6b8df7131f12e3a7ac951
            SHA256:97fa3551f1a4896750cebaeb83d4821481c66dbb75e10d6c05a6e4a2e2a24ea4

            Identifiers

            • None

            quarkus-scheduler-deployment-3.30.6.jar: qwc-scheduler-log.js

            File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/io/quarkus/quarkus-scheduler-deployment/3.30.6/quarkus-scheduler-deployment-3.30.6.jar/dev-ui/qwc-scheduler-log.js
            MD5: 819efae663c24becafd7a422b5bec138
            SHA1: cbe71cba92a5b7535b75683c846d13760d814faf
            SHA256:911527b1fb8128ce7cc40dba4d2df46257e191afa3d14411b6e0b3d028bde53e

            Identifiers

            • None

            quarkus-scheduler-deployment-3.30.6.jar: qwc-scheduler-scheduled-methods.js

            File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/io/quarkus/quarkus-scheduler-deployment/3.30.6/quarkus-scheduler-deployment-3.30.6.jar/dev-ui/qwc-scheduler-scheduled-methods.js
            MD5: f363398be0a2dc04d3e7c7c7d7dcb188
            SHA1: 7265596765caddd3096a864fe32b581a67107eaf
            SHA256:78af2e055453419236c261627a7f1679c5a6cb90c41a8590e943b33c9b84c118

            Identifiers

            • None

            quarkus-smallrye-openapi-deployment-3.30.6.jar: qwc-openapi-generate-client.js

            File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/io/quarkus/quarkus-smallrye-openapi-deployment/3.30.6/quarkus-smallrye-openapi-deployment-3.30.6.jar/dev-ui/qwc-openapi-generate-client.js
            MD5: 4b0993bb23e67be49ee65fdd13739539
            SHA1: 1472b3eabfa84a7ef3713c17828f20c142f6d182
            SHA256:2cfb3722cd98badb52742561f49027976f2f7a019b34ad9b75b5aa753bac4f32

            Identifiers

            • None

            quarkus-spring-data-commons-api-3.5.jar

            File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/io/quarkus/quarkus-spring-data-commons-api/3.5/quarkus-spring-data-commons-api-3.5.jar
            MD5: 7b54fabbc37472f92053d03bb7908023
            SHA1: f1e658fbf96440c30f8a7ed2c954b52e768a8e48
            SHA256:21352eabee9afa085e744addd4b3bb51a7acca29f788be5826b7264543d99bb7

            Identifiers

            • pkg:maven/io.quarkus/quarkus-spring-data-commons-api@3.5  (Confidence:High)

            qute-core-3.30.6.jar

            License:

            Apache License 2.0
            File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/io/quarkus/qute/qute-core/3.30.6/qute-core-3.30.6.jar
            MD5: a92b83b5973b51cf7b5ba3fb5f0a5a6f
            SHA1: 1efb67a8de00e23d9bc1f1faf8d96a1d28310988
            SHA256:20c774b2f6d7ecbff0fea85cfd7c01cd58d4bdd4a21f2bd12c6ab450e0e514c9

            Identifiers

            rabbitmq-1.21.3.jar

            Description:

            Isolated container management for Java code testing

            License:

            MIT: http://opensource.org/licenses/MIT
            File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/testcontainers/rabbitmq/1.21.3/rabbitmq-1.21.3.jar
            MD5: b41c1072cd2fb496934c725e2ec1c40c
            SHA1: 5c30d10d1ac5aa662d5c1661182de4b2e53f6938
            SHA256:908038097e5eab14a01e918bcbbcf2c5727eff127f5dcaeb815b744b179524f7

            Identifiers

            • pkg:maven/org.testcontainers/rabbitmq@1.21.3  (Confidence:High)

            range.module.js

            File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/component/range/range.module.js
            MD5: 06a963f69dc19e1df8e41d4e1ce9a1bb
            SHA1: c1abb82bcd6d2d7c12819ed6f6799ef641e2135d
            SHA256:66c9b81aba6c09a4f1c05241cf25a60101c64b4c3960165717ebf79d617441d7

            Identifiers

            • None

            range.module.min.js

            File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/component/range/range.module.min.js
            MD5: 31d652e61402f83f15cee6d7a7e1d09d
            SHA1: afc730d5f0bb36d8063d01d5e2ff109c53765ffb
            SHA256:39b89f5b9e859db8a52d5a2bccfa40b5082cb0bd35e966bbb2c8dc3a4edffff7

            Identifiers

            • None

            range.nomodule.js

            File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/component/range/range.nomodule.js
            MD5: acb9f1bf80b671c54041af1e89483255
            SHA1: e07821e841c6bafefbcc79efaf24fdefe8717916
            SHA256:a5249b4cef59476c962aa7ac119219653f22adf646d0e3bd8bddae227d160e65

            Identifiers

            • None

            range.nomodule.min.js

            File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/component/range/range.nomodule.min.js
            MD5: 211028515b1929749e3551728f35357d
            SHA1: dad11393a14abf7bd7c41316625b9ca9d454d412
            SHA256:a835e5c38ae33a5dc329cad03b0f13b8d0f45ab1f662e674f45f82a0f15d673a

            Identifiers

            • None

            readline-2.6.jar (shaded: org.aesh:terminal-api:2.6)

            Description:

            Æsh (Another Extendable SHell) Terminal API

            License:

            Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0
            File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/aesh/readline/2.6/readline-2.6.jar/META-INF/maven/org.aesh/terminal-api/pom.xml
            MD5: ae31cd7c7a4467d7e7abaa952ffe745b
            SHA1: 441dcb2fd4ce3735cdab0c864bbc906592eb9fdb
            SHA256:a4a1b3fd10568ec0f64574130d7fc105c67a4f7eb59eb2e53f0d91d3b9871a4e

            Identifiers

            • pkg:maven/org.aesh/terminal-api@2.6  (Confidence:High)

            readline-2.6.jar

            Description:

            Æsh (Another Extendable SHell) Readline API

            License:

            Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0
            File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/aesh/readline/2.6/readline-2.6.jar
            MD5: 8990317539a9100bad19fc89f1c7c44e
            SHA1: c34fc8145017c4dd5967dc4053d5b100631e6f3c
            SHA256:601eb6cbc77a8b07b8014ba89cf3fbdda20fcdb96493e57466d3753fa26accde

            Identifiers

            • pkg:maven/org.aesh/readline@2.6  (Confidence:High)

            rest-assured-5.5.6.jar

            Description:

            Java DSL for easy testing of REST services

            License:

            https://www.apache.org/licenses/LICENSE-2.0.html
            File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/io/rest-assured/rest-assured/5.5.6/rest-assured-5.5.6.jar
            MD5: d2e14d4382e9c6b8861819f609499a68
            SHA1: a1253f89315e8141ee9b8432b4f3b7ba8a83f98a
            SHA256:52a7014328070bbeb47457b4c1f79f63812191d37a28d4d7f5ee43fab724e5d1

            Identifiers

            • pkg:maven/io.rest-assured/rest-assured@5.5.6  (Confidence:High)

            rest-assured-common-5.5.6.jar

            Description:

            Java DSL for easy testing of REST services

            License:

            https://www.apache.org/licenses/LICENSE-2.0.html
            File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/io/rest-assured/rest-assured-common/5.5.6/rest-assured-common-5.5.6.jar
            MD5: 15e5f530e9af2278210900181a602921
            SHA1: 4f83b9a3e71e8f0ffeeeff60f91825e8d70ff260
            SHA256:bfd0e0fd61e86be103772a03b045462439ea38e9ac5693ceefbe90c708902339

            Identifiers

            • pkg:maven/io.rest-assured/rest-assured-common@5.5.6  (Confidence:High)

            resteasy-reactive-3.30.6.jar

            License:

            Apache License 2.0
            File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/io/quarkus/resteasy/reactive/resteasy-reactive/3.30.6/resteasy-reactive-3.30.6.jar
            MD5: b0217afb288013ee87189f629dbf6344
            SHA1: 48a7823bd6dde32e74284f4b23ce12e40c8991f5
            SHA256:3ba5933379500e491b75c8340dc98502505ce13ea2c8f7576bfe4978e66b5a84

            Identifiers

            scheme.module.js

            File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/scheme/scheme.module.js
            MD5: 3792021f092fd56512ab5e0c9666783b
            SHA1: 266c2da21106d88b462e1009cceb64dd7b78ba62
            SHA256:ccd756f0b4322fc323e623e4ae31dfda0bc8438f8cd707c97473e6d36d51bd72

            Identifiers

            • None

            scheme.module.min.js

            File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/scheme/scheme.module.min.js
            MD5: 152163209e711018e41e9b3b128fc427
            SHA1: ce8fce321012271c2942444dd0914499dc8d1d8e
            SHA256:831a7ebfc8f1d5d36d835215fb1e9043996e9f71d3b9664dabfd98d94d4d491b

            Identifiers

            • None

            segmented.module.js

            File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/component/segmented/segmented.module.js
            MD5: 6a47dff31322aee98a6d8e07b6baa0f4
            SHA1: 952765ecf9cfce81bad0edd8b546fff9a8c0864e
            SHA256:c8a1c9514a409a821a81a73ae0cba4a8c997db966c2dba55daff3ccb42f518ec

            Identifiers

            • None

            segmented.module.min.js

            File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/component/segmented/segmented.module.min.js
            MD5: a515a7cd2f9dc9c23282a7bd13258f47
            SHA1: d0ecff5a6eb0bc809413fd790af968d02288fbf8
            SHA256:ea2a4c26c76c959d1768ff4bc519d0a871572e1563fd3e6604e73b65693261f6

            Identifiers

            • None

            segmented.nomodule.js

            File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/component/segmented/segmented.nomodule.js
            MD5: e03df7eb9b82eadd2de0fe30a5d18e55
            SHA1: 8d972c5f8e12b7b5a076974d41b903a31f63c48b
            SHA256:f2f59846707d63029dc0507320e4896aff770cbb78945267794ed989e566f437

            Identifiers

            • None

            segmented.nomodule.min.js

            File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/component/segmented/segmented.nomodule.min.js
            MD5: d0166d2fcfabc290980e5ceecca47563
            SHA1: 0e316f31de585adec55a8a414f764ccf98cadbe7
            SHA256:6752e6e11f19c8420520fe2a2ccb735fc1f6fd8330f1f28b5b38a556a6d46dcb

            Identifiers

            • None

            selenium-support-4.35.0.jar

            Description:

            Selenium automates browsers. That's it! What you do with that power is entirely up to you.

            License:

            The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
            File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/seleniumhq/selenium/selenium-support/4.35.0/selenium-support-4.35.0.jar
            MD5: 0f7c599cd1d00263935e604610820bb4
            SHA1: ea8078e129aabd5b10cb4588fe4a5c8a3f22f959
            SHA256:5bc0a5732f901f7bb97fc94266a546d537297e403ca12234c1e2cdfd3d0327e7

            Identifiers

            sidemenu.module.js

            File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/component/sidemenu/sidemenu.module.js
            MD5: c7b6abc1915c39bbc77b6efe1fdc8dd3
            SHA1: 4018f2e8c12a39f3a49649c94ce5fd2926f936c8
            SHA256:96ab2e8ef4d15030ea33bf19c478bddb0a2a5e4c15561dbd77a180577cfa6b34

            Identifiers

            • None

            sidemenu.module.min.js

            File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/component/sidemenu/sidemenu.module.min.js
            MD5: 0576f86bb1d6f3351ef66b25b397c74f
            SHA1: 85afb3a0083de2abe7bea5d05a90545d6e5e5f20
            SHA256:d45091d75258bfb89e9f3379dc16fecd5445d98e0aa5f99fd0f2dbebd11aec3a

            Identifiers

            • None

            sidemenu.nomodule.js

            File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/component/sidemenu/sidemenu.nomodule.js
            MD5: c32fb2fda483ccd204a6a83a5d1b428c
            SHA1: 2e08fc2fa05e44897b53054bbc0206083bf3289a
            SHA256:758e13e257cd4ded69c00c4f2fd04f34fdcb9588737b08708c445ffc5d845d41

            Identifiers

            • None

            sidemenu.nomodule.min.js

            File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/component/sidemenu/sidemenu.nomodule.min.js
            MD5: 572d7b88a1eea76f52056a62d6b2792b
            SHA1: 8eb0d76a69e3b78e24eeb0bffea6f14960d61225
            SHA256:912d25138e9523b749f0ac6e6d382c8435ccf0d7453691092184cde2af64fbd4

            Identifiers

            • None

            slf4j-api-1.7.36.jar

            Description:

            The slf4j API

            File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/slf4j/slf4j-api/1.7.36/slf4j-api-1.7.36.jar
            MD5: 872da51f5de7f3923da4de871d57fd85
            SHA1: 6c62681a2f655b49963a5983b8b0950a6120ae14
            SHA256:d3ef575e3e4979678dc01bf1dcce51021493b4d11fb7f1be8ad982877c16a1c0

            Identifiers

            • pkg:maven/org.slf4j/slf4j-api@1.7.36  (Confidence:High)

            smallrye-beanbag-1.5.3.jar

            Description:

            A trivial programmatic bean container implementation

            File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/io/smallrye/beanbag/smallrye-beanbag/1.5.3/smallrye-beanbag-1.5.3.jar
            MD5: 96bb0e7728b61a0a2076a5af7f3a92c1
            SHA1: e879a4cd6eaeb8ca82241740bdf104d343834b26
            SHA256:a98a1df267cdef1b7f305fbeacfa7d51e423fe2d02596314877196f5ce29a578

            Identifiers

            • pkg:maven/io.smallrye.beanbag/smallrye-beanbag@1.5.3  (Confidence:High)

            smallrye-beanbag-maven-1.5.3.jar

            Description:

            A supplier of Maven Resolver components using SmallRye BeanBag

            File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/io/smallrye/beanbag/smallrye-beanbag-maven/1.5.3/smallrye-beanbag-maven-1.5.3.jar
            MD5: 2c695f7788af101ad9ed9bf8dd7cd515
            SHA1: 8ccc4a1c72372508614d92abc648c4f0c28b4d70
            SHA256:8cc96b5a16bd7d99d8a933b74626d2abe71b0b629ace250f6e95201bdb9a80c5

            Identifiers

            • pkg:maven/io.smallrye.beanbag/smallrye-beanbag-maven@1.5.3  (Confidence:High)

            smallrye-beanbag-sisu-1.5.3.jar

            Description:

            Basic integration for SmallRye BeanBag and Eclipse SISU

            File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/io/smallrye/beanbag/smallrye-beanbag-sisu/1.5.3/smallrye-beanbag-sisu-1.5.3.jar
            MD5: 12afb6f156040d5a0a1cd0c9a60d9022
            SHA1: 62a4255474eeb74a6dfd076e89945a6b390f6e83
            SHA256:5b709a4e0e62ce613550f3c9edaf7b2663fa797d5312eda7491f6837cd2fefad

            Identifiers

            • pkg:maven/io.smallrye.beanbag/smallrye-beanbag-sisu@1.5.3  (Confidence:High)

            smallrye-common-process-2.14.0.jar

            Description:

            Process management utilities

            File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/io/smallrye/common/smallrye-common-process/2.14.0/smallrye-common-process-2.14.0.jar
            MD5: 941fd7bbf66eded39f4f2fbc678e885f
            SHA1: d9fcf609a78492d5d38fa88072426195eb7b3177
            SHA256:b4a82442371f9bce3ccbf4966718887d4b4552044801c7465bf3e95d56084564

            Identifiers

            • pkg:maven/io.smallrye.common/smallrye-common-process@2.14.0  (Confidence:High)

            smallrye-common-resource-2.14.0.jar

            File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/io/smallrye/common/smallrye-common-resource/2.14.0/smallrye-common-resource-2.14.0.jar
            MD5: bce024036ead6b1e683c2621869bfdb5
            SHA1: 291a0047e35e6a33e51919cfcdd1f32872d27ebd
            SHA256:57a4d2caec4de965dfee67a1a349acce76ad74832ce865f740d742e630eda49a

            Identifiers

            • pkg:maven/io.smallrye.common/smallrye-common-resource@2.14.0  (Confidence:High)

            smallrye-common-version-2.14.0.jar

            File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/io/smallrye/common/smallrye-common-version/2.14.0/smallrye-common-version-2.14.0.jar
            MD5: 89aac81104302d6cd51d11cc830a9d0b
            SHA1: 9aa30faed3423c83c290b70e60ac619ba0942985
            SHA256:a7d4765982c00d5e247d5019844e0971cd7a23195a8defe29639d13e5a0e7731

            Identifiers

            • pkg:maven/io.smallrye.common/smallrye-common-version@2.14.0  (Confidence:High)

            smallrye-mutiny-vertx-auth-common-3.21.3.jar

            File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/io/smallrye/reactive/smallrye-mutiny-vertx-auth-common/3.21.3/smallrye-mutiny-vertx-auth-common-3.21.3.jar
            MD5: 3a314ccfc2fc5249098b72c899d0ba38
            SHA1: a8ff5660a3af96f20ba6d40b3a6456c002320612
            SHA256:cdfc220728c203f111c8897802a9844cff70796ad5269fc8009bf4177d65103f

            Identifiers

            • pkg:maven/io.smallrye.reactive/smallrye-mutiny-vertx-auth-common@3.21.3  (Confidence:High)

            smallrye-mutiny-vertx-bridge-common-3.21.3.jar

            File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/io/smallrye/reactive/smallrye-mutiny-vertx-bridge-common/3.21.3/smallrye-mutiny-vertx-bridge-common-3.21.3.jar
            MD5: 4ea9045872070a9b835004b4bd157808
            SHA1: 94a81c66ebe187a9bbac43361f8f843bbbfecaf1
            SHA256:7be0b77f9f8dc0c298796db8de7a25859c77c64e948c3a31f702fcaf234d9ec2

            Identifiers

            • pkg:maven/io.smallrye.reactive/smallrye-mutiny-vertx-bridge-common@3.21.3  (Confidence:High)

            smallrye-mutiny-vertx-rabbitmq-client-3.21.3.jar

            File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/io/smallrye/reactive/smallrye-mutiny-vertx-rabbitmq-client/3.21.3/smallrye-mutiny-vertx-rabbitmq-client-3.21.3.jar
            MD5: 7d2bf2eaa4bb08877a1e76b8595607cb
            SHA1: 0c43a3e6a567abf6d87887593c7bb32d94c6d792
            SHA256:5e2005164b8e1c9e3cb6ee4de432eb6c58ceb3f8ab98fefa1432d3852c2bf00a

            Identifiers

            • pkg:maven/io.smallrye.reactive/smallrye-mutiny-vertx-rabbitmq-client@3.21.3  (Confidence:High)

            smallrye-mutiny-vertx-runtime-3.21.3.jar

            File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/io/smallrye/reactive/smallrye-mutiny-vertx-runtime/3.21.3/smallrye-mutiny-vertx-runtime-3.21.3.jar
            MD5: 3e308d0f504219aad672231bec0d1036
            SHA1: 0b4b36261641dbd4e130fb22d2ba4b3b28693689
            SHA256:047c540d6d4b9e65569048d964525f8d306d43726d6ae9427ddb0395c9b457bb

            Identifiers

            • pkg:maven/io.smallrye.reactive/smallrye-mutiny-vertx-runtime@3.21.3  (Confidence:High)

            smallrye-mutiny-vertx-uri-template-3.21.3.jar

            File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/io/smallrye/reactive/smallrye-mutiny-vertx-uri-template/3.21.3/smallrye-mutiny-vertx-uri-template-3.21.3.jar
            MD5: d301b06de44f0fccf67686dd1c642e36
            SHA1: b6669b4320339aefce224625aaeaf1ee57387158
            SHA256:847f3650e5fce6de00ca58e31665270a084ec6b283a039fe8848447e8d5a3be9

            Identifiers

            • pkg:maven/io.smallrye.reactive/smallrye-mutiny-vertx-uri-template@3.21.3  (Confidence:High)

            smallrye-mutiny-vertx-web-client-3.21.3.jar

            File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/io/smallrye/reactive/smallrye-mutiny-vertx-web-client/3.21.3/smallrye-mutiny-vertx-web-client-3.21.3.jar
            MD5: c461a025f29d76d549e1835a723df143
            SHA1: a30e2ba3dddfda43688053fe1a38e12ed28ccba8
            SHA256:705f35b208c87f50b8401cec24af04c94a5e1e8943b421071f278b8a98c0082f

            Identifiers

            • pkg:maven/io.smallrye.reactive/smallrye-mutiny-vertx-web-client@3.21.3  (Confidence:High)
            • cpe:2.3:a:xweb:xweb:3.21.3:*:*:*:*:*:*:*  (Confidence:Low)  

            smallrye-open-api-jaxrs-4.2.3.jar

            File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/io/smallrye/smallrye-open-api-jaxrs/4.2.3/smallrye-open-api-jaxrs-4.2.3.jar
            MD5: ac97c1c5a2e2dc53c462a0df00ea6fde
            SHA1: 05b05bb9f3d8aad29f1616278be9f09cf496681a
            SHA256:13ea651d3ddc2900dd4725b776f9236146d40ee67cd77b7e1b6d5d5048742aad

            Identifiers

            • pkg:maven/io.smallrye/smallrye-open-api-jaxrs@4.2.3  (Confidence:High)

            smallrye-open-api-spring-4.2.3.jar

            File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/io/smallrye/smallrye-open-api-spring/4.2.3/smallrye-open-api-spring-4.2.3.jar
            MD5: 20f257e76329def7a03e11edc3d8c093
            SHA1: 4aff6448989ba033fa736a4bab9e92fd63dceeb3
            SHA256:9d72a1e1d444cc32d062478705d01a4fa89e6370dc591f0d42e3998f5bd02c60

            Identifiers

            • pkg:maven/io.smallrye/smallrye-open-api-spring@4.2.3  (Confidence:High)

            smallrye-open-api-ui-4.2.3.jar

            File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/io/smallrye/smallrye-open-api-ui/4.2.3/smallrye-open-api-ui-4.2.3.jar
            MD5: 0f8b26cf9ba1b64b55e17b2bb7d065bc
            SHA1: 43b1f817b567e1b2242a972ee299d6d969195285
            SHA256:e0424bddf30019fac0b239db9cb6e389629deb598f0c240a108bb6a9d1d3afd8

            Identifiers

            • pkg:maven/io.smallrye/smallrye-open-api-ui@4.2.3  (Confidence:High)

            smallrye-open-api-ui-4.2.3.jar: swagger-ui-bundle.js

            File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/io/smallrye/smallrye-open-api-ui/4.2.3/smallrye-open-api-ui-4.2.3.jar/META-INF/resources/openapi-ui/swagger-ui-bundle.js
            MD5: 22865a74c584fc10cc97333b3f29095c
            SHA1: 20da294e6108a68dfd7ce1cb64ab4ca96df9421c
            SHA256:dcbaefeb09685d45fae31a52758c3028be783f49a6070cc4408618012a13d2a2

            Identifiers

            • None

            smallrye-open-api-ui-4.2.3.jar: swagger-ui-standalone-preset.js

            File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/io/smallrye/smallrye-open-api-ui/4.2.3/smallrye-open-api-ui-4.2.3.jar/META-INF/resources/openapi-ui/swagger-ui-standalone-preset.js
            MD5: c52d69e3948ac5fdffc432e95fc737a3
            SHA1: 97ad64329b79e88fea9bc861766cd5ffbc959d5c
            SHA256:8710b6d90ece7113dd467500fa14ed33b5848b68b8695ad075f8d5c6c9af3b01

            Identifiers

            • None

            smallrye-open-api-vertx-4.2.3.jar

            File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/io/smallrye/smallrye-open-api-vertx/4.2.3/smallrye-open-api-vertx-4.2.3.jar
            MD5: e2e6296593de62659fa61e113a9ce489
            SHA1: fedd612660d004d25dbea20ccba9cc604874c481
            SHA256:d706a1c45bdb25458b8290ce692c687ff091f37f98536641c4fc9d11b1751a82

            Identifiers

            • pkg:maven/io.smallrye/smallrye-open-api-vertx@4.2.3  (Confidence:High)

            snappy-0.4.jar

            Description:

            Port of Snappy to Java

            License:

            Apache License 2.0: http://www.apache.org/licenses/LICENSE-2.0.html
            File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/iq80/snappy/snappy/0.4/snappy-0.4.jar
            MD5: f0792d1dbe7f90d8b34c7c19961e0073
            SHA1: a42b2d92a89efd35bb14738000dabcac6bd07a8d
            SHA256:46a0c87d504ce9d6063e1ff6e4d20738feb49d8abf85b5071a7d18df4f11bac9

            Identifiers

            CVE-2024-36124  

            iq80 Snappy is a compression/decompression library. When uncompressing certain data, Snappy tries to read outside the bounds of the given byte arrays. Because Snappy uses the JDK class `sun.misc.Unsafe` to speed up memory access, no additional bounds checks are performed and this has similar security consequences as out-of-bounds access in C or C++, namely it can lead to non-deterministic behavior or crash the JVM. iq80 Snappy is not actively maintained anymore. As quick fix users can upgrade to version 0.5.
            CWE-125 Out-of-bounds Read

            CVSSv3:
            • Base Score: MEDIUM (5.3)
            • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:3.9/RC:R/MAV:A

            References:

            Vulnerable Software & Versions:

            sort.js

            File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/jacoco-report/jacoco-resources/sort.js
            MD5: af6dc76a8d5e0653f66eb57f2757327d
            SHA1: 03380a84c61514f773a503de39d517e1bb2d72bb
            SHA256:64407e72c5097000e41f9da4ac9a04131b8ec9479ca8987a5f5d5f2ad6383043

            Identifiers

            • None

            stax2-api-4.2.2.jar

            Description:

            Stax2 API is an extension to basic Stax 1.0 API that adds significant new functionality, such as full-featured bi-direction validation interface and high-performance Typed Access API.

            License:

            The BSD 2-Clause License: http://www.opensource.org/licenses/bsd-license.php
            File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/codehaus/woodstox/stax2-api/4.2.2/stax2-api-4.2.2.jar
            MD5: 6949cace015c0f408f0b846e3735d301
            SHA1: b0d746cadea928e5264f2ea294ea9a1bf815bbde
            SHA256:a61c48d553efad78bc01fffc4ac528bebbae64cbaec170b2a5e39cf61eb51abe

            Identifiers

            • pkg:maven/org.codehaus.woodstox/stax2-api@4.2.2  (Confidence:High)

            surefire-api-3.2.2.jar

            Description:

            API used in Surefire and Failsafe MOJO, Booter, Common and test framework providers.

            File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/apache/maven/surefire/surefire-api/3.2.2/surefire-api-3.2.2.jar
            MD5: 3cb063ebb9b66116d5b8bd3593bad059
            SHA1: 243c4e6def8efd0915ed9e3d49298507e8394529
            SHA256:cf3de8d5b3ea31b410be4957a3b2e9d0aba00ac4c321a8794d7eb5e3d548d705

            Identifiers

            • pkg:maven/org.apache.maven.surefire/surefire-api@3.2.2  (Confidence:High)

            surefire-api-3.2.3.jar

            Description:

            API used in Surefire and Failsafe MOJO, Booter, Common and test framework providers.

            File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/apache/maven/surefire/surefire-api/3.2.3/surefire-api-3.2.3.jar
            MD5: e9160f6b26fe2ba9e84bc7760217e1d7
            SHA1: 385fb784ecf415fd8c85eecaf528d752b639fc97
            SHA256:a8de90dfd4e82505776587a233bc539f2edf319582b0331cdbb3779e54b52834

            Identifiers

            • pkg:maven/org.apache.maven.surefire/surefire-api@3.2.3  (Confidence:High)

            surefire-booter-3.2.2.jar

            Description:

            API and Facilities used by forked tests running in JVM sub-process.

            File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/apache/maven/surefire/surefire-booter/3.2.2/surefire-booter-3.2.2.jar
            MD5: c10b372221f641888eedbb5aefb623b5
            SHA1: b8c37b5f5d7675ed15b512109abf4ce19005e116
            SHA256:57b6d9d56b9b48d767b87c43d3e8d673026c0181ff7cc30b96880779c5fdb74c

            Identifiers

            • pkg:maven/org.apache.maven.surefire/surefire-booter@3.2.2  (Confidence:High)

            surefire-booter-3.2.3.jar

            Description:

            API and Facilities used by forked tests running in JVM sub-process.

            File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/apache/maven/surefire/surefire-booter/3.2.3/surefire-booter-3.2.3.jar
            MD5: a01310ed0619acc78ddf54d926bab1ed
            SHA1: 148fb18fe910ab3e69fbb7cb507d48f5dd970f3b
            SHA256:8e17fb7515a968eebae8e4a41ead220a7fffd7a884b4f44fdef0e5a781294482

            Identifiers

            • pkg:maven/org.apache.maven.surefire/surefire-booter@3.2.3  (Confidence:High)

            surefire-extensions-api-3.2.2.jar

            File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/apache/maven/surefire/surefire-extensions-api/3.2.2/surefire-extensions-api-3.2.2.jar
            MD5: 358d2fba67dc8bab448061fdad31b24a
            SHA1: f514ede3901c2266b6ab9eb6cd9457250fedd6a5
            SHA256:c17a663985b0cac17eb978488d3f0e62bfa649f0eff1c6411c25f5cda0a11cdc

            Identifiers

            • pkg:maven/org.apache.maven.surefire/surefire-extensions-api@3.2.2  (Confidence:High)

            surefire-extensions-api-3.2.3.jar

            File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/apache/maven/surefire/surefire-extensions-api/3.2.3/surefire-extensions-api-3.2.3.jar
            MD5: 18f612793ba07291c6751299dbab3be3
            SHA1: 90b4e7f82f52f153734e6342afa1a0ebcc2fce40
            SHA256:8c34ca976444685605784dc4c5cb3ac8b838b2b475310a9fcd2b3e2a545de16a

            Identifiers

            • pkg:maven/org.apache.maven.surefire/surefire-extensions-api@3.2.3  (Confidence:High)

            surefire-extensions-spi-3.2.2.jar

            File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/apache/maven/surefire/surefire-extensions-spi/3.2.2/surefire-extensions-spi-3.2.2.jar
            MD5: d11607221665c37100c9323d5eac6d22
            SHA1: 4e01d4a8dd2b8f0842750096a6d0069678151987
            SHA256:38282f5e09ba6a129b22f5586c2d35c133461c0aa172d97e2f3a7c29293d1410

            Identifiers

            • pkg:maven/org.apache.maven.surefire/surefire-extensions-spi@3.2.2  (Confidence:High)

            surefire-extensions-spi-3.2.3.jar

            File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/apache/maven/surefire/surefire-extensions-spi/3.2.3/surefire-extensions-spi-3.2.3.jar
            MD5: 5bf8611d8c865c945af236c667c47bd6
            SHA1: 70f26226daf70aaeff7f8d39e7c577e62eca1d96
            SHA256:5eae9d42b9da855b005adc385a35ddd62659aefbe0a3ebeab4dff2c56762c56f

            Identifiers

            • pkg:maven/org.apache.maven.surefire/surefire-extensions-spi@3.2.3  (Confidence:High)

            surefire-junit-platform-3.2.2.jar

            Description:

            SureFire JUnit Platform Runner

            File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/apache/maven/surefire/surefire-junit-platform/3.2.2/surefire-junit-platform-3.2.2.jar
            MD5: 2250d4f65a1f9c74675f9139512ba61b
            SHA1: 491d42efd2cc77994d6ab4974793109ead85402f
            SHA256:06aef500a1a19ba394411cb352066e3ea9e0e7fbc2e15821ce9c01cb5f583666

            Identifiers

            • pkg:maven/org.apache.maven.surefire/surefire-junit-platform@3.2.2  (Confidence:High)

            surefire-junit-platform-3.2.3.jar

            Description:

            SureFire JUnit Platform Runner

            File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/apache/maven/surefire/surefire-junit-platform/3.2.3/surefire-junit-platform-3.2.3.jar
            MD5: 65887ddc1dc9b01ba84e77d94ca8f328
            SHA1: 7c9372a5ba0ee6d83b84887d4c268eab8fc84bb1
            SHA256:fdafaebb80ec6246efcdb11b61b4270635188a5e820b82306035d65900710fb5

            Identifiers

            • pkg:maven/org.apache.maven.surefire/surefire-junit-platform@3.2.3  (Confidence:High)

            surefire-logger-api-3.2.2.jar

            Description:

            Interfaces and Utilities related only to internal SureFire Logger API. Free of dependencies.

            File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/apache/maven/surefire/surefire-logger-api/3.2.2/surefire-logger-api-3.2.2.jar
            MD5: 0b1c74f7f68092b5ea07669de044dc65
            SHA1: ad1cf68646e60276dc44df451d2ab107231f1c04
            SHA256:34ea28b6f8a822402b6bfa7046341c6258cc44a6f071b6066a3de926180c06b9

            Identifiers

            • pkg:maven/org.apache.maven.surefire/surefire-logger-api@3.2.2  (Confidence:High)

            surefire-logger-api-3.2.3.jar

            Description:

            Interfaces and Utilities related only to internal SureFire Logger API. Free of dependencies.

            File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/apache/maven/surefire/surefire-logger-api/3.2.3/surefire-logger-api-3.2.3.jar
            MD5: 4583078b93a152321ed99fc889a48684
            SHA1: 963ab0611235695673656c42e56e9d88e38b4ec3
            SHA256:b77ad337f49661dbc87c26f791009a591791598d63046b5bfbff0d7eec7e1efe

            Identifiers

            • pkg:maven/org.apache.maven.surefire/surefire-logger-api@3.2.3  (Confidence:High)

            surefire-shared-utils-3.2.2.jar (shaded: org.apache.commons:commons-compress:1.23.0)

            Description:

            Apache Commons Compress software defines an API for working with
compression and archive formats.  These include: bzip2, gzip, pack200,
lzma, xz, Snappy, traditional Unix Compress, DEFLATE, DEFLATE64, LZ4,
Brotli, Zstandard and ar, cpio, jar, tar, zip, dump, 7z, arj.

            File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/apache/maven/surefire/surefire-shared-utils/3.2.2/surefire-shared-utils-3.2.2.jar/META-INF/maven/org.apache.commons/commons-compress/pom.xml
            MD5: d3b5ceab5b35e740311012b5b096176a
            SHA1: 1459c307e78823562355649fd2af3b6b84c4858a
            SHA256:59dc121406ba9e8b5b512bcef4571351fed1f902b939cf527d893b7f729454c9

            Identifiers

            CVE-2023-42503  

            Improper Input Validation, Uncontrolled Resource Consumption vulnerability in Apache Commons Compress in TAR parsing.This issue affects Apache Commons Compress: from 1.22 before 1.24.0.

Users are recommended to upgrade to version 1.24.0, which fixes the issue.

A third party can create a malformed TAR file by manipulating file modification times headers, which when parsed with Apache Commons Compress, will cause a denial of service issue via CPU consumption.

In version 1.22 of Apache Commons Compress, support was added for file modification times with higher precision (issue # COMPRESS-612 [1]). The format for the PAX extended headers carrying this data consists of two numbers separated by a period [2], indicating seconds and subsecond precision (for example “1647221103.5998539”). The impacted fields are “atime”, “ctime”, “mtime” and “LIBARCHIVE.creationtime”. No input validation is performed prior to the parsing of header values.

Parsing of these numbers uses the BigDecimal [3] class from the JDK which has a publicly known algorithmic complexity issue when doing operations on large numbers, causing denial of service (see issue # JDK-6560193 [4]). A third party can manipulate file time headers in a TAR file by placing a number with a very long fraction (300,000 digits) or a number with exponent notation (such as “9e9999999”) within a file modification time header, and the parsing of files with these headers will take hours instead of seconds, leading to a denial of service via exhaustion of CPU resources. This issue is similar to CVE-2012-2098 [5].

[1]:  https://issues.apache.org/jira/browse/COMPRESS-612 
[2]:  https://pubs.opengroup.org/onlinepubs/9699919799/utilities/pax.html#tag_20_92_13_05 
[3]:  https://docs.oracle.com/javase/8/docs/api/java/math/BigDecimal.html 
[4]:  https://bugs.openjdk.org/browse/JDK-6560193 
[5]:  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2098 

Only applications using CompressorStreamFactory class (with auto-detection of file types), TarArchiveInputStream and TarFile classes to parse TAR files are impacted. Since this code was introduced in v1.22, only that version and later versions are impacted.
            CWE-400 Uncontrolled Resource Consumption, CWE-20 Improper Input Validation, NVD-CWE-noinfo

            CVSSv3:
            • Base Score: MEDIUM (5.5)
            • Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A

            References:

            Vulnerable Software & Versions:

            CVE-2024-25710  

            Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.3 through 1.25.0.

Users are recommended to upgrade to version 1.26.0 which fixes the issue.
            CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

            CVSSv3:
            • Base Score: MEDIUM (5.5)
            • Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A

            References:

            Vulnerable Software & Versions:

            CVE-2024-26308  

            Allocation of Resources Without Limits or Throttling vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.21 before 1.26.

Users are recommended to upgrade to version 1.26, which fixes the issue.
            CWE-770 Allocation of Resources Without Limits or Throttling

            CVSSv3:
            • Base Score: MEDIUM (5.5)
            • Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A

            References:

            Vulnerable Software & Versions:

            surefire-shared-utils-3.2.2.jar

            Description:

            Relocated Java packages of maven-shared-utils and several Apache Commons utilities in Surefire.

            License:

            The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
            File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/apache/maven/surefire/surefire-shared-utils/3.2.2/surefire-shared-utils-3.2.2.jar
            MD5: 0fdf4fe69c8bea86a52229d2d4bd27da
            SHA1: ba20712df8e0f43832361428e9189705e1a50927
            SHA256:f51e0ff777d36dd567cb7d129f8579ea7c2da03b4e81ef983e608bb4e11a200e

            Identifiers

            CVE-2022-29599  

            In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks.
            CWE-116 Improper Encoding or Escaping of Output

            CVSSv3:
            • Base Score: CRITICAL (9.8)
            • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
            CVSSv2:
            • Base Score: HIGH (7.5)
            • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

            References:

            Vulnerable Software & Versions:

            surefire-shared-utils-3.2.3.jar (shaded: org.apache.commons:commons-compress:1.25.0)

            Description:

            Apache Commons Compress defines an API for working with
compression and archive formats.  These include: bzip2, gzip, pack200,
LZMA, XZ, Snappy, traditional Unix Compress, DEFLATE, DEFLATE64, LZ4,
Brotli, Zstandard and ar, cpio, jar, tar, zip, dump, 7z, arj.

            File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/apache/maven/surefire/surefire-shared-utils/3.2.3/surefire-shared-utils-3.2.3.jar/META-INF/maven/org.apache.commons/commons-compress/pom.xml
            MD5: b9908114f28f6b709e5cc096d5038cbb
            SHA1: 334a8fd9c3120b359be7d70490cd6500bd35f7f8
            SHA256:ba5cda496643a906fcb77b1f13c5c7de817133c977a417e8a835fe28a6518ece

            Identifiers

            CVE-2024-25710  

            Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.3 through 1.25.0.

Users are recommended to upgrade to version 1.26.0 which fixes the issue.
            CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

            CVSSv3:
            • Base Score: MEDIUM (5.5)
            • Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A

            References:

            Vulnerable Software & Versions:

            CVE-2024-26308  

            Allocation of Resources Without Limits or Throttling vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.21 before 1.26.

Users are recommended to upgrade to version 1.26, which fixes the issue.
            CWE-770 Allocation of Resources Without Limits or Throttling

            CVSSv3:
            • Base Score: MEDIUM (5.5)
            • Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A

            References:

            Vulnerable Software & Versions:

            surefire-shared-utils-3.2.3.jar (shaded: org.apache.commons:commons-lang3:3.14.0)

            Description:

              Apache Commons Lang, a package of Java utility classes for the
  classes that are in java.lang's hierarchy, or are considered to be so
  standard as to justify existence in java.lang.

            File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/apache/maven/surefire/surefire-shared-utils/3.2.3/surefire-shared-utils-3.2.3.jar/META-INF/maven/org.apache.commons/commons-lang3/pom.xml
            MD5: 05164a1ea756fd8307e72aeaf0f4097c
            SHA1: 063304d0daef2181ff359107bc29fb865a04d3cf
            SHA256:110438863bad37c28f906bf87016e38c7a8c758ba321e09d11dc5a2363a8e79e

            Identifiers

            CVE-2025-48924  

            Uncontrolled Recursion vulnerability in Apache Commons Lang.

This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0.

The methods ClassUtils.getClass(...) can throw StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a 
StackOverflowError could cause an application to stop.

Users are recommended to upgrade to version 3.18.0, which fixes the issue.
            CWE-674 Uncontrolled Recursion

            CVSSv3:
            • Base Score: MEDIUM (5.3)
            • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:3.9/RC:R/MAV:A

            References:

            Vulnerable Software & Versions: (show all)

            surefire-shared-utils-3.2.3.jar

            Description:

            Relocated Java packages of maven-shared-utils and several Apache Commons utilities in Surefire.

            License:

            The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
            File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/apache/maven/surefire/surefire-shared-utils/3.2.3/surefire-shared-utils-3.2.3.jar
            MD5: 0fdeabc9106cfd1ccb237dbd506cb985
            SHA1: eb6095975873d98dfbb16e768307f3bc1cc16617
            SHA256:b63df8785c206268c7ea094aaa63869f0f78d64080eaf8695558818e05008468

            Identifiers

            CVE-2022-29599  

            In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks.
            CWE-116 Improper Encoding or Escaping of Output

            CVSSv3:
            • Base Score: CRITICAL (9.8)
            • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
            CVSSv2:
            • Base Score: HIGH (7.5)
            • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

            References:

            Vulnerable Software & Versions:

            tab.module.js

            File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/component/tab/tab.module.js
            MD5: 166d2c2b882fdc1a78ca4cc9401b06c9
            SHA1: 9d791653303758ca503daacbf47ff2b704f7c74b
            SHA256:d60a7e778a06bef2513f8ea96e66fe1149076bf4a50a59a541ca61d4691a98cb

            Identifiers

            • None

            tab.module.min.js

            File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/component/tab/tab.module.min.js
            MD5: 6c17ce001fa7987f74c9cf5cf4efeeab
            SHA1: 4a6cbcfa7b0f9a814fe04091c5a77ab6fcd03037
            SHA256:b1b6be5b1180f35989fc0e9c7453a1ce8c310012dc79c479dc35f88adf27f767

            Identifiers

            • None

            tab.nomodule.js

            File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/component/tab/tab.nomodule.js
            MD5: 360bdd00ec65e441c1966313e91bd3c2
            SHA1: c39eda551f22a20b3490b02da6a6660dbf0c8d66
            SHA256:49883719b3f0eed83854ce966848999f72cf782ce9f21a626b1434224fda4262

            Identifiers

            • None

            tab.nomodule.min.js

            File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/component/tab/tab.nomodule.min.js
            MD5: ed8ce73857424ec57088a884b60dce74
            SHA1: 356e3bd3c9ec63e9183ed22c58f78f8a16585bf4
            SHA256:175bbaa3d0eef8c7f9d40815d91f6d43f316c9d9c88ca7f5849dbb6a6cc25a2e

            Identifiers

            • None

            table.module.js

            File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/component/table/table.module.js
            MD5: 7af0e32ac6a8f4a121011554e80850a2
            SHA1: 213437ccbbc0e14219a5f5ca38570535eca94186
            SHA256:09394fb0eebf4a7aab82a33499548310cf5dd154a5ff915141606e37620a5cf8

            Identifiers

            • None

            table.module.min.js

            File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/component/table/table.module.min.js
            MD5: fa718f3aa592203edfd3ed8b1fe9e003
            SHA1: f97ce313b1cb2031344352382300247dc829f7cc
            SHA256:f4f1fcd7f0331899345376d9fd308b83ef7ab44b21bbe6c54ba286d1df373085

            Identifiers

            • None

            table.nomodule.js

            File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/component/table/table.nomodule.js
            MD5: aaca3692d72eaf36d1016c6bd88e7784
            SHA1: 840e7dcde9ea0c26bcfbc08e3d58cee9713dcc77
            SHA256:41590e0798d0954728646e5d07bac106d1cc027cd2336e2fc303794d3dc631ae

            Identifiers

            • None

            table.nomodule.min.js

            File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/component/table/table.nomodule.min.js
            MD5: 86e4b6815fa2f6fd9000c9a8ae47baea
            SHA1: 98639b9a3fdfa96ef58f0c0feed933c940158e75
            SHA256:900c1902e52d0e35bcf059afbb02ff4daec75c870a8d0157d0b434290c6c00fa

            Identifiers

            • None

            tag.module.js

            File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/component/tag/tag.module.js
            MD5: ffaaa6aebbd9c16c500e3ce31daaacac
            SHA1: f22e01605a473078a0ac681bca9d70ac22e4b7b4
            SHA256:8027a03832cc077668691590087fce0eb90eff619adb5903ff8d71a5a83a9392

            Identifiers

            • None

            tag.module.min.js

            File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/component/tag/tag.module.min.js
            MD5: d60f432b009f1c7f52bce6368d6a7f45
            SHA1: eca97edbc28d14e733cc09eef67d986afd2adc8e
            SHA256:b3edf47b39beeafd1c1cf44dcaa4d3e2a81e27a8e43549ccd12ab640c4f10fef

            Identifiers

            • None

            tag.nomodule.js

            File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/component/tag/tag.nomodule.js
            MD5: 672fe28cbba7e813d5ec804092b0b00e
            SHA1: c964c6447664be4a5deb2ed52e555ecd819aba1c
            SHA256:c5ef0637c8d9b8938acda762ed418f15de219d7fc5992362486950bf1df918f7

            Identifiers

            • None

            tag.nomodule.min.js

            File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/component/tag/tag.nomodule.min.js
            MD5: 490ba66719c124aee172166dc5798436
            SHA1: 02f73764e8283f3ed8433a71b321a61409c45f95
            SHA256:de2556b125dda71411a443a2e365eff2444ac4f4b4f454c51043c02d6481f902

            Identifiers

            • None

            tagsoup-1.2.1.jar

            Description:

            TagSoup is a SAX-compliant parser written in Java that, instead of parsing well-formed or valid XML, parses HTML as it is found in the wild: poor, nasty and brutish, though quite often far from short. TagSoup is designed for people who have to process this stuff using some semblance of a rational application design. By providing a SAX interface, it allows standard XML tools to be applied to even the worst HTML. TagSoup also includes a command-line processor that reads HTML files and can generate either clean HTML or well-formed XML that is a close approximation to XHTML.

            License:

            Apache License 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
            File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/ccil/cowan/tagsoup/tagsoup/1.2.1/tagsoup-1.2.1.jar
            MD5: ae73a52cdcbec10cd61d9ef22fab5936
            SHA1: 5584627487e984c03456266d3f8802eb85a9ce97
            SHA256:ac97f7b4b1d8e9337edfa0e34044f8d0efe7223f6ad8f3a85d54cc1018ea2e04

            Identifiers

            • pkg:maven/org.ccil.cowan.tagsoup/tagsoup@1.2.1  (Confidence:High)

            testcontainers-1.21.3.jar

            Description:

            Isolated container management for Java code testing

            License:

            MIT: http://opensource.org/licenses/MIT
            File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/testcontainers/testcontainers/1.21.3/testcontainers-1.21.3.jar
            MD5: d7c7e2994e324e29f981fad6e18e8e61
            SHA1: aa3e792d2cf4598019933c42f1cfa55bd608ce8b
            SHA256:ef934ddac6f42759d71c303a2844544a56cf381b33437149955d3d8c992bec5d

            Identifiers

            • pkg:maven/org.testcontainers/testcontainers@1.21.3  (Confidence:High)

            tests-3.0.7.jar

            File Path: /builds/pub/numeco/misis/misis-backend/tests/target/tests-3.0.7.jar
            MD5: b3e812ab1e11e2e2f89caee2a1792aff
            SHA1: 6a1b680c7ca31813cf1654fd64e1ded41afc8b50
            SHA256:c9e5ccc3fc1bf83dc326041c3be71b07dc29397fa6427d4d93417e527a8d9246

            Identifiers

            • pkg:maven/fr.numeco/tests@3.0.7  (Confidence:High)

            tile.module.js

            File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/component/tile/tile.module.js
            MD5: a90ff1a5c2651a4b688cef62711261fe
            SHA1: f64d5fa083985fd48ea08d9ec6c86d6f2edbbfbc
            SHA256:8a8feca0b64b5500b45dd49a0adf446906e452200d5a9fd8d41a3042e2361f8f

            Identifiers

            • None

            tile.module.min.js

            File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/component/tile/tile.module.min.js
            MD5: 196e651c43c9d74db5e3ff2af60e1fe1
            SHA1: b645e760b28ba0c330ac31f0f40af2b5791a4e3d
            SHA256:746035acda40737902f48f97663f3b300dd4e889d1858f82b5f02d2085435877

            Identifiers

            • None

            tile.nomodule.js

            File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/component/tile/tile.nomodule.js
            MD5: 8299e602102b4510919acc7e4b55e759
            SHA1: f17a10cbffce3a8e84fbb4d20f561d02b131671e
            SHA256:d22a22169c4326dd038dd78f85c4bc1004b9f4990817894b8f0d79d292c8a2e1

            Identifiers

            • None

            tile.nomodule.min.js

            File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/component/tile/tile.nomodule.min.js
            MD5: 8ae366ae585a037c17212311720cba8f
            SHA1: 3e19d9fb65da55849b7611a17207f2a495dbe55d
            SHA256:8819c5ecde62e1517f62db48d9a327308aec00f791698b5b87a3be43111498f3

            Identifiers

            • None

            toggle.module.js

            File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/component/toggle/toggle.module.js
            MD5: 309b96f0531d9b68beadb0f36e126ec9
            SHA1: a66101d0dfdfa5f4ea75d266eef4b5bc722b936a
            SHA256:74be836fdce6505d5ae00137a7494ede882704e47a7870554abf36c86e342c31

            Identifiers

            • None

            toggle.module.min.js

            File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/component/toggle/toggle.module.min.js
            MD5: 05daf10ced1279054d6a1038e10d03be
            SHA1: a49cb75f884b9a2049885ccad33da0b79f326fd8
            SHA256:0f0ebe597afb615ff1bcbb08430422a662ca46aa14e0f7e7df0f82a4e005c90d

            Identifiers

            • None

            toggle.nomodule.js

            File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/component/toggle/toggle.nomodule.js
            MD5: 493ac25331aac8ce44bf3aa3021ead05
            SHA1: 7a23d187b81540dae63c118a39cfc382d13331a4
            SHA256:38db368b2c549a02cdfbb1dc72e9483ba25e64f948f239f41b9338d87c467517

            Identifiers

            • None

            toggle.nomodule.min.js

            File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/component/toggle/toggle.nomodule.min.js
            MD5: 4353ad2393606bf4ee1d204868129f58
            SHA1: 45f14b0b4bb9251a1f939212308d4e280c85cc21
            SHA256:9eae528d6e8f9e6f6747afca5aad1e76530ed512b20c4edd79b825722eb81cd8

            Identifiers

            • None

            tooltip.module.js

            File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/component/tooltip/tooltip.module.js
            MD5: abf7b9a8b1d12313c33b2224ad69f51b
            SHA1: 86a1582b2863fff63f11bb3868a190492b167efe
            SHA256:1bfecbbe795beedf23c1ad50a6e60d7d75893f7e85515273afc28279bbdbdb97

            Identifiers

            • None

            tooltip.module.min.js

            File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/component/tooltip/tooltip.module.min.js
            MD5: ee98fd691b8824ee46887391d9d58600
            SHA1: 956f74a634489a82a0629e640d7d0e4146a5d49e
            SHA256:4ee88286a5163fa4721ace24313c30794524064f1f389e23f2029cc2b969579b

            Identifiers

            • None

            tooltip.nomodule.js

            File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/component/tooltip/tooltip.nomodule.js
            MD5: 08f124639c6c4780c69949d2907e974d
            SHA1: cf86d82b6d4fa5420df76b5b573669cc8be62932
            SHA256:9e58e026935ed3d52bf781ba1e5f4d11b93426691f6a8266e31ab1fc610f85f6

            Identifiers

            • None

            tooltip.nomodule.min.js

            File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/component/tooltip/tooltip.nomodule.min.js
            MD5: 778b39643d4763d6e7ca07c14e231edc
            SHA1: 530aef30cb38cd8da9a792ebf11cc6fa0ab29893
            SHA256:a91db422bfe089979858a75bcb8ea109a9d3b622f07eaaba45a2ed6fece76848

            Identifiers

            • None

            transcription.module.js

            File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/component/transcription/transcription.module.js
            MD5: 0eb8a2e872e4ba2fd208a1b4e52a816d
            SHA1: b2d5eb569980cda34dc1832dcbaccbfab8014501
            SHA256:cb3bd78b9814a15712e5c571d8d9d17830ebc878d1a299ad7447f56e47d24d10

            Identifiers

            • None

            transcription.module.min.js

            File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/component/transcription/transcription.module.min.js
            MD5: e7eaf33855668f1480995d3512144ed8
            SHA1: 69ced78f8659c290ee8f341d08b83fb6c390c79e
            SHA256:8782b14ba29e90c3669f04c2d6bf912517354813a44ca78d80b618fbd8021185

            Identifiers

            • None

            transcription.nomodule.js

            File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/component/transcription/transcription.nomodule.js
            MD5: 9e3348cbc67f1a3893f2ace3527ad9fc
            SHA1: 2de45ca31a9635679371ff7cc3eb792a2745353f
            SHA256:898da4772e73898a247fa9fa14e7ffd03bb6d28d91348878176eb23cebf49f3a

            Identifiers

            • None

            transcription.nomodule.min.js

            File Path: /builds/pub/numeco/misis/misis-backend/keycloak-init/misis/login/resources/css/component/transcription/transcription.nomodule.min.js
            MD5: 2ac0b8af0e6489b8e0340993da380604
            SHA1: 6b8c6586a2ae752c19d16e2c0dc7dd1a8f9be52e
            SHA256:05e2a1c08b3e9bb5e2dfbf22f31042d525971610f0dbeea06927ee97a5e72c17

            Identifiers

            • None

            transformed-bytecode.jar

            File Path: /builds/pub/numeco/misis/misis-backend/analyzer/target/quarkus-app/quarkus/transformed-bytecode.jar
            MD5: c265e44fd6be1384954567116828760a
            SHA1: f022310aa51e49ef7654a709a169ac7283ccbfbc
            SHA256:ba359e2afa9ee00bebb78ee0ad2fe4628571ac04b979ecad721a27b0ecb6ebd7

            Identifiers

            • None

            transformed-bytecode.jar

            File Path: /builds/pub/numeco/misis/misis-backend/webapp/target/quarkus-app/quarkus/transformed-bytecode.jar
            MD5: 257df51b879e2da9b4577fb13b9e1abd
            SHA1: f8e1ffabde300f65b8b4643247d0b5085962d687
            SHA256:f55775dbebdada072e636a798f83584d05e5e83b7128c051b9b7a8d7945eceed

            Identifiers

            • None

            vertx-web-common-4.5.23.jar

            File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/io/vertx/vertx-web-common/4.5.23/vertx-web-common-4.5.23.jar
            MD5: 36f7bd7a0281881b446101e5f4d21474
            SHA1: 8f043782d643441ad50f4cfd3aa0e71728d6dbd2
            SHA256:e2c04fc9a4914af93e50728878c3b59afcacba2365fa92adf193e33ece44e51a

            Identifiers

            wagon-file-3.5.3.jar

            Description:

                Wagon provider that gets and puts artifacts using file system protocol

            File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/apache/maven/wagon/wagon-file/3.5.3/wagon-file-3.5.3.jar
            MD5: 49ed6c95eb28e434ea5c3c9b0ea0fde4
            SHA1: a09f59be3767dbff0401828463d1752a9cb0c551
            SHA256:afc9216fa97b78dad227b4a8d4d67b9897bf113a57f80598d62993841113e103

            Identifiers

            webapp-3.0.7.jar

            File Path: /builds/pub/numeco/misis/misis-backend/webapp/target/quarkus-app/app/webapp-3.0.7.jar
            MD5: 5a5b703abf1a5d0207fa3268dacd7bb1
            SHA1: 8834c33a32725b198b8e6292f576ffc735155395
            SHA256:fcd00d5d34161250207230973c131bce430f3ade8ac2676a9fa08d6c70725950

            Identifiers

            • None

            webapp-3.0.7.jar

            File Path: /builds/pub/numeco/misis/misis-backend/webapp/target/webapp-3.0.7.jar
            MD5: 88e985d8a80ac8ad853961ccd901460e
            SHA1: a16627984a41b5d1707b1477b75f055879c64ba7
            SHA256:2d8259e49e231c820c688f9b1759396bcb37421582e1d986898fd460a395412c

            Identifiers

            • pkg:maven/fr.gouv.misis/webapp@3.0.7  (Confidence:High)

            woodstox-core-7.1.1.jar (shaded: com.sun.xml.bind.jaxb:isorelax:20090621)

            Description:

            Unknown version of isorelax library used in JAXB project

            File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/com/fasterxml/woodstox/woodstox-core/7.1.1/woodstox-core-7.1.1.jar/META-INF/maven/com.sun.xml.bind.jaxb/isorelax/pom.xml
            MD5: 6fbb4bc95fbf2072bc6e3b790553fe81
            SHA1: 314ec72948d5c1fc71d553cbbd7a130caa6f9f13
            SHA256:cda6451d0231a973352b592ff950e39224ba6ba1a2f35eeab66511b5c225dff1

            Identifiers

            • pkg:maven/com.sun.xml.bind.jaxb/isorelax@20090621  (Confidence:High)

            woodstox-core-7.1.1.jar (shaded: net.java.dev.msv:xsdlib:2022.7)

            Description:

            XML Schema datatypes library

            License:

            BSD
            File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/com/fasterxml/woodstox/woodstox-core/7.1.1/woodstox-core-7.1.1.jar/META-INF/maven/net.java.dev.msv/xsdlib/pom.xml
            MD5: f82c4c4c46c8a27ee68f031373064bf9
            SHA1: 1b9b8fe3901f3556ed99a477af66f0f645c16cf0
            SHA256:8649b880ac5dbb3549022c40eff4053930ea209c4aaf998925fb3d6dd75fb6c3

            Identifiers

            • pkg:maven/net.java.dev.msv/xsdlib@2022.7  (Confidence:High)
            • cpe:2.3:a:xml_library_project:xml_library:2022.7:*:*:*:*:*:*:*  (Confidence:Low)  

            woodstox-core-7.1.1.jar

            Description:

            Woodstox is a high-performance XML processor that implements Stax (JSR-173),
SAX2 and Stax2 APIs

            License:

            The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
            File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/com/fasterxml/woodstox/woodstox-core/7.1.1/woodstox-core-7.1.1.jar
            MD5: 971ff236679f7b35a7c13c0d02c0170e
            SHA1: 76baad1b94513ea896e0a17388890a4c81edd0e0
            SHA256:02b9d022e9d47704ff8a7a859a0dbfd3b2882a8311eb7ff1e180f760ccda2712

            Identifiers

            word-23.1.2.jar

            Description:

            A low-level framework for machine-word-sized values in Java.

            License:

            Universal Permissive License, Version 1.0: http://opensource.org/licenses/UPL
            File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/graalvm/sdk/word/23.1.2/word-23.1.2.jar
            MD5: c850fa025977c8e3561fdcee911dbd9e
            SHA1: 9dfd386a63750f33e848086317e19a01e9ed7eb8
            SHA256:2ae7a71ff3f53f61d1d7360a6152f67ce3902ae86ca22b30b70208dc0cf4e039

            Identifiers

            • pkg:maven/org.graalvm.sdk/word@23.1.2  (Confidence:High)

            xml-path-5.5.6.jar

            Description:

            Java DSL for easy testing of REST services

            License:

            https://www.apache.org/licenses/LICENSE-2.0.html
            File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/io/rest-assured/xml-path/5.5.6/xml-path-5.5.6.jar
            MD5: de8d4f799784e42058e798a389fd56e1
            SHA1: 0f05b964e3a2eea738a254f1c44d5dbba0ca57b1
            SHA256:7e87fea7d7e51fc033052d72d08150ad46fcaffdf3ed7558a62c3e2c95e89585

            Identifiers

            • pkg:maven/io.rest-assured/xml-path@5.5.6  (Confidence:High)

            xmlpull-1.1.3.1.jar

            License:

            Public Domain: http://www.xmlpull.org/v1/download/unpacked/LICENSE.txt
            File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/xmlpull/xmlpull/1.1.3.1/xmlpull-1.1.3.1.jar
            MD5: cc57dacc720eca721a50e78934b822d2
            SHA1: 2b8e230d2ab644e4ecaa94db7cdedbc40c805dfa
            SHA256:34e08ee62116071cbb69c0ed70d15a7a5b208d62798c59f2120bb8929324cb63

            Identifiers

            • pkg:maven/xmlpull/xmlpull@1.1.3.1  (Confidence:High)

            xstream-1.4.20.jar

            Description:

            XStream is a serialization library from Java objects to XML and back.

            License:

            BSD-3-Clause
            File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/com/thoughtworks/xstream/xstream/1.4.20/xstream-1.4.20.jar
            MD5: 1e816f33b1eb780a309789478051faeb
            SHA1: 0e2315b8b2e95e9f21697833c8e56cdd9c98a5ee
            SHA256:87df0f0be57c92037d0110fbb225a30b651702dc275653d285afcfef31bc2e81

            Identifiers

            xz-1.9.jar

            Description:

            XZ data compression

            License:

            Public Domain
            File Path: /builds/pub/numeco/misis/misis-backend/.m2/repository/org/tukaani/xz/1.9/xz-1.9.jar
            MD5: 57c2fbfeb55e307ccae52e5322082e02
            SHA1: 1ea4bec1a921180164852c65006d928617bd2caf
            SHA256:211b306cfc44f8f96df3a0a3ddaf75ba8c5289eed77d60d72f889bb855f535e5

            Identifiers

            • pkg:maven/org.tukaani/xz@1.9  (Confidence:High)


            This report contains data retrieved from the National Vulnerability Database.
            This report may contain data retrieved from the CISA Known Exploited Vulnerability Catalog.
            This report may contain data retrieved from the Github Advisory Database (via NPM Audit API).
            This report may contain data retrieved from RetireJS.
            This report may contain data retrieved from the Sonatype OSS Index.