Press CTR-C to copy XML [help]


Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

How to read the report | Suppressing false positives | Getting Help: google group | github issues

Project: eXo PLF:: Commons - API

org.exoplatform.commons:commons-api:6.0.x-SNAPSHOT

Scan Information (show all):

Display: Showing Vulnerable Dependencies (click to show all)

Dependency CPE Coordinates Highest Severity CVE Count CPE Confidence Evidence Count
portlet-api-2.0.jar javax.portlet:portlet-api:2.0    0 22
javax.websocket-api-1.0.jar javax.websocket:javax.websocket-api:1.0    0 29
commons-lang-2.6.jar org.netbeans.external:org-apache-commons-lang:RELEASE90    0 34
jcr-1.0.1.jar cpe:/a:content_project:content:1.0.1 javax.jcr:jcr:1.0.1 Medium 1 Low 25
jtidy-r938.jar cpe:/a:html-tidy:tidy:- net.sf.jtidy:jtidy:r938    0 Low 25
exo.core.component.xml-processing-6.0.x-SNAPSHOT.jar cpe:/a:processing:processing:6.0.20191006 org.exoplatform.core:exo.core.component.xml-processing:6.0.x-SNAPSHOT   0 Low 24
exo.core.component.script.groovy-6.0.x-SNAPSHOT.jar org.exoplatform.core:exo.core.component.script.groovy:6.0.x-SNAPSHOT   0 22
jsr311-api-1.1.1.jar javax.ws.rs:jsr311-api:1.1.1    0 28
commons-fileupload-1.3.3.jar cpe:/a:apache:commons_fileupload:1.3.3 commons-fileupload:commons-fileupload:1.3.3    0 Low 40
exo.ws.rest.core-6.0.x-SNAPSHOT.jar cpe:/a:ws_project:ws:6.0.20191006 org.exoplatform.ws:exo.ws.rest.core:6.0.x-SNAPSHOT   0 Low 24
jsr250-api-1.0.jar javax.annotation:jsr250-api:1.0    0 20
exo.jcr.component.ext-6.0.x-SNAPSHOT.jar org.exoplatform.jcr:exo.jcr.component.ext:6.0.x-SNAPSHOT   0 24
mime-util-2.1.3.jar cpe:/a:mime_project:mime:2.1.3 eu.medsea.mimeutil:mime-util:2.1.3    0 Low 30
jakarta-regexp-1.4.jar jakarta-regexp:jakarta-regexp:1.4    0 14
xpp3-1.1.6.jar org.ogce:xpp3:1.1.6    0 24
jcl-over-slf4j-1.7.18.jar org.slf4j:jcl-over-slf4j:1.7.18    0 31
exo.kernel.commons-6.0.x-SNAPSHOT.jar org.exoplatform.kernel:exo.kernel.commons:6.0.x-SNAPSHOT   0 24
javax.servlet-api-3.0.1.jar javax.servlet:javax.servlet-api:3.0.1    0 38
commons-beanutils-1.8.3.jar cpe:/a:apache:commons_beanutils:1.8.3 commons-beanutils:commons-beanutils:1.8.3  High 2 Low 34
common-common-2.2.2.Final.jar org.gatein.common:common-common:2.2.2.Final    0 31
wci-wci-6.0.x-SNAPSHOT.jar org.exoplatform.gatein.wci:wci-wci:6.0.x-SNAPSHOT   0 29
jibx-run-1.2.6.jar org.jibx:jibx-run:1.2.6    0 29
javax.inject-1.jar javax.inject:javax.inject:1    0 20
cdi-api-1.0-SP4.jar javax.enterprise:cdi-api:1.0-SP4    0 31
exo.kernel.container-6.0.x-SNAPSHOT.jar org.exoplatform.kernel:exo.kernel.container:6.0.x-SNAPSHOT   0 24
log4j-1.2.17.jar cpe:/a:apache:log4j:2.0:alpha1 log4j:log4j:1.2.17  High 1 High 33
stax-api-1.0-2.jar javax.xml.stream:stax-api:1.0-2    0 20
activation-1.1.1.jar javax.activation:activation:1.1.1    0 24
jaxb-api-2.1.jar javax.xml.bind:jaxb-api:2.1    0 15
jaxb-impl-2.1.8.jar com.sun.xml.bind:jaxb-impl:2.1.8    0 20
picketlink-idm-core-1.4.6.Final.jar cpe:/a:picketlink:picketlink:1.4.6 org.picketlink.idm:picketlink-idm-core:1.4.6.Final  Medium 3 Low 37
jackson-core-2.9.8.jar cpe:/a:fasterxml:jackson:2.9.8 com.fasterxml.jackson.core:jackson-core:2.9.8    0 Low 41
jackson-databind-2.9.8.jar cpe:/a:fasterxml:jackson:2.9.8
cpe:/a:fasterxml:jackson-databind:2.9.8 		com.fasterxml.jackson.core:jackson-databind:2.9.8  High 10 Highest 41
snakeyaml-1.23.jar org.yaml:snakeyaml:1.23    0 25
jackson-dataformat-yaml-2.9.8.jar cpe:/a:fasterxml:jackson:2.9.8
cpe:/a:fasterxml:jackson-dataformat-xml:2.9.8 		com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:2.9.8    0 Low 41
swagger-annotations-1.5.22.jar io.swagger:swagger-annotations:1.5.22    0 24
swagger-models-1.5.22.jar io.swagger:swagger-models:1.5.22    0 24
validation-api-1.1.0.Final.jar javax.validation:validation-api:1.1.0.Final    0 22
swagger-core-1.5.22.jar io.swagger:swagger-core:1.5.22    0 24
reflections-0.9.11.jar org.reflections:reflections:0.9.11    0 25
swagger-jaxrs-1.5.22.jar io.swagger:swagger-jaxrs:1.5.22    0 24
common-logging-2.2.2.Final.jar org.gatein.common:common-logging:2.2.2.Final    0 31
mop-api-1.3.2.Final.jar org.gatein.mop:mop-api:1.3.2.Final   0 30
mop-spi-1.3.2.Final.jar org.gatein.mop:mop-spi:1.3.2.Final   0 30
chromattic.common-1.3.0.jar org.chromattic:chromattic.common:1.3.0    0 25
mop-core-1.3.2.Final.jar org.gatein.mop:mop-core:1.3.2.Final   0 30
gatein-management-api-2.1.0.Final.jar org.gatein.management:gatein-management-api:2.1.0.Final   0 28
gatein-management-spi-2.1.0.Final.jar org.gatein.management:gatein-management-spi:2.1.0.Final   0 28
commons-lang3-3.3.2.jar org.apache.commons:commons-lang3:3.3.2    0 37
json-20070829.jar org.json:json:20070829    0 23
exo.portal.webui.core-6.0.x-SNAPSHOT.jar cpe:/a:in-portal:in-portal:6.0.20191006 org.exoplatform.gatein.portal:exo.portal.webui.core:6.0.x-SNAPSHOT   0 Low 29
chromattic.api-1.3.0.jar org.chromattic:chromattic.api:1.3.0    0 23
chromattic.spi-1.3.0.jar org.chromattic:chromattic.spi:1.3.0    0 25
javassist-3.20.0-GA.jar org.javassist:javassist:3.20.0-GA    0 27
hibernate-entitymanager-4.2.21.Final.jar org.hibernate:hibernate-entitymanager:4.2.21.Final    0 32
liquibase-core-3.4.2.jar org.liquibase:liquibase-core:3.4.2    0 19
staxnav.core-0.9.8.jar org.staxnav:staxnav.core:0.9.8    0 19
closure-compiler-externs-v20170910.jar com.google.javascript:closure-compiler-externs:v20170910    0 19
args4j-2.33.jar args4j:args4j:2.33    0 24
error_prone_annotations-2.0.18.jar com.google.errorprone:error_prone_annotations:2.0.18    0 23
guava-20.0.jar cpe:/a:google:guava:20.0 com.google.guava:guava:20.0  Medium 1 Highest 29
gson-2.7.jar com.google.code.gson:gson:2.7    0 34
jsinterop-annotations-1.0.0.jar com.google.jsinterop:jsinterop-annotations:1.0.0    0 19
closure-compiler-v20170910.jar com.google.javascript:closure-compiler:v20170910    0 13
groovy-all-2.4.12.jar cpe:/a:apache:groovy:2.4.12 org.codehaus.groovy:groovy-all:2.4.12    0 Low 36
reflext.jlr-1.1.0.jar org.reflext:reflext.jlr:1.1.0    0 23
chromattic.metamodel-1.3.0.jar org.chromattic:chromattic.metamodel:1.3.0    0 23
reflext.api-1.1.0.jar org.reflext:reflext.api:1.1.0    0 23
reflext.core-1.1.0.jar org.reflext:reflext.core:1.1.0    0 23
reflext.spi-1.1.0.jar org.reflext:reflext.spi:1.1.0    0 25
reflext.apt-1.1.0.jar cpe:/a:processing:processing:1.1.0 org.reflext:reflext.apt:1.1.0  Medium 1 Low 23
chromattic.apt-1.3.0.jar org.chromattic:chromattic.apt:1.3.0    0 23
twitter4j-core-3.0.5.jar cpe:/a:twitter_project:twitter:3.0.5
cpe:/a:twitter:twitter:3.0.5 		org.twitter4j:twitter4j-core:3.0.5    0 Low 22
scribe-1.3.5.jar cpe:/a:scribe:scribe:1.3.5 org.scribe:scribe:1.3.5    0 Low 23
httpcore-4.3.3.jar org.apache.httpcomponents:httpcore:4.3.3    0 32
commons-logging-1.1.3.jar commons-logging:commons-logging:1.1.3    0 36
httpclient-4.3.6.jar cpe:/a:apache:httpclient:4.3.6 org.apache.httpcomponents:httpclient:4.3.6    0 Low 32
xpp3-1.1.4c.jar xpp3:xpp3:1.1.4c    0 26
google-http-client-1.14.1-beta.jar cpe:/a:google_forms_project:google_forms:1.14.1.beta com.google.http-client:google-http-client:1.14.1-beta    0 Low 24
jsr305-1.3.9.jar com.google.code.findbugs:jsr305:1.3.9    0 21
google-api-client-1.14.1-beta.jar com.google.api-client:google-api-client:1.14.1-beta    0 22
jackson-core-asl-1.9.11.jar cpe:/a:fasterxml:jackson:1.9.11 org.codehaus.jackson:jackson-core-asl:1.9.11    0 Low 32
google-http-client-jackson-1.14.1-beta.jar com.google.http-client:google-http-client-jackson:1.14.1-beta    0 22
google-api-services-plus-v1-rev69-1.14.2-beta.jar com.google.apis:google-api-services-plus:v1-rev69-1.14.2-beta    0 26
google-api-services-oauth2-v2-rev36-1.14.2-beta.jar com.google.apis:google-api-services-oauth2:v2-rev36-1.14.2-beta    0 26
chromattic.ext-1.3.0.jar org.chromattic:chromattic.ext:1.3.0    0 25
pc-api-6.0.x-SNAPSHOT.jar org.exoplatform.gatein.pc:pc-api:6.0.x-SNAPSHOT   0 27
pc-portlet-6.0.x-SNAPSHOT.jar org.exoplatform.gatein.pc:pc-portlet:6.0.x-SNAPSHOT   0 29
pc-federation-6.0.x-SNAPSHOT.jar org.exoplatform.gatein.pc:pc-federation:6.0.x-SNAPSHOT   0 29
pc-bridge-6.0.x-SNAPSHOT.jar org.exoplatform.gatein.pc:pc-bridge:6.0.x-SNAPSHOT   0 27
filters-2.0.235.jar cpe:/a:image_processing_software:image_processing_software:2.0.235 com.jhlabs:filters:2.0.235  Low 1 Low 22
simplecaptcha-1.1.1.Final-gatein-4.jar org.gatein.captcha:simplecaptcha:1.1.1.Final-gatein-4   0 27
gatein-api-1.0.1.Final.jar org.gatein.api:gatein-api:1.0.1.Final    0 29
icu4j-56.1.jar cpe:/a:icu-project:international_components_for_unicode:56.1::~~~c%2fc%2b%2b~~ com.ibm.icu:icu4j:56.1  High 8 Highest 33
exo.portal.webui.portal-6.0.x-SNAPSHOT.jar cpe:/a:in-portal:in-portal:6.0 org.exoplatform.gatein.portal:exo.portal.webui.portal:6.0.x-SNAPSHOT   0 Low 27
commons-webui-component-6.0.x-SNAPSHOT.jar org.exoplatform.commons:commons-webui-component:6.0.x-SNAPSHOT   0 25
commons-chain-1.2.jar commons-chain:commons-chain:1.2    0 34
commons-digester-2.1.jar commons-digester:commons-digester:2.1    0 34
exo.kernel.component.command-6.0.x-SNAPSHOT.jar org.exoplatform.kernel:exo.kernel.component.command:6.0.x-SNAPSHOT   0 24
exo.kernel.component.cache-6.0.x-SNAPSHOT.jar org.exoplatform.kernel:exo.kernel.component.cache:6.0.x-SNAPSHOT   0 24
exo.core.component.security.core-6.0.x-SNAPSHOT.jar org.exoplatform.core:exo.core.component.security.core:6.0.x-SNAPSHOT   0 22
antlr-2.7.7.jar antlr:antlr:2.7.7    0 18
dom4j-1.6.1.jar cpe:/a:dom4j_project:dom4j:1.6.1 dom4j:dom4j:1.6.1  Medium 1 Highest 28
hibernate-jpa-2.0-api-1.0.1.Final.jar org.hibernate.javax.persistence:hibernate-jpa-2.0-api:1.0.1.Final    0 26
jboss-logging-annotations-1.2.0.Beta1.jar org.jboss.logging:jboss-logging-annotations:1.2.0.Beta1    0 30
hibernate-commons-annotations-4.0.5.Final.jar org.hibernate.common:hibernate-commons-annotations:4.0.5.Final    0 30
hibernate-core-4.2.21.Final.jar org.hibernate:hibernate-core:4.2.21.Final    0 32
exo.core.component.organization.api-6.0.x-SNAPSHOT.jar cpe:/a:api-platform:core:6.0 org.exoplatform.core:exo.core.component.organization.api:6.0.x-SNAPSHOT   0 Low 22
commons-io-2.4.jar commons-io:commons-io:2.4    0 36
fontbox-1.8.14.jar cpe:/a:apache:pdfbox:1.8.14 org.apache.pdfbox:fontbox:1.8.14  Medium 2 Highest 37
jempbox-1.8.14.jar cpe:/a:apache:pdfbox:1.8.14 org.apache.pdfbox:jempbox:1.8.14  Medium 2 Highest 35
pdfbox-1.8.14.jar cpe:/a:apache:pdfbox:1.8.14 org.apache.pdfbox:pdfbox:1.8.14  Medium 2 Highest 35
htmllexer-2.1.jar org.htmlparser:htmllexer:2.1    0 23
htmlparser-2.1.jar org.htmlparser:htmlparser:2.1    0 23
commons-codec-1.10.jar commons-codec:commons-codec:1.10    0 38
poi-3.13.jar cpe:/a:apache:poi:3.13 org.apache.poi:poi:3.13  High 2 Highest 28
tika-core-1.5.jar cpe:/a:apache:tika:1.5 org.apache.tika:tika-core:1.5  High 8 Highest 33
vorbis-java-core-0.1-tests.jar org.gagravarr:vorbis-java-core:0.1    0 23
vorbis-java-tika-0.1.jar cpe:/a:apache:tika:0.1 org.gagravarr:vorbis-java-tika:0.1  High 6 Highest 23
netcdf-4.2-min.jar edu.ucar:netcdf:4.2-min    0 21
apache-mime4j-core-0.7.2.jar cpe:/a:apache:james:0.7.2 org.apache.james:apache-mime4j-core:0.7.2    0 Low 33
xz-1.2.jar cpe:/a:tukaani:xz:1.2 org.tukaani:xz:1.2  Medium 1 Low 27
commons-compress-1.5.jar cpe:/a:apache:commons_compress:1.5
cpe:/a:apache:commons-compress:1.5 		org.apache.commons:commons-compress:1.5    0 Low 39
bcmail-jdk15-1.45.jar cpe:/a:no-cms_project:no-cms:1.45
cpe:/a:mime_project:mime:1.45 		org.bouncycastle:bcmail-jdk15:1.45    0 Low 24
bcprov-jdk15-1.45.jar cpe:/a:bouncycastle:bouncy-castle-crypto-package:1.45
cpe:/a:bouncycastle:bouncy_castle_crypto_package:1.45 		org.bouncycastle:bcprov-jdk15:1.45  Medium 1 Low 24
tagsoup-1.2.1.jar org.ccil.cowan.tagsoup:tagsoup:1.2.1    0 18
asm-debug-all-4.1.jar cpe:/a:debug_project:debug:4.1 org.ow2.asm:asm-debug-all:4.1    0 Low 28
aspectjrt-1.8.8.jar org.aspectj:aspectjrt:1.8.8    0 21
isoparser-1.0-RC-1.jar cpe:/a:boxes_project:boxes:7.x-1.0 com.googlecode.mp4parser:isoparser:1.0-RC-1  Low 1 Highest 24
xmpcore-5.1.2.jar com.adobe.xmp:xmpcore:5.1.2    0 30
xercesImpl-2.9.1.jar cpe:/a:apache:xerces2_java:2.9.1 xerces:xercesImpl:2.9.1  High 1 Low 50
metadata-extractor-2.6.2.jar com.drewnoakes:metadata-extractor:2.6.2    0 21
rome-1.0.jar rome:rome:1.0    0 32
vorbis-java-core-0.1.jar org.gagravarr:vorbis-java-core:0.1    0 21
juniversalchardet-1.0.3.jar org.zenframework.z8.dependencies.commons:juniversalchardet-1.0.3:2.0    0 26
jhighlight-1.0.jar com.uwyn:jhighlight:1.0    0 25
xmlbeans-2.6.0.jar org.apache.xmlbeans:xmlbeans:2.6.0    0 24
exo.core.component.document-6.0.x-SNAPSHOT.jar org.exoplatform.core:exo.core.component.document:6.0.x-SNAPSHOT   0 24
exo.core.component.database-6.0.x-SNAPSHOT.jar org.exoplatform.core:exo.core.component.database:6.0.x-SNAPSHOT   0 24
lucene-core-3.6.2.jar org.apache.lucene:lucene-core:3.6.2    0 26
lucene-analyzers-3.6.2.jar org.apache.lucene:lucene-analyzers:3.6.2    0 26
lucene-spellchecker-3.6.2.jar org.apache.lucene:lucene-spellchecker:3.6.2    0 26
jta-1.1.jar javax.transaction:transaction-api:1.1    0 22
concurrent-1.3.4.jar concurrent:concurrent:1.3.4    0 23
commons-collections-3.2.2.jar cpe:/a:apache:commons_collections:3.2.2 commons-collections:commons-collections:3.2.2    0 Low 40
jgroups-3.6.13.Final.jar org.jgroups:jgroups:3.6.13.Final    0 32
jbossjta-4.16.6.Final.jar org.jboss.jbossts:jbossjta:4.16.6.Final    0 22
ws-commons-util-1.0.1.jar cpe:/a:ws_project:ws:1.0.1 ws-commons-util:ws-commons-util:1.0.1  Medium 1 Low 30
jboss-common-core-2.2.22.GA.jar org.jboss:jboss-common-core:2.2.22.GA    0 30
stringtemplate-3.2.1.jar cpe:/a:string_project:string:3.2.1::~~~node.js~~ org.antlr:stringtemplate:3.2.1  Medium 1 Highest 23
antlr-runtime-3.5.jar org.antlr:antlr-runtime:3.5    0 26
jboss-logging-3.3.0.Final.jar org.jboss.logging:jboss-logging:3.3.0.Final    0 44
exo.kernel.component.ext.cache.impl.infinispan.v8-6.0.x-SNAPSHOT.jar cpe:/a:infinispan:infinispan:6.0.0 org.exoplatform.kernel:exo.kernel.component.ext.cache.impl.infinispan.v8:6.0.x-SNAPSHOT Medium 3 Highest 24
jboss-marshalling-osgi-2.0.0.Beta3.jar org.jboss.marshalling:jboss-marshalling-osgi:2.0.0.Beta3    0 29
infinispan-core-8.2.6.Final.jar cpe:/a:infinispan:infinispan:8.2.6 org.infinispan:infinispan-core:8.2.6.Final  Medium 3 Highest 35
exo.jcr.component.core-6.0.x-SNAPSHOT.jar org.exoplatform.jcr:exo.jcr.component.core:6.0.x-SNAPSHOT   0 24
quartz-2.2.2.jar org.quartz-scheduler:quartz:2.2.2    0 43
mail-1.4.7.jar cpe:/a:sun:javamail:1.4.7 javax.mail:mail:1.4.7    0 Low 38
commons-dbcp-1.4.jar commons-dbcp:commons-dbcp:1.4    0 34
commons-pool-1.6.jar commons-pool:commons-pool:1.6    0 36
exo.kernel.component.common-6.0.x-SNAPSHOT.jar org.exoplatform.kernel:exo.kernel.component.common:6.0.x-SNAPSHOT   0 22
xmlpull-1.1.3.1.jar xmlpull:xmlpull:1.1.3.1    0 18
xpp3_min-1.1.4c.jar xpp3:xpp3_min:1.1.4c    0 24
xstream-1.4.10.jar cpe:/a:xstream_project:xstream:1.4.10 com.thoughtworks.xstream:xstream:1.4.10  High 2 Highest 53
closure-compiler-v20170910.jar/META-INF/maven/com.google.javascript/closure-compiler/pom.xml cpe:/a:google:gmail:- com.google.javascript:closure-compiler:v20170910 Medium 1 Low 15
closure-compiler-v20170910.jar/META-INF/maven/com.google.protobuf/protobuf-java/pom.xml cpe:/a:google:protobuf:3.0.2 com.google.protobuf:protobuf-java:3.0.2 Medium 1 Highest 13
closure-compiler-v20170910.jar/META-INF/maven/com.google.code.findbugs/jsr305/pom.xml com.google.code.findbugs:jsr305:3.0.1   0 11
jboss-marshalling-osgi-2.0.0.Beta3.jar/META-INF/maven/org.jboss.marshalling/jboss-marshalling/pom.xml org.jboss.marshalling:jboss-marshalling:2.0.0.Beta3   0 13
jboss-marshalling-osgi-2.0.0.Beta3.jar/META-INF/maven/org.jboss.marshalling/jboss-marshalling-river/pom.xml org.jboss.marshalling:jboss-marshalling-river:2.0.0.Beta3   0 13
jboss-marshalling-osgi-2.0.0.Beta3.jar/META-INF/maven/org.jboss.marshalling/jboss-marshalling-serial/pom.xml org.jboss.marshalling:jboss-marshalling-serial:2.0.0.Beta3   0 13

Dependencies

portlet-api-2.0.jar

Description: The Java Portlet API version 2.0 developed by the Java Community Process JSR-286 Expert Group.

File Path: /home/ciagent/.m2/repository/javax/portlet/portlet-api/2.0/portlet-api-2.0.jar
MD5: 0ec08593cda1df33985391919996c740
SHA1: 1cd72f2a37fcf8ab9893a9468d7ba71c85fe2653
Referenced In Project/Scope: eXo PLF:: Commons - API:provided

Identifiers

javax.websocket-api-1.0.jar

Description: JSR 356: Java API for WebSocket

License:

https://glassfish.java.net/public/CDDL+GPL_1_1.html
File Path: /home/ciagent/.m2/repository/javax/websocket/javax.websocket-api/1.0/javax.websocket-api-1.0.jar
MD5: 510563ac69503be2d6cbb6d492a8027b
SHA1: fc843b649d4a1dcb0497669d262befa3918c7ba8
Referenced In Project/Scope: eXo PLF:: Commons - API:provided

Identifiers

commons-lang-2.6.jar

Description:  Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/commons-lang/commons-lang/2.6/commons-lang-2.6.jar
MD5: 4d5c1693079575b362edf41500630bbd
SHA1: 0ce1edb914c94ebc388f086c6827e8bdeec71ac2
Referenced In Project/Scope: eXo PLF:: Commons - API:compile

Identifiers

jcr-1.0.1.jar

Description: Content Repository for Java technology API. Specifies a standard API to access content repositories in JavaTM 2 independently of implementation.

License:

Day License: http://www.day.com/maven/jsr170/licenses/day-spec-license.htm
File Path: /home/ciagent/.m2/repository/javax/jcr/jcr/1.0.1/jcr-1.0.1.jar
MD5: 4639c7b994528948dab1a4feb1f68d6f
SHA1: 567ee103cf7592e3cf036e1bf4e2e06b9f08e1a1
Referenced In Project/Scope: eXo PLF:: Commons - API:compile

Identifiers

  • cpe: cpe:/a:content_project:content:1.0.1   Confidence:Low   
  • maven: javax.jcr:jcr:1.0.1   Confidence:High

CVE-2017-16111  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')

The content module is a module to parse HTTP Content-* headers. It is used by the hapijs framework to provide this functionality. The module is vulnerable to regular expression denial of service when passed a specifically crafted Content-Type or Content-Disposition header.

Vulnerable Software & Versions:

jtidy-r938.jar

Description:  JTidy is a Java port of HTML Tidy, a HTML syntax checker and pretty printer. Like its non-Java cousin, JTidy can be used as a tool for cleaning up malformed and faulty HTML. In addition, JTidy provides a DOM interface to the document that is being processed, which effectively makes you able to use JTidy as a DOM parser for real-world HTML.

License:

Java HTML Tidy License: http://jtidy.svn.sourceforge.net/viewvc/jtidy/trunk/jtidy/LICENSE.txt?revision=95
File Path: /home/ciagent/.m2/repository/net/sf/jtidy/jtidy/r938/jtidy-r938.jar
MD5: 6a9121561b8f98c0a8fb9b6e57f50e6b
SHA1: ab08d87a225a715a69107732b67f21e1da930349
Referenced In Project/Scope: eXo PLF:: Commons - API:compile

Identifiers

  • maven: net.sf.jtidy:jtidy:r938    Confidence:Highest
  • cpe: cpe:/a:html-tidy:tidy:-   Confidence:Low   

exo.core.component.xml-processing-6.0.x-SNAPSHOT.jar

Description: Implementation of XML Processing Service of Exoplatform SAS 'eXo Core' project.

File Path: /home/ciagent/.m2/repository/org/exoplatform/core/exo.core.component.xml-processing/6.0.x-SNAPSHOT/exo.core.component.xml-processing-6.0.x-SNAPSHOT.jar
MD5: b3b006595fbe303c9d739a79121f189e
SHA1: 1e6d90393499b0d884fe8c93a63074633f351f27
Referenced In Project/Scope: eXo PLF:: Commons - API:compile

Identifiers

  • maven: org.exoplatform.core:exo.core.component.xml-processing:6.0.x-SNAPSHOT   Confidence:High
  • cpe: cpe:/a:processing:processing:6.0.20191006   Confidence:Low   

exo.core.component.script.groovy-6.0.x-SNAPSHOT.jar

Description: Groovy Scripts Instantiator of Exoplatform SAS 'eXo Core' project.

File Path: /home/ciagent/.m2/repository/org/exoplatform/core/exo.core.component.script.groovy/6.0.x-SNAPSHOT/exo.core.component.script.groovy-6.0.x-SNAPSHOT.jar
MD5: 5c6d0169bbc28be47a74ccee4b9ddb74
SHA1: 0385aa69f19847a08969929d085c48850a498ff9
Referenced In Project/Scope: eXo PLF:: Commons - API:compile

Identifiers

  • maven: org.exoplatform.core:exo.core.component.script.groovy:6.0.x-SNAPSHOT   Confidence:High

jsr311-api-1.1.1.jar

License:

                CDDL License
            : http://www.opensource.org/licenses/cddl1.php
File Path: /home/ciagent/.m2/repository/javax/ws/rs/jsr311-api/1.1.1/jsr311-api-1.1.1.jar
MD5: c9803468299ec255c047a280ddec510f
SHA1: 59033da2a1afd56af1ac576750a8d0b1830d59e6
Referenced In Project/Scope: eXo PLF:: Commons - API:compile

Identifiers

commons-fileupload-1.3.3.jar

Description:  The Apache Commons FileUpload component provides a simple yet flexible means of adding support for multipart file upload functionality to servlets and web applications.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/commons-fileupload/commons-fileupload/1.3.3/commons-fileupload-1.3.3.jar
MD5: dd77e787b7b5dc56f6a1cb658716d55d
SHA1: 04ff14d809195b711fd6bcc87e6777f886730ca1
Referenced In Project/Scope: eXo PLF:: Commons - API:compile

Identifiers

exo.ws.rest.core-6.0.x-SNAPSHOT.jar

Description: Implementation of REST Core for Exoplatform SAS 'Web Services' project.

File Path: /home/ciagent/.m2/repository/org/exoplatform/ws/exo.ws.rest.core/6.0.x-SNAPSHOT/exo.ws.rest.core-6.0.x-SNAPSHOT.jar
MD5: 2e5bcea622faca44fa175918d5cc256b
SHA1: 486f797c093590f2fc415145bfddaa43fd5db6bf
Referenced In Project/Scope: eXo PLF:: Commons - API:compile

Identifiers

  • cpe: cpe:/a:ws_project:ws:6.0.20191006   Confidence:Low   
  • maven: org.exoplatform.ws:exo.ws.rest.core:6.0.x-SNAPSHOT   Confidence:High

jsr250-api-1.0.jar

Description: JSR-250 Reference Implementation by Glassfish

License:

COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0: https://glassfish.dev.java.net/public/CDDLv1.0.html
File Path: /home/ciagent/.m2/repository/javax/annotation/jsr250-api/1.0/jsr250-api-1.0.jar
MD5: 4cd56b2e4977e541186de69f5126b4a6
SHA1: 5025422767732a1ab45d93abfea846513d742dcf
Referenced In Project/Scope: eXo PLF:: Commons - API:compile

Identifiers

exo.jcr.component.ext-6.0.x-SNAPSHOT.jar

Description: Implementation of Extension Service of Exoplatform SAS 'eXo JCR' project.

File Path: /home/ciagent/.m2/repository/org/exoplatform/jcr/exo.jcr.component.ext/6.0.x-SNAPSHOT/exo.jcr.component.ext-6.0.x-SNAPSHOT.jar
MD5: d7555e7a04b45fcef490c3658f111ec9
SHA1: 2d17b07d4fc4f5f655b07a2103fdb18796674ebb
Referenced In Project/Scope: eXo PLF:: Commons - API:compile

Identifiers

  • maven: org.exoplatform.jcr:exo.jcr.component.ext:6.0.x-SNAPSHOT   Confidence:High

mime-util-2.1.3.jar

Description: mime-util is a simple to use, small, light weight and fast open source java utility library that can detect MIME types from files, input streams, URL's and byte arrays. Due to the use of regular expressions and the java.nio packages it requires at least Java 1.4.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/eu/medsea/mimeutil/mime-util/2.1.3/mime-util-2.1.3.jar
MD5: 3d4f3e1a96eb79683197f1c8b182f4a6
SHA1: 0c9cfae15c74f62491d4f28def0dff1dabe52a47
Referenced In Project/Scope: eXo PLF:: Commons - API:compile

Identifiers

jakarta-regexp-1.4.jar

File Path: /home/ciagent/.m2/repository/jakarta-regexp/jakarta-regexp/1.4/jakarta-regexp-1.4.jar
MD5: 5d8b8c601c21b37aa6142d38f45c0297
SHA1: 0ea514a179ac1dd7e81c7e6594468b9b9910d298
Referenced In Project/Scope: eXo PLF:: Commons - API:compile

Identifiers

xpp3-1.1.6.jar

Description: XML Pull parser library developed by Extreme Computing Lab, Indiana University

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/org/ogce/xpp3/1.1.6/xpp3-1.1.6.jar
MD5: 626a429318310e92e3466151e050bdc5
SHA1: dc87e00ddb69341b46a3eb1c331c6fcebf6c8546
Referenced In Project/Scope: eXo PLF:: Commons - API:compile

Identifiers

jcl-over-slf4j-1.7.18.jar

Description: JCL 1.1.1 implemented over SLF4J

File Path: /home/ciagent/.m2/repository/org/slf4j/jcl-over-slf4j/1.7.18/jcl-over-slf4j-1.7.18.jar
MD5: 86c8f80da62e4640564effb9dff7e003
SHA1: eca71be00af2579564e9f3a23ce0b245ca79ee5d
Referenced In Project/Scope: eXo PLF:: Commons - API:compile

Identifiers

exo.kernel.commons-6.0.x-SNAPSHOT.jar

Description: Implementation of Commons Utils of Exoplatform SAS 'eXo Kernel' project.

File Path: /home/ciagent/.m2/repository/org/exoplatform/kernel/exo.kernel.commons/6.0.x-SNAPSHOT/exo.kernel.commons-6.0.x-SNAPSHOT.jar
MD5: 5c3577b09853d32650dda0412414cb4f
SHA1: 54663dc1cf7b231bc574a3388a1f817875dec4e0
Referenced In Project/Scope: eXo PLF:: Commons - API:compile

Identifiers

  • maven: org.exoplatform.kernel:exo.kernel.commons:6.0.x-SNAPSHOT   Confidence:High

javax.servlet-api-3.0.1.jar

Description: Java.net - The Source for Java Technology Collaboration

License:

CDDL + GPLv2 with classpath exception: https://glassfish.dev.java.net/nonav/public/CDDL+GPL.html
File Path: /home/ciagent/.m2/repository/javax/servlet/javax.servlet-api/3.0.1/javax.servlet-api-3.0.1.jar
MD5: 3ef236ac4c24850cd54abff60be25f35
SHA1: 6bf0ebb7efd993e222fc1112377b5e92a13b38dd
Referenced In Project/Scope: eXo PLF:: Commons - API:provided

Identifiers

commons-beanutils-1.8.3.jar

Description: BeanUtils provides an easy-to-use but flexible wrapper around reflection and introspection.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/commons-beanutils/commons-beanutils/1.8.3/commons-beanutils-1.8.3.jar
MD5: b45be74134796c89db7126083129532f
SHA1: 686ef3410bcf4ab8ce7fd0b899e832aaba5facf7
Referenced In Project/Scope: eXo PLF:: Commons - API:compile

Identifiers

CVE-2014-0114  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-20 Improper Input Validation

Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1.

Vulnerable Software & Versions: (show all)

CVE-2019-10086  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data

In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.

Vulnerable Software & Versions:

common-common-2.2.2.Final.jar

File Path: /home/ciagent/.m2/repository/org/gatein/common/common-common/2.2.2.Final/common-common-2.2.2.Final.jar
MD5: 8ce16b5e3991285cd27e553740d09d1f
SHA1: 44522d899e31a5a10dbd70f7b0ca2fe5a614f740
Referenced In Project/Scope: eXo PLF:: Commons - API:compile

Identifiers

wci-wci-6.0.x-SNAPSHOT.jar

File Path: /home/ciagent/.m2/repository/org/exoplatform/gatein/wci/wci-wci/6.0.x-SNAPSHOT/wci-wci-6.0.x-SNAPSHOT.jar
MD5: 07e6bc22ee34629793d7f236bc178790
SHA1: ba1b3c6ef37118a93dd9c81a92029cc0c9aea0a9
Referenced In Project/Scope: eXo PLF:: Commons - API:compile

Identifiers

  • maven: org.exoplatform.gatein.wci:wci-wci:6.0.x-SNAPSHOT   Confidence:High

jibx-run-1.2.6.jar

Description: JiBX runtime code

License:

http://jibx.sourceforge.net/jibx-license.html
File Path: /home/ciagent/.m2/repository/org/jibx/jibx-run/1.2.6/jibx-run-1.2.6.jar
MD5: 4ef53e4279c8440aff2d16c0af024231
SHA1: 544f3ac7887d7eed20ca0420ee1963df6c7ecebb
Referenced In Project/Scope: eXo PLF:: Commons - API:compile

Identifiers

javax.inject-1.jar

Description: The javax.inject API

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/javax/inject/javax.inject/1/javax.inject-1.jar
MD5: 289075e48b909e9e74e6c915b3631d2e
SHA1: 6975da39a7040257bd51d21a231b76c915872d38
Referenced In Project/Scope: eXo PLF:: Commons - API:compile

Identifiers

cdi-api-1.0-SP4.jar

Description: APIs for JSR-299: Contexts and Dependency Injection for Java EE

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.html
File Path: /home/ciagent/.m2/repository/javax/enterprise/cdi-api/1.0-SP4/cdi-api-1.0-SP4.jar
MD5: 6c1e2b4036d64b6ba1a1136a00c7cdaa
SHA1: 6e38490033eb8b36c4cf1f7605163424a574dcf0
Referenced In Project/Scope: eXo PLF:: Commons - API:compile

Identifiers

exo.kernel.container-6.0.x-SNAPSHOT.jar

Description: Implementation of Container for Exoplatform SAS 'eXo Kernel' project.

File Path: /home/ciagent/.m2/repository/org/exoplatform/kernel/exo.kernel.container/6.0.x-SNAPSHOT/exo.kernel.container-6.0.x-SNAPSHOT.jar
MD5: 5ccfd8aac148ce1e486a3b2e11e44a0c
SHA1: 6c40e6b14e5a8acc22c1626be5b236bd61359eb2
Referenced In Project/Scope: eXo PLF:: Commons - API:compile

Identifiers

  • maven: org.exoplatform.kernel:exo.kernel.container:6.0.x-SNAPSHOT   Confidence:High

log4j-1.2.17.jar

Description: Apache Log4j 1.2

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/log4j/log4j/1.2.17/log4j-1.2.17.jar
MD5: 04a41f0a068986f0f73485cf507c0f40
SHA1: 5af35056b4d257e4b64b9e8069c0746e8b08629f
Referenced In Project/Scope: eXo PLF:: Commons - API:compile

Identifiers

CVE-2017-5645  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data

In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.

Vulnerable Software & Versions: (show all)

stax-api-1.0-2.jar

Description:  StAX is a standard XML processing API that allows you to stream XML data from and to your application.

License:

GNU General Public Library: http://www.gnu.org/licenses/gpl.txt
COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0: http://www.sun.com/cddl/cddl.html
File Path: /home/ciagent/.m2/repository/javax/xml/stream/stax-api/1.0-2/stax-api-1.0-2.jar
MD5: 7d18b63063580284c3f5734081fdc99f
SHA1: d6337b0de8b25e53e81b922352fbea9f9f57ba0b
Referenced In Project/Scope: eXo PLF:: Commons - API:compile

Identifiers

activation-1.1.1.jar

Description: The JavaBeans(TM) Activation Framework is used by the JavaMail(TM) API to manage MIME data

License:

COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0: https://glassfish.dev.java.net/public/CDDLv1.0.html
File Path: /home/ciagent/.m2/repository/javax/activation/activation/1.1.1/activation-1.1.1.jar
MD5: 46a37512971d8eca81c3fcf245bf07d2
SHA1: 485de3a253e23f645037828c07f1d7f1af40763a
Referenced In Project/Scope: eXo PLF:: Commons - API:compile

Identifiers

jaxb-api-2.1.jar

File Path: /home/ciagent/.m2/repository/javax/xml/bind/jaxb-api/2.1/jaxb-api-2.1.jar
MD5: 9534ce6506dc96bac3944423d804be30
SHA1: d68570e722cffe2000358ce9c661a0b0bf1ebe11
Referenced In Project/Scope: eXo PLF:: Commons - API:compile

Identifiers

jaxb-impl-2.1.8.jar

File Path: /home/ciagent/.m2/repository/com/sun/xml/bind/jaxb-impl/2.1.8/jaxb-impl-2.1.8.jar
MD5: 1340264c75ea00b3d4d83e1ba57b606a
SHA1: 41b915446cb6962f9b403d1a5da3817a95ee579e
Referenced In Project/Scope: eXo PLF:: Commons - API:compile

Identifiers

picketlink-idm-core-1.4.6.Final.jar

Description: PicketLink IDM IMPL contains the implementation of the API and the Identity Model.

License:

lgpl: http://repository.jboss.com/licenses/lgpl.txt
File Path: /home/ciagent/.m2/repository/org/picketlink/idm/picketlink-idm-core/1.4.6.Final/picketlink-idm-core-1.4.6.Final.jar
MD5: a5c21c2186c186bc296d9909bcb11616
SHA1: 30d4385012393e4c50a82f8b84153eb6ee301a7d
Referenced In Project/Scope: eXo PLF:: Commons - API:compile

Identifiers

CVE-2015-0277  

Severity: Medium
CVSS Score: 6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P)
CWE: CWE-284 Improper Access Control

The Service Provider (SP) in PicketLink before 2.7.0 does not ensure that it is a member of an Audience element when an AudienceRestriction is specified, which allows remote attackers to log in to other users' accounts via a crafted SAML assertion. NOTE: this identifier has been SPLIT per ADT2 due to different vulnerability types. See CVE-2015-6254 for lack of validation for the Destination attribute in a Response element in a SAML assertion.

Vulnerable Software & Versions:

CVE-2015-3158  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:P/I:N/A:N)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The invokeNextValve function in identity/federation/bindings/tomcat/idp/AbstractIDPValve.java in PicketLink before 2.8.0.Beta1 does not properly check role based authorization, which allows remote authenticated users to gain access to restricted application resources via a (1) direct request or (2) request through an SP initiated flow.

Vulnerable Software & Versions:

CVE-2015-6254  

Severity: Medium
CVSS Score: 6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P)
CWE: CWE-17 Code

The (1) Service Provider (SP) and (2) Identity Provider (IdP) in PicketLink before 2.7.0 does not ensure that the Destination attribute in a Response element in a SAML assertion matches the location from which the message was received, which allows remote attackers to have unspecified impact via unknown vectors. NOTE: this identifier was SPLIT from CVE-2015-0277 per ADT2 due to different vulnerability types.

Vulnerable Software & Versions:

jackson-core-2.9.8.jar

Description: Core Jackson processing abstractions (aka Streaming API), implementation for JSON

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.9.8/jackson-core-2.9.8.jar
MD5: 65831e4f46f29db904708e4b9cc72843
SHA1: 0f5a654e4675769c716e5b387830d19b501ca191
Referenced In Project/Scope: eXo PLF:: Commons - API:compile

Identifiers

jackson-databind-2.9.8.jar

Description: General data-binding functionality for Jackson: works on core streaming API

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/ciagent/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.9.8/jackson-databind-2.9.8.jar
MD5: 39271d9bb1cb7ec563925953b1fa9ff7
SHA1: 11283f21cc480aa86c4df7a0a3243ec508372ed2
Referenced In Project/Scope: eXo PLF:: Commons - API:compile

Identifiers

CVE-2019-12086  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint, the service has the mysql-connector-java jar (8.0.14 or earlier) in the classpath, and an attacker can host a crafted MySQL server reachable by the victim, an attacker can send a crafted JSON message that allows them to read arbitrary local files on the server. This occurs because of missing com.mysql.cj.jdbc.admin.MiniAdmin validation.

Vulnerable Software & Versions: (show all)

CVE-2019-12384  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-502 Deserialization of Untrusted Data

FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. Depending on the classpath content, remote code execution may be possible.

Vulnerable Software & Versions: (show all)

CVE-2019-12814  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has JDOM 1.x or 2.x jar in the classpath, an attacker can send a specifically crafted JSON message that allows them to read arbitrary local files on the server.

Vulnerable Software & Versions: (show all)

CVE-2019-14379  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-20 Improper Input Validation

SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution.

Vulnerable Software & Versions: (show all)

CVE-2019-14439  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the logback jar in the classpath.

Vulnerable Software & Versions: (show all)

CVE-2019-14540  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-20 Improper Input Validation

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.

Vulnerable Software & Versions: (show all)

CVE-2019-16335  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-20 Improper Input Validation

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540.

Vulnerable Software & Versions: (show all)